diff options
author | Jakub Moc <jakub@gentoo.org> | 2006-06-08 14:25:06 +0000 |
---|---|---|
committer | Jakub Moc <jakub@gentoo.org> | 2006-06-08 14:25:06 +0000 |
commit | 4b310b4ac68297cd527c36aecf50ea17f189be49 (patch) | |
tree | 938771004f27ba2b43b875fc14d669d0c0b3277a | |
parent | Add some Manifest-and-digest loving (diff) | |
download | sunrise-4b310b4ac68297cd527c36aecf50ea17f189be49.tar.gz sunrise-4b310b4ac68297cd527c36aecf50ea17f189be49.tar.bz2 sunrise-4b310b4ac68297cd527c36aecf50ea17f189be49.zip |
New pam_mount ebuild, based on work of Sven Peter, Priit Laes and others in Bug 24213
svn path=/; revision=14
-rw-r--r-- | sys-auth/pam_mount/ChangeLog | 7 | ||||
-rw-r--r-- | sys-auth/pam_mount/Manifest | 24 | ||||
-rw-r--r-- | sys-auth/pam_mount/files/digest-pam_mount-0.13.0 | 3 | ||||
-rw-r--r-- | sys-auth/pam_mount/files/pam_mount-gentoo-paths-and-examples.patch | 71 | ||||
-rw-r--r-- | sys-auth/pam_mount/files/pam_mount.conf | 215 | ||||
-rw-r--r-- | sys-auth/pam_mount/files/system-auth | 23 | ||||
-rw-r--r-- | sys-auth/pam_mount/pam_mount-0.13.0.ebuild | 78 |
7 files changed, 421 insertions, 0 deletions
diff --git a/sys-auth/pam_mount/ChangeLog b/sys-auth/pam_mount/ChangeLog new file mode 100644 index 000000000..589581fe0 --- /dev/null +++ b/sys-auth/pam_mount/ChangeLog @@ -0,0 +1,7 @@ +# ChangeLog for sys-auth/pam_mount +# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 +# $Header: $ + + 08 Jun 2006; Jakub Moc <jakub@gentoo.org> +pam_mount-0.13.0.ebuild: + New ebuild, based on work of Sven Peter, Priit Laes and others in Bug 24213 + diff --git a/sys-auth/pam_mount/Manifest b/sys-auth/pam_mount/Manifest new file mode 100644 index 000000000..2b88b5098 --- /dev/null +++ b/sys-auth/pam_mount/Manifest @@ -0,0 +1,24 @@ +AUX pam_mount-gentoo-paths-and-examples.patch 3434 RMD160 d96c9d62e06f5f1a9d3fa66db6262c908699ba1c SHA1 3e855ec59ab97d087db2b6a7c3312bdea54d2aaa SHA256 ff49183c0899650f1d9e480b7895bd26627c2bee246715697071303751ffa96a +MD5 18e77a5b6f8042067d0afeb7482c5eaa files/pam_mount-gentoo-paths-and-examples.patch 3434 +RMD160 d96c9d62e06f5f1a9d3fa66db6262c908699ba1c files/pam_mount-gentoo-paths-and-examples.patch 3434 +SHA256 ff49183c0899650f1d9e480b7895bd26627c2bee246715697071303751ffa96a files/pam_mount-gentoo-paths-and-examples.patch 3434 +AUX pam_mount.conf 10115 RMD160 1fd1af233ce50a6fb231341966982a15c747fedf SHA1 aa73716cfe5b697bd5a049430a6dc8824734e312 SHA256 7bf16e96d6d4a7e380913316863d06f2b405883b5c790329aeaf3c7ad90e8f12 +MD5 b8261fc18126cbabf8670a3d92806448 files/pam_mount.conf 10115 +RMD160 1fd1af233ce50a6fb231341966982a15c747fedf files/pam_mount.conf 10115 +SHA256 7bf16e96d6d4a7e380913316863d06f2b405883b5c790329aeaf3c7ad90e8f12 files/pam_mount.conf 10115 +AUX system-auth 854 RMD160 245e7ce8d62eb0287a407b50da89ab31907bbba4 SHA1 b73d60df937682b0c32b349ee15d17ed5541db1c SHA256 ed92728a3dfcc5a0c56a60fe86b9c4fd604af5187742276de272a932ac964a92 +MD5 f8ee99521dc32770ef1a077dd3c92ea2 files/system-auth 854 +RMD160 245e7ce8d62eb0287a407b50da89ab31907bbba4 files/system-auth 854 +SHA256 ed92728a3dfcc5a0c56a60fe86b9c4fd604af5187742276de272a932ac964a92 files/system-auth 854 +DIST pam_mount-0.13.0.tbz2 287706 RMD160 c389a3148e15f386d71b4372529a383e9083098c SHA1 1534fdd0691259fec8538b7a977948749e6a498d SHA256 0ef31fca4357e10ad0a8dfa89f124d75b25f4341a8b76aece4847954aeaeddb1 +EBUILD pam_mount-0.13.0.ebuild 2329 RMD160 baad8f60a3f0fa917209f0e466461ae774ba9804 SHA1 e693efdd18d4e0b58063fcaee32d39b274cbe4a3 SHA256 a8cfba9d918ee4de763f70c284d2de8c8aedee1964db3704c2b0085d8ffb635a +MD5 97d76eb156eb4c7f02fd313b2208e3a0 pam_mount-0.13.0.ebuild 2329 +RMD160 baad8f60a3f0fa917209f0e466461ae774ba9804 pam_mount-0.13.0.ebuild 2329 +SHA256 a8cfba9d918ee4de763f70c284d2de8c8aedee1964db3704c2b0085d8ffb635a