From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1197083-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by finch.gentoo.org (Postfix) with ESMTPS id BD6A4138359
for <garchives@archives.gentoo.org>; Mon, 17 Aug 2020 07:33:23 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id DD75BE084E;
Mon, 17 Aug 2020 07:33:22 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id B308EE084E
for <gentoo-commits@lists.gentoo.org>; Mon, 17 Aug 2020 07:33:22 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id 3698F34F1FF
for <gentoo-commits@lists.gentoo.org>; Mon, 17 Aug 2020 07:33:20 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
by oystercatcher.gentoo.org (Postfix) with ESMTP id 923B92EE
for <gentoo-commits@lists.gentoo.org>; Mon, 17 Aug 2020 07:33:18 +0000 (UTC)
From: "Mikle Kolyada" <zlogene@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Mikle Kolyada" <zlogene@gentoo.org>
Message-ID: <1597649439.ed4f15348fa950b02016154790bb6d180cccf5f9.zlogene@gentoo>
Subject: [gentoo-commits] proj/pambase:master commit in: /, templates/
X-VCS-Repository: proj/pambase
X-VCS-Files: pambase.py templates/passwd.tpl
X-VCS-Directories: / templates/
X-VCS-Committer: zlogene
X-VCS-Committer-Name: Mikle Kolyada
X-VCS-Revision: ed4f15348fa950b02016154790bb6d180cccf5f9
X-VCS-Branch: master
Date: Mon, 17 Aug 2020 07:33:18 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 673951c9-7436-4b5a-883e-e1ac0feac381
X-Archives-Hash: 008cafd01eff15f2f3c0d6f9a561209d
commit: ed4f15348fa950b02016154790bb6d180cccf5f9
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 17 07:30:39 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Mon Aug 17 07:30:39 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=ed4f1534
make pam_gnome_keyring optional
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
pambase.py | 143 ++++++++++++++++++++++++++-------------------------
templates/passwd.tpl | 5 +-
2 files changed, 76 insertions(+), 72 deletions(-)
diff --git a/pambase.py b/pambase.py
index 07e458d..83ee97c 100755
--- a/pambase.py
+++ b/pambase.py
@@ -6,96 +6,97 @@ import pathlib
def main():
- parser = argparse.ArgumentParser(description='basic Gentoo PAM configuration files')
- parser.add_argument('--libcap', action="store_true", help='enable pam_caps.so module')
- parser.add_argument('--passwdqc', action="store_true", help='enable pam_passwdqc.so module')
- parser.add_argument('--pwquality', action="store_true", help='enable pam_pwquality.so module')
- parser.add_argument('--elogind', action="store_true", help='enable pam_elogind.so module')
- parser.add_argument('--systemd', action="store_true", help='enable pam_systemd.so module')
- parser.add_argument('--selinux', action="store_true", help='enable pam_selinux.so module')
- parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module')
- parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module')
- parser.add_argument('--securetty', action="store_true", help='enable pam_securetty.so module')
- parser.add_argument('--sha512', action="store_true", help='enable sha512 option for pam_unix.so module')
- parser.add_argument('--krb5', action="store_true", help='enable pam_krb5.so module')
- parser.add_argument('--minimal', action="store_true", help='install minimalistic PAM stack')
- parser.add_argument('--debug', action="store_true", help='enable debug for selected modules')
- parser.add_argument('--nullok', action="store_true", help='enable nullok option for pam_unix.so module')
-
- parsed_args = parser.parse_args()
- processed = process_args(parsed_args)
-
- parse_templates(processed)
+ parser = argparse.ArgumentParser(description='basic Gentoo PAM configuration files')
+ parser.add_argument('--gnome-keyring', action="store_true", help='enable pam_gnome_keyring.so module')
+ parser.add_argument('--libcap', action="store_true", help='enable pam_caps.so module')
+ parser.add_argument('--passwdqc', action="store_true", help='enable pam_passwdqc.so module')
+ parser.add_argument('--pwquality', action="store_true", help='enable pam_pwquality.so module')
+ parser.add_argument('--elogind', action="store_true", help='enable pam_elogind.so module')
+ parser.add_argument('--systemd', action="store_true", help='enable pam_systemd.so module')
+ parser.add_argument('--selinux', action="store_true", help='enable pam_selinux.so module')
+ parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module')
+ parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module')
+ parser.add_argument('--securetty', action="store_true", help='enable pam_securetty.so module')
+ parser.add_argument('--sha512', action="store_true", help='enable sha512 option for pam_unix.so module')
+ parser.add_argument('--krb5', action="store_true", help='enable pam_krb5.so module')
+ parser.add_argument('--minimal', action="store_true", help='install minimalistic PAM stack')
+ parser.add_argument('--debug', action="store_true", help='enable debug for selected modules')
+ parser.add_argument('--nullok', action="store_true", help='enable nullok option for pam_unix.so module')
+
+ parsed_args = parser.parse_args()
+ processed = process_args(parsed_args)
+
+ parse_templates(processed)
def process_args(args):
- # make sure that output directory exists
- pathlib.Path("stack").mkdir(parents=True, exist_ok=True)
+ # make sure that output directory exists
+ pathlib.Path("stack").mkdir(parents=True, exist_ok=True)
- blank_variables = [
- "krb5_authtok",
- "unix_authtok",
- "unix_extended_encryption",
- "likeauth",
- "nullok"
- ]
+ blank_variables = [
+ "krb5_authtok",
+ "unix_authtok",
+ "unix_extended_encryption",
+ "likeauth",
+ "nullok"
+ ]
- # create a blank dictionary
- # then add in our parsed args
- output = dict.fromkeys(blank_variables, "")
- output.update(vars(args))
+ # create a blank dictionary
+ # then add in our parsed args
+ output = dict.fromkeys(blank_variables, "")
+ output.update(vars(args))
- # unconditional variables
- output["likeauth"] = "likeauth"
- output["unix_authtok"] = "use_authtok"
+ # unconditional variables
+ output["likeauth"] = "likeauth"
+ output["unix_authtok"] = "use_authtok"
- if args.debug:
- output["debug"] = "debug"
+ if args.debug:
+ output["debug"] = "debug"
- if args.nullok:
- output["nullok"] = "nullok"
+ if args.nullok:
+ output["nullok"] = "nullok"
- if args.krb5:
- output["krb5_params"] = "{0} ignore_root try_first_pass".format("debug").strip()
+ if args.krb5:
+ output["krb5_params"] = "{0} ignore_root try_first_pass".format("debug").strip()
- if args.sha512:
- output["unix_extended_encryption"] = "sha512 shadow"
- else:
- output["unix_extended_encryption"] = "md5 shadow"
+ if args.sha512:
+ output["unix_extended_encryption"] = "sha512 shadow"
+ else:
+ output["unix_extended_encryption"] = "md5 shadow"
- return output
+ return output
def parse_templates(processed_args):
- load = FileSystemLoader('')
- env = Environment(loader=load, trim_blocks=True, lstrip_blocks=True, keep_trailing_newline=True)
+ load = FileSystemLoader('')
+ env = Environment(loader=load, trim_blocks=True, lstrip_blocks=True, keep_trailing_newline=True)
- templates = [
- "login",
- "other",
- "passwd",
- "system-local-login",
- "system-remote-login",
- "su",
- "system-auth",
- "system-login",
- "system-services"
- ]
+ templates = [
+ "login",
+ "other",
+ "passwd",
+ "system-local-login",
+ "system-remote-login",
+ "su",
+ "system-auth",
+ "system-login",
+ "system-services"
+ ]
- for template_name in templates:
- template = env.get_template('templates/{0}.tpl'.format(template_name))
+ for template_name in templates:
+ template = env.get_template('templates/{0}.tpl'.format(template_name))
- with open('stack/{0}'.format(template_name), "w+") as output:
- rendered_template = template.render(processed_args)
+ with open('stack/{0}'.format(template_name), "w+") as output:
+ rendered_template = template.render(processed_args)
- # Strip all intermediate lines to not worry about appeasing Jinja
- lines = rendered_template.split("\n")
- lines = [line.strip() for line in lines if line]
- rendered_template = "\n".join(lines)
+ # Strip all intermediate lines to not worry about appeasing Jinja
+ lines = rendered_template.split("\n")
+ lines = [line.strip() for line in lines if line]
+ rendered_template = "\n".join(lines)
- if rendered_template:
- output.write(rendered_template + "\n")
+ if rendered_template:
+ output.write(rendered_template + "\n")
if __name__ == "__main__":
- main()
+ main()
diff --git a/templates/passwd.tpl b/templates/passwd.tpl
index 5f4f739..101a5fc 100644
--- a/templates/passwd.tpl
+++ b/templates/passwd.tpl
@@ -2,4 +2,7 @@ auth sufficient pam_rootok.so
auth include system-auth
account include system-auth
password include system-auth
--password optional pam_gnome_keyring.so {{ unix_authtok }}
+
+{% if gnome_keyring %}
+password optional pam_gnome_keyring.so {{ unix_authtok }}
+{% endif %}