sys-libs/pam: Sync with Gentoo

It's from Gentoo commit 96c165c8e62c78ef9c7fa1814a79dddc98943be4.

Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>

sdk_container/src/third_party/portage-stable/sys-libs/pam/Manifest

@@ -1,5 +1,2 @@
-DIST Linux-PAM-1.7.1.tar.xz 510828 BLAKE2B 0a64d7dbf6bb7e3d2c36ea1f29c3217d3e43a1cc0ba8adf2ee8a117946a53bd26634ebd70ff3b99a72f7373df6694ee054dc7eddab04e43bbc8f5b0e9e56b3bc SHA512 0724c3636c10e2c7d98c9325bb9c20eb3e59b7cbc2f8fa7636b77af497524afe595b895386d7e6723fdb89247b94f6db6f179d552015ac78469beaa33e0413f0
-DIST Linux-PAM-1.7.1.tar.xz.asc 801 BLAKE2B 566123f49e26862ffc2261db38e35914dd91175c9f66a4756b9a473808dfeda2a4dad25337afa5121ca68a2411a26249b0d40556a22385f4494d355d6c3b4047 SHA512 7d559895e7988ea815955a4788925597073f1a66204dc9f437de306e1b7a77f2f2a9f1bdb2827aba03444500c790fa03e4bba2c94a2089b23bdd6505f9c3601f
 DIST Linux-PAM-1.7.2.tar.xz 511724 BLAKE2B d7ebfac4393af3f889fef973946f1e6d60f118f2e048448708c5fdf0ef7fa7780945cda3b0abf6e0e2e15bbc2dd23be52389efabd00647381b3bc971f1aadcd8 SHA512 b035c0abeb5afb6b3067341767ace6d68ded4c061870afff2ab9494713b1dc9d2ff0995a5d1f0852a49b6e8b2123a7cc2f40342e16c7863a58df3c102b9010c5
 DIST Linux-PAM-1.7.2.tar.xz.asc 833 BLAKE2B 86c4eb129af7afe8348eddf78d764c0658dd9597b62ed0657ea23cca80dd29a052cdef8f588abe3615a2a40062c210fe0c04cca29309dfb3dcb70d13be4ab8db SHA512 01f6e770e8a0eb60f76d95581f66c4eece6436ec8f2e5766e57a4240014ab43e5ad991fa7f77cfc4c57809a0e0c47ccf60118cb49dee790413cf824ebd80b879
-DIST pam-1.7.0_p20241230.gh.tar.gz 719108 BLAKE2B c37daabae380ce75c630a0af1b9960676bc973c773025bc7f65ae87aebff4ca3b667e16ec9635c7677e8a00e6b26eb590f84b798529c3340cdc2c262e7e5649e SHA512 d9d53ddd420fe754c76303b99c37e5cc2eca3d4af9f64043f3f9e69c3abfc3c05d5a1efdbbdfb39ad46a301a0df7a18425d0e8c110c1d76bad3e62dfa97b61ef

sdk_container/src/third_party/portage-stable/sys-libs/pam/files/pam-1.7.1-32-bit-lastlog.patch

