sys-auth/poldi: PAM module implementing authentication via OpenPGP smartcards

Package-Manager: portage-2.2.20.1

12 files changed, 556 insertions, 0 deletions

diff --git a/sys-auth/poldi/ChangeLog b/sys-auth/poldi/ChangeLog
new file mode 100644
index 00000000..86031160
--- /dev/null
+++ b/sys-auth/poldi/ChangeLog
@@ -0,0 +1,12 @@
+*poldi-0.4.1 (20 Aug 2015)
+
+  20 Aug 2015; Bertrand Jacquin <bertrand@jacquin.bzh>
+  +files/0.4.1-Add-scdaemon.conf-installation.patch,
+  +files/0.4.1-Bug-fix-use--loghandle.patch,
+  +files/0.4.1-Fixed-log-file-path.patch,
+  +files/0.4.1-New-entry--opt_quiet.patch,
+  +files/0.4.1-Use-LDFLAGS-and-GCC.patch, +files/0.4.1-debian-specific.patch,
+  +files/0.4.1-scdaemon-program-Change-patch.diff,
+  +files/0.4.1-tests-GPG_ERROR_LIBS-LIBGCRYPT_LIBS.patch, +metadata.xml,
+  +poldi-0.4.1.ebuild:
+  sys-auth:
diff --git a/sys-auth/poldi/Manifest b/sys-auth/poldi/Manifest
new file mode 100644
index 00000000..b0bb05f5
--- /dev/null
+++ b/sys-auth/poldi/Manifest
@@ -0,0 +1,12 @@
+AUX 0.4.1-Add-scdaemon.conf-installation.patch 1476 SHA256 9678a6ba26fd14cc58e5d4283fc33336676eb769a0980951aa73f5490b4bb7b2 WHIRLPOOL 38e29586a00cbf4d6b0b5b38df967a944a6555ed5e0f1e24796823fe0ef708a9f7cf388ad397868f8c6d39f24eb208a2df94dfe881b3b750b213693b271a52e4
+AUX 0.4.1-Bug-fix-use--loghandle.patch 895 SHA256 0e85412c41c285e23b9fa401d3aa64e2ef3b8e1ebe4376356b6734ec91adb056 WHIRLPOOL 3ba6304d0c8b8b5091e31ea627fdfcc398edf4b52e15d5405d34db093d28649e2181e8c6e1d54a6d5386dbeaa6cfb8b9c3292de510507ab18a62b2958f52bb1d
+AUX 0.4.1-Fixed-log-file-path.patch 668 SHA256 2a0fed719cf7ead5dbb36b4ef4ca3704b6233d77664697a7057b4928a3cb5306 WHIRLPOOL f8644e510afc74ce0137146721028e9db1096a8006a21fa8e680a03c0dde7d37c84ac4f2c705958037934a066d9dd5fb0e732c054870a805dd6e96c391ac4ff6
+AUX 0.4.1-New-entry--opt_quiet.patch 4531 SHA256 b1a6b0a6eabc86bdfd13fa7d879e032e69013a37ba17892d87b33288eb212c76 WHIRLPOOL 4ff80f571643e4d95ed8e00edbf0c5d70ed25a6e04522976ce3e54c45699be025e208a2e7df96aa09560658bdfe7c964d2c09b02915e34f985d379b3e33a5fbd
+AUX 0.4.1-Use-LDFLAGS-and-GCC.patch 937 SHA256 66ab561847a37ed08e45c75f6430e65293fe8feabe94723c62fc1d5bd37b5753 WHIRLPOOL 4e0fcca4f3ebd2647294fe094f07c0f60b7a784866172d44a83e06dfecf4d0fb9db41f39244463a4992c761cb2abbe1c6087c8513c8f6a516d95a02a2ce7fa49
