diff options
author | Sven Eden <sven.eden@gmx.de> | 2016-11-01 05:29:24 +0100 |
---|---|---|
committer | Sven Eden <sven.eden@gmx.de> | 2016-11-01 05:29:24 +0100 |
commit | 322feacd7cef18527b4799b0d4b48e256db68f48 (patch) | |
tree | 5c0b04a11241c152b65f32fc98823dc12a0eab6b | |
parent | lxqt-meta-0.11.0-r1 : Accept elogind as an alternative for consolekit or systemd (diff) | |
download | seden-322feacd7cef18527b4799b0d4b48e256db68f48.tar.gz seden-322feacd7cef18527b4799b0d4b48e256db68f48.tar.bz2 seden-322feacd7cef18527b4799b0d4b48e256db68f48.zip |
sys-auth/pambase-20150213-r1.ebuild : Enable elogind as a third session tracker.
-rw-r--r-- | sys-auth/pambase/Manifest | 6 | ||||
-rw-r--r-- | sys-auth/pambase/files/pambase-20150213-elogind-auth.patch | 10 | ||||
-rw-r--r-- | sys-auth/pambase/files/pambase-20150213-elogind.patch | 13 | ||||
-rw-r--r-- | sys-auth/pambase/files/pambase-20150213-selinux-note.patch | 11 | ||||
-rw-r--r-- | sys-auth/pambase/metadata.xml | 92 | ||||
-rw-r--r-- | sys-auth/pambase/pambase-20150213-r1.ebuild | 110 |
6 files changed, 242 insertions, 0 deletions
diff --git a/sys-auth/pambase/Manifest b/sys-auth/pambase/Manifest new file mode 100644 index 0000000..42bbc4d --- /dev/null +++ b/sys-auth/pambase/Manifest @@ -0,0 +1,6 @@ +AUX pambase-20150213-elogind-auth.patch 282 SHA256 6b410f8a5ae4aca218a3c93a47d930f2770dae9e58c74528c60fad15c01f2cce SHA512 276465bd74a14835078fdae0247a1b8e78fb54177a1d4e3d0b7e3f42943f5d098abc77f015b8ea8b936391ccffba9376f315e13591be9aa8c9440e4e39f2988d WHIRLPOOL 28be6231fd09ec757556cf5d30a2320ffb929b9386c747b99c978706f8950fae5817c349512a0ebe0cfa2f3b29bc318b5c5b504bdb66be319ccaa9064da8f748 +AUX pambase-20150213-elogind.patch 298 SHA256 31ea9a3698e14f2312fbc2ff2f947318276cd9e086e76e50921ba74c4be6b580 SHA512 b264e48710b8ff663761b2a377aa042a39a8fee0b1838d2f82593ae26ada03103677ecfa04e979c3648a4e3665c040614151c77a12f8b71523d3d529485f3571 WHIRLPOOL 032502f08810facf29766770d1f94da0e09a66a142540023435af1b88ccc86b9a7df9ad79cdf86b507ebdcd939bb17bdcded7969d5cad906091606b6a7d7e8c0 +AUX pambase-20150213-selinux-note.patch 437 SHA256 cf57322ea3d0d61e977b2df85b3810f7ea6a401da57944be3a75839be374bd0f SHA512 ffdcb63f16b2511cf897294ab00701a19e77809eac307600593eb95bb2ddbaea9f2316b860dd81d243ecf0090776ea9722d7e397838d1eeffe77eeae287a6b2c WHIRLPOOL 7958492b9781011fafc429011540bbb721421266657f9e96e472ce9e050e72ddcedda96ee6bf64d29a78f8809e45f9e2dd5de3177d733b763da72f1d4a880afc +DIST pambase-20150213.tar.xz 3480 SHA256 cf1ea75e29c33bfddbc6f8519b860a6f0710345e936966014f59fe3e93ab7f44 SHA512 3b49dd3f06a0942fcced95527f62cbc4ff723c48dc896a0b57ecd19736d2892db974c782be3fe24e8e6e17294869a772ae9ee6118af96dfdc7a3a6561dc3f3e5 WHIRLPOOL 493084f04032b93d8021e84bdbcf6c339ec6c928b468aa59556f3d3d10403e4557316d516ea303d66422df13150c7c19761d9979aba32e5e4c9fe7e198c733a2 +EBUILD pambase-20150213-r1.ebuild 3182 SHA256 8cd6b4226617429f6ca0131c523a331a889dfd6e0542f1454c16088c19a5b0ea SHA512 bfa764a2e775d3d3353cfe3b519527a38df72c9cb1f2c0c717f44da7fde378750506af1e7260eaee6e0a5dbc67c2b9d7adc3b95d8c4b61655b66cc0a8dd8e001 WHIRLPOOL fd5dd8ce904b132ec33ac868d37313439d6d87bc33af713239dc2eb3c00bc5e89bbc04a32eeba34666b7cc329d1c5e3e70dac542ef64283e49fec0d01d13d345 +MISC metadata.xml 4190 SHA256 d73f33bd9d1fe063ab78cb46563e6f9cfc8b8a1daa22000f8a744b071e80dcaf SHA512 3e10bb1d07ec5c5e845933b386304ede49f5a4af138b1d0fe477ae6160677882f6e75e09cdfce0530fe2bc3138498165f51abfc27471883dfece6df8a441ffd2 WHIRLPOOL a92bd5e201246be62158bb4fab9b8059e4e26d5e83854ec637ccea56d732f366df1ec60f5c0565be96bdef423a66772a621d46c5fa11928489f20a27573577f3 diff --git a/sys-auth/pambase/files/pambase-20150213-elogind-auth.patch b/sys-auth/pambase/files/pambase-20150213-elogind-auth.patch new file mode 100644 index 0000000..37398f3 --- /dev/null +++ b/sys-auth/pambase/files/pambase-20150213-elogind-auth.patch @@ -0,0 +1,10 @@ +--- a/system-auth.in 2015-02-14 04:57:45.000000000 +0100 ++++ b/system-auth.in 2016-11-01 04:56:24.476020238 +0100 +@@ -39,3 +39,7 @@ + #if HAVE_SYSTEMD + -session optional pam_systemd.so + #endif ++ ++#if HAVE_ELOGIND ++-session optional pam_elogind.so ++#endif diff --git a/sys-auth/pambase/files/pambase-20150213-elogind.patch b/sys-auth/pambase/files/pambase-20150213-elogind.patch new file mode 100644 index 0000000..b83262f --- /dev/null +++ b/sys-auth/pambase/files/pambase-20150213-elogind.patch @@ -0,0 +1,13 @@ +--- a/Makefile 2015-02-14 04:57:45.000000000 +0100 ++++ b/Makefile 2016-11-01 04:52:29.417015657 +0100 +@@ -32,6 +32,10 @@ + PAMFLAGS += -DHAVE_SYSTEMD=1 + endif + ++ifeq "$(ELOGIND)" "yes" ++PAMFLAGS += -DHAVE_ELOGIND=1 ++endif ++ + ifeq "$(GNOME_KEYRING)" "yes" + PAMFLAGS += -DHAVE_GNOME_KEYRING=1 + endif diff --git a/sys-auth/pambase/files/pambase-20150213-selinux-note.patch b/sys-auth/pambase/files/pambase-20150213-selinux-note.patch new file mode 100644 index 0000000..1cb018f --- /dev/null +++ b/sys-auth/pambase/files/pambase-20150213-selinux-note.patch @@ -0,0 +1,11 @@ +--- system-login.in.orig 2015-04-17 16:58:02.247000000 +0200 ++++ system-login.in 2015-04-17 16:58:07.684000000 +0200 +@@ -48,7 +48,7 @@ + session optional pam_ck_connector.so nox11 + #endif + #if HAVE_SELINUX +-# Note: modules that run in the user's context must come after this line. ++ # Note: modules that run in the user's context must come after this line. + session required pam_selinux.so multiple open + #endif + #if HAVE_GNOME_KEYRING diff --git a/sys-auth/pambase/metadata.xml b/sys-auth/pambase/metadata.xml new file mode 100644 index 0000000..2d8727d --- /dev/null +++ b/sys-auth/pambase/metadata.xml @@ -0,0 +1,92 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>pam-bugs@gentoo.org</email> + </maintainer> + <use> + <flag name="cracklib"> + Enable pam_cracklib module on system authentication stack. This + produces warnings when changing password to something easily + crackable. It requires the same USE flag to be enabled on + <pkg>sys-libs/pam</pkg> or system login might be impossible. + </flag> + <flag name="consolekit"> + Enable pam_ck_connector module on local system logins. This + allows for console logins to make use of ConsoleKit + authorization. + </flag> + <flag name="systemd"> + Use pam_systemd module to register user sessions in the systemd + control group hierarchy. + </flag> + <flag name="gnome-keyring"> + Enable pam_gnome_keyring module on