pambase: upgraded package to upstream
Upgraded sys-auth/pambase to version 20220214 on amd64
This package upgrade is needed for the sdk to compile correctly. The
reason why things are working for lakitu right now is because we forked
pambase into project-lakitu, leaving pambase in portage-stable somewhat
abandoned. However, the sdk uses pambase from portage-stable, so we need
to update this for sdk builds to work.
Eventually we need to remove pambase from project-lakitu and merge
things back into portage-stable.
BUG=b/177367546
TEST=presubmit
RELEASE_NOTE=None
Change-Id: Ic328d84fb6b0caad5d89d51377abd782b66ec77d
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/portage-stable/+/29840
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Anil Altinay <aaltinay@google.com>
diff --git a/metadata/md5-cache/sys-auth/pambase-20190402 b/metadata/md5-cache/sys-auth/pambase-20190402
deleted file mode 100644
index 2136120..0000000
--- a/metadata/md5-cache/sys-auth/pambase-20190402
+++ /dev/null
@@ -1,14 +0,0 @@
-DEFINED_PHASES=compile install test
-DEPEND=app-arch/xz-utils app-portage/portage-utils
-DESCRIPTION=PAM base configuration files
-EAPI=7
-HOMEPAGE=https://github.com/gentoo/pambase
-IUSE=consolekit +cracklib debug elogind minimal mktemp +nullok pam_krb5 pam_ssh passwdqc securetty selinux +sha512 systemd
-KEYWORDS=*
-LICENSE=GPL-2
-RDEPEND=>=sys-libs/pam-1.1.3 consolekit? ( sys-auth/consolekit[pam] ) cracklib? ( sys-libs/pam[cracklib] ) elogind? ( sys-auth/elogind[pam] ) mktemp? ( sys-auth/pam_mktemp ) pam_krb5? ( >=sys-libs/pam-1.1.3 sys-auth/pam_krb5 ) pam_ssh? ( sys-auth/pam_ssh ) passwdqc? ( sys-auth/pam_passwdqc ) selinux? ( sys-libs/pam[selinux] ) sha512? ( >=sys-libs/pam-1.1.3 ) systemd? ( sys-apps/systemd[pam] )
-REQUIRED_USE=?? ( consolekit elogind systemd )
-RESTRICT=binchecks
-SLOT=0
-SRC_URI=https://github.com/gentoo/pambase/archive/pambase-20190402.tar.gz
-_md5_=86b498f21a0ccd9c9275f84c930b32b9
diff --git a/metadata/md5-cache/sys-auth/pambase-20220214 b/metadata/md5-cache/sys-auth/pambase-20220214
new file mode 100644
index 0000000..aebbd79
--- /dev/null
+++ b/metadata/md5-cache/sys-auth/pambase-20220214
@@ -0,0 +1,15 @@
+BDEPEND=|| ( ( dev-lang/python:3.9 dev-python/jinja[python_targets_python3_9(-),python_single_target_python3_9(+)] ) ( dev-lang/python:3.8 dev-python/jinja[python_targets_python3_8(-),python_single_target_python3_8(+)] ) ( dev-lang/python:3.7 dev-python/jinja[python_targets_python3_7(-),python_single_target_python3_7(+)] ) ( dev-lang/python:3.6 dev-python/jinja[python_targets_python3_6(-),python_single_target_python3_6(+)] ) )
+DEFINED_PHASES=configure install postinst setup test
+DESCRIPTION=PAM base configuration files
+EAPI=7
+HOMEPAGE=https://github.com/gentoo/pambase
+IUSE=caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 systemd yescrypt
+KEYWORDS=*
+LICENSE=MIT
+RDEPEND=>=sys-libs/pam-1.4.0 elogind? ( sys-auth/elogind[pam] ) gnome-keyring? ( gnome-base/gnome-keyring[pam] ) mktemp? ( sys-auth/pam_mktemp ) pam_krb5? ( >=sys-libs/pam-1.4.0 sys-auth/pam_krb5 ) caps? ( sys-libs/libcap[pam] ) pam_ssh? ( sys-auth/pam_ssh ) passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 ) pwquality? ( dev-libs/libpwquality[pam] ) selinux? ( sys-libs/pam[selinux] ) sha512? ( >=sys-libs/pam-1.4.0 ) homed? ( sys-apps/systemd[homed] ) systemd? ( sys-apps/systemd[pam] ) yescrypt? ( sys-libs/libxcrypt[system] )
+REQUIRED_USE=?? ( elogind systemd ) ?? ( passwdqc pwquality ) ?? ( sha512 yescrypt ) pwhistory? ( || ( passwdqc pwquality ) ) homed? ( !pam_krb5 ) pam_krb5? ( !homed )
+RESTRICT=binchecks
