NetBSD Problem Report #54483
From www@netbsd.org Mon Aug 19 12:48:04 2019
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 6BFF67A18F
for <gnats-bugs@gnats.NetBSD.org>; Mon, 19 Aug 2019 12:48:04 +0000 (UTC)
Message-Id: <20190819124803.0FFD57A1DD@mollari.NetBSD.org>
Date: Mon, 19 Aug 2019 12:48:03 +0000 (UTC)
From: sxvghd@firemail.cc
Reply-To: sxvghd@firemail.cc
To: gnats-bugs@NetBSD.org
Subject: New package: doas-6.1
X-Send-Pr-Version: www-1.0
>Number: 54483
>Category: pkg
>Synopsis: New package: doas-6.1
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: ng0
>State: closed
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Mon Aug 19 12:50:00 +0000 2019
>Closed-Date: Fri Aug 23 23:08:17 +0000 2019
>Last-Modified: Fri Aug 23 23:10:00 +0000 2019
>Originator: sxvghd
>Release: 8.99.1
>Organization:
>Environment:
>Description:
The doas utility is a program originally written
for OpenBSD which allows a user to run a
command as though they were another user.
Typically doas is used to allow non-privleged
users to run commands as though they were
the root user. The doas program acts as an
alternative to sudo, which is a popular method
in the Linux ccommunity for granting admin
access to specific users.
The doas program offers two benefits over sudo:
its configuration file has a simple syntax and it is
smaller, requiring less effort to audit the code.
>How-To-Repeat:
>Fix:
begin 644 doas.tar.gz
M'XL(`!.S65T``^U7VV[;.!#M:_@51-=`;[$LZFH5,%#745)O?0DL%;O[9%`D
M91&Q):\NN33(O^]0MM.T39I],++;71TXD$B.9@YGAB=25>2=]=FBR%FG$*S*
M97G5X1DMGNT1NF[IKFW#M<:WU_J>F+;AF":QB+(CEFU8S^Q]DG@(55'2'.-G
M>9:5/[*[2(18/@6AIT7U0/T[8WHF8KD4>XBA$UUW+.NA^A/+,;?U-RR3$%5_
MQ[#@NH?8C^)_7O]?<&LBRO?!40NADV'XX=/[^>EL^JL_"'L'J@_0T3`()_VQ
MWSMP-()./YYL!JWKKZUOVJWKG>D-&O1#_V0Z&_I![V#75FC<#T)_-@^&H9IN
M7=\9SS?.WO:*I60B=[S.31UX'GQZ?S2<W1,.@;OA)(0_'Y8W'=RN"I$7[S;[
MT;)\@3Y,Q_YI_P3X)F6Y+MYV.@M9)E6DL6S5N8U5]SL:3,=C?P+;]B^!<2DP
MV*QHR@M,X9=F92)RK"*@T7#@3P)P:K39DL)4.RHX0K_-/@:S@>(*=\#ZIG;<
M5FE#T\GHC_GQ=#8_'?5#N([?]`XV/-NOVZ_O73[.A?C1^DBFU66]BB!+D*O!
MJ!\$?O"FAP]B>=E>TS(IMDM!"$G0;F<A8;EHRQ1:?[G<FHS](/C&Z%A>RG2!
MZY&V-3L>COS@KM%.)W:1_*.[JVV!7Q2'K=;+TYE_//S]50<R6@\_GHS[$TC2
MJ\/%B[_WJ+H]\H-0/71G%AY'PPEL<`2I&4XG<UB']HIDBEO7MV%N5&#RW8R-
MT*?`GX?3Z0CR=K!8P680TF3*EA47^+FF=>"W.NM`@35H,FUU]AS]TT=VKWA0
M_R'5@]E^8CRF_X;NUOIOF#IQ+4/IOVW:;J/_3X`P$5C5&U>E7$+QL02QP^L\
M6^1TA;-<+F0*(G&%+Z`U2I'B.,OQ="U2D"9\D4B68%C.+@I$:W'$98;S*@4?
M6_E4ZEDF6;5(X"+`C\C%5W*JX?!J+5D=I/Z/`PQ@GBM/M6N<9FE[G<OSI5C`
M="WRNS!W-?K;*`CNL"KK+LQNJ[O=459NQ1T"E2)/:2G/A7)=5#P[W&Y/JJVM
MLW6UA#Y9"8C",8B+<EY+,&:*1)6JY*GD@.NT5+I)^0KL*&.B4'Q1L19,QI)M
M=J"A[_AD<5QO[2+#D4A!58%>=@YI4G3>8C5D61K+194#TPQJ`;J+$ZH(%G*U
MAD%QE9;T$JN\RU+5LEA!#D5^B'/Q9R5SQ6NI^(@8N)9UCBL.IFH[+.-"T8+'
ME!`6RD5"<PX,U,8BJ-EF4T4=0)EO*J&L\4K"25)/E0DMT3J#9BEE7=4,V@7O
MU`4GV5*YWF2PN"I*L=+^6YKZ,^%!_3\=P?O7?F(\HO]J>:?_AJ4[&_UW&_U_
M"KQ3X@4G]<MG`+PYU1V`0%CKMZ9Z!"^QV[&]&2LETNSFX/[D>/#\<Y!SF<;9
M'F(\=OYM@]R^_UEF??X=T[2:\_\$^/+U'WSH$_RRKCU\LFJ0%6WQ^17N8>Z9
MCLD)T0WJ&7&7.H;K.%U+>%WFFDYL>=SD1A1S-!L?$4>_UX=C<-NPN\(43B1$
M9-(X$B0BGN#4L0R3Z`[EC#M<L;")<:\/8GJNZ[@6<00CAD%<G>E4=[ENN*;E
MFD(GGD=<9MBV;5E.U[&IS:EE$Z<;\RZ!]F*$@R&C-N.V:<5`P;68+2*#1%YL
M=XG;M5S#T7F7FR[S2!S3V(I,6PC/,Y@!W.1G<3\SSW-L'%V5HF@$L4&#!@T:
:-&C0H$&#!@T:-&C0H,&_"7\!S%[##0`H````
`
end
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback
State-Changed-By: leot@NetBSD.org
State-Changed-When: Mon, 19 Aug 2019 14:43:03 +0000
State-Changed-Why:
Feedback and changes requested.
From: Leonardo Taccari <leot@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: pkg/54483: New package: doas-6.1
Date: Mon, 19 Aug 2019 16:41:57 +0200
Hello sxvghd,
sxvghd@firemail.cc writes:
> [...]
> >Description:
> The doas utility is a program originally written
> for OpenBSD which allows a user to run a
> command as though they were another user.
> Typically doas is used to allow non-privleged
> users to run commands as though they were
> the root user. The doas program acts as an
> alternative to sudo, which is a popular method
> in the Linux ccommunity for granting admin
> access to specific users.
>
> The doas program offers two benefits over sudo:
> its configuration file has a simple syntax and it is
> smaller, requiring less effort to audit the code.
> >How-To-Repeat:
>
> >Fix:
> begin 644 doas.tar.gz
> [...]
Thanks for the PR!
I suggest to import this package in pkgsrc-wip to ease possible further
testing and reviews, some suggestions directly in this email.
In security/doas/Makefile I think that you can just set:
DISTNAME= doas-6.1
and then remove GITHUB_PROJECT, PKGNAME, DIST_SUBDIR and WRKSRC
redefinition (this will also need a `make makesum' to update
distinfo).
For SUBST_STAGE.fix-paths please change it to `pre-configure', that's
more consistent with other packages and ease debugging the SUBST
earlier in the build process.
The SUBST_SEDs are a bit problematic:
SUBST_SED.fix-paths= -e 's,$$(PREFIX)/man,$$(PKGMANDIR),g'
...shouldn't this be: $((PREFIX))/${PKGMANDIR} instead?
SUBST_SED.fix-paths= -e 's,$$(PREFIX),$$(DESTDIR)$$(PREFIX),g'
..this should have a `+=' (not just a `=') (because it's the 2nd sed
command). Also, adding DESTDIR support is probably worth to share with
a patch upstream too (if you haven't already).
Please also substitute hardcoded $(PREFIX)/etc with ${PKG_SYSCONFDIR}.
The doas binary probably needs to be marked via SPECIAL_PERMS as
${SETUID_ROOT_PERMS} (for a possible example please give a look to
security/sudo).
`yacc' seems used, please add it to USE_TOOLS too.
Usually USE_TOOLS is added as the 4th paragraph just after WRKSRC
definition.
`pam' seems used unconditionally, doesn't that need to include
"../../mk/pam.buildlink3.mk"? If pam support is optional it's probably
worth to add a `pam' option to permit users to enable/disable it.
Thanks!
From: N <ng0@n0.is>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: pkg/54483: New package: doas-6.1
Date: Tue, 20 Aug 2019 16:24:17 +0000
Hi,
after leot@ pointed me to this PR I wanted to point out that
a draft version is now in wip/doas, I did not read this PR
before pushing it.
If you have access to pkgsrc-wip or want to send patches
against it, this solves step 0 already (import into wip).
From: sxvghd@firemail.cc
To: gnats-bugs@netbsd.org
Cc: pkg-manager@netbsd.org, gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org
Subject: Re: pkg/54483: New package: doas-6.1
Date: Tue, 20 Aug 2019 19:07:41 +0200
Thanks for feedback Leonardo, I hope I addressed everything :)
begin 644 doas.tar.gz
M'XL(`.+F6UT``^U8VV[;.!#-:_051#=`;[$D2J)D%3!0UU928WT)+`78/AF4
M2%E$;,FK2Q*WZ+_O4+;:M$V:?3"RVUT=.)!(#F>&,\-#,561:YNK99%'6L&C
M*A?E5F,9+8X."%VW=(<0>-;X_EF_8Y,8MF.;AF-`/[:(:1^10SKQ$*JBI#E"
M1WF6E3^3NTDX7SV%0T^+ZH'\:Q-ZQ6.QX@>PH6-=MRWKH?QCR'R3?\/!LDZP
M;1#G2#^`[4?Q/\__;^ADRLMW_O!$488C/YCV)U[O6%9`QU:Q,N@'WOEL/O+\
MWG%3'\JD[P?>?.&/`ME]\NE.>W$^"MY?OGO3*U8BXKGM:I\5D!]-`_CSYKWC
M7:UUJH+GQ=N=937+E\K[V<2[Z)^#[:0L-\4;35N*,JE"-<K6VA=E=64J@]ED
MXDV#WK%W"RZ5'(',FJ:L0!1^:58F/$?2@C(>#;RI#TJ-3K2BT-4)"Z8HL^GX
MP^)L-E]<C/L!/">O>\<[7SJO.J_N'3[+.?_9^%BDU6T]JESZWB*8S<8^="_7
ML(W0ED:1HOB7[_Q@,1CW?=^#,70<B]O.AI9)L1_R`PB`^J47@I7S3I2EL5A6
M.=\+33S?_T[L3-R*=(GJEKH7.QN-/?^N4+.?&UO>\.YHAZ/GQ>G)R:>+N7<V
M^N.SQLOH%%J_GR_\#_Y@-CT;CN:?3Y?/[YO^^NO\%[OY+^7KT/,#F/7R3N\C
M\S7(HG:JU78G_:DTJ<DYBG_A#4;]\>+"FT]D6$.1UK6`3C[Y7G`Y&B[FLUFP
M&X:"&TTAE&-(SF@V78`6OYZ!OM$+IO`//4115)%&JXIQ]$Q5-?BMK[0-7:MA
M)59L)=(K4UU?/;M/"BI+A>JNA__I7?WW\2#_0_8&\\/8>(S_#=VI^=\P=>Q8
M]?E/S);_GP1!PE&]DZI2K"#Y2`"%HDV>+7.Z1EDNEB*EJ]46W4!IE#Q%<9:C
MV8:G0(;H)A%1@F`XNRD46E,N*C.45RGHV).RY.0RR:IE`@\.>GC.OR%I%07;
MC8AJ(](3!3R`?B8UU:I1FJ6=32ZN5WP)W?71T9BYR_S?6U'@#<FT-F::I3:K
MHU&Y/S+`4,GSE);BFDO51<6RT_WRA%S:)MM4*ZB3-0<K#`&92.4UZ:-(.E&E
M,G@R.*`Z+24?4[8&.:!^7DA_E6+#(Q&+:+<"5?G!GRR.ZZ7=9"CD*;`UN)==
M0YBD.V^0;#:G`7B:02Z`SU%"I8.%6&^@46S3DMXB&7=1REP6:X@AST]1SO^L
M1"[]6DE_>`R^EG6,*P:B<CE1QKAT"Z;)8ZN0*A*:,_!`+BR$G.T65=0&I/@N
M$_4AMQ:PD^2L,J&ELLF@6$I19S6#<D$-NZ`D6TG5NP@6VZ+D:_47(LS_&![D
M_XLQ?`T>QL8C_"^'&_XW+-W>\;_3\O]3X*TD+]BI7Z\!S;>5(C_&Y%=2W8*[
MP+Y-=FW)1"II-^XOC@?W/P,Z%VF<'<#&8_N?&+BY_V.R^_^/;1*SW?]/@*^W
M?_]]'Z,7S<U?A:BHRX\O40\QU[1-AK%N4->(N]0V'-ON6MSM1HYIQY;+3&:$
M,5/FDR&V]7MUV`8C!NERD]LAYZ%)XY#C$+N<4=LR3*S;E$7,9M(+@HU[=6#3
M=1S;L;#-(VP8V-$CG>H.TPW'M!R3Z]AUL1,9A!#+LKLVH811BV"[&[,NAN,E
MP@P$(THB1DPK!A<<*R(\-'#HQJ2+G:[E&+;.NLQT(A?',8VMT"2<NZX1&>";
M^,CO]\QU;8+";<F+EA!;M&C1HD6+%BU:M&C1HD6+%BU:_)OP%U9\#C,`*```
`
end
State-Changed-From-To: feedback->open
State-Changed-By: leot@NetBSD.org
State-Changed-When: Tue, 20 Aug 2019 18:42:46 +0000
State-Changed-Why:
Feedback and changes applied, thanks!
(would be nice if they could be merged in wip/doas!)
Responsible-Changed-From-To: pkg-manager->ng0
Responsible-Changed-By: leot@NetBSD.org
Responsible-Changed-When: Tue, 20 Aug 2019 19:29:24 +0000
Responsible-Changed-Why:
ng0, can you please merge them with wip/doas?
From: N <ng0@n0.is>
To: gnats-bugs@netbsd.org
Cc: ng0@netbsd.org, pkg-manager@netbsd.org, pkgsrc-bugs@netbsd.org,
gnats-admin@netbsd.org, leot@NetBSD.org, sxvghd@firemail.cc
Subject: Re: pkg/54483 (New package: doas-6.1)
Date: Wed, 21 Aug 2019 07:20:02 +0000
leot@NetBSD.org transcribed 251 bytes:
> Synopsis: New package: doas-6.1
>
> Responsible-Changed-From-To: pkg-manager->ng0
> Responsible-Changed-By: leot@NetBSD.org
> Responsible-Changed-When: Tue, 20 Aug 2019 19:29:24 +0000
> Responsible-Changed-Why:
> ng0, can you please merge them with wip/doas?
>
>
Okay, as soon as I get to it.
From: N <ng0@n0.is>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: pkg/54483 (New package: doas-6.1)
Date: Wed, 21 Aug 2019 16:40:54 +0000
Hi,
I've applied all the changes in the new version you've sent + some minor
adjustments. pkglint -Wall is now at "looks good".
Should we include an example config file (I would prefer it in an upstreamable
format, generic), or do we leave it up to the people who install doas to
get started? man doas.conf explains what you need + the error message
when you run it without config file is clear about the location iirc.
From: sxvghd@firemail.cc
To: gnats-bugs@netbsd.org
Cc: ng0@netbsd.org, gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org
Subject: Re: pkg/54483 (New package: doas-6.1)
Date: Wed, 21 Aug 2019 19:24:44 +0200
> Should we include an example config file (I would prefer it in an
upstreamable
> format, generic), or do we leave it up to the people who install doas
> to
> get started?
The syntax is really easy, the manpage is there and doas complains if it
doesn't
have a config file, so imo it should be just fine without the example
config.
From: N <ng0@n0.is>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/54483 (New package: doas-6.1)
Date: Thu, 22 Aug 2019 07:29:43 +0000
Okay.
leot, should we keep this in wip for a while or is it
okay to import as security/doas?
From: coypu@sdf.org
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/54483: New package: doas-6.1
Date: Thu, 22 Aug 2019 19:22:28 +0000
Please import it if it works for you.
(There's serious downsides to keeping a package in wip, like distfiles
not being mirrored, it not being built by default for binary package
users, etc.)
From: N <ng0@n0.is>
To: gnats-bugs@netbsd.org
Cc: ng0@netbsd.org
Subject: Re: pkg/54483: New package: doas-6.1
Date: Thu, 22 Aug 2019 19:48:29 +0000
coypu@sdf.org transcribed 408 bytes:
> The following reply was made to PR pkg/54483; it has been noted by GNATS.
>
> From: coypu@sdf.org
> To: gnats-bugs@netbsd.org
> Cc:
> Subject: Re: pkg/54483: New package: doas-6.1
> Date: Thu, 22 Aug 2019 19:22:28 +0000
>
> Please import it if it works for you.
> (There's serious downsides to keeping a package in wip, like distfiles
> not being mirrored, it not being built by default for binary package
> users, etc.)
Okay, thanks. I will coordinate this with my mentors/sponsors.
State-Changed-From-To: open->closed
State-Changed-By: ng0@NetBSD.org
State-Changed-When: Fri, 23 Aug 2019 23:08:17 +0000
State-Changed-Why:
The PR reported by sxvghd@firemail.cc has been merged as security/doas.
From: N <ng0@n0.is>
To: gnats-bugs@netbsd.org
Cc: ng0@netbsd.org
Subject: Re: pkg/54483: New package: doas-6.1
Date: Fri, 23 Aug 2019 23:04:50 +0000
I forgot to mention sxvghd@firemail.cc in the commit message, and did forget
to mention the PR. I'm sorry for that. security/doas is now in pkgsrc. I'll
adjust the PR to closed after this message.
N transcribed 533 bytes:
> coypu@sdf.org transcribed 408 bytes:
> > The following reply was made to PR pkg/54483; it has been noted by GNATS.
> >
> > From: coypu@sdf.org
> > To: gnats-bugs@netbsd.org
> > Cc:
> > Subject: Re: pkg/54483: New package: doas-6.1
> > Date: Thu, 22 Aug 2019 19:22:28 +0000
> >
> > Please import it if it works for you.
> > (There's serious downsides to keeping a package in wip, like distfiles
> > not being mirrored, it not being built by default for binary package
> > users, etc.)
>
> Okay, thanks. I will coordinate this with my mentors/sponsors.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home