diff options
author | Diego Elio Pettenò <flameeyes@gentoo.org> | 2011-06-13 23:40:02 +0000 |
---|---|---|
committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2011-06-13 23:40:02 +0000 |
commit | 74ad2fe3b9fba775a77cd82d3ea7ef1a5a80fc82 (patch) | |
tree | 0dc01eacf8556e6aa0349015092e760e3245ba85 /sys-libs | |
parent | Version bump (diff) | |
download | historical-74ad2fe3b9fba775a77cd82d3ea7ef1a5a80fc82.tar.gz historical-74ad2fe3b9fba775a77cd82d3ea7ef1a5a80fc82.tar.bz2 historical-74ad2fe3b9fba775a77cd82d3ea7ef1a5a80fc82.zip |
Patch Linux-PAM to implement --disable-nis; wire it to the nis USE flag (disabled by default), and make sure that if using glibc, either libtirpc (preferred) or an older glibc is used with that USE flag; note that selinux support seems to require rpc support as well (needs to be tested, forcing the requirement to avoid breaking setup for now).
Package-Manager: portage-2.2.0_alpha40/cvs/Linux x86_64
Diffstat (limited to 'sys-libs')
-rw-r--r-- | sys-libs/pam/ChangeLog | 12 | ||||
-rw-r--r-- | sys-libs/pam/Manifest | 10 | ||||
-rw-r--r-- | sys-libs/pam/files/Linux-PAM-1.1.3-nis.patch | 254 | ||||
-rw-r--r-- | sys-libs/pam/pam-1.1.3-r1.ebuild | 191 |
4 files changed, 462 insertions, 5 deletions
diff --git a/sys-libs/pam/ChangeLog b/sys-libs/pam/ChangeLog index 6d1dce81e2d1..c2fb0fc4f0aa 100644 --- a/sys-libs/pam/ChangeLog +++ b/sys-libs/pam/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for sys-libs/pam # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/ChangeLog,v 1.291 2011/04/07 05:50:56 ulm Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/ChangeLog,v 1.292 2011/06/13 23:40:01 flameeyes Exp $ + +*pam-1.1.3-r1 (13 Jun 2011) + + 13 Jun 2011; Diego E. Pettenò <flameeyes@gentoo.org> +pam-1.1.3-r1.ebuild, + +files/Linux-PAM-1.1.3-nis.patch: + Patch Linux-PAM to implement --disable-nis; wire it to the nis USE flag + (disabled by default), and make sure that if using glibc, either libtirpc + (preferred) or an older glibc is used with that USE flag; note that selinux + support seems to require rpc support as well (needs to be tested, forcing the + requirement to avoid breaking setup for now). 07 Apr 2011; Ulrich Mueller <ulm@gentoo.org> pam-1.1.3.ebuild: Don't PROVIDE virtual/pam and add blocker against openpam, bug 358903. diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest index 21fa77c5bf42..517daa920c0b 100644 --- a/sys-libs/pam/Manifest +++ b/sys-libs/pam/Manifest @@ -1,15 +1,17 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +AUX Linux-PAM-1.1.3-nis.patch 8069 RMD160 028c90263f75f4b7bfe034cad6f575f16bdfb19c SHA1 67a2fc334167469a72fe7b63b95d062261e432e6 SHA256 f003eaf7c7efb65dd356843ea854487a605b8a79a3f03959cf68e66c4a7b309a DIST Linux-PAM-1.1.3-docs.tar.bz2 495577 RMD160 d080055e8b2e2c213293e42d42d64082cd112915 SHA1 88024b6c99f1d5e9da1d12f7c04ca97779125d56 SHA256 4afc3c02f295ed1a3e09876da7eb8738ce48a3c8ea1bc0861e4999730489df12 DIST Linux-PAM-1.1.3.tar.bz2 1132898 RMD160 626d8deabe5fb8fcc333b3b52fe5653e901bf352 SHA1 97d36d2b9af3211b4818ea8e6fcc6893ca1b6722 SHA256 17b268789b935a76e736a1150210dd12f156972973e79347668f828d43632652 +EBUILD pam-1.1.3-r1.ebuild 5890 RMD160 4714f5467b3df5cea5377874e602c1b0a9768eda SHA1 4ce709af3339dca1ba7041b6623b45025e38ea1b SHA256 c1bc612eec1e2cff1c429876b99050b2e659c44a155ef8599bf98af2997a6b80 EBUILD pam-1.1.3.ebuild 5626 RMD160 7dc2348963d5429914310cd57e80caffc5688de1 SHA1 71da4830d1199fcf74ffe024f2d77aa44cc4f174 SHA256 a54e4bb956f52c67e950d3cc9bc762d3d051630f6af368e774d5da1dfd9a0992 -MISC ChangeLog 46633 RMD160 4babf65b8386838a307a74e44750c7e0dd930072 SHA1 d585b37db96e7c20b3baee781361a2824f2f3a7e SHA256 