New revision depending on virtual/pam and using include syntax. Fixes OpenPAM and AMD64 compatibility.

Package-Manager: portage-2.0.51.22-r1

12 files changed, 397 insertions, 21 deletions

diff --git a/sys-apps/shadow/ChangeLog b/sys-apps/shadow/ChangeLog
index 154bd79d4f74..736085a7ca95 100644
--- a/sys-apps/shadow/ChangeLog
+++ b/sys-apps/shadow/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for sys-apps/shadow
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.101 2005/05/30 02:43:14 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.102 2005/06/03 18:02:25 flameeyes Exp $
+
+*shadow-4.0.7-r2 (03 Jun 2005)
+
+  03 Jun 2005; Diego Pettenò <flameeyes@gentoo.org>
+  +files/pam.d-include/system-auth-1.1, +files/pam.d-include/login,
+  +files/pam.d-include/other, +files/pam.d-include/passwd,
+  +files/pam.d-include/shadow, +files/pam.d-include/su,
+  +files/pam.d-include/su-openpam, +files/pam.d-include/system-auth,
+  +shadow-4.0.7-r2.ebuild:
+  New revision depending on virtual/pam and using include syntax. Fixes
+  OpenPAM and AMD64 compatibility.
 
   29 May 2005; <solar@gentoo.org> shadow-4.0.4.1-r4.ebuild:
   - update sys-apps/shadow to use libc expanded variable elibc_uclibc vs uclibc
diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest
index 2904f1dfc57b..55f767bab7ec 100644
--- a/sys-apps/shadow/Manifest
+++ b/sys-apps/shadow/Manifest
@@ -1,44 +1,64 @@
-MD5 405bee1d6ae655f3eac18a269d0bfe3c ChangeLog 18719
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+MD5 cfb9a54b5ce55382419ca831326da056 ChangeLog 19195
 MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164
 MD5 db870979ea0f600d0bd8137520e2251a shadow-4.0.4.1-r4.ebuild 5961
-MD5 a51d02eb155feb33913816239bb3cf57 shadow-4.0.7.ebuild 5602
 MD5 fad39eceb7fd04f2805c6acc16c59d57 shadow-4.0.5-r2.ebuild 5440
 MD5 a5ff413fb8140bced49067f81ef73cbb shadow-4.0.5-r3.ebuild 5515
 MD5 06049e2959c62c88aee32422a37bf07f shadow-4.0.6-r1.ebuild 5641
 MD5 ac3c5c29460f248d06d4ef83c96ca912 shadow-4.0.7-r1.ebuild 6602
+MD5 a51d02eb155feb33913816239bb3cf57 shadow-4.0.7.ebuild 5602
+MD5 969267a499da1158e3d9c021d8ca41c0 shadow-4.0.7-r2.ebuild 6820
 MD5 cef6788bc7c8c5468c1b1f68df77ed9e files/digest-shadow-4.0.4.1-r4 67
+MD5 d8b8542a7bc013011a293732ca504a50 files/digest-shadow-4.0.5-r2 66
+MD5 d8b8542a7bc013011a293732ca504a50 files/digest-shadow-4.0.5-r3 66
+MD5 e9ac6a566b65499773437ce98911a046 files/digest-shadow-4.0.6-r1 66
+MD5 46c2be2ed8b26ec007e3ed1f476491d8 files/digest-shadow-4.0.7 66
+MD5 46c2be2ed8b26ec007e3ed1f476491d8 files/digest-shadow-4.0.7-r1 66
 MD5 47fdb47d3025548f36d37a93c13aef4f files/securetty 248
-MD5 058f760e522ab65e270293003805fe61 files/shadow-4.0.4.1-userdel-missing-brackets.patch 380
+MD5 b8efca60a25e256eebe54c3d0db0760f files/shadow-4.0.4.1-gcc34-xmalloc.patch 361
 MD5 a99f871c88548d503bad935d2aa6f412 files/shadow-4.0.4.1-nls-manpages.patch 355
-MD5 46c2be2ed8b26ec007e3ed1f476491d8 files/digest-shadow-4.0.7 66
-MD5 c31db5c71b0cdfca75346abc2887aa02 files/shadow-4.0.5-nls-manpages.patch 362
-MD5 90e2ab53494f677dc23b5137d6e39110 files/shadow-4.0.6-fix-configure.patch 3047
-MD5 636f233fa173a998195016c3808173d4 files/shadow-4.0.5-skey.patch 395
