1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=6
inherit pam eutils
DESCRIPTION="PKCS#11 PAM library"
HOMEPAGE="https://github.com/opensc/pam_pkcs11/wiki"
SRC_URI="mirror://sourceforge/opensc/${PN}/${P}.tar.gz"
LICENSE="LGPL-2.1"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
IUSE="curl doc ldap nss +pcsc-lite"
RDEPEND="sys-libs/pam
curl? ( net-misc/curl )
ldap? ( net-nds/openldap )
nss? (
dev-libs/nss
curl? ( || ( net-misc/curl[-ssl] net-misc/curl[ssl,curl_ssl_nss] ) )
)
!nss? (
dev-libs/openssl:=
curl? ( || ( net-misc/curl[-ssl] net-misc/curl[ssl,-curl_ssl_nss] ) )
)
pcsc-lite? ( sys-apps/pcsc-lite )"
DEPEND="${RDEPEND}
virtual/pkgconfig
doc? ( dev-libs/libxslt )"
DOCS=(
AUTHORS ChangeLog NEWS README TODO
)
src_prepare() {
default
# Fix the example files to be somewhat decent, and usable as
# default configuration
sed -i \
-e '/try_first_pass/s:false:true:' \
-e '/debug =/s:true:false:' \
-e 's:\(/usr\|\${exec_prefix}\)/lib/:/usr/'$(get_libdir)/':g' \
etc/pam_pkcs11.conf.example.in \
etc/pkcs11_eventmgr.conf.example || die "sed failed"
}
src_configure() {
econf \
$(use_with curl) \
$(use_with doc docbook) \
$(use_with pcsc-lite pcsclite) \
$(use_with ldap) \
$(use_with nss)
}
src_install() {
emake DESTDIR="${ED}" pamdir="$(getpam_mod_dir)" install
einstalldocs
prune_libtool_files --modules
dodoc doc/README.*
use doc && dodoc doc/api/*
# Provide some basic configuration
keepdir /etc/pam_pkcs11{,/{cacerts,crl}}
insinto /etc/pam_pkcs11
newins etc/pam_pkcs11.conf.example pam_pkcs11.conf
newins etc/pkcs11_eventmgr.conf.example pkcs11_eventmgr.conf
}
pkg_config() {
local dir
for dir in "${EROOT}"etc/${PN}/{cacerts,crl}; do
pushd "${dir}" > /dev/null
ebegin "Creating hash links in '${dir}'"
"${EROOT}usr/bin/pkcs11_make_hash_link" || die
eend $?
popd > /dev/null
done
}
pkg_postinst() {
elog "For ${PN} to work you need a PKCS#11 provider, such as one of:"
elog " - dev-libs/opensc"
elog " - dev-libs/opencryptoki"
elog ""
elog "You probably want to configure the '${EROOT}etc/${PN}/${PN}.conf' file with"
elog "the settings for your pkcs11 provider."
elog ""
elog "You might also want to set up '${EROOT}etc/${PN}/pkcs11_eventmgr.conf' with"
elog "the settings for the event manager, and start it up at user login."
}
# TODO list!
#
# - we need to find a way allow the user to choose whether to start the
# event manager at _all_ the logins, and if that's the case, lock all
# kind of sessions (terminal _and_ X);
# - upstream should probably migrate the configuration of the event
# manager on a per-user basis, since it makes little sense to be _all_
# system-level configuration;
# - we should probably provide some better config support that ensures
# the configuration to be valid, as well as creating the symlinks;
# - we should probably add support for nss;
# - we should move the configuration in /etc/security as for the rest
# of PAM-related configuration.
|