sys-auth/polkit: Add package with dutape JS backend and musl libc support

This commit is contained in:
Alexander Miroshnichenko 2021-01-16 11:59:46 +03:00
parent 94486089a5
commit 4494e59173
Signed by: alex
GPG Key ID: E93720C6C73A77F4
7 changed files with 1946 additions and 0 deletions

7
sys-auth/polkit/Manifest Normal file
View File

@ -0,0 +1,7 @@
AUX polkit-0.115-elogind.patch 1069 BLAKE2B 6c5a3d7d3e716a994b951181808f64d864e6ca58b3a018a5354022f08c6e7c1d8987366c9777f47cc970916ad9fe39f288a1b1643113fc99745f333e02dab56f SHA512 06432fa56788699762c6978484640554f91728a1cb40679eb47b8514b3c7aa23aac5b9c26586eb4d7043a0af1b319bbe7f869d24844d9151317299b74a8e8f7f
AUX polkit-0.116-make-netgroup-support-optional-2.patch 7163 BLAKE2B dc6b1be4ca425e0774864947d49c3407eed6ab050aceb5018f2c63129faa2cfa034317dd5f29e0f8f46834460ffdfd93faf21184bc3a4198b3b9c8a83bf924dc SHA512 8eb16f4a20b768f3124869fd6602b8b23b6eadb45cbf0767abd67b9a04afdcff00f211d6e0c63bfe0e925165d16d80e200a0a6008d0306274efa2d1eb7bf9ab9
AUX polkit-0.118-duktape-posix.patch 1181 BLAKE2B afb8347014965eb5105beaffc8d40e55269749a9f206076905d71d021bf946f062cc4a44061d232d9c5768ca48cd4973c50bb95dec3a9fac5bc36427cf6b3032 SHA512 4250c2af20242b58cd8f5fd1a2b40d197668e2fadb0324bc9bcd2fd5fc6c3f78093b51d7e04c05950a9d57d3755e07e0b4200e9ca568964bf6409319f022c4de
AUX polkit-0.118-duktape.patch 50120 BLAKE2B a88f101e96653377ea9ac7ae4500e8c613d91f5fa5255035a81ab29c6d27fc528735bf5ebe96782494e6f8576935d35f1d487b1ac86906bf51beee9b50655d69 SHA512 68a4c345b70b97ab5a83ea90d0558988f1568f165bc0313be35d4a95793e2a3b9e562a277d17fda8c9c8a00b7124287f9782b25cad4b76b32402832613464ca3
DIST polkit-0.118.tar.gz 1556765 BLAKE2B d048b37b1ff8ad59a2d8a333a3b459d1592b61f7a6d9a9569f8b2984de913d71abfc9748e242c7453f0bce4f322bd44672e35309f181afd22488794ca0e47119 SHA512 3d412f40c903cfaf68530f9c0cb616106f8edf43bec6805de129f8bb9cb4e64c98da6bf02caa3ef5619974f3e2df7a70564f08b92901662453477e9005752b4e
EBUILD polkit-0.118-r1.ebuild 3721 BLAKE2B cf117b32457a28e5a2bc510c88dbb7f8e65d1a7cfd7f3bbe9fb45aa75b95413e8c032c2ce0ee475f813134b1bec54588b0a10460f69b01a1279183af84274f6f SHA512 330127b2096b7450d8fd73f94d523950bc363aec09f1d4140b8c91d79cb6549bfc4b0282cf97018ffdfd85290f02c610597bd136e4fddad0d713b3b73d696cb1
MISC metadata.xml 604 BLAKE2B 2fbb9fc0513a5ab2b6777d5dc1dda3ac66bcde7846a03c1ac80f3e0bfe6b238d90a5f84d66a98ab8cd7738dc9a24f6f098dfe9c91679bbf5e317e7047ba3e553 SHA512 86d3edcf3f82ed5da490f42d195ce27b07f21ed29786fddb5a779ba0790aa8f98fc5eecab8ef7cf67b0d9011dcc050df45cfb8c29b193763424ae8ee60795fce

View File

@ -0,0 +1,28 @@
From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
From: Rasmus Thomsen <cogitri@exherbo.org>
Date: Wed, 11 Apr 2018 13:14:14 +0200
Subject: [PATCH] configure: fix elogind support
HAVE_LIBSYSTEMD is used to determine which source files to use.
We have to check if either have_libsystemd or have_libelogind is
true, as both of these need the source files which are used when
HAVE_LIBSYSTEMD is true.
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 36df239..da47ecb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
AC_SUBST(LIBSYSTEMD_CFLAGS)
AC_SUBST(LIBSYSTEMD_LIBS)
-AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
+AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd])
dnl ---------------------------------------------------------------------------
dnl - systemd unit / service files
--
2.17.0

