diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/pam/Manifest b/sdk_container/src/third_party/portage-stable/sys-libs/pam/Manifest index 3f78818310..1c528fb780 100644 --- a/sdk_container/src/third_party/portage-stable/sys-libs/pam/Manifest +++ b/sdk_container/src/third_party/portage-stable/sys-libs/pam/Manifest @@ -1,3 +1,5 @@ DIST Linux-PAM-1.7.1.tar.xz 510828 BLAKE2B 0a64d7dbf6bb7e3d2c36ea1f29c3217d3e43a1cc0ba8adf2ee8a117946a53bd26634ebd70ff3b99a72f7373df6694ee054dc7eddab04e43bbc8f5b0e9e56b3bc SHA512 0724c3636c10e2c7d98c9325bb9c20eb3e59b7cbc2f8fa7636b77af497524afe595b895386d7e6723fdb89247b94f6db6f179d552015ac78469beaa33e0413f0 DIST Linux-PAM-1.7.1.tar.xz.asc 801 BLAKE2B 566123f49e26862ffc2261db38e35914dd91175c9f66a4756b9a473808dfeda2a4dad25337afa5121ca68a2411a26249b0d40556a22385f4494d355d6c3b4047 SHA512 7d559895e7988ea815955a4788925597073f1a66204dc9f437de306e1b7a77f2f2a9f1bdb2827aba03444500c790fa03e4bba2c94a2089b23bdd6505f9c3601f +DIST Linux-PAM-1.7.2.tar.xz 511724 BLAKE2B d7ebfac4393af3f889fef973946f1e6d60f118f2e048448708c5fdf0ef7fa7780945cda3b0abf6e0e2e15bbc2dd23be52389efabd00647381b3bc971f1aadcd8 SHA512 b035c0abeb5afb6b3067341767ace6d68ded4c061870afff2ab9494713b1dc9d2ff0995a5d1f0852a49b6e8b2123a7cc2f40342e16c7863a58df3c102b9010c5 +DIST Linux-PAM-1.7.2.tar.xz.asc 833 BLAKE2B 86c4eb129af7afe8348eddf78d764c0658dd9597b62ed0657ea23cca80dd29a052cdef8f588abe3615a2a40062c210fe0c04cca29309dfb3dcb70d13be4ab8db SHA512 01f6e770e8a0eb60f76d95581f66c4eece6436ec8f2e5766e57a4240014ab43e5ad991fa7f77cfc4c57809a0e0c47ccf60118cb49dee790413cf824ebd80b879 DIST pam-1.7.0_p20241230.gh.tar.gz 719108 BLAKE2B c37daabae380ce75c630a0af1b9960676bc973c773025bc7f65ae87aebff4ca3b667e16ec9635c7677e8a00e6b26eb590f84b798529c3340cdc2c262e7e5649e SHA512 d9d53ddd420fe754c76303b99c37e5cc2eca3d4af9f64043f3f9e69c3abfc3c05d5a1efdbbdfb39ad46a301a0df7a18425d0e8c110c1d76bad3e62dfa97b61ef diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.0_p20241230-r3.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.0_p20241230-r3.ebuild index 9ebdadc2a4..1478d04ec1 100644 --- a/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.0_p20241230-r3.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.0_p20241230-r3.ebuild @@ -21,7 +21,7 @@ if [[ ${PV} == *_p* ]] ; then " S="${WORKDIR}"/linux-${PN}-${PAM_COMMIT} else - VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/strace.asc + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/pam.asc inherit verify-sig SRC_URI=" @@ -30,12 +30,12 @@ else " S="${WORKDIR}/${MY_P}" - BDEPEND="verify-sig? ( sec-keys/openpgp-keys-strace )" + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-pam )" fi LICENSE="|| ( BSD GPL-2 )" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" IUSE="audit berkdb elogind examples debug nis nls selinux systemd" REQUIRED_USE="?? ( elogind systemd )" diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.1-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.1-r1.ebuild index d580d7da9d..ecd11e989f 100644 --- a/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.1-r1.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.1-r1.ebuild @@ -21,7 +21,7 @@ if [[ ${PV} == *_p* ]] ; then " S="${WORKDIR}"/linux-${PN}-${PAM_COMMIT} else - VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/strace.asc + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/pam.asc inherit verify-sig SRC_URI=" @@ -30,12 +30,12 @@ else " S="${WORKDIR}/${MY_P}" - BDEPEND="verify-sig? ( sec-keys/openpgp-keys-strace )" + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-pam )" fi LICENSE="|| ( BSD GPL-2 )" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" IUSE="audit berkdb elogind examples debug nis nls selinux systemd" REQUIRED_USE="?? ( elogind systemd )" diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.1-r2.