pam_mount-0.13.0.ebuild 2329 +MISC ChangeLog 268 RMD160 2bc935a4f466d8c58297afb6bf2922cce304520c SHA1 a9897a77d977863dbcdece0b16083a71c587cb47 SHA256 6b78a01ae9d2bd89bb9af78ea751858fb7d8f73042ca06f3bc1cca9351647a7a +MD5 a52f72391bb0a79b1da550122973c322 ChangeLog 268 +RMD160 2bc935a4f466d8c58297afb6bf2922cce304520c ChangeLog 268 +SHA256 6b78a01ae9d2bd89bb9af78ea751858fb7d8f73042ca06f3bc1cca9351647a7a ChangeLog 268 +MD5 a26933e9e412a79df68fe4cb9c26d076 files/digest-pam_mount-0.13.0 244 +RMD160 2d1cb11b5bf8e7f0dbff8a452667a1448aba065b files/digest-pam_mount-0.13.0 244 +SHA256 2216dc331b0c5926a47cd8f40ea5abef4df2c3a97b8a78e006a778c97859841e files/digest-pam_mount-0.13.0 244 diff --git a/sys-auth/pam_mount/files/digest-pam_mount-0.13.0 b/sys-auth/pam_mount/files/digest-pam_mount-0.13.0 new file mode 100644 index 000000000..6bb1d1ad9 --- /dev/null +++ b/sys-auth/pam_mount/files/digest-pam_mount-0.13.0 @@ -0,0 +1,3 @@ +MD5 a1a09d403e27b73ab848b5ba76071d19 pam_mount-0.13.0.tbz2 287706 +RMD160 c389a3148e15f386d71b4372529a383e9083098c pam_mount-0.13.0.tbz2 287706 +SHA256 0ef31fca4357e10ad0a8dfa89f124d75b25f4341a8b76aece4847954aeaeddb1 pam_mount-0.13.0.tbz2 287706 diff --git a/sys-auth/pam_mount/files/pam_mount-gentoo-paths-and-examples.patch b/sys-auth/pam_mount/files/pam_mount-gentoo-paths-and-examples.patch new file mode 100644 index 000000000..52fa6749f --- /dev/null +++ b/sys-auth/pam_mount/files/pam_mount-gentoo-paths-and-examples.patch @@ -0,0 +1,71 @@ +--- config/pam_mount.conf 2005-12-24 20:28:33.000000000 +0100 ++++ pam_mount-0.11.0.pam_mount.conf 2005-12-29 20:37:32.000000000 +0100 +@@ -197,6 +197,46 @@ + # (thanks to Mike Hommey for this example) + # volume test local - /tmpfs/test /home/test "size=10M,uid=test,gid=users,mode=0700 -t tmpfs" - - + ++# BEGIN GENTOO EXAMPLES FOR ENCRYPTED HOME ++# user1 has an encrypted home that uses his/her system passwd as the ++# encryption key ++# To create a USB dongle secured user see user2: ++# Define a user key and group key to use a USB dongle as an encrypted ++# file system for the key to the user2 file system - so user would need ++# the USB dongle, the password for user key and the password for user ++# user2. in order to access the encrypted home of user2. Note that ++# without the first two the user can still log in and create files ++# on his home directory mount point. However the security for the ++# encrypted volume is much better since a dictionary attack would need ++# the dongle. See http://www.counterpane.com/twofish-final.html ++# for a discussion on why twofish is a good choice. This setup works ++# with mm-sources-2.6.0_beta9-r5. So to login graphically as user2 ++# insert key, ctrl-alt-f1 login as key, alt-f7, login as user2, ++# ctrl-alt-f1, logout key, remove dongle. This works for KDM. Modify ++# /etc/pam.d/login and /etc/pam.d/kde per docs ++#volume key local - /dev/sda2 /key loop,encryption=twofish - - ++#volume user1 local - /home/.user1 /home/user1 loop,encryption=twofish - - ++#volume user2 local - /home/.user2 - - bf-ecb /key/sp.key ++# /etc/fstab contains ++#/home/.user2 /home/user2 reiserfs user,loop,encryption=twofish,noauto 0 0 ++#/dev/sda2 /key ext2 user,loop,encryption=twofish,noauto 0 0 ++# ++# Device-Mapper based encryption (dm-crypt) ++# Since the introduction of dm-crypt in Linux 2.6.4, cryptoloop has been ++# deprecated. To use the new dm-crypt interface, you will have to adapt ++# the preceding examples to use "crypt" instead of "local" as filesystem ++# type. Additionally the cipher algorithm is specified via the "cipher" ++# option (to distinguish from cryptoloop's "encryption"). Thus, the ++# user1 example would look like this: ++#volume user1 crypt - /home/.user1 /home/user1 loop,cipher=twofish - - ++# An entry