kde-plasma/plasma-workspace: USE=pam, fix setuid, block kdebase-pam:4

SUID optional per kcheckpass/README, only required for shadow based login
setuid code in upstream cmake does not work, do it manually instead if USE=-pam
Block kdebase-pam which sneakily sabotaged plasma-workspace in /etc/pam.d,
leading to broken screenlocker bugs like #564618

Package-Manager: portage-2.2.24

2 files changed, 223 insertions, 0 deletions

diff --git a/kde-plasma/plasma-workspace/files/plasma-workspace-5.4.3-no-SUID-no-GUID.patch b/kde-plasma/plasma-workspace/files/plasma-workspace-5.4.3-no-SUID-no-GUID.patch
new file mode 100644
index 000000000000..a099b2324f91
--- /dev/null
+++ b/kde-plasma/plasma-workspace/files/plasma-workspace-5.4.3-no-SUID-no-GUID.patch
@@ -0,0 +1,16 @@
+diff --git a/kcheckpass/CMakeLists.txt b/kcheckpass/CMakeLists.txt
+index a63fa1403e897e70989dc2e1ba7eed4bc69cbb51..12d1bfb3c690eca1acf344045a92eb942669da83 100644
+--- a/ksmserver/screenlocker/kcheckpass/CMakeLists.txt
++++ b/ksmserver/screenlocker/kcheckpass/CMakeLists.txt
+@@ -22,10 +22,6 @@ endif ()
+ 
+ set_property(TARGET kcheckpass APPEND_STRING PROPERTY COMPILE_FLAGS " -U_REENTRANT")
+ target_link_libraries(kcheckpass ${UNIXAUTH_LIBRARIES} ${SOCKET_LIBRARIES})
+-install(TARGETS kcheckpass DESTINATION ${KDE_INSTALL_LIBEXECDIR})
+-install(CODE "
+-    set(KCP_PATH \"\$ENV{DESTDIR}${KDE_INSTALL_LIBEXECDIR}/kcheckpass\")
+-    execute_process(COMMAND sh -c \"chown root '\${KCP_PATH}' && chmod +s '\${KCP_PATH}'\")
+-")
++install(TARGETS kcheckpass DESTINATION ${LIBEXEC_INSTALL_DIR})
+ 
+ #EXTRA_DIST = README
diff --git a/kde-plasma/plasma-workspace/plasma-workspace-5.4.3-r1.ebuild b/kde-plasma/plasma-workspace/plasma-workspace-5.4.3-r1.ebuild
new file mode 100644
index 000000000000..a0c34fd39e47
--- /dev/null
+++ b/kde-plasma/plasma-workspace/plasma-workspace-5.4.3-r1.ebuild
@@ -0,0 +1,207 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+KDE_HANDBOOK="true"
+KDE_PUNT_BOGUS_DEPS="true"
+KDE_TEST="true"
+VIRTUALX_REQUIRED="test"
+inherit kde5 multilib pam qmake-utils
+
+DESCRIPTION="KDE Plasma workspace"
+KEYWORDS=" ~amd64 ~x86"
+IUSE="dbus +drkonqi +geolocation gps pam prison qalculate +systemmonitor"
+
+COMMON_DEPEND="
+	$(add_frameworks_dep baloo)
+	$(add_frameworks_dep kactivities)
+	$(add_frameworks_dep kauth)
+	$(add_frameworks_dep kbookmarks)
+	$(add_frameworks_dep kcmutils)
+	$(add_frameworks_dep kcompletion)
+	$(add_frameworks_dep kconfig)
+	$(add_frameworks_dep kconfigwidgets)
+	$(add_frameworks_dep kcoreaddons)
+	$(add_frameworks_dep kcrash)
+	$(add_frameworks_dep kdbusaddons)
+	$(add_frameworks_dep kdeclarative)
+	$(add_frameworks_dep kdelibs4support)
+	$(add_frameworks_dep kdesu)
+	$(add_frameworks_dep kglobalaccel)
+	$(add_frameworks_dep kguiaddons)
+	$(add_frameworks_dep ki18n)
+	$(add_frameworks_dep kiconthemes)
+	$(add_frameworks_dep kidletime)
+	$(add_frameworks_dep kio)
+	$(add_frameworks_dep kitemviews)
+	$(add_frameworks_dep kjobwidgets)
+	$(add_frameworks_dep kjs)
+	$(add_frameworks_dep kjsembed)
+	$(add_frameworks_dep knewstuff)
+	$(add_frameworks_dep knotifications)
+	$(add_frameworks_dep knotifyconfig)
+	$(add_frameworks_dep kpackage)
+	$(add_frameworks_dep krunner)
+	$(add_frameworks_dep kservice)
+	$(add_frameworks_dep ktexteditor)
+	$(add_frameworks_dep ktextwidgets)
+	$(add_frameworks_dep kwallet)
+	$(add_frameworks_dep kwidgetsaddons)
+	$(add_frameworks_dep kwindowsystem)
+	$(add_frameworks_dep kxmlgui)
+	$(add_frameworks_dep kxmlrpcclient)
+	$(add_frameworks_dep plasma)
+	$(add_frameworks_dep solid)
+	$(add_plasma_dep kwayland)
+	$(add_plasma_dep kwin)
+	$(add_plasma_dep libkscreen)
+	$(add_plasma_dep libksysguard)
