From 297c7449b970528f6376bc462b8bd75fd114a170 Mon Sep 17 00:00:00 2001
From: ajacoutot <ajacoutot@openbsd.org>
Date: Mon, 5 Jul 2010 15:22:16 +0000
Subject: [PATCH] Add more comments to example files. Add a MESSAGE to explain
 how to disable polkit.

---
 sysutils/polkit/files/10-desktop-policy.pkla     | 12 ++++++++++++
 sysutils/polkit/files/60-desktop-policy.conf     |  8 ++++++++
 .../patch-src_nullbackend_50-nullbackend_conf    | 16 ++++++++++++++++
 ...atch-src_polkitbackend_50-localauthority_conf | 11 +++++++++++
 sysutils/polkit/pkg/MESSAGE                      |  6 ++++++
 5 files changed, 53 insertions(+)
 create mode 100644 sysutils/polkit/patches/patch-src_nullbackend_50-nullbackend_conf
 create mode 100644 sysutils/polkit/patches/patch-src_polkitbackend_50-localauthority_conf
 create mode 100644 sysutils/polkit/pkg/MESSAGE

diff --git a/sysutils/polkit/files/10-desktop-policy.pkla b/sysutils/polkit/files/10-desktop-policy.pkla
index 4b4a48ee2ff..3b649bcc2ff 100644
--- a/sysutils/polkit/files/10-desktop-policy.pkla
+++ b/sysutils/polkit/files/10-desktop-policy.pkla
@@ -1,3 +1,12 @@
+# Authorizations/policy for the wheel and users groups.
+#
+# See the pklocalauthority(8) man page for more information
+# about configuring the Local Authority.
+#
+
+# Allow "standard users" to do some things without being interrupted by
+# password dialogs
+#
 [Desktop User Permissions]
 Identity=unix-group:users
 Action=org.gnome.clockapplet.mechanism.settimezone
@@ -5,6 +14,9 @@ ResultAny=no
 ResultInactive=no
 ResultActive=yes
 
+# Allow "administrative users" to do a lot of things without being
+# interrupted by password dialogs
+#
 [Desktop Administrator Permissions]
 Identity=unix-group:wheel
 Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.devicekit.disks.*;org.freedesktop.RealtimeKit1.*
diff --git a/sysutils/polkit/files/60-desktop-policy.conf b/sysutils/polkit/files/60-desktop-policy.conf
index 197eb291e4c..51354b46496 100644
--- a/sysutils/polkit/files/60-desktop-policy.conf
+++ b/sysutils/polkit/files/60-desktop-policy.conf
@@ -1,2 +1,10 @@
+# This allows users in the wheel group to authenticate as the
+# administrator (already the default under OpenBSD as configured in
+# 50-localauthority.conf).
+#
+# See the pklocalauthority(8) man page for more information
+# about configuring the Local Authority.
+#
+
 [Configuration]
 AdminIdentities=unix-group:wheel
diff --git a/sysutils/polkit/patches/patch-src_nullbackend_50-nullbackend_conf b/sysutils/polkit/patches/patch-src_nullbackend_50-nullbackend_conf
new file mode 100644
index 00000000000..27d19a1f410
--- /dev/null
+++ b/sysutils/polkit/patches/patch-src_nullbackend_50-nullbackend_conf
@@ -0,0 +1,16 @@
+$OpenBSD: patch-src_nullbackend_50-nullbackend_conf,v 1.1 2010/07/05 15:22:16 ajacoutot Exp $
+--- src/nullbackend/50-nullbackend.conf.orig	Mon Jul  5 16:51:53 2010
++++ src/nullbackend/50-nullbackend.conf	Mon Jul  5 16:52:17 2010
+@@ -1,10 +1,10 @@
+ #
+ # Configuration file for the PolicyKit null backend.
+ #
+-# DO NOT EDIT THIS FILE, it will be overwritten on update.
++# DO NOT EDIT THIS FILE
+ #
+ # To change configuration, create another file in this directory with
+-# a filename that is sorted after the 50-nullback.conf and make
++# a filename that is sorted after the 50-nullbackend.conf and make
+ # sure it has the .conf extension.
+ #
+ # Only a single configuration item, Priority, is supported.
diff --git a/sysutils/polkit/patches/patch-src_polkitbackend_50-localauthority_conf b/sysutils/polkit/patches/patch-src_polkitbackend_50-localauthority_conf
new file mode 100644
index 00000000000..d4d029e4825
--- /dev/null
+++ b/sysutils/polkit/patches/patch-src_polkitbackend_50-localauthority_conf
@@ -0,0 +1,11 @@
+$OpenBSD: patch-src_polkitbackend_50-localauthority_conf,v 1.1 2010/07/05 15:22:16 ajacoutot Exp $
+--- src/polkitbackend/50-localauthority.conf.orig	Mon Jul  5 16:52:24 2010
++++ src/polkitbackend/50-localauthority.conf	Mon Jul  5 16:52:30 2010
+@@ -1,6 +1,6 @@
+ # Configuration file for the PolicyKit Local Authority.
+ #
+-# DO NOT EDIT THIS FILE, it will be overwritten on update.
++# DO NOT EDIT THIS FILE
+ #
+ # See the pklocalauthority(8) man page for more information
+ # about configuring the Local Authority.
diff --git a/sysutils/polkit/pkg/MESSAGE b/sysutils/polkit/pkg/MESSAGE
new file mode 100644
index 00000000000..6c74caa7468
--- /dev/null
+++ b/sysutils/polkit/pkg/MESSAGE
@@ -0,0 +1,6 @@
+polkitd(8) runs setuid(2) root. If you'd like to completely disable
+priviledges granting through the PolicyKit framework, create the file:
+    ${SYSCONFDIR}/polkit-1/nullbackend.conf.d/99-nullbackend.conf
+containing the following lines:
+[Configuration]
+Priority=99