+AUX 0.4.1-debian-specific.patch 6260 SHA256 2a9e22348f605d87ec8e0d0b511c358e28e6d8cf35d2b94e33caf88bcac0acd3 WHIRLPOOL 8e7bb7e1e1f550a1e7f66668b5559efc9dc34c29a2c863047fd39cef75239ce5090d7be543f6870583a34f53727636acddd5fca39ffc9eb54b06a6ca5641c81c
+AUX 0.4.1-scdaemon-program-Change-patch.diff 608 SHA256 553e2a311567e6411dc332a265adcafd8902f074a2b839e2ccb4a0f9c3f4d93c WHIRLPOOL 6a4f1fe24d89d858db83d282a3f8e78bfb4bdedcb9022ee9f88f5ca1ed1a878637d3d7ebdb118b4a6bc1ab2a407de48bc54a1374e1e9a9eab80e84573dcdfba8
+AUX 0.4.1-tests-GPG_ERROR_LIBS-LIBGCRYPT_LIBS.patch 1172 SHA256 997421b6cee3553eab424015afff02ad335474738b424afe9d696761bc908ac7 WHIRLPOOL 8d046d8d431b955518d1c490869041f84306c7fd7df8080427ae16d93227d23abc471a9ed88accedd806cc252ec53e732354c69bbbd274b4ae2f181de27fc7b9
+DIST poldi-0.4.1.tar.bz2 351972 SHA256 fe692857c33c5f443eb3bce663fecf553a5600f0c6c0ffacecea02c351c2f749 WHIRLPOOL a3e5639366a1a8b2cc1514d23d64bce3ceabbb9fa13718d37d92842825a0c44a5f1dcafc20939f0c2281d87c66516265cdfeef5691ce3983729ff83508737967
+EBUILD poldi-0.4.1.ebuild 1622 SHA256 ecfcacf5c790d272e5c248dfb1464d5f8550e76eed1f23beb5e5c93aba0bf084 WHIRLPOOL 35e0aaec10f52b6eee96ce0e21fc1c134a77d201c89eb82e5881ac76f6d4f7328ab9802dfa46a2694250b7b6a7913f4f3490be7c55c57ea025356cff6846efad
+MISC ChangeLog 503 SHA256 6b595ea5131df68588f73e6e71ab51435dc3d0a96ae95f2287923b78a353c546 WHIRLPOOL e60f1ed7f9d0dfa2838f95b9791e93d0ed8f63a341d079b8b7947e4eb79b870fa9ae7176e9ab576c8dfed5525c827012d46ea05af94811bf86bbd5ec0a03afde
+MISC metadata.xml 256 SHA256 6ca43960767ca28661abf97c85263db77fe7643902be2ce777c61aa688d8ea2d WHIRLPOOL cef8582829111be09e651eb819e6d1ea59c9c4386b842169ccd46a14c8e3ccb090486fecd61c5fd4aa47998cacc69cdc1fb5ca6bb6325a4da1ebfd0b6eebda7b
diff --git a/sys-auth/poldi/files/0.4.1-Add-scdaemon.conf-installation.patch b/sys-auth/poldi/files/0.4.1-Add-scdaemon.conf-installation.patch
new file mode 100644
index 00000000..a0295c40
--- /dev/null
+++ b/sys-auth/poldi/files/0.4.1-Add-scdaemon.conf-installation.patch
@@ -0,0 +1,45 @@
+From 123b9dc89892a18ca91d7daf675b8dab89f56a5d Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 30 Apr 2014 16:43:03 +0900
+Subject: [PATCH] * conf/Makefile.am: Add scdaemon.conf installation. *
+ conf/scdaemon.conf.skel: New.
