mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-22 22:21:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

sys-libs/pam: Sync from Gentoo 58cc11685

Browse Source
This commit is contained in:
Mark Farrell 2024-06-27 08:59:59 +10:00
parent 01e9516052
commit cc8dd25640
9 changed files with 261 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sdk_container/src/third_party/coreos-overlay/sys-libs/pam/Manifest vendored
View File

@ -1,2 +1,4 @@
DIST pam-1.5.1_p20210622.tar.gz 783068 BLAKE2B c8f13c2ccef73ad367d4fac9a7d1d0d3f3d0e4f1c8eea877d2ab467411cf17cc32c6c9c89e98d94090481d7d7746723175031ba8713a8fb0c3e1976e2854e58b SHA512 5b7a84b9de2d0b0c39cb33e9b8d24aeedca670b998536d74dc497eb7af31cb1f3157f196a01712c4ae273634b51ddad2062f207534b35b1d1a1e790816c8dc1b DIST Linux-PAM-1.5.3-docs.tar.xz 466340 BLAKE2B 6bade3c63ebe6b6ca7a86d7385850bb87bf1d6526add3ac5aad140533516c1d27b594a17d09c4127ff985c42e6c571618785d6b2a2913e6575678c4dcf947dc0 SHA512 a9082823da88e0054d74e13aef872519ced5fbef25c8cc1a7e3a99160f835aa09c9ef701b6ec507acd3b540da0019288424bb4c8ebd828181ea90450db1494a9
DIST pam-doc-1.5.1_p20210610.tar.xz 62308 BLAKE2B b3311e704ddc840b7fd28ea7764e8a0d3fdf508e2e37405acbfa26462a188c480859b3b21bd4a4b4acea70928e68650c216e8fb2d2b6f11ba33f54c6692cf3a2 SHA512 89b88f8ebf0c46f6b25dc0c5f39383ecbef0b12d6ffab388d92026066ee986f9068819cdbf38baaa1e341cd6cc84b1e8d3ad02db121aaf0ddad27e4e6efe26e7 DIST Linux-PAM-1.5.3.tar.xz 1020076 BLAKE2B 362c939f3afc343e6f4e78e7f6ba6f7a9c6ee0a9948bb5a4fc34cecfd29e9fa974082534d4ceedd04d8d3e34c7b3ef43d2a07ba5f41d26da04ec8330fc3790fb SHA512 af88e8c1b6a9b737ffaffff7dd9ed8eec996d1fbb5804fb76f590bed66d8a1c2c6024a534d7a7b6d18496b300f3d6571a08874cf406cd2e8cea1d5eff49c136a
DIST Linux-PAM-1.6.1-docs.tar.xz 465516 BLAKE2B c39dfba2e327120edc1f30be6ea7f8e6cf20d1f4dd17752cc34e0ae1c0bd22b3d19b94ab665bf3df5bd6ecc7fc358dbbedd8a3069df95ff6189580e538aa3547 SHA512 c6054ec6832f604c0654cf074e4e241c44037fd41cd37cca7da94abe008ff72adc4466d31bd254517eda083c7ec3f6aefd37785b3ee3d0d4553250bd29963855
DIST Linux-PAM-1.6.1.tar.xz 1054152 BLAKE2B 649b4ff892fbd3eb90adcbd9ccc5b3f5df51bf1c79b9084c7a1613c432587b13b81761d1eb4f31ef12d58843d16af24a3c441d0b6f5d2f2a1db9c8da15a61e2f SHA512 ddb5a5f296f564b76925324550d29f15d342841a97815336789c7bb922a8663e831edeb54f3dcd1eaf297e3325c9e2e6c14b8740def5c43cf3f160a8a14fa2ea

26
sdk_container/src/third_party/coreos-overlay/sys-libs/pam/README.md vendored
View File

@ -1,26 +0,0 @@
This is a fork of gentoo's sys-libs/pam package. The main reasons
for having our fork seem to be:
1. We add a locked account functionality. If the account in
`/etc/shadow` has an exclamation mark (`!`) as a first character in
the password field, then the account is blocked.
2. We install configuration in `/usr/lib/pam`, so the configuration in
`/etc` provided by administration can override the config we
install.
3. For an unknown reason we drop `gen_usr_ldscript -a pam pam_misc
pamc` from the recipe.
4. We make the `/sbin/unix_chkpwd` binary a suid one instead of
overriding giving it a CAP_DAC_OVERRIDE to avoid a dependency loop
between pam and libcap. The binary needs to be able to read
/etc/shadow, so either suid or CAP_DAC_OVERRIDE capability should
work. A suid binary is strictly less secure than capability
override, so in long-term we would prefer to avoid having this
hack. On the other hand - this is what we had so far.
5. We replace the dependency on `virtual/yacc` with
`app-alternatives/yacc`. The former was renamed to the latter in
Gentoo, so this modification will be gone next time we update this
package.

