diff options
Diffstat (limited to 'sys-libs')
| -rw-r--r-- | sys-libs/pam/Manifest | 7 | ||||
| -rw-r--r-- | sys-libs/pam/metadata.xml | 52 | ||||
| -rw-r--r-- | sys-libs/pam/pam-1.6.1.ebuild | 160 | ||||
| -rw-r--r-- | sys-libs/pam/pam-1.7.0.ebuild | 68 | ||||
| -rw-r--r-- | sys-libs/pam/pam-1.7.1.ebuild | 68 | ||||
| -rw-r--r-- | sys-libs/pam/pam-1.7.2.ebuild | 198 |
6 files changed, 221 insertions, 332 deletions
diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest index 9e5fd41e5d77..453c007b5f9e 100644 --- a/sys-libs/pam/Manifest +++ b/sys-libs/pam/Manifest @@ -1,5 +1,2 @@ -DIST pam-1.6.1.tar.xz 1054152 BLAKE2B 649b4ff892fbd3eb90adcbd9ccc5b3f5df51bf1c79b9084c7a1613c432587b13b81761d1eb4f31ef12d58843d16af24a3c441d0b6f5d2f2a1db9c8da15a61e2f SHA512 ddb5a5f296f564b76925324550d29f15d342841a97815336789c7bb922a8663e831edeb54f3dcd1eaf297e3325c9e2e6c14b8740def5c43cf3f160a8a14fa2ea -DIST pam-1.7.0.tar.xz 507824 BLAKE2B 39c8c2ccc6f7d125d12d49439ae44cb8fe115f0529549269246e54f4b4de0b3b24c1099e4d3fa39d4e477af8a92b66dd6dc2cb93f0643ab7b56bcaabdd3b8539 SHA512 ab5cadb0eb5e95e36146fdbbc77eef4e5e0f38aeee4e819b080a1316f69969c3c33e4a2daf3246ded4c2e58ce517d7f1acb0d8de02a4898ff753f4c3aeec51cf -DIST pam-1.7.1.tar.xz 510828 BLAKE2B 0a64d7dbf6bb7e3d2c36ea1f29c3217d3e43a1cc0ba8adf2ee8a117946a53bd26634ebd70ff3b99a72f7373df6694ee054dc7eddab04e43bbc8f5b0e9e56b3bc SHA512 0724c3636c10e2c7d98c9325bb9c20eb3e59b7cbc2f8fa7636b77af497524afe595b895386d7e6723fdb89247b94f6db6f179d552015ac78469beaa33e0413f0 -DIST pam-docs-1.6.1.tar.xz 465516 BLAKE2B c39dfba2e327120edc1f30be6ea7f8e6cf20d1f4dd17752cc34e0ae1c0bd22b3d19b94ab665bf3df5bd6ecc7fc358dbbedd8a3069df95ff6189580e538aa3547 SHA512 c6054ec6832f604c0654cf074e4e241c44037fd41cd37cca7da94abe008ff72adc4466d31bd254517eda083c7ec3f6aefd37785b3ee3d0d4553250bd29963855 -DIST pam-redhat-1.2.0.tar.xz 7280 BLAKE2B 6bad743cd16aa93b53f522903c7399f5cf0a4746f01d31297f4de9e987006fe8bee3f9e687e9d554febd630be789abfcb71de7142eb8c8e34499f1cebfa46857 SHA512 f676a6c8df0cf3836018b1a67ded1d40937b88ff046e5c6b22bac46cb05e27970ef6a7ce224269e4c0d1ca9375c72e77880cf9114e936a7de9c423bf443d27ee +DIST Linux-PAM-1.7.2.tar.xz 511724 BLAKE2B d7ebfac4393af3f889fef973946f1e6d60f118f2e048448708c5fdf0ef7fa7780945cda3b0abf6e0e2e15bbc2dd23be52389efabd00647381b3bc971f1aadcd8 SHA512 b035c0abeb5afb6b3067341767ace6d68ded4c061870afff2ab9494713b1dc9d2ff0995a5d1f0852a49b6e8b2123a7cc2f40342e16c7863a58df3c102b9010c5 +DIST Linux-PAM-1.7.2.tar.xz.asc 833 BLAKE2B 86c4eb129af7afe8348eddf78d764c0658dd9597b62ed0657ea23cca80dd29a052cdef8f588abe3615a2a40062c210fe0c04cca29309dfb3dcb70d13be4ab8db SHA512 01f6e770e8a0eb60f76d95581f66c4eece6436ec8f2e5766e57a4240014ab43e5ad991fa7f77cfc4c57809a0e0c47ccf60118cb49dee790413cf824ebd80b879 diff --git a/sys-libs/pam/metadata.xml b/sys-libs/pam/metadata.xml index 2478e50d9d8f..1abda7583cda 100644 --- a/sys-libs/pam/metadata.xml +++ b/sys-libs/pam/metadata.xml @@ -1,34 +1,24 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "https://liguros.gitlab.io/dtd/metadata.dtd"> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> - <maintainer type="project"> - <email>dev@liguros.net</email> - <name>Development</name> - </maintainer> - <maintainer type="person"> - <email>zlogene@gentoo.org</email> - <name>Mikle Kolyada</name> - </maintainer> - <upstream> - <remote-id type="cpe">cpe:/a:linux-pam:linux-pam</remote-id> - </upstream> - <use> - <flag name="berkdb"> - Build the pam_userdb module, that allows to authenticate users - against a Berkeley