Install again pam.d files for rexec, rlogin and rsh. Update

/etc/security/pam_env.conf to allow su to export DISPLAY and XAUTHORITY if needed, bug #69925.
author: Martin Schlemmer <azarah@gentoo.org> 2004-11-08 18:33:46 +0000
committer: Martin Schlemmer <azarah@gentoo.org> 2004-11-08 18:33:46 +0000
commit: 2cb60cc355ca381adcb798e33ad476daa341ef04 (patch)
tree: 90b69446e825246b0b6313c2f2ff3a791293cf73 /sys-libs/pam
parent: arm KEYWORDS (diff)
download: historical-2cb60cc355ca381adcb798e33ad476daa341ef04.tar.gz
historical-2cb60cc355ca381adcb798e33ad476daa341ef04.tar.bz2
historical-2cb60cc355ca381adcb798e33ad476daa341ef04.zip
7 files changed, 696 insertions, 14 deletions
diff --git a/sys-libs/pam/ChangeLog b/sys-libs/pam/ChangeLog
index 54bc47fa6add..c8be7d736b76 100644
--- a/sys-libs/pam/ChangeLog
+++ b/sys-libs/pam/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-libs/pam
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/ChangeLog,v 1.57 2004/10/31 16:08:21 azarah Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/ChangeLog,v 1.58 2004/11/08 18:33:46 azarah Exp $
+
+*pam-0.77-r3 (08 Nov 2004)
+
+  08 Nov 2004; Martin Schlemmer <azarah@gentoo.org> +files/pam_env.conf,
+  +pam-0.77-r1.ebuild, +pam-0.77-r3.ebuild:
+  Install again pam.d files for rexec, rlogin and rsh. Update
+  /etc/security/pam_env.conf to allow su to export DISPLAY and XAUTHORITY if
+  needed, bug #69925.
 
 *pam-0.77-r2 (31 Oct 2004)
 
diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
index 6cec96a09498..e786dfaafae2 100644
--- a/sys-libs/pam/Manifest
+++ b/sys-libs/pam/Manifest
@@ -1,17 +1,15 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 1fb1663f841e5afe50da00cdbd22e439 ChangeLog 8330
-MD5 1d05f0436f1c273d7862099f309afe4d metadata.xml 156
+MD5 4de5d5a06089ac9d455256ae2b906c3c pam-0.77-r3.ebuild 7811
+MD5 5081ec4a1bcd7753c147d389d92dbd00 pam-0.77-r1.ebuild 7473
+MD5 bed333a6a95abef3642b9094ef51a2a6 ChangeLog 8637
 MD5 d9e4ca42b79c105aa47283786d511446 pam-0.77.ebuild 7422
+MD5 1d05f0436f1c273d7862099f309afe4d metadata.xml 156
 MD5 301cd084cd567f57a9679687e7691491 pam-0.77-r2.ebuild 7762
-MD5 69f8cfad7f241eb669085eaa753cd9dd files/pam-0.77-console-reset.patch 1826
+MD5 7cc3ab359689ec8b0ca27852f57b1ff7 files/pam_env.conf 3024
+MD5 7abfe66b5996b628696d244d462e47b0 files/digest-pam-0.77-r3 201
+MD5 028c285db4076f549774c258d0eddcfc files/digest-pam-0.77-r1 201
 MD5 028c285db4076f549774c258d0eddcfc files/digest-pam-0.77 201
+MD5 69f8cfad7f241eb669085eaa753cd9dd files/pam-0.77-console-reset.patch 1826
 MD5 7abfe66b5996b628696d244d462e47b0 files/digest-pam-0.77-r2 201
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.9.10 (GNU/Linux)
-
-iD8DBQFBiwDcHTu7gpaalycRAh1OAKDcw7TnddTM7L7rmrjKd+Fc+yrVpgCgx5QW
-GaFeaUoh+U0cVfaZaDQeVO0=
-=nrGd
------END PGP SIGNATURE-----
+MD5 849aa086002eda305d4d6d59a94fadd8 files/pam.d/rexec 457
+MD5 ec3d6de902670c90897507f4a098f668 files/pam.d/rlogin 580
+MD5 7b9d8d0930734500608538c166d0179a files/pam.d/rsh 445
diff --git a/sys-libs/pam/files/digest-pam-0.77-r1 b/sys-libs/pam/files/digest-pam-0.77-r1
new file mode 100644
index 000000000000..b369b6cb73ab
--- /dev/null
+++ b/sys-libs/pam/files/digest-pam-0.77-r1
@@ -0,0 +1,3 @@
