add sudo-rs (sharun.wrappe)

packages/sudo-rs/archive.sharun.wrappe.yaml

@@ -0,0 +1,127 @@
+#!/SBUILD ver @v1.0.0
+#SELF: https://raw.githubusercontent.com/trifectatechfoundation/sudo-rspkgs/refs/heads/main/packages/sudo-rs/archive.sharun.wrappe.yaml
+_disabled: false
+
+pkg: "sudo-rs"
+pkg_id: "sharun.wrappe.sudo-rs.source"
+pkg_type: "archive"
+category:
+  - "Utility"
+description:
+  _default: "Memory safe implementation of sudo and su"
+  cvtsudoers: "Convert between sudoers file formats [sudo-rs]"
+  sudo: "Execute a command as another user [sudo-rs]"
+  sudo.conf: "Configuration for sudo front-end [sudo-rs]"
+  sudo_logsrvd: "sudo event and I/O log server [sudo-rs]"
+  sudo_logsrvd.conf: "Configuration for sudo_logsrvd [sudo-rs]"
+  sudo_sendlog: "Send sudo I/O log to log server [sudo-rs]"
+  sudoedit: "An extension of the sudo -e command to edit a file [sudo-rs]"
+  sudoers: "Default sudo security policy plugin [sudo-rs]"
+  sudoers.dist: "Default configuration file for sudoers [sudo-rs]"
+  sudoreplay: "Replay sudo session logs [sudo-rs]"
+  su: "Change user id or become root [sudo-rs]"
+  visudo: "Edit the sudoers file [sudo-rs]"
+distro_pkg:
+  archlinux:
+    aur:
+      - "sudo-rs"
+      - "sudo-rs-git"
+  nixpkgs:
+    - "sudo-rs"
+homepage:
+  - "https://github.com/trifectatechfoundation/sudo-rs"
+license:
+  - id: "MIT"
+    url: "https://github.com/trifectatechfoundation/sudo-rs/raw/651cdcf6ebdd8819d48c56fd2d61a07add5b92a3/LICENSE-MIT"
+maintainer:
+  - "Azathothas (https://github.com/Azathothas)"
+note:
+  - "[DO NOT RUN] (Meant for pkgforge CI Only)"
+  - "Built From Source (Latest Git HEAD). Check/Report @ https://github.com/trifectatechfoundation/sudo-rs"
+  - "Built Using Sharun. Check/Report @ https://github.com/VHSgunzo/sharun"
+  - "Learn more @ https://docs.pkgforge.dev/formats/packages/archive"
+  - "[PORTABLE] (Works on AnyLinux)"
+  - "[NO_DESKTOP_INTEGRATION] (Does not need desktop integration)"
+  - "sudo must be owned by uid 0 and have the setuid bit set"
+  - "chown -v 'root:root' sudo"
+  - "chmod -v 'a=rx,u+ws' sudo"
+  - "Requires '/etc/sudoers' file & '/etc/sudoers.d' dir"
+  - "Also requires PAM to be setup: https://github.com/trifectatechfoundation/sudo-rs#differences-from-original-sudo"
+provides:
+ - "su"
+ - "sudo"
+ - "visudo"
+repology:
+ - "sudo-rs"
+src_url:
+  - "https://github.com/trifectatechfoundation/sudo-rs"
+tag:
+  - "sudo"
+x_exec:
+  host:
+    - "aarch64-Linux"
+    - "x86_64-Linux"
+  shell: "bash"
+  pkgver: |
+    pushd "$(mktemp -d)" >/dev/null 2>&1 && \
+    git clone --depth="1" --filter="blob:none" --no-checkout --single-branch --quiet "https://github.com/trifectatechfoundation/sudo-rs" "./TEMPREPO" >/dev/null 2>&1 && \
+    git --git-dir="./TEMPREPO/.git" --no-pager log -1 --pretty=format:'HEAD-%h-%cd' --date=format:'%y%m%dT%H%M%S' && \
+    [ -d "$(realpath .)/TEMPREPO" ] && rm -rf "$(realpath .)" >/dev/null 2>&1 && popd >/dev/null 2>&1
+  run: |
+    #Build
+     mkdir -pv "${SBUILD_TMPDIR}/tmp" && docker run --privileged --net="host" --name "debian-builder-unstable" --pull="always" \
+     -e "PKG=${PKG}" -e "PKG_ID=${PKG_ID}" -e "PKG_TYPE=${PKG_TYPE}" -e "PKG_VER=${PKG_VER}" \
+     -e "PKGVER=${PKGVER}" -e "SBUILD_PKG=${SBUILD_PKG}" -e "SBUILD_PKGVER=${SBUILD_PKGVER}" \
+     --volume "${SBUILD_TMPDIR}/tmp:/tmp:rw" \
+     "ghcr.io/pkgforge/devscripts/debian-builder-unstable:$(uname -m)" \
+      bash -l -c '
+      #Setup ENV
+       set -x ; chown -R "$(whoami):$(whoami)" "/tmp" 2>/dev/null ; chmod -v '1777' '/tmp'
+       mkdir -p "/build-bins" && pushd "$(mktemp -d)" >/dev/null 2>&1
+       apt clean -y ; apt update -y -qq 2>/dev/null
+       apt update -y -qq
