summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'sys-auth')
-rw-r--r--sys-auth/AusweisApp/AusweisApp-2.0.3.ebuild (renamed from sys-auth/AusweisApp2/AusweisApp2-1.24.4.ebuild)22
-rw-r--r--sys-auth/AusweisApp/AusweisApp-2.1.0.ebuild (renamed from sys-auth/AusweisApp2/AusweisApp2-1.26.1.ebuild)22
-rw-r--r--sys-auth/AusweisApp/AusweisApp-9999.ebuild (renamed from sys-auth/AusweisApp2/AusweisApp2-9999.ebuild)4
-rw-r--r--sys-auth/AusweisApp/Manifest2
-rw-r--r--sys-auth/AusweisApp/metadata.xml (renamed from sys-auth/AusweisApp2/metadata.xml)2
-rw-r--r--sys-auth/AusweisApp2/Manifest2
-rw-r--r--sys-auth/elogind/Manifest1
-rw-r--r--sys-auth/elogind/elogind-246.10-r3.ebuild (renamed from sys-auth/elogind/elogind-246.10-r2.ebuild)6
-rw-r--r--sys-auth/elogind/elogind-252.9.ebuild (renamed from sys-auth/elogind/elogind-246.10-r1.ebuild)66
-rw-r--r--sys-auth/elogind/files/elogind-246.10-musl-selinux.patch99
-rw-r--r--sys-auth/elogind/files/elogind-252.9-musl-getdents.patch35
-rw-r--r--sys-auth/elogind/files/elogind-252.9-musl-gshadow.patch14
-rw-r--r--sys-auth/elogind/files/elogind-252.9-musl-lfs.patch51
-rw-r--r--sys-auth/elogind/files/elogind-252.9-musl-more-strerror_r.patch44
-rw-r--r--sys-auth/elogind/files/elogind-252.9-musl-rlim-max.patch13
-rw-r--r--sys-auth/elogind/files/elogind-252.9-musl-sigfillset.patch12
-rw-r--r--sys-auth/elogind/files/elogind-252.9-musl-statx.patch26
-rw-r--r--sys-auth/elogind/files/elogind-252.9-musl-strerror_r.patch89
-rw-r--r--sys-auth/elogind/files/elogind-252.9-nodocs.patch28
-rw-r--r--sys-auth/elogind/metadata.xml8
-rw-r--r--sys-auth/fprintd/fprintd-1.94.2.ebuild8
-rw-r--r--sys-auth/google-authenticator-libpam-hardened/google-authenticator-libpam-hardened-9999.ebuild41
-rw-r--r--sys-auth/google-authenticator-libpam-hardened/metadata.xml15
-rw-r--r--sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-1.ebuild6
-rw-r--r--sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-2.ebuild6
-rw-r--r--sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-3-r1.ebuild6
-rw-r--r--sys-auth/google-authenticator-wrappers/metadata.xml8
-rw-r--r--sys-auth/libfprint/Manifest1
-rw-r--r--sys-auth/libfprint/libfprint-1.94.5.ebuild4
-rw-r--r--sys-auth/libfprint/libfprint-1.94.7.ebuild70
-rw-r--r--sys-auth/libnss-nis/Manifest1
-rw-r--r--sys-auth/libnss-nis/libnss-nis-3.2.ebuild37
-rw-r--r--sys-auth/munge/munge-0.5.15.ebuild4
-rw-r--r--sys-auth/nss-mdns/files/lld-17-undefined-versioned-symbols.patch160
-rw-r--r--sys-auth/nss-mdns/nss-mdns-0.15.1.ebuild20
-rw-r--r--sys-auth/nss-mdns/nss-mdns-9999.ebuild8
-rw-r--r--sys-auth/nss-myhostname/nss-myhostname-0.3-r1.ebuild4
-rw-r--r--sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.12-netdb-defines.patch26
-rw-r--r--sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild7
-rw-r--r--sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r3.ebuild165
-rw-r--r--sys-auth/oath-toolkit/Manifest5
-rw-r--r--sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-gcc7.patch80
-rw-r--r--sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-glibc228.patch100
-rw-r--r--sys-auth/oath-toolkit/files/oath-toolkit-2.6.7-new-xmlsec-tests.patch74
-rw-r--r--sys-auth/oath-toolkit/files/oath-toolkit-2.6.9-Fix-build-failure-noticed-on-ArchLinux-xmlsec.patch40
-rw-r--r--sys-auth/oath-toolkit/metadata.xml5
-rw-r--r--sys-auth/oath-toolkit/oath-toolkit-2.6.10.ebuild69
-rw-r--r--sys-auth/oath-toolkit/oath-toolkit-2.6.11.ebuild69
-rw-r--r--sys-auth/oath-toolkit/oath-toolkit-2.6.2-r2.ebuild77
-rw-r--r--sys-auth/oath-toolkit/oath-toolkit-2.6.7-r2.ebuild69
-rw-r--r--sys-auth/oath-toolkit/oath-toolkit-2.6.9.ebuild70
-rw-r--r--sys-auth/pam_krb5/pam_krb5-4.11.ebuild6
-rw-r--r--sys-auth/pam_mktemp/metadata.xml15
-rw-r--r--sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild8
-rw-r--r--sys-auth/pam_mount/Manifest1
-rw-r--r--sys-auth/pam_mount/metadata.xml2
-rw-r--r--sys-auth/pam_mount/pam_mount-2.20.ebuild46
-rw-r--r--sys-auth/pam_p11/files/pam_p11-0.3.1-libressl.patch28
-rw-r--r--sys-auth/pam_p11/pam_p11-0.3.1.ebuild6
-rw-r--r--sys-auth/pam_require/pam_require-0.7-r2.ebuild (renamed from sys-auth/pam_require/pam_require-0.7-r1.ebuild)16
-rw-r--r--sys-auth/pam_skey/Manifest1
-rw-r--r--sys-auth/pam_skey/pam_skey-1.1.5-r6.ebuild59
-rw-r--r--sys-auth/pam_skey/pam_skey-1.1.5-r7.ebuild4
-rw-r--r--sys-auth/pam_smb/pam_smb-2.0.0_rc6-r3.ebuild4
-rw-r--r--sys-auth/pam_ssh/pam_ssh-2.3-r1.ebuild (renamed from sys-auth/pam_ssh/pam_ssh-2.3.ebuild)6
-rw-r--r--sys-auth/pam_u2f/Manifest2
-rw-r--r--sys-auth/pam_u2f/pam_u2f-1.3.0.ebuild (renamed from sys-auth/pam_u2f/pam_u2f-1.2.0.ebuild)2
-rw-r--r--sys-auth/pambase/Manifest1
-rw-r--r--sys-auth/pambase/metadata.xml10
-rw-r--r--sys-auth/pambase/pambase-20240128.ebuild118
-rw-r--r--sys-auth/pambase/pambase-999999999.ebuild28
-rw-r--r--sys-auth/passwdqc/Manifest3
-rw-r--r--sys-auth/passwdqc/passwdqc-1.4.0-r2.ebuild73
-rw-r--r--sys-auth/passwdqc/passwdqc-2.0.3-r1.ebuild (renamed from sys-auth/passwdqc/passwdqc-2.0.2-r1.ebuild)35
-rw-r--r--sys-auth/polkit-qt/Manifest1
-rw-r--r--sys-auth/polkit-qt/polkit-qt-0.114.0-r3.ebuild4
-rw-r--r--sys-auth/polkit-qt/polkit-qt-0.200.0.ebuild60
-rw-r--r--sys-auth/polkit/Manifest3
-rw-r--r--sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch231
-rw-r--r--sys-auth/polkit/files/polkit-123-mozjs-JIT.patch36
-rw-r--r--sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch35
-rw-r--r--sys-auth/polkit/files/polkit-124-systemd-fixup.patch28
-rw-r--r--sys-auth/polkit/files/polkit-124-systemd.patch50
-rw-r--r--sys-auth/polkit/metadata.xml4
-rw-r--r--sys-auth/polkit/polkit-122-r1.ebuild (renamed from sys-auth/polkit/polkit-122.ebuild)16
-rw-r--r--sys-auth/polkit/polkit-123.ebuild (renamed from sys-auth/polkit/polkit-121.ebuild)52
-rw-r--r--sys-auth/polkit/polkit-124-r1.ebuild165
-rw-r--r--sys-auth/realtime-base/realtime-base-0.1-r1.ebuild4
-rw-r--r--sys-auth/rtkit/files/rtkit-0.13_daemon_verbosity.patch67
-rw-r--r--sys-auth/rtkit/metadata.xml3
-rw-r--r--sys-auth/rtkit/rtkit-0.13-r2.ebuild (renamed from sys-auth/rtkit/rtkit-0.13-r1.ebuild)10
-rw-r--r--sys-auth/seatd/Manifest2
-rw-r--r--sys-auth/seatd/files/seatd.initd-r14
-rw-r--r--sys-auth/seatd/seatd-0.7.0.ebuild56
-rw-r--r--sys-auth/seatd/seatd-0.8.0.ebuild (renamed from sys-auth/seatd/seatd-0.7.0-r1.ebuild)12
-rw-r--r--sys-auth/seatd/seatd-9999.ebuild14
-rw-r--r--sys-auth/skey/Manifest2
-rw-r--r--sys-auth/skey/skey-1.1.5-r14.ebuild (renamed from sys-auth/skey/skey-1.1.5-r13.ebuild)6
-rw-r--r--sys-auth/solo1/solo1-0.1.1-r1.ebuild (renamed from sys-auth/solo1/solo1-0.1.1.ebuild)7
-rw-r--r--sys-auth/ssh-import-id/metadata.xml8
-rw-r--r--sys-auth/ssh-import-id/ssh-import-id-5.11-r1.ebuild28
-rw-r--r--sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.4.0.ebuild16
-rw-r--r--sys-auth/sssd/Manifest5
-rw-r--r--sys-auth/sssd/files/sssd-2.6.0-conditional-python-install.patch19
-rw-r--r--sys-auth/sssd/files/sssd-2.8.2-krb5_pw_locked.patch12
-rw-r--r--sys-auth/sssd/files/sssd-2.9.1-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch31
-rw-r--r--sys-auth/sssd/files/sssd-2.9.1-certmap-fix-partial-string-comparison.patch87
-rw-r--r--sys-auth/sssd/files/sssd-2.9.1-conditional-python-install.patch19
-rw-r--r--sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch39
-rw-r--r--sys-auth/sssd/metadata.xml16
-rw-r--r--sys-auth/sssd/sssd-2.9.1-r1.ebuild (renamed from sys-auth/sssd/sssd-2.5.2-r3.ebuild)228
-rw-r--r--sys-auth/sssd/sssd-2.9.4.ebuild (renamed from sys-auth/sssd/sssd-2.6.0-r2.ebuild)135
-rw-r--r--sys-auth/yubico-piv-tool/Manifest3
-rw-r--r--sys-auth/yubico-piv-tool/yubico-piv-tool-2.3.1.ebuild (renamed from sys-auth/yubico-piv-tool/yubico-piv-tool-2.3.0.ebuild)4
-rw-r--r--sys-auth/yubico-piv-tool/yubico-piv-tool-2.4.2.ebuild48
-rw-r--r--sys-auth/yubikey-personalization-gui/yubikey-personalization-gui-3.1.25.ebuild4
116 files changed, 2714 insertions, 1135 deletions
diff --git a/sys-auth/AusweisApp2/AusweisApp2-1.24.4.ebuild b/sys-auth/AusweisApp/AusweisApp-2.0.3.ebuild
index 851f0ef3cebe..f791a20ba107 100644
--- a/sys-auth/AusweisApp2/AusweisApp2-1.24.4.ebuild
+++ b/sys-auth/AusweisApp/AusweisApp-2.0.3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 2020-2022 Gentoo Authors
+# Copyright 2020-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -11,23 +11,20 @@ SRC_URI="https://github.com/Governikus/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz
LICENSE="EUPL-1.2"
SLOT="0"
-KEYWORDS="amd64 x86"
+KEYWORDS="amd64"
BDEPEND="
- dev-qt/linguist-tools:5
+ dev-qt/qtshadertools:6
+ dev-qt/qttools:6[linguist]
virtual/pkgconfig"
RDEPEND="
dev-libs/openssl:0=
- dev-qt/qtconcurrent:5
- dev-qt/qtcore:5
- dev-qt/qtdeclarative:5
- dev-qt/qtgui:5
- dev-qt/qtnetwork:5
- dev-qt/qtquickcontrols2:5
- dev-qt/qtsvg:5
- dev-qt/qtwebsockets:5[qml]
- dev-qt/qtwidgets:5
+ dev-qt/qtbase:6[concurrent,network,widgets]
+ dev-qt/qtdeclarative:6[widgets]
+ dev-qt/qtscxml:6[qml]
+ dev-qt/qtsvg:6
+ dev-qt/qtwebsockets:6[qml]
net-libs/http-parser:0=
sys-apps/pcsc-lite
virtual/udev"
@@ -37,7 +34,6 @@ DEPEND="${RDEPEND}"
src_configure() {
local mycmakeargs=(
-DBUILD_SHARED_LIBS=OFF
- -DQt=Qt5
)
cmake_src_configure
}
diff --git a/sys-auth/AusweisApp2/AusweisApp2-1.26.1.ebuild b/sys-auth/AusweisApp/AusweisApp-2.1.0.ebuild
index f1b6cc8c799f..d86746427953 100644
--- a/sys-auth/AusweisApp2/AusweisApp2-1.26.1.ebuild
+++ b/sys-auth/AusweisApp/AusweisApp-2.1.0.ebuild
@@ -1,4 +1,4 @@
-# Copyright 2020-2022 Gentoo Authors
+# Copyright 2020-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -11,23 +11,20 @@ SRC_URI="https://github.com/Governikus/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz
LICENSE="EUPL-1.2"
SLOT="0"
-KEYWORDS="~amd64 ~x86"
+KEYWORDS="~amd64"
BDEPEND="
- dev-qt/linguist-tools:5
+ dev-qt/qtshadertools:6
+ dev-qt/qttools:6[linguist]
virtual/pkgconfig"
RDEPEND="
dev-libs/openssl:0=
- dev-qt/qtconcurrent:5
- dev-qt/qtcore:5
- dev-qt/qtdeclarative:5
- dev-qt/qtgui:5
- dev-qt/qtnetwork:5
- dev-qt/qtquickcontrols2:5
- dev-qt/qtsvg:5
- dev-qt/qtwebsockets:5[qml]
- dev-qt/qtwidgets:5
+ dev-qt/qtbase:6[concurrent,network,widgets]
+ dev-qt/qtdeclarative:6[widgets]
+ dev-qt/qtscxml:6[qml]
+ dev-qt/qtsvg:6
+ dev-qt/qtwebsockets:6[qml]
net-libs/http-parser:0=
sys-apps/pcsc-lite
virtual/udev"
@@ -37,7 +34,6 @@ DEPEND="${RDEPEND}"
src_configure() {
local mycmakeargs=(
-DBUILD_SHARED_LIBS=OFF
- -DQt=Qt5
)
cmake_src_configure
}
diff --git a/sys-auth/AusweisApp2/AusweisApp2-9999.ebuild b/sys-auth/AusweisApp/AusweisApp-9999.ebuild
index 764e968e501b..2ee0eb3209a0 100644
--- a/sys-auth/AusweisApp2/AusweisApp2-9999.ebuild
+++ b/sys-auth/AusweisApp/AusweisApp-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 2020-2022 Gentoo Authors
+# Copyright 2020-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -7,7 +7,7 @@ inherit cmake git-r3 xdg-utils
DESCRIPTION="Official authentication app for German ID cards and residence permits"
HOMEPAGE="https://www.ausweisapp.bund.de/"
-EGIT_REPO_URI="https://github.com/Governikus/AusweisApp2.git"
+EGIT_REPO_URI="https://github.com/Governikus/AusweisApp.git"
LICENSE="EUPL-1.2"
SLOT="0"
diff --git a/sys-auth/AusweisApp/Manifest b/sys-auth/AusweisApp/Manifest
new file mode 100644
index 000000000000..bb557a4dc39f
--- /dev/null
+++ b/sys-auth/AusweisApp/Manifest
@@ -0,0 +1,2 @@
+DIST AusweisApp-2.0.3.tar.gz 9125557 BLAKE2B 6d32e0d451259bfb44ac99dce9dee3e66afd07d5c78c8f033703213888fb68c5d3ee9f8374d1ab79cd364061e78d98ce0c21fc5d6957f601bd88e5e3e6b2489d SHA512 4f492d137c1f38d3ff5ae70afc28d44bd86ce2034166e8ea7ca44e91161301a739ddcf985c76b14147485f6bc4e30e316db50db86eda7e2de1b7344c37091cd4
+DIST AusweisApp-2.1.0.tar.gz 5876657 BLAKE2B 54c8676dda53a667104f8edf8fc70fc4ca736b1207bea0ce2a5fc0a628216ce4f001adac03308fceccbb8ad834d171f364ac6b4e948ada26d6983ede827fd10e SHA512 a7186bdfe3ebd6779588dc6fa219fcc2f60d36c62a8b9956bbdc86e4962120e46b39266e7207cf0de4d84f9212d1616bbec9f8901cb0a112bcfcae1684f3ff75
diff --git a/sys-auth/AusweisApp2/metadata.xml b/sys-auth/AusweisApp/metadata.xml
index fe6904054d49..2b138ddc526e 100644
--- a/sys-auth/AusweisApp2/metadata.xml
+++ b/sys-auth/AusweisApp/metadata.xml
@@ -6,6 +6,6 @@
<name>Conrad Kostecki</name>
</maintainer>
<upstream>
- <remote-id type="github">Governikus/AusweisApp2</remote-id>
+ <remote-id type="github">Governikus/AusweisApp</remote-id>
</upstream>
</pkgmetadata>
diff --git a/sys-auth/AusweisApp2/Manifest b/sys-auth/AusweisApp2/Manifest
deleted file mode 100644
index c6adf386fa02..000000000000
--- a/sys-auth/AusweisApp2/Manifest
+++ /dev/null
@@ -1,2 +0,0 @@
-DIST AusweisApp2-1.24.4.tar.gz 11482381 BLAKE2B 26bb34bcefbe4dfce4b30300e71fdab61afa3a30c4b17dd5d90abc4f0cbaca062f7d91f0d49a082a3436a43b3a880f3771e879774f22e35963a905485c8e3c7e SHA512 672b1e7a4543824afa241430b6784eef38273f32436451270c84d02617044b727691e3e15aa2ac09a06d3286a36e81c54c205f706a3db6c5cfabc48cf0a52c30
-DIST AusweisApp2-1.26.1.tar.gz 11488062 BLAKE2B a46dfc13bcbc6b6594732ff22bc41a35c587f659cea32e9c339dad9042c92ebf3c1591bd4b2c41ebed34c231b50d9aca1344e863de405af0ce54c5159b6d7c6f SHA512 ffad0d735adf963c3f4df054bd113f15d2dc0da59b77a91af676b5646f779dcc0d1d3a313d3a666dc406401cd154215ac7462ed0ecf97df69b8da19f799cdaf3
diff --git a/sys-auth/elogind/Manifest b/sys-auth/elogind/Manifest
index 871cbc88d9f3..3ce9fb1e8ab7 100644
--- a/sys-auth/elogind/Manifest
+++ b/sys-auth/elogind/Manifest
@@ -1 +1,2 @@
DIST elogind-246.10.tar.gz 1559256 BLAKE2B 17a8146ee08c8ccf167f25d89b1d4525050ed0b0baaad0d36924ad3c40ffc820ef1528b33557cf285ad06c9ac9c440137428c5a235a2acf563e56f2f8f07e208 SHA512 9db0f068ed94ec07bab4d764ccb38840af3d05a4b7c9c539721906f5381b509cb9a3cbfb0453a978210d306136368de6162578c600d522416ef2a7ac1b9f348b
+DIST elogind-252.9.tar.gz 1922777 BLAKE2B dd566125e407b3479a44b007890f97c9c87a325b3fed2d3505499d2163f113affd998e14b1c1fc50b9b86b0d155b51dae344dcc1cddafb6a48c631d0a0f00c9a SHA512 eed620cbc2f03bfeae6a80c9a421c21d3293fa40adffb96c7e4d86508c06712041f6623fb2bac15ecbb85faca4b5674ea6423b3067840809fb27d023fd9e5ffd
diff --git a/sys-auth/elogind/elogind-246.10-r2.ebuild b/sys-auth/elogind/elogind-246.10-r3.ebuild
index 614ab85f2f98..6dab1913be28 100644
--- a/sys-auth/elogind/elogind-246.10-r2.ebuild
+++ b/sys-auth/elogind/elogind-246.10-r3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -27,7 +27,6 @@ BDEPEND="
app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets
dev-util/gperf
- dev-util/intltool
virtual/pkgconfig
"
DEPEND="
@@ -55,6 +54,7 @@ PATCHES=(
"${FILESDIR}/${P}-revert-polkit-automagic.patch"
"${FILESDIR}/${P}-clang-undefined-symbol.patch"
"${FILESDIR}/${P}-loong.patch"
+ "${FILESDIR}/${P}-musl-selinux.patch"
)
pkg_setup() {
@@ -92,7 +92,7 @@ src_configure() {
-Ddefault-kill-user-processes=false
-Dacl=$(usex acl true false)
-Daudit=$(usex audit true false)
- --buildtype $(usex debug debug release)
+ -Dbuildtype=$(usex debug debug release)
-Dhtml=$(usex doc auto false)
-Dpam=$(usex pam true false)
-Dselinux=$(usex selinux true false)
diff --git a/sys-auth/elogind/elogind-246.10-r1.ebuild b/sys-auth/elogind/elogind-252.9.ebuild
index 545f56aa84e4..4cb66f04f2f6 100644
--- a/sys-auth/elogind/elogind-246.10-r1.ebuild
+++ b/sys-auth/elogind/elogind-252.9.ebuild
@@ -1,33 +1,37 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
+PYTHON_COMPAT=( python3_{10..12} )
+
if [[ ${PV} = *9999* ]]; then
- EGIT_BRANCH="v241-stable"
+ EGIT_BRANCH="v252-stable"
EGIT_REPO_URI="https://github.com/elogind/elogind.git"
inherit git-r3
else
SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi
-inherit linux-info meson pam udev xdg-utils
+inherit linux-info meson pam python-any-r1 udev xdg-utils
DESCRIPTION="The systemd project's logind, extracted to a standalone package"
HOMEPAGE="https://github.com/elogind/elogind"
LICENSE="CC0-1.0 LGPL-2.1+ public-domain"
SLOT="0"
-IUSE="+acl audit debug doc +pam +policykit selinux"
+IUSE="+acl audit +cgroup-hybrid debug doc +pam +policykit selinux test"
+RESTRICT="!test? ( test )"
BDEPEND="
app-text/docbook-xml-dtd:4.2
app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets
dev-util/gperf
- dev-util/intltool
virtual/pkgconfig
+ $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]')
+ $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
"
DEPEND="
audit? ( sys-process/audit )
@@ -46,14 +50,18 @@ PDEPEND="
policykit? ( sys-auth/polkit )
"
-DOCS=( README.md src/libelogind/sd-bus/GVARIANT-SERIALIZATION )
+DOCS=( README.md)
PATCHES=(
- "${FILESDIR}/${PN}-243.7-nodocs.patch"
- "${FILESDIR}/${PN}-241.4-broken-test.patch" # bug 699116
- "${FILESDIR}/${P}-revert-polkit-automagic.patch"
+ "${FILESDIR}/${P}-nodocs.patch"
+ "${FILESDIR}/${PN}-252.9-musl-lfs.patch"
)
+python_check_deps() {
+ python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" &&
+ python_has_version "dev-python/lxml[${PYTHON_USEDEP}]"
+}
+
pkg_setup() {
local CONFIG_CHECK="~CGROUPS ~EPOLL ~INOTIFY_USER ~SIGNALFD ~TIMERFD"
@@ -61,20 +69,34 @@ pkg_setup() {
}
src_prepare() {
+ if use elibc_musl; then
+ # Some of musl-specific patches break build on the
+ # glibc systems (like getdents), therefore those are
+ # only used when the build is done for musl.
+ PATCHES+=(
+ "${FILESDIR}/${P}-musl-sigfillset.patch"
+ "${FILESDIR}/${P}-musl-statx.patch"
+ "${FILESDIR}/${P}-musl-rlim-max.patch"
+ "${FILESDIR}/${P}-musl-getdents.patch"
+ "${FILESDIR}/${P}-musl-gshadow.patch"
+ "${FILESDIR}/${P}-musl-strerror_r.patch"
+ "${FILESDIR}/${P}-musl-more-strerror_r.patch"
+ )
+ fi
+
default
xdg_environment_reset
}
src_configure() {
- local rccgroupmode="$(grep rc_cgroup_mode "${EPREFIX}"/etc/rc.conf | cut -d '"' -f 2)"
- local cgroupmode="legacy"
-
- if [[ "xhybrid" = "x${rccgroupmode}" ]] ; then
+ if use cgroup-hybrid; then
cgroupmode="hybrid"
- elif [[ "xunified" = "x${rccgroupmode}" ]] ; then
+ else
cgroupmode="unified"
fi
+ python_setup
+
local emesonargs=(
-Ddocdir="${EPREFIX}/usr/share/doc/${PF}"
-Dhtmldir="${EPREFIX}/usr/share/doc/${PF}/html"
@@ -92,19 +114,19 @@ src_configure() {
-Ddefault-kill-user-processes=false
-Dacl=$(usex acl true false)
-Daudit=$(usex audit true false)
- --buildtype $(usex debug debug release)
+ -Dbuildtype=$(usex debug debug release)
-Dhtml=$(usex doc auto false)
-Dpam=$(usex pam true false)
-Dselinux=$(usex selinux true false)
+ -Dtests=$(usex test true false)
-Dutmp=$(usex elibc_musl false true)
+ -Dmode=release
)
meson_src_configure
}
src_install() {
- DOCS+=( src/libelogind/sd-bus/GVARIANT-SERIALIZATION )
-
meson_src_install
newinitd "${FILESDIR}"/${PN}.init-r1 ${PN}
@@ -146,4 +168,12 @@ pkg_postinst() {
elog "when the first service calls it via dbus."
fi
fi
+
+ for version in ${REPLACING_VERSIONS}; do
+ if ver_test "${version}" -lt 252.9; then
+ elog "Starting with release 252.9 the sleep configuration is now done"
+ elog "in the /etc/elogind/sleep.conf. Should you use non-default sleep"
+ elog "configuration remember to migrate those to new configuration file."
+ fi
+ done
}
diff --git a/sys-auth/elogind/files/elogind-246.10-musl-selinux.patch b/sys-auth/elogind/files/elogind-246.10-musl-selinux.patch
new file mode 100644
index 000000000000..c36861b983e2
--- /dev/null
+++ b/sys-auth/elogind/files/elogind-246.10-musl-selinux.patch
@@ -0,0 +1,99 @@
+https://bugs.gentoo.org/888912
+https://github.com/elogind/elogind/commit/ab72a46f3104f44a32ef7bec7439aa9d3b5f0fdc
+
+Rebased version to apply to 246.10 by concord@.
+
+From ab72a46f3104f44a32ef7bec7439aa9d3b5f0fdc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 9 Oct 2020 16:48:03 +0200
+Subject: [PATCH] basic/selinux: work around mallinfo deprecation
+
+Latest glibc has deprecated mallinfo(), so it might become unavailable at some point
+in the future. There is malloc_info(), but it returns XML, ffs. I think the information
+that we get from mallinfo() is quite useful, so let's use mallinfo() if available, and
+not otherwise.
+--- a/meson.build
++++ b/meson.build
+@@ -617,6 +617,7 @@ foreach ident : [
+ #include <unistd.h>
+ #include <signal.h>
+ #include <sys/wait.h>'''],
++ ['mallinfo', '''#include <malloc.h>'''],
+ ]
+
+ have = cc.has_function(ident[0], prefix : ident[1], args : '-D_GNU_SOURCE')
+--- a/src/basic/macro.h
++++ b/src/basic/macro.h
+@@ -93,6 +93,10 @@
+ #endif
+
+ /* Temporarily disable some warnings */
++#define DISABLE_WARNING_DEPRECATED_DECLARATIONS \
++ _Pragma("GCC diagnostic push"); \
++ _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"")
++
+ #define DISABLE_WARNING_FORMAT_NONLITERAL \
+ _Pragma("GCC diagnostic push"); \
+ _Pragma("GCC diagnostic ignored \"-Wformat-nonliteral\"")
+--- a/src/basic/selinux-util.c
++++ b/src/basic/selinux-util.c
+@@ -72,12 +72,21 @@ void mac_selinux_retest(void) {
+ #endif
+ }
+
++#if HAVE_MALLINFO
++static struct mallinfo mallinfo_nowarn(void) {
++ /* glibc has deprecated mallinfo(), but the replacement malloc_info() returns an XML blob ;=[ */
++DISABLE_WARNING_DEPRECATED_DECLARATIONS
++ return mallinfo();
++REENABLE_WARNING
++}
++#else
++# warning "mallinfo() is missing, add mallinfo2() support instead."
