gnome-keyring-2.19 does have a pam_module and installs it into /usr/lib. However the default pam-dir is /lib/security and the modules should be installed there. Please adjust ebuild to inherit pam and configure with "--with-pam-dir=$(getpam_mod_dir)" (./configure says is supports it).
--- /usr/portage/local/layman/gnome-experimental/gnome-base/gnome-keyring/gnome-keyring-2.19.91.ebuild 2007-08-27 21:52:13.000000000 +0200 +++ gnome-keyring-2.19.91.ebuild 2007-09-05 21:47:19.000000000 +0200 @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-0.8.1.ebuild,v 1.1 2007/04/21 14:06:05 remi Exp $ -inherit gnome2 eutils +inherit gnome2 eutils pam DESCRIPTION="Password and keyring managing daemon" HOMEPAGE="http://www.gnome.org/" @@ -26,5 +26,5 @@ DOCS="AUTHORS ChangeLog NEWS README TODO" pkg_setup() { - G2CONF="$(use_enable hal) $(use_enable pam) $(use_enable test tests)" + G2CONF="$(use_enable hal) $(use_enable pam) $(use_with pam pam-dir $(getpam_mod_dir)) $(use_enable test tests)" }
Ok, it was not that easy. Seems like configre sets $(PAM_DEST_DIR) in the Makefiles to /lib/security, but still installs it to /usr/lib...
UPSTREAM bugreport: http://bugzilla.gnome.org/show_bug.cgi?id=474219 Faults in pam/Makefile.in. Working (but do not know if it is "right") patch attached upstream.
According to upstream you have to do "make install" and after that do "make install-pam" to copye the pam-module into path specified by ./configure --with-pam-dir. This seems to be a hack to get past "make distcheck" but since I am not a automake-guru nor seems upstream to be this is the way to go until someone comes up with another solution.
gnome-keyring-2.20 in portage still installs pam_gnome_keyring.so top /usr/lib and not to /lib/security where pam looks for it. Fix by run "make install-pam" after "make install".
If you could tell me how to setup pam_gnome_keyring once it's properly installed in the right directory, I'll try to patch things up and fix the ebuild. Is there a howto or something? Thanks
I think you should talk to Diego (flameeyes) about that. It involves /etc/pam.d and I have heard he has been pretty mad at people messing around there [1] and I do not know if I have the knowledge to be sure it all works as intended. [1] http://farragut.flameeyes.is-a-geek.org/articles/2007/07/11/im-gonna-go-nuts
I meant the configuration aspect of pam_gnome_keyring. Do you have a working setup I could reproduce? I'd gladly help but I don't have enough time to learn how to do stuff in PAM. The more you tell me, the better :) Cheers
How to set up according to Gnome. http://live.gnome.org/GnomeKeyring/Pam
As far as I can see Gnomes instructions works. But they include changes in /etc/pam.d/passwd and /etc/pam.d/login, two files I think flameeyes would be very sad if we touch without telling (they are mentioned in his blogpost). Maybe CC him and have him comment on the best approch about this files? But until he is back I think the best approach would be to install the module where it should be with a post-install message directing people to Gnomes guide about how to do things.
Thanks for the pointers. I had planned on fixing this a while ago but was busy irl. Anyway, just commenting to say that there is no way we touch the files in /etc/pam.d, the best approach like you said, it to point to user to a package-provided README and/or the website with BIG PHAT WARNINGS that they might screw up their system and get locked out :) which is really easy to do when you play with PAM.
Ditto on what Gilles said. We'll fix the ebuild so that it installs stuff in the right directories and add an elog message in pkg_postinst() pointing people to the url you've just provided. I'll get to it as soon as I can. Thanks :)
I've attached a patch upstream. I'll commit an updated ebuild later ... I'm late for work!
Alright, I just committed gnome-keyring-2.20.0-r1 (still under p.mask). It contains the same patch I've sent upstream. So please tell me if it works as I won't be able to test it really soon. @herd, if you guys had some time to try this out, I'd like to "copy" the upstream wiki page for gnome-keyring and explain how to make it work specifically for gentoo (and add it to our project page). So anyone telling me they got it to work is going to be a big help :) Thanks
gnome-keyring-2.20.0-r1 does now miss a buildtime-depend as automake needs gtk-doc for this package (details below). Either add depend or make (ugly) patch against Makefiles instead. Other then that the patch seems to work. Now off to see if I can make pam_gnome_keyring.so unlock not only the "login" but also the "default" keychain. * Running elibtoolize in: gnome-keyring-2.20.0 * Applying portage-1.5.10.patch ... * Applying sed-1.5.6.patch ... * Applying gnome-keyring-2.20.0-fix_pam.patch ... [ ok ] * Running eautoreconf in '/var/tmp/portage/gnome-base/gnome-keyring-2.20.0-r1/work/gnome-keyring-2.20.0' ... * Running aclocal ... [ ok ] * Running libtoolize --copy --force --automake ... [ ok ] * Running aclocal ... [ ok ] * Running autoconf ... [ ok ] * Running autoheader ... [ ok ] * Running automake --add-missing --copy ... [ !! ] * Failed Running automake ! * * Include in your bugreport the contents of: * * /var/tmp/portage/gnome-base/gnome-keyring-2.20.0-r1/temp/automake-28555.out * *** Contents of /var/tmp/portage/gnome-base/gnome-keyring-2.20.0-r1/temp/automake-28555.out ***** automake ***** gtk-doc.make:7: GTK_DOC_USE_LIBTOOL does not appear in AM_CONDITIONAL reference/Makefile.am:88: `gtk-doc.make' included from here gtk-doc.make:43: ENABLE_GTK_DOC does not appear in AM_CONDITIONAL reference/Makefile.am:88: `gtk-doc.make' included from here gtk-doc.make:136: ENABLE_GTK_DOC does not appear in AM_CONDITIONAL reference/Makefile.am:88: `gtk-doc.make' included from here
I'll add the gtk-doc depend for now. Thanks for testing it out :)
Fixed in CVS. No more gtk-doc required.
