diff options
Diffstat (limited to 'sys-auth/polkit/files')
10 files changed, 299 insertions, 588 deletions
diff --git a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch deleted file mode 100644 index 8810e70b7378..000000000000 --- a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch +++ /dev/null @@ -1,248 +0,0 @@ -Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch. - -https://bugs.gentoo.org/833753 -https://bugs.gentoo.org/561672 -https://bugs.freedesktop.org/show_bug.cgi?id=50145 -https://gitlab.freedesktop.org/polkit/polkit/-/issues/14 - -Patch has been rebased a bit since but keeping original headers. - -From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001 -From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> -Date: Wed, 11 Jul 2018 04:54:26 -0500 -Subject: [PATCH] make netgroup support optional - -On at least Linux/musl and Linux/uclibc, netgroup support is not -available. PolKit fails to compile on these systems for that reason. - -This change makes netgroup support conditional on the presence of the -setnetgrent(3) function which is required for the support to work. If -that function is not available on the system, an error will be returned -to the administrator if unix-netgroup: is specified in configuration. - -Fixes bug 50145. - -Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com> ---- a/configure.ac -+++ b/configure.ac -@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], - [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) - AC_SUBST(EXPAT_LIBS) - --AC_CHECK_FUNCS(clearenv fdatasync) -+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) - - if test "x$GCC" = "xyes"; then - LDFLAGS="-Wl,--as-needed $LDFLAGS" ---- a/src/polkit/polkitidentity.c -+++ b/src/polkit/polkitidentity.c -@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, - } - else if (g_str_has_prefix (str, "unix-netgroup:")) - { -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine ('%s')", -+ str); -+#else - identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); -+#endif - } - - if (identity == NULL && (error != NULL && *error == NULL)) -@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, - GVariant *v; - const char *name; - -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine"); -+ goto out; -+#else -+ - v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); - if (v == NULL) - { -@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, - name = g_variant_get_string (v, NULL); - ret = polkit_unix_netgroup_new (name); - g_variant_unref (v); -+#endif - } - else - { ---- a/src/polkit/polkitunixnetgroup.c -+++ b/src/polkit/polkitunixnetgroup.c -@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, - PolkitIdentity * - polkit_unix_netgroup_new (const gchar *name) - { -+#ifndef HAVE_SETNETGRENT -+ g_assert_not_reached(); -+#endif - g_return_val_if_fail (name != NULL, NULL); - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, - "name", name, ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, - GList *ret; - - ret = NULL; -+#ifdef HAVE_SETNETGRENT - name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); - --#ifdef HAVE_SETNETGRENT_RETURN -+# ifdef HAVE_SETNETGRENT_RETURN - if (setnetgrent (name) == 0) - { - g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); - goto out; - } --#else -+# else - setnetgrent (name); --#endif -+# endif /* HAVE_SETNETGRENT_RETURN */ - - for (;;) - { --#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) -+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) - const char *hostname, *username, *domainname; --#else -+# else - char *hostname, *username, *domainname; --#endif -+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ - PolkitIdentity *user; - GError *error = NULL; - -@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group, - - out: - endnetgrent (); -+#endif /* HAVE_SETNETGRENT */ - return ret; - } - ---- a/src/polkitbackend/polkitbackendjsauthority.cpp -+++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - - JS::CallArgs