mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-08 13:36:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

sys-auth/polkit: Sync with Gentoo

Browse Source 
It's from Gentoo commit 80d4449eb6cd125ca355842ebd03890e907bc5df.
This commit is contained in:
Krzesimir Nowak 2025-04-03 16:51:56 +02:00
parent ef9266c111
commit 4d152fc93e
22 changed files with 1719 additions and 270 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sdk_container/src/third_party/portage-stable/sys-auth/polkit/Manifest vendored
View File

@ -1 +1,4 @@
DIST polkit-121.tar.gz 743287 BLAKE2B 6ebda8fc866ef960281ef912a3d3c45572da3ba90a84026e386b78ced8eaadc6cfc0e88d6e5a75133bf99e28041f8b29b236bb0e9666dd1ffc43af2227a5cb2d SHA512 f565027b80f32833c558900b612e089ab25027da5bf9a90c421a292467d4db9a291f6dc9850c4bca8f9ee890d476fd064a643a5f7e28497661ba1e31d4227624
DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6
DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc
DIST polkit-125.tar.gz 453652 BLAKE2B 068bd4a7c028a0b4e026a0fdc3a60bd323087282a5c5bd7cbc404dbedb997de63893ce2282e8cd5f01f8d98ff0cc1a46200543a832fa397a4f50ef8d6ba2b28b SHA512 64d85c1557355d6de6483beeb855b74a99dbb30cf9968206dc0aaf147156072ca2604bf667533099ee3972b3eed0421ec0a1ff8bea35a1e4c54da7b9688e0953
DIST polkit-126.tar.gz 456138 BLAKE2B 2e86c8853edf29879d8367b77d210d3a891178297cb5f9eb204a953bfaa66f6ff2307da265f4c3f89265ba8ce32e94641272d654a78d116dfb32a65d402f877a SHA512 dbdbc31b7a231c963788b37cf1a138e30336466fb662225a812faaf58e45439925d9d39346cc8f07e54f22040c2f142435acb9fded315d33e24930e0abc736c7

58
sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/8cf58abef12e61f369af3f583af349b0e086ba27.patch vendored Normal file
View File

@ -0,0 +1,58 @@
From 8cf58abef12e61f369af3f583af349b0e086ba27 Mon Sep 17 00:00:00 2001
From: Eli Schwartz <eschwartz@gentoo.org>
Date: Sun, 20 Oct 2024 15:18:55 -0400
Subject: [PATCH] meson: correctly test for setnetgrent return type
meson doesn't automatically add all project arguments to configure
checks -- nor incrementally the inline value of all configuration_data
entries.
But that meant it was missing -D_GNU_SOURCE, as well as a define added
to config.h itself. As a result, this check failed to detect the
necessary function definition and failed to link.
```
Command line: `gcc-14 /var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c -o /var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/output.obj -c -pipe -march=native -fstack-protector-all -O2 -fdiagnostics-color=always -frecord-gcc-switches -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing -Wformat -Werror=format-security -Werror=implicit-function-declaration -Werror=implicit-int -Werror=int-conversion -Werror=incompatible-pointer-types -D_FILE_OFFSET_BITS=64 -O0 -std=c99` -> 1
stderr:
/var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c: In function 'main':
/var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c:9:17: error: implicit declaration of function 'setnetgrent'; did you mean 'setnetent'? [-Wimplicit-function-declaration]
9 | int r = setnetgrent (NULL);
| ^~~~~~~~~~~
| setnetent
-----------
Checking if "setnetgrent return support" compiles: NO
```
Bug: https://bugs.gentoo.org/938870
Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>
---
meson.build | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/meson.build b/meson.build
index 0800c88..a0b440d 100644
--- a/meson.build
+++ b/meson.build
@@ -159,7 +159,8 @@ host_system = host_machine.system()
config_data.set('HAVE_' + host_system.to_upper(), true)
# Check whether setnetgrent has a return value
-config_data.set('HAVE_NETGROUP_H', cc.has_header('netgroup.h'))
+have_netgroup_h = cc.has_header('netgroup.h')
+config_data.set('HAVE_NETGROUP_H', have_netgroup_h)
if config_data.get('HAVE_SETNETGRENT', false)
setnetgrent_return_src = '''
@@ -174,7 +175,11 @@ if config_data.get('HAVE_SETNETGRENT', false)
};
'''
- config_data.set('HAVE_SETNETGRENT_RETURN', cc.compiles(setnetgrent_return_src, name: 'setnetgrent return support'))
+ args = ['-D_GNU_SOURCE']
+ if have_netgroup_h
+ args += '-DHAVE_NETGROUP_H'
+ endif
+ config_data.set('HAVE_SETNETGRENT_RETURN', cc.compiles(setnetgrent_return_src, args: args, name: 'setnetgrent return support'))
endif
# Select wether to use logind, elogind or ConsoleKit for session tracking

