summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-08-08 13:49:04 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2015-08-08 17:38:18 -0700
commit56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree3f91093cdb475e565ae857f1c5a7fd339e2d781e /sys-auth
downloadgentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'sys-auth')
-rw-r--r--sys-auth/bioapi/Manifest2
-rw-r--r--sys-auth/bioapi/bioapi-1.2.3-r2.ebuild79
-rw-r--r--sys-auth/bioapi/bioapi-1.2.4.ebuild77
-rw-r--r--sys-auth/bioapi/files/bioapi-1.2.3-build.patch42
-rw-r--r--sys-auth/bioapi/files/bioapi-1.2.3-enroll-ret.patch16
-rw-r--r--sys-auth/bioapi/files/bioapi-1.2.3-gcc44.patch12
-rw-r--r--sys-auth/bioapi/files/bioapi-1.2.3-no-delete.patch15
-rw-r--r--sys-auth/bioapi/files/bioapi-1.2.4-build.patch42
-rw-r--r--sys-auth/bioapi/metadata.xml11
-rw-r--r--sys-auth/consolekit/Manifest4
-rw-r--r--sys-auth/consolekit/consolekit-0.4.6.ebuild125
-rw-r--r--sys-auth/consolekit/consolekit-0.9.4.ebuild104
-rw-r--r--sys-auth/consolekit/consolekit-0.9.5.ebuild105
-rw-r--r--sys-auth/consolekit/consolekit-9999.ebuild111
-rw-r--r--sys-auth/consolekit/files/90-consolekit-332
-rw-r--r--sys-auth/consolekit/files/consolekit-0.2.rc26
-rw-r--r--sys-auth/consolekit/files/consolekit-0.4.5-polkit-automagic.patch30
-rw-r--r--sys-auth/consolekit/files/consolekit-cleanup_console_tags.patch67
-rw-r--r--sys-auth/consolekit/files/consolekit-shutdown-reboot-without-policies.patch26
-rw-r--r--sys-auth/consolekit/files/consolekit-udev-acl-install_to_usr.patch28
-rw-r--r--sys-auth/consolekit/files/pam-foreground-compat.ck17
-rw-r--r--sys-auth/consolekit/metadata.xml15
-rw-r--r--sys-auth/fingerprint-gui/Manifest3
-rw-r--r--sys-auth/fingerprint-gui/files/fingerprint-gui-1.04-unistd.patch70
-rw-r--r--sys-auth/fingerprint-gui/fingerprint-gui-1.05-r1.ebuild84
-rw-r--r--sys-auth/fingerprint-gui/fingerprint-gui-1.05.ebuild74
-rw-r--r--sys-auth/fingerprint-gui/fingerprint-gui-1.06.ebuild85
-rw-r--r--sys-auth/fingerprint-gui/fingerprint-gui-1.07.ebuild94
-rw-r--r--sys-auth/fingerprint-gui/metadata.xml12
-rw-r--r--sys-auth/fprint_demo/Manifest1
-rw-r--r--sys-auth/fprint_demo/fprint_demo-0.4.ebuild23
-rw-r--r--sys-auth/fprint_demo/metadata.xml11
-rw-r--r--sys-auth/fprintd/Manifest3
-rw-r--r--sys-auth/fprintd/fprintd-0.2.0-r1.ebuild68
-rw-r--r--sys-auth/fprintd/fprintd-0.4.1.ebuild68
-rw-r--r--sys-auth/fprintd/fprintd-0.5.0.ebuild64
-rw-r--r--sys-auth/fprintd/metadata.xml8
-rw-r--r--sys-auth/icmpdn/Manifest1
-rw-r--r--sys-auth/icmpdn/files/conf.d-icmpdnd15
-rw-r--r--sys-auth/icmpdn/files/init.d-icmpdnd27
-rw-r--r--sys-auth/icmpdn/icmpdn-0.4.ebuild39
-rw-r--r--sys-auth/icmpdn/metadata.xml7
-rw-r--r--sys-auth/keystone/Manifest2
-rw-r--r--sys-auth/keystone/files/keystone.confd3
-rw-r--r--sys-auth/keystone/files/keystone.initd17
-rw-r--r--sys-auth/keystone/keystone-2015.1.0.ebuild180
-rw-r--r--sys-auth/keystone/keystone-2015.1.1.ebuild184
-rw-r--r--sys-auth/keystone/keystone-2015.1.9999.ebuild185
-rw-r--r--sys-auth/keystone/metadata.xml20
-rw-r--r--sys-auth/libfprint/Manifest4
-rw-r--r--sys-auth/libfprint/files/libfprint-0.5.0-automake-1.13.patch24
-rw-r--r--sys-auth/libfprint/files/libfprint-0.5.0-support-147e_2020.patch48
-rw-r--r--sys-auth/libfprint/libfprint-0.4.0.ebuild52
-rw-r--r--sys-auth/libfprint/libfprint-0.5.0-r1.ebuild48
-rw-r--r--sys-auth/libfprint/libfprint-0.5.0.ebuild47
-rw-r--r--sys-auth/libfprint/libfprint-0.5.1-r1.ebuild48
-rw-r--r--sys-auth/libfprint/libfprint-0.5.1.ebuild46
-rw-r--r--sys-auth/libfprint/metadata.xml11
-rw-r--r--sys-auth/libnss-cache/Manifest3
-rw-r--r--sys-auth/libnss-cache/files/libnss-cache-0.1-r1-make-install.patch34
-rw-r--r--sys-auth/libnss-cache/files/libnss-cache-0.10-fix-shadow-test.patch12
-rw-r--r--sys-auth/libnss-cache/files/libnss-cache-0.10.1-make.patch49
-rw-r--r--sys-auth/libnss-cache/libnss-cache-0.1-r1.ebuild30
-rw-r--r--sys-auth/libnss-cache/libnss-cache-0.10.1.ebuild35
-rw-r--r--sys-auth/libnss-cache/libnss-cache-0.10.2.ebuild35
-rw-r--r--sys-auth/libnss-cache/metadata.xml15
-rw-r--r--sys-auth/libnss-mysql/Manifest1
-rw-r--r--sys-auth/libnss-mysql/files/libnss-mysql-1.5_p20060915-no-automagic-debug.diff14
-rw-r--r--sys-auth/libnss-mysql/libnss-mysql-1.5_p20060915-r2.ebuild50
-rw-r--r--sys-auth/libnss-mysql/libnss-mysql-1.5_p20060915-r3.ebuild52
-rw-r--r--sys-auth/libnss-mysql/metadata.xml6
-rw-r--r--sys-auth/libnss-pgsql/Manifest2
-rw-r--r--sys-auth/libnss-pgsql/files/libnss-pgsql-1.4.0-gentoo.patch12
-rw-r--r--sys-auth/libnss-pgsql/files/libnss-pgsql-1.4.0-schema.patch22
-rw-r--r--sys-auth/libnss-pgsql/files/libnss-pgsql-1.5.0_beta-gentoo.patch44
-rw-r--r--sys-auth/libnss-pgsql/libnss-pgsql-1.4.0.ebuild55
-rw-r--r--sys-auth/libnss-pgsql/libnss-pgsql-1.5.0_beta.ebuild54
-rw-r--r--sys-auth/libnss-pgsql/metadata.xml5
-rw-r--r--sys-auth/libyubikey/Manifest2
-rw-r--r--sys-auth/libyubikey/libyubikey-1.12.ebuild19
-rw-r--r--sys-auth/libyubikey/libyubikey-1.13.ebuild19
-rw-r--r--sys-auth/libyubikey/metadata.xml19
-rw-r--r--sys-auth/metadata.xml44
-rw-r--r--sys-auth/munge/Manifest2
-rw-r--r--sys-auth/munge/files/fixed-recursive-use-of-make-in-makefiles.patch134
-rw-r--r--sys-auth/munge/files/munged.confd13
-rw-r--r--sys-auth/munge/files/munged.initd44
-rw-r--r--sys-auth/munge/metadata.xml23
-rw-r--r--sys-auth/munge/munge-0.5.10-r1.ebuild62
-rw-r--r--sys-auth/munge/munge-0.5.11.ebuild63
-rw-r--r--sys-auth/nss-mdns/Manifest1
-rw-r--r--sys-auth/nss-mdns/files/mdns.allow3
-rw-r--r--sys-auth/nss-mdns/files/nss-mdns-0.10-avahi-socket.patch10
-rw-r--r--sys-auth/nss-mdns/metadata.xml17
-rw-r--r--sys-auth/nss-mdns/nss-mdns-0.10-r2.ebuild62
-rw-r--r--sys-auth/nss-myhostname/Manifest1
-rw-r--r--sys-auth/nss-myhostname/metadata.xml19
-rw-r--r--sys-auth/nss-myhostname/nss-myhostname-0.3.ebuild39
-rw-r--r--sys-auth/nss-pam-ldapd/Manifest2
-rw-r--r--sys-auth/nss-pam-ldapd/files/nslcd-init37
-rw-r--r--sys-auth/nss-pam-ldapd/files/nslcd-init-r137
-rw-r--r--sys-auth/nss-pam-ldapd/files/nslcd-init-r229
-rw-r--r--sys-auth/nss-pam-ldapd/files/nslcd-init-s60
-rw-r--r--sys-auth/nss-pam-ldapd/files/nslcd-run-s63
-rw-r--r--sys-auth/nss-pam-ldapd/files/nslcd-tmpfiles.conf1
-rw-r--r--sys-auth/nss-pam-ldapd/files/nslcd.rc35
-rw-r--r--sys-auth/nss-pam-ldapd/files/nslcd.service14
-rw-r--r--sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.4-disable-py3-only-linters.patch13
-rw-r--r--sys-auth/nss-pam-ldapd/metadata.xml26
-rw-r--r--sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.8.14-r2.ebuild87
-rw-r--r--sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.6.ebuild129
-rw-r--r--sys-auth/nss_ldap/Manifest6
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch42
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-249-sasl-compile.patch11
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-252-reconnect-timeouts.patch65
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_skipmembers.patch226
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-254-soname.patch12
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch92
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-257.2-gssapi-headers.patch65
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-264-disable-automagic.patch109
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-265-fbsd.patch432
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-265-installdir.patch35
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-265-missing-entries-oneshot.patch101
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-265-pthread.patch481
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-265-reconnect-timeouts.patch57
-rw-r--r--sys-auth/nss_ldap/files/nsswitch.ldap.diff15
-rw-r--r--sys-auth/nss_ldap/metadata.xml15
-rw-r--r--sys-auth/nss_ldap/nss_ldap-258.ebuild80
-rw-r--r--sys-auth/nss_ldap/nss_ldap-259.ebuild80
-rw-r--r--sys-auth/nss_ldap/nss_ldap-261.ebuild84
-rw-r--r--sys-auth/nss_ldap/nss_ldap-262.ebuild84
-rw-r--r--sys-auth/nss_ldap/nss_ldap-264-r1.ebuild102
-rw-r--r--sys-auth/nss_ldap/nss_ldap-264.ebuild99
-rw-r--r--sys-auth/nss_ldap/nss_ldap-265-r1.ebuild114
-rw-r--r--sys-auth/nss_ldap/nss_ldap-265-r2.ebuild122
-rw-r--r--sys-auth/nss_ldap/nss_ldap-265-r4.ebuild141
-rw-r--r--sys-auth/nss_ldap/nss_ldap-265-r5.ebuild149
-rw-r--r--sys-auth/nss_ldap/nss_ldap-265.ebuild106
-rw-r--r--sys-auth/oath-toolkit/Manifest1
-rw-r--r--sys-auth/oath-toolkit/metadata.xml15
-rw-r--r--sys-auth/oath-toolkit/oath-toolkit-2.4.1.ebuild55
-rw-r--r--sys-auth/openpam/Manifest1
-rw-r--r--sys-auth/openpam/files/openpam-20130907-gentoo.patch149
-rw-r--r--sys-auth/openpam/files/openpam-20130907-module-dir.patch15
-rw-r--r--sys-auth/openpam/files/openpam-20130907-nbsd.patch12
-rw-r--r--sys-auth/openpam/metadata.xml8
-rw-r--r--sys-auth/openpam/openpam-20140912.ebuild50
-rw-r--r--sys-auth/otpcalc/Manifest1
-rw-r--r--sys-auth/otpcalc/files/otpcalc-0.97-badindex.diff13
-rw-r--r--sys-auth/otpcalc/files/otpcalc-0.97-gtk-deprecated.patch261
-rw-r--r--sys-auth/otpcalc/files/otpcalc-0.97-gtk2-gentoo.patch72
-rw-r--r--sys-auth/otpcalc/files/otpcalc-0.97-sha1-byteorder.patch53
-rw-r--r--sys-auth/otpcalc/files/otpcalc-0.97-skey-md5.patch24
-rw-r--r--sys-auth/otpcalc/files/otpcalc-crypto-proto.diff13
-rw-r--r--sys-auth/otpcalc/files/otpcalc-man-table-format.diff35
-rw-r--r--sys-auth/otpcalc/files/otpcalc.desktop8
-rw-r--r--sys-auth/otpcalc/metadata.xml11
-rw-r--r--sys-auth/otpcalc/otpcalc-0.97-r6.ebuild54
-rw-r--r--sys-auth/pam-afs-session/Manifest3
-rw-r--r--sys-auth/pam-afs-session/metadata.xml5
-rw-r--r--sys-auth/pam-afs-session/pam-afs-session-1.3.ebuild28
-rw-r--r--sys-auth/pam-afs-session/pam-afs-session-1.5.ebuild28
-rw-r--r--sys-auth/pam-afs-session/pam-afs-session-1.6.ebuild28
-rw-r--r--sys-auth/pam-csync/Manifest1
-rw-r--r--sys-auth/pam-csync/files/pam-csync-0.42.0-cmake.patch25
-rw-r--r--sys-auth/pam-csync/files/pam-csync-0.42.0-ocsync.patch33
-rw-r--r--sys-auth/pam-csync/metadata.xml7
-rw-r--r--sys-auth/pam-csync/pam-csync-0.42.0-r1.ebuild32
-rw-r--r--sys-auth/pam-pgsql/Manifest2
-rw-r--r--sys-auth/pam-pgsql/metadata.xml11
-rw-r--r--sys-auth/pam-pgsql/pam-pgsql-0.7.3.1.ebuild51
-rw-r--r--sys-auth/pam-pgsql/pam-pgsql-0.7.3.ebuild51
-rw-r--r--sys-auth/pam-script/Manifest2
-rw-r--r--sys-auth/pam-script/metadata.xml11
-rw-r--r--sys-auth/pam-script/pam-script-1.1.6.ebuild37
-rw-r--r--sys-auth/pam-script/pam-script-1.1.7.ebuild37
-rw-r--r--sys-auth/pam_abl/Manifest3
-rw-r--r--sys-auth/pam_abl/metadata.xml23
-rw-r--r--sys-auth/pam_abl/pam_abl-0.4.1.ebuild48
-rw-r--r--sys-auth/pam_abl/pam_abl-0.5.0.ebuild44
-rw-r--r--sys-auth/pam_abl/pam_abl-0.6.0.ebuild51
-rw-r--r--sys-auth/pam_bioapi/Manifest1
-rw-r--r--sys-auth/pam_bioapi/files/pam_bioapi-0.4.0-headers.patch27
-rw-r--r--sys-auth/pam_bioapi/metadata.xml11
-rw-r--r--sys-auth/pam_bioapi/pam_bioapi-0.4.0-r1.ebuild47
-rw-r--r--sys-auth/pam_bioapi/pam_bioapi-0.4.0.ebuild41
-rw-r--r--sys-auth/pam_blue/Manifest1
-rw-r--r--sys-auth/pam_blue/files/pam_blue-0.9.0-bad-log.patch11
-rw-r--r--sys-auth/pam_blue/files/pam_blue-0.9.0-char-locales.patch17
-rw-r--r--sys-auth/pam_blue/metadata.xml13
-rw-r--r--sys-auth/pam_blue/pam_blue-0.9.0-r1.ebuild48
-rw-r--r--sys-auth/pam_blue/pam_blue-0.9.0.ebuild46
-rw-r--r--sys-auth/pam_chroot/Manifest1
-rw-r--r--sys-auth/pam_chroot/metadata.xml8
-rw-r--r--sys-auth/pam_chroot/pam_chroot-0.9.2.ebuild36
-rw-r--r--sys-auth/pam_dotfile/Manifest2
-rw-r--r--sys-auth/pam_dotfile/files/pam_dotfile-0.7-gentoo.patch157
-rw-r--r--sys-auth/pam_dotfile/metadata.xml11
-rw-r--r--sys-auth/pam_dotfile/pam_dotfile-0.7-r1.ebuild53
-rw-r--r--sys-auth/pam_dotfile/pam_dotfile-0.7-r2.ebuild46
-rw-r--r--sys-auth/pam_fprint/Manifest1
-rw-r--r--sys-auth/pam_fprint/files/pam_fprint-0.2-headers.patch12
-rw-r--r--sys-auth/pam_fprint/metadata.xml11
-rw-r--r--sys-auth/pam_fprint/pam_fprint-0.2-r1.ebuild31
-rw-r--r--sys-auth/pam_keystore/Manifest1
-rw-r--r--sys-auth/pam_keystore/metadata.xml5
-rw-r--r--sys-auth/pam_keystore/pam_keystore-0.1.3.ebuild32
-rw-r--r--sys-auth/pam_krb5/Manifest2
-rw-r--r--sys-auth/pam_krb5/metadata.xml12
-rw-r--r--sys-auth/pam_krb5/pam_krb5-4.6.ebuild35
-rw-r--r--sys-auth/pam_krb5/pam_krb5-4.7.ebuild34
-rw-r--r--sys-auth/pam_ldap/Manifest3
-rw-r--r--sys-auth/pam_ldap/metadata.xml8
-rw-r--r--sys-auth/pam_ldap/pam_ldap-183.ebuild42
-rw-r--r--sys-auth/pam_ldap/pam_ldap-184.ebuild42
-rw-r--r--sys-auth/pam_ldap/pam_ldap-186-r1.ebuild54
-rw-r--r--sys-auth/pam_ldap/pam_ldap-186.ebuild40
-rw-r--r--sys-auth/pam_mktemp/Manifest1
-rw-r--r--sys-auth/pam_mktemp/files/pam_mktemp-1.1.1-e2fsprogs-libs.patch49
-rw-r--r--sys-auth/pam_mktemp/metadata.xml11
-rw-r--r--sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild47
-rw-r--r--sys-auth/pam_mount/Manifest2
-rw-r--r--sys-auth/pam_mount/metadata.xml14
-rw-r--r--sys-auth/pam_mount/pam_mount-2.14.ebuild42
-rw-r--r--sys-auth/pam_mount/pam_mount-2.15.ebuild41
-rw-r--r--sys-auth/pam_mysql/Manifest1
-rw-r--r--sys-auth/pam_mysql/files/pam_mysql-0.7_rc1-link-to-pam.diff9
-rw-r--r--sys-auth/pam_mysql/files/pam_mysql-0.7_rc1-memleak.diff10
-rw-r--r--sys-auth/pam_mysql/metadata.xml11
-rw-r--r--sys-auth/pam_mysql/pam_mysql-0.7_rc1-r4.ebuild39
-rw-r--r--sys-auth/pam_mysql/pam_mysql-0.7_rc1-r5.ebuild46
-rw-r--r--sys-auth/pam_p11/Manifest1
-rw-r--r--sys-auth/pam_p11/files/pam_symbols.ver4
-rw-r--r--sys-auth/pam_p11/metadata.xml10
-rw-r--r--sys-auth/pam_p11/pam_p11-0.1.5-r1.ebuild43
-rw-r--r--sys-auth/pam_passwdqc/Manifest2
-rw-r--r--sys-auth/pam_passwdqc/files/pam_passwdqc-1.0.4-makefile.patch44
-rw-r--r--sys-auth/pam_passwdqc/files/pam_passwdqc-1.0.5-makefile.patch35
-rw-r--r--sys-auth/pam_passwdqc/metadata.xml14
-rw-r--r--sys-auth/pam_passwdqc/pam_passwdqc-1.0.4.ebuild47
-rw-r--r--sys-auth/pam_passwdqc/pam_passwdqc-1.0.5.ebuild47
-rw-r--r--sys-auth/pam_passwdqc/pam_passwdqc-1.3.0.ebuild15
-rw-r--r--sys-auth/pam_pkcs11/Manifest1
-rw-r--r--sys-auth/pam_pkcs11/metadata.xml20
-rw-r--r--sys-auth/pam_pkcs11/pam_pkcs11-0.6.8.ebuild107
-rw-r--r--sys-auth/pam_radius/Manifest1
-rw-r--r--sys-auth/pam_radius/files/pam_radius-1.3.17-gentoo.patch27
-rw-r--r--sys-auth/pam_radius/files/server23
-rw-r--r--sys-auth/pam_radius/metadata.xml10
-rw-r--r--sys-auth/pam_radius/pam_radius-1.3.17-r1.ebuild51
-rw-r--r--sys-auth/pam_require/Manifest1
-rw-r--r--sys-auth/pam_require/metadata.xml7
-rw-r--r--sys-auth/pam_require/pam_require-0.7.ebuild28
-rw-r--r--sys-auth/pam_skey/Manifest2
-rw-r--r--sys-auth/pam_skey/metadata.xml11
-rw-r--r--sys-auth/pam_skey/pam_skey-1.1.5-r5.ebuild56
-rw-r--r--sys-auth/pam_smb/Manifest1
-rw-r--r--sys-auth/pam_smb/files/10-pam_smb-bash-3.1.patch12
-rw-r--r--sys-auth/pam_smb/files/pamsmbd-init20
-rw-r--r--sys-auth/pam_smb/metadata.xml14
-rw-r--r--sys-auth/pam_smb/pam_smb-2.0.0_rc6-r1.ebuild52
-rw-r--r--sys-auth/pam_smb/pam_smb-2.0.0_rc6-r2.ebuild51
-rw-r--r--sys-auth/pam_ssh/Manifest3
-rw-r--r--sys-auth/pam_ssh/files/pam_ssh-1.97-EOF.patch11
-rw-r--r--sys-auth/pam_ssh/files/pam_ssh-1.97-doublefree.patch20
-rw-r--r--sys-auth/pam_ssh/files/pam_ssh-2.1-dot-ssh-check.patch22
-rw-r--r--sys-auth/pam_ssh/files/pam_symbols.ver4
-rw-r--r--sys-auth/pam_ssh/metadata.xml11
-rw-r--r--sys-auth/pam_ssh/pam_ssh-1.97-r1.ebuild46
-rw-r--r--sys-auth/pam_ssh/pam_ssh-1.97-r2.ebuild52
-rw-r--r--sys-auth/pam_ssh/pam_ssh-1.97-r3.ebuild53
-rw-r--r--sys-auth/pam_ssh/pam_ssh-1.98.ebuild46
-rw-r--r--sys-auth/pam_ssh/pam_ssh-2.1.ebuild61
-rw-r--r--sys-auth/pam_ssh_agent_auth/Manifest4
-rw-r--r--sys-auth/pam_ssh_agent_auth/files/pam_ssh_agent_auth-0.9.2-libs.patch24
-rw-r--r--sys-auth/pam_ssh_agent_auth/metadata.xml11
-rw-r--r--sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.10.2.ebuild42
-rw-r--r--sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.9.2.ebuild47
-rw-r--r--sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.9.3.ebuild48
-rw-r--r--sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.9.4.ebuild44
-rw-r--r--sys-auth/pam_usb/Manifest1
-rw-r--r--sys-auth/pam_usb/files/pam_usb-0.5.0-openpam.patch16
-rw-r--r--sys-auth/pam_usb/metadata.xml14
-rw-r--r--sys-auth/pam_usb/pam_usb-0.5.0.ebuild53
-rw-r--r--sys-auth/pam_yubico/Manifest2
-rw-r--r--sys-auth/pam_yubico/files/2.11-drop_privs.patch14
-rw-r--r--sys-auth/pam_yubico/metadata.xml13
-rw-r--r--sys-auth/pam_yubico/pam_yubico-2.17-r1.ebuild45
-rw-r--r--sys-auth/pam_yubico/pam_yubico-2.19-r1.ebuild41
-rw-r--r--sys-auth/pambase/Manifest4
-rw-r--r--sys-auth/pambase/files/pambase-20120417-lastlog-silent.patch20
-rw-r--r--sys-auth/pambase/files/pambase-20120417-systemd-auth.patch26
-rw-r--r--sys-auth/pambase/files/pambase-20120417-systemd.patch29
-rw-r--r--sys-auth/pambase/files/pambase-20150213-selinux-note.patch11
-rw-r--r--sys-auth/pambase/metadata.xml93
-rw-r--r--sys-auth/pambase/pambase-20101024-r2.ebuild97
-rw-r--r--sys-auth/pambase/pambase-20120417-r3.ebuild113
-rw-r--r--sys-auth/pambase/pambase-20140313.ebuild94
-rw-r--r--sys-auth/pambase/pambase-20150213.ebuild100
-rw-r--r--sys-auth/passwdqc/Manifest1
-rw-r--r--sys-auth/passwdqc/files/passwdqc-1.3.0-build.patch58
-rw-r--r--sys-auth/passwdqc/metadata.xml17
-rw-r--r--sys-auth/passwdqc/passwdqc-1.3.0.ebuild65
-rw-r--r--sys-auth/polkit-kde-agent/Manifest1
-rw-r--r--sys-auth/polkit-kde-agent/metadata.xml8
-rw-r--r--sys-auth/polkit-kde-agent/polkit-kde-agent-0.99.1-r1.ebuild44
-rw-r--r--sys-auth/polkit-pkla-compat/Manifest1
-rw-r--r--sys-auth/polkit-pkla-compat/metadata.xml8
-rw-r--r--sys-auth/polkit-pkla-compat/polkit-pkla-compat-0.1.ebuild32
-rw-r--r--sys-auth/polkit-qt/Manifest1
-rw-r--r--sys-auth/polkit-qt/metadata.xml5
-rw-r--r--sys-auth/polkit-qt/polkit-qt-0.112.0-r1.ebuild79
-rw-r--r--sys-auth/polkit/Manifest2
-rw-r--r--sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch106
-rw-r--r--sys-auth/polkit/metadata.xml11
-rw-r--r--sys-auth/polkit/polkit-0.112-r2.ebuild121
-rw-r--r--sys-auth/polkit/polkit-0.112-r3.ebuild122
-rw-r--r--sys-auth/polkit/polkit-0.113.ebuild115
-rw-r--r--sys-auth/realtime-base/metadata.xml5
-rw-r--r--sys-auth/realtime-base/realtime-base-0.1.ebuild50
-rw-r--r--sys-auth/rtkit/Manifest1
-rw-r--r--sys-auth/rtkit/files/rtkit-0.11-controlgroup.patch14
-rw-r--r--sys-auth/rtkit/files/rtkit-0.11-gettime.patch21
-rw-r--r--sys-auth/rtkit/files/rtkit-0.11-polkit.patch36
-rw-r--r--sys-auth/rtkit/metadata.xml12
-rw-r--r--sys-auth/rtkit/rtkit-0.11-r1.ebuild49
-rw-r--r--sys-auth/skey/Manifest3
-rw-r--r--sys-auth/skey/metadata.xml29
-rw-r--r--sys-auth/skey/skey-1.1.5-r8.ebuild81
-rw-r--r--sys-auth/skey/skey-1.1.5-r9.ebuild82
-rw-r--r--sys-auth/sssd/Manifest6
-rw-r--r--sys-auth/sssd/files/0001_add_pthread_to_fix_as-needed.patch36
-rw-r--r--sys-auth/sssd/files/0002_allow_xdm_openrc.patch19
-rw-r--r--sys-auth/sssd/files/0003_new_krb5.patch46
-rw-r--r--sys-auth/sssd/files/allow_xdm.patch19
-rw-r--r--sys-auth/sssd/files/sssd21
-rw-r--r--sys-auth/sssd/files/sssd-1.13.0-fix-init.patch28
-rw-r--r--sys-auth/sssd/files/sssd-1.9.6-fix-init.patch31
-rw-r--r--sys-auth/sssd/files/sssd.conf4
-rw-r--r--sys-auth/sssd/files/sssd.service15
-rw-r--r--sys-auth/sssd/metadata.xml19
-rw-r--r--sys-auth/sssd/sssd-1.12.1.ebuild137
-rw-r--r--sys-auth/sssd/sssd-1.12.4.ebuild205
-rw-r--r--sys-auth/sssd/sssd-1.12.5.ebuild205
-rw-r--r--sys-auth/sssd/sssd-1.13.0.ebuild216
-rw-r--r--sys-auth/sssd/sssd-1.9.6-r3.ebuild133
-rw-r--r--sys-auth/sssd/sssd-1.9.7.ebuild133
-rw-r--r--sys-auth/tfm-fingerprint/Manifest1
-rw-r--r--sys-auth/tfm-fingerprint/files/tfmessbsp.cfg4
-rw-r--r--sys-auth/tfm-fingerprint/metadata.xml8
-rw-r--r--sys-auth/tfm-fingerprint/tfm-fingerprint-1.0.ebuild47
-rw-r--r--sys-auth/thinkfinger/Manifest1
-rw-r--r--sys-auth/thinkfinger/files/0.3-carriagereturn.patch10
-rw-r--r--sys-auth/thinkfinger/files/0.3-direct_set_config_usb_hello.patch31
-rw-r--r--sys-auth/thinkfinger/files/0.3-send-sync-event.patch50
-rw-r--r--sys-auth/thinkfinger/files/0.3-strip-strip.patch24
-rw-r--r--sys-auth/thinkfinger/files/0.3-tftoolgroup.patch64
-rw-r--r--sys-auth/thinkfinger/files/60-thinkfinger.rules5
-rw-r--r--sys-auth/thinkfinger/metadata.xml18
-rw-r--r--sys-auth/thinkfinger/thinkfinger-0.3-r3.ebuild80
-rw-r--r--sys-auth/ykclient/Manifest2
-rw-r--r--sys-auth/ykclient/metadata.xml19
-rw-r--r--sys-auth/ykclient/ykclient-2.13.ebuild22
-rw-r--r--sys-auth/ykclient/ykclient-2.14.ebuild22
-rw-r--r--sys-auth/ykneo-ccid-tools/Manifest1
-rw-r--r--sys-auth/ykneo-ccid-tools/files/ykneo-ccid-tools-0.0.0-string.patch11
-rw-r--r--sys-auth/ykneo-ccid-tools/metadata.xml12
-rw-r--r--sys-auth/ykneo-ccid-tools/ykneo-ccid-tools-0.0.0.ebuild27
-rw-r--r--sys-auth/ykpers/Manifest2
-rw-r--r--sys-auth/ykpers/metadata.xml25
-rw-r--r--sys-auth/ykpers/ykpers-1.16.2.ebuild31
-rw-r--r--sys-auth/ykpers/ykpers-1.17.1.ebuild31
-rw-r--r--sys-auth/yubikey-personalization-gui/Manifest2
-rw-r--r--sys-auth/yubikey-personalization-gui/metadata.xml12
-rw-r--r--sys-auth/yubikey-personalization-gui/yubikey-personalization-gui-3.1.18.ebuild41
-rw-r--r--sys-auth/yubikey-personalization-gui/yubikey-personalization-gui-3.1.20.ebuild41
376 files changed, 14992 insertions, 0 deletions
diff --git a/sys-auth/bioapi/Manifest b/sys-auth/bioapi/Manifest
new file mode 100644
index 00000000000..35e1927dc61
--- /dev/null
+++ b/sys-auth/bioapi/Manifest
@@ -0,0 +1,2 @@
+DIST bioapi_1.2.3.tar.gz 1634237 SHA256 c780c0d2e0c676be50de8ff537653580dd5b27fe1478846d22a017e52c6b6c2e SHA512 683da884a5cf6d72b577f7c1f642930c152c43c7acad3c678a3571acf3f66e0a7e112fccde06d9a7535a186bcb56a96acfb5e1c405b1d931be9f252be1b01649 WHIRLPOOL 9162097a90ce089ab9864034dae434fc55c593c33f8d618c6f1e62f3202a7e3294680df992b684df507705c26e7fb897e85a95552c12fc545ab6ba06df445970
+DIST bioapi_1.2.4.tar.gz 953136 SHA256 ec39d82deaacdd3dea676bdfcce69d34cbb745580735b59b44c542a6de35008d SHA512 99c67fea34b73291dcaeb1590fac88b3196d3ca65f788b92d0afd6ba85036b2d85397e3faa66b872a68bffaeb7c2bf5c731306bf02a25a435ef06cea18da746f WHIRLPOOL 08526484cb6240f45e48ca894602c4706319d4ac7297592740836e48ff4794a2f12fee165eb358732b0d31d1619d7f3743aa55d32ba6d79b405a553e0992b517
diff --git a/sys-auth/bioapi/bioapi-1.2.3-r2.ebuild b/sys-auth/bioapi/bioapi-1.2.3-r2.ebuild
new file mode 100644
index 00000000000..ea07a7e42a3
--- /dev/null
+++ b/sys-auth/bioapi/bioapi-1.2.3-r2.ebuild
@@ -0,0 +1,79 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="2"
+
+inherit eutils multilib user
+
+DESCRIPTION="Framework for biometric-based authentication"
+HOMEPAGE="http://code.google.com/p/bioapi-linux/"
+SRC_URI="http://bioapi-linux.googlecode.com/files/${PN}_${PV}.tar.gz"
+
+LICENSE="bioapi"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE=""
+
+S=${WORKDIR}/bioapi-linux
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-enroll-ret.patch #236654
+ epatch "${FILESDIR}"/${P}-no-delete.patch
+ epatch "${FILESDIR}"/${P}-gcc44.patch
+ epatch "${FILESDIR}"/${P}-build.patch #336107
+ rm -f config.{guess,sub} #337805
+ touch config.{guess,sub}
+}
+
+src_configure() {
+ econf --without-Qt-dir
+}
+
+src_install() {
+ emake SKIPCONFIG=true DESTDIR="${D}" install || die
+ dodoc README
+ dohtml *.htm
+
+ # rename generic binaries
+ mv "${D}"/usr/bin/{,BioAPI}Sample || die
+}
+
+pkg_config() {
+ mds_install -s /usr/$(get_libdir)
+ mod_install -fi /usr/$(get_libdir)/libbioapi100.so
+ mod_install -fi /usr/$(get_libdir)/libbioapi_dummy100.so
+ mod_install -fi /usr/$(get_libdir)/libpwbsp.so
+}
+
+pkg_preinst() {
+ if [[ -e ${ROOT}/var/bioapi ]] && [[ ! -e ${ROOT}/var/lib/bioapi ]] ; then
+ einfo "Moving /var/bioapi to /var/lib/bioapi"
+ dodir /var/lib
+ mv "${ROOT}"/var/bioapi "${ROOT}"/var/lib/bioapi
+ fi
+}
+
+pkg_postinst() {
+ einfo "Some generic-named programs have been renamed:"
+ einfo " Sample -> BioAPISample"
+
+ if [[ ${ROOT} == "/" ]] ; then
+ pkg_config
+ else
+ ewarn "You will need to run 'emerge --config bioapi' before"
+ ewarn " you can use bioapi properly."
+ fi
+
+ # XXX: this can't be correct ...
+ enewgroup bioapi
+ chgrp bioapi "${ROOT}"/var/lib/bioapi -R
+ chmod g+w,o= "${ROOT}"/var/lib/bioapi -R
+ einfo "Note: users using bioapi must be in group bioapi."
+}
+
+pkg_prerm() {
+ mod_install -fu libbioapi100.so
+ mod_install -fu libbioapi_dummy100.so
+ mod_install -fu libpwbsp.so
+}
diff --git a/sys-auth/bioapi/bioapi-1.2.4.ebuild b/sys-auth/bioapi/bioapi-1.2.4.ebuild
new file mode 100644
index 00000000000..4f2087063cc
--- /dev/null
+++ b/sys-auth/bioapi/bioapi-1.2.4.ebuild
@@ -0,0 +1,77 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+inherit eutils multilib user
+
+DESCRIPTION="Framework for biometric-based authentication"
+HOMEPAGE="http://code.google.com/p/bioapi-linux/"
+SRC_URI="http://bioapi-linux.googlecode.com/files/${PN}_${PV}.tar.gz"
+
+LICENSE="bioapi"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE="static-libs"
+
+S=${WORKDIR}/bioapi-linux
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-1.2.3-no-delete.patch
+ epatch "${FILESDIR}"/${PN}-1.2.4-build.patch #336107
+}
+
+src_configure() {
+ econf \
+ $(use_enable static-libs static) \
+ --without-Qt-dir
+}
+
+src_install() {
+ SKIPCONFIG=true default
+ use static-libs || find "${ED}" -name '*.la' -delete
+ dohtml *.htm
+
+ # rename generic binaries
+ mv "${D}"/usr/bin/{,BioAPI}Sample || die
+}
+
+pkg_config() {
+ mds_install -s /usr/$(get_libdir)
+ mod_install -fi /usr/$(get_libdir)/libbioapi100.so
+ mod_install -fi /usr/$(get_libdir)/libbioapi_dummy100.so
+ mod_install -fi /usr/$(get_libdir)/libpwbsp.so
+}
+
+pkg_preinst() {
+ if [[ -e ${EROOT}/var/bioapi ]] && [[ ! -e ${EROOT}/var/lib/bioapi ]] ; then
+ einfo "Moving /var/bioapi to /var/lib/bioapi"
+ dodir /var/lib
+ mv "${ROOT}"/var/bioapi "${ROOT}"/var/lib/bioapi
+ fi
+}
+
+pkg_postinst() {
+ einfo "Some generic-named programs have been renamed:"
+ einfo " Sample -> BioAPISample"
+
+ if [[ ${EROOT} == "/" ]] ; then
+ pkg_config
+ else
+ ewarn "You will need to run 'emerge --config bioapi' before"
+ ewarn " you can use bioapi properly."
+ fi
+
+ # XXX: this can't be correct ...
+ enewgroup bioapi
+ chgrp bioapi "${EROOT}"/var/lib/bioapi -R
+ chmod g+w,o= "${EROOT}"/var/lib/bioapi -R
+ einfo "Note: users using bioapi must be in group bioapi."
+}
+
+pkg_prerm() {
+ mod_install -fu libbioapi100.so
+ mod_install -fu libbioapi_dummy100.so
+ mod_install -fu libpwbsp.so
+}
diff --git a/sys-auth/bioapi/files/bioapi-1.2.3-build.patch b/sys-auth/bioapi/files/bioapi-1.2.3-build.patch
new file mode 100644
index 00000000000..9d679fe8c89
--- /dev/null
+++ b/sys-auth/bioapi/files/bioapi-1.2.3-build.patch
@@ -0,0 +1,42 @@
+http://code.google.com/p/bioapi-linux/issues/detail?id=4
+
+--- a/addins/pwbsp/Makefile.in
++++ b/addins/pwbsp/Makefile.in
+@@ -87,7 +87,7 @@ CC = @CC@
+ CCDEPMODE = @CCDEPMODE@
+ CFLAGS = @CFLAGS@
+ CPP = @CPP@
+-CPPFLAGS = -I${top_srcdir}/include/ \
++AM_CPPFLAGS = -I${top_srcdir}/include/ \
+ -I${top_srcdir}/imports/cdsa/v2_0/inc/
+
+ CXX = @CXX@
+@@ -111,7 +111,7 @@ INSTALL_DATA = @INSTALL_DATA@
+ INSTALL_PROGRAM = @INSTALL_PROGRAM@
+ INSTALL_SCRIPT = @INSTALL_SCRIPT@
+ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+-LDFLAGS = -Wl,--version-script=${srcdir}/libpwbsp.ver
++AM_LDFLAGS = -Wl,--version-script=${srcdir}/libpwbsp.ver
+ LEX = @LEX@
+ LEXLIB = @LEXLIB@
+ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+--- a/addins/qtpwbsp/Makefile.in
++++ b/addins/qtpwbsp/Makefile.in
+@@ -96,7 +96,7 @@ CC = @CC@
+ CCDEPMODE = @CCDEPMODE@
+ CFLAGS = @CFLAGS@
+ CPP = @CPP@
+-CPPFLAGS = -I${top_srcdir}/include \
++AM_CPPFLAGS = -I${top_srcdir}/include \
+ -I${top_srcdir}/imports/cdsa/v2_0/inc \
+ ${QT_CXXFLAGS}
+
+@@ -121,7 +121,7 @@ INSTALL_DATA = @INSTALL_DATA@
+ INSTALL_PROGRAM = @INSTALL_PROGRAM@
+ INSTALL_SCRIPT = @INSTALL_SCRIPT@
+ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+-LDFLAGS = -Wl,--version-script=${srcdir}/libqtpwbsp.ver \
++AM_LDFLAGS = -Wl,--version-script=${srcdir}/libqtpwbsp.ver \
+ ${QT_LIBS}
+
+ LEX = @LEX@
diff --git a/sys-auth/bioapi/files/bioapi-1.2.3-enroll-ret.patch b/sys-auth/bioapi/files/bioapi-1.2.3-enroll-ret.patch
new file mode 100644
index 00000000000..e077c135d63
--- /dev/null
+++ b/sys-auth/bioapi/files/bioapi-1.2.3-enroll-ret.patch
@@ -0,0 +1,16 @@
+http://bugs.gentoo.org/236654
+
+make sure we return 0 when things work
+
+patch by kouyu
+
+--- bioapi-linux/apps/NonGUI_Sample/main.c
++++ bioapi-linux/apps/NonGUI_Sample/main.c
+@@ -234,6 +234,7 @@
+ }
+
+ OutputToFile(userName, EnrolledTemplate);
++ return 0;
+ }
+ }
+
diff --git a/sys-auth/bioapi/files/bioapi-1.2.3-gcc44.patch b/sys-auth/bioapi/files/bioapi-1.2.3-gcc44.patch
new file mode 100644
index 00000000000..1f81298066d
--- /dev/null
+++ b/sys-auth/bioapi/files/bioapi-1.2.3-gcc44.patch
@@ -0,0 +1,12 @@
+diff -ur bioapi-linux.orig/framework/mds_util_api/mds_app_util.c bioapi-linux/framework/mds_util_api/mds_app_util.c
+--- bioapi-linux.orig/framework/mds_util_api/mds_app_util.c 2007-07-14 08:06:14.000000000 +0300
++++ bioapi-linux/framework/mds_util_api/mds_app_util.c 2009-07-25 23:26:55.000000000 +0300
+@@ -28,7 +28,7 @@
+ /* Linux-Port: added "const" keyword for Linux version */
+ #if defined (UNIX)
+ const BioAPI_UUID MDSUTIL_Uuid = ref_h_layer_uuid_init;
+-#elif
++#else
+ BioAPI_UUID MDSUTIL_Uuid = ref_h_layer_uuid_init;
+ #endif
+
diff --git a/sys-auth/bioapi/files/bioapi-1.2.3-no-delete.patch b/sys-auth/bioapi/files/bioapi-1.2.3-no-delete.patch
new file mode 100644
index 00000000000..b5664d11ec3
--- /dev/null
+++ b/sys-auth/bioapi/files/bioapi-1.2.3-no-delete.patch
@@ -0,0 +1,15 @@
+do not delete the installed symlink -- let the package manager handle that
+
+--- bioapi-linux/apps/mod_install/install.c
++++ bioapi-linux/apps/mod_install/install.c
+@@ -496,10 +496,6 @@
+ }
+ else if ( Action == INSTALL_ACTION_UNINSTALL )
+ {
+-/* Linux-Port: Added the Linux branch */
+-#if defined (LINUX) || defined (SOLARIS)
+- DeleteFile(szDstPath);
+-#endif
+ printf( "Module uninstalled successfully.\n" );
+ }
+ else if ( Action == INSTALL_ACTION_REFRESH )
diff --git a/sys-auth/bioapi/files/bioapi-1.2.4-build.patch b/sys-auth/bioapi/files/bioapi-1.2.4-build.patch
new file mode 100644
index 00000000000..d7a70afd4d0
--- /dev/null
+++ b/sys-auth/bioapi/files/bioapi-1.2.4-build.patch
@@ -0,0 +1,42 @@
+http://code.google.com/p/bioapi-linux/issues/detail?id=4
+
+--- a/addins/pwbsp/Makefile.in
++++ b/addins/pwbsp/Makefile.in
+@@ -87,7 +87,7 @@ CC = @CC@
+ CCDEPMODE = @CCDEPMODE@
+ CFLAGS = @CFLAGS@
+ CPP = @CPP@
+-CPPFLAGS = -I${top_srcdir}/include/ \
++AM_CPPFLAGS = -I${top_srcdir}/include/ \
+ -I${top_srcdir}/imports/cdsa/v2_0/inc/
+
+ CXX = @CXX@
+@@ -111,7 +111,7 @@ INSTALL_DATA = @INSTALL_DATA@
+ INSTALL_SCRIPT = @INSTALL_SCRIPT@
+ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+ LD = @LD@
+-LDFLAGS = -Wl,--version-script=${srcdir}/libpwbsp.ver
++AM_LDFLAGS = -Wl,--version-script=${srcdir}/libpwbsp.ver
+ LEX = @LEX@
+ LEXLIB = @LEXLIB@
+ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+--- a/addins/qtpwbsp/Makefile.in
++++ b/addins/qtpwbsp/Makefile.in
+@@ -96,7 +96,7 @@ CC = @CC@
+ CCDEPMODE = @CCDEPMODE@
+ CFLAGS = @CFLAGS@
+ CPP = @CPP@
+-CPPFLAGS = -I${top_srcdir}/include \
++AM_CPPFLAGS = -I${top_srcdir}/include \
+ -I${top_srcdir}/imports/cdsa/v2_0/inc \
+ ${QT_CXXFLAGS}
+
+@@ -121,7 +121,7 @@ INSTALL_DATA = @INSTALL_DATA@
+ INSTALL_SCRIPT = @INSTALL_SCRIPT@
+ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+ LD = @LD@
+-LDFLAGS = -Wl,--version-script=${srcdir}/libqtpwbsp.ver \
++AM_LDFLAGS = -Wl,--version-script=${srcdir}/libqtpwbsp.ver \
+ ${QT_LIBS}
+
+ LEX = @LEX@
diff --git a/sys-auth/bioapi/metadata.xml b/sys-auth/bioapi/metadata.xml
new file mode 100644
index 00000000000..9a34902f8fa
--- /dev/null
+++ b/sys-auth/bioapi/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>vapier@gentoo.org</email>
+ <name>Mike Frysinger</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="google-code">bioapi-linux</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/consolekit/Manifest b/sys-auth/consolekit/Manifest
new file mode 100644
index 00000000000..d05c470a18d
--- /dev/null
+++ b/sys-auth/consolekit/Manifest
@@ -0,0 +1,4 @@
+DIST ConsoleKit-0.4.6.tar.xz 366572 SHA256 b41d17e06f80059589fbeefe96ad07bcc564c49e65516da1caf975146475565c SHA512 54955e3e83778a9216846104da8762fd50a37190e209127dd5d211e2227da617e14f6f5c1359905396d299656e526d14e1187b28eaff7d0ae1d7563dc8d9b46d WHIRLPOOL ebf36b109b4c646d0b874f6b8e2ae9e2d190022ee9b6feff6cbb6b9203c80401c538cc3ca674fa7bde4f07e658d5460864e9784c1e0249d49b4784725a4e05c7
+DIST ConsoleKit2-0.9.4.tar.bz2 1184927 SHA256 b3e9554472f1a431576c317536d93ba1ef292916ea8447667deee0b555980e2e SHA512 8bbd04e5d084a4b7d3a9324b21909728d3d358c4fcb7a741f02baa354f8ce5afe2ec1a0613aa140adc754322ad00f2cd57eac8fedc500236a167c356c5a3ae04 WHIRLPOOL f02ebfb8b33c36650d6a57d09200d2d13c48e1b521de6a088399fe2a8af623434f539fa5bd343c720bf0174ab90a8d9d8a2c1a33b8aded0c76367e31b4a1accf
+DIST ConsoleKit2-0.9.5.tar.bz2 1250075 SHA256 2a857a304b6792a59f1cd43be51bfb570b06e3659dc71acc59dc1c2ac99fdb42 SHA512 afde7f668088d0b3a78a28ec6d01e00f705b628824e94ae8082dcd6cded24b69ddaf7ccf8c12a2f87bfa60836769d1947209d63bbbbcb17ac668c0c27bf70df5 WHIRLPOOL 80ccc3ff807dae1d3110c1923d1720d4c9ff66e9d8f233af8d6e56c2388088fda9c51279e48e7e81861c8ce9fb7246cfd0bed7c916bd1b86fda4b473c7607f80
+DIST consolekit_0.4.6-4.debian.tar.gz 12192 SHA256 6d4dd5e13a76454b4bab27ab6b407718cd77616afd2b1af7cb8d947c1323b802 SHA512 f7fc5965b1f495d16a8ca167940431bc2569e9bde9e4a356b9c9ed00c2825db61da7b6db3d434d977fff72b3aaef30c455a365b9eba282a887a523753613b58f WHIRLPOOL 961a918c21259e24c68c7a5bf93964825b891ea207c088fecab61f81434012dc8925fca83b74518cfc9cf42f2c4a87eba7518c0829f663716ca0e11e38c856c9
diff --git a/sys-auth/consolekit/consolekit-0.4.6.ebuild b/sys-auth/consolekit/consolekit-0.4.6.ebuild
new file mode 100644
index 00000000000..211bf9b9b46
--- /dev/null
+++ b/sys-auth/consolekit/consolekit-0.4.6.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit autotools eutils linux-info pam systemd
+
+MY_PN=ConsoleKit
+MY_P=${MY_PN}-${PV}
+
+DESCRIPTION="Framework for defining and tracking users, login sessions and seats"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/ConsoleKit"
+SRC_URI="http://www.freedesktop.org/software/${MY_PN}/dist/${MY_P}.tar.xz
+ mirror://debian/pool/main/${PN:0:1}/${PN}/${PN}_${PV}-4.debian.tar.gz" # for logrotate file
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="acl debug doc kernel_linux pam policykit selinux systemd-units test"
+
+COMMON_DEPEND=">=dev-libs/dbus-glib-0.100:=
+ >=dev-libs/glib-2.38.2-r1:2=
+ sys-libs/zlib:=
+ x11-libs/libX11:=
+ acl? (
+ sys-apps/acl:=
+ >=virtual/udev-200
+ )
+ pam? ( virtual/pam )
+ policykit? ( >=sys-auth/polkit-0.110 )"
+RDEPEND="${COMMON_DEPEND}
+ kernel_linux? ( sys-apps/coreutils[acl?] )
+ selinux? ( sec-policy/selinux-consolekit )"
+DEPEND="${COMMON_DEPEND}
+ dev-libs/libxslt
+ virtual/pkgconfig
+ doc? ( app-text/xmlto )
+ test? (
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/xmlto
+ )"
+
+S=${WORKDIR}/${MY_P}
+
+QA_MULTILIB_PATHS="usr/lib/ConsoleKit/.*"
+
+pkg_setup() {
+ if use kernel_linux; then
+ # This is from http://bugs.gentoo.org/376939
+ use acl && CONFIG_CHECK="~TMPFS_POSIX_ACL"
+ # This is required to get login-session-id string with pam_ck_connector.so
+ use pam && CONFIG_CHECK+=" ~AUDITSYSCALL"
+ linux-info_pkg_setup
+ fi
+}
+
+src_prepare() {
+ epatch \
+ "${FILESDIR}"/${PN}-cleanup_console_tags.patch \
+ "${FILESDIR}"/${PN}-shutdown-reboot-without-policies.patch \
+ "${FILESDIR}"/${PN}-udev-acl-install_to_usr.patch \
+ "${FILESDIR}"/${PN}-0.4.5-polkit-automagic.patch
+
+ if ! use systemd-units; then
+ sed -i -e '/SystemdService/d' data/org.freedesktop.ConsoleKit.service.in || die
+ fi
+
+ eautoreconf
+}
+
+src_configure() {
+ local myconf
+ if use systemd-units; then
+ myconf="$(systemd_with_unitdir)"
+ else
+ myconf="--with-systemdsystemunitdir=/tmp"
+ fi
+
+ econf \
+ XMLTO_FLAGS='--skip-validation' \
+ --libexecdir="${EPREFIX}"/usr/lib/${MY_PN} \
+ --localstatedir="${EPREFIX}"/var \
+ $(use_enable pam pam-module) \
+ $(use_enable doc docbook-docs) \
+ $(use_enable test docbook-docs) \
+ $(use_enable debug) \
+ $(use_enable policykit polkit) \
+ $(use_enable acl udev-acl) \
+ --with-dbus-services="${EPREFIX}"/usr/share/dbus-1/services \
+ --with-pam-module-dir="$(getpam_mod_dir)" \
+ ${myconf}
+}
+
+src_install() {
+ emake \
+ DESTDIR="${D}" \
+ htmldocdir="${EPREFIX}"/usr/share/doc/${PF}/html \
+ install
+
+ dosym /usr/lib/${MY_PN} /usr/lib/${PN}
+
+ dodoc AUTHORS HACKING NEWS README TODO
+
+ newinitd "${FILESDIR}"/${PN}-0.2.rc consolekit
+
+ keepdir /usr/lib/ConsoleKit/run-seat.d
+ keepdir /usr/lib/ConsoleKit/run-session.d
+ keepdir /etc/ConsoleKit/run-session.d
+ keepdir /var/log/ConsoleKit
+
+ exeinto /etc/X11/xinit/xinitrc.d
+ newexe "${FILESDIR}"/90-consolekit-3 90-consolekit
+
+ exeinto /usr/lib/ConsoleKit/run-session.d
+ doexe "${FILESDIR}"/pam-foreground-compat.ck
+
+ prune_libtool_files --all # --all for pam_ck_connector.la
+
+ use systemd-units || rm -rf "${ED}"/tmp
+
+ rm -rf "${ED}"/var/run # let the init script create the directory
+
+ insinto /etc/logrotate.d
+ newins "${WORKDIR}"/debian/${PN}.logrotate ${PN} #374513
+}
diff --git a/sys-auth/consolekit/consolekit-0.9.4.ebuild b/sys-auth/consolekit/consolekit-0.9.4.ebuild
new file mode 100644
index 00000000000..81a80c8dec2
--- /dev/null
+++ b/sys-auth/consolekit/consolekit-0.9.4.ebuild
@@ -0,0 +1,104 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils linux-info pam
+
+MY_PN=ConsoleKit2
+MY_P=${MY_PN}-${PV}
+
+DESCRIPTION="Framework for defining and tracking users, login sessions and seats"
+HOMEPAGE="http://github.com/ConsoleKit2/ConsoleKit2 http://www.freedesktop.org/wiki/Software/ConsoleKit"
+SRC_URI="http://github.com/${MY_PN}/${MY_PN}/releases/download/${PV}/${MY_P}.tar.bz2
+ mirror://debian/pool/main/${PN:0:1}/${PN}/${PN}_0.4.6-4.debian.tar.gz" # for logrotate file"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="acl debug doc kernel_linux pam policykit selinux test"
+
+COMMON_DEPEND=">=dev-libs/glib-2.40:2=
+ sys-libs/zlib:=
+ x11-libs/libX11:=
+ acl? (
+ sys-apps/acl:=
+ >=virtual/udev-200
+ )
+ pam? ( virtual/pam )
+ policykit? ( >=sys-auth/polkit-0.110 )"
+RDEPEND="${COMMON_DEPEND}
+ kernel_linux? ( sys-apps/coreutils[acl?] )
+ selinux? ( sec-policy/selinux-consolekit )
+ sys-power/pm-utils"
+DEPEND="${COMMON_DEPEND}
+ dev-libs/libxslt
+ virtual/pkgconfig
+ doc? ( app-text/xmlto )
+ test? (
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/xmlto
+ )"
+
+S=${WORKDIR}/${MY_P}
+
+QA_MULTILIB_PATHS="usr/lib/ConsoleKit/.*"
+
+pkg_setup() {
+ if use kernel_linux; then
+ # This is from http://bugs.gentoo.org/376939
+ use acl && CONFIG_CHECK="~TMPFS_POSIX_ACL"
+ # This is required to get login-session-id string with pam_ck_connector.so
+ use pam && CONFIG_CHECK+=" ~AUDITSYSCALL"
+ linux-info_pkg_setup
+ fi
+}
+
+src_prepare() {
+ sed -i -e '/SystemdService/d' data/org.freedesktop.ConsoleKit.service.in || die
+}
+
+src_configure() {
+ econf \
+ XMLTO_FLAGS='--skip-validation' \
+ --libexecdir="${EPREFIX}"/usr/lib/ConsoleKit \
+ --localstatedir="${EPREFIX}"/var \
+ $(use_enable pam pam-module) \
+ $(use_enable doc docbook-docs) \
+ $(use_enable test docbook-docs) \
+ $(use_enable debug) \
+ $(use_enable policykit polkit) \
+ $(use_enable acl udev-acl) \
+ --with-dbus-services="${EPREFIX}"/usr/share/dbus-1/services \
+ --with-pam-module-dir="$(getpam_mod_dir)" \
+ --with-xinitrc-dir=/etc/X11/xinit/xinitrc.d \
+ --without-systemdsystemunitdir
+}
+
+src_install() {
+ emake \
+ DESTDIR="${D}" \
+ htmldocdir="${EPREFIX}"/usr/share/doc/${PF}/html \
+ install
+
+ dosym /usr/lib/ConsoleKit /usr/lib/${PN}
+
+ dodoc AUTHORS HACKING NEWS README TODO
+
+ newinitd "${FILESDIR}"/${PN}-0.2.rc consolekit
+
+ keepdir /usr/lib/ConsoleKit/run-seat.d
+ keepdir /usr/lib/ConsoleKit/run-session.d
+ keepdir /etc/ConsoleKit/run-session.d
+ keepdir /var/log/ConsoleKit
+
+ exeinto /etc/X11/xinit/xinitrc.d
+ newexe "${FILESDIR}"/90-consolekit-3 90-consolekit
+
+ prune_libtool_files --all # --all for pam_ck_connector.la
+
+ rm -rf "${ED}"/var/run # let the init script create the directory
+
+ insinto /etc/logrotate.d
+ newins "${WORKDIR}"/debian/${PN}.logrotate ${PN} #374513
+}
diff --git a/sys-auth/consolekit/consolekit-0.9.5.ebuild b/sys-auth/consolekit/consolekit-0.9.5.ebuild
new file mode 100644
index 00000000000..797cd354cd8
--- /dev/null
+++ b/sys-auth/consolekit/consolekit-0.9.5.ebuild
@@ -0,0 +1,105 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils linux-info pam
+
+MY_PN=ConsoleKit2
+MY_P=${MY_PN}-${PV}
+
+DESCRIPTION="Framework for defining and tracking users, login sessions and seats"
+HOMEPAGE="http://github.com/ConsoleKit2/ConsoleKit2 http://www.freedesktop.org/wiki/Software/ConsoleKit"
+SRC_URI="http://github.com/${MY_PN}/${MY_PN}/releases/download/${PV}/${MY_P}.tar.bz2
+ mirror://debian/pool/main/${PN:0:1}/${PN}/${PN}_0.4.6-4.debian.tar.gz" # for logrotate file"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="acl debug doc kernel_linux pam policykit selinux test"
+
+COMMON_DEPEND=">=dev-libs/glib-2.40:2=
+ sys-libs/zlib:=
+ x11-libs/libX11:=
+ acl? (
+ sys-apps/acl:=
+ >=virtual/udev-200
+ )
+ pam? ( virtual/pam )
+ policykit? ( >=sys-auth/polkit-0.110 )"
+RDEPEND="${COMMON_DEPEND}
+ kernel_linux? ( sys-apps/coreutils[acl?] )
+ selinux? ( sec-policy/selinux-consolekit )
+ sys-power/pm-utils"
+DEPEND="${COMMON_DEPEND}
+ dev-libs/libxslt
+ virtual/pkgconfig
+ doc? ( app-text/xmlto )
+ test? (
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/xmlto
+ )"
+
+S=${WORKDIR}/${MY_P}
+
+QA_MULTILIB_PATHS="usr/lib/ConsoleKit/.*"
+
+pkg_setup() {
+ if use kernel_linux; then
+ # This is from http://bugs.gentoo.org/376939
+ use acl && CONFIG_CHECK="~TMPFS_POSIX_ACL"
+ # This is required to get login-session-id string with pam_ck_connector.so
+ use pam && CONFIG_CHECK+=" ~AUDITSYSCALL"
+ linux-info_pkg_setup
+ fi
+}
+
+src_prepare() {
+ sed -i -e '/SystemdService/d' data/org.freedesktop.ConsoleKit.service.in || die
+}
+
+src_configure() {
+ econf \
+ XMLTO_FLAGS='--skip-validation' \
+ --libexecdir="${EPREFIX}"/usr/lib/ConsoleKit \
+ --localstatedir="${EPREFIX}"/var \
+ $(use_enable pam pam-module) \
+ $(use_enable doc docbook-docs) \
+ $(use_enable test docbook-docs) \
+ $(use_enable debug) \
+ $(use_enable policykit polkit) \
+ $(use_enable acl udev-acl) \
+ $(use_enable test tests) \
+ --with-dbus-services="${EPREFIX}"/usr/share/dbus-1/services \
+ --with-pam-module-dir="$(getpam_mod_dir)" \
+ --with-xinitrc-dir=/etc/X11/xinit/xinitrc.d \
+ --without-systemdsystemunitdir
+}
+
+src_install() {
+ emake \
+ DESTDIR="${D}" \
+ htmldocdir="${EPREFIX}"/usr/share/doc/${PF}/html \
+ install
+
+ dosym /usr/lib/ConsoleKit /usr/lib/${PN}
+
+ dodoc AUTHORS HACKING NEWS README TODO
+
+ newinitd "${FILESDIR}"/${PN}-0.2.rc consolekit
+
+ keepdir /usr/lib/ConsoleKit/run-seat.d
+ keepdir /usr/lib/ConsoleKit/run-session.d
+ keepdir /etc/ConsoleKit/run-session.d
+ keepdir /var/log/ConsoleKit
+
+ exeinto /etc/X11/xinit/xinitrc.d
+ newexe "${FILESDIR}"/90-consolekit-3 90-consolekit
+
+ prune_libtool_files --all # --all for pam_ck_connector.la
+
+ rm -rf "${ED}"/var/run || die # let the init script create the directory
+
+ insinto /etc/logrotate.d
+ newins "${WORKDIR}"/debian/${PN}.logrotate ${PN} #374513
+}
diff --git a/sys-auth/consolekit/consolekit-9999.ebuild b/sys-auth/consolekit/consolekit-9999.ebuild
new file mode 100644
index 00000000000..8c92eae8eb0
--- /dev/null
+++ b/sys-auth/consolekit/consolekit-9999.ebuild
@@ -0,0 +1,111 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit autotools eutils git-r3 linux-info pam
+
+MY_PN=ConsoleKit2
+MY_P=${MY_PN}-${PV}
+
+DESCRIPTION="Framework for defining and tracking users, login sessions and seats"
+HOMEPAGE="http://github.com/ConsoleKit2/ConsoleKit2 http://www.freedesktop.org/wiki/Software/ConsoleKit"
+SRC_URI="mirror://debian/pool/main/${PN:0:1}/${PN}/${PN}_0.4.6-4.debian.tar.gz" # for logrotate file"
+EGIT_REPO_URI="https://github.com/${MY_PN}/${MY_PN}.git"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS=""
+IUSE="acl debug doc kernel_linux pam policykit selinux test"
+
+COMMON_DEPEND=">=dev-libs/glib-2.40:2=
+ sys-libs/zlib:=
+ x11-libs/libX11:=
+ acl? (
+ sys-apps/acl:=
+ >=virtual/udev-200
+ )
+ pam? ( virtual/pam )
+ policykit? ( >=sys-auth/polkit-0.110 )"
+RDEPEND="${COMMON_DEPEND}
+ kernel_linux? ( sys-apps/coreutils[acl?] )
+ selinux? ( sec-policy/selinux-consolekit )
+ sys-power/pm-utils"
+DEPEND="${COMMON_DEPEND}
+ dev-libs/libxslt
+ virtual/pkgconfig
+ doc? ( app-text/xmlto )
+ test? (
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/xmlto
+ )"
+
+QA_MULTILIB_PATHS="usr/lib/ConsoleKit/.*"
+
+pkg_setup() {
+ if use kernel_linux; then
+ # This is from http://bugs.gentoo.org/376939
+ use acl && CONFIG_CHECK="~TMPFS_POSIX_ACL"
+ # This is required to get login-session-id string with pam_ck_connector.so
+ use pam && CONFIG_CHECK+=" ~AUDITSYSCALL"
+ linux-info_pkg_setup
+ fi
+}
+
+src_unpack() {
+ git-r3_src_unpack
+ unpack "${PN}_0.4.6-4.debian.tar.gz"
+}
+
+src_prepare() {
+ sed -i -e '/SystemdService/d' data/org.freedesktop.ConsoleKit.service.in || die
+
+ epatch_user
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ XMLTO_FLAGS='--skip-validation' \
+ --libexecdir="${EPREFIX}"/usr/lib/ConsoleKit \
+ --localstatedir="${EPREFIX}"/var \
+ $(use_enable pam pam-module) \
+ $(use_enable doc docbook-docs) \
+ $(use_enable test docbook-docs) \
+ $(use_enable debug) \
+ $(use_enable policykit polkit) \
+ $(use_enable acl udev-acl) \
+ $(use_enable test tests) \
+ --with-dbus-services="${EPREFIX}"/usr/share/dbus-1/services \
+ --with-pam-module-dir="$(getpam_mod_dir)" \
+ --with-xinitrc-dir=/etc/X11/xinit/xinitrc.d \
+ --without-systemdsystemunitdir
+}
+
+src_install() {
+ emake \
+ DESTDIR="${D}" \
+ htmldocdir="${EPREFIX}"/usr/share/doc/${PF}/html \
+ install
+
+ dosym /usr/lib/ConsoleKit /usr/lib/${PN}
+
+ dodoc AUTHORS HACKING NEWS README TODO
+
+ newinitd "${FILESDIR}"/${PN}-0.2.rc consolekit
+
+ keepdir /usr/lib/ConsoleKit/run-seat.d
+ keepdir /usr/lib/ConsoleKit/run-session.d
+ keepdir /etc/ConsoleKit/run-session.d
+ keepdir /var/log/ConsoleKit
+
+ exeinto /etc/X11/xinit/xinitrc.d
+ newexe "${FILESDIR}"/90-consolekit-3 90-consolekit
+
+ prune_libtool_files --all # --all for pam_ck_connector.la
+
+ rm -rf "${ED}"/var/run || die # let the init script create the directory
+
+ insinto /etc/logrotate.d
+ newins "${WORKDIR}"/debian/${PN}.logrotate ${PN} #374513
+}
diff --git a/sys-auth/consolekit/files/90-consolekit-3 b/sys-auth/consolekit/files/90-consolekit-3
new file mode 100644
index 00000000000..358fc24f1a7
--- /dev/null
+++ b/sys-auth/consolekit/files/90-consolekit-3
@@ -0,0 +1,32 @@
+# -*- sh -*-
+# Xsession.d script for ck-launch-session.
+#
+#
+# This file is sourced by Xsession(5), not executed.
+
+CK_LAUNCH_SESSION=/usr/bin/ck-launch-session
+
+is_on_console() {
+ session=$(dbus-send --system --dest=org.freedesktop.ConsoleKit \
+ --type=method_call --print-reply --reply-timeout=2000 \
+ /org/freedesktop/ConsoleKit/Manager \
+ org.freedesktop.ConsoleKit.Manager.GetCurrentSession \
+ | grep path | awk '{print $3}' | sed s/\"//g)
+ x11_display=$(dbus-send --system --dest=org.freedesktop.ConsoleKit \
+ --type=method_call --print-reply --reply-timeout=2000 \
+ $session org.freedesktop.ConsoleKit.Session.GetX11Display \
+ | grep string | awk '{print $2}' | sed s/\"//g)
+
+ if [ -z "$x11_display" ] ; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+# gdm already creates a CK session for us, so do not run the expensive D-Bus
+# calls if we have $GDMSESSION
+if [ -z "$GDMSESSION" ] && [ -x "$CK_LAUNCH_SESSION" ] && \
+ ( [ -z "$XDG_SESSION_COOKIE" ] || is_on_console ) ; then
+ command="$CK_LAUNCH_SESSION $command"
+fi
diff --git a/sys-auth/consolekit/files/consolekit-0.2.rc b/sys-auth/consolekit/files/consolekit-0.2.rc
new file mode 100644
index 00000000000..63eeefd84cf
--- /dev/null
+++ b/sys-auth/consolekit/files/consolekit-0.2.rc
@@ -0,0 +1,26 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Id$
+
+depend() {
+ need dbus
+ use logger
+}
+
+start() {
+ ebegin "Starting ConsoleKit daemon"
+
+ checkpath -q -d -m 0755 /var/run/ConsoleKit
+
+ start-stop-daemon --start -q \
+ --pidfile /var/run/ConsoleKit/pid \
+ --exec /usr/sbin/console-kit-daemon --
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ConsoleKit daemon"
+ start-stop-daemon --stop -q --pidfile /var/run/ConsoleKit/pid
+ eend $?
+}
diff --git a/sys-auth/consolekit/files/consolekit-0.4.5-polkit-automagic.patch b/sys-auth/consolekit/files/consolekit-0.4.5-polkit-automagic.patch
new file mode 100644
index 00000000000..b896089d448
--- /dev/null
+++ b/sys-auth/consolekit/files/consolekit-0.4.5-polkit-automagic.patch
@@ -0,0 +1,30 @@
+http://bugs.freedesktop.org/show_bug.cgi?id=47587
+
+--- configure.ac
++++ configure.ac
+@@ -56,10 +56,21 @@
+ gthread-2.0 >= $GLIB_REQUIRED_VERSION
+ )
+
+-PKG_CHECK_MODULES(POLKIT,
+- polkit-gobject-1 >= $POLKIT_REQUIRED_VERSION,
+- have_polkit=yes,
+- have_polkit=no)
++AC_ARG_ENABLE([polkit],
++ AC_HELP_STRING([--enable-polkit], [Enable PolicyKit support (default auto)]),
++ enable_polkit=$enableval,
++ enable_polkit=auto)
++
++if test "x$enable_polkit" != "xno"; then
++ PKG_CHECK_MODULES(POLKIT,
++ polkit-gobject-1 >= $POLKIT_REQUIRED_VERSION,
++ have_polkit=yes,
++ have_polkit=no)
++ if test "x$enable_polkit" = "xyes" -a "x$have_polkit" = "xno"; then
++ AC_MSG_ERROR([PolicyKit support explicitly requested but dependencies not found])
++ fi
++fi
++
+ if test "x$have_polkit" = "xyes" ; then
+ AC_DEFINE(HAVE_POLKIT, [], [Define if we have polkit])
+ fi
diff --git a/sys-auth/consolekit/files/consolekit-cleanup_console_tags.patch b/sys-auth/consolekit/files/consolekit-cleanup_console_tags.patch
new file mode 100644
index 00000000000..c02411ebded
--- /dev/null
+++ b/sys-auth/consolekit/files/consolekit-cleanup_console_tags.patch
@@ -0,0 +1,67 @@
+http://bugs.gentoo.org/257761
+http://patches.ubuntu.com/by-release/extracted/ubuntu/c/consolekit/
+
+--- src/main.c
++++ src/main.c
+@@ -148,6 +148,43 @@
+ unlink (CONSOLE_KIT_PID_FILE);
+ }
+
++#define CONSOLE_TAGS_DIR "/var/run/console"
++
++static void
++delete_console_tags (void)
++{
++ GDir *dir;
++ GError *error = NULL;
++ const gchar *name;
++
++ g_debug ("Cleaning up %s", CONSOLE_TAGS_DIR);
++
++ dir = g_dir_open (CONSOLE_TAGS_DIR, 0, &error);
++ if (dir == NULL) {
++ g_debug ("Couldn't open directory %s: %s", CONSOLE_TAGS_DIR,
++ error->message);
++ g_error_free (error);
++ return;
++ }
++ while ((name = g_dir_read_name (dir)) != NULL) {
++ gchar *file;
++ file = g_build_filename (CONSOLE_TAGS_DIR, name, NULL);
++
++ g_debug ("Removing tag file: %s", file);
++ if (unlink (file) == -1) {
++ g_warning ("Couldn't delete tag file: %s", file);
++ }
++ g_free (file);
++ }
++}
++
++static void
++cleanup (void)
++{
++ delete_console_tags ();
++ delete_pid ();
++}
++
+ /* copied from nautilus */
+ static int debug_log_pipes[2];
+
+@@ -228,7 +265,7 @@
+ snprintf (pid, sizeof (pid), "%lu\n", (long unsigned) getpid ());
+ written = write (pf, pid, strlen (pid));
+ close (pf);
+- g_atexit (delete_pid);
++ g_atexit (cleanup);
+ } else {
+ g_warning ("Unable to write pid file %s: %s",
+ CONSOLE_KIT_PID_FILE,
+@@ -317,6 +354,8 @@
+ goto out;
+ }
+
++ delete_console_tags ();
++
+ create_pid_file ();
+
+ loop = g_main_loop_new (NULL, FALSE);
diff --git a/sys-auth/consolekit/files/consolekit-shutdown-reboot-without-policies.patch b/sys-auth/consolekit/files/consolekit-shutdown-reboot-without-policies.patch
new file mode 100644
index 00000000000..6a46649f758
--- /dev/null
+++ b/sys-auth/consolekit/files/consolekit-shutdown-reboot-without-policies.patch
@@ -0,0 +1,26 @@
+From: Romain Perier <mrpouet@gentoo.org>
+Date: Sat, 24 Oct 2009 18:43:43 +0200
+Subject: [PATCH] Be able to shutdown or reboot even without polkit or RBAC supports
+
+Ck does NOTHING at the origin if its built without polkit or RBAC supports, except
+display a warning using g_warning() (which does not make sense).
