updated to 6.3p2, added example config, fixed some Makefile issues

7 files changed, 134 insertions, 176 deletions

diff --git a/.SRCINFO b/.SRCINFO
index ddbd7c94448a..1fc68adb41cb 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,23 +1,28 @@
 pkgbase = doas
-	pkgdesc = Port of OpenBSD's doas(1), an alternative to sudo(1)
-	pkgver = 6.2p2
+	pkgdesc = A port of OpenBSD's doas(1), an alternative to sudo(1)
+	pkgver = 6.3p2
 	pkgrel = 1
 	url = https://github.com/slicer69/doas
 	arch = i686
 	arch = x86_64
 	arch = armv6h
 	arch = armv7h
-	license = custom: ISC
+	license = BSD
 	depends = pam
+	depends = bison
 	provides = doas
 	replaces = opendoas
 	replaces = opendoas-git
-	source = doas-6.2p2.tar.gz::https://github.com/slicer69/doas/archive/6.2p2.tar.gz
-	source = doas.patch
+	backup = etc/doas.conf
+	backup = etc/pam.d/doas
+	source = doas-6.3p2.tar.gz::https://github.com/slicer69/doas/archive/6.3p2.tar.gz
+	source = 00-Makefile.patch
 	source = doas-pam
-	sha256sums = b8dc7e3357d12335ab6890d8303523862112416136bb50f170400cf5746dfd16
-	sha256sums = 44c737230bb5dcd797a856c3298a4154d49fea2c1823a0531dcb43076f42caee
-	sha256sums = f61f6b6d2e495dac44dd0d5ee870edf6d8bacbcc8a5059d74c4b91d2bf5c9d6f
+	source = doas.conf
+	sha256sums = 037813a404bfe35289f2c6cb22a8c4de6f636b2a491e546a90d2ae2afa54aa64
+	sha256sums = 600c7686b4c52bb28951e6e0815530d4bc8fec159637ad93d9b0757e750bcabd
+	sha256sums = b064704fb3448c3511904c3963b0e167ecf6274aea48afb9c42d452447dfd042
+	sha256sums = 1f28802fad6ae0eaa5b94bb8d945ada923631ddfb7ae63e934962dbe41774976
 
