From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1782042-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 6C5D71581FD
	for <garchives@archives.gentoo.org>; Sat, 06 Sep 2025 20:57:11 +0000 (UTC)
Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(No client certificate requested)
	(Authenticated sender: relay-lists.gentoo.org@gentoo.org)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 4FBCA340D91
	for <garchives@archives.gentoo.org>; Sat, 06 Sep 2025 20:57:11 +0000 (UTC)
Received: from bobolink.gentoo.org (localhost [127.0.0.1])
	by bobolink.gentoo.org (Postfix) with ESMTP id 413C41103BA;
	Sat, 06 Sep 2025 20:57:10 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(No client certificate requested)
	by bobolink.gentoo.org (Postfix) with ESMTPS id 366321103BA
	for <gentoo-commits@lists.gentoo.org>; Sat, 06 Sep 2025 20:57:10 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id D973C340D91
	for <gentoo-commits@lists.gentoo.org>; Sat, 06 Sep 2025 20:57:09 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 7EB1E38C4
	for <gentoo-commits@lists.gentoo.org>; Sat, 06 Sep 2025 20:57:08 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1757192128.e9ab218a16d07af32c94e5917c51c70537622a94.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-auth/pambase/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sys-auth/pambase/Manifest sys-auth/pambase/pambase-20250906.ebuild
X-VCS-Directories: sys-auth/pambase/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: e9ab218a16d07af32c94e5917c51c70537622a94
X-VCS-Branch: master
Date: Sat, 06 Sep 2025 20:57:08 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: aece3420-9c07-4f7c-ba71-d020c2166012
X-Archives-Hash: affeba88b6ae2341d71b14ba6bc69901

commit:     e9ab218a16d07af32c94e5917c51c70537622a94
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  6 20:55:28 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Sep  6 20:55:28 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9ab218a

sys-auth/pambase: add 20250906

Sam James (3):
      Add pam_gnome_keybase to auth, session stacks too
      Keep pam_gnome_keyring in passwd too
      Run pam_mktemp then pam_env

Closes: https://bugs.gentoo.org/780441
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-auth/pambase/Manifest                |   1 +
 sys-auth/pambase/pambase-20250906.ebuild | 129 +++++++++++++++++++++++++++++++
 2 files changed, 130 insertions(+)

diff --git a/sys-auth/pambase/Manifest b/sys-auth/pambase/Manifest
index 7168378e37d5..a4a3c71e4315 100644
--- a/sys-auth/pambase/Manifest
+++ b/sys-auth/pambase/Manifest
@@ -3,3 +3,4 @@ DIST pambase-20240128.tar.bz2 5131 BLAKE2B 0950fff720f3a9d761a82303eaa7b997bfac6
 DIST pambase-20250223.tar.bz2 5124 BLAKE2B ea89d43c93d85baafa1a6951ae80c6306c762ab0524f84de86ed4b6a1abc1056e85c6b1f13012615ce2db40e113ce51e17ddcd274d5f4f4f94a0ec9315318500 SHA512 ce31d08f3fa51879cddab158ffed3dc9929c37a56e7dc2f757f7e87e72076a75d10874cba2020f398a198c0156ffc4ecc2ec5d6d654ca36f135a4f1837094b57
 DIST pambase-20250228.tar.bz2 5144 BLAKE2B ab4c8e84cc21e25ac12b66a3d9943becb62d4f53c2f9c201c79f2a1f1f1320f4bad2b56a2a76924386d7dbe9656abf5a0bd92bbbedda23088a26128aa743e79f SHA512 e2ccbcd0c3e6f9fb035a2489a79bdfff5f12fe9393517d3b7ddb3bbd7a6a6e5b358663b1423166b0250931d50f608bb81a9f486fc53dbc7126b3980617387c94
 DIST pambase-20250826.tar.bz2 4925 BLAKE2B c6929aa506b94b9215bd2c686fd9965d6c3a77f36c7a2d114ca5b2c39a30e2209a84408ee855559837d54161e359723889b89bb9c048bb36b00c7156495968fc SHA512 c9bc07ac617891ddab6f2a8358b10899462d9b54fcc3642d222dd2402914f24225854103b6c581aa2041fb0feb0f94688e07aad10ab94c3a629b4cd2937bd785
+DIST pambase-20250906.tar.bz2 4972 BLAKE2B b65da13a265d5a3df1e84546a8f6e1447d7ea5a40fe4a44488691c4a182cf4b3d13d20ce85778f549d217ebf4b4511e71f5f285b34edf9e9e18bab50b0d22c82 SHA512 639d87169fafb0e44401104ade7dfaa7a5d6bd473d9e4e3c35a0fb87aaf73a383d406ee05944a3190750e55e59decd867ab3f773664f9fb787f40acc05826d1c