+
+---
+ conf/Makefile.am        |  8 +++++++-
+ conf/scdaemon.conf.skel | 11 +++++++++++
+ 2 files changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/conf/Makefile.am b/conf/Makefile.am
+index 373d70d..47a5886 100644
+--- a/conf/Makefile.am
++++ b/conf/Makefile.am
+@@ -33,5 +33,11 @@ install-conf-skeleton:
+ 		install -m 644 -T $(top_srcdir)/conf/poldi.conf.skel \
+                   $(DESTDIR)$(POLDI_CONF_DIRECTORY)/poldi.conf; \
+ 	fi
++	if test -e $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; then \
++		echo "$(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf exists, doing nothing here"; \
++	else \
++		install -m 644 -T $(top_srcdir)/conf/scdaemon.conf.skel \
++                  $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; \
++	fi
+ 
+-EXTRA_DIST = poldi.conf.skel users.skel README.keys
++EXTRA_DIST = poldi.conf.skel users.skel scdaemon.conf.skel README.keys
+diff --git a/conf/scdaemon.conf.skel b/conf/scdaemon.conf.skel
+new file mode 100644
+index 0000000..9c006a9
+--- /dev/null
++++ b/conf/scdaemon.conf.skel
+@@ -0,0 +1,11 @@
++#
++# Disable internal CCID driver (but always use PC/SC driver)
++# disable-ccid
++#
++# Useful options to debug:
++#
++# debug-level guru
++# debug-all
++# log-file /tmp/scd.log
++# debug-ccid-driver
++#
diff --git a/sys-auth/poldi/files/0.4.1-Bug-fix-use--loghandle.patch b/sys-auth/poldi/files/0.4.1-Bug-fix-use--loghandle.patch
new file mode 100644
index 00000000..09017ee2
--- /dev/null
+++ b/sys-auth/poldi/files/0.4.1-Bug-fix-use--loghandle.patch
@@ -0,0 +1,23 @@
+From fbaf642629b4a8b9e2e3b50ec9d0a98e894b7bcf Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 30 Apr 2014 17:15:59 +0900
+Subject: [PATCH] * src/pam/auth-method-localdb/auth-localdb.c
+ (auth_method_localdb_auth_do): Bug fix, use ->loghandle.
+
+---
+ src/pam/auth-method-localdb/auth-localdb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pam/auth-method-localdb/auth-localdb.c b/src/pam/auth-method-localdb/auth-localdb.c
+index 6027ee1..0c65817 100644
+--- a/src/pam/auth-method-localdb/auth-localdb.c
++++ b/src/pam/auth-method-localdb/auth-localdb.c
+@@ -117,7 +117,7 @@ auth_method_localdb_auth_do (poldi_ctx_t ctx,
+     username = username_desired;
+ 
+   if (ctx->debug)
+-    log_msg_debug (ctx->conv,
++    log_msg_debug (ctx->loghandle,
+ 		   _("Trying authentication as user `%s'..."), username);
+   if (!ctx->quiet)
+     conv_tell (ctx->conv,
diff --git a/sys-auth/poldi/files/0.4.1-Fixed-log-file-path.patch b/sys-auth/poldi/files/0.4.1-Fixed-log-file-path.patch
new file mode 100644
index 00000000..2ba3f9ee
--- /dev/null
+++ b/sys-auth/poldi/files/0.4.1-Fixed-log-file-path.patch
@@ -0,0 +1,26 @@
+From 371d4dd3a73d8a93beb5b39e0361a1c972293a8d Mon Sep 17 00:00:00 2001
+From: Moritz Schulte <mo@g10code.com>
+Date: Sat, 8 Aug 2009 15:02:51 +0000
+Subject: [PATCH] 2009-08-08  Moritz  <moritz@gnu.org>
+
+2009-08-08  Moritz  <moritz@gnu.org>
+
+	* poldi.conf.skel: Fixed log-file path.
+
+---
+ conf/poldi.conf.skel | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/conf/poldi.conf.skel b/conf/poldi.conf.skel
+index aa08924..58967b3 100644
+--- a/conf/poldi.conf.skel
++++ b/conf/poldi.conf.skel
+@@ -5,7 +5,7 @@
+ auth-method localdb
+ 
+ # Specify the log file:
+-log-file /home/moritz/logs/poldi.txt
++log-file /var/log/poldi
+ 
+ # Enable debugging messages
+ debug
diff --git a/sys-auth/poldi/files/0.4.1-New-entry--opt_quiet.patch b/sys-auth/poldi/files/0.4.1-New-entry--opt_quiet.patch
new file mode 100644
index 00000000..583f9911
--- /dev/null
+++ b/sys-auth/poldi/files/0.4.1-New-entry--opt_quiet.patch
@@ -0,0 +1,135 @@
+From d69605b9c7d31d8886449e656ed224a28c510fe2 Mon Sep 17 00:00:00 2001
+From: Moritz Schulte <mo@g10code.com>
+Date: Sat, 17 Jan 2009 17:19:51 +0000
+Subject: [PATCH] src/pam/ChangeLog:
+
+2009-01-17  Moritz  <moritz@gnu.org>
+
+	* pam_poldi.c (enum opt_ids): New entry: opt_quiet.