+MD5 be5a470e553ba71c20e9bbc7665f3754 Linux-PAM-0.77.tar.gz 442569
+MD5 ec1150f6d16428c30f9c65a5b5212edd pam-0.77-patches-1.2.tar.bz2 114371
+MD5 df71961002b552c0e72c6e4e358f27e1 db-4.1.25.tar.gz 3080234
diff --git a/sys-libs/pam/files/digest-pam-0.77-r3 b/sys-libs/pam/files/digest-pam-0.77-r3
new file mode 100644
index 000000000000..2b18e5cd4d85
--- /dev/null
+++ b/sys-libs/pam/files/digest-pam-0.77-r3
@@ -0,0 +1,3 @@
+MD5 be5a470e553ba71c20e9bbc7665f3754 Linux-PAM-0.77.tar.gz 442569
+MD5 a92c0fc8ccdcb23687600b3dc60732f3 pam-0.77-patches-1.3.tar.bz2 114508
+MD5 df71961002b552c0e72c6e4e358f27e1 db-4.1.25.tar.gz 3080234
diff --git a/sys-libs/pam/files/pam_env.conf b/sys-libs/pam/files/pam_env.conf
new file mode 100644
index 000000000000..91fdad2070b4
--- /dev/null
+++ b/sys-libs/pam/files/pam_env.conf
@@ -0,0 +1,77 @@
+# $Date: 2004/11/08 18:33:46 $
+# $Author: azarah $
+# $Id: pam_env.conf,v 1.1 2004/11/08 18:33:46 azarah Exp $
+#
+# This is the configuration file for pam_env, a PAM module to load in 
+# a configurable list of environment variables for a 
+# 
+# The original idea for this came from Andrew G. Morgan ...
+#<quote>
+#   Mmm. Perhaps you might like to write a pam_env module that reads a
+#   default environment from a file? I can see that as REALLY
+#   useful... Note it would be an "auth" module that returns PAM_IGNORE
+#   for the auth part and sets the environment returning PAM_SUCCESS in
+#   the setcred function...
+#</quote>
+#
+# What I wanted was the REMOTEHOST variable set, purely for selfish
+# reasons, and AGM didn't want it added to the SimpleApps login
+# program (which is where I added the patch). So, my first concern is
+# that variable, from there there are numerous others that might/would
+# be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER .....
+#
+# Of course, these are a different kind of variable than REMOTEHOST in
+# that they are things that are likely to be configured by
+# administrators rather than set by logging in, how to treat them both
+# in the same config file?
+#
+# Here is my idea: 
+#
+# Each line starts with the variable name, there are then two possible
+# options for each variable DEFAULT and OVERRIDE. 
+# DEFAULT allows and administrator to set the value of the
+# variable  to some default value, if none is supplied then the empty
+# string is assumed. The OVERRIDE option tells pam_env that it should
+# enter in its value (overriding the default value) if there is one
+# to use. OVERRIDE is not used, "" is assumed and no override will be
+# done. 
+#
+# VARIABLE   [DEFAULT=[value]]  [OVERRIDE=[value]]
+#
+# (Possibly non-existent) environment variables may be used in values
+# using the ${string} syntax and (possibly non-existent) PAM_ITEMs may
+# be used in values using the @{string} syntax. Both the $ and @
+# characters can be backslash escaped to be used as literal values
+# values can be delimited with "", escaped " not supported.
+#
+#
+# First, some special variables
+#
+# Set the REMOTEHOST variable for any hosts that are remote, default
+# to "localhost" rather than not being set at all
+# Note: Rather set default to "", as DISPLAY=localhost:0.0 do not work
+#       here at least.