231
sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch vendored
View File

@ -1,231 +0,0 @@
Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch.
https://bugs.gentoo.org/833753
https://bugs.gentoo.org/561672
https://bugs.freedesktop.org/show_bug.cgi?id=50145
https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
Patch has been rebased a bit since but keeping original headers.
From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Wed, 11 Jul 2018 04:54:26 -0500
Subject: [PATCH] make netgroup support optional
On at least Linux/musl and Linux/uclibc, netgroup support is not
available. PolKit fails to compile on these systems for that reason.
This change makes netgroup support conditional on the presence of the
setnetgrent(3) function which is required for the support to work. If
that function is not available on the system, an error will be returned
to the administrator if unix-netgroup: is specified in configuration.
Fixes bug 50145.
Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
--- a/meson.build
+++ b/meson.build
@@ -89,6 +89,7 @@ config_h.set('_GNU_SOURCE', true)
check_functions = [
'clearenv',
'fdatasync',
+ 'setnetgrent',
]
foreach func: check_functions
--- a/src/polkit/polkitidentity.c
+++ b/src/polkit/polkitidentity.c
@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
}
else if (g_str_has_prefix (str, "unix-netgroup:"))
{
+#ifndef HAVE_SETNETGRENT
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Netgroups are not available on this machine ('%s')",
+ str);
+#else
identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
+#endif
}
if (identity == NULL && (error != NULL && *error == NULL))
@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
GVariant *v;
const char *name;
+#ifndef HAVE_SETNETGRENT
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Netgroups are not available on this machine");
+ goto out;
+#else
+
v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
if (v == NULL)
{
@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
name = g_variant_get_string (v, NULL);
ret = polkit_unix_netgroup_new (name);
g_variant_unref (v);
+#endif
}
else
{
--- a/src/polkit/polkitunixnetgroup.c
+++ b/src/polkit/polkitunixnetgroup.c
@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
PolkitIdentity *
polkit_unix_netgroup_new (const gchar *name)
{
+#ifndef HAVE_SETNETGRENT
+ g_assert_not_reached();
+#endif
g_return_val_if_fail (name != NULL, NULL);
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
"name", name,
--- a/src/polkitbackend/polkitbackendduktapeauthority.c
+++ b/src/polkitbackend/polkitbackendduktapeauthority.c
@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
user = duk_require_string (cx, 0);
netgroup = duk_require_string (cx, 1);
-
+#ifdef HAVE_SETNETGRENT
if (innetgr (netgroup,
NULL, /* host */
user,
@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
{
is_in_netgroup = TRUE;
}
-
+#endif
duk_push_boolean (cx, is_in_netgroup);
return 1;
}
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -2248,25 +2248,26 @@ get_users_in_net_group (PolkitIdentity *group,
GList *ret;
ret = NULL;
+#ifdef HAVE_SETNETGRENT
name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
-#ifdef HAVE_SETNETGRENT_RETURN
+# ifdef HAVE_SETNETGRENT_RETURN
if (setnetgrent (name) == 0)
{
g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
goto out;
}
-#else
+# else
setnetgrent (name);
-#endif
+# endif /* HAVE_SETNETGRENT_RETURN */
for (;;)
{
-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
const char *hostname, *username, *domainname;
-#else
+# else
char *hostname, *username, *domainname;
-#endif
+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
PolkitIdentity *user;
GError *error = NULL;
@@ -2297,6 +2298,7 @@ get_users_in_net_group (PolkitIdentity *group,
out:
endnetgrent ();
+#endif /* HAVE_SETNETGRENT */
return ret;
}
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -1271,6 +1271,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
+#ifdef HAVE_SETNETGRENT
JS::RootedString usrstr (authority->priv->cx);
usrstr = args[0].toString();
user = JS_EncodeStringToUTF8 (cx, usrstr);
@@ -1285,6 +1286,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
{
is_in_netgroup = true;
}
+#endif
ret = true;
--- a/test/polkit/polkitidentitytest.c
+++ b/test/polkit/polkitidentitytest.c
@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = {
{"unix-group:root", "unix-group:jane", FALSE},
{"unix-group:jane", "unix-group:jane", TRUE},
+#ifdef HAVE_SETNETGRENT
{"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
{"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
+#endif
{"unix-user:root", "unix-group:root", FALSE},
+#ifdef HAVE_SETNETGRENT
{"unix-user:jane", "unix-netgroup:foo", FALSE},
+#endif
{NULL},
};
@@ -181,11 +185,13 @@ main (int argc, char *argv[])
g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
+#ifdef HAVE_SETNETGRENT
g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
+#endif
g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
add_comparison_tests ();
--- a/test/polkit/polkitunixnetgrouptest.c
+++ b/test/polkit/polkitunixnetgrouptest.c
@@ -69,7 +69,9 @@ int
main (int argc, char *argv[])
{
g_test_init (&argc, &argv, NULL);
+#ifdef HAVE_SETNETGRENT
g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
+#endif
return g_test_run ();
}
--- a/test/polkitbackend/test-polkitbackendjsauthority.c
+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
@@ -137,12 +137,14 @@ test_get_admin_identities (void)
"unix-group:users"
}
},
+#ifdef HAVE_SETNETGRENT
{
"net.company.action3",
{
"unix-netgroup:foo"
}
},
+#endif
};
guint n;

36
sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch vendored Normal file
View File

@ -0,0 +1,36 @@
https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb
From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Sat, 29 Jul 2023 17:44:58 +0800
Subject: [PATCH] jsauthority: mozjs: Disable JIT
The JIT compiling of mozjs needs W/X mapping, but our systemd hardening
setting does not allow it.
For polkit, security is much more important than the speed running
Javascript code in rule files, so we should disable JIT.
Fixes #199.
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -56,7 +56,16 @@
static class JsInitHelperType
{
public:
- JsInitHelperType() { JS_Init(); }
+ JsInitHelperType()
+ {
+ /* Disable JIT because it needs W/X mapping, which is not allowed by
+ * our systemd hardening setting.
+ */
+ JS::DisableJitBackend();
+
+ JS_Init();
+ }
+
~JsInitHelperType() { JS_ShutDown(); }
} JsInitHelper;
--
GitLab

35
sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch vendored Normal file
View File

@ -0,0 +1,35 @@
https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d
From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001
From: Vincent Mihalkovic <vmihalko@redhat.com>
Date: Wed, 16 Aug 2023 08:59:55 +0000
Subject: [PATCH] pkexec: fix uninitialized pointer warning
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -53,6 +53,7 @@
static gchar *original_user_name = NULL;
static gchar *original_cwd;
static gchar *command_line = NULL;
+static gchar *cmdline_short = NULL;
static struct passwd *pw;
#ifndef HAVE_CLEARENV
@@ -508,6 +509,7 @@ main (int argc, char *argv[])
path = NULL;
exec_argv = NULL;
command_line = NULL;
+ cmdline_short = NULL;
opt_user = NULL;
local_agent_handle = NULL;
@@ -802,7 +804,6 @@ main (int argc, char *argv[])
polkit_details_insert (details, "program", path);
polkit_details_insert (details, "command_line", command_line);
- gchar *cmdline_short = NULL;
cmdline_short = g_strdup(command_line);
if (strlen(command_line) > 80)
g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ),
--
GitLab

111
sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-c99-fixes.patch vendored Normal file
View File

