Created attachment 251302 [details] Patch that addes the port for opendoas OpenBSD doas does not support persist option for non OpenBSD systems, OpenDoas originally made for Linux and MacOS does support this. This patch adds the opendoas package as an alternative to sudo that supports persist. Patch is attached. NOTE: my changes have not merged upstream so this port uses my fork of OpenDoas for the time being (the maintainer of OpenDoas is not very active).
Created attachment 251303 [details] Patch adding opendoas port [2]
^Triage: reword Summary; remove keyword as it does not apply to a security incident.
Created attachment 251313 [details] Patch adding opendoas port Fixed port lint warning about hard coding `/usr/local`
(In reply to Cathal O'Grady from comment #3) pkg-plist must be: bin/doas share/man/man1/doas.1.gz share/man/man5/doas.conf.5.gz You can check other ports for examples.
In pkg-descr: freebsd => FreeBSD
Created attachment 251314 [details] Patch adding opendoas port [4] Fixes as per Vlads comments.
Why "DISTVERSION=1.0"? I don't see any version from upstream. It's just version from development branch. Are you the developer of the OpenDoas? Best way is to create release or at least tag.
(In reply to Vladimir Druzenko from comment #7) So upstream is https://github.com/Duncaen/OpenDoas: which has versions though latest was 2 years ago. However this port uses my fork which does not have any versions, the plan was to tag this as 1.0 and update to latest version once/if upstream accepts my pr.
(In reply to Cathal O'Grady from comment #8) Upstream for this port is your repo https://github.com/leath-dub/OpenDoas, is not https://github.com/Duncaen/OpenDoas - so version numbering is up to you. And you, as a maintainer, can switch the upstream whenever you want.
(In reply to Vladimir Druzenko from comment #9) So it is ok to leave 1.0, or are you suggesting I create a tagged release on github if so ?
(In reply to Cathal O'Grady from comment #10) Yes, I suggesting you create a tagged release on github.
Another variant use upstream https://github.com/Duncaen/OpenDoas with version 6.8.2 and add patches: https://github.com/Duncaen/OpenDoas/commit/b96106b7e34ac591ae78b1684e9be3a265122463 https://github.com/Duncaen/OpenDoas/commit/97218322213274eb24ab633e09478075b2282ab3 PATCH_SITES= https://github.com/Duncaen/OpenDoas/commit/ # pam: always print pam_conv messages to stderr: # https://github.com/Duncaen/OpenDoas/issues/95 PATCHFILES+= b96106b7e34ac591ae78b1684e9be3a265122463.patch:-p1 # Added freebsd support for timestamp (persist): # https://github.com/Duncaen/OpenDoas/pull/127 PATCHFILES+= 97218322213274eb24ab633e09478075b2282ab3.patch:-p1
Check for example: net/freerdp/Makefile
Created attachment 251322 [details] Patch adding opendoas port [5] Thank Vlad ! This now references upstream with commit patches instead. I didn't know this was possible, but this is much more ideal now !
(In reply to Cathal O'Grady from comment #14) 1) DISTVERSIONPREFIX= v DISTVERSION= 6.8.2 2) WWW - incorrect upstream 3) PATCH_SITES and PATCHFILES must be before MAINTAINER. 4) You don't need "GH_TAGNAME= v6.8.2". 5) You can use portclippy from ports-mgmt/portfmt and portlint from ports-mgmt/portlint for check port. 6) You can use USES=tar:xz for reduce download size, but for this port it's 31.7KB-27.7KB=4KB only. :-)
(In reply to Vladimir Druzenko from comment #15) Don't need "DISTVERSIONPREFIX= v".
(In reply to Vladimir Druzenko from comment #16) Hm… Need testing! :-D
(In reply to Vladimir Druzenko from comment #17) MASTER_SITES= https://github.com/Duncaen/OpenDoas/releases/download/v${DISTVERSION}/
Created attachment 251323 [details] Patch adding opendoas port [6
Created attachment 251324 [details] Patch adding opendoas port [6] I do need the version prefix other wise it try to fetch the wrong tar ball, but other than that all the changes should be as suggested.
(In reply to Cathal O'Grady from comment #20) Fix error during build in poudriere: security/opendoas/files/patch-GNUmakefile: --- GNUmakefile.orig 2022-01-26 16:01:11 UTC +++ GNUmakefile @@ -21,7 +21,7 @@ install: ${PROG} ${PAM_DOAS} ${MAN} mkdir -p -m 0755 ${DESTDIR}${MANDIR}/man1 mkdir -p -m 0755 ${DESTDIR}${MANDIR}/man5 cp -f ${PROG} ${DESTDIR}${BINDIR} - chown ${BINOWN}:${BINGRP} ${DESTDIR}${BINDIR}/${PROG} + #chown ${BINOWN}:${BINGRP} ${DESTDIR}${BINDIR}/${PROG} chmod ${BINMODE} ${DESTDIR}${BINDIR}/${PROG} [ -n "${PAM_DOAS}" ] && cp ${PAM_DOAS} ${DESTDIR}${PAMDIR}/doas || true [ -n "${PAM_DOAS}" ] && chmod 0644 ${DESTDIR}${PAMDIR}/doas || true Fix warning during build in poudriere: security/opendoas/Makefile: --- security/opendoas/Makefile.orig +++ security/opendoas/Makefile @@ -33,4 +33,7 @@ CONFIGURE_ARGS= --sysconfdir=${LOCALBASE}/etc \ MAKEFILE= GNUmakefile +post-install: + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/doas + .include <bsd.port.mk> Committing with my additions.
BTW, what is difference from https://github.com/slicer69/doas/ ? Port security/doas.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2820df617d130919c37d103de14a6cff58732fa8 commit 2820df617d130919c37d103de14a6cff58732fa8 Author: Cathal O'Grady <fierceinbattle@gmail.com> AuthorDate: 2024-06-09 18:29:29 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2024-06-09 18:29:29 +0000 security/opendoas: new port: portable version of OpenBSD's doas This is not an official port/project from OpenBSD! OpenBSD doas does not support persist option for non OpenBSD systems, OpenDoas originally made for Linux and MacOS does support this. This port includes a patch for the OpenDoas to supports persist on FreeBSD. This commit adds the OpenDoas as an alternative to sudo that supports persist. PR: 279598 Approved by: Cathal O'Grady <fierceinbattle@gmail.com> (maintainer) security/Makefile | 1 + security/opendoas/Makefile (new) | 39 +++++++++++++++++++++++++ security/opendoas/distinfo (new) | 7 +++++ security/opendoas/files/patch-GNUmakefile (new) | 11 +++++++ security/opendoas/pkg-descr (new) | 3 ++ security/opendoas/pkg-plist (new) | 3 ++ 6 files changed, 64 insertions(+)
(In reply to Vladimir Druzenko from comment #22) That project does not support persist for non openbsd.
(In reply to commit-hook from comment #23) EYYYYY coool
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=c25e682e5fb71f1537298b0970722cb445356cab commit c25e682e5fb71f1537298b0970722cb445356cab Author: Vladimir Druzenko <vvd@FreeBSD.org> AuthorDate: 2024-06-09 20:23:35 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2024-06-09 20:23:35 +0000 security/opendoas: remove unnecessary DISTNAME PR: 279598 Fixes: 2820df617d13 (new port: portable version of OpenBSD's doas) security/opendoas/Makefile | 1 - 1 file changed, 1 deletion(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=1acc62c56236fee8b9d5c10350a78f3c36489933 commit 1acc62c56236fee8b9d5c10350a78f3c36489933 Author: Vladimir Druzenko <vvd@FreeBSD.org> AuthorDate: 2024-06-09 21:55:42 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2024-06-09 21:55:42 +0000 security/{open,}doas: add CONFLICTS to each other They install files with the same names. PR: 279598 Reported by: fluffy (via email) Fixes: 2820df617d13 (new port: portable version of OpenBSD's doas) security/doas/Makefile | 2 ++ security/opendoas/Makefile | 2 ++ 2 files changed, 4 insertions(+)