1Sudo porting hints
2==================
3
4Before trying to port sudo to a new architecture, please join the
5sudo-workers mailing list (see the README file) and ask if anyone
6has a port working or in-progress.  Sudo should be fairly easy to
7port.  Since it uses a configure script, most of the work is often
8done for you.  As long as your operating system is reasonably POSIX
9compliant porting should be easy.  If your operating system has a
10separate library for POSIX compatibility you may need to add it by
11using configure's --with-libraries option.
12
13If your OS is an SVR4 derivative (or some approximation thereof), it may
14be sufficient to tell configure you are runnng SVR4, something like:
15    configure foo-bar-sysv4
16where foo is the hardware architecture and bar is the vendor.
17
18A possible pitfall is getdtablesize(2) which is used to get the
19maximum number of open files the process can have.  If an OS has
20the POSIX sysconf(2) it will be used instead of getdtablesize(2).
21ulimit(2) or getrlimit(2) can also be used on some OS's.  If all
22else fails you can use the value of NOFILE in <sys/param.h>.
23
24Also, some operating systems have a broken implementation of POSIX
25saved IDs.  If sudo prints the error message "seteuid(0) failed,
26your operating system may have broken POSIX saved ID support" this
27means saved IDs are not implemented properly.  You should run
28configure with the "--disable-saved-ids" option and rebuild sudo.
29
30Sudo tries to clear the environment of dangerous environment variables
31such as LD_* to prevent shared library spoofing.  If you are porting
32sudo to a new OS that has shared libraries you'll want to mask out
33the variables that allow one to change the shared library path.
34See initial_badenv_table() in env.c to see how this is done for
35various operating systems.
36
37It is possible that on a really weird system, tgetpass() may not
38compile.  (The most common cause for this is that the "fd_set" type
39is not defined in a place that sudo expects it to be.  If you can
40find the header file where "fd_set" is typedef'd, have tgetpass.c
41include it and send in a bug report.)
42Alternately, tgetpass.c may compile but not work (nothing happens
43at the Password: prompt).  It is possible that your C library
44contains a broken or unusable crypt() function--try linking with
45-lcrypt if that exists.  Another possibility is that select() is
46not fully functional; running configure with --with-password-timeout=0
47will disable the use of select().  If sudo prompts you for a
48password but never accepts it, see below.
49
50Sudo detects and recognizes most common shadow password schemes
51automatically.  If you find that sudo is not accepting your password
52and you are sure that it has been typed in correctly there are two
53likely problems.  One possibility is that your C library has a
54broken crypt() function (see above).  The other is that your operating
55system is using shadow passwords and sudo has not detected that
56fact.  Look in config.h to see what, if any, shadow password scheme
57was detected.  The most common are SVR4 (HAVE_GETSPNAM will be
58defined) and SecureWare (HAVE_GETPRPWNAM will be defined).  Check
59the manual pages on your system for "getspnam" and "getprpwnam".
60If one of those exist but the appropriate define does not exist in
61config.h then the problem is most likely that those routines live
62in a library that sudo does not know to link against.  The manual
63page should tell you what library this is.  You can then use the
64--with-libraries option to configure to tell sudo to link with the
65library in question.  For example:
66    --with-libraries='-lgen'
67would cause sudo to link in libgen which contains "getspnam" on SCO
68systems.
69
70If you are trying to port to a system without standard Berkeley
71networking you may find that interfaces.c will not compile.  This
72is most likely on OS's with STREAMS-based networking.  It should
73be possible to make it work by modifying the ISC streams support
74(see the _ISC #ifdef's).  However, if you don't care about ip address
75and network address support, you can just run configure with the
76--without-interfaces flag to get a do-nothing load_interfaces()
77stub function.
78
79Sudo wants POSIX signals (sigaction and friends).  If your system
80lacks sigaction but has the 4.3BSD sigvec() function, sigvec() will
81be used instead via the wrapper functions in sigaction.c.  It is
82not currently possible to use the old SVR3 and 4.2BSD signals, but
83this is due more to my lack of a test machine than anything else.
84
85If you port sudo to a new architecture, please send the output of
86"configure", the config.log file and your changes to:
87    sudo@courtesan.com
88
89If you are unable to get sudo working, and you are willing to
90give me an account on a machine, send mail to sudo@courtesan.com.
91Note, however, that I can't make any promises.
92