Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-dev:uclibc commit in: sys-libs/pam/, sys-libs/pam/files/
Date: Sat, 30 Jun 2012 19:31:54
Message-Id: 1341084692.76e4e1ba44589fadd589353b4a06a26245492f7f.blueness@gentoo
1 commit: 76e4e1ba44589fadd589353b4a06a26245492f7f
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sat Jun 30 19:31:32 2012 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sat Jun 30 19:31:32 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=76e4e1ba
7
8 sys-libs/pam: moving towards pam-less systems
9
10 ---
11 sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch | 18 --
12 sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch | 20 ---
13 sys-libs/pam/metadata.xml | 29 ----
14 sys-libs/pam/pam-1.1.2.ebuild | 170 --------------------
15 4 files changed, 0 insertions(+), 237 deletions(-)
16
17 diff --git a/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch b/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch
18 deleted file mode 100644
19 index 2cd3e95..0000000
20 --- a/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch
21 +++ /dev/null
22 @@ -1,18 +0,0 @@
23 -This patch makes sure that the xtests programs don't get build when running
24 -'make all', as they might fail to build (for instance if GLIBC 2.3 is used).
25 -
26 -Note that the tests are not executed by default at make check because they
27 -are anyway broken.
28 -Index: Linux-PAM-0.99.9.0/xtests/Makefile.am
29 -===================================================================
30 ---- Linux-PAM-0.99.9.0.orig/xtests/Makefile.am
31 -+++ Linux-PAM-0.99.9.0/xtests/Makefile.am
32 -@@ -29,7 +29,7 @@ XTESTS = tst-pam_dispatch1 tst-pam_dispa
33 - tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \
34 - tst-pam_group1
35 -
36 --noinst_PROGRAMS = $(XTESTS)
37 -+check_PROGRAMS = $(XTESTS)
38 -
39 - xtests: $(XTESTS) run-xtests.sh
40 - "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS}
41
42 diff --git a/sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch b/sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch
43 deleted file mode 100644
44 index 0334496..0000000
45 --- a/sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch
46 +++ /dev/null
47 @@ -1,20 +0,0 @@
48 -Index: Linux-PAM-1.1.1/configure.in
49 -===================================================================
50 ---- Linux-PAM-1.1.1.orig/configure.in
51 -+++ Linux-PAM-1.1.1/configure.in
52 -@@ -389,10 +389,11 @@ AC_ARG_WITH([db-uniquename],
53 - AS_HELP_STRING([--with-db-uniquename=extension],[Unique name for db libraries and functions.]))
54 - if test x"$WITH_DB" != xno ; then
55 - if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then
56 -- AC_CHECK_LIB([db$with_db_uniquename], [db_create$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="")
57 -- if test -z "$LIBDB" ; then
58 -- AC_CHECK_LIB([db$with_db_uniquename], [dbm_store$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="")
59 -- fi
60 -+ old_libs=$LIBS
61 -+ LIBS="$LIBS -ldb$with_db_uniquename"
62 -+ AC_CHECK_FUNCS([db_create$with_db_uniquename db_create dbm_store$with_db_uniquename dbm_store],
63 -+ [LIBDB="-ldb$with_db_uniquename"; break])
64 -+ LIBS=$old_libs
65 - fi
66 - if test -z "$LIBDB" ; then
67 - AC_CHECK_LIB([ndbm],[dbm_store], LIBDB="-lndbm", LIBDB="")
68
69 diff --git a/sys-libs/pam/metadata.xml b/sys-libs/pam/metadata.xml
70 deleted file mode 100644
71 index e5b58f5..0000000
72 --- a/sys-libs/pam/metadata.xml
73 +++ /dev/null
74 @@ -1,29 +0,0 @@
75 -<?xml version="1.0" encoding="UTF-8"?>
76 -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
77 -<pkgmetadata>
78 - <herd>pam</herd>
79 - <maintainer>
80 - <email>pam-bugs@g.o</email>
81 - </maintainer>
82 - <use>
83 - <flag name='audit'>Enable support for <pkg>sys-process/audit</pkg></flag>
84 -
85 - <flag name="berkdb">
86 - Build the pam_userdb module, that allows to authenticate users
87 - against a Berkeley DB file. Please note that enabling this USE
88 - flag will create a PAM module that links to the Berkeley DB (as
89 - provided by <pkg>sys-libs/db</pkg>) installed in /usr/lib and
90 - will thus not work for boot-critical services authentication.