@ -0,0 +1,111 @@
https://bugs.gentoo.org/925440
https://github.com/polkit-org/polkit/commit/0d78d1e4bf5ab3ce11678005b220aac0cfc5bee5
From: Vincent Mihalkovic <vmihalko@redhat.com>
Date: Fri, 8 Mar 2024 14:04:33 +0100
Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file
where it is used
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This fixes build error with GCC >= 14 and clang >= 17,
failing on:
```
../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function print_indent [-Wimplicit-function-declaration]
25 | print_indent(stream, indent);
| ^~~~~~~~~~~~
```
Closes: #6
---
subprojects/mocklibc.wrap | 2 +
.../packagefiles/mocklibc-print-indent.diff | 68 +++++++++++++++++++
2 files changed, 70 insertions(+)
create mode 100644 subprojects/packagefiles/mocklibc-print-indent.diff
diff --git a/subprojects/mocklibc.wrap b/subprojects/mocklibc.wrap
index af82298..539ee83 100644
--- a/subprojects/mocklibc.wrap
+++ b/subprojects/mocklibc.wrap
@@ -8,3 +8,5 @@ source_hash = b2236a6af1028414783e9734a46ea051916ec226479d6a55a3bb823bff68f120
patch_url = https://wrapdb.mesonbuild.com/v1/projects/mocklibc/1.0/2/get_zip
patch_filename = mocklibc-1.0-2-wrap.zip
patch_hash = 0280f96a2eeb3c023e5acf4e00cef03d362868218d4a85347ea45137c0ef6c56
+
+diff_files = mocklibc-print-indent.diff
diff --git a/subprojects/packagefiles/mocklibc-print-indent.diff b/subprojects/packagefiles/mocklibc-print-indent.diff
new file mode 100644
index 0000000..d8b2029
--- /dev/null
+++ b/subprojects/packagefiles/mocklibc-print-indent.diff
@@ -0,0 +1,68 @@
+From: Vincent Mihalkovic <vmihalko@redhat.com>
+Date: Fri, 8 Mar 2024 14:04:33 +0100
+Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file
+ where it is used
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This fixes build error with GCC >= 14 and clang >= 17,
+failing on:
+```
+../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function print_indent [-Wimplicit-function-declaration]
+ 25 | print_indent(stream, indent);
+ | ^~~~~~~~~~~~
+```
+
+Closes: #6
+---
+ src/netgroup-debug.c | 11 +++++++++++
+ src/netgroup.c | 11 -----------
+ 2 files changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/src/netgroup-debug.c b/src/netgroup-debug.c
+index 81d6e72..46e5b25 100644
+--- a/src/netgroup-debug.c
++++ b/src/netgroup-debug.c
+@@ -21,6 +21,17 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+
++/**
++ * Print a varaible indentation to the stream.
++ * @param stream Stream to print to
++ * @param indent Number of indents to use
++ */
++static void print_indent(FILE *stream, unsigned int indent) {
++ int i;
++ for (i = 0; i < indent; i++)
++ fprintf(stream, " ");
++}
++
+ void netgroup_debug_print_entry(struct entry *entry, FILE *stream, unsigned int indent) {
+ print_indent(stream, indent);
+
+diff --git a/src/netgroup.c b/src/netgroup.c
+index 06a8a89..e16e451 100644
+--- a/src/netgroup.c
++++ b/src/netgroup.c
+@@ -71,17 +71,6 @@ static char *parser_copy_word(char **cur) {
+ return result;
+ }
+
+-/**
+- * Print a varaible indentation to the stream.
+- * @param stream Stream to print to
+- * @param indent Number of indents to use
+- */
+-void print_indent(FILE *stream, unsigned int indent) {
+- int i;
+- for (i = 0; i < indent; i++)
+- fprintf(stream, " ");
+-}
+-
+ /**
+ * Connect entries with 'child' type to their child entries.
+ * @param headentry Head of list of entries that need to be connected
+--
+2.43.0
--

28
sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd-fixup.patch vendored Normal file
View File

@ -0,0 +1,28 @@
https://bugs.gentoo.org/922458
https://github.com/polkit-org/polkit/pull/417/files#r1458416421
--- a/meson.build
+++ b/meson.build
@@ -212,14 +212,17 @@ if enable_logind
config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep))
# systemd unit / service files
- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
systemd_systemdsystemunitdir = get_option('systemdsystemunitdir')
- if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login'
- # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
- systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
- endif
+ if session_tracking == 'libsystemd-login'
+ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
- systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d')
+ if systemd_systemdsystemunitdir == ''
+ # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
+ systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
+ endif
+
+ systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d')
+ endif
endif
config_h.set('HAVE_LIBSYSTEMD', enable_logind)

50
sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd.patch vendored Normal file
View File

@ -0,0 +1,50 @@
https://github.com/polkit-org/polkit/pull/417
From 69d6b94d590b4dd1fbbac22b4f4d449f46ef61aa Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Thu, 18 Jan 2024 15:07:32 +0000
Subject: [PATCH] meson: fix build failure when -Dsystemdsystemunitdir is
specified
When 'systemdsystemunitdir' is specified as an option the systemd_dep
variable is not defined, but the sysusers.d directory lookup uses it,
causing a build failure:
dh_auto_configure -- \
-Dexamples=false \
-Dintrospection=true \
-Dman=true \
-Dsystemdsystemunitdir=/usr/lib/systemd/system \
-Dtests=true \
-Dgtk_doc=true -Dsession_tracking=libsystemd-login
cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 -Dexamples=false -Dintrospection=true -Dman=true -Dsystemdsystemunitdir=/usr/lib/systemd/system -Dtests=true -Dgtk_doc=true -Dsession_tracking=libsystemd-login
The Meson build system
Version: 1.3.1
Source dir: /builds/bluca/polkit/debian/output/source_dir
Build dir: /builds/bluca/polkit/debian/output/source_dir/obj-x86_64-linux-gnu
Build type: native build
Project name: polkit
Project version: 124
<...>
Run-time dependency libsystemd found: YES 255
Checking for function "sd_uid_get_display" with dependency libsystemd: YES
Checking for function "sd_pidfd_get_session" with dependency libsystemd: YES
../meson.build:222:37: ERROR: Unknown variable "systemd_dep".
Follow-up for 24f1e0af3f7bd17e220cb96201f3c654e737ad34
--- a/meson.build
+++ b/meson.build
@@ -212,9 +212,9 @@ if enable_logind
config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep))
# systemd unit / service files
+ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
systemd_systemdsystemunitdir = get_option('systemdsystemunitdir')
if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login'
- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
# FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
endif

34
sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-125-musl.patch vendored Normal file
View File

@ -0,0 +1,34 @@
https://github.com/polkit-org/polkit/commit/13bea3e08f924002a6a5c2f275d4bf1588fc3d02
From 13bea3e08f924002a6a5c2f275d4bf1588fc3d02 Mon Sep 17 00:00:00 2001
From: Sertonix <sertonix@posteo.net>
Date: Sun, 11 Aug 2024 00:26:51 +0200
Subject: [PATCH] Fix missing arguments with HAVE_PTHREAD_CONDATTR_SETCLOCK
Fixes <64f5e4dda52> Add syslog-style log levels support
--- a/src/polkitbackend/polkitbackendduktapeauthority.c
+++ b/src/polkitbackend/polkitbackendduktapeauthority.c
@@ -767,12 +767,14 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx
#ifdef HAVE_PTHREAD_CONDATTR_SETCLOCK
if ((pthread_err = pthread_condattr_init(&attr))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
+ LOG_LEVEL_ERROR,
"Error initializing condition variable attributes: %s",
strerror(pthread_err));
return FALSE;
}
if ((pthread_err = pthread_condattr_setclock(&attr, PK_CLOCK))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
+ LOG_LEVEL_ERROR,
"Error setting condition variable attributes: %s",
strerror(pthread_err));
goto err_clean_condattr;
@@ -780,6 +782,7 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx
/* Init again, with needed attr */
if ((pthread_err = pthread_cond_init(&ctx->cond, &attr))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
+ LOG_LEVEL_ERROR,
"Error initializing condition variable: %s",
strerror(pthread_err));
goto err_clean_condattr;