13
sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.5.0-locked-accounts.patch vendored
View File

@ -1,13 +0,0 @@
diff -ur linux-pam-d5cb4409ab6b04a6ed7c00245e2c9a430f352b16.orig/modules/pam_unix/support.c linux-pam-d5cb4409ab6b04a6ed7c00245e2c9a430f352b16/modules/pam_unix/support.c
--- linux-pam-d5cb4409ab6b04a6ed7c00245e2c9a430f352b16.orig/modules/pam_unix/support.c 2020-08-18 20:50:27.226355628 +0200
+++ linux-pam-d5cb4409ab6b04a6ed7c00245e2c9a430f352b16/modules/pam_unix/support.c 2020-08-18 20:51:20.456212931 +0200
@@ -847,6 +847,9 @@
return retval;
}
+ if (pwent->pw_passwd != NULL && pwent->pw_passwd[0] == '!')
+ return PAM_PERM_DENIED;
+
if (retval == PAM_SUCCESS && spent == NULL)
return PAM_SUCCESS;

15
sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.5.1-musl.patch vendored
View File

@ -1,15 +0,0 @@
Fix undefined reference to `libintl_dgettext` on musl
Bug: https://bugs.gentoo.org/832573
Upstream: https://github.com/linux-pam/linux-pam/pull/433
--- a/libpam/Makefile.am
+++ b/libpam/Makefile.am
@@ -21,7 +21,7 @@ noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \
include/pam_inline.h include/test_assert.h
libpam_la_LDFLAGS = -no-undefined -version-info 85:1:85
-libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) $(ECONF_LIBS) @LIBDL@
+libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) $(ECONF_LIBS) @LIBDL@ @LTLIBINTL@
if HAVE_VERSIONING
libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map

34
sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.5.3-termios.patch vendored Normal file
View File

@ -0,0 +1,34 @@
Replace System V termio.h with POSIX termios.h for musl
Upstream: https://github.com/linux-pam/linux-pam/pull/576
Bug: https://bugs.gentoo.org/906137
From 5658105b04ad4df212baf302898ee2cca99516a6 Mon Sep 17 00:00:00 2001
From: Violet Purcell <vimproved@inventati.org>
Date: Thu, 11 May 2023 10:27:53 -0400
Subject: [PATCH] fix build on musl
--- a/examples/tty_conv.c
+++ b/examples/tty_conv.c
@@ -6,8 +6,9 @@
#include <string.h>
#include <errno.h>
#include <unistd.h>
-#include <termio.h>
+#include <termios.h>
#include <security/pam_appl.h>
+#include <sys/ioctl.h>
/***************************************
* @brief echo off/on
@@ -16,7 +17,7 @@
***************************************/
static void echoOff(int fd, int off)
{
- struct termio tty;
+ struct termios tty;
if (ioctl(fd, TCGETA, &tty) < 0)
{
fprintf(stderr, "TCGETA failed: %s\n", strerror(errno));
--
2.40.1

11
sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/tmpfiles.d/pam.conf vendored
View File

@ -1,11 +0,0 @@
d /etc/pam.d 0755 root root - -
d /etc/security 0755 root root - -
d /etc/security/limits.d 0755 root root - -
d /etc/security/namespace.d 0755 root root - -
f /etc/environment 0755 root root - -
L /etc/security/access.conf - - - - ../../usr/lib/pam/access.conf
L /etc/security/group.conf - - - - ../../usr/lib/pam/group.conf
L /etc/security/limits.conf - - - - ../../usr/lib/pam/limits.conf
L /etc/security/namespace.conf - - - - ../../usr/lib/pam/namespace.conf
L /etc/security/pam_env.conf - - - - ../../usr/lib/pam/pam_env.conf
L /etc/security/time.conf - - - - ../../usr/lib/pam/time.conf

35
sdk_container/src/third_party/coreos-overlay/sys-libs/pam/metadata.xml vendored
View File

