diff options
Diffstat (limited to 'sys-auth')
116 files changed, 2714 insertions, 1135 deletions
diff --git a/sys-auth/AusweisApp2/AusweisApp2-1.24.4.ebuild b/sys-auth/AusweisApp/AusweisApp-2.0.3.ebuild index 851f0ef3cebe..f791a20ba107 100644 --- a/sys-auth/AusweisApp2/AusweisApp2-1.24.4.ebuild +++ b/sys-auth/AusweisApp/AusweisApp-2.0.3.ebuild @@ -1,4 +1,4 @@ -# Copyright 2020-2022 Gentoo Authors +# Copyright 2020-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -11,23 +11,20 @@ SRC_URI="https://github.com/Governikus/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz LICENSE="EUPL-1.2" SLOT="0" -KEYWORDS="amd64 x86" +KEYWORDS="amd64" BDEPEND=" - dev-qt/linguist-tools:5 + dev-qt/qtshadertools:6 + dev-qt/qttools:6[linguist] virtual/pkgconfig" RDEPEND=" dev-libs/openssl:0= - dev-qt/qtconcurrent:5 - dev-qt/qtcore:5 - dev-qt/qtdeclarative:5 - dev-qt/qtgui:5 - dev-qt/qtnetwork:5 - dev-qt/qtquickcontrols2:5 - dev-qt/qtsvg:5 - dev-qt/qtwebsockets:5[qml] - dev-qt/qtwidgets:5 + dev-qt/qtbase:6[concurrent,network,widgets] + dev-qt/qtdeclarative:6[widgets] + dev-qt/qtscxml:6[qml] + dev-qt/qtsvg:6 + dev-qt/qtwebsockets:6[qml] net-libs/http-parser:0= sys-apps/pcsc-lite virtual/udev" @@ -37,7 +34,6 @@ DEPEND="${RDEPEND}" src_configure() { local mycmakeargs=( -DBUILD_SHARED_LIBS=OFF - -DQt=Qt5 ) cmake_src_configure } diff --git a/sys-auth/AusweisApp2/AusweisApp2-1.26.1.ebuild b/sys-auth/AusweisApp/AusweisApp-2.1.0.ebuild index f1b6cc8c799f..d86746427953 100644 --- a/sys-auth/AusweisApp2/AusweisApp2-1.26.1.ebuild +++ b/sys-auth/AusweisApp/AusweisApp-2.1.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 2020-2022 Gentoo Authors +# Copyright 2020-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -11,23 +11,20 @@ SRC_URI="https://github.com/Governikus/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz LICENSE="EUPL-1.2" SLOT="0" -KEYWORDS="~amd64 ~x86" +KEYWORDS="~amd64" BDEPEND=" - dev-qt/linguist-tools:5 + dev-qt/qtshadertools:6 + dev-qt/qttools:6[linguist] virtual/pkgconfig" RDEPEND=" dev-libs/openssl:0= - dev-qt/qtconcurrent:5 - dev-qt/qtcore:5 - dev-qt/qtdeclarative:5 - dev-qt/qtgui:5 - dev-qt/qtnetwork:5 - dev-qt/qtquickcontrols2:5 - dev-qt/qtsvg:5 - dev-qt/qtwebsockets:5[qml] - dev-qt/qtwidgets:5 + dev-qt/qtbase:6[concurrent,network,widgets] + dev-qt/qtdeclarative:6[widgets] + dev-qt/qtscxml:6[qml] + dev-qt/qtsvg:6 + dev-qt/qtwebsockets:6[qml] net-libs/http-parser:0= sys-apps/pcsc-lite virtual/udev" @@ -37,7 +34,6 @@ DEPEND="${RDEPEND}" src_configure() { local mycmakeargs=( -DBUILD_SHARED_LIBS=OFF - -DQt=Qt5 ) cmake_src_configure } diff --git a/sys-auth/AusweisApp2/AusweisApp2-9999.ebuild b/sys-auth/AusweisApp/AusweisApp-9999.ebuild index 764e968e501b..2ee0eb3209a0 100644 --- a/sys-auth/AusweisApp2/AusweisApp2-9999.ebuild +++ b/sys-auth/AusweisApp/AusweisApp-9999.ebuild @@ -1,4 +1,4 @@ -# Copyright 2020-2022 Gentoo Authors +# Copyright 2020-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -7,7 +7,7 @@ inherit cmake git-r3 xdg-utils DESCRIPTION="Official authentication app for German ID cards and residence permits" HOMEPAGE="https://www.ausweisapp.bund.de/" -EGIT_REPO_URI="https://github.com/Governikus/AusweisApp2.git" +EGIT_REPO_URI="https://github.com/Governikus/AusweisApp.git" LICENSE="EUPL-1.2" SLOT="0" diff --git a/sys-auth/AusweisApp/Manifest b/sys-auth/AusweisApp/Manifest new file mode 100644 index 000000000000..bb557a4dc39f --- /dev/null +++ b/sys-auth/AusweisApp/Manifest @@ -0,0 +1,2 @@ +DIST AusweisApp-2.0.3.tar.gz 9125557 BLAKE2B 6d32e0d451259bfb44ac99dce9dee3e66afd07d5c78c8f033703213888fb68c5d3ee9f8374d1ab79cd364061e78d98ce0c21fc5d6957f601bd88e5e3e6b2489d SHA512 4f492d137c1f38d3ff5ae70afc28d44bd86ce2034166e8ea7ca44e91161301a739ddcf985c76b14147485f6bc4e30e316db50db86eda7e2de1b7344c37091cd4 +DIST AusweisApp-2.1.0.tar.gz 5876657 BLAKE2B 54c8676dda53a667104f8edf8fc70fc4ca736b1207bea0ce2a5fc0a628216ce4f001adac03308fceccbb8ad834d171f364ac6b4e948ada26d6983ede827fd10e SHA512 a7186bdfe3ebd6779588dc6fa219fcc2f60d36c62a8b9956bbdc86e4962120e46b39266e7207cf0de4d84f9212d1616bbec9f8901cb0a112bcfcae1684f3ff75 diff --git a/sys-auth/AusweisApp2/metadata.xml b/sys-auth/AusweisApp/metadata.xml index fe6904054d49..2b138ddc526e 100644 --- a/sys-auth/AusweisApp2/metadata.xml +++ b/sys-auth/AusweisApp/metadata.xml @@ -6,6 +6,6 @@ <name>Conrad Kostecki</name> </maintainer> <upstream> - <remote-id type="github">Governikus/AusweisApp2</remote-id> + <remote-id type="github">Governikus/AusweisApp</remote-id> </upstream> </pkgmetadata> diff --git a/sys-auth/AusweisApp2/Manifest b/sys-auth/AusweisApp2/Manifest deleted file mode 100644 index c6adf386fa02..000000000000 --- a/sys-auth/AusweisApp2/Manifest +++ /dev/null @@ -1,2 +0,0 @@ -DIST AusweisApp2-1.24.4.tar.gz 11482381 BLAKE2B 26bb34bcefbe4dfce4b30300e71fdab61afa3a30c4b17dd5d90abc4f0cbaca062f7d91f0d49a082a3436a43b3a880f3771e879774f22e35963a905485c8e3c7e SHA512 672b1e7a4543824afa241430b6784eef38273f32436451270c84d02617044b727691e3e15aa2ac09a06d3286a36e81c54c205f706a3db6c5cfabc48cf0a52c30 -DIST AusweisApp2-1.26.1.tar.gz 11488062 BLAKE2B a46dfc13bcbc6b6594732ff22bc41a35c587f659cea32e9c339dad9042c92ebf3c1591bd4b2c41ebed34c231b50d9aca1344e863de405af0ce54c5159b6d7c6f SHA512 ffad0d735adf963c3f4df054bd113f15d2dc0da59b77a91af676b5646f779dcc0d1d3a313d3a666dc406401cd154215ac7462ed0ecf97df69b8da19f799cdaf3 diff --git a/sys-auth/elogind/Manifest b/sys-auth/elogind/Manifest index 871cbc88d9f3..3ce9fb1e8ab7 100644 --- a/sys-auth/elogind/Manifest +++ b/sys-auth/elogind/Manifest @@ -1 +1,2 @@ DIST elogind-246.10.tar.gz 1559256 BLAKE2B 17a8146ee08c8ccf167f25d89b1d4525050ed0b0baaad0d36924ad3c40ffc820ef1528b33557cf285ad06c9ac9c440137428c5a235a2acf563e56f2f8f07e208 SHA512 9db0f068ed94ec07bab4d764ccb38840af3d05a4b7c9c539721906f5381b509cb9a3cbfb0453a978210d306136368de6162578c600d522416ef2a7ac1b9f348b +DIST elogind-252.9.tar.gz 1922777 BLAKE2B dd566125e407b3479a44b007890f97c9c87a325b3fed2d3505499d2163f113affd998e14b1c1fc50b9b86b0d155b51dae344dcc1cddafb6a48c631d0a0f00c9a SHA512 eed620cbc2f03bfeae6a80c9a421c21d3293fa40adffb96c7e4d86508c06712041f6623fb2bac15ecbb85faca4b5674ea6423b3067840809fb27d023fd9e5ffd diff --git a/sys-auth/elogind/elogind-246.10-r2.ebuild b/sys-auth/elogind/elogind-246.10-r3.ebuild index 614ab85f2f98..6dab1913be28 100644 --- a/sys-auth/elogind/elogind-246.10-r2.ebuild +++ b/sys-auth/elogind/elogind-246.10-r3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -27,7 +27,6 @@ BDEPEND=" app-text/docbook-xml-dtd:4.5 app-text/docbook-xsl-stylesheets dev-util/gperf - dev-util/intltool virtual/pkgconfig " DEPEND=" @@ -55,6 +54,7 @@ PATCHES=( "${FILESDIR}/${P}-revert-polkit-automagic.patch" "${FILESDIR}/${P}-clang-undefined-symbol.patch" "${FILESDIR}/${P}-loong.patch" + "${FILESDIR}/${P}-musl-selinux.patch" ) pkg_setup() { @@ -92,7 +92,7 @@ src_configure() { -Ddefault-kill-user-processes=false -Dacl=$(usex acl true false) -Daudit=$(usex audit true false) - --buildtype $(usex debug debug release) + -Dbuildtype=$(usex debug debug release) -Dhtml=$(usex doc auto false) -Dpam=$(usex pam true false) -Dselinux=$(usex selinux true false) diff --git a/sys-auth/elogind/elogind-246.10-r1.ebuild b/sys-auth/elogind/elogind-252.9.ebuild index 545f56aa84e4..4cb66f04f2f6 100644 --- a/sys-auth/elogind/elogind-246.10-r1.ebuild +++ b/sys-auth/elogind/elogind-252.9.ebuild @@ -1,33 +1,37 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 +PYTHON_COMPAT=( python3_{10..12} ) + if [[ ${PV} = *9999* ]]; then - EGIT_BRANCH="v241-stable" + EGIT_BRANCH="v252-stable" EGIT_REPO_URI="https://github.com/elogind/elogind.git" inherit git-r3 else SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" fi -inherit linux-info meson pam udev xdg-utils +inherit linux-info meson pam python-any-r1 udev xdg-utils DESCRIPTION="The systemd project's logind, extracted to a standalone package" HOMEPAGE="https://github.com/elogind/elogind" LICENSE="CC0-1.0 LGPL-2.1+ public-domain" SLOT="0" -IUSE="+acl audit debug doc +pam +policykit selinux" +IUSE="+acl audit +cgroup-hybrid debug doc +pam +policykit selinux test" +RESTRICT="!test? ( test )" BDEPEND=" app-text/docbook-xml-dtd:4.2 app-text/docbook-xml-dtd:4.5 app-text/docbook-xsl-stylesheets dev-util/gperf - dev-util/intltool virtual/pkgconfig + $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') + $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') " DEPEND=" audit? ( sys-process/audit ) @@ -46,14 +50,18 @@ PDEPEND=" policykit? ( sys-auth/polkit ) " -DOCS=( README.md src/libelogind/sd-bus/GVARIANT-SERIALIZATION ) +DOCS=( README.md) PATCHES=( - "${FILESDIR}/${PN}-243.7-nodocs.patch" - "${FILESDIR}/${PN}-241.4-broken-test.patch" # bug 699116 - "${FILESDIR}/${P}-revert-polkit-automagic.patch" + "${FILESDIR}/${P}-nodocs.patch" + "${FILESDIR}/${PN}-252.9-musl-lfs.patch" ) +python_check_deps() { + python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" && + python_has_version "dev-python/lxml[${PYTHON_USEDEP}]" +} + pkg_setup() { local CONFIG_CHECK="~CGROUPS ~EPOLL ~INOTIFY_USER ~SIGNALFD ~TIMERFD" @@ -61,20 +69,34 @@ pkg_setup() { } src_prepare() { + if use elibc_musl; then + # Some of musl-specific patches break build on the + # glibc systems (like getdents), therefore those are + # only used when the build is done for musl. + PATCHES+=( + "${FILESDIR}/${P}-musl-sigfillset.patch" + "${FILESDIR}/${P}-musl-statx.patch" + "${FILESDIR}/${P}-musl-rlim-max.patch" + "${FILESDIR}/${P}-musl-getdents.patch" + "${FILESDIR}/${P}-musl-gshadow.patch" + "${FILESDIR}/${P}-musl-strerror_r.patch" + "${FILESDIR}/${P}-musl-more-strerror_r.patch" + ) + fi + default xdg_environment_reset } src_configure() { - local rccgroupmode="$(grep rc_cgroup_mode "${EPREFIX}"/etc/rc.conf | cut -d '"' -f 2)" - local cgroupmode="legacy" - - if [[ "xhybrid" = "x${rccgroupmode}" ]] ; then + if use cgroup-hybrid; then cgroupmode="hybrid" - elif [[ "xunified" = "x${rccgroupmode}" ]] ; then + else cgroupmode="unified" fi + python_setup + local emesonargs=( -Ddocdir="${EPREFIX}/usr/share/doc/${PF}" -Dhtmldir="${EPREFIX}/usr/share/doc/${PF}/html" @@ -92,19 +114,19 @@ src_configure() { -Ddefault-kill-user-processes=false -Dacl=$(usex acl true false) -Daudit=$(usex audit true false) - --buildtype $(usex debug debug release) + -Dbuildtype=$(usex debug debug release) -Dhtml=$(usex doc auto false) -Dpam=$(usex pam true false) -Dselinux=$(usex selinux true false) + -Dtests=$(usex test true false) -Dutmp=$(usex elibc_musl false true) + -Dmode=release ) meson_src_configure } src_install() { - DOCS+=( src/libelogind/sd-bus/GVARIANT-SERIALIZATION ) - meson_src_install newinitd "${FILESDIR}"/${PN}.init-r1 ${PN} @@ -146,4 +168,12 @@ pkg_postinst() { elog "when the first service calls it via dbus." fi fi + + for version in ${REPLACING_VERSIONS}; do + if ver_test "${version}" -lt 252.9; then + elog "Starting with release 252.9 the sleep configuration is now done" + elog "in the /etc/elogind/sleep.conf. Should you use non-default sleep" + elog "configuration remember to migrate those to new configuration file." + fi + done } diff --git a/sys-auth/elogind/files/elogind-246.10-musl-selinux.patch b/sys-auth/elogind/files/elogind-246.10-musl-selinux.patch new file mode 100644 index 000000000000..c36861b983e2 --- /dev/null +++ b/sys-auth/elogind/files/elogind-246.10-musl-selinux.patch @@ -0,0 +1,99 @@ +https://bugs.gentoo.org/888912 +https://github.com/elogind/elogind/commit/ab72a46f3104f44a32ef7bec7439aa9d3b5f0fdc + +Rebased version to apply to 246.10 by concord@. + +From ab72a46f3104f44a32ef7bec7439aa9d3b5f0fdc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Fri, 9 Oct 2020 16:48:03 +0200 +Subject: [PATCH] basic/selinux: work around mallinfo deprecation + +Latest glibc has deprecated mallinfo(), so it might become unavailable at some point +in the future. There is malloc_info(), but it returns XML, ffs. I think the information +that we get from mallinfo() is quite useful, so let's use mallinfo() if available, and +not otherwise. +--- a/meson.build ++++ b/meson.build +@@ -617,6 +617,7 @@ foreach ident : [ + #include <unistd.h> + #include <signal.h> + #include <sys/wait.h>'''], ++ ['mallinfo', '''#include <malloc.h>'''], + ] + + have = cc.has_function(ident[0], prefix : ident[1], args : '-D_GNU_SOURCE') +--- a/src/basic/macro.h ++++ b/src/basic/macro.h +@@ -93,6 +93,10 @@ + #endif + + /* Temporarily disable some warnings */ ++#define DISABLE_WARNING_DEPRECATED_DECLARATIONS \ ++ _Pragma("GCC diagnostic push"); \ ++ _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"") ++ + #define DISABLE_WARNING_FORMAT_NONLITERAL \ + _Pragma("GCC diagnostic push"); \ + _Pragma("GCC diagnostic ignored \"-Wformat-nonliteral\"") +--- a/src/basic/selinux-util.c ++++ b/src/basic/selinux-util.c +@@ -72,12 +72,21 @@ void mac_selinux_retest(void) { + #endif + } + ++#if HAVE_MALLINFO ++static struct mallinfo mallinfo_nowarn(void) { ++ /* glibc has deprecated mallinfo(), but the replacement malloc_info() returns an XML blob ;=[ */ ++DISABLE_WARNING_DEPRECATED_DECLARATIONS ++ return mallinfo(); ++REENABLE_WARNING ++} ++#else ++# warning "mallinfo() is missing, add mallinfo2() support instead." ++#endif ++ + int mac_selinux_init(void) { + #if HAVE_SELINUX + usec_t before_timestamp, after_timestamp; +- struct mallinfo before_mallinfo, after_mallinfo; + char timespan[FORMAT_TIMESPAN_MAX]; +- int l; + + selinux_set_callback(SELINUX_CB_POLICYLOAD, (union selinux_callback) mac_selinux_reload); + +@@ -87,7 +96,9 @@ int mac_selinux_init(void) { + if (!mac_selinux_use()) + return 0; + +- before_mallinfo = mallinfo(); ++#if HAVE_MALLINFO ++ struct mallinfo before_mallinfo = mallinfo_nowarn(); ++#endif + before_timestamp = now(CLOCK_MONOTONIC); + + label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); +@@ -95,14 +107,17 @@ int mac_selinux_init(void) { + return log_enforcing_errno(errno, "Failed to initialize SELinux labeling handle: %m"); + + after_timestamp = now(CLOCK_MONOTONIC); +- after_mallinfo = mallinfo(); +- +- l = after_mallinfo.uordblks > before_mallinfo.uordblks ? after_mallinfo.uordblks - before_mallinfo.uordblks : 0; ++#if HAVE_MALLINFO ++ struct mallinfo after_mallinfo = mallinfo_nowarn(); ++ int l = after_mallinfo.uordblks > before_mallinfo.uordblks ? after_mallinfo.uordblks - before_mallinfo.uordblks : 0; + + log_debug("Successfully loaded SELinux database in %s, size on heap is %iK.", + format_timespan(timespan, sizeof(timespan), after_timestamp - before_timestamp, 0), +- (l+1023)/1024); +- ++ DIV_ROUND_UP(l, 1024)); ++#else ++ log_debug("Successfully loaded SELinux database in %s.", ++ format_timespan(timespan, sizeof(timespan), after_timestamp - before_timestamp, 0)); ++#endif + #endif + return 0; + } +-- +2.40.1 diff --git a/sys-auth/elogind/files/elogind-252.9-musl-getdents.patch b/sys-auth/elogind/files/elogind-252.9-musl-getdents.patch new file mode 100644 index 000000000000..35b7670787a0 --- /dev/null +++ b/sys-auth/elogind/files/elogind-252.9-musl-getdents.patch @@ -0,0 +1,35 @@ +From dab02796780f00d689cc1c7a0ba81abe7c5f28d0 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 21 Jan 2022 15:15:11 -0800 +Subject: [PATCH] pass correct parameters to getdents64 + +Fixes +../git/src/basic/recurse-dir.c:57:40: error: incompatible pointer types passing 'uint8_t *' (aka 'unsigned char *') to parameter of type 'struct dirent *' [-Werror,-Wincompatible-pointer-types] + n = getdents64(dir_fd, (uint8_t*) de->buffer + de->buffer_size, bs - de->buffer_size); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +../git/src/basic/stat-util.c:102:28: error: incompatible pointer types passing 'union (unnamed union at ../git/src/basic/stat-util.c:78:9) *' to parameter of type 'struct dirent *' [-Werror,-Wincompatible-pointer-types] + n = getdents64(fd, &buffer, sizeof(buffer)); + ^~~~~~~ + +Upstream-Status: Inappropriate [musl specific] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com> + +--- + src/basic/recurse-dir.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/recurse-dir.c b/src/basic/recurse-dir.c +index d16ca98..31f6154 100644 +--- a/src/basic/recurse-dir.c ++++ b/src/basic/recurse-dir.c +@@ -54,7 +54,7 @@ int readdir_all(int dir_fd, + bs = MIN(MALLOC_SIZEOF_SAFE(de) - offsetof(DirectoryEntries, buffer), (size_t) SSIZE_MAX); + assert(bs > de->buffer_size); + +- n = getdents64(dir_fd, (uint8_t*) de->buffer + de->buffer_size, bs - de->buffer_size); ++ n = getdents(dir_fd, (struct dirent*)((uint8_t*) de->buffer + de->buffer_size), bs - de->buffer_size); + if (n < 0) + return -errno; + if (n == 0) diff --git a/sys-auth/elogind/files/elogind-252.9-musl-gshadow.patch b/sys-auth/elogind/files/elogind-252.9-musl-gshadow.patch new file mode 100644 index 000000000000..95613cb66f6e --- /dev/null +++ b/sys-auth/elogind/files/elogind-252.9-musl-gshadow.patch @@ -0,0 +1,14 @@ +just like the other part it's already patched in, not actually used +-- +diff --git a/src/shared/user-record-nss.h b/src/shared/user-record-nss.h +index 7a41be7..3a970a6 100644 +--- a/src/shared/user-record-nss.h ++++ b/src/shared/user-record-nss.h +@@ -2,7 +2,6 @@ + #pragma once + + #include <grp.h> +-#include <gshadow.h> + #include <pwd.h> + #include <shadow.h> + diff --git a/sys-auth/elogind/files/elogind-252.9-musl-lfs.patch b/sys-auth/elogind/files/elogind-252.9-musl-lfs.patch new file mode 100644 index 000000000000..4faa929c447a --- /dev/null +++ b/sys-auth/elogind/files/elogind-252.9-musl-lfs.patch @@ -0,0 +1,51 @@ +https://github.com/systemd/systemd/pull/27599 + +From d096e05c625ea825eb4d781216ded717b7f71cca Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Wed, 10 May 2023 01:47:13 +0100 +Subject: [PATCH] dirent: conditionalize dirent assert based on dirent64 + existence + +>=musl-1.2.4 doesn't define dirent64 and its LFS friends as its "native" +functions are already LFS-aware. + +Check for dirent64 in meson.build and only assert if it exists. + +Bug: https://bugs.gentoo.org/905900 +Closes: https://github.com/systemd/systemd/pull/25809 +--- a/meson.build ++++ b/meson.build +@@ -599,6 +599,7 @@ decl_headers = ''' + # define _GNU_SOURCE 1 + # endif // _GNU_SOURCE + #endif // 1 ++#include <dirent.h> + #include <uchar.h> + #include <sys/mount.h> + #include <sys/stat.h> +@@ -608,6 +609,7 @@ foreach decl : ['char16_t', + 'char32_t', + 'struct mount_attr', + 'struct statx', ++ 'struct dirent64', + ] + + # We get -1 if the size cannot be determined +--- a/src/basic/dirent-util.h ++++ b/src/basic/dirent-util.h +@@ -39,6 +39,7 @@ struct dirent *readdir_no_dot(DIR *dirp); + /* Only if 64bit off_t is enabled struct dirent + struct dirent64 are actually the same. We require this, and + * we want them to be interchangeable to make getdents64() work, hence verify that. */ + assert_cc(_FILE_OFFSET_BITS == 64); ++#if HAVE_STRUCT_DIRENT64 + assert_cc(sizeof(struct dirent) == sizeof(struct dirent64)); + assert_cc(offsetof(struct dirent, d_ino) == offsetof(struct dirent64, d_ino)); + assert_cc(sizeof_field(struct dirent, d_ino) == sizeof_field(struct dirent64, d_ino)); +@@ -50,6 +51,7 @@ assert_cc(offsetof(struct dirent, d_type) == offsetof(struct dirent64, d_type)); + assert_cc(sizeof_field(struct dirent, d_type) == sizeof_field(struct dirent64, d_type)); + assert_cc(offsetof(struct dirent, d_name) == offsetof(struct dirent64, d_name)); + assert_cc(sizeof_field(struct dirent, d_name) == sizeof_field(struct dirent64, d_name)); ++#endif + + #define FOREACH_DIRENT_IN_BUFFER(de, buf, sz) \ + for (void *_end = (uint8_t*) ({ (de) = (buf); }) + (sz); \ diff --git a/sys-auth/elogind/files/elogind-252.9-musl-more-strerror_r.patch b/sys-auth/elogind/files/elogind-252.9-musl-more-strerror_r.patch new file mode 100644 index 000000000000..3cfafae4cbfe --- /dev/null +++ b/sys-auth/elogind/files/elogind-252.9-musl-more-strerror_r.patch @@ -0,0 +1,44 @@ +Patch-Source: https://github.com/chimera-linux/cports/blob/6ff62886181bc1325a1431157a80993497fd561b/main/udev/patches/0001-errno-util-Make-STRERROR-portable-for-musl.patch +-- +From f66b5c802ce0a3310f5580cfc1b02446f8087568 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 23 Jan 2023 23:39:46 -0800 +Subject: [PATCH] errno-util: Make STRERROR portable for musl + +Sadly, systemd has decided to use yet another GNU extention in a macro +lets make this such that we can use XSI compliant strerror_r() for +non-glibc hosts + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/basic/errno-util.h | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h +index 091f99c590..eb5c1f9961 100644 +--- a/src/basic/errno-util.h ++++ b/src/basic/errno-util.h +@@ -14,8 +14,16 @@ + * https://stackoverflow.com/questions/34880638/compound-literal-lifetime-and-if-blocks + * + * Note that we use the GNU variant of strerror_r() here. */ +-#define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN) +- ++static inline const char * STRERROR(int errnum); ++ ++static inline const char * STRERROR(int errnum) { ++#ifdef __GLIBC__ ++ return strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN); ++#else ++ static __thread char buf[ERRNO_BUF_LEN]; ++ return strerror_r(abs(errnum), buf, ERRNO_BUF_LEN) ? "unknown error" : buf; ++#endif ++} + /* A helper to print an error message or message for functions that return 0 on EOF. + * Note that we can't use ({ … }) to define a temporary variable, so errnum is + * evaluated twice. */ +-- +2.39.1 + diff --git a/sys-auth/elogind/files/elogind-252.9-musl-rlim-max.patch b/sys-auth/elogind/files/elogind-252.9-musl-rlim-max.patch new file mode 100644 index 000000000000..de8f290f16b8 --- /dev/null +++ b/sys-auth/elogind/files/elogind-252.9-musl-rlim-max.patch @@ -0,0 +1,13 @@ +diff --git a/src/basic/rlimit-util.c b/src/basic/rlimit-util.c +index afd74ac..3a731f4 100644 +--- a/src/basic/rlimit-util.c ++++ b/src/basic/rlimit-util.c +@@ -44,7 +44,7 @@ int setrlimit_closest(int resource, const struct rlimit *rlim) { + fixed.rlim_max == highest.rlim_max) + return 0; + +- log_debug("Failed at setting rlimit " RLIM_FMT " for resource RLIMIT_%s. Will attempt setting value " RLIM_FMT " instead.", rlim->rlim_max, rlimit_to_string(resource), fixed.rlim_max); ++ log_debug("Failed at setting rlimit %ju for resource RLIMIT_%s. Will attempt setting value %ju instead.", (uintmax_t)rlim->rlim_max, rlimit_to_string(resource), (uintmax_t)fixed.rlim_max); + + return