From 6757155f09a275771f26c209ad4559f152d7b7da Mon Sep 17 00:00:00 2001 From: Markus Volk Date: Tue, 5 Mar 2024 12:56:13 +0100 Subject: polkit: update 123 -> 124 - support for mozjs-115 was added, remove the patch - update 0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch - include missing files to avoid: /usr/lib/pam.d /usr/lib/sysusers.d /usr/lib/pam.d/polkit-1 /usr/lib/sysusers.d/polkit.conf Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. ERROR: polkit-124-r0 do_package: QA Issue: polkit: Files/directories were installed but not shipped in any package: Signed-off-by: Khem Raj --- .../0001-jsauthority-Bump-mozjs-to-115.patch | 26 --------- ...service.in-disable-MemoryDenyWriteExecute.patch | 11 ++-- meta-oe/recipes-extended/polkit/polkit_123.bb | 54 ------------------- meta-oe/recipes-extended/polkit/polkit_124.bb | 61 ++++++++++++++++++++++ 4 files changed, 65 insertions(+), 87 deletions(-) delete mode 100644 meta-oe/recipes-extended/polkit/polkit/0001-jsauthority-Bump-mozjs-to-115.patch delete mode 100644 meta-oe/recipes-extended/polkit/polkit_123.bb create mode 100644 meta-oe/recipes-extended/polkit/polkit_124.bb diff --git a/meta-oe/recipes-extended/polkit/polkit/0001-jsauthority-Bump-mozjs-to-115.patch b/meta-oe/recipes-extended/polkit/polkit/0001-jsauthority-Bump-mozjs-to-115.patch deleted file mode 100644 index 163a03cfc3..0000000000 --- a/meta-oe/recipes-extended/polkit/polkit/0001-jsauthority-Bump-mozjs-to-115.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 2f0de2a831ab106fce210c1d65baef041256bc18 Mon Sep 17 00:00:00 2001 -From: Xi Ruoyao -Date: Mon, 18 Sep 2023 01:53:04 +0800 -Subject: [PATCH] jsauthority: Bump mozjs to 115 - -No code change is needed! - -Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b340f50b7bb963863ede7c63f9a0b5c50c80c1e1] -Signed-off-by: Alexander Kanavin ---- - meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/meson.build b/meson.build -index 3b96562..92b68fd 100644 ---- a/meson.build -+++ b/meson.build -@@ -153,7 +153,7 @@ if js_engine == 'duktape' - func = 'pthread_condattr_setclock' - config_h.set('HAVE_' + func.to_upper(), cc.has_function(func, prefix : '#include ')) - elif js_engine == 'mozjs' -- js_dep = dependency('mozjs-102') -+ js_dep = dependency('mozjs-115') - - _system = host_machine.system().to_lower() - if _system.contains('freebsd') diff --git a/meta-oe/recipes-extended/polkit/polkit/0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch b/meta-oe/recipes-extended/polkit/polkit/0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch index 9a097274a4..4f008f7a97 100644 --- a/meta-oe/recipes-extended/polkit/polkit/0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch +++ b/meta-oe/recipes-extended/polkit/polkit/0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch @@ -1,4 +1,4 @@ -From 046d853818f18bac5df4dfc007151e06fd64a5b3 Mon Sep 17 00:00:00 2001 +From 95148a804be66092564f81306a02f625d5b8a5d0 Mon Sep 17 00:00:00 2001 From: Markus Volk Date: Sun, 17 Sep 2023 23:26:59 +0200 Subject: [PATCH] polkit.service.in: disable MemoryDenyWriteExecute @@ -16,11 +16,11 @@ Signed-off-by: Markus Volk 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/polkit.service.in b/data/polkit.service.in -index 2113ff7..42dfd90 100644 +index e6db351..4390cce 100644 --- a/data/polkit.service.in +++ b/data/polkit.service.in -@@ -14,7 +14,7 @@ Group=@polkitd_user@ - IPAddressDeny=any +@@ -12,7 +12,7 @@ ExecStart=@libprivdir@/polkitd --no-debug + User=@polkitd_user@ LimitMEMLOCK=0 LockPersonality=yes -MemoryDenyWriteExecute=yes @@ -28,6 +28,3 @@ index 2113ff7..42dfd90 100644 NoNewPrivileges=yes PrivateDevices=yes PrivateNetwork=yes --- -2.41.0 - diff --git a/meta-oe/recipes-extended/polkit/polkit_123.bb b/meta-oe/recipes-extended/polkit/polkit_123.bb deleted file mode 100644 index df9d25e9f4..0000000000 --- a/meta-oe/recipes-extended/polkit/polkit_123.bb +++ /dev/null @@ -1,54 +0,0 @@ -SUMMARY = "PolicyKit Authorization Framework" -DESCRIPTION = "The polkit package is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes." -HOMEPAGE = "http://www.freedesktop.org/wiki/Software/polkit" -LICENSE = "LGPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb" - -SRC_URI = "git://gitlab.freedesktop.org/polkit/polkit.git;protocol=https;branch=master \ - file://0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch \ - file://0001-jsauthority-Bump-mozjs-to-115.patch \ - " - -S = "${WORKDIR}/git" -SRCREV = "fc8b07e71d99f88a29258cde99b913b44da1846d" - -DEPENDS = "expat glib-2.0" - -inherit meson pkgconfig useradd systemd gettext gobject-introspection features_check - -REQUIRED_DISTRO_FEATURES = "polkit" - -PACKAGECONFIG = " \ - ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', 'consolekit', d)} \ - dbus \ - mozjs \ -" -PACKAGECONFIG[dbus] = ",,dbus" -PACKAGECONFIG[gtk-doc] = "-Dgtk_doc=true,-Dgtk_doc=false,gtk-doc-native" -PACKAGECONFIG[pam] = "-Dauthfw=pam,-Dauthfw=shadow,libpam,libpam" -PACKAGECONFIG[systemd] = "-Dsession_tracking=libsystemd-login,-Dsession_tracking=ConsoleKit,systemd" -PACKAGECONFIG[consolekit] = ",,,consolekit" - -# Default to mozjs javascript library -PACKAGECONFIG[mozjs] = "-Djs_engine=mozjs,,mozjs-115,,,duktape" -# duktape javascript engine is much smaller and faster but is not compatible with -# same javascript standards as mozjs. For example array.includes() function is not -# supported. Test rule compatibility when switching to duktape. -PACKAGECONFIG[duktape] = "-Djs_engine=duktape,,duktape,,,mozjs" - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 --shell /bin/nologin polkitd" - -SYSTEMD_SERVICE:${PN} = "${BPN}.service" -SYSTEMD_AUTO_ENABLE = "disable" - -do_install:append() { - #Fix up permissions on polkit rules.d to work with rpm4 constraints - chmod 700 ${D}/${datadir}/polkit-1/rules.d - chmod 700 ${D}/${sysconfdir}/polkit-1/rules.d - chown polkitd:root ${D}/${datadir}/polkit-1/rules.d - chown polkitd:root ${D}/${sysconfdir}/polkit-1/rules.d -} - -FILES:${PN} += "${libdir}/polkit-1 ${nonarch_libdir}/polkit-1 ${datadir}" diff --git a/meta-oe/recipes-extended/polkit/polkit_124.bb b/meta-oe/recipes-extended/polkit/polkit_124.bb new file mode 100644 index 0000000000..3eb0d52806 --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit_124.bb @@ -0,0 +1,61 @@ +SUMMARY = "PolicyKit Authorization Framework" +DESCRIPTION = "The polkit package is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes." +HOMEPAGE = "http://www.freedesktop.org/wiki/Software/polkit" +LICENSE = "LGPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb" + +SRC_URI = "git://gitlab.freedesktop.org/polkit/polkit.git;protocol=https;branch=master \ + file://0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch \ + " + +S = "${WORKDIR}/git" +SRCREV = "82f0924dc0eb23b9df68e88dbaf9e07c81940a5a" + +DEPENDS = "expat glib-2.0" + +inherit meson pkgconfig useradd systemd gettext gobject-introspection features_check + +REQUIRED_DISTRO_FEATURES = "polkit" + +PACKAGECONFIG = " \ + ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', 'consolekit', d)} \ + dbus \ + mozjs \ +" +PACKAGECONFIG[dbus] = ",,dbus" +PACKAGECONFIG[gtk-doc] = "-Dgtk_doc=true,-Dgtk_doc=false,gtk-doc-native" +PACKAGECONFIG[pam] = "-Dauthfw=pam,-Dauthfw=shadow,libpam,libpam" +PACKAGECONFIG[systemd] = "-Dsession_tracking=libsystemd-login,-Dsession_tracking=ConsoleKit,systemd" +PACKAGECONFIG[consolekit] = ",,,consolekit" + +# Default to mozjs javascript library +PACKAGECONFIG[mozjs] = "-Djs_engine=mozjs,,mozjs-115,,,duktape" +# duktape javascript engine is much smaller and faster but is not compatible with +# same javascript standards as mozjs. For example array.includes() function is not +# supported. Test rule compatibility when switching to duktape. +PACKAGECONFIG[duktape] = "-Djs_engine=duktape,,duktape,,,mozjs" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 --shell /bin/nologin polkitd" + +SYSTEMD_SERVICE:${PN} = "${BPN}.service" +SYSTEMD_AUTO_ENABLE = "disable" + +do_install:append() { + #Fix up permissions on polkit rules.d to work with rpm4 constraints + chmod 700 ${D}/${datadir}/polkit-1/rules.d + chmod 700 ${D}/${sysconfdir}/polkit-1/rules.d + chown polkitd:root ${D}/${datadir}/polkit-1/rules.d + chown polkitd:root ${D}/${sysconfdir}/polkit-1/rules.d +} + +FILES:${PN} += " \ + ${libdir}/pam.d/polkit-1 \ + ${libdir}/sysusers.d \ + ${libdir}/polkit-1 \ + ${nonarch_libdir}/pam.d/polkit-1 \ + ${nonarch_libdir}/sysusers.d \ + ${nonarch_libdir}/polkit-1 \ + ${datadir} \ +" -- cgit 1.2.3-korg