Date: Mon, 10 Nov 2025 11:06:18 GMT From: Lexi Winter <ivy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 560af6b43e2a - main - libpam: Move to a new "pam" package Message-ID: <202511101106.5AAB6I48011093@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=560af6b43e2a86e591e94bea99777630cd5f84fd commit 560af6b43e2a86e591e94bea99777630cd5f84fd Author: Lexi Winter <ivy@FreeBSD.org> AuthorDate: 2025-11-10 10:20:33 +0000 Commit: Lexi Winter <ivy@FreeBSD.org> CommitDate: 2025-11-10 11:05:37 +0000 libpam: Move to a new "pam" package OpenPAM is a discrete, largely self-contained system component. Users may not need PAM for many use-cases (e.g. jails, containers), so move it to its own package. Use LIB_PACKAGE to create a separate pam-lib package for libpam, so that applications that support PAM don't need to bring in all the PAM modules if PAM isn't actually in use. Add pam to the minimal sets, since this is a core system component that people expect to be installed. This means all supported installation methods will install the PAM modules by default, so don't add explicit dependencies on the PAM modules from things that use PAM (e.g. runtime), allowing custom/embedded systems to omit these easily. This change adds a new package to the system so, until we have a proper policy on how to handle this in release/stable branches, it should not be MFC'd. MFC after: never Reviewed by: des, bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53602 --- UPDATING | 12 ++++++++++ lib/libpam/Makefile.inc | 2 ++ lib/libpam/libpam/Makefile | 2 +- lib/libpam/modules/pam_lastlog/Makefile | 2 -- lib/libpam/modules/pam_login_access/Makefile | 2 -- lib/libpam/modules/pam_nologin/Makefile | 2 -- lib/libpam/modules/pam_securetty/Makefile | 2 -- lib/libpam/modules/pam_self/Makefile | 2 -- lib/libpam/modules/pam_unix/Makefile | 2 -- lib/libpam/pam.d/Makefile | 20 ++++++---------- release/packages/ucl/pam-all.ucl | 35 ++++++++++++++++++++++++++++ 11 files changed, 57 insertions(+), 26 deletions(-) diff --git a/UPDATING b/UPDATING index 62a920e3a696..d6cbe66009f0 100644 --- a/UPDATING +++ b/UPDATING @@ -27,6 +27,18 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 16.x IS SLOW: world, or to merely disable the most expensive debugging functionality at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20251110: + OpenPAM (including libpam and the PAM modules) has moved to the new + "pam" package. The pam-lib subpackage, which includes libpam, will + be automatically installed when required. + + If you have set-minimal(-jail) installed, the pam base package which + contains the PAM modules will also be automatically installed. + If you don't, you MUST manually install the FreeBSD-pam package if you + need to authenticate users, otherwise you won't be able to log in. + + This change only affects pkgbase users. + 20251105: pf(4) now supports nat64 via the af-to keyword. diff --git a/lib/libpam/Makefile.inc b/lib/libpam/Makefile.inc index bec0687d1b7f..28630e46b949 100644 --- a/lib/libpam/Makefile.inc +++ b/lib/libpam/Makefile.inc @@ -23,6 +23,8 @@ # SUCH DAMAGE. # +PACKAGE?= pam + CFLAGS+= -DOPENPAM_DEBUG SHLIB_MAJOR= 6 diff --git a/lib/libpam/libpam/Makefile b/lib/libpam/libpam/Makefile index c6db4992bb36..f220063971d7 100644 --- a/lib/libpam/libpam/Makefile +++ b/lib/libpam/libpam/Makefile @@ -42,7 +42,7 @@ OPENPAM= ${SRCTOP}/contrib/openpam SHLIB= pam .endif -PACKAGE= runtime +LIB_PACKAGE= SRCS= openpam_asprintf.c \ openpam_borrow_cred.c \ diff --git a/lib/libpam/modules/pam_lastlog/Makefile b/lib/libpam/modules/pam_lastlog/Makefile index ecaf013c504a..9d27f4779184 100644 --- a/lib/libpam/modules/pam_lastlog/Makefile +++ b/lib/libpam/modules/pam_lastlog/Makefile @@ -23,8 +23,6 @@ # SUCH DAMAGE. # -PACKAGE= runtime - LIB= pam_lastlog SRCS= pam_lastlog.c MANNODEV= pam_lastlog.8 diff --git a/lib/libpam/modules/pam_login_access/Makefile b/lib/libpam/modules/pam_login_access/Makefile index 41bc32212351..e31866395a94 100644 --- a/lib/libpam/modules/pam_login_access/Makefile +++ b/lib/libpam/modules/pam_login_access/Makefile @@ -23,8 +23,6 @@ # SUCH DAMAGE. # -PACKAGE= runtime - LIB= pam_login_access SRCS= pam_login_access.c login_access.c MANNODEV= login.access.5 pam_login_access.8 diff --git a/lib/libpam/modules/pam_nologin/Makefile b/lib/libpam/modules/pam_nologin/Makefile index c4ccc27b8958..38c9ea2b0a2a 100644 --- a/lib/libpam/modules/pam_nologin/Makefile +++ b/lib/libpam/modules/pam_nologin/Makefile @@ -23,8 +23,6 @@ # SUCH DAMAGE. # -PACKAGE= runtime - LIB= pam_nologin SRCS= pam_nologin.c MANNODEV= pam_nologin.8 diff --git a/lib/libpam/modules/pam_securetty/Makefile b/lib/libpam/modules/pam_securetty/Makefile index 6e5e7d929b7d..90740721a3f5 100644 --- a/lib/libpam/modules/pam_securetty/Makefile +++ b/lib/libpam/modules/pam_securetty/Makefile @@ -23,8 +23,6 @@ # SUCH DAMAGE. # -PACKAGE= runtime - LIB= pam_securetty SRCS= pam_securetty.c MANNODEV= pam_securetty.8 diff --git a/lib/libpam/modules/pam_self/Makefile b/lib/libpam/modules/pam_self/Makefile index ecf85b8de70a..8a6b3702b5a1 100644 --- a/lib/libpam/modules/pam_self/Makefile +++ b/lib/libpam/modules/pam_self/Makefile @@ -23,8 +23,6 @@ # SUCH DAMAGE. # -PACKAGE= runtime - LIB= pam_self SRCS= pam_self.c MANNODEV= pam_self.8 diff --git a/lib/libpam/modules/pam_unix/Makefile b/lib/libpam/modules/pam_unix/Makefile index 1bb1e6f2c71a..124a757eae9d 100644 --- a/lib/libpam/modules/pam_unix/Makefile +++ b/lib/libpam/modules/pam_unix/Makefile @@ -36,8 +36,6 @@ .include <src.opts.mk> .include <bsd.init.mk> -PACKAGE= runtime - LIB= pam_unix SRCS= pam_unix.c MANNODEV= pam_unix.8 diff --git a/lib/libpam/pam.d/Makefile b/lib/libpam/pam.d/Makefile index a58c37b6c223..2cc5122b2ecc 100644 --- a/lib/libpam/pam.d/Makefile +++ b/lib/libpam/pam.d/Makefile @@ -1,7 +1,5 @@ .include <src.opts.mk> -PACKAGE= runtime - NO_OBJ= CONFGROUPS= CONFS @@ -17,20 +15,16 @@ CONFDIR= /etc/pam.d CONFSMODE_README= 444 CONFGROUPS+= CRON -CRON+= cron +CRON= cron CRONPACKAGE= cron -.if ${MK_AT} != "no" -CONFGROUPS+= AT -AT+= atrun -ATPACKAGE+= at -.endif +CONFGROUPS.${MK_AT}+= AT +AT= atrun +ATPACKAGE= at -.if ${MK_FTP} != "no" -CONFGROUPS+= FTP -FTP+= ftp ftpd +CONFGROUPS.${MK_FTP}+= FTP +FTP= ftp ftpd # Do not put these in the ftp package, since ports also use them. -FTPPACKAGE= runtime -.endif +FTPPACKAGE= pam .include <bsd.prog.mk> diff --git a/release/packages/ucl/pam-all.ucl b/release/packages/ucl/pam-all.ucl new file mode 100644 index 000000000000..c77b926532e6 --- /dev/null +++ b/release/packages/ucl/pam-all.ucl @@ -0,0 +1,35 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2025 Lexi Winter <ivy@FreeBSD.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +comment = "Modular user authentication facility" + +desc = <<EOD +PAM (Pluggable Authentication Modules) is an API to connect programs which +wish to authenticate users, such as login(1) or sshd(8), with authentication +providers that handle various authentication methods, such as UNIX passwords +or Kerberos. PAM allows any application to authenticate using any supported +method without needing to modify the application. + +PAM was originally implemented by Sun Microsystems as part of the Solaris +operating system. This implementation of PAM comes from OpenPAM, and aims +to be compatible with Solaris PAM. +EOD + +annotations { + set = "minimal,minimal-jail" +}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202511101106.5AAB6I48011093>