diff options
Diffstat (limited to 'sys-auth/polkit')
| -rw-r--r-- | sys-auth/polkit/Manifest | 8 | ||||
| -rw-r--r-- | sys-auth/polkit/files/polkit-126-elogind.patch | 37 | ||||
| -rw-r--r-- | sys-auth/polkit/files/polkit-126-musl.patch | 34 | ||||
| -rw-r--r-- | sys-auth/polkit/files/polkit-126-realpath.patch | 133 | ||||
| -rw-r--r-- | sys-auth/polkit/polkit-126-r1.ebuild | 165 | ||||
| -rw-r--r-- | sys-auth/polkit/polkit-126.ebuild | 157 | ||||
| -rw-r--r-- | sys-auth/polkit/polkit-9999.ebuild | 27 |
7 files changed, 551 insertions, 10 deletions
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest index 2ddfa1d1f0b7..5a6e92300d5e 100644 --- a/sys-auth/polkit/Manifest +++ b/sys-auth/polkit/Manifest @@ -5,13 +5,19 @@ AUX polkit-124-c99-fixes.patch 3663 BLAKE2B d3820081c0215e37855045a1e1efe4da77ef AUX polkit-124-systemd-fixup.patch 1571 BLAKE2B e9f03f0239a4af15a05a8a83749f2da50c7457849d5f170556e3ca0e8c47ec9a90359a77a8255932b3843b8d50bedf1e07472cd1e33ba1cc76a7d2b5aa0560fd SHA512 b938ac6f4de8a2e2cc799c3fcaeca7f3d4f62f14868b0281329b3b102f8cc6d7474c96ed9a16e0197ef30db229df53e7287b816ecd16efce5f00fb2783cb049b AUX polkit-124-systemd.patch 2483 BLAKE2B 3323abefac5adff5046d7756ba19d87b9206baecce4937de6b29ca2e12025c173d503e2f6bc9274147f16a333b1dd46a3d089645708d051f7cdb59a52705dcae SHA512 97622cd525e6706e82aad8bb63f8721ae22f3da47727797556b468b9f01417f78a3c52733582c5f40ba5196261faa7a0aff1da4326baf57d9d8d470d88b2a538 AUX polkit-125-musl.patch 1838 BLAKE2B 61615adbbd75e1cae40dfeafdf8f2cdd2423629074ae2fa0218c7b7ff1bd10d00d5649ff25e85ba4df2052245d7f1bc0e6877cbec96fe8dfd8c1fb09957f3b36 SHA512 4e6edca7a993519a4f8ad757f4efa88145f66792bb929241e7a098270478e512623b3eb5d2bf2cc0013f0e512e1d59334d398f19717055c864ed9574dd27b454 +AUX polkit-126-elogind.patch 1135 BLAKE2B 61d9b4521897e798192c91a85601cc932444e07a1bff88466720a00aaaac7b914a1c25ec322a62f9ce60a6b47c4a48fa6171f4208dbc8e6bfc8a0da0f1372fe3 SHA512 f57d71c5e6e5696818e2fbea39558449a07a936d4a81b53f3f951d95e8185b090e5cbaa0bb5cb045a76b9bae5c53831761011516747dcc92783dabe4d564c3c0 +AUX polkit-126-musl.patch 1156 BLAKE2B 67845156dd2fb7790fb805d3f818d7f99ebd12d01d5dd8ac8893d53297e480d4b76a4e24965c9f28a15a3bba0243b6501686b332a6e7c8ab69d29280bbbb5103 SHA512 caa550470397658d6443d01097ea77347b94941bd87c0afefc303b94cf2882d4271a8f5e5db6052d03d9470404ec3c489977ea904c26f68db6bc200483e3ebca +AUX polkit-126-realpath.patch 4896 BLAKE2B c1b055949ce1d27c1b1e0c22e1c9a55546a2ec38e44ce771faf641b3d88def47bebc5b7ccae9a34f2d090f0cab210f361865975737e2b435a6f0314c00d1d4e3 SHA512 8ad97a27e67df9c95e6c4401cf978af70ce646595b6bfc21f3f86be697d3e3ab0db316744afc91adbf0f59370c2dc8eeaaf37c874aaea8dac26bedacca3690ec DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6 DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc DIST polkit-125.tar.gz 453652 BLAKE2B 068bd4a7c028a0b4e026a0fdc3a60bd323087282a5c5bd7cbc404dbedb997de63893ce2282e8cd5f01f8d98ff0cc1a46200543a832fa397a4f50ef8d6ba2b28b SHA512 64d85c1557355d6de6483beeb855b74a99dbb30cf9968206dc0aaf147156072ca2604bf667533099ee3972b3eed0421ec0a1ff8bea35a1e4c54da7b9688e0953 +DIST polkit-126.tar.gz 456138 BLAKE2B 2e86c8853edf29879d8367b77d210d3a891178297cb5f9eb204a953bfaa66f6ff2307da265f4c3f89265ba8ce32e94641272d654a78d116dfb32a65d402f877a SHA512 dbdbc31b7a231c963788b37cf1a138e30336466fb662225a812faaf58e45439925d9d39346cc8f07e54f22040c2f142435acb9fded315d33e24930e0abc736c7 EBUILD polkit-123-r1.ebuild 3992 BLAKE2B a619bb72c9047a54c8bbc342e43310ca0f5a4f885b7e6b73ae354fbcdc95919bb850ddecc7b54bccfe5bbef3880723ea34765d351ba6d28d41e9fab329e9f600 SHA512 0478d625f3d892655624bce05ff22a5370a4098f7e5585365c1e30c88454546af0da107d9d9ef79707ce34c0e189ee10ef1135fd93deeba97ff21074da164a3a EBUILD polkit-124-r1.ebuild 3906 BLAKE2B 12fe0c0be38f8ab2edc577edaf46a580d46ffcc8f6992b6e06ef368ee81534d058d771cd39b8ba5eab35ab475e5e7d36e16b2bf2c2095db45c908fc370a9a591 SHA512 f799e4ffe69a32c96847e4b4b0862684118144002305cd3f005565e0860d224d073ecb64c7a9d699012185dc4e8434d984f71304461c269dd8c9b64d5874024d EBUILD polkit-125-r1.ebuild 3948 BLAKE2B 6093ffdcdc548752c6f0c0e81b31d821b70ecc6f905bf1f17476a67d5575ad9e971f98b940799d4077150ac222c5ad127598282f7b540e45b31be05813047249 SHA512 ef66cc1c9c50f902befb51d9a60d7148a3dad96626d862d18cf47e158d1f92e125d05804410c87720d32ca716cdeb80e7ac1bb73db87531a1c3bd0ba24e3ad6a EBUILD polkit-125.ebuild 3858 BLAKE2B 0f2abe9840da2f1853a7ad76aa4d318fa6667c63f015d19c5052c38d3b3408c91cc455c57f2eeaecbfa01bcf7bdff0be105a1385c7df5dec2959e9f1d616f3cb SHA512 69815752e060e6a193248cad74168bf334526121ed0beacdf70aacbb86c2b41aae79f8e3342cea92e560db10102b498c2d11c4e3b5e3a80cbcfa1478577a1a65 +EBUILD polkit-126-r1.ebuild 4024 BLAKE2B 7b010e5f6a8c92bbc8c3d6daf7320a4c329f1d93481dc72dc2a1c6a2b7357480733fe80f7c55ef52052c0e21f627b16d67e4387f7885022f0f33ede614cb13f3 SHA512 f570527e56faad74a7032a4062d7c8d0b98c98a52066342cab69a72168b397de7aac28e6a24ad25d463fa573fd011de6af404803757e7ad3fbe305266aa72ba0 +EBUILD polkit-126.ebuild 3894 BLAKE2B df2c0f19f5d4c6a608e9379eba0c375b3724b13a68079a485812b7b7c9fcd721f696793a0cd970b07c0899ad7fb00a57dc77dc5e5059a09d31148ca8e166e72b SHA512 ee4bdd37e0bc7987a863542a739ae9f3f51806952b4e7ab86e58f7520878d22e9350d26e22be5253695cfbf11b944a377662b99543ad73ad0769c5ec4cbc5210 EBUILD polkit-9999-r1.ebuild 4185 BLAKE2B e7bd2cfc49f8b9809d33bcd62b3c6551e18d9c4497eef7700b856521923f900b90d493f8257f1684e64d799287001eec045fb4ae6b0e2b90831e9e00926836dd SHA512 b0c426f426cf4c615bfb7a404e9600eaf6b78db142271c15ef47c1e7e473cf1225c8d8577afc3b7ad56059af3d96f0ddcbee19d8eea7d2fcebe5a6dc2b40d288 -EBUILD polkit-9999.ebuild 3847 BLAKE2B 7c8a8067d037cc33f09473dbae65d0ec798737e6c523c6757fbc233a782f29e495c542e764564e2ac2febb1d42b4e2a75982dca486cfe6c16b32583658939c9d SHA512 98f7a013adf2df67e49ea21e4d05cf8e03a9a38a5fe9299400d813fab7ed3f462813e0ee9592111e09418d1d23c86a53cf278a1fbaf66947ab113c2e1dbe504f +EBUILD polkit-9999.ebuild 4024 BLAKE2B 7b010e5f6a8c92bbc8c3d6daf7320a4c329f1d93481dc72dc2a1c6a2b7357480733fe80f7c55ef52052c0e21f627b16d67e4387f7885022f0f33ede614cb13f3 SHA512 f570527e56faad74a7032a4062d7c8d0b98c98a52066342cab69a72168b397de7aac28e6a24ad25d463fa573fd011de6af404803757e7ad3fbe305266aa72ba0 MISC metadata.xml 605 BLAKE2B 80c7a5d7d4d370123b0ab3d40cbc51e7a606ed45fb29cf201dfb2ebf3dbb47a9c5c3648be971d18afee881bc5fc0402b27a26bcdc4ed29e083b22e8f194d415d SHA512 