+The trick is to to call do_stop()/do_restart() in the #else directive :)
+
+--- src/ck-manager.c
++++ src/ck-manager.c
+@@ -1131,6 +1131,7 @@
+ check_rbac_permissions (manager, context, RBAC_SHUTDOWN_KEY, do_restart);
+ #else
+ g_warning ("Compiled without PolicyKit or RBAC support!");
++ do_restart(manager, context);
+ #endif
+
+ return TRUE;
+@@ -1207,6 +1208,7 @@
+ check_rbac_permissions (manager, context, RBAC_SHUTDOWN_KEY, do_stop);
+ #else
+ g_warning ("Compiled without PolicyKit or RBAC support!");
++ do_stop(manager, context);
+ #endif
+
+ return TRUE;
diff --git a/sys-auth/consolekit/files/consolekit-udev-acl-install_to_usr.patch b/sys-auth/consolekit/files/consolekit-udev-acl-install_to_usr.patch
new file mode 100644
index 00000000000..3ef39873dbd
--- /dev/null
+++ b/sys-auth/consolekit/files/consolekit-udev-acl-install_to_usr.patch
@@ -0,0 +1,28 @@
+http://bugs.gentoo.org/398049
+
+--- tools/Makefile.am
++++ tools/Makefile.am
+@@ -144,11 +144,10 @@
+ $(NULL)
+
+ if ENABLE_UDEV_ACL
+-udevdir = $(UDEVDIR)
+ udevrulesdir = $(UDEVDIR)/rules.d
+
+ dist_udevrules_DATA = 70-udev-acl.rules
+-udev_PROGRAMS = udev-acl
++libexec_PROGRAMS = udev-acl
+
+ udev_acl_SOURCES = udev-acl.c
+ udev_acl_LDADD = $(UDEV_ACL_LIBS)
+@@ -156,7 +155,9 @@
+
+ install-exec-hook:
+ mkdir -p $(DESTDIR)$(prefix)/lib/ConsoleKit/run-seat.d
+- ln -sf $(UDEVDIR)/udev-acl $(DESTDIR)$(prefix)/lib/ConsoleKit/run-seat.d/udev-acl.ck
++ mkdir -p $(DESTDIR)$(UDEVDIR)
++ ln -sf $(libexecdir)/udev-acl $(DESTDIR)$(prefix)/lib/ConsoleKit/run-seat.d/udev-acl.ck
++ ln -sf $(libexecdir)/udev-acl $(DESTDIR)$(UDEVDIR)/udev-acl
+ endif
+
+ EXTRA_DIST = \
diff --git a/sys-auth/consolekit/files/pam-foreground-compat.ck b/sys-auth/consolekit/files/pam-foreground-compat.ck
new file mode 100644
index 00000000000..0697ca81ba4
--- /dev/null
+++ b/sys-auth/consolekit/files/pam-foreground-compat.ck
@@ -0,0 +1,17 @@
+#!/bin/sh
+TAGDIR=/var/run/console
+
+[ -n "$CK_SESSION_USER_UID" ] || exit 1
+
+TAGFILE="$TAGDIR/`getent passwd $CK_SESSION_USER_UID | cut -f 1 -d:`"
+
+if [ "$1" = "session_added" ]; then
+ mkdir -p "$TAGDIR"
+ echo "$CK_SESSION_ID" >> "$TAGFILE"
+fi
+
+if [ "$1" = "session_removed" ] && [ -e "$TAGFILE" ]; then
+ sed -i "\%^$CK_SESSION_ID\$%d" "$TAGFILE"
+ [ -s "$TAGFILE" ] || rm -f "$TAGFILE"
+fi
+
diff --git a/sys-auth/consolekit/metadata.xml b/sys-auth/consolekit/metadata.xml
new file mode 100644
index 00000000000..3eb5156f029
--- /dev/null
+++ b/sys-auth/consolekit/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>freedesktop</herd>
+ <maintainer>
+ <email>freedesktop-bugs@gentoo.org</email>
+ </maintainer>
+ <use>
+ <flag name="policykit">Use the PolicyKit framework (<pkg>sys-auth/polkit</pkg>) to get authorization for suspend/shutdown.</flag>
+ <flag name="systemd-units">Install systemd unit files to replace the modern functionality of logind in <pkg>sys-apps/systemd</pkg>. Not recommended.</flag>
+ </use>
+ <upstream>
+ <remote-id type="github">ConsoleKit2/ConsoleKit2</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/fingerprint-gui/Manifest b/sys-auth/fingerprint-gui/Manifest
new file mode 100644
index 00000000000..98ffcfa4f65
--- /dev/null
+++ b/sys-auth/fingerprint-gui/Manifest
@@ -0,0 +1,3 @@
+DIST fingerprint-gui-1.05.tar.gz 7001230 SHA256 4058ffa55de8ea346ae8747ec88828d2312656b3d8a54c57198b04e4032097db SHA512 6bf90dacb1e2b5f84fcded14a7b345cc613d09a886f1f103344caa00704e06f740af1ec3b9ae76f60a52e8330a68af63a035dbd53ab9a5bdce6521bcb5b3b6e8 WHIRLPOOL c0c8f5e3a87b0821aab23591ef25340cf1a1d3cde9d5e9ee2d716f600286c9eab909056021dda6e1ea7fe80731d9bf7bde437ddb406692ad1517050f1d647132
+DIST fingerprint-gui-1.06.tar.gz 7042471 SHA256 f5021d4c446b65ce62de63b9b2874b05a62318b386f35577ca0322b722a1920f SHA512 dbb7dfa9df99e522a3512fc93f53c9c830d94572d4b9a76f438a8893a1f852ddbff3d76a519873efc10ee0a0a1c764a5dd69c9db95ac28c45e25f80e55eb52c0 WHIRLPOOL 75e3c33b7910fd066910eca425815040b5a0390cdd56fdbf423e317dc0b0407291d5f176a511c5afd5af68f6c03c60290242685bcb24d63513aa8455aa32a951
+DIST fingerprint-gui-1.07.tar.gz 7042051 SHA256 cc2d06fd3aa96b278da3201fe51692393e3eb20002069c458c51661fb6e4f8c8 SHA512 b63bc86cbff29587a7fe164dd9344178006079f2520265ecd3d96e57bf584694246e17db780051dcacfe39dc6bd4da437b16e33d2f7cb6b474ae61dfbced6a3b WHIRLPOOL fa1eca597547b6d6c631373e47783ffcf3b30c6383ba31f198fe1d91b2174ee7caf241229c5a94d360fa0a5addb6b710a5729da59978ecd8932ae9687ba7fa0e
diff --git a/sys-auth/fingerprint-gui/files/fingerprint-gui-1.04-unistd.patch b/sys-auth/fingerprint-gui/files/fingerprint-gui-1.04-unistd.patch
new file mode 100644
index 00000000000..f65aa94d2d1
--- /dev/null
+++ b/sys-auth/fingerprint-gui/files/fingerprint-gui-1.04-unistd.patch
@@ -0,0 +1,70 @@
+--- fingerprint-gui-1.04/src/UserSettings.cpp
++++ fingerprint-gui-1.04/src/UserSettings.cpp
+@@ -30,6 +30,7 @@
+
+ #include <syslog.h>
+ #include <stdlib.h>
++#include <unistd.h>
+ #include <sys/mount.h>
+ #include <errno.h>
+
+--- fingerprint-gui-1.04/src/IdentifierGUI.cpp
++++ fingerprint-gui-1.04/src/IdentifierGUI.cpp
+@@ -25,6 +25,7 @@
+
+ #include <string>
+ #include <iostream>
++#include <unistd.h>
+ #include "IdentifierGUI.h"
+
+ #define KEEP_ON_TOP \
+--- fingerprint-gui-1.04/src/FingerprintPAM.cpp
++++ fingerprint-gui-1.04/src/FingerprintPAM.cpp
+@@ -37,6 +37,7 @@
+ #include <errno.h>
+ #include <pwd.h>
+ #include <string>
++#include <unistd.h>
+
+ #include "../include/Globals.h"
+
+--- fingerprint-gui-1.04/src/PluginDialog.cpp
++++ fingerprint-gui-1.04/src/PluginDialog.cpp
+@@ -25,6 +25,7 @@
+
+ #include <sys/poll.h>
+ #include <string>
++#include <unistd.h>
+ #include <qt4/QtCore/qthread.h>
+
+ #include "../include/PluginDialog.h"
+--- fingerprint-gui-1.04/src/PamGUI.cpp
++++ fingerprint-gui-1.04/src/PamGUI.cpp
+@@ -23,6 +23,7 @@
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
++#include <unistd.h>
+ #include "PamGUI.h"
+ #include "FingerprintHelper.h"
+
+--- fingerprint-gui-1.04/src/PamNonGUI.cpp
++++ fingerprint-gui-1.04/src/PamNonGUI.cpp
+@@ -23,6 +23,7 @@
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
++#include <unistd.h>
+ #include "PamNonGUI.h"
+ #include "FingerprintHelper.h"
+
+--- fingerprint-gui-1.04/src/FingerprintPlugin.cpp
++++ fingerprint-gui-1.04/src/FingerprintPlugin.cpp
+@@ -25,6 +25,7 @@
+
+ #include <syslog.h>
+ #include <string>
++#include <unistd.h>
+ #include <qt4/QtGui/qwidget.h>
+
+ #include "PluginDialog.h"
diff --git a/sys-auth/fingerprint-gui/fingerprint-gui-1.05-r1.ebuild b/sys-auth/fingerprint-gui/fingerprint-gui-1.05-r1.ebuild
new file mode 100644
index 00000000000..f4bb137c580
--- /dev/null
+++ b/sys-auth/fingerprint-gui/fingerprint-gui-1.05-r1.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils multilib qt4-r2 readme.gentoo udev user
+
+DESCRIPTION="Use Fingerprint Devices with Linux"
+HOMEPAGE="http://www.n-view.net/Appliance/fingerprint/"
+SRC_URI="http://ullrich-online.cc/nview/Appliance/${PN%-gui}/download/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+upekbsapi"
+
+DEPEND="app-crypt/qca:2[openssl,qt4(+)]
+ sys-auth/libfprint
+ sys-auth/polkit-qt[qt4(+)]
+ sys-libs/pam
+ x11-libs/libfakekey
+ dev-qt/qtcore:4
+ !sys-auth/thinkfinger"
+RDEPEND="${DEPEND}"
+
+QA_SONAME="/usr/lib/libbsapi.so.* /usr/lib64/libbsapi.so.*"
+QA_PRESTRIPPED="/usr/lib/libbsapi.so.* /usr/lib64/libbsapi.so.*"
+QA_FLAGS_IGNORED="/usr/lib/libbsapi.so.* /usr/lib64/libbsapi.so.*"
+
+src_prepare() {
+ sed -e '/Icon=/s:=.*:=Fingerprint:' \
+ -i bin/${PN}/${PN}.desktop || die
+ sed -e "s:/etc/udev/rules.d:\"$(get_udevdir)\"/rules.d:g" \
+ -i bin/${PN%-gui}-helper/${PN%-gui}-helper.pro || die
+ sed -e 's:GROUP="plugdev":GROUP="fingerprint":' \
+ -i bin/fingerprint-helper/92-fingerprint-gui-uinput.rules \
+ -i upek/91-fingerprint-gui-upek.rules || die
+}
+
+src_configure() {
+ eqmake4 \
+ PREFIX="${EROOT}"usr \
+ LIB="$(get_libdir)" \
+ LIBEXEC=libexec \
+ LIBPOLKIT_QT=LIBPOLKIT_QT_1_1
+}
+
+src_install() {
+ export INSTALL_ROOT="${D}" #submakes need it as well, re-install fails otherwise.
+ emake install
+ rm -r "${ED}"/usr/share/doc/${PN} || die
+ if use upekbsapi ; then
+ use amd64 && dolib.so upek/lib64/libbsapi.so*
+ use x86 && dolib.so upek/lib/libbsapi.so*
+ udev_dorules upek/91-fingerprint-gui-upek.rules
+ insinto /etc
+ doins upek/upek.cfg
+ #dodir /var/upek_data
+ #fowners root:plugdev /var/upek_data
+ #fperms 0775 /var/upek_data
+ fi
+ doicon src/res/Fingerprint.png
+
+ dodoc CHANGELOG README
+ dohtml doc/*
+
+ readme.gentoo_src_install
+}
+
+pkg_preinst() {
+ enewgroup fingerprint
+}
+
+FORCE_PRINT_ELOG=1
+DISABLE_AUTOFORMATTING=1
+DOC_CONTENTS="Please take a thorough look a the Install-step-by-step.html
+in /usr/share/doc/${PF} for integration with pam/polkit/...
+Hint: You may want
+ auth sufficient pam_fingerprint-gui.so
+in /etc/pam.d/system-auth
+
+There are udev rules to enforce group fingerprint on the reader device
+Please put yourself in that group and re-trigger the udev rules."
diff --git a/sys-auth/fingerprint-gui/fingerprint-gui-1.05.ebuild b/sys-auth/fingerprint-gui/fingerprint-gui-1.05.ebuild
new file mode 100644
index 00000000000..4328729b60f
--- /dev/null
+++ b/sys-auth/fingerprint-gui/fingerprint-gui-1.05.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit eutils multilib qt4-r2 udev
+
+DESCRIPTION="Use Fingerprint Devices with Linux"
+HOMEPAGE="http://www.n-view.net/Appliance/fingerprint/"
+SRC_URI="http://ullrich-online.cc/nview/Appliance/${PN%-gui}/download/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+upekbsapi"
+
+DEPEND="app-crypt/qca:2[openssl,qt4(+)]
+ sys-auth/libfprint
+ sys-auth/polkit-qt[qt4(+)]
+ sys-libs/pam
+ x11-libs/libfakekey
+ dev-qt/qtcore:4
+ !sys-auth/thinkfinger"
+RDEPEND="${DEPEND}"
+
+QA_SONAME="/usr/lib/libbsapi.so.* /usr/lib64/libbsapi.so.*"
+QA_PRESTRIPPED="/usr/lib/libbsapi.so.* /usr/lib64/libbsapi.so.*"
+QA_FLAGS_IGNORED="/usr/lib/libbsapi.so.* /usr/lib64/libbsapi.so.*"
+
+src_prepare() {
+ sed -e '/Icon=/s:=.*:=Fingerprint:' \
+ -i bin/${PN}/${PN}.desktop || die
+ sed -e "s:/etc/udev/rules.d:\"$(get_udevdir)\"/rules.d:g" \
+ -i bin/${PN%-gui}-helper/${PN%-gui}-helper.pro || die
+}
+
+src_configure() {
+ eqmake4 \
+ PREFIX="${EROOT}"usr \
+ LIB="$(get_libdir)" \
+ LIBEXEC=libexec \
+ LIBPOLKIT_QT=LIBPOLKIT_QT_1_1
+}
+
+src_install() {
+ emake INSTALL_ROOT="${D}" install
+ rm -r "${ED}"/usr/share/doc/${PN} || die
+ if use upekbsapi ; then
+ use amd64 && dolib.so upek/lib64/libbsapi.so*
+ use x86 && dolib.so upek/lib/libbsapi.so*
+ udev_dorules upek/91-fingerprint-gui-upek.rules
+ insinto /etc
+ doins upek/upek.cfg
+ #dodir /var/upek_data
+ #fowners root:plugdev /var/upek_data
+ #fperms 0775 /var/upek_data
+ fi
+ doicon src/res/Fingerprint.png
+
+ dodoc CHANGELOG README
+ dohtml doc/*
+}
+
+pkg_postinst() {
+ elog "Please take a thorough look a the Install-step-by-step.html"
+ elog "in /usr/share/doc/${PF} for integration with pam/polkit/..."
+ elog "Hint: You may want"
+ elog " auth sufficient pam_fingerprint-gui.so"
+ elog "in /etc/pam.d/system-auth"
+ einfo
+ elog "There are udev rules to enforce group plugdev on the reader device"
+ elog "Please put yourself in that group and re-trigger the udev rules."
+}
diff --git a/sys-auth/fingerprint-gui/fingerprint-gui-1.06.ebuild b/sys-auth/fingerprint-gui/fingerprint-gui-1.06.ebuild
new file mode 100644
index 00000000000..bccb62e61a1
--- /dev/null
+++ b/sys-auth/fingerprint-gui/fingerprint-gui-1.06.ebuild
@@ -0,0 +1,85 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils multilib qt4-r2 readme.gentoo udev user
+
+DESCRIPTION="Use Fingerprint Devices with Linux"
+HOMEPAGE="http://www.n-view.net/Appliance/fingerprint/"
+HOMEPAGE="http://www.ullrich-online.cc/fingerprint/"
+SRC_URI="http://www.ullrich-online.cc/${PN%-gui}/download/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+upekbsapi"
+
+DEPEND="app-crypt/qca:2[openssl,qt4(+)]
+ sys-auth/libfprint
+ sys-auth/polkit-qt[qt4(+)]
+ sys-libs/pam
+ x11-libs/libfakekey
+ dev-qt/qtcore:4
+ !sys-auth/thinkfinger"
+RDEPEND="${DEPEND}"
+
+QA_SONAME="/usr/lib/libbsapi.so.* /usr/lib64/libbsapi.so.*"
+QA_PRESTRIPPED="/usr/lib/libbsapi.so.* /usr/lib64/libbsapi.so.*"
+QA_FLAGS_IGNORED="/usr/lib/libbsapi.so.* /usr/lib64/libbsapi.so.*"
+
+src_prepare() {
+ sed -e '/Icon=/s:=.*:=Fingerprint:' \
+ -i bin/${PN}/${PN}.desktop || die
+ sed -e "s:/etc/udev/rules.d:\"$(get_udevdir)\"/rules.d:g" \
+ -i bin/${PN%-gui}-helper/${PN%-gui}-helper.pro || die
+ sed -e 's:GROUP="plugdev":GROUP="fingerprint":' \
+ -i bin/fingerprint-helper/92-fingerprint-gui-uinput.rules \
+ -i upek/91-fingerprint-gui-upek.rules || die
+}
+
+src_configure() {
+ eqmake4 \
+ PREFIX="${EROOT}"usr \
+ LIB="$(get_libdir)" \
+ LIBEXEC=libexec \
+ LIBPOLKIT_QT=LIBPOLKIT_QT_1_1
+}
+
+src_install() {
+ export INSTALL_ROOT="${D}" #submakes need it as well, re-install fails otherwise.
+ emake install
+ rm -r "${ED}"/usr/share/doc/${PN} || die
+ if use upekbsapi ; then
+ use amd64 && dolib.so upek/lib64/libbsapi.so*
+ use x86 && dolib.so upek/lib/libbsapi.so*
+ udev_dorules upek/91-fingerprint-gui-upek.rules
+ insinto /etc
+ doins upek/upek.cfg
+ #dodir /var/upek_data
+ #fowners root:plugdev /var/upek_data
+ #fperms 0775 /var/upek_data
+ fi
+ doicon src/res/Fingerprint.png
+
+ dodoc CHANGELOG README
+ dohtml doc/*
+
+ readme.gentoo_src_install
+}
+
+pkg_preinst() {
+ enewgroup fingerprint
+}
+
+FORCE_PRINT_ELOG=1
+DISABLE_AUTOFORMATTING=1
+DOC_CONTENTS="Please take a thorough look a the Install-step-by-step.html
+in /usr/share/doc/${PF} for integration with pam/polkit/...
+Hint: You may want
+ auth sufficient pam_fingerprint-gui.so
+in /etc/pam.d/system-auth
+
+There are udev rules to enforce group fingerprint on the reader device
+Please put yourself in that group and re-trigger the udev rules."
diff --git a/sys-auth/fingerprint-gui/fingerprint-gui-1.07.ebuild b/sys-auth/fingerprint-gui/fingerprint-gui-1.07.ebuild
new file mode 100644
index 00000000000..494242feb5e
--- /dev/null
+++ b/sys-auth/fingerprint-gui/fingerprint-gui-1.07.ebuild
@@ -0,0 +1,94 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils multilib qt4-r2 readme.gentoo udev user
+
+DESCRIPTION="Use Fingerprint Devices with Linux"
+HOMEPAGE="http://www.n-view.net/Appliance/fingerprint/"
+HOMEPAGE="http://www.ullrich-online.cc/fingerprint/"
+SRC_URI="http://www.ullrich-online.cc/${PN%-gui}/download/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+upekbsapi"
+
+DEPEND="app-crypt/qca:2[openssl,qt4(+)]
+ sys-auth/libfprint
+ sys-auth/polkit-qt[qt4(+)]
+ sys-libs/pam
+ x11-libs/libfakekey
+ dev-qt/qtcore:4
+ !sys-auth/thinkfinger"
+RDEPEND="${DEPEND}"
+
+QA_SONAME="/usr/lib/libbsapi.so.* /usr/lib64/libbsapi.so.*"
+QA_PRESTRIPPED="/usr/lib/libbsapi.so.* /usr/lib64/libbsapi.so.*"
+QA_FLAGS_IGNORED="/usr/lib/libbsapi.so.* /usr/lib64/libbsapi.so.*"
+
+src_prepare() {
+ sed -e '/Icon=/s:=.*:=Fingerprint:' \
+ -i bin/${PN}/${PN}.desktop || die
+ sed -e "s:/etc/udev/rules.d:\"$(get_udevdir)\"/rules.d:g" \
+ -i bin/${PN%-gui}-helper/${PN%-gui}-helper.pro || die
+ sed -e 's:GROUP="plugdev":GROUP="fingerprint":' \
+ -i bin/fingerprint-helper/92-fingerprint-gui-uinput.rules \
+ -i upek/91-fingerprint-gui-upek.rules || die
+}
+
+src_configure() {
+ eqmake4 \
+ PREFIX="${EROOT}"usr \
+ LIB="$(get_libdir)" \
+ LIBEXEC=libexec \
+ LIBPOLKIT_QT=LIBPOLKIT_QT_1_1
+}
+
+src_install() {
+ export INSTALL_ROOT="${D}" #submakes need it as well, re-install fails otherwise.
+ emake install
+ rm -r "${ED}"/usr/share/doc/${PN} || die
+ if use upekbsapi ; then
+ use amd64 && dolib.so upek/lib64/libbsapi.so*
+ use x86 && dolib.so upek/lib/libbsapi.so*
+ udev_dorules upek/91-fingerprint-gui-upek.rules
+ insinto /etc
+ doins upek/upek.cfg
+ #dodir /var/upek_data
+ #fowners root:plugdev /var/upek_data
+ #fperms 0775 /var/upek_data
+ fi
+ doicon src/res/Fingerprint.png
+
+ dodoc CHANGELOG README
+ dohtml doc/*
+
+ readme.gentoo_src_install
+}
+
+pkg_preinst() {
+ enewgroup fingerprint
+}
+
+pkg_postinst() {
+ einfo "Fixing permisisons of fingerprints..."
+ find "${EROOT}"/var/lib/fingerprint-gui -exec chown root:root {} + || die "chown root:root failed"
+ find "${EROOR}"/var/lib/fingerprint-gui -type d -exec chmod 755 {} + || die "chmod 755 failed"
+ find "${EROOT}"/var/lib/fingerprint-gui -type f -exec chmod 600 {} + || die "chmod 600 failed"
+
+ readme.gentoo_pkg_postinst
+}
+
+FORCE_PRINT_ELOG=1
+DISABLE_AUTOFORMATTING=1
+DOC_CONTENTS="Please take a thorough look a the Install-step-by-step.html
+in /usr/share/doc/${PF} for integration with pam/polkit/...
+Hint: You may want
+ auth sufficient pam_fingerprint-gui.so
+in /etc/pam.d/system-auth
+
+There are udev rules to enforce group fingerprint on the reader device
+Please put yourself in that group and re-trigger the udev rules."
diff --git a/sys-auth/fingerprint-gui/metadata.xml b/sys-auth/fingerprint-gui/metadata.xml
new file mode 100644
index 00000000000..ffe2eae04a7
--- /dev/null
+++ b/sys-auth/fingerprint-gui/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer>
+<email>xmw@gentoo.org</email>
+<name>Michael Weber</name>
+</maintainer>
+<use>
+ <flag name="upekbsapi">Add UPEK BSAPI drivers for identify functions on some readers</flag>
+</use>
+</pkgmetadata>
+
diff --git a/sys-auth/fprint_demo/Manifest b/sys-auth/fprint_demo/Manifest
new file mode 100644
index 00000000000..767b767b1ba
--- /dev/null
+++ b/sys-auth/fprint_demo/Manifest
@@ -0,0 +1 @@
+DIST fprint_demo-0.4.tar.bz2 75986 SHA256 f071c0f3ae37365803c074fb5a544fb8cfa9fdd4ca9be9efe0488889ccb41267
diff --git a/sys-auth/fprint_demo/fprint_demo-0.4.ebuild b/sys-auth/fprint_demo/fprint_demo-0.4.ebuild
new file mode 100644
index 00000000000..365b1a7f864
--- /dev/null
+++ b/sys-auth/fprint_demo/fprint_demo-0.4.ebuild
@@ -0,0 +1,23 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=3
+
+DESCRIPTION="a simple GTK+ application to demonstrate and test libfprint's capabilities"
+HOMEPAGE="http://www.reactivated.net/fprint/wiki/Fprint_demo"
+SRC_URI="mirror://sourceforge/fprint/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE=""
+
+RDEPEND="sys-auth/libfprint
+ x11-libs/gtk+:2"
+DEPEND="${RDEPEND}"
+
+src_install() {
+ emake DESTDIR="${D}" install || die
+ dodoc AUTHORS ChangeLog NEWS README || die
+}
diff --git a/sys-auth/fprint_demo/metadata.xml b/sys-auth/fprint_demo/metadata.xml
new file mode 100644
index 00000000000..1bd43515355
--- /dev/null
+++ b/sys-auth/fprint_demo/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>xmw@gentoo.org</email>
+ <name>Michael Weber (xmw)</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="sourceforge">fprint</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/fprintd/Manifest b/sys-auth/fprintd/Manifest
new file mode 100644
index 00000000000..7569175b1b2
--- /dev/null
+++ b/sys-auth/fprintd/Manifest
@@ -0,0 +1,3 @@
+DIST V_0_2_0.tar.bz2 43754 SHA256 173fc0f94ffc8605ea2f3051a6f943bfcab6c5295ea6951f5e18b6605f022ef6 SHA512 f7d0ec0cf395267a85f6169999cf91f5e6e3871b7ca6784e8591ae2f3a40c21b856426786f70d94e6f23be89f79b5050a1073b1cfd7052425882ab51bea1235c WHIRLPOOL 6abe73c55c2fd87a2ccd2bbbe9e09c9a44aa3ec056023f19d41ececfbb5cb80a8d34fc7993d61ae019b6d23dc4380bd26fd970b6747dff8abe33d1ffd302acbc
+DIST V_0_4_1.tar.bz2 56813 SHA256 6c101072b5ff243d892c626e138ddf856ae53e9915a4644674739a9c8ed6b135 SHA512 c403d133f5fe240a0b9a07280ee87144cbd768bd98781ba04abe84738ef5c9ff9b87cb332dd2be1115c49ff8eb01911dc5afe3f6eca31e291a3d5614c44de5db WHIRLPOOL 3ee289f6a704f2856f894832df67a73eae3a532e64a35aedfe7d0e5b33b40c09139f3fd4553333faeb2e8947530508f3362786f97761f93fc7922a1ea7a77423
+DIST V_0_5_0.tar.bz2 67023 SHA256 c64398554bd321b811c9e58773a4974ec74f20d167a1dd1709f391a62f55eb6a SHA512 9aeb6e8573a381da0edb74c707069062988eb6b803e4c70397d567bda6f9395f2ac349d5795d4fdbff003ec7524829b62ced4dac0777f9b22c2db06f36ec5e01 WHIRLPOOL f8ef7d2093998cd0f649c8d25ebefdc2c0320bf97517ca569e1cb1b2faffdba71698a0a7ca59de6297ddce83facae58a396886aa2c9d7d297355f312129f42d9
diff --git a/sys-auth/fprintd/fprintd-0.2.0-r1.ebuild b/sys-auth/fprintd/fprintd-0.2.0-r1.ebuild
new file mode 100644
index 00000000000..60f6592f388
--- /dev/null
+++ b/sys-auth/fprintd/fprintd-0.2.0-r1.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit autotools toolchain-funcs versionator
+
+DESCRIPTION="D-Bus service to access fingerprint readers"
+HOMEPAGE="http://cgit.freedesktop.org/libfprint/fprintd/"
+MY_PV="V_$(replace_all_version_separators _)"
+SRC_URI="http://cgit.freedesktop.org/libfprint/${PN}/snapshot/${MY_PV}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="doc pam static-libs"
+
+RDEPEND="dev-libs/dbus-glib
+ dev-libs/glib:2
+ sys-auth/libfprint
+ sys-auth/polkit
+ pam? ( sys-libs/pam )"
+DEPEND="${RDEPEND}
+ dev-util/gtk-doc
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ doc? ( dev-libs/libxml2 dev-libs/libxslt )"
+
+S=${WORKDIR}/${MY_PV}
+
+src_prepare() {
+ cp /usr/share/gtk-doc/data/gtk-doc.make . || die
+ sed -e '/SUBDIRS/s: po::' -i Makefile.am || die
+ eautoreconf
+ intltoolize || die
+}
+
+src_configure() {
+ econf $(use_enable pam) \
+ $(use_enable static-libs static) \
+ $(use_enable doc gtk-doc-html)
+}
+
+src_install() {
+ emake DESTDIR="${D}" install \
+ pammoddir=/$(get_libdir)/security
+
+ keepdir /var/lib/fprint
+
+ find "${D}" -name "*.la" -delete || die
+
+ dodoc AUTHORS ChangeLog NEWS README TODO
+ if use doc ; then
+ insinto /usr/share/doc/${PF}/html
+ doins doc/{fprintd-docs,version}.xml
+ insinto /usr/share/doc/${PF}/html/dbus
+ doins doc/dbus/net.reactivated.Fprint.{Device,Manager}.ref.xml
+ fi
+}
+
+pkg_postinst() {
+ elog "Please take a look at the upstream documentation for integration"
+ elog "Example: add following line to your /etc/pam.d/system-local-login"
+ einfo
+ elog " auth sufficient pam_fprintd.so"
+ einfo
+}
diff --git a/sys-auth/fprintd/fprintd-0.4.1.ebuild b/sys-auth/fprintd/fprintd-0.4.1.ebuild
new file mode 100644
index 00000000000..f01840595c9
--- /dev/null
+++ b/sys-auth/fprintd/fprintd-0.4.1.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit autotools toolchain-funcs versionator
+
+DESCRIPTION="D-Bus service to access fingerprint readers"
+HOMEPAGE="http://cgit.freedesktop.org/libfprint/fprintd/"
+MY_PV="V_$(replace_all_version_separators _)"
+SRC_URI="http://cgit.freedesktop.org/libfprint/${PN}/snapshot/${MY_PV}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="doc pam static-libs"
+
+RDEPEND="dev-libs/dbus-glib
+ dev-libs/glib:2
+ sys-auth/libfprint
+ sys-auth/polkit
+ pam? ( sys-libs/pam )"
+DEPEND="${RDEPEND}
+ dev-util/gtk-doc
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ doc? ( dev-libs/libxml2 dev-libs/libxslt )"
+
+S=${WORKDIR}/${MY_PV}
+
+src_prepare() {
+ cp /usr/share/gtk-doc/data/gtk-doc.make . || die
+ sed -e '/SUBDIRS/s: po::' -i Makefile.am || die
+ eautoreconf
+ intltoolize || die
+}
+
+src_configure() {
+ econf $(use_enable pam) \
+ $(use_enable static-libs static) \
+ $(use_enable doc gtk-doc-html)
+}
+
+src_install() {
+ emake DESTDIR="${D}" install \
+ pammoddir=/$(get_libdir)/security
+
+ keepdir /var/lib/fprint
+
+ find "${D}" -name "*.la" -delete || die
+
+ dodoc AUTHORS ChangeLog NEWS README{,.transifex} TODO
+ if use doc ; then
+ insinto /usr/share/doc/${PF}/html
+ doins doc/{fprintd-docs,version}.xml
+ insinto /usr/share/doc/${PF}/html/dbus
+ doins doc/dbus/net.reactivated.Fprint.{Device,Manager}.ref.xml
+ fi
+}
+
+pkg_postinst() {
+ elog "Please take a look at the upstream documentation for integration"
+ elog "Example: add following line to your /etc/pam.d/system-local-login"
+ einfo
+ elog " auth sufficient pam_fprintd.so"
+ einfo
+}
diff --git a/sys-auth/fprintd/fprintd-0.5.0.ebuild b/sys-auth/fprintd/fprintd-0.5.0.ebuild
new file mode 100644
index 00000000000..d18e8a83f17
--- /dev/null
+++ b/sys-auth/fprintd/fprintd-0.5.0.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit autotools pam systemd versionator
+
+DESCRIPTION="D-Bus service to access fingerprint readers"
+HOMEPAGE="http://cgit.freedesktop.org/libfprint/fprintd/"
+MY_PV="V_$(replace_all_version_separators _)"
+SRC_URI="http://cgit.freedesktop.org/libfprint/${PN}/snapshot/${MY_PV}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ia64 ppc ppc64 sparc x86"
+IUSE="doc pam static-libs"
+
+RDEPEND="dev-libs/dbus-glib
+ dev-libs/glib:2
+ sys-auth/libfprint
+ sys-auth/polkit
+ pam? ( sys-libs/pam )"
+DEPEND="${RDEPEND}
+ dev-util/gtk-doc
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ doc? ( dev-libs/libxml2 dev-libs/libxslt )"
+
+S=${WORKDIR}/${MY_PV}
+
+src_prepare() {
+ eautoreconf
+}
+
+src_configure() {
+ econf --disable-silent-rules \
+ $(use_enable pam) \
+ $(use_enable static-libs static) \
+ $(use_enable doc gtk-doc-html) \
+ $(systemd_with_unitdir)
+}
+
+src_install() {
+ emake DESTDIR="${D}" install \
+ pammoddir=$(getpam_mod_dir)
+
+ keepdir /var/lib/fprint
+
+ find "${D}" -name "*.la" -delete || die
+
+ dodoc AUTHORS NEWS README{,.transifex} TODO
+ newdoc pam/README README.pam_fprintd
+ if use doc ; then
+ insinto /usr/share/doc/${PF}/html
+ doins doc/{fprintd-docs,version}.xml
+ insinto /usr/share/doc/${PF}/html/dbus
+ doins doc/dbus/net.reactivated.Fprint.{Device,Manager}.ref.xml
+ fi
+}
+
+pkg_postinst() {
+ elog "Please take a look at README.pam_fprintd for integration docs."
+}
diff --git a/sys-auth/fprintd/metadata.xml b/sys-auth/fprintd/metadata.xml
new file mode 100644
index 00000000000..5b80fb94c39
--- /dev/null
+++ b/sys-auth/fprintd/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer>
+<email>xmw@gentoo.org</email>
+<name>Michael Weber</name>
+</maintainer>
+</pkgmetadata>
diff --git a/sys-auth/icmpdn/Manifest b/sys-auth/icmpdn/Manifest
new file mode 100644
index 00000000000..fb07119772b
--- /dev/null
+++ b/sys-auth/icmpdn/Manifest
@@ -0,0 +1 @@
+DIST icmpdn-0.4.tar.gz 332780 RMD160 48b640f84afbcb531d16aa13b9841bc795606f82 SHA1 211163a952dd7e3196fce3b0c6a5ea0d2bd4c0bb SHA256 8d53bd2ddfeb1a013b549e7e5d4a606af50d621b6e803dcfac9d870c77af8b45
diff --git a/sys-auth/icmpdn/files/conf.d-icmpdnd b/sys-auth/icmpdn/files/conf.d-icmpdnd
new file mode 100644
index 00000000000..e6fb8e40662
--- /dev/null
+++ b/sys-auth/icmpdn/files/conf.d-icmpdnd
@@ -0,0 +1,15 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# Set the TTL (Time-to-Live) value in responses to TTL seconds rather
+# than the default of 3600 seconds
+#TTL=3600
+
+# Set the domain name in responses to domainname, rather than the
+# default as described above. This option is useful in case the system
+# is not configured to set up its own hostname.
+#DOMAINNAME=mydomainname.com
+
+# Other options
+#ICMPDND_OPTS=""
diff --git a/sys-auth/icmpdn/files/init.d-icmpdnd b/sys-auth/icmpdn/files/init.d-icmpdnd
new file mode 100644
index 00000000000..9b5e59c22c7
--- /dev/null
+++ b/sys-auth/icmpdn/files/init.d-icmpdnd
@@ -0,0 +1,27 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+BINARY="/usr/sbin/icmpdnd"
+
+[ -n "${TTL}" ] && ICMPDND_OPTS="${ICMPDND_OPTS} -t ${TTL}"
+[ -n "${DOMAINNAME}" ] && ICMPDND_OPTS="${ICMPDND_OPTS} -d ${DOMAINNAME}"
+
+depend() {
+ need net
+ after ypbind
+}
+
+start() {
+ ebegin "Starting icmpdnd"
+ start-stop-daemon --start --quiet --exec ${BINARY} -- ${ICMPDND_OPTS}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping icmpdnd"
+ start-stop-daemon --stop --quiet --exec ${BINARY}
+ eend $?
+}
+
diff --git a/sys-auth/icmpdn/icmpdn-0.4.ebuild b/sys-auth/icmpdn/icmpdn-0.4.ebuild
new file mode 100644
index 00000000000..21119d14850
--- /dev/null
+++ b/sys-auth/icmpdn/icmpdn-0.4.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit eutils flag-o-matic multilib
+
+DESCRIPTION="ICMP Domain Name utilities & NSS backend"
+HOMEPAGE="http://www.dolda2000.com/~fredrik/icmp-dn/"
+SRC_URI="${HOMEPAGE}${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86"
+IUSE=""
+
+src_compile() {
+ append-cppflags -D_GNU_SOURCE #241318
+ econf \
+ --sysconfdir=/etc \
+ --libdir=/$(get_libdir) \
+ || die "econf failed"
+ emake || die "emake failed"
+}
+
+src_install() {
+ emake install DESTDIR="${D}" || die "emake install failed"
+ newinitd "${FILESDIR}"/init.d-icmpdnd icmpdnd
+ newconfd "${FILESDIR}"/conf.d-icmpdnd icmpdnd
+ dodoc AUTHORS ChangeLog README
+ # must always run as root
+ fperms 4711 /usr/bin/idnlookup
+ # useless as nothing should link against this lib
+ rm "${D}"/lib*/*.{la,so}
+}
+
+pkg_postinst() {
+ einfo "To use the ICMP nameswitch module, add 'icmp'"
+ einfo "to the 'hosts' line in your /etc/nsswitch.conf"
+}
diff --git a/sys-auth/icmpdn/metadata.xml b/sys-auth/icmpdn/metadata.xml
new file mode 100644
index 00000000000..c6d862855eb
--- /dev/null
+++ b/sys-auth/icmpdn/metadata.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer>
+ <email>robbat2@gentoo.org</email>
+</maintainer>
+</pkgmetadata>
diff --git a/sys-auth/keystone/Manifest b/sys-auth/keystone/Manifest
new file mode 100644
index 00000000000..23011bba613
--- /dev/null
+++ b/sys-auth/keystone/Manifest
@@ -0,0 +1,2 @@
+DIST keystone-2015.1.0.tar.gz 884362 SHA256 20ad170dcc727659f30003af16272d7685238d1ad069c91c542b6ac47d903d7a SHA512 d619a75a2f840fe49a66446c7b2436583a2ca6ea292252470b41817e7c7c34972ea7fbbb68a3b292699a4b2854a01db64be9f263b2dd56389cf6fd1e8d0f4f85 WHIRLPOOL 0f85ad09d13c32c591fa8ac5495de28234b79bb47f9b9f56409ed2f36adbcacbe2bd022fd568859ea82cfba735de96e1b6f32e07c78d5509507440ec52b1d534
+DIST keystone-2015.1.1.tar.gz 884979 SHA256 6c703f2d26c6a5f4fd4963dc11474b55cf87c5890d97361a4738df35eea258c5 SHA512 0c540f2a33729a539e68cb5d3e0b0b4ef0014829c274b0b92d982cd7d75110b14a3edc9db9c15794dd4c73f45a4982f47f99f75be6cbd8c91b0550ef24040848 WHIRLPOOL c20cc32d6043e9a2e9e5441a17e55431efabc3619156256c8fe8217bd876b07abb5860a48fc4bd761f505f022579d815a29b56d5c7a0536bafe89a2ad4b3b93a
diff --git a/sys-auth/keystone/files/keystone.confd b/sys-auth/keystone/files/keystone.confd
new file mode 100644
index 00000000000..669fa0a7ad1
--- /dev/null
+++ b/sys-auth/keystone/files/keystone.confd
@@ -0,0 +1,3 @@
+#KEYSTONE_CONF=/etc/keystone/keystone.conf
+#KEYSTONE_USER=keystone
+KEYSTONE_ARGS="--logfile /var/log/keystone/keystone.log"
diff --git a/sys-auth/keystone/files/keystone.initd b/sys-auth/keystone/files/keystone.initd
new file mode 100644
index 00000000000..bc32002f567
--- /dev/null
+++ b/sys-auth/keystone/files/keystone.initd
@@ -0,0 +1,17 @@
+#!/sbin/runscript
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+description="Starts both the service and administrative APIs in a single process to provide catalog, authorization, and authentication services for OpenStack"
+
+command=/usr/bin/keystone-all
+pidfile=/var/run/keystone.pid
+required_files="${KEYSTONE_CONF:-/etc/keystone/keystone.conf}"
+
+start_stop_daemon_args="--background --make-pidfile --user ${KEYSTONE_USER:-keystone}"
+command_args="${KEYSTONE_ARGS}"
+
+depend() {
+ need net
+}
diff --git a/sys-auth/keystone/keystone-2015.1.0.ebuild b/sys-auth/keystone/keystone-2015.1.0.ebuild
new file mode 100644
index 00000000000..0361b7371f7
--- /dev/null
+++ b/sys-auth/keystone/keystone-2015.1.0.ebuild
@@ -0,0 +1,180 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+
+inherit distutils-r1 user
+
+DESCRIPTION="The Openstack authentication, authorization, and service catalog"
+HOMEPAGE="https://launchpad.net/keystone"
+SRC_URI="http://launchpad.net/${PN}/kilo/${PV}/+download/${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE="+sqlite memcached mongo mysql postgres ldap test"
+REQUIRED_USE="|| ( mysql postgres sqlite )"
+
+DEPEND="
+ dev-python/setuptools[${PYTHON_USEDEP}]
+ >=dev-python/pbr-0.8[${PYTHON_USEDEP}]
+ <dev-python/pbr-1.0[${PYTHON_USEDEP}]
+ test? (
+ ${RDEPEND}
+ >=dev-python/hacking-0.10.0[${PYTHON_USEDEP}]
+ <dev-python/hacking-0.11[${PYTHON_USEDEP}]
+ >=dev-python/bashate-0.2[${PYTHON_USEDEP}]
+ dev-lang/python[sqlite]
+ memcached? (
+ >=dev-python/python-memcached-1.48[${PYTHON_USEDEP}]
+ )
+ mongo? (
+ >=dev-python/pymongo-2.5[${PYTHON_USEDEP}]
+ <dev-python/pymongo-3.0[${PYTHON_USEDEP}]
+ )
+ ldap? (
+ dev-python/python-ldap[${PYTHON_USEDEP}]
+ >=dev-python/ldappool-1.0[${PYTHON_USEDEP}]
+ )
+ >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
+ >=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}]
+ >=dev-python/lxml-2.3[${PYTHON_USEDEP}]
+ >=dev-python/mock-1.0[${PYTHON_USEDEP}]
+ >=dev-python/oslotest-1.5.1[${PYTHON_USEDEP}]
+ <dev-python/oslotest-1.6.0[${PYTHON_USEDEP}]
+ >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
+ !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
+ <dev-python/sphinx-1.3[${PYTHON_USEDEP}]
+ >=dev-python/webtest-2.0[${PYTHON_USEDEP}]
+ >=dev-python/subunit-0.0.18[${PYTHON_USEDEP}]
+ >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}]
+ >=dev-python/testtools-0.9.36[${PYTHON_USEDEP}]
+ !~dev-python/testtools-1.2.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-sphinx-2.6.0[${PYTHON_USEDEP}]
+ >=dev-python/tempest-lib-0.4.0[${PYTHON_USEDEP}]
+ )"
+RDEPEND="
+ >=dev-python/webob-1.2.3-r1[${PYTHON_USEDEP}]
+ >=dev-python/eventlet-0.16.1[${PYTHON_USEDEP}]
+ !~dev-python/eventlet-0.17.0[${PYTHON_USEDEP}]
+ >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
+ >=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}]
+ >=dev-python/pastedeploy-1.5.0[${PYTHON_USEDEP}]
+ dev-python/paste[${PYTHON_USEDEP}]
+ >=dev-python/routes-1.12.3[${PYTHON_USEDEP}]
+ !~dev-python/routes-2.0[${PYTHON_USEDEP}]
+ >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
+ sqlite? (
+ >=dev-python/sqlalchemy-0.9.7[sqlite,${PYTHON_USEDEP}]
+ <=dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}]
+ )
+ mysql? (
+ dev-python/mysql-python
+ >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
+ <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
+ )
+ postgres? (
+ dev-python/psycopg:2
+ >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
+ <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
+ )
+ >=dev-python/sqlalchemy-migrate-0.9.5[${PYTHON_USEDEP}]
+ dev-python/passlib[${PYTHON_USEDEP}]
+ >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
+ >=dev-python/python-keystoneclient-1.1.0[${PYTHON_USEDEP}]
+ <dev-python/python-keystoneclient-1.4.0[${PYTHON_USEDEP}]
+ >=dev-python/keystonemiddleware-1.5.0[${PYTHON_USEDEP}]
+ <dev-python/keystonemiddleware-1.6.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-concurrency-1.8.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-concurrency-1.9.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-config-1.9.3[${PYTHON_USEDEP}]
+ <dev-python/oslo-config-1.10.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-messaging-1.8.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-messaging-1.9.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-db-1.7.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-db-1.8.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-i18n-1.6.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-log-1.0.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-log-1.1.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-middleware-1.0.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-middleware-1.1.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-policy-0.3.1[${PYTHON_USEDEP}]
+ <dev-python/oslo-policy-0.4.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-serialization-1.5.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-utils-1.4.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-utils-1.5.0[${PYTHON_USEDEP}]
+ >=dev-python/oauthlib-0.6.0[${PYTHON_USEDEP}]
+ dev-python/pysaml2[${PYTHON_USEDEP}]
+ >=dev-python/dogpile-cache-0.5.3[${PYTHON_USEDEP}]
+ >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}]
+ <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}]
+ >=dev-python/pycadf-0.8.0[${PYTHON_USEDEP}]
+ <dev-python/pycadf-0.9.0[${PYTHON_USEDEP}]
+ dev-python/posix_ipc[${PYTHON_USEDEP}]
+ >=dev-python/msgpack-0.4.0[${PYTHON_USEDEP}]"
+
+PATCHES=(
+)
+
+pkg_setup() {
+ enewgroup keystone
+ enewuser keystone -1 -1 /var/lib/keystone keystone
+}
+
+python_prepare_all() {
+ # it's in git, but not in the tarball.....
+ mkdir -p ${PN}/tests/tmp/ || die
+ cp etc/keystone-paste.ini ${PN}/tests/tmp/ || die
+ distutils-r1_python_prepare_all
+}
+
+# Ignore (naughty) test_.py files & 1 test that connect to the network
+#-I 'test_keystoneclient*' \
+python_test() {
+ nosetests -I 'test_keystoneclient*' \
+ -e test_static_translated_string_is_Message \
+ -e test_get_token_id_error_handling \
+ -e test_provider_token_expiration_validation \
+ -e test_import --process-restartworker --process-timeout=60 || die "testsuite failed under python2.7"
+}
+
+python_install() {
+ distutils-r1_python_install
+ newconfd "${FILESDIR}/keystone.confd" keystone
+ newinitd "${FILESDIR}/keystone.initd" keystone
+
+ diropts -m 0750
+ keepdir /etc/keystone /var/log/keystone
+ insinto /etc/keystone
+ doins etc/keystone.conf.sample etc/logging.conf.sample
+ doins etc/default_catalog.templates etc/policy.json
+ doins etc/policy.v3cloudsample.json etc/keystone-paste.ini
+
+ fowners keystone:keystone /etc/keystone /var/log/keystone
+}
+
+pkg_postinst() {
+ elog "You might want to run:"
+ elog "emerge --config =${CATEGORY}/${PF}"
+ elog "if this is a new install."
+ elog "If you have not already configured your openssl installation"
+ elog "please do it by modifying /etc/ssl/openssl.cnf"
+ elog "BEFORE issuing the configuration command."
+ elog "Otherwise default values will be used."
+}
+
+pkg_config() {
+ if [ ! -d "${ROOT}"/etc/keystone/ssl ] ; then
+ einfo "Press ENTER to configure the keystone PKI, or Control-C to abort now..."
+ read
+ "${ROOT}"/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
+ else
+ einfo "keystone PKI certificates directory already present, skipping configuration"
+ fi
+}
diff --git a/sys-auth/keystone/keystone-2015.1.1.ebuild b/sys-auth/keystone/keystone-2015.1.1.ebuild
new file mode 100644
index 00000000000..95763aac232
--- /dev/null
+++ b/sys-auth/keystone/keystone-2015.1.1.ebuild
@@ -0,0 +1,184 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+
+inherit distutils-r1 user
+
+DESCRIPTION="The Openstack authentication, authorization, and service catalog"
+HOMEPAGE="https://launchpad.net/keystone"
+SRC_URI="http://launchpad.net/${PN}/kilo/${PV}/+download/${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+sqlite memcached mongo mysql postgres ldap test"
+REQUIRED_USE="|| ( mysql postgres sqlite )"
+
+DEPEND="
+ dev-python/setuptools[${PYTHON_USEDEP}]
+ >=dev-python/pbr-0.8[${PYTHON_USEDEP}]
+ <dev-python/pbr-1.0[${PYTHON_USEDEP}]
+ test? (
+ ${RDEPEND}
+ >=dev-python/hacking-0.10.0[${PYTHON_USEDEP}]
+ <dev-python/hacking-0.11[${PYTHON_USEDEP}]
+ >=dev-python/bashate-0.2[${PYTHON_USEDEP}]
+ dev-lang/python[sqlite]
+ memcached? (
+ >=dev-python/python-memcached-1.48[${PYTHON_USEDEP}]
+ )
+ mongo? (
+ >=dev-python/pymongo-2.6.3[${PYTHON_USEDEP}]
+ <dev-python/pymongo-3.0[${PYTHON_USEDEP}]
+ )
+ ldap? (
+ >=dev-python/python-ldap-2.4[${PYTHON_USEDEP}]
+ >=dev-python/ldappool-1.0[${PYTHON_USEDEP}]
+ )
+ >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
+ >=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}]
+ <dev-python/fixtures-1.3.0[${PYTHON_USEDEP}]
+ >=dev-python/lxml-2.3[${PYTHON_USEDEP}]
+ >=dev-python/mock-1.0[${PYTHON_USEDEP}]
+ <dev-python/mock-1.1.0[${PYTHON_USEDEP}]
+ >=dev-python/oslotest-1.5.1[${PYTHON_USEDEP}]
+ <dev-python/oslotest-1.6.0[${PYTHON_USEDEP}]
+ >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
+ !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
+ <dev-python/sphinx-1.3[${PYTHON_USEDEP}]
+ >=dev-python/webtest-2.0[${PYTHON_USEDEP}]
+ >=dev-python/subunit-0.0.18[${PYTHON_USEDEP}]
+ >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}]
+ >=dev-python/testtools-0.9.36[${PYTHON_USEDEP}]
+ !~dev-python/testtools-1.2.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-sphinx-2.6.0[${PYTHON_USEDEP}]
+ >=dev-python/tempest-lib-0.4.0[${PYTHON_USEDEP}]
+ <dev-python/tempest-lib-0.5.0[${PYTHON_USEDEP}]
+ )"
+RDEPEND="
+ >=dev-python/webob-1.2.3-r1[${PYTHON_USEDEP}]
+ >=dev-python/eventlet-0.16.1[${PYTHON_USEDEP}]
+ !~dev-python/eventlet-0.17.0[${PYTHON_USEDEP}]
+ >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
+ >=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}]
+ >=dev-python/pastedeploy-1.5.0[${PYTHON_USEDEP}]
+ dev-python/paste[${PYTHON_USEDEP}]
+ >=dev-python/routes-1.12.3[${PYTHON_USEDEP}]
+ !~dev-python/routes-2.0[${PYTHON_USEDEP}]
+ >=dev-python/cryptography-0.8[${PYTHON_USEDEP}]
+ >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
+ sqlite? (
+ >=dev-python/sqlalchemy-0.9.7[sqlite,${PYTHON_USEDEP}]
+ <=dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}]
+ )
+ mysql? (
+ dev-python/mysql-python
+ >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
+ <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
+ )
+ postgres? (
+ dev-python/psycopg:2
+ >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
+ <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
+ )
+ >=dev-python/sqlalchemy-migrate-0.9.5[${PYTHON_USEDEP}]
+ dev-python/passlib[${PYTHON_USEDEP}]
+ >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
+ >=dev-python/python-keystoneclient-1.2.0[${PYTHON_USEDEP}]
+ <dev-python/python-keystoneclient-1.4.0[${PYTHON_USEDEP}]
+ >=dev-python/keystonemiddleware-1.5.0[${PYTHON_USEDEP}]
+ <dev-python/keystonemiddleware-1.6.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-concurrency-1.8.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-concurrency-1.9.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-config-1.9.3[${PYTHON_USEDEP}]
+ <dev-python/oslo-config-1.10.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-messaging-1.8.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-messaging-1.9.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-db-1.7.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-db-1.8.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-i18n-1.6.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-log-1.0.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-log-1.1.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-middleware-1.0.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-middleware-1.1.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-policy-0.3.1[${PYTHON_USEDEP}]
+ <dev-python/oslo-policy-0.4.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-serialization-1.5.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-utils-1.4.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-utils-1.5.0[${PYTHON_USEDEP}]
+ >=dev-python/oauthlib-0.6.0[${PYTHON_USEDEP}]
+ dev-python/pysaml2[${PYTHON_USEDEP}]
+ >=dev-python/dogpile-cache-0.5.3[${PYTHON_USEDEP}]
+ >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}]
+ <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}]
+ >=dev-python/pycadf-0.8.0[${PYTHON_USEDEP}]
+ <dev-python/pycadf-0.9.0[${PYTHON_USEDEP}]
+ dev-python/posix_ipc[${PYTHON_USEDEP}]
+ >=dev-python/msgpack-0.4.0[${PYTHON_USEDEP}]"
+
+PATCHES=(
+)
+
+pkg_setup() {
+ enewgroup keystone
+ enewuser keystone -1 -1 /var/lib/keystone keystone
+}
+
+python_prepare_all() {
+ # it's in git, but not in the tarball.....
+ mkdir -p ${PN}/tests/tmp/ || die
+ cp etc/keystone-paste.ini ${PN}/tests/tmp/ || die
+ distutils-r1_python_prepare_all
+}
+
+# Ignore (naughty) test_.py files & 1 test that connect to the network
+#-I 'test_keystoneclient*' \
+python_test() {
+ nosetests -I 'test_keystoneclient*' \
+ -e test_static_translated_string_is_Message \
+ -e test_get_token_id_error_handling \
+ -e test_provider_token_expiration_validation \
+ -e test_import --process-restartworker --process-timeout=60 || die "testsuite failed under python2.7"
+}
+
+python_install() {
+ distutils-r1_python_install
+ newconfd "${FILESDIR}/keystone.confd" keystone
+ newinitd "${FILESDIR}/keystone.initd" keystone
+
+ diropts -m 0750
+ keepdir /etc/keystone /var/log/keystone
+ insinto /etc/keystone
+ doins etc/keystone.conf.sample etc/logging.conf.sample
+ doins etc/default_catalog.templates etc/policy.json
+ doins etc/policy.v3cloudsample.json etc/keystone-paste.ini
+
+ fowners keystone:keystone /etc/keystone /var/log/keystone
+}
+
+pkg_postinst() {
+ elog "You might want to run:"
+ elog "emerge --config =${CATEGORY}/${PF}"
+ elog "if this is a new install."
+ elog "If you have not already configured your openssl installation"
+ elog "please do it by modifying /etc/ssl/openssl.cnf"
+ elog "BEFORE issuing the configuration command."
+ elog "Otherwise default values will be used."
+}
+
+pkg_config() {
+ if [ ! -d "${ROOT}"/etc/keystone/ssl ] ; then
+ einfo "Press ENTER to configure the keystone PKI, or Control-C to abort now..."
+ read
+ "${ROOT}"/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
+ else
+ einfo "keystone PKI certificates directory already present, skipping configuration"
+ fi
+}
diff --git a/sys-auth/keystone/keystone-2015.1.9999.ebuild b/sys-auth/keystone/keystone-2015.1.9999.ebuild
new file mode 100644
index 00000000000..843687a1777
--- /dev/null
+++ b/sys-auth/keystone/keystone-2015.1.9999.ebuild
@@ -0,0 +1,185 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+
+inherit distutils-r1 git-2 user
+
+DESCRIPTION="The Openstack authentication, authorization, and service catalog"
+HOMEPAGE="https://launchpad.net/keystone"
+EGIT_REPO_URI="https://github.com/openstack/keystone.git"
+EGIT_BRANCH="stable/kilo"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS=""
+IUSE="+sqlite memcached mongo mysql postgres ldap test"
+REQUIRED_USE="|| ( mysql postgres sqlite )"
+
+DEPEND="
+ dev-python/setuptools[${PYTHON_USEDEP}]
+ >=dev-python/pbr-0.8[${PYTHON_USEDEP}]
+ <dev-python/pbr-1.0[${PYTHON_USEDEP}]
+ test? (
+ ${RDEPEND}
+ >=dev-python/hacking-0.10.0[${PYTHON_USEDEP}]
+ <dev-python/hacking-0.11[${PYTHON_USEDEP}]
+ >=dev-python/bashate-0.2[${PYTHON_USEDEP}]
+ dev-lang/python[sqlite]
+ memcached? (
+ >=dev-python/python-memcached-1.48[${PYTHON_USEDEP}]
+ )
+ mongo? (
+ >=dev-python/pymongo-2.6.3[${PYTHON_USEDEP}]
+ <dev-python/pymongo-3.0[${PYTHON_USEDEP}]
+ )
+ ldap? (
+ >=dev-python/python-ldap-2.4[${PYTHON_USEDEP}]
+ >=dev-python/ldappool-1.0[${PYTHON_USEDEP}]
+ )
+ >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
+ >=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}]
+ <dev-python/fixtures-1.3.0[${PYTHON_USEDEP}]
+ >=dev-python/lxml-2.3[${PYTHON_USEDEP}]
+ >=dev-python/mock-1.0[${PYTHON_USEDEP}]
+ <dev-python/mock-1.1.0[${PYTHON_USEDEP}]
+ >=dev-python/oslotest-1.5.1[${PYTHON_USEDEP}]
+ <dev-python/oslotest-1.6.0[${PYTHON_USEDEP}]
+ >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
+ !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
+ <dev-python/sphinx-1.3[${PYTHON_USEDEP}]
+ >=dev-python/webtest-2.0[${PYTHON_USEDEP}]
+ >=dev-python/subunit-0.0.18[${PYTHON_USEDEP}]
+ >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}]
+ >=dev-python/testtools-0.9.36[${PYTHON_USEDEP}]
+ !~dev-python/testtools-1.2.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-sphinx-2.6.0[${PYTHON_USEDEP}]
+ >=dev-python/tempest-lib-0.4.0[${PYTHON_USEDEP}]
+ <dev-python/tempest-lib-0.5.0[${PYTHON_USEDEP}]
+ )"
+RDEPEND="
+ >=dev-python/webob-1.2.3-r1[${PYTHON_USEDEP}]
+ >=dev-python/eventlet-0.16.1[${PYTHON_USEDEP}]
+ !~dev-python/eventlet-0.17.0[${PYTHON_USEDEP}]
+ >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
+ >=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}]
+ >=dev-python/pastedeploy-1.5.0[${PYTHON_USEDEP}]
+ dev-python/paste[${PYTHON_USEDEP}]
+ >=dev-python/routes-1.12.3[${PYTHON_USEDEP}]
+ !~dev-python/routes-2.0[${PYTHON_USEDEP}]
+ >=dev-python/cryptography-0.8[${PYTHON_USEDEP}]
+ >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
+ sqlite? (
+ >=dev-python/sqlalchemy-0.9.7[sqlite,${PYTHON_USEDEP}]
+ <=dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}]
+ )
+ mysql? (
+ dev-python/mysql-python
+ >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
+ <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
+ )
+ postgres? (
+ dev-python/psycopg:2
+ >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
+ <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
+ )
+ >=dev-python/sqlalchemy-migrate-0.9.5[${PYTHON_USEDEP}]
+ dev-python/passlib[${PYTHON_USEDEP}]
+ >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
+ >=dev-python/python-keystoneclient-1.2.0[${PYTHON_USEDEP}]
+ <dev-python/python-keystoneclient-1.4.0[${PYTHON_USEDEP}]
+ >=dev-python/keystonemiddleware-1.5.0[${PYTHON_USEDEP}]
+ <dev-python/keystonemiddleware-1.6.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-concurrency-1.8.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-concurrency-1.9.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-config-1.9.3[${PYTHON_USEDEP}]
+ <dev-python/oslo-config-1.10.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-messaging-1.8.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-messaging-1.9.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-db-1.7.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-db-1.8.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-i18n-1.6.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-log-1.0.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-log-1.1.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-middleware-1.0.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-middleware-1.1.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-policy-0.3.1[${PYTHON_USEDEP}]
+ <dev-python/oslo-policy-0.4.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-serialization-1.5.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-utils-1.4.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-utils-1.5.0[${PYTHON_USEDEP}]
+ >=dev-python/oauthlib-0.6.0[${PYTHON_USEDEP}]
+ dev-python/pysaml2[${PYTHON_USEDEP}]
+ >=dev-python/dogpile-cache-0.5.3[${PYTHON_USEDEP}]
+ >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}]
+ <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}]
+ >=dev-python/pycadf-0.8.0[${PYTHON_USEDEP}]
+ <dev-python/pycadf-0.9.0[${PYTHON_USEDEP}]
+ dev-python/posix_ipc[${PYTHON_USEDEP}]
+ >=dev-python/msgpack-0.4.0[${PYTHON_USEDEP}]"
+
+PATCHES=(
+)
+
+pkg_setup() {
+ enewgroup keystone
+ enewuser keystone -1 -1 /var/lib/keystone keystone
+}
+
+python_prepare_all() {
+ # it's in git, but not in the tarball.....
+ mkdir -p ${PN}/tests/tmp/ || die
+ cp etc/keystone-paste.ini ${PN}/tests/tmp/ || die
+ distutils-r1_python_prepare_all
+}
+
+# Ignore (naughty) test_.py files & 1 test that connect to the network
+#-I 'test_keystoneclient*' \
+python_test() {
+ nosetests -I 'test_keystoneclient*' \
+ -e test_static_translated_string_is_Message \
+ -e test_get_token_id_error_handling \
+ -e test_provider_token_expiration_validation \
+ -e test_import --process-restartworker --process-timeout=60 || die "testsuite failed under python2.7"
+}
+
+python_install() {
+ distutils-r1_python_install
+ newconfd "${FILESDIR}/keystone.confd" keystone
+ newinitd "${FILESDIR}/keystone.initd" keystone
+
+ diropts -m 0750
+ keepdir /etc/keystone /var/log/keystone
+ insinto /etc/keystone
+ doins etc/keystone.conf.sample etc/logging.conf.sample
+ doins etc/default_catalog.templates etc/policy.json
+ doins etc/policy.v3cloudsample.json etc/keystone-paste.ini
+
+ fowners keystone:keystone /etc/keystone /var/log/keystone
+}
+
+pkg_postinst() {
+ elog "You might want to run:"
+ elog "emerge --config =${CATEGORY}/${PF}"
+ elog "if this is a new install."
+ elog "If you have not already configured your openssl installation"
+ elog "please do it by modifying /etc/ssl/openssl.cnf"
+ elog "BEFORE issuing the configuration command."
+ elog "Otherwise default values will be used."
+}
+
+pkg_config() {
+ if [ ! -d "${ROOT}"/etc/keystone/ssl ] ; then
+ einfo "Press ENTER to configure the keystone PKI, or Control-C to abort now..."
+ read
+ "${ROOT}"/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
+ else
+ einfo "keystone PKI certificates directory already present, skipping configuration"
+ fi
+}
diff --git a/sys-auth/keystone/metadata.xml b/sys-auth/keystone/metadata.xml
new file mode 100644
index 00000000000..02cace46cf7
--- /dev/null
+++ b/sys-auth/keystone/metadata.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <use>
+ <flag name="memcached">Installs dependencies needed for using memcached as a backend</flag>
+ <flag name="mongo">Installs dependencies needed for using mongo as a backend</flag>
+ </use>
+ <herd>openstack</herd>
+ <maintainer>
+ <email>prometheanfire@gentoo.org</email>
+ <name>Matthew Thode</name>
+ </maintainer>
+ <longdescription lang="en">
+ Keystone is the Openstack authentication, authorization, and service
+ catalog written in Python.
+ </longdescription>
+ <upstream>
+ <remote-id type="launchpad">keystone</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/libfprint/Manifest b/sys-auth/libfprint/Manifest
new file mode 100644
index 00000000000..597400411cb
--- /dev/null
+++ b/sys-auth/libfprint/Manifest
@@ -0,0 +1,4 @@
+DIST libfprint-0.4.0.tar.bz2 228518 SHA256 58f4056f498b8ba564a8ba2ee4a59cf2c3edb53c03e5df390fcf77be75ea7117 SHA512 26361101f5b73f722c14109d7e9cb78738968d2cfc6fcb824dc56f0044c8cd866fcb57e7f432e3ec3eeba956d92b2a091b5daed77c992f61d75cb3ed323adc09 WHIRLPOOL 94502f1350c1d6a1f401671f739f0bd42a581aaff97f1f89517c3c76eeebbef7783ec673a0834e43335a5c8d3231eafcf1c23f6b1ad769e909872844b114b650
+DIST libfprint-0.5.0.tar.bz2 277118 SHA256 1d4d6832fe61e934a40cbe2b9fe9a92153ddccb5c874fce10f476f1113c1d76c SHA512 2a5a4d45bd11060964e34c70b2a41e45d220e3b97d07a962c939ec84988a85a4d97898c86b1e7f7c571d85bb7f4333231cf327f62907b40e6a1262cc5b365981 WHIRLPOOL a3c7763ab62d65e2bdf44e93a5230dcbde7065121427063c8b3bb19d597be1f1b5ae58e55e1e635b03eb004f1e08085585958b5ae0d85a5004dff939657190ad
+DIST libfprint-0.5.1-add-vfs5011-driver.patch 338763 SHA256 329af64cc7273d46a56c603b8d242a51d3485655d475548ea47c66ef874946dd SHA512 446de6dea67c4b4d257f5427b5981f28ba6ab422dcd022862541e6216c1733f146f86ee5a8ad855c142ce1bc7795c72820112d68d68bb74bd68751a02dd42fb5 WHIRLPOOL d08b0011a0363497079c9a16b35e2eae64976c1a3b840e92560c55b399770e62ed4940278c729d24129e34503269876c8bd54d923b7656785ad1cda3ee6c0e1c
+DIST libfprint-0.5.1.tar.bz2 277342 SHA256 0a2ea0e3bd4115bbe7261a0f43d5091ca32f9eaf8ca3364cca2b89c0f30c7962 SHA512 e1596e28f2730501b5957d2b4365f8eead7c0941434d064ceb6e5321d0e8495e71ab576b214881441bf1abc6ecba2b3ffafe5027f738f80c8c38b4e95866c8c7 WHIRLPOOL 444798713bf7603f7aa2bde104c9a62049566fa1e1e5bcf442d3f6212561dae41c69f579a6c5bc9a8df8efd09a60f12b8eb5b9909d1884413ea7e7caba637a37
diff --git a/sys-auth/libfprint/files/libfprint-0.5.0-automake-1.13.patch b/sys-auth/libfprint/files/libfprint-0.5.0-automake-1.13.patch
new file mode 100644
index 00000000000..e82082ab6d6
--- /dev/null
+++ b/sys-auth/libfprint/files/libfprint-0.5.0-automake-1.13.patch
@@ -0,0 +1,24 @@
+From 43eca622cd49b58c87157e1ff1a2fcfdfba0934e Mon Sep 17 00:00:00 2001
+From: Vasily Khoruzhick <anarsoul@gmail.com>
+Date: Sun, 13 Jan 2013 13:42:13 +0000
+Subject: configure.ac: Use AC_CONFIG_HEADERS
+
+AM_CONFIG_HEADER is obsolete, use AC_CONFIG_HEADERS instead of it.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=59320
+---
+diff --git a/configure.ac b/configure.ac
+index 6737256..978ef0d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2,7 +2,7 @@ AC_INIT([libfprint], [0.5.0])
+ AM_INIT_AUTOMAKE([1.11 no-dist-gzip dist-xz check-news])
+ AC_CONFIG_MACRO_DIR([m4])
+ AC_CONFIG_SRCDIR([libfprint/core.c])
+-AM_CONFIG_HEADER([config.h])
++AC_CONFIG_HEADERS([config.h])
+
+ # Enable silent build when available (Automake 1.11)
+ m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/sys-auth/libfprint/files/libfprint-0.5.0-support-147e_2020.patch b/sys-auth/libfprint/files/libfprint-0.5.0-support-147e_2020.patch
new file mode 100644
index 00000000000..98f72aed5a0
--- /dev/null
+++ b/sys-auth/libfprint/files/libfprint-0.5.0-support-147e_2020.patch
@@ -0,0 +1,48 @@
+From 3b3679c900f6739f7067f8d720e15d548bb39be9 Mon Sep 17 00:00:00 2001
+From: Vasily Khoruzhick <anarsoul@gmail.com>
+Date: Sun, 13 Jan 2013 13:43:38 +0000
+Subject: upeke2: Add support for 147e:2020 ID
+
+https://bugs.freedesktop.org/show_bug.cgi?id=59320
+---
+diff --git a/libfprint/drivers/upeke2.c b/libfprint/drivers/upeke2.c
+index ed8f43d..a7db54d 100644
+--- a/libfprint/drivers/upeke2.c
++++ b/libfprint/drivers/upeke2.c
+@@ -46,6 +46,11 @@
+ #define MSG_READ_BUF_SIZE 0x40
+ #define MAX_DATA_IN_READ_BUF (MSG_READ_BUF_SIZE - 9)
+
++enum {
++ UPEKE2_2016,
++ UPEKE2_2020,
++};
++
+ struct upeke2_dev {
+ gboolean enroll_passed;
+ gboolean first_verify_iteration;
+@@ -848,8 +853,10 @@ static struct fpi_ssm *deinitsm_new(struct fp_dev *dev)
+
+ static int discover(struct libusb_device_descriptor *dsc, uint32_t *devtype)
+ {
+- /* Revision 2 is what we're interested in */
+- if (dsc->bcdDevice == 2)
++ if (dsc->idProduct == 0x2016 && dsc->bcdDevice == 2)
++ return 1;
++
++ if (dsc->idProduct == 0x2020 && dsc->bcdDevice == 1)
+ return 1;
+
+ return 0;
+@@ -1453,7 +1460,8 @@ static int verify_stop(struct fp_dev *dev, gboolean iterating)
+ }
+
+ static const struct usb_id id_table[] = {
+- { .vendor = 0x147e, .product = 0x2016 },
++ { .vendor = 0x147e, .product = 0x2016, .driver_data = UPEKE2_2016 },
++ { .vendor = 0x147e, .product = 0x2020, .driver_data = UPEKE2_2020 },
+ { 0, 0, 0, }, /* terminating entry */
+ };
+
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/sys-auth/libfprint/libfprint-0.4.0.ebuild b/sys-auth/libfprint/libfprint-0.4.0.ebuild
new file mode 100644
index 00000000000..21f014a28a3
--- /dev/null
+++ b/sys-auth/libfprint/libfprint-0.4.0.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit autotools eutils udev
+
+MY_PV="v_${PV//./_}"
+DESCRIPTION="library to add support for consumer fingerprint readers"
+HOMEPAGE="http://cgit.freedesktop.org/libfprint/libfprint/"
+SRC_URI="http://cgit.freedesktop.org/${PN}/${PN}/snapshot/${MY_PV}.tar.bz2 -> ${P}.tar.bz2"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ia64 ppc ppc64 sparc x86"
+IUSE="debug static-libs"
+
+RDEPEND="virtual/libusb:1
+ dev-libs/nss
+ || ( media-gfx/imagemagick media-gfx/graphicsmagick[imagemagick] x11-libs/gdk-pixbuf )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+S=${WORKDIR}/${MY_PV}
+
+src_prepare() {
+ mkdir m4 || die
+ eautoreconf
+}
+
+pkg_setup() {
+ einfo
+ elog "This version does not support fdu2000 and upektc (yet)."