+	(opt_specs): New entry for opt_quiet.
+	(pam_poldi_options_cb): Parse quiet option.
+	(pam_sm_authenticate): Skip calls to conv_tell in case ctx->quiet
+	is true. Thanks, Gordian.
+
+src/pam/auth-support/ChangeLog:
+
+2009-01-17  Moritz  <moritz@gnu.org>
+
+	* ctx.h (struct poldi_ctx_s): New struct member: quiet.
+
+src/pam/auth-method-localdb/ChangeLog:
+
+2009-01-17  Moritz  <moritz@gnu.org>
+
+	* auth-localdb.c (auth_method_localdb_auth_do): Skip calls to
+	conv_tell in case ctx->quiet is true.
+---
+ src/pam/auth-method-localdb/auth-localdb.c |  7 ++++---
+ src/pam/auth-support/ctx.h                 |  5 ++++-
+ src/pam/pam_poldi.c                        | 18 ++++++++++++++----
+ 7 files changed, 50 insertions(+), 8 deletions(-)
+
+diff --git a/src/pam/auth-method-localdb/auth-localdb.c b/src/pam/auth-method-localdb/auth-localdb.c
+index b1b0d88..6027ee1 100644
+--- a/src/pam/auth-method-localdb/auth-localdb.c
++++ b/src/pam/auth-method-localdb/auth-localdb.c
+@@ -1,5 +1,5 @@
+ /* auth-localdb.c - localdb authentication method for Poldi.
+-   Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH
++   Copyright (C) 2004, 2005, 2007, 2008, 2009 g10 Code GmbH
+  
+    This file is part of Poldi.
+  
+@@ -119,8 +119,9 @@ auth_method_localdb_auth_do (poldi_ctx_t ctx,
+   if (ctx->debug)
+     log_msg_debug (ctx->conv,
+ 		   _("Trying authentication as user `%s'..."), username);
+-  conv_tell (ctx->conv,
+-	     _("Trying authentication as user `%s'..."), username);
++  if (!ctx->quiet)
++    conv_tell (ctx->conv,
++	       _("Trying authentication as user `%s'..."), username);
+ 
+   /* Verify (again) that the given account is associated with the
+      serial number.  */
+diff --git a/src/pam/auth-support/ctx.h b/src/pam/auth-support/ctx.h
+index 02f5e59..dfc8387 100644
+--- a/src/pam/auth-support/ctx.h
++++ b/src/pam/auth-support/ctx.h
+@@ -1,5 +1,5 @@
+ /* ctx.h - Poldi context structure.
+-   Copyright (C) 2008 g10 Code GmbH
++   Copyright (C) 2008, 2009 g10 Code GmbH
+  
+    This file is part of Poldi.
+  
+@@ -64,6 +64,9 @@ struct poldi_ctx_s
+ 				   should emmit debugging
+ 				   messages.  */
+ 
++  int quiet;			/* Be more quiet during PAM
++				   conversation with user. */
++
+   /* Scdaemon. */
+   char *scdaemon_program;	/* Path of Scdaemon program to execute.  */
+   scd_context_t scd;		/* Handle for the Scdaemon access
+diff --git a/src/pam/pam_poldi.c b/src/pam/pam_poldi.c
+index b4883ee..6428215 100644
+--- a/src/pam/pam_poldi.c
++++ b/src/pam/pam_poldi.c
+@@ -1,5 +1,5 @@
+ /* pam_poldi.c - PAM authentication via OpenPGP smartcards.
+-   Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH
++   Copyright (C) 2004, 2005, 2007, 2008, 2009 g10 Code GmbH
+  
+    This file is part of Poldi.
