main/linux-pam: add elogind to base-session

This also changes base-auth from a very minimal config
to what elogind recommends, which is required for at
least GNOME. Also include system-local-login and
system-login files, which are required by GDM.

5 files changed, 50 insertions, 12 deletions

diff --git a/main/linux-pam/APKBUILD b/main/linux-pam/APKBUILD
index 262000a676..48c752a2c9 100644
--- a/main/linux-pam/APKBUILD
+++ b/main/linux-pam/APKBUILD
@@ -1,12 +1,11 @@
-# Contributor: 
-# Maintainer: 
+# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
 pkgname=linux-pam
 pkgver=1.3.0
-pkgrel=0
+pkgrel=1
 pkgdesc="pluggable authentication modules for linux"
 url="http://www.kernel.org/pub/linux/libs/pam"
 arch="all"
-license="BSD"
+license="BSD-3-Clause"
 depends_dev="gettext-dev"
 makedepends="$depends_dev bison flex-dev autoconf automake libtool"
 options="suid !check"
@@ -22,6 +21,8 @@ source="http://linux-pam.org/library/Linux-PAM-$pkgver.tar.bz2
 	base-session.pamd
 	base-session-noninteractive.pamd
 	other.pamd
+	system-local-login.pamd
+	system-login.pamd
 	su.pamd
 	"
 
@@ -55,9 +56,6 @@ package() {
 	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 
-	# do not install pam.d files bundled with the source, they could be broken
-	rm -rf "$pkgdir"/etc/pam.d
-
 	# install our pam.d files
 	mkdir "$pkgdir"/etc/pam.d
 	for i in $source; do
@@ -78,10 +76,12 @@ sha512sums="4a89ca4b6f4676107aca4018f7c11addf03495266b209cb11c913f8b5d191d9a1f72
 52b97e23084f7b835ce1fa441663f91a50ea797cb38ba2c6662bcdaf0d25ba487118442674ac347fb17353af126dd6b3b696612faa56cac428dd842d14e1c90d  fix-compat.patch
 f49edf3876cc6bcb87bbea4e7beaeb0a382d596898c755f5fbaf6c2ed4e0c8f082b2cd16dde8a74af82bb09a1334f463e07a4bb5b8a48f023ff90a67ad2fdd44  libpam-fix-build-with-eglibc-2.16.patch
 bc443d2a9b1d90b81959ce6fa154042365d5e7840f8696f847a145bbaaeffcbe1e9cd2b8ba76131a7b48737929e281f4fe864582fa4fc40315f2d10c650e0cd9  musl-fix-pam_exec.patch
-0672ab21adb969af2a0082e2559f1196d8a4f8b1cff2836f97e5f24edb03b6aed156c61cf335a4df978e423dcd9934ffee8cb5784ed5dde704d7e5ddec4ba9f6  base-auth.pamd
+bb368f3f05d5a2bacee2befeaa75adfb6fcf2aecf5d6e8e01842ec499920e62ff06bdc1ca91ce970b61d628c9036ca669bff38d4874d4a235071995aa1d82a56  base-auth.pamd
 85462201a4044c7e170e617d39b0eceb4790abc6c0504999117548030a16d80a9d2078d1ad97690d7d346e6374201f0c52e792ccb08ce2b1c4bbf0cc2be96f5b  base-account.pamd
 8223b815148c3b9b874d2c283840f6428c266e56c7cf49ce8fc508c4945ae31c837bef96dab17f64a60812d1c9cd0055cf0a50d7951d23070b69bd2e5bb9666d  base-password.pamd
-b0138f662715974bd865d755c5e7d403faf5b9ad1b7e2b1d1598ad7eb5764a9ff407f1a5e6ce7f16db9fc10f8d643323b494563416fd6a654032529b52213c5b  base-session.pamd
+6e262f1b1bb4cc01f43c0c3cb72136ebd976d25cb27ca35fd8a76b3dfd57e9938e359d20671f4077ad75b1d38cb944596539220a44d9b6b92cc234605a95ada1  base-session.pamd
 444e20046843057b17c0aac14d2b71a68923b989b3d8b478bbf684698673683186e928e5ca2e6cb9a1c76abc4248044a0e10ef6b06b3f51857106796ecce250d  base-session-noninteractive.pamd
 d103ba06b2c4929171e09c845f9866539220cd20d8d56a03d25850342ef5eabe281e958dfe1eaefd550c00f9440e8700c1d74c88c3001f933134ca6fd7cb9b7b  other.pamd
+83cc3d84ef5afded9afd4d347132901b9adcbd8b21be45b80d010370a2082e8388a713eb78d052944bc47b07fd7383edf18e2674d9d0545215cc45e14a2e14b1  system-local-login.pamd
+80b8b8153f7537190a5f6dc965169e5ab4b535a01024e554b14aa99ec5f6428740da54087e4c186978a3df0f9a5b62d37ae5cd35dd69a31c1d5ba71166b1f1a6  system-login.pamd
 b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7  su.pamd"
diff --git a/main/linux-pam/base-auth.pamd b/main/linux-pam/base-auth.pamd
index 012445aa3a..ea59ce9665 100644
--- a/main/linux-pam/base-auth.pamd
+++ b/main/linux-pam/base-auth.pamd
@@ -1,5 +1,15 @@
 # basic PAM configuration for Alpine.
+auth	required	pam_env.so
+auth	required	pam_unix.so	nullok_secure
+auth	required	pam_nologin.so	successok
 
-auth		required	pam_env.so
-auth		required	pam_unix.so	nullok_secure
-auth		required	pam_nologin.so	successok
+auth	sufficient	pam_unix.so	nullok try_first_pass
+
+account	required	pam_nologin.so
+account	sufficient	pam_unix.so
+
+password	sufficient	pam_unix.so	nullok sha512 shadow try_first_pass try_authtok
+
+-session	optional	pam_loginuid.so
+-session	optional	pam_elogind.so
+session	sufficient	pam_unix.so
diff --git a/main/linux-pam/base-session.pamd b/main/linux-pam/base-session.pamd
index bf5bcb7344..3804699b26 100644
--- a/main/linux-pam/base-session.pamd
+++ b/main/linux-pam/base-session.pamd
@@ -2,3 +2,4 @@
 
 session		include		base-session-noninteractive
 session		required	pam_motd.so
+-session	optional	pam_elogind.so
diff --git a/main/linux-pam/system-local-login.pamd b/main/linux-pam/system-local-login.pamd
new file mode 100644
index 0000000000..347b8155b8
--- /dev/null
+++ b/main/linux-pam/system-local-login.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+
+auth      include   system-login
+account   include   system-login
+password  include   system-login
+session   include   system-login
diff --git a/main/linux-pam/system-login.pamd b/main/linux-pam/system-login.pamd
new file mode 100644
index 0000000000..a143189e69
--- /dev/null
+++ b/main/linux-pam/system-login.pamd
@@ -0,0 +1,21 @@
+#%PAM-1.0
+
+auth       required   pam_tally.so         onerr=succeed file=/var/log/faillog
+auth       required   pam_shells.so
+auth       requisite  pam_nologin.so
+auth       include    base-auth
+
+account    required   pam_access.so
+account    required   pam_nologin.so
+account    include    base-auth
+
+password   include    base-auth
+
+session    optional   pam_loginuid.so
+session    include    base-auth
+session    optional   pam_motd.so          motd=/etc/motd
+session    optional   pam_mail.so          dir=/var/mail standard quiet
+-session   optional   pam_elogind.so
+-session   optional   pam_ck_connector.so  nox11
+session    required   pam_env.so
+session    required   pam_lastlog.so       silent