+ einfo
+}
+
+src_configure() {
+ econf \
+ $(use_enable debug debug-log) \
+ $(use_enable static-libs static)
+}
+
+src_install() {
+ emake \
+ DESTDIR="${D}" \
+ udev_rulesdir="$(get_udevdir)/rules.d" \
+ install
+
+ prune_libtool_files
+ dodoc AUTHORS HACKING NEWS README THANKS TODO
+}
diff --git a/sys-auth/libfprint/libfprint-0.5.0-r1.ebuild b/sys-auth/libfprint/libfprint-0.5.0-r1.ebuild
new file mode 100644
index 00000000000..85f373bc462
--- /dev/null
+++ b/sys-auth/libfprint/libfprint-0.5.0-r1.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit autotools eutils udev vcs-snapshot
+
+MY_PV="v_${PV//./_}"
+DESCRIPTION="library to add support for consumer fingerprint readers"
+HOMEPAGE="http://cgit.freedesktop.org/libfprint/libfprint/"
+SRC_URI="http://cgit.freedesktop.org/${PN}/${PN}/snapshot/${MY_PV}.tar.bz2 -> ${P}.tar.bz2"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="alpha amd64 ia64 ppc ppc64 x86"
+IUSE="debug static-libs"
+
+RDEPEND="virtual/libusb:1
+ dev-libs/nss
+ || ( media-gfx/imagemagick media-gfx/graphicsmagick[imagemagick] x11-libs/gdk-pixbuf )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+src_prepare() {
+ epatch "${FILESDIR}/${P}-automake-1.13.patch"
+ epatch "${FILESDIR}/${P}-support-147e_2020.patch"
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --with-drivers=all \
+ $(use_enable debug debug-log) \
+ $(use_enable static-libs static) \
+ -enable-udev-rules \
+ --with-udev-rules-dir=$(get_udevdir)/rules.d
+ # --disable-udev-rules fails https://bugs.freedesktop.org/show_bug.cgi?id=59076
+ # $(use_enable udev udev-rules) \
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ prune_libtool_files
+
+ dodoc AUTHORS HACKING NEWS README THANKS TODO
+}
diff --git a/sys-auth/libfprint/libfprint-0.5.0.ebuild b/sys-auth/libfprint/libfprint-0.5.0.ebuild
new file mode 100644
index 00000000000..50d8c817e46
--- /dev/null
+++ b/sys-auth/libfprint/libfprint-0.5.0.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit autotools eutils udev vcs-snapshot
+
+MY_PV="v_${PV//./_}"
+DESCRIPTION="library to add support for consumer fingerprint readers"
+HOMEPAGE="http://cgit.freedesktop.org/libfprint/libfprint/"
+SRC_URI="http://cgit.freedesktop.org/${PN}/${PN}/snapshot/${MY_PV}.tar.bz2 -> ${P}.tar.bz2"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~x86"
+IUSE="debug static-libs"
+
+RDEPEND="virtual/libusb:1
+ dev-libs/nss
+ || ( media-gfx/imagemagick media-gfx/graphicsmagick[imagemagick] x11-libs/gdk-pixbuf )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+src_prepare() {
+ epatch "${FILESDIR}/${P}-automake-1.13.patch"
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --with-drivers=all \
+ $(use_enable debug debug-log) \
+ $(use_enable static-libs static) \
+ -enable-udev-rules \
+ --with-udev-rules-dir=$(get_udevdir)/rules.d
+ # --disable-udev-rules fails https://bugs.freedesktop.org/show_bug.cgi?id=59076
+ # $(use_enable udev udev-rules) \
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ prune_libtool_files
+
+ dodoc AUTHORS HACKING NEWS README THANKS TODO
+}
diff --git a/sys-auth/libfprint/libfprint-0.5.1-r1.ebuild b/sys-auth/libfprint/libfprint-0.5.1-r1.ebuild
new file mode 100644
index 00000000000..7311c2279d4
--- /dev/null
+++ b/sys-auth/libfprint/libfprint-0.5.1-r1.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit autotools eutils udev vcs-snapshot
+
+MY_PV="v_${PV//./_}"
+DESCRIPTION="library to add support for consumer fingerprint readers"
+HOMEPAGE="http://cgit.freedesktop.org/libfprint/libfprint/"
+SRC_URI="http://cgit.freedesktop.org/${PN}/${PN}/snapshot/${MY_PV}.tar.bz2 -> ${P}.tar.bz2
+ http://dev.gentoo.org/~patrick/libfprint-0.5.1-add-vfs5011-driver.patch"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~x86"
+IUSE="debug static-libs"
+
+RDEPEND="virtual/libusb:1
+ dev-libs/nss
+ || ( media-gfx/imagemagick media-gfx/graphicsmagick[imagemagick] x11-libs/gdk-pixbuf )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+src_prepare() {
+ epatch "${DISTDIR}/${P}-add-vfs5011-driver.patch" || die
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --with-drivers=all \
+ $(use_enable debug debug-log) \
+ $(use_enable static-libs static) \
+ -enable-udev-rules \
+ --with-udev-rules-dir=$(get_udevdir)/rules.d
+ # --disable-udev-rules fails https://bugs.freedesktop.org/show_bug.cgi?id=59076
+ # $(use_enable udev udev-rules) \
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ prune_libtool_files
+
+ dodoc AUTHORS HACKING NEWS README THANKS TODO
+}
diff --git a/sys-auth/libfprint/libfprint-0.5.1.ebuild b/sys-auth/libfprint/libfprint-0.5.1.ebuild
new file mode 100644
index 00000000000..e4e7f348e13
--- /dev/null
+++ b/sys-auth/libfprint/libfprint-0.5.1.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit autotools eutils udev vcs-snapshot
+
+MY_PV="v_${PV//./_}"
+DESCRIPTION="library to add support for consumer fingerprint readers"
+HOMEPAGE="http://cgit.freedesktop.org/libfprint/libfprint/"
+SRC_URI="http://cgit.freedesktop.org/${PN}/${PN}/snapshot/${MY_PV}.tar.bz2 -> ${P}.tar.bz2"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~x86"
+IUSE="debug static-libs"
+
+RDEPEND="virtual/libusb:1
+ dev-libs/nss
+ || ( media-gfx/imagemagick media-gfx/graphicsmagick[imagemagick] x11-libs/gdk-pixbuf )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+src_prepare() {
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --with-drivers=all \
+ $(use_enable debug debug-log) \
+ $(use_enable static-libs static) \
+ -enable-udev-rules \
+ --with-udev-rules-dir=$(get_udevdir)/rules.d
+ # --disable-udev-rules fails https://bugs.freedesktop.org/show_bug.cgi?id=59076
+ # $(use_enable udev udev-rules) \
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ prune_libtool_files
+
+ dodoc AUTHORS HACKING NEWS README THANKS TODO
+}
diff --git a/sys-auth/libfprint/metadata.xml b/sys-auth/libfprint/metadata.xml
new file mode 100644
index 00000000000..506bfe24122
--- /dev/null
+++ b/sys-auth/libfprint/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer>
+<email>xmw@gentoo.org</email>
+<name>Michael Weber</name>
+</maintainer>
+<upstream>
+ <bugs-to>https://bugs.freedesktop.org/enter_bug.cgi?product=libfprint</bugs-to>
+</upstream>
+</pkgmetadata>
diff --git a/sys-auth/libnss-cache/Manifest b/sys-auth/libnss-cache/Manifest
new file mode 100644
index 00000000000..9f2eaf863a5
--- /dev/null
+++ b/sys-auth/libnss-cache/Manifest
@@ -0,0 +1,3 @@
+DIST libnss-cache-0.1.tar.gz 7371 SHA256 d7931100d0de9d4ce0e169d2bc06df85945495444d110f8fe57b312eb4464b94
+DIST libnss-cache-0.10.1.tar.gz 11339 SHA256 3dc52c23b9dca2c97c4e685f4cb0d61ac3f0337504f2852ebee2b654606013a2 SHA512 09de9234622df0e31d342134ce54475547694eee1fbca2ce61cfeab5b0000b9a21672c48db347221a14859d81cced8d85d298eda1b65c18f8b610b6a3761ea74 WHIRLPOOL 1b454dec80060c3da79c95505eae1a6463fdfe10335cd1e9e69f30b93f9e62caec7da517c87c0457e1d940d0e7d42700cdb179e72317d012ef29304e5530e3d8
+DIST libnss-cache-0.10.2.tar.gz 11967 SHA256 8f0bd1583a0368534ae537552ffb667720134d94375d66b11898faf5cfba7728 SHA512 453624e85ff2692f0724f578ad72df76c96ecb2657eb3a701349025811af4e0c3ecf8e42c35a9a4eddabf4e731c361f4235d7cef34a61aec2e80e1b8728ea98f WHIRLPOOL 00f68545ac5f1a7b7cdb814650fadd29780006786e55398b5d1c6f0767c6039ab91685664f5471dadd7990195414ab7bb73fe7e50cfa5b74d38fc8758576c9f3
diff --git a/sys-auth/libnss-cache/files/libnss-cache-0.1-r1-make-install.patch b/sys-auth/libnss-cache/files/libnss-cache-0.1-r1-make-install.patch
new file mode 100644
index 00000000000..798aa2f0ef3
--- /dev/null
+++ b/sys-auth/libnss-cache/files/libnss-cache-0.1-r1-make-install.patch
@@ -0,0 +1,34 @@
+--- Makefile 2010-09-15 02:16:20.851387801 +0200
++++ Makefile 2010-09-15 02:23:26.651387798 +0200
+@@ -1,21 +1,24 @@
+-CC=gcc
++CC?=gcc
+ #CFLAGS=-Wall -fPIC -DDEBUG -g -O0
+-CFLAGS=-Wall -fPIC
++CFLAGS+=-Wall -fPIC
++LDFLAGS+=
+ LIBRARY=libnss_cache.so.2.0
+ LINKS=libnss_cache.so.2 libnss_cache.so
++DESTDIR?=
+ PREFIX=/usr
+ BUILD=.libs
+-LIBDIR=$(PREFIX)/lib
++LIBDIR?=$(PREFIX)/lib
++SONAME=libnss_cache.so.2
+
+ nss_cache:
+ [ -d $(BUILD) ] || mkdir $(BUILD)
+ $(CC) $(CFLAGS) -c nss_cache.c -o $(BUILD)/nss_cache.o
+- $(CC) -shared -o $(BUILD)/$(LIBRARY) $(BUILD)/nss_cache.o
++ $(CC) -shared -Wl,-soname,$(SONAME) -o $(BUILD)/$(LIBRARY) $(BUILD)/nss_cache.o $(LDFLAGS)
+
+ clean:
+ rm -rf $(BUILD)
+
+ install:
+- [ -d $(LIBDIR) ] || install -d $(LIBDIR)
+- install $(BUILD)/$(LIBRARY) $(LIBDIR)
+- cd $(LIBDIR); for link in $(LINKS); do ln -sf $(LIBRARY) $$link ; done
++ [ -d $(DESTDIR)$(LIBDIR) ] || install -d $(DESTDIR)$(LIBDIR)
++ install $(BUILD)/$(LIBRARY) $(DESTDIR)$(LIBDIR)
++ cd $(DESTDIR)$(LIBDIR); for link in $(LINKS); do ln -sf $(LIBRARY) $$link ; done
diff --git a/sys-auth/libnss-cache/files/libnss-cache-0.10-fix-shadow-test.patch b/sys-auth/libnss-cache/files/libnss-cache-0.10-fix-shadow-test.patch
new file mode 100644
index 00000000000..e68546c603a
--- /dev/null
+++ b/sys-auth/libnss-cache/files/libnss-cache-0.10-fix-shadow-test.patch
@@ -0,0 +1,12 @@
+diff -Nuar libnss-cache-0.10.orig//gen_getent.c libnss-cache-0.10//gen_getent.c
+--- libnss-cache-0.10.orig//gen_getent.c 2011-01-10 19:56:01.000000000 +0000
++++ libnss-cache-0.10//gen_getent.c 2011-01-13 06:43:05.475875153 +0000
+@@ -133,7 +133,7 @@
+ int errnop;
+ enum nss_status ret;
+
+- _nss_cache_setpwent_path(SHADOW_FILE);
++ _nss_cache_setspent_path(SHADOW_FILE);
+
+ buffer = malloc(buflen);
+
diff --git a/sys-auth/libnss-cache/files/libnss-cache-0.10.1-make.patch b/sys-auth/libnss-cache/files/libnss-cache-0.10.1-make.patch
new file mode 100644
index 00000000000..b1ba149529c
--- /dev/null
+++ b/sys-auth/libnss-cache/files/libnss-cache-0.10.1-make.patch
@@ -0,0 +1,49 @@
+diff --git a/Makefile b/Makefile
+index 1e34d3b..563e467 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,16 +1,16 @@
+-CC=gcc
++CC?=gcc
+ #CFLAGS=-Wall -Wstrict-prototypes -Werror -fPIC -DDEBUG -g -O0
+-CFLAGS=-Wall -Wstrict-prototypes -Werror -fPIC
++CFLAGS+=-Wall -Wstrict-prototypes -fPIC
+ LIBRARY=libnss_cache.so.2.0
+ LINKS=libnss_cache.so.2 libnss_cache.so
+-DESTDIR=/
+-PREFIX=$(DESTDIR)/usr
++DESTDIR?=
++PREFIX?=$(DESTDIR)/usr
+ BUILD=.libs
+ BUILD64=.libs64
+ BUILD32=.libs32
+-LIBDIR=$(PREFIX)/lib
+-LIBDIR64=$(PREFIX)/lib64
+-LIBDIR32=$(PREFIX)/lib32
++LIBDIR?=$(PREFIX)/lib
++LIBDIR64?=$(PREFIX)/lib64
++LIBDIR32?=$(PREFIX)/lib32
+ SONAME=libnss_cache.so.2
+ LD_SONAME=-Wl,-soname,$(SONAME)
+ TESTBIN=.testbin
+@@ -97,17 +97,17 @@ install_amd64: install32
+ nss_cache:
+ [ -d $(BUILD) ] || mkdir $(BUILD)
+ $(CC) $(CFLAGS) -c nss_cache.c -o $(BUILD)/nss_cache.o
+- $(CC) -shared $(LD_SONAME) -o $(BUILD)/$(LIBRARY) $(BUILD)/nss_cache.o
++ $(CC) $(LDFLAGS) -shared $(LD_SONAME) -o $(BUILD)/$(LIBRARY) $(BUILD)/nss_cache.o
+
+ nss_cache64: nss_cache
+ [ -d $(BUILD64) ] || mkdir $(BUILD64)
+ $(CC) $(CFLAGS) -m64 -c nss_cache.c -o $(BUILD64)/nss_cache.o
+- $(CC) -m64 -shared $(LD_SONAME) -o $(BUILD64)/$(LIBRARY) $(BUILD64)/nss_cache.o
++ $(CC) $(LDFLAGS) -m64 -shared $(LD_SONAME) -o $(BUILD64)/$(LIBRARY) $(BUILD64)/nss_cache.o
+
+ nss_cache32: nss_cache
+ [ -d $(BUILD32) ] || mkdir $(BUILD32)
+ $(CC) $(CFLAGS) -m32 -c nss_cache.c -o $(BUILD32)/nss_cache.o
+- $(CC) -m32 -shared $(LD_SONAME) -o $(BUILD32)/$(LIBRARY) $(BUILD32)/nss_cache.o
++ $(CC) $(LDFLAGS) -m32 -shared $(LD_SONAME) -o $(BUILD32)/$(LIBRARY) $(BUILD32)/nss_cache.o
+
+ clean:
+ rm -rf $(BUILD)
diff --git a/sys-auth/libnss-cache/libnss-cache-0.1-r1.ebuild b/sys-auth/libnss-cache/libnss-cache-0.1-r1.ebuild
new file mode 100644
index 00000000000..1f62fd260eb
--- /dev/null
+++ b/sys-auth/libnss-cache/libnss-cache-0.1-r1.ebuild
@@ -0,0 +1,30 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+
+inherit eutils multilib toolchain-funcs
+
+DESCRIPTION="libnss-cache is a library that serves nss lookups"
+HOMEPAGE="http://code.google.com/p/nsscache/"
+SRC_URI="http://nsscache.googlecode.com/files/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+S=${WORKDIR}/${PN}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PF}-make-install.patch
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)" || die
+}
+
+src_install() {
+ emake DESTDIR="${D}" LIBDIR="/usr/$(get_libdir)" install || die
+}
diff --git a/sys-auth/libnss-cache/libnss-cache-0.10.1.ebuild b/sys-auth/libnss-cache/libnss-cache-0.10.1.ebuild
new file mode 100644
index 00000000000..461a7320613
--- /dev/null
+++ b/sys-auth/libnss-cache/libnss-cache-0.10.1.ebuild
@@ -0,0 +1,35 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=3
+
+inherit eutils multilib toolchain-funcs
+
+DESCRIPTION="libnss-cache is a library that serves nss lookups"
+HOMEPAGE="http://code.google.com/p/nsscache/"
+SRC_URI="http://nsscache.googlecode.com/files/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="multilib"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-make.patch
+ epatch "${FILESDIR}"/${PN}-0.10-fix-shadow-test.patch
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)" nss_cache || die
+ if use multilib && has_multilib_profile; then
+ emake CC="$(tc-getCC)" nss_cache32 || die
+ fi
+}
+
+src_install() {
+ emake DESTDIR="${D}" LIBDIR="${D}/usr/$(get_libdir)" install || die
+ if use multilib && has_multilib_profile; then
+ emake DESTDIR="${D}" LIBDIR="${D}/usr/$(get_libdir)" install32 || die
+ fi
+}
diff --git a/sys-auth/libnss-cache/libnss-cache-0.10.2.ebuild b/sys-auth/libnss-cache/libnss-cache-0.10.2.ebuild
new file mode 100644
index 00000000000..6988a28ca09
--- /dev/null
+++ b/sys-auth/libnss-cache/libnss-cache-0.10.2.ebuild
@@ -0,0 +1,35 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=3
+
+inherit eutils multilib toolchain-funcs
+
+DESCRIPTION="libnss-cache is a library that serves nss lookups"
+HOMEPAGE="http://code.google.com/p/nsscache/"
+SRC_URI="http://nsscache.googlecode.com/files/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="multilib"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-0.10.1-make.patch
+ epatch "${FILESDIR}"/${PN}-0.10-fix-shadow-test.patch
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)" nss_cache || die
+ if use multilib && has_multilib_profile; then
+ emake CC="$(tc-getCC)" nss_cache32 || die
+ fi
+}
+
+src_install() {
+ emake DESTDIR="${D}" LIBDIR="${D}/usr/$(get_libdir)" install || die
+ if use multilib && has_multilib_profile; then
+ emake DESTDIR="${D}" LIBDIR="${D}/usr/$(get_libdir)" install32 || die
+ fi
+}
diff --git a/sys-auth/libnss-cache/metadata.xml b/sys-auth/libnss-cache/metadata.xml
new file mode 100644
index 00000000000..b38a94f524a
--- /dev/null
+++ b/sys-auth/libnss-cache/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>xmw@gentoo.org</email>
+ <name>Michael Weber</name>
+ </maintainer>
+ <maintainer>
+ <email>idl0r@gentoo.org</email>
+ <name>Christian Ruppert</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="google-code">nsscache</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/libnss-mysql/Manifest b/sys-auth/libnss-mysql/Manifest
new file mode 100644
index 00000000000..d51cd765df9
--- /dev/null
+++ b/sys-auth/libnss-mysql/Manifest
@@ -0,0 +1 @@
+DIST libnss-mysql-20060915.tgz 689970 SHA256 d0705ab7a185146d050a9ef486c4af03d66fb61fb511c4e0d29714b4c3e5848f SHA512 fc92438b413b175b9bcead222013eab3bf63088a33ece0c4b6cc69edbefb9cc9145138ce786059acf502c2378a2af45588a5a506e45928b9ac600fe05e62e0c7 WHIRLPOOL ca817d9ce10394455cee6ba5790d02ce658c184700706fbb9ccc90cdf67a57003bb47795c63023e18a0e79b4bfcdeaf1b001ba45f2242d0a664e3705a57040d0
diff --git a/sys-auth/libnss-mysql/files/libnss-mysql-1.5_p20060915-no-automagic-debug.diff b/sys-auth/libnss-mysql/files/libnss-mysql-1.5_p20060915-no-automagic-debug.diff
new file mode 100644
index 00000000000..292ae9e1947
--- /dev/null
+++ b/sys-auth/libnss-mysql/files/libnss-mysql-1.5_p20060915-no-automagic-debug.diff
@@ -0,0 +1,14 @@
+diff -NuarwPbB libnss-mysql.orig/configure.in libnss-mysql/configure.in
+--- libnss-mysql.orig/configure.in 2005-09-04 03:34:00.000000000 +0000
++++ libnss-mysql/configure.in 2010-09-08 18:12:24.577317098 +0000
+@@ -38,7 +38,9 @@
+ AC_ARG_WITH(mysql,
+ [ --with-mysql=DIR Location of your MySQL installation])
+ AC_ARG_ENABLE(debug,
+- [ --enable-debug Enable debug (see DEBUGGING)],
++ [ --enable-debug Enable debug (see DEBUGGING)])
++
++AS_IF([test "x$enable_debug" = "xyes"],
+ [AC_DEFINE([DEBUG], 1, [Enable debug])])
+
+ case "$target_os" in
diff --git a/sys-auth/libnss-mysql/libnss-mysql-1.5_p20060915-r2.ebuild b/sys-auth/libnss-mysql/libnss-mysql-1.5_p20060915-r2.ebuild
new file mode 100644
index 00000000000..c825030587b
--- /dev/null
+++ b/sys-auth/libnss-mysql/libnss-mysql-1.5_p20060915-r2.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+
+inherit eutils multilib autotools
+
+KEYWORDS="amd64 ppc ~sparc x86"
+
+DESCRIPTION="NSS MySQL Library"
+HOMEPAGE="http://libnss-mysql.sourceforge.net/"
+SRC_URI="http://libnss-mysql.sourceforge.net/snapshot/${PN}-${PV/1.5_p/}.tgz"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="debug"
+
+DEPEND="virtual/mysql"
+RDEPEND="${DEPEND}"
+S="${WORKDIR}/${PN}"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-no-automagic-debug.diff
+ eautoconf
+}
+
+src_configure() {
+ # Usually, authentication libraries don't belong into usr.
+ # But here, it's required that the lib is in the same dir
+ # as libmysql, because else failures may occur on boot if
+ # udev tries to access a user / group that doesn't exist
+ # on the system before /usr is mounted.
+ econf --libdir="/usr/$(get_libdir)" \
+ $(use_enable debug)
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die
+
+ find "${D}" -name '*.la' -delete
+
+ newdoc sample/README README.sample
+ dodoc AUTHORS DEBUGGING FAQ INSTALL NEWS README THANKS \
+ TODO UPGRADING ChangeLog
+
+ for subdir in sample/{linux,freebsd,complex,minimal} ; do
+ docinto "${subdir}"
+ dodoc "${subdir}/"{*.sql,*.cfg}
+ done
+}
diff --git a/sys-auth/libnss-mysql/libnss-mysql-1.5_p20060915-r3.ebuild b/sys-auth/libnss-mysql/libnss-mysql-1.5_p20060915-r3.ebuild
new file mode 100644
index 00000000000..b249ccd9f77
--- /dev/null
+++ b/sys-auth/libnss-mysql/libnss-mysql-1.5_p20060915-r3.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils multilib autotools
+
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+
+DESCRIPTION="NSS MySQL Library"
+HOMEPAGE="http://libnss-mysql.sourceforge.net/"
+SRC_URI="http://libnss-mysql.sourceforge.net/snapshot/${PN}-${PV/1.5_p/}.tgz"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="debug"
+
+DEPEND="virtual/mysql"
+RDEPEND="${DEPEND}"
+S="${WORKDIR}/${PN}"
+
+DOCS=( AUTHORS DEBUGGING FAQ INSTALL NEWS README THANKS
+ TODO UPGRADING ChangeLog
+)
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-no-automagic-debug.diff
+ eautoconf
+}
+
+src_configure() {
+ # Usually, authentication libraries don't belong into usr.
+ # But here, it's required that the lib is in the same dir
+ # as libmysql, because else failures may occur on boot if
+ # udev tries to access a user / group that doesn't exist
+ # on the system before /usr is mounted.
+ econf --libdir="/usr/$(get_libdir)" \
+ $(use_enable debug)
+}
+
+src_install() {
+ default
+
+ find "${D}" -name '*.la' -delete
+
+ newdoc sample/README README.sample
+
+ for subdir in sample/{linux,freebsd,complex,minimal} ; do
+ docinto "${subdir}"
+ dodoc "${subdir}/"{*.sql,*.cfg}
+ done
+}
diff --git a/sys-auth/libnss-mysql/metadata.xml b/sys-auth/libnss-mysql/metadata.xml
new file mode 100644
index 00000000000..32489e3d4bc
--- /dev/null
+++ b/sys-auth/libnss-mysql/metadata.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>mysql</herd>
+ <maintainer><email>hanno@gentoo.org</email></maintainer>
+</pkgmetadata>
diff --git a/sys-auth/libnss-pgsql/Manifest b/sys-auth/libnss-pgsql/Manifest
new file mode 100644
index 00000000000..dbf0ad6b107
--- /dev/null
+++ b/sys-auth/libnss-pgsql/Manifest
@@ -0,0 +1,2 @@
+DIST libnss-pgsql-1.4.0.tgz 244076 SHA256 776efc43b21323380f9b1cf32b4463eddd7050d19912418ea58b856b96c9ee25
+DIST libnss-pgsql-1.5.0-beta.tgz 305543 SHA256 84808c47fd21a09e2c487a0efc72cc18b352275082335be8c6de39d325e6c000
diff --git a/sys-auth/libnss-pgsql/files/libnss-pgsql-1.4.0-gentoo.patch b/sys-auth/libnss-pgsql/files/libnss-pgsql-1.4.0-gentoo.patch
new file mode 100644
index 00000000000..7a2a938b5c7
--- /dev/null
+++ b/sys-auth/libnss-pgsql/files/libnss-pgsql-1.4.0-gentoo.patch
@@ -0,0 +1,12 @@
+diff -Nur libnss-pgsql-1.4.0.orig/src/backend.c libnss-pgsql-1.4.0/src/backend.c
+--- libnss-pgsql-1.4.0.orig/src/backend.c 2001-10-18 13:32:52.000000000 +0200
++++ libnss-pgsql-1.4.0/src/backend.c 2003-11-28 16:14:38.000000000 +0100
+@@ -9,7 +9,7 @@
+ */
+
+ #include "nss-pgsql.h"
+-#include <postgresql/libpq-fe.h>
++#include <libpq-fe.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <stdio.h>
diff --git a/sys-auth/libnss-pgsql/files/libnss-pgsql-1.4.0-schema.patch b/sys-auth/libnss-pgsql/files/libnss-pgsql-1.4.0-schema.patch
new file mode 100644
index 00000000000..6d2b338f45c
--- /dev/null
+++ b/sys-auth/libnss-pgsql/files/libnss-pgsql-1.4.0-schema.patch
@@ -0,0 +1,22 @@
+--- conf/dbschema.sql.orig 2005-05-04 04:27:51.000000000 +0200
++++ conf/dbschema.sql 2006-11-11 22:37:01.000000000 +0100
+@@ -19,15 +19,16 @@
+ "gecos" character varying(128),
+ "homedir" character varying(256) NOT NULL,
+ "shell" character varying DEFAULT '/bin/bash' NOT NULL,
+- PRIMARY KEY ("username")
++ PRIMARY KEY ("username"),
++ UNIQUE ("uid")
+ );
+
+ CREATE TABLE "usergroups" (
+ "gid" int4 NOT NULL,
+ "uid" int4 NOT NULL,
+ PRIMARY KEY ("gid", "uid"),
+- CONSTRAINT "ug_gid_fkey" FOREIGN KEY ("gid") REFERENCES "groups"("gid"),
+- CONSTRAINT "ug_uid_fkey" FOREIGN KEY ("uid") REFERENCES "accounts"("uid")
++ CONSTRAINT "ug_gid_fkey" FOREIGN KEY ("gid") REFERENCES "group_table"("gid"),
++ CONSTRAINT "ug_uid_fkey" FOREIGN KEY ("uid") REFERENCES "passwd_table"("uid")
+ );
+
+ CREATE TABLE "shadow_table" (
diff --git a/sys-auth/libnss-pgsql/files/libnss-pgsql-1.5.0_beta-gentoo.patch b/sys-auth/libnss-pgsql/files/libnss-pgsql-1.5.0_beta-gentoo.patch
new file mode 100644
index 00000000000..69aefa8c606
--- /dev/null
+++ b/sys-auth/libnss-pgsql/files/libnss-pgsql-1.5.0_beta-gentoo.patch
@@ -0,0 +1,44 @@
+Index: libnss-pgsql-1.5.0-beta/src/backend.c
+===================================================================
+--- libnss-pgsql-1.5.0-beta.orig/src/backend.c
++++ libnss-pgsql-1.5.0-beta/src/backend.c
+@@ -11,7 +11,7 @@
+ */
+
+ #include "nss-pgsql.h"
+-#include <postgresql/libpq-fe.h>
++#include <libpq-fe.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <stdio.h>
+Index: libnss-pgsql-1.5.0-beta/doc/Makefile.am
+===================================================================
+--- libnss-pgsql-1.5.0-beta.orig/doc/Makefile.am
++++ libnss-pgsql-1.5.0-beta/doc/Makefile.am
+@@ -1,14 +1,6 @@
+ TARGETS = nss-pgsql.html
+
+-all html: $(TARGETS)
+-
+-install-data-local: $(TARGETS)
+- $(mkinstalldirs) $(DESTDIR)$(docdir)
+- $(INSTALL_DATA) nss-pgsql.html $(DESTDIR)$(docdir)
+- $(INSTALL_DATA) $(srcdir)/caution.png $(DESTDIR)$(docdir)
+-
+-clean-local:
+- rm -f $(TARGETS)
++html_DATA = $(TARGETS) caution.png
+
+ nss-pgsql.html: config.xsl nss-pgsql.xml
+ xmlto xhtml-nochunks -m $(srcdir)/config.xsl $(srcdir)/nss-pgsql.xml
+Index: libnss-pgsql-1.5.0-beta/src/Makefile.am
+===================================================================
+--- libnss-pgsql-1.5.0-beta.orig/src/Makefile.am
++++ libnss-pgsql-1.5.0-beta/src/Makefile.am
+@@ -1,5 +1,5 @@
+ lib_LTLIBRARIES = libnss_pgsql.la
+ libnss_pgsql_la_SOURCES = interface.c config.c backend.c util.c
+-libnss_pgsql_la_LDFLAGS = -module -version-info 2
++libnss_pgsql_la_LDFLAGS = -module -version-info 2 -shared
+ EXTRA_DIST = nss-pgsql.h
+
diff --git a/sys-auth/libnss-pgsql/libnss-pgsql-1.4.0.ebuild b/sys-auth/libnss-pgsql/libnss-pgsql-1.4.0.ebuild
new file mode 100644
index 00000000000..3e0c2b5f0ea
--- /dev/null
+++ b/sys-auth/libnss-pgsql/libnss-pgsql-1.4.0.ebuild
@@ -0,0 +1,55 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit autotools eutils multilib
+
+KEYWORDS="~x86"
+
+DESCRIPTION="Name Service Switch module for use with PostgreSQL"
+HOMEPAGE="http://pgfoundry.org/projects/sysauth/"
+SRC_URI="http://pgfoundry.org/frs/download.php/605/${P}.tgz"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE=""
+
+DEPEND="dev-db/postgresql
+ app-text/xmlto"
+RDEPEND="${DEPEND}"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}/${P}-gentoo.patch"
+ epatch "${FILESDIR}/${P}-schema.patch"
+ eautoreconf
+}
+
+src_compile() {
+ econf \
+ --libdir=/lib \
+ --with-docdir=/usr/share/doc/${PF}/html || die "econf failed"
+ emake || die "emake failed"
+}
+
+src_install() {
+ insinto /$(get_libdir)
+ doins src/.libs/libnss_pgsql.so.2.0.0
+ dosym libnss_pgsql.so.2.0.0 /lib/libnss_pgsql.so.2
+ dosym libnss_pgsql.so.2.0.0 /lib/libnss_pgsql.so
+
+ dodoc AUTHORS ChangeLog NEWS README
+ dohtml doc/*.{png,html}
+ insinto /usr/share/doc/${PF}/examples
+ doins conf/*
+}
+
+pkg_postinst() {
+ elog "Next steps:"
+ elog "1. Create the required tables in the database:"
+ elog " $ psql a_database -f ${ROOT}usr/share/${PN}/conf/dbschema.sql"
+ elog "2. Create the configuration file '/etc/nss-pgsql.conf'"
+ elog " You can copy the example from ${ROOT}usr/share/doc/${PF}/examples/nss-pgsql.conf"
+ elog "3. Edit /etc/nsswitch.conf to use the NSS service 'pgsql'"
+ elog " An example is available here: ${ROOT}usr/share/doc/${PF}/examples/nsswitch.conf"
+}
diff --git a/sys-auth/libnss-pgsql/libnss-pgsql-1.5.0_beta.ebuild b/sys-auth/libnss-pgsql/libnss-pgsql-1.5.0_beta.ebuild
new file mode 100644
index 00000000000..c8e11122c60
--- /dev/null
+++ b/sys-auth/libnss-pgsql/libnss-pgsql-1.5.0_beta.ebuild
@@ -0,0 +1,54 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit autotools eutils multilib
+
+KEYWORDS="~amd64 ~x86"
+
+DESCRIPTION="Name Service Switch module for use with PostgreSQL"
+HOMEPAGE="http://pgfoundry.org/projects/sysauth/"
+
+MY_P="${P/_/-}"
+SRC_URI="http://pgfoundry.org/frs/download.php/1878/${MY_P}.tgz"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE=""
+
+RDEPEND="dev-db/postgresql"
+DEPEND="${RDEPEND}
+ app-text/xmlto"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}/${P}-gentoo.patch"
+ eautoreconf
+}
+
+src_compile() {
+ econf \
+ --htmldir=/usr/share/doc/${PF}/html || die "econf failed"
+ emake || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die
+ find "${D}" -name '*.la' -delete || die
+
+ dodoc AUTHORS ChangeLog NEWS README || die
+ insinto /usr/share/doc/${PF}/examples
+ doins conf/* || die
+}
+
+pkg_postinst() {
+ elog "Next steps:"
+ elog "1. Create the required tables in the database:"
+ elog " $ psql a_database -f /usr/share/doc/${PF}/examples/dbschema.sql"
+ elog "2. Create the configuration file '/etc/nss-pgsql.conf'"
+ elog " You can copy the example from /usr/share/doc/${PF}/examples/nss-pgsql.conf"
+ elog "3. Edit /etc/nsswitch.conf to use the NSS service 'pgsql'"
+ elog " An example is available here: /usr/share/doc/${PF}/examples/nsswitch.conf"
+}
diff --git a/sys-auth/libnss-pgsql/metadata.xml b/sys-auth/libnss-pgsql/metadata.xml
new file mode 100644
index 00000000000..309b51e9a96
--- /dev/null
+++ b/sys-auth/libnss-pgsql/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>postgresql</herd>
+</pkgmetadata>
diff --git a/sys-auth/libyubikey/Manifest b/sys-auth/libyubikey/Manifest
new file mode 100644
index 00000000000..db092c8f249
--- /dev/null
+++ b/sys-auth/libyubikey/Manifest
@@ -0,0 +1,2 @@
+DIST libyubikey-1.12.tar.gz 346729 SHA256 b95387f791dad4d2544282299800f016736c363838e1e732f199bf90eba717b8 SHA512 dcfe0f0f33e98a56ca0971140e9fb0d7689236c0062f38eb92b6c3f6df3d576882aaffc153f5fc1c6f5edca5781c34801aa6a87e63c726999f5de003ad366d27 WHIRLPOOL 558f8b4664ce888b8871f214c7022d14ecca7c12bd1550b74e1810a421381ae29ef1064d7ed1726680d5847facdb48f1a3065dc9bde9b5093ff3f648706710fa
+DIST libyubikey-1.13.tar.gz 347337 SHA256 04edd0eb09cb665a05d808c58e1985f25bb7c5254d2849f36a0658ffc51c3401 SHA512 28f45cb9817c30a70d168ae507d3f8014051058d730eed92b31d92e96784138dea291bda4275511c5f92a6427cb4249d76c802b8abb867cec50e62fb770950f2 WHIRLPOOL c961fb9efa5eea9c5256b62c4363c9c5cfae8623518e9cbff851dce698d90880e0b6443739da7c955d869428a12b226ad52da55bcd7d64199619315d1495bfc8
diff --git a/sys-auth/libyubikey/libyubikey-1.12.ebuild b/sys-auth/libyubikey/libyubikey-1.12.ebuild
new file mode 100644
index 00000000000..b2ff6e30278
--- /dev/null
+++ b/sys-auth/libyubikey/libyubikey-1.12.ebuild
@@ -0,0 +1,19 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils autotools-utils
+
+DESCRIPTION="Yubico C low-level library"
+HOMEPAGE="https://github.com/Yubico/yubico-c"
+#http://opensource.yubico.com/yubico-c/releases.html
+SRC_URI="http://opensource.yubico.com/yubico-c/releases/${P}.tar.gz"
+
+KEYWORDS="~amd64 ~x86"
+SLOT="0"
+LICENSE="BSD-2"
+IUSE="static-libs"
+
+DOCS=( AUTHORS ChangeLog NEWS README THANKS )
diff --git a/sys-auth/libyubikey/libyubikey-1.13.ebuild b/sys-auth/libyubikey/libyubikey-1.13.ebuild
new file mode 100644
index 00000000000..bae5ceb49ba
--- /dev/null
+++ b/sys-auth/libyubikey/libyubikey-1.13.ebuild
@@ -0,0 +1,19 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils autotools-utils
+
+DESCRIPTION="Yubico C low-level library"
+HOMEPAGE="https://github.com/Yubico/yubico-c"
+#http://opensource.yubico.com/yubico-c/releases.html
+SRC_URI="http://opensource.yubico.com/yubico-c/releases/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="BSD-2"
+KEYWORDS="~amd64 ~x86"
+IUSE="static-libs"
+
+DOCS=( AUTHORS ChangeLog NEWS README THANKS )
diff --git a/sys-auth/libyubikey/metadata.xml b/sys-auth/libyubikey/metadata.xml
new file mode 100644
index 00000000000..86aee3bb63d
--- /dev/null
+++ b/sys-auth/libyubikey/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>proxy-maintainers</herd>
+ <maintainer>
+ <email>brant@gurganus.name</email>
+ <name>Brant Gurganus</name>
+ <description>Proxied co-maintainer, assign bugs to him</description>
+ </maintainer>
+ <maintainer>
+ <email>flameeyes@gentoo.org</email>
+ <name>Diego Elio Pettenò</name>
+ <description>Proxy maintainer, CC him on bugs</description>
+ </maintainer>
+ <upstream>
+ <remote-id type="google-code">yubico-c</remote-id>
+ <remote-id type="github">Yubico/yubico-c</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/metadata.xml b/sys-auth/metadata.xml
new file mode 100644
index 00000000000..4b8897c1fd7
--- /dev/null
+++ b/sys-auth/metadata.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE catmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<catmetadata>
+ <longdescription lang="en">
+ The sys-auth category contains applications and libraries to support
+ authentication and authorization facilities.
+ Here belongs PAM modules, NSS modules and login apps.
+ </longdescription>
+ <longdescription lang="ja">
+ sys-authカテゴリには確認を採用するアプリケーションとライブラリが
+ 含まれます。これはPAMとNSSモジュールとログインアプリケーションの場所です。
+ </longdescription>
+ <longdescription lang="vi">
+ Nhóm sys-auth chứa các ứng dụng và thư viện hỗ trợ xác thực và phân quyền.
+ Ở đây bao gồm các module PAM, NSS và các ứng dụng đăng nhập.
+ </longdescription>
+ <longdescription lang="de">
+ Die Kategorie sys-auth enthält Programme und Bibliotheken die Funktionen
+ zur Authentifizierung und Authorisierung zur Verfügung stellen. Module für PAM
+ und NSS sowie Loginapplikationen finden sich hier.
+ </longdescription>
+ <longdescription lang="it">
+ La categoria sys-auth contiene applicazioni e librerie di supporto per
+ gli strumenti di autenticazione e autorizzazione. Appartengono a questa categoria
+ i moduli PAM, i moduli NSS e le applicazioni di login.
+ </longdescription>
+ <longdescription lang="pt">
+ A categoria sys-auth contém aplicações e bibliotecas para
+ suportar instrumentos de autenticação e autorização.
+ Nesta categoria pertencem módulos de PAM, módulos de NSS e
+ aplicações de login.
+ </longdescription>
+ <longdescription lang="pl">
+ Kategoria sys-auth zawiera biblioteki oraz programy związane z
+ autoryzacją i uwierzytelnianiem. Znajdują się tu moduły PAM, NSS oraz
+ aplikacje służące do logowania.
+ </longdescription>
+ <longdescription lang="es">
+ La categoría sys-auth contiene aplicaciones y librerías para dar
+ soporte a los servicios de autenticación y autorización.
+ A esta categoría pertenecen los módulos PAM, NSS y las aplicaciones
+ para ingresar en el sistema.
+ </longdescription>
+</catmetadata>
diff --git a/sys-auth/munge/Manifest b/sys-auth/munge/Manifest
new file mode 100644
index 00000000000..2d0b685c468
--- /dev/null
+++ b/sys-auth/munge/Manifest
@@ -0,0 +1,2 @@
+DIST munge-0.5.10.tar.bz2 424285 SHA256 00e0125c2895877b555872647b0a98d13838a54acda78614bb6c6e70daadabc6 SHA512 b1b780d205d6cfbadfe6096156840d559c70de5b0023cbd604acfc29e1135036c98a949981d5c022e994c77213ee3d8d70e8fe825b645b030ad1adef92ed9479 WHIRLPOOL 72bb331f3651473b482b3ad5b4f0e934537d93911e8c55e5d253511de273da7719a26f2f9d98ee6bee7968a705f41f648f52cdf67107edbc2565cadd473d0d46
+DIST munge-0.5.11.tar.bz2 423232 SHA256 8e075614f81cb0a6df21a0aafdc825498611a04429d0876f074fc828739351a5 SHA512 b9d4cd76c4fe605ad67934af48809205de0f0e5fa1a10dd3b6e382da2cb8bc274bd2a8c0d4bc49d1d58155bf008945a584afd0b6e01cc8052aa1d21c8de2815b WHIRLPOOL 00898e86b05955109799d81b1da7cdb9300c8af6f73a7d0d2d9f678c8fce6878f093b77ce1406797b7814a7c099d3f22d2c93b08e4cdbf77cc61ec624604b87c
diff --git a/sys-auth/munge/files/fixed-recursive-use-of-make-in-makefiles.patch b/sys-auth/munge/files/fixed-recursive-use-of-make-in-makefiles.patch
new file mode 100644
index 00000000000..1810abc91f4
--- /dev/null
+++ b/sys-auth/munge/files/fixed-recursive-use-of-make-in-makefiles.patch
@@ -0,0 +1,134 @@
+From 5634ce9890da48f9ea88feece856361ce8f1563c Mon Sep 17 00:00:00 2001
+From: Brendan Horan <brendan@horan.hk>
+Date: Tue, 23 Jun 2015 09:32:31 +0800
+Subject: [PATCH] Fixed recursive use of make in makefiles [ make -> $(MAKE) ]
+
+---
+ Makefile.in | 2 +-
+ config/Make-inc.mk | 2 +-
+ src/Makefile.in | 2 +-
+ src/etc/Makefile.in | 2 +-
+ src/libcommon/Makefile.in | 2 +-
+ src/libmissing/Makefile.in | 2 +-
+ src/libmunge/Makefile.in | 2 +-
+ src/munge/Makefile.in | 2 +-
+ src/munged/Makefile.in | 2 +-
+ 9 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 8b8ca76..df53ff1 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -830,7 +830,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
+ $(top_builddir)/src/libmissing/libmissing.la \
+ $(top_builddir)/src/libmunge/libmunge.la \
+ : force-dependency-check
+- @cd `dirname $@` && make `basename $@`
++ @cd `dirname $@` && $(MAKE) `basename $@`
+
+ force-dependency-check:
+
+diff --git a/config/Make-inc.mk b/config/Make-inc.mk
+index 03a9622..edffea1 100644
+--- a/config/Make-inc.mk
++++ b/config/Make-inc.mk
+@@ -31,7 +31,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
+ $(top_builddir)/src/libmissing/libmissing.la \
+ $(top_builddir)/src/libmunge/libmunge.la \
+ : force-dependency-check
+- @cd `dirname $@` && make `basename $@`
++ @cd `dirname $@` && $(MAKE) `basename $@`
+
+ force-dependency-check:
+
+diff --git a/src/Makefile.in b/src/Makefile.in
+index c89ec9c..38c32da 100644
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -648,7 +648,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
+ $(top_builddir)/src/libmissing/libmissing.la \
+ $(top_builddir)/src/libmunge/libmunge.la \
+ : force-dependency-check
+- @cd `dirname $@` && make `basename $@`
++ @cd `dirname $@` && $(MAKE) `basename $@`
+
+ force-dependency-check:
+
+diff --git a/src/etc/Makefile.in b/src/etc/Makefile.in
+index ffd41a0..d1eed84 100644
+--- a/src/etc/Makefile.in
++++ b/src/etc/Makefile.in
+@@ -451,7 +451,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
+ $(top_builddir)/src/libmissing/libmissing.la \
+ $(top_builddir)/src/libmunge/libmunge.la \
+ : force-dependency-check
+- @cd `dirname $@` && make `basename $@`
++ @cd `dirname $@` && $(MAKE) `basename $@`
+
+ force-dependency-check:
+
+diff --git a/src/libcommon/Makefile.in b/src/libcommon/Makefile.in
+index 45419a8..8512b74 100644
+--- a/src/libcommon/Makefile.in
++++ b/src/libcommon/Makefile.in
+@@ -683,7 +683,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
+ $(top_builddir)/src/libmissing/libmissing.la \
+ $(top_builddir)/src/libmunge/libmunge.la \
+ : force-dependency-check
+- @cd `dirname $@` && make `basename $@`
++ @cd `dirname $@` && $(MAKE) `basename $@`
+
+ force-dependency-check:
+
+diff --git a/src/libmissing/Makefile.in b/src/libmissing/Makefile.in
+index 10b1a78..187f4b3 100644
+--- a/src/libmissing/Makefile.in
++++ b/src/libmissing/Makefile.in
+@@ -572,7 +572,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
+ $(top_builddir)/src/libmissing/libmissing.la \
+ $(top_builddir)/src/libmunge/libmunge.la \
+ : force-dependency-check
+- @cd `dirname $@` && make `basename $@`
++ @cd `dirname $@` && $(MAKE) `basename $@`
+
+ force-dependency-check:
+
+diff --git a/src/libmunge/Makefile.in b/src/libmunge/Makefile.in
+index 69dc54f..ab21fdc 100644
+--- a/src/libmunge/Makefile.in
++++ b/src/libmunge/Makefile.in
+@@ -752,7 +752,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
+ $(top_builddir)/src/libmissing/libmissing.la \
+ $(top_builddir)/src/libmunge/libmunge.la \
+ : force-dependency-check
+- @cd `dirname $@` && make `basename $@`
++ @cd `dirname $@` && $(MAKE) `basename $@`
+
+ force-dependency-check:
+
+diff --git a/src/munge/Makefile.in b/src/munge/Makefile.in
+index f411d7e..411ec3b 100644
+--- a/src/munge/Makefile.in
++++ b/src/munge/Makefile.in
+@@ -752,7 +752,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
+ $(top_builddir)/src/libmissing/libmissing.la \
+ $(top_builddir)/src/libmunge/libmunge.la \
+ : force-dependency-check
+- @cd `dirname $@` && make `basename $@`
++ @cd `dirname $@` && $(MAKE) `basename $@`
+
+ force-dependency-check:
+
+diff --git a/src/munged/Makefile.in b/src/munged/Makefile.in
+index c14fd0b..5112da3 100644
+--- a/src/munged/Makefile.in
++++ b/src/munged/Makefile.in
+@@ -1243,7 +1243,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
+ $(top_builddir)/src/libmissing/libmissing.la \
+ $(top_builddir)/src/libmunge/libmunge.la \
+ : force-dependency-check
+- @cd `dirname $@` && make `basename $@`
++ @cd `dirname $@` && $(MAKE) `basename $@`
+
+ force-dependency-check:
+
diff --git a/sys-auth/munge/files/munged.confd b/sys-auth/munge/files/munged.confd
new file mode 100644
index 00000000000..8ab2f69284a
--- /dev/null
+++ b/sys-auth/munge/files/munged.confd
@@ -0,0 +1,13 @@
+# Specify secret key file. If the keyfile does not already exist
+# it will be created on first startup using pseudorandom data via
+# dd if=/dev/urandom bs=1 count=1024 >/etc/munge/munge.key
+KEYFILE="/etc/munge/munge.key"
+
+# Specify whether to check "/etc/group" mtime
+GROUP_CHECK_MTIME=1
+
+# Specify seconds between group info updates
+GROUP_UPDATE_TIME=3600
+
+# Specify number of threads to spawn
+NUM_THREADS=2
diff --git a/sys-auth/munge/files/munged.initd b/sys-auth/munge/files/munged.initd
new file mode 100644
index 00000000000..7fee87e499c
--- /dev/null
+++ b/sys-auth/munge/files/munged.initd
@@ -0,0 +1,44 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+depend() {
+ after localmount
+}
+
+check_key() {
+ [ -s "${KEYFILE}" ] && return 0
+ dd if=/dev/urandom bs=1 count=1024 >/etc/munge/munge.key 2>/dev/null || return 1
+ chown munge:munge "${KEYFILE}" || return 1
+ chmod 700 "${KEYFILE}" || return 1
+}
+
+start() {
+ ebegin "Starting munged"
+ if ! check_key; then
+ eerror "Failed to verify/create munge key"
+ eend 1 && exit 1
+ fi
+ checkpath -d -m 755 -o munge:munge /var/run/munge
+ checkpath -d -m 711 -o munge:munge /var/lib/munge
+ checkpath -d -m 700 -o munge:munge /var/log/munge
+ start-stop-daemon -S /usr/sbin/munged \
+ --user munge \
+ --group munge \
+ --pidfile /var/run/munge/munged.pid \
+ -- \
+ --key-file="${KEYFILE}" \
+ --group-check-mtime="${GROUP_CHECK_MTIME}" \
+ --group-update-time="${GROUP_UPDATE_TIME}" \
+ --num-threads="${NUM_THREADS}"
+ eend ${?}
+}
+
+stop() {
+ ebegin "Stopping munged"
+ start-stop-daemon -K /usr/sbin/munged \
+ --pidfile /var/run/munge/munged.pid
+ eend ${?}
+}
+
diff --git a/sys-auth/munge/metadata.xml b/sys-auth/munge/metadata.xml
new file mode 100644
index 00000000000..428b6306955
--- /dev/null
+++ b/sys-auth/munge/metadata.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>cluster</herd>
+ <maintainer>
+ <email>jsbronder@gentoo.org</email>
+ </maintainer>
+ <use>
+ <flag name="gcrypt">Use libgcrypt instead of openssl</flag>
+ </use>
+ <longdescription>MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for creating
+ and validating credentials. It is designed to be highly scalable for use in
+ an HPC cluster environment. It allows a process to authenticate the UID and
+ GID of another local or remote process within a group of hosts having common
+ users and groups. These hosts form a security realm that is defined by a
+ shared cryptographic key. Clients within this security realm can create and
+ validate credentials without the use of root privileges, reserved ports, or
+ platform-specific methods.</longdescription>
+ <upstream>
+ <remote-id type="google-code">munge</remote-id>
+ <remote-id type="github">dun/munge</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/munge/munge-0.5.10-r1.ebuild b/sys-auth/munge/munge-0.5.10-r1.ebuild
new file mode 100644
index 00000000000..dfdda2ec4ee
--- /dev/null
+++ b/sys-auth/munge/munge-0.5.10-r1.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+inherit user
+
+DESCRIPTION="An authentication service for creating and validating credentials"
+HOMEPAGE="http://code.google.com/p/munge/"
+SRC_URI="http://munge.googlecode.com/files/${P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="alpha amd64 hppa ia64 ~mips ppc ppc64 sparc x86"
+IUSE="gcrypt"
+
+DEPEND="app-arch/bzip2
+ sys-libs/zlib
+ gcrypt? ( dev-libs/libgcrypt:0 )
+ !gcrypt? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+ enewgroup munge
+ enewuser munge -1 -1 /var/lib/munge munge
+}
+
+src_configure() {
+ local conf=""
+
+ if use gcrypt; then
+ conf="${conf} --with-crypto-lib=libgcrypt"
+ else
+ conf="${conf} --with-crypto-lib=openssl"
+ fi
+
+ econf ${conf} \
+ --localstatedir=/var
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die
+
+ # 450830
+ if [ -d "${D}"/var/run ]; then
+ rm -rf "${D}"/var/run || die
+ fi
+
+ diropts -o munge -g munge -m700
+ dodir /etc/munge || die
+
+ [ -d "${D}"/etc/init.d ] && rm -r "${D}"/etc/init.d
+ [ -d "${D}"/etc/default ] && rm -r "${D}"/etc/default
+ [ -d "${D}"/etc/sysconfig ] && rm -r "${D}"/etc/sysconfig
+
+ newconfd "${FILESDIR}"/${PN}d.confd ${PN}d || die
+ newinitd "${FILESDIR}"/${PN}d.initd ${PN}d || die
+}
+
+src_test() {
+ emake check || die
+}
diff --git a/sys-auth/munge/munge-0.5.11.ebuild b/sys-auth/munge/munge-0.5.11.ebuild
new file mode 100644
index 00000000000..64bc557ae9e
--- /dev/null
+++ b/sys-auth/munge/munge-0.5.11.ebuild
@@ -0,0 +1,63 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit autotools eutils user
+
+DESCRIPTION="An authentication service for creating and validating credentials"
+HOMEPAGE="https://github.com/dun/munge"
+SRC_URI="https://github.com/dun/munge/releases/download/munge-${PV}/munge-${PV}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+IUSE="gcrypt"
+
+DEPEND="app-arch/bzip2
+ sys-libs/zlib
+ gcrypt? ( dev-libs/libgcrypt:0 )
+ !gcrypt? ( dev-libs/openssl:0 )"
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+ enewgroup munge
+ enewuser munge -1 -1 /var/lib/munge munge
+}
+
+src_prepare() {
+ # Accepted upstream, https://github.com/dun/munge/pull/40
+ epatch "${FILESDIR}"/fixed-recursive-use-of-make-in-makefiles.patch
+
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --localstatedir=/var \
+ --with-crypto-lib=$(usex gcrypt libgcrypt openssl)
+}
+
+src_install() {
+ local d
+
+ default
+
+ # 450830
+ if [ -d "${D}"/var/run ]; then
+ rm -rf "${D}"/var/run || die
+ fi
+
+ diropts -o munge -g munge -m700
+ dodir /etc/munge
+
+ for d in "init.d" "default" "sysconfig"; do
+ if [ -d "${D}"/etc/${d} ]; then
+ rm -r "${D}"/etc/${d} || die
+ fi
+ done
+
+ newconfd "${FILESDIR}"/${PN}d.confd ${PN}d
+ newinitd "${FILESDIR}"/${PN}d.initd ${PN}d
+}
diff --git a/sys-auth/nss-mdns/Manifest b/sys-auth/nss-mdns/Manifest
new file mode 100644
index 00000000000..622843c261f
--- /dev/null
+++ b/sys-auth/nss-mdns/Manifest
@@ -0,0 +1 @@
+DIST nss-mdns-0.10.tar.gz 353130 SHA256 1e683c2e7c3921814706d62fbbd3e9cbf493a75fa00255e0e715508d8134fa6d SHA512 7c9f4150648dfab34bc6f8551e5b58b0b7065e4c1472efb8ce1b00b2bd75627e5928b2c199d9dae742abe839968a8774e39c7646f8ce855d342b4d90252efc0e WHIRLPOOL 27298dd51e307d0c3798096b1e8ccfc7b0f454ebca15e1abea1502326f17e8850af789cb8fa926be4d4918cc81819487603e3f8eb3ad76605325da97be23db66
diff --git a/sys-auth/nss-mdns/files/mdns.allow b/sys-auth/nss-mdns/files/mdns.allow
new file mode 100644
index 00000000000..80b49b097b0
--- /dev/null
+++ b/sys-auth/nss-mdns/files/mdns.allow
@@ -0,0 +1,3 @@
+# mdns.allow:
+.local.
+.local
diff --git a/sys-auth/nss-mdns/files/nss-mdns-0.10-avahi-socket.patch b/sys-auth/nss-mdns/files/nss-mdns-0.10-avahi-socket.patch
new file mode 100644
index 00000000000..189d108814a
--- /dev/null
+++ b/sys-auth/nss-mdns/files/nss-mdns-0.10-avahi-socket.patch
@@ -0,0 +1,10 @@
+--- src/Makefile.am 2006-12-30 01:00:22.000000000 -0600
++++ src/Makefile.am 2006-12-30 01:01:11.000000000 -0600
+@@ -20,7 +20,7 @@
+ AM_CFLAGS = \
+ -DMDNS_ALLOW_FILE=\"$(sysconfdir)/mdns.allow\" \
+ -DRESOLV_CONF_FILE=\"$(sysconfdir)/resolv.conf\" \
+- -DAVAHI_SOCKET=\"$(localstatedir)/run/avahi-daemon/socket\"
++ -DAVAHI_SOCKET=\"$(ROOT)var/run/avahi-daemon/socket\"
+
+ #AM_CFLAGS += -DNDEBUG=1 -Os
diff --git a/sys-auth/nss-mdns/metadata.xml b/sys-auth/nss-mdns/metadata.xml
new file mode 100644
index 00000000000..8a582533183
--- /dev/null
+++ b/sys-auth/nss-mdns/metadata.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>maintainer-needed@gentoo.org</email>
+ </maintainer>
+<use>
+ <flag name="search-domains">Honour search domains from
+ /etc/resolv.conf (see bug #201948 for possible side effects)</flag>
+</use>
+ <longdescription lang="en">
+ Name service switch module for multicast dns.
+ </longdescription>
+ <longdescription lang="ja">
+ マルチキャスト DNS 向けネーム・サービス・スイッチのモジュールです。
+ </longdescription>
+</pkgmetadata>
diff --git a/sys-auth/nss-mdns/nss-mdns-0.10-r2.ebuild b/sys-auth/nss-mdns/nss-mdns-0.10-r2.ebuild
new file mode 100644
index 00000000000..5255cd10c8d
--- /dev/null
+++ b/sys-auth/nss-mdns/nss-mdns-0.10-r2.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+inherit autotools eutils multilib-minimal
+
+DESCRIPTION="Name Service Switch module for Multicast DNS"
+HOMEPAGE="http://0pointer.de/lennart/projects/nss-mdns/"
+SRC_URI="http://0pointer.de/lennart/projects/nss-mdns/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~arm ~hppa ~mips ppc x86"
+IUSE="search-domains"
+
+RDEPEND=">=net-dns/avahi-0.6.31-r2[${MULTILIB_USEDEP}]"
+DEPEND="${RDEPEND}"
+RDEPEND="${RDEPEND}
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-0.10-avahi-socket.patch
+ epatch_user
+ eautoreconf
+}
+
+multilib_src_configure() {
+ ECONF_SOURCE=${S} \
+ econf \
+ $(use_enable search-domains) \
+ --enable-avahi
+}
+
+multilib_src_install_all() {
+ dodoc README
+
+ insinto /etc
+ doins "${FILESDIR}"/mdns.allow
+}
+
+pkg_postinst() {
+ ewarn
+ ewarn "You must modify your name service switch look up file to enable"
+ ewarn "multicast DNS lookups. If you wish to resolve only IPv6 addresses"
+ ewarn "use mdns6. For IPv4 addresses only, use mdns4. To resolve both"
+ ewarn "use mdns. Keep in mind that mdns will be slower if there are no"
+ ewarn "IPv6 addresses published via mDNS on the network. There are also"
+ ewarn "minimal (mdns?_minimal) libraries which only lookup .local hosts"
+ ewarn "and 169.254.x.x addresses."
+ ewarn
+ ewarn "Add the appropriate mdns into the hosts line in /etc/nsswitch.conf"
+ ewarn "An example line looks like:"
+ ewarn "hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4"
+ ewarn
+ ewarn "If you want to perform mDNS lookups for domains other than the ones"
+ ewarn "ending in .local, add them to /etc/mdns.allow"
+ ewarn
+}
diff --git a/sys-auth/nss-myhostname/Manifest b/sys-auth/nss-myhostname/Manifest
new file mode 100644
index 00000000000..a0a0812e828
--- /dev/null
+++ b/sys-auth/nss-myhostname/Manifest
@@ -0,0 +1 @@
+DIST nss-myhostname-0.3.tar.gz 330031 SHA256 2ba744ea8d578d1c57c85884e94a3042ee17843a5294434d3a7f6c4d67e7caf2 SHA512 8f14091f887991532bc3cedcdee607c89f403c7869063919c299cdd7ee8207a9759ab9105093bae151a79e08944053598104a59e9987949ee146d742a12e8c34 WHIRLPOOL 9161372c1e5dea6ea925f96fadfbb955786e812a079fea621b3c212bafe6fcbb6a20f6979d3cb474ccba73ce9e2ebdd7d51ef7f994413dcdc20fb0f1572f6d9d
diff --git a/sys-auth/nss-myhostname/metadata.xml b/sys-auth/nss-myhostname/metadata.xml
new file mode 100644
index 00000000000..1aba3db38f0
--- /dev/null
+++ b/sys-auth/nss-myhostname/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>freedesktop</herd>
+<longdescription lang="en">
+nss-myhostname is a plugin for the GNU Name Service Switch (NSS) functionality
+of the GNU C Library (glibc) providing host name resolution for the locally
+configured system hostname as returned by gethostname(2). Various software
+relies on an always resolvable local host name. When using dynamic hostnames
+this is usually achieved by patching /etc/hosts at the same time as changing
+the host name. This however is not ideal since it requires a writable /etc
+file system and is fragile because the file might be edited by the
+administrator at the same time. nss-myhostname simply returns all locally
+configure public IP addresses, or -- if none are configured -- the IPv4
+address 127.0.0.2 (wich is on the local loopback) and the IPv6 address ::1
+(which is the local host) for whatever system hostname is configured locally.
+Patching /etc/hosts is thus no longer necessary.
+</longdescription>
+</pkgmetadata>
diff --git a/sys-auth/nss-myhostname/nss-myhostname-0.3.ebuild b/sys-auth/nss-myhostname/nss-myhostname-0.3.ebuild
new file mode 100644
index 00000000000..8b51e1cdf27
--- /dev/null
+++ b/sys-auth/nss-myhostname/nss-myhostname-0.3.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+DESCRIPTION="Name Service Switch module for resolving the local hostname"
+HOMEPAGE="http://0pointer.de/lennart/projects/nss-myhostname/"
+SRC_URI="http://0pointer.de/lennart/projects/${PN}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1+"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ia64 ppc ppc64 sparc x86"
+IUSE=""
+
+COMMON_DEPEND=""
+RDEPEND="${COMMON_DEPEND}
+ !>=sys-apps/systemd-197"
+DEPEND="${COMMON_DEPEND}"
+
+src_prepare() {
+ # The documentation in doc/ is just the README file in other formats
+ sed -e 's:SUBDIRS *= *doc:SUBDIRS =:' -i Makefile.{am,in} ||
+ die "sed failed"
+}
+
+src_configure() {
+ econf --disable-lynx
+}
+
+pkg_postinst() {
+ elog "You must modify your name service switch lookup file to enable"
+ elog "nss-myhostname. To do so, add 'myhostname' to the hosts line in"
+ elog "/etc/nsswitch.conf"
+ elog
+ elog "An example hosts line looks like this:"
+ elog "hosts: files dns myhostname"
+ elog
+}
diff --git a/sys-auth/nss-pam-ldapd/Manifest b/sys-auth/nss-pam-ldapd/Manifest
new file mode 100644
index 00000000000..97885bbcf58
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/Manifest
@@ -0,0 +1,2 @@
+DIST nss-pam-ldapd-0.8.14.tar.gz 508949 SHA256 a29ceb9b7eda386ca38f16115ffec61425462cca6b5e560c44c3d51edc03a63f SHA512 70abb1836b5b3304e583fd3b71f11fee7586e181b26f4630779ec1d90b856da6e4fcc76327c51b20a158aa36708dd12ceb5f543a33c826881f2ad3e092f542c9 WHIRLPOOL 5d30088d73e464bf380dd5e7d34f8c5200680712693c97ee1f1df1880b4680236d9168ac7ec08b161ae463236c0feddc2171442a956c872113caa6e2b07a6bb8
+DIST nss-pam-ldapd-0.9.6.tar.gz 754681 SHA256 101d5a7fa10549cc77be48d07f2b8141f59182f10f2cc0fea93efd13c3a5a6f2 SHA512 213bc55554290042623ef4cce071045bab569a824aef7d960e3aa9c2f64f0c4928c5c28a4b5d9225fd35ea5026bb11f710d9c620f790e9d82c73d89b272e972a WHIRLPOOL 8902d48a6e889e697f7ddf9bd7d481493a0e2e302223317647f24fd3cd10b176cf66287553b8eafc2b996d0c073055afeb42b4f29d93e8f05f3967bb0aeaee16
diff --git a/sys-auth/nss-pam-ldapd/files/nslcd-init b/sys-auth/nss-pam-ldapd/files/nslcd-init
new file mode 100644
index 00000000000..5774fe70cab
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/files/nslcd-init
@@ -0,0 +1,37 @@
+#!/sbin/runscript
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_commands="checkconfig"
+cfg="/etc/nslcd.conf"
+
+depend() {
+ need net
+ use dns logger
+}
+
+checkconfig() {
+ if [ ! -f "$cfg" ] ; then
+ eerror "Please create $cfg"
+ eerror "Example config: /usr/share/nss-ldapd/nslcd.conf"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkpath -q -d /var/run/nslcd -o nslcd:nslcd
+ checkconfig || return $?
+
+ ebegin "Starting nslcd"
+ start-stop-daemon --start --pidfile /var/run/nslcd/nslcd.pid \
+ --exec /usr/sbin/nslcd
+ eend $? "Failed to start nslcd"
+}
+
+stop() {
+ ebegin "Stopping nslcd"
+ start-stop-daemon --stop --pidfile /var/run/nslcd/nslcd.pid
+ eend $? "Failed to stop nslcd"
+}
diff --git a/sys-auth/nss-pam-ldapd/files/nslcd-init-r1 b/sys-auth/nss-pam-ldapd/files/nslcd-init-r1
new file mode 100644
index 00000000000..238a008063f
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/files/nslcd-init-r1
@@ -0,0 +1,37 @@
+#!/sbin/runscript
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_commands="checkconfig"
+cfg="/etc/nslcd.conf"
+
+depend() {
+ need net
+ use dns logger
+}
+
+checkconfig() {
+ if [ ! -f "$cfg" ] ; then
+ eerror "Please create $cfg"
+ eerror "Example config: /usr/share/nss-ldapd/nslcd.conf"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkpath -q -d /run/nslcd -o nslcd:nslcd
+ checkconfig || return $?
+
+ ebegin "Starting nslcd"
+ start-stop-daemon --start --pidfile /var/run/nslcd/nslcd.pid \
+ --exec /usr/sbin/nslcd
+ eend $? "Failed to start nslcd"
+}
+
+stop() {
+ ebegin "Stopping nslcd"
+ start-stop-daemon --stop --pidfile /var/run/nslcd/nslcd.pid
+ eend $? "Failed to stop nslcd"
+}
diff --git a/sys-auth/nss-pam-ldapd/files/nslcd-init-r2 b/sys-auth/nss-pam-ldapd/files/nslcd-init-r2
new file mode 100644
index 00000000000..6c203be7343
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/files/nslcd-init-r2
@@ -0,0 +1,29 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+command=/usr/sbin/nslcd
+pidfile=/var/run/nslcd/nslcd.pid
+extra_commands="checkconfig"
+cfg="/etc/nslcd.conf"
+
+depend() {
+ need net
+ use dns logger
+}
+
+checkconfig() {
+ if [ ! -f "$cfg" ] ; then
+ eerror "Please create $cfg"
+ eerror "Example config: /usr/share/nss-ldapd/nslcd.conf"
+ return 1
+ fi
+ return 0
+}
+
+start_pre() {
+ checkpath -q -d /run/nslcd -o nslcd:nslcd
+ checkconfig
+ return $?
+}
diff --git a/sys-auth/nss-pam-ldapd/files/nslcd-init-s6 b/sys-auth/nss-pam-ldapd/files/nslcd-init-s6
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/files/nslcd-init-s6
diff --git a/sys-auth/nss-pam-ldapd/files/nslcd-run-s6 b/sys-auth/nss-pam-ldapd/files/nslcd-run-s6
new file mode 100644
index 00000000000..264da009ba1
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/files/nslcd-run-s6
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec 2>&1
+exec /usr/sbin/nslcd -n
diff --git a/sys-auth/nss-pam-ldapd/files/nslcd-tmpfiles.conf b/sys-auth/nss-pam-ldapd/files/nslcd-tmpfiles.conf
new file mode 100644
index 00000000000..ac4ee0ad864
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/files/nslcd-tmpfiles.conf
@@ -0,0 +1 @@
+d /run/nslcd 0755 nslcd nslcd -
diff --git a/sys-auth/nss-pam-ldapd/files/nslcd.rc b/sys-auth/nss-pam-ldapd/files/nslcd.rc
new file mode 100644
index 00000000000..916f78f8d8b
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/files/nslcd.rc
@@ -0,0 +1,35 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+opts="checkconfig"
+
+depend() {
+ need net
+ use dns logger
+}
+
+checkconfig() {
+ if [ ! -f /etc/nss-ldapd.conf ] ; then
+ eerror "Please create /etc/nss-ldapd.conf"
+ eerror "Example config: /usr/share/nss-ldapd/nss-ldapd.conf"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkconfig || return $?
+
+ ebegin "Starting nslcd"
+ start-stop-daemon --start --pidfile /var/run/nslcd/nslcd.pid \
+ --exec /usr/sbin/nslcd
+ eend $? "Failed to start nslcd"
+}
+
+stop() {
+ ebegin "Stopping nslcd"
+ start-stop-daemon --stop --pidfile /var/run/nslcd/nslcd.pid
+ eend $? "Failed to stop nslcd"
+}
diff --git a/sys-auth/nss-pam-ldapd/files/nslcd.service b/sys-auth/nss-pam-ldapd/files/nslcd.service
new file mode 100644
index 00000000000..030cc2c90eb
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/files/nslcd.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=NSS and PAM LDAP client daemon
+After=network-online.target
+Wants=network-online.target nss-lookup.target syslog.service
+Before=nss-user-lookup.target
+
+[Service]
+Type=forking
+PIDFile=/var/run/nslcd/nslcd.pid
+ExecStart=/usr/sbin/nslcd
+
+[Install]
+WantedBy=multi-user.target
+RequiredBy=nss-user-lookup.target
diff --git a/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.4-disable-py3-only-linters.patch b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.4-disable-py3-only-linters.patch
new file mode 100644
index 00000000000..06dcc2513a3
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.4-disable-py3-only-linters.patch
@@ -0,0 +1,13 @@
+diff --git a/tests/pylint.rc b/tests/pylint.rc
+index 7f0bc13..b66d018 100644
+--- a/tests/pylint.rc
++++ b/tests/pylint.rc
+@@ -19,7 +19,7 @@ enable=
+ # can either give multiple identifier separated by comma (,) or put this option
+ # multiple time (only on the command line, not in the configuration file where
+ # it should appear only once).
+-disable=E1101
++disable=E1101,E1608,E1606,E1601
+
+
+ [REPORTS]
diff --git a/sys-auth/nss-pam-ldapd/metadata.xml b/sys-auth/nss-pam-ldapd/metadata.xml
new file mode 100644
index 00000000000..458c550d203
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/metadata.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>prometheanfire@gentoo.org</email>
+ <name>Matthew Thode</name>
+ </maintainer>
+ <maintainer>
+ <email>chutzpah@gentoo.org</email>
+ <name>Patrick McLean</name>
+ </maintainer>
+ <use>
+ <flag name="utils">Install the command-line utilities</flag>
+ </use>
+ <longdescription lang="en">
+ Provides a Name Service Switch (NSS) module that allows your LDAP
+ server to provide user account, group, host name, alias, netgroup, and
+ basically any other information that you would normally get from /etc
+ flat files or NIS. It also provides a Pluggable Authentication Module
+ (PAM) to do authentication to an LDAP server.
+
+ This is implemented using thin NSS and PAM modules which delegate to a
+ dedicated service (nslcd) that queries the LDAP server with persistent
+ connections, authentication, attribute translation, etc.
+ </longdescription>
+</pkgmetadata>
diff --git a/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.8.14-r2.ebuild b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.8.14-r2.ebuild
new file mode 100644
index 00000000000..16a99df8cd6
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.8.14-r2.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit multilib-minimal user
+
+DESCRIPTION="NSS module for name lookups using LDAP"
+HOMEPAGE="http://arthurdejong.org/nss-pam-ldapd/"
+SRC_URI="http://arthurdejong.org/nss-pam-ldapd/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE="debug kerberos sasl +pam"
+
+DEPEND="
+ net-nds/openldap
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )
+ pam? ( virtual/pam )
+ !sys-auth/nss_ldap
+ !sys-auth/pam_ldap"
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+ enewgroup nslcd
+ enewuser nslcd -1 -1 -1 nslcd
+}
+
+multilib_src_configure() {
+ # nss libraries always go in /lib on Gentoo
+ myconf="
+ --enable-warnings
+ --with-ldap-lib=openldap
+ --with-ldap-conf-file=/etc/nslcd.conf
+ --with-nslcd-pidfile=/run/nslcd/nslcd.pid
+ --with-nslcd-socket=/run/nslcd/socket
+ --with-pam-seclib-dir=/$(get_libdir)/security
+ --libdir=/$(get_libdir)
+ $(use_enable debug)
+ $(use_enable kerberos)
+ $(use_enable pam)
+ $(use_enable sasl)"
+
+ if use x86-fbsd; then
+ myconf+=" --with-nss-flavour=freebsd"
+ else
+ myconf+=" --with-nss-flavour=glibc"
+ fi
+
+ ECONF_SOURCE="${S}" econf ${myconf}
+}
+
+multilib_src_install() {
+ default
+
+ # for socket and pid file (not needed bug 452992)
+ #keepdir /run/nslcd
+
+ # init script
+ newinitd "${FILESDIR}"/nslcd-init-r1 nslcd
+
+ # make an example copy
+ insinto /usr/share/nss-pam-ldapd
+ doins "${WORKDIR}/${P}/nslcd.conf"
+
+ fperms o-r /etc/nslcd.conf
+}
+
+pkg_postinst() {
+ echo
+ elog "For this to work you must configure /etc/nslcd.conf"
+ elog "This configuration is similar to pam_ldap's /etc/ldap.conf"
+ echo
+ elog "In order to use nss-pam-ldapd, nslcd needs to be running. You can"
+ elog "start it like this:"
+ elog " # /etc/init.d/nslcd start"
+ echo
+ elog "You can add it to the default runlevel like so:"
+ elog " # rc-update add nslcd default"
+ elog
+ elog "If you are upgrading, keep in mind that /etc/nss-ldapd.conf"
+ elog " is now named /etc/nslcd.conf"
+ echo
+}
diff --git a/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.6.ebuild b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.6.ebuild
new file mode 100644
index 00000000000..3c530e45635
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.6.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=(python2_7)
+inherit eutils prefix user python-r1 multilib multilib-minimal systemd s6
+
+DESCRIPTION="NSS module for name lookups using LDAP"
+HOMEPAGE="http://arthurdejong.org/nss-pam-ldapd/"
+SRC_URI="http://arthurdejong.org/${PN}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS=""
+IUSE="debug kerberos +pam sasl test +utils"
+
+COMMON_DEP="
+ net-nds/openldap[${MULTILIB_USEDEP}]
+ sasl? ( dev-libs/cyrus-sasl[${MULTILIB_USEDEP}] )
+ kerberos? ( virtual/krb5[${MULTILIB_USEDEP}] )
+ pam? ( virtual/pam[${MULTILIB_USEDEP}] )
+ utils? ( ${PYTHON_DEPS} )
+ !sys-auth/nss_ldap
+ !sys-auth/pam_ldap"
+RDEPEND="${COMMON_DEP}"
+DEPEND="${COMMON_DEP}
+ test? (
+ ${PYTHON_DEPS}
+ dev-python/pylint[${PYTHON_USEDEP}]
+ )
+ sys-devel/automake"
+
+REQUIRED_USE="
+ utils? ( ${PYTHON_REQUIRED_USE} )
+ test? ( ${PYTHON_REQUIRED_USE} )"
+
+pkg_setup() {
+ enewgroup nslcd
+ enewuser nslcd -1 -1 -1 nslcd
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-0.9.4-disable-py3-only-linters.patch
+ epatch_user
+ use utils && python_setup
+}
+
+multilib_src_configure() {
+ local -a myconf
+
+ myconf=(
+ --disable-utils
+ --enable-warnings
+ --with-ldap-lib=openldap
+ --with-ldap-conf-file=/etc/nslcd.conf
+ --with-nslcd-pidfile=/run/nslcd/nslcd.pid
+ --with-nslcd-socket=/run/nslcd/socket
+ $(usex x86-fbsd '--with-nss-flavour=' '--with-nss-flavour=' 'freebsd' 'glibc')
+ $(use_enable debug)
+ $(use_enable kerberos)
+ $(use_enable pam)
+ $(use_enable sasl)
+ )
+
+ # nss libraries always go in /lib on Gentoo
+ if multilib_is_native_abi ; then
+ myconf+=("--with-pam-seclib-dir=${EPREFIX}/$(get_libdir)/security")
+ myconf+=("--libdir=${EPREFIX}/$(get_libdir)")
+ else
+ myconf+=("--with-pam-seclib-dir=/$(get_libdir)/security")
+ myconf+=("--libdir=/$(get_libdir)")
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+}
+
+multilib_src_install_all() {
+ local script
+
+ newinitd "${FILESDIR}"/nslcd-init-r1 nslcd
+ newinitd "${FILESDIR}"/nslcd-init-r2 nslcd
+ newinitd "${FILESDIR}"/nslcd-init-s6 nslcd-s6
+ s6_install_service nslcd "${FILESDIR}"/nslcd-run-s6
+
+ insinto /usr/share/nss-pam-ldapd
+ doins "${WORKDIR}/${P}/nslcd.conf"
+
+ fperms o-r /etc/nslcd.conf
+
+ if use utils; then
+ python_moduleinto nslcd
+ python_foreach_impl && python_domodule utils/*.py
+
+ for script in chsh getent; do
+ python_foreach_impl python_newscript utils/${script}.py ${script}.ldap
+ done
+ fi
+
+ systemd_newtmpfilesd "${FILESDIR}"/nslcd-tmpfiles.conf nslcd.conf
+ systemd_dounit "${FILESDIR}"/nslcd.service
+}
+
+multilib_src_test() {
+ python_foreach_impl emake check
+}
+
+pkg_postinst() {
+ echo
+ elog "For this to work you must configure /etc/nslcd.conf"
+ elog "This configuration is similar to pam_ldap's /etc/ldap.conf"
+ echo
+ elog "In order to use nss-pam-ldapd, nslcd needs to be running. You can"
+ elog "start it like this:"
+ elog " # /etc/init.d/nslcd start"
+ echo
+ elog "You can add it to the default runlevel like so:"
+ elog " # rc-update add nslcd default"
+ elog
+ elog "If you have >=sys-apps/openrc-0.16.3, you can also use s6"
+ elog "to supervise this service."
