New package: sudo-rs-0.2.13

Author: mnabid

srcpkgs/sudo-rs/INSTALL

@@ -0,0 +1,13 @@
+#
+# This script sets up correct perms for /etc/sudoers.
+#
+case "${ACTION}" in
+post)
+	if [ -f etc/sudoers ]; then
+		echo "Setting up permissions to /etc/sudoers..."
+		chmod 0440 etc/sudoers
+	fi
+	[ ! -d etc/sudoers.d ] && install -d etc/sudoers.d
+	[ ! -d var/db/sudo ] && install -dm750 var/db/sudo
+	;;
+esac

srcpkgs/sudo-rs/REMOVE

@@ -0,0 +1,12 @@
+#
+# This script fragment removes etc/sudoers.d at post remove time
+# and only if it's empty.
+#
+case "${ACTION}" in
+post)
+	[ -d etc/sudoers.d ] && rmdir etc/sudoers.d 2>/dev/null
+	;;
+purge)
+	[ -d var/db/sudo ] && rm -rf var/db/sudo
+	;;
+esac

srcpkgs/sudo-rs/files/sudo.pam

@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth 		include 	system-auth
+account 	include 	system-auth
+session 	include 	system-auth

srcpkgs/sudo-rs/files/sudoers.example

@@ -0,0 +1,47 @@
+## sudoers file.
+##
+## This file SHOULD be edited with the 'visudo' command as root.
+## Failure to use 'visudo' may result in syntax or file permission errors
+## that prevent sudo from running.
+##
+## See the sudoers man page for the details on how to write a sudoers file.
+
+## Defaults specification
+##
+## Preserve editor environment variables for visudo.
+## To preserve these for all commands, remove the "!visudo" qualifier.
+Defaults!/usr/sbin/visudo env_keep += "SUDO_EDITOR EDITOR VISUAL"
+##
+## Use a hard-coded PATH instead of the user's to find commands.
+## This also helps prevent poorly written scripts from running
+## arbitrary commands under sudo.
+Defaults secure_path="/usr/sbin:/usr/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+##
+## Uncomment this to allow commands run by sudo to see the
+## environment variables set by sshd(8).
+# Defaults env_keep += "SSH_*"
+##
+## Uncomment to disable "use_pty" when running commands as root.
+## Commands run as non-root users will run in a pseudo-terminal,
+## not the user's own terminal, to prevent command injection.
+# Defaults>root !use_pty
+##
+## Uncomment if the historical silent password prompt is desired
+# Defaults !pwfeedback
+
+### User privilege specifications
+
+## Allow root to execute any command
+root ALL=(ALL:ALL) ALL
+
+## Allow members of group wheel to execute any command
+# %wheel ALL=(ALL:ALL) ALL
+
+## Same thing without a password
+# %wheel ALL=(ALL:ALL) NOPASSWD: ALL
+
+## Allow members of group sudo to execute any command
+# %sudo ALL=(ALL:ALL) ALL
+
+## Read drop-in files from /etc/sudoers.d
+@includedir /etc/sudoers.d

srcpkgs/sudo-rs/template

@@ -0,0 +1,63 @@
+# Template file for 'sudo-rs'
+pkgname=sudo-rs
+version=0.2.13
+revision=1
+build_style=cargo
+make_build_args="--bin sudo --bin visudo --features gettext"
+make_install_args="--path . --bin sudo --bin visudo --features gettext"
+hostmakedepends="gettext pkg-config"
+makedepends="pam-devel"
+short_desc="Memory-safe implementation of sudo"
+maintainer="Nafis <mnabid.25@outlook.com>"
+license="Apache-2.0 OR MIT"
+homepage="https://github.com/trifectatechfoundation/sudo-rs"
+distfiles="${homepage}/archive/refs/tags/v${version}.tar.gz"
+checksum=79becefc504d14ffccc7cab18d42f8d892e78b2d13d9c5bb887c5f02a2721eaf
+conf_files="/etc/pam.d/sudo /etc/sudoers"
+conflicts="sudo"
+replaces="sudo>=0"
+
+make_check=no # tests fail in chroot
+
+# Failed tests:
+#  common::context::tests::test_build_run_context
+#  common::resolve::test::canonicalization
+#  su::context::tests::invalid_shell
+#  sudo::env::environment::tests::test_tzinfo
+#  system::audit::test::secure_open_is_predictable
+#  system::audit::test::test_traverse_secure_open_negative
+#  system::audit::test::test_traverse_secure_open_positive
+#  system::interface::test::test_unix_user
+#  system::tests::test_get_user_and_group_by_id
+
+post_install() {
+	# Install man pages
+	vman docs/man/sudo.8.man sudo.8
+	vman docs/man/sudoers.5.man sudoers.5
+	vman docs/man/visudo.8.man visudo.8
+
+	# Install sudoers and PAM config
+	vinstall ${FILESDIR}/sudoers.example 440 etc sudoers
+	vinstall ${FILESDIR}/sudoers.example 664 usr/share/examples/sudo-rs
+	vinstall ${FILESDIR}/sudo.pam 644 etc/pam.d sudo
+
+	# Set setuid permission on sudo binary
+	chmod 4755 ${DESTDIR}/usr/bin/sudo
+
+	# Create sudoedit symlink pointing to sudo
+	ln -s sudo ${DESTDIR}/usr/bin/sudoedit
+	ln -s sudo.8 ${DESTDIR}/usr/share/man/man8/sudoedit.8
+
+	# Install translations
+	for po in po/*.po; do
+		if [ -f "${po}" ]; then
+			lang=$(basename "${po}" .po)
+			dir="${DESTDIR}/usr/share/locale/${lang}/LC_MESSAGES"
+			install -d "${dir}"
+			msgfmt -o "${dir}/sudo-rs.mo" "${po}"
+		fi
+	done
+
+	vlicense LICENSE-APACHE
+	vlicense LICENSE-MIT
+}