community/polkit-elogind: move from testing

5 files changed, 361 insertions, 0 deletions

diff --git a/community/polkit-elogind/APKBUILD b/community/polkit-elogind/APKBUILD
new file mode 100644
index 0000000000..d4638931c9
--- /dev/null
+++ b/community/polkit-elogind/APKBUILD
@@ -0,0 +1,78 @@
+# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
+pkgname=polkit-elogind
+pkgver=0.116
+pkgrel=1
+pkgdesc="Application development toolkit for controlling system-wide privileges (elogind variant)"
+url="https://www.freedesktop.org/wiki/Software/polkit/"
+arch="all"
+license="GPL-2.0-or-later"
+options="suid !check"
+depends_dev="dbus-glib-dev"
+makedepends="$depends_dev expat-dev glib-dev gtk-doc gobject-introspection-dev
+	intltool autoconf automake libtool bash mozjs60-dev elogind-dev linux-pam-dev"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
+source="https://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz
+	make-innetgr-optional.patch
+	alpine-polkit.pam"
+install="polkit-elogind.pre-install"
+pkgusers="polkitd"
+pkggroups="polkitd"
+provides="polkit"
+
+builddir="$srcdir/polkit-$pkgver"
+
+prepare() {
+	default_prepare
+	autoreconf -fi
+}
+
+build() {
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--libexecdir=/usr/lib/polkit-1 \
+		--localstatedir=/var \
+		--disable-static \
+		--enable-introspection \
+		--with-authfw=pam \
+		--with-os-type=alpine \
+		--disable-gtk-doc \
+		--disable-gtk-doc-html \
+		--disable-gtk-doc-pdf \
+		--disable-libelogind \
+		--disable-systemd \
+		--enable-libsystemd-login
+
+	make
+}
+
+check() {
+	make check
+}
+
+package() {
+	# Set SHELL as a workaround for #10081
+	make SHELL=/bin/bash DESTDIR="$pkgdir" install
+
+	# Use our own polkit rules, upstream may change them
+	install -m644 "$srcdir"/alpine-polkit.pam "$pkgdir"/etc/pam.d/polkit-1
+
+	# See polkit's configure script which tells us what permissions to set
+	chown -R polkitd:polkitd "$pkgdir"/etc/polkit-1/rules.d "$pkgdir"/usr/share/polkit-1/rules.d
+	chmod -R 700 "$pkgdir"/etc/polkit-1/rules.d "$pkgdir"/usr/share/polkit-1/rules.d
+	chmod 4755 "$pkgdir"/usr/lib/polkit-1/polkit-agent-helper-1
+	chmod 4755 "$pkgdir"/usr/bin/pkexec
+}
+
+dev() {
+	provides="polkit-dev"
+	default_dev
+}
+
+sha512sums="b66b01cc2bb4349de70147f41f161f0f6f41e7230b581dfb054058b48969ec57041ab05b51787c749ccfc36aa5f317952d7e7ba337b4f6f6c0a923ed5866c2d5  polkit-0.116.tar.gz
+05a4fa21a42237a68d40f581d70a84937ba94f703e5342f37a59cca171ed5446acf7ae83fd5b05a3a92600ad38ad74d0c735a20f1b932750f91c0988ba900f60  make-innetgr-optional.patch
+f5102dc00d390b3a3c957b62e1712db778c7ffb7378f3d8e816c0757c11a308c5d5303e42595b0d6add9839247c773880cd34e56afacc89eb6efaadf9aae7826  alpine-polkit.pam"
diff --git a/community/polkit-elogind/alpine-pam.patch b/community/polkit-elogind/alpine-pam.patch
new file mode 100644
index 0000000000..662e7c4d99
--- /dev/null
+++ b/community/polkit-elogind/alpine-pam.patch
@@ -0,0 +1,18 @@
+Point /etc/pam.d/polkit-1 to the right PAM files.
