| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Please see
https://git.yoctoproject.org/poky/commit/?id=4dd321f8b83afecd962393101b2a6861275b5265
for what changes are needed, and sed commands that can be used to make them en masse.
I've verified that bitbake -c patch world works with these, but did not run a world
build; the majority of recipes shouldn't need further fixups, but if there are
some that still fall out, they can be fixed in followups.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While using sysvinit as INIT_MANAGER and libdir = "/usr/lib64" ,
polkit do_install failed at remove systemd directory
...
rm: cannot remove 'tmp/work/corei7-64-wrs-linux/polkit/126/image/usr/lib64/systemd': No such file or directory
...
Force remove ${nonarch_libdir}/systemd and ${libdir}/systemd to assure
all systemd directories clean up
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
fixes:
ERROR: polkit-126-r0 do_configure: QA Issue: polkit: invalid PACKAGECONFIG: mozjs [invalid-packageconfig]
ERROR: polkit-126-r0 do_configure: Fatal QA errors were found, failing task.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Patch merged upstream. mozjs support dropped, remove PACKAGECONFIG.
Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Commit d89fc818b716d099f83a5a9a973be428e2b66806 changed the
permissions back to 700, which is wrong for /usr/share, these
files are intended to be world readable. Change it back.
Fixes: d89fc818b716 ("polkit: Install rules in subdir")
Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://github.com/openembedded/meta-openembedded/commit/d5e90541f8e35916abc930b2da6de037b23d51a1
moved the rules to /usr/share/ instead of /etc/. The commit also removed the
install:prepend() step.
This results in the rules being installed as file /usr/share/polkit-1/rules.d
instead of in that folder.
This commit adds back the install prepend step such that the rules are installed
in said folder.
Signed-off-by: Darrel Griët <dgriet@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
https://github.com/polkit-org/polkit/pull/497 was merged as
https://github.com/polkit-org/polkit/commit/1d4f7f4d9f3d74fb2649c96faa8677416c1aefc2
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Polkit unconditionally installs a systemd service, remove it in
do_install() on SysVinit systems to avoid "installed but not packaged
file" error.
Fixes this error:
ERROR: polkit-125-r0 do_package: QA Issue: polkit: Files/directories were installed but not shipped in any package:
/usr/lib/systemd
/usr/lib/systemd/system
/usr/lib/systemd/system/polkit.service
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
polkit: 3 installed and not shipped files. [installed-vs-shipped]
ERROR: polkit-125-r0 do_package: Fatal QA errors were found, failing task.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new OS option to polkit meson: "openembedded" and use this to
set PAM include to common-* which matches OE-Core libpam.
This also may fix a non-reproducibility since polkit meson system tried
to detect the host (compiling) OS and changed PAM config from the
detected value.
Fixes: https://github.com/openembedded/meta-openembedded/issues/860
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* broken since
https://github.com/openembedded/meta-openembedded/pull/859
which moved the files from ${sysconfdir} which is packaged
in ${PN} by default into ${datadir} which isn't packaged causing:
ERROR: QA Issue: polkit-group-rule-network: Files/directories were installed but not shipped in any package:
/usr
/usr/share
/usr/share/polkit-1
/usr/share/polkit-1/rules.d
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
polkit-group-rule-network: 4 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Rules shipped by OS packages should go in /usr/share/. /etc/ is
reserved for local modifications. This allows local users and
admins to provide overrides. It also removes the need to fix
directory permissions.
Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This is no longer required by upstream for data in /usr/, as it ships
in packages so there's no point hiding its content. Still required for
/etc/ as that's for local modifications.
Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
The 'libs-only' option skips building polkitd.
Signed-off-by: Marc Ferland <marc.ferland@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Add elogind package config option.
Also make sure the systemd, consolekit and elogind options are
mutually exclusive (as defined in the meson_options.txt file).
Signed-off-by: Marc Ferland <marc.ferland@gmail.com>
|
| |
|
|
|
|
| |
Project has moved to github.
Signed-off-by: Marc Ferland <marc.ferland@gmail.com>
|
| |
|
|
|
|
|
| |
Replace references of WORKDIR with UNPACKDIR where it makes sense to do
so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
polkitd doesn't segfault with MemoryDenyWriteExecute=yes anymore
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- support for mozjs-115 was added, remove the patch
- update 0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch
- include missing files to avoid:
/usr/lib/pam.d
/usr/lib/sysusers.d
/usr/lib/pam.d/polkit-1
/usr/lib/sysusers.d/polkit.conf
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
ERROR: polkit-124-r0 do_package: QA Issue: polkit: Files/directories were installed but not shipped in any package:
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Fix conflicting installations of
polkit-group-rule-{network/datetime/udisks2}. Ensure {sysconfdir}/polkit-1/rules.d permissions match the current
recipe during installation to prevent conflicts in do_rootfs of an image.
Signed-off-by: Maxime Roussin-Belanger <maxime.roussinbelanger@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
This will allow dropping mozjs-102 instead of attempting
to make it work with python 3.12.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
It's also unbuildable as mozjs-91 has been removed as well.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add a patch to disable an offensive hardening option
that causes polkit to segfault
- better safety with deeper resctiction of the configuration files
- better safety with restricting the daemon's owner under systemd
- better safety with the systemd unit sandboxing
- less thread races during upload of the configuration
- glib, gobject, gio >= 2.32
- mozjs-102 OR duktape
- gobject-introspection >= 0.6.2 (optional)
- pam (optional)
- ConsoleKit OR systemd
- gettext
- meson
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recover ${nonarch_libdir}/${BPN}-1 into FILES:${PN} to fix install do_package error when multilib is enabled.
