* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2020-07-17 12:43 Anthony G. Basile
0 siblings, 0 replies; 8+ messages in thread
From: Anthony G. Basile @ 2020-07-17 12:43 UTC (permalink / raw
To: gentoo-commits
commit: da876731dca86b5bedac94e013ce2bcdc56d319a
Author: stefson <herrtimson <AT> yahoo <DOT> de>
AuthorDate: Fri Jul 10 11:22:06 2020 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Jul 17 12:42:59 2020 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=da876731
sys-auth/polkit: add upstream fix for mozjs-68
the mozjs patch is from upstream: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/48
the netgroup patch does collide with it, so I backported it on my own and renamed it. It did pass all tests on armv7-musl, still I dropped keywords to allow testing for others.
Signed-off-by: Steffen Kuhn <nielson2 <AT> yandex.com>
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>
...it-0.116-make-netgroup-support-optional-2.patch | 219 +++
.../files/polkit-0.116-spidermonkey-68.patch | 1395 ++++++++++++++++++++
sys-auth/polkit/polkit-0.116-r2.ebuild | 138 ++
3 files changed, 1752 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch
new file mode 100644
index 0000000..aef30ef
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch
@@ -0,0 +1,219 @@
+diff --git a/configure.ac b/configure.ac
+index 4809dc9..d1ea325 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+ [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+
+-AC_CHECK_FUNCS(clearenv fdatasync)
++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
+
+ if test "x$GCC" = "xyes"; then
+ LDFLAGS="-Wl,--as-needed $LDFLAGS"
+diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
+index 3aa1f7f..793f17d 100644
+--- a/src/polkit/polkitidentity.c
++++ b/src/polkit/polkitidentity.c
+@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
+ }
+ else if (g_str_has_prefix (str, "unix-netgroup:"))
+ {
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine ('%s')",
++ str);
++#else
+ identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
++#endif
+ }
+
+ if (identity == NULL && (error != NULL && *error == NULL))
+@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ GVariant *v;
+ const char *name;
+
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine");
++ goto out;
++#else
++
+ v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
+ if (v == NULL)
+ {
+@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ name = g_variant_get_string (v, NULL);
+ ret = polkit_unix_netgroup_new (name);
+ g_variant_unref (v);
++#endif
+ }
+ else
+ {
+diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
+index 8a2b369..83f8d4a 100644
+--- a/src/polkit/polkitunixnetgroup.c
++++ b/src/polkit/polkitunixnetgroup.c
+@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
+ PolkitIdentity *
+ polkit_unix_netgroup_new (const gchar *name)
+ {
++#ifndef HAVE_SETNETGRENT
++ g_assert_not_reached();
++#endif
+ g_return_val_if_fail (name != NULL, NULL);
+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
+ "name", name,
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 056d9a8..36c2f3d 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
+ GList *ret;
+
+ ret = NULL;
++#ifdef HAVE_SETNETGRENT
+ name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
+
+-#ifdef HAVE_SETNETGRENT_RETURN
++# ifdef HAVE_SETNETGRENT_RETURN
+ if (setnetgrent (name) == 0)
+ {
+ g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
+ goto out;
+ }
+-#else
++# else
+ setnetgrent (name);
+-#endif
++# endif /* HAVE_SETNETGRENT_RETURN */
+
+ for (;;)
+ {
+-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
+ const char *hostname, *username, *domainname;
+-#else
++# else
+ char *hostname, *username, *domainname;
+-#endif
++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
+ PolkitIdentity *user;
+ GError *error = NULL;
+
+@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,
+
+ out:
+ endnetgrent ();
++#endif /* HAVE_SETNETGRENT */
+ return ret;
+ }
+
+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
+index 1d91103..366cbdf 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+
+ JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
+
++#ifdef HAVE_SETNETGRENT
+ JS::RootedString usrstr (authority->priv->cx);
+ usrstr = args[0].toString();
+ user = JS_EncodeStringToUTF8 (cx, usrstr);
+@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+ {
+ is_in_netgroup = true;
+ }
++#endif
+
+ ret = true;
+
+diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
+index e91967b..e829aaa 100644
+--- a/test/polkit/polkitidentitytest.c
++++ b/test/polkit/polkitidentitytest.c
+@@ -19,6 +19,7 @@
+ * Author: Nikki VonHollen <vonhollen@google.com>
+ */
+
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <polkit/polkitprivate.h>
+@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
+ {"unix-group:root", "unix-group:jane", FALSE},
+ {"unix-group:jane", "unix-group:jane", TRUE},
+
++#ifdef HAVE_SETNETGRENT
+ {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
+ {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
++#endif
+
+ {"unix-user:root", "unix-group:root", FALSE},
++#ifdef HAVE_SETNETGRENT
+ {"unix-user:jane", "unix-netgroup:foo", FALSE},
++#endif
+
+ {NULL},
+ };
+@@ -181,11 +186,13 @@ main (int argc, char *argv[])
+ g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
+ g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
+
++#ifdef HAVE_SETNETGRENT
+ g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
++#endif
+
+ g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
+ g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
+- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
+
+ add_comparison_tests ();
+
+diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
+index 3701ba1..e3352eb 100644
+--- a/test/polkit/polkitunixnetgrouptest.c
++++ b/test/polkit/polkitunixnetgrouptest.c
+@@ -19,6 +19,7 @@
+ * Author: Nikki VonHollen <vonhollen@google.com>
+ */
+
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <string.h>
+@@ -69,7 +70,9 @@ int
+ main (int argc, char *argv[])
+ {
+ g_test_init (&argc, &argv, NULL);
++#ifdef HAVE_SETNETGRENT
+ g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
+ g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
++#endif
+ return g_test_run ();
+ }
+diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
+index 71aad23..fdd28f3 100644
+--- a/test/polkitbackend/test-polkitbackendjsauthority.c
++++ b/test/polkitbackend/test-polkitbackendjsauthority.c
+@@ -137,12 +137,14 @@ test_get_admin_identities (void)
+ "unix-group:users"
+ }
+ },
++#ifdef HAVE_SETNETGRENT
+ {
+ "net.company.action3",
+ {
+ "unix-netgroup:foo"
+ }
+ },
++#endif
+ };
+ guint n;
+
diff --git a/sys-auth/polkit/files/polkit-0.116-spidermonkey-68.patch b/sys-auth/polkit/files/polkit-0.116-spidermonkey-68.patch
new file mode 100644
index 0000000..e57dfd7
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.116-spidermonkey-68.patch
@@ -0,0 +1,1395 @@
+From 12f3d25fb73c68151f84c97c79acab7d5344f606 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?X=E2=84=B9=20Ruoyao?= <xry111@mengyan1223.wang>
+Date: Fri, 13 Mar 2020 14:55:44 +0800
+Subject: [PATCH 1/3] Port JavaScript authority to mozjs-68
+
+---
+ configure.ac | 2 +-
+ .../polkitbackendjsauthority.cpp | 136 ++++++++++--------
+ 2 files changed, 76 insertions(+), 62 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5cedb4e..cd678f1 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+
+-PKG_CHECK_MODULES(LIBJS, [mozjs-60])
++PKG_CHECK_MODULES(LIBJS, [mozjs-68])
+
+ AC_SUBST(LIBJS_CFLAGS)
+ AC_SUBST(LIBJS_CXXFLAGS)
+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
+index 0f18085..d5113cb 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -43,7 +43,12 @@
+ #include <systemd/sd-login.h>
+ #endif /* HAVE_LIBSYSTEMD */
+
++#include <js/CompilationAndEvaluation.h>
++#include <js/ContextOptions.h>
+ #include <js/Initialization.h>
++#include <js/Realm.h>
++#include <js/SourceText.h>
++#include <js/Warnings.h>
+ #include <jsapi.h>
+
+ #include "initjs.h" /* init.js */
+@@ -76,7 +81,7 @@ struct _PolkitBackendJsAuthorityPrivate
+
+ JSContext *cx;
+ JS::Heap<JSObject*> *js_global;
+- JSAutoCompartment *ac;
++ JSAutoRealm *ac;
+ JS::Heap<JSObject*> *js_polkit;
+
+ GThread *runaway_killer_thread;
+@@ -298,14 +303,35 @@ load_scripts (PolkitBackendJsAuthority *authority)
+ for (l = files; l != NULL; l = l->next)
+ {
+ const gchar *filename = (gchar *)l->data;
+- JS::RootedScript script(authority->priv->cx);
++ GFile *file = g_file_new_for_path (filename);
++ char *contents;
++ gsize len;
++ if (!g_file_load_contents (file, NULL, &contents, &len, NULL, NULL))
++ {
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Error compiling script %s",
++ filename);
++ continue;
++ }
++ JS::SourceText<mozilla::Utf8Unit> source;
++ if (!source.init (authority->priv->cx, contents, len,
++ JS::SourceOwnership::Borrowed))
++ {
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Error compiling script %s",
++ filename);
++ g_free (contents);
++ continue;
++ }
+ JS::CompileOptions options(authority->priv->cx);
+- options.setUTF8(true);
+- if (!JS::Compile (authority->priv->cx, options, filename, &script))
++ JS::RootedScript script(authority->priv->cx,
++ JS::Compile (authority->priv->cx, options, source));
++ if (!script)
+ {
+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
+ "Error compiling script %s",
+ filename);
++ g_free (contents);
+ continue;
+ }
+
+@@ -318,11 +344,13 @@ load_scripts (PolkitBackendJsAuthority *authority)
+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
+ "Error executing script %s",
+ filename);
++ g_free (contents);
+ continue;
+ }
+
+ //g_print ("Successfully loaded and evaluated script `%s'\n", filename);
+
++ g_free (contents);
+ num_scripts++;
+ }
+
+@@ -335,8 +363,6 @@ load_scripts (PolkitBackendJsAuthority *authority)
+ static void
+ reload_scripts (PolkitBackendJsAuthority *authority)
+ {
+- JS_BeginRequest (authority->priv->cx);
+-
+ JS::AutoValueArray<1> args(authority->priv->cx);
+ JS::RootedValue rval(authority->priv->cx);
+
+@@ -351,7 +377,7 @@ reload_scripts (PolkitBackendJsAuthority *authority)
+ {
+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
+ "Error deleting old rules, not loading new ones");
+- goto out;
++ return;
+ }
+
+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
+@@ -362,8 +388,6 @@ reload_scripts (PolkitBackendJsAuthority *authority)
+
+ /* Let applications know we have new rules... */
+ g_signal_emit_by_name (authority, "changed");
+- out:
+- JS_EndRequest (authority->priv->cx);
+ }
+
+ static void
+@@ -462,11 +486,10 @@ polkit_backend_js_authority_constructed (GObject *object)
+ JS::SetWarningReporter(authority->priv->cx, report_error);
+ JS_SetContextPrivate (authority->priv->cx, authority);
+
+- JS_BeginRequest(authority->priv->cx);
+ entered_request = TRUE;
+
+ {
+- JS::CompartmentOptions compart_opts;
++ JS::RealmOptions compart_opts;
+
+ JS::RootedObject global(authority->priv->cx);
+
+@@ -476,12 +499,12 @@ polkit_backend_js_authority_constructed (GObject *object)
+ if (!global)
+ goto fail;
+
+- authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global);
++ authority->priv->ac = new JSAutoRealm(authority->priv->cx, global);
+
+ if (!authority->priv->ac)
+ goto fail;
+
+- if (!JS_InitStandardClasses (authority->priv->cx, global))
++ if (!JS::InitRealmStandardClasses (authority->priv->cx))
+ goto fail;
+
+ JS::RootedObject polkit(authority->priv->cx);
+@@ -503,13 +526,13 @@ polkit_backend_js_authority_constructed (GObject *object)
+
+ JS::CompileOptions options(authority->priv->cx);
+ JS::RootedValue rval(authority->priv->cx);
+- if (!JS::Evaluate (authority->priv->cx,
+- options,
+- init_js, strlen (init_js), /* init.js */
+- &rval)) /* rval */
+- {
+- goto fail;
+- }
++ JS::SourceText<mozilla::Utf8Unit> source;
++ if (!source.init (authority->priv->cx, init_js, strlen (init_js),
++ JS::SourceOwnership::Borrowed))
++ goto fail;
++
++ if (!JS::Evaluate (authority->priv->cx, options, source, &rval))
++ goto fail;
+
+ if (authority->priv->rules_dirs == NULL)
+ {
+@@ -529,7 +552,6 @@ polkit_backend_js_authority_constructed (GObject *object)
+ setup_file_monitors (authority);
+ load_scripts (authority);
+ }
+- JS_EndRequest (authority->priv->cx);
+ entered_request = FALSE;
+
+ G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->constructed (object);
+@@ -537,8 +559,6 @@ polkit_backend_js_authority_constructed (GObject *object)
+ return;
+
+ fail:
+- if (entered_request)
+- JS_EndRequest (authority->priv->cx);
+ g_critical ("Error initializing JavaScript environment");
+ g_assert_not_reached ();
+ }
+@@ -680,7 +700,7 @@ set_property_strv (PolkitBackendJsAuthority *authority,
+ GPtrArray *value)
+ {
+ JS::RootedValue value_jsval(authority->priv->cx);
+- JS::AutoValueVector elems(authority->priv->cx);
++ JS::RootedValueVector elems(authority->priv->cx);
+ guint n;
+
+ if (!elems.resize(value->len))
+@@ -755,10 +775,15 @@ subject_to_jsval (PolkitBackendJsAuthority *authority,
+ JS::RootedObject global(authority->priv->cx, authority->priv->js_global->get ());
+
+ src = "new Subject();";
+- if (!JS::Evaluate (authority->priv->cx,
+- options,
+- src, strlen (src),
+- out_jsval))
++ JS::SourceText<mozilla::Utf8Unit> source;
++ if (!source.init (authority->priv->cx, src, strlen (src),
++ JS::SourceOwnership::Borrowed))
++ {
++ g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);
++ goto out;
++ }
++
++ if (!JS::Evaluate (authority->priv->cx, options, source, out_jsval))
+ {
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);
+ goto out;
+@@ -877,11 +902,15 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority,
+ JS::RootedObject global(authority->priv->cx, authority->priv->js_global->get ());
+
+ src = "new Action();";
++ JS::SourceText<mozilla::Utf8Unit> source;
++ if (!source.init (authority->priv->cx, src, strlen (src),
++ JS::SourceOwnership::Borrowed))
++ {
++ g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);
++ goto out;
++ }
+
+- if (!JS::Evaluate (authority->priv->cx,
+- options,
+- src, strlen (src),
+- out_jsval))
++ if (!JS::Evaluate (authority->priv->cx, options, source, out_jsval))
+ {
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);
+ goto out;
+@@ -1089,11 +1118,9 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
+ guint n;
+ GError *error = NULL;
+ JS::RootedString ret_jsstr (authority->priv->cx);
+- gchar *ret_str = NULL;
++ JS::UniqueChars ret_str;
+ gchar **ret_strs = NULL;
+
+- JS_BeginRequest (authority->priv->cx);
+-
+ if (!action_and_details_to_jsval (authority, action_id, details, args[0], &error))
+ {
+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
+@@ -1142,7 +1169,7 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
+ goto out;
+ }
+
+- ret_strs = g_strsplit (ret_str, ",", -1);
++ ret_strs = g_strsplit (ret_str.get(), ",", -1);
+ for (n = 0; ret_strs != NULL && ret_strs[n] != NULL; n++)
+ {
+ const gchar *identity_str = ret_strs[n];
+@@ -1166,15 +1193,12 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
+
+ out:
+ g_strfreev (ret_strs);
+- g_free (ret_str);
+ /* fallback to root password auth */
+ if (ret == NULL)
+ ret = g_list_prepend (ret, polkit_unix_user_new (0));
+
+ JS_MaybeGC (authority->priv->cx);
+
+- JS_EndRequest (authority->priv->cx);
+-
+ return ret;
+ }
+
+@@ -1197,11 +1221,9 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
+ JS::RootedValue rval(authority->priv->cx);
+ GError *error = NULL;
+ JS::RootedString ret_jsstr (authority->priv->cx);
+- gchar *ret_str = NULL;
++ JS::UniqueChars ret_str;
+ gboolean good = FALSE;
+
+- JS_BeginRequest (authority->priv->cx);
+-
+ if (!action_and_details_to_jsval (authority, action_id, details, args[0], &error))
+ {
+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
+@@ -1257,12 +1279,12 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
+ goto out;
+ }
+
+- g_strstrip (ret_str);
+- if (!polkit_implicit_authorization_from_string (ret_str, &ret))
++ g_strstrip (ret_str.get());
++ if (!polkit_implicit_authorization_from_string (ret_str.get(), &ret))
+ {
+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
+ "Returned result `%s' is not valid",
+- ret_str);
++ ret_str.get());
+ goto out;
+ }
+
+@@ -1271,12 +1293,9 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
+ out:
+ if (!good)
+ ret = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED;
+- g_free (ret_str);
+
+ JS_MaybeGC (authority->priv->cx);
+
+- JS_EndRequest (authority->priv->cx);
+-
+ return ret;
+ }
+
+@@ -1289,15 +1308,14 @@ js_polkit_log (JSContext *cx,
+ {
+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx));
+ bool ret = false;
+- char *s;
++ JS::UniqueChars s;
+
+ JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
+
+ JS::RootedString jsstr (authority->priv->cx);
+ jsstr = args[0].toString ();
+ s = JS_EncodeStringToUTF8 (cx, jsstr);
+- JS_ReportWarningUTF8 (cx, "%s", s);
+- JS_free (cx, s);
++ JS::WarnUTF8 (cx, "%s", s.get());
+
+ ret = true;
+
+@@ -1400,7 +1418,7 @@ js_polkit_spawn (JSContext *cx,
+ for (n = 0; n < array_len; n++)
+ {
+ JS::RootedValue elem_val(cx);
+- char *s;
++ JS::UniqueChars s;
+
+ if (!JS_GetElement (cx, array_object, n, &elem_val))
+ {
+@@ -1415,8 +1433,7 @@ js_polkit_spawn (JSContext *cx,
+ JS::RootedString jsstr (authority->priv->cx);
+ jsstr = elem_val.toString();
+ s = JS_EncodeStringToUTF8 (cx, jsstr);
+- argv[n] = g_strdup (s);
+- JS_free (cx, s);
++ argv[n] = g_strdup (s.get());
+ }
+
+ context = g_main_context_new ();
+@@ -1499,8 +1516,8 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+ {
+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx));
+ bool ret = false;
+- char *user;
+- char *netgroup;
++ JS::UniqueChars user;
++ JS::UniqueChars netgroup;
+ bool is_in_netgroup = false;
+
+ JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
+@@ -1512,17 +1529,14 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+ netgstr = args[1].toString();
+ netgroup = JS_EncodeStringToUTF8 (cx, netgstr);
+
+- if (innetgr (netgroup,
++ if (innetgr (netgroup.get(),
+ NULL, /* host */
+- user,
++ user.get(),
+ NULL)) /* domain */
+ {
+ is_in_netgroup = true;
+ }
+
+- JS_free (cx, netgroup);
+- JS_free (cx, user);
+-
+ ret = true;
+
+ args.rval ().setBoolean (is_in_netgroup);
+--
+2.24.1
+
+
+From 2e6787ead894911e9172e873d15b84dc237ff209 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?X=E2=84=B9=20Ruoyao?= <xry111@mengyan1223.wang>
+Date: Fri, 13 Mar 2020 15:06:44 +0800
+Subject: [PATCH 2/3] ci: update to mozjs-68
+
+---
+ .gitlab-ci.yml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+From cf22af32577cf49b4e5ed9945ec9cca862c45b3e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?X=E2=84=B9=20Ruoyao?= <xry111@mengyan1223.wang>
+Date: Fri, 3 Apr 2020 23:47:38 +0800
+Subject: [PATCH 3/3] ensure to use C++14
+
+---
+ buildutil/ax_cxx_compile_stdcxx.m4 | 948 +++++++++++++++++++++++++++++
+ configure.ac | 3 +-
+ 2 files changed, 950 insertions(+), 1 deletion(-)
+ create mode 100644 buildutil/ax_cxx_compile_stdcxx.m4
+
+diff --git a/buildutil/ax_cxx_compile_stdcxx.m4 b/buildutil/ax_cxx_compile_stdcxx.m4
+new file mode 100644
+index 0000000..9e9eaed
+--- /dev/null
++++ b/buildutil/ax_cxx_compile_stdcxx.m4
+@@ -0,0 +1,948 @@
++# ===========================================================================
++# https://www.gnu.org/software/autoconf-archive/ax_cxx_compile_stdcxx.html
++# ===========================================================================
++#
++# SYNOPSIS
++#
++# AX_CXX_COMPILE_STDCXX(VERSION, [ext|noext], [mandatory|optional])
++#
++# DESCRIPTION
++#
++# Check for baseline language coverage in the compiler for the specified
++# version of the C++ standard. If necessary, add switches to CXX and
++# CXXCPP to enable support. VERSION may be '11' (for the C++11 standard)
++# or '14' (for the C++14 standard).
++#
++# The second argument, if specified, indicates whether you insist on an
++# extended mode (e.g. -std=gnu++11) or a strict conformance mode (e.g.
++# -std=c++11). If neither is specified, you get whatever works, with
++# preference for an extended mode.
++#
++# The third argument, if specified 'mandatory' or if left unspecified,
++# indicates that baseline support for the specified C++ standard is
++# required and that the macro should error out if no mode with that
++# support is found. If specified 'optional', then configuration proceeds
++# regardless, after defining HAVE_CXX${VERSION} if and only if a
++# supporting mode is found.
++#
++# LICENSE
++#
++# Copyright (c) 2008 Benjamin Kosnik <bkoz@redhat.com>
++# Copyright (c) 2012 Zack Weinberg <zackw@panix.com>
++# Copyright (c) 2013 Roy Stogner <roystgnr@ices.utexas.edu>
++# Copyright (c) 2014, 2015 Google Inc.; contributed by Alexey Sokolov <sokolov@google.com>
++# Copyright (c) 2015 Paul Norman <penorman@mac.com>
++# Copyright (c) 2015 Moritz Klammler <moritz@klammler.eu>
++# Copyright (c) 2016, 2018 Krzesimir Nowak <qdlacz@gmail.com>
++#
++# Copying and distribution of this file, with or without modification, are
++# permitted in any medium without royalty provided the copyright notice
++# and this notice are preserved. This file is offered as-is, without any
++# warranty.
++
++#serial 10
++
++dnl This macro is based on the code from the AX_CXX_COMPILE_STDCXX_11 macro
++dnl (serial version number 13).
++
++AC_DEFUN([AX_CXX_COMPILE_STDCXX], [dnl
++ m4_if([$1], [11], [ax_cxx_compile_alternatives="11 0x"],
++ [$1], [14], [ax_cxx_compile_alternatives="14 1y"],
++ [$1], [17], [ax_cxx_compile_alternatives="17 1z"],
++ [m4_fatal([invalid first argument `$1' to AX_CXX_COMPILE_STDCXX])])dnl
++ m4_if([$2], [], [],
++ [$2], [ext], [],
++ [$2], [noext], [],
++ [m4_fatal([invalid second argument `$2' to AX_CXX_COMPILE_STDCXX])])dnl
++ m4_if([$3], [], [ax_cxx_compile_cxx$1_required=true],
++ [$3], [mandatory], [ax_cxx_compile_cxx$1_required=true],
++ [$3], [optional], [ax_cxx_compile_cxx$1_required=false],
++ [m4_fatal([invalid third argument `$3' to AX_CXX_COMPILE_STDCXX])])
++ AC_LANG_PUSH([C++])dnl
++ ac_success=no
++
++ m4_if([$2], [noext], [], [dnl
++ if test x$ac_success = xno; then
++ for alternative in ${ax_cxx_compile_alternatives}; do
++ switch="-std=gnu++${alternative}"
++ cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx$1_$switch])
++ AC_CACHE_CHECK(whether $CXX supports C++$1 features with $switch,
++ $cachevar,
++ [ac_save_CXX="$CXX"
++ CXX="$CXX $switch"
++ AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_testbody_$1])],
++ [eval $cachevar=yes],
++ [eval $cachevar=no])
++ CXX="$ac_save_CXX"])
++ if eval test x\$$cachevar = xyes; then
++ CXX="$CXX $switch"
++ if test -n "$CXXCPP" ; then
++ CXXCPP="$CXXCPP $switch"
++ fi
++ ac_success=yes
++ break
++ fi
++ done
++ fi])
++
++ m4_if([$2], [ext], [], [dnl
++ if test x$ac_success = xno; then
++ dnl HP's aCC needs +std=c++11 according to:
++ dnl http://h21007.www2.hp.com/portal/download/files/unprot/aCxx/PDF_Release_Notes/769149-001.pdf
++ dnl Cray's crayCC needs "-h std=c++11"
++ for alternative in ${ax_cxx_compile_alternatives}; do
++ for switch in -std=c++${alternative} +std=c++${alternative} "-h std=c++${alternative}"; do
++ cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx$1_$switch])
++ AC_CACHE_CHECK(whether $CXX supports C++$1 features with $switch,
++ $cachevar,
++ [ac_save_CXX="$CXX"
++ CXX="$CXX $switch"
++ AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_testbody_$1])],
++ [eval $cachevar=yes],
++ [eval $cachevar=no])
++ CXX="$ac_save_CXX"])
++ if eval test x\$$cachevar = xyes; then
++ CXX="$CXX $switch"
++ if test -n "$CXXCPP" ; then
++ CXXCPP="$CXXCPP $switch"
++ fi
++ ac_success=yes
++ break
++ fi
++ done
++ if test x$ac_success = xyes; then
++ break
++ fi
++ done
++ fi])
++ AC_LANG_POP([C++])
++ if test x$ax_cxx_compile_cxx$1_required = xtrue; then
++ if test x$ac_success = xno; then
++ AC_MSG_ERROR([*** A compiler with support for C++$1 language features is required.])
++ fi
++ fi
++ if test x$ac_success = xno; then
++ HAVE_CXX$1=0
++ AC_MSG_NOTICE([No compiler with C++$1 support was found])
++ else
++ HAVE_CXX$1=1
++ AC_DEFINE(HAVE_CXX$1,1,
++ [define if the compiler supports basic C++$1 syntax])
++ fi
++ AC_SUBST(HAVE_CXX$1)
++])
++
++
++dnl Test body for checking C++11 support
++
++m4_define([_AX_CXX_COMPILE_STDCXX_testbody_11],
++ _AX_CXX_COMPILE_STDCXX_testbody_new_in_11
++)
++
++
++dnl Test body for checking C++14 support
++
++m4_define([_AX_CXX_COMPILE_STDCXX_testbody_14],
++ _AX_CXX_COMPILE_STDCXX_testbody_new_in_11
++ _AX_CXX_COMPILE_STDCXX_testbody_new_in_14
++)
++
++m4_define([_AX_CXX_COMPILE_STDCXX_testbody_17],
++ _AX_CXX_COMPILE_STDCXX_testbody_new_in_11
++ _AX_CXX_COMPILE_STDCXX_testbody_new_in_14
++ _AX_CXX_COMPILE_STDCXX_testbody_new_in_17
++)
++
++dnl Tests for new features in C++11
++
++m4_define([_AX_CXX_COMPILE_STDCXX_testbody_new_in_11], [[
++
++// If the compiler admits that it is not ready for C++11, why torture it?
++// Hopefully, this will speed up the test.
++
++#ifndef __cplusplus
++
++#error "This is not a C++ compiler"
++
++#elif __cplusplus < 201103L
++
++#error "This is not a C++11 compiler"
++
++#else
++
++namespace cxx11
++{
++
++ namespace test_static_assert
++ {
++
++ template <typename T>
++ struct check
++ {
++ static_assert(sizeof(int) <= sizeof(T), "not big enough");
++ };
++
++ }
++
++ namespace test_final_override
++ {
++
++ struct Base
++ {
++ virtual void f() {}
++ };
++
++ struct Derived : public Base
++ {
++ virtual void f() override {}
++ };
++
++ }
++
++ namespace test_double_right_angle_brackets
++ {
++
++ template < typename T >
++ struct check {};
++
++ typedef check<void> single_type;
++ typedef check<check<void>> double_type;
++ typedef check<check<check<void>>> triple_type;
++ typedef check<check<check<check<void>>>> quadruple_type;
++
++ }
++
++ namespace test_decltype
++ {
++
++ int
++ f()
++ {
++ int a = 1;
++ decltype(a) b = 2;
++ return a + b;
++ }
++
++ }
++
++ namespace test_type_deduction
++ {
++
++ template < typename T1, typename T2 >
++ struct is_same
++ {
++ static const bool value = false;
++ };
++
++ template < typename T >
++ struct is_same<T, T>
++ {
++ static const bool value = true;
++ };
++
++ template < typename T1, typename T2 >
++ auto
++ add(T1 a1, T2 a2) -> decltype(a1 + a2)
++ {
++ return a1 + a2;
++ }
++
++ int
++ test(const int c, volatile int v)
++ {
++ static_assert(is_same<int, decltype(0)>::value == true, "");
++ static_assert(is_same<int, decltype(c)>::value == false, "");
++ static_assert(is_same<int, decltype(v)>::value == false, "");
++ auto ac = c;
++ auto av = v;
++ auto sumi = ac + av + 'x';
++ auto sumf = ac + av + 1.0;
++ static_assert(is_same<int, decltype(ac)>::value == true, "");
++ static_assert(is_same<int, decltype(av)>::value == true, "");
++ static_assert(is_same<int, decltype(sumi)>::value == true, "");
++ static_assert(is_same<int, decltype(sumf)>::value == false, "");
++ static_assert(is_same<int, decltype(add(c, v))>::value == true, "");
++ return (sumf > 0.0) ? sumi : add(c, v);
++ }
++
++ }
++
++ namespace test_noexcept
++ {
++
++ int f() { return 0; }
++ int g() noexcept { return 0; }
++
++ static_assert(noexcept(f()) == false, "");
++ static_assert(noexcept(g()) == true, "");
++
++ }
++
++ namespace test_constexpr
++ {
++
++ template < typename CharT >
++ unsigned long constexpr
++ strlen_c_r(const CharT *const s, const unsigned long acc) noexcept
++ {
++ return *s ? strlen_c_r(s + 1, acc + 1) : acc;
++ }
++
++ template < typename CharT >
++ unsigned long constexpr
++ strlen_c(const CharT *const s) noexcept
++ {
++ return strlen_c_r(s, 0UL);
++ }
++
++ static_assert(strlen_c("") == 0UL, "");
++ static_assert(strlen_c("1") == 1UL, "");
++ static_assert(strlen_c("example") == 7UL, "");
++ static_assert(strlen_c("another\0example") == 7UL, "");
++
++ }
++
++ namespace test_rvalue_references
++ {
++
++ template < int N >
++ struct answer
++ {
++ static constexpr int value = N;
++ };
++
++ answer<1> f(int&) { return answer<1>(); }
++ answer<2> f(const int&) { return answer<2>(); }
++ answer<3> f(int&&) { return answer<3>(); }
++
++ void
++ test()
++ {
++ int i = 0;
++ const int c = 0;
++ static_assert(decltype(f(i))::value == 1, "");
++ static_assert(decltype(f(c))::value == 2, "");
++ static_assert(decltype(f(0))::value == 3, "");
++ }
++
++ }
++
++ namespace test_uniform_initialization
++ {
++
++ struct test
++ {
++ static const int zero {};
++ static const int one {1};
++ };
++
++ static_assert(test::zero == 0, "");
++ static_assert(test::one == 1, "");
++
++ }
++
++ namespace test_lambdas
++ {
++
++ void
++ test1()
++ {
++ auto lambda1 = [](){};
++ auto lambda2 = lambda1;
++ lambda1();
++ lambda2();
++ }
++
++ int
++ test2()
++ {
++ auto a = [](int i, int j){ return i + j; }(1, 2);
++ auto b = []() -> int { return '0'; }();
++ auto c = [=](){ return a + b; }();
++ auto d = [&](){ return c; }();
++ auto e = [a, &b](int x) mutable {
++ const auto identity = [](int y){ return y; };
++ for (auto i = 0; i < a; ++i)
++ a += b--;
++ return x + identity(a + b);
++ }(0);
++ return a + b + c + d + e;
++ }
++
++ int
++ test3()
++ {
++ const auto nullary = [](){ return 0; };
++ const auto unary = [](int x){ return x; };
++ using nullary_t = decltype(nullary);
++ using unary_t = decltype(unary);
++ const auto higher1st = [](nullary_t f){ return f(); };
++ const auto higher2nd = [unary](nullary_t f1){
++ return [unary, f1](unary_t f2){ return f2(unary(f1())); };
++ };
++ return higher1st(nullary) + higher2nd(nullary)(unary);
++ }
++
++ }
++
++ namespace test_variadic_templates
++ {
++
++ template <int...>
++ struct sum;
++
++ template <int N0, int... N1toN>
++ struct sum<N0, N1toN...>
++ {
++ static constexpr auto value = N0 + sum<N1toN...>::value;
++ };
++
++ template <>
++ struct sum<>
++ {
++ static constexpr auto value = 0;
++ };
++
++ static_assert(sum<>::value == 0, "");
++ static_assert(sum<1>::value == 1, "");
++ static_assert(sum<23>::value == 23, "");
++ static_assert(sum<1, 2>::value == 3, "");
++ static_assert(sum<5, 5, 11>::value == 21, "");
++ static_assert(sum<2, 3, 5, 7, 11, 13>::value == 41, "");
++
++ }
++
++ // http://stackoverflow.com/questions/13728184/template-aliases-and-sfinae
++ // Clang 3.1 fails with headers of libstd++ 4.8.3 when using std::function
++ // because of this.
++ namespace test_template_alias_sfinae
++ {
++
++ struct foo {};
++
++ template<typename T>
++ using member = typename T::member_type;
++
++ template<typename T>
++ void func(...) {}
++
++ template<typename T>
++ void func(member<T>*) {}
++
++ void test();
++
++ void test() { func<foo>(0); }
++
++ }
++
++} // namespace cxx11
++
++#endif // __cplusplus >= 201103L
++
++]])
++
++
++dnl Tests for new features in C++14
++
++m4_define([_AX_CXX_COMPILE_STDCXX_testbody_new_in_14], [[
++
++// If the compiler admits that it is not ready for C++14, why torture it?
++// Hopefully, this will speed up the test.
++
++#ifndef __cplusplus
++
++#error "This is not a C++ compiler"
++
++#elif __cplusplus < 201402L
++
++#error "This is not a C++14 compiler"
++
++#else
++
++namespace cxx14
++{
++
++ namespace test_polymorphic_lambdas
++ {
++
++ int
++ test()
++ {
++ const auto lambda = [](auto&&... args){
++ const auto istiny = [](auto x){
++ return (sizeof(x) == 1UL) ? 1 : 0;
++ };
++ const int aretiny[] = { istiny(args)... };
++ return aretiny[0];
++ };
++ return lambda(1, 1L, 1.0f, '1');
++ }
++
++ }
++
++ namespace test_binary_literals
++ {
++
++ constexpr auto ivii = 0b0000000000101010;
++ static_assert(ivii == 42, "wrong value");
++
++ }
++
++ namespace test_generalized_constexpr
++ {
++
++ template < typename CharT >
++ constexpr unsigned long
++ strlen_c(const CharT *const s) noexcept
++ {
++ auto length = 0UL;
++ for (auto p = s; *p; ++p)
++ ++length;
++ return length;
++ }
++
++ static_assert(strlen_c("") == 0UL, "");
++ static_assert(strlen_c("x") == 1UL, "");
++ static_assert(strlen_c("test") == 4UL, "");
++ static_assert(strlen_c("another\0test") == 7UL, "");
++
++ }
++
++ namespace test_lambda_init_capture
++ {
++
++ int
++ test()
++ {
++ auto x = 0;
++ const auto lambda1 = [a = x](int b){ return a + b; };
++ const auto lambda2 = [a = lambda1(x)](){ return a; };
++ return lambda2();
++ }
++
++ }
++
++ namespace test_digit_separators
++ {
++
++ constexpr auto ten_million = 100'000'000;
++ static_assert(ten_million == 100000000, "");
++
++ }
++
++ namespace test_return_type_deduction
++ {
++
++ auto f(int& x) { return x; }
++ decltype(auto) g(int& x) { return x; }
++
++ template < typename T1, typename T2 >
++ struct is_same
++ {
++ static constexpr auto value = false;
++ };
++
++ template < typename T >
++ struct is_same<T, T>
++ {
++ static constexpr auto value = true;
++ };
++
++ int
++ test()
++ {
++ auto x = 0;
++ static_assert(is_same<int, decltype(f(x))>::value, "");
++ static_assert(is_same<int&, decltype(g(x))>::value, "");
++ return x;
++ }
++
++ }
++
++} // namespace cxx14
++
++#endif // __cplusplus >= 201402L
++
++]])
++
++
++dnl Tests for new features in C++17
++
++m4_define([_AX_CXX_COMPILE_STDCXX_testbody_new_in_17], [[
++
++// If the compiler admits that it is not ready for C++17, why torture it?
++// Hopefully, this will speed up the test.
++
++#ifndef __cplusplus
++
++#error "This is not a C++ compiler"
++
++#elif __cplusplus < 201703L
++
++#error "This is not a C++17 compiler"
++
++#else
++
++#include <initializer_list>
++#include <utility>
++#include <type_traits>
++
++namespace cxx17
++{
++
++ namespace test_constexpr_lambdas
++ {
++
++ constexpr int foo = [](){return 42;}();
++
++ }
++
++ namespace test::nested_namespace::definitions
++ {
++
++ }
++
++ namespace test_fold_expression
++ {
++
++ template<typename... Args>
++ int multiply(Args... args)
++ {
++ return (args * ... * 1);
++ }
++
++ template<typename... Args>
++ bool all(Args... args)
++ {
++ return (args && ...);
++ }
++
++ }
++
++ namespace test_extended_static_assert
++ {
++
++ static_assert (true);
++
++ }
++
++ namespace test_auto_brace_init_list
++ {
++
++ auto foo = {5};
++ auto bar {5};
++
++ static_assert(std::is_same<std::initializer_list<int>, decltype(foo)>::value);
++ static_assert(std::is_same<int, decltype(bar)>::value);
++ }
++
++ namespace test_typename_in_template_template_parameter
++ {
++
++ template<template<typename> typename X> struct D;
++
++ }
++
++ namespace test_fallthrough_nodiscard_maybe_unused_attributes
++ {
++
++ int f1()
++ {
++ return 42;
++ }
++
++ [[nodiscard]] int f2()
++ {
++ [[maybe_unused]] auto unused = f1();
++
++ switch (f1())
++ {
++ case 17:
++ f1();
++ [[fallthrough]];
++ case 42:
++ f1();
++ }
++ return f1();
++ }
++
++ }
++
++ namespace test_extended_aggregate_initialization
++ {
++
++ struct base1
++ {
++ int b1, b2 = 42;
++ };
++
++ struct base2
++ {
++ base2() {
++ b3 = 42;
++ }
++ int b3;
++ };
++
++ struct derived : base1, base2
++ {
++ int d;
++ };
++
++ derived d1 {{1, 2}, {}, 4}; // full initialization
++ derived d2 {{}, {}, 4}; // value-initialized bases
++
++ }
++
++ namespace test_general_range_based_for_loop
++ {
++
++ struct iter
++ {
++ int i;
++
++ int& operator* ()
++ {
++ return i;
++ }
++
++ const int& operator* () const
++ {
++ return i;
++ }
++
++ iter& operator++()
++ {
++ ++i;
++ return *this;
++ }
++ };
++
++ struct sentinel
++ {
++ int i;
++ };
++
++ bool operator== (const iter& i, const sentinel& s)
++ {
++ return i.i == s.i;
++ }
++
++ bool operator!= (const iter& i, const sentinel& s)
++ {
++ return !(i == s);
++ }
++
++ struct range
++ {
++ iter begin() const
++ {
++ return {0};
++ }
++
++ sentinel end() const
++ {
++ return {5};
++ }
++ };
++
++ void f()
++ {
++ range r {};
++
++ for (auto i : r)
++ {
++ [[maybe_unused]] auto v = i;
++ }
++ }
++
++ }
++
++ namespace test_lambda_capture_asterisk_this_by_value
++ {
++
++ struct t
++ {
++ int i;
++ int foo()
++ {
++ return [*this]()
++ {
++ return i;
++ }();
++ }
++ };
++
++ }
++
++ namespace test_enum_class_construction
++ {
++
++ enum class byte : unsigned char
++ {};
++
++ byte foo {42};
++
++ }
++
++ namespace test_constexpr_if
++ {
++
++ template <bool cond>
++ int f ()
++ {
++ if constexpr(cond)
++ {
++ return 13;
++ }
++ else
++ {
++ return 42;
++ }
++ }
++
++ }
++
++ namespace test_selection_statement_with_initializer
++ {
++
++ int f()
++ {
++ return 13;
++ }
++
++ int f2()
++ {
++ if (auto i = f(); i > 0)
++ {
++ return 3;
++ }
++
++ switch (auto i = f(); i + 4)
++ {
++ case 17:
++ return 2;
++
++ default:
++ return 1;
++ }
++ }
++
++ }
++
++ namespace test_template_argument_deduction_for_class_templates
++ {
++
++ template <typename T1, typename T2>
++ struct pair
++ {
++ pair (T1 p1, T2 p2)
++ : m1 {p1},
++ m2 {p2}
++ {}
++
++ T1 m1;
++ T2 m2;
++ };
++
++ void f()
++ {
++ [[maybe_unused]] auto p = pair{13, 42u};
++ }
++
++ }
++
++ namespace test_non_type_auto_template_parameters
++ {
++
++ template <auto n>
++ struct B
++ {};
++
++ B<5> b1;
++ B<'a'> b2;
++
++ }
++
++ namespace test_structured_bindings
++ {
++
++ int arr[2] = { 1, 2 };
++ std::pair<int, int> pr = { 1, 2 };
++
++ auto f1() -> int(&)[2]
++ {
++ return arr;
++ }
++
++ auto f2() -> std::pair<int, int>&
++ {
++ return pr;
++ }
++
++ struct S
++ {
++ int x1 : 2;
++ volatile double y1;
++ };
++
++ S f3()
++ {
++ return {};
++ }
++
++ auto [ x1, y1 ] = f1();
++ auto& [ xr1, yr1 ] = f1();
++ auto [ x2, y2 ] = f2();
++ auto& [ xr2, yr2 ] = f2();
++ const auto [ x3, y3 ] = f3();
++
++ }
++
++ namespace test_exception_spec_type_system
++ {
++
++ struct Good {};
++ struct Bad {};
++
++ void g1() noexcept;
++ void g2();
++
++ template<typename T>
++ Bad
++ f(T*, T*);
++
++ template<typename T1, typename T2>
++ Good
++ f(T1*, T2*);
++
++ static_assert (std::is_same_v<Good, decltype(f(g1, g2))>);
++
++ }
++
++ namespace test_inline_variables
++ {
++
++ template<class T> void f(T)
++ {}
++
++ template<class T> inline T g(T)
++ {
++ return T{};
++ }
++
++ template<> inline void f<>(int)
++ {}
++
++ template<> int g<>(int)
++ {
++ return 5;
++ }
++
++ }
++
++} // namespace cxx17
++
++#endif // __cplusplus < 201703L
++
++]])
+diff --git a/configure.ac b/configure.ac
+index cd678f1..3d50641 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -5,6 +5,7 @@ AC_INIT([polkit], [0.116], [http://lists.freedesktop.org/mailman/listinfo/polkit
+ AM_INIT_AUTOMAKE([])
+ AC_CONFIG_HEADERS(config.h)
+ AC_CONFIG_MACRO_DIR([buildutil])
++m4_include([buildutil/ax_cxx_compile_stdcxx.m4])
+ AM_MAINTAINER_MODE
+
+ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+@@ -33,7 +34,7 @@ AC_PROG_LN_S
+ AC_SYS_LARGEFILE
+ AM_PROG_CC_C_O
+ AC_PROG_CXX
+-AX_CXX_COMPILE_STDCXX_11()
++AX_CXX_COMPILE_STDCXX([14], [], [mandatory])
+
+ # Taken from dbus
+ AC_ARG_ENABLE(ansi, [ --enable-ansi enable -ansi -pedantic gcc flags],enable_ansi=$enableval,enable_ansi=no)
+--
+2.24.1
+
+
diff --git a/sys-auth/polkit/polkit-0.116-r2.ebuild b/sys-auth/polkit/polkit-0.116-r2.ebuild
new file mode 100644
index 0000000..e1900bb
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.116-r2.ebuild
@@ -0,0 +1,138 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+#KEYWORDS="amd64 arm arm64 ~mips ppc ppc64 x86"
+IUSE="consolekit elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="^^ ( consolekit elogind systemd )"
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+ dev-lang/spidermonkey:68[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+"
+RDEPEND="${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ consolekit? ( sys-auth/consolekit[policykit] )
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+ # bug 660880
+ "${FILESDIR}"/polkit-0.115-elogind.patch
+
+ # upstream patch from https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/48
+ "${FILESDIR}"/polkit-0.116-spidermonkey-68.patch
+
+ # locally rebased patch
+ "${FILESDIR}"/polkit-0.116-make-netgroup-support-optional-2.patch
+)
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # disable broken test - bug #624022
+ sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}"/var
+ --disable-static
+ --enable-man-pages
+ --disable-gtk-doc
+ --disable-examples
+ $(use_enable elogind libelogind)
+ $(use_enable introspection)
+ $(use_enable nls)
+ $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+ --with-authfw=$(usex pam pam shadow)
+ $(use_enable systemd libsystemd-login)
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(use_enable test)
+ --with-os-type=gentoo
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ default
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ diropts -m 0700 -o polkitd
+ keepdir /usr/share/polkit-1/rules.d
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2022-05-04 13:50 Jory Pratt
0 siblings, 0 replies; 8+ messages in thread
From: Jory Pratt @ 2022-05-04 13:50 UTC (permalink / raw
To: gentoo-commits
commit: 797cfeab3a46807a753759b61738d4dfab7b6243
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Wed May 4 13:49:49 2022 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Wed May 4 13:49:49 2022 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=797cfeab
sys-auth/polkit: Supported in ::gentoo
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
sys-auth/polkit/Manifest | 2 -
...lkit-0.118-make-netgroup-support-optional.patch | 219 ---------------------
.../polkit/files/polkit-0.120-CVE-2021-4043.patch | 72 -------
.../polkit/files/polkit-0.120-CVE-2021-4115.patch | 78 --------
sys-auth/polkit/files/polkit-0.120-meson.patch | 42 ----
sys-auth/polkit/metadata.xml | 11 --
sys-auth/polkit/polkit-0.120-r2.ebuild | 126 ------------
sys-auth/polkit/polkit-0.120-r3.ebuild | 128 ------------
8 files changed, 678 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
deleted file mode 100644
index 1125d650..00000000
--- a/sys-auth/polkit/Manifest
+++ /dev/null
@@ -1,2 +0,0 @@
-DIST polkit-0.120-duktape-1.patch 127886 BLAKE2B 5ae791538ff576c01340a8eee197c0da580cf8a5afd5d0ba54526191edf68c16811debed981c540fcf2ad6fbf0d13f66c71c8ccd32560fda2f39aeb86cd15349 SHA512 bd3fb95a2e4151646859fef031f463fabd8c02bd24024f8269a74c171d70f8fc33de055193b2a0fb0c40fc459f01ec9a546cfdf1c90ef096ba8e5135d08be4a7
-DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
diff --git a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
deleted file mode 100644
index aef30ef6..00000000
--- a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
+++ /dev/null
@@ -1,219 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index 4809dc9..d1ea325 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
-
--AC_CHECK_FUNCS(clearenv fdatasync)
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
-
- if test "x$GCC" = "xyes"; then
- LDFLAGS="-Wl,--as-needed $LDFLAGS"
-diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
-index 3aa1f7f..793f17d 100644
---- a/src/polkit/polkitidentity.c
-+++ b/src/polkit/polkitidentity.c
-@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
- }
- else if (g_str_has_prefix (str, "unix-netgroup:"))
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine ('%s')",
-+ str);
-+#else
- identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
-+#endif
- }
-
- if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- GVariant *v;
- const char *name;
-
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine");
-+ goto out;
-+#else
-+
- v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
- if (v == NULL)
- {
-@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- name = g_variant_get_string (v, NULL);
- ret = polkit_unix_netgroup_new (name);
- g_variant_unref (v);
-+#endif
- }
- else
- {
-diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
-index 8a2b369..83f8d4a 100644
---- a/src/polkit/polkitunixnetgroup.c
-+++ b/src/polkit/polkitunixnetgroup.c
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
- PolkitIdentity *
- polkit_unix_netgroup_new (const gchar *name)
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_assert_not_reached();
-+#endif
- g_return_val_if_fail (name != NULL, NULL);
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
- "name", name,
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 056d9a8..36c2f3d 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
- GList *ret;
-
- ret = NULL;
-+#ifdef HAVE_SETNETGRENT
- name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
-
--#ifdef HAVE_SETNETGRENT_RETURN
-+# ifdef HAVE_SETNETGRENT_RETURN
- if (setnetgrent (name) == 0)
- {
- g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
- goto out;
- }
--#else
-+# else
- setnetgrent (name);
--#endif
-+# endif /* HAVE_SETNETGRENT_RETURN */
-
- for (;;)
- {
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
- const char *hostname, *username, *domainname;
--#else
-+# else
- char *hostname, *username, *domainname;
--#endif
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
- PolkitIdentity *user;
- GError *error = NULL;
-
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,
-
- out:
- endnetgrent ();
-+#endif /* HAVE_SETNETGRENT */
- return ret;
- }
-
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
-index 1d91103..366cbdf 100644
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
-
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
-
-+#ifdef HAVE_SETNETGRENT
- JS::RootedString usrstr (authority->priv->cx);
- usrstr = args[0].toString();
- user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
- {
- is_in_netgroup = true;
- }
-+#endif
-
- ret = true;
-
-diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
-index e91967b..e829aaa 100644
---- a/test/polkit/polkitidentitytest.c
-+++ b/test/polkit/polkitidentitytest.c
-@@ -19,6 +19,7 @@
- * Author: Nikki VonHollen <vonhollen@google.com>
- */
-
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <polkit/polkitprivate.h>
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
- {"unix-group:root", "unix-group:jane", FALSE},
- {"unix-group:jane", "unix-group:jane", TRUE},
-
-+#ifdef HAVE_SETNETGRENT
- {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
- {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
-+#endif
-
- {"unix-user:root", "unix-group:root", FALSE},
-+#ifdef HAVE_SETNETGRENT
- {"unix-user:jane", "unix-netgroup:foo", FALSE},
-+#endif
-
- {NULL},
- };
-@@ -181,11 +186,13 @@ main (int argc, char *argv[])
- g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
- g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
-
-+#ifdef HAVE_SETNETGRENT
- g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
-+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-+#endif
-
- g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
- g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
-- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-
- add_comparison_tests ();
-
-diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
-index 3701ba1..e3352eb 100644
---- a/test/polkit/polkitunixnetgrouptest.c
-+++ b/test/polkit/polkitunixnetgrouptest.c
-@@ -19,6 +19,7 @@
- * Author: Nikki VonHollen <vonhollen@google.com>
- */
-
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <string.h>
-@@ -69,7 +70,9 @@ int
- main (int argc, char *argv[])
- {
- g_test_init (&argc, &argv, NULL);
-+#ifdef HAVE_SETNETGRENT
- g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
- g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
-+#endif
- return g_test_run ();
- }
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
-index 71aad23..fdd28f3 100644
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -137,12 +137,14 @@ test_get_admin_identities (void)
- "unix-group:users"
- }
- },
-+#ifdef HAVE_SETNETGRENT
- {
- "net.company.action3",
- {
- "unix-netgroup:foo"
- }
- },
-+#endif
- };
- guint n;
-
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
deleted file mode 100644
index 22bb71d1..00000000
--- a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
-https://bugs.gentoo.org/832057
-https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch
-
-From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
-From: Jan Rybar <jrybar@redhat.com>
-Date: Tue, 25 Jan 2022 17:21:46 +0000
-Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
-
---- a/src/programs/pkcheck.c
-+++ b/src/programs/pkcheck.c
-@@ -363,6 +363,11 @@ main (int argc, char *argv[])
- local_agent_handle = NULL;
- ret = 126;
-
-+ if (argc < 1)
-+ {
-+ exit(126);
-+ }
-+
- /* Disable remote file access from GIO. */
- setenv ("GIO_USE_VFS", "local", 1);
-
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -488,6 +488,15 @@ main (int argc, char *argv[])
- pid_t pid_of_caller;
- gpointer local_agent_handle;
-
-+
-+ /*
-+ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
-+ */
-+ if (argc<1)
-+ {
-+ exit(127);
-+ }
-+
- ret = 127;
- authority = NULL;
- subject = NULL;
-@@ -614,10 +623,10 @@ main (int argc, char *argv[])
-
- path = g_strdup (pwstruct.pw_shell);
- if (!path)
-- {
-+ {
- g_printerr ("No shell configured or error retrieving pw_shell\n");
- goto out;
-- }
-+ }
- /* If you change this, be sure to change the if (!command_line)
- case below too */
- command_line = g_strdup (path);
-@@ -636,7 +645,15 @@ main (int argc, char *argv[])
- goto out;
- }
- g_free (path);
-- argv[n] = path = s;
-+ path = s;
-+
-+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
-+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
-+ */
-+ if (argv[n] != NULL)
-+ {
-+ argv[n] = path;
-+ }
- }
- if (access (path, F_OK) != 0)
- {
-GitLab
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
deleted file mode 100644
index a82ce25c..00000000
--- a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7
-https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
-https://bugs.gentoo.org/833574
-
-From: Jan Rybar <jrybar@redhat.com>
-Date: Mon, 21 Feb 2022 08:29:05 +0000
-Subject: [PATCH] CVE-2021-4115 (GHSL-2021-077) fix
-
---- a/src/polkit/polkitsystembusname.c
-+++ b/src/polkit/polkitsystembusname.c
-@@ -62,6 +62,10 @@ enum
- PROP_NAME,
- };
-
-+
-+guint8 dbus_call_respond_fails; // has to be global because of callback
-+
-+
- static void subject_iface_init (PolkitSubjectIface *subject_iface);
-
- G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT,
-@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src,
- if (!v)
- {
- data->caught_error = TRUE;
-+ dbus_call_respond_fails += 1;
- }
- else
- {
-@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
- tmp_context = g_main_context_new ();
- g_main_context_push_thread_default (tmp_context);
-
-+ dbus_call_respond_fails = 0;
-+
- /* Do two async calls as it's basically as fast as one sync call.
- */
- g_dbus_connection_call (connection,
-@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
- on_retrieved_unix_uid_pid,
- &data);
-
-- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
-- g_main_context_iteration (tmp_context, TRUE);
-+ while (TRUE)
-+ {
-+ /* If one dbus call returns error, we must wait until the other call
-+ * calls _call_finish(), otherwise fd leak is possible.
-+ * Resolves: GHSL-2021-077
-+ */
-
-- if (data.caught_error)
-- goto out;
-+ if ( (dbus_call_respond_fails > 1) )
-+ {
-+ // we got two faults, we can leave
-+ goto out;
-+ }
-+
-+ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
-+ {
-+ // we got one fault and the other call finally finished, we can leave
-+ goto out;
-+ }
-+
-+ if ( !(data.retrieved_uid && data.retrieved_pid) )
-+ {
-+ g_main_context_iteration (tmp_context, TRUE);
-+ }
-+ else
-+ {
-+ break;
-+ }
-+ }
-
- if (out_uid)
- *out_uid = data.uid;
-GitLab
diff --git a/sys-auth/polkit/files/polkit-0.120-meson.patch b/sys-auth/polkit/files/polkit-0.120-meson.patch
deleted file mode 100644
index 5e144688..00000000
--- a/sys-auth/polkit/files/polkit-0.120-meson.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From e7f3d9e8341df64e2abc3910dafb1113a84bff07 Mon Sep 17 00:00:00 2001
-From: Simon McVittie <smcv@debian.org>
-Date: Mon, 25 Oct 2021 20:21:27 +0100
-Subject: [PATCH] Don't pass positional parameters to i18n.merge_file
-
-These were always ignored, and Meson 0.60.0 disallowed them.
-
-Resolves: https://gitlab.freedesktop.org/polkit/polkit/-/issues/160
-Reference: https://github.com/mesonbuild/meson/pull/9445
-Signed-off-by: Simon McVittie <smcv@debian.org>
----
- actions/meson.build | 1 -
- src/examples/meson.build | 1 -
- 2 files changed, 2 deletions(-)
-
-diff --git a/actions/meson.build b/actions/meson.build
-index 2abaaf3..1e3f370 100644
---- a/actions/meson.build
-+++ b/actions/meson.build
-@@ -1,7 +1,6 @@
- policy = 'org.freedesktop.policykit.policy'
-
- i18n.merge_file(
-- policy,
- input: policy + '.in',
- output: '@BASENAME@',
- po_dir: po_dir,
-diff --git a/src/examples/meson.build b/src/examples/meson.build
-index c6305ab..8c18de5 100644
---- a/src/examples/meson.build
-+++ b/src/examples/meson.build
-@@ -1,7 +1,6 @@
- policy = 'org.freedesktop.policykit.examples.pkexec.policy'
-
- i18n.merge_file(
-- policy,
- input: policy + '.in',
- output: '@BASENAME@',
- po_dir: po_dir,
---
-GitLab
-
diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml
deleted file mode 100644
index 23b3540b..00000000
--- a/sys-auth/polkit/metadata.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <maintainer type="project">
- <email>freedesktop-bugs@gentoo.org</email>
- </maintainer>
- <use>
- <flag name="duktape">Use<pkg>dev-lang/duktape</pkg> for javascript engine</flag>
- <flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag>
- </use>
-</pkgmetadata>
diff --git a/sys-auth/polkit/polkit-0.120-r2.ebuild b/sys-auth/polkit/polkit-0.120-r2.ebuild
deleted file mode 100644
index 24b53b1f..00000000
--- a/sys-auth/polkit/polkit-0.120-r2.ebuild
+++ /dev/null
@@ -1,126 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit meson pam pax-utils systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz
- https://dev.gentoo.org/~anarchy/dist/polkit-0.120-duktape-1.patch"
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~mips ppc64 x86"
-IUSE="duktape examples gtk +introspection kde pam selinux systemd test"
-#RESTRICT="!test? ( test )"
-# Tests currently don't work with meson. See
-# https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
-RESTRICT="test"
-
-BDEPEND="
- acct-user/polkitd
- app-text/docbook-xml-dtd:4.1.2
- app-text/docbook-xsl-stylesheets
- dev-libs/glib
- dev-libs/gobject-introspection-common
- dev-libs/libxslt
- dev-util/glib-utils
- sys-devel/gettext
- virtual/pkgconfig
- introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
- duktape? ( dev-lang/duktape )
- !duktape? ( dev-lang/spidermonkey:78[-debug] )
- dev-libs/glib:2
- dev-libs/expat
- pam? (
- sys-auth/pambase
- sys-libs/pam
- )
- !pam? ( virtual/libcrypt:= )
- systemd? ( sys-apps/systemd:0=[policykit] )
- !systemd? ( sys-auth/elogind )
-"
-RDEPEND="${DEPEND}
- acct-user/polkitd
- selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- >=lxde-base/lxsession-0.5.2
- ) )
- kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-QA_MULTILIB_PATHS="
- usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
-
-src_prepare() {
- local PATCHES=(
- "${FILESDIR}/polkit-0.120-meson.patch"
- "${FILESDIR}/polkit-0.120-CVE-2021-4043.patch"
- "${DISTDIR}"/${PN}-0.120-duktape-1.patch
- "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
- )
- default
-
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
-}
-
-src_configure() {
- xdg_environment_reset
-
- local emesonargs=(
- --localstatedir="${EPREFIX}"/var
- -Dauthfw="$(usex pam pam shadow)"
- -Dexamples=false
- -Dgtk_doc=false
- -Dman=true
- -Dos_type=gentoo
- -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
- -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
- $(meson_use introspection)
- $(meson_use test tests)
- $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
- -Djs_engine="$(usex duktape duktape mozjs)"
- )
- meson_src_configure
-}
-
-src_compile() {
- meson_src_compile
-
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
- meson_src_install
-
- if use examples ; then
- docinto examples
- dodoc src/examples/{*.c,*.policy*}
- fi
-
- diropts -m 0700 -o polkitd
- keepdir /usr/share/polkit-1/rules.d
-
- # meson does not install required files with SUID bit. See
- # https://bugs.gentoo.org/816393
- # Remove the following lines once this has been fixed by upstream
- # (should be fixed in next release: https://gitlab.freedesktop.org/polkit/polkit/-/commit/4ff1abe4a4c1f8c8378b9eaddb0346ac6448abd8)
- fperms u+s /usr/bin/pkexec
- fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1
-}
-
-pkg_postinst() {
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}
diff --git a/sys-auth/polkit/polkit-0.120-r3.ebuild b/sys-auth/polkit/polkit-0.120-r3.ebuild
deleted file mode 100644
index 7c280dd9..00000000
--- a/sys-auth/polkit/polkit-0.120-r3.ebuild
+++ /dev/null
@@ -1,128 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit meson pam pax-utils systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz
- https://dev.gentoo.org/~anarchy/dist/polkit-0.120-duktape-1.patch"
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="amd64 ~arm arm64 ~mips ppc64 x86"
-IUSE="duktape examples gtk +introspection kde pam selinux systemd test"
-#RESTRICT="!test? ( test )"
-# Tests currently don't work with meson. See
-# https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
-RESTRICT="test"
-
-BDEPEND="
- acct-user/polkitd
- app-text/docbook-xml-dtd:4.1.2
- app-text/docbook-xsl-stylesheets
- dev-libs/glib
- dev-libs/gobject-introspection-common
- dev-libs/libxslt
- dev-util/glib-utils
- sys-devel/gettext
- virtual/pkgconfig
- introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
- duktape? ( dev-lang/duktape )
- !duktape? ( dev-lang/spidermonkey:78[-debug] )
- dev-libs/glib:2
- dev-libs/expat
- pam? (
- sys-auth/pambase
- sys-libs/pam
- )
- !pam? ( virtual/libcrypt:= )
- systemd? ( sys-apps/systemd:0=[policykit] )
- !systemd? ( sys-auth/elogind )
-"
-RDEPEND="${DEPEND}
- acct-user/polkitd
- selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- >=lxde-base/lxsession-0.5.2
- ) )
- kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-QA_MULTILIB_PATHS="
- usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
-
-src_prepare() {
- local PATCHES=(
- "${FILESDIR}/polkit-0.120-meson.patch"
- "${FILESDIR}/polkit-0.120-CVE-2021-4043.patch"
- "${FILESDIR}/polkit-0.120-CVE-2021-4115.patch"
- "${DISTDIR}"/${PN}-0.120-duktape-1.patch
- "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
- )
-
- default
-
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
-}
-
-src_configure() {
- xdg_environment_reset
-
- local emesonargs=(
- --localstatedir="${EPREFIX}"/var
- -Dauthfw="$(usex pam pam shadow)"
- -Dexamples=false
- -Dgtk_doc=false
- -Dman=true
- -Dos_type=gentoo
- -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
- -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
- $(meson_use introspection)
- $(meson_use test tests)
- $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
- -Djs_engine="$(usex duktape duktape mozjs)"
- )
- meson_src_configure
-}
-
-src_compile() {
- meson_src_compile
-
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
- meson_src_install
-
- if use examples ; then
- docinto examples
- dodoc src/examples/{*.c,*.policy*}
- fi
-
- diropts -m 0700 -o polkitd
- keepdir /usr/share/polkit-1/rules.d
-
- # meson does not install required files with SUID bit. See
- # https://bugs.gentoo.org/816393
- # Remove the following lines once this has been fixed by upstream
- # (should be fixed in next release: https://gitlab.freedesktop.org/polkit/polkit/-/commit/4ff1abe4a4c1f8c8378b9eaddb0346ac6448abd8)
- fperms u+s /usr/bin/pkexec
- fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1
-}
-
-pkg_postinst() {
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}
^ permalink raw reply related [flat|nested] 8+ messages in thread* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2021-02-11 17:32 Jory Pratt
0 siblings, 0 replies; 8+ messages in thread
From: Jory Pratt @ 2021-02-11 17:32 UTC (permalink / raw
To: gentoo-commits
commit: 77abc7da6c7baad08c1c99ea3a04893e891023a1
Author: Vjaceslavs Klimovs <vklimovs <AT> gmail <DOT> com>
AuthorDate: Mon Feb 8 01:36:27 2021 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Thu Feb 11 16:56:07 2021 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=77abc7da
sys-auth/polkit: add polkit-0.118-r1 w/o spidermonkey dep and optional netgroup
Signed-off-by: Vjaceslavs Klimovs <vklimovs <AT> gmail.com>
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
sys-auth/polkit/files/polkit-0.118-duktape.patch | 1499 ++++++++++++++++++++
sys-auth/polkit/files/polkit-0.118-elogind.patch | 28 +
...lkit-0.118-make-netgroup-support-optional.patch | 219 +++
sys-auth/polkit/polkit-0.118-r1.ebuild | 134 ++
4 files changed, 1880 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.118-duktape.patch b/sys-auth/polkit/files/polkit-0.118-duktape.patch
new file mode 100644
index 0000000..f3f69e3
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.118-duktape.patch
@@ -0,0 +1,1499 @@
+diff --git a/configure.ac b/configure.ac
+index 5cedb4eca980f050fb5855ab577e93100adf8fec..6c274869f39d4b65b08f7cdb9e461b5182d297ec 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -79,11 +79,22 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+
+-PKG_CHECK_MODULES(LIBJS, [mozjs-78])
+-
+-AC_SUBST(LIBJS_CFLAGS)
+-AC_SUBST(LIBJS_CXXFLAGS)
+-AC_SUBST(LIBJS_LIBS)
++dnl ---------------------------------------------------------------------------
++dnl - Check javascript backend
++dnl ---------------------------------------------------------------------------
++AC_ARG_WITH(duktape, AS_HELP_STRING([--with-duktape],[Use Duktape as javascript backend]),with_duktape=yes,with_duktape=no)
++AS_IF([test x${with_duktape} == xyes], [
++ PKG_CHECK_MODULES(LIBJS, [duktape >= 2.0.0 ])
++ AC_SUBST(LIBJS_CFLAGS)
++ AC_SUBST(LIBJS_LIBS)
++], [
++ PKG_CHECK_MODULES(LIBJS, [mozjs-78])
++
++ AC_SUBST(LIBJS_CFLAGS)
++ AC_SUBST(LIBJS_CXXFLAGS)
++ AC_SUBST(LIBJS_LIBS)
++])
++AM_CONDITIONAL(USE_DUKTAPE, [test x$with_duktape == xyes], [Using duktape as javascript engine library])
+
+ EXPAT_LIB=""
+ AC_ARG_WITH(expat, [ --with-expat=<dir> Use expat from here],
+@@ -580,6 +591,13 @@ echo "
+ PAM support: ${have_pam}
+ systemdsystemunitdir: ${systemdsystemunitdir}
+ polkitd user: ${POLKITD_USER}"
++if test "x${with_duktape}" = xyes; then
++echo "
++ Javascript engine: Duktape"
++else
++echo "
++ Javascript engine: Mozjs"
++fi
+
+ if test "$have_pam" = yes ; then
+ echo "
+diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am
+index e48b739cc0a4e7606be0271ba4b4e3bd33b08545..9572b067effdf6f0dcd1c6b17b2e8c59c1ed6238 100644
+--- a/src/polkitbackend/Makefile.am
++++ b/src/polkitbackend/Makefile.am
+@@ -33,7 +33,7 @@ libpolkit_backend_1_la_SOURCES = \
+ polkitbackendprivate.h \
+ polkitbackendauthority.h polkitbackendauthority.c \
+ polkitbackendinteractiveauthority.h polkitbackendinteractiveauthority.c \
+- polkitbackendjsauthority.h polkitbackendjsauthority.cpp \
++ polkitbackendjsauthority.h \
+ polkitbackendactionpool.h polkitbackendactionpool.c \
+ polkitbackendactionlookup.h polkitbackendactionlookup.c \
+ $(NULL)
+@@ -51,19 +51,27 @@ libpolkit_backend_1_la_CFLAGS = \
+ -D_POLKIT_BACKEND_COMPILATION \
+ $(GLIB_CFLAGS) \
+ $(LIBSYSTEMD_CFLAGS) \
+- $(LIBJS_CFLAGS) \
++ $(LIBJS_CFLAGS) \
+ $(NULL)
+
+ libpolkit_backend_1_la_CXXFLAGS = $(libpolkit_backend_1_la_CFLAGS)
+
+ libpolkit_backend_1_la_LIBADD = \
+ $(GLIB_LIBS) \
++ $(DUKTAPE_LIBS) \
+ $(LIBSYSTEMD_LIBS) \
+ $(top_builddir)/src/polkit/libpolkit-gobject-1.la \
+ $(EXPAT_LIBS) \
+- $(LIBJS_LIBS) \
++ $(LIBJS_LIBS) \
+ $(NULL)
+
++if USE_DUKTAPE
++libpolkit_backend_1_la_SOURCES += polkitbackendduktapeauthority.c
++libpolkit_backend_1_la_LIBADD += -lm
++else
++libpolkit_backend_1_la_SOURCES += polkitbackendjsauthority.cpp
++endif
++
+ rulesdir = $(sysconfdir)/polkit-1/rules.d
+ rules_DATA = 50-default.rules
+
+diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c
+new file mode 100644
+index 0000000000000000000000000000000000000000..ae984535ed88003ab1b0965e3e109a848479c047
+--- /dev/null
++++ b/src/polkitbackend/polkitbackendduktapeauthority.c
+@@ -0,0 +1,1404 @@
++/*
++ * Copyright (C) 2008-2012 Red Hat, Inc.
++ * Copyright (C) 2015 Tangent Space <jstpierre@mecheye.net>
++ * Copyright (C) 2019 Wu Xiaotian <yetist@gmail.com>
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General
++ * Public License along with this library; if not, write to the
++ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
++ * Boston, MA 02111-1307, USA.
++ *
++ * Author: David Zeuthen <davidz@redhat.com>
++ */
++
++#include "config.h"
++#include <sys/wait.h>
++#include <errno.h>
++#include <pwd.h>
++#include <grp.h>
++#include <netdb.h>
++#include <string.h>
++#include <glib/gstdio.h>
++#include <locale.h>
++#include <glib/gi18n-lib.h>
++
++#include <polkit/polkit.h>
++#include "polkitbackendjsauthority.h"
++
++#include <polkit/polkitprivate.h>
++
++#ifdef HAVE_LIBSYSTEMD
++#include <systemd/sd-login.h>
++#endif /* HAVE_LIBSYSTEMD */
++
++#include "initjs.h" /* init.js */
++#include "duktape.h"
++
++/**
++ * SECTION:polkitbackendjsauthority
++ * @title: PolkitBackendJsAuthority
++ * @short_description: JS Authority
++ * @stability: Unstable
++ *
++ * An implementation of #PolkitBackendAuthority that reads and
++ * evalates Javascript files and supports interaction with
++ * authentication agents (virtue of being based on
++ * #PolkitBackendInteractiveAuthority).
++ */
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++struct _PolkitBackendJsAuthorityPrivate
++{
++ gchar **rules_dirs;
++ GFileMonitor **dir_monitors; /* NULL-terminated array of GFileMonitor instances */
++ duk_context *cx;
++};
++
++#define WATCHDOG_TIMEOUT (15 * G_TIME_SPAN_SECOND)
++
++static void utils_spawn (const gchar *const *argv,
++ guint timeout_seconds,
++ GCancellable *cancellable,
++ GAsyncReadyCallback callback,
++ gpointer user_data);
++
++gboolean utils_spawn_finish (GAsyncResult *res,
++ gint *out_exit_status,
++ gchar **out_standard_output,
++ gchar **out_standard_error,
++ GError **error);
++
++static void on_dir_monitor_changed (GFileMonitor *monitor,
++ GFile *file,
++ GFile *other_file,
++ GFileMonitorEvent event_type,
++ gpointer user_data);
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++enum
++{
++ PROP_0,
++ PROP_RULES_DIRS,
++};
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++static GList *polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority,
++ PolkitSubject *caller,
++ PolkitSubject *subject,
++ PolkitIdentity *user_for_subject,
++ gboolean subject_is_local,
++ gboolean subject_is_active,
++ const gchar *action_id,
++ PolkitDetails *details);
++
++static PolkitImplicitAuthorization polkit_backend_js_authority_check_authorization_sync (
++ PolkitBackendInteractiveAuthority *authority,
++ PolkitSubject *caller,
++ PolkitSubject *subject,
++ PolkitIdentity *user_for_subject,
++ gboolean subject_is_local,
++ gboolean subject_is_active,
++ const gchar *action_id,
++ PolkitDetails *details,
++ PolkitImplicitAuthorization implicit);
++
++G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY);
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++static void
++polkit_backend_js_authority_init (PolkitBackendJsAuthority *authority)
++{
++ authority->priv = G_TYPE_INSTANCE_GET_PRIVATE (authority,
++ POLKIT_BACKEND_TYPE_JS_AUTHORITY,
++ PolkitBackendJsAuthorityPrivate);
++}
++
++static gint
++rules_file_name_cmp (const gchar *a,
++ const gchar *b)
++{
++ gint ret;
++ const gchar *a_base;
++ const gchar *b_base;
++
++ a_base = strrchr (a, '/');
++ b_base = strrchr (b, '/');
++
++ g_assert (a_base != NULL);
++ g_assert (b_base != NULL);
++ a_base += 1;
++ b_base += 1;
++
++ ret = g_strcmp0 (a_base, b_base);
++ if (ret == 0)
++ {
++ /* /etc wins over /usr */
++ ret = g_strcmp0 (a, b);
++ g_assert (ret != 0);
++ }
++
++ return ret;
++}
++
++static void
++load_scripts (PolkitBackendJsAuthority *authority)
++{
++ duk_context *cx = authority->priv->cx;
++ GList *files = NULL;
++ GList *l;
++ guint num_scripts = 0;
++ GError *error = NULL;
++ guint n;
++
++ files = NULL;
++
++ for (n = 0; authority->priv->rules_dirs != NULL && authority->priv->rules_dirs[n] != NULL; n++)
++ {
++ const gchar *dir_name = authority->priv->rules_dirs[n];
++ GDir *dir = NULL;
++
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Loading rules from directory %s",
++ dir_name);
++
++ dir = g_dir_open (dir_name,
++ 0,
++ &error);
++ if (dir == NULL)
++ {
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Error opening rules directory: %s (%s, %d)",
++ error->message, g_quark_to_string (error->domain), error->code);
++ g_clear_error (&error);
++ }
++ else
++ {
++ const gchar *name;
++ while ((name = g_dir_read_name (dir)) != NULL)
++ {
++ if (g_str_has_suffix (name, ".rules"))
++ files = g_list_prepend (files, g_strdup_printf ("%s/%s", dir_name, name));
++ }
++ g_dir_close (dir);
++ }
++ }
++
++ files = g_list_sort (files, (GCompareFunc) rules_file_name_cmp);
++
++ for (l = files; l != NULL; l = l->next)
++ {
++ const gchar *filename = l->data;
++
++#if (DUK_VERSION >= 20000)
++ gchar *contents;
++ gsize length;
++ GError *error = NULL;
++ if (!g_file_get_contents (filename, &contents, &length, &error)){
++ g_warning("Error when file contents of %s: %s\n", filename, error->message);
++ g_error_free (error);
++ continue;
++ }
++ if (duk_peval_lstring_noresult(cx, contents,length) != 0)
++#else
++ if (duk_peval_file_noresult (cx, filename) != 0)
++#endif
++ {
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Error compiling script %s: %s",
++ filename, duk_safe_to_string (authority->priv->cx, -1));
++#if (DUK_VERSION >= 20000)
++ g_free (contents);
++#endif
++ continue;
++ }
++#if (DUK_VERSION >= 20000)
++ g_free (contents);
++#endif
++ num_scripts++;
++ }
++
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Finished loading, compiling and executing %d rules",
++ num_scripts);
++ g_list_free_full (files, g_free);
++}
++
++static void
++reload_scripts (PolkitBackendJsAuthority *authority)
++{
++ duk_context *cx = authority->priv->cx;
++
++ duk_set_top (cx, 0);
++ duk_get_global_string (cx, "polkit");
++ duk_push_string (cx, "_deleteRules");
++
++ duk_call_prop (cx, 0, 0);
++
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Collecting garbage unconditionally...");
++
++ load_scripts (authority);
++
++ /* Let applications know we have new rules... */
++ g_signal_emit_by_name (authority, "changed");
++}
++
++static void
++on_dir_monitor_changed (GFileMonitor *monitor,
++ GFile *file,
++ GFile *other_file,
++ GFileMonitorEvent event_type,
++ gpointer user_data)
++{
++ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (user_data);
++
++ /* TODO: maybe rate-limit so storms of events are collapsed into one with a 500ms resolution?
++ * Because when editing a file with emacs we get 4-8 events..
++ */
++
++ if (file != NULL)
++ {
++ gchar *name;
++
++ name = g_file_get_basename (file);
++
++ /* g_print ("event_type=%d file=%p name=%s\n", event_type, file, name); */
++ if (!g_str_has_prefix (name, ".") &&
++ !g_str_has_prefix (name, "#") &&
++ g_str_has_suffix (name, ".rules") &&
++ (event_type == G_FILE_MONITOR_EVENT_CREATED ||
++ event_type == G_FILE_MONITOR_EVENT_DELETED ||
++ event_type == G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT))
++ {
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Reloading rules");
++ reload_scripts (authority);
++ }
++ g_free (name);
++ }
++}
++
++
++static void
++setup_file_monitors (PolkitBackendJsAuthority *authority)
++{
++ guint n;
++ GPtrArray *p;
++
++ p = g_ptr_array_new ();
++ for (n = 0; authority->priv->rules_dirs != NULL && authority->priv->rules_dirs[n] != NULL; n++)
++ {
++ GFile *file;
++ GError *error;
++ GFileMonitor *monitor;
++
++ file = g_file_new_for_path (authority->priv->rules_dirs[n]);
++ error = NULL;
++ monitor = g_file_monitor_directory (file,
++ G_FILE_MONITOR_NONE,
++ NULL,
++ &error);
++ g_object_unref (file);
++ if (monitor == NULL)
++ {
++ g_warning ("Error monitoring directory %s: %s",
++ authority->priv->rules_dirs[n],
++ error->message);
++ g_clear_error (&error);
++ }
++ else
++ {
++ g_signal_connect (monitor,
++ "changed",
++ G_CALLBACK (on_dir_monitor_changed),
++ authority);
++ g_ptr_array_add (p, monitor);
++ }
++ }
++ g_ptr_array_add (p, NULL);
++ authority->priv->dir_monitors = (GFileMonitor**) g_ptr_array_free (p, FALSE);
++}
++
++static duk_ret_t js_polkit_log (duk_context *cx);
++static duk_ret_t js_polkit_spawn (duk_context *cx);
++static duk_ret_t js_polkit_user_is_in_netgroup (duk_context *cx);
++
++static const duk_function_list_entry js_polkit_functions[] =
++{
++ { "log", js_polkit_log, 1 },
++ { "spawn", js_polkit_spawn, 1 },
++ { "_userIsInNetGroup", js_polkit_user_is_in_netgroup, 2 },
++ { NULL, NULL, 0 },
++};
++
++static void
++polkit_backend_js_authority_constructed (GObject *object)
++{
++ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object);
++ duk_context *cx;
++
++ cx = duk_create_heap (NULL, NULL, NULL, authority, NULL);
++ if (cx == NULL)
++ goto fail;
++
++ authority->priv->cx = cx;
++
++ duk_push_global_object (cx);
++ duk_push_object (cx);
++ duk_put_function_list (cx, -1, js_polkit_functions);
++ duk_put_prop_string (cx, -2, "polkit");
++
++ duk_eval_string (cx, init_js);
++
++ if (authority->priv->rules_dirs == NULL)
++ {
++ authority->priv->rules_dirs = g_new0 (gchar *, 3);
++ authority->priv->rules_dirs[0] = g_strdup (PACKAGE_SYSCONF_DIR "/polkit-1/rules.d");
++ authority->priv->rules_dirs[1] = g_strdup (PACKAGE_DATA_DIR "/polkit-1/rules.d");
++ }
++
++ setup_file_monitors (authority);
++ load_scripts (authority);
++
++ G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->constructed (object);
++ return;
++
++ fail:
++ g_critical ("Error initializing JavaScript environment");
++ g_assert_not_reached ();
++}
++
++static void
++polkit_backend_js_authority_finalize (GObject *object)
++{
++ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object);
++ guint n;
++
++ for (n = 0; authority->priv->dir_monitors != NULL && authority->priv->dir_monitors[n] != NULL; n++)
++ {
++ GFileMonitor *monitor = authority->priv->dir_monitors[n];
++ g_signal_handlers_disconnect_by_func (monitor,
++ G_CALLBACK (on_dir_monitor_changed),
++ authority);
++ g_object_unref (monitor);
++ }
++ g_free (authority->priv->dir_monitors);
++ g_strfreev (authority->priv->rules_dirs);
++
++ duk_destroy_heap (authority->priv->cx);
++
++ G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->finalize (object);
++}
++
++static void
++polkit_backend_js_authority_set_property (GObject *object,
++ guint property_id,
++ const GValue *value,
++ GParamSpec *pspec)
++{
++ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object);
++
++ switch (property_id)
++ {
++ case PROP_RULES_DIRS:
++ g_assert (authority->priv->rules_dirs == NULL);
++ authority->priv->rules_dirs = (gchar **) g_value_dup_boxed (value);
++ break;
++
++ default:
++ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
++ break;
++ }
++}
++
++static const gchar *
++polkit_backend_js_authority_get_name (PolkitBackendAuthority *authority)
++{
++ return "js";
++}
++
++static const gchar *
++polkit_backend_js_authority_get_version (PolkitBackendAuthority *authority)
++{
++ return PACKAGE_VERSION;
++}
++
++static PolkitAuthorityFeatures
++polkit_backend_js_authority_get_features (PolkitBackendAuthority *authority)
++{
++ return POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION;
++}
++
++static void
++polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass)
++{
++ GObjectClass *gobject_class;
++ PolkitBackendAuthorityClass *authority_class;
++ PolkitBackendInteractiveAuthorityClass *interactive_authority_class;
++
++
++ gobject_class = G_OBJECT_CLASS (klass);
++ gobject_class->finalize = polkit_backend_js_authority_finalize;
++ gobject_class->set_property = polkit_backend_js_authority_set_property;
++ gobject_class->constructed = polkit_backend_js_authority_constructed;
++
++ authority_class = POLKIT_BACKEND_AUTHORITY_CLASS (klass);
++ authority_class->get_name = polkit_backend_js_authority_get_name;
++ authority_class->get_version = polkit_backend_js_authority_get_version;
++ authority_class->get_features = polkit_backend_js_authority_get_features;
++
++ interactive_authority_class = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS (klass);
++ interactive_authority_class->get_admin_identities = polkit_backend_js_authority_get_admin_auth_identities;
++ interactive_authority_class->check_authorization_sync = polkit_backend_js_authority_check_authorization_sync;
++
++ g_object_class_install_property (gobject_class,
++ PROP_RULES_DIRS,
++ g_param_spec_boxed ("rules-dirs",
++ NULL,
++ NULL,
++ G_TYPE_STRV,
++ G_PARAM_CONSTRUCT_ONLY | G_PARAM_WRITABLE));
++
++
++ g_type_class_add_private (klass, sizeof (PolkitBackendJsAuthorityPrivate));
++}
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++static void
++set_property_str (duk_context *cx,
++ const gchar *name,
++ const gchar *value)
++{
++ duk_push_string (cx, value);
++ duk_put_prop_string (cx, -2, name);
++}
++
++static void
++set_property_strv (duk_context *cx,
++ const gchar *name,
++ GPtrArray *value)
++{
++ guint n;
++ duk_push_array (cx);
++ for (n = 0; n < value->len; n++)
++ {
++ duk_push_string (cx, g_ptr_array_index (value, n));
++ duk_put_prop_index (cx, -2, n);
++ }
++ duk_put_prop_string (cx, -2, name);
++}
++
++static void
++set_property_int32 (duk_context *cx,
++ const gchar *name,
++ gint32 value)
++{
++ duk_push_int (cx, value);
++ duk_put_prop_string (cx, -2, name);
++}
++
++static void
++set_property_bool (duk_context *cx,
++ const char *name,
++ gboolean value)
++{
++ duk_push_boolean (cx, value);
++ duk_put_prop_string (cx, -2, name);
++}
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++static gboolean
++push_subject (duk_context *cx,
++ PolkitSubject *subject,
++ PolkitIdentity *user_for_subject,
++ gboolean subject_is_local,
++ gboolean subject_is_active,
++ GError **error)
++{
++ gboolean ret = FALSE;
++ pid_t pid;
++ uid_t uid;
++ gchar *user_name = NULL;
++ GPtrArray *groups = NULL;
++ struct passwd *passwd;
++ char *seat_str = NULL;
++ char *session_str = NULL;
++
++ duk_get_global_string (cx, "Subject");
++ duk_new (cx, 0);
++
++ if (POLKIT_IS_UNIX_PROCESS (subject))
++ {
++ pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject));
++ }
++ else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
++ {
++ PolkitSubject *process;
++ process = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error);
++ if (process == NULL)
++ goto out;
++ pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (process));
++ g_object_unref (process);
++ }
++ else
++ {
++ g_assert_not_reached ();
++ }
++
++#ifdef HAVE_LIBSYSTEMD
++ if (sd_pid_get_session (pid, &session_str) == 0)
++ {
++ if (sd_session_get_seat (session_str, &seat_str) == 0)
++ {
++ /* do nothing */
++ }
++ }
++#endif /* HAVE_LIBSYSTEMD */
++
++ g_assert (POLKIT_IS_UNIX_USER (user_for_subject));
++ uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_for_subject));
++
++ groups = g_ptr_array_new_with_free_func (g_free);
++
++ passwd = getpwuid (uid);
++ if (passwd == NULL)
++ {
++ user_name = g_strdup_printf ("%d", (gint) uid);
++ g_warning ("Error looking up info for uid %d: %m", (gint) uid);
++ }
++ else
++ {
++ gid_t gids[512];
++ int num_gids = 512;
++
++ user_name = g_strdup (passwd->pw_name);
++
++ if (getgrouplist (passwd->pw_name,
++ passwd->pw_gid,
++ gids,
++ &num_gids) < 0)
++ {
++ g_warning ("Error looking up groups for uid %d: %m", (gint) uid);
++ }
++ else
++ {
++ gint n;
++ for (n = 0; n < num_gids; n++)
++ {
++ struct group *group;
++ group = getgrgid (gids[n]);
++ if (group == NULL)
++ {
++ g_ptr_array_add (groups, g_strdup_printf ("%d", (gint) gids[n]));
++ }
++ else
++ {
++ g_ptr_array_add (groups, g_strdup (group->gr_name));
++ }
++ }
++ }
++ }
++
++ set_property_int32 (cx, "pid", pid);
++ set_property_str (cx, "user", user_name);
++ set_property_strv (cx, "groups", groups);
++ set_property_str (cx, "seat", seat_str);
++ set_property_str (cx, "session", session_str);
++ set_property_bool (cx, "local", subject_is_local);
++ set_property_bool (cx, "active", subject_is_active);
++
++ ret = TRUE;
++
++ out:
++ free (session_str);
++ free (seat_str);
++ g_free (user_name);
++ if (groups != NULL)
++ g_ptr_array_unref (groups);
++
++ return ret;
++}
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++static gboolean
++push_action_and_details (duk_context *cx,
++ const gchar *action_id,
++ PolkitDetails *details,
++ GError **error)
++{
++ gchar **keys;
++ guint n;
++
++ duk_get_global_string (cx, "Action");
++ duk_new (cx, 0);
++
++ set_property_str (cx, "id", action_id);
++
++ keys = polkit_details_get_keys (details);
++ for (n = 0; keys != NULL && keys[n] != NULL; n++)
++ {
++ gchar *key;
++ const gchar *value;
++ key = g_strdup_printf ("_detail_%s", keys[n]);
++ value = polkit_details_lookup (details, keys[n]);
++ set_property_str (cx, key, value);
++ g_free (key);
++ }
++ g_strfreev (keys);
++
++ return TRUE;
++}
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++static GList *
++polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *_authority,
++ PolkitSubject *caller,
++ PolkitSubject *subject,
++ PolkitIdentity *user_for_subject,
++ gboolean subject_is_local,
++ gboolean subject_is_active,
++ const gchar *action_id,
++ PolkitDetails *details)
++{
++ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
++ GList *ret = NULL;
++ guint n;
++ GError *error = NULL;
++ const char *ret_str = NULL;
++ gchar **ret_strs = NULL;
++ duk_context *cx = authority->priv->cx;
++
++ duk_set_top (cx, 0);
++ duk_get_global_string (cx, "polkit");
++ duk_push_string (cx, "_runAdminRules");
++
++ if (!push_action_and_details (cx, action_id, details, &error))
++ {
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Error converting action and details to JS object: %s",
++ error->message);
++ g_clear_error (&error);
++ goto out;
++ }
++
++ if (!push_subject (cx, subject, user_for_subject, subject_is_local, subject_is_active, &error))
++ {
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Error converting subject to JS object: %s",
++ error->message);
++ g_clear_error (&error);
++ goto out;
++ }
++
++ if (duk_pcall_prop (cx, 0, 2) != DUK_ERR_NONE)
++ {
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Error evaluating admin rules: ",
++ duk_safe_to_string (cx, -1));
++ goto out;
++ }
++
++ ret_str = duk_require_string (cx, -1);
++
++ ret_strs = g_strsplit (ret_str, ",", -1);
++ for (n = 0; ret_strs != NULL && ret_strs[n] != NULL; n++)
++ {
++ const gchar *identity_str = ret_strs[n];
++ PolkitIdentity *identity;
++
++ error = NULL;
++ identity = polkit_identity_from_string (identity_str, &error);
++ if (identity == NULL)
++ {
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Identity `%s' is not valid, ignoring: %s",
++ identity_str, error->message);
++ g_clear_error (&error);
++ }
++ else
++ {
++ ret = g_list_prepend (ret, identity);
++ }
++ }
++ ret = g_list_reverse (ret);
++
++ out:
++ g_strfreev (ret_strs);
++ /* fallback to root password auth */
++ if (ret == NULL)
++ ret = g_list_prepend (ret, polkit_unix_user_new (0));
++
++ return ret;
++}
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++static PolkitImplicitAuthorization
++polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAuthority *_authority,
++ PolkitSubject *caller,
++ PolkitSubject *subject,
++ PolkitIdentity *user_for_subject,
++ gboolean subject_is_local,
++ gboolean subject_is_active,
++ const gchar *action_id,
++ PolkitDetails *details,
++ PolkitImplicitAuthorization implicit)
++{
++ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
++ PolkitImplicitAuthorization ret = implicit;
++ GError *error = NULL;
++ gchar *ret_str = NULL;
++ gboolean good = FALSE;
++ duk_context *cx = authority->priv->cx;
++
++ duk_set_top (cx, 0);
++ duk_get_global_string (cx, "polkit");
++ duk_push_string (cx, "_runRules");
++
++ if (!push_action_and_details (cx, action_id, details, &error))
++ {
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Error converting action and details to JS object: %s",
++ error->message);
++ g_clear_error (&error);
++ goto out;
++ }
++
++ if (!push_subject (cx, subject, user_for_subject, subject_is_local, subject_is_active, &error))
++ {
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Error converting subject to JS object: %s",
++ error->message);
++ g_clear_error (&error);
++ goto out;
++ }
++
++ if (duk_pcall_prop (cx, 0, 2) != DUK_ERR_NONE)
++ {
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Error evaluating authorization rules: ",
++ duk_safe_to_string (cx, -1));
++ goto out;
++ }
++
++ if (duk_is_null(cx, -1)) {
++ good = TRUE;
++ goto out;
++ }
++ ret_str = g_strdup (duk_require_string (cx, -1));
++ if (!polkit_implicit_authorization_from_string (ret_str, &ret))
++ {
++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ "Returned result `%s' is not valid",
++ ret_str);
++ goto out;
++ }
++
++ good = TRUE;
++
++ out:
++ if (!good)
++ ret = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED;
++ g_free (ret_str);
++
++ return ret;
++}
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++static duk_ret_t
++js_polkit_log (duk_context *cx)
++{
++ const char *str = duk_require_string (cx, 0);
++ fprintf (stderr, "%s\n", str);
++ return 0;
++}
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++static const gchar *
++get_signal_name (gint signal_number)
++{
++ switch (signal_number)
++ {
++#define _HANDLE_SIG(sig) case sig: return #sig;
++ _HANDLE_SIG (SIGHUP);
++ _HANDLE_SIG (SIGINT);
++ _HANDLE_SIG (SIGQUIT);
++ _HANDLE_SIG (SIGILL);
++ _HANDLE_SIG (SIGABRT);
++ _HANDLE_SIG (SIGFPE);
++ _HANDLE_SIG (SIGKILL);
++ _HANDLE_SIG (SIGSEGV);
++ _HANDLE_SIG (SIGPIPE);
++ _HANDLE_SIG (SIGALRM);
++ _HANDLE_SIG (SIGTERM);
++ _HANDLE_SIG (SIGUSR1);
++ _HANDLE_SIG (SIGUSR2);
++ _HANDLE_SIG (SIGCHLD);
++ _HANDLE_SIG (SIGCONT);
++ _HANDLE_SIG (SIGSTOP);
++ _HANDLE_SIG (SIGTSTP);
++ _HANDLE_SIG (SIGTTIN);
++ _HANDLE_SIG (SIGTTOU);
++ _HANDLE_SIG (SIGBUS);
++#ifdef SIGPOLL
++ _HANDLE_SIG (SIGPOLL);
++#endif
++ _HANDLE_SIG (SIGPROF);
++ _HANDLE_SIG (SIGSYS);
++ _HANDLE_SIG (SIGTRAP);
++ _HANDLE_SIG (SIGURG);
++ _HANDLE_SIG (SIGVTALRM);
++ _HANDLE_SIG (SIGXCPU);
++ _HANDLE_SIG (SIGXFSZ);
++#undef _HANDLE_SIG
++ default:
++ break;
++ }
++ return "UNKNOWN_SIGNAL";
++}
++
++typedef struct
++{
++ GMainLoop *loop;
++ GAsyncResult *res;
++} SpawnData;
++
++static void
++spawn_cb (GObject *source_object,
++ GAsyncResult *res,
++ gpointer user_data)
++{
++ SpawnData *data = user_data;
++ data->res = g_object_ref (res);
++ g_main_loop_quit (data->loop);
++}
++
++static duk_ret_t
++js_polkit_spawn (duk_context *cx)
++{
++#if (DUK_VERSION >= 20000)
++ duk_ret_t ret = DUK_RET_ERROR;
++#else
++ duk_ret_t ret = DUK_RET_INTERNAL_ERROR;
++#endif
++ gchar *standard_output = NULL;
++ gchar *standard_error = NULL;
++ gint exit_status;
++ GError *error = NULL;
++ guint32 array_len;
++ gchar **argv = NULL;
++ GMainContext *context = NULL;
++ GMainLoop *loop = NULL;
++ SpawnData data = {0};
++ char *err_str = NULL;
++ guint n;
++
++ if (!duk_is_array (cx, 0))
++ goto out;
++
++ array_len = duk_get_length (cx, 0);
++
++ argv = g_new0 (gchar*, array_len + 1);
++ for (n = 0; n < array_len; n++)
++ {
++ duk_get_prop_index (cx, 0, n);
++ argv[n] = g_strdup (duk_to_string (cx, -1));
++ duk_pop (cx);
++ }
++
++ context = g_main_context_new ();
++ loop = g_main_loop_new (context, FALSE);
++
++ g_main_context_push_thread_default (context);
++
++ data.loop = loop;
++ utils_spawn ((const gchar *const *) argv,
++ 10, /* timeout_seconds */
++ NULL, /* cancellable */
++ spawn_cb,
++ &data);
++
++ g_main_loop_run (loop);
++
++ g_main_context_pop_thread_default (context);
++
++ if (!utils_spawn_finish (data.res,
++ &exit_status,
++ &standard_output,
++ &standard_error,
++ &error))
++ {
++ err_str = g_strdup_printf ("Error spawning helper: %s (%s, %d)",
++ error->message, g_quark_to_string (error->domain), error->code);
++ g_clear_error (&error);
++ goto out;
++ }
++
++ if (!(WIFEXITED (exit_status) && WEXITSTATUS (exit_status) == 0))
++ {
++ GString *gstr;
++ gstr = g_string_new (NULL);
++ if (WIFEXITED (exit_status))
++ {
++ g_string_append_printf (gstr,
++ "Helper exited with non-zero exit status %d",
++ WEXITSTATUS (exit_status));
++ }
++ else if (WIFSIGNALED (exit_status))
++ {
++ g_string_append_printf (gstr,
++ "Helper was signaled with signal %s (%d)",
++ get_signal_name (WTERMSIG (exit_status)),
++ WTERMSIG (exit_status));
++ }
++ g_string_append_printf (gstr, ", stdout=`%s', stderr=`%s'",
++ standard_output, standard_error);
++ err_str = g_string_free (gstr, FALSE);
++ goto out;
++ }
++
++ duk_push_string (cx, standard_output);
++ ret = 1;
++
++ out:
++ g_strfreev (argv);
++ g_free (standard_output);
++ g_free (standard_error);
++ g_clear_object (&data.res);
++ if (loop != NULL)
++ g_main_loop_unref (loop);
++ if (context != NULL)
++ g_main_context_unref (context);
++
++ if (err_str)
++ duk_error (cx, DUK_ERR_ERROR, err_str);
++
++ return ret;
++}
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++
++static duk_ret_t
++js_polkit_user_is_in_netgroup (duk_context *cx)
++{
++ const char *user;
++ const char *netgroup;
++ gboolean is_in_netgroup = FALSE;
++
++ user = duk_require_string (cx, 0);
++ netgroup = duk_require_string (cx, 1);
++
++#ifdef HAVE_SETNETGRENT
++ if (innetgr (netgroup,
++ NULL, /* host */
++ user,
++ NULL)) /* domain */
++ {
++ is_in_netgroup = TRUE;
++ }
++#endif
++
++ duk_push_boolean (cx, is_in_netgroup);
++ return 1;
++}
++
++/* ---------------------------------------------------------------------------------------------------- */
++
++typedef struct
++{
++ GSimpleAsyncResult *simple; /* borrowed reference */
++ GMainContext *main_context; /* may be NULL */
++
++ GCancellable *cancellable; /* may be NULL */
++ gulong cancellable_handler_id;
++
++ GPid child_pid;
++ gint child_stdout_fd;
++ gint child_stderr_fd;
++
++ GIOChannel *child_stdout_channel;
++ GIOChannel *child_stderr_channel;
++
++ GSource *child_watch_source;
++ GSource *child_stdout_source;
++ GSource *child_stderr_source;
++
++ guint timeout_seconds;
++ gboolean timed_out;
++ GSource *timeout_source;
++
++ GString *child_stdout;
++ GString *child_stderr;
++
++ gint exit_status;
++} UtilsSpawnData;
++
++static void
++utils_child_watch_from_release_cb (GPid pid,
++ gint status,
++ gpointer user_data)
++{
++}
++
++static void
++utils_spawn_data_free (UtilsSpawnData *data)
++{
++ if (data->timeout_source != NULL)
++ {
++ g_source_destroy (data->timeout_source);
++ data->timeout_source = NULL;
++ }
++
++ /* Nuke the child, if necessary */
++ if (data->child_watch_source != NULL)
++ {
++ g_source_destroy (data->child_watch_source);
++ data->child_watch_source = NULL;
++ }
++
++ if (data->child_pid != 0)
++ {
++ GSource *source;
++ kill (data->child_pid, SIGTERM);
++ /* OK, we need to reap for the child ourselves - we don't want
++ * to use waitpid() because that might block the calling
++ * thread (the child might handle SIGTERM and use several
++ * seconds for cleanup/rollback).
