summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-extended/polkit
Commit message (Collapse)AuthorAgeFilesLines
* polkit: upgrade 122 -> 123Markus Volk2023-09-182-2/+38
| | | | | | | | | | | | | | | | | | | | | - Add a patch to disable an offensive hardening option that causes polkit to segfault - better safety with deeper resctiction of the configuration files - better safety with restricting the daemon's owner under systemd - better safety with the systemd unit sandboxing - less thread races during upload of the configuration - glib, gobject, gio >= 2.32 - mozjs-102 OR duktape - gobject-introspection >= 0.6.2 (optional) - pam (optional) - ConsoleKit OR systemd - gettext - meson Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: update SRC_URIMarkus Volk2023-04-241-1/+1
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: Fix multilib buildsLei Maohui2022-12-081-1/+1
| | | | | | | | | | | | | | Recover ${nonarch_libdir}/${BPN}-1 into FILES:${PN} to fix install do_package error when multilib is enabled. Fixes ERROR: polkit-122-r0 do_package: QA Issue: polkit: Files/directories were installed but not shipped in any package: /usr/lib/polkit-1/polkit-agent-helper-1 /usr/lib/polkit-1/polkitd Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. polkit: 2 installed and not shipped files. [installed-vs-shipped] Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: add recipe for v122Markus Volk2022-11-281-0/+49
| | | | | | | autotools buildsystem has been dropped Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: refresh patchChen Qi2022-09-271-15/+15
| | | | | | | Refresh patch to avoid QA issue about patch fuzz. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: refresh patch to fix warningSergio Prado2022-09-051-15/+15
| | | | | | | | | | | | | | | | | | | | | | | Fix the following warning: WARNING: polkit-0.119-r0 do_patch: Fuzz detected: Applying patch 0004-Make-netgroup-support-optional.patch patching file configure.ac Hunk #1 succeeded at 117 with fuzz 2 (offset 17 lines). patching file meson.build patching file src/polkit/polkitidentity.c patching file src/polkit/polkitunixnetgroup.c patching file src/polkitbackend/polkitbackendinteractiveauthority.c patching file src/polkitbackend/polkitbackendjsauthority.cpp Hunk #1 succeeded at 1291 (offset -233 lines). Hunk #2 succeeded at 1306 (offset -233 lines). patching file test/polkit/polkitidentitytest.c patching file test/polkit/polkitunixnetgrouptest.c patching file test/polkitbackend/test-polkitbackendjsauthority.c Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: update patches for musl compilationMarta Rybczynska2022-07-294-63/+98
| | | | | | | | | | | | | | | | | | | | Update the patch to make netgroup support optional to fit the commit merged upstream [1], update the other patch depending on one of the changes. Without this update, a compilation using duktape with musl fails with: | ../../../polkit-0.119/src/polkitbackend/polkitbackendduktapeauthority.c: In function 'js_polkit_user_is_in_netgroup': | ../../../polkit-0.119/src/polkitbackend/polkitbackendduktapeauthority.c:1039:7: warning: implicit declaration of function 'innetgr' [-Wimplicit-function-declaration] | 1039 | if (innetgr (netgroup, | | ^~~~~~~ The main patch has been split in two, to apply the duktape part only when duktape is applied. [1] https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66 Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: Add --shell /bin/nologin to polkitd userAkash Hadke2022-07-281-1/+1
| | | | | | | | polkitd user has default access to /bin/sh, add --shell /bin/nologin to remove default access to /bin/sh and avoid login through it. Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit-group-rule-udisks2: fix override syntax in RDEPENDSYi Zhao2022-06-301-1/+1
| | | | | | | RDEPENDS_${PN} -> RDEPENDS:${PN} Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: switch back to mozjs but leave duktape as PACKAGECONFIG optionMikko Rapeli2022-06-303-3/+117
