Add initial meta-stx to support StarlingX build
meta-stx is a yocto compatible layer that includes
required recipes to build image for StarlingX on top
of yocto 2.7.3 (warrior).
And the following components are included:
- Fault management
- Configuration management
- Software management
- Host management
- Service management
- Ansible and puppet for provisioning
Issue-ID: INF-8
Issue-ID: INF-9
Issue-ID: INF-10
Issue-ID: INF-11
Issue-ID: INF-12
Issue-ID: INF-13
Issue-ID: INF-19
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Change-Id: I4e85c8232df3bf390aa247c75061a54b914bd28a
diff --git a/meta-stx/recipes-extended/sudo/files/sudo-1.6.7p5-strip.patch b/meta-stx/recipes-extended/sudo/files/sudo-1.6.7p5-strip.patch
new file mode 100644
index 0000000..879a4c1
--- /dev/null
+++ b/meta-stx/recipes-extended/sudo/files/sudo-1.6.7p5-strip.patch
@@ -0,0 +1,25 @@
+From e8e74bddb6fb4030b574a76e43e7d0618c0432c9 Mon Sep 17 00:00:00 2001
+From: Tomas Sykora <tosykora@redhat.com>
+Date: Fri, 19 Aug 2016 13:49:25 +0200
+Subject: [PATCH] We do not strip
+
+rebased from:
+Patch1: sudo-1.6.7p5-strip.patch
+
+---
+ install-sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/install-sh b/install-sh
+index 6944fba..49d383a 100755
+--- a/install-sh
++++ b/install-sh
+@@ -147,7 +147,7 @@ while ${MORETODO} ; do
+ fi
+ ;;
+ X-s)
+- STRIPIT=true
++ #STRIPIT=true
+ ;;
+ X--)
+ shift
diff --git a/meta-stx/recipes-extended/sudo/files/sudo-1.7.2p1-envdebug.patch b/meta-stx/recipes-extended/sudo/files/sudo-1.7.2p1-envdebug.patch
new file mode 100644
index 0000000..626abec
--- /dev/null
+++ b/meta-stx/recipes-extended/sudo/files/sudo-1.7.2p1-envdebug.patch
@@ -0,0 +1,25 @@
+From 33cc84bc035773105a62b5b0a07e78d55cb6bf6e Mon Sep 17 00:00:00 2001
+From: Tomas Sykora <tosykora@redhat.com>
+Date: Fri, 19 Aug 2016 14:07:35 +0200
+Subject: [PATCH] Added "Enviroment debugging" message
+
+rebased from:
+Patch2: sudo-1.7.2p1-envdebug.patch
+
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 962a032..ade78f6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1408,7 +1408,7 @@ AC_ARG_ENABLE(env_debug,
+ [AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])],
+ [ case "$enableval" in
+ yes) AC_MSG_RESULT(yes)
+- AC_DEFINE(ENV_DEBUG)
++ AC_DEFINE(ENV_DEBUG, [], [Environment debugging.])
+ ;;
+ no) AC_MSG_RESULT(no)
+ ;;
diff --git a/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch b/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch
new file mode 100644
index 0000000..268a0ab
--- /dev/null
+++ b/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch
@@ -0,0 +1,86 @@
+From 1a9754ec64f703542a5faf9ae9c5058b50047b26 Mon Sep 17 00:00:00 2001
+From: "Sar Ashki, Babak" <Babak.SarAshki@windriver.com>
+Date: Wed, 11 Dec 2019 19:43:19 -0800
+ sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch
+
+---
+ plugins/sudoers/regress/sudoers/test2.json.ok | 6 +++---
+ plugins/sudoers/regress/sudoers/test2.toke.ok | 6 +++---
+ plugins/sudoers/toke.c | 2 +-
+ plugins/sudoers/toke.l | 2 +-
+ 4 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/plugins/sudoers/regress/sudoers/test2.json.ok b/plugins/sudoers/regress/sudoers/test2.json.ok
+index 8e6656e..769c3fd 100644
+--- a/plugins/sudoers/regress/sudoers/test2.json.ok
++++ b/plugins/sudoers/regress/sudoers/test2.json.ok
+@@ -34,7 +34,7 @@
+ },
+ {
+ "Binding": [
+- { "username": "%them" }
++ { "usergroup": "them" }
+ ],
+ "Options": [
+ { "set_home": true }
+@@ -42,7 +42,7 @@
+ },
+ {
+ "Binding": [
+- { "username": "%: non UNIX 0 c" }
++ { "nonunixgroup": " non UNIX 0 c" }
+ ],
+ "Options": [
+ { "set_home": true }
+@@ -50,7 +50,7 @@
+ },
+ {
+ "Binding": [
+- { "username": "+net" }
++ { "netgroup": "net" }
+ ],
+ "Options": [
+ { "set_home": true }
+diff --git a/plugins/sudoers/regress/sudoers/test2.toke.ok b/plugins/sudoers/regress/sudoers/test2.toke.ok
+index fcd7b73..63e1648 100644
+--- a/plugins/sudoers/regress/sudoers/test2.toke.ok
++++ b/plugins/sudoers/regress/sudoers/test2.toke.ok
+@@ -29,9 +29,9 @@ DEFAULTS_HOST BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
+ #
+ DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
+ DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
+-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
+-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
+-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
++DEFAULTS_USER BEGINSTR STRBODY ENDSTR USERGROUP DEFVAR
++DEFAULTS_USER BEGINSTR STRBODY ENDSTR USERGROUP DEFVAR
++DEFAULTS_USER BEGINSTR STRBODY ENDSTR NETGROUP DEFVAR
+
+ #
+ DEFAULTS_RUNAS BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
+diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c
+index d0dd5e3..784218b 100644
+--- a/plugins/sudoers/toke.c
++++ b/plugins/sudoers/toke.c
+@@ -2512,7 +2512,7 @@ YY_RULE_SETUP
+ LEXTRACE("ERROR "); /* empty string */
+ LEXRETURN(ERROR);
+ }
+- if (prev_state == INITIAL) {
++ if (prev_state == INITIAL || prev_state == GOTDEFS) {
+ switch (sudoerslval.string[0]) {
+ case '%':
+ if (sudoerslval.string[1] == '\0' ||
+diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l
+index d275a26..638d9ea 100644
+--- a/plugins/sudoers/toke.l
++++ b/plugins/sudoers/toke.l
+@@ -178,7 +178,7 @@ DEFVAR [a-z_]+
+ LEXTRACE("ERROR "); /* empty string */
+ LEXRETURN(ERROR);
+ }
+- if (prev_state == INITIAL) {
++ if (prev_state == INITIAL || prev_state == GOTDEFS) {
+ switch (sudoerslval.string[0]) {
+ case '%':
+ if (sudoerslval.string[1] == '\0' ||
diff --git a/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-ldapsearchuidfix.patch b/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-ldapsearchuidfix.patch
new file mode 100644
index 0000000..b5107aa
--- /dev/null
+++ b/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-ldapsearchuidfix.patch
@@ -0,0 +1,36 @@
+From bff4cd71cc41bf3104b35da24e73742571845ebd Mon Sep 17 00:00:00 2001
+From: "Sar Ashki, Babak" <Babak.SarAshki@windriver.com>
+Date: Wed, 11 Dec 2019 19:43:19 -0800
+
+---
+ plugins/sudoers/ldap.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