in /etc/fstab is not needed. A detailed HOWTO can be found in ++# the forums: http://forums.gentoo.org/viewtopic.php?t=274651 ++# Note that pam_mount is LUKS (http://luks.endorphin.org) aware. To ++# use luks, you need to have cryptsetup-luks (get it at ++# http://luks.endorphin.org/dm-cryp) installed. A config line would be ++#volume user1 crypt - /dev/yourpartition /yourmountpoint - - - ++# and cryptsetup will be told to read cypher/keysize/etc. from the luks-header. ++# END GENTOO EXAMPLES + + # Details: + # Local user configuration (~/.pam_mount.conf) can extend this. +--- scripts/umount.crypt 2005-12-28 11:26:51.000000000 +0100 ++++ umount.crypt 2005-12-29 20:19:01.000000000 +0100 +@@ -28,7 +28,7 @@ + export IFS=`echo -en " \t\n"`; + + LOSETUP=/sbin/losetup +-CRYPTSETUP=/sbin/cryptsetup ++CRYPTSETUP=/bin/cryptsetup + MOUNT=/bin/mount + UMOUNT=/bin/umount + READLINK="/usr/bin/readlink"; +--- scripts/mount.crypt 2005-12-24 13:07:42.000000000 +0100 ++++ mount.crypt 2005-12-29 20:18:22.000000000 +0100 +@@ -28,7 +28,7 @@ + + # Commands + LOSETUP=/sbin/losetup +-CRYPTSETUP=/sbin/cryptsetup ++CRYPTSETUP=/bin/cryptsetup + MOUNT=/bin/mount + FSCK="/sbin/fsck"; + diff --git a/sys-auth/pam_mount/files/pam_mount.conf b/sys-auth/pam_mount/files/pam_mount.conf new file mode 100644 index 000000000..2e75611f1 --- /dev/null +++ b/sys-auth/pam_mount/files/pam_mount.conf @@ -0,0 +1,215 @@ +#------------------------------------------------------------------- +# Below is a modified sample configuration file for pam_mount that has +# been successfully used to do encrypted auto mounts on a gentoo box +# using both the same password as login and a sperate key file +# and openssl. This works for cryptoloop and dm-crypt. +#------------------------------------------------------------------- + +# Turn on if you want to debug why some volume cannot be mounted etc. +# This can be overriden by user's local configuration +# +# Format: debug [ 1 | 0 ] +# Local user configuration can override this. + +debug 1 +mkmountpoint 1 +# Loopback device to use to run fsck on loopback filesystems. +fsckloop /dev/loop7 + +# Users' local configuration file (if there is none, comment out this +# parameter). Will be read as ~/<file> +# +# Note: you must include either options_allow or options_deny to use +# this directive. I recommend also including options_require. +# +# Individual users may define additional volumes to mount if allowed +# by pam_mount.conf (usually ~/.pam_mount.conf). The volume keyword is +# the only valid keyword in these per-user configuration files. If the +# luserconf parameter is set in pam_mount.conf, allowing user-defined +# volume, then users may mount and unmount any volume they own at any +# mount point they own. On some filesystem configurations this may be +# a security flaw so user-defined volumes are not allowed by the example +# pam_mount.conf distributed with pam_mount. +# +# Format: luserconf <file> +# luserconf .pam_mount.conf + +# These directives determine which options may be specified in a user config +# file (luserconf). You must include one of these directives if you have a +# luserconf directive. You may not include both directives. +# +# If you have an options_allow directive, then the options listed in that +# directive wil be allowed, and all others rejected. If you have an +# options_deny directive, then the options listed will be denied, and all others +# permitted. +# +# You may use the wildcard '*' to match all options. +# +options_allow nosuid,nodev,loop,encryption +# options_deny suid,dev +# options_allow * +# options_deny * +# +# I recommend not permitting the suid and dev options. + +# The options listed in this directive are required for all volumes from a +# user config file. That