blob: 4c80313a2c4ac9764590a405db5b8b664e09e399 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
MY_P="Linux-${PN^^}-${PV}"
inherit autotools db-use fcaps toolchain-funcs usr-ldscript multilib-minimal
DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
HOMEPAGE="https://github.com/linux-pam/linux-pam"
SRC_URI="https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz
https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}-docs.tar.xz"
LICENSE="|| ( BSD GPL-2 )"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
IUSE="audit berkdb debug nis selinux"
BDEPEND="
dev-libs/libxslt
sys-devel/flex
sys-devel/gettext
virtual/pkgconfig
virtual/yacc
"
DEPEND="
virtual/libcrypt:=[${MULTILIB_USEDEP}]
>=virtual/libintl-0-r1[${MULTILIB_USEDEP}]
audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
nis? ( net-libs/libnsl:=[${MULTILIB_USEDEP}]
>=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}] )"
RDEPEND="${DEPEND}"
PDEPEND=">=sys-auth/pambase-20200616"
S="${WORKDIR}/${MY_P}"
src_prepare() {
default
touch ChangeLog || die
eautoreconf
}
multilib_src_configure() {
# Do not let user's BROWSER setting mess us up. #549684
unset BROWSER
# Disable automatic detection of libxcrypt; we _don't_ want the
# user to link libxcrypt in by default, since we won't track the
# dependency and allow to break PAM this way.
export ac_cv_header_xcrypt_h=no
local myconf=(
CC_FOR_BUILD="$(tc-getBUILD_CC)"
--with-db-uniquename=-$(db_findver sys-libs/db)
--with-xml-catalog=/etc/xml/catalog
--enable-securedir=/$(get_libdir)/security
--includedir=/usr/include/security
--libdir=/usr/$(get_libdir)
--enable-pie
--enable-unix
--disable-prelude
--disable-doc
--disable-regenerate-docu
--disable-static
--disable-Werror
$(use_enable audit)
$(use_enable berkdb db)
$(use_enable debug)
$(use_enable nis)
$(use_enable selinux)
--enable-isadir='.' #464016
)
ECONF_SOURCE="${S}" econf "${myconf[@]}"
}
multilib_src_compile() {
emake sepermitlockdir="/run/sepermit"
}
multilib_src_install() {
emake DESTDIR="${D}" install \
sepermitlockdir="/run/sepermit"
gen_usr_ldscript -a pam pam_misc pamc
}
multilib_src_install_all() {
find "${ED}" -type f -name '*.la' -delete || die
# tmpfiles.eclass is impossible to use because
# there is the pam -> tmpfiles -> systemd -> pam dependency loop
dodir /usr/lib/tmpfiles.d
cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_
d /run/faillock 0755 root root
_EOF_
use selinux && cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_
d /run/sepermit 0755 root root
_EOF_
local page
for page in doc/man/*.{3,5,8} modules/*/*.{5,8} ; do
doman ${page}
done
}
pkg_postinst() {
ewarn "Some software with pre-loaded PAM libraries might experience"
ewarn "warnings or failures related to missing symbols and/or versions"
ewarn "after any update. While unfortunate this is a limit of the"
ewarn "implementation of PAM and the software, and it requires you to"
ewarn "restart the software manually after the update."
ewarn ""
ewarn "You can get a list of such software running a command like"
ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
ewarn ""
ewarn "Alternatively, simply reboot your system."
# The pam_unix module needs to check the password of the user which requires
# read access to /etc/shadow only.
fcaps cap_dac_override sbin/unix_chkpwd
}
|