@ -1,21 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata> <pkgmetadata>
<maintainer type="person"> <maintainer type="project">
<email>zlogene@gentoo.org</email> <email>base-system@gentoo.org</email>
<name>Mikle Kolyada</name> </maintainer>
</maintainer> <maintainer type="person">
<use> <email>sam@gentoo.org</email>
<flag name="berkdb"> <name>Sam James</name>
Build the pam_userdb module, that allows to authenticate users </maintainer>
against a Berkeley DB file. Please note that enabling this USE <use>
flag will create a PAM module that links to the Berkeley DB (as <flag name="berkdb">
provided by <pkg>sys-libs/db</pkg>) installed in /usr/lib and Build the pam_userdb module, that allows to authenticate users
will thus not work for boot-critical services authentication. against a Berkeley DB file. Please note that enabling this USE
</flag> flag will create a PAM module that links to the Berkeley DB (as
provided by <pkg>sys-libs/db</pkg>) installed in /usr/lib and
will thus not work for boot-critical services authentication.
</flag>
</use> </use>
<upstream> <upstream>
<remote-id type="github">linux-pam/linux-pam</remote-id> <remote-id type="github">linux-pam/linux-pam</remote-id>
<remote-id type="cpe">cpe:/a:kernel:linux-pam</remote-id> <remote-id type="cpe">cpe:/a:kernel:linux-pam</remote-id>
</upstream> </upstream>
</pkgmetadata> </pkgmetadata>

94
sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1_p20210622-r1.ebuild → sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.3-r1.ebuild vendored
View File

