8 files changed, 235 insertions, 0 deletions
diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.NetworkManager.rules b/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.NetworkManager.rules
new file mode 100644
index 000000000..4b50cf881
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.NetworkManager.rules
@@ -0,0 +1,8 @@
+/* give group 'network' rights to change settings */
+/* taken from https://wiki.archlinux.org/index.php/NetworkManager#Set_up_PolicyKit_permissions */
+
+polkit.addRule(function(action, subject) {
+  if (action.id.indexOf("org.freedesktop.NetworkManager.") == 0 && subject.isInGroup("network")) {
+    return polkit.Result.YES;
+  }
+});
diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.timedate1.rules b/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.timedate1.rules
new file mode 100644
index 000000000..95b0e0f69
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.timedate1.rules
@@ -0,0 +1,8 @@
+/* give group 'datetime' rights to change settings */
+/* based upon http://lists.freedesktop.org/archives/systemd-devel/2013-March/009576.html */
+
+polkit.addRule(function(action, subject) {
+  if (action.id.indexOf("org.freedesktop.timedate1.") == 0 && subject.isInGroup("datetime")) {
+    return polkit.Result.YES;
+  }
+});
diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-datetime.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-datetime.bb
new file mode 100644
index 000000000..934a53e5c
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-datetime.bb
@@ -0,0 +1,14 @@
+DESCRIPTION = "Create usergroup datetime. All members off this group are allowed set date/time/timezone via system dbus"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+require polkit-group-rule.inc
+
+SRC_URI = "file://50-org.freedesktop.timedate1.rules"
+
+do_install() {
+        install -m 0755 ${WORKDIR}/50-org.freedesktop.timedate1.rules ${D}${sysconfdir}/polkit-1/rules.d
+}
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "--system datetime"
diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-network.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-network.bb
new file mode 100644
index 000000000..66a73eaaf
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-network.bb
@@ -0,0 +1,14 @@
+DESCRIPTION = "Create usergroup network. All members off this group are allowed to modify networkmanager settings"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+require polkit-group-rule.inc
+
+SRC_URI = "file://50-org.freedesktop.NetworkManager.rules"
+
+do_install() {
+        install -m 0755 ${WORKDIR}/50-org.freedesktop.NetworkManager.rules ${D}${sysconfdir}/polkit-1/rules.d
+}
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "--system network"
diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc
new file mode 100644
index 000000000..40e400542
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc
@@ -0,0 +1,10 @@
+# polkit must prepare polkitd group
+DEPENDS += "polkit"
+
+inherit useradd
+
+do_install_prepend() {
+    install -m 700 -d ${D}${sysconfdir}/polkit-1/rules.d
+    chown polkitd:polkitd ${D}${sysconfdir}/polkit-1/rules.d
+}
+USERADD_PARAM_${PN}_prepend = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;"
diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-make-netgroup-support-configurable.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-make-netgroup-support-configurable.patch
new file mode 100644
index 000000000..4e3af876e
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-make-netgroup-support-configurable.patch
@@ -0,0 +1,107 @@
+From 7d5e205aa58a10e7b1ccc2fa75b443508a5c3e18 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 20 Jan 2016 04:31:59 +0000
+Subject: [PATCH] make netgroup support configurable
+
+Disable using innetgr and *netigrent function if not available
+
+These functions are not available on all libc implementations e.g. musl
+doesnt have them.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+Upstream-Status: Pending
+
+ configure.ac                                          | 2 +-
+ src/polkitbackend/polkitbackendinteractiveauthority.c | 6 +++++-
+ src/polkitbackend/polkitbackendjsauthority.c          | 5 ++---
+ 3 files changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 07982d1..21590b2 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -158,7 +158,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+ 	     [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+ 
+-AC_CHECK_FUNCS(clearenv fdatasync)
++AC_CHECK_FUNCS(clearenv fdatasync getnetgrent innetgr)
+ 
+ if test "x$GCC" = "xyes"; then
+   LDFLAGS="-Wl,--as-needed $LDFLAGS"
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 7019356..cf39d77 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -2213,7 +2213,7 @@ get_users_in_group (PolkitIdentity                    *group,
+  out:
+   return ret;
+ }
+-
++#if defined HAVE_GETNETGRENT
+ static GList *
+ get_users_in_net_group (PolkitIdentity                    *group,
+                         gboolean                           include_root)
+@@ -2270,6 +2270,8 @@ get_users_in_net_group (PolkitIdentity                    *group,
+   return ret;
+ }
+ 
++#endif
++
+ /* ---------------------------------------------------------------------------------------------------- */
+ 
+ static void
+@@ -2355,10 +2357,12 @@ authentication_agent_initiate_challenge (AuthenticationAgent         *agent,
+         {
+           user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE));
+         }
++#if defined HAVE_GETNETGRENT
+       else if (POLKIT_IS_UNIX_NETGROUP (identity))
+         {
+           user_identities =  g_list_concat (user_identities, get_users_in_net_group (identity, FALSE));
+         }
++#endif
+       else
+         {
+           g_warning ("Unsupported identity");
+diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c
+index 097dcc5..e59b3f7 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.c
++++ b/src/polkitbackend/polkitbackendjsauthority.c
+@@ -1498,7 +1498,6 @@ js_polkit_spawn (JSContext  *cx,
+ 
+ /* ---------------------------------------------------------------------------------------------------- */
+ 
+-
+ static JSBool
+ js_polkit_user_is_in_netgroup (JSContext  *cx,
+                                unsigned    argc,
+@@ -1518,6 +1517,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
+   user = JS_EncodeString (cx, user_str);
+   netgroup = JS_EncodeString (cx, netgroup_str);
+ 
++#if defined HAVE_INNETGR
+   if (innetgr (netgroup,
+                NULL,  /* host */
+                user,
+@@ -1525,6 +1525,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
+     {
+       is_in_netgroup =  JS_TRUE;
+     }
++#endif
+ 
+   JS_free (cx, netgroup);
+   JS_free (cx, user);
+@@ -1536,8 +1537,6 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
+   return ret;
+ }
+ 
+-
+-
+ /* ---------------------------------------------------------------------------------------------------- */
+ 
+ typedef struct
+-- 
+2.7.0
+
diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/polkit-1_pam.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/polkit-1_pam.patch
new file mode 100644
index 000000000..74647efce
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/polkit-1_pam.patch
@@ -0,0 +1,23 @@
+polkit: No system-auth in OE-Core, we can use common-* in place of it.
