diff options
Diffstat (limited to 'sys-auth')
42 files changed, 579 insertions, 907 deletions
diff --git a/sys-auth/AusweisApp2/AusweisApp2-1.24.4.ebuild b/sys-auth/AusweisApp2/AusweisApp2-1.26.3.ebuild index 851f0ef3cebe..5e3970ddaa02 100644 --- a/sys-auth/AusweisApp2/AusweisApp2-1.24.4.ebuild +++ b/sys-auth/AusweisApp2/AusweisApp2-1.26.3.ebuild @@ -1,4 +1,4 @@ -# Copyright 2020-2022 Gentoo Authors +# Copyright 2020-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 diff --git a/sys-auth/AusweisApp2/AusweisApp2-1.26.1.ebuild b/sys-auth/AusweisApp2/AusweisApp2-1.26.4.ebuild index f1b6cc8c799f..e5e3ddda4634 100644 --- a/sys-auth/AusweisApp2/AusweisApp2-1.26.1.ebuild +++ b/sys-auth/AusweisApp2/AusweisApp2-1.26.4.ebuild @@ -1,4 +1,4 @@ -# Copyright 2020-2022 Gentoo Authors +# Copyright 2020-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 diff --git a/sys-auth/AusweisApp2/Manifest b/sys-auth/AusweisApp2/Manifest index c6adf386fa02..a990dd8493b9 100644 --- a/sys-auth/AusweisApp2/Manifest +++ b/sys-auth/AusweisApp2/Manifest @@ -1,2 +1,2 @@ -DIST AusweisApp2-1.24.4.tar.gz 11482381 BLAKE2B 26bb34bcefbe4dfce4b30300e71fdab61afa3a30c4b17dd5d90abc4f0cbaca062f7d91f0d49a082a3436a43b3a880f3771e879774f22e35963a905485c8e3c7e SHA512 672b1e7a4543824afa241430b6784eef38273f32436451270c84d02617044b727691e3e15aa2ac09a06d3286a36e81c54c205f706a3db6c5cfabc48cf0a52c30 -DIST AusweisApp2-1.26.1.tar.gz 11488062 BLAKE2B a46dfc13bcbc6b6594732ff22bc41a35c587f659cea32e9c339dad9042c92ebf3c1591bd4b2c41ebed34c231b50d9aca1344e863de405af0ce54c5159b6d7c6f SHA512 ffad0d735adf963c3f4df054bd113f15d2dc0da59b77a91af676b5646f779dcc0d1d3a313d3a666dc406401cd154215ac7462ed0ecf97df69b8da19f799cdaf3 +DIST AusweisApp2-1.26.3.tar.gz 10842706 BLAKE2B b18fdc67a24cca5be866ce3f2d59133732a8086d3f5711ac81783e66010e1590e9e06106ff60b6fb20910060610e483a924169e67f51feb2c82ec876761e7a2e SHA512 67fb6653a15df0c6182953e5bad19513d29b1ca90699e4f32145ded7f2a157ef2f0e98f00392548ba680fc9b08a95c6b4a9d6bd23fed6f1a000a2ac1de4ff52b +DIST AusweisApp2-1.26.4.tar.gz 10874849 BLAKE2B 48af76cd6fcae0bf79967c45c5b5cd3588749737460c4486b637c8fdcc01fb424c6140ce38cba9607256f16049ce876dbc49c3733dec5494901c76f71c80b90f SHA512 435ea946e25aef4273699bdb446c02649b7d3292d781cd633297577c684dc5551a0ec716e26947336f4dda5dc30cd5795f87706f8300e400b4ccb3ffeef3988f diff --git a/sys-auth/elogind/elogind-246.10-r1.ebuild b/sys-auth/elogind/elogind-246.10-r1.ebuild deleted file mode 100644 index 545f56aa84e4..000000000000 --- a/sys-auth/elogind/elogind-246.10-r1.ebuild +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -if [[ ${PV} = *9999* ]]; then - EGIT_BRANCH="v241-stable" - EGIT_REPO_URI="https://github.com/elogind/elogind.git" - inherit git-r3 -else - SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86" -fi - -inherit linux-info meson pam udev xdg-utils - -DESCRIPTION="The systemd project's logind, extracted to a standalone package" -HOMEPAGE="https://github.com/elogind/elogind" - -LICENSE="CC0-1.0 LGPL-2.1+ public-domain" -SLOT="0" -IUSE="+acl audit debug doc +pam +policykit selinux" - -BDEPEND=" - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-util/gperf - dev-util/intltool - virtual/pkgconfig -" -DEPEND=" - audit? ( sys-process/audit ) - sys-apps/util-linux - sys-libs/libcap - virtual/libudev:= - acl? ( sys-apps/acl ) - pam? ( sys-libs/pam ) - selinux? ( sys-libs/libselinux ) -" -RDEPEND="${DEPEND} - !sys-apps/systemd -" -PDEPEND=" - sys-apps/dbus - policykit? ( sys-auth/polkit ) -" - -DOCS=( README.md src/libelogind/sd-bus/GVARIANT-SERIALIZATION ) - -PATCHES=( - "${FILESDIR}/${PN}-243.7-nodocs.patch" - "${FILESDIR}/${PN}-241.4-broken-test.patch" # bug 699116 - "${FILESDIR}/${P}-revert-polkit-automagic.patch" -) - -pkg_setup() { - local CONFIG_CHECK="~CGROUPS ~EPOLL ~INOTIFY_USER ~SIGNALFD ~TIMERFD" - - use kernel_linux && linux-info_pkg_setup -} - -src_prepare() { - default - xdg_environment_reset -} - -src_configure() { - local rccgroupmode="$(grep rc_cgroup_mode "${EPREFIX}"/etc/rc.conf | cut -d '"' -f 2)" - local cgroupmode="legacy" - - if [[ "xhybrid" = "x${rccgroupmode}" ]] ; then - cgroupmode="hybrid" - elif [[ "xunified" = "x${rccgroupmode}" ]] ; then - cgroupmode="unified" - fi - - local emesonargs=( - -Ddocdir="${EPREFIX}/usr/share/doc/${PF}" - -Dhtmldir="${EPREFIX}/usr/share/doc/${PF}/html" - -Dpamlibdir=$(getpam_mod_dir) - -Dudevrulesdir="${EPREFIX}$(get_udevdir)"/rules.d - --libdir="${EPREFIX}"/usr/$(get_libdir) - -Drootlibdir="${EPREFIX}"/$(get_libdir) - -Drootlibexecdir="${EPREFIX}"/$(get_libdir)/elogind - -Drootprefix="${EPREFIX}/" - -Dbashcompletiondir="${EPREFIX}/usr/share/bash-completion/completions" - -Dman=auto - -Dsmack=true - -Dcgroup-controller=openrc - -Ddefault-hierarchy=${cgroupmode} - -Ddefault-kill-user-processes=false - -Dacl=$(usex acl true false) - -Daudit=$(usex audit true false) - --buildtype $(usex debug debug release) - -Dhtml=$(usex doc auto false) - -Dpam=$(usex pam true false) - -Dselinux=$(usex selinux true false) - -Dutmp=$(usex elibc_musl false true) - ) - - meson_src_configure -} - -src_install() { - DOCS+=( src/libelogind/sd-bus/GVARIANT-SERIALIZATION ) - - meson_src_install - - newinitd "${FILESDIR}"/${PN}.init-r1 ${PN} - - sed -e "s|@libdir@|$(get_libdir)|" "${FILESDIR}"/${PN}.conf.in > ${PN}.conf || die - newconfd ${PN}.conf ${PN} -} - -pkg_postinst() { - if ! use pam; then - ewarn "${PN} will not be managing user logins/seats without USE=\"pam\"!" - ewarn "In other words, it will be useless for most applications." - ewarn - fi - if ! use policykit; then - ewarn "loginctl will not be able to perform privileged operations without" - ewarn "USE=\"policykit\"! That means e.g. no suspend or hibernate." - ewarn - fi - if [[ "$(rc-config list boot | grep elogind)" != "" ]]; then - elog "elogind is currently started from boot runlevel." - elif [[ "$(rc-config list default | grep elogind)" != "" ]]; then - ewarn "elogind is currently started from default runlevel." - ewarn "Please remove elogind from the default runlevel and" - ewarn "add it to the boot runlevel by:" - ewarn "# rc-update del elogind default" - ewarn "# rc-update add elogind boot" - else - elog "elogind is currently not started from any runlevel." - elog "You may add it to the boot runlevel by:" - elog "# rc-update add elogind boot" - elog - elog "Alternatively, you can leave elogind out of any" - elog "runlevel. It will then be started automatically" - if use pam; then - elog "when the first service calls it via dbus, or" - elog "the first user logs into the system." - else - elog "when the first service calls it via dbus." - fi - fi -} diff --git a/sys-auth/elogind/elogind-246.10-r2.ebuild b/sys-auth/elogind/elogind-246.10-r3.ebuild index 614ab85f2f98..532c0142c6d7 100644 --- a/sys-auth/elogind/elogind-246.10-r2.ebuild +++ b/sys-auth/elogind/elogind-246.10-r3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -27,7 +27,6 @@ BDEPEND=" app-text/docbook-xml-dtd:4.5 app-text/docbook-xsl-stylesheets dev-util/gperf - dev-util/intltool virtual/pkgconfig " DEPEND=" @@ -55,6 +54,7 @@ PATCHES=( "${FILESDIR}/${P}-revert-polkit-automagic.patch" "${FILESDIR}/${P}-clang-undefined-symbol.patch" "${FILESDIR}/${P}-loong.patch" + "${FILESDIR}/${P}-musl-selinux.patch" ) pkg_setup() { diff --git a/sys-auth/elogind/files/elogind-246.10-musl-selinux.patch b/sys-auth/elogind/files/elogind-246.10-musl-selinux.patch new file mode 100644 index 000000000000..c36861b983e2 --- /dev/null +++ b/sys-auth/elogind/files/elogind-246.10-musl-selinux.patch @@ -0,0 +1,99 @@ +https://bugs.gentoo.org/888912 +https://github.com/elogind/elogind/commit/ab72a46f3104f44a32ef7bec7439aa9d3b5f0fdc + +Rebased version to apply to 246.10 by concord@. + +From ab72a46f3104f44a32ef7bec7439aa9d3b5f0fdc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Fri, 9 Oct 2020 16:48:03 +0200 +Subject: [PATCH] basic/selinux: work around mallinfo deprecation + +Latest glibc has deprecated mallinfo(), so it might become unavailable at some point +in the future. There