polkit: switch back to mozjs but leave duktape as PACKAGECONFIG option

https://bugzilla.yoctoproject.org/show_bug.cgi?id=14829 reports that duktape isn't fully compatible with mozjs as the supported javascript features are different. duktape supports ECMAScript standard version 5 while mozjs supports a lot more. See https://kangax.github.io/compat-table/es5/ for the differences. Thus the change from mozjs to duktape may break some rules which rely on javascript features which duktape doesn't support, for example array.includes() function, https://kangax.github.io/compat-table/es6/ https://262.ecma-international.org/7.0/#sec-array.prototype.includes For many embedded systems which care about fast boot times and smaller rootfs using duktape is recommended but rules must be written in reduced set of ECMA script language features. For array.includes() one alternative is "array.indexOf(search) >= 0". [YOCTO #14829] Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Mikko Rapeli <mikko.rapeli@bmw.de> 2022-06-13 09:12:05 +0300
committer: Khem Raj <raj.khem@gmail.com> 2022-06-30 13:39:27 -0400
commit: 461ceffc48e28dc8f04b8a982b3a4a2db22b718b (patch)
tree: 9771a7d2e08a2348660c68de0979b450e05d39a2
parent: 783c13097674b3518039cb76651aa34bf00cf701 (diff)
download: meta-openembedded-461ceffc48e28dc8f04b8a982b3a4a2db22b718b.tar.gz
3 files changed, 117 insertions, 3 deletions
diff --git a/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch b/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch
new file mode 100644
index 0000000000..5b3660da2f
--- /dev/null
+++ b/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch
@@ -0,0 +1,38 @@
+From 4ce27b66bb07b72cb96d3d43a75108a5a6e7e156 Mon Sep 17 00:00:00 2001
+From: Xi Ruoyao <xry111@mengyan1223.wang>
+Date: Tue, 10 Aug 2021 19:09:42 +0800
+Subject: [PATCH] jsauthority: port to mozjs-91
+Upstream-Status: Submitted [https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/92]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ configure.ac | 2 +-
+ meson.build  | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+diff --git a/configure.ac b/configure.ac
+index d807086..5a7fc11 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+ 
+-PKG_CHECK_MODULES(LIBJS, [mozjs-78])
+PKG_CHECK_MODULES(LIBJS, [mozjs-91])
+ 
+ AC_SUBST(LIBJS_CFLAGS)
+ AC_SUBST(LIBJS_CXXFLAGS)
+diff --git a/meson.build b/meson.build
+index b3702be..733bbff 100644
+--- a/meson.build
+++ b/meson.build
+@@ -126,7 +126,7 @@ expat_dep = dependency('expat')
+ assert(cc.has_header('expat.h', dependencies: expat_dep), 'Can\'t find expat.h. Please install expat.')
+ assert(cc.has_function('XML_ParserCreate', dependencies: expat_dep), 'Can\'t find expat library. Please install expat.')
+ 
+-mozjs_dep = dependency('mozjs-78')
+mozjs_dep = dependency('mozjs-91')
+ 
+ dbus_dep = dependency('dbus-1')
+ dbus_confdir = dbus_dep.get_pkgconfig_variable('datadir', define_variable: ['datadir', pk_prefix / pk_datadir])   #changed from sysconfdir with respect to commit#8eada3836465838
diff --git a/meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch b/meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch
new file mode 100644
index 0000000000..9e9755e44f
--- /dev/null
+++ b/meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch
@@ -0,0 +1,63 @@
+From 7799441b9aa55324160deefbc65f9d918b8c94c1 Mon Sep 17 00:00:00 2001
+From: Xi Ruoyao <xry111@mengyan1223.wang>
+Date: Tue, 10 Aug 2021 18:52:56 +0800
+Subject: [PATCH] jsauthority: ensure to call JS_Init() and JS_ShutDown()
+ exactly once
+Before this commit, we were calling JS_Init() in
+polkit_backend_js_authority_class_init and never called JS_ShutDown.
+This is actually a misusage of SpiderMonkey API.  Quote from a comment
+in js/Initialization.h (both mozjs-78 and mozjs-91):
+    It is currently not possible to initialize SpiderMonkey multiple
+    times (that is, calling JS_Init/JSAPI methods/JS_ShutDown in that
+    order, then doing so again).
+This misusage does not cause severe issues with mozjs-78.  However, when
+we eventually port jsauthority to use mozjs-91, bad thing will happen:
+see the test failure mentioned in #150.
+This commit is tested with both mozjs-78 and mozjs-91, all tests pass
+with it.