+ elog "To do this, emerge sys-apps/s6 then add nslcd-s6"
+ elog "default runlevel instead of nslcd."
+ elog
+ elog "If you are upgrading, keep in mind that /etc/nss-ldapd.conf"
+ elog " is now named /etc/nslcd.conf"
+ echo
+}
diff --git a/sys-auth/nss_ldap/Manifest b/sys-auth/nss_ldap/Manifest
new file mode 100644
index 00000000000..8a1698c3ee1
--- /dev/null
+++ b/sys-auth/nss_ldap/Manifest
@@ -0,0 +1,6 @@
+DIST nss_ldap-258.tar.gz 274694 SHA256 afa3bb64cd29557e775219585655721ac220de5804d95d0c307dab86f2308346 SHA512 0a92076214e6ffaa60929a9fdc34fe7c9a584a0789d54ea505e65a69eda88a3ee0382ea5a90c581073c95671fa3a50b8a8a529e30f4260afacb3820695773ecb WHIRLPOOL 2d9f5e950886b9714c9c8ca348df855054b9505ca0c7891ec919016c1fa8cd1ddc9723fe74c7ecadfa75504f8bb77b78c50a7e64d67f934d4064a26e3b381db1
+DIST nss_ldap-259.tar.gz 274878 SHA256 8b65a32717f6173911aaea8e89b2c89ccb901f14f1063f5e49b5ab77d45f1790
+DIST nss_ldap-261.tar.gz 276065 SHA256 7e9a6e8e1f07607b63f5f61fda755778fb1257e6599ac467327b6e817de5aad7
+DIST nss_ldap-262.tar.gz 274927 SHA256 179cd8458ae3cc23cb726cf15afb94089482dd22559ac503e7df5fd6fc2c4cbf
+DIST nss_ldap-264.tar.gz 278134 SHA256 556198f2774bdb61a597da3fa8a5ecc80a3271ed9ab177760df7c4f22d6b1d25 SHA512 e7decde11377f10ec98fd360a38cbf08b9af7e328e967e417367e9e501faf0868be67a6f8fc1dd9b1fe7ee2ae720ee791ed481e21e80f686e750351b3ea6e689 WHIRLPOOL 717bb86422fc93fdf157949e261858afbd61976d329d039854fab7c912b130c07ef226fa5c50ec3f2e3e7171e2ad0830017816eade377e36885cb5d0f8142245
+DIST nss_ldap-265.tar.gz 280976 SHA256 77b54d905f50d774f28d5559d49126f1bc76720f741b0864a64bb4936ec226a8 SHA512 c4584682968861dd5880992fe7d11c6005d94f0c17252ab1cda04380fd7a81b419ba7e87d0efa44c24c5ce5bf76b9fd8331034dddb4f1400f132eb2192472077 WHIRLPOOL 3e24f18cc9d40738b22f2f0747c081a70e788bc6eb4c742c4d70b153db1b500f27ea2a5bbb935438f020075a6dd198398dd335509fb523239a3f5184f92223c7
diff --git a/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch b/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch
new file mode 100644
index 00000000000..1dbd8dc889a
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch
@@ -0,0 +1,42 @@
+--- ldap-nss.c 2004-09-28 03:20:11.000000000 +0100
++++ ldap-nss.c.new 2005-07-04 01:32:12.000000000 +0100
+@@ -330,6 +330,39 @@
+
+ timelimit = __session.ls_config->ldc_bind_timelimit;
+
++#ifdef HAVE_LDAP_START_TLS_S
++ if (__session.ls_config->ldc_ssl_on == SSL_START_TLS)
++ {
++ int version;
++
++ if (ldap_get_option
++ (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION,
++ &version) == LDAP_OPT_SUCCESS)
++ {
++ if (version < LDAP_VERSION3)
++ {
++ version = LDAP_VERSION3;
++ ldap_set_option (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION,
++ &version);
++ }
++ }
++
++ debug ("==> start_tls");
++ if (ldap_start_tls_s (__session.ls_conn, NULL, NULL) == LDAP_SUCCESS)
++ {
++ debug ("TLS startup succeeded");
++ }
++ else
++ {
++ debug ("TLS startup failed");
++ do_close ();
++ debug ("<== do_open");
++ return NSS_UNAVAIL;
++ }
++ debug ("<== start_tls");
++ }
++#endif /* HAVE_LDAP_START_TLS_S */
++
+ return do_bind (ld, timelimit, who, cred, with_sasl);
+ }
+ #else
diff --git a/sys-auth/nss_ldap/files/nss_ldap-249-sasl-compile.patch b/sys-auth/nss_ldap/files/nss_ldap-249-sasl-compile.patch
new file mode 100644
index 00000000000..1e92c9bb6fe
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-249-sasl-compile.patch
@@ -0,0 +1,11 @@
+--- ldap-nss.c~ 2006-02-25 02:43:33.503639826 -0800
++++ ldap-nss.c 2006-02-25 02:50:51.943806612 -0800
+@@ -72,6 +72,8 @@
+ #include <sasl/sasl.h>
+ #elif defined(HAVE_SASL_H)
+ #include <sasl.h>
++#elif defined(HAVE_SASL_SASL_H)
++#include <sasl/sasl.h>
+ #endif
+
+ #ifndef HAVE_SNPRINTF
diff --git a/sys-auth/nss_ldap/files/nss_ldap-252-reconnect-timeouts.patch b/sys-auth/nss_ldap/files/nss_ldap-252-reconnect-timeouts.patch
new file mode 100644
index 00000000000..285a34e3df4
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-252-reconnect-timeouts.patch
@@ -0,0 +1,65 @@
+This patch changes the default timeouts, so that they are much lower, and do
+not cause major delays when booting a system. This is a workaround until the
+core /etc/{passwd,group} contain all of the data needed for a system boot.
+
+Also add a note that 'ssl on' is broken and TLS should be used instead.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+
+diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap-nss.h nss_ldap-250/ldap-nss.h
+--- nss_ldap-250.orig/ldap-nss.h 2006-04-26 18:19:00.000000000 -0700
++++ nss_ldap-250/ldap-nss.h 2006-06-14 01:58:01.933005492 -0700
+@@ -96,9 +96,9 @@
+ * unacceptable, in which case you may wish to adjust
+ * the constants below.
+ */
+-#define LDAP_NSS_TRIES 5 /* number of sleeping reconnect attempts */
+-#define LDAP_NSS_SLEEPTIME 4 /* seconds to sleep; doubled until max */
+-#define LDAP_NSS_MAXSLEEPTIME 64 /* maximum seconds to sleep */
++#define LDAP_NSS_TRIES 4 /* number of sleeping reconnect attempts */
++#define LDAP_NSS_SLEEPTIME 1 /* seconds to sleep; doubled until max */
++#define LDAP_NSS_MAXSLEEPTIME 16 /* maximum seconds to sleep */
+ #define LDAP_NSS_MAXCONNTRIES 2 /* reconnect attempts before sleeping */
+
+ #if defined(HAVE_NSSWITCH_H) || defined(HAVE_IRS_H)
+diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap.conf nss_ldap-250/ldap.conf
+--- nss_ldap-250.orig/ldap.conf 2006-04-26 18:19:00.000000000 -0700
++++ nss_ldap-250/ldap.conf 2006-06-14 02:12:02.008444745 -0700
+@@ -283,7 +283,8 @@
+ # OpenLDAP SSL mechanism
+ # start_tls mechanism uses the normal LDAP port, LDAPS typically 636
+ #ssl start_tls
+-#ssl on
++###ssl on
++# Gentoo note: Don't use 'ssl on' in 249/250. They are broken in some cases! Use start_tls instead.
+
+ # OpenLDAP SSL options
+ # Require and verify server certificate (yes/no)
+@@ -315,3 +316,27 @@
+ # Override the default Kerberos ticket cache location.
+ #krb5_ccname FILE:/etc/.ldapcache
+
++# Timeout behavior
++# Upstream nss_ldap hard-codes these values:
++#nss_reconnect_tries 5 # number of times to double the sleep time
++#nss_reconnect_sleeptime 4 # initial sleep value
++#nss_reconnect_maxsleeptime 64 # max sleep value to cap at
++#nss_reconnect_maxconntries 2 # how many tries before sleeping
++# This leads to a delay of 124 seconds (4+8+16+32+64=124) per lookup if the
++# server is not available.
++
++# For Gentoo's distribution of nss_ldap, as of 250-r1, we use these values
++# (The hardwired constants in the code are changed to them as well):
++nss_reconnect_tries 4 # number of times to double the sleep time
++nss_reconnect_sleeptime 1 # initial sleep value
++nss_reconnect_maxsleeptime 16 # max sleep value to cap at
++nss_reconnect_maxconntries 2 # how many tries before sleeping
++# This leads to a delay of 15 seconds (1+2+4+8=15)
++
++# If you are impatient, and know your LDAP server is reliable, fast or local,
++# you may wish to use these values instead:
++#nss_reconnect_tries 1 # number of times to double the sleep time
++#nss_reconnect_sleeptime 1 # initial sleep value
++#nss_reconnect_maxsleeptime 1 # max sleep value to cap at
++#nss_reconnect_maxconntries 3 # how many tries before sleeping
++# This leads to a delay of 1 second.
diff --git a/sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_skipmembers.patch b/sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_skipmembers.patch
new file mode 100644
index 00000000000..68809bcf1b1
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_skipmembers.patch
@@ -0,0 +1,226 @@
+diff -c -r nss_ldap-250/ChangeLog nss_ldap-250.1/ChangeLog
+*** nss_ldap-250/ChangeLog Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/ChangeLog Wed Aug 16 16:58:57 2006
+***************
+*** 1,6 ****
+--- 1,13 ----
+ $Id$
+ ===============================================================
+
++ 250.1 Paul B. Henson <henson@acm.org>
++
++ * add nss_getgrent_skipmembers parameter to ldap.conf,
++ if enabled will not request member attributes for
++ group lookups, greatly increasing performance in the
++ face of large groups
++
+ 250 Luke Howard <lukeh@padl.com>
+
+ * don't use static _nss_ldap_no_members buffer,
+diff -c -r nss_ldap-250/ldap-nss.c nss_ldap-250.1/ldap-nss.c
+*** nss_ldap-250/ldap-nss.c Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/ldap-nss.c Wed Aug 16 16:51:49 2006
+***************
+*** 1258,1264 ****
+
+ cfg = __config;
+
+! _nss_ldap_init_attributes (cfg->ldc_attrtab);
+ _nss_ldap_init_filters ();
+
+ #ifdef HAVE_LDAP_SET_OPTION
+--- 1258,1264 ----
+
+ cfg = __config;
+
+! _nss_ldap_init_attributes (cfg->ldc_attrtab, cfg->ldc_getgrent_skipmembers);
+ _nss_ldap_init_filters ();
+
+ #ifdef HAVE_LDAP_SET_OPTION
+diff -c -r nss_ldap-250/ldap-nss.h nss_ldap-250.1/ldap-nss.h
+*** nss_ldap-250/ldap-nss.h Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/ldap-nss.h Wed Aug 16 16:51:59 2006
+***************
+*** 390,395 ****
+--- 390,396 ----
+ time_t ldc_mtime;
+
+ char **ldc_initgroups_ignoreusers;
++ int ldc_getgrent_skipmembers;
+ };
+
+ typedef struct ldap_config ldap_config_t;
+diff -c -r nss_ldap-250/ldap-schema.c nss_ldap-250.1/ldap-schema.c
+*** nss_ldap-250/ldap-schema.c Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/ldap-schema.c Wed Aug 16 16:54:52 2006
+***************
+*** 273,279 ****
+
+ static void init_pwd_attributes (const char ***pwd_attrs);
+ static void init_sp_attributes (const char ***sp_attrs);
+! static void init_grp_attributes (const char ***grp_attrs);
+ static void init_hosts_attributes (const char ***hosts_attrs);
+ static void init_services_attributes (const char ***services_attrs);
+ static void init_network_attributes (const char ***network_attrs);
+--- 273,279 ----
+
+ static void init_pwd_attributes (const char ***pwd_attrs);
+ static void init_sp_attributes (const char ***sp_attrs);
+! static void init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers);
+ static void init_hosts_attributes (const char ***hosts_attrs);
+ static void init_services_attributes (const char ***services_attrs);
+ static void init_network_attributes (const char ***network_attrs);
+***************
+*** 289,299 ****
+ * attribute table initialization routines
+ */
+ void
+! _nss_ldap_init_attributes (const char ***attrtab)
+ {
+ init_pwd_attributes (&attrtab[LM_PASSWD]);
+ init_sp_attributes (&attrtab[LM_SHADOW]);
+! init_grp_attributes (&attrtab[LM_GROUP]);
+ init_hosts_attributes (&attrtab[LM_HOSTS]);
+ init_services_attributes (&attrtab[LM_SERVICES]);
+ init_network_attributes (&attrtab[LM_NETWORKS]);
+--- 289,299 ----
+ * attribute table initialization routines
+ */
+ void
+! _nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers)
+ {
+ init_pwd_attributes (&attrtab[LM_PASSWD]);
+ init_sp_attributes (&attrtab[LM_SHADOW]);
+! init_grp_attributes (&attrtab[LM_GROUP], ldc_getgrent_skipmembers);
+ init_hosts_attributes (&attrtab[LM_HOSTS]);
+ init_services_attributes (&attrtab[LM_SERVICES]);
+ init_network_attributes (&attrtab[LM_NETWORKS]);
+***************
+*** 357,363 ****
+ }
+
+ static void
+! init_grp_attributes (const char ***grp_attrs)
+ {
+ int i = 0;
+ static const char *__grp_attrs[ATTRTAB_SIZE + 1];
+--- 357,363 ----
+ }
+
+ static void
+! init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers)
+ {
+ int i = 0;
+ static const char *__grp_attrs[ATTRTAB_SIZE + 1];
+***************
+*** 366,374 ****
+
+ (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, cn);
+ (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, userPassword);
+! (*grp_attrs)[i++] = (char *) AT (memberUid);
+! if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
+! (*grp_attrs)[i++] = (char *) AT (uniqueMember);
+ (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, gidNumber);
+ (*grp_attrs)[i] = NULL;
+ }
+--- 366,377 ----
+
+ (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, cn);
+ (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, userPassword);
+! if (!ldc_getgrent_skipmembers)
+! {
+! (*grp_attrs)[i++] = (char *) AT (memberUid);
+! if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
+! (*grp_attrs)[i++] = (char *) AT (uniqueMember);
+! }
+ (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, gidNumber);
+ (*grp_attrs)[i] = NULL;
+ }
+diff -c -r nss_ldap-250/ldap-schema.h nss_ldap-250.1/ldap-schema.h
+*** nss_ldap-250/ldap-schema.h Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/ldap-schema.h Wed Aug 16 16:54:07 2006
+***************
+*** 30,36 ****
+ * function to initialize global lookup filters.
+ */
+ void _nss_ldap_init_filters ();
+! void _nss_ldap_init_attributes (const char ***attrtab);
+
+ /**
+ * make filters formerly declared in ldap-*.h globally available.
+--- 30,36 ----
+ * function to initialize global lookup filters.
+ */
+ void _nss_ldap_init_filters ();
+! void _nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers);
+
+ /**
+ * make filters formerly declared in ldap-*.h globally available.
+diff -c -r nss_ldap-250/nss_ldap.5 nss_ldap-250.1/nss_ldap.5
+*** nss_ldap-250/nss_ldap.5 Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/nss_ldap.5 Wed Aug 16 17:07:19 2006
+***************
+*** 445,450 ****
+--- 445,458 ----
+ to return NSS_STATUS_NOTFOUND if called with a listed users as
+ its argument.
+ .TP
++ .B nss_getgrent_skipmembers <yes|no>
++ Specifies whether or not to populate the members list in
++ the group structure for group lookups. If very large groups
++ are present, enabling this option will greatly increase
++ perforance, at the cost of some lost functionality. You should
++ verify no local applications rely on this information before
++ enabling this on a production system.
++ .TP
+ .B nss_srv_domain <domain>
+ This option determines the DNS domain used for performing SRV
+ lookups.
+diff -c -r nss_ldap-250/util.c nss_ldap-250.1/util.c
+*** nss_ldap-250/util.c Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/util.c Wed Aug 16 16:52:55 2006
+***************
+*** 660,665 ****
+--- 660,666 ----
+ result->ldc_reconnect_maxsleeptime = LDAP_NSS_MAXSLEEPTIME;
+ result->ldc_reconnect_maxconntries = LDAP_NSS_MAXCONNTRIES;
+ result->ldc_initgroups_ignoreusers = NULL;
++ result->ldc_getgrent_skipmembers = 0;
+
+ for (i = 0; i <= LM_NONE; i++)
+ {
+***************
+*** 1137,1142 ****
+--- 1138,1156 ----
+ break;
+ }
+ }
++ else if (!strcasecmp (k, NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS))
++ {
++ if (!strcasecmp (v, "on") || !strcasecmp (v, "yes")
++ || !strcasecmp (v, "true"))
++ {
++ result->ldc_getgrent_skipmembers = 1;
++ }
++ else if (!strcasecmp (v, "off") || !strcasecmp (v, "no")
++ || !strcasecmp (v, "false"))
++ {
++ result->ldc_getgrent_skipmembers = 0;
++ }
++ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_CONNECT_POLICY))
+ {
+ if (!strcasecmp (v, "oneshot"))
+diff -c -r nss_ldap-250/util.h nss_ldap-250.1/util.h
+*** nss_ldap-250/util.h Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/util.h Wed Aug 16 16:49:52 2006
+***************
+*** 83,88 ****
+--- 83,89 ----
+ #define NSS_LDAP_KEY_PAGESIZE "pagesize"
+ #define NSS_LDAP_KEY_INITGROUPS "nss_initgroups"
+ #define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS "nss_initgroups_ignoreusers"
++ #define NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS "nss_getgrent_skipmembers"
+
+ /* more reconnect policy fine-tuning */
+ #define NSS_LDAP_KEY_RECONNECT_TRIES "nss_reconnect_tries"
diff --git a/sys-auth/nss_ldap/files/nss_ldap-254-soname.patch b/sys-auth/nss_ldap/files/nss_ldap-254-soname.patch
new file mode 100644
index 00000000000..e832c2f0d21
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-254-soname.patch
@@ -0,0 +1,12 @@
+Set the soname which glibc expects us to have.
+--- nss_ldap-254/configure.in 2007-02-26 16:40:53.000000000 -0500
++++ nss_ldap-254/configure.in 2007-02-26 16:40:47.000000000 -0500
+@@ -92,7 +92,7 @@
+ nss_ldap_so_LDFLAGS="-b -dynamic -G `cat exports.hpux`"
+ CPPFLAGS="$CPPFLAGS -I. -DHPUX"
+ TARGET_OS=HPUX ;;
+-linux*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic -Wl,--version-script,\$(srcdir)/exports.linux" ;;
++linux*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic -Wl,--version-script,\$(srcdir)/exports.linux -Wl,-soname=libnss_ldap.so.2" ;;
+ *) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic" ;;
+ esac
+
diff --git a/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch b/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch
new file mode 100644
index 00000000000..d2f8efeec75
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch
@@ -0,0 +1,92 @@
+Gentoo-Bug: 155492
+Original-Author: Heath Caldwell <hncaldwell@csupomona.edu>
+Rediffed-by: Robin H. Johnson <robbat2@gentoo.org>
+
+--- nss_ldap-257.orig/ChangeLog 2007-09-18 15:02:59.997686000 -0700
++++ nss_ldap-257/ChangeLog 2007-09-18 15:04:07.925113592 -0700
+@@ -3,2 +3,7 @@
+
++257.1 Heath Caldwell <hncaldwell@csupomona.edu>
++
++ * add configurable maximum group depth with new
++ configuration file option called nss_max_group_depth
++
+ 257 Luke Howard <lukeh@padl.com>
+--- nss_ldap-257.orig/ldap-grp.c 2007-08-02 21:51:09.000000000 -0700
++++ nss_ldap-257/ldap-grp.c 2007-09-18 15:03:23.734619150 -0700
+@@ -308,7 +308,7 @@
+ uniquemember_attrs[0] = uniquemember_attr;
+ uniquemember_attrs[1] = NULL;
+
+- if (*depth > LDAP_NSS_MAXGR_DEPTH)
++ if (*depth > _nss_ldap_max_group_depth)
+ {
+ return NSS_NOTFOUND;
+ }
+@@ -844,7 +844,7 @@
+ const char *gidnumber_attrs[2];
+ int erange;
+
+- if (lia->depth > LDAP_NSS_MAXGR_DEPTH)
++ if (lia->depth > _nss_ldap_max_group_depth)
+ return NSS_NOTFOUND;
+
+ if (_nss_ldap_namelist_find (lia->known_groups, dn))
+@@ -890,7 +890,7 @@
+ size_t memberCount, i;
+ int erange;
+
+- if (lia->depth > LDAP_NSS_MAXGR_DEPTH)
++ if (lia->depth > _nss_ldap_max_group_depth)
+ return NSS_NOTFOUND;
+
+ for (memberCount = 0; membersOf[memberCount] != NULL; memberCount++)
+--- nss_ldap-257.orig/ldap-nss.h 2007-09-18 15:02:59.997686000 -0700
++++ nss_ldap-257/ldap-nss.h 2007-09-18 15:03:23.734619150 -0700
+@@ -105,7 +105,8 @@
+ #define LDAP_NSS_MAXNETGR_DEPTH 16 /* maximum depth of netgroup nesting for innetgr() */
+ #endif /* HAVE_NSSWITCH_H */
+
+-#define LDAP_NSS_MAXGR_DEPTH 16 /* maximum depth of group nesting for getgrent()/initgroups() */
++#define LDAP_NSS_MAXGR_DEPTH 16 /* default maximum depth of group nesting for getgrent()/initgroups() */
++extern int _nss_ldap_max_group_depth; /* global variable to hold maximum group depth */
+
+ #if LDAP_NSS_NGROUPS > 64
+ #define LDAP_NSS_BUFLEN_GROUP (NSS_BUFSIZ + (LDAP_NSS_NGROUPS * (sizeof (char *) + LOGNAME_MAX)))
+--- nss_ldap-257.orig/nss_ldap.5 2007-09-18 15:03:00.001020000 -0700
++++ nss_ldap-257/nss_ldap.5 2007-09-18 15:05:42.779508238 -0700
+@@ -453,6 +453,10 @@
+ verify no local applications rely on this information before
+ enabling this on a production system.
+ .TP
++.B nss_max_group_depth <value>
++Specifies the maximum depth to which nested groups are queried.
++A value of 0 effectively disables querying for nested groups.
++.TP
+ .B nss_srv_domain <domain>
+ This option determines the DNS domain used for performing SRV
+ lookups.
+--- nss_ldap-257.orig/util.c 2007-09-18 15:03:00.001020000 -0700
++++ nss_ldap-257/util.c 2007-09-18 15:04:35.032083555 -0700
+@@ -62,2 +62,5 @@
+
++/* Initialize global maximum group depth to default. */
++int _nss_ldap_max_group_depth = LDAP_NSS_MAXGR_DEPTH;
++
+ static NSS_STATUS do_getrdnvalue (const char *dn,
+@@ -805,2 +808,5 @@
+
++ /* Reset global maximum group depth to default. */
++ _nss_ldap_max_group_depth = LDAP_NSS_MAXGR_DEPTH;
++
+ while (fgets (b, sizeof (b), fp) != NULL)
+--- nss_ldap-257.orig/util.h 2007-09-18 15:03:00.001020000 -0700
++++ nss_ldap-257/util.h 2007-09-18 15:05:11.295822638 -0700
+@@ -84,6 +84,7 @@
+ #define NSS_LDAP_KEY_INITGROUPS "nss_initgroups"
+ #define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS "nss_initgroups_ignoreusers"
+ #define NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS "nss_getgrent_skipmembers"
++#define NSS_LDAP_KEY_MAX_GROUP_DEPTH "nss_max_group_depth"
+
+ /* more reconnect policy fine-tuning */
+ #define NSS_LDAP_KEY_RECONNECT_TRIES "nss_reconnect_tries"
diff --git a/sys-auth/nss_ldap/files/nss_ldap-257.2-gssapi-headers.patch b/sys-auth/nss_ldap/files/nss_ldap-257.2-gssapi-headers.patch
new file mode 100644
index 00000000000..cec5517e741
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-257.2-gssapi-headers.patch
@@ -0,0 +1,65 @@
+http://bugs.gentoo.org/show_bug.cgi?id=165638
+http://bugzilla.padl.com/show_bug.cgi?id=308
+
+Make nss_ldap compile with gssapi/gssapi.h even if there is no
+gssapi/gssapi_krb5.h present. This seems to be needed to compile against
+heimdal. Extended header checks and modified preprocessor logic a bit.
+
+2007-02-07 Martin von Gagern <Martin.vGagern@gmx.net>
+
+diff -ruN nss_ldap-257.2.orig/config.h.in nss_ldap-257.2/config.h.in
+--- nss_ldap-257.2.orig/config.h.in 2007-10-24 14:22:55.000000000 +0200
++++ nss_ldap-257.2/config.h.in 2007-10-24 14:25:15.000000000 +0200
+@@ -87,6 +87,9 @@
+ /* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
+ #undef HAVE_GSSAPI_GSSAPI_KRB5_H
+
++/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
++#undef HAVE_GSSAPI_GSSAPI_H
++
+ /* Define to 1 if you have the <gssapi.h> header file. */
+ #undef HAVE_GSSAPI_H
+
+diff -ruN nss_ldap-257.2.orig/configure nss_ldap-257.2/configure
+--- nss_ldap-257.2.orig/configure 2007-10-24 14:22:55.000000000 +0200
++++ nss_ldap-257.2/configure 2007-10-24 14:25:49.000000000 +0200
+@@ -8409,7 +8409,7 @@
+
+
+
+-for ac_header in gssapi/gssapi_krb5.h gssapi.h
++for ac_header in gssapi/gssapi_krb5.h gssapi/gssapi.h gssapi.h
+ do
+ as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ if eval "test \"\${$as_ac_Header+set}\" = set"; then
+diff -ruN nss_ldap-257.2.orig/configure.in nss_ldap-257.2/configure.in
+--- nss_ldap-257.2.orig/configure.in 2007-10-24 14:22:55.000000000 +0200
++++ nss_ldap-257.2/configure.in 2007-10-24 14:26:26.000000000 +0200
+@@ -182,7 +182,7 @@
+ AC_CHECK_HEADERS(strings.h)
+ AC_CHECK_HEADERS(gssldap.h)
+ AC_CHECK_HEADERS(gsssasl.h)
+-AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi.h)
++AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi/gssapi.h gssapi.h)
+ AC_CHECK_HEADERS(krb5.h)
+
+ AC_CHECK_LIB(resolv, main)
+diff -ruN nss_ldap-257.2.orig/ldap-nss.c nss_ldap-257.2/ldap-nss.c
+--- nss_ldap-257.2.orig/ldap-nss.c 2007-10-24 14:22:55.000000000 +0200
++++ nss_ldap-257.2/ldap-nss.c 2007-10-24 14:27:32.000000000 +0200
+@@ -82,10 +82,14 @@
+ #endif
+ #ifdef HAVE_GSSAPI_H
+ #include <gssapi.h>
+-#elif defined(HAVE_GSSAPI_GSSAPI_KRB5_H)
++#else
++#ifdef HAVE_GSSAPI_GSSAPI_H
+ #include <gssapi/gssapi.h>
++#endif
++#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
+ #include <gssapi/gssapi_krb5.h>
+ #endif
++#endif
+ #ifdef CONFIGURE_KRB5_CCNAME
+ #include <krb5.h>
+ #endif
diff --git a/sys-auth/nss_ldap/files/nss_ldap-264-disable-automagic.patch b/sys-auth/nss_ldap/files/nss_ldap-264-disable-automagic.patch
new file mode 100644
index 00000000000..7671574da4d
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-264-disable-automagic.patch
@@ -0,0 +1,109 @@
+Explicitly provide a way to disable Kerberos/SASL/SSL usage in nss_ldap, so
+that you can build non-kerberos versions on systems with Kerberos installed
+WITHOUT it linking due to presence.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+
+diff -Nuar nss_ldap-264.orig/configure.in nss_ldap-264/configure.in
+--- nss_ldap-264.orig/configure.in 2009-07-28 10:35:27.599965878 -0700
++++ nss_ldap-264/configure.in 2009-07-28 10:36:00.620375469 -0700
+@@ -10,6 +10,21 @@
+ AC_PROG_INSTALL
+
+ dnl
++dnl Turn on/off SSL
++dnl
++AC_ARG_ENABLE(ssl, [ --enable-ssl enable SSL code ], [AC_DEFINE([WANT_SSL], [1], [Define if SSL is wanted])])
++
++dnl
++dnl Turn on/off Kerberos
++dnl
++AC_ARG_ENABLE(krb, [ --enable-krb enable Kerberos code ], [AC_DEFINE([WANT_KRB], [1], [Define if Kerberos is wanted])])
++
++dnl
++dnl Turn on/off SASL
++dnl
++AC_ARG_ENABLE(sasl, [ --enable-sasl enable Kerberos code ], [AC_DEFINE([WANT_SASL], [1], [Define if SASL is wanted])])
++
++dnl
+ dnl --enable-rfc2307bis is now deprecated; if this option is set,
+ dnl then RFC2307bis support will be enabled by default. However
+ dnl it can now always be enabled at runtime with the nss_schema
+@@ -178,12 +193,18 @@
+ AC_CHECK_HEADERS(sys/un.h)
+ AC_CHECK_HEADERS(libc-lock.h)
+ AC_CHECK_HEADERS(bits/libc-lock.h)
+-AC_CHECK_HEADERS(sasl.h sasl/sasl.h)
++if test "$enable_sasl" \!= "no"; then
++ AC_CHECK_HEADERS(sasl.h sasl/sasl.h)
++fi
+ AC_CHECK_HEADERS(strings.h)
+-AC_CHECK_HEADERS(gssldap.h)
+-AC_CHECK_HEADERS(gsssasl.h)
+-AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi/gssapi.h gssapi.h)
+-AC_CHECK_HEADERS(krb5.h)
++if test "$enable_krb" \!= "no"; then
++ AC_CHECK_HEADERS(gssldap.h)
++ if test "$enable_sasl" \!= "no"; then
++ AC_CHECK_HEADERS(gsssasl.h)
++ fi
++ AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi/gssapi.h gssapi.h)
++ AC_CHECK_HEADERS(krb5.h)
++fi
+
+ AC_CHECK_LIB(resolv, main)
+ AC_CHECK_LIB(nsl, main)
+@@ -286,19 +307,25 @@
+ AC_CHECK_LIB(dl, dlopen,[LIBS="-ldl $LIBS"],,$LIBS)
+ dnl AC_CHECK_LIB(db, main,[LIBS="-ldb $LIBS"],,$LIBS)
+
+-AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,[LIBS="-lgssapi $LIBS" found_gssapi_lib=yes],,$LIBS)
+-if test -z "$found_gssapi_lib"; then
+- AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,[LIBS="-lgssapi_krb5 $LIBS"],,$LIBS)
++if test "$enable_krb" \!= "no"; then
++ AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,[LIBS="-lgssapi $LIBS" found_gssapi_lib=yes],,$LIBS)
++ if test -z "$found_gssapi_lib"; then
++ AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,[LIBS="-lgssapi_krb5 $LIBS"],,$LIBS)
++ fi
+ fi
+
+ dnl Following checks probably not strictly necessary.
+ dnl AC_CHECK_LIB(crypto, main,[LIBS="-lcrypto $LIBS"],,$LIBS)
+ dnl AC_CHECK_LIB(ssl, main,[LIBS="-lssl $LIBS"],,$LIBS)
+ AC_CHECK_LIB(com_err, main,[LIBS="-lcom_err $LIBS"],,$LIBS)
+-dnl AC_CHECK_LIB(k5crypto, main,[LIBS="-lk5crypto $LIBS"],,$LIBS)
+-AC_CHECK_LIB(krb5, main,[LIBS="-lkrb5 $LIBS"],,$LIBS)
+-dnl AC_CHECK_LIB(krb4, main,[LIBS="-lkrb4 $LIBS"],,$LIBS)
+-AC_CHECK_LIB(sasl2, sasl_client_init)
++if test "$enable_krb" \!= "no"; then
++ dnl AC_CHECK_LIB(k5crypto, main,[LIBS="-lk5crypto $LIBS"],,$LIBS)
++ AC_CHECK_LIB(krb5, main,[LIBS="-lkrb5 $LIBS"],,$LIBS)
++ dnl AC_CHECK_LIB(krb4, main,[LIBS="-lkrb4 $LIBS"],,$LIBS)
++fi
++if test "$enable_sasl" \!= "no"; then
++ AC_CHECK_LIB(sasl2, sasl_client_init)
++fi
+
+ if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = umich -o $with_ldap_lib = openldap \); then
+ AC_CHECK_LIB(lber, main)
+@@ -331,13 +358,17 @@
+ AC_CHECK_LIB(pthread, main)
+ fi
+
+-AC_CHECK_LIB(gssldap, ldap_gss_bind,[LIBS="-lgssldap $LIBS"],,$LIBS)
++if test "$enable_krb" \!= "no"; then
++ AC_CHECK_LIB(gssldap, ldap_gss_bind,[LIBS="-lgssldap $LIBS"],,$LIBS)
++fi
+
+-AC_CHECK_FUNCS(sasl_auxprop_request)
+ AC_CHECK_FUNCS(ldap_init ldap_get_lderrno ldap_parse_result ldap_memfree ldap_controls_free)
+ AC_CHECK_FUNCS(ldap_ld_free ldap_explode_rdn ldap_set_option ldap_get_option)
+-AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s ldap_initialize ldap_search_ext)
++AC_CHECK_FUNCS(ldap_initialize ldap_search_ext)
+ AC_CHECK_FUNCS(ldap_create_control ldap_create_page_control ldap_parse_page_control)
++if test "$enable_sasl" \!= "no"; then
++ AC_CHECK_FUNCS(sasl_auxprop_request ldap_sasl_interactive_bind_s)
++fi
+ if test "$enable_ssl" \!= "no"; then
+ AC_CHECK_FUNCS(ldapssl_client_init ldap_start_tls_s ldap_pvt_tls_set_option ldap_start_tls)
+ fi
diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-fbsd.patch b/sys-auth/nss_ldap/files/nss_ldap-265-fbsd.patch
new file mode 100644
index 00000000000..1ae1171f88e
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-265-fbsd.patch
@@ -0,0 +1,432 @@
+--- Makefile.am.orig 2009-11-06 05:28:08.000000000 -0500
++++ Makefile.am 2010-01-12 23:24:17.000000000 -0500
+@@ -9,8 +9,12 @@
+ if AIX
+ INST_GID=system
+ else
++if FreeBSD
++INST_GID=wheel
++else
+ INST_GID=root
+ endif
++endif
+
+ EXTRA_DIST = CVSVersionInfo.txt ChangeLog \
+ AUTHORS ANNOUNCE NEWS INSTALL README LICENSE.OpenLDAP COPYING\
+@@ -23,7 +27,7 @@
+ ldap-alias.c ldap-service.c ldap-schema.c ldap-ethers.c \
+ ldap-bp.c ldap-automount.c util.c ltf.c snprintf.c resolve.c \
+ dnsconfig.c irs-nss.c pagectrl.c ldap-sldap.c ldap-init-krb5-cache.c \
+- vers.c
++ vers.c bsdnss.c
+
+ nss_ldap_so_LDFLAGS = @nss_ldap_so_LDFLAGS@
+
+@@ -103,11 +107,10 @@
+ $(mkinstalldirs) $(DESTDIR)$(dir $(NSS_LDAP_PATH_CONF)); \
+ $(INSTALL_DATA) -o $(INST_UID) -g $(INST_GID) $(srcdir)/ldap.conf $(DESTDIR)$(NSS_LDAP_PATH_CONF); \
+ fi
+- $(INSTALL_DATA) -o $(INST_UID) -g $(INST_GID) $(srcdir)/nsswitch.ldap $(DESTDIR)$(sysconfdir)/nsswitch.ldap;
+
+ uninstall-local:
+ @$(NORMAL_UNINSTALL)
+
+ vers.c: $(top_srcdir)/CVSVersionInfo.txt
+- CVSVERSIONDIR=$(top_srcdir) ./vers_string -v
++ $(top_srcdir)/vers_string -v
+
+
+--- configure.in.orig 2007-10-29 06:30:12.000000000 -0700
++++ configure.in 2008-09-26 20:38:20.000000000 -0700
+@@ -97,11 +97,15 @@
+ linux*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic -Wl,--version-script,\$(srcdir)/exports.linux" ;;
+ *) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic" ;;
+ esac
++case "$target_os" in
++freebsd*) TARGET_OS=FreeBSD ;;
++esac
+
+ AM_CONDITIONAL(GCC, test "$GCC" = "yes")
+ AM_CONDITIONAL(GLIBC, test "$target_os" = "linux" -o "$target_os" = "linux-gnu")
+ AM_CONDITIONAL(AIX, test "$TARGET_OS" = AIX)
+ AM_CONDITIONAL(HPUX, test "$TARGET_OS" = HPUX)
++AM_CONDITIONAL(FreeBSD, test "$TARGET_OS" = FreeBSD)
+
+ AM_CONDITIONAL(USE_NATIVE_LINKER, test -n "$nss_ldap_so_LD")
+
+@@ -153,7 +157,6 @@
+ aix*) AC_CHECK_HEADERS(irs.h usersec.h) ;;
+ hpux*) AC_CHECK_HEADERS(nsswitch.h) ;;
+ *) AC_CHECK_HEADERS(nss.h)
+- AC_CHECK_HEADERS(nsswitch.h)
+ AC_CHECK_HEADERS(irs.h) ;;
+ esac
+ AC_CHECK_HEADERS(thread.h)
+@@ -232,7 +235,6 @@
+ AC_CHECK_FUNCS(gethostbyname)
+ AC_CHECK_FUNCS(nsdispatch)
+ AC_CHECK_LIB(pthread_nonshared, main)
+-AC_CHECK_FUNCS(pthread_atfork)
+ AC_CHECK_FUNCS(pthread_once)
+ AC_CHECK_FUNCS(ether_aton)
+ AC_CHECK_FUNCS(ether_ntoa)
+
+--- ldap-ethers.c.orig 2009-11-06 10:28:08.000000000 +0000
++++ ldap-ethers.c 2009-12-23 17:01:14.000000000 +0000
+@@ -217,9 +217,9 @@
+ }
+
+ snprintf(fullmac, sizeof(fullmac), "%02x:%02x:%02x:%02x:%02x:%02x",
+- addr->ether_addr_octet[0], addr->ether_addr_octet[1],
+- addr->ether_addr_octet[2], addr->ether_addr_octet[3],
+- addr->ether_addr_octet[4], addr->ether_addr_octet[5]);
++ addr->octet[0], addr->octet[1],
++ addr->octet[2], addr->octet[3],
++ addr->octet[4], addr->octet[5]);
+
+ LA_INIT(a);
+ LA_STRING(a) = ether_ntoa(addr);
+@@ -343,14 +343,14 @@
+ if (i != 6)
+ return NULL;
+ for (i = 0; i < 6; i++)
+- ep.ether_addr_octet[i] = t[i];
++ ep.octet[i] = t[i];
+
+ return &ep;
+ }
+ #endif /* !HAVE_ETHER_ATON */
+
+ #ifndef HAVE_ETHER_NTOA
+-#define EI(i) (unsigned int)(e->ether_addr_octet[(i)])
++#define EI(i) (unsigned int)(e->octet[(i)])
+ static char *ether_ntoa (const struct ether_addr *e)
+ {
+ static char s[18];
+
+--- ldap-ethers.h.orig 2009-11-06 10:28:08.000000000 +0000
++++ ldap-ethers.h 2009-12-23 17:02:06.000000000 +0000
+@@ -32,7 +32,7 @@
+
+ #ifndef HAVE_STRUCT_ETHER_ADDR
+ struct ether_addr {
+- u_char ether_addr_octet[6];
++ u_char octet[6];
+ };
+ #endif
+
+--- ldap-nss.c.orig Sat May 27 16:23:40 2006
++++ ldap-nss.c Sat May 27 16:23:52 2006
+@@ -69,7 +69,7 @@
+ #endif
+
+ /* Try to handle systems with both SASL libraries installed */
+-#if defined(HAVE_SASL_SASL_H) && defined(HAVE_SASL_AUXPROP_REQUEST)
++#if defined(HAVE_SASL_SASL_H)
+ #include <sasl/sasl.h>
+ #elif defined(HAVE_SASL_H)
+ #include <sasl.h>
+
+--- ldap-pwd.c.orig 2008-10-30 21:50:15.000000000 +0100
++++ ldap-pwd.c 2008-12-06 00:37:30.216966282 +0100
+@@ -21,7 +21,10 @@
+ static char rcsId[] =
+ "$Id$";
+
++#include <sys/types.h>
++#include <unistd.h>
+ #include "config.h"
++
+
+ #ifdef HAVE_PORT_BEFORE_H
+ #include <port_before.h>
+@@ -90,9 +93,13 @@
+ size_t tmplen;
+ char *tmp;
+
+- if (_nss_ldap_oc_check (e, "shadowAccount") == NSS_SUCCESS)
+- {
++/* if (_nss_ldap_oc_check (e, "shadowAccount") == NSS_SUCCESS)
++ * {
++ */
+ /* don't include password for shadowAccount */
++ if (geteuid() != 0)
++ {
++ /* don't include password for non-root users */
+ if (buflen < 3)
+ return NSS_TRYAGAIN;
+
+@@ -163,6 +170,15 @@
+ }
++
++#ifdef HAVE_LOGIN_CLASSES
++ stat =
++ _nss_ldap_assign_attrval (e, AT (loginClass), &pw->pw_class, &buffer,
++ &buflen);
++ if (stat != NSS_SUCCESS)
++ (void) _nss_ldap_assign_emptystring (&pw->pw_class, &buffer, &buflen);
++#endif
++
+
+ stat =
+ _nss_ldap_assign_attrval (e, AT (homeDirectory), &pw->pw_dir, &buffer,
+ &buflen);
+ if (stat != NSS_SUCCESS)
+
+--- ldap-schema.c 2009-08-29 09:21:43.000000000 -0400
++++ ldap-schema.c 2009-08-28 12:09:52.000000000 -0400
+@@ -334,6 +334,9 @@
+ #ifdef HAVE_PASSWD_PW_EXPIRE
+ (*pwd_attrs)[i++] = AT (shadowExpire);
+ #endif /* HAVE_PASSWD_PW_EXPIRE */
++#ifdef HAVE_LOGIN_CLASSES
++ (*pwd_attrs)[i++] = AT (loginClass);
++#endif
+ (*pwd_attrs)[i] = NULL;
+ }
+
+--- ldap-schema.h 2009-08-29 09:21:43.000000000 -0400
++++ ldap-schema.h 2009-08-29 06:37:18.000000000 -0400
+@@ -24,7 +24,7 @@
+ #define _LDAP_NSS_LDAP_LDAP_SCHEMA_H
+
+ /* max number of attributes per object class */
+-#define ATTRTAB_SIZE 15
++#define ATTRTAB_SIZE 16
+
+ /**
+ * function to initialize global lookup filters.
+@@ -153,6 +153,10 @@
+ #define AT_gecos "gecos"
+ #define AT_homeDirectory "homeDirectory"
+
++#ifdef HAVE_LOGIN_CLASSES
++/* FreeBSD extension -Jacob Myers <jacob@whotokspaz.org> */
++#define AT_loginClass "loginClass"
++#endif
+ /*
+ * ( nisSchema.2.1 NAME 'shadowAccount' SUP top AUXILIARY
+ * DESC 'Additional attributes for shadow passwords'
+
+--- /dev/null 2013-04-13 01:27:01.290932001 +0200
++++ bsdnss.c 2013-04-14 03:17:47.794195349 +0200
+@@ -0,0 +1,219 @@
++#include <errno.h>
++#include <stdlib.h>
++#include <sys/param.h>
++#include <netinet/in.h>
++#include <pwd.h>
++#include <grp.h>
++#include <nss.h>
++#include <nsswitch.h>
++#include <netdb.h>
++
++extern enum nss_status _nss_ldap_getgrent_r(struct group *, char *, size_t,
++ int *);
++extern enum nss_status _nss_ldap_getgrnam_r(const char *, struct group *,
++ char *, size_t, int *);
++extern enum nss_status _nss_ldap_getgrgid_r(gid_t gid, struct group *, char *,
++ size_t, int *);
++extern enum nss_status _nss_ldap_setgrent(void);
++extern enum nss_status _nss_ldap_endgrent(void);
++extern enum nss_status _nss_ldap_initgroups_dyn(const char *, gid_t, long int *,
++ long int *, gid_t **, long int, int *);
++
++extern enum nss_status _nss_ldap_getpwent_r(struct passwd *, char *, size_t,
++ int *);
++extern enum nss_status _nss_ldap_getpwnam_r(const char *, struct passwd *,
++ char *, size_t, int *);
++extern enum nss_status _nss_ldap_getpwuid_r(gid_t gid, struct passwd *, char *,
++ size_t, int *);
++extern enum nss_status _nss_ldap_setpwent(void);
++extern enum nss_status _nss_ldap_endpwent(void);
++
++extern enum nss_status _nss_ldap_gethostbyname_r (const char *name, struct hostent * result,
++ char *buffer, size_t buflen, int *errnop,
++ int *h_errnop);
++
++extern enum nss_status _nss_ldap_gethostbyname2_r (const char *name, int af, struct hostent * result,
++ char *buffer, size_t buflen, int *errnop,
++ int *h_errnop);
++extern enum nss_status _nss_ldap_gethostbyaddr_r (struct in_addr * addr, int len, int type,
++ struct hostent * result, char *buffer,
++ size_t buflen, int *errnop, int *h_errnop);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
++NSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
++static NSS_METHOD_PROTOTYPE(__freebsd_getgroupmembership);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
++NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname);
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2);
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr);
++
++static ns_mtab methods[] = {
++{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
++{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
++{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
++{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_ldap_setgrent },
++{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_ldap_endgrent },
++{ NSDB_GROUP, "getgroupmembership", __freebsd_getgroupmembership, NULL },
++
++{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
++{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
++{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
++{ NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_ldap_setpwent },
++{ NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_ldap_endpwent },
++
++{ NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_ldap_gethostbyname_r },
++{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_ldap_gethostbyaddr_r },
++{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_ldap_gethostbyname2_r },
++
++{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
++{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
++{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
++{ NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_ldap_setgrent },
++{ NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_ldap_endgrent },
++
++{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
++{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
++{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
++{ NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_ldap_setpwent },
++{ NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_ldap_endpwent },
++
++};
++
++
++ns_mtab *
++nss_module_register(const char *source, unsigned int *mtabsize,
++ nss_module_unregister_fn *unreg)
++{
++ *mtabsize = sizeof(methods)/sizeof(methods[0]);
++ *unreg = NULL;
++ return (methods);
++}
++
++int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap)
++{
++ enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
++ const char *name;
++ struct hostent *result;
++ char buffer[1024];
++ size_t buflen = 1024;
++ int errnop;
++ int h_errnop;
++ int af;
++ enum nss_status status;
++ fn = mdata;
++ name = va_arg(ap, const char*);
++ af = va_arg(ap,int);
++ result = va_arg(ap,struct hostent *);
++ status = fn(name, result, buffer, buflen, &errnop, &h_errnop);
++ status = __nss_compat_result(status,errnop);
++ h_errno = h_errnop;
++ return (status);
++}
++
++int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap)
++{
++ enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
++ const char *name;
++ struct hostent *result;
++ char buffer[1024];
++ size_t buflen = 1024;
++ int errnop;
++ int h_errnop;
++ int af;
++ enum nss_status status;
++ fn = mdata;
++ name = va_arg(ap, const char*);
++ af = va_arg(ap,int);
++ result = va_arg(ap,struct hostent *);
++ status = fn(name, result, buffer, buflen, &errnop, &h_errnop);
++ status = __nss_compat_result(status,errnop);
++ h_errno = h_errnop;
++ return (status);
++}
++
++int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap)
++{
++ struct in_addr *addr;
++ int len;
++ int type;
++ struct hostent *result;
++ char buffer[1024];
++ size_t buflen = 1024;
++ int errnop;
++ int h_errnop;
++ enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *);
++ enum nss_status status;
++ fn = mdata;
++ addr = va_arg(ap, struct in_addr*);
++ len = va_arg(ap,int);
++ type = va_arg(ap,int);
++ result = va_arg(ap, struct hostent*);
++ status = fn(addr, len, type, result, buffer, buflen, &errnop, &h_errnop);
++ status = __nss_compat_result(status,errnop);
++ h_errno = h_errnop;
++ return (status);
++}
++
++static int
++__gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *groupc)
++{
++ int ret, dupc;
++
++ /* skip duplicates */
++ for (dupc = 0; dupc < MIN(maxgrp, *groupc); dupc++) {
++ if (groups[dupc] == gid)
++ return 1;
++ }
++
++ ret = 1;
++ if (*groupc < maxgrp) /* add this gid */
++ groups[*groupc] = gid;
++ else
++ ret = 0;
++ (*groupc)++;
++ return ret;
++}
++
++static int __freebsd_getgroupmembership(void *retval, void *mdata, va_list ap)
++{
++ int err;
++ enum nss_status s;
++ const char *user = va_arg(ap, const char *);
++ gid_t group = va_arg(ap, gid_t);
++ gid_t *groups = va_arg(ap, gid_t *);
++ int limit = va_arg(ap, int);
++ int *size = va_arg(ap, int*);
++ gid_t *tmpgroups;
++ long int lstart, lsize;
++ int i;
++
++ tmpgroups = malloc(limit * sizeof(gid_t));
++ if (tmpgroups == NULL)
++ return NS_TRYAGAIN;
++
++ /* insert primary membership */
++ __gr_addgid(group, groups, limit, size);
++
++ lstart = 0;
++ lsize = limit;
++ s = _nss_ldap_initgroups_dyn(user, group, &lstart, &lsize,
++ &tmpgroups, 0, &err);
++ if (s == NSS_STATUS_SUCCESS) {
++ for (i = 0; i < lstart; i++)
++ __gr_addgid(tmpgroups[i], groups, limit, size);
++ s = NSS_STATUS_NOTFOUND;
++ }
++
++ free(tmpgroups);
++
++ return __nss_compat_result(s, err);
++}
diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-installdir.patch b/sys-auth/nss_ldap/files/nss_ldap-265-installdir.patch
new file mode 100644
index 00000000000..daf507ad594
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-265-installdir.patch
@@ -0,0 +1,35 @@
+Index: nss_ldap-265/Makefile.am
+===================================================================
+--- nss_ldap-265.orig/Makefile.am
++++ nss_ldap-265/Makefile.am
+@@ -38,17 +38,13 @@ NSS_LDAP_LDFLAGS = @NSS_LDAP_LDFLAGS@
+ DEFS = @DEFS@
+ #INCLUDES = -I$(top_builddir) -I$(srcdir)
+
+-if GCC
+-MULTI_OS_DIRECTORY=$(shell $(CC) $(CFLAGS) -print-multi-os-directory)
+-else
+ MULTI_OS_DIRECTORY=.
+-endif
+
+ if GLIBC
+-LIBC_VERS = $(shell ls /lib/$(MULTI_OS_DIRECTORY)/libc-*.so | tail -n 1 | sed -e 's|.*libc-\(.*\)\.so|\1|')
++LIBC_VERS = $(shell ls @GENTOO_PORTAGE_EPREFIX@/lib/$(MULTI_OS_DIRECTORY)/libc-*.so | tail -n 1 | sed -e 's|.*libc-\(.*\)\.so|\1|')
+ NSS_LDAP_LIBC_VERSIONED = libnss_ldap-$(LIBC_VERS).so
+
+-NSS_VERS = $(shell ls /lib/$(MULTI_OS_DIRECTORY)/libnss_files.so.? | tail -n 1 | sed -e 's|.*libnss_files\.so\.\(.*\)|\1|')
++NSS_VERS = $(shell ls @GENTOO_PORTAGE_EPREFIX@/lib/$(MULTI_OS_DIRECTORY)/libnss_files.so.? | tail -n 1 | sed -e 's|.*libnss_files\.so\.\(.*\)|\1|')
+ NSS_LDAP_NSS_VERSIONED = libnss_ldap.so.$(NSS_VERS)
+ endif
+
+@@ -83,8 +79,8 @@ if GLIBC
+ $(mkinstalldirs) $(DESTDIR)$(libdir)
+ $(INSTALL_PROGRAM) -o $(INST_UID) -g $(INST_GID) nss_ldap.so $(DESTDIR)$(libdir)/$(NSS_LDAP_LIBC_VERSIONED)
+ (cd $(DESTDIR)$(libdir); ln -sf $(NSS_LDAP_LIBC_VERSIONED) $(NSS_LDAP_NSS_VERSIONED))
+- $(mkinstalldirs) $(DESTDIR)/usr$(libdir)
+- (cd $(DESTDIR)/usr$(libdir); ln -sf ../..$(libdir)/$(NSS_LDAP_NSS_VERSIONED) .)
++ $(mkinstalldirs) $(DESTDIR)$(libdir:/lib=/usr/lib)
++ (cd $(DESTDIR)/$(libdir:/lib=/usr/lib); ln -sf ../../lib/$(NSS_LDAP_NSS_VERSIONED) .)
+ else
+ $(mkinstalldirs) $(DESTDIR)$(libdir)
+ if HPUX
diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-missing-entries-oneshot.patch b/sys-auth/nss_ldap/files/nss_ldap-265-missing-entries-oneshot.patch
new file mode 100644
index 00000000000..6730dc986dd
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-265-missing-entries-oneshot.patch
@@ -0,0 +1,101 @@
+Distinguish between contexts that are somewhat persistent and one-offs
+which are used to fulfill part of a larger request.
+
+diff -up nss_ldap-253/ldap-grp.c nss_ldap-253/ldap-grp.c
+--- nss_ldap-253/ldap-grp.c 2009-05-08 13:30:43.000000000 -0400
++++ nss_ldap-253/ldap-grp.c 2009-05-08 13:34:41.000000000 -0400
+@@ -857,7 +857,7 @@ ng_chase (const char *dn, ldap_initgroup
+ LA_STRING (a) = dn;
+ LA_TYPE (a) = LA_TYPE_STRING;
+
+- if (_nss_ldap_ent_context_init_locked (&ctx) == NULL)
++ if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL)
+ {
+ return NSS_UNAVAIL;
+ }
+@@ -930,7 +930,7 @@ ng_chase_backlink (const char ** members
+ LA_STRING_LIST (a) = filteredMembersOf;
+ LA_TYPE (a) = LA_TYPE_STRING_LIST_OR;
+
+- if (_nss_ldap_ent_context_init_locked (&ctx) == NULL)
++ if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL)
+ {
+ free (filteredMembersOf);
+ return NSS_UNAVAIL;
+diff -up nss_ldap-253/ldap-netgrp.c nss_ldap-253/ldap-netgrp.c
+--- nss_ldap-253/ldap-netgrp.c 2009-05-08 13:31:35.000000000 -0400
++++ nss_ldap-253/ldap-netgrp.c 2009-05-08 13:33:14.000000000 -0400
+@@ -691,7 +691,7 @@ do_innetgr_nested (ldap_innetgr_args_t *
+ LA_TYPE (a) = LA_TYPE_STRING;
+ LA_STRING (a) = nested; /* memberNisNetgroup */
+
+- if (_nss_ldap_ent_context_init_locked (&ctx) == NULL)
++ if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL)
+ {
+ debug ("<== do_innetgr_nested: failed to initialize context");
+ return NSS_UNAVAIL;
+diff -up nss_ldap-253/ldap-nss.c nss_ldap-253/ldap-nss.c
+--- nss_ldap-253/ldap-nss.c 2009-05-08 13:27:17.000000000 -0400
++++ nss_ldap-253/ldap-nss.c 2009-05-08 14:05:51.000000000 -0400
+@@ -1961,6 +1961,7 @@ _nss_ldap_ent_context_init_locked (ent_c
+ debug ("<== _nss_ldap_ent_context_init_locked");
+ return NULL;
+ }
++ ctx->ec_internal = 0;
+ *pctx = ctx;
+ }
+ else
+@@ -1990,6 +1991,15 @@ _nss_ldap_ent_context_init_locked (ent_c
+
+ return ctx;
+ }
++ent_context_t *
++_nss_ldap_ent_context_init_internal_locked (ent_context_t ** pctx)
++{
++ ent_context_t *ctx;
++ ctx = _nss_ldap_ent_context_init_locked (pctx);
++ if (ctx != NULL)
++ ctx->ec_internal = 1;
++ return ctx;
++}
+
+ /*
+ * Clears a given context; we require the caller
+@@ -2031,7 +2041,8 @@ _nss_ldap_ent_context_release (ent_conte
+
+ LS_INIT (ctx->ec_state);
+
+- if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT))
++ if (!ctx->ec_internal &&
++ _nss_ldap_test_config_flag (NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT))
+ {
+ do_close ();
+ }
+diff -up nss_ldap-253/ldap-nss.h nss_ldap-253/ldap-nss.h
+--- nss_ldap-253/ldap-nss.h 2009-05-08 13:35:47.000000000 -0400
++++ nss_ldap-253/ldap-nss.h 2009-05-08 13:52:25.000000000 -0400
+@@ -560,6 +560,8 @@ struct ent_context
+ ldap_state_t ec_state; /* eg. for services */
+ int ec_msgid; /* message ID */
+ LDAPMessage *ec_res; /* result chain */
++ int ec_internal; /* this context is just a part of a larger
++ * query for information */
+ ldap_service_search_descriptor_t *ec_sd; /* current sd */
+ struct berval *ec_cookie; /* cookie for paged searches */
+ };
+@@ -744,6 +746,15 @@ ent_context_t *_nss_ldap_ent_context_ini
+ ent_context_t *_nss_ldap_ent_context_init_locked (ent_context_t **);
+
+ /*
++ * _nss_ldap_ent_context_init_internal_locked() has the same
++ * behaviour, except it marks the context as one that's being
++ * used to fetch additional data used in answering a request, i.e.
++ * that this isn't the "main" context
++ */
++
++ent_context_t *_nss_ldap_ent_context_init_internal_locked (ent_context_t **);
++
++/*
+ * _nss_ldap_ent_context_release() is used to manually free a context
+ */
+ void _nss_ldap_ent_context_release (ent_context_t *);
diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-pthread.patch b/sys-auth/nss_ldap/files/nss_ldap-265-pthread.patch
new file mode 100644
index 00000000000..622ee5845e4
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-265-pthread.patch
@@ -0,0 +1,481 @@
+Index: ldap-nss.c
+===================================================================
+--- ldap-nss.c.orig
++++ ldap-nss.c
+@@ -142,7 +142,7 @@ static void (*__sigpipe_handler) (int) =
+ */
+ static ldap_session_t __session = { NULL, NULL, 0, LS_UNINITIALIZED };
+
+-#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE)
+ static pthread_once_t __once = PTHREAD_ONCE_INIT;
+ #endif
+
+@@ -150,7 +150,7 @@ static pthread_once_t __once = PTHREAD_O
+ static FILE *__debugfile;
+ #endif /* LBER_OPT_LOG_PRINT_FILE */
+
+-#ifndef HAVE_PTHREAD_ATFORK
++#if !defined(HAVE_PTHREAD_ATFORK) || !defined(HAVE___LIBC_ONCE)
+ /*
+ * Process ID that opened the session.
+ */
+@@ -162,7 +162,7 @@ static uid_t __euid = -1;
+ static int __ssl_initialized = 0;
+ #endif /* HAVE_LDAPSSL_CLIENT_INIT */
+
+-#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE)
+ /*
+ * Prepare for fork(); lock mutex.
+ */
+@@ -513,7 +513,7 @@ _nss_ldap_default_constr (nss_ldap_backe
+ }
+ #endif /* HAVE_NSSWITCH_H */
+
+-#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE)
+ static void
+ do_atfork_prepare (void)
+ {
+@@ -547,7 +547,7 @@ do_atfork_setup (void)
+ #ifdef HAVE_PTHREAD_ATFORK
+ (void) pthread_atfork (do_atfork_prepare, do_atfork_parent,
+ do_atfork_child);
+-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#elif defined(HAVE___LIBC_ATFORK)
+ (void) __libc_atfork (do_atfork_prepare, do_atfork_parent, do_atfork_child);
+ #endif
+
+@@ -1096,7 +1096,7 @@ static NSS_STATUS
+ do_init (void)
+ {
+ ldap_config_t *cfg;
+-#ifndef HAVE_PTHREAD_ATFORK
++#if !defined(HAVE_PTHREAD_ATFORK) || !defined(HAVE___LIBC_ONCE)
+ pid_t pid;
+ #endif
+ uid_t euid;
+@@ -1113,7 +1113,7 @@ do_init (void)
+ }
+
+ #ifndef HAVE_PTHREAD_ATFORK
+-#if defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE___LIBC_ONCE)
+ /*
+ * This bogosity is necessary because Linux uses different
+ * PIDs for different threads (like IRIX, which we don't
+@@ -1145,7 +1145,7 @@ do_init (void)
+ pid = -1; /* linked against libpthreads, don't care */
+ #else
+ pid = getpid ();
+-#endif /* HAVE_LIBC_LOCK_H || HAVE_BITS_LIBC_LOCK_H */
++#endif /* HAVE___LIBC_ONCE */
+ #endif /* HAVE_PTHREAD_ATFORK */
+
+ euid = geteuid ();
+@@ -1155,7 +1155,7 @@ do_init (void)
+ syslog (LOG_DEBUG,
+ "nss_ldap: __session.ls_state=%d, __session.ls_conn=%p, __euid=%i, euid=%i",
+ __session.ls_state, __session.ls_conn, __euid, euid);
+-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#elif defined(HAVE___LIBC_ONCE)
+ syslog (LOG_DEBUG,
+ "nss_ldap: libpthreads=%s, __session.ls_state=%d, __session.ls_conn=%p, __pid=%i, pid=%i, __euid=%i, euid=%i",
+ ((__pthread_once == NULL || __pthread_atfork == NULL) ? "FALSE" : "TRUE"),
+@@ -1179,11 +1179,11 @@ do_init (void)
+ }
+ else
+ #ifndef HAVE_PTHREAD_ATFORK
+-#if defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE___LIBC_ONCE)
+ if ((__pthread_once == NULL || __pthread_atfork == NULL) && __pid != pid)
+ #else
+ if (__pid != pid)
+-#endif /* HAVE_LIBC_LOCK_H || HAVE_BITS_LIBC_LOCK_H */
++#endif /* HAVE___LIBC_ONCE */
+ {
+ do_close_no_unbind ();
+ }
+@@ -1244,9 +1244,9 @@ do_init (void)
+ debug ("<== do_init (pthread_once failed)");
+ return NSS_UNAVAIL;
+ }
+-#elif defined(HAVE_PTHREAD_ATFORK) && ( defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) )
++#elif defined(HAVE_PTHREAD_ATFORK) && defined(HAVE___LIBC_ONCE)
+ __libc_once (__once, do_atfork_setup);
+-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#elif defined(HAVE___LIBC_ONCE)
+ /*
+ * Only install the pthread_atfork() handlers i
+ * we are linked against libpthreads. Otherwise,
+Index: ldap-nss.h
+===================================================================
+--- ldap-nss.h.orig
++++ ldap-nss.h
+@@ -670,7 +670,7 @@ extern int __multi_threaded;
+ #define NSS_LDAP_LOCK(m) mutex_lock(&m)
+ #define NSS_LDAP_UNLOCK(m) mutex_unlock(&m)
+ #define NSS_LDAP_DEFINE_LOCK(m) static mutex_t m = DEFAULTMUTEX
+-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#elif defined(HAVE___LIBC_LOCK_LOCK) && defined(HAVE___LIBC_LOCK_UNLOCK)
+ #define NSS_LDAP_LOCK(m) __libc_lock_lock(m)
+ #define NSS_LDAP_UNLOCK(m) __libc_lock_unlock(m)
+ #define NSS_LDAP_DEFINE_LOCK(m) static pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER
+Index: configure.in
+===================================================================
+--- configure.in.orig
++++ configure.in
+@@ -1,6 +1,7 @@
+ AC_INIT(ldap-nss.c)
+ AC_CANONICAL_SYSTEM
+ AC_PREFIX_DEFAULT()
++AC_CONFIG_MACRO_DIR([m4])
+
+ AM_INIT_AUTOMAKE(nss_ldap, 265)
+ AM_CONFIG_HEADER(config.h)
+@@ -229,11 +230,18 @@ fi
+ AC_CHECK_FUNCS(snprintf)
+ AC_CHECK_FUNCS(gethostbyname)
+ AC_CHECK_FUNCS(nsdispatch)
++AC_CHECK_FUNCS(ether_aton)
++AC_CHECK_FUNCS(ether_ntoa)
++
++AX_PTHREAD
++LIBS="$PTHREAD_LIBS $LIBS"
++CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
++CC="$PTHREAD_CC"
++
+ AC_CHECK_LIB(pthread_nonshared, main)
+ AC_CHECK_FUNCS(pthread_atfork)
+ AC_CHECK_FUNCS(pthread_once)
+-AC_CHECK_FUNCS(ether_aton)
+-AC_CHECK_FUNCS(ether_ntoa)
++AC_CHECK_FUNCS(__libc_once __libc_atfork __libc_lock_lock __libc_lock_unlock)
+
+ AC_MSG_CHECKING(for struct ether_addr)
+ AC_TRY_COMPILE([#include <sys/types.h>
+Index: m4/ax_pthread.m4
+===================================================================
+--- /dev/null
++++ m4/ax_pthread.m4
+@@ -0,0 +1,309 @@
++# ===========================================================================
++# http://www.gnu.org/software/autoconf-archive/ax_pthread.html
++# ===========================================================================
++#
++# SYNOPSIS
++#
++# AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]])
++#
++# DESCRIPTION
++#
++# This macro figures out how to build C programs using POSIX threads. It
++# sets the PTHREAD_LIBS output variable to the threads library and linker
++# flags, and the PTHREAD_CFLAGS output variable to any special C compiler
++# flags that are needed. (The user can also force certain compiler
++# flags/libs to be tested by setting these environment variables.)
++#
++# Also sets PTHREAD_CC to any special C compiler that is needed for
++# multi-threaded programs (defaults to the value of CC otherwise). (This
++# is necessary on AIX to use the special cc_r compiler alias.)
++#
++# NOTE: You are assumed to not only compile your program with these flags,
++# but also link it with them as well. e.g. you should link with
++# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS
++#
++# If you are only building threads programs, you may wish to use these
++# variables in your default LIBS, CFLAGS, and CC:
++#
++# LIBS="$PTHREAD_LIBS $LIBS"
++# CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
++# CC="$PTHREAD_CC"
++#
++# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant
++# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name
++# (e.g. PTHREAD_CREATE_UNDETACHED on AIX).
++#
++# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the
++# PTHREAD_PRIO_INHERIT symbol is defined when compiling with
++# PTHREAD_CFLAGS.
++#
++# ACTION-IF-FOUND is a list of shell commands to run if a threads library
++# is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it
++# is not found. If ACTION-IF-FOUND is not specified, the default action
++# will define HAVE_PTHREAD.
++#
++# Please let the authors know if this macro fails on any platform, or if
++# you have any other suggestions or comments. This macro was based on work
++# by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help
++# from M. Frigo), as well as ac_pthread and hb_pthread macros posted by
++# Alejandro Forero Cuervo to the autoconf macro repository. We are also
++# grateful for the helpful feedback of numerous users.
++#
++# Updated for Autoconf 2.68 by Daniel Richard G.
++#
++# LICENSE
++#
++# Copyright (c) 2008 Steven G. Johnson <stevenj@alum.mit.edu>
++# Copyright (c) 2011 Daniel Richard G. <skunk@iSKUNK.ORG>
++#
++# This program is free software: you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation, either version 3 of the License, or (at your
++# option) any later version.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
++# Public License for more details.
++#
++# You should have received a copy of the GNU General Public License along
++# with this program. If not, see <http://www.gnu.org/licenses/>.
++#
++# As a special exception, the respective Autoconf Macro's copyright owner
++# gives unlimited permission to copy, distribute and modify the configure
++# scripts that are the output of Autoconf when processing the Macro. You
++# need not follow the terms of the GNU General Public License when using
++# or distributing such scripts, even though portions of the text of the
++# Macro appear in them. The GNU General Public License (GPL) does govern
++# all other use of the material that constitutes the Autoconf Macro.
++#
++# This special exception to the GPL applies to versions of the Autoconf
++# Macro released by the Autoconf Archive. When you make and distribute a
++# modified version of the Autoconf Macro, you may extend this special
++# exception to the GPL to apply to your modified version as well.
++
++#serial 18
++
++AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD])
++AC_DEFUN([AX_PTHREAD], [
++AC_REQUIRE([AC_CANONICAL_HOST])
++AC_LANG_PUSH([C])
++ax_pthread_ok=no
++
++# We used to check for pthread.h first, but this fails if pthread.h
++# requires special compiler flags (e.g. on True64 or Sequent).
++# It gets checked for in the link test anyway.
++
++# First of all, check if the user has set any of the PTHREAD_LIBS,
++# etcetera environment variables, and if threads linking works using
++# them:
++if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then
++ save_CFLAGS="$CFLAGS"
++ CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
++ save_LIBS="$LIBS"
++ LIBS="$PTHREAD_LIBS $LIBS"
++ AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS])
++ AC_TRY_LINK_FUNC(pthread_join, ax_pthread_ok=yes)
++ AC_MSG_RESULT($ax_pthread_ok)
++ if test x"$ax_pthread_ok" = xno; then
++ PTHREAD_LIBS=""
++ PTHREAD_CFLAGS=""
++ fi
++ LIBS="$save_LIBS"
++ CFLAGS="$save_CFLAGS"
++fi
++
++# We must check for the threads library under a number of different
++# names; the ordering is very important because some systems
++# (e.g. DEC) have both -lpthread and -lpthreads, where one of the
++# libraries is broken (non-POSIX).
++
++# Create a list of thread flags to try. Items starting with a "-" are
++# C compiler flags, and other items are library names, except for "none"
++# which indicates that we try without any flags at all, and "pthread-config"
++# which is a program returning the flags for the Pth emulation library.
++
++ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config"
++
++# The ordering *is* (sometimes) important. Some notes on the
++# individual items follow:
++
++# pthreads: AIX (must check this before -lpthread)
++# none: in case threads are in libc; should be tried before -Kthread and
++# other compiler flags to prevent continual compiler warnings
++# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h)
++# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able)
++# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread)
++# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads)
++# -pthreads: Solaris/gcc
++# -mthreads: Mingw32/gcc, Lynx/gcc
++# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it
++# doesn't hurt to check since this sometimes defines pthreads too;
++# also defines -D_REENTRANT)
++# ... -mt is also the pthreads flag for HP/aCC
++# pthread: Linux, etcetera
++# --thread-safe: KAI C++
++# pthread-config: use pthread-config program (for GNU Pth library)
++
++case ${host_os} in
++ solaris*)
++
++ # On Solaris (at least, for some versions), libc contains stubbed
++ # (non-functional) versions of the pthreads routines, so link-based
++ # tests will erroneously succeed. (We need to link with -pthreads/-mt/
++ # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather
++ # a function called by this macro, so we could check for that, but
++ # who knows whether they'll stub that too in a future libc.) So,
++ # we'll just look for -pthreads and -lpthread first:
++
++ ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags"
++ ;;
++
++ darwin*)
++ ax_pthread_flags="-pthread $ax_pthread_flags"
++ ;;
++esac
++
++if test x"$ax_pthread_ok" = xno; then
++for flag in $ax_pthread_flags; do
++
++ case $flag in
++ none)
++ AC_MSG_CHECKING([whether pthreads work without any flags])
++ ;;
++
++ -*)
++ AC_MSG_CHECKING([whether pthreads work with $flag])
++ PTHREAD_CFLAGS="$flag"
++ ;;
++
++ pthread-config)
++ AC_CHECK_PROG(ax_pthread_config, pthread-config, yes, no)
++ if test x"$ax_pthread_config" = xno; then continue; fi
++ PTHREAD_CFLAGS="`pthread-config --cflags`"
++ PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`"
++ ;;
++
++ *)
++ AC_MSG_CHECKING([for the pthreads library -l$flag])
++ PTHREAD_LIBS="-l$flag"
++ ;;
++ esac
++
++ save_LIBS="$LIBS"
++ save_CFLAGS="$CFLAGS"
++ LIBS="$PTHREAD_LIBS $LIBS"
++ CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
++
++ # Check for various functions. We must include pthread.h,
++ # since some functions may be macros. (On the Sequent, we
++ # need a special flag -Kthread to make this header compile.)
++ # We check for pthread_join because it is in -lpthread on IRIX
++ # while pthread_create is in libc. We check for pthread_attr_init
++ # due to DEC craziness with -lpthreads. We check for
++ # pthread_cleanup_push because it is one of the few pthread
++ # functions on Solaris that doesn't have a non-functional libc stub.
++ # We try pthread_create on general principles.
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>
++ static void routine(void *a) { a = 0; }
++ static void *start_routine(void *a) { return a; }],
++ [pthread_t th; pthread_attr_t attr;
++ pthread_create(&th, 0, start_routine, 0);
++ pthread_join(th, 0);
++ pthread_attr_init(&attr);
++ pthread_cleanup_push(routine, 0);
++ pthread_cleanup_pop(0) /* ; */])],
++ [ax_pthread_ok=yes],
++ [])
++
++ LIBS="$save_LIBS"
++ CFLAGS="$save_CFLAGS"
++
++ AC_MSG_RESULT($ax_pthread_ok)
++ if test "x$ax_pthread_ok" = xyes; then
++ break;
++ fi
++
++ PTHREAD_LIBS=""
++ PTHREAD_CFLAGS=""
++done
++fi
++
++# Various other checks:
++if test "x$ax_pthread_ok" = xyes; then
++ save_LIBS="$LIBS"
++ LIBS="$PTHREAD_LIBS $LIBS"
++ save_CFLAGS="$CFLAGS"
++ CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
++
++ # Detect AIX lossage: JOINABLE attribute is called UNDETACHED.
