mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-09 14:06:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1805 from flatcar/krnowak/tpm-tang-cleanups

Browse Source 
Cleanups
This commit is contained in:
Krzesimir Nowak 2024-03-28 08:44:38 +01:00 committed by GitHub
commit 7574abb093
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
27 changed files with 10 additions and 1060 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/portage-stable-packages-list vendored
View File

@ -114,6 +114,8 @@ app-crypt/mit-krb5
app-crypt/pinentry app-crypt/pinentry
app-crypt/rhash app-crypt/rhash
app-crypt/shash app-crypt/shash
app-crypt/tpm2-tools
app-crypt/tpm2-tss
app-doc/eclass-manpages app-doc/eclass-manpages
@ -204,13 +206,16 @@ dev-libs/json-c
dev-libs/jsoncpp dev-libs/jsoncpp
dev-libs/libaio dev-libs/libaio
dev-libs/libassuan dev-libs/libassuan
dev-libs/libatasmart
dev-libs/libbsd dev-libs/libbsd
dev-libs/libbytesize
dev-libs/libdnet dev-libs/libdnet
dev-libs/libev dev-libs/libev
dev-libs/libevent dev-libs/libevent
dev-libs/libffi dev-libs/libffi
dev-libs/libgcrypt dev-libs/libgcrypt
dev-libs/libgpg-error dev-libs/libgpg-error
dev-libs/libgudev
dev-libs/libksba dev-libs/libksba
dev-libs/liblinear dev-libs/liblinear
dev-libs/libltdl dev-libs/libltdl
@ -220,6 +225,7 @@ dev-libs/libp11
dev-libs/libpcre dev-libs/libpcre
dev-libs/libpcre2 dev-libs/libpcre2
dev-libs/libpipeline dev-libs/libpipeline
dev-libs/libpwquality
dev-libs/libsodium dev-libs/libsodium
dev-libs/libtasn1 dev-libs/libtasn1
dev-libs/libtraceevent dev-libs/libtraceevent
@ -502,6 +508,7 @@ sys-apps/texinfo
sys-apps/usbutils sys-apps/usbutils
sys-apps/util-linux sys-apps/util-linux
sys-apps/which sys-apps/which
sys-apps/zram-generator
sys-block/open-isns sys-block/open-isns
sys-block/parted sys-block/parted
@ -542,6 +549,7 @@ sys-fs/mtools
sys-fs/multipath-tools sys-fs/multipath-tools
sys-fs/quota sys-fs/quota
sys-fs/squashfs-tools sys-fs/squashfs-tools
sys-fs/udisks
sys-fs/xfsprogs sys-fs/xfsprogs
sys-fs/zfs sys-fs/zfs
sys-fs/zfs-kmod sys-fs/zfs-kmod
@ -549,9 +557,11 @@ sys-fs/zfs-kmod
sys-kernel/linux-headers sys-kernel/linux-headers
sys-libs/binutils-libs sys-libs/binutils-libs
sys-libs/cracklib
sys-libs/efivar sys-libs/efivar
sys-libs/gdbm sys-libs/gdbm
sys-libs/ldb sys-libs/ldb
sys-libs/libblockdev
sys-libs/libcap sys-libs/libcap
sys-libs/libcap-ng sys-libs/libcap-ng
sys-libs/libnvme sys-libs/libnvme

0
sdk_container/src/third_party/portage-stable/dev-libs/jose/Manifest → sdk_container/src/third_party/coreos-overlay/dev-libs/jose/Manifest vendored
View File

0
sdk_container/src/third_party/portage-stable/dev-libs/jose/jose-11-r1.ebuild → sdk_container/src/third_party/coreos-overlay/dev-libs/jose/jose-11-r1.ebuild vendored
View File

0
sdk_container/src/third_party/portage-stable/dev-libs/jose/jose-12.ebuild → sdk_container/src/third_party/coreos-overlay/dev-libs/jose/jose-12.ebuild vendored
View File

0
sdk_container/src/third_party/portage-stable/dev-libs/jose/metadata.xml → sdk_container/src/third_party/coreos-overlay/dev-libs/jose/metadata.xml vendored
View File

0
sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/Manifest → sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/Manifest vendored
View File

0
sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/files/luksmeta-tests.patch → sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/files/luksmeta-tests.patch vendored
View File

0
sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/luksmeta-9-r1.ebuild → sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/luksmeta-9-r1.ebuild vendored
View File

0
sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/metadata.xml → sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/metadata.xml vendored
View File

1
sdk_container/src/third_party/portage-stable/sys-apps/keyutils/Manifest vendored
View File

@ -1 +0,0 @@
DIST keyutils-1.6.3.tar.gz 137022 BLAKE2B b5620b1b6109415fec1268963c2c65d774f3ef7a69eb1ce8d5d8e78b4b807e4fdfda861662a1b5556975ef867add8f985362a31b6608ac2dc198c8d0395d516b SHA512 f65965b8566037078b8eeffa66c6fdbe121c8c2bea7fa5bce04cf7ba5ccc50d5b48e51f4a67ca91e4d5d9a12469e7e3eb3036c920ab25e3feba6e93b4c149cf9

51
sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.10-disable-tests.patch vendored
View File

@ -1,51 +0,0 @@
disable tests that mess with system wide settings
https://bugs.gentoo.org/519062
--- keyutils-1.5.10/tests/bugzillas/bz1031154/runtest.sh
+++ keyutils-1.5.10/tests/bugzillas/bz1031154/runtest.sh
@@ -27,6 +27,8 @@
echo "++++ BEGINNING TEST" >$OUTPUTFILE
+if false ; then
+
# we need a reference time to scan the audit log from so as not to pick up old
# results from this test.
base_date=`date +"%x@%X"`
@@ -97,6 +99,10 @@
fi
fi
+else
+marker "Gentoo: skipping test due to system wide modifications"
+fi
+
echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
# --- then report the results in the database ---
https://bugs.gentoo.org/522050
--- keyutils-1.5.10/tests/keyctl/padd/useradd/runtest.sh
+++ keyutils-1.5.10/tests/keyctl/padd/useradd/runtest.sh
@@ -40,6 +40,8 @@
marker "UNLINK KEY"
unlink_key $keyid @s
+if false ; then
+
if [ $skip_root_required = 0 ] && {
[ $OSDIST = RHEL ] && ! version_less_than $OSRELEASE 6.6 ||
keyutils_at_or_later_than 1.5.6 ;
@@ -85,6 +87,10 @@
fi
fi
+else
+marker "Gentoo: skipping test due to system wide modifications"
+fi
+
echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
# --- then report the results in the database ---

43
sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.9-header-extern-c.patch vendored
View File

@ -1,43 +0,0 @@
sent upstream
From 1f15000ad21c301a51f7746eb561659348060f45 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@chromium.org>
Date: Wed, 25 Jan 2017 14:06:55 -1000
Subject: [PATCH keyutils] add extern C markings to header file for C++ users
If people try to use keyutils from C++ code, the header doesn't work
properly because the compiler mangles the keyutils symbols. Add the
right extern markings so it works out of the box.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
---
keyutils.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/keyutils.h b/keyutils.h
index a69fa7aaa11d..d50d19d3e929 100644
--- a/keyutils.h
+++ b/keyutils.h
@@ -15,6 +15,10 @@
#include <sys/types.h>
#include <stdint.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
extern const char keyutils_version_string[];
extern const char keyutils_build_string[];
@@ -180,4 +184,8 @@ extern int recursive_session_key_scan(recursive_key_scanner_t func, void *data);
extern key_serial_t find_key_by_type_and_desc(const char *type, const char *desc,
key_serial_t destringid);
+#ifdef __cplusplus
+}
+#endif
+
#endif /* KEYUTILS_H */
--
2.11.0

25
sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6-makefile-fixup.patch vendored
View File

@ -1,25 +0,0 @@
From d1a02ed81c86fe7140f93b9a160fbb53be148446 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Fri, 16 Nov 2018 12:39:12 +0100
Subject: [PATCH] depend on $(DEVELLIB) not -lkeyutils
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 33a451e..845b8fe 100644
--- a/Makefile
+++ b/Makefile
@@ -184,7 +184,7 @@ ifeq ($(NO_SOLIB),0)
$(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME)
$(LNS) $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
mkdir -p $(DESTDIR)$(USRLIBDIR)
- $(LNS) $(LIBDIR)/$(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB)
+ $(LNS) $(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB)
sed \
-e 's,@VERSION\@,$(VERSION),g' \
-e 's,@prefix\@,$(PREFIX),g' \
--
2.19.1

38
sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-fix-rpmspec-check.patch vendored
View File

@ -1,38 +0,0 @@
https://bugs.gentoo.org/760633
From 41077f8901b642d36b63f94b0fc62377a07fc0b2 Mon Sep 17 00:00:00 2001
From: Adrian Ratiu <adrian.ratiu@collabora.com>
Date: Tue, 4 Jan 2022 03:51:10 +0200
Subject: [PATCH] Makefile: only run rpmspec if it exists
keyutils is built on many distros which do not use rpm like
Gentoo, ChromeOS or Arch. Older versions of bash silently
ignored the fact that rpmspec was missing, but newer bash
like v5.1 issue a new error:
/bin/sh: line 1: rpmspec: command not found
This happens every time the Makefile is parsed, including
for a simple "make" invocation or "make install" even if
a rpm package is not desired.
Arch Linux simply ignores this new error but Gentoo and
ChromeOS fail because portage actively monitors the build
log for errors like this. See bug report [1].
Fix this by calling rpmspec only if it exists.
[1] https://bugs.gentoo.org/760633
Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com>
--- a/Makefile
+++ b/Makefile
@@ -285,7 +285,7 @@ SRCBALL := rpmbuild/SOURCES/$(TARBALL)
ZSRCBALL := rpmbuild/SOURCES/$(ZTARBALL)
BUILDID := .local
-rpmver0 := $(shell rpmspec -q ./keyutils.spec --define "buildid $(BUILDID)")
+rpmver0 := $(shell if which rpmspec >/dev/null 2>&1; then rpmspec -q ./keyutils.spec --define "buildid $(BUILDID)"; fi)
rpmver1 := $(word 1,$(rpmver0))
rpmver2 := $(subst ., ,$(rpmver1))
rpmver3 := $(lastword $(rpmver2))

76
sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-tests.patch vendored
View File

@ -1,76 +0,0 @@
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/commit/?id=c076dff259e99d84d3822b4d2ad7f3f66532f411
From c076dff259e99d84d3822b4d2ad7f3f66532f411 Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Tue, 20 Dec 2022 14:13:29 +0100
Subject: test: Fix test expectation based on kernel config
Some test results are dependent on the kernel configuration option
CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE.
Check the kernel configuration file for its presence and expect appropriate
test results.
Function has_kernel_config is based on its xfstsests counterpart.
Signed-off-by: Pavel Reichl <preichl@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
--- a/tests/features/builtin_trusted/runtest.sh
+++ b/tests/features/builtin_trusted/runtest.sh
@@ -33,7 +33,11 @@ expect_error EACCES
create_key --fail user a a $stk
expect_error EOPNOTSUPP
create_key --fail user a a $blk
-expect_error EACCES
+if has_kernel_config "CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE"; then
+ expect_error EOPNOTSUPP
+else
+ expect_error EACCES
+fi
# Try adding a key to the keyrings
marker "TRY ADDING ASYMMETRIC KEYS"
@@ -89,7 +93,11 @@ expect_error EACCES
create_key --fail -x asymmetric "" "$x509" $stk
expect_error ENOKEY
create_key --fail -x asymmetric "" "$x509" $blk
-expect_error EACCES
+if has_kernel_config "CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE"; then
+ expect_error EOPNOTSUPP
+else
+ expect_error EACCES
+fi
echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
--- a/tests/prepare.inc.sh
+++ b/tests/prepare.inc.sh
@@ -4,6 +4,26 @@
includes=${BASH_SOURCE[0]}
includes=${includes%/*}/
+# Check if currently running kernel has option set
+function has_kernel_config()
+{
+ local option=$1
+ local uname=$(uname -r)
+ local config_list="$KCONFIG_PATH
+ /lib/modules/$uname/build/.config
+ /boot/config-$uname
+ /lib/kernel/config-$uname"
+
+ for config in $config_list; do
+ [ ! -f $config ] && continue
+ grep -qE "^${option}=[my]" $config
+ return
+ done
+
+ echo "Failed to find kernel configuration file"
+ return false
+}
+
# --- need to run in own session keyring
watch_fd=0
if [ "$1" != "--inside-test-session" ]
--
cgit 1.2.3-korg

