From nobody Tue Apr 7 11:27:04 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fqkS93zDWz6Y46q for ; Tue, 07 Apr 2026 11:27:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fqkS90VZKz4MjV for ; Tue, 07 Apr 2026 11:27:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1775561225; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=z+QR+7RNDbaGEMNhbLdEDGJ6r5pFAek4w/EdAcyMCjM=; b=d5BBc9tJ1W5ahk16ko0hQY8H6lmQ/WEOspEQA1slQ4g0dPAQIv2mcaalLDb95hwk22sDeQ uptNf8i7I9g05E+btCVsVvrplHQJVm/dNn+Pxh0pjt7i9rvtdtydrREsMpeK9inWZk1dAP S+jMQEqJ9RIYzK9TQzq2n6JK5hRi9/2+u7vqHTE/QgPqRrGfN9uu1YSEG1tREXDeU5XtS9 GUMASFxFjz6lCMCUDIDIbJI9UbykeAAYZMMDjllKM7QcYs06tukKsJOrZ1cRkvkY9jTTVh LcbTNAwp9wOgF0V2QotvvBeO75yiEhRyyIYVaT8ZGt6FYUfKDH3QDcBsBrgFRQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1775561225; a=rsa-sha256; cv=none; b=wdYegng7erskIaIY0pd5g+qw8mQgWqTEjflrcKiFgqqRD9/zShtOT+GxT9vb8pC1Uzc/1H 8EEQ/B2+CdPeE21y+r6ORlsX4MY+Mrnj5er5ZU9Ua+2NmpswN4BLRgHgY8tqLV325eYcMv hIaEcfGxj4gEDcviwgHhn9o1nJjtQsR0W+NNA8Vox0GHfB8+3nXS2CAX11ZqqBUpKbTOy5 k8shv9UbiWYa2uTfyggGyasVlhti7LBbwAlNL21C1MN2NmOimsYIQTawQZwwlAZQcZFcTb zBQvZt+jWroypppKzy8+7cmJuuHn7rbW3HvswbOWyVZoLcbB+neGr3GOPqYfbA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1775561225; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=z+QR+7RNDbaGEMNhbLdEDGJ6r5pFAek4w/EdAcyMCjM=; b=PTgjDxhSGFTOS6iUMsAiTuGU5crrinyYvrSX5PHH7pNHyyocjeUVBFlztGOsVto/PiBgwJ 6Su1BdidN2Ss/pJtSek+OOREjJGz1WyckGL8u7Oc3CygFGf6z7s/jQO0r4rBpQfnJicUIv 6ecvGqwpmCtTNkghTS3JYaGknD0+Ve9qwpmSsTMaE5hpXBUEDlBXic9AM2VMiCIV385tyl n6h369ao40SnUkSL2s9txvK6+Iqmr6hjKJN2q6FDXINJWz7VIqBwpcc2M5O5rO/MuKI8tf ku45pDHlr51RmNBFb5s+1/munFD0C3K1L1nNhJ/eT7tS8M1SboOQpCmEIImL8Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fqkS874SpzdjS for ; Tue, 07 Apr 2026 11:27:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 2137f by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 07 Apr 2026 11:27:04 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Lexi Winter Subject: git: 95cc7f59b7ce - stable/15 - libpam: Move to a new "pam" package List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ivy X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 95cc7f59b7ce99e8f188a6f308db1b38ae064e4c Auto-Submitted: auto-generated Date: Tue, 07 Apr 2026 11:27:04 +0000 Message-Id: <69d4ea08.2137f.e4a3dc3@gitrepo.freebsd.org> The branch stable/15 has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=95cc7f59b7ce99e8f188a6f308db1b38ae064e4c commit 95cc7f59b7ce99e8f188a6f308db1b38ae064e4c Author: Lexi Winter AuthorDate: 2025-11-10 10:20:33 +0000 Commit: Lexi Winter CommitDate: 2026-04-07 11:01:39 +0000 libpam: Move to a new "pam" package OpenPAM is a discrete, largely self-contained system component. Users may not need PAM for many use-cases (e.g. jails, containers), so move it to its own package. Use LIB_PACKAGE to create a separate pam-lib package for libpam, so that applications that support PAM don't need to bring in all the PAM modules if