Sync sed scripts that add back troff conditionals.

millert · millert · commit cf1b87c71d31 · 2025-02-23T09:33:06.000-07:00
The sudo manuals contain conditional to avoid describing system-specific
behavior on systems that don't support it.  When we convert from
mdoc to man format we lose those conditionals, these sed scripts
add them back.  Changes to the mdoc files can prevent the regexps
from matching so they need to be updated periodically.
diff --git a/docs/sudo.conf.man.in b/docs/sudo.conf.man.in
@@ -375,6 +375,7 @@ The default directory to use when searching for plugins
 that are specified without a fully qualified path name.
 The default value is
 \fI@plugindir@\fR.
+.if \n(SL \{\
 .TP 6n
 sesh
 The fully-qualified path to the
diff --git a/docs/sudo.conf.man.in.sed b/docs/sudo.conf.man.in.sed
@@ -1,9 +1,9 @@
 s/^\(.TH .*\)/.nr SL @SEMAN@\
 \1/
 
-/^\.TP 10n$/ {
+/^\.TP 6n$/ {
 	N
-	/^.TP 10n\nsesh$/ {
+	/^.TP 6n\nsesh$/ {
 		i\
 .if \\n(SL \\{\\
 	}
diff --git a/docs/sudo.man.in b/docs/sudo.man.in
@@ -214,6 +214,7 @@ If no askpass program is available,
 \fBsudo\fR
 will exit with an error.
 .RE
+.if \n(BA \{\
 .TP 8n
 \fB\-a\fR \fItype\fR, \fB\--auth-type\fR=\fItype\fR
 Use the specified
@@ -230,6 +231,7 @@ entry in
 This option is only available on systems that support
 BSD
 authentication.
+.\}
 .TP 8n
 \fB\-B\fR, \fB\--bell\fR
 Ring the bell as part of the password prompt when a terminal is present.
@@ -265,6 +267,7 @@ policy only permits use of the
 option when the administrator has enabled the
 \fIclosefrom_override\fR
 option.
+.if \n(LC \{\
 .TP 8n
 \fB\-c\fR \fIclass\fR, \fB\--login-class\fR=\fIclass\fR
 Run the
@@ -297,6 +300,7 @@ be applied, if present.
 This option is only available on systems with
 BSD
 login classes.
+.\}
 .TP 8n
 \fB\-D\fR \fIdirectory\fR, \fB\--chdir\fR=\fIdirectory\fR
 Run the
@@ -708,12 +712,14 @@ before running the
 \fIcommand\fR.
 The security policy may return an error if the user does not have
 permission to specify the root directory.
+.if \n(SL \{\
 .TP 8n
 \fB\-r\fR \fIrole\fR, \fB\--role\fR=\fIrole\fR
 Run the
 \fIcommand\fR
 with an SELinux security context that includes the specified
 \fIrole\fR.
+.\}
 .TP 8n
 \fB\-S\fR, \fB\--stdin\fR
 Write the prompt to the standard error and read the password from the
@@ -746,6 +752,7 @@ Most shells behave differently when a
 \fIcommand\fR
 is specified as compared to an interactive session; consult the shell's manual
 for details.
+.if \n(SL \{\
 .TP 8n
 \fB\-t\fR \fItype\fR, \fB\--type\fR=\fItype\fR
 Run the
@@ -755,6 +762,7 @@ with an SELinux security context that includes the specified
 If no
 \fItype\fR
 is specified, the default type is derived from the role.
+.\}
 .TP 8n
 \fB\-U\fR \fIuser\fR, \fB\--other-user\fR=\fIuser\fR
 Used in conjunction with the
diff --git a/docs/sudo.man.in.sed b/docs/sudo.man.in.sed
@@ -9,37 +9,37 @@ s/^\(\[\\fB\\-c\\fR.*\\fIclass\\fR\]\) *$/.if \\n(LC \1/
 s/^\(\[\\fB\\-r\\fR.*\\fIrole\\fR\]\) *$/.if \\n(SL \1/
 s/^\(\[\\fB\\-t\\fR.*\\fItype\\fR\]\) *$/.if \\n(SL \1/
 
-/^\.TP 12n$/ {
+/^\.TP 8n$/ {
 	N
-	/^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/,/^\.TP 12n/ {
-            /^\.TP 12n/ {
-		/^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/i\
+	/^\.TP 8n\n\\fB\\-a\\fR.*\\fItype\\fR$/,/^\.TP 8n/ {
+            /^\.TP 8n/ {
+		/^\.TP 8n\n\\fB\\-a\\fR.*\\fItype\\fR$/i\
 .if \\n(BA \\{\\
-		/^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/!i\
+		/^\.TP 8n\n\\fB\\-a\\fR.*\\fItype\\fR$/!i\
 .\\}
             }
         }
-	/^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/,/^\.TP 12n/ {
-            /^\.TP 12n/ {
-		/^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/i\
+	/^\.TP 8n\n\\fB\\-c\\fR.*\\fIclass\\fR$/,/^\.TP 8n/ {
+            /^\.TP 8n/ {
+		/^\.TP 8n\n\\fB\\-c\\fR.*\\fIclass\\fR$/i\
 .if \\n(LC \\{\\
-		/^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/!i\
+		/^\.TP 8n\n\\fB\\-c\\fR.*\\fIclass\\fR$/!i\
 .\\}
             }
         }
-	/^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/,/^\.TP 12n/ {
-            /^\.TP 12n/ {
-		/^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/i\
+	/^\.TP 8n\n\\fB\\-r\\fR.*\\fIrole\\fR$/,/^\.TP 8n/ {
+            /^\.TP 8n/ {
+		/^\.TP 8n\n\\fB\\-r\\fR.*\\fIrole\\fR$/i\
 .if \\n(SL \\{\\
-		/^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/!i\
+		/^\.TP 8n\n\\fB\\-r\\fR.*\\fIrole\\fR$/!i\
 .\\}
             }
         }
-	/^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/,/^\.TP 12n/ {
-            /^\.TP 12n/ {
-		/^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/i\
+	/^\.TP 8n\n\\fB\\-t\\fR.*\\fItype\\fR$/,/^\.TP 8n/ {
+            /^\.TP 8n/ {
+		/^\.TP 8n\n\\fB\\-t\\fR.*\\fItype\\fR$/i\
 .if \\n(SL \\{\\
-		/^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/!i\
+		/^\.TP 8n\n\\fB\\-t\\fR.*\\fItype\\fR$/!i\
 .\\}
             }
         }
diff --git a/docs/sudoers.man.in b/docs/sudoers.man.in
@@ -22,6 +22,7 @@
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
 .nr SL @SEMAN@
+.nr AA @AAMAN@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
@@ -1387,20 +1388,28 @@ Cmnd_Spec ::= Runas_Spec? Option_Spec* (Tag_Spec ':')* Cmnd
 Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')'
 
 .ie \n(SL \{\
-.ie \n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec)
-.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec)
+.ie \n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)
+.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)
 .\}
 .el \{\
-.ie \n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec)
-.el Option_Spec ::= (Date_Spec | Timeout_Spec)
+.ie \n(AA \{\
+.ie \n(PS Option_Spec ::= (AppArmor_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)
+.el Option_Spec ::= (AppArmor_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)
+.\}
+.el \{\
+.ie \n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)
+.el Option_Spec ::= (Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)
+.\}
 .\}
 
 .if \n(SL \{\
 SELinux_Spec ::= ('ROLE=role' | 'TYPE=type')
 
 .\}
+.if \n(AA \{\
 AppArmor_Spec ::= 'APPARMOR_PROFILE=profile'
 
+.\}
 .if \n(PS \{\
 Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset')
 
@@ -1622,7 +1631,9 @@ Options may consist of
 .if \n(SL \{\
 SELinux roles and/or types,
 .\}
+.if \n(AA \{\
 AppArmor profiles,
+.\}
 .if \n(PS \{\
 Solaris privileges sets,
 .\}
@@ -1653,6 +1664,7 @@ A role or type specified on the command line,
 however, will supersede the values in
 \fIsudoers\fR.
 .\}
+.if \n(AA \{\
 .SS "AppArmor_Spec"
 On systems supporting AppArmor,
 \fIsudoers\fR
@@ -1711,6 +1723,7 @@ and user
 to run
 \fI/bin/ls\fR
 without any confinement at all.
+.\}
 .if \n(PS \{\
 .SS "Solaris_Priv_Spec"
 On Solaris systems,
@@ -4255,7 +4268,7 @@ will set the umask to be the union of the user's umask and what is specified in
 This flag is
 \fI@umask_override@\fR
 by default.
-.if \n(BA \{\
+.if \n(LC \{\
 .TP 18n
 use_loginclass
 If set,
@@ -4519,6 +4532,7 @@ The umask setting in PAM is not used for
 which does not create a new PAM session.
 .PP
 \fBStrings\fR:
+.if \n(AA \{\
 .TP 18n
 apparmor_profile
 The default AppArmor profile to transition into when executing the
@@ -4532,6 +4546,7 @@ entries by specifying the
 option.
 This option is only available when sudo is built with AppArmor
 support.
+.\}
 .TP 18n
 cmddenial_message
 .br
diff --git a/docs/sudoers.man.in.sed b/docs/sudoers.man.in.sed
@@ -1,4 +1,5 @@
 s/^\(.TH .*\)/.nr SL @SEMAN@\
+.nr AA @AAMAN@\
 .nr BA @BAMAN@\
 .nr LC @LCMAN@\
 .nr PS @PSMAN@\
@@ -21,6 +22,15 @@ s/^\(.TH .*\)/.nr SL @SEMAN@\
     }
 }
 
