*/*: Introduction USES=sudo
A new uses 'sudo' has been added to transperently depends of the
proper flavor of sudo 'default' or 'sssd' depending on the default
version set by the user.
If you prefere to use 'sssd' flavor of sudo, add the following
to your make.conf:
DEFAULT_VERSIONS+=sudo=sssd
All sudo consummer ports has benn updated to USES=sudo
Approved by: 0mp (mentor)
Approved by: kevans
Sponsored by: Klara, Inc.Details
Details
Did a poudriere with DEFAULT_VERSIONS as default and sudo=sssd to test all consummer ports.
Diff Detail
Diff Detail
- Repository
- R11 FreeBSD ports repository
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
Comment Actions
Thanks for posting this!
| Mk/Uses/sudo.mk | ||
|---|---|---|
| 19 | env and lib were copied from another .mk file. | |
| 23 | Let's drop the @ from here. | |
| 26 | We can simplify all that into: _SUDO_PORT= security/sudo
_SUDO_DEPENDS= sudo:${_SUDO_PORT}@${SUDO_DEFAULT} | |
| 32 | ||
| 35 | ||
| Mk/bsd.default-versions.mk | ||
| 191 | missing comma | |
| net-mgmt/librenms/Makefile | ||
| 102 | This port will probably need an update to CHANGES file informing the users that they need to switch to using DEFAULT_VERSIONS instead of OPTIONS to configure this port. | |
| security/kf5-kdesu/Makefile | ||
| 25 | Missing build. | |
| security/kf6-kdesu/Makefile | ||
| 24 | Missing build | |
| sysutils/bhyvemgr/Makefile | ||
| 4 | Also, we don't really need to bump PORTREVISION in all those ports as there is nothing changing in the packages really. | |
| 18 | I just noticed that we should try sorting sudo alphabetically into the USES list. It applies to all the ports me modify. | |
Comment Actions
Please stop that. sudo may not even be my preferred tool to escalate privileges. I might prefer doas or su. Adding USES support for such a feature endorses it, and we'll see creeping changes to move the entire ports tree and user community towards SUDO.
That aside, if I can't tell people to stop the nonsense the commentary and texts need spell checking and options to use other tools instead of sudo.
Comment Actions
Well I do no try with this review to say "sudo is the best tool to escalate privileges", I just try to fix issues with sudo flavors that is used as a dependency in some ports.
You may not know but sudo can takes some informations using sssd, since it is not a good idea to pull per default sssd and all the dependencies used for some people (mostly corporate users).
I don't say this will fix sudo, but this will fix ports that depends of sudo.
Feel free to adapt other ports to use doas, so example, or mac_do.
That aside, if I can't tell people to stop the nonsense the commentary and texts need spell checking and options to use other tools instead of sudo.
Sorry about my english, not everybody have English as native tongue unfortunatly.
| net-mgmt/librenms/Makefile | ||
|---|---|---|
| 102 | This should be done in the same commit ? | |
| sysutils/bhyvemgr/Makefile | ||
| 4 | Idea is to push some check with poudriere, do you think it is a bad idea? | |
Comment Actions
Let me explain what's going on there.
Right now a bunch of ports has a hard runtime dependency on sudo in form of RUN_DEPENDS= sudo:security/sudo. But sudo actually has two flavors, so this change merely adds a new possible value for DEFAULT_VERSION and changes RUN_DEPENDS=sudo to USES=sudo to abstract from the actual selected version. This change does not make things any worse, it simply allows depending on sudo-sssd instead of sudo.
A couple of more points:
- Once pkg gains proper provides/requires support we'll be able to remove this USES. With provides/requires a package may specify a dependency on the sudo program, which can then be fulfilled by any package that installs such a binary. More specifically, this would allow one to run pkg install sudo-sssd and will simple replace already installed sudo without the need to recompile consumers. The change proposed in this Diff is merely a workaround for not having provides/requires in pkg.
- PORTREVISION bumps does not seem to be necessary. Nothing is changed wrt. dependencies in the default case.
- Since this change touches bsd.default-versions.mk, maybe portmgr should be invoked too.
| security/kf5-kdesu/Makefile | ||
|---|---|---|
| 25 | Actually, sudo:build does not make sense. USES=sudo should not have arguments and only set RUN_DEPENDS. We do have sort of provides/requires at the port level, so using BUILD_DEPENDS=sudo:security/sudo will work even if the default is sudo-sssd. | |
| security/kf5-kdesu/Makefile | ||
|---|---|---|
| 25 | Ah, no, it probably won't work in Poudriere, because it tries to install the package at the end of the build. This will pull in its runtime deps and create a conflict between sudo and sudo-sssd. So, disregard my previous comment, sorry for the noise. | |
Comment Actions
This is the idea indeed.
A couple of more points:
- Once pkg gains proper provides/requires support we'll be able to remove this USES. With provides/requires a package may specify a dependency on the sudo program, which can then be fulfilled by any package that installs such a binary. More specifically, this would allow one to run pkg install sudo-sssd and will simple replace already installed sudo without the need to recompile consumers. The change proposed in this Diff is merely a workaround for not having provides/requires in pkg.
Yeah this is a workaround until pkg and the port infrastructure can add a runtime dependency : "I need this package as run dependency, what ever the flavor". This is far than perfect, but for a short terms this is a way to get the functionality working.
- PORTREVISION bumps does not seem to be necessary. Nothing is changed wrt. dependencies in the default case.
Right noted. Will correct that.
- Since this change touches bsd.default-versions.mk, maybe portmgr should be invoked too.
Sure, thank for the advice.