is malloc_info(), but it returns XML, ffs. I think the information +that we get from mallinfo() is quite useful, so let's use mallinfo() if available, and +not otherwise. +--- a/meson.build ++++ b/meson.build +@@ -617,6 +617,7 @@ foreach ident : [ + #include <unistd.h> + #include <signal.h> + #include <sys/wait.h>'''], ++ ['mallinfo', '''#include <malloc.h>'''], + ] + + have = cc.has_function(ident[0], prefix : ident[1], args : '-D_GNU_SOURCE') +--- a/src/basic/macro.h ++++ b/src/basic/macro.h +@@ -93,6 +93,10 @@ + #endif + + /* Temporarily disable some warnings */ ++#define DISABLE_WARNING_DEPRECATED_DECLARATIONS \ ++ _Pragma("GCC diagnostic push"); \ ++ _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"") ++ + #define DISABLE_WARNING_FORMAT_NONLITERAL \ + _Pragma("GCC diagnostic push"); \ + _Pragma("GCC diagnostic ignored \"-Wformat-nonliteral\"") +--- a/src/basic/selinux-util.c ++++ b/src/basic/selinux-util.c +@@ -72,12 +72,21 @@ void mac_selinux_retest(void) { + #endif + } + ++#if HAVE_MALLINFO ++static struct mallinfo mallinfo_nowarn(void) { ++ /* glibc has deprecated mallinfo(), but the replacement malloc_info() returns an XML blob ;=[ */ ++DISABLE_WARNING_DEPRECATED_DECLARATIONS ++ return mallinfo(); ++REENABLE_WARNING ++} ++#else ++# warning "mallinfo() is missing, add mallinfo2() support instead." ++#endif ++ + int mac_selinux_init(void) { + #if HAVE_SELINUX + usec_t before_timestamp, after_timestamp; +- struct mallinfo before_mallinfo, after_mallinfo; + char timespan[FORMAT_TIMESPAN_MAX]; +- int l; + + selinux_set_callback(SELINUX_CB_POLICYLOAD, (union selinux_callback) mac_selinux_reload); + +@@ -87,7 +96,9 @@ int mac_selinux_init(void) { + if (!mac_selinux_use()) + return 0; + +- before_mallinfo = mallinfo(); ++#if HAVE_MALLINFO ++ struct mallinfo before_mallinfo = mallinfo_nowarn(); ++#endif + before_timestamp = now(CLOCK_MONOTONIC); + + label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); +@@ -95,14 +107,17 @@ int mac_selinux_init(void) { + return log_enforcing_errno(errno, "Failed to initialize SELinux labeling handle: %m"); + + after_timestamp = now(CLOCK_MONOTONIC); +- after_mallinfo = mallinfo(); +- +- l = after_mallinfo.uordblks > before_mallinfo.uordblks ? after_mallinfo.uordblks - before_mallinfo.uordblks : 0; ++#if HAVE_MALLINFO ++ struct mallinfo after_mallinfo = mallinfo_nowarn(); ++ int l = after_mallinfo.uordblks > before_mallinfo.uordblks ? after_mallinfo.uordblks - before_mallinfo.uordblks : 0; + + log_debug("Successfully loaded SELinux database in %s, size on heap is %iK.", + format_timespan(timespan, sizeof(timespan), after_timestamp - before_timestamp, 0), +- (l+1023)/1024); +- ++ DIV_ROUND_UP(l, 1024)); ++#else ++ log_debug("Successfully loaded SELinux database in %s.", ++ format_timespan(timespan, sizeof(timespan), after_timestamp - before_timestamp, 0)); ++#endif + #endif + return 0; + } +-- +2.40.1 diff --git a/sys-auth/fprintd/fprintd-1.94.2.ebuild b/sys-auth/fprintd/fprintd-1.94.2.ebuild index 65065793fd36..fb78a5dd004a 100644 --- a/sys-auth/fprintd/fprintd-1.94.2.ebuild +++ b/sys-auth/fprintd/fprintd-1.94.2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -15,7 +15,7 @@ SRC_URI="https://gitlab.freedesktop.org/libfprint/${PN}/-/archive/v${PV}/${MY_P} LICENSE="GPL-2+" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86" +KEYWORDS="~alpha amd64 arm arm64 ~ia64 ppc ppc64 ~riscv sparc x86" IUSE="doc pam systemd test" RESTRICT="!test? ( test )" diff --git a/sys-auth/google-authenticator-libpam-hardened/google-authenticator-libpam-hardened-9999.ebuild b/sys-auth/google-authenticator-libpam-hardened/google-authenticator-libpam-hardened-9999.ebuild deleted file mode 100644 index 4858a2c5daa0..000000000000 --- a/sys-auth/google-authenticator-libpam-hardened/google-authenticator-libpam-hardened-9999.ebuild +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -EGIT_REPO_URI="https://github.com/mgorny/google-authenticator-libpam-hardened.git" -inherit autotools git-r3 - -DESCRIPTION="PAM Module for two step verification via mobile platform" -HOMEPAGE="https://github.com/mgorny/google-authenticator-libpam-hardened" - -LICENSE="Apache-2.0" -SLOT="0" -IUSE="+qrcode" - -DEPEND="sys-auth/oath-toolkit:= - sys-libs/pam - qrcode? ( media-gfx/qrencode:= )" -RDEPEND="${DEPEND} - !sys-auth/google-authenticator" - -src_prepare() { - default - eautoreconf -} - -src_configure() { - local myconf=( - # TODO: use getpam_mod_dir after fixing build system - --libdir="/$(get_libdir)" - - $(use_enable qrcode qrencode) - ) - - econf "${myconf[@]}" -} - -src_install() { - default - find "${D}" -name '*.la' -delete || die -} diff --git a/sys-auth/google-authenticator-libpam-hardened/metadata.xml b/sys-auth/google-authenticator-libpam-hardened/metadata.xml deleted file mode 100644 index 4cd1c0be385a..000000000000 --- a/sys-auth/google-authenticator-libpam-hardened/metadata.xml +++ /dev/null @@ -1,15 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> - <maintainer type="person"> - <email>mgorny@gentoo.org</email> - <name>Michał Górny</name> - </maintainer> - <use> - <flag name="qrcode">Display QRcode after setup to accomodate - automatic setup of OTP client apps.</flag> - </use> - <upstream> - <remote-id type="github">mgorny/google-authenticator-libpam-hardened</remote-id> - </upstream> -</pkgmetadata> diff --git a/sys-auth/libfprint/libfprint-1.94.5.ebuild b/sys-auth/libfprint/libfprint-1.94.5.ebuild index 13f4c1ce816b..3a9e78876af3 100644 --- a/sys-auth/libfprint/libfprint-1.94.5.ebuild +++ b/sys-auth/libfprint/libfprint-1.94.5.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -13,7 +13,7 @@ SRC_URI="https://gitlab.freedesktop.org/${PN}/${PN}/-/archive/v${PV}/${MY_P}.tar LICENSE="LGPL-2.1+" SLOT="2" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86" +KEYWORDS="~alpha amd64 arm arm64 ~ia64 ppc ppc64 ~riscv sparc x86" IUSE="examples gtk-doc +introspection" RDEPEND=" diff --git a/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.12-netdb-defines.patch b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.12-netdb-defines.patch new file mode 100644 index 000000000000..2036da4fd7b1 --- /dev/null +++ b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.12-netdb-defines.patch @@ -0,0 +1,26 @@ +Bug: https://bugs.gentoo.org/716272 + +--- a/nss/hosts.c ++++ b/nss/hosts.c +@@ -49,6 +49,9 @@ + *h_errnop = NO_RECOVERY; \ + return NSS_STATUS_UNAVAIL; + ++#ifndef NETDB_INTERNAL ++#define NETDB_INTERNAL -1 ++#endif + #undef ERROR_OUT_BUFERROR + #define ERROR_OUT_BUFERROR(fp) \ + *errnop = ERANGE; \ +--- a/nss/networks.c ++++ b/nss/networks.c +@@ -49,6 +49,9 @@ + *h_errnop = NO_RECOVERY; \ + return NSS_STATUS_UNAVAIL; + ++#ifndef NETDB_INTERNAL ++#define NETDB_INTERNAL -1 ++#endif + #undef ERROR_OUT_BUFERROR + #define ERROR_OUT_BUFERROR(fp) \ + *errnop = ERANGE; \ diff --git a/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild index bfb9799aa94f..0dc9f747f3cf 100644 --- a/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild +++ b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild @@ -12,7 +12,7 @@ SRC_URI="https://arthurdejong.org/${PN}/${P}.tar.gz" LICENSE="LGPL-2.1" SLOT="0" -KEYWORDS="amd64 ~ppc ~ppc64 x86" +KEYWORDS="amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc x86" IUSE="debug kerberos +pam pynslcd sasl test +utils" REQUIRED_USE=" utils? ( ${PYTHON_REQUIRED_USE} ) diff --git a/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r3.ebuild b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r3.ebuild new file mode 100644 index 000000000000..2f0098518878 --- /dev/null +++ b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r3.ebuild @@ -0,0 +1,163 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{9..11} ) +inherit autotools python-r1 s6 systemd tmpfiles multilib-minimal + +DESCRIPTION="NSS module for name lookups using LDAP" +HOMEPAGE="https://arthurdejong.org/nss-pam-ldapd/" +SRC_URI="https://arthurdejong.org/${PN}/${P}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~amd64 ~hppa ~ia64 ~sparc ~x86" +IUSE="debug kerberos +pam pynslcd sasl test +utils" +REQUIRED_USE=" + utils? ( ${PYTHON_REQUIRED_USE} ) + test? ( ${PYTHON_REQUIRED_USE} pynslcd ) +" +RESTRICT="!test? ( test )" + +RDEPEND=" + acct-group/nslcd + acct-user/nslcd + net-nds/openldap:=[${MULTILIB_USEDEP}] + sasl? ( dev-libs/cyrus-sasl[${MULTILIB_USEDEP}] ) + kerberos? ( virtual/krb5[${MULTILIB_USEDEP}] ) + sys-libs/pam[${MULTILIB_USEDEP}] + utils? ( ${PYTHON_DEPS} ) + pynslcd? ( + dev-python/python-ldap[${PYTHON_USEDEP}] + dev-python/python-daemon[${PYTHON_USEDEP}] + ) + elibc_musl? ( sys-libs/musl-nscd ) + !sys-auth/nss_ldap + !sys-auth/pam_ldap +" +DEPEND="${RDEPEND}" +BDEPEND=" + ${PYTHON_DEPS} + test? ( dev-python/pylint[${PYTHON_USEDEP}] ) +" + +PATCHES=( + "${FILESDIR}"/nss-pam-ldapd-0.9.4-disable-py3-only-linters.patch + "${FILESDIR}"/nss-pam-ldapd-0.9.11-use-mkstemp.patch + "${FILESDIR}"/nss-pam-ldapd-0.9.11-relative-imports.patch + "${FILESDIR}"/nss-pam-ldapd-0.9.11-tests.patch + "${FILESDIR}"/nss-pam-ldapd-0.9.11-tests-py39.patch + "${FILESDIR}"/nss-pam-ldapd-0.9.12-netdb-defines.patch +) + +pkg_setup() { + [[ ${MERGE_TYPE} != binary ]] && python_setup +} + +src_prepare() { + default + + touch pynslcd/__init__.py || die "Could not create __init__.py for pynslcd" + mv pynslcd/pynslcd.py pynslcd/main.py || die + + eautoreconf +} + +multilib_src_configure() { + local myconf=( + --disable-utils + --enable-warnings + --with-ldap-lib=openldap + --with-ldap-conf-file="${EPREFIX}"/etc/nslcd.conf + --with-nslcd-pidfile=/run/nslcd/nslcd.pid + --with-nslcd-socket=/run/nslcd/socket + --with-nss-flavour=glibc + $(use_enable pynslcd) + $(use_enable debug) + $(use_enable kerberos) + $(use_enable pam) + $(use_enable sasl) + + # nss libraries always go in /lib on Gentoo + --with-pam-seclib-dir="${EPREFIX}"/$(get_libdir)/security + --libdir="${EPREFIX}"/$(get_libdir) + ) + ECONF_SOURCE="${S}" econf "${myconf[@]}" +} + +multilib_src_test() { + python_test() { + cp -l "${S}"/pynslcd/*.py pynslcd/ || die "Could not copy python files for tests" + nonfatal emake check || die "tests failed with ${EPYTHON}" + } + + pushd "${BUILD_DIR}" >/dev/null || die + ln -s ../pynslcd/constants.py utils/constants.py || die + python_foreach_impl python_test + popd >/dev/null || die +} + +multilib_src_install() { + emake DESTDIR="${D}" install + + if use pynslcd; then + python_moduleinto pynslcd + python_foreach_impl python_domodule pynslcd/*.py + fi +} + +multilib_src_install_all() { + einstalldocs + + newinitd "${FILESDIR}"/nslcd.init nslcd + s6_install_service nslcd "${FILESDIR}"/nslcd.s6 + + insinto /usr/share/nss-pam-ldapd + doins "${WORKDIR}"/${P}/nslcd.conf + + fperms o-r /etc/nslcd.conf + + if use utils; then + python_moduleinto nslcd + python_foreach_impl python_domodule utils/*.py + + local script + for script in chsh getent; do + python_foreach_impl python_newscript utils/${script}.py ${script}.ldap + done + fi + if use pynslcd; then + rm -rf "${ED}"/usr/share/pynslcd || die + python_moduleinto pynslcd + python_foreach_impl python_domodule pynslcd/*.py + python_scriptinto /usr/sbin + python_foreach_impl python_newscript pynslcd/main.py pynslcd + newinitd "${FILESDIR}"/pynslcd.init pynslcd + fi + + newtmpfiles "${FILESDIR}"/nslcd-tmpfiles.conf nslcd.conf + systemd_newunit "${FILESDIR}"/nslcd.service nslcd.service +} + +pkg_postinst() { + tmpfiles_process nslcd.conf + + elog "For this to work you must configure /etc/nslcd.conf" + elog "This configuration is similar to pam_ldap's /etc/ldap.conf" + elog + elog "In order to use nss-pam-ldapd, nslcd needs to be running. You can" + elog "start it like this:" + elog " # /etc/init.d/nslcd start" + elog + elog "You can add it to the default runlevel like so:" + elog " # rc-update add nslcd default" + elog + elog "If you have >=sys-apps/openrc-0.16.3, you can also use s6" + elog "to supervise this service." + elog "To do this, emerge sys-apps/s6 then add nslcd-s6" + elog "default runlevel instead of nslcd." + elog + elog "If you are upgrading, keep in mind that /etc/nss-ldapd.conf" + elog " is now named /etc/nslcd.conf" +} diff --git a/sys-auth/oath-toolkit/Manifest b/sys-auth/oath-toolkit/Manifest index 5869f860e046..f462178014ea 100644 --- a/sys-auth/oath-toolkit/Manifest +++ b/sys-auth/oath-toolkit/Manifest @@ -1 +1 @@ -DIST oath-toolkit-2.6.2.tar.gz 4295786 BLAKE2B 2b97ab73339647b560b46373922095f18655a167b613b15d4ee2fd507d430025628d20eb111ff1d8025e78646b1d61d9680a7082caba1c75d247bb1d8b9b99dd SHA512 201a702a05a2e9fb3a66d04750e1a34e293342126caf02c344954a0d9fd0daafe73ca7f1fe273be129ae555a29b82b72fa2b4770ea2ad10711924e1926ec2cfb +DIST oath-toolkit-2.6.7.tar.gz 5625279 BLAKE2B 23f377c51eb633bf01d6085d33c7362cd91b6bed1cf4c2bbf32dc9433849e20c53f6896b16e5056b13f420f6a65a3c593fa1dafd7e184ed9e52666d94a7f75d1 SHA512 50edff75c8366887d69cf4740c4cc3bdfc3e43cbd4910ff40f735bca489f0953d7e5a21130f12782ac7a1f2fb00f0db313aff139085f23daba78a69bc7b2eb12 diff --git a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-gcc7.patch b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-gcc7.patch deleted file mode 100644 index 18a0a2779408..000000000000 --- a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-gcc7.patch +++ /dev/null @@ -1,80 +0,0 @@ -Bug: https://bugs.gentoo.org/618100 -Cherry-picked from upstream commits: https://github.com/coreutils/gnulib/commit/175b4e22f99e00996b72f822f5ae54dca8243d19 - https://github.com/coreutils/gnulib/commit/abae112b34572cd3869ce4fc81dddb5c2a7394c4 - ---- a/oathtool/gl/intprops.h -+++ b/oathtool/gl/intprops.h -@@ -23,6 +23,10 @@ - #include <limits.h> - #include <verify.h> - -+#ifndef __has_builtin -+# define __has_builtin(x) 0 -+#endif -+ - /* Return a value with the common real type of E and V and the value of V. */ - #define _GL_INT_CONVERT(e, v) (0 * (e) + (v)) - -@@ -222,20 +226,24 @@ - ? (a) < (min) >> (b) \ - : (max) >> (b) < (a)) - --/* True if __builtin_add_overflow (A, B, P) works when P is null. */ --#define _GL_HAS_BUILTIN_OVERFLOW_WITH_NULL (7 <= __GNUC__) -+/* True if __builtin_add_overflow (A, B, P) works when P is non-null. */ -+#define _GL_HAS_BUILTIN_OVERFLOW \ -+ (5 <= __GNUC__ || __has_builtin (__builtin_add_overflow)) -+ -+#define _GL_HAS_BUILTIN_OVERFLOW_P \ -+ (7 <= __GNUC__ || __has_builtin (__builtin_add_overflow_p)) - - /* The _GL*_OVERFLOW macros have the same restrictions as the - *_RANGE_OVERFLOW macros, except that they do not assume that operands - (e.g., A and B) have the same type as MIN and MAX. Instead, they assume - that the result (e.g., A + B) has that type. */ --#if _GL_HAS_BUILTIN_OVERFLOW_WITH_NULL --# define _GL_ADD_OVERFLOW(a, b, min, max) -- __builtin_add_overflow (a, b, (__typeof__ ((a) + (b)) *) 0) --# define _GL_SUBTRACT_OVERFLOW(a, b, min, max) -- __builtin_sub_overflow (a, b, (__typeof__ ((a) - (b)) *) 0) --# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) -- __builtin_mul_overflow (a, b, (__typeof__ ((a) * (b)) *) 0) -+#if _GL_HAS_BUILTIN_OVERFLOW_P -+# define _GL_ADD_OVERFLOW(a, b, min, max) \ -+ __builtin_add_overflow_p (a, b, (a) + (b)) -+# define _GL_SUBTRACT_OVERFLOW(a, b, min, max) \ -+ __builtin_sub_overflow_p (a, b, (a) - (b)) -+# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) \ -+ __builtin_mul_overflow_p (a, b, (a) * (b)) - #else - # define _GL_ADD_OVERFLOW(a, b, min, max) \ - ((min) < 0 ? INT_ADD_RANGE_OVERFLOW (a, b, min, max) \ -@@ -315,7 +323,7 @@ - _GL_BINARY_OP_OVERFLOW (a, b, _GL_ADD_OVERFLOW) - #define INT_SUBTRACT_OVERFLOW(a, b) \ - _GL_BINARY_OP_OVERFLOW (a, b, _GL_SUBTRACT_OVERFLOW) --#if _GL_HAS_BUILTIN_OVERFLOW_WITH_NULL -+#if _GL_HAS_BUILTIN_OVERFLOW || _GL_HAS_BUILTIN_OVERFLOW_P - # define INT_NEGATE_OVERFLOW(a) INT_SUBTRACT_OVERFLOW (0, a) - #else - # define INT_NEGATE_OVERFLOW(a) \ -@@ -349,10 +357,6 @@ - #define INT_MULTIPLY_WRAPV(a, b, r) \ - _GL_INT_OP_WRAPV (a, b, r, *, __builtin_mul_overflow, INT_MULTIPLY_OVERFLOW) - --#ifndef __has_builtin --# define __has_builtin(x) 0 --#endif -- - /* Nonzero if this compiler has GCC bug 68193 or Clang bug 25390. See: - https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68193 - https://llvm.org/bugs/show_bug.cgi?id=25390 -@@ -369,7 +373,7 @@ - the operation. BUILTIN is the builtin operation, and OVERFLOW the - overflow predicate. Return 1 if the result overflows. See above - for restrictions. */ --#if 5 <= __GNUC__ || __has_builtin (__builtin_add_overflow) -+#if _GL_HAS_BUILTIN_OVERFLOW - # define _GL_INT_OP_WRAPV(a, b, r, op, builtin, overflow) builtin (a, b, r) - #elif 201112 <= __STDC_VERSION__ && !_GL__GENERIC_BOGUS - # define _GL_INT_OP_WRAPV(a, b, r, op, builtin, overflow) \ diff --git a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-glibc228.patch b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-glibc228.patch deleted file mode 100644 index c43f7aee0fe7..000000000000 --- a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-glibc228.patch +++ /dev/null @@ -1,100 +0,0 @@ -diff -ruN oath-toolkit-2.6.2.orig/liboath/gl/fseeko.c oath-toolkit-2.6.2/liboath/gl/fseeko.c ---- oath-toolkit-2.6.2.orig/liboath/gl/fseeko.c 2016-08-27 13:15:06.000000000 +0200 -+++ oath-toolkit-2.6.2/liboath/gl/fseeko.c 2018-10-27 22:07:53.836832404 +0200 -@@ -1,18 +1,18 @@ - /* An fseeko() function that, together with fflush(), is POSIX compliant. -- Copyright (C) 2007-2016 Free Software Foundation, Inc. -+ Copyright (C) 2007-2018 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU Lesser General Public License as published by -- the Free Software Foundation; either version 2.1, or (at your option) -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- GNU Lesser General Public License for more details. -+ GNU General Public License for more details. - -- You should have received a copy of the GNU Lesser General Public License along -- with this program; if not, see <http://www.gnu.org/licenses/>. */ -+ You should have received a copy of the GNU General Public License along -+ with this program; if not, see <https://www.gnu.org/licenses/>. */ - - #include <config.h> - -@@ -33,9 +33,9 @@ - #endif - #if _GL_WINDOWS_64_BIT_OFF_T - # undef fseeko --# if HAVE__FSEEKI64 /* msvc, mingw64 */ -+# if HAVE__FSEEKI64 && HAVE_DECL__FSEEKI64 /* msvc, mingw since msvcrt8.0, mingw64 */ - # define fseeko _fseeki64 --# else /* mingw */ -+# else /* mingw before msvcrt8.0 */ - # define fseeko fseeko64 - # endif - #endif -@@ -47,12 +47,13 @@ - #endif - - /* These tests are based on fpurge.c. */ --#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ -+#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 -+ /* GNU libc, BeOS, Haiku, Linux libc5 */ - if (fp->_IO_read_end == fp->_IO_read_ptr - && fp->_IO_write_ptr == fp->_IO_write_base - && fp->_IO_save_base == NULL) - #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__ -- /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */ -+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */ - # if defined __SL64 && defined __SCLE /* Cygwin */ - if ((fp->_flags & __SL64) == 0) - { -@@ -80,7 +81,7 @@ - #elif defined __minix /* Minix */ - if (fp_->_ptr == fp_->_buf - && (fp_->_ptr == NULL || fp_->_count == 0)) --#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, NonStop Kernel */ -+#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, MSVC, NonStop Kernel, OpenVMS */ - if (fp_->_ptr == fp_->_base - && (fp_->_ptr == NULL || fp_->_cnt == 0)) - #elif defined __UCLIBC__ /* uClibc */ -@@ -117,18 +118,19 @@ - if (pos == -1) - { - #if defined __sferror || defined __DragonFly__ || defined __ANDROID__ -- /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */ -+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */ - fp_->_flags &= ~__SOFF; - #endif - return -1; - } - --#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ -+#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 -+ /* GNU libc, BeOS, Haiku, Linux libc5 */ - fp->_flags &= ~_IO_EOF_SEEN; - fp->_offset = pos; - #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__ -- /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */ --# if defined __CYGWIN__ || (defined __NetBSD__ && __NetBSD_Version__ >= 600000000) -+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */ -+# if defined __CYGWIN__ || (defined __NetBSD__ && __NetBSD_Version__ >= 600000000) || defined __minix - /* fp_->_offset is typed as an integer. */ - fp_->_offset = pos; - # else -@@ -150,8 +152,8 @@ - fp_->_flags &= ~__SEOF; - #elif defined __EMX__ /* emx+gcc */ - fp->_flags &= ~_IOEOF; --#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, NonStop Kernel */ -- fp->_flag &= ~_IOEOF; -+#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, MSVC, NonStop Kernel, OpenVMS */ -+ fp_->_flag &= ~_IOEOF; - #elif defined __MINT__ /* Atari FreeMiNT */ - fp->__offset = pos; - fp->__eof = 0; diff --git a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.7-new-xmlsec-tests.patch b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.7-new-xmlsec-tests.patch new file mode 100644 index 000000000000..a2ad292e19fc --- /dev/null +++ b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.7-new-xmlsec-tests.patch @@ -0,0 +1,74 @@ +https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/0ae59b9c72f69ee21044e736e292b73051df3272 + +From 0ae59b9c72f69ee21044e736e292b73051df3272 Mon Sep 17 00:00:00 2001 +From: Simon Josefsson <simon@josefsson.org> +Date: Sat, 12 Nov 2022 21:42:17 +0100 +Subject: [PATCH] Handle new libxmlsec on ArchLinux. + +--- a/libpskc/examples/pskc-hotp-signed.xml ++++ b/libpskc/examples/pskc-hotp-signed.xml +@@ -38,7 +38,8 @@ rIXbwqKhnBP943U4Ch31oEbZtbo+XRbiq11wv6dLNsi76TNGDqsjTKgEcSIYI6Vd + rMxnil6ChoIBvSSPGHhJuj1bW1EPW92JtIa6byrAj1m4RwSviQy2i65YoIdtrhRt + CWekj2zuL/0szv5rZMCCvxioOCA8znqELEPMfs0Aa/cACD2MZcC4gGXehNCvzYJr + TmB6lFpxP6f0g6eO7PVcqYN9NCwECxb5Cvx2j2uNlereY35/9oPR6YJx+V7sL+DB +-n6F0mN8OUAFxDamepKdGRApU8uZ35624o/I4</X509Certificate> ++n6F0mN8OUAFxDamepKdGRApU8uZ35624o/I4 ++</X509Certificate> + </X509Data> + </KeyInfo> + </Signature></KeyContainer> +--- a/pskctool/tests/pskc-all-signed.xml ++++ b/pskctool/tests/pskc-all-signed.xml +@@ -38,7 +38,8 @@ rIXbwqKhnBP943U4Ch31oEbZtbo+XRbiq11wv6dLNsi76TNGDqsjTKgEcSIYI6Vd + rMxnil6ChoIBvSSPGHhJuj1bW1EPW92JtIa6byrAj1m4RwSviQy2i65YoIdtrhRt + CWekj2zuL/0szv5rZMCCvxioOCA8znqELEPMfs0Aa/cACD2MZcC4gGXehNCvzYJr + TmB6lFpxP6f0g6eO7PVcqYN9NCwECxb5Cvx2j2uNlereY35/9oPR6YJx+V7sL+DB +-n6F0mN8OUAFxDamepKdGRApU8uZ35624o/I4</X509Certificate> ++n6F0mN8OUAFxDamepKdGRApU8uZ35624o/I4 ++</X509Certificate> + </X509Data> + </KeyInfo> + </Signature></KeyContainer> +--- a/pskctool/tests/tst_libexamples.sh ++++ b/pskctool/tests/tst_libexamples.sh +@@ -1,7 +1,7 @@ + #!/bin/sh + + # tst_libexamples.sh - keep pskctool output in GTK-DOC manual up to date +-# Copyright (C) 2012-2021 Simon Josefsson ++# Copyright (C) 2012-2022 Simon Josefsson + + # This program is free software: you can redistribute it and/or modify + # it under the terms of the GNU General Public License as published by +@@ -45,7 +45,8 @@ fi + + $PSKCTOOL --sign --sign-key $srcdir/pskc-ee-key.pem \ + --sign-crt $srcdir/pskc-ee-crt.pem \ +- $srcdir/../../libpskc/examples/pskc-hotp.xml > foo ++ $srcdir/../../libpskc/examples/pskc-hotp.xml \ ++ | sed 's,4</X509Cert,4\n</X509Cert,' > foo + if ! diff -ur $srcdir/../../libpskc/examples/pskc-hotp-signed.xml foo; then + echo "FAIL: pskctool --sign output change, commit updated file." + exit 1 +--- a/pskctool/tests/tst_sign.sh ++++ b/pskctool/tests/tst_sign.sh +@@ -1,7 +1,7 @@ + #!