Add sudo-rs package.

packages.txt

@@ -859,4 +859,5 @@ corepack
 esbuild
 ruff
 oranda
+sudo-rs
 jwt-tool

sudo-rs.yaml

@@ -0,0 +1,43 @@
+package:
+  name: sudo-rs
+  # When bumping, change the tag below until there's a stable scheme
+  version: 0.2.0_pre20230703
+  epoch: 0
+  description: A memory safe implementation of sudo and su.
+  copyright:
+    - license: MIT
+
+environment:
+  contents:
+    packages:
+      - ca-certificates-bundle
+      - busybox
+      - build-base
+      - rust
+      - openssl-dev
+      - linux-pam-dev
+
+pipeline:
+  - uses: git-checkout
+    with:
+      repository: https://github.com/memorysafety/sudo-rs
+      tag: v0.2.0-dev.20230703
+      expected-commit: cad7e94744ad4d02e82f76a80bf6ca73b266dbc6
+
+  - uses: patch
+    with:
+      # Patch source: https://github.com/memorysafety/sudo-rs/pull/653
+      patches: arm.patch
+
+  - runs: |
+      cargo build --release
+      mkdir -p ${{targets.destdir}}/usr/bin
+      mv target/release/sudo ${{targets.destdir}}/usr/bin/
+      mv target/release/su ${{targets.destdir}}/usr/bin/
+      chmod u+s  ${{targets.destdir}}/usr/bin/sudo
+      chmod u+s  ${{targets.destdir}}/usr/bin/su
+
+  - uses: strip
+
+update:
+  enabled: false

sudo-rs/arm.patch

@@ -0,0 +1,22 @@
+diff --git a/src/pam/mod.rs b/src/pam/mod.rs
+index 9eec40c..d46c795 100644
+--- a/src/pam/mod.rs
++++ b/src/pam/mod.rs
+@@ -2,6 +2,7 @@ use std::{
+     collections::HashMap,
+     ffi::{CStr, CString, OsStr, OsString},
+     os::unix::prelude::OsStrExt,
++    os::raw::c_char,
+ };
+
+ use converse::ConverserData;
+@@ -214,7 +215,7 @@ impl<C: Converser> PamContext<C> {
+         }
+
+         // unsafe conversion to cstr
+-        let cstr = unsafe { CStr::from_ptr(data as *const i8) };
++        let cstr = unsafe { CStr::from_ptr(data as *const c_char) };
+
+         Ok(cstr.to_str()?.to_owned())
+     }
+