Bug#981176: RFP: doas -- minimal replacement for sudo

2021-02-06 Thread Bernd Zeimetz 



On 2/5/21 11:17 PM, Geert Stappers wrote:

> Qouting https://packages.debian.org/bullseye/pleaser
> 
>   please, a polite, regex-first sudo clone

the good thing on open source is that is about having the choise... And
I clearly prefer the openbsd doas code over something written in rust.

Doas is in unstable already.



-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-02-05 Thread Geert Stappers 
On Wed, Jan 27, 2021 at 10:59:58AM +0100, Bernd Zeimetz wrote:
> * Package name: doas
> * URL : https://github.com/Duncaen/OpenDoas
>   Description : minimal replacement for sudo
> 
> 
> OpenDoas: a portable version of OpenBSD's doas command
> 
> With the regular security issues in sudo it would make sense
> to have an alternative tools with a much smaller codebase.

Qouting https://packages.debian.org/bullseye/pleaser

  please, a polite, regex-first sudo clone

  Delegate accurate least privilege access with ease. There are times
  when what is intended to be executed can be expressed easily with a
  regex to expose only what is needed and nothing more.



Groeten
Geert Stappers
-- 
Silence is hard to parse

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-29 Thread Bernd Zeimetz 
Hi,

I just did some last fixes and uploaded doas to unstable. Thanks for
your work!

but fyi: I failed a bit, I've enabled PAM, but uploaded before testing
it. It will need a source only upload to migrate to testing anyway, I'll
do that as soon as it is trough new.

The version i ngit is working just fine.

If you have some time, please add an autopkgtest. Something like:
- creating a config for some user and for root
- as root: doas -u someuser doas -u root whoami | grep root

better ideas welcome, the CI should happily run your tests normally, but
it is broken due to some ssl issues at the moment.


Bernd


-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-29 Thread Scupake 
Hello!

On Fri, Jan 29, 2021 at 06:34:46AM +0100, Salvatore Bonaccorso wrote:
> Usually each maintainer-script starts with something like (or mor
> commented):
> 
> | #!/bin/sh
> |
> | set -e
> |
> | #DEBHELPER#
> | [...]
> 
> Where then debhelper can replace code snippets.

Ah, thank you!
I didn't know that that's all I need to do.

Now I think the package is ready for review.

-- 
Scupake :D
4737A2C0A769B53AE82F77922BD8BE5CDD5ADA16


signature.asc
Description: PGP signature

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-28 Thread Salvatore Bonaccorso 
Hi,

On Thu, Jan 28, 2021 at 11:50:33PM +0100, Scupake wrote:
> Hello,
> 
> I think the package is mostly ready for review!
> "Mostly" because I have no idea how to fix the
> "maintainer-script-lacks-debhelper-token" warning.

See
https://lintian.debian.org/tags/maintainer-script-lacks-debhelper-token.html
for a smallish hint.

Usually each maintainer-script starts with something like (or mor
commented):

| #!/bin/sh
|
| set -e
|
| #DEBHELPER#
| [...]

Where then debhelper can replace code snippets.

Regards,
Salvatore

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-28 Thread Scupake 
Hello,

I think the package is mostly ready for review!
"Mostly" because I have no idea how to fix the
"maintainer-script-lacks-debhelper-token" warning.

Links:
https://salsa.debian.org/debian/doas
https://mentors.debian.net/package/doas

-- 
Scupake :D
4737A2C0A769B53AE82F77922BD8BE5CDD5ADA16


signature.asc
Description: PGP signature

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-28 Thread Scupake 
On Thu, Jan 28, 2021 at 01:56:32PM +0100, Bernd Zeimetz wrote:
> weird, now I gave you more permissions - same I have. please try again.

Seems like that was it, I have uploaded the files.
Also the copyright file is a big mess and I still haven't
setup the CI.

I'll try to setup the CI first then work on the copyright file.