+REMOTEHOST	DEFAULT= OVERRIDE=@{PAM_RHOST}
+#
+# Set the DISPLAY variable if it seems reasonable 
+DISPLAY		DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
+#
+# Set the XAUTHORITY variable if pam_xauth is used
+XAUTHORITY	DEFAULT= OVERRIDE=@{XAUTHORITY}
+#
+#
+#  Now some simple variables
+#
+#PAGER		DEFAULT=less
+#MANPAGER	DEFAULT=less
+#LESS		DEFAULT="M q e h15 z23 b80"
+#NNTPSERVER	DEFAULT=localhost
+#PATH		DEFAULT=${HOME}/bin:/usr/local/bin:/bin\:/usr/bin:/usr/local/bin/X11:/usr/bin/X11
+#
+# silly examples of escaped variables, just to show how they work.
+#
+#DOLLAR		DEFAULT=\$
+#DOLLARDOLLAR	DEFAULT=	OVERRIDE=\$${DOLLAR}
+#DOLLARPLUS	DEFAULT=\${REMOTEHOST}${REMOTEHOST}
+#ATSIGN		DEFAULT=""	OVERRIDE=\@
+
diff --git a/sys-libs/pam/pam-0.77-r1.ebuild b/sys-libs/pam/pam-0.77-r1.ebuild
new file mode 100644
index 000000000000..1b6e9b306306
--- /dev/null
+++ b/sys-libs/pam/pam-0.77-r1.ebuild
@@ -0,0 +1,293 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-0.77-r1.ebuild,v 1.12 2004/11/08 18:33:46 azarah Exp $
+
+PATCH_LEVEL="1.2"
+BDB_VER="4.1.25"
+PAM_REDHAT_VER="0.77-4"
+
+RDEPEND=">=sys-libs/cracklib-2.7-r8
+	selinux? ( sys-libs/libselinux )
+	berkdb? ( >=sys-libs/db-${BDB_VER} )"
+
+DEPEND="$RDEPEND
+	dev-lang/perl
+	=dev-libs/glib-1.2*
+	>=sys-devel/autoconf-2.58
+	>=sys-devel/automake-1.6
+	>=sys-devel/flex-2.5.4a-r5
+	pwdb? ( >=sys-libs/pwdb-0.62 )"
+
+# Have python sandbox issues currently ...
+#	doc? ( app-text/sgmltools-lite )
+
+# BDB is internalized to get a non-threaded lib for pam_userdb.so to
+# be built with.  The runtime-only dependency on BDB suggests the user
+# will use the system-installed db_load to create pam_userdb databases.
+# PWDB is internalized because it is specifically designed to work
+# with Linux-PAM.  I'm not really certain how pervasive the Radius
+# and NIS services of PWDB are at this point.
+#
+# With all the arch's we support, I rather use external pwdb, and then
+# link statically to it - <azarah@gentoo.org> (09 Nov 2003).
+
+#inherit needs to be after DEPEND definition to protect RDEPEND
+inherit gcc eutils flag-o-matic gnuconfig
+
+# Note that we link to static versions of glib (pam_console.so)
+# and pwdb (pam_pwdb.so) ...
+
+HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
+DESCRIPTION="Pluggable Authentication Modules"
+
+S="${WORKDIR}/Linux-PAM-${PV}"
+S2="${WORKDIR}/pam-${PV}-patches"
+SRC_URI="http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-${PV}.tar.gz
+	mirror://gentoo/${P}-patches-${PATCH_LEVEL}.tar.bz2
+	berkdb? ( http://www.sleepycat.com/update/snapshot/db-${BDB_VER}.tar.gz )"
+
+LICENSE="PAM"
+KEYWORDS="amd64 x86 ppc sparc alpha mips hppa ia64 ppc64 s390"
+SLOT="0"
+IUSE="berkdb pwdb selinux"
+
+apply_pam_patches() {
+	local x=
+	local patch=
+
+	for x in redhat gentoo
+	do
+		cat ${S2}/list.${x}-patches | grep -v '^#' | grep -v '^$' | while read X
+		do
+			patch="$(echo $X | sed -e 's|^Patch.*: \(.*\)|\1|')"
+			epatch ${S2}/${x}-patches/${patch}
+		done
+	done
+}
+
+pkg_setup() {
+	local x=
+
+	if use pwdb; then
+		for x in libpwdb.a libcrack.a; do
+			if [ ! -f "${ROOT}/usr/lib/${x}" ]; then
+				eerror "Could not find /usr/lib/${x} needed to build Linux-PAM!"
