From 01f2bb15c5ec9150ad375448aff0612c3899b7b0 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Mon, 9 Dec 2013 15:35:44 -0800
Subject: [PATCH] bump(sys-libs/pam): Import current stable pam from Gentoo

---
 .../coreos-overlay/sys-libs/pam/Manifest      |   2 +
 .../files/Linux-PAM-1.1.6+glibc-2.16.patch    |  29 +++
 .../pam/files/Linux-PAM-1.1.6-destdir.patch   |  48 +++++
 .../sys-libs/pam/pam-1.1.6-r2.ebuild          | 197 ++++++++++++++++++
 4 files changed, 276 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/pam/Manifest
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/Linux-PAM-1.1.6+glibc-2.16.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/Linux-PAM-1.1.6-destdir.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.1.6-r2.ebuild

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/Manifest
new file mode 100644
index 0000000000..8f9f13df52
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/Manifest
@@ -0,0 +1,2 @@
+DIST Linux-PAM-1.1.6-docs.tar.bz2 147359 SHA256 0244321b1c4b8a71064d984880566890cc809b1c77bdd0550f121fa7d8450497 SHA512 f158116c2a3d604a9195d96263f094a1c9c0e2ba78b54e0f8a92bfa73955d8cec36d68b985eb70f1bf0958fc54be5590b61669b3b777ba6bd2138bc156cec782 WHIRLPOOL 73b42d795b3ca06c3a22ea8a91258da9bd4662e72de8a72751eec3824524a44e13dbc13a7c0e79256429f583d21c2764512363921d5709e61752e391f8227577
+DIST Linux-PAM-1.1.6.tar.bz2 1147538 SHA256 bab887d6280f47fc3963df3b95735a27a16f0f663636163ddf3acab5f1149fc2 SHA512 f68e3a0d648441eef7589efe0fad65c621d030a9425635f461f2882a5129240830a55d5a5b81d02b439c633870a96f61b4c4dea22d0eacfdd583f4fac353928a WHIRLPOOL 619214ecf859e1fc4e6f59e37045e370b98bae57ceeaed3f6a5e0732fc0caba41c040bea926830b678f6e5c243d73a607daea438f55cf28d339ce458eded7db5
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/Linux-PAM-1.1.6+glibc-2.16.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/Linux-PAM-1.1.6+glibc-2.16.patch
new file mode 100644
index 0000000000..cddda35fbe
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/Linux-PAM-1.1.6+glibc-2.16.patch
@@ -0,0 +1,29 @@
+From 18da0c4763f5e079f8b2df45fa462b0b70b6fd3a Mon Sep 17 00:00:00 2001
+From: "Jory A. Pratt" <anarchy@gentoo.org>
+Date: Sun, 7 Oct 2012 11:44:17 -0700
+Subject: [PATCH] Fix building with GLIBC 2.16 and SELinux.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+
+Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
+---
+ modules/pam_unix/pam_unix_passwd.c | 1 +
+ 1 file modificato, 1 inserzione(+)
+
+diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
+index 9e1302d..b5f5ae9 100644
+--- a/modules/pam_unix/pam_unix_passwd.c
++++ b/modules/pam_unix/pam_unix_passwd.c
+@@ -46,6 +46,7 @@
+ #include <unistd.h>
+ #include <errno.h>
+ #include <sys/types.h>
++#include <sys/resource.h>
+ #include <pwd.h>
+ #include <syslog.h>
+ #include <shadow.h>
+-- 
+1.7.12
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/Linux-PAM-1.1.6-destdir.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/Linux-PAM-1.1.6-destdir.patch
new file mode 100644
index 0000000000..6859ccb60d
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/Linux-PAM-1.1.6-destdir.patch
@@ -0,0 +1,48 @@
+From d7e6b921cd34f7ad8fc4d05065c75d13ba330896 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Fri, 17 Aug 2012 14:46:40 +0200
+Subject: [PATCH] Add missing $(DESTDIR) when making directories on install.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+modules/pam_namespace/Makefile.am: Add missing $(DESTDIR) when making
+$(namespaceddir) on install.
+modules/pam_sepermit/Makefile.am: Add missing $(DESTDIR) when making
+$(sepermitlockdir) on install.
+
+Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
+---
+ modules/pam_namespace/Makefile.am |    2 +-
+ modules/pam_sepermit/Makefile.am  |    2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am
+index a28f196..ebb00f3 100644
+--- a/modules/pam_namespace/Makefile.am
++++ b/modules/pam_namespace/Makefile.am
+@@ -40,7 +40,7 @@ if HAVE_UNSHARE
+   secureconf_SCRIPTS = namespace.init
+ 
+ install-data-local:
+-	mkdir -p $(namespaceddir)
++	mkdir -p $(DESTDIR)$(namespaceddir)
+ endif
+ 
+ 
+diff --git a/modules/pam_sepermit/Makefile.am b/modules/pam_sepermit/Makefile.am
+index cfc5594..bc82275 100644
+--- a/modules/pam_sepermit/Makefile.am
++++ b/modules/pam_sepermit/Makefile.am
+@@ -35,7 +35,7 @@ if HAVE_LIBSELINUX
+   securelib_LTLIBRARIES = pam_sepermit.la
+ 
+ install-data-local:
+-	mkdir -p $(sepermitlockdir)
++	mkdir -p $(DESTDIR)$(sepermitlockdir)
+ endif
+ if ENABLE_REGENERATE_MAN
+ noinst_DATA = README pam_sepermit.8 sepermit.conf.5
+-- 
+1.7.8.6
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.1.6-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.1.6-r2.ebuild
new file mode 100644
index 0000000000..9e257337e9
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.1.6-r2.ebuild
@@ -0,0 +1,197 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.1.6-r2.ebuild,v 1.10 2013/03/01 12:37:41 ago Exp $
+
+EAPI=5
+
+inherit libtool multilib eutils pam toolchain-funcs flag-o-matic db-use autotools
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+	http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb nis"
+
+RDEPEND="nls? ( virtual/libintl )
+	cracklib? ( >=sys-libs/cracklib-2.8.3 )
+	audit? ( sys-process/audit )
+	selinux? ( >=sys-libs/libselinux-1.28 )
+	berkdb? ( sys-libs/db )
+	elibc_glibc? (
+		>=sys-libs/glibc-2.7
+		nis? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/libtool-2
+	sys-devel/flex
+	nls? ( sys-devel/gettext )
+	virtual/pkgconfig"
+PDEPEND="sys-auth/pambase
+	vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+	!<sys-apps/openrc-0.11.8
+	!sys-auth/openpam
+	!sys-auth/pam_userdb"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+	local retval="0"
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+		eerror ""
+		eerror "Your current setup is using the pam_stack module."
+		eerror "This module is deprecated and no longer supported, and since version"
+		eerror "0.99 is no longer installed, nor provided by any other package."
+		eerror "The package will be built (to allow binary package builds), but will"
+		eerror "not be installed."
+		eerror "Please replace pam_stack usage with proper include directive usage,"
+		eerror "following the PAM Upgrade guide at the following URL"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+		eerror ""
+		eerror "Your current setup is using one or more of the following modules,"
+		eerror "that are not built or supported anymore:"
+		eerror "pam_pwdb, pam_console"
+		eerror "If you are in real need for these modules, please contact the maintainers"
+		eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+		eerror "use cases."
+		eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	return $retval
+}
+
+pkg_pretend() {
+	# do not error out, this is just a warning, one could build a binpkg
+	# with old modules enabled.
+	check_old_modules
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${MY_P}-destdir.patch
+	epatch "${FILESDIR}"/${MY_P}+glibc-2.16.patch
+
+	eautoreconf
+	elibtoolize
+}
+
+src_configure() {
+	local myconf
+
+	if use hppa || use elibc_FreeBSD; then
+		myconf="${myconf} --disable-pie"
+	fi
+
+	# Disable automatic detection of libxcrypt; we _don't_ want the
+	# user to link libxcrypt in by default, since we won't track the
+	# dependency and allow to break PAM this way.
+	export ac_cv_header_xcrypt_h=no
+
+	econf \
+		--enable-fast-install \
+		--libdir="${EPREFIX}"/usr/$(get_libdir) \
+		--docdir="${EPREFIX}"/usr/share/doc/${PF} \
+		--htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \
+		--enable-securedir="${EPREFIX}"/$(get_libdir)/security \
+		--enable-isadir="${EPREFIX}"/$(get_libdir)/security \
+		$(use_enable nls) \
+		$(use_enable selinux) \
+		$(use_enable cracklib) \
+		$(use_enable audit) \
+		$(use_enable debug) \
+		$(use_enable berkdb db) \
+		$(use_enable nis) \
+		--with-db-uniquename=-$(db_findver sys-libs/db) \
+		--disable-prelude \
+		${myconf}
+}
+
+src_compile() {
+	emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+src_test() {
+	# explicitly allow parallel-build during testing
+	emake sepermitlockdir="${EPREFIX}/run/sepermit" check
+}
+
+src_install() {
+	local lib
+
+	emake DESTDIR="${D}" install \
+		 sepermitlockdir="${EPREFIX}/run/sepermit"
+
+	# Need to be suid
+	fperms u+s /sbin/unix_chkpwd
+
+	gen_usr_ldscript -a pam pamc pam_misc
+
+	# create extra symlinks just in case something depends on them...
+	for lib in pam pamc pam_misc; do
+		if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+			dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
+		fi
+	done
+
+	dodoc CHANGELOG ChangeLog README AUTHORS Copyright NEWS
+
+	docinto modules
+	for dir in modules/pam_*; do
+		newdoc "${dir}"/README README."$(basename "${dir}")"
+	done
+
+	# Get rid of the .la files. We certainly don't need them for PAM
+	# modules, and libpam is installed as a shared object only, so we
+	# don't need them for static linking either.
+	find "${D}" -name '*.la' -delete
+
+	if use selinux; then
+		dodir /usr/lib/tmpfiles.d
+		cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+	fi
+}
+
+pkg_preinst() {
+	check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+	ewarn "Some software with pre-loaded PAM libraries might experience"
+	ewarn "warnings or failures related to missing symbols and/or versions"
+	ewarn "after any update. While unfortunate this is a limit of the"
+	ewarn "implementation of PAM and the software, and it requires you to"
+	ewarn "restart the software manually after the update."
+	ewarn ""
+	ewarn "You can get a list of such software running a command like"
+	ewarn "  lsof / | egrep -i 'del.*libpam\\.so'"
+	ewarn ""
+	ewarn "Alternatively, simply reboot your system."
+	if [ -x "${ROOT}"/var/log/tallylog ] ; then
+		elog ""
+		elog "Because of a bug present up to version 1.1.1-r2, you have"
+		elog "an executable /var/log/tallylog file. You can safely"
+		elog "correct it by running the command"
+		elog "  chmod -x /var/log/tallylog"
+		elog ""
+	fi
+}