14f7b54a110db41ddb8ae53a6bd769352bf59b1ac8d519b448aa4a97b1dd6f7d6a315c4aec96f223effb7c84e0525e31076650d1331b17a150f614ee1aee4034 diff --git a/sys-auth/polkit/files/polkit-126-elogind.patch b/sys-auth/polkit/files/polkit-126-elogind.patch new file mode 100644 index 000000000000..41245059c4ee --- /dev/null +++ b/sys-auth/polkit/files/polkit-126-elogind.patch @@ -0,0 +1,37 @@ +https://github.com/polkit-org/polkit/commit/55ee1b70456eca8281dda9612c485c619122f202 + +From 55ee1b70456eca8281dda9612c485c619122f202 Mon Sep 17 00:00:00 2001 +From: Jan Rybar <jrybar@redhat.com> +Date: Tue, 14 Jan 2025 13:47:54 +0100 +Subject: [PATCH] meson: fix unused dependency, fixes elogind FTBFS + +polkit-126 could not be built from source with elogind session service due +to wrong dependencies in meson.build. + +Author: @markhindley +--- + src/polkitbackend/meson.build | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/polkitbackend/meson.build b/src/polkitbackend/meson.build +index fc35e195..a807b41b 100644 +--- a/src/polkitbackend/meson.build ++++ b/src/polkitbackend/meson.build +@@ -37,7 +37,6 @@ deps += thread_dep + + if enable_logind + sources += files('polkitbackendsessionmonitor-systemd.c') +- + deps += logind_dep + else + sources += files('polkitbackendsessionmonitor.c') +@@ -73,7 +72,7 @@ executable( + program, + program + '.c', + include_directories: top_inc, +- dependencies: libpolkit_gobject_dep, ++ dependencies: deps, + c_args: c_flags, + link_with: libpolkit_backend, + install: true, + diff --git a/sys-auth/polkit/files/polkit-126-musl.patch b/sys-auth/polkit/files/polkit-126-musl.patch new file mode 100644 index 000000000000..3bc3cc128472 --- /dev/null +++ b/sys-auth/polkit/files/polkit-126-musl.patch @@ -0,0 +1,34 @@ +https://github.com/polkit-org/polkit/commit/074ad836836167190cfe5649f9fc50da2e79a0ab + +From 074ad836836167190cfe5649f9fc50da2e79a0ab Mon Sep 17 00:00:00 2001 +From: Jan Rybar <jrybar@redhat.com> +Date: Wed, 19 Feb 2025 14:20:22 +0100 +Subject: [PATCH] Fix musl compilation error on Alpine + +Disruptions between glibc and musl-(not-)predefined feature-test macros led to +a decision to remove a check for POSIX standards older than 17 years. It makes no +sense to test the existence of a macro that we explicitly define in +meson.build either (shall we test for _GNU_SOURCE). +--- + src/programs/pkexec.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index b439475f..4274c92b 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -674,12 +674,8 @@ main (int argc, char *argv[]) + argv[n] = path_abs; + } + } +-#if _POSIX_C_SOURCE >= 200809L ++ + s = realpath(path, NULL); +-#else +- s = NULL; +-# error We have to deal with realpath(3) PATH_MAX madness +-#endif + if (s != NULL) + { + /* The called program resolved to the canonical location. We don't update + diff --git a/sys-auth/polkit/files/polkit-126-realpath.patch b/sys-auth/polkit/files/polkit-126-realpath.patch new file mode 100644 index 000000000000..3946932fa1ff --- /dev/null +++ b/sys-auth/polkit/files/polkit-126-realpath.patch @@ -0,0 +1,133 @@ +https://github.com/polkit-org/polkit/commit/9aa43e089d870a8ee695e625237c5b731b250678 + +From 9aa43e089d870a8ee695e625237c5b731b250678 Mon Sep 17 00:00:00 2001 +From: Walter Doekes <walter+github@wjd.nu> +Date: Fri, 25 Oct 2024 23:18:16 +0200 +Subject: [PATCH] pkexec: Use realpath when comparing + org.freedesktop.policykit.exec.path + +This changes the pkexec path that is compared from the original supplied +path to the path resolved by realpath(3). + +That means that "/bin/something" might now be matched as +"/usr/bin/something", a review of your + <annotate key="org.freedesktop.policykit.exec.path"> +actions might be in order. + +Fixes: polkit-org/polkit#194 + +See also: systemd/systemd#34714 +--- + src/programs/pkexec.c | 29 +++++++++++++++++++++++++++-- + test/integration/pkexec/test.sh | 23 +++++++++++++++++++++++ + 2 files changed, 50 insertions(+), 2 deletions(-) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 65c13090..b439475f 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -452,6 +452,7 @@ main (int argc, char *argv[]) + gchar *action_id; + gboolean allow_gui; + gchar **exec_argv; ++ gchar *path_abs; + gchar *path; + struct passwd pwstruct; + gchar pwbuf[8192]; +@@ -508,6 +509,7 @@ main (int argc, char *argv[]) + result = NULL; + action_id = NULL; + saved_env = NULL; ++ path_abs = NULL; + path = NULL; + exec_argv = NULL; + command_line = NULL; +@@ -624,6 +626,8 @@ main (int argc, char *argv[]) + * but do check this is the case. + * + * We also try to locate the program in the path if a non-absolute path is given. ++ * ++ * And then we resolve the real path of the program. + */ + g_assert (argv[argc] == NULL); + path = g_strdup (argv[n]); +@@ -647,7 +651,7 @@ main (int argc, char *argv[]) + } + if (path[0] != '/') + { +- /* g_find_program_in_path() is not suspectible to attacks via the environment */ ++ /* g_find_program_in_path() is not susceptible to attacks via the environment */ + s = g_find_program_in_path (path); + if (s == NULL) + { +@@ -662,9 +666,29 @@ main (int argc, char *argv[]) + */ + if (argv[n] != NULL) + { +- argv[n] = path; ++ /* Must copy because we might replace path later on. */ ++ path_abs = g_strdup(path); ++ /* argv[n:] is used as argv arguments to execv(). The called program ++ * sees the original called path, but we make sure it's absolute. */ ++ if (path_abs != NULL) ++ argv[n] = path_abs; + } + } ++#if _POSIX_C_SOURCE >= 200809L ++ s = realpath(path, NULL); ++#else ++ s = NULL; ++# error We have to deal with realpath(3) PATH_MAX madness ++#endif ++ if (s != NULL) ++ { ++ /* The called program resolved to the canonical location. We don't update ++ * argv[n] this time. The called program still sees the original ++ * called path. This is very important for multi-call binaries like ++ * busybox. */ ++ g_free (path); ++ path = s; ++ } + if (access (path, F_OK) != 0) + { + g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno)); +@@ -1084,6 +1108,7 @@ main (int argc, char *argv[]) + } + + g_free (original_cwd); ++ g_free (path_abs); + g_free (path); + g_free (command_line); + g_free (cmdline_short); +diff --git a/test/integration/pkexec/test.sh b/test/integration/pkexec/test.sh +index 4c76687b..e57b948f 100755 +--- a/test/integration/pkexec/test.sh ++++ b/test/integration/pkexec/test.sh +@@ -142,3 +142,26 @@ sudo -u "$TEST_USER" expect "$TMP_DIR/SIGTRAP-on-EOF.exp" | tee "$TMP_DIR/SIGTRA + grep -q "AUTHENTICATION FAILED" "$TMP_DIR/SIGTRAP-on-EOF.log" + grep -q "Not authorized" "$TMP_DIR/SIGTRAP-on-EOF.log" + rm -f "$TMP_DIR/SIGTRAP-on-EOF.log" ++ ++: "Check absolute (but not canonicalized) path" ++BASH_ABS=$(command -v bash) ++ln -s "$BASH_ABS" ./my-bash ++sudo -u "$TEST_USER" expect "$TMP_DIR/basic-auth.exp" "$TEST_USER_PASSWORD" ./my-bash -c true | tee "$TMP_DIR/absolute-path.log" ++grep -Eq "Authentication is needed to run \`/.*/${PWD##*/}/./my-bash -c true' as the super user" "$TMP_DIR/absolute-path.log" ++grep -q "AUTHENTICATION COMPLETE" "$TMP_DIR/absolute-path.log" ++rm -f "$TMP_DIR/absolute-path.log" ++rm -f "./my-bash" ++ ++: "Check canonicalized path" ++if command -v strace; then ++ BASH_ABS=$(command -v bash) ++ ln -s "$BASH_ABS" ./my-bash ++ sudo -u "$TEST_USER" strace -s 512 -o "$TMP_DIR/canonical-path.strace" -feexecve \ ++ expect "$TMP_DIR/basic-auth.exp" "$TEST_USER_PASSWORD" ./my-bash -c true | tee "$TMP_DIR/canonical-path.log" ++ cat "$TMP_DIR/canonical-path.strace" ++ grep -qF "execve(\"$BASH_ABS\", [\"$PWD/./my-bash\"," "$TMP_DIR/canonical-path.strace" ++ grep -q "AUTHENTICATION COMPLETE" "$TMP_DIR/canonical-path.log" ++ rm -f "$TMP_DIR/canonical-path.log" "$TMP_DIR/canonical-path.strace" ++ rm -f "./my-bash" ++ rm -f "$TMP_DIR/preload.c" "$TMP_DIR/preload.so" ++fi + diff --git a/sys-auth/polkit/polkit-126-r1.ebuild b/sys-auth/polkit/polkit-126-r1.ebuild new file mode 100644 index 000000000000..d3d5ee6aac97 --- /dev/null +++ b/sys-auth/polkit/polkit-126-r1.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) +inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/polkit-org/polkit" + inherit git-r3 +elif [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" +fi + +LICENSE="LGPL-2" +SLOT="0" +if [[ ${PV} != 9999 ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi +IUSE="+daemon examples gtk +introspection kde pam nls selinux systemd test" +RESTRICT="!test? ( test )" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + >=dev-libs/glib-2.32 + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + nls? ( sys-devel/gettext ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + dev-lang/duktape:= + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${P}-elogind.patch + "${FILESDIR}"/${P}-realpath.patch + "${FILESDIR}"/${P}-musl.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:@PRIVILEGED_GROUP@|unix-user:@PRIVILEGED_GROUP@|' src/polkitbackend/*-default.rules.in || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dpam_module_dir=$(getpam_mod_dir) + -Dprivileged_group=0 + -Dsession_tracking="$(usex systemd logind elogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use nls gettext) + $(meson_use test tests) + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon ; then + tmpfiles_process polkit-tmpfiles.conf + + if [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi + fi +} diff --git a/sys-auth/polkit/polkit-126.ebuild b/sys-auth/polkit/polkit-126.ebuild new file mode 100644 index 000000000000..6d0de65b2529 --- /dev/null +++ b/sys-auth/polkit/polkit-126.ebuild @@ -0,0 +1,157 