RET_NERRNO(setrlimit(resource, &fixed)); + } diff --git a/sys-auth/elogind/files/elogind-252.9-musl-sigfillset.patch b/sys-auth/elogind/files/elogind-252.9-musl-sigfillset.patch new file mode 100644 index 000000000000..787eeac9bc80 --- /dev/null +++ b/sys-auth/elogind/files/elogind-252.9-musl-sigfillset.patch @@ -0,0 +1,12 @@ +diff --git a/src/basic/async.h b/src/basic/async.h +index cf80acf..d22e77d 100644 +--- a/src/basic/async.h ++++ b/src/basic/async.h +@@ -2,6 +2,7 @@ + #pragma once + + #include <sys/types.h> ++#include <signal.h> + + #include "macro.h" + diff --git a/sys-auth/elogind/files/elogind-252.9-musl-statx.patch b/sys-auth/elogind/files/elogind-252.9-musl-statx.patch new file mode 100644 index 000000000000..60a8942161df --- /dev/null +++ b/sys-auth/elogind/files/elogind-252.9-musl-statx.patch @@ -0,0 +1,26 @@ +diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c +index ab8744b..59ff466 100644 +--- a/src/basic/mountpoint-util.c ++++ b/src/basic/mountpoint-util.c +@@ -11,7 +11,7 @@ + //#include "filesystems.h" + #include "fs-util.h" + #include "missing_stat.h" +-//#include "missing_syscall.h" ++#include "missing_syscall.h" + //#include "mkdir.h" + #include "mountpoint-util.h" + #include "nulstr-util.h" +diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c +index d8e0693..f8324ed 100644 +--- a/src/basic/stat-util.c ++++ b/src/basic/stat-util.c +@@ -18,7 +18,7 @@ + #include "macro.h" + //#include "missing_fs.h" + #include "missing_magic.h" +-//#include "missing_syscall.h" ++#include "missing_syscall.h" + #include "nulstr-util.h" + //#include "parse-util.h" + #include "stat-util.h" diff --git a/sys-auth/elogind/files/elogind-252.9-musl-strerror_r.patch b/sys-auth/elogind/files/elogind-252.9-musl-strerror_r.patch new file mode 100644 index 000000000000..04570f5fb3f4 --- /dev/null +++ b/sys-auth/elogind/files/elogind-252.9-musl-strerror_r.patch @@ -0,0 +1,89 @@ +fix strerror_r use instead of whatever this define is meant to be doing +-- +From 0542d27ebbb250c09bdcfcf9f2ea3d27426fe522 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Tue, 10 Jul 2018 15:40:17 +0800 +Subject: [PATCH] distinguish XSI-compliant strerror_r from GNU-specifi + strerror_r + +XSI-compliant strerror_r and GNU-specifi strerror_r are different. + + int strerror_r(int errnum, char *buf, size_t buflen); + /* XSI-compliant */ + + char *strerror_r(int errnum, char *buf, size_t buflen); + /* GNU-specific */ + +We need to distinguish between them. Otherwise, we'll get an int value +assigned to (char *) variable, resulting in segment fault. + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> + +--- + src/libsystemd/sd-bus/bus-error.c | 5 +++++ + src/libsystemd/sd-journal/journal-send.c | 5 +++++ + 2 files changed, 10 insertions(+) + +diff --git a/src/basic/musl_missing.h b/src/basic/musl_missing.h +index 41c66c9..a2e1d7e 100644 +--- a/src/basic/musl_missing.h ++++ b/src/basic/musl_missing.h +@@ -26,8 +26,6 @@ void elogind_set_program_name(const char* pcall); + #include <unistd.h> + #include <pthread.h> /* for pthread_atfork */ + +-#define strerror_r(e, m, k) (strerror_r(e, m, k) < 0 ? strdup("strerror_r() failed") : m); +- + /* + * Possibly TODO according to http://man7.org/linux/man-pages/man3/getenv.3.html + * + test if the process's effective user ID does not match its real user ID or +diff --git a/src/libelogind/sd-bus/bus-error.c b/src/libelogind/sd-bus/bus-error.c +index 4d687cf..1459396 100644 +--- a/src/libelogind/sd-bus/bus-error.c ++++ b/src/libelogind/sd-bus/bus-error.c +@@ -409,7 +409,12 @@ static void bus_error_strerror(sd_bus_error *e, int error) { + return; + + errno = 0; ++#ifndef __GLIBC__ ++ strerror_r(error, m, k); ++ x = m; ++#else + x = strerror_r(error, m, k); ++#endif + if (errno == ERANGE || strlen(x) >= k - 1) { + free(m); + k *= 2; +@@ -594,8 +599,12 @@ const char* _bus_error_message(const sd_bus_error *e, int error, char buf[static + + if (e && e->message) + return e->message; +- ++#ifndef __GLIBC__ ++ strerror_r(abs(error), buf, ERRNO_BUF_LEN); ++ return buf; ++#else + return strerror_r(abs(error), buf, ERRNO_BUF_LEN); ++#endif + } + + static bool map_ok(const sd_bus_error_map *map) { +diff --git a/src/libelogind/sd-journal/journal-send.c b/src/libelogind/sd-journal/journal-send.c +index 4010197..1d49868 100644 +--- a/src/libelogind/sd-journal/journal-send.c ++++ b/src/libelogind/sd-journal/journal-send.c +@@ -444,7 +444,12 @@ static int fill_iovec_perror_and_send(const char *message, int skip, struct iove + char* j; + + errno = 0; ++#ifndef __GLIBC__ ++ strerror_r(_saved_errno_, buffer + 8 + k, n - 8 - k); ++ j = buffer + 8 + k; ++#else + j = strerror_r(_saved_errno_, buffer + 8 + k, n - 8 - k); ++#endif + if (errno == 0) { + char error[STRLEN("ERRNO=") + DECIMAL_STR_MAX(int) + 1]; + diff --git a/sys-auth/elogind/files/elogind-252.9-nodocs.patch b/sys-auth/elogind/files/elogind-252.9-nodocs.patch new file mode 100644 index 000000000000..4be92f95fa24 --- /dev/null +++ b/sys-auth/elogind/files/elogind-252.9-nodocs.patch @@ -0,0 +1,28 @@ +diff --git a/meson.build b/meson.build +index 694a2fd97..9b97cafef 100644 +--- a/meson.build ++++ b/meson.build +@@ -4528,15 +4528,11 @@ subdir('shell-completion/zsh') + # install_dir : xinitrcdir) + # endif + #endif // 0 +-install_data('LICENSE.GPL2', +- 'LICENSE.LGPL2.1', + #if 0 /// elogind has upgraded to markdown, and the NEWS file is useless + # 'NEWS', + # 'README', + #else // 0 +- 'README.md', + #endif // 0 +- 'docs/CODING_STYLE.md', + #if 0 /// irrelevant for elogind + # 'docs/DISTRO_PORTING.md', + # 'docs/ENVIRONMENT.md', +@@ -4545,7 +4541,6 @@ install_data('LICENSE.GPL2', + # 'docs/TRANSLATORS.md', + # 'docs/UIDS-GIDS.md', + #endif // 0 +- install_dir : docdir) + + #if 0 /// irrelevant for elogind + # install_subdir('LICENSES', diff --git a/sys-auth/elogind/metadata.xml b/sys-auth/elogind/metadata.xml index fb46725b3a1d..43950e1cc395 100644 --- a/sys-auth/elogind/metadata.xml +++ b/sys-auth/elogind/metadata.xml @@ -4,14 +4,6 @@ <maintainer type="person"> <email>asturm@gentoo.org</email> </maintainer> - <maintainer type="person"> - <email>kensington@gentoo.org</email> - <name>Michael Palimaka</name> - </maintainer> - <maintainer type="person"> - <email>slashbeast@gentoo.org</email> - <name>Piotr Karbowski</name> - </maintainer> <use> <flag name="cgroup-hybrid">Use hybrid cgroup hierarchy (OpenRC's default) instead of unified.</flag> </use> diff --git a/sys-auth/fprintd/fprintd-1.94.2.ebuild b/sys-auth/fprintd/fprintd-1.94.2.ebuild index 65065793fd36..452126569d70 100644 --- a/sys-auth/fprintd/fprintd-1.94.2.ebuild +++ b/sys-auth/fprintd/fprintd-1.94.2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -15,8 +15,8 @@ SRC_URI="https://gitlab.freedesktop.org/libfprint/${PN}/-/archive/v${PV}/${MY_P} LICENSE="GPL-2+" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86" -IUSE="doc pam systemd test" +KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ppc ppc64 ~riscv sparc x86" +IUSE="doc pam selinux systemd test" RESTRICT="!test? ( test )" RDEPEND=" @@ -54,6 +54,8 @@ BDEPEND=" ) " +RDEPEND+=" selinux? ( sec-policy/selinux-fprintd )" + PATCHES=( "${FILESDIR}/${PN}-1.90.7_0001-add-test-feature-and-make-tests-optional.patch" "${FILESDIR}/${PN}-1.90.8_0002-add-configure-option-for-libsystemd-provider.patch" diff --git a/sys-auth/google-authenticator-libpam-hardened/google-authenticator-libpam-hardened-9999.ebuild b/sys-auth/google-authenticator-libpam-hardened/google-authenticator-libpam-hardened-9999.ebuild deleted file mode 100644 index 4858a2c5daa0..000000000000 --- a/sys-auth/google-authenticator-libpam-hardened/google-authenticator-libpam-hardened-9999.ebuild +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -EGIT_REPO_URI="https://github.com/mgorny/google-authenticator-libpam-hardened.git" -inherit autotools git-r3 - -DESCRIPTION="PAM Module for two step verification via mobile platform" -HOMEPAGE="https://github.com/mgorny/google-authenticator-libpam-hardened" - -LICENSE="Apache-2.0" -SLOT="0" -IUSE="+qrcode" - -DEPEND="sys-auth/oath-toolkit:= - sys-libs/pam - qrcode? ( media-gfx/qrencode:= )" -RDEPEND="${DEPEND} - !sys-auth/google-authenticator" - -src_prepare() { - default - eautoreconf -} - -src_configure() { - local myconf=( - # TODO: use getpam_mod_dir after fixing build system - --libdir="/$(get_libdir)" - - $(use_enable qrcode qrencode) - ) - - econf "${myconf[@]}" -} - -src_install() { - default - find "${D}" -name '*.la' -delete || die -} diff --git a/sys-auth/google-authenticator-libpam-hardened/metadata.xml b/sys-auth/google-authenticator-libpam-hardened/metadata.xml deleted file mode 100644 index 4cd1c0be385a..000000000000 --- a/sys-auth/google-authenticator-libpam-hardened/metadata.xml +++ /dev/null @@ -1,15 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> - <maintainer type="person"> - <email>mgorny@gentoo.org</email> - <name>Michał Górny</name> - </maintainer> - <use> - <flag name="qrcode">Display QRcode after setup to accomodate - automatic setup of OTP client apps.</flag> - </use> - <upstream> - <remote-id type="github">mgorny/google-authenticator-libpam-hardened</remote-id> - </upstream> -</pkgmetadata> diff --git a/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-1.ebuild b/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-1.ebuild index e9a92f0160c9..2eca357d0a2c 100644 --- a/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-1.ebuild +++ b/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -6,8 +6,8 @@ EAPI=7 inherit cmake DESCRIPTION="Set of scripts to manage google-auth setup on Gentoo Infra" -HOMEPAGE="https://github.com/mgorny/google-authenticator-wrappers" -SRC_URI="https://github.com/mgorny/google-authenticator-wrappers/archive/v${PV}.tar.gz -> ${P}.tar.gz" +HOMEPAGE="https://github.com/projg2/google-authenticator-wrappers" +SRC_URI="https://github.com/projg2/google-authenticator-wrappers/archive/v${PV}.tar.gz -> ${P}.tar.gz" LICENSE="BSD-2" SLOT="0" diff --git a/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-2.ebuild b/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-2.ebuild index e9a92f0160c9..2eca357d0a2c 100644 --- a/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-2.ebuild +++ b/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -6,8 +6,8 @@ EAPI=7 inherit cmake DESCRIPTION="Set of scripts to manage google-auth setup on Gentoo Infra" -HOMEPAGE="https://github.com/mgorny/google-authenticator-wrappers" -SRC_URI="https://github.com/mgorny/google-authenticator-wrappers/archive/v${PV}.tar.gz -> ${P}.tar.gz" +HOMEPAGE="https://github.com/projg2/google-authenticator-wrappers" +SRC_URI="https://github.com/projg2/google-authenticator-wrappers/archive/v${PV}.tar.gz -> ${P}.tar.gz" LICENSE="BSD-2" SLOT="0" diff --git a/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-3-r1.ebuild b/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-3-r1.ebuild index 6a1d10c36f62..452bd4ae9b87 100644 --- a/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-3-r1.ebuild +++ b/sys-auth/google-authenticator-wrappers/google-authenticator-wrappers-3-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -6,8 +6,8 @@ EAPI=7 inherit cmake DESCRIPTION="Set of scripts to manage google-auth setup on Gentoo Infra" -HOMEPAGE="https://github.com/mgorny/google-authenticator-wrappers" -SRC_URI="https://github.com/mgorny/google-authenticator-wrappers/archive/v${PV}.tar.gz -> ${P}.tar.gz" +HOMEPAGE="https://github.com/projg2/google-authenticator-wrappers" +SRC_URI="https://github.com/projg2/google-authenticator-wrappers/archive/v${PV}.tar.gz -> ${P}.tar.gz" LICENSE="BSD-2" SLOT="0" diff --git a/sys-auth/google-authenticator-wrappers/metadata.xml b/sys-auth/google-authenticator-wrappers/metadata.xml index 076793e3f54b..9b638fe4f176 100644 --- a/sys-auth/google-authenticator-wrappers/metadata.xml +++ b/sys-auth/google-authenticator-wrappers/metadata.xml @@ -5,4 +5,12 @@ <email>mgorny@gentoo.org</email> <name>Michał Górny</name> </maintainer> + <upstream> + <maintainer status="active"> + <email>mgorny@gentoo.org</email> + <name>Michał Górny</name> + </maintainer> + <bugs-to>https://github.com/projg2/google-authenticator-wrappers/issues/</bugs-to> + <remote-id type="github">projg2/google-authenticator-wrappers</remote-id> + </upstream> </pkgmetadata> diff --git a/sys-auth/libfprint/Manifest b/sys-auth/libfprint/Manifest index ae233d9316f7..5a4b54078971 100644 --- a/sys-auth/libfprint/Manifest +++ b/sys-auth/libfprint/Manifest @@ -1,3 +1,4 @@ DIST libfprint-1.94.3.tar.gz 10409543 BLAKE2B 33e25715313cfc37f0c05ad47eca6d315a041a067cfc7dfac9d71fcf5231a11f54888dd837c083b8cca03ca2b4b0bced30340e8966ab4c989d4a33c59ceb483e SHA512 22290bd393b54ada75c4655b3e901b6ee25f389a396a9b29bc1e76c0333d9718483b2059c927deb5b8d8e0acf632fecc9c4535b3f161910d5c51fad508d3e7a4 DIST libfprint-1.94.4.tar.gz 10408480 BLAKE2B 492ea10777d223ce7d610f0dca2871c8eae08cb5dd7d30187194d6cc139a60d5350e5908f759434065614c05a72192347be19c1d6fe5641e08a2f6419bdcede7 SHA512 425efdfde373179a237805c4b5561e3531616798c41ccd4358f1c521f1e21af01f8ca61aaf8c959e2c68a69e4dfda23960e696acaaad2228ffef6f999986468e DIST libfprint-1.94.5.tar.bz2 8922994 BLAKE2B b79292dc77426d76e5e9cb1cbf8662867224f19ff9cf2434d000689d02e7d4609c9ca94a016185f71500e4a58e9522a7647684e1eaa841c02a40f27e0d22055e SHA512 6a73b3d05bd61b5c74e64d52eba7dab6e97dcf149e32c882e05f15dc7241fd8e78f115957ed52a9657ff0b21642ec633c27cc905cbd4697ed41369508957c989 +DIST libfprint-1.94.7.tar.bz2 9066931 BLAKE2B 5df859c4e38a8016b8f91785d8634d85e023cc19b837e928dd2de6392ed77b7a82c26e6c1485df2fa1fb2041421d4dd05441d5df24c2fc5399783dcc174d5afc SHA512 b91a71ef998b03a64b08d9439a1d26027f196f07fd1344bbe45f2dbeb3ace5752af9b7504ee8537eb40d896e43a517e3759a7b3735baded4cc3fb6c0ca3b0ece diff --git a/sys-auth/libfprint/libfprint-1.94.5.ebuild b/sys-auth/libfprint/libfprint-1.94.5.ebuild index 13f4c1ce816b..f60ff3e9d76e 100644 --- a/sys-auth/libfprint/libfprint-1.94.5.ebuild +++ b/sys-auth/libfprint/libfprint-1.94.5.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -13,7 +13,7 @@ SRC_URI="https://gitlab.freedesktop.org/${PN}/${PN}/-/archive/v${PV}/${MY_P}.tar LICENSE="LGPL-2.1+" SLOT="2" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86" +KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ppc ppc64 ~riscv sparc x86" IUSE="examples gtk-doc +introspection" RDEPEND=" diff --git a/sys-auth/libfprint/libfprint-1.94.7.ebuild b/sys-auth/libfprint/libfprint-1.94.7.ebuild new file mode 100644 index 000000000000..7ece93fa19d2 --- /dev/null +++ b/sys-auth/libfprint/libfprint-1.94.7.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit meson udev + +MY_P="${PN}-v${PV}" + +DESCRIPTION="Library to add support for consumer fingerprint readers" +HOMEPAGE=" + https://cgit.freedesktop.org/libfprint/libfprint + https://gitlab.freedesktop.org/libfprint/libfprint +" +SRC_URI="https://gitlab.freedesktop.org/${PN}/${PN}/-/archive/v${PV}/${MY_P}.tar.bz2 -> ${P}.tar.bz2" + +LICENSE="LGPL-2.1+" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +IUSE="examples gtk-doc +introspection" + +RDEPEND=" + dev-libs/glib:2 + dev-libs/libgudev + dev-libs/nss + dev-python/pygobject + dev-libs/libgusb + x11-libs/pixman + examples? ( + x11-libs/gdk-pixbuf:2 + x11-libs/gtk+:3 + ) +" + +DEPEND="${RDEPEND}" + +BDEPEND=" + virtual/pkgconfig + gtk-doc? ( dev-util/gtk-doc ) + introspection? ( + dev-libs/gobject-introspection + dev-libs/libgusb[introspection] + ) +" + +PATCHES=( "${FILESDIR}/${PN}-1.94.1-test-timeout.patch" ) + +S="${WORKDIR}/${MY_P}" + +src_configure() { + local emesonargs=( + $(meson_use examples gtk-examples) + $(meson_use gtk-doc doc) + $(meson_use introspection introspection) + -Ddrivers=all + -Dinstalled-tests=false + -Dudev_rules=enabled + -Dudev_rules_dir=$(get_udevdir)/rules.d + ) + + meson_src_configure +} + +pkg_postinst() { + udev_reload +} + +pkg_postrm() { + udev_reload +} diff --git a/sys-auth/libnss-nis/Manifest b/sys-auth/libnss-nis/Manifest index cb7267537751..8be397e30f10 100644 --- a/sys-auth/libnss-nis/Manifest +++ b/sys-auth/libnss-nis/Manifest @@ -1 +1,2 @@ DIST libnss-nis-3.1.tar.gz 225933 BLAKE2B 23b0c760f48f2f1bd2bcd6a1d3b2e7da0bc2f186b23f4ff961faf78b76bfbbaaa238a510979b086f279f4c4e25f98d9ae8631e5222dc7479e8c50b0f4572b0da SHA512 fab2d035ef9cea5fa6351c44085a96f9f90e50550b77aa3898e0d5a6ff296951b22b4ac58979d07ae3b3da2f97c7e47ab466e1a5868e7f218971028174159636 +DIST libnss_nis-3.2.tar.xz 257420 BLAKE2B e256680bae1d989cf097c9405328f85bf445249f82331d2e943a589c635387af803bebdb5e96235d371886e0c578c0902c9d0b1958c69cc594c93233012c4dad SHA512 d35d1ad88503082a43ad854b5ad6de08367a098871d073eb48a2a2be593326b323dc9c164ce59ee203b34b0b141327c5816129e16170425e8b283e5e2d90a2fa diff --git a/sys-auth/libnss-nis/libnss-nis-3.2.ebuild b/sys-auth/libnss-nis/libnss-nis-3.2.ebuild new file mode 100644 index 000000000000..29f8f4ab51c8 --- /dev/null +++ b/sys-auth/libnss-nis/libnss-nis-3.2.ebuild @@ -0,0 +1,37 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit multilib-minimal + +MY_P=${PN/-/_}-${PV} +DESCRIPTION="NSS module to provide NIS support" +HOMEPAGE="https://github.com/thkukuk/libnss_nis" +SRC_URI="https://github.com/thkukuk/libnss_nis/releases/download/v${PV}/${MY_P}.tar.xz" +S="${WORKDIR}"/${MY_P} + +LICENSE="LGPL-2.1+ BSD ISC" +SLOT="0" +KEYWORDS="~amd64 ~riscv" + +RDEPEND=" + >net-libs/libnsl-0:=[${MULTILIB_USEDEP}] + net-libs/libtirpc:=[${MULTILIB_USEDEP}] + !<sys-libs/glibc-2.26 +" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +multilib_src_configure() { + local myconf=( + --enable-shared + ) + + ECONF_SOURCE="${S}" econf "${myconf[@]}" +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -name '*.la' -delete || die +} diff --git a/sys-auth/munge/munge-0.5.15.ebuild b/sys-auth/munge/munge-0.5.15.ebuild index 885f7c485398..a1a5d61cf62c 100644 --- a/sys-auth/munge/munge-0.5.15.ebuild +++ b/sys-auth/munge/munge-0.5.15.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -11,7 +11,7 @@ SRC_URI="https://github.com/dun/munge/releases/download/${P}/${P}.tar.xz" LICENSE="GPL-3" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" +KEYWORDS="~alpha amd64 ~arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86" IUSE="debug gcrypt static-libs" # TODO: still tries to use ${S}? RESTRICT="test" diff --git a/sys-auth/nss-mdns/files/lld-17-undefined-versioned-symbols.patch b/sys-auth/nss-mdns/files/lld-17-undefined-versioned-symbols.patch new file mode 100644 index 000000000000..905e41853871 --- /dev/null +++ b/sys-auth/nss-mdns/files/lld-17-undefined-versioned-symbols.patch @@ -0,0 +1,160 @@ +Gentoo bug: https://bugs.gentoo.org/919484 +Upstream PR: https://github.com/avahi/nss-mdns/pull/93 +diff --git a/Makefile.am b/Makefile.am +index d5a83c1..6df75f3 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -17,9 +17,6 @@ + EXTRA_DIST=bootstrap.sh README.md ACKNOWLEDGEMENTS.md NEWS.md LICENSE + ACLOCAL_AMFLAGS=-I m4 + +-# src +-EXTRA_DIST += src/map-file +- + AM_CFLAGS = \ + -DMDNS_ALLOW_FILE=\"$(MDNS_ALLOW_FILE)\" \ + -DAVAHI_SOCKET=\"$(AVAHI_SOCKET)\" +@@ -47,29 +44,53 @@ endif + + check_PROGRAMS = nss-test avahi-test + ++src/libnss-mdns-la-map-file: $(srcdir)/src/map-file.in $(srcdir)/src/nss.h ++ $(COMPILE) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(libnss_mdns_la_CFLAGS) -E -x assembler-with-cpp -DVER_SYM_MAP_GEN -o $@ $< ++ ++src/libnss-mdns-minimal-la-map-file: $(srcdir)/src/map-file.in $(srcdir)/src/nss.h ++ $(COMPILE) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(libnss_mdns_minimal_la_CFLAGS) -E -x assembler-with-cpp -DVER_SYM_MAP_GEN -o $@ $< ++ ++src/libnss-mdns4-la-map-file: $(srcdir)/src/map-file.in $(srcdir)/src/nss.h ++ $(COMPILE) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(libnss_mdns4_la_CFLAGS) -E -x assembler-with-cpp -DVER_SYM_MAP_GEN -o $@ $< ++ ++src/libnss-mdns4-minimal-la-map-file: $(srcdir)/src/map-file.in $(srcdir)/src/nss.h ++ $(COMPILE) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(libnss_mdns4_minimal_la_CFLAGS) -E -x assembler-with-cpp -DVER_SYM_MAP_GEN -o $@ $< ++ ++src/libnss-mdns6-la-map-file: $(srcdir)/src/map-file.in $(srcdir)/src/nss.h ++ $(COMPILE) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(libnss_mdns6_la_CFLAGS) -E -x assembler-with-cpp -DVER_SYM_MAP_GEN -o $@ $< ++ ++src/libnss-mdns6-minimal-la-map-file: $(srcdir)/src/map-file.in $(srcdir)/src/nss.h ++ $(COMPILE) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(libnss_mdns6_minimal_la_CFLAGS) -E -x assembler-with-cpp -DVER_SYM_MAP_GEN -o $@ $< ++ + libnss_mdns_la_SOURCES=src/util.c src/util.h src/avahi.c src/avahi.h src/nss.c src/nss.h ++EXTRA_libnss_mdns_la_DEPENDENCIES=src/libnss-mdns-la-map-file + libnss_mdns_la_CFLAGS=$(AM_CFLAGS) +-libnss_mdns_la_LDFLAGS=$(AM_LDFLAGS) -shrext .so.2 -Wl,-version-script=$(srcdir)/src/map-file ++libnss_mdns_la_LDFLAGS=$(AM_LDFLAGS) -shrext .so.2 -Wl,-version-script=src/libnss-mdns-la-map-file + + libnss_mdns_minimal_la_SOURCES=$(libnss_mdns_la_SOURCES) ++EXTRA_libnss_mdns_minimal_la_DEPENDENCIES=src/libnss-mdns-minimal-la-map-file + libnss_mdns_minimal_la_CFLAGS=$(libnss_mdns_la_CFLAGS) -DMDNS_MINIMAL +-libnss_mdns_minimal_la_LDFLAGS=$(libnss_mdns_la_LDFLAGS) ++libnss_mdns_minimal_la_LDFLAGS=$(AM_LDFLAGS) -shrext .so.2 -Wl,-version-script=src/libnss-mdns-minimal-la-map-file + + libnss_mdns4_la_SOURCES=$(libnss_mdns_la_SOURCES) ++EXTRA_libnss_mdns4_la_DEPENDENCIES=src/libnss-mdns4-la-map-file + libnss_mdns4_la_CFLAGS=$(libnss_mdns_la_CFLAGS) -DNSS_IPV4_ONLY=1 +-libnss_mdns4_la_LDFLAGS=$(libnss_mdns_la_LDFLAGS) ++libnss_mdns4_la_LDFLAGS=$(AM_LDFLAGS) -shrext .so.2 -Wl,-version-script=src/libnss-mdns4-la-map-file + + libnss_mdns4_minimal_la_SOURCES=$(libnss_mdns_la_SOURCES) ++EXTRA_libnss_mdns4_minimal_la_DEPENDENCIES=src/libnss-mdns4-minimal-la-map-file + libnss_mdns4_minimal_la_CFLAGS=$(libnss_mdns_la_CFLAGS) -DNSS_IPV4_ONLY=1 -DMDNS_MINIMAL +-libnss_mdns4_minimal_la_LDFLAGS=$(libnss_mdns_la_LDFLAGS) ++libnss_mdns4_minimal_la_LDFLAGS=$(AM_LDFLAGS) -shrext .so.2 -Wl,-version-script=src/libnss-mdns4-minimal-la-map-file + + libnss_mdns6_la_SOURCES=$(libnss_mdns_la_SOURCES) ++EXTRA_libnss_mdns6_la_DEPENDENCIES=src/libnss-mdns6-la-map-file + libnss_mdns6_la_CFLAGS=$(libnss_mdns_la_CFLAGS) -DNSS_IPV6_ONLY=1 +-libnss_mdns6_la_LDFLAGS=$(libnss_mdns_la_LDFLAGS) ++libnss_mdns6_la_LDFLAGS=$(AM_LDFLAGS) -shrext .so.2 -Wl,-version-script=src/libnss-mdns6-la-map-file + + libnss_mdns6_minimal_la_SOURCES=$(libnss_mdns_la_SOURCES) ++EXTRA_libnss_mdns6_minimal_la_DEPENDENCIES=src/libnss-mdns6-minimal-la-map-file + libnss_mdns6_minimal_la_CFLAGS=$(libnss_mdns_la_CFLAGS) -DNSS_IPV6_ONLY=1 -DMDNS_MINIMAL +-libnss_mdns6_minimal_la_LDFLAGS=$(libnss_mdns_la_LDFLAGS) ++libnss_mdns6_minimal_la_LDFLAGS=$(AM_LDFLAGS) -shrext .so.2 -Wl,-version-script=src/libnss-mdns6-minimal-la-map-file + + nss_mdns_la_SOURCES=$(libnss_mdns_la_SOURCES) src/bsdnss.c + nss_mdns_la_CFLAGS=$(AM_CFLAGS) +diff --git a/src/map-file b/src/map-file +deleted file mode 100644 +index 69e7987..0000000 +--- a/src/map-file ++++ /dev/null +@@ -1,41 +0,0 @@ +-NSSMDNS_0 { +-global: +- +-_nss_mdns_gethostbyaddr_r; +-_nss_mdns4_gethostbyaddr_r; +-_nss_mdns6_gethostbyaddr_r; +-_nss_mdns_minimal_gethostbyaddr_r; +-_nss_mdns4_minimal_gethostbyaddr_r; +-_nss_mdns6_minimal_gethostbyaddr_r; +- +-_nss_mdns_gethostbyname_r; +-_nss_mdns4_gethostbyname_r; +-_nss_mdns6_gethostbyname_r; +-_nss_mdns_minimal_gethostbyname_r; +-_nss_mdns4_minimal_gethostbyname_r; +-_nss_mdns6_minimal_gethostbyname_r; +- +-_nss_mdns_gethostbyname2_r; +-_nss_mdns4_gethostbyname2_r; +-_nss_mdns6_gethostbyname2_r; +-_nss_mdns_minimal_gethostbyname2_r; +-_nss_mdns4_minimal_gethostbyname2_r; +-_nss_mdns6_minimal_gethostbyname2_r; +- +-_nss_mdns_gethostbyname3_r; +-_nss_mdns4_gethostbyname3_r; +-_nss_mdns6_gethostbyname3_r; +-_nss_mdns_minimal_gethostbyname3_r; +-_nss_mdns4_minimal_gethostbyname3_r; +-_nss_mdns6_minimal_gethostbyname3_r; +- +-_nss_mdns_gethostbyname4_r; +-_nss_mdns4_gethostbyname4_r; +-_nss_mdns6_gethostbyname4_r; +-_nss_mdns_minimal_gethostbyname4_r; +-_nss_mdns4_minimal_gethostbyname4_r; +-_nss_mdns6_minimal_gethostbyname4_r; +- +-local: +-*; +-}; +diff --git a/src/map-file.in b/src/map-file.in +new file mode 100644 +index 0000000..caecf41 +--- /dev/null ++++ b/src/map-file.in +@@ -0,0 +1,14 @@ ++NSSMDNS_0 { ++global: ++ ++#include "nss.h" ++ ++_nss_mdns_gethostbyaddr_r; ++_nss_mdns_gethostbyname2_r; ++_nss_mdns_gethostbyname3_r; ++_nss_mdns_gethostbyname4_r; ++_nss_mdns_gethostbyname_r; ++ ++local: ++*; ++}; +diff --git a/src/nss.h b/src/nss.h +index dd8dbff..d63f51c 100644 +--- a/src/nss.h ++++ b/src/nss.h +@@ -33,6 +33,7 @@ + #define _nss_mdns_gethostbyaddr_r _nss_mdns_minimal_gethostbyaddr_r + #endif + ++#ifndef VER_SYM_MAP_GEN + // Define prototypes for nss function we're going to export (fixes GCC warnings) + #ifndef __FreeBSD__ + enum nss_status _nss_mdns_gethostbyname4_r(const char*, struct gaih_addrtuple**, +@@ -50,3 +51,4 @@ enum nss_status _nss_mdns_gethostbyaddr_r(const void*, int, int, + int*); + + #endif ++#endif diff --git a/sys-auth/nss-mdns/nss-mdns-0.15.1.ebuild b/sys-auth/nss-mdns/nss-mdns-0.15.1.ebuild index 6a7a14987621..2c1aa9581be0 100644 --- a/sys-auth/nss-mdns/nss-mdns-0.15.1.ebuild +++ b/sys-auth/nss-mdns/nss-mdns-0.15.1.ebuild @@ -1,8 +1,8 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 -inherit multilib-minimal +inherit autotools multilib-minimal DESCRIPTION="Name Service Switch module for Multicast DNS" HOMEPAGE="https://github.com/lathiat/nss-mdns" @@ -18,6 +18,16 @@ RDEPEND=">=net-dns/avahi-0.6.31-r2[${MULTILIB_USEDEP}]" DEPEND="${RDEPEND} test? ( >=dev-libs/check-0.11[${MULTILIB_USEDEP}] )" +PATCHES=( + "${FILESDIR}"/lld-17-undefined-versioned-symbols.patch +) + +src_prepare() { + default + # Only needed for LLD 17 patch + eautoreconf +} + multilib_src_configure() { local myconf=( # $(localstatedir)/run/... is used to locate avahi-daemon socket @@ -46,9 +56,9 @@ pkg_postinst() { ewarn "minimal (mdns?_minimal) libraries which only lookup .local hosts" ewarn "and 169.254.x.x addresses." ewarn - ewarn "Add the appropriate mdns into the hosts line in /etc/nsswitch.conf." - ewarn "An example line looks like:" - ewarn "hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4" + ewarn "Add the appropriate mdns into the hosts line in /etc/nsswitch.conf" + ewarn "before resolve and dns. An example line looks like:" + ewarn "hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns" ewarn ewarn "If you want to perform mDNS lookups for domains other than the ones" ewarn "ending in .local, add them to /etc/mdns.allow." diff --git a/sys-auth/nss-mdns/nss-mdns-9999.ebuild b/sys-auth/nss-mdns/nss-mdns-9999.ebuild index 532c36ea0f69..14c19990761b 100644 --- a/sys-auth/nss-mdns/nss-mdns-9999.ebuild +++ b/sys-auth/nss-mdns/nss-mdns-9999.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -53,9 +53,9 @@ pkg_postinst() { ewarn "minimal (mdns?_minimal) libraries which only lookup .local hosts" ewarn "and 169.254.x.x addresses." ewarn - ewarn "Add the appropriate mdns into the hosts line in /etc/nsswitch.conf." - ewarn "An example line looks like:" - ewarn "hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4" + ewarn "Add the appropriate mdns into the hosts line in /etc/nsswitch.conf" + ewarn "before resolve and dns. An example line looks like:" + ewarn "hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns" ewarn ewarn "If you want to perform mDNS lookups for domains other than the ones" ewarn "ending in .local, add them to /etc/mdns.allow." diff --git a/sys-auth/nss-myhostname/nss-myhostname-0.3-r1.ebuild b/sys-auth/nss-myhostname/nss-myhostname-0.3-r1.ebuild index 3e71766c9e42..d1117fb2df91 100644 --- a/sys-auth/nss-myhostname/nss-myhostname-0.3-r1.ebuild +++ b/sys-auth/nss-myhostname/nss-myhostname-0.3-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="7" @@ -9,7 +9,7 @@ SRC_URI="https://0pointer.de/lennart/projects/${PN}/${P}.tar.gz" LICENSE="LGPL-2.1+" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~ia64 ppc ppc64 ~riscv sparc x86" +KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ppc ppc64 ~riscv sparc x86" IUSE="" COMMON_DEPEND="" diff --git a/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.12-netdb-defines.patch b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.12-netdb-defines.patch new file mode 100644 index 000000000000..2036da4fd7b1 --- /dev/null +++ b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.12-netdb-defines.patch @@ -0,0 +1,26 @@ +Bug: https://bugs.gentoo.org/716272 + +--- a/nss/hosts.c ++++ b/nss/hosts.c +@@ -49,6 +49,9 @@ + *h_errnop = NO_RECOVERY; \ + return NSS_STATUS_UNAVAIL; + ++#ifndef NETDB_INTERNAL ++#define NETDB_INTERNAL -1 ++#endif + #undef ERROR_OUT_BUFERROR + #define ERROR_OUT_BUFERROR(fp) \ + *errnop = ERANGE; \ +--- a/nss/networks.c ++++ b/nss/networks.c +@@ -49,6 +49,9 @@ + *h_errnop = NO_RECOVERY; \ + return NSS_STATUS_UNAVAIL; + ++#ifndef NETDB_INTERNAL ++#define NETDB_INTERNAL -1 ++#endif + #undef ERROR_OUT_BUFERROR + #define ERROR_OUT_BUFERROR(fp) \ + *errnop = ERANGE; \ diff --git a/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild index bfb9799aa94f..0f8f3074c0d5 100644 --- a/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild +++ b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 -PYTHON_COMPAT=( python3_{9..11} ) +PYTHON_COMPAT=( python3_{10..11} ) inherit autotools python-r1 s6 systemd tmpfiles multilib-minimal DESCRIPTION="NSS module for name lookups using LDAP" @@ -12,9 +12,10 @@ SRC_URI="https://arthurdejong.org/${PN}/${P}.tar.gz" LICENSE="LGPL-2.1" SLOT="0" -KEYWORDS="amd64 ~ppc ~ppc64 x86" +KEYWORDS="amd64 arm ~hppa ~ia64 ~ppc ppc64 ~sparc x86" IUSE="debug kerberos +pam pynslcd sasl test +utils" REQUIRED_USE=" + ${PYTHON_REQUIRED_USE} utils? ( ${PYTHON_REQUIRED_USE} ) test? ( ${PYTHON_REQUIRED_USE} pynslcd ) " diff --git a/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r3.ebuild b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r3.ebuild new file mode 100644 index 000000000000..dea33acdbfbb --- /dev/null +++ b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r3.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..11} ) +inherit autotools python-r1 s6 systemd tmpfiles multilib-minimal + +DESCRIPTION="NSS module for name lookups using LDAP" +HOMEPAGE="https://arthurdejong.org/nss-pam-ldapd/" +SRC_URI="https://arthurdejong.org/${PN}/${P}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc x86" +IUSE="debug kerberos +pam pynslcd sasl selinux test +utils" +REQUIRED_USE=" + ${PYTHON_REQUIRED_USE} + utils? ( ${PYTHON_REQUIRED_USE} ) + test? ( ${PYTHON_REQUIRED_USE} pynslcd ) +" +RESTRICT="!test? ( test )" + +RDEPEND=" + acct-group/nslcd + acct-user/nslcd + net-nds/openldap:=[${MULTILIB_USEDEP}] + sasl? ( dev-libs/cyrus-sasl[${MULTILIB_USEDEP}] ) + kerberos? ( virtual/krb5[${MULTILIB_USEDEP}] ) + sys-libs/pam[${MULTILIB_USEDEP}] + utils? ( ${PYTHON_DEPS} ) + pynslcd? ( + dev-python/python-ldap[${PYTHON_USEDEP}] + dev-python/python-daemon[${PYTHON_USEDEP}] + ) + elibc_musl? ( sys-libs/musl-nscd ) + !sys-auth/nss_ldap + !sys-auth/pam_ldap +" +DEPEND="${RDEPEND}" +BDEPEND=" + ${PYTHON_DEPS} + test? ( dev-python/pylint[${PYTHON_USEDEP}] ) +" +RDEPEND+=" selinux? ( sec-policy/selinux-nslcd )" + +PATCHES=( + "${FILESDIR}"/nss-pam-ldapd-0.9.4-disable-py3-only-linters.patch + "${FILESDIR}"/nss-pam-ldapd-0.9.11-use-mkstemp.patch + "${FILESDIR}"/nss-pam-ldapd-0.9.11-relative-imports.patch + "${FILESDIR}"/nss-pam-ldapd-0.9.11-tests.patch + "${FILESDIR}"/nss-pam-ldapd-0.9.11-tests-py39.patch + "${FILESDIR}"/nss-pam-ldapd-0.9.12-netdb-defines.patch +) + +pkg_setup() { + [[ ${MERGE_TYPE} != binary ]] && python_setup +} + +src_prepare() { + default + + touch pynslcd/__init__.py || die "Could not create __init__.py for pynslcd" + mv pynslcd/pynslcd.py pynslcd/main.py || die + + eautoreconf +} + +multilib_src_configure() { + local myconf=( + --disable-utils + --enable-warnings + --with-ldap-lib=openldap + --with-ldap-conf-file="${EPREFIX}"/etc/nslcd.conf + --with-nslcd-pidfile=/run/nslcd/nslcd.pid + --with-nslcd-socket=/run/nslcd/socket + --with-nss-flavour=glibc + $(use_enable pynslcd) + $(use_enable debug) + $(use_enable kerberos) + $(use_enable pam) + $(use_enable sasl) + + # nss libraries always go in /lib on Gentoo + --with-pam-seclib-dir="${EPREFIX}"/$(get_libdir)/security + --libdir="${EPREFIX}"/$(get_libdir) + ) + ECONF_SOURCE="${S}" econf "${myconf[@]}" +} + +multilib_src_test() { + python_test() { + cp -l "${S}"/pynslcd/*.py pynslcd/ || die "Could not copy python files for tests" + nonfatal emake check || die "tests failed with ${EPYTHON}" + } + + pushd "${BUILD_DIR}" >/dev/null || die + ln -s ../pynslcd/constants.py utils/constants.py || die + python_foreach_impl python_test + popd >/dev/null || die +} + +multilib_src_install() { + emake DESTDIR="${D}" install + + if use pynslcd; then + python_moduleinto pynslcd + python_foreach_impl python_domodule pynslcd/*.py + fi +} + +multilib_src_install_all() { + einstalldocs + + newinitd "${FILESDIR}"/nslcd.init nslcd + s6_install_service nslcd "${FILESDIR}"/nslcd.s6 + + insinto /usr/share/nss-pam-ldapd + doins "${WORKDIR}"/${P}/nslcd.conf + + fperms o-r /etc/nslcd.conf + + if use utils; then + python_moduleinto nslcd + python_foreach_impl python_domodule utils/*.py + + local script + for script in chsh getent; do + python_foreach_impl python_newscript utils/${script}.py ${script}.ldap + done + fi + if use pynslcd; then + rm -rf "${ED}"/usr/share/pynslcd || die + python_moduleinto pynslcd + python_foreach_impl python_domodule pynslcd/*.py + python_scriptinto /usr/sbin + python_foreach_impl python_newscript pynslcd/main.py pynslcd + newinitd "${FILESDIR}"/pynslcd.init pynslcd + fi + + newtmpfiles "${FILESDIR}"/nslcd-tmpfiles.conf nslcd.conf + systemd_newunit "${FILESDIR}"/nslcd.service nslcd.service +} + +pkg_postinst() { + tmpfiles_process nslcd.conf + + elog "For this to work you must configure /etc/nslcd.conf" + elog "This configuration is similar to pam_ldap's /etc/ldap.conf" + elog + elog "In order to use nss-pam-ldapd, nslcd needs to be running. You can" + elog "start it like this:" + elog " # /etc/init.d/nslcd start" + elog + elog "You can add it to the default runlevel like so:" + elog " # rc-update add nslcd default" + elog + elog "If you have >=sys-apps/openrc-0.16.3, you can also use s6" + elog "to supervise this service." + elog "To do this, emerge sys-apps/s6 then add nslcd-s6" + elog "default runlevel instead of nslcd." + elog + elog "If you are upgrading, keep in mind that /etc/nss-ldapd.conf" + elog " is now named /etc/nslcd.conf" +} diff --git a/sys-auth/oath-toolkit/Manifest b/sys-auth/oath-toolkit/Manifest index 5869f860e046..bdd4b255323b 100644 --- a/sys-auth/oath-toolkit/Manifest +++ b/sys-auth/oath-toolkit/Manifest @@ -1 +1,4 @@ -DIST oath-toolkit-2.6.2.tar.gz 4295786 BLAKE2B 2b97ab73339647b560b46373922095f18655a167b613b15d4ee2fd507d430025628d20eb111ff1d8025e78646b1d61d9680a7082caba1c75d247bb1d8b9b99dd SHA512 201a702a05a2e9fb3a66d04750e1a34e293342126caf02c344954a0d9fd0daafe73ca7f1fe273be129ae555a29b82b72fa2b4770ea2ad10711924e1926ec2cfb +DIST oath-toolkit-2.6.10.tar.gz 4710528 BLAKE2B 2fd3c890214089b47bc4eb5759735cc921ed73f9eb9fa52aa8cc9f329b9887a45dbc0118ca077aecebc38660388d1be29a94d8c87917361def86f3a9378f5d40 SHA512 b9a4447350593c206aabf4dce09273194d5ac499c4f2fca4e36ba77480793898e3011655451d9147748b56c2a8611e04640ba2aec5f4e96fcd9e967b93b1c1b7 +DIST oath-toolkit-2.6.11.tar.gz 4699215 BLAKE2B f3fa3ab1818f4f9bbf7c8c88432cd3432fbfb30dfcc660ab85f07e2d3d7e1616fc24579900bc55bbf72fb81b2eac4a6591553968872f07d8b3955ce4e6495afd SHA512 42df879bebccdde3d38558ba735e09db14d0c916b9f0d3a1842e0ecc80614b7d1ee44db39d3097970a2a7108446da6eefd09bdd32dd2fb81d6aed06dc19552fd +DIST oath-toolkit-2.6.7.tar.gz 5625279 BLAKE2B 23f377c51eb633bf01d6085d33c7362cd91b6bed1cf4c2bbf32dc9433849e20c53f6896b16e5056b13f420f6a65a3c593fa1dafd7e184ed9e52666d94a7f75d1 SHA512 50edff75c8366887d69cf4740c4cc3bdfc3e43cbd4910ff40f735bca489f0953d7e5a21130f12782ac7a1f2fb00f0db313aff139085f23daba78a69bc7b2eb12 +DIST oath-toolkit-2.6.9.tar.gz 4693524 BLAKE2B 572512311bbfa18d325c7b9b8d88ff85c05241c9a22942bc67edf531ed621e68b031dc4562bd8473ec1b1bfe264c8a4084c1c304ba0d24914acc5b21325b8601 SHA512 6e96b5a926f6e2448661fef267dcf9c99167b7bdfc71e319d2ab7ddc051a7be002043485547ad83744209c25ea0d87f8e28f25cccd6856281321f3d22e3cf160 diff --git a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-gcc7.patch b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-gcc7.patch deleted file mode 100644 index 18a0a2779408..000000000000 --- a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-gcc7.patch +++ /dev/null @@ -1,80 +0,0 @@ -Bug: https://bugs.gentoo.org/618100 -Cherry-picked from upstream commits: https://github.com/coreutils/gnulib/commit/175b4e22f99e00996b72f822f5ae54dca8243d19 - https://github.com/coreutils/gnulib/commit/abae112b34572cd3869ce4fc81dddb5c2a7394c4 - ---- a/oathtool/gl/intprops.h -+++ b/oathtool/gl/intprops.h -@@ -23,6 +23,10 @@ - #include <limits.h> - #include <verify.h> - -+#ifndef __has_builtin -+# define __has_builtin(x) 0 -+#endif -+ - /* Return a value with the common real type of E and V and the value of V. */ - #define _GL_INT_CONVERT(e, v) (0 * (e) + (v)) - -@@ -222,20 +226,24 @@ - ? (a) < (min) >> (b) \ - : (max) >> (b) < (a)) - --/* True if __builtin_add_overflow (A, B, P) works when P is null. */ --#define _GL_HAS_BUILTIN_OVERFLOW_WITH_NULL (7 <= __GNUC__) -+/* True if __builtin_add_overflow (A, B, P) works when P is non-null. */ -+#define _GL_HAS_BUILTIN_OVERFLOW \ -+ (5 <= __GNUC__ || __has_builtin (__builtin_add_overflow)) -+ -+#define _GL_HAS_BUILTIN_OVERFLOW_P \ -+ (7 <= __GNUC__ || __has_builtin (__builtin_add_overflow_p)) - - /* The _GL*_OVERFLOW macros have the same restrictions as the - *_RANGE_OVERFLOW macros, except that they do not assume that operands - (e.g., A and B) have the same type as MIN and MAX. Instead, they assume - that the result (e.g., A + B) has that type. */ --#if _GL_HAS_BUILTIN_OVERFLOW_WITH_NULL --# define _GL_ADD_OVERFLOW(a, b, min, max) -- __builtin_add_overflow (a, b, (__typeof__ ((a) + (b)) *) 0) --# define _GL_SUBTRACT_OVERFLOW(a, b, min, max) -- __builtin_sub_overflow (a, b, (__typeof__ ((a) - (b)) *) 0) --# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) -- __builtin_mul_overflow (a, b, (__typeof__ ((a) * (b)) *) 0) -+#if _GL_HAS_BUILTIN_OVERFLOW_P -+# define _GL_ADD_OVERFLOW(a, b, min, max) \ -+ __builtin_add_overflow_p (a, b, (a) + (b)) -+# define _GL_SUBTRACT_OVERFLOW(a, b, min, max) \ -+ __builtin_sub_overflow_p (a, b, (a) - (b)) -+# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) \ -+ __builtin_mul_overflow_p (a, b, (a) * (b)) - #else - # define _GL_ADD_OVERFLOW(a, b, min, max) \ - ((min) < 0 ? INT_ADD_RANGE_OVERFLOW (a, b, min, max) \ -@@ -315,7 +323,7 @@ - _GL_BINARY_OP_OVERFLOW (a, b, _GL_ADD_OVERFLOW) - #define INT_SUBTRACT_OVERFLOW(a, b) \ - _GL_BINARY_OP_OVERFLOW (a, b, _GL_SUBTRACT_OVERFLOW) --#if _GL_HAS_BUILTIN_OVERFLOW_WITH_NULL -+#if _GL_HAS_BUILTIN_OVERFLOW || _GL_HAS_BUILTIN_OVERFLOW_P - # define INT_NEGATE_OVERFLOW(a) INT_SUBTRACT_OVERFLOW (0, a) - #else - # define INT_NEGATE_OVERFLOW(a) \ -@@ -349,10 +357,6 @@ - #define INT_MULTIPLY_WRAPV(a, b, r) \ - _GL_INT_OP_WRAPV (a, b, r, *, __builtin_mul_overflow, INT_MULTIPLY_OVERFLOW) - --#ifndef __has_builtin --# define __has_builtin(x) 0 --#endif -- - /* Nonzero if this compiler has GCC bug 68193 or Clang bug 25390. See: - https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68193 - https://llvm.org/bugs/show_bug.cgi?id=25390 -@@ -369,7 +373,7 @@ - the operation. BUILTIN is the builtin operation, and OVERFLOW the - overflow predicate. Return 1 if the result overflows. See above - for restrictions. */ --#if 5 <= __GNUC__ || __has_builtin (__builtin_add_overflow) -+#if _GL_HAS_BUILTIN_OVERFLOW - # define _GL_INT_OP_WRAPV(a, b, r, op, builtin, overflow) builtin (a, b, r) - #elif 201112 <= __STDC_VERSION__ && !_GL__GENERIC_BOGUS - # define _GL_INT_OP_WRAPV(a, b, r, op, builtin, overflow) \ diff --git a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-glibc228.patch b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-glibc228.patch deleted file mode 100644 index c43f7aee0fe7..000000000000 --- a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-glibc228.patch +++ /dev/null @@ -1,100 +0,0 @@ -diff -ruN oath-toolkit-2.6.2.orig/liboath/gl/fseeko.c oath-toolkit-2.6.2/liboath/gl/fseeko.c ---- oath-toolkit-2.6.2.orig/liboath/gl/fseeko.c 2016-08-27 13:15:06.000000000 +0200 -+++ oath-toolkit-2.6.2/liboath/gl/fseeko.c 2018-10-27 22:07:53.836832404 +0200 -@@ -1,18 +1,18 @@ - /* An fseeko() function that, together with fflush(), is POSIX compliant. -- Copyright (C) 2007-2016 Free Software Foundation, Inc. -+ Copyright (C) 2007-2018 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU Lesser General Public License as published by -- the Free Software Foundation; either version 2.1, or (at your option) -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- GNU Lesser General Public License for more details. -+ GNU General Public License for more details. - -- You should have received a copy of the GNU Lesser General Public License along -- with this program; if not, see <http://www.gnu.org/licenses/>. */ -+ You should have received a copy of the GNU General Public License along -+ with this program; if not, see <https://www.gnu.org/licenses/>. */ - - #include <config.h> - -@@ -33,9 +33,9 @@ - #endif - #if _GL_WINDOWS_64_BIT_OFF_T - # undef fseeko --# if HAVE__FSEEKI64 /* msvc, mingw64 */ -+# if HAVE__FSEEKI64 && HAVE_DECL__FSEEKI64 /* msvc, mingw since msvcrt8.0, mingw64 */ - # define fseeko _fseeki64 --# else /* mingw */ -+# else /* mingw before msvcrt8.0 */ - # define fseeko fseeko64 - # endif - #endif -@@ -47,12 +47,13 @@ - #endif - - /* These tests are based on fpurge.c. */ --#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ -+#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 -+ /* GNU libc, BeOS, Haiku, Linux libc5 */ - if (fp->_IO_read_end == fp->_IO_read_ptr - && fp->_IO_write_ptr == fp->_IO_write_base - && fp->_IO_save_base == NULL) - #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__ -- /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */ -+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */ - # if defined __SL64 && defined __SCLE /* Cygwin */ - if ((fp->_flags & __SL64) == 0) - { -@@ -80,7 +81,7 @@ - #elif defined __minix /* Minix */ - if (fp_->_ptr == fp_->_buf - && (fp_->_ptr == NULL || fp_->_count == 0)) --#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, NonStop Kernel */ -+#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, MSVC, NonStop Kernel, OpenVMS */ - if (fp_->_ptr == fp_->_base - && (fp_->_ptr == NULL || fp_->_cnt == 0)) - #elif defined __UCLIBC__ /* uClibc */ -@@ -117,18 +118,19 @@ - if (pos == -1) - { - #if defined __sferror || defined __DragonFly__ || defined __ANDROID__ -- /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */ -+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */ - fp_->_flags &= ~__SOFF; - #endif - return -1; - } - --#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ -+#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 -+ /* GNU libc, BeOS, Haiku, Linux libc5 */ - fp->_flags &= ~_IO_EOF_SEEN; - fp->_offset = pos; - #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__ -- /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */ --# if defined __CYGWIN__ || (defined __NetBSD__ && __NetBSD_Version__ >= 600000000) -+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */ -+# if defined __CYGWIN__ || (defined __NetBSD__ && __NetBSD_Version__ >= 600000000) || defined __minix - /* fp_->_offset is typed as an integer. */ - fp_->_offset = pos; - # else -@@ -150,8 +152,8 @@ - fp_->_flags &= ~__SEOF; - #elif defined __EMX__ /* emx+gcc */ - fp->_flags &= ~_IOEOF; --#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, NonStop Kernel */ -- fp->_flag &= ~_IOEOF; -+#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, MSVC, NonStop Kernel, OpenVMS */ -+ fp_->_flag &= ~_IOEOF; - #elif defined __MINT__ /* Atari FreeMiNT */ - fp->__offset = pos; - fp->__eof = 0; diff --git a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.7-new-xmlsec-tests.patch b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.7-new-xmlsec-tests.patch new file mode 100644 index 000000000000..a2ad292e19fc --- /dev/null +++ b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.7-new-xmlsec-tests.patch @@ -0,0 +1,74 @@ +https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/0ae59b9c72f69ee21044e736e292b73051df3272 + +From 0ae59b9c72f69ee21044e736e292b73051df3272 Mon Sep 17 00:00:00 2001 +From: Simon Josefsson <simon@josefsson.org> +Date: Sat, 12 Nov 2022 21:42:17 +0100 +Subject: [PATCH] Handle new libxmlsec on ArchLinux. + +--- a/libpskc/examples/pskc-hotp-signed.xml ++++ b/libpskc/examples/pskc-hotp-signed.xml +@@ -38,7 +38,8 @@ rIXbwqKhnBP943U4Ch31oEbZtbo+XRbiq11wv6dLNsi76TNGDqsjTKgEcSIYI6Vd + rMxnil6ChoIBvSSPGHhJuj1bW1EPW92JtIa6byrAj1m4RwSviQy2i65YoIdtrhRt + CWekj2zuL/0szv5rZMCCvxioOCA8znqELEPMfs0Aa/cACD2MZcC4gGXehNCvzYJr + TmB6lFpxP6f0g6eO7PVcqYN9NCwECxb5Cvx2j2uNlereY35/9oPR6YJx+V7sL+DB +-n6F0mN8OUAFxDamepKdGRApU8uZ35624o/I4</X509Certificate> ++n6F0mN8OUAFxDamepKdGRApU8uZ35624o/I4 ++</X509Certificate> + </X509Data> + </KeyInfo> + </Signature></KeyContainer> +--- a/pskctool/tests/pskc-all-signed.xml ++++ b/pskctool/tests/pskc-all-signed.xml +@@ -38,7 +38,8 @@ rIXbwqKhnBP943U4Ch31oEbZtbo+XRbiq11wv6dLNsi76TNGDqsjTKgEcSIYI6Vd + rMxnil6ChoIBvSSPGHhJuj1bW1EPW92JtIa6byrAj1m4RwSviQy2i65YoIdtrhRt + CWekj2zuL/0szv5rZMCCvxioOCA8znqELEPMfs0Aa/cACD2MZcC4gGXehNCvzYJr + TmB6lFpxP6f0g6eO7PVcqYN9NCwECxb5Cvx2j2uNlereY35/9oPR6YJx+V7sL+DB +-n6F0mN8OUAFxDamepKdGRApU8uZ35624o/I4</X509Certificate> ++n6F0mN8OUAFxDamepKdGRApU8uZ35624o/I4 ++</X509Certificate> + </X509Data> + </KeyInfo> + </Signature></KeyContainer> +--- a/pskctool/tests/tst_libexamples.sh ++++ b/pskctool/tests/tst_libexamples.sh +@@ -1,7 +1,7 @@ + #!