* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2016-01-02 10:14 Gilles Dartiguelongue
0 siblings, 0 replies; 12+ messages in thread
From: Gilles Dartiguelongue @ 2016-01-02 10:14 UTC (permalink / raw
To: gentoo-commits
commit: 39260d199cae8fef3dbb66db4b37377e92378f99
Author: Gilles Dartiguelongue <eva <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 2 10:14:00 2016 +0000
Commit: Gilles Dartiguelongue <eva <AT> gentoo <DOT> org>
CommitDate: Sat Jan 2 10:14:00 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39260d19
sys-auth/polkit: drop old revision, bug #555666
Package-Manager: portage-2.2.26
sys-auth/polkit/Manifest | 1 -
...dle-invalid-object-paths-in-RegisterAuthe.patch | 106 ------------------
sys-auth/polkit/polkit-0.112-r3.ebuild | 122 ---------------------
3 files changed, 229 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 2add7c3..6b6923d 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,2 +1 @@
-DIST polkit-0.112.tar.gz 1429240 SHA256 d695f43cba4748a822fbe864dd32c4887c5da1c71694a47693ace5e88fcf6af6 SHA512 e4ad1bd287b38e5650cb94b1897a959b2ceaa6c19b4478ba872eacb13b58758fd42f6ab1718976162d823d850cd5c99b3ccadf1b57d75dea7790101422029d5f WHIRLPOOL af5dd0a17b7356302b0319e80565d6ac916128dfc85b6e2711147f3de86651f11fe8d08f3d6067d7abd24e263be92403f9d8f46935ba93db571e386a603a038a
DIST polkit-0.113.tar.gz 1448865 SHA256 e1c095093c654951f78f8618d427faf91cf62abdefed98de40ff65eca6413c81 SHA512 ab177c89a20eeb2978ddbe28afb205d3619f9c5defe833eb68a85e71a0f2c905367f1295cbbfb85da5eafdd661bce474d5d84aca9195cd425a18c9b4170eb5f9 WHIRLPOOL 106db7e6085a4ce49da44929138671eff2fd6007c80533518abe2d91ede9242b1e3cd0a1801190eeac5d4d5c1e978a30a18e47a6b604497b38853fa60c935a81
diff --git a/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch b/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch
deleted file mode 100644
index 5ceb2de..0000000
--- a/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 9e074421d5623b6962dc66994d519012b40334b9 Mon Sep 17 00:00:00 2001
-From: Colin Walters <walters@verbum.org>
-Date: Sat, 30 May 2015 09:06:23 -0400
-Subject: [PATCH] backend: Handle invalid object paths in
- RegisterAuthenticationAgent
-
-Properly propagate the error, otherwise we dereference a `NULL`
-pointer. This is a local, authenticated DoS.
-
-Reported-by: Tavis Ormandy <taviso@google.com>
-Signed-off-by: Colin Walters <walters@verbum.org>
----
- .../polkitbackendinteractiveauthority.c | 53 ++++++++++++----------
- 1 file changed, 30 insertions(+), 23 deletions(-)
-
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 59028d5..f45fdf1 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -1551,36 +1551,42 @@ authentication_agent_new (PolkitSubject *scope,
- const gchar *unique_system_bus_name,
- const gchar *locale,
- const gchar *object_path,
-- GVariant *registration_options)
-+ GVariant *registration_options,
-+ GError **error)
- {
- AuthenticationAgent *agent;
-- GError *error;
-+ GDBusProxy *proxy;
-
-- agent = g_new0 (AuthenticationAgent, 1);
-+ if (!g_variant_is_object_path (object_path))
-+ {
-+ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED,
-+ "Invalid object path '%s'", object_path);
-+ return NULL;
-+ }
-+
-+ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
-+ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
-+ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
-+ NULL, /* GDBusInterfaceInfo* */
-+ unique_system_bus_name,
-+ object_path,
-+ "org.freedesktop.PolicyKit1.AuthenticationAgent",
-+ NULL, /* GCancellable* */
-+ error);
-+ if (proxy == NULL)
-+ {
-+ g_prefix_error (error, "Failed to construct proxy for agent: " );
-+ return NULL;
-+ }
-
-+ agent = g_new0 (AuthenticationAgent, 1);
- agent->ref_count = 1;
- agent->scope = g_object_ref (scope);
- agent->object_path = g_strdup (object_path);
- agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
- agent->locale = g_strdup (locale);
- agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL;
--
-- error = NULL;
-- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
-- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
-- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
-- NULL, /* GDBusInterfaceInfo* */
-- agent->unique_system_bus_name,
-- agent->object_path,
-- "org.freedesktop.PolicyKit1.AuthenticationAgent",
-- NULL, /* GCancellable* */
-- &error);
-- if (agent->proxy == NULL)
-- {
-- g_warning ("Error constructing proxy for agent: %s", error->message);
-- g_error_free (error);
-- /* TODO: Make authentication_agent_new() return NULL and set a GError */
-- }
-+ agent->proxy = proxy;
-
- return agent;
- }
-@@ -2383,8 +2389,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
- caller_cmdline = NULL;
- agent = NULL;
-
-- /* TODO: validate that object path is well-formed */
--
- interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority);
- priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority);
-
-@@ -2471,7 +2475,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
- polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
- locale,
- object_path,
-- options);
-+ options,
-+ error);
-+ if (!agent)
-+ goto out;
-
- g_hash_table_insert (priv->hash_scope_to_authentication_agent,
- g_object_ref (subject),
---
-1.8.3.1
-
diff --git a/sys-auth/polkit/polkit-0.112-r3.ebuild b/sys-auth/polkit/polkit-0.112-r3.ebuild
deleted file mode 100644
index 873670c..0000000
--- a/sys-auth/polkit/polkit-0.112-r3.ebuild
+++ /dev/null
@@ -1,122 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-inherit eutils multilib pam pax-utils systemd user
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit"
-SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86"
-IUSE="examples gtk +introspection jit kde nls pam selinux systemd"
-
-CDEPEND="
- ia64? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
- hppa? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
- mips? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
- !hppa? ( !ia64? ( !mips? ( dev-lang/spidermonkey:17[-debug,jit=] ) ) )
- >=dev-libs/glib-2.32
- >=dev-libs/expat-2:=
- introspection? ( >=dev-libs/gobject-introspection-1 )
- pam? (
- sys-auth/pambase
- virtual/pam
- )
- systemd? ( sys-apps/systemd:0= )"
-DEPEND="${CDEPEND}
- app-text/docbook-xml-dtd:4.1.2
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt
- dev-util/intltool
- virtual/pkgconfig"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- lxde-base/lxpolkit
- ) )
- kde? ( || (
- kde-plasma/polkit-kde-agent
- sys-auth/polkit-kde-agent
- ) )
- !systemd? ( sys-auth/consolekit[policykit] )"
-
-QA_MULTILIB_PATHS="
- usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
-
-pkg_setup() {
- local u=polkitd
- local g=polkitd
- local h=/var/lib/polkit-1
-
- enewgroup ${g}
- enewuser ${u} -1 -1 ${h} ${g}
- esethome ${u} ${h}
-}
-
-src_prepare() {
- epatch "${FILESDIR}/${PN}-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch" # bug 551316
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
-}
-
-src_configure() {
- econf \
- --localstatedir="${EPREFIX}"/var \
- --disable-static \
- --enable-man-pages \
- --disable-gtk-doc \
- $(use_enable systemd libsystemd-login) \
- $(use_enable introspection) \
- --disable-examples \
- $(use_enable nls) \
- $(if use hppa || use ia64 || use mips; then echo --with-mozjs=mozjs185; else echo --with-mozjs=mozjs-17.0; fi) \
- "$(systemd_with_unitdir)" \
- --with-authfw=$(usex pam pam shadow) \
- $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \
- --with-os-type=gentoo
-}
-
-src_compile() {
- default
-
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT
- local f='src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest'
- local m=''
- # Only used when USE="jit" is enabled for 'dev-lang/spidermonkey:17' wrt #485910
- has_version 'dev-lang/spidermonkey:17[jit]' && m='m'
- # hppa, ia64 and mips uses spidermonkey-1.8.5 which requires different pax-mark flags
- use hppa && m='mr'
- use ia64 && m='mr'
- use mips && m='mr'
- [ -n "$m" ] && pax-mark ${m} ${f}
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- dodoc docs/TODO HACKING NEWS README
-
- fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
-
- diropts -m0700 -o polkitd -g polkitd
- keepdir /var/lib/polkit-1
-
- if use examples; then
- insinto /usr/share/doc/${PF}/examples
- doins src/examples/{*.c,*.policy*}
- fi
-
- prune_libtool_files
-}
-
-pkg_postinst() {
- chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
-}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2018-12-06 23:11 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2018-12-06 23:11 UTC (permalink / raw
To: gentoo-commits
commit: cf27a98f65a37ac7ed9086a08999aec70dc9dfbb
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 6 23:11:06 2018 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Dec 6 23:11:39 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf27a98f
sys-auth/polkit: backport fix for CVE-2018-19788
Bug: https://bugs.gentoo.org/672578
Package-Manager: Portage-2.3.52_p8, Repoman-2.3.12_p20
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-auth/polkit/files/CVE-2018-19788.patch | 339 +++++++++++++++++++++++++++++
sys-auth/polkit/polkit-0.115-r2.ebuild | 142 ++++++++++++
2 files changed, 481 insertions(+)
diff --git a/sys-auth/polkit/files/CVE-2018-19788.patch b/sys-auth/polkit/files/CVE-2018-19788.patch
new file mode 100644
index 00000000000..97e3608a12b
--- /dev/null
+++ b/sys-auth/polkit/files/CVE-2018-19788.patch
@@ -0,0 +1,339 @@
+From 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 3 Dec 2018 10:28:58 +0100
+Subject: [PATCH 1/2] Allow negative uids/gids in PolkitUnixUser and Group
+ objects
+
+(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since
+there should be no users with such number, see
+https://systemd.io/UIDS-GIDS#special-linux-uids.
+
+(uid_t) -1 is used as the default value in class initialization.
+
+When a user or group above INT32_MAX is created, the numeric uid or
+gid wraps around to negative when the value is assigned to gint, and
+polkit gets confused. Let's accept such gids, except for -1.
+
+A nicer fix would be to change the underlying type to e.g. uint32 to
+not have negative values. But this cannot be done without breaking the
+API, so likely new functions will have to be added (a
+polkit_unix_user_new variant that takes a unsigned, and the same for
+_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will
+require a bigger patch.
+
+Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74.