37
sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-elogind.patch vendored Normal file
View File

@ -0,0 +1,37 @@
https://github.com/polkit-org/polkit/commit/55ee1b70456eca8281dda9612c485c619122f202
From 55ee1b70456eca8281dda9612c485c619122f202 Mon Sep 17 00:00:00 2001
From: Jan Rybar <jrybar@redhat.com>
Date: Tue, 14 Jan 2025 13:47:54 +0100
Subject: [PATCH] meson: fix unused dependency, fixes elogind FTBFS
polkit-126 could not be built from source with elogind session service due
to wrong dependencies in meson.build.
Author: @markhindley
---
src/polkitbackend/meson.build | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/polkitbackend/meson.build b/src/polkitbackend/meson.build
index fc35e195..a807b41b 100644
--- a/src/polkitbackend/meson.build
+++ b/src/polkitbackend/meson.build
@@ -37,7 +37,6 @@ deps += thread_dep
if enable_logind
sources += files('polkitbackendsessionmonitor-systemd.c')
-
deps += logind_dep
else
sources += files('polkitbackendsessionmonitor.c')
@@ -73,7 +72,7 @@ executable(
program,
program + '.c',
include_directories: top_inc,
- dependencies: libpolkit_gobject_dep,
+ dependencies: deps,
c_args: c_flags,
link_with: libpolkit_backend,
install: true,

34
sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-musl.patch vendored Normal file
View File

@ -0,0 +1,34 @@
https://github.com/polkit-org/polkit/commit/074ad836836167190cfe5649f9fc50da2e79a0ab
From 074ad836836167190cfe5649f9fc50da2e79a0ab Mon Sep 17 00:00:00 2001
From: Jan Rybar <jrybar@redhat.com>
Date: Wed, 19 Feb 2025 14:20:22 +0100
Subject: [PATCH] Fix musl compilation error on Alpine
Disruptions between glibc and musl-(not-)predefined feature-test macros led to
a decision to remove a check for POSIX standards older than 17 years. It makes no
sense to test the existence of a macro that we explicitly define in
meson.build either (shall we test for _GNU_SOURCE).
---
src/programs/pkexec.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
index b439475f..4274c92b 100644
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -674,12 +674,8 @@ main (int argc, char *argv[])
argv[n] = path_abs;
}
}
-#if _POSIX_C_SOURCE >= 200809L
+
s = realpath(path, NULL);
-#else
- s = NULL;
-# error We have to deal with realpath(3) PATH_MAX madness
-#endif
if (s != NULL)
{
/* The called program resolved to the canonical location. We don't update

133
sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-realpath.patch vendored Normal file
View File

@ -0,0 +1,133 @@
https://github.com/polkit-org/polkit/commit/9aa43e089d870a8ee695e625237c5b731b250678
From 9aa43e089d870a8ee695e625237c5b731b250678 Mon Sep 17 00:00:00 2001
From: Walter Doekes <walter+github@wjd.nu>
Date: Fri, 25 Oct 2024 23:18:16 +0200
Subject: [PATCH] pkexec: Use realpath when comparing
org.freedesktop.policykit.exec.path
This changes the pkexec path that is compared from the original supplied
path to the path resolved by realpath(3).
That means that "/bin/something" might now be matched as
"/usr/bin/something", a review of your
<annotate key="org.freedesktop.policykit.exec.path">
actions might be in order.
Fixes: polkit-org/polkit#194
See also: systemd/systemd#34714
---
src/programs/pkexec.c | 29 +++++++++++++++++++++++++++--
test/integration/pkexec/test.sh | 23 +++++++++++++++++++++++
2 files changed, 50 insertions(+), 2 deletions(-)
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
index 65c13090..b439475f 100644
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -452,6 +452,7 @@ main (int argc, char *argv[])
gchar *action_id;
gboolean allow_gui;
gchar **exec_argv;
+ gchar *path_abs;
gchar *path;
struct passwd pwstruct;
gchar pwbuf[8192];
@@ -508,6 +509,7 @@ main (int argc, char *argv[])
result = NULL;
action_id = NULL;
saved_env = NULL;
+ path_abs = NULL;
path = NULL;
exec_argv = NULL;
command_line = NULL;
@@ -624,6 +626,8 @@ main (int argc, char *argv[])
* but do check this is the case.
*
* We also try to locate the program in the path if a non-absolute path is given.
+ *
+ * And then we resolve the real path of the program.
*/
g_assert (argv[argc] == NULL);
path = g_strdup (argv[n]);
@@ -647,7 +651,7 @@ main (int argc, char *argv[])
}
if (path[0] != '/')
{
- /* g_find_program_in_path() is not suspectible to attacks via the environment */
+ /* g_find_program_in_path() is not susceptible to attacks via the environment */
s = g_find_program_in_path (path);
if (s == NULL)
{
@@ -662,9 +666,29 @@ main (int argc, char *argv[])
*/
if (argv[n] != NULL)
{
- argv[n] = path;
+ /* Must copy because we might replace path later on. */
+ path_abs = g_strdup(path);
+ /* argv[n:] is used as argv arguments to execv(). The called program
+ * sees the original called path, but we make sure it's absolute. */
+ if (path_abs != NULL)
+ argv[n] = path_abs;
}
}
+#if _POSIX_C_SOURCE >= 200809L
+ s = realpath(path, NULL);
+#else
+ s = NULL;
+# error We have to deal with realpath(3) PATH_MAX madness
+#endif
+ if (s != NULL)
+ {
+ /* The called program resolved to the canonical location. We don't update
+ * argv[n] this time. The called program still sees the original
+ * called path. This is very important for multi-call binaries like
+ * busybox. */
+ g_free (path);
+ path = s;
+ }
if (access (path, F_OK) != 0)
{
g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno));
@@ -1084,6 +1108,7 @@ main (int argc, char *argv[])
}
g_free (original_cwd);
+ g_free (path_abs);
g_free (path);
g_free (command_line);
g_free (cmdline_short);
diff --git a/test/integration/pkexec/test.sh b/test/integration/pkexec/test.sh
index 4c76687b..e57b948f 100755
--- a/test/integration/pkexec/test.sh
+++ b/test/integration/pkexec/test.sh
@@ -142,3 +142,26 @@ sudo -u "$TEST_USER" expect "$TMP_DIR/SIGTRAP-on-EOF.exp" | tee "$TMP_DIR/SIGTRA
grep -q "AUTHENTICATION FAILED" "$TMP_DIR/SIGTRAP-on-EOF.log"
grep -q "Not authorized" "$TMP_DIR/SIGTRAP-on-EOF.log"
rm -f "$TMP_DIR/SIGTRAP-on-EOF.log"
+
+: "Check absolute (but not canonicalized) path"
+BASH_ABS=$(command -v bash)
+ln -s "$BASH_ABS" ./my-bash
+sudo -u "$TEST_USER" expect "$TMP_DIR/basic-auth.exp" "$TEST_USER_PASSWORD" ./my-bash -c true | tee "$TMP_DIR/absolute-path.log"
+grep -Eq "Authentication is needed to run \`/.*/${PWD##*/}/./my-bash -c true' as the super user" "$TMP_DIR/absolute-path.log"
+grep -q "AUTHENTICATION COMPLETE" "$TMP_DIR/absolute-path.log"
+rm -f "$TMP_DIR/absolute-path.log"
+rm -f "./my-bash"
+
+: "Check canonicalized path"
+if command -v strace; then
+ BASH_ABS=$(command -v bash)
+ ln -s "$BASH_ABS" ./my-bash
+ sudo -u "$TEST_USER" strace -s 512 -o "$TMP_DIR/canonical-path.strace" -feexecve \
+ expect "$TMP_DIR/basic-auth.exp" "$TEST_USER_PASSWORD" ./my-bash -c true | tee "$TMP_DIR/canonical-path.log"
+ cat "$TMP_DIR/canonical-path.strace"
+ grep -qF "execve(\"$BASH_ABS\", [\"$PWD/./my-bash\"," "$TMP_DIR/canonical-path.strace"
+ grep -q "AUTHENTICATION COMPLETE" "$TMP_DIR/canonical-path.log"
+ rm -f "$TMP_DIR/canonical-path.log" "$TMP_DIR/canonical-path.strace"
+ rm -f "./my-bash"
+ rm -f "$TMP_DIR/preload.c" "$TMP_DIR/preload.so"
+fi