+index bc2baec..ad8a890 100644
+--- a/plugins/sudoers/ldap.c
++++ b/plugins/sudoers/ldap.c
+@@ -920,8 +920,8 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw)
+ if (ldap_conf.search_filter)
+ sz += strlen(ldap_conf.search_filter);
+
+- /* Then add (|(sudoUser=USERNAME)(sudoUser=ALL)) + NUL */
+- sz += 29 + sudo_ldap_value_len(pw->pw_name);
++ /* Then add (|(sudoUser=USERNAME)(sudoUser=#uid)(sudoUser=ALL)) + NUL */
++ sz += 29 + (12 + MAX_UID_T_LEN) + sudo_ldap_value_len(pw->pw_name);
+
+ /* Add space for primary and supplementary groups and gids */
+ if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) {
+@@ -982,6 +982,12 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw)
+ CHECK_LDAP_VCAT(buf, pw->pw_name, sz);
+ CHECK_STRLCAT(buf, ")", sz);
+
++ /* Append user uid */
++ (void) snprintf(gidbuf, sizeof(gidbuf), "%u", (unsigned int)pw->pw_uid);
++ (void) strlcat(buf, "(sudoUser=#", sz);
++ (void) strlcat(buf, gidbuf, sz);
++ (void) strlcat(buf, ")", sz);
++
+ /* Append primary group and gid */
+ if (grp != NULL) {
+ CHECK_STRLCAT(buf, "(sudoUser=%", sz);
diff --git a/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-legacy-group-processing.patch b/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-legacy-group-processing.patch
new file mode 100644
index 0000000..e24477b
--- /dev/null
+++ b/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-legacy-group-processing.patch
@@ -0,0 +1,108 @@
+From ce16b664df514c4d8b0e6b8733ae1dce3561a2a4 Mon Sep 17 00:00:00 2001
+From: "Sar Ashki, Babak" <Babak.SarAshki@windriver.com>
+Date: Wed, 11 Dec 2019 19:43:19 -0800
+
+---
+ plugins/sudoers/cvtsudoers.c | 9 +++++++++
+ plugins/sudoers/def_data.c | 4 ++++
+ plugins/sudoers/def_data.h | 2 ++
+ plugins/sudoers/def_data.in | 3 +++
+ plugins/sudoers/defaults.c | 3 +++
+ plugins/sudoers/sudoers.c | 4 ++++
+ 6 files changed, 25 insertions(+)
+
+diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c
+index 0221314..9d21d2f 100644
+--- a/plugins/sudoers/cvtsudoers.c
++++ b/plugins/sudoers/cvtsudoers.c
+@@ -346,6 +346,15 @@ main(int argc, char *argv[])
+ sudo_fatalx("error: unhandled input %d", input_format);
+ }
+
++ /*
++ * cvtsudoers group filtering doesn't work if def_match_group_by_gid
++ * is set to true by default (at compile-time). It cannot be set to false
++ * because cvtsudoers doesn't apply the parsed Defaults.
++ *
++ * Related: sudo-1.8.23-legacy-group-processing.patch
++ */
++ def_match_group_by_gid = def_legacy_group_processing = false;
++
+ /* Apply filters. */
+ filter_userspecs(&parsed_policy, conf);
+ filter_defaults(&parsed_policy, conf);
+diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
+index 07e3433..5fa45bb 100644
+--- a/plugins/sudoers/def_data.c
++++ b/plugins/sudoers/def_data.c
+@@ -494,6 +494,10 @@ struct sudo_defs_types sudo_defs_table[] = {
+ N_("Ignore case when matching group names"),
+ NULL,
+ }, {
++ "legacy_group_processing", T_FLAG,
++ N_("Don't pre-resolve all group names"),
++ NULL,
++ }, {
+ NULL, 0, NULL
+ }
+ };
+diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
+index 65f10c3..940fa8f 100644
+--- a/plugins/sudoers/def_data.h
++++ b/plugins/sudoers/def_data.h
+@@ -226,6 +226,8 @@
+ #define def_case_insensitive_user (sudo_defs_table[I_CASE_INSENSITIVE_USER].sd_un.flag)
+ #define I_CASE_INSENSITIVE_GROUP 113
+ #define def_case_insensitive_group (sudo_defs_table[I_CASE_INSENSITIVE_GROUP].sd_un.flag)
++#define I_LEGACY_GROUP_PROCESSING 114
++#define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag)
+
+ enum def_tuple {
+ never,
+diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
+index 99d4360..571bc96 100644
+--- a/plugins/sudoers/def_data.in
++++ b/plugins/sudoers/def_data.in
+@@ -357,3 +357,6 @@ case_insensitive_user
