[crux-commits] ports/contrib (refs/remotes/origin/3.6): doas: initial commit, version 6.3p2

crux at crux.nu crux at crux.nu
Sat Apr 10 19:06:05 UTC 2021


commit 22d0543708d7d335f509e30b9cd6776b85f54ae6
Author: Tim Biermann <tbier at posteo.de>
Date:   Thu Jan 7 12:55:40 2021 +0000

    doas: initial commit, version 6.3p2

diff --git a/doas/.footprint b/doas/.footprint
new file mode 100644
index 000000000..bf1908485
--- /dev/null
+++ b/doas/.footprint
@@ -0,0 +1,13 @@
+drwxr-xr-x	root/root	etc/
+-rw-r--r--	root/root	etc/doas.conf
+drwxr-xr-x	root/root	etc/pam.d/
+-rw-r--r--	root/root	etc/pam.d/doas
+drwxr-xr-x	root/root	usr/
+drwxr-xr-x	root/root	usr/bin/
+-rwsr-xr-x	root/root	usr/bin/doas
+-rwxr-xr-x	root/root	usr/bin/vidoas
+drwxr-xr-x	root/root	usr/man/
+drwxr-xr-x	root/root	usr/man/man1/
+-rw-r--r--	root/root	usr/man/man1/doas.1.gz
+drwxr-xr-x	root/root	usr/man/man5/
+-rw-r--r--	root/root	usr/man/man5/doas.conf.5.gz
diff --git a/doas/.signature b/doas/.signature
new file mode 100644
index 000000000..e4ac3872f
--- /dev/null
+++ b/doas/.signature
@@ -0,0 +1,8 @@
+untrusted comment: verify with /etc/ports/contrib.pub
+RWSagIOpLGJF38HbKlv8xQwDKCD+xblFoM995UiiRmFE6D9UzM6eTQfJP+BEPSmPKHwfdhVUgmJ8xo/m7vtb/GRW9oINOJLMFwc=
+SHA256 (Pkgfile) = 3074d40ad7af0a552c7c381dd5ded481e000136e792bb274fe5399fe987420d4
+SHA256 (.footprint) = 7e3f9a73cf8cdb9ca8359312c942eadbeaac9835ebe6d9eec9222bca2d4068e9
+SHA256 (doas-6.3p2.tar.gz) = 037813a404bfe35289f2c6cb22a8c4de6f636b2a491e546a90d2ae2afa54aa64
+SHA256 (doas-pam) = 8cec7d05c6c04c293ed6639de88abf5bcc99ccf261aab19212d197c53ca62c92
+SHA256 (doas.conf) = 1f28802fad6ae0eaa5b94bb8d945ada923631ddfb7ae63e934962dbe41774976
+SHA256 (Makefile.patch) = 627a97d223365100f378de31786ab3abe337752012830d32adc994a02e46144f
diff --git a/doas/Makefile.patch b/doas/Makefile.patch
new file mode 100644
index 000000000..211e138b5
--- /dev/null
+++ b/doas/Makefile.patch
@@ -0,0 +1,54 @@
+--- src/doas-6.3p2/Makefile	2020-08-07 23:42:52.000000000 +0200
++++ Makefile	2020-08-18 17:14:50.982152763 +0200
+@@ -2,10 +2,10 @@
+ CC?=clang
+ YACC?=yacc
+ BIN=doas
+-PREFIX?=/usr/local
++PREFIX=/usr
+ MANDIR?=$(DESTDIR)$(PREFIX)/man
+-SYSCONFDIR?=$(DESTDIR)$(PREFIX)/etc
+-OBJECTS=doas.o env.o compat/execvpe.o compat/reallocarray.o y.tab.o 
++SYSCONFDIR?=$(DESTDIR)/etc
++OBJECTS=doas.o env.o compat/execvpe.o compat/reallocarray.o y.tab.o
+ OPT?=-O2
+ # Can set GLOBAL_PATH here to set PATH for target user.
+ # TARGETPATH=-DGLOBAL_PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:\"
+@@ -13,32 +13,11 @@
+ CPPFLAGS+=-include compat/compat.h
+ LDFLAGS+=-lpam
+ UNAME_S := $(shell uname -s)
+-ifeq ($(UNAME_S),Linux)
+-    LDFLAGS+=-lpam_misc
+-    CPPFLAGS+=-Icompat
+-    CFLAGS+=-D_GNU_SOURCE
+-    COMPAT+=closefrom.o errc.o getprogname.o setprogname.o strlcat.o strlcpy.o strtonum.o verrc.o
+-    OBJECTS+=$(COMPAT:%.o=compat/%.o)
+-endif
+-ifeq ($(UNAME_S),FreeBSD)
+-    CFLAGS+=-DHAVE_LOGIN_CAP_H
+-    LDFLAGS+=-lutil
+-endif
+-ifeq ($(UNAME_S),SunOS)
+-    SAFE_PATH?=/bin:/sbin:/usr/bin:/usr/sbin:$(PREFIX)/bin:$(PREFIX)/sbin
+-    GLOBAL_PATH?=/bin:/sbin:/usr/bin:/usr/sbin:$(PREFIX)/bin:$(PREFIX)/sbin
