commit: 8e54876e8e58c8672126959876d0bc21542f0671
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 17 21:13:17 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Thu Sep 17 21:15:01 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e54876e
sys-auth/pambase: Version bump (v20200917)
* swith pam_passwdqc and pam_pwquality to its config files
* add optional pam_pwhistory module
Package-Manager: Portage-3.0.4, Repoman-3.0.1
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
sys-auth/pambase/Manifest | 1 +
sys-auth/pambase/metadata.xml | 15 +++--
sys-auth/pambase/pambase-20200917.ebuild | 99 ++++++++++++++++++++++++++++++++
3 files changed, 110 insertions(+), 5 deletions(-)
diff --git a/sys-auth/pambase/Manifest b/sys-auth/pambase/Manifest
index 5d95b8277c1..0ced4f4d7b6 100644
--- a/sys-auth/pambase/Manifest
+++ b/sys-auth/pambase/Manifest
@@ -1,2 +1,3 @@
DIST pambase-20200304.tar.gz 3466 BLAKE2B
e4d406460d435403ed7a46d517f9006cacc54a94f5019a573c81b331731c88679ed6d388354b5946894bdfada556b4c73735c3f4de88fc7678cd831c68ab46c3
SHA512
c2a7f3fd143637fbdf5c0a3c58ba5a3c23c5e8adb1f057d02b4b9d64660435fc529031a0f710a9e5fc7091710f78dcb2f3e1ff48f033fb491ddd0399ef05b189
DIST pambase-20200817.tar.gz 3340 BLAKE2B
76a9afbf29ab9ee6f7d25943de8c7c7bdd3413ade64d7a7623d5aec297cd864c1696a6442179d8d7c52f4df00644d80486e0dc61255454aa72b18eb9ae901ed8
SHA512
5448335da1437776f6097e591a1bd52dc62fb1847622c19077f14cdf8a677bc916f220903e4c6e924d43360fec0010a23b9cdf62aeba2a617ef6208eac2438eb
+DIST pambase-20200917.tar.gz 3342 BLAKE2B
4dde3a6a4a22f02464a2a703a2385038c53c05398904dc47431880a16d7dd1ba89c8f5fdf19a7d50406f2487f8bdf90264ca2941cc6a2ad9d404e89c3d73edca
SHA512
0cae27f7cd7ef258771b61110ba3ce5a44a0f9d71030670b2a40aa47a609d30ae3e3d7bc0649dcce25a2cfe2e1259e6d9ff435118ab1d2db771a162898ab5143
diff --git a/sys-auth/pambase/metadata.xml b/sys-auth/pambase/metadata.xml
index bb8fe728126..f64b1660560 100644
--- a/sys-auth/pambase/metadata.xml
+++ b/sys-auth/pambase/metadata.xml
@@ -39,6 +39,12 @@
or providing example passwords when changing your
system password.
It is used by default by OpenWall GNU/*/Linux and by
FreeBSD.
</flag>
+ <flag name="pwhistory">
+ Enable pam_pwhistory module on system auth stack to save
+ the last passwords for each user in order to force
password
+ change history and keep the user from alternating
between
+ the same password too frequently.
+ </flag>
<flag name="pwquality">
Enable pam_pwquality module on system auth stack for
passwd
quality validation. It is used be dafault by Fedora
GNU/*/Linux.
@@ -78,11 +84,10 @@
</flag>
<flag name="minimal">
Disables the standard PAM modules that provide extra
information
- to users on login; this includes pam_tally (and
pam_tally2 for
- Linux PAM 1.1 and later), pam_lastlog, pam_motd and
other
- similar modules. This might not be a good idea on a
multi-user
- system but could reduce slightly the overhead on
single-user
- non-networked systems.
+ to users on login; this includes pam_lastlog, pam_motd,
pam_mail
+ and other similar modules. This might not be a good
idea on
+ a multi-user system but could reduce slightly the
overhead on
+ single-user non-networked systems.