+	dev-libs/wayland
+	dev-qt/qtconcurrent:5
+	dev-qt/qtdbus:5
+	dev-qt/qtdeclarative:5[widgets]
+	dev-qt/qtgui:5[jpeg]
+	dev-qt/qtnetwork:5
+	dev-qt/qtscript:5
+	dev-qt/qtsql:5
+	dev-qt/qtwidgets:5
+	dev-qt/qtx11extras:5
+	dev-qt/qtxml:5
+	media-libs/phonon[qt5]
+	sys-libs/zlib
+	x11-libs/libICE
+	x11-libs/libSM
+	x11-libs/libX11
+	x11-libs/libXau
+	x11-libs/libxcb
+	x11-libs/libXfixes
+	x11-libs/libXi
+	x11-libs/libXrender
+	x11-libs/xcb-util-keysyms
+	dbus? ( dev-libs/libdbusmenu-qt[qt5] )
+	drkonqi? (
+		$(add_frameworks_dep kdewebkit)
+		dev-qt/qtwebkit:5
+	)
+	geolocation? ( $(add_frameworks_dep networkmanager-qt) )
+	gps? ( sci-geosciences/gpsd )
+	pam? ( virtual/pam )
+	prison? ( media-libs/prison:5 )
+	qalculate? ( sci-libs/libqalculate )
+	systemmonitor? (
+		$(add_plasma_dep libksysguard processui)
+	)
+"
+RDEPEND="${COMMON_DEPEND}
+	$(add_frameworks_dep kded)
+	$(add_kdeapps_dep kio-extras)
+	$(add_plasma_dep kde-cli-tools)
+	$(add_plasma_dep milou)
+	dev-qt/qdbus:5
+	dev-qt/qtpaths:5
+	dev-qt/qtquickcontrols:5[widgets]
+	x11-apps/mkfontdir
+	x11-apps/xmessage
+	x11-apps/xprop
+	x11-apps/xrdb
+	x11-apps/xset
+	x11-apps/xsetroot
+	systemmonitor? ( $(add_plasma_dep ksysguard) )
+	!kde-base/freespacenotifier:4
+	!kde-base/libtaskmanager:4
+	!<kde-base/kcheckpass-4.11.22-r1:4
+	!kde-base/kcminit:4
+	!kde-base/kdebase-pam:4
+	!kde-base/kdebase-startkde:4
+	!kde-base/klipper:4
+	!kde-base/krunner:4
+	!kde-base/ksmserver:4
+	!kde-base/ksplash:4
+	!kde-base/plasma-workspace:4
+"
+DEPEND="${COMMON_DEPEND}
+	x11-proto/xproto
+"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-5.4-startkde-script.patch"
+	"${FILESDIR}/${PN}-5.4-consolekit2.patch"
+	"${FILESDIR}/${PN}-5.4.3-fix-drkonqi.patch"	#Upstream bug 354110
+	"${FILESDIR}/${PN}-5.4.3-no-SUID-no-GUID.patch"
+)
+
+RESTRICT="test"
+
+src_prepare() {
+	# whole patch should be upstreamed, doesn't work in PATCHES
+	epatch "${FILESDIR}/${PN}-tests-optional.patch"
+
+	kde5_src_prepare
+
+	sed -e "s|\`qtpaths|\`$(qt5_get_bindir)/qtpaths|" \
+		-i startkde/startkde.cmake startkde/startplasmacompositor.cmake || die
+
+	if ! use drkonqi; then
+		comment_add_subdirectory drkonqi
+	fi
+
+	if ! use geolocation; then
+		punt_bogus_dep KF5 NetworkManagerQt
+		pushd dataengines > /dev/null || die
+			comment_add_subdirectory geolocation
+		popd > /dev/null || die
+	fi
+
+	if ! use systemmonitor; then
+		comment_add_subdirectory systemmonitor
+		pushd applets > /dev/null || die
+			comment_add_subdirectory systemmonitor
+		popd > /dev/null || die
+		pushd dataengines > /dev/null || die
+			comment_add_subdirectory systemmonitor
+		popd > /dev/null || die
+	fi
+}
+
+src_configure() {
+	local mycmakeargs=(
+		$(cmake-utils_use_find_package pam)
+		$(cmake-utils_use_find_package dbus dbusmenu-qt5)
+		$(cmake-utils_use_find_package gps libgps)
+		$(cmake-utils_use_find_package prison)
+		$(cmake-utils_use_find_package qalculate Qalculate)
+	)
+
+	kde5_src_configure
+}
+
+src_install() {
+	kde5_src_install
+
+	newpamd "${FILESDIR}/kde.pam" kde
+	newpamd "${FILESDIR}/kde-np.pam" kde-np
+
+	# startup and shutdown scripts
+	insinto /etc/plasma/startup
+	doins "${FILESDIR}/agent-startup.sh"
+
+	insinto /etc/plasma/shutdown
+	doins "${FILESDIR}/agent-shutdown.sh"
+
+	if ! use pam; then
+		chown root "${ED}"usr/$(get_libdir)/libexec/kcheckpass || die
+		chmod +s "${ED}"usr/$(get_libdir)/libexec/kcheckpass || die
+	fi
+}
+
+pkg_postinst () {
+	kde5_pkg_postinst
+
+	echo
+	elog "To enable gpg-agent and/or ssh-agent in Plasma sessions,"
+	elog "edit ${EPREFIX}/etc/plasma/startup/agent-startup.sh and"
+	elog "${EPREFIX}/etc/plasma/shutdown/agent-shutdown.sh"
+	echo
+}