| Sudo porting hints |
| ================== |
| |
| Before trying to port sudo to a new architecture, please join the |
| sudo-workers mailing list (see the README file) and ask if anyone |
| has a port working or in-progress. Sudo should be fairly easy to |
| port. Since it uses a configure script, most of the work is often |
| done for you. As long as your operating system is reasonably POSIX |
| compliant porting should be easy. If your operating system has a |
| separate library for POSIX compatibility you may need to add it by |
| using configure's --with-libraries option. |
| |
| If your OS is an SVR4 derivative (or some approximation thereof), it may |
| be sufficient to tell configure you are runnng SVR4, something like: |
| configure foo-bar-sysv4 |
| where foo is the hardware architecture and bar is the vendor. |
| |
| A possible pitfall is getdtablesize(2) which is used to get the |
| maximum number of open files the process can have. If an OS has |
| the POSIX sysconf(2) it will be used instead of getdtablesize(2). |
| ulimit(2) or getrlimit(2) can also be used on some OS's. If all |
| else fails you can use the value of NOFILE in <sys/param.h>. |
| |
| Sudo tries to clear the environment of dangerous environment variables |
| such as LD_* to prevent shared library spoofing. If you are porting |
| sudo to a new OS that has shared libraries you'll want to mask out |
| the variables that allow one to change the shared library path. |
| See initial_badenv_table() in env.c to see how this is done for |
| various operating systems. |
| |
| It is possible that on a really weird system, tgetpass() may not |
| compile. (The most common cause for this is that the "fd_set" type |
| is not defined in a place that sudo expects it to be. If you can |
| find the header file where "fd_set" is typedef'd, have tgetpass.c |
| include it and send in a bug report.) |
| Alternately, tgetpass.c may compile but not work (nothing happens |
| at the Password: prompt). It is possible that your C library |
| contains a broken or unusable crypt() function--try linking with |
| -lcrypt if that exists. Another possibility is that select() is |
| not fully functional; running configure with --with-password-timeout=0 |
| will disable the use of select(). If sudo prompts you for a |
| password but never accepts it, see below. |
| |
| Sudo detects and recognizes most common shadow password schemes |
| automatically. If you find that sudo is not accepting your password |
| and you are sure that it has been typed in correctly there are two |
| likely problems. One possibility is that your C library has a |
| broken crypt() function (see above). The other is that your operating |
| system is using shadow passwords and sudo has not detected that |
| fact. Look in config.h to see what, if any, shadow password scheme |
| was detected. The most common are SVR4 (HAVE_GETSPNAM will be |
| defined) and SecureWare (HAVE_GETPRPWNAM will be defined). Check |
| the manual pages on your system for "getspnam" and "getprpwnam". |
| If one of those exist but the appropriate define does not exist in |
| config.h then the problem is most likely that those routines live |
| in a library that sudo does not know to link against. The manual |
| page should tell you what library this is. You can then use the |
| --with-libraries option to configure to tell sudo to link with the |
| library in question. For example: |
| --with-libraries='-lgen' |
| would cause sudo to link in libgen which contains "getspnam" on SCO |
| systems. |
| |
| If you are trying to port to a system without standard Berkeley |
| networking you may find that interfaces.c will not compile. This |
| is most likely on OS's with STREAMS-based networking. It should |
| be possible to make it work by modifying the ISC streams support |
| (see the _ISC #ifdef's). However, if you don't care about ip address |
| and network address support, you can just run configure with the |
| --without-interfaces flag to get a do-nothing load_interfaces() |
| stub function. |
| |
| Sudo wants POSIX signals (sigaction and friends). If your system |
| lacks sigaction but has the 4.3BSD sigvec() function, sigvec() will |
| be used instead via the wrapper functions in sigaction.c. It is |
| not currently possible to use the old SVR3 and 4.2BSD signals, but |
| this is due more to my lack of a test machine than anything else. |
| |
| If you port sudo to a new architecture, please send the output of |
| "configure", the config.log file and your changes to: |
| sudo@courtesan.com |
| |
| If you are unable to get sudo working, and you are willing to |
| give me an account on a machine, send mail to sudo@courtesan.com. |
| Note, however, that I can't make any promises. |