DB file. Please note that enabling this USE - flag will create a PAM module that links to the Berkeley DB (as - provided by <pkg>sys-libs/db</pkg>) installed in /usr/lib and - will thus not work for boot-critical services authentication. - </flag> - <flag name="cracklib"> - Build the pam_cracklib module, that allows to verify the chosen - passwords' strength through the use of - <pkg>sys-libs/cracklib</pkg>. Please note that simply enabling - the USE flag on this package will not make use of pam_cracklib - by default, you should also enable it in - <pkg>sys-auth/pambase</pkg> as well as update your configuration - files. + <maintainer type="project"> + <email>base-system@gentoo.org</email> + </maintainer> + <maintainer type="person"> + <email>sam@gentoo.org</email> + <name>Sam James</name> + </maintainer> + <use> + <flag name="berkdb"> + Build the pam_userdb module, that allows to authenticate users + against a Berkeley DB file. Please note that enabling this USE + flag will create a PAM module that links to the Berkeley DB (as + provided by <pkg>sys-libs/db</pkg>) installed in /usr/lib and + will thus not work for boot-critical services authentication. </flag> - </use> - <origin>kit-fixups</origin> -</pkgmetadata>
\ No newline at end of file + </use> + <upstream> + <remote-id type="github">linux-pam/linux-pam</remote-id> + <remote-id type="cpe">cpe:/a:kernel:linux-pam</remote-id> + </upstream> +</pkgmetadata> diff --git a/sys-libs/pam/pam-1.6.1.ebuild b/sys-libs/pam/pam-1.6.1.ebuild deleted file mode 100644 index a7fce02295b4..000000000000 --- a/sys-libs/pam/pam-1.6.1.ebuild +++ /dev/null @@ -1,160 +0,0 @@ -# Copyright 2020-2024 Liguros Authors -# Distributed under the terms of the GNU General Public License v2 -EAPI=8 - -inherit autotools db-use fcaps toolchain-funcs usr-ldscript multilib-minimal - -DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" -HOMEPAGE="https://github.com/linux-pam/linux-pam" - -PAM_REDHAT_VER="1.2.0" -SRC_URI="https://github.com/linux-pam/linux-pam/releases/download/v${PV}/Linux-PAM-${PV}.tar.xz -> ${P}.tar.xz - https://github.com/linux-pam/linux-pam/releases/download/v${PV}/Linux-PAM-${PV}-docs.tar.xz -> ${PN}-docs-${PV}.tar.xz - https://releases.pagure.org/pam-redhat/pam-redhat-${PAM_REDHAT_VER}.tar.xz" - -LICENSE="|| ( BSD GPL-2 )" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" -IUSE="audit berkdb debug nis selinux" - -BDEPEND=" - app-alternatives/yacc - dev-libs/libxslt - sys-devel/flex - sys-devel/gettext - virtual/pkgconfig -" - -DEPEND=" - virtual/libcrypt:=[${MULTILIB_USEDEP}] - >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] - audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) - berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) - selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) - nis? ( - net-libs/libnsl:=[${MULTILIB_USEDEP}] - >=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}] - ) - sys-libs/libcap -" -RDEPEND="${DEPEND}" - -PDEPEND=">=sys-auth/pambase-20200616" - -S="${WORKDIR}/Linux-PAM-${PV}" - -src_unpack() { - unpack ${PN}-docs-${PV}.tar.xz - unpack ${P}.tar.xz - cd ${WORKDIR} || die - unpack pam-redhat-${PAM_REDHAT_VER}.tar.xz - mv ${WORKDIR}/pam-redhat-${PAM_REDHAT_VER}/* ${S}/modules -} - -src_prepare() { - default - touch ChangeLog || die - eautoreconf -} - -multilib_src_configure() { - # Do not let user's BROWSER setting mess us up, bug #549684 - unset BROWSER - - # This whole weird has_version libxcrypt block can go once - # musl systems