116
sdk_container/src/third_party/portage-stable/sys-apps/keyutils/keyutils-1.6.3-r1.ebuild vendored
View File

@ -1,116 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit toolchain-funcs linux-info multilib-minimal
DESCRIPTION="Linux Key Management Utilities"
HOMEPAGE="https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git"
SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/snapshot/${P}.tar.gz"
LICENSE="GPL-2 LGPL-2.1"
SLOT="0/1.9"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux"
IUSE="static static-libs test"
RESTRICT="!test? ( test )"
RDEPEND=""
DEPEND="!prefix? ( >=sys-kernel/linux-headers-2.6.11 )"
PATCHES=(
"${FILESDIR}"/${PN}-1.6-makefile-fixup.patch
"${FILESDIR}"/${PN}-1.5.10-disable-tests.patch #519062 #522050
"${FILESDIR}"/${PN}-1.5.9-header-extern-c.patch
"${FILESDIR}"/${PN}-1.6.3-fix-rpmspec-check.patch
"${FILESDIR}"/${P}-tests.patch
)
pkg_setup() {
# To prevent a failure in test phase and false positive bug reports
# we are enforcing the following options because testsuite expects
# that these options are available. I.e. testsuite only decides based
# on kernel version which tests will be called, no feature checking.
if use test ; then
CONFIG_CHECK="KEYS"
ERROR_KEYS="You must have CONFIG_KEYS to run the package testsuite!"
if kernel_is -ge 2 6 10 && kernel_is -lt 4 0 0 ; then
CONFIG_CHECK="${CONFIG_CHECK} KEYS_DEBUG_PROC_KEYS"
ERROR_KEYS_DEBUG_PROC_KEYS="You must have CONFIG_KEYS_DEBUG_PROC_KEYS to run the package testsuite!"
fi
if kernel_is -ge 4 7 ; then
CONFIG_CHECK="${CONFIG_CHECK} KEY_DH_OPERATIONS"
ERROR_KEY_DH_OPERATIONS="You must have CONFIG_KEY_DH_OPERATIONS to run the package testsuite!"
fi
else
CONFIG_CHECK="~KEYS"
ERROR_KEYS="You will be unable to use this package on this system because CONFIG_KEYS is not set!"
if kernel_is -ge 4 7 ; then
CONFIG_CHECK="${CONFIG_CHECK} ~KEY_DH_OPERATIONS"
ERROR_KEY_DH_OPERATIONS="You will be unable to use Diffie-Hellman on this system because CONFIG_KEY_DH_OPERATIONS is not set!"
fi
fi
linux-info_pkg_setup
}
src_prepare() {
default
# The lsb check is useless, so avoid spurious command not found messages.
sed -i -e 's,lsb_release,:,' tests/prepare.inc.sh || die
# Some tests call the kernel which calls userspace, but that will
# run the install keyutils rather than the locally compiled one,
# so disable round trip tests.
rm -rf tests/keyctl/requesting/{bad-args,piped,valid}
multilib_copy_sources
}
multilib_src_compile() {
tc-export AR CC CXX
sed -i \
-e "1iRPATH = $(usex static -static '')" \
-e '/^C.*FLAGS/s|:=|+=|' \
-e 's:-Werror::' \
-e '/^BUILDFOR/s:=.*:=:' \
-e "/^LIBDIR/s:=.*:= /usr/$(get_libdir):" \
-e '/^USRLIBDIR/s:=.*:=$(LIBDIR):' \
-e "s: /: ${EPREFIX}/:g" \
-e '/^NO_ARLIB/d' \
Makefile || die
# We need the static lib in order to statically link programs.
if use static ; then
export NO_ARLIB=0
# Hack the progs to depend on the static lib instead.
sed -i \
-e '/^.*:.*[$](DEVELLIB)$/s:$(DEVELLIB):$(ARLIB) $(SONAME):' \
Makefile || die
else
export NO_ARLIB=$(usex static-libs 0 1)
fi
emake
}
multilib_src_test() {
# Execute the locally compiled code rather than the
# older versions already installed in the system.
LD_LIBRARY_PATH=${BUILD_DIR} \
PATH="${BUILD_DIR}:${PATH}" \
emake test
}
multilib_src_install() {
# Possibly undo the setting for USE=static (see src_compile).
export NO_ARLIB=$(usex static-libs 0 1)
default
}
multilib_src_install_all() {
dodoc README
}