++#endif
++
+ int mac_selinux_init(void) {
+ #if HAVE_SELINUX
+ usec_t before_timestamp, after_timestamp;
+- struct mallinfo before_mallinfo, after_mallinfo;
+ char timespan[FORMAT_TIMESPAN_MAX];
+- int l;
+
+ selinux_set_callback(SELINUX_CB_POLICYLOAD, (union selinux_callback) mac_selinux_reload);
+
+@@ -87,7 +96,9 @@ int mac_selinux_init(void) {
+ if (!mac_selinux_use())
+ return 0;
+
+- before_mallinfo = mallinfo();
++#if HAVE_MALLINFO
++ struct mallinfo before_mallinfo = mallinfo_nowarn();
++#endif
+ before_timestamp = now(CLOCK_MONOTONIC);
+
+ label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+@@ -95,14 +107,17 @@ int mac_selinux_init(void) {
+ return log_enforcing_errno(errno, "Failed to initialize SELinux labeling handle: %m");
+
+ after_timestamp = now(CLOCK_MONOTONIC);
+- after_mallinfo = mallinfo();
+-
+- l = after_mallinfo.uordblks > before_mallinfo.uordblks ? after_mallinfo.uordblks - before_mallinfo.uordblks : 0;
++#if HAVE_MALLINFO
++ struct mallinfo after_mallinfo = mallinfo_nowarn();
++ int l = after_mallinfo.uordblks > before_mallinfo.uordblks ? after_mallinfo.uordblks - before_mallinfo.uordblks : 0;
+
+ log_debug("Successfully loaded SELinux database in %s, size on heap is %iK.",
+ format_timespan(timespan, sizeof(timespan), after_timestamp - before_timestamp, 0),
+- (l+1023)/1024);
+-
++ DIV_ROUND_UP(l, 1024));
++#else
++ log_debug("Successfully loaded SELinux database in %s.",
++ format_timespan(timespan, sizeof(timespan), after_timestamp - before_timestamp, 0));
++#endif
+ #endif
+ return 0;
+ }
+--
+2.40.1
diff --git a/sys-auth/elogind/files/elogind-252.9-musl-getdents.patch b/sys-auth/elogind/files/elogind-252.9-musl-getdents.patch
new file mode 100644
index 000000000000..35b7670787a0
--- /dev/null
+++ b/sys-auth/elogind/files/elogind-252.9-musl-getdents.patch
@@ -0,0 +1,35 @@
+From dab02796780f00d689cc1c7a0ba81abe7c5f28d0 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 21 Jan 2022 15:15:11 -0800
+Subject: [PATCH] pass correct parameters to getdents64
+
+Fixes
+../git/src/basic/recurse-dir.c:57:40: error: incompatible pointer types passing 'uint8_t *' (aka 'unsigned char *') to parameter of type 'struct dirent *' [-Werror,-Wincompatible-pointer-types]
+ n = getdents64(dir_fd, (uint8_t*) de->buffer + de->buffer_size, bs - de->buffer_size);
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+../git/src/basic/stat-util.c:102:28: error: incompatible pointer types passing 'union (unnamed union at ../git/src/basic/stat-util.c:78:9) *' to parameter of type 'struct dirent *' [-Werror,-Wincompatible-pointer-types]
+ n = getdents64(fd, &buffer, sizeof(buffer));
+ ^~~~~~~
+
+Upstream-Status: Inappropriate [musl specific]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
+
+---
+ src/basic/recurse-dir.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/basic/recurse-dir.c b/src/basic/recurse-dir.c
+index d16ca98..31f6154 100644
+--- a/src/basic/recurse-dir.c
++++ b/src/basic/recurse-dir.c
+@@ -54,7 +54,7 @@ int readdir_all(int dir_fd,
+ bs = MIN(MALLOC_SIZEOF_SAFE(de) - offsetof(DirectoryEntries, buffer), (size_t) SSIZE_MAX);
+ assert(bs > de->buffer_size);
+
+- n = getdents64(dir_fd, (uint8_t*) de->buffer + de->buffer_size, bs - de->buffer_size);
++ n = getdents(dir_fd, (struct dirent*)((uint8_t*) de->buffer + de->buffer_size), bs - de->buffer_size);
+ if (n < 0)
+ return -errno;
+ if (n == 0)
diff --git a/sys-auth/elogind/files/elogind-252.9-musl-gshadow.patch b/sys-auth/elogind/files/elogind-252.9-musl-gshadow.patch
new file mode 100644
index 000000000000..95613cb66f6e
--- /dev/null
+++ b/sys-auth/elogind/files/elogind-252.9-musl-gshadow.patch
@@ -0,0 +1,14 @@
+just like the other part it's already patched in, not actually used
+--
+diff --git a/src/shared/user-record-nss.h b/src/shared/user-record-nss.h
+index 7a41be7..3a970a6 100644
+--- a/src/shared/user-record-nss.h
++++ b/src/shared/user-record-nss.h
+@@ -2,7 +2,6 @@
+ #pragma once
+
+ #include <grp.h>
+-#include <gshadow.h>
+ #include <pwd.h>
+ #include <shadow.h>
+
diff --git a/sys-auth/elogind/files/elogind-252.9-musl-lfs.patch b/sys-auth/elogind/files/elogind-252.9-musl-lfs.patch
new file mode 100644
index 000000000000..4faa929c447a
--- /dev/null
+++ b/sys-auth/elogind/files/elogind-252.9-musl-lfs.patch
@@ -0,0 +1,51 @@
+https://github.com/systemd/systemd/pull/27599
+
+From d096e05c625ea825eb4d781216ded717b7f71cca Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Wed, 10 May 2023 01:47:13 +0100
+Subject: [PATCH] dirent: conditionalize dirent assert based on dirent64
+ existence
+
+>=musl-1.2.4 doesn't define dirent64 and its LFS friends as its "native"
+functions are already LFS-aware.
+
+Check for dirent64 in meson.build and only assert if it exists.
+
+Bug: https://bugs.gentoo.org/905900
+Closes: https://github.com/systemd/systemd/pull/25809
+--- a/meson.build
++++ b/meson.build
+@@ -599,6 +599,7 @@ decl_headers = '''
+ # define _GNU_SOURCE 1
+ # endif // _GNU_SOURCE
+ #endif // 1
++#include <dirent.h>
+ #include <uchar.h>
+ #include <sys/mount.h>
+ #include <sys/stat.h>
+@@ -608,6 +609,7 @@ foreach decl : ['char16_t',
+ 'char32_t',
+ 'struct mount_attr',
+ 'struct statx',
++ 'struct dirent64',
+ ]
+
+ # We get -1 if the size cannot be determined
+--- a/src/basic/dirent-util.h
++++ b/src/basic/dirent-util.h
+@@ -39,6 +39,7 @@ struct dirent *readdir_no_dot(DIR *dirp);
+ /* Only if 64bit off_t is enabled struct dirent + struct dirent64 are actually the same. We require this, and
+ * we want them to be interchangeable to make getdents64() work, hence verify that. */
+ assert_cc(_FILE_OFFSET_BITS == 64);
++#if HAVE_STRUCT_DIRENT64
+ assert_cc(sizeof(struct dirent) == sizeof(struct dirent64));
+ assert_cc(offsetof(struct dirent, d_ino) == offsetof(struct dirent64, d_ino));
+ assert_cc(sizeof_field(struct dirent, d_ino) == sizeof_field(struct dirent64, d_ino));
+@@ -50,6 +51,7 @@ assert_cc(offsetof(struct dirent, d_type) == offsetof(struct dirent64, d_type));
+ assert_cc(sizeof_field(struct dirent, d_type) == sizeof_field(struct dirent64, d_type));
+ assert_cc(offsetof(struct dirent, d_name) == offsetof(struct dirent64, d_name));
+ assert_cc(sizeof_field(struct dirent, d_name) == sizeof_field(struct dirent64, d_name));
++#endif
+
+ #define FOREACH_DIRENT_IN_BUFFER(de, buf, sz) \
+ for (void *_end = (uint8_t*) ({ (de) = (buf); }) + (sz); \
diff --git a/sys-auth/elogind/files/elogind-252.9-musl-more-strerror_r.patch b/sys-auth/elogind/files/elogind-252.9-musl-more-strerror_r.patch
new file mode 100644
index 000000000000..3cfafae4cbfe
--- /dev/null
+++ b/sys-auth/elogind/files/elogind-252.9-musl-more-strerror_r.patch
@@ -0,0 +1,44 @@
+Patch-Source: https://github.com/chimera-linux/cports/blob/6ff62886181bc1325a1431157a80993497fd561b/main/udev/patches/0001-errno-util-Make-STRERROR-portable-for-musl.patch
+--
+From f66b5c802ce0a3310f5580cfc1b02446f8087568 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 23 Jan 2023 23:39:46 -0800
+Subject: [PATCH] errno-util: Make STRERROR portable for musl
+
+Sadly, systemd has decided to use yet another GNU extention in a macro
+lets make this such that we can use XSI compliant strerror_r() for
+non-glibc hosts
+
+Upstream-Status: Inappropriate [musl specific]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/basic/errno-util.h | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h
+index 091f99c590..eb5c1f9961 100644
+--- a/src/basic/errno-util.h
++++ b/src/basic/errno-util.h
+@@ -14,8 +14,16 @@
+ * https://stackoverflow.com/questions/34880638/compound-literal-lifetime-and-if-blocks
+ *
+ * Note that we use the GNU variant of strerror_r() here. */
+-#define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN)
+-
++static inline const char * STRERROR(int errnum);
++
++static inline const char * STRERROR(int errnum) {
++#ifdef __GLIBC__
++ return strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN);
++#else
++ static __thread char buf[ERRNO_BUF_LEN];
++ return strerror_r(abs(errnum), buf, ERRNO_BUF_LEN) ? "unknown error" : buf;
++#endif
++}
+ /* A helper to print an error message or message for functions that return 0 on EOF.
+ * Note that we can't use ({ … }) to define a temporary variable, so errnum is
+ * evaluated twice. */
+--
+2.39.1
+
diff --git a/sys-auth/elogind/files/elogind-252.9-musl-rlim-max.patch b/sys-auth/elogind/files/elogind-252.9-musl-rlim-max.patch
new file mode 100644
index 000000000000..de8f290f16b8
--- /dev/null
+++ b/sys-auth/elogind/files/elogind-252.9-musl-rlim-max.patch
@@ -0,0 +1,13 @@
+diff --git a/src/basic/rlimit-util.c b/src/basic/rlimit-util.c
+index afd74ac..3a731f4 100644
+--- a/src/basic/rlimit-util.c
++++ b/src/basic/rlimit-util.c
+@@ -44,7 +44,7 @@ int setrlimit_closest(int resource, const struct rlimit *rlim) {
+ fixed.rlim_max == highest.rlim_max)
+ return 0;
+
+- log_debug("Failed at setting rlimit " RLIM_FMT " for resource RLIMIT_%s. Will attempt setting value " RLIM_FMT " instead.", rlim->rlim_max, rlimit_to_string(resource), fixed.rlim_max);
++ log_debug("Failed at setting rlimit %ju for resource RLIMIT_%s. Will attempt setting value %ju instead.", (uintmax_t)rlim->rlim_max, rlimit_to_string(resource), (uintmax_t)fixed.rlim_max);
+
+ return RET_NERRNO(setrlimit(resource, &fixed));
+ }
diff --git a/sys-auth/elogind/files/elogind-252.9-musl-sigfillset.patch b/sys-auth/elogind/files/elogind-252.9-musl-sigfillset.patch
new file mode 100644
index 000000000000..787eeac9bc80
--- /dev/null
+++ b/sys-auth/elogind/files/elogind-252.9-musl-sigfillset.patch
@@ -0,0 +1,12 @@
+diff --git a/src/basic/async.h b/src/basic/async.h
+index cf80acf..d22e77d 100644
+--- a/src/basic/async.h
++++ b/src/basic/async.h
+@@ -2,6 +2,7 @@
+ #pragma once
+
+ #include <sys/types.h>
++#include <signal.h>
+
+ #include "macro.h"
+
diff --git a/sys-auth/elogind/files/elogind-252.9-musl-statx.patch b/sys-auth/elogind/files/elogind-252.9-musl-statx.patch
new file mode 100644
index 000000000000..60a8942161df
--- /dev/null
+++ b/sys-auth/elogind/files/elogind-252.9-musl-statx.patch
@@ -0,0 +1,26 @@
+diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c
+index ab8744b..59ff466 100644
+--- a/src/basic/mountpoint-util.c
++++ b/src/basic/mountpoint-util.c
+@@ -11,7 +11,7 @@
+ //#include "filesystems.h"
+ #include "fs-util.h"
+ #include "missing_stat.h"
+-//#include "missing_syscall.h"
++#include "missing_syscall.h"
+ //#include "mkdir.h"
+ #include "mountpoint-util.h"
+ #include "nulstr-util.h"
+diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c
+index d8e0693..f8324ed 100644
+--- a/src/basic/stat-util.c
++++ b/src/basic/stat-util.c
+@@ -18,7 +18,7 @@
+ #include "macro.h"
+ //#include "missing_fs.h"
+ #include "missing_magic.h"
+-//#include "missing_syscall.h"
++#include "missing_syscall.h"
+ #include "nulstr-util.h"
+ //#include "parse-util.h"
+ #include "stat-util.h"
diff --git a/sys-auth/elogind/files/elogind-252.9-musl-strerror_r.patch b/sys-auth/elogind/files/elogind-252.9-musl-strerror_r.patch
new file mode 100644
index 000000000000..04570f5fb3f4
--- /dev/null
+++ b/sys-auth/elogind/files/elogind-252.9-musl-strerror_r.patch
@@ -0,0 +1,89 @@
+fix strerror_r use instead of whatever this define is meant to be doing
+--
+From 0542d27ebbb250c09bdcfcf9f2ea3d27426fe522 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Tue, 10 Jul 2018 15:40:17 +0800
+Subject: [PATCH] distinguish XSI-compliant strerror_r from GNU-specifi
+ strerror_r
+
+XSI-compliant strerror_r and GNU-specifi strerror_r are different.
+
+ int strerror_r(int errnum, char *buf, size_t buflen);
+ /* XSI-compliant */
+
+ char *strerror_r(int errnum, char *buf, size_t buflen);
+ /* GNU-specific */
+
+We need to distinguish between them. Otherwise, we'll get an int value
+assigned to (char *) variable, resulting in segment fault.
+
+Upstream-Status: Inappropriate [musl specific]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
+---
+ src/libsystemd/sd-bus/bus-error.c | 5 +++++
+ src/libsystemd/sd-journal/journal-send.c | 5 +++++
+ 2 files changed, 10 insertions(+)
+
+diff --git a/src/basic/musl_missing.h b/src/basic/musl_missing.h
+index 41c66c9..a2e1d7e 100644
+--- a/src/basic/musl_missing.h
++++ b/src/basic/musl_missing.h
+@@ -26,8 +26,6 @@ void elogind_set_program_name(const char* pcall);
+ #include <unistd.h>
+ #include <pthread.h> /* for pthread_atfork */
+
+-#define strerror_r(e, m, k) (strerror_r(e, m, k) < 0 ? strdup("strerror_r() failed") : m);
+-
+ /*
+ * Possibly TODO according to http://man7.org/linux/man-pages/man3/getenv.3.html
+ * + test if the process's effective user ID does not match its real user ID or
+diff --git a/src/libelogind/sd-bus/bus-error.c b/src/libelogind/sd-bus/bus-error.c
+index 4d687cf..1459396 100644
+--- a/src/libelogind/sd-bus/bus-error.c
++++ b/src/libelogind/sd-bus/bus-error.c
+@@ -409,7 +409,12 @@ static void bus_error_strerror(sd_bus_error *e, int error) {
+ return;
+
+ errno = 0;
++#ifndef __GLIBC__
++ strerror_r(error, m, k);
++ x = m;
++#else
+ x = strerror_r(error, m, k);
++#endif
+ if (errno == ERANGE || strlen(x) >= k - 1) {
+ free(m);
+ k *= 2;
+@@ -594,8 +599,12 @@ const char* _bus_error_message(const sd_bus_error *e, int error, char buf[static
+
+ if (e && e->message)
+ return e->message;
+-
++#ifndef __GLIBC__
++ strerror_r(abs(error), buf, ERRNO_BUF_LEN);
++ return buf;
++#else
+ return strerror_r(abs(error), buf, ERRNO_BUF_LEN);
++#endif
+ }
+
+ static bool map_ok(const sd_bus_error_map *map) {
+diff --git a/src/libelogind/sd-journal/journal-send.c b/src/libelogind/sd-journal/journal-send.c
+index 4010197..1d49868 100644
+--- a/src/libelogind/sd-journal/journal-send.c
++++ b/src/libelogind/sd-journal/journal-send.c
+@@ -444,7 +444,12 @@ static int fill_iovec_perror_and_send(const char *message, int skip, struct iove
+ char* j;
+
+ errno = 0;
++#ifndef __GLIBC__
++ strerror_r(_saved_errno_, buffer + 8 + k, n - 8 - k);
++ j = buffer + 8 + k;
++#else
+ j = strerror_r(_saved_errno_, buffer + 8 + k, n - 8 - k);
++#endif
+ if (errno == 0) {
+ char error[STRLEN("ERRNO=") + DECIMAL_STR_MAX(int) + 1];
+
diff --git a/sys-auth/elogind/files/elogind-252.9-nodocs.patch b/sys-auth/elogind/files/elogind-252.9-nodocs.patch
new file mode 100644
index 000000000000..4be92f95fa24
--- /dev/null
+++ b/sys-auth/elogind/files/elogind-252.9-nodocs.patch
@@ -0,0 +1,28 @@
+diff --git a/meson.build b/meson.build
+index 694a2fd97..9b97cafef 100644
+--- a/meson.build
++++ b/meson.build
+@@ -4528,15 +4528,11 @@ subdir('shell-completion/zsh')
+ # install_dir : xinitrcdir)
+ # endif
+ #endif // 0
+-install_data('LICENSE.GPL2',
+- 'LICENSE.LGPL2.1',
+ #if 0 /// elogind has upgraded to markdown, and the NEWS file is useless
+ # 'NEWS',
+ # 'README',
+ #else // 0
+- 'README.md',
+ #endif // 0
+- 'docs/CODING_STYLE.md',
+ #if 0 /// irrelevant for elogind
+ # 'docs/DISTRO_PORTING.md',
+ # 'docs/ENVIRONMENT.md',
+@@ -4545,7 +4541,6 @@ install_data('LICENSE.GPL2',
+ # 'docs/TRANSLATORS.md',
+ # 'docs/UIDS-GIDS.md',
+ #endif // 0
+- install_dir : docdir)
+
+ #if 0 /// irrelevant for elogind
+ # install_subdir('LICENSES',
diff --git a/sys-auth/elogind/metadata.xml b/sys-auth/elogind/metadata.xml
index fb46725b3a1d..43950e1cc395 100644
--- a/sys-auth/elogind/metadata.xml
+++ b/sys-auth/elogind/metadata.xml
@@ -4,14 +4,6 @@
<maintainer type="person">
<email>asturm@gentoo.org</email>
</maintainer>
- <maintainer type="person">
- <email>kensington@gentoo.org</email>
- <name>Michael Palimaka</name>
- </maintainer>
- <maintainer type="person">
- <email>slashbeast@gentoo.org</email>
- <name>Piotr Karbowski</name>
- </maintainer>
<use>
<flag name="cgroup-hybrid">Use hybrid cgroup hierarchy (OpenRC's default) instead of unified.</flag>
</use>
diff --git a/sys-auth/fprintd/fprintd-1.94.2.ebuild b/sys-auth/fprintd/fprintd-1.94.2.ebuild
index 65065793fd36..452126569d70 100644
--- a/sys-auth/fprintd/fprintd-1.94.2.ebuild
+++ b/sys-auth/fprintd/fprintd-1.94.2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -15,8 +15,8 @@ SRC_URI="https://gitlab.freedesktop.org/libfprint/${PN}/-/archive/v${PV}/${MY_P}
LICENSE="GPL-2+"
SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86"
-IUSE="doc pam systemd test"
+KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ppc ppc64 ~riscv sparc x86"
+IUSE="doc pam selinux systemd test"
RESTRICT="!test? ( test )"
RDEPEND="
@@ -54,6 +54,8 @@ BDEPEND="
)
"
+RDEPEND+=" selinux? ( sec-policy/selinux-fprintd )"
+
PATCHES=(
"${FILESDIR}/${PN}-1.90.7_0001-add-test-feature-and-make-tests-optional.patch"
"${FILESDIR}/${PN}-1.90.8_0002-add-configure-option-for-libsystemd-provider.patch"
diff --git a/sys-auth/google-authenticator-libpam-hardened/google-authenticator-libpam-hardened-9999.ebuild b/sys-auth/google-authenticator-libpam-hardened/google-authenticator-libpam-hardened-9999.ebuild
deleted file mode 100644
index 4858a2c5daa0..000000000000
--- a/sys-auth/google-authenticator-libpam-hardened/google-authenticator-libpam-hardened-9999.ebuild
+++ /dev/null
@@ -1,41 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-EGIT_REPO_URI="https://github.com/mgorny/google-authenticator-libpam-hardened.git"
-inherit autotools git-r3
-
-DESCRIPTION="PAM Module for two step verification via mobile platform"
-HOMEPAGE="https://github.com/mgorny/google-authenticator-libpam-hardened"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-IUSE="+qrcode"
-
-DEPEND="sys-auth/oath-toolkit:=
- sys-libs/pam
- qrcode? ( media-gfx/qrencode:= )"
-RDEPEND="${DEPEND}
- !sys-auth/google-authenticator"
-
-src_prepare() {
- default
- eautoreconf
-}
-
-src_configure() {
- local myconf=(
- # TODO: use getpam_mod_dir after fixing build system
- --libdir="/$(get_libdir)"
-
- $(use_enable qrcode qrencode)
- )
-
- econf "${myconf[@]}"
-}
-
-src_install() {
- default
- find "${D}" -name '*.la' -delete || die
-}
diff --git a/sys-auth/google-authenticator-libpam-hardened/metadata.xml b/sys-auth/google-authenticator-libpam-hardened/metadata.xml
deleted file mode 100644
index 4cd1c0be385a..000000000000
--- a/sys-auth/google-authenticator-libpam-hardened/metadata.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <maintainer type="person">
- <email>mgorny@gentoo.org</email>
- <name>Michał Górny</name>
- </maintainer>
- <use>
- <flag name="qrcode">Display QRcode after setup to accomodate
- automatic setup of OTP client apps.</flag>
- </use>
- <upstream>
- <remote-id type="github">mgorny/google-authenticator-libpam-hardened</remote-id>
- </upstream>
-</pkgmetadata>
diff --git a/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-1.ebuild b/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-1.ebuild
index e9a92f0160c9..2eca357d0a2c 100644
--- a/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-1.ebuild
+++ b/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -6,8 +6,8 @@ EAPI=7
inherit cmake
DESCRIPTION="Set of scripts to manage google-auth setup on Gentoo Infra"
-HOMEPAGE="https://github.com/mgorny/google-authenticator-wrappers"
-SRC_URI="https://github.com/mgorny/google-authenticator-wrappers/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+HOMEPAGE="https://github.com/projg2/google-authenticator-wrappers"
+SRC_URI="https://github.com/projg2/google-authenticator-wrappers/archive/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="BSD-2"
SLOT="0"
diff --git a/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-2.ebuild b/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-2.ebuild
index e9a92f0160c9..2eca357d0a2c 100644
--- a/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-2.ebuild
+++ b/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -6,8 +6,8 @@ EAPI=7
inherit cmake
DESCRIPTION="Set of scripts to manage google-auth setup on Gentoo Infra"
-HOMEPAGE="https://github.com/mgorny/google-authenticator-wrappers"
-SRC_URI="https://github.com/mgorny/google-authenticator-wrappers/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+HOMEPAGE="https://github.com/projg2/google-authenticator-wrappers"
+SRC_URI="https://github.com/projg2/google-authenticator-wrappers/archive/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="BSD-2"
SLOT="0"
diff --git a/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-3-r1.ebuild b/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-3-r1.ebuild
index 6a1d10c36f62..452bd4ae9b87 100644
--- a/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-3-r1.ebuild
+++ b/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-3-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -6,8 +6,8 @@ EAPI=7
inherit cmake
DESCRIPTION="Set of scripts to manage google-auth setup on Gentoo Infra"
-HOMEPAGE="https://github.com/mgorny/google-authenticator-wrappers"
-SRC_URI="https://github.com/mgorny/google-authenticator-wrappers/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+HOMEPAGE="https://github.com/projg2/google-authenticator-wrappers"
+SRC_URI="https://github.com/projg2/google-authenticator-wrappers/archive/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="BSD-2"
SLOT="0"
diff --git a/sys-auth/google-authenticator-wrappers/metadata.xml b/sys-auth/google-authenticator-wrappers/metadata.xml
index 076793e3f54b..9b638fe4f176 100644
--- a/sys-auth/google-authenticator-wrappers/metadata.xml
+++ b/sys-auth/google-authenticator-wrappers/metadata.xml
@@ -5,4 +5,12 @@
<email>mgorny@gentoo.org</email>
<name>Michał Górny</name>
</maintainer>
+ <upstream>
+ <maintainer status="active">
+ <email>mgorny@gentoo.org</email>
+ <name>Michał Górny</name>
+ </maintainer>
+ <bugs-to>https://github.com/projg2/google-authenticator-wrappers/issues/</bugs-to>
+ <remote-id type="github">projg2/google-authenticator-wrappers</remote-id>
+ </upstream>
</pkgmetadata>
diff --git a/sys-auth/libfprint/Manifest b/sys-auth/libfprint/Manifest
index ae233d9316f7..5a4b54078971 100644
--- a/sys-auth/libfprint/Manifest
+++ b/sys-auth/libfprint/Manifest
@@ -1,3 +1,4 @@
DIST libfprint-1.94.3.tar.gz 10409543 BLAKE2B 33e25715313cfc37f0c05ad47eca6d315a041a067cfc7dfac9d71fcf5231a11f54888dd837c083b8cca03ca2b4b0bced30340e8966ab4c989d4a33c59ceb483e SHA512 22290bd393b54ada75c4655b3e901b6ee25f389a396a9b29bc1e76c0333d9718483b2059c927deb5b8d8e0acf632fecc9c4535b3f161910d5c51fad508d3e7a4
DIST libfprint-1.94.4.tar.gz 10408480 BLAKE2B 492ea10777d223ce7d610f0dca2871c8eae08cb5dd7d30187194d6cc139a60d5350e5908f759434065614c05a72192347be19c1d6fe5641e08a2f6419bdcede7 SHA512 425efdfde373179a237805c4b5561e3531616798c41ccd4358f1c521f1e21af01f8ca61aaf8c959e2c68a69e4dfda23960e696acaaad2228ffef6f999986468e
DIST libfprint-1.94.5.tar.bz2 8922994 BLAKE2B b79292dc77426d76e5e9cb1cbf8662867224f19ff9cf2434d000689d02e7d4609c9ca94a016185f71500e4a58e9522a7647684e1eaa841c02a40f27e0d22055e SHA512 6a73b3d05bd61b5c74e64d52eba7dab6e97dcf149e32c882e05f15dc7241fd8e78f115957ed52a9657ff0b21642ec633c27cc905cbd4697ed41369508957c989
+DIST libfprint-1.94.7.tar.bz2 9066931 BLAKE2B 5df859c4e38a8016b8f91785d8634d85e023cc19b837e928dd2de6392ed77b7a82c26e6c1485df2fa1fb2041421d4dd05441d5df24c2fc5399783dcc174d5afc SHA512 b91a71ef998b03a64b08d9439a1d26027f196f07fd1344bbe45f2dbeb3ace5752af9b7504ee8537eb40d896e43a517e3759a7b3735baded4cc3fb6c0ca3b0ece
diff --git a/sys-auth/libfprint/libfprint-1.94.5.ebuild b/sys-auth/libfprint/libfprint-1.94.5.ebuild
index 13f4c1ce816b..f60ff3e9d76e 100644
--- a/sys-auth/libfprint/libfprint-1.94.5.ebuild
+++ b/sys-auth/libfprint/libfprint-1.94.5.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -13,7 +13,7 @@ SRC_URI="https://gitlab.freedesktop.org/${PN}/${PN}/-/archive/v${PV}/${MY_P}.tar
LICENSE="LGPL-2.1+"
SLOT="2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86"
+KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ppc ppc64 ~riscv sparc x86"
IUSE="examples gtk-doc +introspection"
RDEPEND="
diff --git a/sys-auth/libfprint/libfprint-1.94.7.ebuild b/sys-auth/libfprint/libfprint-1.94.7.ebuild
new file mode 100644
index 000000000000..7ece93fa19d2
--- /dev/null
+++ b/sys-auth/libfprint/libfprint-1.94.7.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit meson udev
+
+MY_P="${PN}-v${PV}"
+
+DESCRIPTION="Library to add support for consumer fingerprint readers"
+HOMEPAGE="
+ https://cgit.freedesktop.org/libfprint/libfprint
+ https://gitlab.freedesktop.org/libfprint/libfprint
+"
+SRC_URI="https://gitlab.freedesktop.org/${PN}/${PN}/-/archive/v${PV}/${MY_P}.tar.bz2 -> ${P}.tar.bz2"
+
+LICENSE="LGPL-2.1+"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+IUSE="examples gtk-doc +introspection"
+
+RDEPEND="
+ dev-libs/glib:2
+ dev-libs/libgudev
+ dev-libs/nss
+ dev-python/pygobject
+ dev-libs/libgusb
+ x11-libs/pixman
+ examples? (
+ x11-libs/gdk-pixbuf:2
+ x11-libs/gtk+:3
+ )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ virtual/pkgconfig
+ gtk-doc? ( dev-util/gtk-doc )
+ introspection? (
+ dev-libs/gobject-introspection
+ dev-libs/libgusb[introspection]
+ )
+"
+
+PATCHES=( "${FILESDIR}/${PN}-1.94.1-test-timeout.patch" )
+
+S="${WORKDIR}/${MY_P}"
+
+src_configure() {
+ local emesonargs=(
+ $(meson_use examples gtk-examples)
+ $(meson_use gtk-doc doc)
+ $(meson_use introspection introspection)
+ -Ddrivers=all
+ -Dinstalled-tests=false
+ -Dudev_rules=enabled
+ -Dudev_rules_dir=$(get_udevdir)/rules.d
+ )
+
+ meson_src_configure
+}
+
+pkg_postinst() {
+ udev_reload
+}
+
+pkg_postrm() {
+ udev_reload
+}
diff --git a/sys-auth/libnss-nis/Manifest b/sys-auth/libnss-nis/Manifest
index cb7267537751..8be397e30f10 100644
--- a/sys-auth/libnss-nis/Manifest
+++ b/sys-auth/libnss-nis/Manifest
@@ -1 +1,2 @@
DIST libnss-nis-3.1.tar.gz 225933 BLAKE2B 23b0c760f48f2f1bd2bcd6a1d3b2e7da0bc2f186b23f4ff961faf78b76bfbbaaa238a510979b086f279f4c4e25f98d9ae8631e5222dc7479e8c50b0f4572b0da SHA512 fab2d035ef9cea5fa6351c44085a96f9f90e50550b77aa3898e0d5a6ff296951b22b4ac58979d07ae3b3da2f97c7e47ab466e1a5868e7f218971028174159636
+DIST libnss_nis-3.2.tar.xz 257420 BLAKE2B e256680bae1d989cf097c9405328f85bf445249f82331d2e943a589c635387af803bebdb5e96235d371886e0c578c0902c9d0b1958c69cc594c93233012c4dad SHA512 d35d1ad88503082a43ad854b5ad6de08367a098871d073eb48a2a2be593326b323dc9c164ce59ee203b34b0b141327c5816129e16170425e8b283e5e2d90a2fa
diff --git a/sys-auth/libnss-nis/libnss-nis-3.2.ebuild b/sys-auth/libnss-nis/libnss-nis-3.2.ebuild
new file mode 100644
index 000000000000..29f8f4ab51c8
--- /dev/null
+++ b/sys-auth/libnss-nis/libnss-nis-3.2.ebuild
@@ -0,0 +1,37 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit multilib-minimal
+
+MY_P=${PN/-/_}-${PV}
+DESCRIPTION="NSS module to provide NIS support"
+HOMEPAGE="https://github.com/thkukuk/libnss_nis"
+SRC_URI="https://github.com/thkukuk/libnss_nis/releases/download/v${PV}/${MY_P}.tar.xz"
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="LGPL-2.1+ BSD ISC"
+SLOT="0"
+KEYWORDS="~amd64 ~riscv"
+
+RDEPEND="
+ >net-libs/libnsl-0:=[${MULTILIB_USEDEP}]
+ net-libs/libtirpc:=[${MULTILIB_USEDEP}]
+ !<sys-libs/glibc-2.26
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+multilib_src_configure() {
+ local myconf=(
+ --enable-shared
+ )
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -name '*.la' -delete || die
+}
diff --git a/sys-auth/munge/munge-0.5.15.ebuild b/sys-auth/munge/munge-0.5.15.ebuild
index 885f7c485398..a1a5d61cf62c 100644
--- a/sys-auth/munge/munge-0.5.15.ebuild
+++ b/sys-auth/munge/munge-0.5.15.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -11,7 +11,7 @@ SRC_URI="https://github.com/dun/munge/releases/download/${P}/${P}.tar.xz"
LICENSE="GPL-3"
SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+KEYWORDS="~alpha amd64 ~arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86"
IUSE="debug gcrypt static-libs"
