1 |
commit: 23983c0b56e5619339c85eff017db88536e980c0 |
2 |
Author: Dennis Schridde <devurandom <AT> gmx <DOT> net> |
3 |
AuthorDate: Wed Nov 21 13:53:16 2012 +0000 |
4 |
Commit: Dennis Schridde <devurandom <AT> gmx <DOT> net> |
5 |
CommitDate: Wed Nov 21 13:53:16 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/kde.git;a=commit;h=23983c0b |
7 |
|
8 |
[sys-auth/pambase] Fix KDE autologin (bug #422495) |
9 |
|
10 |
Was showing lastlog dialogue box on every login, delaying the time until the system becomes usable unnecessarily. |
11 |
|
12 |
pam_lastlog is now silent by default and only for login shells it shows a message. |
13 |
|
14 |
Thanks to Andrei Mihăilă and Egor Y. Egorov! |
15 |
|
16 |
Bug: #422495 |
17 |
|
18 |
Package-Manager: portage-2.2.0_alpha142 |
19 |
|
20 |
--- |
21 |
.../files/pambase-20120417-lastlog-silent.patch | 20 ++++ |
22 |
.../pambase/files/pambase-20120417-systemd.patch | 29 ++++++ |
23 |
sys-auth/pambase/metadata.xml | 84 ++++++++++++++++ |
24 |
sys-auth/pambase/pambase-20120417-r2.ebuild | 106 ++++++++++++++++++++ |
25 |
4 files changed, 239 insertions(+), 0 deletions(-) |
26 |
|
27 |
diff --git a/sys-auth/pambase/files/pambase-20120417-lastlog-silent.patch b/sys-auth/pambase/files/pambase-20120417-lastlog-silent.patch |
28 |
new file mode 100644 |
29 |
index 0000000..79266a7 |
30 |
--- /dev/null |
31 |
+++ b/sys-auth/pambase/files/pambase-20120417-lastlog-silent.patch |
32 |
@@ -0,0 +1,20 @@ |
33 |
+--- pambase-20120417/login.in.orig 2012-11-21 14:31:49.031948988 +0100 |
34 |
++++ pambase-20120417/login.in 2012-11-21 14:32:41.172330601 +0100 |
35 |
+@@ -3,4 +3,6 @@ |
36 |
+ |
37 |
+ account include system-local-login |
38 |
+ password include system-local-login |
39 |
++ |
40 |
++session optional pam_lastlog.so DEBUG |
41 |
+ session include system-local-login |
42 |
+--- pambase-20120417/system-login.in.orig 2012-11-21 14:31:42.232160039 +0100 |
43 |
++++ pambase-20120417/system-login.in 2012-11-21 14:35:20.738025880 +0100 |
44 |
+@@ -41,7 +41,7 @@ |
45 |
+ session required pam_env.so DEBUG |
46 |
+ #endif |
47 |
+ #if HAVE_LASTLOG |
48 |
+-session optional pam_lastlog.so DEBUG |
49 |
++session optional pam_lastlog.so silent DEBUG |
50 |
+ #endif |
51 |
+ session include system-auth |
52 |
+ #if HAVE_CONSOLEKIT |
53 |
|
54 |
diff --git a/sys-auth/pambase/files/pambase-20120417-systemd.patch b/sys-auth/pambase/files/pambase-20120417-systemd.patch |
55 |
new file mode 100644 |
56 |
index 0000000..047fb41 |
57 |
--- /dev/null |
58 |
+++ b/sys-auth/pambase/files/pambase-20120417-systemd.patch |
59 |
@@ -0,0 +1,29 @@ |
60 |
+http://bugs.gentoo.org/372229 |
61 |
+ |
62 |
+--- Makefile |
63 |
++++ Makefile |
64 |
+@@ -28,6 +28,10 @@ |
65 |
+ PAMFLAGS += -DHAVE_CONSOLEKIT=1 |
66 |
+ endif |
67 |
+ |
68 |
++ifeq "$(SYSTEMD)" "yes" |
69 |
++PAMFLAGS += -DHAVE_SYSTEMD=1 |
70 |
++endif |
71 |
++ |
72 |
+ ifeq "$(GNOME_KEYRING)" "yes" |
73 |
+ PAMFLAGS += -DHAVE_GNOME_KEYRING=1 |
74 |
+ endif |
75 |
+--- system-login.in |
76 |
++++ system-login.in |
77 |
+@@ -45,7 +45,10 @@ |
78 |
+ #endif |
79 |
+ session include system-auth |
80 |
+ #if HAVE_CONSOLEKIT |
81 |
+-session optional pam_ck_connector.so nox11 |
82 |
++-session optional pam_ck_connector.so nox11 |
83 |
++#endif |
84 |
++#if HAVE_SYSTEMD |
85 |
++-session optional pam_systemd.so |
86 |
+ #endif |
87 |
+ #if HAVE_GNOME_KEYRING |
88 |
+ session optional pam_gnome_keyring.so auto_start |
89 |
|
90 |
diff --git a/sys-auth/pambase/metadata.xml b/sys-auth/pambase/metadata.xml |
91 |
new file mode 100644 |
92 |
index 0000000..7a35775 |
93 |
--- /dev/null |
94 |
+++ b/sys-auth/pambase/metadata.xml |
95 |
@@ -0,0 +1,84 @@ |
96 |
+<?xml version="1.0" encoding="UTF-8"?> |
97 |
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
98 |
+<pkgmetadata> |
99 |
+ <herd>pam</herd> |
100 |
+ <maintainer> |
101 |
+ <email>pam-bugs@g.o</email> |
102 |
+ </maintainer> |
103 |
+ <use> |
104 |
+ <flag name="cracklib"> |
105 |
+ Enable pam_cracklib module on system authentication stack. This |
106 |
+ produces warnings when changing password to something easily |
107 |
+ crackable. It requires the same USE flag to be enabled on |
108 |
+ <pkg>sys-libs/pam</pkg> or system login might be impossible. |
109 |
+ </flag> |
110 |
+ <flag name="consolekit"> |
111 |
+ Enable pam_ck_connector module on local system logins. This |
112 |
+ allows for console logins to make use of ConsoleKit |
113 |
+ authorization. |
114 |
+ </flag> |
115 |
+ <flag name="systemd"> |
116 |
+ Use pam_systemd module to register user sessions in the systemd |
117 |
+ control group hierarchy. |
118 |
+ </flag> |
119 |
+ <flag name="gnome-keyring"> |
120 |
+ Enable pam_gnome_keyring module on system login stack. This |
121 |
+ enables proper Gnome Keyring access to logins, whether they are |
122 |
+ done with the login shell, a Desktop Manager or a remote login |
123 |
+ systems such as SSH. |
124 |
+ </flag> |
125 |
+ <flag name="debug"> |
126 |
+ Enable debug information logging on syslog(3) for all the |
127 |
+ modules supporting this in the system authentication and system |
128 |
+ login stacks. |
129 |
+ </flag> |
130 |
+ <flag name="passwdqc"> |
131 |
+ Enable pam_passwdqc module on system auth stack for password |
132 |
+ quality validation. This is an alternative to pam_cracklib |
133 |
+ producing warnings, rejecting or providing example passwords |
134 |
+ when changing your system password. It is used by default by |
135 |
+ OpenWall GNU/*/Linux and by FreeBSD. |
136 |
+ </flag> |
137 |
+ <flag name="mktemp"> |
138 |
+ Enable pam_mktemp module on system auth stack for session |
139 |
+ handling. This module creates a private temporary directory for |
140 |
+ the user, and sets TMP and TMPDIR accordingly. |
141 |
+ </flag> |
142 |
+ <flag name="pam_ssh"> |
143 |
+ Enable pam_ssh module on system auth stack for authentication |
144 |
+ and session handling. This module will accept as password the |
145 |
+ passphrase of a private SSH key (one of ~/.ssh/id_rsa, |
146 |
+ ~/.ssh/id_dsa or ~/.ssh/identity), and will spawn an ssh-agent |
147 |
+ instance to cache the open key. |
148 |
+ </flag> |
149 |