+
+diff --git configure.ac configure.ac
+index 36df239..53b5573 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -470,6 +470,11 @@ elif test x$with_os_type = xfreebsd -o x$with_os_type = xnetbsd; then
+     PAM_FILE_INCLUDE_ACCOUNT=system
+     PAM_FILE_INCLUDE_PASSWORD=system
+     PAM_FILE_INCLUDE_SESSION=system
++elif test x$with_os_type = xalpine; then
++   PAM_FILE_INCLUDE_AUTH=base-auth
++   PAM_FILE_INCLUDE_ACCOUNT=base-account
++   PAM_FILE_INCLUDE_PASSWORD=base-password
++   PAM_FILE_INCLUDE_SESSION=base-session
+ else
+    PAM_FILE_INCLUDE_AUTH=system-auth
+    PAM_FILE_INCLUDE_ACCOUNT=system-auth
diff --git a/community/polkit-elogind/alpine-polkit.pam b/community/polkit-elogind/alpine-polkit.pam
new file mode 100644
index 0000000000..e718f7ee15
--- /dev/null
+++ b/community/polkit-elogind/alpine-polkit.pam
@@ -0,0 +1,7 @@
+auth            requisite       pam_nologin.so
+auth            required        pam_env.so
+auth            required        pam_unix.so
+account         required        pam_unix.so
+session         required        pam_unix.so
+session         required        pam_limits.so
+password        required        pam_unix.so
diff --git a/community/polkit-elogind/make-innetgr-optional.patch b/community/polkit-elogind/make-innetgr-optional.patch
new file mode 100644
index 0000000000..36eabbbd7b
--- /dev/null
+++ b/community/polkit-elogind/make-innetgr-optional.patch
@@ -0,0 +1,252 @@
+See https://gitlab.freedesktop.org/polkit/polkit/merge_requests/10
+
+From 778bb45e0e0cbabe2b04adf67a500af1dab09768 Mon Sep 17 00:00:00 2001
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Wed, 11 Jul 2018 04:54:26 -0500
+Subject: [PATCH] make netgroup support optional
+
+On at least Linux/musl and Linux/uclibc, netgroup support is not
+available.  PolKit fails to compile on these systems for that reason.
+
+This change makes netgroup support conditional on the presence of the
+setnetgrent(3) function which is required for the support to work.  If
+that function is not available on the system, an error will be returned
+to the administrator if unix-netgroup: is specified in configuration.
+
+Fixes bug 50145.
+
+Closes polkit/polkit#14.
+
+Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
+---
+ configure.ac                                     |  2 +-
+ src/polkit/polkitidentity.c                      | 16 ++++++++++++++++
+ src/polkit/polkitunixnetgroup.c                  |  3 +++
+ .../polkitbackendinteractiveauthority.c          | 14 ++++++++------
+ src/polkitbackend/polkitbackendjsauthority.cpp   |  2 ++
+ test/polkit/polkitidentitytest.c                 |  9 ++++++++-
+ test/polkit/polkitunixnetgrouptest.c             |  3 +++
+ .../test-polkitbackendjsauthority.c              |  2 ++
+ 8 files changed, 43 insertions(+), 8 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5cedb4e..87aa0ad 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+ 	     [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+ 
+-AC_CHECK_FUNCS(clearenv fdatasync)
++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
+ 
+ if test "x$GCC" = "xyes"; then
+   LDFLAGS="-Wl,--as-needed $LDFLAGS"
+diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
+index 3aa1f7f..10e9c17 100644
+--- a/src/polkit/polkitidentity.c
++++ b/src/polkit/polkitidentity.c
+@@ -182,7 +182,15 @@ polkit_identity_from_string  (const gchar   *str,
+     }
+   else if (g_str_has_prefix (str, "unix-netgroup:"))
+     {
++#ifndef HAVE_SETNETGRENT
++      g_set_error (error,
++                   POLKIT_ERROR,
++                   POLKIT_ERROR_FAILED,
++                   "Netgroups are not available on this machine ('%s')",
++                   str);
++#else
+       identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
++#endif
+     }
+ 
+   if (identity == NULL && (error != NULL && *error == NULL))
+@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
+       GVariant *v;
+       const char *name;
+ 
++#ifndef HAVE_SETNETGRENT
++      g_set_error (error,
++                   POLKIT_ERROR,
++                   POLKIT_ERROR_FAILED,
++                   "Netgroups are not available on this machine");
++      goto out;
++#else
+       v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
+       if (v == NULL)
+         {
+@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
+       name = g_variant_get_string (v, NULL);
+       ret = polkit_unix_netgroup_new (name);
+       g_variant_unref (v);
++#endif
+     }
+   else
+     {
+diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
+index 8a2b369..83f8d4a 100644
+--- a/src/polkit/polkitunixnetgroup.c
++++ b/src/polkit/polkitunixnetgroup.c
+@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