+SLOT=0
+SRC_URI=https://github.com/gentoo/pambase/archive/pambase-20220214.tar.gz
+_eclasses_=eutils fcb2aa98e1948b835b5ae66ca52868c5 flag-o-matic 5d5921a298e95441da2f85be419894c0 multilib 2477ebe553d3e4d2c606191fe6c33602 pam 3f746974e1cc47cabe3bd488c08cdc8e python-any-r1 54a3178500786b0a7ede4a23b7f2a6ad python-utils-r1 157a6a7a3e99c7dbdf81acc9dd4f57cd readme.gentoo-r1 22ae82e140bdd95d17a34fd5fd733190 toolchain-funcs f783d68a26b62d6b19e070e6bcada5e6
+_md5_=7312459c03a3b00310fbd46b0c5f3ec6
diff --git a/sys-auth/pambase/Manifest b/sys-auth/pambase/Manifest
index f09aab4..6e69f92 100644
--- a/sys-auth/pambase/Manifest
+++ b/sys-auth/pambase/Manifest
@@ -1 +1,3 @@
-DIST pambase-20190402.tar.gz 3679 BLAKE2B 992d7bf6b6f74ef22a8808b57dd6faffb6c351eaa8be4172f320031334ca6def698b2cb17005b58ac3c18e89a94012e279b0f27cc2bea5040ae8ddc3233cba2d SHA512 565d64653e9898b9bd231c1461ec0988a19dbc9500ff1417a7197ac75804abeb13ca543121ae4afb29017c1e99073a16137e5c876f43dcc01e2641218760f4ae
+DIST pambase-20210201.1.tar.gz 3345 BLAKE2B bc12164181de98b3c5b8ed3b72bc6a84b5c6039f389a87da94e5cb9312fa4e221e6317bcd496d5c634c60cd6fbb8c8cd2f4b845687ef942a707fe687f5184afd SHA512 74ab4d7c19a20c088d667ae92e4dcb99b33584ba56df46184173432fd297bd47917494b81cb5ad3f5f49ad5a797c008527399f329e56f2799f5fc376eaa59236
+DIST pambase-20211218.tar.gz 3366 BLAKE2B b07ae0b8f9480e0ad456fcfbd46da008182dedf3542b14c27cbe5d65a68290898751cd3e5a59cb8f040ced6316a70cdbc7afdd54ef2965a20ba537c686f76b36 SHA512 8aaaf15f9f82ce9f717a988676d00435e60bada05927843967b505a972d96a2ab7bab9971bd5476b8a8bda76c7063fa4d452818a89eccd4066f65d3f1b2fb3d7
+DIST pambase-20220214.tar.gz 3372 BLAKE2B fc560005c48598d972cf68bfbd33784be7d7e5a12f5ebcd06e708241a169b1bcf7cb7dcd7109f44c2d9802ae0b294eaeb61782640f0b0cb9767f2ecf8c053c7f SHA512 57d037944cf6d9db69d5eb8ce32b087ac4781fae13c1daba1e248a1818dfcbbf2cb66fce79cad7808f2b0f89d3f3dd05455a1c8f3c976561769b056dc8bf7323
diff --git a/sys-auth/pambase/metadata.xml b/sys-auth/pambase/metadata.xml
index 7c4208d..f2c911a 100644
--- a/sys-auth/pambase/metadata.xml
+++ b/sys-auth/pambase/metadata.xml
@@ -1,22 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>zlogene@gentoo.org</email>
<name>Mikle Kolyada</name>
</maintainer>
+ <maintainer type="person">
+ <email>sam@gentoo.org</email>
+ <name>Sam James</name>
+ </maintainer>
<use>
- <flag name="cracklib">
- Enable pam_cracklib module on system authentication stack. This
- produces warnings when changing password to something easily
- crackable. It requires the same USE flag to be enabled on
- <pkg>sys-libs/pam</pkg> or system login might be impossible.
- </flag>
- <flag name="consolekit">
- Enable pam_ck_connector module on local system logins. This
- allows for console logins to make use of ConsoleKit
- authorization.
- </flag>
<flag name="elogind">
Use pam_elogind module to register user sessions with elogind.
</flag>
@@ -24,6 +17,10 @@
Use pam_systemd module to register user sessions in the systemd
control group hierarchy.
</flag>
+ <flag name="homed">
+ Use pam_systemd_home module to manage home directories with
+ the systemd-homed service
+ </flag>
<flag name="debug">
Enable debug information logging on syslog(3) for all the
modules supporting this in the system authentication and system
@@ -31,10 +28,19 @@
</flag>
<flag name="passwdqc">
Enable pam_passwdqc module on system auth stack for password
- quality validation. This is an alternative to pam_cracklib
- producing warnings, rejecting or providing example passwords
- when changing your system password. It is used by default by
- OpenWall GNU/*/Linux and by FreeBSD.