system login stack. This + enables proper Gnome Keyring access to logins, whether they are + done with the login shell, a Desktop Manager or a remote login + systems such as SSH. + </flag> + <flag name="debug"> + Enable debug information logging on syslog(3) for all the + modules supporting this in the system authentication and system + login stacks. + </flag> + <flag name="passwdqc"> + Enable pam_passwdqc module on system auth stack for password + quality validation. This is an alternative to pam_cracklib + producing warnings, rejecting or providing example passwords + when changing your system password. It is used by default by + OpenWall GNU/*/Linux and by FreeBSD. + </flag> + <flag name="mktemp"> + Enable pam_mktemp module on system auth stack for session + handling. This module creates a private temporary directory for + the user, and sets TMP and TMPDIR accordingly. + </flag> + <flag name="pam_ssh"> + Enable pam_ssh module on system auth stack for authentication + and session handling. This module will accept as password the + passphrase of a private SSH key (one of ~/.ssh/id_rsa, + ~/.ssh/id_dsa or ~/.ssh/identity), and will spawn an ssh-agent + instance to cache the open key. + </flag> + <flag name="sha512"> + Switch Linux-PAM's pam_unix module to use sha512 for passwords + hashes rather than MD5. This option requires + <pkg>sys-libs/pam</pkg> version 1.0.1 built against + <pkg>sys-libs/glibc</pkg> version 2.7, if it's built against an + earlier version, it will silently be ignored, and MD5 hashes + will be used. All the passwords changed after this USE flag is + enabled will be saved to the shadow file hashed using SHA512 + function. The password previously saved will be left + untouched. Please note that while SHA512-hashed passwords will + still be recognised if the USE flag is removed, the shadow file + will not be compatible with systems using an earlier glibc + version. + </flag> + <flag name="pam_krb5"> + Enable pam_krb5 module on system auth stack, as an alternative + to pam_unix. If Kerberos authentication succeed, only pam_unix + will be ignore, and all the other modules will proceed as usual, + including Gnome Keyring and other session modules. It requires + <pkg>sys-libs/pam</pkg> as PAM implementation. + </flag> + <flag name="minimal"> + Disables the standard PAM modules that provide extra information + to users on login; this includes pam_tally (and pam_tally2 for + Linux PAM 1.1 and later), pam_lastlog, pam_motd and other + similar modules. This might not be a good idea on a multi-user + system but could reduce slightly the overhead on single-user + non-networked systems. + </flag> + <flag name="nullok"> + Enable the nullok option with the pam_unix module. This allows + people to login with blank passwords. + </flag> + <flag name="securetty"> + Enable pam_securetty module in the login stack. Not generally + relevant anymore as the login stack only refers to local logins + and local terminals imply secure access in the first place. + </flag> + </use> +</pkgmetadata> diff --git a/sys-auth/pambase/pambase-20150213-r1.ebuild b/sys-auth/pambase/pambase-20150213-r1.ebuild new file mode 100644 index 