++ AC_MSG_CHECKING([for joinable pthread attribute])
++ attr_name=unknown
++ for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>],
++ [int attr = $attr; return attr /* ; */])],
++ [attr_name=$attr; break],
++ [])
++ done
++ AC_MSG_RESULT($attr_name)
++ if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then
++ AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name,
++ [Define to necessary symbol if this constant
++ uses a non-standard name on your system.])
++ fi
++
++ AC_MSG_CHECKING([if more special flags are required for pthreads])
++ flag=no
++ case ${host_os} in
++ aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";;
++ osf* | hpux*) flag="-D_REENTRANT";;
++ solaris*)
++ if test "$GCC" = "yes"; then
++ flag="-D_REENTRANT"
++ else
++ flag="-mt -D_REENTRANT"
++ fi
++ ;;
++ esac
++ AC_MSG_RESULT(${flag})
++ if test "x$flag" != xno; then
++ PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS"
++ fi
++
++ AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT],
++ ax_cv_PTHREAD_PRIO_INHERIT, [
++ AC_LINK_IFELSE([
++ AC_LANG_PROGRAM([[#include <pthread.h>]], [[int i = PTHREAD_PRIO_INHERIT;]])],
++ [ax_cv_PTHREAD_PRIO_INHERIT=yes],
++ [ax_cv_PTHREAD_PRIO_INHERIT=no])
++ ])
++ AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"],
++ AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], 1, [Have PTHREAD_PRIO_INHERIT.]))
++
++ LIBS="$save_LIBS"
++ CFLAGS="$save_CFLAGS"
++
++ # More AIX lossage: must compile with xlc_r or cc_r
++ if test x"$GCC" != xyes; then
++ AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC})
++ else
++ PTHREAD_CC=$CC
++ fi
++else
++ PTHREAD_CC="$CC"
++fi
++
++AC_SUBST(PTHREAD_LIBS)
++AC_SUBST(PTHREAD_CFLAGS)
++AC_SUBST(PTHREAD_CC)
++
++# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND:
++if test x"$ax_pthread_ok" = xyes; then
++ ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1])
++ :
++else
++ ax_pthread_ok=no
++ $2
++fi
++AC_LANG_POP
++])dnl AX_PTHREAD
+Index: Makefile.am
+===================================================================
+--- Makefile.am.orig
++++ Makefile.am
+@@ -1,3 +1,5 @@
++ACLOCAL_AMFLAGS = -I m4
++
+ if AIX
+ authmod = NSS_LDAP
+ else
diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-reconnect-timeouts.patch b/sys-auth/nss_ldap/files/nss_ldap-265-reconnect-timeouts.patch
new file mode 100644
index 00000000000..b377ad7bb32
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-265-reconnect-timeouts.patch
@@ -0,0 +1,57 @@
+diff -Nuar --exclude '*.orig' nss_ldap-265.orig/ldap.conf nss_ldap-265/ldap.conf
+--- nss_ldap-265.orig/ldap.conf 2009-11-06 10:28:08.000000000 +0000
++++ nss_ldap-265/ldap.conf 2010-02-19 18:36:58.272236290 +0000
+@@ -279,7 +279,8 @@
+ # OpenLDAP SSL mechanism
+ # start_tls mechanism uses the normal LDAP port, LDAPS typically 636
+ #ssl start_tls
+-#ssl on
++###ssl on
++# Gentoo note: Don't use 'ssl on' in 249/250. They are broken in some cases! Use start_tls instead.
+
+ # OpenLDAP SSL options
+ # Require and verify server certificate (yes/no)
+@@ -311,3 +312,27 @@
+ # Override the default Kerberos ticket cache location.
+ #krb5_ccname FILE:/etc/.ldapcache
+
++# Timeout behavior
++# Upstream nss_ldap hard-codes these values:
++#nss_reconnect_tries 5 # number of times to double the sleep time
++#nss_reconnect_sleeptime 4 # initial sleep value
++#nss_reconnect_maxsleeptime 64 # max sleep value to cap at
++#nss_reconnect_maxconntries 2 # how many tries before sleeping
++# This leads to a delay of 124 seconds (4+8+16+32+64=124) per lookup if the
++# server is not available.
++
++# For Gentoo's distribution of nss_ldap, as of 250-r1, we use these values
++# (The hardwired constants in the code are changed to them as well):
++nss_reconnect_tries 4 # number of times to double the sleep time
++nss_reconnect_sleeptime 1 # initial sleep value
++nss_reconnect_maxsleeptime 16 # max sleep value to cap at
++nss_reconnect_maxconntries 2 # how many tries before sleeping
++# This leads to a delay of 15 seconds (1+2+4+8=15)
++
++# If you are impatient, and know your LDAP server is reliable, fast or local,
++# you may wish to use these values instead:
++#nss_reconnect_tries 1 # number of times to double the sleep time
++#nss_reconnect_sleeptime 1 # initial sleep value
++#nss_reconnect_maxsleeptime 1 # max sleep value to cap at
++#nss_reconnect_maxconntries 3 # how many tries before sleeping
++# This leads to a delay of 1 second.
+diff -Nuar --exclude '*.orig' nss_ldap-265.orig/ldap-nss.h nss_ldap-265/ldap-nss.h
+--- nss_ldap-265.orig/ldap-nss.h 2009-11-06 10:28:08.000000000 +0000
++++ nss_ldap-265/ldap-nss.h 2010-02-19 18:37:49.278474888 +0000
+@@ -96,9 +96,9 @@
+ * unacceptable, in which case you may wish to adjust
+ * the constants below.
+ */
+-#define LDAP_NSS_TRIES 5 /* number of sleeping reconnect attempts */
+-#define LDAP_NSS_SLEEPTIME 4 /* seconds to sleep; doubled until max */
+-#define LDAP_NSS_MAXSLEEPTIME 64 /* maximum seconds to sleep */
++#define LDAP_NSS_TRIES 4 /* number of sleeping reconnect attempts */
++#define LDAP_NSS_SLEEPTIME 1 /* seconds to sleep; doubled until max */
++#define LDAP_NSS_MAXSLEEPTIME 16 /* maximum seconds to sleep */
+ #define LDAP_NSS_MAXCONNTRIES 2 /* reconnect attempts before sleeping */
+
+ #if defined(HAVE_NSSWITCH_H) || defined(HAVE_IRS_H)
diff --git a/sys-auth/nss_ldap/files/nsswitch.ldap.diff b/sys-auth/nss_ldap/files/nsswitch.ldap.diff
new file mode 100644
index 00000000000..a8e96e05e8d
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nsswitch.ldap.diff
@@ -0,0 +1,15 @@
+--- nsswitch.ldap 2004-06-08 00:34:09.895330016 -0500
++++ nsswitch.ldap-modified 2004-06-08 00:35:21.518441648 -0500
+@@ -10,10 +10,10 @@
+ passwd: files ldap
+ group: files ldap
+
+-# consult DNS first, we will need it to resolve the LDAP host. (If we
++# consult files/dns first, we will need it to resolve the LDAP host. (If we
+ # can't resolve it, we're in infinite recursion, because libldap calls
+ # gethostbyname(). Careful!)
+-hosts: dns ldap
++hosts: files dns ldap
+
+ # LDAP is nominally authoritative for the following maps.
+ services: ldap [NOTFOUND=return] files
diff --git a/sys-auth/nss_ldap/metadata.xml b/sys-auth/nss_ldap/metadata.xml
new file mode 100644
index 00000000000..6a0008335c0
--- /dev/null
+++ b/sys-auth/nss_ldap/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer>
+ <email>ldap-bugs@gentoo.org</email>
+ <name>Please assign bugs to this mail alias.</name>
+</maintainer>
+<maintainer>
+ <email>robbat2@gentoo.org</email>
+ <name>Robin H. Johnson</name>
+</maintainer>
+<maintainer>
+ <email>prometheanfire@gentoo.org</email>
+</maintainer>
+</pkgmetadata>
diff --git a/sys-auth/nss_ldap/nss_ldap-258.ebuild b/sys-auth/nss_ldap/nss_ldap-258.ebuild
new file mode 100644
index 00000000000..b08662905db
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-258.ebuild
@@ -0,0 +1,80 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="alpha amd64 hppa ~ia64 ~mips ppc ppc64 sparc x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-252-reconnect-timeouts.patch
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+ eautoreconf
+}
+
+src_compile() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-schema-mapping \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ ${myconf} || die "configure failed"
+
+ emake || die "make failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-259.ebuild b/sys-auth/nss_ldap/nss_ldap-259.ebuild
new file mode 100644
index 00000000000..b4d3fbec2f8
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-259.ebuild
@@ -0,0 +1,80 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-252-reconnect-timeouts.patch
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+ eautoreconf
+}
+
+src_compile() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-schema-mapping \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ ${myconf} || die "configure failed"
+
+ emake || die "make failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-261.ebuild b/sys-auth/nss_ldap/nss_ldap-261.ebuild
new file mode 100644
index 00000000000..823ea94d4d4
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-261.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-252-reconnect-timeouts.patch
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+ # Upstream forgets the version number sometimes
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+ sed -i \
+ -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ "${S}"/configure.in
+ eautoreconf
+}
+
+src_compile() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-schema-mapping \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ ${myconf} || die "configure failed"
+
+ emake || die "make failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-262.ebuild b/sys-auth/nss_ldap/nss_ldap-262.ebuild
new file mode 100644
index 00000000000..823ea94d4d4
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-262.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-252-reconnect-timeouts.patch
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+ # Upstream forgets the version number sometimes
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+ sed -i \
+ -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ "${S}"/configure.in
+ eautoreconf
+}
+
+src_compile() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-schema-mapping \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ ${myconf} || die "configure failed"
+
+ emake || die "make failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-264-r1.ebuild b/sys-auth/nss_ldap/nss_ldap-264-r1.ebuild
new file mode 100644
index 00000000000..0f60d8096e9
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-264-r1.ebuild
@@ -0,0 +1,102 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug ssl sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="alpha amd64 hppa ia64 ~mips ppc ppc64 sparc x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )
+ ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_prepare() {
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-252-reconnect-timeouts.patch
+
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+
+ # Bug #214750, no automagic deps
+ epatch "${FILESDIR}"/${PN}-264-disable-automagic.patch
+
+ # Upstream forgets the version number sometimes
+ #sed -i \
+ # -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ # "${S}"/configure.in
+
+ # Include an SONAME
+ epatch "${FILESDIR}"/${PN}-254-soname.patch
+
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ # --enable-schema-mapping \
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ $(use_enable ssl) \
+ $(use_enable sasl) \
+ $(use_enable kerberos krb) \
+ ${myconf} || die "configure failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-264.ebuild b/sys-auth/nss_ldap/nss_ldap-264.ebuild
new file mode 100644
index 00000000000..5b4782b9896
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-264.ebuild
@@ -0,0 +1,99 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug ssl sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )
+ ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_prepare() {
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-252-reconnect-timeouts.patch
+
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+
+ # Bug #214750, no automagic deps
+ epatch "${FILESDIR}"/${PN}-264-disable-automagic.patch
+
+ # Upstream forgets the version number sometimes
+ #sed -i \
+ # -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ # "${S}"/configure.in
+
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ # --enable-schema-mapping \
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ $(use_enable ssl) \
+ $(use_enable sasl) \
+ $(use_enable kerberos krb) \
+ ${myconf} || die "configure failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-265-r1.ebuild b/sys-auth/nss_ldap/nss_ldap-265-r1.ebuild
new file mode 100644
index 00000000000..abd731b35b3
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-265-r1.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug ssl sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="alpha amd64 ~arm hppa ia64 ~mips ppc ppc64 sparc x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )
+ ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_prepare() {
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-265-reconnect-timeouts.patch
+
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+
+ # Bug #214750, no automagic deps
+ epatch "${FILESDIR}"/${PN}-264-disable-automagic.patch
+
+ # Upstream forgets the version number sometimes
+ #sed -i \
+ # -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ # "${S}"/configure.in
+
+ # Include an SONAME
+ epatch "${FILESDIR}"/${PN}-254-soname.patch
+
+ sed -i \
+ -e 's, vers_string , ./vers_string ,g' \
+ "${S}"/Makefile.am
+
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ # --enable-schema-mapping \
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ $(use_enable ssl) \
+ $(use_enable sasl) \
+ $(use_enable kerberos krb) \
+ ${myconf} || die "configure failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ # Append two blank lines and some skip entries
+ echo >>"${D}"/etc/ldap.conf
+ echo >>"${D}"/etc/ldap.conf
+ sed -i "${D}"/etc/ldap.conf \
+ -e '$inss_initgroups_ignoreusers ldap,openldap,mysql,syslog,root,postgres' \
+ || die "failed to sed /etc/ldap.conf"
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-265-r2.ebuild b/sys-auth/nss_ldap/nss_ldap-265-r2.ebuild
new file mode 100644
index 00000000000..816c6f26239
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-265-r2.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit fixheadtails eutils multilib autotools prefix
+
+IUSE="debug ssl sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="alpha amd64 ~arm hppa ia64 ~mips ppc ppc64 sparc x86 ~amd64-linux"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )
+ ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_prepare() {
+ if use prefix; then
+ epatch "${FILESDIR}"/${P}-installdir.patch
+ eprefixify Makefile.am
+ fi
+
+ # bug 438692
+ epatch "${FILESDIR}"/${P}-pthread.patch
+
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-265-reconnect-timeouts.patch
+
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf
+
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+
+ # Bug #214750, no automagic deps
+ epatch "${FILESDIR}"/${PN}-264-disable-automagic.patch
+
+ # Upstream forgets the version number sometimes
+ #sed -i \
+ # -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ # "${S}"/configure.in
+
+ # Include an SONAME
+ epatch "${FILESDIR}"/${PN}-254-soname.patch
+
+ sed -i \
+ -e 's, vers_string , ./vers_string ,g' \
+ "${S}"/Makefile.am
+
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ # --enable-schema-mapping \
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ldap-conf-file="${EPREFIX}/etc/ldap.conf" \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ $(use_enable ssl) \
+ $(use_enable sasl) \
+ $(use_enable kerberos krb) \
+ ${myconf}
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install \
+ INST_UID=${PORTAGE_USER:-root} INST_GID=${PORTAGE_GROUP:-root}
+
+ insinto /etc
+ doins ldap.conf
+
+ # Append two blank lines and some skip entries
+ echo >>"${ED}"/etc/ldap.conf
+ echo >>"${ED}"/etc/ldap.conf
+ sed -i "${ED}"/etc/ldap.conf \
+ -e '$inss_initgroups_ignoreusers ldap,openldap,mysql,syslog,root,postgres'
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-265-r4.ebuild b/sys-auth/nss_ldap/nss_ldap-265-r4.ebuild
new file mode 100644
index 00000000000..fadc3ca254e
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-265-r4.ebuild
@@ -0,0 +1,141 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit fixheadtails eutils multilib autotools prefix
+
+IUSE="debug ssl sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )
+ ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_prepare() {
+ if use prefix; then
+ epatch "${FILESDIR}"/${P}-installdir.patch
+ eprefixify Makefile.am
+ fi
+
+ # bug 438692
+ epatch "${FILESDIR}"/${P}-pthread.patch
+
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-265-reconnect-timeouts.patch
+
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf
+
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+
+ # Bug #214750, no automagic deps
+ epatch "${FILESDIR}"/${PN}-264-disable-automagic.patch
+
+ # Upstream forgets the version number sometimes
+ #sed -i \
+ # -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ # "${S}"/configure.in
+
+ # Include an SONAME
+ epatch "${FILESDIR}"/${PN}-254-soname.patch
+
+ #fix broken oneshot connections
+ epatch "${FILESDIR}/nss_ldap-265-missing-entries-oneshot.patch"
+
+ sed -i \
+ -e 's, vers_string , ./vers_string ,g' \
+ "${S}"/Makefile.am
+
+ if use kernel_FreeBSD; then
+ #fix broken fbsd support
+ EPATCH_OPTS="-p0 -d ${S}" epatch "${FILESDIR}/nss_ldap-265-fbsd.patch"
+ fi
+
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ # --enable-schema-mapping \
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ldap-conf-file="${EPREFIX}/etc/ldap.conf" \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ $(use_enable ssl) \
+ $(use_enable sasl) \
+ $(use_enable kerberos krb) \
+ ${myconf}
+
+ if use kernel_FreeBSD; then
+ # configure.in does not properly handle include dependencies
+ echo "#define HAVE_NETINET_IF_ETHER_H 1" >> ${S}/config.h
+ echo "#define HAVE_NET_ROUTE_H 1" >> ${S}/config.h
+ echo "#define HAVE_RESOLV_H 1" >> ${S}/config.h
+ fi
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ if use kernel_FreeBSD; then
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+ else
+ emake -j1 DESTDIR="${D}" install \
+ INST_UID=${PORTAGE_USER:-root} INST_GID=${PORTAGE_GROUP:-root}
+ fi
+
+ insinto /etc
+ doins ldap.conf
+
+ # Append two blank lines and some skip entries
+ echo >>"${ED}"/etc/ldap.conf
+ echo >>"${ED}"/etc/ldap.conf
+ sed -i "${ED}"/etc/ldap.conf \
+ -e '$inss_initgroups_ignoreusers ldap,openldap,mysql,syslog,root,postgres'
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-265-r5.ebuild b/sys-auth/nss_ldap/nss_ldap-265-r5.ebuild
new file mode 100644
index 00000000000..01dd3ec8e08
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-265-r5.ebuild
@@ -0,0 +1,149 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit fixheadtails eutils multilib multilib-minimal autotools prefix
+
+IUSE="debug ssl sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 sparc x86 ~amd64-linux"
+
+DEPEND=">=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}]
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r3[${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ssl? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+src_prepare() {
+ if use prefix; then
+ epatch "${FILESDIR}"/${P}-installdir.patch
+ eprefixify Makefile.am
+ fi
+
+ # bug 438692
+ epatch "${FILESDIR}"/${P}-pthread.patch
+
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-265-reconnect-timeouts.patch
+
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf
+
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+
+ # Bug #214750, no automagic deps
+ epatch "${FILESDIR}"/${PN}-264-disable-automagic.patch
+
+ # Upstream forgets the version number sometimes
+ #sed -i \
+ # -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ # "${S}"/configure.in
+
+ # Include an SONAME
+ epatch "${FILESDIR}"/${PN}-254-soname.patch
+
+ #fix broken oneshot connections
+ epatch "${FILESDIR}/nss_ldap-265-missing-entries-oneshot.patch"
+
+ sed -i \
+ -e 's, vers_string , PERL5LIB="@top_srcdir@" @top_srcdir@/vers_string ,g' \
+ "${S}"/Makefile.am
+
+ if use kernel_FreeBSD; then
+ #fix broken fbsd support
+ EPATCH_OPTS="-p0 -d ${S}" epatch "${FILESDIR}/nss_ldap-265-fbsd.patch"
+ fi
+
+ eautoreconf
+}
+
+multilib_src_configure() {
+ local myconf=()
+ use debug && myconf+=( --enable-debugging )
+ use kerberos && myconf+=( --enable-configurable-krb5-ccname-gssapi )
+ multilib_is_native_abi && myconf+=( --libdir="${EPREFIX}/$(get_libdir)" )
+ # --enable-schema-mapping \
+ ECONF_SOURCE=${S} \
+ econf \
+ --with-ldap-lib=openldap \
+ --with-ldap-conf-file="${EPREFIX}/etc/ldap.conf" \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ $(use_enable ssl) \
+ $(use_enable sasl) \
+ $(use_enable kerberos krb) \
+ "${myconf[@]}"
+
+ if use kernel_FreeBSD; then
+ # configure.in does not properly handle include dependencies
+ echo "#define HAVE_NETINET_IF_ETHER_H 1" >> ${S}/config.h
+ echo "#define HAVE_NET_ROUTE_H 1" >> ${S}/config.h
+ echo "#define HAVE_RESOLV_H 1" >> ${S}/config.h
+ fi
+}
+
+multilib_src_install() {
+ if use kernel_FreeBSD; then
+ emake -j1 DESTDIR="${D}" install
+ else
+ emake -j1 DESTDIR="${D}" install \
+ INST_UID=${PORTAGE_USER:-root} INST_GID=${PORTAGE_GROUP:-root}
+ fi
+}
+
+multilib_src_install_all() {
+ # dumb /usr/lib* -> /lib* symlinks gone wrong
+ rm -rf "${ED}"/usr/usr
+
+ insinto /etc
+ doins ldap.conf
+
+ # Append two blank lines and some skip entries
+ echo >>"${ED}"/etc/ldap.conf
+ echo >>"${ED}"/etc/ldap.conf
+ sed -i "${ED}"/etc/ldap.conf \
+ -e '$inss_initgroups_ignoreusers ldap,openldap,mysql,syslog,root,postgres'
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-265.ebuild b/sys-auth/nss_ldap/nss_ldap-265.ebuild
new file mode 100644
index 00000000000..cc441c33f9e
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-265.ebuild
@@ -0,0 +1,106 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug ssl sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )
+ ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_prepare() {
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-265-reconnect-timeouts.patch
+
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+
+ # Bug #214750, no automagic deps
+ epatch "${FILESDIR}"/${PN}-264-disable-automagic.patch
+
+ # Upstream forgets the version number sometimes
+ #sed -i \
+ # -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ # "${S}"/configure.in
+
+ # Include an SONAME
+ epatch "${FILESDIR}"/${PN}-254-soname.patch
+
+ sed -i \
+ -e 's, vers_string , ./vers_string ,g' \
+ "${S}"/Makefile.am
+
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ # --enable-schema-mapping \
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ $(use_enable ssl) \
+ $(use_enable sasl) \
+ $(use_enable kerberos krb) \
+ ${myconf} || die "configure failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/oath-toolkit/Manifest b/sys-auth/oath-toolkit/Manifest
new file mode 100644
index 00000000000..68413214448
--- /dev/null
+++ b/sys-auth/oath-toolkit/Manifest
@@ -0,0 +1 @@
+DIST oath-toolkit-2.4.1.tar.gz 4136649 SHA256 9bfa42cbc100eb6c43d2bf83e3badc51d9e6f4950a92e07513ae586d0c5e9b24 SHA512 2a3440d5c97afef00dacd235d5471e8bf68086dfdb20234a894e7534d75670808fef444fe1062525800bc5ffe368898302e6cf250cd76b7238cd602d7d05e89b WHIRLPOOL f74dc524a6845054f0d3126ac3a5555ca4ac8e5e70e108abc603622e8e73795e6cba81f3d39debca22a22c7c0f7aba133ec975acfbf8cf64a0b919f0ee1a802c
diff --git a/sys-auth/oath-toolkit/metadata.xml b/sys-auth/oath-toolkit/metadata.xml
new file mode 100644
index 00000000000..d184566c489
--- /dev/null
+++ b/sys-auth/oath-toolkit/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>robbat2@gentoo.org</email>
+ </maintainer>
+ <herd>sysadmin</herd>
+ <use>
+ <flag name="pskc">Build tools &amp; library for the Portable Symmetric Key Container (PSKC) format per RFC6030</flag>
+ <flag name="pam">Build PAM module for pluggable login authentication for OATH</flag>
+ </use>
+ <upstream>
+ <remote-id type="gitorious">oath-toolkit</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/oath-toolkit/oath-toolkit-2.4.1.ebuild b/sys-auth/oath-toolkit/oath-toolkit-2.4.1.ebuild
new file mode 100644
index 00000000000..a41e3dd4ffa
--- /dev/null
+++ b/sys-auth/oath-toolkit/oath-toolkit-2.4.1.ebuild
@@ -0,0 +1,55 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+EAPI=5
+
+inherit pam eutils autotools
+DESCRIPTION="Toolkit for using one-time password authentication with HOTP/TOTP algorithms"
+HOMEPAGE="http://www.nongnu.org/oath-toolkit/ http://gitorious.org/oath-toolkit/"
+SRC_URI="http://download.savannah.gnu.org/releases/${PN}/${P}.tar.gz"
+LICENSE="GPL-3 LGPL-2.1"
+
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="pam pskc test"
+
+RDEPEND="
+ pam? ( virtual/pam )
+ pskc? ( dev-libs/xmlsec )"
+DEPEND="${RDEPEND}
+ test? ( dev-libs/libxml2 )
+ dev-util/gtk-doc-am"
+
+src_prepare() {
+ # These tests need git/cvs and don't reflect anything in the final app
+ sed -i -r \
+ -e '/TESTS/s,test-vc-list-files-(git|cvs).sh,,g' \
+ gl/tests/Makefile.am
+ eautoreconf
+ default
+}
+
+src_configure() {
+ econf \
+ $(use_enable test xmltest ) \
+ $(use_enable pam) \
+ $(use_with pam pam-dir $(getpam_mod_dir)) \
+ $(use_enable pskc)
+}
+
+src_install() {
+ default
+ if use pam; then
+ newdoc pam_oath/README README.pam
+ fi
+ if use pskc; then
+ doman pskctool/pskctool.1
+ fi
+}
+
+src_test() {
+ # without keep-going, it will bail out after the first testsuite failure,
+ # skipping the other testsuites. as they are mostly independant, this sucks.
+ emake --keep-going check
+ [ $? -ne 0 ] && die "At least one testsuite failed"
+}
diff --git a/sys-auth/openpam/Manifest b/sys-auth/openpam/Manifest
new file mode 100644
index 00000000000..ee008d61483
--- /dev/null
+++ b/sys-auth/openpam/Manifest
@@ -0,0 +1 @@
+DIST openpam-20140912.tar.gz 457600 SHA256 82bc29397fa68ce49742618e0affdaa9abd4341d9ffbe607f9b10cdf1242bc87 SHA512 c6cfbd669fe1b67af43a33c33bf2587e1512c27f1b96b9b38df37b81ecc4999d85e04b361b19a7265dbf271ebd3de3bd55342ee4fdbee9c68836b69714706423 WHIRLPOOL 35e066f131be15c9427ebf21c062e9274d4745f47ede2df2082135dc5eb4b568067be28f71d373d2bd5e4f93fbc6ec29ef7f0baa8a7cbc399ab679192ebd2e44
diff --git a/sys-auth/openpam/files/openpam-20130907-gentoo.patch b/sys-auth/openpam/files/openpam-20130907-gentoo.patch
new file mode 100644
index 00000000000..89a63f26460
--- /dev/null
+++ b/sys-auth/openpam/files/openpam-20130907-gentoo.patch
@@ -0,0 +1,149 @@
+diff -Nur openpam-20130907.orig/include/security/Makefile.am openpam-20130907/include/security/Makefile.am
+--- openpam-20130907.orig/include/security/Makefile.am 2013-09-07 22:28:00.000000000 +0900
++++ openpam-20130907/include/security/Makefile.am 2013-11-26 23:24:54.000000000 +0900
+@@ -9,4 +9,5 @@
+ pam_appl.h \
+ pam_constants.h \
+ pam_modules.h \
+- pam_types.h
++ pam_types.h \
++ pam_mod_misc.h
+diff -Nur openpam-20130907.orig/include/security/pam_mod_misc.h openpam-20130907/include/security/pam_mod_misc.h
+--- openpam-20130907.orig/include/security/pam_mod_misc.h 1970-01-01 09:00:00.000000000 +0900
++++ openpam-20130907/include/security/pam_mod_misc.h 2013-11-26 23:24:54.000000000 +0900
+@@ -0,0 +1,56 @@
++/*-
++ * Copyright 1998 Juniper Networks, Inc.
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * $FreeBSD: src/lib/libpam/libpam/security/pam_mod_misc.h,v 1.12 2003/05/31 16:56:35 des Exp $
++ */
++
++#ifndef PAM_MOD_MISC_H
++#define PAM_MOD_MISC_H
++
++#include <sys/cdefs.h>
++
++/*
++ * Common option names
++ */
++#define PAM_OPT_NULLOK "nullok"
++#define PAM_OPT_AUTH_AS_SELF "auth_as_self"
++#define PAM_OPT_ECHO_PASS "echo_pass"
++#define PAM_OPT_DEBUG "debug"
++
++__BEGIN_DECLS
++void _pam_verbose_error(pam_handle_t *, int, const char *,
++ const char *, const char *, ...);
++__END_DECLS
++
++#define PAM_LOG(...) \
++ openpam_log(PAM_LOG_DEBUG, __VA_ARGS__)
++
++#define PAM_RETURN(arg) \
++ return (arg)
++
++#define PAM_VERBOSE_ERROR(...) \
++ _pam_verbose_error(pamh, flags, __FILE__, __FUNCTION__, __VA_ARGS__)
++
++#endif
+diff -Nur openpam-20130907.orig/lib/libpam/Makefile.am openpam-20130907/lib/libpam/Makefile.am
+--- openpam-20130907.orig/lib/libpam/Makefile.am 2013-09-07 22:28:00.000000000 +0900
++++ openpam-20130907/lib/libpam/Makefile.am 2013-11-26 23:25:33.000000000 +0900
+@@ -75,6 +75,7 @@
+ pam_verror.c \
+ pam_vinfo.c \
+ pam_vprompt.c \
++ pam_debug_log.c \
+ $(NULL)
+
+ libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@
+diff -Nur openpam-20130907.orig/lib/libpam/pam_debug_log.c openpam-20130907/lib/libpam/pam_debug_log.c
+--- openpam-20130907.orig/lib/libpam/pam_debug_log.c 1970-01-01 09:00:00.000000000 +0900
++++ openpam-20130907/lib/libpam/pam_debug_log.c 2013-11-26 23:24:54.000000000 +0900
+@@ -0,0 +1,64 @@
++/*-
++ * Copyright 2001 Mark R V Murray
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++#include <sys/cdefs.h>
++
++#ifndef __GLIBC__
++#include <libgen.h>
++#endif
++
++#include <stdarg.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++
++#include <security/pam_appl.h>
++#include <security/openpam.h>
++#include <security/pam_mod_misc.h>
++
++/* Print a verbose error, including the function name and a
++ * cleaned up filename.
++ */
++void
++_pam_verbose_error(pam_handle_t *pamh, int flags,
++ const char *file, const char *function, const char *format, ...)
++{
++ va_list ap;
++ char *fmtbuf, *modname, *period;
++
++ if (!(flags & PAM_SILENT) && !openpam_get_option(pamh, "no_warn")) {
++ modname = basename(file);
++ period = strchr(modname, '.');
++ if (period == NULL)
++ period = strchr(modname, '\0');
++ va_start(ap, format);
++ asprintf(&fmtbuf, "%.*s: %s: %s\n", (int)(period - modname),
++ modname, function, format);
++ pam_verror(pamh, fmtbuf, ap);
++ free(fmtbuf);
++ va_end(ap);
++ }
++}
diff --git a/sys-auth/openpam/files/openpam-20130907-module-dir.patch b/sys-auth/openpam/files/openpam-20130907-module-dir.patch
new file mode 100644
index 00000000000..01afadbbfb8
--- /dev/null
+++ b/sys-auth/openpam/files/openpam-20130907-module-dir.patch
@@ -0,0 +1,15 @@
+diff --git a/openpam-20130907/lib/libpam/openpam_constants.c b/openpam-20130907/lib/libpam/openpam_constants.c
+index 1cdd810..f66e469 100644
+--- a/openpam-20130907/lib/libpam/openpam_constants.c
++++ b/openpam-20130907/lib/libpam/openpam_constants.c
+@@ -135,8 +135,8 @@ const char *openpam_policy_path[] = {
+ };
+
+ const char *openpam_module_path[] = {
+-#ifdef OPENPAM_MODULES_DIRECTORY
+- OPENPAM_MODULES_DIRECTORY,
++#ifdef OPENPAM_MODULES_DIR
++ OPENPAM_MODULES_DIR,
+ #else
+ "/usr/lib",
+ "/usr/local/lib",
diff --git a/sys-auth/openpam/files/openpam-20130907-nbsd.patch b/sys-auth/openpam/files/openpam-20130907-nbsd.patch
new file mode 100644
index 00000000000..9e76c9f3054
--- /dev/null
+++ b/sys-auth/openpam/files/openpam-20130907-nbsd.patch
@@ -0,0 +1,12 @@
+--- openpam-20050201.orig/lib/libpam/pam_debug_log.c 2006-02-18 01:15:39.000000000 -0200
++++ openpam-20050201/lib/libpam/pam_debug_log.c 2006-02-18 01:16:30.000000000 -0200
+@@ -47,7 +47,8 @@
+ const char *file, const char *function, const char *format, ...)
+ {
+ va_list ap;
+- char *fmtbuf, *modname, *period;
++ char *fmtbuf;
++ const char *modname, *period;
+
+ if (!(flags & PAM_SILENT) && !openpam_get_option(pamh, "no_warn")) {
+ modname = basename(file);
diff --git a/sys-auth/openpam/metadata.xml b/sys-auth/openpam/metadata.xml
new file mode 100644
index 00000000000..35d02a20bf1
--- /dev/null
+++ b/sys-auth/openpam/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>bsd</herd>
+ <upstream>
+ <remote-id type="sourceforge">openpam</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/openpam/openpam-20140912.ebuild b/sys-auth/openpam/openpam-20140912.ebuild
new file mode 100644
index 00000000000..4151bd76a49
--- /dev/null
+++ b/sys-auth/openpam/openpam-20140912.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+AUTOTOOLS_AUTORECONF=1
+AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
+
+inherit multilib autotools-multilib
+
+DESCRIPTION="Open source PAM library"
+HOMEPAGE="http://www.openpam.org/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
+IUSE="debug vim-syntax"
+
+RDEPEND="!sys-libs/pam"
+DEPEND="sys-devel/make
+ dev-lang/perl"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-20130907-gentoo.patch"
+ "${FILESDIR}/${PN}-20130907-nbsd.patch"
+ "${FILESDIR}/${PN}-20130907-module-dir.patch"
+ )
+
+DOCS=( CREDITS HISTORY RELNOTES README )
+
+src_prepare() {
+ sed -i -e 's:-Werror::' "${S}/configure.ac"
+
+ autotools-multilib_src_prepare
+}
+
+my_configure() {
+ local myeconfargs=(
+ --with-modules-dir=/$(get_libdir)/security
+ )
+ autotools-utils_src_configure
+}
+
+src_configure() {
+ multilib_parallel_foreach_abi my_configure
+}
diff --git a/sys-auth/otpcalc/Manifest b/sys-auth/otpcalc/Manifest
new file mode 100644
index 00000000000..36425b6a8fc
--- /dev/null
+++ b/sys-auth/otpcalc/Manifest
@@ -0,0 +1 @@
+DIST otpCalc-0.97.tar.gz 123704 SHA256 e2c19fa6178ed42f0576650db6f94942cac366feadf82c2a679b35197c65f745 SHA512 5d22bd01fe90b32801d6f1c5ac3105036c14ac8197dda3c8454974ec72830a5f8cd693bd0520a51defdb0a7c7703483770410ba560436168826f8b6133a2524f WHIRLPOOL f73c745e336e9196003869c76cbf30a69dd94fde2549a2cd3391de531b36e36504e4d5c779159f254c425f69381be3bae05f0cdd13a1a920d593f82db0052459
diff --git a/sys-auth/otpcalc/files/otpcalc-0.97-badindex.diff b/sys-auth/otpcalc/files/otpcalc-0.97-badindex.diff
new file mode 100644
index 00000000000..53a32c4e1cc
--- /dev/null
+++ b/sys-auth/otpcalc/files/otpcalc-0.97-badindex.diff
@@ -0,0 +1,13 @@
+Allocate enough elements for array of func ptrs, bug 123976.
+
+--- otpCalc-0.97.orig/callbacks.c
++++ otpCalc-0.97/callbacks.c
+@@ -81,7 +81,7 @@
+ void calculate(void)
+ {
+
+- void (*hashes[4])();
++ void (*hashes[5])();
+
+ gchar *challenge, *passwd, *message, *response;
+ struct tokens *set;
diff --git a/sys-auth/otpcalc/files/otpcalc-0.97-gtk-deprecated.patch b/sys-auth/otpcalc/files/otpcalc-0.97-gtk-deprecated.patch
new file mode 100644
index 00000000000..83661773193
--- /dev/null
+++ b/sys-auth/otpcalc/files/otpcalc-0.97-gtk-deprecated.patch
@@ -0,0 +1,261 @@
+Do not use deprecated GTK symbols.
+Use accessor functions for GTK struct members.
+
+--- otpCalc-0.97-orig/callbacks.c
++++ otpCalc-0.97/callbacks.c
+@@ -65,14 +65,16 @@
+
+ bu_about_close = gtk_button_new_with_label("Close");
+
+- gtk_container_add(GTK_CONTAINER(GTK_DIALOG(di_about)->vbox),
++ gtk_container_add(GTK_CONTAINER(gtk_dialog_get_content_area(
++ GTK_DIALOG(di_about))),
+ la_about);
+- gtk_container_add(GTK_CONTAINER(GTK_DIALOG(di_about)->action_area),
++ gtk_container_add(GTK_CONTAINER(gtk_dialog_get_action_area(
++ GTK_DIALOG(di_about))),
+ bu_about_close);
+
+- gtk_signal_connect_object(GTK_OBJECT(bu_about_close), "clicked",
+- GTK_SIGNAL_FUNC(gtk_widget_destroy),
+- (gpointer)di_about);
++ g_signal_connect_swapped(G_OBJECT(bu_about_close), "clicked",
++ G_CALLBACK(gtk_widget_destroy),
++ (gpointer)di_about);
+
+ gtk_widget_show_all(di_about);
+
+@@ -176,10 +178,11 @@
+ );
+ gtk_misc_set_padding(GTK_MISC(la_netwarn), 10, 10);
+ gtk_label_set_line_wrap(GTK_LABEL(la_netwarn), TRUE);
+- gtk_container_add(GTK_CONTAINER(GTK_DIALOG(di_netwarn)->vbox),
++ gtk_container_add(GTK_CONTAINER(gtk_dialog_get_content_area(
++ GTK_DIALOG(di_netwarn))),
+ la_netwarn);
+
+- aa_netwarn = GTK_DIALOG(di_netwarn)->action_area;
++ aa_netwarn = gtk_dialog_get_action_area(GTK_DIALOG(di_netwarn));
+
+ bu_netwarn_ok = gtk_button_new_with_label("Yes");
+ gtk_container_add(GTK_CONTAINER(aa_netwarn), bu_netwarn_ok);
+@@ -187,12 +190,12 @@
+ bu_netwarn_canc = gtk_button_new_with_label("No");
+ gtk_container_add(GTK_CONTAINER(aa_netwarn), bu_netwarn_canc);
+
+- gtk_signal_connect_object(GTK_OBJECT(bu_netwarn_ok), "clicked",
+- GTK_SIGNAL_FUNC(gtk_widget_destroy),
+- (gpointer)di_netwarn);
++ g_signal_connect_swapped(G_OBJECT(bu_netwarn_ok), "clicked",
++ G_CALLBACK(gtk_widget_destroy),
++ (gpointer)di_netwarn);
+
+- gtk_signal_connect_object(GTK_OBJECT(bu_netwarn_canc), "clicked",
+- GTK_SIGNAL_FUNC(gtk_main_quit), NULL);
++ g_signal_connect_swapped(G_OBJECT(bu_netwarn_canc), "clicked",
++ G_CALLBACK(gtk_main_quit), NULL);
+
+ gtk_widget_show_all(di_netwarn);
+
+@@ -207,13 +210,13 @@
+ unsigned short parsed;
+
+
+- if (selection->length < 1)
++ if (gtk_selection_data_get_length(selection) < 1)
+ return;
+
+ set = g_malloc(sizeof(struct tokens));
+- set->seed = g_malloc(selection->length);
++ set->seed = g_malloc(gtk_selection_data_get_length(selection));
+
+- parsed = parse(selection->data, set);
++ parsed = parse(gtk_selection_data_get_data(selection), set);
+
+ g_free(set->seed);
+ g_free(set);
+@@ -221,7 +224,8 @@
+ if (!parsed)
+ return;
+
+- gtk_entry_set_text(GTK_ENTRY(te_challenge), selection->data);
++ gtk_entry_set_text(GTK_ENTRY(te_challenge),
++ gtk_selection_data_get_data(selection));
+
+ }
+
+--- otpCalc-0.97-orig/gui.c
++++ otpCalc-0.97/gui.c
+@@ -51,17 +51,17 @@
+ /* Setup the main window... */
+ wi_top = gtk_window_new(GTK_WINDOW_TOPLEVEL);
+ gtk_window_set_title(GTK_WINDOW(wi_top), "otpCalc");
+- gtk_window_set_policy(GTK_WINDOW(wi_top), FALSE, FALSE, TRUE);
++ gtk_window_set_resizable(GTK_WINDOW(wi_top), FALSE);
+ gtk_window_set_wmclass(GTK_WINDOW(wi_top), "otpCalc", "Calc");
+
+- gtk_signal_connect(GTK_OBJECT(wi_top), "delete_event",
+- GTK_SIGNAL_FUNC(gtk_main_quit), NULL);
++ g_signal_connect(G_OBJECT(wi_top), "delete_event",
++ G_CALLBACK(gtk_main_quit), NULL);
+
+- gtk_signal_connect(GTK_OBJECT(wi_top), "focus_in_event",
+- GTK_SIGNAL_FUNC(focus), NULL);
++ g_signal_connect(G_OBJECT(wi_top), "focus_in_event",
++ G_CALLBACK(focus), NULL);
+
+- gtk_signal_connect(GTK_OBJECT(wi_top), "selection_received",
+- GTK_SIGNAL_FUNC(selector), NULL);
++ g_signal_connect(G_OBJECT(wi_top), "selection_received",
++ G_CALLBACK(selector), NULL);
+ /* Done. */
+
+
+@@ -82,9 +82,9 @@
+ /* Setup the file menu... */
+ me_file = gtk_menu_new();
+ mi_file_quit = gtk_menu_item_new_with_label("Quit");
+- gtk_menu_append(GTK_MENU(me_file), mi_file_quit);
+- gtk_signal_connect_object(GTK_OBJECT(mi_file_quit), "activate",
+- GTK_SIGNAL_FUNC(gtk_main_quit), NULL);
++ gtk_menu_shell_append(GTK_MENU_SHELL(me_file), mi_file_quit);
++ g_signal_connect_swapped(G_OBJECT(mi_file_quit), "activate",
++ G_CALLBACK(gtk_main_quit), NULL);
+
+ gtk_widget_add_accelerator(mi_file_quit, "activate", accel_group, 0x071,
+ GDK_CONTROL_MASK, GTK_ACCEL_VISIBLE);
+@@ -97,40 +97,45 @@
+ me_sett = gtk_menu_new();
+
+ mi_sett_sha1 = gtk_radio_menu_item_new_with_label(hashes, "sha1");
+- gtk_menu_append(GTK_MENU(me_sett), mi_sett_sha1);
+- gtk_signal_connect_object(GTK_OBJECT(mi_sett_sha1), "activate",
+- GTK_SIGNAL_FUNC(sethash), (void *)SHA1);
+- hashes = gtk_radio_menu_item_group(GTK_RADIO_MENU_ITEM(mi_sett_sha1));
++ gtk_menu_shell_append(GTK_MENU_SHELL(me_sett), mi_sett_sha1);
++ g_signal_connect_swapped(G_OBJECT(mi_sett_sha1), "activate",
++ G_CALLBACK(sethash), (void *)SHA1);
++ hashes = gtk_radio_menu_item_get_group(
++ GTK_RADIO_MENU_ITEM(mi_sett_sha1));
+ gtk_widget_show(mi_sett_sha1);
+
+ mi_sett_rmd160 = gtk_radio_menu_item_new_with_label(hashes, "rmd160");
+- gtk_menu_append(GTK_MENU(me_sett), mi_sett_rmd160);
+- gtk_signal_connect_object(GTK_OBJECT(mi_sett_rmd160), "activate",
+- GTK_SIGNAL_FUNC(sethash), (void *)RMD160);
+- hashes = gtk_radio_menu_item_group(GTK_RADIO_MENU_ITEM(mi_sett_rmd160));
++ gtk_menu_shell_append(GTK_MENU_SHELL(me_sett), mi_sett_rmd160);
++ g_signal_connect_swapped(G_OBJECT(mi_sett_rmd160), "activate",
++ G_CALLBACK(sethash), (void *)RMD160);
++ hashes = gtk_radio_menu_item_get_group(
++ GTK_RADIO_MENU_ITEM(mi_sett_rmd160));
+ gtk_widget_show(mi_sett_rmd160);
+
+ mi_sett_md5 = gtk_radio_menu_item_new_with_label(hashes, "md5");
+- gtk_menu_append(GTK_MENU(me_sett), mi_sett_md5);
+- gtk_signal_connect_object(GTK_OBJECT(mi_sett_md5), "activate",
+- GTK_SIGNAL_FUNC(sethash), (void *)MD5);
+- hashes = gtk_radio_menu_item_group(GTK_RADIO_MENU_ITEM(mi_sett_md5));
++ gtk_menu_shell_append(GTK_MENU_SHELL(me_sett), mi_sett_md5);
++ g_signal_connect_swapped(G_OBJECT(mi_sett_md5), "activate",
++ G_CALLBACK(sethash), (void *)MD5);
++ hashes = gtk_radio_menu_item_get_group(
++ GTK_RADIO_MENU_ITEM(mi_sett_md5));
+ gtk_widget_show(mi_sett_md5);
+
+ gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(mi_sett_md5), TRUE);
+
+ mi_sett_md4 = gtk_radio_menu_item_new_with_label(hashes, "md4");
+- gtk_menu_append(GTK_MENU(me_sett), mi_sett_md4);
+- gtk_signal_connect_object(GTK_OBJECT(mi_sett_md4), "activate",
+- GTK_SIGNAL_FUNC(sethash), (void *)MD4);
+- hashes = gtk_radio_menu_item_group(GTK_RADIO_MENU_ITEM(mi_sett_md4));
++ gtk_menu_shell_append(GTK_MENU_SHELL(me_sett), mi_sett_md4);
++ g_signal_connect_swapped(G_OBJECT(mi_sett_md4), "activate",
++ G_CALLBACK(sethash), (void *)MD4);
++ hashes = gtk_radio_menu_item_get_group(
++ GTK_RADIO_MENU_ITEM(mi_sett_md4));
+ gtk_widget_show(mi_sett_md4);
+
+ mi_sett_skey = gtk_radio_menu_item_new_with_label(hashes, "s/key");
+- gtk_menu_append(GTK_MENU(me_sett), mi_sett_skey);
+- gtk_signal_connect_object(GTK_OBJECT(mi_sett_skey), "activate",
+- GTK_SIGNAL_FUNC(sethash), (void *)SKEY);
+- hashes = gtk_radio_menu_item_group(GTK_RADIO_MENU_ITEM(mi_sett_skey));
++ gtk_menu_shell_append(GTK_MENU_SHELL(me_sett), mi_sett_skey);
++ g_signal_connect_swapped(G_OBJECT(mi_sett_skey), "activate",
++ G_CALLBACK(sethash), (void *)SKEY);
++ hashes = gtk_radio_menu_item_get_group(
++ GTK_RADIO_MENU_ITEM(mi_sett_skey));
+ gtk_widget_show(mi_sett_skey);
+ /* Done. */
+
+@@ -138,9 +143,9 @@
+ /* Setup the help menu... */
+ me_help = gtk_menu_new();
+ mi_help_about = gtk_menu_item_new_with_label("About...");
+- gtk_menu_append(GTK_MENU(me_help), mi_help_about);
+- gtk_signal_connect_object(GTK_OBJECT(mi_help_about), "activate",
+- GTK_SIGNAL_FUNC(about), NULL);
++ gtk_menu_shell_append(GTK_MENU_SHELL(me_help), mi_help_about);
++ g_signal_connect_swapped(G_OBJECT(mi_help_about), "activate",
++ G_CALLBACK(about), NULL);
+ gtk_widget_show(mi_help_about);
+ /* Done. */
+
+@@ -156,18 +161,18 @@
+ mi_file = gtk_menu_item_new_with_label("File");
+ gtk_widget_show(mi_file);
+ gtk_menu_item_set_submenu(GTK_MENU_ITEM(mi_file), me_file);
+- gtk_menu_bar_append(GTK_MENU_BAR(mb_top), mi_file);
++ gtk_menu_shell_append(GTK_MENU_SHELL(mb_top), mi_file);
+
+ mi_sett = gtk_menu_item_new_with_label("Settings");
+ gtk_widget_show(mi_sett);
+ gtk_menu_item_set_submenu(GTK_MENU_ITEM(mi_sett), me_sett);
+- gtk_menu_bar_append(GTK_MENU_BAR(mb_top), mi_sett);
++ gtk_menu_shell_append(GTK_MENU_SHELL(mb_top), mi_sett);
+
+ mi_help = gtk_menu_item_new_with_label("Help");
+ gtk_widget_show(mi_help);
+ gtk_menu_item_set_submenu(GTK_MENU_ITEM(mi_help), me_help);
+- gtk_menu_bar_append(GTK_MENU_BAR(mb_top), mi_help);
+- gtk_menu_item_right_justify(GTK_MENU_ITEM(mi_help));
++ gtk_menu_shell_append(GTK_MENU_SHELL(mb_top), mi_help);
++ gtk_menu_item_set_right_justified(GTK_MENU_ITEM(mi_help), TRUE);
+ /* Done. */
+
+
+@@ -208,8 +213,8 @@
+ (GtkAttachOptions)(0), 5, 0);
+ gtk_widget_show(bu_calc);
+
+- gtk_signal_connect_object(GTK_OBJECT(bu_calc), "clicked",
+- GTK_SIGNAL_FUNC(calculate), NULL);
++ g_signal_connect_swapped(G_OBJECT(bu_calc), "clicked",
++ G_CALLBACK(calculate), NULL);
+ /* Done. */
+
+
+@@ -221,8 +226,8 @@
+ gtk_entry_set_visibility(GTK_ENTRY(te_passwd), FALSE);
+ gtk_widget_show(te_passwd);
+
+- gtk_signal_connect(GTK_OBJECT(te_passwd), "activate",
+- GTK_SIGNAL_FUNC(click), bu_calc);
++ g_signal_connect(G_OBJECT(te_passwd), "activate",
++ G_CALLBACK(click), bu_calc);
+ /* Done. */
+
+
+@@ -234,8 +239,8 @@
+ (GtkAttachOptions)(0), 5, 0);
+ gtk_widget_show(bu_clear);
+
+- gtk_signal_connect(GTK_OBJECT(bu_clear), "clicked",
+- GTK_SIGNAL_FUNC(clear), NULL);
++ g_signal_connect(G_OBJECT(bu_clear), "clicked",
++ G_CALLBACK(clear), NULL);
+ /* Done. */
+
+
diff --git a/sys-auth/otpcalc/files/otpcalc-0.97-gtk2-gentoo.patch b/sys-auth/otpcalc/files/otpcalc-0.97-gtk2-gentoo.patch
new file mode 100644
index 00000000000..f781b7372c4
--- /dev/null
+++ b/sys-auth/otpcalc/files/otpcalc-0.97-gtk2-gentoo.patch
@@ -0,0 +1,72 @@
+Make it work with GTK+ 2.
+
+--- otpCalc-0.97-orig/Makefile.in
++++ otpCalc-0.97/Makefile.in
+@@ -3,8 +3,8 @@
+
+ CC = @CC@
+ DEFS = -DVERSION=\"$(VER)\" @DEFS@
+-CFLAGS = -s -O3 -Wall -pipe `gtk-config --cflags`
+-LIBS = `gtk-config --libs` @LIBS@
++CFLAGS = -s -O3 -Wall -pipe `pkg-config --cflags gtk+-2.0`
++LIBS = `pkg-config --libs gtk+-2.0` @LIBS@
+
+ prefix = @prefix@
+ exec_prefix = @exec_prefix@
+--- otpCalc-0.97-orig/callbacks.c
++++ otpCalc-0.97/callbacks.c
+@@ -236,7 +236,7 @@
+ }
+
+
+-void focus(GtkWidget *widget, gpointer data)
++gboolean focus(GtkWidget *widget, GdkEvent *event, gpointer data)
+ {
+
+ static GdkAtom targets;
+@@ -244,12 +244,12 @@
+
+
+ if (!autopaste)
+- return;
++ return FALSE;
+
+ targets = gdk_atom_intern("STRING", FALSE);
+
+ gtk_selection_convert(widget, GDK_SELECTION_PRIMARY, targets,
+ GDK_CURRENT_TIME);
+
+-
++ return FALSE;
+ }
+--- otpCalc-0.97-orig/gui.c
++++ otpCalc-0.97/gui.c
+@@ -29,7 +29,7 @@
+ GtkWidget *te_response;
+
+ unsigned short hash;
+-unsigned short newline = 1;
++unsigned short newline = 0;
+ unsigned short autopaste = 1;
+
+ int main(int argc, char *argv[])
+@@ -147,7 +147,7 @@
+
+ /* Setup the menu bar... */
+ mb_top = gtk_menu_bar_new();
+- gtk_menu_bar_set_shadow_type(GTK_MENU_BAR(mb_top), GTK_SHADOW_NONE);
++ /*gtk_menu_bar_set_shadow_type(GTK_MENU_BAR(mb_top), GTK_SHADOW_NONE);*/
+ gtk_table_attach(GTK_TABLE(ta_top), mb_top, 0, 3, 0, 1,
+ (GtkAttachOptions)(GTK_FILL),
+ (GtkAttachOptions)(0), 0, 0);
+--- otpCalc-0.97-orig/utility.c
++++ otpCalc-0.97/utility.c
+@@ -422,7 +422,7 @@
+ words[extract(message, 33, 11)],
+ words[extract(message, 44, 11)],
+ words[extract(message, 55, 11)],
+- (newline == 1) ? "\n" : NULL);
++ (newline == 1) ? "\n" : "");
+
+ return response;
+
diff --git a/sys-auth/otpcalc/files/otpcalc-0.97-sha1-byteorder.patch b/sys-auth/otpcalc/files/otpcalc-0.97-sha1-byteorder.patch
new file mode 100644
index 00000000000..79f869ad1f7
--- /dev/null
+++ b/sys-auth/otpcalc/files/otpcalc-0.97-sha1-byteorder.patch
@@ -0,0 +1,53 @@
+Fix SHA1 byte-order issue for conformance with RFC 2289.
+
+--- otpCalc-0.97-orig/crypto.c
++++ otpCalc-0.97/crypto.c
+@@ -199,6 +199,8 @@
+ for (i = 0; i < 4; i++)
+ digest[i] ^= digest[i+16];
+
+- memcpy(message, digest, 8);
++ /* Fix byte order, as required by RFC 2289 Appendix A */
++ for (i = 0; i < 8; i++)
++ message[i] = digest[i^3];
+
+ }
+--- otpCalc-0.97-orig/sha1.h
++++ otpCalc-0.97/sha1.h
+@@ -1,3 +1,5 @@
++#include "config.h"
++
+ #ifndef i386
+ typedef long int int64;
+ typedef unsigned long int uint64;
+@@ -28,7 +30,7 @@
+
+ #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+-#ifdef WORDS_BIGENDIAN
++#ifndef WORDS_BIGENDIAN
+ #define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
+ |(rol(block->l[i],8)&0x00FF00FF))
+ #else
+--- otpCalc-0.97-orig/otpCalc.man
++++ otpCalc-0.97/otpCalc.man
+@@ -47,9 +47,6 @@
+ RFC 2289, RFC 1740
+ .SH "AUTHOR"
+ Anthony D. Urso <anthonyu@killa.net>.
+-.SH "BUGS"
+-SHA1 output differs from RFC2289; however, the output is consistant with
+-other implementations.
+ .SH "COPYRIGHT"
+ Copyright \(co 2001 Anthony D. Urso.
+ .br
+--- otpCalc-0.97-orig/BUGS
++++ otpCalc-0.97/BUGS
+@@ -16,3 +16,7 @@
+
+ Thanks,
+ Anthony
++
++Note: Above-mentioned SHA1 issue is fixed in the Gentoo version.
++The output now agrees with RFC 2289 and with S/Key.
++ - Ulrich Mueller <ulm@gentoo.org>
diff --git a/sys-auth/otpcalc/files/otpcalc-0.97-skey-md5.patch b/sys-auth/otpcalc/files/otpcalc-0.97-skey-md5.patch
new file mode 100644
index 00000000000..39ab2675b21
--- /dev/null
+++ b/sys-auth/otpcalc/files/otpcalc-0.97-skey-md5.patch
@@ -0,0 +1,24 @@
+Change default s/key hash to MD5 (same as sys-auth/skey).
+
+--- otpCalc-0.97-orig/callbacks.c
++++ otpCalc-0.97/callbacks.c
+@@ -90,7 +90,7 @@
+ unsigned char results[9];
+
+
+- hashes[SKEY] = md4lite;
++ hashes[SKEY] = md5lite;
+ hashes[MD4] = md4lite;
+ hashes[MD5] = md5lite;
+ hashes[RMD160] = rmd160lite;
+--- otpCalc-0.97-orig/otpCalc.man
++++ otpCalc-0.97/otpCalc.man
+@@ -30,7 +30,7 @@
+ cb l
+ cb l
+ cb l.
+-s/key#MD4
++s/key#MD5
+ otp-md4#MD4
+ otp-md5#MD5
+ otp-rmd160#RIPEMD-160
diff --git a/sys-auth/otpcalc/files/otpcalc-crypto-proto.diff b/sys-auth/otpcalc/files/otpcalc-crypto-proto.diff
new file mode 100644
index 00000000000..05ba89fc1fe
--- /dev/null
+++ b/sys-auth/otpcalc/files/otpcalc-crypto-proto.diff
@@ -0,0 +1,13 @@
+Correct crypto prototypes, bug 123993.
+
+--- otpCalc-0.97.orig/crypto.h
++++ otpCalc-0.97/crypto.h
+@@ -1,4 +1,4 @@
+-void md4lite(char *, size_t);
+-void md5lite(char *, size_t);
+-void rmd160lite(char *, size_t);
+-void sha1lite(char *, size_t);
++void md4lite(char *message, unsigned int len);
++void md5lite(char *message, unsigned int len);
++void rmd160lite(char *message, unsigned int len);
++void sha1lite(char *message, unsigned int len);
diff --git a/sys-auth/otpcalc/files/otpcalc-man-table-format.diff b/sys-auth/otpcalc/files/otpcalc-man-table-format.diff
new file mode 100644
index 00000000000..bbd767ef215
--- /dev/null
+++ b/sys-auth/otpcalc/files/otpcalc-man-table-format.diff
@@ -0,0 +1,35 @@
+Make missing list appear in man page, bug 90900.
+
+--- otpCalc.man.orig
++++ otpCalc.man
+@@ -24,18 +24,20 @@
+ the Challenge input:
+ .IP
+ .TS
+-s/key MD4
+-.br
+-otp-md4 MD4
+-.br
+-otp-md5 MD5
+-.br
+-otp-rmd160 RIPEMD-160
+-.br
+-otp-sha1 SHA1
+-.br
++allbox tab(#);
++cb l
++cb l
++cb l
++cb l
++cb l.
++s/key#MD4
++otp-md4#MD4
++otp-md5#MD5
++otp-rmd160#RIPEMD-160
++otp-sha1#SHA1
+ .TE
+ .LP
++.LP
+ In the absence of a prefix, the default hash, specified in the Settings menu,
+ is used.
+ .SH "SEE ALSO"
diff --git a/sys-auth/otpcalc/files/otpcalc.desktop b/sys-auth/otpcalc/files/otpcalc.desktop
new file mode 100644
index 00000000000..25c84065238
--- /dev/null
+++ b/sys-auth/otpcalc/files/otpcalc.desktop
@@ -0,0 +1,8 @@
+[Desktop Entry]
+Type=Application
+Version=1.0
+Name=otpCalc
+Comment=One Time Password and S/Key calculator
+Icon=dialog-password
+Exec=otpCalc
+Categories=Utility;GTK;System;Security;
diff --git a/sys-auth/otpcalc/metadata.xml b/sys-auth/otpcalc/metadata.xml
new file mode 100644
index 00000000000..16b496842e5
--- /dev/null
+++ b/sys-auth/otpcalc/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer>
+ <email>ulm@gentoo.org</email>
+</maintainer>
+<longdescription lang="en">
+ otpCalc is an RFC2289 and RFC1760 compliant one time password calculator,
+ written to use the GTK+ library for screen I/O.
+</longdescription>
+</pkgmetadata>
diff --git a/sys-auth/otpcalc/otpcalc-0.97-r6.ebuild b/sys-auth/otpcalc/otpcalc-0.97-r6.ebuild
new file mode 100644
index 00000000000..7820ae85e2f
--- /dev/null
+++ b/sys-auth/otpcalc/otpcalc-0.97-r6.ebuild
@@ -0,0 +1,54 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils toolchain-funcs
+
+DESCRIPTION="A One Time Password and S/Key calculator for X"
+HOMEPAGE="http://killa.net/infosec/otpCalc/"
+SRC_URI="http://killa.net/infosec/otpCalc/otpCalc-${PV}.tar.gz"
+
+LICENSE="GPL-2+" # bundled crypto functions are not used
+SLOT="0"
+KEYWORDS="alpha amd64 ppc sparc x86"
+IUSE=""
+
+RDEPEND="x11-libs/gtk+:2
+ dev-libs/openssl"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+S="${WORKDIR}/otpCalc-${PV}"
+
+src_prepare() {
+ epatch \
+ "${FILESDIR}/${PN}-man-table-format.diff" \
+ "${FILESDIR}/${P}-badindex.diff" \
+ "${FILESDIR}/${PN}-crypto-proto.diff" \
+ "${FILESDIR}/${P}-gtk2-gentoo.patch" \
+ "${FILESDIR}/${P}-skey-md5.patch" \
+ "${FILESDIR}/${P}-sha1-byteorder.patch" \
+ "${FILESDIR}/${P}-gtk-deprecated.patch"
+
+ # print correct version in manpage
+ sed -i -e "s/VERSION/${PV}/g" otpCalc.man || die
+
+ # override hardcoded FLAGS
+ sed -i \
+ -e 's:$(CC) $(CFLAGS) $^:$(CC) $(LDFLAGS) $(CFLAGS) $^:' \
+ -e "s#-s -O3#${CFLAGS}#g" \
+ Makefile.in || die
+
+ tc-export CC
+}
+
+src_install() {
+ dobin otpCalc
+ dosym otpCalc /usr/bin/otpcalc
+ newman otpCalc.man otpCalc.1
+ newman - otpcalc.1 <<<".so man1/otpCalc.1"
+ domenu "${FILESDIR}/${PN}.desktop"
+ dodoc BUGS ChangeLog TODO
+}
diff --git a/sys-auth/pam-afs-session/Manifest b/sys-auth/pam-afs-session/Manifest
new file mode 100644
index 00000000000..6d51c4a1437
--- /dev/null
+++ b/sys-auth/pam-afs-session/Manifest
@@ -0,0 +1,3 @@
+DIST pam-afs-session-1.3.tar.gz 98643 SHA256 f8cfaf01d0f3025ab6d51c55cf26746a4ddd63dd9156577981ee4cbb453856a9
+DIST pam-afs-session-1.5.tar.gz 101464 SHA256 473b8b1904f0ed1c3748667b037f92aff765f9c8f60e650d81452c6394e26768
+DIST pam-afs-session-1.6.tar.gz 115666 SHA256 c6ecfc69dc8e901f881f0a931797b44a10f47c8c35206e9289336d9435a9f2f8
diff --git a/sys-auth/pam-afs-session/metadata.xml b/sys-auth/pam-afs-session/metadata.xml
new file mode 100644
index 00000000000..81ada335fc9
--- /dev/null
+++ b/sys-auth/pam-afs-session/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>pam</herd>
+</pkgmetadata>
diff --git a/sys-auth/pam-afs-session/pam-afs-session-1.3.ebuild b/sys-auth/pam-afs-session/pam-afs-session-1.3.ebuild
new file mode 100644
index 00000000000..33d10d6f4f9
--- /dev/null
+++ b/sys-auth/pam-afs-session/pam-afs-session-1.3.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit pam
+
+DESCRIPTION="OpenAFS PAM Module"
+HOMEPAGE="http://www.eyrie.org/~eagle/software/pam-afs-session/"
+SRC_URI="http://archives.eyrie.org/software/afs/${P}.tar.gz"
+
+LICENSE="HPND openafs-krb5-a"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="virtual/krb5 virtual/pam"
+RDEPEND="${DEPEND}"
+
+src_compile() {
+ econf --with-kerberos || die "econf failed"
+ emake || die "emake failed"
+}
+
+src_install() {
+ dopammod pam_afs_session.so
+ doman pam_afs_session.5
+ dodoc CHANGES NEWS README TODO
+}
diff --git a/sys-auth/pam-afs-session/pam-afs-session-1.5.ebuild b/sys-auth/pam-afs-session/pam-afs-session-1.5.ebuild
new file mode 100644
index 00000000000..33d10d6f4f9
--- /dev/null
+++ b/sys-auth/pam-afs-session/pam-afs-session-1.5.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit pam
+
+DESCRIPTION="OpenAFS PAM Module"
+HOMEPAGE="http://www.eyrie.org/~eagle/software/pam-afs-session/"
+SRC_URI="http://archives.eyrie.org/software/afs/${P}.tar.gz"
+
+LICENSE="HPND openafs-krb5-a"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="virtual/krb5 virtual/pam"
+RDEPEND="${DEPEND}"
+
+src_compile() {
+ econf --with-kerberos || die "econf failed"
+ emake || die "emake failed"
+}
+
+src_install() {
+ dopammod pam_afs_session.so
+ doman pam_afs_session.5
+ dodoc CHANGES NEWS README TODO
+}
diff --git a/sys-auth/pam-afs-session/pam-afs-session-1.6.ebuild b/sys-auth/pam-afs-session/pam-afs-session-1.6.ebuild
new file mode 100644
index 00000000000..33d10d6f4f9
--- /dev/null
+++ b/sys-auth/pam-afs-session/pam-afs-session-1.6.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit pam
+
+DESCRIPTION="OpenAFS PAM Module"
+HOMEPAGE="http://www.eyrie.org/~eagle/software/pam-afs-session/"
+SRC_URI="http://archives.eyrie.org/software/afs/${P}.tar.gz"
+
+LICENSE="HPND openafs-krb5-a"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="virtual/krb5 virtual/pam"
+RDEPEND="${DEPEND}"
+
+src_compile() {
+ econf --with-kerberos || die "econf failed"
+ emake || die "emake failed"
+}
+
+src_install() {
+ dopammod pam_afs_session.so
+ doman pam_afs_session.5
+ dodoc CHANGES NEWS README TODO
+}
diff --git a/sys-auth/pam-csync/Manifest b/sys-auth/pam-csync/Manifest
new file mode 100644
index 00000000000..3ddef839ee5
--- /dev/null
+++ b/sys-auth/pam-csync/Manifest
@@ -0,0 +1 @@
+DIST pam_csync-0.42.0.tar.gz 30457 SHA256 bba01854ee5929ecc90428275a50f804d361e92f2805f1d2eff7d3f2bca48802 SHA512 ef6d0fbadf6afdf5a5adad1905e976330506fdf60835aa4190959b855fbc2c4c61bd709fe2aaaab731ec5430c999b3fd5e23f3a81c35a7b266b23cd092d24e06 WHIRLPOOL b81a0a9ad1e0188856cc6ffc265c44cc67a3603fb550bc59c4aa8a63198a9898d389238a7582c439add1528eaba6bf2aa930d65dd3429c901d9e6b3ecb2328ac
diff --git a/sys-auth/pam-csync/files/pam-csync-0.42.0-cmake.patch b/sys-auth/pam-csync/files/pam-csync-0.42.0-cmake.patch
new file mode 100644
index 00000000000..2b650d232e2
--- /dev/null
+++ b/sys-auth/pam-csync/files/pam-csync-0.42.0-cmake.patch
@@ -0,0 +1,25 @@
+From 21dfcf6343cec2feb0e4ebd8b9e22a3aa39e5d9d Mon Sep 17 00:00:00 2001
+From: Jim McDonough <jmcd@samba.org>
+Date: Mon, 10 Mar 2014 10:16:28 -0400
+Subject: [PATCH 1/2] Remove backward compatibility option for newer cmake
+ builds to work.
+
+---
+ src/CMakeLists.txt | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index 6732a3f..40225e4 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -41,7 +41,6 @@ include_directories(
+ ${PAM_CSYNC_PRIVATE_INCLUDE_DIRS}
+ )
+
+-set(CMAKE_BACKWARDS_COMPATIBILITY "2.2")
+ macro_add_plugin(${PAM_CSYNC_LIBRARY} ${pam_SRCS})
+
+ target_link_libraries(${PAM_CSYNC_LINK_LIBRARIES})
+--
+1.8.4.5
+
diff --git a/sys-auth/pam-csync/files/pam-csync-0.42.0-ocsync.patch b/sys-auth/pam-csync/files/pam-csync-0.42.0-ocsync.patch
new file mode 100644
index 00000000000..117a2b0db26
--- /dev/null
+++ b/sys-auth/pam-csync/files/pam-csync-0.42.0-ocsync.patch
@@ -0,0 +1,33 @@
+Since 0.60.0, upstream renamed to "ocsync".
+
+--- cmake/Modules/FindCSYNC.cmake
++++ cmake/Modules/FindCSYNC.cmake
+@@ -20,7 +20,7 @@
+ else (CSYNC_LIBRARIES AND CSYNC_INCLUDE_DIRS)
+ find_path(CSYNC_INCLUDE_DIR
+ NAMES
+- csync/csync.h
++ ocsync/csync.h
+ PATHS
+ /usr/include
+ /usr/local/include
+@@ -30,7 +30,7 @@
+
+ find_library(CSYNC_LIBRARY
+ NAMES
+- csync
++ ocsync
+ PATHS
+ /usr/lib
+ /usr/local/lib
+--- src/pam_csync.c
++++ src/pam_csync.c
+@@ -50,7 +50,7 @@
+ #include <security/pam_modutil.h>
+ #include <security/pam_ext.h>
+
+-#include <csync/csync.h>
++#include <ocsync/csync.h>
+
+ #include "pam_csync.h"
+ #include "config.h"
diff --git a/sys-auth/pam-csync/metadata.xml b/sys-auth/pam-csync/metadata.xml
new file mode 100644
index 00000000000..91f4e72fb54
--- /dev/null
+++ b/sys-auth/pam-csync/metadata.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>maintainer-needed@gentoo.org</email>
+ </maintainer>
+</pkgmetadata>
diff --git a/sys-auth/pam-csync/pam-csync-0.42.0-r1.ebuild b/sys-auth/pam-csync/pam-csync-0.42.0-r1.ebuild
new file mode 100644
index 00000000000..52c4b9a89d5
--- /dev/null
+++ b/sys-auth/pam-csync/pam-csync-0.42.0-r1.ebuild
@@ -0,0 +1,32 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit cmake-utils
+
+DESCRIPTION="PAM module to provide roaming home directories for a user session"
+HOMEPAGE="http://www.csync.org/"
+SRC_URI="http://www.csync.org/files/${P/-/_}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+RDEPEND="
+ >=dev-libs/iniparser-3.1
+ >=net-misc/ocsync-0.60.0
+ virtual/pam
+"
+DEPEND="${DEPEND}
+ app-text/asciidoc
+"
+
+S="${WORKDIR}/${P/-/_}"
+
+PATCHES=(
+ "${FILESDIR}/${P}-cmake.patch"
+ "${FILESDIR}/${P}-ocsync.patch"
+)
diff --git a/sys-auth/pam-pgsql/Manifest b/sys-auth/pam-pgsql/Manifest
new file mode 100644
index 00000000000..1989fc8cc1c
--- /dev/null
+++ b/sys-auth/pam-pgsql/Manifest
@@ -0,0 +1,2 @@
+DIST pam-pgsql-0.7.3.1.tar.gz 301678 SHA256 c9327e7636e81a2d2bbaf4f017edbd9319a08df1654c9d1875e6f933750548dd
+DIST pam-pgsql-0.7.3.tar.gz 302305 SHA256 0d1f4c2ca220a746b8750fa9c4c019e4129e16312b2cb46c78ef282dc018571b
diff --git a/sys-auth/pam-pgsql/metadata.xml b/sys-auth/pam-pgsql/metadata.xml
new file mode 100644
index 00000000000..4b531216ac2
--- /dev/null
+++ b/sys-auth/pam-pgsql/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>pam</herd>
+ <maintainer>
+ <email>pam-bugs@gentoo.org</email>
+ </maintainer>
+ <upstream>
+ <remote-id type="sourceforge">pam-pgsql</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam-pgsql/pam-pgsql-0.7.3.1.ebuild b/sys-auth/pam-pgsql/pam-pgsql-0.7.3.1.ebuild
new file mode 100644
index 00000000000..37b913a5bee
--- /dev/null
+++ b/sys-auth/pam-pgsql/pam-pgsql-0.7.3.1.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+
+inherit eutils pam
+
+DESCRIPTION="pam_pgsql is a module for pam to authenticate users with PostgreSQL"
+HOMEPAGE="http://sourceforge.net/projects/pam-pgsql/"
+
+if [[ ${PV} = *_p* ]]; then
+ SRC_URI="http://www.flameeyes.eu/gentoo-distfiles/${P}.tar.gz"
+else
+ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+fi
+
+RDEPEND="virtual/pam
+ >=dev-db/postgresql-8.0
+ >=dev-libs/libgcrypt-1.2.0:0"
+DEPEND="${RDEPEND}"
+
+LICENSE="GPL-2"
+
+IUSE=""
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+src_configure() {
+ econf \
+ --sysconfdir=/etc/security \
+ --libdir=/$(get_libdir) \
+ --docdir=/usr/share/doc/${PF} || die "econf failed"
+}
+
+src_compile() {
+ emake pammoddir="$(getpam_mod_dir)" || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" pammoddir="$(getpam_mod_dir)" install || die "emake install failed"
+ find "${D}" -name '*.la' -delete
+}
+
+pkg_postinst() {
+ elog "Please see the documentation and configuration examples in the"
+ elog "documentation directory at /usr/share/doc/${PF}."
+ elog ""
+ elog "Please note that the default configuration file in Gentoo has been"
+ elog "moved to /etc/security/pam-pgsql.conf to follow the other PAM modules."
+}
diff --git a/sys-auth/pam-pgsql/pam-pgsql-0.7.3.ebuild b/sys-auth/pam-pgsql/pam-pgsql-0.7.3.ebuild
new file mode 100644
index 00000000000..37b913a5bee
--- /dev/null
+++ b/sys-auth/pam-pgsql/pam-pgsql-0.7.3.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+
+inherit eutils pam
+
+DESCRIPTION="pam_pgsql is a module for pam to authenticate users with PostgreSQL"
+HOMEPAGE="http://sourceforge.net/projects/pam-pgsql/"
+
+if [[ ${PV} = *_p* ]]; then
+ SRC_URI="http://www.flameeyes.eu/gentoo-distfiles/${P}.tar.gz"
+else
+ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+fi
+
+RDEPEND="virtual/pam
+ >=dev-db/postgresql-8.0
+ >=dev-libs/libgcrypt-1.2.0:0"
+DEPEND="${RDEPEND}"
+
+LICENSE="GPL-2"
+
+IUSE=""
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+src_configure() {
+ econf \
+ --sysconfdir=/etc/security \
+ --libdir=/$(get_libdir) \
+ --docdir=/usr/share/doc/${PF} || die "econf failed"
+}
+
+src_compile() {
+ emake pammoddir="$(getpam_mod_dir)" || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" pammoddir="$(getpam_mod_dir)" install || die "emake install failed"
+ find "${D}" -name '*.la' -delete
+}
+
+pkg_postinst() {
+ elog "Please see the documentation and configuration examples in the"
+ elog "documentation directory at /usr/share/doc/${PF}."