+ case_insensitive_group
+ T_FLAG
+ "Ignore case when matching group names"
++legacy_group_processing
++ T_FLAG
++ "Don't pre-resolve all group names"
+diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c
+index 4c8c262..970755e 100644
+--- a/plugins/sudoers/defaults.c
++++ b/plugins/sudoers/defaults.c
+@@ -91,6 +91,7 @@ static struct early_default early_defaults[] = {
+ { I_FQDN },
+ #endif
+ { I_MATCH_GROUP_BY_GID },
++ { I_LEGACY_GROUP_PROCESSING },
+ { I_GROUP_PLUGIN },
+ { I_RUNAS_DEFAULT },
+ { I_SUDOERS_LOCALE },
+@@ -492,6 +493,8 @@ init_defaults(void)
+ }
+
+ /* First initialize the flags. */
++ def_legacy_group_processing = true;
++ def_match_group_by_gid = true;
+ #ifdef LONG_OTP_PROMPT
+ def_long_otp_prompt = true;
+ #endif
+diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
+index 1267949..d8f4dd0 100644
+--- a/plugins/sudoers/sudoers.c
++++ b/plugins/sudoers/sudoers.c
+@@ -217,6 +217,10 @@ sudoers_policy_init(void *info, char * const envp[])
+ if (set_loginclass(runas_pw ? runas_pw : sudo_user.pw))
+ ret = true;
+
++ if (!def_match_group_by_gid || !def_legacy_group_processing) {
++ def_match_group_by_gid = false;
++ def_legacy_group_processing = false;
++ }
+ cleanup:
+ if (!restore_perms())
+ ret = -1;
diff --git a/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-nowaitopt.patch b/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-nowaitopt.patch
new file mode 100644
index 0000000..a7a18a1
--- /dev/null
+++ b/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-nowaitopt.patch
@@ -0,0 +1,75 @@
+From acbbefdbcf2951a2ce31fe4fc789cf8397a406cc Mon Sep 17 00:00:00 2001
+From: "Sar Ashki, Babak" <Babak.SarAshki@windriver.com>
+Date: Wed, 11 Dec 2019 19:43:19 -0800
+
+---
+ plugins/sudoers/def_data.c | 4 ++++
+ plugins/sudoers/def_data.h | 2 ++
+ plugins/sudoers/def_data.in | 3 +++
+ plugins/sudoers/sudoers.c | 14 ++++++++++++++
+ 4 files changed, 23 insertions(+)
+
+diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
+index 5fa45bb..9d7a842 100644
+--- a/plugins/sudoers/def_data.c
++++ b/plugins/sudoers/def_data.c
+@@ -498,6 +498,10 @@ struct sudo_defs_types sudo_defs_table[] = {
+ N_("Don't pre-resolve all group names"),
+ NULL,
+ }, {
++ "cmnd_no_wait", T_FLAG,
++ N_("Don't fork and wait for the command to finish, just exec it"),
++ NULL,
++ }, {
+ NULL, 0, NULL
+ }
+ };
+diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
+index 940fa8f..68ceed0 100644
+--- a/plugins/sudoers/def_data.h
++++ b/plugins/sudoers/def_data.h
+@@ -228,6 +228,8 @@
+ #define def_case_insensitive_group (sudo_defs_table[I_CASE_INSENSITIVE_GROUP].sd_un.flag)
+ #define I_LEGACY_GROUP_PROCESSING 114
+ #define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag)
++#define I_CMND_NO_WAIT 115
++#define def_cmnd_no_wait (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag)
+
+ enum def_tuple {
+ never,
+diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
+index 571bc96..4250917 100644
+--- a/plugins/sudoers/def_data.in
++++ b/plugins/sudoers/def_data.in
+@@ -360,3 +360,6 @@ case_insensitive_group
+ legacy_group_processing
+ T_FLAG
+ "Don't pre-resolve all group names"
++cmnd_no_wait
++ T_FLAG
++ "Don't fork and wait for the command to finish, just exec it"
+diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
+index d8f4dd0..00669b4 100644
+--- a/plugins/sudoers/sudoers.c
++++ b/plugins/sudoers/sudoers.c
+@@ -221,6 +221,20 @@ sudoers_policy_init(void *info, char * const envp[])
+ def_match_group_by_gid = false;
+ def_legacy_group_processing = false;
+ }
++
++ /*
++ * Emulate cmnd_no_wait option by disabling PAM session, PTY allocation
++ * and I/O logging. This will cause sudo to execute the given command
++ * directly instead of forking a separate process for it.