# TODO: still tries to use ${S}?
RESTRICT="test"
diff --git a/sys-auth/nss-mdns/files/lld-17-undefined-versioned-symbols.patch b/sys-auth/nss-mdns/files/lld-17-undefined-versioned-symbols.patch
new file mode 100644
index 000000000000..905e41853871
--- /dev/null
+++ b/sys-auth/nss-mdns/files/lld-17-undefined-versioned-symbols.patch
@@ -0,0 +1,160 @@
+Gentoo bug: https://bugs.gentoo.org/919484
+Upstream PR: https://github.com/avahi/nss-mdns/pull/93
+diff --git a/Makefile.am b/Makefile.am
+index d5a83c1..6df75f3 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -17,9 +17,6 @@
+ EXTRA_DIST=bootstrap.sh README.md ACKNOWLEDGEMENTS.md NEWS.md LICENSE
+ ACLOCAL_AMFLAGS=-I m4
+
+-# src
+-EXTRA_DIST += src/map-file
+-
+ AM_CFLAGS = \
+ -DMDNS_ALLOW_FILE=\"$(MDNS_ALLOW_FILE)\" \
+ -DAVAHI_SOCKET=\"$(AVAHI_SOCKET)\"
+@@ -47,29 +44,53 @@ endif
+
+ check_PROGRAMS = nss-test avahi-test
+
++src/libnss-mdns-la-map-file: $(srcdir)/src/map-file.in $(srcdir)/src/nss.h
++ $(COMPILE) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(libnss_mdns_la_CFLAGS) -E -x assembler-with-cpp -DVER_SYM_MAP_GEN -o $@ $<
++
++src/libnss-mdns-minimal-la-map-file: $(srcdir)/src/map-file.in $(srcdir)/src/nss.h
++ $(COMPILE) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(libnss_mdns_minimal_la_CFLAGS) -E -x assembler-with-cpp -DVER_SYM_MAP_GEN -o $@ $<
++
++src/libnss-mdns4-la-map-file: $(srcdir)/src/map-file.in $(srcdir)/src/nss.h
++ $(COMPILE) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(libnss_mdns4_la_CFLAGS) -E -x assembler-with-cpp -DVER_SYM_MAP_GEN -o $@ $<
++
++src/libnss-mdns4-minimal-la-map-file: $(srcdir)/src/map-file.in $(srcdir)/src/nss.h
++ $(COMPILE) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(libnss_mdns4_minimal_la_CFLAGS) -E -x assembler-with-cpp -DVER_SYM_MAP_GEN -o $@ $<
++
++src/libnss-mdns6-la-map-file: $(srcdir)/src/map-file.in $(srcdir)/src/nss.h
++ $(COMPILE) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(libnss_mdns6_la_CFLAGS) -E -x assembler-with-cpp -DVER_SYM_MAP_GEN -o $@ $<
++
++src/libnss-mdns6-minimal-la-map-file: $(srcdir)/src/map-file.in $(srcdir)/src/nss.h
++ $(COMPILE) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(libnss_mdns6_minimal_la_CFLAGS) -E -x assembler-with-cpp -DVER_SYM_MAP_GEN -o $@ $<
++
+ libnss_mdns_la_SOURCES=src/util.c src/util.h src/avahi.c src/avahi.h src/nss.c src/nss.h
++EXTRA_libnss_mdns_la_DEPENDENCIES=src/libnss-mdns-la-map-file
+ libnss_mdns_la_CFLAGS=$(AM_CFLAGS)
+-libnss_mdns_la_LDFLAGS=$(AM_LDFLAGS) -shrext .so.2 -Wl,-version-script=$(srcdir)/src/map-file
++libnss_mdns_la_LDFLAGS=$(AM_LDFLAGS) -shrext .so.2 -Wl,-version-script=src/libnss-mdns-la-map-file
+
+ libnss_mdns_minimal_la_SOURCES=$(libnss_mdns_la_SOURCES)
++EXTRA_libnss_mdns_minimal_la_DEPENDENCIES=src/libnss-mdns-minimal-la-map-file
+ libnss_mdns_minimal_la_CFLAGS=$(libnss_mdns_la_CFLAGS) -DMDNS_MINIMAL
+-libnss_mdns_minimal_la_LDFLAGS=$(libnss_mdns_la_LDFLAGS)
++libnss_mdns_minimal_la_LDFLAGS=$(AM_LDFLAGS) -shrext .so.2 -Wl,-version-script=src/libnss-mdns-minimal-la-map-file
+
+ libnss_mdns4_la_SOURCES=$(libnss_mdns_la_SOURCES)
++EXTRA_libnss_mdns4_la_DEPENDENCIES=src/libnss-mdns4-la-map-file
+ libnss_mdns4_la_CFLAGS=$(libnss_mdns_la_CFLAGS) -DNSS_IPV4_ONLY=1
+-libnss_mdns4_la_LDFLAGS=$(libnss_mdns_la_LDFLAGS)
++libnss_mdns4_la_LDFLAGS=$(AM_LDFLAGS) -shrext .so.2 -Wl,-version-script=src/libnss-mdns4-la-map-file
+
+ libnss_mdns4_minimal_la_SOURCES=$(libnss_mdns_la_SOURCES)
++EXTRA_libnss_mdns4_minimal_la_DEPENDENCIES=src/libnss-mdns4-minimal-la-map-file
+ libnss_mdns4_minimal_la_CFLAGS=$(libnss_mdns_la_CFLAGS) -DNSS_IPV4_ONLY=1 -DMDNS_MINIMAL
+-libnss_mdns4_minimal_la_LDFLAGS=$(libnss_mdns_la_LDFLAGS)
++libnss_mdns4_minimal_la_LDFLAGS=$(AM_LDFLAGS) -shrext .so.2 -Wl,-version-script=src/libnss-mdns4-minimal-la-map-file
+
+ libnss_mdns6_la_SOURCES=$(libnss_mdns_la_SOURCES)
++EXTRA_libnss_mdns6_la_DEPENDENCIES=src/libnss-mdns6-la-map-file
+ libnss_mdns6_la_CFLAGS=$(libnss_mdns_la_CFLAGS) -DNSS_IPV6_ONLY=1
+-libnss_mdns6_la_LDFLAGS=$(libnss_mdns_la_LDFLAGS)
++libnss_mdns6_la_LDFLAGS=$(AM_LDFLAGS) -shrext .so.2 -Wl,-version-script=src/libnss-mdns6-la-map-file
+
+ libnss_mdns6_minimal_la_SOURCES=$(libnss_mdns_la_SOURCES)
++EXTRA_libnss_mdns6_minimal_la_DEPENDENCIES=src/libnss-mdns6-minimal-la-map-file
+ libnss_mdns6_minimal_la_CFLAGS=$(libnss_mdns_la_CFLAGS) -DNSS_IPV6_ONLY=1 -DMDNS_MINIMAL
+-libnss_mdns6_minimal_la_LDFLAGS=$(libnss_mdns_la_LDFLAGS)
++libnss_mdns6_minimal_la_LDFLAGS=$(AM_LDFLAGS) -shrext .so.2 -Wl,-version-script=src/libnss-mdns6-minimal-la-map-file
+
+ nss_mdns_la_SOURCES=$(libnss_mdns_la_SOURCES) src/bsdnss.c
+ nss_mdns_la_CFLAGS=$(AM_CFLAGS)
+diff --git a/src/map-file b/src/map-file
+deleted file mode 100644
+index 69e7987..0000000
+--- a/src/map-file
++++ /dev/null
+@@ -1,41 +0,0 @@
+-NSSMDNS_0 {
+-global:
+-
+-_nss_mdns_gethostbyaddr_r;
+-_nss_mdns4_gethostbyaddr_r;
+-_nss_mdns6_gethostbyaddr_r;
+-_nss_mdns_minimal_gethostbyaddr_r;
+-_nss_mdns4_minimal_gethostbyaddr_r;
+-_nss_mdns6_minimal_gethostbyaddr_r;
+-
+-_nss_mdns_gethostbyname_r;
+-_nss_mdns4_gethostbyname_r;
+-_nss_mdns6_gethostbyname_r;
+-_nss_mdns_minimal_gethostbyname_r;
+-_nss_mdns4_minimal_gethostbyname_r;
+-_nss_mdns6_minimal_gethostbyname_r;
+-
+-_nss_mdns_gethostbyname2_r;
+-_nss_mdns4_gethostbyname2_r;
+-_nss_mdns6_gethostbyname2_r;
+-_nss_mdns_minimal_gethostbyname2_r;
+-_nss_mdns4_minimal_gethostbyname2_r;
+-_nss_mdns6_minimal_gethostbyname2_r;
+-
+-_nss_mdns_gethostbyname3_r;
+-_nss_mdns4_gethostbyname3_r;
+-_nss_mdns6_gethostbyname3_r;
+-_nss_mdns_minimal_gethostbyname3_r;
+-_nss_mdns4_minimal_gethostbyname3_r;
+-_nss_mdns6_minimal_gethostbyname3_r;
+-
+-_nss_mdns_gethostbyname4_r;
+-_nss_mdns4_gethostbyname4_r;
+-_nss_mdns6_gethostbyname4_r;
+-_nss_mdns_minimal_gethostbyname4_r;
+-_nss_mdns4_minimal_gethostbyname4_r;
+-_nss_mdns6_minimal_gethostbyname4_r;
+-
+-local:
+-*;
+-};
+diff --git a/src/map-file.in b/src/map-file.in
+new file mode 100644
+index 0000000..caecf41
+--- /dev/null
++++ b/src/map-file.in
+@@ -0,0 +1,14 @@
++NSSMDNS_0 {
++global:
++
++#include "nss.h"
++
++_nss_mdns_gethostbyaddr_r;
++_nss_mdns_gethostbyname2_r;
++_nss_mdns_gethostbyname3_r;
++_nss_mdns_gethostbyname4_r;
++_nss_mdns_gethostbyname_r;
++
++local:
++*;
++};
+diff --git a/src/nss.h b/src/nss.h
+index dd8dbff..d63f51c 100644
+--- a/src/nss.h
++++ b/src/nss.h
+@@ -33,6 +33,7 @@
+ #define _nss_mdns_gethostbyaddr_r _nss_mdns_minimal_gethostbyaddr_r
+ #endif
+
++#ifndef VER_SYM_MAP_GEN
+ // Define prototypes for nss function we're going to export (fixes GCC warnings)
+ #ifndef __FreeBSD__
+ enum nss_status _nss_mdns_gethostbyname4_r(const char*, struct gaih_addrtuple**,
+@@ -50,3 +51,4 @@ enum nss_status _nss_mdns_gethostbyaddr_r(const void*, int, int,
+ int*);
+
+ #endif
++#endif
diff --git a/sys-auth/nss-mdns/nss-mdns-0.15.1.ebuild b/sys-auth/nss-mdns/nss-mdns-0.15.1.ebuild
index 6a7a14987621..2c1aa9581be0 100644
--- a/sys-auth/nss-mdns/nss-mdns-0.15.1.ebuild
+++ b/sys-auth/nss-mdns/nss-mdns-0.15.1.ebuild
@@ -1,8 +1,8 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
-inherit multilib-minimal
+inherit autotools multilib-minimal
DESCRIPTION="Name Service Switch module for Multicast DNS"
HOMEPAGE="https://github.com/lathiat/nss-mdns"
@@ -18,6 +18,16 @@ RDEPEND=">=net-dns/avahi-0.6.31-r2[${MULTILIB_USEDEP}]"
DEPEND="${RDEPEND}
test? ( >=dev-libs/check-0.11[${MULTILIB_USEDEP}] )"
+PATCHES=(
+ "${FILESDIR}"/lld-17-undefined-versioned-symbols.patch
+)
+
+src_prepare() {
+ default
+ # Only needed for LLD 17 patch
+ eautoreconf
+}
+
multilib_src_configure() {
local myconf=(
# $(localstatedir)/run/... is used to locate avahi-daemon socket
@@ -46,9 +56,9 @@ pkg_postinst() {
ewarn "minimal (mdns?_minimal) libraries which only lookup .local hosts"
ewarn "and 169.254.x.x addresses."
ewarn
- ewarn "Add the appropriate mdns into the hosts line in /etc/nsswitch.conf."
- ewarn "An example line looks like:"
- ewarn "hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4"
+ ewarn "Add the appropriate mdns into the hosts line in /etc/nsswitch.conf"
+ ewarn "before resolve and dns. An example line looks like:"
+ ewarn "hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns"
ewarn
ewarn "If you want to perform mDNS lookups for domains other than the ones"
ewarn "ending in .local, add them to /etc/mdns.allow."
diff --git a/sys-auth/nss-mdns/nss-mdns-9999.ebuild b/sys-auth/nss-mdns/nss-mdns-9999.ebuild
index 532c36ea0f69..14c19990761b 100644
--- a/sys-auth/nss-mdns/nss-mdns-9999.ebuild
+++ b/sys-auth/nss-mdns/nss-mdns-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -53,9 +53,9 @@ pkg_postinst() {
ewarn "minimal (mdns?_minimal) libraries which only lookup .local hosts"
ewarn "and 169.254.x.x addresses."
ewarn
- ewarn "Add the appropriate mdns into the hosts line in /etc/nsswitch.conf."
- ewarn "An example line looks like:"
- ewarn "hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4"
+ ewarn "Add the appropriate mdns into the hosts line in /etc/nsswitch.conf"
+ ewarn "before resolve and dns. An example line looks like:"
+ ewarn "hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns"
ewarn
ewarn "If you want to perform mDNS lookups for domains other than the ones"
ewarn "ending in .local, add them to /etc/mdns.allow."
diff --git a/sys-auth/nss-myhostname/nss-myhostname-0.3-r1.ebuild b/sys-auth/nss-myhostname/nss-myhostname-0.3-r1.ebuild
index 3e71766c9e42..d1117fb2df91 100644
--- a/sys-auth/nss-myhostname/nss-myhostname-0.3-r1.ebuild
+++ b/sys-auth/nss-myhostname/nss-myhostname-0.3-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
@@ -9,7 +9,7 @@ SRC_URI="https://0pointer.de/lennart/projects/${PN}/${P}.tar.gz"
LICENSE="LGPL-2.1+"
SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~ia64 ppc ppc64 ~riscv sparc x86"
+KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ppc ppc64 ~riscv sparc x86"
IUSE=""
COMMON_DEPEND=""
diff --git a/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.12-netdb-defines.patch b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.12-netdb-defines.patch
new file mode 100644
index 000000000000..2036da4fd7b1
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.12-netdb-defines.patch
@@ -0,0 +1,26 @@
+Bug: https://bugs.gentoo.org/716272
+
+--- a/nss/hosts.c
++++ b/nss/hosts.c
+@@ -49,6 +49,9 @@
+ *h_errnop = NO_RECOVERY; \
+ return NSS_STATUS_UNAVAIL;
+
++#ifndef NETDB_INTERNAL
++#define NETDB_INTERNAL -1
++#endif
+ #undef ERROR_OUT_BUFERROR
+ #define ERROR_OUT_BUFERROR(fp) \
+ *errnop = ERANGE; \
+--- a/nss/networks.c
++++ b/nss/networks.c
+@@ -49,6 +49,9 @@
+ *h_errnop = NO_RECOVERY; \
+ return NSS_STATUS_UNAVAIL;
+
++#ifndef NETDB_INTERNAL
++#define NETDB_INTERNAL -1
++#endif
+ #undef ERROR_OUT_BUFERROR
+ #define ERROR_OUT_BUFERROR(fp) \
+ *errnop = ERANGE; \
diff --git a/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild
index bfb9799aa94f..0f8f3074c0d5 100644
--- a/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild
+++ b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
-PYTHON_COMPAT=( python3_{9..11} )
+PYTHON_COMPAT=( python3_{10..11} )
inherit autotools python-r1 s6 systemd tmpfiles multilib-minimal
DESCRIPTION="NSS module for name lookups using LDAP"
@@ -12,9 +12,10 @@ SRC_URI="https://arthurdejong.org/${PN}/${P}.tar.gz"
LICENSE="LGPL-2.1"
SLOT="0"
-KEYWORDS="amd64 ~ppc ~ppc64 x86"
+KEYWORDS="amd64 arm ~hppa ~ia64 ~ppc ppc64 ~sparc x86"
IUSE="debug kerberos +pam pynslcd sasl test +utils"
REQUIRED_USE="
+ ${PYTHON_REQUIRED_USE}
utils? ( ${PYTHON_REQUIRED_USE} )
test? ( ${PYTHON_REQUIRED_USE} pynslcd )
"
diff --git a/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r3.ebuild b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r3.ebuild
new file mode 100644
index 000000000000..dea33acdbfbb
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r3.ebuild
@@ -0,0 +1,165 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..11} )
+inherit autotools python-r1 s6 systemd tmpfiles multilib-minimal
+
+DESCRIPTION="NSS module for name lookups using LDAP"
+HOMEPAGE="https://arthurdejong.org/nss-pam-ldapd/"
+SRC_URI="https://arthurdejong.org/${PN}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc x86"
+IUSE="debug kerberos +pam pynslcd sasl selinux test +utils"
+REQUIRED_USE="
+ ${PYTHON_REQUIRED_USE}
+ utils? ( ${PYTHON_REQUIRED_USE} )
+ test? ( ${PYTHON_REQUIRED_USE} pynslcd )
+"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ acct-group/nslcd
+ acct-user/nslcd
+ net-nds/openldap:=[${MULTILIB_USEDEP}]
+ sasl? ( dev-libs/cyrus-sasl[${MULTILIB_USEDEP}] )
+ kerberos? ( virtual/krb5[${MULTILIB_USEDEP}] )
+ sys-libs/pam[${MULTILIB_USEDEP}]
+ utils? ( ${PYTHON_DEPS} )
+ pynslcd? (
+ dev-python/python-ldap[${PYTHON_USEDEP}]
+ dev-python/python-daemon[${PYTHON_USEDEP}]
+ )
+ elibc_musl? ( sys-libs/musl-nscd )
+ !sys-auth/nss_ldap
+ !sys-auth/pam_ldap
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ ${PYTHON_DEPS}
+ test? ( dev-python/pylint[${PYTHON_USEDEP}] )
+"
+RDEPEND+=" selinux? ( sec-policy/selinux-nslcd )"
+
+PATCHES=(
+ "${FILESDIR}"/nss-pam-ldapd-0.9.4-disable-py3-only-linters.patch
+ "${FILESDIR}"/nss-pam-ldapd-0.9.11-use-mkstemp.patch
+ "${FILESDIR}"/nss-pam-ldapd-0.9.11-relative-imports.patch
+ "${FILESDIR}"/nss-pam-ldapd-0.9.11-tests.patch
+ "${FILESDIR}"/nss-pam-ldapd-0.9.11-tests-py39.patch
+ "${FILESDIR}"/nss-pam-ldapd-0.9.12-netdb-defines.patch
+)
+
+pkg_setup() {
+ [[ ${MERGE_TYPE} != binary ]] && python_setup
+}
+
+src_prepare() {
+ default
+
+ touch pynslcd/__init__.py || die "Could not create __init__.py for pynslcd"
+ mv pynslcd/pynslcd.py pynslcd/main.py || die
+
+ eautoreconf
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --disable-utils
+ --enable-warnings
+ --with-ldap-lib=openldap
+ --with-ldap-conf-file="${EPREFIX}"/etc/nslcd.conf
+ --with-nslcd-pidfile=/run/nslcd/nslcd.pid
+ --with-nslcd-socket=/run/nslcd/socket
+ --with-nss-flavour=glibc
+ $(use_enable pynslcd)
+ $(use_enable debug)
+ $(use_enable kerberos)
+ $(use_enable pam)
+ $(use_enable sasl)
+
+ # nss libraries always go in /lib on Gentoo
+ --with-pam-seclib-dir="${EPREFIX}"/$(get_libdir)/security
+ --libdir="${EPREFIX}"/$(get_libdir)
+ )
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+}
+
+multilib_src_test() {
+ python_test() {
+ cp -l "${S}"/pynslcd/*.py pynslcd/ || die "Could not copy python files for tests"
+ nonfatal emake check || die "tests failed with ${EPYTHON}"
+ }
+
+ pushd "${BUILD_DIR}" >/dev/null || die
+ ln -s ../pynslcd/constants.py utils/constants.py || die
+ python_foreach_impl python_test
+ popd >/dev/null || die
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if use pynslcd; then
+ python_moduleinto pynslcd
+ python_foreach_impl python_domodule pynslcd/*.py
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+
+ newinitd "${FILESDIR}"/nslcd.init nslcd
+ s6_install_service nslcd "${FILESDIR}"/nslcd.s6
+
+ insinto /usr/share/nss-pam-ldapd
+ doins "${WORKDIR}"/${P}/nslcd.conf
+
+ fperms o-r /etc/nslcd.conf
+
+ if use utils; then
+ python_moduleinto nslcd
+ python_foreach_impl python_domodule utils/*.py
+
+ local script
+ for script in chsh getent; do
+ python_foreach_impl python_newscript utils/${script}.py ${script}.ldap
+ done
+ fi
+ if use pynslcd; then
+ rm -rf "${ED}"/usr/share/pynslcd || die
+ python_moduleinto pynslcd
+ python_foreach_impl python_domodule pynslcd/*.py
+ python_scriptinto /usr/sbin
+ python_foreach_impl python_newscript pynslcd/main.py pynslcd
+ newinitd "${FILESDIR}"/pynslcd.init pynslcd
+ fi
+
+ newtmpfiles "${FILESDIR}"/nslcd-tmpfiles.conf nslcd.conf
+ systemd_newunit "${FILESDIR}"/nslcd.service nslcd.service
+}
+
+pkg_postinst() {
+ tmpfiles_process nslcd.conf
+
+ elog "For this to work you must configure /etc/nslcd.conf"
+ elog "This configuration is similar to pam_ldap's /etc/ldap.conf"
+ elog
+ elog "In order to use nss-pam-ldapd, nslcd needs to be running. You can"
+ elog "start it like this:"
+ elog " # /etc/init.d/nslcd start"
+ elog
+ elog "You can add it to the default runlevel like so:"
+ elog " # rc-update add nslcd default"
+ elog
+ elog "If you have >=sys-apps/openrc-0.16.3, you can also use s6"
+ elog "to supervise this service."
+ elog "To do this, emerge sys-apps/s6 then add nslcd-s6"
+ elog "default runlevel instead of nslcd."
