[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/ - gentoo-commits

From:	Sam James <sam@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/files/, sys-auth/polkit/
Date:	Wed, 11 May 2022 05:26:21
Message-Id:	`1652246771.99b60e69496c865e2b8103804b45ecf92c02fb94.sam@gentoo`

1

commit:     99b60e69496c865e2b8103804b45ecf92c02fb94

2

Author:     Sam James <sam <AT> gentoo <DOT> org>

3

AuthorDate: Wed May 11 05:21:33 2022 +0000

4

Commit:     Sam James <sam <AT> gentoo <DOT> org>

5

CommitDate: Wed May 11 05:26:11 2022 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99b60e69

7

8

sys-auth/polkit: add 0.120_p20220509 (unkeyworded)

9

10

Unkeyworded for now until tomorrow probably. (Nothing major changed

11

but it's late/early and I don't want to take a risk and then go to bed.)

12

13

(In terms of the snapshot, the only notable things are that upstream

14

dropped autotools, but we were using meson for a little while now anyway,

15

and a bunch of the patches we were including to a previous snapshot

16

are now rolled into this one.)

17

18

I'd not bothered looking much into the test situation given the bug

19

flagged in the ebuild (the dist tarballs don't contain the test

20

dependencies needed and they don't use meson subprojects so we

21

can't provide them ourselves either)

22

23

... but a bug (with a dodgy premise -- because you shouldn't be

24

setting USE=test manually anyway; RESTRICT="test" is currently in ebuild anyhow)

25

exposed the fact that if you _do_ try to run tests right now, they end up

26

failing because of our musl patch which still includes config.h even though

27

we're doing a meson build.

28

29

So, a double win:

30

1. Tests are now wired up and run for snapshots at least! Yay!

31

2. Our musl patch is now cleaner and ready for another attempt

32

at upstream submission.

33

34

Closes: https://bugs.gentoo.org/843647

35

Signed-off-by: Sam James <sam <AT> gentoo.org>

36

37

 sys-auth/polkit/Manifest                           |   1 +

38

 ..._p20220509-make-netgroup-support-optional.patch | 231 +++++++++++++++++++++

39

 sys-auth/polkit/polkit-0.120_p20220509.ebuild      | 146 +++++++++++++

40

 3 files changed, 378 insertions(+)

41

42

diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest

43

index 8d52dd5e300f..36f72ccb57f8 100644

44

--- a/sys-auth/polkit/Manifest

45

+++ b/sys-auth/polkit/Manifest

46

@@ -1,3 +1,4 @@

47

 DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70

48

 DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46

49

 DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B 412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c SHA512 15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f

50

+DIST polkit-0.120_p20220509.tar.bz2 702995 BLAKE2B 5eee6c5c895f95a1caa037cb7cc7ace86584013455142a8f7cd1e97c99de5d99575a70be525fb596342949f7c6ed56bd54cce6552132153bb1383377722f9e5c SHA512 24136d215d760d3eaff910495b2b1ac2d6bbc4577bd65566ff425485e76625aea2478ab323048c24ba6560ffee8eae6d22fa6b7bba0a3a5a35f53dc50d8dcb4f

51

52

diff --git a/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch

53

new file mode 100644

54

index 000000000000..2922b8606648

55

--- /dev/null

56

+++ b/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch

57

@@ -0,0 +1,231 @@

58

+Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch.

59

+

60

+https://bugs.gentoo.org/833753

61

+https://bugs.gentoo.org/561672

62

+https://bugs.freedesktop.org/show_bug.cgi?id=50145

63

+https://gitlab.freedesktop.org/polkit/polkit/-/issues/14

64

+

65

+Patch has been rebased a bit since but keeping original headers.

66

+

67

+From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001

68

+From: "A. Wilcox" <AWilcox@×××××××××××.com>

69

+Date: Wed, 11 Jul 2018 04:54:26 -0500

70

+Subject: [PATCH] make netgroup support optional

71

+

72

+On at least Linux/musl and Linux/uclibc, netgroup support is not

73

+available.  PolKit fails to compile on these systems for that reason.

74

+

75

+This change makes netgroup support conditional on the presence of the

76

+setnetgrent(3) function which is required for the support to work.  If

77

+that function is not available on the system, an error will be returned

78

+to the administrator if unix-netgroup: is specified in configuration.

79

+

80

+Fixes bug 50145.

81

+

82

+Signed-off-by: A. Wilcox <AWilcox@×××××××××××.com>

83

+--- a/meson.build

84

++++ b/meson.build

85

+@@ -89,6 +89,7 @@ config_h.set('_GNU_SOURCE', true)

86

+ check_functions = [

87

+   'clearenv',

88

+   'fdatasync',

89

++  'setnetgrent',

90

+ ]

91

+

92

+ foreach func: check_functions

93

+--- a/src/polkit/polkitidentity.c

94

++++ b/src/polkit/polkitidentity.c

95

+@@ -182,7 +182,15 @@ polkit_identity_from_string  (const gchar   *str,

96

+     }

97

+   else if (g_str_has_prefix (str, "unix-netgroup:"))

98

+     {

99

++#ifndef HAVE_SETNETGRENT

100

++      g_set_error (error,

101

++                   POLKIT_ERROR,

102

++                   POLKIT_ERROR_FAILED,

103

++                   "Netgroups are not available on this machine ('%s')",

104

++                   str);

105

++#else

106

+       identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);

107

++#endif

108

+     }

109

+

110

+   if (identity == NULL && (error != NULL && *error == NULL))

111

+@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant  *variant,

112

+       GVariant *v;

113

+       const char *name;

114

+

115

++#ifndef HAVE_SETNETGRENT

116

++      g_set_error (error,

117

++                   POLKIT_ERROR,

118

++                   POLKIT_ERROR_FAILED,

119

++                   "Netgroups are not available on this machine");

120

++      goto out;

121

++#else

122

++

123

+       v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);

124

+       if (v == NULL)

125

+         {

126

+@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant  *variant,

127

+       name = g_variant_get_string (v, NULL);

128

+       ret = polkit_unix_netgroup_new (name);

129

+       g_variant_unref (v);

130

++#endif

131

+     }

132

+   else

133

+     {

134

+--- a/src/polkit/polkitunixnetgroup.c

135

++++ b/src/polkit/polkitunixnetgroup.c

136

+@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,

137

+ PolkitIdentity *

138

+ polkit_unix_netgroup_new (const gchar *name)

139

+ {

140

++#ifndef HAVE_SETNETGRENT

141

++  g_assert_not_reached();

142

++#endif

143

+   g_return_val_if_fail (name != NULL, NULL);

144

+   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,

145

+                                        "name", name,

146

+--- a/src/polkitbackend/polkitbackendduktapeauthority.c

147

++++ b/src/polkitbackend/polkitbackendduktapeauthority.c

148

+@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)

149

+

150

+   user = duk_require_string (cx, 0);

151

+   netgroup = duk_require_string (cx, 1);

152

+-

153

++#ifdef HAVE_SETNETGRENT

154

+   if (innetgr (netgroup,

155

+                NULL,  /* host */

156

+                user,

157

+@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)

158

+     {

159

+       is_in_netgroup = TRUE;

160

+     }

161

+-

162

++#endif

163

+   duk_push_boolean (cx, is_in_netgroup);

164

+   return 1;

165

+ }

166

+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c

167

++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c

168

+@@ -2248,25 +2248,26 @@ get_users_in_net_group (PolkitIdentity                    *group,

169

+   GList *ret;

170

+

171

+   ret = NULL;

172

++#ifdef HAVE_SETNETGRENT

173

+   name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));

174

+

175

+-#ifdef HAVE_SETNETGRENT_RETURN

176

++# ifdef HAVE_SETNETGRENT_RETURN

177

+   if (setnetgrent (name) == 0)

178

+     {

179

+       g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));

180

+       goto out;

181

+     }

182

+-#else

183

++# else

184

+   setnetgrent (name);

185

+-#endif

186

++# endif /* HAVE_SETNETGRENT_RETURN */

187

+

188

+   for (;;)

189

+     {

190

+-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)

191

++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)

192

+       const char *hostname, *username, *domainname;

193

+-#else

194

++# else

195

+       char *hostname, *username, *domainname;

196

+-#endif

197

++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */

198

+       PolkitIdentity *user;