have libxcrypt[system] if we ever make - # that mandatory. See bug #867991. - if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then - # Avoid picking up symbol-versioned compat symbol on musl systems - export ac_cv_search_crypt_gensalt_rn=no - - # Need to avoid picking up the libxcrypt headers which define - # CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY. - cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die - append-cppflags -I"${T}" - fi - - local myconf=( - CC_FOR_BUILD="$(tc-getBUILD_CC)" - --with-db-uniquename=-$(db_findver sys-libs/db) - --with-xml-catalog="${EPREFIX}"/etc/xml/catalog - --enable-securedir="${EPREFIX}"/$(get_libdir)/security - --includedir="${EPREFIX}"/usr/include/security - --libdir="${EPREFIX}"/usr/$(get_libdir) - --enable-pie - # --exec-prefix="${EPREFIX}" - --enable-unix - --disable-prelude - --disable-doc - --disable-regenerate-docu - --disable-static - --disable-Werror - # TODO: wire this up now it's more useful as of 1.5.3 - --disable-econf - - # TODO: add elogind support - # lastlog is enabled again for now by us until logind support - # is handled. Even then, disabling lastlog will probably need - # a news item. - --disable-logind - --enable-lastlog - - $(use_enable audit) - $(use_enable berkdb db) - $(use_enable debug) - $(use_enable nis) - $(use_enable selinux) - --enable-isadir='.' # bug #464016 - ) - ECONF_SOURCE="${S}" econf "${myconf[@]}" -} - -multilib_src_compile() { - emake sepermitlockdir="/run/sepermit" -} - -multilib_src_install() { - emake DESTDIR="${D}" install \ - sepermitlockdir="/run/sepermit" - - gen_usr_ldscript -a pam pam_misc pamc -} - -multilib_src_install_all() { - find "${ED}" -type f -name '*.la' -delete || die - - # tmpfiles.eclass is impossible to use because - # there is the pam -> tmpfiles -> systemd -> pam dependency loop - - dodir /usr/lib/tmpfiles.d - - cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_ - d /run/faillock 0755 root root - _EOF_ - use selinux && cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_ - d /run/sepermit 0755 root root - _EOF_ - - local page - - for page in doc/man/*.{3,5,8} modules/*/*.{5,8} ; do - doman ${page} - done -} - -pkg_postinst() { - ewarn "Some software with pre-loaded PAM libraries might experience" - ewarn "warnings or failures related to missing symbols and/or versions" - ewarn "after any update. While unfortunate this is a limit of the" - ewarn "implementation of PAM and the software, and it requires you to" - ewarn "restart the software manually after the update." - ewarn "" - ewarn "You can get a list of such software running a command like" - ewarn " lsof / | grep -E -i 'del.*libpam\\.so'" - ewarn "" - ewarn "Alternatively, simply reboot your system." - - # The pam_unix module needs to check the password of the user which requires - # read access to /etc/shadow only. - fcaps cap_dac_override sbin/unix_chkpwd -} diff --git a/sys-libs/pam/pam-1.7.0.ebuild b/sys-libs/pam/pam-1.7.0.ebuild deleted file mode 100644 index 6968bfb6a5be..000000000000 --- a/sys-libs/pam/pam-1.7.0.ebuild +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 2020-2024 Liguros Authors -# Distributed under the terms of the GNU General Public License v2 -EAPI=8 - -#inherit db-use fcaps meson-multilib toolchain-funcs usr-ldscript -inherit fcaps meson-multilib usr-ldscript - -DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" -HOMEPAGE="https://github.com/linux-pam/linux-pam" - -PAM_REDHAT_VER="1.2.0" -SRC_URI="https://github.com/linux-pam/linux-pam/releases/download/v${PV}/Linux-PAM-${PV}.tar.xz -> ${P}.tar.xz - https://releases.pagure.org/pam-redhat/pam-redhat-${PAM_REDHAT_VER}.tar.xz" - -LICENSE="|| ( BSD GPL-2 )" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" -IUSE="audit berkdb debug nis selinux" - -BDEPEND=" - app-alternatives/yacc - dev-libs/libxslt - sys-devel/flex - sys-devel/gettext - virtual/pkgconfig -" - -DEPEND=" - virtual/libcrypt:=[${MULTILIB_USEDEP}] - >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] - audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) - berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) - selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) - nis? ( - net-libs/libnsl:=[${MULTILIB_USEDEP}] - >=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}] - ) - sys-libs/libcap -" -RDEPEND="${DEPEND}" - -PDEPEND=">=sys-auth/pambase-20200616" - -S="${WORKDIR}/Linux-PAM-${PV}" - -src_unpack() { - unpack ${P}.tar.xz - cd ${WORKDIR} || die - unpack pam-redhat-${PAM_REDHAT_VER}.tar.xz - mv ${WORKDIR}/pam-redhat-${PAM_REDHAT_VER}/* ${S}/modules -} - -pkg_postinst() { - ewarn "Some software with pre-loaded PAM libraries might experience" - ewarn "warnings or failures related to missing symbols and/or versions" - ewarn "after any update. While unfortunate this is a limit of the" - ewarn "implementation of PAM and the software, and it requires you to" - ewarn "restart the software manually after the update." - ewarn "" - ewarn "You can get a list of such software running a command like" - ewarn " lsof / | grep -E -i 'del.*libpam\\.so'" - ewarn "" - ewarn "Alternatively, simply reboot your system." - - # The pam_unix module needs to check the password of the user which requires - # read access to /etc/shadow only. - fcaps cap_dac_override usr/sbin/unix_chkpwd -} diff --git a/sys-libs/pam/pam-1.7.1.ebuild b/sys-libs/pam/pam-1.7.1.ebuild deleted file mode 100644 index be23da575215..000000000000 --- a/sys-libs/pam/pam-1.7.1.ebuild +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 2020-2025 Liguros Authors -# Distributed under the terms of the GNU General Public License v2 -EAPI=8 - -#inherit db-use fcaps meson-multilib toolchain-funcs usr-ldscript -inherit fcaps meson-multilib usr-ldscript - -DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" -HOMEPAGE="https://github.com/linux-pam/linux-pam" - -PAM_REDHAT_VER="1.2.0" -SRC_URI="https://github.com/linux-pam/linux-pam/releases/download/v${PV}/Linux-PAM-${PV}.tar.xz -> ${P}.tar.xz - https://releases.pagure.org/pam-redhat/pam-redhat-${PAM_REDHAT_VER}.tar.xz" - -LICENSE="|| ( BSD GPL-2 )" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" -IUSE="audit berkdb debug nis selinux" - -BDEPEND=" - app-alternatives/yacc - dev-libs/libxslt - sys-devel/flex - sys-devel/gettext - virtual/pkgconfig -" - -DEPEND=" - virtual/libcrypt:=[${MULTILIB_USEDEP}] - >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] - audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) - berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) - selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) - nis? ( - net-libs/libnsl:=[${MULTILIB_USEDEP}] - >=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}] - ) - sys-libs/libcap -" -RDEPEND="${DEPEND}" - -PDEPEND=">=sys-auth/pambase-20200616" - -S="${WORKDIR}/Linux-PAM-${PV}" - -src_unpack() { - unpack ${P}.tar.xz - cd ${WORKDIR} || die - unpack pam-redhat-${PAM_REDHAT_VER}.tar.xz - mv ${WORKDIR}/pam-redhat-${PAM_REDHAT_VER}/* ${S}/modules -} - -pkg_postinst() { - ewarn "Some software with pre-loaded PAM libraries might experience" - ewarn "warnings or failures related to missing symbols and/or versions" - ewarn "after any update. While unfortunate this is a limit of the" - ewarn "implementation of PAM and the software, and it requires you to" - ewarn "restart the software manually after the update." - ewarn "" - ewarn "You can get a list of such software running a command like" - ewarn " lsof / | grep -E -i 'del.