bb23e199673a677026bf0934234c762c82086ec763af69fbd959c225f9be8f93 +MISC ChangeLog 47139 RMD160 6067120efef7b41ab98ac6539c487f6f6ee15baf SHA1 27bd9ec209e95fc5b9617e63189ce4875226bc2e SHA256 b25260fb7e5b897a97c9a026a96963b906f492c404eb4f12bde7dc582ff2f004 MISC metadata.xml 1129 RMD160 a800f5ac4255ca20c26791ff0b57c3c923666623 SHA1 99e58550271cf1c3e23c4547387469a0d211ae55 SHA256 e160643aca26e0418b31429836ae1b4c673474cd6130b7e2ac0d0bf41380df0b -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) -iEYEARECAAYFAk2dUQIACgkQOeoy/oIi7uxcFgCbB/9hWe/KjkGzmZCr7hMFjB+G -R40AoMFvny+ki4qn5Bmd3xaCHyygxfCJ -=Ksuv +iEYEARECAAYFAk32n7gACgkQAiZjviIA2XifQQCfd0TBufTzd4qv1WV3vBNBVOfq +zFwAoMmvJnT23ETQfuXqEbd2EEnyYMkg +=EZz/ -----END PGP SIGNATURE----- diff --git a/sys-libs/pam/files/Linux-PAM-1.1.3-nis.patch b/sys-libs/pam/files/Linux-PAM-1.1.3-nis.patch new file mode 100644 index 000000000000..f063204eb36f --- /dev/null +++ b/sys-libs/pam/files/Linux-PAM-1.1.3-nis.patch @@ -0,0 +1,254 @@ +Index: Linux-PAM-1.1.3/configure.in +=================================================================== +--- Linux-PAM-1.1.3.orig/configure.in ++++ Linux-PAM-1.1.3/configure.in +@@ -441,12 +441,39 @@ fi + AC_SUBST(LIBDB) + AM_CONDITIONAL([HAVE_LIBDB], [test ! -z "$LIBDB"]) + +-AC_CHECK_LIB([nsl],[yp_get_default_domain], LIBNSL="-lnsl", LIBNSL="") +-BACKUP_LIBS=$LIBS +-LIBS="$LIBS $LIBNSL" +-AC_CHECK_FUNCS(yp_get_default_domain getdomainname innetgr yperr_string yp_master yp_bind yp_match yp_unbind) +-LIBS=$BACKUP_LIBS +-AC_SUBST(LIBNSL) ++AC_ARG_ENABLE([nis], ++ AS_HELP_STRING([-disable-nis], [Disable building NIS/YP support in pam_unix and pam_access])) ++ ++AS_IF([test "x$enable_nis" != "xno"], [ ++ CFLAGS=$old_CFLAGS ++ LIBS=$old_LIBS ++ ++ dnl if there's libtirpc available, prefer that over the system ++ dnl implementation. ++ PKG_CHECK_MODULES([libtirpc], [libtirpc], [ ++ CFLAGS="$CFLAGS $libtirpc_CFLAGS" ++ LIBS="$LIBS $libtirpc_LIBS" ++ ], [:;]) ++ ++ AC_SEARCH_LIBS([yp_get_default_domain], [nsl]) ++ ++ AC_CHECK_FUNCS([yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind]) ++ AC_CHECK_HEADERS([rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h]) ++ AC_CHECK_DECLS([getrpcport], , , [ ++ #if HAVE_RPC_RPC_H ++ # include <rpc/rpc.h> ++ #endif ++ ]) ++ ++ NIS_CFLAGS="${CFLAGS%${old_CFLAGS}}" ++ NIS_LIBS="${LIBS%${old_LIBS}}" ++ ++ CFLAGS="$old_CFLAGS" ++ LIBS="$old_LIBS" ++]) ++ ++AC_SUBST([NIS_CFLAGS]) ++AC_SUBST([NIS_LIBS]) + + AC_ARG_ENABLE([selinux], + AS_HELP_STRING([--disable-selinux],[do not use SELinux]), +@@ -471,7 +498,7 @@ dnl Checks for header files. + AC_HEADER_DIRENT + AC_HEADER_STDC + AC_HEADER_SYS_WAIT +-AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h) ++AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h) + + dnl For module/pam_lastlog + AC_CHECK_HEADERS(lastlog.h utmp.h utmpx.h) +@@ -491,11 +518,11 @@ AC_TYPE_GETGROUPS + AC_PROG_GCC_TRADITIONAL + AC_FUNC_MEMCMP + AC_FUNC_VPRINTF +-AC_CHECK_FUNCS(fseeko gethostname gettimeofday lckpwdf mkdir select) ++AC_CHECK_FUNCS(fseeko getdomainname gethostname gettimeofday lckpwdf mkdir select) + AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname) + AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r) + AC_CHECK_FUNCS(getgrouplist getline getdelim) +-AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af) ++AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af) + + AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no]) + AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes]) +Index: Linux-PAM-1.1.3/modules/pam_unix/pam_unix_passwd.c +=================================================================== +--- Linux-PAM-1.1.3.orig/modules/pam_unix/pam_unix_passwd.c ++++ Linux-PAM-1.1.3/modules/pam_unix/pam_unix_passwd.c +@@ -54,13 +54,6 @@ + #include <ctype.h> + #include <sys/time.h> + #include <sys/stat.h> +-#include <rpc/rpc.h> +-#ifdef HAVE_RPCSVC_YP_PROT_H +-#include <rpcsvc/yp_prot.h> +-#endif +-#ifdef HAVE_RPCSVC_YPCLNT_H +-#include <rpcsvc/ypclnt.h> +-#endif + + #include <signal.h> + #include <errno.h> +@@ -76,16 +69,33 @@ + #include <security/pam_ext.h> + #include <security/pam_modutil.h> + +-#include "yppasswd.h" + #include "md5.h" + #include "support.h" + #include "passverify.h" + #include "bigcrypt.h" + +-#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1)) ++#if (HAVE_YP_GET_DEFAULT_DOMAIN || HAVE_GETDOMAINNAME) && HAVE_YP_MASTER ++# define HAVE_NIS ++#endif ++ ++#ifdef HAVE_NIS ++# include "yppasswd.h" ++ ++# include <rpc/rpc.h> ++ ++# if HAVE_RPCSVC_YP_PROT_H ++# include <rpcsvc/yp_prot.h> ++# endif ++ ++# if HAVE_RPCSVC_YPCLNT_H ++# include <rpcsvc/ypclnt.h> ++# endif ++ ++# if !HAVE_DECL_GETRPCPORT + extern int getrpcport(const char *host, unsigned long prognum, + unsigned long versnum, unsigned int proto); +-#endif /* GNU libc 2.1 */ ++# endif /* GNU libc 2.1 */ ++#endif + + /* + How it works: +@@ -102,9 +112,9 @@ extern int getrpcport(const char *host, + + #define MAX_PASSWD_TRIES 3 + ++#if HAVE_NIS + static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) + { +-#if (defined(HAVE_YP_GET_DEFAULT_DOMAIN) || defined(HAVE_GETDOMAINNAME)) && defined(HAVE_YP_MASTER) + char *master; + char *domainname; + int port, err; +@@ -151,14 +161,8 @@ static char *getNISserver(pam_handle_t * + master, port); + } + return master; +-#else +- if (on(UNIX_DEBUG, ctrl)) { +- pam_syslog(pamh, LOG_DEBUG, "getNISserver: No NIS support available"); +- } +- +- return NULL; +-#endif + } ++#endif + + #ifdef WITH_SELINUX + +@@ -326,6 +330,7 @@ static int _do_setpass(pam_handle_t* pam + } + + if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) { ++#if HAVE_NIS + if ((master=getNISserver(pamh, ctrl)) != NULL) { + struct timeval timeout; + struct yppasswd yppwd; +@@ -391,6 +396,13 @@ static int _do_setpass(pam_handle_t* pam + } else { + retval = PAM_TRY_AGAIN; + } ++#else ++ if (on(UNIX_DEBUG, ctrl)) { ++ pam_syslog(pamh, LOG_DEBUG, "No NIS support available"); ++ } ++ ++ retval = PAM_TRY_AGAIN; ++#endif + } + + if (_unix_comesfromsource(pamh, forwho, 1, 0)) { +Index: Linux-PAM-1.1.3/modules/pam_unix/yppasswd_xdr.c +=================================================================== +--- Linux-PAM-1.1.3.orig/modules/pam_unix/yppasswd_xdr.c ++++ Linux-PAM-1.1.3/modules/pam_unix/yppasswd_xdr.c +@@ -12,6 +12,8 @@ + + #include "config.h" + ++#ifdef HAVE_RPC_RPC_H ++ + #include <rpc/rpc.h> + #include "yppasswd.h" + +@@ -34,3 +36,5 @@ xdr_yppasswd(XDR * xdrs, yppasswd * objp + return xdr_string(xdrs, &objp->oldpass, ~0) + && xdr_xpasswd(xdrs, &objp->newpw); + } ++ ++#endif +Index: Linux-PAM-1.1.3/libpam/Makefile.am +=================================================================== +--- Linux-PAM-1.1.3.orig/libpam/Makefile.am ++++ Linux-PAM-1.1.3/libpam/Makefile.am +@@ -25,7 +25,8 @@ libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELU + + if STATIC_MODULES + libpam_la_LIBADD += $(shell ls ../modules/pam_*/*.lo) \ +- @LIBDB@ @LIBCRYPT@ @LIBNSL@ @LIBCRACK@ -lutil ++ @LIBDB@ @LIBCRYPT@ $(NIS_LIBS) @LIBCRACK@ -lutil ++ AM_CFLAGS += $(NIS_CFLAGS) + endif + if HAVE_VERSIONING + libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map +Index: Linux-PAM-1.1.3/modules/pam_access/Makefile.am +=================================================================== +--- Linux-PAM-1.1.3.orig/modules/pam_access/Makefile.am ++++ Linux-PAM-1.1.3/modules/pam_access/Makefile.am +@@ -15,14 +15,14 @@ securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ +- -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" ++ -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" $(NIS_CFLAGS) + AM_LDFLAGS = -no-undefined -avoid-version -module + if HAVE_VERSIONING + AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map + endif + + securelib_LTLIBRARIES = pam_access.la +-pam_access_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBNSL@ ++pam_access_la_LIBADD = -L$(top_builddir)/libpam -lpam $(NIS_LIBS) + + secureconf_DATA = access.conf + +Index: Linux-PAM-1.1.3/modules/pam_unix/Makefile.am +=================================================================== +--- Linux-PAM-1.1.3.orig/modules/pam_unix/Makefile.am ++++ Linux-PAM-1.1.3/modules/pam_unix/Makefile.am +@@ -18,7 +18,8 @@ secureconfdir = $(SCONFIGDIR) + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \ +- -DUPDATE_HELPER=\"$(sbindir)/unix_update\" ++ -DUPDATE_HELPER=\"$(sbindir)/unix_update\" \ ++ $(NIS_CFLAGS) + + if HAVE_LIBSELINUX + AM_CFLAGS += -D"WITH_SELINUX" +@@ -28,7 +29,7 @@ pam_unix_la_LDFLAGS = -no-undefined -avo + if HAVE_VERSIONING + pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map + endif +-pam_unix_la_LIBADD = @LIBNSL@ -L$(top_builddir)/libpam -lpam \ ++pam_unix_la_LIBADD = $(NIS_LIBS) -L$(top_builddir)/libpam -lpam \ + @LIBCRYPT@ @LIBSELINUX@ + + securelib_LTLIBRARIES = pam_unix.la diff --git a/sys-libs/pam/pam-1.1.3-r1.ebuild b/sys-libs/pam/pam-1.1.3-r1.ebuild new file mode 100644 index 000000000000..9bc53ab33f20 --- /dev/null +++ b/sys-libs/pam/pam-1.1.3-r1.ebuild @@ -0,0 +1,191 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.1.3-r1.ebuild,v 1.1 2011/06/13 23:40:01 flameeyes Exp $ + +EAPI="4" + +inherit libtool multilib eutils pam toolchain-funcs flag-o-matic db-use autotools + +MY_PN="Linux-PAM" +MY_P="${MY_PN}-${PV}" + +HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/" +DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" + +SRC_URI="mirror://kernel/linux/libs/pam/library/${MY_P}.tar.bz2 + mirror://kernel/linux/libs/pam/documentation/${MY_P}-docs.tar.bz2" + +LICENSE="|| ( BSD GPL-2 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux" +IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb nis" + +REQUIRED_USE="selinux? ( nis )" + +RDEPEND="nls? ( virtual/libintl ) + cracklib? ( >=sys-libs/cracklib-2.8.3 ) + audit? ( sys-process/audit ) + selinux? ( >=sys-libs/libselinux-1.28 ) + berkdb? ( sys-libs/db ) + elibc_glibc? ( + >=sys-libs/glibc-2.7 + nis? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) ) + )" +DEPEND="${RDEPEND} + >=sys-devel/libtool-2 + sys-devel/flex + nls? ( sys-devel/gettext ) + dev-util/pkgconfig" +PDEPEND="sys-auth/pambase + vim-syntax? ( app-vim/pam-syntax )" +RDEPEND="${RDEPEND} + !sys-auth/openpam + !sys-auth/pam_userdb" + +S="${WORKDIR}/${MY_P}" + +check_old_modules() { + local retval="0" + + if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then + eerror "" + eerror "Your current setup is using the pam_stack module." + eerror "This module is deprecated and no longer supported, and since version" + eerror "0.99 is no longer installed, nor provided by any other package." + eerror "The package will be built (to allow binary package builds), but will" + eerror "not be installed." + eerror "Please replace pam_stack usage with proper include directive usage," + eerror "following the PAM Upgrade guide at the following URL" + eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml" + eerror "" + + retval=1 + fi + + if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then + eerror "" + eerror "Your current setup is using one or more of the following modules," + eerror "that are not built or supported anymore:" + eerror "pam_pwdb, pam_console" + eerror "If you are in real need for these modules, please contact the maintainers" + eerror "of PAM through http://bugs.gentoo.org/ providing information about its" + eerror "use cases." + eerror "Please also make sure to read the PAM Upgrade guide at the following URL:" + eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml" + eerror "" + + retval=1 + fi + + return $retval +} + +pkg_setup() { + check_old_modules +} + +src_prepare() { + epatch "${FILESDIR}"/Linux-PAM-1.1.3-nis.patch + + rm -rf m4/libtool.m4 # old libtool-1 + + eautoreconf + elibtoolize +} + +src_configure() { + local myconf + + if use hppa || use elibc_FreeBSD; then + myconf="${myconf} --disable-pie" + fi + + # Disable automatic detection of libxcrypt; we _don't_ want the + # user to link libxcrypt in by default, since we won't track the + # dependency and allow to break PAM this way. + export ac_cv_header_xcrypt_h=no + + econf \ + --disable-dependency-tracking \ + --enable-fast-install \ + --libdir="${EPREFIX}"/usr/$(get_libdir) \ + --docdir="${EPREFIX}"/usr/share/doc/${PF} \ + --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \ + --enable-securedir="${EPREFIX}"/$(get_libdir)/security \ + --enable-isadir="${EPREFIX}"/$(get_libdir)/security \ + $(use_enable nls) \ + $(use_enable selinux) \ + $(use_enable cracklib) \ + $(use_enable audit) \ + $(use_enable debug) \ + $(use_enable berkdb db) \ + $(use_enable nis) \ + --with-db-uniquename=-$(db_findver sys-libs/db) \ + --disable-prelude \ + ${myconf} +} + +src_compile() { + emake sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "emake failed" +} + +src_test() { + # explicitly allow parallel-build during testing + emake sepermitlockdir="${EPREFIX}/var/run/sepermit" check || die "emake check failed" +} + +src_install() { + local lib + + emake DESTDIR="${D}" install \ + sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "make install failed" + + # Need to be suid + fperms u+s /sbin/unix_chkpwd + + gen_usr_ldscript -a pam pamc pam_misc + + # create extra symlinks just in case something depends on them... + for lib in pam pamc pam_misc; do + if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then + dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname) + fi + done + + dodoc CHANGELOG ChangeLog README AUTHORS Copyright NEWS + + docinto modules + for dir in modules/pam_*; do + newdoc "${dir}"/README README."$(basename "${dir}")" + done + + # Get rid of the .la files. We certainly don't need them for PAM + # modules, and libpam is installed as a shared object only, so we + # don't need them for static linking either. + find "${D}" -name '*.la' -delete +} + +pkg_preinst() { + check_old_modules || die "deprecated PAM modules still used" +} + +pkg_postinst() { + ewarn "Some software with pre-loaded PAM libraries might experience" + ewarn "warnings or failures related to missing symbols and/or versions" + ewarn "after any update. While unfortunate this is a limit of the" + ewarn "implementation of PAM and the software, and it requires you to" + ewarn "restart the software manually after the update." + ewarn "" + ewarn "You can get a list of such software running a command like" + ewarn " lsof / | egrep -i 'del.*libpam\\.so'" + ewarn "" + ewarn "Alternatively, simply reboot your system." + if [ -x "${ROOT}"/var/log/tallylog ] ; then + elog "" + elog "Because of a bug present up to version 1.1.1-r2, you have" + elog "an executable /var/log/tallylog file. You can safely" + elog "correct it by running the command" + elog " chmod -x /var/log/tallylog" + elog "" + fi +} |