3
sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit.conf vendored
View File

@ -1,3 +0,0 @@
d /etc/polkit-1 - - - - -
d /etc/polkit-1/rules.d 0700 polkitd root - -
d /var/lib/polkit-1 0700 polkitd polkitd - -

4
sdk_container/src/third_party/portage-stable/sys-auth/polkit/metadata.xml vendored
View File

@ -5,7 +5,11 @@
<email>freedesktop-bugs@gentoo.org</email>
</maintainer>
<use>
<flag name="daemon">Build polkitd in addition to libpolkit.</flag>
<flag name="duktape">Use <pkg>dev-lang/duktape</pkg> instead of <pkg>dev-lang/spidermonkey</pkg> as JavaScript engine</flag>
<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag>
</use>
<upstream>
<remote-id type="github">polkit-org/polkit</remote-id>
</upstream>
</pkgmetadata>

71
sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-121.ebuild → sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-123-r1.ebuild vendored
View File

@ -1,14 +1,13 @@
# Copyright 1999-2022 Gentoo Authors
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{8..11} )
TMPFILES_OPTIONAL=1
inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils
PYTHON_COMPAT=( python3_{10..11} )
inherit meson pam pax-utils python-any-r1 systemd xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
if [[ ${PV} == *_p* ]] ; then
# Upstream don't make releases very often. Test snapshots throughly
# and review commits, but don't shy away if there's useful stuff there
@ -18,16 +17,15 @@ if [[ ${PV} == *_p* ]] ; then
S="${WORKDIR}"/${PN}-${MY_COMMIT}
else
SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
S="${WORKDIR}"/${PN}-v.${PV}
SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
fi
LICENSE="LGPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"
RESTRICT="!test? ( test )"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
IUSE="+daemon examples gtk +introspection kde pam selinux systemd test"
# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
RESTRICT="!test? ( test ) test"
# This seems to be fixed with 121?
#if [[ ${PV} == *_p* ]] ; then
@ -48,7 +46,7 @@ BDEPEND="
dev-util/glib-utils
sys-devel/gettext
virtual/pkgconfig
introspection? ( dev-libs/gobject-introspection )
introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
test? (
$(python_gen_any_dep '
dev-python/dbus-python[${PYTHON_USEDEP}]
@ -57,10 +55,9 @@ BDEPEND="
)
"
DEPEND="
dev-libs/glib:2
>=dev-libs/glib-2.32:2
dev-libs/expat
duktape? ( dev-lang/duktape:= )
!duktape? ( dev-lang/spidermonkey:91[-debug] )
daemon? ( dev-lang/duktape:= )
pam? (
sys-auth/pambase
sys-libs/pam
@ -69,7 +66,8 @@ DEPEND="
systemd? ( sys-apps/systemd:0=[policykit] )
!systemd? ( sys-auth/elogind )
"
RDEPEND="${DEPEND}
RDEPEND="
${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
@ -85,7 +83,13 @@ DOCS=( docs/TODO HACKING.md NEWS.md README.md )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd"
usr/lib/polkit-1/polkitd
"
PATCHES=(
"${FILESDIR}"/${P}-mozjs-JIT.patch
"${FILESDIR}"/${P}-pkexec-uninitialized.patch
)
python_check_deps() {
python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
@ -97,11 +101,6 @@ pkg_setup() {
}
src_prepare() {
local PATCHES=(
# musl
"${FILESDIR}"/${PN}-0.120_p20220509-make-netgroup-support-optional.patch
)
default
# bug #401513
@ -120,7 +119,8 @@ src_configure() {
-Dos_type=gentoo
-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
-Djs_engine=$(usex duktape duktape mozjs)
-Djs_engine=duktape
$(meson_use !daemon libs-only)
$(meson_use introspection)
$(meson_use test tests)
$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
@ -138,21 +138,22 @@ src_compile() {
src_install() {
meson_src_install
dodir /usr/share/polkit-1/rules.d
dodir /usr/lib/pam.d
mv "${D}"/{etc,usr/share}/polkit-1/rules.d/50-default.rules || die
mv "${D}"/{etc,usr/lib}/pam.d/polkit-1 || die
rmdir "${D}"/etc/polkit-1/rules.d "${D}"/etc/polkit-1 || die
rmdir "${D}"/etc/pam.d || die
dotmpfiles "${FILESDIR}/polkit.conf"
if use examples ; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
diropts -m 0700 -o polkitd
keepdir /usr/share/polkit-1/rules.d
if use daemon; then
if [[ ${EUID} == 0 ]]; then
diropts -m 0700 -o polkitd
fi
keepdir /etc/polkit-1/rules.d
fi
}
pkg_postinst() {
if use daemon && [[ ${EUID} == 0 ]]; then
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
fi
}

156
sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-124-r1.ebuild vendored Normal file
View File