-MD5 e9ac6a566b65499773437ce98911a046 files/digest-shadow-4.0.6-r1 66
+MD5 020e030c2d09b206e88cf9051ced6244 files/shadow-4.0.4.1-nonis.patch 1504
+MD5 7becc41b4f7264483ee3ff0ca8277084 files/shadow-4.0.4.1-passwd-typo.patch 438
 MD5 aaf16ddabef285df169e37254b13561c files/shadow-4.0.4.1-selinux.diff 4296
 MD5 201f1321262da41ccd1a0283216ae9a7 files/shadow-4.0.4.1-su-pam_open_session.patch 4886
 MD5 bb55107c3a9354ef2d1977547fdb5a83 files/shadow-4.0.4.1-useradd-manpage-update.patch 958
-MD5 7becc41b4f7264483ee3ff0ca8277084 files/shadow-4.0.4.1-passwd-typo.patch 438
-MD5 b8efca60a25e256eebe54c3d0db0760f files/shadow-4.0.4.1-gcc34-xmalloc.patch 361
-MD5 391991f50203bd8b7738474051befdee files/shadow-4.0.5-remove-else.patch 531
-MD5 020e030c2d09b206e88cf9051ced6244 files/shadow-4.0.4.1-nonis.patch 1504
-MD5 20fd2dc35b8671b91e120b90281b4cf3 files/shadow-4.0.5-hack-X-envvars.patch 521
-MD5 d8b8542a7bc013011a293732ca504a50 files/digest-shadow-4.0.5-r2 66
-MD5 d14e133da535d64d1b397784e17c213a files/shadow-4.0.5-login.defs.patch 766
-MD5 d8b8542a7bc013011a293732ca504a50 files/digest-shadow-4.0.5-r3 66
+MD5 058f760e522ab65e270293003805fe61 files/shadow-4.0.4.1-userdel-missing-brackets.patch 380
 MD5 c5e9081ed43837797e2f1617b7ce1c24 files/shadow-4.0.5-fix-adding-of-pam_env-set-env-vars.patch 285
 MD5 fda41657b856ffaeec5a2734b312409b files/shadow-4.0.5-fix-mail-configure.patch 5452
-MD5 d15398f7d8c06b906abdf73ae3a55f54 files/shadow-4.0.6-manpages.patch 564
+MD5 20fd2dc35b8671b91e120b90281b4cf3 files/shadow-4.0.5-hack-X-envvars.patch 521
+MD5 d14e133da535d64d1b397784e17c213a files/shadow-4.0.5-login.defs.patch 766
+MD5 c31db5c71b0cdfca75346abc2887aa02 files/shadow-4.0.5-nls-manpages.patch 362
+MD5 391991f50203bd8b7738474051befdee files/shadow-4.0.5-remove-else.patch 531
+MD5 636f233fa173a998195016c3808173d4 files/shadow-4.0.5-skey.patch 395
 MD5 b4d0fc0f54800978591791493d6b2ec3 files/shadow-4.0.6-dots-in-usernames.patch 1993
+MD5 90e2ab53494f677dc23b5137d6e39110 files/shadow-4.0.6-fix-configure.patch 3047
 MD5 8bf11ce0e8ee683fe290462473871dab files/shadow-4.0.6-long-groupnames.patch 1625
-MD5 46c2be2ed8b26ec007e3ed1f476491d8 files/digest-shadow-4.0.7-r1 66
-MD5 a63ee37286c486567191c7c6b24432e2 files/shadow-4.0.7-lastlog.patch 455
+MD5 d15398f7d8c06b906abdf73ae3a55f54 files/shadow-4.0.6-manpages.patch 564
 MD5 d06833980d79d4f001b6064a3f52f938 files/shadow-4.0.7-iswheel.patch 416
+MD5 a63ee37286c486567191c7c6b24432e2 files/shadow-4.0.7-lastlog.patch 455
+MD5 46c2be2ed8b26ec007e3ed1f476491d8 files/digest-shadow-4.0.7-r2 66
 MD5 6e0bc0211949c624da0ea08d994a7038 files/default/useradd 96
-MD5 51b0337bd261f6ed5e53af5dc196431a files/pam.d/system-auth 499
 MD5 a5311bbc9c1fc378a6b0bfb3ca1b2394 files/pam.d/login 431
 MD5 344d17a865edc40adebe07797853c839 files/pam.d/other 198
 MD5 a1c7fb84c2dc309db86ba7b8d3dfae76 files/pam.d/passwd 214
 MD5 60d44a6f43aafcb9ca35858ab2534a49 files/pam.d/shadow 227
 MD5 942190363cb06bd4cf1b3acdcca6c513 files/pam.d/su 1296
+MD5 51b0337bd261f6ed5e53af5dc196431a files/pam.d/system-auth 499
 MD5 1baa646400c4a596290e9d4b9e1c09b2 files/pam.d/system-auth-1.1 491