View File

@ -0,0 +1,219 @@
diff --git a/configure.ac b/configure.ac
index 4809dc9..d1ea325 100644
--- a/configure.ac
+++ b/configure.ac
@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
[AC_MSG_ERROR([Can't find expat library. Please install expat.])])
AC_SUBST(EXPAT_LIBS)
-AC_CHECK_FUNCS(clearenv fdatasync)
+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
if test "x$GCC" = "xyes"; then
LDFLAGS="-Wl,--as-needed $LDFLAGS"
diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
index 3aa1f7f..793f17d 100644
--- a/src/polkit/polkitidentity.c
+++ b/src/polkit/polkitidentity.c
@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
}
else if (g_str_has_prefix (str, "unix-netgroup:"))
{
+#ifndef HAVE_SETNETGRENT
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Netgroups are not available on this machine ('%s')",
+ str);
+#else
identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
+#endif
}
if (identity == NULL && (error != NULL && *error == NULL))
@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
GVariant *v;
const char *name;
+#ifndef HAVE_SETNETGRENT
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Netgroups are not available on this machine");
+ goto out;
+#else
+
v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
if (v == NULL)
{
@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
name = g_variant_get_string (v, NULL);
ret = polkit_unix_netgroup_new (name);
g_variant_unref (v);
+#endif
}
else
{
diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
index 8a2b369..83f8d4a 100644
--- a/src/polkit/polkitunixnetgroup.c
+++ b/src/polkit/polkitunixnetgroup.c
@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
PolkitIdentity *
polkit_unix_netgroup_new (const gchar *name)
{
+#ifndef HAVE_SETNETGRENT
+ g_assert_not_reached();
+#endif
g_return_val_if_fail (name != NULL, NULL);
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
"name", name,
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 056d9a8..36c2f3d 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
GList *ret;
ret = NULL;
+#ifdef HAVE_SETNETGRENT
name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
-#ifdef HAVE_SETNETGRENT_RETURN
+# ifdef HAVE_SETNETGRENT_RETURN
if (setnetgrent (name) == 0)
{
g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
goto out;
}
-#else
+# else
setnetgrent (name);
-#endif
+# endif /* HAVE_SETNETGRENT_RETURN */
for (;;)
{
-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
const char *hostname, *username, *domainname;
-#else
+# else
char *hostname, *username, *domainname;
-#endif
+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
PolkitIdentity *user;
GError *error = NULL;
@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,
out:
endnetgrent ();
+#endif /* HAVE_SETNETGRENT */
return ret;
}
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
index 1d91103..366cbdf 100644
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
+#ifdef HAVE_SETNETGRENT
JS::RootedString usrstr (authority->priv->cx);
usrstr = args[0].toString();
user = JS_EncodeStringToUTF8 (cx, usrstr);
@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
{
is_in_netgroup = true;
}
+#endif
ret = true;
diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
index e91967b..e829aaa 100644
--- a/test/polkit/polkitidentitytest.c
+++ b/test/polkit/polkitidentitytest.c
@@ -19,6 +19,7 @@
* Author: Nikki VonHollen <vonhollen@google.com>
*/
+#include "config.h"
#include "glib.h"
#include <polkit/polkit.h>
#include <polkit/polkitprivate.h>
@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
{"unix-group:root", "unix-group:jane", FALSE},
{"unix-group:jane", "unix-group:jane", TRUE},
+#ifdef HAVE_SETNETGRENT
{"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
{"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
+#endif
{"unix-user:root", "unix-group:root", FALSE},
+#ifdef HAVE_SETNETGRENT
{"unix-user:jane", "unix-netgroup:foo", FALSE},
+#endif
{NULL},
};
@@ -181,11 +186,13 @@ main (int argc, char *argv[])
g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
+#ifdef HAVE_SETNETGRENT
g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
+#endif
g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
add_comparison_tests ();
diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
index 3701ba1..e3352eb 100644
--- a/test/polkit/polkitunixnetgrouptest.c
+++ b/test/polkit/polkitunixnetgrouptest.c
@@ -19,6 +19,7 @@
* Author: Nikki VonHollen <vonhollen@google.com>
*/
+#include "config.h"
#include "glib.h"
#include <polkit/polkit.h>
#include <string.h>
@@ -69,7 +70,9 @@ int
main (int argc, char *argv[])
{
g_test_init (&argc, &argv, NULL);
+#ifdef HAVE_SETNETGRENT
g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
+#endif
return g_test_run ();
}
diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
index 71aad23..fdd28f3 100644
--- a/test/polkitbackend/test-polkitbackendjsauthority.c
+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
@@ -137,12 +137,14 @@ test_get_admin_identities (void)
"unix-group:users"
}
},
+#ifdef HAVE_SETNETGRENT
{
"net.company.action3",
{
"unix-netgroup:foo"
}
},
+#endif
};
guint n;