++ */
++ if (def_cmnd_no_wait) {
++ def_pam_setcred = false;
++ def_pam_session = false;
++ def_use_pty = false;
++ def_log_input = false;
++ def_log_output = false;
++ }
++
+ cleanup:
+ if (!restore_perms())
+ ret = -1;
diff --git a/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-sudoldapconfman.patch b/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-sudoldapconfman.patch
new file mode 100644
index 0000000..e24a295
--- /dev/null
+++ b/meta-stx/recipes-extended/sudo/files/sudo-1.8.23-sudoldapconfman.patch
@@ -0,0 +1,41 @@
+From fcd6c299111dd5dee6e387047c8f60dfef24e32a Mon Sep 17 00:00:00 2001
+From: "Sar Ashki, Babak" <Babak.SarAshki@windriver.com>
+Date: Wed, 11 Dec 2019 19:43:19 -0800
+
+---
+ doc/Makefile.in | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/doc/Makefile.in b/doc/Makefile.in
+index e8d2605..b2e16f4 100644
+--- a/doc/Makefile.in
++++ b/doc/Makefile.in
+@@ -349,10 +349,16 @@ install-doc: install-dirs
+ rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \
+ echo ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \
+ ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \
++ rm -f $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \
++ echo ln -s sudoers.ldap.$(mansectform)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \
++ ln -s sudoers.ldap.$(mansectform)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \
+ else \
+ rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \
+ echo ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \
+ ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \
++ rm -f $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \
++ echo ln -s sudoers.ldap.$(mansectform) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \
++ ln -s sudoers.ldap.$(mansectform) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \
+ fi
+
+ install-plugin:
+@@ -367,8 +373,9 @@ uninstall:
+ $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) \
+ $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) \
+ $(DESTDIR)$(mandirform)/sudoers.$(mansectform) \
+- $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform)
+- $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
++ $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform) \
++ $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) \
++ $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)
+
+ splint:
+
diff --git a/meta-stx/recipes-extended/sudo/files/sudo-1.8.6p7-logsudouser.patch b/meta-stx/recipes-extended/sudo/files/sudo-1.8.6p7-logsudouser.patch
new file mode 100644
index 0000000..cea999e
--- /dev/null
+++ b/meta-stx/recipes-extended/sudo/files/sudo-1.8.6p7-logsudouser.patch
@@ -0,0 +1,88 @@
+From 7ee2d1e7fd55da7074a39b41fe342e261dd1f191 Mon Sep 17 00:00:00 2001
+From: Tomas Sykora <tosykora@redhat.com>
+Date: Wed, 17 Aug 2016 10:12:11 +0200
+Subject: [PATCH] Sudo logs username root instead of realuser
+
+RHEL7 sudo logs username root instead of realuser in /var/log/secure
+
+Rebased from:
+Patch50: sudo-1.8.6p7-logsudouser.patch
+
+Resolves:
+rhbz#1312486
+
+---
+ plugins/sudoers/logging.c | 14 +++++++-------
+ plugins/sudoers/sudoers.h | 1 +
+ 2 files changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
+index 9562609..775fd0c 100644
+--- a/plugins/sudoers/logging.c
++++ b/plugins/sudoers/logging.c
+@@ -116,7 +116,7 @@ do_syslog(int pri, char *msg)
+ * Log the full line, breaking into multiple syslog(3) calls if necessary
+ */
+ fmt = _("%8s : %s");
+- maxlen = def_syslog_maxlen - (strlen(fmt) - 5 + strlen(user_name));
++ maxlen = def_syslog_maxlen - (strlen(fmt) - 5 + strlen(sudo_user_name));
+ for (p = msg; *p != '\0'; ) {
+ len = strlen(p);
+ if (len > maxlen) {
+@@ -132,7 +132,7 @@ do_syslog(int pri, char *msg)
+ save = *tmp;
+ *tmp = '\0';
+
+- mysyslog(pri, fmt, user_name, p);
++ mysyslog(pri, fmt, sudo_user_name, p);
+
+ *tmp = save; /* restore saved character */
+
+@@ -140,11 +140,11 @@ do_syslog(int pri, char *msg)
+ for (p = tmp; *p == ' '; p++)
+ continue;
+ } else {
+- mysyslog(pri, fmt, user_name, p);
++ mysyslog(pri, fmt, sudo_user_name, p);
+ p += len;
+ }
+ fmt = _("%8s : (command continued) %s");
+- maxlen = def_syslog_maxlen - (strlen(fmt) - 5 + strlen(user_name));
++ maxlen = def_syslog_maxlen - (strlen(fmt) - 5 + strlen(sudo_user_name));
+ }
+
+ sudoers_setlocale(oldlocale, NULL);
+@@ -191,10 +191,10 @@ do_logfile(const char *msg)
+ timestr = "invalid date";
+ if (def_log_host) {
+ len = asprintf(&full_line, "%s : %s : HOST=%s : %s",
+- timestr, user_name, user_srunhost, msg);
++ timestr, sudo_user_name, user_srunhost, msg);
+ } else {
+ len = asprintf(&full_line, "%s : %s : %s",
+- timestr, user_name, msg);
++ timestr, sudo_user_name, msg);
+ }
+ if (len == -1) {
+ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
+@@ -844,7 +844,7 @@ send_mail(const char *fmt, ...)
+
+ if ((timestr = get_timestr(time(NULL), def_log_year)) == NULL)
+ timestr = "invalid date";
+- (void) fprintf(mail, "\n\n%s : %s : %s : ", user_host, timestr, user_name);
++ (void) fprintf(mail, "\n\n%s : %s : %s : ", user_host, timestr, sudo_user_name);
+ va_start(ap, fmt);
+ (void) vfprintf(mail, fmt, ap);
+ va_end(ap);
+diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h
+index 28dbbb3..99e137b 100644
+--- a/plugins/sudoers/sudoers.h
++++ b/plugins/sudoers/sudoers.h
+@@ -188,6 +188,7 @@ struct sudo_user {
+ /*
+ * Shortcuts for sudo_user contents.
+ */
++#define sudo_user_name (sudo_user.pw->pw_name)
+ #define user_name (sudo_user.name)
+ #define user_uid (sudo_user.uid)
+ #define user_gid (sudo_user.gid)
diff --git a/meta-stx/recipes-extended/sudo/sudo_%.bbappend b/meta-stx/recipes-extended/sudo/sudo_%.bbappend
new file mode 100644
index 0000000..627a3bd
--- /dev/null
+++ b/meta-stx/recipes-extended/sudo/sudo_%.bbappend
@@ -0,0 +1,54 @@
+#
+## Copyright (C) 2019 Wind River Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+DEPENDS += " \
+ openldap \
+ libgcrypt \
+ "
+
+SRC_URI += " \
+ file://sudo-1.6.7p5-strip.patch \
+ file://sudo-1.7.2p1-envdebug.patch \
+ file://sudo-1.8.23-sudoldapconfman.patch \
+ file://sudo-1.8.23-legacy-group-processing.patch \
+ file://sudo-1.8.23-ldapsearchuidfix.patch \
+ file://sudo-1.8.6p7-logsudouser.patch \
+ file://sudo-1.8.23-nowaitopt.patch \
+ file://sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch \
+ "
+
+EXTRA_OECONF += " \
+ --with-pam-login \
+ --with-editor=${base_bindir}/vi \
+ --with-env-editor \
+ --with-ignore-dot \
+ --with-tty-tickets \
+ --with-ldap \
+ --with-ldap-conf-file="${sysconfdir}/sudo-ldap.conf" \
+ --with-passprompt="[sudo] password for %Zp: " \
+ --with-sssd \
+ "
+
+do_install_append () {
+ install -m755 -d ${D}/${sysconfdir}/openldap/schema
+ install -m644 ${S}/doc/schema.OpenLDAP ${D}/${sysconfdir}/openldap/schema/sudo.schema
+}
+
+# This means sudo package only owns files
+# to avoid install conflict with openldap on
+# /etc/openldap. Sure there is a better way.
+DIRFILES = "1"