diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/Manifest b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/Manifest new file mode 100644 index 0000000000..6d0c6d611d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/Manifest @@ -0,0 +1,3 @@ +DIST pambase-20250826.tar.bz2 4925 BLAKE2B c6929aa506b94b9215bd2c686fd9965d6c3a77f36c7a2d114ca5b2c39a30e2209a84408ee855559837d54161e359723889b89bb9c048bb36b00c7156495968fc SHA512 c9bc07ac617891ddab6f2a8358b10899462d9b54fcc3642d222dd2402914f24225854103b6c581aa2041fb0feb0f94688e07aad10ab94c3a629b4cd2937bd785 +DIST pambase-20250906.tar.bz2 4972 BLAKE2B b65da13a265d5a3df1e84546a8f6e1447d7ea5a40fe4a44488691c4a182cf4b3d13d20ce85778f549d217ebf4b4511e71f5f285b34edf9e9e18bab50b0d22c82 SHA512 639d87169fafb0e44401104ade7dfaa7a5d6bd473d9e4e3c35a0fb87aaf73a383d406ee05944a3190750e55e59decd867ab3f773664f9fb787f40acc05826d1c +DIST pambase-20251013.tar.bz2 4963 BLAKE2B c2eb355819c28a6b41e8aea843c176769fa53519cb357239712165f0bf507bc21132d732fd2600d9354e2031e55da30beb676f1da854ce4bda687b8de006641a SHA512 968d82e817b209d66ea1719493539ff363a844795efd8584690a4ca9b5f932f5f5a9e8352747b590ae6ffba332a9a7d8e2a224af26bc3a6bdf012736daca9e6c diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/README.md b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/README.md deleted file mode 100644 index 4b3cb979e1..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/README.md +++ /dev/null @@ -1,10 +0,0 @@ -This is a not-really-a-fork of gentoo's `sys-auth/pambase` -package. The main reasons for having it in `coreos-overlay` are: - -1. The `sys-apps/baselayout` package replaced it, so this package - became a stub. - -2. The stub is needed for compatibility with gentoo packages that - depend on pambase. When updating some package that depends on a - greater version of pambase than this stub provides, simply bump the - version of the the stub, so the dependency can be satisfied. diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/metadata.xml index db98702ec2..526e8b5c34 100644 --- a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/metadata.xml @@ -1,7 +1,105 @@ - + + + base-system@gentoo.org + + + sam@gentoo.org + Sam James + + + + Use pam_elogind module to register user sessions with elogind. + + + Use pam_systemd module to register user sessions in the systemd + control group hierarchy. + + + Use pam_systemd_home module to manage home directories with + the systemd-homed service + + + Enable debug information logging on syslog(3) for all the + modules supporting this in the system authentication and system + login stacks. + + + Enable pam_passwdqc module on system auth stack for password + quality validation. This module produces warnings, rejecting + or providing example passwords when changing your system password. + It is used by default by OpenWall GNU/*/Linux and by FreeBSD. + + + Enable pam_pwhistory module on system auth stack to save + the last passwords for each user in order to force password + change history and keep the user from alternating between + the same password too frequently. + + + Enable pam_pwquality module on system auth stack for passwd + quality validation. It is used by default by Fedora GNU/*/Linux. + + + Enable pam_mktemp module on system auth stack for session + handling. This module creates a private temporary directory for + the user, and sets TMP and TMPDIR accordingly. + + + Enable pam_ssh module on system auth stack for authentication + and session handling. This module will accept as password the + passphrase of a private SSH key (one of ~/.ssh/id_rsa, + ~/.ssh/id_dsa or ~/.ssh/identity), and will spawn an ssh-agent + instance to cache the open key. + + + Switch Linux-PAM's pam_unix module to use sha512 for passwords + hashes rather than MD5. This option requires + sys-libs/pam version 1.0.1 built against + sys-libs/glibc version 2.7, if it's built against an + earlier version, it will silently be ignored, and MD5 hashes + will be used. All the passwords changed after this USE flag is + enabled will be saved to the shadow file hashed using SHA512 + function. The password previously saved will be left + untouched. Please note that while SHA512-hashed passwords will + still be recognised if the USE flag is removed, the shadow file + will not be compatible with systems using an earlier glibc + version. + + + Add System Security Services Daemon (sys-auth/sssd) support + via pam_sss. + + + Switch Linux-PAM's pam_unix module to use yescrypt for passwords hashes rather than MD5 + + + Enable pam_krb5 module on system auth stack, as an alternative + to pam_unix. If Kerberos authentication succeeds, only pam_unix + will be ignorde, and all the other modules will proceed as usual, + including Gnome Keyring and other session modules. It requires + sys-libs/pam as PAM implementation. + + + Disables the standard PAM modules that provide extra information + to users on login; this includes pam_lastlog, pam_motd, pam_mail + and other similar modules. This might not be a good idea on + a multi-user system but could reduce slightly the overhead on + single-user non-networked systems. + + + Enable the nullok option with the pam_unix module. This allows + people to login with blank passwords. + + + Enable pam_securetty module in the login stack. Not generally + relevant anymore as the login stack only refers to local logins + and local terminals imply secure access in the first place. + + - flatcar/baselayout + proj/pambase + gentoo/pambase diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20220214.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20220214.ebuild deleted file mode 100644 index 86c3cef520..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20220214.ebuild +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DESCRIPTION="Compatibility ebuild stub for Flatcar" -HOMEPAGE="https://github.com/flatcar/baselayout" - -LICENSE="metapackage" -SLOT="0" -KEYWORDS="amd64 arm arm64 x86" - -RDEPEND=">=sys-apps/baselayout-3.6 - >=sys-libs/pam-1.4" diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20250826.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20250826.ebuild new file mode 100644 index 0000000000..a56107d0f7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20250826.ebuild @@ -0,0 +1,129 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{11..13} ) + +inherit edo pam python-any-r1 readme.gentoo-r1 + +DESCRIPTION="PAM base configuration files" +HOMEPAGE="https://github.com/gentoo/pambase" + +if [[ ${PV} == *9999 ]]; then + inherit git-r3 + EGIT_REPO_URI=" + https://anongit.gentoo.org/git/proj/pambase.git + https://github.com/gentoo/pambase.git + " +else + SRC_URI="https://gitweb.gentoo.org/proj/pambase.git/snapshot/${P}.tar.bz2" + + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" +fi + +LICENSE="MIT" +SLOT="0" +IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 sssd systemd yescrypt" + +RESTRICT="binchecks" + +REQUIRED_USE=" + ?? ( elogind systemd ) + ?? ( passwdqc pwquality ) + ?? ( sha512 yescrypt ) + pwhistory? ( || ( passwdqc pwquality ) ) + homed? ( !pam_krb5 ) + pam_krb5? ( !homed ) +" + +MIN_PAM_REQ=1.4.0 + +RDEPEND=" + >=sys-libs/pam-${MIN_PAM_REQ} + elogind? ( sys-auth/elogind[pam] ) + gnome-keyring? ( gnome-base/gnome-keyring[pam] ) + mktemp? ( sys-auth/pam_mktemp ) + pam_krb5? ( + >=sys-libs/pam-${MIN_PAM_REQ} + sys-auth/pam_krb5 + ) + caps? ( sys-libs/libcap[pam] ) + pam_ssh? ( sys-auth/pam_ssh ) + passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 ) + pwquality? ( dev-libs/libpwquality[pam] ) + selinux? ( sys-libs/pam[selinux] ) + sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} ) + homed? ( sys-apps/systemd[homed] ) + systemd? ( sys-apps/systemd[pam] ) + yescrypt? ( sys-libs/libxcrypt[system] ) + sssd? ( sys-auth/sssd ) +" +BDEPEND=" + $(python_gen_any_dep ' + dev-python/jinja2[${PYTHON_USEDEP}] + ') +" + +python_check_deps() { + python_has_version "dev-python/jinja2[${PYTHON_USEDEP}]" +} + +src_configure() { + local crypt=md5 + # TODO: sha256, blowfish, gost_yescrypt + use sha512 && crypt=sha512 + use yescrypt && crypt=yescrypt + + local pamargs=( + # Not all 'upstream' options are (currently) wired up + # in the ebuild. + # + # TODO: pam_shells + $(usev caps '--caps') + $(usev debug '--debug') + $(usev elogind '--elogind') + $(usev gnome-keyring '--gnome-keyring') + $(usev homed '--homed') + $(usev minimal '--minimal') + $(usev mktemp '--mktemp') + $(usev nullok '--nullok') + $(usev pam_krb5 '--krb5') + $(usev pam_ssh '--pam-ssh') + $(usev passwdqc '--passwdqc') + $(usev pwhistory '--pwhistory') + $(usev pwquality '--pwquality') + $(usev securetty '--securetty') + $(usev selinux '--selinux') + $(usex systemd '--systemd' '--openrc') + $(usev sssd '--sssd') + + --encrypt=${crypt} + ) + + edo ${EPYTHON} ./${PN}.py "${pamargs[@]}" +} + +src_test() { :; } + +src_install() { + local DOC_CONTENTS + + if use passwdqc; then + DOC_CONTENTS="To amend the existing password policy please see the man 5 passwdqc.conf + page and then edit the /etc/security/passwdqc.conf file" + fi + + if use pwquality; then + DOC_CONTENTS="To amend the existing password policy please see the man 5 pwquality.conf + page and then edit the /etc/security/pwquality.conf file" + fi + + { use passwdqc || use pwquality; } && readme.gentoo_create_doc + + dopamd -r stack/. +} + +pkg_postinst() { + { use passwdqc || use pwquality; } && readme.gentoo_print_elog +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20250906.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20250906.ebuild new file mode 100644 index 0000000000..2d64418812 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20250906.ebuild @@ -0,0 +1,129 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{11..14} ) + +inherit edo pam python-any-r1 readme.gentoo-r1 + +DESCRIPTION="PAM base configuration files" +HOMEPAGE="https://github.com/gentoo/pambase" + +if [[ ${PV} == *9999 ]]; then + inherit git-r3 + EGIT_REPO_URI=" + https://anongit.gentoo.org/git/proj/pambase.git + https://github.com/gentoo/pambase.git + " +else + SRC_URI="https://gitweb.gentoo.org/proj/pambase.git/snapshot/${P}.tar.bz2" + + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" +fi + +LICENSE="MIT" +SLOT="0" +IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 sssd systemd yescrypt" + +RESTRICT="binchecks" + +REQUIRED_USE=" + ?? ( elogind systemd ) + ?? ( passwdqc pwquality ) + ?? ( sha512 yescrypt ) + pwhistory? ( || ( passwdqc pwquality ) ) + homed? ( !pam_krb5 ) + pam_krb5? ( !homed ) +" + +MIN_PAM_REQ=1.4.0 + +RDEPEND=" + >=sys-libs/pam-${MIN_PAM_REQ} + elogind? ( sys-auth/elogind[pam] ) + gnome-keyring? ( gnome-base/gnome-keyring[pam] ) + mktemp? ( sys-auth/pam_mktemp ) + pam_krb5? ( + >=sys-libs/pam-${MIN_PAM_REQ} + sys-auth/pam_krb5 + ) + caps? ( sys-libs/libcap[pam] ) + pam_ssh? ( sys-auth/pam_ssh ) + passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 ) + pwquality? ( dev-libs/libpwquality[pam] ) + selinux? ( sys-libs/pam[selinux] ) + sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} ) + homed? ( sys-apps/systemd[homed] ) + systemd? ( sys-apps/systemd[pam] ) + yescrypt? ( sys-libs/libxcrypt[system] ) + sssd? ( sys-auth/sssd ) +" +BDEPEND=" + $(python_gen_any_dep ' + dev-python/jinja2[${PYTHON_USEDEP}] + ') +" + +python_check_deps() { + python_has_version "dev-python/jinja2[${PYTHON_USEDEP}]" +} + +src_configure() { + local crypt=md5 + # TODO: sha256, blowfish, gost_yescrypt + use sha512 && crypt=sha512 + use yescrypt && crypt=yescrypt + + local pamargs=( + # Not all 'upstream' options are (currently) wired up + # in the ebuild. + # + # TODO: pam_shells + $(usev caps '--caps') + $(usev debug '--debug') + $(usev elogind '--elogind') + $(usev gnome-keyring '--gnome-keyring') + $(usev homed '--homed') + $(usev minimal '--minimal') + $(usev mktemp '--mktemp') + $(usev nullok '--nullok') + $(usev pam_krb5 '--krb5') + $(usev pam_ssh '--pam-ssh') + $(usev passwdqc '--passwdqc') + $(usev pwhistory '--pwhistory') + $(usev pwquality '--pwquality') + $(usev securetty '--securetty') + $(usev selinux '--selinux') + $(usex systemd '--systemd' '--openrc') + $(usev sssd '--sssd') + + --encrypt=${crypt} + ) + + edo ${EPYTHON} ./${PN}.py "${pamargs[@]}" +} + +src_test() { :; } + +src_install() { + local DOC_CONTENTS + + if use passwdqc; then + DOC_CONTENTS="To amend the existing password policy please see the man 5 passwdqc.conf + page and then edit the /etc/security/passwdqc.conf file" + fi + + if use pwquality; then + DOC_CONTENTS="To amend the existing password policy please see the man 5 pwquality.conf + page and then edit the /etc/security/pwquality.conf file" + fi + + { use passwdqc || use pwquality; } && readme.gentoo_create_doc + + dopamd -r stack/. +} + +pkg_postinst() { + { use passwdqc || use pwquality; } && readme.gentoo_print_elog +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20251013.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20251013.ebuild new file mode 100644 index 0000000000..2d64418812 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20251013.ebuild @@ -0,0 +1,129 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{11..14} ) + +inherit edo pam python-any-r1 readme.gentoo-r1 + +DESCRIPTION="PAM base configuration files" +HOMEPAGE="https://github.com/gentoo/pambase" + +if [[ ${PV} == *9999 ]]; then + inherit git-r3 + EGIT_REPO_URI=" + https://anongit.gentoo.org/git/proj/pambase.git + https://github.com/gentoo/pambase.git + " +else + SRC_URI="https://gitweb.gentoo.org/proj/pambase.git/snapshot/${P}.tar.bz2" + + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" +fi + +LICENSE="MIT" +SLOT="0" +IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 sssd systemd yescrypt" + +RESTRICT="binchecks" + +REQUIRED_USE=" + ?? ( elogind systemd ) + ?? ( passwdqc pwquality ) + ?? ( sha512 yescrypt ) + pwhistory? ( || ( passwdqc pwquality ) ) + homed? ( !pam_krb5 ) + pam_krb5? ( !homed ) +" + +MIN_PAM_REQ=1.4.0 + +RDEPEND=" + >=sys-libs/pam-${MIN_PAM_REQ} + elogind? ( sys-auth/elogind[pam] ) + gnome-keyring? ( gnome-base/gnome-keyring[pam] ) + mktemp? ( sys-auth/pam_mktemp ) + pam_krb5? ( + >=sys-libs/pam-${MIN_PAM_REQ} + sys-auth/pam_krb5 + ) + caps? ( sys-libs/libcap[pam] ) + pam_ssh? ( sys-auth/pam_ssh ) + passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 ) + pwquality? ( dev-libs/libpwquality[pam] ) + selinux? ( sys-libs/pam[selinux] ) + sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} ) + homed? ( sys-apps/systemd[homed] ) + systemd? ( sys-apps/systemd[pam] ) + yescrypt? ( sys-libs/libxcrypt[system] ) + sssd? ( sys-auth/sssd ) +" +BDEPEND=" + $(python_gen_any_dep ' + dev-python/jinja2[${PYTHON_USEDEP}] + ') +" + +python_check_deps() { + python_has_version "dev-python/jinja2[${PYTHON_USEDEP}]" +} + +src_configure() { + local crypt=md5 + # TODO: sha256, blowfish, gost_yescrypt + use sha512 && crypt=sha512 + use yescrypt && crypt=yescrypt + + local pamargs=( + # Not all 'upstream' options are (currently) wired up + # in the ebuild. + # + # TODO: pam_shells + $(usev caps '--caps') + $(usev debug '--debug') + $(usev elogind '--elogind') + $(usev gnome-keyring '--gnome-keyring') + $(usev homed '--homed') + $(usev minimal '--minimal') + $(usev mktemp '--mktemp') + $(usev nullok '--nullok') + $(usev pam_krb5 '--krb5') + $(usev pam_ssh '--pam-ssh') + $(usev passwdqc '--passwdqc') + $(usev pwhistory '--pwhistory') + $(usev pwquality '--pwquality') + $(usev securetty '--securetty') + $(usev selinux '--selinux') + $(usex systemd '--systemd' '--openrc') + $(usev sssd '--sssd') + + --encrypt=${crypt} + ) + + edo ${EPYTHON} ./${PN}.py "${pamargs[@]}" +} + +src_test() { :; } + +src_install() { + local DOC_CONTENTS + + if use passwdqc; then + DOC_CONTENTS="To amend the existing password policy please see the man 5 passwdqc.conf + page and then edit the /etc/security/passwdqc.conf file" + fi + + if use pwquality; then + DOC_CONTENTS="To amend the existing password policy please see the man 5 pwquality.conf + page and then edit the /etc/security/pwquality.conf file" + fi + + { use passwdqc || use pwquality; } && readme.gentoo_create_doc + + dopamd -r stack/. +} + +pkg_postinst() { + { use passwdqc || use pwquality; } && readme.gentoo_print_elog +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-999999999.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-999999999.ebuild new file mode 100644 index 0000000000..8b358020ca --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-999999999.ebuild @@ -0,0 +1,129 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{11..14} ) + +inherit edo pam python-any-r1 readme.gentoo-r1 + +DESCRIPTION="PAM base configuration files" +HOMEPAGE="https://github.com/gentoo/pambase" + +if [[ ${PV} == *9999 ]]; then + inherit git-r3 + EGIT_REPO_URI=" + https://anongit.gentoo.org/git/proj/pambase.git + https://github.com/gentoo/pambase.git + " +else + SRC_URI="https://gitweb.gentoo.org/proj/pambase.git/snapshot/${P}.tar.bz2" + + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi + +LICENSE="MIT" +SLOT="0" +IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 sssd systemd yescrypt" + +RESTRICT="binchecks" + +REQUIRED_USE=" + ?? ( elogind systemd ) + ?? ( passwdqc pwquality ) + ?? ( sha512 yescrypt ) + pwhistory? ( || ( passwdqc pwquality ) ) + homed? ( !pam_krb5 ) + pam_krb5? ( !homed ) +" + +MIN_PAM_REQ=1.4.0 + +RDEPEND=" + >=sys-libs/pam-${MIN_PAM_REQ} + elogind? ( sys-auth/elogind[pam] ) + gnome-keyring? ( gnome-base/gnome-keyring[pam] ) + mktemp? ( sys-auth/pam_mktemp ) + pam_krb5? ( + >=sys-libs/pam-${MIN_PAM_REQ} + sys-auth/pam_krb5 + ) + caps? ( sys-libs/libcap[pam] ) + pam_ssh? ( sys-auth/pam_ssh ) + passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 ) + pwquality? ( dev-libs/libpwquality[pam] ) + selinux? ( sys-libs/pam[selinux] ) + sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} ) + homed? ( sys-apps/systemd[homed] ) + systemd? ( sys-apps/systemd[pam] ) + yescrypt? ( sys-libs/libxcrypt[system] ) + sssd? ( sys-auth/sssd ) +" +BDEPEND=" + $(python_gen_any_dep ' + dev-python/jinja2[${PYTHON_USEDEP}] + ') +" + +python_check_deps() { + python_has_version "dev-python/jinja2[${PYTHON_USEDEP}]" +} + +src_configure() { + local crypt=md5 + # TODO: sha256, blowfish, gost_yescrypt + use sha512 && crypt=sha512 + use yescrypt && crypt=yescrypt + + local pamargs=( + # Not all 'upstream' options are (currently) wired up + # in the ebuild. + # + # TODO: pam_shells + $(usev caps '--caps') + $(usev debug '--debug') + $(usev elogind '--elogind') + $(usev gnome-keyring '--gnome-keyring') + $(usev homed '--homed') + $(usev minimal '--minimal') + $(usev mktemp '--mktemp') + $(usev nullok '--nullok') + $(usev pam_krb5 '--krb5') + $(usev pam_ssh '--pam-ssh') + $(usev passwdqc '--passwdqc') + $(usev pwhistory '--pwhistory') + $(usev pwquality '--pwquality') + $(usev securetty '--securetty') + $(usev selinux '--selinux') + $(usex systemd '--systemd' '--openrc') + $(usev sssd '--sssd') + + --encrypt=${crypt} + ) + + edo ${EPYTHON} ./${PN}.py "${pamargs[@]}" +} + +src_test() { :; } + +src_install() { + local DOC_CONTENTS + + if use passwdqc; then + DOC_CONTENTS="To amend the existing password policy please see the man 5 passwdqc.conf + page and then edit the /etc/security/passwdqc.conf file" + fi + + if use pwquality; then + DOC_CONTENTS="To amend the existing password policy please see the man 5 pwquality.conf + page and then edit the /etc/security/pwquality.conf file" + fi + + { use passwdqc || use pwquality; } && readme.gentoo_create_doc + + dopamd -r stack/. +} + +pkg_postinst() { + { use passwdqc || use pwquality; } && readme.gentoo_print_elog +}