Page MenuHomeFreeBSD

[PATCH] */*: Introduction USES=sudo
Needs ReviewPublic

Authored by kiwi on Aug 26 2025, 6:08 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Sep 30, 9:54 AM
Unknown Object (File)
Tue, Sep 30, 4:59 AM
Unknown Object (File)
Tue, Sep 23, 8:43 PM
Unknown Object (File)
Sat, Sep 20, 12:07 AM
Unknown Object (File)
Wed, Sep 17, 7:57 PM
Unknown Object (File)
Wed, Sep 17, 2:54 PM
Unknown Object (File)
Wed, Sep 17, 3:32 AM
Unknown Object (File)
Tue, Sep 16, 7:19 AM
Subscribers

Details

Reviewers
0mp
kevans
mandree
Summary
*/*: Introduction USES=sudo

A new uses 'sudo' has been added to transperently depends of the
proper flavor of sudo 'default' or 'sssd' depending on the default
version set by the user.

If you prefere to use 'sssd' flavor of sudo, add the following
to your make.conf:

        DEFAULT_VERSIONS+=sudo=sssd

All sudo consummer ports has benn updated to USES=sudo

Approved by:    0mp (mentor)
Approved by:    kevans
Sponsored by:   Klara, Inc.
Test Plan

Did a poudriere with DEFAULT_VERSIONS as default and sudo=sssd to test all consummer ports.

Diff Detail

Repository
R11 FreeBSD ports repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

kiwi requested review of this revision.Aug 26 2025, 6:08 AM
kiwi created this revision.
0mp requested changes to this revision.Aug 26 2025, 10:41 AM

Thanks for posting this!

Mk/Uses/sudo.mk
19

env and lib were copied from another .mk file.

23

Let's drop the @ from here.

26

We can simplify all that into:

_SUDO_PORT= security/sudo
_SUDO_DEPENDS= sudo:${_SUDO_PORT}@${SUDO_DEFAULT}
32
35
Mk/bsd.default-versions.mk
191

missing comma

net-mgmt/librenms/Makefile
102

This port will probably need an update to CHANGES file informing the users that they need to switch to using DEFAULT_VERSIONS instead of OPTIONS to configure this port.

security/kf5-kdesu/Makefile
25

Missing build.

security/kf6-kdesu/Makefile
24

Missing build

sysutils/bhyvemgr/Makefile
4

Also, we don't really need to bump PORTREVISION in all those ports as there is nothing changing in the packages really.

18

I just noticed that we should try sorting sudo alphabetically into the USES list. It applies to all the ports me modify.

This revision now requires changes to proceed.Aug 26 2025, 10:41 AM
mandree requested changes to this revision.Aug 27 2025, 7:46 PM
mandree added a subscriber: mandree.

Please stop that. sudo may not even be my preferred tool to escalate privileges. I might prefer doas or su. Adding USES support for such a feature endorses it, and we'll see creeping changes to move the entire ports tree and user community towards SUDO.

That aside, if I can't tell people to stop the nonsense the commentary and texts need spell checking and options to use other tools instead of sudo.

kiwi marked 9 inline comments as done.Mon, Sep 15, 3:01 AM

Addedd suggestions from 0mp

Please stop that. sudo may not even be my preferred tool to escalate privileges. I might prefer doas or su. Adding USES support for such a feature endorses it, and we'll see creeping changes to move the entire ports tree and user community towards SUDO.

Well I do no try with this review to say "sudo is the best tool to escalate privileges", I just try to fix issues with sudo flavors that is used as a dependency in some ports.
You may not know but sudo can takes some informations using sssd, since it is not a good idea to pull per default sssd and all the dependencies used for some people (mostly corporate users).

I don't say this will fix sudo, but this will fix ports that depends of sudo.

Feel free to adapt other ports to use doas, so example, or mac_do.

That aside, if I can't tell people to stop the nonsense the commentary and texts need spell checking and options to use other tools instead of sudo.

Sorry about my english, not everybody have English as native tongue unfortunatly.

net-mgmt/librenms/Makefile
102

This should be done in the same commit ?

sysutils/bhyvemgr/Makefile
4

Idea is to push some check with poudriere, do you think it is a bad idea?

Let me explain what's going on there.

Right now a bunch of ports has a hard runtime dependency on sudo in form of RUN_DEPENDS= sudo:security/sudo. But sudo actually has two flavors, so this change merely adds a new possible value for DEFAULT_VERSION and changes RUN_DEPENDS=sudo to USES=sudo to abstract from the actual selected version. This change does not make things any worse, it simply allows depending on sudo-sssd instead of sudo.

A couple of more points:

  1. Once pkg gains proper provides/requires support we'll be able to remove this USES. With provides/requires a package may specify a dependency on the sudo program, which can then be fulfilled by any package that installs such a binary. More specifically, this would allow one to run pkg install sudo-sssd and will simple replace already installed sudo without the need to recompile consumers. The change proposed in this Diff is merely a workaround for not having provides/requires in pkg.
  2. PORTREVISION bumps does not seem to be necessary. Nothing is changed wrt. dependencies in the default case.
  3. Since this change touches bsd.default-versions.mk, maybe portmgr should be invoked too.
security/kf5-kdesu/Makefile
25

Actually, sudo:build does not make sense. USES=sudo should not have arguments and only set RUN_DEPENDS.

We do have sort of provides/requires at the port level, so using BUILD_DEPENDS=sudo:security/sudo will work even if the default is sudo-sssd.

security/kf5-kdesu/Makefile
25

Ah, no, it probably won't work in Poudriere, because it tries to install the package at the end of the build. This will pull in its runtime deps and create a conflict between sudo and sudo-sssd. So, disregard my previous comment, sorry for the noise.