From nobody Tue Jun 20 11:29:39 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qlktq682jz4gKgQ; Tue, 20 Jun 2023 11:29:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qlktq5dMFz43C9; Tue, 20 Jun 2023 11:29:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687260579; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5TEV9UwR8JxCt6wmJHLT7VCP0I8EvL6mPyjKUMGf0Ew=; b=ZsEtdJR2O0TSZZBjAihF/S5WbZhjjuJ5HRmODJsKhvjrZofd2iG0OVA0+jDlszeb8o4n2z 9HgmvRtNyoAvVErvZVT9OzMp2uiUQxJeawthGFXdcxqgXKrI15/s8bkcx/5HRr0ztiWUsx qKotJzPaiiOoHcViUc3NYQ9AqaldgABIzrepcNS98VOJ8+JvUGp9ALQnDxrV9Pq/Fpw5Az lkzpc/hieL7N0MxoVBIWFL0hZUUCCIFU5HbUJIGuv2Q58E7zPtTQ3KvvfNLvtleEPnagIq 3KwTdW2XRfOxh8JoxuqtATzzv0jnXUNqemAMbkz7kqCo2HY1LnhBDntgo2n6ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687260579; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5TEV9UwR8JxCt6wmJHLT7VCP0I8EvL6mPyjKUMGf0Ew=; b=rlQ2OMcrwpKz9c/AkMcWFh2eRUArU9N3gRnn8XxfWbiEmRQ5393IYOkPNFwUnyZTFi31xP AS94nfc2aJJ05dr//TfyqeqfVqKpTGuAQ/5RwMR3JreERe1fKVhtX4TVSgGU5Y++x7sa/P Kc7cZHyPBL1H8gEt/Ghph7BJCz6YNSuM3N/J36GvfdbzyhyQf27c/gi1T7CGJaJYDtNNcs NmXtMVLeQol9eGOyCgISS9LPxz8Xdb+Rtk/TjWE9EVazhIheEkfsdCeFebVi/jhfO66rSg k4vuKnxLhM9gdCTtWL6czZ+PKRRCrUy1pun5fZhsGSwSJNtxEXsD/i7y2eK/hg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687260579; a=rsa-sha256; cv=none; b=iw5TpIOdVCRCxTyx+ZbAwg+H/M/lCde12tmmxspbKSozO0f5IhEZc4mqdsllc/Y9Z7bkdd WbGqEjXFQe6qiypOAC/33dz0EvMR3+z+g1QRh7ueqQzU53+rGRKXhzJE340Q36RUF3R0GD sq1ejJmFrqs7evbY/P5a+sGa0bd1ovqxueJt27AUvYq+uCIw8rpdPxfCQ3NnPGhDLUcI02 exUULo4jyQmbuh5Oqap49nKXnOgAKwTkjjVfa5kGQTUdT1uDlWau8jhETBpMkKgtiR1dTh 7qg9yROTCpKRIlgN2IJL9KK2NbB7Ob4kar3TqCvch3pO+pr44s114c47mSMLKQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Qlktq4jyMzxPH; Tue, 20 Jun 2023 11:29:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 35KBTdna048875; Tue, 20 Jun 2023 11:29:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 35KBTdKw048874; Tue, 20 Jun 2023 11:29:39 GMT (envelope-from git) Date: Tue, 20 Jun 2023 11:29:39 GMT Message-Id: <202306201129.35KBTdKw048874@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Renato Botelho Subject: git: 0601dee6a236 - main - security/sudo: Pacify portclippy List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: garga X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0601dee6a23677126779a14d03dd8d02dfa9653e Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by garga: URL: https://cgit.FreeBSD.org/ports/commit/?id=0601dee6a23677126779a14d03dd8d02dfa9653e commit 0601dee6a23677126779a14d03dd8d02dfa9653e Author: Renato Botelho AuthorDate: 2023-06-20 11:27:13 +0000 Commit: Renato Botelho CommitDate: 2023-06-20 11:27:53 +0000 security/sudo: Pacify portclippy No functional changes intended Sponsored by: Rubicon Communications, LLC ("Netgate") --- security/sudo/Makefile | 109 ++++++++++++++++++++++++++----------------------- 1 file changed, 57 insertions(+), 52 deletions(-) diff --git a/security/sudo/Makefile b/security/sudo/Makefile index b8b0a5e34e37..dd158ce93c72 100644 --- a/security/sudo/Makefile +++ b/security/sudo/Makefile @@ -16,79 +16,84 @@ USES= cpe libtool CPE_VENDOR= todd_miller USE_LDCONFIG= yes GNU_CONFIGURE= yes -LDFLAGS+= -lgcc - CONFIGURE_ARGS= --sysconfdir=${PREFIX}/etc \ - --with-ignore-dot \ - --with-tty-tickets \ --with-env-editor \ + --with-ignore-dot \ + --with-logfac=${LOGFAC} \ --with-logincap \ --with-long-otp-prompt \ - --with-rundir=/var/run/sudo + --with-rundir=/var/run/sudo \ + --with-tty-tickets +LDFLAGS+= -lgcc -OPTIONS_DEFINE= LDAP INSULTS DISABLE_ROOT_SUDO DISABLE_AUTH NOARGS_SHELL \ - AUDIT OPIE PAM PYTHON NLS SSSD DOCS EXAMPLES -OPTIONS_RADIO= KERBEROS +OPTIONS_DEFINE= AUDIT DISABLE_AUTH DISABLE_ROOT_SUDO DOCS EXAMPLES \ + INSULTS LDAP NLS NOARGS_SHELL OPIE PAM PYTHON SSSD OPTIONS_DEFAULT= AUDIT PAM -OPTIONS_SUB= yes +OPTIONS_RADIO= KERBEROS +OPTIONS_RADIO_KERBEROS= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +OPTIONS_SUB= yes -INSULTS_DESC= Enable insults on failures -DISABLE_ROOT_SUDO_DESC= Do not allow root to run sudo +AUDIT_DESC= Enable BSM audit support DISABLE_AUTH_DESC= Do