+ elog ""
+ elog "Please note that the default configuration file in Gentoo has been"
+ elog "moved to /etc/security/pam-pgsql.conf to follow the other PAM modules."
+}
diff --git a/sys-auth/pam-script/Manifest b/sys-auth/pam-script/Manifest
new file mode 100644
index 00000000000..dd51f4f7e5f
--- /dev/null
+++ b/sys-auth/pam-script/Manifest
@@ -0,0 +1,2 @@
+DIST pam-script-1.1.6.tar.gz 326758 SHA256 d7cb2fadf8db8fcd099a7a7151ec1b018e79f110af79955df0e0081ea3a93e1d SHA512 4c0f03e4ee3ad062c0a6c71982c283e944cd595d3af656f149ea89b583568373f72478130a614cd851f12a1440976abcd51c8932c5fd4753858d13d91888728a WHIRLPOOL 7bdc21db809f61243d3750a74f038cae3a61f2f5ee66c12a12159fa2094b6dc7f9ce9e3c095a0c4dd258dbda277d85e0c29f30047e1255cf35412a7ff0399c98
+DIST pam-script-1.1.7.tar.gz 328385 SHA256 ae38ed76e8e5aec47d6838212b92ce2ced4ba93adbdcfead69f956703a809ff3 SHA512 c0e1df7d3b91cb5be4166fd4680556d5ee4f74df0de299f3629c91081b89ab58390d7b5d0dde5acf3509b30a62553d08e4b2fdf154bce064937f45e2ec08db35 WHIRLPOOL 9c743a5de6695fae8433a1d26fddbb95e67276f382c106116b3fb9ddef80a7f283fafa13cce0f7212caac0fe6162f0f94eff2adb53834d154fe8127ca8df5220
diff --git a/sys-auth/pam-script/metadata.xml b/sys-auth/pam-script/metadata.xml
new file mode 100644
index 00000000000..91f671da840
--- /dev/null
+++ b/sys-auth/pam-script/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>chutzpah@gentoo.org</email>
+ <name>Patrick McLean</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="github">jeroennijhof/pam_script</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam-script/pam-script-1.1.6.ebuild b/sys-auth/pam-script/pam-script-1.1.6.ebuild
new file mode 100644
index 00000000000..c0c587b5a91
--- /dev/null
+++ b/sys-auth/pam-script/pam-script-1.1.6.ebuild
@@ -0,0 +1,37 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit multilib
+
+DESCRIPTION="PAM module for executing scripts during authorization, password changes, and sessions"
+HOMEPAGE="http://sourceforge.net/projects/pam-script/ https://github.com/jeroennijhof/pam_script/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="examples"
+
+RDEPEND="virtual/pam"
+DEPEND="${RDEPEND}"
+
+src_configure() {
+ econf \
+ --libdir=/$(get_libdir)/security \
+ --sysconfdir=/etc/security/${PN}
+}
+
+src_install() {
+ default
+
+ if use examples ; then
+ docinto examples
+ dodoc etc/README.examples
+ exeinto /usr/share/doc/${PF}/examples
+ doexe etc/{logscript,tally}
+ docompress -x /usr/share/doc/${PF}/examples/{logscript,tally}
+ fi
+}
diff --git a/sys-auth/pam-script/pam-script-1.1.7.ebuild b/sys-auth/pam-script/pam-script-1.1.7.ebuild
new file mode 100644
index 00000000000..59c1581f8ff
--- /dev/null
+++ b/sys-auth/pam-script/pam-script-1.1.7.ebuild
@@ -0,0 +1,37 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit multilib
+
+DESCRIPTION="PAM module for executing scripts during authorization, password changes, and sessions"
+HOMEPAGE="http://sourceforge.net/projects/pam-script/ https://github.com/jeroennijhof/pam_script/"
+SRC_URI="http://dev.gentoo.org/~radhermit/dist/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="examples"
+
+RDEPEND="virtual/pam"
+DEPEND="${RDEPEND}"
+
+src_configure() {
+ econf \
+ --libdir=/$(get_libdir)/security \
+ --sysconfdir=/etc/security/${PN}
+}
+
+src_install() {
+ default
+
+ if use examples ; then
+ docinto examples
+ dodoc etc/README.examples
+ exeinto /usr/share/doc/${PF}/examples
+ doexe etc/{logscript,tally}
+ docompress -x /usr/share/doc/${PF}/examples/{logscript,tally}
+ fi
+}
diff --git a/sys-auth/pam_abl/Manifest b/sys-auth/pam_abl/Manifest
new file mode 100644
index 00000000000..e21261f206e
--- /dev/null
+++ b/sys-auth/pam_abl/Manifest
@@ -0,0 +1,3 @@
+DIST pam-abl-0.4.1.tar.bz2 250473 SHA256 42680216ab541510c33c7303ebc2a81e3d2f1a64f5df0ae78e7b335eaa767a5e SHA512 a266fcc1aeb0fd95f9d3da69a4e9eac15e9fe0c10ed32d2af3ce5e00f4ee1f599fea6b7695902f3a13bcc0f9a831ccde24b1f3cbcce6b6988b60b04a9c420509 WHIRLPOOL 27aa7456836d38704dc67299e2f3bff3ad68e0610f3986dc716ee278d4191cdab3db30d5fa3b2e8cc5bd95b80c55f7ce6c2a4b3b33c70605dd19b5155dd20f4e
+DIST pam-abl-0.5.0.tar.gz 41038 SHA256 2ef75438179e15a0d657e73659c083938dde10706008fd73c960f848d791ec38 SHA512 3b87c0bd0ee42f72bbef202735bf53f04336d19618a8edbd75ccb2d71d8ce8772fde475bdb4236bd422b723eb3771029e259f70e49e8de80d2d2a27a571f5ccc WHIRLPOOL e077c69c9cd127055fc5d2e3e4c941fbfe364e0fd9637b91a75f0d08d9aadf8d2b4fd790698f1a570c7da1110f49a603e5da38c1b1c05cf1f8298ec4fc2184b9
+DIST pam-abl-0.6.0.tar.gz 48882 SHA256 dff9437af247fee19e8269919a3eed44c1e69874c1fa06325997c8d1eeb7eeb4 SHA512 fd4fca672800683f87eba4c9804925d0f1c0e5991a32af7d045787cf571d5d98996d2303460fada4796432916c713973c82c3a70da06d686194e97bfb0e8198e WHIRLPOOL 69363207a20a8c7ee935eb4f716ca61c019de8416d54cff0b41fac474dc6da089cc77d2b13c6e344f7296be0425fe804e63dbb61962018b9559f871fe9c36f38
diff --git a/sys-auth/pam_abl/metadata.xml b/sys-auth/pam_abl/metadata.xml
new file mode 100644
index 00000000000..b0b1e5478f5
--- /dev/null
+++ b/sys-auth/pam_abl/metadata.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>pam</herd>
+ <herd>proxy-maintainers</herd>
+ <maintainer>
+ <email>swapon@gmail.com</email>
+ <name>Alessio Cassibba</name>
+ </maintainer>
+ <longdescription lang="en">
+PAM module that provides auto blacklisting of hosts and users responsible for repeated failed authentication attempts.
+Once a host is blacklisted it is guaranteed to fail authentication even if the correct credentials are provided.
+Hosts which stop attempting to authenticate will, after a period of time, be un-blacklisted.
+</longdescription>
+ <longdescription lang="it">
+Modulo Pam che permette di mantenere automaticamente una blacklist di host ed utenti responsabili di ripetuti tentativi di autenticazione falliti.
+Gli host soggetti a blacklist vedranno fallire i tentativi di login anche qualora le corrette credenziali vengano fornite.
+Una volta cessati i tentativi di autenticazione, dopo un certo periodo di tempo, gli host verranno riabilitati.
+</longdescription>
+ <upstream>
+ <remote-id type="sourceforge">pam-abl</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam_abl/pam_abl-0.4.1.ebuild b/sys-auth/pam_abl/pam_abl-0.4.1.ebuild
new file mode 100644
index 00000000000..925ad353b52
--- /dev/null
+++ b/sys-auth/pam_abl/pam_abl-0.4.1.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+
+MY_PN="${PN/_/-}"
+MY_P="${MY_PN}-${PV}"
+
+inherit flag-o-matic pam
+
+DESCRIPTION="PAM module for blacklisting of hosts and users on repeated failed authentication attempts"
+HOMEPAGE="http://pam-abl.deksai.com/"
+SRC_URI="mirror://sourceforge/${MY_PN}/${MY_P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE=""
+
+DEPEND=">=sys-libs/pam-0.78-r2
+ >=sys-libs/db-4.2.52_p2"
+RDEPEND="${DEPEND}"
+
+S="${WORKDIR}/${MY_P}"
+
+src_configure() {
+ econf \
+ --enable-shared \
+ --disable-static \
+ --disable-dependency-tracking \
+ --enable-fast-install \
+ --docdir=/usr/share/doc/${PF} \
+ --with-pam-dir=$(getpam_mod_dir) \
+ || die
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die
+ dopamsecurity . conf/pam_abl.conf
+
+ keepdir /var/db/abl
+}
+
+pkg_postinst() {
+ elog "See /usr/share/doc/${PF}/ for configuration info and set up "
+ elog "/etc/security/pam_abl.conf as needed."
+}
diff --git a/sys-auth/pam_abl/pam_abl-0.5.0.ebuild b/sys-auth/pam_abl/pam_abl-0.5.0.ebuild
new file mode 100644
index 00000000000..a2a2792e559
--- /dev/null
+++ b/sys-auth/pam_abl/pam_abl-0.5.0.ebuild
@@ -0,0 +1,44 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+MY_PN="${PN/_/-}"
+MY_P="${MY_PN}-${PV}"
+
+inherit flag-o-matic pam cmake-utils db-use multilib
+
+DESCRIPTION="PAM module for blacklisting of hosts and users on repeated failed authentication attempts"
+HOMEPAGE="http://pam-abl.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${MY_PN}/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND=">=sys-libs/pam-0.78-r2
+ >=sys-libs/db-4.2.52_p2"
+RDEPEND="${DEPEND}"
+
+S="${WORKDIR}/${MY_PN}"
+
+src_configure() {
+ pammod_hide_symbols
+
+ local mycmakeargs=(
+ -DDB_INCLUDE_DIR=$(db_includedir)
+ -DDB_LINK_DIR=/usr/$(get_libdir)
+ -DDB_LIBRARY=$(db_libname)
+ )
+ cmake-utils_src_configure
+}
+
+src_install() {
+ cmake-utils_src_install
+ dodir $(getpam_mod_dir)
+ mv "${D}"/usr/lib/security/*.so "${D}"/"$(getpam_mod_dir)" || die
+
+ dodoc doc/*.txt README
+}
diff --git a/sys-auth/pam_abl/pam_abl-0.6.0.ebuild b/sys-auth/pam_abl/pam_abl-0.6.0.ebuild
new file mode 100644
index 00000000000..d8335d40b2f
--- /dev/null
+++ b/sys-auth/pam_abl/pam_abl-0.6.0.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+MY_PN="${PN/_/-}"
+MY_P="${MY_PN}-${PV}"
+
+inherit flag-o-matic pam cmake-utils db-use multilib
+
+DESCRIPTION="PAM module for blacklisting of hosts and users on repeated failed authentication attempts"
+HOMEPAGE="http://pam-abl.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${MY_PN}/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND=">=sys-libs/pam-0.78-r2
+ >=sys-libs/db-4.2.52_p2"
+RDEPEND="${DEPEND}"
+
+S=${WORKDIR}
+
+src_configure() {
+ pammod_hide_symbols
+
+ local mycmakeargs=(
+ -DDB_INCLUDE_DIR=$(db_includedir)
+ -DDB_LINK_DIR=/usr/$(get_libdir)
+ -DDB_LIBRARY=$(db_libname)
+ )
+ cmake-utils_src_configure
+}
+
+src_install() {
+ cmake-utils_src_install
+ dodir $(getpam_mod_dir)
+ mv "${D}"/usr/lib/security/*.so "${D}"/"$(getpam_mod_dir)" || die
+
+ dodoc doc/*.txt README
+}
+
+pkg_preinst() {
+ if has_version "~${CATEGORY}/${PN}-0.5.0" ; then
+ ewarn "Note: the 0.5.0 release named the module 'pam-abl.so' by accident; this version"
+ ewarn "fixes that and uses 'pam_abl.so' again. Please update your config files."
+ fi
+}
diff --git a/sys-auth/pam_bioapi/Manifest b/sys-auth/pam_bioapi/Manifest
new file mode 100644
index 00000000000..d73be86a78f
--- /dev/null
+++ b/sys-auth/pam_bioapi/Manifest
@@ -0,0 +1 @@
+DIST pam_bioapi-0.4.0.tar.gz 383529 SHA256 635df4a27c3f9485a2eabbc672f0cf2771a96756792b5f4078481f2df9bceb8c SHA512 fb2527b44ec8070fdc7a32fd1e272a6b98095fba827365f5427ae5fe6a5681b2f3be246ac34aaeb313d776890bd122c25ba68a58d9a728e68e4b341842dcb6d3 WHIRLPOOL 2c12463c8d248b3be7c110a7257dc3ec662dfef012099bc3ec4fb8527c1e1c22b1c9a438a279545efdc95de63eefa09637d7b97278d5a6233e78f2b7810a99ae
diff --git a/sys-auth/pam_bioapi/files/pam_bioapi-0.4.0-headers.patch b/sys-auth/pam_bioapi/files/pam_bioapi-0.4.0-headers.patch
new file mode 100644
index 00000000000..d5acc4db61b
--- /dev/null
+++ b/sys-auth/pam_bioapi/files/pam_bioapi-0.4.0-headers.patch
@@ -0,0 +1,27 @@
+fix building with -O0
+
+http://code.google.com/p/pam-bioapi/issues/detail?id=3
+http://bugs.gentoo.org/241322
+
+fix building with newer glibc
+
+https://bugs.gentoo.org/512106
+
+--- libpam_bioapi/pam_bioapi.h
++++ libpam_bioapi/pam_bioapi.h
+@@ -19,6 +19,7 @@
+ #include <sys/stat.h>
+ #include <sys/types.h> /* defines 'uid_t', etc. */
+
++#include <sys/resource.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include "earray.h"
+@@ -23,6 +23,7 @@
+ #include <sys/wait.h>
+ #include "earray.h"
+
++#include <locale.h>
+ #include <libintl.h> /* gnu gettext support */
+ #define _(String) gettext (String)
+
diff --git a/sys-auth/pam_bioapi/metadata.xml b/sys-auth/pam_bioapi/metadata.xml
new file mode 100644
index 00000000000..dfc162ec95d
--- /dev/null
+++ b/sys-auth/pam_bioapi/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>vapier@gentoo.org</email>
+ <name>Mike Frysinger</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="google-code">pam-bioapi</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam_bioapi/pam_bioapi-0.4.0-r1.ebuild b/sys-auth/pam_bioapi/pam_bioapi-0.4.0-r1.ebuild
new file mode 100644
index 00000000000..91880d6ae79
--- /dev/null
+++ b/sys-auth/pam_bioapi/pam_bioapi-0.4.0-r1.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit eutils
+
+DESCRIPTION="PAM interface to bioapi package"
+HOMEPAGE="http://code.google.com/p/pam-bioapi/"
+SRC_URI="http://pam-bioapi.googlecode.com/files/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="x86"
+IUSE=""
+
+DEPEND="sys-auth/bioapi
+ sys-libs/pam
+ dev-db/sqlite"
+RDEPEND="${DEPEND}
+ sys-auth/tfm-fingerprint"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/${P}-headers.patch #241322
+ sed -i \
+ -e 's/-version-info 0:4:0/-avoid-version/' \
+ libpam_bioapi/Makefile.in #261598
+ sed -i \
+ -e 's:@prefix@::' \
+ -e '/pam_unix.so/s:.*:auth include system-auth:' \
+ etc/pam.d/{bioapi_chbird,test-pam_bioapi}.in #261598
+}
+
+src_compile() {
+ econf --sbindir=/sbin || die
+ emake || die
+}
+
+src_install() {
+ emake install DESTDIR="${D}" || die
+ dodoc AUTHORS ChangeLog NEWS README TODO
+
+ dodir /$(get_libdir)
+ mv "${D}"/usr/$(get_libdir)/security "${D}"/$(get_libdir)/ || die
+ rm -f "${D}"/$(get_libdir)/security/*.la
+}
diff --git a/sys-auth/pam_bioapi/pam_bioapi-0.4.0.ebuild b/sys-auth/pam_bioapi/pam_bioapi-0.4.0.ebuild
new file mode 100644
index 00000000000..519c3cddde1
--- /dev/null
+++ b/sys-auth/pam_bioapi/pam_bioapi-0.4.0.ebuild
@@ -0,0 +1,41 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit eutils toolchain-funcs
+
+DESCRIPTION="PAM interface to bioapi package"
+HOMEPAGE="http://code.google.com/p/pam-bioapi/"
+SRC_URI="http://pam-bioapi.googlecode.com/files/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="x86"
+IUSE=""
+
+DEPEND="sys-auth/bioapi
+ sys-libs/pam
+ dev-db/sqlite"
+RDEPEND="${DEPEND}
+ sys-auth/tfm-fingerprint"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/${P}-headers.patch #241322
+}
+
+src_compile() {
+ econf --sbindir=/sbin || die
+ emake || die
+}
+
+src_install() {
+ emake install DESTDIR="${D}" || die
+ dodoc AUTHORS ChangeLog NEWS README TODO
+
+ dodir /$(get_libdir)
+ mv "${D}"/usr/$(get_libdir)/{lib*.so*,security} "${D}"/$(get_libdir)/ || die
+ rm -f "${D}"/$(get_libdir)/security/*.la
+ gen_usr_ldscript libbirdb.so libbirdb_sqlite3.so
+}
diff --git a/sys-auth/pam_blue/Manifest b/sys-auth/pam_blue/Manifest
new file mode 100644
index 00000000000..0b704a2eb99
--- /dev/null
+++ b/sys-auth/pam_blue/Manifest
@@ -0,0 +1 @@
+DIST pam_blue-0.9.0.tar.bz2 251688 SHA256 4ff0f6528d29ae77cf890defcbaf16ee2065dc85fe8edd2e6e53d48e7f27b535 SHA512 f611b6e3b509d2b917dd15a82f6fa3219ce554cdbf3bd224981c740bb3161dea67db9275b9bc13cd54644e0cb546eb2bb32dbff7e510170a0911b40d81f2d620 WHIRLPOOL 51a9d6f920b3420187c29a009020d4a9aa3f2598a8ce07bd440e871ab4e493e09bce3cb4cf2d6cef63e734be20f29b1ee2ea2aa0ed6f14add7aa9704f23a8eec
diff --git a/sys-auth/pam_blue/files/pam_blue-0.9.0-bad-log.patch b/sys-auth/pam_blue/files/pam_blue-0.9.0-bad-log.patch
new file mode 100644
index 00000000000..5f2a2628e4b
--- /dev/null
+++ b/sys-auth/pam_blue/files/pam_blue-0.9.0-bad-log.patch
@@ -0,0 +1,11 @@
+--- a/src/bluepmain.c
++++ b/src/bluepmain.c
+@@ -88,7 +88,7 @@
+
+ if ( (lst = parse_rc()) == NULL) { /* something goes wrong (no config file, ...) */
+ user = NULL;
+- syslog (LOG_ERR, "Can't parse configuration file [%s]!" CONFIG_FILE);
++ syslog (LOG_ERR, "Can't parse configuration file [%s]!", CONFIG_FILE);
+ return PAM_AUTH_ERR;
+ }
+
diff --git a/sys-auth/pam_blue/files/pam_blue-0.9.0-char-locales.patch b/sys-auth/pam_blue/files/pam_blue-0.9.0-char-locales.patch
new file mode 100644
index 00000000000..40d2810f486
--- /dev/null
+++ b/sys-auth/pam_blue/files/pam_blue-0.9.0-char-locales.patch
@@ -0,0 +1,17 @@
+https://bugs.gentoo.org/412941
+
+fix matching in various locales
+
+patch by Leho Kraav <leho@kraav.com>
+
+--- a/src/lexer.l
++++ b/src/lexer.l
+@@ -28,7 +28,7 @@
+ bluemac { return BLUEMAC; }
+ @ { return AT;}
+ ; { return SEMICOLON; }
+-[a-zA-Z][a-zA-Z0-9_]* { yylval.word = (char *) strdup(yytext); return WORD; }
++[[:alpha:]][[:alnum:]_-]* { yylval.word = (char *) strdup(yytext); return WORD; }
+ {HXDIGD}{HXDIGD}{HXDIG} { yylval.word = (char *) strdup(yytext); return MAC; }
+ [0-9][0-9]* { yylval.value = atoi(yytext); return DIGIT; }
+ = { return EQUAL; }
diff --git a/sys-auth/pam_blue/metadata.xml b/sys-auth/pam_blue/metadata.xml
new file mode 100644
index 00000000000..faf0bf05443
--- /dev/null
+++ b/sys-auth/pam_blue/metadata.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>pam</herd>
+ <longdescription lang="en">
+ Bluepam is an extension for the common pam modules, give the user the
+ ability for authenticaten via a bluetooth compatible device like a cell
+ phone or various other bluetooth dongles (e.g. epox-presenter). Due to the
+ fact that a whole part of the bluetooth stack is implemented in hardware it
+ is relatively difficult to change the bluetoth hardware mac address which
+ makes this module more secure.
+ </longdescription>
+</pkgmetadata>
diff --git a/sys-auth/pam_blue/pam_blue-0.9.0-r1.ebuild b/sys-auth/pam_blue/pam_blue-0.9.0-r1.ebuild
new file mode 100644
index 00000000000..82adfeb0a31
--- /dev/null
+++ b/sys-auth/pam_blue/pam_blue-0.9.0-r1.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit pam autotools multilib
+
+DESCRIPTION="Linux PAM module providing ability to authenticate via a bluetooth compatible device"
+HOMEPAGE="http://pam.0xdef.net/"
+SRC_URI="http://pam.0xdef.net/source/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="virtual/pam
+ net-wireless/bluez"
+RDEPEND="${DEPEND}"
+
+S=${WORKDIR}/${PN}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-char-locales.patch #412941
+ epatch "${FILESDIR}"/${P}-bad-log.patch
+ mv configure.{in,ac} || die
+ eautoreconf
+}
+
+src_configure() {
+ econf --libdir="$(getpam_mod_dir)"
+}
+
+src_install() {
+ # manual install to avoid sandbox violation and installing useless .la file
+ dopammod src/.libs/pam_blue.so
+ newpamsecurity . data/sample.conf bluesscan.conf.sample
+
+ dodoc AUTHORS NEWS README ChangeLog
+ doman doc/${PN}.7
+}
+
+pkg_postinst() {
+ elog "For configuration info, see /etc/security/bluesscan.conf.sample"
+ elog "http://pam.0xdef.net/doc.html and http://pam.0xdef.net/faq.html"
+ elog "Edit the file as required and copy/rename to bluesscan.conf when done."
+}
diff --git a/sys-auth/pam_blue/pam_blue-0.9.0.ebuild b/sys-auth/pam_blue/pam_blue-0.9.0.ebuild
new file mode 100644
index 00000000000..c9a78ed1185
--- /dev/null
+++ b/sys-auth/pam_blue/pam_blue-0.9.0.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit pam autotools multilib
+
+DESCRIPTION="Linux PAM module providing ability to authenticate via a bluetooth compatible device"
+HOMEPAGE="http://pam.0xdef.net/"
+SRC_URI="http://pam.0xdef.net/source/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="virtual/pam
+ net-wireless/bluez"
+RDEPEND="${DEPEND}"
+
+S=${WORKDIR}/${PN}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ eautoreconf
+}
+
+src_compile() {
+ econf --libdir="$(getpam_mod_dir)"
+ emake || die "emake failed"
+}
+
+src_install() {
+ # manual install to avoid sandbox violation and installing useless .la file
+ dopammod src/.libs/pam_blue.so
+ newpamsecurity . data/sample.conf bluesscan.conf.sample
+
+ dodoc AUTHORS NEWS README ChangeLog
+ doman doc/${PN}.7
+}
+
+pkg_postinst() {
+ elog "For configuration info, see /etc/security/bluesscan.conf.sample"
+ elog "http://pam.0xdef.net/doc.html and http://pam.0xdef.net/faq.html"
+ elog "Edit the file as required and copy/rename to bluesscan.conf when done."
+}
diff --git a/sys-auth/pam_chroot/Manifest b/sys-auth/pam_chroot/Manifest
new file mode 100644
index 00000000000..837749b30a3
--- /dev/null
+++ b/sys-auth/pam_chroot/Manifest
@@ -0,0 +1 @@
+DIST pam_chroot-0.9.2.tar.bz2 15657 SHA256 101bd0e175c16f7410fdf6a4c04e4015283411efe92790f614f0e0c43cc05ce5
diff --git a/sys-auth/pam_chroot/metadata.xml b/sys-auth/pam_chroot/metadata.xml
new file mode 100644
index 00000000000..24210a5eee4
--- /dev/null
+++ b/sys-auth/pam_chroot/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>pam</herd>
+ <upstream>
+ <remote-id type="sourceforge">pam-chroot</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam_chroot/pam_chroot-0.9.2.ebuild b/sys-auth/pam_chroot/pam_chroot-0.9.2.ebuild
new file mode 100644
index 00000000000..827977aff80
--- /dev/null
+++ b/sys-auth/pam_chroot/pam_chroot-0.9.2.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit toolchain-funcs pam flag-o-matic eutils
+
+DESCRIPTION="Linux-PAM module that allows a user to be chrooted in auth, account, or session"
+HOMEPAGE="http://sourceforge.net/projects/pam-chroot/"
+SRC_URI="mirror://sourceforge/pam-chroot/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE=""
+
+DEPEND="virtual/pam
+ !<sys-libs/pam-0.99"
+RDEPEND="${DEPEND}"
+
+doecho() {
+ echo "$@"
+ "$@" || die
+}
+
+src_compile() {
+ # using the Makefile would require patching it to work properly, so
+ # rather simply re-create it here.
+ doecho $(tc-getCC) ${LDFLAGS} -shared -fPIC ${CFLAGS} ${PN}.c -o ${PN}.so -lpam
+}
+
+src_install() {
+ dopammod pam_chroot.so
+ dopamsecurity . chroot.conf
+
+ dodoc CREDITS README.history TROUBLESHOOTING options || die "dodoc failed"
+}
diff --git a/sys-auth/pam_dotfile/Manifest b/sys-auth/pam_dotfile/Manifest
new file mode 100644
index 00000000000..d75afa539d7
--- /dev/null
+++ b/sys-auth/pam_dotfile/Manifest
@@ -0,0 +1,2 @@
+DIST pam_dotfile-0.7.tar.gz 229009 SHA256 88e99da6aaecec19ea294eb10bcb432f1ce506d1ca53d416ea74bb165a3a4534 SHA512 544160068af2c6a488271d36cfae43340d4d7801702aef629ba781dff12b99334bc76ec14396783d0a9823d0f976c847335fe8b1b07cbbb6e43d0bd658ff7500 WHIRLPOOL 528f41b15955d196d1be39a58d014e094d34dd57ed2681c22618407f34a849bd26cf07b3450c78dbd850b2d8b1d8700520c61f8299d5a17bee81b6c43bfd0030
+DIST pam_dotfile-patches-1.tar.bz2 2172 SHA256 fa78ddf1bc2c4938925a8bb71be2705d8a38904c1693b0bbb9f2f3c5f4e8dc5b SHA512 a6b29361e089f7223c3f915320a921b5f20603a16673d518300ea458a816360950a76a4f8e1842040f7b0e676d4c67c6de2586640c2bb4638a4e63138b78600a WHIRLPOOL 1fc23a8169d3cd020aae43f59f6fa2866553e61cc7e26a60c7ea5b091fd66b13c1a8f0e05525b92a5a5ab590263d3d10d82faec97e5f3a4fbdba4a927755f130
diff --git a/sys-auth/pam_dotfile/files/pam_dotfile-0.7-gentoo.patch b/sys-auth/pam_dotfile/files/pam_dotfile-0.7-gentoo.patch
new file mode 100644
index 00000000000..023f86553c3
--- /dev/null
+++ b/sys-auth/pam_dotfile/files/pam_dotfile-0.7-gentoo.patch
@@ -0,0 +1,157 @@
+diff --git a/configure.ac b/configure.ac
+index 4730bdf..b8d8747 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -44,16 +44,26 @@ CFLAGS="$CFLAGS -L/lib"
+ # Checks for libraries.
+ AC_CHECK_HEADER([security/pam_modules.h],, [AC_MSG_ERROR([*** Sorry, you have to install the PAM development files ***])])
+
+-LIBS="$LIBS -ldl -lpam -lpam_misc"
+-
+-case "$host" in
+- *-*-linux*)
+- PAM_MODDIR="/lib/security"
+- ;;
+- *)
+- PAM_MODDIR="/usr/lib"
+- ;;
+-esac
++AC_CHECK_HEADERS([security/_pam_macros.h security/pam_misc.h security/openpam.h])
++
++AC_CHECK_LIB([pam], [pam_start])
++AC_CHECK_LIB([pam_misc], [misc_conv])
++
++AC_ARG_WITH([pammoddir],
++ AC_HELP_STRING([--with-pammoddir], [Install module in specified directory]),
++ [
++ PAM_MODDIR=$withval
++ ], [
++ case "$host" in
++ *-*-linux*)
++ PAM_MODDIR="/lib/security"
++ ;;
++ *)
++ PAM_MODDIR="/usr/lib"
++ ;;
++ esac
++ ])
++
+ AC_SUBST(PAM_MODDIR)
+
+ # Checks for header files.
+@@ -64,7 +74,7 @@ AC_FUNC_LSTAT
+ AC_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK
+ AC_FUNC_VPRINTF
+
+-AC_CHECK_HEADERS([fcntl.h limits.h syslog.h termios.h])
++AC_CHECK_HEADERS([fcntl.h limits.h syslog.h termios.h sys/types.h])
+ AC_HEADER_STDC
+ AC_HEADER_SYS_WAIT
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 2905b7c..e7e47d2 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -22,7 +22,7 @@ moduledir = @PAM_MODDIR@
+ module_LTLIBRARIES = pam_dotfile.la
+
+ pam_dotfile_la_SOURCES = pam_dotfile.c md5.c md5util.c md5.h md5util.h log.c log.h common.c common.h
+-pam_dotfile_la_LDFLAGS = -module -avoid-version
++pam_dotfile_la_LDFLAGS = -module -avoid-version -export-symbols-regex '^pam_'
+ pam_dotfile_la_CFLAGS = $(AM_CFLAGS)
+
+ sbin_PROGRAMS = pam-dotfile-helper
+diff --git a/src/common.h b/src/common.h
+index ef34cf3..6a57116 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -21,7 +21,10 @@
+ ***/
+
+ #include <security/pam_modules.h>
+-#include <security/_pam_macros.h>
++#include <security/pam_appl.h>
++#ifdef HAVE_SECURITY__PAM_MACROS_H
++# include <security/_pam_macros.h>
++#endif
+
+ typedef struct context {
+ int opt_debug;
+diff --git a/src/pam-dotfile-helper.c b/src/pam-dotfile-helper.c
+index 04c73de..1c09b18 100644
+--- a/src/pam-dotfile-helper.c
++++ b/src/pam-dotfile-helper.c
+@@ -23,6 +23,14 @@
+ #include <signal.h>
+ #include <pwd.h>
+
++#ifdef HAVE_CONFIG_H
++# include <config.h>
++#endif
++
++#ifdef HAVE_SYS_TYPES_H
++# include <sys/types.h>
++#endif
++
+ #include "common.h"
+ #include "log.h"
+
+diff --git a/src/pam_dotfile.c b/src/pam_dotfile.c
+index 405f494..183aafd 100644
+--- a/src/pam_dotfile.c
++++ b/src/pam_dotfile.c
+@@ -29,11 +29,19 @@
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <fcntl.h>
++#include <stdlib.h>
+
+ #define PAM_SM_AUTH
+
+ #include <security/pam_modules.h>
+-#include <security/_pam_macros.h>
++#include <security/pam_appl.h>
++#ifdef HAVE_SECURITY__PAM_MACROS_H
++# include <security/_pam_macros.h>
++#endif
++
++#ifndef x_strdup
++# define x_strdup(s) ( (s) ? strdup(s):NULL )
++#endif
+
+ #include "md5.h"
+ #include "md5util.h"
+diff --git a/src/pamtest.c b/src/pamtest.c
+index 171e601..6583de1 100644
+--- a/src/pamtest.c
++++ b/src/pamtest.c
+@@ -19,11 +19,28 @@
+
+ #include <stdio.h>
+
++#ifdef HAVE_CONFIG_H
++# include <config.h>
++#endif
++
+ #include <security/pam_appl.h>
+-#include <security/pam_misc.h>
++
++#ifdef HAVE_SECURITY_PAM_MISC_H
++# include <security/pam_misc.h>
++#endif
++
++#ifdef HAVE_SECURITY_OPENPAM_H
++# include <security/openpam.h>
++#endif
+
+ int main(int argc, char*argv[]) {
++#ifdef HAVE_LIBPAM_MISC
+ static struct pam_conv pc = { misc_conv, NULL };
++#elif defined(_OPENPAM)
++ static struct pam_conv pc = { openpam_nullconv, NULL };
++#else
++ static struct pam_conv pc = { NULL };
++#endif
+ pam_handle_t *ph = NULL;
+ int r, ret;
+ char *username, *procname, *service;
diff --git a/sys-auth/pam_dotfile/metadata.xml b/sys-auth/pam_dotfile/metadata.xml
new file mode 100644
index 00000000000..55ce0267ecc
--- /dev/null
+++ b/sys-auth/pam_dotfile/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>pam</herd>
+ <maintainer>
+ <email>pam-bugs@gentoo.org</email>
+ </maintainer>
+ <upstream>
+ <remote-id type="github">gentoo/pam_dotfile</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam_dotfile/pam_dotfile-0.7-r1.ebuild b/sys-auth/pam_dotfile/pam_dotfile-0.7-r1.ebuild
new file mode 100644
index 00000000000..03258521861
--- /dev/null
+++ b/sys-auth/pam_dotfile/pam_dotfile-0.7-r1.ebuild
@@ -0,0 +1,53 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit eutils pam autotools
+
+MY_P="${P/_beta/beta}"
+S="${WORKDIR}/${MY_P}"
+
+PATCHLEVEL="1"
+DESCRIPTION="pam module to allow password-storing in \$HOME/dotfiles"
+HOMEPAGE="http://0pointer.de/lennart/projects/pam_dotfile/"
+SRC_URI="http://0pointer.de/lennart/projects/pam_dotfile/${MY_P}.tar.gz
+ http://digilander.libero.it/dgp85/gentoo/${PN}-patches-${PATCHLEVEL}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ppc x86"
+IUSE="doc"
+
+RDEPEND="virtual/pam"
+DEPEND="${RDEPEND}
+ doc? ( www-client/lynx )"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ EPATCH_SUFFIX="patch" epatch ${WORKDIR}/${PV}
+
+ AT_M4DIR="${WORKDIR}/${PV}/m4" eautoreconf
+}
+
+src_compile() {
+ local myconf
+
+ econf \
+ $(use_enable doc lynx) \
+ "--with-pammoddir=$(getpam_mod_dir)" \
+ || die
+ emake || die
+}
+
+src_install() {
+ make -C src DESTDIR="${D}" install || die "make -C src install failed"
+ make -C man DESTDIR="${D}" install || die "make -C src install failed"
+
+ rm -f "${D}"/$(getpam_mod_dir)/pam_dotfile.la
+ fperms 4111 /usr/sbin/pam-dotfile-helper
+
+ dodoc README
+ dohtml doc/*
+}
diff --git a/sys-auth/pam_dotfile/pam_dotfile-0.7-r2.ebuild b/sys-auth/pam_dotfile/pam_dotfile-0.7-r2.ebuild
new file mode 100644
index 00000000000..b0497df2e87
--- /dev/null
+++ b/sys-auth/pam_dotfile/pam_dotfile-0.7-r2.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils pam autotools autotools-utils
+
+MY_P="${P/_beta/beta}"
+S="${WORKDIR}/${MY_P}"
+
+DESCRIPTION="pam module to allow password-storing in \$HOME/dotfiles"
+HOMEPAGE="http://0pointer.de/lennart/projects/pam_dotfile/
+ https://github.com/gentoo/pam_dotfile/"
+SRC_URI="http://0pointer.de/lennart/projects/pam_dotfile/${MY_P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="amd64 ppc x86"
+IUSE="doc"
+
+RDEPEND="virtual/pam"
+DEPEND="${RDEPEND}
+ doc? ( www-client/lynx )"
+
+HTML_DOCS="doc"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-gentoo.patch
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ $(use_enable doc lynx)
+ --with-pammoddir=$(getpam_mod_dir)
+ )
+ autotools-utils_src_configure
+}
+
+src_install() {
+ autotools-utils_src_install
+
+ # kill the libtool archives
+ rm -rf "${D}"/$(getpam_mod_dir)/*.la
+}
diff --git a/sys-auth/pam_fprint/Manifest b/sys-auth/pam_fprint/Manifest
new file mode 100644
index 00000000000..3a734b1ed09
--- /dev/null
+++ b/sys-auth/pam_fprint/Manifest
@@ -0,0 +1 @@
+DIST pam_fprint-0.2.tar.bz2 72781 SHA256 57cba8a951d4127e5be4c3b2ced0c1c6fac0201a08c833f1644f0ea2e3fa8a72 SHA512 c860488efabfd6301b4e19596e15545bbcb1a15f79bfd7c61a357ef47cf0a621ec0d15328d5be30f7ef045813e18333bd0aea7fb8fcb06681007dcacca6396fd WHIRLPOOL 6a9025b6db956300de2b0dcb9b52452680c562c1b54d161d183221281dfb375f07a24b022227755a7aa4ce13113b3387d2d3bd9d0a94a9f35a52df95eebca6b2
diff --git a/sys-auth/pam_fprint/files/pam_fprint-0.2-headers.patch b/sys-auth/pam_fprint/files/pam_fprint-0.2-headers.patch
new file mode 100644
index 00000000000..9ff6e551ee8
--- /dev/null
+++ b/sys-auth/pam_fprint/files/pam_fprint-0.2-headers.patch
@@ -0,0 +1,12 @@
+Add definition of free and setenv, Michael Weber <xmw@gentoo.org> Oct 18th, 2010
+
+--- pam_fprint-0.2/src/pam_fprint.c
++++ pam_fprint-0.2/src/pam_fprint.c
+@@ -22,6 +22,7 @@
+ #include <sys/types.h>
+ #include <pwd.h>
+ #include <string.h>
++#include <stdlib.h>
+
+ #include <fprint.h>
+
diff --git a/sys-auth/pam_fprint/metadata.xml b/sys-auth/pam_fprint/metadata.xml
new file mode 100644
index 00000000000..4d5fc9b2d75
--- /dev/null
+++ b/sys-auth/pam_fprint/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>xmw@gentoo.org</email>
+ <name>Michael Weber</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="sourceforge">fprint</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam_fprint/pam_fprint-0.2-r1.ebuild b/sys-auth/pam_fprint/pam_fprint-0.2-r1.ebuild
new file mode 100644
index 00000000000..17f9f4e7a61
--- /dev/null
+++ b/sys-auth/pam_fprint/pam_fprint-0.2-r1.ebuild
@@ -0,0 +1,31 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=3
+
+inherit eutils pam
+
+DESCRIPTION="a simple PAM module which uses libfprint's functionality for authentication"
+HOMEPAGE="http://www.reactivated.net/fprint/wiki/Pam_fprint"
+SRC_URI="mirror://sourceforge/fprint/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ia64 ppc ppc64 sparc x86"
+IUSE=""
+
+RDEPEND="sys-auth/libfprint
+ sys-libs/pam"
+DEPEND="${RDEPEND}"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-headers.patch
+}
+
+src_install() {
+ dopammod src/${PN}.so || die
+ newbin src/pamtest pamtest.fprint || die
+ dobin src/pam_fprint_enroll || die
+ dodoc AUTHORS ChangeLog NEWS README || die
+}
diff --git a/sys-auth/pam_keystore/Manifest b/sys-auth/pam_keystore/Manifest
new file mode 100644
index 00000000000..b6d3dba2081
--- /dev/null
+++ b/sys-auth/pam_keystore/Manifest
@@ -0,0 +1 @@
+DIST pam_keystore-0.1.3.tar.bz2 5894 SHA256 edc8bafd89cc8e5a18b23ce521beaba250fcfd4a53d8c2bdab4d17b77058f493
diff --git a/sys-auth/pam_keystore/metadata.xml b/sys-auth/pam_keystore/metadata.xml
new file mode 100644
index 00000000000..81ada335fc9
--- /dev/null
+++ b/sys-auth/pam_keystore/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>pam</herd>
+</pkgmetadata>
diff --git a/sys-auth/pam_keystore/pam_keystore-0.1.3.ebuild b/sys-auth/pam_keystore/pam_keystore-0.1.3.ebuild
new file mode 100644
index 00000000000..f64c830a455
--- /dev/null
+++ b/sys-auth/pam_keystore/pam_keystore-0.1.3.ebuild
@@ -0,0 +1,32 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit pam toolchain-funcs
+
+DESCRIPTION="Keeps a login and the password the user in the kernel"
+HOMEPAGE="http://www.calculate-linux.org/main/en/pam_keystore"
+SRC_URI="ftp://ftp.calculate.ru/pub/calculate/${PN}/${P}.tar.bz2"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE=""
+
+DEPEND="virtual/pam
+ >=sys-apps/keyutils-1.1"
+RDEPEND="${DEPEND}"
+
+src_compile() {
+ emake \
+ CC="$(tc-getCC)" \
+ LD_D="$(tc-getCC) -shared ${LDFLAGS}" \
+ CFLAGS="-fPIC ${CFLAGS}" \
+ SHARE= \
+ || die "make failed"
+}
+
+src_install() {
+ dopammod pam_keystore.so || die
+ newdoc README README.ru || die
+}
diff --git a/sys-auth/pam_krb5/Manifest b/sys-auth/pam_krb5/Manifest
new file mode 100644
index 00000000000..12f6830db29
--- /dev/null
+++ b/sys-auth/pam_krb5/Manifest
@@ -0,0 +1,2 @@
+DIST pam-krb5-4.6.tar.gz 528901 SHA256 dbd7887bc3be9d0962719df53ff67209b27fedc64104fb2a0956a72f809640dd SHA512 d5dbd735f4d1e55ba0a09c22945bbb2bacc54942544f1cace186cd9d2e669923933af7ac448a566211486beda03c384abda2a0cc146294b0cb1f6d53403b7a60 WHIRLPOOL 4556c845d92d3e8182381234989fc452fcd8993b45e489269172e3c45902b98a0c4a378da8485ae85aaf27ffa8d24dc3c9d4cfcee7ca3922080af8b4cb9603f0
+DIST pam-krb5-4.7.tar.gz 557325 SHA256 9b4ff52d0456939a0fe6d6676a965a6c2351d9f2c011de8402bfc12c547a7412 SHA512 b6f5a4788a4e809f21ef3e89fff50c76679ac8e7d10bc2617275e06e84ce7bd8a02089ff7682ec64827d45409c968c469a0dca730d676ad2db082e09b9dd31ce WHIRLPOOL a9833e1d1650878c79a7385aa50c73462d0546ddda73868ad4b84544df044203b9601a4d22ed718a8c9a9d2897738450be23fbb98c871ecf0e60fc6bef7d7ccb
diff --git a/sys-auth/pam_krb5/metadata.xml b/sys-auth/pam_krb5/metadata.xml
new file mode 100644
index 00000000000..e8a4773c1a0
--- /dev/null
+++ b/sys-auth/pam_krb5/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>kerberos</herd>
+ <maintainer>
+ <email>pam-bugs@gentoo.org</email>
+ </maintainer>
+ <maintainer>
+ <email>eras@gentoo.org</email>
+ <name>Eray Aslan</name>
+ </maintainer>
+</pkgmetadata>
diff --git a/sys-auth/pam_krb5/pam_krb5-4.6.ebuild b/sys-auth/pam_krb5/pam_krb5-4.6.ebuild
new file mode 100644
index 00000000000..e3cbc8fe992
--- /dev/null
+++ b/sys-auth/pam_krb5/pam_krb5-4.6.ebuild
@@ -0,0 +1,35 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit multilib
+
+DESCRIPTION="Kerberos 5 PAM Authentication Module"
+HOMEPAGE="http://www.eyrie.org/~eagle/software/pam-krb5"
+SRC_URI="http://archives.eyrie.org/software/kerberos/pam-krb5-${PV}.tar.gz"
+
+LICENSE="|| ( BSD-2 GPL-2 )"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86 ~amd64-fbsd"
+IUSE=""
+
+DEPEND="virtual/krb5
+ virtual/pam"
+
+RDEPEND="${DEPEND}"
+
+S="${WORKDIR}/${P/_/-}"
+
+src_configure() {
+ econf \
+ --libdir=/$(get_libdir)
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ dodoc NEWS README TODO
+
+ rm "${D}/$(get_libdir)/security/pam_krb5.la"
+}
diff --git a/sys-auth/pam_krb5/pam_krb5-4.7.ebuild b/sys-auth/pam_krb5/pam_krb5-4.7.ebuild
new file mode 100644
index 00000000000..f1291889704
--- /dev/null
+++ b/sys-auth/pam_krb5/pam_krb5-4.7.ebuild
@@ -0,0 +1,34 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit multilib
+
+DESCRIPTION="Kerberos 5 PAM Authentication Module"
+HOMEPAGE="http://www.eyrie.org/~eagle/software/pam-krb5"
+SRC_URI="http://archives.eyrie.org/software/kerberos/pam-krb5-${PV}.tar.gz"
+
+LICENSE="|| ( BSD-2 GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd"
+IUSE=""
+
+DEPEND="virtual/krb5
+ virtual/pam"
+
+RDEPEND="${DEPEND}"
+
+S="${WORKDIR}/${P/_/-}"
+
+src_configure() {
+ econf \
+ --libdir=/$(get_libdir)
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ dodoc NEWS README TODO
+
+ rm "${D}/$(get_libdir)/security/pam_krb5.la"
+}
diff --git a/sys-auth/pam_ldap/Manifest b/sys-auth/pam_ldap/Manifest
new file mode 100644
index 00000000000..1b6e73edf09
--- /dev/null
+++ b/sys-auth/pam_ldap/Manifest
@@ -0,0 +1,3 @@
+DIST pam_ldap-183.tar.gz 127500 SHA256 aabce29413280efc992ba10f16ec8ab3c1bf06feebebf598d3b625ad36a715d0 SHA512 ad1ec398904c54f31aa71d3b59ecbdf4af14c590077f9e683d87fa3940f4e20aab7e1bd59eac7a9bfb985e30c1ea04a1569aa2dc2dfc39d8ccec8b871cc032c7 WHIRLPOOL b20fc273e1b0c97e51d10d7e7f8f706b28e896842e3d65638aa2cc304fe88f1cadc6d76271e9e49fa17d4a8ca4ad8ef1c7bc44701a7bf6a6eddb81cf37c2d0b3
+DIST pam_ldap-184.tar.gz 128053 SHA256 2dd4df6bfddd80580af599dbfb631f907d796df478c22949af4552eaf750c6f3
+DIST pam_ldap-186.tar.gz 163437 SHA256 c8fe22d559d5a3f528b24eb97175085f188c0f11ade337a868590ac0e0716453 SHA512 aaa6fbc48150db53bf92dcf600bcb8f0526baa2e6124f46468f59958c8a91495eb003d16a45b659c8cbb2d3481c4732a0d1f5945a2c98c09549ef8a51ed18a3d WHIRLPOOL c5024e94a1c93eb701cc5b9694e401cd5e03d33ca8fa5043d70c1b35fa092e916e89c206d8c2eb635410e32a6a1059705d23ca541a0e4c47efa42605b88258d0
diff --git a/sys-auth/pam_ldap/metadata.xml b/sys-auth/pam_ldap/metadata.xml
new file mode 100644
index 00000000000..b3bf86cd59b
--- /dev/null
+++ b/sys-auth/pam_ldap/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>pam</herd>
+<maintainer>
+<email>pam-bugs@gentoo.org</email>
+</maintainer>
+</pkgmetadata>
diff --git a/sys-auth/pam_ldap/pam_ldap-183.ebuild b/sys-auth/pam_ldap/pam_ldap-183.ebuild
new file mode 100644
index 00000000000..26d0b176c65
--- /dev/null
+++ b/sys-auth/pam_ldap/pam_ldap-183.ebuild
@@ -0,0 +1,42 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit eutils pam autotools
+
+DESCRIPTION="PAM LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/pam_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+LICENSE="|| ( GPL-2 LGPL-2 )"
+SLOT="0"
+KEYWORDS="alpha amd64 hppa ~mips ppc ppc64 sparc x86"
+IUSE="ssl sasl"
+DEPEND=">=sys-libs/glibc-2.1.3
+ >=sys-libs/pam-0.72
+ >=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )"
+
+src_unpack() {
+ unpack ${A}
+ #EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-176-fix-referral-tls.patch
+
+ cd "${S}"
+ eautoreconf
+}
+
+src_compile() {
+ econf --with-ldap-lib=openldap `use_enable ssl` || die
+ emake || die
+}
+
+src_install() {
+ dopammod pam_ldap.so
+
+ dodoc pam.conf ldap.conf ldapns.schema chsh chfn certutil
+ dodoc ChangeLog CVSVersionInfo.txt README AUTHORS ns-pwd-policy.schema
+ doman pam_ldap.5
+
+ docinto pam.d
+ dodoc pam.d/*
+}
diff --git a/sys-auth/pam_ldap/pam_ldap-184.ebuild b/sys-auth/pam_ldap/pam_ldap-184.ebuild
new file mode 100644
index 00000000000..81553da9589
--- /dev/null
+++ b/sys-auth/pam_ldap/pam_ldap-184.ebuild
@@ -0,0 +1,42 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit eutils pam autotools
+
+DESCRIPTION="PAM LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/pam_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+LICENSE="|| ( GPL-2 LGPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="ssl sasl"
+DEPEND=">=sys-libs/glibc-2.1.3
+ >=sys-libs/pam-0.72
+ >=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )"
+
+src_unpack() {
+ unpack ${A}
+ #EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-176-fix-referral-tls.patch
+
+ cd "${S}"
+ eautoreconf
+}
+
+src_compile() {
+ econf --with-ldap-lib=openldap `use_enable ssl` || die
+ emake || die
+}
+
+src_install() {
+ dopammod pam_ldap.so
+
+ dodoc pam.conf ldap.conf ldapns.schema chsh chfn certutil
+ dodoc ChangeLog CVSVersionInfo.txt README AUTHORS ns-pwd-policy.schema
+ doman pam_ldap.5
+
+ docinto pam.d
+ dodoc pam.d/*
+}
diff --git a/sys-auth/pam_ldap/pam_ldap-186-r1.ebuild b/sys-auth/pam_ldap/pam_ldap-186-r1.ebuild
new file mode 100644
index 00000000000..74ef49e2e29
--- /dev/null
+++ b/sys-auth/pam_ldap/pam_ldap-186-r1.ebuild
@@ -0,0 +1,54 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils multilib-minimal pam
+
+DESCRIPTION="PAM LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/pam_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+LICENSE="|| ( GPL-2 LGPL-2 )"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 sparc x86 ~x86-fbsd"
+IUSE="ssl sasl"
+
+DEPEND="|| ( >=sys-libs/glibc-2.1.3 >=sys-freebsd/freebsd-lib-9.1 )
+ >=virtual/pam-0-r1[${MULTILIB_USEDEP}]
+ >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}]
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r3[${MULTILIB_USEDEP}] )"
+RDEPEND="${DEPEND}
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+multilib_src_configure() {
+ local myconf=(
+ --with-ldap-lib=openldap
+ $(use_enable ssl)
+ )
+ use sasl || myconf+=( ac_cv_header_sasl_sasl_h=no )
+
+ ECONF_SOURCE=${S} \
+ econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ PERL5LIB=${S} \
+ emake
+}
+
+multilib_src_install() {
+ dopammod pam_ldap.so
+}
+
+multilib_src_install_all() {
+ dodoc pam.conf ldap.conf ldapns.schema chsh chfn certutil
+ dodoc ChangeLog CVSVersionInfo.txt README AUTHORS ns-pwd-policy.schema
+ doman pam_ldap.5
+
+ docinto pam.d
+ dodoc pam.d/*
+}
diff --git a/sys-auth/pam_ldap/pam_ldap-186.ebuild b/sys-auth/pam_ldap/pam_ldap-186.ebuild
new file mode 100644
index 00000000000..3ff2bfb7b1a
--- /dev/null
+++ b/sys-auth/pam_ldap/pam_ldap-186.ebuild
@@ -0,0 +1,40 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit eutils pam
+
+DESCRIPTION="PAM LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/pam_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+LICENSE="|| ( GPL-2 LGPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="ssl sasl"
+DEPEND="|| ( >=sys-libs/glibc-2.1.3 >=sys-freebsd/freebsd-lib-9.1 )
+ virtual/pam
+ >=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )"
+
+src_unpack() {
+ unpack ${A}
+
+ cd "${S}"
+}
+
+src_compile() {
+ econf --with-ldap-lib=openldap `use_enable ssl` || die
+ emake || die
+}
+
+src_install() {
+ dopammod pam_ldap.so
+
+ dodoc pam.conf ldap.conf ldapns.schema chsh chfn certutil
+ dodoc ChangeLog CVSVersionInfo.txt README AUTHORS ns-pwd-policy.schema
+ doman pam_ldap.5
+
+ docinto pam.d
+ dodoc pam.d/*
+}
diff --git a/sys-auth/pam_mktemp/Manifest b/sys-auth/pam_mktemp/Manifest
new file mode 100644
index 00000000000..95cf3aaf4a6
--- /dev/null
+++ b/sys-auth/pam_mktemp/Manifest
@@ -0,0 +1 @@
+DIST pam_mktemp-1.1.1.tar.gz 6754 SHA256 66cf80c18439ca3456db96402f2eeac14b1a0503cc1d1be7f2b16d5f079f3f3d SHA512 e2e42115a1fe70c128397d842dc69f96863d721dfa886ebc21b5e8249333adc671d74213ecf1222d65417cd4747eb6114f515271fd7eac4376a2b7e28925996d WHIRLPOOL 3d59873ffad85de82c385a3d5f6c221a2fac061463bc85c176e401ba2456995b21448ba9b6518a876763753a654d880c5a4e723e123c5a5e10ecdf005cd0c7e4
diff --git a/sys-auth/pam_mktemp/files/pam_mktemp-1.1.1-e2fsprogs-libs.patch b/sys-auth/pam_mktemp/files/pam_mktemp-1.1.1-e2fsprogs-libs.patch
new file mode 100644
index 00000000000..34e1a8591f7
--- /dev/null
+++ b/sys-auth/pam_mktemp/files/pam_mktemp-1.1.1-e2fsprogs-libs.patch
@@ -0,0 +1,49 @@
+Index: pam_mktemp-1.1.1/pam_mktemp.c
+===================================================================
+--- pam_mktemp-1.1.1.orig/pam_mktemp.c
++++ pam_mktemp-1.1.1/pam_mktemp.c
+@@ -55,7 +55,7 @@
+ */
+ # include <fcntl.h>
+ # include <sys/ioctl.h>
+-# include <ext2fs/ext2_fs.h>
++# include <linux/fs.h>
+ #else
+ # undef USE_APPEND_FL
+ #endif /* HAVE_APPEND_FL */
+@@ -88,7 +88,7 @@ static int ext2fs_chflags(const char *na
+ if ((fd = open(name, O_RDONLY)) < 0)
+ return -1;
+
+- if (ioctl(fd, EXT2_IOC_GETFLAGS, &old_flags)) {
++ if (ioctl(fd, FS_IOC_GETFLAGS, &old_flags)) {
+ if ((errno == ENOTTY) /* Inappropriate ioctl for device */
+ || (errno == ENOSYS)) /* Function not implemented */
+ errno = EOPNOTSUPP;
+@@ -98,7 +98,7 @@ static int ext2fs_chflags(const char *na
+
+ new_flags = (old_flags | set) & ~clear;
+ if (new_flags != old_flags)
+- retval = ioctl(fd, EXT2_IOC_SETFLAGS, &new_flags);
++ retval = ioctl(fd, FS_IOC_SETFLAGS, &new_flags);
+
+ if (close(fd))
+ retval = -1;
+@@ -233,7 +233,7 @@ PAM_EXTERN int pam_sm_open_session(pam_h
+ */
+
+ #ifdef USE_APPEND_FL
+- ext2fs_chflags(PRIVATE_PREFIX, EXT2_APPEND_FL, 0);
++ ext2fs_chflags(PRIVATE_PREFIX, FS_APPEND_FL, 0);
+ #endif /* USE_APPEND_FL */
+
+ userdir = malloc(strlen(PRIVATE_PREFIX) + strlen(user) + 2);
+@@ -260,7 +260,7 @@ PAM_EXTERN int pam_sm_open_session(pam_h
+ } else {
+ /* Don't let the append-only flag get inherited
+ * from the parent directory. */
+- if (ext2fs_chflags(userdir, 0, EXT2_APPEND_FL) &&
++ if (ext2fs_chflags(userdir, 0, FS_APPEND_FL) &&
+ errno != EOPNOTSUPP)
+ goto out;
+ #endif /* HAVE_APPEND_FL */
diff --git a/sys-auth/pam_mktemp/metadata.xml b/sys-auth/pam_mktemp/metadata.xml
new file mode 100644
index 00000000000..d7c694df620
--- /dev/null
+++ b/sys-auth/pam_mktemp/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>pam</herd>
+<maintainer>
+<email>swegener@gentoo.org</email>
+</maintainer>
+<use>
+<flag name='prevent-removal'>If supported, set EXT2_APPEND_FL on /tmp/.private to prevent temporary directories from being removed</flag>
+</use>
+</pkgmetadata>
diff --git a/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild b/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild
new file mode 100644
index 00000000000..f394073b6e1
--- /dev/null
+++ b/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+inherit toolchain-funcs pam eutils
+
+DESCRIPTION="Create per-user private temporary directories during login"
+HOMEPAGE="http://www.openwall.com/pam/"
+SRC_URI="http://www.openwall.com/pam/modules/${PN}/${P}.tar.gz"
+
+LICENSE="BSD-2" # LICENSE file says "heavily cut-down 'BSD license'"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="selinux +prevent-removal"
+
+RDEPEND="virtual/pam
+ selinux? ( sys-libs/libselinux )"
+DEPEND="${RDEPEND}
+ prevent-removal? ( sys-kernel/linux-headers )"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-e2fsprogs-libs.patch
+}
+
+src_compile() {
+ emake \
+ CC="$(tc-getCC)" \
+ CFLAGS="${CFLAGS} -fPIC" \
+ LDFLAGS="${LDFLAGS} --shared -Wl,--version-script,\$(MAP)" \
+ USE_SELINUX="$(use selinux && echo 1 || echo 0)" \
+ USE_APPEND_FL="$(use prevent-removal && echo 1 || echo 0)"
+}
+
+src_install() {
+ dopammod pam_mktemp.so
+ dodoc README
+}
+
+pkg_postinst() {
+ elog "To enable pam_mktemp put something like"
+ elog
+ elog "session optional pam_mktemp.so"
+ elog
+ elog "into /etc/pam.d/system-auth!"
+}
diff --git a/sys-auth/pam_mount/Manifest b/sys-auth/pam_mount/Manifest
new file mode 100644
index 00000000000..d6183382f99
--- /dev/null
+++ b/sys-auth/pam_mount/Manifest
@@ -0,0 +1,2 @@
+DIST pam_mount-2.14.tar.xz 312776 SHA256 6f66cbb34568875772d854d3f2a8948f97f3f1c7f30e3ea2474e1d4b227adcf9 SHA512 621fc13f01c625bb0c8cb9ac1b7bcfd9851f239b37c4479eb9ff958ad2b7f00698df32e32893558119f486e2e5fa05514f6e8e34498359c432db75706cc2477e WHIRLPOOL 6d4f74067e73cb61cb777d8125c2d4bb4e41510e4ec031b23f00cc3eb06c70312b6c53d785c2a4e3509a16fa1880b726bb165e3a81ba27b16d820180a776b30e
+DIST pam_mount-2.15.tar.xz 312076 SHA256 a54efb4a8e8dd52c77b15cd36d9354b4733bb9b4cae75083801c18e67fc12a24 SHA512 97252f3b65b1d1a42168b515c384a118e9f06fa68e2ceb9213cfc8ec4b967c52f2cb58742ebe117d7f5764551a371b7f71322a3de5f2912fc8722253081d77a4 WHIRLPOOL bbaacf839861d70e4fafdce07aad1f7fb35eb8c18cbd8d37520c60ff38cc8e21af428a0348a35d6ff134a5e198add201fb81b632832abd8ef75f04f8b3ce29e5
diff --git a/sys-auth/pam_mount/metadata.xml b/sys-auth/pam_mount/metadata.xml
new file mode 100644
index 00000000000..d4f01ee52fe
--- /dev/null
+++ b/sys-auth/pam_mount/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>hanno@gentoo.org</email>
+ </maintainer>
+ <maintainer>
+ <email>mattst88@gentoo.org</email>
+ <name>Matt Turner</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="sourceforge">pam-mount</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam_mount/pam_mount-2.14.ebuild b/sys-auth/pam_mount/pam_mount-2.14.ebuild
new file mode 100644
index 00000000000..d7cefddfe63
--- /dev/null
+++ b/sys-auth/pam_mount/pam_mount-2.14.ebuild
@@ -0,0 +1,42 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit multilib
+
+DESCRIPTION="A PAM module that can mount volumes for a user session"
+HOMEPAGE="http://pam-mount.sourceforge.net"
+SRC_URI="mirror://sourceforge/pam-mount/${P}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="amd64 ppc x86"
+
+IUSE="crypt ssl selinux"
+
+COMMON_DEPEND=">=sys-libs/pam-0.99
+ >=sys-libs/libhx-3.12.1
+ >=dev-libs/libxml2-2.6
+ crypt? ( >=sys-fs/cryptsetup-1.1.0 )
+ ssl? ( >=dev-libs/openssl-0.9.8 )
+ selinux? ( sys-libs/libselinux )"
+DEPEND="${COMMON_DEPEND}
+ virtual/pkgconfig
+ app-arch/xz-utils"
+RDEPEND="${COMMON_DEPEND}
+ >=sys-apps/util-linux-2.20"
+
+src_configure() {
+ econf --with-slibdir="/$(get_libdir)" \
+ $(use_with crypt cryptsetup) \
+ $(use_with ssl crypto) \
+ $(use_with selinux)
+}
+
+src_install() {
+ default
+ use selinux || rm -r "${D}"/etc/selinux
+ dodoc doc/*.txt
+}
diff --git a/sys-auth/pam_mount/pam_mount-2.15.ebuild b/sys-auth/pam_mount/pam_mount-2.15.ebuild
new file mode 100644
index 00000000000..8a97aaa49bb
--- /dev/null
+++ b/sys-auth/pam_mount/pam_mount-2.15.ebuild
@@ -0,0 +1,41 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit multilib
+
+DESCRIPTION="A PAM module that can mount volumes for a user session"
+HOMEPAGE="http://pam-mount.sourceforge.net"
+SRC_URI="mirror://sourceforge/pam-mount/${P}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="amd64 ppc x86"
+
+IUSE="crypt ssl selinux"
+
+COMMON_DEPEND=">=sys-libs/pam-0.99
+ >=sys-libs/libhx-3.12.1
+ >=dev-libs/libxml2-2.6
+ crypt? ( >=sys-fs/cryptsetup-1.1.0 )
+ ssl? ( >=dev-libs/openssl-0.9.8 )
+ selinux? ( sys-libs/libselinux )"
+DEPEND="${COMMON_DEPEND}
+ virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+ >=sys-apps/util-linux-2.20"
+
+src_configure() {
+ econf --with-slibdir="/$(get_libdir)" \
+ $(use_with crypt cryptsetup) \
+ $(use_with ssl crypto) \
+ $(use_with selinux)
+}
+
+src_install() {
+ default
+ use selinux || rm -r "${D}"/etc/selinux
+ dodoc doc/*.txt
+}
diff --git a/sys-auth/pam_mysql/Manifest b/sys-auth/pam_mysql/Manifest
new file mode 100644
index 00000000000..0a9d6512e7a
--- /dev/null
+++ b/sys-auth/pam_mysql/Manifest
@@ -0,0 +1 @@
+DIST pam_mysql-0.7RC1.tar.gz 335240 SHA256 cb3cf89b9b51cb196ee8d731f85acbab72b4878a3a7c4183c5534161d4385ce7 SHA512 c057999c62d29dfa7a07db9a8d33d0cf0377dae4770c73019bd85f67c9c92fc9dac36fa606739162a5f7b0f9fbd849e5833fee827febfe4af883b8c2ddbd8b4f WHIRLPOOL 4d47d4be6c95ad70705884f2023975a719d06915ac41738d7c28ceff2d57e0c58187b52314e1f11e0e4bcfe3b3471525a3e97591d653342847f1d2ed66ecdc57
diff --git a/sys-auth/pam_mysql/files/pam_mysql-0.7_rc1-link-to-pam.diff b/sys-auth/pam_mysql/files/pam_mysql-0.7_rc1-link-to-pam.diff
new file mode 100644
index 00000000000..0b32b37e9e0
--- /dev/null
+++ b/sys-auth/pam_mysql/files/pam_mysql-0.7_rc1-link-to-pam.diff
@@ -0,0 +1,9 @@
+--- pam_mysql-0.7RC1/Makefile.am 2005-09-20 07:43:44.000000000 +0200
++++ pam_mysql-0.7RC1-1/Makefile.am 2011-09-13 09:21:53.198200066 +0200
+@@ -3,5 +3,6 @@
+ noinst_FILES=pam_mysql.la pam_mysql.a
+ pam_mysql_la_SOURCES=pam_mysql.c
+ pam_mysql_la_LDFLAGS=-module -avoid-version
++pam_mysql_la_LIBADD=-lpam
+ INCLUDES=@INCLUDES@
+ EXTRA_DIST=COPYING NEWS README CREDITS ChangeLog INSTALL pam_mysql.spec.in install-sh missing mkinstalldirs pkg.m4 pam_mysql.spec
diff --git a/sys-auth/pam_mysql/files/pam_mysql-0.7_rc1-memleak.diff b/sys-auth/pam_mysql/files/pam_mysql-0.7_rc1-memleak.diff
new file mode 100644
index 00000000000..e746be72029
--- /dev/null
+++ b/sys-auth/pam_mysql/files/pam_mysql-0.7_rc1-memleak.diff
@@ -0,0 +1,10 @@
+--- pam_mysql-0.7RC1/pam_mysql.c 2006-01-09 11:35:59.000000000 +0100
++++ pam_mysql-0.7RC1-1/pam_mysql.c 2011-10-18 20:26:38.655425994 +0200
+@@ -2338,6 +2338,7 @@
+ }
+
+ mysql_close(ctx->mysql_hdl);
++ mysql_library_end();
+
+ xfree(ctx->mysql_hdl);
+ ctx->mysql_hdl = NULL;
diff --git a/sys-auth/pam_mysql/metadata.xml b/sys-auth/pam_mysql/metadata.xml
new file mode 100644
index 00000000000..54820a93fe8
--- /dev/null
+++ b/sys-auth/pam_mysql/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>mysql</herd>
+ <use>
+ <flag name="openssl">Use OpenSSL for md5 and sha1 support</flag>
+ </use>
+ <upstream>
+ <remote-id type="sourceforge">pam-mysql</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam_mysql/pam_mysql-0.7_rc1-r4.ebuild b/sys-auth/pam_mysql/pam_mysql-0.7_rc1-r4.ebuild
new file mode 100644
index 00000000000..a7c79a131e1
--- /dev/null
+++ b/sys-auth/pam_mysql/pam_mysql-0.7_rc1-r4.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+inherit autotools libtool pam eutils
+
+DESCRIPTION="pam_mysql is a module for pam to authenticate users with mysql"
+HOMEPAGE="http://pam-mysql.sourceforge.net/"
+
+SRC_URI="mirror://sourceforge/pam-mysql/${P/_rc/RC}.tar.gz"
+DEPEND=">=sys-libs/pam-0.72 virtual/mysql"
+RDEPEND="${DEPEND}"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 ppc ~sparc x86"
+IUSE="openssl"
+S="${WORKDIR}/${P/_rc/RC}"
+
+src_prepare() {
+ epatch "${FILESDIR}/${P}-link-to-pam.diff"
+ epatch "${FILESDIR}/${P}-memleak.diff"
+ eautoreconf
+ elibtoolize
+}
+
+src_configure() {
+ econf $(use_with openssl)
+}
+
+src_compile() {
+ emake || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" libdir="$(getpam_mod_dir)" install || die "install failed"
+ rm "${D}/$(getpam_mod_dir)/pam_mysql.la" || die "Failed to remove pam_mysql.la"
+ dodoc CREDITS ChangeLog NEWS README
+}
diff --git a/sys-auth/pam_mysql/pam_mysql-0.7_rc1-r5.ebuild b/sys-auth/pam_mysql/pam_mysql-0.7_rc1-r5.ebuild
new file mode 100644
index 00000000000..8d0f58c0261
--- /dev/null
+++ b/sys-auth/pam_mysql/pam_mysql-0.7_rc1-r5.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit autotools-utils pam
+
+DESCRIPTION="pam_mysql is a module for pam to authenticate users with mysql"
+HOMEPAGE="http://pam-mysql.sourceforge.net/"
+
+SRC_URI="mirror://sourceforge/pam-mysql/${P/_rc/RC}.tar.gz"
+DEPEND="
+ openssl? ( dev-libs/openssl:0= )
+ >=sys-libs/pam-0.72:0=
+ virtual/mysql:0=
+ "
+RDEPEND="${DEPEND}"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 ppc sparc x86"
+IUSE="openssl"
+S="${WORKDIR}/${P/_rc/RC}"
+
+PATCHES=(
+ "${FILESDIR}/${P}-link-to-pam.diff"
+ "${FILESDIR}/${P}-memleak.diff"
+ )
+DOCS=( CREDITS ChangeLog NEWS README )
+AUTOTOOLS_AUTORECONF="yes"
+AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules"
+
+src_prepare() {
+ # Update autotools deprecated file name and macro for bug 468750
+ mv configure.in configure.ac || die "configure rename failed"
+ sed -i s/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/ configure.ac || die "sed failed"
+ autotools-utils_src_prepare
+}
+
+src_configure() {
+ local myeconfargs=( $(use_with openssl) )
+ autotools-utils_src_configure
+}
+
+src_install() {
+ autotools-utils_src_install libdir="$(getpam_mod_dir)"
+}
diff --git a/sys-auth/pam_p11/Manifest b/sys-auth/pam_p11/Manifest
new file mode 100644
index 00000000000..3273bd3800b
--- /dev/null
+++ b/sys-auth/pam_p11/Manifest
@@ -0,0 +1 @@
+DIST pam_p11-0.1.5.tar.gz 348181 SHA256 74da875467c4ba156f7cb7eaec0718f92dded03f40db3c6c0423c03f44d9f25a SHA512 848c4671daa535db67c16b2eedc0495ed68cedeffe5a8c657310ff10fcfd17d2a8b4708f343b4b7b17498953ad47fdc133eb7ea885f94f795b29ff3973ceea12 WHIRLPOOL 462aa436e09669976fea5080157ef5d1dd4ce57baa7e807ea3e8443c7c2058827c5cfd51f59687aab4263973317e2d2a12b511b440607df0d752ba73add7fc42
diff --git a/sys-auth/pam_p11/files/pam_symbols.ver b/sys-auth/pam_p11/files/pam_symbols.ver
new file mode 100644
index 00000000000..dbc677b77a2
--- /dev/null
+++ b/sys-auth/pam_p11/files/pam_symbols.ver
@@ -0,0 +1,4 @@
+{
+ global: pam_sm_*;
+ local: *;
+};
diff --git a/sys-auth/pam_p11/metadata.xml b/sys-auth/pam_p11/metadata.xml
new file mode 100644
index 00000000000..241f5bf2327
--- /dev/null
+++ b/sys-auth/pam_p11/metadata.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>crypto</herd>
+ <herd>pam</herd>
+ <upstream>
+ <remote-id type="sourceforge">opensc</remote-id>
+ <remote-id type="github">opensc/pam_p11</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam_p11/pam_p11-0.1.5-r1.ebuild b/sys-auth/pam_p11/pam_p11-0.1.5-r1.ebuild
new file mode 100644
index 00000000000..8795db62a44
--- /dev/null
+++ b/sys-auth/pam_p11/pam_p11-0.1.5-r1.ebuild
@@ -0,0 +1,43 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+
+inherit pam flag-o-matic
+
+DESCRIPTION="PAM module for authenticating against PKCS#11 tokens"
+HOMEPAGE="https://github.com/opensc/pam_p11/wiki"
+SRC_URI="mirror://sourceforge/opensc/${PN}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86"
+IUSE=""
+
+RDEPEND="virtual/pam
+ dev-libs/libp11
+ dev-libs/openssl"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+src_configure() {
+ # hide all the otherwise-exported symbols that may clash with
+ # other software loading the PAM modules (see bug #274924 as an
+ # example).
