sys-auth/pambase-20150213-r1.ebuild : Enable elogind as a third session tracker.

6 files changed, 242 insertions, 0 deletions

diff --git a/sys-auth/pambase/Manifest b/sys-auth/pambase/Manifest
new file mode 100644
index 0000000..42bbc4d
--- /dev/null
+++ b/sys-auth/pambase/Manifest
@@ -0,0 +1,6 @@
+AUX pambase-20150213-elogind-auth.patch 282 SHA256 6b410f8a5ae4aca218a3c93a47d930f2770dae9e58c74528c60fad15c01f2cce SHA512 276465bd74a14835078fdae0247a1b8e78fb54177a1d4e3d0b7e3f42943f5d098abc77f015b8ea8b936391ccffba9376f315e13591be9aa8c9440e4e39f2988d WHIRLPOOL 28be6231fd09ec757556cf5d30a2320ffb929b9386c747b99c978706f8950fae5817c349512a0ebe0cfa2f3b29bc318b5c5b504bdb66be319ccaa9064da8f748
+AUX pambase-20150213-elogind.patch 298 SHA256 31ea9a3698e14f2312fbc2ff2f947318276cd9e086e76e50921ba74c4be6b580 SHA512 b264e48710b8ff663761b2a377aa042a39a8fee0b1838d2f82593ae26ada03103677ecfa04e979c3648a4e3665c040614151c77a12f8b71523d3d529485f3571 WHIRLPOOL 032502f08810facf29766770d1f94da0e09a66a142540023435af1b88ccc86b9a7df9ad79cdf86b507ebdcd939bb17bdcded7969d5cad906091606b6a7d7e8c0
+AUX pambase-20150213-selinux-note.patch 437 SHA256 cf57322ea3d0d61e977b2df85b3810f7ea6a401da57944be3a75839be374bd0f SHA512 ffdcb63f16b2511cf897294ab00701a19e77809eac307600593eb95bb2ddbaea9f2316b860dd81d243ecf0090776ea9722d7e397838d1eeffe77eeae287a6b2c WHIRLPOOL 7958492b9781011fafc429011540bbb721421266657f9e96e472ce9e050e72ddcedda96ee6bf64d29a78f8809e45f9e2dd5de3177d733b763da72f1d4a880afc
+DIST pambase-20150213.tar.xz 3480 SHA256 cf1ea75e29c33bfddbc6f8519b860a6f0710345e936966014f59fe3e93ab7f44 SHA512 3b49dd3f06a0942fcced95527f62cbc4ff723c48dc896a0b57ecd19736d2892db974c782be3fe24e8e6e17294869a772ae9ee6118af96dfdc7a3a6561dc3f3e5 WHIRLPOOL 493084f04032b93d8021e84bdbcf6c339ec6c928b468aa59556f3d3d10403e4557316d516ea303d66422df13150c7c19761d9979aba32e5e4c9fe7e198c733a2
+EBUILD pambase-20150213-r1.ebuild 3182 SHA256 8cd6b4226617429f6ca0131c523a331a889dfd6e0542f1454c16088c19a5b0ea SHA512 bfa764a2e775d3d3353cfe3b519527a38df72c9cb1f2c0c717f44da7fde378750506af1e7260eaee6e0a5dbc67c2b9d7adc3b95d8c4b61655b66cc0a8dd8e001 WHIRLPOOL fd5dd8ce904b132ec33ac868d37313439d6d87bc33af713239dc2eb3c00bc5e89bbc04a32eeba34666b7cc329d1c5e3e70dac542ef64283e49fec0d01d13d345
+MISC metadata.xml 4190 SHA256 d73f33bd9d1fe063ab78cb46563e6f9cfc8b8a1daa22000f8a744b071e80dcaf SHA512 3e10bb1d07ec5c5e845933b386304ede49f5a4af138b1d0fe477ae6160677882f6e75e09cdfce0530fe2bc3138498165f51abfc27471883dfece6df8a441ffd2 WHIRLPOOL a92bd5e201246be62158bb4fab9b8059e4e26d5e83854ec637ccea56d732f366df1ec60f5c0565be96bdef423a66772a621d46c5fa11928489f20a27573577f3
diff --git a/sys-auth/pambase/files/pambase-20150213-elogind-auth.patch b/sys-auth/pambase/files/pambase-20150213-elogind-auth.patch
new file mode 100644
index 0000000..37398f3
--- /dev/null
+++ b/sys-auth/pambase/files/pambase-20150213-elogind-auth.patch
@@ -0,0 +1,10 @@
+--- a/system-auth.in	2015-02-14 04:57:45.000000000 +0100
++++ b/system-auth.in	2016-11-01 04:56:24.476020238 +0100
+@@ -39,3 +39,7 @@
+ #if HAVE_SYSTEMD
+ -session        optional        pam_systemd.so
+ #endif
++
++#if HAVE_ELOGIND
++-session        optional        pam_elogind.so
++#endif
diff --git a/sys-auth/pambase/files/pambase-20150213-elogind.patch b/sys-auth/pambase/files/pambase-20150213-elogind.patch
new file mode 100644
index 0000000..b83262f
--- /dev/null
+++ b/sys-auth/pambase/files/pambase-20150213-elogind.patch
@@ -0,0 +1,13 @@
+--- a/Makefile	2015-02-14 04:57:45.000000000 +0100
++++ b/Makefile	2016-11-01 04:52:29.417015657 +0100
+@@ -32,6 +32,10 @@
+ PAMFLAGS += -DHAVE_SYSTEMD=1
+ endif
+ 
++ifeq "$(ELOGIND)" "yes"
++PAMFLAGS += -DHAVE_ELOGIND=1
++endif
++
+ ifeq "$(GNOME_KEYRING)" "yes"
+ PAMFLAGS += -DHAVE_GNOME_KEYRING=1
+ endif
diff --git a/sys-auth/pambase/files/pambase-20150213-selinux-note.patch b/sys-auth/pambase/files/pambase-20150213-selinux-note.patch
new file mode 100644
index 0000000..1cb018f
--- /dev/null
+++ b/sys-auth/pambase/files/pambase-20150213-selinux-note.patch
@@ -0,0 +1,11 @@
+--- system-login.in.orig	2015-04-17 16:58:02.247000000 +0200
++++ system-login.in	2015-04-17 16:58:07.684000000 +0200
+@@ -48,7 +48,7 @@
+ session		optional	pam_ck_connector.so nox11
+ #endif
+ #if HAVE_SELINUX
+-# Note: modules that run in the user's context must come after this line.