+ elog
+ elog "If you are upgrading, keep in mind that /etc/nss-ldapd.conf"
+ elog " is now named /etc/nslcd.conf"
+}
diff --git a/sys-auth/oath-toolkit/Manifest b/sys-auth/oath-toolkit/Manifest
index 5869f860e046..bdd4b255323b 100644
--- a/sys-auth/oath-toolkit/Manifest
+++ b/sys-auth/oath-toolkit/Manifest
@@ -1 +1,4 @@
-DIST oath-toolkit-2.6.2.tar.gz 4295786 BLAKE2B 2b97ab73339647b560b46373922095f18655a167b613b15d4ee2fd507d430025628d20eb111ff1d8025e78646b1d61d9680a7082caba1c75d247bb1d8b9b99dd SHA512 201a702a05a2e9fb3a66d04750e1a34e293342126caf02c344954a0d9fd0daafe73ca7f1fe273be129ae555a29b82b72fa2b4770ea2ad10711924e1926ec2cfb
+DIST oath-toolkit-2.6.10.tar.gz 4710528 BLAKE2B 2fd3c890214089b47bc4eb5759735cc921ed73f9eb9fa52aa8cc9f329b9887a45dbc0118ca077aecebc38660388d1be29a94d8c87917361def86f3a9378f5d40 SHA512 b9a4447350593c206aabf4dce09273194d5ac499c4f2fca4e36ba77480793898e3011655451d9147748b56c2a8611e04640ba2aec5f4e96fcd9e967b93b1c1b7
+DIST oath-toolkit-2.6.11.tar.gz 4699215 BLAKE2B f3fa3ab1818f4f9bbf7c8c88432cd3432fbfb30dfcc660ab85f07e2d3d7e1616fc24579900bc55bbf72fb81b2eac4a6591553968872f07d8b3955ce4e6495afd SHA512 42df879bebccdde3d38558ba735e09db14d0c916b9f0d3a1842e0ecc80614b7d1ee44db39d3097970a2a7108446da6eefd09bdd32dd2fb81d6aed06dc19552fd
+DIST oath-toolkit-2.6.7.tar.gz 5625279 BLAKE2B 23f377c51eb633bf01d6085d33c7362cd91b6bed1cf4c2bbf32dc9433849e20c53f6896b16e5056b13f420f6a65a3c593fa1dafd7e184ed9e52666d94a7f75d1 SHA512 50edff75c8366887d69cf4740c4cc3bdfc3e43cbd4910ff40f735bca489f0953d7e5a21130f12782ac7a1f2fb00f0db313aff139085f23daba78a69bc7b2eb12
+DIST oath-toolkit-2.6.9.tar.gz 4693524 BLAKE2B 572512311bbfa18d325c7b9b8d88ff85c05241c9a22942bc67edf531ed621e68b031dc4562bd8473ec1b1bfe264c8a4084c1c304ba0d24914acc5b21325b8601 SHA512 6e96b5a926f6e2448661fef267dcf9c99167b7bdfc71e319d2ab7ddc051a7be002043485547ad83744209c25ea0d87f8e28f25cccd6856281321f3d22e3cf160
diff --git a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-gcc7.patch b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-gcc7.patch
deleted file mode 100644
index 18a0a2779408..000000000000
--- a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-gcc7.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-Bug: https://bugs.gentoo.org/618100
-Cherry-picked from upstream commits: https://github.com/coreutils/gnulib/commit/175b4e22f99e00996b72f822f5ae54dca8243d19
- https://github.com/coreutils/gnulib/commit/abae112b34572cd3869ce4fc81dddb5c2a7394c4
-
---- a/oathtool/gl/intprops.h
-+++ b/oathtool/gl/intprops.h
-@@ -23,6 +23,10 @@
- #include <limits.h>
- #include <verify.h>
-
-+#ifndef __has_builtin
-+# define __has_builtin(x) 0
-+#endif
-+
- /* Return a value with the common real type of E and V and the value of V. */
- #define _GL_INT_CONVERT(e, v) (0 * (e) + (v))
-
-@@ -222,20 +226,24 @@
- ? (a) < (min) >> (b) \
- : (max) >> (b) < (a))
-
--/* True if __builtin_add_overflow (A, B, P) works when P is null. */
--#define _GL_HAS_BUILTIN_OVERFLOW_WITH_NULL (7 <= __GNUC__)
-+/* True if __builtin_add_overflow (A, B, P) works when P is non-null. */
-+#define _GL_HAS_BUILTIN_OVERFLOW \
-+ (5 <= __GNUC__ || __has_builtin (__builtin_add_overflow))
-+
-+#define _GL_HAS_BUILTIN_OVERFLOW_P \
-+ (7 <= __GNUC__ || __has_builtin (__builtin_add_overflow_p))
-
- /* The _GL*_OVERFLOW macros have the same restrictions as the
- *_RANGE_OVERFLOW macros, except that they do not assume that operands
- (e.g., A and B) have the same type as MIN and MAX. Instead, they assume
- that the result (e.g., A + B) has that type. */
--#if _GL_HAS_BUILTIN_OVERFLOW_WITH_NULL
--# define _GL_ADD_OVERFLOW(a, b, min, max)
-- __builtin_add_overflow (a, b, (__typeof__ ((a) + (b)) *) 0)
--# define _GL_SUBTRACT_OVERFLOW(a, b, min, max)
-- __builtin_sub_overflow (a, b, (__typeof__ ((a) - (b)) *) 0)
--# define _GL_MULTIPLY_OVERFLOW(a, b, min, max)
-- __builtin_mul_overflow (a, b, (__typeof__ ((a) * (b)) *) 0)
-+#if _GL_HAS_BUILTIN_OVERFLOW_P
-+# define _GL_ADD_OVERFLOW(a, b, min, max) \
-+ __builtin_add_overflow_p (a, b, (a) + (b))
-+# define _GL_SUBTRACT_OVERFLOW(a, b, min, max) \
-+ __builtin_sub_overflow_p (a, b, (a) - (b))
-+# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) \
-+ __builtin_mul_overflow_p (a, b, (a) * (b))
- #else
- # define _GL_ADD_OVERFLOW(a, b, min, max) \
- ((min) < 0 ? INT_ADD_RANGE_OVERFLOW (a, b, min, max) \
-@@ -315,7 +323,7 @@
- _GL_BINARY_OP_OVERFLOW (a, b, _GL_ADD_OVERFLOW)
- #define INT_SUBTRACT_OVERFLOW(a, b) \
- _GL_BINARY_OP_OVERFLOW (a, b, _GL_SUBTRACT_OVERFLOW)
--#if _GL_HAS_BUILTIN_OVERFLOW_WITH_NULL
-+#if _GL_HAS_BUILTIN_OVERFLOW || _GL_HAS_BUILTIN_OVERFLOW_P
- # define INT_NEGATE_OVERFLOW(a) INT_SUBTRACT_OVERFLOW (0, a)
- #else
- # define INT_NEGATE_OVERFLOW(a) \
-@@ -349,10 +357,6 @@
- #define INT_MULTIPLY_WRAPV(a, b, r) \
- _GL_INT_OP_WRAPV (a, b, r, *, __builtin_mul_overflow, INT_MULTIPLY_OVERFLOW)
-
--#ifndef __has_builtin
--# define __has_builtin(x) 0
--#endif
--
- /* Nonzero if this compiler has GCC bug 68193 or Clang bug 25390. See:
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68193
- https://llvm.org/bugs/show_bug.cgi?id=25390
-@@ -369,7 +373,7 @@
- the operation. BUILTIN is the builtin operation, and OVERFLOW the
- overflow predicate. Return 1 if the result overflows. See above
- for restrictions. */
--#if 5 <= __GNUC__ || __has_builtin (__builtin_add_overflow)
-+#if _GL_HAS_BUILTIN_OVERFLOW
- # define _GL_INT_OP_WRAPV(a, b, r, op, builtin, overflow) builtin (a, b, r)
- #elif 201112 <= __STDC_VERSION__ && !_GL__GENERIC_BOGUS
- # define _GL_INT_OP_WRAPV(a, b, r, op, builtin, overflow) \
diff --git a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-glibc228.patch b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-glibc228.patch
deleted file mode 100644
index c43f7aee0fe7..000000000000
--- a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-glibc228.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-diff -ruN oath-toolkit-2.6.2.orig/liboath/gl/fseeko.c oath-toolkit-2.6.2/liboath/gl/fseeko.c
---- oath-toolkit-2.6.2.orig/liboath/gl/fseeko.c 2016-08-27 13:15:06.000000000 +0200
-+++ oath-toolkit-2.6.2/liboath/gl/fseeko.c 2018-10-27 22:07:53.836832404 +0200
-@@ -1,18 +1,18 @@
- /* An fseeko() function that, together with fflush(), is POSIX compliant.
-- Copyright (C) 2007-2016 Free Software Foundation, Inc.
-+ Copyright (C) 2007-2018 Free Software Foundation, Inc.
-
- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU Lesser General Public License as published by
-- the Free Software Foundation; either version 2.1, or (at your option)
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 2, or (at your option)
- any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU Lesser General Public License for more details.
-+ GNU General Public License for more details.
-
-- You should have received a copy of the GNU Lesser General Public License along
-- with this program; if not, see <http://www.gnu.org/licenses/>. */
-+ You should have received a copy of the GNU General Public License along
-+ with this program; if not, see <https://www.gnu.org/licenses/>. */
-
- #include <config.h>
-
-@@ -33,9 +33,9 @@
- #endif
- #if _GL_WINDOWS_64_BIT_OFF_T
- # undef fseeko
--# if HAVE__FSEEKI64 /* msvc, mingw64 */
-+# if HAVE__FSEEKI64 && HAVE_DECL__FSEEKI64 /* msvc, mingw since msvcrt8.0, mingw64 */
- # define fseeko _fseeki64
--# else /* mingw */
-+# else /* mingw before msvcrt8.0 */
- # define fseeko fseeko64
- # endif
- #endif
-@@ -47,12 +47,13 @@
- #endif
-
- /* These tests are based on fpurge.c. */
--#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
-+#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
-+ /* GNU libc, BeOS, Haiku, Linux libc5 */
- if (fp->_IO_read_end == fp->_IO_read_ptr
- && fp->_IO_write_ptr == fp->_IO_write_base
- && fp->_IO_save_base == NULL)
- #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
-- /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */
-+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
- # if defined __SL64 && defined __SCLE /* Cygwin */
- if ((fp->_flags & __SL64) == 0)
- {
-@@ -80,7 +81,7 @@
- #elif defined __minix /* Minix */
- if (fp_->_ptr == fp_->_buf
- && (fp_->_ptr == NULL || fp_->_count == 0))
--#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, NonStop Kernel */
-+#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, MSVC, NonStop Kernel, OpenVMS */
- if (fp_->_ptr == fp_->_base
- && (fp_->_ptr == NULL || fp_->_cnt == 0))
- #elif defined __UCLIBC__ /* uClibc */
-@@ -117,18 +118,19 @@
- if (pos == -1)
- {
- #if defined __sferror || defined __DragonFly__ || defined __ANDROID__
-- /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */
-+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
- fp_->_flags &= ~__SOFF;
- #endif
- return -1;
- }
-
--#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
-+#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
-+ /* GNU libc, BeOS, Haiku, Linux libc5 */
- fp->_flags &= ~_IO_EOF_SEEN;
- fp->_offset = pos;
- #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
-- /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */
--# if defined __CYGWIN__ || (defined __NetBSD__ && __NetBSD_Version__ >= 600000000)
-+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
-+# if defined __CYGWIN__ || (defined __NetBSD__ && __NetBSD_Version__ >= 600000000) || defined __minix
- /* fp_->_offset is typed as an integer. */
- fp_->_offset = pos;
- # else
-@@ -150,8 +152,8 @@
- fp_->_flags &= ~__SEOF;
- #elif defined __EMX__ /* emx+gcc */
- fp->_flags &= ~_IOEOF;
--#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, NonStop Kernel */
-- fp->_flag &= ~_IOEOF;
-+#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, MSVC, NonStop Kernel, OpenVMS */
-+ fp_->_flag &= ~_IOEOF;
- #elif defined __MINT__ /* Atari FreeMiNT */
- fp->__offset = pos;
- fp->__eof = 0;
diff --git a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.7-new-xmlsec-tests.patch b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.7-new-xmlsec-tests.patch
new file mode 100644
index 000000000000..a2ad292e19fc
--- /dev/null
+++ b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.7-new-xmlsec-tests.patch
@@ -0,0 +1,74 @@
+https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/0ae59b9c72f69ee21044e736e292b73051df3272
+
+From 0ae59b9c72f69ee21044e736e292b73051df3272 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Sat, 12 Nov 2022 21:42:17 +0100
+Subject: [PATCH] Handle new libxmlsec on ArchLinux.
+
+--- a/libpskc/examples/pskc-hotp-signed.xml
++++ b/libpskc/examples/pskc-hotp-signed.xml
+@@ -38,7 +38,8 @@ rIXbwqKhnBP943U4Ch31oEbZtbo+XRbiq11wv6dLNsi76TNGDqsjTKgEcSIYI6Vd
+ rMxnil6ChoIBvSSPGHhJuj1bW1EPW92JtIa6byrAj1m4RwSviQy2i65YoIdtrhRt
+ CWekj2zuL/0szv5rZMCCvxioOCA8znqELEPMfs0Aa/cACD2MZcC4gGXehNCvzYJr
+ TmB6lFpxP6f0g6eO7PVcqYN9NCwECxb5Cvx2j2uNlereY35/9oPR6YJx+V7sL+DB
+-n6F0mN8OUAFxDamepKdGRApU8uZ35624o/I4</X509Certificate>
++n6F0mN8OUAFxDamepKdGRApU8uZ35624o/I4
++</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </Signature></KeyContainer>
+--- a/pskctool/tests/pskc-all-signed.xml
++++ b/pskctool/tests/pskc-all-signed.xml
+@@ -38,7 +38,8 @@ rIXbwqKhnBP943U4Ch31oEbZtbo+XRbiq11wv6dLNsi76TNGDqsjTKgEcSIYI6Vd
+ rMxnil6ChoIBvSSPGHhJuj1bW1EPW92JtIa6byrAj1m4RwSviQy2i65YoIdtrhRt
+ CWekj2zuL/0szv5rZMCCvxioOCA8znqELEPMfs0Aa/cACD2MZcC4gGXehNCvzYJr
+ TmB6lFpxP6f0g6eO7PVcqYN9NCwECxb5Cvx2j2uNlereY35/9oPR6YJx+V7sL+DB
+-n6F0mN8OUAFxDamepKdGRApU8uZ35624o/I4</X509Certificate>
++n6F0mN8OUAFxDamepKdGRApU8uZ35624o/I4
++</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </Signature></KeyContainer>
+--- a/pskctool/tests/tst_libexamples.sh
++++ b/pskctool/tests/tst_libexamples.sh
+@@ -1,7 +1,7 @@
+ #!/bin/sh
+
+ # tst_libexamples.sh - keep pskctool output in GTK-DOC manual up to date
+-# Copyright (C) 2012-2021 Simon Josefsson
++# Copyright (C) 2012-2022 Simon Josefsson
+
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+@@ -45,7 +45,8 @@ fi
+
+ $PSKCTOOL --sign --sign-key $srcdir/pskc-ee-key.pem \
+ --sign-crt $srcdir/pskc-ee-crt.pem \
+- $srcdir/../../libpskc/examples/pskc-hotp.xml > foo
++ $srcdir/../../libpskc/examples/pskc-hotp.xml \
++ | sed 's,4</X509Cert,4\n</X509Cert,' > foo
+ if ! diff -ur $srcdir/../../libpskc/examples/pskc-hotp-signed.xml foo; then
+ echo "FAIL: pskctool --sign output change, commit updated file."
+ exit 1
+--- a/pskctool/tests/tst_sign.sh
++++ b/pskctool/tests/tst_sign.sh
+@@ -1,7 +1,7 @@
+ #!/bin/sh
+
+ # tst_sign.sh - test that pskctool can sign and verify
+-# Copyright (C) 2012-2021 Simon Josefsson
++# Copyright (C) 2012-2022 Simon Josefsson
+
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+@@ -32,7 +32,7 @@ $PSKCTOOL --info --strict --debug $pskc_all > tmp-pre-human.txt
+ $PSKCTOOL --sign \
+ --sign-key $pskc_ee_key \
+ --sign-crt $pskc_ee_crt \
+- $pskc_all > tmp-signed.xml
++ $pskc_all | sed 's,4</X509Cert,4\n</X509Cert,' > tmp-signed.xml
+
+ diff -ur $pskc_all_signed tmp-signed.xml
+
+--
+GitLab
diff --git a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.9-Fix-build-failure-noticed-on-ArchLinux-xmlsec.patch b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.9-Fix-build-failure-noticed-on-ArchLinux-xmlsec.patch
new file mode 100644
index 000000000000..8b0cbacc51f7
--- /dev/null
+++ b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.9-Fix-build-failure-noticed-on-ArchLinux-xmlsec.patch
@@ -0,0 +1,40 @@
+https://bugs.gentoo.org/924395
+
+From 9f2bc8d4278421e2a05598c89f22cdf34929ec66 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Sun, 31 Dec 2023 15:42:00 +0100
+Subject: [PATCH] Fix build failure noticed on ArchLinux-xmlsec.
+
+---
+ NEWS | 2 ++
+ libpskc/container.c | 1 +
+ libpskc/parser.c | 1 +
+ 3 files changed, 4 insertions(+)
+
+diff --git a/libpskc/container.c b/libpskc/container.c
+index 639babc..bda2266 100644
+--- a/libpskc/container.c
++++ b/libpskc/container.c
+@@ -24,6 +24,7 @@
+ #include <pskc/pskc.h>
+
+ #include <string.h> /* memset */
++#include <stdlib.h> /* realloc */
+
+ #define INTERNAL_NEED_PSKC_STRUCT
+ #define INTERNAL_NEED_PSKC_KEY_STRUCT
+diff --git a/libpskc/parser.c b/libpskc/parser.c
+index b1f3245..9a1e925 100644
+--- a/libpskc/parser.c
++++ b/libpskc/parser.c
+@@ -28,6 +28,7 @@
+ #include "internal.h"
+
+ #include <string.h>
++#include <stdlib.h> /* malloc, strtoul */
+ #include "base64.h"
+
+ static void
+--
+2.43.0
+
diff --git a/sys-auth/oath-toolkit/metadata.xml b/sys-auth/oath-toolkit/metadata.xml
index d230c8d03eb7..96a71f111315 100644
--- a/sys-auth/oath-toolkit/metadata.xml
+++ b/sys-auth/oath-toolkit/metadata.xml
@@ -9,7 +9,10 @@
<name>Gentoo Sysadmin Project</name>
</maintainer>
<use>
- <flag name="pskc">Build tools &amp; library for the Portable Symmetric Key Container (PSKC) format per RFC6030</flag>
<flag name="pam">Build PAM module for pluggable login authentication for OATH</flag>
</use>
+ <upstream>
+ <remote-id type="gitlab">oath-toolkit/oath-toolkit</remote-id>
+ <remote-id type="savannah-nongnu">oath-toolkit</remote-id>
+ </upstream>
</pkgmetadata>
diff --git a/sys-auth/oath-toolkit/oath-toolkit-2.6.10.ebuild b/sys-auth/oath-toolkit/oath-toolkit-2.6.10.ebuild
new file mode 100644
index 000000000000..03d2801fa64c
--- /dev/null
+++ b/sys-auth/oath-toolkit/oath-toolkit-2.6.10.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit pam
+
+DESCRIPTION="Toolkit for using one-time password authentication with HOTP/TOTP algorithms"
+HOMEPAGE="https://www.nongnu.org/oath-toolkit/"
+SRC_URI="mirror://nongnu/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-3 LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
+IUSE="pam static-libs test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ dev-libs/icu:=
+ dev-libs/libxml2
+ dev-libs/xmlsec:=
+ pam? ( sys-libs/pam )
+"
+RDEPEND="${DEPEND}"
+BDEPEND="
+ dev-build/gtk-doc-am
+ test? ( dev-libs/libxml2 )
+"
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ MIN # glibc fp
+ unreachable
+ alignof
+ static_assert
+)
+
+src_configure() {
+ local myeconfargs=(
+ --cache-file="${S}"/config.cache
+ --enable-pskc
+ $(use_enable test xmltest)
+ $(use_enable pam)
+ $(use_with pam pam-dir $(getpam_mod_dir))
+ $(use_enable static-libs static)
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ # Without keep-going, it will bail out after the first testsuite failure,
+ # skipping the other testsuites. as they are mostly independent, this sucks.
+ emake --keep-going check
+
+ # Avoid errant QA notice for no tests run on these
+ rm -f libpskc/gtk-doc/test-suite.log liboath/gtk-doc/test-suite.log || die
+}
+
+src_install() {
+ default
+
+ find "${ED}" -name '*.la' -type f -delete || die
+
+ if use pam; then
+ newdoc pam_oath/README README.pam
+ fi
+
+ doman pskctool/pskctool.1
+}
diff --git a/sys-auth/oath-toolkit/oath-toolkit-2.6.11.ebuild b/sys-auth/oath-toolkit/oath-toolkit-2.6.11.ebuild
new file mode 100644
index 000000000000..03d2801fa64c
--- /dev/null
+++ b/sys-auth/oath-toolkit/oath-toolkit-2.6.11.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit pam
+
+DESCRIPTION="Toolkit for using one-time password authentication with HOTP/TOTP algorithms"
+HOMEPAGE="https://www.nongnu.org/oath-toolkit/"
+SRC_URI="mirror://nongnu/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-3 LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
+IUSE="pam static-libs test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ dev-libs/icu:=
+ dev-libs/libxml2
+ dev-libs/xmlsec:=
+ pam? ( sys-libs/pam )
+"
+RDEPEND="${DEPEND}"
+BDEPEND="
+ dev-build/gtk-doc-am
+ test? ( dev-libs/libxml2 )
+"
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ MIN # glibc fp
+ unreachable
+ alignof
+ static_assert
+)
+
+src_configure() {
+ local myeconfargs=(
+ --cache-file="${S}"/config.cache
+ --enable-pskc
+ $(use_enable test xmltest)
+ $(use_enable pam)
+ $(use_with pam pam-dir $(getpam_mod_dir))
+ $(use_enable static-libs static)
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ # Without keep-going, it will bail out after the first testsuite failure,
+ # skipping the other testsuites. as they are mostly independent, this sucks.
+ emake --keep-going check
+
+ # Avoid errant QA notice for no tests run on these
+ rm -f libpskc/gtk-doc/test-suite.log liboath/gtk-doc/test-suite.log || die
+}
+
+src_install() {
+ default
+
+ find "${ED}" -name '*.la' -type f -delete || die
+
+ if use pam; then
+ newdoc pam_oath/README README.pam
+ fi
+
+ doman pskctool/pskctool.1
+}
diff --git a/sys-auth/oath-toolkit/oath-toolkit-2.6.2-r2.ebuild b/sys-auth/oath-toolkit/oath-toolkit-2.6.2-r2.ebuild
deleted file mode 100644
index 0adab310261d..000000000000
--- a/sys-auth/oath-toolkit/oath-toolkit-2.6.2-r2.ebuild
+++ /dev/null
@@ -1,77 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit pam autotools
-DESCRIPTION="Toolkit for using one-time password authentication with HOTP/TOTP algorithms"
-HOMEPAGE="http://www.nongnu.org/oath-toolkit/"
-SRC_URI="http://download.savannah.gnu.org/releases/${PN}/${P}.tar.gz"
-
-LICENSE="GPL-3 LGPL-2.1"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~loong ppc64 ~riscv x86"
-IUSE="pam pskc static-libs test"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
- dev-libs/icu:=
- pam? ( sys-libs/pam )
- pskc? ( dev-libs/xmlsec )"
-DEPEND="${RDEPEND}
- test? ( dev-libs/libxml2 )
- dev-util/gtk-doc-am"
-
-PATCHES=(
- "${FILESDIR}"/${P}-gcc7.patch
- "${FILESDIR}"/${P}-glibc228.patch
-)
-
-src_prepare() {
- default
-
- # Below files are verbatim copy. Effectively apply ${P}-gcc7.patch
- # to all of them.
- local s='oathtool/gl/intprops.h' d
- for d in {liboath/gl/tests,libpskc/gl,pskctool/gl}/intprops.h; do
- echo "Copy '${s}' to '${d}'"
- cp "${s}" "${d}" || die
- done
-
- # These tests need git/cvs and don't reflect anything in the final app
- sed -i -r \
- -e '/TESTS/s,test-vc-list-files-(git|cvs).sh,,g' \
- gl/tests/Makefile.am
- # disable portability warnings, caused by gtk-doc.make
- sed -i \
- -e '/AM_INIT_AUTOMAKE/ s:-Wall:\0 -Wno-portability:' \
- {liboath,libpskc}/configure.ac
- eautoreconf
-}
-
-src_configure() {
- econf \
- $(use_enable test xmltest ) \
- $(use_enable pam) \
- $(use_with pam pam-dir $(getpam_mod_dir)) \
- $(use_enable pskc) \
- $(use_enable static-libs static)
-}
-
-src_test() {
- # without keep-going, it will bail out after the first testsuite failure,
- # skipping the other testsuites. as they are mostly independant, this sucks.
- emake --keep-going check
- [ $? -ne 0 ] && die "At least one testsuite failed"
-}
-
-src_install() {
- default
- find "${ED}" -name '*.la' -type f -delete || die
- if use pam; then
- newdoc pam_oath/README README.pam
- fi
- if use pskc; then
- doman pskctool/pskctool.1
- fi
-}
diff --git a/sys-auth/oath-toolkit/oath-toolkit-2.6.7-r2.ebuild b/sys-auth/oath-toolkit/oath-toolkit-2.6.7-r2.ebuild
new file mode 100644
index 000000000000..58b88b4c38a6
--- /dev/null
+++ b/sys-auth/oath-toolkit/oath-toolkit-2.6.7-r2.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit pam
+
+DESCRIPTION="Toolkit for using one-time password authentication with HOTP/TOTP algorithms"
+HOMEPAGE="https://www.nongnu.org/oath-toolkit/"
+SRC_URI="mirror://nongnu/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-3 LGPL-2.1"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ~loong ppc64 ~riscv x86"
+IUSE="pam static-libs test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ dev-libs/icu:=
+ dev-libs/libxml2
+ <dev-libs/xmlsec-1.3.0:=
+ pam? ( sys-libs/pam )
+"
+RDEPEND="${DEPEND}"
+BDEPEND="
+ dev-build/gtk-doc-am
+ test? ( dev-libs/libxml2 )
+"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-new-xmlsec-tests.patch
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ MIN # glibc fp
+)
+
+src_configure() {
+ local myeconfargs=(
+ --enable-pskc
+ $(use_enable test xmltest)
+ $(use_enable pam)
+ $(use_with pam pam-dir $(getpam_mod_dir))
+ $(use_enable static-libs static)
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ # Without keep-going, it will bail out after the first testsuite failure,
+ # skipping the other testsuites. as they are mostly independent, this sucks.
+ emake --keep-going check
+
+ # Avoid errant QA notice for no tests run on these
+ rm -f libpskc/gtk-doc/test-suite.log liboath/gtk-doc/test-suite.log || die
+}
+
+src_install() {
+ default
+
+ find "${ED}" -name '*.la' -type f -delete || die
+
+ if use pam; then
+ newdoc pam_oath/README README.pam
+ fi
+
+ doman pskctool/pskctool.1
+}
diff --git a/sys-auth/oath-toolkit/oath-toolkit-2.6.9.ebuild b/sys-auth/oath-toolkit/oath-toolkit-2.6.9.ebuild
new file mode 100644
index 000000000000..d7c6b3404ba0
--- /dev/null
+++ b/sys-auth/oath-toolkit/oath-toolkit-2.6.9.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit pam
+
+DESCRIPTION="Toolkit for using one-time password authentication with HOTP/TOTP algorithms"
+HOMEPAGE="https://www.nongnu.org/oath-toolkit/"
+SRC_URI="mirror://nongnu/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-3 LGPL-2.1"
+SLOT="0"
+KEYWORDS="amd64 ~arm arm64 ~loong ppc64 ~riscv x86"
+IUSE="pam static-libs test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ dev-libs/icu:=
+ dev-libs/libxml2
+ dev-libs/xmlsec:=
+ pam? ( sys-libs/pam )
+"
+RDEPEND="${DEPEND}"
+BDEPEND="
+ dev-build/gtk-doc-am
+ test? ( dev-libs/libxml2 )
+"
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ MIN # glibc fp
+)
+
+PATCHES=(
+ "${FILESDIR}"/${P}-Fix-build-failure-noticed-on-ArchLinux-xmlsec.patch
+)
+
+src_configure() {
+ local myeconfargs=(
+ --cache-file="${S}"/config.cache
+ --enable-pskc
+ $(use_enable test xmltest)
+ $(use_enable pam)
+ $(use_with pam pam-dir $(getpam_mod_dir))
+ $(use_enable static-libs static)
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ # Without keep-going, it will bail out after the first testsuite failure,
+ # skipping the other testsuites. as they are mostly independent, this sucks.