+  
+@@ -80,7 +80,8 @@ enum opt_ids
+     opt_logfile,
+     opt_auth_method,
+     opt_debug,
+-    opt_scdaemon_program
++    opt_scdaemon_program,
++    opt_quiet
+   };
+ 
+ /* Full specifications for options. */
+@@ -94,6 +95,8 @@ static simpleparse_opt_spec_t opt_specs[] =
+       0, SIMPLEPARSE_ARG_NONE,     0, "Enable debugging mode" },
+     { opt_scdaemon_program, "scdaemon-program",
+       0, SIMPLEPARSE_ARG_REQUIRED, 0, "Specify scdaemon executable to use" },
++    { opt_quiet, "quiet",
++      0, SIMPLEPARSE_ARG_NONE, 0, "Be more quiet during PAM conversation with user" },
+     { 0 }
+   };
+ 
+@@ -168,6 +171,11 @@ pam_poldi_options_cb (void *cookie, simpleparse_opt_spec_t spec, const char *arg
+       ctx->debug = 1;
+       log_set_min_level (ctx->loghandle, LOG_LEVEL_DEBUG);
+     }
++  else if (!strcmp (spec.long_opt, "quiet"))
++    {
++      /* QUIET.  */
++      ctx->quiet = 1;
++    }
+ 
+   return gpg_error (err);
+ }
+@@ -480,13 +488,15 @@ pam_sm_authenticate (pam_handle_t *pam_handle,
+     {
+       if (ctx->debug)
+ 	log_msg_debug (ctx->loghandle, _("Waiting for card for user `%s'..."), pam_username);
+-      conv_tell (ctx->conv, _("Waiting for card for user `%s'..."), pam_username);
++      if (!ctx->quiet)
++	conv_tell (ctx->conv, _("Waiting for card for user `%s'..."), pam_username);
+     }
+   else
+     {
+       if (ctx->debug)
+ 	log_msg_debug (ctx->loghandle, _("Waiting for card..."));
+-      conv_tell (ctx->conv, _("Waiting for card..."));
++      if (!ctx->quiet)
++	conv_tell (ctx->conv, _("Waiting for card..."));
+     }
+ 
+   err = wait_for_card (ctx->scd, 0);
diff --git a/sys-auth/poldi/files/0.4.1-Use-LDFLAGS-and-GCC.patch b/sys-auth/poldi/files/0.4.1-Use-LDFLAGS-and-GCC.patch
new file mode 100644
index 00000000..be944ec5
--- /dev/null
+++ b/sys-auth/poldi/files/0.4.1-Use-LDFLAGS-and-GCC.patch
@@ -0,0 +1,22 @@
+From 51ff0fe77a07a4a7386bda2a520e35b90d3a4611 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 30 Apr 2014 17:15:11 +0900
+Subject: [PATCH] * src/pam/Makefile.am (pam_poldi.so): Use LDFLAGS and GCC.
+
+---
+ src/pam/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pam/Makefile.am b/src/pam/Makefile.am
+index a056613..968fb71 100644
+--- a/src/pam/Makefile.am
++++ b/src/pam/Makefile.am
+@@ -61,7 +61,7 @@ libpam_poldi_a_SOURCES = \
+ 
+ pam_poldi.so: libpam_poldi.a $(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \
+ 		../scd/libscd_shared.a ../util/libpoldi-util_shared.a
+-	gcc -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \
++	$(CC) $(LDFLAGS) -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \
+ 		libpam_poldi.a \
+ 		$(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \
+ 		../scd/libscd_shared.a ../util/libpoldi-util_shared.a ../assuan/libassuan.a \
diff --git a/sys-auth/poldi/files/0.4.1-debian-specific.patch b/sys-auth/poldi/files/0.4.1-debian-specific.patch
new file mode 100644
index 00000000..888d7c26
--- /dev/null
+++ b/sys-auth/poldi/files/0.4.1-debian-specific.patch
@@ -0,0 +1,168 @@
+Description: Debian specific changes
+  This patch is generated from revision 0.4.1-2.1 of Debian source.
+Author: Debian poldi maintainers
+Reviewed-By: NIIBE Yutaka
+Last-Update: 2013-07-10
+
+Index: poldi-0.4.1/configure.ac
+===================================================================
+--- poldi-0.4.1.orig/configure.ac	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/configure.ac	2013-07-10 12:22:44.384409856 +0000
+@@ -215,7 +215,7 @@
+ if test "$have_ksba" = "no"; then
+    AC_MSG_NOTICE([[
+ ***
+-*** libksba not found, building with X.509 authentication support.
++*** libksba not found, building without X.509 authentication support.
+ *** libksba can be retrieved from:
+ ***   URL FIXME
+ *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required).
