From 4494e5917381ba04c39259269d45679b6486ebc3 Mon Sep 17 00:00:00 2001 From: Alexander Miroshnichenko Date: Sat, 16 Jan 2021 11:59:46 +0300 Subject: [PATCH] sys-auth/polkit: Add package with dutape JS backend and musl libc support --- sys-auth/polkit/Manifest | 7 + .../polkit/files/polkit-0.115-elogind.patch | 28 + ...116-make-netgroup-support-optional-2.patch | 219 +++ .../files/polkit-0.118-duktape-posix.patch | 35 + .../polkit/files/polkit-0.118-duktape.patch | 1497 +++++++++++++++++ sys-auth/polkit/metadata.xml | 13 + sys-auth/polkit/polkit-0.118-r1.ebuild | 147 ++ 7 files changed, 1946 insertions(+) create mode 100644 sys-auth/polkit/Manifest create mode 100644 sys-auth/polkit/files/polkit-0.115-elogind.patch create mode 100644 sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch create mode 100644 sys-auth/polkit/files/polkit-0.118-duktape-posix.patch create mode 100644 sys-auth/polkit/files/polkit-0.118-duktape.patch create mode 100644 sys-auth/polkit/metadata.xml create mode 100644 sys-auth/polkit/polkit-0.118-r1.ebuild diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest new file mode 100644 index 0000000..5499360 --- /dev/null +++ b/sys-auth/polkit/Manifest @@ -0,0 +1,7 @@ +AUX polkit-0.115-elogind.patch 1069 BLAKE2B 6c5a3d7d3e716a994b951181808f64d864e6ca58b3a018a5354022f08c6e7c1d8987366c9777f47cc970916ad9fe39f288a1b1643113fc99745f333e02dab56f SHA512 06432fa56788699762c6978484640554f91728a1cb40679eb47b8514b3c7aa23aac5b9c26586eb4d7043a0af1b319bbe7f869d24844d9151317299b74a8e8f7f +AUX polkit-0.116-make-netgroup-support-optional-2.patch 7163 BLAKE2B dc6b1be4ca425e0774864947d49c3407eed6ab050aceb5018f2c63129faa2cfa034317dd5f29e0f8f46834460ffdfd93faf21184bc3a4198b3b9c8a83bf924dc SHA512 8eb16f4a20b768f3124869fd6602b8b23b6eadb45cbf0767abd67b9a04afdcff00f211d6e0c63bfe0e925165d16d80e200a0a6008d0306274efa2d1eb7bf9ab9 +AUX polkit-0.118-duktape-posix.patch 1181 BLAKE2B afb8347014965eb5105beaffc8d40e55269749a9f206076905d71d021bf946f062cc4a44061d232d9c5768ca48cd4973c50bb95dec3a9fac5bc36427cf6b3032 SHA512 4250c2af20242b58cd8f5fd1a2b40d197668e2fadb0324bc9bcd2fd5fc6c3f78093b51d7e04c05950a9d57d3755e07e0b4200e9ca568964bf6409319f022c4de +AUX polkit-0.118-duktape.patch 50120 BLAKE2B a88f101e96653377ea9ac7ae4500e8c613d91f5fa5255035a81ab29c6d27fc528735bf5ebe96782494e6f8576935d35f1d487b1ac86906bf51beee9b50655d69 SHA512 68a4c345b70b97ab5a83ea90d0558988f1568f165bc0313be35d4a95793e2a3b9e562a277d17fda8c9c8a00b7124287f9782b25cad4b76b32402832613464ca3 +DIST polkit-0.118.tar.gz 1556765 BLAKE2B d048b37b1ff8ad59a2d8a333a3b459d1592b61f7a6d9a9569f8b2984de913d71abfc9748e242c7453f0bce4f322bd44672e35309f181afd22488794ca0e47119 SHA512 3d412f40c903cfaf68530f9c0cb616106f8edf43bec6805de129f8bb9cb4e64c98da6bf02caa3ef5619974f3e2df7a70564f08b92901662453477e9005752b4e +EBUILD polkit-0.118-r1.ebuild 3721 BLAKE2B cf117b32457a28e5a2bc510c88dbb7f8e65d1a7cfd7f3bbe9fb45aa75b95413e8c032c2ce0ee475f813134b1bec54588b0a10460f69b01a1279183af84274f6f SHA512 330127b2096b7450d8fd73f94d523950bc363aec09f1d4140b8c91d79cb6549bfc4b0282cf97018ffdfd85290f02c610597bd136e4fddad0d713b3b73d696cb1 +MISC metadata.xml 604 BLAKE2B 2fbb9fc0513a5ab2b6777d5dc1dda3ac66bcde7846a03c1ac80f3e0bfe6b238d90a5f84d66a98ab8cd7738dc9a24f6f098dfe9c91679bbf5e317e7047ba3e553 SHA512 86d3edcf3f82ed5da490f42d195ce27b07f21ed29786fddb5a779ba0790aa8f98fc5eecab8ef7cf67b0d9011dcc050df45cfb8c29b193763424ae8ee60795fce diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch new file mode 100644 index 0000000..93d6720 --- /dev/null +++ b/sys-auth/polkit/files/polkit-0.115-elogind.patch @@ -0,0 +1,28 @@ +From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001 +From: Rasmus Thomsen +Date: Wed, 11 Apr 2018 13:14:14 +0200 +Subject: [PATCH] configure: fix elogind support + +HAVE_LIBSYSTEMD is used to determine which source files to use. +We have to check if either have_libsystemd or have_libelogind is +true, as both of these need the source files which are used when +HAVE_LIBSYSTEMD is true. +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 36df239..da47ecb 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [ + + AC_SUBST(LIBSYSTEMD_CFLAGS) + AC_SUBST(LIBSYSTEMD_LIBS) +-AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd]) ++AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd]) + + dnl --------------------------------------------------------------------------- + dnl - systemd unit / service files +-- +2.17.0 diff --git a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch new file mode 100644 index 0000000..aef30ef --- /dev/null +++ b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch @@ -0,0 +1,219 @@ +diff --git a/configure.ac b/configure.ac +index 4809dc9..d1ea325 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], + [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) + AC_SUBST(EXPAT_LIBS) + +-AC_CHECK_FUNCS(clearenv fdatasync) ++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) + + if test "x$GCC" = "xyes"; then + LDFLAGS="-Wl,--as-needed $LDFLAGS" +diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c +index 3aa1f7f..793f17d 100644 +--- a/src/polkit/polkitidentity.c ++++ b/src/polkit/polkitidentity.c +@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, + } + else if (g_str_has_prefix (str, "unix-netgroup:")) + { ++#ifndef HAVE_SETNETGRENT ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Netgroups are not available on this machine ('%s')", ++ str); ++#else + identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); ++#endif + } + + if (identity == NULL && (error != NULL && *error == NULL)) +@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, + GVariant *v; + const char *name; + ++#ifndef HAVE_SETNETGRENT ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Netgroups are not available on this machine"); ++ goto out; ++#else ++ + v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); + if (v == NULL) + { +@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, + name = g_variant_get_string (v, NULL); + ret = polkit_unix_netgroup_new (name); + g_variant_unref (v); ++#endif + } + else + { +diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c +index 8a2b369..83f8d4a 100644 +--- a/src/polkit/polkitunixnetgroup.c ++++ b/src/polkit/polkitunixnetgroup.c +@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, + PolkitIdentity * + polkit_unix_netgroup_new (const gchar *name) + { ++#ifndef HAVE_SETNETGRENT ++ g_assert_not_reached(); ++#endif + g_return_val_if_fail (name != NULL, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, + "name", name, +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 056d9a8..36c2f3d 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, + GList *ret; + + ret = NULL; ++#ifdef HAVE_SETNETGRENT + name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); + +-#ifdef HAVE_SETNETGRENT_RETURN ++# ifdef HAVE_SETNETGRENT_RETURN + if (setnetgrent (name) == 0) + { + g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); + goto out; + } +-#else ++# else + setnetgrent (name); +-#endif ++# endif /* HAVE_SETNETGRENT_RETURN */ + + for (;;) + { +-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) ++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) + const char *hostname, *username, *domainname; +-#else ++# else + char *hostname, *username, *domainname; +-#endif ++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ + PolkitIdentity *user; + GError *error = NULL; + +@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group, + + out: + endnetgrent (); ++#endif /* HAVE_SETNETGRENT */ + return ret; + } + +diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp +index 1d91103..366cbdf 100644 +--- a/src/polkitbackend/polkitbackendjsauthority.cpp ++++ b/src/polkitbackend/polkitbackendjsauthority.cpp +@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, + + JS::CallArgs args = JS::CallArgsFromVp (argc, vp); + ++#ifdef HAVE_SETNETGRENT + JS::RootedString usrstr (authority->priv->cx); + usrstr = args[0].toString(); + user = JS_EncodeStringToUTF8 (cx, usrstr); +@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, + { + is_in_netgroup = true; + } ++#endif + + ret = true; + +diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c +index e91967b..e829aaa 100644 +--- a/test/polkit/polkitidentitytest.c ++++ b/test/polkit/polkitidentitytest.c +@@ -19,6 +19,7 @@ + * Author: Nikki VonHollen + */ + ++#include "config.h" + #include "glib.h" + #include + #include +@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = { + {"unix-group:root", "unix-group:jane", FALSE}, + {"unix-group:jane", "unix-group:jane", TRUE}, + ++#ifdef HAVE_SETNETGRENT + {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, + {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, ++#endif + + {"unix-user:root", "unix-group:root", FALSE}, ++#ifdef HAVE_SETNETGRENT + {"unix-user:jane", "unix-netgroup:foo", FALSE}, ++#endif + + {NULL}, + }; +@@ -181,11 +186,13 @@ main (int argc, char *argv[]) + g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); + g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); + ++#ifdef HAVE_SETNETGRENT + g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); ++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); ++#endif + + g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); + g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); +- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); + + add_comparison_tests (); + +diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c +index 3701ba1..e3352eb 100644 +--- a/test/polkit/polkitunixnetgrouptest.c ++++ b/test/polkit/polkitunixnetgrouptest.c +@@ -19,6 +19,7 @@ + * Author: Nikki VonHollen + */ + ++#include "config.h" + #include "glib.h" + #include + #include +@@ -69,7 +70,9 @@ int + main (int argc, char *argv[]) + { + g_test_init (&argc, &argv, NULL); ++#ifdef HAVE_SETNETGRENT + g_test_add_func ("/PolkitUnixNetgroup/new", test_new); + g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); ++#endif + return g_test_run (); + } +diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c +index 71aad23..fdd28f3 100644 +--- a/test/polkitbackend/test-polkitbackendjsauthority.c ++++ b/test/polkitbackend/test-polkitbackendjsauthority.c +@@ -137,12 +137,14 @@ test_get_admin_identities (void) + "unix-group:users" + } + }, ++#ifdef HAVE_SETNETGRENT + { + "net.company.action3", + { + "unix-netgroup:foo" + } + }, ++#endif + }; + guint n; + diff --git a/sys-auth/polkit/files/polkit-0.118-duktape-posix.patch b/sys-auth/polkit/files/polkit-0.118-duktape-posix.patch new file mode 100644 index 0000000..9f7fc60 --- /dev/null +++ b/sys-auth/polkit/files/polkit-0.118-duktape-posix.patch @@ -0,0 +1,35 @@ +From 48639a6e1b2bdb8e26fdad40e08717799a7202ad Mon Sep 17 00:00:00 2001 +From: Alexander Miroshnichenko +Date: Sat, 16 Jan 2021 11:54:32 +0300 +Subject: [PATCH] POSIX support for duktape JS backend +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Signed-off-by: Alexander Miroshnichenko +--- + src/polkitbackend/polkitbackendduktapeauthority.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c +index ae984535ed88..b5b73bfea0d1 100644 +--- a/src/polkitbackend/polkitbackendduktapeauthority.c ++++ b/src/polkitbackend/polkitbackendduktapeauthority.c +@@ -1013,6 +1013,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) + user = duk_require_string (cx, 0); + netgroup = duk_require_string (cx, 1); + ++#if defined HAVE_INNETGR + if (innetgr (netgroup, + NULL, /* host */ + user, +@@ -1020,6 +1021,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) + { + is_in_netgroup = TRUE; + } ++#endif + + duk_push_boolean (cx, is_in_netgroup); + return 1; +-- +2.26.2 + diff --git a/sys-auth/polkit/files/polkit-0.118-duktape.patch b/sys-auth/polkit/files/polkit-0.118-duktape.patch new file mode 100644 index 0000000..4f572c1 --- /dev/null +++ b/sys-auth/polkit/files/polkit-0.118-duktape.patch @@ -0,0 +1,1497 @@ +diff --git a/configure.ac b/configure.ac +index 5cedb4eca980f050fb5855ab577e93100adf8fec..6c274869f39d4b65b08f7cdb9e461b5182d297ec 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -79,11 +79,22 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) + AC_SUBST(GLIB_CFLAGS) + AC_SUBST(GLIB_LIBS) + +-PKG_CHECK_MODULES(LIBJS, [mozjs-78]) +- +-AC_SUBST(LIBJS_CFLAGS) +-AC_SUBST(LIBJS_CXXFLAGS) +-AC_SUBST(LIBJS_LIBS) ++dnl --------------------------------------------------------------------------- ++dnl - Check javascript backend ++dnl --------------------------------------------------------------------------- ++AC_ARG_WITH(duktape, AS_HELP_STRING([--with-duktape],[Use Duktape as javascript backend]),with_duktape=yes,with_duktape=no) ++AS_IF([test x${with_duktape} == xyes], [ ++ PKG_CHECK_MODULES(LIBJS, [duktape >= 2.0.0 ]) ++ AC_SUBST(LIBJS_CFLAGS) ++ AC_SUBST(LIBJS_LIBS) ++], [ ++ PKG_CHECK_MODULES(LIBJS, [mozjs-78]) ++ ++ AC_SUBST(LIBJS_CFLAGS) ++ AC_SUBST(LIBJS_CXXFLAGS) ++ AC_SUBST(LIBJS_LIBS) ++]) ++AM_CONDITIONAL(USE_DUKTAPE, [test x$with_duktape == xyes], [Using duktape as javascript engine library]) + + EXPAT_LIB="" + AC_ARG_WITH(expat, [ --with-expat= Use expat from here], +@@ -580,6 +591,13 @@ echo " + PAM support: ${have_pam} + systemdsystemunitdir: ${systemdsystemunitdir} + polkitd user: ${POLKITD_USER}" ++if test "x${with_duktape}" = xyes; then ++echo " ++ Javascript engine: Duktape" ++else ++echo " ++ Javascript engine: Mozjs" ++fi + + if test "$have_pam" = yes ; then + echo " +diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am +index e48b739cc0a4e7606be0271ba4b4e3bd33b08545..9572b067effdf6f0dcd1c6b17b2e8c59c1ed6238 100644 +--- a/src/polkitbackend/Makefile.am ++++ b/src/polkitbackend/Makefile.am +@@ -33,7 +33,7 @@ libpolkit_backend_1_la_SOURCES = \ + polkitbackendprivate.h \ + polkitbackendauthority.h polkitbackendauthority.c \ + polkitbackendinteractiveauthority.h polkitbackendinteractiveauthority.c \ +- polkitbackendjsauthority.h polkitbackendjsauthority.cpp \ ++ polkitbackendjsauthority.h \ + polkitbackendactionpool.h polkitbackendactionpool.c \ + polkitbackendactionlookup.h polkitbackendactionlookup.c \ + $(NULL) +@@ -51,19 +51,27 @@ libpolkit_backend_1_la_CFLAGS = \ + -D_POLKIT_BACKEND_COMPILATION \ + $(GLIB_CFLAGS) \ + $(LIBSYSTEMD_CFLAGS) \ +- $(LIBJS_CFLAGS) \ ++ $(LIBJS_CFLAGS) \ + $(NULL) + + libpolkit_backend_1_la_CXXFLAGS = $(libpolkit_backend_1_la_CFLAGS) + + libpolkit_backend_1_la_LIBADD = \ + $(GLIB_LIBS) \ ++ $(DUKTAPE_LIBS) \ + $(LIBSYSTEMD_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(EXPAT_LIBS) \ +- $(LIBJS_LIBS) \ ++ $(LIBJS_LIBS) \ + $(NULL) + ++if USE_DUKTAPE ++libpolkit_backend_1_la_SOURCES += polkitbackendduktapeauthority.c ++libpolkit_backend_1_la_LIBADD += -lm ++else ++libpolkit_backend_1_la_SOURCES += polkitbackendjsauthority.cpp ++endif ++ + rulesdir = $(sysconfdir)/polkit-1/rules.d + rules_DATA = 50-default.rules + +diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c +new file mode 100644 +index 0000000000000000000000000000000000000000..ae984535ed88003ab1b0965e3e109a848479c047 +--- /dev/null ++++ b/src/polkitbackend/polkitbackendduktapeauthority.c +@@ -0,0 +1,1402 @@ ++/* ++ * Copyright (C) 2008-2012 Red Hat, Inc. ++ * Copyright (C) 2015 Tangent Space ++ * Copyright (C) 2019 Wu Xiaotian ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General ++ * Public License along with this library; if not, write to the ++ * Free Software Foundation, Inc., 59 Temple Place, Suite 330, ++ * Boston, MA 02111-1307, USA. ++ * ++ * Author: David Zeuthen ++ */ ++ ++#include "config.h" ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include "polkitbackendjsauthority.h" ++ ++#include ++ ++#ifdef HAVE_LIBSYSTEMD ++#include ++#endif /* HAVE_LIBSYSTEMD */ ++ ++#include "initjs.h" /* init.js */ ++#include "duktape.h" ++ ++/** ++ * SECTION:polkitbackendjsauthority ++ * @title: PolkitBackendJsAuthority ++ * @short_description: JS Authority ++ * @stability: Unstable ++ * ++ * An implementation of #PolkitBackendAuthority that reads and ++ * evalates Javascript files and supports interaction with ++ * authentication agents (virtue of being based on ++ * #PolkitBackendInteractiveAuthority). ++ */ ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++struct _PolkitBackendJsAuthorityPrivate ++{ ++ gchar **rules_dirs; ++ GFileMonitor **dir_monitors; /* NULL-terminated array of GFileMonitor instances */ ++ duk_context *cx; ++}; ++ ++#define WATCHDOG_TIMEOUT (15 * G_TIME_SPAN_SECOND) ++ ++static void utils_spawn (const gchar *const *argv, ++ guint timeout_seconds, ++ GCancellable *cancellable, ++ GAsyncReadyCallback callback, ++ gpointer user_data); ++ ++gboolean utils_spawn_finish (GAsyncResult *res, ++ gint *out_exit_status, ++ gchar **out_standard_output, ++ gchar **out_standard_error, ++ GError **error); ++ ++static void on_dir_monitor_changed (GFileMonitor *monitor, ++ GFile *file, ++ GFile *other_file, ++ GFileMonitorEvent event_type, ++ gpointer user_data); ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++enum ++{ ++ PROP_0, ++ PROP_RULES_DIRS, ++}; ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++static GList *polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority, ++ PolkitSubject *caller, ++ PolkitSubject *subject, ++ PolkitIdentity *user_for_subject, ++ gboolean subject_is_local, ++ gboolean subject_is_active, ++ const gchar *action_id, ++ PolkitDetails *details); ++ ++static PolkitImplicitAuthorization polkit_backend_js_authority_check_authorization_sync ( ++ PolkitBackendInteractiveAuthority *authority, ++ PolkitSubject *caller, ++ PolkitSubject *subject, ++ PolkitIdentity *user_for_subject, ++ gboolean subject_is_local, ++ gboolean subject_is_active, ++ const gchar *action_id, ++ PolkitDetails *details, ++ PolkitImplicitAuthorization implicit); ++ ++G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY); ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++static void ++polkit_backend_js_authority_init (PolkitBackendJsAuthority *authority) ++{ ++ authority->priv = G_TYPE_INSTANCE_GET_PRIVATE (authority, ++ POLKIT_BACKEND_TYPE_JS_AUTHORITY, ++ PolkitBackendJsAuthorityPrivate); ++} ++ ++static gint ++rules_file_name_cmp (const gchar *a, ++ const gchar *b) ++{ ++ gint ret; ++ const gchar *a_base; ++ const gchar *b_base; ++ ++ a_base = strrchr (a, '/'); ++ b_base = strrchr (b, '/'); ++ ++ g_assert (a_base != NULL); ++ g_assert (b_base != NULL); ++ a_base += 1; ++ b_base += 1; ++ ++ ret = g_strcmp0 (a_base, b_base); ++ if (ret == 0) ++ { ++ /* /etc wins over /usr */ ++ ret = g_strcmp0 (a, b); ++ g_assert (ret != 0); ++ } ++ ++ return ret; ++} ++ ++static void ++load_scripts (PolkitBackendJsAuthority *authority) ++{ ++ duk_context *cx = authority->priv->cx; ++ GList *files = NULL; ++ GList *l; ++ guint num_scripts = 0; ++ GError *error = NULL; ++ guint n; ++ ++ files = NULL; ++ ++ for (n = 0; authority->priv->rules_dirs != NULL && authority->priv->rules_dirs[n] != NULL; n++) ++ { ++ const gchar *dir_name = authority->priv->rules_dirs[n]; ++ GDir *dir = NULL; ++ ++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ "Loading rules from directory %s", ++ dir_name); ++ ++ dir = g_dir_open (dir_name, ++ 0, ++ &error); ++ if (dir == NULL) ++ { ++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ "Error opening rules directory: %s (%s, %d)", ++ error->message, g_quark_to_string (error->domain), error->code); ++ g_clear_error (&error); ++ } ++ else ++ { ++ const gchar *name; ++ while ((name = g_dir_read_name (dir)) != NULL) ++ { ++ if (g_str_has_suffix (name, ".rules")) ++ files = g_list_prepend (files, g_strdup_printf ("%s/%s", dir_name, name)); ++ } ++ g_dir_close (dir); ++ } ++ } ++ ++ files = g_list_sort (files, (GCompareFunc) rules_file_name_cmp); ++ ++ for (l = files; l != NULL; l = l->next) ++ { ++ const gchar *filename = l->data; ++ ++#if (DUK_VERSION >= 20000) ++ gchar *contents; ++ gsize length; ++ GError *error = NULL; ++ if (!g_file_get_contents (filename, &contents, &length, &error)){ ++ g_warning("Error when file contents of %s: %s\n", filename, error->message); ++ g_error_free (error); ++ continue; ++ } ++ if (duk_peval_lstring_noresult(cx, contents,length) != 0) ++#else ++ if (duk_peval_file_noresult (cx, filename) != 0) ++#endif ++ { ++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ "Error compiling script %s: %s", ++ filename, duk_safe_to_string (authority->priv->cx, -1)); ++#if (DUK_VERSION >= 20000) ++ g_free (contents); ++#endif ++ continue; ++ } ++#if (DUK_VERSION >= 20000) ++ g_free (contents); ++#endif ++ num_scripts++; ++ } ++ ++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ "Finished loading, compiling and executing %d rules", ++ num_scripts); ++ g_list_free_full (files, g_free); ++} ++ ++static void ++reload_scripts (PolkitBackendJsAuthority *authority) ++{ ++ duk_context *cx = authority->priv->cx; ++ ++ duk_set_top (cx, 0); ++ duk_get_global_string (cx, "polkit"); ++ duk_push_string (cx, "_deleteRules"); ++ ++ duk_call_prop (cx, 0, 0); ++ ++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ "Collecting garbage unconditionally..."); ++ ++ load_scripts (authority); ++ ++ /* Let applications know we have new rules... */ ++ g_signal_emit_by_name (authority, "changed"); ++} ++ ++static void ++on_dir_monitor_changed (GFileMonitor *monitor, ++ GFile *file, ++ GFile *other_file, ++ GFileMonitorEvent event_type, ++ gpointer user_data) ++{ ++ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (user_data); ++ ++ /* TODO: maybe rate-limit so storms of events are collapsed into one with a 500ms resolution? ++ * Because when editing a file with emacs we get 4-8 events.. ++ */ ++ ++ if (file != NULL) ++ { ++ gchar *name; ++ ++ name = g_file_get_basename (file); ++ ++ /* g_print ("event_type=%d file=%p name=%s\n", event_type, file, name); */ ++ if (!g_str_has_prefix (name, ".") && ++ !g_str_has_prefix (name, "#") && ++ g_str_has_suffix (name, ".rules") && ++ (event_type == G_FILE_MONITOR_EVENT_CREATED || ++ event_type == G_FILE_MONITOR_EVENT_DELETED || ++ event_type == G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT)) ++ { ++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ "Reloading rules"); ++ reload_scripts (authority); ++ } ++ g_free (name); ++ } ++} ++ ++ ++static void ++setup_file_monitors (PolkitBackendJsAuthority *authority) ++{ ++ guint n; ++ GPtrArray *p; ++ ++ p = g_ptr_array_new (); ++ for (n = 0; authority->priv->rules_dirs != NULL && authority->priv->rules_dirs[n] != NULL; n++) ++ { ++ GFile *file; ++ GError *error; ++ GFileMonitor *monitor; ++ ++ file = g_file_new_for_path (authority->priv->rules_dirs[n]); ++ error = NULL; ++ monitor = g_file_monitor_directory (file, ++ G_FILE_MONITOR_NONE, ++ NULL, ++ &error); ++ g_object_unref (file); ++ if (monitor == NULL) ++ { ++ g_warning ("Error monitoring directory %s: %s", ++ authority->priv->rules_dirs[n], ++ error->message); ++ g_clear_error (&error); ++ } ++ else ++ { ++ g_signal_connect (monitor, ++ "changed", ++ G_CALLBACK (on_dir_monitor_changed), ++ authority); ++ g_ptr_array_add (p, monitor); ++ } ++ } ++ g_ptr_array_add (p, NULL); ++ authority->priv->dir_monitors = (GFileMonitor**) g_ptr_array_free (p, FALSE); ++} ++ ++static duk_ret_t js_polkit_log (duk_context *cx); ++static duk_ret_t js_polkit_spawn (duk_context *cx); ++static duk_ret_t js_polkit_user_is_in_netgroup (duk_context *cx); ++ ++static const duk_function_list_entry js_polkit_functions[] = ++{ ++ { "log", js_polkit_log, 1 }, ++ { "spawn", js_polkit_spawn, 1 }, ++ { "_userIsInNetGroup", js_polkit_user_is_in_netgroup, 2 }, ++ { NULL, NULL, 0 }, ++}; ++ ++static void ++polkit_backend_js_authority_constructed (GObject *object) ++{ ++ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object); ++ duk_context *cx; ++ ++ cx = duk_create_heap (NULL, NULL, NULL, authority, NULL); ++ if (cx == NULL) ++ goto fail; ++ ++ authority->priv->cx = cx; ++ ++ duk_push_global_object (cx); ++ duk_push_object (cx); ++ duk_put_function_list (cx, -1, js_polkit_functions); ++ duk_put_prop_string (cx, -2, "polkit"); ++ ++ duk_eval_string (cx, init_js); ++ ++ if (authority->priv->rules_dirs == NULL) ++ { ++ authority->priv->rules_dirs = g_new0 (gchar *, 3); ++ authority->priv->rules_dirs[0] = g_strdup (PACKAGE_SYSCONF_DIR "/polkit-1/rules.d"); ++ authority->priv->rules_dirs[1] = g_strdup (PACKAGE_DATA_DIR "/polkit-1/rules.d"); ++ } ++ ++ setup_file_monitors (authority); ++ load_scripts (authority); ++ ++ G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->constructed (object); ++ return; ++ ++ fail: ++ g_critical ("Error initializing JavaScript environment"); ++ g_assert_not_reached (); ++} ++ ++static void ++polkit_backend_js_authority_finalize (GObject *object) ++{ ++ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object); ++ guint n; ++ ++ for (n = 0; authority->priv->dir_monitors != NULL && authority->priv->dir_monitors[n] != NULL; n++) ++ { ++ GFileMonitor *monitor = authority->priv->dir_monitors[n]; ++ g_signal_handlers_disconnect_by_func (monitor, ++ G_CALLBACK (on_dir_monitor_changed), ++ authority); ++ g_object_unref (monitor); ++ } ++ g_free (authority->priv->dir_monitors); ++ g_strfreev (authority->priv->rules_dirs); ++ ++ duk_destroy_heap (authority->priv->cx); ++ ++ G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->finalize (object); ++} ++ ++static void ++polkit_backend_js_authority_set_property (GObject *object, ++ guint property_id, ++ const GValue *value, ++ GParamSpec *pspec) ++{ ++ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object); ++ ++ switch (property_id) ++ { ++ case PROP_RULES_DIRS: ++ g_assert (authority->priv->rules_dirs == NULL); ++ authority->priv->rules_dirs = (gchar **) g_value_dup_boxed (value); ++ break; ++ ++ default: ++ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec); ++ break; ++ } ++} ++ ++static const gchar * ++polkit_backend_js_authority_get_name (PolkitBackendAuthority *authority) ++{ ++ return "js"; ++} ++ ++static const gchar * ++polkit_backend_js_authority_get_version (PolkitBackendAuthority *authority) ++{ ++ return PACKAGE_VERSION; ++} ++ ++static PolkitAuthorityFeatures ++polkit_backend_js_authority_get_features (PolkitBackendAuthority *authority) ++{ ++ return POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION; ++} ++ ++static void ++polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass) ++{ ++ GObjectClass *gobject_class; ++ PolkitBackendAuthorityClass *authority_class; ++ PolkitBackendInteractiveAuthorityClass *interactive_authority_class; ++ ++ ++ gobject_class = G_OBJECT_CLASS (klass); ++ gobject_class->finalize = polkit_backend_js_authority_finalize; ++ gobject_class->set_property = polkit_backend_js_authority_set_property; ++ gobject_class->constructed = polkit_backend_js_authority_constructed; ++ ++ authority_class = POLKIT_BACKEND_AUTHORITY_CLASS (klass); ++ authority_class->get_name = polkit_backend_js_authority_get_name; ++ authority_class->get_version = polkit_backend_js_authority_get_version; ++ authority_class->get_features = polkit_backend_js_authority_get_features; ++ ++ interactive_authority_class = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS (klass); ++ interactive_authority_class->get_admin_identities = polkit_backend_js_authority_get_admin_auth_identities; ++ interactive_authority_class->check_authorization_sync = polkit_backend_js_authority_check_authorization_sync; ++ ++ g_object_class_install_property (gobject_class, ++ PROP_RULES_DIRS, ++ g_param_spec_boxed ("rules-dirs", ++ NULL, ++ NULL, ++ G_TYPE_STRV, ++ G_PARAM_CONSTRUCT_ONLY | G_PARAM_WRITABLE)); ++ ++ ++ g_type_class_add_private (klass, sizeof (PolkitBackendJsAuthorityPrivate)); ++} ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++static void ++set_property_str (duk_context *cx, ++ const gchar *name, ++ const gchar *value) ++{ ++ duk_push_string (cx, value); ++ duk_put_prop_string (cx, -2, name); ++} ++ ++static void ++set_property_strv (duk_context *cx, ++ const gchar *name, ++ GPtrArray *value) ++{ ++ guint n; ++ duk_push_array (cx); ++ for (n = 0; n < value->len; n++) ++ { ++ duk_push_string (cx, g_ptr_array_index (value, n)); ++ duk_put_prop_index (cx, -2, n); ++ } ++ duk_put_prop_string (cx, -2, name); ++} ++ ++static void ++set_property_int32 (duk_context *cx, ++ const gchar *name, ++ gint32 value) ++{ ++ duk_push_int (cx, value); ++ duk_put_prop_string (cx, -2, name); ++} ++ ++static void ++set_property_bool (duk_context *cx, ++ const char *name, ++ gboolean value) ++{ ++ duk_push_boolean (cx, value); ++ duk_put_prop_string (cx, -2, name); ++} ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++static gboolean ++push_subject (duk_context *cx, ++ PolkitSubject *subject, ++ PolkitIdentity *user_for_subject, ++ gboolean subject_is_local, ++ gboolean subject_is_active, ++ GError **error) ++{ ++ gboolean ret = FALSE; ++ pid_t pid; ++ uid_t uid; ++ gchar *user_name = NULL; ++ GPtrArray *groups = NULL; ++ struct passwd *passwd; ++ char *seat_str = NULL; ++ char *session_str = NULL; ++ ++ duk_get_global_string (cx, "Subject"); ++ duk_new (cx, 0); ++ ++ if (POLKIT_IS_UNIX_PROCESS (subject)) ++ { ++ pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); ++ } ++ else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) ++ { ++ PolkitSubject *process; ++ process = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); ++ if (process == NULL) ++ goto out; ++ pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (process)); ++ g_object_unref (process); ++ } ++ else ++ { ++ g_assert_not_reached (); ++ } ++ ++#ifdef HAVE_LIBSYSTEMD ++ if (sd_pid_get_session (pid, &session_str) == 0) ++ { ++ if (sd_session_get_seat (session_str, &seat_str) == 0) ++ { ++ /* do nothing */ ++ } ++ } ++#endif /* HAVE_LIBSYSTEMD */ ++ ++ g_assert (POLKIT_IS_UNIX_USER (user_for_subject)); ++ uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_for_subject)); ++ ++ groups = g_ptr_array_new_with_free_func (g_free); ++ ++ passwd = getpwuid (uid); ++ if (passwd == NULL) ++ { ++ user_name = g_strdup_printf ("%d", (gint) uid); ++ g_warning ("Error looking up info for uid %d: %m", (gint) uid); ++ } ++ else ++ { ++ gid_t gids[512]; ++ int num_gids = 512; ++ ++ user_name = g_strdup (passwd->pw_name); ++ ++ if (getgrouplist (passwd->pw_name, ++ passwd->pw_gid, ++ gids, ++ &num_gids) < 0) ++ { ++ g_warning ("Error looking up groups for uid %d: %m", (gint) uid); ++ } ++ else ++ { ++ gint n; ++ for (n = 0; n < num_gids; n++) ++ { ++ struct group *group; ++ group = getgrgid (gids[n]); ++ if (group == NULL) ++ { ++ g_ptr_array_add (groups, g_strdup_printf ("%d", (gint) gids[n])); ++ } ++ else ++ { ++ g_ptr_array_add (groups, g_strdup (group->gr_name)); ++ } ++ } ++ } ++ } ++ ++ set_property_int32 (cx, "pid", pid); ++ set_property_str (cx, "user", user_name); ++ set_property_strv (cx, "groups", groups); ++ set_property_str (cx, "seat", seat_str); ++ set_property_str (cx, "session", session_str); ++ set_property_bool (cx, "local", subject_is_local); ++ set_property_bool (cx, "active", subject_is_active); ++ ++ ret = TRUE; ++ ++ out: ++ free (session_str); ++ free (seat_str); ++ g_free (user_name); ++ if (groups != NULL) ++ g_ptr_array_unref (groups); ++ ++ return ret; ++} ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++static gboolean ++push_action_and_details (duk_context *cx, ++ const gchar *action_id, ++ PolkitDetails *details, ++ GError **error) ++{ ++ gchar **keys; ++ guint n; ++ ++ duk_get_global_string (cx, "Action"); ++ duk_new (cx, 0); ++ ++ set_property_str (cx, "id", action_id); ++ ++ keys = polkit_details_get_keys (details); ++ for (n = 0; keys != NULL && keys[n] != NULL; n++) ++ { ++ gchar *key; ++ const gchar *value; ++ key = g_strdup_printf ("_detail_%s", keys[n]); ++ value = polkit_details_lookup (details, keys[n]); ++ set_property_str (cx, key, value); ++ g_free (key); ++ } ++ g_strfreev (keys); ++ ++ return TRUE; ++} ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++static GList * ++polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *_authority, ++ PolkitSubject *caller, ++ PolkitSubject *subject, ++ PolkitIdentity *user_for_subject, ++ gboolean subject_is_local, ++ gboolean subject_is_active, ++ const gchar *action_id, ++ PolkitDetails *details) ++{ ++ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority); ++ GList *ret = NULL; ++ guint n; ++ GError *error = NULL; ++ const char *ret_str = NULL; ++ gchar **ret_strs = NULL; ++ duk_context *cx = authority->priv->cx; ++ ++ duk_set_top (cx, 0); ++ duk_get_global_string (cx, "polkit"); ++ duk_push_string (cx, "_runAdminRules"); ++ ++ if (!push_action_and_details (cx, action_id, details, &error)) ++ { ++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ "Error converting action and details to JS object: %s", ++ error->message); ++ g_clear_error (&error); ++ goto out; ++ } ++ ++ if (!push_subject (cx, subject, user_for_subject, subject_is_local, subject_is_active, &error)) ++ { ++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ "Error converting subject to JS object: %s", ++ error->message); ++ g_clear_error (&error); ++ goto out; ++ } ++ ++ if (duk_pcall_prop (cx, 0, 2) != DUK_ERR_NONE) ++ { ++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ "Error evaluating admin rules: ", ++ duk_safe_to_string (cx, -1)); ++ goto out; ++ } ++ ++ ret_str = duk_require_string (cx, -1); ++ ++ ret_strs = g_strsplit (ret_str, ",", -1); ++ for (n = 0; ret_strs != NULL && ret_strs[n] != NULL; n++) ++ { ++ const gchar *identity_str = ret_strs[n]; ++ PolkitIdentity *identity; ++ ++ error = NULL; ++ identity = polkit_identity_from_string (identity_str, &error); ++ if (identity == NULL) ++ { ++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ "Identity `%s' is not valid, ignoring: %s", ++ identity_str, error->message); ++ g_clear_error (&error); ++ } ++ else ++ { ++ ret = g_list_prepend (ret, identity); ++ } ++ } ++ ret = g_list_reverse (ret); ++ ++ out: ++ g_strfreev (ret_strs); ++ /* fallback to root password auth */ ++ if (ret == NULL) ++ ret = g_list_prepend (ret, polkit_unix_user_new (0)); ++ ++ return ret; ++} ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++static PolkitImplicitAuthorization ++polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAuthority *_authority, ++ PolkitSubject *caller, ++ PolkitSubject *subject, ++ PolkitIdentity *user_for_subject, ++ gboolean subject_is_local, ++ gboolean subject_is_active, ++ const gchar *action_id, ++ PolkitDetails *details, ++ PolkitImplicitAuthorization implicit) ++{ ++ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority); ++ PolkitImplicitAuthorization ret = implicit; ++ GError *error = NULL; ++ gchar *ret_str = NULL; ++ gboolean good = FALSE; ++ duk_context *cx = authority->priv->cx; ++ ++ duk_set_top (cx, 0); ++ duk_get_global_string (cx, "polkit"); ++ duk_push_string (cx, "_runRules"); ++ ++ if (!push_action_and_details (cx, action_id, details, &error)) ++ { ++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ "Error converting action and details to JS object: %s", ++ error->message); ++ g_clear_error (&error); ++ goto out; ++ } ++ ++ if (!push_subject (cx, subject, user_for_subject, subject_is_local, subject_is_active, &error)) ++ { ++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ "Error converting subject to JS object: %s", ++ error->message); ++ g_clear_error (&error); ++ goto out; ++ } ++ ++ if (duk_pcall_prop (cx, 0, 2) != DUK_ERR_NONE) ++ { ++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ "Error evaluating authorization rules: ", ++ duk_safe_to_string (cx, -1)); ++ goto out; ++ } ++ ++ if (duk_is_null(cx, -1)) { ++ good = TRUE; ++ goto out; ++ } ++ ret_str = g_strdup (duk_require_string (cx, -1)); ++ if (!polkit_implicit_authorization_from_string (ret_str, &ret)) ++ { ++ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ "Returned result `%s' is not valid", ++ ret_str); ++ goto out; ++ } ++ ++ good = TRUE; ++ ++ out: ++ if (!good) ++ ret = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED; ++ g_free (ret_str); ++ ++ return ret; ++} ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++static duk_ret_t ++js_polkit_log (duk_context *cx) ++{ ++ const char *str = duk_require_string (cx, 0); ++ fprintf (stderr, "%s\n", str); ++ return 0; ++} ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++static const gchar * ++get_signal_name (gint signal_number) ++{ ++ switch (signal_number) ++ { ++#define _HANDLE_SIG(sig) case sig: return #sig; ++ _HANDLE_SIG (SIGHUP); ++ _HANDLE_SIG (SIGINT); ++ _HANDLE_SIG (SIGQUIT); ++ _HANDLE_SIG (SIGILL); ++ _HANDLE_SIG (SIGABRT); ++ _HANDLE_SIG (SIGFPE); ++ _HANDLE_SIG (SIGKILL); ++ _HANDLE_SIG (SIGSEGV); ++ _HANDLE_SIG (SIGPIPE); ++ _HANDLE_SIG (SIGALRM); ++ _HANDLE_SIG (SIGTERM); ++ _HANDLE_SIG (SIGUSR1); ++ _HANDLE_SIG (SIGUSR2); ++ _HANDLE_SIG (SIGCHLD); ++ _HANDLE_SIG (SIGCONT); ++ _HANDLE_SIG (SIGSTOP); ++ _HANDLE_SIG (SIGTSTP); ++ _HANDLE_SIG (SIGTTIN); ++ _HANDLE_SIG (SIGTTOU); ++ _HANDLE_SIG (SIGBUS); ++#ifdef SIGPOLL ++ _HANDLE_SIG (SIGPOLL); ++#endif ++ _HANDLE_SIG (SIGPROF); ++ _HANDLE_SIG (SIGSYS); ++ _HANDLE_SIG (SIGTRAP); ++ _HANDLE_SIG (SIGURG); ++ _HANDLE_SIG (SIGVTALRM); ++ _HANDLE_SIG (SIGXCPU); ++ _HANDLE_SIG (SIGXFSZ); ++#undef _HANDLE_SIG ++ default: ++ break; ++ } ++ return "UNKNOWN_SIGNAL"; ++} ++ ++typedef struct ++{ ++ GMainLoop *loop; ++ GAsyncResult *res; ++} SpawnData; ++ ++static void ++spawn_cb (GObject *source_object, ++ GAsyncResult *res, ++ gpointer user_data) ++{ ++ SpawnData *data = user_data; ++ data->res = g_object_ref (res); ++ g_main_loop_quit (data->loop); ++} ++ ++static duk_ret_t ++js_polkit_spawn (duk_context *cx) ++{ ++#if (DUK_VERSION >= 20000) ++ duk_ret_t ret = DUK_RET_ERROR; ++#else ++ duk_ret_t ret = DUK_RET_INTERNAL_ERROR; ++#endif ++ gchar *standard_output = NULL; ++ gchar *standard_error = NULL; ++ gint exit_status; ++ GError *error = NULL; ++ guint32 array_len; ++ gchar **argv = NULL; ++ GMainContext *context = NULL; ++ GMainLoop *loop = NULL; ++ SpawnData data = {0}; ++ char *err_str = NULL; ++ guint n; ++ ++ if (!duk_is_array (cx, 0)) ++ goto out; ++ ++ array_len = duk_get_length (cx, 0); ++ ++ argv = g_new0 (gchar*, array_len + 1); ++ for (n = 0; n < array_len; n++) ++ { ++ duk_get_prop_index (cx, 0, n); ++ argv[n] = g_strdup (duk_to_string (cx, -1)); ++ duk_pop (cx); ++ } ++ ++ context = g_main_context_new (); ++ loop = g_main_loop_new (context, FALSE); ++ ++ g_main_context_push_thread_default (context); ++ ++ data.loop = loop; ++ utils_spawn ((const gchar *const *) argv, ++ 10, /* timeout_seconds */ ++ NULL, /* cancellable */ ++ spawn_cb, ++ &data); ++ ++ g_main_loop_run (loop); ++ ++ g_main_context_pop_thread_default (context); ++ ++ if (!utils_spawn_finish (data.res, ++ &exit_status, ++ &standard_output, ++ &standard_error, ++ &error)) ++ { ++ err_str = g_strdup_printf ("Error spawning helper: %s (%s, %d)", ++ error->message, g_quark_to_string (error->domain), error->code); ++ g_clear_error (&error); ++ goto out; ++ } ++ ++ if (!(WIFEXITED (exit_status) && WEXITSTATUS (exit_status) == 0)) ++ { ++ GString *gstr; ++ gstr = g_string_new (NULL); ++ if (WIFEXITED (exit_status)) ++ { ++ g_string_append_printf (gstr, ++ "Helper exited with non-zero exit status %d", ++ WEXITSTATUS (exit_status)); ++ } ++ else if (WIFSIGNALED (exit_status)) ++ { ++ g_string_append_printf (gstr, ++ "Helper was signaled with signal %s (%d)", ++ get_signal_name (WTERMSIG (exit_status)), ++ WTERMSIG (exit_status)); ++ } ++ g_string_append_printf (gstr, ", stdout=`%s', stderr=`%s'", ++ standard_output, standard_error); ++ err_str = g_string_free (gstr, FALSE); ++ goto out; ++ } ++ ++ duk_push_string (cx, standard_output); ++ ret = 1; ++ ++ out: ++ g_strfreev (argv); ++ g_free (standard_output); ++ g_free (standard_error); ++ g_clear_object (&data.res); ++ if (loop != NULL) ++ g_main_loop_unref (loop); ++ if (context != NULL) ++ g_main_context_unref (context); ++ ++ if (err_str) ++ duk_error (cx, DUK_ERR_ERROR, err_str); ++ ++ return ret; ++} ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++ ++static duk_ret_t ++js_polkit_user_is_in_netgroup (duk_context *cx) ++{ ++ const char *user; ++ const char *netgroup; ++ gboolean is_in_netgroup = FALSE; ++ ++ user = duk_require_string (cx, 0); ++ netgroup = duk_require_string (cx, 1); ++ ++ if (innetgr (netgroup, ++ NULL, /* host */ ++ user, ++ NULL)) /* domain */ ++ { ++ is_in_netgroup = TRUE; ++ } ++ ++ duk_push_boolean (cx, is_in_netgroup); ++ return 1; ++} ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++typedef struct ++{ ++ GSimpleAsyncResult *simple; /* borrowed reference */ ++ GMainContext *main_context; /* may be NULL */ ++ ++ GCancellable *cancellable; /* may be NULL */ ++ gulong cancellable_handler_id; ++ ++ GPid child_pid; ++ gint child_stdout_fd; ++ gint child_stderr_fd; ++ ++ GIOChannel *child_stdout_channel; ++ GIOChannel *child_stderr_channel; ++ ++ GSource *child_watch_source; ++ GSource *child_stdout_source; ++ GSource *child_stderr_source; ++ ++ guint timeout_seconds; ++ gboolean timed_out; ++ GSource *timeout_source; ++ ++ GString *child_stdout; ++ GString *child_stderr; ++ ++ gint exit_status; ++} UtilsSpawnData; ++ ++static void ++utils_child_watch_from_release_cb (GPid pid, ++ gint status, ++ gpointer user_data) ++{ ++} ++ ++static void ++utils_spawn_data_free (UtilsSpawnData *data) ++{ ++ if (data->timeout_source != NULL) ++ { ++ g_source_destroy (data->timeout_source); ++ data->timeout_source = NULL; ++ } ++ ++ /* Nuke the child, if necessary */ ++ if (data->child_watch_source != NULL) ++ { ++ g_source_destroy (data->child_watch_source); ++ data->child_watch_source = NULL; ++ } ++ ++ if (data->child_pid != 0) ++ { ++ GSource *source; ++ kill (data->child_pid, SIGTERM); ++ /* OK, we need to reap for the child ourselves - we don't want ++ * to use waitpid() because that might block the calling ++ * thread (the child might handle SIGTERM and use several ++ * seconds for cleanup/rollback). ++ * ++ * So we use GChildWatch instead. ++ * ++ * Avoid taking a references to ourselves. but note that we need ++ * to pass the GSource so we can nuke it once handled. ++ */ ++ source = g_child_watch_source_new (data->child_pid); ++ g_source_set_callback (source, ++ (GSourceFunc) utils_child_watch_from_release_cb, ++ source, ++ (GDestroyNotify) g_source_destroy); ++ g_source_attach (source, data->main_context); ++ g_source_unref (source); ++ data->child_pid = 0; ++ } ++ ++ if (data->child_stdout != NULL) ++ { ++ g_string_free (data->child_stdout, TRUE); ++ data->child_stdout = NULL; ++ } ++ ++ if (data->child_stderr != NULL) ++ { ++ g_string_free (data->child_stderr, TRUE); ++ data->child_stderr = NULL; ++ } ++ ++ if (data->child_stdout_channel != NULL) ++ { ++ g_io_channel_unref (data->child_stdout_channel); ++ data->child_stdout_channel = NULL; ++ } ++ if (data->child_stderr_channel != NULL) ++ { ++ g_io_channel_unref (data->child_stderr_channel); ++ data->child_stderr_channel = NULL; ++ } ++ ++ if (data->child_stdout_source != NULL) ++ { ++ g_source_destroy (data->child_stdout_source); ++ data->child_stdout_source = NULL; ++ } ++ if (data->child_stderr_source != NULL) ++ { ++ g_source_destroy (data->child_stderr_source); ++ data->child_stderr_source = NULL; ++ } ++ ++ if (data->child_stdout_fd != -1) ++ { ++ g_warn_if_fail (close (data->child_stdout_fd) == 0); ++ data->child_stdout_fd = -1; ++ } ++ if (data->child_stderr_fd != -1) ++ { ++ g_warn_if_fail (close (data->child_stderr_fd) == 0); ++ data->child_stderr_fd = -1; ++ } ++ ++ if (data->cancellable_handler_id > 0) ++ { ++ g_cancellable_disconnect (data->cancellable, data->cancellable_handler_id); ++ data->cancellable_handler_id = 0; ++ } ++ ++ if (data->main_context != NULL) ++ g_main_context_unref (data->main_context); ++ ++ if (data->cancellable != NULL) ++ g_object_unref (data->cancellable); ++ ++ g_slice_free (UtilsSpawnData, data); ++} ++ ++/* called in the thread where @cancellable was cancelled */ ++static void ++utils_on_cancelled (GCancellable *cancellable, ++ gpointer user_data) ++{ ++ UtilsSpawnData *data = user_data; ++ GError *error; ++ ++ error = NULL; ++ g_warn_if_fail (g_cancellable_set_error_if_cancelled (cancellable, &error)); ++ g_simple_async_result_take_error (data->simple, error); ++ g_simple_async_result_complete_in_idle (data->simple); ++ g_object_unref (data->simple); ++} ++ ++static gboolean ++utils_read_child_stderr (GIOChannel *channel, ++ GIOCondition condition, ++ gpointer user_data) ++{ ++ UtilsSpawnData *data = user_data; ++ gchar buf[1024]; ++ gsize bytes_read; ++ ++ g_io_channel_read_chars (channel, buf, sizeof buf, &bytes_read, NULL); ++ g_string_append_len (data->child_stderr, buf, bytes_read); ++ return TRUE; ++} ++ ++static gboolean ++utils_read_child_stdout (GIOChannel *channel, ++ GIOCondition condition, ++ gpointer user_data) ++{ ++ UtilsSpawnData *data = user_data; ++ gchar buf[1024]; ++ gsize bytes_read; ++ ++ g_io_channel_read_chars (channel, buf, sizeof buf, &bytes_read, NULL); ++ g_string_append_len (data->child_stdout, buf, bytes_read); ++ return TRUE; ++} ++ ++static void ++utils_child_watch_cb (GPid pid, ++ gint status, ++ gpointer user_data) ++{ ++ UtilsSpawnData *data = user_data; ++ gchar *buf; ++ gsize buf_size; ++ ++ if (g_io_channel_read_to_end (data->child_stdout_channel, &buf, &buf_size, NULL) == G_IO_STATUS_NORMAL) ++ { ++ g_string_append_len (data->child_stdout, buf, buf_size); ++ g_free (buf); ++ } ++ if (g_io_channel_read_to_end (data->child_stderr_channel, &buf, &buf_size, NULL) == G_IO_STATUS_NORMAL) ++ { ++ g_string_append_len (data->child_stderr, buf, buf_size); ++ g_free (buf); ++ } ++ ++ data->exit_status = status; ++ ++ /* ok, child watch is history, make sure we don't free it in spawn_data_free() */ ++ data->child_pid = 0; ++ data->child_watch_source = NULL; ++ ++ /* we're done */ ++ g_simple_async_result_complete_in_idle (data->simple); ++ g_object_unref (data->simple); ++} ++ ++static gboolean ++utils_timeout_cb (gpointer user_data) ++{ ++ UtilsSpawnData *data = user_data; ++ ++ data->timed_out = TRUE; ++ ++ /* ok, timeout is history, make sure we don't free it in spawn_data_free() */ ++ data->timeout_source = NULL; ++ ++ /* we're done */ ++ g_simple_async_result_complete_in_idle (data->simple); ++ g_object_unref (data->simple); ++ ++ return FALSE; /* remove source */ ++} ++ ++static void ++utils_spawn (const gchar *const *argv, ++ guint timeout_seconds, ++ GCancellable *cancellable, ++ GAsyncReadyCallback callback, ++ gpointer user_data) ++{ ++ UtilsSpawnData *data; ++ GError *error; ++ ++ data = g_slice_new0 (UtilsSpawnData); ++ data->timeout_seconds = timeout_seconds; ++ data->simple = g_simple_async_result_new (NULL, ++ callback, ++ user_data, ++ utils_spawn); ++ data->main_context = g_main_context_get_thread_default (); ++ if (data->main_context != NULL) ++ g_main_context_ref (data->main_context); ++ ++ data->cancellable = cancellable != NULL ? g_object_ref (cancellable) : NULL; ++ ++ data->child_stdout = g_string_new (NULL); ++ data->child_stderr = g_string_new (NULL); ++ data->child_stdout_fd = -1; ++ data->child_stderr_fd = -1; ++ ++ /* the life-cycle of UtilsSpawnData is tied to its GSimpleAsyncResult */ ++ g_simple_async_result_set_op_res_gpointer (data->simple, data, (GDestroyNotify) utils_spawn_data_free); ++ ++ error = NULL; ++ if (data->cancellable != NULL) ++ { ++ /* could already be cancelled */ ++ error = NULL; ++ if (g_cancellable_set_error_if_cancelled (data->cancellable, &error)) ++ { ++ g_simple_async_result_take_error (data->simple, error); ++ g_simple_async_result_complete_in_idle (data->simple); ++ g_object_unref (data->simple); ++ goto out; ++ } ++ ++ data->cancellable_handler_id = g_cancellable_connect (data->cancellable, ++ G_CALLBACK (utils_on_cancelled), ++ data, ++ NULL); ++ } ++ ++ error = NULL; ++ if (!g_spawn_async_with_pipes (NULL, /* working directory */ ++ (gchar **) argv, ++ NULL, /* envp */ ++ G_SPAWN_SEARCH_PATH | G_SPAWN_DO_NOT_REAP_CHILD, ++ NULL, /* child_setup */ ++ NULL, /* child_setup's user_data */ ++ &(data->child_pid), ++ NULL, /* gint *stdin_fd */ ++ &(data->child_stdout_fd), ++ &(data->child_stderr_fd), ++ &error)) ++ { ++ g_prefix_error (&error, "Error spawning: "); ++ g_simple_async_result_take_error (data->simple, error); ++ g_simple_async_result_complete_in_idle (data->simple); ++ g_object_unref (data->simple); ++ goto out; ++ } ++ ++ if (timeout_seconds > 0) ++ { ++ data->timeout_source = g_timeout_source_new_seconds (timeout_seconds); ++ g_source_set_priority (data->timeout_source, G_PRIORITY_DEFAULT); ++ g_source_set_callback (data->timeout_source, utils_timeout_cb, data, NULL); ++ g_source_attach (data->timeout_source, data->main_context); ++ g_source_unref (data->timeout_source); ++ } ++ ++ data->child_watch_source = g_child_watch_source_new (data->child_pid); ++ g_source_set_callback (data->child_watch_source, (GSourceFunc) utils_child_watch_cb, data, NULL); ++ g_source_attach (data->child_watch_source, data->main_context); ++ g_source_unref (data->child_watch_source); ++ ++ data->child_stdout_channel = g_io_channel_unix_new (data->child_stdout_fd); ++ g_io_channel_set_flags (data->child_stdout_channel, G_IO_FLAG_NONBLOCK, NULL); ++ data->child_stdout_source = g_io_create_watch (data->child_stdout_channel, G_IO_IN); ++ g_source_set_callback (data->child_stdout_source, (GSourceFunc) utils_read_child_stdout, data, NULL); ++ g_source_attach (data->child_stdout_source, data->main_context); ++ g_source_unref (data->child_stdout_source); ++ ++ data->child_stderr_channel = g_io_channel_unix_new (data->child_stderr_fd); ++ g_io_channel_set_flags (data->child_stderr_channel, G_IO_FLAG_NONBLOCK, NULL); ++ data->child_stderr_source = g_io_create_watch (data->child_stderr_channel, G_IO_IN); ++ g_source_set_callback (data->child_stderr_source, (GSourceFunc) utils_read_child_stderr, data, NULL); ++ g_source_attach (data->child_stderr_source, data->main_context); ++ g_source_unref (data->child_stderr_source); ++ ++ out: ++ ; ++} ++ ++gboolean ++utils_spawn_finish (GAsyncResult *res, ++ gint *out_exit_status, ++ gchar **out_standard_output, ++ gchar **out_standard_error, ++ GError **error) ++{ ++ GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (res); ++ UtilsSpawnData *data; ++ gboolean ret = FALSE; ++ ++ g_return_val_if_fail (G_IS_ASYNC_RESULT (res), FALSE); ++ g_return_val_if_fail (error == NULL || *error == NULL, FALSE); ++ ++ g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == utils_spawn); ++ ++ if (g_simple_async_result_propagate_error (simple, error)) ++ goto out; ++ ++ data = g_simple_async_result_get_op_res_gpointer (simple); ++ ++ if (data->timed_out) ++ { ++ g_set_error (error, ++ G_IO_ERROR, ++ G_IO_ERROR_TIMED_OUT, ++ "Timed out after %d seconds", ++ data->timeout_seconds); ++ goto out; ++ } ++ ++ if (out_exit_status != NULL) ++ *out_exit_status = data->exit_status; ++ ++ if (out_standard_output != NULL) ++ *out_standard_output = g_strdup (data->child_stdout->str); ++ ++ if (out_standard_error != NULL) ++ *out_standard_error = g_strdup (data->child_stderr->str); ++ ++ ret = TRUE; ++ ++ out: ++ return ret; ++} diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml new file mode 100644 index 0000000..a0dcfab --- /dev/null +++ b/sys-auth/polkit/metadata.xml @@ -0,0 +1,13 @@ + + + + + freedesktop-bugs@gentoo.org + + + Use sys-auth/consolekit for session tracking + Use dev-lang/duktape instead of dev-lang/spidermonkey + Use sys-auth/elogind for session tracking + Use sys-apps/systemd for session tracking + + diff --git a/sys-auth/polkit/polkit-0.118-r1.ebuild b/sys-auth/polkit/polkit-0.118-r1.ebuild new file mode 100644 index 0000000..4136d1e --- /dev/null +++ b/sys-auth/polkit/polkit-0.118-r1.ebuild @@ -0,0 +1,147 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools pam pax-utils systemd xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" +SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz" + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc64 ~s390 ~x86" +IUSE="duktape consolekit elogind examples gtk +introspection jit kde nls pam selinux systemd test" +RESTRICT="!test? ( test )" + +REQUIRED_USE="^^ ( consolekit elogind systemd )" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + dev-util/gtk-doc-am + dev-util/intltool + sys-devel/gettext + virtual/pkgconfig + introspection? ( dev-libs/gobject-introspection ) +" +DEPEND=" + !duktape? ( dev-lang/spidermonkey:78[-debug] ) + duktape? ( dev-lang/duktape ) + dev-libs/glib:2 + dev-libs/expat + elogind? ( sys-auth/elogind ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + systemd? ( sys-apps/systemd:0=[policykit] ) +" +RDEPEND="${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + consolekit? ( sys-auth/consolekit[policykit] ) + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING NEWS README ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd" + +PATCHES=( + # bug 660880 + "${FILESDIR}"/polkit-0.115-elogind.patch + + # musl https://gitlab.freedesktop.org/polkit/polkit/-/issues/14 + "${FILESDIR}"/polkit-0.116-make-netgroup-support-optional-2.patch +) + +src_prepare() { + if use duktape ; then + PATCHES+=( + "${FILESDIR}"/polkit-0.118-duktape.patch + "${FILESDIR}"/polkit-0.118-duktape-posix.patch + ) + fi + default + + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 + + # Workaround upstream hack around standard gtk-doc behavior, bug #552170 + sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \ + -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \ + -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \ + docs/polkit/Makefile.in || die + + # disable broken test - bug #624022 + sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die + + # Fix cross-building, bug #590764, elogind patch, bug #598615 + eautoreconf +} + +src_configure() { + xdg_environment_reset + + local myeconfargs=( + --localstatedir="${EPREFIX}"/var + --disable-static + --enable-man-pages + --disable-gtk-doc + --disable-examples + $(use_enable elogind libelogind) + $(use_enable introspection) + $(use_enable nls) + $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '') + --with-authfw=$(usex pam pam shadow) + $(use_enable systemd libsystemd-login) + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + $(use_enable test) + --with-os-type=gentoo + ) + if use duktape ; then + myeconfargs+=( + --with-duktape + ) + fi + econf "${myeconfargs[@]}" +} + +src_compile() { + default + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + default + + if use examples; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + diropts -m 0700 -o polkitd + keepdir /usr/share/polkit-1/rules.d + + find "${ED}" -name '*.la' -delete || die +} + +pkg_postinst() { + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d +}