Skip to content
Browse files

FL-605: new pam-1.1.6-r4 based on Gentoo with Funtoo changes, masked …

…for testing.
  • Loading branch information...
1 parent b9b8247 commit 5cb2837c61f692a83faf447d502086beb427548e @danielrobbins danielrobbins committed Aug 31, 2013
View
3 profiles/package.mask/funtoo-staging
@@ -1,6 +1,9 @@
# Keep the most recent masks in a reverse chrono order
# newest on top
+# Daniel Robbins (31 Aug 2013)
+>=sys-libs/pam-1.1.6-r4
+
# Daniel Robbins (10 Apr 2013)
# FL-487: staging zenoss, as it is a work in progress.
sys-monitor/zenoss
View
10 sys-libs/pam/Manifest
@@ -1,4 +1,6 @@
-DIST Linux-PAM-1.1.3-docs.tar.bz2 495577 RMD160 d080055e8b2e2c213293e42d42d64082cd112915 SHA1 88024b6c99f1d5e9da1d12f7c04ca97779125d56 SHA256 4afc3c02f295ed1a3e09876da7eb8738ce48a3c8ea1bc0861e4999730489df12
-DIST Linux-PAM-1.1.3.tar.bz2 1132898 RMD160 626d8deabe5fb8fcc333b3b52fe5653e901bf352 SHA1 97d36d2b9af3211b4818ea8e6fcc6893ca1b6722 SHA256 17b268789b935a76e736a1150210dd12f156972973e79347668f828d43632652
-DIST Linux-PAM-1.1.5-docs.tar.bz2 498228 RMD160 1cd6e49a8d69a3f35179210b6b060d0767c9b2fa SHA1 5a34185fd7749a8adfb61e617708304fa9cabea4 SHA256 e4b10ffebe2e5cc355bd37c4e17a2288eb90d1396b06961738a7e7ef848c754c
-DIST Linux-PAM-1.1.5.tar.bz2 1123524 RMD160 00a313e890892ad85fb69c828cfaef8c2c00cf94 SHA1 662a769f66708c3b9b5a41d62802ed69bf489e09 SHA256 65def4df04254dc4c5156859d36c34ad6d7afbcf3adbf2780530ebc4dbf2a116
+DIST Linux-PAM-1.1.3-docs.tar.bz2 495577 SHA256 4afc3c02f295ed1a3e09876da7eb8738ce48a3c8ea1bc0861e4999730489df12
+DIST Linux-PAM-1.1.3.tar.bz2 1132898 SHA256 17b268789b935a76e736a1150210dd12f156972973e79347668f828d43632652
+DIST Linux-PAM-1.1.5-docs.tar.bz2 498228 SHA256 e4b10ffebe2e5cc355bd37c4e17a2288eb90d1396b06961738a7e7ef848c754c
+DIST Linux-PAM-1.1.5.tar.bz2 1123524 SHA256 65def4df04254dc4c5156859d36c34ad6d7afbcf3adbf2780530ebc4dbf2a116
+DIST Linux-PAM-1.1.6-docs.tar.bz2 147359 SHA256 0244321b1c4b8a71064d984880566890cc809b1c77bdd0550f121fa7d8450497 SHA512 f158116c2a3d604a9195d96263f094a1c9c0e2ba78b54e0f8a92bfa73955d8cec36d68b985eb70f1bf0958fc54be5590b61669b3b777ba6bd2138bc156cec782 WHIRLPOOL 73b42d795b3ca06c3a22ea8a91258da9bd4662e72de8a72751eec3824524a44e13dbc13a7c0e79256429f583d21c2764512363921d5709e61752e391f8227577