17
sdk_container/src/third_party/portage-stable/sys-apps/keyutils/metadata.xml vendored
View File

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>robbat2@gentoo.org</email>
</maintainer>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<upstream>
<remote-id type="cpe">cpe:/a:keyutils_project:keyutils</remote-id>
</upstream>
<slots>
<subslots>Reflect ABI compatibility for libkeyutils.so.</subslots>
</slots>
</pkgmetadata>

3
sdk_container/src/third_party/portage-stable/sys-auth/Manifest vendored
View File

@ -1,3 +0,0 @@
DIST polkit-122.tar.bz2 704972 BLAKE2B 601ed969de816d061a974b07490d64c144940898a75d4e1761462ee1ff0f00686b068298fa6fdc901879d8cd4bea4334c0187aa5bde50acf90728c37e73e21f4 SHA512 a7c0a951bbcdb09899adbc128296c74fc062441e996f4d6a782b214178f0936137e2fdc489eaa86a00599b988711735a5bd9b5c3b93bdb42fb915db9f9b04e26
DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6
DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc

39
sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-122-libs-only-postinstall.patch vendored
View File

@ -1,39 +0,0 @@
https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/149
From bef75fb8291b3871894d8ffe19f7242448cdb4a8 Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
Date: Wed, 7 Dec 2022 13:18:09 +0000
Subject: [PATCH] meson.build: fix install with libs_only
Bug: https://bugs.gentoo.org/884701
Signed-off-by: Sam James <sam@gentoo.org>
--- a/meson.build
+++ b/meson.build
@@ -360,14 +360,17 @@ configure_file(
configuration: config_h,
)
-meson.add_install_script(
- 'meson_post_install.py',
- get_option('bindir'),
- pk_pkgdatadir,
- pk_libprivdir,
- pk_pkgsysconfdir,
- polkitd_user,
-)
+
+if not libs_only
+ meson.add_install_script(
+ 'meson_post_install.py',
+ get_option('bindir'),
+ pk_pkgdatadir,
+ pk_libprivdir,
+ pk_pkgsysconfdir,
+ polkitd_user,
+ )
+endif
output = '\n ' + meson.project_name() + ' ' + meson.project_version() + '\n'
output += ' ============\n\n'
--
GitLab

36
sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-123-mozjs-JIT.patch vendored
View File

@ -1,36 +0,0 @@
https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb
From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Sat, 29 Jul 2023 17:44:58 +0800
Subject: [PATCH] jsauthority: mozjs: Disable JIT
The JIT compiling of mozjs needs W/X mapping, but our systemd hardening
setting does not allow it.
For polkit, security is much more important than the speed running
Javascript code in rule files, so we should disable JIT.
Fixes #199.
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -56,7 +56,16 @@
static class JsInitHelperType
{
public:
- JsInitHelperType() { JS_Init(); }
+ JsInitHelperType()
+ {
+ /* Disable JIT because it needs W/X mapping, which is not allowed by
+ * our systemd hardening setting.
+ */
+ JS::DisableJitBackend();
+
+ JS_Init();
+ }
+
~JsInitHelperType() { JS_ShutDown(); }
} JsInitHelper;
--
GitLab

35
sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-123-pkexec-uninitialized.patch vendored
View File