++ *
++ * So we use GChildWatch instead.
++ *
++ * Avoid taking a references to ourselves. but note that we need
++ * to pass the GSource so we can nuke it once handled.
++ */
++ source = g_child_watch_source_new (data->child_pid);
++ g_source_set_callback (source,
++ (GSourceFunc) utils_child_watch_from_release_cb,
++ source,
++ (GDestroyNotify) g_source_destroy);
++ g_source_attach (source, data->main_context);
++ g_source_unref (source);
++ data->child_pid = 0;
++ }
++
++ if (data->child_stdout != NULL)
++ {
++ g_string_free (data->child_stdout, TRUE);
++ data->child_stdout = NULL;
++ }
++
++ if (data->child_stderr != NULL)
++ {
++ g_string_free (data->child_stderr, TRUE);
++ data->child_stderr = NULL;
++ }
++
++ if (data->child_stdout_channel != NULL)
++ {
++ g_io_channel_unref (data->child_stdout_channel);
++ data->child_stdout_channel = NULL;
++ }
++ if (data->child_stderr_channel != NULL)
++ {
++ g_io_channel_unref (data->child_stderr_channel);
++ data->child_stderr_channel = NULL;
++ }
++
++ if (data->child_stdout_source != NULL)
++ {
++ g_source_destroy (data->child_stdout_source);
++ data->child_stdout_source = NULL;
++ }
++ if (data->child_stderr_source != NULL)
++ {
++ g_source_destroy (data->child_stderr_source);
++ data->child_stderr_source = NULL;
++ }
++
++ if (data->child_stdout_fd != -1)
++ {
++ g_warn_if_fail (close (data->child_stdout_fd) == 0);
++ data->child_stdout_fd = -1;
++ }
++ if (data->child_stderr_fd != -1)
++ {
++ g_warn_if_fail (close (data->child_stderr_fd) == 0);
++ data->child_stderr_fd = -1;
++ }
++
++ if (data->cancellable_handler_id > 0)
++ {
++ g_cancellable_disconnect (data->cancellable, data->cancellable_handler_id);
++ data->cancellable_handler_id = 0;
++ }
++
++ if (data->main_context != NULL)
++ g_main_context_unref (data->main_context);
++
++ if (data->cancellable != NULL)
++ g_object_unref (data->cancellable);
++
++ g_slice_free (UtilsSpawnData, data);
++}
++
++/* called in the thread where @cancellable was cancelled */
++static void
++utils_on_cancelled (GCancellable *cancellable,
++ gpointer user_data)
++{
++ UtilsSpawnData *data = user_data;
++ GError *error;
++
++ error = NULL;
++ g_warn_if_fail (g_cancellable_set_error_if_cancelled (cancellable, &error));
++ g_simple_async_result_take_error (data->simple, error);
++ g_simple_async_result_complete_in_idle (data->simple);
++ g_object_unref (data->simple);
++}
++
++static gboolean
++utils_read_child_stderr (GIOChannel *channel,
++ GIOCondition condition,
++ gpointer user_data)
++{
++ UtilsSpawnData *data = user_data;
++ gchar buf[1024];
++ gsize bytes_read;
++
++ g_io_channel_read_chars (channel, buf, sizeof buf, &bytes_read, NULL);
++ g_string_append_len (data->child_stderr, buf, bytes_read);
++ return TRUE;
++}
++
++static gboolean
++utils_read_child_stdout (GIOChannel *channel,
++ GIOCondition condition,
++ gpointer user_data)
++{
++ UtilsSpawnData *data = user_data;
++ gchar buf[1024];
++ gsize bytes_read;
++
++ g_io_channel_read_chars (channel, buf, sizeof buf, &bytes_read, NULL);
++ g_string_append_len (data->child_stdout, buf, bytes_read);
++ return TRUE;
++}
++
++static void
++utils_child_watch_cb (GPid pid,
++ gint status,
++ gpointer user_data)
++{
++ UtilsSpawnData *data = user_data;
++ gchar *buf;
++ gsize buf_size;
++
++ if (g_io_channel_read_to_end (data->child_stdout_channel, &buf, &buf_size, NULL) == G_IO_STATUS_NORMAL)
++ {
++ g_string_append_len (data->child_stdout, buf, buf_size);
++ g_free (buf);
++ }
++ if (g_io_channel_read_to_end (data->child_stderr_channel, &buf, &buf_size, NULL) == G_IO_STATUS_NORMAL)
++ {
++ g_string_append_len (data->child_stderr, buf, buf_size);
++ g_free (buf);
++ }
++
++ data->exit_status = status;
++
++ /* ok, child watch is history, make sure we don't free it in spawn_data_free() */
++ data->child_pid = 0;
++ data->child_watch_source = NULL;
++
++ /* we're done */
++ g_simple_async_result_complete_in_idle (data->simple);
++ g_object_unref (data->simple);
++}
++
++static gboolean
++utils_timeout_cb (gpointer user_data)
++{
++ UtilsSpawnData *data = user_data;
++
++ data->timed_out = TRUE;
++
++ /* ok, timeout is history, make sure we don't free it in spawn_data_free() */
++ data->timeout_source = NULL;
++
++ /* we're done */
++ g_simple_async_result_complete_in_idle (data->simple);
++ g_object_unref (data->simple);
++
++ return FALSE; /* remove source */
++}
++
++static void
++utils_spawn (const gchar *const *argv,
++ guint timeout_seconds,
++ GCancellable *cancellable,
++ GAsyncReadyCallback callback,
++ gpointer user_data)
++{
++ UtilsSpawnData *data;
++ GError *error;
++
++ data = g_slice_new0 (UtilsSpawnData);
++ data->timeout_seconds = timeout_seconds;
++ data->simple = g_simple_async_result_new (NULL,
++ callback,
++ user_data,
++ utils_spawn);
++ data->main_context = g_main_context_get_thread_default ();
++ if (data->main_context != NULL)
++ g_main_context_ref (data->main_context);
++
++ data->cancellable = cancellable != NULL ? g_object_ref (cancellable) : NULL;
++
++ data->child_stdout = g_string_new (NULL);
++ data->child_stderr = g_string_new (NULL);
++ data->child_stdout_fd = -1;
++ data->child_stderr_fd = -1;
++
++ /* the life-cycle of UtilsSpawnData is tied to its GSimpleAsyncResult */
++ g_simple_async_result_set_op_res_gpointer (data->simple, data, (GDestroyNotify) utils_spawn_data_free);
++
++ error = NULL;
++ if (data->cancellable != NULL)
++ {
++ /* could already be cancelled */
++ error = NULL;
++ if (g_cancellable_set_error_if_cancelled (data->cancellable, &error))
++ {
++ g_simple_async_result_take_error (data->simple, error);
++ g_simple_async_result_complete_in_idle (data->simple);
++ g_object_unref (data->simple);
++ goto out;
++ }
++
++ data->cancellable_handler_id = g_cancellable_connect (data->cancellable,
++ G_CALLBACK (utils_on_cancelled),
++ data,
++ NULL);
++ }
++
++ error = NULL;
++ if (!g_spawn_async_with_pipes (NULL, /* working directory */
++ (gchar **) argv,
++ NULL, /* envp */
++ G_SPAWN_SEARCH_PATH | G_SPAWN_DO_NOT_REAP_CHILD,
++ NULL, /* child_setup */
++ NULL, /* child_setup's user_data */
++ &(data->child_pid),
++ NULL, /* gint *stdin_fd */
++ &(data->child_stdout_fd),
++ &(data->child_stderr_fd),
++ &error))
++ {
++ g_prefix_error (&error, "Error spawning: ");
++ g_simple_async_result_take_error (data->simple, error);
++ g_simple_async_result_complete_in_idle (data->simple);
++ g_object_unref (data->simple);
++ goto out;
++ }
++
++ if (timeout_seconds > 0)
++ {
++ data->timeout_source = g_timeout_source_new_seconds (timeout_seconds);
++ g_source_set_priority (data->timeout_source, G_PRIORITY_DEFAULT);
++ g_source_set_callback (data->timeout_source, utils_timeout_cb, data, NULL);
++ g_source_attach (data->timeout_source, data->main_context);
++ g_source_unref (data->timeout_source);
++ }
++
++ data->child_watch_source = g_child_watch_source_new (data->child_pid);
++ g_source_set_callback (data->child_watch_source, (GSourceFunc) utils_child_watch_cb, data, NULL);
++ g_source_attach (data->child_watch_source, data->main_context);
++ g_source_unref (data->child_watch_source);
++
++ data->child_stdout_channel = g_io_channel_unix_new (data->child_stdout_fd);
++ g_io_channel_set_flags (data->child_stdout_channel, G_IO_FLAG_NONBLOCK, NULL);
++ data->child_stdout_source = g_io_create_watch (data->child_stdout_channel, G_IO_IN);
++ g_source_set_callback (data->child_stdout_source, (GSourceFunc) utils_read_child_stdout, data, NULL);
++ g_source_attach (data->child_stdout_source, data->main_context);
++ g_source_unref (data->child_stdout_source);
++
++ data->child_stderr_channel = g_io_channel_unix_new (data->child_stderr_fd);
++ g_io_channel_set_flags (data->child_stderr_channel, G_IO_FLAG_NONBLOCK, NULL);
++ data->child_stderr_source = g_io_create_watch (data->child_stderr_channel, G_IO_IN);
++ g_source_set_callback (data->child_stderr_source, (GSourceFunc) utils_read_child_stderr, data, NULL);
++ g_source_attach (data->child_stderr_source, data->main_context);
++ g_source_unref (data->child_stderr_source);
++
++ out:
++ ;
++}
++
++gboolean
++utils_spawn_finish (GAsyncResult *res,
++ gint *out_exit_status,
++ gchar **out_standard_output,
++ gchar **out_standard_error,
++ GError **error)
++{
++ GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (res);
++ UtilsSpawnData *data;
++ gboolean ret = FALSE;
++
++ g_return_val_if_fail (G_IS_ASYNC_RESULT (res), FALSE);
++ g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
++
++ g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == utils_spawn);
++
++ if (g_simple_async_result_propagate_error (simple, error))
++ goto out;
++
++ data = g_simple_async_result_get_op_res_gpointer (simple);
++
++ if (data->timed_out)
++ {
++ g_set_error (error,
++ G_IO_ERROR,
++ G_IO_ERROR_TIMED_OUT,
++ "Timed out after %d seconds",
++ data->timeout_seconds);
++ goto out;
++ }
++
++ if (out_exit_status != NULL)
++ *out_exit_status = data->exit_status;
++
++ if (out_standard_output != NULL)
++ *out_standard_output = g_strdup (data->child_stdout->str);
++
++ if (out_standard_error != NULL)
++ *out_standard_error = g_strdup (data->child_stderr->str);
++
++ ret = TRUE;
++
++ out:
++ return ret;
++}
diff --git a/sys-auth/polkit/files/polkit-0.118-elogind.patch b/sys-auth/polkit/files/polkit-0.118-elogind.patch
new file mode 100644
index 0000000..93d6720
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.118-elogind.patch
@@ -0,0 +1,28 @@
+From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
+From: Rasmus Thomsen <cogitri@exherbo.org>
+Date: Wed, 11 Apr 2018 13:14:14 +0200
+Subject: [PATCH] configure: fix elogind support
+
+HAVE_LIBSYSTEMD is used to determine which source files to use.
+We have to check if either have_libsystemd or have_libelogind is
+true, as both of these need the source files which are used when
+HAVE_LIBSYSTEMD is true.
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 36df239..da47ecb 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
+
+ AC_SUBST(LIBSYSTEMD_CFLAGS)
+ AC_SUBST(LIBSYSTEMD_LIBS)
+-AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
++AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd])
+
+ dnl ---------------------------------------------------------------------------
+ dnl - systemd unit / service files
+--
+2.17.0
diff --git a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
new file mode 100644
index 0000000..aef30ef
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
@@ -0,0 +1,219 @@
+diff --git a/configure.ac b/configure.ac
+index 4809dc9..d1ea325 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+ [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+
+-AC_CHECK_FUNCS(clearenv fdatasync)
++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
+
+ if test "x$GCC" = "xyes"; then
+ LDFLAGS="-Wl,--as-needed $LDFLAGS"
+diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
+index 3aa1f7f..793f17d 100644
+--- a/src/polkit/polkitidentity.c
++++ b/src/polkit/polkitidentity.c
+@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
+ }
+ else if (g_str_has_prefix (str, "unix-netgroup:"))
+ {
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine ('%s')",
++ str);
++#else
+ identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
++#endif
+ }
+
+ if (identity == NULL && (error != NULL && *error == NULL))
+@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ GVariant *v;
+ const char *name;
+
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine");
++ goto out;
++#else
++
+ v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
+ if (v == NULL)
+ {
+@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ name = g_variant_get_string (v, NULL);
+ ret = polkit_unix_netgroup_new (name);
+ g_variant_unref (v);
++#endif
+ }
+ else
+ {
+diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
+index 8a2b369..83f8d4a 100644
+--- a/src/polkit/polkitunixnetgroup.c
++++ b/src/polkit/polkitunixnetgroup.c
+@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
+ PolkitIdentity *
+ polkit_unix_netgroup_new (const gchar *name)
+ {
++#ifndef HAVE_SETNETGRENT
++ g_assert_not_reached();
++#endif
+ g_return_val_if_fail (name != NULL, NULL);
+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
+ "name", name,
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 056d9a8..36c2f3d 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
+ GList *ret;
+
+ ret = NULL;
++#ifdef HAVE_SETNETGRENT
+ name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
+
+-#ifdef HAVE_SETNETGRENT_RETURN
++# ifdef HAVE_SETNETGRENT_RETURN
+ if (setnetgrent (name) == 0)
+ {
+ g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
+ goto out;
+ }
+-#else
++# else
+ setnetgrent (name);
+-#endif
++# endif /* HAVE_SETNETGRENT_RETURN */
+
+ for (;;)
+ {
+-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
+ const char *hostname, *username, *domainname;
+-#else
++# else
+ char *hostname, *username, *domainname;
+-#endif
++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
+ PolkitIdentity *user;
+ GError *error = NULL;
+
+@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,
+
+ out:
+ endnetgrent ();
++#endif /* HAVE_SETNETGRENT */
+ return ret;
+ }
+
+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
+index 1d91103..366cbdf 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+
+ JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
+
++#ifdef HAVE_SETNETGRENT
+ JS::RootedString usrstr (authority->priv->cx);
+ usrstr = args[0].toString();
+ user = JS_EncodeStringToUTF8 (cx, usrstr);
+@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+ {
+ is_in_netgroup = true;
+ }
++#endif
+
+ ret = true;
+
+diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
+index e91967b..e829aaa 100644
+--- a/test/polkit/polkitidentitytest.c
++++ b/test/polkit/polkitidentitytest.c
+@@ -19,6 +19,7 @@
+ * Author: Nikki VonHollen <vonhollen@google.com>
+ */
+
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <polkit/polkitprivate.h>
+@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
+ {"unix-group:root", "unix-group:jane", FALSE},
+ {"unix-group:jane", "unix-group:jane", TRUE},
+
++#ifdef HAVE_SETNETGRENT
+ {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
+ {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
++#endif
+
+ {"unix-user:root", "unix-group:root", FALSE},
++#ifdef HAVE_SETNETGRENT
+ {"unix-user:jane", "unix-netgroup:foo", FALSE},
++#endif
+
+ {NULL},
+ };
+@@ -181,11 +186,13 @@ main (int argc, char *argv[])
+ g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
+ g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
+
++#ifdef HAVE_SETNETGRENT
+ g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
++#endif
+
+ g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
+ g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
+- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
+
+ add_comparison_tests ();
+
+diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
+index 3701ba1..e3352eb 100644
+--- a/test/polkit/polkitunixnetgrouptest.c
++++ b/test/polkit/polkitunixnetgrouptest.c
+@@ -19,6 +19,7 @@
+ * Author: Nikki VonHollen <vonhollen@google.com>
+ */
+
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <string.h>
+@@ -69,7 +70,9 @@ int
+ main (int argc, char *argv[])
+ {
+ g_test_init (&argc, &argv, NULL);
++#ifdef HAVE_SETNETGRENT
+ g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
+ g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
++#endif
+ return g_test_run ();
+ }
+diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
+index 71aad23..fdd28f3 100644
+--- a/test/polkitbackend/test-polkitbackendjsauthority.c
++++ b/test/polkitbackend/test-polkitbackendjsauthority.c
+@@ -137,12 +137,14 @@ test_get_admin_identities (void)
+ "unix-group:users"
+ }
+ },
++#ifdef HAVE_SETNETGRENT
+ {
+ "net.company.action3",
+ {
+ "unix-netgroup:foo"
+ }
+ },
++#endif
+ };
+ guint n;
+
diff --git a/sys-auth/polkit/polkit-0.118-r1.ebuild b/sys-auth/polkit/polkit-0.118-r1.ebuild
new file mode 100644
index 0000000..d70a384
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.118-r1.ebuild
@@ -0,0 +1,134 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE="+elogind examples gtk +introspection kde nls pam selinux systemd test"
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="^^ ( elogind systemd )"
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+ dev-lang/duktape
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+"
+RDEPEND="${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-${PV}-duktape.patch
+ "${FILESDIR}"/${PN}-${PV}-elogind.patch
+ "${FILESDIR}"/${PN}-${PV}-make-netgroup-support-optional.patch
+)
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # disable broken test - bug #624022
+ sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}"/var
+ --disable-static
+ --enable-man-pages
+ --disable-gtk-doc
+ --disable-examples
+ --with-duktape
+ $(use_enable elogind libelogind)
+ $(use_enable introspection)
+ $(use_enable nls)
+ $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+ --with-authfw=$(usex pam pam shadow)
+ $(use_enable systemd libsystemd-login)
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(use_enable test)
+ --with-os-type=gentoo
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ default
+
+ if use examples; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ diropts -m 0700 -o polkitd
+ keepdir /usr/share/polkit-1/rules.d
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2021-02-11 17:32 Jory Pratt
0 siblings, 0 replies; 8+ messages in thread
From: Jory Pratt @ 2021-02-11 17:32 UTC (permalink / raw
To: gentoo-commits
commit: e04dcdbfb09610a266ceee3f3a04b0192c9da311
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 11 17:31:55 2021 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Thu Feb 11 17:31:55 2021 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=e04dcdbf
sys-auth/polkit: misc cleanup, add duktape support
Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
sys-auth/polkit/Manifest | 1 +
sys-auth/polkit/files/polkit-0.118-duktape.patch | 1499 ----------------------
sys-auth/polkit/files/polkit-0.118-elogind.patch | 28 -
sys-auth/polkit/metadata.xml | 1 +
sys-auth/polkit/polkit-0.118-r1.ebuild | 18 +-
5 files changed, 12 insertions(+), 1535 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index c1e90f0..7eb759b 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,3 +1,4 @@
DIST polkit-0.116.tar.gz 1548311 BLAKE2B e9761a2934136d453a47b81dd1f132f9fc96c45b731d5fceb2aa7706f5325b6499f6acbb68032befc1b21878b1b54754685607c916ca8e02a8accca3ca014b31 SHA512 b66b01cc2bb4349de70147f41f161f0f6f41e7230b581dfb054058b48969ec57041ab05b51787c749ccfc36aa5f317952d7e7ba337b4f6f6c0a923ed5866c2d5
DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70
+DIST polkit-0.118-duktape.patch 50144 BLAKE2B 83be77ed93596bd44306b8e5b677497c6e4dab3a16626a32849abb3d91b527ad1e3a1436dcd7389ca5794ea1d7efaa3d5acc950f868fcda85b4bab75ad54205a SHA512 dec31b81678a5436ddeef633d668c735d3c7128d6b5fb7b5dda2d06e8cf40ce9093813e9fbc8870475321d6fcdef3395bf3dd0db7ed214f0f45b19bf47c8a867
DIST polkit-0.118.tar.gz 1556765 BLAKE2B d048b37b1ff8ad59a2d8a333a3b459d1592b61f7a6d9a9569f8b2984de913d71abfc9748e242c7453f0bce4f322bd44672e35309f181afd22488794ca0e47119 SHA512 3d412f40c903cfaf68530f9c0cb616106f8edf43bec6805de129f8bb9cb4e64c98da6bf02caa3ef5619974f3e2df7a70564f08b92901662453477e9005752b4e
diff --git a/sys-auth/polkit/files/polkit-0.118-duktape.patch b/sys-auth/polkit/files/polkit-0.118-duktape.patch
deleted file mode 100644
index f3f69e3..0000000
--- a/sys-auth/polkit/files/polkit-0.118-duktape.patch
+++ /dev/null
@@ -1,1499 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index 5cedb4eca980f050fb5855ab577e93100adf8fec..6c274869f39d4b65b08f7cdb9e461b5182d297ec 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -79,11 +79,22 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
- AC_SUBST(GLIB_CFLAGS)
- AC_SUBST(GLIB_LIBS)
-
--PKG_CHECK_MODULES(LIBJS, [mozjs-78])
--
--AC_SUBST(LIBJS_CFLAGS)
--AC_SUBST(LIBJS_CXXFLAGS)
--AC_SUBST(LIBJS_LIBS)
-+dnl ---------------------------------------------------------------------------
-+dnl - Check javascript backend
-+dnl ---------------------------------------------------------------------------
-+AC_ARG_WITH(duktape, AS_HELP_STRING([--with-duktape],[Use Duktape as javascript backend]),with_duktape=yes,with_duktape=no)
-+AS_IF([test x${with_duktape} == xyes], [
-+ PKG_CHECK_MODULES(LIBJS, [duktape >= 2.0.0 ])
-+ AC_SUBST(LIBJS_CFLAGS)
-+ AC_SUBST(LIBJS_LIBS)
-+], [
-+ PKG_CHECK_MODULES(LIBJS, [mozjs-78])
-+
-+ AC_SUBST(LIBJS_CFLAGS)
-+ AC_SUBST(LIBJS_CXXFLAGS)
-+ AC_SUBST(LIBJS_LIBS)
-+])
-+AM_CONDITIONAL(USE_DUKTAPE, [test x$with_duktape == xyes], [Using duktape as javascript engine library])
-
- EXPAT_LIB=""
- AC_ARG_WITH(expat, [ --with-expat=<dir> Use expat from here],
-@@ -580,6 +591,13 @@ echo "
- PAM support: ${have_pam}
- systemdsystemunitdir: ${systemdsystemunitdir}
- polkitd user: ${POLKITD_USER}"
-+if test "x${with_duktape}" = xyes; then
-+echo "
-+ Javascript engine: Duktape"
-+else
-+echo "
-+ Javascript engine: Mozjs"
-+fi
-
- if test "$have_pam" = yes ; then
- echo "
-diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am
-index e48b739cc0a4e7606be0271ba4b4e3bd33b08545..9572b067effdf6f0dcd1c6b17b2e8c59c1ed6238 100644
---- a/src/polkitbackend/Makefile.am
-+++ b/src/polkitbackend/Makefile.am
-@@ -33,7 +33,7 @@ libpolkit_backend_1_la_SOURCES = \
- polkitbackendprivate.h \
- polkitbackendauthority.h polkitbackendauthority.c \
- polkitbackendinteractiveauthority.h polkitbackendinteractiveauthority.c \
-- polkitbackendjsauthority.h polkitbackendjsauthority.cpp \
-+ polkitbackendjsauthority.h \
- polkitbackendactionpool.h polkitbackendactionpool.c \
- polkitbackendactionlookup.h polkitbackendactionlookup.c \
- $(NULL)
-@@ -51,19 +51,27 @@ libpolkit_backend_1_la_CFLAGS = \
- -D_POLKIT_BACKEND_COMPILATION \
- $(GLIB_CFLAGS) \
- $(LIBSYSTEMD_CFLAGS) \
-- $(LIBJS_CFLAGS) \
-+ $(LIBJS_CFLAGS) \
- $(NULL)
-
- libpolkit_backend_1_la_CXXFLAGS = $(libpolkit_backend_1_la_CFLAGS)
-
- libpolkit_backend_1_la_LIBADD = \
- $(GLIB_LIBS) \
-+ $(DUKTAPE_LIBS) \
- $(LIBSYSTEMD_LIBS) \
- $(top_builddir)/src/polkit/libpolkit-gobject-1.la \
- $(EXPAT_LIBS) \
-- $(LIBJS_LIBS) \
-+ $(LIBJS_LIBS) \
- $(NULL)
-
-+if USE_DUKTAPE
-+libpolkit_backend_1_la_SOURCES += polkitbackendduktapeauthority.c
-+libpolkit_backend_1_la_LIBADD += -lm
-+else
-+libpolkit_backend_1_la_SOURCES += polkitbackendjsauthority.cpp
-+endif
-+
- rulesdir = $(sysconfdir)/polkit-1/rules.d
- rules_DATA = 50-default.rules
-
-diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c
-new file mode 100644
-index 0000000000000000000000000000000000000000..ae984535ed88003ab1b0965e3e109a848479c047
---- /dev/null
-+++ b/src/polkitbackend/polkitbackendduktapeauthority.c
-@@ -0,0 +1,1404 @@
-+/*
-+ * Copyright (C) 2008-2012 Red Hat, Inc.