/bin/sh + + # tst_sign.sh - test that pskctool can sign and verify +-# Copyright (C) 2012-2021 Simon Josefsson ++# Copyright (C) 2012-2022 Simon Josefsson + + # This program is free software: you can redistribute it and/or modify + # it under the terms of the GNU General Public License as published by +@@ -32,7 +32,7 @@ $PSKCTOOL --info --strict --debug $pskc_all > tmp-pre-human.txt + $PSKCTOOL --sign \ + --sign-key $pskc_ee_key \ + --sign-crt $pskc_ee_crt \ +- $pskc_all > tmp-signed.xml ++ $pskc_all | sed 's,4</X509Cert,4\n</X509Cert,' > tmp-signed.xml + + diff -ur $pskc_all_signed tmp-signed.xml + +-- +GitLab diff --git a/sys-auth/oath-toolkit/metadata.xml b/sys-auth/oath-toolkit/metadata.xml index d230c8d03eb7..96a71f111315 100644 --- a/sys-auth/oath-toolkit/metadata.xml +++ b/sys-auth/oath-toolkit/metadata.xml @@ -9,7 +9,10 @@ <name>Gentoo Sysadmin Project</name> </maintainer> <use> - <flag name="pskc">Build tools & library for the Portable Symmetric Key Container (PSKC) format per RFC6030</flag> <flag name="pam">Build PAM module for pluggable login authentication for OATH</flag> </use> + <upstream> + <remote-id type="gitlab">oath-toolkit/oath-toolkit</remote-id> + <remote-id type="savannah-nongnu">oath-toolkit</remote-id> + </upstream> </pkgmetadata> diff --git a/sys-auth/oath-toolkit/oath-toolkit-2.6.2-r2.ebuild b/sys-auth/oath-toolkit/oath-toolkit-2.6.2-r2.ebuild deleted file mode 100644 index 0adab310261d..000000000000 --- a/sys-auth/oath-toolkit/oath-toolkit-2.6.2-r2.ebuild +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit pam autotools -DESCRIPTION="Toolkit for using one-time password authentication with HOTP/TOTP algorithms" -HOMEPAGE="http://www.nongnu.org/oath-toolkit/" -SRC_URI="http://download.savannah.gnu.org/releases/${PN}/${P}.tar.gz" - -LICENSE="GPL-3 LGPL-2.1" -SLOT="0" -KEYWORDS="amd64 arm arm64 ~loong ppc64 ~riscv x86" -IUSE="pam pskc static-libs test" -RESTRICT="!test? ( test )" - -RDEPEND=" - dev-libs/icu:= - pam? ( sys-libs/pam ) - pskc? ( dev-libs/xmlsec )" -DEPEND="${RDEPEND} - test? ( dev-libs/libxml2 ) - dev-util/gtk-doc-am" - -PATCHES=( - "${FILESDIR}"/${P}-gcc7.patch - "${FILESDIR}"/${P}-glibc228.patch -) - -src_prepare() { - default - - # Below files are verbatim copy. Effectively apply ${P}-gcc7.patch - # to all of them. - local s='oathtool/gl/intprops.h' d - for d in {liboath/gl/tests,libpskc/gl,pskctool/gl}/intprops.h; do - echo "Copy '${s}' to '${d}'" - cp "${s}" "${d}" || die - done - - # These tests need git/cvs and don't reflect anything in the final app - sed -i -r \ - -e '/TESTS/s,test-vc-list-files-(git|cvs).sh,,g' \ - gl/tests/Makefile.am - # disable portability warnings, caused by gtk-doc.make - sed -i \ - -e '/AM_INIT_AUTOMAKE/ s:-Wall:\0 -Wno-portability:' \ - {liboath,libpskc}/configure.ac - eautoreconf -} - -src_configure() { - econf \ - $(use_enable test xmltest ) \ - $(use_enable pam) \ - $(use_with pam pam-dir $(getpam_mod_dir)) \ - $(use_enable pskc) \ - $(use_enable static-libs static) -} - -src_test() { - # without keep-going, it will bail out after the first testsuite failure, - # skipping the other testsuites. as they are mostly independant, this sucks. - emake --keep-going check - [ $? -ne 0 ] && die "At least one testsuite failed" -} - -src_install() { - default - find "${ED}" -name '*.la' -type f -delete || die - if use pam; then - newdoc pam_oath/README README.pam - fi - if use pskc; then - doman pskctool/pskctool.1 - fi -} diff --git a/sys-auth/oath-toolkit/oath-toolkit-2.6.7-r2.ebuild b/sys-auth/oath-toolkit/oath-toolkit-2.6.7-r2.ebuild new file mode 100644 index 000000000000..fc1c4389b5cb --- /dev/null +++ b/sys-auth/oath-toolkit/oath-toolkit-2.6.7-r2.ebuild @@ -0,0 +1,69 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit pam + +DESCRIPTION="Toolkit for using one-time password authentication with HOTP/TOTP algorithms" +HOMEPAGE="https://www.nongnu.org/oath-toolkit/" +SRC_URI="mirror://nongnu/${PN}/${P}.tar.gz" + +LICENSE="GPL-3 LGPL-2.1" +SLOT="0" +KEYWORDS="amd64 arm arm64 ~loong ppc64 ~riscv x86" +IUSE="pam static-libs test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/icu:= + dev-libs/libxml2 + <dev-libs/xmlsec-1.3.0:= + pam? ( sys-libs/pam ) +" +RDEPEND="${DEPEND}" +BDEPEND=" + dev-util/gtk-doc-am + test? ( dev-libs/libxml2 ) +" + +PATCHES=( + "${FILESDIR}"/${P}-new-xmlsec-tests.patch +) + +QA_CONFIG_IMPL_DECL_SKIP=( + MIN # glibc fp +) + +src_configure() { + local myeconfargs=( + --enable-pskc + $(use_enable test xmltest) + $(use_enable pam) + $(use_with pam pam-dir $(getpam_mod_dir)) + $(use_enable static-libs static) + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + # Without keep-going, it will bail out after the first testsuite failure, + # skipping the other testsuites. as they are mostly independent, this sucks. + emake --keep-going check + + # Avoid errant QA notice for no tests run on these + rm -f libpskc/gtk-doc/test-suite.log liboath/gtk-doc/test-suite.log || die +} + +src_install() { + default + + find "${ED}" -name '*.la' -type f -delete || die + + if use pam; then + newdoc pam_oath/README README.pam + fi + + doman pskctool/pskctool.1 +} diff --git a/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild b/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild index a7f27816a591..8443daa54537 100644 --- a/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild +++ b/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild @@ -1,13 +1,13 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 inherit toolchain-funcs pam DESCRIPTION="Create per-user private temporary directories during login" -HOMEPAGE="http://www.openwall.com/pam/" -SRC_URI="http://www.openwall.com/pam/modules/${PN}/${P}.tar.gz" +HOMEPAGE="https://www.openwall.com/pam/" +SRC_URI="https://www.openwall.com/pam/modules/${PN}/${P}.tar.gz" LICENSE="BSD-2" # LICENSE file says "heavily cut-down 'BSD license'" SLOT="0" diff --git a/sys-auth/pam_p11/files/pam_p11-0.3.1-libressl.patch b/sys-auth/pam_p11/files/pam_p11-0.3.1-libressl.patch new file mode 100644 index 000000000000..e085e06e9006 --- /dev/null +++ b/sys-auth/pam_p11/files/pam_p11-0.3.1-libressl.patch @@ -0,0 +1,28 @@ +https://bugs.gentoo.org/903001 +https://github.com/OpenSC/pam_p11/pull/26 +https://github.com/OpenSC/pam_p11/commit/cb2f0c318c94e30addfce3b432ed91496a43e411 + +From b307045a93d042ac9e3871e35f8495e8bb201574 Mon Sep 17 00:00:00 2001 +From: orbea <orbea@riseup.net> +Date: Tue, 11 Apr 2023 07:29:12 -0700 +Subject: [PATCH] match_openssh: Fix the build for LibreSSL >= 3.0.0 + +Newer LibreSSL versions no longer need the older OpenSSL APIs. +--- + src/match_openssh.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/match_openssh.c b/src/match_openssh.c +index 89cbd73..fb59308 100644 +--- a/src/match_openssh.c ++++ b/src/match_openssh.c +@@ -22,7 +22,8 @@ + + #define OPENSSH_LINE_MAX 16384 /* from openssh SSH_MAX_PUBKEY_BYTES */ + +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3000000L) + void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) + { diff --git a/sys-auth/pam_p11/pam_p11-0.3.1.ebuild b/sys-auth/pam_p11/pam_p11-0.3.1.ebuild index 0322e3038be0..4b50c70d2edc 100644 --- a/sys-auth/pam_p11/pam_p11-0.3.1.ebuild +++ b/sys-auth/pam_p11/pam_p11-0.3.1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -20,6 +20,10 @@ RDEPEND="sys-libs/pam DEPEND="${RDEPEND}" BDEPEND="virtual/pkgconfig" +PATCHES=( + "${FILESDIR}/${P}-libressl.patch" #903001 +) + src_configure() { # Ugly way to work around deprecated declarations in openssl-3 append-cflags -Wno-error=deprecated-declarations diff --git a/sys-auth/pam_ssh/pam_ssh-2.3.ebuild b/sys-auth/pam_ssh/pam_ssh-2.3-r1.ebuild index 8279f8738cc1..d18636bda0c4 100644 --- a/sys-auth/pam_ssh/pam_ssh-2.3.ebuild +++ b/sys-auth/pam_ssh/pam_ssh-2.3-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -18,7 +18,7 @@ DEPEND="sys-libs/pam dev-libs/openssl:0=" RDEPEND="${DEPEND} - net-misc/openssh" + virtual/openssh" PATCHES=( # 503424#c5 diff --git a/sys-auth/pam_u2f/Manifest b/sys-auth/pam_u2f/Manifest index f7175d560ae8..f3f9f14b29ce 100644 --- a/sys-auth/pam_u2f/Manifest +++ b/sys-auth/pam_u2f/Manifest @@ -1,2 +1,3 @@ DIST pam_u2f-1.1.1.tar.gz 429822 BLAKE2B 8ed44f82295ea24fe30c5830971afd29a23b48e173c3cb69d3dcaf73b142de36f86087eaee69b1793a8846fdb2efc5530d52fa9f40e4357e6cd2ea9960b9bb39 SHA512 ca81c78e67c17c369117e9d38e50033eaa96e0b15673521db2c382de1aa2566f7406fb43801a5938758480966c5e7316943769db5be826983d3865710e0274c1 DIST pam_u2f-1.2.0.tar.gz 442214 BLAKE2B 