diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/coreos-base/coreos-init-0.0.1-r161 b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/coreos-base/coreos-init-0.0.1-r162 similarity index 92% rename from sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/coreos-base/coreos-init-0.0.1-r161 rename to sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/coreos-base/coreos-init-0.0.1-r162 index 71fb325fdc..ce4e9af151 100644 --- a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/coreos-base/coreos-init-0.0.1-r161 +++ b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/coreos-base/coreos-init-0.0.1-r162 @@ -1,13 +1,13 @@ DEFINED_PHASES=info install unpack DEPEND=net-misc/openssh net-nds/rpcbind !coreos-base/oem-service test? ( dev-lang/python:2.7 ) >=dev-vcs/git-1.8.2.1[curl] virtual/pkgconfig DESCRIPTION=Init scripts for CoreOS -EAPI=4 +EAPI=5 HOMEPAGE=http://www.coreos.com/ IUSE=test symlink-usr cros_workon_tree_ profiling KEYWORDS=amd64 arm arm64 x86 LICENSE=BSD RDEPEND=net-misc/openssh net-nds/rpcbind !coreos-base/oem-service test? ( dev-lang/python:2.7 ) app-admin/logrotate sys-block/parted sys-apps/gptfdisk >=sys-apps/systemd-207-r5 >=coreos-base/coreos-cloudinit-0.1.2-r5 REQUIRED_USE=symlink-usr -SLOT=0 +SLOT=0/0.0.1-r162 _eclasses_=cros-workon 4ad6e6491a1010ad7c875302b3be18ba git-r3 0d4635eeb5a96cd5315597a47eba25c9 multilib b2f01ad412baf81650c23fcf0975fa33 systemd 47c677ae1d7b69031f11f630ac09f0d1 toolchain-funcs f164325a2cdb5b3ea39311d483988861 -_md5_=6281132ee91c233cfeaf4ca7b5335f87 +_md5_=9663ad84054eff6fd7b13aaff94f28b5 diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/coreos-base/coreos-init-9999 b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/coreos-base/coreos-init-9999 index 1edfaa39af..c53f76b412 100644 --- a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/coreos-base/coreos-init-9999 +++ b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/coreos-base/coreos-init-9999 @@ -1,13 +1,13 @@ DEFINED_PHASES=info install unpack DEPEND=net-misc/openssh net-nds/rpcbind !coreos-base/oem-service test? ( dev-lang/python:2.7 ) >=dev-vcs/git-1.8.2.1[curl] virtual/pkgconfig DESCRIPTION=Init scripts for CoreOS -EAPI=4 +EAPI=5 HOMEPAGE=http://www.coreos.com/ IUSE=test symlink-usr cros_workon_tree_ profiling KEYWORDS=~amd64 ~arm ~arm64 ~x86 LICENSE=BSD RDEPEND=net-misc/openssh net-nds/rpcbind !coreos-base/oem-service test? ( dev-lang/python:2.7 ) app-admin/logrotate sys-block/parted sys-apps/gptfdisk >=sys-apps/systemd-207-r5 >=coreos-base/coreos-cloudinit-0.1.2-r5 REQUIRED_USE=symlink-usr -SLOT=0 +SLOT=0/9999 _eclasses_=cros-workon 4ad6e6491a1010ad7c875302b3be18ba git-r3 0d4635eeb5a96cd5315597a47eba25c9 multilib b2f01ad412baf81650c23fcf0975fa33 systemd 47c677ae1d7b69031f11f630ac09f0d1 toolchain-funcs f164325a2cdb5b3ea39311d483988861 -_md5_=6281132ee91c233cfeaf4ca7b5335f87 +_md5_=9663ad84054eff6fd7b13aaff94f28b5 diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-auth/polkit-0.113-r3 b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-auth/polkit-0.113-r4 similarity index 97% rename from sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-auth/polkit-0.113-r3 rename to sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-auth/polkit-0.113-r4 index 1007ec891b..da3b74557d 100644 --- a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-auth/polkit-0.113-r3 +++ b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-auth/polkit-0.113-r4 @@ -11,4 +11,4 @@ RDEPEND=dev-lang/spidermonkey:0/mozjs185[-debug] >=dev-libs/glib-2.32:2 >=dev-li SLOT=0 SRC_URI=http://www.freedesktop.org/software/polkit/releases/polkit-0.113.tar.gz _eclasses_=desktop b1d22ac8bdd4679ab79c71aca235009d epatch a1bf4756dba418a7238f3be0cb010c54 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 6e6c2737b59a4b982de6fb3ecefd87f8 flag-o-matic 55aaa148741116aa54ad0d80e361818e ltprune 08f9e1d9ee0af8f5d9a7854efbcd8c0e multilib b2f01ad412baf81650c23fcf0975fa33 pam 3e788d86170dfcd5b06824d898315e18 pax-utils e85f015e815dd463b0c206d781ef45a5 preserve-libs ef207dc62baddfddfd39a164d9797648 systemd 47c677ae1d7b69031f11f630ac09f0d1 toolchain-funcs f164325a2cdb5b3ea39311d483988861 user 8bc2845510e2109af75e3eeac607ec81 vcs-clean 2a0f74a496fa2b1552c4f3398258b7bf -_md5_=2ebacb6b9e75ab8a362e643d13464f7a +_md5_=36f40dc67d325b7c4cf9e4722e232eb3 diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-kernel-4.19.7 b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-kernel-4.19.7 deleted file mode 100644 index a3c352dc27..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-kernel-4.19.7 +++ /dev/null @@ -1,13 +0,0 @@ -DEFINED_PHASES=compile configure install prepare pretend setup unpack -DEPEND==sys-kernel/coreos-modules-4.19.7 app-arch/gzip app-shells/bash sys-apps/coreutils sys-apps/findutils sys-apps/grep sys-apps/ignition:= sys-apps/less sys-apps/nvme-cli sys-apps/sed sys-apps/shadow sys-apps/systemd[cryptsetup] sys-apps/seismograph sys-apps/util-linux sys-fs/btrfs-progs sys-fs/e2fsprogs sys-fs/mdadm sys-fs/xfsprogs >=sys-kernel/coreos-firmware-20180103-r1:= >=sys-kernel/bootengine-0.0.4:= sys-kernel/dracut virtual/udev amd64? ( sys-firmware/intel-microcode:= ) =sys-kernel/coreos-sources-4.19.7 -DESCRIPTION=CoreOS Linux kernel -EAPI=5 -HOMEPAGE=http://www.kernel.org -IUSE=kernel_linux -KEYWORDS=amd64 -LICENSE=GPL-2 freedist -RDEPEND==sys-kernel/coreos-modules-4.19.7 -RESTRICT=binchecks strip -SLOT=0/4.19.7 -_eclasses_=coreos-kernel 588460f26859c559935beb69c53cb5c0 eapi7-ver 756b3f27d8e46131d5cf3c51bd876446 linux-info 953c3b1c472dcadbf62098a9301327f2 multilib b2f01ad412baf81650c23fcf0975fa33 toolchain-funcs f164325a2cdb5b3ea39311d483988861 -_md5_=42753b8cebb468da769ebfda0bcf0620 diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-kernel-4.19.7-r1 b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-kernel-4.19.7-r1 new file mode 100644 index 0000000000..e3a2fb53e6 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-kernel-4.19.7-r1 @@ -0,0 +1,13 @@ +DEFINED_PHASES=compile configure install prepare pretend setup unpack +DEPEND==sys-kernel/coreos-modules-4.19.7-r1 app-arch/gzip app-shells/bash coreos-base/coreos-init:= sys-apps/coreutils sys-apps/findutils sys-apps/grep sys-apps/ignition:= sys-apps/less sys-apps/nvme-cli sys-apps/sed sys-apps/shadow sys-apps/systemd[cryptsetup] sys-apps/seismograph sys-apps/util-linux sys-fs/btrfs-progs sys-fs/e2fsprogs sys-fs/mdadm sys-fs/xfsprogs >=sys-kernel/coreos-firmware-20180103-r1:= >=sys-kernel/bootengine-0.0.4:= sys-kernel/dracut virtual/udev amd64? ( sys-firmware/intel-microcode:= ) =sys-kernel/coreos-sources-4.19.7 +DESCRIPTION=CoreOS Linux kernel +EAPI=5 +HOMEPAGE=http://www.kernel.org +IUSE=kernel_linux +KEYWORDS=amd64 +LICENSE=GPL-2 freedist +RDEPEND==sys-kernel/coreos-modules-4.19.7-r1 +RESTRICT=binchecks strip +SLOT=0/4.19.7-r1 +_eclasses_=coreos-kernel 588460f26859c559935beb69c53cb5c0 eapi7-ver 756b3f27d8e46131d5cf3c51bd876446 linux-info 953c3b1c472dcadbf62098a9301327f2 multilib b2f01ad412baf81650c23fcf0975fa33 toolchain-funcs f164325a2cdb5b3ea39311d483988861 +_md5_=1a19bf8157015b4dcd933d7281d1920d diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-modules-4.19.7 b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-modules-4.19.7-r1 similarity index 97% rename from sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-modules-4.19.7 rename to sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-modules-4.19.7-r1 index 8ef1de1817..30811a719d 100644 --- a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-modules-4.19.7 +++ b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-modules-4.19.7-r1 @@ -8,6 +8,6 @@ KEYWORDS=amd64 LICENSE=GPL-2 freedist RDEPEND=! +Date: Mon, 3 Dec 2018 10:28:58 +0100 +Subject: [PATCH] Allow negative uids/gids in PolkitUnixUser and Group objects + +(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since +there should be no users with such number, see +https://systemd.io/UIDS-GIDS#special-linux-uids. + +(uid_t) -1 is used as the default value in class initialization. + +When a user or group above INT32_MAX is created, the numeric uid or +gid wraps around to negative when the value is assigned to gint, and +polkit gets confused. Let's accept such gids, except for -1. + +A nicer fix would be to change the underlying type to e.g. uint32 to +not have negative values. But this cannot be done without breaking the +API, so likely new functions will have to be added (a +polkit_unix_user_new variant that takes a unsigned, and the same for +_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will +require a bigger patch. + +Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. +--- + src/polkit/polkitunixgroup.c | 15 +++++++++++---- + src/polkit/polkitunixprocess.c | 12 ++++++++---- + src/polkit/polkitunixuser.c | 13 ++++++++++--- + 3 files changed, 29 insertions(+), 11 deletions(-) + +diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c +index c57a1aa..309f689 100644 +--- a/src/polkit/polkitunixgroup.c ++++ b/src/polkit/polkitunixgroup.c +@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, + static void + polkit_unix_group_init (PolkitUnixGroup *unix_group) + { ++ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ + } + + static void +@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, + GParamSpec *pspec) + { + PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); ++ gint val; + + switch (prop_id) + { + case PROP_GID: +- unix_group->gid = g_value_get_int (value); ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ unix_group->gid = val; + break; + + default: +@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) + g_param_spec_int ("gid", + "Group ID", + "The UNIX group ID", +- 0, ++ G_MININT, + G_MAXINT, +- 0, ++ -1, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | +@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) + */ + void + polkit_unix_group_set_gid (PolkitUnixGroup *group, +- gint gid) ++ gint gid) + { + g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); ++ g_return_if_fail (gid != -1); + group->gid = gid; + } + +@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, + PolkitIdentity * + polkit_unix_group_new (gint gid) + { ++ g_return_val_if_fail (gid != -1, NULL); ++ + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, + "gid", gid, + NULL)); +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index 972b777..b02b258 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object, + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + +- case PROP_UID: +- polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); ++ case PROP_UID: { ++ gint val; ++ ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ polkit_unix_process_set_uid (unix_process, val); + break; ++ } + + case PROP_START_TIME: + polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); +@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + g_param_spec_int ("uid", + "User ID", + "The UNIX user ID", +- -1, ++ G_MININT, + G_MAXINT, + -1, + G_PARAM_CONSTRUCT | +@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, + gint uid) + { + g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); +- g_return_if_fail (uid >= -1); + process->uid = uid; + } + +diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c +index 8bfd3a1..234a697 100644 +--- a/src/polkit/polkitunixuser.c ++++ b/src/polkit/polkitunixuser.c +@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, + static void + polkit_unix_user_init (PolkitUnixUser *unix_user) + { ++ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ + unix_user->name = NULL; + } + +@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, + GParamSpec *pspec) + { + PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); ++ gint val; + + switch (prop_id) + { + case PROP_UID: +- unix_user->uid = g_value_get_int (value); ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ unix_user->uid = val; + break; + + default: +@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) + g_param_spec_int ("uid", + "User ID", + "The UNIX user ID", +- 0, ++ G_MININT, + G_MAXINT, +- 0, ++ -1, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | +@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, + gint uid) + { + g_return_if_fail (POLKIT_IS_UNIX_USER (user)); ++ g_return_if_fail (uid != -1); + user->uid = uid; + } + +@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, + PolkitIdentity * + polkit_unix_user_new (gint uid) + { ++ g_return_val_if_fail (uid != -1, NULL); ++ + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, + "uid", uid, + NULL)); +-- +2.18.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.113-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.113-r4.ebuild similarity index 97% rename from sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.113-r3.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.113-r4.ebuild index 0bf1a99112..a7653a5c1e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.113-r3.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.113-r4.ebuild @@ -65,6 +65,7 @@ pkg_setup() { src_prepare() { sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 epatch ${FILESDIR}/polkit-0.113-gir-cross-compile.patch + epatch ${FILESDIR}/polkit-0.113-allow-negative-uids-gids.patch } src_configure() {