diff options
Diffstat (limited to 'sys-auth')
| -rw-r--r-- | sys-auth/elogind/elogind-255.22-r1.ebuild | 1 | ||||
| -rw-r--r-- | sys-auth/elogind/files/elogind-255.22-musl.patch | 86 | ||||
| -rw-r--r-- | sys-auth/nss_ldap/nss_ldap-265-r11.ebuild | 2 | ||||
| -rw-r--r-- | sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild | 2 | ||||
| -rw-r--r-- | sys-auth/passwdqc/passwdqc-2.0.3-r1.ebuild | 2 | ||||
| -rw-r--r-- | sys-auth/polkit/Manifest | 1 | ||||
| -rw-r--r-- | sys-auth/polkit/files/polkit-123-mozjs-JIT.patch | 36 | ||||
| -rw-r--r-- | sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch | 35 | ||||
| -rw-r--r-- | sys-auth/polkit/files/polkit-126-musl.patch | 34 | ||||
| -rw-r--r-- | sys-auth/polkit/files/polkit-126-realpath.patch | 133 | ||||
| -rw-r--r-- | sys-auth/polkit/polkit-123-r1.ebuild | 157 | ||||
| -rw-r--r-- | sys-auth/polkit/polkit-126-r1.ebuild | 159 | ||||
| -rw-r--r-- | sys-auth/rtkit/Manifest | 1 | ||||
| -rw-r--r-- | sys-auth/rtkit/metadata.xml | 2 | ||||
| -rw-r--r-- | sys-auth/rtkit/rtkit-0.14.ebuild | 54 |
15 files changed, 146 insertions, 559 deletions
diff --git a/sys-auth/elogind/elogind-255.22-r1.ebuild b/sys-auth/elogind/elogind-255.22-r1.ebuild index abec7f283991..bf484570bb69 100644 --- a/sys-auth/elogind/elogind-255.22-r1.ebuild +++ b/sys-auth/elogind/elogind-255.22-r1.ebuild @@ -60,6 +60,7 @@ PATCHES=( # https://github.com/elogind/elogind/issues/285 "${FILESDIR}/${PN}-255.17-revert-s2idle.patch" # bug 939042 "${FILESDIR}/${PN}-255.22-revert-openrc-user.patch" # bug 966481 + "${FILESDIR}/${PN}-255.22-musl.patch" # bug 967191 ) python_check_deps() { diff --git a/sys-auth/elogind/files/elogind-255.22-musl.patch b/sys-auth/elogind/files/elogind-255.22-musl.patch new file mode 100644 index 000000000000..38a68be6b25f --- /dev/null +++ b/sys-auth/elogind/files/elogind-255.22-musl.patch @@ -0,0 +1,86 @@ +https://github.com/elogind/elogind/commit/c09b9caece0459ec56b234a87583e1bfac3c3271 + +From c09b9caece0459ec56b234a87583e1bfac3c3271 Mon Sep 17 00:00:00 2001 +From: Sven Eden <sven@eden-worx.com> +Date: Thu, 20 Nov 2025 08:12:12 +0100 +Subject: [PATCH] journal-send.c, bus-error.c: Fix strerror_r handling for + non-GLIBC systems + +Fix the handling of `strerror_r` in non-GLIBC systems to ensure compatibility. + +- Handle `strerror_r` differently for non-GLIBC systems in `journal-send.c`. +- Handle `strerror_r` differently for non-GLIBC systems in `bus-error.c`. +- Remove redundant definition of `strerror_r` from `musl_missing.h`. + +This change ensures that the `strerror_r` function behaves correctly across different environments, particularly on systems using the musl C library. + +Bug: #320 +Closes: #320 +Signed-off-by: Sven Eden <sven@eden-worx.com> +--- + src/basic/musl_missing.h | 2 -- + src/libelogind/sd-bus/bus-error.c | 10 ++++++++++ + src/libelogind/sd-journal/journal-send.c | 5 +++++ + 3 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/src/basic/musl_missing.h b/src/basic/musl_missing.h +index d8a5bff222..3f592f1c6f 100644 +--- a/src/basic/musl_missing.h ++++ b/src/basic/musl_missing.h +@@ -26,8 +26,6 @@ void elogind_set_program_name(const char* pcall); + #include <unistd.h> + #include <pthread.h> /* for pthread_atfork */ + +-#define strerror_r(e, m, k) (strerror_r(e, m, k) < 