diff --git a/sysutils/policykit/Makefile b/sysutils/policykit/Makefile index 0e212e2c777..69aae416d13 100644 --- a/sysutils/policykit/Makefile +++ b/sysutils/policykit/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.4 2009/10/10 15:09:20 ajacoutot Exp $ +# $OpenBSD: Makefile,v 1.5 2009/10/15 21:51:54 ajacoutot Exp $ COMMENT= authorization framework @@ -13,20 +13,24 @@ SHARED_LIBS+= polkit-dbus 0.0 \ HOMEPAGE= http://www.freedesktop.org/wiki/Software/PolicyKit +MAINTAINER= Antoine Jacoutot + # GPLv2+ PERMIT_DISTFILES_CDROM= Yes PERMIT_DISTFILES_FTP= Yes PERMIT_PACKAGE_CDROM= Yes PERMIT_PACKAGE_FTP= Yes -WANTLIB= c +WANTLIB += c dbus-1 expat pcre pthread MASTER_SITES= http://hal.freedesktop.org/releases/ MODULES= textproc/intltool \ devel/gettext -BUILD_DEPENDS= ::textproc/gtk-doc +BUILD_DEPENDS= ::textproc/libxslt \ + ::textproc/docbook-xsl +LIB_DEPENDS= dbus-glib-1.>=4::x11/dbus-glib AUTOCONF_VERSION= 2.62 @@ -34,10 +38,11 @@ CONFIGURE_STYLE= autoconf CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \ LDFLAGS="-L${LOCALBASE}/lib" CONFIGURE_ARGS= ${CONFIGURE_SHARED} \ + --localstatedir=/var \ --with-polkit-user=_polkituser \ --with-polkit-group=_polkituser \ --enable-man-pages \ - --enable-gtk-doc \ + --enable-gtk-doc=no \ --with-authfw=bsdauth \ --with-os-type=openbsd \ --enable-man-pages \ diff --git a/sysutils/policykit/patches/patch-src_kit_kit-spawn_c b/sysutils/policykit/patches/patch-src_kit_kit-spawn_c new file mode 100644 index 00000000000..1a1853d258b --- /dev/null +++ b/sysutils/policykit/patches/patch-src_kit_kit-spawn_c @@ -0,0 +1,21 @@ +$OpenBSD: patch-src_kit_kit-spawn_c,v 1.1 2009/10/15 21:51:54 ajacoutot Exp $ + +From FreeBSD: +Fix a problem where waitpid() may return EINTR which causes the various +polkit helpers to report a failure. This fix allows dynamic polkit +policies to actually work (e.g. mounting fixed drives with proper +authorization). + +--- src/kit/kit-spawn.c.orig Fri May 30 23:24:44 2008 ++++ src/kit/kit-spawn.c Thu Oct 15 23:41:44 2009 +@@ -396,7 +396,10 @@ kit_spawn_sync (const char *working_directory, + } + } + ++again: + if (waitpid (pid, out_exit_status, 0) == -1) { ++ if (errno == EINTR) ++ goto again; + goto out; + } + pid = -1; diff --git a/sysutils/policykit/patches/patch-src_kit_kit-string_c b/sysutils/policykit/patches/patch-src_kit_kit-string_c new file mode 100644 index 00000000000..27f50e23991 --- /dev/null +++ b/sysutils/policykit/patches/patch-src_kit_kit-string_c @@ -0,0 +1,35 @@ +$OpenBSD: patch-src_kit_kit-string_c,v 1.1 2009/10/15 21:51:54 ajacoutot Exp $ + +From FreeBSD via pkgsrc: + +Fix a problem with PK's strndup() implementation assuming all strings +passed to it would be NUL-terminated. This is known to fix crashes with +polkit-gnome-authorization and clock-applet. + +--- src/kit/kit-string.c.orig Fri May 30 23:24:44 2008 ++++ src/kit/kit-string.c Thu Oct 15 21:02:06 2009 +@@ -123,13 +123,18 @@ static char + if ( !s ) + return NULL; + +- if ( strlen(s) > n ) +- nAvail = n + 1; +- else +- nAvail = strlen(s) + 1; +- p = malloc ( nAvail ); ++ if (memchr(s, '\0', n) != NULL) { ++ nAvail = strlen(s); ++ if ( nAvail > n ) ++ nAvail = n; ++ } else { ++ nAvail = n; ++ } ++ p = malloc ( nAvail + 1 ); ++ if (p == NULL) ++ return NULL; + memcpy ( p, s, nAvail ); +- p[nAvail - 1] = '\0'; ++ p[nAvail] = '\0'; + + return p; + } diff --git a/sysutils/policykit/patches/patch-src_polkit_Makefile_in b/sysutils/policykit/patches/patch-src_polkit_Makefile_in new file mode 100644 index 00000000000..68d8f842afa --- /dev/null +++ b/sysutils/policykit/patches/patch-src_polkit_Makefile_in @@ -0,0 +1,23 @@ +$OpenBSD: patch-src_polkit_Makefile_in,v 1.1 2009/10/15 21:51:54 ajacoutot Exp $ +--- src/polkit/Makefile.in.orig Thu Oct 15 22:41:24 2009 ++++ src/polkit/Makefile.in Thu Oct 15 22:42:07 2009 +@@ -807,19 +807,6 @@ clean-local : + # that location) + # + @POLKIT_AUTHDB_DEFAULT_TRUE@install-data-local: +-@POLKIT_AUTHDB_DEFAULT_TRUE@ mkdir -p $(DESTDIR)$(localstatedir)/lib/misc +-@POLKIT_AUTHDB_DEFAULT_TRUE@ touch $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload +-@POLKIT_AUTHDB_DEFAULT_TRUE@ -chown $(POLKIT_USER):$(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload +-@POLKIT_AUTHDB_DEFAULT_TRUE@ -chmod 664 $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload +-@POLKIT_AUTHDB_DEFAULT_TRUE@ mkdir -p $(DESTDIR)$(localstatedir)/lib/PolicyKit-public +-@POLKIT_AUTHDB_DEFAULT_TRUE@ mkdir -p $(DESTDIR)$(localstatedir)/lib/PolicyKit +-@POLKIT_AUTHDB_DEFAULT_TRUE@ mkdir -p $(DESTDIR)$(localstatedir)/run/PolicyKit +-@POLKIT_AUTHDB_DEFAULT_TRUE@ -chown $(POLKIT_USER) $(DESTDIR)$(localstatedir)/lib/PolicyKit-public +-@POLKIT_AUTHDB_DEFAULT_TRUE@ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/PolicyKit +-@POLKIT_AUTHDB_DEFAULT_TRUE@ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/run/PolicyKit +-@POLKIT_AUTHDB_DEFAULT_TRUE@ -chmod 755 $(DESTDIR)$(localstatedir)/lib/PolicyKit-public +-@POLKIT_AUTHDB_DEFAULT_TRUE@ -chmod 770 $(DESTDIR)$(localstatedir)/lib/PolicyKit +-@POLKIT_AUTHDB_DEFAULT_TRUE@ -chmod 770 $(DESTDIR)$(localstatedir)/run/PolicyKit + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. + .NOEXPORT: diff --git a/sysutils/policykit/patches/patch-src_polkit_polkit-sysdeps_c b/sysutils/policykit/patches/patch-src_polkit_polkit-sysdeps_c new file mode 100644 index 00000000000..a79d907ca43 --- /dev/null +++ b/sysutils/policykit/patches/patch-src_polkit_polkit-sysdeps_c @@ -0,0 +1,21 @@ +$OpenBSD: patch-src_polkit_polkit-sysdeps_c,v 1.1 2009/10/15 21:51:54 ajacoutot Exp $ +--- src/polkit/polkit-sysdeps.c.orig Fri May 30 23:24:44 2008 ++++ src/polkit/polkit-sysdeps.c Thu Oct 15 23:22:26 2009 +@@ -106,7 +106,7 @@ polkit_sysdeps_get_start_time_for_pid (pid_t pid) + } + start_time = (unsigned long