Gentoo Archives: gentoo-hardened

From: James Taylor <james@××××××××××.au>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] [PATCH] sys-libs/pam: Fixed building under musl using patchset from Alpine Linux
Date: Sat, 21 Feb 2015 00:54:17
Message-Id: 54E73899.8080102@jtaylor.id.au
1 From 157f6be1e6ec54a8c2eca131df24de96e0cddb7d Mon Sep 17 00:00:00 2001
2 From: James Taylor <james@××××××××××.au>
3 Date: Fri, 20 Feb 2015 13:33:35 +0000
4 Subject: [PATCH] sys-libs/pam: Fixed building under musl using patchset from
5 Alpine Linux
6
7 ---
8 sys-libs/pam/Manifest | 7 +
9 sys-libs/pam/files/pam-1.1.8-doc-install.patch | 142 +++++++++++++++++
10 sys-libs/pam/files/pam-1.1.8-fix-compat.patch | 21 +++
11 sys-libs/pam/files/pam-1.1.8-innetgr.patch | 54 +++++++
12 sys-libs/pam/metadata.xml | 32 ++++
13 sys-libs/pam/pam-1.1.8-r99.ebuild | 205
14 +++++++++++++++++++++++++
15 6 files changed, 461 insertions(+)
16 create mode 100644 sys-libs/pam/Manifest
17 create mode 100644 sys-libs/pam/files/pam-1.1.8-doc-install.patch
18 create mode 100644 sys-libs/pam/files/pam-1.1.8-fix-compat.patch
19 create mode 100644 sys-libs/pam/files/pam-1.1.8-innetgr.patch
20 create mode 100644 sys-libs/pam/metadata.xml
21 create mode 100644 sys-libs/pam/pam-1.1.8-r99.ebuild
22
23 diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
24 new file mode 100644
25 index 0000000..db75f3a
26 --- /dev/null
27 +++ b/sys-libs/pam/Manifest
28 @@ -0,0 +1,7 @@
29 +AUX pam-1.1.8-doc-install.patch 6592 SHA256
30 83edb1f57e3fa579bde4cd9ba05966063106f0dc8e57458eea9857250b1a0fb5 SHA512
31 335220790207c3cb9c84420f13e5e1ea8e42e2b5402def0d0f9425ae89b37c8aef66eb9906c58eeb249bd1ca27af711015c363421d4096206ea44c4c4beea302
32 WHIRLPOOL
33 ae6df174b9457bcfd85f41b72ec22054898c0c86f9bb0b170ec3e6c747140d1ac3fba3e684e2c4c9c12bb4a1429996a5bb999c9dc2c7693d5109e52f383d1fcf
34 +AUX pam-1.1.8-fix-compat.patch 402 SHA256
35 c783156888287b44816b4a32c946af657c0a43d8926fe7bd9f54d9768ee8f699 SHA512
36 1178ead83fdc872a626576c620876d013cbeb6199edb704c8d91cb906b9aabc1dd02e11a27a792cb87179554dcaf3080d04478317e03cf34cea23bf42b65fe2f
37 WHIRLPOOL
38 692d3df998b7c29f1a7ea4c75cbeabdb6a907d7a8ca0b9e22f9c02df883db6af6b2052f67f4778cf97667456d54abed7f89fb43ed1bcb01c9fdef42f63d2762f
39 +AUX pam-1.1.8-innetgr.patch 1662 SHA256
40 fb609212837c67da7da033a0daa01d1c2e34166867530e6924102b655e00ebde SHA512
41 ca32ecdacfc5b8f1482031203b616932b646a008b02080315ea2589af5962180d4ff4339c27fe9f6a878a89f47fb69429f4ac75d67b0e70ad7765a4db1dc74d9
42 WHIRLPOOL
43 3034a8cd10f26c303546a99c0ae7de38d016d537deae81e52cc510c515d7e8b7d703bf257fac8d737588add225e125d7a90f6f35cc811eb1330cb3cc88d67048
44 +DIST Linux-PAM-1.1.8-docs.tar.bz2 147887 SHA256
45 c4bb6a0e8307d2ab5611457fecf20fcbd6cdfff51dea524f0f06c74e4f3b4ff8 SHA512
46 36aa99996f8cc0640686d2af40845e18ad4b48183f18de9e1495427550ad5b61e2f59e25f6d5e8df1277cd3f171fd69bf6c49fe7c5b31f0b290e3641b65521e8
47 WHIRLPOOL
48 c4b373e59fac30a29c2b16f01419492c72fae2ceb15b157418bba4899b75cf4b97bac4559b688ef8d5a231cc972f72654c4e10d63a0b72a0d6573388f7125f87
49 +DIST Linux-PAM-1.1.8.tar.bz2 1148944 SHA256