 pkgname = doas
 
diff --git a/.gitignore b/.gitignore
index 6710816c579a..aa5449ee3fad 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,4 @@
-*
-!/PKGBUILD
-!/.SRCINFO
-!/.gitignore
-!/doas.patch
-!/doas-pam
+doas-*.pkg.*
+doas-*.tar.gz
+pkg/
+src/
diff --git a/00-Makefile.patch b/00-Makefile.patch
new file mode 100644
index 000000000000..a4c5f0011801
--- /dev/null
+++ b/00-Makefile.patch
@@ -0,0 +1,54 @@
+--- src/doas-6.3p2/Makefile	2020-08-07 23:42:52.000000000 +0200
++++ Makefile	2020-08-18 17:14:50.982152763 +0200
+@@ -2,10 +2,10 @@
+ CC?=clang
+ YACC?=yacc
+ BIN=doas
+-PREFIX?=/usr/local
++PREFIX=/usr
+ MANDIR?=$(DESTDIR)$(PREFIX)/man
+-SYSCONFDIR?=$(DESTDIR)$(PREFIX)/etc
+-OBJECTS=doas.o env.o compat/execvpe.o compat/reallocarray.o y.tab.o 
++SYSCONFDIR?=$(DESTDIR)$(PREFIX)/etc
++OBJECTS=doas.o env.o compat/execvpe.o compat/reallocarray.o y.tab.o
+ OPT?=-O2
+ # Can set GLOBAL_PATH here to set PATH for target user.
+ # TARGETPATH=-DGLOBAL_PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:\"
+@@ -13,32 +13,11 @@
+ CPPFLAGS+=-include compat/compat.h
+ LDFLAGS+=-lpam
+ UNAME_S := $(shell uname -s)
+-ifeq ($(UNAME_S),Linux)
+-    LDFLAGS+=-lpam_misc
+-    CPPFLAGS+=-Icompat
+-    CFLAGS+=-D_GNU_SOURCE
+-    COMPAT+=closefrom.o errc.o getprogname.o setprogname.o strlcat.o strlcpy.o strtonum.o verrc.o
+-    OBJECTS+=$(COMPAT:%.o=compat/%.o)
+-endif
+-ifeq ($(UNAME_S),FreeBSD)
+-    CFLAGS+=-DHAVE_LOGIN_CAP_H
+-    LDFLAGS+=-lutil
+-endif
+-ifeq ($(UNAME_S),SunOS)
+-    SAFE_PATH?=/bin:/sbin:/usr/bin:/usr/sbin:$(PREFIX)/bin:$(PREFIX)/sbin
+-    GLOBAL_PATH?=/bin:/sbin:/usr/bin:/usr/sbin:$(PREFIX)/bin:$(PREFIX)/sbin
+-    CPPFLAGS+=-Icompat
+-    CFLAGS+=-DSOLARIS_PAM -DSAFE_PATH=\"$(SAFE_PATH)\" -DGLOBAL_PATH=\"$(GLOBAL_PATH)\"
+-    COMPAT=errc.o pm_pam_conv.o setresuid.o verrc.o
+-    OBJECTS+=$(COMPAT:%.o=compat/%.o)
+-endif
+-ifeq ($(UNAME_S),Darwin)
+-    CPPFLAGS+=-Icompat
+-    COMPAT+=bsd-closefrom.o
+-    OBJECTS+=$(COMPAT:%.o=compat/%.o)
+-    # On MacOS the default man page path is /usr/local/share/man
+-    MANDIR=$(DESTDIR)$(PREFIX)/share/man
+-endif
++LDFLAGS+=-lpam_misc
++CPPFLAGS+=-Icompat
++CFLAGS+=-D_GNU_SOURCE
++COMPAT+=closefrom.o errc.o getprogname.o setprogname.o strlcat.o strlcpy.o strtonum.o verrc.o
++OBJECTS+=$(COMPAT:%.o=compat/%.o)
+ 
+ all: $(OBJECTS) doas.1.final doas.conf.5.final
+ 	$(CC) -o $(BIN) $(OBJECTS) $(LDFLAGS)
diff --git a/PKGBUILD b/PKGBUILD
index c43f3f18f8b1..3df94bcf2ab7 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,24 +1,28 @@
-# Maintainer: Stephen Gregoratto <dev@sgregoratto.me>
+# Maintainer: lennivh24@gmail.com
 pkgname=doas
-pkgver=6.2p2
+pkgver=6.3p2
 pkgrel=1
-pkgdesc="Port of OpenBSD's doas(1), an alternative to sudo(1)"
-license=('custom: ISC')
+pkgdesc="A port of OpenBSD's doas(1), an alternative to sudo(1)"
+license=('BSD')
 url="https://github.com/slicer69/doas"
 arch=('i686' 'x86_64' 'armv6h' 'armv7h')
-depends=('pam')
+depends=('pam' 'bison')
+backup=('etc/doas.conf'
+        'etc/pam.d/doas')
 provides=('doas')
 replaces=('opendoas' 'opendoas-git')
 source=("$pkgname-$pkgver.tar.gz::$url/archive/$pkgver.tar.gz"
-        'doas.patch'
-        'doas-pam')
-sha256sums=('b8dc7e3357d12335ab6890d8303523862112416136bb50f170400cf5746dfd16'
-            '44c737230bb5dcd797a856c3298a4154d49fea2c1823a0531dcb43076f42caee'
-            'f61f6b6d2e495dac44dd0d5ee870edf6d8bacbcc8a5059d74c4b91d2bf5c9d6f')
+				'00-Makefile.patch'
+        'doas-pam'
+				'doas.conf')
+sha256sums=('037813a404bfe35289f2c6cb22a8c4de6f636b2a491e546a90d2ae2afa54aa64'
+            '600c7686b4c52bb28951e6e0815530d4bc8fec159637ad93d9b0757e750bcabd'
+            'b064704fb3448c3511904c3963b0e167ecf6274aea48afb9c42d452447dfd042'
+            '1f28802fad6ae0eaa5b94bb8d945ada923631ddfb7ae63e934962dbe41774976')
 
 prepare() {
   cd "$pkgname-$pkgver"
-  patch -Np1 -i "${srcdir}/$pkgname.patch"
+	patch -i "${srcdir}/00-Makefile.patch"
 }
 