is, any volume specified in a user config file that +# does not include these options will be ignored. +# +# Note: you must make sure that a required option is permitted (either by +# including it in options_allow, or by not including it in options_deny). +# +# I recommend requiring at least nosuid and nodev. +# +# This is ignored completely if the volume is configured to get its options +# and mount point from /etc/fstab. +# +options_require nosuid,nodev + +# Commands to mount/unmount volumes. They can take parameters, as shown. +# +# If you change the -p0 argument for lclmount, you'll need to modify the +# source in mount.c (it sends the password to the stdin file descriptor +# of the child process -- look for STDIN_FILENO). + +lsof /usr/sbin/lsof %(MNTPT) +fsck /sbin/fsck -p %(FSCKTARGET) +losetup /sbin/losetup -p0 "%(before=\"-e \" CIPHER)" "%(before=\"-k \" KEYBITS)" %(FSCKLOOP) %(VOLUME) +unlosetup /sbin/losetup -d %(FSCKLOOP) +cifsmount /bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)" +smbmount /bin/mount -t smbfs //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)" +ncpmount /bin/mount -t ncpfs %(SERVER)/%(USER) %(MNTPT) -o "pass-fd=0,volume=%(VOLUME)%(before=\",\" OPTIONS)" +# Linux supports lazy unmounting (-l). May be dangerous for encrypted volumes. +# May also break loopback mounts because loopback devices are not freed. +# Need to unmount mount point not volume to support SMB mounts, etc. +umount /bin/umount %(MNTPT) +# On OpenBSD try "/usr/local/bin/mount_ehd" (included in pam_mount package). +lclmount /bin/mount -p0 %(VOLUME) %(MNTPT) "%(before=\"-o \" OPTIONS)" +cryptmount /bin/mount -t crypt "%(before=\"-o \" OPTIONS)" %(VOLUME) %(MNTPT) +nfsmount /bin/mount %(SERVER):%(VOLUME) "%(MNTPT)%(before=\"-o \" OPTIONS)" +# --bind may be a Linuxism. FIXME: find BSD equivalent. +mntagain /bin/mount --bind %(PREVMNTPT) %(MNTPT) +mntcheck /bin/mount # For BSD's (don't have /etc/mtab) +pmvarrun /usr/sbin/pmvarrun -u %(USER) -d -o %(OPERATION) + +# Volumes that will be mounted when user triggers pam_mount module +# (usually at login). +# +# Format: +# volume <user> [smb|ncp|nfs|local] <server> <volume> <mount point> <mount options> <fs key cipher> <fs key path> +# +# General examples: +# volume user smb krueger public /home/user/krueger - - - +# volume user ncp krueger public /home/user/krueger user=user.context - - + +# Linux encrypted home directory examples, using dm_crypt: +# volume user crypt - /dev/sda2 /home/user cipher=aes aes-256-ecb /home/user.key +# +# Linux encrypted home directory examples, using cryptoloop: +# volume user local - /dev/hda123 /home/user loop,encryption=aes - - +# volume user local - /home/user.img /home/user loop,user,exec,encryption=aes,keybits=256 - - +# volume user local - /home/user.img - - - - +# volume user local - /home/user.img - - aes-256-ecb /home/user4.key + +# BEGIN GENTOO EXAMPLES FOR ENCRYPTED HOME +# user1 has an encrypted home that uses his/her system passwd as the +# encryption key +# To create a USB dongle secured user see user2: +# Define a user key and group key to use a USB dongle as an encrypted +# file system for the key to the user2 file system - so user would need +# the USB dongle, the password for user key and the password for user +# user2. in order to access the encrypted home of user2. Note that +# without the first two the user can still log in and create files +# on his home directory mount point. However the security for the +# encrypted volume is much better since a dictionary attack would need +# the dongle. See http://www.counterpane.com/twofish-final.html +# for a discussion on why twofish is a good choice. This setup works +# with mm-sources-2.6.0_beta9-r5. So to login graphically as user2 +# insert key, ctrl-alt-f1 