+MD5 4b7d75b12f1bea9f349dff4c48c18b8b files/pam.d-include/login 245
+MD5 5bff4f2134b72dabc4afa5bb296e874d files/pam.d-include/other 142
+MD5 5df27e06de913de76e24790642eecfd2 files/pam.d-include/passwd 104
+MD5 50d7c96eab701fd6ddbf4b283e493b4c files/pam.d-include/shadow 152
+MD5 97b4f01b65fd3b8caa8983489e9b6848 files/pam.d-include/su 1059
+MD5 caa5f36d54cb7a75ce5728f7f1badafb files/pam.d-include/system-auth 380
+MD5 1baa646400c4a596290e9d4b9e1c09b2 files/pam.d-include/system-auth-1.1 491
+MD5 e3a7d5b7abee1ba6e7f09ee607da87ba files/pam.d-include/su-openpam 249
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (GNU/Linux)
+
+iD8DBQFCoJpLj5H05b2HAEkRAlnPAJ0ZEKLHqwWqbNVSdLGipIYJ4NcXNgCgiegK
+yh3kMI7CRpReRZNPzG0dQDA=
+=ghPc
+-----END PGP SIGNATURE-----
diff --git a/sys-apps/shadow/files/digest-shadow-4.0.7-r2 b/sys-apps/shadow/files/digest-shadow-4.0.7-r2
new file mode 100644
index 000000000000..57cfe54be85e
--- /dev/null
+++ b/sys-apps/shadow/files/digest-shadow-4.0.7-r2
@@ -0,0 +1 @@
+MD5 89ebec0d1c0d861a5bd5c4c63e5cb0cc shadow-4.0.7.tar.bz2 1019749
diff --git a/sys-apps/shadow/files/pam.d-include/login b/sys-apps/shadow/files/pam.d-include/login
new file mode 100644
index 000000000000..9d2167793cc5
--- /dev/null
+++ b/sys-apps/shadow/files/pam.d-include/login
@@ -0,0 +1,12 @@
+#%PAM-1.0
+
+auth       required	pam_securetty.so
+auth       include	system-auth
+auth       required	pam_nologin.so
+
+account    include	system-auth
+
+password   include	system-auth
+
+session    include	system-auth
+session    optional	pam_console.so
diff --git a/sys-apps/shadow/files/pam.d-include/other b/sys-apps/shadow/files/pam.d-include/other
new file mode 100644
index 000000000000..bb0b9647c076
--- /dev/null
+++ b/sys-apps/shadow/files/pam.d-include/other
@@ -0,0 +1,9 @@
+#%PAM-1.0
+
+auth       required	pam_deny.so
+
+account    required	pam_deny.so
+
+password   required	pam_deny.so
+
+session    required	pam_deny.so
diff --git a/sys-apps/shadow/files/pam.d-include/passwd b/sys-apps/shadow/files/pam.d-include/passwd
new file mode 100644
index 000000000000..3a9871522066
--- /dev/null
+++ b/sys-apps/shadow/files/pam.d-include/passwd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+
+auth       include	system-auth
+account    include	system-auth
+password   include	system-auth
diff --git a/sys-apps/shadow/files/pam.d-include/shadow b/sys-apps/shadow/files/pam.d-include/shadow
new file mode 100644
index 000000000000..743b2f0260d6
--- /dev/null
+++ b/sys-apps/shadow/files/pam.d-include/shadow
@@ -0,0 +1,8 @@
+#%PAM-1.0 
+
+auth       sufficient	pam_rootok.so
+auth       required		pam_permit.so
+
+account    include		system-auth
+
+password   required		pam_permit.so
diff --git a/sys-apps/shadow/files/pam.d-include/su b/sys-apps/shadow/files/pam.d-include/su
new file mode 100644
index 000000000000..d15c7edfc5d9
--- /dev/null
+++ b/sys-apps/shadow/files/pam.d-include/su
@@ -0,0 +1,32 @@
+#%PAM-1.0
+
+auth       sufficient	pam_rootok.so
+
+# If you want to restrict users begin allowed to su even more,
+# create /etc/security/suauth.allow (or to that matter) that is only
+# writable by root, and add users that are allowed to su to that
+# file, one per line.
