sys-libs/pam: take new snapshot

Now pam_unix.so can be made optional

Closes: https://bugs.gentoo.org/705532
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>

2 files changed, 133 insertions, 0 deletions

diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
index 7dbfbf4a1a8b..7f7350868311 100644
--- a/sys-libs/pam/Manifest
+++ b/sys-libs/pam/Manifest
@@ -1,3 +1,4 @@
 DIST pam-1.4.0_p20200809-doc.tar.xz 42680 BLAKE2B e8371bd76b589db06ce95f2d10343be163aa5149f566f7d9bd5e9cd0340b95eecedb6a7d20d299fd2188c736fca3c69c0bd2f8eea4541dfd3312227c3dcf4e2d SHA512 5007aaa811b6321f124245493c6a4bc9ae07ab4ff651fc817843e8b4a74661c07418e2479363a72c35320f0f1cb469a2494c5d354dc819b920de7d1918e6ce5e
 DIST pam-4dd9b97b762cc73816cb867d49c9d0d0b91d642c.tar.gz 765455 BLAKE2B 8a8543b51c9fa877cd48d483d9af489df00376f92f26fea648d38a0ce3168702888a662e5d3c7423cce8a5d56896e84e4c1829e56d08fca8c3ab878b20945a7d SHA512 bdb236a47a5810449fb96546ff89d70dec185a215b0d047178a12e40945fde4ffdb801dbbd87ff95eead1bb7acb4748333a2d3383881d5de0dbd89ec5ceddd3f
 DIST pam-d5cb4409ab6b04a6ed7c00245e2c9a430f352b16.tar.gz 810548 BLAKE2B e061528fa57ba9fcb418422d368b7bb960b5f6eec3ed4b9e438be0ec4acdaf925af3322a334ced8c498e700b090ae37f5084f13d2bf8c6874d53c58f03548bc7 SHA512 3db1e13bc8a037b22e0ae1aac0311982877a2e2d33643ee32813025f9a9c727421f2fd6c442eba936e8043c59deb476daf78fda34fc7b6b95c015614751975f4
+DIST pam-e42e178c71c11bb25740a5177eed110ee17b8af2.tar.gz 810595 BLAKE2B 897f64a7f55c033601665b0ecc292cdcbd0d9b2f24199ed6ca5fc69c2da4da7401677493bed09a118b1fc0a475dc016fc7a3a318787c650212b056064ed0b817 SHA512 3c2bc401df51dbd4118698afc80a0448559bc6b5d8c7c45c800c2f6421034a131c0bee971f9640aec6b0d77f8a31ec055c7a84a646d9a11690dfda4af4e1068a
diff --git a/sys-libs/pam/pam-1.4.0_p20200829.ebuild b/sys-libs/pam/pam-1.4.0_p20200829.ebuild
new file mode 100644
index 000000000000..5dfee2448fa0
--- /dev/null
+++ b/sys-libs/pam/pam-1.4.0_p20200829.ebuild
@@ -0,0 +1,132 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools db-use fcaps toolchain-funcs usr-ldscript multilib-minimal
+
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+HOMEPAGE="https://github.com/linux-pam/linux-pam"
+
+COMMIT_HASH="e42e178c71c11bb25740a5177eed110ee17b8af2"
+SRC_URI="https://github.com/linux-pam/linux-pam/archive/${COMMIT_HASH}.tar.gz#/${PN}-${COMMIT_HASH}.tar.gz
+	https://dev.gentoo.org/~zlogene/distfiles/${CATEGORY}/${PN}-1.4.0_p20200809-doc.tar.xz"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="audit berkdb debug nis +pie selinux"
+
+BDEPEND="
+	dev-libs/libxslt
+	sys-devel/flex
+	sys-devel/gettext
+	virtual/pkgconfig
+"
+
+DEPEND="
+	virtual/libcrypt:=[${MULTILIB_USEDEP}]
+	>=virtual/libintl-0-r1[${MULTILIB_USEDEP}]
+	audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+	berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
+	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+	nis? ( net-libs/libnsl[${MULTILIB_USEDEP}]
+	>=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )"
+
+RDEPEND="${DEPEND}"
+
+PDEPEND=">=sys-auth/pambase-20200616"
+
+S="${WORKDIR}/linux-${PN}-${COMMIT_HASH}"
+
+src_prepare() {
+	default
+	touch ChangeLog || die
+	eautoreconf
+}
+
+multilib_src_configure() {
+	# Do not let user's BROWSER setting mess us up. #549684
+	unset BROWSER
+
+	# Disable automatic detection of libxcrypt; we _don't_ want the
+	# user to link libxcrypt in by default, since we won't track the
+	# dependency and allow to break PAM this way.
+
+	export ac_cv_header_xcrypt_h=no
+
+	local myconf=(
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		--with-db-uniquename=-$(db_findver sys-libs/db)
+		--with-xml-catalog="${EPREFIX}"/etc/xml/catalog
+		--enable-securedir="${EPREFIX}"/$(get_libdir)/security
+		--includedir="${EPREFIX}"/usr/include/security
+		--libdir="${EPREFIX}"/usr/$(get_libdir)
+		--exec-prefix="${EPREFIX}"
+		--enable-unix
+		--disable-prelude
+		--disable-cracklib
+		--disable-tally
+		--disable-tally2
+		--disable-doc
+		--disable-regenerate-docu
+		--disable-static
+		--disable-Werror
+		$(use_enable audit)
+		$(use_enable berkdb db)
+		$(use_enable debug)
+		$(use_enable nis)
+		$(use_enable pie)
+		$(use_enable selinux)
+		--enable-isadir='.' #464016
+		)
+	ECONF_SOURCE="${S}" econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+	emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install \
+		sepermitlockdir="${EPREFIX}/run/sepermit"
+
+	gen_usr_ldscript -a pam pam_misc pamc
+}
+
+multilib_src_install_all() {
+	find "${ED}" -type f -name '*.la' -delete || die
+
+	# tmpfiles.eclass is impossible to use because
+	# there is the pam -> tmpfiles -> systemd -> pam dependency loop
+
+	dodir /usr/lib/tmpfiles.d
+
+	cat ->>  "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_
+		d /run/faillock 0755 root root
+	_EOF_
+	use selinux && cat ->>  "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_
+		d /run/sepermit 0755 root root
+	_EOF_
+
+	for i in "${WORKDIR}"/${PN}-1.4.0_p20200809-doc/*; do
+		doman ${i}
+	done
+}
+
+pkg_postinst() {
+	ewarn "Some software with pre-loaded PAM libraries might experience"
+	ewarn "warnings or failures related to missing symbols and/or versions"
+	ewarn "after any update. While unfortunate this is a limit of the"
+	ewarn "implementation of PAM and the software, and it requires you to"
+	ewarn "restart the software manually after the update."
+	ewarn ""
+	ewarn "You can get a list of such software running a command like"
+	ewarn "  lsof / | egrep -i 'del.*libpam\\.so'"
+	ewarn ""
+	ewarn "Alternatively, simply reboot your system."
+
+	# The pam_unix module needs to check the password of the user which requires
+	# read access to /etc/shadow only.
+	fcaps cap_dac_override sbin/unix_chkpwd
+}