summaryrefslogtreecommitdiff
path: root/system/opendoas
diff options
context:
space:
mode:
authorK. Eugene Carlson <kvngncrlsn@gmail.com>2021-03-12 18:22:29 +0000
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2021-03-13 09:02:39 +0700
commitbe930a2e0122f3c6bd14e81872f755e8cdd11877 (patch)
tree81c0d99a66ce9f2d66a9958c54d5c2dd17e3a9ed /system/opendoas
parentf8fabf06f8a28e8a3de4fb05b95714f1763e0d41 (diff)
downloadslackbuilds-be930a2e0122f3c6bd14e81872f755e8cdd11877.tar.gz
system/opendoas: Added (port of doas from OpenBSD)
Signed-off-by: Dave Woodfall <dave@slackbuilds.org> Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'system/opendoas')
-rw-r--r--system/opendoas/README67
-rw-r--r--system/opendoas/doinst.sh14
-rw-r--r--system/opendoas/opendoas.SlackBuild136
-rw-r--r--system/opendoas/opendoas.info10
-rw-r--r--system/opendoas/slack-desc19
5 files changed, 246 insertions, 0 deletions
diff --git a/system/opendoas/README b/system/opendoas/README
new file mode 100644
index 0000000000..2e57141ec1
--- /dev/null
+++ b/system/opendoas/README
@@ -0,0 +1,67 @@
+This is the "OpenDoas" port of OpenBSD's doas.
+
+The doas utility is a program originally written for OpenBSD that
+allows a user to run a command as though they were another user,
+typically root. doas acts as an alternative to sudo, with simple
+configuration syntax and a smaller code base for ease of security
+auditing.
+
+Please note that running this SlackBuild will install doas with SUID
+root.
+
+To get started, write a configuration file at /etc/doas.conf. As an
+example, including the line:
+
+ permit :wheel as root
+
+will allow all users in the wheel group to act as root with doas.
+Consult the doas.conf(5) man page for further details.
+
+The parameter "keepenv" in /etc/doas.conf allows for opening graphical
+applications with doas:
+
+ permit keepenv gene as root
+
+"exec dbus-launch --exit-with-session" may be required for xinit in
+Slackware 14.2. An alternative is to run "export $(dbus-launch)" after
+starting the X session. As with su, KDE 4 graphical applications may
+fail to open with doas.
+
+Running this SlackBuild without parameters will provide a build of
+OpenDoas with shadow support if PAM is not installed, and with PAM
+support if PAM is installed. Password persistence is disabled by
+default.
+
+To enable timestamp-based password persistence, call the SlackBuild
+with PERSIST=yes:
+
+ PERSIST=yes ./opendoas.SlackBuild
+
+In addition, ensure that the appropriate user or group line in
+/etc/doas.conf includes the "persist" option, as in this example:
+
+ permit persist jane as root
+
+Please note that upstream considers timestamp-based password
+persistence to be "new and potentially dangerous."
+
+For users with PAM installed, enable shadow authentication instead by
+calling the SlackBuild with PAM=no:
+
+ PAM=no ./opendoas.SlackBuild
+
+If /etc/pam.d/other and /etc/pam.d/system-auth are unmodified from the
+state in which they are shipped in -current, doas will run with PAM
+support if so compiled. Otherwise, doas may require a dedicated file at
+/etc/pam.d/doas to use PAM authentication.
+
+To allow OpenDoas to write a new PAM configuration file for doas, call
+the SlackBuild with PAM_FILE=yes:
+
+ PAM_FILE=yes ./opendoas.SlackBuild
+
+Upstream will not include PAM configuration files in releases of
+OpenDoas beyond 6.8.1.
