--- embedaddon/sudo/mkpkg 2012/05/29 12:26:49 1.1.1.2 +++ embedaddon/sudo/mkpkg 2014/06/15 16:12:53 1.1.1.6 @@ -1,5 +1,19 @@ #!/bin/sh # +# Copyright (c) 2010-2013 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# # Build a binary package using polypkg # Usage: mkpkg [--debug] [--flavor flavor] [--platform platform] [--osversion ver] # @@ -78,20 +92,6 @@ top_srcdir=`dirname $0` test -n "$osversion" || exit 1 osrelease=`echo "$osversion" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'` -# Default paths -prefix=/usr/local - -# Linux distros may build binaries as pie files. -# This is really something libtool should figure out, but it does not. -case "$osversion" in - *-s390*|*-sparc*|*-alpha*) - F_PIE=-fPIE - ;; - *) - F_PIE=-fpie - ;; -esac - # Choose compiler options by osversion if not cross-compiling. if [ "$crossbuild" = "false" ]; then case "$osversion" in @@ -120,21 +120,23 @@ fi # We use the same configure options as vendor packages when possible. case "$osversion" in centos*|rhel*) - prefix=/usr if [ $osrelease -ge 40 ]; then # RHEL 4 and up support SELinux configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" fi if [ $osrelease -ge 50 ]; then - # RHEL 5 and up build pies, have audit support and use a - # separate PAM config file for "sudo -i". - export CFLAGS="-O2 -g $F_PIE" LDFLAGS="-pie" + # RHEL 5 and up has audit support and uses a separate PAM + # config file for "sudo -i". configure_opts="${configure_opts}${configure_opts+$tab}--with-linux-audit" configure_opts="${configure_opts}${configure_opts+$tab}--with-pam-login" PPVARS="${PPVARS}${PPVARS+$space}linux_audit=1.4.0" fi + if [ $osrelease -ge 60 ]; then + # RHEL 6 and above builds sudo with SSSD support + configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd" + fi # Note, must indent with tabs, not spaces due to IFS trickery - configure_opts="--prefix=$prefix + configure_opts="--prefix=/usr --with-logging=syslog --with-logfac=authpriv --with-pam @@ -145,15 +147,13 @@ case "$osversion" in --with-tty-tickets --with-ldap --with-passprompt=[sudo] password for %p: + --with-sendmail=/usr/sbin/sendmail $configure_opts" ;; sles*) - prefix=/usr if [ $osrelease -ge 10 ]; then - # SLES 10 and higher build pies - export CFLAGS="-O2 -g $F_PIE" LDFLAGS="-pie" + # SLES 11 and higher has SELinux if [ $osrelease -ge 11 ]; then - # SLES 11 and higher has SELinux configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" fi fi @@ -165,8 +165,8 @@ case "$osversion" in esac # Note, must indent with tabs, not spaces due to IFS trickery # XXX - SuSE uses secure path but only for env_reset - configure_opts="--prefix=$prefix - --libexecdir=$prefix/$libexec/sudo + configure_opts="--prefix=/usr + --libexecdir=/usr/$libexec --with-logging=syslog --with-logfac=auth --with-all-insults @@ -179,31 +179,27 @@ case "$osversion" in --with-ldap --with-env-editor --with-passprompt=%p\'s password: + --with-sendmail=/usr/sbin/sendmail $configure_opts" make_opts='docdir=$(datarootdir)/doc/packages/$(PACKAGE_TARNAME)' ;; deb*|ubu*) - prefix=/usr + # Man pages should be compressed in .deb files + export MANCOMPRESS='gzip -9' + export MANCOMPRESSEXT='.gz' # If Ubuntu, add --enable-admin-flag case "$osversion" in ubu*) configure_opts="${configure_opts}${configure_opts+$tab}--enable-admin-flag${tab}--without-lecture" - if [ $osrelease -ge 1004 ]; then - export CFLAGS="-O2 -g $F_PIE" LDFLAGS="-pie" - fi ;; - deb*) - if [ $osrelease -ge 600 ]; then - export CFLAGS="-O2 -g $F_PIE" LDFLAGS="-pie" - fi - ;; esac # Note, must indent with tabs, not spaces due to IFS trickery if test "$flavor" = "ldap"; then configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap --with-ldap-conf-file=/etc/sudo-ldap.conf" fi + configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" configure_opts="--prefix=/usr --with-all-insults --with-pam @@ -216,12 +212,10 @@ case "$osversion" in --with-timeout=15 --with-password-timeout=0 --with-passprompt=[sudo] password for %p: - --with-timedir=/var/lib/sudo --disable-root-mailer - --disable-setresuid --with-sendmail=/usr/sbin/sendmail --mandir=/usr/share/man - --libexecdir=/usr/lib/sudo + --libexecdir=/usr/lib --with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin $configure_opts" ;; @@ -234,17 +228,20 @@ case "$osversion" in esac if test "${osversion}" != "`$top_srcdir/pp --probe`"; then sdkvers=`echo "${osversion}" | sed 's/^macos\([0-9][0-9]\)\([0-9]*\)-.*$/\1.\2/'` - SDK_FLAGS="-isysroot /Developer/SDKs/MacOSX${sdkvers}.sdk -mmacosx-version-min=${sdkvers}" + # Newer Xcode puts /Developer under the app Contents dir. + SDK_DIR="/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs" + if test -d "${SDK_DIR}/MacOSX${sdkvers}.sdk"; then + SDK_DIR="${SDK_DIR}/MacOSX${sdkvers}.sdk" + elif test -d "/Developer/SDKs/MacOSX${sdkvers}.sdk"; then + SDK_DIR="/Developer/SDKs/MacOSX${sdkvers}.sdk" + fi + SDK_FLAGS="-isysroot ${SDK_DIR} -mmacosx-version-min=${sdkvers}" fi export CFLAGS="-O2 -g $ARCH_FLAGS $SDK_FLAGS" export LDFLAGS="$ARCH_FLAGS $SDK_FLAGS" - if [ $osrelease -ge 105 ]; then - CFLAGS="$CFLAGS $F_PIE" - LDFLAGS="$LDFLAGS -Wl,-pie" - fi # Note, must indent with tabs, not spaces due to IFS trickery - configure_opts="--prefix=$prefix - --with-pam + configure_opts="--with-pam + --with-bsm-audit --without-tty-tickets --enable-zlib=system --with-ldap @@ -255,18 +252,48 @@ case "$osversion" in --with-env-editor $configure_opts" ;; + aix*) + # Use -gxcoff with gcc instead of -g for dbx-style debugging symbols. + if test -z "$CC" && gcc -v >/dev/null 2>&1; then + CFLAGS=-gxcoff; export CFLAGS + fi + # Note, must indent with tabs, not spaces due to IFS trickery + # Note: we include our own zlib instead of relying on the + # AIX freeware version being installed. + configure_opts=" + --prefix=/opt/freeware + --mandir=/opt/freeware/man + --with-insults=disabled + --with-logging=syslog + --with-logfac=auth + --with-editor=/usr/bin/vi + --with-env-editor + --enable-zlib=builtin + --disable-nls + --with-sendmail=/usr/sbin/sendmail + $configure_opts" + PPVARS="${PPVARS}${PPVARS+$space}aix_freeware=true" + ;; *) # For Solaris, add project support and use let configure choose zlib. # For all others, use the builtin zlib and disable NLS support. case "$osversion" in - sol*) configure_opts="${configure_opts}${configure_opts+$tab}--with-project";; - *) configure_opts="${configure_opts}${configure_opts+$tab}--enable-zlib=builtin${tab}--disable-nls";; + sol*) + configure_opts="${configure_opts}${configure_opts+$tab}--with-project" + + if [ $osrelease -ge 11 ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-bsm-audit" + fi + ;; + *) + configure_opts="${configure_opts}${configure_opts+$tab}--enable-zlib=builtin${tab}--disable-nls" + ;; esac if test "$flavor" = "ldap"; then configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap" fi # Note, must indent with tabs, not spaces due to IFS trickery - configure_opts="--prefix=$prefix + configure_opts=" --with-insults=disabled --with-logging=syslog --with-logfac=auth