sys-auth/pambase/pambase-20090620.1-r1.ebuild - mirrors/cros/chromiumos/overlays/chromiumos-overlay - Git at Google

 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Header: /var/cvsroot/gentoo-x86/sys-auth/pambase/pambase-20090620.1-r1.ebuild,v 1.7 2009/10/09 19:22:35 maekke Exp $

 EAPI=2

 inherit eutils

 DESCRIPTION="PAM base configuration files"
 HOMEPAGE="http://www.gentoo.org/proj/en/base/pam/"
 SRC_URI="http://www.flameeyes.eu/gentoo-distfiles/${P}.tar.bz2"

 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="~alpha amd64 arm hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd"
 IUSE="debug cracklib passwdqc consolekit gnome-keyring selinux mktemp ssh +sha512"
 RESTRICT="binchecks"

 RDEPEND="
 	chromeos-base/vboot_reference
 	|| (
 		>=sys-libs/pam-0.99.9.0-r1
 		( sys-auth/openpam
 		  || ( sys-freebsd/freebsd-pam-modules sys-netbsd/netbsd-pam-modules )
 		)
 	)
 	cracklib? ( >=sys-libs/pam-0.99[cracklib] )
 	consolekit? ( >=sys-auth/consolekit-0.3[pam] )
 	gnome-keyring? ( >=gnome-base/gnome-keyring-2.20[pam] )
 	selinux? ( >=sys-libs/pam-0.99[selinux] )
 	passwdqc? ( >=sys-auth/pam_passwdqc-1.0.4 )
 	mktemp? ( sys-auth/pam_mktemp )
 	ssh? ( sys-auth/pam_ssh )
 	sha512? ( >=sys-libs/pam-1.0.1 )
 	!<sys-freebsd/freebsd-pam-modules-6.2-r1
 	!<sys-libs/pam-0.99.9.0-r1"
 DEPEND="app-portage/portage-utils"

 src_prepare() {
 	# Disable nullok option.
 	epatch "${FILESDIR}/${P}-disable-nullok.patch"
 }

 src_compile() {
 	local implementation=
 	local linux_pam_version=
 	if has_version sys-libs/pam; then
 		implementation="linux-pam"
 		local ver_str=$(qatom `best_version sys-libs/pam` | cut -d ' ' -f 3)
 		linux_pam_version=$(printf "0x%02x%02x%02x" ${ver_str//\./ })
 	elif has_version sys-auth/openpam; then
 		implementation="openpam"
 	else
 		die "PAM implementation not identified"
 	fi

 	use_var() {
 		local varname=$(echo $1 | tr [a-z] [A-Z])
 		local usename=${2-$(echo $1 | tr [A-Z] [a-z])}
 		local varvalue=$(use $usename && echo yes || echo no)
 		echo "${varname}=${varvalue}"
 	}

 	emake \
 		GIT=true \
 		$(use_var debug) \
 		$(use_var cracklib) \
 		$(use_var passwdqc) \
 		$(use_var consolekit) \
 		$(use_var GNOME_KEYRING gnome-keyring) \
 		$(use_var selinux) \
 		$(use_var mktemp) \
 		$(use_var PAM_SSH ssh) \
 		$(use_var sha512) \
 		IMPLEMENTATION=${implementation} \
 		LINUX_PAM_VERSION=${linux_pam_version} \
 		|| die "emake failed"
 }

 src_install() {
 	emake GIT=true DESTDIR="${D}" install || die "emake install failed"

 	# Chrome OS: sudo and vt2 are important for system debugging both in
 	# developer mode and during development.  These two stanzas allow sudo and
 	# login auth as user chronos under the following conditions:
 	#
 	# 1. password-less access:
 	# - system in developer mode
 	# - there is no passwd.devmode file
 	# - there is no system-wide password set above.
 	# 2. System-wide (/etc/shadow) password access:
 	# - image has a baked in password above
 	# 3. Developer mode password access
 	# - user creates a passwd.devmode file with "chronos:CRYPTED_PASSWORD"
 	# 4. System-wide (/etc/shadow) password access set by modifying /etc/shadow:
 	# - Cases #1 and #2 will apply but failure will fall through to the
 	#   inserted password.
 	insinto /etc/pam.d
 	doins "${FILESDIR}/chromeos-auth" || die
 }

 pkg_postinst() {
 	# If there's a shared user password or if the build target is the host,
 	# reset chromeos-auth to an empty file. We don't transition from empty to
 	# populated because binary packages lose FILESDIR.
 	local crypted_password='*'
 	if [ "${ROOT}" = "/" ]; then
 		crypted_password='host'
 	else
 		[ -r "${SHARED_USER_PASSWD_FILE}" ] &&
 			crypted_password=$(cat "${SHARED_USER_PASSWD_FILE}")
 	fi
 	if [ "${crypted_password}" != '*' ]; then
 		echo -n '' > "${ROOT}/etc/pam.d/chromeos-auth" || die
 	fi

 	if use sha512; then
 		elog "Starting from version 20080801, pambase optionally enables"
 		elog "SHA512-hashed passwords. For this to work, you need sys-libs/pam-1.0.1"
 		elog "built against sys-libs/glibc-2.7 or later."
 		elog "If you don't have support for this, it will automatically fallback"
 		elog "to MD5-hashed passwords, just like before."
 		elog
 		elog "Please note that the change only affects the newly-changed passwords"
 		elog "and that SHA512-hashed passwords will not work on earlier versions"
 		elog "of glibc or Linux-PAM."
 	fi
 }
	# Copyright 1999-2009 Gentoo Foundation
	# Distributed under the terms of the GNU General Public License v2
	# $Header: /var/cvsroot/gentoo-x86/sys-auth/pambase/pambase-20090620.1-r1.ebuild,v 1.7 2009/10/09 19:22:35 maekke Exp $

