Age | Commit message (Collapse) | Author |
|
Backport a patch [1] to fix CVE-2021-3560.
[1] https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Make netgroup support optional so it can be disabled on musl
Drop backported patch 0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
- Rebase patches to 0.115
0001-make-netgroup-support-configurable.patch
polkit-1_pam.patch
- Add --disable-libelogind which OE does not have recipe
libelogind
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Make features like netgroup optional, these are not supported by posix
secondly they are poked at during configure so nothing changes for glibc
based systems but it helps compiling with musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Polkit is currently broken in images built with multilib and systemd.
This is because the patch, 0001-do-not-hardcoded-libdir.patch, applied on
top of the polkit source code modifies where the polkitd binary is
installed, but it does not modify the polkit.service file to start the
binary from its new location.
At first it seemed reasonable to modify the systemd service file to
search for the binary in the correct place. This change, as well as what
the patch (0001-do-not-hardcoded-libdir.patch) already does was proposed to
the polkit maintainers at https://bugs.freedesktop.org/show_bug.cgi?id=92094
During the discussion with the polkit maintainers it became apparent that the
change to support multilib polkit should not be done with a patch to
the polkit source code, but instead a change to the polkit recipe.
Polkit correctly installs libraries when multilib is in use without any
changes to its source code. What is being changed by
0001-do-not-hardcoded-libdir.patch is not where the polkit libraries are
installed but where the binaries are installed.
Installing binaries in /usr/lib when baselib is lib64 is acceptable (see
http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s06.html ).
So, instead of patching polkit to install its binaries under the same
library directory as its libraries we maintain the design of the polkit
installer to install the binaries in /usr/lib. This is the same as what is
done in distros like Fedora that supports multilib.
With this patch the polkit package, when built with multilib, installs
files into /usr/lib* as follows:
polkit/usr/lib64/libpolkit-agent-1.so.0
polkit/usr/lib64/libpolkit-gobject-1.so.0
polkit/usr/lib64/libpolkit-gobject-1.so.0.0.0
polkit/usr/lib64/libpolkit-agent-1.so.0.0.0
polkit/usr/lib
polkit/usr/lib/polkit-1
polkit/usr/lib/polkit-1/polkitd
polkit/usr/lib/polkit-1/polkit-agent-helper-1
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Remove 0001-configure.ac-Check-only-for-libsystemd-not-libsystem.patch,
it is not needed anymore.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
libdir is defined as ${prefix}/lib/, but we want it to support multilib path
Signed-off-by: Chunrong Guo <B40290@freescale.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
note: this version's rules are written in jscript.
The following tests were performed:
* run-tests for gnome- and xfce-based image
* update a package that installs a new rule to check if the restricted access
rights for /etc/polkit-1/rules.d don't cause trouble
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
|