commit: e9ab218a16d07af32c94e5917c51c70537622a94
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 6 20:55:28 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Sep 6 20:55:28 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9ab218a
sys-auth/pambase: add 20250906
Sam James (3):
Add pam_gnome_keybase to auth, session stacks too
Keep pam_gnome_keyring in passwd too
Run pam_mktemp then pam_env
Closes: https://bugs.gentoo.org/780441
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-auth/pambase/Manifest | 1 +
sys-auth/pambase/pambase-20250906.ebuild | 129 +++++++++++++++++++++++++++++++
2 files changed, 130 insertions(+)
diff --git a/sys-auth/pambase/Manifest b/sys-auth/pambase/Manifest
index 7168378e37d5..a4a3c71e4315 100644
--- a/sys-auth/pambase/Manifest
+++ b/sys-auth/pambase/Manifest
@@ -3,3 +3,4 @@ DIST pambase-20240128.tar.bz2 5131 BLAKE2B
0950fff720f3a9d761a82303eaa7b997bfac6
DIST pambase-20250223.tar.bz2 5124 BLAKE2B
ea89d43c93d85baafa1a6951ae80c6306c762ab0524f84de86ed4b6a1abc1056e85c6b1f13012615ce2db40e113ce51e17ddcd274d5f4f4f94a0ec9315318500
SHA512
ce31d08f3fa51879cddab158ffed3dc9929c37a56e7dc2f757f7e87e72076a75d10874cba2020f398a198c0156ffc4ecc2ec5d6d654ca36f135a4f1837094b57
DIST pambase-20250228.tar.bz2 5144 BLAKE2B
ab4c8e84cc21e25ac12b66a3d9943becb62d4f53c2f9c201c79f2a1f1f1320f4bad2b56a2a76924386d7dbe9656abf5a0bd92bbbedda23088a26128aa743e79f
SHA512
e2ccbcd0c3e6f9fb035a2489a79bdfff5f12fe9393517d3b7ddb3bbd7a6a6e5b358663b1423166b0250931d50f608bb81a9f486fc53dbc7126b3980617387c94
DIST pambase-20250826.tar.bz2 4925 BLAKE2B
c6929aa506b94b9215bd2c686fd9965d6c3a77f36c7a2d114ca5b2c39a30e2209a84408ee855559837d54161e359723889b89bb9c048bb36b00c7156495968fc
SHA512
c9bc07ac617891ddab6f2a8358b10899462d9b54fcc3642d222dd2402914f24225854103b6c581aa2041fb0feb0f94688e07aad10ab94c3a629b4cd2937bd785
+DIST pambase-20250906.tar.bz2 4972 BLAKE2B
b65da13a265d5a3df1e84546a8f6e1447d7ea5a40fe4a44488691c4a182cf4b3d13d20ce85778f549d217ebf4b4511e71f5f285b34edf9e9e18bab50b0d22c82
SHA512
639d87169fafb0e44401104ade7dfaa7a5d6bd473d9e4e3c35a0fb87aaf73a383d406ee05944a3190750e55e59decd867ab3f773664f9fb787f40acc05826d1c
diff --git a/sys-auth/pambase/pambase-20250906.ebuild
b/sys-auth/pambase/pambase-20250906.ebuild
new file mode 100644
index 000000000000..810cd47a7139
--- /dev/null
+++ b/sys-auth/pambase/pambase-20250906.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{11..13} )
+
+inherit edo pam python-any-r1 readme.gentoo-r1
+
+DESCRIPTION="PAM base configuration files"
+HOMEPAGE="https://github.com/gentoo/pambase";
+
+if [[ ${PV} == *9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="
+ https://anongit.gentoo.org/git/proj/pambase.git
+ https://github.com/gentoo/pambase.git
+ "
+else
+
SRC_URI="https://gitweb.gentoo.org/proj/pambase.git/snapshot/${P}.tar.bz2";
+
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc
~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+LICENSE="MIT"
+SLOT="0"
+IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5
pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 sssd systemd
yescrypt"
+
+RESTRICT="binchecks"
+
+REQUIRED_USE="
+ ?? ( elogind systemd )
+ ?? ( passwdqc pwquality )
+ ?? ( sha512 yescrypt )
+ pwhistory? ( || ( passwdqc pwquality ) )
+ homed? ( !pam_krb5 )
+ pam_krb5? ( !homed )
+"
+
+MIN_PAM_REQ=1.4.0
+
+RDEPEND="
+ >=sys-libs/pam-${MIN_PAM_REQ}
+ elogind? ( sys-auth/elogind[pam] )
+ gnome-keyring? ( gnome-base/gnome-keyring[pam] )
+ mktemp? ( sys-auth/pam_mktemp )
+ pam_krb5? (
+ >=sys-libs/pam-${MIN_PAM_REQ}
+ sys-auth/pam_krb5
+ )
+ caps? ( sys-libs/libcap[pam] )
+ pam_ssh? ( sys-auth/pam_ssh )
+ passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 )
+ pwquality? ( dev-libs/libpwquality[pam] )
+ selinux? ( sys-libs/pam[selinux] )
+ sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
+ homed? ( sys-apps/systemd[homed] )
+ systemd? ( sys-apps/systemd[pam] )
+ yescrypt? ( sys-libs/libxcrypt[system] )
+ sssd? ( sys-auth/sssd )
+"
+BDEPEND="
+ $(python_gen_any_dep '
+ dev-python/jinja2[${PYTHON_USEDEP}]
+ ')
+"
+
+python_check_deps() {
+ python_has_version "dev-python/jinja2[${PYTHON_USEDEP}]"
+}
+
+src_configure() {
+ local crypt=md5
+ # TODO: sha256, blowfish, gost_yescrypt
+ use sha512 && crypt=sha512
+ use yescrypt && crypt=yescrypt
+
+ local pamargs=(
+ # Not all 'upstream' options are (currently) wired up
+ # in the ebuild.
+ #
+ # TODO: pam_shells
+ $(usev caps '--caps')
+ $(usev debug '--debug')
+ $(usev elogind '--elogind')
+ $(usev gnome-keyring '--gnome-keyring')
+ $(usev homed '--homed')
+ $(usev minimal '--minimal')
+ $(usev mktemp '--mktemp')
+ $(usev nullok '--nullok')
+ $(usev pam_krb5 '--krb5')
+ $(usev pam_ssh '--pam-ssh')
+ $(usev passwdqc '--passwdqc')
+ $(usev pwhistory '--pwhistory')
+ $(usev pwquality '--pwquality')
+ $(usev securetty '--securetty')
+ $(usev selinux '--selinux')
+ $(usex systemd '--systemd' '--openrc')
+ $(usev sssd '--sssd')
+
+ --encrypt=${crypt}
+ )
+
+ edo ${EPYTHON} ./${PN}.py "${pamargs[@]}"
+}
+
+src_test() { :; }
+
+src_install() {
+ local DOC_CONTENTS
+
+ if use passwdqc; then
+ DOC_CONTENTS="To amend the existing password policy please see
the man 5 passwdqc.conf
+ page and then edit the
/etc/security/passwdqc.conf file"
+ fi
+
+ if use pwquality; then
+ DOC_CONTENTS="To amend the existing password policy please see
the man 5 pwquality.conf
+ page and then edit the
/etc/security/pwquality.conf file"
+ fi
+
+ { use passwdqc || use pwquality; } && readme.gentoo_create_doc
+
+ dopamd -r stack/.
+}
+
+pkg_postinst() {
+ { use passwdqc || use pwquality; } && readme.gentoo_print_elog
+}