+ append-ldflags -Wl,--version-script="${FILESDIR}"/pam_symbols.ver
+
+ econf \
+ --disable-static \
+ --disable-dependency-tracking \
+ --enable-fast-install \
+ || die
+}
+
+src_install() {
+ dopammod src/.libs/pam_p11_opensc.so
+ dopammod src/.libs/pam_p11_openssh.so
+
+ dohtml doc/*.html doc/*.css || die
+ dodoc NEWS || die
+}
diff --git a/sys-auth/pam_passwdqc/Manifest b/sys-auth/pam_passwdqc/Manifest
new file mode 100644
index 00000000000..5735f02749a
--- /dev/null
+++ b/sys-auth/pam_passwdqc/Manifest
@@ -0,0 +1,2 @@
+DIST pam_passwdqc-1.0.4.tar.gz 30572 SHA256 192d0eb131f203fd809c371751aa1a670df044190b56444b1e6576d8c8672cb6
+DIST pam_passwdqc-1.0.5.tar.gz 29973 SHA256 32528ddf7d8219c788b6e7702361611ff16c6340b6dc0f418ff164aadc4a4a88 SHA512 8ae6cb4cc520b06b05fadf60ac360964721a8a1e4481aff9cd7247c203e62b58d3aed4c14ba687b303de820689e0f5cdcf070fd396b7e13b0aae4cc5d1442235 WHIRLPOOL 78876bfcb8cf9225f393b5ad3edfb1b603f4a53d5c9f34856cffb838cacc97e270b94e14774e67f419599bbee0eb532bc62b32aa78f3e10f48ad8668cceb9008
diff --git a/sys-auth/pam_passwdqc/files/pam_passwdqc-1.0.4-makefile.patch b/sys-auth/pam_passwdqc/files/pam_passwdqc-1.0.4-makefile.patch
new file mode 100644
index 00000000000..13f8bd435dd
--- /dev/null
+++ b/sys-auth/pam_passwdqc/files/pam_passwdqc-1.0.4-makefile.patch
@@ -0,0 +1,44 @@
+Index: pam_passwdqc-1.0.4/Makefile
+===================================================================
+--- pam_passwdqc-1.0.4.orig/Makefile
++++ pam_passwdqc-1.0.4/Makefile
+@@ -7,11 +7,11 @@ LD = $(CC)
+ RM = rm -f
+ MKDIR = mkdir -p
+ INSTALL = install -c
+-CFLAGS = -Wall -fPIC -O2
+-LDFLAGS = -s --shared
+-LDFLAGS_LINUX = -s --shared -Wl,--version-script,$(MAP)
+-LDFLAGS_SUN = -s -G
+-LDFLAGS_HP = -s -b
++CFLAGS = -Wall -fPIC $(OPTCFLAGS)
++LDFLAGS_GENERIC = --shared
++LDFLAGS_LINUX = --shared -Wl,--version-script,$(MAP)
++LDFLAGS_SUN = -G
++LDFLAGS_HP = -b
+ LDLIBS = -lpam -lcrypt
+ LDLIBS_LINUX = -lpam -lcrypt
+ LDLIBS_SUN = -lpam -lcrypt
+@@ -41,18 +41,18 @@ MAP = pam_passwdqc.map
+ all:
+ if [ "`uname -s`" = "Linux" ]; then \
+ $(MAKE) CFLAGS="$(CFLAGS) -DHAVE_SHADOW" \
+- LDFLAGS="$(LDFLAGS_LINUX)" LDLIBS="$(LDLIBS_LINUX)" \
++ LDFLAGS="$(LDFLAGS) $(LDFLAGS_LINUX)" LDLIBS="$(LDLIBS_LINUX)" \
+ $(PROJ); \
+ elif [ "`uname -s`" = "SunOS" ]; then \
+ $(MAKE) CFLAGS="$(CFLAGS) -DHAVE_SHADOW" \
+- LD=ld LDFLAGS="$(LDFLAGS_SUN)" LDLIBS="$(LDLIBS_SUN)" \
++ LD=ld LDFLAGS="$(LDFLAGS) $(LDFLAGS_SUN)" LDLIBS="$(LDLIBS_SUN)" \
+ $(PROJ); \
+ elif [ "`uname -s`" = "HP-UX" ]; then \
+ $(MAKE) CFLAGS="$(CFLAGS) -DHAVE_SHADOW" \
+- LD=ld LDFLAGS="$(LDFLAGS_HP)" LDLIBS="$(LDLIBS_HP)" \
++ LD=ld LDFLAGS="$(LDFLAGS) $(LDFLAGS_HP)" LDLIBS="$(LDLIBS_HP)" \
+ $(PROJ); \
+ else \
+- $(MAKE) $(PROJ); \
++ $(MAKE) LDFLAGS="$(LDFLAGS) $(LDFLAGS_GENERIC)" $(PROJ); \
+ fi
+
+ $(LIBSHARED): $(OBJS) $(MAP)
diff --git a/sys-auth/pam_passwdqc/files/pam_passwdqc-1.0.5-makefile.patch b/sys-auth/pam_passwdqc/files/pam_passwdqc-1.0.5-makefile.patch
new file mode 100644
index 00000000000..20375b76a38
--- /dev/null
+++ b/sys-auth/pam_passwdqc/files/pam_passwdqc-1.0.5-makefile.patch
@@ -0,0 +1,35 @@
+Index: pam_passwdqc-1.0.5/Makefile
+===================================================================
+--- pam_passwdqc-1.0.5.orig/Makefile
++++ pam_passwdqc-1.0.5/Makefile
+@@ -7,8 +7,8 @@ LD = $(CC)
+ RM = rm -f
+ MKDIR = mkdir -p
+ INSTALL = install -c
+-CFLAGS = -Wall -fPIC -O2
+-LDFLAGS = --shared
++CFLAGS = -Wall -fPIC -O2 $(OPTCFLAGS)
++LDFLAGS_GENERIC = --shared
+ LDFLAGS_LINUX = --shared -Wl,--version-script,$(MAP)
+ LDFLAGS_SUN = -G
+ LDFLAGS_HP = -b
+@@ -41,16 +41,16 @@ MAP = pam_passwdqc.map
+ all:
+ case "`uname -s`" in \
+ Linux) $(MAKE) CFLAGS="$(CFLAGS) -DHAVE_SHADOW" \
+- LDFLAGS="$(LDFLAGS_LINUX)" LDLIBS="$(LDLIBS_LINUX)" \
++ LDFLAGS="$(LDFLAGS) $(LDFLAGS_LINUX)" LDLIBS="$(LDLIBS_LINUX)" \
+ $(PROJ);; \
+ SunOS) $(MAKE) CFLAGS="$(CFLAGS) -DHAVE_SHADOW" \
+- LD=ld LDFLAGS="$(LDFLAGS_SUN)" LDLIBS="$(LDLIBS_SUN)" \
++ LD=ld LDFLAGS="$(LDFLAGS) $(LDFLAGS_SUN)" LDLIBS="$(LDLIBS_SUN)" \
+ $(PROJ);; \
+ HP-UX) $(MAKE) CFLAGS="$(CFLAGS) -DHAVE_SHADOW" \
+- LD=ld LDFLAGS="$(LDFLAGS_HP)" LDLIBS="$(LDLIBS_HP)" \
++ LD=ld LDFLAGS="$(LDFLAGS) $(LDFLAGS_HP)" LDLIBS="$(LDLIBS_HP)" \
+ $(PROJ);; \
+- *) $(MAKE) $(PROJ);; \
++ *) $(MAKE) LDFLAGS="$(LDFLAGS) $(LDFLAGS_GENERIC)" $(PROJ);; \
+ esac
+
+ $(LIBSHARED): $(OBJS) $(MAP)
diff --git a/sys-auth/pam_passwdqc/metadata.xml b/sys-auth/pam_passwdqc/metadata.xml
new file mode 100644
index 00000000000..21d4ed40d84
--- /dev/null
+++ b/sys-auth/pam_passwdqc/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>pam</herd>
+<maintainer>
+<email>pam-bugs@gentoo.org</email>
+</maintainer>
+<longdescription>
+ Password strength checking for PAM aware password changing programs. This is an alternative to the default cracklib.
+</longdescription>
+<longdescription lang="ja">
+ パスワード変更プログラムに反応する PAM のパスワード強度検査機能です。これはデフォルトの cracklib の代替です。
+</longdescription>
+</pkgmetadata>
diff --git a/sys-auth/pam_passwdqc/pam_passwdqc-1.0.4.ebuild b/sys-auth/pam_passwdqc/pam_passwdqc-1.0.4.ebuild
new file mode 100644
index 00000000000..90256f4aaff
--- /dev/null
+++ b/sys-auth/pam_passwdqc/pam_passwdqc-1.0.4.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit pam eutils toolchain-funcs
+
+DESCRIPTION="Password strength checking for PAM aware password changing programs"
+HOMEPAGE="http://www.openwall.com/passwdqc/"
+SRC_URI="http://www.openwall.com/pam/modules/pam_passwdqc/${P}.tar.gz"
+
+LICENSE="Openwall BSD public-domain"
+SLOT="0"
+KEYWORDS="alpha ~amd64 arm ~hppa m68k ~mips ppc s390 sh ~sparc x86"
+
+DEPEND="virtual/pam"
+RDEPEND="${DEPEND}"
+
+src_unpack() {
+ unpack ${A}
+
+ cd "${S}"
+ epatch "${FILESDIR}/${P}-makefile.patch"
+}
+
+src_compile() {
+ emake \
+ OPTCFLAGS="${CFLAGS}" \
+ CC="$(tc-getCC)" \
+ LD="$(tc-getCC)" \
+ || die "emake failed"
+}
+
+src_install() {
+ dopammod pam_passwdqc.so
+
+ doman pam_passwdqc.8
+ dodoc README PLATFORMS INTERNALS
+}
+
+pkg_postinst() {
+ elog
+ elog "To activate pam_passwdqc use pam_passwdqc.so instead"
+ elog "of pam_cracklib.so in /etc/pam.d/system-auth."
+ elog "Also, if you want to change the parameters, read up"
+ elog "on the pam_passwdqc(8) man page."
+ elog
+}
diff --git a/sys-auth/pam_passwdqc/pam_passwdqc-1.0.5.ebuild b/sys-auth/pam_passwdqc/pam_passwdqc-1.0.5.ebuild
new file mode 100644
index 00000000000..79ae91d2d5a
--- /dev/null
+++ b/sys-auth/pam_passwdqc/pam_passwdqc-1.0.5.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit pam eutils toolchain-funcs
+
+DESCRIPTION="Password strength checking for PAM aware password changing programs"
+HOMEPAGE="http://www.openwall.com/passwdqc/"
+SRC_URI="http://www.openwall.com/pam/modules/pam_passwdqc/${P}.tar.gz"
+
+LICENSE="Openwall BSD public-domain"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux"
+
+DEPEND="virtual/pam"
+RDEPEND="${DEPEND}"
+
+src_unpack() {
+ unpack ${A}
+
+ cd "${S}"
+ epatch "${FILESDIR}/${P}-makefile.patch"
+}
+
+src_compile() {
+ emake \
+ OPTCFLAGS="${CFLAGS}" \
+ CC="$(tc-getCC)" \
+ LD="$(tc-getCC)" \
+ || die "emake failed"
+}
+
+src_install() {
+ dopammod pam_passwdqc.so
+
+ doman pam_passwdqc.8
+ dodoc README PLATFORMS INTERNALS
+}
+
+pkg_postinst() {
+ elog
+ elog "To activate pam_passwdqc use pam_passwdqc.so instead"
+ elog "of pam_cracklib.so in /etc/pam.d/system-auth."
+ elog "Also, if you want to change the parameters, read up"
+ elog "on the pam_passwdqc(8) man page."
+ elog
+}
diff --git a/sys-auth/pam_passwdqc/pam_passwdqc-1.3.0.ebuild b/sys-auth/pam_passwdqc/pam_passwdqc-1.3.0.ebuild
new file mode 100644
index 00000000000..cbb3e8b9f2a
--- /dev/null
+++ b/sys-auth/pam_passwdqc/pam_passwdqc-1.3.0.ebuild
@@ -0,0 +1,15 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+DESCRIPTION="Stub ebuild to help migrate to newer package name"
+HOMEPAGE="http://www.openwall.com/passwdqc/"
+
+LICENSE="Openwall BSD public-domain"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux"
+
+DEPEND="sys-auth/passwdqc[pam]"
+RDEPEND="${DEPEND}"
diff --git a/sys-auth/pam_pkcs11/Manifest b/sys-auth/pam_pkcs11/Manifest
new file mode 100644
index 00000000000..092c4bcf285
--- /dev/null
+++ b/sys-auth/pam_pkcs11/Manifest
@@ -0,0 +1 @@
+DIST pam_pkcs11-0.6.8.tar.gz 1147059 SHA256 9d942e542ef35d0e1f990d9ff5bf9df0af84c828ed081add2eb1b4d84f0efbda SHA512 6759ddb27eecb9e4dfbaf5423fcbeeb03b1ae2200b772e32b105d12845c202e461088f70c71712f13e7150ff03f7714d1225a1e62ced005ca1a36872622d72ac WHIRLPOOL 175ef94f6d80abc1ef374d39835dab0ce6e10f062650540880d9a98b7899c87cdd1066f1abed6c9310ec9b6dba19cae9267674274b2a3ebe4a003ccc2f6a1b5d
diff --git a/sys-auth/pam_pkcs11/metadata.xml b/sys-auth/pam_pkcs11/metadata.xml
new file mode 100644
index 00000000000..4b954a4e72f
--- /dev/null
+++ b/sys-auth/pam_pkcs11/metadata.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>crypto</herd>
+ <herd>pam</herd>
+ <use>
+ <flag name="pcsc-lite">
+ Build the card_eventmanager binary used to detect card removal and lock the sessions. This
+ needs <pkg>sys-apps/pcsc-lite</pkg>.
+ </flag>
+ <flag name="nss">
+ Use Mozilla NSS (<pkg>dev-libs/nss</pkg>) as provider for PKCS#11 access, rather than using
+ OpenSSL with a custom implementation of the PKC#11 protocol.
+ </flag>
+ </use>
+ <upstream>
+ <remote-id type="sourceforge">opensc</remote-id>
+ <remote-id type="github">opensc/pam_pkcs11</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam_pkcs11/pam_pkcs11-0.6.8.ebuild b/sys-auth/pam_pkcs11/pam_pkcs11-0.6.8.ebuild
new file mode 100644
index 00000000000..3085ec3d1d7
--- /dev/null
+++ b/sys-auth/pam_pkcs11/pam_pkcs11-0.6.8.ebuild
@@ -0,0 +1,107 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit multilib pam
+
+DESCRIPTION="PKCS#11 PAM library"
+HOMEPAGE="https://github.com/opensc/pam_pkcs11/wiki"
+SRC_URI="mirror://sourceforge/opensc/${PN}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="curl ldap nss +pcsc-lite"
+
+RDEPEND="sys-libs/pam
+ curl? ( net-misc/curl )
+ ldap? ( net-nds/openldap )
+ nss? (
+ dev-libs/nss
+ curl? ( || ( net-misc/curl[-ssl] net-misc/curl[ssl,curl_ssl_nss] ) )
+ )
+ !nss? (
+ dev-libs/openssl
+ curl? ( || ( net-misc/curl[-ssl] net-misc/curl[ssl,-curl_ssl_nss] ) )
+ )
+ pcsc-lite? ( sys-apps/pcsc-lite )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+src_prepare() {
+ # Fix the example files to be somewhat decent, and usable as
+ # default configuration
+ sed -i \
+ -e '/try_first_pass/s:false:true:' \
+ -e '/debug =/s:true:false:' \
+ -e 's:\(/usr\|\${exec_prefix}\)/lib/:/usr/'$(get_libdir)/':g' \
+ etc/pam_pkcs11.conf.example.in \
+ etc/pkcs11_eventmgr.conf.example || die "sed failed"
+}
+
+src_configure() {
+ econf \
+ $(use_with curl) \
+ $(use_with pcsc-lite pcsclite) \
+ $(use_with ldap) \
+ $(use_with nss) \
+ --docdir=/usr/share/doc/${PF} \
+ --htmldir=/usr/share/doc/${PF}/html \
+ --disable-silent-rules
+}
+
+src_install() {
+ emake DESTDIR="${D}" pamdir="$(getpam_mod_dir)" install
+
+ # These are all dlopened plugins, so .la files are useless.
+ find "${D}" -name '*.la' -delete || die
+
+ dodoc AUTHORS ChangeLog ChangeLog.svn NEWS README TODO doc/README.*
+ dohtml doc/api/*
+
+ # Provide some basic configuration
+ keepdir /etc/pam_pkcs11{,/{cacerts,crl}}
+
+ insinto /etc/pam_pkcs11
+ newins etc/pam_pkcs11.conf.example pam_pkcs11.conf
+ newins etc/pkcs11_eventmgr.conf.example pkcs11_eventmgr.conf
+}
+
+pkg_config() {
+ local dir
+ for dir in "${EROOT}"etc/${PN}/{cacerts,crl}; do
+ pushd "${dir}" > /dev/null
+ ebegin "Creating hash links in '${dir}'"
+ "${EROOT}usr/bin/pkcs11_make_hash_link" || die
+ eend $?
+ popd > /dev/null
+ done
+}
+
+pkg_postinst() {
+ elog "For ${PN} to work you need a PKCS#11 provider, such as one of:"
+ elog " - dev-libs/opensc"
+ elog " - dev-libs/opencryptoki"
+ elog ""
+ elog "You probably want to configure the '${EROOT}etc/${PN}/${PN}.conf' file with"
+ elog "the settings for your pkcs11 provider."
+ elog ""
+ elog "You might also want to set up '${EROOT}etc/${PN}/pkcs11_eventmgr.conf' with"
+ elog "the settings for the event manager, and start it up at user login."
+}
+
+# TODO list!
+#
+# - we need to find a way allow the user to choose whether to start the
+# event manager at _all_ the logins, and if that's the case, lock all
+# kind of sessions (terminal _and_ X);
+# - upstream should probably migrate the configuration of the event
+# manager on a per-user basis, since it makes little sense to be _all_
+# system-level configuration;
+# - we should probably provide some better config support that ensures
+# the configuration to be valid, as well as creating the symlinks;
+# - we should probably add support for nss;
+# - we should move the configuration in /etc/security as for the rest
+# of PAM-related configuration.
diff --git a/sys-auth/pam_radius/Manifest b/sys-auth/pam_radius/Manifest
new file mode 100644
index 00000000000..a9b6965a56d
--- /dev/null
+++ b/sys-auth/pam_radius/Manifest
@@ -0,0 +1 @@
+DIST pam_radius-1.3.17.tar.gz 31341 SHA256 60ee863cbea797be46eff8b9d568af057c6e54335bdb19a6bd2cadde389d7dca SHA512 82fc1431e8fc18c389880da4f93490363af8acd605283a5923c531fede77f449324f1ac4850783355cc7d610b3ee73bd172c94d8b73800c3deaa649af4c41060 WHIRLPOOL 4f0ad918c4bbe7a74fb1b3b3a292842fd8610ae12b3f9d21895c02efade27833c9c85ff42efce03e7500b4389198bb198bc0ecc87555e745ef0f4841a25a7262
diff --git a/sys-auth/pam_radius/files/pam_radius-1.3.17-gentoo.patch b/sys-auth/pam_radius/files/pam_radius-1.3.17-gentoo.patch
new file mode 100644
index 00000000000..3e0b02f7020
--- /dev/null
+++ b/sys-auth/pam_radius/files/pam_radius-1.3.17-gentoo.patch
@@ -0,0 +1,27 @@
+diff -Nru pam_radius-1.3.17.orig/pam_radius_auth.c pam_radius-1.3.17/pam_radius_auth.c
+--- pam_radius-1.3.17.orig/pam_radius_auth.c 2007-03-26 11:36:13.000000000 +0200
++++ pam_radius-1.3.17/pam_radius_auth.c 2008-06-28 08:43:24.000000000 +0200
+@@ -1062,7 +1062,7 @@
+ pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc,CONST char **argv)
+ {
+ CONST char *user;
+- CONST char **userinfo;
++ CONST char *userinfo;
+ char *password = NULL;
+ CONST char *rhost;
+ char *resp2challenge = NULL;
+diff -Nru pam_radius-1.3.17.orig/USAGE pam_radius-1.3.17/USAGE
+--- pam_radius-1.3.17.orig/USAGE 2008-06-28 08:43:43.000000000 +0200
++++ pam_radius-1.3.17/USAGE 2008-06-28 08:42:57.000000000 +0200
+@@ -3,9 +3,9 @@
+
+ The pam configuration can be:
+ ...
+-auth sufficient /lib/security/pam_radius_auth.so [options]
++auth sufficient pam_radius_auth.so [options]
+ ...
+-account sufficient /lib/security/pam_radius_auth.so
++account sufficient pam_radius_auth.so
+
+ ---------------------------------------------------------------------------
+
diff --git a/sys-auth/pam_radius/files/server b/sys-auth/pam_radius/files/server
new file mode 100644
index 00000000000..4c31e60ae85
--- /dev/null
+++ b/sys-auth/pam_radius/files/server
@@ -0,0 +1,23 @@
+# This is pam_radius_auth configuration file.
+#
+# There are 3 fields per line in this file. There may be multiple
+# lines. Blank lines or lines beginning with '#' are treated as
+# comments, and are ignored. The fields are:
+#
+# server[:port] secret [timeout]
+#
+# the port name or number is optional. The default port name is
+# "radius", and is looked up from /etc/services The timeout field is
+# optional. The default timeout is 3 seconds.
+#
+# If multiple RADIUS server lines exist, they are tried in order. The
+# first server to return success or failure causes the module to return
+# success or failure. Only if a server fails to response is it skipped,
+# and the next server in turn is used.
+#
+# The timeout field controls how many seconds the module waits before
+# deciding that the server has failed to respond.
+#
+# server[:port] shared_secret timeout (s)
+# 127.0.0.1 secret 1
+# other-server other-secret 3
diff --git a/sys-auth/pam_radius/metadata.xml b/sys-auth/pam_radius/metadata.xml
new file mode 100644
index 00000000000..d8930ed10bc
--- /dev/null
+++ b/sys-auth/pam_radius/metadata.xml
@@ -0,0 +1,10 @@
+<?xml version = '1.0' encoding = 'UTF-8'?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>pam</herd>
+ <longdescription>
+ This is the PAM to RADIUS authentication module. It allows any
+ PAM-capable machine to become a RADIUS client for authentication
+ and accounting requests.
+ </longdescription>
+</pkgmetadata>
diff --git a/sys-auth/pam_radius/pam_radius-1.3.17-r1.ebuild b/sys-auth/pam_radius/pam_radius-1.3.17-r1.ebuild
new file mode 100644
index 00000000000..60cce2eb5c6
--- /dev/null
+++ b/sys-auth/pam_radius/pam_radius-1.3.17-r1.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils pam toolchain-funcs
+
+DESCRIPTION="PAM RADIUS authentication module"
+HOMEPAGE="http://www.freeradius.org/pam_radius_auth/"
+SRC_URI="ftp://ftp.freeradius.org/pub/radius/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="virtual/pam"
+RDEPEND="${DEPEND}"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-gentoo.patch
+}
+
+doecho() {
+ echo "$@"
+ "$@" || die
+}
+
+src_compile() {
+ # using the Makefile would require patching it to work properly, so
+ # rather simply re-create it here.
+
+ pammod_hide_symbols
+ doecho $(tc-getCC) ${CFLAGS} -shared -fPIC ${LDFLAGS} *.c -lpam -o pam_radius_auth.so
+}
+
+src_install() {
+ dopammod pam_radius_auth.so
+
+ insopts -m600
+ insinto /etc/raddb
+ doins "${FILESDIR}"/server
+
+ dodoc README Changelog USAGE
+}
+
+pkg_postinst() {
+ elog "Before you can use this you'll have to add RADIUS servers to /etc/raddb/server."
+ elog "The usage of pam_radius_auth module is explained in /usr/share/doc/${PF}/USAGE."
+}
diff --git a/sys-auth/pam_require/Manifest b/sys-auth/pam_require/Manifest
new file mode 100644
index 00000000000..7a095766023
--- /dev/null
+++ b/sys-auth/pam_require/Manifest
@@ -0,0 +1 @@
+DIST pam_require-0.7.tgz 84299 SHA256 91176b7587808862374ff6a8b7b30dd049cdb41d496e3528e02e3505e8037e96
diff --git a/sys-auth/pam_require/metadata.xml b/sys-auth/pam_require/metadata.xml
new file mode 100644
index 00000000000..fc75c070a28
--- /dev/null
+++ b/sys-auth/pam_require/metadata.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>maintainer-needed@gentoo.org</email>
+ </maintainer>
+</pkgmetadata>
diff --git a/sys-auth/pam_require/pam_require-0.7.ebuild b/sys-auth/pam_require/pam_require-0.7.ebuild
new file mode 100644
index 00000000000..880c202f961
--- /dev/null
+++ b/sys-auth/pam_require/pam_require-0.7.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit eutils pam
+
+DESCRIPTION="Allows you to require a special group or user to access a service"
+HOMEPAGE="http://www.splitbrain.org/projects/pam_require"
+SRC_URI="http://www.splitbrain.org/_media/projects/pamrequire/${P}.tgz"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ia64 ~ppc ~x86"
+IUSE=""
+
+DEPEND="virtual/pam"
+
+S=${WORKDIR}/${P/_/-}
+
+src_compile() {
+ ./configure --prefix=/ || die "econf failed"
+ emake || die "emake failed"
+}
+
+src_install() {
+ dopammod "${S}/pam_require.so"
+
+ dodoc AUTHORS ChangeLog NEWS README
+}
diff --git a/sys-auth/pam_skey/Manifest b/sys-auth/pam_skey/Manifest
new file mode 100644
index 00000000000..c08d83cf4b4
--- /dev/null
+++ b/sys-auth/pam_skey/Manifest
@@ -0,0 +1,2 @@
+DIST pam_skey-1.1.5-patches-6.tar.xz 9264 SHA256 a1e3f43a36cb570e0690394647912c7d51bb335326e1a74ea4f97cdf8c62854d SHA512 c777ed094efe9cbfb275cfb30d036e3a1bd9477b08297815f07156b432a2724f8c08e9e841ef6bf7ba62ccf7df361f541e59024b42164bd35d7eef16da1f75ec WHIRLPOOL 651509487e6a86fd5f96a3ab55d31ecb13cf5d95d0079679665feb0c828e49186325f0670094fda439a73b0e3fbfad4899e32b66220bd3a55e85120ed85b5101
+DIST pam_skey-1.1.5.tar.gz 76963 SHA256 31f56a85780aa59326c7da891687af3820e997a80805dc47171175481f3762f7 SHA512 12817cedf15a3b2287982e4beab5d3b388239cc0a1e141e66e41759ddb2da7fb9dd0df12202dcc8140db0868c8df1a8d19d5859224179e2419ffefd691cb9834 WHIRLPOOL 835da66136cde2a19580c3e75a59cb9eadbbcb76dc542d1c96825438dff5c835d392c2232cae785c2999bc3e65772f06c91dea5fb03b945312a1a3a641647f1e
diff --git a/sys-auth/pam_skey/metadata.xml b/sys-auth/pam_skey/metadata.xml
new file mode 100644
index 00000000000..f6bcd796289
--- /dev/null
+++ b/sys-auth/pam_skey/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>pam</herd>
+ <maintainer>
+ <email>ulm@gentoo.org</email>
+ </maintainer>
+ <upstream>
+ <remote-id type="freshmeat">pam_skey</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam_skey/pam_skey-1.1.5-r5.ebuild b/sys-auth/pam_skey/pam_skey-1.1.5-r5.ebuild
new file mode 100644
index 00000000000..ee9b5510da8
--- /dev/null
+++ b/sys-auth/pam_skey/pam_skey-1.1.5-r5.ebuild
@@ -0,0 +1,56 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils pam autotools multilib readme.gentoo
+
+DESCRIPTION="PAM interface for the S/Key authentication system"
+HOMEPAGE="http://freshmeat.net/projects/pam_skey/"
+SRC_URI="http://dkorunic.net/tarballs/${P}.tar.gz
+ mirror://gentoo/${P}-patches-6.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+
+RDEPEND=">=sys-libs/pam-0.78-r3
+ >=sys-auth/skey-1.1.5-r4"
+DEPEND="${RDEPEND}
+ app-arch/xz-utils"
+
+DOCS="README INSTALL"
+DOC_CONTENTS="To use the pam_skey module, you need to configure PAM
+ by adding a line like:
+ \n\nauth [success=done ignore=ignore auth_err=die default=bad] pam_skey.so\n
+ \nto an appropriate place in the /etc/pam.d/system-auth file.
+ Consult the README and INSTALL files in /usr/share/doc/${PF}
+ for detailed instructions.
+ \n\nPlease note that calling this module from unprivileged
+ applications, e.g. screensavers, is not supported.
+ \n\nError checking has become stricter in pam_skey-1.1.5-r4;
+ errors returned from the underlying skey library when accessing
+ the S/Key data base will no longer be ignored.
+ Make sure that your PAM configuration is correct."
+
+src_prepare() {
+ EPATCH_SUFFIX=patch epatch
+ epatch_user
+
+ cd autoconf
+ eautoconf
+ eautoheader
+ mv configure defs.h.in .. || die "mv failed"
+}
+
+src_configure() {
+ econf --libdir="/$(get_libdir)" CFLAGS="${CFLAGS} -fPIC"
+}
+
+pkg_postinst() {
+ case ${REPLACING_VERSIONS} in
+ 1.1.[45]|1.1.5-r[123]) FORCE_PRINT_ELOG=1 ;;
+ esac
+ readme.gentoo_print_elog
+}
diff --git a/sys-auth/pam_smb/Manifest b/sys-auth/pam_smb/Manifest
new file mode 100644
index 00000000000..a80499b42d3
--- /dev/null
+++ b/sys-auth/pam_smb/Manifest
@@ -0,0 +1 @@
+DIST pam_smb-2.0.0-rc6.tar.gz 115069 SHA256 b787b11dade66b1078553fc0662843f3aa9f69629542ff5fd6802d62555295c5
diff --git a/sys-auth/pam_smb/files/10-pam_smb-bash-3.1.patch b/sys-auth/pam_smb/files/10-pam_smb-bash-3.1.patch
new file mode 100644
index 00000000000..570655d8246
--- /dev/null
+++ b/sys-auth/pam_smb/files/10-pam_smb-bash-3.1.patch
@@ -0,0 +1,12 @@
+diff -Nurp pam_smb-2.0.0_rc6.orig/configure pam_smb-2.0.0_rc6/configure
+--- configure 2006-03-17 15:02:01.000000000 +0000
++++ configure 2006-03-17 15:02:01.000000000 +0000
+@@ -1486,7 +1486,7 @@ else
+ # results, and the version is kept in special file).
+
+ if test -r /etc/.relid -a "X`uname -n`" = "X`uname -s`" ; then
+- system=MP-RAS-`awk '{print $3}' /etc/.relid'`
++ system=MP-RAS-`awk '{print $3}' /etc/.relid`
+ fi
+ if test "`uname -s`" = "AIX" ; then
+ system=AIX-`uname -v`.`uname -r`
diff --git a/sys-auth/pam_smb/files/pamsmbd-init b/sys-auth/pam_smb/files/pamsmbd-init
new file mode 100644
index 00000000000..e65387ffa53
--- /dev/null
+++ b/sys-auth/pam_smb/files/pamsmbd-init
@@ -0,0 +1,20 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+depend() {
+ need net
+}
+
+start() {
+ ebegin "Starting pamsmbd"
+ start-stop-daemon --start --quiet --exec /usr/sbin/pamsmbd
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping pamsmbd"
+ start-stop-daemon --stop --quiet --name pamsmbd
+ eend $?
+}
diff --git a/sys-auth/pam_smb/metadata.xml b/sys-auth/pam_smb/metadata.xml
new file mode 100644
index 00000000000..8bab991023f
--- /dev/null
+++ b/sys-auth/pam_smb/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer>
+ <email>samba@gentoo.org</email>
+ <name>Samba Team</name>
+</maintainer>
+<longdescription>
+The PAM SMB module, which allows authentication against a SMB (such as the Win_x families) server.
+</longdescription>
+<longdescription lang="ja">
+ PAM の SMB モジュールは SMB サーバ( Win_x ファミリの類)の認証を許します。
+</longdescription>
+</pkgmetadata>
diff --git a/sys-auth/pam_smb/pam_smb-2.0.0_rc6-r1.ebuild b/sys-auth/pam_smb/pam_smb-2.0.0_rc6-r1.ebuild
new file mode 100644
index 00000000000..e3810cd5a18
--- /dev/null
+++ b/sys-auth/pam_smb/pam_smb-2.0.0_rc6-r1.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit eutils pam
+
+MY_P=${P/_rc/-rc}
+
+DESCRIPTION="The PAM SMB module, allows authentication against a SMB (such as the Win_x families) server"
+HOMEPAGE="http://www.csn.ul.ie/~airlied/pam_smb/"
+SRC_URI="
+ mirror://samba/pam_smb/v2/${MY_P}.tar.gz
+ http://www.csn.ul.ie/~airlied/pam_smb/v2/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~ppc x86"
+IUSE=""
+
+DEPEND=">=sys-libs/pam-0.75"
+RDEPEND="${DEPEND}"
+
+S=${WORKDIR}/${MY_P}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}/10-pam_smb-bash-3.1.patch"
+}
+
+src_compile() {
+ econf --disable-root-only
+ emake || die "emake failed"
+}
+
+src_install() {
+ dopammod pamsmbm/pam_smb_auth.so
+ dosbin pamsmbd/pamsmbd
+
+ dodoc BUGS CHANGES README TODO faq/{pam_smb_faq.sgml,additions.txt}
+ docinto pam.d
+ dodoc pam_smb.conf*
+
+ newinitd "${FILESDIR}/pamsmbd-init pamsmbd"
+}
+
+pkg_postinst() {
+ echo
+ elog "You must create /etc/pam_smb.conf yourself, containing"
+ elog "your domainname, PDC and BDC. See example files in docdir."
+ echo
+}
diff --git a/sys-auth/pam_smb/pam_smb-2.0.0_rc6-r2.ebuild b/sys-auth/pam_smb/pam_smb-2.0.0_rc6-r2.ebuild
new file mode 100644
index 00000000000..691f55d1505
--- /dev/null
+++ b/sys-auth/pam_smb/pam_smb-2.0.0_rc6-r2.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils pam
+
+MY_P=${P/_rc/-rc}
+
+DESCRIPTION="The PAM SMB module, allows authentication against a SMB (such as the Win_x families) server"
+HOMEPAGE="http://www.csn.ul.ie/~airlied/pam_smb/"
+SRC_URI="
+ mirror://samba/pam_smb/v2/${MY_P}.tar.gz
+ http://www.csn.ul.ie/~airlied/pam_smb/v2/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~ppc ~x86"
+IUSE=""
+
+DEPEND=">=sys-libs/pam-0.75"
+RDEPEND="${DEPEND}"
+
+S=${WORKDIR}/${MY_P}
+
+src_prepare() {
+ epatch "${FILESDIR}/10-pam_smb-bash-3.1.patch"
+}
+
+src_configure() {
+ econf --disable-root-only
+}
+
+src_install() {
+ dopammod pamsmbm/pam_smb_auth.so
+ dosbin pamsmbd/pamsmbd
+
+ dodoc BUGS CHANGES README TODO faq/{pam_smb_faq.sgml,additions.txt}
+ docinto pam.d
+ dodoc pam_smb.conf*
+
+ newinitd "${FILESDIR}/pamsmbd-init pamsmbd"
+}
+
+pkg_postinst() {
+ echo
+ elog "You must create /etc/pam_smb.conf yourself, containing"
+ elog "your domainname, PDC and BDC. See example files in docdir."
+ echo
+}
diff --git a/sys-auth/pam_ssh/Manifest b/sys-auth/pam_ssh/Manifest
new file mode 100644
index 00000000000..09d71b452c4
--- /dev/null
+++ b/sys-auth/pam_ssh/Manifest
@@ -0,0 +1,3 @@
+DIST pam_ssh-1.97.tar.bz2 200184 SHA256 10233b0d3e480fdc977d4e3a1ea5a994cf1f257c3b948650a86e4d753796789d SHA512 78632ef5baf8c7ac6d28d16a4c7e452978ad09a969c562cfcc708b835dbba3da12317569a618768ef6f9d59db1d5d31f2a0c7b2ab1244ed9caa37eb89413494e WHIRLPOOL efe23d1d86f92298682edeb960e046d0c5def65961e3e51dc82bb244b98f76ac7b7a456fd80d31740e851602e8d8cd27d17d0b66ca6e0e44d1356982c4496887
+DIST pam_ssh-1.98.tar.bz2 292989 SHA256 30312f242c00551b120cc39defd3745b8cb50408ea845e8688d18d2a28b51180 SHA512 bf6da4ced0619549d56516c6b24e899664e0948da7a0cc04ff1b536d06cc8c26242c83eb36ed835668c824b777e270aa293162ac77e3c479311386e6e5da39ff WHIRLPOOL a62dccfec3a0208e8e94c0635aa1d8813ff3bbfeba5eebbff854c44638c51a547251a22460f78d08d34cc60b0318bcec622649b6a0dac030d159378451df09ae
+DIST pam_ssh-2.1.tar.xz 361000 SHA256 55fbe8488d59cff05a77523b4afc2e2a8d1ba35d93546f1828ec48e20e2600cb SHA512 8252b15efffa5687f740963f7a3c3479b73f99eca26a17155f915a10b9a71362a2778449adf10f01c174cc8545961ce3ea64459338a7c995c242b209529fd640 WHIRLPOOL e46d22325b06d9801d99d36b1045a4b8da0b8e874d83c6309353c54827189e47bbadb5789f498037829b6b9b9e618fec3ea5a441ac349643d93667fcf1dc2759
diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.97-EOF.patch b/sys-auth/pam_ssh/files/pam_ssh-1.97-EOF.patch
new file mode 100644
index 00000000000..80214a1df70
--- /dev/null
+++ b/sys-auth/pam_ssh/files/pam_ssh-1.97-EOF.patch
@@ -0,0 +1,11 @@
+--- pam_ssh-1.92.orig/pam_get_pass.c 2004-02-19 19:59:05.000000000 +0100
++++ pam_ssh-1.92/pam_get_pass.c 2009-04-18 13:51:10.000000000 +0200
+@@ -63,6 +63,8 @@
+ retval = conv->conv(1, msgs, &resp, conv->appdata_ptr);
+ if (retval != PAM_SUCCESS)
+ return retval;
++ if (resp[0].resp == NULL)
++ return PAM_AUTHTOK_RECOVERY_ERR;
+ retval = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp);
+ if (retval != PAM_SUCCESS)
+ return retval;
diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.97-doublefree.patch b/sys-auth/pam_ssh/files/pam_ssh-1.97-doublefree.patch
new file mode 100644
index 00000000000..2f63ff8bdcb
--- /dev/null
+++ b/sys-auth/pam_ssh/files/pam_ssh-1.97-doublefree.patch
@@ -0,0 +1,20 @@
+--- pam_ssh-1.97/pam_ssh.c.orig 2009-08-01 20:11:00.000000000 +0200
++++ pam_ssh-1.97/pam_ssh.c 2009-08-01 20:11:16.000000000 +0200
+@@ -627,7 +627,7 @@
+ * than the file creation time */
+ if (retval = stat(per_agent, &stat_buf)) {
+ pam_ssh_log(LOG_ERR, "stat() failed on %s", per_agent);
+- free(per_agent);
++ pam_set_data(pamh, "ssh_agent_env_agent", NULL, NULL);
+ fclose(env_read);
+ return retval;
+ }
+@@ -646,7 +646,7 @@
+ if (start_agent) {
+ if ((env_write = open(per_agent, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR)) < 0) {
+ pam_ssh_log(LOG_ERR, "can't write to %s", per_agent);
+- free(per_agent);
++ pam_set_data(pamh, "ssh_agent_env_agent", NULL, NULL);
+ openpam_restore_cred(pamh);
+ return PAM_SERVICE_ERR;
+ }
diff --git a/sys-auth/pam_ssh/files/pam_ssh-2.1-dot-ssh-check.patch b/sys-auth/pam_ssh/files/pam_ssh-2.1-dot-ssh-check.patch
new file mode 100644
index 00000000000..b5baa71e8f4
--- /dev/null
+++ b/sys-auth/pam_ssh/files/pam_ssh-2.1-dot-ssh-check.patch
@@ -0,0 +1,22 @@
+https://bugs.gentoo.org/503424#c5
+http://sourceforge.net/p/pam-ssh/bugs/16/
+
+--- a/pam_ssh.c
++++ b/pam_ssh.c
+@@ -867,6 +867,7 @@
+ int attempt; /* No. of attempt to contact agent */
+ const char *user; /* username */
+ struct options options; /* PAM options */
++ struct stat sb; /* to check for existing .ssh */
+
+ #if HAVE_PAM_STRUCT_OPTIONS || !HAVE_PAM_STD_OPTION
+ memset(&options, 0, sizeof options);
+@@ -916,7 +917,7 @@
+ openpam_restore_cred(pamh);
+ return PAM_SERVICE_ERR;
+ }
+- if ((access(dotdir,F_OK)) == -1) {
++ if (stat(dotdir, &sb) == -1) {
+ pam_ssh_log(LOG_DEBUG, "inexistent configuration directory");
+ free(dotdir);
+ openpam_restore_cred(pamh);
diff --git a/sys-auth/pam_ssh/files/pam_symbols.ver b/sys-auth/pam_ssh/files/pam_symbols.ver
new file mode 100644
index 00000000000..dbc677b77a2
--- /dev/null
+++ b/sys-auth/pam_ssh/files/pam_symbols.ver
@@ -0,0 +1,4 @@
+{
+ global: pam_sm_*;
+ local: *;
+};
diff --git a/sys-auth/pam_ssh/metadata.xml b/sys-auth/pam_ssh/metadata.xml
new file mode 100644
index 00000000000..66fb0a248b3
--- /dev/null
+++ b/sys-auth/pam_ssh/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>pam</herd>
+ <maintainer>
+ <email>pam-bugs@gentoo.org</email>
+ </maintainer>
+ <upstream>
+ <remote-id type="sourceforge">pam-ssh</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam_ssh/pam_ssh-1.97-r1.ebuild b/sys-auth/pam_ssh/pam_ssh-1.97-r1.ebuild
new file mode 100644
index 00000000000..c4924d59e35
--- /dev/null
+++ b/sys-auth/pam_ssh/pam_ssh-1.97-r1.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+
+inherit pam autotools eutils
+
+DESCRIPTION="Uses ssh-agent to provide single sign-on"
+HOMEPAGE="http://pam-ssh.sourceforge.net/"
+SRC_URI="mirror://sourceforge/pam-ssh/${P}.tar.bz2"
+
+LICENSE="BSD-2 BSD ISC"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE=""
+
+# Doesn't work on OpenPAM.
+DEPEND="sys-libs/pam
+ sys-devel/libtool"
+
+RDEPEND="sys-libs/pam
+ virtual/ssh"
+
+src_prepare() {
+ epatch "${FILESDIR}/${P}-doublefree.patch"
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ "--with-pam-dir=$(getpam_mod_dir)" \
+ || die "econf failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "install failed"
+ dodoc AUTHORS ChangeLog NEWS README TODO || die
+
+ find "${D}" -name '*.la' -delete || die "Unable to remove libtool archives."
+}
+
+pkg_postinst() {
+ elog "You can enable pam_ssh for system authentication by enabling"
+ elog "the ssh USE flag on sys-auth/pambase."
+}
diff --git a/sys-auth/pam_ssh/pam_ssh-1.97-r2.ebuild b/sys-auth/pam_ssh/pam_ssh-1.97-r2.ebuild
new file mode 100644
index 00000000000..0dce47d6e51
--- /dev/null
+++ b/sys-auth/pam_ssh/pam_ssh-1.97-r2.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+
+inherit pam autotools eutils flag-o-matic
+
+DESCRIPTION="Uses ssh-agent to provide single sign-on"
+HOMEPAGE="http://pam-ssh.sourceforge.net/"
+SRC_URI="mirror://sourceforge/pam-ssh/${P}.tar.bz2"
+
+LICENSE="BSD-2 BSD ISC"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ~ppc64 s390 sh sparc x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE=""
+
+# Doesn't work on OpenPAM; looks for OpenSSH at build time (bug
+# #282993) and won't work with other implementations either
+RDEPEND="sys-libs/pam
+ net-misc/openssh"
+
+DEPEND="${RDEPEND}
+ sys-devel/libtool"
+
+src_prepare() {
+ epatch "${FILESDIR}/${P}-doublefree.patch"
+ eautoreconf
+}
+
+src_configure() {
+ # hide all the otherwise-exported symbols that may clash with
+ # other software loading the PAM modules (see bug #274924 as an
+ # example).
+ append-ldflags -Wl,--version-script="${FILESDIR}"/pam_symbols.ver
+
+ econf \
+ "--with-pam-dir=$(getpam_mod_dir)" \
+ || die "econf failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "install failed"
+ dodoc AUTHORS ChangeLog NEWS README TODO || die
+
+ find "${D}" -name '*.la' -delete || die "Unable to remove libtool archives."
+}
+
+pkg_postinst() {
+ elog "You can enable pam_ssh for system authentication by enabling"
+ elog "the ssh USE flag on sys-auth/pambase."
+}
diff --git a/sys-auth/pam_ssh/pam_ssh-1.97-r3.ebuild b/sys-auth/pam_ssh/pam_ssh-1.97-r3.ebuild
new file mode 100644
index 00000000000..017a0314b27
--- /dev/null
+++ b/sys-auth/pam_ssh/pam_ssh-1.97-r3.ebuild
@@ -0,0 +1,53 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+
+inherit pam autotools eutils flag-o-matic
+
+DESCRIPTION="Uses ssh-agent to provide single sign-on"
+HOMEPAGE="http://pam-ssh.sourceforge.net/"
+SRC_URI="mirror://sourceforge/pam-ssh/${P}.tar.bz2"
+
+LICENSE="BSD-2 BSD ISC"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE=""
+
+# Doesn't work on OpenPAM; looks for OpenSSH at build time (bug
+# #282993) and won't work with other implementations either
+RDEPEND="sys-libs/pam
+ net-misc/openssh"
+
+DEPEND="${RDEPEND}
+ sys-devel/libtool"
+
+src_prepare() {
+ epatch "${FILESDIR}/${P}-doublefree.patch"
+ epatch "${FILESDIR}/${P}-EOF.patch"
+ eautoreconf
+}
+
+src_configure() {
+ # hide all the otherwise-exported symbols that may clash with
+ # other software loading the PAM modules (see bug #274924 as an
+ # example).
+ append-ldflags -Wl,--version-script="${FILESDIR}"/pam_symbols.ver
+
+ econf \
+ "--with-pam-dir=$(getpam_mod_dir)" \
+ || die "econf failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "install failed"
+ dodoc AUTHORS ChangeLog NEWS README TODO || die
+
+ find "${D}" -name '*.la' -delete || die "Unable to remove libtool archives."
+}
+
+pkg_postinst() {
+ elog "You can enable pam_ssh for system authentication by enabling"
+ elog "the ssh USE flag on sys-auth/pambase."
+}
diff --git a/sys-auth/pam_ssh/pam_ssh-1.98.ebuild b/sys-auth/pam_ssh/pam_ssh-1.98.ebuild
new file mode 100644
index 00000000000..d9c53f79ac5
--- /dev/null
+++ b/sys-auth/pam_ssh/pam_ssh-1.98.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit pam eutils flag-o-matic readme.gentoo
+
+DESCRIPTION="Uses ssh-agent to provide single sign-on"
+HOMEPAGE="http://pam-ssh.sourceforge.net/"
+SRC_URI="mirror://sourceforge/pam-ssh/${P}.tar.bz2"
+
+LICENSE="BSD-2 BSD ISC"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE=""
+
+# Doesn't work on OpenPAM; looks for OpenSSH at build time (bug
+# #282993) and won't work with other implementations either
+RDEPEND="
+ sys-libs/pam
+ net-misc/openssh
+"
+DEPEND="${RDEPEND}
+ sys-devel/libtool
+"
+
+DOC_CONTENTS="
+ You can enable pam_ssh for system authentication by enabling
+ the pam_ssh USE flag on sys-auth/pambase.
+"
+
+src_configure() {
+ # hide all the otherwise-exported symbols that may clash with
+ # other software loading the PAM modules (see bug #274924 as an
+ # example).
+ append-ldflags -Wl,--version-script="${FILESDIR}"/pam_symbols.ver
+
+ econf \
+ "--with-pam-dir=$(getpam_mod_dir)"
+}
+
+src_install() {
+ default
+ prune_libtool_files --modules
+ readme.gentoo_create_doc
+}
diff --git a/sys-auth/pam_ssh/pam_ssh-2.1.ebuild b/sys-auth/pam_ssh/pam_ssh-2.1.ebuild
new file mode 100644
index 00000000000..40670e4df8a
--- /dev/null
+++ b/sys-auth/pam_ssh/pam_ssh-2.1.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit pam eutils flag-o-matic readme.gentoo
+
+DESCRIPTION="Uses ssh-agent to provide single sign-on"
+HOMEPAGE="http://pam-ssh.sourceforge.net/"
+SRC_URI="mirror://sourceforge/pam-ssh/${P}.tar.xz"
+
+LICENSE="BSD-2 BSD ISC"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE=""
+
+# Only supports OpenSSH via `ssh-agent` #282993
+DEPEND="virtual/pam
+ dev-libs/openssl:0="
+RDEPEND="${DEPEND}
+ net-misc/openssh"
+
+DOC_CONTENTS="
+ You can enable pam_ssh for system authentication by enabling
+ the pam_ssh USE flag on sys-auth/pambase.
+"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-dot-ssh-check.patch #503424#c5
+}
+
+src_configure() {
+ # hide all the otherwise-exported symbols that may clash with
+ # other software loading the PAM modules (see bug #274924 as an
+ # example).
+ append-ldflags -Wl,--version-script="${FILESDIR}"/pam_symbols.ver
+
+ # Set the cache var so the configure script doesn't go probing hardcoded
+ # file system paths and picking up the wrong thing.
+ export ac_cv_openssldir=''
+
+ # Avoid cross-compiling funkiness and requiring openssh at build time.
+ export PATH_SSH_AGENT="${EPREFIX}/usr/bin/ssh-agent"
+
+ econf \
+ "--with-pam-dir=$(getpam_mod_dir)"
+}
+
+src_install() {
+ default
+ prune_libtool_files --modules
+ readme.gentoo_create_doc
+}
+
+pkg_preinst() {
+ if has_version "<${CATEGORY}/${PN}-2.0" ; then #554150
+ ewarn "Upstream pam_ssh has changed where ssh keys live. Only keys in your"
+ ewarn "~/.ssh/login-keys.d/ will be accepted for authentication."
+ fi
+}
diff --git a/sys-auth/pam_ssh_agent_auth/Manifest b/sys-auth/pam_ssh_agent_auth/Manifest
new file mode 100644
index 00000000000..eeb05822964
--- /dev/null
+++ b/sys-auth/pam_ssh_agent_auth/Manifest
@@ -0,0 +1,4 @@
+DIST pam_ssh_agent_auth-0.10.2.tar.bz2 246412 SHA256 99bbbae3494032e17b62ff3b9ff71e2d78e3c6809463649afe7bae79e4f81fcd SHA512 b4b9bc4486d873f236f7c54874c996e24f344f889dfda3beadb12b97cbb89078028a103a4a7175cd919fb0a12fd5bcefef50420510ae5eff9252e494e0124b38 WHIRLPOOL e5c5390b31ff131a24ed299df556847ef65ca69c2d1dc438a3b5fc43d7e9b3ff8045504ae7d5cca6906a4f96078bcdfaaa3e10109b3cad14be6dce0f80c2a6c4
+DIST pam_ssh_agent_auth-0.9.2.tar.bz2 237156 SHA256 76c80b6482ea5d03e1f33514f30ac77cd56e2fc8cb233a470562686df7426f4b SHA512 e710a4dff315c8d79c5d5edc4ebe1629a8fc6d09651813fd4792a2021e7c2d5768d6b7e8539801e31b947cc30817f32375d751fc396707fc4f257df4f33cd408 WHIRLPOOL 073e47de9c9205a1eac8e116c5b22b2b6c4dd42be261abe18bcac4c25dc98ce0023f44a17558afb9823ba457dcc7e1f16e4e195c7aa09483b9ed32e7ae1a7eed
+DIST pam_ssh_agent_auth-0.9.3.tar.bz2 239596 SHA256 10017968f5a8a41e1fcfaac6cdec479b70998bbbd19a70e94e2f654befafe5a6 SHA512 c2304dcf623858339b5fd77bcf64e9c980a3ee241384b9125d64ba6ab9539a65eacbd3576b31a94bb390e4c089e702f9df2963119250b773bd8be872ae63a050 WHIRLPOOL 41205f5f501b0ef90b71f4f72993da3514bffbdf779565eaee1e4e7b442103b4fb7f3ea278279cb99cffa2f42c700e2e9f6c74b79c0f3a25ae964a8a1df9c858
+DIST pam_ssh_agent_auth-0.9.4.tar.bz2 239250 SHA256 496de600771d6296c7a7d01636399fd603e5a79930416ffbdc150c3784d80ca9 SHA512 3d469e85bf7c49dcf9345c63678ebe050db4d15447592bc337bfc762f2337f92cebd7e840fc12d7be94acf1aa47b0272efe2c1688888ecd8f9daf63549520792 WHIRLPOOL 20960e24fb548fd9e6722def1cb2a07cd2f7abb1ddb235339c61e7b544bf6470f74b2d890d9aa834908d04e35fdd842e8b4f64a4b55e6d5ff892fd56d5b1e1a6
diff --git a/sys-auth/pam_ssh_agent_auth/files/pam_ssh_agent_auth-0.9.2-libs.patch b/sys-auth/pam_ssh_agent_auth/files/pam_ssh_agent_auth-0.9.2-libs.patch
new file mode 100644
index 00000000000..3e259761a2e
--- /dev/null
+++ b/sys-auth/pam_ssh_agent_auth/files/pam_ssh_agent_auth-0.9.2-libs.patch
@@ -0,0 +1,24 @@
+diff --git a/Makefile.in b/Makefile.in
+index 3428c51..4b5ea8a 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -48,7 +48,7 @@ PAM_MODULES=pam_ssh_agent_auth.so
+
+ SSHOBJS=xmalloc.o atomicio.o authfd.o bufaux.o bufbn.o buffer.o cleanup.o entropy.o fatal.o key.o log.o misc.o secure_filename.o ssh-dss.o ssh-rsa.o uuencode.o compat.o
+
+-PAM_SSH_AGENT_AUTH_OBJS=pam_user_key_allowed2.o iterate_ssh_agent_keys.o userauth_pubkey_from_id.o pam_user_authorized_keys.o
++PAM_SSH_AGENT_AUTH_OBJS=pam_user_key_allowed2.o iterate_ssh_agent_keys.o userauth_pubkey_from_id.o pam_user_authorized_keys.o pam_ssh_agent_auth.o
+
+
+ MANPAGES_IN = pam_ssh_agent_auth.pod
+@@ -72,8 +72,8 @@ $(LIBCOMPAT): always
+ (cd openbsd-compat && $(MAKE))
+ always:
+
+-pam_ssh_agent_auth.so: $(LIBCOMPAT) $(SSHOBJS) $(PAM_SSH_AGENT_AUTH_OBJS) pam_ssh_agent_auth.o
+- $(LD) $(LDFLAGS_SHARED) -o $@ $(SSHOBJS) $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lopenbsd-compat $(LIBS) -lpam pam_ssh_agent_auth.o
++pam_ssh_agent_auth.so: $(LIBCOMPAT) $(SSHOBJS) $(PAM_SSH_AGENT_AUTH_OBJS)
++ $(LD) $(LDFLAGS_SHARED) -o $@ $(SSHOBJS) $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lopenbsd-compat $(LIBS) -lpam
+
+ $(MANPAGES): $(MANPAGES_IN)
+ pod2man --section=8 --release=v0.8 --name=pam_ssh_agent_auth --official --center "PAM" pam_ssh_agent_auth.pod > pam_ssh_agent_auth.8
diff --git a/sys-auth/pam_ssh_agent_auth/metadata.xml b/sys-auth/pam_ssh_agent_auth/metadata.xml
new file mode 100644
index 00000000000..aba6c2cb4c1
--- /dev/null
+++ b/sys-auth/pam_ssh_agent_auth/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>pam</herd>
+ <maintainer>
+ <email>pam-bugs@gentoo.org</email>
+ </maintainer>
+ <upstream>
+ <remote-id type="sourceforge">pamsshagentauth</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.10.2.ebuild b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.10.2.ebuild
new file mode 100644
index 00000000000..565bac67086
--- /dev/null
+++ b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.10.2.ebuild
@@ -0,0 +1,42 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit pam
+
+DESCRIPTION="Simple module to authenticate users against their ssh-agent keys"
+HOMEPAGE="http://pamsshagentauth.sourceforge.net"
+SRC_URI="mirror://sourceforge/pamsshagentauth/${PN}/v${PV}/${P}.tar.bz2"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="virtual/pam
+ dev-libs/openssl"
+
+RDEPEND="${DEPEND}
+ virtual/ssh"
+
+# needed for pod2man
+DEPEND="${DEPEND}
+ dev-lang/perl"
+
+src_configure() {
+ pammod_hide_symbols
+
+ econf \
+ --libexecdir="$(getpam_mod_dir)"
+}
+
+src_install() {
+ # Don't use emake install as it makes it harder to have proper
+ # install paths.
+ dopammod pam_ssh_agent_auth.so
+ doman pam_ssh_agent_auth.8
+
+ dodoc CONTRIBUTORS
+}
diff --git a/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.9.2.ebuild b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.9.2.ebuild
new file mode 100644
index 00000000000..9824d01fd2b
--- /dev/null
+++ b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.9.2.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit eutils pam
+
+DESCRIPTION="Simple module to authenticate users against their ssh-agent keys"
+HOMEPAGE="http://pamsshagentauth.sourceforge.net"
+SRC_URI="mirror://sourceforge/pamsshagentauth/${PN}/v${PV}/${P}.tar.bz2"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="virtual/pam
+ dev-libs/openssl"
+
+RDEPEND="${DEPEND}
+ virtual/ssh"
+
+# needed for pod2man
+DEPEND="${DEPEND}
+ dev-lang/perl"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-libs.patch
+}
+
+src_configure() {
+ pammod_hide_symbols
+
+ econf \
+ --libexecdir=$(getpam_mod_dir)
+}
+
+src_test() { :; }
+
+src_install() {
+ # Don't use emake install as it makes it harder to have proper
+ # install paths.
+ dopammod pam_ssh_agent_auth.so
+
+ doman pam_ssh_agent_auth.8 || die
+}
diff --git a/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.9.3.ebuild b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.9.3.ebuild
new file mode 100644
index 00000000000..44ee42e7655
--- /dev/null
+++ b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.9.3.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit eutils pam
+
+DESCRIPTION="Simple module to authenticate users against their ssh-agent keys"
+HOMEPAGE="http://pamsshagentauth.sourceforge.net"
+SRC_URI="mirror://sourceforge/pamsshagentauth/${PN}/v${PV}/${P}.tar.bz2"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="virtual/pam
+ dev-libs/openssl"
+
+RDEPEND="${DEPEND}
+ virtual/ssh"
+
+# needed for pod2man
+DEPEND="${DEPEND}
+ dev-lang/perl"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-0.9.2-libs.patch
+}
+
+src_configure() {
+ pammod_hide_symbols
+
+ econf \
+ --libexecdir=$(getpam_mod_dir)
+}
+
+src_test() { :; }
+
+src_install() {
+ # Don't use emake install as it makes it harder to have proper
+ # install paths.
+ dopammod pam_ssh_agent_auth.so
+ doman pam_ssh_agent_auth.8
+
+ dodoc CONTRIBUTORS
+}
diff --git a/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.9.4.ebuild b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.9.4.ebuild
new file mode 100644
index 00000000000..73fad8d2d61
--- /dev/null
+++ b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.9.4.ebuild
@@ -0,0 +1,44 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit pam
+
+DESCRIPTION="Simple module to authenticate users against their ssh-agent keys"
+HOMEPAGE="http://pamsshagentauth.sourceforge.net"
+SRC_URI="mirror://sourceforge/pamsshagentauth/${PN}/v${PV}/${P}.tar.bz2"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="virtual/pam
+ dev-libs/openssl"
+
+RDEPEND="${DEPEND}
+ virtual/ssh"
+
+# needed for pod2man
+DEPEND="${DEPEND}
+ dev-lang/perl"
+
+src_configure() {
+ pammod_hide_symbols
+
+ econf \
+ --libexecdir=$(getpam_mod_dir)
+}
+
+src_test() { :; }
+
+src_install() {
+ # Don't use emake install as it makes it harder to have proper
+ # install paths.
+ dopammod pam_ssh_agent_auth.so
+ doman pam_ssh_agent_auth.8
+
+ dodoc CONTRIBUTORS
+}
diff --git a/sys-auth/pam_usb/Manifest b/sys-auth/pam_usb/Manifest
new file mode 100644
index 00000000000..fc5f1ec484b
--- /dev/null
+++ b/sys-auth/pam_usb/Manifest
@@ -0,0 +1 @@
+DIST pam_usb-0.5.0.tar.gz 35233 SHA256 011f9970730a9b9fad7a1a8205f4eb63e757282d80d8bc146ad455d492063cbc SHA512 25c78f94793b4119c37e03f2d7d189ab6d1e4b82dfbadc3d83f5579fa70d8938ebfa4269155e04055a94c4562d618249fe046a67e7ea401cc571f482a3ed7bce WHIRLPOOL 4d1641587ed28c635ac012d60bc11c50f1b730c0a4ff882db92788c4cedac2a919e6efd337df291291be5995657bfab1b65476bfd9547d8d283e5e00ab44120f
diff --git a/sys-auth/pam_usb/files/pam_usb-0.5.0-openpam.patch b/sys-auth/pam_usb/files/pam_usb-0.5.0-openpam.patch
new file mode 100644
index 00000000000..d5493d67a13
--- /dev/null
+++ b/sys-auth/pam_usb/files/pam_usb-0.5.0-openpam.patch
@@ -0,0 +1,16 @@
+--- src/pam.c
++++ src/pam.c
+@@ -16,8 +16,12 @@
+ */
+
+ #define PAM_SM_AUTH
++
++#include <stdlib.h>
++#include <string.h>
++
+ #include <security/pam_modules.h>
+-#include <security/_pam_macros.h>
++#include <security/pam_appl.h>
+
+ #include "version.h"
+ #include "conf.h"
diff --git a/sys-auth/pam_usb/metadata.xml b/sys-auth/pam_usb/metadata.xml
new file mode 100644
index 00000000000..9ea5fa40735
--- /dev/null
+++ b/sys-auth/pam_usb/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>pam</herd>
+ <longdescription>
+A PAM module that enables authentication using a USB-Storage device (such as a USB Pen) through DSA private/public keys.
+</longdescription>
+ <longdescription lang="ja">
+DSA 秘密/公開鍵による USB ストレージ・デバイス( USB ペン等)を使った認証を可能にする PAM モジュールです。
+</longdescription>
+ <upstream>
+ <remote-id type="sourceforge">pamusb</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam_usb/pam_usb-0.5.0.ebuild b/sys-auth/pam_usb/pam_usb-0.5.0.ebuild
new file mode 100644
index 00000000000..d65dc54e977
--- /dev/null
+++ b/sys-auth/pam_usb/pam_usb-0.5.0.ebuild
@@ -0,0 +1,53 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+
+inherit eutils pam python-single-r1 toolchain-funcs
+
+DESCRIPTION="A pam module to provide authentication using USB device"
+HOMEPAGE="http://pamusb.org/"
+SRC_URI="mirror://sourceforge/pamusb/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE=""
+
+COMMON_DEPEND="dev-libs/libxml2
+ sys-apps/dbus
+ virtual/pam"
+RDEPEND="${COMMON_DEPEND}
+ ${PYTHON_DEPS}
+ dev-python/dbus-python
+ dev-python/pygobject:2
+ sys-apps/pmount
+ sys-fs/udisks:0"
+DEPEND="${COMMON_DEPEND}
+ virtual/pkgconfig"
+
+pkg_setup() {
+ python-single-r1_pkg_setup
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-openpam.patch
+ python_fix_shebang tools/pamusb-{conf,agent} #413025
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)"
+}
+
+src_install() {
+ emake \
+ DESTDIR="${D}" \
+ DOCS_DEST="${D}/usr/share/doc/${PF}" \
+ PAM_USB_DEST="${D}/$(getpam_mod_dir)" \
+ install
+
+ dodoc ChangeLog README.md
+}
diff --git a/sys-auth/pam_yubico/Manifest b/sys-auth/pam_yubico/Manifest
new file mode 100644
index 00000000000..535cc4c7194
--- /dev/null
+++ b/sys-auth/pam_yubico/Manifest
@@ -0,0 +1,2 @@
+DIST pam_yubico-2.17.tar.gz 391559 SHA256 974a827ad960c1e7ce7b90338c319587aa878cf44d43c954e4af7cd843bbf571 SHA512 ee2a1527c2f2b29ca601588700cc76edc688e58d305ef44d311db3c5f184513a5bdc3d9052cefd85b11de96c6999daeca3d22986e93f588c9d64e5c301c37ee8 WHIRLPOOL 61b6974350869b38b3cd56ce3ff9d3d85600126dc1dd82111a6b605720b27e4dee35d53c7d9dc9436fc94b8440858ae7ce5a26ece0e076ef8381e55424999859
+DIST pam_yubico-2.19.tar.gz 410136 SHA256 ed6e5841bb5104528a2155cb4b35bea18ebf3ddd8a4faf59eca3b1e2ac9c50ef SHA512 26e5246d99b5d8d5afbed4ba459f431635327512a29f6c29b547a1a0553f8d2ee79740f167c18266cf925df25df9ab962ee0180ca3a30bc553a7f9f7801a1ed7 WHIRLPOOL f6ca4678487c965d1a9c10e8e9c679b162e5ad690c1fec46a6498c2354300dc31f1c2e88faa6574f267798feb171ecb3a19801e9c1c0b866d2b57154036bc001
diff --git a/sys-auth/pam_yubico/files/2.11-drop_privs.patch b/sys-auth/pam_yubico/files/2.11-drop_privs.patch
new file mode 100644
index 00000000000..f4b29bac83b
--- /dev/null
+++ b/sys-auth/pam_yubico/files/2.11-drop_privs.patch
@@ -0,0 +1,14 @@
+--- drop_privs.c 2012-03-09 12:36:04.792191180 -0500
++++ drop_privs.c.new 2012-03-09 12:36:00.827333242 -0500
+@@ -47,9 +47,9 @@
+ #endif
+
+ #ifdef HAVE_PAM_MODUTIL_DROP_PRIV
+-#ifdef HAVE_SECURITY_PAM_MODUTIL_H
++//#ifdef HAVE_SECURITY_PAM_MODUTIL_H
+ #include <security/pam_modutil.h>
+-#endif /* HAVE_SECURITY_PAM_MODUTIL_H */
++//#endif /* HAVE_SECURITY_PAM_MODUTIL_H */
+ #else
+ static uid_t saved_euid;
+ static gid_t saved_egid;
diff --git a/sys-auth/pam_yubico/metadata.xml b/sys-auth/pam_yubico/metadata.xml
new file mode 100644
index 00000000000..65df64f7f46
--- /dev/null
+++ b/sys-auth/pam_yubico/metadata.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>zerochaos@gentoo.org</email>
+ <name>Rick Farina</name>
+ </maintainer>
+ <longdescription lang="en">
+</longdescription>
+ <upstream>
+ <remote-id type="github">Yubico/yubico-pam</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/pam_yubico/pam_yubico-2.17-r1.ebuild b/sys-auth/pam_yubico/pam_yubico-2.17-r1.ebuild
new file mode 100644
index 00000000000..53178deff1d
--- /dev/null
+++ b/sys-auth/pam_yubico/pam_yubico-2.17-r1.ebuild
@@ -0,0 +1,45 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit multilib
+
+DESCRIPTION="Library for authenticating against PAM with a Yubikey"
+HOMEPAGE="https://github.com/Yubico/yubico-pam"
+SRC_URI="http://opensource.yubico.com/yubico-pam/releases/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="ldap"
+
+RDEPEND="
+ virtual/pam
+ sys-auth/libyubikey
+ >=sys-auth/ykclient-2.12
+ >=sys-auth/ykpers-1.6
+ ldap? ( net-nds/openldap )"
+DEPEND="${RDEPEND}
+ app-text/asciidoc"
+
+#src_prepare() {
+# epatch "${FILESDIR}/2.11-drop_privs.patch"
+# eautoreconf
+#}
+
+src_configure() {
+ #challenge response could be optional but that seems horribly dangerous to me
+ econf \
+ --with-cr \
+ $(use_with ldap) \
+ --with-pam-dir=/$(get_libdir)/security
+}
+
+src_install() {
+ default
+ dodoc doc/*
+ #prune_libtool_files #why doesn't this work?
+ find "${D}" -name '*.la' -delete || die
+}
diff --git a/sys-auth/pam_yubico/pam_yubico-2.19-r1.ebuild b/sys-auth/pam_yubico/pam_yubico-2.19-r1.ebuild
new file mode 100644
index 00000000000..497b4da392d
--- /dev/null
+++ b/sys-auth/pam_yubico/pam_yubico-2.19-r1.ebuild
@@ -0,0 +1,41 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit multilib
+
+DESCRIPTION="Library for authenticating against PAM with a Yubikey"
+HOMEPAGE="https://github.com/Yubico/yubico-pam"
+SRC_URI="http://opensource.yubico.com/yubico-pam/releases/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="ldap test"
+
+RDEPEND="
+ virtual/pam
+ sys-auth/libyubikey
+ >=sys-auth/ykclient-2.12
+ >=sys-auth/ykpers-1.6
+ ldap? ( net-nds/openldap )"
+DEPEND="${RDEPEND}
+ app-text/asciidoc
+ test? ( dev-perl/Net-LDAP-Server )"
+
+src_configure() {
+ #challenge response could be optional but that seems horribly dangerous to me
+ econf \
+ --with-cr \
+ $(use_with ldap) \
+ --with-pam-dir=/$(get_libdir)/security
+}
+
+src_install() {
+ default
+ dodoc doc/*
+ #prune_libtool_files #why doesn't this work?
+ find "${D}" -name '*.la' -delete || die
+}
diff --git a/sys-auth/pambase/Manifest b/sys-auth/pambase/Manifest
new file mode 100644
index 00000000000..0f3c5faeee6
--- /dev/null
+++ b/sys-auth/pambase/Manifest
@@ -0,0 +1,4 @@
+DIST pambase-20101024.tar.bz2 3201 SHA256 89d60dd598d3da0ce1d1bcd7dc325f6c55002a1d4a7d27f9bb024f6732e9fba4 SHA512 8d2a89b38d94d2e423a033ea6922c0a0039a0fb64d60c05991d877b4fa893954723fe1c1763f3f67ed6fbc3639282a4ee1d76824f7f29025b6050632a6984b6f WHIRLPOOL 644965507d1f537c357a7020c13282d9de4131a6cf72e589b1e750e3b86a2185b9a882d0b3f865145a86e1ef613e4b92998be53734aefb6d6d8a69f65de806a4
+DIST pambase-20120417.tar.bz2 3361 SHA256 3fde3ff7714b3722b45545da36fdde6ca95a55d1b0a8cfb23666ec0de3ec5871 SHA512 7a666eb67f6484e536ecb070402036bcfdd137aced27df3f08b136d06eee5c13a6dc14aa93ea09e94c7f31e5a98db97dbaccd0c46af24b57028247de3a7cd9fe WHIRLPOOL 323edb9ef488a0ba562ef279d4acfb682540bf87838be9a3319ad2029ba1465d015fdf94c3192e24517ae9f0ed264e38d17aba65934211bd7b39bf309ee12540
+DIST pambase-20140313.tar.bz2 3417 SHA256 70f11281975eb1d7b14f36a16d2b9eff78099a246aeda96e4f8c667b2574b2a4 SHA512 76dd2a70947dac9573d47b81764ebe4f829bfd38d59c007e698a52c70757fa88525f510c14a1f474c58e3d33cb421ff61aa4ed1aae54497456004eff7494bfc8 WHIRLPOOL e9aac79b37c76af4389d193cb4eb79ad4372e25520a3f6bba6b473948999f1ac2ade00930180a4b9f47cdd7a458d1a174bd15ccf0a94130d216118d7d76485a9
+DIST pambase-20150213.tar.xz 3480 SHA256 cf1ea75e29c33bfddbc6f8519b860a6f0710345e936966014f59fe3e93ab7f44 SHA512 3b49dd3f06a0942fcced95527f62cbc4ff723c48dc896a0b57ecd19736d2892db974c782be3fe24e8e6e17294869a772ae9ee6118af96dfdc7a3a6561dc3f3e5 WHIRLPOOL 493084f04032b93d8021e84bdbcf6c339ec6c928b468aa59556f3d3d10403e4557316d516ea303d66422df13150c7c19761d9979aba32e5e4c9fe7e198c733a2
diff --git a/sys-auth/pambase/files/pambase-20120417-lastlog-silent.patch b/sys-auth/pambase/files/pambase-20120417-lastlog-silent.patch
new file mode 100644
index 00000000000..79266a740b6
--- /dev/null
+++ b/sys-auth/pambase/files/pambase-20120417-lastlog-silent.patch
@@ -0,0 +1,20 @@
+--- pambase-20120417/login.in.orig 2012-11-21 14:31:49.031948988 +0100
++++ pambase-20120417/login.in 2012-11-21 14:32:41.172330601 +0100
+@@ -3,4 +3,6 @@
+
+ account include system-local-login
+ password include system-local-login
++
++session optional pam_lastlog.so DEBUG
+ session include system-local-login
+--- pambase-20120417/system-login.in.orig 2012-11-21 14:31:42.232160039 +0100
++++ pambase-20120417/system-login.in 2012-11-21 14:35:20.738025880 +0100
+@@ -41,7 +41,7 @@
+ session required pam_env.so DEBUG
+ #endif
+ #if HAVE_LASTLOG
+-session optional pam_lastlog.so DEBUG
++session optional pam_lastlog.so silent DEBUG
+ #endif
+ session include system-auth
+ #if HAVE_CONSOLEKIT
diff --git a/sys-auth/pambase/files/pambase-20120417-systemd-auth.patch b/sys-auth/pambase/files/pambase-20120417-systemd-auth.patch
new file mode 100644
index 00000000000..99c38e78477
--- /dev/null
+++ b/sys-auth/pambase/files/pambase-20120417-systemd-auth.patch
@@ -0,0 +1,26 @@
+diff -u pambase-20120417.old/system-auth.in pambase-20120417/system-auth.in
+--- pambase-20120417.old/system-auth.in 2013-10-27 15:58:21.766193297 +0100
++++ pambase-20120417/system-auth.in 2013-10-27 16:01:10.614555766 +0100
+@@ -35,3 +35,7 @@
+ session optional pam_ssh.so
+ #endif
+ #include "system-session.inc"
++
++#if HAVE_SYSTEMD
++-session optional pam_systemd.so
++#endif
+Sólo en pambase-20120417: system-auth.in~
+diff -u pambase-20120417.old/system-login.in pambase-20120417/system-login.in
+--- pambase-20120417.old/system-login.in 2013-10-27 15:58:21.766193297 +0100
++++ pambase-20120417/system-login.in 2013-10-27 15:59:42.032316285 +0100
+@@ -47,9 +47,6 @@
+ #if HAVE_CONSOLEKIT
+ -session optional pam_ck_connector.so nox11
+ #endif
+-#if HAVE_SYSTEMD
+--session optional pam_systemd.so
+-#endif
+ #if HAVE_GNOME_KEYRING
+ session optional pam_gnome_keyring.so auto_start
+ #endif
+Sólo en pambase-20120417: system-login.in~
diff --git a/sys-auth/pambase/files/pambase-20120417-systemd.patch b/sys-auth/pambase/files/pambase-20120417-systemd.patch
new file mode 100644
index 00000000000..047fb41c859
--- /dev/null
+++ b/sys-auth/pambase/files/pambase-20120417-systemd.patch
@@ -0,0 +1,29 @@
+http://bugs.gentoo.org/372229
+
+--- Makefile
++++ Makefile
+@@ -28,6 +28,10 @@
+ PAMFLAGS += -DHAVE_CONSOLEKIT=1
+ endif
+
++ifeq "$(SYSTEMD)" "yes"
++PAMFLAGS += -DHAVE_SYSTEMD=1
++endif
++
+ ifeq "$(GNOME_KEYRING)" "yes"
+ PAMFLAGS += -DHAVE_GNOME_KEYRING=1
+ endif
+--- system-login.in
++++ system-login.in
+@@ -45,7 +45,10 @@
+ #endif
+ session include system-auth
+ #if HAVE_CONSOLEKIT
+-session optional pam_ck_connector.so nox11
++-session optional pam_ck_connector.so nox11
++#endif
++#if HAVE_SYSTEMD
++-session optional pam_systemd.so
+ #endif
+ #if HAVE_GNOME_KEYRING
+ session optional pam_gnome_keyring.so auto_start
diff --git a/sys-auth/pambase/files/pambase-20150213-selinux-note.patch b/sys-auth/pambase/files/pambase-20150213-selinux-note.patch
new file mode 100644
index 00000000000..1cb018f3450
--- /dev/null
+++ b/sys-auth/pambase/files/pambase-20150213-selinux-note.patch
@@ -0,0 +1,11 @@
+--- system-login.in.orig 2015-04-17 16:58:02.247000000 +0200
++++ system-login.in 2015-04-17 16:58:07.684000000 +0200
+@@ -48,7 +48,7 @@
+ session optional pam_ck_connector.so nox11
+ #endif
+ #if HAVE_SELINUX
+-# Note: modules that run in the user's context must come after this line.