@ -0,0 +1,156 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..12} )
inherit meson pam pax-utils python-any-r1 systemd xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
if [[ ${PV} == *_p* ]] ; then
# Upstream don't make releases very often. Test snapshots throughly
# and review commits, but don't shy away if there's useful stuff there
# we want.
MY_COMMIT=""
SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
S="${WORKDIR}"/${PN}-${MY_COMMIT}
else
SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
fi
LICENSE="LGPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
RESTRICT="!test? ( test )"
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
dev-libs/glib
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
sys-devel/gettext
virtual/pkgconfig
introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
test? (
$(python_gen_any_dep '
dev-python/dbus-python[${PYTHON_USEDEP}]
dev-python/python-dbusmock[${PYTHON_USEDEP}]
')
)
"
DEPEND="
>=dev-libs/glib-2.32:2
dev-libs/expat
daemon? (
duktape? ( dev-lang/duktape:= )
!duktape? ( dev-lang/spidermonkey:115[-debug] )
)
pam? (
sys-auth/pambase
sys-libs/pam
)
!pam? ( virtual/libcrypt:= )
systemd? ( sys-apps/systemd:0=[policykit] )
!systemd? ( sys-auth/elogind )
"
RDEPEND="
${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING.md NEWS.md README.md )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd
"
PATCHES=(
"${FILESDIR}"/${PN}-124-systemd.patch
"${FILESDIR}"/${PN}-124-systemd-fixup.patch
"${FILESDIR}"/${PN}-124-c99-fixes.patch
)
python_check_deps() {
python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
}
pkg_setup() {
use test && python-any-r1_pkg_setup
}
src_prepare() {
default
# bug #401513
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
}
src_configure() {
xdg_environment_reset
local emesonargs=(
--localstatedir="${EPREFIX}"/var
-Dauthfw="$(usex pam pam shadow)"
-Dexamples=false
-Dgtk_doc=false
-Dman=true
-Dos_type=gentoo
-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
-Djs_engine=$(usex duktape duktape mozjs)
$(meson_use !daemon libs-only)
$(meson_use introspection)
$(meson_use test tests)
$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
)
meson_src_configure
}
src_compile() {
meson_src_compile
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
meson_src_install
# acct-user/polkitd installs its own (albeit with a different filename)
rm -rf "${ED}"/usr/lib/sysusers.d || die
if use examples ; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
if use daemon; then
if [[ ${EUID} == 0 ]]; then
diropts -m 0700 -o polkitd
fi
keepdir /etc/polkit-1/rules.d
fi
}
pkg_postinst() {
if use daemon && [[ ${EUID} == 0 ]]; then
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
fi
}

159
sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125-r1.ebuild vendored Normal file
View File

@ -0,0 +1,159 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..12} )
inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
if [[ ${PV} == *_p* ]] ; then
# Upstream don't make releases very often. Test snapshots throughly
# and review commits, but don't shy away if there's useful stuff there
# we want.
MY_COMMIT=""
SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}"/${PN}-${MY_COMMIT}
else
SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz"
fi
LICENSE="LGPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
# Tests restricted b/c of permissions
RESTRICT="!test? ( test ) test"
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
dev-libs/glib
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
sys-devel/gettext
virtual/pkgconfig
introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
test? (
$(python_gen_any_dep '
dev-python/dbus-python[${PYTHON_USEDEP}]
dev-python/python-dbusmock[${PYTHON_USEDEP}]
')
)
"
DEPEND="
>=dev-libs/glib-2.32:2
dev-libs/expat
daemon? (
duktape? ( dev-lang/duktape:= )
!duktape? ( dev-lang/spidermonkey:115[-debug] )
)
pam? (
sys-auth/pambase
sys-libs/pam
)
!pam? ( virtual/libcrypt:= )
systemd? ( sys-apps/systemd:0=[policykit] )
!systemd? ( sys-auth/elogind )
"
RDEPEND="
${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING.md NEWS.md README.md )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd
"
PATCHES=(
"${FILESDIR}"/${P}-musl.patch
# fix incorrect feature detection
"${FILESDIR}"/8cf58abef12e61f369af3f583af349b0e086ba27.patch
)
python_check_deps() {
python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
}
pkg_setup() {
use test && python-any-r1_pkg_setup
}
src_prepare() {
default
# bug #401513
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
}
src_configure() {
xdg_environment_reset
local emesonargs=(
--localstatedir="${EPREFIX}"/var
-Dauthfw="$(usex pam pam shadow)"
-Dexamples=false
-Dgtk_doc=false
-Dman=true
-Dos_type=gentoo
-Djs_engine=$(usex duktape duktape mozjs)
-Dpam_module_dir=$(getpam_mod_dir)
-Dsession_tracking="$(usex systemd logind elogind)"
-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
$(meson_use !daemon libs-only)
$(meson_use introspection)
$(meson_use test tests)
)
meson_src_configure
}
src_compile() {
meson_src_compile
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
meson_src_install
# acct-user/polkitd installs its own (albeit with a different filename)
rm -rf "${ED}"/usr/lib/sysusers.d || die
if use examples ; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
if use daemon; then
if [[ ${EUID} == 0 ]]; then
diropts -m 0700 -o polkitd
fi
keepdir /etc/polkit-1/rules.d
fi
}
pkg_postinst() {
tmpfiles_process polkit-tmpfiles.conf
if use daemon && [[ ${EUID} == 0 ]]; then
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
fi
}

157
sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125.ebuild vendored Normal file
View File

@ -0,0 +1,157 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..12} )
inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
if [[ ${PV} == *_p* ]] ; then
# Upstream don't make releases very often. Test snapshots throughly
# and review commits, but don't shy away if there's useful stuff there
# we want.
MY_COMMIT=""
SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}"/${PN}-${MY_COMMIT}
else
SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz"
fi
LICENSE="LGPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
# Tests restricted b/c of permissions
RESTRICT="!test? ( test ) test"
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
dev-libs/glib
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
sys-devel/gettext
virtual/pkgconfig
introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
test? (
$(python_gen_any_dep '
dev-python/dbus-python[${PYTHON_USEDEP}]
dev-python/python-dbusmock[${PYTHON_USEDEP}]
')
)
"
DEPEND="
>=dev-libs/glib-2.32:2
dev-libs/expat
daemon? (
duktape? ( dev-lang/duktape:= )
!duktape? ( dev-lang/spidermonkey:115[-debug] )
)
pam? (
sys-auth/pambase
sys-libs/pam
)
!pam? ( virtual/libcrypt:= )
systemd? ( sys-apps/systemd:0=[policykit] )
!systemd? ( sys-auth/elogind )
"
RDEPEND="
${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING.md NEWS.md README.md )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd
"
PATCHES=(
"${FILESDIR}"/${P}-musl.patch
)
python_check_deps() {
python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
}
pkg_setup() {
use test && python-any-r1_pkg_setup
}
src_prepare() {
default
# bug #401513
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
}
src_configure() {
xdg_environment_reset
local emesonargs=(
--localstatedir="${EPREFIX}"/var
-Dauthfw="$(usex pam pam shadow)"
-Dexamples=false
-Dgtk_doc=false
-Dman=true
-Dos_type=gentoo
-Djs_engine=$(usex duktape duktape mozjs)
-Dpam_module_dir=$(getpam_mod_dir)
-Dsession_tracking="$(usex systemd logind elogind)"
-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
$(meson_use !daemon libs-only)
$(meson_use introspection)
$(meson_use test tests)
)
meson_src_configure
}
src_compile() {
meson_src_compile
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
meson_src_install
# acct-user/polkitd installs its own (albeit with a different filename)
rm -rf "${ED}"/usr/lib/sysusers.d || die
if use examples ; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
if use daemon; then
if [[ ${EUID} == 0 ]]; then
diropts -m 0700 -o polkitd
fi
keepdir /etc/polkit-1/rules.d
fi
}
pkg_postinst() {
tmpfiles_process polkit-tmpfiles.conf
if use daemon && [[ ${EUID} == 0 ]]; then
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
fi
}