*libpam\\.so'" - ewarn "" - ewarn "Alternatively, simply reboot your system." - - # The pam_unix module needs to check the password of the user which requires - # read access to /etc/shadow only. - fcaps cap_dac_override usr/sbin/unix_chkpwd -} diff --git a/sys-libs/pam/pam-1.7.2.ebuild b/sys-libs/pam/pam-1.7.2.ebuild new file mode 100644 index 000000000000..4a2172e1b408 --- /dev/null +++ b/sys-libs/pam/pam-1.7.2.ebuild @@ -0,0 +1,198 @@ +# Copyright 1999-2026 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +MY_P="Linux-${PN^^}-${PV}" + +# Avoid QA warnings +# Can reconsider w/ EAPI 8 and IDEPEND, bug #810979 +TMPFILES_OPTIONAL=1 + +inherit db-use flag-o-matic meson-multilib user-info + +DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" +HOMEPAGE="https://github.com/linux-pam/linux-pam" + +if [[ ${PV} == *_p* ]] ; then + PAM_COMMIT="e634a3a9be9484ada6e93970dfaf0f055ca17332" + SRC_URI=" + https://github.com/linux-pam/linux-pam/archive/${PAM_COMMIT}.tar.gz -> ${P}.gh.tar.gz + " + S="${WORKDIR}"/linux-${PN}-${PAM_COMMIT} +else + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/pam.asc + inherit verify-sig + + SRC_URI=" + https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz + verify-sig? ( https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz.asc ) + " + S="${WORKDIR}/${MY_P}" + + BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-pam-20260122 )" +fi + +LICENSE="|| ( BSD GPL-2 )" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" +IUSE="audit berkdb elogind examples debug nis nls selinux systemd" +REQUIRED_USE="?? ( elogind systemd )" + +# meson.build specifically checks for bison and then byacc +# also requires xsltproc +BDEPEND+=" + acct-group/shadow + || ( sys-devel/bison dev-util/byacc ) + app-text/docbook-xsl-ns-stylesheets + dev-libs/libxslt + sys-devel/flex + virtual/pkgconfig + nls? ( sys-devel/gettext ) +" +DEPEND=" + virtual/libcrypt:=[${MULTILIB_USEDEP}] + >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] + audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) + berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) + !berkdb? ( sys-libs/gdbm:=[${MULTILIB_USEDEP}] ) + elogind? ( >=sys-auth/elogind-254 ) + selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) + systemd? ( >=sys-apps/systemd-254:= ) + nis? ( + net-libs/libnsl:=[${MULTILIB_USEDEP}] + >=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}] + ) +" +RDEPEND="${DEPEND} + acct-group/shadow +" +PDEPEND=">=sys-auth/pambase-20200616" + +src_configure() { + # meson.build sets -Wl,--fatal-warnings and with e.g. mold, we get: + # cannot assign version `global` to symbol `pam_sm_open_session`: symbol not found + append-ldflags $(test-flags-CCLD -Wl,--undefined-version) + + # Do not let user's BROWSER setting mess us up, bug #549684 + unset BROWSER + + meson-multilib_src_configure +} + +multilib_src_configure() { + local machine_file="${T}/meson.${CHOST}.