--- a/core/shadow/shadow.sh	Mon Apr 01 20:20:00 2019 +0200
+++ b/core/shadow/shadow.sh	Mon Apr 01 20:25:00 2019 +0200
@@ -21,7 +21,7 @@
 PKGLICENSE="BSD"
 PKGSUMMARY="password and account management"
 PKGDOWNLOAD="https://github.com/shadow-maint/shadow/releases/download/$PKGVERSION/$PKGNAME-$PKGVERSION.tar.xz"
-PKGOPTIONS="NLS"
+PKGOPTIONS="ACL ATTR NLS PAM SELINUX"
 PKGPROTECT="etc/login.defs"
 
 : ${CHOST:=$(uname -m)-linux-musl}
@@ -30,7 +30,25 @@
 : ${CFLAGS:=-O2}
 : ${LDFLAGS:=}
 : ${LIBS:=}
+: ${ACL:=yes}
+: ${ATTR:=yes}
 : ${NLS:=yes}
+: ${PAM:=yes}
+: ${SELINUX:=no}
+
+if [ "$ACL" = "yes" ]; then
+	PKGDEPENDS="core/acl $PKGDEPENDS"
+	with_acl="--with-acl"
+else
+	with_acl="--without-acl"
+fi
+
+if [ "$ATTR" = "yes" ]; then
+	PKGDEPENDS="core/acl $PKGDEPENDS"
+	with_attr="--with-attr"
+else
+	with_attr="--without-attr"
+fi
 
 if [ "$NLS" = "yes" ]; then
 	PKGDEPENDS="core/gettext $PKGDEPENDS"
@@ -39,6 +57,19 @@
 	with_nls="--disable-nls"
 fi
 
+if [ "$PAM" = "yes" ]; then
+	PKGDEPENDS="security/pam $PKGDEPENDS"
+	with_pam="--with-pam"
+else
+	with_pam="--without-pam"
+fi
+
+if [ "$SELINUX" = "yes" ]; then
+	with_selinux="--enable-selinux"
+else
+	with_selinux="--disable-selinux"
+fi
+
 build()
 {
 	rm -rf $PKGNAME-$PKGVERSION
@@ -62,15 +93,27 @@
 		--bindir=/usr/bin \
 		--sbindir=/usr/sbin \
 		--sysconfdir=/etc \
+		--without-audit \
+		--without-tcb \
 		--without-libcrack \
 		--disable-static \
 		--enable-shared \
-		--without-pam \
-		--without-libpam \
-		$with_nls
+		$with_acl \
+		$with_attr \
+		$with_nls \
+		$with_pam \
+		$with_selinux
 	make
 	make install DESTDIR=$DESTDIR
 
+	# --disable-selinux does not update pam.d files
+	if [ "$SELINUX" = "no" ]; then
+		sed -i -e "/pam_selinux.so/d" $DESTDIR/etc/pam.d/{login,su}
+	fi
+
+	# pam_console.so isn't shipped with linux-pam.
+	sed -i -e "/pam_console.so/d" $DESTDIR/etc/pam.d/login
+
 	popd
 	rm -rf $PKGNAME-$PKGVERSION
 }