| # Copyright 1999-2015 Gentoo Foundation |
| # Distributed under the terms of the GNU General Public License v2 |
| # $Id$ |
| |
| EAPI=4 |
| |
| inherit multilib pam |
| |
| DESCRIPTION="PKCS#11 PAM library" |
| HOMEPAGE="https://github.com/opensc/pam_pkcs11/wiki" |
| SRC_URI="mirror://sourceforge/opensc/${PN}/${P}.tar.gz" |
| |
| LICENSE="LGPL-2.1" |
| SLOT="0" |
| KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
| IUSE="curl ldap nss +pcsc-lite" |
| |
| RDEPEND="sys-libs/pam |
| curl? ( net-misc/curl ) |
| ldap? ( net-nds/openldap ) |
| nss? ( |
| dev-libs/nss |
| curl? ( || ( net-misc/curl[-ssl] net-misc/curl[ssl,curl_ssl_nss] ) ) |
| ) |
| !nss? ( |
| dev-libs/openssl |
| curl? ( || ( net-misc/curl[-ssl] net-misc/curl[ssl,-curl_ssl_nss] ) ) |
| ) |
| pcsc-lite? ( sys-apps/pcsc-lite )" |
| DEPEND="${RDEPEND} |
| virtual/pkgconfig" |
| |
| src_prepare() { |
| # Fix the example files to be somewhat decent, and usable as |
| # default configuration |
| sed -i \ |
| -e '/try_first_pass/s:false:true:' \ |
| -e '/debug =/s:true:false:' \ |
| -e 's:\(/usr\|\${exec_prefix}\)/lib/:/usr/'$(get_libdir)/':g' \ |
| etc/pam_pkcs11.conf.example.in \ |
| etc/pkcs11_eventmgr.conf.example || die "sed failed" |
| } |
| |
| src_configure() { |
| econf \ |
| $(use_with curl) \ |
| $(use_with pcsc-lite pcsclite) \ |
| $(use_with ldap) \ |
| $(use_with nss) \ |
| --docdir=/usr/share/doc/${PF} \ |
| --htmldir=/usr/share/doc/${PF}/html \ |
| --disable-silent-rules |
| } |
| |
| src_install() { |
| emake DESTDIR="${D}" pamdir="$(getpam_mod_dir)" install |
| |
| # These are all dlopened plugins, so .la files are useless. |
| find "${D}" -name '*.la' -delete || die |
| |
| dodoc AUTHORS ChangeLog ChangeLog.svn NEWS README TODO doc/README.* |
| dohtml doc/api/* |
| |
| # Provide some basic configuration |
| keepdir /etc/pam_pkcs11{,/{cacerts,crl}} |
| |
| insinto /etc/pam_pkcs11 |
| newins etc/pam_pkcs11.conf.example pam_pkcs11.conf |
| newins etc/pkcs11_eventmgr.conf.example pkcs11_eventmgr.conf |
| } |
| |
| pkg_config() { |
| local dir |
| for dir in "${EROOT}"etc/${PN}/{cacerts,crl}; do |
| pushd "${dir}" > /dev/null |
| ebegin "Creating hash links in '${dir}'" |
| "${EROOT}usr/bin/pkcs11_make_hash_link" || die |
| eend $? |
| popd > /dev/null |
| done |
| } |
| |
| pkg_postinst() { |
| elog "For ${PN} to work you need a PKCS#11 provider, such as one of:" |
| elog " - dev-libs/opensc" |
| elog " - dev-libs/opencryptoki" |
| elog "" |
| elog "You probably want to configure the '${EROOT}etc/${PN}/${PN}.conf' file with" |
| elog "the settings for your pkcs11 provider." |
| elog "" |
| elog "You might also want to set up '${EROOT}etc/${PN}/pkcs11_eventmgr.conf' with" |
| elog "the settings for the event manager, and start it up at user login." |
| } |
| |
| # TODO list! |
| # |
| # - we need to find a way allow the user to choose whether to start the |
| # event manager at _all_ the logins, and if that's the case, lock all |
| # kind of sessions (terminal _and_ X); |
| # - upstream should probably migrate the configuration of the event |
| # manager on a per-user basis, since it makes little sense to be _all_ |
| # system-level configuration; |
| # - we should probably provide some better config support that ensures |
| # the configuration to be valid, as well as creating the symlinks; |
| # - we should probably add support for nss; |
| # - we should move the configuration in /etc/security as for the rest |
| # of PAM-related configuration. |