1 |
commit: 76e4e1ba44589fadd589353b4a06a26245492f7f |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Jun 30 19:31:32 2012 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Jun 30 19:31:32 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=76e4e1ba |
7 |
|
8 |
sys-libs/pam: moving towards pam-less systems |
9 |
|
10 |
--- |
11 |
sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch | 18 -- |
12 |
sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch | 20 --- |
13 |
sys-libs/pam/metadata.xml | 29 ---- |
14 |
sys-libs/pam/pam-1.1.2.ebuild | 170 -------------------- |
15 |
4 files changed, 0 insertions(+), 237 deletions(-) |
16 |
|
17 |
diff --git a/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch b/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch |
18 |
deleted file mode 100644 |
19 |
index 2cd3e95..0000000 |
20 |
--- a/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch |
21 |
+++ /dev/null |
22 |
@@ -1,18 +0,0 @@ |
23 |
-This patch makes sure that the xtests programs don't get build when running |
24 |
-'make all', as they might fail to build (for instance if GLIBC 2.3 is used). |
25 |
- |
26 |
-Note that the tests are not executed by default at make check because they |
27 |
-are anyway broken. |
28 |
-Index: Linux-PAM-0.99.9.0/xtests/Makefile.am |
29 |
-=================================================================== |
30 |
---- Linux-PAM-0.99.9.0.orig/xtests/Makefile.am |
31 |
-+++ Linux-PAM-0.99.9.0/xtests/Makefile.am |
32 |
-@@ -29,7 +29,7 @@ XTESTS = tst-pam_dispatch1 tst-pam_dispa |
33 |
- tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ |
34 |
- tst-pam_group1 |
35 |
- |
36 |
--noinst_PROGRAMS = $(XTESTS) |
37 |
-+check_PROGRAMS = $(XTESTS) |
38 |
- |
39 |
- xtests: $(XTESTS) run-xtests.sh |
40 |
- "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} |
41 |
|
42 |
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch b/sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch |
43 |
deleted file mode 100644 |
44 |
index 0334496..0000000 |
45 |
--- a/sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch |
46 |
+++ /dev/null |
47 |
@@ -1,20 +0,0 @@ |
48 |
-Index: Linux-PAM-1.1.1/configure.in |
49 |
-=================================================================== |
50 |
---- Linux-PAM-1.1.1.orig/configure.in |
51 |
-+++ Linux-PAM-1.1.1/configure.in |
52 |
-@@ -389,10 +389,11 @@ AC_ARG_WITH([db-uniquename], |
53 |
- AS_HELP_STRING([--with-db-uniquename=extension],[Unique name for db libraries and functions.])) |
54 |
- if test x"$WITH_DB" != xno ; then |
55 |
- if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then |
56 |
-- AC_CHECK_LIB([db$with_db_uniquename], [db_create$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="") |
57 |
-- if test -z "$LIBDB" ; then |
58 |
-- AC_CHECK_LIB([db$with_db_uniquename], [dbm_store$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="") |
59 |
-- fi |
60 |
-+ old_libs=$LIBS |
61 |
-+ LIBS="$LIBS -ldb$with_db_uniquename" |
62 |
-+ AC_CHECK_FUNCS([db_create$with_db_uniquename db_create dbm_store$with_db_uniquename dbm_store], |
63 |
-+ [LIBDB="-ldb$with_db_uniquename"; break]) |
64 |
-+ LIBS=$old_libs |
65 |
- fi |
66 |
- if test -z "$LIBDB" ; then |
67 |
- AC_CHECK_LIB([ndbm],[dbm_store], LIBDB="-lndbm", LIBDB="") |
68 |
|
69 |
diff --git a/sys-libs/pam/metadata.xml b/sys-libs/pam/metadata.xml |
70 |
deleted file mode 100644 |
71 |
index e5b58f5..0000000 |
72 |
--- a/sys-libs/pam/metadata.xml |
73 |
+++ /dev/null |
74 |
@@ -1,29 +0,0 @@ |
75 |
-<?xml version="1.0" encoding="UTF-8"?> |
76 |
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
77 |
-<pkgmetadata> |
78 |
- <herd>pam</herd> |
79 |
- <maintainer> |
80 |
- <email>pam-bugs@g.o</email> |
81 |
- </maintainer> |
82 |
- <use> |
83 |
- <flag name='audit'>Enable support for <pkg>sys-process/audit</pkg></flag> |
84 |
- |
85 |
- <flag name="berkdb"> |
86 |
- Build the pam_userdb module, that allows to authenticate users |
87 |
- against a Berkeley DB file. Please note that enabling this USE |
88 |
- flag will create a PAM module that links to the Berkeley DB (as |
89 |
- provided by <pkg>sys-libs/db</pkg>) installed in /usr/lib and |
90 |
- will thus not work for boot-critical services authentication. |
91 |
- </flag> |
92 |
- |
93 |
- <flag name="cracklib"> |
94 |
- Build the pam_cracklib module, that allows to verify the chosen |
95 |
- passwords' strength through the use of |
96 |
- <pkg>sys-libs/cracklib</pkg>. Please note that simply enabling |
97 |
- the USE flag on this package will not make use of pam_cracklib |
98 |
- by default, you should also enable it in |
99 |
- <pkg>sys-auth/pambase</pkg> as well as update your configuration |
100 |
- files. |
101 |
- </flag> |
102 |
- </use> |
103 |
-</pkgmetadata> |
104 |
|
105 |
diff --git a/sys-libs/pam/pam-1.1.2.ebuild b/sys-libs/pam/pam-1.1.2.ebuild |
106 |
deleted file mode 100644 |
107 |
index 80f41dc..0000000 |
108 |
--- a/sys-libs/pam/pam-1.1.2.ebuild |
109 |
+++ /dev/null |
110 |
@@ -1,170 +0,0 @@ |
111 |
-# Copyright 1999-2010 Gentoo Foundation |
112 |
-# Distributed under the terms of the GNU General Public License v2 |
113 |
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.1.2.ebuild,v 1.1 2010/08/31 12:32:45 flameeyes Exp $ |
114 |
- |
115 |
-EAPI="3" |
116 |
- |
117 |
-inherit libtool multilib eutils autotools pam toolchain-funcs flag-o-matic db-use |
118 |
- |
119 |
-MY_PN="Linux-PAM" |
120 |
-MY_P="${MY_PN}-${PV}" |
121 |
- |
122 |
-HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/" |
123 |
-DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" |
124 |
- |
125 |
-SRC_URI="http://mirror.anl.gov/pub/linux/libs/pam/library/${MY_P}.tar.bz2" |
126 |
- |
127 |
-LICENSE="|| ( BSD GPL-2 )" |
128 |
-SLOT="0" |
129 |
-KEYWORDS="amd64 mips x86" |
130 |
-IUSE="cracklib nls vim-syntax audit test debug berkdb" |
131 |
- |
132 |
-RDEPEND="nls? ( virtual/libintl ) |
133 |
- cracklib? ( >=sys-libs/cracklib-2.8.3 ) |
134 |
- audit? ( sys-process/audit ) |
135 |
- berkdb? ( sys-libs/db )" |
136 |
-DEPEND="${RDEPEND} |
137 |
- sys-devel/flex |
138 |
- nls? ( sys-devel/gettext )" |
139 |
-PDEPEND="sys-auth/pambase |
140 |
- vim-syntax? ( app-vim/pam-syntax )" |
141 |
- |
142 |
-S="${WORKDIR}/${MY_P}" |
143 |
- |
144 |
-check_old_modules() { |
145 |
- local retval="0" |
146 |
- |
147 |
- if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then |
148 |
- eerror "" |
149 |
- eerror "Your current setup is using the pam_stack module." |
150 |
- eerror "This module is deprecated and no longer supported, and since version" |
151 |
- eerror "0.99 is no longer installed, nor provided by any other package." |
152 |
- eerror "The package will be built (to allow binary package builds), but will" |
153 |
- eerror "not be installed." |
154 |
- eerror "Please replace pam_stack usage with proper include directive usage," |
155 |
- eerror "following the PAM Upgrade guide at the following URL" |
156 |
- eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml" |
157 |
- eerror "" |
158 |
- |
159 |
- retval=1 |
160 |
- fi |
161 |
- |
162 |
- if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then |
163 |
- eerror "" |
164 |
- eerror "Your current setup is using one or more of the following modules," |
165 |
- eerror "that are not built or supported anymore:" |
166 |
- eerror "pam_pwdb, pam_console" |
167 |
- eerror "If you are in real need for these modules, please contact the maintainers" |
168 |
- eerror "of PAM through http://bugs.gentoo.org/ providing information about its" |
169 |
- eerror "use cases." |
170 |
- eerror "Please also make sure to read the PAM Upgrade guide at the following URL:" |
171 |
- eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml" |
172 |
- eerror "" |
173 |
- |
174 |
- retval=1 |
175 |
- fi |
176 |
- |
177 |
- return $retval |
178 |
-} |
179 |
- |
180 |
-pkg_setup() { |
181 |
- check_old_modules |
182 |
-} |
183 |
- |
184 |
-src_prepare() { |
185 |
- # Avoid building xtests during "make all"; note that for what |
186 |
- # we're concerned xtests are not even executed, so we should |
187 |
- # probably use EXTRA_PROGRAMS. |
188 |
- epatch "${FILESDIR}/${MY_PN}-0.99.8.1-xtests.patch" |
189 |
- |
190 |
- # Fix tests to find Berkeley DB as installed by Gentoo (with a |
191 |
- # library suffix but no suffix on the ELF symbols). |
192 |
- epatch "${FILESDIR}/${MY_PN}-1.1.1-gentoodb.patch" |
193 |
- |
194 |
- eautoreconf |
195 |
- elibtoolize |
196 |
-} |
197 |
- |
198 |
-src_configure() { |
199 |
- local myconf |
200 |
- |
201 |
- export ac_cv_header_xcrypt_h=no |
202 |
- |
203 |
- econf \ |
204 |
- --disable-dependency-tracking \ |
205 |
- --enable-fast-install \ |
206 |
- --libdir="${EPREFIX}"/usr/$(get_libdir) \ |
207 |
- --docdir="${EPREFIX}"/usr/share/doc/${PF} \ |
208 |
- --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \ |
209 |
- --enable-securedir="${EPREFIX}"/$(get_libdir)/security \ |
210 |
- --enable-isadir="${EPREFIX}"/$(get_libdir)/security \ |
211 |
- $(use_enable nls) \ |
212 |
- $(use_enable cracklib) \ |
213 |
- $(use_enable audit) \ |
214 |
- $(use_enable debug) \ |
215 |
- $(use_enable berkdb db) \ |
216 |
- --with-db-uniquename=-$(db_findver sys-libs/db) \ |
217 |
- --disable-prelude \ |
218 |
- ${myconf} |
219 |
-} |
220 |
- |
221 |
-src_compile() { |
222 |
- emake sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "emake failed" |
223 |
-} |
224 |
- |
225 |
-src_test() { |
226 |
- # explicitly allow parallel-build during testing |
227 |
- emake sepermitlockdir="${EPREFIX}/var/run/sepermit" check || die "emake check failed" |
228 |
-} |
229 |
- |
230 |
-src_install() { |
231 |
- local lib |
232 |
- |
233 |
- emake DESTDIR="${D}" install \ |
234 |
- sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "make install failed" |
235 |
- |
236 |
- # Need to be suid |
237 |
- fperms u+s /sbin/unix_chkpwd |
238 |
- |
239 |
- gen_usr_ldscript -a pam pamc pam_misc |
240 |
- |
241 |
- # create extra symlinks just in case something depends on them... |
242 |
- for lib in pam pamc pam_misc; do |
243 |
- if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then |
244 |
- dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname) |
245 |
- fi |
246 |
- done |
247 |
- |
248 |
- dodoc CHANGELOG ChangeLog README AUTHORS Copyright NEWS || die |
249 |
- |
250 |
- docinto modules |
251 |
- for dir in modules/pam_*; do |
252 |
- newdoc "${dir}"/README README."$(basename "${dir}")" |
253 |
- done |
254 |
- |
255 |
- # Get rid of the .la files. We certainly don't need them for PAM |
256 |
- # modules, and libpam is installed as a shared object only, so we |
257 |
- # don't ned them for static linking either. |
258 |
- find "${D}" -name '*.la' -delete |
259 |
-} |
260 |
- |
261 |
-pkg_preinst() { |
262 |
- check_old_modules || die "deprecated PAM modules still used" |
263 |
-} |
264 |
- |
265 |
-pkg_postinst() { |
266 |
- ewarn "Some software with pre-loaded PAM libraries might experience" |
267 |
- ewarn "warnings or failures related to missing symbols and/or versions" |
268 |
- ewarn "after any update. While unfortunate this is a limit of the" |
269 |
- ewarn "implementation of PAM and the software, and it requires you to" |
270 |
- ewarn "restart the software manually after the update." |
271 |
- ewarn "" |
272 |
- ewarn "You can get a list of such software running a command like" |
273 |
- ewarn " lsof / | egrep 'DEL.*libpam\\.so'" |
274 |
- elog "" |
275 |
- elog "Because of a bug present up to version 1.1.1-r2, you might have" |
276 |
- elog "an executable /var/log/tallylog file. If it is so, you can safely" |
277 |
- elog "correct it by running the command" |
278 |
- elog " chmod -x /var/log/tallylog" |
279 |
- elog "" |
280 |
-} |