17dadcb4325a130da67caf2fbf9bb2bf5d76706b28540ddda6ab8904ec5924d14fc752b7e079940989a8208d27fe0e5d46ea4365426debd5076588c51f46a60a SHA512 a00135e49b22dad5ec2513236a64dca67f04062fd8fa4c8d5ac7cb05d93b4d743ceb8ac5ee99a19667bdbfe8c0be9de904fb50110bed0b55ba8d5fd2aa5fcf28 +DIST pam_u2f-1.2.1.tar.gz 450747 BLAKE2B 6e20ad67d00fb4cb83b73a4bc96f5b2bd96c46ba800660face2f877006691723312c3d53d2db2a66f0a7c74e656960d43ef559dfdb47872f00acac1daf01d1c9 SHA512 c81b87dfd56221b3c842d9969b93bc194689b9eca52e855531830b8725135f533c902f0b56e88bed9944ab3047b0a3b08d62718c621b08f865867f38c300a83f diff --git a/sys-auth/pam_u2f/pam_u2f-1.2.1.ebuild b/sys-auth/pam_u2f/pam_u2f-1.2.1.ebuild new file mode 100644 index 000000000000..c63693e01365 --- /dev/null +++ b/sys-auth/pam_u2f/pam_u2f-1.2.1.ebuild @@ -0,0 +1,27 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit flag-o-matic pam + +DESCRIPTION="PAM module for FIDO2 and U2F keys" +HOMEPAGE="https://github.com/Yubico/pam-u2f" +SRC_URI="https://developers.yubico.com/${PN/_/-}/Releases/${P}.tar.gz" + +LICENSE="BSD ISC" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="debug" + +DEPEND=" + dev-libs/libfido2:= + dev-libs/openssl:= + sys-libs/pam" +RDEPEND="${DEPEND}" +BDEPEND="virtual/pkgconfig" + +src_configure() { + use debug || append-cppflags -UDEBUG_PAM -UPAM_DEBUG + econf --with-pam-dir=$(getpam_mod_dir) +} diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest index be9a62f75202..bc135558b202 100644 --- a/sys-auth/polkit/Manifest +++ b/sys-auth/polkit/Manifest @@ -1,2 +1 @@ -DIST polkit-121.tar.gz 743287 BLAKE2B 6ebda8fc866ef960281ef912a3d3c45572da3ba90a84026e386b78ced8eaadc6cfc0e88d6e5a75133bf99e28041f8b29b236bb0e9666dd1ffc43af2227a5cb2d SHA512 f565027b80f32833c558900b612e089ab25027da5bf9a90c421a292467d4db9a291f6dc9850c4bca8f9ee890d476fd064a643a5f7e28497661ba1e31d4227624 DIST polkit-122.tar.bz2 704972 BLAKE2B 601ed969de816d061a974b07490d64c144940898a75d4e1761462ee1ff0f00686b068298fa6fdc901879d8cd4bea4334c0187aa5bde50acf90728c37e73e21f4 SHA512 a7c0a951bbcdb09899adbc128296c74fc062441e996f4d6a782b214178f0936137e2fdc489eaa86a00599b988711735a5bd9b5c3b93bdb42fb915db9f9b04e26 diff --git a/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch deleted file mode 100644 index 2922b8606648..000000000000 --- a/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch +++ /dev/null @@ -1,231 +0,0 @@ -Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch. - -https://bugs.gentoo.org/833753 -https://bugs.gentoo.org/561672 -https://bugs.freedesktop.org/show_bug.cgi?id=50145 -https://gitlab.freedesktop.org/polkit/polkit/-/issues/14 - -Patch has been rebased a bit since but keeping original headers. - -From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001 -From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> -Date: Wed, 11 Jul 2018 04:54:26 -0500 -Subject: [PATCH] make netgroup support optional - -On at least Linux/musl and Linux/uclibc, netgroup support is not -available. PolKit fails to compile on these systems for that reason. - -This change makes netgroup support conditional on the presence of the -setnetgrent(3) function which is required for the support to work. If -that function is not available on the system, an error will be returned -to the administrator if unix-netgroup: is specified in configuration. - -Fixes bug 50145. - -Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com> ---- a/meson.build -+++ b/meson.build -@@ -89,6 +89,7 @@ config_h.set('_GNU_SOURCE', true) - check_functions = [ - 'clearenv', - 'fdatasync', -+ 'setnetgrent', - ] - - foreach func: check_functions ---- a/src/polkit/polkitidentity.c -+++ b/src/polkit/polkitidentity.c -@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, - } - else if (g_str_has_prefix (str, "unix-netgroup:")) - { -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine ('%s')", -+ str); -+#else - identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); -+#endif - } - - if (identity == NULL && (error != NULL && *error == NULL)) -@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, - GVariant *v; - const char *name; - -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine"); -+ goto out; -+#else -+ - v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); - if (v == NULL) - { -@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, - name = g_variant_get_string (v, NULL); - ret = polkit_unix_netgroup_new (name); - g_variant_unref (v); -+#endif - } - else - { ---- a/src/polkit/polkitunixnetgroup.c -+++ b/src/polkit/polkitunixnetgroup.c -@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, - PolkitIdentity * - polkit_unix_netgroup_new (const gchar *name) - { -+#ifndef HAVE_SETNETGRENT -+ g_assert_not_reached(); -+#endif - g_return_val_if_fail (name != NULL, NULL); - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, - "name", name, ---- a/src/polkitbackend/polkitbackendduktapeauthority.c -+++ b/src/polkitbackend/polkitbackendduktapeauthority.c -@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) - - user = duk_require_string (cx, 0); - netgroup = duk_require_string (cx, 1); -- -+#ifdef HAVE_SETNETGRENT - if (innetgr (netgroup, - NULL, /* host */ - user, -@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) - { - is_in_netgroup = TRUE; - } -- -+#endif - duk_push_boolean (cx, is_in_netgroup); - return 1; - } ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -2248,25 +2248,26 @@ get_users_in_net_group (PolkitIdentity *group, - GList *ret; - - ret = NULL; -+#ifdef HAVE_SETNETGRENT - name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); - --#ifdef HAVE_SETNETGRENT_RETURN -+# ifdef HAVE_SETNETGRENT_RETURN - if (setnetgrent (name) == 0) - { - g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); - goto out; - } --#else -+# else - setnetgrent (name); --#endif -+# endif /* HAVE_SETNETGRENT_RETURN */ - - for (;;) - { --#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) -+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) - const char *hostname, *username, *domainname; --#else -+# else - char *hostname, *username, *domainname; --#endif -+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ - PolkitIdentity *user; - GError *error = NULL; - -@@ -2297,6 +2298,7 @@ get_users_in_net_group (PolkitIdentity *group, - - out: - endnetgrent (); -+#endif /* HAVE_SETNETGRENT */ - return ret; - } - ---- a/src/polkitbackend/polkitbackendjsauthority.cpp -+++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -1271,6 +1271,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - - JS::CallArgs args = JS::CallArgsFromVp (argc, vp); - -+#ifdef HAVE_SETNETGRENT - JS::RootedString usrstr (authority->priv->cx); - usrstr = args[0].toString(); - user = JS_EncodeStringToUTF8 (cx, usrstr); -@@ -1285,6 +1286,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - { - is_in_netgroup = true; - } -+#endif - - ret = true; - ---- a/test/polkit/polkitidentitytest.c -+++ b/test/polkit/polkitidentitytest.c -@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = { - {"unix-group:root", "unix-group:jane", FALSE}, - {"unix-group:jane", "unix-group:jane", TRUE}, - -+#ifdef HAVE_SETNETGRENT - {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, - {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, -+#endif - - {"unix-user:root", "unix-group:root", FALSE}, -+#ifdef HAVE_SETNETGRENT - {"unix-user:jane", "unix-netgroup:foo", FALSE}, -+#endif - - {NULL}, - }; -@@ -181,11 +185,13 @@ main (int argc, char *argv[]) - g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); - g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); - -+#ifdef HAVE_SETNETGRENT - g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); -+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); -+#endif - - g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); - g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); -- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); - - add_comparison_tests (); - ---- a/test/polkit/polkitunixnetgrouptest.c -+++ b/test/polkit/polkitunixnetgrouptest.c -@@ -69,7 +69,9 @@ int - main (int argc, char *argv[]) - { - g_test_init (&argc, &argv, NULL); -+#ifdef HAVE_SETNETGRENT - g_test_add_func ("/PolkitUnixNetgroup/new", test_new); - g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); -+#endif - return g_test_run (); - } ---- a/test/polkitbackend/test-polkitbackendjsauthority.c -+++ b/test/polkitbackend/test-polkitbackendjsauthority.c -@@ -137,12 +137,14 @@ test_get_admin_identities (void) - "unix-group:users" - } - }, -+#ifdef HAVE_SETNETGRENT - { - "net.company.action3", - { - "unix-netgroup:foo" - } - }, -+#endif - }; - guint n; - diff --git a/sys-auth/polkit/polkit-121.ebuild b/sys-auth/polkit/polkit-121.ebuild deleted file mode 100644 index 781e76f6deb9..000000000000 --- a/sys-auth/polkit/polkit-121.ebuild +++ /dev/null @@ -1,152 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{9..11} ) -inherit meson pam pax-utils python-any-r1 systemd xdg-utils - -DESCRIPTION="Policy framework for controlling privileges for system-wide services" -HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" -if [[ ${PV} == *_p* ]] ; then - # Upstream don't make releases very often. Test snapshots throughly - # and review commits, but don't shy away if there's useful stuff there - # we want. - MY_COMMIT="" - SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2" - - S="${WORKDIR}"/${PN}-${MY_COMMIT} -else - SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz" - - S="${WORKDIR}"/${PN}-v.${PV} -fi - -LICENSE="LGPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" -IUSE="+duktape examples gtk +introspection kde pam selinux systemd test" -RESTRICT="!test? ( test )" - -# This seems to be fixed with 121? -#if [[ ${PV} == *_p* ]] ; then -# RESTRICT="!test? ( test )" -#else -# # Tests currently don't work with meson in the dist tarballs. See -# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144 -# RESTRICT="test" -#fi - -BDEPEND=" - acct-user/polkitd - app-text/docbook-xml-dtd:4.1.2 - app-text/docbook-xsl-stylesheets - dev-libs/glib - dev-libs/gobject-introspection-common - dev-libs/libxslt - dev-util/glib-utils - sys-devel/gettext - virtual/pkgconfig - introspection? ( dev-libs/gobject-introspection ) - test? ( - $(python_gen_any_dep ' - dev-python/dbus-python[${PYTHON_USEDEP}] - dev-python/python-dbusmock[${PYTHON_USEDEP}] - ') - ) -" -DEPEND=" - dev-libs/glib:2 - dev-libs/expat - duktape? ( dev-lang/duktape:= ) - !duktape? ( dev-lang/spidermonkey:91[-debug] ) - pam? ( - sys-auth/pambase - sys-libs/pam - ) - !pam? ( virtual/libcrypt:= ) - systemd? ( sys-apps/systemd:0=[policykit] ) - !systemd? ( sys-auth/elogind ) -" -RDEPEND="${DEPEND} - acct-user/polkitd - selinux? ( sec-policy/selinux-policykit ) -" -PDEPEND=" - gtk? ( || ( - >=gnome-extra/polkit-gnome-0.105 - >=lxde-base/lxsession-0.5.2 - ) ) - kde? ( kde-plasma/polkit-kde-agent ) -" - -DOCS=( docs/TODO HACKING.md NEWS.md README.md ) - -QA_MULTILIB_PATHS=" - usr/lib/polkit-1/polkit-agent-helper-1 - usr/lib/polkit-1/polkitd" - -python_check_deps() { - python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && - python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" -} - -pkg_setup() { - use test && python-any-r1_pkg_setup -} - -src_prepare() { - local PATCHES=( - # musl - "${FILESDIR}"/${PN}-0.120_p20220509-make-netgroup-support-optional.patch - ) - - default - - # bug #401513 - sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die -} - -src_configure() { - xdg_environment_reset - - local emesonargs=( - --localstatedir="${EPREFIX}"/var - -Dauthfw="$(usex pam pam shadow)" - -Dexamples=false - -Dgtk_doc=false - -Dman=true - -Dos_type=gentoo - -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" - -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" - -Djs_engine=$(usex duktape duktape mozjs) - $(meson_use introspection) - $(meson_use test tests) - $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') - ) - meson_src_configure -} - -src_compile() { - meson_src_compile - - # Required for polkitd on hardened/PaX due to spidermonkey's JIT - pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest -} - -src_install() { - meson_src_install - - if use examples ; then - docinto examples - dodoc src/examples/{*.c,*.policy*} - fi - - diropts -m 0700 -o polkitd - keepdir /usr/share/polkit-1/rules.d -} - -pkg_postinst() { - chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d - chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d -} diff --git a/sys-auth/polkit/polkit-122.ebuild b/sys-auth/polkit/polkit-122-r1.ebuild index 0752a39d7734..fc80a36e0f16 100644 --- a/sys-auth/polkit/polkit-122.ebuild +++ b/sys-auth/polkit/polkit-122-r1.ebuild @@ -22,7 +22,7 @@ fi LICENSE="LGPL-2" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" # https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction RESTRICT="!test? ( test ) test" @@ -144,11 +144,17 @@ src_install() { dodoc src/examples/{*.c,*.policy*} fi - diropts -m 0700 -o polkitd - keepdir /usr/share/polkit-1/rules.d + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi } pkg_postinst() { - chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d - chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi } diff --git a/sys-auth/realtime-base/realtime-base-0.1-r1.ebuild b/sys-auth/realtime-base/realtime-base-0.1-r1.ebuild index 5cea0efc327f..4f8202ec7a5b 100644 --- a/sys-auth/realtime-base/realtime-base-0.1-r1.ebuild +++ b/sys-auth/realtime-base/realtime-base-0.1-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -9,7 +9,7 @@ SRC_URI="" LICENSE="public-domain" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ppc ppc64 ~riscv ~s390 sparc x86" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" IUSE="" DEPEND="" diff --git a/sys-auth/skey/Manifest b/sys-auth/skey/Manifest index 4c3e9cb73c37..05a20e091d3e 100644 --- a/sys-auth/skey/Manifest +++ b/sys-auth/skey/Manifest @@ -1,2 +1,2 @@ -DIST skey-1.1.5-patches-6.tar.xz 34108 BLAKE2B 410dbe673e0a32a4c3fd0610f898057e7b3afcc0d0fd124683033790f9c518bf89486f13e8d87825c0959ff34e91eae82df6ba3b79c1dcb99a34d5657036d5a6 SHA512 2c807675cdd6b800f03427d79d616f59ac9d4d438221913328ec92e5dd13af185f74a24e17d36af8d49a51c4ecc5b24ef198489acce416d829e8aacf5d3c208a +DIST skey-1.1.5-patches-7.tar.xz 34412 BLAKE2B 77c37b71e80a629dc24996a496ac870d8ad431268bc8eff188ffe09fda6c52b4169aae6e16d31897658e003c1565176f5b8bdd7052795b372c47e49258a7d8ff SHA512 a73f0772883cfb8a6cd7acabd0d005e723952c4eb3b83d27b5c321737e38a4b4b65be0e7cb1b4fb5d040e315b3c36f6f4ca96f20ad8564617e694e9373fa060d DIST skey-1.1.5.tar.bz2 61911 BLAKE2B 6226a91f4018bee5796bf60339dc8554324a044eef18a69ea176d060cb4af90779cafaee58f42ad7a6e433b94da8de6e5e4d1ee9362904966fd0872d5ac3ccce SHA512 4cbddc7e31134d5e23801a9b07de0d05c8357aaa8dddfb8426fceead3f54e539f77204f78a08b2a93890ef2f4f807a2208080f58f80818afa1b8cd4884b1fb37 diff --git a/sys-auth/skey/skey-1.1.5-r13.ebuild b/sys-auth/skey/skey-1.1.5-r14.ebuild index ffd30c0f335d..813f7155f171 100644 --- a/sys-auth/skey/skey-1.1.5-r13.ebuild +++ b/sys-auth/skey/skey-1.1.5-r14.