mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-17 01:46:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

sys-auth/polkit: apply Flatcar patches

Browse Source 
- apply duktape patchset from https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/97
 `.gitlab-ci.yml` patch has been removed since file is not shipped in
 archive.
- fix config install paths, use systemd-tmpfiles (All configs should
be installed to /usr and tmpfiles should be used to create and fix
directory permissions instead of the ebuild's postinst.)

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
This commit is contained in:
Mathieu Tortuyaux 2022-01-27 10:05:29 +01:00
parent 3bcd2510bc
commit 0ce5422e6e
11 changed files with 5765 additions and 587 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/Manifest vendored
View File

@ -1,3 +1 @@
DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70
DIST polkit-0.119.tar.gz 1387409 BLAKE2B aeb605598393d1cab40f7c77954008a0392600584c5fe8cc9acaa0e122418ee48b9cce0b6839189ea415277ff0ae4dbd5b7c71cb910aa349dcaf7e1f3f70ef06 SHA512 0260fb15da1c4c1f429e8223260981e64e297f1be8ced42f6910f09ea6581b8205aca06c9c601eb4a128acba2f468de0223118f96862ba769f95721894cf1578
DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46 DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46

5744
sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/97_Add_duktape_as_javascript_engine.patch vendored Normal file
View File

File diff suppressed because it is too large Load Diff

28
sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit-0.115-elogind.patch vendored
View File

@ -1,28 +0,0 @@
From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
From: Rasmus Thomsen <cogitri@exherbo.org>
Date: Wed, 11 Apr 2018 13:14:14 +0200
Subject: [PATCH] configure: fix elogind support
HAVE_LIBSYSTEMD is used to determine which source files to use.
We have to check if either have_libsystemd or have_libelogind is
true, as both of these need the source files which are used when
HAVE_LIBSYSTEMD is true.
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 36df239..da47ecb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
AC_SUBST(LIBSYSTEMD_CFLAGS)
AC_SUBST(LIBSYSTEMD_LIBS)
-AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
+AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd])
dnl ---------------------------------------------------------------------------
dnl - systemd unit / service files
--
2.17.0

29
sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch vendored
View File

@ -1,29 +0,0 @@
https://bugs.gentoo.org/794052
From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001
From: Jan Rybar <jrybar@redhat.com>
Date: Wed, 2 Jun 2021 15:43:38 +0200
Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit
initial values returned if error caught
---
src/polkit/polkitsystembusname.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
index 8daa12c..8ed1363 100644
--- a/src/polkit/polkitsystembusname.c
+++ b/src/polkit/polkitsystembusname.c
@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
g_main_context_iteration (tmp_context, TRUE);
+ if (data.caught_error)
+ goto out;
+
if (out_uid)
*out_uid = data.uid;
if (out_pid)
--
GitLab

0
sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch → sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch vendored
View File

3
sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit.conf vendored Normal file
View File

@ -0,0 +1,3 @@
d /etc/polkit-1 - - - - -
d /etc/polkit-1/rules.d 0700 polkitd root - -
d /var/lib/polkit-1 0700 polkitd polkitd - -

133
sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.117-r2.ebuild vendored
View File

@ -1,133 +0,0 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit autotools pam pax-utils systemd xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
LICENSE="LGPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ~ppc64 ~s390 sparc ~x86"
IUSE="elogind examples gtk +introspection kde nls pam selinux systemd test"
RESTRICT="!test? ( test )"
REQUIRED_USE="^^ ( elogind systemd )"
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
dev-libs/glib
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
dev-util/gtk-doc-am
dev-util/intltool
sys-devel/gettext
virtual/pkgconfig
introspection? ( dev-libs/gobject-introspection )
"
DEPEND="
dev-lang/spidermonkey:68[-debug]
dev-libs/glib:2
dev-libs/expat
elogind? ( sys-auth/elogind )
pam? (
sys-auth/pambase
sys-libs/pam
)
!pam? ( virtual/libcrypt:= )
systemd? ( sys-apps/systemd:0=[policykit] )
"
RDEPEND="${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING NEWS README )
PATCHES=(
# bug 660880
"${FILESDIR}"/polkit-0.115-elogind.patch
)
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd"
src_prepare() {
default
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
# Workaround upstream hack around standard gtk-doc behavior, bug #552170
sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
-e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
-e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
docs/polkit/Makefile.in || die
# disable broken test - bug #624022
sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
# Fix cross-building, bug #590764, elogind patch, bug #598615
eautoreconf
}
src_configure() {
xdg_environment_reset
local myeconfargs=(
--localstatedir="${EPREFIX}"/var
--disable-static
--enable-man-pages
--disable-gtk-doc
--disable-examples
$(use_enable elogind libelogind)
$(use_enable introspection)
$(use_enable nls)
$(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
--with-authfw=$(usex pam pam shadow)
$(use_enable systemd libsystemd-login)
--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
$(use_enable test)
--with-os-type=gentoo
)
econf "${myeconfargs[@]}"
}
src_compile() {
default
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
default
if use examples; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
diropts -m 0700 -o polkitd
keepdir /usr/share/polkit-1/rules.d
find "${ED}" -name '*.la' -delete || die
}
pkg_postinst() {
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
}

136
sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.117-r3.ebuild vendored
View File

@ -1,136 +0,0 @@
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit autotools pam pax-utils systemd xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
LICENSE="LGPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ppc ~ppc64 ~s390 ~sparc ~x86"
IUSE="elogind examples gtk +introspection kde nls pam selinux systemd test"
RESTRICT="!test? ( test )"
REQUIRED_USE="^^ ( elogind systemd )"
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
dev-libs/glib
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
dev-util/gtk-doc-am
dev-util/intltool
sys-devel/gettext
virtual/pkgconfig
introspection? ( dev-libs/gobject-introspection )
"
DEPEND="
dev-lang/spidermonkey:68[-debug]
dev-libs/glib:2
dev-libs/expat
elogind? ( sys-auth/elogind )
pam? (
sys-auth/pambase
sys-libs/pam
)
!pam? ( virtual/libcrypt:= )
systemd? ( sys-apps/systemd:0=[policykit] )
"
RDEPEND="${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING NEWS README )
PATCHES=(
# bug 660880
"${FILESDIR}"/polkit-0.115-elogind.patch
"${FILESDIR}"/polkit-0.117-CVE-2021-3560.patch
"${FILESDIR}"/polkit-0.120-CVE-2021-4043.patch
)
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd"
src_prepare() {
default
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
# Workaround upstream hack around standard gtk-doc behavior, bug #552170
sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
-e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
-e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
docs/polkit/Makefile.in || die
# disable broken test - bug #624022
sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
# Fix cross-building, bug #590764, elogind patch, bug #598615
eautoreconf
}
src_configure() {
xdg_environment_reset
local myeconfargs=(
--localstatedir="${EPREFIX}"/var
--disable-static
--enable-man-pages
--disable-gtk-doc
--disable-examples
$(use_enable elogind libelogind)
$(use_enable introspection)
$(use_enable nls)
$(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
--with-authfw=$(usex pam pam shadow)
$(use_enable systemd libsystemd-login)
--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
$(use_enable test)
--with-os-type=gentoo
)
econf "${myeconfargs[@]}"
}
src_compile() {
default
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
default
if use examples; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
diropts -m 0700 -o polkitd
keepdir /usr/share/polkit-1/rules.d
find "${ED}" -name '*.la' -delete || die
}
pkg_postinst() {
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
}

132
sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.119-r2.ebuild vendored
View File

@ -1,132 +0,0 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit autotools pam pax-utils systemd xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
LICENSE="LGPL-2"
SLOT="0"
KEYWORDS="amd64 arm arm64 ~mips ppc64 ~riscv ~s390 x86"
IUSE="elogind examples gtk +introspection kde nls pam selinux systemd test"
RESTRICT="!test? ( test )"
REQUIRED_USE="^^ ( elogind systemd )"
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
dev-libs/glib
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
dev-util/gtk-doc-am
dev-util/intltool
sys-devel/gettext
virtual/pkgconfig
introspection? ( dev-libs/gobject-introspection )
"
DEPEND="
dev-lang/spidermonkey:78[-debug]
dev-libs/glib:2
dev-libs/expat
elogind? ( sys-auth/elogind )
pam? (
sys-auth/pambase
sys-libs/pam
)
!pam? ( virtual/libcrypt:= )
systemd? ( sys-apps/systemd:0=[policykit] )
"
RDEPEND="${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING NEWS README )
PATCHES=(
"${FILESDIR}"/${PN}-0.115-elogind.patch # bug 660880
)
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd"
src_prepare() {
default
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
# Workaround upstream hack around standard gtk-doc behavior, bug #552170
sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
-e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
-e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
docs/polkit/Makefile.in || die
# disable broken test - bug #624022
sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
# Fix cross-building, bug #590764, elogind patch, bug #598615
eautoreconf
}
src_configure() {
xdg_environment_reset
local myeconfargs=(
--localstatedir="${EPREFIX}"/var
--disable-static
--enable-man-pages
--disable-gtk-doc
--disable-examples
$(use_enable elogind libelogind)
$(use_enable introspection)
$(use_enable nls)
$(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
--with-authfw=$(usex pam pam shadow)
$(use_enable systemd libsystemd-login)
--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
$(use_enable test)
--with-os-type=gentoo
)
econf "${myeconfargs[@]}"
}
src_compile() {
default
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
default
if use examples; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
diropts -m 0700 -o polkitd
keepdir /usr/share/polkit-1/rules.d
find "${ED}" -name '*.la' -delete || die
}
pkg_postinst() {
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
}