| | | | | | | | | | | | | | | | | | | | | | | https://bugzilla.yoctoproject.org/show_bug.cgi?id=14829 reports that duktape isn't fully compatible with mozjs as the supported javascript features are different. duktape supports ECMAScript standard version 5 while mozjs supports a lot more. See https://kangax.github.io/compat-table/es5/ for the differences. Thus the change from mozjs to duktape may break some rules which rely on javascript features which duktape doesn't support, for example array.includes() function, https://kangax.github.io/compat-table/es6/ https://262.ecma-international.org/7.0/#sec-array.prototype.includes For many embedded systems which care about fast boot times and smaller rootfs using duktape is recommended but rules must be written in reduced set of ECMA script language features. For array.includes() one alternative is "array.indexOf(search) >= 0". [YOCTO #14829] Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: add udisks2 ruleVyacheslav Yurkov2022-05-122-0/+41
| | | | | | | | The rule allows non-priviledged users from plugdev group to mount/unmount block devices Signed-off-by: Vyacheslav Yurkov <v.yurkov@precitec.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: switch from mozjs to duktape javascript engineMikko Rapeli2022-03-254-104/+3466
| | | | | | | | | | | | | cherry-pick the change from polkit 0.120+ upstream since it applies directly to 0.119. Drop mozjs patches. Removes mozjs and its dependency nspr from images. They account for roughly 21 Mb on 64bit ARM machines. The replacement libduktape is roughly 300 kb in size. Thus this saves at least 20 Mb in rootfs size when polkit is used. Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: add patches for CVE-2021-4034 and CVE-2021-4115Mikko Rapeli2022-03-253-0/+174
| | | | | | | They were available in polkit master branch and cherry-pick to 0.119 version works so pick the patches. Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
* polkit: Fix build with libtool 2.4.7Scott Murray2022-03-251-0/+4
| | | | | | | | | | | | | | Delete old m4 macros, so autoreconf can repopulate it. Fixes libtool: Version mismatch error. This is libtool 2.4.7, but the libtool: definition of this LT_INIT comes from libtool 2.4.6. libtool: You should recreate aclocal.m4 with macros from libtool 2.4.7 libtool: and run autoconf again. Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Update LICENSE variable to use SPDX license identifiersKhem Raj2022-03-041-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: Adjust to mozjs-91 in DEPENDSAndreas Müller2021-11-031-1/+1
| | | | | Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: update 0.116 -> 0.119Alexander Kanavin2021-10-145-52/+138
| | | | | | | | Sadly, the move to duktape has not yet happend, but it is on the way, and meanwhile we can use modern mozjs at least. Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: add the CVE tagMingli Yu2021-09-081-0/+2
| | | | | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: fix CVE-2021-3560Mingli Yu2021-08-202-0/+32
| | | | | | | | | Backport a patch [1] to fix CVE-2021-3560. [1] https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Convert to new override syntaxMartin Jansa2021-08-034-9/+9
| | | | | | | | | | This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* recipes: rename distro_features_check to features_checkDenys Dmytriyenko2019-11-212-2/+2
| | | | | | | Avoid warning due to the class rename in OE-Core. Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit-group-rules: Fix error in do_rootfs for rpm package-managerAndreas Müller2019-10-091-1/+1
| | | | | | | | | | | | | | | | * An issue in meta-mortsgna was reported. Discussion is found at [1] * We do similar in meta-gnome's gvfs for same reason [2] * This is a bugfix which should apply and work for many release-branches Fixes: | Error: Transaction check error: | file /etc/polkit-1/rules.d conflicts between attempted installs of polkit-group-rule-datetime-1.0-r0.cortexa7t2hf_neon_vfpv4 and polkit-0.115-r0.cortexa7t2hf_neon_vfpv4 [1] https://github.com/schnitzeltony/meta-mortsgna/issues/11 [2] https://github.com/openembedded/meta-openembedded/blob/fd1a0c9210b162ccb147e933984c755d32899efc/meta-gnome/recipes-gnome/gvfs/gvfs_1.41.2.bb#L72 Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: Upgrade to 0.116Khem Raj2019-05-294-283/+235
| | | | | | | Make netgroup support optional so it can be disabled on musl Drop backported patch 0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: fix CVE-2019-6133Qi.Chen@windriver.com2019-05-212-3/+190
| | | | | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: add REQUIRED_DISTRO_FEATURES for polkitNicolas Dechesne2019-02-221-0/+3
