Thu Dec 22 09:24:38 2022 UTC ()
security/opendoas: allow optional 'persist' support.

Add optional support for a persist argument to enable time-based
credential caching, modeled after the equivalent OpenBSD's doas
behaviour.
Implemented via timestamp records, in lack of a TIOCCHKVERAUTH ioctl.
Marked upstream as experimental and hereby disabled by default.
Available only on Linux.


(vins)
diff -r1.5 -r1.6 pkgsrc/security/opendoas/Makefile
diff -r0 -r1.1 pkgsrc/security/opendoas/options.mk
cvs diff -r1.5 -r1.6 pkgsrc/security/opendoas/Makefile (expand / switch to unified diff)

--- pkgsrc/security/opendoas/Makefile 2022/07/04 08:25:58 1.5
+++ pkgsrc/security/opendoas/Makefile 2022/12/22 09:24:38 1.6
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: Makefile,v 1.5 2022/07/04 08:25:58 pin Exp $ 1# $NetBSD: Makefile,v 1.6 2022/12/22 09:24:38 vins Exp $
2 2
3DISTNAME= opendoas-6.8.2 3DISTNAME= opendoas-6.8.2
4CATEGORIES= security 4CATEGORIES= security
5MASTER_SITES= ${MASTER_SITE_GITHUB:=duncaen/} 5MASTER_SITES= ${MASTER_SITE_GITHUB:=duncaen/}
6GITHUB_TAG= v${PKGVERSION_NOREV} 6GITHUB_TAG= v${PKGVERSION_NOREV}
7 7
8MAINTAINER= sunil@nimmagadda.net 8MAINTAINER= sunil@nimmagadda.net
9HOMEPAGE= https://github.com/duncaen/opendoas 9HOMEPAGE= https://github.com/duncaen/opendoas
10COMMENT= Execute commands as another user 10COMMENT= Execute commands as another user
11LICENSE= isc 11LICENSE= isc
12 12
13CONFLICTS= doas-[0-9]* 13CONFLICTS= doas-[0-9]*
14 14
@@ -22,28 +22,32 @@ SUBST_MESSAGE.paths= Fixing hardcoded pa @@ -22,28 +22,32 @@ SUBST_MESSAGE.paths= Fixing hardcoded pa
22SUBST_STAGE.paths= pre-configure 22SUBST_STAGE.paths= pre-configure
23SUBST_FILES.paths= doas.1 doas.conf.5 23SUBST_FILES.paths= doas.1 doas.conf.5
24SUBST_SED.paths= -e "s,/etc,${PKG_SYSCONFDIR}," 24SUBST_SED.paths= -e "s,/etc,${PKG_SYSCONFDIR},"
25 25
26EGDIR= share/examples/${PKGBASE} 26EGDIR= share/examples/${PKGBASE}
27 27
28.include "../../mk/bsd.prefs.mk" 28.include "../../mk/bsd.prefs.mk"
29 29
30HAS_CONFIGURE= yes 30HAS_CONFIGURE= yes
31CONFIGURE_ARGS+= --prefix=${PREFIX} 31CONFIGURE_ARGS+= --prefix=${PREFIX}
32CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} 32CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
33CONFIGURE_ARGS+= --mandir=${PREFIX}/${PKGMANDIR} 33CONFIGURE_ARGS+= --mandir=${PREFIX}/${PKGMANDIR}
34CONFIGURE_ARGS+= --datadir=${PREFIX}/${EGDIR} 34CONFIGURE_ARGS+= --datadir=${PREFIX}/${EGDIR}
35.if ${OPSYS} == "Linux" && !exists(/usr/include/security/pam_appl.h) 35
 36.if ${OPSYS} == "Linux"
 37.include "options.mk"
 38. if !exists(/usr/include/security/pam_appl.h)
36CONFIGURE_ARGS+= --without-pam 39CONFIGURE_ARGS+= --without-pam
 40. endif
37.endif 41.endif
38 42
39USE_TOOLS= gmake yacc 43USE_TOOLS= gmake yacc
40MAKE_FILE= GNUmakefile 44MAKE_FILE= GNUmakefile
41 45
42BUILDLINK_TRANSFORM+= rm:-Werror 46BUILDLINK_TRANSFORM+= rm:-Werror
43 47
44SPECIAL_PERMS+= bin/doas ${SETUID_ROOT_PERMS} 48SPECIAL_PERMS+= bin/doas ${SETUID_ROOT_PERMS}
45NOT_FOR_UNPRIVILEGED= yes 49NOT_FOR_UNPRIVILEGED= yes
46 50
47INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 ${PKGMANDIR}/man5 ${EGDIR} 51INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 ${PKGMANDIR}/man5 ${EGDIR}
48 52
49PLIST_VARS+= pam-conf 53PLIST_VARS+= pam-conf
File Added: pkgsrc/security/opendoas/options.mk
# $NetBSD: options.mk,v 1.1 2022/12/22 09:24:38 vins Exp $

PKG_OPTIONS_VAR=	PKG_OPTIONS.opendoas

PKG_SUPPORTED_OPTIONS+=	persist
PKG_SUGGESTED_OPTIONS=

.include "../../mk/bsd.options.mk"

##
## Enable credential caching.
##
.if !empty(PKG_OPTIONS:Mpersist)
CONFIGURE_ARGS+=	--with-timestamp
.endif