199

+       GError *error = NULL;

200

+

201

+@@ -2297,6 +2298,7 @@ get_users_in_net_group (PolkitIdentity                    *group,

202

+

203

+  out:

204

+   endnetgrent ();

205

++#endif /* HAVE_SETNETGRENT */

206

+   return ret;

207

+ }

208

+

209

+--- a/src/polkitbackend/polkitbackendjsauthority.cpp

210

++++ b/src/polkitbackend/polkitbackendjsauthority.cpp

211

+@@ -1271,6 +1271,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,

212

+

213

+   JS::CallArgs args = JS::CallArgsFromVp (argc, vp);

214

+

215

++#ifdef HAVE_SETNETGRENT

216

+   JS::RootedString usrstr (authority->priv->cx);

217

+   usrstr = args[0].toString();

218

+   user = JS_EncodeStringToUTF8 (cx, usrstr);

219

+@@ -1285,6 +1286,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,

220

+     {

221

+       is_in_netgroup =  true;

222

+     }

223

++#endif

224

+

225

+   ret = true;

226

+

227

+--- a/test/polkit/polkitidentitytest.c

228

++++ b/test/polkit/polkitidentitytest.c

229

+@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = {

230

+   {"unix-group:root", "unix-group:jane", FALSE},

231

+   {"unix-group:jane", "unix-group:jane", TRUE},

232

+

233

++#ifdef HAVE_SETNETGRENT

234

+   {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},

235

+   {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},

236

++#endif

237

+

238

+   {"unix-user:root", "unix-group:root", FALSE},

239

++#ifdef HAVE_SETNETGRENT

240

+   {"unix-user:jane", "unix-netgroup:foo", FALSE},

241

++#endif

242

+

243

+   {NULL},

244

+ };

245

+@@ -181,11 +185,13 @@ main (int argc, char *argv[])

246

+   g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);

247

+   g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);

248

+

249

++#ifdef HAVE_SETNETGRENT

250

+   g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);

251

++  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);

252

++#endif

253

+

254

+   g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);

255

+   g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);

256

+-  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);

257

+

258

+   add_comparison_tests ();

259

+

260

+--- a/test/polkit/polkitunixnetgrouptest.c

261

++++ b/test/polkit/polkitunixnetgrouptest.c

262

+@@ -69,7 +69,9 @@ int

263

+ main (int argc, char *argv[])

264

+ {

265

+   g_test_init (&argc, &argv, NULL);

266

++#ifdef HAVE_SETNETGRENT

267

+   g_test_add_func ("/PolkitUnixNetgroup/new", test_new);

268

+   g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);

269

++#endif

270

+   return g_test_run ();

271

+ }

272

+--- a/test/polkitbackend/test-polkitbackendjsauthority.c

273

++++ b/test/polkitbackend/test-polkitbackendjsauthority.c

274

+@@ -137,12 +137,14 @@ test_get_admin_identities (void)

275

+         "unix-group:users"

276

+       }

277

+     },

278

++#ifdef HAVE_SETNETGRENT

279

+     {

280

+       "net.company.action3",

281

+       {

282

+         "unix-netgroup:foo"

283

+       }

284

+     },

285

++#endif

286

+   };

287

+   guint n;

288

+

289

290

diff --git a/sys-auth/polkit/polkit-0.120_p20220509.ebuild b/sys-auth/polkit/polkit-0.120_p20220509.ebuild

291

new file mode 100644

292

index 000000000000..5f6838c29981

293

--- /dev/null

294

+++ b/sys-auth/polkit/polkit-0.120_p20220509.ebuild

295

@@ -0,0 +1,146 @@

296

+# Copyright 1999-2022 Gentoo Authors

297

+# Distributed under the terms of the GNU General Public License v2

298

+

299

+EAPI=8

300

+

301

+PYTHON_COMPAT=( python3_{8..10} )

302

+inherit meson pam pax-utils python-any-r1 systemd xdg-utils

303

+

304

+DESCRIPTION="Policy framework for controlling privileges for system-wide services"

305

+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"

306

+if [[ ${PV} == *_p* ]] ; then

307

+	# Upstream don't make releases very often. Test snapshots throughly

308

+	# and review commits, but don't shy away if there's useful stuff there

309

+	# we want.