+/^\.SS "AppArmor_Spec"$/,/^\.SS/ {
+    /^\.SS / {
+	/^\.SS "AppArmor_Spec"$/i\
+.if \\n(AA \\{\\
+	/^\.SS "AppArmor_Spec"$/!i\
+.\\}
+    }
+}
+
 /^\.SS "Solaris_Priv_Spec"$/,/^\.SS/ {
     /^\.SS / {
 	/^\.SS "Solaris_Priv_Spec"$/i\
@@ -32,12 +42,18 @@ s/^\(.TH .*\)/.nr SL @SEMAN@\
 
 /^Option_Spec ::= / {
     s/^.*$/.ie \\n(SL \\{\\\
-.ie \\n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec)\
-.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec)\
+.ie \\n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)\
+.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)\
+.\\}\
+.el \\{\\\
+.ie \\n(AA \\{\\\
+.ie \\n(PS Option_Spec ::= (AppArmor_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)\
+.el Option_Spec ::= (AppArmor_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)\
 .\\}\
 .el \\{\\\
-.ie \\n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec)\
-.el Option_Spec ::= (Date_Spec | Timeout_Spec)\
+.ie \\n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)\
+.el Option_Spec ::= (Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)\
+.\\}\
 .\\}/
 }
 
@@ -49,6 +65,14 @@ s/^\(.TH .*\)/.nr SL @SEMAN@\
 .\\}
 }
 
+/^AppArmor_Spec ::=/ {
+    i\
+.if \\n(AA \\{\\
+    N
+    a\
+.\\}
+}
+
 /^Solaris_Priv_Spec ::=/ {
     i\
 .if \\n(PS \\{\\
@@ -64,6 +88,13 @@ s/^\(.TH .*\)/.nr SL @SEMAN@\
 .\\}
 }
 
+/^AppArmor profiles,/ {
+    i\
+.if \\n(AA \\{\\
+    a\
+.\\}
+}
+
 /^Solaris privileges sets,/ {
     i\
 .if \\n(PS \\{\\
@@ -76,8 +107,16 @@ s/^\(.TH .*\)/.nr SL @SEMAN@\
 	/^\.TP 18n\nuse_loginclass$/,/^\.TP 18n/ {
 	    /^\.TP 18n/ {
 		/^\.TP 18n\nuse_loginclass$/i\
-.if \\n(BA \\{\\
+.if \\n(LC \\{\\
 		/^\.TP 18n\nuse_loginclass$/!i\
+.\\}
+	    }
+	}
+	/^\.TP 18n\napparmor_profile$/,/^\.TP 18n/ {
+	    /^\.TP 18n/ {
+		/^\.TP 18n\napparmor_profile$/i\
+.if \\n(AA \\{\\
+		/^\.TP 18n\napparmor_profile$/!i\
 .\\}
 	    }
 	}

Original file line number	Diff line number	Diff line change
`@@ -1,9 +1,9 @@`
`1`	`1`	`s/^\(.TH .*\)/.nr SL @SEMAN@\`
`2`	`2`	`\1/`
`3`	`3`
`4`		`-/^\.TP 10n$/ {`
	`4`	`+/^\.TP 6n$/ {`
`5`	`5`	`N`
`6`		`- /^.TP 10n\nsesh$/ {`
	`6`	`+ /^.TP 6n\nsesh$/ {`
`7`	`7`	`i\`
`8`	`8`	`.if \\n(SL \\{\\`
`9`	`9`	`}`