@ -1,73 +1,83 @@
# Copyright 1999-2022 Gentoo Authors # Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=7 EAPI=8
MY_P="Linux-${PN^^}-${PV}"
# Avoid QA warnings # Avoid QA warnings
# Can reconsider w/ EAPI 8 and IDEPEND, bug #810979 # Can reconsider w/ EAPI 8 and IDEPEND, bug #810979
TMPFILES_OPTIONAL=1 TMPFILES_OPTIONAL=1
inherit autotools db-use toolchain-funcs usr-ldscript multilib-minimal inherit db-use fcaps flag-o-matic toolchain-funcs multilib-minimal
GIT_COMMIT="fe1307512fb8892b5ceb3d884c793af8dbd4c16a"
DOC_SNAPSHOT="20210610"
DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
HOMEPAGE="https://github.com/linux-pam/linux-pam" HOMEPAGE="https://github.com/linux-pam/linux-pam"
SRC_URI="
SRC_URI="https://github.com/linux-pam/linux-pam/archive/${GIT_COMMIT}.tar.gz -> ${P}.tar.gz https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz
https://dev.gentoo.org/~zlogene/distfiles/${CATEGORY}/${PN}/${PN}-doc-${PV%_p*}_p${DOC_SNAPSHOT}.tar.xz" https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}-docs.tar.xz
"
S="${WORKDIR}/${MY_P}"
LICENSE="|| ( BSD GPL-2 )" LICENSE="|| ( BSD GPL-2 )"
SLOT="0" SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
IUSE="audit berkdb debug nis selinux" IUSE="audit berkdb debug nis selinux"
BDEPEND=" BDEPEND="
app-alternatives/yacc app-alternatives/yacc
dev-libs/libxslt dev-libs/libxslt
sys-devel/flex app-alternatives/lex
sys-devel/gettext sys-devel/gettext
virtual/pkgconfig virtual/pkgconfig
" "
DEPEND=" DEPEND="
virtual/libcrypt:=[${MULTILIB_USEDEP}] virtual/libcrypt:=[${MULTILIB_USEDEP}]
>=virtual/libintl-0-r1[${MULTILIB_USEDEP}] >=virtual/libintl-0-r1[${MULTILIB_USEDEP}]
audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
nis? ( net-libs/libnsl:=[${MULTILIB_USEDEP}] nis? (
>=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}] )" net-libs/libnsl:=[${MULTILIB_USEDEP}]
>=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}]
)
"
RDEPEND="${DEPEND}" RDEPEND="${DEPEND}"
PDEPEND=">=sys-auth/pambase-20200616" PDEPEND=">=sys-auth/pambase-20200616"
S="${WORKDIR}/linux-${PN}-${GIT_COMMIT}"
PATCHES=( PATCHES=(
"${FILESDIR}"/${PN}-1.5.0-locked-accounts.patch "${FILESDIR}/${P}-termios.patch"
"${FILESDIR}"/${PN}-1.5.1-musl.patch
) )
src_prepare() { src_prepare() {
default default
touch ChangeLog || die touch ChangeLog || die
eautoreconf
} }
multilib_src_configure() { multilib_src_configure() {
# Do not let user's BROWSER setting mess us up. #549684 # Do not let user's BROWSER setting mess us up, bug #549684
unset BROWSER unset BROWSER
# This whole weird has_version libxcrypt block can go once
# musl systems have libxcrypt[system] if we ever make
# that mandatory. See bug #867991.
if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then
# Avoid picking up symbol-versioned compat symbol on musl systems
export ac_cv_search_crypt_gensalt_rn=no
# Need to avoid picking up the libxcrypt headers which define
# CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY.
cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die
append-cppflags -I"${T}"
fi
local myconf=( local myconf=(
CC_FOR_BUILD="$(tc-getBUILD_CC)" CC_FOR_BUILD="$(tc-getBUILD_CC)"
--with-db-uniquename=-$(db_findver sys-libs/db) --with-db-uniquename=-$(db_findver sys-libs/db)
--with-xml-catalog=/etc/xml/catalog --with-xml-catalog="${EPREFIX}"/etc/xml/catalog
--enable-securedir=/$(get_libdir)/security --enable-securedir="${EPREFIX}"/$(get_libdir)/security
--includedir=/usr/include/security --includedir="${EPREFIX}"/usr/include/security
--libdir=/usr/$(get_libdir) --libdir="${EPREFIX}"/usr/$(get_libdir)
--enable-pie --enable-pie
--enable-unix --enable-unix
--disable-prelude --disable-prelude
@ -75,14 +85,23 @@ multilib_src_configure() {
--disable-regenerate-docu --disable-regenerate-docu
--disable-static --disable-static
--disable-Werror --disable-Werror
# TODO: wire this up now it's more useful as of 1.5.3 (bug #931117)
--disable-econf
# TODO: add elogind support (bug #931115)
# lastlog is enabled again for now by us until logind support
# is handled. Even then, disabling lastlog will probably need
# a news item.
--disable-logind
--enable-lastlog
$(use_enable audit) $(use_enable audit)
$(use_enable berkdb db) $(use_enable berkdb db)
$(use_enable debug) $(use_enable debug)
$(use_enable nis) $(use_enable nis)
$(use_enable selinux) $(use_enable selinux)
--enable-isadir='.' #464016 --enable-isadir='.' # bug #464016
--enable-sconfigdir="/usr/lib/pam/" )
)
ECONF_SOURCE="${S}" econf "${myconf[@]}" ECONF_SOURCE="${S}" econf "${myconf[@]}"
} }
@ -98,19 +117,10 @@ multilib_src_install() {
multilib_src_install_all() { multilib_src_install_all() {
find "${ED}" -type f -name '*.la' -delete || die find "${ED}" -type f -name '*.la' -delete || die
# Flatcar: The pam_unix module needs to check the password of
# the user which requires read access to /etc/shadow
# only. Make it suid instead of using CAP_DAC_OVERRIDE to
# avoid a pam -> libcap -> pam dependency loop.
fperms 4711 /sbin/unix_chkpwd
# tmpfiles.eclass is impossible to use because # tmpfiles.eclass is impossible to use because
# there is the pam -> tmpfiles -> systemd -> pam dependency loop # there is the pam -> tmpfiles -> systemd -> pam dependency loop
dodir /usr/lib/tmpfiles.d dodir /usr/lib/tmpfiles.d
rm "${D}/etc/environment"
cp "${FILESDIR}/tmpfiles.d/pam.conf" "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-config.conf
cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_ cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_
d /run/faillock 0755 root root d /run/faillock 0755 root root
_EOF_ _EOF_
@ -120,7 +130,7 @@ multilib_src_install_all() {
local page local page
for page in "${WORKDIR}"/man/*.{3,5,8} ; do for page in doc/man/*.{3,5,8} modules/*/*.{5,8} ; do
doman ${page} doman ${page}
done done
} }
@ -133,7 +143,11 @@ pkg_postinst() {
ewarn "restart the software manually after the update." ewarn "restart the software manually after the update."
ewarn "" ewarn ""
ewarn "You can get a list of such software running a command like" ewarn "You can get a list of such software running a command like"
ewarn " lsof / | egrep -i 'del.*libpam\\.so'" ewarn " lsof / | grep -E -i 'del.*libpam\\.so'"
ewarn "" ewarn ""
ewarn "Alternatively, simply reboot your system." ewarn "Alternatively, simply reboot your system."
# The pam_unix module needs to check the password of the user which requires
# read access to /etc/shadow only.
fcaps cap_dac_override sbin/unix_chkpwd
} }

