diff options
author | Leo <thinkabit.ukim@gmail.com> | 2019-07-13 22:38:28 -0300 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2019-07-13 22:38:28 -0300 |
commit | c9f2a0c8deca5c9bba672a5924fbdd454bdf8cef (patch) | |
tree | 3983695d7de5d3221bd3e446539ddcc310b06611 /community/polkit-elogind | |
parent | ae0d4bce74ebf5c86132811e185fc5644870f330 (diff) | |
download | aports-c9f2a0c8deca5c9bba672a5924fbdd454bdf8cef.tar.bz2 aports-c9f2a0c8deca5c9bba672a5924fbdd454bdf8cef.tar.xz |
community/polkit-elogind: move from testing
Diffstat (limited to 'community/polkit-elogind')
-rw-r--r-- | community/polkit-elogind/APKBUILD | 78 | ||||
-rw-r--r-- | community/polkit-elogind/alpine-pam.patch | 18 | ||||
-rw-r--r-- | community/polkit-elogind/alpine-polkit.pam | 7 | ||||
-rw-r--r-- | community/polkit-elogind/make-innetgr-optional.patch | 252 | ||||
-rw-r--r-- | community/polkit-elogind/polkit-elogind.pre-install | 6 |
5 files changed, 361 insertions, 0 deletions
diff --git a/community/polkit-elogind/APKBUILD b/community/polkit-elogind/APKBUILD new file mode 100644 index 0000000000..d4638931c9 --- /dev/null +++ b/community/polkit-elogind/APKBUILD @@ -0,0 +1,78 @@ +# Maintainer: Rasmus Thomsen <oss@cogitri.dev> +pkgname=polkit-elogind +pkgver=0.116 +pkgrel=1 +pkgdesc="Application development toolkit for controlling system-wide privileges (elogind variant)" +url="https://www.freedesktop.org/wiki/Software/polkit/" +arch="all" +license="GPL-2.0-or-later" +options="suid !check" +depends_dev="dbus-glib-dev" +makedepends="$depends_dev expat-dev glib-dev gtk-doc gobject-introspection-dev + intltool autoconf automake libtool bash mozjs60-dev elogind-dev linux-pam-dev" +subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" +source="https://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz + make-innetgr-optional.patch + alpine-polkit.pam" +install="polkit-elogind.pre-install" +pkgusers="polkitd" +pkggroups="polkitd" +provides="polkit" + +builddir="$srcdir/polkit-$pkgver" + +prepare() { + default_prepare + autoreconf -fi +} + +build() { + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --libexecdir=/usr/lib/polkit-1 \ + --localstatedir=/var \ + --disable-static \ + --enable-introspection \ + --with-authfw=pam \ + --with-os-type=alpine \ + --disable-gtk-doc \ + --disable-gtk-doc-html \ + --disable-gtk-doc-pdf \ + --disable-libelogind \ + --disable-systemd \ + --enable-libsystemd-login + + make +} + +check() { + make check +} + +package() { + # Set SHELL as a workaround for #10081 + make SHELL=/bin/bash DESTDIR="$pkgdir" install + + # Use our own polkit rules, upstream may change them + install -m644 "$srcdir"/alpine-polkit.pam "$pkgdir"/etc/pam.d/polkit-1 + + # See polkit's configure script which tells us what permissions to set + chown -R polkitd:polkitd "$pkgdir"/etc/polkit-1/rules.d "$pkgdir"/usr/share/polkit-1/rules.d + chmod -R 700 "$pkgdir"/etc/polkit-1/rules.d "$pkgdir"/usr/share/polkit-1/rules.d + chmod 4755 "$pkgdir"/usr/lib/polkit-1/polkit-agent-helper-1 + chmod 4755 "$pkgdir"/usr/bin/pkexec +} + +dev() { + provides="polkit-dev" + default_dev +} + +sha512sums="b66b01cc2bb4349de70147f41f161f0f6f41e7230b581dfb054058b48969ec57041ab05b51787c749ccfc36aa5f317952d7e7ba337b4f6f6c0a923ed5866c2d5 polkit-0.116.tar.gz +05a4fa21a42237a68d40f581d70a84937ba94f703e5342f37a59cca171ed5446acf7ae83fd5b05a3a92600ad38ad74d0c735a20f1b932750f91c0988ba900f60 make-innetgr-optional.patch +f5102dc00d390b3a3c957b62e1712db778c7ffb7378f3d8e816c0757c11a308c5d5303e42595b0d6add9839247c773880cd34e56afacc89eb6efaadf9aae7826 alpine-polkit.pam" diff --git a/community/polkit-elogind/alpine-pam.patch b/community/polkit-elogind/alpine-pam.patch new file mode 100644 index 0000000000..662e7c4d99 --- /dev/null +++ b/community/polkit-elogind/alpine-pam.patch @@ -0,0 +1,18 @@ +Point /etc/pam.d/polkit-1 to the right PAM files. + +diff --git configure.ac configure.ac +index 36df239..53b5573 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -470,6 +470,11 @@ elif test x$with_os_type = xfreebsd -o x$with_os_type = xnetbsd; then + PAM_FILE_INCLUDE_ACCOUNT=system + PAM_FILE_INCLUDE_PASSWORD=system + PAM_FILE_INCLUDE_SESSION=system ++elif test x$with_os_type = xalpine; then ++ PAM_FILE_INCLUDE_AUTH=base-auth ++ PAM_FILE_INCLUDE_ACCOUNT=base-account ++ PAM_FILE_INCLUDE_PASSWORD=base-password ++ PAM_FILE_INCLUDE_SESSION=base-session + else + PAM_FILE_INCLUDE_AUTH=system-auth + PAM_FILE_INCLUDE_ACCOUNT=system-auth diff --git a/community/polkit-elogind/alpine-polkit.pam b/community/polkit-elogind/alpine-polkit.pam new file mode 100644 index 0000000000..e718f7ee15 --- /dev/null +++ b/community/polkit-elogind/alpine-polkit.pam @@ -0,0 +1,7 @@ +auth requisite pam_nologin.so +auth required pam_env.