login as key, alt-f7, login as user2, +# ctrl-alt-f1, logout key, remove dongle. This works for KDM. Modify +# /etc/pam.d/login and /etc/pam.d/kde per docs +#volume key local - /dev/sda2 /key loop,encryption=twofish - - +#volume user1 local - /home/.user1 /home/user1 loop,encryption=twofish - - +#volume user2 local - /home/.user2 - - bf-ecb /key/sp.key +# /etc/fstab contains +#/home/.user2 /home/user2 reiserfs user,loop,encryption=twofish,noauto 0 0 +#/dev/sda2 /key ext2 user,loop,encryption=twofish,noauto 0 0 +# +# Device-Mapper based encryption (dm-crypt) +# Since the introduction of dm-crypt in Linux 2.6.4, cryptoloop has been +# deprecated. To use the new dm-crypt interface, you will have to adapt +# the preceding examples to use "crypt" instead of "local" as filesystem +# type. Additionally the cipher algorithm is specified via the "cipher" +# option (to distinguish from cryptoloop's "encryption"). Thus, the +# user1 example would look like this: +#volume user1 crypt - /home/.user1 /home/user1 loop,cipher=twofish - - +# An entry in /etc/fstab is not needed. A detailed HOWTO can be found in +# the forums: http://forums.gentoo.org/viewtopic.php?t=274651 +# END GENTOO EXAMPLES + +# +# OpenBSD encrypted home directory example (see also lclmount above): +# volume user local - /home/user.img /home/user svnd0 - - +# +# The last two examples need a line like the following in +# /etc/fstab: +# +# /home/user4.img /home/user4 xfs user,loop,encryption=aes,keybits=256,noauto 0 0 +# +# Details: +# Local user configuration can extend this. +# Mount point must be owned by the user. +# +# If there are no servers, mount options, fs key ciphers, etc. you must +# supply a "-" +# +# If a local mount is specified in a user config file, then the user must +# own the device or file being mounted. +# +# See http://www.tldp.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html +# to learn how to create a encrypted loopback filesystem. +# +# If the volume's password is different than the user's login password, +# the following technique may be used (see also README): +# +# 1. Create a file containing the volume's password (FS key). If you are +# using pam_mount to mount an loopback encrypted volume, this password +# should may generated by /dev/urandom. +# +# Simple example: +# echo <volume password> | openssl aes-256-ecb > /home/user.key +# Encrypt this file using the user's login password as the key. +# +# Verbose loopback encrypted volume example: +# a. dd if=/dev/urandom of=/home/user.img bs=1M count=<image size in MB> +# b. dd if=/dev/urandom bs=1c count=<keysize / 8> | openssl enc \ +# -<fs key cipher> > /home/user.key +# Encrypt this file using the user's login password as the key. +# c. openssl enc -d -<fs key cipher> -in /home/user.key | losetup -e aes \ +# -k <keysize> -p0 /dev/loop0 /home/user.img +# d. mkfs -t ext2 /dev/loop0 +# e. umount /dev/loop0 +# f. losetup -d /dev/loop0 +# +# 3. In pam_mount.conf: +# a. Set the fs key cipher variable to the cipher used (ie: aes-256-ecb). +# b. Set the fs key path variable to the key's path (ie: /home/user.key) +# 4. If a user changes his login password, regenerate the efsk that +# was created in step 1b. A script named passwdehd is provided to do this. +# +# If fs_key_cipher is -, then the user's login password is also the volume's +# password. + +# Template (or wildcard) volumes +# +# If user is "*", "&" will be replaced by name of the user logging on in the +# volume, mount point, mount options and fs key path fields. "~/*" will be +# replaced with "<user's homedir>/*." In this mode, the user need not +# own the mount point, but it must exist. +# +# volume * smb krueger & /home/& uid=&,gid=&,dmask=0750 - - +# volume * smb krueger homes /home/&/remote - - - +# volume * local - /home/&.img - - aes-256-ecb /etc/ehd/& + +# Windows 2000, which requires a domain specified, example (thanks John Knox): +# volume * smb viper & /home/& uid=&,gid=&,dmask=0750,workgroup=WINDOWS_DOMAIN - - diff --git a/sys-auth/pam_mount/files/system-auth b/sys-auth/pam_mount/files/system-auth new file mode 100644 index 000000000..83767b905 --- /dev/null +++ b/sys-auth/pam_mount/files/system-auth @@ -0,0 +1,23 @@ +#%PAM-1.0 + + +auth required pam_env.so +auth optional /@get_libdir/security/pam_mount.so service=system-auth +auth sufficient pam_unix.so likeauth nullok use_first_pass +auth required pam_deny.so + +# Added for pam_mount support +auth required /@get_libdir/security/pam_stack.so service=system-auth +auth required pam_tally.so file=/var/log/faillog onerr=succeed no_magic_root +auth required pam_shells.so +auth required pam_nologin.so + +account required pam_unix.so + +password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 +password sufficient pam_unix.so nullok md5 shadow use_authtok +password required pam_deny.so + +session required pam_limits.so +session required pam_unix.so +session optional /@get_libdir/security/pam_mount.so use_first_pass service=system-auth diff --git a/sys-auth/pam_mount/pam_mount-0.13.0.ebuild b/sys-auth/pam_mount/pam_mount-0.13.0.ebuild new file mode 100644 index 000000000..25c4f8cb8 --- /dev/null +++ b/sys-auth/pam_mount/pam_mount-0.13.0.ebuild @@ -0,0 +1,78 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +inherit eutils pam autotools + +DESCRIPTION="A PAM module that can mount volumes for a user session e.g. encrypted home directories" +HOMEPAGE="http://pam-mount.souceforge.net" +SRC_URI="mirror://sourceforge/pam-mount/${P}.tbz2" +RESTRICT="mirror" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~x86 ~amd64" +IUSE="crypt" + +DEPEND=">=sys-libs/pam-0.78-r3 + >=dev-libs/openssl-0.9.7i + >=dev-libs/glib-2" +RDEPEND="${DEPEND} + crypt? ( sys-fs/cryptsetup-luks ) + sys-process/lsof" + +src_unpack() { + unpack ${A} + cd ${S} + + # Gentoo installs cryptsetup in /bin, this patches the relevant + # locations, in srcipts/(u)mount.crypt and adds gentoo specific + # comments to pam_mount.conf + epatch ${FILESDIR}/pam_mount-gentoo-paths-and-examples.patch || die "patch failed" + + # libdir magic + cp ${FILESDIR}/system-auth system-auth + sed -ie "s:@get_libdir:$(get_libdir):" ${S}/system-auth || die "sed failed" +} + +src_compile() { + # fixes the sanity check failure + _elibtoolize --copy --force + + # configure and build pam_mount + econf \ + --libdir=/$(get_libdir) \ + --with-pam-dir=$(getpam_mod_dir) || die "econf failed" + emake || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "install failed" + + insinto /etc/security + insopts -m0644 + doins ${S}/config/pam_mount.conf + dopamd ${S}/system-auth + + dodir /sbin + dosym /usr/bin/mount.crypt /sbin/mount.crypt + + dodoc README TODO AUTHORS ChangeLog FAQ NEWS +} + +pkg_postinst() { + einfo "In order to use pam_mount you will need to configure it." + einfo "After the modifications in /etc/security/pam_mount.conf you " + einfo "can create the encrypted directory using the mkehd command." + einfo "Please use mkhed -h for more informations." + einfo + einfo "If you want to encrypt the home directories you will need a " + einfo "kernel with device-mapper and crypto (AES or any other chipher)" + einfo "support." + einfo + einfo "This ebuild only modifies the /etc/pam.d/system-auth file to" + einfo "support pam_mount. If you have any programs that use pam with " + einfo "a configuration file that does NOT include system-auth you will " + einfo "need to modify this file too. Look at /etc/pam.d/system-auth or " + einfo "the /usr/share/doc/${P}/README file for more informations." +} |