+-    CPPFLAGS+=-Icompat
+-    CFLAGS+=-DSOLARIS_PAM -DSAFE_PATH=\"$(SAFE_PATH)\" -DGLOBAL_PATH=\"$(GLOBAL_PATH)\"
+-    COMPAT=errc.o pm_pam_conv.o setresuid.o verrc.o
+-    OBJECTS+=$(COMPAT:%.o=compat/%.o)
+-endif
+-ifeq ($(UNAME_S),Darwin)
+-    CPPFLAGS+=-Icompat
+-    COMPAT+=bsd-closefrom.o
+-    OBJECTS+=$(COMPAT:%.o=compat/%.o)
+-    # On MacOS the default man page path is /usr/local/share/man
+-    MANDIR=$(DESTDIR)$(PREFIX)/share/man
+-endif
++LDFLAGS+=-lpam_misc
++CPPFLAGS+=-Icompat
++CFLAGS+=-D_GNU_SOURCE
++COMPAT+=closefrom.o errc.o getprogname.o setprogname.o strlcat.o strlcpy.o strtonum.o verrc.o
++OBJECTS+=$(COMPAT:%.o=compat/%.o)
+ 
+ all: $(OBJECTS) doas.1.final doas.conf.5.final
+ 	$(CC) -o $(BIN) $(OBJECTS) $(LDFLAGS)
diff --git a/doas/Pkgfile b/doas/Pkgfile
new file mode 100644
index 000000000..b80fffb1f
--- /dev/null
+++ b/doas/Pkgfile
@@ -0,0 +1,20 @@
+# Description: A port of OpenBSD's doas
+# URL: https://github.com/slicer69/doas
+# Maintainer: Tim Biermann, tbier at posteo dot de
+# Depends on: linux-pam
+
+name=doas
+version=6.3p2
+release=1
+source=(https://github.com/slicer69/doas/archive/$version/$name-$version.tar.gz
+  #shamelessly grabbed from archs aur
+  doas-pam doas.conf Makefile.patch)
+
+build() {
+  cd $name-$version
+  patch -Np0 -i $SRC/Makefile.patch
+  make
+  make DESTDIR=$PKG install
+  install -Dm644 $SRC/doas.conf $PKG/etc/doas.conf
+  install -Dm644 $SRC/doas-pam $PKG/etc/pam.d/doas
+}
diff --git a/doas/doas-pam b/doas/doas-pam
new file mode 100644
index 000000000..31e986c83
--- /dev/null
+++ b/doas/doas-pam
@@ -0,0 +1,7 @@
+#
+# /etc/pam.d/doas - doas pam configuration
+#
+
+auth       include    common-auth
+account    include    common-account
+session    include    common-session
diff --git a/doas/doas.conf b/doas/doas.conf
new file mode 100644
index 000000000..818e1040a
--- /dev/null
+++ b/doas/doas.conf
@@ -0,0 +1,43 @@
+## Sample configuration file for doas
+## Please see doas.conf manual page for information on setting
+## up a doas.conf file.
+##
+## This file should be edited using `vidoas` to prevent syntax errors
+##
+## doas.conf is read from top to bottom, and the last matching rule
+## will be used
+
+## This file defines which users should (not) be allowed to use doas
+
+## Allow root user to use doas:
+permit root
+## alternatively: permit 0
+
+## Allow members of the wheel group to use doas (note the colon):
+# permit :wheel
+
+## Deny user malloy to use doas:
+# deny malloy
+
+## Allow alice to 'doas' bob:
+# permit alice as bob
+
+## Deny Bob to run pacman:
+# deny bob cmd pacman
+
+# Allow Bob to update packages using pacman
+# allow bob cmd /usr/bin/pacman -Syu
+
+## If a command without path is specified,
+## the command will be searched in
+## usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+## (not PATH).
+
+## Allow Bob to update packages without entering his pasword:
+# allow nopass bob cmd /usr/bin/pacman -Syu
+
+## Maintain the user's environment:
+# allow keepenv alice
+## Variables may also be set using setenv { \
+##     PKG_CACHE RELEASE_DIR=/var/local/ \
+## }


More information about the crux-commits mailing list