+---
+ src/polkit/polkitunixgroup.c | 15 +++++++++++----
+ src/polkit/polkitunixprocess.c | 12 ++++++++----
+ src/polkit/polkitunixuser.c | 13 ++++++++++---
+ 3 files changed, 29 insertions(+), 11 deletions(-)
+
+diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
+index c57a1aa..309f689 100644
+--- a/src/polkit/polkitunixgroup.c
++++ b/src/polkit/polkitunixgroup.c
+@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
+ static void
+ polkit_unix_group_init (PolkitUnixGroup *unix_group)
+ {
++ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */
+ }
+
+ static void
+@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object,
+ GParamSpec *pspec)
+ {
+ PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
++ gint val;
+
+ switch (prop_id)
+ {
+ case PROP_GID:
+- unix_group->gid = g_value_get_int (value);
++ val = g_value_get_int (value);
++ g_return_if_fail (val != -1);
++ unix_group->gid = val;
+ break;
+
+ default:
+@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
+ g_param_spec_int ("gid",
+ "Group ID",
+ "The UNIX group ID",
+- 0,
++ G_MININT,
+ G_MAXINT,
+- 0,
++ -1,
+ G_PARAM_CONSTRUCT |
+ G_PARAM_READWRITE |
+ G_PARAM_STATIC_NAME |
+@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group)
+ */
+ void
+ polkit_unix_group_set_gid (PolkitUnixGroup *group,
+- gint gid)
++ gint gid)
+ {
+ g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
++ g_return_if_fail (gid != -1);
+ group->gid = gid;
+ }
+
+@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
+ PolkitIdentity *
+ polkit_unix_group_new (gint gid)
+ {
++ g_return_val_if_fail (gid != -1, NULL);
++
+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
+ "gid", gid,
+ NULL));
+diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
+index 972b777..b02b258 100644
+--- a/src/polkit/polkitunixprocess.c
++++ b/src/polkit/polkitunixprocess.c
+@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object,
+ polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
+ break;
+
+- case PROP_UID:
+- polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
++ case PROP_UID: {
++ gint val;
++
++ val = g_value_get_int (value);
++ g_return_if_fail (val != -1);
++ polkit_unix_process_set_uid (unix_process, val);
+ break;
++ }
+
+ case PROP_START_TIME:
+ polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
+@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
+ g_param_spec_int ("uid",
+ "User ID",
+ "The UNIX user ID",
+- -1,
++ G_MININT,
+ G_MAXINT,
+ -1,
+ G_PARAM_CONSTRUCT |
+@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process,
+ gint uid)
+ {
+ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
+- g_return_if_fail (uid >= -1);
+ process->uid = uid;
+ }
+
+diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
+index 8bfd3a1..234a697 100644
+--- a/src/polkit/polkitunixuser.c
++++ b/src/polkit/polkitunixuser.c
+@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
+ static void
+ polkit_unix_user_init (PolkitUnixUser *unix_user)
+ {
++ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */
+ unix_user->name = NULL;
+ }
+
+@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object,
+ GParamSpec *pspec)
+ {
+ PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
++ gint val;
+
+ switch (prop_id)
+ {
+ case PROP_UID:
+- unix_user->uid = g_value_get_int (value);
++ val = g_value_get_int (value);
++ g_return_if_fail (val != -1);
++ unix_user->uid = val;
+ break;
+
+ default:
+@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
+ g_param_spec_int ("uid",
+ "User ID",
+ "The UNIX user ID",
+- 0,
++ G_MININT,
+ G_MAXINT,
+- 0,
++ -1,
+ G_PARAM_CONSTRUCT |
+ G_PARAM_READWRITE |
+ G_PARAM_STATIC_NAME |
+@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
+ gint uid)
+ {
+ g_return_if_fail (POLKIT_IS_UNIX_USER (user));
++ g_return_if_fail (uid != -1);
+ user->uid = uid;
+ }
+
+@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
+ PolkitIdentity *
+ polkit_unix_user_new (gint uid)
+ {
++ g_return_val_if_fail (uid != -1, NULL);
++
+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
+ "uid", uid,
+ NULL));
+--
+2.18.1
+
+
+From b534a10727455409acd54018a9c91000e7626126 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 3 Dec 2018 11:20:34 +0100
+Subject: [PATCH 2/2] tests: add tests for high uids
+
+---
+ test/data/etc/group | 1 +
+ test/data/etc/passwd | 2 +
+ .../etc/polkit-1/rules.d/10-testing.rules | 21 ++++++
+ .../test-polkitbackendjsauthority.c | 72 +++++++++++++++++++
+ 4 files changed, 96 insertions(+)
+
+diff --git a/test/data/etc/group b/test/data/etc/group
+index 12ef328..b9acab9 100644
+--- a/test/data/etc/group
++++ b/test/data/etc/group
+@@ -5,3 +5,4 @@ john:x:500:
+ jane:x:501:
+ sally:x:502:
+ henry:x:503:
++highuid2:x:4000000000:
+diff --git a/test/data/etc/passwd b/test/data/etc/passwd
+index 8544feb..5cf14a5 100644
+--- a/test/data/etc/passwd
++++ b/test/data/etc/passwd
+@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash
+ jane:x:501:501:Jane Smith:/home/jane:/bin/bash
+ sally:x:502:502:Sally Derp:/home/sally:/bin/bash
+ henry:x:503:503:Henry Herp:/home/henry:/bin/bash
++highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin
++highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin
+diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules
+index 446e622..98bf062 100644
+--- a/test/data/etc/polkit-1/rules.d/10-testing.rules
++++ b/test/data/etc/polkit-1/rules.d/10-testing.rules
+@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) {
+ }
+ });
+
++polkit.addRule(function(action, subject) {
++ if (action.id == "net.company.john_action") {
++ if (subject.user == "john") {
++ return polkit.Result.YES;
++ } else {
++ return polkit.Result.NO;
++ }
++ }
++});
++
++polkit.addRule(function(action, subject) {
++ if (action.id == "net.company.highuid2_action") {
++ if (subject.user == "highuid2") {
++ return polkit.Result.YES;
++ } else {
++ return polkit.Result.NO;
++ }
++ }
++});
++
++
+ // ---------------------------------------------------------------------
+ // variables
+
+diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
+index b484a26..71aad23 100644
+--- a/test/polkitbackend/test-polkitbackendjsauthority.c
++++ b/test/polkitbackend/test-polkitbackendjsauthority.c
+@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = {
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
+ },
++
++ {
++ /* highuid1 is not a member of group 'users', see test/data/etc/group */
++ "group_membership_with_non_member(highuid22)",
++ "net.company.group.only_group_users",
++ "unix-user:highuid2",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
++ },
++
++ {
++ /* highuid2 is not a member of group 'users', see test/data/etc/group */
++ "group_membership_with_non_member(highuid21)",
++ "net.company.group.only_group_users",
++ "unix-user:highuid2",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
++ },
++
++ {
++ /* highuid1 is not a member of group 'users', see test/data/etc/group */
++ "group_membership_with_non_member(highuid24)",
++ "net.company.group.only_group_users",
++ "unix-user:2147483648",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
++ },
++
++ {
++ /* highuid2 is not a member of group 'users', see test/data/etc/group */
++ "group_membership_with_non_member(highuid23)",
++ "net.company.group.only_group_users",
++ "unix-user:4000000000",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
++ },
++
++ {
++ /* john is authorized to do this, see 10-testing.rules */
++ "john_action",
++ "net.company.john_action",
++ "unix-user:john",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
++ },
++
++ {
++ /* only john is authorized to do this, see 10-testing.rules */
++ "jane_action",
++ "net.company.john_action",
++ "unix-user:jane",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
++ },
++
++ {
++ /* highuid2 is authorized to do this, see 10-testing.rules */
++ "highuid2_action",
++ "net.company.highuid2_action",
++ "unix-user:highuid2",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
++ },
++
++ {
++ /* only highuid2 is authorized to do this, see 10-testing.rules */
++ "highuid1_action",
++ "net.company.highuid2_action",
++ "unix-user:highuid1",
++ NULL,
++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
++ },
+ };
+
+ /* ---------------------------------------------------------------------------------------------------- */
+--
+2.18.1
+
diff --git a/sys-auth/polkit/polkit-0.115-r2.ebuild b/sys-auth/polkit/polkit-0.115-r2.ebuild
new file mode 100644
index 00000000000..39413fce5d4
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.115-r2.ebuild
@@ -0,0 +1,142 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools pam pax-utils systemd user xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+
+REQUIRED_USE="?? ( elogind systemd )"
+
+CDEPEND="
+ dev-lang/spidermonkey:52[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ introspection? ( dev-libs/gobject-introspection )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0= )
+"
+DEPEND="${CDEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ sys-devel/gettext
+ virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+ !systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+ # bug 660880
+ "${FILESDIR}"/polkit-0.115-elogind.patch
+ "${FILESDIR}"/CVE-2018-19788.patch
+)
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # disable broken test - bug #624022
+ sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}"/var
+ --disable-static
+ --enable-man-pages
+ --disable-gtk-doc
+ --disable-examples
+ $(use_enable elogind libelogind)
+ $(use_enable introspection)
+ $(use_enable nls)
+ $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+ --with-authfw=$(usex pam pam shadow)
+ $(use_enable systemd libsystemd-login)
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(use_enable test)
+ --with-os-type=gentoo
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ default
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2019-06-09 11:37 Andreas Sturmlechner
0 siblings, 0 replies; 12+ messages in thread
From: Andreas Sturmlechner @ 2019-06-09 11:37 UTC (permalink / raw
To: gentoo-commits
commit: 39b7c2d3a288642b41a319357d4452b3b2e6cb23
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 5 20:49:00 2019 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sun Jun 9 11:36:31 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39b7c2d3
sys-auth/polkit: Drop vulnerable 0.113-r4
Package-Manager: Portage-2.3.67, Repoman-2.3.14
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
sys-auth/polkit/Manifest | 1 -
sys-auth/polkit/files/polkit-0.113-elogind.patch | 178 -----------------------
sys-auth/polkit/polkit-0.113-r4.ebuild | 137 -----------------
3 files changed, 316 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 9a714611499..201ccd87ea2 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,3 +1,2 @@
-DIST polkit-0.113.tar.gz 1448865 BLAKE2B 93cb6abf03d0de193e9f64b953bee40faf3bd07cf6f86beb4f84edd740dedc0bcf7a1ffd6b3a1a816e5adad0ee59536dacae3d991add4c4965cc6a98566b7470 SHA512 ab177c89a20eeb2978ddbe28afb205d3619f9c5defe833eb68a85e71a0f2c905367f1295cbbfb85da5eafdd661bce474d5d84aca9195cd425a18c9b4170eb5f9
DIST polkit-0.115.tar.gz 1550932 BLAKE2B 3185ebed46209f88a9ffccbbcaf1bf180d1ae6d5ec53cf3c66d867ad43910b47a1123a3db190991ebb382a0d28fc5a119ea4bab942db324e9af5663056cf6ee1 SHA512 1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc
DIST polkit-0.116.tar.gz 1548311 BLAKE2B e9761a2934136d453a47b81dd1f132f9fc96c45b731d5fceb2aa7706f5325b6499f6acbb68032befc1b21878b1b54754685607c916ca8e02a8accca3ca014b31 SHA512 b66b01cc2bb4349de70147f41f161f0f6f41e7230b581dfb054058b48969ec57041ab05b51787c749ccfc36aa5f317952d7e7ba337b4f6f6c0a923ed5866c2d5
diff --git a/sys-auth/polkit/files/polkit-0.113-elogind.patch b/sys-auth/polkit/files/polkit-0.113-elogind.patch
deleted file mode 100644
index c822e00d24a..00000000000
--- a/sys-auth/polkit/files/polkit-0.113-elogind.patch
+++ /dev/null
@@ -1,178 +0,0 @@
---- a/configure.ac 2016-11-03 20:16:02.842071344 +0100
-+++ b/configure.ac 2016-11-03 20:15:34.612071850 +0100
-@@ -183,11 +183,12 @@
-
- AM_CONDITIONAL(BUILD_TEST, [test "x$enable_test" = "xyes"])
-
--dnl ---------------------------------------------------------------------------
--dnl - Select wether to use libsystemd-login or ConsoleKit for session tracking
--dnl ---------------------------------------------------------------------------
-+dnl -----------------------------------------------------------------------------------
-+dnl - Select wether to use libsystemd-login, elogind or ConsoleKit for session tracking
-+dnl -----------------------------------------------------------------------------------
-
- have_libsystemd=no
-+have_elogind=no
- SESSION_TRACKING=ConsoleKit
-
- AC_ARG_ENABLE([libsystemd-login],
-@@ -220,6 +221,29 @@
- fi
- fi
- fi
-+
-+AC_ARG_ENABLE([libelogind],
-+ [AS_HELP_STRING([--enable-libelogind[=@<:@auto/yes/no@:>@]], [Use libelogind (auto/yes/no)])],
-+ [enable_libelogind=$enableval],
-+ [enable_libelogind=auto])
-+if test "$enable_libelogind" != "no"; then
-+ PKG_CHECK_MODULES([LIBELOGIND],
-+ [libelogind],
-+ [have_libelogind=yes],
-+ [have_libelogind=no])
-+ if test "$have_libelogind" = "yes"; then
-+ SESSION_TRACKING=libelogind
-+ AC_DEFINE([HAVE_LIBELOGIND], 1, [Define to 1 if libelogind is available])
-+ save_LIBS=$LIBS
-+ LIBS=$LIBELOGIND_LIBS
-+ AC_CHECK_FUNCS(sd_uid_get_display)
-+ LIBS=$save_LIBS
-+ else
-+ if test "$enable_libelogind" = "yes"; then
-+ AC_MSG_ERROR([libelogind support requested but libelogind not found])
-+ fi
-+ fi
-+fi
-
- AS_IF([test "x$cross_compiling" != "xyes" ], [
- AS_IF([test "$have_libsystemd" = "yes"], [
-@@ -245,6 +245,10 @@
- AC_SUBST(LIBSYSTEMD_LIBS)
- AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
-
-+AC_SUBST(LIBELOGIND_CFLAGS)
-+AC_SUBST(LIBELOGIND_LIBS)
-+AM_CONDITIONAL(HAVE_LIBELOGIND, [test "$have_libelogind" = "yes"], [Using libelogind])
-+
- dnl ---------------------------------------------------------------------------
- dnl - systemd unit / service files
- dnl ---------------------------------------------------------------------------
---- a/src/polkitbackend/Makefile.am 2016-11-04 04:40:46.930116006 +0100
-+++ b/src/polkitbackend/Makefile.am 2016-11-04 04:42:14.586114436 +0100
-@@ -42,21 +42,28 @@
- libpolkit_backend_1_la_SOURCES += \
- polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c
- else
-+if HAVE_LIBELOGIND
-+libpolkit_backend_1_la_SOURCES += \
-+ polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c
-+else
- libpolkit_backend_1_la_SOURCES += \
- polkitbackendsessionmonitor.h polkitbackendsessionmonitor.c
- endif
-+endif
-
- libpolkit_backend_1_la_CFLAGS = \
- -D_POLKIT_COMPILATION \
- -D_POLKIT_BACKEND_COMPILATION \
- $(GLIB_CFLAGS) \
- $(LIBSYSTEMD_CFLAGS) \
-+ $(LIBELOGIND_CFLAGS) \
- $(LIBJS_CFLAGS) \
- $(NULL)
-
- libpolkit_backend_1_la_LIBADD = \
- $(GLIB_LIBS) \
- $(LIBSYSTEMD_LIBS) \
-+ $(LIBELOGIND_LIBS) \
- $(top_builddir)/src/polkit/libpolkit-gobject-1.la \
- $(EXPAT_LIBS) \
- $(LIBJS_LIBS) \
---- a/src/polkit/Makefile.am 2016-11-04 04:41:02.756115723 +0100
-+++ b/src/polkit/Makefile.am 2016-11-04 04:42:49.428113812 +0100
-@@ -85,19 +85,26 @@
- libpolkit_gobject_1_la_SOURCES += \
- polkitunixsession-systemd.c polkitunixsession.h
- else
-+if HAVE_LIBELOGIND
-+libpolkit_gobject_1_la_SOURCES += \
-+ polkitunixsession-systemd.c polkitunixsession.h
-+else
- libpolkit_gobject_1_la_SOURCES += \
- polkitunixsession.c polkitunixsession.h
- endif
-+endif
-
- libpolkit_gobject_1_la_CFLAGS = \
- -D_POLKIT_COMPILATION \
- $(GLIB_CFLAGS) \
- $(LIBSYSTEMD_CFLAGS) \
-+ $(LIBELOGIND_CFLAGS) \
- $(NULL)
-
- libpolkit_gobject_1_la_LIBADD = \
- $(GLIB_LIBS) \
- $(LIBSYSTEMD_LIBS) \
-+ $(LIBELOGIND_LIBS) \
- $(NULL)
-
- libpolkit_gobject_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
---- a/src/polkitbackend/polkitbackendjsauthority.c 2017-06-27 09:22:03.375841040 +0200
-+++ b/src/polkitbackend/polkitbackendjsauthority.c 2017-06-27 09:25:33.815845141 +0200
-@@ -39,6 +39,10 @@
- #include <systemd/sd-login.h>
- #endif /* HAVE_LIBSYSTEMD */
-
-+#ifdef HAVE_LIBELOGIND
-+#include <elogind/sd-login.h>
-+#endif /* HAVE_LIBELOGIND */
-+
- #include <jsapi.h>
-
- #include "initjs.h" /* init.js */
-@@ -793,7 +797,7 @@
- g_assert_not_reached ();
- }
-
--#ifdef HAVE_LIBSYSTEMD
-+#if defined(HAVE_LIBSYSTEMD) || defined(HAVE_LIBELOGIND)
- if (sd_pid_get_session (pid, &session_str) == 0)
- {
- if (sd_session_get_seat (session_str, &seat_str) == 0)
-@@ -801,7 +805,7 @@
- /* do nothing */
- }
- }
--#endif /* HAVE_LIBSYSTEMD */
-+#endif /* HAVE_LIBSYSTEMD or HAVE_LIBELOGIND */
-
- g_assert (POLKIT_IS_UNIX_USER (user_for_subject));
- uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_for_subject));
---- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2016-11-04 04:44:29.650112018 +0100
-+++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2016-11-04 04:46:52.718109455 +0100
-@@ -25,7 +25,11 @@
- #include <grp.h>
- #include <string.h>
- #include <glib/gstdio.h>
-+#ifdef HAVE_LIBSYSTEMD
- #include <systemd/sd-login.h>
-+#else
-+#include <elogind/sd-login.h>
-+#endif /* HAVE_LIBSYSTEMD versus HAVE_LIBELOGIND */
- #include <stdlib.h>
-
- #include <polkit/polkit.h>
---- a/src/polkit/polkitunixsession-systemd.c 2016-11-04 04:44:29.651112017 +0100
-+++ b/src/polkit/polkitunixsession-systemd.c 2016-11-04 04:47:07.160109197 +0100
-@@ -30,7 +30,11 @@
- #include "polkiterror.h"
- #include "polkitprivate.h"
-
-+#ifdef HAVE_LIBSYSTEMD
- #include <systemd/sd-login.h>
-+#else
-+#include <elogind/sd-login.h>
-+#endif /* HAVE_LIBSYSTEMD versus HAVE_ELOGIND */
-
- /**
- * SECTION:polkitunixsession
diff --git a/sys-auth/polkit/polkit-0.113-r4.ebuild b/sys-auth/polkit/polkit-0.113-r4.ebuild
deleted file mode 100644
index 0774d77fbe0..00000000000
--- a/sys-auth/polkit/polkit-0.113-r4.ebuild
+++ /dev/null
@@ -1,137 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools pam pax-utils systemd user xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit"
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86"
-IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test"
-
-REQUIRED_USE="?? ( elogind systemd )"
-
-CDEPEND="
- dev-lang/spidermonkey:0/mozjs185[-debug]
- dev-libs/glib:2
- dev-libs/expat
- elogind? ( sys-auth/elogind )
- introspection? ( dev-libs/gobject-introspection )
- pam? (
- sys-auth/pambase
- virtual/pam
- )
- systemd? ( sys-apps/systemd:0= )
-"
-DEPEND="${CDEPEND}
- app-text/docbook-xml-dtd:4.1.2
- app-text/docbook-xsl-stylesheets
- dev-libs/gobject-introspection-common
- dev-libs/libxslt
- dev-util/glib-utils
- dev-util/gtk-doc-am
- dev-util/intltool
- sys-devel/gettext
- virtual/pkgconfig
-"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- >=lxde-base/lxsession-0.5.2
- ) )
- kde? ( kde-plasma/polkit-kde-agent )
- !systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-PATCHES=( "${FILESDIR}"/${P}-elogind.patch )
-
-QA_MULTILIB_PATHS="
- usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
-
-pkg_setup() {
- local u=polkitd
- local g=polkitd
- local h=/var/lib/polkit-1
-
- enewgroup ${g}
- enewuser ${u} -1 -1 ${h} ${g}
- esethome ${u} ${h}
-}
-
-src_prepare() {
- default
-
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
-
- # Workaround upstream hack around standard gtk-doc behavior, bug #552170
- sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
- -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
- -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
- docs/polkit/Makefile.in || die
-
- # disable broken test - bug #624022
- sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
-
- # Fix cross-building, bug #590764, elogind patch, bug #598615
- eautoreconf
-}
-
-src_configure() {
- xdg_environment_reset
-
- econf \
- --localstatedir="${EPREFIX}"/var \
- --disable-static \
- --enable-man-pages \
- --disable-gtk-doc \
- --disable-examples \
- --with-mozjs=mozjs185 \
- $(use_enable elogind libelogind) \
- $(use_enable introspection) \
- $(use_enable nls) \
- $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \
- --with-authfw=$(usex pam pam shadow) \
- $(use_enable systemd libsystemd-login) \
- --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
- $(use_enable test) \
- --with-os-type=gentoo
-}
-
-src_compile() {
- default
-
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
- default
-
- fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
-
- diropts -m0700 -o polkitd -g polkitd
- keepdir /var/lib/polkit-1
-
- if use examples; then
- insinto /usr/share/doc/${PF}/examples
- doins src/examples/{*.c,*.policy*}
- fi
-
- find "${D}" -name '*.la' -delete || die
-}
-
-pkg_postinst() {
- chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
-}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2022-01-19 19:08 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2022-01-19 19:08 UTC (permalink / raw
To: gentoo-commits
commit: c1afa82590f689552afd2a242557a250f7a83cba
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 19 19:06:56 2022 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Jan 19 19:06:56 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1afa825
sys-auth/polkit: fix build with meson-0.61
Closes: https://bugs.gentoo.org/831459
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-auth/polkit/files/polkit-0.120-meson.patch | 42 ++++++++++++++++++++++++++
sys-auth/polkit/polkit-0.120-r1.ebuild | 5 ++-
2 files changed, 46 insertions(+), 1 deletion(-)
diff --git a/sys-auth/polkit/files/polkit-0.120-meson.patch b/sys-auth/polkit/files/polkit-0.120-meson.patch
new file mode 100644
index 000000000000..5e144688d374
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120-meson.patch
@@ -0,0 +1,42 @@
+From e7f3d9e8341df64e2abc3910dafb1113a84bff07 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Mon, 25 Oct 2021 20:21:27 +0100
+Subject: [PATCH] Don't pass positional parameters to i18n.merge_file
+
+These were always ignored, and Meson 0.60.0 disallowed them.