+Upstream-Status: Submitted [https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/91]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ src/polkitbackend/polkitbackendjsauthority.cpp | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
+index 41d8d5c..38dc001 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -75,6 +75,13 @@
+ 
+ /* ---------------------------------------------------------------------------------------------------- */
+ 
+static class JsInitHelperType
+{
+public:
+       JsInitHelperType() { JS_Init(); }
+       ~JsInitHelperType() { JS_ShutDown(); }
+} JsInitHelper;
+
+ struct _PolkitBackendJsAuthorityPrivate
+ {
+   gchar **rules_dirs;
+@@ -589,7 +596,6 @@ polkit_backend_js_authority_finalize (GObject *object)
+   delete authority->priv->js_polkit;
+ 
+   JS_DestroyContext (authority->priv->cx);
+-  /* JS_ShutDown (); */
+ 
+   G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->finalize (object);
+ }
+@@ -665,8 +671,6 @@ polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass)
+ 
+ 
+   g_type_class_add_private (klass, sizeof (PolkitBackendJsAuthorityPrivate));
+-
+-  JS_Init ();
+ }
+ 
+ /* ---------------------------------------------------------------------------------------------------- */
diff --git a/meta-oe/recipes-extended/polkit/polkit_0.119.bb b/meta-oe/recipes-extended/polkit/polkit_0.119.bb
index 66bbf735f0..bf160053d9 100644
--- a/meta-oe/recipes-extended/polkit/polkit_0.119.bb
+++ b/meta-oe/recipes-extended/polkit/polkit_0.119.bb
@@ -5,7 +5,7 @@ LICENSE = "LGPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
                    file://src/polkit/polkit.h;beginline=1;endline=20;md5=0a8630b0133176d0504c87a0ded39db4"
-DEPENDS = "expat glib-2.0 intltool-native duktape"
+DEPENDS = "expat glib-2.0 intltool-native"
 inherit autotools gtk-doc pkgconfig useradd systemd gobject-introspection features_check
@@ -14,6 +14,7 @@ REQUIRED_DISTRO_FEATURES = "polkit"
 PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
                 ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', \
                    bb.utils.contains('DISTRO_FEATURES', 'x11', 'consolekit', '', d), d)} \
+                 mozjs \
                "
 PACKAGECONFIG[pam] = "--with-authfw=pam,--with-authfw=shadow,libpam,libpam"
@@ -21,20 +22,32 @@ PACKAGECONFIG[systemd] = "--enable-libsystemd-login=yes --with-systemdsystemunit
 # there is no --enable/--disable option for consolekit and it's not picked by shlibs, so add it to RDEPENDS
 PACKAGECONFIG[consolekit] = ",,,consolekit"
+# Default to mozjs javascript library
+PACKAGECONFIG[mozjs] = ",,mozjs-91,,,duktape"
+# duktape javascript engine is much smaller and faster but is not compatible with
+# same javascript standards as mozjs. For example array.includes() function is not
+# supported. Test rule compatibility when switching to duktape.
+PACKAGECONFIG[duktape] = "--with-duktape,,duktape,,,mozjs"
+MOZJS_PATCHES = "\
+    file://0002-jsauthority-port-to-mozjs-91.patch \
+    file://0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch \
+"
+DUKTAPE_PATCHES = "file://0003-Added-support-for-duktape-as-JS-engine.patch"
 PAM_SRC_URI = "file://polkit-1_pam.patch"
 SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \
           ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+           ${@bb.utils.contains('PACKAGECONFIG', 'mozjs', '${MOZJS_PATCHES}', '', d)} \
+           ${@bb.utils.contains('PACKAGECONFIG', 'duktape', '${DUKTAPE_PATCHES}', '', d)} \
           file://0003-make-netgroup-support-optional.patch \
           file://0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch \
           file://0002-CVE-2021-4115-GHSL-2021-077-fix.patch \
-           file://0003-Added-support-for-duktape-as-JS-engine.patch \
           "