150
sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.6.1.ebuild vendored Normal file
View File

@ -0,0 +1,150 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
MY_P="Linux-${PN^^}-${PV}"
# Avoid QA warnings
# Can reconsider w/ EAPI 8 and IDEPEND, bug #810979
TMPFILES_OPTIONAL=1
inherit db-use fcaps flag-o-matic toolchain-funcs multilib-minimal
DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
HOMEPAGE="https://github.com/linux-pam/linux-pam"
SRC_URI="
https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz
https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}-docs.tar.xz
"
S="${WORKDIR}/${MY_P}"
LICENSE="|| ( BSD GPL-2 )"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
IUSE="audit berkdb examples debug nis selinux"
BDEPEND="
app-alternatives/yacc
dev-libs/libxslt
app-alternatives/lex
sys-devel/gettext
virtual/pkgconfig
"
DEPEND="
virtual/libcrypt:=[${MULTILIB_USEDEP}]
>=virtual/libintl-0-r1[${MULTILIB_USEDEP}]
audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
nis? (
net-libs/libnsl:=[${MULTILIB_USEDEP}]
>=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}]
)
"
RDEPEND="${DEPEND}"
PDEPEND=">=sys-auth/pambase-20200616"
src_prepare() {
default
touch ChangeLog || die
}
multilib_src_configure() {
# Do not let user's BROWSER setting mess us up, bug #549684
unset BROWSER
# This whole weird has_version libxcrypt block can go once
# musl systems have libxcrypt[system] if we ever make
# that mandatory. See bug #867991.
if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then
# Avoid picking up symbol-versioned compat symbol on musl systems
export ac_cv_search_crypt_gensalt_rn=no
# Need to avoid picking up the libxcrypt headers which define
# CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY.
cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die
append-cppflags -I"${T}"
fi
local myconf=(
CC_FOR_BUILD="$(tc-getBUILD_CC)"
--with-db-uniquename=-$(db_findver sys-libs/db)
--with-xml-catalog="${EPREFIX}"/etc/xml/catalog
--enable-securedir="${EPREFIX}"/$(get_libdir)/security
--includedir="${EPREFIX}"/usr/include/security
--libdir="${EPREFIX}"/usr/$(get_libdir)
--enable-pie
--enable-unix
--disable-prelude
--disable-doc
--disable-regenerate-docu
--disable-static
--disable-Werror
# TODO: wire this up now it's more useful as of 1.5.3 (bug #931117)
--disable-econf
# TODO: add elogind support (bug #931115)
# lastlog is enabled again for now by us until logind support
# is handled. Even then, disabling lastlog will probably need
# a news item.
--disable-logind
--enable-lastlog
$(use_enable audit)
$(multilib_native_use_enable examples)
$(use_enable berkdb db)
$(use_enable debug)
$(use_enable nis)
$(use_enable selinux)
--enable-isadir='.' # bug #464016
)
ECONF_SOURCE="${S}" econf "${myconf[@]}"
}
multilib_src_compile() {
emake sepermitlockdir="/run/sepermit"
}
multilib_src_install() {
emake DESTDIR="${D}" install \
sepermitlockdir="/run/sepermit"
}
multilib_src_install_all() {
find "${ED}" -type f -name '*.la' -delete || die
# tmpfiles.eclass is impossible to use because
# there is the pam -> tmpfiles -> systemd -> pam dependency loop
dodir /usr/lib/tmpfiles.d
cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_
d /run/faillock 0755 root root
_EOF_
use selinux && cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_
d /run/sepermit 0755 root root
_EOF_
local page
for page in doc/man/*.{3,5,8} modules/*/*.{5,8} ; do
doman ${page}
done
}
pkg_postinst() {
ewarn "Some software with pre-loaded PAM libraries might experience"
ewarn "warnings or failures related to missing symbols and/or versions"
ewarn "after any update. While unfortunate this is a limit of the"
ewarn "implementation of PAM and the software, and it requires you to"
ewarn "restart the software manually after the update."
ewarn ""
ewarn "You can get a list of such software running a command like"
ewarn " lsof / | grep -E -i 'del.*libpam\\.so'"
ewarn ""
ewarn "Alternatively, simply reboot your system."
# The pam_unix module needs to check the password of the user which requires
# read access to /etc/shadow only.
fcaps cap_dac_override sbin/unix_chkpwd
}