+
+Resolves: https://gitlab.freedesktop.org/polkit/polkit/-/issues/160
+Reference: https://github.com/mesonbuild/meson/pull/9445
+Signed-off-by: Simon McVittie <smcv@debian.org>
+---
+ actions/meson.build | 1 -
+ src/examples/meson.build | 1 -
+ 2 files changed, 2 deletions(-)
+
+diff --git a/actions/meson.build b/actions/meson.build
+index 2abaaf3..1e3f370 100644
+--- a/actions/meson.build
++++ b/actions/meson.build
+@@ -1,7 +1,6 @@
+ policy = 'org.freedesktop.policykit.policy'
+
+ i18n.merge_file(
+- policy,
+ input: policy + '.in',
+ output: '@BASENAME@',
+ po_dir: po_dir,
+diff --git a/src/examples/meson.build b/src/examples/meson.build
+index c6305ab..8c18de5 100644
+--- a/src/examples/meson.build
++++ b/src/examples/meson.build
+@@ -1,7 +1,6 @@
+ policy = 'org.freedesktop.policykit.examples.pkexec.policy'
+
+ i18n.merge_file(
+- policy,
+ input: policy + '.in',
+ output: '@BASENAME@',
+ po_dir: po_dir,
+--
+GitLab
+
diff --git a/sys-auth/polkit/polkit-0.120-r1.ebuild b/sys-auth/polkit/polkit-0.120-r1.ebuild
index 0f0f2900683f..3ec998fa6f02 100644
--- a/sys-auth/polkit/polkit-0.120-r1.ebuild
+++ b/sys-auth/polkit/polkit-0.120-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -61,6 +61,9 @@ QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkitd"
src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}/polkit-0.120-meson.patch"
+ )
default
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2022-05-04 2:33 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2022-05-04 2:33 UTC (permalink / raw
To: gentoo-commits
commit: 7bb73255629cc4999ff198fda276d593657609b8
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed May 4 02:32:40 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed May 4 02:32:40 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bb73255
sys-auth/polkit: backport pkexec help/version fix (fixes gparted)
Closes: https://bugs.gentoo.org/827884
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/polkit-0.120_p20220221-pkexec-suid.patch | 67 +++++++++++
sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild | 129 +++++++++++++++++++++
2 files changed, 196 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.120_p20220221-pkexec-suid.patch b/sys-auth/polkit/files/polkit-0.120_p20220221-pkexec-suid.patch
new file mode 100644
index 000000000000..959656b158a1
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120_p20220221-pkexec-suid.patch
@@ -0,0 +1,67 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/7d4b52c4d71c46049d87a0775de695ea914f3f1b
+https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/113
+https://bugs.gentoo.org/827884
+
+From: Matt Turner <mattst88@gmail.com>
+Date: Tue, 3 May 2022 12:54:37 +0000
+Subject: [PATCH] pkexec: Allow --version and --help even if not setuid root
+
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -514,27 +514,6 @@ main (int argc, char *argv[])
+ /* Disable remote file access from GIO. */
+ setenv ("GIO_USE_VFS", "local", 1);
+
+- /* check for correct invocation */
+- if (geteuid () != 0)
+- {
+- g_printerr ("pkexec must be setuid root\n");
+- goto out;
+- }
+-
+- original_user_name = g_strdup (g_get_user_name ());
+- if (original_user_name == NULL)
+- {
+- g_printerr ("Error getting user name.\n");
+- goto out;
+- }
+-
+- if ((original_cwd = g_get_current_dir ()) == NULL)
+- {
+- g_printerr ("Error getting cwd: %s\n",
+- g_strerror (errno));
+- goto out;
+- }
+-
+ /* First process options and find the command-line to invoke. Avoid using fancy library routines
+ * that depend on environtment variables since we haven't cleared the environment just yet.
+ */
+@@ -595,6 +574,27 @@ main (int argc, char *argv[])
+ goto out;
+ }
+
++ /* check for correct invocation */
++ if (geteuid () != 0)
++ {
++ g_printerr ("pkexec must be setuid root\n");
++ goto out;
++ }
++
++ original_user_name = g_strdup (g_get_user_name ());
++ if (original_user_name == NULL)
++ {
++ g_printerr ("Error getting user name.\n");
++ goto out;
++ }
++
++ if ((original_cwd = g_get_current_dir ()) == NULL)
++ {
++ g_printerr ("Error getting cwd: %s\n",
++ g_strerror (errno));
++ goto out;
++ }
++
+ if (opt_user == NULL)
+ opt_user = g_strdup ("root");
+
+GitLab
diff --git a/sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild b/sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild
new file mode 100644
index 000000000000..a1b8221ce450
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit meson pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+if [[ ${PV} == *_p* ]] ; then
+ MY_COMMIT="b10a1bdb697045db40774f2a9a8c58ae5c7189c3"
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
+ S="${WORKDIR}"/${PN}-${MY_COMMIT}
+else
+ SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+fi
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"
+#RESTRICT="!test? ( test )"
+# Tests currently don't work with meson. See
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+RESTRICT="test"
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+ dev-libs/glib:2
+ dev-libs/expat
+ duktape? ( dev-lang/duktape:= )
+ !duktape? ( dev-lang/spidermonkey:91[-debug] )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+ !systemd? ( sys-auth/elogind )
+"
+RDEPEND="${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+ local PATCHES=(
+ # musl
+ "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
+ # In next release
+ "${FILESDIR}"/${P}-pkexec-suid.patch
+
+ # Pending upstream
+ "${FILESDIR}"/${PN}-0.120-meson.patch
+ )
+
+ default
+
+ # bug #401513
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local emesonargs=(
+ --localstatedir="${EPREFIX}"/var
+ -Dauthfw="$(usex pam pam shadow)"
+ -Dexamples=false
+ -Dgtk_doc=false
+ -Dman=true
+ -Dos_type=gentoo
+ -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+ -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+ -Djs_engine=$(usex duktape duktape mozjs)
+ $(meson_use introspection)
+ $(meson_use test tests)
+ $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+ )
+ meson_src_configure
+}
+
+src_compile() {
+ meson_src_compile
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ meson_src_install
+
+ if use examples ; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ diropts -m 0700 -o polkitd
+ keepdir /usr/share/polkit-1/rules.d
+}
+
+pkg_postinst() {
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2022-05-11 5:26 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2022-05-11 5:26 UTC (permalink / raw
To: gentoo-commits
commit: 99b60e69496c865e2b8103804b45ecf92c02fb94
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed May 11 05:21:33 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed May 11 05:26:11 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99b60e69
sys-auth/polkit: add 0.120_p20220509 (unkeyworded)
Unkeyworded for now until tomorrow probably. (Nothing major changed
but it's late/early and I don't want to take a risk and then go to bed.)
(In terms of the snapshot, the only notable things are that upstream
dropped autotools, but we were using meson for a little while now anyway,
and a bunch of the patches we were including to a previous snapshot
are now rolled into this one.)
I'd not bothered looking much into the test situation given the bug
flagged in the ebuild (the dist tarballs don't contain the test
dependencies needed and they don't use meson subprojects so we
can't provide them ourselves either)
... but a bug (with a dodgy premise -- because you shouldn't be
setting USE=test manually anyway; RESTRICT="test" is currently in ebuild anyhow)
exposed the fact that if you _do_ try to run tests right now, they end up
failing because of our musl patch which still includes config.h even though
we're doing a meson build.
So, a double win:
1. Tests are now wired up and run for snapshots at least! Yay!
2. Our musl patch is now cleaner and ready for another attempt
at upstream submission.
Closes: https://bugs.gentoo.org/843647
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-auth/polkit/Manifest | 1 +
..._p20220509-make-netgroup-support-optional.patch | 231 +++++++++++++++++++++
sys-auth/polkit/polkit-0.120_p20220509.ebuild | 146 +++++++++++++
3 files changed, 378 insertions(+)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 8d52dd5e300f..36f72ccb57f8 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,3 +1,4 @@
DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70
DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B 412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c SHA512 15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f
+DIST polkit-0.120_p20220509.tar.bz2 702995 BLAKE2B 5eee6c5c895f95a1caa037cb7cc7ace86584013455142a8f7cd1e97c99de5d99575a70be525fb596342949f7c6ed56bd54cce6552132153bb1383377722f9e5c SHA512 24136d215d760d3eaff910495b2b1ac2d6bbc4577bd65566ff425485e76625aea2478ab323048c24ba6560ffee8eae6d22fa6b7bba0a3a5a35f53dc50d8dcb4f
diff --git a/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch
new file mode 100644
index 000000000000..2922b8606648
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch
@@ -0,0 +1,231 @@
+Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch.
+
+https://bugs.gentoo.org/833753
+https://bugs.gentoo.org/561672
+https://bugs.freedesktop.org/show_bug.cgi?id=50145
+https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
+
+Patch has been rebased a bit since but keeping original headers.
+
+From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Wed, 11 Jul 2018 04:54:26 -0500
+Subject: [PATCH] make netgroup support optional
+
+On at least Linux/musl and Linux/uclibc, netgroup support is not
+available. PolKit fails to compile on these systems for that reason.
+
+This change makes netgroup support conditional on the presence of the
+setnetgrent(3) function which is required for the support to work. If
+that function is not available on the system, an error will be returned
+to the administrator if unix-netgroup: is specified in configuration.
+
+Fixes bug 50145.