@ -1,35 +0,0 @@
https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d
From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001
From: Vincent Mihalkovic <vmihalko@redhat.com>
Date: Wed, 16 Aug 2023 08:59:55 +0000
Subject: [PATCH] pkexec: fix uninitialized pointer warning
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -53,6 +53,7 @@
static gchar *original_user_name = NULL;
static gchar *original_cwd;
static gchar *command_line = NULL;
+static gchar *cmdline_short = NULL;
static struct passwd *pw;
#ifndef HAVE_CLEARENV
@@ -508,6 +509,7 @@ main (int argc, char *argv[])
path = NULL;
exec_argv = NULL;
command_line = NULL;
+ cmdline_short = NULL;
opt_user = NULL;
local_agent_handle = NULL;
@@ -802,7 +804,6 @@ main (int argc, char *argv[])
polkit_details_insert (details, "program", path);
polkit_details_insert (details, "command_line", command_line);
- gchar *cmdline_short = NULL;
cmdline_short = g_strdup(command_line);
if (strlen(command_line) > 80)
g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ),
--
GitLab

28
sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-124-systemd-fixup.patch vendored
View File

@ -1,28 +0,0 @@
https://bugs.gentoo.org/922458
https://github.com/polkit-org/polkit/pull/417/files#r1458416421
--- a/meson.build
+++ b/meson.build
@@ -212,14 +212,17 @@ if enable_logind
config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep))
# systemd unit / service files
- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
systemd_systemdsystemunitdir = get_option('systemdsystemunitdir')
- if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login'
- # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
- systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
- endif
+ if session_tracking == 'libsystemd-login'
+ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
- systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d')
+ if systemd_systemdsystemunitdir == ''
+ # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
+ systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
+ endif
+
+ systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d')
+ endif
endif
config_h.set('HAVE_LIBSYSTEMD', enable_logind)

50
sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-124-systemd.patch vendored
View File

@ -1,50 +0,0 @@
https://github.com/polkit-org/polkit/pull/417
From 69d6b94d590b4dd1fbbac22b4f4d449f46ef61aa Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Thu, 18 Jan 2024 15:07:32 +0000
Subject: [PATCH] meson: fix build failure when -Dsystemdsystemunitdir is
specified
When 'systemdsystemunitdir' is specified as an option the systemd_dep
variable is not defined, but the sysusers.d directory lookup uses it,
causing a build failure:
dh_auto_configure -- \
-Dexamples=false \
-Dintrospection=true \
-Dman=true \
-Dsystemdsystemunitdir=/usr/lib/systemd/system \
-Dtests=true \
-Dgtk_doc=true -Dsession_tracking=libsystemd-login
cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 -Dexamples=false -Dintrospection=true -Dman=true -Dsystemdsystemunitdir=/usr/lib/systemd/system -Dtests=true -Dgtk_doc=true -Dsession_tracking=libsystemd-login
The Meson build system
Version: 1.3.1
Source dir: /builds/bluca/polkit/debian/output/source_dir
Build dir: /builds/bluca/polkit/debian/output/source_dir/obj-x86_64-linux-gnu
Build type: native build
Project name: polkit
Project version: 124
<...>
Run-time dependency libsystemd found: YES 255
Checking for function "sd_uid_get_display" with dependency libsystemd: YES
Checking for function "sd_pidfd_get_session" with dependency libsystemd: YES
../meson.build:222:37: ERROR: Unknown variable "systemd_dep".
Follow-up for 24f1e0af3f7bd17e220cb96201f3c654e737ad34
--- a/meson.build
+++ b/meson.build
@@ -212,9 +212,9 @@ if enable_logind
config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep))
# systemd unit / service files
+ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
systemd_systemdsystemunitdir = get_option('systemdsystemunitdir')
if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login'
- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
# FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
endif

15
sdk_container/src/third_party/portage-stable/sys-auth/metadata.xml vendored
View File

@ -1,15 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>freedesktop-bugs@gentoo.org</email>
</maintainer>
<use>
<flag name="daemon">Build polkitd in addition to libpolkit.</flag>
<flag name="duktape">Use <pkg>dev-lang/duktape</pkg> instead of <pkg>dev-lang/spidermonkey</pkg> as JavaScript engine</flag>
<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag>
</use>
<upstream>
<remote-id type="github">polkit-org/polkit</remote-id>
</upstream>
</pkgmetadata>

160
sdk_container/src/third_party/portage-stable/sys-auth/polkit-122-r1.ebuild vendored
View File

@ -1,160 +0,0 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{9..11} )
inherit meson pam pax-utils python-any-r1 systemd xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
if [[ ${PV} == *_p* ]] ; then
# Upstream don't make releases very often. Test snapshots throughly
# and review commits, but don't shy away if there's useful stuff there
# we want.
MY_COMMIT=""
SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
S="${WORKDIR}"/${PN}-${MY_COMMIT}
else
SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
fi
LICENSE="LGPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
RESTRICT="!test? ( test ) test"
# This seems to be fixed with 121?
#if [[ ${PV} == *_p* ]] ; then
# RESTRICT="!test? ( test )"
#else
# # Tests currently don't work with meson in the dist tarballs. See
# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
# RESTRICT="test"
#fi
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
dev-libs/glib
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
sys-devel/gettext
virtual/pkgconfig
introspection? ( dev-libs/gobject-introspection )
test? (
$(python_gen_any_dep '
dev-python/dbus-python[${PYTHON_USEDEP}]
dev-python/python-dbusmock[${PYTHON_USEDEP}]
')
)
"
DEPEND="
dev-libs/glib:2
dev-libs/expat
daemon? (
duktape? ( dev-lang/duktape:= )
!duktape? ( dev-lang/spidermonkey:102[-debug] )
)
pam? (
sys-auth/pambase
sys-libs/pam
)
!pam? ( virtual/libcrypt:= )
systemd? ( sys-apps/systemd:0=[policykit] )
!systemd? ( sys-auth/elogind )
"
RDEPEND="${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING.md NEWS.md README.md )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd
"
PATCHES=(
"${FILESDIR}"/${PN}-122-libs-only-postinstall.patch
)
python_check_deps() {
python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
}
pkg_setup() {
use test && python-any-r1_pkg_setup
}
src_prepare() {
default
# bug #401513
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
}
src_configure() {
xdg_environment_reset
local emesonargs=(
--localstatedir="${EPREFIX}"/var
-Dauthfw="$(usex pam pam shadow)"
-Dexamples=false
-Dgtk_doc=false
-Dman=true
-Dos_type=gentoo
-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
-Djs_engine=$(usex duktape duktape mozjs)
$(meson_use !daemon libs-only)
$(meson_use introspection)
$(meson_use test tests)
$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
)
meson_src_configure
}
src_compile() {
meson_src_compile
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
meson_src_install
if use examples ; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
if use daemon; then
if [[ ${EUID} == 0 ]]; then
diropts -m 0700 -o polkitd
fi
keepdir /etc/polkit-1/rules.d
fi
}
pkg_postinst() {
if use daemon && [[ ${EUID} == 0 ]]; then
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
fi
}

162
sdk_container/src/third_party/portage-stable/sys-auth/polkit-123.ebuild vendored
View File

@ -1,162 +0,0 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..11} )
inherit meson pam pax-utils python-any-r1 systemd xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
if [[ ${PV} == *_p* ]] ; then
# Upstream don't make releases very often. Test snapshots throughly
# and review commits, but don't shy away if there's useful stuff there
# we want.
MY_COMMIT=""
SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
S="${WORKDIR}"/${PN}-${MY_COMMIT}
else
SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
fi
LICENSE="LGPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
RESTRICT="!test? ( test ) test"
# This seems to be fixed with 121?
#if [[ ${PV} == *_p* ]] ; then
# RESTRICT="!test? ( test )"
#else
# # Tests currently don't work with meson in the dist tarballs. See
# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
# RESTRICT="test"
#fi
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
dev-libs/glib
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
sys-devel/gettext
virtual/pkgconfig
introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
test? (
$(python_gen_any_dep '
dev-python/dbus-python[${PYTHON_USEDEP}]
dev-python/python-dbusmock[${PYTHON_USEDEP}]
')
)
"
DEPEND="
>=dev-libs/glib-2.32:2
dev-libs/expat
daemon? (
duktape? ( dev-lang/duktape:= )
!duktape? ( dev-lang/spidermonkey:102[-debug] )
)
pam? (
sys-auth/pambase
sys-libs/pam
)
!pam? ( virtual/libcrypt:= )
systemd? ( sys-apps/systemd:0=[policykit] )
!systemd? ( sys-auth/elogind )
"
RDEPEND="
${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING.md NEWS.md README.md )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd
"
PATCHES=(
"${FILESDIR}"/${P}-mozjs-JIT.patch
"${FILESDIR}"/${P}-pkexec-uninitialized.patch
)
python_check_deps() {
python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
}
pkg_setup() {
use test && python-any-r1_pkg_setup
}
src_prepare() {
default
# bug #401513
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
}
src_configure() {
xdg_environment_reset
local emesonargs=(
--localstatedir="${EPREFIX}"/var
-Dauthfw="$(usex pam pam shadow)"
-Dexamples=false
-Dgtk_doc=false
-Dman=true
-Dos_type=gentoo
-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
-Djs_engine=$(usex duktape duktape mozjs)
$(meson_use !daemon libs-only)
$(meson_use introspection)
$(meson_use test tests)
$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
)
meson_src_configure
}
src_compile() {
meson_src_compile
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
meson_src_install
if use examples ; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
if use daemon; then
if [[ ${EUID} == 0 ]]; then
diropts -m 0700 -o polkitd
fi
keepdir /etc/polkit-1/rules.d
fi
}
pkg_postinst() {
if use daemon && [[ ${EUID} == 0 ]]; then
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
fi
}

