Add pambase to kogaion desk

6 files changed, 252 insertions, 0 deletions

diff --git a/sys-auth/pambase/Manifest b/sys-auth/pambase/Manifest
new file mode 100644
index 00000000..04effc7e
--- /dev/null
+++ b/sys-auth/pambase/Manifest
@@ -0,0 +1 @@
+DIST pambase-20120417.tar.bz2 3361 SHA256 3fde3ff7714b3722b45545da36fdde6ca95a55d1b0a8cfb23666ec0de3ec5871 SHA512 7a666eb67f6484e536ecb070402036bcfdd137aced27df3f08b136d06eee5c13a6dc14aa93ea09e94c7f31e5a98db97dbaccd0c46af24b57028247de3a7cd9fe WHIRLPOOL 323edb9ef488a0ba562ef279d4acfb682540bf87838be9a3319ad2029ba1465d015fdf94c3192e24517ae9f0ed264e38d17aba65934211bd7b39bf309ee12540
diff --git a/sys-auth/pambase/files/pambase-20120417-drop-motd-for-now.patch b/sys-auth/pambase/files/pambase-20120417-drop-motd-for-now.patch
new file mode 100644
index 00000000..3543c640
--- /dev/null
+++ b/sys-auth/pambase/files/pambase-20120417-drop-motd-for-now.patch
@@ -0,0 +1,12 @@
+--- pambase-20120417.orig/system-login.in
++++ pambase-20120417/system-login.in
+@@ -56,9 +56,6 @@ session		optional	pam_gnome_keyring.so a
+ #if HAVE_SELINUX
+ session		required	pam_selinux.so multiple open
+ #endif
+-#if HAVE_MOTD
+-session		optional	pam_motd.so motd=/etc/motd
+-#endif
+ #if HAVE_MAIL
+ session		optional	pam_mail.so
+ #endif
diff --git a/sys-auth/pambase/files/pambase-20120417-lastlog-silent.patch b/sys-auth/pambase/files/pambase-20120417-lastlog-silent.patch
new file mode 100644
index 00000000..79266a74
--- /dev/null
+++ b/sys-auth/pambase/files/pambase-20120417-lastlog-silent.patch
@@ -0,0 +1,20 @@
+--- pambase-20120417/login.in.orig	2012-11-21 14:31:49.031948988 +0100
++++ pambase-20120417/login.in	2012-11-21 14:32:41.172330601 +0100
+@@ -3,4 +3,6 @@
+ 
+ account    include	system-local-login
+ password   include	system-local-login
++
++session    optional pam_lastlog.so DEBUG
+ session    include	system-local-login
+--- pambase-20120417/system-login.in.orig	2012-11-21 14:31:42.232160039 +0100
++++ pambase-20120417/system-login.in	2012-11-21 14:35:20.738025880 +0100
+@@ -41,7 +41,7 @@
+ session		required	pam_env.so DEBUG
+ #endif
+ #if HAVE_LASTLOG
+-session		optional	pam_lastlog.so DEBUG
++session		optional	pam_lastlog.so silent DEBUG
+ #endif
+ session		include		system-auth
+ #if HAVE_CONSOLEKIT
diff --git a/sys-auth/pambase/files/pambase-20120417-systemd-2.patch b/sys-auth/pambase/files/pambase-20120417-systemd-2.patch
new file mode 100644
index 00000000..047fb41c
--- /dev/null
+++ b/sys-auth/pambase/files/pambase-20120417-systemd-2.patch
@@ -0,0 +1,29 @@
+http://bugs.gentoo.org/372229
+
+--- Makefile
++++ Makefile
+@@ -28,6 +28,10 @@
+ PAMFLAGS += -DHAVE_CONSOLEKIT=1
+ endif
+ 
++ifeq "$(SYSTEMD)" "yes"
++PAMFLAGS += -DHAVE_SYSTEMD=1
++endif
++
+ ifeq "$(GNOME_KEYRING)" "yes"
+ PAMFLAGS += -DHAVE_GNOME_KEYRING=1
+ endif
+--- system-login.in
++++ system-login.in
+@@ -45,7 +45,10 @@
+ #endif
+ session		include		system-auth
+ #if HAVE_CONSOLEKIT
+-session		optional	pam_ck_connector.so nox11
++-session	optional	pam_ck_connector.so nox11
++#endif
++#if HAVE_SYSTEMD
++-session	optional	pam_systemd.so
+ #endif
+ #if HAVE_GNOME_KEYRING
+ session		optional	pam_gnome_keyring.so auto_start
diff --git a/sys-auth/pambase/metadata.xml b/sys-auth/pambase/metadata.xml
new file mode 100644
index 00000000..7a357751
--- /dev/null
+++ b/sys-auth/pambase/metadata.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <herd>pam</herd>
+  <maintainer>
+    <email>pam-bugs@gentoo.org</email>
+  </maintainer>
+  <use>
+    <flag name="cracklib">
+      Enable pam_cracklib module on system authentication stack. This
+      produces warnings when changing password to something easily
+      crackable. It requires the same USE flag to be enabled on
+      <pkg>sys-libs/pam</pkg> or system login might be impossible.
+    </flag>
+    <flag name="consolekit">
+      Enable pam_ck_connector module on local system logins. This
+      allows for console logins to make use of ConsoleKit
+      authorization.
+    </flag>
+    <flag name="systemd">
+      Use pam_systemd module to register user sessions in the systemd
+      control group hierarchy.
+    </flag>
+    <flag name="gnome-keyring">
+      Enable pam_gnome_keyring module on system login stack. This
+      enables proper Gnome Keyring access to logins, whether they are
+      done with the login shell, a Desktop Manager or a remote login
+      systems such as SSH.
+    </flag>
+    <flag name="debug">
+      Enable debug information logging on syslog(3) for all the
+      modules supporting this in the system authentication and system
+      login stacks.
+    </flag>
+    <flag name="passwdqc">
+      Enable pam_passwdqc module on system auth stack for password
+      quality validation. This is an alternative to pam_cracklib
+      producing warnings, rejecting or providing example passwords
+      when changing your system password. It is used by default by
+      OpenWall GNU/*/Linux and by FreeBSD.
+    </flag>
+    <flag name="mktemp">
+      Enable pam_mktemp module on system auth stack for session
+      handling. This module creates a private temporary directory for
+      the user, and sets TMP and TMPDIR accordingly.
+    </flag>
+    <flag name="pam_ssh">
+      Enable pam_ssh module on system auth stack for authentication
+      and session handling. This module will accept as password the
+      passphrase of a private SSH key (one of ~/.ssh/id_rsa,
+      ~/.ssh/id_dsa or ~/.ssh/identity), and will spawn an ssh-agent
+      instance to cache the open key.
+    </flag>
+    <flag name="sha512">
+      Switch Linux-PAM's pam_unix module to use sha512 for passwords
+      hashes rather than MD5. This option requires
+      <pkg>&gt;=sys-libs/pam-1.0.1</pkg> built against
+      <pkg>&gt;=sys-libs/glibc-2.7</pkg>, if it's built against an
+      earlier version, it will silently be ignored, and MD5 hashes
+      will be used. All the passwords changed after this USE flag is
+      enabled will be saved to the shadow file hashed using SHA512
+      function. The password previously saved will be left
+      untouched. Please note that while SHA512-hashed passwords will
+      still be recognised if the USE flag is removed, the shadow file
+      will not be compatible with systems using an earlier glibc
+      version.
+    </flag>
+    <flag name="pam_krb5">
+      Enable pam_krb5 module on system auth stack, as an alternative
+      to pam_unix. If Kerberos authentication succeed, only pam_unix
+      will be ignore, and all the other modules will proceed as usual,
+      including Gnome Keyring and other session modules. It requires
+      <pkg>sys-libs/pam</pkg> as PAM implementation.
+    </flag>
+    <flag name="minimal">
+      Disables the standard PAM modules that provide extra information
+      to users on login; this includes pam_tally (and pam_tally2 for
+      Linux PAM 1.1 and later), pam_lastlog, pam_motd and other
+      similar modules. This might not be a good idea on a multi-user
+      system but could reduce slightly the overhead on single-user
+      non-networked systems.