/bin/sh + + # tst_libexamples.sh - keep pskctool output in GTK-DOC manual up to date +-# Copyright (C) 2012-2021 Simon Josefsson ++# Copyright (C) 2012-2022 Simon Josefsson + + # This program is free software: you can redistribute it and/or modify + # it under the terms of the GNU General Public License as published by +@@ -45,7 +45,8 @@ fi + + $PSKCTOOL --sign --sign-key $srcdir/pskc-ee-key.pem \ + --sign-crt $srcdir/pskc-ee-crt.pem \ +- $srcdir/../../libpskc/examples/pskc-hotp.xml > foo ++ $srcdir/../../libpskc/examples/pskc-hotp.xml \ ++ | sed 's,4</X509Cert,4\n</X509Cert,' > foo + if ! diff -ur $srcdir/../../libpskc/examples/pskc-hotp-signed.xml foo; then + echo "FAIL: pskctool --sign output change, commit updated file." + exit 1 +--- a/pskctool/tests/tst_sign.sh ++++ b/pskctool/tests/tst_sign.sh +@@ -1,7 +1,7 @@ + #!/bin/sh + + # tst_sign.sh - test that pskctool can sign and verify +-# Copyright (C) 2012-2021 Simon Josefsson ++# Copyright (C) 2012-2022 Simon Josefsson + + # This program is free software: you can redistribute it and/or modify + # it under the terms of the GNU General Public License as published by +@@ -32,7 +32,7 @@ $PSKCTOOL --info --strict --debug $pskc_all > tmp-pre-human.txt + $PSKCTOOL --sign \ + --sign-key $pskc_ee_key \ + --sign-crt $pskc_ee_crt \ +- $pskc_all > tmp-signed.xml ++ $pskc_all | sed 's,4</X509Cert,4\n</X509Cert,' > tmp-signed.xml + + diff -ur $pskc_all_signed tmp-signed.xml + +-- +GitLab diff --git a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.9-Fix-build-failure-noticed-on-ArchLinux-xmlsec.patch b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.9-Fix-build-failure-noticed-on-ArchLinux-xmlsec.patch new file mode 100644 index 000000000000..8b0cbacc51f7 --- /dev/null +++ b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.9-Fix-build-failure-noticed-on-ArchLinux-xmlsec.patch @@ -0,0 +1,40 @@ +https://bugs.gentoo.org/924395 + +From 9f2bc8d4278421e2a05598c89f22cdf34929ec66 Mon Sep 17 00:00:00 2001 +From: Simon Josefsson <simon@josefsson.org> +Date: Sun, 31 Dec 2023 15:42:00 +0100 +Subject: [PATCH] Fix build failure noticed on ArchLinux-xmlsec. + +--- + NEWS | 2 ++ + libpskc/container.c | 1 + + libpskc/parser.c | 1 + + 3 files changed, 4 insertions(+) + +diff --git a/libpskc/container.c b/libpskc/container.c +index 639babc..bda2266 100644 +--- a/libpskc/container.c ++++ b/libpskc/container.c +@@ -24,6 +24,7 @@ + #include <pskc/pskc.h> + + #include <string.h> /* memset */ ++#include <stdlib.h> /* realloc */ + + #define INTERNAL_NEED_PSKC_STRUCT + #define INTERNAL_NEED_PSKC_KEY_STRUCT +diff --git a/libpskc/parser.c b/libpskc/parser.c +index b1f3245..9a1e925 100644 +--- a/libpskc/parser.c ++++ b/libpskc/parser.c +@@ -28,6 +28,7 @@ + #include "internal.h" + + #include <string.h> ++#include <stdlib.h> /* malloc, strtoul */ + #include "base64.h" + + static void +-- +2.43.0 + diff --git a/sys-auth/oath-toolkit/metadata.xml b/sys-auth/oath-toolkit/metadata.xml index d230c8d03eb7..96a71f111315 100644 --- a/sys-auth/oath-toolkit/metadata.xml +++ b/sys-auth/oath-toolkit/metadata.xml @@ -9,7 +9,10 @@ <name>Gentoo Sysadmin Project</name> </maintainer> <use> - <flag name="pskc">Build tools & library for the Portable Symmetric Key Container (PSKC) format per RFC6030</flag> <flag name="pam">Build PAM module for pluggable login authentication for OATH</flag> </use> + <upstream> + <remote-id type="gitlab">oath-toolkit/oath-toolkit</remote-id> + <remote-id type="savannah-nongnu">oath-toolkit</remote-id> + </upstream> </pkgmetadata> diff --git a/sys-auth/oath-toolkit/oath-toolkit-2.6.10.ebuild b/sys-auth/oath-toolkit/oath-toolkit-2.6.10.ebuild new file mode 100644 index 000000000000..03d2801fa64c --- /dev/null +++ b/sys-auth/oath-toolkit/oath-toolkit-2.6.10.ebuild @@ -0,0 +1,69 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit pam + +DESCRIPTION="Toolkit for using one-time password authentication with HOTP/TOTP algorithms" +HOMEPAGE="https://www.nongnu.org/oath-toolkit/" +SRC_URI="mirror://nongnu/${PN}/${P}.tar.gz" + +LICENSE="GPL-3 LGPL-2.1" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86" +IUSE="pam static-libs test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/icu:= + dev-libs/libxml2 + dev-libs/xmlsec:= + pam? ( sys-libs/pam ) +" +RDEPEND="${DEPEND}" +BDEPEND=" + dev-build/gtk-doc-am + test? ( dev-libs/libxml2 ) +" + +QA_CONFIG_IMPL_DECL_SKIP=( + MIN # glibc fp + unreachable + alignof + static_assert +) + +src_configure() { + local myeconfargs=( + --cache-file="${S}"/config.cache + --enable-pskc + $(use_enable test xmltest) + $(use_enable pam) + $(use_with pam pam-dir $(getpam_mod_dir)) + $(use_enable static-libs static) + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + # Without keep-going, it will bail out after the first testsuite failure, + # skipping the other testsuites. as they are mostly independent, this sucks. + emake --keep-going check + + # Avoid errant QA notice for no tests run on these + rm -f libpskc/gtk-doc/test-suite.log liboath/gtk-doc/test-suite.log || die +} + +src_install() { + default + + find "${ED}" -name '*.la' -type f -delete || die + + if use pam; then + newdoc pam_oath/README README.pam + fi + + doman pskctool/pskctool.1 +} diff --git a/sys-auth/oath-toolkit/oath-toolkit-2.6.11.ebuild b/sys-auth/oath-toolkit/oath-toolkit-2.6.11.ebuild new file mode 100644 index 000000000000..03d2801fa64c --- /dev/null +++ b/sys-auth/oath-toolkit/oath-toolkit-2.6.11.ebuild @@ -0,0 +1,69 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit pam + +DESCRIPTION="Toolkit for using one-time password authentication with HOTP/TOTP algorithms" +HOMEPAGE="https://www.nongnu.org/oath-toolkit/" +SRC_URI="mirror://nongnu/${PN}/${P}.tar.gz" + +LICENSE="GPL-3 LGPL-2.1" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86" +IUSE="pam static-libs test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/icu:= + dev-libs/libxml2 + dev-libs/xmlsec:= + pam? ( sys-libs/pam ) +" +RDEPEND="${DEPEND}" +BDEPEND=" + dev-build/gtk-doc-am + test? ( dev-libs/libxml2 ) +" + +QA_CONFIG_IMPL_DECL_SKIP=( + MIN # glibc fp + unreachable + alignof + static_assert +) + +src_configure() { + local myeconfargs=( + --cache-file="${S}"/config.cache + --enable-pskc + $(use_enable test xmltest) + $(use_enable pam) + $(use_with pam pam-dir $(getpam_mod_dir)) + $(use_enable static-libs static) + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + # Without keep-going, it will bail out after the first testsuite failure, + # skipping the other testsuites. as they are mostly independent, this sucks. + emake --keep-going check + + # Avoid errant QA notice for no tests run on these + rm -f libpskc/gtk-doc/test-suite.log liboath/gtk-doc/test-suite.log || die +} + +src_install() { + default + + find "${ED}" -name '*.la' -type f -delete || die + + if use pam; then + newdoc pam_oath/README README.pam + fi + + doman pskctool/pskctool.1 +} diff --git a/sys-auth/oath-toolkit/oath-toolkit-2.6.2-r2.ebuild b/sys-auth/oath-toolkit/oath-toolkit-2.6.2-r2.ebuild deleted file mode 100644 index 0adab310261d..000000000000 --- a/sys-auth/oath-toolkit/oath-toolkit-2.6.2-r2.ebuild +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit pam autotools -DESCRIPTION="Toolkit for using one-time password authentication with HOTP/TOTP algorithms" -HOMEPAGE="http://www.nongnu.org/oath-toolkit/" -SRC_URI="http://download.savannah.gnu.org/releases/${PN}/${P}.tar.gz" - -LICENSE="GPL-3 LGPL-2.1" -SLOT="0" -KEYWORDS="amd64 arm arm64 ~loong ppc64 ~riscv x86" -IUSE="pam pskc static-libs test" -RESTRICT="!test? ( test )" - -RDEPEND=" - dev-libs/icu:= - pam? ( sys-libs/pam ) - pskc? ( dev-libs/xmlsec )" -DEPEND="${RDEPEND} - test? ( dev-libs/libxml2 ) - dev-util/gtk-doc-am" - -PATCHES=( - "${FILESDIR}"/${P}-gcc7.patch - "${FILESDIR}"/${P}-glibc228.patch -) - -src_prepare() { - default - - # Below files are verbatim copy. Effectively apply ${P}-gcc7.patch - # to all of them. - local s='oathtool/gl/intprops.h' d - for d in {liboath/gl/tests,libpskc/gl,pskctool/gl}/intprops.h; do - echo "Copy '${s}' to '${d}'" - cp "${s}" "${d}" || die - done - - # These tests need git/cvs and don't reflect anything in the final app - sed -i -r \ - -e '/TESTS/s,test-vc-list-files-(git|cvs).sh,,g' \ - gl/tests/Makefile.am - # disable portability warnings, caused by gtk-doc.make - sed -i \ - -e '/AM_INIT_AUTOMAKE/ s:-Wall:\0 -Wno-portability:' \ - {liboath,libpskc}/configure.ac - eautoreconf -} - -src_configure() { - econf \ - $(use_enable test xmltest ) \ - $(use_enable pam) \ - $(use_with pam pam-dir $(getpam_mod_dir)) \ - $(use_enable pskc) \ - $(use_enable static-libs static) -} - -src_test() { - # without keep-going, it will bail out after the first testsuite failure, - # skipping the other testsuites. as they are mostly independant, this sucks. - emake --keep-going check - [ $? -ne 0 ] && die "At least one testsuite failed" -} - -src_install() { - default - find "${ED}" -name '*.la' -type f -delete || die - if use pam; then - newdoc pam_oath/README README.pam - fi - if use pskc; then - doman pskctool/pskctool.1 - fi -} diff --git a/sys-auth/oath-toolkit/oath-toolkit-2.6.7-r2.ebuild b/sys-auth/oath-toolkit/oath-toolkit-2.6.7-r2.ebuild new file mode 100644 index 000000000000..58b88b4c38a6 --- /dev/null +++ b/sys-auth/oath-toolkit/oath-toolkit-2.6.7-r2.ebuild @@ -0,0 +1,69 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit pam + +DESCRIPTION="Toolkit for using one-time password authentication with HOTP/TOTP algorithms" +HOMEPAGE="https://www.nongnu.org/oath-toolkit/" +SRC_URI="mirror://nongnu/${PN}/${P}.tar.gz" + +LICENSE="GPL-3 LGPL-2.1" +SLOT="0" +KEYWORDS="amd64 arm arm64 ~loong ppc64 ~riscv x86" +IUSE="pam static-libs test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/icu:= + dev-libs/libxml2 + <dev-libs/xmlsec-1.3.0:= + pam? ( sys-libs/pam ) +" +RDEPEND="${DEPEND}" +BDEPEND=" + dev-build/gtk-doc-am + test? ( dev-libs/libxml2 ) +" + +PATCHES=( + "${FILESDIR}"/${P}-new-xmlsec-tests.patch +) + +QA_CONFIG_IMPL_DECL_SKIP=( + MIN # glibc fp +) + +src_configure() { + local myeconfargs=( + --enable-pskc + $(use_enable test xmltest) + $(use_enable pam) + $(use_with pam pam-dir $(getpam_mod_dir)) + $(use_enable static-libs static) + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + # Without keep-going, it will bail out after the first testsuite failure, + # skipping the other testsuites. as they are mostly independent, this sucks. + emake --keep-going check + + # Avoid errant QA notice for no tests run on these + rm -f libpskc/gtk-doc/test-suite.log liboath/gtk-doc/test-suite.log || die +} + +src_install() { + default + + find "${ED}" -name '*.la' -type f -delete || die + + if use pam; then + newdoc pam_oath/README README.pam + fi + + doman pskctool/pskctool.1 +} diff --git a/sys-auth/oath-toolkit/oath-toolkit-2.6.9.ebuild b/sys-auth/oath-toolkit/oath-toolkit-2.6.9.ebuild new file mode 100644 index 000000000000..d7c6b3404ba0 --- /dev/null +++ b/sys-auth/oath-toolkit/oath-toolkit-2.6.9.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit pam + +DESCRIPTION="Toolkit for using one-time password authentication with HOTP/TOTP algorithms" +HOMEPAGE="https://www.nongnu.org/oath-toolkit/" +SRC_URI="mirror://nongnu/${PN}/${P}.tar.gz" + +LICENSE="GPL-3 LGPL-2.1" +SLOT="0" +KEYWORDS="amd64 ~arm arm64 ~loong ppc64 ~riscv x86" +IUSE="pam static-libs test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/icu:= + dev-libs/libxml2 + dev-libs/xmlsec:= + pam? ( sys-libs/pam ) +" +RDEPEND="${DEPEND}" +BDEPEND=" + dev-build/gtk-doc-am + test? ( dev-libs/libxml2 ) +" + +QA_CONFIG_IMPL_DECL_SKIP=( + MIN # glibc fp +) + +PATCHES=( + "${FILESDIR}"/${P}-Fix-build-failure-noticed-on-ArchLinux-xmlsec.patch +) + +src_configure() { + local myeconfargs=( + --cache-file="${S}"/config.cache + --enable-pskc + $(use_enable test xmltest) + $(use_enable pam) + $(use_with pam pam-dir $(getpam_mod_dir)) + $(use_enable static-libs static) + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + # Without keep-going, it will bail out after the first testsuite failure, + # skipping the other testsuites. as they are mostly independent, this sucks. + emake --keep-going check + + # Avoid errant QA notice for no tests run on these + rm -f libpskc/gtk-doc/test-suite.log liboath/gtk-doc/test-suite.log || die +} + +src_install() { + default + + find "${ED}" -name '*.la' -type f -delete || die + + if use pam; then + newdoc pam_oath/README README.pam + fi + + doman pskctool/pskctool.1 +} diff --git a/sys-auth/pam_krb5/pam_krb5-4.11.ebuild b/sys-auth/pam_krb5/pam_krb5-4.11.ebuild index 977e0db5d8d9..cdaa837b4677 100644 --- a/sys-auth/pam_krb5/pam_krb5-4.11.ebuild +++ b/sys-auth/pam_krb5/pam_krb5-4.11.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -9,8 +9,8 @@ SRC_URI="https://archives.eyrie.org/software/kerberos/${P/_/-}.tar.xz" LICENSE="|| ( BSD-2 GPL-2 )" SLOT="0" -KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~ppc ppc64 ~riscv ~s390 sparc x86" -IUSE="" +KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~mips ~ppc ppc64 ~riscv ~s390 sparc x86" + # tests fail without a /etc/krb5.conf RESTRICT="test" diff --git a/sys-auth/pam_mktemp/metadata.xml b/sys-auth/pam_mktemp/metadata.xml index 4f7d72b1b44b..b8ee607692f8 100644 --- a/sys-auth/pam_mktemp/metadata.xml +++ b/sys-auth/pam_mktemp/metadata.xml @@ -1,10 +1,13 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> -<maintainer type="person"> -<email>swegener@gentoo.org</email> -</maintainer> -<use> -<flag name="prevent-removal">If supported, set EXT2_APPEND_FL on /tmp/.private to prevent temporary directories from being removed</flag> -</use> + <maintainer type="person"> + <email>swegener@gentoo.org</email> + </maintainer> + <use> + <flag name="prevent-removal">If supported, set EXT2_APPEND_FL on /tmp/.private to prevent temporary directories from being removed</flag> + </use> + <upstream> + <remote-id type="github">openwall/pam_mktemp</remote-id> + </upstream> </pkgmetadata> diff --git a/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild b/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild index a7f27816a591..8443daa54537 100644 --- a/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild +++ b/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild @@ -1,13 +1,13 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 inherit toolchain-funcs pam DESCRIPTION="Create per-user private temporary directories during login" -HOMEPAGE="http://www.openwall.com/pam/" -SRC_URI="http://www.openwall.com/pam/modules/${PN}/${P}.tar.gz" +HOMEPAGE="https://www.openwall.com/pam/" +SRC_URI="https://www.openwall.com/pam/modules/${PN}/${P}.tar.gz" LICENSE="BSD-2" # LICENSE file says "heavily cut-down 'BSD license'" SLOT="0" diff --git a/sys-auth/pam_mount/Manifest b/sys-auth/pam_mount/Manifest index caf8020cba63..2de87dd002bc 100644 --- a/sys-auth/pam_mount/Manifest +++ b/sys-auth/pam_mount/Manifest @@ -1 +1,2 @@ DIST pam_mount-2.18.tar.xz 324524 BLAKE2B a3f29de8c0a348c98d3e73ac3568595083036fa704b5c34ed17c3660fcc8ff5f64195ad4158af6e351f79865a9128dbb773c7d18bbb07bdff1010e555803cfce SHA512 7f1e373fd7876eddd9226163602ba484ed8a7e1ce92ba6140c1f7603cb205190cb11ad75be41b54d2a6cd21602320d41a65714bfd0af8b5247850a3ef0fe3b22 +DIST pam_mount-2.20.tar.xz 325328 BLAKE2B 2b8a419c8b8604a6546ee5ac2b554d3c90ad04dd58c54bf8904d7e0354a2aafe1ae97a817e67143a24fd8ed40e62008baff94723ced8c4ad2d977e14c3e762ad SHA512 8661dc5ec134c256825df28e53751d1e0e1e881008c3687a56009f4046b3d17c5b9ddd1b1971dff4e023e5d74e5059f486b08a6cab2861a4bee5ba57fbae3454 diff --git a/sys-auth/pam_mount/metadata.xml b/sys-auth/pam_mount/metadata.xml index 2c4bc1428e94..dd341fea2aca 100644 --- a/sys-auth/pam_mount/metadata.xml +++ b/sys-auth/pam_mount/metadata.xml @@ -5,6 +5,6 @@ <email>hanno@gentoo.org</email> </maintainer> <upstream> - <remote-id type="sourceforge">pam-mount</remote-id> + <remote-id type="codeberg">jengelh/pam_mount</remote-id> </upstream> </pkgmetadata> diff --git a/sys-auth/pam_mount/pam_mount-2.20.ebuild b/sys-auth/pam_mount/pam_mount-2.20.ebuild new file mode 100644 index 000000000000..9c0644d8165a --- /dev/null +++ b/sys-auth/pam_mount/pam_mount-2.20.ebuild @@ -0,0 +1,46 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="A PAM module that can mount volumes for a user session" +HOMEPAGE="https://inai.de/projects/pam_mount/" +SRC_URI="https://inai.de/files/pam_mount/${P}.tar.xz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="amd64 ppc x86" + +IUSE="crypt ssl selinux" + +DEPEND=" + >=sys-libs/pam-0.99 + >=sys-libs/libhx-3.12.1:= + >=sys-apps/util-linux-2.20:= + >=dev-libs/libxml2-2.6:= + dev-libs/libpcre2 + crypt? ( >=sys-fs/cryptsetup-1.1.0:= ) + ssl? ( dev-libs/openssl:0= ) + selinux? ( sys-libs/libselinux )" +RDEPEND="${DEPEND}" +BDEPEND="virtual/pkgconfig" + +src_configure() { + econf --with-slibdir="/$(get_libdir)" \ + $(use_with crypt cryptsetup) \ + $(use_with ssl crypto) \ + $(use_with selinux) +} + +src_install() { + default + use selinux || rm -r "${D}"/etc/selinux + dodoc doc/*.txt + + # Remove unused nonstandard run-dir, current version uses + # FHS-compatible /run, but has leftover mkdir from old version + # Upstream report: https://codeberg.org/jengelh/pam_mount/pulls/9 + rm -r "${D}/var/lib" + + find "${ED}" -name '*.la' -delete || die +} diff --git a/sys-auth/pam_p11/files/pam_p11-0.3.1-libressl.patch b/sys-auth/pam_p11/files/pam_p11-0.3.1-libressl.patch new file mode 100644 index 000000000000..e085e06e9006 --- /dev/null +++ b/sys-auth/pam_p11/files/pam_p11-0.3.1-libressl.patch @@ -0,0 +1,28 @@ +https://bugs.gentoo.org/903001 +https://github.com/OpenSC/pam_p11/pull/26 +https://github.com/OpenSC/pam_p11/commit/cb2f0c318c94e30addfce3b432ed91496a43e411 + +From b307045a93d042ac9e3871e35f8495e8bb201574 Mon Sep 17 00:00:00 2001 +From: orbea <orbea@riseup.net> +Date: Tue, 11 Apr 2023 07:29:12 -0700 +Subject: [PATCH] match_openssh: Fix the build for LibreSSL >= 3.0.0 + +Newer LibreSSL versions no longer need the older OpenSSL APIs. +--- + src/match_openssh.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/match_openssh.c b/src/match_openssh.c +index 89cbd73..fb59308 100644 +--- a/src/match_openssh.c ++++ b/src/match_openssh.c +@@ -22,7 +22,8 @@ + + #define OPENSSH_LINE_MAX 16384 /* from openssh SSH_MAX_PUBKEY_BYTES */ + +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3000000L) + void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) + { diff --git a/sys-auth/pam_p11/pam_p11-0.3.1.ebuild b/sys-auth/pam_p11/pam_p11-0.3.1.ebuild index 0322e3038be0..4b50c70d2edc 100644 --- a/sys-auth/pam_p11/pam_p11-0.3.1.ebuild +++ b/sys-auth/pam_p11/pam_p11-0.3.1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -20,6 +20,10 @@ RDEPEND="sys-libs/pam DEPEND="${RDEPEND}" BDEPEND="virtual/pkgconfig" +PATCHES=( + "${FILESDIR}/${P}-libressl.patch" #903001 +) + src_configure() { # Ugly way to work around deprecated declarations in openssl-3 append-cflags -Wno-error=deprecated-declarations diff --git a/sys-auth/pam_require/pam_require-0.7-r1.ebuild b/sys-auth/pam_require/pam_require-0.7-r2.ebuild index 748b7bd53af2..e1e4c24808db 100644 --- a/sys-auth/pam_require/pam_require-0.7-r1.ebuild +++ b/sys-auth/pam_require/pam_require-0.7-r2.ebuild @@ -1,23 +1,29 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -inherit pam +inherit autotools pam DESCRIPTION="Allows you to require a special group or user to access a service" HOMEPAGE="https://www.splitbrain.org/projects/pam_require" SRC_URI="https://www.splitbrain.org/_media/projects/pamrequire/${P}.tgz" + LICENSE="GPL-2+" SLOT="0" -KEYWORDS="~amd64 ~ia64 ~ppc ~x86" -IUSE="" +KEYWORDS="amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~riscv ~x86" DEPEND="sys-libs/pam" RDEPEND="${DEPEND}" S=${WORKDIR}/${P/_/-} +src_prepare() { + default + mv "${S}"/configure.in "${S}"/configure.ac || die "mv configure.in to configure.ac" + eautoreconf +} + src_install() { dopammod pam_require.so diff --git a/sys-auth/pam_skey/Manifest b/sys-auth/pam_skey/Manifest index 8f54c46b6341..109658b83c06 100644 --- a/sys-auth/pam_skey/Manifest +++ b/sys-auth/pam_skey/Manifest @@ -1,3 +1,2 @@ -DIST pam_skey-1.1.5-patches-7.tar.xz 9408 BLAKE2B d87da6c4606431618a1a4d75981809cbd91a8e5e3d1f9eae6fbb222e146d451f7c099f9b437829304b647a20c6200797732e9d01451cc4911abba7843151e36c SHA512 8bb39c2d173468c38b4d2bdac186d3f27e868c2be9dc6feffba957d4d33bc8e597c48e4638e5de09829000961fbf8b72f0ba577f232bebdfaa4c2961ede58838 DIST pam_skey-1.1.5-patches-8.tar.xz 9500 BLAKE2B 7fafa0e5c63da6a66e96266768d522cb35eeb439c45b0cf449ce6897804ca8086826a450e24e6c4eb0478b5a00f0eba02097ecd6c6e911de9c33ccb7beed20de SHA512 2d0745148496137be4ed5b03fd4dcaebb65efd24c21b2d969341d10381b8f32f0731b2880b9516de46570c1133e5573fa1a08129fe539aed7fd535d10a31b34d DIST pam_skey-1.1.5.tar.gz 76963 BLAKE2B ded4a4e43b174338cd1beefce65314cc906db928593dd5eba2ba1be9cab33844d8fd38cb7d3b952a29da632b671c468e0dfe7f0f1e0d167397320cd9ca6d35e1 SHA512 12817cedf15a3b2287982e4beab5d3b388239cc0a1e141e66e41759ddb2da7fb9dd0df12202dcc8140db0868c8df1a8d19d5859224179e2419ffefd691cb9834 diff --git a/sys-auth/pam_skey/pam_skey-1.1.5-r6.ebuild b/sys-auth/pam_skey/pam_skey-1.1.5-r6.ebuild deleted file mode 100644 index 47f2f49f97fe..000000000000 --- a/sys-auth/pam_skey/pam_skey-1.1.5-r6.ebuild +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit pam autotools multilib readme.gentoo-r1 - -DESCRIPTION="PAM interface for the S/Key authentication system" -HOMEPAGE="http://freshmeat.net/projects/pam_skey/" -SRC_URI="http://dkorunic.net/tarballs/${P}.tar.gz - https://dev.gentoo.org/~ulm/distfiles/${P}-patches-7.tar.xz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="amd64 x86" - -RDEPEND="net-libs/libnsl:0= - >=sys-libs/pam-0.78-r3 - >=sys-auth/skey-1.1.5-r4" -DEPEND="${RDEPEND}" - -PATCHES=("${WORKDIR}/patch") -DOCS="README INSTALL" - -src_prepare() { - default - - cd autoconf || die - mv configure.