+Index: poldi-0.4.1/MIGRATION
+===================================================================
+--- poldi-0.4.1.orig/MIGRATION	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/MIGRATION	2013-07-10 12:22:44.372409854 +0000
+@@ -51,3 +51,5 @@
+   - "fake-wait-for-card"
+   - "require-card-switch"
+   - "wait-timeout"
++  - "try_pin"
++  - "quiet"
+Index: poldi-0.4.1/TODO
+===================================================================
+--- poldi-0.4.1.orig/TODO	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/TODO	2013-07-10 12:22:44.372409854 +0000
+@@ -2,6 +2,9 @@
+ * allow for Dirmngr to be started on demand (in pipe mode) (NO <- Why?!)
+ 
+ Low priority:
++* allow user to skip card authentication without submitting a wrong
++   PIN to the card, e.g. by entering an empty PIN? Return
++   PAM_CRED_INSUFFICIENT in that case? PAM_AUTHINFO_UNAVAIL? PAM_AUTH_ERR?
+ * figure out what exactly the dependencies on the OpenPGP smartcard are.
+ * improve doc
+ * work on MIGRATION text
+Index: poldi-0.4.1/src/scd/scd.c
+===================================================================
+--- poldi-0.4.1.orig/src/scd/scd.c	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/src/scd/scd.c	2013-07-10 12:22:44.384409856 +0000
+@@ -326,7 +326,7 @@
+ 	 fallback: spawn a new scdaemon.  */
+ 
+       const char *pgmname;
+-      const char *argv[3];
++      const char *argv[6];
+       int no_close_list[3];
+       int i;
+ 
+@@ -352,7 +352,13 @@
+ 
+       argv[0] = pgmname;
+       argv[1] = "--server";
+-      argv[2] = NULL;
++      argv[2] = "--options";
++      argv[3] = "/etc/poldi/scdaemon.conf";
++      if (flags & SCD_FLAG_VERBOSE)
++	argv[4] = "-v";
++      else
++	argv[4] = NULL;
++      argv[5] = NULL;
+ 
+       i=0;
+ 
+@@ -362,7 +368,8 @@
+       if (log_get_fd () != -1)
+         no_close_list[i++] = log_get_fd ();
+ #endif
+-      no_close_list[i++] = fileno (stderr);
++      if (flags & SCD_FLAG_VERBOSE)
++	no_close_list[i++] = fileno (stderr);
+       no_close_list[i] = -1;
+ 
+       /* connect to the agent and perform initial handshaking */
+Index: poldi-0.4.1/src/pam/auth-support/getpin-cb.c
+===================================================================
+--- poldi-0.4.1.orig/src/pam/auth-support/getpin-cb.c	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/src/pam/auth-support/getpin-cb.c	2013-07-10 12:22:44.384409856 +0000
+@@ -81,9 +81,15 @@
+ 	 Shouldn't they be done in scdaemon itself?  -mo */
+ 
+       if (strlen (buffer) < 6)	/* FIXME? is it really minimum of 6 bytes? */
+-	log_msg_error (ctx->loghandle, _("invalid PIN"));
+-      else if (!all_digitsp (buffer))
+-	log_msg_error (ctx->loghandle, _("invalid characters in PIN"));
++	{
++	  log_msg_error (ctx->loghandle, _("PIN too short"));
++	  conv_tell(ctx->conv, "%s", _("PIN too short"));
++	}
++/*       else if (!all_digitsp (buffer)) */
++/* 	{ */
++/* 	  log_msg_error (ctx->loghandle, _("invalid characters in PIN")); */
++/* 	  conv_tell(ctx->conv, "%s", _("invalid characters in PIN")); */
++/* 	} */
+       else
+ 	break;
+     }
+@@ -235,7 +241,7 @@
+ 	err = query_user (ctx, info_frobbed, buf, maxbuf);
+       else
+ 	/* Use string which is more user friendly. */
+-	err = query_user (ctx, _("||Please enter the PIN"), buf, maxbuf);
++	err = query_user (ctx, _("Please enter the PIN: "), buf, maxbuf);
+     }
+   else
+     {
+@@ -254,7 +260,7 @@
+ 	  if (info_frobbed)
+ 	    err = keypad_mode_enter (ctx, info_frobbed);
+ 	  else