+ quality validation. This module produces warnings, rejecting
+ or providing example passwords when changing your system password.
+ It is used by default by OpenWall GNU/*/Linux and by FreeBSD.
+ </flag>
+ <flag name="pwhistory">
+ Enable pam_pwhistory module on system auth stack to save
+ the last passwords for each user in order to force password
+ change history and keep the user from alternating between
+ the same password too frequently.
+ </flag>
+ <flag name="pwquality">
+ Enable pam_pwquality module on system auth stack for passwd
+ quality validation. It is used be dafault by Fedora GNU/*/Linux.
</flag>
<flag name="mktemp">
Enable pam_mktemp module on system auth stack for session
@@ -62,6 +68,9 @@
will not be compatible with systems using an earlier glibc
version.
</flag>
+ <flag name="yescrypt">
+ Switch Linux-PAM's pam_unix module to use yescrypt for passwords hashes rather than MD5
+ </flag>
<flag name="pam_krb5">
Enable pam_krb5 module on system auth stack, as an alternative
to pam_unix. If Kerberos authentication succeed, only pam_unix
@@ -71,11 +80,10 @@
</flag>
<flag name="minimal">
Disables the standard PAM modules that provide extra information
- to users on login; this includes pam_tally (and pam_tally2 for
- Linux PAM 1.1 and later), pam_lastlog, pam_motd and other
- similar modules. This might not be a good idea on a multi-user
- system but could reduce slightly the overhead on single-user
- non-networked systems.
+ to users on login; this includes pam_lastlog, pam_motd, pam_mail
+ and other similar modules. This might not be a good idea on
+ a multi-user system but could reduce slightly the overhead on
+ single-user non-networked systems.
</flag>
<flag name="nullok">
Enable the nullok option with the pam_unix module. This allows
diff --git a/sys-auth/pambase/pambase-20190402.ebuild b/sys-auth/pambase/pambase-20190402.ebuild
deleted file mode 100644
index 3d85f49..0000000
--- a/sys-auth/pambase/pambase-20190402.ebuild
+++ /dev/null
@@ -1,87 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-DESCRIPTION="PAM base configuration files"
-HOMEPAGE="https://github.com/gentoo/pambase"
-SRC_URI="https://github.com/gentoo/pambase/archive/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="*"
-IUSE="consolekit +cracklib debug elogind minimal mktemp +nullok pam_krb5 pam_ssh passwdqc securetty selinux +sha512 systemd"
-
-RESTRICT="binchecks"
-
-REQUIRED_USE="?? ( consolekit elogind systemd )"
-
-MIN_PAM_REQ=1.1.3
-
-RDEPEND="
- >=sys-libs/pam-${MIN_PAM_REQ}
- consolekit? ( sys-auth/consolekit[pam] )
- cracklib? ( sys-libs/pam[cracklib] )
- elogind? ( sys-auth/elogind[pam] )
- mktemp? ( sys-auth/pam_mktemp )
- pam_krb5? (
- >=sys-libs/pam-${MIN_PAM_REQ}
- sys-auth/pam_krb5
- )
- pam_ssh? ( sys-auth/pam_ssh )
- passwdqc? ( sys-auth/pam_passwdqc )
- selinux? ( sys-libs/pam[selinux] )
- sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
- systemd? ( sys-apps/systemd[pam] )
-"
-DEPEND="
- app-arch/xz-utils
- app-portage/portage-utils
-"
-
-S="${WORKDIR}/${PN}-${P}"
-
-src_compile() {
- local implementation linux_pam_version
- if has_version sys-libs/pam; then
- implementation=linux-pam
- local ver_str=$(qatom $(best_version sys-libs/pam) | cut -d ' ' -f 3)
- linux_pam_version=$(printf "0x%02x%02x%02x" ${ver_str//\./ })
- elif has_version sys-auth/openpam; then
- implementation=openpam
- else
- die "PAM implementation not identified"
- fi
-
- use_var() {
- local varname=$(echo "$1" | tr '[:lower:]' '[:upper:]')
- local usename=${2-$(echo "$1" | tr '[:upper:]' '[:lower:]')}
- local varvalue=$(usex ${usename})