{in,ac} || die - eautoconf - eautoheader - mv configure defs.h.in .. || die -} - -src_configure() { - econf --libdir="/$(get_libdir)" CFLAGS="${CFLAGS} -fPIC" -} - -src_install() { - default - - DOC_CONTENTS="To use the pam_skey module, you need to configure PAM - by adding a line like: - \n\nauth [success=done ignore=ignore auth_err=die default=bad] pam_skey.so\n - \nto an appropriate place in the /etc/pam.d/system-login file. - Consult the README and INSTALL files in /usr/share/doc/${PF} - for detailed instructions. - \n\nPlease note that calling this module from unprivileged - applications, e.g. screensavers, is not supported. - \n\nError checking has become stricter in pam_skey-1.1.5-r4; - errors returned from the underlying skey library when accessing - the S/Key data base will no longer be ignored. - Make sure that your PAM configuration is correct." - readme.gentoo_create_doc -} - -pkg_postinst() { - readme.gentoo_print_elog -} diff --git a/sys-auth/pam_skey/pam_skey-1.1.5-r7.ebuild b/sys-auth/pam_skey/pam_skey-1.1.5-r7.ebuild index 0a9ace209128..84de2e577cb1 100644 --- a/sys-auth/pam_skey/pam_skey-1.1.5-r7.ebuild +++ b/sys-auth/pam_skey/pam_skey-1.1.5-r7.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -12,7 +12,7 @@ SRC_URI="https://dkorunic.net/tarballs/${P}.tar.gz LICENSE="GPL-2+" SLOT="0" -KEYWORDS="~amd64 ~x86" +KEYWORDS="amd64 x86" RDEPEND=">=sys-libs/pam-0.78-r3 >=sys-auth/skey-1.1.5-r4" diff --git a/sys-auth/pam_smb/pam_smb-2.0.0_rc6-r3.ebuild b/sys-auth/pam_smb/pam_smb-2.0.0_rc6-r3.ebuild index e62a1829a687..2b61b73610f9 100644 --- a/sys-auth/pam_smb/pam_smb-2.0.0_rc6-r3.ebuild +++ b/sys-auth/pam_smb/pam_smb-2.0.0_rc6-r3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -10,7 +10,7 @@ MY_P=${P/_rc/-rc} DESCRIPTION="PAM module for authenticating against an SMB (such as the Win_x families) server" HOMEPAGE="http://www.csn.ul.ie/~airlied/pam_smb/" SRC_URI=" - mirror://samba/pam_smb/v2/${MY_P}.tar.gz + https://download.samba.org/pub/samba/pam_smb/v2/${MY_P}.tar.gz http://www.csn.ul.ie/~airlied/pam_smb/v2/${MY_P}.tar.gz" S="${WORKDIR}"/${MY_P} diff --git a/sys-auth/pam_ssh/pam_ssh-2.3.ebuild b/sys-auth/pam_ssh/pam_ssh-2.3-r1.ebuild index 8279f8738cc1..112b2a4121ad 100644 --- a/sys-auth/pam_ssh/pam_ssh-2.3.ebuild +++ b/sys-auth/pam_ssh/pam_ssh-2.3-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -11,14 +11,14 @@ SRC_URI="mirror://sourceforge/pam-ssh/${P}.tar.xz" LICENSE="BSD-2 BSD ISC" SLOT="0" -KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux" # Only supports OpenSSH via `ssh-agent` #282993 DEPEND="sys-libs/pam dev-libs/openssl:0=" RDEPEND="${DEPEND} - net-misc/openssh" + virtual/openssh" PATCHES=( # 503424#c5 diff --git a/sys-auth/pam_u2f/Manifest b/sys-auth/pam_u2f/Manifest index f7175d560ae8..b2eb93b2a24d 100644 --- a/sys-auth/pam_u2f/Manifest +++ b/sys-auth/pam_u2f/Manifest @@ -1,2 +1,2 @@ DIST pam_u2f-1.1.1.tar.gz 429822 BLAKE2B 8ed44f82295ea24fe30c5830971afd29a23b48e173c3cb69d3dcaf73b142de36f86087eaee69b1793a8846fdb2efc5530d52fa9f40e4357e6cd2ea9960b9bb39 SHA512 ca81c78e67c17c369117e9d38e50033eaa96e0b15673521db2c382de1aa2566f7406fb43801a5938758480966c5e7316943769db5be826983d3865710e0274c1 -DIST pam_u2f-1.2.0.tar.gz 442214 BLAKE2B 17dadcb4325a130da67caf2fbf9bb2bf5d76706b28540ddda6ab8904ec5924d14fc752b7e079940989a8208d27fe0e5d46ea4365426debd5076588c51f46a60a SHA512 a00135e49b22dad5ec2513236a64dca67f04062fd8fa4c8d5ac7cb05d93b4d743ceb8ac5ee99a19667bdbfe8c0be9de904fb50110bed0b55ba8d5fd2aa5fcf28 +DIST pam_u2f-1.3.0.tar.gz 456281 BLAKE2B 602ce0fd00105f7fbdea1805a5efde1302149d9f7977f3c52d576d7f4b9a1a95678b1463f19107b494e62c3722e319e05e0ec54f5839f70b855b59eecdf92112 SHA512 03c09601f1988dd7f6b0cb4eeb6e9f2368de50df2cb8e2b4269e16c8111b08b2d115e6fad7bbca3482e9577ccf2885ab3fef652d9fb99db7890ba93ce6c0fd4d diff --git a/sys-auth/pam_u2f/pam_u2f-1.2.0.ebuild b/sys-auth/pam_u2f/pam_u2f-1.3.0.ebuild index f4da30cdbd27..c63693e01365 100644 --- a/sys-auth/pam_u2f/pam_u2f-1.2.0.ebuild +++ b/sys-auth/pam_u2f/pam_u2f-1.3.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 diff --git a/sys-auth/pambase/Manifest b/sys-auth/pambase/Manifest index 4f8623bc342c..14a31170155a 100644 --- a/sys-auth/pambase/Manifest +++ b/sys-auth/pambase/Manifest @@ -1 +1,2 @@ DIST pambase-20220214.tar.gz 3372 BLAKE2B fc560005c48598d972cf68bfbd33784be7d7e5a12f5ebcd06e708241a169b1bcf7cb7dcd7109f44c2d9802ae0b294eaeb61782640f0b0cb9767f2ecf8c053c7f SHA512 57d037944cf6d9db69d5eb8ce32b087ac4781fae13c1daba1e248a1818dfcbbf2cb66fce79cad7808f2b0f89d3f3dd05455a1c8f3c976561769b056dc8bf7323 +DIST pambase-20240128.tar.bz2 5131 BLAKE2B 0950fff720f3a9d761a82303eaa7b997bfac635111b6cae772f7d9de2846147dbb4224326e5dba1868cb54a8a76076c2efed6615c861bbfa78256aba4f475da2 SHA512 6b4ad390c46f33947436892a5f19111a1c9f4ded406ae8ffe76539c94d541611b74ba697d76522b46da41f53aae45eb67c274fc0d6caec94d40c1691487624e6 diff --git a/sys-auth/pambase/metadata.xml b/sys-auth/pambase/metadata.xml index 72386b394c26..526e8b5c341a 100644 --- a/sys-auth/pambase/metadata.xml +++ b/sys-auth/pambase/metadata.xml @@ -39,7 +39,7 @@ </flag> <flag name="pwquality"> Enable pam_pwquality module on system auth stack for passwd - quality validation. It is used be dafault by Fedora GNU/*/Linux. + quality validation. It is used by default by Fedora GNU/*/Linux. </flag> <flag name="mktemp"> Enable pam_mktemp module on system auth stack for session @@ -67,13 +67,17 @@ will not be compatible with systems using an earlier glibc version. </flag> + <flag name="sssd"> + Add System Security Services Daemon (<pkg>sys-auth/sssd</pkg>) support + via pam_sss. + </flag> <flag name="yescrypt"> Switch Linux-PAM's pam_unix module to use yescrypt for passwords hashes rather than MD5 </flag> <flag name="pam_krb5"> Enable pam_krb5 module on system auth stack, as an alternative - to pam_unix. If Kerberos authentication succeed, only pam_unix - will be ignore, and all the other modules will proceed as usual, + to pam_unix. If Kerberos authentication succeeds, only pam_unix + will be ignorde, and all the other modules will proceed as usual, including Gnome Keyring and other session modules. It requires <pkg>sys-libs/pam</pkg> as PAM implementation. </flag> diff --git a/sys-auth/pambase/pambase-20240128.ebuild b/sys-auth/pambase/pambase-20240128.ebuild new file mode 100644 index 000000000000..c1dce4ea185f --- /dev/null +++ b/sys-auth/pambase/pambase-20240128.ebuild @@ -0,0 +1,118 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) + +inherit pam python-any-r1 readme.gentoo-r1 + +DESCRIPTION="PAM base configuration files" +HOMEPAGE="https://github.com/gentoo/pambase" + +if [[ ${PV} == *9999 ]]; then + inherit git-r3 + EGIT_REPO_URI=" + https://anongit.gentoo.org/git/proj/pambase.git + https://github.com/gentoo/pambase.git + " +else + SRC_URI="https://gitweb.gentoo.org/proj/pambase.git/snapshot/${P}.tar.bz2" + + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +fi + +LICENSE="MIT" +SLOT="0" +IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 sssd systemd yescrypt" + +RESTRICT="binchecks" + +REQUIRED_USE=" + ?? ( elogind systemd ) + ?? ( passwdqc pwquality ) + ?? ( sha512 yescrypt ) + pwhistory? ( || ( passwdqc pwquality ) ) + homed? ( !pam_krb5 ) + pam_krb5? ( !homed ) +" + +MIN_PAM_REQ=1.4.0 + +RDEPEND=" + >=sys-libs/pam-${MIN_PAM_REQ} + elogind? ( sys-auth/elogind[pam] ) + gnome-keyring? ( gnome-base/gnome-keyring[pam] ) + mktemp? ( sys-auth/pam_mktemp ) + pam_krb5? ( + >=sys-libs/pam-${MIN_PAM_REQ} + sys-auth/pam_krb5 + ) + caps? ( sys-libs/libcap[pam] ) + pam_ssh? ( sys-auth/pam_ssh ) + passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 ) + pwquality? ( dev-libs/libpwquality[pam] ) + selinux? ( sys-libs/pam[selinux] ) + sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} ) + homed? ( sys-apps/systemd[homed] ) + systemd? ( sys-apps/systemd[pam] ) + yescrypt? ( sys-libs/libxcrypt[system] ) + sssd? ( sys-auth/sssd ) +" +BDEPEND=" + $(python_gen_any_dep ' + dev-python/jinja[${PYTHON_USEDEP}] + ') +" + +python_check_deps() { + python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" +} + +src_configure() { + ${EPYTHON} ./${PN}.py \ + $(usex caps '--caps' '') \ + $(usex debug '--debug' '') \ + $(usex elogind '--elogind' '') \ + $(usex gnome-keyring '--gnome-keyring' '') \ + $(usex homed '--homed' '') \ + $(usex minimal '--minimal' '') \ + $(usex mktemp '--mktemp' '') \ + $(usex nullok '--nullok' '') \ + $(usex pam_krb5 '--krb5' '') \ + $(usex pam_ssh '--pam-ssh' '') \ + $(usex passwdqc '--passwdqc' '') \ + $(usex pwhistory '--pwhistory' '') \ + $(usex pwquality '--pwquality' '') \ + $(usex securetty '--securetty' '') \ + $(usex selinux '--selinux' '') \ + $(usex sha512 '--sha512' '') \ + $(usex systemd '--systemd' '') \ + $(usex yescrypt '--yescrypt' '') \ + $(usex sssd '--sssd' '') \ + || die +} + +src_test() { :; } + +src_install() { + local DOC_CONTENTS + + if use passwdqc; then + DOC_CONTENTS="To amend the existing password policy please see the man 5 passwdqc.conf + page and then edit the /etc/security/passwdqc.conf file" + fi + + if use pwquality; then + DOC_CONTENTS="To amend the existing password policy please see the man 5 pwquality.conf + page and then edit the /etc/security/pwquality.conf file" + fi + + { use passwdqc || use pwquality; } && readme.gentoo_create_doc + + dopamd -r stack/. +} + +pkg_postinst() { + { use passwdqc || use pwquality; } && readme.gentoo_print_elog +} diff --git a/sys-auth/pambase/pambase-999999999.ebuild b/sys-auth/pambase/pambase-999999999.ebuild index f1a0a423fa7e..cad46258f14c 100644 --- a/sys-auth/pambase/pambase-999999999.ebuild +++ b/sys-auth/pambase/pambase-999999999.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -PYTHON_COMPAT=( python3_{9..11} ) +PYTHON_COMPAT=( python3_{10..12} ) inherit pam python-any-r1 readme.gentoo-r1 @@ -12,16 +12,19 @@ HOMEPAGE="https://github.com/gentoo/pambase" if [[ ${PV} == *9999 ]]; then inherit git-r3 - EGIT_REPO_URI="https://github.com/gentoo/pambase.git" + EGIT_REPO_URI=" + https://anongit.gentoo.org/git/proj/pambase.git + https://github.com/gentoo/pambase.git + " else - SRC_URI="https://github.com/gentoo/pambase/archive/${P}.tar.gz" - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" - S="${WORKDIR}/${PN}-${P}" + SRC_URI="https://gitweb.gentoo.org/proj/pambase.git/snapshot/${P}.tar.bz2" + + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" fi LICENSE="MIT" SLOT="0" -IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 systemd yescrypt" +IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 sssd systemd yescrypt" RESTRICT="binchecks" @@ -54,11 +57,13 @@ RDEPEND=" homed? ( sys-apps/systemd[homed] ) systemd? ( sys-apps/systemd[pam] ) yescrypt? ( sys-libs/libxcrypt[system] ) + sssd? ( sys-auth/sssd ) " - -BDEPEND="$(python_gen_any_dep ' +BDEPEND=" + $(python_gen_any_dep ' dev-python/jinja[${PYTHON_USEDEP}] - ')" + ') +" python_check_deps() { python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" @@ -84,6 +89,7 @@ src_configure() { $(usex sha512 '--sha512' '') \ $(usex systemd '--systemd' '') \ $(usex yescrypt '--yescrypt' '') \ + $(usex sssd '--sssd' '') \ || die } diff --git a/sys-auth/passwdqc/Manifest b/sys-auth/passwdqc/Manifest index 30e6dfcd0b53..f42837f74669 100644 --- a/sys-auth/passwdqc/Manifest +++ b/sys-auth/passwdqc/Manifest @@ -1,2 +1 @@ -DIST passwdqc-1.4.0.tar.gz 55219 BLAKE2B 3f96a2d219ee23f11db2ad8ba433eaa56b97a263ad1a49159e0356b779cb4486ec9aa74cd7002fdd6d273e5a7bae4fe1b94e02f60256d331e5afc30d63e81360 SHA512 b9be6632688a1d7d929ec546679a366a67d44e7841e106c7f739a8e0656842866125160c87b04c8e0b3189a3e85eb182aa789196f68925b2f8ec71cd6a479800 -DIST passwdqc-2.0.2.tar.gz 88796 BLAKE2B 4be0180dbee38d124cc5fd3780fcc27b276bd9370c59c83a9c037b67f18518873bd34d23f779125ac0b5e8bb1f40a5e8e24dc65bfe5919f735f96d4f625cebdb SHA512 60f91ad7c86314b0d9ad97a2474a1a5bbb8b41491b274e09f7300d8a609cfffb0688bf39d4e715f647f3c87bfee429cb5e01f1a641a14eea3f55b223610ed8ec +DIST passwdqc-2.0.3.tar.gz 89608 BLAKE2B d4d999f1da011041e947fcf40b28977c825e7be2a9edfe641205f433862607e958d74b6e11ef5222e9791985a55dc3117c71d47b9516c521bb64ff4cddee77d5 SHA512 08a1ee0e7efe0be8af8b253147836c479247a849baf598a1ad573a050ef4b8700fdb725fd887877f82f9207f3654f489f71267cc4051ce8ebf2405125b77b6b9 diff --git a/sys-auth/passwdqc/passwdqc-1.4.0-r2.ebuild b/sys-auth/passwdqc/passwdqc-1.4.0-r2.ebuild deleted file mode 100644 index 90ea5b5ec52c..000000000000 --- a/sys-auth/passwdqc/passwdqc-1.4.0-r2.ebuild +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit flag-o-matic pam toolchain-funcs - -DESCRIPTION="Password strength checking library (and PAM module)" -HOMEPAGE="http://www.openwall.com/passwdqc/" -SRC_URI="http://www.openwall.com/${PN}/${P}.tar.gz" - -LICENSE="Openwall BSD public-domain" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux" - -RDEPEND="sys-libs/pam - virtual/libcrypt:=" -DEPEND="${RDEPEND}" - -pkg_setup() { - QA_FLAGS_IGNORED="/$(get_libdir)/security/pam_passwdqc.so - /usr/$(get_libdir)/libpasswdqc.so.0" -} - -src_prepare() { - default - sed -i -e 's:`uname -s`:Linux:' Makefile || die - - # ship our own default settings - cat <<- EOF > "${S}/passwdqc.conf" - min=8,8,8,8,8 - max=40 - passphrase=3 - match=4 - similar=deny - random=47 - enforce=everyone - retry=3 - EOF - -} - -src_configure() { - # ideally we want !tc-ld-is-bfd for best future-proofing, but it needs - # https://github.com/gentoo/gentoo/pull/28355 - # mold needs this too but right now tc-ld-is-mold is also not available - if tc-ld-is-lld; then - append-ldflags -Wl,--undefined-version - fi - - default -} - -_emake() { - emake \ - SHARED_LIBDIR="/usr/$(get_libdir)" \ - SECUREDIR="$(getpam_mod_dir)" \ - CONFDIR="/etc/security" \ - CFLAGS="${CFLAGS} ${CPPFLAGS}" \ - LDFLAGS="${LDFLAGS}" \ - CC="$(tc-getCC)" \ - LD="$(tc-getCC)" \ - "$@" -} - -src_compile() { - _emake all -} - -src_install() { - _emake DESTDIR="${ED}" install_lib install_pam install_utils - dodoc README PLATFORMS INTERNALS -} diff --git a/sys-auth/passwdqc/passwdqc-2.0.2-r1.ebuild b/sys-auth/passwdqc/passwdqc-2.0.3-r1.ebuild index 2710ce4c24dc..b1dbf9048f69 100644 --- a/sys-auth/passwdqc/passwdqc-2.0.2-r1.ebuild +++ b/sys-auth/passwdqc/passwdqc-2.0.3-r1.ebuild @@ -1,9 +1,9 @@ # Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -inherit flag-o-matic pam toolchain-funcs +inherit pam toolchain-funcs DESCRIPTION="Password strength checking library (and PAM module)" HOMEPAGE="http://www.openwall.com/passwdqc/" @@ -13,20 +13,23 @@ LICENSE="Openwall BSD public-domain" SLOT="0" KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux" -RDEPEND="sys-libs/pam - virtual/libcrypt:=" +RDEPEND=" + sys-libs/pam + virtual/libcrypt:= +" DEPEND="${RDEPEND}" -pkg_setup() { - QA_FLAGS_IGNORED="/$(get_libdir)/security/pam_passwdqc.so - /usr/$(get_libdir)/libpasswdqc.so.1" -} +QA_FLAGS_IGNORED=" + lib*/security/pam_passwdqc.so + usr/lib*/libpasswdqc.so.1 +" src_prepare() { default + sed -i -e 's:`uname -s`:Linux:' Makefile || die - # ship our own default settings + # Ship our own default settings cat <<- EOF > "${S}/passwdqc.conf" min=disabled,24,11,8,7 max=72 @@ -34,26 +37,16 @@ src_prepare() { match=4 similar=deny random=47 - enforce=everyone + enforce=none retry=3 EOF } -src_configure() { - # ideally we want !tc-ld-is-bfd for best future-proofing, but it needs - # https://github.com/gentoo/gentoo/pull/28355 - # mold needs this too but right now tc-ld-is-mold is also not available - if tc-ld-is-lld; then - append-ldflags -Wl,--undefined-version - fi - - default -} - _emake() { emake \ SHARED_LIBDIR="/usr/$(get_libdir)" \ + DEVEL_LIBDIR="/usr/$(get_libdir)" \ SECUREDIR="$(getpam_mod_dir)" \ CONFDIR="/etc/security" \ CFLAGS="${CFLAGS} ${CPPFLAGS}" \ diff --git a/sys-auth/polkit-qt/Manifest b/sys-auth/polkit-qt/Manifest index dc394746a2ad..13d9a367b01c 100644 --- a/sys-auth/polkit-qt/Manifest +++ b/sys-auth/polkit-qt/Manifest @@ -1 +1,2 @@ DIST polkit-qt-1-0.114.0.tar.xz 58384 BLAKE2B e788198e386797ba9b4c228a451dde703f83e79c81eacaf805e431a3f60c0832adc3faef4616e3008dfaa816d7dc5a7a80aaf02936ea232373e78e0d008724ca SHA512 4a16d9428d5ccc0107dcbd67c29ecba196424e555dc43d55cf2b6e0e7b72c99f894e9c994eaed85a9536010d67a19f20fe74f792c0d6b9ca0e05ce85f655f9a8 +DIST polkit-qt-1-0.200.0.tar.xz 58216 BLAKE2B 4edd1577178d4b61889f3da3699f36e0b3251c38b111c0c219ad9c9585ff32845034c068a5c382c29baa1d9cd8d723378422dafb4ea8734766da1b8032025826 SHA512 a09214043fa874234086a5de4d27153368dbe775dd6d573dd2531f2f2be79eb22bf73bbfb2a3a839c20c0347762e7af86b73ba38a05b2dcd43e59526e29c008d diff --git a/sys-auth/polkit-qt/polkit-qt-0.114.0-r3.ebuild b/sys-auth/polkit-qt/polkit-qt-0.114.0-r3.ebuild index 464e34718786..500f97b02646 100644 --- a/sys-auth/polkit-qt/polkit-qt-0.114.0-r3.ebuild +++ b/sys-auth/polkit-qt/polkit-qt-0.114.0-r3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -12,7 +12,7 @@ HOMEPAGE="https://api.kde.org/polkit-qt-1/html/" if [[ ${KDE_BUILD_TYPE} = release ]]; then SRC_URI="mirror://kde/stable/${KDE_ORG_NAME}/${KDE_ORG_NAME}-${PV}.tar.xz" - KEYWORDS="amd64 ~arm arm64 ~loong ~ppc ~ppc64 ~riscv x86" + KEYWORDS="amd64 ~arm arm64 ~loong ~ppc ppc64 ~riscv x86" fi LICENSE="LGPL-2" diff --git a/sys-auth/polkit-qt/polkit-qt-0.200.0.ebuild b/sys-auth/polkit-qt/polkit-qt-0.200.0.ebuild new file mode 100644 index 000000000000..ccd0336422ba --- /dev/null +++ b/sys-auth/polkit-qt/polkit-qt-0.200.0.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +KDE_ORG_CATEGORY="libraries" +KDE_ORG_NAME="polkit-qt-1" +inherit cmake kde.org multibuild + +DESCRIPTION="Qt wrapper around polkit-1 client libraries" +HOMEPAGE="https://api.kde.org/polkit-qt-1/html/" + +if [[ ${KDE_BUILD_TYPE} = release ]]; then + SRC_URI="mirror://kde/stable/${KDE_ORG_NAME}/${KDE_ORG_NAME}-${PV}.tar.xz" + KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86" +fi + +LICENSE="LGPL-2" +SLOT="0" +IUSE="+qt5 qt6" +REQUIRED_USE="|| ( qt5 qt6 )" + +RDEPEND=" + dev-libs/glib:2 + >=sys-auth/polkit-0.103 + qt5? ( + dev-qt/qtcore:5 + dev-qt/qtdbus:5 + dev-qt/qtgui:5 + dev-qt/qtwidgets:5 + ) + qt6? ( dev-qt/qtbase:6[dbus,gui,widgets] ) +" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +DOCS=( AUTHORS README README.porting TODO ) + +pkg_setup() { + MULTIBUILD_VARIANTS=( $(usev qt5) $(usev qt6) ) +} + +src_configure() { + myconfigure() { + local mycmakeargs=( + -DBUILD_EXAMPLES=OFF + -DQT_MAJOR_VERSION=${MULTIBUILD_VARIANT/qt/} + ) + cmake_src_configure + } + multibuild_foreach_variant myconfigure +} + +src_compile() { + multibuild_foreach_variant cmake_src_compile +} + +src_install() { + multibuild_foreach_variant cmake_src_install +} diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest index be9a62f75202..6827b9281360 100644 --- a/sys-auth/polkit/Manifest +++ b/sys-auth/polkit/Manifest @@ -1,2 +1,3 @@ -DIST polkit-121.tar.gz 743287 BLAKE2B 6ebda8fc866ef960281ef912a3d3c45572da3ba90a84026e386b78ced8eaadc6cfc0e88d6e5a75133bf99e28041f8b29b236bb0e9666dd1ffc43af2227a5cb2d SHA512 f565027b80f32833c558900b612e089ab25027da5bf9a90c421a292467d4db9a291f6dc9850c4bca8f9ee890d476fd064a643a5f7e28497661ba1e31d4227624 DIST polkit-122.tar.bz2 704972 BLAKE2B 601ed969de816d061a974b07490d64c144940898a75d4e1761462ee1ff0f00686b068298fa6fdc901879d8cd4bea4334c0187aa5bde50acf90728c37e73e21f4 SHA512 a7c0a951bbcdb09899adbc128296c74fc062441e996f4d6a782b214178f0936137e2fdc489eaa86a00599b988711735a5bd9b5c3b93bdb42fb915db9f9b04e26 +DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6 +DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc diff --git a/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch deleted file mode 100644 index 2922b8606648..000000000000 --- a/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch +++ /dev/null @@ -1,231 +0,0 @@ -Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch. - -https://bugs.gentoo.org/833753 -https://bugs.gentoo.org/561672 -https://bugs.freedesktop.org/show_bug.cgi?id=50145 -https://gitlab.freedesktop.org/polkit/polkit/-/issues/14 - -Patch has been rebased a bit since but keeping original headers. - -From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001 -From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> -Date: Wed, 11 Jul 2018 04:54:26 -0500 -Subject: [PATCH] make netgroup support optional - -On at least Linux/musl and Linux/uclibc, netgroup support is not -available. PolKit fails to compile on these systems for that reason. - -This change makes netgroup support conditional on the presence of the -setnetgrent(3) function which is required for the support to work. If -that function is not available on the system, an error will be returned -to the administrator if unix-netgroup: is specified in configuration. - -Fixes bug 50145. - -Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com> ---- a/meson.build -+++ b/meson.build -@@ -89,6 +89,7 @@ config_h.set('_GNU_SOURCE', true) - check_functions = [ - 'clearenv', - 'fdatasync', -+ 'setnetgrent', - ] - - foreach func: check_functions ---- a/src/polkit/polkitidentity.c -+++ b/src/polkit/polkitidentity.c -@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, - } - else if (g_str_has_prefix (str, "unix-netgroup:")) - { -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine ('%s')", -+ str); -+#else - identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); -+#endif - } - - if (identity == NULL && (error != NULL && *error == NULL)) -@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, - GVariant *v; - const char *name; - -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine"); -+ goto out; -+#else -+ - v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); - if (v == NULL) - { -@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, - name = g_variant_get_string (v, NULL); - ret = polkit_unix_netgroup_new (name); - g_variant_unref (v); -+#endif - } - else - { ---- a/src/polkit/polkitunixnetgroup.c -+++ b/src/polkit/polkitunixnetgroup.c -@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, - PolkitIdentity * - polkit_unix_netgroup_new (const gchar *name) - { -+#ifndef HAVE_SETNETGRENT -+ g_assert_not_reached(); -+#endif - g_return_val_if_fail (name != NULL, NULL); - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, - "name", name, ---- a/src/polkitbackend/polkitbackendduktapeauthority.c -+++ b/src/polkitbackend/polkitbackendduktapeauthority.c -@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) - - user = duk_require_string (cx, 0); - netgroup = duk_require_string (cx, 1); -- -+#ifdef HAVE_SETNETGRENT - if (innetgr (netgroup, - NULL, /* host */ - user, -@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) - { - is_in_netgroup = TRUE; - } -- -+#endif - duk_push_boolean (cx, is_in_netgroup); - return 1; - } ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -2248,25 +2248,26 @@ get_users_in_net_group (PolkitIdentity *group, - GList *ret; - - ret = NULL; -+#ifdef HAVE_SETNETGRENT - name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); - --#ifdef HAVE_SETNETGRENT_RETURN -+# ifdef HAVE_SETNETGRENT_RETURN - if (setnetgrent (name) == 0) - { - g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); - goto out; - } --#else -+# else - setnetgrent (name); --#endif -+# endif /* HAVE_SETNETGRENT_RETURN */ - - for (;;) - { --#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) -+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) - const char *hostname, *username, *domainname; --#else -+# else - char *hostname, *username, *domainname; --#endif -+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ - PolkitIdentity *user; - GError *error = NULL; - -@@ -2297,6 +2298,7 @@ get_users_in_net_group (PolkitIdentity *group, - - out: - endnetgrent (); -+#endif /* HAVE_SETNETGRENT */ - return ret; - } - ---- a/src/polkitbackend/polkitbackendjsauthority.cpp -+++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -1271,6 +1271,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - - JS::CallArgs args = JS::CallArgsFromVp (argc, vp); - -+#ifdef HAVE_SETNETGRENT - JS::RootedString usrstr (authority->priv->cx); - usrstr = args[0].toString(); - user = JS_EncodeStringToUTF8 (cx, usrstr); -@@ -1285,6 +1286,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - { - is_in_netgroup = true; - } -+#endif - - ret = true; - ---- a/test/polkit/polkitidentitytest.c -+++ b/test/polkit/polkitidentitytest.c -@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = { - {"unix-group:root", "unix-group:jane", FALSE}, - {"unix-group:jane", "unix-group:jane", TRUE}, - -+#ifdef HAVE_SETNETGRENT - {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, - {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, -+#endif - - {"unix-user:root", "unix-group:root", FALSE}, -+#ifdef HAVE_SETNETGRENT - {"unix-user:jane", "unix-netgroup:foo", FALSE}, -+#endif - - {NULL}, - }; -@@ -181,11 +185,13 @@ main (int argc, char *argv[]) - g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); - g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); - -+#ifdef HAVE_SETNETGRENT - g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); -+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); -+#endif - - g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); - g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); -- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); - - add_comparison_tests (); - ---- a/test/polkit/polkitunixnetgrouptest.c -+++ b/test/polkit/polkitunixnetgrouptest.c -@@ -69,7 +69,9 @@ int - main (int argc, char *argv[]) - { - g_test_init (&argc, &argv, NULL); -+#ifdef HAVE_SETNETGRENT - g_test_add_func ("/PolkitUnixNetgroup/new", test_new); - g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); -+#endif - return g_test_run (); - } ---- a/test/polkitbackend/test-polkitbackendjsauthority.c -+++ b/test/polkitbackend/test-polkitbackendjsauthority.c -@@ -137,12 +137,14 @@ test_get_admin_identities (void) - "unix-group:users" - } - }, -+#ifdef HAVE_SETNETGRENT - { - "net.company.action3", - { - "unix-netgroup:foo" - } - }, -+#endif - }; - guint n; - diff --git a/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch new file mode 100644 index 000000000000..5b3f2c4a3641 --- /dev/null +++ b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch @@ -0,0 +1,36 @@ +https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb + +From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao <xry111@xry111.site> +Date: Sat, 29 Jul 2023 17:44:58 +0800 +Subject: [PATCH] jsauthority: mozjs: Disable JIT + +The JIT compiling of mozjs needs W/X mapping, but our systemd hardening +setting does not allow it. + +For polkit, security is much more important than the speed running +Javascript code in rule files, so we should disable JIT. + +Fixes #199. +--- a/src/polkitbackend/polkitbackendjsauthority.cpp ++++ b/src/polkitbackend/polkitbackendjsauthority.cpp +@@ -56,7 +56,16 @@ + static class JsInitHelperType + { + public: +- JsInitHelperType() { JS_Init(); } ++ JsInitHelperType() ++ { ++ /* Disable JIT because it needs W/X mapping, which is not allowed by ++ * our systemd hardening setting. ++ */ ++ JS::DisableJitBackend(); ++ ++ JS_Init(); ++ } ++ + ~JsInitHelperType() { JS_ShutDown(); } + } JsInitHelper; + +-- +GitLab diff --git a/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch new file mode 100644 index 000000000000..f19560943c43 --- /dev/null +++ b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch @@ -0,0 +1,35 @@ +https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d + +From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001 +From: Vincent Mihalkovic <vmihalko@redhat.com> +Date: Wed, 16 Aug 2023 08:59:55 +0000 +Subject: [PATCH] pkexec: fix uninitialized pointer warning + +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -53,6 +53,7 @@ + static gchar *original_user_name = NULL; + static gchar *original_cwd; + static gchar *command_line = NULL; ++static gchar *cmdline_short = NULL; + static struct passwd *pw; + + #ifndef HAVE_CLEARENV +@@ -508,6 +509,7 @@ main (int argc, char *argv[]) + path = NULL; + exec_argv = NULL; + command_line = NULL; ++ cmdline_short = NULL; + opt_user = NULL; + local_agent_handle = NULL; + +@@ -802,7 +804,6 @@ main (int argc, char *argv[]) + polkit_details_insert (details, "program", path); + polkit_details_insert (details, "command_line", command_line); + +- gchar *cmdline_short = NULL; + cmdline_short = g_strdup(command_line); + if (strlen(command_line) > 80) + g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ), +-- +GitLab diff --git a/sys-auth/polkit/files/polkit-124-systemd-fixup.patch b/sys-auth/polkit/files/polkit-124-systemd-fixup.patch new file mode 100644 index 000000000000..a4dd7eafcf92 --- /dev/null +++ b/sys-auth/polkit/files/polkit-124-systemd-fixup.patch @@ -0,0 +1,28 @@ +https://bugs.gentoo.org/922458 +https://github.com/polkit-org/polkit/pull/417/files#r1458416421 +--- a/meson.build ++++ b/meson.build +@@ -212,14 +212,17 @@ if enable_logind + config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep)) + + # systemd unit / service files +- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + systemd_systemdsystemunitdir = get_option('systemdsystemunitdir') +- if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login' +- # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used +- systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') +- endif ++ if session_tracking == 'libsystemd-login' ++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + +- systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d') ++ if systemd_systemdsystemunitdir == '' ++ # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used ++ systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') ++ endif ++ ++ systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d') ++ endif + endif + config_h.set('HAVE_LIBSYSTEMD', enable_logind) + diff --git a/sys-auth/polkit/files/polkit-124-systemd.patch b/sys-auth/polkit/files/polkit-124-systemd.patch new file mode 100644 index 000000000000..e9b10e99e5da --- /dev/null +++ b/sys-auth/polkit/files/polkit-124-systemd.patch @@ -0,0 +1,50 @@ +https://github.com/polkit-org/polkit/pull/417 + +From 69d6b94d590b4dd1fbbac22b4f4d449f46ef61aa Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <bluca@debian.org> +Date: Thu, 18 Jan 2024 15:07:32 +0000 +Subject: [PATCH] meson: fix build failure when -Dsystemdsystemunitdir is + specified + +When 'systemdsystemunitdir' is specified as an option the systemd_dep +variable is not defined, but the sysusers.d directory lookup uses it, +causing a build failure: + +dh_auto_configure -- \ + -Dexamples=false \ + -Dintrospection=true \ + -Dman=true \ + -Dsystemdsystemunitdir=/usr/lib/systemd/system \ + -Dtests=true \ + -Dgtk_doc=true -Dsession_tracking=libsystemd-login + cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 -Dexamples=false -Dintrospection=true -Dman=true -Dsystemdsystemunitdir=/usr/lib/systemd/system -Dtests=true -Dgtk_doc=true -Dsession_tracking=libsystemd-login +The Meson build system +Version: 1.3.1 +Source dir: /builds/bluca/polkit/debian/output/source_dir +Build dir: /builds/bluca/polkit/debian/output/source_dir/obj-x86_64-linux-gnu +Build type: native build +Project name: polkit +Project version: 124 + +<...> + +Run-time dependency libsystemd found: YES 255 +Checking for function "sd_uid_get_display" with dependency libsystemd: YES +Checking for function "sd_pidfd_get_session" with dependency libsystemd: YES +../meson.build:222:37: ERROR: Unknown variable "systemd_dep". + +Follow-up for 24f1e0af3f7bd17e220cb96201f3c654e737ad34 +--- a/meson.build ++++ b/meson.build +@@ -212,9 +212,9 @@ if enable_logind + config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep)) + + # systemd unit / service files ++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + systemd_systemdsystemunitdir = get_option('systemdsystemunitdir') + if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login' +- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used + systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') + endif + diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml index e4fe842bbae0..420dae0ebcd2 100644 --- a/sys-auth/polkit/metadata.xml +++ b/sys-auth/polkit/metadata.xml @@ -5,11 +5,11 @@ <email>freedesktop-bugs@gentoo.org</email> </maintainer> <use> - <flag name="daemon">Build polkitd in addition to libpolkit. Those using <pkg>sys-apps/dbus-broker</pkg> may wish to disable this flag.</flag> + <flag name="daemon">Build polkitd in addition to libpolkit.</flag> <flag name="duktape">Use <pkg>dev-lang/duktape</pkg> instead of <pkg>dev-lang/spidermonkey</pkg> as JavaScript engine</flag> <flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag> </use> <upstream> - <remote-id type="freedesktop-gitlab">polkit/polkit</remote-id> + <remote-id type="github">polkit-org/polkit</remote-id> </upstream> </pkgmetadata> diff --git a/sys-auth/polkit/polkit-122.ebuild b/sys-auth/polkit/polkit-122-r1.ebuild index 0752a39d7734..fc80a36e0f16 100644 --- a/sys-auth/polkit/polkit-122.ebuild +++ b/sys-auth/polkit/polkit-122-r1.ebuild @@ -22,7 +22,7 @@ fi LICENSE="LGPL-2" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" # https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction RESTRICT="!test? ( test ) test" @@ -144,11 +144,17 @@ src_install() { dodoc src/examples/{*.c,*.policy*} fi - diropts -m 0700 -o polkitd - keepdir /usr/share/polkit-1/rules.d + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi } pkg_postinst() { - chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d - chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi } diff --git a/sys-auth/polkit/polkit-121.ebuild b/sys-auth/polkit/polkit-123.ebuild index 781e76f6deb9..fae107ce5592 100644 --- a/sys-auth/polkit/polkit-121.ebuild +++ b/sys-auth/polkit/polkit-123.ebuild @@ -3,7 +3,7 @@ EAPI=8 -PYTHON_COMPAT=( python3_{9..11} ) +PYTHON_COMPAT=( python3_{10..11} ) inherit meson pam pax-utils python-any-r1 systemd xdg-utils DESCRIPTION="Policy framework for controlling privileges for system-wide services" @@ -17,16 +17,15 @@ if [[ ${PV} == *_p* ]] ; then S="${WORKDIR}"/${PN}-${MY_COMMIT} else - SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz" - - S="${WORKDIR}"/${PN}-v.${PV} + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2" fi LICENSE="LGPL-2" SLOT="0" KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" -IUSE="+duktape examples gtk +introspection kde pam selinux systemd test" -RESTRICT="!test? ( test )" +IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" +# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction +RESTRICT="!test? ( test ) test" # This seems to be fixed with 121? #if [[ ${PV} == *_p* ]] ; then @@ -47,7 +46,7 @@ BDEPEND=" dev-util/glib-utils sys-devel/gettext virtual/pkgconfig - introspection? ( dev-libs/gobject-introspection ) + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) test? ( $(python_gen_any_dep ' dev-python/dbus-python[${PYTHON_USEDEP}] @@ -56,10 +55,12 @@ BDEPEND=" ) " DEPEND=" - dev-libs/glib:2 + >=dev-libs/glib-2.32:2 dev-libs/expat - duktape? ( dev-lang/duktape:= ) - !duktape? ( dev-lang/spidermonkey:91[-debug] ) + daemon? ( + duktape? ( dev-lang/duktape:= ) + !duktape? ( dev-lang/spidermonkey:102[-debug] ) + ) pam? ( sys-auth/pambase sys-libs/pam @@ -68,7 +69,8 @@ DEPEND=" systemd? ( sys-apps/systemd:0=[policykit] ) !systemd? ( sys-auth/elogind ) " -RDEPEND="${DEPEND} +RDEPEND=" + ${DEPEND} acct-user/polkitd selinux? ( sec-policy/selinux-policykit ) " @@ -84,7 +86,13 @@ DOCS=( docs/TODO HACKING.md NEWS.md README.md ) QA_MULTILIB_PATHS=" usr/lib/polkit-1/polkit-agent-helper-1 - usr/lib/polkit-1/polkitd" + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${P}-mozjs-JIT.patch + "${FILESDIR}"/${P}-pkexec-uninitialized.patch +) python_check_deps() { python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && @@ -96,11 +104,6 @@ pkg_setup() { } src_prepare() { - local PATCHES=( - # musl - "${FILESDIR}"/${PN}-0.120_p20220509-make-netgroup-support-optional.patch - ) - default # bug #401513 @@ -120,6 +123,7 @@ src_configure() { -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" -Djs_engine=$(usex duktape duktape mozjs) + $(meson_use !daemon libs-only) $(meson_use introspection) $(meson_use test tests) $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') @@ -142,11 +146,17 @@ src_install() { dodoc src/examples/{*.c,*.policy*} fi - diropts -m 0700 -o polkitd - keepdir /usr/share/polkit-1/rules.d + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi } pkg_postinst() { - chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d - chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi } diff --git a/sys-auth/polkit/polkit-124-r1.ebuild b/sys-auth/polkit/polkit-124-r1.ebuild new file mode 100644 index 000000000000..d5ae6fcf9f54 --- /dev/null +++ b/sys-auth/polkit/polkit-124-r1.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit meson pam pax-utils python-any-r1 systemd xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" +if [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2" +fi + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" +# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction +RESTRICT="!test? ( test ) test" + +# This seems to be fixed with 121? +#if [[ ${PV} == *_p* ]] ; then +# RESTRICT="!test? ( test )" +#else +# # Tests currently don't work with meson in the dist tarballs. See +# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144 +# RESTRICT="test" +#fi + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/glib + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + sys-devel/gettext + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + duktape? ( dev-lang/duktape:= ) + !duktape? ( dev-lang/spidermonkey:115[-debug] ) + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${PN}-124-systemd.patch + "${FILESDIR}"/${PN}-124-systemd-fixup.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + -Djs_engine=$(usex duktape duktape mozjs) + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use test tests) + $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} diff --git a/sys-auth/realtime-base/realtime-base-0.1-r1.ebuild b/sys-auth/realtime-base/realtime-base-0.1-r1.ebuild index 5cea0efc327f..4f8202ec7a5b 100644 --- a/sys-auth/realtime-base/realtime-base-0.1-r1.ebuild +++ b/sys-auth/realtime-base/realtime-base-0.1-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -9,7 +9,7 @@ SRC_URI="" LICENSE="public-domain" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ppc ppc64 ~riscv ~s390 sparc x86" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" IUSE="" DEPEND="" diff --git a/sys-auth/rtkit/files/rtkit-0.13_daemon_verbosity.patch b/sys-auth/rtkit/files/rtkit-0.13_daemon_verbosity.patch new file mode 100644 index 000000000000..e8fb9c821dde --- /dev/null +++ b/sys-auth/rtkit/files/rtkit-0.13_daemon_verbosity.patch @@ -0,0 +1,67 @@ +From ad649ee491ed1a41537774ad11564a208e598a09 Mon Sep 17 00:00:00 2001 +From: Jean Delvare <jdelvare@suse.de> +Date: Sat, 15 Apr 2023 11:53:27 +0200 +Subject: [PATCH] rtkit-daemon: Don't log debug messages by default + +The rtkit-daemon service is a lot more verbose than other services +when it doesn't have anything to do. Stop logging the debug messages +by default to avoid flooding the system log. + +This addresses issue #22. +--- a/rtkit-daemon.c ++++ b/rtkit-daemon.c +@@ -154,6 +154,9 @@ static bool canary_demote_unknown = FALSE; + /* Log to stderr? */ + static bool log_stderr = FALSE; + ++/* Also log debugging messages? */ ++static bool log_debug = FALSE; ++ + /* Scheduling policy to use */ + static int sched_policy = SCHED_RR; + +@@ -1876,6 +1879,7 @@ enum { + ARG_CANARY_DEMOTE_UNKNOWN, + ARG_CANARY_REFUSE_SEC, + ARG_STDERR, ++ ARG_DEBUG, + ARG_INTROSPECT + }; + +@@ -1905,6 +1909,7 @@ static const struct option long_options[] = { + { "canary-demote-unknown", no_argument, 0, ARG_CANARY_DEMOTE_UNKNOWN }, + { "canary-refuse-sec", required_argument, 0, ARG_CANARY_REFUSE_SEC }, + { "stderr", no_argument, 0, ARG_STDERR }, ++ { "debug", no_argument, 0, ARG_DEBUG }, + { "introspect", no_argument, 0, ARG_INTROSPECT }, + { NULL, 0, 0, 0} + }; +@@ -1933,6 +1938,7 @@ static void show_help(const char *exe) { + " --version Show version\n\n" + "OPTIONS:\n" + " --stderr Log to STDERR in addition to syslog\n" ++ " --debug Also log debugging mssages\n" + " --user-name=USER Run daemon as user (%s)\n\n" + " --scheduling-policy=(RR|FIFO) Choose scheduling policy (%s)\n" + " --our-realtime-priority=[%i..%i] Realtime priority for the daemon (%u)\n" +@@ -2222,6 +2228,10 @@ static int parse_command_line(int argc, char *argv[], int *ret) { + log_stderr = TRUE; + break; + ++ case ARG_DEBUG: ++ log_debug = TRUE; ++ break; ++ + case ARG_INTROSPECT: + fputs(introspect_xml, stdout); + *ret = 0; +@@ -2251,6 +2261,9 @@ static int parse_command_line(int argc, char *argv[], int *ret) { + return -1; + } + ++ if (!log_debug) ++ setlogmask(LOG_UPTO(LOG_INFO)); ++ + assert(our_realtime_priority >= (unsigned) sched_get_priority_min(sched_policy)); + assert(our_realtime_priority <= (unsigned) sched_get_priority_max(sched_policy)); + diff --git a/sys-auth/rtkit/metadata.xml b/sys-auth/rtkit/metadata.xml index 44cb8576a448..2c85d65cf461 100644 --- a/sys-auth/rtkit/metadata.xml +++ b/sys-auth/rtkit/metadata.xml @@ -10,4 +10,7 @@ to escalate their priority to realtime, without any special setup in rlimits, etc. </longdescription> + <upstream> + <remote-id type="github">heftig/rtkit</remote-id> + </upstream> </pkgmetadata> diff --git a/sys-auth/rtkit/rtkit-0.13-r1.ebuild b/sys-auth/rtkit/rtkit-0.13-r2.ebuild index 09fccb721a9c..fd13fbac19c3 100644 --- a/sys-auth/rtkit/rtkit-0.13-r1.ebuild +++ b/sys-auth/rtkit/rtkit-0.13-r2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -11,8 +11,8 @@ SRC_URI="https://github.com/heftig/${PN}/releases/download/v${PV}/${P}.tar.xz" LICENSE="GPL-3 BSD" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 sparc x86" -IUSE="systemd" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 ~riscv sparc x86" +IUSE="selinux systemd" BDEPEND="virtual/pkgconfig" DEPEND="acct-group/rtkit @@ -21,9 +21,11 @@ DEPEND="acct-group/rtkit sys-auth/polkit sys-libs/libcap systemd? ( sys-apps/systemd )" -RDEPEND="${DEPEND}" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-rtkit )" PATCHES=( + "${FILESDIR}"/${PN}-0.13_daemon_verbosity.patch "${FILESDIR}"/${PN}-0.13_meson_rtkitctl_dir.patch "${FILESDIR}"/${PN}-0.13_meson_xxd_optional.patch ) diff --git a/sys-auth/seatd/Manifest b/sys-auth/seatd/Manifest index cbad969e380b..a5d51ded54e6 100644 --- a/sys-auth/seatd/Manifest +++ b/sys-auth/seatd/Manifest @@ -1 +1 @@ -DIST seatd-0.7.0.tar.gz 39198 BLAKE2B eddae25b353a5ff4da8aa8b41ead6e6ebab6ffa321376887769cbaf22c3c1b8448d84758749714b82d6ca2d602f2140042634bbeb9312449d8ac207b3774851e SHA512 c81c43994b92672a388bf255edb1fe24d3dba7ece2eb35f9fedc05cc0b8e464e9167ffed037645c4072430fe7b3b8fc80cc99f21fb5100654b5dd23a94742e66 +DIST seatd-0.8.0.tar.gz 39349 BLAKE2B 920270808f28c85badb173af22edb03960f2b9cdce5af3124c64fe68c52a77f002272d2f19e97d107303c55ad6de498d279f6b05311793270c6ee84565fc435e SHA512 93b1e5c170564ce9654e4df9985af95cb505274b36e950998bb1f16803d2d46712140eded2bdd8d5e85aec62070afd9c224184276d79a0ff0813408dfc472db7 diff --git a/sys-auth/seatd/files/seatd.initd-r1 b/sys-auth/seatd/files/seatd.initd-r1 new file mode 100644 index 000000000000..a71a9c480aca --- /dev/null +++ b/sys-auth/seatd/files/seatd.initd-r1 @@ -0,0 +1,4 @@ +#!