-+ * Copyright (C) 2015 Tangent Space <jstpierre@mecheye.net>
-+ * Copyright (C) 2019 Wu Xiaotian <yetist@gmail.com>
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * Public License along with this library; if not, write to the
-+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
-+ * Boston, MA 02111-1307, USA.
-+ *
-+ * Author: David Zeuthen <davidz@redhat.com>
-+ */
-+
-+#include "config.h"
-+#include <sys/wait.h>
-+#include <errno.h>
-+#include <pwd.h>
-+#include <grp.h>
-+#include <netdb.h>
-+#include <string.h>
-+#include <glib/gstdio.h>
-+#include <locale.h>
-+#include <glib/gi18n-lib.h>
-+
-+#include <polkit/polkit.h>
-+#include "polkitbackendjsauthority.h"
-+
-+#include <polkit/polkitprivate.h>
-+
-+#ifdef HAVE_LIBSYSTEMD
-+#include <systemd/sd-login.h>
-+#endif /* HAVE_LIBSYSTEMD */
-+
-+#include "initjs.h" /* init.js */
-+#include "duktape.h"
-+
-+/**
-+ * SECTION:polkitbackendjsauthority
-+ * @title: PolkitBackendJsAuthority
-+ * @short_description: JS Authority
-+ * @stability: Unstable
-+ *
-+ * An implementation of #PolkitBackendAuthority that reads and
-+ * evalates Javascript files and supports interaction with
-+ * authentication agents (virtue of being based on
-+ * #PolkitBackendInteractiveAuthority).
-+ */
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+struct _PolkitBackendJsAuthorityPrivate
-+{
-+ gchar **rules_dirs;
-+ GFileMonitor **dir_monitors; /* NULL-terminated array of GFileMonitor instances */
-+ duk_context *cx;
-+};
-+
-+#define WATCHDOG_TIMEOUT (15 * G_TIME_SPAN_SECOND)
-+
-+static void utils_spawn (const gchar *const *argv,
-+ guint timeout_seconds,
-+ GCancellable *cancellable,
-+ GAsyncReadyCallback callback,
-+ gpointer user_data);
-+
-+gboolean utils_spawn_finish (GAsyncResult *res,
-+ gint *out_exit_status,
-+ gchar **out_standard_output,
-+ gchar **out_standard_error,
-+ GError **error);
-+
-+static void on_dir_monitor_changed (GFileMonitor *monitor,
-+ GFile *file,
-+ GFile *other_file,
-+ GFileMonitorEvent event_type,
-+ gpointer user_data);
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+enum
-+{
-+ PROP_0,
-+ PROP_RULES_DIRS,
-+};
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+static GList *polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority,
-+ PolkitSubject *caller,
-+ PolkitSubject *subject,
-+ PolkitIdentity *user_for_subject,
-+ gboolean subject_is_local,
-+ gboolean subject_is_active,
-+ const gchar *action_id,
-+ PolkitDetails *details);
-+
-+static PolkitImplicitAuthorization polkit_backend_js_authority_check_authorization_sync (
-+ PolkitBackendInteractiveAuthority *authority,
-+ PolkitSubject *caller,
-+ PolkitSubject *subject,
-+ PolkitIdentity *user_for_subject,
-+ gboolean subject_is_local,
-+ gboolean subject_is_active,
-+ const gchar *action_id,
-+ PolkitDetails *details,
-+ PolkitImplicitAuthorization implicit);
-+
-+G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY);
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+static void
-+polkit_backend_js_authority_init (PolkitBackendJsAuthority *authority)
-+{
-+ authority->priv = G_TYPE_INSTANCE_GET_PRIVATE (authority,
-+ POLKIT_BACKEND_TYPE_JS_AUTHORITY,
-+ PolkitBackendJsAuthorityPrivate);
-+}
-+
-+static gint
-+rules_file_name_cmp (const gchar *a,
-+ const gchar *b)
-+{
-+ gint ret;
-+ const gchar *a_base;
-+ const gchar *b_base;
-+
-+ a_base = strrchr (a, '/');
-+ b_base = strrchr (b, '/');
-+
-+ g_assert (a_base != NULL);
-+ g_assert (b_base != NULL);
-+ a_base += 1;
-+ b_base += 1;
-+
-+ ret = g_strcmp0 (a_base, b_base);
-+ if (ret == 0)
-+ {
-+ /* /etc wins over /usr */
-+ ret = g_strcmp0 (a, b);
-+ g_assert (ret != 0);
-+ }
-+
-+ return ret;
-+}
-+
-+static void
-+load_scripts (PolkitBackendJsAuthority *authority)
-+{
-+ duk_context *cx = authority->priv->cx;
-+ GList *files = NULL;
-+ GList *l;
-+ guint num_scripts = 0;
-+ GError *error = NULL;
-+ guint n;
-+
-+ files = NULL;
-+
-+ for (n = 0; authority->priv->rules_dirs != NULL && authority->priv->rules_dirs[n] != NULL; n++)
-+ {
-+ const gchar *dir_name = authority->priv->rules_dirs[n];
-+ GDir *dir = NULL;
-+
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Loading rules from directory %s",
-+ dir_name);
-+
-+ dir = g_dir_open (dir_name,
-+ 0,
-+ &error);
-+ if (dir == NULL)
-+ {
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Error opening rules directory: %s (%s, %d)",
-+ error->message, g_quark_to_string (error->domain), error->code);
-+ g_clear_error (&error);
-+ }
-+ else
-+ {
-+ const gchar *name;
-+ while ((name = g_dir_read_name (dir)) != NULL)
-+ {
-+ if (g_str_has_suffix (name, ".rules"))
-+ files = g_list_prepend (files, g_strdup_printf ("%s/%s", dir_name, name));
-+ }
-+ g_dir_close (dir);
-+ }
-+ }
-+
-+ files = g_list_sort (files, (GCompareFunc) rules_file_name_cmp);
-+
-+ for (l = files; l != NULL; l = l->next)
-+ {
-+ const gchar *filename = l->data;
-+
-+#if (DUK_VERSION >= 20000)
-+ gchar *contents;
-+ gsize length;
-+ GError *error = NULL;
-+ if (!g_file_get_contents (filename, &contents, &length, &error)){
-+ g_warning("Error when file contents of %s: %s\n", filename, error->message);
-+ g_error_free (error);
-+ continue;
-+ }
-+ if (duk_peval_lstring_noresult(cx, contents,length) != 0)
-+#else
-+ if (duk_peval_file_noresult (cx, filename) != 0)
-+#endif
-+ {
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Error compiling script %s: %s",
-+ filename, duk_safe_to_string (authority->priv->cx, -1));
-+#if (DUK_VERSION >= 20000)
-+ g_free (contents);
-+#endif
-+ continue;
-+ }
-+#if (DUK_VERSION >= 20000)
-+ g_free (contents);
-+#endif
-+ num_scripts++;
-+ }
-+
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Finished loading, compiling and executing %d rules",
-+ num_scripts);
-+ g_list_free_full (files, g_free);
-+}
-+
-+static void
-+reload_scripts (PolkitBackendJsAuthority *authority)
-+{
-+ duk_context *cx = authority->priv->cx;
-+
-+ duk_set_top (cx, 0);
-+ duk_get_global_string (cx, "polkit");
-+ duk_push_string (cx, "_deleteRules");
-+
-+ duk_call_prop (cx, 0, 0);
-+
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Collecting garbage unconditionally...");
-+
-+ load_scripts (authority);
-+
-+ /* Let applications know we have new rules... */
-+ g_signal_emit_by_name (authority, "changed");
-+}
-+
-+static void
-+on_dir_monitor_changed (GFileMonitor *monitor,
-+ GFile *file,
-+ GFile *other_file,
-+ GFileMonitorEvent event_type,
-+ gpointer user_data)
-+{
-+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (user_data);
-+
-+ /* TODO: maybe rate-limit so storms of events are collapsed into one with a 500ms resolution?
-+ * Because when editing a file with emacs we get 4-8 events..
-+ */
-+
-+ if (file != NULL)
-+ {
-+ gchar *name;
-+
-+ name = g_file_get_basename (file);
-+
-+ /* g_print ("event_type=%d file=%p name=%s\n", event_type, file, name); */
-+ if (!g_str_has_prefix (name, ".") &&
-+ !g_str_has_prefix (name, "#") &&
-+ g_str_has_suffix (name, ".rules") &&
-+ (event_type == G_FILE_MONITOR_EVENT_CREATED ||
-+ event_type == G_FILE_MONITOR_EVENT_DELETED ||
-+ event_type == G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT))
-+ {
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Reloading rules");
-+ reload_scripts (authority);
-+ }
-+ g_free (name);
-+ }
-+}
-+
-+
-+static void
-+setup_file_monitors (PolkitBackendJsAuthority *authority)
-+{
-+ guint n;
-+ GPtrArray *p;
-+
-+ p = g_ptr_array_new ();
-+ for (n = 0; authority->priv->rules_dirs != NULL && authority->priv->rules_dirs[n] != NULL; n++)
-+ {
-+ GFile *file;
-+ GError *error;
-+ GFileMonitor *monitor;
-+
-+ file = g_file_new_for_path (authority->priv->rules_dirs[n]);
-+ error = NULL;
-+ monitor = g_file_monitor_directory (file,
-+ G_FILE_MONITOR_NONE,
-+ NULL,
-+ &error);
-+ g_object_unref (file);
-+ if (monitor == NULL)
-+ {
-+ g_warning ("Error monitoring directory %s: %s",
-+ authority->priv->rules_dirs[n],
-+ error->message);
-+ g_clear_error (&error);
-+ }
-+ else
-+ {
-+ g_signal_connect (monitor,
-+ "changed",
-+ G_CALLBACK (on_dir_monitor_changed),
-+ authority);
-+ g_ptr_array_add (p, monitor);
-+ }
-+ }
-+ g_ptr_array_add (p, NULL);
-+ authority->priv->dir_monitors = (GFileMonitor**) g_ptr_array_free (p, FALSE);
-+}
-+
-+static duk_ret_t js_polkit_log (duk_context *cx);
-+static duk_ret_t js_polkit_spawn (duk_context *cx);
-+static duk_ret_t js_polkit_user_is_in_netgroup (duk_context *cx);
-+
-+static const duk_function_list_entry js_polkit_functions[] =
-+{
-+ { "log", js_polkit_log, 1 },
-+ { "spawn", js_polkit_spawn, 1 },
-+ { "_userIsInNetGroup", js_polkit_user_is_in_netgroup, 2 },
-+ { NULL, NULL, 0 },
-+};
-+
-+static void
-+polkit_backend_js_authority_constructed (GObject *object)
-+{
-+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object);
-+ duk_context *cx;
-+
-+ cx = duk_create_heap (NULL, NULL, NULL, authority, NULL);
-+ if (cx == NULL)
-+ goto fail;
-+
-+ authority->priv->cx = cx;
-+
-+ duk_push_global_object (cx);
-+ duk_push_object (cx);
-+ duk_put_function_list (cx, -1, js_polkit_functions);
-+ duk_put_prop_string (cx, -2, "polkit");
-+
-+ duk_eval_string (cx, init_js);
-+
-+ if (authority->priv->rules_dirs == NULL)
-+ {
-+ authority->priv->rules_dirs = g_new0 (gchar *, 3);
-+ authority->priv->rules_dirs[0] = g_strdup (PACKAGE_SYSCONF_DIR "/polkit-1/rules.d");
-+ authority->priv->rules_dirs[1] = g_strdup (PACKAGE_DATA_DIR "/polkit-1/rules.d");
-+ }
-+
-+ setup_file_monitors (authority);
-+ load_scripts (authority);
-+
-+ G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->constructed (object);
-+ return;
-+
-+ fail:
-+ g_critical ("Error initializing JavaScript environment");
-+ g_assert_not_reached ();
-+}
-+
-+static void
-+polkit_backend_js_authority_finalize (GObject *object)
-+{
-+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object);
-+ guint n;
-+
-+ for (n = 0; authority->priv->dir_monitors != NULL && authority->priv->dir_monitors[n] != NULL; n++)
-+ {
-+ GFileMonitor *monitor = authority->priv->dir_monitors[n];
-+ g_signal_handlers_disconnect_by_func (monitor,
-+ G_CALLBACK (on_dir_monitor_changed),
-+ authority);
-+ g_object_unref (monitor);
-+ }
-+ g_free (authority->priv->dir_monitors);
-+ g_strfreev (authority->priv->rules_dirs);
-+
-+ duk_destroy_heap (authority->priv->cx);
-+
-+ G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->finalize (object);
-+}
-+
-+static void
-+polkit_backend_js_authority_set_property (GObject *object,
-+ guint property_id,
-+ const GValue *value,
-+ GParamSpec *pspec)
-+{
-+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object);
-+
-+ switch (property_id)
-+ {
-+ case PROP_RULES_DIRS:
-+ g_assert (authority->priv->rules_dirs == NULL);
-+ authority->priv->rules_dirs = (gchar **) g_value_dup_boxed (value);
-+ break;
-+
-+ default:
-+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
-+ break;
-+ }
-+}
-+
-+static const gchar *
-+polkit_backend_js_authority_get_name (PolkitBackendAuthority *authority)
-+{
-+ return "js";
-+}
-+
-+static const gchar *
-+polkit_backend_js_authority_get_version (PolkitBackendAuthority *authority)
-+{
-+ return PACKAGE_VERSION;
-+}
-+
-+static PolkitAuthorityFeatures
-+polkit_backend_js_authority_get_features (PolkitBackendAuthority *authority)
-+{
-+ return POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION;
-+}
-+
-+static void
-+polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass)
-+{
-+ GObjectClass *gobject_class;
-+ PolkitBackendAuthorityClass *authority_class;
-+ PolkitBackendInteractiveAuthorityClass *interactive_authority_class;
-+
-+
-+ gobject_class = G_OBJECT_CLASS (klass);
-+ gobject_class->finalize = polkit_backend_js_authority_finalize;
-+ gobject_class->set_property = polkit_backend_js_authority_set_property;
-+ gobject_class->constructed = polkit_backend_js_authority_constructed;
-+
-+ authority_class = POLKIT_BACKEND_AUTHORITY_CLASS (klass);
-+ authority_class->get_name = polkit_backend_js_authority_get_name;
-+ authority_class->get_version = polkit_backend_js_authority_get_version;
-+ authority_class->get_features = polkit_backend_js_authority_get_features;
-+
-+ interactive_authority_class = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS (klass);
-+ interactive_authority_class->get_admin_identities = polkit_backend_js_authority_get_admin_auth_identities;
-+ interactive_authority_class->check_authorization_sync = polkit_backend_js_authority_check_authorization_sync;
-+
-+ g_object_class_install_property (gobject_class,
-+ PROP_RULES_DIRS,
-+ g_param_spec_boxed ("rules-dirs",
-+ NULL,
-+ NULL,
-+ G_TYPE_STRV,
-+ G_PARAM_CONSTRUCT_ONLY | G_PARAM_WRITABLE));
-+
-+
-+ g_type_class_add_private (klass, sizeof (PolkitBackendJsAuthorityPrivate));
-+}
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+static void
-+set_property_str (duk_context *cx,
-+ const gchar *name,
-+ const gchar *value)
-+{
-+ duk_push_string (cx, value);
-+ duk_put_prop_string (cx, -2, name);
-+}
-+
-+static void
-+set_property_strv (duk_context *cx,
-+ const gchar *name,
-+ GPtrArray *value)
-+{
-+ guint n;
-+ duk_push_array (cx);
-+ for (n = 0; n < value->len; n++)
-+ {
-+ duk_push_string (cx, g_ptr_array_index (value, n));
-+ duk_put_prop_index (cx, -2, n);
-+ }
-+ duk_put_prop_string (cx, -2, name);
-+}
-+
-+static void
-+set_property_int32 (duk_context *cx,
-+ const gchar *name,
-+ gint32 value)
-+{
-+ duk_push_int (cx, value);
-+ duk_put_prop_string (cx, -2, name);
-+}
-+
-+static void
-+set_property_bool (duk_context *cx,
-+ const char *name,
-+ gboolean value)
-+{
-+ duk_push_boolean (cx, value);
-+ duk_put_prop_string (cx, -2, name);
-+}
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+static gboolean
-+push_subject (duk_context *cx,
-+ PolkitSubject *subject,
-+ PolkitIdentity *user_for_subject,
-+ gboolean subject_is_local,
-+ gboolean subject_is_active,
-+ GError **error)
-+{
-+ gboolean ret = FALSE;
-+ pid_t pid;
-+ uid_t uid;
-+ gchar *user_name = NULL;
-+ GPtrArray *groups = NULL;
-+ struct passwd *passwd;
-+ char *seat_str = NULL;
-+ char *session_str = NULL;
-+
-+ duk_get_global_string (cx, "Subject");
-+ duk_new (cx, 0);
-+
-+ if (POLKIT_IS_UNIX_PROCESS (subject))
-+ {
-+ pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject));
-+ }
-+ else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
-+ {
-+ PolkitSubject *process;
-+ process = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error);
-+ if (process == NULL)
-+ goto out;
-+ pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (process));
-+ g_object_unref (process);
-+ }
-+ else
-+ {
-+ g_assert_not_reached ();
-+ }
-+
-+#ifdef HAVE_LIBSYSTEMD
-+ if (sd_pid_get_session (pid, &session_str) == 0)
-+ {
-+ if (sd_session_get_seat (session_str, &seat_str) == 0)
-+ {
-+ /* do nothing */
-+ }
-+ }
-+#endif /* HAVE_LIBSYSTEMD */
-+
-+ g_assert (POLKIT_IS_UNIX_USER (user_for_subject));
-+ uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_for_subject));
-+
-+ groups = g_ptr_array_new_with_free_func (g_free);
-+
-+ passwd = getpwuid (uid);
-+ if (passwd == NULL)
-+ {
-+ user_name = g_strdup_printf ("%d", (gint) uid);
-+ g_warning ("Error looking up info for uid %d: %m", (gint) uid);
-+ }
-+ else
-+ {
-+ gid_t gids[512];
-+ int num_gids = 512;
-+
-+ user_name = g_strdup (passwd->pw_name);
-+
-+ if (getgrouplist (passwd->pw_name,
-+ passwd->pw_gid,
-+ gids,
-+ &num_gids) < 0)
-+ {
-+ g_warning ("Error looking up groups for uid %d: %m", (gint) uid);
-+ }
-+ else
-+ {
-+ gint n;
-+ for (n = 0; n < num_gids; n++)
-+ {
-+ struct group *group;
-+ group = getgrgid (gids[n]);
-+ if (group == NULL)
-+ {
-+ g_ptr_array_add (groups, g_strdup_printf ("%d", (gint) gids[n]));
-+ }
-+ else
-+ {
-+ g_ptr_array_add (groups, g_strdup (group->gr_name));
-+ }
-+ }
-+ }
-+ }
-+
-+ set_property_int32 (cx, "pid", pid);
-+ set_property_str (cx, "user", user_name);
-+ set_property_strv (cx, "groups", groups);
-+ set_property_str (cx, "seat", seat_str);
-+ set_property_str (cx, "session", session_str);
-+ set_property_bool (cx, "local", subject_is_local);
-+ set_property_bool (cx, "active", subject_is_active);
-+
-+ ret = TRUE;
-+
-+ out:
-+ free (session_str);
-+ free (seat_str);
-+ g_free (user_name);
-+ if (groups != NULL)
-+ g_ptr_array_unref (groups);
-+
-+ return ret;
-+}
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+static gboolean
-+push_action_and_details (duk_context *cx,
-+ const gchar *action_id,
-+ PolkitDetails *details,
-+ GError **error)
-+{
-+ gchar **keys;
-+ guint n;
-+
-+ duk_get_global_string (cx, "Action");
-+ duk_new (cx, 0);
-+
-+ set_property_str (cx, "id", action_id);
-+
-+ keys = polkit_details_get_keys (details);
-+ for (n = 0; keys != NULL && keys[n] != NULL; n++)
-+ {
-+ gchar *key;
-+ const gchar *value;
-+ key = g_strdup_printf ("_detail_%s", keys[n]);
-+ value = polkit_details_lookup (details, keys[n]);
-+ set_property_str (cx, key, value);
-+ g_free (key);
-+ }
-+ g_strfreev (keys);
-+
-+ return TRUE;
-+}
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+static GList *
-+polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *_authority,
-+ PolkitSubject *caller,
-+ PolkitSubject *subject,
-+ PolkitIdentity *user_for_subject,
-+ gboolean subject_is_local,
-+ gboolean subject_is_active,
-+ const gchar *action_id,
-+ PolkitDetails *details)
-+{
-+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
-+ GList *ret = NULL;
-+ guint n;
-+ GError *error = NULL;
-+ const char *ret_str = NULL;
-+ gchar **ret_strs = NULL;
-+ duk_context *cx = authority->priv->cx;
-+
-+ duk_set_top (cx, 0);
-+ duk_get_global_string (cx, "polkit");
-+ duk_push_string (cx, "_runAdminRules");
-+
-+ if (!push_action_and_details (cx, action_id, details, &error))
-+ {
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Error converting action and details to JS object: %s",
-+ error->message);
-+ g_clear_error (&error);
-+ goto out;
-+ }
-+
-+ if (!push_subject (cx, subject, user_for_subject, subject_is_local, subject_is_active, &error))
-+ {
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Error converting subject to JS object: %s",
-+ error->message);
-+ g_clear_error (&error);
-+ goto out;
-+ }
-+
-+ if (duk_pcall_prop (cx, 0, 2) != DUK_ERR_NONE)
-+ {
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Error evaluating admin rules: ",
-+ duk_safe_to_string (cx, -1));
-+ goto out;
-+ }
-+
-+ ret_str = duk_require_string (cx, -1);
-+
-+ ret_strs = g_strsplit (ret_str, ",", -1);
-+ for (n = 0; ret_strs != NULL && ret_strs[n] != NULL; n++)
-+ {
-+ const gchar *identity_str = ret_strs[n];
-+ PolkitIdentity *identity;
-+
-+ error = NULL;
-+ identity = polkit_identity_from_string (identity_str, &error);
-+ if (identity == NULL)
-+ {
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Identity `%s' is not valid, ignoring: %s",
-+ identity_str, error->message);
-+ g_clear_error (&error);
-+ }
-+ else
-+ {
-+ ret = g_list_prepend (ret, identity);
-+ }
-+ }
-+ ret = g_list_reverse (ret);
-+
-+ out:
-+ g_strfreev (ret_strs);
-+ /* fallback to root password auth */
-+ if (ret == NULL)
-+ ret = g_list_prepend (ret, polkit_unix_user_new (0));
-+
-+ return ret;
-+}
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+static PolkitImplicitAuthorization
-+polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAuthority *_authority,
-+ PolkitSubject *caller,
-+ PolkitSubject *subject,
-+ PolkitIdentity *user_for_subject,
-+ gboolean subject_is_local,
-+ gboolean subject_is_active,
-+ const gchar *action_id,
-+ PolkitDetails *details,
-+ PolkitImplicitAuthorization implicit)
-+{
-+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
-+ PolkitImplicitAuthorization ret = implicit;
-+ GError *error = NULL;
-+ gchar *ret_str = NULL;
-+ gboolean good = FALSE;
-+ duk_context *cx = authority->priv->cx;
-+
-+ duk_set_top (cx, 0);
-+ duk_get_global_string (cx, "polkit");
-+ duk_push_string (cx, "_runRules");
-+
-+ if (!push_action_and_details (cx, action_id, details, &error))
-+ {
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Error converting action and details to JS object: %s",
-+ error->message);
-+ g_clear_error (&error);
-+ goto out;
-+ }
-+
-+ if (!push_subject (cx, subject, user_for_subject, subject_is_local, subject_is_active, &error))
-+ {
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Error converting subject to JS object: %s",
-+ error->message);
-+ g_clear_error (&error);
-+ goto out;
-+ }
-+
-+ if (duk_pcall_prop (cx, 0, 2) != DUK_ERR_NONE)
-+ {
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Error evaluating authorization rules: ",
-+ duk_safe_to_string (cx, -1));
-+ goto out;
-+ }
-+
-+ if (duk_is_null(cx, -1)) {
-+ good = TRUE;
-+ goto out;
-+ }
-+ ret_str = g_strdup (duk_require_string (cx, -1));
-+ if (!polkit_implicit_authorization_from_string (ret_str, &ret))
-+ {
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Returned result `%s' is not valid",
-+ ret_str);
-+ goto out;
-+ }
-+
-+ good = TRUE;
-+
-+ out:
-+ if (!good)
-+ ret = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED;
-+ g_free (ret_str);
-+
-+ return ret;
-+}
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+static duk_ret_t
-+js_polkit_log (duk_context *cx)
-+{
-+ const char *str = duk_require_string (cx, 0);
-+ fprintf (stderr, "%s\n", str);
-+ return 0;
-+}
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+static const gchar *
-+get_signal_name (gint signal_number)
-+{
-+ switch (signal_number)
-+ {
-+#define _HANDLE_SIG(sig) case sig: return #sig;
-+ _HANDLE_SIG (SIGHUP);
-+ _HANDLE_SIG (SIGINT);
-+ _HANDLE_SIG (SIGQUIT);
-+ _HANDLE_SIG (SIGILL);
-+ _HANDLE_SIG (SIGABRT);
-+ _HANDLE_SIG (SIGFPE);
-+ _HANDLE_SIG (SIGKILL);
-+ _HANDLE_SIG (SIGSEGV);
-+ _HANDLE_SIG (SIGPIPE);
-+ _HANDLE_SIG (SIGALRM);
-+ _HANDLE_SIG (SIGTERM);
-+ _HANDLE_SIG (SIGUSR1);
-+ _HANDLE_SIG (SIGUSR2);
-+ _HANDLE_SIG (SIGCHLD);
-+ _HANDLE_SIG (SIGCONT);
-+ _HANDLE_SIG (SIGSTOP);
-+ _HANDLE_SIG (SIGTSTP);
-+ _HANDLE_SIG (SIGTTIN);
-+ _HANDLE_SIG (SIGTTOU);
-+ _HANDLE_SIG (SIGBUS);
-+#ifdef SIGPOLL
-+ _HANDLE_SIG (SIGPOLL);
-+#endif
-+ _HANDLE_SIG (SIGPROF);
-+ _HANDLE_SIG (SIGSYS);
-+ _HANDLE_SIG (SIGTRAP);
-+ _HANDLE_SIG (SIGURG);
-+ _HANDLE_SIG (SIGVTALRM);
-+ _HANDLE_SIG (SIGXCPU);
-+ _HANDLE_SIG (SIGXFSZ);
-+#undef _HANDLE_SIG
-+ default:
-+ break;
-+ }
-+ return "UNKNOWN_SIGNAL";
-+}
-+
-+typedef struct
-+{
-+ GMainLoop *loop;
-+ GAsyncResult *res;
-+} SpawnData;
-+
-+static void
-+spawn_cb (GObject *source_object,
-+ GAsyncResult *res,
-+ gpointer user_data)
-+{
-+ SpawnData *data = user_data;
-+ data->res = g_object_ref (res);
-+ g_main_loop_quit (data->loop);
-+}
-+
-+static duk_ret_t
-+js_polkit_spawn (duk_context *cx)
-+{
-+#if (DUK_VERSION >= 20000)
-+ duk_ret_t ret = DUK_RET_ERROR;
-+#else
-+ duk_ret_t ret = DUK_RET_INTERNAL_ERROR;
-+#endif
-+ gchar *standard_output = NULL;
-+ gchar *standard_error = NULL;
-+ gint exit_status;
-+ GError *error = NULL;
-+ guint32 array_len;
-+ gchar **argv = NULL;
-+ GMainContext *context = NULL;
-+ GMainLoop *loop = NULL;
-+ SpawnData data = {0};
-+ char *err_str = NULL;
-+ guint n;
-+
-+ if (!duk_is_array (cx, 0))
-+ goto out;
-+
-+ array_len = duk_get_length (cx, 0);
-+
-+ argv = g_new0 (gchar*, array_len + 1);
-+ for (n = 0; n < array_len; n++)
-+ {
-+ duk_get_prop_index (cx, 0, n);
-+ argv[n] = g_strdup (duk_to_string (cx, -1));
-+ duk_pop (cx);
-+ }
-+
-+ context = g_main_context_new ();
-+ loop = g_main_loop_new (context, FALSE);
-+
-+ g_main_context_push_thread_default (context);
-+
-+ data.loop = loop;
-+ utils_spawn ((const gchar *const *) argv,
-+ 10, /* timeout_seconds */
-+ NULL, /* cancellable */
-+ spawn_cb,
-+ &data);
-+
-+ g_main_loop_run (loop);
-+
-+ g_main_context_pop_thread_default (context);
-+
-+ if (!utils_spawn_finish (data.res,
-+ &exit_status,
-+ &standard_output,
-+ &standard_error,
-+ &error))
-+ {
-+ err_str = g_strdup_printf ("Error spawning helper: %s (%s, %d)",
-+ error->message, g_quark_to_string (error->domain), error->code);
-+ g_clear_error (&error);
-+ goto out;
-+ }
-+
-+ if (!(WIFEXITED (exit_status) && WEXITSTATUS (exit_status) == 0))
-+ {
-+ GString *gstr;
-+ gstr = g_string_new (NULL);
-+ if (WIFEXITED (exit_status))
-+ {
-+ g_string_append_printf (gstr,
-+ "Helper exited with non-zero exit status %d",
-+ WEXITSTATUS (exit_status));
-+ }
-+ else if (WIFSIGNALED (exit_status))
-+ {
-+ g_string_append_printf (gstr,
-+ "Helper was signaled with signal %s (%d)",
-+ get_signal_name (WTERMSIG (exit_status)),
-+ WTERMSIG (exit_status));
-+ }
-+ g_string_append_printf (gstr, ", stdout=`%s', stderr=`%s'",
-+ standard_output, standard_error);
-+ err_str = g_string_free (gstr, FALSE);
-+ goto out;
-+ }
-+
-+ duk_push_string (cx, standard_output);
-+ ret = 1;
-+
-+ out:
-+ g_strfreev (argv);
-+ g_free (standard_output);
-+ g_free (standard_error);
-+ g_clear_object (&data.res);
-+ if (loop != NULL)
-+ g_main_loop_unref (loop);
-+ if (context != NULL)
-+ g_main_context_unref (context);
-+
-+ if (err_str)
-+ duk_error (cx, DUK_ERR_ERROR, err_str);
-+
-+ return ret;
-+}
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+
-+static duk_ret_t
-+js_polkit_user_is_in_netgroup (duk_context *cx)
-+{
-+ const char *user;
-+ const char *netgroup;
-+ gboolean is_in_netgroup = FALSE;
-+
-+ user = duk_require_string (cx, 0);
-+ netgroup = duk_require_string (cx, 1);
-+
-+#ifdef HAVE_SETNETGRENT
-+ if (innetgr (netgroup,
-+ NULL, /* host */
-+ user,
-+ NULL)) /* domain */
-+ {
-+ is_in_netgroup = TRUE;
-+ }
-+#endif
-+
-+ duk_push_boolean (cx, is_in_netgroup);
-+ return 1;
-+}
-+
-+/* ---------------------------------------------------------------------------------------------------- */
-+
-+typedef struct
-+{
-+ GSimpleAsyncResult *simple; /* borrowed reference */
-+ GMainContext *main_context; /* may be NULL */
-+
-+ GCancellable *cancellable; /* may be NULL */
-+ gulong cancellable_handler_id;
-+
-+ GPid child_pid;
-+ gint child_stdout_fd;
-+ gint child_stderr_fd;
-+
-+ GIOChannel *child_stdout_channel;
-+ GIOChannel *child_stderr_channel;
-+
-+ GSource *child_watch_source;
-+ GSource *child_stdout_source;
-+ GSource *child_stderr_source;
-+
-+ guint timeout_seconds;
-+ gboolean timed_out;
-+ GSource *timeout_source;
-+
-+ GString *child_stdout;
-+ GString *child_stderr;
-+
-+ gint exit_status;
-+} UtilsSpawnData;
-+
-+static void
-+utils_child_watch_from_release_cb (GPid pid,
-+ gint status,
-+ gpointer user_data)
-+{
-+}
-+
-+static void
-+utils_spawn_data_free (UtilsSpawnData *data)
-+{
-+ if (data->timeout_source != NULL)
-+ {
-+ g_source_destroy (data->timeout_source);
-+ data->timeout_source = NULL;
-+ }
-+
-+ /* Nuke the child, if necessary */
-+ if (data->child_watch_source != NULL)
-+ {
-+ g_source_destroy (data->child_watch_source);
-+ data->child_watch_source = NULL;
-+ }
-+
-+ if (data->child_pid != 0)
-+ {
-+ GSource *source;
-+ kill (data->child_pid, SIGTERM);
-+ /* OK, we need to reap for the child ourselves - we don't want
-+ * to use waitpid() because that might block the calling
-+ * thread (the child might handle SIGTERM and use several
-+ * seconds for cleanup/rollback).
