Skip to content

Commit

Permalink
upgrade to linux-pam-1.5.3-r1
Browse files Browse the repository at this point in the history
  • Loading branch information
markafarrell committed Jun 25, 2024
1 parent 32d05e1 commit 6e3dd16
Show file tree
Hide file tree
Showing 8 changed files with 113 additions and 76 deletions.
1 change: 1 addition & 0 deletions changelog/updates/2024-06-26-linux-pam-1.5.3-r1-update.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
- linux-pam ([1.5.3](https://github.com/linux-pam/linux-pam/releases/tag/v1.5.3))
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
DIST pam-1.5.1_p20210622.tar.gz 783068 BLAKE2B c8f13c2ccef73ad367d4fac9a7d1d0d3f3d0e4f1c8eea877d2ab467411cf17cc32c6c9c89e98d94090481d7d7746723175031ba8713a8fb0c3e1976e2854e58b SHA512 5b7a84b9de2d0b0c39cb33e9b8d24aeedca670b998536d74dc497eb7af31cb1f3157f196a01712c4ae273634b51ddad2062f207534b35b1d1a1e790816c8dc1b
DIST pam-doc-1.5.1_p20210610.tar.xz 62308 BLAKE2B b3311e704ddc840b7fd28ea7764e8a0d3fdf508e2e37405acbfa26462a188c480859b3b21bd4a4b4acea70928e68650c216e8fb2d2b6f11ba33f54c6692cf3a2 SHA512 89b88f8ebf0c46f6b25dc0c5f39383ecbef0b12d6ffab388d92026066ee986f9068819cdbf38baaa1e341cd6cc84b1e8d3ad02db121aaf0ddad27e4e6efe26e7
DIST Linux-PAM-1.5.3-docs.tar.xz 466340 BLAKE2B 6bade3c63ebe6b6ca7a86d7385850bb87bf1d6526add3ac5aad140533516c1d27b594a17d09c4127ff985c42e6c571618785d6b2a2913e6575678c4dcf947dc0 SHA512 a9082823da88e0054d74e13aef872519ced5fbef25c8cc1a7e3a99160f835aa09c9ef701b6ec507acd3b540da0019288424bb4c8ebd828181ea90450db1494a9
DIST Linux-PAM-1.5.3.tar.xz 1020076 BLAKE2B 362c939f3afc343e6f4e78e7f6ba6f7a9c6ee0a9948bb5a4fc34cecfd29e9fa974082534d4ceedd04d8d3e34c7b3ef43d2a07ba5f41d26da04ec8330fc3790fb SHA512 af88e8c1b6a9b737ffaffff7dd9ed8eec996d1fbb5804fb76f590bed66d8a1c2c6024a534d7a7b6d18496b300f3d6571a08874cf406cd2e8cea1d5eff49c136a
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,3 @@ for having our fork seem to be:
work. A suid binary is strictly less secure than capability
override, so in long-term we would prefer to avoid having this
hack. On the other hand - this is what we had so far.

5. We replace the dependency on `virtual/yacc` with
`app-alternatives/yacc`. The former was renamed to the latter in
Gentoo, so this modification will be gone next time we update this
package.

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
Replace System V termio.h with POSIX termios.h for musl
Upstream: https://github.com/linux-pam/linux-pam/pull/576
Bug: https://bugs.gentoo.org/906137

From 5658105b04ad4df212baf302898ee2cca99516a6 Mon Sep 17 00:00:00 2001
From: Violet Purcell <[email protected]>
Date: Thu, 11 May 2023 10:27:53 -0400
Subject: [PATCH] fix build on musl

--- a/examples/tty_conv.c
+++ b/examples/tty_conv.c
@@ -6,8 +6,9 @@
#include <string.h>
#include <errno.h>
#include <unistd.h>
-#include <termio.h>
+#include <termios.h>
#include <security/pam_appl.h>
+#include <sys/ioctl.h>

/***************************************
* @brief echo off/on
@@ -16,7 +17,7 @@
***************************************/
static void echoOff(int fd, int off)
{
- struct termio tty;
+ struct termios tty;
if (ioctl(fd, TCGETA, &tty) < 0)
{
fprintf(stderr, "TCGETA failed: %s\n", strerror(errno));
--
2.40.1
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ d /etc/security 0755 root root - -
d /etc/security/limits.d 0755 root root - -
d /etc/security/namespace.d 0755 root root - -
f /etc/environment 0755 root root - -
L /etc/security/access.conf - - - - ../../usr/lib/pam/access.conf
L /etc/security/group.conf - - - - ../../usr/lib/pam/group.conf
L /etc/security/limits.conf - - - - ../../usr/lib/pam/limits.conf
L /etc/security/namespace.conf - - - - ../../usr/lib/pam/namespace.conf
L /etc/security/pam_env.conf - - - - ../../usr/lib/pam/pam_env.conf
L /etc/security/time.conf - - - - ../../usr/lib/pam/time.conf
L /etc/security/access.conf - - - - ../../usr/lib/pam/security/access.conf
L /etc/security/group.conf - - - - ../../usr/lib/pam/security/group.conf
L /etc/security/limits.conf - - - - ../../usr/lib/pam/security/limits.conf
L /etc/security/namespace.conf - - - - ../../usr/lib/pam/security/namespace.conf
L /etc/security/pam_env.conf - - - - ../../usr/lib/pam/security/pam_env.conf
L /etc/security/time.conf - - - - ../../usr/lib/pam/security/time.conf
Original file line number Diff line number Diff line change
@@ -1,21 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>[email protected]</email>
<name>Mikle Kolyada</name>
</maintainer>
<use>
<flag name="berkdb">
Build the pam_userdb module, that allows to authenticate users
against a Berkeley DB file. Please note that enabling this USE
flag will create a PAM module that links to the Berkeley DB (as
provided by <pkg>sys-libs/db</pkg>) installed in /usr/lib and
will thus not work for boot-critical services authentication.
</flag>
<maintainer type="project">
<email>[email protected]</email>
</maintainer>
<maintainer type="person">
<email>[email protected]</email>
<name>Sam James</name>
</maintainer>
<use>
<flag name="berkdb">
Build the pam_userdb module, that allows to authenticate users
against a Berkeley DB file. Please note that enabling this USE
flag will create a PAM module that links to the Berkeley DB (as
provided by <pkg>sys-libs/db</pkg>) installed in /usr/lib and
will thus not work for boot-critical services authentication.
</flag>
</use>
<upstream>
<remote-id type="github">linux-pam/linux-pam</remote-id>
<remote-id type="cpe">cpe:/a:kernel:linux-pam</remote-id>
</upstream>
<upstream>
<remote-id type="github">linux-pam/linux-pam</remote-id>
<remote-id type="cpe">cpe:/a:kernel:linux-pam</remote-id>
</upstream>
</pkgmetadata>
Original file line number Diff line number Diff line change
@@ -1,88 +1,109 @@
# Copyright 1999-2022 Gentoo Authors
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=7
EAPI=8

MY_P="Linux-${PN^^}-${PV}"

# Avoid QA warnings
# Can reconsider w/ EAPI 8 and IDEPEND, bug #810979
TMPFILES_OPTIONAL=1

inherit autotools db-use toolchain-funcs usr-ldscript multilib-minimal

GIT_COMMIT="fe1307512fb8892b5ceb3d884c793af8dbd4c16a"
DOC_SNAPSHOT="20210610"
inherit db-use fcaps flag-o-matic toolchain-funcs multilib-minimal

DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
HOMEPAGE="https://github.com/linux-pam/linux-pam"

SRC_URI="https://github.com/linux-pam/linux-pam/archive/${GIT_COMMIT}.tar.gz -> ${P}.tar.gz
https://dev.gentoo.org/~zlogene/distfiles/${CATEGORY}/${PN}/${PN}-doc-${PV%_p*}_p${DOC_SNAPSHOT}.tar.xz"
SRC_URI="
https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz
https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}-docs.tar.xz
"
S="${WORKDIR}/${MY_P}"

LICENSE="|| ( BSD GPL-2 )"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
IUSE="audit berkdb debug nis selinux"