+ emake --keep-going check
+
+ # Avoid errant QA notice for no tests run on these
+ rm -f libpskc/gtk-doc/test-suite.log liboath/gtk-doc/test-suite.log || die
+}
+
+src_install() {
+ default
+
+ find "${ED}" -name '*.la' -type f -delete || die
+
+ if use pam; then
+ newdoc pam_oath/README README.pam
+ fi
+
+ doman pskctool/pskctool.1
+}
diff --git a/sys-auth/pam_krb5/pam_krb5-4.11.ebuild b/sys-auth/pam_krb5/pam_krb5-4.11.ebuild
index 977e0db5d8d9..cdaa837b4677 100644
--- a/sys-auth/pam_krb5/pam_krb5-4.11.ebuild
+++ b/sys-auth/pam_krb5/pam_krb5-4.11.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -9,8 +9,8 @@ SRC_URI="https://archives.eyrie.org/software/kerberos/${P/_/-}.tar.xz"
LICENSE="|| ( BSD-2 GPL-2 )"
SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE=""
+KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~mips ~ppc ppc64 ~riscv ~s390 sparc x86"
+
# tests fail without a /etc/krb5.conf
RESTRICT="test"
diff --git a/sys-auth/pam_mktemp/metadata.xml b/sys-auth/pam_mktemp/metadata.xml
index 4f7d72b1b44b..b8ee607692f8 100644
--- a/sys-auth/pam_mktemp/metadata.xml
+++ b/sys-auth/pam_mktemp/metadata.xml
@@ -1,10 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
-<maintainer type="person">
-<email>swegener@gentoo.org</email>
-</maintainer>
-<use>
-<flag name="prevent-removal">If supported, set EXT2_APPEND_FL on /tmp/.private to prevent temporary directories from being removed</flag>
-</use>
+ <maintainer type="person">
+ <email>swegener@gentoo.org</email>
+ </maintainer>
+ <use>
+ <flag name="prevent-removal">If supported, set EXT2_APPEND_FL on /tmp/.private to prevent temporary directories from being removed</flag>
+ </use>
+ <upstream>
+ <remote-id type="github">openwall/pam_mktemp</remote-id>
+ </upstream>
</pkgmetadata>
diff --git a/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild b/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild
index a7f27816a591..8443daa54537 100644
--- a/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild
+++ b/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild
@@ -1,13 +1,13 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=7
+EAPI=8
inherit toolchain-funcs pam
DESCRIPTION="Create per-user private temporary directories during login"
-HOMEPAGE="http://www.openwall.com/pam/"
-SRC_URI="http://www.openwall.com/pam/modules/${PN}/${P}.tar.gz"
+HOMEPAGE="https://www.openwall.com/pam/"
+SRC_URI="https://www.openwall.com/pam/modules/${PN}/${P}.tar.gz"
LICENSE="BSD-2" # LICENSE file says "heavily cut-down 'BSD license'"
SLOT="0"
diff --git a/sys-auth/pam_mount/Manifest b/sys-auth/pam_mount/Manifest
index caf8020cba63..2de87dd002bc 100644
--- a/sys-auth/pam_mount/Manifest
+++ b/sys-auth/pam_mount/Manifest
@@ -1 +1,2 @@
DIST pam_mount-2.18.tar.xz 324524 BLAKE2B a3f29de8c0a348c98d3e73ac3568595083036fa704b5c34ed17c3660fcc8ff5f64195ad4158af6e351f79865a9128dbb773c7d18bbb07bdff1010e555803cfce SHA512 7f1e373fd7876eddd9226163602ba484ed8a7e1ce92ba6140c1f7603cb205190cb11ad75be41b54d2a6cd21602320d41a65714bfd0af8b5247850a3ef0fe3b22
+DIST pam_mount-2.20.tar.xz 325328 BLAKE2B 2b8a419c8b8604a6546ee5ac2b554d3c90ad04dd58c54bf8904d7e0354a2aafe1ae97a817e67143a24fd8ed40e62008baff94723ced8c4ad2d977e14c3e762ad SHA512 8661dc5ec134c256825df28e53751d1e0e1e881008c3687a56009f4046b3d17c5b9ddd1b1971dff4e023e5d74e5059f486b08a6cab2861a4bee5ba57fbae3454
diff --git a/sys-auth/pam_mount/metadata.xml b/sys-auth/pam_mount/metadata.xml
index 2c4bc1428e94..dd341fea2aca 100644
--- a/sys-auth/pam_mount/metadata.xml
+++ b/sys-auth/pam_mount/metadata.xml
@@ -5,6 +5,6 @@
<email>hanno@gentoo.org</email>
</maintainer>
<upstream>
- <remote-id type="sourceforge">pam-mount</remote-id>
+ <remote-id type="codeberg">jengelh/pam_mount</remote-id>
</upstream>
</pkgmetadata>
diff --git a/sys-auth/pam_mount/pam_mount-2.20.ebuild b/sys-auth/pam_mount/pam_mount-2.20.ebuild
new file mode 100644
index 000000000000..9c0644d8165a
--- /dev/null
+++ b/sys-auth/pam_mount/pam_mount-2.20.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DESCRIPTION="A PAM module that can mount volumes for a user session"
+HOMEPAGE="https://inai.de/projects/pam_mount/"
+SRC_URI="https://inai.de/files/pam_mount/${P}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="amd64 ppc x86"
+
+IUSE="crypt ssl selinux"
+
+DEPEND="
+ >=sys-libs/pam-0.99
+ >=sys-libs/libhx-3.12.1:=
+ >=sys-apps/util-linux-2.20:=
+ >=dev-libs/libxml2-2.6:=
+ dev-libs/libpcre2
+ crypt? ( >=sys-fs/cryptsetup-1.1.0:= )
+ ssl? ( dev-libs/openssl:0= )
+ selinux? ( sys-libs/libselinux )"
+RDEPEND="${DEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+src_configure() {
+ econf --with-slibdir="/$(get_libdir)" \
+ $(use_with crypt cryptsetup) \
+ $(use_with ssl crypto) \
+ $(use_with selinux)
+}
+
+src_install() {
+ default
+ use selinux || rm -r "${D}"/etc/selinux
+ dodoc doc/*.txt
+
+ # Remove unused nonstandard run-dir, current version uses
+ # FHS-compatible /run, but has leftover mkdir from old version
+ # Upstream report: https://codeberg.org/jengelh/pam_mount/pulls/9
+ rm -r "${D}/var/lib"
+
+ find "${ED}" -name '*.la' -delete || die
+}
diff --git a/sys-auth/pam_p11/files/pam_p11-0.3.1-libressl.patch b/sys-auth/pam_p11/files/pam_p11-0.3.1-libressl.patch
new file mode 100644
index 000000000000..e085e06e9006
--- /dev/null
+++ b/sys-auth/pam_p11/files/pam_p11-0.3.1-libressl.patch
@@ -0,0 +1,28 @@
+https://bugs.gentoo.org/903001
+https://github.com/OpenSC/pam_p11/pull/26
+https://github.com/OpenSC/pam_p11/commit/cb2f0c318c94e30addfce3b432ed91496a43e411
+
+From b307045a93d042ac9e3871e35f8495e8bb201574 Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Tue, 11 Apr 2023 07:29:12 -0700
+Subject: [PATCH] match_openssh: Fix the build for LibreSSL >= 3.0.0
+
+Newer LibreSSL versions no longer need the older OpenSSL APIs.
+---
+ src/match_openssh.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/match_openssh.c b/src/match_openssh.c
+index 89cbd73..fb59308 100644
+--- a/src/match_openssh.c
++++ b/src/match_openssh.c
+@@ -22,7 +22,8 @@
+
+ #define OPENSSH_LINE_MAX 16384 /* from openssh SSH_MAX_PUBKEY_BYTES */
+
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3000000L)
+ void RSA_get0_key(const RSA *r,
+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+ {
diff --git a/sys-auth/pam_p11/pam_p11-0.3.1.ebuild b/sys-auth/pam_p11/pam_p11-0.3.1.ebuild
index 0322e3038be0..4b50c70d2edc 100644
--- a/sys-auth/pam_p11/pam_p11-0.3.1.ebuild
+++ b/sys-auth/pam_p11/pam_p11-0.3.1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -20,6 +20,10 @@ RDEPEND="sys-libs/pam
DEPEND="${RDEPEND}"
BDEPEND="virtual/pkgconfig"
+PATCHES=(
+ "${FILESDIR}/${P}-libressl.patch" #903001
+)
+
src_configure() {
# Ugly way to work around deprecated declarations in openssl-3
append-cflags -Wno-error=deprecated-declarations
diff --git a/sys-auth/pam_require/pam_require-0.7-r1.ebuild b/sys-auth/pam_require/pam_require-0.7-r2.ebuild
index 748b7bd53af2..e1e4c24808db 100644
--- a/sys-auth/pam_require/pam_require-0.7-r1.ebuild
+++ b/sys-auth/pam_require/pam_require-0.7-r2.ebuild
@@ -1,23 +1,29 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=7
+EAPI=8
-inherit pam
+inherit autotools pam
DESCRIPTION="Allows you to require a special group or user to access a service"
HOMEPAGE="https://www.splitbrain.org/projects/pam_require"
SRC_URI="https://www.splitbrain.org/_media/projects/pamrequire/${P}.tgz"
+
LICENSE="GPL-2+"
SLOT="0"
-KEYWORDS="~amd64 ~ia64 ~ppc ~x86"
-IUSE=""
+KEYWORDS="amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~riscv ~x86"
DEPEND="sys-libs/pam"
RDEPEND="${DEPEND}"
S=${WORKDIR}/${P/_/-}
+src_prepare() {
+ default
+ mv "${S}"/configure.in "${S}"/configure.ac || die "mv configure.in to configure.ac"
+ eautoreconf
+}
+
src_install() {
dopammod pam_require.so
diff --git a/sys-auth/pam_skey/Manifest b/sys-auth/pam_skey/Manifest
index 8f54c46b6341..109658b83c06 100644
--- a/sys-auth/pam_skey/Manifest
+++ b/sys-auth/pam_skey/Manifest
@@ -1,3 +1,2 @@
-DIST pam_skey-1.1.5-patches-7.tar.xz 9408 BLAKE2B d87da6c4606431618a1a4d75981809cbd91a8e5e3d1f9eae6fbb222e146d451f7c099f9b437829304b647a20c6200797732e9d01451cc4911abba7843151e36c SHA512 8bb39c2d173468c38b4d2bdac186d3f27e868c2be9dc6feffba957d4d33bc8e597c48e4638e5de09829000961fbf8b72f0ba577f232bebdfaa4c2961ede58838
DIST pam_skey-1.1.5-patches-8.tar.xz 9500 BLAKE2B 7fafa0e5c63da6a66e96266768d522cb35eeb439c45b0cf449ce6897804ca8086826a450e24e6c4eb0478b5a00f0eba02097ecd6c6e911de9c33ccb7beed20de SHA512 2d0745148496137be4ed5b03fd4dcaebb65efd24c21b2d969341d10381b8f32f0731b2880b9516de46570c1133e5573fa1a08129fe539aed7fd535d10a31b34d
DIST pam_skey-1.1.5.tar.gz 76963 BLAKE2B ded4a4e43b174338cd1beefce65314cc906db928593dd5eba2ba1be9cab33844d8fd38cb7d3b952a29da632b671c468e0dfe7f0f1e0d167397320cd9ca6d35e1 SHA512 12817cedf15a3b2287982e4beab5d3b388239cc0a1e141e66e41759ddb2da7fb9dd0df12202dcc8140db0868c8df1a8d19d5859224179e2419ffefd691cb9834
diff --git a/sys-auth/pam_skey/pam_skey-1.1.5-r6.ebuild b/sys-auth/pam_skey/pam_skey-1.1.5-r6.ebuild
deleted file mode 100644
index 47f2f49f97fe..000000000000
--- a/sys-auth/pam_skey/pam_skey-1.1.5-r6.ebuild
+++ /dev/null
@@ -1,59 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit pam autotools multilib readme.gentoo-r1
-
-DESCRIPTION="PAM interface for the S/Key authentication system"
-HOMEPAGE="http://freshmeat.net/projects/pam_skey/"
-SRC_URI="http://dkorunic.net/tarballs/${P}.tar.gz
- https://dev.gentoo.org/~ulm/distfiles/${P}-patches-7.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="amd64 x86"
-
-RDEPEND="net-libs/libnsl:0=
- >=sys-libs/pam-0.78-r3
- >=sys-auth/skey-1.1.5-r4"
-DEPEND="${RDEPEND}"
-
-PATCHES=("${WORKDIR}/patch")
-DOCS="README INSTALL"
-
-src_prepare() {
- default
-
- cd autoconf || die
- mv configure.{in,ac} || die
- eautoconf
- eautoheader
- mv configure defs.h.in .. || die
-}
-
-src_configure() {
- econf --libdir="/$(get_libdir)" CFLAGS="${CFLAGS} -fPIC"
-}
-
-src_install() {
- default
-
- DOC_CONTENTS="To use the pam_skey module, you need to configure PAM
- by adding a line like:
- \n\nauth [success=done ignore=ignore auth_err=die default=bad] pam_skey.so\n
- \nto an appropriate place in the /etc/pam.d/system-login file.
- Consult the README and INSTALL files in /usr/share/doc/${PF}
- for detailed instructions.
- \n\nPlease note that calling this module from unprivileged
- applications, e.g. screensavers, is not supported.
- \n\nError checking has become stricter in pam_skey-1.1.5-r4;
- errors returned from the underlying skey library when accessing
- the S/Key data base will no longer be ignored.
- Make sure that your PAM configuration is correct."
- readme.gentoo_create_doc
-}
-
-pkg_postinst() {
- readme.gentoo_print_elog
-}
diff --git a/sys-auth/pam_skey/pam_skey-1.1.5-r7.ebuild b/sys-auth/pam_skey/pam_skey-1.1.5-r7.ebuild
index 0a9ace209128..84de2e577cb1 100644
--- a/sys-auth/pam_skey/pam_skey-1.1.5-r7.ebuild
+++ b/sys-auth/pam_skey/pam_skey-1.1.5-r7.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -12,7 +12,7 @@ SRC_URI="https://dkorunic.net/tarballs/${P}.tar.gz
LICENSE="GPL-2+"
SLOT="0"
-KEYWORDS="~amd64 ~x86"
+KEYWORDS="amd64 x86"
RDEPEND=">=sys-libs/pam-0.78-r3
>=sys-auth/skey-1.1.5-r4"
diff --git a/sys-auth/pam_smb/pam_smb-2.0.0_rc6-r3.ebuild b/sys-auth/pam_smb/pam_smb-2.0.0_rc6-r3.ebuild
index e62a1829a687..2b61b73610f9 100644
--- a/sys-auth/pam_smb/pam_smb-2.0.0_rc6-r3.ebuild
+++ b/sys-auth/pam_smb/pam_smb-2.0.0_rc6-r3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -10,7 +10,7 @@ MY_P=${P/_rc/-rc}
DESCRIPTION="PAM module for authenticating against an SMB (such as the Win_x families) server"
HOMEPAGE="http://www.csn.ul.ie/~airlied/pam_smb/"
SRC_URI="
- mirror://samba/pam_smb/v2/${MY_P}.tar.gz
+ https://download.samba.org/pub/samba/pam_smb/v2/${MY_P}.tar.gz
http://www.csn.ul.ie/~airlied/pam_smb/v2/${MY_P}.tar.gz"
S="${WORKDIR}"/${MY_P}
diff --git a/sys-auth/pam_ssh/pam_ssh-2.3.ebuild b/sys-auth/pam_ssh/pam_ssh-2.3-r1.ebuild
index 8279f8738cc1..112b2a4121ad 100644
--- a/sys-auth/pam_ssh/pam_ssh-2.3.ebuild
+++ b/sys-auth/pam_ssh/pam_ssh-2.3-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -11,14 +11,14 @@ SRC_URI="mirror://sourceforge/pam-ssh/${P}.tar.xz"
LICENSE="BSD-2 BSD ISC"
SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
# Only supports OpenSSH via `ssh-agent` #282993
DEPEND="sys-libs/pam
dev-libs/openssl:0="
RDEPEND="${DEPEND}
- net-misc/openssh"
+ virtual/openssh"
PATCHES=(
# 503424#c5
diff --git a/sys-auth/pam_u2f/Manifest b/sys-auth/pam_u2f/Manifest
index f7175d560ae8..b2eb93b2a24d 100644
--- a/sys-auth/pam_u2f/Manifest
+++ b/sys-auth/pam_u2f/Manifest
@@ -1,2 +1,2 @@
DIST pam_u2f-1.1.1.tar.gz 429822 BLAKE2B 8ed44f82295ea24fe30c5830971afd29a23b48e173c3cb69d3dcaf73b142de36f86087eaee69b1793a8846fdb2efc5530d52fa9f40e4357e6cd2ea9960b9bb39 SHA512 ca81c78e67c17c369117e9d38e50033eaa96e0b15673521db2c382de1aa2566f7406fb43801a5938758480966c5e7316943769db5be826983d3865710e0274c1
-DIST pam_u2f-1.2.0.tar.gz 442214 BLAKE2B 17dadcb4325a130da67caf2fbf9bb2bf5d76706b28540ddda6ab8904ec5924d14fc752b7e079940989a8208d27fe0e5d46ea4365426debd5076588c51f46a60a SHA512 a00135e49b22dad5ec2513236a64dca67f04062fd8fa4c8d5ac7cb05d93b4d743ceb8ac5ee99a19667bdbfe8c0be9de904fb50110bed0b55ba8d5fd2aa5fcf28
+DIST pam_u2f-1.3.0.tar.gz 456281 BLAKE2B 602ce0fd00105f7fbdea1805a5efde1302149d9f7977f3c52d576d7f4b9a1a95678b1463f19107b494e62c3722e319e05e0ec54f5839f70b855b59eecdf92112 SHA512 03c09601f1988dd7f6b0cb4eeb6e9f2368de50df2cb8e2b4269e16c8111b08b2d115e6fad7bbca3482e9577ccf2885ab3fef652d9fb99db7890ba93ce6c0fd4d
diff --git a/sys-auth/pam_u2f/pam_u2f-1.2.0.ebuild b/sys-auth/pam_u2f/pam_u2f-1.3.0.ebuild
index f4da30cdbd27..c63693e01365 100644
--- a/sys-auth/pam_u2f/pam_u2f-1.2.0.ebuild
+++ b/sys-auth/pam_u2f/pam_u2f-1.3.0.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
diff --git a/sys-auth/pambase/Manifest b/sys-auth/pambase/Manifest
index 4f8623bc342c..14a31170155a 100644
--- a/sys-auth/pambase/Manifest
+++ b/sys-auth/pambase/Manifest
@@ -1 +1,2 @@
DIST pambase-20220214.tar.gz 3372 BLAKE2B fc560005c48598d972cf68bfbd33784be7d7e5a12f5ebcd06e708241a169b1bcf7cb7dcd7109f44c2d9802ae0b294eaeb61782640f0b0cb9767f2ecf8c053c7f SHA512 57d037944cf6d9db69d5eb8ce32b087ac4781fae13c1daba1e248a1818dfcbbf2cb66fce79cad7808f2b0f89d3f3dd05455a1c8f3c976561769b056dc8bf7323
+DIST pambase-20240128.tar.bz2 5131 BLAKE2B 0950fff720f3a9d761a82303eaa7b997bfac635111b6cae772f7d9de2846147dbb4224326e5dba1868cb54a8a76076c2efed6615c861bbfa78256aba4f475da2 SHA512 6b4ad390c46f33947436892a5f19111a1c9f4ded406ae8ffe76539c94d541611b74ba697d76522b46da41f53aae45eb67c274fc0d6caec94d40c1691487624e6
diff --git a/sys-auth/pambase/metadata.xml b/sys-auth/pambase/metadata.xml
index 72386b394c26..526e8b5c341a 100644
--- a/sys-auth/pambase/metadata.xml
+++ b/sys-auth/pambase/metadata.xml
@@ -39,7 +39,7 @@
</flag>
<flag name="pwquality">
Enable pam_pwquality module on system auth stack for passwd
- quality validation. It is used be dafault by Fedora GNU/*/Linux.
+ quality validation. It is used by default by Fedora GNU/*/Linux.
</flag>
<flag name="mktemp">
Enable pam_mktemp module on system auth stack for session
@@ -67,13 +67,17 @@
will not be compatible with systems using an earlier glibc
version.
</flag>
+ <flag name="sssd">
+ Add System Security Services Daemon (<pkg>sys-auth/sssd</pkg>) support
+ via pam_sss.
+ </flag>
<flag name="yescrypt">
Switch Linux-PAM's pam_unix module to use yescrypt for passwords hashes rather than MD5
</flag>
<flag name="pam_krb5">
Enable pam_krb5 module on system auth stack, as an alternative
- to pam_unix. If Kerberos authentication succeed, only pam_unix
- will be ignore, and all the other modules will proceed as usual,
+ to pam_unix. If Kerberos authentication succeeds, only pam_unix
+ will be ignorde, and all the other modules will proceed as usual,
including Gnome Keyring and other session modules. It requires
<pkg>sys-libs/pam</pkg> as PAM implementation.
</flag>
diff --git a/sys-auth/pambase/pambase-20240128.ebuild b/sys-auth/pambase/pambase-20240128.ebuild
new file mode 100644
index 000000000000..c1dce4ea185f
--- /dev/null
+++ b/sys-auth/pambase/pambase-20240128.ebuild
@@ -0,0 +1,118 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit pam python-any-r1 readme.gentoo-r1
+
+DESCRIPTION="PAM base configuration files"
+HOMEPAGE="https://github.com/gentoo/pambase"
+
+if [[ ${PV} == *9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="
+ https://anongit.gentoo.org/git/proj/pambase.git
+ https://github.com/gentoo/pambase.git
+ "
+else
+ SRC_URI="https://gitweb.gentoo.org/proj/pambase.git/snapshot/${P}.tar.bz2"
+
+ KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
+fi
+
+LICENSE="MIT"
+SLOT="0"
+IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 sssd systemd yescrypt"
+
+RESTRICT="binchecks"
+
+REQUIRED_USE="
+ ?? ( elogind systemd )
+ ?? ( passwdqc pwquality )
+ ?? ( sha512 yescrypt )
+ pwhistory? ( || ( passwdqc pwquality ) )
+ homed? ( !pam_krb5 )
+ pam_krb5? ( !homed )
+"
+
+MIN_PAM_REQ=1.4.0
+
+RDEPEND="
+ >=sys-libs/pam-${MIN_PAM_REQ}
+ elogind? ( sys-auth/elogind[pam] )
+ gnome-keyring? ( gnome-base/gnome-keyring[pam] )
+ mktemp? ( sys-auth/pam_mktemp )
+ pam_krb5? (
+ >=sys-libs/pam-${MIN_PAM_REQ}
+ sys-auth/pam_krb5
+ )
+ caps? ( sys-libs/libcap[pam] )
+ pam_ssh? ( sys-auth/pam_ssh )
+ passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 )
+ pwquality? ( dev-libs/libpwquality[pam] )
+ selinux? ( sys-libs/pam[selinux] )
+ sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
+ homed? ( sys-apps/systemd[homed] )
+ systemd? ( sys-apps/systemd[pam] )
+ yescrypt? ( sys-libs/libxcrypt[system] )
+ sssd? ( sys-auth/sssd )
+"
+BDEPEND="
+ $(python_gen_any_dep '
+ dev-python/jinja[${PYTHON_USEDEP}]
+ ')
+"
+
+python_check_deps() {
+ python_has_version "dev-python/jinja[${PYTHON_USEDEP}]"
+}
+
+src_configure() {
+ ${EPYTHON} ./${PN}.py \
+ $(usex caps '--caps' '') \
+ $(usex debug '--debug' '') \
+ $(usex elogind '--elogind' '') \
+ $(usex gnome-keyring '--gnome-keyring' '') \
+ $(usex homed '--homed' '') \
+ $(usex minimal '--minimal' '') \
+ $(usex mktemp '--mktemp' '') \
+ $(usex nullok '--nullok' '') \
+ $(usex pam_krb5 '--krb5' '') \
+ $(usex pam_ssh '--pam-ssh' '') \
+ $(usex passwdqc '--passwdqc' '') \
+ $(usex pwhistory '--pwhistory' '') \
+ $(usex pwquality '--pwquality' '') \
+ $(usex securetty '--securetty' '') \
+ $(usex selinux '--selinux' '') \
+ $(usex sha512 '--sha512' '') \
+ $(usex systemd '--systemd' '') \
+ $(usex yescrypt '--yescrypt' '') \
+ $(usex sssd '--sssd' '') \
+ || die
+}
+
+src_test() { :; }
+
+src_install() {
+ local DOC_CONTENTS
+
+ if use passwdqc; then
+ DOC_CONTENTS="To amend the existing password policy please see the man 5 passwdqc.conf
+ page and then edit the /etc/security/passwdqc.conf file"
+ fi
+
+ if use pwquality; then
+ DOC_CONTENTS="To amend the existing password policy please see the man 5 pwquality.conf
+ page and then edit the /etc/security/pwquality.conf file"
+ fi
+
+ { use passwdqc || use pwquality; } && readme.gentoo_create_doc
+
+ dopamd -r stack/.
+}
+
+pkg_postinst() {
+ { use passwdqc || use pwquality; } && readme.gentoo_print_elog
+}
diff --git a/sys-auth/pambase/pambase-999999999.ebuild b/sys-auth/pambase/pambase-999999999.ebuild
index f1a0a423fa7e..cad46258f14c 100644
--- a/sys-auth/pambase/pambase-999999999.ebuild
+++ b/sys-auth/pambase/pambase-999999999.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=7
+EAPI=8
-PYTHON_COMPAT=( python3_{9..11} )
+PYTHON_COMPAT=( python3_{10..12} )
inherit pam python-any-r1 readme.gentoo-r1
@@ -12,16 +12,19 @@ HOMEPAGE="https://github.com/gentoo/pambase"
if [[ ${PV} == *9999 ]]; then
inherit git-r3
- EGIT_REPO_URI="https://github.com/gentoo/pambase.git"
+ EGIT_REPO_URI="
+ https://anongit.gentoo.org/git/proj/pambase.git
+ https://github.com/gentoo/pambase.git
+ "
else
- SRC_URI="https://github.com/gentoo/pambase/archive/${P}.tar.gz"
- KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
- S="${WORKDIR}/${PN}-${P}"
+ SRC_URI="https://gitweb.gentoo.org/proj/pambase.git/snapshot/${P}.tar.bz2"
+
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi
LICENSE="MIT"
SLOT="0"
-IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 systemd yescrypt"
+IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 sssd systemd yescrypt"
RESTRICT="binchecks"
@@ -54,11 +57,13 @@ RDEPEND="
homed? ( sys-apps/systemd[homed] )
systemd? ( sys-apps/systemd[pam] )
yescrypt? ( sys-libs/libxcrypt[system] )
+ sssd? ( sys-auth/sssd )
"
-
-BDEPEND="$(python_gen_any_dep '
+BDEPEND="
+ $(python_gen_any_dep '
dev-python/jinja[${PYTHON_USEDEP}]
- ')"
+ ')
+"
python_check_deps() {
python_has_version "dev-python/jinja[${PYTHON_USEDEP}]"
@@ -84,6 +89,7 @@ src_configure() {
$(usex sha512 '--sha512' '') \
$(usex systemd '--systemd' '') \
$(usex yescrypt '--yescrypt' '') \
+ $(usex sssd '--sssd' '') \
|| die
}
diff --git a/sys-auth/passwdqc/Manifest b/sys-auth/passwdqc/Manifest
index 30e6dfcd0b53..f42837f74669 100644
--- a/sys-auth/passwdqc/Manifest
+++ b/sys-auth/passwdqc/Manifest
@@ -1,2 +1 @@
-DIST passwdqc-1.4.0.tar.gz 55219 BLAKE2B 3f96a2d219ee23f11db2ad8ba433eaa56b97a263ad1a49159e0356b779cb4486ec9aa74cd7002fdd6d273e5a7bae4fe1b94e02f60256d331e5afc30d63e81360 SHA512 b9be6632688a1d7d929ec546679a366a67d44e7841e106c7f739a8e0656842866125160c87b04c8e0b3189a3e85eb182aa789196f68925b2f8ec71cd6a479800
-DIST passwdqc-2.0.2.tar.gz 88796 BLAKE2B 4be0180dbee38d124cc5fd3780fcc27b276bd9370c59c83a9c037b67f18518873bd34d23f779125ac0b5e8bb1f40a5e8e24dc65bfe5919f735f96d4f625cebdb SHA512 60f91ad7c86314b0d9ad97a2474a1a5bbb8b41491b274e09f7300d8a609cfffb0688bf39d4e715f647f3c87bfee429cb5e01f1a641a14eea3f55b223610ed8ec
+DIST passwdqc-2.0.3.tar.gz 89608 BLAKE2B d4d999f1da011041e947fcf40b28977c825e7be2a9edfe641205f433862607e958d74b6e11ef5222e9791985a55dc3117c71d47b9516c521bb64ff4cddee77d5 SHA512 08a1ee0e7efe0be8af8b253147836c479247a849baf598a1ad573a050ef4b8700fdb725fd887877f82f9207f3654f489f71267cc4051ce8ebf2405125b77b6b9
diff --git a/sys-auth/passwdqc/passwdqc-1.4.0-r2.ebuild b/sys-auth/passwdqc/passwdqc-1.4.0-r2.ebuild
deleted file mode 100644
index 90ea5b5ec52c..000000000000
--- a/sys-auth/passwdqc/passwdqc-1.4.0-r2.ebuild
+++ /dev/null
@@ -1,73 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic pam toolchain-funcs
-
-DESCRIPTION="Password strength checking library (and PAM module)"
-HOMEPAGE="http://www.openwall.com/passwdqc/"
-SRC_URI="http://www.openwall.com/${PN}/${P}.tar.gz"
-
-LICENSE="Openwall BSD public-domain"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
-
-RDEPEND="sys-libs/pam
- virtual/libcrypt:="
-DEPEND="${RDEPEND}"
-
-pkg_setup() {
- QA_FLAGS_IGNORED="/$(get_libdir)/security/pam_passwdqc.so
- /usr/$(get_libdir)/libpasswdqc.so.0"
-}
-
-src_prepare() {
- default
- sed -i -e 's:`uname -s`:Linux:' Makefile || die
-
- # ship our own default settings
- cat <<- EOF > "${S}/passwdqc.conf"
- min=8,8,8,8,8
- max=40
- passphrase=3
- match=4
- similar=deny
- random=47
- enforce=everyone
- retry=3
- EOF
-
-}
-
-src_configure() {
- # ideally we want !tc-ld-is-bfd for best future-proofing, but it needs
- # https://github.com/gentoo/gentoo/pull/28355
- # mold needs this too but right now tc-ld-is-mold is also not available
- if tc-ld-is-lld; then
- append-ldflags -Wl,--undefined-version
- fi
-
- default
-}
-
-_emake() {
- emake \
- SHARED_LIBDIR="/usr/$(get_libdir)" \
- SECUREDIR="$(getpam_mod_dir)" \
- CONFDIR="/etc/security" \
- CFLAGS="${CFLAGS} ${CPPFLAGS}" \
- LDFLAGS="${LDFLAGS}" \
- CC="$(tc-getCC)" \
- LD="$(tc-getCC)" \
- "$@"
-}
-
-src_compile() {
- _emake all
-}
-
-src_install() {
- _emake DESTDIR="${ED}" install_lib install_pam install_utils
- dodoc README PLATFORMS INTERNALS
-}
diff --git a/sys-auth/passwdqc/passwdqc-2.0.2-r1.ebuild b/sys-auth/passwdqc/passwdqc-2.0.3-r1.ebuild
index 2710ce4c24dc..b1dbf9048f69 100644
--- a/sys-auth/passwdqc/passwdqc-2.0.2-r1.ebuild
+++ b/sys-auth/passwdqc/passwdqc-2.0.3-r1.ebuild
@@ -1,9 +1,9 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=7
+EAPI=8
-inherit flag-o-matic pam toolchain-funcs
+inherit pam toolchain-funcs
DESCRIPTION="Password strength checking library (and PAM module)"
HOMEPAGE="http://www.openwall.com/passwdqc/"
@@ -13,20 +13,23 @@ LICENSE="Openwall BSD public-domain"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
-RDEPEND="sys-libs/pam
- virtual/libcrypt:="
+RDEPEND="
+ sys-libs/pam
+ virtual/libcrypt:=
+"
DEPEND="${RDEPEND}"
-pkg_setup() {
- QA_FLAGS_IGNORED="/$(get_libdir)/security/pam_passwdqc.so
- /usr/$(get_libdir)/libpasswdqc.so.1"
-}
+QA_FLAGS_IGNORED="
+ lib*/security/pam_passwdqc.so
+ usr/lib*/libpasswdqc.so.1
+"
src_prepare() {
default
+
sed -i -e 's:`uname -s`:Linux:' Makefile || die
- # ship our own default settings
+ # Ship our own default settings
cat <<- EOF > "${S}/passwdqc.conf"
min=disabled,24,11,8,7
max=72
@@ -34,26 +37,16 @@ src_prepare() {
match=4
similar=deny
random=47
- enforce=everyone
+ enforce=none
retry=3
EOF
}
-src_configure() {
- # ideally we want !tc-ld-is-bfd for best future-proofing, but it needs
- # https://github.com/gentoo/gentoo/pull/28355
- # mold needs this too but right now tc-ld-is-mold is also not available
- if tc-ld-is-lld; then
- append-ldflags -Wl,--undefined-version
- fi
-
- default
-}
-
_emake() {
emake \
SHARED_LIBDIR="/usr/$(get_libdir)" \
+ DEVEL_LIBDIR="/usr/$(get_libdir)" \
SECUREDIR="$(getpam_mod_dir)" \
CONFDIR="/etc/security" \
CFLAGS="${CFLAGS} ${CPPFLAGS}" \
diff --git a/sys-auth/polkit-qt/Manifest b/sys-auth/polkit-qt/Manifest
index dc394746a2ad..13d9a367b01c 100644
--- a/sys-auth/polkit-qt/Manifest
+++ b/sys-auth/polkit-qt/Manifest
@@ -1 +1,2 @@
DIST polkit-qt-1-0.114.0.tar.xz 58384 BLAKE2B e788198e386797ba9b4c228a451dde703f83e79c81eacaf805e431a3f60c0832adc3faef4616e3008dfaa816d7dc5a7a80aaf02936ea232373e78e0d008724ca SHA512 4a16d9428d5ccc0107dcbd67c29ecba196424e555dc43d55cf2b6e0e7b72c99f894e9c994eaed85a9536010d67a19f20fe74f792c0d6b9ca0e05ce85f655f9a8
+DIST polkit-qt-1-0.200.0.tar.xz 58216 BLAKE2B 4edd1577178d4b61889f3da3699f36e0b3251c38b111c0c219ad9c9585ff32845034c068a5c382c29baa1d9cd8d723378422dafb4ea8734766da1b8032025826 SHA512 a09214043fa874234086a5de4d27153368dbe775dd6d573dd2531f2f2be79eb22bf73bbfb2a3a839c20c0347762e7af86b73ba38a05b2dcd43e59526e29c008d
diff --git a/sys-auth/polkit-qt/polkit-qt-0.114.0-r3.ebuild b/sys-auth/polkit-qt/polkit-qt-0.114.0-r3.ebuild
index 464e34718786..500f97b02646 100644
--- a/sys-auth/polkit-qt/polkit-qt-0.114.0-r3.ebuild
+++ b/sys-auth/polkit-qt/polkit-qt-0.114.0-r3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -12,7 +12,7 @@ HOMEPAGE="https://api.kde.org/polkit-qt-1/html/"
if [[ ${KDE_BUILD_TYPE} = release ]]; then
SRC_URI="mirror://kde/stable/${KDE_ORG_NAME}/${KDE_ORG_NAME}-${PV}.tar.xz"
- KEYWORDS="amd64 ~arm arm64 ~loong ~ppc ~ppc64 ~riscv x86"
+ KEYWORDS="amd64 ~arm arm64 ~loong ~ppc ppc64 ~riscv x86"
fi
LICENSE="LGPL-2"
diff --git a/sys-auth/polkit-qt/polkit-qt-0.200.0.ebuild b/sys-auth/polkit-qt/polkit-qt-0.200.0.ebuild
new file mode 100644
index 000000000000..ccd0336422ba
--- /dev/null
+++ b/sys-auth/polkit-qt/polkit-qt-0.200.0.ebuild
@@ -0,0 +1,60 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+KDE_ORG_CATEGORY="libraries"
+KDE_ORG_NAME="polkit-qt-1"
+inherit cmake kde.org multibuild
+
+DESCRIPTION="Qt wrapper around polkit-1 client libraries"
+HOMEPAGE="https://api.kde.org/polkit-qt-1/html/"
+
+if [[ ${KDE_BUILD_TYPE} = release ]]; then
+ SRC_URI="mirror://kde/stable/${KDE_ORG_NAME}/${KDE_ORG_NAME}-${PV}.tar.xz"
+ KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
+fi
+
+LICENSE="LGPL-2"
+SLOT="0"
+IUSE="+qt5 qt6"
+REQUIRED_USE="|| ( qt5 qt6 )"
+
+RDEPEND="
+ dev-libs/glib:2
+ >=sys-auth/polkit-0.103
+ qt5? (
+ dev-qt/qtcore:5
+ dev-qt/qtdbus:5
+ dev-qt/qtgui:5
+ dev-qt/qtwidgets:5
+ )
+ qt6? ( dev-qt/qtbase:6[dbus,gui,widgets] )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+DOCS=( AUTHORS README README.porting TODO )
+
+pkg_setup() {
+ MULTIBUILD_VARIANTS=( $(usev qt5) $(usev qt6) )
+}
+
+src_configure() {
+ myconfigure() {
+ local mycmakeargs=(
+ -DBUILD_EXAMPLES=OFF
+ -DQT_MAJOR_VERSION=${MULTIBUILD_VARIANT/qt/}
+ )
+ cmake_src_configure
+ }
+ multibuild_foreach_variant myconfigure
+}
+
+src_compile() {
+ multibuild_foreach_variant cmake_src_compile
+}
+
+src_install() {
+ multibuild_foreach_variant cmake_src_install
+}
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index be9a62f75202..6827b9281360 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,2 +1,3 @@
-DIST polkit-121.tar.gz 743287 BLAKE2B 6ebda8fc866ef960281ef912a3d3c45572da3ba90a84026e386b78ced8eaadc6cfc0e88d6e5a75133bf99e28041f8b29b236bb0e9666dd1ffc43af2227a5cb2d SHA512 f565027b80f32833c558900b612e089ab25027da5bf9a90c421a292467d4db9a291f6dc9850c4bca8f9ee890d476fd064a643a5f7e28497661ba1e31d4227624
DIST polkit-122.tar.bz2 704972 BLAKE2B 601ed969de816d061a974b07490d64c144940898a75d4e1761462ee1ff0f00686b068298fa6fdc901879d8cd4bea4334c0187aa5bde50acf90728c37e73e21f4 SHA512 a7c0a951bbcdb09899adbc128296c74fc062441e996f4d6a782b214178f0936137e2fdc489eaa86a00599b988711735a5bd9b5c3b93bdb42fb915db9f9b04e26
+DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6
+DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc
diff --git a/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch
deleted file mode 100644
index 2922b8606648..000000000000
--- a/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch
+++ /dev/null
@@ -1,231 +0,0 @@
-Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch.