not require authentication by default +DISABLE_ROOT_SUDO_DESC= Do not allow root to run sudo +INSULTS_DESC= Enable insults on failures +KERBEROS_DESC= Enable Kerberos 5 authentication (no PAM support) NOARGS_SHELL_DESC= Run a shell if no arguments are given -AUDIT_DESC= Enable BSM audit support -KERBEROS_DESC= Enable Kerberos 5 authentication (no PAM support) -OPIE_DESC= Enable one-time passwords (no PAM support) -PYTHON_DESC= Enable python plugin support -SSSD_DESC= Enable SSSD backend support. +OPIE_DESC= Enable one-time passwords (no PAM support) +PYTHON_DESC= Enable python plugin support +SSSD_DESC= Enable SSSD backend support. -PAM_PREVENTS= OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT -PAM_PREVENTS_MSG= PAM cannot be combined with any other authentication plugin +AUDIT_CONFIGURE_WITH= bsm-audit -LOGFAC?= authpriv -CONFIGURE_ARGS+= --with-logfac=${LOGFAC} +DISABLE_AUTH_CONFIGURE_ON= --disable-authentication +DISABLE_ROOT_SUDO_CONFIGURE_ON= --disable-root-sudo -# This is intentionally not an option. -# SUDO_SECURE_PATH is a PATH string that will override the user's PATH. -# ex: make SUDO_SECURE_PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" -.if defined(SUDO_SECURE_PATH) -CONFIGURE_ARGS+= --with-secure-path="${SUDO_SECURE_PATH}" -.endif +GSSAPI_BASE_USES= gssapi +GSSAPI_BASE_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} +GSSAPI_HEIMDAL_USES= gssapi:heimdal +GSSAPI_HEIMDAL_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} +GSSAPI_MIT_USES= gssapi:mit +GSSAPI_MIT_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} -NLS_USES= gettext -NLS_CONFIGURE_ENABLE= nls -NLS_LDFLAGS= -L${LOCALBASE}/lib -lintl -NLS_CFLAGS= -I${LOCALBASE}/include +INSULTS_CONFIGURE_ON= --with-insults --with-all-insults -INSULTS_CONFIGURE_ON= --with-insults -INSULTS_CONFIGURE_ON+= --with-all-insults +LDAP_USES= ldap +LDAP_CONFIGURE_ON= --with-ldap=${PREFIX} \ + --with-ldap-conf-file=${PREFIX}/etc/${SUDO_LDAP_CONF} -LDAP_USES= ldap -LDAP_CONFIGURE_ON= --with-ldap=${PREFIX} -SUDO_LDAP_CONF?= ldap.conf -LDAP_CONFIGURE_ON+= --with-ldap-conf-file=${PREFIX}/etc/${SUDO_LDAP_CONF} +NLS_USES= gettext +NLS_CONFIGURE_ENABLE= nls +NLS_CFLAGS= -I${LOCALBASE}/include +NLS_LDFLAGS= -L${LOCALBASE}/lib -lintl -DISABLE_ROOT_SUDO_CONFIGURE_ON= --disable-root-sudo -DISABLE_AUTH_CONFIGURE_ON= --disable-authentication NOARGS_SHELL_CONFIGURE_ENABLE= noargs-shell -AUDIT_CONFIGURE_WITH= bsm-audit -PAM_CONFIGURE_ON= --with-pam + OPIE_CONFIGURE_ON= --with-opie -PYTHON_USES= python -PYTHON_CONFIGURE_ENABLE= python -SSSD_CONFIGURE_ON= --with-sssd + +PAM_PREVENTS= OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +PAM_PREVENTS_MSG= PAM cannot be combined with any other authentication plugin +PAM_CONFIGURE_ON= --with-pam + +PYTHON_USES= python +PYTHON_CONFIGURE_ENABLE=python + SSSD_RUN_DEPENDS= sssd:security/sssd +SSSD_CONFIGURE_ON= --with-sssd + +LOGFAC?= authpriv +SUDO_LDAP_CONF?= ldap.conf + +# This is intentionally not an option. +# SUDO_SECURE_PATH is a PATH string that will override the user's PATH. +# ex: make SUDO_SECURE_PATH="/sbin:/bin:/usr/sbin:/usr/bin" +.if defined(SUDO_SECURE_PATH) +CONFIGURE_ARGS+= --with-secure-path="${SUDO_SECURE_PATH}" +.endif -OPTIONS_RADIO_KERBEROS= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT -GSSAPI_BASE_USES= gssapi -GSSAPI_BASE_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} -GSSAPI_HEIMDAL_USES= gssapi:heimdal -GSSAPI_HEIMDAL_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} -GSSAPI_MIT_USES= gssapi:mit -GSSAPI_MIT_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} # This is intentionally not an option. -# SUDO_KERB5_INSTANCE is an optional instance string that will be appended to kerberos -# principals when to perform authentication. Common choices are "admin" and "sudo". +# SUDO_KERB5_INSTANCE is an optional instance string that will be appended +# to kerberos principals when to perform authentication. Common choices +# are "admin" and "sudo". .if defined(SUDO_KERB5_INSTANCE) CONFIGURE_ARGS+= --enable-kerb5-instance="${SUDO_KERB5_INSTANCE}" .endif