Fixes
ERROR: polkit-122-r0 do_package: QA Issue: polkit: Files/directories were installed but not shipped in any package:
/usr/lib/polkit-1/polkit-agent-helper-1
/usr/lib/polkit-1/polkitd
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
polkit: 2 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
autotools buildsystem has been dropped
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Refresh patch to avoid QA issue about patch fuzz.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following warning:
WARNING: polkit-0.119-r0 do_patch: Fuzz detected:
Applying patch 0004-Make-netgroup-support-optional.patch
patching file configure.ac
Hunk #1 succeeded at 117 with fuzz 2 (offset 17 lines).
patching file meson.build
patching file src/polkit/polkitidentity.c
patching file src/polkit/polkitunixnetgroup.c
patching file src/polkitbackend/polkitbackendinteractiveauthority.c
patching file src/polkitbackend/polkitbackendjsauthority.cpp
Hunk #1 succeeded at 1291 (offset -233 lines).
Hunk #2 succeeded at 1306 (offset -233 lines).
patching file test/polkit/polkitidentitytest.c
patching file test/polkit/polkitunixnetgrouptest.c
patching file test/polkitbackend/test-polkitbackendjsauthority.c
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the patch to make netgroup support optional to fit the commit
merged upstream [1], update the other patch depending on one of the
changes.
Without this update, a compilation using duktape with musl fails with:
| ../../../polkit-0.119/src/polkitbackend/polkitbackendduktapeauthority.c: In function 'js_polkit_user_is_in_netgroup':
| ../../../polkit-0.119/src/polkitbackend/polkitbackendduktapeauthority.c:1039:7: warning: implicit declaration of function 'innetgr' [-Wimplicit-function-declaration]
| 1039 | if (innetgr (netgroup,
| | ^~~~~~~
The main patch has been split in two, to apply the duktape part only when duktape is
applied.
[1] https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
polkitd user has default access to /bin/sh, add --shell /bin/nologin
to remove default access to /bin/sh and avoid login through it.
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
RDEPENDS_${PN} -> RDEPENDS:${PN}
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14829 reports
that duktape isn't fully compatible with mozjs as the supported
javascript features are different. duktape supports
ECMAScript standard version 5 while mozjs supports a lot more.
See https://kangax.github.io/compat-table/es5/ for the differences.
Thus the change from mozjs to duktape may break some rules
which rely on javascript features which duktape doesn't support,
for example array.includes() function,
https://kangax.github.io/compat-table/es6/
https://262.ecma-international.org/7.0/#sec-array.prototype.includes
For many embedded systems which care about fast boot times and smaller
rootfs using duktape is recommended but rules must be written in reduced
set of ECMA script language features. For array.includes() one alternative
is "array.indexOf(search) >= 0".
[YOCTO #14829]
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
The rule allows non-priviledged users from plugdev group to
mount/unmount block devices
Signed-off-by: Vyacheslav Yurkov <v.yurkov@precitec.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
cherry-pick the change from polkit 0.120+ upstream since
it applies directly to 0.119. Drop mozjs patches.
Removes mozjs and its dependency nspr from images. They account for
roughly 21 Mb on 64bit ARM machines. The replacement libduktape is
roughly 300 kb in size. Thus this saves at least 20 Mb in rootfs size
when polkit is used.
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
They were available in polkit master branch and cherry-pick to
0.119 version works so pick the patches.
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Delete old m4 macros, so autoreconf can repopulate it.
Fixes
libtool: Version mismatch error. This is libtool 2.4.7, but the
libtool: definition of this LT_INIT comes from libtool 2.4.6.
libtool: You should recreate aclocal.m4 with macros from libtool 2.4.7
libtool: and run autoconf again.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Sadly, the move to duktape has not yet happend, but it is on the
way, and meanwhile we can use modern mozjs at least.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Backport a patch [1] to fix CVE-2021-3560.
[1] https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
Avoid warning due to the class rename in OE-Core.
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* An issue in meta-mortsgna was reported. Discussion is found at [1]
* We do similar in meta-gnome's gvfs for same reason [2]
* This is a bugfix which should apply and work for many release-branches
Fixes:
| Error: Transaction check error:
| file /etc/polkit-1/rules.d conflicts between attempted installs of polkit-group-rule-datetime-1.0-r0.cortexa7t2hf_neon_vfpv4 and polkit-0.115-r0.cortexa7t2hf_neon_vfpv4
[1] https://github.com/schnitzeltony/meta-mortsgna/issues/11
[2] https://github.com/openembedded/meta-openembedded/blob/fd1a0c9210b162ccb147e933984c755d32899efc/meta-gnome/recipes-gnome/gvfs/gvfs_1.41.2.bb#L72
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Make netgroup support optional so it can be disabled on musl
Drop backported patch 0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After below commits to add polkit as a required
distro feature:
97a1a55 polkit: add polkit as a required distro feature
c049e02 polkit: inherit distro_features_check
All recipes that includes polkit-group-rule.inc will fail to parse
when polkit is not in DISTRO_FEATURE, especially 'world'. e.g.
ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'udisks', 'polkit']
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Make the recently added REQUIRED_DISTRO_FEATURES effective by
inheriting distro_features_check.
Fixes: 97a1a55f4755 ("polkit: add polkit as a required distro feature")
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Make sure polkit is in DISTRO_FEATURERS if this package is being
installed. This will make sure that people who do use polkit in
their image also do enabled the recently introduced distro feature
polkit in their distro.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Rebase patches to 0.115
0001-make-netgroup-support-configurable.patch
polkit-1_pam.patch
- Add --disable-libelogind which OE does not have recipe
libelogind
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