91 - </flag>
92 -
93 - <flag name="cracklib">
94 - Build the pam_cracklib module, that allows to verify the chosen
95 - passwords' strength through the use of
96 - <pkg>sys-libs/cracklib</pkg>. Please note that simply enabling
97 - the USE flag on this package will not make use of pam_cracklib
98 - by default, you should also enable it in
99 - <pkg>sys-auth/pambase</pkg> as well as update your configuration
100 - files.
101 - </flag>
102 - </use>
103 -</pkgmetadata>
104
105 diff --git a/sys-libs/pam/pam-1.1.2.ebuild b/sys-libs/pam/pam-1.1.2.ebuild
106 deleted file mode 100644
107 index 80f41dc..0000000
108 --- a/sys-libs/pam/pam-1.1.2.ebuild
109 +++ /dev/null
110 @@ -1,170 +0,0 @@
111 -# Copyright 1999-2010 Gentoo Foundation
112 -# Distributed under the terms of the GNU General Public License v2
113 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.1.2.ebuild,v 1.1 2010/08/31 12:32:45 flameeyes Exp $
114 -
115 -EAPI="3"
116 -
117 -inherit libtool multilib eutils autotools pam toolchain-funcs flag-o-matic db-use
118 -
119 -MY_PN="Linux-PAM"
120 -MY_P="${MY_PN}-${PV}"
121 -
122 -HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
123 -DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
124 -
125 -SRC_URI="http://mirror.anl.gov/pub/linux/libs/pam/library/${MY_P}.tar.bz2"
126 -
127 -LICENSE="|| ( BSD GPL-2 )"
128 -SLOT="0"
129 -KEYWORDS="amd64 mips x86"
130 -IUSE="cracklib nls vim-syntax audit test debug berkdb"
131 -
132 -RDEPEND="nls? ( virtual/libintl )
133 - cracklib? ( >=sys-libs/cracklib-2.8.3 )
134 - audit? ( sys-process/audit )
135 - berkdb? ( sys-libs/db )"
136 -DEPEND="${RDEPEND}
137 - sys-devel/flex
138 - nls? ( sys-devel/gettext )"
139 -PDEPEND="sys-auth/pambase
140 - vim-syntax? ( app-vim/pam-syntax )"
141 -
142 -S="${WORKDIR}/${MY_P}"
143 -
144 -check_old_modules() {
145 - local retval="0"
146 -
147 - if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
148 - eerror ""
149 - eerror "Your current setup is using the pam_stack module."
150 - eerror "This module is deprecated and no longer supported, and since version"
151 - eerror "0.99 is no longer installed, nor provided by any other package."
152 - eerror "The package will be built (to allow binary package builds), but will"
153 - eerror "not be installed."
154 - eerror "Please replace pam_stack usage with proper include directive usage,"
155 - eerror "following the PAM Upgrade guide at the following URL"
156 - eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
157 - eerror ""
158 -
159 - retval=1
160 - fi
161 -
162 - if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
163 - eerror ""
164 - eerror "Your current setup is using one or more of the following modules,"
165 - eerror "that are not built or supported anymore:"
166 - eerror "pam_pwdb, pam_console"
167 - eerror "If you are in real need for these modules, please contact the maintainers"
168 - eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
169 - eerror "use cases."