-+ *
-+ * So we use GChildWatch instead.
-+ *
-+ * Avoid taking a references to ourselves. but note that we need
-+ * to pass the GSource so we can nuke it once handled.
-+ */
-+ source = g_child_watch_source_new (data->child_pid);
-+ g_source_set_callback (source,
-+ (GSourceFunc) utils_child_watch_from_release_cb,
-+ source,
-+ (GDestroyNotify) g_source_destroy);
-+ g_source_attach (source, data->main_context);
-+ g_source_unref (source);
-+ data->child_pid = 0;
-+ }
-+
-+ if (data->child_stdout != NULL)
-+ {
-+ g_string_free (data->child_stdout, TRUE);
-+ data->child_stdout = NULL;
-+ }
-+
-+ if (data->child_stderr != NULL)
-+ {
-+ g_string_free (data->child_stderr, TRUE);
-+ data->child_stderr = NULL;
-+ }
-+
-+ if (data->child_stdout_channel != NULL)
-+ {
-+ g_io_channel_unref (data->child_stdout_channel);
-+ data->child_stdout_channel = NULL;
-+ }
-+ if (data->child_stderr_channel != NULL)
-+ {
-+ g_io_channel_unref (data->child_stderr_channel);
-+ data->child_stderr_channel = NULL;
-+ }
-+
-+ if (data->child_stdout_source != NULL)
-+ {
-+ g_source_destroy (data->child_stdout_source);
-+ data->child_stdout_source = NULL;
-+ }
-+ if (data->child_stderr_source != NULL)
-+ {
-+ g_source_destroy (data->child_stderr_source);
-+ data->child_stderr_source = NULL;
-+ }
-+
-+ if (data->child_stdout_fd != -1)
-+ {
-+ g_warn_if_fail (close (data->child_stdout_fd) == 0);
-+ data->child_stdout_fd = -1;
-+ }
-+ if (data->child_stderr_fd != -1)
-+ {
-+ g_warn_if_fail (close (data->child_stderr_fd) == 0);
-+ data->child_stderr_fd = -1;
-+ }
-+
-+ if (data->cancellable_handler_id > 0)
-+ {
-+ g_cancellable_disconnect (data->cancellable, data->cancellable_handler_id);
-+ data->cancellable_handler_id = 0;
-+ }
-+
-+ if (data->main_context != NULL)
-+ g_main_context_unref (data->main_context);
-+
-+ if (data->cancellable != NULL)
-+ g_object_unref (data->cancellable);
-+
-+ g_slice_free (UtilsSpawnData, data);
-+}
-+
-+/* called in the thread where @cancellable was cancelled */
-+static void
-+utils_on_cancelled (GCancellable *cancellable,
-+ gpointer user_data)
-+{
-+ UtilsSpawnData *data = user_data;
-+ GError *error;
-+
-+ error = NULL;
-+ g_warn_if_fail (g_cancellable_set_error_if_cancelled (cancellable, &error));
-+ g_simple_async_result_take_error (data->simple, error);
-+ g_simple_async_result_complete_in_idle (data->simple);
-+ g_object_unref (data->simple);
-+}
-+
-+static gboolean
-+utils_read_child_stderr (GIOChannel *channel,
-+ GIOCondition condition,
-+ gpointer user_data)
-+{
-+ UtilsSpawnData *data = user_data;
-+ gchar buf[1024];
-+ gsize bytes_read;
-+
-+ g_io_channel_read_chars (channel, buf, sizeof buf, &bytes_read, NULL);
-+ g_string_append_len (data->child_stderr, buf, bytes_read);
-+ return TRUE;
-+}
-+
-+static gboolean
-+utils_read_child_stdout (GIOChannel *channel,
-+ GIOCondition condition,
-+ gpointer user_data)
-+{
-+ UtilsSpawnData *data = user_data;
-+ gchar buf[1024];
-+ gsize bytes_read;
-+
-+ g_io_channel_read_chars (channel, buf, sizeof buf, &bytes_read, NULL);
-+ g_string_append_len (data->child_stdout, buf, bytes_read);
-+ return TRUE;
-+}
-+
-+static void
-+utils_child_watch_cb (GPid pid,
-+ gint status,
-+ gpointer user_data)
-+{
-+ UtilsSpawnData *data = user_data;
-+ gchar *buf;
-+ gsize buf_size;
-+
-+ if (g_io_channel_read_to_end (data->child_stdout_channel, &buf, &buf_size, NULL) == G_IO_STATUS_NORMAL)
-+ {
-+ g_string_append_len (data->child_stdout, buf, buf_size);
-+ g_free (buf);
-+ }
-+ if (g_io_channel_read_to_end (data->child_stderr_channel, &buf, &buf_size, NULL) == G_IO_STATUS_NORMAL)
-+ {
-+ g_string_append_len (data->child_stderr, buf, buf_size);
-+ g_free (buf);
-+ }
-+
-+ data->exit_status = status;
-+
-+ /* ok, child watch is history, make sure we don't free it in spawn_data_free() */
-+ data->child_pid = 0;
-+ data->child_watch_source = NULL;
-+
-+ /* we're done */
-+ g_simple_async_result_complete_in_idle (data->simple);
-+ g_object_unref (data->simple);
-+}
-+
-+static gboolean
-+utils_timeout_cb (gpointer user_data)
-+{
-+ UtilsSpawnData *data = user_data;
-+
-+ data->timed_out = TRUE;
-+
-+ /* ok, timeout is history, make sure we don't free it in spawn_data_free() */
-+ data->timeout_source = NULL;
-+
-+ /* we're done */
-+ g_simple_async_result_complete_in_idle (data->simple);
-+ g_object_unref (data->simple);
-+
-+ return FALSE; /* remove source */
-+}
-+
-+static void
-+utils_spawn (const gchar *const *argv,
-+ guint timeout_seconds,
-+ GCancellable *cancellable,
-+ GAsyncReadyCallback callback,
-+ gpointer user_data)
-+{
-+ UtilsSpawnData *data;
-+ GError *error;
-+
-+ data = g_slice_new0 (UtilsSpawnData);
-+ data->timeout_seconds = timeout_seconds;
-+ data->simple = g_simple_async_result_new (NULL,
-+ callback,
-+ user_data,
-+ utils_spawn);
-+ data->main_context = g_main_context_get_thread_default ();
-+ if (data->main_context != NULL)
-+ g_main_context_ref (data->main_context);
-+
-+ data->cancellable = cancellable != NULL ? g_object_ref (cancellable) : NULL;
-+
-+ data->child_stdout = g_string_new (NULL);
-+ data->child_stderr = g_string_new (NULL);
-+ data->child_stdout_fd = -1;
-+ data->child_stderr_fd = -1;
-+
-+ /* the life-cycle of UtilsSpawnData is tied to its GSimpleAsyncResult */
-+ g_simple_async_result_set_op_res_gpointer (data->simple, data, (GDestroyNotify) utils_spawn_data_free);
-+
-+ error = NULL;
-+ if (data->cancellable != NULL)
-+ {
-+ /* could already be cancelled */
-+ error = NULL;
-+ if (g_cancellable_set_error_if_cancelled (data->cancellable, &error))
-+ {
-+ g_simple_async_result_take_error (data->simple, error);
-+ g_simple_async_result_complete_in_idle (data->simple);
-+ g_object_unref (data->simple);
-+ goto out;
-+ }
-+
-+ data->cancellable_handler_id = g_cancellable_connect (data->cancellable,
-+ G_CALLBACK (utils_on_cancelled),
-+ data,
-+ NULL);
-+ }
-+
-+ error = NULL;
-+ if (!g_spawn_async_with_pipes (NULL, /* working directory */
-+ (gchar **) argv,
-+ NULL, /* envp */
-+ G_SPAWN_SEARCH_PATH | G_SPAWN_DO_NOT_REAP_CHILD,
-+ NULL, /* child_setup */
-+ NULL, /* child_setup's user_data */
-+ &(data->child_pid),
-+ NULL, /* gint *stdin_fd */
-+ &(data->child_stdout_fd),
-+ &(data->child_stderr_fd),
-+ &error))
-+ {
-+ g_prefix_error (&error, "Error spawning: ");
-+ g_simple_async_result_take_error (data->simple, error);
-+ g_simple_async_result_complete_in_idle (data->simple);
-+ g_object_unref (data->simple);
-+ goto out;
-+ }
-+
-+ if (timeout_seconds > 0)
-+ {
-+ data->timeout_source = g_timeout_source_new_seconds (timeout_seconds);
-+ g_source_set_priority (data->timeout_source, G_PRIORITY_DEFAULT);
-+ g_source_set_callback (data->timeout_source, utils_timeout_cb, data, NULL);
-+ g_source_attach (data->timeout_source, data->main_context);
-+ g_source_unref (data->timeout_source);
-+ }
-+
-+ data->child_watch_source = g_child_watch_source_new (data->child_pid);
-+ g_source_set_callback (data->child_watch_source, (GSourceFunc) utils_child_watch_cb, data, NULL);
-+ g_source_attach (data->child_watch_source, data->main_context);
-+ g_source_unref (data->child_watch_source);
-+
-+ data->child_stdout_channel = g_io_channel_unix_new (data->child_stdout_fd);
-+ g_io_channel_set_flags (data->child_stdout_channel, G_IO_FLAG_NONBLOCK, NULL);
-+ data->child_stdout_source = g_io_create_watch (data->child_stdout_channel, G_IO_IN);
-+ g_source_set_callback (data->child_stdout_source, (GSourceFunc) utils_read_child_stdout, data, NULL);
-+ g_source_attach (data->child_stdout_source, data->main_context);
-+ g_source_unref (data->child_stdout_source);
-+
-+ data->child_stderr_channel = g_io_channel_unix_new (data->child_stderr_fd);
-+ g_io_channel_set_flags (data->child_stderr_channel, G_IO_FLAG_NONBLOCK, NULL);
-+ data->child_stderr_source = g_io_create_watch (data->child_stderr_channel, G_IO_IN);
-+ g_source_set_callback (data->child_stderr_source, (GSourceFunc) utils_read_child_stderr, data, NULL);
-+ g_source_attach (data->child_stderr_source, data->main_context);
-+ g_source_unref (data->child_stderr_source);
-+
-+ out:
-+ ;
-+}
-+
-+gboolean
-+utils_spawn_finish (GAsyncResult *res,
-+ gint *out_exit_status,
-+ gchar **out_standard_output,
-+ gchar **out_standard_error,
-+ GError **error)
-+{
-+ GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (res);
-+ UtilsSpawnData *data;
-+ gboolean ret = FALSE;
-+
-+ g_return_val_if_fail (G_IS_ASYNC_RESULT (res), FALSE);
-+ g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
-+
-+ g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == utils_spawn);
-+
-+ if (g_simple_async_result_propagate_error (simple, error))
-+ goto out;
-+
-+ data = g_simple_async_result_get_op_res_gpointer (simple);
-+
-+ if (data->timed_out)
-+ {
-+ g_set_error (error,
-+ G_IO_ERROR,
-+ G_IO_ERROR_TIMED_OUT,
-+ "Timed out after %d seconds",
-+ data->timeout_seconds);
-+ goto out;
-+ }
-+
-+ if (out_exit_status != NULL)
-+ *out_exit_status = data->exit_status;
-+
-+ if (out_standard_output != NULL)
-+ *out_standard_output = g_strdup (data->child_stdout->str);
-+
-+ if (out_standard_error != NULL)
-+ *out_standard_error = g_strdup (data->child_stderr->str);
-+
-+ ret = TRUE;
-+
-+ out:
-+ return ret;
-+}
diff --git a/sys-auth/polkit/files/polkit-0.118-elogind.patch b/sys-auth/polkit/files/polkit-0.118-elogind.patch
deleted file mode 100644
index 93d6720..0000000
--- a/sys-auth/polkit/files/polkit-0.118-elogind.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
-From: Rasmus Thomsen <cogitri@exherbo.org>
-Date: Wed, 11 Apr 2018 13:14:14 +0200
-Subject: [PATCH] configure: fix elogind support
-
-HAVE_LIBSYSTEMD is used to determine which source files to use.
-We have to check if either have_libsystemd or have_libelogind is
-true, as both of these need the source files which are used when
-HAVE_LIBSYSTEMD is true.
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 36df239..da47ecb 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
-
- AC_SUBST(LIBSYSTEMD_CFLAGS)
- AC_SUBST(LIBSYSTEMD_LIBS)
--AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
-+AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd])
-
- dnl ---------------------------------------------------------------------------
- dnl - systemd unit / service files
---
-2.17.0
diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml
index b6d2fdc..f23bd9f 100644
--- a/sys-auth/polkit/metadata.xml
+++ b/sys-auth/polkit/metadata.xml
@@ -5,6 +5,7 @@
<email>freedesktop-bugs@gentoo.org</email>
</maintainer>
<use>
+ <flag name="duktape">Use<pkg>dev-lang/duktape</pkg> for javascript engine</flag>
<flag name="elogind">Use <pkg>sys-auth/elogind</pkg> for session tracking</flag>
<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag>
</use>
diff --git a/sys-auth/polkit/polkit-0.118-r1.ebuild b/sys-auth/polkit/polkit-0.118-r1.ebuild
index d70a384..c8f24c7 100644
--- a/sys-auth/polkit/polkit-0.118-r1.ebuild
+++ b/sys-auth/polkit/polkit-0.118-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -7,12 +7,13 @@ inherit autotools pam pax-utils systemd xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz
+ https://dev.gentoo.org/~anarchy/dist/polkit-0.118-duktape.patch"
LICENSE="LGPL-2"
SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE="+elogind examples gtk +introspection kde nls pam selinux systemd test"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc64 x86"
+IUSE="duktape +elogind examples gtk +introspection kde nls pam selinux systemd test"
RESTRICT="!test? ( test )"
REQUIRED_USE="^^ ( elogind systemd )"
@@ -32,7 +33,8 @@ BDEPEND="
introspection? ( dev-libs/gobject-introspection )
"
DEPEND="
- dev-lang/duktape
+ duktape? ( dev-lang/duktape )
+ !duktape? ( dev-lang/spidermonkey:78[-debug] )
dev-libs/glib:2
dev-libs/expat
elogind? ( sys-auth/elogind )
@@ -57,8 +59,8 @@ PDEPEND="
DOCS=( docs/TODO HACKING NEWS README )
PATCHES=(
- "${FILESDIR}"/${PN}-${PV}-duktape.patch
- "${FILESDIR}"/${PN}-${PV}-elogind.patch
+ "${DISTDIR}"/${PN}-${PV}-duktape.patch
+ "${FILESDIR}"/${PN}-0.115-elogind.patch
"${FILESDIR}"/${PN}-${PV}-make-netgroup-support-optional.patch
)
@@ -93,7 +95,7 @@ src_configure() {
--enable-man-pages
--disable-gtk-doc
--disable-examples
- --with-duktape
+ $(use_with duktape)
$(use_enable elogind libelogind)
$(use_enable introspection)
$(use_enable nls)
^ permalink raw reply related [flat|nested] 8+ messages in thread* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2020-08-18 23:48 Jory Pratt
0 siblings, 0 replies; 8+ messages in thread
From: Jory Pratt @ 2020-08-18 23:48 UTC (permalink / raw
To: gentoo-commits
commit: bae8d953c47d62c398e1ee4ee5b3cf1e5f54bb61
Author: stefson <herrtimson <AT> yahoo <DOT> de>
AuthorDate: Sun Aug 2 11:53:51 2020 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Tue Aug 18 23:47:51 2020 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=bae8d953
sys-auth/polkit: bump to v0.117
Signed-off-by: Steffen Kuhn <nielson2 <AT> yandex.com>
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
Closes: https://github.com/gentoo/musl/pull/332
sys-auth/polkit/Manifest | 1 +
.../files/polkit-0.116-spidermonkey-68.patch | 1457 --------------------
...{polkit-0.116-r2.ebuild => polkit-0.117.ebuild} | 5 +-
3 files changed, 2 insertions(+), 1461 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 8e04530..3fa4f06 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1 +1,2 @@
DIST polkit-0.116.tar.gz 1548311 BLAKE2B e9761a2934136d453a47b81dd1f132f9fc96c45b731d5fceb2aa7706f5325b6499f6acbb68032befc1b21878b1b54754685607c916ca8e02a8accca3ca014b31 SHA512 b66b01cc2bb4349de70147f41f161f0f6f41e7230b581dfb054058b48969ec57041ab05b51787c749ccfc36aa5f317952d7e7ba337b4f6f6c0a923ed5866c2d5
+DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70
diff --git a/sys-auth/polkit/files/polkit-0.116-spidermonkey-68.patch b/sys-auth/polkit/files/polkit-0.116-spidermonkey-68.patch
deleted file mode 100644
index d944c24..0000000
--- a/sys-auth/polkit/files/polkit-0.116-spidermonkey-68.patch
+++ /dev/null
@@ -1,1457 +0,0 @@
-From 12f3d25fb73c68151f84c97c79acab7d5344f606 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?X=E2=84=B9=20Ruoyao?= <xry111@mengyan1223.wang>
-Date: Fri, 13 Mar 2020 14:55:44 +0800
-Subject: [PATCH 1/5] Port JavaScript authority to mozjs-68
-
----
- configure.ac | 2 +-
- .../polkitbackendjsauthority.cpp | 136 ++++++++++--------
- 2 files changed, 76 insertions(+), 62 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 5cedb4ec..cd678f1c 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
- AC_SUBST(GLIB_CFLAGS)
- AC_SUBST(GLIB_LIBS)
-
--PKG_CHECK_MODULES(LIBJS, [mozjs-60])
-+PKG_CHECK_MODULES(LIBJS, [mozjs-68])
-
- AC_SUBST(LIBJS_CFLAGS)
- AC_SUBST(LIBJS_CXXFLAGS)
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
-index 0f180856..d5113cb0 100644
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -43,7 +43,12 @@
- #include <systemd/sd-login.h>
- #endif /* HAVE_LIBSYSTEMD */
-
-+#include <js/CompilationAndEvaluation.h>
-+#include <js/ContextOptions.h>
- #include <js/Initialization.h>
-+#include <js/Realm.h>
-+#include <js/SourceText.h>
-+#include <js/Warnings.h>
- #include <jsapi.h>
-
- #include "initjs.h" /* init.js */
-@@ -76,7 +81,7 @@ struct _PolkitBackendJsAuthorityPrivate
-
- JSContext *cx;
- JS::Heap<JSObject*> *js_global;
-- JSAutoCompartment *ac;
-+ JSAutoRealm *ac;
- JS::Heap<JSObject*> *js_polkit;
-
- GThread *runaway_killer_thread;
-@@ -298,14 +303,35 @@ load_scripts (PolkitBackendJsAuthority *authority)
- for (l = files; l != NULL; l = l->next)
- {
- const gchar *filename = (gchar *)l->data;
-- JS::RootedScript script(authority->priv->cx);
-+ GFile *file = g_file_new_for_path (filename);
-+ char *contents;
-+ gsize len;
-+ if (!g_file_load_contents (file, NULL, &contents, &len, NULL, NULL))
-+ {
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Error compiling script %s",
-+ filename);
-+ continue;
-+ }
-+ JS::SourceText<mozilla::Utf8Unit> source;
-+ if (!source.init (authority->priv->cx, contents, len,
-+ JS::SourceOwnership::Borrowed))
-+ {
-+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-+ "Error compiling script %s",
-+ filename);
-+ g_free (contents);
-+ continue;
-+ }
- JS::CompileOptions options(authority->priv->cx);
-- options.setUTF8(true);
-- if (!JS::Compile (authority->priv->cx, options, filename, &script))
-+ JS::RootedScript script(authority->priv->cx,
-+ JS::Compile (authority->priv->cx, options, source));
-+ if (!script)
- {
- polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
- "Error compiling script %s",
- filename);
-+ g_free (contents);
- continue;
- }
-
-@@ -318,11 +344,13 @@ load_scripts (PolkitBackendJsAuthority *authority)
- polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
- "Error executing script %s",
- filename);
-+ g_free (contents);
- continue;
- }
-
- //g_print ("Successfully loaded and evaluated script `%s'\n", filename);
-
-+ g_free (contents);
- num_scripts++;
- }
-
-@@ -335,8 +363,6 @@ load_scripts (PolkitBackendJsAuthority *authority)
- static void
- reload_scripts (PolkitBackendJsAuthority *authority)
- {
-- JS_BeginRequest (authority->priv->cx);
--
- JS::AutoValueArray<1> args(authority->priv->cx);
- JS::RootedValue rval(authority->priv->cx);
-
-@@ -351,7 +377,7 @@ reload_scripts (PolkitBackendJsAuthority *authority)
- {
- polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
- "Error deleting old rules, not loading new ones");
-- goto out;
-+ return;
- }
-
- polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-@@ -362,8 +388,6 @@ reload_scripts (PolkitBackendJsAuthority *authority)
-
- /* Let applications know we have new rules... */
- g_signal_emit_by_name (authority, "changed");
-- out:
-- JS_EndRequest (authority->priv->cx);
- }
-
- static void
-@@ -462,11 +486,10 @@ polkit_backend_js_authority_constructed (GObject *object)
- JS::SetWarningReporter(authority->priv->cx, report_error);
- JS_SetContextPrivate (authority->priv->cx, authority);
-
-- JS_BeginRequest(authority->priv->cx);
- entered_request = TRUE;
-
- {
-- JS::CompartmentOptions compart_opts;
-+ JS::RealmOptions compart_opts;
-
- JS::RootedObject global(authority->priv->cx);
-
-@@ -476,12 +499,12 @@ polkit_backend_js_authority_constructed (GObject *object)
- if (!global)
- goto fail;
-
-- authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global);
-+ authority->priv->ac = new JSAutoRealm(authority->priv->cx, global);
-
- if (!authority->priv->ac)
- goto fail;
-
-- if (!JS_InitStandardClasses (authority->priv->cx, global))
-+ if (!JS::InitRealmStandardClasses (authority->priv->cx))
- goto fail;
-
- JS::RootedObject polkit(authority->priv->cx);
-@@ -503,13 +526,13 @@ polkit_backend_js_authority_constructed (GObject *object)
-
- JS::CompileOptions options(authority->priv->cx);
- JS::RootedValue rval(authority->priv->cx);
-- if (!JS::Evaluate (authority->priv->cx,
-- options,
-- init_js, strlen (init_js), /* init.js */
-- &rval)) /* rval */
-- {
-- goto fail;
-- }
-+ JS::SourceText<mozilla::Utf8Unit> source;
-+ if (!source.init (authority->priv->cx, init_js, strlen (init_js),
-+ JS::SourceOwnership::Borrowed))
-+ goto fail;
-+
-+ if (!JS::Evaluate (authority->priv->cx, options, source, &rval))
-+ goto fail;
-
- if (authority->priv->rules_dirs == NULL)
- {
-@@ -529,7 +552,6 @@ polkit_backend_js_authority_constructed (GObject *object)
- setup_file_monitors (authority);
- load_scripts (authority);
- }
-- JS_EndRequest (authority->priv->cx);
- entered_request = FALSE;
-
- G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->constructed (object);
-@@ -537,8 +559,6 @@ polkit_backend_js_authority_constructed (GObject *object)
- return;
-
- fail:
-- if (entered_request)
-- JS_EndRequest (authority->priv->cx);
- g_critical ("Error initializing JavaScript environment");
- g_assert_not_reached ();
- }
-@@ -680,7 +700,7 @@ set_property_strv (PolkitBackendJsAuthority *authority,
- GPtrArray *value)
- {
- JS::RootedValue value_jsval(authority->priv->cx);
-- JS::AutoValueVector elems(authority->priv->cx);
-+ JS::RootedValueVector elems(authority->priv->cx);
- guint n;
-
- if (!elems.resize(value->len))
-@@ -755,10 +775,15 @@ subject_to_jsval (PolkitBackendJsAuthority *authority,
- JS::RootedObject global(authority->priv->cx, authority->priv->js_global->get ());
-
- src = "new Subject();";
-- if (!JS::Evaluate (authority->priv->cx,
-- options,
-- src, strlen (src),
-- out_jsval))
-+ JS::SourceText<mozilla::Utf8Unit> source;
-+ if (!source.init (authority->priv->cx, src, strlen (src),
-+ JS::SourceOwnership::Borrowed))
-+ {
-+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);
-+ goto out;
-+ }
-+
-+ if (!JS::Evaluate (authority->priv->cx, options, source, out_jsval))
- {
- g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);
- goto out;
-@@ -877,11 +902,15 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority,
- JS::RootedObject global(authority->priv->cx, authority->priv->js_global->get ());
-
- src = "new Action();";
-+ JS::SourceText<mozilla::Utf8Unit> source;
-+ if (!source.init (authority->priv->cx, src, strlen (src),
-+ JS::SourceOwnership::Borrowed))
-+ {
-+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);
-+ goto out;
-+ }
-
-- if (!JS::Evaluate (authority->priv->cx,
-- options,
-- src, strlen (src),
-- out_jsval))
-+ if (!JS::Evaluate (authority->priv->cx, options, source, out_jsval))
- {
- g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);
- goto out;
-@@ -1089,11 +1118,9 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
- guint n;
- GError *error = NULL;
- JS::RootedString ret_jsstr (authority->priv->cx);
-- gchar *ret_str = NULL;
-+ JS::UniqueChars ret_str;
- gchar **ret_strs = NULL;
-
-- JS_BeginRequest (authority->priv->cx);
--
- if (!action_and_details_to_jsval (authority, action_id, details, args[0], &error))
- {
- polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-@@ -1142,7 +1169,7 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
- goto out;
- }
-
-- ret_strs = g_strsplit (ret_str, ",", -1);
-+ ret_strs = g_strsplit (ret_str.get(), ",", -1);
- for (n = 0; ret_strs != NULL && ret_strs[n] != NULL; n++)
- {
- const gchar *identity_str = ret_strs[n];
-@@ -1166,15 +1193,12 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
-
- out:
- g_strfreev (ret_strs);
-- g_free (ret_str);
- /* fallback to root password auth */
- if (ret == NULL)
- ret = g_list_prepend (ret, polkit_unix_user_new (0));
-
- JS_MaybeGC (authority->priv->cx);
-
-- JS_EndRequest (authority->priv->cx);
--
- return ret;
- }
-
-@@ -1197,11 +1221,9 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
- JS::RootedValue rval(authority->priv->cx);
- GError *error = NULL;
- JS::RootedString ret_jsstr (authority->priv->cx);
-- gchar *ret_str = NULL;
-+ JS::UniqueChars ret_str;
- gboolean good = FALSE;
-
-- JS_BeginRequest (authority->priv->cx);
--
- if (!action_and_details_to_jsval (authority, action_id, details, args[0], &error))
- {
- polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-@@ -1257,12 +1279,12 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
- goto out;
- }
-
-- g_strstrip (ret_str);
-- if (!polkit_implicit_authorization_from_string (ret_str, &ret))
-+ g_strstrip (ret_str.get());
-+ if (!polkit_implicit_authorization_from_string (ret_str.get(), &ret))
- {
- polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
- "Returned result `%s' is not valid",
-- ret_str);
-+ ret_str.get());
- goto out;
- }
-
-@@ -1271,12 +1293,9 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
- out:
- if (!good)
- ret = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED;
-- g_free (ret_str);
-
- JS_MaybeGC (authority->priv->cx);
-
-- JS_EndRequest (authority->priv->cx);
--
- return ret;
- }
-
-@@ -1289,15 +1308,14 @@ js_polkit_log (JSContext *cx,
- {
- PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx));
- bool ret = false;
-- char *s;
-+ JS::UniqueChars s;
-
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
-
- JS::RootedString jsstr (authority->priv->cx);
- jsstr = args[0].toString ();
- s = JS_EncodeStringToUTF8 (cx, jsstr);
-- JS_ReportWarningUTF8 (cx, "%s", s);
-- JS_free (cx, s);
-+ JS::WarnUTF8 (cx, "%s", s.get());
-
- ret = true;
-
-@@ -1400,7 +1418,7 @@ js_polkit_spawn (JSContext *cx,
- for (n = 0; n < array_len; n++)
- {
- JS::RootedValue elem_val(cx);
-- char *s;
-+ JS::UniqueChars s;
-
- if (!JS_GetElement (cx, array_object, n, &elem_val))
- {
-@@ -1415,8 +1433,7 @@ js_polkit_spawn (JSContext *cx,
- JS::RootedString jsstr (authority->priv->cx);
- jsstr = elem_val.toString();
- s = JS_EncodeStringToUTF8 (cx, jsstr);
-- argv[n] = g_strdup (s);
-- JS_free (cx, s);
-+ argv[n] = g_strdup (s.get());
- }
-
- context = g_main_context_new ();
-@@ -1499,8 +1516,8 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
- {
- PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx));
- bool ret = false;
-- char *user;
-- char *netgroup;
-+ JS::UniqueChars user;
-+ JS::UniqueChars netgroup;
- bool is_in_netgroup = false;
-
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
-@@ -1512,17 +1529,14 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
- netgstr = args[1].toString();
- netgroup = JS_EncodeStringToUTF8 (cx, netgstr);
-
-- if (innetgr (netgroup,
-+ if (innetgr (netgroup.get(),
- NULL, /* host */
-- user,
-+ user.get(),
- NULL)) /* domain */
- {
- is_in_netgroup = true;
- }
-
-- JS_free (cx, netgroup);
-- JS_free (cx, user);
--
- ret = true;
-
- args.rval ().setBoolean (is_in_netgroup);
---
-GitLab
-
-
-From cf22af32577cf49b4e5ed9945ec9cca862c45b3e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?X=E2=84=B9=20Ruoyao?= <xry111@mengyan1223.wang>
-Date: Fri, 3 Apr 2020 23:47:38 +0800
-Subject: [PATCH 3/5] ensure to use C++14
-
----
- buildutil/ax_cxx_compile_stdcxx.m4 | 948 +++++++++++++++++++++++++++++
- configure.ac | 3 +-
- 2 files changed, 950 insertions(+), 1 deletion(-)
- create mode 100644 buildutil/ax_cxx_compile_stdcxx.m4
-
-diff --git a/buildutil/ax_cxx_compile_stdcxx.m4 b/buildutil/ax_cxx_compile_stdcxx.m4
-new file mode 100644
-index 00000000..9e9eaeda
---- /dev/null
-+++ b/buildutil/ax_cxx_compile_stdcxx.m4
-@@ -0,0 +1,948 @@
-+# ===========================================================================
-+# https://www.gnu.org/software/autoconf-archive/ax_cxx_compile_stdcxx.html
-+# ===========================================================================
-+#
-+# SYNOPSIS
-+#
-+# AX_CXX_COMPILE_STDCXX(VERSION, [ext|noext], [mandatory|optional])
-+#
-+# DESCRIPTION
-+#
-+# Check for baseline language coverage in the compiler for the specified
-+# version of the C++ standard. If necessary, add switches to CXX and
-+# CXXCPP to enable support. VERSION may be '11' (for the C++11 standard)
-+# or '14' (for the C++14 standard).