310

+	MY_COMMIT="c5c6b784221b9dc054548c15e94719c4e961a7f2"

311

+	SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"

312

+

313

+	S="${WORKDIR}"/${PN}-${MY_COMMIT}

314

+else

315

+	SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"

316

+fi

317

+

318

+LICENSE="LGPL-2"

319

+SLOT="0"

320

+#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"

321

+IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"

322

+if [[ ${PV} == *_p* ]] ; then

323

+	RESTRICT="!test? ( test )"

324

+else

325

+	# Tests currently don't work with meson in the dist tarballs. See

326

+	#  https://gitlab.freedesktop.org/polkit/polkit/-/issues/144

327

+	RESTRICT="test"

328

+fi

329

+

330

+BDEPEND="

331

+	acct-user/polkitd

332

+	app-text/docbook-xml-dtd:4.1.2

333

+	app-text/docbook-xsl-stylesheets

334

+	dev-libs/glib

335

+	dev-libs/gobject-introspection-common

336

+	dev-libs/libxslt

337

+	dev-util/glib-utils

338

+	sys-devel/gettext

339

+	virtual/pkgconfig

340

+	introspection? ( dev-libs/gobject-introspection )

341

+	test? (

342

+		$(python_gen_any_dep '

343

+			dev-python/dbus-python[${PYTHON_USEDEP}]

344

+			dev-python/python-dbusmock[${PYTHON_USEDEP}]

345

+		')

346

+	)

347

+"

348

+DEPEND="

349

+	dev-libs/glib:2

350

+	dev-libs/expat

351

+	duktape? ( dev-lang/duktape:= )

352

+	!duktape? ( dev-lang/spidermonkey:91[-debug] )

353

+	pam? (

354

+		sys-auth/pambase

355

+		sys-libs/pam

356

+	)

357

+	!pam? ( virtual/libcrypt:= )

358

+	systemd? ( sys-apps/systemd:0=[policykit] )

359

+	!systemd? ( sys-auth/elogind )

360

+"

361

+RDEPEND="${DEPEND}

362

+	acct-user/polkitd

363

+	selinux? ( sec-policy/selinux-policykit )

364

+"

365

+PDEPEND="

366

+	gtk? ( || (

367

+		>=gnome-extra/polkit-gnome-0.105

368

+		>=lxde-base/lxsession-0.5.2

369

+	) )

370

+	kde? ( kde-plasma/polkit-kde-agent )

371

+"

372

+

373

+DOCS=( docs/TODO HACKING.md NEWS.md README.md )

374

+

375

+QA_MULTILIB_PATHS="usr/lib/polkit-1/polkit-agent-helper-1

376

+	usr/lib/polkit-1/polkitd"

377

+

378

+python_check_deps() {

379

+	python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&

380

+	python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"

381

+}

382

+

383

+pkg_setup() {

384

+	use test && python-any-r1_pkg_setup

385

+}

386

+

387

+src_prepare() {

388

+	local PATCHES=(

389

+		# musl

390

+		"${FILESDIR}"/${PN}-0.120_p20220509-make-netgroup-support-optional.patch

391

+	)

392

+

393

+	default

394

+

395

+	# bug #401513

396

+	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die

397

+}

398

+

399

+src_configure() {

400

+	xdg_environment_reset

401

+

402

+	local emesonargs=(

403

+		--localstatedir="${EPREFIX}"/var

404

+		-Dauthfw="$(usex pam pam shadow)"

405

+		-Dexamples=false

406

+		-Dgtk_doc=false

407

+		-Dman=true

408

+		-Dos_type=gentoo

409

+		-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"

410

+		-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"

411

+		-Djs_engine=$(usex duktape duktape mozjs)

412

+		$(meson_use introspection)

413

+		$(meson_use test tests)

414

+		$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')

415

+	)

