PolicyKit: Branch 'add-rulesdir' - 6 commits

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Wed Oct 4 11:26:09 UTC 2023 

Rebased ref, commits from common ancestor:
commit 88ad34985ec9d964efce735dd9541d20b61b74d4
Author: Ray Strode <rstrode at redhat.com>
Date:   Fri Sep 29 23:16:12 2023 -0400

    data: Add rulesdir variable
    
    The polkit-gobject-1.pc file currently doesn't offer a variable where
    polkit rules can be installed.
    
    This commit fixes that.

diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in
index 5c4c620..8fff452 100644
--- a/data/polkit-gobject-1.pc.in
+++ b/data/polkit-gobject-1.pc.in
@@ -2,6 +2,7 @@ prefix=@prefix@
 exec_prefix=@exec_prefix@
 libdir=@libdir@
 includedir=@includedir@
+rulesdir=@datarootdir@/polkit-1/rules.d/
 policydir=@datarootdir@/polkit-1/actions/
 actiondir=@datarootdir@/polkit-1/actions/
 
commit b340f50b7bb963863ede7c63f9a0b5c50c80c1e1
Author: Xi Ruoyao <xry111 at xry111.site>
Date:   Mon Sep 18 01:53:04 2023 +0800

    jsauthority: Bump mozjs to 115
    
    No code change is needed!

diff --git a/meson.build b/meson.build
index f01e4e1..e86f87e 100644
--- a/meson.build
+++ b/meson.build
@@ -153,7 +153,7 @@ if js_engine == 'duktape'
   func = 'pthread_condattr_setclock'
   config_h.set('HAVE_' + func.to_upper(), cc.has_function(func, prefix : '#include <pthread.h>'))
 elif js_engine == 'mozjs'
-  js_dep = dependency('mozjs-102')
+  js_dep = dependency('mozjs-115')
 
   _system = host_machine.system().to_lower()
   if _system.contains('freebsd')
commit 6147915642e90a88af3412a6003bcdb36061a7c3
Author: Jan Rybar <jrybar at redhat.com>
Date:   Wed Oct 4 11:14:38 2023 +0000

    Unit hardening option is missing from intended original commit

diff --git a/data/polkit.service.in b/data/polkit.service.in
index 2113ff7..4b44a80 100644
--- a/data/polkit.service.in
+++ b/data/polkit.service.in
@@ -5,7 +5,7 @@ Documentation=man:polkit(8)
 [Service]
 Type=dbus
 BusName=org.freedesktop.PolicyKit1
-CapabilityBoundingSet=
+CapabilityBoundingSet=CAP_SETUID CAP_SETGID
 DeviceAllow=/dev/null rw
 DevicePolicy=strict
 ExecStart=@libprivdir@/polkitd --no-debug
commit 67dba0e852505f018b01ef7373352e9b5de23304
Author: Sam James <sam at gentoo.org>
Date:   Tue Oct 3 19:01:03 2023 +0000

    meson.build: only run HAVE_SETNETGRENT_RETURN check if setnetgrent found

diff --git a/meson.build b/meson.build
index 50d19c0..f01e4e1 100644
--- a/meson.build
+++ b/meson.build
@@ -177,19 +177,21 @@ config_h.set('HAVE_' + host_system.to_upper(), true)
 # Check whether setnetgrent has a return value
 config_h.set('HAVE_NETGROUP_H', cc.has_header('netgroup.h'))
 
-setnetgrent_return_src = '''
-  #include <stddef.h>
-  #ifdef HAVE_NETGROUP_H
-  #include <netgroup.h>
-  #else
-  #include <netdb.h>
-  #endif
-  int main() {
-      int r = setnetgrent (NULL);
-  };
-'''
+if config_h.get('HAVE_SETNETGRENT', false)
+  setnetgrent_return_src = '''
+    #include <stddef.h>
+    #ifdef HAVE_NETGROUP_H
+    #include <netgroup.h>
+    #else
+    #include <netdb.h>
+    #endif
+    int main() {
+        int r = setnetgrent (NULL);
+    };
+  '''
 
-config_h.set('HAVE_SETNETGRENT_RETURN', cc.compiles(setnetgrent_return_src, name: 'setnetgrent return support'))
+  config_h.set('HAVE_SETNETGRENT_RETURN', cc.compiles(setnetgrent_return_src, name: 'setnetgrent return support'))
+endif
 
 # Select wether to use libsystemd-login, libelogind or ConsoleKit for session tracking
 session_tracking = get_option('session_tracking')
commit 95c381977865d02d7fb955c540489daab394dd0f
Author: Jan Rybar <jrybar at redhat.com>
Date:   Tue Oct 3 18:53:38 2023 +0000

    New file introduced in Fedora downstream broke Packit CI

diff --git a/.packit.yaml b/.packit.yaml
index 7d33565..d5de98a 100644
--- a/.packit.yaml
+++ b/.packit.yaml
@@ -20,6 +20,7 @@ srpm_build_deps:
 actions:
   post-upstream-clone:
     - "wget https://src.fedoraproject.org/rpms/polkit/raw/rawhide/f/polkit.spec -O polkit.spec"
+    - "wget https://src.fedoraproject.org/rpms/polkit/raw/rawhide/f/polkit.sysusers -O polkit.sysusers"
     - "sed -ri '/^Patch[0-9]+/d' polkit.spec"
 
 jobs:
commit 89b7a37b91210ac054645c617d150a0d4906a84e
Author: Jan Rybar <jrybar at redhat.com>
Date:   Tue Oct 3 16:30:07 2023 +0000

    user_of_subject is NULL if DBus provides groups

diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c
index b5eea39..c40b907 100644
--- a/src/polkitbackend/polkitbackendduktapeauthority.c
+++ b/src/polkitbackend/polkitbackendduktapeauthority.c
@@ -420,6 +420,17 @@ push_subject (duk_context               *cx,
   groups = g_ptr_array_new_with_free_func (g_free);
   gids_from_dbus = polkit_unix_process_get_gids (POLKIT_UNIX_PROCESS (process));
 
+passwd = getpwuid (uid);
+if (passwd == NULL)
+  {
+    user_name = g_strdup_printf ("%d", (gint) uid);
+    g_warning ("Error looking up info for uid %d: %m", (gint) uid);
+  }
+else
+  {
+    user_name = g_strdup (passwd->pw_name);
+  }
+
   /* D-Bus will give us supplementary groups too, so prefer that to looking up
    * the group from the uid. */
   if (gids_from_dbus && gids_from_dbus->len > 0)
@@ -441,19 +452,11 @@ push_subject (duk_context               *cx,
     }
   else
     {
-      passwd = getpwuid (uid);
-      if (passwd == NULL)
-        {
-          user_name = g_strdup_printf ("%d", (gint) uid);
-          g_warning ("Error looking up info for uid %d: %m", (gint) uid);
-        }
-      else
+      if (passwd != NULL)
         {
           gid_t gids[512];
           int num_gids = 512;
 
-          user_name = g_strdup (passwd->pw_name);
-
           if (getgrouplist (passwd->pw_name,
                             passwd->pw_gid,
                             gids,

More information about the hal-commit mailing list