PAM isn't actually in use. Add pam to the minimal sets, since this is a core system component that people expect to be installed. This means all supported installation methods will install the PAM modules by default, so don't add explicit dependencies on the PAM modules from things that use PAM (e.g. runtime), allowing custom/embedded systems to omit these easily. This change adds a new package to the system so, until we have a proper policy on how to handle this in release/stable branches, it should not be MFC'd. [stable/15: MFC under the re@ pkgbase policy for 15.1] MFC after: never Reviewed by: des, bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53602 (cherry picked from commit 560af6b43e2a86e591e94bea99777630cd5f84fd) --- UPDATING | 12 ++++++++++ lib/libpam/Makefile.inc | 2 ++ lib/libpam/libpam/Makefile | 2 +- lib/libpam/modules/pam_lastlog/Makefile | 2 -- lib/libpam/modules/pam_login_access/Makefile | 2 -- lib/libpam/modules/pam_nologin/Makefile | 2 -- lib/libpam/modules/pam_securetty/Makefile | 2 -- lib/libpam/modules/pam_self/Makefile | 2 -- lib/libpam/modules/pam_unix/Makefile | 2 -- lib/libpam/pam.d/Makefile | 20 ++++++---------- release/packages/ucl/pam-all.ucl | 35 ++++++++++++++++++++++++++++ 11 files changed, 57 insertions(+), 26 deletions(-) diff --git a/UPDATING b/UPDATING index 749f59a30101..3515623bdfb0 100644 --- a/UPDATING +++ b/UPDATING @@ -12,6 +12,18 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before updating system packages and/or ports. +20260407: + OpenPAM (including libpam and the PAM modules) has moved to the new + "pam" package. The pam-lib subpackage, which includes libpam, will + be automatically installed when required. + + If you have set-minimal(-jail) installed, the pam base package which + contains the PAM modules will also be automatically installed. + If you don't, you MUST manually install the FreeBSD-pam package if you + need to authenticate users, otherwise you won't be able to log in. + + This change only affects pkgbase users. + 20260407: Zstd has moved to the new "zstd" package. If you have set-minimal installed, this package will be installed automatically, otherwise diff --git a/lib/libpam/Makefile.inc b/lib/libpam/Makefile.inc index bec0687d1b7f..28630e46b949 100644 --- a/lib/libpam/Makefile.inc +++ b/lib/libpam/Makefile.inc @@ -23,6 +23,8 @@ # SUCH DAMAGE. # +PACKAGE?= pam + CFLAGS+= -DOPENPAM_DEBUG SHLIB_MAJOR= 6 diff --git a/lib/libpam/libpam/Makefile b/lib/libpam/libpam/Makefile index c6db4992bb36..f220063971d7 100644 --- a/lib/libpam/libpam/Makefile +++ b/lib/libpam/libpam/Makefile @@ -42,7 +42,7 @@ OPENPAM= ${SRCTOP}/contrib/openpam SHLIB= pam .endif -PACKAGE= runtime +LIB_PACKAGE= SRCS= openpam_asprintf.c \ openpam_borrow_cred.c \ diff --git a/lib/libpam/modules/pam_lastlog/Makefile b/lib/libpam/modules/pam_lastlog/Makefile index ecaf013c504a..9d27f4779184 100644 --- a/lib/libpam/modules/pam_lastlog/Makefile +++ b/lib/libpam/modules/pam_lastlog/Makefile @@ -23,8 +23,6 @@ # SUCH DAMAGE. # -PACKAGE= runtime - LIB= pam_lastlog SRCS= pam_lastlog.c MANNODEV= pam_lastlog.8 diff --git a/lib/libpam/modules/pam_login_access/Makefile b/lib/libpam/modules/pam_login_access/Makefile index 41bc32212351..e31866395a94 100644 --- a/lib/libpam/modules/pam_login_access/Makefile +++ b/lib/libpam/modules/pam_login_access/Makefile @@ -23,8 +23,6 @@ # SUCH DAMAGE. # -PACKAGE= runtime - LIB= pam_login_access SRCS= pam_login_access.c login_access.c MANNODEV= login.access.5 pam_login_access.8 diff --git a/lib/libpam/modules/pam_nologin/Makefile b/lib/libpam/modules/pam_nologin/Makefile index c4ccc27b8958..38c9ea2b0a2a 100644 --- a/lib/libpam/modules/pam_nologin/Makefile +++ b/lib/libpam/modules/pam_nologin/Makefile @@ -23,8 +23,6 @@ # SUCH DAMAGE. # -PACKAGE= runtime - LIB= pam_nologin SRCS= pam_nologin.c MANNODEV= pam_nologin.8 diff --git a/lib/libpam/modules/pam_securetty/Makefile b/lib/libpam/modules/pam_securetty/Makefile index 6e5e7d929b7d..90740721a3f5 100644 --- a/lib/libpam/modules/pam_securetty/Makefile +++ b/lib/libpam/modules/pam_securetty/Makefile @@ -23,8 +23,6 @@ # SUCH DAMAGE. # -PACKAGE= runtime - LIB= pam_securetty SRCS= pam_securetty.c MANNODEV= pam_securetty.8 diff --git a/lib/libpam/modules/pam_self/Makefile b/lib/libpam/modules/pam_self/Makefile index ecf85b8de70a..8a6b3702b5a1 100644 --- a/lib/libpam/modules/pam_self/Makefile +++ b/lib/libpam/modules/pam_self/Makefile @@ -23,8 +23,6 @@ # SUCH DAMAGE. # -PACKAGE= runtime - LIB= pam_self SRCS= pam_self.c MANNODEV= pam_self.8 diff --git a/lib/libpam/modules/pam_unix/Makefile b/lib/libpam/modules/pam_unix/Makefile index 1bb1e6f2c71a..124a757eae9d 100644 --- a/lib/libpam/modules/pam_unix/Makefile +++ b/lib/libpam/modules/pam_unix/Makefile @@ -36,8 +36,6 @@ .include .include -PACKAGE= runtime - LIB= pam_unix SRCS= pam_unix.c MANNODEV= pam_unix.8 diff --git a/lib/libpam/pam.d/Makefile b/lib/libpam/pam.d/Makefile index a58c37b6c223..2cc5122b2ecc 100644 --- a/lib/libpam/pam.d/Makefile +++ b/lib/libpam/pam.d/Makefile @@ -1,7 +1,5 @@ .include -PACKAGE= runtime - NO_OBJ= CONFGROUPS= CONFS @@ -17,20 +15,16 @@ CONFDIR= /etc/pam.d CONFSMODE_README= 444 CONFGROUPS+= CRON -CRON+= cron +CRON= cron CRONPACKAGE= cron -.if ${MK_AT} != "no" -CONFGROUPS+= AT -AT+= atrun -ATPACKAGE+= at -.endif +CONFGROUPS.${MK_AT}+= AT +AT= atrun +ATPACKAGE= at -.if ${MK_FTP} != "no" -CONFGROUPS+= FTP -FTP+= ftp ftpd +CONFGROUPS.${MK_FTP}+= FTP +FTP= ftp ftpd # Do not put these in the ftp package, since ports also use them. -FTPPACKAGE= runtime -.endif +FTPPACKAGE= pam .include diff --git a/release/packages/ucl/pam-all.ucl b/release/packages/ucl/pam-all.ucl new file mode 100644 index 000000000000..c77b926532e6 --- /dev/null +++ b/release/packages/ucl/pam-all.ucl @@ -0,0 +1,35 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2025 Lexi Winter + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +comment = "Modular user authentication facility" + +desc = <