416

+	meson_src_configure

417

+}

418

+

419

+src_compile() {

420

+	meson_src_compile

421

+

422

+	# Required for polkitd on hardened/PaX due to spidermonkey's JIT

423

+	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest

424

+}

425

+

426

+src_install() {

427

+	meson_src_install

428

+

429

+	if use examples ; then

430

+		docinto examples

431

+		dodoc src/examples/{*.c,*.policy*}

432

+	fi

433

+

434

+	diropts -m 0700 -o polkitd

435

+	keepdir /usr/share/polkit-1/rules.d

436

+}

437

+

438

+pkg_postinst() {

439

+	chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d

440

+	chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d

441

+}

1	commit: 99b60e69496c865e2b8103804b45ecf92c02fb94
2	Author: Sam James <sam <AT> gentoo <DOT> org>
3	AuthorDate: Wed May 11 05:21:33 2022 +0000
4	Commit: Sam James <sam <AT> gentoo <DOT> org>
5	CommitDate: Wed May 11 05:26:11 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99b60e69
7
8	sys-auth/polkit: add 0.120_p20220509 (unkeyworded)
9
10	Unkeyworded for now until tomorrow probably. (Nothing major changed
11	but it's late/early and I don't want to take a risk and then go to bed.)
12
13	(In terms of the snapshot, the only notable things are that upstream
14	dropped autotools, but we were using meson for a little while now anyway,
15	and a bunch of the patches we were including to a previous snapshot
16	are now rolled into this one.)
17
18	I'd not bothered looking much into the test situation given the bug
19	flagged in the ebuild (the dist tarballs don't contain the test
20	dependencies needed and they don't use meson subprojects so we
21	can't provide them ourselves either)
22
23	... but a bug (with a dodgy premise -- because you shouldn't be
24	setting USE=test manually anyway; RESTRICT="test" is currently in ebuild anyhow)
25	exposed the fact that if you _do_ try to run tests right now, they end up
26	failing because of our musl patch which still includes config.h even though
27	we're doing a meson build.
28
29	So, a double win:
30	1. Tests are now wired up and run for snapshots at least! Yay!
31	2. Our musl patch is now cleaner and ready for another attempt
32	at upstream submission.
33
34	Closes: https://bugs.gentoo.org/843647
35	Signed-off-by: Sam James <sam <AT> gentoo.org>
36
37	sys-auth/polkit/Manifest \| 1 +
38	..._p20220509-make-netgroup-support-optional.patch \| 231 +++++++++++++++++++++
39	sys-auth/polkit/polkit-0.120_p20220509.ebuild \| 146 +++++++++++++
40	3 files changed, 378 insertions(+)
41
42	diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
43	index 8d52dd5e300f..36f72ccb57f8 100644
44	--- a/sys-auth/polkit/Manifest
45	+++ b/sys-auth/polkit/Manifest
46	@@ -1,3 +1,4 @@
47	DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70
48	DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
49	DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B 412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c SHA512 15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f
50	+DIST polkit-0.120_p20220509.tar.bz2 702995 BLAKE2B 5eee6c5c895f95a1caa037cb7cc7ace86584013455142a8f7cd1e97c99de5d99575a70be525fb596342949f7c6ed56bd54cce6552132153bb1383377722f9e5c SHA512 24136d215d760d3eaff910495b2b1ac2d6bbc4577bd65566ff425485e76625aea2478ab323048c24ba6560ffee8eae6d22fa6b7bba0a3a5a35f53dc50d8dcb4f
51
52	diff --git a/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch
53	new file mode 100644
54	index 000000000000..2922b8606648
55	--- /dev/null
56	+++ b/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch
57	@@ -0,0 +1,231 @@
58	+Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch.
59	+
60	+https://bugs.gentoo.org/833753
61	+https://bugs.gentoo.org/561672
62	+https://bugs.freedesktop.org/show_bug.cgi?id=50145
63	+https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
64	+