165
sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126-r1.ebuild vendored Normal file
View File

@ -0,0 +1,165 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..13} )
inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
if [[ ${PV} == 9999 ]] ; then
EGIT_REPO_URI="https://github.com/polkit-org/polkit"
inherit git-r3
elif [[ ${PV} == *_p* ]] ; then
# Upstream don't make releases very often. Test snapshots throughly
# and review commits, but don't shy away if there's useful stuff there
# we want.
MY_COMMIT=""
SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}"/${PN}-${MY_COMMIT}
else
SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz"
fi
LICENSE="LGPL-2"
SLOT="0"
if [[ ${PV} != 9999 ]] ; then
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi
IUSE="+daemon examples gtk +introspection kde pam nls selinux systemd test"
RESTRICT="!test? ( test )"
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
>=dev-libs/glib-2.32
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
virtual/pkgconfig
introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
nls? ( sys-devel/gettext )
test? (
$(python_gen_any_dep '
dev-python/dbus-python[${PYTHON_USEDEP}]
dev-python/python-dbusmock[${PYTHON_USEDEP}]
')
)
"
DEPEND="
>=dev-libs/glib-2.32:2
dev-libs/expat
daemon? (
dev-lang/duktape:=
)
pam? (
sys-auth/pambase
sys-libs/pam
)
!pam? ( virtual/libcrypt:= )
systemd? ( sys-apps/systemd:0=[policykit] )
!systemd? ( sys-auth/elogind )
"
RDEPEND="
${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING.md NEWS.md README.md )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd
"
PATCHES=(
"${FILESDIR}"/${P}-elogind.patch
"${FILESDIR}"/${P}-realpath.patch
"${FILESDIR}"/${P}-musl.patch
)
python_check_deps() {
python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
}
pkg_setup() {
use test && python-any-r1_pkg_setup
}
src_prepare() {
default
# bug #401513
sed -i -e 's|unix-group:@PRIVILEGED_GROUP@|unix-user:@PRIVILEGED_GROUP@|' src/polkitbackend/*-default.rules.in || die
}
src_configure() {
xdg_environment_reset
local emesonargs=(
--localstatedir="${EPREFIX}"/var
-Dauthfw="$(usex pam pam shadow)"
-Dexamples=false
-Dgtk_doc=false
-Dman=true
-Dos_type=gentoo
-Dpam_module_dir=$(getpam_mod_dir)
-Dprivileged_group=0
-Dsession_tracking="$(usex systemd logind elogind)"
-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
$(meson_use !daemon libs-only)
$(meson_use introspection)
$(meson_use nls gettext)
$(meson_use test tests)
)
meson_src_configure
}
src_compile() {
meson_src_compile
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
meson_src_install
# acct-user/polkitd installs its own (albeit with a different filename)
rm -rf "${ED}"/usr/lib/sysusers.d || die
if use examples ; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
if use daemon; then
if [[ ${EUID} == 0 ]]; then
diropts -m 0700 -o polkitd
fi
keepdir /etc/polkit-1/rules.d
fi
}
pkg_postinst() {
if use daemon ; then
tmpfiles_process polkit-tmpfiles.conf
if [[ ${EUID} == 0 ]]; then
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
fi
fi
}

157
sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126.ebuild vendored Normal file
View File

@ -0,0 +1,157 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..12} )
inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
if [[ ${PV} == 9999 ]] ; then
EGIT_REPO_URI="https://github.com/polkit-org/polkit"
inherit git-r3
elif [[ ${PV} == *_p* ]] ; then
# Upstream don't make releases very often. Test snapshots throughly
# and review commits, but don't shy away if there's useful stuff there
# we want.
MY_COMMIT=""
SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}"/${PN}-${MY_COMMIT}
else
SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz"
fi
LICENSE="LGPL-2"
SLOT="0"
if [[ ${PV} != 9999 ]] ; then
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi
IUSE="+daemon examples gtk +introspection kde pam nls selinux systemd test"
RESTRICT="!test? ( test )"
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
>=dev-libs/glib-2.32
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
virtual/pkgconfig
introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
nls? ( sys-devel/gettext )
test? (
$(python_gen_any_dep '
dev-python/dbus-python[${PYTHON_USEDEP}]
dev-python/python-dbusmock[${PYTHON_USEDEP}]
')
)
"
DEPEND="
>=dev-libs/glib-2.32:2
dev-libs/expat
daemon? (
dev-lang/duktape:=
)
pam? (
sys-auth/pambase
sys-libs/pam
)
!pam? ( virtual/libcrypt:= )
systemd? ( sys-apps/systemd:0=[policykit] )
!systemd? ( sys-auth/elogind )
"
RDEPEND="
${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING.md NEWS.md README.md )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd
"
python_check_deps() {
python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
}
pkg_setup() {
use test && python-any-r1_pkg_setup
}
src_prepare() {
default
# bug #401513
sed -i -e 's|unix-group:@PRIVILEGED_GROUP@|unix-user:@PRIVILEGED_GROUP@|' src/polkitbackend/*-default.rules.in || die
}
src_configure() {
xdg_environment_reset
local emesonargs=(
--localstatedir="${EPREFIX}"/var
-Dauthfw="$(usex pam pam shadow)"
-Dexamples=false
-Dgtk_doc=false
-Dman=true
-Dos_type=gentoo
-Dpam_module_dir=$(getpam_mod_dir)
-Dprivileged_group=0
-Dsession_tracking="$(usex systemd logind elogind)"
-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
$(meson_use !daemon libs-only)
$(meson_use introspection)
$(meson_use nls gettext)
$(meson_use test tests)
)
meson_src_configure
}
src_compile() {
meson_src_compile
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
meson_src_install
# acct-user/polkitd installs its own (albeit with a different filename)
rm -rf "${ED}"/usr/lib/sysusers.d || die
if use examples ; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
if use daemon; then
if [[ ${EUID} == 0 ]]; then
diropts -m 0700 -o polkitd
fi
keepdir /etc/polkit-1/rules.d
fi
}
pkg_postinst() {
tmpfiles_process polkit-tmpfiles.conf
if use daemon && [[ ${EUID} == 0 ]]; then
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
fi
}