 build() {
@@ -28,6 +32,7 @@ build() {
 
 package() {
   install -Dm644 "doas-pam" "$pkgdir/etc/pam.d/doas"
+	install -Dm644 "doas.conf" "$pkgdir/etc/doas.conf"
   cd "$pkgname-$pkgver"
   make DESTDIR="$pkgdir" install
   install -Dm644 "LICENSE" "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
diff --git a/doas-pam b/doas-pam
index 5e7885a706e3..943b9ae65a7b 100644
--- a/doas-pam
+++ b/doas-pam
@@ -1,7 +1,5 @@
 #%PAM-1.0
-auth            required        pam_unix.so
-account         required        pam_unix.so
-session         optional        pam_xauth.so
-session         optional        pam_umask.so     usergroups umask=022
-session         required        pam_env.so
-session         required        pam_unix.so
+auth	sufficient	pam_fprintd.so
+auth	include		system-auth
+account	include		system-auth
+session	include		system-auth
diff --git a/doas.conf b/doas.conf
new file mode 100644
index 000000000000..818e1040aff0
--- /dev/null
+++ b/doas.conf
@@ -0,0 +1,43 @@
+## Sample configuration file for doas
+## Please see doas.conf manual page for information on setting
+## up a doas.conf file.
+##
+## This file should be edited using `vidoas` to prevent syntax errors
+##
+## doas.conf is read from top to bottom, and the last matching rule
+## will be used
+
+## This file defines which users should (not) be allowed to use doas
+
+## Allow root user to use doas:
+permit root
+## alternatively: permit 0
+
+## Allow members of the wheel group to use doas (note the colon):
+# permit :wheel
+
+## Deny user malloy to use doas:
+# deny malloy
+
+## Allow alice to 'doas' bob:
+# permit alice as bob
+
+## Deny Bob to run pacman:
+# deny bob cmd pacman
+
+# Allow Bob to update packages using pacman
+# allow bob cmd /usr/bin/pacman -Syu
+
+## If a command without path is specified,
+## the command will be searched in
+## usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+## (not PATH).
+
+## Allow Bob to update packages without entering his pasword:
+# allow nopass bob cmd /usr/bin/pacman -Syu
+
+## Maintain the user's environment:
+# allow keepenv alice
+## Variables may also be set using setenv { \
+##     PKG_CACHE RELEASE_DIR=/var/local/ \
+## }
diff --git a/doas.patch b/doas.patch
deleted file mode 100644
index 70e5c3ad20ad..000000000000
--- a/doas.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-diff -ura doas-6.2p2-old/doas.1 doas-6.2p2-new/doas.1
---- doas-6.2p2-old/doas.1	2019-10-13 02:07:28.000000000 +1100
-+++ doas-6.2p2-new/doas.1	2019-11-07 13:03:09.849984860 +1100
-@@ -91,7 +91,7 @@
- .Bl -bullet -compact
- .It
- The config file
--.Pa /usr/local/etc/doas.conf
-+.Pa /etc/doas.conf
- could not be parsed.
- .It
- The user attempted to run a command which is not permitted.
-diff -ura doas-6.2p2-old/doas.conf.5 doas-6.2p2-new/doas.conf.5
---- doas-6.2p2-old/doas.conf.5	2019-10-13 02:07:28.000000000 +1100
-+++ doas-6.2p2-new/doas.conf.5	2019-11-07 13:03:09.849984860 +1100
-@@ -20,7 +20,7 @@
- .Nm doas.conf
- .Nd doas configuration file
- .Sh SYNOPSIS
--.Nm /usr/local/etc/doas.conf
-+.Nm doas.conf
- .Sh DESCRIPTION
- The
- .Xr doas 1
-@@ -125,6 +125,11 @@
- If quotes or backslashes are used in a word,
- it is not considered a keyword.
- .El
-+.Sh FILES
-+.Bl -tag -width "/etc/doas.conf"
-+.It Pa /etc/doas.conf
-+doas configuration file.
-+.El
- .Sh EXAMPLES