+
+Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
+--- a/meson.build
++++ b/meson.build
+@@ -89,6 +89,7 @@ config_h.set('_GNU_SOURCE', true)
+ check_functions = [
+ 'clearenv',
+ 'fdatasync',
++ 'setnetgrent',
+ ]
+
+ foreach func: check_functions
+--- a/src/polkit/polkitidentity.c
++++ b/src/polkit/polkitidentity.c
+@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
+ }
+ else if (g_str_has_prefix (str, "unix-netgroup:"))
+ {
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine ('%s')",
++ str);
++#else
+ identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
++#endif
+ }
+
+ if (identity == NULL && (error != NULL && *error == NULL))
+@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ GVariant *v;
+ const char *name;
+
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine");
++ goto out;
++#else
++
+ v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
+ if (v == NULL)
+ {
+@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ name = g_variant_get_string (v, NULL);
+ ret = polkit_unix_netgroup_new (name);
+ g_variant_unref (v);
++#endif
+ }
+ else
+ {
+--- a/src/polkit/polkitunixnetgroup.c
++++ b/src/polkit/polkitunixnetgroup.c
+@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
+ PolkitIdentity *
+ polkit_unix_netgroup_new (const gchar *name)
+ {
++#ifndef HAVE_SETNETGRENT
++ g_assert_not_reached();
++#endif
+ g_return_val_if_fail (name != NULL, NULL);
+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
+ "name", name,
+--- a/src/polkitbackend/polkitbackendduktapeauthority.c
++++ b/src/polkitbackend/polkitbackendduktapeauthority.c
+@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
+
+ user = duk_require_string (cx, 0);
+ netgroup = duk_require_string (cx, 1);
+-
++#ifdef HAVE_SETNETGRENT
+ if (innetgr (netgroup,
+ NULL, /* host */
+ user,
+@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
+ {
+ is_in_netgroup = TRUE;
+ }
+-
++#endif
+ duk_push_boolean (cx, is_in_netgroup);
+ return 1;
+ }
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -2248,25 +2248,26 @@ get_users_in_net_group (PolkitIdentity *group,
+ GList *ret;
+
+ ret = NULL;
++#ifdef HAVE_SETNETGRENT
+ name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
+
+-#ifdef HAVE_SETNETGRENT_RETURN
++# ifdef HAVE_SETNETGRENT_RETURN
+ if (setnetgrent (name) == 0)
+ {
+ g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
+ goto out;
+ }
+-#else
++# else
+ setnetgrent (name);
+-#endif
++# endif /* HAVE_SETNETGRENT_RETURN */
+
+ for (;;)
+ {
+-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
+ const char *hostname, *username, *domainname;
+-#else
++# else
+ char *hostname, *username, *domainname;
+-#endif
++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
+ PolkitIdentity *user;
+ GError *error = NULL;
+
+@@ -2297,6 +2298,7 @@ get_users_in_net_group (PolkitIdentity *group,
+
+ out:
+ endnetgrent ();
++#endif /* HAVE_SETNETGRENT */
+ return ret;
+ }
+
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -1271,6 +1271,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+
+ JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
+
++#ifdef HAVE_SETNETGRENT
+ JS::RootedString usrstr (authority->priv->cx);
+ usrstr = args[0].toString();
+ user = JS_EncodeStringToUTF8 (cx, usrstr);
+@@ -1285,6 +1286,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+ {
+ is_in_netgroup = true;
+ }
++#endif
+
+ ret = true;
+
+--- a/test/polkit/polkitidentitytest.c
++++ b/test/polkit/polkitidentitytest.c
+@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = {
+ {"unix-group:root", "unix-group:jane", FALSE},
+ {"unix-group:jane", "unix-group:jane", TRUE},
+
++#ifdef HAVE_SETNETGRENT
+ {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
+ {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
++#endif
+
+ {"unix-user:root", "unix-group:root", FALSE},
++#ifdef HAVE_SETNETGRENT
+ {"unix-user:jane", "unix-netgroup:foo", FALSE},
++#endif
+
+ {NULL},
+ };
+@@ -181,11 +185,13 @@ main (int argc, char *argv[])
+ g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
+ g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
+
++#ifdef HAVE_SETNETGRENT
+ g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
++#endif
+
+ g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
+ g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
+- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
+
+ add_comparison_tests ();
+
+--- a/test/polkit/polkitunixnetgrouptest.c
++++ b/test/polkit/polkitunixnetgrouptest.c
+@@ -69,7 +69,9 @@ int
+ main (int argc, char *argv[])
+ {
+ g_test_init (&argc, &argv, NULL);
++#ifdef HAVE_SETNETGRENT
+ g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
+ g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
++#endif
+ return g_test_run ();
+ }
+--- a/test/polkitbackend/test-polkitbackendjsauthority.c
++++ b/test/polkitbackend/test-polkitbackendjsauthority.c
+@@ -137,12 +137,14 @@ test_get_admin_identities (void)
+ "unix-group:users"
+ }
+ },
++#ifdef HAVE_SETNETGRENT
+ {
+ "net.company.action3",
+ {
+ "unix-netgroup:foo"
+ }
+ },
++#endif
+ };
+ guint n;
+
diff --git a/sys-auth/polkit/polkit-0.120_p20220509.ebuild b/sys-auth/polkit/polkit-0.120_p20220509.ebuild
new file mode 100644
index 000000000000..5f6838c29981
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.120_p20220509.ebuild
@@ -0,0 +1,146 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{8..10} )
+inherit meson pam pax-utils python-any-r1 systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+if [[ ${PV} == *_p* ]] ; then
+ # Upstream don't make releases very often. Test snapshots throughly
+ # and review commits, but don't shy away if there's useful stuff there
+ # we want.
+ MY_COMMIT="c5c6b784221b9dc054548c15e94719c4e961a7f2"
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
+
+ S="${WORKDIR}"/${PN}-${MY_COMMIT}
+else
+ SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+fi
+
+LICENSE="LGPL-2"
+SLOT="0"
+#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"
+if [[ ${PV} == *_p* ]] ; then
+ RESTRICT="!test? ( test )"
+else
+ # Tests currently don't work with meson in the dist tarballs. See
+ # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+ RESTRICT="test"
+fi
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+ test? (
+ $(python_gen_any_dep '
+ dev-python/dbus-python[${PYTHON_USEDEP}]
+ dev-python/python-dbusmock[${PYTHON_USEDEP}]
+ ')
+ )
+"
+DEPEND="
+ dev-libs/glib:2
+ dev-libs/expat
+ duktape? ( dev-lang/duktape:= )
+ !duktape? ( dev-lang/spidermonkey:91[-debug] )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+ !systemd? ( sys-auth/elogind )
+"
+RDEPEND="${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING.md NEWS.md README.md )
+
+QA_MULTILIB_PATHS="usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+python_check_deps() {
+ python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
+ python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+ local PATCHES=(
+ # musl
+ "${FILESDIR}"/${PN}-0.120_p20220509-make-netgroup-support-optional.patch
+ )
+
+ default
+
+ # bug #401513
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local emesonargs=(
+ --localstatedir="${EPREFIX}"/var
+ -Dauthfw="$(usex pam pam shadow)"
+ -Dexamples=false
+ -Dgtk_doc=false
+ -Dman=true
+ -Dos_type=gentoo
+ -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+ -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+ -Djs_engine=$(usex duktape duktape mozjs)
+ $(meson_use introspection)
+ $(meson_use test tests)
+ $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+ )
+ meson_src_configure
+}
+
+src_compile() {
+ meson_src_compile
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ meson_src_install
+
+ if use examples ; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ diropts -m 0700 -o polkitd
+ keepdir /usr/share/polkit-1/rules.d
+}
+
+pkg_postinst() {
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2022-12-07 13:23 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2022-12-07 13:23 UTC (permalink / raw
To: gentoo-commits
commit: 57c54478ee91f5dd76c0d0a47f93b160bb0b49c3
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 7 13:20:34 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Dec 7 13:20:41 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=57c54478
sys-auth/polkit: fix install w/ USE=-daemon
Closes: https://bugs.gentoo.org/884701
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/polkit-122-libs-only-postinstall.patch | 39 ++++++++++++++++++++++
sys-auth/polkit/polkit-122.ebuild | 7 +++-
2 files changed, 45 insertions(+), 1 deletion(-)
diff --git a/sys-auth/polkit/files/polkit-122-libs-only-postinstall.patch b/sys-auth/polkit/files/polkit-122-libs-only-postinstall.patch
new file mode 100644
index 000000000000..d96b4bc4bde1
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-122-libs-only-postinstall.patch
@@ -0,0 +1,39 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/149
+
+From bef75fb8291b3871894d8ffe19f7242448cdb4a8 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Wed, 7 Dec 2022 13:18:09 +0000
+Subject: [PATCH] meson.build: fix install with libs_only
+
+Bug: https://bugs.gentoo.org/884701
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/meson.build
++++ b/meson.build
+@@ -360,14 +360,17 @@ configure_file(
+ configuration: config_h,
+ )
+
+-meson.add_install_script(
+- 'meson_post_install.py',
+- get_option('bindir'),
+- pk_pkgdatadir,
+- pk_libprivdir,
+- pk_pkgsysconfdir,
+- polkitd_user,
+-)
++
++if not libs_only
++ meson.add_install_script(
++ 'meson_post_install.py',
++ get_option('bindir'),
++ pk_pkgdatadir,
++ pk_libprivdir,
++ pk_pkgsysconfdir,
++ polkitd_user,
++ )
++endif
+
+ output = '\n ' + meson.project_name() + ' ' + meson.project_version() + '\n'
+ output += ' ============\n\n'
+--
+GitLab
diff --git a/sys-auth/polkit/polkit-122.ebuild b/sys-auth/polkit/polkit-122.ebuild
index 249ac83bdeb0..cb84fcb2f9f2 100644
--- a/sys-auth/polkit/polkit-122.ebuild
+++ b/sys-auth/polkit/polkit-122.ebuild
@@ -85,7 +85,12 @@ DOCS=( docs/TODO HACKING.md NEWS.md README.md )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
+ usr/lib/polkit-1/polkitd
+"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-122-libs-only-postinstall.patch
+)
python_check_deps() {
python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2023-03-22 19:47 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2023-03-22 19:47 UTC (permalink / raw
To: gentoo-commits
commit: 09466ad7f8b16bb65af4dc26279c79c1bd58c5b1
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 22 19:05:05 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Mar 22 19:46:32 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09466ad7
sys-auth/polkit: drop 121
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-auth/polkit/Manifest | 1 -
..._p20220509-make-netgroup-support-optional.patch | 231 ---------------------
sys-auth/polkit/polkit-121.ebuild | 152 --------------
3 files changed, 384 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index be9a62f75202..bc135558b202 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,2 +1 @@
-DIST polkit-121.tar.gz 743287 BLAKE2B 6ebda8fc866ef960281ef912a3d3c45572da3ba90a84026e386b78ced8eaadc6cfc0e88d6e5a75133bf99e28041f8b29b236bb0e9666dd1ffc43af2227a5cb2d SHA512 f565027b80f32833c558900b612e089ab25027da5bf9a90c421a292467d4db9a291f6dc9850c4bca8f9ee890d476fd064a643a5f7e28497661ba1e31d4227624
DIST polkit-122.tar.bz2 704972 BLAKE2B 601ed969de816d061a974b07490d64c144940898a75d4e1761462ee1ff0f00686b068298fa6fdc901879d8cd4bea4334c0187aa5bde50acf90728c37e73e21f4 SHA512 a7c0a951bbcdb09899adbc128296c74fc062441e996f4d6a782b214178f0936137e2fdc489eaa86a00599b988711735a5bd9b5c3b93bdb42fb915db9f9b04e26
diff --git a/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch
deleted file mode 100644
index 2922b8606648..000000000000
--- a/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch
+++ /dev/null
@@ -1,231 +0,0 @@
-Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch.
-
-https://bugs.gentoo.org/833753
-https://bugs.gentoo.org/561672
-https://bugs.freedesktop.org/show_bug.cgi?id=50145
-https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
-
-Patch has been rebased a bit since but keeping original headers.
-
-From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001
-From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
-Date: Wed, 11 Jul 2018 04:54:26 -0500
-Subject: [PATCH] make netgroup support optional
-
-On at least Linux/musl and Linux/uclibc, netgroup support is not
-available. PolKit fails to compile on these systems for that reason.
-
-This change makes netgroup support conditional on the presence of the
-setnetgrent(3) function which is required for the support to work. If
-that function is not available on the system, an error will be returned
-to the administrator if unix-netgroup: is specified in configuration.
-
-Fixes bug 50145.