119
sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.120-r1.ebuild vendored
View File

@ -1,119 +0,0 @@
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit meson pam pax-utils systemd xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
LICENSE="LGPL-2"
SLOT="0"
KEYWORDS="amd64 arm arm64 ~mips ppc64 ~riscv ~s390 x86"
IUSE="examples gtk +introspection kde pam selinux systemd test"
#RESTRICT="!test? ( test )"
# Tests currently don't work with meson. See
# https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
RESTRICT="test"
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
dev-libs/glib
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
sys-devel/gettext
virtual/pkgconfig
introspection? ( dev-libs/gobject-introspection )
"
DEPEND="
dev-lang/spidermonkey:78[-debug]
dev-libs/glib:2
dev-libs/expat
pam? (
sys-auth/pambase
sys-libs/pam
)
!pam? ( virtual/libcrypt:= )
systemd? ( sys-apps/systemd:0=[policykit] )
!systemd? ( sys-auth/elogind )
"
RDEPEND="${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING NEWS README )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd"
src_prepare() {
local PATCHES=(
"${FILESDIR}/polkit-0.120-meson.patch"
)
default
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
}
src_configure() {
xdg_environment_reset
local emesonargs=(
--localstatedir="${EPREFIX}"/var
-Dauthfw="$(usex pam pam shadow)"
-Dexamples=false
-Dgtk_doc=false
-Dman=true
-Dos_type=gentoo
-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
$(meson_use introspection)
$(meson_use test tests)
$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
)
meson_src_configure
}
src_compile() {
meson_src_compile
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
meson_src_install
if use examples ; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
diropts -m 0700 -o polkitd
keepdir /usr/share/polkit-1/rules.d
# meson does not install required files with SUID bit. See
# https://bugs.gentoo.org/816393
# Remove the following lines once this has been fixed by upstream
fperms u+s /usr/bin/pkexec
fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1
}
pkg_postinst() {
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
}

26
sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.120-r2.ebuild vendored
View File

@ -3,7 +3,8 @@
EAPI=7 EAPI=7
inherit meson pam pax-utils systemd xdg-utils TMPFILES_OPTIONAL=1
inherit meson pam pax-utils systemd xdg-utils tmpfiles
DESCRIPTION="Policy framework for controlling privileges for system-wide services" DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
@ -31,7 +32,7 @@ BDEPEND="
introspection? ( dev-libs/gobject-introspection ) introspection? ( dev-libs/gobject-introspection )
" "
DEPEND=" DEPEND="
dev-lang/spidermonkey:78[-debug] dev-lang/duktape
dev-libs/glib:2 dev-libs/glib:2
dev-libs/expat dev-libs/expat
pam? ( pam? (
@ -63,7 +64,10 @@ QA_MULTILIB_PATHS="
src_prepare() { src_prepare() {
local PATCHES=( local PATCHES=(
"${FILESDIR}/polkit-0.120-meson.patch" "${FILESDIR}/polkit-0.120-meson.patch"
"${FILESDIR}/polkit-0.120-CVE-2021-4043.patch" "${FILESDIR}/polkit-0.120-CVE-2021-4034.patch"
# from https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/97
"${FILESDIR}/97_Add_duktape_as_javascript_engine.patch"
) )
default default
@ -82,6 +86,7 @@ src_configure() {
-Dos_type=gentoo -Dos_type=gentoo
-Dsession_tracking="$(usex systemd libsystemd-login libelogind)" -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
-Dwith-duktape=yes
$(meson_use introspection) $(meson_use introspection)
$(meson_use test tests) $(meson_use test tests)
$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
@ -99,6 +104,16 @@ src_compile() {
src_install() { src_install() {
meson_src_install meson_src_install
dodir /usr/share/polkit-1/rules.d
dodir /usr/lib/pam.d
mv "${D}"/{etc,usr/share}/polkit-1/rules.d/50-default.rules || die
mv "${D}"/{etc,usr/lib}/pam.d/polkit-1 || die
rmdir "${D}"/etc/polkit-1/rules.d "${D}"/etc/polkit-1 || die
rmdir "${D}"/etc/pam.d || die
dotmpfiles "${FILESDIR}/polkit.conf"
if use examples ; then if use examples ; then
docinto examples docinto examples
dodoc src/examples/{*.c,*.policy*} dodoc src/examples/{*.c,*.policy*}
@ -114,8 +129,3 @@ src_install() {
fperms u+s /usr/bin/pkexec fperms u+s /usr/bin/pkexec
fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1 fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1
} }
pkg_postinst() {
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
}