summaryrefslogtreecommitdiff
path: root/repo/polkit
diff options
context:
space:
mode:
Diffstat (limited to 'repo/polkit')
-rw-r--r--repo/polkit/alpine-polkit.pam7
-rw-r--r--repo/polkit/polkit-common.pre-install6
-rw-r--r--repo/polkit/polkit-common.pre-upgrade6
-rw-r--r--repo/polkit/polkit.initd12
-rw-r--r--repo/polkit/polkit.xibuild68
5 files changed, 69 insertions, 30 deletions
diff --git a/repo/polkit/alpine-polkit.pam b/repo/polkit/alpine-polkit.pam
new file mode 100644
index 0000000..e718f7e
--- /dev/null
+++ b/repo/polkit/alpine-polkit.pam
@@ -0,0 +1,7 @@
+auth requisite pam_nologin.so
+auth required pam_env.so
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
+session required pam_limits.so
+password required pam_unix.so
diff --git a/repo/polkit/polkit-common.pre-install b/repo/polkit/polkit-common.pre-install
new file mode 100644
index 0000000..7c4e3ef
--- /dev/null
+++ b/repo/polkit/polkit-common.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S polkitd 2>/dev/null
+adduser -S -D -H -h /var/empty -s /sbin/nologin -G polkitd -g polkitd polkitd 2>/dev/null
+
+exit 0
diff --git a/repo/polkit/polkit-common.pre-upgrade b/repo/polkit/polkit-common.pre-upgrade
new file mode 100644
index 0000000..7c4e3ef
--- /dev/null
+++ b/repo/polkit/polkit-common.pre-upgrade
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S polkitd 2>/dev/null
+adduser -S -D -H -h /var/empty -s /sbin/nologin -G polkitd -g polkitd polkitd 2>/dev/null
+
+exit 0
diff --git a/repo/polkit/polkit.initd b/repo/polkit/polkit.initd
new file mode 100644
index 0000000..30d2387
--- /dev/null
+++ b/repo/polkit/polkit.initd
@@ -0,0 +1,12 @@
+#!/sbin/openrc-run
+supervisor=supervise-daemon
+
+name="Polkit System Daemon"
+description="Provide System authentication via PolicyKit1 D-Bus service"
+
+command=/usr/lib/polkit-1/polkitd
+command_args="${POLKIT_OPTS:---no-debug}"
+
+depend() {
+ need dbus
+}
diff --git a/repo/polkit/polkit.xibuild b/repo/polkit/polkit.xibuild
index eb236bc..e8286dd 100644
--- a/repo/polkit/polkit.xibuild
+++ b/repo/polkit/polkit.xibuild
@@ -1,30 +1,30 @@
#!/bin/sh
-MAKEDEPS="git gobject-introspection meson libxslt patch elogind gtk-doc autoconf-archive"
-DEPS="expat glib js78 pam"
+NAME="polkit"
+DESC="Application development toolkit for controlling system-wide privileges"
-PKG_VER=0.120
-SOURCE=https://www.freedesktop.org/software/polkit/releases/polkit-$PKG_VER.tar.gz
+MAKEDEPS="autoconf automake bash dbus-glib elogind expat glib gobject-introspection gtk2 intltool libtool pam js78"
-DESC="Application development toolkit for controlling system-wide privileges"
+PKG_VER=0.120
+SOURCE="https://www.freedesktop.org/software/polkit/releases/polkit-$PKG_VER.tar.gz"
ADDITIONAL="
- files/polkit-1
- patches/CVE-2021-4034.patch
- patches/make-innetgr-optional.patch
+CVE-2021-4034.patch
+alpine-polkit.pam
+make-innetgr-optional.patch
+polkit-common.pre-install
+polkit-common.pre-upgrade
+polkit.initd
"
-prepare () {
- apply_patches
-
- autoreconf -fi
+prepare() {
+ apply_patches
+ autoreconf -fi
}
-build () {
- mkdir build &&
- cd build &&
-
- ../configure \
+build() {
+ ./configure \
+ --disable-libsystemd-login \
--prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
@@ -39,20 +39,28 @@ build () {
--disable-gtk-doc-html \
--disable-gtk-doc-pdf \
--disable-libelogind \
- --disable-systemd \
- --enable-libsystemd-login
- make
+ --disable-systemd
+ make
}
-package () {
- make DESTDIR=$PKG_DEST install &&
- cd .. &&
- install -m644 polkit-1 $PKG_DEST/etc/pam.d/polkit-1
-}
+package() {
+ provider_priority=100 # highest
+
+ make DESTDIR="$PKG_DEST" \
+ dbusconfdir=/usr/share/dbus-1/system.d \
+ rulesdir=/usr/share/polkit-1/rules.d \
+ install
+ cd "$PKG_DEST"
+
+ # Use our own polkit rules, upstream may change them
+ install -m644 "$BUILD_ROOT"/alpine-polkit.pam etc/pam.d/polkit-1
-postinstall() {
- /usr/sbin/groupadd -fg 27 polkitd &&
- /usr/sbin/useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \
- -g polkitd -s /bin/false polkitd
- true
+ # See polkit's configure script which tells us what permissions to set
+ chown -R polkitd:polkitd etc/polkit-1/rules.d usr/share/polkit-1/rules.d
+ chmod -R 700 etc/polkit-1/rules.d usr/share/polkit-1/rules.d
+ chmod 4755 usr/lib/polkit-1/polkit-agent-helper-1
+ chmod 4755 usr/bin/pkexec
+
+ install -Dm755 "$BUILD_ROOT"/polkit.initd etc/init.d/polkit
}
+