0000000..5186e4f --- /dev/null +++ b/sys-auth/pambase/pambase-20150213-r1.ebuild @@ -0,0 +1,110 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit eutils + +DESCRIPTION="PAM base configuration files" +HOMEPAGE="https://www.gentoo.org/proj/en/base/pam/" +SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 -sparc-fbsd -x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux" +IUSE="consolekit cracklib debug elogind gnome-keyring minimal mktemp +nullok pam_krb5 pam_ssh passwdqc securetty selinux +sha512 systemd" + +RESTRICT=binchecks + +MIN_PAM_REQ=1.1.3 + +RDEPEND=" + || ( + >=sys-libs/pam-${MIN_PAM_REQ} + ( sys-auth/openpam || ( sys-freebsd/freebsd-pam-modules sys-netbsd/netbsd-pam-modules ) ) + ) + consolekit? ( >=sys-auth/consolekit-0.4.6[pam] ) + cracklib? ( sys-libs/pam[cracklib] ) + elogind? ( sys-auth/elogind[pam] ) + gnome-keyring? ( >=gnome-base/gnome-keyring-2.32[pam] ) + mktemp? ( sys-auth/pam_mktemp ) + pam_krb5? ( + || ( >=sys-libs/pam-${MIN_PAM_REQ} sys-auth/openpam ) + >=sys-auth/pam_krb5-4.3 + ) + pam_ssh? ( sys-auth/pam_ssh ) + passwdqc? ( >=sys-auth/pam_passwdqc-1.0.4 ) + selinux? ( sys-libs/pam[selinux] ) + sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} ) + systemd? ( >=sys-apps/systemd-204[pam] ) + !<sys-apps/shadow-4.1.5-r1 + !<sys-freebsd/freebsd-pam-modules-6.2-r1 + !<sys-libs/pam-0.99.9.0-r1" +DEPEND="app-portage/portage-utils + app-arch/xz-utils" + +src_prepare() { + epatch "${FILESDIR}"/${P}-selinux-note.patch #540096 + epatch "${FILESDIR}"/${P}-elogind.patch + epatch "${FILESDIR}"/${P}-elogind-auth.patch +} + +src_compile() { + local implementation linux_pam_version + if has_version sys-libs/pam; then + implementation=linux-pam + local ver_str=$(qatom $(best_version sys-libs/pam) | cut -d ' ' -f 3) + linux_pam_version=$(printf "0x%02x%02x%02x" ${ver_str//\./ }) + elif has_version sys-auth/openpam; then + implementation=openpam + else + die "PAM implementation not identified" + fi + + use_var() { + local varname=$(echo "$1" | tr '[:lower:]' '[:upper:]') + local usename=${2-$(echo "$1" | tr '[:upper:]' '[:lower:]')} + local varvalue=$(usex ${usename}) + echo "${varname}=${varvalue}" + } + + emake \ + GIT=true \ + $(use_var debug) \ + $(use_var cracklib) \ + $(use_var passwdqc) \ + $(use_var consolekit) \ + $(use_var elogind) \ + $(use_var systemd) \ + $(use_var GNOME_KEYRING gnome-keyring) \ + $(use_var selinux) \ + $(use_var nullok) \ + $(use_var mktemp) \ + $(use_var pam_ssh) \ + $(use_var securetty) \ + $(use_var sha512) \ + $(use_var KRB5 pam_krb5) \ + $(use_var minimal) \ + IMPLEMENTATION=${implementation} \ + LINUX_PAM_VERSION=${linux_pam_version} +} + +src_test() { :; } + +src_install() { + emake GIT=true DESTDIR="${ED}" install +} + +pkg_postinst() { + local stcnt=0 + + if use consolekit; then stcnt=$((stcnt+1)); fi + if use elogind; then stcnt=$((stcnt+1)); fi + if use systemd; then stcnt=$((stcnt+1)); fi + + if [ $stcnt -gt 1 ] ; then + ewarn "You are enabling $stcnt session trackers at the same time." + ewarn "This is not a recommended setup to have. Please consider enabling" + ewarn "only one of USE=\"consolekit\", USE=\"elogind\" or USE=\"systemd\"." + fi +} |