diff options
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-extended/polkit')
8 files changed, 235 insertions, 0 deletions
diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.NetworkManager.rules b/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.NetworkManager.rules new file mode 100644 index 000000000..4b50cf881 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.NetworkManager.rules @@ -0,0 +1,8 @@ +/* give group 'network' rights to change settings */ +/* taken from https://wiki.archlinux.org/index.php/NetworkManager#Set_up_PolicyKit_permissions */ + +polkit.addRule(function(action, subject) { + if (action.id.indexOf("org.freedesktop.NetworkManager.") == 0 && subject.isInGroup("network")) { + return polkit.Result.YES; + } +}); diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.timedate1.rules b/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.timedate1.rules new file mode 100644 index 000000000..95b0e0f69 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.timedate1.rules @@ -0,0 +1,8 @@ +/* give group 'datetime' rights to change settings */ +/* based upon http://lists.freedesktop.org/archives/systemd-devel/2013-March/009576.html */ + +polkit.addRule(function(action, subject) { + if (action.id.indexOf("org.freedesktop.timedate1.") == 0 && subject.isInGroup("datetime")) { + return polkit.Result.YES; + } +}); diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-datetime.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-datetime.bb new file mode 100644 index 000000000..934a53e5c --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-datetime.bb @@ -0,0 +1,14 @@ +DESCRIPTION = "Create usergroup datetime. All members off this group are allowed set date/time/timezone via system dbus" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +require polkit-group-rule.inc + +SRC_URI = "file://50-org.freedesktop.timedate1.rules" + +do_install() { + install -m 0755 ${WORKDIR}/50-org.freedesktop.timedate1.rules ${D}${sysconfdir}/polkit-1/rules.d +} + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "--system datetime" diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-network.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-network.bb new file mode 100644 index 000000000..66a73eaaf --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-network.bb @@ -0,0 +1,14 @@ +DESCRIPTION = "Create usergroup network. All members off this group are allowed to modify networkmanager settings" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +require polkit-group-rule.inc + +SRC_URI = "file://50-org.freedesktop.NetworkManager.rules" + +do_install() { + install -m 0755 ${WORKDIR}/50-org.freedesktop.NetworkManager.rules ${D}${sysconfdir}/polkit-1/rules.d +} + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "--system network" diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc new file mode 100644 index 000000000..40e400542 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc @@ -0,0 +1,10 @@ +# polkit must prepare polkitd group +DEPENDS += "polkit" + +inherit useradd + +do_install_prepend() { + install -m 700 -d ${D}${sysconfdir}/polkit-1/rules.d + chown polkitd:polkitd ${D}${sysconfdir}/polkit-1/rules.d +} +USERADD_PARAM_${PN}_prepend = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;" diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-make-netgroup-support-configurable.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-make-netgroup-support-configurable.patch new file mode 100644 index 000000000..4e3af876e --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-make-netgroup-support-configurable.patch @@ -0,0 +1,107 @@ +From 7d5e205aa58a10e7b1ccc2fa75b443508a5c3e18 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 20 Jan 2016 04:31:59 +0000 +Subject: [PATCH] make netgroup support configurable + +Disable using innetgr and *netigrent function if not available + +These functions are not available on all libc implementations e.g. musl +doesnt have them. + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- +Upstream-Status: Pending + + configure.ac | 2 +- + src/polkitbackend/polkitbackendinteractiveauthority.c | 6 +++++- + src/polkitbackend/polkitbackendjsauthority.c | 5 ++--- + 3 files changed, 8 insertions(+), 5 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 07982d1..21590b2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -158,7 +158,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], + [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) + AC_SUBST(EXPAT_LIBS) + +-AC_CHECK_FUNCS(clearenv fdatasync) ++AC_CHECK_FUNCS(clearenv fdatasync getnetgrent innetgr) + + if test "x$GCC" = "xyes"; then + LDFLAGS="-Wl,--as-needed $LDFLAGS" +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 7019356..cf39d77 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -2213,7 +2213,7 @@ get_users_in_group (PolkitIdentity *group, + out: + return ret; + } +- ++#if defined HAVE_GETNETGRENT + static GList * + get_users_in_net_group (PolkitIdentity *group, + gboolean include_root) +@@ -2270,6 +2270,8 @@ get_users_in_net_group (PolkitIdentity *group, + return ret; + } + ++#endif ++ + /* ---------------------------------------------------------------------------------------------------- */ + + static void +@@ -2355,10 +2357,12 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + { + user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE)); + } ++#if defined HAVE_GETNETGRENT + else if (POLKIT_IS_UNIX_NETGROUP (identity)) + { + user_identities = g_list_concat (user_identities, get_users_in_net_group (identity, FALSE)); + } ++#endif + else + { + g_warning ("Unsupported identity"); +diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c +index 097dcc5..e59b3f7 100644 +--- a/src/polkitbackend/polkitbackendjsauthority.c ++++ b/src/polkitbackend/polkitbackendjsauthority.c +@@ -1498,7 +1498,6 @@ js_polkit_spawn (JSContext *cx, + + /* ---------------------------------------------------------------------------------------------------- */ + +- + static JSBool + js_polkit_user_is_in_netgroup (JSContext *cx, + unsigned argc, +@@ -1518,6 +1517,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, + user = JS_EncodeString (cx, user_str); + netgroup = JS_EncodeString (cx, netgroup_str); + ++#if defined HAVE_INNETGR + if (innetgr (netgroup, + NULL, /* host */ + user, +@@ -1525,6 +1525,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, + { + is_in_netgroup = JS_TRUE; + } ++#endif + + JS_free (cx, netgroup); + JS_free (cx, user); +@@ -1536,8 +1537,6 @@ js_polkit_user_is_in_netgroup (JSContext *cx, + return ret; + } + +- +- + /* ---------------------------------------------------------------------------------------------------- */ + + typedef struct +-- +2.7.0 + diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/polkit-1_pam.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/polkit-1_pam.patch new file mode 100644 index 000000000..74647efce --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/polkit-1_pam.patch @@ -0,0 +1,23 @@ +polkit: No system-auth in OE-Core, we can use common-* in place of it. + +Upstream-Status:Inappropriate [configuration] + +Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com> + +--- a/configure.ac 2011-03-04 02:26:20.000000000 +0800 ++++ b/configure.ac.new 2011-07-18 10:14:12.516818852 +0800 +@@ -350,10 +350,10 @@ + PAM_FILE_INCLUDE_PASSWORD=system + PAM_FILE_INCLUDE_SESSION=system + else +- PAM_FILE_INCLUDE_AUTH=system-auth +- PAM_FILE_INCLUDE_ACCOUNT=system-auth +- PAM_FILE_INCLUDE_PASSWORD=system-auth +- PAM_FILE_INCLUDE_SESSION=system-auth ++ PAM_FILE_INCLUDE_AUTH=common-auth ++ PAM_FILE_INCLUDE_ACCOUNT=common-account ++ PAM_FILE_INCLUDE_PASSWORD=common-password ++ PAM_FILE_INCLUDE_SESSION=common-session + fi + + AC_SUBST(PAM_FILE_INCLUDE_AUTH) diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.113.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.113.bb new file mode 100644 index 000000000..f34928fe3 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.113.bb @@ -0,0 +1,51 @@ +SUMMARY = "PolicyKit Authorization Framework" +DESCRIPTION = "The polkit package is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes." +HOMEPAGE = "http://www.freedesktop.org/wiki/Software/polkit" +LICENSE = "LGPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \ + file://src/polkit/polkit.h;beginline=1;endline=20;md5=0a8630b0133176d0504c87a0ded39db4" + +DEPENDS = "expat glib-2.0 intltool-native mozjs" + +inherit autotools gtk-doc pkgconfig useradd systemd gobject-introspection + +PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', \ + bb.utils.contains('DISTRO_FEATURES', 'x11', 'consolekit', '', d), d)} \ + " + +PACKAGECONFIG[pam] = "--with-authfw=pam,--with-authfw=shadow,libpam,libpam" +PACKAGECONFIG[systemd] = "--enable-libsystemd-login=yes --with-systemdsystemunitdir=${systemd_unitdir}/system/,--enable-libsystemd-login=no --with-systemdsystemunitdir=,systemd" +# there is no --enable/--disable option for consolekit and it's not picked by shlibs, so add it to RDEPENDS +PACKAGECONFIG[consolekit] = ",,,consolekit" + +PAM_SRC_URI = "file://polkit-1_pam.patch" +SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \ + file://0001-make-netgroup-support-configurable.patch \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ +" +SRC_URI[md5sum] = "4b77776c9e4f897dcfe03b2c34198edf" +SRC_URI[sha256sum] = "e1c095093c654951f78f8618d427faf91cf62abdefed98de40ff65eca6413c81" + +EXTRA_OECONF = "--with-os-type=moblin --disable-man-pages" + +do_compile_prepend () { + export GIR_EXTRA_LIBS_PATH="${B}/src/polkit/.libs" +} + +PACKAGES =+ "${PN}-examples" + +FILES_${PN}_append = " \ + ${libdir}/${BPN}-1 \ + ${nonarch_libdir}/${BPN}-1 \ + ${datadir}/dbus-1 \ + ${datadir}/${BPN}-1 \ +" + +FILES_${PN}-examples = "${bindir}/*example*" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 polkitd" + +SYSTEMD_SERVICE_${PN} = "${BPN}.service" +SYSTEMD_AUTO_ENABLE = "disable" |