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/polkit-org/polkit" + inherit git-r3 +elif [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" +fi + +LICENSE="LGPL-2" +SLOT="0" +if [[ ${PV} != 9999 ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi +IUSE="+daemon examples gtk +introspection kde pam nls selinux systemd test" +RESTRICT="!test? ( test )" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + >=dev-libs/glib-2.32 + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + nls? ( sys-devel/gettext ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + dev-lang/duktape:= + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:@PRIVILEGED_GROUP@|unix-user:@PRIVILEGED_GROUP@|' src/polkitbackend/*-default.rules.in || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dpam_module_dir=$(getpam_mod_dir) + -Dprivileged_group=0 + -Dsession_tracking="$(usex systemd logind elogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use nls gettext) + $(meson_use test tests) + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + tmpfiles_process polkit-tmpfiles.conf + + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} diff --git a/sys-auth/polkit/polkit-9999.ebuild b/sys-auth/polkit/polkit-9999.ebuild index 5ba85f4ecd7e..d3d5ee6aac97 100644 --- a/sys-auth/polkit/polkit-9999.ebuild +++ b/sys-auth/polkit/polkit-9999.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2024 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) +PYTHON_COMPAT=( python3_{10..13} ) inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils DESCRIPTION="Policy framework for controlling privileges for system-wide services" @@ -28,20 +28,20 @@ SLOT="0" if [[ ${PV} != 9999 ]] ; then KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" fi -IUSE="+daemon examples gtk +introspection kde pam selinux systemd test" +IUSE="+daemon examples gtk +introspection kde pam nls selinux systemd test" RESTRICT="!test? ( test )" BDEPEND=" acct-user/polkitd app-text/docbook-xml-dtd:4.1.2 app-text/docbook-xsl-stylesheets - dev-libs/glib + >=dev-libs/glib-2.32 dev-libs/gobject-introspection-common dev-libs/libxslt dev-util/glib-utils - sys-devel/gettext virtual/pkgconfig introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + nls? ( sys-devel/gettext ) test? ( $(python_gen_any_dep ' dev-python/dbus-python[${PYTHON_USEDEP}] @@ -83,6 +83,12 @@ QA_MULTILIB_PATHS=" usr/lib/polkit-1/polkitd " +PATCHES=( + "${FILESDIR}"/${P}-elogind.patch + "${FILESDIR}"/${P}-realpath.patch + "${FILESDIR}"/${P}-musl.patch +) + python_check_deps() { python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" @@ -115,6 +121,7 @@ src_configure() { -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" $(meson_use !daemon libs-only) $(meson_use introspection) + $(meson_use nls gettext) $(meson_use test tests) ) meson_src_configure @@ -147,10 +154,12 @@ src_install() { } pkg_postinst() { - tmpfiles_process polkit-tmpfiles.conf + if use daemon ; then + tmpfiles_process polkit-tmpfiles.conf - if use daemon && [[ ${EUID} == 0 ]]; then - chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d - chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + if [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi fi } |