From 4d152fc93e8c2ac4165ef773296895d320c610ef Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Thu, 3 Apr 2025 16:51:56 +0200 Subject: [PATCH] sys-auth/polkit: Sync with Gentoo It's from Gentoo commit 80d4449eb6cd125ca355842ebd03890e907bc5df. --- .../portage-stable/sys-auth/polkit/Manifest | 5 +- ...8abef12e61f369af3f583af349b0e086ba27.patch | 58 +++++ ...20509-make-netgroup-support-optional.patch | 231 ------------------ .../polkit/files/polkit-123-mozjs-JIT.patch | 36 +++ .../polkit-123-pkexec-uninitialized.patch | 35 +++ .../polkit/files/polkit-124-c99-fixes.patch | 111 +++++++++ .../files/polkit-124-systemd-fixup.patch | 28 +++ .../polkit/files/polkit-124-systemd.patch | 50 ++++ .../polkit/files/polkit-125-musl.patch | 34 +++ .../polkit/files/polkit-126-elogind.patch | 37 +++ .../polkit/files/polkit-126-musl.patch | 34 +++ .../polkit/files/polkit-126-realpath.patch | 133 ++++++++++ .../sys-auth/polkit/files/polkit.conf | 3 - .../sys-auth/polkit/metadata.xml | 4 + ...polkit-121.ebuild => polkit-123-r1.ebuild} | 71 +++--- .../sys-auth/polkit/polkit-124-r1.ebuild | 156 ++++++++++++ .../sys-auth/polkit/polkit-125-r1.ebuild | 159 ++++++++++++ .../sys-auth/polkit/polkit-125.ebuild | 157 ++++++++++++ .../sys-auth/polkit/polkit-126-r1.ebuild | 165 +++++++++++++ .../sys-auth/polkit/polkit-126.ebuild | 157 ++++++++++++ .../sys-auth/polkit/polkit-9999-r1.ebuild | 160 ++++++++++++ .../sys-auth/polkit/polkit-9999.ebuild | 165 +++++++++++++ 22 files changed, 1719 insertions(+), 270 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/8cf58abef12e61f369af3f583af349b0e086ba27.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-c99-fixes.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd-fixup.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-125-musl.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-elogind.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-musl.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-realpath.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit.conf rename sdk_container/src/third_party/portage-stable/sys-auth/polkit/{polkit-121.ebuild => polkit-123-r1.ebuild} (70%) create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-124-r1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125-r1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126-r1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999-r1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999.ebuild diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/Manifest b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/Manifest index 9f7fb1747d..91a8d2edf2 100644 --- a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/Manifest +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/Manifest @@ -1 +1,4 @@ -DIST polkit-121.tar.gz 743287 BLAKE2B 6ebda8fc866ef960281ef912a3d3c45572da3ba90a84026e386b78ced8eaadc6cfc0e88d6e5a75133bf99e28041f8b29b236bb0e9666dd1ffc43af2227a5cb2d SHA512 f565027b80f32833c558900b612e089ab25027da5bf9a90c421a292467d4db9a291f6dc9850c4bca8f9ee890d476fd064a643a5f7e28497661ba1e31d4227624 +DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6 +DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc +DIST polkit-125.tar.gz 453652 BLAKE2B 068bd4a7c028a0b4e026a0fdc3a60bd323087282a5c5bd7cbc404dbedb997de63893ce2282e8cd5f01f8d98ff0cc1a46200543a832fa397a4f50ef8d6ba2b28b SHA512 64d85c1557355d6de6483beeb855b74a99dbb30cf9968206dc0aaf147156072ca2604bf667533099ee3972b3eed0421ec0a1ff8bea35a1e4c54da7b9688e0953 +DIST polkit-126.tar.gz 456138 BLAKE2B 2e86c8853edf29879d8367b77d210d3a891178297cb5f9eb204a953bfaa66f6ff2307da265f4c3f89265ba8ce32e94641272d654a78d116dfb32a65d402f877a SHA512 dbdbc31b7a231c963788b37cf1a138e30336466fb662225a812faaf58e45439925d9d39346cc8f07e54f22040c2f142435acb9fded315d33e24930e0abc736c7 diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/8cf58abef12e61f369af3f583af349b0e086ba27.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/8cf58abef12e61f369af3f583af349b0e086ba27.patch new file mode 100644 index 0000000000..44a6958eb4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/8cf58abef12e61f369af3f583af349b0e086ba27.patch @@ -0,0 +1,58 @@ +From 8cf58abef12e61f369af3f583af349b0e086ba27 Mon Sep 17 00:00:00 2001 +From: Eli Schwartz +Date: Sun, 20 Oct 2024 15:18:55 -0400 +Subject: [PATCH] meson: correctly test for setnetgrent return type + +meson doesn't automatically add all project arguments to configure +checks -- nor incrementally the inline value of all configuration_data +entries. + +But that meant it was missing -D_GNU_SOURCE, as well as a define added +to config.h itself. As a result, this check failed to detect the +necessary function definition and failed to link. + +``` +Command line: `gcc-14 /var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c -o /var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/output.obj -c -pipe -march=native -fstack-protector-all -O2 -fdiagnostics-color=always -frecord-gcc-switches -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing -Wformat -Werror=format-security -Werror=implicit-function-declaration -Werror=implicit-int -Werror=int-conversion -Werror=incompatible-pointer-types -D_FILE_OFFSET_BITS=64 -O0 -std=c99` -> 1 +stderr: +/var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c: In function 'main': +/var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c:9:17: error: implicit declaration of function 'setnetgrent'; did you mean 'setnetent'? [-Wimplicit-function-declaration] + 9 | int r = setnetgrent (NULL); + | ^~~~~~~~~~~ + | setnetent +----------- +Checking if "setnetgrent return support" compiles: NO +``` + +Bug: https://bugs.gentoo.org/938870 +Signed-off-by: Eli Schwartz +--- + meson.build | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/meson.build b/meson.build +index 0800c88..a0b440d 100644 +--- a/meson.build ++++ b/meson.build +@@ -159,7 +159,8 @@ host_system = host_machine.system() + config_data.set('HAVE_' + host_system.to_upper(), true) + + # Check whether setnetgrent has a return value +-config_data.set('HAVE_NETGROUP_H', cc.has_header('netgroup.h')) ++have_netgroup_h = cc.has_header('netgroup.h') ++config_data.set('HAVE_NETGROUP_H', have_netgroup_h) + + if config_data.get('HAVE_SETNETGRENT', false) + setnetgrent_return_src = ''' +@@ -174,7 +175,11 @@ if config_data.get('HAVE_SETNETGRENT', false) + }; + ''' + +- config_data.set('HAVE_SETNETGRENT_RETURN', cc.compiles(setnetgrent_return_src, name: 'setnetgrent return support')) ++ args = ['-D_GNU_SOURCE'] ++ if have_netgroup_h ++ args += '-DHAVE_NETGROUP_H' ++ endif ++ config_data.set('HAVE_SETNETGRENT_RETURN', cc.compiles(setnetgrent_return_src, args: args, name: 'setnetgrent return support')) + endif + + # Select wether to use logind, elogind or ConsoleKit for session tracking diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch deleted file mode 100644 index 2922b86066..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch +++ /dev/null @@ -1,231 +0,0 @@ -Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch. - -https://bugs.gentoo.org/833753 -https://bugs.gentoo.org/561672 -https://bugs.freedesktop.org/show_bug.cgi?id=50145 -https://gitlab.freedesktop.org/polkit/polkit/-/issues/14 - -Patch has been rebased a bit since but keeping original headers. - -From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001 -From: "A. Wilcox" -Date: Wed, 11 Jul 2018 04:54:26 -0500 -Subject: [PATCH] make netgroup support optional - -On at least Linux/musl and Linux/uclibc, netgroup support is not -available. PolKit fails to compile on these systems for that reason. - -This change makes netgroup support conditional on the presence of the -setnetgrent(3) function which is required for the support to work. If -that function is not available on the system, an error will be returned -to the administrator if unix-netgroup: is specified in configuration. - -Fixes bug 50145. - -Signed-off-by: A. Wilcox ---- a/meson.build -+++ b/meson.build -@@ -89,6 +89,7 @@ config_h.set('_GNU_SOURCE', true) - check_functions = [ - 'clearenv', - 'fdatasync', -+ 'setnetgrent', - ] - - foreach func: check_functions ---- a/src/polkit/polkitidentity.c -+++ b/src/polkit/polkitidentity.c -@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, - } - else if (g_str_has_prefix (str, "unix-netgroup:")) - { -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine ('%s')", -+ str); -+#else - identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); -+#endif - } - - if (identity == NULL && (error != NULL && *error == NULL)) -@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, - GVariant *v; - const char *name; - -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine"); -+ goto out; -+#else -+ - v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); - if (v == NULL) - { -@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, - name = g_variant_get_string (v, NULL); - ret = polkit_unix_netgroup_new (name); - g_variant_unref (v); -+#endif - } - else - { ---- a/src/polkit/polkitunixnetgroup.c -+++ b/src/polkit/polkitunixnetgroup.c -@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, - PolkitIdentity * - polkit_unix_netgroup_new (const gchar *name) - { -+#ifndef HAVE_SETNETGRENT -+ g_assert_not_reached(); -+#endif - g_return_val_if_fail (name != NULL, NULL); - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, - "name", name, ---- a/src/polkitbackend/polkitbackendduktapeauthority.c -+++ b/src/polkitbackend/polkitbackendduktapeauthority.c -@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) - - user = duk_require_string (cx, 0); - netgroup = duk_require_string (cx, 1); -- -+#ifdef HAVE_SETNETGRENT - if (innetgr (netgroup, - NULL, /* host */ - user, -@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) - { - is_in_netgroup = TRUE; - } -- -+#endif - duk_push_boolean (cx, is_in_netgroup); - return 1; - } ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -2248,25 +2248,26 @@ get_users_in_net_group (PolkitIdentity *group, - GList *ret; - - ret = NULL; -+#ifdef HAVE_SETNETGRENT - name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); - --#ifdef HAVE_SETNETGRENT_RETURN -+# ifdef HAVE_SETNETGRENT_RETURN - if (setnetgrent (name) == 0) - { - g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); - goto out; - } --#else -+# else - setnetgrent (name); --#endif -+# endif /* HAVE_SETNETGRENT_RETURN */ - - for (;;) - { --#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) -+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) - const char *hostname, *username, *domainname; --#else -+# else - char *hostname, *username, *domainname; --#endif -+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ - PolkitIdentity *user; - GError *error = NULL; - -@@ -2297,6 +2298,7 @@ get_users_in_net_group (PolkitIdentity *group, - - out: - endnetgrent (); -+#endif /* HAVE_SETNETGRENT */ - return ret; - } - ---- a/src/polkitbackend/polkitbackendjsauthority.cpp -+++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -1271,6 +1271,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - - JS::CallArgs args = JS::CallArgsFromVp (argc, vp); - -+#ifdef HAVE_SETNETGRENT - JS::RootedString usrstr (authority->priv->cx); - usrstr = args[0].toString(); - user = JS_EncodeStringToUTF8 (cx, usrstr); -@@ -1285,6 +1286,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - { - is_in_netgroup = true; - } -+#endif - - ret = true; - ---- a/test/polkit/polkitidentitytest.c -+++ b/test/polkit/polkitidentitytest.c -@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = { - {"unix-group:root", "unix-group:jane", FALSE}, - {"unix-group:jane", "unix-group:jane", TRUE}, - -+#ifdef HAVE_SETNETGRENT - {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, - {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, -+#endif - - {"unix-user:root", "unix-group:root", FALSE}, -+#ifdef HAVE_SETNETGRENT - {"unix-user:jane", "unix-netgroup:foo", FALSE}, -+#endif - - {NULL}, - }; -@@ -181,11 +185,13 @@ main (int argc, char *argv[]) - g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); - g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); - -+#ifdef HAVE_SETNETGRENT - g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); -+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); -+#endif - - g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); - g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); -- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); - - add_comparison_tests (); - ---- a/test/polkit/polkitunixnetgrouptest.c -+++ b/test/polkit/polkitunixnetgrouptest.c -@@ -69,7 +69,9 @@ int - main (int argc, char *argv[]) - { - g_test_init (&argc, &argv, NULL); -+#ifdef HAVE_SETNETGRENT - g_test_add_func ("/PolkitUnixNetgroup/new", test_new); - g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); -+#endif - return g_test_run (); - } ---- a/test/polkitbackend/test-polkitbackendjsauthority.c -+++ b/test/polkitbackend/test-polkitbackendjsauthority.c -@@ -137,12 +137,14 @@ test_get_admin_identities (void) - "unix-group:users" - } - }, -+#ifdef HAVE_SETNETGRENT - { - "net.company.action3", - { - "unix-netgroup:foo" - } - }, -+#endif - }; - guint n; - diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch new file mode 100644 index 0000000000..5b3f2c4a36 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch @@ -0,0 +1,36 @@ +https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb + +From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Sat, 29 Jul 2023 17:44:58 +0800 +Subject: [PATCH] jsauthority: mozjs: Disable JIT + +The JIT compiling of mozjs needs W/X mapping, but our systemd hardening +setting does not allow it. + +For polkit, security is much more important than the speed running +Javascript code in rule files, so we should disable JIT. + +Fixes #199. +--- a/src/polkitbackend/polkitbackendjsauthority.cpp ++++ b/src/polkitbackend/polkitbackendjsauthority.cpp +@@ -56,7 +56,16 @@ + static class JsInitHelperType + { + public: +- JsInitHelperType() { JS_Init(); } ++ JsInitHelperType() ++ { ++ /* Disable JIT because it needs W/X mapping, which is not allowed by ++ * our systemd hardening setting. ++ */ ++ JS::DisableJitBackend(); ++ ++ JS_Init(); ++ } ++ + ~JsInitHelperType() { JS_ShutDown(); } + } JsInitHelper; + +-- +GitLab diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch new file mode 100644 index 0000000000..f19560943c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch @@ -0,0 +1,35 @@ +https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d + +From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001 +From: Vincent Mihalkovic +Date: Wed, 16 Aug 2023 08:59:55 +0000 +Subject: [PATCH] pkexec: fix uninitialized pointer warning + +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -53,6 +53,7 @@ + static gchar *original_user_name = NULL; + static gchar *original_cwd; + static gchar *command_line = NULL; ++static gchar *cmdline_short = NULL; + static struct passwd *pw; + + #ifndef HAVE_CLEARENV +@@ -508,6 +509,7 @@ main (int argc, char *argv[]) + path = NULL; + exec_argv = NULL; + command_line = NULL; ++ cmdline_short = NULL; + opt_user = NULL; + local_agent_handle = NULL; + +@@ -802,7 +804,6 @@ main (int argc, char *argv[]) + polkit_details_insert (details, "program", path); + polkit_details_insert (details, "command_line", command_line); + +- gchar *cmdline_short = NULL; + cmdline_short = g_strdup(command_line); + if (strlen(command_line) > 80) + g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ), +-- +GitLab diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-c99-fixes.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-c99-fixes.patch new file mode 100644 index 0000000000..00d3cbbd26 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-c99-fixes.patch @@ -0,0 +1,111 @@ +https://bugs.gentoo.org/925440 +https://github.com/polkit-org/polkit/commit/0d78d1e4bf5ab3ce11678005b220aac0cfc5bee5 + +From: Vincent Mihalkovic +Date: Fri, 8 Mar 2024 14:04:33 +0100 +Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file + where it is used +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes build error with GCC >= 14 and clang >= 17, +failing on: +``` +../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function ‘print_indent’ [-Wimplicit-function-declaration] + 25 | print_indent(stream, indent); + | ^~~~~~~~~~~~ +``` + +Closes: #6 +--- + subprojects/mocklibc.wrap | 2 + + .../packagefiles/mocklibc-print-indent.diff | 68 +++++++++++++++++++ + 2 files changed, 70 insertions(+) + create mode 100644 subprojects/packagefiles/mocklibc-print-indent.diff + +diff --git a/subprojects/mocklibc.wrap b/subprojects/mocklibc.wrap +index af82298..539ee83 100644 +--- a/subprojects/mocklibc.wrap ++++ b/subprojects/mocklibc.wrap +@@ -8,3 +8,5 @@ source_hash = b2236a6af1028414783e9734a46ea051916ec226479d6a55a3bb823bff68f120 + patch_url = https://wrapdb.mesonbuild.com/v1/projects/mocklibc/1.0/2/get_zip + patch_filename = mocklibc-1.0-2-wrap.zip + patch_hash = 0280f96a2eeb3c023e5acf4e00cef03d362868218d4a85347ea45137c0ef6c56 ++ ++diff_files = mocklibc-print-indent.diff +diff --git a/subprojects/packagefiles/mocklibc-print-indent.diff b/subprojects/packagefiles/mocklibc-print-indent.diff +new file mode 100644 +index 0000000..d8b2029 +--- /dev/null ++++ b/subprojects/packagefiles/mocklibc-print-indent.diff +@@ -0,0 +1,68 @@ ++From: Vincent Mihalkovic ++Date: Fri, 8 Mar 2024 14:04:33 +0100 ++Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file ++ where it is used ++MIME-Version: 1.0 ++Content-Type: text/plain; charset=UTF-8 ++Content-Transfer-Encoding: 8bit ++ ++This fixes build error with GCC >= 14 and clang >= 17, ++failing on: ++``` ++../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function ‘print_indent’ [-Wimplicit-function-declaration] ++ 25 | print_indent(stream, indent); ++ | ^~~~~~~~~~~~ ++``` ++ ++Closes: #6 ++--- ++ src/netgroup-debug.c | 11 +++++++++++ ++ src/netgroup.c | 11 ----------- ++ 2 files changed, 11 insertions(+), 11 deletions(-) ++ ++diff --git a/src/netgroup-debug.c b/src/netgroup-debug.c ++index 81d6e72..46e5b25 100644 ++--- a/src/netgroup-debug.c +++++ b/src/netgroup-debug.c ++@@ -21,6 +21,17 @@ ++ #include ++ #include ++ +++/** +++ * Print a varaible indentation to the stream. +++ * @param stream Stream to print to +++ * @param indent Number of indents to use +++ */ +++static void print_indent(FILE *stream, unsigned int indent) { +++ int i; +++ for (i = 0; i < indent; i++) +++ fprintf(stream, " "); +++} +++ ++ void netgroup_debug_print_entry(struct entry *entry, FILE *stream, unsigned int indent) { ++ print_indent(stream, indent); ++ ++diff --git a/src/netgroup.c b/src/netgroup.c ++index 06a8a89..e16e451 100644 ++--- a/src/netgroup.c +++++ b/src/netgroup.c ++@@ -71,17 +71,6 @@ static char *parser_copy_word(char **cur) { ++ return result; ++ } ++ ++-/** ++- * Print a varaible indentation to the stream. ++- * @param stream Stream to print to ++- * @param indent Number of indents to use ++- */ ++-void print_indent(FILE *stream, unsigned int indent) { ++- int i; ++- for (i = 0; i < indent; i++) ++- fprintf(stream, " "); ++-} ++- ++ /** ++ * Connect entries with 'child' type to their child entries. ++ * @param headentry Head of list of entries that need to be connected ++-- ++2.43.0 +-- diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd-fixup.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd-fixup.patch new file mode 100644 index 0000000000..a4dd7eafcf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd-fixup.patch @@ -0,0 +1,28 @@ +https://bugs.gentoo.org/922458 +https://github.com/polkit-org/polkit/pull/417/files#r1458416421 +--- a/meson.build ++++ b/meson.build +@@ -212,14 +212,17 @@ if enable_logind + config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep)) + + # systemd unit / service files +- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + systemd_systemdsystemunitdir = get_option('systemdsystemunitdir') +- if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login' +- # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used +- systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') +- endif ++ if session_tracking == 'libsystemd-login' ++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + +- systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d') ++ if systemd_systemdsystemunitdir == '' ++ # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used ++ systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') ++ endif ++ ++ systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d') ++ endif + endif + config_h.set('HAVE_LIBSYSTEMD', enable_logind) + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd.patch new file mode 100644 index 0000000000..e9b10e99e5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd.patch @@ -0,0 +1,50 @@ +https://github.com/polkit-org/polkit/pull/417 + +From 69d6b94d590b4dd1fbbac22b4f4d449f46ef61aa Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 18 Jan 2024 15:07:32 +0000 +Subject: [PATCH] meson: fix build failure when -Dsystemdsystemunitdir is + specified + +When 'systemdsystemunitdir' is specified as an option the systemd_dep +variable is not defined, but the sysusers.d directory lookup uses it, +causing a build failure: + +dh_auto_configure -- \ + -Dexamples=false \ + -Dintrospection=true \ + -Dman=true \ + -Dsystemdsystemunitdir=/usr/lib/systemd/system \ + -Dtests=true \ + -Dgtk_doc=true -Dsession_tracking=libsystemd-login + cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 -Dexamples=false -Dintrospection=true -Dman=true -Dsystemdsystemunitdir=/usr/lib/systemd/system -Dtests=true -Dgtk_doc=true -Dsession_tracking=libsystemd-login +The Meson build system +Version: 1.3.1 +Source dir: /builds/bluca/polkit/debian/output/source_dir +Build dir: /builds/bluca/polkit/debian/output/source_dir/obj-x86_64-linux-gnu +Build type: native build +Project name: polkit +Project version: 124 + +<...> + +Run-time dependency libsystemd found: YES 255 +Checking for function "sd_uid_get_display" with dependency libsystemd: YES +Checking for function "sd_pidfd_get_session" with dependency libsystemd: YES +../meson.build:222:37: ERROR: Unknown variable "systemd_dep". + +Follow-up for 24f1e0af3f7bd17e220cb96201f3c654e737ad34 +--- a/meson.build ++++ b/meson.build +@@ -212,9 +212,9 @@ if enable_logind + config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep)) + + # systemd unit / service files ++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + systemd_systemdsystemunitdir = get_option('systemdsystemunitdir') + if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login' +- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used + systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') + endif + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-125-musl.