@@ -1,37 +0,0 @@
-https://github.com/linux-pam/linux-pam/commit/4176cf25a3ae8b5fd2956b41b068221b39932c3a
-
-From 4176cf25a3ae8b5fd2956b41b068221b39932c3a Mon Sep 17 00:00:00 2001
-From: "Dmitry V. Levin" <ldv@strace.io>
-Date: Tue, 17 Jun 2025 13:00:00 +0000
-Subject: [PATCH] pam_lastlog: fix compilation warning on some of 32-bit
- architectures
-
-On those of 32-bit architectures where glibc defines
-__WORDSIZE_TIME64_COMPAT32, struct utmp.ut_tv.tv_sec is unsigned,
-while time_t is signed, causing the following compiler diagnostics:
-
-  pam_lastlog.c: In function 'last_login_failed':
-  pam_lastlog.c:572:29: warning: comparison of integer expressions of different signedness: '__uint32_t' {aka 'unsigned int'} and 'time_t' {aka 'long int'} [-Wsign-compare]
-  572 |         if (ut.ut_tv.tv_sec >= lltime && strncmp(ut.ut_user, user, UT_NAMESIZE) == 0) {
-
-Given that by its nature these values are treated as unsigned, fix this
-by zero-extending both values to unsigned long long before the comparison.
----
- modules/pam_lastlog/pam_lastlog.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
-index 01545a696..c68b5fb04 100644
---- a/modules/pam_lastlog/pam_lastlog.c
-+++ b/modules/pam_lastlog/pam_lastlog.c
-@@ -569,7 +569,8 @@ last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t llt
- 
-     while ((retval=pam_modutil_read(fd, (void *)&ut,
- 			 sizeof(ut))) == sizeof(ut)) {
--	if (ut.ut_tv.tv_sec >= lltime && strncmp(ut.ut_user, user, UT_NAMESIZE) == 0) {
-+	if (zero_extend_signed_to_ull(ut.ut_tv.tv_sec) >= zero_extend_signed_to_ull(lltime)
-+	    && strncmp(ut.ut_user, user, UT_NAMESIZE) == 0) {
- 	    memcpy(&utuser, &ut, sizeof(utuser));
- 	    failed++;
- 	}
-

sdk_container/src/third_party/portage-stable/sys-libs/pam/files/pam-1.7.1-32-bit-timestamp.patch

@@ -1,37 +0,0 @@
-https://github.com/linux-pam/linux-pam/commit/e3b66a60e4209e019cf6a45f521858cec2dbefa1
-
-From e3b66a60e4209e019cf6a45f521858cec2dbefa1 Mon Sep 17 00:00:00 2001
-From: "Dmitry V. Levin" <ldv@strace.io>
-Date: Tue, 17 Jun 2025 13:00:00 +0000
-Subject: [PATCH] pam_timestamp: fix compilation warning on some of 32-bit
- architectures
-
-On those of 32-bit architectures where glibc defines
-__WORDSIZE_TIME64_COMPAT32, struct utmp.ut_tv.tv_sec is unsigned,
-while time_t is signed, causing the following compiler diagnostics:
-
-  pam_timestamp.c: In function 'check_login_time':
-  pam_timestamp.c:247:55: warning: comparison of integer expressions of different signedness: 'time_t' {aka 'long int'} and '__uint32_t' {aka 'unsigned int'} [-Wsign-compare]
-  247 |                 if (oldest_login == 0 || oldest_login > ut->ut_tv.tv_sec) {
-
-Given that by its nature these values are treated as unsigned, fix this
-by zero-extending both values to unsigned long long before the comparison.
----
- modules/pam_timestamp/pam_timestamp.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
-index 0172d1ef9..030fa2b8f 100644
---- a/modules/pam_timestamp/pam_timestamp.c
-+++ b/modules/pam_timestamp/pam_timestamp.c
-@@ -244,7 +244,9 @@ check_login_time(
- 		if (strncmp(ruser, ut->ut_user, sizeof(ut->ut_user)) != 0) {
- 			continue;
- 		}
--		if (oldest_login == 0 || oldest_login > ut->ut_tv.tv_sec) {
-+		if (oldest_login == 0 ||
-+		    zero_extend_signed_to_ull(oldest_login)
-+		    > zero_extend_signed_to_ull(ut->ut_tv.tv_sec)) {
- 			oldest_login = ut->ut_tv.tv_sec;
- 		}
- 	}

sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.0_p20241230-r3.ebuild

@@ -1,192 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-MY_P="Linux-${PN^^}-${PV}"
-
-# Avoid QA warnings
-# Can reconsider w/ EAPI 8 and IDEPEND, bug #810979
-TMPFILES_OPTIONAL=1
-
-inherit db-use fcaps flag-o-matic meson-multilib toolchain-funcs
-
-DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
-HOMEPAGE="https://github.com/linux-pam/linux-pam"
-
-if [[ ${PV} == *_p* ]] ; then
-	PAM_COMMIT="e634a3a9be9484ada6e93970dfaf0f055ca17332"
-	SRC_URI="
-		https://github.com/linux-pam/linux-pam/archive/${PAM_COMMIT}.tar.gz -> ${P}.gh.tar.gz
-	"
-	S="${WORKDIR}"/linux-${PN}-${PAM_COMMIT}
-else
-	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/pam.asc
-	inherit verify-sig
-
-	SRC_URI="
-		https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz
-		verify-sig? ( https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz.asc )
-	"
-	S="${WORKDIR}/${MY_P}"
-
-	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-pam )"
-fi
-
-LICENSE="|| ( BSD GPL-2 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
-IUSE="audit berkdb elogind examples debug nis nls selinux systemd"
-REQUIRED_USE="?? ( elogind systemd )"
-
-# meson.build specifically checks for bison and then byacc
-# also requires xsltproc
-BDEPEND+="
-	|| ( sys-devel/bison dev-util/byacc )
-	app-text/docbook-xsl-ns-stylesheets
-	dev-libs/libxslt
-	sys-devel/flex
-	virtual/pkgconfig
-	nls? ( sys-devel/gettext )
-"
-DEPEND="
-	virtual/libcrypt:=[${MULTILIB_USEDEP}]
-	>=virtual/libintl-0-r1[${MULTILIB_USEDEP}]
-	audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
-	berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
-	!berkdb? ( sys-libs/gdbm:=[${MULTILIB_USEDEP}] )
-	elogind? ( >=sys-auth/elogind-254 )
-	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
-	systemd? ( >=sys-apps/systemd-254:= )
-	nis? (
-		net-libs/libnsl:=[${MULTILIB_USEDEP}]
-		>=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}]
-	)
-"
-RDEPEND="${DEPEND}"
-PDEPEND=">=sys-auth/pambase-20200616"
-
-src_configure() {
-	# meson.build sets -Wl,--fatal-warnings and with e.g. mold, we get:
-	#  cannot assign version `global` to symbol `pam_sm_open_session`: symbol not found
-	append-ldflags $(test-flags-CCLD -Wl,--undefined-version)
-
-	# Do not let user's BROWSER setting mess us up, bug #549684
-	unset BROWSER
-
-	meson-multilib_src_configure
-}
-
-multilib_src_configure() {
-	local machine_file="${T}/meson.${CHOST}.${ABI}.ini.local"
-	# Workaround for docbook5 not being packaged (bug #913087#c4)
-	# It's only used for validation of output, so stub it out.
-	# Also, stub out elinks+w3m which are only used for an index.
-	cat >> "${machine_file}" <<-EOF || die
-	[binaries]
-	xmlcatalog='true'
-	xmllint='true'
-	elinks='true'
-	w3m='true'
-	EOF
-
-	local emesonargs=()
-
-	if tc-is-cross-compiler; then
-		emesonargs+=( --cross-file "${machine_file}" )
-	else
-		emesonargs+=( --native-file "${machine_file}" )
-	fi
-
-	emesonargs+=(
-		$(meson_feature audit)
-		$(meson_native_use_bool examples)
-		$(meson_use debug pam-debug)
-		$(meson_feature nis)
-		$(meson_feature nls i18n)
-		$(meson_feature selinux)
-
-		-Disadir='.'
-		-Dxml-catalog="${BROOT}"/etc/xml/catalog
-		-Dsbindir="${EPREFIX}"/sbin
-		-Dsecuredir="${EPREFIX}"/$(get_libdir)/security
-		-Ddocdir="${EPREFIX}"/usr/share/doc/${PF}
-		-Dhtmldir="${EPREFIX}"/usr/share/doc/${PF}/html
-		-Dpdfdir="${EPREFIX}"/usr/share/doc/${PF}/pdf
-
-		$(meson_native_enabled docs)
-
-		-Dpam_unix=enabled
-
-		# TODO: wire this up now it's more useful as of 1.5.3 (bug #931117)
-		-Deconf=disabled
-
-		# TODO: lastlog is enabled again for now by us as elogind support
-		# wasn't available at first. Even then, disabling lastlog will
-		# probably need a news item.
-		$(meson_native_use_feature systemd logind)
-		$(meson_native_use_feature elogind)
-		$(meson_feature !elibc_musl pam_lastlog)
-	)
-
-	if use berkdb; then
-		local dbver
-		dbver="$(db_findver sys-libs/db)" || die "could not find db version"
-		local -x CPPFLAGS="${CPPFLAGS} -I$(db_includedir "${dbver}")"
-		emesonargs+=(
-			-Ddb=db
-			-Ddb-uniquename="-${dbver}"
-		)
-	else
-		emesonargs+=(
-			-Ddb=gdbm
-		)
-	fi
-
-	# This whole weird has_version libxcrypt block can go once
-	# musl systems have libxcrypt[system] if we ever make
-	# that mandatory. See bug #867991.
-	#if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then
-	#	# Avoid picking up symbol-versioned compat symbol on musl systems
-	#	export ac_cv_search_crypt_gensalt_rn=no
-	#
-	#	# Need to avoid picking up the libxcrypt headers which define
-	#	# CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY.
-	#	cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die
-	#	append-cppflags -I"${T}"
-	#fi
-
-	meson_src_configure
-}
-
-multilib_src_install_all() {
-	find "${ED}" -type f -name '*.la' -delete || die
-
-	# tmpfiles.eclass is impossible to use because
-	# there is the pam -> tmpfiles -> systemd -> pam dependency loop
-	dodir /usr/lib/tmpfiles.d
-
-	cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_
-		d /run/faillock 0755 root root
-	_EOF_
-	use selinux && cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_
-		d /run/sepermit 0755 root root
-	_EOF_
-}
-
-pkg_postinst() {
-	ewarn "Some software with pre-loaded PAM libraries might experience"
-	ewarn "warnings or failures related to missing symbols and/or versions"
-	ewarn "after any update. While unfortunate this is a limit of the"
-	ewarn "implementation of PAM and the software, and it requires you to"
-	ewarn "restart the software manually after the update."
-	ewarn ""
-	ewarn "You can get a list of such software running a command like"
-	ewarn "  lsof / | grep -E -i 'del.*libpam\\.so'"
-	ewarn ""
-	ewarn "Alternatively, simply reboot your system."
-
-	# The pam_unix module needs to check the password of the user which requires
-	# read access to /etc/shadow only.
-	fcaps -m u+s cap_dac_override sbin/unix_chkpwd
-}

sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.1-r1.ebuild

@@ -1,191 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-MY_P="Linux-${PN^^}-${PV}"
-
-# Avoid QA warnings
-# Can reconsider w/ EAPI 8 and IDEPEND, bug #810979
-TMPFILES_OPTIONAL=1
-
-inherit db-use fcaps flag-o-matic meson-multilib
-
-DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
-HOMEPAGE="https://github.com/linux-pam/linux-pam"
-
-if [[ ${PV} == *_p* ]] ; then
-	PAM_COMMIT="e634a3a9be9484ada6e93970dfaf0f055ca17332"
-	SRC_URI="
-		https://github.com/linux-pam/linux-pam/archive/${PAM_COMMIT}.tar.gz -> ${P}.gh.tar.gz
-	"
-	S="${WORKDIR}"/linux-${PN}-${PAM_COMMIT}
-else
-	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/pam.asc
-	inherit verify-sig
-
-	SRC_URI="
-		https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz
-		verify-sig? ( https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz.asc )
-	"
-	S="${WORKDIR}/${MY_P}"
-
-	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-pam )"
-fi
-
-LICENSE="|| ( BSD GPL-2 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
-IUSE="audit berkdb elogind examples debug nis nls selinux systemd"
-REQUIRED_USE="?? ( elogind systemd )"
-
-# meson.build specifically checks for bison and then byacc
-# also requires xsltproc
-BDEPEND+="
-	|| ( sys-devel/bison dev-util/byacc )
-	app-text/docbook-xsl-ns-stylesheets
-	dev-libs/libxslt
-	sys-devel/flex
-	virtual/pkgconfig
-	nls? ( sys-devel/gettext )
-"
-DEPEND="
-	virtual/libcrypt:=[${MULTILIB_USEDEP}]
-	>=virtual/libintl-0-r1[${MULTILIB_USEDEP}]
-	audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
-	berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
-	!berkdb? ( sys-libs/gdbm:=[${MULTILIB_USEDEP}] )
-	elogind? ( >=sys-auth/elogind-254 )
-	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
-	systemd? ( >=sys-apps/systemd-254:= )
-	nis? (
-		net-libs/libnsl:=[${MULTILIB_USEDEP}]
-		>=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}]
-	)
-"
-RDEPEND="${DEPEND}"
-PDEPEND=">=sys-auth/pambase-20200616"
-
-PATCHES=(
-	"${FILESDIR}"/${P}-32-bit-lastlog.patch
-	"${FILESDIR}"/${P}-32-bit-timestamp.patch
-)
-
-src_configure() {
-	# meson.build sets -Wl,--fatal-warnings and with e.g. mold, we get:
-	#  cannot assign version `global` to symbol `pam_sm_open_session`: symbol not found
-	append-ldflags $(test-flags-CCLD -Wl,--undefined-version)
-
-	# Do not let user's BROWSER setting mess us up, bug #549684
-	unset BROWSER
-
-	meson-multilib_src_configure
-}
-
-multilib_src_configure() {
-	local machine_file="${T}/meson.${CHOST}.${ABI}.ini.local"
-	# Workaround for docbook5 not being packaged (bug #913087#c4)
-	# It's only used for validation of output, so stub it out.
-	# Also, stub out elinks+w3m which are only used for an index.
-	cat >> "${machine_file}" <<-EOF || die
-	[binaries]
-	xmlcatalog='true'
-	xmllint='true'
-	elinks='true'
-	w3m='true'
-	EOF
-
-	local emesonargs=(
-		--native-file "${machine_file}"
-
-		$(meson_feature audit)
-		$(meson_native_use_bool examples)
-		$(meson_use debug pam-debug)
-		$(meson_feature nis)
-		$(meson_feature nls i18n)
-		$(meson_feature selinux)
-
-		-Disadir='.'
-		-Dxml-catalog="${BROOT}"/etc/xml/catalog
-		-Dsbindir="${EPREFIX}"/sbin
-		-Dsecuredir="${EPREFIX}"/$(get_libdir)/security
-		-Ddocdir="${EPREFIX}"/usr/share/doc/${PF}
-		-Dhtmldir="${EPREFIX}"/usr/share/doc/${PF}/html
-		-Dpdfdir="${EPREFIX}"/usr/share/doc/${PF}/pdf
-
-		$(meson_native_enabled docs)
-
-		-Dpam_unix=enabled
-
-		# TODO: wire this up now it's more useful as of 1.5.3 (bug #931117)
-		-Deconf=disabled
-
-		# TODO: lastlog is enabled again for now by us as elogind support
-		# wasn't available at first. Even then, disabling lastlog will
-		# probably need a news item.
-		$(meson_native_use_feature systemd logind)
-		$(meson_native_use_feature elogind)
-		$(meson_feature !elibc_musl pam_lastlog)
-	)
-
-	if use berkdb; then
-		local dbver
-		dbver="$(db_findver sys-libs/db)" || die "could not find db version"
-		local -x CPPFLAGS="${CPPFLAGS} -I$(db_includedir "${dbver}")"
-		emesonargs+=(
-			-Ddb=db
-			-Ddb-uniquename="-${dbver}"
-		)
-	else
-		emesonargs+=(
-			-Ddb=gdbm
-		)
-	fi
-
-	# This whole weird has_version libxcrypt block can go once
-	# musl systems have libxcrypt[system] if we ever make
-	# that mandatory. See bug #867991.
-	#if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then
-	#	# Avoid picking up symbol-versioned compat symbol on musl systems
-	#	export ac_cv_search_crypt_gensalt_rn=no
-	#
-	#	# Need to avoid picking up the libxcrypt headers which define
-	#	# CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY.
-	#	cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die
-	#	append-cppflags -I"${T}"
-	#fi
-
-	meson_src_configure
-}
-
-multilib_src_install_all() {
-	find "${ED}" -type f -name '*.la' -delete || die
-
-	# tmpfiles.eclass is impossible to use because
-	# there is the pam -> tmpfiles -> systemd -> pam dependency loop
-	dodir /usr/lib/tmpfiles.d
-
-	cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_
-		d /run/faillock 0755 root root
-	_EOF_
-	use selinux && cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_
-		d /run/sepermit 0755 root root
-	_EOF_
-}
-
-pkg_postinst() {
-	ewarn "Some software with pre-loaded PAM libraries might experience"
-	ewarn "warnings or failures related to missing symbols and/or versions"
-	ewarn "after any update. While unfortunate this is a limit of the"
-	ewarn "implementation of PAM and the software, and it requires you to"
-	ewarn "restart the software manually after the update."
-	ewarn ""
-	ewarn "You can get a list of such software running a command like"
-	ewarn "  lsof / | grep -E -i 'del.*libpam\\.so'"
-	ewarn ""
-	ewarn "Alternatively, simply reboot your system."
-
-	# The pam_unix module needs to check the password of the user which requires
-	# read access to /etc/shadow only.
-	fcaps -m u+s cap_dac_read_search sbin/unix_chkpwd
-}

sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.1-r3.ebuild

@@ -1,202 +0,0 @@
-# Copyright 1999-2026 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-MY_P="Linux-${PN^^}-${PV}"
-
-# Avoid QA warnings
-# Can reconsider w/ EAPI 8 and IDEPEND, bug #810979
-TMPFILES_OPTIONAL=1
-
-inherit db-use flag-o-matic meson-multilib user-info
-
-DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
-HOMEPAGE="https://github.com/linux-pam/linux-pam"
-
-if [[ ${PV} == *_p* ]] ; then
-	PAM_COMMIT="e634a3a9be9484ada6e93970dfaf0f055ca17332"
-	SRC_URI="
-		https://github.com/linux-pam/linux-pam/archive/${PAM_COMMIT}.tar.gz -> ${P}.gh.tar.gz
-	"
-	S="${WORKDIR}"/linux-${PN}-${PAM_COMMIT}
-else
-	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/pam.asc
-	inherit verify-sig
-
-	SRC_URI="
-		https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz
-		verify-sig? ( https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz.asc )
-	"
-	S="${WORKDIR}/${MY_P}"
-
-	BDEPEND="verify-sig? ( ~sec-keys/openpgp-keys-pam-20230330 )"
-fi
-
-LICENSE="|| ( BSD GPL-2 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
-IUSE="audit berkdb elogind examples debug nis nls selinux systemd"
-REQUIRED_USE="?? ( elogind systemd )"
-
-# meson.build specifically checks for bison and then byacc
-# also requires xsltproc
-BDEPEND+="
-	acct-group/shadow
-	|| ( sys-devel/bison dev-util/byacc )
-	app-text/docbook-xsl-ns-stylesheets
-	dev-libs/libxslt
-	sys-devel/flex
-	virtual/pkgconfig
-	nls? ( sys-devel/gettext )
-"
-DEPEND="
-	virtual/libcrypt:=[${MULTILIB_USEDEP}]
-	>=virtual/libintl-0-r1[${MULTILIB_USEDEP}]
-	audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
-	berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
-	!berkdb? ( sys-libs/gdbm:=[${MULTILIB_USEDEP}] )
-	elogind? ( >=sys-auth/elogind-254 )
-	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
-	systemd? ( >=sys-apps/systemd-254:= )
-	nis? (
-		net-libs/libnsl:=[${MULTILIB_USEDEP}]
-		>=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}]
-	)
-"
-RDEPEND="${DEPEND}
-	acct-group/shadow
-"
-PDEPEND=">=sys-auth/pambase-20200616"
-
-PATCHES=(
-	"${FILESDIR}"/${P}-32-bit-lastlog.patch
-	"${FILESDIR}"/${P}-32-bit-timestamp.patch
-)
-
-src_configure() {
-	# meson.build sets -Wl,--fatal-warnings and with e.g. mold, we get:
-	#  cannot assign version `global` to symbol `pam_sm_open_session`: symbol not found
-	append-ldflags $(test-flags-CCLD -Wl,--undefined-version)
-
-	# Do not let user's BROWSER setting mess us up, bug #549684
-	unset BROWSER
-
-	meson-multilib_src_configure
-}
-
-multilib_src_configure() {
-	local machine_file="${T}/meson.${CHOST}.${ABI}.ini.local"
-	# Workaround for docbook5 not being packaged (bug #913087#c4)
-	# It's only used for validation of output, so stub it out.
-	# Also, stub out elinks+w3m which are only used for an index.
-	cat >> "${machine_file}" <<-EOF || die
-	[binaries]
-	xmlcatalog='true'
-	xmllint='true'
-	elinks='true'
-	w3m='true'
-	EOF
-
-	local emesonargs=(
-		--native-file "${machine_file}"
-
-		$(meson_feature audit)
-		$(meson_native_use_bool examples)
-		$(meson_use debug pam-debug)
-		$(meson_feature nis)
-		$(meson_feature nls i18n)
-		$(meson_feature selinux)
-
-		-Disadir='.'
-		-Dxml-catalog="${BROOT}"/etc/xml/catalog
-		-Dsbindir="${EPREFIX}"/sbin
-		-Dsecuredir="${EPREFIX}"/$(get_libdir)/security
-		-Ddocdir="${EPREFIX}"/usr/share/doc/${PF}
-		-Dhtmldir="${EPREFIX}"/usr/share/doc/${PF}/html
-		-Dpdfdir="${EPREFIX}"/usr/share/doc/${PF}/pdf
-
-		$(meson_native_enabled docs)
-
-		-Dpam_unix=enabled
-
-		# TODO: wire this up now it's more useful as of 1.5.3 (bug #931117)
-		-Deconf=disabled
-
-		# TODO: lastlog is enabled again for now by us as elogind support
-		# wasn't available at first. Even then, disabling lastlog will
-		# probably need a news item.
-		$(meson_native_use_feature systemd logind)
-		$(meson_native_use_feature elogind)
-		$(meson_feature !elibc_musl pam_lastlog)
-	)
-
-	if use berkdb; then
-		local dbver
-		dbver="$(db_findver sys-libs/db)" || die "could not find db version"
-		local -x CPPFLAGS="${CPPFLAGS} -I$(db_includedir "${dbver}")"
-		emesonargs+=(
-			-Ddb=db
-			-Ddb-uniquename="-${dbver}"
-		)
-	else
-		emesonargs+=(
-			-Ddb=gdbm
-		)
-	fi
-
-	# This whole weird has_version libxcrypt block can go once
-	# musl systems have libxcrypt[system] if we ever make
-	# that mandatory. See bug #867991.
-	#if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then
-	#	# Avoid picking up symbol-versioned compat symbol on musl systems
-	#	export ac_cv_search_crypt_gensalt_rn=no
-	#
-	#	# Need to avoid picking up the libxcrypt headers which define
-	#	# CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY.
-	#	cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die
-	#	append-cppflags -I"${T}"
-	#fi
-
-	meson_src_configure
-}
-
-multilib_src_install_all() {
-	find "${ED}" -type f -name '*.la' -delete || die
-
-	fowners :shadow /sbin/unix_chkpwd
-	fperms g+s /sbin/unix_chkpwd
-
-	# tmpfiles.eclass is impossible to use because
-	# there is the pam -> tmpfiles -> systemd -> pam dependency loop
-	dodir /usr/lib/tmpfiles.d
-
-	cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_
-		d /run/faillock 0755 root root
-	_EOF_
-	use selinux && cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_
-		d /run/sepermit 0755 root root
-	_EOF_
-}
-
-pkg_postinst() {
-	if [[ -n ${ROOT} ]]; then
-		# Portage does not currently update the gid on installed files
-		# based on ${EROOT}/etc/group.
-		local gid=$(egetent group shadow | cut -d: -f3)
-		if [[ -n ${gid} ]]; then
-			chgrp "${gid}" "${EROOT}/sbin/unix_chkpwd" &&
-			chmod g+s "${EROOT}/sbin/unix_chkpwd"
-		fi
-	fi
-	ewarn "Some software with pre-loaded PAM libraries might experience"
-	ewarn "warnings or failures related to missing symbols and/or versions"
-	ewarn "after any update. While unfortunate this is a limit of the"
-	ewarn "implementation of PAM and the software, and it requires you to"
-	ewarn "restart the software manually after the update."
-	ewarn ""
-	ewarn "You can get a list of such software running a command like"
-	ewarn "  lsof / | grep -E -i 'del.*libpam\\.so'"
-	ewarn ""
-	ewarn "Alternatively, simply reboot your system."
-}