-+#
-+# The second argument, if specified, indicates whether you insist on an
-+# extended mode (e.g. -std=gnu++11) or a strict conformance mode (e.g.
-+# -std=c++11). If neither is specified, you get whatever works, with
-+# preference for an extended mode.
-+#
-+# The third argument, if specified 'mandatory' or if left unspecified,
-+# indicates that baseline support for the specified C++ standard is
-+# required and that the macro should error out if no mode with that
-+# support is found. If specified 'optional', then configuration proceeds
-+# regardless, after defining HAVE_CXX${VERSION} if and only if a
-+# supporting mode is found.
-+#
-+# LICENSE
-+#
-+# Copyright (c) 2008 Benjamin Kosnik <bkoz@redhat.com>
-+# Copyright (c) 2012 Zack Weinberg <zackw@panix.com>
-+# Copyright (c) 2013 Roy Stogner <roystgnr@ices.utexas.edu>
-+# Copyright (c) 2014, 2015 Google Inc.; contributed by Alexey Sokolov <sokolov@google.com>
-+# Copyright (c) 2015 Paul Norman <penorman@mac.com>
-+# Copyright (c) 2015 Moritz Klammler <moritz@klammler.eu>
-+# Copyright (c) 2016, 2018 Krzesimir Nowak <qdlacz@gmail.com>
-+#
-+# Copying and distribution of this file, with or without modification, are
-+# permitted in any medium without royalty provided the copyright notice
-+# and this notice are preserved. This file is offered as-is, without any
-+# warranty.
-+
-+#serial 10
-+
-+dnl This macro is based on the code from the AX_CXX_COMPILE_STDCXX_11 macro
-+dnl (serial version number 13).
-+
-+AC_DEFUN([AX_CXX_COMPILE_STDCXX], [dnl
-+ m4_if([$1], [11], [ax_cxx_compile_alternatives="11 0x"],
-+ [$1], [14], [ax_cxx_compile_alternatives="14 1y"],
-+ [$1], [17], [ax_cxx_compile_alternatives="17 1z"],
-+ [m4_fatal([invalid first argument `$1' to AX_CXX_COMPILE_STDCXX])])dnl
-+ m4_if([$2], [], [],
-+ [$2], [ext], [],
-+ [$2], [noext], [],
-+ [m4_fatal([invalid second argument `$2' to AX_CXX_COMPILE_STDCXX])])dnl
-+ m4_if([$3], [], [ax_cxx_compile_cxx$1_required=true],
-+ [$3], [mandatory], [ax_cxx_compile_cxx$1_required=true],
-+ [$3], [optional], [ax_cxx_compile_cxx$1_required=false],
-+ [m4_fatal([invalid third argument `$3' to AX_CXX_COMPILE_STDCXX])])
-+ AC_LANG_PUSH([C++])dnl
-+ ac_success=no
-+
-+ m4_if([$2], [noext], [], [dnl
-+ if test x$ac_success = xno; then
-+ for alternative in ${ax_cxx_compile_alternatives}; do
-+ switch="-std=gnu++${alternative}"
-+ cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx$1_$switch])
-+ AC_CACHE_CHECK(whether $CXX supports C++$1 features with $switch,
-+ $cachevar,
-+ [ac_save_CXX="$CXX"
-+ CXX="$CXX $switch"
-+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_testbody_$1])],
-+ [eval $cachevar=yes],
-+ [eval $cachevar=no])
-+ CXX="$ac_save_CXX"])
-+ if eval test x\$$cachevar = xyes; then
-+ CXX="$CXX $switch"
-+ if test -n "$CXXCPP" ; then
-+ CXXCPP="$CXXCPP $switch"
-+ fi
-+ ac_success=yes
-+ break
-+ fi
-+ done
-+ fi])
-+
-+ m4_if([$2], [ext], [], [dnl
-+ if test x$ac_success = xno; then
-+ dnl HP's aCC needs +std=c++11 according to:
-+ dnl http://h21007.www2.hp.com/portal/download/files/unprot/aCxx/PDF_Release_Notes/769149-001.pdf
-+ dnl Cray's crayCC needs "-h std=c++11"
-+ for alternative in ${ax_cxx_compile_alternatives}; do
-+ for switch in -std=c++${alternative} +std=c++${alternative} "-h std=c++${alternative}"; do
-+ cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx$1_$switch])
-+ AC_CACHE_CHECK(whether $CXX supports C++$1 features with $switch,
-+ $cachevar,
-+ [ac_save_CXX="$CXX"
-+ CXX="$CXX $switch"
-+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_testbody_$1])],
-+ [eval $cachevar=yes],
-+ [eval $cachevar=no])
-+ CXX="$ac_save_CXX"])
-+ if eval test x\$$cachevar = xyes; then
-+ CXX="$CXX $switch"
-+ if test -n "$CXXCPP" ; then
-+ CXXCPP="$CXXCPP $switch"
-+ fi
-+ ac_success=yes
-+ break
-+ fi
-+ done
-+ if test x$ac_success = xyes; then
-+ break
-+ fi
-+ done
-+ fi])
-+ AC_LANG_POP([C++])
-+ if test x$ax_cxx_compile_cxx$1_required = xtrue; then
-+ if test x$ac_success = xno; then
-+ AC_MSG_ERROR([*** A compiler with support for C++$1 language features is required.])
-+ fi
-+ fi
-+ if test x$ac_success = xno; then
-+ HAVE_CXX$1=0
-+ AC_MSG_NOTICE([No compiler with C++$1 support was found])
-+ else
-+ HAVE_CXX$1=1
-+ AC_DEFINE(HAVE_CXX$1,1,
-+ [define if the compiler supports basic C++$1 syntax])
-+ fi
-+ AC_SUBST(HAVE_CXX$1)
-+])
-+
-+
-+dnl Test body for checking C++11 support
-+
-+m4_define([_AX_CXX_COMPILE_STDCXX_testbody_11],
-+ _AX_CXX_COMPILE_STDCXX_testbody_new_in_11
-+)
-+
-+
-+dnl Test body for checking C++14 support
-+
-+m4_define([_AX_CXX_COMPILE_STDCXX_testbody_14],
-+ _AX_CXX_COMPILE_STDCXX_testbody_new_in_11
-+ _AX_CXX_COMPILE_STDCXX_testbody_new_in_14
-+)
-+
-+m4_define([_AX_CXX_COMPILE_STDCXX_testbody_17],
-+ _AX_CXX_COMPILE_STDCXX_testbody_new_in_11
-+ _AX_CXX_COMPILE_STDCXX_testbody_new_in_14
-+ _AX_CXX_COMPILE_STDCXX_testbody_new_in_17
-+)
-+
-+dnl Tests for new features in C++11
-+
-+m4_define([_AX_CXX_COMPILE_STDCXX_testbody_new_in_11], [[
-+
-+// If the compiler admits that it is not ready for C++11, why torture it?
-+// Hopefully, this will speed up the test.
-+
-+#ifndef __cplusplus
-+
-+#error "This is not a C++ compiler"
-+
-+#elif __cplusplus < 201103L
-+
-+#error "This is not a C++11 compiler"
-+
-+#else
-+
-+namespace cxx11
-+{
-+
-+ namespace test_static_assert
-+ {
-+
-+ template <typename T>
-+ struct check
-+ {
-+ static_assert(sizeof(int) <= sizeof(T), "not big enough");
-+ };
-+
-+ }
-+
-+ namespace test_final_override
-+ {
-+
-+ struct Base
-+ {
-+ virtual void f() {}
-+ };
-+
-+ struct Derived : public Base
-+ {
-+ virtual void f() override {}
-+ };
-+
-+ }
-+
-+ namespace test_double_right_angle_brackets
-+ {
-+
-+ template < typename T >
-+ struct check {};
-+
-+ typedef check<void> single_type;
-+ typedef check<check<void>> double_type;
-+ typedef check<check<check<void>>> triple_type;
-+ typedef check<check<check<check<void>>>> quadruple_type;
-+
-+ }
-+
-+ namespace test_decltype
-+ {
-+
-+ int
-+ f()
-+ {
-+ int a = 1;
-+ decltype(a) b = 2;
-+ return a + b;
-+ }
-+
-+ }
-+
-+ namespace test_type_deduction
-+ {
-+
-+ template < typename T1, typename T2 >
-+ struct is_same
-+ {
-+ static const bool value = false;
-+ };
-+
-+ template < typename T >
-+ struct is_same<T, T>
-+ {
-+ static const bool value = true;
-+ };
-+
-+ template < typename T1, typename T2 >
-+ auto
-+ add(T1 a1, T2 a2) -> decltype(a1 + a2)
-+ {
-+ return a1 + a2;
-+ }
-+
-+ int
-+ test(const int c, volatile int v)
-+ {
-+ static_assert(is_same<int, decltype(0)>::value == true, "");
-+ static_assert(is_same<int, decltype(c)>::value == false, "");
-+ static_assert(is_same<int, decltype(v)>::value == false, "");
-+ auto ac = c;
-+ auto av = v;
-+ auto sumi = ac + av + 'x';
-+ auto sumf = ac + av + 1.0;
-+ static_assert(is_same<int, decltype(ac)>::value == true, "");
-+ static_assert(is_same<int, decltype(av)>::value == true, "");
-+ static_assert(is_same<int, decltype(sumi)>::value == true, "");
-+ static_assert(is_same<int, decltype(sumf)>::value == false, "");
-+ static_assert(is_same<int, decltype(add(c, v))>::value == true, "");
-+ return (sumf > 0.0) ? sumi : add(c, v);
-+ }
-+
-+ }
-+
-+ namespace test_noexcept
-+ {
-+
-+ int f() { return 0; }
-+ int g() noexcept { return 0; }
-+
-+ static_assert(noexcept(f()) == false, "");
-+ static_assert(noexcept(g()) == true, "");
-+
-+ }
-+
-+ namespace test_constexpr
-+ {
-+
-+ template < typename CharT >
-+ unsigned long constexpr
-+ strlen_c_r(const CharT *const s, const unsigned long acc) noexcept
-+ {
-+ return *s ? strlen_c_r(s + 1, acc + 1) : acc;
-+ }
-+
-+ template < typename CharT >
-+ unsigned long constexpr
-+ strlen_c(const CharT *const s) noexcept
-+ {
-+ return strlen_c_r(s, 0UL);
-+ }
-+
-+ static_assert(strlen_c("") == 0UL, "");
-+ static_assert(strlen_c("1") == 1UL, "");
-+ static_assert(strlen_c("example") == 7UL, "");
-+ static_assert(strlen_c("another\0example") == 7UL, "");
-+
-+ }
-+
-+ namespace test_rvalue_references
-+ {
-+
-+ template < int N >
-+ struct answer
-+ {
-+ static constexpr int value = N;
-+ };
-+
-+ answer<1> f(int&) { return answer<1>(); }
-+ answer<2> f(const int&) { return answer<2>(); }
-+ answer<3> f(int&&) { return answer<3>(); }
-+
-+ void
-+ test()
-+ {
-+ int i = 0;
-+ const int c = 0;
-+ static_assert(decltype(f(i))::value == 1, "");
-+ static_assert(decltype(f(c))::value == 2, "");
-+ static_assert(decltype(f(0))::value == 3, "");
-+ }
-+
-+ }
-+
-+ namespace test_uniform_initialization
-+ {
-+
-+ struct test
-+ {
-+ static const int zero {};
-+ static const int one {1};
-+ };
-+
-+ static_assert(test::zero == 0, "");
-+ static_assert(test::one == 1, "");
-+
-+ }
-+
-+ namespace test_lambdas
-+ {
-+
-+ void
-+ test1()
-+ {
-+ auto lambda1 = [](){};
-+ auto lambda2 = lambda1;
-+ lambda1();
-+ lambda2();
-+ }
-+
-+ int
-+ test2()
-+ {
-+ auto a = [](int i, int j){ return i + j; }(1, 2);
-+ auto b = []() -> int { return '0'; }();
-+ auto c = [=](){ return a + b; }();
-+ auto d = [&](){ return c; }();
-+ auto e = [a, &b](int x) mutable {
-+ const auto identity = [](int y){ return y; };
-+ for (auto i = 0; i < a; ++i)
-+ a += b--;
-+ return x + identity(a + b);
-+ }(0);
-+ return a + b + c + d + e;
-+ }
-+
-+ int
-+ test3()
-+ {
-+ const auto nullary = [](){ return 0; };
-+ const auto unary = [](int x){ return x; };
-+ using nullary_t = decltype(nullary);
-+ using unary_t = decltype(unary);
-+ const auto higher1st = [](nullary_t f){ return f(); };
-+ const auto higher2nd = [unary](nullary_t f1){
-+ return [unary, f1](unary_t f2){ return f2(unary(f1())); };
-+ };
-+ return higher1st(nullary) + higher2nd(nullary)(unary);
-+ }
-+
-+ }
-+
-+ namespace test_variadic_templates
-+ {
-+
-+ template <int...>
-+ struct sum;
-+
-+ template <int N0, int... N1toN>
-+ struct sum<N0, N1toN...>
-+ {
-+ static constexpr auto value = N0 + sum<N1toN...>::value;
-+ };
-+
-+ template <>
-+ struct sum<>
-+ {
-+ static constexpr auto value = 0;
-+ };
-+
-+ static_assert(sum<>::value == 0, "");
-+ static_assert(sum<1>::value == 1, "");
-+ static_assert(sum<23>::value == 23, "");
-+ static_assert(sum<1, 2>::value == 3, "");
-+ static_assert(sum<5, 5, 11>::value == 21, "");
-+ static_assert(sum<2, 3, 5, 7, 11, 13>::value == 41, "");
-+
-+ }
-+
-+ // http://stackoverflow.com/questions/13728184/template-aliases-and-sfinae
-+ // Clang 3.1 fails with headers of libstd++ 4.8.3 when using std::function
-+ // because of this.
-+ namespace test_template_alias_sfinae
-+ {
-+
-+ struct foo {};
-+
-+ template<typename T>
-+ using member = typename T::member_type;
-+
-+ template<typename T>
-+ void func(...) {}
-+
-+ template<typename T>
-+ void func(member<T>*) {}
-+
-+ void test();
-+
-+ void test() { func<foo>(0); }
-+
-+ }
-+
-+} // namespace cxx11
-+
-+#endif // __cplusplus >= 201103L
-+
-+]])
-+
-+
-+dnl Tests for new features in C++14
-+
-+m4_define([_AX_CXX_COMPILE_STDCXX_testbody_new_in_14], [[
-+
-+// If the compiler admits that it is not ready for C++14, why torture it?
-+// Hopefully, this will speed up the test.
-+
-+#ifndef __cplusplus
-+
-+#error "This is not a C++ compiler"
-+
-+#elif __cplusplus < 201402L
-+
-+#error "This is not a C++14 compiler"
-+
-+#else
-+
-+namespace cxx14
-+{
-+
-+ namespace test_polymorphic_lambdas
-+ {
-+
-+ int
-+ test()
-+ {
-+ const auto lambda = [](auto&&... args){
-+ const auto istiny = [](auto x){
-+ return (sizeof(x) == 1UL) ? 1 : 0;
-+ };
-+ const int aretiny[] = { istiny(args)... };
-+ return aretiny[0];
-+ };
-+ return lambda(1, 1L, 1.0f, '1');
-+ }
-+
-+ }
-+
-+ namespace test_binary_literals
-+ {
-+
-+ constexpr auto ivii = 0b0000000000101010;
-+ static_assert(ivii == 42, "wrong value");
-+
-+ }
-+
-+ namespace test_generalized_constexpr
-+ {
-+
-+ template < typename CharT >
-+ constexpr unsigned long
-+ strlen_c(const CharT *const s) noexcept
-+ {
-+ auto length = 0UL;
-+ for (auto p = s; *p; ++p)
-+ ++length;
-+ return length;
-+ }
-+
-+ static_assert(strlen_c("") == 0UL, "");
-+ static_assert(strlen_c("x") == 1UL, "");
-+ static_assert(strlen_c("test") == 4UL, "");
-+ static_assert(strlen_c("another\0test") == 7UL, "");
-+
-+ }
-+
-+ namespace test_lambda_init_capture
-+ {
-+
-+ int
-+ test()
-+ {
-+ auto x = 0;
-+ const auto lambda1 = [a = x](int b){ return a + b; };
-+ const auto lambda2 = [a = lambda1(x)](){ return a; };
-+ return lambda2();
-+ }
-+
-+ }
-+
-+ namespace test_digit_separators
-+ {
-+
-+ constexpr auto ten_million = 100'000'000;
-+ static_assert(ten_million == 100000000, "");
-+
-+ }
-+
-+ namespace test_return_type_deduction
-+ {
-+
-+ auto f(int& x) { return x; }
-+ decltype(auto) g(int& x) { return x; }
-+
-+ template < typename T1, typename T2 >
-+ struct is_same
-+ {
-+ static constexpr auto value = false;
-+ };
-+
-+ template < typename T >
-+ struct is_same<T, T>
-+ {
-+ static constexpr auto value = true;
-+ };
-+
-+ int
-+ test()
-+ {
-+ auto x = 0;
-+ static_assert(is_same<int, decltype(f(x))>::value, "");
-+ static_assert(is_same<int&, decltype(g(x))>::value, "");
-+ return x;
-+ }
-+
-+ }
-+
-+} // namespace cxx14
-+
-+#endif // __cplusplus >= 201402L
-+
-+]])
-+
-+
-+dnl Tests for new features in C++17
-+
-+m4_define([_AX_CXX_COMPILE_STDCXX_testbody_new_in_17], [[
-+
-+// If the compiler admits that it is not ready for C++17, why torture it?
-+// Hopefully, this will speed up the test.
-+
-+#ifndef __cplusplus
-+
-+#error "This is not a C++ compiler"
-+
-+#elif __cplusplus < 201703L
-+
-+#error "This is not a C++17 compiler"
-+
-+#else
-+
-+#include <initializer_list>
-+#include <utility>
-+#include <type_traits>
-+
-+namespace cxx17
-+{
-+
-+ namespace test_constexpr_lambdas
-+ {
-+
-+ constexpr int foo = [](){return 42;}();
-+
-+ }
-+
-+ namespace test::nested_namespace::definitions
-+ {
-+
-+ }
-+
-+ namespace test_fold_expression
-+ {
-+
-+ template<typename... Args>
-+ int multiply(Args... args)
-+ {
-+ return (args * ... * 1);
-+ }
-+
-+ template<typename... Args>
-+ bool all(Args... args)
-+ {
-+ return (args && ...);
-+ }
-+
-+ }
-+
-+ namespace test_extended_static_assert
-+ {
-+
-+ static_assert (true);
-+
-+ }
-+
-+ namespace test_auto_brace_init_list
-+ {
-+
-+ auto foo = {5};
-+ auto bar {5};
-+
-+ static_assert(std::is_same<std::initializer_list<int>, decltype(foo)>::value);
-+ static_assert(std::is_same<int, decltype(bar)>::value);
-+ }
-+
-+ namespace test_typename_in_template_template_parameter
-+ {
-+
-+ template<template<typename> typename X> struct D;
-+
-+ }
-+
-+ namespace test_fallthrough_nodiscard_maybe_unused_attributes
-+ {
-+
-+ int f1()
-+ {
-+ return 42;
-+ }
-+
-+ [[nodiscard]] int f2()
-+ {
-+ [[maybe_unused]] auto unused = f1();
-+
-+ switch (f1())
-+ {
-+ case 17:
-+ f1();
-+ [[fallthrough]];
-+ case 42:
-+ f1();
-+ }
-+ return f1();
-+ }
-+
-+ }
-+
-+ namespace test_extended_aggregate_initialization
-+ {
-+
-+ struct base1
-+ {
-+ int b1, b2 = 42;
-+ };
-+
-+ struct base2
-+ {
-+ base2() {
-+ b3 = 42;
-+ }
-+ int b3;
-+ };
-+
-+ struct derived : base1, base2
-+ {
-+ int d;
-+ };
-+
-+ derived d1 {{1, 2}, {}, 4}; // full initialization
-+ derived d2 {{}, {}, 4}; // value-initialized bases
-+
-+ }
-+
-+ namespace test_general_range_based_for_loop
-+ {
-+
-+ struct iter
-+ {
-+ int i;
-+
-+ int& operator* ()
-+ {
-+ return i;
-+ }
-+
-+ const int& operator* () const
-+ {
-+ return i;
-+ }
-+
-+ iter& operator++()
-+ {
-+ ++i;
-+ return *this;
-+ }
-+ };
-+
-+ struct sentinel
-+ {
-+ int i;
-+ };
-+
-+ bool operator== (const iter& i, const sentinel& s)
-+ {
-+ return i.i == s.i;
-+ }
-+
-+ bool operator!= (const iter& i, const sentinel& s)
-+ {
-+ return !(i == s);
-+ }
-+
-+ struct range
-+ {
-+ iter begin() const
-+ {
-+ return {0};
-+ }
-+
-+ sentinel end() const
-+ {
-+ return {5};
-+ }
-+ };
-+
-+ void f()
-+ {
-+ range r {};
-+
-+ for (auto i : r)
-+ {
-+ [[maybe_unused]] auto v = i;
-+ }
-+ }
-+
-+ }
-+
-+ namespace test_lambda_capture_asterisk_this_by_value
-+ {
-+
-+ struct t
-+ {
-+ int i;
-+ int foo()
-+ {
-+ return [*this]()
-+ {
-+ return i;
-+ }();
-+ }
-+ };
-+
-+ }
-+
-+ namespace test_enum_class_construction
-+ {
-+
-+ enum class byte : unsigned char
-+ {};
-+
-+ byte foo {42};
-+
-+ }
-+
-+ namespace test_constexpr_if
-+ {
-+
-+ template <bool cond>
-+ int f ()
-+ {
-+ if constexpr(cond)
-+ {
-+ return 13;
-+ }
-+ else
-+ {
-+ return 42;
-+ }
-+ }
-+
-+ }
-+
-+ namespace test_selection_statement_with_initializer
-+ {
-+
-+ int f()
-+ {
-+ return 13;
-+ }
-+
-+ int f2()
-+ {
-+ if (auto i = f(); i > 0)
-+ {
-+ return 3;
-+ }
-+
-+ switch (auto i = f(); i + 4)
-+ {
-+ case 17:
-+ return 2;
-+
-+ default:
-+ return 1;
-+ }
-+ }
-+
-+ }
-+
-+ namespace test_template_argument_deduction_for_class_templates
-+ {
-+
-+ template <typename T1, typename T2>
-+ struct pair
-+ {
-+ pair (T1 p1, T2 p2)
-+ : m1 {p1},
-+ m2 {p2}
-+ {}
-+
-+ T1 m1;
-+ T2 m2;
-+ };
-+
-+ void f()
-+ {
-+ [[maybe_unused]] auto p = pair{13, 42u};
-+ }
-+
-+ }
-+
-+ namespace test_non_type_auto_template_parameters
-+ {
-+
-+ template <auto n>
-+ struct B
-+ {};
-+
-+ B<5> b1;
-+ B<'a'> b2;
-+
-+ }
-+
-+ namespace test_structured_bindings
-+ {
-+
-+ int arr[2] = { 1, 2 };
-+ std::pair<int, int> pr = { 1, 2 };
-+
-+ auto f1() -> int(&)[2]
-+ {
-+ return arr;
-+ }
-+
-+ auto f2() -> std::pair<int, int>&
-+ {
-+ return pr;
-+ }
-+
-+ struct S
-+ {
-+ int x1 : 2;
-+ volatile double y1;
-+ };
-+
-+ S f3()
-+ {
-+ return {};
-+ }
-+
-+ auto [ x1, y1 ] = f1();
-+ auto& [ xr1, yr1 ] = f1();
-+ auto [ x2, y2 ] = f2();
-+ auto& [ xr2, yr2 ] = f2();
-+ const auto [ x3, y3 ] = f3();
-+
-+ }
-+
-+ namespace test_exception_spec_type_system
-+ {
-+
-+ struct Good {};
-+ struct Bad {};
-+
-+ void g1() noexcept;
-+ void g2();
-+
-+ template<typename T>
-+ Bad
-+ f(T*, T*);
-+
-+ template<typename T1, typename T2>
-+ Good
-+ f(T1*, T2*);
-+
-+ static_assert (std::is_same_v<Good, decltype(f(g1, g2))>);
-+
-+ }
-+
-+ namespace test_inline_variables
-+ {
-+
-+ template<class T> void f(T)
-+ {}
-+
-+ template<class T> inline T g(T)
-+ {
-+ return T{};
-+ }
-+
-+ template<> inline void f<>(int)
-+ {}
-+
-+ template<> int g<>(int)
-+ {
-+ return 5;
-+ }
-+
-+ }
-+
-+} // namespace cxx17
-+
-+#endif // __cplusplus < 201703L
-+
-+]])
-diff --git a/configure.ac b/configure.ac
-index cd678f1c..3d50641e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -5,6 +5,7 @@ AC_INIT([polkit], [0.116], [http://lists.freedesktop.org/mailman/listinfo/polkit
- AM_INIT_AUTOMAKE([])
- AC_CONFIG_HEADERS(config.h)
- AC_CONFIG_MACRO_DIR([buildutil])
-+m4_include([buildutil/ax_cxx_compile_stdcxx.m4])
- AM_MAINTAINER_MODE
-
- m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
-@@ -33,7 +34,7 @@ AC_PROG_LN_S
- AC_SYS_LARGEFILE
- AM_PROG_CC_C_O
- AC_PROG_CXX
--AX_CXX_COMPILE_STDCXX_11()
-+AX_CXX_COMPILE_STDCXX([14], [], [mandatory])
-
- # Taken from dbus
- AC_ARG_ENABLE(ansi, [ --enable-ansi enable -ansi -pedantic gcc flags],enable_ansi=$enableval,enable_ansi=no)
---
-GitLab
-
-
-From 14444004e60755d9aa362d30c8909460b8f9b824 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?X=E2=84=B9=20Ruoyao?= <xry111@mengyan1223.wang>
-Date: Mon, 8 Jun 2020 20:46:43 +0800
-Subject: [PATCH 4/5] remove an unused variable
-
----
- src/polkitbackend/polkitbackendjsauthority.cpp | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
-index d5113cb0..61088a1d 100644
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -470,7 +470,6 @@ static void
- polkit_backend_js_authority_constructed (GObject *object)
- {
- PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object);
-- gboolean entered_request = FALSE;
-
- authority->priv->cx = JS_NewContext (8L * 1024L * 1024L);
- if (authority->priv->cx == NULL)
-@@ -486,7 +485,6 @@ polkit_backend_js_authority_constructed (GObject *object)
- JS::SetWarningReporter(authority->priv->cx, report_error);
- JS_SetContextPrivate (authority->priv->cx, authority);
-
-- entered_request = TRUE;
-
- {
- JS::RealmOptions compart_opts;
-@@ -552,7 +550,6 @@ polkit_backend_js_authority_constructed (GObject *object)
- setup_file_monitors (authority);
- load_scripts (authority);
- }
-- entered_request = FALSE;
-
- G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->constructed (object);
-
---
-GitLab
-
-
-From 3245061595a10644f8d32e48eeaaf6fbf0364c70 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?X=E2=84=B9=20Ruoyao?= <xry111@mengyan1223.wang>
-Date: Mon, 8 Jun 2020 21:25:33 +0800
-Subject: [PATCH 5/5] do not leak GFile
-
----
- src/polkitbackend/polkitbackendjsauthority.cpp | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
-index 61088a1d..25bd1f93 100644
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -311,8 +311,12 @@ load_scripts (PolkitBackendJsAuthority *authority)
- polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
- "Error compiling script %s",
- filename);
-+ g_object_unref (file);
- continue;
- }
-+
-+ g_object_unref (file);
-+
- JS::SourceText<mozilla::Utf8Unit> source;
- if (!source.init (authority->priv->cx, contents, len,
- JS::SourceOwnership::Borrowed))
---
-GitLab
-
-
diff --git a/sys-auth/polkit/polkit-0.116-r2.ebuild b/sys-auth/polkit/polkit-0.117.ebuild
similarity index 94%
rename from sys-auth/polkit/polkit-0.116-r2.ebuild
rename to sys-auth/polkit/polkit-0.117.ebuild
index e1900bb..3fee33e 100644
--- a/sys-auth/polkit/polkit-0.116-r2.ebuild
+++ b/sys-auth/polkit/polkit-0.117.ebuild
@@ -11,7 +11,7 @@ SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
LICENSE="LGPL-2"
SLOT="0"
-#KEYWORDS="amd64 arm arm64 ~mips ppc ppc64 x86"
+KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 x86"
IUSE="consolekit elogind examples gtk +introspection jit kde nls pam selinux systemd test"
RESTRICT="!test? ( test )"
@@ -60,9 +60,6 @@ PATCHES=(
# bug 660880
"${FILESDIR}"/polkit-0.115-elogind.patch
- # upstream patch from https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/48
- "${FILESDIR}"/polkit-0.116-spidermonkey-68.patch
-
# locally rebased patch
"${FILESDIR}"/polkit-0.116-make-netgroup-support-optional-2.patch
)
^ permalink raw reply related [flat|nested] 8+ messages in thread* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2019-05-21 1:34 Jory Pratt
0 siblings, 0 replies; 8+ messages in thread
From: Jory Pratt @ 2019-05-21 1:34 UTC (permalink / raw
To: gentoo-commits
commit: a5ed9500ce03494f963ef4b95aff3a0b2d583876
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Tue May 21 01:33:49 2019 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Tue May 21 01:33:49 2019 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=a5ed9500
sys-auth/polkit: change netgroup support patch for 0.116
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
...it-0.116-make-netgroup-support-optional-1.patch | 248 +++++++++++++++++++++
...lkit-0.116-make-netgroup-support-optional.patch | 155 -------------
...{polkit-0.116.ebuild => polkit-0.116-r1.ebuild} | 2 +-
3 files changed, 249 insertions(+), 156 deletions(-)
diff --git a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch
new file mode 100644
index 0000000..84f07f9
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch
@@ -0,0 +1,248 @@
+From 71e5409c931f8e69ef7e782d1c396c335a4c3f76 Mon Sep 17 00:00:00 2001
+From: A. Wilcox <AWilcox@Wilcox-Tech.com>
+Date: Mon, 20 May 2019 20:24:42 -0500
+Subject: [PATCH] On at least Linux/musl and Linux/uclibc, netgroup
+support is not available. PolKit fails to compile on these systems
+for that reason.
