From: Siva Balasubramanian <sivakumar.bs@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Siva Balasubramanian <sivakumar.bs@gmail.com>
Subject: [PATCH] sudo: fix pam-wheel sed pattern for updated sudoers format
Date: Thu, 18 Jun 2026 16:31:11 +0530 [thread overview]
Message-ID: <20260618110111.3484982-1-sivakumar.bs@gmail.com> (raw)
Upstream sudo's plugins/sudoers/sudoers.in changed the commented-out
wheel group entry from:
# %wheel ALL=(ALL) ALL
to:
# %wheel ALL=(ALL:ALL) ALL
(an explicit runas group spec was added). The do_install:append() sed
that enables the wheel group when DISTRO_FEATURES contains 'pam' and
PACKAGECONFIG contains 'pam-wheel' still searched for the old pattern,
so it silently failed to match: the wheel group was left commented out
and never granted sudo access even though pam-wheel was enabled.
Update the sed pattern to match the current upstream wording. The
trailing "ALL" anchor keeps it specific to the plain entry and still
correctly leaves the separate "NOPASSWD: ALL" wheel line commented.
Verified with a sudo build (DISTRO_FEATURES += pam, PACKAGECONFIG +=
pam-wheel): the installed /etc/sudoers now has
%wheel ALL=(ALL:ALL) ALL
uncommented, while "# %wheel ALL=(ALL:ALL) NOPASSWD: ALL" stays
commented.
[YOCTO #16321]
Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
---
meta/recipes-extended/sudo/sudo_1.9.17p2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/sudo/sudo_1.9.17p2.bb b/meta/recipes-extended/sudo/sudo_1.9.17p2.bb
index 7dfa0cef6c..489c0db09d 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.17p2.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.17p2.bb
@@ -37,7 +37,7 @@ do_install:append () {
install -D -m 644 ${UNPACKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo
if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then
echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo
- sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers
+ sed -i 's/# \(%wheel ALL=(ALL:ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers
fi
fi
--
2.34.1
reply other threads:[~2026-06-18 11:01 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260618110111.3484982-1-sivakumar.bs@gmail.com \
--to=sivakumar.bs@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox