From 6bc8fa7ec5b029c8da7162cfa322fa0c1b944d46 Mon Sep 17 00:00:00 2001 From: Alexander Tsoy Date: Tue, 29 Jun 2021 13:08:39 +0300 Subject: [PATCH] sys-auth/pambase: add support for yescrypt password hashing Signed-off-by: Alexander Tsoy --- sys-auth/pambase/metadata.xml | 4 ++++ sys-auth/pambase/pambase-999999999.ebuild | 8 +++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/sys-auth/pambase/metadata.xml b/sys-auth/pambase/metadata.xml index d9afbc2959e..58c03372967 100644 --- a/sys-auth/pambase/metadata.xml +++ b/sys-auth/pambase/metadata.xml @@ -91,5 +91,9 @@ relevant anymore as the login stack only refers to local logins and local terminals imply secure access in the first place. + + Switch Linux-PAM's pam_unix module to use yescrypt for passwords + hashes rather than MD5. + diff --git a/sys-auth/pambase/pambase-999999999.ebuild b/sys-auth/pambase/pambase-999999999.ebuild index b4166689528..f317bfc6ac2 100644 --- a/sys-auth/pambase/pambase-999999999.ebuild +++ b/sys-auth/pambase/pambase-999999999.ebuild @@ -21,13 +21,14 @@ fi LICENSE="MIT" SLOT="0" -IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 systemd" +IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 systemd yescrypt" RESTRICT="binchecks" REQUIRED_USE=" ?? ( elogind systemd ) ?? ( passwdqc pwquality ) + ?? ( sha512 yescrypt ) pwhistory? ( || ( passwdqc pwquality ) ) homed? ( !pam_krb5 ) pam_krb5? ( !homed ) @@ -52,6 +53,10 @@ RDEPEND=" sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} ) homed? ( sys-apps/systemd[homed] ) systemd? ( sys-apps/systemd[pam] ) + yescrypt? ( + sys-libs/libxcrypt[system] + >=sys-libs/pam-${MIN_PAM_REQ} + ) " BDEPEND="$(python_gen_any_dep ' @@ -81,6 +86,7 @@ src_configure() { $(usex selinux '--selinux' '') \ $(usex sha512 '--sha512' '') \ $(usex systemd '--systemd' '') \ + $(usex yescrypt '--yescrypt' '') \ || die } -- 2.31.1