	EAPI=2

	inherit eutils

	DESCRIPTION="PAM base configuration files"
	HOMEPAGE="http://www.gentoo.org/proj/en/base/pam/"
	SRC_URI="http://www.flameeyes.eu/gentoo-distfiles/${P}.tar.bz2"

	LICENSE="GPL-2"
	SLOT="0"
	KEYWORDS="~alpha amd64 arm hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd"
	IUSE="debug cracklib passwdqc consolekit gnome-keyring selinux mktemp ssh +sha512"
	RESTRICT="binchecks"

	RDEPEND="
	chromeos-base/vboot_reference
	\|\| (
	>=sys-libs/pam-0.99.9.0-r1
	( sys-auth/openpam
	\|\| ( sys-freebsd/freebsd-pam-modules sys-netbsd/netbsd-pam-modules )
	)
	)
	cracklib? ( >=sys-libs/pam-0.99[cracklib] )
	consolekit? ( >=sys-auth/consolekit-0.3[pam] )
	gnome-keyring? ( >=gnome-base/gnome-keyring-2.20[pam] )
	selinux? ( >=sys-libs/pam-0.99[selinux] )
	passwdqc? ( >=sys-auth/pam_passwdqc-1.0.4 )
	mktemp? ( sys-auth/pam_mktemp )
	ssh? ( sys-auth/pam_ssh )
	sha512? ( >=sys-libs/pam-1.0.1 )
	!<sys-freebsd/freebsd-pam-modules-6.2-r1
	!<sys-libs/pam-0.99.9.0-r1"
	DEPEND="app-portage/portage-utils"

	src_prepare() {
	# Disable nullok option.
	epatch "${FILESDIR}/${P}-disable-nullok.patch"
	}

	src_compile() {
	local implementation=
	local linux_pam_version=
	if has_version sys-libs/pam; then
	implementation="linux-pam"
	local ver_str=$(qatom `best_version sys-libs/pam` \| cut -d ' ' -f 3)
	linux_pam_version=$(printf "0x%02x%02x%02x" ${ver_str//\./ })
	elif has_version sys-auth/openpam; then
	implementation="openpam"
	else
	die "PAM implementation not identified"
	fi

	use_var() {
	local varname=$(echo $1 \| tr [a-z] [A-Z])
	local usename=${2-$(echo $1 \| tr [A-Z] [a-z])}
	local varvalue=$(use $usename && echo yes \|\| echo no)
	echo "${varname}=${varvalue}"
	}

	emake \
	GIT=true \
	$(use_var debug) \
	$(use_var cracklib) \
	$(use_var passwdqc) \
	$(use_var consolekit) \
	$(use_var GNOME_KEYRING gnome-keyring) \
	$(use_var selinux) \
	$(use_var mktemp) \
	$(use_var PAM_SSH ssh) \
	$(use_var sha512) \
	IMPLEMENTATION=${implementation} \
	LINUX_PAM_VERSION=${linux_pam_version} \
	\|\| die "emake failed"
	}

	src_install() {
	emake GIT=true DESTDIR="${D}" install \|\| die "emake install failed"

	# Chrome OS: sudo and vt2 are important for system debugging both in
	# developer mode and during development. These two stanzas allow sudo and
	# login auth as user chronos under the following conditions:
	#
	# 1. password-less access:
	# - system in developer mode
	# - there is no passwd.devmode file
	# - there is no system-wide password set above.
	# 2. System-wide (/etc/shadow) password access:
	# - image has a baked in password above
	# 3. Developer mode password access
	# - user creates a passwd.devmode file with "chronos:CRYPTED_PASSWORD"
	# 4. System-wide (/etc/shadow) password access set by modifying /etc/shadow:
	# - Cases #1 and #2 will apply but failure will fall through to the
	# inserted password.
	insinto /etc/pam.d
	doins "${FILESDIR}/chromeos-auth" \|\| die
	}

	pkg_postinst() {
	# If there's a shared user password or if the build target is the host,
	# reset chromeos-auth to an empty file. We don't transition from empty to
	# populated because binary packages lose FILESDIR.
	local crypted_password='*'
	if [ "${ROOT}" = "/" ]; then
	crypted_password='host'
	else
	[ -r "${SHARED_USER_PASSWD_FILE}" ] &&
	crypted_password=$(cat "${SHARED_USER_PASSWD_FILE}")
	fi
	if [ "${crypted_password}" != '*' ]; then
	echo -n '' > "${ROOT}/etc/pam.d/chromeos-auth" \|\| die
	fi

	if use sha512; then
	elog "Starting from version 20080801, pambase optionally enables"
	elog "SHA512-hashed passwords. For this to work, you need sys-libs/pam-1.0.1"
	elog "built against sys-libs/glibc-2.7 or later."
	elog "If you don't have support for this, it will automatically fallback"
	elog "to MD5-hashed passwords, just like before."
	elog
	elog "Please note that the change only affects the newly-changed passwords"
	elog "and that SHA512-hashed passwords will not work on earlier versions"
	elog "of glibc or Linux-PAM."
	fi
	}