| | | | | | | | | | | | | | | | After below commits to add polkit as a required distro feature: 97a1a55 polkit: add polkit as a required distro feature c049e02 polkit: inherit distro_features_check All recipes that includes polkit-group-rule.inc will fail to parse when polkit is not in DISTRO_FEATURE, especially 'world'. e.g. ERROR: Required build target 'meta-world-pkgdata' has no buildable providers. Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'udisks', 'polkit'] Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: inherit distro_features_checkStefan Agner2019-01-281-1/+1
| | | | | | | | | Make the recently added REQUIRED_DISTRO_FEATURES effective by inheriting distro_features_check. Fixes: 97a1a55f4755 ("polkit: add polkit as a required distro feature") Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: add polkit as a required distro featureStefan Agner2019-01-201-0/+2
| | | | | | | | | | Make sure polkit is in DISTRO_FEATURERS if this package is being installed. This will make sure that people who do use polkit in their image also do enabled the recently introduced distro feature polkit in their distro. Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: 0.113 -> 0.115Hongxu Jia2018-07-163-41/+43
| | | | | | | | | | | | - Rebase patches to 0.115 0001-make-netgroup-support-configurable.patch polkit-1_pam.patch - Add --disable-libelogind which OE does not have recipe libelogind Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit-gnome: removeAndreas Müller2018-04-132-40/+0
| | | | | | | | | * last release was 2011 * it fails on autobuilder * nothing uses it Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* polkit-gnome: only include when x11 in DISTRO_FEATURESArmin Kuster2018-03-121-1/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* polkit: add consolekit only when x11 is enabledJackie Huang2017-11-191-1/+3
| | | | | | | | | consolekit depends on virtual/libx11 then it requires x11 distro feature, so add consolekit option only when x11 is in DISTRO_FEATURES. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: fix invalid license fileJackie Huang2017-09-182-2/+2
| | | | | | | | | | | | Use '${COMMON_LICENSE_DIR}/MIT' for MIT License to fix the warning: | WARNING: packagegroup-xfce-base-1.0-r5 do_populate_lic: ${COREBASE}/LICENSE is not a valid license file, please use '${COMMON_LICENSE_DIR}/MIT' for a MIT License file in LIC_FILES_CHKSUM. This will become an error in the future Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit-group-rule.inc: Fix comment typo "polkid" -> "polkitd"Robert P. J. Day2017-03-311-1/+1
| | | | | Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-071-2/+2
| | | | | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* meta-oe: fix indentationMartin Jansa2016-08-221-3/+3
| | | | | | | | * remove tabs which sneaked in since last cleanup * meta-oe layers are using consistent indentation with 4 spaces, see http://www.openembedded.org/wiki/Styleguide Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* meta-oe: use bb.utils.contains() instead of base_contains()Ross Burton2016-04-281-3/+3
| | | | | | | | base_contains() is a compatibility wrapper and may warn in the future, so replace all instances with bb.utils.contains(). Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit: fix gobject introspection supportAlexander Kanavin2016-03-141-6/+8
| | | | Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
* polkit: Fix build with muslKhem Raj2016-02-012-0/+108
| | | | | | | | | Make features like netgroup optional, these are not supported by posix secondly they are poked at during configure so nothing changes for glibc based systems but it helps compiling with musl Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit-gnome: remove unrecognized configure optionsYi Zhao2016-01-041-4/+0