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-125-musl.patch new file mode 100644 index 0000000000..ee0a444c91 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-125-musl.patch @@ -0,0 +1,34 @@ +https://github.com/polkit-org/polkit/commit/13bea3e08f924002a6a5c2f275d4bf1588fc3d02 + +From 13bea3e08f924002a6a5c2f275d4bf1588fc3d02 Mon Sep 17 00:00:00 2001 +From: Sertonix +Date: Sun, 11 Aug 2024 00:26:51 +0200 +Subject: [PATCH] Fix missing arguments with HAVE_PTHREAD_CONDATTR_SETCLOCK + +Fixes <64f5e4dda52> Add syslog-style log levels support +--- a/src/polkitbackend/polkitbackendduktapeauthority.c ++++ b/src/polkitbackend/polkitbackendduktapeauthority.c +@@ -767,12 +767,14 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx + #ifdef HAVE_PTHREAD_CONDATTR_SETCLOCK + if ((pthread_err = pthread_condattr_init(&attr))) { + polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ LOG_LEVEL_ERROR, + "Error initializing condition variable attributes: %s", + strerror(pthread_err)); + return FALSE; + } + if ((pthread_err = pthread_condattr_setclock(&attr, PK_CLOCK))) { + polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ LOG_LEVEL_ERROR, + "Error setting condition variable attributes: %s", + strerror(pthread_err)); + goto err_clean_condattr; +@@ -780,6 +782,7 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx + /* Init again, with needed attr */ + if ((pthread_err = pthread_cond_init(&ctx->cond, &attr))) { + polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ LOG_LEVEL_ERROR, + "Error initializing condition variable: %s", + strerror(pthread_err)); + goto err_clean_condattr; + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-elogind.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-elogind.patch new file mode 100644 index 0000000000..41245059c4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-elogind.patch @@ -0,0 +1,37 @@ +https://github.com/polkit-org/polkit/commit/55ee1b70456eca8281dda9612c485c619122f202 + +From 55ee1b70456eca8281dda9612c485c619122f202 Mon Sep 17 00:00:00 2001 +From: Jan Rybar +Date: Tue, 14 Jan 2025 13:47:54 +0100 +Subject: [PATCH] meson: fix unused dependency, fixes elogind FTBFS + +polkit-126 could not be built from source with elogind session service due +to wrong dependencies in meson.build. + +Author: @markhindley +--- + src/polkitbackend/meson.build | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/polkitbackend/meson.build b/src/polkitbackend/meson.build +index fc35e195..a807b41b 100644 +--- a/src/polkitbackend/meson.build ++++ b/src/polkitbackend/meson.build +@@ -37,7 +37,6 @@ deps += thread_dep + + if enable_logind + sources += files('polkitbackendsessionmonitor-systemd.c') +- + deps += logind_dep + else + sources += files('polkitbackendsessionmonitor.c') +@@ -73,7 +72,7 @@ executable( + program, + program + '.c', + include_directories: top_inc, +- dependencies: libpolkit_gobject_dep, ++ dependencies: deps, + c_args: c_flags, + link_with: libpolkit_backend, + install: true, + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-musl.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-musl.patch new file mode 100644 index 0000000000..3bc3cc1284 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-musl.patch @@ -0,0 +1,34 @@ +https://github.com/polkit-org/polkit/commit/074ad836836167190cfe5649f9fc50da2e79a0ab + +From 074ad836836167190cfe5649f9fc50da2e79a0ab Mon Sep 17 00:00:00 2001 +From: Jan Rybar +Date: Wed, 19 Feb 2025 14:20:22 +0100 +Subject: [PATCH] Fix musl compilation error on Alpine + +Disruptions between glibc and musl-(not-)predefined feature-test macros led to +a decision to remove a check for POSIX standards older than 17 years. It makes no +sense to test the existence of a macro that we explicitly define in +meson.build either (shall we test for _GNU_SOURCE). +--- + src/programs/pkexec.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index b439475f..4274c92b 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -674,12 +674,8 @@ main (int argc, char *argv[]) + argv[n] = path_abs; + } + } +-#if _POSIX_C_SOURCE >= 200809L ++ + s = realpath(path, NULL); +-#else +- s = NULL; +-# error We have to deal with realpath(3) PATH_MAX madness +-#endif + if (s != NULL) + { + /* The called program resolved to the canonical location. We don't update + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-realpath.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-realpath.patch new file mode 100644 index 0000000000..3946932fa1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-realpath.patch @@ -0,0 +1,133 @@ +https://github.com/polkit-org/polkit/commit/9aa43e089d870a8ee695e625237c5b731b250678 + +From 9aa43e089d870a8ee695e625237c5b731b250678 Mon Sep 17 00:00:00 2001 +From: Walter Doekes +Date: Fri, 25 Oct 2024 23:18:16 +0200 +Subject: [PATCH] pkexec: Use realpath when comparing + org.freedesktop.policykit.exec.path + +This changes the pkexec path that is compared from the original supplied +path to the path resolved by realpath(3). + +That means that "/bin/something" might now be matched as +"/usr/bin/something", a review of your + +actions might be in order. + +Fixes: polkit-org/polkit#194 + +See also: systemd/systemd#34714 +--- + src/programs/pkexec.c | 29 +++++++++++++++++++++++++++-- + test/integration/pkexec/test.sh | 23 +++++++++++++++++++++++ + 2 files changed, 50 insertions(+), 2 deletions(-) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 65c13090..b439475f 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -452,6 +452,7 @@ main (int argc, char *argv[]) + gchar *action_id; + gboolean allow_gui; + gchar **exec_argv; ++ gchar *path_abs; + gchar *path; + struct passwd pwstruct; + gchar pwbuf[8192]; +@@ -508,6 +509,7 @@ main (int argc, char *argv[]) + result = NULL; + action_id = NULL; + saved_env = NULL; ++ path_abs = NULL; + path = NULL; + exec_argv = NULL; + command_line = NULL; +@@ -624,6 +626,8 @@ main (int argc, char *argv[]) + * but do check this is the case. + * + * We also try to locate the program in the path if a non-absolute path is given. ++ * ++ * And then we resolve the real path of the program. + */ + g_assert (argv[argc] == NULL); + path = g_strdup (argv[n]); +@@ -647,7 +651,7 @@ main (int argc, char *argv[]) + } + if (path[0] != '/') + { +- /* g_find_program_in_path() is not suspectible to attacks via the environment */ ++ /* g_find_program_in_path() is not susceptible to attacks via the environment */ + s = g_find_program_in_path (path); + if (s == NULL) + { +@@ -662,9 +666,29 @@ main (int argc, char *argv[]) + */ + if (argv[n] != NULL) + { +- argv[n] = path; ++ /* Must copy because we might replace path later on. */ ++ path_abs = g_strdup(path); ++ /* argv[n:] is used as argv arguments to execv(). The called program ++ * sees the original called path, but we make sure it's absolute. */ ++ if (path_abs != NULL) ++ argv[n] = path_abs; + } + } ++#if _POSIX_C_SOURCE >= 200809L ++ s = realpath(path, NULL); ++#else ++ s = NULL; ++# error We have to deal with realpath(3) PATH_MAX madness ++#endif ++ if (s != NULL) ++ { ++ /* The called program resolved to the canonical location. We don't update ++ * argv[n] this time. The called program still sees the original ++ * called path. This is very important for multi-call binaries like ++ * busybox. */ ++ g_free (path); ++ path = s; ++ } + if (access (path, F_OK) != 0) + { + g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno)); +@@ -1084,6 +1108,7 @@ main (int argc, char *argv[]) + } + + g_free (original_cwd); ++ g_free (path_abs); + g_free (path); + g_free (command_line); + g_free (cmdline_short); +diff --git a/test/integration/pkexec/test.sh b/test/integration/pkexec/test.sh +index 4c76687b..e57b948f 100755 +--- a/test/integration/pkexec/test.sh ++++ b/test/integration/pkexec/test.sh +@@ -142,3 +142,26 @@ sudo -u "$TEST_USER" expect "$TMP_DIR/SIGTRAP-on-EOF.exp" | tee "$TMP_DIR/SIGTRA + grep -q "AUTHENTICATION FAILED" "$TMP_DIR/SIGTRAP-on-EOF.log" + grep -q "Not authorized" "$TMP_DIR/SIGTRAP-on-EOF.log" + rm -f "$TMP_DIR/SIGTRAP-on-EOF.log" ++ ++: "Check absolute (but not canonicalized) path" ++BASH_ABS=$(command -v bash) ++ln -s "$BASH_ABS" ./my-bash ++sudo -u "$TEST_USER" expect "$TMP_DIR/basic-auth.exp" "$TEST_USER_PASSWORD" ./my-bash -c true | tee "$TMP_DIR/absolute-path.log" ++grep -Eq "Authentication is needed to run \`/.*/${PWD##*/}/./my-bash -c true' as the super user" "$TMP_DIR/absolute-path.log" ++grep -q "AUTHENTICATION COMPLETE" "$TMP_DIR/absolute-path.log" ++rm -f "$TMP_DIR/absolute-path.log" ++rm -f "./my-bash" ++ ++: "Check canonicalized path" ++if command -v strace; then ++ BASH_ABS=$(command -v bash) ++ ln -s "$BASH_ABS" ./my-bash ++ sudo -u "$TEST_USER" strace -s 512 -o "$TMP_DIR/canonical-path.strace" -feexecve \ ++ expect "$TMP_DIR/basic-auth.exp" "$TEST_USER_PASSWORD" ./my-bash -c true | tee "$TMP_DIR/canonical-path.log" ++ cat "$TMP_DIR/canonical-path.strace" ++ grep -qF "execve(\"$BASH_ABS\", [\"$PWD/./my-bash\"," "$TMP_DIR/canonical-path.strace" ++ grep -q "AUTHENTICATION COMPLETE" "$TMP_DIR/canonical-path.log" ++ rm -f "$TMP_DIR/canonical-path.log" "$TMP_DIR/canonical-path.strace" ++ rm -f "./my-bash" ++ rm -f "$TMP_DIR/preload.c" "$TMP_DIR/preload.so" ++fi + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit.conf b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit.conf deleted file mode 100644 index 9734ff4ba6..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit.conf +++ /dev/null @@ -1,3 +0,0 @@ -d /etc/polkit-1 - - - - - -d /etc/polkit-1/rules.d 0700 polkitd root - - -d /var/lib/polkit-1 0700 polkitd polkitd - - diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/metadata.xml index 4e902cca88..420dae0ebc 100644 --- a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/metadata.xml @@ -5,7 +5,11 @@ freedesktop-bugs@gentoo.org + Build polkitd in addition to libpolkit. Use dev-lang/duktape instead of dev-lang/spidermonkey as JavaScript engine Use sys-apps/systemd for session tracking + + polkit-org/polkit + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-121.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-123-r1.ebuild similarity index 70% rename from sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-121.ebuild rename to sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-123-r1.ebuild index d1c5fde8e9..c80be20754 100644 --- a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-121.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-123-r1.ebuild @@ -1,14 +1,13 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 -PYTHON_COMPAT=( python3_{8..11} ) -TMPFILES_OPTIONAL=1 -inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils +PYTHON_COMPAT=( python3_{10..11} ) +inherit meson pam pax-utils python-any-r1 systemd xdg-utils DESCRIPTION="Policy framework for controlling privileges for system-wide services" -HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" if [[ ${PV} == *_p* ]] ; then # Upstream don't make releases very often. Test snapshots throughly # and review commits, but don't shy away if there's useful stuff there @@ -18,16 +17,15 @@ if [[ ${PV} == *_p* ]] ; then S="${WORKDIR}"/${PN}-${MY_COMMIT} else - SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz" - - S="${WORKDIR}"/${PN}-v.