args = JS::CallArgsFromVp (argc, vp); - -+#ifdef HAVE_SETNETGRENT - JS::RootedString usrstr (authority->priv->cx); - usrstr = args[0].toString(); - user = JS_EncodeStringToUTF8 (cx, usrstr); -@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - { - is_in_netgroup = true; - } -+#endif - - ret = true; - ---- a/test/polkit/polkitidentitytest.c -+++ b/test/polkit/polkitidentitytest.c -@@ -19,6 +19,7 @@ - * Author: Nikki VonHollen <vonhollen@google.com> - */ - -+#include "config.h" - #include "glib.h" - #include <polkit/polkit.h> - #include <polkit/polkitprivate.h> -@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = { - {"unix-group:root", "unix-group:jane", FALSE}, - {"unix-group:jane", "unix-group:jane", TRUE}, - -+#ifdef HAVE_SETNETGRENT - {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, - {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, -+#endif - - {"unix-user:root", "unix-group:root", FALSE}, -+#ifdef HAVE_SETNETGRENT - {"unix-user:jane", "unix-netgroup:foo", FALSE}, -+#endif - - {NULL}, - }; -@@ -181,11 +186,13 @@ main (int argc, char *argv[]) - g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); - g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); - -+#ifdef HAVE_SETNETGRENT - g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); -+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); -+#endif - - g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); - g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); -- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); - - add_comparison_tests (); - ---- a/test/polkit/polkitunixnetgrouptest.c -+++ b/test/polkit/polkitunixnetgrouptest.c -@@ -19,6 +19,7 @@ - * Author: Nikki VonHollen <vonhollen@google.com> - */ - -+#include "config.h" - #include "glib.h" - #include <polkit/polkit.h> - #include <string.h> -@@ -69,7 +70,9 @@ int - main (int argc, char *argv[]) - { - g_test_init (&argc, &argv, NULL); -+#ifdef HAVE_SETNETGRENT - g_test_add_func ("/PolkitUnixNetgroup/new", test_new); - g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); -+#endif - return g_test_run (); - } ---- a/test/polkitbackend/test-polkitbackendjsauthority.c -+++ b/test/polkitbackend/test-polkitbackendjsauthority.c -@@ -137,12 +137,14 @@ test_get_admin_identities (void) - "unix-group:users" - } - }, -+#ifdef HAVE_SETNETGRENT - { - "net.company.action3", - { - "unix-netgroup:foo" - } - }, -+#endif - }; - guint n; - ---- a/src/polkitbackend/polkitbackendduktapeauthority.c -+++ b/src/polkitbackend/polkitbackendduktapeauthority.c -@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) - - user = duk_require_string (cx, 0); - netgroup = duk_require_string (cx, 1); -- -+#ifdef HAVE_SETNETGRENT - if (innetgr (netgroup, - NULL, /* host */ - user, -@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) - { - is_in_netgroup = TRUE; - } -- -+#endif - duk_push_boolean (cx, is_in_netgroup); - return 1; - } diff --git a/sys-auth/polkit/files/polkit-0.120-meson.patch b/sys-auth/polkit/files/polkit-0.120-meson.patch deleted file mode 100644 index 5e144688d374..000000000000 --- a/sys-auth/polkit/files/polkit-0.120-meson.patch +++ /dev/null @@ -1,42 +0,0 @@ -From e7f3d9e8341df64e2abc3910dafb1113a84bff07 Mon Sep 17 00:00:00 2001 -From: Simon McVittie <smcv@debian.org> -Date: Mon, 25 Oct 2021 20:21:27 +0100 -Subject: [PATCH] Don't pass positional parameters to i18n.merge_file - -These were always ignored, and Meson 0.60.0 disallowed them. - -Resolves: https://gitlab.freedesktop.org/polkit/polkit/-/issues/160 -Reference: https://github.com/mesonbuild/meson/pull/9445 -Signed-off-by: Simon McVittie <smcv@debian.org> ---- - actions/meson.build | 1 - - src/examples/meson.build | 1 - - 2 files changed, 2 deletions(-) - -diff --git a/actions/meson.build b/actions/meson.build -index 2abaaf3..1e3f370 100644 ---- a/actions/meson.build -+++ b/actions/meson.build -@@ -1,7 +1,6 @@ - policy = 'org.freedesktop.policykit.policy' - - i18n.merge_file( -- policy, - input: policy + '.in', - output: '@BASENAME@', - po_dir: po_dir, -diff --git a/src/examples/meson.build b/src/examples/meson.build -index c6305ab..8c18de5 100644 ---- a/src/examples/meson.build -+++ b/src/examples/meson.build -@@ -1,7 +1,6 @@ - policy = 'org.freedesktop.policykit.examples.pkexec.policy' - - i18n.merge_file( -- policy, - input: policy + '.in', - output: '@BASENAME@', - po_dir: po_dir, --- -GitLab - diff --git a/sys-auth/polkit/files/polkit-0.120_p20220221-pkexec-suid.patch b/sys-auth/polkit/files/polkit-0.120_p20220221-pkexec-suid.patch deleted file mode 100644 index 959656b158a1..000000000000 --- a/sys-auth/polkit/files/polkit-0.120_p20220221-pkexec-suid.patch +++ /dev/null @@ -1,67 +0,0 @@ -https://gitlab.freedesktop.org/polkit/polkit/-/commit/7d4b52c4d71c46049d87a0775de695ea914f3f1b -https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/113 -https://bugs.gentoo.org/827884 - -From: Matt Turner <mattst88@gmail.com> -Date: Tue, 3 May 2022 12:54:37 +0000 -Subject: [PATCH] pkexec: Allow --version and --help even if not setuid root - ---- a/src/programs/pkexec.c -+++ b/src/programs/pkexec.c -@@ -514,27 +514,6 @@ main (int argc, char *argv[]) - /* Disable remote file access from GIO. */ - setenv ("GIO_USE_VFS", "local", 1); - -- /* check for correct invocation */ -- if (geteuid () != 0) -- { -- g_printerr ("pkexec must be setuid root\n"); -- goto out; -- } -- -- original_user_name = g_strdup (g_get_user_name ()); -- if (original_user_name == NULL) -- { -- g_printerr ("Error getting user name.\n"); -- goto out; -- } -- -- if ((original_cwd = g_get_current_dir ()) == NULL) -- { -- g_printerr ("Error getting cwd: %s\n", -- g_strerror (errno)); -- goto out; -- } -- - /* First process options and find the command-line to invoke. Avoid using fancy library routines - * that depend on environtment variables since we haven't cleared the environment just yet. - */ -@@ -595,6 +574,27 @@ main (int argc, char *argv[]) - goto out; - } - -+ /* check for correct invocation */ -+ if (geteuid () != 0) -+ { -+ g_printerr ("pkexec must be setuid root\n"); -+ goto out; -+ } -+ -+ original_user_name = g_strdup (g_get_user_name ()); -+ if (original_user_name == NULL) -+ { -+ g_printerr ("Error getting user name.\n"); -+ goto out; -+ } -+ -+ if ((original_cwd = g_get_current_dir ()) == NULL) -+ { -+ g_printerr ("Error getting cwd: %s\n", -+ g_strerror (errno)); -+ goto out; -+ } -+ - if (opt_user == NULL) - opt_user = g_strdup ("root"); - -GitLab diff --git a/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch deleted file mode 100644 index 2922b8606648..000000000000 --- a/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch +++ /dev/null @@ -1,231 +0,0 @@ -Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch. - -https://bugs.gentoo.org/833753 -https://bugs.gentoo.org/561672 -https://bugs.freedesktop.org/show_bug.cgi?id=50145 -https://gitlab.freedesktop.org/polkit/polkit/-/issues/14 - -Patch has been rebased a bit since but keeping original headers. - -From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001 -From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> -Date: Wed, 11 Jul 2018 04:54:26 -0500 -Subject: [PATCH] make netgroup support optional - -On at least Linux/musl and Linux/uclibc, netgroup support is not -available. PolKit fails to compile on these systems for that reason. - -This change makes netgroup support conditional on the presence of the -setnetgrent(3) function which is required for the support to work. If -that function is not available on the system, an error will be returned -to the administrator if unix-netgroup: is specified in configuration. - -Fixes bug 50145. - -Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com> ---- a/meson.build -+++ b/meson.build -@@ -89,6 +89,7 @@ config_h.set('_GNU_SOURCE', true) - check_functions = [ - 'clearenv', - 'fdatasync', -+ 'setnetgrent', - ] - - foreach func: check_functions ---- a/src/polkit/polkitidentity.c -+++ b/src/polkit/polkitidentity.c -@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, - } - else if (g_str_has_prefix (str, "unix-netgroup:")) - { -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine ('%s')", -+ str); -+#else - identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); -+#endif - } - - if (identity == NULL && (error != NULL && *error == NULL)) -@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, - GVariant *v; - const char *name; - -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine"); -+ goto out; -+#else -+ - v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); - if (v == NULL) - { -@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, - name = g_variant_get_string (v, NULL); - ret = polkit_unix_netgroup_new (name); - g_variant_unref (v); -+#endif - } - else - { ---- a/src/polkit/polkitunixnetgroup.c -+++ b/src/polkit/polkitunixnetgroup.c -@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, - PolkitIdentity * - polkit_unix_netgroup_new (const gchar *name) - { -+#ifndef HAVE_SETNETGRENT -+ g_assert_not_reached(); -+#endif - g_return_val_if_fail (name != NULL, NULL); - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, - "name", name, ---- a/src/polkitbackend/polkitbackendduktapeauthority.c -+++ b/src/polkitbackend/polkitbackendduktapeauthority.c -@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) - - user = duk_require_string (cx, 0); - netgroup = duk_require_string (cx, 1); -- -+#ifdef HAVE_SETNETGRENT - if (innetgr (netgroup, - NULL, /* host */ - user, -@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) - { - is_in_netgroup = TRUE; - } -- -+#endif - duk_push_boolean (cx, is_in_netgroup); - return 1; - } ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -2248,25 +2248,26 @@ get_users_in_net_group (PolkitIdentity *group, - GList *ret; - - ret = NULL; -+#ifdef HAVE_SETNETGRENT - name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); - --#ifdef HAVE_SETNETGRENT_RETURN -+# ifdef HAVE_SETNETGRENT_RETURN - if (setnetgrent (name) == 0) - { - g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); - goto out; - } --#else -+# else - setnetgrent (name); --#endif -+# endif /* HAVE_SETNETGRENT_RETURN */ - - for (;;) - { --#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) -+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) - const char *hostname, *username, *domainname; --#else -+# else - char *hostname, *username, *domainname; --#endif -+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ - PolkitIdentity *user; - GError *error = NULL; - -@@ -2297,6 +2298,7 @@ get_users_in_net_group (PolkitIdentity *group, - - out: - endnetgrent (); -+#endif /* HAVE_SETNETGRENT */ - return ret; - } - ---- a/src/polkitbackend/polkitbackendjsauthority.cpp -+++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -1271,6 +1271,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - - JS::CallArgs args = JS::CallArgsFromVp (argc, vp); - -+#ifdef HAVE_SETNETGRENT - JS::RootedString usrstr (authority->priv->cx); - usrstr = args[0].toString(); - user = JS_EncodeStringToUTF8 (cx, usrstr); -@@ -1285,6 +1286,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - { - is_in_netgroup = true; - } -+#endif - - ret = true; - ---- a/test/polkit/polkitidentitytest.c -+++ b/test/polkit/polkitidentitytest.c -@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = { - {"unix-group:root", "unix-group:jane", FALSE}, - {"unix-group:jane", "unix-group:jane", TRUE}, - -+#ifdef HAVE_SETNETGRENT - {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, - {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, -+#endif - - {"unix-user:root", "unix-group:root", FALSE}, -+#ifdef HAVE_SETNETGRENT - {"unix-user:jane", "unix-netgroup:foo", FALSE}, -+#endif - - {NULL}, - }; -@@ -181,11 +185,13 @@ main (int argc, char *argv[]) - g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); - g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); - -+#ifdef HAVE_SETNETGRENT - g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); -+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); -+#endif - - g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); - g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); -- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); - - add_comparison_tests (); - ---- a/test/polkit/polkitunixnetgrouptest.c -+++ b/test/polkit/polkitunixnetgrouptest.c -@@ -69,7 +69,9 @@ int - main (int argc, char *argv[]) - { - g_test_init (&argc, &argv, NULL); -+#ifdef HAVE_SETNETGRENT - g_test_add_func ("/PolkitUnixNetgroup/new", test_new); - g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); -+#endif - return g_test_run (); - } ---- a/test/polkitbackend/test-polkitbackendjsauthority.c -+++ b/test/polkitbackend/test-polkitbackendjsauthority.c -@@ -137,12 +137,14 @@ test_get_admin_identities (void) - "unix-group:users" - } - }, -+#ifdef HAVE_SETNETGRENT - { - "net.company.action3", - { - "unix-netgroup:foo" - } - }, -+#endif - }; - guint n; - diff --git a/sys-auth/polkit/files/polkit-122-libs-only-postinstall.patch b/sys-auth/polkit/files/polkit-122-libs-only-postinstall.patch new file mode 100644 index 000000000000..d96b4bc4bde1 --- /dev/null +++ b/sys-auth/polkit/files/polkit-122-libs-only-postinstall.patch @@ -0,0 +1,39 @@ +https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/149 + +From bef75fb8291b3871894d8ffe19f7242448cdb4a8 Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Wed, 7 Dec 2022 13:18:09 +0000 +Subject: [PATCH] meson.build: fix install with libs_only + +Bug: https://bugs.gentoo.org/884701 +Signed-off-by: Sam James <sam@gentoo.org> +--- a/meson.build ++++ b/meson.build +@@ -360,14 +360,17 @@ configure_file( + configuration: config_h, + ) + +-meson.add_install_script( +- 'meson_post_install.py', +- get_option('bindir'), +- pk_pkgdatadir, +- pk_libprivdir, +- pk_pkgsysconfdir, +- polkitd_user, +-) ++ ++if not libs_only ++ meson.add_install_script( ++ 'meson_post_install.py', ++ get_option('bindir'), ++ pk_pkgdatadir, ++ pk_libprivdir, ++ pk_pkgsysconfdir, ++ polkitd_user, ++ ) ++endif + + output = '\n ' + meson.project_name() + ' ' + meson.project_version() + '\n' + output += ' ============\n\n' +-- +GitLab diff --git a/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch new file mode 100644 index 000000000000..5b3f2c4a3641 --- /dev/null +++ b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch @@ -0,0 +1,36 @@ +https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb + +From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao <xry111@xry111.site> +Date: Sat, 29 Jul 2023 17:44:58 +0800 +Subject: [PATCH] jsauthority: mozjs: Disable JIT + +The JIT compiling of mozjs needs W/X mapping, but our systemd hardening +setting does not allow it. + +For polkit, security is much more important than the speed running +Javascript code in rule files, so we should disable JIT. + +Fixes #199. +--- a/src/polkitbackend/polkitbackendjsauthority.cpp ++++ b/src/polkitbackend/polkitbackendjsauthority.cpp +@@ -56,7 +56,16 @@ + static class JsInitHelperType + { + public: +- JsInitHelperType() { JS_Init(); } ++ JsInitHelperType() ++ { ++ /* Disable JIT because it needs W/X mapping, which is not allowed by ++ * our systemd hardening setting. ++ */ ++ JS::DisableJitBackend(); ++ ++ JS_Init(); ++ } ++ + ~JsInitHelperType() { JS_ShutDown(); } + } JsInitHelper; + +-- +GitLab diff --git a/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch new file mode 100644 index 000000000000..f19560943c43 --- /dev/null +++ b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch @@ -0,0 +1,35 @@ +https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d + +From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001 +From: Vincent Mihalkovic <vmihalko@redhat.com> +Date: Wed, 16 Aug 2023 08:59:55 +0000 +Subject: [PATCH] pkexec: fix uninitialized pointer warning + +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -53,6 +53,7 @@ + static gchar *original_user_name = NULL; + static gchar *original_cwd; + static gchar *command_line = NULL; ++static