| | | | | | | | | Fix QA warning: WARNING: QA Issue: polkit-gnome: configure was passed unrecognised options: --disable-examples --disable-introspection [unknown-configure-option] Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit: fix relocation of polkit binariesReinette Chatre2015-10-132-46/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Polkit is currently broken in images built with multilib and systemd. This is because the patch, 0001-do-not-hardcoded-libdir.patch, applied on top of the polkit source code modifies where the polkitd binary is installed, but it does not modify the polkit.service file to start the binary from its new location. At first it seemed reasonable to modify the systemd service file to search for the binary in the correct place. This change, as well as what the patch (0001-do-not-hardcoded-libdir.patch) already does was proposed to the polkit maintainers at https://bugs.freedesktop.org/show_bug.cgi?id=92094 During the discussion with the polkit maintainers it became apparent that the change to support multilib polkit should not be done with a patch to the polkit source code, but instead a change to the polkit recipe. Polkit correctly installs libraries when multilib is in use without any changes to its source code. What is being changed by 0001-do-not-hardcoded-libdir.patch is not where the polkit libraries are installed but where the binaries are installed. Installing binaries in /usr/lib when baselib is lib64 is acceptable (see http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s06.html ). So, instead of patching polkit to install its binaries under the same library directory as its libraries we maintain the design of the polkit installer to install the binaries in /usr/lib. This is the same as what is done in distros like Fedora that supports multilib. With this patch the polkit package, when built with multilib, installs files into /usr/lib* as follows: polkit/usr/lib64/libpolkit-agent-1.so.0 polkit/usr/lib64/libpolkit-gobject-1.so.0 polkit/usr/lib64/libpolkit-gobject-1.so.0.0.0 polkit/usr/lib64/libpolkit-agent-1.so.0.0.0 polkit/usr/lib polkit/usr/lib/polkit-1 polkit/usr/lib/polkit-1/polkitd polkit/usr/lib/polkit-1/polkit-agent-helper-1 Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit-group-rule.inc: remove allarchAndreas Müller2015-09-231-1/+1
| | | | | | | Recipes using this include depend on polkit which is not allarch. Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit: 0.112 -> 0.113Li xin2015-08-182-43/+2
| | | | | | | | Remove 0001-configure.ac-Check-only-for-libsystemd-not-libsystem.patch, it is not needed anymore. Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit: do not hardcode the libdirChunrong Guo2015-05-132-0/+45
| | | | | | | libdir is defined as ${prefix}/lib/, but we want it to support multilib path Signed-off-by: Chunrong Guo <B40290@freescale.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit-gnome: Upgrade 0.102 -> 0.105Khem Raj2015-05-132-6/+20
| | | | | | | add missing dep on gtk+3 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit-group-rule: Add polkitd user and groupAsh Charles2015-02-121-0/+1
| | | | | | | | | | | | | | | | | | | | Recipes including polkit-group-rule.inc correctly install a directory with the user and group set as 'polkitd'. To avoid warnings like these when assemblying the rootfs, WARNING: log_check: warning: user polkitd does not exist - using root ... WARNING: log_check: warning: group polkitd does not exist - using root create this user and group. Note: although the polkit recipe itself, on which this depends, is creating this same user and group, it seems that the useradd class needs this to be specified independently. Signed-off-by: Ash Charles <ashcharles@gmail.com> Acked-by: Andreas Müller <schnitzeltony@googlemail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit-gnome, gdm, network-manager-applet: blacklist because ↵Martin Jansa2014-12-171-0/+2
| | | | | | polkit-gnome.do_configure fails Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit: update to 0.112Andreas Müller2014-10-011-17/+2
| | | | | | checked in logfile: setting up ownership/permission is performed by make install Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
* polkit-gnome: remove unrecognized configure optionsMartin Jansa2014-08-111-4/+4
| | | | | | | | | * fixes following QA warnings: polkit-gnome-0.102: polkit-gnome: configure was passed unrecognised options: --disable-scrollkeeper --disable-man-pages [unknown-configure-option] Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit-gnome: add missing dependency on gnome-commonRichard Purdie2014-06-211-1/+1
| | | | | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* recipes: add missing dependency on intltool-nativeRichard Purdie2014-06-211-1/+1
| | | | | | | | * These recipes all require intltool-native to build but were missing a dependency on it. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-09 15:44:25 +0000