+DIST Linux-PAM-1.1.6.tar.bz2 1147538 SHA256 bab887d6280f47fc3963df3b95735a27a16f0f663636163ddf3acab5f1149fc2 SHA512 f68e3a0d648441eef7589efe0fad65c621d030a9425635f461f2882a5129240830a55d5a5b81d02b439c633870a96f61b4c4dea22d0eacfdd583f4fac353928a WHIRLPOOL 619214ecf859e1fc4e6f59e37045e370b98bae57ceeaed3f6a5e0732fc0caba41c040bea926830b678f6e5c243d73a607daea438f55cf28d339ce458eded7db5
View
20 sys-libs/pam/files/Linux-PAM-1.1.5+glibc-2.16.patch
@@ -0,0 +1,20 @@
+--- a/modules/pam_unix/pam_unix_acct.c 2011-06-21 11:04:56.000000000 +0200
++++ b/modules/pam_unix/pam_unix_acct.c 2012-07-05 16:04:35.643727485 +0200
+@@ -41,6 +41,7 @@
+ #include <string.h>
+ #include <unistd.h>
+ #include <sys/types.h>
++#include <sys/resource.h>
+ #include <syslog.h>
+ #include <pwd.h>
+ #include <shadow.h>
+--- a/modules/pam_unix/pam_unix_passwd.c 2012-07-16 11:49:25.954638105 -0500
++++ b/modules/pam_unix/pam_unix_passwd.c 2012-07-16 11:50:04.408635441 -0500
+@@ -46,6 +46,7 @@
+ #include <unistd.h>
+ #include <errno.h>
+ #include <sys/types.h>
++#include <sys/resource.h>
+ #include <pwd.h>
+ #include <syslog.h>
+ #include <shadow.h>
View
29 sys-libs/pam/files/Linux-PAM-1.1.6+glibc-2.16.patch
@@ -0,0 +1,29 @@
+From 18da0c4763f5e079f8b2df45fa462b0b70b6fd3a Mon Sep 17 00:00:00 2001
+From: "Jory A. Pratt" <anarchy@gentoo.org>
+Date: Sun, 7 Oct 2012 11:44:17 -0700
+Subject: [PATCH] Fix building with GLIBC 2.16 and SELinux.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+
+Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
+---
+ modules/pam_unix/pam_unix_passwd.c | 1 +
+ 1 file modificato, 1 inserzione(+)
+
+diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
+index 9e1302d..b5f5ae9 100644
+--- a/modules/pam_unix/pam_unix_passwd.c
++++ b/modules/pam_unix/pam_unix_passwd.c
+@@ -46,6 +46,7 @@
+ #include <unistd.h>
+ #include <errno.h>
+ #include <sys/types.h>
++#include <sys/resource.h>
+ #include <pwd.h>
+ #include <syslog.h>
+ #include <shadow.h>
+--
+1.7.12
+
View
48 sys-libs/pam/files/Linux-PAM-1.1.6-destdir.patch
@@ -0,0 +1,48 @@
+From d7e6b921cd34f7ad8fc4d05065c75d13ba330896 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Fri, 17 Aug 2012 14:46:40 +0200
+Subject: [PATCH] Add missing $(DESTDIR) when making directories on install.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+modules/pam_namespace/Makefile.am: Add missing $(DESTDIR) when making
+$(namespaceddir) on install.
+modules/pam_sepermit/Makefile.am: Add missing $(DESTDIR) when making
+$(sepermitlockdir) on install.