+ PolkitIdentity *
+ polkit_unix_netgroup_new (const gchar *name)
+ {
++#ifndef HAVE_SETNETGRENT
++  g_assert_not_reached();
++#endif
+   g_return_val_if_fail (name != NULL, NULL);
+   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
+                                        "name", name,
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 056d9a8..36c2f3d 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity                    *group,
+   GList *ret;
+ 
+   ret = NULL;
++#ifdef HAVE_SETNETGRENT
+   name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
+ 
+-#ifdef HAVE_SETNETGRENT_RETURN
++# ifdef HAVE_SETNETGRENT_RETURN
+   if (setnetgrent (name) == 0)
+     {
+       g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
+       goto out;
+     }
+-#else
++# else
+   setnetgrent (name);
+-#endif
++# endif /* HAVE_SETNETGRENT_RETURN */
+ 
+   for (;;)
+     {
+-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
+       const char *hostname, *username, *domainname;
+-#else
++# else
+       char *hostname, *username, *domainname;
+-#endif
++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
+       PolkitIdentity *user;
+       GError *error = NULL;
+ 
+@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity                    *group,
+ 
+  out:
+   endnetgrent ();
++#endif /* HAVE_SETNETGRENT */
+   return ret;
+ }
+ 
+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
+index 9b752d1..09b2878 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
+ 
+   JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
+ 
++#ifdef HAVE_SETNETGRENT
+   JS::RootedString usrstr (authority->priv->cx);
+   usrstr = args[0].toString();
+   user = JS_EncodeStringToUTF8 (cx, usrstr);
+@@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
+ 
+   JS_free (cx, netgroup);
+   JS_free (cx, user);
++#endif
+ 
+   ret = true;
+ 
+diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
+index e91967b..e829aaa 100644
+--- a/test/polkit/polkitidentitytest.c
++++ b/test/polkit/polkitidentitytest.c
+@@ -19,6 +19,7 @@
+  * Author: Nikki VonHollen <vonhollen@google.com>
+  */
+ 
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <polkit/polkitprivate.h>
+@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
+   {"unix-group:root", "unix-group:jane", FALSE},
+   {"unix-group:jane", "unix-group:jane", TRUE},
+ 
++#ifdef HAVE_SETNETGRENT
+   {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
+   {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
++#endif
+ 
+   {"unix-user:root", "unix-group:root", FALSE},
++#ifdef HAVE_SETNETGRENT
+   {"unix-user:jane", "unix-netgroup:foo", FALSE},
++#endif
+ 
+   {NULL},
+ };
+@@ -181,11 +186,13 @@ main (int argc, char *argv[])
+   g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
+   g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
+ 
++#ifdef HAVE_SETNETGRENT
+   g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
++  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
++#endif
+ 
+   g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
+   g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
+-  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
+ 
+   add_comparison_tests ();
+ 
+diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
+index 3701ba1..e3352eb 100644
+--- a/test/polkit/polkitunixnetgrouptest.c
++++ b/test/polkit/polkitunixnetgrouptest.c
+@@ -19,6 +19,7 @@
+  * Author: Nikki VonHollen <vonhollen@google.com>
+  */
+ 
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <string.h>
+@@ -69,7 +70,9 @@ int
+ main (int argc, char *argv[])
+ {
+   g_test_init (&argc, &argv, NULL);
++#ifdef HAVE_SETNETGRENT
+   g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
+   g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
++#endif
+   return g_test_run ();
+ }
+diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
+index 71aad23..fdd28f3 100644
+--- a/test/polkitbackend/test-polkitbackendjsauthority.c
++++ b/test/polkitbackend/test-polkitbackendjsauthority.c
+@@ -137,12 +137,14 @@ test_get_admin_identities (void)
+         "unix-group:users"
+       }
+     },
++#ifdef HAVE_SETNETGRENT
+     {
+       "net.company.action3",
+       {
+         "unix-netgroup:foo"
+       }
+     },
++#endif
+   };
+   guint n;
+ 
+-- 
+2.18.1
+
diff --git a/community/polkit-elogind/polkit-elogind.pre-install b/community/polkit-elogind/polkit-elogind.pre-install
new file mode 100644
index 0000000000..7c4e3eff88
--- /dev/null
+++ b/community/polkit-elogind/polkit-elogind.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S polkitd 2>/dev/null
+adduser -S -D -H -h /var/empty -s /sbin/nologin -G polkitd -g polkitd polkitd 2>/dev/null
+
+exit 0