-
-Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
---- a/meson.build
-+++ b/meson.build
-@@ -89,6 +89,7 @@ config_h.set('_GNU_SOURCE', true)
- check_functions = [
- 'clearenv',
- 'fdatasync',
-+ 'setnetgrent',
- ]
-
- foreach func: check_functions
---- a/src/polkit/polkitidentity.c
-+++ b/src/polkit/polkitidentity.c
-@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
- }
- else if (g_str_has_prefix (str, "unix-netgroup:"))
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine ('%s')",
-+ str);
-+#else
- identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
-+#endif
- }
-
- if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- GVariant *v;
- const char *name;
-
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine");
-+ goto out;
-+#else
-+
- v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
- if (v == NULL)
- {
-@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- name = g_variant_get_string (v, NULL);
- ret = polkit_unix_netgroup_new (name);
- g_variant_unref (v);
-+#endif
- }
- else
- {
---- a/src/polkit/polkitunixnetgroup.c
-+++ b/src/polkit/polkitunixnetgroup.c
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
- PolkitIdentity *
- polkit_unix_netgroup_new (const gchar *name)
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_assert_not_reached();
-+#endif
- g_return_val_if_fail (name != NULL, NULL);
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
- "name", name,
---- a/src/polkitbackend/polkitbackendduktapeauthority.c
-+++ b/src/polkitbackend/polkitbackendduktapeauthority.c
-@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
-
- user = duk_require_string (cx, 0);
- netgroup = duk_require_string (cx, 1);
--
-+#ifdef HAVE_SETNETGRENT
- if (innetgr (netgroup,
- NULL, /* host */
- user,
-@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
- {
- is_in_netgroup = TRUE;
- }
--
-+#endif
- duk_push_boolean (cx, is_in_netgroup);
- return 1;
- }
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2248,25 +2248,26 @@ get_users_in_net_group (PolkitIdentity *group,
- GList *ret;
-
- ret = NULL;
-+#ifdef HAVE_SETNETGRENT
- name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
-
--#ifdef HAVE_SETNETGRENT_RETURN
-+# ifdef HAVE_SETNETGRENT_RETURN
- if (setnetgrent (name) == 0)
- {
- g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
- goto out;
- }
--#else
-+# else
- setnetgrent (name);
--#endif
-+# endif /* HAVE_SETNETGRENT_RETURN */
-
- for (;;)
- {
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
- const char *hostname, *username, *domainname;
--#else
-+# else
- char *hostname, *username, *domainname;
--#endif
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
- PolkitIdentity *user;
- GError *error = NULL;
-
-@@ -2297,6 +2298,7 @@ get_users_in_net_group (PolkitIdentity *group,
-
- out:
- endnetgrent ();
-+#endif /* HAVE_SETNETGRENT */
- return ret;
- }
-
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1271,6 +1271,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
-
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
-
-+#ifdef HAVE_SETNETGRENT
- JS::RootedString usrstr (authority->priv->cx);
- usrstr = args[0].toString();
- user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1285,6 +1286,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
- {
- is_in_netgroup = true;
- }
-+#endif
-
- ret = true;
-
---- a/test/polkit/polkitidentitytest.c
-+++ b/test/polkit/polkitidentitytest.c
-@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = {
- {"unix-group:root", "unix-group:jane", FALSE},
- {"unix-group:jane", "unix-group:jane", TRUE},
-
-+#ifdef HAVE_SETNETGRENT
- {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
- {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
-+#endif
-
- {"unix-user:root", "unix-group:root", FALSE},
-+#ifdef HAVE_SETNETGRENT
- {"unix-user:jane", "unix-netgroup:foo", FALSE},
-+#endif
-
- {NULL},
- };
-@@ -181,11 +185,13 @@ main (int argc, char *argv[])
- g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
- g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
-
-+#ifdef HAVE_SETNETGRENT
- g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
-+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-+#endif
-
- g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
- g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
-- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-
- add_comparison_tests ();
-
---- a/test/polkit/polkitunixnetgrouptest.c
-+++ b/test/polkit/polkitunixnetgrouptest.c
-@@ -69,7 +69,9 @@ int
- main (int argc, char *argv[])
- {
- g_test_init (&argc, &argv, NULL);
-+#ifdef HAVE_SETNETGRENT
- g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
- g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
-+#endif
- return g_test_run ();
- }
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -137,12 +137,14 @@ test_get_admin_identities (void)
- "unix-group:users"
- }
- },
-+#ifdef HAVE_SETNETGRENT
- {
- "net.company.action3",
- {
- "unix-netgroup:foo"
- }
- },
-+#endif
- };
- guint n;
-
diff --git a/sys-auth/polkit/polkit-121.ebuild b/sys-auth/polkit/polkit-121.ebuild
deleted file mode 100644
index 781e76f6deb9..000000000000
--- a/sys-auth/polkit/polkit-121.ebuild
+++ /dev/null
@@ -1,152 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..11} )
-inherit meson pam pax-utils python-any-r1 systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-if [[ ${PV} == *_p* ]] ; then
- # Upstream don't make releases very often. Test snapshots throughly
- # and review commits, but don't shy away if there's useful stuff there
- # we want.
- MY_COMMIT=""
- SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
-
- S="${WORKDIR}"/${PN}-${MY_COMMIT}
-else
- SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-
- S="${WORKDIR}"/${PN}-v.${PV}
-fi
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"
-RESTRICT="!test? ( test )"
-
-# This seems to be fixed with 121?
-#if [[ ${PV} == *_p* ]] ; then
-# RESTRICT="!test? ( test )"
-#else
-# # Tests currently don't work with meson in the dist tarballs. See
-# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
-# RESTRICT="test"
-#fi
-
-BDEPEND="
- acct-user/polkitd
- app-text/docbook-xml-dtd:4.1.2
- app-text/docbook-xsl-stylesheets
- dev-libs/glib
- dev-libs/gobject-introspection-common
- dev-libs/libxslt
- dev-util/glib-utils
- sys-devel/gettext
- virtual/pkgconfig
- introspection? ( dev-libs/gobject-introspection )
- test? (
- $(python_gen_any_dep '
- dev-python/dbus-python[${PYTHON_USEDEP}]
- dev-python/python-dbusmock[${PYTHON_USEDEP}]
- ')
- )
-"
-DEPEND="
- dev-libs/glib:2
- dev-libs/expat
- duktape? ( dev-lang/duktape:= )
- !duktape? ( dev-lang/spidermonkey:91[-debug] )
- pam? (
- sys-auth/pambase
- sys-libs/pam
- )
- !pam? ( virtual/libcrypt:= )
- systemd? ( sys-apps/systemd:0=[policykit] )
- !systemd? ( sys-auth/elogind )
-"
-RDEPEND="${DEPEND}
- acct-user/polkitd
- selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- >=lxde-base/lxsession-0.5.2
- ) )
- kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING.md NEWS.md README.md )
-
-QA_MULTILIB_PATHS="
- usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
-
-python_check_deps() {
- python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
- python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
- use test && python-any-r1_pkg_setup
-}
-
-src_prepare() {
- local PATCHES=(
- # musl
- "${FILESDIR}"/${PN}-0.120_p20220509-make-netgroup-support-optional.patch
- )
-
- default
-
- # bug #401513
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
-}
-
-src_configure() {
- xdg_environment_reset
-
- local emesonargs=(
- --localstatedir="${EPREFIX}"/var
- -Dauthfw="$(usex pam pam shadow)"
- -Dexamples=false
- -Dgtk_doc=false
- -Dman=true
- -Dos_type=gentoo
- -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
- -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
- -Djs_engine=$(usex duktape duktape mozjs)
- $(meson_use introspection)
- $(meson_use test tests)
- $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
- )
- meson_src_configure
-}
-
-src_compile() {
- meson_src_compile
-
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
- meson_src_install
-
- if use examples ; then
- docinto examples
- dodoc src/examples/{*.c,*.policy*}
- fi
-
- diropts -m 0700 -o polkitd
- keepdir /usr/share/polkit-1/rules.d
-}
-
-pkg_postinst() {
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2023-08-18 10:37 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2023-08-18 10:37 UTC (permalink / raw
To: gentoo-commits
commit: 5c7a27dabebe91c15498ac0c652087576cac36ef
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 18 10:33:29 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug 18 10:33:29 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c7a27da
sys-auth/polkit: add 123
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-auth/polkit/Manifest | 1 +
sys-auth/polkit/files/polkit-123-mozjs-JIT.patch | 36 +++++
.../files/polkit-123-pkexec-uninitialized.patch | 35 +++++
sys-auth/polkit/polkit-123.ebuild | 161 +++++++++++++++++++++
4 files changed, 233 insertions(+)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index bc135558b202..f4ec97d2f7df 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1 +1,2 @@
DIST polkit-122.tar.bz2 704972 BLAKE2B 601ed969de816d061a974b07490d64c144940898a75d4e1761462ee1ff0f00686b068298fa6fdc901879d8cd4bea4334c0187aa5bde50acf90728c37e73e21f4 SHA512 a7c0a951bbcdb09899adbc128296c74fc062441e996f4d6a782b214178f0936137e2fdc489eaa86a00599b988711735a5bd9b5c3b93bdb42fb915db9f9b04e26
+DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6
diff --git a/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch
new file mode 100644
index 000000000000..5b3f2c4a3641
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch
@@ -0,0 +1,36 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb
+
+From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001
+From: Xi Ruoyao <xry111@xry111.site>
+Date: Sat, 29 Jul 2023 17:44:58 +0800
+Subject: [PATCH] jsauthority: mozjs: Disable JIT
+
+The JIT compiling of mozjs needs W/X mapping, but our systemd hardening
+setting does not allow it.
+
+For polkit, security is much more important than the speed running
+Javascript code in rule files, so we should disable JIT.
+
+Fixes #199.
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -56,7 +56,16 @@
+ static class JsInitHelperType
+ {
+ public:
+- JsInitHelperType() { JS_Init(); }
++ JsInitHelperType()
++ {
++ /* Disable JIT because it needs W/X mapping, which is not allowed by
++ * our systemd hardening setting.
++ */
++ JS::DisableJitBackend();
++
++ JS_Init();
++ }
++
+ ~JsInitHelperType() { JS_ShutDown(); }
+ } JsInitHelper;
+
+--
+GitLab
diff --git a/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch
new file mode 100644
index 000000000000..f19560943c43
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch
@@ -0,0 +1,35 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d
+
+From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001
+From: Vincent Mihalkovic <vmihalko@redhat.com>
+Date: Wed, 16 Aug 2023 08:59:55 +0000
+Subject: [PATCH] pkexec: fix uninitialized pointer warning
+
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -53,6 +53,7 @@
+ static gchar *original_user_name = NULL;
+ static gchar *original_cwd;
+ static gchar *command_line = NULL;
++static gchar *cmdline_short = NULL;
+ static struct passwd *pw;
+
+ #ifndef HAVE_CLEARENV
+@@ -508,6 +509,7 @@ main (int argc, char *argv[])
+ path = NULL;
+ exec_argv = NULL;
+ command_line = NULL;
++ cmdline_short = NULL;
+ opt_user = NULL;
+ local_agent_handle = NULL;
+
+@@ -802,7 +804,6 @@ main (int argc, char *argv[])
+ polkit_details_insert (details, "program", path);
+ polkit_details_insert (details, "command_line", command_line);
+
+- gchar *cmdline_short = NULL;
+ cmdline_short = g_strdup(command_line);
+ if (strlen(command_line) > 80)
+ g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ),
+--
+GitLab
diff --git a/sys-auth/polkit/polkit-123.ebuild b/sys-auth/polkit/polkit-123.ebuild
new file mode 100644
index 000000000000..4e688c0a4f23
--- /dev/null
+++ b/sys-auth/polkit/polkit-123.ebuild
@@ -0,0 +1,161 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..11} )
+inherit meson pam pax-utils python-any-r1 systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+if [[ ${PV} == *_p* ]] ; then
+ # Upstream don't make releases very often. Test snapshots throughly
+ # and review commits, but don't shy away if there's useful stuff there
+ # we want.
+ MY_COMMIT=""
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
+
+ S="${WORKDIR}"/${PN}-${MY_COMMIT}
+else
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
+fi
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
+RESTRICT="!test? ( test ) test"
+
+# This seems to be fixed with 121?