- echo "${varname}=${varvalue}"
- }
-
- emake \
- GIT=true \
- $(use_var debug) \
- $(use_var cracklib) \
- $(use_var passwdqc) \
- $(use_var consolekit) \
- $(use_var elogind) \
- $(use_var systemd) \
- $(use_var selinux) \
- $(use_var nullok) \
- $(use_var mktemp) \
- $(use_var pam_ssh) \
- $(use_var securetty) \
- $(use_var sha512) \
- $(use_var KRB5 pam_krb5) \
- $(use_var minimal) \
- IMPLEMENTATION=${implementation} \
- LINUX_PAM_VERSION=${linux_pam_version}
-}
-
-src_test() { :; }
-
-src_install() {
- emake GIT=true DESTDIR="${ED}" install
-}
diff --git a/sys-auth/pambase/pambase-20220214.ebuild b/sys-auth/pambase/pambase-20220214.ebuild
new file mode 100644
index 0000000..cb2d43a
--- /dev/null
+++ b/sys-auth/pambase/pambase-20220214.ebuild
@@ -0,0 +1,112 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6..9} )
+
+inherit pam python-any-r1 readme.gentoo-r1
+
+DESCRIPTION="PAM base configuration files"
+HOMEPAGE="https://github.com/gentoo/pambase"
+
+if [[ ${PV} == *9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/gentoo/pambase.git"
+else
+ SRC_URI="https://github.com/gentoo/pambase/archive/${P}.tar.gz"
+ KEYWORDS="*"
+ S="${WORKDIR}/${PN}-${P}"
+fi
+
+LICENSE="MIT"
+SLOT="0"
+IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 systemd yescrypt"
+
+RESTRICT="binchecks"
+
+REQUIRED_USE="
+ ?? ( elogind systemd )
+ ?? ( passwdqc pwquality )
+ ?? ( sha512 yescrypt )
+ pwhistory? ( || ( passwdqc pwquality ) )
+ homed? ( !pam_krb5 )
+ pam_krb5? ( !homed )
+"
+
+MIN_PAM_REQ=1.4.0
+
+RDEPEND="
+ >=sys-libs/pam-${MIN_PAM_REQ}
+ elogind? ( sys-auth/elogind[pam] )
+ gnome-keyring? ( gnome-base/gnome-keyring[pam] )
+ mktemp? ( sys-auth/pam_mktemp )
+ pam_krb5? (
+ >=sys-libs/pam-${MIN_PAM_REQ}
+ sys-auth/pam_krb5
+ )
+ caps? ( sys-libs/libcap[pam] )
+ pam_ssh? ( sys-auth/pam_ssh )
+ passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 )
+ pwquality? ( dev-libs/libpwquality[pam] )
+ selinux? ( sys-libs/pam[selinux] )
+ sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
+ homed? ( sys-apps/systemd[homed] )
+ systemd? ( sys-apps/systemd[pam] )
+ yescrypt? ( sys-libs/libxcrypt[system] )
+"
+
+BDEPEND="$(python_gen_any_dep '
+ dev-python/jinja[${PYTHON_USEDEP}]
+ ')"
+
+python_check_deps() {
+ has_version -b "dev-python/jinja[${PYTHON_USEDEP}]"
+}
+
+src_configure() {
+ ${EPYTHON} ./${PN}.py \
+ $(usex caps '--caps' '') \
+ $(usex debug '--debug' '') \
+ $(usex elogind '--elogind' '') \
+ $(usex gnome-keyring '--gnome-keyring' '') \
+ $(usex homed '--homed' '') \
+ $(usex minimal '--minimal' '') \
+ $(usex mktemp '--mktemp' '') \
+ $(usex nullok '--nullok' '') \
+ $(usex pam_krb5 '--krb5' '') \
+ $(usex pam_ssh '--pam-ssh' '') \
+ $(usex passwdqc '--passwdqc' '') \
+ $(usex pwhistory '--pwhistory' '') \
+ $(usex pwquality '--pwquality' '') \
+ $(usex securetty '--securetty' '') \
+ $(usex selinux '--selinux' '') \
+ $(usex sha512 '--sha512' '') \
+ $(usex systemd '--systemd' '') \
+ $(usex yescrypt '--yescrypt' '') \
+ || die
+}
+
+src_test() { :; }
+
+src_install() {
+ local DOC_CONTENTS
+
+ if use passwdqc; then
+ DOC_CONTENTS="To amend the existing password policy please see the man 5 passwdqc.conf
+ page and then edit the /etc/security/passwdqc.conf file"
+ fi
+
+ if use pwquality; then
+ DOC_CONTENTS="To amend the existing password policy please see the man 5 pwquality.conf
+ page and then edit the /etc/security/pwquality.conf file"
+ fi
+
+ { use passwdqc || use pwquality; } && readme.gentoo_create_doc
+
+ dopamd -r stack/.
+}
+
+pkg_postinst() {
+ { use passwdqc || use pwquality; } && readme.gentoo_print_elog
+}