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -8,7 +8,7 @@ inherit autotools readme.gentoo-r1 toolchain-funcs usr-ldscript DESCRIPTION="Linux Port of OpenBSD Single-key Password System" HOMEPAGE="https://web.archive.org/web/20160710152027/http://www.openbsd.org:80/faq/faq8.html#SKey" SRC_URI="mirror://gentoo/${P}.tar.bz2 - https://dev.gentoo.org/~ulm/distfiles/${P}-patches-6.tar.xz" + https://dev.gentoo.org/~ulm/distfiles/${P}-patches-7.tar.xz" LICENSE="BSD MIT RSA BEER-WARE" SLOT="0" diff --git a/sys-auth/solo1/solo1-0.1.1.ebuild b/sys-auth/solo1/solo1-0.1.1-r1.ebuild index 0ab44c710e95..adb8f5c22183 100644 --- a/sys-auth/solo1/solo1-0.1.1.ebuild +++ b/sys-auth/solo1/solo1-0.1.1-r1.ebuild @@ -3,14 +3,13 @@ EAPI=8 -PYTHON_COMPAT=( python3_{9..10} ) +PYTHON_COMPAT=( python3_{9..11} ) DISTUTILS_USE_PEP517=flit -inherit distutils-r1 +inherit distutils-r1 pypi DESCRIPTION="CLI and Python library for SoloKeys Solo 1" HOMEPAGE="https://github.com/solokeys/solo1-cli" -SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" LICENSE="Apache-2.0 MIT" SLOT="0" diff --git a/sys-auth/ssh-import-id/metadata.xml b/sys-auth/ssh-import-id/metadata.xml index fd9ff4351985..77b851e114a2 100644 --- a/sys-auth/ssh-import-id/metadata.xml +++ b/sys-auth/ssh-import-id/metadata.xml @@ -6,4 +6,7 @@ <name>Piotr Karbowski</name> </maintainer> <stabilize-allarches/> + <upstream> + <remote-id type="launchpad">ssh-import-id</remote-id> + </upstream> </pkgmetadata> diff --git a/sys-auth/ssh-import-id/ssh-import-id-5.11-r1.ebuild b/sys-auth/ssh-import-id/ssh-import-id-5.11-r1.ebuild new file mode 100644 index 000000000000..ddde94c6da84 --- /dev/null +++ b/sys-auth/ssh-import-id/ssh-import-id-5.11-r1.ebuild @@ -0,0 +1,28 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{9..11} ) +DISTUTILS_USE_PEP517=setuptools + +inherit distutils-r1 + +DESCRIPTION="Utility to securely retrieve an SSH public key and install it locally" +HOMEPAGE="https://launchpad.net/ssh-import-id" +SRC_URI="https://launchpad.net/${PN}/trunk/${PV}/+download/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha amd64 arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 sparc x86" +IUSE="" + +DEPEND="${PYTHON_DEPS}" +RDEPEND=" + dev-python/distro[${PYTHON_USEDEP}] +" + +src_install() { + distutils-r1_src_install + doman usr/share/man/man1/ssh-import-id.1 +} diff --git a/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.4.0.ebuild b/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.4.0.ebuild index 1f5cd230ec5a..8d42ae8afb8a 100644 --- a/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.4.0.ebuild +++ b/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.4.0.ebuild @@ -4,7 +4,7 @@ EAPI=7 DISTUTILS_USE_PEP517=setuptools -PYTHON_COMPAT=( python3_{9..10} ) +PYTHON_COMPAT=( python3_{9..11} ) inherit distutils-r1 DESCRIPTION="Utility to manage SSH public keys stored in LDAP" @@ -23,21 +23,16 @@ LICENSE="MIT" SLOT="0" IUSE="schema" -MY_CDEPEND="dev-python/docopt[${PYTHON_USEDEP}] +RDEPEND="dev-python/docopt[${PYTHON_USEDEP}] >=dev-python/python-ldap-3.0[${PYTHON_USEDEP}] virtual/logger" -DEPEND="${MY_CDEPEND} +DEPEND="${RDEPEND} dev-python/setuptools[${PYTHON_USEDEP}] test? ( dev-python/pytest-describe[${PYTHON_USEDEP}] dev-python/pytest-mock[${PYTHON_USEDEP}] )" -# We need to block previous net-misc/openssh packages -# to avoid file collision on "/etc/openldap/schema/openssh-lpk.schema" -RDEPEND="${MY_CDEPEND} - schema? ( !net-misc/openssh[ldap(-)] )" - DOCS=( README.md CHANGELOG.adoc ) distutils_enable_tests pytest diff --git a/sys-auth/sssd/metadata.xml b/sys-auth/sssd/metadata.xml index 1de148797929..36a8e6c631a2 100644 --- a/sys-auth/sssd/metadata.xml +++ b/sys-auth/sssd/metadata.xml @@ -5,10 +5,6 @@ <email>base-system@gentoo.org</email> <name>Gentoo Base System</name> </maintainer> - <maintainer type="person"> - <email>alexxy@gentoo.org</email> - <name>Alexey Shvetsov</name> - </maintainer> <use> <flag name="acl"> Build and use the cifsidmap plugin</flag> <flag name="locator">Install sssd's Kerberos plugin</flag> @@ -17,7 +13,6 @@ <flag name="pac">Add Privileged Attribute Certificate Support for Kerberos</flag> <flag name="sudo">Build helper to let <pkg>app-admin/sudo</pkg> use sssd provided information</flag> <flag name="systemtap">Enable SystemTAP/DTrace tracing</flag> - <flag name="valgrind">Depend on <pkg>dev-util/valgrind</pkg> for test suite</flag> </use> <upstream> <remote-id type="cpe">cpe:/a:fedoraproject:sssd</remote-id> diff --git a/sys-auth/sssd/sssd-2.5.2-r3.ebuild b/sys-auth/sssd/sssd-2.5.2-r3.ebuild index ffbaa9bb9aea..c74bc5252e9e 100644 --- a/sys-auth/sssd/sssd-2.5.2-r3.ebuild +++ b/sys-auth/sssd/sssd-2.5.2-r3.ebuild @@ -3,7 +3,7 @@ EAPI=7 -PYTHON_COMPAT=( python3_{9..10} ) +PYTHON_COMPAT=( python3_{9..11} ) inherit autotools linux-info multilib-minimal python-single-r1 pam systemd toolchain-funcs optfeature @@ -15,13 +15,12 @@ SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-CVE-2021 LICENSE="GPL-3" SLOT="0" KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc x86" -IUSE="acl doc +locator +netlink nfsv4 nls +man pac python samba selinux sudo systemd systemtap test valgrind" +IUSE="acl doc +locator +netlink nfsv4 nls +man pac python samba selinux sudo systemd systemtap test" RESTRICT="!test? ( test )" REQUIRED_USE="${PYTHON_REQUIRED_USE} pac? ( samba ) - test? ( sudo ) - valgrind? ( test )" + test? ( sudo )" BDEPEND=">=sys-devel/autoconf-2.69-r5 virtual/pkgconfig @@ -36,7 +35,6 @@ BDEPEND=">=sys-devel/autoconf-2.69-r5 sys-libs/nss_wrapper sys-libs/pam_wrapper sys-libs/uid_wrapper - valgrind? ( dev-util/valgrind ) ) man? ( app-text/docbook-xml-dtd:4.4 @@ -158,6 +156,8 @@ multilib_src_configure() { --with-unicode-lib="glib2" --disable-rpath --disable-static + # Valgrind is only used for tests + --disable-valgrind --sbindir=/usr/sbin --enable-local-provider $(multilib_native_use_with systemd kcm) @@ -177,7 +177,6 @@ multilib_src_configure() { $(multilib_native_with autofs) $(multilib_native_with ssh) $(use_enable systemtap) - $(use_enable valgrind) --without-python2-bindings $(multilib_native_use_with python python3-bindings) ) diff --git a/sys-auth/sssd/sssd-2.6.0-r2.ebuild b/sys-auth/sssd/sssd-2.6.0-r2.ebuild index 16066e1d4f25..ed2f740d4b06 100644 --- a/sys-auth/sssd/sssd-2.6.0-r2.ebuild +++ b/sys-auth/sssd/sssd-2.6.0-r2.ebuild @@ -3,7 +3,7 @@ EAPI=7 -PYTHON_COMPAT=( python3_{9..10} ) +PYTHON_COMPAT=( python3_{9..11} ) inherit autotools linux-info multilib-minimal optfeature python-single-r1 pam systemd toolchain-funcs @@ -13,13 +13,12 @@ SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz" LICENSE="GPL-3" SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" -IUSE="acl doc +locator +netlink nfsv4 nls +man pac python samba selinux sudo systemd systemtap test valgrind" +KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc x86" +IUSE="acl doc +locator +netlink nfsv4 nls +man pac python samba selinux sudo systemd systemtap test" REQUIRED_USE=" pac? ( samba ) python? ( ${PYTHON_REQUIRED_USE} ) - test? ( sudo ) - valgrind? ( test )" + test? ( sudo )" RESTRICT="!test? ( test )" DEPEND=" @@ -75,7 +74,6 @@ BDEPEND=" sys-libs/nss_wrapper sys-libs/pam_wrapper sys-libs/uid_wrapper - valgrind? ( dev-util/valgrind ) ) man? ( app-text/docbook-xml-dtd:4.4 @@ -148,6 +146,8 @@ multilib_src_configure() { --with-os=gentoo --disable-rpath --disable-static + # Valgrind is only used for tests + --disable-valgrind --sbindir="${EPREFIX}"/usr/sbin $(multilib_native_use_with systemd kcm) $(use_with samba) @@ -165,7 +165,6 @@ multilib_src_configure() { $(multilib_native_with autofs) $(multilib_native_with ssh) $(use_enable systemtap) - $(use_enable valgrind) --without-python2-bindings $(multilib_native_use_with python python3-bindings) # Annoyingly configure requires that you pick systemd XOR sysv diff --git a/sys-auth/yubico-piv-tool/Manifest b/sys-auth/yubico-piv-tool/Manifest index 6ed18642fc2e..096d74301322 100644 --- a/sys-auth/yubico-piv-tool/Manifest +++ b/sys-auth/yubico-piv-tool/Manifest @@ -1 +1 @@ -DIST yubico-piv-tool-2.3.0.tar.gz 1329085 BLAKE2B b084982139012b4993a023078fd8ce7c106cb5c1e71475f26398012b86fc65e985a7c51300b3b122884e35327293737ed48b31bfdc83326dda9c9c05f2eb984d SHA512 72125df922e32322563e95286e04d19e56db9c6e66ae9003ae7dfffac47425b8b2bc7c71ecfa603f96f3a24c985fca1f436580dc579ff44196dcde7aeceee7f3 +DIST yubico-piv-tool-2.3.1.tar.gz 1315267 BLAKE2B 9b7d96129f3cab4fd68d18d0bbbf8dfa5fdda383ffb8099f898e23c99d0f1caf387a26cb9d01582521a070b93bac941b8a10faac736137cb72c86fbf5c95d2f8 SHA512 44cd9c482f2a2942d10a238ac2cb2d40df7cd11ddc27d6df88912512e956746b5634018b421d5cc4b947e4c36f9841898d5a08eb613bf22558089103dab95988 diff --git a/sys-auth/yubico-piv-tool/yubico-piv-tool-2.3.0.ebuild b/sys-auth/yubico-piv-tool/yubico-piv-tool-2.3.1.ebuild index 10e8ccb2e7eb..1747ca4e258c 100644 --- a/sys-auth/yubico-piv-tool/yubico-piv-tool-2.3.0.ebuild +++ b/sys-auth/yubico-piv-tool/yubico-piv-tool-2.3.1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 |