sys-auth/polkit: Remove old

Signed-off-by: Michał Górny <mgorny@gentoo.org>

sys-auth/polkit/Manifest

@@ -1,2 +1 @@
-DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6
 DIST polkit-126.tar.gz 456138 BLAKE2B 2e86c8853edf29879d8367b77d210d3a891178297cb5f9eb204a953bfaa66f6ff2307da265f4c3f89265ba8ce32e94641272d654a78d116dfb32a65d402f877a SHA512 dbdbc31b7a231c963788b37cf1a138e30336466fb662225a812faaf58e45439925d9d39346cc8f07e54f22040c2f142435acb9fded315d33e24930e0abc736c7

sys-auth/polkit/files/polkit-123-mozjs-JIT.patch

@@ -1,36 +0,0 @@
-https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb
-
-From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001
-From: Xi Ruoyao <xry111@xry111.site>
-Date: Sat, 29 Jul 2023 17:44:58 +0800
-Subject: [PATCH] jsauthority: mozjs: Disable JIT
-
-The JIT compiling of mozjs needs W/X mapping, but our systemd hardening
-setting does not allow it.
-
-For polkit, security is much more important than the speed running
-Javascript code in rule files, so we should disable JIT.
-
-Fixes #199.
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -56,7 +56,16 @@
- static class JsInitHelperType
- {
- public:
--	JsInitHelperType() { JS_Init(); }
-+	JsInitHelperType()
-+	{
-+	  /* Disable JIT because it needs W/X mapping, which is not allowed by
-+	   * our systemd hardening setting.
-+	   */
-+	  JS::DisableJitBackend();
-+
-+	  JS_Init();
-+	}
-+
- 	~JsInitHelperType() { JS_ShutDown(); }
- } JsInitHelper;
- 
--- 
-GitLab

sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch

@@ -1,35 +0,0 @@
-https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d
-
-From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001
-From: Vincent Mihalkovic <vmihalko@redhat.com>
-Date: Wed, 16 Aug 2023 08:59:55 +0000
-Subject: [PATCH] pkexec: fix uninitialized pointer warning
-
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -53,6 +53,7 @@
- static gchar *original_user_name = NULL;
- static gchar *original_cwd;
- static gchar *command_line = NULL;
-+static gchar *cmdline_short = NULL;
- static struct passwd *pw;
- 
- #ifndef HAVE_CLEARENV
-@@ -508,6 +509,7 @@ main (int argc, char *argv[])
-   path = NULL;
-   exec_argv = NULL;
-   command_line = NULL;
-+  cmdline_short = NULL;
-   opt_user = NULL;
-   local_agent_handle = NULL;
- 
-@@ -802,7 +804,6 @@ main (int argc, char *argv[])
-   polkit_details_insert (details, "program", path);
-   polkit_details_insert (details, "command_line", command_line);
- 
--  gchar *cmdline_short = NULL;
-   cmdline_short = g_strdup(command_line);
-   if (strlen(command_line) > 80)
-       g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ),
--- 
-GitLab

sys-auth/polkit/files/polkit-126-musl.patch

@@ -1,34 +0,0 @@
-https://github.com/polkit-org/polkit/commit/074ad836836167190cfe5649f9fc50da2e79a0ab
-
-From 074ad836836167190cfe5649f9fc50da2e79a0ab Mon Sep 17 00:00:00 2001
-From: Jan Rybar <jrybar@redhat.com>
-Date: Wed, 19 Feb 2025 14:20:22 +0100
-Subject: [PATCH] Fix musl compilation error on Alpine
-
-Disruptions between glibc and musl-(not-)predefined feature-test macros led to
-a decision to remove a check for POSIX standards older than 17 years. It makes no
-sense to test the existence of a macro that we explicitly define in
-meson.build either (shall we test for _GNU_SOURCE).
----
- src/programs/pkexec.c | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
-index b439475f..4274c92b 100644
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -674,12 +674,8 @@ main (int argc, char *argv[])
-           argv[n] = path_abs;
-       }
-     }
--#if _POSIX_C_SOURCE >= 200809L
-+
-   s = realpath(path, NULL);
--#else
--  s = NULL;
--# error We have to deal with realpath(3) PATH_MAX madness
--#endif
-   if (s != NULL)
-     {
-       /* The called program resolved to the canonical location. We don't update
-