${PV} + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2" fi LICENSE="LGPL-2" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" -IUSE="+duktape examples gtk +introspection kde pam selinux systemd test" -RESTRICT="!test? ( test )" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="+daemon examples gtk +introspection kde pam selinux systemd test" +# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction +RESTRICT="!test? ( test ) test" # This seems to be fixed with 121? #if [[ ${PV} == *_p* ]] ; then @@ -48,7 +46,7 @@ BDEPEND=" dev-util/glib-utils sys-devel/gettext virtual/pkgconfig - introspection? ( dev-libs/gobject-introspection ) + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) test? ( $(python_gen_any_dep ' dev-python/dbus-python[${PYTHON_USEDEP}] @@ -57,10 +55,9 @@ BDEPEND=" ) " DEPEND=" - dev-libs/glib:2 + >=dev-libs/glib-2.32:2 dev-libs/expat - duktape? ( dev-lang/duktape:= ) - !duktape? ( dev-lang/spidermonkey:91[-debug] ) + daemon? ( dev-lang/duktape:= ) pam? ( sys-auth/pambase sys-libs/pam @@ -69,7 +66,8 @@ DEPEND=" systemd? ( sys-apps/systemd:0=[policykit] ) !systemd? ( sys-auth/elogind ) " -RDEPEND="${DEPEND} +RDEPEND=" + ${DEPEND} acct-user/polkitd selinux? ( sec-policy/selinux-policykit ) " @@ -85,7 +83,13 @@ DOCS=( docs/TODO HACKING.md NEWS.md README.md ) QA_MULTILIB_PATHS=" usr/lib/polkit-1/polkit-agent-helper-1 - usr/lib/polkit-1/polkitd" + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${P}-mozjs-JIT.patch + "${FILESDIR}"/${P}-pkexec-uninitialized.patch +) python_check_deps() { python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && @@ -97,11 +101,6 @@ pkg_setup() { } src_prepare() { - local PATCHES=( - # musl - "${FILESDIR}"/${PN}-0.120_p20220509-make-netgroup-support-optional.patch - ) - default # bug #401513 @@ -120,7 +119,8 @@ src_configure() { -Dos_type=gentoo -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" - -Djs_engine=$(usex duktape duktape mozjs) + -Djs_engine=duktape + $(meson_use !daemon libs-only) $(meson_use introspection) $(meson_use test tests) $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') @@ -138,21 +138,22 @@ src_compile() { src_install() { meson_src_install - dodir /usr/share/polkit-1/rules.d - dodir /usr/lib/pam.d - - mv "${D}"/{etc,usr/share}/polkit-1/rules.d/50-default.rules || die - mv "${D}"/{etc,usr/lib}/pam.d/polkit-1 || die - rmdir "${D}"/etc/polkit-1/rules.d "${D}"/etc/polkit-1 || die - rmdir "${D}"/etc/pam.d || die - - dotmpfiles "${FILESDIR}/polkit.conf" - if use examples ; then docinto examples dodoc src/examples/{*.c,*.policy*} fi - diropts -m 0700 -o polkitd - keepdir /usr/share/polkit-1/rules.d + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi } diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-124-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-124-r1.ebuild new file mode 100644 index 0000000000..9cbf98691a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-124-r1.ebuild @@ -0,0 +1,156 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit meson pam pax-utils python-any-r1 systemd xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2" +fi + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" +RESTRICT="!test? ( test )" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/glib + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + sys-devel/gettext + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + duktape? ( dev-lang/duktape:= ) + !duktape? ( dev-lang/spidermonkey:115[-debug] ) + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${PN}-124-systemd.patch + "${FILESDIR}"/${PN}-124-systemd-fixup.patch + "${FILESDIR}"/${PN}-124-c99-fixes.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + -Djs_engine=$(usex duktape duktape mozjs) + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use test tests) + $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125-r1.ebuild new file mode 100644 index 0000000000..9a9d630ffd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125-r1.ebuild @@ -0,0 +1,159 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" +fi + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" +# Tests restricted b/c of permissions +RESTRICT="!test? ( test ) test" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/glib + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + sys-devel/gettext + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + duktape? ( dev-lang/duktape:= ) + !duktape? ( dev-lang/spidermonkey:115[-debug] ) + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${P}-musl.patch + # fix incorrect feature detection + "${FILESDIR}"/8cf58abef12e61f369af3f583af349b0e086ba27.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Djs_engine=$(usex duktape duktape mozjs) + -Dpam_module_dir=$(getpam_mod_dir) + -Dsession_tracking="$(usex systemd logind elogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use test tests) + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + tmpfiles_process polkit-tmpfiles.conf + + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125.ebuild new file mode 100644 index 0000000000..d262fc5114 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125.ebuild @@ -0,0 +1,157 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" +fi + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" +# Tests restricted b/c of permissions +RESTRICT="!test? ( test ) test" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/glib + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + sys-devel/gettext + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + duktape? ( dev-lang/duktape:= ) + !duktape? ( dev-lang/spidermonkey:115[-debug] ) + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${P}-musl.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Djs_engine=$(usex duktape duktape mozjs) + -Dpam_module_dir=$(getpam_mod_dir) + -Dsession_tracking="$(usex systemd logind elogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use test tests) + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + tmpfiles_process polkit-tmpfiles.conf + + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126-r1.ebuild new file mode 100644 index 0000000000..d3d5ee6aac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126-r1.