+-	    err = keypad_mode_enter (ctx, _("||Please enter the PIN"));
++	    err = keypad_mode_enter (ctx, _("Please enter the PIN: "));
+ 	}
+       else
+         err = gpg_error (GPG_ERR_INV_VALUE); /* FIXME: must signal
+Index: poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c
+===================================================================
+--- poldi-0.4.1.orig/src/pam/auth-method-localdb/auth-localdb.c	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c	2013-07-10 12:22:44.384409856 +0000
+@@ -128,12 +130,14 @@
+   if (err)
+     {
+       if (ctx->debug)
+-	log_msg_debug (ctx->loghandle,
+-		       _("Serial number %s is not associated with user %s"),
+-		       ctx->cardinfo.serialno, username);
+-      conv_tell (ctx->conv,
+-		 _("Serial number %s is not associated with user %s"),
+-		 ctx->cardinfo.serialno, username);
++	{
++	  log_msg_debug (ctx->loghandle,
++			 _("Serial number %s is not associated with user %s"),
++			 ctx->cardinfo.serialno, username);
++	  conv_tell (ctx->conv,
++		     _("Serial number %s is not associated with user %s"),
++		     ctx->cardinfo.serialno, username);
++	}
+       err = gcry_error (GPG_ERR_INV_NAME);
+       goto out;
+     }
+Index: poldi-0.4.1/configure
+===================================================================
+--- poldi-0.4.1.orig/configure	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/configure	2013-07-10 12:22:44.380409854 +0000
+@@ -9869,14 +9869,14 @@
+ if test "$have_ksba" = "no"; then
+    { echo "$as_me:$LINENO:
+ ***
+-*** libksba not found, building with X.509 authentication support.
++*** libksba not found, building without X.509 authentication support.
+ *** libksba can be retrieved from:
+ ***   URL FIXME
+ *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required).
+ ***" >&5
+ echo "$as_me:
+ ***
+-*** libksba not found, building with X.509 authentication support.
++*** libksba not found, building without X.509 authentication support.
+ *** libksba can be retrieved from:
+ ***   URL FIXME
+ *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required).
diff --git a/sys-auth/poldi/files/0.4.1-scdaemon-program-Change-patch.diff b/sys-auth/poldi/files/0.4.1-scdaemon-program-Change-patch.diff
new file mode 100644
index 00000000..80d2bd90
--- /dev/null
+++ b/sys-auth/poldi/files/0.4.1-scdaemon-program-Change-patch.diff
@@ -0,0 +1,20 @@
+From 90f8fe57c85b326b047f605dcb4b8cd9ae3486a6 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 30 Apr 2014 16:39:29 +0900
+Subject: [PATCH] * conf/poldi.conf.skel (scdaemon-program): Change the
+ path.
+
+---
+ conf/poldi.conf.skel | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/conf/poldi.conf.skel b/conf/poldi.conf.skel
+index 58967b3..3fed157 100644
+--- a/conf/poldi.conf.skel
++++ b/conf/poldi.conf.skel
+@@ -11,4 +11,4 @@ log-file /var/log/poldi
+ debug
+ 
+ # Specify SCDaemon executable
+-scdaemon-program /usr/bin/scdaemon
++scdaemon-program /usr/lib/gnupg2/scdaemon
diff --git a/sys-auth/poldi/files/0.4.1-tests-GPG_ERROR_LIBS-LIBGCRYPT_LIBS.patch b/sys-auth/poldi/files/0.4.1-tests-GPG_ERROR_LIBS-LIBGCRYPT_LIBS.patch
new file mode 100644
index 00000000..17d540b9
--- /dev/null
+++ b/sys-auth/poldi/files/0.4.1-tests-GPG_ERROR_LIBS-LIBGCRYPT_LIBS.patch
@@ -0,0 +1,35 @@
+From f98051e7faee74090dcba15f7ac7eb4714da390b Mon Sep 17 00:00:00 2001
+From: Moritz Schulte <mo@g10code.com>
+Date: Sat, 16 May 2009 14:46:01 +0000
+Subject: [PATCH] 2009-05-10  Moritz  <moritz@gnu.org>
+
+	* Makefile.am (parse_test_CFLAGS): Use $(GPG_ERROR_CFLAGS).