sys-auth/polkit/files/polkit-126-realpath.patch

@@ -1,133 +0,0 @@
-https://github.com/polkit-org/polkit/commit/9aa43e089d870a8ee695e625237c5b731b250678
-
-From 9aa43e089d870a8ee695e625237c5b731b250678 Mon Sep 17 00:00:00 2001
-From: Walter Doekes <walter+github@wjd.nu>
-Date: Fri, 25 Oct 2024 23:18:16 +0200
-Subject: [PATCH] pkexec: Use realpath when comparing
- org.freedesktop.policykit.exec.path
-
-This changes the pkexec path that is compared from the original supplied
-path to the path resolved by realpath(3).
-
-That means that "/bin/something" might now be matched as
-"/usr/bin/something", a review of your
-  <annotate key="org.freedesktop.policykit.exec.path">
-actions might be in order.
-
-Fixes: polkit-org/polkit#194
-
-See also: systemd/systemd#34714
----
- src/programs/pkexec.c           | 29 +++++++++++++++++++++++++++--
- test/integration/pkexec/test.sh | 23 +++++++++++++++++++++++
- 2 files changed, 50 insertions(+), 2 deletions(-)
-
-diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
-index 65c13090..b439475f 100644
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -452,6 +452,7 @@ main (int argc, char *argv[])
-   gchar *action_id;
-   gboolean allow_gui;
-   gchar **exec_argv;
-+  gchar *path_abs;
-   gchar *path;
-   struct passwd pwstruct;
-   gchar pwbuf[8192];
-@@ -508,6 +509,7 @@ main (int argc, char *argv[])
-   result = NULL;
-   action_id = NULL;
-   saved_env = NULL;
-+  path_abs = NULL;
-   path = NULL;
-   exec_argv = NULL;
-   command_line = NULL;
-@@ -624,6 +626,8 @@ main (int argc, char *argv[])
-    * but do check this is the case.
-    *
-    * We also try to locate the program in the path if a non-absolute path is given.
-+   *
-+   * And then we resolve the real path of the program.
-    */
-   g_assert (argv[argc] == NULL);
-   path = g_strdup (argv[n]);
-@@ -647,7 +651,7 @@ main (int argc, char *argv[])
-     }
-   if (path[0] != '/')
-     {
--      /* g_find_program_in_path() is not suspectible to attacks via the environment */
-+      /* g_find_program_in_path() is not susceptible to attacks via the environment */
-       s = g_find_program_in_path (path);
-       if (s == NULL)
-         {
-@@ -662,9 +666,29 @@ main (int argc, char *argv[])
-        */
-       if (argv[n] != NULL)
-       {
--        argv[n] = path;
-+        /* Must copy because we might replace path later on. */
-+        path_abs = g_strdup(path);
-+        /* argv[n:] is used as argv arguments to execv(). The called program
-+         * sees the original called path, but we make sure it's absolute. */
-+        if (path_abs != NULL)
-+          argv[n] = path_abs;
-       }
-     }
-+#if _POSIX_C_SOURCE >= 200809L
-+  s = realpath(path, NULL);
-+#else
-+  s = NULL;
-+# error We have to deal with realpath(3) PATH_MAX madness
-+#endif
-+  if (s != NULL)
-+    {
-+      /* The called program resolved to the canonical location. We don't update
-+       * argv[n] this time. The called program still sees the original
-+       * called path. This is very important for multi-call binaries like
-+       * busybox. */
-+      g_free (path);
-+      path = s;
-+    }
-   if (access (path, F_OK) != 0)
-     {
-       g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno));
-@@ -1084,6 +1108,7 @@ main (int argc, char *argv[])
-     }
- 
-   g_free (original_cwd);
-+  g_free (path_abs);
-   g_free (path);
-   g_free (command_line);
-   g_free (cmdline_short);
-diff --git a/test/integration/pkexec/test.sh b/test/integration/pkexec/test.sh
-index 4c76687b..e57b948f 100755
---- a/test/integration/pkexec/test.sh
-+++ b/test/integration/pkexec/test.sh
-@@ -142,3 +142,26 @@ sudo -u "$TEST_USER" expect "$TMP_DIR/SIGTRAP-on-EOF.exp" | tee "$TMP_DIR/SIGTRA
- grep -q "AUTHENTICATION FAILED" "$TMP_DIR/SIGTRAP-on-EOF.log"
- grep -q "Not authorized" "$TMP_DIR/SIGTRAP-on-EOF.log"
- rm -f "$TMP_DIR/SIGTRAP-on-EOF.log"
-+
-+: "Check absolute (but not canonicalized) path"
-+BASH_ABS=$(command -v bash)
-+ln -s "$BASH_ABS" ./my-bash
-+sudo -u "$TEST_USER" expect "$TMP_DIR/basic-auth.exp" "$TEST_USER_PASSWORD" ./my-bash -c true | tee "$TMP_DIR/absolute-path.log"
-+grep -Eq "Authentication is needed to run \`/.*/${PWD##*/}/./my-bash -c true' as the super user" "$TMP_DIR/absolute-path.log"
-+grep -q "AUTHENTICATION COMPLETE" "$TMP_DIR/absolute-path.log"
-+rm -f "$TMP_DIR/absolute-path.log"
-+rm -f "./my-bash"
-+
-+: "Check canonicalized path"
-+if command -v strace; then
-+    BASH_ABS=$(command -v bash)
-+    ln -s "$BASH_ABS" ./my-bash
-+    sudo -u "$TEST_USER" strace -s 512 -o "$TMP_DIR/canonical-path.strace" -feexecve \
-+	expect "$TMP_DIR/basic-auth.exp" "$TEST_USER_PASSWORD" ./my-bash -c true | tee "$TMP_DIR/canonical-path.log"
-+    cat "$TMP_DIR/canonical-path.strace"
-+    grep -qF "execve(\"$BASH_ABS\", [\"$PWD/./my-bash\"," "$TMP_DIR/canonical-path.strace"
-+    grep -q "AUTHENTICATION COMPLETE" "$TMP_DIR/canonical-path.log"
-+    rm -f "$TMP_DIR/canonical-path.log" "$TMP_DIR/canonical-path.strace"
-+    rm -f "./my-bash"
-+    rm -f "$TMP_DIR/preload.c" "$TMP_DIR/preload.so"
-+fi
-

