build and install sudo from source

ref:

• how to set up and manage sudo permission
• sudo: when loading plug-ins "sudoers_policy" sudo error in /etc/sudo.conf line 0: /usr/lib/sudo/sudoers.so its owner must be written only sudo:

一樣，.configure ，make 再 make install
configure：
一樣，--prefix= 代表 make install 要安裝的位置。

copy 到 target 上，complain libutil... 都 copy 過去，
sudo 要是 S bit set 而且 owner 要是 0 (root)
設完之後剩下 complain: /etc/sudo.conf

看一下 build 出來， install 目錄中 share/doc/sudo/examples/sudo.conf:
所以修改一下 /etc/sudo.conf

Plugin sudoers_policy /usr/lib/sudoers.so

出現 Error:

sudo: error in /etc/sudo.conf, line 14 while loading plugin "sudoers_policy"
sudo: unable to load /usr/lib/sudoers.so: /lib/libcrypt.so.1: version `XCRYPT_2.0' not found (required by /usr/lib/sudoers.so)

libcrypt copy 過去後，sshd fail to start:

Ambarella sshd[14584]: /usr/sbin/sshd: relocation error: /usr/sb
in/sshd: symbol EVP_KDF_ctrl version OPENSSL_1_1_1b not defined in file libcrypt
o.so.1.1 with link time reference

應該是系統原來就有 libcrypt，我用另一個版本覆蓋了導致。

evb 上 libcrypt.so 在 openssl 中，所以copy 過去 pi4。重新 configure

./configure --enable-openssl=/home/pi/openssl --prefix=/home/pi/sudoinstall

先 disable 全部..

  --disable-shared
        Disable dynamic shared object support.  By default, sudo
        is built with a plugin API capable of loading arbitrary
        policy and I/O logging plugins.  If the --disable-shared
        option is specified, this support is disabled and the default
        sudoers policy and I/O plugins are embedded in the sudo
        binary itself.  This will also disable the noexec option
        as it too relies on dynamic shared object support.
        
  --disable-shared-libutil
        Disable the use of the dynamic libsudo_util library.  By
        default, sudo, the sudoers plugin and the associated sudo
        utilities are linked against a shared version of libsudo_util.
        If the --disable-shared-libutil option is specified, a
        static version of the libsudo_util library will be used
        instead.  This option may only be used in conjunction with
        the --enable-static-sudoers option.

  --enable-static-sudoers
        By default, the sudoers plugin is built and installed as a
        dynamic shared object.  When the --enable-static-sudoers
        option is specified, the sudoers plugin is compiled directly
        into the sudo binary.  Unlike --disable-shared, this does
        not prevent other plugins from being used and the noexec
        option will continue to function.

一樣，都 disable，也 disable openssl，結果一樣要 XCRYOT_2.0，只插在 /etc/sudo,conf 不用了。
所以要試 cross_compile..