-
-https://bugs.gentoo.org/833753
-https://bugs.gentoo.org/561672
-https://bugs.freedesktop.org/show_bug.cgi?id=50145
-https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
-
-Patch has been rebased a bit since but keeping original headers.
-
-From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001
-From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
-Date: Wed, 11 Jul 2018 04:54:26 -0500
-Subject: [PATCH] make netgroup support optional
-
-On at least Linux/musl and Linux/uclibc, netgroup support is not
-available. PolKit fails to compile on these systems for that reason.
-
-This change makes netgroup support conditional on the presence of the
-setnetgrent(3) function which is required for the support to work. If
-that function is not available on the system, an error will be returned
-to the administrator if unix-netgroup: is specified in configuration.
-
-Fixes bug 50145.
-
-Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
---- a/meson.build
-+++ b/meson.build
-@@ -89,6 +89,7 @@ config_h.set('_GNU_SOURCE', true)
- check_functions = [
- 'clearenv',
- 'fdatasync',
-+ 'setnetgrent',
- ]
-
- foreach func: check_functions
---- a/src/polkit/polkitidentity.c
-+++ b/src/polkit/polkitidentity.c
-@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
- }
- else if (g_str_has_prefix (str, "unix-netgroup:"))
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine ('%s')",
-+ str);
-+#else
- identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
-+#endif
- }
-
- if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- GVariant *v;
- const char *name;
-
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine");
-+ goto out;
-+#else
-+
- v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
- if (v == NULL)
- {
-@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- name = g_variant_get_string (v, NULL);
- ret = polkit_unix_netgroup_new (name);
- g_variant_unref (v);
-+#endif
- }
- else
- {
---- a/src/polkit/polkitunixnetgroup.c
-+++ b/src/polkit/polkitunixnetgroup.c
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
- PolkitIdentity *
- polkit_unix_netgroup_new (const gchar *name)
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_assert_not_reached();
-+#endif
- g_return_val_if_fail (name != NULL, NULL);
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
- "name", name,
---- a/src/polkitbackend/polkitbackendduktapeauthority.c
-+++ b/src/polkitbackend/polkitbackendduktapeauthority.c
-@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
-
- user = duk_require_string (cx, 0);
- netgroup = duk_require_string (cx, 1);
--
-+#ifdef HAVE_SETNETGRENT
- if (innetgr (netgroup,
- NULL, /* host */
- user,
-@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
- {
- is_in_netgroup = TRUE;
- }
--
-+#endif
- duk_push_boolean (cx, is_in_netgroup);
- return 1;
- }
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2248,25 +2248,26 @@ get_users_in_net_group (PolkitIdentity *group,
- GList *ret;
-
- ret = NULL;
-+#ifdef HAVE_SETNETGRENT
- name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
-
--#ifdef HAVE_SETNETGRENT_RETURN
-+# ifdef HAVE_SETNETGRENT_RETURN
- if (setnetgrent (name) == 0)
- {
- g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
- goto out;
- }
--#else
-+# else
- setnetgrent (name);
--#endif
-+# endif /* HAVE_SETNETGRENT_RETURN */
-
- for (;;)
- {
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
- const char *hostname, *username, *domainname;
--#else
-+# else
- char *hostname, *username, *domainname;
--#endif
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
- PolkitIdentity *user;
- GError *error = NULL;
-
-@@ -2297,6 +2298,7 @@ get_users_in_net_group (PolkitIdentity *group,
-
- out:
- endnetgrent ();
-+#endif /* HAVE_SETNETGRENT */
- return ret;
- }
-
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1271,6 +1271,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
-
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
-
-+#ifdef HAVE_SETNETGRENT
- JS::RootedString usrstr (authority->priv->cx);
- usrstr = args[0].toString();
- user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1285,6 +1286,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
- {
- is_in_netgroup = true;
- }
-+#endif
-
- ret = true;
-
---- a/test/polkit/polkitidentitytest.c
-+++ b/test/polkit/polkitidentitytest.c
-@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = {
- {"unix-group:root", "unix-group:jane", FALSE},
- {"unix-group:jane", "unix-group:jane", TRUE},
-
-+#ifdef HAVE_SETNETGRENT
- {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
- {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
-+#endif
-
- {"unix-user:root", "unix-group:root", FALSE},
-+#ifdef HAVE_SETNETGRENT
- {"unix-user:jane", "unix-netgroup:foo", FALSE},
-+#endif
-
- {NULL},
- };
-@@ -181,11 +185,13 @@ main (int argc, char *argv[])
- g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
- g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
-
-+#ifdef HAVE_SETNETGRENT
- g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
-+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-+#endif
-
- g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
- g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
-- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-
- add_comparison_tests ();
-
---- a/test/polkit/polkitunixnetgrouptest.c
-+++ b/test/polkit/polkitunixnetgrouptest.c
-@@ -69,7 +69,9 @@ int
- main (int argc, char *argv[])
- {
- g_test_init (&argc, &argv, NULL);
-+#ifdef HAVE_SETNETGRENT
- g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
- g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
-+#endif
- return g_test_run ();
- }
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -137,12 +137,14 @@ test_get_admin_identities (void)
- "unix-group:users"
- }
- },
-+#ifdef HAVE_SETNETGRENT
- {
- "net.company.action3",
- {
- "unix-netgroup:foo"
- }
- },
-+#endif
- };
- guint n;
-
diff --git a/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch
new file mode 100644
index 000000000000..5b3f2c4a3641
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch
@@ -0,0 +1,36 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb
+
+From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001
+From: Xi Ruoyao <xry111@xry111.site>
+Date: Sat, 29 Jul 2023 17:44:58 +0800
+Subject: [PATCH] jsauthority: mozjs: Disable JIT
+
+The JIT compiling of mozjs needs W/X mapping, but our systemd hardening
+setting does not allow it.
+
+For polkit, security is much more important than the speed running
+Javascript code in rule files, so we should disable JIT.
+
+Fixes #199.
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -56,7 +56,16 @@
+ static class JsInitHelperType
+ {
+ public:
+- JsInitHelperType() { JS_Init(); }
++ JsInitHelperType()
++ {
++ /* Disable JIT because it needs W/X mapping, which is not allowed by
++ * our systemd hardening setting.
++ */
++ JS::DisableJitBackend();
++
++ JS_Init();
++ }
++
+ ~JsInitHelperType() { JS_ShutDown(); }
+ } JsInitHelper;
+
+--
+GitLab
diff --git a/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch
new file mode 100644
index 000000000000..f19560943c43
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch
@@ -0,0 +1,35 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d
+
+From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001
+From: Vincent Mihalkovic <vmihalko@redhat.com>
+Date: Wed, 16 Aug 2023 08:59:55 +0000
+Subject: [PATCH] pkexec: fix uninitialized pointer warning
+
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -53,6 +53,7 @@
+ static gchar *original_user_name = NULL;
+ static gchar *original_cwd;
+ static gchar *command_line = NULL;
++static gchar *cmdline_short = NULL;
+ static struct passwd *pw;
+
+ #ifndef HAVE_CLEARENV
+@@ -508,6 +509,7 @@ main (int argc, char *argv[])
+ path = NULL;
+ exec_argv = NULL;
+ command_line = NULL;
++ cmdline_short = NULL;
+ opt_user = NULL;
+ local_agent_handle = NULL;
+
+@@ -802,7 +804,6 @@ main (int argc, char *argv[])
+ polkit_details_insert (details, "program", path);
+ polkit_details_insert (details, "command_line", command_line);
+
+- gchar *cmdline_short = NULL;
+ cmdline_short = g_strdup(command_line);
+ if (strlen(command_line) > 80)
+ g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ),
+--
+GitLab
diff --git a/sys-auth/polkit/files/polkit-124-systemd-fixup.patch b/sys-auth/polkit/files/polkit-124-systemd-fixup.patch
new file mode 100644
index 000000000000..a4dd7eafcf92
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-124-systemd-fixup.patch
@@ -0,0 +1,28 @@
+https://bugs.gentoo.org/922458
+https://github.com/polkit-org/polkit/pull/417/files#r1458416421
+--- a/meson.build
++++ b/meson.build
+@@ -212,14 +212,17 @@ if enable_logind
+ config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep))
+
+ # systemd unit / service files
+- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
+ systemd_systemdsystemunitdir = get_option('systemdsystemunitdir')
+- if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login'
+- # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
+- systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
+- endif
++ if session_tracking == 'libsystemd-login'
++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
+
+- systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d')
++ if systemd_systemdsystemunitdir == ''
++ # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
++ systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
++ endif
++
++ systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d')
++ endif
+ endif
+ config_h.set('HAVE_LIBSYSTEMD', enable_logind)
+
diff --git a/sys-auth/polkit/files/polkit-124-systemd.patch b/sys-auth/polkit/files/polkit-124-systemd.patch
new file mode 100644
index 000000000000..e9b10e99e5da
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-124-systemd.patch
@@ -0,0 +1,50 @@
+https://github.com/polkit-org/polkit/pull/417
+
+From 69d6b94d590b4dd1fbbac22b4f4d449f46ef61aa Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <bluca@debian.org>
+Date: Thu, 18 Jan 2024 15:07:32 +0000
+Subject: [PATCH] meson: fix build failure when -Dsystemdsystemunitdir is
+ specified
+
+When 'systemdsystemunitdir' is specified as an option the systemd_dep
+variable is not defined, but the sysusers.d directory lookup uses it,
+causing a build failure:
+
+dh_auto_configure -- \
+ -Dexamples=false \
+ -Dintrospection=true \
+ -Dman=true \
+ -Dsystemdsystemunitdir=/usr/lib/systemd/system \
+ -Dtests=true \
+ -Dgtk_doc=true -Dsession_tracking=libsystemd-login
+ cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 -Dexamples=false -Dintrospection=true -Dman=true -Dsystemdsystemunitdir=/usr/lib/systemd/system -Dtests=true -Dgtk_doc=true -Dsession_tracking=libsystemd-login
+The Meson build system
+Version: 1.3.1
+Source dir: /builds/bluca/polkit/debian/output/source_dir
+Build dir: /builds/bluca/polkit/debian/output/source_dir/obj-x86_64-linux-gnu
+Build type: native build
+Project name: polkit
+Project version: 124
+
+<...>
+
+Run-time dependency libsystemd found: YES 255
+Checking for function "sd_uid_get_display" with dependency libsystemd: YES
+Checking for function "sd_pidfd_get_session" with dependency libsystemd: YES
+../meson.build:222:37: ERROR: Unknown variable "systemd_dep".
+
+Follow-up for 24f1e0af3f7bd17e220cb96201f3c654e737ad34
+--- a/meson.build
++++ b/meson.build
+@@ -212,9 +212,9 @@ if enable_logind
+ config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep))
+
+ # systemd unit / service files
++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
+ systemd_systemdsystemunitdir = get_option('systemdsystemunitdir')
+ if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login'
+- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
+ # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
+ systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
+ endif
+
diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml
index e4fe842bbae0..420dae0ebcd2 100644
--- a/sys-auth/polkit/metadata.xml
+++ b/sys-auth/polkit/metadata.xml
@@ -5,11 +5,11 @@
<email>freedesktop-bugs@gentoo.org</email>
</maintainer>
<use>
- <flag name="daemon">Build polkitd in addition to libpolkit. Those using <pkg>sys-apps/dbus-broker</pkg> may wish to disable this flag.</flag>
+ <flag name="daemon">Build polkitd in addition to libpolkit.</flag>
<flag name="duktape">Use <pkg>dev-lang/duktape</pkg> instead of <pkg>dev-lang/spidermonkey</pkg> as JavaScript engine</flag>
<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag>
</use>
<upstream>
- <remote-id type="freedesktop-gitlab">polkit/polkit</remote-id>
+ <remote-id type="github">polkit-org/polkit</remote-id>
</upstream>
</pkgmetadata>
diff --git a/sys-auth/polkit/polkit-122.ebuild b/sys-auth/polkit/polkit-122-r1.ebuild
index 0752a39d7734..fc80a36e0f16 100644
--- a/sys-auth/polkit/polkit-122.ebuild
+++ b/sys-auth/polkit/polkit-122-r1.ebuild
@@ -22,7 +22,7 @@ fi
LICENSE="LGPL-2"
SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
RESTRICT="!test? ( test ) test"
@@ -144,11 +144,17 @@ src_install() {
dodoc src/examples/{*.c,*.policy*}
fi
- diropts -m 0700 -o polkitd
- keepdir /usr/share/polkit-1/rules.d
+ if use daemon; then
+ if [[ ${EUID} == 0 ]]; then
+ diropts -m 0700 -o polkitd
+ fi
+ keepdir /etc/polkit-1/rules.d
+ fi
}
pkg_postinst() {
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ if use daemon && [[ ${EUID} == 0 ]]; then
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ fi
}
diff --git a/sys-auth/polkit/polkit-121.ebuild b/sys-auth/polkit/polkit-123.ebuild
index 781e76f6deb9..fae107ce5592 100644
--- a/sys-auth/polkit/polkit-121.ebuild
+++ b/sys-auth/polkit/polkit-123.ebuild
@@ -3,7 +3,7 @@
EAPI=8
-PYTHON_COMPAT=( python3_{9..11} )
+PYTHON_COMPAT=( python3_{10..11} )
inherit meson pam pax-utils python-any-r1 systemd xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
@@ -17,16 +17,15 @@ if [[ ${PV} == *_p* ]] ; then
S="${WORKDIR}"/${PN}-${MY_COMMIT}
else
- SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-
- S="${WORKDIR}"/${PN}-v.${PV}
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
fi
LICENSE="LGPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"
-RESTRICT="!test? ( test )"
+IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
+RESTRICT="!test? ( test ) test"
# This seems to be fixed with 121?
#if [[ ${PV} == *_p* ]] ; then
@@ -47,7 +46,7 @@ BDEPEND="
dev-util/glib-utils
sys-devel/gettext
virtual/pkgconfig
- introspection? ( dev-libs/gobject-introspection )
+ introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
test? (
$(python_gen_any_dep '
dev-python/dbus-python[${PYTHON_USEDEP}]
@@ -56,10 +55,12 @@ BDEPEND="
)
"
DEPEND="
- dev-libs/glib:2
+ >=dev-libs/glib-2.32:2
dev-libs/expat
- duktape? ( dev-lang/duktape:= )
- !duktape? ( dev-lang/spidermonkey:91[-debug] )
+ daemon? (
+ duktape? ( dev-lang/duktape:= )
+ !duktape? ( dev-lang/spidermonkey:102[-debug] )
+ )
pam? (
sys-auth/pambase
sys-libs/pam
@@ -68,7 +69,8 @@ DEPEND="
systemd? ( sys-apps/systemd:0=[policykit] )
!systemd? ( sys-auth/elogind )
"
-RDEPEND="${DEPEND}
+RDEPEND="
+ ${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
@@ -84,7 +86,13 @@ DOCS=( docs/TODO HACKING.md NEWS.md README.md )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
+ usr/lib/polkit-1/polkitd
+"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-mozjs-JIT.patch
+ "${FILESDIR}"/${P}-pkexec-uninitialized.patch
+)
python_check_deps() {
python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
@@ -96,11 +104,6 @@ pkg_setup() {
}
src_prepare() {
- local PATCHES=(
- # musl
- "${FILESDIR}"/${PN}-0.120_p20220509-make-netgroup-support-optional.patch
- )
-
default
# bug #401513
@@ -120,6 +123,7 @@ src_configure() {
-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
-Djs_engine=$(usex duktape duktape mozjs)
+ $(meson_use !daemon libs-only)
$(meson_use introspection)
$(meson_use test tests)
$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
@@ -142,11 +146,17 @@ src_install() {
dodoc src/examples/{*.c,*.policy*}
fi
- diropts -m 0700 -o polkitd
- keepdir /usr/share/polkit-1/rules.d
+ if use daemon; then
+ if [[ ${EUID} == 0 ]]; then
+ diropts -m 0700 -o polkitd
+ fi
+ keepdir /etc/polkit-1/rules.d
+ fi
}
pkg_postinst() {
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ if use daemon && [[ ${EUID} == 0 ]]; then
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ fi
}
diff --git a/sys-auth/polkit/polkit-124-r1.ebuild b/sys-auth/polkit/polkit-124-r1.ebuild
new file mode 100644
index 000000000000..d5ae6fcf9f54
--- /dev/null
+++ b/sys-auth/polkit/polkit-124-r1.ebuild
@@ -0,0 +1,165 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+inherit meson pam pax-utils python-any-r1 systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+if [[ ${PV} == *_p* ]] ; then
+ # Upstream don't make releases very often. Test snapshots throughly
+ # and review commits, but don't shy away if there's useful stuff there
+ # we want.
+ MY_COMMIT=""
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
+
+ S="${WORKDIR}"/${PN}-${MY_COMMIT}
+else
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
+fi
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
+RESTRICT="!test? ( test ) test"
+
+# This seems to be fixed with 121?
+#if [[ ${PV} == *_p* ]] ; then
+# RESTRICT="!test? ( test )"
+#else
+# # Tests currently don't work with meson in the dist tarballs. See
+# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+# RESTRICT="test"
+#fi
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
+ test? (
+ $(python_gen_any_dep '
+ dev-python/dbus-python[${PYTHON_USEDEP}]
+ dev-python/python-dbusmock[${PYTHON_USEDEP}]
+ ')
+ )
+"
+DEPEND="
+ >=dev-libs/glib-2.32:2
+ dev-libs/expat
+ daemon? (
+ duktape? ( dev-lang/duktape:= )
+ !duktape? ( dev-lang/spidermonkey:115[-debug] )
+ )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+ !systemd? ( sys-auth/elogind )
+"
+RDEPEND="
+ ${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING.md NEWS.md README.md )
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd
+"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-124-systemd.patch
+ "${FILESDIR}"/${PN}-124-systemd-fixup.patch
+)
+
+python_check_deps() {
+ python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
+ python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ # bug #401513
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local emesonargs=(
+ --localstatedir="${EPREFIX}"/var
+ -Dauthfw="$(usex pam pam shadow)"
+ -Dexamples=false
+ -Dgtk_doc=false
+ -Dman=true
+ -Dos_type=gentoo
+ -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+ -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+ -Djs_engine=$(usex duktape duktape mozjs)
+ $(meson_use !daemon libs-only)
+ $(meson_use introspection)
+ $(meson_use test tests)
+ $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+ )
+ meson_src_configure
+}
+
+src_compile() {
+ meson_src_compile
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ meson_src_install
+
+ # acct-user/polkitd installs its own (albeit with a different filename)
+ rm -rf "${ED}"/usr/lib/sysusers.d || die
+
+ if use examples ; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ if use daemon; then
+ if [[ ${EUID} == 0 ]]; then
+ diropts -m 0700 -o polkitd
+ fi
+ keepdir /etc/polkit-1/rules.d
+ fi
+}
+
+pkg_postinst() {
+ if use daemon && [[ ${EUID} == 0 ]]; then
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ fi
+}
diff --git a/sys-auth/realtime-base/realtime-base-0.1-r1.ebuild b/sys-auth/realtime-base/realtime-base-0.1-r1.ebuild
index 5cea0efc327f..4f8202ec7a5b 100644
--- a/sys-auth/realtime-base/realtime-base-0.1-r1.ebuild
+++ b/sys-auth/realtime-base/realtime-base-0.1-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -9,7 +9,7 @@ SRC_URI=""
LICENSE="public-domain"
SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ppc ppc64 ~riscv ~s390 sparc x86"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
IUSE=""
DEPEND=""
diff --git a/sys-auth/rtkit/files/rtkit-0.13_daemon_verbosity.patch b/sys-auth/rtkit/files/rtkit-0.13_daemon_verbosity.patch
new file mode 100644
index 000000000000..e8fb9c821dde
--- /dev/null
+++ b/sys-auth/rtkit/files/rtkit-0.13_daemon_verbosity.patch
@@ -0,0 +1,67 @@
+From ad649ee491ed1a41537774ad11564a208e598a09 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Sat, 15 Apr 2023 11:53:27 +0200
+Subject: [PATCH] rtkit-daemon: Don't log debug messages by default
+
+The rtkit-daemon service is a lot more verbose than other services
+when it doesn't have anything to do. Stop logging the debug messages
+by default to avoid flooding the system log.
+
+This addresses issue #22.
+--- a/rtkit-daemon.c
++++ b/rtkit-daemon.c
+@@ -154,6 +154,9 @@ static bool canary_demote_unknown = FALSE;
+ /* Log to stderr? */
+ static bool log_stderr = FALSE;
+
++/* Also log debugging messages? */
++static bool log_debug = FALSE;
++
+ /* Scheduling policy to use */
+ static int sched_policy = SCHED_RR;
+
+@@ -1876,6 +1879,7 @@ enum {
+ ARG_CANARY_DEMOTE_UNKNOWN,
+ ARG_CANARY_REFUSE_SEC,
+ ARG_STDERR,
++ ARG_DEBUG,
+ ARG_INTROSPECT
+ };
+
+@@ -1905,6 +1909,7 @@ static const struct option long_options[] = {
+ { "canary-demote-unknown", no_argument, 0, ARG_CANARY_DEMOTE_UNKNOWN },
+ { "canary-refuse-sec", required_argument, 0, ARG_CANARY_REFUSE_SEC },
+ { "stderr", no_argument, 0, ARG_STDERR },
++ { "debug", no_argument, 0, ARG_DEBUG },
+ { "introspect", no_argument, 0, ARG_INTROSPECT },
+ { NULL, 0, 0, 0}
+ };
+@@ -1933,6 +1938,7 @@ static void show_help(const char *exe) {
+ " --version Show version\n\n"
+ "OPTIONS:\n"
+ " --stderr Log to STDERR in addition to syslog\n"
++ " --debug Also log debugging mssages\n"
+ " --user-name=USER Run daemon as user (%s)\n\n"
+ " --scheduling-policy=(RR|FIFO) Choose scheduling policy (%s)\n"
+ " --our-realtime-priority=[%i..%i] Realtime priority for the daemon (%u)\n"
+@@ -2222,6 +2228,10 @@ static int parse_command_line(int argc, char *argv[], int *ret) {
+ log_stderr = TRUE;
+ break;
+
++ case ARG_DEBUG:
++ log_debug = TRUE;
++ break;
++
+ case ARG_INTROSPECT:
+ fputs(introspect_xml, stdout);
+ *ret = 0;
+@@ -2251,6 +2261,9 @@ static int parse_command_line(int argc, char *argv[], int *ret) {
+ return -1;
+ }
+
++ if (!log_debug)
++ setlogmask(LOG_UPTO(LOG_INFO));
++
+ assert(our_realtime_priority >= (unsigned) sched_get_priority_min(sched_policy));
+ assert(our_realtime_priority <= (unsigned) sched_get_priority_max(sched_policy));
+
diff --git a/sys-auth/rtkit/metadata.xml b/sys-auth/rtkit/metadata.xml
index 44cb8576a448..2c85d65cf461 100644
--- a/sys-auth/rtkit/metadata.xml
+++ b/sys-auth/rtkit/metadata.xml
@@ -10,4 +10,7 @@
to escalate their priority to realtime, without any special setup in
rlimits, etc.