+
+opendoas has no outside dependencies on Slackware 14.2 and adds no
+users or groups. opendoas conflicts with all other ports of doas.
diff --git a/system/opendoas/doinst.sh b/system/opendoas/doinst.sh
new file mode 100644
index 0000000000..97b05239d4
--- /dev/null
+++ b/system/opendoas/doinst.sh
@@ -0,0 +1,14 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+config etc/pam.d/doas.new
diff --git a/system/opendoas/opendoas.SlackBuild b/system/opendoas/opendoas.SlackBuild
new file mode 100644
index 0000000000..656a1323f3
--- /dev/null
+++ b/system/opendoas/opendoas.SlackBuild
@@ -0,0 +1,136 @@
+#!/bin/sh
+
+# Slackware build script for opendoas
+
+# Copyright 2021 K. Eugene Carlson Tsukuba, Japan
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=opendoas
+VERSION=${VERSION:-6.8.1}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+unset TIMESTAMP
+unset SHADOW
+
+# Use PERSIST=yes to enable timestamp-based password persistence. Upstream
+# considers this feature to be "new and potentially dangerous."
+[ ${PERSIST:-no} = yes ] && TIMESTAMP="--with-timestamp"
+
+# Use PAM=no to enable shadow authentication even on systems with PAM
+# installed. If shadow is not set, then doas will compile with PAM support
+# automatically if PAM is installed.
+[ ${PAM:-yes} = no ] && SHADOW="--with-shadow"
+
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) ARCH=i586 ;;
+ arm*) ARCH=arm ;;
+ *) ARCH=$( uname -m ) ;;
+ esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+ -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+
+# Pass in shadow support if PAM is not installed. OpenDoas defaults to PAM
+# authentication otherwise.
+if [ ! -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ SHADOW="--with-shadow"
+fi
+
+# No CXXFLAGS
+CFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/usr \
+ $SHADOW \
+ $TIMESTAMP \
+ --mandir=/usr/man
+
+make
+make install DESTDIR=$PKG
+
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a \
+ LICENSE README.md \
+ $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+chmod 4711 $PKG/usr/bin/doas
+
+# If PAM support is enabled, rename the package's PAM file to doas.new.
+if [ -f "$PKG/etc/pam.d/doas" ]; then
+ mv $PKG/etc/pam.d/doas $PKG/etc/pam.d/doas.new
+fi
+
+# Delete the new configuration file and its directory if PAM_FILE=yes was not
+# used. For Slackware -current users, doas can use PAM authentication provided
+# that /etc/pam.d/other and /etc/pam.d/system-auth have not been altered from
+# the state in which they are shipped. Writing new PAM configuration files was
+# deprecated after the current release of OpenDoas. To allow OpenDoas to write
+# a configuration file anyway, use PAM_FILE=yes.
+[ ${PAM_FILE:-no} != yes ] && rm -rf $PKG/etc
+
+if [ -f "$PKG/etc/pam.d/doas.new" ]; then
+ cat $CWD/doinst.sh > $PKG/install/doinst.sh
+fi
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/system/opendoas/opendoas.info b/system/opendoas/opendoas.info
new file mode 100644
index 0000000000..19ab89a182
--- /dev/null
+++ b/system/opendoas/opendoas.info
@@ -0,0 +1,10 @@
+PRGNAM="opendoas"
+VERSION="6.8.1"
+HOMEPAGE="https://github.com/Duncaen/opendoas"
+DOWNLOAD="https://github.com/Duncaen/OpenDoas/releases/download/v6.8.1/opendoas-6.8.1.tar.gz"
+MD5SUM="c174a9e39ce6d526a1db16f214d0e127"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES="%README%"
+MAINTAINER="K. Eugene Carlson"
+EMAIL="kvngncrlsn@gmail.com"
diff --git a/system/opendoas/slack-desc b/system/opendoas/slack-desc
new file mode 100644
index 0000000000..272e764f6a
--- /dev/null
+++ b/system/opendoas/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+ |-----handy-ruler------------------------------------------------------|
+opendoas: opendoas (port of doas from OpenBSD)
+opendoas:
+opendoas: doas is a sudo alternative originally written for OpenBSD. It allows
+opendoas: a user to run a command as a different user, most often root. doas
+opendoas: offers simple configuration syntax; create a config file at
+opendoas: /etc/doas.conf to get started. See doas.conf(5).
+opendoas: The opendoas package conflicts with all other ports of doas.
+opendoas: The opendoas package does not conflict with sudo.
+opendoas: Author: Ted Unangst
+opendoas: Port author: Duncan Overbruck
+opendoas: https://github.com/Duncaen/OpenDoas