++ # Note: modules that run in the user's context must come after this line.
+ session required pam_selinux.so multiple open
+ #endif
+ #if HAVE_GNOME_KEYRING
diff --git a/sys-auth/pambase/metadata.xml b/sys-auth/pambase/metadata.xml
new file mode 100644
index 00000000000..97d83d57b2d
--- /dev/null
+++ b/sys-auth/pambase/metadata.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>pam</herd>
+ <maintainer>
+ <email>pam-bugs@gentoo.org</email>
+ </maintainer>
+ <use>
+ <flag name="cracklib">
+ Enable pam_cracklib module on system authentication stack. This
+ produces warnings when changing password to something easily
+ crackable. It requires the same USE flag to be enabled on
+ <pkg>sys-libs/pam</pkg> or system login might be impossible.
+ </flag>
+ <flag name="consolekit">
+ Enable pam_ck_connector module on local system logins. This
+ allows for console logins to make use of ConsoleKit
+ authorization.
+ </flag>
+ <flag name="systemd">
+ Use pam_systemd module to register user sessions in the systemd
+ control group hierarchy.
+ </flag>
+ <flag name="gnome-keyring">
+ Enable pam_gnome_keyring module on system login stack. This
+ enables proper Gnome Keyring access to logins, whether they are
+ done with the login shell, a Desktop Manager or a remote login
+ systems such as SSH.
+ </flag>
+ <flag name="debug">
+ Enable debug information logging on syslog(3) for all the
+ modules supporting this in the system authentication and system
+ login stacks.
+ </flag>
+ <flag name="passwdqc">
+ Enable pam_passwdqc module on system auth stack for password
+ quality validation. This is an alternative to pam_cracklib
+ producing warnings, rejecting or providing example passwords
+ when changing your system password. It is used by default by
+ OpenWall GNU/*/Linux and by FreeBSD.
+ </flag>
+ <flag name="mktemp">
+ Enable pam_mktemp module on system auth stack for session
+ handling. This module creates a private temporary directory for
+ the user, and sets TMP and TMPDIR accordingly.
+ </flag>
+ <flag name="pam_ssh">
+ Enable pam_ssh module on system auth stack for authentication
+ and session handling. This module will accept as password the
+ passphrase of a private SSH key (one of ~/.ssh/id_rsa,
+ ~/.ssh/id_dsa or ~/.ssh/identity), and will spawn an ssh-agent
+ instance to cache the open key.
+ </flag>
+ <flag name="sha512">
+ Switch Linux-PAM's pam_unix module to use sha512 for passwords
+ hashes rather than MD5. This option requires
+ <pkg>&gt;=sys-libs/pam-1.0.1</pkg> built against
+ <pkg>&gt;=sys-libs/glibc-2.7</pkg>, if it's built against an
+ earlier version, it will silently be ignored, and MD5 hashes
+ will be used. All the passwords changed after this USE flag is
+ enabled will be saved to the shadow file hashed using SHA512
+ function. The password previously saved will be left
+ untouched. Please note that while SHA512-hashed passwords will
+ still be recognised if the USE flag is removed, the shadow file
+ will not be compatible with systems using an earlier glibc
+ version.
+ </flag>
+ <flag name="pam_krb5">
+ Enable pam_krb5 module on system auth stack, as an alternative
+ to pam_unix. If Kerberos authentication succeed, only pam_unix
+ will be ignore, and all the other modules will proceed as usual,
+ including Gnome Keyring and other session modules. It requires
+ <pkg>sys-libs/pam</pkg> as PAM implementation.
+ </flag>
+ <flag name="minimal">
+ Disables the standard PAM modules that provide extra information
+ to users on login; this includes pam_tally (and pam_tally2 for
+ Linux PAM 1.1 and later), pam_lastlog, pam_motd and other
+ similar modules. This might not be a good idea on a multi-user
+ system but could reduce slightly the overhead on single-user
+ non-networked systems.
+ </flag>
+ <flag name="nullok">
+ Enable the nullok option with the pam_unix module. This allows
+ people to login with blank passwords.
+ </flag>
+ <flag name="securetty">
+ Enable pam_securetty module in the login stack. Not generally
+ relevant anymore as the login stack only refers to local logins
+ and local terminals imply secure access in the first place.
+ </flag>
+ </use>
+</pkgmetadata>
diff --git a/sys-auth/pambase/pambase-20101024-r2.ebuild b/sys-auth/pambase/pambase-20101024-r2.ebuild
new file mode 100644
index 00000000000..def54e6de49
--- /dev/null
+++ b/sys-auth/pambase/pambase-20101024-r2.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit eutils
+
+DESCRIPTION="PAM base configuration files"
+HOMEPAGE="http://www.gentoo.org/proj/en/base/pam/"
+SRC_URI="http://dev.gentoo.org/~flameeyes/${PN}/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="debug cracklib passwdqc consolekit gnome-keyring selinux mktemp pam_ssh +sha512 pam_krb5 minimal"
+RESTRICT="binchecks"
+
+RDEPEND="
+ || (
+ >=sys-libs/pam-0.99.9.0-r1
+ ( sys-auth/openpam
+ || ( sys-freebsd/freebsd-pam-modules sys-netbsd/netbsd-pam-modules )
+ )
+ )
+ cracklib? ( >=sys-libs/pam-0.99[cracklib] )
+ consolekit? ( >=sys-auth/consolekit-0.3[pam] )
+ gnome-keyring? ( >=gnome-base/gnome-keyring-2.20[pam] )
+ selinux? ( >=sys-libs/pam-0.99[selinux] )
+ passwdqc? ( >=sys-auth/pam_passwdqc-1.0.4 )
+ mktemp? ( sys-auth/pam_mktemp )
+ pam_ssh? ( sys-auth/pam_ssh )
+ sha512? ( >=sys-libs/pam-1.0.1 )
+ pam_krb5? (
+ || ( >=sys-libs/pam-1.1.0 sys-auth/openpam )
+ >=sys-auth/pam_krb5-4.3
+ )
+ !<sys-freebsd/freebsd-pam-modules-6.2-r1
+ !<sys-libs/pam-0.99.9.0-r1"
+DEPEND="app-portage/portage-utils"
+
+src_compile() {
+ local implementation=
+ local linux_pam_version=
+ if has_version sys-libs/pam; then
+ implementation="linux-pam"
+ local ver_str=$(qatom `best_version sys-libs/pam` | cut -d ' ' -f 3)
+ linux_pam_version=$(printf "0x%02x%02x%02x" ${ver_str//\./ })
+ elif has_version sys-auth/openpam; then
+ implementation="openpam"
+ else
+ die "PAM implementation not identified"
+ fi
+
+ use_var() {
+ local varname=$(echo $1 | tr [a-z] [A-Z])
+ local usename=${2-$(echo $1 | tr [A-Z] [a-z])}
+ local varvalue=$(use $usename && echo yes || echo no)
+ echo "${varname}=${varvalue}"
+ }
+
+ emake \
+ GIT=true \
+ $(use_var debug) \
+ $(use_var cracklib) \
+ $(use_var passwdqc) \
+ $(use_var consolekit) \
+ $(use_var GNOME_KEYRING gnome-keyring) \
+ $(use_var selinux) \
+ $(use_var mktemp) \
+ $(use_var PAM_SSH pam_ssh) \
+ $(use_var sha512) \
+ $(use_var KRB5 pam_krb5) \
+ $(use_var minimal) \
+ IMPLEMENTATION=${implementation} \
+ LINUX_PAM_VERSION=${linux_pam_version}
+}
+
+src_test() { :; }
+
+src_install() {
+ emake GIT=true DESTDIR="${ED}" install
+}
+
+pkg_postinst() {
+ if use sha512; then
+ elog "Starting from version 20080801, pambase optionally enables"
+ elog "SHA512-hashed passwords. For this to work, you need sys-libs/pam-1.0.1"
+ elog "built against sys-libs/glibc-2.7 or later."
+ elog "If you don't have support for this, it will automatically fallback"
+ elog "to MD5-hashed passwords, just like before."
+ elog
+ elog "Please note that the change only affects the newly-changed passwords"
+ elog "and that SHA512-hashed passwords will not work on earlier versions"
+ elog "of glibc or Linux-PAM."
+ fi
+}
diff --git a/sys-auth/pambase/pambase-20120417-r3.ebuild b/sys-auth/pambase/pambase-20120417-r3.ebuild
new file mode 100644
index 00000000000..b45a5ab8d22
--- /dev/null
+++ b/sys-auth/pambase/pambase-20120417-r3.ebuild
@@ -0,0 +1,113 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils
+
+DESCRIPTION="PAM base configuration files"
+HOMEPAGE="http://www.gentoo.org/proj/en/base/pam/"
+SRC_URI="http://dev.gentoo.org/~flameeyes/${PN}/${P}.tar.bz2
+ http://dev.gentoo.org/~phajdan.jr/${PN}/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 -sparc-fbsd -x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="consolekit cracklib debug gnome-keyring minimal mktemp pam_krb5 pam_ssh passwdqc selinux +sha512 systemd"
+
+RESTRICT=binchecks
+
+MIN_PAM_REQ=1.1.3
+
+RDEPEND="
+ || (
+ >=sys-libs/pam-${MIN_PAM_REQ}
+ ( sys-auth/openpam || ( sys-freebsd/freebsd-pam-modules sys-netbsd/netbsd-pam-modules ) )
+ )
+ consolekit? ( >=sys-auth/consolekit-0.4.5_p2012[pam] )
+ cracklib? ( >=sys-libs/pam-${MIN_PAM_REQ}[cracklib] )
+ gnome-keyring? ( >=gnome-base/gnome-keyring-2.32[pam] )
+ mktemp? ( sys-auth/pam_mktemp )
+ pam_krb5? (
+ || ( >=sys-libs/pam-${MIN_PAM_REQ} sys-auth/openpam )
+ >=sys-auth/pam_krb5-4.3
+ )
+ pam_ssh? ( sys-auth/pam_ssh )
+ passwdqc? ( >=sys-auth/pam_passwdqc-1.0.4 )
+ selinux? ( >=sys-libs/pam-${MIN_PAM_REQ}[selinux] )
+ sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
+ systemd? ( >=sys-apps/systemd-44-r1[pam] )
+ !<sys-apps/shadow-4.1.5-r1
+ !<sys-freebsd/freebsd-pam-modules-6.2-r1
+ !<sys-libs/pam-0.99.9.0-r1"
+DEPEND="app-portage/portage-utils"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-systemd.patch
+ epatch "${FILESDIR}"/${P}-lastlog-silent.patch
+ epatch "${FILESDIR}"/${P}-systemd-auth.patch # 485470
+}
+
+src_compile() {
+ local implementation=
+ local linux_pam_version=
+ if has_version sys-libs/pam; then
+ implementation=linux-pam
+ local ver_str=$(qatom `best_version sys-libs/pam` | cut -d ' ' -f 3)
+ linux_pam_version=$(printf "0x%02x%02x%02x" ${ver_str//\./ })
+ elif has_version sys-auth/openpam; then
+ implementation=openpam
+ else
+ die "PAM implementation not identified"
+ fi
+
+ use_var() {
+ local varname=$(echo $1 | tr [a-z] [A-Z])
+ local usename=${2-$(echo $1 | tr [A-Z] [a-z])}
+ local varvalue=$(usex $usename)
+ echo "${varname}=${varvalue}"
+ }
+
+ emake \
+ GIT=true \
+ $(use_var debug) \
+ $(use_var cracklib) \
+ $(use_var passwdqc) \
+ $(use_var consolekit) \
+ $(use_var systemd) \
+ $(use_var GNOME_KEYRING gnome-keyring) \
+ $(use_var selinux) \
+ $(use_var mktemp) \
+ $(use_var PAM_SSH pam_ssh) \
+ $(use_var sha512) \
+ $(use_var KRB5 pam_krb5) \
+ $(use_var minimal) \
+ IMPLEMENTATION=${implementation} \
+ LINUX_PAM_VERSION=${linux_pam_version}
+}
+
+src_test() { :; }
+
+src_install() {
+ emake GIT=true DESTDIR="${ED}" install
+}
+
+pkg_postinst() {
+ if use sha512; then
+ elog "Starting from version 20080801, pambase optionally enables"
+ elog "SHA512-hashed passwords. For this to work, you need sys-libs/pam-1.0.1"
+ elog "built against sys-libs/glibc-2.7 or later."
+ elog "If you don't have support for this, it will automatically fallback"
+ elog "to MD5-hashed passwords, just like before."
+ elog
+ elog "Please note that the change only affects the newly-changed passwords"
+ elog "and that SHA512-hashed passwords will not work on earlier versions"
+ elog "of glibc or Linux-PAM."
+ fi
+
+ if use systemd && use consolekit; then
+ ewarn "You are enabling 2 session trackers, ConsoleKit and systemd-logind"
+ ewarn "at the same time. This is not recommended setup to have, please"
+ ewarn "consider disabling either USE=\"consolekit\" or USE=\"systemd\."
+ fi
+}
diff --git a/sys-auth/pambase/pambase-20140313.ebuild b/sys-auth/pambase/pambase-20140313.ebuild
new file mode 100644
index 00000000000..c667f3ef595
--- /dev/null
+++ b/sys-auth/pambase/pambase-20140313.ebuild
@@ -0,0 +1,94 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils
+
+DESCRIPTION="PAM base configuration files"
+HOMEPAGE="http://www.gentoo.org/proj/en/base/pam/"
+SRC_URI="http://dev.gentoo.org/~ssuominen/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 -sparc-fbsd -x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="consolekit cracklib debug gnome-keyring minimal mktemp pam_krb5 pam_ssh passwdqc selinux +sha512 systemd"
+
+RESTRICT=binchecks
+
+MIN_PAM_REQ=1.1.3
+
+RDEPEND="
+ || (
+ >=sys-libs/pam-${MIN_PAM_REQ}
+ ( sys-auth/openpam || ( sys-freebsd/freebsd-pam-modules sys-netbsd/netbsd-pam-modules ) )
+ )
+ consolekit? ( >=sys-auth/consolekit-0.4.6[pam] )
+ cracklib? ( >=sys-libs/pam-${MIN_PAM_REQ}[cracklib] )
+ gnome-keyring? ( >=gnome-base/gnome-keyring-2.32[pam] )
+ mktemp? ( sys-auth/pam_mktemp )
+ pam_krb5? (
+ || ( >=sys-libs/pam-${MIN_PAM_REQ} sys-auth/openpam )
+ >=sys-auth/pam_krb5-4.3
+ )
+ pam_ssh? ( sys-auth/pam_ssh )
+ passwdqc? ( >=sys-auth/pam_passwdqc-1.0.4 )
+ selinux? ( >=sys-libs/pam-${MIN_PAM_REQ}[selinux] )
+ sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
+ systemd? ( >=sys-apps/systemd-204[pam] )
+ !<sys-apps/shadow-4.1.5-r1
+ !<sys-freebsd/freebsd-pam-modules-6.2-r1
+ !<sys-libs/pam-0.99.9.0-r1"
+DEPEND="app-portage/portage-utils"
+
+src_compile() {
+ local implementation=
+ local linux_pam_version=
+ if has_version sys-libs/pam; then
+ implementation=linux-pam
+ local ver_str=$(qatom `best_version sys-libs/pam` | cut -d ' ' -f 3)
+ linux_pam_version=$(printf "0x%02x%02x%02x" ${ver_str//\./ })
+ elif has_version sys-auth/openpam; then
+ implementation=openpam
+ else
+ die "PAM implementation not identified"
+ fi
+
+ use_var() {
+ local varname=$(echo $1 | tr [a-z] [A-Z])
+ local usename=${2-$(echo $1 | tr [A-Z] [a-z])}
+ local varvalue=$(usex $usename)
+ echo "${varname}=${varvalue}"
+ }
+
+ emake \
+ GIT=true \
+ $(use_var debug) \
+ $(use_var cracklib) \
+ $(use_var passwdqc) \
+ $(use_var consolekit) \
+ $(use_var systemd) \
+ $(use_var GNOME_KEYRING gnome-keyring) \
+ $(use_var selinux) \
+ $(use_var mktemp) \
+ $(use_var PAM_SSH pam_ssh) \
+ $(use_var sha512) \
+ $(use_var KRB5 pam_krb5) \
+ $(use_var minimal) \
+ IMPLEMENTATION=${implementation} \
+ LINUX_PAM_VERSION=${linux_pam_version}
+}
+
+src_test() { :; }
+
+src_install() {
+ emake GIT=true DESTDIR="${ED}" install
+}
+
+pkg_postinst() {
+ if use systemd && use consolekit; then
+ ewarn "You are enabling 2 session trackers, ConsoleKit and systemd-logind"
+ ewarn "at the same time. This is not recommended setup to have, please"
+ ewarn "consider disabling either USE=\"consolekit\" or USE=\"systemd\."
+ fi
+}
diff --git a/sys-auth/pambase/pambase-20150213.ebuild b/sys-auth/pambase/pambase-20150213.ebuild
new file mode 100644
index 00000000000..7d8bd8b150a
--- /dev/null
+++ b/sys-auth/pambase/pambase-20150213.ebuild
@@ -0,0 +1,100 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils
+
+DESCRIPTION="PAM base configuration files"
+HOMEPAGE="http://www.gentoo.org/proj/en/base/pam/"
+SRC_URI="http://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 -sparc-fbsd -x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="consolekit cracklib debug gnome-keyring minimal mktemp +nullok pam_krb5 pam_ssh passwdqc securetty selinux +sha512 systemd"
+
+RESTRICT=binchecks
+
+MIN_PAM_REQ=1.1.3
+
+RDEPEND="
+ || (
+ >=sys-libs/pam-${MIN_PAM_REQ}
+ ( sys-auth/openpam || ( sys-freebsd/freebsd-pam-modules sys-netbsd/netbsd-pam-modules ) )
+ )
+ consolekit? ( >=sys-auth/consolekit-0.4.6[pam] )
+ cracklib? ( sys-libs/pam[cracklib] )
+ gnome-keyring? ( >=gnome-base/gnome-keyring-2.32[pam] )
+ mktemp? ( sys-auth/pam_mktemp )
+ pam_krb5? (
+ || ( >=sys-libs/pam-${MIN_PAM_REQ} sys-auth/openpam )
+ >=sys-auth/pam_krb5-4.3
+ )
+ pam_ssh? ( sys-auth/pam_ssh )
+ passwdqc? ( >=sys-auth/pam_passwdqc-1.0.4 )
+ selinux? ( sys-libs/pam[selinux] )
+ sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
+ systemd? ( >=sys-apps/systemd-204[pam] )
+ !<sys-apps/shadow-4.1.5-r1
+ !<sys-freebsd/freebsd-pam-modules-6.2-r1
+ !<sys-libs/pam-0.99.9.0-r1"
+DEPEND="app-portage/portage-utils
+ app-arch/xz-utils"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-selinux-note.patch #540096
+}
+
+src_compile() {
+ local implementation linux_pam_version
+ if has_version sys-libs/pam; then
+ implementation=linux-pam
+ local ver_str=$(qatom $(best_version sys-libs/pam) | cut -d ' ' -f 3)
+ linux_pam_version=$(printf "0x%02x%02x%02x" ${ver_str//\./ })
+ elif has_version sys-auth/openpam; then
+ implementation=openpam
+ else
+ die "PAM implementation not identified"
+ fi
+
+ use_var() {
+ local varname=$(echo "$1" | tr '[:lower:]' '[:upper:]')
+ local usename=${2-$(echo "$1" | tr '[:upper:]' '[:lower:]')}
+ local varvalue=$(usex ${usename})
+ echo "${varname}=${varvalue}"
+ }
+
+ emake \
+ GIT=true \
+ $(use_var debug) \
+ $(use_var cracklib) \
+ $(use_var passwdqc) \
+ $(use_var consolekit) \
+ $(use_var systemd) \
+ $(use_var GNOME_KEYRING gnome-keyring) \
+ $(use_var selinux) \
+ $(use_var nullok) \
+ $(use_var mktemp) \
+ $(use_var pam_ssh) \
+ $(use_var securetty) \
+ $(use_var sha512) \
+ $(use_var KRB5 pam_krb5) \
+ $(use_var minimal) \
+ IMPLEMENTATION=${implementation} \
+ LINUX_PAM_VERSION=${linux_pam_version}
+}
+
+src_test() { :; }
+
+src_install() {
+ emake GIT=true DESTDIR="${ED}" install
+}
+
+pkg_postinst() {
+ if use systemd && use consolekit; then
+ ewarn "You are enabling 2 session trackers, ConsoleKit and systemd-logind"
+ ewarn "at the same time. This is not recommended setup to have, please"
+ ewarn "consider disabling either USE=\"consolekit\" or USE=\"systemd\."
+ fi
+}
diff --git a/sys-auth/passwdqc/Manifest b/sys-auth/passwdqc/Manifest
new file mode 100644
index 00000000000..224b4b3dacd
--- /dev/null
+++ b/sys-auth/passwdqc/Manifest
@@ -0,0 +1 @@
+DIST passwdqc-1.3.0.tar.gz 48833 SHA256 23290ac21a055d9039b510bbc0d830a6dbf4295688d4317e0350ed4b6e5e7f50 SHA512 d9c2fd075ed4ff1f1dfa63fe40010d446abf8db306cacc77fd1e429fbd2dd1a6d2e4e91df46beb4c30bc30ff0cdd183ba85cefd362455ead9629d3a1c4eefece WHIRLPOOL c746394a2655b198597b70c29c0f66f6c1186a782da8c1a925fc9b7e838876d991c52469e9d526ecb99d2f1f36c6c5c83289b4ce3c92c269517dd1f507ddd7b3
diff --git a/sys-auth/passwdqc/files/passwdqc-1.3.0-build.patch b/sys-auth/passwdqc/files/passwdqc-1.3.0-build.patch
new file mode 100644
index 00000000000..c8adeb89b4a
--- /dev/null
+++ b/sys-auth/passwdqc/files/passwdqc-1.3.0-build.patch
@@ -0,0 +1,58 @@
+--- a/Makefile
++++ b/Makefile
+@@ -20,10 +20,11 @@
+ BINMODE = 755
+ CONFDIR = /etc
+ CONFMODE = 644
+-SHARED_LIBDIR = /lib
++LIBDIR = lib
++SHARED_LIBDIR = /$(LIBDIR)
+ SHARED_LIBDIR_SUN = /usr/lib
+ SHARED_LIBDIR_REL = ../..$(SHARED_LIBDIR)
+-DEVEL_LIBDIR = /usr/lib
++DEVEL_LIBDIR = /usr/$(LIBDIR)
+-SECUREDIR = /lib/security
++SECUREDIR = /$(LIBDIR)/security
+ SECUREDIR_SUN = /usr/lib/security
+ SECUREDIR_DARWIN = /usr/lib/pam
+@@ -48,7 +49,7 @@
+ INSTALL_SUN = /usr/ucb/install -c
+ CFLAGS = -Wall -W -O2
+ CFLAGS_lib = $(CFLAGS) -fPIC
+-CFLAGS_bin = $(CFLAGS) -fomit-frame-pointer
++CFLAGS_bin = $(CFLAGS)
+
+ LDFLAGS =
+ LDFLAGS_shared = --shared
+@@ -93,7 +94,7 @@
+
+ default: all
+
+-all pam utils install install_lib install_pam install_utils uninstall remove remove_lib remove_pam remove_utils:
++all lib pam utils install install_lib install_pam install_utils uninstall remove remove_lib remove_pam remove_utils:
+ case "`uname -s`" in \
+ Linux) $(MAKE) CFLAGS_lib="$(CFLAGS_lib) -DHAVE_SHADOW" \
+ LDFLAGS_lib="$(LDFLAGS_lib_LINUX)" \
+@@ -126,18 +127,20 @@
+
+ all_wrapped: pam_wrapped utils_wrapped
+
++lib_wrapped: $(SHARED_LIB) $(DEVEL_LIB)
++
+ pam_wrapped: $(SHARED_PAM)
+
+ utils_wrapped: $(BINS)
+
+ $(SHARED_LIB): $(OBJS_LIB) $(MAP_LIB)
+- $(LD_lib) $(LDFLAGS_lib) $(OBJS_LIB) $(LDLIBS_lib) -o $(SHARED_LIB)
++ $(LD_lib) $(LDFLAGS) $(LDFLAGS_lib) $(OBJS_LIB) $(LDLIBS_lib) -o $(SHARED_LIB)
+
+ $(DEVEL_LIB): $(SHARED_LIB)
+ $(LN_s) $(SHARED_LIB) $(DEVEL_LIB)
+
+ $(SHARED_PAM): $(OBJS_PAM) $(MAP_PAM) $(DEVEL_LIB)
+- $(LD_lib) $(LDFLAGS_pam) $(OBJS_PAM) $(LDLIBS_pam) -L. -lpasswdqc -o $(SHARED_PAM)
++ $(LD_lib) $(LDFLAGS) $(LDFLAGS_pam) $(OBJS_PAM) $(LDLIBS_pam) -L. -lpasswdqc -o $(SHARED_PAM)
+
+ pwqgen: $(OBJS_GEN) $(DEVEL_LIB)
+ $(LD) $(LDFLAGS) $(OBJS_GEN) -L. -lpasswdqc -o $@
diff --git a/sys-auth/passwdqc/metadata.xml b/sys-auth/passwdqc/metadata.xml
new file mode 100644
index 00000000000..501cdc08ac7
--- /dev/null
+++ b/sys-auth/passwdqc/metadata.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>pam</herd>
+<maintainer>
+ <email>pam-bugs@gentoo.org</email>
+</maintainer>
+<use>
+ <flag name='utils'>Install pwqcheck and pwqgen helper utilities</flag>
+</use>
+<longdescription>
+ Password strength checking for PAM aware password changing programs. This is an alternative to the default cracklib.
+</longdescription>
+<longdescription lang="ja">
+ パスワード変更プログラムに反応する PAM のパスワード強度検査機能です。これはデフォルトの cracklib の代替です。
+</longdescription>
+</pkgmetadata>
diff --git a/sys-auth/passwdqc/passwdqc-1.3.0.ebuild b/sys-auth/passwdqc/passwdqc-1.3.0.ebuild
new file mode 100644
index 00000000000..c7c1daee1bc
--- /dev/null
+++ b/sys-auth/passwdqc/passwdqc-1.3.0.ebuild
@@ -0,0 +1,65 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit pam eutils toolchain-funcs multilib
+
+DESCRIPTION="Password strength checking library (and PAM module)"
+HOMEPAGE="http://www.openwall.com/passwdqc/"
+SRC_URI="http://www.openwall.com/${PN}/${P}.tar.gz"
+
+LICENSE="Openwall BSD public-domain"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="pam utils"
+
+RDEPEND="
+ pam? (
+ virtual/pam
+ !<sys-auth/pam_passwdqc-1.3.0
+ )"
+DEPEND="${RDEPEND}"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-1.3.0-build.patch
+ sed -i \
+ -e 's:`uname -s`:Linux:' \
+ Makefile || die
+}
+
+_emake() {
+ emake \
+ LIBDIR="$(get_libdir)" \
+ CFLAGS="${CFLAGS} ${CPPFLAGS}" \
+ LDFLAGS="${LDFLAGS}" \
+ CC="$(tc-getCC)" \
+ LD="$(tc-getCC)" \
+ "$@"
+}
+
+src_compile() {
+ # The use of wrapped targets defeats the Makefile dep tracking.
+ # Build all the targets explicitly after the library.
+ _emake lib
+ if use pam || use utils ; then
+ _emake $(usev pam) $(usev utils)
+ fi
+}
+
+src_install() {
+ _emake \
+ DESTDIR="${ED}" \
+ install_lib $(usex pam install_pam '') $(usex utils install_utils '')
+ dodoc README PLATFORMS INTERNALS
+}
+
+pkg_postinst() {
+ if use pam ; then
+ elog "To activate pam_passwdqc use pam_passwdqc.so instead"
+ elog "of pam_cracklib.so in /etc/pam.d/system-auth."
+ elog "Also, if you want to change the parameters, read up"
+ elog "on the pam_passwdqc(8) man page."
+ fi
+}
diff --git a/sys-auth/polkit-kde-agent/Manifest b/sys-auth/polkit-kde-agent/Manifest
new file mode 100644
index 00000000000..0b4fe480a74
--- /dev/null
+++ b/sys-auth/polkit-kde-agent/Manifest
@@ -0,0 +1 @@
+DIST polkit-kde-1_0.99.1.orig.tar.xz 38060 SHA256 336fffb8b9b8c1490537dc557c6ea8d66499739f69d479150f1a2961a4be46ff SHA512 14beb0c3bb00a62fd601ea94da158946c91f443b14ff286d9475e1883e5f102afbda81d8f214417a957bd7ba449b7c41f596d1ac05d97e8ffc836e76bb680d4f WHIRLPOOL e83d6f1a95729e8838788ed21651498713b8d1513ae5878a89064c1af62bd4b6fa741711ec66f004b96547f60f150fa4ec4b6ca27d2265bc10c6fbaca955f57a
diff --git a/sys-auth/polkit-kde-agent/metadata.xml b/sys-auth/polkit-kde-agent/metadata.xml
new file mode 100644
index 00000000000..ab3442450ed
--- /dev/null
+++ b/sys-auth/polkit-kde-agent/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>kde</herd>
+ <upstream>
+ <remote-id type="launchpad">ubuntu</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-auth/polkit-kde-agent/polkit-kde-agent-0.99.1-r1.ebuild b/sys-auth/polkit-kde-agent/polkit-kde-agent-0.99.1-r1.ebuild
new file mode 100644
index 00000000000..6f05189e8ba
--- /dev/null
+++ b/sys-auth/polkit-kde-agent/polkit-kde-agent-0.99.1-r1.ebuild
@@ -0,0 +1,44 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+MY_PN="${PN}-1"
+MY_P="${MY_PN}-${PV}"
+EGIT_REPONAME="${MY_PN}"
+KDE_LINGUAS="ar bs ca ca@valencia cs da de el en_GB eo es et fi fr
+ ga gl hr hu is it ja kk km lt mai mr ms nb nds nl pa pl pt pt_BR
+ ro ru sk sl sr sr@ijekavian sr@ijekavianlatin sr@latin sv th tr
+ ug uk vi zh_CN zh_TW"
+inherit kde4-base
+
+DESCRIPTION="PolKit agent module for KDE"
+HOMEPAGE="http://www.kde.org"
+if [[ ${KDE_BUILD_TYPE} != live ]] ; then
+ SRC_URI="https://launchpad.net/ubuntu/+archive/primary/+files/${MY_PN/-agent/}_${PV}.orig.tar.xz"
+fi
+
+LICENSE="GPL-2"
+KEYWORDS="amd64 ~arm ppc ppc64 x86"
+SLOT="4"
+IUSE="debug minimal"
+
+RDEPEND="
+ >=sys-auth/polkit-qt-0.103.0[qt4(+)]
+ !sys-auth/polkit-kde
+"
+DEPEND="${RDEPEND}
+ sys-devel/gettext
+"
+
+if [[ ${KDE_BUILD_TYPE} != live ]] ; then
+ S=${WORKDIR}/${MY_P}
+fi
+
+src_prepare() {
+ kde4-base_src_prepare
+
+ # Coinstallability with kde-plasma/polkit-kde-agent
+ use minimal && rm -rf po
+}
diff --git a/sys-auth/polkit-pkla-compat/Manifest b/sys-auth/polkit-pkla-compat/Manifest
new file mode 100644
index 00000000000..066d2b45c90
--- /dev/null
+++ b/sys-auth/polkit-pkla-compat/Manifest
@@ -0,0 +1 @@
+DIST polkit-pkla-compat-0.1.tar.xz 291148 SHA256 cbf804dfc235b40f2f7ea694c37d577f1cb5d3042d53063de1753016a46c39af SHA512 968cf547db977731a6c6bb292fa86ef46a2ce8f74d008da62f219c20da8cdde94f6309dccba3be33d0111bfa34609799bdeee4d2464395c8837370d022d425c5 WHIRLPOOL f45db2c04c6dc470bdb15365e00a2483310c7bbf305683128162693c93b05aa49f4e9e33d9db06d784de6db28647b884e7fc9752944b5d14a139c4a01cb7ddcf
diff --git a/sys-auth/polkit-pkla-compat/metadata.xml b/sys-auth/polkit-pkla-compat/metadata.xml
new file mode 100644
index 00000000000..c03b663ea9f
--- /dev/null
+++ b/sys-auth/polkit-pkla-compat/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>freedesktop</herd>
+ <maintainer>
+ <email>freedesktop-bugs@gentoo.org</email>
+ </maintainer>
+</pkgmetadata>
diff --git a/sys-auth/polkit-pkla-compat/polkit-pkla-compat-0.1.ebuild b/sys-auth/polkit-pkla-compat/polkit-pkla-compat-0.1.ebuild
new file mode 100644
index 00000000000..ba14e2a8168
--- /dev/null
+++ b/sys-auth/polkit-pkla-compat/polkit-pkla-compat-0.1.ebuild
@@ -0,0 +1,32 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+DESCRIPTION="Rules for polkit to add compatibility with pklocalauthority"
+HOMEPAGE="http://fedorahosted.org/polkit-pkla-compat/"
+SRC_URI="http://fedorahosted.org/releases/${PN:0:1}/${PN:1:1}/${PN}/${P}.tar.xz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE=""
+
+RDEPEND=">=dev-libs/glib-2.30
+ >=sys-auth/polkit-0.110"
+DEPEND="${RDEPEND}
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt
+ virtual/pkgconfig"
+
+DOCS="AUTHORS NEWS README"
+
+src_install() {
+ default
+ fowners -R root:polkitd /etc/polkit-1/localauthority
+}
+
+pkg_postinst() {
+ chown -R root:polkitd "${EROOT}"/etc/polkit-1/localauthority
+}
diff --git a/sys-auth/polkit-qt/Manifest b/sys-auth/polkit-qt/Manifest
new file mode 100644
index 00000000000..739c8b562c8
--- /dev/null
+++ b/sys-auth/polkit-qt/Manifest
@@ -0,0 +1 @@
+DIST polkit-qt-1-0.112.0.tar.bz2 67725 SHA256 67fb03bf6ca3e0bdbd98d374dfb5b1651a07d17ae6c23e11a81b4b084447e7c6 SHA512 4cb17389b54a09c53052f6d72aa5cbfe09ccb19f7fd4edf8b43ccd4751f5e88609c5f89777f4af92167d32eb2ce1e78537cea7bcfb60a90072d1fe02d6a59b50 WHIRLPOOL cf77234386646a145c807888ba361dad45f50e8857d8bea7d507b966fd52172b870ffa16c8c5df15296419ee04778614161fff9466d31af44661730916435f73
diff --git a/sys-auth/polkit-qt/metadata.xml b/sys-auth/polkit-qt/metadata.xml
new file mode 100644
index 00000000000..a23f444b67d
--- /dev/null
+++ b/sys-auth/polkit-qt/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>kde</herd>
+</pkgmetadata>
diff --git a/sys-auth/polkit-qt/polkit-qt-0.112.0-r1.ebuild b/sys-auth/polkit-qt/polkit-qt-0.112.0-r1.ebuild
new file mode 100644
index 00000000000..4cb68644104
--- /dev/null
+++ b/sys-auth/polkit-qt/polkit-qt-0.112.0-r1.ebuild
@@ -0,0 +1,79 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+MY_P="${P/qt/qt-1}"
+
+inherit cmake-utils multibuild
+
+DESCRIPTION="PolicyKit Qt4 API wrapper library"
+HOMEPAGE="http://www.kde.org/"
+SRC_URI="mirror://kde/stable/apps/KDE4.x/admin/${MY_P}.tar.bz2"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~arm ~arm64 ppc ppc64 x86 ~x86-fbsd"
+IUSE="debug examples +qt4 qt5"
+
+REQUIRED_USE="|| ( qt4 qt5 )"
+
+RDEPEND="
+ dev-libs/glib:2
+ >=sys-auth/polkit-0.103
+ qt4? (
+ dev-qt/qtcore:4[glib]
+ dev-qt/qtdbus:4
+ dev-qt/qtgui:4[glib]
+ )
+ qt5? (
+ dev-qt/qtcore:5
+ dev-qt/qtdbus:5
+ dev-qt/qtgui:5
+ dev-qt/qtwidgets:5
+ examples? ( dev-qt/qtxml:5 )
+ )
+"
+DEPEND="${RDEPEND}"
+
+DOCS=( AUTHORS README README.porting TODO )
+
+S=${WORKDIR}/${MY_P}
+
+# bug #529686
+RESTRICT="test"
+
+pkg_setup() {
+ MULTIBUILD_VARIANTS=()
+ use qt4 && MULTIBUILD_VARIANTS+=( qt4 )
+ use qt5 && MULTIBUILD_VARIANTS+=( qt5 )
+}
+
+src_configure() {
+ myconfigure() {
+ local mycmakeargs=(
+ -DSYSCONF_INSTALL_DIR="${EPREFIX}"/etc
+ $(cmake-utils_use_build examples)
+ )
+
+ if [[ ${MULTIBUILD_VARIANT} = qt4 ]] ; then
+ mycmakeargs+=( -DUSE_QT4=ON )
+ fi
+ if [[ ${MULTIBUILD_VARIANT} = qt5 ]] ; then
+ mycmakeargs+=( -DUSE_QT5=ON )
+ fi
+
+ cmake-utils_src_configure
+ }
+
+ multibuild_foreach_variant myconfigure
+}
+
+src_compile() {
+ multibuild_foreach_variant cmake-utils_src_compile
+}
+
+src_install() {
+ multibuild_foreach_variant cmake-utils_src_install
+}
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
new file mode 100644
index 00000000000..2add7c33efe
--- /dev/null
+++ b/sys-auth/polkit/Manifest
@@ -0,0 +1,2 @@
+DIST polkit-0.112.tar.gz 1429240 SHA256 d695f43cba4748a822fbe864dd32c4887c5da1c71694a47693ace5e88fcf6af6 SHA512 e4ad1bd287b38e5650cb94b1897a959b2ceaa6c19b4478ba872eacb13b58758fd42f6ab1718976162d823d850cd5c99b3ccadf1b57d75dea7790101422029d5f WHIRLPOOL af5dd0a17b7356302b0319e80565d6ac916128dfc85b6e2711147f3de86651f11fe8d08f3d6067d7abd24e263be92403f9d8f46935ba93db571e386a603a038a
+DIST polkit-0.113.tar.gz 1448865 SHA256 e1c095093c654951f78f8618d427faf91cf62abdefed98de40ff65eca6413c81 SHA512 ab177c89a20eeb2978ddbe28afb205d3619f9c5defe833eb68a85e71a0f2c905367f1295cbbfb85da5eafdd661bce474d5d84aca9195cd425a18c9b4170eb5f9 WHIRLPOOL 106db7e6085a4ce49da44929138671eff2fd6007c80533518abe2d91ede9242b1e3cd0a1801190eeac5d4d5c1e978a30a18e47a6b604497b38853fa60c935a81
diff --git a/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch b/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch
new file mode 100644
index 00000000000..5ceb2de5f9e
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch
@@ -0,0 +1,106 @@
+From 9e074421d5623b6962dc66994d519012b40334b9 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Sat, 30 May 2015 09:06:23 -0400
+Subject: [PATCH] backend: Handle invalid object paths in
+ RegisterAuthenticationAgent
+
+Properly propagate the error, otherwise we dereference a `NULL`
+pointer. This is a local, authenticated DoS.
+
+Reported-by: Tavis Ormandy <taviso@google.com>
+Signed-off-by: Colin Walters <walters@verbum.org>
+---
+ .../polkitbackendinteractiveauthority.c | 53 ++++++++++++----------
+ 1 file changed, 30 insertions(+), 23 deletions(-)
+
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 59028d5..f45fdf1 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -1551,36 +1551,42 @@ authentication_agent_new (PolkitSubject *scope,
+ const gchar *unique_system_bus_name,
+ const gchar *locale,
+ const gchar *object_path,
+- GVariant *registration_options)
++ GVariant *registration_options,
++ GError **error)
+ {
+ AuthenticationAgent *agent;
+- GError *error;
++ GDBusProxy *proxy;
+
+- agent = g_new0 (AuthenticationAgent, 1);
++ if (!g_variant_is_object_path (object_path))
++ {
++ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED,
++ "Invalid object path '%s'", object_path);
++ return NULL;
++ }
++
++ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
++ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
++ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
++ NULL, /* GDBusInterfaceInfo* */
++ unique_system_bus_name,
++ object_path,
++ "org.freedesktop.PolicyKit1.AuthenticationAgent",
++ NULL, /* GCancellable* */
++ error);
++ if (proxy == NULL)
++ {
++ g_prefix_error (error, "Failed to construct proxy for agent: " );
++ return NULL;
++ }
+
++ agent = g_new0 (AuthenticationAgent, 1);
+ agent->ref_count = 1;
+ agent->scope = g_object_ref (scope);
+ agent->object_path = g_strdup (object_path);
+ agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
+ agent->locale = g_strdup (locale);
+ agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL;
+-
+- error = NULL;
+- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
+- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
+- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
+- NULL, /* GDBusInterfaceInfo* */
+- agent->unique_system_bus_name,
+- agent->object_path,
+- "org.freedesktop.PolicyKit1.AuthenticationAgent",
+- NULL, /* GCancellable* */
+- &error);
+- if (agent->proxy == NULL)
+- {
+- g_warning ("Error constructing proxy for agent: %s", error->message);
+- g_error_free (error);
+- /* TODO: Make authentication_agent_new() return NULL and set a GError */
+- }
++ agent->proxy = proxy;
+
+ return agent;
+ }
+@@ -2383,8 +2389,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+ caller_cmdline = NULL;
+ agent = NULL;
+
+- /* TODO: validate that object path is well-formed */
+-
+ interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority);
+ priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority);
+
+@@ -2471,7 +2475,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
+ locale,
+ object_path,
+- options);
++ options,
++ error);
++ if (!agent)
++ goto out;
+
+ g_hash_table_insert (priv->hash_scope_to_authentication_agent,
+ g_object_ref (subject),
+--
+1.8.3.1
+
diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml
new file mode 100644
index 00000000000..d553f2f472c
--- /dev/null
+++ b/sys-auth/polkit/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>freedesktop</herd>
+ <maintainer>
+ <email>freedesktop-bugs@gentoo.org</email>
+ </maintainer>
+ <use>
+ <flag name='systemd'>Use <pkg>sys-apps/systemd</pkg> instead of <pkg>sys-auth/consolekit</pkg> for session tracking</flag>
+ </use>
+</pkgmetadata>
diff --git a/sys-auth/polkit/polkit-0.112-r2.ebuild b/sys-auth/polkit/polkit-0.112-r2.ebuild
new file mode 100644
index 00000000000..246898ea610
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.112-r2.ebuild
@@ -0,0 +1,121 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils multilib pam pax-utils systemd user
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86"
+IUSE="examples gtk +introspection jit kde nls pam selinux systemd"
+
+CDEPEND="
+ ia64? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
+ hppa? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
+ mips? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
+ !hppa? ( !ia64? ( !mips? ( dev-lang/spidermonkey:17[-debug,jit=] ) ) )
+ >=dev-libs/glib-2.32
+ >=dev-libs/expat-2:=
+ introspection? ( >=dev-libs/gobject-introspection-1 )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0= )"
+DEPEND="${CDEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt
+ dev-util/intltool
+ virtual/pkgconfig"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ lxde-base/lxpolkit
+ ) )
+ kde? ( || (
+ kde-plasma/polkit-kde-agent
+ sys-auth/polkit-kde-agent
+ ) )
+ !systemd? ( sys-auth/consolekit[policykit] )"
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+}
+
+src_configure() {
+ econf \
+ --localstatedir="${EPREFIX}"/var \
+ --disable-static \
+ --enable-man-pages \
+ --disable-gtk-doc \
+ $(use_enable systemd libsystemd-login) \
+ $(use_enable introspection) \
+ --disable-examples \
+ $(use_enable nls) \
+ $(if use hppa || use ia64 || use mips; then echo --with-mozjs=mozjs185; else echo --with-mozjs=mozjs-17.0; fi) \
+ "$(systemd_with_unitdir)" \
+ --with-authfw=$(usex pam pam shadow) \
+ $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \
+ --with-os-type=gentoo
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ local f='src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest'
+ local m=''
+ # Only used when USE="jit" is enabled for 'dev-lang/spidermonkey:17' wrt #485910
+ has_version 'dev-lang/spidermonkey:17[jit]' && m='m'
+ # hppa, ia64 and mips uses spidermonkey-1.8.5 which requires different pax-mark flags
+ use hppa && m='mr'
+ use ia64 && m='mr'
+ use mips && m='mr'
+ [ -n "$m" ] && pax-mark ${m} ${f}
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ dodoc docs/TODO HACKING NEWS README
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ prune_libtool_files
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}
diff --git a/sys-auth/polkit/polkit-0.112-r3.ebuild b/sys-auth/polkit/polkit-0.112-r3.ebuild
new file mode 100644
index 00000000000..873670c90a8
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.112-r3.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils multilib pam pax-utils systemd user
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86"
+IUSE="examples gtk +introspection jit kde nls pam selinux systemd"
+
+CDEPEND="
+ ia64? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
+ hppa? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
+ mips? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
+ !hppa? ( !ia64? ( !mips? ( dev-lang/spidermonkey:17[-debug,jit=] ) ) )
+ >=dev-libs/glib-2.32
+ >=dev-libs/expat-2:=
+ introspection? ( >=dev-libs/gobject-introspection-1 )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0= )"
+DEPEND="${CDEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt
+ dev-util/intltool
+ virtual/pkgconfig"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ lxde-base/lxpolkit
+ ) )
+ kde? ( || (
+ kde-plasma/polkit-kde-agent
+ sys-auth/polkit-kde-agent
+ ) )
+ !systemd? ( sys-auth/consolekit[policykit] )"
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ epatch "${FILESDIR}/${PN}-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch" # bug 551316
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+}
+
+src_configure() {
+ econf \
+ --localstatedir="${EPREFIX}"/var \
+ --disable-static \
+ --enable-man-pages \
+ --disable-gtk-doc \
+ $(use_enable systemd libsystemd-login) \
+ $(use_enable introspection) \
+ --disable-examples \
+ $(use_enable nls) \
+ $(if use hppa || use ia64 || use mips; then echo --with-mozjs=mozjs185; else echo --with-mozjs=mozjs-17.0; fi) \
+ "$(systemd_with_unitdir)" \
+ --with-authfw=$(usex pam pam shadow) \
+ $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \
+ --with-os-type=gentoo
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ local f='src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest'
+ local m=''
+ # Only used when USE="jit" is enabled for 'dev-lang/spidermonkey:17' wrt #485910
+ has_version 'dev-lang/spidermonkey:17[jit]' && m='m'
+ # hppa, ia64 and mips uses spidermonkey-1.8.5 which requires different pax-mark flags
+ use hppa && m='mr'
+ use ia64 && m='mr'
+ use mips && m='mr'
+ [ -n "$m" ] && pax-mark ${m} ${f}
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ dodoc docs/TODO HACKING NEWS README
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ prune_libtool_files
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}
diff --git a/sys-auth/polkit/polkit-0.113.ebuild b/sys-auth/polkit/polkit-0.113.ebuild
new file mode 100644
index 00000000000..5cce334f84b
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.113.ebuild
@@ -0,0 +1,115 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils multilib pam pax-utils systemd user
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="examples gtk +introspection jit kde nls pam selinux systemd test"
+
+CDEPEND="
+ dev-lang/spidermonkey:0/mozjs185[-debug]
+ >=dev-libs/glib-2.32:2
+ >=dev-libs/expat-2:=
+ introspection? ( >=dev-libs/gobject-introspection-1:= )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0= )
+"
+DEPEND="${CDEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ lxde-base/lxpolkit
+ ) )
+ kde? ( || (
+ kde-plasma/polkit-kde-agent
+ sys-auth/polkit-kde-agent
+ ) )
+ !systemd? ( sys-auth/consolekit[policykit] )
+"
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+}
+
+src_configure() {
+ econf \
+ --localstatedir="${EPREFIX}"/var \
+ --disable-static \
+ --enable-man-pages \
+ --disable-gtk-doc \
+ $(use_enable systemd libsystemd-login) \
+ $(use_enable introspection) \
+ --disable-examples \
+ $(use_enable nls) \
+ --with-mozjs=mozjs185 \
+ "$(systemd_with_unitdir)" \
+ --with-authfw=$(usex pam pam shadow) \
+ $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \
+ $(use_enable test) \
+ --with-os-type=gentoo
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ dodoc docs/TODO HACKING NEWS README
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ prune_libtool_files
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}
diff --git a/sys-auth/realtime-base/metadata.xml b/sys-auth/realtime-base/metadata.xml
new file mode 100644
index 00000000000..af0275e2998
--- /dev/null
+++ b/sys-auth/realtime-base/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>proaudio</herd>
+</pkgmetadata>
diff --git a/sys-auth/realtime-base/realtime-base-0.1.ebuild b/sys-auth/realtime-base/realtime-base-0.1.ebuild
new file mode 100644
index 00000000000..bf2defe7147
--- /dev/null
+++ b/sys-auth/realtime-base/realtime-base-0.1.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=3
+
+inherit user
+
+DESCRIPTION="Sets up realtime scheduling"
+HOMEPAGE="http://www.jackaudio.org/linux_rt_config"
+SRC_URI=""
+
+LICENSE="public-domain"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86 ~amd64-fbsd"
+IUSE=""
+
+DEPEND=""
+RDEPEND="virtual/pam"
+
+limitsdfile=40-${PN}.conf
+rtgroup=realtime
+
+S=${WORKDIR}
+
+pkg_setup() {
+ enewgroup ${rtgroup}
+}
+
+print_limitsdfile() {
+ printf "# Start of ${limitsdfile} from ${P}\n\n"
+ printf "@${rtgroup}\t-\trtprio\t99\n"
+ printf "@${rtgroup}\t-\tmemlock\tunlimited\n"
+ printf "\n# End of ${limitsdfile} from ${P}\n"
+}
+
+src_compile() {
+ einfo "Generating ${limitsdfile}"
+ print_limitsdfile > "${S}/${limitsdfile}"
+}
+
+src_install() {
+ insinto /etc/security/limits.d/
+ doins "${S}/${limitsdfile}" || die
+}
+
+pkg_postinst() {
+ elog "We have added realtime scheduling privileges for users in the ${rtgroup} group."
+ elog "Please make sure users needing such privileges are in that group."
+}
diff --git a/sys-auth/rtkit/Manifest b/sys-auth/rtkit/Manifest
new file mode 100644
index 00000000000..fa3e050092d
--- /dev/null
+++ b/sys-auth/rtkit/Manifest
@@ -0,0 +1 @@
+DIST rtkit-0.11.tar.xz 126748 SHA256 68859108cff6410901502b58365eb7607da37110a06b837762f771735f58acd0 SHA512 4641af965dc64c0f498ae469fbee1ceb337204fa7d778fbbb41f2b5c5e88947e633c7e9ad037274fdd778c3c097a4a1dbb0b2add287d74eccbcd2d357cb2da22 WHIRLPOOL 7036f2811aeef28dd7680f24fcf16e2cf8708937d86a0dfcd1411fcae469be3fe673b12dc640f9cda9be951ab2879f2b7ec2374577e7a0b532c59d8abde176b5
diff --git a/sys-auth/rtkit/files/rtkit-0.11-controlgroup.patch b/sys-auth/rtkit/files/rtkit-0.11-controlgroup.patch
new file mode 100644
index 00000000000..7a36deeeae7
--- /dev/null
+++ b/sys-auth/rtkit/files/rtkit-0.11-controlgroup.patch
@@ -0,0 +1,14 @@
+diff --git rtkit-0.11/rtkit-daemon.service.in~ rtkit-0.11/rtkit-daemon.service.in
+index 3dfefa6..d0dc786 100644
+--- rtkit-0.11/rtkit-daemon.service.in~
++++ rtkit-0.11/rtkit-daemon.service.in
+@@ -27,9 +27,5 @@ CapabilityBoundingSet=CAP_SYS_NICE CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SYS_CH
+ PrivateTmp=yes
+ PrivateNetwork=yes
+
+-# Work around the fact that the Linux currently doesn't assign any RT
+-# budget to CPU control groups that have none configured explicitly
+-ControlGroup=cpu:/
+-
+ [Install]
+ WantedBy=graphical.target
diff --git a/sys-auth/rtkit/files/rtkit-0.11-gettime.patch b/sys-auth/rtkit/files/rtkit-0.11-gettime.patch
new file mode 100644
index 00000000000..43732081386
--- /dev/null
+++ b/sys-auth/rtkit/files/rtkit-0.11-gettime.patch
@@ -0,0 +1,21 @@
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 26 Sep 2013 19:52:58 +0000 (+0200)
+Subject: build-sys: since clock_gettime() moved to libc use mq_open to check for librt
+X-Git-Url: http://git.0pointer.de/?p=rtkit.git;a=commitdiff_plain;h=d550837387e4185ebcde1023702580e35eb441e7
+
+build-sys: since clock_gettime() moved to libc use mq_open to check for librt
+---
+
+diff --git a/configure.ac b/configure.ac
+index 5a77363..62c17f5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -111,7 +111,7 @@ CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+ CC="$PTHREAD_CC"
+
+ AC_SEARCH_LIBS([sched_setscheduler], [rt])
+-AC_SEARCH_LIBS([clock_gettime], [rt])
++AC_SEARCH_LIBS([mq_open], [rt])
+ AC_SEARCH_LIBS([cap_init], [cap])
+
+ PKG_CHECK_MODULES(DBUS, dbus-1)
diff --git a/sys-auth/rtkit/files/rtkit-0.11-polkit.patch b/sys-auth/rtkit/files/rtkit-0.11-polkit.patch
new file mode 100644
index 00000000000..ad489c46618
--- /dev/null
+++ b/sys-auth/rtkit/files/rtkit-0.11-polkit.patch
@@ -0,0 +1,36 @@
+X-Git-Url: http://git.0pointer.de/?p=rtkit.git;a=blobdiff_plain;f=rtkit-daemon.c;h=3ecc1f7840a0d9bdd3af7f08933c4a62546094eb;hp=2ebe673309315f16bc2bc2e0c51a556fb215bc51;hb=88d4082ef6caf6b071d749dca1c50e7edde914cc;hpb=e86e04865ebc1a92c8fa3007843ebcf9c8fa4c05
+
+diff --git a/rtkit-daemon.c b/rtkit-daemon.c
+index 2ebe673..3ecc1f7 100644
+--- a/rtkit-daemon.c
++++ b/rtkit-daemon.c
+@@ -1170,12 +1170,14 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
+ DBusMessage *m = NULL, *r = NULL;
+ const char *unix_process = "unix-process";
+ const char *pid = "pid";
++ const char *uid = "uid";
+ const char *start_time = "start-time";
+ const char *cancel_id = "";
+ uint32_t flags = 0;
+ uint32_t pid_u32 = p->pid;
+- uint64_t start_time_u64 = p->starttime;
++ uint32_t uid_u32 = (uint32_t)u->uid;
+ DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
++ uint64_t start_time_u64 = p->starttime;
+ int ret;
+ dbus_bool_t authorized = FALSE;
+
+@@ -1206,6 +1208,13 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
+ assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
+ assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
+
++ assert_se(dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict));
++ assert_se(dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &uid));
++ assert_se(dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant));
++ assert_se(dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &uid_u32));
++ assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
++ assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
++
+ assert_se(dbus_message_iter_close_container(&iter_struct, &iter_array));
+ assert_se(dbus_message_iter_close_container(&iter_msg, &iter_struct));
+
diff --git a/sys-auth/rtkit/metadata.xml b/sys-auth/rtkit/metadata.xml
new file mode 100644
index 00000000000..ec4b7a19ff7
--- /dev/null
+++ b/sys-auth/rtkit/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>maintainer-needed@gentoo.org</email>
+ </maintainer>
+ <longdescription lang="en">
+ RealtimeKit is a DBus service that provides applications with an interface
+ to escalate their priority to realtime, without any special setup in
+ rlimits, etc.
+ </longdescription>
+</pkgmetadata>
diff --git a/sys-auth/rtkit/rtkit-0.11-r1.ebuild b/sys-auth/rtkit/rtkit-0.11-r1.ebuild
new file mode 100644
index 00000000000..b75139a48e9
--- /dev/null
+++ b/sys-auth/rtkit/rtkit-0.11-r1.ebuild
@@ -0,0 +1,49 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils systemd user autotools
+
+DESCRIPTION="Realtime Policy and Watchdog Daemon"
+HOMEPAGE="http://0pointer.de/blog/projects/rtkit"
+SRC_URI="http://0pointer.de/public/${P}.tar.xz"
+
+LICENSE="GPL-3 BSD"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 ~sh sparc x86"
+IUSE=""
+
+RDEPEND="
+ sys-apps/dbus
+ sys-auth/polkit
+ sys-libs/libcap
+"
+DEPEND="${DEPEND}
+ app-arch/xz-utils
+"
+
+pkg_setup() {
+ enewgroup rtkit
+ enewuser rtkit -1 -1 -1 "rtkit"
+}
+
+src_prepare() {
+ # Fedora patches
+ epatch "${FILESDIR}"/${P}-polkit.patch
+ epatch "${FILESDIR}"/${P}-gettime.patch
+ epatch "${FILESDIR}"/${P}-controlgroup.patch
+ eautoreconf
+}
+
+src_configure() {
+ econf $(systemd_with_unitdir)
+}
+
+src_install() {
+ default
+
+ ./rtkit-daemon --introspect > org.freedesktop.RealtimeKit1.xml
+ insinto /usr/share/dbus-1/interfaces
+ doins org.freedesktop.RealtimeKit1.xml
+}
diff --git a/sys-auth/skey/Manifest b/sys-auth/skey/Manifest
new file mode 100644
index 00000000000..8b2acee3a75
--- /dev/null
+++ b/sys-auth/skey/Manifest
@@ -0,0 +1,3 @@
+DIST skey-1.1.5-patches-2.tar.xz 32836 SHA256 e55ea1250b2608b8f145f6de5bc62aee7ad1d98634a9a72ef8614e286d9f802c SHA512 666e44206864a195d78870365c1ce1854326b47bddbcfdb9cafc776d283a3d40cd5cb60a353f90ffb06466e473c36a4aadfbcc8fc250d8e4a2ec36daef72ee21 WHIRLPOOL 3d938ef3144316ffb793265d51ce3e1af12616c7e81536745318207d43bcef83f36c69ede37a30274cf1fb04abfcf31f0e6098fd761c84bf5ee032f5b5512540
+DIST skey-1.1.5-patches-3.tar.xz 33604 SHA256 adabe7b286f586d2cbe1a4b15f71310b7d8e25fc3187f8a89071359d7975badf SHA512 dcef6837e563ce3f68fe4eed35f16db1636e1798219dba95c86db505b5f67034b44bc6d02e0125faa95db8a5c39e9615bfed2dc3105905e576d96cf32016bc2f WHIRLPOOL bff241ecf0f59dae810db300bd858f76e18153f1958f2154c538f42040cc1040f049442d697767cfa7346996931d81370c2551d752c52810c9b18fe9e351c212
+DIST skey-1.1.5.tar.bz2 61911 SHA256 e21bcb7c618c0bc87a72d8f0f097d7517fffa4e881a0f295ee1ce2a7dccf4aef SHA512 4cbddc7e31134d5e23801a9b07de0d05c8357aaa8dddfb8426fceead3f54e539f77204f78a08b2a93890ef2f4f807a2208080f58f80818afa1b8cd4884b1fb37 WHIRLPOOL abf141fd679deeaee3f3883cd3076620c84e8775ecacc8f87d561c1812beae55299989f37ec331633bac29e25b4b8d145dc590ef119c73a137d8790815bb13f2
diff --git a/sys-auth/skey/metadata.xml b/sys-auth/skey/metadata.xml
new file mode 100644
index 00000000000..31fc6f43a7d
--- /dev/null
+++ b/sys-auth/skey/metadata.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer>
+ <email>ulm@gentoo.org</email>
+</maintainer>
+<longdescription lang="en">
+ From RFC2289:
+ One form of attack on networked computing systems is eavesdropping on
+ network connections to obtain authentication information such as the
+ login IDs and passwords of legitimate users. Once this information is
+ captured, it can be used at a later time to gain access to the system.
+ One-time password systems are designed to counter this type of attack,
+ called a "replay attack."
+
+ The authentication system described in this document uses a secret
+ pass-phrase to generate a sequence of one-time (single use) passwords.
+ With this system, the user's secret pass-phrase never needs to cross the
+ network at any time such as during authentication or during pass-phrase
+ changes. Thus, it is not vulnerable to replay attacks. Added security
+ is provided by the property that no secret information need be stored on
+ any system, including the server being protected.
+
+ The OTP system protects against external passive attacks against the
+ authentication subsystem. It does not prevent a network eavesdropper from
+ gaining access to private information and does not provide protection
+ against either "social engineering" or active attacks.
+</longdescription>
+</pkgmetadata>
diff --git a/sys-auth/skey/skey-1.1.5-r8.ebuild b/sys-auth/skey/skey-1.1.5-r8.ebuild
new file mode 100644
index 00000000000..67dfe6b79b5
--- /dev/null
+++ b/sys-auth/skey/skey-1.1.5-r8.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit flag-o-matic eutils toolchain-funcs
+
+DESCRIPTION="Linux Port of OpenBSD Single-key Password System"
+HOMEPAGE="http://www.openbsd.org/faq/faq8.html#SKey"
+SRC_URI="mirror://gentoo/${P}.tar.bz2
+ mirror://gentoo/${P}-patches-2.tar.xz"
+
+LICENSE="BSD MIT RSA BEER-WARE"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+IUSE="static-libs"
+
+DEPEND="dev-lang/perl
+ app-arch/xz-utils"
+RDEPEND="dev-lang/perl
+ sys-libs/cracklib"
+
+src_prepare() {
+ EPATCH_SUFFIX=patch epatch
+}
+
+src_configure() {
+ tc-export CC
+ econf --sysconfdir=/etc/skey
+}
+
+src_install() {
+ into /
+ dolib.so libskey.so{.${PV},.${PV%.*},.${PV%%.*},}
+
+ into /usr
+ dobin skey skeyinit skeyinfo
+ newbin skeyaudit.sh skeyaudit
+ newsbin skeyprune.pl skeyprune
+
+ dosym skey /usr/bin/otp-md4
+ dosym skey /usr/bin/otp-md5
+ dosym skey /usr/bin/otp-sha1
+
+ if use static-libs; then
+ dolib.a libskey.a
+ gen_usr_ldscript libskey.so
+ fi
+
+ doman skey.1 skeyaudit.1 skeyinfo.1 skeyinit.1 skey.3 skeyprune.8
+
+ insinto /usr/include
+ doins skey.h
+
+ keepdir /etc/skey
+
+ # only root needs to have access to these files.
+ fperms go-rx /etc/skey
+
+ # skeyinit and skeyinfo must be suid root so users
+ # can generate their passwords.
+ fperms u+s,go-r /usr/bin/skeyinit /usr/bin/skeyinfo
+
+ dodoc README CHANGES
+}
+
+pkg_postinst() {
+ # do not include /etc/skey/skeykeys in the package, as quickpkg
+ # may package sensitive information.
+ # This also fixes the etc-update issue with #64974.
+
+ # skeyinit will not function if this file is not present.
+ touch /etc/skey/skeykeys
+
+ # these permissions are applied by the skey system if missing.
+ chmod 0600 /etc/skey/skeykeys
+
+ elog "For an introduction into using s/key authentication, take"
+ elog "a look at the EXAMPLES section from the skey(1) manpage."
+}
diff --git a/sys-auth/skey/skey-1.1.5-r9.ebuild b/sys-auth/skey/skey-1.1.5-r9.ebuild
new file mode 100644
index 00000000000..d04023f3ec2
--- /dev/null
+++ b/sys-auth/skey/skey-1.1.5-r9.ebuild
@@ -0,0 +1,82 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit flag-o-matic eutils toolchain-funcs
+
+DESCRIPTION="Linux Port of OpenBSD Single-key Password System"
+HOMEPAGE="http://www.openbsd.org/faq/faq8.html#SKey"
+SRC_URI="mirror://gentoo/${P}.tar.bz2
+ http://dev.gentoo.org/~ulm/distfiles/${P}-patches-3.tar.xz"
+
+LICENSE="BSD MIT RSA BEER-WARE"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="static-libs"
+
+DEPEND="dev-lang/perl
+ app-arch/xz-utils"
+RDEPEND="dev-lang/perl
+ virtual/perl-Time-Local
+ sys-libs/cracklib"
+
+src_prepare() {
+ EPATCH_SUFFIX=patch epatch
+}
+
+src_configure() {
+ tc-export CC
+ econf --sysconfdir=/etc/skey
+}
+
+src_install() {
+ into /
+ dolib.so libskey.so{.${PV},.${PV%.*},.${PV%%.*},}
+
+ into /usr
+ dobin skey skeyinit skeyinfo
+ newbin skeyaudit.sh skeyaudit
+ newsbin skeyprune.pl skeyprune
+
+ dosym skey /usr/bin/otp-md4
+ dosym skey /usr/bin/otp-md5
+ dosym skey /usr/bin/otp-sha1
+
+ if use static-libs; then
+ dolib.a libskey.a
+ gen_usr_ldscript libskey.so
+ fi
+
+ doman skey.1 skeyaudit.1 skeyinfo.1 skeyinit.1 skey.3 skeyprune.8
+
+ insinto /usr/include
+ doins skey.h
+
+ keepdir /etc/skey
+
+ # only root needs to have access to these files.
+ fperms go-rx /etc/skey
+
+ # skeyinit and skeyinfo must be suid root so users
+ # can generate their passwords.
+ fperms u+s,go-r /usr/bin/skeyinit /usr/bin/skeyinfo
+
+ dodoc README CHANGES
+}
+
+pkg_postinst() {
+ # do not include /etc/skey/skeykeys in the package, as quickpkg
+ # may package sensitive information.
+ # This also fixes the etc-update issue with #64974.
+
+ # skeyinit will not function if this file is not present.
+ touch /etc/skey/skeykeys
+
+ # these permissions are applied by the skey system if missing.
+ chmod 0600 /etc/skey/skeykeys
+
+ elog "For an introduction into using s/key authentication, take"
+ elog "a look at the EXAMPLES section from the skey(1) manpage."
+}
diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest
new file mode 100644
index 00000000000..758c1b1ed43
--- /dev/null
+++ b/sys-auth/sssd/Manifest
@@ -0,0 +1,6 @@
+DIST sssd-1.12.1.tar.gz 4088341 SHA256 18b2d7e93e77435708feaf3ff65656f89e5a531ae6d48c4bff98168f171ba8ff SHA512 9514586eb51ac7e8d9639f2aba52cfd5cf71c442ee0a6c652e7838a96cf0fcb62ce4ffa9f9b956d984cd5ecfb3d13b8c21a66677e1e3e9e76f13202792ee2a7e WHIRLPOOL 73b34d373b3b557dc1a075eef94c69ff12051ffef04cd607e81bd84366ca233b67a1b815b02f6aa80d14fbc0453cbe301cdee75e4cc1e218aef8160b2a875e8e
+DIST sssd-1.12.4.tar.gz 4226841 SHA256 ea3be3a40b20284bd3126481dd0747cd07e39d5ef7ef7026d4902d96fc3e9edf SHA512 817141378d4c535ee1018c4246c77a61b963ab10c026e6983e1be90860fa68698dd60cd27ab7ac77da096057f8c71cba90387cf3329e9d43e98a23163f8bb233 WHIRLPOOL 7ee273fcb2e2311f9239face618be1d2eb88c4b6df177ce61854e3465fe6e484753b55a7e864f3b6e4beb2ebea43ae348a06d3ea29eb2560a2ebe3c8a8d0ffed
+DIST sssd-1.12.5.tar.gz 4300869 SHA256 243d8db7c72ecb21aa9db8a09fe9f9b10049dbdb35a1cc2f55e214f21e3ce256 SHA512 573947c58dc53b92b6b60390375a70f3842e0bfd22c696e60dd84b8dd671bc508f30f3a0952135b0c6a1e555d43493f59ce60f780a5130696cada06cc467fa6c WHIRLPOOL 6614d32f0808b97e55b33f996e12207b4960b6f694a7321235e26b7760aa84acad7dd68c2019857ce08d32585f9157e28d2a4be6f944f1eeaaf2f6b84c807638
+DIST sssd-1.13.0.tar.gz 4417697 SHA256 bd1dd95165bca02a08fbd0ea8ac6aa296bc339798d6c6566aee823c536718a5a SHA512 c11303557180d6491933f5732ed831d1725d33e7444d92d5a20ba24a35d77845711d8427d869fe526fbdea482944269469f5bbbb779e3006998fbe09403ebf7f WHIRLPOOL 0ef934e4e22d1c5a8d1e5f649de29e162717e421a341839cecc9ac089d022a30f843463966dc572619b959fd4e850d651bf372e2d511dba24994f790f1006a55
+DIST sssd-1.9.6.tar.gz 3180066 SHA256 ca96e8d98eb4113396b13d9601dbdd20f4b2f2613d0f29a0157ffd05e3748601 SHA512 32d6056db1a17fe348f0b932d4242ce3b3dc615d4d93ebf580f5f9a3e16985324d9955e092803cf9a2bf35724feab0450737f516e9ce003f6812a0debf54ba15 WHIRLPOOL e496d63a042b39dd5d269a7d24b9a535c73a47741a4429e78e2a9d1282515747a83251338d6c94d75b2de06a415bfed18f7223864b1b4e9a824a25d41afa6a59
+DIST sssd-1.9.7.tar.gz 3485351 SHA256 ed2b7e9835143404cbc0e3e105607b7c554f568e4af024b5db0f10ca4f809c7e SHA512 1c73078f2127c1359c13601900e39dcb7527c5ca1346dfbb2fdcf07d98d3542f7b79aed8acc9dd289ab1a679f0b5477e08a9f1d58da4847ada53bdb4f3f606e2 WHIRLPOOL 691164b8edbcdc5acba024a00ead18e1769175cf6f9c3e49f065d31c84b55b315e569fbf04a841c9cd67ce76531f26875a97e0c553b462aecee29aa9428493be
diff --git a/sys-auth/sssd/files/0001_add_pthread_to_fix_as-needed.patch b/sys-auth/sssd/files/0001_add_pthread_to_fix_as-needed.patch
new file mode 100644
index 00000000000..00769a00597
--- /dev/null
+++ b/sys-auth/sssd/files/0001_add_pthread_to_fix_as-needed.patch
@@ -0,0 +1,36 @@
+diff --git a/Makefile.am b/Makefile.am
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -313,7 +313,8 @@
+ $(DHASH_LIBS) \
+ $(SSS_CRYPT_LIBS) \
+ $(OPENLDAP_LIBS) \
+- $(TDB_LIBS)
++ $(TDB_LIBS) \
++ -lpthread
+
+ PYTHON_BINDINGS_LIBS = \
+ $(TALLOC_LIBS) \
+@@ -338,7 +339,8 @@
+ $(COLLECTION_LIBS) \
+ $(DHASH_LIBS) \
+ $(OPENLDAP_LIBS) \
+- $(TDB_LIBS)
++ $(TDB_LIBS) \
++ -lpthread
+
+ if BUILD_SELINUX
+ PYTHON_BINDINGS_LIBS += $(SELINUX_LIBS)
+diff --git a/configure.ac b/configure.ac
+--- a/configure.ac
++++ b/configure.ac
+@@ -18,7 +18,8 @@
+ AM_PROG_CC_C_O
+ AC_DISABLE_STATIC
+ AC_PROG_INSTALL
+-AC_PROG_LIBTOOL
++LT_INIT
++AM_PROG_AR
+ AC_CONFIG_MACRO_DIR([m4])
+ AM_GNU_GETTEXT([external])
+ AM_GNU_GETTEXT_VERSION([0.14])
diff --git a/sys-auth/sssd/files/0002_allow_xdm_openrc.patch b/sys-auth/sssd/files/0002_allow_xdm_openrc.patch
new file mode 100644
index 00000000000..40d64cbf41f
--- /dev/null
+++ b/sys-auth/sssd/files/0002_allow_xdm_openrc.patch
@@ -0,0 +1,19 @@
+--- src/sysv/gentoo/sssd.old 2011-08-02 23:14:48.000000000 +0300
++++ src/sysv/gentoo/sssd 2011-08-24 12:15:18.413929409 +0300
+@@ -1,13 +1,13 @@
+ #!/sbin/runscript
+
+ depend(){
+- need localmount netmount clock
+- use syslog
++ need localmount netmount clock nscd
++ use syslog xdm
+ }
+
+ start(){
+ ebegin "Starting sssd"
+- start-stop-daemon --start --exec /usr/sbin/sssd -- -D
++ start-stop-daemon --start --exec /usr/sbin/sssd -- -Df
+ eend ${?}
+ }
+
diff --git a/sys-auth/sssd/files/0003_new_krb5.patch b/sys-auth/sssd/files/0003_new_krb5.patch
new file mode 100644
index 00000000000..03a7c744f2a
--- /dev/null
+++ b/sys-auth/sssd/files/0003_new_krb5.patch
@@ -0,0 +1,46 @@
+From 4e78fab6a1b2e9653a7959cbdb7d54bb750041d0 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Mon, 04 Feb 2013 16:30:48 +0000
+Subject: krb5: include backwards compatible declaration of krb5_trace_info
+
+krb5-1.10 used to include "struct krb5_trace_info", now krb5-1.11
+includes a "krb5_trace_info" typedefed from "struct _krb5_trace_info".
+
+Do the same in the SSSD to allow compiling with both 1.10 and 1.11.
+---
+diff --git a/src/external/krb5.m4 b/src/external/krb5.m4
+index 5bc8711..f1679a1 100644
+--- a/src/external/krb5.m4
++++ b/src/external/krb5.m4
+@@ -37,7 +37,7 @@ SAVE_LIBS=$LIBS
+ CFLAGS="$CFLAGS $KRB5_CFLAGS"
+ LIBS="$LIBS $KRB5_LIBS"
+ AC_CHECK_HEADERS([krb5.h krb5/krb5.h])
+-AC_CHECK_TYPES([krb5_ticket_times, krb5_times], [], [],
++AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [],
+ [ #ifdef HAVE_KRB5_KRB5_H
+ #include <krb5/krb5.h>
+ #else
+diff