50 c4b1f23a236d169e2496fea20721578d864ba00f7242d2b41d81050ac87a1e55 SHA512
51 245785ab4e187ceaab6393967352c8d2a2319c64e1e83285d0251cc02995dc2edab8e3001301b6d9f6774c441b7557d9caf4dfdf94c7cd5d44aa53ae759d9e5d
52 WHIRLPOOL
53 b4ec7baeb57b9d987086fe3e007e08e8b9c92b2ff86a94f8003a87c8448925835808661cd719d2445570aa8dd1c20fcbbe8bd465d73f4af8cd7edde0f650a734
54 +EBUILD pam-1.1.8-r99.ebuild 6289 SHA256
55 d9fac218f4e3a095a1d7bbe62d65db2c73a5183681b28006972c2575a1473221 SHA512
56 f341057c9234e57e102c38d46bdb2670bc6e2c50e53a3175cf3e65a35bd37e633712608f458b2e59fb7ec61a41169279efdbeeb4be468d5ba9287239ca5033e1
57 WHIRLPOOL
58 074506f012d3d820951d003b1350f62f9745d841b26ad7c89a345c819734c6cfd26d69a89f4f08dfb4c3ac67bf68e9b938d630fa3887cea33dcc0a7dcde18e7c
59 +MISC metadata.xml 1218 SHA256
60 9ea95e669c343b7e7184d3fb3b1bbad013493bfdca0e8f184ddf4728e6b5e884 SHA512
61 60ae70d605f654867e4c444c7489ecd76083c286039febd71ffd18a9e120b151a47488df925ec97e6768c62e5e48068abb864a6b978abd67623fb0b6c414f248
62 WHIRLPOOL
63 a96d70fd81604dd265f15672183b793d0c3f48508b317f973481c460d56ea05d917a446fd60998536f7a3d811407ca3573554f9dcdc8f45ab88dbbf7875985ab
64 diff --git a/sys-libs/pam/files/pam-1.1.8-doc-install.patch
65 b/sys-libs/pam/files/pam-1.1.8-doc-install.patch
66 new file mode 100644
67 index 0000000..bdd5b9d
68 --- /dev/null
69 +++ b/sys-libs/pam/files/pam-1.1.8-doc-install.patch
70 @@ -0,0 +1,142 @@
71 +https://bugs.gentoo.org/473650
72 +https://fedorahosted.org/linux-pam/ticket/31
73 +
74 +fix doc installs when doing out of tree builds
75 +
76 +--- a/doc/adg/Makefile.in
77 ++++ b/doc/adg/Makefile.in
78 +@@ -463,17 +463,17 @@ install-data-local:
79 + $(mkinstalldirs) $(DESTDIR)$(docdir)
80 + $(mkinstalldirs) $(DESTDIR)$(pdfdir)
81 + $(mkinstalldirs) $(DESTDIR)$(htmldir)
82 +- test -f html/Linux-PAM_ADG.html || exit 0; \
83 ++ test -f html/Linux-PAM_ADG.html -o -f
84 $(srcdir)/html/Linux-PAM_ADG.html || exit 0; \
85 + $(install_sh_DATA) html/Linux-PAM_ADG.html html/adg-*.html \
86 + $(DESTDIR)$(htmldir)/ || \
87 + $(install_sh_DATA) $(srcdir)/html/Linux-PAM_ADG.html \
88 +- $(srcdir)/html/sag-*.html \
89 ++ $(srcdir)/html/adg-*.html \
90 + $(DESTDIR)$(htmldir)/
91 +- test -f Linux-PAM_ADG.txt || exit 0; \
92 ++ test -f Linux-PAM_ADG.txt -o -f $(srcdir)/Linux-PAM_ADG.txt || exit 0; \
93 + $(install_sh_DATA) Linux-PAM_ADG.txt $(DESTDIR)$(docdir)/ || \
94 + $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.txt \
95 + $(DESTDIR)$(docdir)/
96 +- test -f Linux-PAM_ADG.pdf || exit 0; \
97 ++ test -f Linux-PAM_ADG.pdf -o -f $(srcdir)/Linux-PAM_ADG.pdf || exit 0; \
98 + $(install_sh_DATA) Linux-PAM_ADG.pdf $(DESTDIR)$(pdfdir)/ || \
99 + $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.pdf \
100 + $(DESTDIR)$(pdfdir)/
101 +@@ -486,18 +486,18 @@ uninstall-local:
102 +
103 + releasedocs: all
104 + $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html
105 +- test -f html/Linux-PAM_ADG.html || exit 0; \
106 ++ test -f html/Linux-PAM_ADG.html -o -f
107 $(srcdir)/html/Linux-PAM_ADG.html || exit 0; \
108 + cp -ap html/Linux-PAM_ADG.html html/adg-*.html \
109 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/ || \
110 + cp -ap $(srcdir)/html/Linux-PAM_ADG.html \
111 + $(srcdir)/html/adg-*.html \
112 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/
113 +- test -f Linux-PAM_ADG.txt || exit 0; \
114 ++ test -f Linux-PAM_ADG.txt -o -f $(srcdir)/Linux-PAM_ADG.txt || exit 0; \
115 + cp -p Linux-PAM_ADG.txt \
116 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \
117 + cp -p $(srcdir)/Linux-PAM_ADG.txt \
118 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/
119 +- test -f Linux-PAM_ADG.pdf || exit 0; \
120 ++ test -f Linux-PAM_ADG.pdf -o -f $(srcdir)/Linux-PAM_ADG.pdf || exit 0; \
121 + cp -p Linux-PAM_ADG.pdf \
122 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \
123 + cp -p $(srcdir)/Linux-PAM_ADG.pdf \
124 +--- a/doc/mwg/Makefile.in
125 ++++ b/doc/mwg/Makefile.in
126 +@@ -463,17 +463,17 @@ install-data-local:
127 + $(mkinstalldirs) $(DESTDIR)$(docdir)
128 + $(mkinstalldirs) $(DESTDIR)$(pdfdir)
129 + $(mkinstalldirs) $(DESTDIR)$(htmldir)
130 +- test -f html/Linux-PAM_MWG.html || exit 0; \
131 ++ test -f html/Linux-PAM_MWG.html -o -f
132 $(srcdir)/html/Linux-PAM_MWG.html || exit 0; \
133 + $(install_sh_DATA) html/Linux-PAM_MWG.html html/mwg-*.html \
134 + $(DESTDIR)$(htmldir)/ || \
135 + $(install_sh_DATA) $(srcdir)/html/Linux-PAM_MWG.html \
136 +- $(srcdir)/html/sag-*.html \
137 ++ $(srcdir)/html/mwg-*.html \
138 + $(DESTDIR)$(htmldir)/
139 +- test -f Linux-PAM_MWG.txt || exit 0; \
140 ++ test -f Linux-PAM_MWG.txt -o -f $(srcdir)/Linux-PAM_MWG.txt || exit 0; \
141 + $(install_sh_DATA) Linux-PAM_MWG.txt $(DESTDIR)$(docdir)/ || \
142 + $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.txt \
143 + $(DESTDIR)$(docdir)/
144 +- test -f Linux-PAM_MWG.pdf || exit 0; \
145 ++ test -f Linux-PAM_MWG.pdf -o -f $(srcdir)/Linux-PAM_MWG.pdf || exit 0; \
146 + $(install_sh_DATA) Linux-PAM_MWG.pdf $(DESTDIR)$(pdfdir)/ || \
147 + $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.pdf \
148 + $(DESTDIR)$(pdfdir)/
149 +@@ -486,18 +486,18 @@ uninstall-local:
150 +
151 + releasedocs: all
152 + $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html
153 +- test -f html/Linux-PAM_MWG.html || exit 0; \
154 ++ test -f html/Linux-PAM_MWG.html -o -f
155 $(srcdir)/html/Linux-PAM_MWG.html || exit 0; \
156 + cp -ap html/Linux-PAM_MWG.html html/mwg-*.html \
157 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/ || \
158 + cp -ap $(srcdir)/html/Linux-PAM_MWG.html \
159 + $(srcdir)/html/mwg-*.html \
160 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/
161 +- test -f Linux-PAM_MWG.txt || exit 0; \
162 ++ test -f Linux-PAM_MWG.txt -o -f $(srcdir)/Linux-PAM_MWG.txt || exit 0; \
163 + cp -p Linux-PAM_MWG.txt \
164 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \
165 + cp -p $(srcdir)/Linux-PAM_MWG.txt \
166 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/
167 +- test -f Linux-PAM_MWG.pdf || exit 0; \
168 ++ test -f Linux-PAM_MWG.pdf -o -f $(srcdir)/Linux-PAM_MWG.pdf || exit 0; \
169 + cp -p Linux-PAM_MWG.pdf \
170 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \
171 + cp -p $(srcdir)/Linux-PAM_MWG.pdf \
172 +--- a/doc/sag/Makefile.in
173 ++++ b/doc/sag/Makefile.in
174 +@@ -463,17 +463,17 @@ install-data-local:
175 + $(mkinstalldirs) $(DESTDIR)$(docdir)
176 + $(mkinstalldirs) $(DESTDIR)$(pdfdir)
177 + $(mkinstalldirs) $(DESTDIR)$(htmldir)
178 +- test -f html/Linux-PAM_SAG.html || exit 0; \
179 ++ test -f html/Linux-PAM_SAG.html -o -f
180 $(srcdir)/html/Linux-PAM_SAG.html || exit 0; \
181 + $(install_sh_DATA) html/Linux-PAM_SAG.html html/sag-*.html \
182 + $(DESTDIR)$(htmldir)/ || \
183 + $(install_sh_DATA) $(srcdir)/html/Linux-PAM_SAG.html \
184 + $(srcdir)/html/sag-*.html \
185 + $(DESTDIR)$(htmldir)/
186 +- test -f Linux-PAM_SAG.txt || exit 0; \
187 ++ test -f Linux-PAM_SAG.txt -o -f $(srcdir)/Linux-PAM_SAG.txt || exit 0; \
188 + $(install_sh_DATA) Linux-PAM_SAG.txt $(DESTDIR)$(docdir)/ || \
189 + $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.txt \
190 + $(DESTDIR)$(docdir)/
191 +- test -f Linux-PAM_SAG.pdf || exit 0; \
192 ++ test -f Linux-PAM_SAG.pdf -o -f $(srcdir)/Linux-PAM_SAG.pdf || exit 0; \
193 + $(install_sh_DATA) Linux-PAM_SAG.pdf $(DESTDIR)$(pdfdir)/ || \
194 + $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.pdf \
195 + $(DESTDIR)$(pdfdir)/
196 +@@ -486,18 +486,18 @@ uninstall-local:
197 +
198 + releasedocs: all
199 + $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html
200 +- test -f html/Linux-PAM_SAG.html || exit 0; \
201 ++ test -f html/Linux-PAM_SAG.html -o -f
202 $(srcdir)/html/Linux-PAM_SAG.html || exit 0; \
203 + cp -ap html/Linux-PAM_SAG.html html/sag-*.html \
204 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/ || \
205 + cp -ap $(srcdir)/html/Linux-PAM_SAG.html \
206 + $(srcdir)/html/sag-*.html \
207 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/
208 +- test -f Linux-PAM_SAG.txt || exit 0; \
209 ++ test -f Linux-PAM_SAG.txt -o -f $(srcdir)/Linux-PAM_SAG.txt || exit 0; \
210 + cp -p Linux-PAM_SAG.txt \
211 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \
212 + cp -p $(srcdir)/Linux-PAM_SAG.txt \
213 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/
214 +- test -f Linux-PAM_SAG.pdf || exit 0; \
215 ++ test -f Linux-PAM_SAG.pdf -o -f $(srcdir)/Linux-PAM_SAG.pdf || exit 0; \
216 + cp -p Linux-PAM_SAG.pdf \
217 + $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \
218 + cp -p $(srcdir)/Linux-PAM_SAG.pdf \
219 diff --git a/sys-libs/pam/files/pam-1.1.8-fix-compat.patch
220 b/sys-libs/pam/files/pam-1.1.8-fix-compat.patch
221 new file mode 100644
222 index 0000000..332f609
223 --- /dev/null
224 +++ b/sys-libs/pam/files/pam-1.1.8-fix-compat.patch
225 @@ -0,0 +1,21 @@
226 +--- a/modules/pam_lastlog/pam_lastlog.c
227 ++++ b/modules/pam_lastlog/pam_lastlog.c
228 +@@ -10,6 +10,7 @@
229 +
230 + #include "config.h"
231 +
232 ++#include <paths.h>
233 + #include <fcntl.h>
234 + #include <time.h>
235 + #include <errno.h>
236 +@@ -48,6 +49,10 @@
237 +
238 + #ifndef _PATH_BTMP
239 + # define _PATH_BTMP "/var/log/btmp"
240 ++#endif
241 ++
242 ++#ifndef __GLIBC__
243 ++#define logwtmp(args...)
244 + #endif
245 +
246 + /* XXX - time before ignoring lock. Is 1 sec enough? */
247 diff --git a/sys-libs/pam/files/pam-1.1.8-innetgr.patch
248 b/sys-libs/pam/files/pam-1.1.8-innetgr.patch
249 new file mode 100644
250 index 0000000..a94fa3d
251 --- /dev/null
252 +++ b/sys-libs/pam/files/pam-1.1.8-innetgr.patch
253 @@ -0,0 +1,54 @@
254 +--- Linux-PAM-1.1.3.orig/modules/pam_group/pam_group.c
255 ++++ Linux-PAM-1.1.3/modules/pam_group/pam_group.c
256 +@@ -658,10 +658,13 @@
257 + continue;
258 + }
259 + /* If buffer starts with @, we are using netgroups */
260 ++#ifdef HAVE_INNETGR
261 + if (buffer[0] == '@')
262 + good &= innetgr (&buffer[1], NULL, user, NULL);
263 + /* otherwise, if the buffer starts with %, it's a UNIX group */
264 +- else if (buffer[0] == '%')
265 ++ else
266 ++#endif
267 ++ if (buffer[0] == '%')
268 + good &= pam_modutil_user_in_group_nam_nam(pamh, user,
269 &buffer[1]);
270 + else
271 + good &= logic_field(pamh,user, buffer, count, is_same);
272 +--- Linux-PAM-1.1.3.orig/modules/pam_succeed_if/pam_succeed_if.c
273 ++++ Linux-PAM-1.1.3/modules/pam_succeed_if/pam_succeed_if.c
274 +@@ -233,16 +233,20 @@
275 + static int
276 + evaluate_innetgr(const char *host, const char *user, const char *group)
277 + {
278 ++#ifdef HAVE_INNETGR
279 + if (innetgr(group, host, user, NULL) == 1)
280 + return PAM_SUCCESS;
281 ++#endif
282 + return PAM_AUTH_ERR;
283 + }
284 + /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
285 + static int
286 + evaluate_notinnetgr(const char *host, const char *user, const char *group)
287 + {
288 ++#ifdef HAVE_INNETGR
289 + if (innetgr(group, host, user, NULL) == 0)
290 + return PAM_SUCCESS;
291 ++#endif
292 + return PAM_AUTH_ERR;
293 + }
294 +
295 +--- Linux-PAM-1.1.3.orig/modules/pam_time/pam_time.c
296 ++++ Linux-PAM-1.1.3/modules/pam_time/pam_time.c
297 +@@ -554,9 +554,11 @@
298 + continue;
299 + }
300 + /* If buffer starts with @, we are using netgroups */
301 ++#ifdef HAVE_INNETGR
302 + if (buffer[0] == '@')
303 + good &= innetgr (&buffer[1], NULL, user, NULL);
304 + else
305 ++#endif
306 + good &= logic_field(pamh, user, buffer, count, is_same);
307 + D(("with user: %s", good ? "passes":"fails" ));
308 +
309 diff --git a/sys-libs/pam/metadata.xml b/sys-libs/pam/metadata.xml
310 new file mode 100644
311 index 0000000..4ee5aec
312 --- /dev/null
313 +++ b/sys-libs/pam/metadata.xml
314 @@ -0,0 +1,32 @@
315 +<?xml version="1.0" encoding="UTF-8"?>
316 +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
317 +<pkgmetadata>
318 + <herd>pam</herd>
319 + <maintainer>
320 + <email>pam-bugs@g.o</email>
321 + </maintainer>
322 + <use>
323 + <flag name='audit'>Enable support for
324 <pkg>sys-process/audit</pkg></flag>
325 +
326 + <flag name="berkdb">
327 + Build the pam_userdb module, that allows to authenticate users
328 + against a Berkeley DB file. Please note that enabling this USE
329 + flag will create a PAM module that links to the Berkeley DB (as
330 + provided by <pkg>sys-libs/db</pkg>) installed in /usr/lib and
331 + will thus not work for boot-critical services authentication.
332 + </flag>
333 +
334 + <flag name="cracklib">
335 + Build the pam_cracklib module, that allows to verify the chosen
336 + passwords' strength through the use of
337 + <pkg>sys-libs/cracklib</pkg>. Please note that simply enabling
338 + the USE flag on this package will not make use of pam_cracklib
339 + by default, you should also enable it in
340 + <pkg>sys-auth/pambase</pkg> as well as update your configuration
341 + files.
342 + </flag>
343 + </use>
344 + <upstream>
345 + <remote-id type="cpe">cpe:/a:kernel:linux-pam</remote-id>
346 + </upstream>
347 +</pkgmetadata>
348 diff --git a/sys-libs/pam/pam-1.1.8-r99.ebuild
349 b/sys-libs/pam/pam-1.1.8-r99.ebuild
350 new file mode 100644
351 index 0000000..4b3c659
352 --- /dev/null
353 +++ b/sys-libs/pam/pam-1.1.8-r99.ebuild
354 @@ -0,0 +1,205 @@
355 +# Copyright 1999-2015 Gentoo Foundation
356 +# Distributed under the terms of the GNU General Public License v2
357 +# $Header: $
358 +
359 +EAPI=5
360 +
361 +inherit libtool multilib multilib-minimal eutils pam toolchain-funcs
362 flag-o-matic db-use
363 +
364 +MY_PN="Linux-PAM"
365 +MY_P="${MY_PN}-${PV}"
366 +
367 +HOMEPAGE="https://fedorahosted.org/linux-pam/"
368 +DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
369 +
370 +SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
371 + http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
372 +
373 +LICENSE="|| ( BSD GPL-2 )"
374 +SLOT="0"
375 +KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86"
376 +IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test
377 elibc_musl elibc_glibc debug berkdb nis"
378 +
379 +RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
380 + cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
381 + audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
382 + selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
383 + berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] )
384 + elibc_glibc? (
385 + >=sys-libs/glibc-2.7
386 + nis? ( || ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}]
387 <sys-libs/glibc-2.14 ) )
388 + )"
389 +DEPEND="${RDEPEND}
390 + >=sys-devel/libtool-2
391 + >=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}]
392 + nls? ( sys-devel/gettext )
393 + >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
394 +PDEPEND="sys-auth/pambase
395 + vim-syntax? ( app-vim/pam-syntax )"
396 +RDEPEND="${RDEPEND}
397 + !<sys-apps/openrc-0.11.8
398 + !sys-auth/openpam
399 + !sys-auth/pam_userdb
400 + abi_x86_32? (
401 + !<=app-emulation/emul-linux-x86-baselibs-20140508-r7
402 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
403 + )"
404 +
405 +S="${WORKDIR}/${MY_P}"
406 +
407 +check_old_modules() {
408 + local retval="0"
409 +
410 + if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q
411 pam_stack.so; then
412 + eerror ""
413 + eerror "Your current setup is using the pam_stack module."
414 + eerror "This module is deprecated and no longer supported, and since
415 version"
416 + eerror "0.99 is no longer installed, nor provided by any other package."
417 + eerror "The package will be built (to allow binary package builds),
418 but will"
419 + eerror "not be installed."
420 + eerror "Please replace pam_stack usage with proper include directive
421 usage,"
422 + eerror "following the PAM Upgrade guide at the following URL"
423 + eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
424 + eerror ""
425 +
426 + retval=1
427 + fi
428 +
429 + if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q
430 'pam_(pwdb|console)'; then
431 + eerror ""
432 + eerror "Your current setup is using one or more of the following
433 modules,"
434 + eerror "that are not built or supported anymore:"
435 + eerror "pam_pwdb, pam_console"
436 + eerror "If you are in real need for these modules, please contact the
437 maintainers"
438 + eerror "of PAM through http://bugs.gentoo.org/ providing information
439 about its"
440 + eerror "use cases."
441 + eerror "Please also make sure to read the PAM Upgrade guide at the
442 following URL:"
443 + eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
444 + eerror ""
445 +
446 + retval=1
447 + fi
448 +
449 + return $retval
450 +}
451 +
452 +pkg_pretend() {
453 + # do not error out, this is just a warning, one could build a binpkg
454 + # with old modules enabled.