0 ? strdup("strerror_r() failed") : m); +- + /* + * Possibly TODO according to http://man7.org/linux/man-pages/man3/getenv.3.html + * + test if the process's effective user ID does not match its real user ID or +diff --git a/src/libelogind/sd-bus/bus-error.c b/src/libelogind/sd-bus/bus-error.c +index 58c24d25c0..4895bd3c66 100644 +--- a/src/libelogind/sd-bus/bus-error.c ++++ b/src/libelogind/sd-bus/bus-error.c +@@ -405,7 +405,12 @@ static void bus_error_strerror(sd_bus_error *e, int error) { + return; + + errno = 0; ++#ifndef __GLIBC__ ++ strerror_r(error, m, k); ++ x = m; ++#else // __GLIBC__ + x = strerror_r(error, m, k); ++#endif // __GLIBC__ + if (errno == ERANGE || strlen(x) >= k - 1) { + free(m); + k *= 2; +@@ -591,7 +596,12 @@ const char* _bus_error_message(const sd_bus_error *e, int error, char buf[static + if (e && e->message) + return e->message; + ++#ifndef __GLIBC__ ++ strerror_r(abs(error), buf, ERRNO_BUF_LEN); ++ return buf; ++#else // __GLIBC__ + return strerror_r(abs(error), buf, ERRNO_BUF_LEN); ++#endif // __GLIBC__ + } + + static bool map_ok(const sd_bus_error_map *map) { +diff --git a/src/libelogind/sd-journal/journal-send.c b/src/libelogind/sd-journal/journal-send.c +index f0a0190a5b..6bfa2211f3 100644 +--- a/src/libelogind/sd-journal/journal-send.c ++++ b/src/libelogind/sd-journal/journal-send.c +@@ -424,7 +424,12 @@ static int fill_iovec_perror_and_send(const char *message, int skip, struct iove + char* j; + + errno = 0; ++#ifndef __GLIBC__ ++ strerror_r(_saved_errno_, buffer + 8 + k, n - 8 - k); ++ j = buffer + 8 + k; ++#else // __GLIBC__ + j = strerror_r(_saved_errno_, buffer + 8 + k, n - 8 - k); ++#endif // __GLIBC__ + if (errno == 0) { + char error[STRLEN("ERRNO=") + DECIMAL_STR_MAX(int) + 1]; + + diff --git a/sys-auth/nss_ldap/nss_ldap-265-r11.ebuild b/sys-auth/nss_ldap/nss_ldap-265-r11.ebuild index 0df9f569f0ef..89fc1820eac7 100644 --- a/sys-auth/nss_ldap/nss_ldap-265-r11.ebuild +++ b/sys-auth/nss_ldap/nss_ldap-265-r11.ebuild @@ -11,7 +11,7 @@ SRC_URI="http://www.padl.com/download/${P}.tar.gz" SLOT="0" LICENSE="LGPL-2" -KEYWORDS="~alpha amd64 arm ~hppa ~mips ~ppc ppc64 ~sparc x86 ~amd64-linux" +KEYWORDS="~alpha amd64 arm ~hppa ~mips ~ppc ppc64 ~sparc x86" IUSE="debug kerberos ssl sasl split-usr" DEPEND=" diff --git a/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild b/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild index 4083b17c5ae1..46724b3fdb1a 100644 --- a/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild +++ b/sys-auth/pam_mktemp/pam_mktemp-1.1.1.ebuild @@ -11,7 +11,7 @@ SRC_URI="https://www.openwall.com/pam/modules/${PN}/${P}.tar.gz" LICENSE="BSD-2" # LICENSE file says "heavily cut-down 'BSD license'" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" IUSE="selinux +prevent-removal" RDEPEND="sys-libs/pam diff --git a/sys-auth/passwdqc/passwdqc-2.0.3-r1.ebuild b/sys-auth/passwdqc/passwdqc-2.0.3-r1.ebuild index c25f563a2cbe..62fbb1d233c8 100644 --- a/sys-auth/passwdqc/passwdqc-2.0.3-r1.ebuild +++ b/sys-auth/passwdqc/passwdqc-2.0.3-r1.ebuild @@ -11,7 +11,7 @@ SRC_URI="http://www.openwall.com/${PN}/${P}.tar.gz" LICENSE="Openwall BSD public-domain" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" RDEPEND=" sys-libs/pam diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest index 53e2efde44cd..54fc3fb1fff8 100644 --- a/sys-auth/polkit/Manifest +++ b/sys-auth/polkit/Manifest @@ -1,2 +1 @@ -DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6 DIST polkit-126.tar.gz 456138 BLAKE2B 2e86c8853edf29879d8367b77d210d3a891178297cb5f9eb204a953bfaa66f6ff2307da265f4c3f89265ba8ce32e94641272d654a78d116dfb32a65d402f877a SHA512 dbdbc31b7a231c963788b37cf1a138e30336466fb662225a812faaf58e45439925d9d39346cc8f07e54f22040c2f142435acb9fded315d33e24930e0abc736c7 diff --git a/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch deleted file mode 100644 index 5b3f2c4a3641..000000000000 --- a/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch +++ /dev/null @@ -1,36 +0,0 @@ -https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb - -From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001 -From: Xi Ruoyao <xry111@xry111.site> -Date: Sat, 29 Jul 2023 17:44:58 +0800 -Subject: [PATCH] jsauthority: mozjs: Disable JIT - -The JIT compiling of mozjs needs W/X mapping, but our systemd hardening -setting does not allow it. - -For polkit, security is much more important than the speed running -Javascript code in rule files, so we should disable JIT. - -Fixes #199. ---- a/src/polkitbackend/polkitbackendjsauthority.cpp -+++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -56,7 +56,16 @@ - static class JsInitHelperType - { - public: -- JsInitHelperType() { JS_Init(); } -+ JsInitHelperType() -+ { -+ /* Disable JIT because it needs W/X mapping, which is not allowed by -+ * our systemd hardening setting. -+ */ -+ JS::DisableJitBackend(); -+ -+ JS_Init(); -+ } -+ - ~JsInitHelperType() { JS_ShutDown(); } - } JsInitHelper; - --- -GitLab diff --git a/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch deleted file mode 100644 index f19560943c43..000000000000 --- a/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch +++ /dev/null @@ -1,35 +0,0 @@ -https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d - -From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001 -From: Vincent Mihalkovic <vmihalko@redhat.com> -Date: Wed, 16 Aug 2023 08:59:55 +0000 -Subject: [PATCH] pkexec: fix uninitialized pointer warning - ---- a/src/programs/pkexec.c -+++ b/src/programs/pkexec.c -@@ -53,6 +53,7 @@ - static gchar *original_user_name = NULL; - static gchar *original_cwd; - static gchar *command_line = NULL; -+static gchar *cmdline_short = NULL; - static struct passwd *pw; - - #ifndef HAVE_CLEARENV -@@ -508,6 +509,7 @@ main (int argc, char *argv[]) - path = NULL; - exec_argv = NULL; - command_line = NULL; -+ cmdline_short = NULL; - opt_user = NULL; - local_agent_handle = NULL; - -@@ -802,7 +804,6 @@ main (int argc, char *argv[]) - polkit_details_insert (details, "program", path); - polkit_details_insert (details, "command_line", command_line); - -- gchar *cmdline_short = NULL; - cmdline_short = g_strdup(command_line); - if (strlen(command_line) > 80) - g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ), --- -GitLab diff --git a/sys-auth/polkit/files/polkit-126-musl.patch b/sys-auth/polkit/files/polkit-126-musl.patch deleted file mode 100644 index 3bc3cc128472..000000000000 --- a/sys-auth/polkit/files/polkit-126-musl.patch +++ /dev/null @@ -1,34 +0,0 @@ -https://github.com/polkit-org/polkit/commit/074ad836836167190cfe5649f9fc50da2e79a0ab - -From 074ad836836167190cfe5649f9fc50da2e79a0ab Mon Sep 17 00:00:00 2001 -From: Jan Rybar <jrybar@redhat.com> -Date: Wed, 19 Feb 2025 14:20:22 +0100 -Subject: [PATCH] Fix musl compilation error on Alpine - -Disruptions between glibc and musl-(not-)predefined feature-test macros led to -a decision to remove a check for POSIX standards older than 17 years. It makes no -sense to test the existence of a macro that we explicitly define in -meson.build either (shall we test for _GNU_SOURCE). ---- - src/programs/pkexec.c | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c -index b439475f..4274c92b 100644 ---- a/src/programs/pkexec.c -+++ b/src/programs/pkexec.c -@@ -674,12 +674,8 @@ main (int argc, char *argv[]) - argv[n] = path_abs; - } - } --#if _POSIX_C_SOURCE >= 200809L -+ - s = realpath(path, NULL); --#else -- s = NULL; --# error We have to deal with realpath(3) PATH_MAX madness --#endif - if (s != NULL) - { - /* The called program resolved to the canonical location. We don't update - diff --git a/sys-auth/polkit/files/polkit-126-realpath.patch b/sys-auth/polkit/files/polkit-126-realpath.patch deleted file mode 100644 index 3946932fa1ff..000000000000 --- a/sys-auth/polkit/files/polkit-126-realpath.patch +++ /dev/null @@ -1,133 +0,0 @@ -https://github.com/polkit-org/polkit/commit/9aa43e089d870a8ee695e625237c5b731b250678 - -From 9aa43e089d870a8ee695e625237c5b731b250678 Mon Sep 17 00:00:00 2001 -From: Walter Doekes <walter+github@wjd.nu> -Date: Fri, 25 Oct 2024 23:18:16 +0200 -Subject: [PATCH] pkexec: Use realpath when comparing - org.freedesktop.policykit.exec.path - -This changes the pkexec path that is compared from the original supplied -path to the path resolved by realpath(3). - -That means that "/bin/something" might now be matched as -"/usr/bin/something", a review of your - <annotate key="org.freedesktop.policykit.exec.path"> -actions might be in order. - -Fixes: polkit-org/polkit#194 - -See also: systemd/systemd#34714 ---- - src/programs/pkexec.c | 29 +++++++++++++++++++++++++++-- - test/integration/pkexec/test.sh | 23 +++++++++++++++++++++++ - 2 files changed, 50 insertions(+), 2 deletions(-) - -diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c -index 65c13090..b439475f 100644 ---- a/src/programs/pkexec.c -+++ b/src/programs/pkexec.c -@@ -452,6 +452,7 @@ main (int argc, char *argv[]) - gchar *action_id; - gboolean allow_gui; - gchar **exec_argv; -+ gchar *path_abs; - gchar *path; - struct passwd pwstruct; - gchar pwbuf[8192]; -@@ -508,6 +509,7 @@ main (int argc, char *argv[]) - result = NULL; - action_id = NULL; - saved_env = NULL; -+ path_abs = NULL; - path = NULL; - exec_argv = NULL; - command_line = NULL; -@@ -624,6 +626,8 @@ main (int argc, char *argv[]) - * but do check this is the case. - * - * We also try to locate the program in the path if a non-absolute path is given. -+ * -+ * And then we resolve the real path of the program. - */ - g_assert (argv[argc] == NULL); - path = g_strdup (argv[n]); -@@ -647,7 +651,7 @@ main (int argc, char *argv[]) - } - if (path[0] != '/') - { -- /* g_find_program_in_path() is not suspectible to attacks via the environment */ -+ /* g_find_program_in_path() is not susceptible to attacks via the environment */ - s = g_find_program_in_path (path); - if (s == NULL) - { -@@ -662,9 +666,29 @@ main (int argc, char *argv[]) - */ - if (argv[n] != NULL) - { -- argv[n] = path; -+ /* Must copy because we might replace path later on. */ -+ path_abs = g_strdup(path); -+ /* argv[n:] is used as argv arguments to execv(). The called program -+ * sees the original called path, but we make sure it's absolute. */ -+ if (path_abs != NULL) -+ argv[n] = path_abs; - } - } -+#if _POSIX_C_SOURCE >= 200809L -+ s = realpath(path, NULL); -+#else -+ s = NULL; -+# error We have to deal with realpath(3) PATH_MAX madness -+#endif -+ if (s != NULL) -+ { -+ /* The called program resolved to the canonical location. We don't update -+ * argv[n] this time. The called program still sees the original -+ * called path. This is very important for multi-call binaries like -+ * busybox. */ -+ g_free (path); -+ path = s; -+ } - if (access (path, F_OK) != 0) - { - g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno)); -@@ -1084,6 +1108,7 @@ main (int argc, char *argv[]) - } - - g_free (original_cwd); -+ g_free (path_abs); - g_free (path); - g_free (command_line); - g_free (cmdline_short); -diff --git a/test/integration/pkexec/test.sh b/test/integration/pkexec/test.sh -index 4c76687b..e57b948f 100755 ---- a/test/integration/pkexec/test.sh -+++ b/test/integration/pkexec/test.sh -@@ -142,3 +142,26 @@ sudo -u "$TEST_USER" expect "$TMP_DIR/SIGTRAP-on-EOF.exp" | tee "$TMP_DIR/SIGTRA - grep -q "AUTHENTICATION FAILED" "$TMP_DIR/SIGTRAP-on-EOF.log" - grep -q "Not authorized" "$TMP_DIR/SIGTRAP-on-EOF.log" - rm -f "$TMP_DIR/SIGTRAP-on-EOF.log" -+ -+: "Check absolute (but not canonicalized) path" -+BASH_ABS=$(command -v bash) -+ln -s "$BASH_ABS" ./my-bash -+sudo -u "$TEST_USER" expect "$TMP_DIR/basic-auth.exp" "$TEST_USER_PASSWORD" ./my-bash -c true | tee "$TMP_DIR/absolute-path.log" -+grep -Eq "Authentication is needed to run \`/.*/${PWD##*/}/./my-bash -c true' as the super user" "$TMP_DIR/absolute-path.log" -+grep -q "AUTHENTICATION COMPLETE" "$TMP_DIR/absolute-path.log" -+rm -f "$TMP_DIR/absolute-path.log" -+rm -f "./my-bash" -+ -+: "Check canonicalized path" -+if command -v strace; then -+ BASH_ABS=$(command -v bash) -+ ln -s "$BASH_ABS" ./my-bash -+ sudo -u "$TEST_USER" strace -s 512 -o "$TMP_DIR/canonical-path.strace" -feexecve \ -+ expect "$TMP_DIR/basic-auth.exp" "$TEST_USER_PASSWORD" ./my-bash -c true | tee "$TMP_DIR/canonical-path.log" -+ cat "$TMP_DIR/canonical-path.strace" -+ grep -qF "execve(\"$BASH_ABS\", [\"$PWD/./my-bash\"," "$TMP_DIR/canonical-path.strace" -+ grep -q "AUTHENTICATION COMPLETE" "$TMP_DIR/canonical-path.log" -+ rm -f "$TMP_DIR/canonical-path.log" "$TMP_DIR/canonical-path.strace" -+ rm -f "./my-bash" -+ rm -f "$TMP_DIR/preload.c" "$TMP_DIR/preload.so" -+fi - diff --git a/sys-auth/polkit/polkit-123-r1.ebuild b/sys-auth/polkit/polkit-123-r1.ebuild deleted file mode 100644 index 34b4e42c38f8..000000000000 --- a/sys-auth/polkit/polkit-123-r1.ebuild +++ /dev/null @@ -1,157 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_11 ) -inherit meson pam pax-utils python-any-r1 systemd xdg-utils - -DESCRIPTION="Policy framework for controlling privileges for system-wide services" -HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" -if [[ ${PV} == *_p* ]] ; then - # Upstream don't make releases very often. Test snapshots throughly - # and review commits, but don't shy away if there's useful stuff there - # we want. - MY_COMMIT="" - SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2" - - S="${WORKDIR}"/${PN}-${MY_COMMIT} -else - SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2" -fi - -LICENSE="LGPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" -IUSE="examples gtk +introspection kde pam selinux systemd test" -# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction -RESTRICT="!test? ( test ) test" - -# This seems to be fixed with 121? -#if [[ ${PV} == *_p* ]] ; then -# RESTRICT="!test? ( test )" -#else -# # Tests currently don't work with meson in the dist tarballs. See -# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144 -# RESTRICT="test" -#fi - -BDEPEND=" - acct-user/polkitd - app-text/docbook-xml-dtd:4.1.2 - app-text/docbook-xsl-stylesheets - dev-libs/glib - dev-libs/gobject-introspection-common - dev-libs/libxslt - dev-util/glib-utils - sys-devel/gettext - virtual/pkgconfig - introspection? ( >=dev-libs/gobject-introspection-1.82.0-r2 ) - test? ( - $(python_gen_any_dep ' - dev-python/dbus-python[${PYTHON_USEDEP}] - dev-python/python-dbusmock[${PYTHON_USEDEP}] - ') - ) -" -DEPEND=" - >=dev-libs/glib-2.32:2 - dev-libs/expat - dev-lang/duktape:= - pam? ( - sys-auth/pambase - sys-libs/pam - ) - !pam? ( virtual/libcrypt:= ) - systemd? ( sys-apps/systemd:0=[policykit] ) - !systemd? ( sys-auth/elogind ) -" -RDEPEND=" - ${DEPEND} - acct-user/polkitd - selinux? ( sec-policy/selinux-policykit ) -" -PDEPEND=" - gtk? ( || ( - >=gnome-extra/polkit-gnome-0.105 - >=lxde-base/lxsession-0.5.2 - ) ) - kde? ( kde-plasma/polkit-kde-agent ) -" - -DOCS=( docs/TODO HACKING.md NEWS.md README.md ) - -QA_MULTILIB_PATHS=" - usr/lib/polkit-1/polkit-agent-helper-1 - usr/lib/polkit-1/polkitd -" - -PATCHES=( - "${FILESDIR}"/${P}-mozjs-JIT.patch - "${FILESDIR}"/${P}-pkexec-uninitialized.patch -) - -python_check_deps() { - python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && - python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" -} - -pkg_setup() { - use test && python-any-r1_pkg_setup -} - -src_prepare() { - default - - # bug #401513 - sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die -} - -src_configure() { - xdg_environment_reset - - local emesonargs=( - --localstatedir="${EPREFIX}"/var - -Dauthfw="$(usex pam pam shadow)" - -Dexamples=false - -Dgtk_doc=false - -Dman=true - -Dos_type=gentoo - -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" - -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" - -Djs_engine=duktape - -Dlibs-only=false - $(meson_use introspection) - $(meson_use test tests) - $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') - ) - meson_src_configure -} - -src_compile() { - meson_src_compile - - # Required for polkitd on hardened/PaX due to spidermonkey's JIT - pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest -} - -src_install() { - meson_src_install - - if use examples ; then - docinto examples - dodoc src/examples/{*.c,*.policy*} - fi - - if [[ ${EUID} == 0 ]]; then - diropts -m 0700 -o polkitd - fi - keepdir /etc/polkit-1/rules.d -} - -pkg_postinst() { - if [[ ${EUID} == 0 ]]; then - chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d - chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d - fi -} diff --git a/sys-auth/polkit/polkit-126-r1.ebuild b/sys-auth/polkit/polkit-126-r1.ebuild deleted file mode 100644 index 1511837ee9fb..000000000000 --- a/sys-auth/polkit/polkit-126-r1.ebuild +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{11..13} ) -inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils - -DESCRIPTION="Policy framework for controlling privileges for system-wide services" -HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/polkit-org/polkit" - inherit git-r3 -elif [[ ${PV} == *_p* ]] ; then - # Upstream don't make releases very often. Test snapshots throughly - # and review commits, but don't shy away if there's useful stuff there - # we want. - MY_COMMIT="" - SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" - - S="${WORKDIR}"/${PN}-${MY_COMMIT} -else - SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" -fi - -LICENSE="LGPL-2" -SLOT="0" -if [[ ${PV} != 9999 ]] ; then - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" -fi -IUSE="examples gtk +introspection kde pam nls selinux systemd test" -RESTRICT="!test? ( test )" - -BDEPEND=" - acct-user/polkitd - app-text/docbook-xml-dtd:4.1.2 - app-text/docbook-xsl-stylesheets - >=dev-libs/glib-2.32 - dev-libs/gobject-introspection-common - dev-libs/libxslt - dev-util/glib-utils - virtual/pkgconfig - introspection? ( >=dev-libs/gobject-introspection-1.82.0-r2 ) - nls? ( sys-devel/gettext ) - test? ( - $(python_gen_any_dep ' - dev-python/dbus-python[${PYTHON_USEDEP}] - dev-python/python-dbusmock[${PYTHON_USEDEP}] - ') - ) -" -DEPEND=" - >=dev-libs/glib-2.32:2 - dev-libs/expat - dev-lang/duktape:= - pam? ( - sys-auth/pambase - sys-libs/pam - ) - !pam? ( virtual/libcrypt:= ) - systemd? ( sys-apps/systemd:0=[policykit] ) - !systemd? ( sys-auth/elogind ) -" -RDEPEND=" - ${DEPEND} - acct-user/polkitd - selinux? ( sec-policy/selinux-policykit ) -" -PDEPEND=" - gtk? ( || ( - >=gnome-extra/polkit-gnome-0.105 - >=lxde-base/lxsession-0.5.2 - ) ) - kde? ( kde-plasma/polkit-kde-agent ) -" - -DOCS=( docs/TODO HACKING.md NEWS.md README.md ) - -QA_MULTILIB_PATHS=" - usr/lib/polkit-1/polkit-agent-helper-1 - usr/lib/polkit-1/polkitd -" - -PATCHES=( - "${FILESDIR}"/${P}-elogind.patch - "${FILESDIR}"/${P}-realpath.patch - "${FILESDIR}"/${P}-musl.patch -) - -python_check_deps() { - python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && - python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" -} - -pkg_setup() { - use test && python-any-r1_pkg_setup -} - -src_prepare() { - default - - # bug #401513 - sed -i -e 's|unix-group:@PRIVILEGED_GROUP@|unix-user:@PRIVILEGED_GROUP@|' src/polkitbackend/*-default.rules.in || die -} - -src_configure() { - xdg_environment_reset - - local emesonargs=( - --localstatedir="${EPREFIX}"/var - -Dauthfw="$(usex pam pam shadow)" - -Dexamples=false - -Dgtk_doc=false - -Dman=true - -Dos_type=gentoo - -Dpam_module_dir=$(getpam_mod_dir) - -Dprivileged_group=0 - -Dsession_tracking="$(usex systemd logind elogind)" - -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" - -Dlibs-only=false - $(meson_use introspection) - $(meson_use nls gettext) - $(meson_use test tests) - ) - meson_src_configure -} - -src_compile() { - meson_src_compile - - # Required for polkitd on hardened/PaX due to spidermonkey's JIT - pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest -} - -src_install() { - meson_src_install - - # acct-user/polkitd installs its own (albeit with a different filename) - rm -rf "${ED}"/usr/lib/sysusers.d || die - - if use examples ; then - docinto examples - dodoc src/examples/{*.c,*.policy*} - fi - - if [[ ${EUID} == 0 ]]; then - diropts -m 0700 -o polkitd - fi - keepdir /etc/polkit-1/rules.d -} - -pkg_postinst() { - tmpfiles_process polkit-tmpfiles.conf - - if [[ ${EUID} == 0 ]]; then - chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d - chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d - fi -} diff --git a/sys-auth/rtkit/Manifest b/sys-auth/rtkit/Manifest index 85ac152341da..4ff270c992d3 100644 --- a/sys-auth/rtkit/Manifest +++ b/sys-auth/rtkit/Manifest @@ -1 +1,2 @@ DIST rtkit-0.13.tar.xz 130796 BLAKE2B 842d04556a47c199bed9fc6bc9281c0d88f83e183f01ef57ecbd80ce72949a301d6682a3aab96e996e71b82d8e8c7a85e1d44524f2ed6fbdffc6bf236cdcadaa SHA512 c058d770a4ccfdf4e2e3a713748b6a705b6d3e148a903b9dbba4bba9d3ded2b819d7dfbfa37b9fad78e57c0a5f10f2f94226f8738f666e692a085ab297a36b36 +DIST rtkit-v0.14.tar.bz2 41311 BLAKE2B 824bd873e09138ad0b8bac9509db81db5d777310a5d6709e3cc9816befef2e88403ec6e576114b397086c414c048a29a0ba567d0407f28cb433b33e68da877a6 SHA512 ad2cf2b850536ed8e9d03768ce5073fa42da0b1244ea1e70705b9244513b87512918549b8657a4a2132345c8b74e9dc452eca628bb252b1a621a7ab7ccb38c7b diff --git a/sys-auth/rtkit/metadata.xml b/sys-auth/rtkit/metadata.xml index 29358ddb98c2..830a84a5a4ac 100644 --- a/sys-auth/rtkit/metadata.xml +++ b/sys-auth/rtkit/metadata.xml @@ -8,6 +8,6 @@ rlimits, etc. </longdescription> <upstream> - <remote-id type="github">heftig/rtkit</remote-id> + <remote-id type="freedesktop-gitlab">pipewire/rtkit</remote-id> </upstream> </pkgmetadata> diff --git a/sys-auth/rtkit/rtkit-0.14.ebuild b/sys-auth/rtkit/rtkit-0.14.ebuild new file mode 100644 index 000000000000..aa879b2834df --- /dev/null +++ b/sys-auth/rtkit/rtkit-0.14.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit linux-info meson systemd + +MY_P=${PN}-v${PV} +DESCRIPTION="Realtime Policy and Watchdog Daemon" +HOMEPAGE="https://gitlab.freedesktop.org/pipewire/rtkit" +SRC_URI="https://gitlab.freedesktop.org/pipewire/rtkit/-/archive/v${PV}/${MY_P}.tar.bz2" +S="${WORKDIR}"/${MY_P} + +LICENSE="GPL-3 BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +IUSE="selinux systemd" + +DEPEND=" + acct-group/rtkit + acct-user/rtkit + sys-apps/dbus + sys-auth/polkit + sys-libs/libcap + systemd? ( sys-apps/systemd ) +" +RDEPEND=" + ${DEPEND} + selinux? ( sec-policy/selinux-rtkit ) +" +BDEPEND=" + dev-util/xxd + virtual/pkgconfig +" + +pkg_pretend() { + if use kernel_linux; then + CONFIG_CHECK="~!RT_GROUP_SCHED" + ERROR_RT_GROUP_SCHED="CONFIG_RT_GROUP_SCHED is enabled. rtkit-daemon (or any other " + ERROR_RT_GROUP_SCHED+="real-time task) will not work unless run as root. Please consider " + ERROR_RT_GROUP_SCHED+="unsetting this option." + check_extra_config + fi +} + +src_configure() { + local emesonargs=( + -Dinstalled_tests=false + $(meson_feature systemd libsystemd) + -Dsystemd_systemunitdir="$(systemd_get_systemunitdir)" + ) + + meson_src_configure +} |