Merge pull request EESSI#13 from bedroge/pam

Use pam from our overlay
poksumdo · Feb 23, 2021 · 58edf3f · 58edf3f
2 parents 86dadc7 + 8388642
commit 58edf3f
Show file tree

Hide file tree

Showing 4 changed files with 143 additions and 1 deletion.
diff --git a/.github/workflows/generate_sets.yml b/.github/workflows/generate_sets.yml
@@ -42,7 +42,9 @@ jobs:
         git config --local user.name "github-actions[bot]"
         git add etc/portage/sets/*
         git commit -m "Add generated set files" -a || echo "No changes to commit"
+
     - name: Push changes
+      if: ${{ github.event_name == 'pull_request' }}
       uses: ad-m/github-push-action@master
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}

diff --git a/scripts/eessi_sets.yml b/scripts/eessi_sets.yml
@@ -27,7 +27,7 @@ eessi_sets:
       - name: =sys-fabric/opa-psm2-11.2.185::eessi
         include_on: 
           - linux-x86_64
-      - name: sys-libs/pam
+      - name: =sys-libs/pam-1.5.1::eessi
         exclude_on:
           - macos-aarch64
           - macos-x86_64
diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
@@ -0,0 +1,3 @@
+DIST Linux-PAM-1.5.1-docs.tar.xz 441632 BLAKE2B 1b3ad1b5167936b8c38977b5328ee11c7d280eb905a0f444e555d24f9d5332583f7e0ce0a758242292ff1244bc082b73d661935647e583e2ebcd8d5058df413e SHA512 95f0b0225e96386f06f5f869203163a201af3ac5c1a4fa8bd30779b9f55290e1a5b63fa49e2efafa1a51476bad1acf258b1f37f56a4bdc3935f9fe5928cbc1f7
+DIST Linux-PAM-1.5.1.tar.xz 972964 BLAKE2B a1714569587a383fa8211b23765c66b08b18dc2808c1521a904171dc2886cced56e9afa27408e8a9d5eec6226b31390dc8f14434071370f4e1147c77ce8b36ac SHA512 1db091fc43b934dde220f1b85f35937fbaa0a3feec699b2e597e2cdf0c3ce11c17d36d2286d479c9eed24e8ca3ca6233214e4dff256db47249e358c01d424837
+EBUILD pam-1.5.1.ebuild 3810 BLAKE2B 1dc08918a341850569fbbb8bdaf8a8e0dfd56831ffcb7a9ff98cc8f93f91173bbad57e94dd0bc0c288856fa510a483d871d1e8043ba634bbe2d88c3d7db315b4 SHA512 6571cb16186f5692af66991908f94852a05f182da538c02100965afd0375ea06e74e56384ffa37778ce3d8a86db1e574b7ed123a65f8c27a1519bfcaeb8d8bb1
diff --git a/sys-libs/pam/pam-1.5.1.ebuild b/sys-libs/pam/pam-1.5.1.ebuild
@@ -0,0 +1,137 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+MY_P="Linux-${PN^^}-${PV}"
+
+inherit autotools db-use fcaps toolchain-funcs usr-ldscript multilib-minimal
+
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+HOMEPAGE="https://github.com/linux-pam/linux-pam"
+
+SRC_URI="https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz
+	https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}-docs.tar.xz"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86"
+IUSE="audit berkdb debug nis selinux"
+
+BDEPEND="
+	dev-libs/libxslt
+	sys-devel/flex
+	sys-devel/gettext
+	virtual/pkgconfig
+	virtual/yacc
+"
+
+DEPEND="
+	virtual/libcrypt:=[${MULTILIB_USEDEP}]
+	>=virtual/libintl-0-r1[${MULTILIB_USEDEP}]
+	audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+	berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
+	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+	nis? ( net-libs/libnsl[${MULTILIB_USEDEP}]
+	>=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )"
+
+RDEPEND="${DEPEND}"
+
+PDEPEND=">=sys-auth/pambase-20200616"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+	default
+	touch ChangeLog || die
+	eautoreconf
+}
+
+multilib_src_configure() {
+	# Do not let user's BROWSER setting mess us up. #549684
+	unset BROWSER
+
+	# Disable automatic detection of libxcrypt; we _don't_ want the
+	# user to link libxcrypt in by default, since we won't track the
+	# dependency and allow to break PAM this way.
+
+	export ac_cv_header_xcrypt_h=no
+
+	local myconf=(
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		--with-db-uniquename=-$(db_findver sys-libs/db)
+		--with-xml-catalog="${EPREFIX}"//etc/xml/catalog
+		--enable-securedir="${EPREFIX}"//$(get_libdir)/security
+		--includedir="${EPREFIX}"//usr/include/security
+		--libdir="${EPREFIX}"//usr/$(get_libdir)
+		--enable-pie
+		--enable-unix
+		--disable-prelude
+		--disable-doc
+		--disable-regenerate-docu
+		--disable-static
+		--disable-Werror
+		$(use_enable audit)
+		$(use_enable berkdb db)
+		$(use_enable debug)
+		$(use_enable nis)
+		$(use_enable selinux)
+		--enable-isadir='.' #464016
+		)
+	ECONF_SOURCE="${S}" econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+	emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install \
+		sepermitlockdir="${EPREFIX}/run/sepermit"
+
+	gen_usr_ldscript -a pam pam_misc pamc
+}
+
+multilib_src_install_all() {
+	find "${ED}" -type f -name '*.la' -delete || die
+
+	# tmpfiles.eclass is impossible to use because
+	# there is the pam -> tmpfiles -> systemd -> pam dependency loop
+
+	dodir /usr/lib/tmpfiles.d
+
+	cat ->>  "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_
+		d /run/faillock 0755 root root
+	_EOF_
+	use selinux && cat ->>  "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_
+		d /run/sepermit 0755 root root
+	_EOF_
+
+	local page
+
+	for page in doc/man/*.{3,5,8} modules/*/*.{5,8} ; do
+		doman ${page}
+	done
+}
+
+pkg_postinst() {
+	ewarn "Some software with pre-loaded PAM libraries might experience"
+	ewarn "warnings or failures related to missing symbols and/or versions"
+	ewarn "after any update. While unfortunate this is a limit of the"
+	ewarn "implementation of PAM and the software, and it requires you to"
+	ewarn "restart the software manually after the update."
+	ewarn ""
+	ewarn "You can get a list of such software running a command like"
+	ewarn "  lsof / | egrep -i 'del.*libpam\\.so'"
+	ewarn ""
+	ewarn "Alternatively, simply reboot your system."
+
+	# The pam_unix module needs to check the password of the user which requires
+	# read access to /etc/shadow only.
+	if use prefix; then
+		rm sbin/unix_chkpwd
+		ln -s /usr/sbin/unix_chkpwd sbin/unix_chkpwd
+	else
+		fcaps cap_dac_override sbin/unix_chkpwd
+	fi
+}