</longdescription>
+ <upstream>
+ <remote-id type="github">heftig/rtkit</remote-id>
+ </upstream>
</pkgmetadata>
diff --git a/sys-auth/rtkit/rtkit-0.13-r1.ebuild b/sys-auth/rtkit/rtkit-0.13-r2.ebuild
index 09fccb721a9c..fd13fbac19c3 100644
--- a/sys-auth/rtkit/rtkit-0.13-r1.ebuild
+++ b/sys-auth/rtkit/rtkit-0.13-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -11,8 +11,8 @@ SRC_URI="https://github.com/heftig/${PN}/releases/download/v${PV}/${P}.tar.xz"
LICENSE="GPL-3 BSD"
SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 sparc x86"
-IUSE="systemd"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 ~riscv sparc x86"
+IUSE="selinux systemd"
BDEPEND="virtual/pkgconfig"
DEPEND="acct-group/rtkit
@@ -21,9 +21,11 @@ DEPEND="acct-group/rtkit
sys-auth/polkit
sys-libs/libcap
systemd? ( sys-apps/systemd )"
-RDEPEND="${DEPEND}"
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-rtkit )"
PATCHES=(
+ "${FILESDIR}"/${PN}-0.13_daemon_verbosity.patch
"${FILESDIR}"/${PN}-0.13_meson_rtkitctl_dir.patch
"${FILESDIR}"/${PN}-0.13_meson_xxd_optional.patch
)
diff --git a/sys-auth/seatd/Manifest b/sys-auth/seatd/Manifest
index cbad969e380b..a5d51ded54e6 100644
--- a/sys-auth/seatd/Manifest
+++ b/sys-auth/seatd/Manifest
@@ -1 +1 @@
-DIST seatd-0.7.0.tar.gz 39198 BLAKE2B eddae25b353a5ff4da8aa8b41ead6e6ebab6ffa321376887769cbaf22c3c1b8448d84758749714b82d6ca2d602f2140042634bbeb9312449d8ac207b3774851e SHA512 c81c43994b92672a388bf255edb1fe24d3dba7ece2eb35f9fedc05cc0b8e464e9167ffed037645c4072430fe7b3b8fc80cc99f21fb5100654b5dd23a94742e66
+DIST seatd-0.8.0.tar.gz 39349 BLAKE2B 920270808f28c85badb173af22edb03960f2b9cdce5af3124c64fe68c52a77f002272d2f19e97d107303c55ad6de498d279f6b05311793270c6ee84565fc435e SHA512 93b1e5c170564ce9654e4df9985af95cb505274b36e950998bb1f16803d2d46712140eded2bdd8d5e85aec62070afd9c224184276d79a0ff0813408dfc472db7
diff --git a/sys-auth/seatd/files/seatd.initd-r1 b/sys-auth/seatd/files/seatd.initd-r1
new file mode 100644
index 000000000000..a71a9c480aca
--- /dev/null
+++ b/sys-auth/seatd/files/seatd.initd-r1
@@ -0,0 +1,4 @@
+#!/sbin/openrc-run
+supervisor=supervise-daemon
+command="seatd"
+command_args="-g seat"
diff --git a/sys-auth/seatd/seatd-0.7.0.ebuild b/sys-auth/seatd/seatd-0.7.0.ebuild
deleted file mode 100644
index 38a16a371fb9..000000000000
--- a/sys-auth/seatd/seatd-0.7.0.ebuild
+++ /dev/null
@@ -1,56 +0,0 @@
-# Copyright 2020-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit meson systemd
-
-DESCRIPTION="Minimal seat management daemon and universal library"
-HOMEPAGE="https://sr.ht/~kennylevinsen/seatd"
-if [[ ${PV} == 9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://git.sr.ht/~kennylevinsen/seatd"
-else
- KEYWORDS="amd64 arm arm64 ~loong ppc64 ~riscv x86"
- SRC_URI="https://git.sr.ht/~kennylevinsen/seatd/archive/${PV}.tar.gz -> ${P}.tar.gz"
-fi
-LICENSE="MIT"
-SLOT="0/1"
-IUSE="builtin elogind +server systemd"
-REQUIRED_USE="?? ( elogind systemd )"
-
-DEPEND="
- elogind? ( sys-auth/elogind )
- systemd? ( sys-apps/systemd )
-"
-RDEPEND="${DEPEND}
- server? ( acct-group/seat )
-"
-BDEPEND=">=app-text/scdoc-1.9.7"
-
-src_configure() {
- local emesonargs=(
- -Dman-pages=enabled
- $(meson_feature builtin libseat-builtin)
- $(meson_feature server)
- )
-
- if use elogind ; then
- emesonargs+=( -Dlibseat-logind=elogind )
- elif use systemd; then
- emesonargs+=( -Dlibseat-logind=systemd )
- else
- emesonargs+=( -Dlibseat-logind=disabled )
- fi
-
- meson_src_configure
-}
-
-src_install() {
- meson_src_install
-
- if use server; then
- newinitd "${FILESDIR}/seatd.initd" seatd
- systemd_dounit contrib/systemd/seatd.service
- fi
-}
diff --git a/sys-auth/seatd/seatd-0.7.0-r1.ebuild b/sys-auth/seatd/seatd-0.8.0.ebuild
index 779dda01995e..53eba7e7658c 100644
--- a/sys-auth/seatd/seatd-0.7.0-r1.ebuild
+++ b/sys-auth/seatd/seatd-0.8.0.ebuild
@@ -1,4 +1,4 @@
-# Copyright 2020-2022 Gentoo Authors
+# Copyright 2020-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -21,7 +21,7 @@ REQUIRED_USE="?? ( elogind systemd )"
DEPEND="
elogind? ( sys-auth/elogind )
- systemd? ( sys-apps/systemd )
+ systemd? ( sys-apps/systemd:= )
"
RDEPEND="${DEPEND}
server? ( acct-group/seat )
@@ -50,7 +50,13 @@ src_install() {
meson_src_install
if use server; then
- newinitd "${FILESDIR}/seatd.initd" seatd
+ newinitd "${FILESDIR}/seatd.initd-r1" seatd
systemd_dounit contrib/systemd/seatd.service
+
+ if has_version '<sys-auth/seatd-0.7.0-r2'; then
+ elog "For OpenRC users: seatd is now using the 'seat' group instead of the 'video' group"
+ elog "Make sure your user(s) are in the 'seat' group."
+ elog "Note: 'video' is still needed for GPU access like OpenGL"
+ fi
fi
}
diff --git a/sys-auth/seatd/seatd-9999.ebuild b/sys-auth/seatd/seatd-9999.ebuild
index a3351b9b2463..a9bfcfa000ff 100644
--- a/sys-auth/seatd/seatd-9999.ebuild
+++ b/sys-auth/seatd/seatd-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 2020-2022 Gentoo Authors
+# Copyright 2020-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -11,7 +11,7 @@ if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://git.sr.ht/~kennylevinsen/seatd"
else
- KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
SRC_URI="https://git.sr.ht/~kennylevinsen/seatd/archive/${PV}.tar.gz -> ${P}.tar.gz"
fi
LICENSE="MIT"
@@ -21,7 +21,7 @@ REQUIRED_USE="?? ( elogind systemd )"
DEPEND="
elogind? ( sys-auth/elogind )
- systemd? ( sys-apps/systemd )
+ systemd? ( sys-apps/systemd:= )
"
RDEPEND="${DEPEND}
server? ( acct-group/seat )
@@ -50,7 +50,13 @@ src_install() {
meson_src_install
if use server; then
- newinitd "${FILESDIR}/seatd.initd" seatd
+ newinitd "${FILESDIR}/seatd.initd-r1" seatd
systemd_dounit contrib/systemd/seatd.service
+
+ if has_version '<sys-auth/seatd-0.7.0-r2'; then
+ elog "For OpenRC users: seatd is now using the 'seat' group instead of the 'video' group"
+ elog "Make sure your user(s) are in the 'seat' group."
+ elog "Note: 'video' is still needed for GPU access like OpenGL"
+ fi
fi
}
diff --git a/sys-auth/skey/Manifest b/sys-auth/skey/Manifest
index 4c3e9cb73c37..05a20e091d3e 100644
--- a/sys-auth/skey/Manifest
+++ b/sys-auth/skey/Manifest
@@ -1,2 +1,2 @@
-DIST skey-1.1.5-patches-6.tar.xz 34108 BLAKE2B 410dbe673e0a32a4c3fd0610f898057e7b3afcc0d0fd124683033790f9c518bf89486f13e8d87825c0959ff34e91eae82df6ba3b79c1dcb99a34d5657036d5a6 SHA512 2c807675cdd6b800f03427d79d616f59ac9d4d438221913328ec92e5dd13af185f74a24e17d36af8d49a51c4ecc5b24ef198489acce416d829e8aacf5d3c208a
+DIST skey-1.1.5-patches-7.tar.xz 34412 BLAKE2B 77c37b71e80a629dc24996a496ac870d8ad431268bc8eff188ffe09fda6c52b4169aae6e16d31897658e003c1565176f5b8bdd7052795b372c47e49258a7d8ff SHA512 a73f0772883cfb8a6cd7acabd0d005e723952c4eb3b83d27b5c321737e38a4b4b65be0e7cb1b4fb5d040e315b3c36f6f4ca96f20ad8564617e694e9373fa060d
DIST skey-1.1.5.tar.bz2 61911 BLAKE2B 6226a91f4018bee5796bf60339dc8554324a044eef18a69ea176d060cb4af90779cafaee58f42ad7a6e433b94da8de6e5e4d1ee9362904966fd0872d5ac3ccce SHA512 4cbddc7e31134d5e23801a9b07de0d05c8357aaa8dddfb8426fceead3f54e539f77204f78a08b2a93890ef2f4f807a2208080f58f80818afa1b8cd4884b1fb37
diff --git a/sys-auth/skey/skey-1.1.5-r13.ebuild b/sys-auth/skey/skey-1.1.5-r14.ebuild
index ffd30c0f335d..f91749db5148 100644
--- a/sys-auth/skey/skey-1.1.5-r13.ebuild
+++ b/sys-auth/skey/skey-1.1.5-r14.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -7,8 +7,8 @@ inherit autotools readme.gentoo-r1 toolchain-funcs usr-ldscript
DESCRIPTION="Linux Port of OpenBSD Single-key Password System"
HOMEPAGE="https://web.archive.org/web/20160710152027/http://www.openbsd.org:80/faq/faq8.html#SKey"
-SRC_URI="mirror://gentoo/${P}.tar.bz2
- https://dev.gentoo.org/~ulm/distfiles/${P}-patches-6.tar.xz"
+SRC_URI="https://dev.gentoo.org/~ulm/distfiles/${P}.tar.bz2
+ https://dev.gentoo.org/~ulm/distfiles/${P}-patches-7.tar.xz"
LICENSE="BSD MIT RSA BEER-WARE"
SLOT="0"
diff --git a/sys-auth/solo1/solo1-0.1.1.ebuild b/sys-auth/solo1/solo1-0.1.1-r1.ebuild
index 0ab44c710e95..0e8e190536f4 100644
--- a/sys-auth/solo1/solo1-0.1.1.ebuild
+++ b/sys-auth/solo1/solo1-0.1.1-r1.ebuild
@@ -1,16 +1,15 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
-PYTHON_COMPAT=( python3_{9..10} )
+PYTHON_COMPAT=( python3_{10..12} )
DISTUTILS_USE_PEP517=flit
-inherit distutils-r1
+inherit distutils-r1 pypi
DESCRIPTION="CLI and Python library for SoloKeys Solo 1"
HOMEPAGE="https://github.com/solokeys/solo1-cli"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
LICENSE="Apache-2.0 MIT"
SLOT="0"
diff --git a/sys-auth/ssh-import-id/metadata.xml b/sys-auth/ssh-import-id/metadata.xml
index fd9ff4351985..a8d5f70543c9 100644
--- a/sys-auth/ssh-import-id/metadata.xml
+++ b/sys-auth/ssh-import-id/metadata.xml
@@ -1,9 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
- <maintainer type="person">
- <email>slashbeast@gentoo.org</email>
- <name>Piotr Karbowski</name>
- </maintainer>
+ <!-- maintainer-needed -->
<stabilize-allarches/>
+ <upstream>
+ <remote-id type="launchpad">ssh-import-id</remote-id>
+ </upstream>
</pkgmetadata>
diff --git a/sys-auth/ssh-import-id/ssh-import-id-5.11-r1.ebuild b/sys-auth/ssh-import-id/ssh-import-id-5.11-r1.ebuild
new file mode 100644
index 000000000000..ddde94c6da84
--- /dev/null
+++ b/sys-auth/ssh-import-id/ssh-import-id-5.11-r1.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+DISTUTILS_USE_PEP517=setuptools
+
+inherit distutils-r1
+
+DESCRIPTION="Utility to securely retrieve an SSH public key and install it locally"
+HOMEPAGE="https://launchpad.net/ssh-import-id"
+SRC_URI="https://launchpad.net/${PN}/trunk/${PV}/+download/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 sparc x86"
+IUSE=""
+
+DEPEND="${PYTHON_DEPS}"
+RDEPEND="
+ dev-python/distro[${PYTHON_USEDEP}]
+"
+
+src_install() {
+ distutils-r1_src_install
+ doman usr/share/man/man1/ssh-import-id.1
+}
diff --git a/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.4.0.ebuild b/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.4.0.ebuild
index 1f5cd230ec5a..999f36b3d109 100644
--- a/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.4.0.ebuild
+++ b/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.4.0.ebuild
@@ -4,7 +4,8 @@
EAPI=7
DISTUTILS_USE_PEP517=setuptools
-PYTHON_COMPAT=( python3_{9..10} )
+PYTHON_COMPAT=( python3_{10..11} )
+
inherit distutils-r1
DESCRIPTION="Utility to manage SSH public keys stored in LDAP"
@@ -23,25 +24,24 @@ LICENSE="MIT"
SLOT="0"
IUSE="schema"
-MY_CDEPEND="dev-python/docopt[${PYTHON_USEDEP}]
+RDEPEND="dev-python/docopt[${PYTHON_USEDEP}]
>=dev-python/python-ldap-3.0[${PYTHON_USEDEP}]
virtual/logger"
-DEPEND="${MY_CDEPEND}
+DEPEND="${RDEPEND}
dev-python/setuptools[${PYTHON_USEDEP}]
test? (
dev-python/pytest-describe[${PYTHON_USEDEP}]
dev-python/pytest-mock[${PYTHON_USEDEP}]
)"
-# We need to block previous net-misc/openssh packages
-# to avoid file collision on "/etc/openldap/schema/openssh-lpk.schema"
-RDEPEND="${MY_CDEPEND}
- schema? ( !net-misc/openssh[ldap(-)] )"
-
DOCS=( README.md CHANGELOG.adoc )
distutils_enable_tests pytest
+python_test() {
+ epytest -p pytest-describe
+}
+
python_install_all() {
distutils-r1_python_install_all
diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest
index 33bcbee3a483..99b108e1bbf8 100644
--- a/sys-auth/sssd/Manifest
+++ b/sys-auth/sssd/Manifest
@@ -1,3 +1,2 @@
-DIST sssd-2.5.2-CVE-2021-3621.patch.bz2 3155 BLAKE2B c50e331f0f1acbb9ef8e6d54a63219da44df5e565608c24635d85a110fcc024f7d5293c4412bca64831a9a3a14e2c1188be1a802c76575ad6d7a83243d3d89c2 SHA512 650af7c67b3a807935c0875ee877d366facdf818492fb4244757448ad351454a279968ea5414e6b3cd116e873abe4f1aef2ccdaf790a4df0cf7f2a0078a41860
-DIST sssd-2.5.2.tar.gz 7579208 BLAKE2B ec5d9aeaf5b5e05b56c01f9137f6f24db05544dbd48458d742285b60e7beb6d48af865f3415e11ce89e187f4643bbecf15bbb321859ec80cfe458eb781cea6c9 SHA512 a9bac7b2cc23022dce3bcda314c9c26a0a0914c448f6d5a51c5ba18670f04c1fd1a94cb20173235b6285df1dcc9251cb6b3f3e71a220037b4eb66668e6f33c48
-DIST sssd-2.6.0.tar.gz 7440969 BLAKE2B 6b05fcea09ef10a5b2f373dc6a66032edc4c4f46f65f42fdc9ffb5b676025095e16de4a86b3088351c22746e062829d1d68fa7e960cccb7c5a77d960e6d38e2a SHA512 0b9e169424cbadfa6132a3e5e9789facf82f04cce94cb5344b8ff49370ae8817c2cb16cf21caddf6a7cd42e661d5ff5bf97843d79681683aacff0053ff93f64b
+DIST sssd-2.9.1.tar.gz 7943540 BLAKE2B 9113b63d54beb40ba85c5b5c75068197317b3b8088119cf6557c6b4aed113d2d67f0bc64fc68fb34f4dbef54cccdb8b32ef44112115930751fdec5ec92e0a09b SHA512 eb7345dcfbbd51f005f67ee5032364d369d24589111ded60701e2dbe09563f0b862d343f231dd2e9d548acd8c560a036c8b88a0601f9aa048a7202da8202cd9b
+DIST sssd-2.9.4.tar.gz 7982544 BLAKE2B 6ed23787f1c029abc89f2bbe516787ddbe2fa39f052b75b965972b0a3532c66076f16b775258c5ee6f4ac9ef63bd6ab5bad1a3b660bcac135b3af460d0f14748 SHA512 9546cf074628f32137b16ca0c763988785271124244b645d1e786762e8578f10d983793a29bffcc004b064452fe8d465476a3041688d2f3c11c2751fb5bec3e2
diff --git a/sys-auth/sssd/files/sssd-2.6.0-conditional-python-install.patch b/sys-auth/sssd/files/sssd-2.6.0-conditional-python-install.patch
deleted file mode 100644
index 04c18ceede8c..000000000000
--- a/sys-auth/sssd/files/sssd-2.6.0-conditional-python-install.patch
+++ /dev/null
@@ -1,19 +0,0 @@
---- a/src/tools/analyzer/Makefile.am
-+++ b/src/tools/analyzer/Makefile.am
-@@ -1,5 +1,7 @@
- pkgpythondir = $(python3dir)/sssd
-+modulesdir = $(pkgpythondir)/modules
-
-+if BUILD_PYTHON_BINDINGS
- dist_pkgpython_SCRIPTS = \
- sss_analyze.py \
- $(NULL)
-@@ -10,7 +12,7 @@
- source_reader.py \
- $(NULL)
-
--modulesdir = $(pkgpythondir)/modules
- dist_modules_DATA = \
- modules/request.py \
- $(NULL)
-+endif
diff --git a/sys-auth/sssd/files/sssd-2.8.2-krb5_pw_locked.patch b/sys-auth/sssd/files/sssd-2.8.2-krb5_pw_locked.patch
new file mode 100644
index 000000000000..a8bd397cd063
--- /dev/null
+++ b/sys-auth/sssd/files/sssd-2.8.2-krb5_pw_locked.patch
@@ -0,0 +1,12 @@
+diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
+index a1c0b36..207c010 100644
+--- a/src/providers/krb5/krb5_auth.c
++++ b/src/providers/krb5/krb5_auth.c
+@@ -1037,6 +1037,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
+ case ERR_ACCOUNT_LOCKED:
+ state->pam_status = PAM_PERM_DENIED;
+ state->dp_err = DP_ERR_OK;
++ state->pd->account_locked = true;
+ ret = EOK;
+ goto done;
+
diff --git a/sys-auth/sssd/files/sssd-2.9.1-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch b/sys-auth/sssd/files/sssd-2.9.1-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch
new file mode 100644
index 000000000000..c849fe76b446
--- /dev/null
+++ b/sys-auth/sssd/files/sssd-2.9.1-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch
@@ -0,0 +1,31 @@
+From 74d0f4538deb766592079b1abca0d949d6dea105 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Thu, 15 Jun 2023 12:05:03 +0200
+Subject: [PATCH 1/1] BUILD: Accept krb5 1.21 for building the PAC plugin
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reviewed-by: Alejandro López <allopez@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/external/pac_responder.m4 | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/external/pac_responder.m4 b/src/external/pac_responder.m4
+index 3cbe3c9cfba03b59e26a8c5c2d73446eead2acea..90727185b574411bddd928f8d87efdc87076eba4 100644
+--- a/src/external/pac_responder.m4
++++ b/src/external/pac_responder.m4
+@@ -22,7 +22,8 @@ then
+ Kerberos\ 5\ release\ 1.17* | \
+ Kerberos\ 5\ release\ 1.18* | \
+ Kerberos\ 5\ release\ 1.19* | \
+- Kerberos\ 5\ release\ 1.20*)
++ Kerberos\ 5\ release\ 1.20* | \
++ Kerberos\ 5\ release\ 1.21*)
+ krb5_version_ok=yes
+ AC_MSG_RESULT([yes])
+ ;;
+--
+2.41.0
+
diff --git a/sys-auth/sssd/files/sssd-2.9.1-certmap-fix-partial-string-comparison.patch b/sys-auth/sssd/files/sssd-2.9.1-certmap-fix-partial-string-comparison.patch
new file mode 100644
index 000000000000..258940bab38e
--- /dev/null
+++ b/sys-auth/sssd/files/sssd-2.9.1-certmap-fix-partial-string-comparison.patch
@@ -0,0 +1,87 @@
+From 11afa7a6ef7e15f1e98c7145ad5c80bbdfc520e2 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Tue, 4 Jul 2023 19:06:27 +0200
+Subject: [PATCH 3/3] certmap: fix partial string comparison
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If the formatting option of the certificate digest/hash function
+contained and additional specifier separated with a '_' the comparison
+of the provided digest name and the available ones was incomplete, the
+last character was ignored and the comparison was successful if even if
+there was only a partial match.
+
+Resolves: https://github.com/SSSD/sssd/issues/6802
+
+Reviewed-by: Alejandro López <allopez@redhat.com>
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+(cherry picked from commit 0817ca3b366f51510705ab77d7900c0b65b7d2fc)
+---
+ src/lib/certmap/sss_certmap_ldap_mapping.c | 9 ++++++++-
+ src/tests/cmocka/test_certmap.c | 22 ++++++++++++++++++++++
+ 2 files changed, 30 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/certmap/sss_certmap_ldap_mapping.c b/src/lib/certmap/sss_certmap_ldap_mapping.c
+index 2f16837a1..354b0310b 100644
+--- a/src/lib/certmap/sss_certmap_ldap_mapping.c
++++ b/src/lib/certmap/sss_certmap_ldap_mapping.c
+@@ -228,14 +228,21 @@ int check_digest_conversion(const char *inp, const char **digest_list,
+ bool colon = false;
+ bool reverse = false;
+ char *c;
++ size_t len = 0;
+
+ sep = strchr(inp, '_');
++ if (sep != NULL) {
++ len = sep - inp;
++ }
+
+ for (d = 0; digest_list[d] != NULL; d++) {
+ if (sep == NULL) {
+ cmp = strcasecmp(digest_list[d], inp);
+ } else {
+- cmp = strncasecmp(digest_list[d], inp, (sep - inp -1));
++ if (strlen(digest_list[d]) != len) {
++ continue;
++ }
++ cmp = strncasecmp(digest_list[d], inp, len);
+ }
+
+ if (cmp == 0) {
+diff --git a/src/tests/cmocka/test_certmap.c b/src/tests/cmocka/test_certmap.c
+index da312beaf..a15984d60 100644
+--- a/src/tests/cmocka/test_certmap.c
++++ b/src/tests/cmocka/test_certmap.c
+@@ -2183,6 +2183,28 @@ static void test_sss_certmap_ldapu1_cert(void **state)
+ assert_non_null(ctx);
+ assert_null(ctx->prio_list);
+
++ /* cert!sha */
++ ret = sss_certmap_add_rule(ctx, 91,
++ "KRB5:<ISSUER>.*",
++ "LDAP:rule91={cert!sha}", NULL);
++ assert_int_equal(ret, EINVAL);
++
++ ret = sss_certmap_add_rule(ctx, 91,
++ "KRB5:<ISSUER>.*",
++ "LDAPU1:rule91={cert!sha}", NULL);
++ assert_int_equal(ret, EINVAL);
++
++ /* cert!sha_u */
++ ret = sss_certmap_add_rule(ctx, 90,
++ "KRB5:<ISSUER>.*",
++ "LDAP:rule90={cert!sha_u}", NULL);
++ assert_int_equal(ret, EINVAL);
++
++ ret = sss_certmap_add_rule(ctx, 99,
++ "KRB5:<ISSUER>.*",
++ "LDAPU1:rule90={cert!sha_u}", NULL);
++ assert_int_equal(ret, EINVAL);
++
+ /* cert!sha555 */
+ ret = sss_certmap_add_rule(ctx, 89,
+ "KRB5:<ISSUER>.*",
+--
+2.38.1
+
diff --git a/sys-auth/sssd/files/sssd-2.9.1-conditional-python-install.patch b/sys-auth/sssd/files/sssd-2.9.1-conditional-python-install.patch
new file mode 100644
index 000000000000..de46b96c82f9
--- /dev/null
+++ b/sys-auth/sssd/files/sssd-2.9.1-conditional-python-install.patch
@@ -0,0 +1,19 @@
+diff --git a/src/tools/analyzer/Makefile.am b/src/tools/analyzer/Makefile.am
+index b40043d04..dce6b9d36 100644
+--- a/src/tools/analyzer/Makefile.am
++++ b/src/tools/analyzer/Makefile.am
+@@ -5,7 +5,9 @@ dist_sss_analyze_python_SCRIPTS = \
+ $(NULL)
+
+ pkgpythondir = $(python3dir)/sssd
++modulesdir = $(pkgpythondir)/modules
+
++if BUILD_PYTHON_BINDINGS
+ dist_pkgpython_DATA = \
+ __init__.py \
+ source_files.py \
+@@ -20,3 +22,4 @@ dist_modules_DATA = \
+ modules/__init__.py \
+ modules/request.py \
+ $(NULL)
++endif
diff --git a/sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch b/sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch
new file mode 100644
index 000000000000..3a724363382b
--- /dev/null
+++ b/sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch
@@ -0,0 +1,39 @@
+From 15d7d34b20219e2fd45c43881088f5d542e9603e Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Tue, 4 Jul 2023 18:56:35 +0200
+Subject: [PATCH 2/3] sssct: allow cert-show and cert-eval-rule as non-root
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The cert-show and cert-eval-rule sub-commands do not need root access and
+do not require SSSD to be configured on the host.
