# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # $Id: 65fd318970b9778661c5d2a9c561f5850e4f2570 $ EAPI=8 # Avoid QA warnings # Can reconsider w/ EAPI 8 and IDEPEND, bug #810979 TMPFILES_OPTIONAL=1 inherit db-use fcaps flag-o-matic meson-multilib toolchain-funcs usr-ldscript multilib-minimal poly-c_ebuilds MY_P="Linux-${PN^^}-${MY_PV}" DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" HOMEPAGE="https://github.com/linux-pam/linux-pam" SRC_URI=" https://github.com/linux-pam/linux-pam/releases/download/v${MY_PV}/${MY_P}.tar.xz " #doc? ( https://github.com/linux-pam/linux-pam/releases/download/v${MY_PV}/${MY_P}-docs.tar.xz ) S="${WORKDIR}/${MY_P}" LICENSE="|| ( BSD GPL-2 )" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" IUSE="audit berkdb debug doc elogind examples nis selinux systemd" REQUIRED_USE="?? ( elogind systemd )" BDEPEND=" app-alternatives/yacc dev-libs/libxslt app-alternatives/lex sys-devel/gettext doc? ( dev-java/fop ) " DEPEND=" virtual/libcrypt:=[${MULTILIB_USEDEP}] >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) !berkdb? ( sys-libs/gdbm:=[${MULTILIB_USEDEP}] ) elogind? ( >=sys-auth/elogind-255.4_pre ) selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) systemd? ( >=sys-apps/systemd-254 ) nis? ( net-libs/libnsl:=[${MULTILIB_USEDEP}] >=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}] ) " RDEPEND="${DEPEND}" PDEPEND=">=sys-auth/pambase-20200616" PATCHES=( "${FILESDIR}/${PN}-1.7.0-elogind.patch" ) multilib_src_configure() { # Do not let user's BROWSER setting mess us up, bug #549684 unset BROWSER # This whole weird has_version libxcrypt block can go once # musl systems have libxcrypt[system] if we ever make # that mandatory. See bug #867991. if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then # Need to avoid picking up the libxcrypt headers which define # CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY. cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die append-cppflags -I"${T}" fi local emesonargs=( -Ddb-uniquename="-$(db_findver sys-libs/db)" -Dxml-catalog="${EPREFIX}"/etc/xml/catalog -Dsecuredir="${EPREFIX}"/$(get_libdir)/security -Dpam_unix=enabled # TODO: wire this up now it's more useful as of 1.5.3 (bug #931117) -Deconf=disabled # Disabling lastlog will probably need a news item. -Dpam_lastlog=enabled $(meson_feature audit) $(meson_native_use_bool examples) -Ddb=$(usex berkdb db gdbm) $(meson_use debug pam-debug) $(meson_feature doc docs) $(meson_feature nis) $(meson_feature selinux) -Disadir='.' # bug #464016 ) if multilib_is_native_abi && { use elogind || use systemd ; } ; then emesonargs+=( -Dlogind=enabled $(meson_feature elogind) ) else myconf+=( -Dlogind=disabled ) fi meson_src_configure } multilib_src_install() { meson_src_install gen_usr_ldscript -a pam pam_misc pamc } multilib_src_install_all() { # tmpfiles.eclass is impossible to use because # there is the pam -> tmpfiles -> systemd -> pam dependency loop dodir /usr/lib/tmpfiles.d cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_ d /run/faillock 0755 root root _EOF_ use selinux && cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_ d /run/sepermit 0755 root root _EOF_ local page for page in doc/man/*.{3,5,8} modules/*/*.{5,8} ; do doman ${page} done } pkg_postinst() { ewarn "Some software with pre-loaded PAM libraries might experience" ewarn "warnings or failures related to missing symbols and/or versions" ewarn "after any update. While unfortunate this is a limit of the" ewarn "implementation of PAM and the software, and it requires you to" ewarn "restart the software manually after the update." ewarn "" ewarn "You can get a list of such software running a command like" ewarn " lsof / | grep -E -i 'del.*libpam\\.so'" ewarn "" ewarn "Alternatively, simply reboot your system." # The pam_unix module needs to check the password of the user which requires # read access to /etc/shadow only. fcaps cap_dac_override sbin/unix_chkpwd }