 SRC_URI[sha256sum] = "c8579fdb86e94295404211285fee0722ad04893f0213e571bd75c00972fd1f5c"
 EXTRA_OECONF = "--with-os-type=moblin \
                --disable-man-pages \
                --disable-libelogind \
-                --with-duktape \
               "
 do_configure:prepend () {
author	Mikko Rapeli <mikko.rapeli@bmw.de>	2022-06-13 09:12:05 +0300
committer	Khem Raj <raj.khem@gmail.com>	2022-06-30 13:39:27 -0400
commit	461ceffc48e28dc8f04b8a982b3a4a2db22b718b (patch)
tree	9771a7d2e08a2348660c68de0979b450e05d39a2
parent	783c13097674b3518039cb76651aa34bf00cf701 (diff)
download	meta-openembedded-461ceffc48e28dc8f04b8a982b3a4a2db22b718b.tar.gz

diff --git a/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch b/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch new file mode 100644 index 0000000000..5b3660da2f --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch
@@ -0,0 +1,38 @@
		1	From 4ce27b66bb07b72cb96d3d43a75108a5a6e7e156 Mon Sep 17 00:00:00 2001
		2	From: Xi Ruoyao <xry111@mengyan1223.wang>
		3	Date: Tue, 10 Aug 2021 19:09:42 +0800
		4	Subject: [PATCH] jsauthority: port to mozjs-91
		5
		6	Upstream-Status: Submitted [https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/92]
		7	Signed-off-by: Alexander Kanavin <alex@linutronix.de>
		8	---
		9	configure.ac \| 2 +-
		10	meson.build \| 2 +-
		11	2 files changed, 2 insertions(+), 2 deletions(-)
		12
		13	diff --git a/configure.ac b/configure.ac
		14	index d807086..5a7fc11 100644
		15	--- a/configure.ac
		16	+++ b/configure.ac
		17	@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
		18	AC_SUBST(GLIB_CFLAGS)
		19	AC_SUBST(GLIB_LIBS)
		20
		21	-PKG_CHECK_MODULES(LIBJS, [mozjs-78])
		22	+PKG_CHECK_MODULES(LIBJS, [mozjs-91])
		23
		24	AC_SUBST(LIBJS_CFLAGS)
		25	AC_SUBST(LIBJS_CXXFLAGS)
		26	diff --git a/meson.build b/meson.build
		27	index b3702be..733bbff 100644
		28	--- a/meson.build
		29	+++ b/meson.build
		30	@@ -126,7 +126,7 @@ expat_dep = dependency('expat')
		31	assert(cc.has_header('expat.h', dependencies: expat_dep), 'Can\'t find expat.h. Please install expat.')
		32	assert(cc.has_function('XML_ParserCreate', dependencies: expat_dep), 'Can\'t find expat library. Please install expat.')
		33
		34	-mozjs_dep = dependency('mozjs-78')
		35	+mozjs_dep = dependency('mozjs-91')
		36
		37	dbus_dep = dependency('dbus-1')
		38	dbus_confdir = dbus_dep.get_pkgconfig_variable('datadir', define_variable: ['datadir', pk_prefix / pk_datadir]) #changed from sysconfdir with respect to commit#8eada3836465838


diff --git a/meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch b/meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch new file mode 100644 index 0000000000..9e9755e44f --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch
@@ -0,0 +1,63 @@
		1	From 7799441b9aa55324160deefbc65f9d918b8c94c1 Mon Sep 17 00:00:00 2001
		2	From: Xi Ruoyao <xry111@mengyan1223.wang>
		3	Date: Tue, 10 Aug 2021 18:52:56 +0800
		4	Subject: [PATCH] jsauthority: ensure to call JS_Init() and JS_ShutDown()
		5	exactly once
		6
		7	Before this commit, we were calling JS_Init() in
		8	polkit_backend_js_authority_class_init and never called JS_ShutDown.
		9	This is actually a misusage of SpiderMonkey API. Quote from a comment
		10	in js/Initialization.h (both mozjs-78 and mozjs-91):
		11
		12	It is currently not possible to initialize SpiderMonkey multiple
		13	times (that is, calling JS_Init/JSAPI methods/JS_ShutDown in that
		14	order, then doing so again).
		15
		16	This misusage does not cause severe issues with mozjs-78. However, when
		17	we eventually port jsauthority to use mozjs-91, bad thing will happen:
		18	see the test failure mentioned in #150.
		19
		20	This commit is tested with both mozjs-78 and mozjs-91, all tests pass
		21	with it.