+	(parse_test_LDADD): Use $(GPG_ERROR_LIBS) and $(LIBGCRYPT_LIBS).
+---
+ tests/Makefile.am | 9 +++++----
+ 2 files changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index b9d4171..7128f92 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -1,4 +1,4 @@
+-# Copyright (C) 2008 g10 Code GmbH
++# Copyright (C) 2008, 2009 g10 Code GmbH
+ #
+ # This file is part of Poldi.
+ #
+@@ -20,9 +20,10 @@
+ noinst_PROGRAMS = parse-test pam-test
+ 
+ parse_test_SOURCES = parse-test.c
+-parse_test_CFLAGS = -Wall -I$(top_srcdir)/src/util -I$(top_srcdir)/src
+-
+-parse_test_LDADD = $(top_builddir)/src/util/libpoldi-util.a -lgcrypt
++parse_test_CFLAGS = -Wall -I$(top_srcdir)/src/util -I$(top_srcdir)/src \
++ $(GPG_ERROR_CFLAGS)
++parse_test_LDADD = $(top_builddir)/src/util/libpoldi-util.a \
++ $(GPG_ERROR_LIBS) $(LIBGCRYPT_LIBS)
+ 
+ pam_test_SOURCES = pam-test.c
+ pam_test_CFLAGS = -Wall
diff --git a/sys-auth/poldi/metadata.xml b/sys-auth/poldi/metadata.xml
new file mode 100644
index 00000000..b5e02a8f
--- /dev/null
+++ b/sys-auth/poldi/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+    <maintainer>
+        <email>bertrand@jacquin.bzh</email>
+        <name>Bertrand Jacquin</name>
+    </maintainer>
+</pkgmetadata>
diff --git a/sys-auth/poldi/poldi-0.4.1.ebuild b/sys-auth/poldi/poldi-0.4.1.ebuild
new file mode 100644
index 00000000..8b6a20ca
--- /dev/null
+++ b/sys-auth/poldi/poldi-0.4.1.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit autotools flag-o-matic pam
+
+DESCRIPTION="PAM module implementing authentication via OpenPGP smartcards"
+HOMEPAGE="http://www.gnupg.org/"
+SRC_URI="mirror://gnupg/alpha/${PN}/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="usb"
+
+DEPEND="dev-libs/libgcrypt:=
+	virtual/pam
+	>=dev-libs/libgpg-error-0.7
+	usb? ( virtual/libusb:= )"
+RDEPEND="${DEPEND}"
+
+src_prepare() {
+	epatch "${FILESDIR}/${PV}-debian-specific.patch"
+	epatch "${FILESDIR}/${PV}-New-entry--opt_quiet.patch"                # Sat, 17 Jan 2009 17:19:51 +0000
+	epatch "${FILESDIR}/${PV}-tests-GPG_ERROR_LIBS-LIBGCRYPT_LIBS.patch" # Sat, 16 May 2009 14:46:01 +0000
+	epatch "${FILESDIR}/${PV}-Fixed-log-file-path.patch"                 # Sat, 8 Aug 2009 15:02:51 +0000
+	epatch "${FILESDIR}/${PV}-scdaemon-program-Change-patch.diff"        # Wed, 30 Apr 2014 16:39:29 +0900
+	epatch "${FILESDIR}/${PV}-Add-scdaemon.conf-installation.patch"      # Wed, 30 Apr 2014 16:43:03 +0900
+	epatch "${FILESDIR}/${PV}-Use-LDFLAGS-and-GCC.patch"                 # Wed, 30 Apr 2014 17:15:11 +0900
+	epatch "${FILESDIR}/${PV}-Bug-fix-use--loghandle.patch"              # Wed, 30 Apr 2014 17:15:59 +0900
+
+	eautoreconf
+}
+
+src_configure() {
+	econf --with-pam-module-directory=$(getpam_mod_dir)
+
+	append-cflags '-DGNUPG_DEFAULT_SCD=\"/usr/libexec/scdaemon\"'
+}
+
+src_compile() {
+	emake CFLAGS="${CFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${ED}" install install-conf-skeleton
+
+	dodoc AUTHORS ChangeLog MIGRATION NEWS README THANKS TODO
+}