/sbin/openrc-run +supervisor=supervise-daemon +command="seatd" +command_args="-g seat" diff --git a/sys-auth/seatd/seatd-0.7.0.ebuild b/sys-auth/seatd/seatd-0.7.0.ebuild deleted file mode 100644 index 38a16a371fb9..000000000000 --- a/sys-auth/seatd/seatd-0.7.0.ebuild +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright 2020-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit meson systemd - -DESCRIPTION="Minimal seat management daemon and universal library" -HOMEPAGE="https://sr.ht/~kennylevinsen/seatd" -if [[ ${PV} == 9999 ]]; then - inherit git-r3 - EGIT_REPO_URI="https://git.sr.ht/~kennylevinsen/seatd" -else - KEYWORDS="amd64 arm arm64 ~loong ppc64 ~riscv x86" - SRC_URI="https://git.sr.ht/~kennylevinsen/seatd/archive/${PV}.tar.gz -> ${P}.tar.gz" -fi -LICENSE="MIT" -SLOT="0/1" -IUSE="builtin elogind +server systemd" -REQUIRED_USE="?? ( elogind systemd )" - -DEPEND=" - elogind? ( sys-auth/elogind ) - systemd? ( sys-apps/systemd ) -" -RDEPEND="${DEPEND} - server? ( acct-group/seat ) -" -BDEPEND=">=app-text/scdoc-1.9.7" - -src_configure() { - local emesonargs=( - -Dman-pages=enabled - $(meson_feature builtin libseat-builtin) - $(meson_feature server) - ) - - if use elogind ; then - emesonargs+=( -Dlibseat-logind=elogind ) - elif use systemd; then - emesonargs+=( -Dlibseat-logind=systemd ) - else - emesonargs+=( -Dlibseat-logind=disabled ) - fi - - meson_src_configure -} - -src_install() { - meson_src_install - - if use server; then - newinitd "${FILESDIR}/seatd.initd" seatd - systemd_dounit contrib/systemd/seatd.service - fi -} diff --git a/sys-auth/seatd/seatd-0.7.0-r1.ebuild b/sys-auth/seatd/seatd-0.8.0.ebuild index 779dda01995e..53eba7e7658c 100644 --- a/sys-auth/seatd/seatd-0.7.0-r1.ebuild +++ b/sys-auth/seatd/seatd-0.8.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 2020-2022 Gentoo Authors +# Copyright 2020-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -21,7 +21,7 @@ REQUIRED_USE="?? ( elogind systemd )" DEPEND=" elogind? ( sys-auth/elogind ) - systemd? ( sys-apps/systemd ) + systemd? ( sys-apps/systemd:= ) " RDEPEND="${DEPEND} server? ( acct-group/seat ) @@ -50,7 +50,13 @@ src_install() { meson_src_install if use server; then - newinitd "${FILESDIR}/seatd.initd" seatd + newinitd "${FILESDIR}/seatd.initd-r1" seatd systemd_dounit contrib/systemd/seatd.service + + if has_version '<sys-auth/seatd-0.7.0-r2'; then + elog "For OpenRC users: seatd is now using the 'seat' group instead of the 'video' group" + elog "Make sure your user(s) are in the 'seat' group." + elog "Note: 'video' is still needed for GPU access like OpenGL" + fi fi } diff --git a/sys-auth/seatd/seatd-9999.ebuild b/sys-auth/seatd/seatd-9999.ebuild index a3351b9b2463..a9bfcfa000ff 100644 --- a/sys-auth/seatd/seatd-9999.ebuild +++ b/sys-auth/seatd/seatd-9999.ebuild @@ -1,4 +1,4 @@ -# Copyright 2020-2022 Gentoo Authors +# Copyright 2020-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -11,7 +11,7 @@ if [[ ${PV} == 9999 ]]; then inherit git-r3 EGIT_REPO_URI="https://git.sr.ht/~kennylevinsen/seatd" else - KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" SRC_URI="https://git.sr.ht/~kennylevinsen/seatd/archive/${PV}.tar.gz -> ${P}.tar.gz" fi LICENSE="MIT" @@ -21,7 +21,7 @@ REQUIRED_USE="?? ( elogind systemd )" DEPEND=" elogind? ( sys-auth/elogind ) - systemd? ( sys-apps/systemd ) + systemd? ( sys-apps/systemd:= ) " RDEPEND="${DEPEND} server? ( acct-group/seat ) @@ -50,7 +50,13 @@ src_install() { meson_src_install if use server; then - newinitd "${FILESDIR}/seatd.initd" seatd + newinitd "${FILESDIR}/seatd.initd-r1" seatd systemd_dounit contrib/systemd/seatd.service + + if has_version '<sys-auth/seatd-0.7.0-r2'; then + elog "For OpenRC users: seatd is now using the 'seat' group instead of the 'video' group" + elog "Make sure your user(s) are in the 'seat' group." + elog "Note: 'video' is still needed for GPU access like OpenGL" + fi fi } diff --git a/sys-auth/skey/Manifest b/sys-auth/skey/Manifest index 4c3e9cb73c37..05a20e091d3e 100644 --- a/sys-auth/skey/Manifest +++ b/sys-auth/skey/Manifest @@ -1,2 +1,2 @@ -DIST skey-1.1.5-patches-6.tar.xz 34108 BLAKE2B 410dbe673e0a32a4c3fd0610f898057e7b3afcc0d0fd124683033790f9c518bf89486f13e8d87825c0959ff34e91eae82df6ba3b79c1dcb99a34d5657036d5a6 SHA512 2c807675cdd6b800f03427d79d616f59ac9d4d438221913328ec92e5dd13af185f74a24e17d36af8d49a51c4ecc5b24ef198489acce416d829e8aacf5d3c208a +DIST skey-1.1.5-patches-7.tar.xz 34412 BLAKE2B 77c37b71e80a629dc24996a496ac870d8ad431268bc8eff188ffe09fda6c52b4169aae6e16d31897658e003c1565176f5b8bdd7052795b372c47e49258a7d8ff SHA512 a73f0772883cfb8a6cd7acabd0d005e723952c4eb3b83d27b5c321737e38a4b4b65be0e7cb1b4fb5d040e315b3c36f6f4ca96f20ad8564617e694e9373fa060d DIST skey-1.1.5.tar.bz2 61911 BLAKE2B 6226a91f4018bee5796bf60339dc8554324a044eef18a69ea176d060cb4af90779cafaee58f42ad7a6e433b94da8de6e5e4d1ee9362904966fd0872d5ac3ccce SHA512 4cbddc7e31134d5e23801a9b07de0d05c8357aaa8dddfb8426fceead3f54e539f77204f78a08b2a93890ef2f4f807a2208080f58f80818afa1b8cd4884b1fb37 diff --git a/sys-auth/skey/skey-1.1.5-r13.ebuild b/sys-auth/skey/skey-1.1.5-r14.ebuild index ffd30c0f335d..f91749db5148 100644 --- a/sys-auth/skey/skey-1.1.5-r13.ebuild +++ b/sys-auth/skey/skey-1.1.5-r14.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -7,8 +7,8 @@ inherit autotools readme.gentoo-r1 toolchain-funcs usr-ldscript DESCRIPTION="Linux Port of OpenBSD Single-key Password System" HOMEPAGE="https://web.archive.org/web/20160710152027/http://www.openbsd.org:80/faq/faq8.html#SKey" -SRC_URI="mirror://gentoo/${P}.tar.bz2 - https://dev.gentoo.org/~ulm/distfiles/${P}-patches-6.tar.xz" +SRC_URI="https://dev.gentoo.org/~ulm/distfiles/${P}.tar.bz2 + https://dev.gentoo.org/~ulm/distfiles/${P}-patches-7.tar.xz" LICENSE="BSD MIT RSA BEER-WARE" SLOT="0" diff --git a/sys-auth/solo1/solo1-0.1.1.ebuild b/sys-auth/solo1/solo1-0.1.1-r1.ebuild index 0ab44c710e95..0e8e190536f4 100644 --- a/sys-auth/solo1/solo1-0.1.1.ebuild +++ b/sys-auth/solo1/solo1-0.1.1-r1.ebuild @@ -1,16 +1,15 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 -PYTHON_COMPAT=( python3_{9..10} ) +PYTHON_COMPAT=( python3_{10..12} ) DISTUTILS_USE_PEP517=flit -inherit distutils-r1 +inherit distutils-r1 pypi DESCRIPTION="CLI and Python library for SoloKeys Solo 1" HOMEPAGE="https://github.com/solokeys/solo1-cli" -SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" LICENSE="Apache-2.0 MIT" SLOT="0" diff --git a/sys-auth/ssh-import-id/metadata.xml b/sys-auth/ssh-import-id/metadata.xml index fd9ff4351985..a8d5f70543c9 100644 --- a/sys-auth/ssh-import-id/metadata.xml +++ b/sys-auth/ssh-import-id/metadata.xml @@ -1,9 +1,9 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> - <maintainer type="person"> - <email>slashbeast@gentoo.org</email> - <name>Piotr Karbowski</name> - </maintainer> + <!-- maintainer-needed --> <stabilize-allarches/> + <upstream> + <remote-id type="launchpad">ssh-import-id</remote-id> + </upstream> </pkgmetadata> diff --git a/sys-auth/ssh-import-id/ssh-import-id-5.11-r1.ebuild b/sys-auth/ssh-import-id/ssh-import-id-5.11-r1.ebuild new file mode 100644 index 000000000000..ddde94c6da84 --- /dev/null +++ b/sys-auth/ssh-import-id/ssh-import-id-5.11-r1.ebuild @@ -0,0 +1,28 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{9..11} ) +DISTUTILS_USE_PEP517=setuptools + +inherit distutils-r1 + +DESCRIPTION="Utility to securely retrieve an SSH public key and install it locally" +HOMEPAGE="https://launchpad.net/ssh-import-id" +SRC_URI="https://launchpad.net/${PN}/trunk/${PV}/+download/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha amd64 arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 sparc x86" +IUSE="" + +DEPEND="${PYTHON_DEPS}" +RDEPEND=" + dev-python/distro[${PYTHON_USEDEP}] +" + +src_install() { + distutils-r1_src_install + doman usr/share/man/man1/ssh-import-id.1 +} diff --git a/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.4.0.ebuild b/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.4.0.ebuild index 1f5cd230ec5a..999f36b3d109 100644 --- a/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.4.0.ebuild +++ b/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.4.0.ebuild @@ -4,7 +4,8 @@ EAPI=7 DISTUTILS_USE_PEP517=setuptools -PYTHON_COMPAT=( python3_{9..10} ) +PYTHON_COMPAT=( python3_{10..11} ) + inherit distutils-r1 DESCRIPTION="Utility to manage SSH public keys stored in LDAP" @@ -23,25 +24,24 @@ LICENSE="MIT" SLOT="0" IUSE="schema" -MY_CDEPEND="dev-python/docopt[${PYTHON_USEDEP}] +RDEPEND="dev-python/docopt[${PYTHON_USEDEP}] >=dev-python/python-ldap-3.0[${PYTHON_USEDEP}] virtual/logger" -DEPEND="${MY_CDEPEND} +DEPEND="${RDEPEND} dev-python/setuptools[${PYTHON_USEDEP}] test? ( dev-python/pytest-describe[${PYTHON_USEDEP}] dev-python/pytest-mock[${PYTHON_USEDEP}] )" -# We need to block previous net-misc/openssh packages -# to avoid file collision on "/etc/openldap/schema/openssh-lpk.schema" -RDEPEND="${MY_CDEPEND} - schema? ( !net-misc/openssh[ldap(-)] )" - DOCS=( README.md CHANGELOG.adoc ) distutils_enable_tests pytest +python_test() { + epytest -p pytest-describe +} + python_install_all() { distutils-r1_python_install_all diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest index 33bcbee3a483..99b108e1bbf8 100644 --- a/sys-auth/sssd/Manifest +++ b/sys-auth/sssd/Manifest @@ -1,3 +1,2 @@ -DIST sssd-2.5.2-CVE-2021-3621.patch.bz2 3155 BLAKE2B c50e331f0f1acbb9ef8e6d54a63219da44df5e565608c24635d85a110fcc024f7d5293c4412bca64831a9a3a14e2c1188be1a802c76575ad6d7a83243d3d89c2 SHA512 650af7c67b3a807935c0875ee877d366facdf818492fb4244757448ad351454a279968ea5414e6b3cd116e873abe4f1aef2ccdaf790a4df0cf7f2a0078a41860 -DIST sssd-2.5.2.tar.gz 7579208 BLAKE2B ec5d9aeaf5b5e05b56c01f9137f6f24db05544dbd48458d742285b60e7beb6d48af865f3415e11ce89e187f4643bbecf15bbb321859ec80cfe458eb781cea6c9 SHA512 a9bac7b2cc23022dce3bcda314c9c26a0a0914c448f6d5a51c5ba18670f04c1fd1a94cb20173235b6285df1dcc9251cb6b3f3e71a220037b4eb66668e6f33c48 -DIST sssd-2.6.0.tar.gz 7440969 BLAKE2B 6b05fcea09ef10a5b2f373dc6a66032edc4c4f46f65f42fdc9ffb5b676025095e16de4a86b3088351c22746e062829d1d68fa7e960cccb7c5a77d960e6d38e2a SHA512 0b9e169424cbadfa6132a3e5e9789facf82f04cce94cb5344b8ff49370ae8817c2cb16cf21caddf6a7cd42e661d5ff5bf97843d79681683aacff0053ff93f64b +DIST sssd-2.9.1.tar.gz 7943540 BLAKE2B 9113b63d54beb40ba85c5b5c75068197317b3b8088119cf6557c6b4aed113d2d67f0bc64fc68fb34f4dbef54cccdb8b32ef44112115930751fdec5ec92e0a09b SHA512 eb7345dcfbbd51f005f67ee5032364d369d24589111ded60701e2dbe09563f0b862d343f231dd2e9d548acd8c560a036c8b88a0601f9aa048a7202da8202cd9b +DIST sssd-2.9.4.tar.gz 7982544 BLAKE2B 6ed23787f1c029abc89f2bbe516787ddbe2fa39f052b75b965972b0a3532c66076f16b775258c5ee6f4ac9ef63bd6ab5bad1a3b660bcac135b3af460d0f14748 SHA512 9546cf074628f32137b16ca0c763988785271124244b645d1e786762e8578f10d983793a29bffcc004b064452fe8d465476a3041688d2f3c11c2751fb5bec3e2 diff --git a/sys-auth/sssd/files/sssd-2.6.0-conditional-python-install.patch b/sys-auth/sssd/files/sssd-2.6.0-conditional-python-install.patch deleted file mode 100644 index 04c18ceede8c..000000000000 --- a/sys-auth/sssd/files/sssd-2.6.0-conditional-python-install.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- a/src/tools/analyzer/Makefile.am -+++ b/src/tools/analyzer/Makefile.am -@@ -1,5 +1,7 @@ - pkgpythondir = $(python3dir)/sssd -+modulesdir = $(pkgpythondir)/modules - -+if BUILD_PYTHON_BINDINGS - dist_pkgpython_SCRIPTS = \ - sss_analyze.py \ - $(NULL) -@@ -10,7 +12,7 @@ - source_reader.py \ - $(NULL) - --modulesdir = $(pkgpythondir)/modules - dist_modules_DATA = \ - modules/request.py \ - $(NULL) -+endif diff --git a/sys-auth/sssd/files/sssd-2.8.2-krb5_pw_locked.patch b/sys-auth/sssd/files/sssd-2.8.2-krb5_pw_locked.patch new file mode 100644 index 000000000000..a8bd397cd063 --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.8.2-krb5_pw_locked.patch @@ -0,0 +1,12 @@ +diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c +index a1c0b36..207c010 100644 +--- a/src/providers/krb5/krb5_auth.c ++++ b/src/providers/krb5/krb5_auth.c +@@ -1037,6 +1037,7 @@ static void krb5_auth_done(struct tevent_req *subreq) + case ERR_ACCOUNT_LOCKED: + state->pam_status = PAM_PERM_DENIED; + state->dp_err = DP_ERR_OK; ++ state->pd->account_locked = true; + ret = EOK; + goto done; + diff --git a/sys-auth/sssd/files/sssd-2.9.1-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch b/sys-auth/sssd/files/sssd-2.9.1-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch new file mode 100644 index 000000000000..c849fe76b446 --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.9.1-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch @@ -0,0 +1,31 @@ +From 74d0f4538deb766592079b1abca0d949d6dea105 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov <atikhono@redhat.com> +Date: Thu, 15 Jun 2023 12:05:03 +0200 +Subject: [PATCH 1/1] BUILD: Accept krb5 1.21 for building the PAC plugin +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reviewed-by: Alejandro López <allopez@redhat.com> +Reviewed-by: Sumit Bose <sbose@redhat.com> +--- + src/external/pac_responder.m4 | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/external/pac_responder.m4 b/src/external/pac_responder.m4 +index 3cbe3c9cfba03b59e26a8c5c2d73446eead2acea..90727185b574411bddd928f8d87efdc87076eba4 100644 +--- a/src/external/pac_responder.m4 ++++ b/src/external/pac_responder.m4 +@@ -22,7 +22,8 @@ then + Kerberos\ 5\ release\ 1.17* | \ + Kerberos\ 5\ release\ 1.18* | \ + Kerberos\ 5\ release\ 1.19* | \ +- Kerberos\ 5\ release\ 1.20*) ++ Kerberos\ 5\ release\ 1.20* | \ ++ Kerberos\ 5\ release\ 1.21*) + krb5_version_ok=yes + AC_MSG_RESULT([yes]) + ;; +-- +2.41.0 + diff --git a/sys-auth/sssd/files/sssd-2.9.1-certmap-fix-partial-string-comparison.patch b/sys-auth/sssd/files/sssd-2.9.1-certmap-fix-partial-string-comparison.patch new file mode 100644 index 000000000000..258940bab38e --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.9.1-certmap-fix-partial-string-comparison.patch @@ -0,0 +1,87 @@ +From 11afa7a6ef7e15f1e98c7145ad5c80bbdfc520e2 Mon Sep 17 00:00:00 2001 +From: Sumit Bose <sbose@redhat.com> +Date: Tue, 4 Jul 2023 19:06:27 +0200 +Subject: [PATCH 3/3] certmap: fix partial string comparison +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If the formatting option of the certificate digest/hash function +contained and additional specifier separated with a '_' the comparison +of the provided digest name and the available ones was incomplete, the +last character was ignored and the comparison was successful if even if +there was only a partial match. + +Resolves: https://github.com/SSSD/sssd/issues/6802 + +Reviewed-by: Alejandro López <allopez@redhat.com> +Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> +(cherry picked from commit 0817ca3b366f51510705ab77d7900c0b65b7d2fc) +--- + src/lib/certmap/sss_certmap_ldap_mapping.c | 9 ++++++++- + src/tests/cmocka/test_certmap.c | 22 ++++++++++++++++++++++ + 2 files changed, 30 insertions(+), 1 deletion(-) + +diff --git a/src/lib/certmap/sss_certmap_ldap_mapping.c b/src/lib/certmap/sss_certmap_ldap_mapping.c +index 2f16837a1..354b0310b 100644 +--- a/src/lib/certmap/sss_certmap_ldap_mapping.c ++++ b/src/lib/certmap/sss_certmap_ldap_mapping.c +@@ -228,14 +228,21 @@ int check_digest_conversion(const char *inp, const char **digest_list, + bool colon = false; + bool reverse = false; + char *c; ++ size_t len = 0; + + sep = strchr(inp, '_'); ++ if (sep != NULL) { ++ len = sep - inp; ++ } + + for (d = 0; digest_list[d] != NULL; d++) { + if (sep == NULL) { + cmp = strcasecmp(digest_list[d], inp); + } else { +- cmp = strncasecmp(digest_list[d], inp, (sep - inp -1)); ++ if (strlen(digest_list[d]) != len) { ++ continue; ++ } ++ cmp = strncasecmp(digest_list[d], inp, len); + } + + if (cmp == 0) { +diff --git a/src/tests/cmocka/test_certmap.c b/src/tests/cmocka/test_certmap.c +index da312beaf..a15984d60 100644 +--- a/src/tests/cmocka/test_certmap.c ++++ b/src/tests/cmocka/test_certmap.c +@@ -2183,6 +2183,28 @@ static void test_sss_certmap_ldapu1_cert(void **state) + assert_non_null(ctx); + assert_null(ctx->prio_list); + ++ /* cert!sha */ ++ ret = sss_certmap_add_rule(ctx, 91, ++ "KRB5:<ISSUER>.*", ++ "LDAP:rule91={cert!sha}", NULL); ++ assert_int_equal(ret, EINVAL); ++ ++ ret = sss_certmap_add_rule(ctx, 91, ++ "KRB5:<ISSUER>.*", ++ "LDAPU1:rule91={cert!sha}", NULL); ++ assert_int_equal(ret, EINVAL); ++ ++ /* cert!sha_u */ ++ ret = sss_certmap_add_rule(ctx, 90, ++ "KRB5:<ISSUER>.*", ++ "LDAP:rule90={cert!sha_u}", NULL); ++ assert_int_equal(ret, EINVAL); ++ ++ ret = sss_certmap_add_rule(ctx, 99, ++ "KRB5:<ISSUER>.*", ++ "LDAPU1:rule90={cert!sha_u}", NULL); ++ assert_int_equal(ret, EINVAL); ++ + /* cert!sha555 */ + ret = sss_certmap_add_rule(ctx, 89, + "KRB5:<ISSUER>.*", +-- +2.38.1 + diff --git a/sys-auth/sssd/files/sssd-2.9.1-conditional-python-install.patch b/sys-auth/sssd/files/sssd-2.9.1-conditional-python-install.patch new file mode 100644 index 000000000000..de46b96c82f9 --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.9.1-conditional-python-install.patch @@ -0,0 +1,19 @@ +diff --git a/src/tools/analyzer/Makefile.am b/src/tools/analyzer/Makefile.am +index b40043d04..dce6b9d36 100644 +--- a/src/tools/analyzer/Makefile.am ++++ b/src/tools/analyzer/Makefile.am +@@ -5,7 +5,9 @@ dist_sss_analyze_python_SCRIPTS = \ + $(NULL) + + pkgpythondir = $(python3dir)/sssd ++modulesdir = $(pkgpythondir)/modules + ++if BUILD_PYTHON_BINDINGS + dist_pkgpython_DATA = \ + __init__.py \ + source_files.py \ +@@ -20,3 +22,4 @@ dist_modules_DATA = \ + modules/__init__.py \ + modules/request.py \ + $(NULL) ++endif diff --git a/sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch b/sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch new file mode 100644 index 000000000000..3a724363382b --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch @@ -0,0 +1,39 @@ +From 15d7d34b20219e2fd45c43881088f5d542e9603e Mon Sep 17 00:00:00 2001 +From: Sumit Bose <sbose@redhat.com> +Date: Tue, 4 Jul 2023 18:56:35 +0200 +Subject: [PATCH 2/3] sssct: allow cert-show and cert-eval-rule as non-root +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The cert-show and cert-eval-rule sub-commands do not need root access and +do not require SSSD to be configured on the host. + +Resolves: https://github.com/SSSD/sssd/issues/6802 + +Reviewed-by: Alejandro López <allopez@redhat.com> +Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> +(cherry picked from commit 8466f0e4d0c6cd2b98d2789970847b9adc01d7d4) +--- + src/tools/sssctl/sssctl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c +index 855260aed..04c41aa9a 100644 +--- a/src/tools/sssctl/sssctl.c ++++ b/src/tools/sssctl/sssctl.c +@@ -340,9 +340,9 @@ int main(int argc, const char **argv) + SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT), + #endif + SSS_TOOL_DELIMITER("Certificate related tools:"), +- SSS_TOOL_COMMAND("cert-show", "Print information about the certificate", 0, sssctl_cert_show), ++ SSS_TOOL_COMMAND_FLAGS("cert-show", "Print information about the certificate", 0, sssctl_cert_show, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), + SSS_TOOL_COMMAND("cert-map", "Show users mapped to the certificate", 0, sssctl_cert_map), +- SSS_TOOL_COMMAND("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule), ++ SSS_TOOL_COMMAND_FLAGS("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), + #ifdef BUILD_PASSKEY + SSS_TOOL_DELIMITER("Passkey related tools:"), + SSS_TOOL_COMMAND_FLAGS("passkey-register", "Perform passkey registration", 0, sssctl_passkey_register, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), +-- +2.38.1 + diff --git a/sys-auth/sssd/metadata.xml b/sys-auth/sssd/metadata.xml index 1de148797929..a4f6c50a3f9e 100644 --- a/sys-auth/sssd/metadata.xml +++ b/sys-auth/sssd/metadata.xml @@ -5,19 +5,23 @@ <email>base-system@gentoo.org</email> <name>Gentoo Base System</name> </maintainer> - <maintainer type="person"> - <email>alexxy@gentoo.org</email> - <name>Alexey Shvetsov</name> + <maintainer type="person" proxied="yes"> + <email>salah.coronya@gmail.com</email> + <name>Christopher Byrne</name> + </maintainer> + <maintainer type="project" proxied="proxy"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> </maintainer> <use> <flag name="acl"> Build and use the cifsidmap plugin</flag> - <flag name="locator">Install sssd's Kerberos plugin</flag> + <flag name="keyutils">Controls whether the kernel keyring should be used via <pkg>sys-apps/keyutils</pkg></flag> <flag name="netlink">Add support for netlink protocol via <pkg>dev-libs/libnl</pkg></flag> <flag name="nfsv4">Add support for the nfsv4 idmapd plugin provided by <pkg>net-fs/nfs-utils</pkg></flag> - <flag name="pac">Add Privileged Attribute Certificate Support for Kerberos</flag> + <flag name="samba">Add Privileged Attribute Certificate Support for Kerberos</flag> + <flag name="subid">Support subordinate uid and gid ranges in FreeIPA</flag> <flag name="sudo">Build helper to let <pkg>app-admin/sudo</pkg> use sssd provided information</flag> <flag name="systemtap">Enable SystemTAP/DTrace tracing</flag> - <flag name="valgrind">Depend on <pkg>dev-util/valgrind</pkg> for test suite</flag> </use> <upstream> <remote-id type="cpe">cpe:/a:fedoraproject:sssd</remote-id> diff --git a/sys-auth/sssd/sssd-2.5.2-r3.ebuild b/sys-auth/sssd/sssd-2.9.1-r1.ebuild index ffbaa9bb9aea..af43a0ad6b5a 100644 --- a/sys-auth/sssd/sssd-2.5.2-r3.ebuild +++ b/sys-auth/sssd/sssd-2.9.1-r1.ebuild @@ -1,96 +1,113 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -PYTHON_COMPAT=( python3_{9..10} ) +PLOCALES="ca de es fr ja ko pt_BR ru sv tr uk" +PLOCALES_BIN="${PLOCALES} bg cs eu fi hu id it ka nb nl pl pt tg zh_TW zh_CN" +PLOCALE_BACKUP="sv" +PYTHON_COMPAT=( python3_{10..12} ) -inherit autotools linux-info multilib-minimal python-single-r1 pam systemd toolchain-funcs optfeature +inherit autotools linux-info multilib-minimal optfeature plocale \ + python-single-r1 pam systemd toolchain-funcs DESCRIPTION="System Security Services Daemon provides access to identity and authentication" HOMEPAGE="https://github.com/SSSD/sssd" -SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz" -SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-CVE-2021-3621.patch.bz2" +if [[ ${PV} != 9999 ]]; then + SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz" +else + inherit git-r3 + EGIT_REPO_URI="https://github.com/SSSD/sssd.git" + EGIT_BRANCH="master" +fi LICENSE="GPL-3" SLOT="0" -KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc x86" -IUSE="acl doc +locator +netlink nfsv4 nls +man pac python samba selinux sudo systemd systemtap test valgrind" +KEYWORDS="amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc x86" +IUSE="acl doc keyutils +netlink nfsv4 nls +man python samba selinux subid sudo systemd systemtap test" +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + test? ( sudo )" RESTRICT="!test? ( test )" -REQUIRED_USE="${PYTHON_REQUIRED_USE} - pac? ( samba ) - test? ( sudo ) - valgrind? ( test )" - -BDEPEND=">=sys-devel/autoconf-2.69-r5 - virtual/pkgconfig - ${PYTHON_DEPS} - doc? ( app-doc/doxygen ) - test? ( - dev-libs/check - dev-libs/softhsm:2 - dev-util/cmocka - net-libs/gnutls[pkcs11,tools] - sys-libs/libfaketime - sys-libs/nss_wrapper - sys-libs/pam_wrapper - sys-libs/uid_wrapper - valgrind? ( dev-util/valgrind ) - ) - man? ( - app-text/docbook-xml-dtd:4.4 - >=dev-libs/libxslt-1.1.26 - nls? ( app-text/po4a ) - )" - -DEPEND=">=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}] +DEPEND=" + >=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}] app-crypt/p11-kit >=dev-libs/ding-libs-0.2 - dev-libs/glib:2 >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] - >=dev-libs/libpcre-8.30:= + dev-libs/jansson:= + dev-libs/libpcre2:= + dev-libs/libunistring:= >=dev-libs/popt-1.16 - >=dev-libs/openssl-1.0.2:0= + >=dev-libs/openssl-1.0.2:= >=net-dns/bind-tools-9.9[gssapi] - >=net-dns/c-ares-1.7.4:= - >=net-nds/openldap-2.4.30:=[sasl] + >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}] + >=net-nds/openldap-2.4.30:=[sasl,experimental] >=sys-apps/dbus-1.6 - >=sys-apps/keyutils-1.5:= >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] >=sys-libs/talloc-2.0.7 >=sys-libs/tdb-1.2.9 >=sys-libs/tevent-0.9.16 >=sys-libs/ldb-1.1.17-r1:= virtual/libintl - locator? ( - >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}] - ) acl? ( net-fs/cifs-utils[acl] ) + keyutils? ( >=sys-apps/keyutils-1.5:= ) netlink? ( dev-libs/libnl:3 ) nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 ) nls? ( >=sys-devel/gettext-0.18 ) - pac? ( - net-fs/samba + python? ( + ${PYTHON_DEPS} + systemd? ( + $(python_gen_cond_dep ' + dev-python/python-systemd[${PYTHON_USEDEP}] + ') + ) ) - python? ( ${PYTHON_DEPS} ) samba? ( >=net-fs/samba-4.10.2[winbind] ) selinux? ( >=sys-libs/libselinux-2.1.9 >=sys-libs/libsemanage-2.1 ) + subid? ( >=sys-apps/shadow-4.9 ) systemd? ( - dev-libs/jansson:0= - net-libs/http-parser:0= - net-misc/curl:0= + sys-apps/systemd:= + sys-apps/util-linux ) - systemtap? ( dev-util/systemtap )" + systemtap? ( dev-debug/systemtap )" RDEPEND="${DEPEND} - >=sys-libs/glibc-2.17[nscd] selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )" +BDEPEND=" + virtual/pkgconfig + ${PYTHON_DEPS} + doc? ( app-text/doxygen ) + man? ( + app-text/docbook-xml-dtd:4.4 + >=dev-libs/libxslt-1.1.26 + nls? ( app-text/po4a ) + ) + nls? ( sys-devel/gettext ) + test? ( + dev-libs/check + dev-libs/softhsm:2 + dev-util/cmocka + net-libs/gnutls[pkcs11,tools] + sys-libs/libfaketime + sys-libs/nss_wrapper + sys-libs/pam_wrapper + sys-libs/uid_wrapper + ) +" CONFIG_CHECK="~KEYS" +PATCHES=( + "${FILESDIR}/${PN}-2.8.2-krb5_pw_locked.patch" + "${FILESDIR}/${PN}-2.9.1-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch" + "${FILESDIR}/${PN}-2.9.1-certmap-fix-partial-string-comparison.patch" + "${FILESDIR}/${PN}-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch" + "${FILESDIR}/${PN}-2.9.1-conditional-python-install.patch" +) + MULTILIB_WRAPPED_HEADERS=( /usr/include/ipa_hbac.h /usr/include/sss_idmap.h @@ -102,10 +119,6 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/sss_certmap.h ) -PATCHES=( - "${WORKDIR}"/${P}-CVE-2021-3621.patch -) - pkg_setup() { linux-info_pkg_setup python-single-r1_pkg_setup @@ -114,15 +127,35 @@ pkg_setup() { src_prepare() { default + plocale_get_locales > src/man/po/LINGUAS || die + + sed -i \ + -e "/_langs]/ s/ .*//" \ + src/man/po/po4a.cfg \ + || die + enable_locale() { + local locale=${1} + + sed -i \ + -e "/_langs]/ s/$/ ${locale}/" \ + src/man/po/po4a.cfg \ + || die + } + + plocale_for_each_locale enable_locale + + PLOCALES="${PLOCALES_BIN}" + plocale_get_locales > po/LINGUAS || die + sed -i \ -e 's:/var/run:/run:' \ - "${S}"/src/examples/logrotate \ + src/examples/logrotate \ || die # disable flaky test, see https://github.com/SSSD/sssd/issues/5631 sed -i \ -e '/^\s*pam-srv-tests[ \\]*$/d' \ - "${S}"/Makefile.am \ + Makefile.am \ || die eautoreconf @@ -131,7 +164,7 @@ src_prepare() { } src_configure() { - local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) + local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1 || die) multilib-minimal_src_configure } @@ -139,9 +172,14 @@ src_configure() { multilib_src_configure() { local myconf=() + export ac_cv_header_keyutils_h=$(usex keyutils) + export ac_cv_lib_keyutils_add_key=$(usex keyutils) + myconf+=( + --libexecdir="${EPREFIX}"/usr/libexec --localstatedir="${EPREFIX}"/var --runstatedir="${EPREFIX}"/run + --sbindir="${EPREFIX}"/usr/sbin --with-pid-path="${EPREFIX}"/run --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) @@ -153,22 +191,20 @@ multilib_src_configure() { --with-mcache-path="${EPREFIX}"/var/lib/sss/mc --with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets --with-log-path="${EPREFIX}"/var/log/sssd + --with-kcm + --enable-kcm-renewal --with-os=gentoo - --with-nscd="${EPREFIX}"/usr/sbin/nscd - --with-unicode-lib="glib2" --disable-rpath --disable-static - --sbindir=/usr/sbin - --enable-local-provider - $(multilib_native_use_with systemd kcm) - $(multilib_native_use_with systemd secrets) + # Valgrind is only used for tests + --disable-valgrind $(use_with samba) --with-smb-idmap-interface-version=6 $(multilib_native_use_enable acl cifs-idmap-plugin) $(multilib_native_use_with selinux) $(multilib_native_use_with selinux semanage) - $(use_enable locator krb5-locator-plugin) - $(use_enable pac pac-responder) + --enable-krb5-locator-plugin + $(use_enable samba pac-responder) $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) $(use_enable nls) $(multilib_native_use_with netlink libnl) @@ -176,21 +212,19 @@ multilib_src_configure() { $(multilib_native_use_with sudo) $(multilib_native_with autofs) $(multilib_native_with ssh) + --without-oidc-child + --without-passkey + $(use_with subid) $(use_enable systemtap) - $(use_enable valgrind) --without-python2-bindings $(multilib_native_use_with python python3-bindings) + # Annoyingly configure requires that you pick systemd XOR sysv + --with-initscript=$(usex systemd systemd sysv) ) - # Annoyingly configure requires that you pick systemd XOR sysv - if use systemd; then - myconf+=( - --with-initscript="systemd" - --with-systemdunitdir=$(systemd_get_systemunitdir) - ) - else - myconf+=(--with-initscript="sysv") - fi + use systemd && myconf+=( + --with-systemdunitdir=$(systemd_get_systemunitdir) + ) if ! multilib_is_native_abi; then # work-around all the libraries that are used for CLI and server @@ -198,17 +232,17 @@ multilib_src_configure() { {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' # ldb headers are fine since native needs it # ldb lib fails... but it does not seem to bother - {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' ' - {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' ' - {NDR_NBT,SMBCLIENT,NDR_KRB5PAC}_{CFLAGS,LIBS}=' ' + {DHASH,UNISTRING,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' ' + {PCRE,CARES,SYSTEMD_LOGIN,SASL,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' ' + {NDR_NBT,SAMBA_UTIL,SMBCLIENT,NDR_KRB5PAC,JANSSON}_{CFLAGS,LIBS}=' ' # use native include path for dbus (needed for build) DBUS_CFLAGS="${native_dbus_cflags}" # non-pkgconfig checks ac_cv_lib_ldap_ldap_search=yes - --without-secrets --without-kcm + --without-manpages ) fi @@ -219,13 +253,10 @@ multilib_src_compile() { if multilib_is_native_abi; then default use doc && emake docs - if use man || use nls; then - emake update-po - fi else - emake libnss_sss.la pam_sss.la - use locator && emake sssd_krb5_locator_plugin.la - use pac && emake sssd_pac_plugin.la + emake libnss_sss.la pam_sss.la pam_sss_gss.la + emake sssd_krb5_locator_plugin.la + use samba && emake sssd_pac_plugin.la fi } @@ -238,24 +269,23 @@ multilib_src_test() { multilib_src_install() { if multilib_is_native_abi; then - emake -j1 DESTDIR="${D}" "${_at_args[@]}" install + emake -j1 DESTDIR="${D}" install if use python; then - python_optimize python_fix_shebang "${ED}" + python_optimize fi else # easier than playing with automake... dopammod .libs/pam_sss.so + dopammod .libs/pam_sss_gss.so into / dolib.so .libs/libnss_sss.so* - if use locator; then - exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 - doexe .libs/sssd_krb5_locator_plugin.so - fi + exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 + doexe .libs/sssd_krb5_locator_plugin.so - if use pac; then + if use samba; then exeinto /usr/$(get_libdir)/krb5/plugins/authdata doexe .libs/sssd_pac_plugin.so fi @@ -264,15 +294,14 @@ multilib_src_install() { multilib_src_install_all() { einstalldocs - find "${ED}" -type f -name '*.la' -delete || die insinto /etc/sssd insopts -m600 - doins "${S}"/src/examples/sssd-example.conf + doins src/examples/sssd-example.conf insinto /etc/logrotate.d insopts -m644 - newins "${S}"/src/examples/logrotate sssd + newins src/examples/logrotate sssd newconfd "${FILESDIR}"/sssd.conf sssd @@ -289,15 +318,16 @@ multilib_src_install_all() { # strip empty dirs if ! use doc; then rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die - rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap,sss_simpleifp}_doc || die + rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap}_doc || die fi rm -r "${ED}"/run || die + find "${ED}" -type f -name '*.la' -delete || die } pkg_postinst() { elog "You must set up sssd.conf (default installed into /etc/sssd)" elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in https://sssd.io/docs/design_pages/smartcard_authentication_require.html" + elog "features." optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli } diff --git a/sys-auth/sssd/sssd-2.6.0-r2.ebuild b/sys-auth/sssd/sssd-2.9.4.ebuild index 16066e1d4f25..d83be12eeecc 100644 --- a/sys-auth/sssd/sssd-2.6.0-r2.ebuild +++ b/sys-auth/sssd/sssd-2.9.4.ebuild @@ -1,25 +1,33 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -PYTHON_COMPAT=( python3_{9..10} ) +PLOCALES="ca de es fr ja ko pt_BR ru sv tr uk" +PLOCALES_BIN="${PLOCALES} bg cs eu fi hu id it ka nb nl pl pt tg zh_TW zh_CN" +PLOCALE_BACKUP="sv" +PYTHON_COMPAT=( python3_{10..12} ) -inherit autotools linux-info multilib-minimal optfeature python-single-r1 pam systemd toolchain-funcs +inherit autotools linux-info multilib-minimal optfeature plocale \ + python-single-r1 pam systemd toolchain-funcs DESCRIPTION="System Security Services Daemon provides access to identity and authentication" HOMEPAGE="https://github.com/SSSD/sssd" -SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz" +if [[ ${PV} != 9999 ]]; then + SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz" + KEYWORDS="amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc x86" +else + inherit git-r3 + EGIT_REPO_URI="https://github.com/SSSD/sssd.git" + EGIT_BRANCH="master" +fi LICENSE="GPL-3" SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" -IUSE="acl doc +locator +netlink nfsv4 nls +man pac python samba selinux sudo systemd systemtap test valgrind" +IUSE="acl doc +netlink nfsv4 nls +man python samba selinux subid sudo systemd systemtap test" REQUIRED_USE=" - pac? ( samba ) python? ( ${PYTHON_REQUIRED_USE} ) - test? ( sudo ) - valgrind? ( test )" + test? ( sudo )" RESTRICT="!test? ( test )" DEPEND=" @@ -27,13 +35,14 @@ DEPEND=" app-crypt/p11-kit >=dev-libs/ding-libs-0.2 >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] + dev-libs/jansson:= dev-libs/libpcre2:= + dev-libs/libunistring:= >=dev-libs/popt-1.16 >=dev-libs/openssl-1.0.2:= - dev-libs/libunistring:= >=net-dns/bind-tools-9.9[gssapi] - >=net-dns/c-ares-1.7.4:= - >=net-nds/openldap-2.4.30:=[sasl] + >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}] + >=net-nds/openldap-2.4.30:=[sasl,experimental] >=sys-apps/dbus-1.6 >=sys-apps/keyutils-1.5:= >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] @@ -43,28 +52,39 @@ DEPEND=" >=sys-libs/ldb-1.1.17-r1:= virtual/libintl acl? ( net-fs/cifs-utils[acl] ) - locator? ( >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}] ) netlink? ( dev-libs/libnl:3 ) nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 ) - pac? ( net-fs/samba ) - python? ( ${PYTHON_DEPS} ) + nls? ( >=sys-devel/gettext-0.18 ) + python? ( + ${PYTHON_DEPS} + systemd? ( + $(python_gen_cond_dep ' + dev-python/python-systemd[${PYTHON_USEDEP}] + ') + ) + ) samba? ( >=net-fs/samba-4.10.2[winbind] ) selinux? ( >=sys-libs/libselinux-2.1.9 >=sys-libs/libsemanage-2.1 ) + subid? ( >=sys-apps/shadow-4.9 ) systemd? ( sys-apps/systemd:= sys-apps/util-linux ) - systemtap? ( dev-util/systemtap )" + systemtap? ( dev-debug/systemtap )" RDEPEND="${DEPEND} - >=sys-libs/glibc-2.17[nscd] selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )" BDEPEND=" virtual/pkgconfig ${PYTHON_DEPS} - doc? ( app-doc/doxygen ) + doc? ( app-text/doxygen ) + man? ( + app-text/docbook-xml-dtd:4.4 + >=dev-libs/libxslt-1.1.26 + nls? ( app-text/po4a ) + ) nls? ( sys-devel/gettext ) test? ( dev-libs/check @@ -75,17 +95,15 @@ BDEPEND=" sys-libs/nss_wrapper sys-libs/pam_wrapper sys-libs/uid_wrapper - valgrind? ( dev-util/valgrind ) ) - man? ( - app-text/docbook-xml-dtd:4.4 - >=dev-libs/libxslt-1.1.26 - nls? ( app-text/po4a ) - )" +" CONFIG_CHECK="~KEYS" -PATCHES=( "${FILESDIR}"/${PN}-2.6.0-conditional-python-install.patch ) +PATCHES=( + "${FILESDIR}/${PN}-2.8.2-krb5_pw_locked.patch" + "${FILESDIR}/${PN}-2.9.1-conditional-python-install.patch" +) MULTILIB_WRAPPED_HEADERS=( /usr/include/ipa_hbac.h @@ -106,6 +124,26 @@ pkg_setup() { src_prepare() { default + plocale_get_locales > src/man/po/LINGUAS || die + + sed -i \ + -e "/_langs]/ s/ .*//" \ + src/man/po/po4a.cfg \ + || die + enable_locale() { + local locale=${1} + + sed -i \ + -e "/_langs]/ s/$/ ${locale}/" \ + src/man/po/po4a.cfg \ + || die + } + + plocale_for_each_locale enable_locale + + PLOCALES="${PLOCALES_BIN}" + plocale_get_locales > po/LINGUAS || die + sed -i \ -e 's:/var/run:/run:' \ src/examples/logrotate \ @@ -132,8 +170,10 @@ multilib_src_configure() { local myconf=() myconf+=( + --libexecdir="${EPREFIX}"/usr/libexec --localstatedir="${EPREFIX}"/var --runstatedir="${EPREFIX}"/run + --sbindir="${EPREFIX}"/usr/sbin --with-pid-path="${EPREFIX}"/run --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) @@ -145,18 +185,20 @@ multilib_src_configure() { --with-mcache-path="${EPREFIX}"/var/lib/sss/mc --with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets --with-log-path="${EPREFIX}"/var/log/sssd + --with-kcm + --enable-kcm-renewal --with-os=gentoo --disable-rpath --disable-static - --sbindir="${EPREFIX}"/usr/sbin - $(multilib_native_use_with systemd kcm) + # Valgrind is only used for tests + --disable-valgrind $(use_with samba) --with-smb-idmap-interface-version=6 $(multilib_native_use_enable acl cifs-idmap-plugin) $(multilib_native_use_with selinux) $(multilib_native_use_with selinux semanage) - $(use_enable locator krb5-locator-plugin) - $(use_enable pac pac-responder) + --enable-krb5-locator-plugin + $(use_enable samba pac-responder) $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) $(use_enable nls) $(multilib_native_use_with netlink libnl) @@ -164,8 +206,10 @@ multilib_src_configure() { $(multilib_native_use_with sudo) $(multilib_native_with autofs) $(multilib_native_with ssh) + --without-oidc-child + --without-passkey + $(use_with subid) $(use_enable systemtap) - $(use_enable valgrind) --without-python2-bindings $(multilib_native_use_with python python3-bindings) # Annoyingly configure requires that you pick systemd XOR sysv @@ -182,9 +226,9 @@ multilib_src_configure() { {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' # ldb headers are fine since native needs it # ldb lib fails... but it does not seem to bother - {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' ' - {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' ' - {NDR_NBT,SMBCLIENT,NDR_KRB5PAC}_{CFLAGS,LIBS}=' ' + {DHASH,UNISTRING,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' ' + {PCRE,CARES,SYSTEMD_LOGIN,SASL,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' ' + {NDR_NBT,SAMBA_UTIL,SMBCLIENT,NDR_KRB5PAC,JANSSON}_{CFLAGS,LIBS}=' ' # use native include path for dbus (needed for build) DBUS_CFLAGS="${native_dbus_cflags}" @@ -192,6 +236,7 @@ multilib_src_configure() { # non-pkgconfig checks ac_cv_lib_ldap_ldap_search=yes --without-kcm + --without-manpages ) fi @@ -202,13 +247,10 @@ multilib_src_compile() { if multilib_is_native_abi; then default use doc && emake docs - if use man || use nls; then - emake update-po - fi else - emake libnss_sss.la pam_sss.la - use locator && emake sssd_krb5_locator_plugin.la - use pac && emake sssd_pac_plugin.la + emake libnss_sss.la pam_sss.la pam_sss_gss.la + emake sssd_krb5_locator_plugin.la + use samba && emake sssd_pac_plugin.la fi } @@ -229,16 +271,15 @@ multilib_src_install() { else # easier than playing with automake... dopammod .libs/pam_sss.so + dopammod .libs/pam_sss_gss.so into / dolib.so .libs/libnss_sss.so* - if use locator; then - exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 - doexe .libs/sssd_krb5_locator_plugin.so - fi + exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 + doexe .libs/sssd_krb5_locator_plugin.so - if use pac; then + if use samba; then exeinto /usr/$(get_libdir)/krb5/plugins/authdata doexe .libs/sssd_pac_plugin.so fi @@ -271,7 +312,7 @@ multilib_src_install_all() { # strip empty dirs if ! use doc; then rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die - rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap,sss_simpleifp}_doc || die + rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap}_doc || die fi rm -r "${ED}"/run || die @@ -281,6 +322,6 @@ multilib_src_install_all() { pkg_postinst() { elog "You must set up sssd.conf (default installed into /etc/sssd)" elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in https://sssd.io/docs/design_pages/smartcard_authentication_require.html" + elog "features." optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli } diff --git a/sys-auth/yubico-piv-tool/Manifest b/sys-auth/yubico-piv-tool/Manifest index 6ed18642fc2e..af1e0303fc16 100644 --- a/sys-auth/yubico-piv-tool/Manifest +++ b/sys-auth/yubico-piv-tool/Manifest @@ -1 +1,2 @@ -DIST yubico-piv-tool-2.3.0.tar.gz 1329085 BLAKE2B b084982139012b4993a023078fd8ce7c106cb5c1e71475f26398012b86fc65e985a7c51300b3b122884e35327293737ed48b31bfdc83326dda9c9c05f2eb984d SHA512 72125df922e32322563e95286e04d19e56db9c6e66ae9003ae7dfffac47425b8b2bc7c71ecfa603f96f3a24c985fca1f436580dc579ff44196dcde7aeceee7f3 +DIST yubico-piv-tool-2.3.1.tar.gz 1315267 BLAKE2B 9b7d96129f3cab4fd68d18d0bbbf8dfa5fdda383ffb8099f898e23c99d0f1caf387a26cb9d01582521a070b93bac941b8a10faac736137cb72c86fbf5c95d2f8 SHA512 44cd9c482f2a2942d10a238ac2cb2d40df7cd11ddc27d6df88912512e956746b5634018b421d5cc4b947e4c36f9841898d5a08eb613bf22558089103dab95988 +DIST yubico-piv-tool-2.4.2.tar.gz 1332497 BLAKE2B ba08b19fe4659842fdfad06d662120a9d2858e25a56d56f63edc88e607c5b56a79f5ca90826fb8b78295e218ff1a728a168d04f330b7f640a9f3e804528320ed SHA512 032a91c9ac50cb5604a56ec0d0a84cf64bfff5440930a1643bddcd15cf02fc44d33d949286b2595eb4c196cb31050c13f507b32f3156d4600fdad46057b65b56 diff --git a/sys-auth/yubico-piv-tool/yubico-piv-tool-2.3.0.ebuild b/sys-auth/yubico-piv-tool/yubico-piv-tool-2.3.1.ebuild index 10e8ccb2e7eb..1145a5ac9a67 100644 --- a/sys-auth/yubico-piv-tool/yubico-piv-tool-2.3.0.ebuild +++ b/sys-auth/yubico-piv-tool/yubico-piv-tool-2.3.1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -11,7 +11,7 @@ SRC_URI="https://developers.yubico.com/${PN}/Releases/${P}.tar.gz" LICENSE="BSD-2" SLOT="0/2" -KEYWORDS="amd64 ~riscv" +KEYWORDS="amd64 ~arm64 ~riscv" IUSE="test" RESTRICT="!test? ( test )" diff --git a/sys-auth/yubico-piv-tool/yubico-piv-tool-2.4.2.ebuild b/sys-auth/yubico-piv-tool/yubico-piv-tool-2.4.2.ebuild new file mode 100644 index 000000000000..6e1c0cfda2c5 --- /dev/null +++ b/sys-auth/yubico-piv-tool/yubico-piv-tool-2.4.2.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit cmake + +DESCRIPTION="Command-line tool and p11-kit module for the YubiKey PIV application" +HOMEPAGE="https://developers.yubico.com/yubico-piv-tool/ https://github.com/Yubico/yubico-piv-tool" +SRC_URI="https://developers.yubico.com/${PN}/Releases/${P}.tar.gz" + +LICENSE="BSD-2" +SLOT="0/2" +KEYWORDS="~amd64 ~arm64 ~riscv" +IUSE="test" + +RESTRICT="!test? ( test )" + +RDEPEND="sys-apps/pcsc-lite + dev-libs/openssl:=[-bindist(-)]" +DEPEND="${RDEPEND} + test? ( dev-libs/check )" +BDEPEND="dev-util/gengetopt + sys-apps/help2man + virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}"/${PN}-2.1.1-tests-optional.patch + "${FILESDIR}"/${PN}-2.1.1-ykcs11-threads.patch + "${FILESDIR}"/${PN}-2.3.0-no-Werror.patch +) + +src_configure() { + local mycmakeargs=( + -DBUILD_STATIC_LIB=OFF + -DBUILD_TESTING=$(usex test) + ) + cmake_src_configure +} + +src_install() { + cmake_src_install + + echo "module: ${EPREFIX}/usr/$(get_libdir)/libykcs11.so" > ${PN}.module \ + || die "Failed to generate p11-kit module configuration" + insinto /usr/share/p11-kit/modules + doins ${PN}.module +} diff --git a/sys-auth/yubikey-personalization-gui/yubikey-personalization-gui-3.1.25.ebuild b/sys-auth/yubikey-personalization-gui/yubikey-personalization-gui-3.1.25.ebuild index cefccbf1a2e9..1820a3871654 100644 --- a/sys-auth/yubikey-personalization-gui/yubikey-personalization-gui-3.1.25.ebuild +++ b/sys-auth/yubikey-personalization-gui/yubikey-personalization-gui-3.1.25.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -11,7 +11,7 @@ SRC_URI="https://github.com/Yubico/yubikey-personalization-gui/archive/${P}.tar. LICENSE="BSD-2" SLOT="0" -KEYWORDS="amd64" +KEYWORDS="amd64 ~arm64" IUSE="debug test" RESTRICT="!test? ( test )" |