165
sdk_container/src/third_party/portage-stable/sys-auth/polkit-124-r1.ebuild vendored
View File

@ -1,165 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..12} )
inherit meson pam pax-utils python-any-r1 systemd xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
if [[ ${PV} == *_p* ]] ; then
# Upstream don't make releases very often. Test snapshots throughly
# and review commits, but don't shy away if there's useful stuff there
# we want.
MY_COMMIT=""
SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
S="${WORKDIR}"/${PN}-${MY_COMMIT}
else
SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
fi
LICENSE="LGPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
RESTRICT="!test? ( test ) test"
# This seems to be fixed with 121?
#if [[ ${PV} == *_p* ]] ; then
# RESTRICT="!test? ( test )"
#else
# # Tests currently don't work with meson in the dist tarballs. See
# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
# RESTRICT="test"
#fi
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
dev-libs/glib
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
sys-devel/gettext
virtual/pkgconfig
introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
test? (
$(python_gen_any_dep '
dev-python/dbus-python[${PYTHON_USEDEP}]
dev-python/python-dbusmock[${PYTHON_USEDEP}]
')
)
"
DEPEND="
>=dev-libs/glib-2.32:2
dev-libs/expat
daemon? (
duktape? ( dev-lang/duktape:= )
!duktape? ( dev-lang/spidermonkey:115[-debug] )
)
pam? (
sys-auth/pambase
sys-libs/pam
)
!pam? ( virtual/libcrypt:= )
systemd? ( sys-apps/systemd:0=[policykit] )
!systemd? ( sys-auth/elogind )
"
RDEPEND="
${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING.md NEWS.md README.md )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd
"
PATCHES=(
"${FILESDIR}"/${PN}-124-systemd.patch
"${FILESDIR}"/${PN}-124-systemd-fixup.patch
)
python_check_deps() {
python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
}
pkg_setup() {
use test && python-any-r1_pkg_setup
}
src_prepare() {
default
# bug #401513
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
}
src_configure() {
xdg_environment_reset
local emesonargs=(
--localstatedir="${EPREFIX}"/var
-Dauthfw="$(usex pam pam shadow)"
-Dexamples=false
-Dgtk_doc=false
-Dman=true
-Dos_type=gentoo
-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
-Djs_engine=$(usex duktape duktape mozjs)
$(meson_use !daemon libs-only)
$(meson_use introspection)
$(meson_use test tests)
$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
)
meson_src_configure
}
src_compile() {
meson_src_compile
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
meson_src_install
# acct-user/polkitd installs its own (albeit with a different filename)
rm -rf "${ED}"/usr/lib/sysusers.d || die
if use examples ; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
if use daemon; then
if [[ ${EUID} == 0 ]]; then
diropts -m 0700 -o polkitd
fi
keepdir /etc/polkit-1/rules.d
fi
}
pkg_postinst() {
if use daemon && [[ ${EUID} == 0 ]]; then
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
fi
}