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) +inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/polkit-org/polkit" + inherit git-r3 +elif [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" +fi + +LICENSE="LGPL-2" +SLOT="0" +if [[ ${PV} != 9999 ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi +IUSE="+daemon examples gtk +introspection kde pam nls selinux systemd test" +RESTRICT="!test? ( test )" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + >=dev-libs/glib-2.32 + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + nls? ( sys-devel/gettext ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + dev-lang/duktape:= + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${P}-elogind.patch + "${FILESDIR}"/${P}-realpath.patch + "${FILESDIR}"/${P}-musl.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:@PRIVILEGED_GROUP@|unix-user:@PRIVILEGED_GROUP@|' src/polkitbackend/*-default.rules.in || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dpam_module_dir=$(getpam_mod_dir) + -Dprivileged_group=0 + -Dsession_tracking="$(usex systemd logind elogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use nls gettext) + $(meson_use test tests) + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon ; then + tmpfiles_process polkit-tmpfiles.conf + + if [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126.ebuild new file mode 100644 index 0000000000..6d0de65b25 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126.ebuild @@ -0,0 +1,157 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/polkit-org/polkit" + inherit git-r3 +elif [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" +fi + +LICENSE="LGPL-2" +SLOT="0" +if [[ ${PV} != 9999 ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi +IUSE="+daemon examples gtk +introspection kde pam nls selinux systemd test" +RESTRICT="!test? ( test )" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + >=dev-libs/glib-2.32 + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + nls? ( sys-devel/gettext ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + dev-lang/duktape:= + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:@PRIVILEGED_GROUP@|unix-user:@PRIVILEGED_GROUP@|' src/polkitbackend/*-default.rules.in || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dpam_module_dir=$(getpam_mod_dir) + -Dprivileged_group=0 + -Dsession_tracking="$(usex systemd logind elogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use nls gettext) + $(meson_use test tests) + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + tmpfiles_process polkit-tmpfiles.conf + + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999-r1.ebuild new file mode 100644 index 0000000000..c4a985f124 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999-r1.ebuild @@ -0,0 +1,160 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit meson pam pax-utils python-any-r1 systemd xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/polkit-org/polkit" + inherit git-r3 +elif [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" +fi + +LICENSE="LGPL-2" +SLOT="0" +if [[ ${PV} != 9999 ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi +IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" +RESTRICT="!test? ( test )" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/glib + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + sys-devel/gettext + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + duktape? ( dev-lang/duktape:= ) + !duktape? ( dev-lang/spidermonkey:115[-debug] ) + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # FIXME: Horrible hack to facilitate testing in bug #934314 + patch -p1 -f < "${FILESDIR}"/${PN}-124-systemd.patch + patch -p1 -f < "${FILESDIR}"/${PN}-124-systemd-fixup.patch + patch -p1 -f < "${FILESDIR}"/${PN}-124-c99-fixes.patch + sed -i -e "s:dependency('systemd':dependency('libelogind':" meson.build || die + + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + -Djs_engine=$(usex duktape duktape mozjs) + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use test tests) + $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999.ebuild new file mode 100644 index 0000000000..d3d5ee6aac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) +inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/polkit-org/polkit" + inherit git-r3 +elif [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" +fi + +LICENSE="LGPL-2" +SLOT="0" +if [[ ${PV} != 9999 ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi +IUSE="+daemon examples gtk +introspection kde pam nls selinux systemd test" +RESTRICT="!test? ( test )" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + >=dev-libs/glib-2.32 + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + nls? ( sys-devel/gettext ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + dev-lang/duktape:= + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${P}-elogind.patch + "${FILESDIR}"/${P}-realpath.patch + "${FILESDIR}"/${P}-musl.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:@PRIVILEGED_GROUP@|unix-user:@PRIVILEGED_GROUP@|' src/polkitbackend/*-default.rules.in || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dpam_module_dir=$(getpam_mod_dir) + -Dprivileged_group=0 + -Dsession_tracking="$(usex systemd logind elogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use nls gettext) + $(meson_use test tests) + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon ; then + tmpfiles_process polkit-tmpfiles.conf + + if [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi + fi +}