long) (info.pr_start.tv_sec); + #else +-#ifdef __FreeBSD__ ++#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) + filename = kit_strdup_printf ("/proc/%d/status", pid); + #else + filename = kit_strdup_printf ("/proc/%d/stat", pid); +@@ -121,7 +121,7 @@ polkit_sysdeps_get_start_time_for_pid (pid_t pid) + goto out; + } + +-#ifdef __FreeBSD__ ++#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) + tokens = kit_strsplit (contents, ' ', &num_tokens); + if (tokens == NULL) + goto out; diff --git a/sysutils/policykit/pkg/MESSAGE b/sysutils/policykit/pkg/MESSAGE index b67acba962a..4b648b9be6c 100644 --- a/sysutils/policykit/pkg/MESSAGE +++ b/sysutils/policykit/pkg/MESSAGE @@ -1,5 +1,8 @@ -XXX - +For proper PolicyKit usage, add the following lines to rc.local(8): if [ -x "${PREFIX}/bin/polkit-auth ]; then - install -d -m 0770 -o _polkituser /var/run/PolicyKit + install -d -m 0770 -g _polkituser /var/run/PolicyKit fi + +While not mandatory, it is advised to use procfs with PolicyKit. Just +`mkdir /proc' and add the following lines to your fstab(5): +/proc /proc procfs ro 0 0 diff --git a/sysutils/policykit/pkg/PLIST b/sysutils/policykit/pkg/PLIST index de793d93ef6..fccfd0ad0cf 100644 --- a/sysutils/policykit/pkg/PLIST +++ b/sysutils/policykit/pkg/PLIST @@ -1,4 +1,4 @@ -@comment $OpenBSD: PLIST,v 1.3 2009/10/10 15:09:20 ajacoutot Exp $ +@comment $OpenBSD: PLIST,v 1.4 2009/10/15 21:51:55 ajacoutot Exp $ @newgroup _polkituser:639 @newuser _polkituser:639:_polkituser::PolicyKit User:/var/empty:/sbin/nologin %%SHARED%% @@ -42,25 +42,27 @@ lib/pkgconfig/polkit-dbus.pc lib/pkgconfig/polkit-grant.pc lib/pkgconfig/polkit.pc @mode 2755 +@owner root @group _polkituser @bin libexec/polkit-explicit-grant-helper @bin libexec/polkit-grant-helper @mode 4750 -@group @bin libexec/polkit-grant-helper-bsdauth @mode 2755 -@group _polkituser @bin libexec/polkit-read-auth-helper @mode 4755 +@group wheel @bin libexec/polkit-resolve-exe-helper @mode 2755 +@group _polkituser @bin libexec/polkit-revoke-helper @mode 4755 @owner _polkituser -@group +@group wheel @bin libexec/polkit-set-default-helper @mode @owner +@group @bin libexec/polkitd @man man/man1/polkit-action.1 @man man/man1/polkit-auth.1 @@ -89,73 +91,22 @@ share/examples/policykit/dbus-1/system.d/ share/examples/policykit/dbus-1/system.d/org.freedesktop.PolicyKit.conf @sample ${SYSCONFDIR}/dbus-1/system.d/org.freedesktop.PolicyKit.conf share/examples/policykit/profile.d/ +@sample ${SYSCONFDIR}/profile.d/ share/examples/policykit/profile.d/polkit-bash-completion.sh +@sample ${SYSCONFDIR}/profile.d/polkit-bash-completion.sh @sample /var/lib/ +@mode 0770 +@group _polkituser +@sample /var/lib/PolicyKit/ +@mode @owner _polkituser +@group @sample /var/lib/PolicyKit-public/ @owner -share/gtk-doc/ -share/gtk-doc/html/ -share/gtk-doc/html/polkit/ -share/gtk-doc/html/polkit/PolicyKit.8.html -share/gtk-doc/html/polkit/PolicyKit.conf.5.html -share/gtk-doc/html/polkit/beyond-defaults.html -share/gtk-doc/html/polkit/diagram-bus-model.png -share/gtk-doc/html/polkit/diagram-interaction.png -share/gtk-doc/html/polkit/home.png -share/gtk-doc/html/polkit/index.html -share/gtk-doc/html/polkit/index.sgml -share/gtk-doc/html/polkit/intro-define-problem.html -share/gtk-doc/html/polkit/introduction.html -share/gtk-doc/html/polkit/ix01.html -share/gtk-doc/html/polkit/ix02.html -share/gtk-doc/html/polkit/ix03.html -share/gtk-doc/html/polkit/ix04.html -share/gtk-doc/html/polkit/left.png -share/gtk-doc/html/polkit/license.html -share/gtk-doc/html/polkit/model-authentication-agent.html -share/gtk-doc/html/polkit/model-concepts.html -share/gtk-doc/html/polkit/model-theory-of-operation.html -share/gtk-doc/html/polkit/model.html -share/gtk-doc/html/polkit/polkit-action.1.html -share/gtk-doc/html/polkit/polkit-auth.1.html -share/gtk-doc/html/polkit/polkit-conf.html -share/gtk-doc/html/polkit/polkit-config-file-validate.1.html -share/gtk-doc/html/polkit/polkit-policy-file-validate.1.html -share/gtk-doc/html/polkit/polkit-polkit-action.html -share/gtk-doc/html/polkit/polkit-polkit-authorization-constraint.html -share/gtk-doc/html/polkit/polkit-polkit-authorization-db.html -share/gtk-doc/html/polkit/polkit-polkit-authorization.html -share/gtk-doc/html/polkit/polkit-polkit-caller.html -share/gtk-doc/html/polkit/polkit-polkit-config.html -share/gtk-doc/html/polkit/polkit-polkit-context.html -share/gtk-doc/html/polkit/polkit-polkit-dbus.html -share/gtk-doc/html/polkit/polkit-polkit-error.html -share/gtk-doc/html/polkit/polkit-polkit-grant.html -share/gtk-doc/html/polkit/polkit-polkit-policy-cache.html -share/gtk-doc/html/polkit/polkit-polkit-policy-default.html -share/gtk-doc/html/polkit/polkit-polkit-policy-file-entry.html -share/gtk-doc/html/polkit/polkit-polkit-policy-file.html -share/gtk-doc/html/polkit/polkit-polkit-result.html -share/gtk-doc/html/polkit/polkit-polkit-seat.html -share/gtk-doc/html/polkit/polkit-polkit-session.html -share/gtk-doc/html/polkit/polkit-polkit-simple.html -share/gtk-doc/html/polkit/polkit-polkit-sysdeps.html -share/gtk-doc/html/polkit/polkit-polkit-types.html -share/gtk-doc/html/polkit/polkit-spec-history.html -share/gtk-doc/html/polkit/polkit.devhelp -share/gtk-doc/html/polkit/polkit.devhelp2 -share/gtk-doc/html/polkit/ref-core.html -share/gtk-doc/html/polkit/ref-design.html -share/gtk-doc/html/polkit/right.png -share/gtk-doc/html/polkit/style.css -share/gtk-doc/html/polkit/tools-fileformats.html -share/gtk-doc/html/polkit/up.png -var/ -var/lib/ -var/lib/PolicyKit/ -var/lib/PolicyKit-public/ -var/lib/misc/ -var/lib/misc/PolicyKit.reload -var/run/ -var/run/PolicyKit/ +@sample /var/lib/misc/ +@mode 0664 +@owner _polkituser +@group _polkituser +@sample /var/lib/misc/PolicyKit.reload +@unexec-delete rm -rf /var/lib/PolicyKit +@unexec-delete rm -rf /var/lib/misc