+
+This change makes netgroup support conditional on the presence of the
+setnetgrent(3) function which is required for the support to work. If
+that function is not available on the system, an error will be returned
+to the administrator if unix-netgroup: is specified in configuration.
+
+Fixes bug 50145.
+
+Closes polkit/polkit#14.
+Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
+---
+ configure.ac | 2 +-
+ src/polkit/polkitidentity.c | 16 ++++++++++++++++
+ src/polkit/polkitunixnetgroup.c | 3 +++
+ .../polkitbackendinteractiveauthority.c | 14 ++++++++------
+ src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++
+ test/polkit/polkitidentitytest.c | 9 ++++++++-
+ test/polkit/polkitunixnetgrouptest.c | 3 +++
+ .../test-polkitbackendjsauthority.c | 2 ++
+ 8 files changed, 43 insertions(+), 8 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5cedb4e..87aa0ad 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+ [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+
+-AC_CHECK_FUNCS(clearenv fdatasync)
++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
+
+ if test "x$GCC" = "xyes"; then
+ LDFLAGS="-Wl,--as-needed $LDFLAGS"
+diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
+index 3aa1f7f..10e9c17 100644
+--- a/src/polkit/polkitidentity.c
++++ b/src/polkit/polkitidentity.c
+@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
+ }
+ else if (g_str_has_prefix (str, "unix-netgroup:"))
+ {
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine ('%s')",
++ str);
++#else
+ identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
++#endif
+ }
+
+ if (identity == NULL && (error != NULL && *error == NULL))
+@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ GVariant *v;
+ const char *name;
+
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine");
++ goto out;
++#else
+ v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
+ if (v == NULL)
+ {
+@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ name = g_variant_get_string (v, NULL);
+ ret = polkit_unix_netgroup_new (name);
+ g_variant_unref (v);
++#endif
+ }
+ else
+ {
+diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
+index 8a2b369..83f8d4a 100644
+--- a/src/polkit/polkitunixnetgroup.c
++++ b/src/polkit/polkitunixnetgroup.c
+@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
+ PolkitIdentity *
+ polkit_unix_netgroup_new (const gchar *name)
+ {
++#ifndef HAVE_SETNETGRENT
++ g_assert_not_reached();
++#endif
+ g_return_val_if_fail (name != NULL, NULL);
+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
+ "name", name,
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 056d9a8..36c2f3d 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
+ GList *ret;
+
+ ret = NULL;
++#ifdef HAVE_SETNETGRENT
+ name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
+
+-#ifdef HAVE_SETNETGRENT_RETURN
++# ifdef HAVE_SETNETGRENT_RETURN
+ if (setnetgrent (name) == 0)
+ {
+ g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
+ goto out;
+ }
+-#else
++# else
+ setnetgrent (name);
+-#endif
++# endif /* HAVE_SETNETGRENT_RETURN */
+
+ for (;;)
+ {
+-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
+ const char *hostname, *username, *domainname;
+-#else
++# else
+ char *hostname, *username, *domainname;
+-#endif
++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
+ PolkitIdentity *user;
+ GError *error = NULL;
+
+@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,
+
+ out:
+ endnetgrent ();
++#endif /* HAVE_SETNETGRENT */
+ return ret;
+ }
+
+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
+index 9b752d1..09b2878 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+
+ JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
+
++#ifdef HAVE_SETNETGRENT
+ JS::RootedString usrstr (authority->priv->cx);
+ usrstr = args[0].toString();
+ user = JS_EncodeStringToUTF8 (cx, usrstr);
+@@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+
+ JS_free (cx, netgroup);
+ JS_free (cx, user);
++#endif
+
+ ret = true;
+
+diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
+index e91967b..e829aaa 100644
+--- a/test/polkit/polkitidentitytest.c
++++ b/test/polkit/polkitidentitytest.c
+@@ -19,6 +19,7 @@
+ * Author: Nikki VonHollen <vonhollen@google.com>
+ */
+
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <polkit/polkitprivate.h>
+@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
+ {"unix-group:root", "unix-group:jane", FALSE},
+ {"unix-group:jane", "unix-group:jane", TRUE},
+
++#ifdef HAVE_SETNETGRENT
+ {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
+ {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
++#endif
+
+ {"unix-user:root", "unix-group:root", FALSE},
++#ifdef HAVE_SETNETGRENT
+ {"unix-user:jane", "unix-netgroup:foo", FALSE},
++#endif
+
+ {NULL},
+ };
+@@ -181,11 +186,13 @@ main (int argc, char *argv[])
+ g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
+ g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
+
++#ifdef HAVE_SETNETGRENT
+ g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
++#endif
+
+ g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
+ g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
+- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
+
+ add_comparison_tests ();
+
+diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
+index 3701ba1..e3352eb 100644
+--- a/test/polkit/polkitunixnetgrouptest.c
++++ b/test/polkit/polkitunixnetgrouptest.c
+@@ -19,6 +19,7 @@
+ * Author: Nikki VonHollen <vonhollen@google.com>
+ */
+
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <string.h>
+@@ -69,7 +70,9 @@ int
+ main (int argc, char *argv[])
+ {
+ g_test_init (&argc, &argv, NULL);
++#ifdef HAVE_SETNETGRENT
+ g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
+ g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
++#endif
+ return g_test_run ();
+ }
+diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
+index 71aad23..fdd28f3 100644
+--- a/test/polkitbackend/test-polkitbackendjsauthority.c
++++ b/test/polkitbackend/test-polkitbackendjsauthority.c
+@@ -137,12 +137,14 @@ test_get_admin_identities (void)
+ "unix-group:users"
+ }
+ },
++#ifdef HAVE_SETNETGRENT
+ {
+ "net.company.action3",
+ {
+ "unix-netgroup:foo"
+ }
+ },
++#endif
+ };
+ guint n;
+
+--
+2.21.0
+
diff --git a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional.patch
deleted file mode 100644
index 0b4b698..0000000
--- a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-From 6a46ff1b969a7109c6f5f25ebabaa943bbd5bdaf Mon Sep 17 00:00:00 2001
-From:
-Date: Sun, 28 Apr 2019 16:46:26 -0500
-Subject: [PATCH] make netgroup support optional
-
----
- configure.ac | 2 +-
- src/polkitbackend/init.js | 5 ++++-
- src/polkitbackend/polkitbackendinteractiveauthority.c | 4 ++++
- src/polkitbackend/polkitbackendjsauthority.cpp | 8 ++++++--
- test/polkitbackend/test-polkitbackendjsauthority.c | 6 ++++--
- 5 files changed, 19 insertions(+), 6 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 5cedb4e..88ce2a6 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
-
--AC_CHECK_FUNCS(clearenv fdatasync)
-+AC_CHECK_FUNCS(clearenv fdatasync getnetgrent)
-
- if test "x$GCC" = "xyes"; then
- LDFLAGS="-Wl,--as-needed $LDFLAGS"
-diff --git a/src/polkitbackend/init.js b/src/polkitbackend/init.js
-index 79c80b6..2065cff 100644
---- a/src/polkitbackend/init.js
-+++ b/src/polkitbackend/init.js
-@@ -29,7 +29,10 @@ function Subject() {
- };
-
- this.isInNetGroup = function(netGroup) {
-- return polkit._userIsInNetGroup(this.user, netGroup);
-+ if (polkit._userIsInNetGroup)
-+ return polkit._userIsInNetGroup(this.user, netGroup);
-+ else
-+ return false;
- };
-
- this.toString = function() {
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 056d9a8..559cd06 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2225,6 +2225,7 @@ get_users_in_group (PolkitIdentity *group,
- return ret;
- }
-
-+#ifdef HAVE_GETNETGRENT
- static GList *
- get_users_in_net_group (PolkitIdentity *group,
- gboolean include_root)
-@@ -2284,6 +2285,7 @@ get_users_in_net_group (PolkitIdentity *group,
- endnetgrent ();
- return ret;
- }
-+#endif
-
- /* ---------------------------------------------------------------------------------------------------- */
-
-@@ -2369,10 +2371,12 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
- {
- user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE));
- }
-+#ifdef HAVE_GETNETGRENT
- else if (POLKIT_IS_UNIX_NETGROUP (identity))
- {
- user_identities = g_list_concat (user_identities, get_users_in_net_group (identity, FALSE));
- }
-+#endif
- else
- {
- g_warning ("Unsupported identity");
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
-index 9b752d1..dcff711 100644
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -192,13 +192,17 @@ static JSClass js_polkit_class = {
-
- static bool js_polkit_log (JSContext *cx, unsigned argc, JS::Value *vp);
- static bool js_polkit_spawn (JSContext *cx, unsigned argc, JS::Value *vp);
-+#ifdef HAVE_GETNETGRENT
- static bool js_polkit_user_is_in_netgroup (JSContext *cx, unsigned argc, JS::Value *vp);
-+#endif
-
- static JSFunctionSpec js_polkit_functions[] =
- {
- JS_FN("log", js_polkit_log, 0, 0),
- JS_FN("spawn", js_polkit_spawn, 0, 0),
-+#ifdef HAVE_GETNETGRENT
- JS_FN("_userIsInNetGroup", js_polkit_user_is_in_netgroup, 0, 0),
-+#endif
- JS_FS_END
- };
-
-@@ -1488,7 +1492,7 @@ js_polkit_spawn (JSContext *cx,
-
- /* ---------------------------------------------------------------------------------------------------- */
-
--
-+#ifdef HAVE_GETNETGRENT
- static bool
- js_polkit_user_is_in_netgroup (JSContext *cx,
- unsigned argc,
-@@ -1526,7 +1530,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
-
- return ret;
- }
--
-+#endif
-
-
- /* ---------------------------------------------------------------------------------------------------- */
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
-index 71aad23..2b2a5d4 100644
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -137,12 +137,14 @@ test_get_admin_identities (void)
- "unix-group:users"
- }
- },
-+#ifdef HAVE_GETNETGRENT
- {
- "net.company.action3",
- {
- "unix-netgroup:foo"
- }
- },
-+#endif
- };
- guint n;
-
-@@ -266,7 +268,7 @@ static const RulesTestCase rules_test_cases[] = {
- NULL,
- POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
- },
--
-+#if HAVE_GETNETGRENT
- /* check netgroup membership */
- {
- /* john is a member of netgroup 'foo', see test/etc/netgroup */
-@@ -284,7 +286,7 @@ static const RulesTestCase rules_test_cases[] = {
- NULL,
- POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
- },
--
-+#endif
- /* spawning */
- {
- "spawning_non_existing_helper",
---
-2.21.0
-
diff --git a/sys-auth/polkit/polkit-0.116.ebuild b/sys-auth/polkit/polkit-0.116-r1.ebuild
similarity index 98%
rename from sys-auth/polkit/polkit-0.116.ebuild
rename to sys-auth/polkit/polkit-0.116-r1.ebuild
index df86906..4ccfa37 100644
--- a/sys-auth/polkit/polkit-0.116.ebuild
+++ b/sys-auth/polkit/polkit-0.116-r1.ebuild
@@ -57,7 +57,7 @@ PATCHES=(
# bug 660880
"${FILESDIR}"/polkit-0.115-elogind.patch
- "${FILESDIR}"/polkit-0.116-make-netgroup-support-optional.patch
+ "${FILESDIR}"/polkit-0.116-make-netgroup-support-optional-1.patch
)
QA_MULTILIB_PATHS="
^ permalink raw reply related [flat|nested] 8+ messages in thread* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2019-03-26 14:27 Jory Pratt
0 siblings, 0 replies; 8+ messages in thread
From: Jory Pratt @ 2019-03-26 14:27 UTC (permalink / raw
To: gentoo-commits
commit: c1ebe39a68169364f202397d6474b255dbae8b32
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 26 14:26:52 2019 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Tue Mar 26 14:26:52 2019 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=c1ebe39a
sys-auth/polkit: sync with in tree update
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
.../files/polkit-0.115-spidermonkey-60.patch | 180 +++++++++++++++++++++
sys-auth/polkit/polkit-0.115-r4.ebuild | 144 +++++++++++++++++
2 files changed, 324 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch
new file mode 100644
index 0000000..8a4510a
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch
@@ -0,0 +1,180 @@
+From c9cd7024140b837b5693d7c1bbaad1b0cd31cce6 Mon Sep 17 00:00:00 2001
+From: Emmanuele Bassi <ebassi@gnome.org>
+Date: Fri, 31 Aug 2018 13:32:16 +0100
+Subject: [PATCH] Depend on mozjs-60
+
+This is the new ESR version of the Mozilla JS engine, superceding
+mozjs-52.
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5c37e48..5cedb4e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+
+-PKG_CHECK_MODULES(LIBJS, [mozjs-52])
++PKG_CHECK_MODULES(LIBJS, [mozjs-60])
+
+ AC_SUBST(LIBJS_CFLAGS)
+ AC_SUBST(LIBJS_CXXFLAGS)
+
+
+From dd00683e8781d230a45781d509d86ad676138564 Mon Sep 17 00:00:00 2001
+From: Emmanuele Bassi <ebassi@gnome.org>
+Date: Fri, 31 Aug 2018 13:33:20 +0100
+Subject: [PATCH] Port the JS authority to mozjs-60
+
+API changes in mozjs that need to be reflected in the JS authority:
+
+ - the JS::CompileOptions constructor and the JS::CompartmentOptions
+ do not allow setting a JS version any more
+
+ - do not use NULL comparisons for C++ objects
+
+ - the resize() method for a vector has a return value that needs
+ to be handled
+
+ - JSClassOps has different fields
+---
+ .../polkitbackendjsauthority.cpp | 65 +++++++++----------
+ 1 file changed, 32 insertions(+), 33 deletions(-)
+
+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
+index 7602714..984a0f0 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC
+ /* ---------------------------------------------------------------------------------------------------- */
+
+ static const struct JSClassOps js_global_class_ops = {
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL
++ nullptr, // addProperty
++ nullptr, // deleteProperty
++ nullptr, // enumerate
++ nullptr, // newEnumerate
++ nullptr, // resolve
++ nullptr, // mayResolve
++ nullptr, // finalize
++ nullptr, // call
++ nullptr, // hasInstance
++ nullptr, // construct
++ JS_GlobalObjectTraceHook
+ };
+
+ static JSClass js_global_class = {
+@@ -172,18 +171,17 @@ static JSClass js_global_class = {
+
+ /* ---------------------------------------------------------------------------------------------------- */
+ static const struct JSClassOps js_polkit_class_ops = {
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL
++ nullptr, // addProperty
++ nullptr, // deleteProperty
++ nullptr, // enumerate
++ nullptr, // newEnumerate
++ nullptr, // resolve
++ nullptr, // mayResolve
++ nullptr, // finalize
++ nullptr, // call
++ nullptr, // hasInstance
++ nullptr, // construct
++ nullptr // trace
+ };
+
+ static JSClass js_polkit_class = {
+@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object)
+
+ {
+ JS::CompartmentOptions compart_opts;
+- compart_opts.behaviors().setVersion(JSVERSION_LATEST);
++
+ JS::RootedObject global(authority->priv->cx);
+
+ authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts));
+
+ global = authority->priv->js_global->get ();
+-
+- if (global == NULL)
++ if (!global)
+ goto fail;
+
+ authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global);
+
+- if (authority->priv->ac == NULL)
++ if (!authority->priv->ac)
+ goto fail;
+
+ if (!JS_InitStandardClasses (authority->priv->cx, global))
+@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object)
+
+ polkit = authority->priv->js_polkit->get ();
+
+- if (polkit == NULL)
++ if (!polkit)
+ goto fail;
+
+ if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE))
+@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object)
+ js_polkit_functions))
+ goto fail;
+
+- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
++ JS::CompileOptions options(authority->priv->cx);
+ JS::RootedValue rval(authority->priv->cx);
+ if (!JS::Evaluate (authority->priv->cx,
+ options,
+@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority *authority,
+ JS::AutoValueVector elems(authority->priv->cx);
+ guint n;
+
+- elems.resize(value->len);
++ if (!elems.resize(value->len))
++ g_error ("Unable to resize vector");
++
+ for (n = 0; n < value->len; n++)
+ {
+ const char *c_string = (const char *) g_ptr_array_index(value, n);
+@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority *authority,
+ GError **error)
+ {
+ gboolean ret = FALSE;
+- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
++ JS::CompileOptions options(authority->priv->cx);
+ const char *src;
+ JS::RootedObject obj(authority->priv->cx);
+ pid_t pid;
+@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority,
+ GError **error)
+ {
+ gboolean ret = FALSE;
+- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
++ JS::CompileOptions options(authority->priv->cx);
+ const char *src;
+ JS::RootedObject obj(authority->priv->cx);
+ gchar **keys;
diff --git a/sys-auth/polkit/polkit-0.115-r4.ebuild b/sys-auth/polkit/polkit-0.115-r4.ebuild
new file mode 100644
index 0000000..5e8842d
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.115-r4.ebuild
@@ -0,0 +1,144 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools pam pax-utils systemd user xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+
+REQUIRED_USE="?? ( elogind systemd )"
+
+BDEPEND="
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+ dev-lang/spidermonkey:60[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+"
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+ !systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+ # bug 660880
+ "${FILESDIR}"/polkit-0.115-elogind.patch
+ "${FILESDIR}"/CVE-2018-19788.patch
+ "${FILESDIR}"/polkit-0.115-spidermonkey-60.patch
+ "${FILESDIR}"/${P}-make-netgroup-support-optional.patch
+)
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # disable broken test - bug #624022
+ sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}"/var
+ --disable-static
+ --enable-man-pages
+ --disable-gtk-doc
+ --disable-examples
+ $(use_enable elogind libelogind)
+ $(use_enable introspection)
+ $(use_enable nls)
+ $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+ --with-authfw=$(usex pam pam shadow)
+ $(use_enable systemd libsystemd-login)
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(use_enable test)
+ --with-os-type=gentoo
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ default
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2018-12-16 11:13 Anthony G. Basile
0 siblings, 0 replies; 8+ messages in thread
From: Anthony G. Basile @ 2018-12-16 11:13 UTC (permalink / raw
To: gentoo-commits
commit: 28f2170aef776c77dba5fba71272fd977777faa9
Author: callmetango <callmetango <AT> users <DOT> noreply <DOT> github <DOT> com>
AuthorDate: Tue Dec 11 12:31:56 2018 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Dec 16 10:25:26 2018 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=28f2170a
sys-auth/polkit: version bump to 0.115-r2
* added CVE-2018-19788.patch from Gentoo tree
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>
sys-auth/polkit/files/CVE-2018-19788.patch | 339 +++++++++++++++++++++++++++++
sys-auth/polkit/polkit-0.115-r2.ebuild | 143 ++++++++++++
2 files changed, 482 insertions(+)
diff --git a/sys-auth/polkit/files/CVE-2018-19788.patch b/sys-auth/polkit/files/CVE-2018-19788.patch
new file mode 100644
index 0000000..97e3608
--- /dev/null
+++ b/sys-auth/polkit/files/CVE-2018-19788.patch
@@ -0,0 +1,339 @@
+From 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 3 Dec 2018 10:28:58 +0100
+Subject: [PATCH 1/2] Allow negative uids/gids in PolkitUnixUser and Group
+ objects
+
+(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since
+there should be no users with such number, see
+https://systemd.io/UIDS-GIDS#special-linux-uids.
+
+(uid_t) -1 is used as the default value in class initialization.
+
+When a user or group above INT32_MAX is created, the numeric uid or
+gid wraps around to negative when the value is assigned to gint, and
+polkit gets confused. Let's accept such gids, except for -1.
+
+A nicer fix would be to change the underlying type to e.g. uint32 to
+not have negative values. But this cannot be done without breaking the
+API, so likely new functions will have to be added (a
+polkit_unix_user_new variant that takes a unsigned, and the same for
+_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will
+require a bigger patch.
+
+Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74.
+---
+ src/polkit/polkitunixgroup.c | 15 +++++++++++----
+ src/polkit/polkitunixprocess.c | 12 ++++++++----
+ src/polkit/polkitunixuser.c | 13 ++++++++++---
+ 3 files changed, 29 insertions(+), 11 deletions(-)
+
+diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
+index c57a1aa..309f689 100644
+--- a/src/polkit/polkitunixgroup.c
++++ b/src/polkit/polkitunixgroup.c
+@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
+ static void
+ polkit_unix_group_init (PolkitUnixGroup *unix_group)
+ {
++ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */
+ }
+
+ static void
+@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object,
+ GParamSpec *pspec)
+ {
+ PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
++ gint val;
+
+ switch (prop_id)
+ {
+ case PROP_GID:
+- unix_group->gid = g_value_get_int (value);
++ val = g_value_get_int (value);
++ g_return_if_fail (val != -1);
++ unix_group->gid = val;
+ break;
+
+ default:
+@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
+ g_param_spec_int ("gid",
+ "Group ID",
+ "The UNIX group ID",
+- 0,
++ G_MININT,
+ G_MAXINT,
+- 0,
++ -1,
+ G_PARAM_CONSTRUCT |
+ G_PARAM_READWRITE |
+ G_PARAM_STATIC_NAME |
+@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group)
+ */
+ void
+ polkit_unix_group_set_gid (PolkitUnixGroup *group,
+- gint gid)
++ gint gid)
+ {
+ g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
++ g_return_if_fail (gid != -1);
+ group->gid = gid;
+ }
+
+@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
+ PolkitIdentity *
+ polkit_unix_group_new (gint gid)
+ {
++ g_return_val_if_fail (gid != -1, NULL);
++
+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
+ "gid", gid,
+ NULL));
+diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
+index 972b777..b02b258 100644
+--- a/src/polkit/polkitunixprocess.c
++++ b/src/polkit/polkitunixprocess.c
+@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object,
+ polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
+ break;
+
+- case PROP_UID:
+- polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
++ case PROP_UID: {
++ gint val;
++
++ val = g_value_get_int (value);
++ g_return_if_fail (val != -1);
++ polkit_unix_process_set_uid (unix_process, val);
+ break;
++ }
+
+ case PROP_START_TIME:
+ polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
+@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
+ g_param_spec_int ("uid",
+ "User ID",
+ "The UNIX user ID",
+- -1,
++ G_MININT,
+ G_MAXINT,
+ -1,
+ G_PARAM_CONSTRUCT |
+@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process,
+ gint uid)
+ {
+ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
+- g_return_if_fail (uid >= -1);
+ process->uid = uid;
+ }
+
+diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
+index 8bfd3a1..234a697 100644
+--- a/src/polkit/polkitunixuser.c
++++ b/src/polkit/polkitunixuser.c
+@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
+ static void
+ polkit_unix_user_init (PolkitUnixUser *unix_user)
+ {
++ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */
+ unix_user->name = NULL;
+ }
+
+@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object,
+ GParamSpec *pspec)
+ {
+ PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
++ gint val;
+
+ switch (prop_id)
+ {
+ case PROP_UID:
+- unix_user->uid = g_value_get_int (value);
++ val = g_value_get_int (value);
++ g_return_if_fail (val != -1);
++ unix_user->uid = val;
+ break;
+
+ default:
+@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
+ g_param_spec_int ("uid",
+ "User ID",
+ "The UNIX user ID",
+- 0,
++ G_MININT,
+ G_MAXINT,
+- 0,
++ -1,
+ G_PARAM_CONSTRUCT |
+ G_PARAM_READWRITE |
+ G_PARAM_STATIC_NAME |
+@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
+ gint uid)
+ {
+ g_return_if_fail (POLKIT_IS_UNIX_USER (user));
++ g_return_if_fail (uid != -1);
+ user->uid = uid;
+ }
+
+@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
+ PolkitIdentity *
+ polkit_unix_user_new (gint uid)
+ {
++ g_return_val_if_fail (uid != -1, NULL);
++
+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
+ "uid", uid,
+ NULL));
+--
+2.18.1
+
+
+From b534a10727455409acd54018a9c91000e7626126 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 3 Dec 2018 11:20:34 +0100
+Subject: [PATCH 2/2] tests: add tests for high uids
+
+---
+ test/data/etc/group | 1 +
+ test/data/etc/passwd | 2 +
+ .../etc/polkit-1/rules.d/10-testing.rules | 21 ++++++
+ .../test-polkitbackendjsauthority.c | 72 +++++++++++++++++++
+ 4 files changed, 96 insertions(+)
+
+diff --git a/test/data/etc/group b/test/data/etc/group
+index 12ef328..b9acab9 100644
+--- a/test/data/etc/group
++++ b/test/data/etc/group
+@@ -5,3 +5,4 @@ john:x:500:
+ jane:x:501:
+ sally:x:502:
+ henry:x:503:
++highuid2:x:4000000000:
+diff --git a/test/data/etc/passwd b/test/data/etc/passwd
+index 8544feb..5cf14a5 100644
+--- a/test/data/etc/passwd
++++ b/test/data/etc/passwd
+@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash
+ jane:x:501:501:Jane Smith:/home/jane:/bin/bash
+ sally:x:502:502:Sally Derp:/home/sally:/bin/bash
+ henry:x:503:503:Henry Herp:/home/henry:/bin/bash
++highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin
++highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin
+diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules
+index 446e622..98bf062 100644
+--- a/test/data/etc/polkit-1/rules.d/10-testing.rules
++++ b/test/data/etc/polkit-1/rules.d/10-testing.rules
+@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) {
+ }
+ });
+
++polkit.addRule(function(action, subject) {
++ if (action.id == "net.company.john_action") {
++ if (subject.user == "john") {
++ return polkit.Result.YES;
++ } else {
++ return polkit.Result.NO;
++ }
++ }
++});
++
++polkit.addRule(function(action, subject) {
++ if (action.id == "net.company.highuid2_action") {
++ if (subject.user == "highuid2") {
++ return polkit.Result.YES;
++ } else {
++ return polkit.Result.NO;
++ }
++ }
++});
++
++
+ // ---------------------------------------------------------------------
+ // variables
+
+diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
+index b484a26..71aad23 100644
+--- a/test/polkitbackend/test-polkitbackendjsauthority.c
++++ b/test/polkitbackend/test-polkitbackendjsauthority.c
+@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = {
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
+ },
++
++ {
++ /* highuid1 is not a member of group 'users', see test/data/etc/group */
++ "group_membership_with_non_member(highuid22)",
++ "net.company.group.only_group_users",
++ "unix-user:highuid2",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
++ },
++
++ {
++ /* highuid2 is not a member of group 'users', see test/data/etc/group */
++ "group_membership_with_non_member(highuid21)",
++ "net.company.group.only_group_users",
++ "unix-user:highuid2",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
++ },
++
++ {
++ /* highuid1 is not a member of group 'users', see test/data/etc/group */
++ "group_membership_with_non_member(highuid24)",
++ "net.company.group.only_group_users",
++ "unix-user:2147483648",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
++ },
++
++ {
++ /* highuid2 is not a member of group 'users', see test/data/etc/group */
++ "group_membership_with_non_member(highuid23)",
++ "net.company.group.only_group_users",
++ "unix-user:4000000000",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
++ },
++
++ {
++ /* john is authorized to do this, see 10-testing.rules */
++ "john_action",
++ "net.company.john_action",
++ "unix-user:john",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
++ },
++
++ {
++ /* only john is authorized to do this, see 10-testing.rules */
++ "jane_action",
++ "net.company.john_action",
++ "unix-user:jane",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
++ },
++
++ {
++ /* highuid2 is authorized to do this, see 10-testing.rules */
++ "highuid2_action",
++ "net.company.highuid2_action",
++ "unix-user:highuid2",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
++ },
++
++ {
++ /* only highuid2 is authorized to do this, see 10-testing.rules */
++ "highuid1_action",
++ "net.company.highuid2_action",
++ "unix-user:highuid1",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
++ },
+ };
+
+ /* ---------------------------------------------------------------------------------------------------- */
+--
+2.18.1
+
diff --git a/sys-auth/polkit/polkit-0.115-r2.ebuild b/sys-auth/polkit/polkit-0.115-r2.ebuild
new file mode 100644
index 0000000..a802ed0
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.115-r2.ebuild
@@ -0,0 +1,143 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools pam pax-utils systemd user xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+
+REQUIRED_USE="?? ( elogind systemd )"
+
+CDEPEND="
+ dev-lang/spidermonkey:52[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ introspection? ( dev-libs/gobject-introspection )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0= )
+"
+DEPEND="${CDEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ sys-devel/gettext
+ virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+ !systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+ # bug 660880
+ "${FILESDIR}"/polkit-0.115-elogind.patch
+ "${FILESDIR}"/CVE-2018-19788.patch
+ "${FILESDIR}"/${P}-make-netgroup-support-optional.patch
+)
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # disable broken test - bug #624022
+ sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}"/var
+ --disable-static
+ --enable-man-pages
+ --disable-gtk-doc
+ --disable-examples
+ $(use_enable elogind libelogind)
+ $(use_enable introspection)
+ $(use_enable nls)
+ $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+ --with-authfw=$(usex pam pam shadow)
+ $(use_enable systemd libsystemd-login)
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(use_enable test)
+ --with-os-type=gentoo
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ default
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-05-04 13:50 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-07-17 12:43 [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/files/, sys-auth/polkit/ Anthony G. Basile
-- strict thread matches above, loose matches on Subject: below --
2022-05-04 13:50 Jory Pratt
2021-02-11 17:32 Jory Pratt
2021-02-11 17:32 Jory Pratt
2020-08-18 23:48 Jory Pratt
2019-05-21 1:34 Jory Pratt
2019-03-26 14:27 Jory Pratt
2018-12-16 11:13 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox