# Copyright 2022-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 CRATES=" " RUST_MIN_VER="1.71.1" if [[ ${PV} == 9999 ]]; then inherit cargo git-r3 optfeature pam EGIT_REPO_URI="https://github.com/trifectatechfoundation/sudo-rs" SRC_URI="$(cargo_crate_uris ${CRATES})" else inherit cargo optfeature pam if [[ ${PV} != *_beta* && ${PV} != *_rc* ]]; then KEYWORDS="~amd64 ~x86 ~arm ~arm64 ~mips ~ppc ~ppc64 ~riscv ~sparc" fi SRC_URI="$(cargo_crate_uris ${CRATES}) https://github.com/trifectatechfoundation/${PN}/releases/download/v${PV}/${PN}-${PV}.tar.gz " fi DESCRIPTION="A memory safe implementation of sudo" HOMEPAGE="https://trifectatech.org/" LICENSE="MIT" SLOT="0" DEPEND=" !app-admin/sudo " ## Requires at least kernel 5.9.0 but I'm not sure this is the ideal way to handle this given that the user might have one already undetected: RDEPEND="${DEPEND} >=sys-kernel/gentoo-sources-5.9.0 sys-apps/dbus sys-libs/pam " BDEPEND="${RDEPEND} dev-vcs/git sys-apps/grep sys-apps/sed " src_unpack(){ if [[ ${PV} == 9999 ]]; then git-r3_src_unpack || die cargo_live_src_unpack || die fi } src_configure() { if [[ ${PV} == 9999 ]]; then COLLECTED_GIT_LONG_REVISION="$(git describe --long --tags | sed 's/\([^-]*-\)g/r\1/;s/-/./g' | sed 's|v||')" COLLECTED_GIT_TAG="$(git describe --tags "$(git rev-list --tags --max-count=1)" | sed 's|v||')" COLLECTED_GIT_COMMIT="$(echo "${COLLECTED_GIT_LONG_REVISION}" | sed "s|${COLLECTED_GIT_TAG}.||" | sed -E 's|[A-Za-z0-9]+\.||')" ## We collect the version name this way because sometimes upstream doesn't align the development version with what 'git describe' actually reports is the tag ## We search Cargo.toml first because, unlike Cargo.lock, Cargo.toml reliably only lists the version name this way for sudo-rs and none of the dependencies to confuse the output COLLECTED_VERSION="$(grep "^version =" Cargo.toml | sed 's|version = ||' | sed 's|"||g')" NEW_VERSION_NAMING_SCHEME="${COLLECTED_VERSION}-${COLLECTED_GIT_COMMIT}" sed -i "s|version = \"${COLLECTED_VERSION}\"|version = \"${NEW_VERSION_NAMING_SCHEME}\"|" Cargo.toml || die sed -i "s|version = \"${COLLECTED_VERSION}\"|version = \"${NEW_VERSION_NAMING_SCHEME}\"|" Cargo.lock || die fi ## Pulled from the app-shells/starship ebuild, but src_configure errors if we do this # export PKG_CONFIG_ALLOW_CROSS=1 # export OPENSSL_NO_VENDOR=true # cargo_src_configure || die } src_compile() { ## From the Firefox ebuild if ! use elibc_glibc ; then if use amd64 ; then export RUST_TARGET="x86_64-unknown-linux-musl" elif use x86 ; then export RUST_TARGET="i686-unknown-linux-musl" elif use arm64 ; then export RUST_TARGET="aarch64-unknown-linux-musl" elif use ppc64 ; then export RUST_TARGET="powerpc64le-unknown-linux-musl" elif use riscv ; then # We can pretty safely rule out any 32-bit riscvs, but 64-bit riscvs also have tons of # different ABIs available. riscv64gc-unknown-linux-musl seems to be the best working # guess right now though. elog "riscv detected, forcing a riscv64 target for now." export RUST_TARGET="riscv64gc-unknown-linux-musl" else die "Unknown musl chost, please post a new bug with your rustc -vV along with emerge --info" fi else if use amd64 ; then export RUST_TARGET="x86_64-unknown-linux-gnu" elif use x86 ; then export RUST_TARGET="i686-unknown-linux-gnu" elif use arm64 ; then export RUST_TARGET="aarch64-unknown-linux-gnu" elif use ppc64 ; then export RUST_TARGET="powerpc64le-unknown-linux-gnu" elif use riscv ; then elog "riscv detected, forcing a riscv64 target for now." export RUST_TARGET="riscv64gc-unknown-linux-gnu" else die "Unknown chost, please post a new bug with your rustc -vV along with emerge --info" fi fi cargo_src_compile || die } src_install(){ exeinto /usr/bin || die ## Install dobin "target/${RUST_TARGET}/release/sudo" || die dobin "target/${RUST_TARGET}/release/visudo" || die ## Change dobin to newexe if "app-admin/sudo" is installed # newexe "target/${RUST_TARGET}/release/sudo" sudo-rs || die # newexe "target/${RUST_TARGET}/release/visudo" visudo-rs || die ### Set ownership, permissions, and the SUID bit fowners 0:0 /usr/bin/sudo || die fperms 4755 /usr/bin/sudo || die fowners 0:0 /usr/bin/visudo || die fperms 4755 /usr/bin/visudo || die ## Required or else sudo-rs will throw a fit about failed authentications upon invocation pamd_mimic system-auth sudo auth account session pamd_mimic system-auth sudo-i auth account session insinto /usr/share/sudo-rs/markdown-man doins docs/man/sudo.8.md doins docs/man/visudo.8.md fowners 0:0 /usr/share/sudo-rs/markdown-man/sudo.8.md fperms 644 /usr/share/sudo-rs/markdown-man/sudo.8.md fowners 0:0 /usr/share/sudo-rs/markdown-man/visudo.8.md fperms 644 /usr/share/sudo-rs/markdown-man/visudo.8.md insinto /usr/share/sudo-rs/license doins LICENSE-APACHE doins LICENSE-MIT fowners 0:0 /usr/share/sudo-rs/license/LICENSE-APACHE fperms 744 /usr/share/sudo-rs/license/LICENSE-APACHE fowners 0:0 /usr/share/sudo-rs/license/LICENSE-MIT fperms 744 /usr/share/sudo-rs/license/LICENSE-MIT } pkg_postinst() { einfo "*******************" ewarn "Sudo-rs needs the sudoers configuration file." ewarn "The sudoers configuration file will be loaded from /etc/sudoers-rs if that file exists," ewarn "otherwise the original /etc/sudoers location will be used. NOTE: It must be UTF8-encoded!" ewarn "" ewarn "Likewise, if you get an error regarding 'sudoers.d' it means you need to create that folder" ewarn "in '/etc'. This is because it may have been included by default in an original sudoers file" ewarn "and sudo-rs has yet to implement error handling for missing referenced folders." }