BDEPEND="
app-alternatives/yacc
dev-libs/libxslt
sys-devel/flex
app-alternatives/lex
sys-devel/gettext
virtual/pkgconfig
"

DEPEND="
virtual/libcrypt:=[${MULTILIB_USEDEP}]
>=virtual/libintl-0-r1[${MULTILIB_USEDEP}]
audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
nis? ( net-libs/libnsl:=[${MULTILIB_USEDEP}]
>=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}] )"

nis? (
net-libs/libnsl:=[${MULTILIB_USEDEP}]
>=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}]
)
"
RDEPEND="${DEPEND}"

PDEPEND=">=sys-auth/pambase-20200616"

S="${WORKDIR}/linux-${PN}-${GIT_COMMIT}"

PATCHES=(
"${FILESDIR}"/${PN}-1.5.0-locked-accounts.patch
"${FILESDIR}"/${PN}-1.5.1-musl.patch
"${FILESDIR}/${P}-termios.patch"
)

src_prepare() {
default
touch ChangeLog || die
eautoreconf
}

multilib_src_configure() {
# Do not let user's BROWSER setting mess us up. #549684
# Do not let user's BROWSER setting mess us up, bug #549684
unset BROWSER

# This whole weird has_version libxcrypt block can go once
# musl systems have libxcrypt[system] if we ever make
# that mandatory. See bug #867991.
if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then
# Avoid picking up symbol-versioned compat symbol on musl systems
export ac_cv_search_crypt_gensalt_rn=no

# Need to avoid picking up the libxcrypt headers which define
# CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY.
cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die
append-cppflags -I"${T}"
fi

local myconf=(
CC_FOR_BUILD="$(tc-getBUILD_CC)"
--with-db-uniquename=-$(db_findver sys-libs/db)
--with-xml-catalog=/etc/xml/catalog
--enable-securedir=/$(get_libdir)/security
--includedir=/usr/include/security
--libdir=/usr/$(get_libdir)
--with-xml-catalog="${EPREFIX}"/etc/xml/catalog
--enable-securedir="${EPREFIX}"/$(get_libdir)/security
--includedir="${EPREFIX}"/usr/include/security
--libdir="${EPREFIX}"/usr/$(get_libdir)
--enable-pie
--enable-unix
--disable-prelude
--disable-doc
--disable-regenerate-docu
--disable-static
--disable-Werror
# TODO: wire this up now it's more useful as of 1.5.3 (bug #931117)
--disable-econf

# TODO: add elogind support (bug #931115)
# lastlog is enabled again for now by us until logind support
# is handled. Even then, disabling lastlog will probably need
# a news item.
--disable-logind
--enable-lastlog

$(use_enable audit)
$(use_enable berkdb db)
$(use_enable debug)
$(use_enable nis)
$(use_enable selinux)
--enable-isadir='.' #464016
--enable-sconfigdir="/usr/lib/pam/"
)
--enable-isadir='.' # bug #464016
--enable-vendordir="/usr/lib/pam/"
)
ECONF_SOURCE="${S}" econf "${myconf[@]}"
}

Expand All @@ -106,7 +127,6 @@ multilib_src_install_all() {

# tmpfiles.eclass is impossible to use because
# there is the pam -> tmpfiles -> systemd -> pam dependency loop

dodir /usr/lib/tmpfiles.d

rm "${D}/etc/environment"
Expand All @@ -120,7 +140,7 @@ multilib_src_install_all() {

local page

for page in "${WORKDIR}"/man/*.{3,5,8} ; do
for page in doc/man/*.{3,5,8} modules/*/*.{5,8} ; do
doman ${page}
done
}
Expand All @@ -133,7 +153,7 @@ pkg_postinst() {
ewarn "restart the software manually after the update."
ewarn ""
ewarn "You can get a list of such software running a command like"
ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
ewarn " lsof / | grep -E -i 'del.*libpam\\.so'"
ewarn ""
ewarn "Alternatively, simply reboot your system."
}
}

0 comments on commit 6e3dd16

Please sign in to comment.