[oe-commits] David-John Willis : sudo: Add 1.7. 2p1 and enable PAM support by default in newer sudo builds.

git version control git at git.openembedded.org
Tue Nov 24 20:21:40 UTC 2009 

Module: openembedded.git
Branch: martin_jansa/srcpv
Commit: 873c8d85d639b4996e4613d1a85b819d98c5f2be
URL:    http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=873c8d85d639b4996e4613d1a85b819d98c5f2be

Author: David-John Willis <John.Willis at Distant-earth.com>
Date:   Mon Nov  9 21:32:46 2009 +0000

sudo: Add 1.7.2p1 and enable PAM support by default in newer sudo builds.
sudo.inc: Tweak include to support newer sudo versions.
* Apply in addition to earlier sudo recipe bumps.
* Tweak pam.d config file for sudo and add a (WIP) recipe for turning on support for the wheel group.
* Update pam.d service file to suggested upstream Linux-PAM layout.

---

 conf/checksums.ini                      |    4 ++++
 recipes/sudo/files/sudo.pamd            |    7 +++++++
 recipes/sudo/sudo-enable-wheel-group.bb |   20 ++++++++++++++++++++
 recipes/sudo/sudo.inc                   |   23 +++++++++++++++++------
 recipes/sudo/sudo_1.7.2p1.bb            |   19 +++++++++++++++++++
 5 files changed, 67 insertions(+), 6 deletions(-)

diff --git a/conf/checksums.ini b/conf/checksums.ini
index fa8d4b9..a2878ce 100644
--- a/conf/checksums.ini
+++ b/conf/checksums.ini
@@ -24898,6 +24898,10 @@ sha256=64331bda459e984b8d369b449eec89daa2f3cd288186f1d2a9ad8011badd4dad
 md5=b29893c06192df6230dd5f340f3badf5
 sha256=56f7d86032538a4a98d90af3742903a09ba16d6db82b593e4a47605f87fa581a
 
+[http://ftp.sudo.ws/sudo/dist/sudo-1.7.2p1.tar.gz]
+md5=4449d466a774f5ce401c9c0e3866c026
+sha256=34d11a1dd8bace0885f55b4c8bddda1da29993ff8d7174099e25bd80db1eaf7f
+
 [http://dev.laptop.org/pub/sugar/sources/sugar/sugar-0.82.0.tar.bz2]
 md5=1f26fa4aee57469a0636a70649343fb3
 sha256=ca4c614e09371a986ca5d86065fc697f7eb07b2064a6a2cad541755df0135883
diff --git a/recipes/sudo/files/sudo.pamd b/recipes/sudo/files/sudo.pamd
new file mode 100644
index 0000000..c22c794
--- /dev/null
+++ b/recipes/sudo/files/sudo.pamd
@@ -0,0 +1,7 @@
+#%PAM-1.0
+
+auth       include      common-auth
+account    include      common-account
+
+session required pam_permit.so
+session required pam_limits.so
diff --git a/recipes/sudo/sudo-enable-wheel-group.bb b/recipes/sudo/sudo-enable-wheel-group.bb
new file mode 100644
index 0000000..b281ddb
--- /dev/null
+++ b/recipes/sudo/sudo-enable-wheel-group.bb
@@ -0,0 +1,20 @@
+PR = "r0"
+
+RDEPENDS = "sudo"
+
+ALLOW_EMPTY_${PN} = "1"
+PACKAGE_ARCH = "all"
+
+# Edit sudoers to allow the use of the wheel group and non root users to mount/shutdown etc.
+# Please consider this when using.
+
+pkg_postinst() {
+#!/bin/sh
+mkdir -p $D${sysconfdir}/
+touch $D${sysconfdir}/sudoers
+sed -i /# %wheel/d $D${sysconfdir}/sudoers
+echo '%wheel	ALL=(ALL) ALL' >> $D${sysconfdir}/sudoers
+sed -i /# %users/d $D${sysconfdir}/sudoers
+echo '%users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom' >> $D${sysconfdir}/sudoers
+echo '%users  localhost=/sbin/shutdown -h now' >> $D${sysconfdir}/sudoers
+}
diff --git a/recipes/sudo/sudo.inc b/recipes/sudo/sudo.inc
index 0dfb22b..2bb0d72 100644
--- a/recipes/sudo/sudo.inc
+++ b/recipes/sudo/sudo.inc
@@ -3,19 +3,30 @@ administrator to give certain users (or groups of \
 users) the ability to run some (or all) commands \
 as root while logging all commands and arguments."
 LICENSE = "sudo"
-HOMEPAGE = "http://www.courtesan.com/sudo/"
+HOMEPAGE = "http://www.sudo.ws/"
 PRIORITY = "optional"
 SECTION = "admin"
 
 inherit autotools
 
-EXTRA_OECONF = "--with-editor=/bin/vi --with-env-editor"
+EXTRA_OECONF += "--with-editor=/bin/vi --with-env-editor --with-all-insults "
 
 do_configure_prepend () {
-	rm -f acsite.m4
-	if [ ! -e acinclude.m4 ]; then
-		cat aclocal.m4 > acinclude.m4
-	fi
+  # Make sure the build does not get clever.
+  export sudo_cv_uid_t_len=10
+  export sudo_cv_func_unsetenv_void=no
+
+  # Prevent binaries from being stripped.
+  sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in
+
+  rm -f acsite.m4
+  if [ ! -e acinclude.m4 ]; then
+    cat aclocal.m4 > acinclude.m4
+  fi
+}
+
+do_configure() { 
+   oe_runconf
 }
 
 pkg_postinst() {
diff --git a/recipes/sudo/sudo_1.7.2p1.bb b/recipes/sudo/sudo_1.7.2p1.bb
new file mode 100644
index 0000000..bfa8afe
--- /dev/null
+++ b/recipes/sudo/sudo_1.7.2p1.bb
@@ -0,0 +1,19 @@
+PR = "r3"
+
+DEPENDS = "libpam"
+RDEPENDS = "libpam libpam-meta"
+
+SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
+  file://sudo.pamd \
+"
+
+EXTRA_OECONF += " --with-pam "
+
+require sudo.inc
+
+# Do in the recipe not the common inc as not all SUDO recipes want PAM support.
+
+do_install_append() {
+  install -d ${D}${sysconfdir}/pam.d/  
+  install -m 0644 ${WORKDIR}/sudo.pamd ${D}${sysconfdir}/pam.d/sudo 
+}

More information about the Openembedded-commits mailing list