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.1-r2.ebuild index 9f36e29ce9..31fa45adc1 100644 --- a/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.1-r2.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.1-r2.ebuild @@ -21,7 +21,7 @@ if [[ ${PV} == *_p* ]] ; then " S="${WORKDIR}"/linux-${PN}-${PAM_COMMIT} else - VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/strace.asc + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/pam.asc inherit verify-sig SRC_URI=" @@ -30,12 +30,12 @@ else " S="${WORKDIR}/${MY_P}" - BDEPEND="verify-sig? ( sec-keys/openpgp-keys-strace )" + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-pam )" fi LICENSE="|| ( BSD GPL-2 )" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" IUSE="audit berkdb elogind examples debug nis nls selinux systemd" REQUIRED_USE="?? ( elogind systemd )" diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.2.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.2.ebuild new file mode 100644 index 0000000000..fc1b63c555 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/pam/pam-1.7.2.ebuild @@ -0,0 +1,198 @@ +# Copyright 1999-2026 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +MY_P="Linux-${PN^^}-${PV}" + +# Avoid QA warnings +# Can reconsider w/ EAPI 8 and IDEPEND, bug #810979 +TMPFILES_OPTIONAL=1 + +inherit db-use flag-o-matic meson-multilib user-info + +DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" +HOMEPAGE="https://github.com/linux-pam/linux-pam" + +if [[ ${PV} == *_p* ]] ; then + PAM_COMMIT="e634a3a9be9484ada6e93970dfaf0f055ca17332" + SRC_URI=" + https://github.com/linux-pam/linux-pam/archive/${PAM_COMMIT}.tar.gz -> ${P}.gh.tar.gz + " + S="${WORKDIR}"/linux-${PN}-${PAM_COMMIT} +else + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/pam.asc + inherit verify-sig + + SRC_URI=" + https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz + verify-sig? ( https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz.asc ) + " + S="${WORKDIR}/${MY_P}" + + BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-pam-20260122 )" +fi + +LICENSE="|| ( BSD GPL-2 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="audit berkdb elogind examples debug nis nls selinux systemd" +REQUIRED_USE="?? ( elogind systemd )" + +# meson.build specifically checks for bison and then byacc +# also requires xsltproc +BDEPEND+=" + acct-group/shadow + || ( sys-devel/bison dev-util/byacc ) + app-text/docbook-xsl-ns-stylesheets + dev-libs/libxslt + sys-devel/flex + virtual/pkgconfig + nls? ( sys-devel/gettext ) +" +DEPEND=" + virtual/libcrypt:=[${MULTILIB_USEDEP}] + >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] + audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) + berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) + !berkdb? ( sys-libs/gdbm:=[${MULTILIB_USEDEP}] ) + elogind? ( >=sys-auth/elogind-254 ) + selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) + systemd? ( >=sys-apps/systemd-254:= ) + nis? ( + net-libs/libnsl:=[${MULTILIB_USEDEP}] + >=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}] + ) +" +RDEPEND="${DEPEND} + acct-group/shadow +" +PDEPEND=">=sys-auth/pambase-20200616" + +src_configure() { + # meson.build sets -Wl,--fatal-warnings and with e.g. mold, we get: + # cannot assign version `global` to symbol `pam_sm_open_session`: symbol not found + append-ldflags $(test-flags-CCLD -Wl,--undefined-version) + + # Do not let user's BROWSER setting mess us up, bug #549684 + unset BROWSER + + meson-multilib_src_configure +} + +multilib_src_configure() { + local machine_file="${T}/meson.