+ <flag name="sha512"> |
150 |
+ Switch Linux-PAM's pam_unix module to use sha512 for passwords |
151 |
+ hashes rather than MD5. This option requires |
152 |
+ <pkg>>=sys-libs/pam-1.0.1</pkg> built against |
153 |
+ <pkg>>=sys-libs/glibc-2.7</pkg>, if it's built against an |
154 |
+ earlier version, it will silently be ignored, and MD5 hashes |
155 |
+ will be used. All the passwords changed after this USE flag is |
156 |
+ enabled will be saved to the shadow file hashed using SHA512 |
157 |
+ function. The password previously saved will be left |
158 |
+ untouched. Please note that while SHA512-hashed passwords will |
159 |
+ still be recognised if the USE flag is removed, the shadow file |
160 |
+ will not be compatible with systems using an earlier glibc |
161 |
+ version. |
162 |
+ </flag> |
163 |
+ <flag name="pam_krb5"> |
164 |
+ Enable pam_krb5 module on system auth stack, as an alternative |
165 |
+ to pam_unix. If Kerberos authentication succeed, only pam_unix |
166 |
+ will be ignore, and all the other modules will proceed as usual, |
167 |
+ including Gnome Keyring and other session modules. It requires |
168 |
+ <pkg>sys-libs/pam</pkg> as PAM implementation. |
169 |
+ </flag> |
170 |
+ <flag name="minimal"> |
171 |
+ Disables the standard PAM modules that provide extra information |
172 |
+ to users on login; this includes pam_tally (and pam_tally2 for |
173 |
+ Linux PAM 1.1 and later), pam_lastlog, pam_motd and other |
174 |
+ similar modules. This might not be a good idea on a multi-user |
175 |
+ system but could reduce slightly the overhead on single-user |
176 |
+ non-networked systems. |
177 |
+ </flag> |
178 |
+ </use> |
179 |
+</pkgmetadata> |
180 |
|
181 |
diff --git a/sys-auth/pambase/pambase-20120417-r2.ebuild b/sys-auth/pambase/pambase-20120417-r2.ebuild |
182 |
new file mode 100644 |
183 |
index 0000000..2fe7d41 |
184 |
--- /dev/null |
185 |
+++ b/sys-auth/pambase/pambase-20120417-r2.ebuild |
186 |
@@ -0,0 +1,106 @@ |
187 |
+# Copyright 1999-2012 Gentoo Foundation |
188 |
+# Distributed under the terms of the GNU General Public License v2 |
189 |
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/pambase/pambase-20120417-r1.ebuild,v 1.1 2012/06/19 07:55:53 ssuominen Exp $ |
190 |
+ |
191 |
+EAPI=4 |
192 |
+inherit eutils |
193 |
+ |
194 |
+DESCRIPTION="PAM base configuration files" |
195 |
+HOMEPAGE="http://www.gentoo.org/proj/en/base/pam/" |
196 |
+SRC_URI="http://dev.gentoo.org/~flameeyes/${PN}/${P}.tar.bz2 |
197 |
+ http://dev.gentoo.org/~phajdan.jr/${PN}/${P}.tar.bz2" |
198 |
+ |
199 |
+LICENSE="GPL-2" |
200 |
+SLOT="0" |
201 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 -sparc-fbsd -x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux" |
202 |
+IUSE="consolekit cracklib debug gnome-keyring minimal mktemp pam_krb5 pam_ssh passwdqc selinux +sha512 systemd" |
203 |
+ |
204 |
+RESTRICT=binchecks |
205 |
+ |
206 |
+MIN_PAM_REQ=1.1.3 |
207 |
+ |
208 |
+RDEPEND=" |
209 |
+ || ( |
210 |
+ >=sys-libs/pam-${MIN_PAM_REQ} |
211 |
+ ( sys-auth/openpam || ( sys-freebsd/freebsd-pam-modules sys-netbsd/netbsd-pam-modules ) ) |
212 |
+ ) |
213 |
+ consolekit? ( >=sys-auth/consolekit-0.4.5_p2012[pam] ) |
214 |
+ cracklib? ( >=sys-libs/pam-${MIN_PAM_REQ}[cracklib] ) |
215 |
+ gnome-keyring? ( >=gnome-base/gnome-keyring-2.32[pam] ) |
216 |
+ mktemp? ( sys-auth/pam_mktemp ) |
217 |
+ pam_krb5? ( |
218 |
+ >=sys-libs/pam-${MIN_PAM_REQ} |
219 |
+ >=sys-auth/pam_krb5-4.3 |
220 |
+ ) |
221 |
+ pam_ssh? ( sys-auth/pam_ssh ) |
222 |
+ passwdqc? ( >=sys-auth/pam_passwdqc-1.0.4 ) |
223 |
+ selinux? ( >=sys-libs/pam-${MIN_PAM_REQ}[selinux] ) |
224 |
+ sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} ) |
225 |
+ systemd? ( >=sys-apps/systemd-44-r1[pam] ) |
226 |
+ !<sys-apps/shadow-4.1.5-r1 |
227 |
+ !<sys-freebsd/freebsd-pam-modules-6.2-r1 |
228 |
+ !<sys-libs/pam-0.99.9.0-r1" |
229 |
+DEPEND="app-portage/portage-utils" |
230 |
+ |
231 |
+src_prepare() { |
232 |
+ epatch "${FILESDIR}"/${P}-systemd.patch |
233 |
+ epatch "${FILESDIR}"/${P}-lastlog-silent.patch |
234 |
+} |
235 |
+ |
236 |
+src_compile() { |
237 |
+ local implementation= |
238 |
+ local linux_pam_version= |
239 |
+ if has_version sys-libs/pam; then |
240 |
+ implementation=linux-pam |
241 |
+ local ver_str=$(qatom `best_version sys-libs/pam` | cut -d ' ' -f 3) |
242 |
+ linux_pam_version=$(printf "0x%02x%02x%02x" ${ver_str//\./ }) |
243 |
+ elif has_version sys-auth/openpam; then |
244 |
+ implementation=openpam |
245 |
+ else |
246 |
+ die "PAM implementation not identified" |
247 |
+ fi |
248 |
+ |
249 |
+ use_var() { |
250 |
+ local varname=$(echo $1 | tr [a-z] [A-Z]) |
251 |
+ local usename=${2-$(echo $1 | tr [A-Z] [a-z])} |
252 |
+ local varvalue=$(usex $usename) |
253 |
+ echo "${varname}=${varvalue}" |
254 |
+ } |
255 |
+ |
256 |
+ emake \ |
257 |
+ GIT=true \ |
258 |
+ $(use_var debug) \ |
259 |
+ $(use_var cracklib) \ |
260 |
+ $(use_var passwdqc) \ |
261 |
+ $(use_var consolekit) \ |
262 |
+ $(use_var systemd) \ |
263 |
+ $(use_var GNOME_KEYRING gnome-keyring) \ |
264 |
+ $(use_var selinux) \ |
265 |
+ $(use_var mktemp) \ |
266 |
+ $(use_var PAM_SSH pam_ssh) \ |
267 |
+ $(use_var sha512) \ |
268 |
+ $(use_var KRB5 pam_krb5) \ |
269 |
+ $(use_var minimal) \ |
270 |
+ IMPLEMENTATION=${implementation} \ |
271 |
+ LINUX_PAM_VERSION=${linux_pam_version} |
272 |
+} |
273 |
+ |
274 |
+src_test() { :; } |
275 |
+ |
276 |
+src_install() { |
277 |
+ emake GIT=true DESTDIR="${ED}" install |
278 |
+} |
279 |
+ |
280 |
+pkg_postinst() { |
281 |
+ if use sha512; then |
282 |
+ elog "Starting from version 20080801, pambase optionally enables" |
283 |
+ elog "SHA512-hashed passwords. For this to work, you need sys-libs/pam-1.0.1" |
284 |
+ elog "built against sys-libs/glibc-2.7 or later." |
285 |
+ elog "If you don't have support for this, it will automatically fallback" |
286 |
+ elog "to MD5-hashed passwords, just like before." |
287 |
+ elog |
288 |
+ elog "Please note that the change only affects the newly-changed passwords" |
289 |
+ elog "and that SHA512-hashed passwords will not work on earlier versions" |
290 |
+ elog "of glibc or Linux-PAM." |
291 |
+ fi |
292 |
+} |