View File

@ -0,0 +1,35 @@
From 48639a6e1b2bdb8e26fdad40e08717799a7202ad Mon Sep 17 00:00:00 2001
From: Alexander Miroshnichenko <a.miroshnichenko@rbk.money>
Date: Sat, 16 Jan 2021 11:54:32 +0300
Subject: [PATCH] POSIX support for duktape JS backend
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Signed-off-by: Alexander Miroshnichenko <a.miroshnichenko@rbk.money>
---
src/polkitbackend/polkitbackendduktapeauthority.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c
index ae984535ed88..b5b73bfea0d1 100644
--- a/src/polkitbackend/polkitbackendduktapeauthority.c
+++ b/src/polkitbackend/polkitbackendduktapeauthority.c
@@ -1013,6 +1013,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
user = duk_require_string (cx, 0);
netgroup = duk_require_string (cx, 1);
+#if defined HAVE_INNETGR
if (innetgr (netgroup,
NULL, /* host */
user,
@@ -1020,6 +1021,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
{
is_in_netgroup = TRUE;
}
+#endif
duk_push_boolean (cx, is_in_netgroup);
return 1;
--
2.26.2

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>freedesktop-bugs@gentoo.org</email>
</maintainer>
<use>
<flag name="consolekit">Use <pkg>sys-auth/consolekit</pkg> for session tracking</flag>
<flag name="duktape">Use <pkg>dev-lang/duktape</pkg> instead of <pkg>dev-lang/spidermonkey</pkg></flag>
<flag name="elogind">Use <pkg>sys-auth/elogind</pkg> for session tracking</flag>
<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag>
</use>
</pkgmetadata>

View File

@ -0,0 +1,147 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit autotools pam pax-utils systemd xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
LICENSE="LGPL-2"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc64 ~s390 ~x86"
IUSE="duktape consolekit elogind examples gtk +introspection jit kde nls pam selinux systemd test"
RESTRICT="!test? ( test )"
REQUIRED_USE="^^ ( consolekit elogind systemd )"
BDEPEND="
acct-user/polkitd
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
dev-libs/gobject-introspection-common
dev-libs/libxslt
dev-util/glib-utils
dev-util/gtk-doc-am
dev-util/intltool
sys-devel/gettext
virtual/pkgconfig
introspection? ( dev-libs/gobject-introspection )
"
DEPEND="
!duktape? ( dev-lang/spidermonkey:78[-debug] )
duktape? ( dev-lang/duktape )
dev-libs/glib:2
dev-libs/expat
elogind? ( sys-auth/elogind )
pam? (
sys-auth/pambase
sys-libs/pam
)
systemd? ( sys-apps/systemd:0=[policykit] )
"
RDEPEND="${DEPEND}
acct-user/polkitd
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
consolekit? ( sys-auth/consolekit[policykit] )
gtk? ( || (
>=gnome-extra/polkit-gnome-0.105
>=lxde-base/lxsession-0.5.2
) )
kde? ( kde-plasma/polkit-kde-agent )
"
DOCS=( docs/TODO HACKING NEWS README )
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
usr/lib/polkit-1/polkitd"
PATCHES=(
# bug 660880
"${FILESDIR}"/polkit-0.115-elogind.patch
# musl https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
"${FILESDIR}"/polkit-0.116-make-netgroup-support-optional-2.patch
)
src_prepare() {
if use duktape ; then
PATCHES+=(
"${FILESDIR}"/polkit-0.118-duktape.patch
"${FILESDIR}"/polkit-0.118-duktape-posix.patch
)
fi
default
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
# Workaround upstream hack around standard gtk-doc behavior, bug #552170
sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
-e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
-e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
docs/polkit/Makefile.in || die
# disable broken test - bug #624022
sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
# Fix cross-building, bug #590764, elogind patch, bug #598615
eautoreconf
}
src_configure() {
xdg_environment_reset
local myeconfargs=(
--localstatedir="${EPREFIX}"/var
--disable-static
--enable-man-pages
--disable-gtk-doc
--disable-examples
$(use_enable elogind libelogind)
$(use_enable introspection)
$(use_enable nls)
$(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
--with-authfw=$(usex pam pam shadow)
$(use_enable systemd libsystemd-login)
--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
$(use_enable test)
--with-os-type=gentoo
)
if use duktape ; then
myeconfargs+=(
--with-duktape
)
fi
econf "${myeconfargs[@]}"
}
src_compile() {
default
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
default
if use examples; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
fi
diropts -m 0700 -o polkitd
keepdir /usr/share/polkit-1/rules.d
find "${ED}" -name '*.la' -delete || die
}
pkg_postinst() {
chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
}