+
+Upstream-Status:Inappropriate [configuration]
+
+Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
+
+--- a/configure.ac	2011-03-04 02:26:20.000000000 +0800
++++ b/configure.ac.new	2011-07-18 10:14:12.516818852 +0800
+@@ -350,10 +350,10 @@
+     PAM_FILE_INCLUDE_PASSWORD=system
+     PAM_FILE_INCLUDE_SESSION=system
+ else
+-   PAM_FILE_INCLUDE_AUTH=system-auth
+-   PAM_FILE_INCLUDE_ACCOUNT=system-auth
+-   PAM_FILE_INCLUDE_PASSWORD=system-auth
+-   PAM_FILE_INCLUDE_SESSION=system-auth
++   PAM_FILE_INCLUDE_AUTH=common-auth
++   PAM_FILE_INCLUDE_ACCOUNT=common-account
++   PAM_FILE_INCLUDE_PASSWORD=common-password
++   PAM_FILE_INCLUDE_SESSION=common-session
+ fi
+ 
+ AC_SUBST(PAM_FILE_INCLUDE_AUTH)
diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.113.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.113.bb
new file mode 100644
index 000000000..f34928fe3
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.113.bb
@@ -0,0 +1,51 @@
+SUMMARY = "PolicyKit Authorization Framework"
+DESCRIPTION = "The polkit package is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes."
+HOMEPAGE = "http://www.freedesktop.org/wiki/Software/polkit"
+LICENSE = "LGPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
+                    file://src/polkit/polkit.h;beginline=1;endline=20;md5=0a8630b0133176d0504c87a0ded39db4"
+
+DEPENDS = "expat glib-2.0 intltool-native mozjs"
+
+inherit autotools gtk-doc pkgconfig useradd systemd gobject-introspection
+
+PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
+                 ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', \
+                    bb.utils.contains('DISTRO_FEATURES', 'x11', 'consolekit', '', d), d)} \
+                "
+
+PACKAGECONFIG[pam] = "--with-authfw=pam,--with-authfw=shadow,libpam,libpam"
+PACKAGECONFIG[systemd] = "--enable-libsystemd-login=yes --with-systemdsystemunitdir=${systemd_unitdir}/system/,--enable-libsystemd-login=no --with-systemdsystemunitdir=,systemd"
+# there is no --enable/--disable option for consolekit and it's not picked by shlibs, so add it to RDEPENDS
+PACKAGECONFIG[consolekit] = ",,,consolekit"
+
+PAM_SRC_URI = "file://polkit-1_pam.patch"
+SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \
+    file://0001-make-netgroup-support-configurable.patch \
+    ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+"
+SRC_URI[md5sum] = "4b77776c9e4f897dcfe03b2c34198edf"
+SRC_URI[sha256sum] = "e1c095093c654951f78f8618d427faf91cf62abdefed98de40ff65eca6413c81"
+
+EXTRA_OECONF = "--with-os-type=moblin --disable-man-pages"
+
+do_compile_prepend () {
+    export GIR_EXTRA_LIBS_PATH="${B}/src/polkit/.libs"
+}
+
+PACKAGES =+ "${PN}-examples"
+
+FILES_${PN}_append = " \
+    ${libdir}/${BPN}-1 \
+    ${nonarch_libdir}/${BPN}-1 \
+    ${datadir}/dbus-1 \
+    ${datadir}/${BPN}-1 \
+"
+
+FILES_${PN}-examples = "${bindir}/*example*"
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 polkitd"
+
+SYSTEMD_SERVICE_${PN} = "${BPN}.service"
+SYSTEMD_AUTO_ENABLE = "disable"