[PATCH] sudo: fix pam-wheel sed pattern for updated sudoers format

[PATCH] sudo: fix pam-wheel sed pattern for updated sudoers format

[Siva Balasubramanian]

Upstream sudo's plugins/sudoers/sudoers.in changed the commented-out
wheel group entry from:

    # %wheel ALL=(ALL) ALL

to:

    # %wheel ALL=(ALL:ALL) ALL

(an explicit runas group spec was added). The do_install:append() sed
that enables the wheel group when DISTRO_FEATURES contains 'pam' and
PACKAGECONFIG contains 'pam-wheel' still searched for the old pattern,
so it silently failed to match: the wheel group was left commented out
and never granted sudo access even though pam-wheel was enabled.

Update the sed pattern to match the current upstream wording. The
trailing "ALL" anchor keeps it specific to the plain entry and still
correctly leaves the separate "NOPASSWD: ALL" wheel line commented.

Verified with a sudo build (DISTRO_FEATURES += pam, PACKAGECONFIG +=
pam-wheel): the installed /etc/sudoers now has

    %wheel ALL=(ALL:ALL) ALL

uncommented, while "# %wheel ALL=(ALL:ALL) NOPASSWD: ALL" stays
commented.

[YOCTO #16321]

Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
---
 meta/recipes-extended/sudo/sudo_1.9.17p2.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/sudo/sudo_1.9.17p2.bb b/meta/recipes-extended/sudo/sudo_1.9.17p2.bb
index 7dfa0cef6c..489c0db09d 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.17p2.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.17p2.bb
@@ -37,7 +37,7 @@ do_install:append () {
 		install -D -m 644 ${UNPACKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo
 		if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then
 			echo 'auth       required     pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo
-			sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers
+			sed -i 's/# \(%wheel ALL=(ALL:ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers
 		fi
 	fi
 
-- 
2.34.1