Created attachment 259294 [details] shar archive of the ports directory Starting with version 0.2.5, sudo-rs supports FreeBSD. So we also thought it would be nice to provide the initial packaging of it. sudo-rs provides an alternative implementation to the sudo command that has a reduced feature set and uses memory safe implementations for most of the sudo logic, but still should be able to work with most existing sudo policy configurations. About this portsfile: - I have introduced a COEXIST option that will allow sudo-rs to be installed on the same machine as security/sudo (and install binaries as "sudo-rs", "visudo-rs", etc.). This is off by default, so by default it has a conflict with security/sudo (and if someone installs a ports that depends on sudo using "pkg", it will mean pkg will try to replace sudo-rs with sudo--that's maybe unfortunate for us, but shouldn't hurt users) - I have disabled tests if "make test" is run as root: some unit tests are not intended to run as root, and generally this is probably a bad idea anyway. - The maintain address is my email address at the foundation that owns this project.
the path /usr/local/etc/sudoers is hardcoded in src/sudo/mod.rs. This should respect LOCALBASE, see https://docs.freebsd.org/en/books/porters-handbook/book/#porting-prefix see irc/irssi-fish/Makefile (${REINPLACE_CMD} -e "s,/usr/local,${LOCALBASE},g") for a possible fix Thanks for porting sudo-rs on FreeBSD!
Thanks for catching that. We even put a FIXME for this in the source, so I'll correct this upstream and then add the fix as a patch here on Monday.
What about using flavors instead of coexist option? Then also pkg users can install sudo-rs and sudo together. Others looks goog to me. The LOCALBASE issue can be patched in post-patch action.
I did explore the FLAVORS mechanism, but I had the feeling that maybe it wasn't intended for a case such as this. But if that is seen as an acceptable solution I am willing to rework this port to use that instead. The upstream fix for the LOCALBASE will touch more lines of code than I expected, so for this version I'll go with a sed-based solution as suggested.
Created attachment 259365 [details] git format-patch of the port This port adds the post-patch to respect LOCALBASE; it does not yet use the FLAVORS mechanism.
(In reply to Koichiro Iwao from comment #3) How FLAVORS can fix this issue?
(In reply to Mikael Urankar from comment #6) I don't get exactly what you're wondering. Binary packages for non-default options such as coexist are not provided but packages for all flavors will be built. pkg users can choose either sudo-rs or sudo-rs-coexists. They can `pkg install sudo-rs-coexist`, the coexist flavor, if they want to install sudo and sudo-rs together.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2030729b0ff7207ccd185bce1d1e2400d20fb4fe commit 2030729b0ff7207ccd185bce1d1e2400d20fb4fe Author: Marc Schoolderman <marc@trifectatech.org> AuthorDate: 2025-04-04 15:21:59 +0000 Commit: Koichiro Iwao <meta@FreeBSD.org> CommitDate: 2025-04-08 00:20:48 +0000 security/sudo-rs: add new port, rust re-implementation of sudo Reviewed by: meta, mikael PR: 285861 WWW: https://github.com/trifectatechfoundation/sudo-rs/ security/sudo-rs/Makefile (new) | 78 +++++++++++++++++++++++++++++++++++ security/sudo-rs/distinfo (new) | 15 +++++++ security/sudo-rs/files/pam.conf (new) | 16 +++++++ security/sudo-rs/files/sudoers (new) | 73 ++++++++++++++++++++++++++++++++ security/sudo-rs/pkg-descr (new) | 6 +++ security/sudo-rs/pkg-plist (new) | 10 +++++ 6 files changed, 198 insertions(+)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=7b7dcc2c05997bec34cdf5078f40049ece16a396 commit 7b7dcc2c05997bec34cdf5078f40049ece16a396 Author: Koichiro Iwao <meta@FreeBSD.org> AuthorDate: 2025-04-08 00:19:51 +0000 Commit: Koichiro Iwao <meta@FreeBSD.org> CommitDate: 2025-04-08 00:20:48 +0000 security/sudo-rs: hook build PR: 285861 security/Makefile | 1 + 1 file changed, 1 insertion(+)
Anyway, the current patch looks good. Committed.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=5123478635354a03f69b53d96e45a6e1199cbcd9 commit 5123478635354a03f69b53d96e45a6e1199cbcd9 Author: Koichiro Iwao <meta@FreeBSD.org> AuthorDate: 2025-04-08 01:17:00 +0000 Commit: Koichiro Iwao <meta@FreeBSD.org> CommitDate: 2025-04-08 01:19:47 +0000 security/sudo-rs: Fix description in coexist option This one is actually suffix, not prefix. PR: 285861 Reported by: George L. Yermulnik (via email privately) security/sudo-rs/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Created attachment 259389 [details] update of ports file using FLAVORS Thanks for the smooth process and the insightful comments. This is an update of the port using a "coexist flavor" instead if a "COEXIST option" as described by Koichiro Iwao. This would allow distributing two binary packages, if this has your preference. It obviously has the benefit that to get 'coexistence', one doesn't need to install sudo-rs from the ports tree (which currently also requires installing the Rust compiler from the ports tree, which is rather time-consuming process). Since I assume the 'coexist' packaging will only be used for people wanting to try out sudo-rs, I've updated the pkg-descr accordingly for that flavor.
We didn't resolve the "flavor-vs-option" question, but I am marking this as closed-and-FIXED since sudo-rs was integrated into the ports tree, and a new version is out.