${ABI}.ini.local" + # Workaround for docbook5 not being packaged (bug #913087#c4) + # It's only used for validation of output, so stub it out. + # Also, stub out elinks+w3m which are only used for an index. + cat >> "${machine_file}" <<-EOF || die + [binaries] + xmlcatalog='true' + xmllint='true' + elinks='true' + w3m='true' + EOF + + local emesonargs=( + --native-file "${machine_file}" + + $(meson_feature audit) + $(meson_native_use_bool examples) + $(meson_use debug pam-debug) + $(meson_feature nis) + $(meson_feature nls i18n) + $(meson_feature selinux) + + -Disadir='.' + -Dxml-catalog="${BROOT}"/etc/xml/catalog + -Dsbindir="${EPREFIX}"/sbin + -Dsecuredir="${EPREFIX}"/$(get_libdir)/security + -Ddocdir="${EPREFIX}"/usr/share/doc/${PF} + -Dhtmldir="${EPREFIX}"/usr/share/doc/${PF}/html + -Dpdfdir="${EPREFIX}"/usr/share/doc/${PF}/pdf + -Dvendordir="${EPREFIX}"/usr/share/pam + + $(meson_native_enabled docs) + + -Dpam_unix=enabled + + # TODO: wire this up now it's more useful as of 1.5.3 (bug #931117) + -Deconf=disabled + + # TODO: lastlog is enabled again for now by us as elogind support + # wasn't available at first. Even then, disabling lastlog will + # probably need a news item. + $(meson_native_use_feature systemd logind) + $(meson_native_use_feature elogind) + $(meson_feature !elibc_musl pam_lastlog) + ) + + if use berkdb; then + local dbver + dbver="$(db_findver sys-libs/db)" || die "could not find db version" + local -x CPPFLAGS="${CPPFLAGS} -I$(db_includedir "${dbver}")" + emesonargs+=( + -Ddb=db + -Ddb-uniquename="-${dbver}" + ) + else + emesonargs+=( + -Ddb=gdbm + ) + fi + + # This whole weird has_version libxcrypt block can go once + # musl systems have libxcrypt[system] if we ever make + # that mandatory. See bug #867991. + #if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then + # # Avoid picking up symbol-versioned compat symbol on musl systems + # export ac_cv_search_crypt_gensalt_rn=no + # + # # Need to avoid picking up the libxcrypt headers which define + # # CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY. + # cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die + # append-cppflags -I"${T}" + #fi + + meson_src_configure +} + +multilib_src_install_all() { + find "${ED}" -type f -name '*.la' -delete || die + + fowners :shadow /sbin/unix_chkpwd + fperms g+s /sbin/unix_chkpwd + + # tmpfiles.eclass is impossible to use because + # there is the pam -> tmpfiles -> systemd -> pam dependency loop + dodir /usr/lib/tmpfiles.d + + cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_ + d /run/faillock 0755 root root + _EOF_ + use selinux && cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_ + d /run/sepermit 0755 root root + _EOF_ +} + +pkg_postinst() { + if [[ -n ${ROOT} ]]; then + # Portage does not currently update the gid on installed files + # based on ${EROOT}/etc/group. + local gid=$(egetent group shadow | cut -d: -f3) + if [[ -n ${gid} ]]; then + chgrp "${gid}" "${EROOT}/sbin/unix_chkpwd" && + chmod g+s "${EROOT}/sbin/unix_chkpwd" + fi + fi + ewarn "Some software with pre-loaded PAM libraries might experience" + ewarn "warnings or failures related to missing symbols and/or versions" + ewarn "after any update. While unfortunate this is a limit of the" + ewarn "implementation of PAM and the software, and it requires you to" + ewarn "restart the software manually after the update." + ewarn "" + ewarn "You can get a list of such software running a command like" + ewarn " lsof / | grep -E -i 'del.*libpam\\.so'" + ewarn "" + ewarn "Alternatively, simply reboot your system." +} |