+#if [[ ${PV} == *_p* ]] ; then
+# RESTRICT="!test? ( test )"
+#else
+# # Tests currently don't work with meson in the dist tarballs. See
+# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+# RESTRICT="test"
+#fi
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+ test? (
+ $(python_gen_any_dep '
+ dev-python/dbus-python[${PYTHON_USEDEP}]
+ dev-python/python-dbusmock[${PYTHON_USEDEP}]
+ ')
+ )
+"
+DEPEND="
+ dev-libs/glib:2
+ dev-libs/expat
+ daemon? (
+ duktape? ( dev-lang/duktape:= )
+ !duktape? ( dev-lang/spidermonkey:102[-debug] )
+ )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+ !systemd? ( sys-auth/elogind )
+"
+RDEPEND="${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING.md NEWS.md README.md )
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd
+"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-mozjs-JIT.patch
+ "${FILESDIR}"/${P}-pkexec-uninitialized.patch
+)
+
+python_check_deps() {
+ python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
+ python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ # bug #401513
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local emesonargs=(
+ --localstatedir="${EPREFIX}"/var
+ -Dauthfw="$(usex pam pam shadow)"
+ -Dexamples=false
+ -Dgtk_doc=false
+ -Dman=true
+ -Dos_type=gentoo
+ -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+ -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+ -Djs_engine=$(usex duktape duktape mozjs)
+ $(meson_use !daemon libs-only)
+ $(meson_use introspection)
+ $(meson_use test tests)
+ $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+ )
+ meson_src_configure
+}
+
+src_compile() {
+ meson_src_compile
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ meson_src_install
+
+ if use examples ; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ if use daemon; then
+ if [[ ${EUID} == 0 ]]; then
+ diropts -m 0700 -o polkitd
+ fi
+ keepdir /etc/polkit-1/rules.d
+ fi
+}
+
+pkg_postinst() {
+ if use daemon && [[ ${EUID} == 0 ]]; then
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ fi
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2024-10-29 5:13 Eli Schwartz
0 siblings, 0 replies; 12+ messages in thread
From: Eli Schwartz @ 2024-10-29 5:13 UTC (permalink / raw
To: gentoo-commits
commit: 07c1bb5ac22dad448c0c1e00e88b1f33aa1289e9
Author: Eli Schwartz <eschwartz <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 27 23:49:43 2024 +0000
Commit: Eli Schwartz <eschwartz <AT> gentoo <DOT> org>
CommitDate: Tue Oct 29 05:09:03 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07c1bb5a
sys-auth/polkit: fix feature detection reliant on K&R C
Closes: https://bugs.gentoo.org/938870
Signed-off-by: Eli Schwartz <eschwartz <AT> gentoo.org>
.../8cf58abef12e61f369af3f583af349b0e086ba27.patch | 58 ++++++++
sys-auth/polkit/polkit-125-r1.ebuild | 159 +++++++++++++++++++++
2 files changed, 217 insertions(+)
diff --git a/sys-auth/polkit/files/8cf58abef12e61f369af3f583af349b0e086ba27.patch b/sys-auth/polkit/files/8cf58abef12e61f369af3f583af349b0e086ba27.patch
new file mode 100644
index 000000000000..44a6958eb493
--- /dev/null
+++ b/sys-auth/polkit/files/8cf58abef12e61f369af3f583af349b0e086ba27.patch
@@ -0,0 +1,58 @@
+From 8cf58abef12e61f369af3f583af349b0e086ba27 Mon Sep 17 00:00:00 2001
+From: Eli Schwartz <eschwartz@gentoo.org>
+Date: Sun, 20 Oct 2024 15:18:55 -0400
+Subject: [PATCH] meson: correctly test for setnetgrent return type
+
+meson doesn't automatically add all project arguments to configure
+checks -- nor incrementally the inline value of all configuration_data
+entries.
+
+But that meant it was missing -D_GNU_SOURCE, as well as a define added
+to config.h itself. As a result, this check failed to detect the
+necessary function definition and failed to link.
+
+```
+Command line: `gcc-14 /var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c -o /var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/output.obj -c -pipe -march=native -fstack-protector-all -O2 -fdiagnostics-color=always -frecord-gcc-switches -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing -Wformat -Werror=format-security -Werror=implicit-function-declaration -Werror=implicit-int -Werror=int-conversion -Werror=incompatible-pointer-types -D_FILE_OFFSET_BITS=64 -O0 -std=c99` -> 1
+stderr:
+/var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c: In function 'main':
+/var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c:9:17: error: implicit declaration of function 'setnetgrent'; did you mean 'setnetent'? [-Wimplicit-function-declaration]
+ 9 | int r = setnetgrent (NULL);
+ | ^~~~~~~~~~~
+ | setnetent
+-----------
+Checking if "setnetgrent return support" compiles: NO
+```
+
+Bug: https://bugs.gentoo.org/938870
+Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>
+---
+ meson.build | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 0800c88..a0b440d 100644
+--- a/meson.build
++++ b/meson.build
+@@ -159,7 +159,8 @@ host_system = host_machine.system()
+ config_data.set('HAVE_' + host_system.to_upper(), true)
+
+ # Check whether setnetgrent has a return value
+-config_data.set('HAVE_NETGROUP_H', cc.has_header('netgroup.h'))
++have_netgroup_h = cc.has_header('netgroup.h')
++config_data.set('HAVE_NETGROUP_H', have_netgroup_h)
+
+ if config_data.get('HAVE_SETNETGRENT', false)
+ setnetgrent_return_src = '''
+@@ -174,7 +175,11 @@ if config_data.get('HAVE_SETNETGRENT', false)
+ };
+ '''
+
+- config_data.set('HAVE_SETNETGRENT_RETURN', cc.compiles(setnetgrent_return_src, name: 'setnetgrent return support'))
++ args = ['-D_GNU_SOURCE']
++ if have_netgroup_h
++ args += '-DHAVE_NETGROUP_H'
++ endif
++ config_data.set('HAVE_SETNETGRENT_RETURN', cc.compiles(setnetgrent_return_src, args: args, name: 'setnetgrent return support'))
+ endif
+
+ # Select wether to use logind, elogind or ConsoleKit for session tracking
diff --git a/sys-auth/polkit/polkit-125-r1.ebuild b/sys-auth/polkit/polkit-125-r1.ebuild
new file mode 100644
index 000000000000..bc29505bda4f
--- /dev/null
+++ b/sys-auth/polkit/polkit-125-r1.ebuild
@@ -0,0 +1,159 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
+if [[ ${PV} == *_p* ]] ; then
+ # Upstream don't make releases very often. Test snapshots throughly
+ # and review commits, but don't shy away if there's useful stuff there
+ # we want.
+ MY_COMMIT=""
+ SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz"
+
+ S="${WORKDIR}"/${PN}-${MY_COMMIT}
+else
+ SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz"
+fi
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
+# Tests restricted b/c of permissions
+RESTRICT="!test? ( test ) test"
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
+ test? (
+ $(python_gen_any_dep '
+ dev-python/dbus-python[${PYTHON_USEDEP}]
+ dev-python/python-dbusmock[${PYTHON_USEDEP}]
+ ')
+ )
+"
+DEPEND="
+ >=dev-libs/glib-2.32:2
+ dev-libs/expat
+ daemon? (
+ duktape? ( dev-lang/duktape:= )
+ !duktape? ( dev-lang/spidermonkey:115[-debug] )
+ )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+ !systemd? ( sys-auth/elogind )
+"
+RDEPEND="
+ ${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING.md NEWS.md README.md )
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd
+"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-musl.patch
+ # fix incorrect feature detection
+ "${FILESDIR}"/8cf58abef12e61f369af3f583af349b0e086ba27.patch
+)
+
+python_check_deps() {
+ python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
+ python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ # bug #401513
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local emesonargs=(
+ --localstatedir="${EPREFIX}"/var
+ -Dauthfw="$(usex pam pam shadow)"
+ -Dexamples=false
+ -Dgtk_doc=false
+ -Dman=true
+ -Dos_type=gentoo
+ -Djs_engine=$(usex duktape duktape mozjs)
+ -Dpam_module_dir=$(getpam_mod_dir)
+ -Dsession_tracking="$(usex systemd logind elogind)"
+ -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(meson_use !daemon libs-only)
+ $(meson_use introspection)
+ $(meson_use test tests)
+ )
+ meson_src_configure
+}
+
+src_compile() {
+ meson_src_compile
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ meson_src_install
+
+ # acct-user/polkitd installs its own (albeit with a different filename)
+ rm -rf "${ED}"/usr/lib/sysusers.d || die
+
+ if use examples ; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ if use daemon; then
+ if [[ ${EUID} == 0 ]]; then
+ diropts -m 0700 -o polkitd
+ fi
+ keepdir /etc/polkit-1/rules.d
+ fi
+}
+
+pkg_postinst() {
+ tmpfiles_process polkit-tmpfiles.conf
+
+ if use daemon && [[ ${EUID} == 0 ]]; then
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ fi
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2024-11-01 14:23 Andreas K. Hüttel
0 siblings, 0 replies; 12+ messages in thread
From: Andreas K. Hüttel @ 2024-11-01 14:23 UTC (permalink / raw
To: gentoo-commits
commit: a8d1fdb294af26b3ba1797886ab9f1e49867ef73
Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 1 14:22:30 2024 +0000
Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Fri Nov 1 14:23:02 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8d1fdb2
sys-auth/polkit: drop 123
Bug: https://bugs.gentoo.org/925440
Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>
sys-auth/polkit/Manifest | 1 -
sys-auth/polkit/files/polkit-123-mozjs-JIT.patch | 36 -----
.../files/polkit-123-pkexec-uninitialized.patch | 35 -----
sys-auth/polkit/polkit-123.ebuild | 162 ---------------------
4 files changed, 234 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 811483f2c10c..a77359f0513e 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,3 +1,2 @@
-DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6
DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc
DIST polkit-125.tar.gz 453652 BLAKE2B 068bd4a7c028a0b4e026a0fdc3a60bd323087282a5c5bd7cbc404dbedb997de63893ce2282e8cd5f01f8d98ff0cc1a46200543a832fa397a4f50ef8d6ba2b28b SHA512 64d85c1557355d6de6483beeb855b74a99dbb30cf9968206dc0aaf147156072ca2604bf667533099ee3972b3eed0421ec0a1ff8bea35a1e4c54da7b9688e0953
diff --git a/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch
deleted file mode 100644
index 5b3f2c4a3641..000000000000
--- a/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb
-
-From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001
-From: Xi Ruoyao <xry111@xry111.site>
-Date: Sat, 29 Jul 2023 17:44:58 +0800
-Subject: [PATCH] jsauthority: mozjs: Disable JIT
-
-The JIT compiling of mozjs needs W/X mapping, but our systemd hardening
-setting does not allow it.
-
-For polkit, security is much more important than the speed running
-Javascript code in rule files, so we should disable JIT.
-
-Fixes #199.
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -56,7 +56,16 @@
- static class JsInitHelperType
- {
- public:
-- JsInitHelperType() { JS_Init(); }
-+ JsInitHelperType()
-+ {
-+ /* Disable JIT because it needs W/X mapping, which is not allowed by
-+ * our systemd hardening setting.
