From 3dc6e2bd954c2fad8c85b0d07e079eb1ef3f5195 Mon Sep 17 00:00:00 2001
From: Dan Lorenc <dlorenc@chainguard.dev>
Date: Wed, 5 Jul 2023 09:32:27 -0400
Subject: [PATCH] Add sudo-rs package.

This uses a patch I had to write to get it to build on arm, we can drop after the next release.

Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
---
 packages.txt      |  1 +
 sudo-rs.yaml      | 43 +++++++++++++++++++++++++++++++++++++++++++
 sudo-rs/arm.patch | 22 ++++++++++++++++++++++
 3 files changed, 66 insertions(+)
 create mode 100644 sudo-rs.yaml
 create mode 100644 sudo-rs/arm.patch

diff --git a/packages.txt b/packages.txt
index 42e1f27681f..cf54101a75b 100644
--- a/packages.txt
+++ b/packages.txt
@@ -859,4 +859,5 @@ corepack
 esbuild
 ruff
 oranda
+sudo-rs
 jwt-tool
diff --git a/sudo-rs.yaml b/sudo-rs.yaml
new file mode 100644
index 00000000000..10a64206310
--- /dev/null
+++ b/sudo-rs.yaml
@@ -0,0 +1,43 @@
+package:
+  name: sudo-rs
+  # When bumping, change the tag below until there's a stable scheme
+  version: 0.2.0_pre20230703
+  epoch: 0
+  description: A memory safe implementation of sudo and su.
+  copyright:
+    - license: MIT
+
+environment:
+  contents:
+    packages:
+      - ca-certificates-bundle
+      - busybox
+      - build-base
+      - rust
+      - openssl-dev
+      - linux-pam-dev
+
+pipeline:
+  - uses: git-checkout
+    with:
+      repository: https://github.com/memorysafety/sudo-rs
+      tag: v0.2.0-dev.20230703
+      expected-commit: cad7e94744ad4d02e82f76a80bf6ca73b266dbc6
+
+  - uses: patch
+    with:
+      # Patch source: https://github.com/memorysafety/sudo-rs/pull/653
+      patches: arm.patch
+
+  - runs: |
+      cargo build --release
+      mkdir -p ${{targets.destdir}}/usr/bin
+      mv target/release/sudo ${{targets.destdir}}/usr/bin/
+      mv target/release/su ${{targets.destdir}}/usr/bin/
+      chmod u+s  ${{targets.destdir}}/usr/bin/sudo
+      chmod u+s  ${{targets.destdir}}/usr/bin/su
+
+  - uses: strip
+
+update:
+  enabled: false
diff --git a/sudo-rs/arm.patch b/sudo-rs/arm.patch
new file mode 100644
index 00000000000..8fe038b48af
--- /dev/null
+++ b/sudo-rs/arm.patch
@@ -0,0 +1,22 @@
+diff --git a/src/pam/mod.rs b/src/pam/mod.rs
+index 9eec40c..d46c795 100644
+--- a/src/pam/mod.rs
++++ b/src/pam/mod.rs
+@@ -2,6 +2,7 @@ use std::{
+     collections::HashMap,
+     ffi::{CStr, CString, OsStr, OsString},
+     os::unix::prelude::OsStrExt,
++    os::raw::c_char,
+ };
+
+ use converse::ConverserData;
+@@ -214,7 +215,7 @@ impl<C: Converser> PamContext<C> {
+         }
+
+         // unsafe conversion to cstr
+-        let cstr = unsafe { CStr::from_ptr(data as *const i8) };
++        let cstr = unsafe { CStr::from_ptr(data as *const c_char) };
+
+         Ok(cstr.to_str()?.to_owned())
+     }
+