		22
		23	Upstream-Status: Submitted [https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/91]
		24	Signed-off-by: Alexander Kanavin <alex@linutronix.de>
		25	---
		26	src/polkitbackend/polkitbackendjsauthority.cpp \| 10 +++++++---
		27	1 file changed, 7 insertions(+), 3 deletions(-)
		28
		29	diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
		30	index 41d8d5c..38dc001 100644
		31	--- a/src/polkitbackend/polkitbackendjsauthority.cpp
		32	+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
		33	@@ -75,6 +75,13 @@
		34
		35	/* ---------------------------------------------------------------------------------------------------- */
		36
		37	+static class JsInitHelperType
		38	+{
		39	+public:
		40	+ JsInitHelperType() { JS_Init(); }
		41	+ ~JsInitHelperType() { JS_ShutDown(); }
		42	+} JsInitHelper;
		43	+
		44	struct _PolkitBackendJsAuthorityPrivate
		45	{
		46	gchar **rules_dirs;
		47	@@ -589,7 +596,6 @@ polkit_backend_js_authority_finalize (GObject *object)
		48	delete authority->priv->js_polkit;
		49
		50	JS_DestroyContext (authority->priv->cx);
		51	- /* JS_ShutDown (); */
		52
		53	G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->finalize (object);
		54	}
		55	@@ -665,8 +671,6 @@ polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass)
		56
		57
		58	g_type_class_add_private (klass, sizeof (PolkitBackendJsAuthorityPrivate));
		59	-
		60	- JS_Init ();
		61	}
		62
		63	/* ---------------------------------------------------------------------------------------------------- */


diff --git a/meta-oe/recipes-extended/polkit/polkit_0.119.bb b/meta-oe/recipes-extended/polkit/polkit_0.119.bb index 66bbf735f0..bf160053d9 100644 --- a/meta-oe/recipes-extended/polkit/polkit_0.119.bb +++ b/meta-oe/recipes-extended/polkit/polkit_0.119.bb
@@ -5,7 +5,7 @@ LICENSE = "LGPL-2.0-or-later"
5	LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \	5	LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
6	file://src/polkit/polkit.h;beginline=1;endline=20;md5=0a8630b0133176d0504c87a0ded39db4"	6	file://src/polkit/polkit.h;beginline=1;endline=20;md5=0a8630b0133176d0504c87a0ded39db4"
7		7
8	DEPENDS = "expat glib-2.0 intltool-native duktape"	8	DEPENDS = "expat glib-2.0 intltool-native"
9		9
10	inherit autotools gtk-doc pkgconfig useradd systemd gobject-introspection features_check	10	inherit autotools gtk-doc pkgconfig useradd systemd gobject-introspection features_check
11		11
@@ -14,6 +14,7 @@ REQUIRED_DISTRO_FEATURES = "polkit"
14	PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \	14	PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
15	${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', \	15	${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', \
16	bb.utils.contains('DISTRO_FEATURES', 'x11', 'consolekit', '', d), d)} \	16	bb.utils.contains('DISTRO_FEATURES', 'x11', 'consolekit', '', d), d)} \
		17	mozjs \
17	"	18	"
18		19
19	PACKAGECONFIG[pam] = "--with-authfw=pam,--with-authfw=shadow,libpam,libpam"	20	PACKAGECONFIG[pam] = "--with-authfw=pam,--with-authfw=shadow,libpam,libpam"
@@ -21,20 +22,32 @@ PACKAGECONFIG[systemd] = "--enable-libsystemd-login=yes --with-systemdsystemunit
21	# there is no --enable/--disable option for consolekit and it's not picked by shlibs, so add it to RDEPENDS	22	# there is no --enable/--disable option for consolekit and it's not picked by shlibs, so add it to RDEPENDS
22	PACKAGECONFIG[consolekit] = ",,,consolekit"	23	PACKAGECONFIG[consolekit] = ",,,consolekit"
23		24
		25	# Default to mozjs javascript library
		26	PACKAGECONFIG[mozjs] = ",,mozjs-91,,,duktape"
		27	# duktape javascript engine is much smaller and faster but is not compatible with
		28	# same javascript standards as mozjs. For example array.includes() function is not
		29	# supported. Test rule compatibility when switching to duktape.
		30	PACKAGECONFIG[duktape] = "--with-duktape,,duktape,,,mozjs"
		31
		32	MOZJS_PATCHES = "\
		33	file://0002-jsauthority-port-to-mozjs-91.patch \
		34	file://0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch \
		35	"
		36	DUKTAPE_PATCHES = "file://0003-Added-support-for-duktape-as-JS-engine.patch"
24	PAM_SRC_URI = "file://polkit-1_pam.patch"	37	PAM_SRC_URI = "file://polkit-1_pam.patch"
25	SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \	38	SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \
26	${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \	39	${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
		40	${@bb.utils.contains('PACKAGECONFIG', 'mozjs', '${MOZJS_PATCHES}', '', d)} \
		41	${@bb.utils.contains('PACKAGECONFIG', 'duktape', '${DUKTAPE_PATCHES}', '', d)} \
27	file://0003-make-netgroup-support-optional.patch \	42	file://0003-make-netgroup-support-optional.patch \
28	file://0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch \	43	file://0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch \
29	file://0002-CVE-2021-4115-GHSL-2021-077-fix.patch \	44	file://0002-CVE-2021-4115-GHSL-2021-077-fix.patch \
30	file://0003-Added-support-for-duktape-as-JS-engine.patch \
31	"	45	"
32	SRC_URI[sha256sum] = "c8579fdb86e94295404211285fee0722ad04893f0213e571bd75c00972fd1f5c"	46	SRC_URI[sha256sum] = "c8579fdb86e94295404211285fee0722ad04893f0213e571bd75c00972fd1f5c"
33		47
34	EXTRA_OECONF = "--with-os-type=moblin \	48	EXTRA_OECONF = "--with-os-type=moblin \
35	--disable-man-pages \	49	--disable-man-pages \
36	--disable-libelogind \	50	--disable-libelogind \
37	--with-duktape \
38	"	51	"
39		52
40	do_configure:prepend () {	53	do_configure:prepend () {