+
+Resolves: https://github.com/SSSD/sssd/issues/6802
+
+Reviewed-by: Alejandro López <allopez@redhat.com>
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+(cherry picked from commit 8466f0e4d0c6cd2b98d2789970847b9adc01d7d4)
+---
+ src/tools/sssctl/sssctl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
+index 855260aed..04c41aa9a 100644
+--- a/src/tools/sssctl/sssctl.c
++++ b/src/tools/sssctl/sssctl.c
+@@ -340,9 +340,9 @@ int main(int argc, const char **argv)
+ SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT),
+ #endif
+ SSS_TOOL_DELIMITER("Certificate related tools:"),
+- SSS_TOOL_COMMAND("cert-show", "Print information about the certificate", 0, sssctl_cert_show),
++ SSS_TOOL_COMMAND_FLAGS("cert-show", "Print information about the certificate", 0, sssctl_cert_show, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
+ SSS_TOOL_COMMAND("cert-map", "Show users mapped to the certificate", 0, sssctl_cert_map),
+- SSS_TOOL_COMMAND("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule),
++ SSS_TOOL_COMMAND_FLAGS("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
+ #ifdef BUILD_PASSKEY
+ SSS_TOOL_DELIMITER("Passkey related tools:"),
+ SSS_TOOL_COMMAND_FLAGS("passkey-register", "Perform passkey registration", 0, sssctl_passkey_register, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
+--
+2.38.1
+
diff --git a/sys-auth/sssd/metadata.xml b/sys-auth/sssd/metadata.xml
index 1de148797929..a4f6c50a3f9e 100644
--- a/sys-auth/sssd/metadata.xml
+++ b/sys-auth/sssd/metadata.xml
@@ -5,19 +5,23 @@
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
- <maintainer type="person">
- <email>alexxy@gentoo.org</email>
- <name>Alexey Shvetsov</name>
+ <maintainer type="person" proxied="yes">
+ <email>salah.coronya@gmail.com</email>
+ <name>Christopher Byrne</name>
+ </maintainer>
+ <maintainer type="project" proxied="proxy">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
</maintainer>
<use>
<flag name="acl"> Build and use the cifsidmap plugin</flag>
- <flag name="locator">Install sssd's Kerberos plugin</flag>
+ <flag name="keyutils">Controls whether the kernel keyring should be used via <pkg>sys-apps/keyutils</pkg></flag>
<flag name="netlink">Add support for netlink protocol via <pkg>dev-libs/libnl</pkg></flag>
<flag name="nfsv4">Add support for the nfsv4 idmapd plugin provided by <pkg>net-fs/nfs-utils</pkg></flag>
- <flag name="pac">Add Privileged Attribute Certificate Support for Kerberos</flag>
+ <flag name="samba">Add Privileged Attribute Certificate Support for Kerberos</flag>
+ <flag name="subid">Support subordinate uid and gid ranges in FreeIPA</flag>
<flag name="sudo">Build helper to let <pkg>app-admin/sudo</pkg> use sssd provided information</flag>
<flag name="systemtap">Enable SystemTAP/DTrace tracing</flag>
- <flag name="valgrind">Depend on <pkg>dev-util/valgrind</pkg> for test suite</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:fedoraproject:sssd</remote-id>
diff --git a/sys-auth/sssd/sssd-2.5.2-r3.ebuild b/sys-auth/sssd/sssd-2.9.1-r1.ebuild
index ffbaa9bb9aea..af43a0ad6b5a 100644
--- a/sys-auth/sssd/sssd-2.5.2-r3.ebuild
+++ b/sys-auth/sssd/sssd-2.9.1-r1.ebuild
@@ -1,96 +1,113 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=7
+EAPI=8
-PYTHON_COMPAT=( python3_{9..10} )
+PLOCALES="ca de es fr ja ko pt_BR ru sv tr uk"
+PLOCALES_BIN="${PLOCALES} bg cs eu fi hu id it ka nb nl pl pt tg zh_TW zh_CN"
+PLOCALE_BACKUP="sv"
+PYTHON_COMPAT=( python3_{10..12} )
-inherit autotools linux-info multilib-minimal python-single-r1 pam systemd toolchain-funcs optfeature
+inherit autotools linux-info multilib-minimal optfeature plocale \
+ python-single-r1 pam systemd toolchain-funcs
DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
HOMEPAGE="https://github.com/SSSD/sssd"
-SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz"
-SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-CVE-2021-3621.patch.bz2"
+if [[ ${PV} != 9999 ]]; then
+ SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz"
+else
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/SSSD/sssd.git"
+ EGIT_BRANCH="master"
+fi
LICENSE="GPL-3"
SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc x86"
-IUSE="acl doc +locator +netlink nfsv4 nls +man pac python samba selinux sudo systemd systemtap test valgrind"
+KEYWORDS="amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc x86"
+IUSE="acl doc keyutils +netlink nfsv4 nls +man python samba selinux subid sudo systemd systemtap test"
+REQUIRED_USE="
+ python? ( ${PYTHON_REQUIRED_USE} )
+ test? ( sudo )"
RESTRICT="!test? ( test )"
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
- pac? ( samba )
- test? ( sudo )
- valgrind? ( test )"
-
-BDEPEND=">=sys-devel/autoconf-2.69-r5
- virtual/pkgconfig
- ${PYTHON_DEPS}
- doc? ( app-doc/doxygen )
- test? (
- dev-libs/check
- dev-libs/softhsm:2
- dev-util/cmocka
- net-libs/gnutls[pkcs11,tools]
- sys-libs/libfaketime
- sys-libs/nss_wrapper
- sys-libs/pam_wrapper
- sys-libs/uid_wrapper
- valgrind? ( dev-util/valgrind )
- )
- man? (
- app-text/docbook-xml-dtd:4.4
- >=dev-libs/libxslt-1.1.26
- nls? ( app-text/po4a )
- )"
-
-DEPEND=">=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}]
+DEPEND="
+ >=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}]
app-crypt/p11-kit
>=dev-libs/ding-libs-0.2
- dev-libs/glib:2
>=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
- >=dev-libs/libpcre-8.30:=
+ dev-libs/jansson:=
+ dev-libs/libpcre2:=
+ dev-libs/libunistring:=
>=dev-libs/popt-1.16
- >=dev-libs/openssl-1.0.2:0=
+ >=dev-libs/openssl-1.0.2:=
>=net-dns/bind-tools-9.9[gssapi]
- >=net-dns/c-ares-1.7.4:=
- >=net-nds/openldap-2.4.30:=[sasl]
+ >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}]
+ >=net-nds/openldap-2.4.30:=[sasl,experimental]
>=sys-apps/dbus-1.6
- >=sys-apps/keyutils-1.5:=
>=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
>=sys-libs/talloc-2.0.7
>=sys-libs/tdb-1.2.9
>=sys-libs/tevent-0.9.16
>=sys-libs/ldb-1.1.17-r1:=
virtual/libintl
- locator? (
- >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}]
- )
acl? ( net-fs/cifs-utils[acl] )
+ keyutils? ( >=sys-apps/keyutils-1.5:= )
netlink? ( dev-libs/libnl:3 )
nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 )
nls? ( >=sys-devel/gettext-0.18 )
- pac? (
- net-fs/samba
+ python? (
+ ${PYTHON_DEPS}
+ systemd? (
+ $(python_gen_cond_dep '
+ dev-python/python-systemd[${PYTHON_USEDEP}]
+ ')
+ )
)
- python? ( ${PYTHON_DEPS} )
samba? ( >=net-fs/samba-4.10.2[winbind] )
selinux? (
>=sys-libs/libselinux-2.1.9
>=sys-libs/libsemanage-2.1
)
+ subid? ( >=sys-apps/shadow-4.9 )
systemd? (
- dev-libs/jansson:0=
- net-libs/http-parser:0=
- net-misc/curl:0=
+ sys-apps/systemd:=
+ sys-apps/util-linux
)
- systemtap? ( dev-util/systemtap )"
+ systemtap? ( dev-debug/systemtap )"
RDEPEND="${DEPEND}
- >=sys-libs/glibc-2.17[nscd]
selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )"
+BDEPEND="
+ virtual/pkgconfig
+ ${PYTHON_DEPS}
+ doc? ( app-text/doxygen )
+ man? (
+ app-text/docbook-xml-dtd:4.4
+ >=dev-libs/libxslt-1.1.26
+ nls? ( app-text/po4a )
+ )
+ nls? ( sys-devel/gettext )
+ test? (
+ dev-libs/check
+ dev-libs/softhsm:2
+ dev-util/cmocka
+ net-libs/gnutls[pkcs11,tools]
+ sys-libs/libfaketime
+ sys-libs/nss_wrapper
+ sys-libs/pam_wrapper
+ sys-libs/uid_wrapper
+ )
+"
CONFIG_CHECK="~KEYS"
+PATCHES=(
+ "${FILESDIR}/${PN}-2.8.2-krb5_pw_locked.patch"
+ "${FILESDIR}/${PN}-2.9.1-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch"
+ "${FILESDIR}/${PN}-2.9.1-certmap-fix-partial-string-comparison.patch"
+ "${FILESDIR}/${PN}-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch"
+ "${FILESDIR}/${PN}-2.9.1-conditional-python-install.patch"
+)
+
MULTILIB_WRAPPED_HEADERS=(
/usr/include/ipa_hbac.h
/usr/include/sss_idmap.h
@@ -102,10 +119,6 @@ MULTILIB_WRAPPED_HEADERS=(
/usr/include/sss_certmap.h
)
-PATCHES=(
- "${WORKDIR}"/${P}-CVE-2021-3621.patch
-)
-
pkg_setup() {
linux-info_pkg_setup
python-single-r1_pkg_setup
@@ -114,15 +127,35 @@ pkg_setup() {
src_prepare() {
default
+ plocale_get_locales > src/man/po/LINGUAS || die
+
+ sed -i \
+ -e "/_langs]/ s/ .*//" \
+ src/man/po/po4a.cfg \
+ || die
+ enable_locale() {
+ local locale=${1}
+
+ sed -i \
+ -e "/_langs]/ s/$/ ${locale}/" \
+ src/man/po/po4a.cfg \
+ || die
+ }
+
+ plocale_for_each_locale enable_locale
+
+ PLOCALES="${PLOCALES_BIN}"
+ plocale_get_locales > po/LINGUAS || die
+
sed -i \
-e 's:/var/run:/run:' \
- "${S}"/src/examples/logrotate \
+ src/examples/logrotate \
|| die
# disable flaky test, see https://github.com/SSSD/sssd/issues/5631
sed -i \
-e '/^\s*pam-srv-tests[ \\]*$/d' \
- "${S}"/Makefile.am \
+ Makefile.am \
|| die
eautoreconf
@@ -131,7 +164,7 @@ src_prepare() {
}
src_configure() {
- local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1)
+ local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1 || die)
multilib-minimal_src_configure
}
@@ -139,9 +172,14 @@ src_configure() {
multilib_src_configure() {
local myconf=()
+ export ac_cv_header_keyutils_h=$(usex keyutils)
+ export ac_cv_lib_keyutils_add_key=$(usex keyutils)
+
myconf+=(
+ --libexecdir="${EPREFIX}"/usr/libexec
--localstatedir="${EPREFIX}"/var
--runstatedir="${EPREFIX}"/run
+ --sbindir="${EPREFIX}"/usr/sbin
--with-pid-path="${EPREFIX}"/run
--with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
--enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
@@ -153,22 +191,20 @@ multilib_src_configure() {
--with-mcache-path="${EPREFIX}"/var/lib/sss/mc
--with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets
--with-log-path="${EPREFIX}"/var/log/sssd
+ --with-kcm
+ --enable-kcm-renewal
--with-os=gentoo
- --with-nscd="${EPREFIX}"/usr/sbin/nscd
- --with-unicode-lib="glib2"
--disable-rpath
--disable-static
- --sbindir=/usr/sbin
- --enable-local-provider
- $(multilib_native_use_with systemd kcm)
- $(multilib_native_use_with systemd secrets)
+ # Valgrind is only used for tests
+ --disable-valgrind
$(use_with samba)
--with-smb-idmap-interface-version=6
$(multilib_native_use_enable acl cifs-idmap-plugin)
$(multilib_native_use_with selinux)
$(multilib_native_use_with selinux semanage)
- $(use_enable locator krb5-locator-plugin)
- $(use_enable pac pac-responder)
+ --enable-krb5-locator-plugin
+ $(use_enable samba pac-responder)
$(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
$(use_enable nls)
$(multilib_native_use_with netlink libnl)
@@ -176,21 +212,19 @@ multilib_src_configure() {
$(multilib_native_use_with sudo)
$(multilib_native_with autofs)
$(multilib_native_with ssh)
+ --without-oidc-child
+ --without-passkey
+ $(use_with subid)
$(use_enable systemtap)
- $(use_enable valgrind)
--without-python2-bindings
$(multilib_native_use_with python python3-bindings)
+ # Annoyingly configure requires that you pick systemd XOR sysv
+ --with-initscript=$(usex systemd systemd sysv)
)
- # Annoyingly configure requires that you pick systemd XOR sysv
- if use systemd; then
- myconf+=(
- --with-initscript="systemd"
- --with-systemdunitdir=$(systemd_get_systemunitdir)
- )
- else
- myconf+=(--with-initscript="sysv")
- fi
+ use systemd && myconf+=(
+ --with-systemdunitdir=$(systemd_get_systemunitdir)
+ )
if ! multilib_is_native_abi; then
# work-around all the libraries that are used for CLI and server
@@ -198,17 +232,17 @@ multilib_src_configure() {
{POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
# ldb headers are fine since native needs it
# ldb lib fails... but it does not seem to bother
- {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' '
- {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' '
- {NDR_NBT,SMBCLIENT,NDR_KRB5PAC}_{CFLAGS,LIBS}=' '
+ {DHASH,UNISTRING,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' '
+ {PCRE,CARES,SYSTEMD_LOGIN,SASL,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' '
+ {NDR_NBT,SAMBA_UTIL,SMBCLIENT,NDR_KRB5PAC,JANSSON}_{CFLAGS,LIBS}=' '
# use native include path for dbus (needed for build)
DBUS_CFLAGS="${native_dbus_cflags}"
# non-pkgconfig checks
ac_cv_lib_ldap_ldap_search=yes
- --without-secrets
--without-kcm
+ --without-manpages
)
fi
@@ -219,13 +253,10 @@ multilib_src_compile() {
if multilib_is_native_abi; then
default
use doc && emake docs
- if use man || use nls; then
- emake update-po
- fi
else
- emake libnss_sss.la pam_sss.la
- use locator && emake sssd_krb5_locator_plugin.la
- use pac && emake sssd_pac_plugin.la
+ emake libnss_sss.la pam_sss.la pam_sss_gss.la
+ emake sssd_krb5_locator_plugin.la
+ use samba && emake sssd_pac_plugin.la
fi
}
@@ -238,24 +269,23 @@ multilib_src_test() {
multilib_src_install() {
if multilib_is_native_abi; then
- emake -j1 DESTDIR="${D}" "${_at_args[@]}" install
+ emake -j1 DESTDIR="${D}" install
if use python; then
- python_optimize
python_fix_shebang "${ED}"
+ python_optimize
fi
else
# easier than playing with automake...
dopammod .libs/pam_sss.so
+ dopammod .libs/pam_sss_gss.so
into /
dolib.so .libs/libnss_sss.so*
- if use locator; then
- exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
- doexe .libs/sssd_krb5_locator_plugin.so
- fi
+ exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
+ doexe .libs/sssd_krb5_locator_plugin.so
- if use pac; then
+ if use samba; then
exeinto /usr/$(get_libdir)/krb5/plugins/authdata
doexe .libs/sssd_pac_plugin.so
fi
@@ -264,15 +294,14 @@ multilib_src_install() {
multilib_src_install_all() {
einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
insinto /etc/sssd
insopts -m600
- doins "${S}"/src/examples/sssd-example.conf
+ doins src/examples/sssd-example.conf
insinto /etc/logrotate.d
insopts -m644
- newins "${S}"/src/examples/logrotate sssd
+ newins src/examples/logrotate sssd
newconfd "${FILESDIR}"/sssd.conf sssd
@@ -289,15 +318,16 @@ multilib_src_install_all() {
# strip empty dirs
if ! use doc; then
rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die
- rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap,sss_simpleifp}_doc || die
+ rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap}_doc || die
fi
rm -r "${ED}"/run || die
+ find "${ED}" -type f -name '*.la' -delete || die
}
pkg_postinst() {
elog "You must set up sssd.conf (default installed into /etc/sssd)"
elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
- elog "features. Please see howto in https://sssd.io/docs/design_pages/smartcard_authentication_require.html"
+ elog "features."
optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli
}
diff --git a/sys-auth/sssd/sssd-2.6.0-r2.ebuild b/sys-auth/sssd/sssd-2.9.4.ebuild
index 16066e1d4f25..d83be12eeecc 100644
--- a/sys-auth/sssd/sssd-2.6.0-r2.ebuild
+++ b/sys-auth/sssd/sssd-2.9.4.ebuild
@@ -1,25 +1,33 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=7
+EAPI=8
-PYTHON_COMPAT=( python3_{9..10} )
+PLOCALES="ca de es fr ja ko pt_BR ru sv tr uk"
+PLOCALES_BIN="${PLOCALES} bg cs eu fi hu id it ka nb nl pl pt tg zh_TW zh_CN"
+PLOCALE_BACKUP="sv"
+PYTHON_COMPAT=( python3_{10..12} )
-inherit autotools linux-info multilib-minimal optfeature python-single-r1 pam systemd toolchain-funcs
+inherit autotools linux-info multilib-minimal optfeature plocale \
+ python-single-r1 pam systemd toolchain-funcs
DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
HOMEPAGE="https://github.com/SSSD/sssd"
-SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz"
+if [[ ${PV} != 9999 ]]; then
+ SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz"
+ KEYWORDS="amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc x86"
+else
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/SSSD/sssd.git"
+ EGIT_BRANCH="master"
+fi
LICENSE="GPL-3"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
-IUSE="acl doc +locator +netlink nfsv4 nls +man pac python samba selinux sudo systemd systemtap test valgrind"
+IUSE="acl doc +netlink nfsv4 nls +man python samba selinux subid sudo systemd systemtap test"
REQUIRED_USE="
- pac? ( samba )
python? ( ${PYTHON_REQUIRED_USE} )
- test? ( sudo )
- valgrind? ( test )"
+ test? ( sudo )"
RESTRICT="!test? ( test )"
DEPEND="
@@ -27,13 +35,14 @@ DEPEND="
app-crypt/p11-kit
>=dev-libs/ding-libs-0.2
>=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
+ dev-libs/jansson:=
dev-libs/libpcre2:=
+ dev-libs/libunistring:=
>=dev-libs/popt-1.16
>=dev-libs/openssl-1.0.2:=
- dev-libs/libunistring:=
>=net-dns/bind-tools-9.9[gssapi]
- >=net-dns/c-ares-1.7.4:=
- >=net-nds/openldap-2.4.30:=[sasl]
+ >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}]
+ >=net-nds/openldap-2.4.30:=[sasl,experimental]
>=sys-apps/dbus-1.6
>=sys-apps/keyutils-1.5:=
>=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
@@ -43,28 +52,39 @@ DEPEND="
>=sys-libs/ldb-1.1.17-r1:=
virtual/libintl
acl? ( net-fs/cifs-utils[acl] )
- locator? ( >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}] )
netlink? ( dev-libs/libnl:3 )
nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 )
- pac? ( net-fs/samba )
- python? ( ${PYTHON_DEPS} )
+ nls? ( >=sys-devel/gettext-0.18 )
+ python? (
+ ${PYTHON_DEPS}
+ systemd? (
+ $(python_gen_cond_dep '
+ dev-python/python-systemd[${PYTHON_USEDEP}]
+ ')
+ )
+ )
samba? ( >=net-fs/samba-4.10.2[winbind] )
selinux? (
>=sys-libs/libselinux-2.1.9
>=sys-libs/libsemanage-2.1
)
+ subid? ( >=sys-apps/shadow-4.9 )
systemd? (
sys-apps/systemd:=
sys-apps/util-linux
)
- systemtap? ( dev-util/systemtap )"
+ systemtap? ( dev-debug/systemtap )"
RDEPEND="${DEPEND}
- >=sys-libs/glibc-2.17[nscd]
selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )"
BDEPEND="
virtual/pkgconfig
${PYTHON_DEPS}
- doc? ( app-doc/doxygen )
+ doc? ( app-text/doxygen )
+ man? (
+ app-text/docbook-xml-dtd:4.4
+ >=dev-libs/libxslt-1.1.26
+ nls? ( app-text/po4a )
+ )
nls? ( sys-devel/gettext )
test? (
dev-libs/check
@@ -75,17 +95,15 @@ BDEPEND="
sys-libs/nss_wrapper
sys-libs/pam_wrapper
sys-libs/uid_wrapper
- valgrind? ( dev-util/valgrind )
)
- man? (
- app-text/docbook-xml-dtd:4.4
- >=dev-libs/libxslt-1.1.26
- nls? ( app-text/po4a )
- )"
+"
CONFIG_CHECK="~KEYS"
-PATCHES=( "${FILESDIR}"/${PN}-2.6.0-conditional-python-install.patch )
+PATCHES=(
+ "${FILESDIR}/${PN}-2.8.2-krb5_pw_locked.patch"
+ "${FILESDIR}/${PN}-2.9.1-conditional-python-install.patch"
+)
MULTILIB_WRAPPED_HEADERS=(
/usr/include/ipa_hbac.h
@@ -106,6 +124,26 @@ pkg_setup() {
src_prepare() {
default
+ plocale_get_locales > src/man/po/LINGUAS || die
+
+ sed -i \
+ -e "/_langs]/ s/ .*//" \
+ src/man/po/po4a.cfg \
+ || die
+ enable_locale() {
+ local locale=${1}
+
+ sed -i \
+ -e "/_langs]/ s/$/ ${locale}/" \
+ src/man/po/po4a.cfg \
+ || die
+ }
+
+ plocale_for_each_locale enable_locale
+
+ PLOCALES="${PLOCALES_BIN}"
+ plocale_get_locales > po/LINGUAS || die
+
sed -i \
-e 's:/var/run:/run:' \
src/examples/logrotate \
@@ -132,8 +170,10 @@ multilib_src_configure() {
local myconf=()
myconf+=(
+ --libexecdir="${EPREFIX}"/usr/libexec
--localstatedir="${EPREFIX}"/var
--runstatedir="${EPREFIX}"/run
+ --sbindir="${EPREFIX}"/usr/sbin
--with-pid-path="${EPREFIX}"/run
--with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
--enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
@@ -145,18 +185,20 @@ multilib_src_configure() {
--with-mcache-path="${EPREFIX}"/var/lib/sss/mc
--with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets
--with-log-path="${EPREFIX}"/var/log/sssd
+ --with-kcm
+ --enable-kcm-renewal
--with-os=gentoo
--disable-rpath
--disable-static
- --sbindir="${EPREFIX}"/usr/sbin
- $(multilib_native_use_with systemd kcm)
+ # Valgrind is only used for tests
+ --disable-valgrind
$(use_with samba)
--with-smb-idmap-interface-version=6
$(multilib_native_use_enable acl cifs-idmap-plugin)
$(multilib_native_use_with selinux)
$(multilib_native_use_with selinux semanage)
- $(use_enable locator krb5-locator-plugin)
- $(use_enable pac pac-responder)
+ --enable-krb5-locator-plugin
+ $(use_enable samba pac-responder)
$(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
$(use_enable nls)
$(multilib_native_use_with netlink libnl)
@@ -164,8 +206,10 @@ multilib_src_configure() {
$(multilib_native_use_with sudo)
$(multilib_native_with autofs)
$(multilib_native_with ssh)
+ --without-oidc-child
+ --without-passkey
+ $(use_with subid)
$(use_enable systemtap)
- $(use_enable valgrind)
--without-python2-bindings
$(multilib_native_use_with python python3-bindings)
# Annoyingly configure requires that you pick systemd XOR sysv
@@ -182,9 +226,9 @@ multilib_src_configure() {
{POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
# ldb headers are fine since native needs it
# ldb lib fails... but it does not seem to bother
- {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' '
- {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' '
- {NDR_NBT,SMBCLIENT,NDR_KRB5PAC}_{CFLAGS,LIBS}=' '
+ {DHASH,UNISTRING,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' '
+ {PCRE,CARES,SYSTEMD_LOGIN,SASL,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' '
+ {NDR_NBT,SAMBA_UTIL,SMBCLIENT,NDR_KRB5PAC,JANSSON}_{CFLAGS,LIBS}=' '
# use native include path for dbus (needed for build)
DBUS_CFLAGS="${native_dbus_cflags}"
@@ -192,6 +236,7 @@ multilib_src_configure() {
# non-pkgconfig checks
ac_cv_lib_ldap_ldap_search=yes
--without-kcm
+ --without-manpages
)
fi
@@ -202,13 +247,10 @@ multilib_src_compile() {
if multilib_is_native_abi; then
default
use doc && emake docs
- if use man || use nls; then
- emake update-po
- fi
else
- emake libnss_sss.la pam_sss.la
- use locator && emake sssd_krb5_locator_plugin.la
- use pac && emake sssd_pac_plugin.la
+ emake libnss_sss.la pam_sss.la pam_sss_gss.la
+ emake sssd_krb5_locator_plugin.la
+ use samba && emake sssd_pac_plugin.la
fi
}
@@ -229,16 +271,15 @@ multilib_src_install() {
else
# easier than playing with automake...
dopammod .libs/pam_sss.so
+ dopammod .libs/pam_sss_gss.so
into /
dolib.so .libs/libnss_sss.so*
- if use locator; then
- exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
- doexe .libs/sssd_krb5_locator_plugin.so
- fi
+ exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
+ doexe .libs/sssd_krb5_locator_plugin.so
- if use pac; then
+ if use samba; then
exeinto /usr/$(get_libdir)/krb5/plugins/authdata
doexe .libs/sssd_pac_plugin.so
fi
@@ -271,7 +312,7 @@ multilib_src_install_all() {
# strip empty dirs
if ! use doc; then
rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die
- rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap,sss_simpleifp}_doc || die
+ rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap}_doc || die
fi
rm -r "${ED}"/run || die
@@ -281,6 +322,6 @@ multilib_src_install_all() {
pkg_postinst() {
elog "You must set up sssd.conf (default installed into /etc/sssd)"
elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
- elog "features. Please see howto in https://sssd.io/docs/design_pages/smartcard_authentication_require.html"
+ elog "features."
optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli
}
diff --git a/sys-auth/yubico-piv-tool/Manifest b/sys-auth/yubico-piv-tool/Manifest
index 6ed18642fc2e..af1e0303fc16 100644
--- a/sys-auth/yubico-piv-tool/Manifest
+++ b/sys-auth/yubico-piv-tool/Manifest
@@ -1 +1,2 @@
-DIST yubico-piv-tool-2.3.0.tar.gz 1329085 BLAKE2B b084982139012b4993a023078fd8ce7c106cb5c1e71475f26398012b86fc65e985a7c51300b3b122884e35327293737ed48b31bfdc83326dda9c9c05f2eb984d SHA512 72125df922e32322563e95286e04d19e56db9c6e66ae9003ae7dfffac47425b8b2bc7c71ecfa603f96f3a24c985fca1f436580dc579ff44196dcde7aeceee7f3
+DIST yubico-piv-tool-2.3.1.tar.gz 1315267 BLAKE2B 9b7d96129f3cab4fd68d18d0bbbf8dfa5fdda383ffb8099f898e23c99d0f1caf387a26cb9d01582521a070b93bac941b8a10faac736137cb72c86fbf5c95d2f8 SHA512 44cd9c482f2a2942d10a238ac2cb2d40df7cd11ddc27d6df88912512e956746b5634018b421d5cc4b947e4c36f9841898d5a08eb613bf22558089103dab95988
+DIST yubico-piv-tool-2.4.2.tar.gz 1332497 BLAKE2B ba08b19fe4659842fdfad06d662120a9d2858e25a56d56f63edc88e607c5b56a79f5ca90826fb8b78295e218ff1a728a168d04f330b7f640a9f3e804528320ed SHA512 032a91c9ac50cb5604a56ec0d0a84cf64bfff5440930a1643bddcd15cf02fc44d33d949286b2595eb4c196cb31050c13f507b32f3156d4600fdad46057b65b56
diff --git a/sys-auth/yubico-piv-tool/yubico-piv-tool-2.3.0.ebuild b/sys-auth/yubico-piv-tool/yubico-piv-tool-2.3.1.ebuild
index 10e8ccb2e7eb..1145a5ac9a67 100644
--- a/sys-auth/yubico-piv-tool/yubico-piv-tool-2.3.0.ebuild
+++ b/sys-auth/yubico-piv-tool/yubico-piv-tool-2.3.1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -11,7 +11,7 @@ SRC_URI="https://developers.yubico.com/${PN}/Releases/${P}.tar.gz"
LICENSE="BSD-2"
SLOT="0/2"
-KEYWORDS="amd64 ~riscv"
+KEYWORDS="amd64 ~arm64 ~riscv"
IUSE="test"
RESTRICT="!test? ( test )"
diff --git a/sys-auth/yubico-piv-tool/yubico-piv-tool-2.4.2.ebuild b/sys-auth/yubico-piv-tool/yubico-piv-tool-2.4.2.ebuild
new file mode 100644
index 000000000000..6e1c0cfda2c5
--- /dev/null
+++ b/sys-auth/yubico-piv-tool/yubico-piv-tool-2.4.2.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit cmake
+
+DESCRIPTION="Command-line tool and p11-kit module for the YubiKey PIV application"
+HOMEPAGE="https://developers.yubico.com/yubico-piv-tool/ https://github.com/Yubico/yubico-piv-tool"
+SRC_URI="https://developers.yubico.com/${PN}/Releases/${P}.tar.gz"
+
+LICENSE="BSD-2"
+SLOT="0/2"
+KEYWORDS="~amd64 ~arm64 ~riscv"
+IUSE="test"
+
+RESTRICT="!test? ( test )"
+
+RDEPEND="sys-apps/pcsc-lite
+ dev-libs/openssl:=[-bindist(-)]"
+DEPEND="${RDEPEND}
+ test? ( dev-libs/check )"
+BDEPEND="dev-util/gengetopt
+ sys-apps/help2man
+ virtual/pkgconfig"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.1.1-tests-optional.patch
+ "${FILESDIR}"/${PN}-2.1.1-ykcs11-threads.patch
+ "${FILESDIR}"/${PN}-2.3.0-no-Werror.patch
+)
+
+src_configure() {
+ local mycmakeargs=(
+ -DBUILD_STATIC_LIB=OFF
+ -DBUILD_TESTING=$(usex test)
+ )
+ cmake_src_configure
+}
+
+src_install() {
+ cmake_src_install
+
+ echo "module: ${EPREFIX}/usr/$(get_libdir)/libykcs11.so" > ${PN}.module \
+ || die "Failed to generate p11-kit module configuration"
+ insinto /usr/share/p11-kit/modules
+ doins ${PN}.module
+}
diff --git a/sys-auth/yubikey-personalization-gui/yubikey-personalization-gui-3.1.25.ebuild b/sys-auth/yubikey-personalization-gui/yubikey-personalization-gui-3.1.25.ebuild
index cefccbf1a2e9..1820a3871654 100644
--- a/sys-auth/yubikey-personalization-gui/yubikey-personalization-gui-3.1.25.ebuild
+++ b/sys-auth/yubikey-personalization-gui/yubikey-personalization-gui-3.1.25.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -11,7 +11,7 @@ SRC_URI="https://github.com/Yubico/yubikey-personalization-gui/archive/${P}.tar.
LICENSE="BSD-2"
SLOT="0"
-KEYWORDS="amd64"
+KEYWORDS="amd64 ~arm64"
IUSE="debug test"
RESTRICT="!test? ( test )"