- The following example permits users in group wsrc to build ports;
- wheel to execute commands as any user while keeping the environment
-diff -ura doas-6.2p2-old/Makefile doas-6.2p2-new/Makefile
---- doas-6.2p2-old/Makefile	2019-10-13 02:07:28.000000000 +1100
-+++ doas-6.2p2-new/Makefile	2019-11-07 13:05:35.273137128 +1100
-@@ -1,68 +1,38 @@
--CC?=clang
--YACC?=yacc
--BIN=doas
--PREFIX?=/usr/local
--MANDIR?=$(DESTDIR)$(PREFIX)/man
--SYSCONFDIR?=$(DESTDIR)$(PREFIX)/etc
--OBJECTS=doas.o env.o compat/execvpe.o compat/reallocarray.o y.tab.o
--OPT?=-O2
--# Can set GLOBAL_PATH here to set PATH for target user.
--# TARGETPATH=-DGLOBAL_PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:\"
--CFLAGS+=-Wall $(OPT) -DUSE_PAM -DDOAS_CONF=\"${SYSCONFDIR}/doas.conf\" $(TARGETPATH)
--CPPFLAGS+=-include compat/compat.h
--LDFLAGS+=-lpam
--UNAME_S := $(shell uname -s)
--ifeq ($(UNAME_S),Linux)
--    LDFLAGS+=-lpam_misc
--    CPPFLAGS+=-Icompat
--    CFLAGS+=-D_GNU_SOURCE
--    COMPAT+=closefrom.o errc.o getprogname.o setprogname.o strlcat.o strlcpy.o strtonum.o verrc.o
--    OBJECTS+=$(COMPAT:%.o=compat/%.o)
--endif
--ifeq ($(UNAME_S),FreeBSD)
--    CFLAGS+=-DHAVE_LOGIN_CAP_H
--    LDFLAGS+=-lutil
--endif
--ifeq ($(UNAME_S),SunOS)
--    SAFE_PATH?=/bin:/sbin:/usr/bin:/usr/sbin:$(PREFIX)/bin:$(PREFIX)/sbin
--    GLOBAL_PATH?=/bin:/sbin:/usr/bin:/usr/sbin:$(PREFIX)/bin:$(PREFIX)/sbin
--    CPPFLAGS+=-Icompat
--    CFLAGS+=-DSOLARIS_PAM -DSAFE_PATH=\"$(SAFE_PATH)\" -DGLOBAL_PATH=\"$(GLOBAL_PATH)\"
--    COMPAT=errc.o pm_pam_conv.o setresuid.o verrc.o
--    OBJECTS+=$(COMPAT:%.o=compat/%.o)
--endif
--ifeq ($(UNAME_S),Darwin)
--    CPPFLAGS+=-Icompat
--    COMPAT+=bsd-closefrom.o
--    OBJECTS+=$(COMPAT:%.o=compat/%.o)
--    # On MacOS the default man page path is /usr/local/share/man
--    MANDIR=$(DESTDIR)$(PREFIX)/share/man
--endif
--
--all: $(OBJECTS)
--	$(CC) -o $(BIN) $(OBJECTS) $(LDFLAGS)
--
--env.o: doas.h env.c
--
--execvpe.o: doas.h execvpe.c
--
--doas.o: doas.h doas.c parse.y
--
--reallocarray.o: doas.h reallocarray.c
--
--y.tab.o: parse.y
--	$(YACC) parse.y
--	$(CC) $(CPPFLAGS) $(CFLAGS) -c y.tab.c
--
--install: $(BIN)
--	mkdir -p $(DESTDIR)$(PREFIX)/bin
--	cp $(BIN) $(DESTDIR)$(PREFIX)/bin/
--	chmod 4755 $(DESTDIR)$(PREFIX)/bin/$(BIN)
--	mkdir -p $(MANDIR)/man1
--	cp doas.1 $(MANDIR)/man1/
--	mkdir -p $(MANDIR)/man5
--	cp doas.conf.5 $(MANDIR)/man5/
--
-+PREFIX   := /usr
-+BINDIR   := $(PREFIX)/bin
-+MANDIR   := $(PREFIX)/share/man
-+
-+CPPFLAGS += -include compat/compat.h -Icompat
-+CFLAGS   += -DUSE_PAM -DDOAS_CONF=\"/etc/doas.conf\" -D_GNU_SOURCE
-+LDFLAGS  := -lpam -lpam_misc $(LDFLAGS)
-+
-+OBJS = \
-+	compat/closefrom.o \
-+	compat/errc.o \
-+	compat/execvpe.o \
-+	compat/getprogname.o \
-+	compat/reallocarray.o \
-+	compat/setprogname.o \
-+	compat/strlcat.o \
-+	compat/strlcpy.o \
-+	compat/strtonum.o \
-+	compat/verrc.o \
-+	doas.o \
-+	env.o \
-+	parse.o
-+
-+doas: $(OBJS)
-+	$(CC) $(LDFLAGS) -o $@ $(OBJS)
-+
-+compat/execvpe.o: doas.h
-+compat/reallocarray.o: doas.h
-+doas.o: doas.h
-+env.o: doas.h
-+
-+install: doas
-+	install -Dm4755 doas $(DESTDIR)$(BINDIR)/doas
-+	install -Dm0644 doas.1 $(DESTDIR)$(MANDIR)/man1/doas.1
-+	install -Dm0644 doas.conf.5 $(DESTDIR)$(MANDIR)/man5/doas.conf.5
-+ 
- clean:
--	rm -f $(BIN) $(OBJECTS) y.tab.c
--
-+	rm -f $(OBJS) doas