65	+Patch has been rebased a bit since but keeping original headers.
66	+
67	+From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001
68	+From: "A. Wilcox" <AWilcox@×××××××××××.com>
69	+Date: Wed, 11 Jul 2018 04:54:26 -0500
70	+Subject: [PATCH] make netgroup support optional
71	+
72	+On at least Linux/musl and Linux/uclibc, netgroup support is not
73	+available. PolKit fails to compile on these systems for that reason.
74	+
75	+This change makes netgroup support conditional on the presence of the
76	+setnetgrent(3) function which is required for the support to work. If
77	+that function is not available on the system, an error will be returned
78	+to the administrator if unix-netgroup: is specified in configuration.
79	+
80	+Fixes bug 50145.
81	+
82	+Signed-off-by: A. Wilcox <AWilcox@×××××××××××.com>
83	+--- a/meson.build
84	++++ b/meson.build
85	+@@ -89,6 +89,7 @@ config_h.set('_GNU_SOURCE', true)
86	+ check_functions = [
87	+ 'clearenv',
88	+ 'fdatasync',
89	++ 'setnetgrent',
90	+ ]
91	+
92	+ foreach func: check_functions
93	+--- a/src/polkit/polkitidentity.c
94	++++ b/src/polkit/polkitidentity.c
95	+@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
96	+ }
97	+ else if (g_str_has_prefix (str, "unix-netgroup:"))
98	+ {
99	++#ifndef HAVE_SETNETGRENT
100	++ g_set_error (error,
101	++ POLKIT_ERROR,
102	++ POLKIT_ERROR_FAILED,
103	++ "Netgroups are not available on this machine ('%s')",
104	++ str);
105	++#else
106	+ identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
107	++#endif
108	+ }
109	+
110	+ if (identity == NULL && (error != NULL && *error == NULL))
111	+@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
112	+ GVariant *v;
113	+ const char *name;
114	+
115	++#ifndef HAVE_SETNETGRENT
116	++ g_set_error (error,
117	++ POLKIT_ERROR,
118	++ POLKIT_ERROR_FAILED,
119	++ "Netgroups are not available on this machine");
120	++ goto out;
121	++#else
122	++
123	+ v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
124	+ if (v == NULL)
125	+ {
126	+@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
127	+ name = g_variant_get_string (v, NULL);
128	+ ret = polkit_unix_netgroup_new (name);
129	+ g_variant_unref (v);
130	++#endif
131	+ }
132	+ else
133	+ {
134	+--- a/src/polkit/polkitunixnetgroup.c
135	++++ b/src/polkit/polkitunixnetgroup.c
136	+@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
137	+ PolkitIdentity *
138	+ polkit_unix_netgroup_new (const gchar *name)
139	+ {
140	++#ifndef HAVE_SETNETGRENT
141	++ g_assert_not_reached();
142	++#endif
143	+ g_return_val_if_fail (name != NULL, NULL);
144	+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
145	+ "name", name,
146	+--- a/src/polkitbackend/polkitbackendduktapeauthority.c
147	++++ b/src/polkitbackend/polkitbackendduktapeauthority.c
148	+@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
149	+
150	+ user = duk_require_string (cx, 0);
151	+ netgroup = duk_require_string (cx, 1);
152	+-
153	++#ifdef HAVE_SETNETGRENT
154	+ if (innetgr (netgroup,
155	+ NULL, /* host */
156	+ user,
157	+@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
158	+ {
159	+ is_in_netgroup = TRUE;
160	+ }
161	+-
162	++#endif
163	+ duk_push_boolean (cx, is_in_netgroup);
164	+ return 1;
165	+ }
166	+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
167	++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
168	+@@ -2248,25 +2248,26 @@ get_users_in_net_group (PolkitIdentity *group,
169	+ GList *ret;
170	+
171	+ ret = NULL;
172	++#ifdef HAVE_SETNETGRENT
173	+ name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
174	+
175	+-#ifdef HAVE_SETNETGRENT_RETURN
176	++# ifdef HAVE_SETNETGRENT_RETURN
177	+ if (setnetgrent (name) == 0)
178	+ {
179	+ g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
180	+ goto out;
181	+ }
182	+-#else
183	++# else
184	+ setnetgrent (name);
185	+-#endif
186	++# endif /* HAVE_SETNETGRENT_RETURN */