160
sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999-r1.ebuild vendored Normal file
View File

@ -0,0 +1,160 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..12} )
inherit meson pam pax-utils python-any-r1 systemd xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
if [[ ${PV} == 9999 ]] ; then
EGIT_REPO_URI="https://github.com/polkit-org/polkit"
inherit git-r3
elif [[ ${PV} == *_p* ]] ; then
# Upstream don't make releases very often. Test snapshots throughly
# and review commits, but don't shy away if there's useful stuff there
# we want.
MY_COMMIT=""
SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}"/${PN}-${MY_COMMIT}
else
SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz"
fi
LICENSE="LGPL-2"
SLOT="0"
if [[ ${PV} != 9999 ]] ; then
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi
IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
RESTRICT="!test? ( test )"
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
dev-libs/glib
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
sys-devel/gettext
virtual/pkgconfig
introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
test? (
$(python_gen_any_dep '
dev-python/dbus-python[${PYTHON_USEDEP}]
dev-python/python-dbusmock[${PYTHON_USEDEP}]
')
)
"
DEPEND="
>=dev-libs/glib-2.32:2
dev-libs/expat
daemon? (
duktape? ( dev-lang/duktape:= )
!duktape? ( dev-lang/spidermonkey:115[-debug] )
)
pam? (
sys-auth/pambase
sys-libs/pam
)
!pam? ( virtual/libcrypt:= )
systemd? ( sys-apps/systemd:0=[policykit] )
!systemd? ( sys-auth/elogind )
"
RDEPEND="
${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING.md NEWS.md README.md )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd
"
python_check_deps() {
python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
}
pkg_setup() {
use test && python-any-r1_pkg_setup
}
src_prepare() {
default
# FIXME: Horrible hack to facilitate testing in bug #934314
patch -p1 -f < "${FILESDIR}"/${PN}-124-systemd.patch
patch -p1 -f < "${FILESDIR}"/${PN}-124-systemd-fixup.patch
patch -p1 -f < "${FILESDIR}"/${PN}-124-c99-fixes.patch
sed -i -e "s:dependency('systemd':dependency('libelogind':" meson.build || die
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
}
src_configure() {
xdg_environment_reset
local emesonargs=(
--localstatedir="${EPREFIX}"/var
-Dauthfw="$(usex pam pam shadow)"
-Dexamples=false
-Dgtk_doc=false
-Dman=true
-Dos_type=gentoo
-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
-Djs_engine=$(usex duktape duktape mozjs)
$(meson_use !daemon libs-only)
$(meson_use introspection)
$(meson_use test tests)
$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
)
meson_src_configure
}
src_compile() {
meson_src_compile
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
meson_src_install
# acct-user/polkitd installs its own (albeit with a different filename)
rm -rf "${ED}"/usr/lib/sysusers.d || die
if use examples ; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
if use daemon; then
if [[ ${EUID} == 0 ]]; then
diropts -m 0700 -o polkitd
fi
keepdir /etc/polkit-1/rules.d
fi
}
pkg_postinst() {
if use daemon && [[ ${EUID} == 0 ]]; then
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
fi
}

165
sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999.ebuild vendored Normal file
View File

@ -0,0 +1,165 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..13} )
inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
if [[ ${PV} == 9999 ]] ; then
EGIT_REPO_URI="https://github.com/polkit-org/polkit"
inherit git-r3
elif [[ ${PV} == *_p* ]] ; then
# Upstream don't make releases very often. Test snapshots throughly
# and review commits, but don't shy away if there's useful stuff there
# we want.
MY_COMMIT=""
SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}"/${PN}-${MY_COMMIT}
else
SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz"
fi
LICENSE="LGPL-2"
SLOT="0"
if [[ ${PV} != 9999 ]] ; then
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi
IUSE="+daemon examples gtk +introspection kde pam nls selinux systemd test"
RESTRICT="!test? ( test )"
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
>=dev-libs/glib-2.32
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
virtual/pkgconfig
introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
nls? ( sys-devel/gettext )
test? (
$(python_gen_any_dep '
dev-python/dbus-python[${PYTHON_USEDEP}]
dev-python/python-dbusmock[${PYTHON_USEDEP}]
')
)
"
DEPEND="
>=dev-libs/glib-2.32:2
dev-libs/expat
daemon? (
dev-lang/duktape:=
)
pam? (
sys-auth/pambase
sys-libs/pam
)
!pam? ( virtual/libcrypt:= )
systemd? ( sys-apps/systemd:0=[policykit] )
!systemd? ( sys-auth/elogind )
"
RDEPEND="
${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING.md NEWS.md README.md )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd
"
PATCHES=(
"${FILESDIR}"/${P}-elogind.patch
"${FILESDIR}"/${P}-realpath.patch
"${FILESDIR}"/${P}-musl.patch
)
python_check_deps() {
python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
}
pkg_setup() {
use test && python-any-r1_pkg_setup
}
src_prepare() {
default
# bug #401513
sed -i -e 's|unix-group:@PRIVILEGED_GROUP@|unix-user:@PRIVILEGED_GROUP@|' src/polkitbackend/*-default.rules.in || die
}
src_configure() {
xdg_environment_reset
local emesonargs=(
--localstatedir="${EPREFIX}"/var
-Dauthfw="$(usex pam pam shadow)"
-Dexamples=false
-Dgtk_doc=false
-Dman=true
-Dos_type=gentoo
-Dpam_module_dir=$(getpam_mod_dir)
-Dprivileged_group=0
-Dsession_tracking="$(usex systemd logind elogind)"
-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
$(meson_use !daemon libs-only)
$(meson_use introspection)
$(meson_use nls gettext)
$(meson_use test tests)
)
meson_src_configure
}
src_compile() {
meson_src_compile
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
meson_src_install
# acct-user/polkitd installs its own (albeit with a different filename)
rm -rf "${ED}"/usr/lib/sysusers.d || die
if use examples ; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
if use daemon; then
if [[ ${EUID} == 0 ]]; then
diropts -m 0700 -o polkitd
fi
keepdir /etc/polkit-1/rules.d
fi
}
pkg_postinst() {
if use daemon ; then
tmpfiles_process polkit-tmpfiles.conf
if [[ ${EUID} == 0 ]]; then
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
fi
fi
}