Update Debian/Ubuntu packages to be more like the vendor ones. One

notable exception is that sudo.ws packages use /var/run, not /var/lib
for timestamp files.

diff --git a/mkpkg b/mkpkg
index b0aa82b1f6732126e5d5e3715c9ad55ae64c1703..6fc2916dcf45b2766ca092f584df225bdaaa5190 100755 (executable)
--- a/mkpkg
+++ b/mkpkg
@@ -194,8 +194,10 @@ case "$osversion" in
        if test "$flavor" = "ldap"; then
            configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap
                --with-ldap-conf-file=/etc/sudo-ldap.conf"
+       else
+           configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd
+               --with-sssd-lib=/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)"
        fi
-       configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux"
        configure_opts="--prefix=/usr
                --with-all-insults
                --with-pam
@@ -212,7 +214,8 @@ case "$osversion" in
                --with-sendmail=/usr/sbin/sendmail
                --mandir=/usr/share/man
                --libexecdir=/usr/lib
-               --with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
+               --with-selinux
+               --with-linux-audit
                $configure_opts"
        ;;
     macos*)

diff --git a/plugins/sudoers/sudoers.in b/plugins/sudoers/sudoers.in
index b0c38bf51352e14a5528a8012fa356ce6199df2c..6216dfd6c1a0df1d763de5276597b5382ad09d73 100644 (file)
--- a/plugins/sudoers/sudoers.in
+++ b/plugins/sudoers/sudoers.in
@@ -56,6 +56,12 @@
 ## this may allow users to subvert the command being run via sudo.
 # Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
 ##
+## Uncomment to use a hard-coded PATH instead of the user's to find commands
+# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+##
+## Uncomment to send mail if the user does not enter the correct password.
+# Defaults mail_badpass
+##
 ## Uncomment to enable logging of a command's output, except for
 ## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
 # Defaults log_output

diff --git a/sudo.pp b/sudo.pp
index 111f0d4aa1a88ff7a6862ae855ec25e29cf4abb2..3cd57f8062a7887e3e3b7bd9540b9ab440c132de 100644 (file)
--- a/sudo.pp
+++ b/sudo.pp
@@ -195,6 +195,8 @@ still allow people to get their work done."
        /Locale settings/+1,s/^# //
        /X11 resource/+1,s/^# //
        /^# \%sudo/,s/^# //
+       /^# Defaults secure_path/,s/^# //
+       /^# Defaults mail_badpass/,s/^# //
        w
        q
        EOF
@@ -244,7 +246,7 @@ still allow people to get their work done."
        fi
 
 %depend [deb]
-       libc6, libpam0g, libpam-modules, zlib1g, libselinux1
+       libc6, libpam0g, libpam-modules, zlib1g, libselinux1, libaudit1
 
 %fixup [deb]
        # Add Conflicts, Replaces headers and add libldap depedency as needed.