sys-auth/pambase: Version bump (v20200917)

* swith pam_passwdqc and pam_pwquality to its config files
* add optional pam_pwhistory module

Package-Manager: Portage-3.0.4, Repoman-3.0.1
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>

3 files changed, 110 insertions, 5 deletions

diff --git a/sys-auth/pambase/Manifest b/sys-auth/pambase/Manifest
index 5d95b8277c13..0ced4f4d7b61 100644
--- a/sys-auth/pambase/Manifest
+++ b/sys-auth/pambase/Manifest
@@ -1,2 +1,3 @@
 DIST pambase-20200304.tar.gz 3466 BLAKE2B e4d406460d435403ed7a46d517f9006cacc54a94f5019a573c81b331731c88679ed6d388354b5946894bdfada556b4c73735c3f4de88fc7678cd831c68ab46c3 SHA512 c2a7f3fd143637fbdf5c0a3c58ba5a3c23c5e8adb1f057d02b4b9d64660435fc529031a0f710a9e5fc7091710f78dcb2f3e1ff48f033fb491ddd0399ef05b189
 DIST pambase-20200817.tar.gz 3340 BLAKE2B 76a9afbf29ab9ee6f7d25943de8c7c7bdd3413ade64d7a7623d5aec297cd864c1696a6442179d8d7c52f4df00644d80486e0dc61255454aa72b18eb9ae901ed8 SHA512 5448335da1437776f6097e591a1bd52dc62fb1847622c19077f14cdf8a677bc916f220903e4c6e924d43360fec0010a23b9cdf62aeba2a617ef6208eac2438eb
+DIST pambase-20200917.tar.gz 3342 BLAKE2B 4dde3a6a4a22f02464a2a703a2385038c53c05398904dc47431880a16d7dd1ba89c8f5fdf19a7d50406f2487f8bdf90264ca2941cc6a2ad9d404e89c3d73edca SHA512 0cae27f7cd7ef258771b61110ba3ce5a44a0f9d71030670b2a40aa47a609d30ae3e3d7bc0649dcce25a2cfe2e1259e6d9ff435118ab1d2db771a162898ab5143
diff --git a/sys-auth/pambase/metadata.xml b/sys-auth/pambase/metadata.xml
index bb8fe7281268..f64b16605601 100644
--- a/sys-auth/pambase/metadata.xml
+++ b/sys-auth/pambase/metadata.xml
@@ -39,6 +39,12 @@
 			or providing example passwords when changing your system password.
 			It is used by default by OpenWall GNU/*/Linux and by FreeBSD.
 		</flag>
+		<flag name="pwhistory">
+			Enable pam_pwhistory module on system auth stack to save
+			the last passwords for each user in order to force password
+			change history and keep the user from alternating between
+			the same password too frequently.
+		</flag>
 		<flag name="pwquality">
 			Enable pam_pwquality module on system auth stack for passwd
 			quality validation. It is used be dafault by Fedora GNU/*/Linux.
@@ -78,11 +84,10 @@
 		</flag>
 		<flag name="minimal">
 			Disables the standard PAM modules that provide extra information
-			to users on login; this includes pam_tally (and pam_tally2 for
-			Linux PAM 1.1 and later), pam_lastlog, pam_motd and other
-			similar modules. This might not be a good idea on a multi-user
-			system but could reduce slightly the overhead on single-user
-			non-networked systems.
+			to users on login; this includes pam_lastlog, pam_motd, pam_mail
+			and other similar modules. This might not be a good idea on 
+			a multi-user system but could reduce slightly the overhead on
+			single-user non-networked systems.
 		</flag>
 		<flag name="nullok">
 			Enable the nullok option with the pam_unix module. This allows
diff --git a/sys-auth/pambase/pambase-20200917.ebuild b/sys-auth/pambase/pambase-20200917.ebuild
new file mode 100644
index 000000000000..65f65bd07760
--- /dev/null
+++ b/sys-auth/pambase/pambase-20200917.ebuild
@@ -0,0 +1,99 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7..9} )
+
+inherit pam python-any-r1 readme.gentoo-r1
+
+DESCRIPTION="PAM base configuration files"
+HOMEPAGE="https://github.com/gentoo/pambase"
+SRC_URI="https://github.com/gentoo/pambase/archive/${P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="caps debug elogind gnome-keyring minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 systemd"
+
+RESTRICT="binchecks"
+
+REQUIRED_USE="
+	?? ( elogind systemd )
+	?? ( passwdqc pwquality )
+	pwhistory? ( || ( passwdqc pwquality ) )
+"
+
+MIN_PAM_REQ=1.4.0
+
+RDEPEND="
+	>=sys-libs/pam-${MIN_PAM_REQ}
+	elogind? ( sys-auth/elogind[pam] )
+	gnome-keyring? ( gnome-base/gnome-keyring[pam] )
+	mktemp? ( sys-auth/pam_mktemp )
+	pam_krb5? (
+		>=sys-libs/pam-${MIN_PAM_REQ}
+		sys-auth/pam_krb5
+	)
+	caps? ( sys-libs/libcap[pam] )
+	pam_ssh? ( sys-auth/pam_ssh )
+	passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 )
+	pwquality? ( dev-libs/libpwquality[pam] )
+	selinux? ( sys-libs/pam[selinux] )
+	sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
+	systemd? ( sys-apps/systemd[pam] )
+"
+
+BDEPEND="$(python_gen_any_dep '
+		dev-python/jinja[${PYTHON_USEDEP}]
+	')"
+
+python_check_deps() {
+	has_version -b "dev-python/jinja[${PYTHON_USEDEP}]"
+}
+
+S="${WORKDIR}/${PN}-${P}"
+
+src_configure() {
+	${EPYTHON} ./${PN}.py \
+	$(usex caps '--libcap' '') \
+	$(usex debug '--debug' '') \
+	$(usex elogind '--elogind' '') \
+	$(usex gnome-keyring '--gnome-keyring' '') \
+	$(usex minimal '--minimal' '') \
+	$(usex mktemp '--mktemp' '') \
+	$(usex nullok '--nullok' '') \
+	$(usex pam_krb5 '--krb5' '') \
+	$(usex pam_ssh '--pam-ssh' '') \
+	$(usex passwdqc '--passwdqc' '') \
+	$(usex pwhistory '--pwhistory' '') \
+	$(usex pwquality '--pwquality' '') \
+	$(usex securetty '--securetty' '') \
+	$(usex selinux '--selinux' '') \
+	$(usex sha512 '--sha512' '') \
+	$(usex systemd '--systemd' '')
+}
+
+src_test() { :; }
+
+src_install() {
+	local DOC_CONTENTS
+
+	if use passwdqc; then
+		DOC_CONTENTS="To amend the existing password policy please see the man 5 passwdqc.conf
+				page and then edit the /etc/security/passwdqc.conf file"
+	fi
+
+	if use pwquality; then
+		DOC_CONTENTS="To amend the existing password policy please see the man 5 pwquality.conf
+				page and then edit the /etc/security/pwquality.conf file"
+	fi
+
+	readme.gentoo_create_doc
+
+	dopamd -r stack/.
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+}