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +session required pam_limits.so +password required pam_unix.so diff --git a/community/polkit-elogind/make-innetgr-optional.patch b/community/polkit-elogind/make-innetgr-optional.patch new file mode 100644 index 0000000000..36eabbbd7b --- /dev/null +++ b/community/polkit-elogind/make-innetgr-optional.patch @@ -0,0 +1,252 @@ +See https://gitlab.freedesktop.org/polkit/polkit/merge_requests/10 + +From 778bb45e0e0cbabe2b04adf67a500af1dab09768 Mon Sep 17 00:00:00 2001 +From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> +Date: Wed, 11 Jul 2018 04:54:26 -0500 +Subject: [PATCH] make netgroup support optional + +On at least Linux/musl and Linux/uclibc, netgroup support is not +available. PolKit fails to compile on these systems for that reason. + +This change makes netgroup support conditional on the presence of the +setnetgrent(3) function which is required for the support to work. If +that function is not available on the system, an error will be returned +to the administrator if unix-netgroup: is specified in configuration. + +Fixes bug 50145. + +Closes polkit/polkit#14. + +Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com> +--- + configure.ac | 2 +- + src/polkit/polkitidentity.c | 16 ++++++++++++++++ + src/polkit/polkitunixnetgroup.c | 3 +++ + .../polkitbackendinteractiveauthority.c | 14 ++++++++------ + src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++ + test/polkit/polkitidentitytest.c | 9 ++++++++- + test/polkit/polkitunixnetgrouptest.c | 3 +++ + .../test-polkitbackendjsauthority.c | 2 ++ + 8 files changed, 43 insertions(+), 8 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 5cedb4e..87aa0ad 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], + [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) + AC_SUBST(EXPAT_LIBS) + +-AC_CHECK_FUNCS(clearenv fdatasync) ++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) + + if test "x$GCC" = "xyes"; then + LDFLAGS="-Wl,--as-needed $LDFLAGS" +diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c +index 3aa1f7f..10e9c17 100644 +--- a/src/polkit/polkitidentity.c ++++ b/src/polkit/polkitidentity.c +@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, + } + else if (g_str_has_prefix (str, "unix-netgroup:")) + { ++#ifndef HAVE_SETNETGRENT ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Netgroups are not available on this machine ('%s')", ++ str); ++#else + identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); ++#endif + } + + if (identity == NULL && (error != NULL && *error == NULL)) +@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant, + GVariant *v; + const char *name; + ++#ifndef HAVE_SETNETGRENT ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Netgroups are not available on this machine"); ++ goto out; ++#else + v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); + if (v == NULL) + { +@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, + name = g_variant_get_string (v, NULL); + ret = polkit_unix_netgroup_new (name); + g_variant_unref (v); ++#endif + } + else + { +diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c +index 8a2b369..83f8d4a 100644 +--- a/src/polkit/polkitunixnetgroup.c ++++ b/src/polkit/polkitunixnetgroup.c +@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, + PolkitIdentity * + polkit_unix_netgroup_new (const gchar *name) + { ++#ifndef HAVE_SETNETGRENT ++ g_assert_not_reached(); ++#endif + g_return_val_if_fail (name != NULL, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, + "name", name, +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 056d9a8..36c2f3d 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, + GList *ret; + + ret = NULL; ++#ifdef HAVE_SETNETGRENT + name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); + +-#ifdef HAVE_SETNETGRENT_RETURN ++# ifdef HAVE_SETNETGRENT_RETURN + if (setnetgrent (name) == 0) + { + g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); + goto out; + } +-#else ++# else + setnetgrent (name); +-#endif ++# endif /* HAVE_SETNETGRENT_RETURN */ + + for (;;) + { +-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) ++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) + const char *hostname, *username, *domainname; +-#else ++# else + char *hostname, *username, *domainname; +-#endif ++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ + PolkitIdentity *user; + GError *error = NULL; + +@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group, + + out: + endnetgrent (); ++#endif /* HAVE_SETNETGRENT */ + return ret; + } + +diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp +index 9b752d1..09b2878 100644 +--- a/src/polkitbackend/polkitbackendjsauthority.cpp ++++ b/src/polkitbackend/polkitbackendjsauthority.cpp +@@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, + + JS::CallArgs args = JS::CallArgsFromVp (argc, vp); + ++#ifdef HAVE_SETNETGRENT + JS::RootedString usrstr (authority->priv->cx); + usrstr = args[0].toString(); + user = JS_EncodeStringToUTF8 (cx, usrstr); +@@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, + + JS_free (cx, netgroup); + JS_free (cx, user); ++#endif + + ret = true; + +diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c +index e91967b..e829aaa 100644 +--- a/test/polkit/polkitidentitytest.c ++++ b/test/polkit/polkitidentitytest.c +@@ -19,6 +19,7 @@ + * Author: Nikki VonHollen <vonhollen@google.com> + */ + ++#include "config.h" + #include "glib.h" + #include <polkit/polkit.h> + #include <polkit/polkitprivate.h> +@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = { + {"unix-group:root", "unix-group:jane", FALSE}, + {"unix-group:jane", "unix-group:jane", TRUE}, + ++#ifdef HAVE_SETNETGRENT + {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, + {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, ++#endif + + {"unix-user:root", "unix-group:root", FALSE}, ++#ifdef HAVE_SETNETGRENT + {"unix-user:jane", "unix-netgroup:foo", FALSE}, ++#endif + + {NULL}, + }; +@@ -181,11 +186,13 @@ main (int argc, char *argv[]) + g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); + g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); + ++#ifdef HAVE_SETNETGRENT + g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); ++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); ++#endif + + g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); + g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); +- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); + + add_comparison_tests (); + +diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c +index 3701ba1..e3352eb 100644 +--- a/test/polkit/polkitunixnetgrouptest.c ++++ b/test/polkit/polkitunixnetgrouptest.c +@@ -19,6 +19,7 @@ + * Author: Nikki VonHollen <vonhollen@google.com> + */ + ++#include "config.h" + #include "glib.h" + #include <polkit/polkit.h> + #include <string.h> +@@ -69,7 +70,9 @@ int + main (int argc, char *argv[]) + { + g_test_init (&argc, &argv, NULL); ++#ifdef HAVE_SETNETGRENT + g_test_add_func ("/PolkitUnixNetgroup/new", test_new); + g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); ++#endif + return g_test_run (); + } +diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c +index 71aad23..fdd28f3 100644 +--- a/test/polkitbackend/test-polkitbackendjsauthority.c ++++ b/test/polkitbackend/test-polkitbackendjsauthority.c +@@ -137,12 +137,14 @@ test_get_admin_identities (void) + "unix-group:users" + } + }, ++#ifdef HAVE_SETNETGRENT + { + "net.company.action3", + { + "unix-netgroup:foo" + } + }, ++#endif + }; + guint n; + +-- +2.18.1 + diff --git a/community/polkit-elogind/polkit-elogind.pre-install b/community/polkit-elogind/polkit-elogind.pre-install new file mode 100644 index 0000000000..7c4e3eff88 --- /dev/null +++ b/community/polkit-elogind/polkit-elogind.pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup -S polkitd 2>/dev/null +adduser -S -D -H -h /var/empty -s /sbin/nologin -G polkitd -g polkitd polkitd 2>/dev/null + +exit 0 |