170 - eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
171 - eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
172 - eerror ""
173 -
174 - retval=1
175 - fi
176 -
177 - return $retval
178 -}
179 -
180 -pkg_setup() {
181 - check_old_modules
182 -}
183 -
184 -src_prepare() {
185 - # Avoid building xtests during "make all"; note that for what
186 - # we're concerned xtests are not even executed, so we should
187 - # probably use EXTRA_PROGRAMS.
188 - epatch "${FILESDIR}/${MY_PN}-0.99.8.1-xtests.patch"
189 -
190 - # Fix tests to find Berkeley DB as installed by Gentoo (with a
191 - # library suffix but no suffix on the ELF symbols).
192 - epatch "${FILESDIR}/${MY_PN}-1.1.1-gentoodb.patch"
193 -
194 - eautoreconf
195 - elibtoolize
196 -}
197 -
198 -src_configure() {
199 - local myconf
200 -
201 - export ac_cv_header_xcrypt_h=no
202 -
203 - econf \
204 - --disable-dependency-tracking \
205 - --enable-fast-install \
206 - --libdir="${EPREFIX}"/usr/$(get_libdir) \
207 - --docdir="${EPREFIX}"/usr/share/doc/${PF} \
208 - --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \
209 - --enable-securedir="${EPREFIX}"/$(get_libdir)/security \
210 - --enable-isadir="${EPREFIX}"/$(get_libdir)/security \
211 - $(use_enable nls) \
212 - $(use_enable cracklib) \
213 - $(use_enable audit) \
214 - $(use_enable debug) \
215 - $(use_enable berkdb db) \
216 - --with-db-uniquename=-$(db_findver sys-libs/db) \
217 - --disable-prelude \
218 - ${myconf}
219 -}
220 -
221 -src_compile() {
222 - emake sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "emake failed"
223 -}
224 -
225 -src_test() {
226 - # explicitly allow parallel-build during testing
227 - emake sepermitlockdir="${EPREFIX}/var/run/sepermit" check || die "emake check failed"
228 -}
229 -
230 -src_install() {
231 - local lib
232 -
233 - emake DESTDIR="${D}" install \
234 - sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "make install failed"
235 -
236 - # Need to be suid
237 - fperms u+s /sbin/unix_chkpwd
238 -
239 - gen_usr_ldscript -a pam pamc pam_misc
240 -
241 - # create extra symlinks just in case something depends on them...
242 - for lib in pam pamc pam_misc; do
243 - if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
244 - dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
245 - fi
246 - done
247 -
248 - dodoc CHANGELOG ChangeLog README AUTHORS Copyright NEWS || die
249 -
250 - docinto modules
251 - for dir in modules/pam_*; do
252 - newdoc "${dir}"/README README."$(basename "${dir}")"
253 - done
254 -
255 - # Get rid of the .la files. We certainly don't need them for PAM
256 - # modules, and libpam is installed as a shared object only, so we
257 - # don't ned them for static linking either.
258 - find "${D}" -name '*.la' -delete
259 -}
260 -
261 -pkg_preinst() {
262 - check_old_modules || die "deprecated PAM modules still used"
263 -}
264 -
265 -pkg_postinst() {
266 - ewarn "Some software with pre-loaded PAM libraries might experience"
267 - ewarn "warnings or failures related to missing symbols and/or versions"
268 - ewarn "after any update. While unfortunate this is a limit of the"
269 - ewarn "implementation of PAM and the software, and it requires you to"
270 - ewarn "restart the software manually after the update."
271 - ewarn ""
272 - ewarn "You can get a list of such software running a command like"
273 - ewarn " lsof / | egrep 'DEL.*libpam\\.so'"
274 - elog ""
275 - elog "Because of a bug present up to version 1.1.1-r2, you might have"
276 - elog "an executable /var/log/tallylog file. If it is so, you can safely"
277 - elog "correct it by running the command"
278 - elog " chmod -x /var/log/tallylog"
279 - elog ""
280 -}