+#auth       required     pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow
+
+# Uncomment this to allow users in the wheel group to su without
+# entering a passwd.
+#auth       sufficient   pam_wheel.so use_uid trust
+
+# Alternatively to above, you can implement a list of users that do
+# not need to supply a passwd with a list.
+#auth       sufficient   pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass
+
+# Comment this to allow any user, even those not in the 'wheel'
+# group to su
+auth       required     pam_wheel.so use_uid
+
+auth       include		system-auth
+
+account    include		system-auth
+
+password   include		system-auth
+
+session    include		system-auth
+session    required     pam_env.so
+session    optional		pam_xauth.so
+
diff --git a/sys-apps/shadow/files/pam.d-include/su-openpam b/sys-apps/shadow/files/pam.d-include/su-openpam
new file mode 100644
index 000000000000..e9ec7d3dd295
--- /dev/null
+++ b/sys-apps/shadow/files/pam.d-include/su-openpam
@@ -0,0 +1,14 @@
+#%PAM-1.0
+
+auth       sufficient	pam_rootok.so
+
+auth       include		system-auth
+
+account    include		system-auth
+
+password   include		system-auth
+
+session    include		system-auth
+session    required     pam_env.so
+session    optional		pam_xauth.so
+
diff --git a/sys-apps/shadow/files/pam.d-include/system-auth b/sys-apps/shadow/files/pam.d-include/system-auth
new file mode 100644
index 000000000000..b7c37afdad1f
--- /dev/null
+++ b/sys-apps/shadow/files/pam.d-include/system-auth
@@ -0,0 +1,14 @@
+#%PAM-1.0
+
+auth       required		pam_env.so
+auth       sufficient	pam_unix.so likeauth nullok nodelay
+auth       required		pam_deny.so
+
+account    required		pam_unix.so
+
+password   required		pam_cracklib.so retry=3
+password   sufficient	pam_unix.so nullok md5 shadow use_authtok
+password   required		pam_deny.so
+
+session    required		pam_limits.so
+session    required		pam_unix.so
diff --git a/sys-apps/shadow/files/pam.d-include/system-auth-1.1 b/sys-apps/shadow/files/pam.d-include/system-auth-1.1
new file mode 100644
index 000000000000..795f0fe723f0
--- /dev/null
+++ b/sys-apps/shadow/files/pam.d-include/system-auth-1.1
@@ -0,0 +1,14 @@
+#%PAM-1.0
+
+auth       required	/lib/security/pam_env.so
+auth       sufficient	/lib/security/pam_unix.so likeauth nullok
+auth       required	/lib/security/pam_deny.so
+
+account    required	/lib/security/pam_unix.so
+
+password   required	/lib/security/pam_cracklib.so retry=3
+password   sufficient	/lib/security/pam_unix.so nullok md5 shadow use_authtok
+password   required	/lib/security/pam_deny.so
+
+session    required	/lib/security/pam_limits.so
+session    required	/lib/security/pam_unix.so
diff --git a/sys-apps/shadow/shadow-4.0.7-r2.ebuild b/sys-apps/shadow/shadow-4.0.7-r2.ebuild
new file mode 100644
index 000000000000..658c0162d3db
--- /dev/null
+++ b/sys-apps/shadow/shadow-4.0.7-r2.ebuild
@@ -0,0 +1,236 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.7-r2.ebuild,v 1.1 2005/06/03 18:02:25 flameeyes Exp $
+
+inherit eutils libtool flag-o-matic
+
+# We should remove this login after pam-0.78 goes stable.
+FORCE_SYSTEMAUTH_UPDATE="no"
+
+DESCRIPTION="Utilities to deal with user accounts"
+HOMEPAGE="http://shadow.pld.org.pl/"
+SRC_URI="ftp://ftp.pld.org.pl/software/shadow/${P}.tar.bz2"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="pam selinux nls skey"
+
+RDEPEND=">=sys-libs/cracklib-2.7-r3
+	pam? ( virtual/pam )
+	!pam? ( !sys-apps/pam-login )
+	skey? ( app-admin/skey )
+	selinux? ( sys-libs/libselinux )"
+DEPEND="${RDEPEND}
+	>=sys-apps/portage-2.0.51-r2
+	nls? ( sys-devel/gettext )"
+# We moved /etc/pam.d/login to pam-login
+PDEPEND="pam? ( >=sys-apps/pam-login-3.17 )"
+
+pkg_preinst() {
+	rm -f ${ROOT}/etc/pam.d/system-auth.new
+}
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+
+	# uclibc support, corrects NIS usage
+	epatch ${FILESDIR}/shadow-4.0.4.1-nonis.patch
+
+	# If su should not simulate a login shell, use '/bin/sh' as shell to enable
+	# running of commands as user with /bin/false as shell, closing bug #15015.
+	# *** This one could be a security hole; disable for now ***
+	#epatch ${FILESDIR}/${P}-nologin-run-sh.patch
+
+	# don't install manpages if USE=-nls
+	epatch ${FILESDIR}/shadow-4.0.5-nls-manpages.patch
+
+	# tweak the default login.defs
+	epatch ${FILESDIR}/shadow-4.0.5-login.defs.patch
+
+	# skeychallenge call needs updating #69741
+	epatch ${FILESDIR}/shadow-4.0.5-skey.patch
+
+	# The new configure changes do not detect utmp/logdir properly
+	epatch ${FILESDIR}/shadow-4.0.6-fix-configure.patch
+
+	# Tweak manpages #70880
+	epatch ${FILESDIR}/shadow-4.0.6-manpages.patch
+
+	# Fix SU_WHEEL_ONLY behavior #80345
+	epatch ${FILESDIR}/${P}-iswheel.patch
+
+	# Fix lastlog not logged for tty's
+	epatch ${FILESDIR}/${P}-lastlog.patch
+
+	# Make user/group names more flexible #3485 / #22920
+	epatch "${FILESDIR}"/shadow-4.0.6-dots-in-usernames.patch
+	epatch "${FILESDIR}"/shadow-4.0.6-long-groupnames.patch
+
+	# Newer glibc's have a different nscd socket location #74395
+	sed -i \
+		-e '/_PATH_NSCDSOCKET/s:/var/run/.nscd_socket:/var/run/nscd/socket:' \
+		lib/nscd.c || die "sed nscd socket"
+
+	elibtoolize
+	epunt_cxx
+}
+
+src_compile() {
+	append-ldflags -Wl,-z,now
+	[[ ${CTARGET:-${CHOST}} != ${CHOST} ]] \
+		&& export ac_cv_func_setpgrp_void=yes
+	econf \
+		--disable-desrpc \
+		--with-libcrypt \
+		--with-libcrack \
+		--enable-shared=no \
+		--enable-static=yes \
+		$(use_with pam libpam) \
+		$(use_with skey libskey) \
+		$(use_with selinux) \
+		$(use_enable nls) \
+		|| die "bad configure"
+	emake || die "compile problem"
+}
+
+src_install() {
+	make DESTDIR=${D} install || die "install problem"
+	dosym useradd /usr/sbin/adduser
+
+	# lock down setuid perms #47208
+	fperms go-r /bin/su /usr/bin/ch{fn,sh,age} \
+		/usr/bin/{expiry,newgrp,passwd,gpasswd} || die "fperms"
+
+	# Remove libshadow and libmisc; see bug 37725 and the following
+	# comment from shadow's README.linux:
+	#   Currently, libshadow.a is for internal use only, so if you see
+	#   -lshadow in a Makefile of some other package, it is safe to
+	#   remove it.
+	rm -f ${D}/lib/lib{misc,shadow}.{a,la}
+
+	if use pam; then
+		# These is now shipped with pam-login, and login
+		# had/have a serious root exploit with pam support
+		# enabled.
+		for x in ${D}/bin/login \
+		         ${D}/usr/bin/faillog ${D}/usr/bin/lastlog \
+		         ${D}/usr/share/man/man5/faillog.5* \
+		         ${D}/usr/share/man/man8/lastlog.8* \
+		         ${D}/usr/share/man/man8/faillog.8*; do
+				 [[ -f ${x} ]] && rm -f ${x}
+		done
+	fi
+
+	insinto /etc
+	# Using a securetty with devfs device names added
+	# (compat names kept for non-devfs compatibility)
+	insopts -m0600 ; doins ${FILESDIR}/securetty
+	insopts -m0600 ; doins etc/login.access
+	insopts -m0644 ; doins etc/limits
+
+	# needed for 'adduser -D'
+	insinto /etc/default
+	insopts -m0600
+	doins ${FILESDIR}/default/useradd
+
+	# move passwd to / to help recover broke systems #64441
+	mv ${D}/usr/bin/passwd ${D}/bin/
+	dosym /bin/passwd /usr/bin/passwd
+
+	if use pam ; then
+		local INSTALL_SYSTEM_PAMD="yes"
+
+		# Do not install below pam.d files if we have pam-0.78 or later
+		portageq has_version / '>=sys-libs/pam-0.78' && \
+			INSTALL_SYSTEM_PAMD="no"
+
+		for x in ${FILESDIR}/pam.d-include/*; do
+			case "${x##*/}" in
+				"login")
+					# We do no longer install this one, as its from
+					# pam-login now.
+					;;
+				"system-auth"|"system-auth-1.1"|"other")
+					# These we only install if we do not have pam-0.78
+					# or later.
+					[ "${INSTALL_SYSTEM_PAMD}" = "yes" ] && [ -f ${x} ] && \
+						dopamd ${x}
+					;;
+				"su")
+					# Disable support for pam_env and pam_wheel on openpam
+					has_version sys-libs/pam && dopamd ${x}
+					;;
+				"su-openpam")
+					has_version sys-libs/openpam && newpamd ${x} su
+					;;
+				*)
+					[ -f ${x} ] && dopamd ${x}
+					;;
+			esac
+		done
+		for x in chage chsh chfn chpasswd newusers \
+		         user{add,del,mod} group{add,del,mod} ; do
+			newpamd ${FILESDIR}/pam.d-include/shadow ${x}
+		done
+
+		# Only add this one if needed.
+		if [ "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ]; then
+			newpamd ${FILESDIR}/pam.d-include/system-auth-1.1 system-auth.new || \
+				die "Failed to install system-auth.new!"
+		fi
+
+		# remove manpages that pam will install for us
+		# and/or don't apply when using pam
+
+		find ${D}/usr/share/man \
+			'(' -name 'login.1' -o -name 'suauth.5' ')' \
+			-exec rm {} \;
+	else
+		insinto /etc
+		insopts -m0644
+		newins etc/login.defs.linux login.defs
+	fi
+
+	# Remove manpages that are handled by other packages
+	find ${D}/usr/share/man \
+		'(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
+		-exec rm {} \;
+
+	cd ${S}/doc
+	dodoc INSTALL README WISHLIST
+	docinto txt
+	dodoc HOWTO LSM README.* *.txt
+
+	# ttyB0 is the PDC software console
+	if [ "${ARCH}" = "hppa" ]; then
+		echo "ttyB0" >> ${D}/etc/securetty
+	fi
+}
+
+pkg_postinst() {
+	use pam || return 0;
+
+	if [ "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ]; then
+		local CHECK1="$(md5sum ${ROOT}/etc/pam.d/system-auth | cut -d ' ' -f 1)"
+		local CHECK2="$(md5sum ${ROOT}/etc/pam.d/system-auth.new | cut -d ' ' -f 1)"
+
+		if [ "${CHECK1}" != "${CHECK2}" ]; then
+			ewarn "Due to a security issue, ${ROOT}etc/pam.d/system-auth "
+			ewarn "is being updated automatically. Your old "
+			ewarn "system-auth will be backed up as:"
+			ewarn
+			ewarn "  ${ROOT}etc/pam.d/system-auth.bak"
+			echo
+
+			cp -a ${ROOT}/etc/pam.d/system-auth \
+				${ROOT}/etc/pam.d/system-auth.bak;
+			mv -f ${ROOT}/etc/pam.d/system-auth.new \
+				${ROOT}/etc/pam.d/system-auth
+			rm -f ${ROOT}/etc/pam.d/._cfg????_system-auth
+		else
+			rm -f ${ROOT}/etc/pam.d/system-auth.new
+		fi
+	fi
+}