Re: [PR PATCH] [Updated] fscrypt: also include pam module in package

[ericonr <ericonr@users.noreply.github.com>]

[-- Attachment #1: Type: text/plain, Size: 2139 bytes --]

There is an updated pull request by ericonr against master on the void-packages repository

https://github.com/ericonr/void-packages master
https://github.com/void-linux/void-packages/pull/20272

fscrypt: also include pam module in package 
The previous build style used for fscrypt, go, meant that the fscrypt PAM module, pam_fscrypt.so, wasn't included in the package. This makes PAM integration impossible if the user doesn't compile and install the module themselves.

The /etc/pam.d/fscrypt config file, which is supposed to be created by packagers to allow fscrypt to use the login password, wasn't included in the package either.

The INSTALL.msg file was added to let users know they'd still need to configure some things if they wanted a fully integrated setup. This configuration information is currently held in the Arch Wiki, where it's formatted a bit better than it is in the projects's github page. I felt it disnecessary to repeat the steps in the message, but I can copy them if you feel it's necessary, or add them to the Void Documentation.

I feel this build script has a few hacks, so I wanted to post it here to see if you have any ideas about what can be done to fix it (or if it's ok as it is).

* I added `nostrip` because it didn't build with `nopie`, and then failed during one of the lints.
* `make_install_args`: I couldn't understand what was going on with the original Makefile, but it didn't work unless I had it exactly like this. Anything I tried with setting `DESTDIR` to something made the whole thing go up in flames.
* `make_install_target`: installing only the library avoids having to remove the binary from DESTDIR, because otherwise it appears in the wrong place. The binary is then copied manually in `post_install`.
 
I don't know what Void's instace on this is, but this isn't a reproducible build. I had noticed it when traipsing through the Makefile, where the buildtime is passed as a "define" to the toolchain. The PKGBUILD used by Arch also adds a patch to make the build reproducible.

A patch file from https://github.com/void-linux/void-packages/pull/20272.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-master-20272.patch --]
[-- Type: text/x-diff, Size: 2243 bytes --]

From 055569a70c9f6709ab54174c5b0061e33023c613 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89rico=20Rolim?= <erico.erc@gmail.com>
Date: Sun, 22 Mar 2020 01:33:15 -0300
Subject: [PATCH] fscrypt: update to 0.2.7 and include PAM module

The previous template used for fscrypt didn't include the fscrypt PAM
module, pam_fscrypt.so. This commit fixes this issue.

The /etc/pam.d/fscrypt config file, which is supposed to be created by
packagers to allow fscrypt to use the login password, wasn't included in
the package either. This commit also includes that file.
---
 srcpkgs/fscrypt/files/pam_config |  1 +
 srcpkgs/fscrypt/template         | 20 ++++++++++++++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)
 create mode 100644 srcpkgs/fscrypt/files/pam_config

diff --git a/srcpkgs/fscrypt/files/pam_config b/srcpkgs/fscrypt/files/pam_config
new file mode 100644
index 00000000000..7e5d75ae45d
--- /dev/null
+++ b/srcpkgs/fscrypt/files/pam_config
@@ -0,0 +1 @@
+auth required pam_unix.so
diff --git a/srcpkgs/fscrypt/template b/srcpkgs/fscrypt/template
index 2d81e8f4eee..23f8112dd6c 100644
--- a/srcpkgs/fscrypt/template
+++ b/srcpkgs/fscrypt/template
@@ -1,14 +1,30 @@
 # Template file for 'fscrypt'
 pkgname=fscrypt
-version=0.2.6
+version=0.2.7
 revision=1
 build_style=go
 go_import_path=github.com/google/fscrypt
 go_package="${go_import_path}/cmd/fscrypt"
+hostmakedepends="m4"
 makedepends="pam-devel"
 short_desc="Tool for managing Linux filesystem encryption"
 maintainer="Andrea Brancaleoni <abc@pomel.me>"
 license="Apache-2.0"
 homepage="https://github.com/google/fscrypt"
 distfiles="https://github.com/google/fscrypt/archive/v${version}.tar.gz"
-checksum=bce54ebb716706150b759052665a29d01963d8df334ad9beb34105ce62d2de94
+checksum=08e7f1bb5481f5ee76a90d79b9d9e2632f167d43100438ba08bd637e2dfb0f22
+conf_files="/etc/pam.d/fscrypt"
+
+if [ "$XBPS_TARGET_WORDSIZE" = "32" ];
+then
+	broken="fscrypt can't be built for 32-bit targets"
+fi
+
+post_install() {
+	# build and install the PAM module
+	LDFLAGS= make PREFIX=/usr DESTDIR=${DESTDIR} install-pam
+	# remove Ubuntu specific pam-config files
+	rm -rf ${DESTDIR}/usr/share/pam-configs/
+	# add PAM config file
+	vinstall ${FILESDIR}/pam_config 644 etc/pam.d fscrypt
+}