+    </flag>
+  </use>
+</pkgmetadata>
diff --git a/sys-auth/pambase/pambase-20120417-r5.ebuild b/sys-auth/pambase/pambase-20120417-r5.ebuild
new file mode 100644
index 00000000..fe791970
--- /dev/null
+++ b/sys-auth/pambase/pambase-20120417-r5.ebuild
@@ -0,0 +1,106 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI=4
+inherit eutils
+
+DESCRIPTION="PAM base configuration files"
+HOMEPAGE="http://www.gentoo.org/proj/en/base/pam/"
+SRC_URI="http://dev.gentoo.org/~flameeyes/${PN}/${P}.tar.bz2
+	http://dev.gentoo.org/~phajdan.jr/${PN}/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 -sparc-fbsd -x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="consolekit cracklib debug minimal mktemp pam_krb5 pam_ssh passwdqc selinux +sha512 systemd"
+
+RESTRICT=binchecks
+
+MIN_PAM_REQ=1.1.3
+
+RDEPEND="
+	|| (
+		>=sys-libs/pam-${MIN_PAM_REQ}
+		( sys-auth/openpam || ( sys-freebsd/freebsd-pam-modules sys-netbsd/netbsd-pam-modules ) )
+		)
+	consolekit? ( sys-auth/consolekit[pam] )
+	cracklib? ( >=sys-libs/pam-${MIN_PAM_REQ}[cracklib] )
+	mktemp? ( sys-auth/pam_mktemp )
+	pam_krb5? (
+		>=sys-libs/pam-${MIN_PAM_REQ}
+		>=sys-auth/pam_krb5-4.3
+		)
+	pam_ssh? ( sys-auth/pam_ssh )
+	passwdqc? ( >=sys-auth/pam_passwdqc-1.0.4 )
+	selinux? ( >=sys-libs/pam-${MIN_PAM_REQ}[selinux] )
+	sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
+	!<sys-apps/shadow-4.1.5-r1
+	!<sys-freebsd/freebsd-pam-modules-6.2-r1
+	!<sys-libs/pam-0.99.9.0-r1"
+DEPEND="app-portage/portage-utils"
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-systemd-2.patch
+	epatch "${FILESDIR}"/${P}-lastlog-silent.patch
+	# Drop pam_motd for now, since it breaks DEs autologin
+	epatch "${FILESDIR}"/${P}-drop-motd-for-now.patch
+}
+
+src_compile() {
+	local implementation=
+	local linux_pam_version=
+	if has_version sys-libs/pam; then
+		implementation=linux-pam
+		local ver_str=$(qatom `best_version sys-libs/pam` | cut -d ' ' -f 3)
+		linux_pam_version=$(printf "0x%02x%02x%02x" ${ver_str//\./ })
+	elif has_version sys-auth/openpam; then
+		implementation=openpam
+	else
+		die "PAM implementation not identified"
+	fi
+
+	use_var() {
+		local varname=$(echo $1 | tr [a-z] [A-Z])
+		local usename=${2-$(echo $1 | tr [A-Z] [a-z])}
+		local varvalue=$(usex $usename)
+		echo "${varname}=${varvalue}"
+	}
+
+	emake \
+		GIT=true \
+		$(use_var debug) \
+		$(use_var cracklib) \
+		$(use_var passwdqc) \
+		$(use_var selinux) \
+		$(use_var mktemp) \
+		$(use_var PAM_SSH pam_ssh) \
+		$(use_var sha512) \
+		$(use_var KRB5 pam_krb5) \
+		$(use_var minimal) \
+		$(use_var consolekit) \
+		GNOME_KEYRING=yes \
+		SYSTEMD=yes \
+		IMPLEMENTATION=${implementation} \
+		LINUX_PAM_VERSION=${linux_pam_version}
+}
+
+src_test() { :; }
+
+src_install() {
+	emake GIT=true DESTDIR="${ED}" install
+}
+
+pkg_postinst() {
+	if use sha512; then
+		elog "Starting from version 20080801, pambase optionally enables"
+		elog "SHA512-hashed passwords. For this to work, you need sys-libs/pam-1.0.1"
+		elog "built against sys-libs/glibc-2.7 or later."
+		elog "If you don't have support for this, it will automatically fallback"
+		elog "to MD5-hashed passwords, just like before."
+		elog
+		elog "Please note that the change only affects the newly-changed passwords"
+		elog "and that SHA512-hashed passwords will not work on earlier versions"
+		elog "of glibc or Linux-PAM."
+	fi
+}