sys-auth/polkit/polkit-123-r1.ebuild

@@ -1,157 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_11 )
-inherit meson pam pax-utils python-any-r1 systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
-if [[ ${PV} == *_p* ]] ; then
-	# Upstream don't make releases very often. Test snapshots throughly
-	# and review commits, but don't shy away if there's useful stuff there
-	# we want.
-	MY_COMMIT=""
-	SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
-
-	S="${WORKDIR}"/${PN}-${MY_COMMIT}
-else
-	SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
-fi
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
-IUSE="examples gtk +introspection kde pam selinux systemd test"
-# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
-RESTRICT="!test? ( test ) test"
-
-# This seems to be fixed with 121?
-#if [[ ${PV} == *_p* ]] ; then
-#	RESTRICT="!test? ( test )"
-#else
-#	# Tests currently don't work with meson in the dist tarballs. See
-#	#  https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
-#	RESTRICT="test"
-#fi
-
-BDEPEND="
-	acct-user/polkitd
-	app-text/docbook-xml-dtd:4.1.2
-	app-text/docbook-xsl-stylesheets
-	dev-libs/glib
-	dev-libs/gobject-introspection-common
-	dev-libs/libxslt
-	dev-util/glib-utils
-	sys-devel/gettext
-	virtual/pkgconfig
-	introspection? ( >=dev-libs/gobject-introspection-1.82.0-r2 )
-	test? (
-		$(python_gen_any_dep '
-			dev-python/dbus-python[${PYTHON_USEDEP}]
-			dev-python/python-dbusmock[${PYTHON_USEDEP}]
-		')
-	)
-"
-DEPEND="
-	>=dev-libs/glib-2.32:2
-	dev-libs/expat
-	dev-lang/duktape:=
-	pam? (
-		sys-auth/pambase
-		sys-libs/pam
-	)
-	!pam? ( virtual/libcrypt:= )
-	systemd? ( sys-apps/systemd:0=[policykit] )
-	!systemd? ( sys-auth/elogind )
-"
-RDEPEND="
-	${DEPEND}
-	acct-user/polkitd
-	selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
-	gtk? ( || (
-		>=gnome-extra/polkit-gnome-0.105
-		>=lxde-base/lxsession-0.5.2
-	) )
-	kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING.md NEWS.md README.md )
-
-QA_MULTILIB_PATHS="
-	usr/lib/polkit-1/polkit-agent-helper-1
-	usr/lib/polkit-1/polkitd
-"
-
-PATCHES=(
-	"${FILESDIR}"/${P}-mozjs-JIT.patch
-	"${FILESDIR}"/${P}-pkexec-uninitialized.patch
-)
-
-python_check_deps() {
-	python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
-	python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
-	use test && python-any-r1_pkg_setup
-}
-
-src_prepare() {
-	default
-
-	# bug #401513
-	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
-}
-
-src_configure() {
-	xdg_environment_reset
-
-	local emesonargs=(
-		--localstatedir="${EPREFIX}"/var
-		-Dauthfw="$(usex pam pam shadow)"
-		-Dexamples=false
-		-Dgtk_doc=false
-		-Dman=true
-		-Dos_type=gentoo
-		-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
-		-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
-		-Djs_engine=duktape
-		-Dlibs-only=false
-		$(meson_use introspection)
-		$(meson_use test tests)
-		$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
-	)
-	meson_src_configure
-}
-
-src_compile() {
-	meson_src_compile
-
-	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
-	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
-	meson_src_install
-
-	if use examples ; then
-		docinto examples
-		dodoc src/examples/{*.c,*.policy*}
-	fi
-
-	if [[ ${EUID} == 0 ]]; then
-		diropts -m 0700 -o polkitd
-	fi
-	keepdir /etc/polkit-1/rules.d
-}
-
-pkg_postinst() {
-	if [[ ${EUID} == 0 ]]; then
-		chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-		chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-	fi
-}

sys-auth/polkit/polkit-126-r1.ebuild

@@ -1,159 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{11..13} )
-inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/polkit-org/polkit"
-	inherit git-r3
-elif [[ ${PV} == *_p* ]] ; then
-	# Upstream don't make releases very often. Test snapshots throughly
-	# and review commits, but don't shy away if there's useful stuff there
-	# we want.
-	MY_COMMIT=""
-	SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz"
-
-	S="${WORKDIR}"/${PN}-${MY_COMMIT}
-else
-	SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz"
-fi
-
-LICENSE="LGPL-2"
-SLOT="0"
-if [[ ${PV} != 9999 ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
-fi
-IUSE="examples gtk +introspection kde pam nls selinux systemd test"
-RESTRICT="!test? ( test )"
-
-BDEPEND="
-	acct-user/polkitd
-	app-text/docbook-xml-dtd:4.1.2
-	app-text/docbook-xsl-stylesheets
-	>=dev-libs/glib-2.32
-	dev-libs/gobject-introspection-common
-	dev-libs/libxslt
-	dev-util/glib-utils
-	virtual/pkgconfig
-	introspection? ( >=dev-libs/gobject-introspection-1.82.0-r2 )
-	nls? ( sys-devel/gettext )
-	test? (
-		$(python_gen_any_dep '
-			dev-python/dbus-python[${PYTHON_USEDEP}]
-			dev-python/python-dbusmock[${PYTHON_USEDEP}]
-		')
-	)
-"
-DEPEND="
-	>=dev-libs/glib-2.32:2
-	dev-libs/expat
-	dev-lang/duktape:=
-	pam? (
-		sys-auth/pambase
-		sys-libs/pam
-	)
-	!pam? ( virtual/libcrypt:= )
-	systemd? ( sys-apps/systemd:0=[policykit] )
-	!systemd? ( sys-auth/elogind )
-"
-RDEPEND="
-	${DEPEND}
-	acct-user/polkitd
-	selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
-	gtk? ( || (
-		>=gnome-extra/polkit-gnome-0.105
-		>=lxde-base/lxsession-0.5.2
-	) )
-	kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING.md NEWS.md README.md )
-
-QA_MULTILIB_PATHS="
-	usr/lib/polkit-1/polkit-agent-helper-1
-	usr/lib/polkit-1/polkitd
-"
-
-PATCHES=(
-	"${FILESDIR}"/${P}-elogind.patch
-	"${FILESDIR}"/${P}-realpath.patch
-	"${FILESDIR}"/${P}-musl.patch
-)
-
-python_check_deps() {
-	python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
-	python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
-	use test && python-any-r1_pkg_setup
-}
-
-src_prepare() {
-	default
-
-	# bug #401513
-	sed -i -e 's|unix-group:@PRIVILEGED_GROUP@|unix-user:@PRIVILEGED_GROUP@|' src/polkitbackend/*-default.rules.in || die
-}
-
-src_configure() {
-	xdg_environment_reset
-
-	local emesonargs=(
-		--localstatedir="${EPREFIX}"/var
-		-Dauthfw="$(usex pam pam shadow)"
-		-Dexamples=false
-		-Dgtk_doc=false
-		-Dman=true
-		-Dos_type=gentoo
-		-Dpam_module_dir=$(getpam_mod_dir)
-		-Dprivileged_group=0
-		-Dsession_tracking="$(usex systemd logind elogind)"
-		-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
-		-Dlibs-only=false
-		$(meson_use introspection)
-		$(meson_use nls gettext)
-		$(meson_use test tests)
-	)
-	meson_src_configure
-}
-
-src_compile() {
-	meson_src_compile
-
-	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
-	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
-	meson_src_install
-
-	# acct-user/polkitd installs its own (albeit with a different filename)
-	rm -rf "${ED}"/usr/lib/sysusers.d || die
-
-	if use examples ; then
-		docinto examples
-		dodoc src/examples/{*.c,*.policy*}
-	fi
-
-	if [[ ${EUID} == 0 ]]; then
-		diropts -m 0700 -o polkitd
-	fi
-	keepdir /etc/polkit-1/rules.d
-}
-
-pkg_postinst() {
-	tmpfiles_process polkit-tmpfiles.conf
-
-	if [[ ${EUID} == 0 ]]; then
-		chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-		chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-	fi
-}