${CHOST}.${ABI}.ini.local" + # Workaround for docbook5 not being packaged (bug #913087#c4) + # It's only used for validation of output, so stub it out. + # Also, stub out elinks+w3m which are only used for an index. + cat >> "${machine_file}" <<-EOF || die + [binaries] + xmlcatalog='true' + xmllint='true' + elinks='true' + w3m='true' + EOF + + local emesonargs=( + --native-file "${machine_file}" + + $(meson_feature audit) + $(meson_native_use_bool examples) + $(meson_use debug pam-debug) + $(meson_feature nis) + $(meson_feature nls i18n) + $(meson_feature selinux) + + -Disadir='.' + -Dxml-catalog="${BROOT}"/etc/xml/catalog + -Dsbindir="${EPREFIX}"/sbin + -Dsecuredir="${EPREFIX}"/$(get_libdir)/security + -Ddocdir="${EPREFIX}"/usr/share/doc/${PF} + -Dhtmldir="${EPREFIX}"/usr/share/doc/${PF}/html + -Dpdfdir="${EPREFIX}"/usr/share/doc/${PF}/pdf + -Dvendordir="${EPREFIX}"/usr/share/pam + + $(meson_native_enabled docs) + + -Dpam_unix=enabled + + # TODO: wire this up now it's more useful as of 1.5.3 (bug #931117) + -Deconf=disabled + + # TODO: lastlog is enabled again for now by us as elogind support + # wasn't available at first. Even then, disabling lastlog will + # probably need a news item. + $(meson_native_use_feature systemd logind) + $(meson_native_use_feature elogind) + $(meson_feature !elibc_musl pam_lastlog) + ) + + if use berkdb; then + local dbver + dbver="$(db_findver sys-libs/db)" || die "could not find db version" + local -x CPPFLAGS="${CPPFLAGS} -I$(db_includedir "${dbver}")" + emesonargs+=( + -Ddb=db + -Ddb-uniquename="-${dbver}" + ) + else + emesonargs+=( + -Ddb=gdbm + ) + fi + + # This whole weird has_version libxcrypt block can go once + # musl systems have libxcrypt[system] if we ever make + # that mandatory. See bug #867991. + #if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then + # # Avoid picking up symbol-versioned compat symbol on musl systems + # export ac_cv_search_crypt_gensalt_rn=no + # + # # Need to avoid picking up the libxcrypt headers which define + # # CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY. + # cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die + # append-cppflags -I"${T}" + #fi + + meson_src_configure +} + +multilib_src_install_all() { + find "${ED}" -type f -name '*.la' -delete || die + + fowners :shadow /sbin/unix_chkpwd + fperms g+s /sbin/unix_chkpwd + + # tmpfiles.eclass is impossible to use because + # there is the pam -> tmpfiles -> systemd -> pam dependency loop + dodir /usr/lib/tmpfiles.d + + cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_ + d /run/faillock 0755 root root + _EOF_ + use selinux && cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_ + d /run/sepermit 0755 root root + _EOF_ +} + +pkg_postinst() { + if [[ -n ${ROOT} ]]; then + # Portage does not currently update the gid on installed files + # based on ${EROOT}/etc/group. + local gid=$(egetent group shadow | cut -d: -f3) + if [[ -n ${gid} ]]; then + chgrp "${gid}" "${EROOT}/sbin/unix_chkpwd" && + chmod g+s "${EROOT}/sbin/unix_chkpwd" + fi + fi + ewarn "Some software with pre-loaded PAM libraries might experience" + ewarn "warnings or failures related to missing symbols and/or versions" + ewarn "after any update. While unfortunate this is a limit of the" + ewarn "implementation of PAM and the software, and it requires you to" + ewarn "restart the software manually after the update." + ewarn "" + ewarn "You can get a list of such software running a command like" + ewarn " lsof / | grep -E -i 'del.*libpam\\.so'" + ewarn "" + ewarn "Alternatively, simply reboot your system." +}