+
+Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
+---
+ modules/pam_namespace/Makefile.am | 2 +-
+ modules/pam_sepermit/Makefile.am | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am
+index a28f196..ebb00f3 100644
+--- a/modules/pam_namespace/Makefile.am
++++ b/modules/pam_namespace/Makefile.am
+@@ -40,7 +40,7 @@ if HAVE_UNSHARE
+ secureconf_SCRIPTS = namespace.init
+
+ install-data-local:
+- mkdir -p $(namespaceddir)
++ mkdir -p $(DESTDIR)$(namespaceddir)
+ endif
+
+
+diff --git a/modules/pam_sepermit/Makefile.am b/modules/pam_sepermit/Makefile.am
+index cfc5594..bc82275 100644
+--- a/modules/pam_sepermit/Makefile.am
++++ b/modules/pam_sepermit/Makefile.am
+@@ -35,7 +35,7 @@ if HAVE_LIBSELINUX
+ securelib_LTLIBRARIES = pam_sepermit.la
+
+ install-data-local:
+- mkdir -p $(sepermitlockdir)
++ mkdir -p $(DESTDIR)$(sepermitlockdir)
+ endif
+ if ENABLE_REGENERATE_MAN
+ noinst_DATA = README pam_sepermit.8 sepermit.conf.5
+--
+1.7.8.6
+
View
189 sys-libs/pam/pam-1.1.6-r4.ebuild
@@ -0,0 +1,189 @@
+# Copyright 1999-2013 Gentoo Foundation
+
+EAPI=5
+
+inherit libtool multilib eutils pam toolchain-funcs flag-o-matic db-use autotools autotools-utils
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+ http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="*"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb nis"
+
+RDEPEND="nls? ( virtual/libintl )
+ cracklib? ( >=sys-libs/cracklib-2.8.3 )
+ audit? ( sys-process/audit )
+ selinux? ( >=sys-libs/libselinux-1.28 )
+ berkdb? ( sys-libs/db )
+ elibc_glibc? (
+ >=sys-libs/glibc-2.7
+ nis? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )
+ )"
+DEPEND="${RDEPEND}
+ >=sys-devel/libtool-2
+ sys-devel/flex
+ nls? ( sys-devel/gettext )
+ virtual/pkgconfig"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+ !sys-auth/openpam
+ !sys-auth/pam_userdb"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ return $retval
+}
+
+pkg_pretend() {
+ # do not error out, this is just a warning, one could build a binpkg
+ # with old modules enabled.
+ check_old_modules
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${MY_P}-destdir.patch
+ epatch "${FILESDIR}"/${MY_P}+glibc-2.16.patch
+
+ eautoreconf
+ elibtoolize
+}
+
+src_configure() {
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+ export ac_cv_header_xcrypt_h=no
+
+ local myeconfargs=(
+ --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html
+ --libdir="${EPREFIX}"/usr/$(get_libdir) \
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security
+ --enable-isadir="${EPREFIX}"/$(get_libdir)/security
+ $(use_enable nls)
+ $(use_enable selinux)
+ $(use_enable cracklib)
+ $(use_enable audit)
+ $(use_enable debug)
+ $(use_enable berkdb db)
+ $(use_enable nis)
+ --with-db-uniquename=-$(db_findver sys-libs/db)
+ --disable-prelude
+ )
+
+ if use hppa || use elibc_FreeBSD; then
+ myeconfargs+=( --disable-pie )
+ fi
+
+ autotools-utils_src_configure
+}
+
+src_compile() {
+ autotools-utils_src_compile sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+src_install() {
+ autotools-utils_src_install sepermitlockdir="${EPREFIX}/run/sepermit"
+
+ # Need to be suid
+ fperms u+s /sbin/unix_chkpwd
+
+ gen_usr_ldscript -a pam pamc pam_misc
+
+ # create extra symlinks just in case something depends on them...
+ local lib
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+
+ docinto modules
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ prune_libtool_files --all
+
+ if use selinux; then
+ dodir /usr/lib/tmpfiles.d
+ cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+ fi
+
+ # setting default number of open files to 16000, with the ability to
+ # push the limit up to 64000. This provides reasonable defaults for modern
+ # systems that need to handle things like slowloris in defaultconfigs.
+
+ echo "* soft nofile 16000" >> ${D}/etc/security/limits.conf || die "limits set fail"
+ echo "* hard nofile 64000" >> ${D}/etc/security/limits.conf || die "limits set fail"
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+ if [ -x "${ROOT}"/var/log/tallylog ] ; then
+ elog ""
+ elog "Because of a bug present up to version 1.1.1-r2, you have"
+ elog "an executable /var/log/tallylog file. You can safely"
+ elog "correct it by running the command"
+ elog " chmod -x /var/log/tallylog"
+ elog ""
+ fi
+}

0 comments on commit 5cb2837

Please sign in to comment.
Something went wrong with that request. Please try again.