-- 
Scupake :D
4737A2C0A769B53AE82F77922BD8BE5CDD5ADA16


signature.asc
Description: PGP signature

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-28 Thread Bernd Zeimetz 

Hi,

weird, now I gave you more permissions - same I have. please try again.

bernd

On 2021-01-27 23:03, Scupake wrote:

On Wed, Jan 27, 2021 at 10:28:25PM +0100, Bernd Zeimetz wrote:

git push origin master:master
or git push --all if you have more branches to push.


Still having the same issue, here's the entire error:

---
Enumerating objects: 56, done.
Counting objects: 100% (56/56), done.
Delta compression using up to 2 threads
Compressing objects: 100% (48/48), done.
Writing objects: 100% (56/56), 47.66 KiB | 3.97 MiB/s, done.
Total 56 (delta 5), reused 0 (delta 0), pack-reused 0
remote: GitLab:
remote: A default branch (e.g. master) does not yet exist for 
debian/doas

remote: Ask a project Owner or Maintainer to create a default branch:
remote:
remote:   https://salsa.debian.org/debian/doas/-/project_members
remote:
To https://salsa.debian.org/debian/doas.git
 ! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 
'https://salsa.debian.org/debian/doas.git'

---

Maybe I don't have permission to create a default branch?

---
Scupake :D
4737A2C0A769B53AE82F77922BD8BE5CDD5ADA16


--
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-27 Thread Scupake 
On Wed, Jan 27, 2021 at 10:28:25PM +0100, Bernd Zeimetz wrote:
> git push origin master:master 
> or git push --all if you have more branches to push.

Still having the same issue, here's the entire error:

---
Enumerating objects: 56, done.
Counting objects: 100% (56/56), done.
Delta compression using up to 2 threads
Compressing objects: 100% (48/48), done.
Writing objects: 100% (56/56), 47.66 KiB | 3.97 MiB/s, done.
Total 56 (delta 5), reused 0 (delta 0), pack-reused 0
remote: GitLab: 
remote: A default branch (e.g. master) does not yet exist for debian/doas
remote: Ask a project Owner or Maintainer to create a default branch:
remote: 
remote:   https://salsa.debian.org/debian/doas/-/project_members
remote: 
To https://salsa.debian.org/debian/doas.git
 ! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'https://salsa.debian.org/debian/doas.git'
---

Maybe I don't have permission to create a default branch?

---
Scupake :D
4737A2C0A769B53AE82F77922BD8BE5CDD5ADA16


signature.asc
Description: PGP signature

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-27 Thread Bernd Zeimetz 



On 1/27/21 10:27 PM, Bernd Zeimetz wrote:
> 
> 
> On 1/27/21 9:58 PM, Scupake wrote:
>> Hello,
>>
>> I am getting an error when trying to git push, it's teling me that:
>> "A default branch (e.g. master) does not yet exist for debian/doas
>> Ask a project Owner or Maintainer to create a default branch"
> 
> git push origin master:master


or git push --all if you have more branches to push.



-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-27 Thread Bernd Zeimetz 



On 1/27/21 9:58 PM, Scupake wrote:
> Hello,
> 
> I am getting an error when trying to git push, it's teling me that:
> "A default branch (e.g. master) does not yet exist for debian/doas
> Ask a project Owner or Maintainer to create a default branch"

git push origin master:master


> 
> ---
> Scupake :D
> 4737A2C0A769B53AE82F77922BD8BE5CDD5ADA16
> 

-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-27 Thread Scupake 
Hello,

I am getting an error when trying to git push, it's teling me that:
"A default branch (e.g. master) does not yet exist for debian/doas
Ask a project Owner or Maintainer to create a default branch"

---
Scupake :D
4737A2C0A769B53AE82F77922BD8BE5CDD5ADA16


signature.asc
Description: PGP signature

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-27 Thread Bernd Zeimetz 
Hi,

On 1/27/21 8:40 PM, Scupake wrote:
> On Wed, Jan 27, 2021 at 08:20:55PM +0100, Bernd Zeimetz wrote:
>> whats your salsa username?
> @Scupake
> I have just created my account a little bit ago.

found your user :)

> Also, are you going to make a repository in the debian group or should I
> just make a repository?

repository created, you should have got an invitation.

I've configured the CI to use


debian/.gitlab-ci.yml

please use the salsa pipeline to test the package. please note that this
requires to use git-buildpackage. let me know if you have troubles with that

CI documentation is at

https://salsa.debian.org/salsa-ci-team/pipeline/-/blob/master/README.md


thanks,

Bernd

-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-27 Thread Scupake 
On Wed, Jan 27, 2021 at 08:20:55PM +0100, Bernd Zeimetz wrote:
> whats your salsa username?
@Scupake
I have just created my account a little bit ago.

Also, are you going to make a repository in the debian group or should I
just make a repository?

---
Scupake :D
4737A2C0A769B53AE82F77922BD8BE5CDD5ADA16


signature.asc
Description: PGP signature

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-27 Thread Bernd Zeimetz 



On 1/27/21 7:30 PM, Scupake wrote:
> On Wed, Jan 27, 2021 at 06:48:39PM +0100, Bernd Zeimetz wrote:
>> nice, I'll happily sponsor the upload.
> Thanks!
> 
>> Would you be willing to put your packaging work on salsa.debian.org?
>> Maybe in the debian group? I could create a repository there if necessary.
> Sure, I don't mind.

whats your salsa username?



-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-27 Thread Scupake 
On Wed, Jan 27, 2021 at 06:48:39PM +0100, Bernd Zeimetz wrote:
> nice, I'll happily sponsor the upload.
Thanks!

> Would you be willing to put your packaging work on salsa.debian.org?
> Maybe in the debian group? I could create a repository there if necessary.
Sure, I don't mind.

> Thanks for your work,
No problem!

---
Scupake :D
4737A2C0A769B53AE82F77922BD8BE5CDD5ADA16


signature.asc
Description: PGP signature

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-27 Thread Bernd Zeimetz 
Hi,

On 1/27/21 6:40 PM, Scupake wrote:
> I have started working on packaging Duncaen's OpenDoas, I'll notify you
> once I think it's ready for review.


nice, I'll happily sponsor the upload.

Would you be willing to put your packaging work on salsa.debian.org?
Maybe in the debian group? I could create a repository there if necessary.


Thanks for your work,

Bernd


-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-27 Thread Scupake 
I have started working on packaging Duncaen's OpenDoas, I'll notify you
once I think it's ready for review.

Here's the link:
https://mentors.debian.net/package/doas/

---
Scupake :D


signature.asc
Description: PGP signature

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-27 Thread Jonathan Dowland 

On Wed, Jan 27, 2021 at 10:59:58AM +0100, Bernd Zeimetz wrote:

Package: wnpp
Severity: wishlist
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: doas


I'd like this too!


 Version : 6.8
 Upstream Author : Duncan Overbruck znc others
* URL : https://github.com/Duncaen/OpenDoas


There's also 

I have not compared the forks.

Note that for slice69's fork,


  persist  After the user successfully authenticates,
  do not ask for a password again for some time.
  Works on OpenBSD only, persist is not available on
  Linux or FreeBSD.


It looks like Duncaen's fork has (new, disabled-by-default, potentially
dangerous?) persist support. I think this feature will be almost
essential for this to be a viable replacement for sudo.


--
  Jonathan Dowland
✎j...@debian.org
   https://jmtd.net

Bug#981176: RFP: doas -- minimal replacement for sudo

2021-01-27 Thread Bernd Zeimetz 
Package: wnpp
Severity: wishlist
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: doas
  Version : 6.8
  Upstream Author : Duncan Overbruck znc others
* URL : https://github.com/Duncaen/OpenDoas
* License : bsd
  Programming Lang: c
  Description : minimal replacement for sudo


OpenDoas: a portable version of OpenBSD's doas command

With the regular security issues in sudo it would make sense
to have an alternative tools with a much smaller codebase.


-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F