PKGBUILD


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

# $Id$
# Maintainer: Tobias Powalowski <tpowa@archlinux.org>
# Contributor: judd <jvinet@zeroflux.org>
# SELinux Maintainer: Nicolas Iooss (nicolas <dot> iooss <at> m4x <dot> org)
# SELinux Contributor: Timothée Ravier <tim@siosm.fr>
# SELinux Contributor: Nicky726 <nicky726@gmail.com>

pkgname=pam-selinux
pkgver=1.2.1
pkgrel=1
pkgdesc="SELinux aware PAM (Pluggable Authentication Modules) library"
arch=('i686' 'x86_64')
license=('GPL2')
url="http://linux-pam.org"
depends=('glibc' 'cracklib' 'libtirpc' 'pambase-selinux' 'libselinux')
makedepends=('flex' 'w3m' 'docbook-xml>=4.4' 'docbook-xsl')
conflicts=("${pkgname/-selinux}" "selinux-${pkgname/-selinux}")
provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}"
          "selinux-${pkgname/-selinux}=${pkgver}-${pkgrel}")
backup=(etc/security/{access.conf,group.conf,limits.conf,namespace.conf,namespace.init,pam_env.conf,time.conf} etc/default/passwd etc/environment)
groups=('selinux')
source=(http://linux-pam.org/library/Linux-PAM-$pkgver.tar.bz2
        https://sources.archlinux.org/other/pam_unix2/pam_unix2-2.9.1.tar.bz2
        pam_unix2-glibc216.patch
        pam_unix2-rm_selinux_check_access.patch)
md5sums=('9dc53067556d2dd567808fd509519dd6'
         'da6a46e5f8cd3eaa7cbc4fc3a7e2b555'
         'dac109f68e04a4df37575fda6001ea17'
         '6a0a6bb6f6f249ef14f6b21ab9880916')

options=('!emptydirs')

prepare () {
  cd $srcdir/Linux-PAM-$pkgver

  # fix pam_unix2 building
  cd $srcdir/pam_unix2-2.9.1
  patch -Np1 -i "${srcdir}/pam_unix2-glibc216.patch"
  patch -Np1 -i "${srcdir}/pam_unix2-rm_selinux_check_access.patch"
}

build() {
  cd $srcdir/Linux-PAM-$pkgver
  ./configure --libdir=/usr/lib --sbindir=/usr/bin --disable-db \
              --enable-selinux
  make

  cd $srcdir/pam_unix2-2.9.1
  # modify flags to build against the pam compiled here, not a system lib.
  ./configure \
      CFLAGS="$CFLAGS -I$srcdir/Linux-PAM-$pkgver/libpam/include/" \
      LDFLAGS="$LDFLAGS -L$srcdir/Linux-PAM-$pkgver/libpam/.libs/" \
      --libdir=/usr/lib \
      --sbindir=/usr/bin
  make
}

package() {
  cd $srcdir/Linux-PAM-$pkgver
  make DESTDIR=$pkgdir SCONFIGDIR=/etc/security install

  # build pam_unix2 module
  # source ftp://ftp.suse.com/pub/people/kukuk/pam/pam_unix2
  cd $srcdir/pam_unix2-2.9.1
  make DESTDIR=$pkgdir install

  # add the realtime permissions for audio users
  sed -i 's|# End of file||' $pkgdir/etc/security/limits.conf
  cat >>$pkgdir/etc/security/limits.conf <<_EOT
*               -       rtprio          0
*               -       nice            0
@audio          -       rtprio          65
@audio          -       nice           -10
@audio          -       memlock         40000
_EOT

  # fix some missing symlinks from old pam for compatibility
  cd $pkgdir/usr/lib/security
  ln -s pam_unix.so pam_unix_acct.so
  ln -s pam_unix.so pam_unix_auth.so
  ln -s pam_unix.so pam_unix_passwd.so
  ln -s pam_unix.so pam_unix_session.so

  # set unix_chkpwd uid
  chmod +s $pkgdir/usr/bin/unix_chkpwd
  # remove doc which is not used anymore
  # FS #40749
  rm $pkgdir/usr/share/doc/Linux-PAM/sag-pam_userdb.html
}