+				die "Could not find /usr/lib/${x} needed to build Linux-PAM!"
+			fi
+		done
+	fi
+
+	return 0
+}
+
+src_unpack() {
+	unpack ${A} || die "Couldn't unpack ${A}"
+
+	cd ${S} || die
+	tar -zxf ${S2}/pam-redhat-${PAM_REDHAT_VER}.tar.gz \
+		|| die "Couldn't unpack pam-redhat-${PAM_REDHAT_VER}.tar.gz"
+
+	# Fix pam_console_apply -r segfaulting if a group used in
+	# /etc/security/console.perms are missing, bug #50315
+	cp -f ${FILESDIR}/pam-0.77-console-reset.patch ${S2}/gentoo-patches/
+
+	apply_pam_patches
+
+	use selinux && epatch ${S2}/gentoo-patches/pam-selinux.patch
+
+	for readme in modules/pam_*/README ; do
+		cp -f "${readme}" doc/txts/README.$(dirname "${readme}" | \
+			sed -e 's|^modules/||')
+	done
+
+	cp /usr/share/automake/install-sh . || die
+	export WANT_AUTOCONF=2.5
+	autoconf || die
+}
+
+src_compile() {
+	export CFLAGS="${CFLAGS} -fPIC"
+
+	if use berkdb
+	then
+		einfo "Building Berkley DB ${BDB_VER}..."
+		cd ${WORKDIR}
+		cd db-${BDB_VER}/dist || die
+
+		# Pam uses berkdb, which db-4.1.x series can't detect mips64, so we fix it
+		if use mips; then
+			einfo "Updating berkdb config.{guess,sub} for mips"
+			local OLDS="${S}"
+			S="${WORKDIR}/db-${BDB_VER}/dist"
+			gnuconfig_update
+			S="${OLDS}"
+		fi
+
+		echo db_cv_mutex=UNIX/fcntl > config.cache
+		./s_config
+		./configure \
+			--cache-file=config.cache \
+			--disable-compat185 \
+			--disable-cxx \
+			--disable-diagnostic \
+			--disable-dump185 \
+			--disable-java \
+			--disable-rpc \
+			--disable-tcl \
+			--disable-shared \
+			--with-pic \
+			--with-uniquename=_pam \
+			--prefix=${S} \
+			--includedir=${S}/include \
+			--libdir=${S}/lib || die "Bad BDB ./configure"
+
+		# XXX hack out O_DIRECT support in db4 for now.
+		perl -pi -e 's/#define HAVE_O_DIRECT 1/#undef HAVE_O_DIRECT/' \
+			db_config.h
+
+		make || die "BDB build failed"
+		make install || die
+
+		export CPPFLAGS="-I${S}/include"
+		export LDFLAGS="-L${S}/lib"
+		export LIBNAME="lib"
+	fi
+
+	if [ "${ARCH}" = "alpha" ]
+	then
+		if [ ! -z "$(strings -a /usr/lib/libglib.a | grep -i 'Compaq Computer Corp.')" ]
+		then
+			# should be LDFLAGS, but this configure is screwy.
+			echo
+			einfo "It looks like you compiled glib with ccc, this is okay, but"
+			einfo "I'll need to force gcc to link with libots...."
+			echo
+			append-flags -lots
+			sed -i -e 's/$(CC) -o/$(CC) -lots -o/g' ${S}/modules/pam_pwdb/Makefile
+		fi
+	fi
+
+	einfo "Building Linux-PAM ${PV}..."