++ # Note: modules that run in the user's context must come after this line.
+ session		required	pam_selinux.so multiple open
+ #endif
+ #if HAVE_GNOME_KEYRING
diff --git a/sys-auth/pambase/metadata.xml b/sys-auth/pambase/metadata.xml
new file mode 100644
index 0000000..2d8727d
--- /dev/null
+++ b/sys-auth/pambase/metadata.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <maintainer type="project">
+    <email>pam-bugs@gentoo.org</email>
+  </maintainer>
+  <use>
+    <flag name="cracklib">
+      Enable pam_cracklib module on system authentication stack. This
+      produces warnings when changing password to something easily
+      crackable. It requires the same USE flag to be enabled on
+      <pkg>sys-libs/pam</pkg> or system login might be impossible.
+    </flag>
+    <flag name="consolekit">
+      Enable pam_ck_connector module on local system logins. This
+      allows for console logins to make use of ConsoleKit
+      authorization.
+    </flag>
+    <flag name="systemd">
+      Use pam_systemd module to register user sessions in the systemd
+      control group hierarchy.
+    </flag>
+    <flag name="gnome-keyring">
+      Enable pam_gnome_keyring module on system login stack. This
+      enables proper Gnome Keyring access to logins, whether they are
+      done with the login shell, a Desktop Manager or a remote login
+      systems such as SSH.
+    </flag>
+    <flag name="debug">
+      Enable debug information logging on syslog(3) for all the
+      modules supporting this in the system authentication and system
+      login stacks.
+    </flag>
+    <flag name="passwdqc">
+      Enable pam_passwdqc module on system auth stack for password
+      quality validation. This is an alternative to pam_cracklib
+      producing warnings, rejecting or providing example passwords
+      when changing your system password. It is used by default by
+      OpenWall GNU/*/Linux and by FreeBSD.
+    </flag>
+    <flag name="mktemp">
+      Enable pam_mktemp module on system auth stack for session
+      handling. This module creates a private temporary directory for
+      the user, and sets TMP and TMPDIR accordingly.
+    </flag>
+    <flag name="pam_ssh">
+      Enable pam_ssh module on system auth stack for authentication
+      and session handling. This module will accept as password the
+      passphrase of a private SSH key (one of ~/.ssh/id_rsa,
+      ~/.ssh/id_dsa or ~/.ssh/identity), and will spawn an ssh-agent
+      instance to cache the open key.
+    </flag>
+    <flag name="sha512">
+      Switch Linux-PAM's pam_unix module to use sha512 for passwords
+      hashes rather than MD5. This option requires
+      <pkg>sys-libs/pam</pkg> version 1.0.1 built against
+      <pkg>sys-libs/glibc</pkg> version 2.7, if it's built against an
+      earlier version, it will silently be ignored, and MD5 hashes
+      will be used. All the passwords changed after this USE flag is
+      enabled will be saved to the shadow file hashed using SHA512
+      function. The password previously saved will be left
+      untouched. Please note that while SHA512-hashed passwords will
+      still be recognised if the USE flag is removed, the shadow file
+      will not be compatible with systems using an earlier glibc
+      version.
+    </flag>
+    <flag name="pam_krb5">
+      Enable pam_krb5 module on system auth stack, as an alternative
+      to pam_unix. If Kerberos authentication succeed, only pam_unix
+      will be ignore, and all the other modules will proceed as usual,
+      including Gnome Keyring and other session modules. It requires
+      <pkg>sys-libs/pam</pkg> as PAM implementation.
+    </flag>
+    <flag name="minimal">
+      Disables the standard PAM modules that provide extra information
+      to users on login; this includes pam_tally (and pam_tally2 for
+      Linux PAM 1.1 and later), pam_lastlog, pam_motd and other
+      similar modules. This might not be a good idea on a multi-user
+      system but could reduce slightly the overhead on single-user
+      non-networked systems.
+    </flag>
+    <flag name="nullok">
+      Enable the nullok option with the pam_unix module. This allows
+      people to login with blank passwords.
+    </flag>
+    <flag name="securetty">
+      Enable pam_securetty module in the login stack. Not generally
+      relevant anymore as the login stack only refers to local logins
+      and local terminals imply secure access in the first place.
+    </flag>
+  </use>
+</pkgmetadata>
diff --git a/sys-auth/pambase/pambase-20150213-r1.ebuild b/sys-auth/pambase/pambase-20150213-r1.ebuild
new file mode 100644
index 0000000..5186e4f
--- /dev/null
+++ b/sys-auth/pambase/pambase-20150213-r1.ebuild
@@ -0,0 +1,110 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils
+
+DESCRIPTION="PAM base configuration files"
+HOMEPAGE="https://www.gentoo.org/proj/en/base/pam/"
+SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 -sparc-fbsd -x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="consolekit cracklib debug elogind gnome-keyring minimal mktemp +nullok pam_krb5 pam_ssh passwdqc securetty selinux +sha512 systemd"
+
+RESTRICT=binchecks
+
+MIN_PAM_REQ=1.1.3
+
+RDEPEND="
+	|| (
+		>=sys-libs/pam-${MIN_PAM_REQ}
+		( sys-auth/openpam || ( sys-freebsd/freebsd-pam-modules sys-netbsd/netbsd-pam-modules ) )
+	)
+	consolekit? ( >=sys-auth/consolekit-0.4.6[pam] )
+	cracklib? ( sys-libs/pam[cracklib] )
+	elogind? ( sys-auth/elogind[pam] )
+	gnome-keyring? ( >=gnome-base/gnome-keyring-2.32[pam] )
+	mktemp? ( sys-auth/pam_mktemp )
+	pam_krb5? (
+		|| ( >=sys-libs/pam-${MIN_PAM_REQ} sys-auth/openpam )
+		>=sys-auth/pam_krb5-4.3
+	)
+	pam_ssh? ( sys-auth/pam_ssh )
+	passwdqc? ( >=sys-auth/pam_passwdqc-1.0.4 )
+	selinux? ( sys-libs/pam[selinux] )
+	sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
+	systemd? ( >=sys-apps/systemd-204[pam] )
+	!<sys-apps/shadow-4.1.5-r1
+	!<sys-freebsd/freebsd-pam-modules-6.2-r1
+	!<sys-libs/pam-0.99.9.0-r1"
+DEPEND="app-portage/portage-utils
+	app-arch/xz-utils"
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-selinux-note.patch #540096
+	epatch "${FILESDIR}"/${P}-elogind.patch
+	epatch "${FILESDIR}"/${P}-elogind-auth.patch
+}
+
+src_compile() {
+	local implementation linux_pam_version
+	if has_version sys-libs/pam; then
+		implementation=linux-pam
+		local ver_str=$(qatom $(best_version sys-libs/pam) | cut -d ' ' -f 3)
+		linux_pam_version=$(printf "0x%02x%02x%02x" ${ver_str//\./ })
+	elif has_version sys-auth/openpam; then
+		implementation=openpam
+	else
+		die "PAM implementation not identified"
+	fi
+
+	use_var() {
+		local varname=$(echo "$1" | tr '[:lower:]' '[:upper:]')
+		local usename=${2-$(echo "$1" | tr '[:upper:]' '[:lower:]')}
+		local varvalue=$(usex ${usename})
+		echo "${varname}=${varvalue}"
+	}
+
+	emake \
+		GIT=true \
+		$(use_var debug) \
+		$(use_var cracklib) \
+		$(use_var passwdqc) \
+		$(use_var consolekit) \
+		$(use_var elogind) \
+		$(use_var systemd) \
+		$(use_var GNOME_KEYRING gnome-keyring) \
+		$(use_var selinux) \
+		$(use_var nullok) \
+		$(use_var mktemp) \
+		$(use_var pam_ssh) \
+		$(use_var securetty) \
+		$(use_var sha512) \
+		$(use_var KRB5 pam_krb5) \
+		$(use_var minimal) \
+		IMPLEMENTATION=${implementation} \
+		LINUX_PAM_VERSION=${linux_pam_version}
+}
+
+src_test() { :; }
+
+src_install() {
+	emake GIT=true DESTDIR="${ED}" install
+}
+
+pkg_postinst() {
+	local stcnt=0
+
+	if use consolekit; then stcnt=$((stcnt+1)); fi
+	if use elogind;    then stcnt=$((stcnt+1)); fi
+	if use systemd;    then stcnt=$((stcnt+1)); fi
+
+	if [ $stcnt -gt 1 ] ; then
+		ewarn "You are enabling $stcnt session trackers at the same time."
+		ewarn "This is not a recommended setup to have. Please consider enabling"
+		ewarn "only one of USE=\"consolekit\", USE=\"elogind\" or USE=\"systemd\"."
+	fi
+}