187	+
188	+ for (;;)
189	+ {
190	+-#if defined(HAVE_NETBSD) \|\| defined(HAVE_OPENBSD)
191	++# if defined(HAVE_NETBSD) \|\| defined(HAVE_OPENBSD)
192	+ const char hostname, username, *domainname;
193	+-#else
194	++# else
195	+ char hostname, username, *domainname;
196	+-#endif
197	++# endif /* defined(HAVE_NETBSD) \|\| defined(HAVE_OPENBSD) */
198	+ PolkitIdentity *user;
199	+ GError *error = NULL;
200	+
201	+@@ -2297,6 +2298,7 @@ get_users_in_net_group (PolkitIdentity *group,
202	+
203	+ out:
204	+ endnetgrent ();
205	++#endif /* HAVE_SETNETGRENT */
206	+ return ret;
207	+ }
208	+
209	+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
210	++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
211	+@@ -1271,6 +1271,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
212	+
213	+ JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
214	+
215	++#ifdef HAVE_SETNETGRENT
216	+ JS::RootedString usrstr (authority->priv->cx);
217	+ usrstr = args[0].toString();
218	+ user = JS_EncodeStringToUTF8 (cx, usrstr);
219	+@@ -1285,6 +1286,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
220	+ {
221	+ is_in_netgroup = true;
222	+ }
223	++#endif
224	+
225	+ ret = true;
226	+
227	+--- a/test/polkit/polkitidentitytest.c
228	++++ b/test/polkit/polkitidentitytest.c
229	+@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = {
230	+ {"unix-group:root", "unix-group:jane", FALSE},
231	+ {"unix-group:jane", "unix-group:jane", TRUE},
232	+
233	++#ifdef HAVE_SETNETGRENT
234	+ {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
235	+ {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
236	++#endif
237	+
238	+ {"unix-user:root", "unix-group:root", FALSE},
239	++#ifdef HAVE_SETNETGRENT
240	+ {"unix-user:jane", "unix-netgroup:foo", FALSE},
241	++#endif
242	+
243	+ {NULL},
244	+ };
245	+@@ -181,11 +185,13 @@ main (int argc, char *argv[])
246	+ g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
247	+ g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
248	+
249	++#ifdef HAVE_SETNETGRENT
250	+ g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
251	++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
252	++#endif
253	+
254	+ g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
255	+ g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
256	+- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
257	+
258	+ add_comparison_tests ();
259	+
260	+--- a/test/polkit/polkitunixnetgrouptest.c
261	++++ b/test/polkit/polkitunixnetgrouptest.c
262	+@@ -69,7 +69,9 @@ int
263	+ main (int argc, char *argv[])
264	+ {
265	+ g_test_init (&argc, &argv, NULL);
266	++#ifdef HAVE_SETNETGRENT
267	+ g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
268	+ g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
269	++#endif
270	+ return g_test_run ();
271	+ }
272	+--- a/test/polkitbackend/test-polkitbackendjsauthority.c
273	++++ b/test/polkitbackend/test-polkitbackendjsauthority.c
274	+@@ -137,12 +137,14 @@ test_get_admin_identities (void)
275	+ "unix-group:users"
276	+ }
277	+ },
278	++#ifdef HAVE_SETNETGRENT
279	+ {
280	+ "net.company.action3",
281	+ {
282	+ "unix-netgroup:foo"
283	+ }
284	+ },
285	++#endif
286	+ };
287	+ guint n;
288	+
289
290	diff --git a/sys-auth/polkit/polkit-0.120_p20220509.ebuild b/sys-auth/polkit/polkit-0.120_p20220509.ebuild
291	new file mode 100644
292	index 000000000000..5f6838c29981
293	--- /dev/null
294	+++ b/sys-auth/polkit/polkit-0.120_p20220509.ebuild
295	@@ -0,0 +1,146 @@
296	+# Copyright 1999-2022 Gentoo Authors
297	+# Distributed under the terms of the GNU General Public License v2
298	+
299	+EAPI=8
300	+
301	+PYTHON_COMPAT=( python3_{8..10} )
302	+inherit meson pam pax-utils python-any-r1 systemd xdg-utils
303	+
304	+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
305	+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
306	+if [[ ${PV} == _p ]] ; then
307	+ # Upstream don't make releases very often. Test snapshots throughly
308	+ # and review commits, but don't shy away if there's useful stuff there
309	+ # we want.
310	+ MY_COMMIT="c5c6b784221b9dc054548c15e94719c4e961a7f2"
311	+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
312	+
313	+ S="${WORKDIR}"/${PN}-${MY_COMMIT}
314	+else
315	+ SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
316	+fi
317	+
318	+LICENSE="LGPL-2"
319	+SLOT="0"
320	+#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
321	+IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"
322	+if [[ ${PV} == _p ]] ; then
323	+ RESTRICT="!test? ( test )"
324	+else
325	+ # Tests currently don't work with meson in the dist tarballs. See
326	+ # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
327	+ RESTRICT="test"
328	+fi
329	+
330	+BDEPEND="
331	+ acct-user/polkitd
332	+ app-text/docbook-xml-dtd:4.1.2
333	+ app-text/docbook-xsl-stylesheets
334	+ dev-libs/glib
335	+ dev-libs/gobject-introspection-common
336	+ dev-libs/libxslt
337	+ dev-util/glib-utils
338	+ sys-devel/gettext
339	+ virtual/pkgconfig
340	+ introspection? ( dev-libs/gobject-introspection )
341	+ test? (
342	+ $(python_gen_any_dep '
343	+ dev-python/dbus-python[${PYTHON_USEDEP}]
344	+ dev-python/python-dbusmock[${PYTHON_USEDEP}]
345	+ ')
346	+ )
347	+"
348	+DEPEND="
349	+ dev-libs/glib:2
350	+ dev-libs/expat
351	+ duktape? ( dev-lang/duktape:= )
352	+ !duktape? ( dev-lang/spidermonkey:91[-debug] )
353	+ pam? (
354	+ sys-auth/pambase
355	+ sys-libs/pam
356	+ )
357	+ !pam? ( virtual/libcrypt:= )
358	+ systemd? ( sys-apps/systemd:0=[policykit] )
359	+ !systemd? ( sys-auth/elogind )
360	+"
361	+RDEPEND="${DEPEND}
362	+ acct-user/polkitd
363	+ selinux? ( sec-policy/selinux-policykit )
364	+"
365	+PDEPEND="
366	+ gtk? ( \|\| (
367	+ >=gnome-extra/polkit-gnome-0.105
368	+ >=lxde-base/lxsession-0.5.2
369	+ ) )
370	+ kde? ( kde-plasma/polkit-kde-agent )
371	+"
372	+
373	+DOCS=( docs/TODO HACKING.md NEWS.md README.md )
374	+
375	+QA_MULTILIB_PATHS="usr/lib/polkit-1/polkit-agent-helper-1
376	+ usr/lib/polkit-1/polkitd"
377	+
378	+python_check_deps() {
379	+ python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
380	+ python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
381	+}
382	+
383	+pkg_setup() {
384	+ use test && python-any-r1_pkg_setup
385	+}
386	+
387	+src_prepare() {
388	+ local PATCHES=(
389	+ # musl
390	+ "${FILESDIR}"/${PN}-0.120_p20220509-make-netgroup-support-optional.patch
391	+ )
392	+
393	+ default
394	+
395	+ # bug #401513
396	+ sed -i -e 's\|unix-group:wheel\|unix-user:0\|' src/polkitbackend/*-default.rules \|\| die
397	+}
398	+
399	+src_configure() {
400	+ xdg_environment_reset
401	+
402	+ local emesonargs=(
403	+ --localstatedir="${EPREFIX}"/var
404	+ -Dauthfw="$(usex pam pam shadow)"
405	+ -Dexamples=false
406	+ -Dgtk_doc=false
407	+ -Dman=true
408	+ -Dos_type=gentoo
409	+ -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
410	+ -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
411	+ -Djs_engine=$(usex duktape duktape mozjs)
412	+ $(meson_use introspection)
413	+ $(meson_use test tests)
414	+ $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
415	+ )
416	+ meson_src_configure
417	+}
418	+
419	+src_compile() {
420	+ meson_src_compile
421	+
422	+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
423	+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
424	+}
425	+
426	+src_install() {
427	+ meson_src_install
428	+
429	+ if use examples ; then
430	+ docinto examples
431	+ dodoc src/examples/{.c,.policy*}
432	+ fi
433	+
434	+ diropts -m 0700 -o polkitd
435	+ keepdir /usr/share/polkit-1/rules.d
436	+}
437	+
438	+pkg_postinst() {
439	+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
440	+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
441	+}

Gentoo Archives: gentoo-commits