-+ */
-+ JS::DisableJitBackend();
-+
-+ JS_Init();
-+ }
-+
- ~JsInitHelperType() { JS_ShutDown(); }
- } JsInitHelper;
-
---
-GitLab
diff --git a/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch
deleted file mode 100644
index f19560943c43..000000000000
--- a/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d
-
-From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001
-From: Vincent Mihalkovic <vmihalko@redhat.com>
-Date: Wed, 16 Aug 2023 08:59:55 +0000
-Subject: [PATCH] pkexec: fix uninitialized pointer warning
-
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -53,6 +53,7 @@
- static gchar *original_user_name = NULL;
- static gchar *original_cwd;
- static gchar *command_line = NULL;
-+static gchar *cmdline_short = NULL;
- static struct passwd *pw;
-
- #ifndef HAVE_CLEARENV
-@@ -508,6 +509,7 @@ main (int argc, char *argv[])
- path = NULL;
- exec_argv = NULL;
- command_line = NULL;
-+ cmdline_short = NULL;
- opt_user = NULL;
- local_agent_handle = NULL;
-
-@@ -802,7 +804,6 @@ main (int argc, char *argv[])
- polkit_details_insert (details, "program", path);
- polkit_details_insert (details, "command_line", command_line);
-
-- gchar *cmdline_short = NULL;
- cmdline_short = g_strdup(command_line);
- if (strlen(command_line) > 80)
- g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ),
---
-GitLab
diff --git a/sys-auth/polkit/polkit-123.ebuild b/sys-auth/polkit/polkit-123.ebuild
deleted file mode 100644
index b693b926940d..000000000000
--- a/sys-auth/polkit/polkit-123.ebuild
+++ /dev/null
@@ -1,162 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{10..11} )
-inherit meson pam pax-utils python-any-r1 systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
-if [[ ${PV} == *_p* ]] ; then
- # Upstream don't make releases very often. Test snapshots throughly
- # and review commits, but don't shy away if there's useful stuff there
- # we want.
- MY_COMMIT=""
- SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
-
- S="${WORKDIR}"/${PN}-${MY_COMMIT}
-else
- SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
-fi
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
-# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
-RESTRICT="!test? ( test ) test"
-
-# This seems to be fixed with 121?
-#if [[ ${PV} == *_p* ]] ; then
-# RESTRICT="!test? ( test )"
-#else
-# # Tests currently don't work with meson in the dist tarballs. See
-# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
-# RESTRICT="test"
-#fi
-
-BDEPEND="
- acct-user/polkitd
- app-text/docbook-xml-dtd:4.1.2
- app-text/docbook-xsl-stylesheets
- dev-libs/glib
- dev-libs/gobject-introspection-common
- dev-libs/libxslt
- dev-util/glib-utils
- sys-devel/gettext
- virtual/pkgconfig
- introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
- test? (
- $(python_gen_any_dep '
- dev-python/dbus-python[${PYTHON_USEDEP}]
- dev-python/python-dbusmock[${PYTHON_USEDEP}]
- ')
- )
-"
-DEPEND="
- >=dev-libs/glib-2.32:2
- dev-libs/expat
- daemon? (
- duktape? ( dev-lang/duktape:= )
- !duktape? ( dev-lang/spidermonkey:102[-debug] )
- )
- pam? (
- sys-auth/pambase
- sys-libs/pam
- )
- !pam? ( virtual/libcrypt:= )
- systemd? ( sys-apps/systemd:0=[policykit] )
- !systemd? ( sys-auth/elogind )
-"
-RDEPEND="
- ${DEPEND}
- acct-user/polkitd
- selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- >=lxde-base/lxsession-0.5.2
- ) )
- kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING.md NEWS.md README.md )
-
-QA_MULTILIB_PATHS="
- usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd
-"
-
-PATCHES=(
- "${FILESDIR}"/${P}-mozjs-JIT.patch
- "${FILESDIR}"/${P}-pkexec-uninitialized.patch
-)
-
-python_check_deps() {
- python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
- python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
- use test && python-any-r1_pkg_setup
-}
-
-src_prepare() {
- default
-
- # bug #401513
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
-}
-
-src_configure() {
- xdg_environment_reset
-
- local emesonargs=(
- --localstatedir="${EPREFIX}"/var
- -Dauthfw="$(usex pam pam shadow)"
- -Dexamples=false
- -Dgtk_doc=false
- -Dman=true
- -Dos_type=gentoo
- -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
- -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
- -Djs_engine=$(usex duktape duktape mozjs)
- $(meson_use !daemon libs-only)
- $(meson_use introspection)
- $(meson_use test tests)
- $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
- )
- meson_src_configure
-}
-
-src_compile() {
- meson_src_compile
-
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
- meson_src_install
-
- if use examples ; then
- docinto examples
- dodoc src/examples/{*.c,*.policy*}
- fi
-
- if use daemon; then
- if [[ ${EUID} == 0 ]]; then
- diropts -m 0700 -o polkitd
- fi
- keepdir /etc/polkit-1/rules.d
- fi
-}
-
-pkg_postinst() {
- if use daemon && [[ ${EUID} == 0 ]]; then
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- fi
-}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
@ 2024-11-10 13:12 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2024-11-10 13:12 UTC (permalink / raw
To: gentoo-commits
commit: b2f9f5170ef6f65713d7c9e86501a8388d9d8d6f
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 10 13:06:43 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Nov 10 13:06:58 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2f9f517
Revert "sys-auth/polkit: drop 123"
This reverts commit a8d1fdb294af26b3ba1797886ab9f1e49867ef73.
Needed for elogind.
Bug: https://bugs.gentoo.org/923614
Bug: https://bugs.gentoo.org/934314
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-auth/polkit/Manifest | 1 +
sys-auth/polkit/files/polkit-123-mozjs-JIT.patch | 36 +++++
.../files/polkit-123-pkexec-uninitialized.patch | 35 +++++
sys-auth/polkit/polkit-123.ebuild | 162 +++++++++++++++++++++
4 files changed, 234 insertions(+)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index a77359f0513e..811483f2c10c 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,2 +1,3 @@
+DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6
DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc
DIST polkit-125.tar.gz 453652 BLAKE2B 068bd4a7c028a0b4e026a0fdc3a60bd323087282a5c5bd7cbc404dbedb997de63893ce2282e8cd5f01f8d98ff0cc1a46200543a832fa397a4f50ef8d6ba2b28b SHA512 64d85c1557355d6de6483beeb855b74a99dbb30cf9968206dc0aaf147156072ca2604bf667533099ee3972b3eed0421ec0a1ff8bea35a1e4c54da7b9688e0953
diff --git a/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch
new file mode 100644
index 000000000000..5b3f2c4a3641
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch
@@ -0,0 +1,36 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb
+
+From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001
+From: Xi Ruoyao <xry111@xry111.site>
+Date: Sat, 29 Jul 2023 17:44:58 +0800
+Subject: [PATCH] jsauthority: mozjs: Disable JIT
+
+The JIT compiling of mozjs needs W/X mapping, but our systemd hardening
+setting does not allow it.
+
+For polkit, security is much more important than the speed running
+Javascript code in rule files, so we should disable JIT.
+
+Fixes #199.
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -56,7 +56,16 @@
+ static class JsInitHelperType
+ {
+ public:
+- JsInitHelperType() { JS_Init(); }
++ JsInitHelperType()
++ {
++ /* Disable JIT because it needs W/X mapping, which is not allowed by
++ * our systemd hardening setting.
++ */
++ JS::DisableJitBackend();
++
++ JS_Init();
++ }
++
+ ~JsInitHelperType() { JS_ShutDown(); }
+ } JsInitHelper;
+
+--
+GitLab
diff --git a/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch
new file mode 100644
index 000000000000..f19560943c43
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch
@@ -0,0 +1,35 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d
+
+From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001
+From: Vincent Mihalkovic <vmihalko@redhat.com>
+Date: Wed, 16 Aug 2023 08:59:55 +0000
+Subject: [PATCH] pkexec: fix uninitialized pointer warning
+
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -53,6 +53,7 @@
+ static gchar *original_user_name = NULL;
+ static gchar *original_cwd;
+ static gchar *command_line = NULL;
++static gchar *cmdline_short = NULL;
+ static struct passwd *pw;
+
+ #ifndef HAVE_CLEARENV
+@@ -508,6 +509,7 @@ main (int argc, char *argv[])
+ path = NULL;
+ exec_argv = NULL;
+ command_line = NULL;
++ cmdline_short = NULL;
+ opt_user = NULL;
+ local_agent_handle = NULL;
+
+@@ -802,7 +804,6 @@ main (int argc, char *argv[])
+ polkit_details_insert (details, "program", path);
+ polkit_details_insert (details, "command_line", command_line);
+
+- gchar *cmdline_short = NULL;
+ cmdline_short = g_strdup(command_line);
+ if (strlen(command_line) > 80)
+ g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ),
+--
+GitLab
diff --git a/sys-auth/polkit/polkit-123.ebuild b/sys-auth/polkit/polkit-123.ebuild
new file mode 100644
index 000000000000..b693b926940d
--- /dev/null
+++ b/sys-auth/polkit/polkit-123.ebuild
@@ -0,0 +1,162 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..11} )
+inherit meson pam pax-utils python-any-r1 systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
+if [[ ${PV} == *_p* ]] ; then
+ # Upstream don't make releases very often. Test snapshots throughly
+ # and review commits, but don't shy away if there's useful stuff there
+ # we want.
+ MY_COMMIT=""
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
+
+ S="${WORKDIR}"/${PN}-${MY_COMMIT}
+else
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
+fi
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
+IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
+RESTRICT="!test? ( test ) test"
+
+# This seems to be fixed with 121?
+#if [[ ${PV} == *_p* ]] ; then
+# RESTRICT="!test? ( test )"
+#else
+# # Tests currently don't work with meson in the dist tarballs. See
+# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+# RESTRICT="test"
+#fi
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
+ test? (
+ $(python_gen_any_dep '
+ dev-python/dbus-python[${PYTHON_USEDEP}]
+ dev-python/python-dbusmock[${PYTHON_USEDEP}]
+ ')
+ )
+"
+DEPEND="
+ >=dev-libs/glib-2.32:2
+ dev-libs/expat
+ daemon? (
+ duktape? ( dev-lang/duktape:= )
+ !duktape? ( dev-lang/spidermonkey:102[-debug] )
+ )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+ !systemd? ( sys-auth/elogind )
+"
+RDEPEND="
+ ${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING.md NEWS.md README.md )
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd
+"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-mozjs-JIT.patch
+ "${FILESDIR}"/${P}-pkexec-uninitialized.patch
+)
+
+python_check_deps() {
+ python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
+ python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ # bug #401513
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local emesonargs=(
+ --localstatedir="${EPREFIX}"/var
+ -Dauthfw="$(usex pam pam shadow)"
+ -Dexamples=false
+ -Dgtk_doc=false
+ -Dman=true
+ -Dos_type=gentoo
+ -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+ -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+ -Djs_engine=$(usex duktape duktape mozjs)
+ $(meson_use !daemon libs-only)
+ $(meson_use introspection)
+ $(meson_use test tests)
+ $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+ )
+ meson_src_configure
+}
+
+src_compile() {
+ meson_src_compile
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ meson_src_install
+
+ if use examples ; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ if use daemon; then
+ if [[ ${EUID} == 0 ]]; then
+ diropts -m 0700 -o polkitd
+ fi
+ keepdir /etc/polkit-1/rules.d
+ fi
+}
+
+pkg_postinst() {
+ if use daemon && [[ ${EUID} == 0 ]]; then
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ fi
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
end of thread, other threads:[~2024-11-10 13:12 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-05-11 5:26 [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2024-11-10 13:12 Sam James
2024-11-01 14:23 Andreas K. Hüttel
2024-10-29 5:13 Eli Schwartz
2023-08-18 10:37 Sam James
2023-03-22 19:47 Mike Gilbert
2022-12-07 13:23 Sam James
2022-05-04 2:33 Sam James
2022-01-19 19:08 Mike Gilbert
2019-06-09 11:37 Andreas Sturmlechner
2018-12-06 23:11 Mike Gilbert
2016-01-02 10:14 Gilles Dartiguelongue
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox