From c1d3da9ca87c414100b1cb969e36b8d7d05b9a74 Mon Sep 17 00:00:00 2001 From: davidovski Date: Wed, 10 Aug 2022 09:16:34 +0100 Subject: added ovmf, lolcat, spice, and squashfstools --- repo/polkit/alpine-polkit.pam | 7 ++++ repo/polkit/polkit-common.pre-install | 6 ++++ repo/polkit/polkit-common.pre-upgrade | 6 ++++ repo/polkit/polkit.initd | 12 +++++++ repo/polkit/polkit.xibuild | 68 +++++++++++++++++++---------------- 5 files changed, 69 insertions(+), 30 deletions(-) create mode 100644 repo/polkit/alpine-polkit.pam create mode 100644 repo/polkit/polkit-common.pre-install create mode 100644 repo/polkit/polkit-common.pre-upgrade create mode 100644 repo/polkit/polkit.initd (limited to 'repo/polkit') diff --git a/repo/polkit/alpine-polkit.pam b/repo/polkit/alpine-polkit.pam new file mode 100644 index 0000000..e718f7e --- /dev/null +++ b/repo/polkit/alpine-polkit.pam @@ -0,0 +1,7 @@ +auth requisite pam_nologin.so +auth required pam_env.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +session required pam_limits.so +password required pam_unix.so diff --git a/repo/polkit/polkit-common.pre-install b/repo/polkit/polkit-common.pre-install new file mode 100644 index 0000000..7c4e3ef --- /dev/null +++ b/repo/polkit/polkit-common.pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup -S polkitd 2>/dev/null +adduser -S -D -H -h /var/empty -s /sbin/nologin -G polkitd -g polkitd polkitd 2>/dev/null + +exit 0 diff --git a/repo/polkit/polkit-common.pre-upgrade b/repo/polkit/polkit-common.pre-upgrade new file mode 100644 index 0000000..7c4e3ef --- /dev/null +++ b/repo/polkit/polkit-common.pre-upgrade @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup -S polkitd 2>/dev/null +adduser -S -D -H -h /var/empty -s /sbin/nologin -G polkitd -g polkitd polkitd 2>/dev/null + +exit 0 diff --git a/repo/polkit/polkit.initd b/repo/polkit/polkit.initd new file mode 100644 index 0000000..30d2387 --- /dev/null +++ b/repo/polkit/polkit.initd @@ -0,0 +1,12 @@ +#!/sbin/openrc-run +supervisor=supervise-daemon + +name="Polkit System Daemon" +description="Provide System authentication via PolicyKit1 D-Bus service" + +command=/usr/lib/polkit-1/polkitd +command_args="${POLKIT_OPTS:---no-debug}" + +depend() { + need dbus +} diff --git a/repo/polkit/polkit.xibuild b/repo/polkit/polkit.xibuild index eb236bc..e8286dd 100644 --- a/repo/polkit/polkit.xibuild +++ b/repo/polkit/polkit.xibuild @@ -1,30 +1,30 @@ #!/bin/sh -MAKEDEPS="git gobject-introspection meson libxslt patch elogind gtk-doc autoconf-archive" -DEPS="expat glib js78 pam" +NAME="polkit" +DESC="Application development toolkit for controlling system-wide privileges" -PKG_VER=0.120 -SOURCE=https://www.freedesktop.org/software/polkit/releases/polkit-$PKG_VER.tar.gz +MAKEDEPS="autoconf automake bash dbus-glib elogind expat glib gobject-introspection gtk2 intltool libtool pam js78" -DESC="Application development toolkit for controlling system-wide privileges" +PKG_VER=0.120 +SOURCE="https://www.freedesktop.org/software/polkit/releases/polkit-$PKG_VER.tar.gz" ADDITIONAL=" - files/polkit-1 - patches/CVE-2021-4034.patch - patches/make-innetgr-optional.patch +CVE-2021-4034.patch +alpine-polkit.pam +make-innetgr-optional.patch +polkit-common.pre-install +polkit-common.pre-upgrade +polkit.initd " -prepare () { - apply_patches - - autoreconf -fi +prepare() { + apply_patches + autoreconf -fi } -build () { - mkdir build && - cd build && - - ../configure \ +build() { + ./configure \ + --disable-libsystemd-login \ --prefix=/usr \ --sysconfdir=/etc \ --mandir=/usr/share/man \ @@ -39,20 +39,28 @@ build () { --disable-gtk-doc-html \ --disable-gtk-doc-pdf \ --disable-libelogind \ - --disable-systemd \ - --enable-libsystemd-login - make + --disable-systemd + make } -package () { - make DESTDIR=$PKG_DEST install && - cd .. && - install -m644 polkit-1 $PKG_DEST/etc/pam.d/polkit-1 -} +package() { + provider_priority=100 # highest + + make DESTDIR="$PKG_DEST" \ + dbusconfdir=/usr/share/dbus-1/system.d \ + rulesdir=/usr/share/polkit-1/rules.d \ + install + cd "$PKG_DEST" + + # Use our own polkit rules, upstream may change them + install -m644 "$BUILD_ROOT"/alpine-polkit.pam etc/pam.d/polkit-1 -postinstall() { - /usr/sbin/groupadd -fg 27 polkitd && - /usr/sbin/useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \ - -g polkitd -s /bin/false polkitd - true + # See polkit's configure script which tells us what permissions to set + chown -R polkitd:polkitd etc/polkit-1/rules.d usr/share/polkit-1/rules.d + chmod -R 700 etc/polkit-1/rules.d usr/share/polkit-1/rules.d + chmod 4755 usr/lib/polkit-1/polkit-agent-helper-1 + chmod 4755 usr/bin/pkexec + + install -Dm755 "$BUILD_ROOT"/polkit.initd etc/init.d/polkit } + -- cgit v1.2.1