+      #CoreUtils
+       apt install bash binutils coreutils curl findutils file g++ git grep jq libc-dev moreutils patchelf rsync sed strace tar tree xz-utils zstd -y -qq 2>/dev/null
+      #Sharun
+       curl -qfsSL "https://api.gh.pkgforge.dev/repos/VHSgunzo/sharun/releases?per_page=100" | jq -r ".. | objects | .browser_download_url? // empty" | grep -Ei "$(uname -m)" | grep -Eiv "tar\.gz|\.b3sum" | grep -Ei "sharun" | sort --version-sort | tail -n 1 | tr -d "[:space:]" | xargs -I "{}" curl -qfsSL "{}" -o "/usr/local/bin/sharun"
+       chmod -v "a+x" "/usr/local/bin/sharun"
+       command -v sharun &>/dev/null || echo -e "\[X] FATAL: sharun is NOT Installed\n$(exit 1)"             
+      #Build
+       source "${HOME}/.cargo/env"
+       export RUST_TARGET="$(uname -m)-unknown-linux-gnu"
+       rustup target add "${RUST_TARGET}"
+       export RUSTFLAGS="-C default-linker-libraries=yes \
+         -C prefer-dynamic=no \
+         -C embed-bitcode=yes \
+         -C lto=yes \
+         -C opt-level=z \
+         -C debuginfo=none \
+         -C strip=symbols \
+         -C linker=clang \
+         -C link-arg=-fuse-ld=$(which mold) \
+         -C link-arg=-Wl,-S \
+         -C link-arg=-Wl,--build-id=none"
+       git clone --filter "blob:none" --depth="1" --quiet "https://github.com/trifectatechfoundation/sudo-rs" "./TEMPREPO" && cd "./TEMPREPO"
+       echo -e "\n[+] Target: ${RUST_TARGET}"
+       echo -e "[+] Flags: ${RUSTFLAGS}\n"
+       sed "/^\[profile\.release\]/,/^$/d" -i "./Cargo.toml" ; echo -e "\n[profile.release]\nstrip = true\nopt-level = 3\nlto = true" >> "./Cargo.toml"
+       rm rust-toolchain* 2>/dev/null
+       apt install libpam0g-dev -y -qq
+       cargo build --target "${RUST_TARGET}" --release --jobs="$(($(nproc)+1))" --keep-going --verbose
+       find -L "./target/${RUST_TARGET}/release" -maxdepth 1 -type f 2>/dev/null
+       sharun lib4bin --gen-lib-path --strace-time "60" --with-hooks --with-wrappe --wrappe-clvl "22" --wrappe-exec "su" --dst-dir "./SHARUN_WRAPPED" "./target/${RUST_TARGET}/release/su"
+       sharun lib4bin --gen-lib-path --strace-time "60" --with-hooks --with-wrappe --wrappe-clvl "22" --wrappe-exec "su" --dst-dir "./SHARUN_WRAPPED" "./target/${RUST_TARGET}/release/sudo"
+       sharun lib4bin --gen-lib-path --strace-time "60" --with-hooks --with-wrappe --wrappe-clvl "22" --wrappe-exec "su" --dst-dir "./SHARUN_WRAPPED" "./target/${RUST_TARGET}/release/visudo"
+      #Copy
+       find "./SHARUN_WRAPPED" -maxdepth 1 -type f -exec file -i "{}" \; | grep -Ei "application/.*executable|text/x-perl|text/.*script" | cut -d":" -f1 | xargs realpath | xargs -I "{}" cp -fv "{}" "/build-bins/"
+       ( askalono --format "json" crawl --follow "$(realpath .)" | jq -r ".. | objects | .path? // empty" | head -n 1 | xargs -I "{}" cp -fv "{}" "/build-bins/LICENSE" ) 2>/dev/null
+      #Info
+       file "/build-bins/"* && du -sh "/build-bins/"*
+       popd >/dev/null 2>&1
+      '
+    #Copy & Meta
+     docker cp "debian-builder-unstable:/build-bins/." "${SBUILD_TMPDIR}/"
+     [ -s "${SBUILD_TMPDIR}/LICENSE" ] && cp -fv "${SBUILD_TMPDIR}/LICENSE" "${SBUILD_OUTDIR}/LICENSE"
+     find "${SBUILD_TMPDIR}" -maxdepth 1 -type f -exec file -i "{}" \; | grep -Ei "application/.*executable|text/x-perl|text/.*script" | cut -d":" -f1 | xargs realpath | xargs -I "{}" rsync -achvL "{}" "${SBUILD_OUTDIR}"
+    #Fetch Upstream Version
+     curl -qfsSL "https://api.gh.pkgforge.dev/repos/trifectatechfoundation/sudo-rs/releases?per_page=100" | jq -r '[.[] | select(.draft == false and .prerelease == false)] | .[0].tag_name | gsub("\\s+"; "")' | tr -d '[:space:]' > "${SBUILD_TMPDIR}/upstream.version"