summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys-auth/pam_pkcs11/Manifest1
-rw-r--r--sys-auth/pam_pkcs11/pam_pkcs11-0.6.9.ebuild110
2 files changed, 111 insertions, 0 deletions
diff --git a/sys-auth/pam_pkcs11/Manifest b/sys-auth/pam_pkcs11/Manifest
index 092c4bcf285f..cc3d9cc8c2b4 100644
--- a/sys-auth/pam_pkcs11/Manifest
+++ b/sys-auth/pam_pkcs11/Manifest
@@ -1 +1,2 @@
DIST pam_pkcs11-0.6.8.tar.gz 1147059 SHA256 9d942e542ef35d0e1f990d9ff5bf9df0af84c828ed081add2eb1b4d84f0efbda SHA512 6759ddb27eecb9e4dfbaf5423fcbeeb03b1ae2200b772e32b105d12845c202e461088f70c71712f13e7150ff03f7714d1225a1e62ced005ca1a36872622d72ac WHIRLPOOL 175ef94f6d80abc1ef374d39835dab0ce6e10f062650540880d9a98b7899c87cdd1066f1abed6c9310ec9b6dba19cae9267674274b2a3ebe4a003ccc2f6a1b5d
+DIST pam_pkcs11-0.6.9.tar.gz 1358280 SHA256 b27e8ba40ffc5b847abf95d2e636ed58640f068398a233f27e211363c20eba91 SHA512 954c37b9aa93d007ca3c0c49790bf6840d3b902b5dacda485c9020f4362db4a5a41670ad95f672757f3a7e60fe430765023f1a57e9a79260c052c45854d5ba51 WHIRLPOOL fcca466565978701e128396f69de6ce1e9b8a3c0771865a71e22f0e23c1641c1ffe7d6e36435bbf93b11fb4e34ecab71e580685e1d481f7df0bfd5b5b52c37b6
diff --git a/sys-auth/pam_pkcs11/pam_pkcs11-0.6.9.ebuild b/sys-auth/pam_pkcs11/pam_pkcs11-0.6.9.ebuild
new file mode 100644
index 000000000000..11645b7a2133
--- /dev/null
+++ b/sys-auth/pam_pkcs11/pam_pkcs11-0.6.9.ebuild
@@ -0,0 +1,110 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit pam eutils
+
+DESCRIPTION="PKCS#11 PAM library"
+HOMEPAGE="https://github.com/opensc/pam_pkcs11/wiki"
+SRC_URI="mirror://sourceforge/opensc/${PN}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="curl doc ldap nss +pcsc-lite"
+
+RDEPEND="sys-libs/pam
+ curl? ( net-misc/curl )
+ ldap? ( net-nds/openldap )
+ nss? (
+ dev-libs/nss
+ curl? ( || ( net-misc/curl[-ssl] net-misc/curl[ssl,curl_ssl_nss] ) )
+ )
+ !nss? (
+ dev-libs/openssl:=
+ curl? ( || ( net-misc/curl[-ssl] net-misc/curl[ssl,-curl_ssl_nss] ) )
+ )
+ pcsc-lite? ( sys-apps/pcsc-lite )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig
+ doc? ( dev-libs/libxslt )"
+
+DOCS=(
+ AUTHORS ChangeLog NEWS README TODO
+)
+
+src_prepare() {
+ default
+ # Fix the example files to be somewhat decent, and usable as
+ # default configuration
+ sed -i \
+ -e '/try_first_pass/s:false:true:' \
+ -e '/debug =/s:true:false:' \
+ -e 's:\(/usr\|\${exec_prefix}\)/lib/:/usr/'$(get_libdir)/':g' \
+ etc/pam_pkcs11.conf.example.in \
+ etc/pkcs11_eventmgr.conf.example || die "sed failed"
+}
+
+src_configure() {
+ econf \
+ $(use_with curl) \
+ $(use_with doc docbook) \
+ $(use_with pcsc-lite pcsclite) \
+ $(use_with ldap) \
+ $(use_with nss)
+}
+
+src_install() {
+ emake DESTDIR="${ED}" pamdir="$(getpam_mod_dir)" install
+ einstalldocs
+ prune_libtool_files --modules
+
+ dodoc doc/README.*
+ use doc && dodoc doc/api/*
+
+ # Provide some basic configuration
+ keepdir /etc/pam_pkcs11{,/{cacerts,crl}}
+
+ insinto /etc/pam_pkcs11
+ newins etc/pam_pkcs11.conf.example pam_pkcs11.conf
+ newins etc/pkcs11_eventmgr.conf.example pkcs11_eventmgr.conf
+}
+
+pkg_config() {
+ local dir
+ for dir in "${EROOT}"etc/${PN}/{cacerts,crl}; do
+ pushd "${dir}" > /dev/null
+ ebegin "Creating hash links in '${dir}'"
+ "${EROOT}usr/bin/pkcs11_make_hash_link" || die
+ eend $?
+ popd > /dev/null
+ done
+}
+
+pkg_postinst() {
+ elog "For ${PN} to work you need a PKCS#11 provider, such as one of:"
+ elog " - dev-libs/opensc"
+ elog " - dev-libs/opencryptoki"
+ elog ""
+ elog "You probably want to configure the '${EROOT}etc/${PN}/${PN}.conf' file with"
+ elog "the settings for your pkcs11 provider."
+ elog ""
+ elog "You might also want to set up '${EROOT}etc/${PN}/pkcs11_eventmgr.conf' with"
+ elog "the settings for the event manager, and start it up at user login."
+}
+
+# TODO list!
+#
+# - we need to find a way allow the user to choose whether to start the
+# event manager at _all_ the logins, and if that's the case, lock all
+# kind of sessions (terminal _and_ X);
+# - upstream should probably migrate the configuration of the event
+# manager on a per-user basis, since it makes little sense to be _all_
+# system-level configuration;
+# - we should probably provide some better config support that ensures
+# the configuration to be valid, as well as creating the symlinks;
+# - we should probably add support for nss;
+# - we should move the configuration in /etc/security as for the rest
+# of PAM-related configuration.