+	cd ${S}
+	./configure \
+		--libdir=/lib \
+		--enable-static-libpam \
+		--enable-fakeroot=${D} \
+		--enable-isadir=/lib/security \
+		--host=${CHOST} || die
+
+	# Python stuff in docs gives sandbox problems
+	sed -i -e 's|modules doc examples|modules|' Makefile
+
+	# Fix warnings for gcc-2.95.3
+	if [ "$(gcc-version)" = "2.95" ]
+	then
+		sed -i -e "s:-Wpointer-arith::" Make.Rules
+	fi
+
+	if ! use berkdb
+	then
+		# Do not build pam_userdb.so ...
+		sed -i -e "s:^HAVE_NDBM_H=yes:HAVE_NDBM_H=no:" \
+			-e "s:^HAVE_LIBNDBM=yes:HAVE_LIBNDBM=no:" \
+			-e "s:^HAVE_LIBDB=yes:HAVE_LIBDB=no:" \
+			Make.Rules
+	else
+		# Do not link pam_userdb.so to db-1.85 ...
+		sed -i -e "s:^HAVE_NDBM_H=yes:HAVE_NDBM_H=no:" \
+			-e "s:^HAVE_LIBNDBM=yes:HAVE_LIBNDBM=no:" \
+			Make.Rules
+	fi
+
+	make || die "PAM build failed"
+}
+
+src_install() {
+	local x=
+
+	einfo "Installing Linux-PAM ${PV}..."
+	make FAKEROOT=${D} \
+		LDCONFIG="" \
+		install || die
+
+	# Make sure every module built.
+	# Do not remove this, as some module can fail to build
+	# and effectively lock the user out of his system.
+	einfo "Checking if all modules were built..."
+	for x in ${S}/modules/pam_*
+	do
+		if [ -d ${x} ]
+		then
+			# Its OK if the module failed when we didnt ask for it anyway
+			if ! ls -1 ${D}/lib/security/$(basename ${x})*.so &> /dev/null
+			then
+				if ! use berkdb && [ "$(basename ${x})" = "pam_userdb" ]
+				then
+					continue
+				fi
+				if ! use pwdb && [ "$(basename ${x})" = "pam_pwdb" ]
+				then
+					continue
+				fi
+				if ! use pwdb && [ "$(basename ${x})" = "pam_radius" ]
+				then
+					continue
+				fi
+				eerror "ERROR: $(basename ${x}) module did not build."
+				exit 1
+			else
+			# Remove the ones we didnt want if it ended up building ok anyways
+				if ! use berkdb && [ "$(basename ${x})" = "pam_userdb" ]
+				then
+					rm -f ${D}/lib/security/pam_userdb*
+				fi
+				if ! use pwdb && [ "$(basename ${x})" = "pam_pwdb" ]
+				then
+					rm -f ${D}/lib/security/pam_pwdb*
+				fi
+				if ! use pwdb && [ "$(basename ${x})" = "pam_radius" ]
+				then
+					rm -f ${D}/lib/security/pam_radius*
+				fi
+			fi
+		fi
+	done
+
+	dodir /usr/lib
+	cd ${D}/lib
+	for x in pam pamc pam_misc
+	do
+		rm lib${x}.so
+		ln -s lib${x}.so.${PV} lib${x}.so
+		ln -s lib${x}.so.${PV} lib${x}.so.0
+		mv lib${x}.a ${D}/usr/lib
+		# See bug #4411
+		gen_usr_ldscript lib${x}.so
+	done
+
+	cd ${S}
+	doman doc/man/*.[58]
+
+	dodoc CHANGELOG Copyright README
+	docinto modules ; dodoc modules/README ; dodoc doc/txts/README.*
+	docinto txt ; dodoc doc/specs/*.txt #doc/txts/*.txt
+#	docinto print ; dodoc doc/ps/*.ps
+
+#	docinto html
+#	dohtml -r doc/html/
+
+	# need this for pam_console
+	keepdir /var/run/console
+
+	insinto /etc/pam.d
+	for x in ${FILESDIR}/pam.d/*
+	do
+		if [ -f ${x} ]
+		then
+			doins ${x}
+		fi
+	done
+
+	insinto /etc/security
+	doins ${FILESDIR}/pam_env.conf
+}
diff --git a/sys-libs/pam/pam-0.77-r3.ebuild b/sys-libs/pam/pam-0.77-r3.ebuild
new file mode 100644
index 000000000000..8d83e77d304f
--- /dev/null
+++ b/sys-libs/pam/pam-0.77-r3.ebuild
@@ -0,0 +1,300 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-0.77-r3.ebuild,v 1.1 2004/11/08 18:33:46 azarah Exp $
+
+PATCH_LEVEL="1.3"
+BDB_VER="4.1.25"
+PAM_REDHAT_VER="0.77-4"
+
+RDEPEND=">=sys-libs/cracklib-2.7-r8
+	selinux? ( sys-libs/libselinux )
+	berkdb? ( >=sys-libs/db-${BDB_VER} )"
+
+DEPEND="$RDEPEND
+	dev-lang/perl
+	=dev-libs/glib-1.2*
+	>=sys-devel/autoconf-2.59
+	>=sys-devel/automake-1.6
+	>=sys-devel/flex-2.5.4a-r5
+	pwdb? ( >=sys-libs/pwdb-0.62 )"
+
+# Have python sandbox issues currently ...
+#	doc? ( app-text/sgmltools-lite )
+
+# BDB is internalized to get a non-threaded lib for pam_userdb.so to
+# be built with.  The runtime-only dependency on BDB suggests the user
+# will use the system-installed db_load to create pam_userdb databases.
+# PWDB is internalized because it is specifically designed to work
+# with Linux-PAM.  I'm not really certain how pervasive the Radius
+# and NIS services of PWDB are at this point.
+#
+# With all the arch's we support, I rather use external pwdb, and then
+# link statically to it - <azarah@gentoo.org> (09 Nov 2003).
+
+#inherit needs to be after DEPEND definition to protect RDEPEND
+inherit gcc eutils flag-o-matic gnuconfig
+
+# Note that we link to static versions of glib (pam_console.so)
+# and pwdb (pam_pwdb.so) ...
+
+HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
+DESCRIPTION="Pluggable Authentication Modules"
+
+S="${WORKDIR}/Linux-PAM-${PV}"
+S2="${WORKDIR}/pam-${PV}-patches"
+SRC_URI="http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-${PV}.tar.gz
+	mirror://gentoo/${P}-patches-${PATCH_LEVEL}.tar.bz2
+	berkdb? ( http://www.sleepycat.com/update/snapshot/db-${BDB_VER}.tar.gz )"
+
+LICENSE="PAM"
+KEYWORDS="~x86 ~ppc ~sparc ~mips alpha arm ~hppa amd64 ia64 ~ppc64 s390"
+SLOT="0"
+IUSE="berkdb pwdb selinux"
+
+apply_pam_patches() {
+	local x=
+	local patch=
+
+	for x in redhat gentoo
+	do
+		cat ${S2}/list.${x}-patches | grep -v '^#' | grep -v '^$' | while read X
+		do
+			patch="$(echo $X | sed -e 's|^Patch.*: \(.*\)|\1|')"
+			epatch ${S2}/${x}-patches/${patch}
+		done
+	done
+}
+
+pkg_setup() {
+	local x=
+
+	if use pwdb; then
+		for x in libpwdb.a libcrack.a; do
+			if [ ! -f "${ROOT}/usr/$(get_libdir)/${x}" ]; then
+				eerror "Could not find /usr/$(get_libdir)/${x} needed to build Linux-PAM!"
+				die "Could not find /usr/$(get_libdir)/${x} needed to build Linux-PAM!"
+			fi
+		done
+	fi
+
+	return 0
+}
+
+src_unpack() {
+	unpack ${A} || die "Couldn't unpack ${A}"
+
+	cd ${S} || die
+	tar -zxf ${S2}/pam-redhat-${PAM_REDHAT_VER}.tar.gz \
+		|| die "Couldn't unpack pam-redhat-${PAM_REDHAT_VER}.tar.gz"
+
+	apply_pam_patches
+
+	use selinux && epatch ${S2}/gentoo-patches/pam-selinux.patch
+
+	for readme in modules/pam_*/README ; do
+		cp -f "${readme}" doc/txts/README.$(dirname "${readme}" | \
+			sed -e 's|^modules/||')
+	done
+
+	cp /usr/share/automake/install-sh . || die
+	export WANT_AUTOCONF=2.5
+	autoconf || die
+}
+
+src_compile() {
+	export CFLAGS="${CFLAGS} -fPIC"
+
+	if use berkdb
+	then
+		einfo "Building Berkley DB ${BDB_VER}..."
