freebsd/ports
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6e12cf03b94de66cab8e207b11d1e6ef72c8cc79
ports/security/sudo/Makefile
T
Rene Ladan 2a7c056120 all: drop support for FreeBSD 13, mips and risc64sf 
Reviewed by:            many (*)
Differential Revision:  https://reviews.freebsd.org/D55624
Differential Revision:  https://reviews.freebsd.org/D55642 (merged in from bofh)

many (*)
  acm arrowd brooks cmt dch decke dinoex eduardo fluffy fuz gahr garga
  jbeich joerg jrm kai kenrap martymac matthew mfechner michaelo mizhka
  nobutaka pkubaj se tagattie thj

  Anton Saietskii
  GenericRikka
  Gert Doering
  Jan Bramkamp
  Oleh Hushchenkov
  Oleksandr Kryvulia
  Ralf van der Enden
  Yamagi

  desktop kde python tcltk office
2026-05-07 23:47:29 +02:00

153 lines
4.6 KiB
Makefile
Raw Blame History

PORTNAME= sudo
PORTVERSION= 1.9.17p2
PORTREVISION= 2
CATEGORIES= security
MASTER_SITES= SUDO
MAINTAINER= garga@FreeBSD.org
COMMENT= Allow others to run commands as root
WWW= https://www.sudo.ws/
LICENSE= sudo
LICENSE_NAME= Sudo license
LICENSE_FILE= ${WRKSRC}/LICENSE.md
LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept
FLAVORS= default sssd
FLAVOR?= ${FLAVORS:[1]}
sssd_PKGNAMESUFFIX= -sssd
USES= cpe libtool pkgconfig
CPE_VENDOR= todd_miller
USE_LDCONFIG= yes
GNU_CONFIGURE= yes
GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share
CONFIGURE_ARGS= --mandir=${PREFIX}/share/man \
--sysconfdir=${PREFIX}/etc \
--with-env-editor \
--with-ignore-dot \
--with-logfac=${LOGFAC} \
--with-logincap \
--with-long-otp-prompt \
--with-rundir=/var/run/sudo \
--with-tty-tickets
LDFLAGS+= -lgcc
PORTSCOUT= ignore:1
OPTIONS_DEFINE= AUDIT DISABLE_AUTH DISABLE_ROOT_SUDO DOCS EXAMPLES \
INSULTS LDAP NLS NOARGS_SHELL OPIE PAM PYTHON SSL
OPTIONS_DEFAULT= AUDIT PAM SSL
OPTIONS_RADIO= KERBEROS
OPTIONS_RADIO_KERBEROS= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
OPTIONS_SUB= yes
AUDIT_DESC= Enable BSM audit support
DISABLE_AUTH_DESC= Do not require authentication by default
DISABLE_ROOT_SUDO_DESC= Do not allow root to run sudo
INSULTS_DESC= Enable insults on failures
KERBEROS_DESC= Enable Kerberos 5 authentication (no PAM support)
NOARGS_SHELL_DESC= Run a shell if no arguments are given
OPIE_DESC= Enable one-time passwords (no PAM support)
PYTHON_DESC= Enable python plugin support
SSL_DESC= Use OpenSSL TLS and SHA2 functions
AUDIT_CONFIGURE_WITH= bsm-audit
DISABLE_AUTH_CONFIGURE_ON= --disable-authentication
DISABLE_ROOT_SUDO_CONFIGURE_ON= --disable-root-sudo
GSSAPI_BASE_USES= gssapi
GSSAPI_BASE_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
GSSAPI_HEIMDAL_USES= gssapi:heimdal
GSSAPI_HEIMDAL_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
GSSAPI_MIT_USES= gssapi:mit
GSSAPI_MIT_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
INSULTS_CONFIGURE_ON= --with-insults --with-all-insults
LDAP_USES= ldap
LDAP_CONFIGURE_ON= --with-ldap=${PREFIX} \
--with-ldap-conf-file=${PREFIX}/etc/${SUDO_LDAP_CONF}
NLS_USES= gettext
NLS_CONFIGURE_ENABLE= nls
NLS_CFLAGS= -I${LOCALBASE}/include
NLS_LDFLAGS= -L${LOCALBASE}/lib -lintl
NOARGS_SHELL_CONFIGURE_ENABLE= noargs-shell
OPIE_CONFIGURE_ON= --with-opie
PAM_PREVENTS= OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
PAM_PREVENTS_MSG= PAM cannot be combined with any other authentication plugin
PAM_CONFIGURE_ON= --with-pam
PYTHON_USES= python
PYTHON_CONFIGURE_ENABLE=python
SSL_USES= ssl
SSL_CONFIGURE_ON= --enable-openssl=${OPENSSLBASE}
.if ${FLAVOR:U} == sssd
RUN_DEPENDS+= sssd:security/sssd2
CONFIGURE_ARGS+= --with-sssd \
--with-sssd-conf=${LOCALBASE}/etc/sssd/sssd.conf
.endif
LOGFAC?= authpriv
SUDO_LDAP_CONF?= ldap.conf
# This is intentionally not an option.
# SUDO_SECURE_PATH is a PATH string that will override the user's PATH.
# ex: make SUDO_SECURE_PATH="/sbin:/bin:/usr/sbin:/usr/bin"
.if defined(SUDO_SECURE_PATH)
CONFIGURE_ARGS+= --with-secure-path="${SUDO_SECURE_PATH}"
.endif
# This is intentionally not an option.
# SUDO_KERB5_INSTANCE is an optional instance string that will be appended
# to kerberos principals when to perform authentication. Common choices
# are "admin" and "sudo".
.if defined(SUDO_KERB5_INSTANCE)
CONFIGURE_ARGS+= --enable-kerb5-instance="${SUDO_KERB5_INSTANCE}"
.endif
.include <bsd.port.options.mk>
.if ${OPSYS} == FreeBSD
. if ${PORT_OPTIONS:MOPIE}
BUILD_DEPENDS+= opie>0:security/opie
RUN_DEPENDS+= opie>0:security/opie
. endif
.endif
.if ${ARCH} == "arm"
CONFIGURE_ARGS+= --disable-pie
.endif
post-patch:
@${REINPLACE_CMD} -E '/install-(binaries|noexec):/,/^$$/ \
s/\$$\(INSTALL\)/& ${STRIP}/;s/-b\~/-b ~/' \
${WRKSRC}/src/Makefile.in
post-install:
${INSTALL_DATA} ${FILESDIR}/pam.conf ${STAGEDIR}${PREFIX}/etc/pam.d/sudo.default
${MV} ${STAGEDIR}${PREFIX}/etc/sudo.conf ${STAGEDIR}${PREFIX}/etc/sudo.conf.sample
${MV} ${STAGEDIR}${PREFIX}/etc/sudo_logsrvd.conf ${STAGEDIR}${PREFIX}/etc/sudo_logsrvd.conf.sample
${RM} ${STAGEDIR}${PREFIX}/etc/sudoers
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/cvtsudoers
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/sudoreplay
${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/sudo/sudo_intercept.so
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/sudo_logsrvd
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/sudo_sendlog
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/visudo
.for f in audit_json.so group_file.so libsudo_util.so sudoers.so system_group.so
${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/sudo/${f}
.endfor
post-install-PYTHON-on:
${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/sudo/python_plugin.so
.include <bsd.port.mk>
Reference in New Issue View Git Blame Copy Permalink