diff --git a/sys-auth/pambase/pambase-20250906.ebuild b/sys-auth/pambase/pambase-20250906.ebuild
new file mode 100644
index 000000000000..810cd47a7139
--- /dev/null
+++ b/sys-auth/pambase/pambase-20250906.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{11..13} )
+
+inherit edo pam python-any-r1 readme.gentoo-r1
+
+DESCRIPTION="PAM base configuration files"
+HOMEPAGE="https://github.com/gentoo/pambase"
+
+if [[ ${PV} == *9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="
+		https://anongit.gentoo.org/git/proj/pambase.git
+		https://github.com/gentoo/pambase.git
+	"
+else
+	SRC_URI="https://gitweb.gentoo.org/proj/pambase.git/snapshot/${P}.tar.bz2"
+
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+LICENSE="MIT"
+SLOT="0"
+IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 sssd systemd yescrypt"
+
+RESTRICT="binchecks"
+
+REQUIRED_USE="
+	?? ( elogind systemd )
+	?? ( passwdqc pwquality )
+	?? ( sha512 yescrypt )
+	pwhistory? ( || ( passwdqc pwquality ) )
+	homed? ( !pam_krb5 )
+	pam_krb5? ( !homed )
+"
+
+MIN_PAM_REQ=1.4.0
+
+RDEPEND="
+	>=sys-libs/pam-${MIN_PAM_REQ}
+	elogind? ( sys-auth/elogind[pam] )
+	gnome-keyring? ( gnome-base/gnome-keyring[pam] )
+	mktemp? ( sys-auth/pam_mktemp )
+	pam_krb5? (
+		>=sys-libs/pam-${MIN_PAM_REQ}
+		sys-auth/pam_krb5
+	)
+	caps? ( sys-libs/libcap[pam] )
+	pam_ssh? ( sys-auth/pam_ssh )
+	passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 )
+	pwquality? ( dev-libs/libpwquality[pam] )
+	selinux? ( sys-libs/pam[selinux] )
+	sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
+	homed? ( sys-apps/systemd[homed] )
+	systemd? ( sys-apps/systemd[pam] )
+	yescrypt? ( sys-libs/libxcrypt[system] )
+	sssd? ( sys-auth/sssd )
+"
+BDEPEND="
+	$(python_gen_any_dep '
+		dev-python/jinja2[${PYTHON_USEDEP}]
+	')
+"
+
+python_check_deps() {
+	python_has_version "dev-python/jinja2[${PYTHON_USEDEP}]"
+}
+
+src_configure() {
+	local crypt=md5
+	# TODO: sha256, blowfish, gost_yescrypt
+	use sha512 && crypt=sha512
+	use yescrypt && crypt=yescrypt
+
+	local pamargs=(
+		# Not all 'upstream' options are (currently) wired up
+		# in the ebuild.
+		#
+		# TODO: pam_shells
+		$(usev caps '--caps')
+		$(usev debug '--debug')
+		$(usev elogind '--elogind')
+		$(usev gnome-keyring '--gnome-keyring')
+		$(usev homed '--homed')
+		$(usev minimal '--minimal')
+		$(usev mktemp '--mktemp')
+		$(usev nullok '--nullok')
+		$(usev pam_krb5 '--krb5')
+		$(usev pam_ssh '--pam-ssh')
+		$(usev passwdqc '--passwdqc')
+		$(usev pwhistory '--pwhistory')
+		$(usev pwquality '--pwquality')
+		$(usev securetty '--securetty')
+		$(usev selinux '--selinux')
+		$(usex systemd '--systemd' '--openrc')
+		$(usev sssd '--sssd')
+
+		--encrypt=${crypt}
+	)
+
+	edo ${EPYTHON} ./${PN}.py "${pamargs[@]}"
+}
+
+src_test() { :; }
+
+src_install() {
+	local DOC_CONTENTS
+
+	if use passwdqc; then
+		DOC_CONTENTS="To amend the existing password policy please see the man 5 passwdqc.conf
+				page and then edit the /etc/security/passwdqc.conf file"
+	fi
+
+	if use pwquality; then
+		DOC_CONTENTS="To amend the existing password policy please see the man 5 pwquality.conf
+				page and then edit the /etc/security/pwquality.conf file"
+	fi
+
+	{ use passwdqc || use pwquality; } && readme.gentoo_create_doc
+
+	dopamd -r stack/.
+}
+
+pkg_postinst() {
+	{ use passwdqc || use pwquality; } && readme.gentoo_print_elog
+}