gchar *cmdline_short = NULL; + static struct passwd *pw; + + #ifndef HAVE_CLEARENV +@@ -508,6 +509,7 @@ main (int argc, char *argv[]) + path = NULL; + exec_argv = NULL; + command_line = NULL; ++ cmdline_short = NULL; + opt_user = NULL; + local_agent_handle = NULL; + +@@ -802,7 +804,6 @@ main (int argc, char *argv[]) + polkit_details_insert (details, "program", path); + polkit_details_insert (details, "command_line", command_line); + +- gchar *cmdline_short = NULL; + cmdline_short = g_strdup(command_line); + if (strlen(command_line) > 80) + g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ), +-- +GitLab diff --git a/sys-auth/polkit/files/polkit-124-c99-fixes.patch b/sys-auth/polkit/files/polkit-124-c99-fixes.patch new file mode 100644 index 000000000000..00d3cbbd2664 --- /dev/null +++ b/sys-auth/polkit/files/polkit-124-c99-fixes.patch @@ -0,0 +1,111 @@ +https://bugs.gentoo.org/925440 +https://github.com/polkit-org/polkit/commit/0d78d1e4bf5ab3ce11678005b220aac0cfc5bee5 + +From: Vincent Mihalkovic <vmihalko@redhat.com> +Date: Fri, 8 Mar 2024 14:04:33 +0100 +Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file + where it is used +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes build error with GCC >= 14 and clang >= 17, +failing on: +``` +../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function ‘print_indent’ [-Wimplicit-function-declaration] + 25 | print_indent(stream, indent); + | ^~~~~~~~~~~~ +``` + +Closes: #6 +--- + subprojects/mocklibc.wrap | 2 + + .../packagefiles/mocklibc-print-indent.diff | 68 +++++++++++++++++++ + 2 files changed, 70 insertions(+) + create mode 100644 subprojects/packagefiles/mocklibc-print-indent.diff + +diff --git a/subprojects/mocklibc.wrap b/subprojects/mocklibc.wrap +index af82298..539ee83 100644 +--- a/subprojects/mocklibc.wrap ++++ b/subprojects/mocklibc.wrap +@@ -8,3 +8,5 @@ source_hash = b2236a6af1028414783e9734a46ea051916ec226479d6a55a3bb823bff68f120 + patch_url = https://wrapdb.mesonbuild.com/v1/projects/mocklibc/1.0/2/get_zip + patch_filename = mocklibc-1.0-2-wrap.zip + patch_hash = 0280f96a2eeb3c023e5acf4e00cef03d362868218d4a85347ea45137c0ef6c56 ++ ++diff_files = mocklibc-print-indent.diff +diff --git a/subprojects/packagefiles/mocklibc-print-indent.diff b/subprojects/packagefiles/mocklibc-print-indent.diff +new file mode 100644 +index 0000000..d8b2029 +--- /dev/null ++++ b/subprojects/packagefiles/mocklibc-print-indent.diff +@@ -0,0 +1,68 @@ ++From: Vincent Mihalkovic <vmihalko@redhat.com> ++Date: Fri, 8 Mar 2024 14:04:33 +0100 ++Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file ++ where it is used ++MIME-Version: 1.0 ++Content-Type: text/plain; charset=UTF-8 ++Content-Transfer-Encoding: 8bit ++ ++This fixes build error with GCC >= 14 and clang >= 17, ++failing on: ++``` ++../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function ‘print_indent’ [-Wimplicit-function-declaration] ++ 25 | print_indent(stream, indent); ++ | ^~~~~~~~~~~~ ++``` ++ ++Closes: #6 ++--- ++ src/netgroup-debug.c | 11 +++++++++++ ++ src/netgroup.c | 11 ----------- ++ 2 files changed, 11 insertions(+), 11 deletions(-) ++ ++diff --git a/src/netgroup-debug.c b/src/netgroup-debug.c ++index 81d6e72..46e5b25 100644 ++--- a/src/netgroup-debug.c +++++ b/src/netgroup-debug.c ++@@ -21,6 +21,17 @@ ++ #include <stdio.h> ++ #include <stdlib.h> ++ +++/** +++ * Print a varaible indentation to the stream. +++ * @param stream Stream to print to +++ * @param indent Number of indents to use +++ */ +++static void print_indent(FILE *stream, unsigned int indent) { +++ int i; +++ for (i = 0; i < indent; i++) +++ fprintf(stream, " "); +++} +++ ++ void netgroup_debug_print_entry(struct entry *entry, FILE *stream, unsigned int indent) { ++ print_indent(stream, indent); ++ ++diff --git a/src/netgroup.c b/src/netgroup.c ++index 06a8a89..e16e451 100644 ++--- a/src/netgroup.c +++++ b/src/netgroup.c ++@@ -71,17 +71,6 @@ static char *parser_copy_word(char **cur) { ++ return result; ++ } ++ ++-/** ++- * Print a varaible indentation to the stream. ++- * @param stream Stream to print to ++- * @param indent Number of indents to use ++- */ ++-void print_indent(FILE *stream, unsigned int indent) { ++- int i; ++- for (i = 0; i < indent; i++) ++- fprintf(stream, " "); ++-} ++- ++ /** ++ * Connect entries with 'child' type to their child entries. ++ * @param headentry Head of list of entries that need to be connected ++-- ++2.43.0 +-- diff --git a/sys-auth/polkit/files/polkit-124-systemd-fixup.patch b/sys-auth/polkit/files/polkit-124-systemd-fixup.patch new file mode 100644 index 000000000000..a4dd7eafcf92 --- /dev/null +++ b/sys-auth/polkit/files/polkit-124-systemd-fixup.patch @@ -0,0 +1,28 @@ +https://bugs.gentoo.org/922458 +https://github.com/polkit-org/polkit/pull/417/files#r1458416421 +--- a/meson.build ++++ b/meson.build +@@ -212,14 +212,17 @@ if enable_logind + config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep)) + + # systemd unit / service files +- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + systemd_systemdsystemunitdir = get_option('systemdsystemunitdir') +- if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login' +- # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used +- systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') +- endif ++ if session_tracking == 'libsystemd-login' ++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + +- systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d') ++ if systemd_systemdsystemunitdir == '' ++ # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used ++ systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') ++ endif ++ ++ systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d') ++ endif + endif + config_h.set('HAVE_LIBSYSTEMD', enable_logind) + diff --git a/sys-auth/polkit/files/polkit-124-systemd.patch b/sys-auth/polkit/files/polkit-124-systemd.patch new file mode 100644 index 000000000000..e9b10e99e5da --- /dev/null +++ b/sys-auth/polkit/files/polkit-124-systemd.patch @@ -0,0 +1,50 @@ +https://github.com/polkit-org/polkit/pull/417 + +From 69d6b94d590b4dd1fbbac22b4f4d449f46ef61aa Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <bluca@debian.org> +Date: Thu, 18 Jan 2024 15:07:32 +0000 +Subject: [PATCH] meson: fix build failure when -Dsystemdsystemunitdir is + specified + +When 'systemdsystemunitdir' is specified as an option the systemd_dep +variable is not defined, but the sysusers.d directory lookup uses it, +causing a build failure: + +dh_auto_configure -- \ + -Dexamples=false \ + -Dintrospection=true \ + -Dman=true \ + -Dsystemdsystemunitdir=/usr/lib/systemd/system \ + -Dtests=true \ + -Dgtk_doc=true -Dsession_tracking=libsystemd-login + cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 -Dexamples=false -Dintrospection=true -Dman=true -Dsystemdsystemunitdir=/usr/lib/systemd/system -Dtests=true -Dgtk_doc=true -Dsession_tracking=libsystemd-login +The Meson build system +Version: 1.3.1 +Source dir: /builds/bluca/polkit/debian/output/source_dir +Build dir: /builds/bluca/polkit/debian/output/source_dir/obj-x86_64-linux-gnu +Build type: native build +Project name: polkit +Project version: 124 + +<...> + +Run-time dependency libsystemd found: YES 255 +Checking for function "sd_uid_get_display" with dependency libsystemd: YES +Checking for function "sd_pidfd_get_session" with dependency libsystemd: YES +../meson.build:222:37: ERROR: Unknown variable "systemd_dep". + +Follow-up for 24f1e0af3f7bd17e220cb96201f3c654e737ad34 +--- a/meson.build ++++ b/meson.build +@@ -212,9 +212,9 @@ if enable_logind + config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep)) + + # systemd unit / service files ++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + systemd_systemdsystemunitdir = get_option('systemdsystemunitdir') + if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login' +- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used + systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') + endif + |