summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'sys-libs/pam')
-rw-r--r--sys-libs/pam/Manifest2
-rw-r--r--sys-libs/pam/pam-1.5.3.ebuild151
2 files changed, 153 insertions, 0 deletions
diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
index 1c4a8a9b4248..339c61f6414b 100644
--- a/sys-libs/pam/Manifest
+++ b/sys-libs/pam/Manifest
@@ -1,2 +1,4 @@
DIST Linux-PAM-1.5.2-docs.tar.xz 443276 BLAKE2B eb0376022bd17d472cfbb7d757acd9a7743d68929ac604bc7fbc27e87b35f0424e9459afff8110ee094c6914cef6e6f483e6eeb2fc2ec24909477ec53f600fa2 SHA512 69bbb52b3855a1ff3066ffe3ae1890440516311260ddfb20a7a7ea7beeb42484ea085080e3206f23933edf4a695a13f2317e33dffcab2b29f6e9e210d493e1f0
DIST Linux-PAM-1.5.2.tar.xz 988784 BLAKE2B a835034cd239bc9377419c13dda45276e8e64a33fcf714a1957ff41112fbb6dce0be8e9773afc82458a04d54bf146a0c26117d7170521fecdc0c98184cef5f4f SHA512 fa16350c132d3e5fb82b60d991768fb596582639841b8ece645c684705467305ccf1302a0147ec222ab78c01b2c9114c5496dc1ca565d2b56bf315f29a815144
+DIST Linux-PAM-1.5.3-docs.tar.xz 466340 BLAKE2B 6bade3c63ebe6b6ca7a86d7385850bb87bf1d6526add3ac5aad140533516c1d27b594a17d09c4127ff985c42e6c571618785d6b2a2913e6575678c4dcf947dc0 SHA512 a9082823da88e0054d74e13aef872519ced5fbef25c8cc1a7e3a99160f835aa09c9ef701b6ec507acd3b540da0019288424bb4c8ebd828181ea90450db1494a9
+DIST Linux-PAM-1.5.3.tar.xz 1020076 BLAKE2B 362c939f3afc343e6f4e78e7f6ba6f7a9c6ee0a9948bb5a4fc34cecfd29e9fa974082534d4ceedd04d8d3e34c7b3ef43d2a07ba5f41d26da04ec8330fc3790fb SHA512 af88e8c1b6a9b737ffaffff7dd9ed8eec996d1fbb5804fb76f590bed66d8a1c2c6024a534d7a7b6d18496b300f3d6571a08874cf406cd2e8cea1d5eff49c136a
diff --git a/sys-libs/pam/pam-1.5.3.ebuild b/sys-libs/pam/pam-1.5.3.ebuild
new file mode 100644
index 000000000000..6ac576c5eb0b
--- /dev/null
+++ b/sys-libs/pam/pam-1.5.3.ebuild
@@ -0,0 +1,151 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+MY_P="Linux-${PN^^}-${PV}"
+
+# Avoid QA warnings
+# Can reconsider w/ EAPI 8 and IDEPEND, bug #810979
+TMPFILES_OPTIONAL=1
+
+inherit db-use fcaps flag-o-matic toolchain-funcs usr-ldscript multilib-minimal
+
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+HOMEPAGE="https://github.com/linux-pam/linux-pam"
+SRC_URI="
+ https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz
+ https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}-docs.tar.xz
+"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="audit berkdb debug nis selinux"
+
+BDEPEND="
+ app-alternatives/yacc
+ dev-libs/libxslt
+ sys-devel/flex
+ sys-devel/gettext
+ virtual/pkgconfig
+"
+DEPEND="
+ virtual/libcrypt:=[${MULTILIB_USEDEP}]
+ >=virtual/libintl-0-r1[${MULTILIB_USEDEP}]
+ audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+ berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
+ selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+ nis? (
+ net-libs/libnsl:=[${MULTILIB_USEDEP}]
+ >=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}]
+ )
+"
+RDEPEND="${DEPEND}"
+PDEPEND=">=sys-auth/pambase-20200616"
+
+src_prepare() {
+ default
+ touch ChangeLog || die
+}
+
+multilib_src_configure() {
+ # Do not let user's BROWSER setting mess us up, bug #549684
+ unset BROWSER
+
+ # This whole weird has_version libxcrypt block can go once
+ # musl systems have libxcrypt[system] if we ever make
+ # that mandatory. See bug #867991.
+ if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then
+ # Avoid picking up symbol-versioned compat symbol on musl systems
+ export ac_cv_search_crypt_gensalt_rn=no
+
+ # Need to avoid picking up the libxcrypt headers which define
+ # CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY.
+ cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die
+ append-cppflags -I"${T}"
+ fi
+
+ local myconf=(
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+ --with-db-uniquename=-$(db_findver sys-libs/db)
+ --with-xml-catalog="${EPREFIX}"/etc/xml/catalog
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security
+ --includedir="${EPREFIX}"/usr/include/security
+ --libdir="${EPREFIX}"/usr/$(get_libdir)
+ --enable-pie
+ --enable-unix
+ --disable-prelude
+ --disable-doc
+ --disable-regenerate-docu
+ --disable-static
+ --disable-Werror
+ # TODO: wire this up now it's more useful as of 1.5.3
+ --disable-econf
+
+ # TODO: add elogind support
+ # lastlog is enabled again for now by us until logind support
+ # is handled. Even then, disabling lastlog will probably need
+ # a news item.
+ --disable-logind
+ --enable-lastlog
+
+ $(use_enable audit)
+ $(use_enable berkdb db)
+ $(use_enable debug)
+ $(use_enable nis)
+ $(use_enable selinux)
+ --enable-isadir='.' # bug #464016
+ )
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ emake sepermitlockdir="/run/sepermit"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="/run/sepermit"
+
+ gen_usr_ldscript -a pam pam_misc pamc
+}
+
+multilib_src_install_all() {
+ find "${ED}" -type f -name '*.la' -delete || die
+
+ # tmpfiles.eclass is impossible to use because
+ # there is the pam -> tmpfiles -> systemd -> pam dependency loop
+ dodir /usr/lib/tmpfiles.d
+
+ cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_
+ d /run/faillock 0755 root root
+ _EOF_
+ use selinux && cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_
+ d /run/sepermit 0755 root root
+ _EOF_
+
+ local page
+
+ for page in doc/man/*.{3,5,8} modules/*/*.{5,8} ; do
+ doman ${page}
+ done
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | grep -E -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+
+ # The pam_unix module needs to check the password of the user which requires
+ # read access to /etc/shadow only.
+ fcaps cap_dac_override sbin/unix_chkpwd
+}