From 0646f3e07f904e0e3fd43477ac505b3c2513e9b9 Mon Sep 17 00:00:00 2001
From: Dustin Kirkland <kirkland@chainguard.dev>
Date: Mon, 8 Jan 2024 16:05:15 -0600
Subject: [PATCH] set up working sudo configuration

This fixes: https://github.com/wolfi-dev/os/issues/9561#issuecomment-1881811592
---
 sudo-rs.yaml | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/sudo-rs.yaml b/sudo-rs.yaml
index 80e8954cca6..083cb3373cc 100644
--- a/sudo-rs.yaml
+++ b/sudo-rs.yaml
@@ -1,7 +1,7 @@
 package:
   name: sudo-rs
   version: 0.2.1
-  epoch: 0
+  epoch: 1
   description: A memory safe implementation of sudo and su.
   copyright:
     - license: MIT
@@ -36,6 +36,20 @@ pipeline:
       chmod u+s  ${{targets.destdir}}/usr/bin/sudo
       chmod u+s  ${{targets.destdir}}/usr/bin/su
 
+      # Establish a minimal working configuration
+      mkdir -p ${{targets.destdir}}/etc/pam.d/
+      cat <<EOF >${{targets.destdir}}/etc/pam.d/sudo
+      auth    required        pam_env.so
+      auth    sufficient      pam_unix.so
+      account required        pam_unix.so
+      session required        pam_limits.so
+      session required        pam_unix.so
+      EOF
+      cp ${{targets.destdir}}/etc/pam.d/sudo ${{targets.destdir}}/etc/pam.d/sudo-i
+      chmod 644 ${{targets.destdir}}/etc/pam.d/sudo*
+      echo "root ALL = (ALL:ALL) NOPASSWD:ALL" > ${{targets.destdir}}/etc/sudoers
+      chmod 440 ${{targets.destdir}}/etc/sudoers
+
   - uses: strip
 
 update: