Modify PAM build

Include a patch that incorporates our existing account locking behaviour - a
leading exclamation mark in the password field in /etc/shadow indicates a locked
account. Also install configuration into /usr and provide a tmpfiles fragment to
bring it back.

sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.2.1-locked-accounts.patch

@@ -0,0 +1,13 @@
+diff -ur Linux-PAM-1.2.1.orig/modules/pam_unix/pam_unix_acct.c Linux-PAM-1.2.1/modules/pam_unix/pam_unix_acct.c
+--- Linux-PAM-1.2.1.orig/modules/pam_unix/pam_unix_acct.c	2015-03-24 05:02:32.000000000 -0700
++++ Linux-PAM-1.2.1/modules/pam_unix/pam_unix_acct.c	2016-04-05 12:48:08.344913637 -0700
+@@ -219,6 +219,9 @@
+ 		return retval;
+ 	}
+ 
++	if (pwent->pw_passwd != NULL && pwent->pw_passwd[0] == '!')
++		return PAM_PERM_DENIED;
++	
+ 	if (retval == PAM_SUCCESS && spent == NULL)
+ 		return PAM_SUCCESS;
+ 

sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/tmpfiles.d/pam.conf

@@ -0,0 +1,10 @@
+d /etc/security			0755 root root	-	-
+d /etc/security/limits.d	0755 root root	-	-
+d /etc/security/namespace.d	0755 root root	-	-
+f /etc/environment		0755 root root	-	-	
+L /etc/security/access.conf	-    -	  -	-	../../usr/lib/pam/access.conf
+L /etc/security/group.conf	-    - 	  - 	-	../../usr/lib/pam/group.conf
+L /etc/security/limits.conf	-    -	  -	-	../../usr/lib/pam/limits.conf
+L /etc/security/namespace.conf	-    -	  -	-	../../usr/lib/pam/namespace.conf
+L /etc/security/pam_env.conf	-    -	  -	-	../../usr/lib/pam/pam_env.conf
+L /etc/security/time.conf	-    -	  -	-	../../usr/lib/pam/time.conf

sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.2.1.ebuild

@@ -4,7 +4,7 @@
 
 EAPI=5
 
-inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use
+inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use systemd
 
 MY_PN="Linux-PAM"
 MY_P="${MY_PN}-${PV}"
@@ -93,6 +93,7 @@ src_unpack() {
 }
 
 src_prepare() {
+	epatch "${FILESDIR}"/pam-1.2.1-locked-accounts.patch
 	elibtoolize
 }
 
@@ -132,24 +133,10 @@ multilib_src_compile() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install \
+	emake SCONFIGDIR="/usr/lib/pam/" DESTDIR="${D}" install \
 		sepermitlockdir="${EPREFIX}/run/sepermit"
-
-	local prefix
-	if multilib_is_native_abi; then
-		prefix=
-		gen_usr_ldscript -a pam pamc pam_misc
-	else
-		prefix=/usr
-	fi
-
-	# create extra symlinks just in case something depends on them...
-	local lib
-	for lib in pam pamc pam_misc; do
-		if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
-			dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
-		fi
-	done
+        rm "${D}/etc/environment"
+	systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/pam.conf"
 }
 
 DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )