commit: 6a64102794465357801f86c5a814e5b9698016fa
Author: Travis Tilley <ttilley <AT> gmail <DOT> com>
AuthorDate: Sat Mar 21 21:50:43 2015 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed May 13 16:48:49 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-dev.git/commit/?id=6a641027
sys-auth/polkit: fix compilation with musl by making netgroup related sections
optional via configure defines
.../polkit-make-netgroup-support-optional.patch | 86 ++++++++++++++
sys-auth/polkit/polkit-0.112-r2.ebuild | 123 +++++++++++++++++++++
2 files changed, 209 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-make-netgroup-support-optional.patch
b/sys-auth/polkit/files/polkit-make-netgroup-support-optional.patch
new file mode 100644
index 0000000..07efd0e
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-make-netgroup-support-optional.patch
@@ -0,0 +1,86 @@
+diff --git a/configure.ac b/configure.ac
+index 4bb6d90..8d30a95 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -158,7 +158,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+ [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+
+-AC_CHECK_FUNCS(clearenv)
++AC_CHECK_FUNCS(clearenv getnetgrent innetgr)
+
+ if test "x$GCC" = "xyes"; then
+ LDFLAGS="-Wl,--as-needed $LDFLAGS"
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c
b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 3bd2f0b..9d2ec61 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -2103,6 +2103,7 @@ get_users_in_group (PolkitIdentity
*group,
+ return ret;
+ }
+
++#if defined HAVE_GETNETGRENT
+ static GList *
+ get_users_in_net_group (PolkitIdentity *group,
+ gboolean include_root)
+@@ -2154,6 +2155,7 @@ get_users_in_net_group (PolkitIdentity
*group,
+ endnetgrent ();
+ return ret;
+ }
++#endif
+
+ /*
----------------------------------------------------------------------------------------------------
*/
+
+@@ -2243,10 +2245,12 @@ authentication_agent_initiate_challenge
(AuthenticationAgent *agent,
+ {
+ user_identities = g_list_concat (user_identities,
get_users_in_group (identity, FALSE));
+ }
++#if defined HAVE_GETNETGRENT
+ else if (POLKIT_IS_UNIX_NETGROUP (identity))
+ {
+ user_identities = g_list_concat (user_identities,
get_users_in_net_group (identity, FALSE));
+ }
++#endif
+ else
+ {
+ g_warning ("Unsupported identity");
+diff --git a/src/polkitbackend/polkitbackendjsauthority.c
b/src/polkitbackend/polkitbackendjsauthority.c
+index bc2fe22..b84c110 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.c
++++ b/src/polkitbackend/polkitbackendjsauthority.c
+@@ -29,6 +29,7 @@
+ #include <glib/gstdio.h>
+ #include <locale.h>
+ #include <glib/gi18n-lib.h>
++#include <sys/wait.h>
+
+ #include <polkit/polkit.h>
+ #include "polkitbackendjsauthority.h"
+@@ -1450,13 +1451,16 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+ JSBool ret = JS_FALSE;
+ JSString *user_str;
+ JSString *netgroup_str;
+- char *user;
+- char *netgroup;
+ JSBool is_in_netgroup = JS_FALSE;
+
+ if (!JS_ConvertArguments (cx, argc, JS_ARGV (cx, vp), "SS", &user_str,
&netgroup_str))
+ goto out;
+
++#if defined(HAVE_INNETGR)
++ {
++ char *user;
++ char *netgroup;
++
+ user = JS_EncodeString (cx, user_str);
+ netgroup = JS_EncodeString (cx, netgroup_str);
+
+@@ -1470,6 +1474,8 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+
+ JS_free (cx, netgroup);
+ JS_free (cx, user);
++ }
++#endif
+
+ ret = JS_TRUE;
+
diff --git a/sys-auth/polkit/polkit-0.112-r2.ebuild
b/sys-auth/polkit/polkit-0.112-r2.ebuild
new file mode 100644
index 0000000..ad596c3
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.112-r2.ebuild
@@ -0,0 +1,123 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/polkit-0.112-r2.ebuild,v
1.17 2015/02/11 03:45:06 patrick Exp $
+
+EAPI=5
+inherit eutils autotools multilib pam pax-utils systemd user
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide
services"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit";
+SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz";
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86"
+IUSE="examples gtk +introspection jit kde nls pam selinux systemd"
+
+CDEPEND="
+ ia64? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
+ hppa? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
+ mips? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
+ !hppa? ( !ia64? ( !mips? ( dev-lang/spidermonkey:17[-debug,jit=] ) ) )
+ >=dev-libs/glib-2.32
+ >=dev-libs/expat-2:=
+ introspection? ( >=dev-libs/gobject-introspection-1 )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0= )"
+DEPEND="${CDEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt
+ dev-util/intltool
+ virtual/pkgconfig"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ lxde-base/lxpolkit
+ ) )
+ kde? ( || (
+ kde-plasma/polkit-kde-agent
+ sys-auth/polkit-kde-agent
+ ) )
+ !systemd? ( sys-auth/consolekit[policykit] )"
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ sed -i -e 's|unix-group:wheel|unix-user:0|'
src/polkitbackend/*-default.rules || die #401513
+ epatch "${FILESDIR}"/${PN}-make-netgroup-support-optional.patch
+ eautoreconf || die
+}
+
+src_configure() {
+ econf \
+ --localstatedir="${EPREFIX}"/var \
+ --disable-static \
+ --enable-man-pages \
+ --disable-gtk-doc \
+ $(use_enable systemd libsystemd-login) \
+ $(use_enable introspection) \
+ --disable-examples \
+ $(use_enable nls) \
+ $(if use hppa || use ia64 || use mips; then echo
--with-mozjs=mozjs185; else echo --with-mozjs=mozjs-17.0; fi) \
+ "$(systemd_with_unitdir)" \
+ --with-authfw=$(usex pam pam shadow) \
+ $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \
+ --with-os-type=gentoo
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ local f='src/polkitbackend/.libs/polkitd
test/polkitbackend/.libs/polkitbackendjsauthoritytest'
+ local m=''
+ # Only used when USE="jit" is enabled for 'dev-lang/spidermonkey:17'
wrt #485910
+ has_version 'dev-lang/spidermonkey:17[jit]' && m='m'
+ # hppa, ia64 and mips uses spidermonkey-1.8.5 which requires different
pax-mark flags
+ use hppa && m='mr'
+ use ia64 && m='mr'
+ use mips && m='mr'
+ [ -n "$m" ] && pax-mark ${m} ${f}
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ dodoc docs/TODO HACKING NEWS README
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ prune_libtool_files
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}