455 + check_old_modules
456 +}
457 +
458 +src_prepare() {
459 + epatch "${FILESDIR}"/${PN}-1.1.8-doc-install.patch #473650
460 + epatch "${FILESDIR}"/${PN}-1.1.8-fix-compat.patch
461 + epatch "${FILESDIR}"/${PN}-1.1.8-innetgr.patch
462 +
463 + # disable insecure modules (musl-libc doesn't implement the functions
464 anyway)
465 + use elibc_musl && sed -e 's/pam_rhosts//g' -i modules/Makefile.am
466 modules/Makefile.in
467 + elibtoolize
468 +}
469 +
470 +multilib_src_configure() {
471 + # Disable automatic detection of libxcrypt; we _don't_ want the
472 + # user to link libxcrypt in by default, since we won't track the
473 + # dependency and allow to break PAM this way.
474 + export ac_cv_header_xcrypt_h=no
475 +
476 + # Disable automatic detection of libcrypt
477 + use elibc_musl && export ac_cv_search_crypt=no
478 +
479 + local myconf=(
480 + --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html
481 + --libdir="${EPREFIX}"/usr/$(get_libdir) \
482 + --enable-securedir="${EPREFIX}"/$(get_libdir)/security
483 + --enable-isadir="${EPREFIX}"/$(get_libdir)/security
484 + $(use_enable nls)
485 + $(use_enable selinux)
486 + $(use_enable cracklib)
487 + $(use_enable audit)
488 + $(use_enable debug)
489 + $(use_enable berkdb db)
490 + $(use_enable nis)
491 + --with-db-uniquename=-$(db_findver sys-libs/db)
492 + --disable-prelude
493 + )
494 +
495 + if use hppa || use elibc_FreeBSD; then
496 + myconf+=( --disable-pie )
497 + fi
498 +
499 + ECONF_SOURCE=${S} \
500 + econf "${myconf[@]}"
501 +}
502 +
503 +multilib_src_compile() {
504 + emake sepermitlockdir="${EPREFIX}/run/sepermit"
505 +}
506 +
507 +multilib_src_install() {
508 + emake DESTDIR="${D}" install \
509 + sepermitlockdir="${EPREFIX}/run/sepermit"
510 +
511 + local prefix
512 + if multilib_is_native_abi; then
513 + prefix=
514 + gen_usr_ldscript -a pam pamc pam_misc
515 + else
516 + prefix=/usr
517 + fi
518 +
519 + # create extra symlinks just in case something depends on them...
520 + local lib
521 + for lib in pam pamc pam_misc; do
522 + if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]];
523 then
524 + dosym lib${lib}$(get_libname 0)
525 ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
526 + fi
527 + done
528 +}
529 +
530 +DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
531 +
532 +multilib_src_install_all() {
533 + einstalldocs
534 + prune_libtool_files --all
535 +
536 + # Need to be suid
537 + fperms u+s /sbin/unix_chkpwd
538 +
539 + docinto modules
540 + for dir in modules/pam_*; do
541 + newdoc "${dir}"/README README."$(basename "${dir}")"
542 + done
543 +
544 + if use selinux; then
545 + dodir /usr/lib/tmpfiles.d
546 + cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
547 +d /run/sepermit 0755 root root
548 +EOF
549 + fi
550 +}
551 +
552 +pkg_preinst() {
553 + check_old_modules || die "deprecated PAM modules still used"
554 +}
555 +
556 +pkg_postinst() {
557 + ewarn "Some software with pre-loaded PAM libraries might experience"
558 + ewarn "warnings or failures related to missing symbols and/or versions"
559 + ewarn "after any update. While unfortunate this is a limit of the"
560 + ewarn "implementation of PAM and the software, and it requires you to"
561 + ewarn "restart the software manually after the update."
562 + ewarn ""
563 + ewarn "You can get a list of such software running a command like"
564 + ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
565 + ewarn ""
566 + ewarn "Alternatively, simply reboot your system."
567 + if [[ -x "${EROOT}"/var/log/tallylog ]] ; then
568 + elog ""
569 + elog "Because of a bug present up to version 1.1.1-r2, you have"
570 + elog "an executable /var/log/tallylog file. You can safely"
571 + elog "correct it by running the command"
572 + elog " chmod -x /var/log/tallylog"
573 + elog ""
574 + fi
575 +}
576 --
577 2.3.0
578
579
580 --
581 James Taylor
582 Keybase (https://keybase.io/jamestr)

Attachments

File name MIME type
signature.asc application/pgp-signature