+		cd ${WORKDIR}
+		cd db-${BDB_VER}/dist || die
+
+		# Pam uses berkdb, which db-4.1.x series can't detect mips64, so we fix it
+		if use mips; then
+			einfo "Updating berkdb config.{guess,sub} for mips"
+			local OLDS="${S}"
+			S="${WORKDIR}/db-${BDB_VER}/dist"
+			gnuconfig_update
+			S="${OLDS}"
+		fi
+
+		echo db_cv_mutex=UNIX/fcntl > config.cache
+		./s_config
+		./configure \
+			--cache-file=config.cache \
+			--disable-compat185 \
+			--disable-cxx \
+			--disable-diagnostic \
+			--disable-dump185 \
+			--disable-java \
+			--disable-rpc \
+			--disable-tcl \
+			--disable-shared \
+			--with-pic \
+			--with-uniquename=_pam \
+			--prefix=${S} \
+			--includedir=${S}/include \
+			--libdir=${S}/lib || die "Bad BDB ./configure"
+
+		# XXX hack out O_DIRECT support in db4 for now.
+		perl -pi -e 's/#define HAVE_O_DIRECT 1/#undef HAVE_O_DIRECT/' \
+			db_config.h
+
+		make || die "BDB build failed"
+		make install || die
+
+		export CPPFLAGS="-I${S}/include"
+		export LDFLAGS="-L${S}/lib"
+		export LIBNAME="lib"
+	fi
+
+	if [ "${ARCH}" = "alpha" ]
+	then
+		if [ ! -z "$(strings -a /usr/lib/libglib.a | grep -i 'Compaq Computer Corp.')" ]
+		then
+			# should be LDFLAGS, but this configure is screwy.
+			echo
+			einfo "It looks like you compiled glib with ccc, this is okay, but"
+			einfo "I'll need to force gcc to link with libots...."
+			echo
+			append-flags -lots
+			sed -i -e 's/$(CC) -o/$(CC) -lots -o/g' ${S}/modules/pam_pwdb/Makefile
+		fi
+	fi
+
+	einfo "Building Linux-PAM ${PV}..."
+	cd ${S}
+	./configure \
+		--libdir=/$(get_libdir) \
+		--enable-static-libpam \
+		--enable-fakeroot=${D} \
+		--enable-isadir=/$(get_libdir)/security \
+		--host=${CHOST} || die
+
+	# Python stuff in docs gives sandbox problems
+	sed -i -e 's|modules doc examples|modules|' Makefile
+
+	# Fix warnings for gcc-2.95.3
+	if [ "$(gcc-version)" = "2.95" ]
+	then
+		sed -i -e "s:-Wpointer-arith::" Make.Rules
+	fi
+
+	if ! use berkdb
+	then
+		# Do not build pam_userdb.so ...
+		sed -i -e "s:^HAVE_NDBM_H=yes:HAVE_NDBM_H=no:" \
+			-e "s:^HAVE_LIBNDBM=yes:HAVE_LIBNDBM=no:" \
+			-e "s:^HAVE_LIBDB=yes:HAVE_LIBDB=no:" \
+			Make.Rules
+
+		# Also edit the configuration file else the wrong include files
+		# get used
+		sed -i -e "s:^#define HAVE_NDBM_H.*$:/* #undef HAVE_NDBM_H */:" \
+		       -e "s:^#define HAVE_DB_H.*$:/* #undef HAVE_DB_H */:" \
+		       _pam_aconf.h
+
+	else
+		# Do not link pam_userdb.so to db-1.85 ...
+		sed -i -e "s:^HAVE_NDBM_H=yes:HAVE_NDBM_H=no:" \
+			-e "s:^HAVE_LIBNDBM=yes:HAVE_LIBNDBM=no:" \
+			Make.Rules
+
+		# Also edit the configuration file else the wrong include files
+		# get used
+		sed -i -e "s:^#define HAVE_NDBM_H.*$:/* #undef HAVE_NDBM_H */:" _pam_aconf.h
+	fi
+
+	make || die "PAM build failed"
+}
+
+src_install() {
+	local x=
+
+	einfo "Installing Linux-PAM ${PV}..."
+	make FAKEROOT=${D} \
+		LDCONFIG="" \
+		install || die
+
+	# Make sure every module built.
+	# Do not remove this, as some module can fail to build
+	# and effectively lock the user out of his system.
+	einfo "Checking if all modules were built..."
+	for x in ${S}/modules/pam_*
+	do
+		if [ -d ${x} ]
+		then
+			# Its OK if the module failed when we didnt ask for it anyway
+			if ! ls -1 ${D}/$(get_libdir)/security/$(basename ${x})*.so &> /dev/null
+			then
+				if ! use berkdb && [ "$(basename ${x})" = "pam_userdb" ]
+				then
+					continue
+				fi
+				if ! use pwdb && [ "$(basename ${x})" = "pam_pwdb" ]
+				then
+					continue
+				fi
+				if ! use pwdb && [ "$(basename ${x})" = "pam_radius" ]
+				then
+					continue
+				fi
+				eerror "ERROR: $(basename ${x}) module did not build."
+				exit 1
+			else
+			# Remove the ones we didnt want if it ended up building ok anyways
+				if ! use berkdb && [ "$(basename ${x})" = "pam_userdb" ]
+				then
+					rm -f ${D}/$(get_libdir)/security/pam_userdb*
+				fi
+				if ! use pwdb && [ "$(basename ${x})" = "pam_pwdb" ]
+				then
+					rm -f ${D}/$(get_libdir)/security/pam_pwdb*
+				fi
+				if ! use pwdb && [ "$(basename ${x})" = "pam_radius" ]
+				then
+					rm -f ${D}/$(get_libdir)/security/pam_radius*
+				fi
+			fi
+		fi
+	done
+
+	dodir /usr/$(get_libdir)
+	cd ${D}/$(get_libdir)
+	for x in pam pamc pam_misc
+	do
+		rm lib${x}.so
+		ln -s lib${x}.so.${PV} lib${x}.so
+		ln -s lib${x}.so.${PV} lib${x}.so.0
+		mv lib${x}.a ${D}/usr/$(get_libdir)
+		# See bug #4411
+		gen_usr_ldscript lib${x}.so
+	done
+
+	cd ${S}
+	doman doc/man/*.[58]
+
+	dodoc CHANGELOG Copyright README
+	docinto modules ; dodoc modules/README ; dodoc doc/txts/README.*
+	docinto txt ; dodoc doc/specs/*.txt #doc/txts/*.txt
+#	docinto print ; dodoc doc/ps/*.ps
+
+#	docinto html
+#	dohtml -r doc/html/
+
+	# need this for pam_console
+	keepdir /var/run/console
+
+	insinto /etc/pam.d
+	for x in ${FILESDIR}/pam.d/*
+	do
+		if [ -f ${x} ]
+		then
+			doins ${x}
+		fi
+	done
+
+	insinto /etc/security
+	doins ${FILESDIR}/pam_env.conf
+}
author	Martin Schlemmer <azarah@gentoo.org>	2004-11-08 18:33:46 +0000
committer	Martin Schlemmer <azarah@gentoo.org>	2004-11-08 18:33:46 +0000
commit	2cb60cc355ca381adcb798e33ad476daa341ef04 (patch)
tree	90b69446e825246b0b6313c2f2ff3a791293cf73 /sys-libs/pam
parent	arm KEYWORDS (diff)
download	historical-2cb60cc355ca381adcb798e33ad476daa341ef04.tar.gz historical-2cb60cc355ca381adcb798e33ad476daa341ef04.tar.bz2 historical-2cb60cc355ca381adcb798e33ad476daa341ef04.zip