</flag>
<flag name="nullok">
Enable the nullok option with the pam_unix module. This
allows
diff --git a/sys-auth/pambase/pambase-20200917.ebuild
b/sys-auth/pambase/pambase-20200917.ebuild
new file mode 100644
index 00000000000..65f65bd0776
--- /dev/null
+++ b/sys-auth/pambase/pambase-20200917.ebuild
@@ -0,0 +1,99 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7..9} )
+
+inherit pam python-any-r1 readme.gentoo-r1
+
+DESCRIPTION="PAM base configuration files"
+HOMEPAGE="https://github.com/gentoo/pambase";
+SRC_URI="https://github.com/gentoo/pambase/archive/${P}.tar.gz";
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv
~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="caps debug elogind gnome-keyring minimal mktemp +nullok pam_krb5 pam_ssh
+passwdqc pwhistory pwquality securetty selinux +sha512 systemd"
+
+RESTRICT="binchecks"
+
+REQUIRED_USE="
+ ?? ( elogind systemd )
+ ?? ( passwdqc pwquality )
+ pwhistory? ( || ( passwdqc pwquality ) )
+"
+
+MIN_PAM_REQ=1.4.0
+
+RDEPEND="
+ >=sys-libs/pam-${MIN_PAM_REQ}
+ elogind? ( sys-auth/elogind[pam] )
+ gnome-keyring? ( gnome-base/gnome-keyring[pam] )
+ mktemp? ( sys-auth/pam_mktemp )
+ pam_krb5? (
+ >=sys-libs/pam-${MIN_PAM_REQ}
+ sys-auth/pam_krb5
+ )
+ caps? ( sys-libs/libcap[pam] )
+ pam_ssh? ( sys-auth/pam_ssh )
+ passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 )
+ pwquality? ( dev-libs/libpwquality[pam] )
+ selinux? ( sys-libs/pam[selinux] )
+ sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
+ systemd? ( sys-apps/systemd[pam] )
+"
+
+BDEPEND="$(python_gen_any_dep '
+ dev-python/jinja[${PYTHON_USEDEP}]
+ ')"
+
+python_check_deps() {
+ has_version -b "dev-python/jinja[${PYTHON_USEDEP}]"
+}
+
+S="${WORKDIR}/${PN}-${P}"
+
+src_configure() {
+ ${EPYTHON} ./${PN}.py \
+ $(usex caps '--libcap' '') \
+ $(usex debug '--debug' '') \
+ $(usex elogind '--elogind' '') \
+ $(usex gnome-keyring '--gnome-keyring' '') \
+ $(usex minimal '--minimal' '') \
+ $(usex mktemp '--mktemp' '') \
+ $(usex nullok '--nullok' '') \
+ $(usex pam_krb5 '--krb5' '') \
+ $(usex pam_ssh '--pam-ssh' '') \
+ $(usex passwdqc '--passwdqc' '') \
+ $(usex pwhistory '--pwhistory' '') \
+ $(usex pwquality '--pwquality' '') \
+ $(usex securetty '--securetty' '') \
+ $(usex selinux '--selinux' '') \
+ $(usex sha512 '--sha512' '') \
+ $(usex systemd '--systemd' '')
+}
+
+src_test() { :; }
+
+src_install() {
+ local DOC_CONTENTS
+
+ if use passwdqc; then
+ DOC_CONTENTS="To amend the existing password policy please see
the man 5 passwdqc.conf
+ page and then edit the
/etc/security/passwdqc.conf file"
+ fi
+
+ if use pwquality; then
+ DOC_CONTENTS="To amend the existing password policy please see
the man 5 pwquality.conf
+ page and then edit the
/etc/security/pwquality.conf file"
+ fi
+
+ readme.gentoo_create_doc
+
+ dopamd -r stack/.
+}
+
+pkg_postinst() {
+ readme.gentoo_print_elog
+}
