[Bug 257906] security/sudo: add openssl support
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 17 Aug 2021 06:19:52 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257906
Bug ID: 257906
Summary: security/sudo: add openssl support
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: garga@FreeBSD.org
Reporter: peter@czanik.hu
Assignee: garga@FreeBSD.org
Flags: maintainer-feedback?(garga@FreeBSD.org)
I'm writing technical blogs about sudo, and while doing so, I discovered that
openssl support is not enabled in the security/sudo port and it's not even
available as an option. When it is enabled, one can encrypt the connection
between sudo and sudo_logsrvd.
The simple patch below adds optional openssl support. I think, it should be
enabled by default, but for now I kept it optional.
root@fb130:~ # diff -u /usr/ports/security/sudo/Makefile sudo/Makefile
--- /usr/ports/security/sudo/Makefile 2021-08-13 15:10:44.000000000 +0200
+++ sudo/Makefile 2021-08-11 11:20:21.962615000 +0200
@@ -28,7 +28,7 @@
--with-rundir=/var/run/sudo
OPTIONS_DEFINE= LDAP INSULTS DISABLE_ROOT_SUDO DISABLE_AUTH NOARGS_SHELL \
- AUDIT OPIE PAM PYTHON NLS SSSD DOCS EXAMPLES
+ AUDIT OPIE PAM PYTHON NLS SSSD DOCS EXAMPLES SSL
OPTIONS_RADIO= KERBEROS
OPTIONS_DEFAULT= AUDIT PAM
OPTIONS_SUB= yes
@@ -42,6 +42,7 @@
OPIE_DESC= Enable one-time passwords (no PAM support)
PYTHON_DESC= Enable python plugin support
SSSD_DESC= Enable SSSD backend support.
+SSL_DESC= Allow encryption between sudo and sudo_logsrvd
PAM_PREVENTS= OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
PAM_PREVENTS_MSG= PAM cannot be combined with any other authentication plugin
@@ -93,6 +94,9 @@
.if defined(SUDO_KERB5_INSTANCE)
CONFIGURE_ARGS+= --enable-kerb5-instance="${SUDO_KERB5_INSTANCE}"
.endif
+
+SSL_USES= ssl
+SSL_CONFIGURE_ON= --enable-openssl
.include <bsd.port.options.mk>
--
You are receiving this mail because:
You are the assignee for the bug.