From 5f021a3018e5c82887b7b2a1f9e17db33260f04f Mon Sep 17 00:00:00 2001 From: Nafis Date: Wed, 27 May 2026 15:49:53 +0600 Subject: [PATCH] New package: sudo-rs-0.2.13 --- srcpkgs/sudo-rs/INSTALL | 13 ++++++ srcpkgs/sudo-rs/REMOVE | 12 +++++ srcpkgs/sudo-rs/files/sudo.pam | 4 ++ srcpkgs/sudo-rs/files/sudoers.example | 47 ++++++++++++++++++++ srcpkgs/sudo-rs/template | 63 +++++++++++++++++++++++++++ 5 files changed, 139 insertions(+) create mode 100644 srcpkgs/sudo-rs/INSTALL create mode 100644 srcpkgs/sudo-rs/REMOVE create mode 100644 srcpkgs/sudo-rs/files/sudo.pam create mode 100644 srcpkgs/sudo-rs/files/sudoers.example create mode 100644 srcpkgs/sudo-rs/template diff --git a/srcpkgs/sudo-rs/INSTALL b/srcpkgs/sudo-rs/INSTALL new file mode 100644 index 00000000000000..6150aed7d14b1f --- /dev/null +++ b/srcpkgs/sudo-rs/INSTALL @@ -0,0 +1,13 @@ +# +# This script sets up correct perms for /etc/sudoers. +# +case "${ACTION}" in +post) + if [ -f etc/sudoers ]; then + echo "Setting up permissions to /etc/sudoers..." + chmod 0440 etc/sudoers + fi + [ ! -d etc/sudoers.d ] && install -d etc/sudoers.d + [ ! -d var/db/sudo ] && install -dm750 var/db/sudo + ;; +esac diff --git a/srcpkgs/sudo-rs/REMOVE b/srcpkgs/sudo-rs/REMOVE new file mode 100644 index 00000000000000..1ce15c7d4c0144 --- /dev/null +++ b/srcpkgs/sudo-rs/REMOVE @@ -0,0 +1,12 @@ +# +# This script fragment removes etc/sudoers.d at post remove time +# and only if it's empty. +# +case "${ACTION}" in +post) + [ -d etc/sudoers.d ] && rmdir etc/sudoers.d 2>/dev/null + ;; +purge) + [ -d var/db/sudo ] && rm -rf var/db/sudo + ;; +esac diff --git a/srcpkgs/sudo-rs/files/sudo.pam b/srcpkgs/sudo-rs/files/sudo.pam new file mode 100644 index 00000000000000..d8eb16d0af003a --- /dev/null +++ b/srcpkgs/sudo-rs/files/sudo.pam @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth include system-auth +account include system-auth +session include system-auth diff --git a/srcpkgs/sudo-rs/files/sudoers.example b/srcpkgs/sudo-rs/files/sudoers.example new file mode 100644 index 00000000000000..c89443286185d6 --- /dev/null +++ b/srcpkgs/sudo-rs/files/sudoers.example @@ -0,0 +1,47 @@ +## sudoers file. +## +## This file SHOULD be edited with the 'visudo' command as root. +## Failure to use 'visudo' may result in syntax or file permission errors +## that prevent sudo from running. +## +## See the sudoers man page for the details on how to write a sudoers file. + +## Defaults specification +## +## Preserve editor environment variables for visudo. +## To preserve these for all commands, remove the "!visudo" qualifier. +Defaults!/usr/sbin/visudo env_keep += "SUDO_EDITOR EDITOR VISUAL" +## +## Use a hard-coded PATH instead of the user's to find commands. +## This also helps prevent poorly written scripts from running +## arbitrary commands under sudo. +Defaults secure_path="/usr/sbin:/usr/bin:/usr/sbin:/usr/bin:/sbin:/bin" +## +## Uncomment this to allow commands run by sudo to see the +## environment variables set by sshd(8). +# Defaults env_keep += "SSH_*" +## +## Uncomment to disable "use_pty" when running commands as root. +## Commands run as non-root users will run in a pseudo-terminal, +## not the user's own terminal, to prevent command injection. +# Defaults>root !use_pty +## +## Uncomment if the historical silent password prompt is desired +# Defaults !pwfeedback + +### User privilege specifications + +## Allow root to execute any command +root ALL=(ALL:ALL) ALL + +## Allow members of group wheel to execute any command +# %wheel ALL=(ALL:ALL) ALL + +## Same thing without a password +# %wheel ALL=(ALL:ALL) NOPASSWD: ALL + +## Allow members of group sudo to execute any command +# %sudo ALL=(ALL:ALL) ALL + +## Read drop-in files from /etc/sudoers.d +@includedir /etc/sudoers.d diff --git a/srcpkgs/sudo-rs/template b/srcpkgs/sudo-rs/template new file mode 100644 index 00000000000000..59a80d3c009dec --- /dev/null +++ b/srcpkgs/sudo-rs/template @@ -0,0 +1,63 @@ +# Template file for 'sudo-rs' +pkgname=sudo-rs +version=0.2.13 +revision=1 +build_style=cargo +make_build_args="--bin sudo --bin visudo --features gettext" +make_install_args="--path . --bin sudo --bin visudo --features gettext" +hostmakedepends="gettext pkg-config" +makedepends="pam-devel" +short_desc="Memory-safe implementation of sudo" +maintainer="Nafis " +license="Apache-2.0 OR MIT" +homepage="https://github.com/trifectatechfoundation/sudo-rs" +distfiles="${homepage}/archive/refs/tags/v${version}.tar.gz" +checksum=79becefc504d14ffccc7cab18d42f8d892e78b2d13d9c5bb887c5f02a2721eaf +conf_files="/etc/pam.d/sudo /etc/sudoers" +conflicts="sudo" +replaces="sudo>=0" + +make_check=no # tests fail in chroot + +# Failed tests: +# common::context::tests::test_build_run_context +# common::resolve::test::canonicalization +# su::context::tests::invalid_shell +# sudo::env::environment::tests::test_tzinfo +# system::audit::test::secure_open_is_predictable +# system::audit::test::test_traverse_secure_open_negative +# system::audit::test::test_traverse_secure_open_positive +# system::interface::test::test_unix_user +# system::tests::test_get_user_and_group_by_id + +post_install() { + # Install man pages + vman docs/man/sudo.8.man sudo.8 + vman docs/man/sudoers.5.man sudoers.5 + vman docs/man/visudo.8.man visudo.8 + + # Install sudoers and PAM config + vinstall ${FILESDIR}/sudoers.example 440 etc sudoers + vinstall ${FILESDIR}/sudoers.example 664 usr/share/examples/sudo-rs + vinstall ${FILESDIR}/sudo.pam 644 etc/pam.d sudo + + # Set setuid permission on sudo binary + chmod 4755 ${DESTDIR}/usr/bin/sudo + + # Create sudoedit symlink pointing to sudo + ln -s sudo ${DESTDIR}/usr/bin/sudoedit + ln -s sudo.8 ${DESTDIR}/usr/share/man/man8/sudoedit.8 + + # Install translations + for po in po/*.po; do + if [ -f "${po}" ]; then + lang=$(basename "${po}" .po) + dir="${DESTDIR}/usr/share/locale/${lang}/LC_MESSAGES" + install -d "${dir}" + msgfmt -o "${dir}/sudo-rs.mo" "${po}" + fi + done + + vlicense LICENSE-APACHE + vlicense LICENSE-MIT +}