Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
polkit
polkit.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File polkit.spec of Package polkit
# # spec file for package polkit # # Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define with_systemd 1 %if 0%{with_systemd} %define systemdsystemunitdir %(pkg-config --variable systemdsystemunitdir systemd) %endif Name: polkit Summary: PolicyKit Authorization Framework License: LGPL-2.1-or-later Group: System/Libraries Version: 0.113 Release: 0 URL: http://www.freedesktop.org/wiki/Software/polkit/ BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz Source99: baselibs.conf # PATCH-FIX-OPENSUSE polkit-no-wheel-group.patch vuntz@opensuse.org -- In openSUSE, there's no special meaning for the wheel group, so we shouldn't allow it to be admin Patch0: polkit-no-wheel-group.patch # PATCH-FIX-UPSTREAM polkit-no-systemd.patch bnc#782395 fdo#55377 vuntz@opensuse.org -- Do not reference non-existing polkit.service file for systemd (only applied if not built with systemd support) Patch1: polkit-no-systemd.patch # PATCH-FIX-OPENSUSE polkit-revert-session-magic.patch meissner@suse.com -- somehow our systemd is not reporting active sessions correctly all the time. Patch2: polkit-revert-session-magic.patch # PATCH-FIX-UPSTREAM 0001-Fix-CVE-FIXME-Trusting-client-supplied-UID.patch mgerstner@suse.com -- security fix Patch3: 0001-Fix-CVE-FIXME-Trusting-client-supplied-UID.patch # PATCH-FIX-UPSTREAM polkit-CVE-2018-19788.patch bsc#1118277 meissner@suse.com -- 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Patch5: polkit-CVE-2018-19788.patch # PATCH-FIX-UPSTREAM CVE-2019-6133.patch bsc#1121826 meissner@suse.com -- c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81 Patch6: CVE-2019-6133.patch # PATCH-FIX-UPSTREAM CVE-2021-3560.patch meissner@ -- bsc#1186497 VUL-0: EMBARGOED: CVE-2021-3560: polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync() Patch7: CVE-2021-3560.patch # PATCH-FIX-3RDPARTY CVE-2021-4034-pkexec-fix.patch meissner@ -- 1194568 VUL-0: EMBARGOED: CVE-2021-4034: polkit: pkexec Local Privilege Escalation Patch8: CVE-2021-4034-pkexec-fix.patch # PATCH-FIX-3RDPARTY CVE-2021-4115.patch rfrohl@ -- 1195542 VUL-0: EMBARGOED: CVE-2021-4115: polkit: denial of service via file descriptor leak Patch9: CVE-2021-4115.patch # needed for patch1 BuildRequires: autoconf # needed for patch1 BuildRequires: automake BuildRequires: glib2-devel >= 2.30.0 BuildRequires: gobject-introspection-devel >= 0.6.2 BuildRequires: gtk-doc # gtk-doc drags indirectyly ruby in for one of the helpers. This in turn causes a build cycle. #!BuildIgnore: ruby BuildRequires: intltool BuildRequires: libexpat-devel # needed for patch1 and patch3 BuildRequires: libtool BuildRequires: pam-devel %if 0%{?with_systemd} BuildRequires: systemd-devel %endif %if 0%{?suse_version} >= 1310 BuildRequires: pkgconfig(mozjs-17.0) %else BuildRequires: pkgconfig(mozjs185) %endif PreReq: permissions PreReq: pwdutils %if ! %{with_systemd} Requires: ConsoleKit %endif Requires: dbus-1 Requires: libpolkit0 = %{version}-%{release} %if %{with_systemd} %systemd_requires %endif # Upstream First - Policy: # Never add any patches to this package without the upstream commit id # in the patch. Any patches added here without a very good reason to make # an exception will be silently removed with the next version update. %description PolicyKit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. %package devel Summary: Development files for PolicyKit Group: Development/Libraries/C and C++ Requires: %name = %{version}-%{release} Requires: libpolkit0 = %{version} Requires: pkgconfig Requires: typelib-1_0-Polkit-1_0 = %{version} %description devel Development files for PolicyKit Authorization Framework. %package doc Summary: Development documentation for PolicyKit Group: Development/Libraries/C and C++ %if 0%{?suse_version} >= 1120 BuildArch: noarch %endif %description doc Development documentation for PolicyKit Authorization Framework. %package -n libpolkit0 Summary: PolicyKit Authorization Framework -- Libraries Group: System/Libraries Requires: %{name} >= %{version} %description -n libpolkit0 PolicyKit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. This package contains the libraries only. %package -n typelib-1_0-Polkit-1_0 Summary: PolicyKit Authorization Framework -- Introspection bindings Group: System/Libraries %description -n typelib-1_0-Polkit-1_0 PolicyKit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. This package provides the GObject Introspection bindings for PolicyKit. %prep %setup -q %patch0 -p1 %if !(0%{?with_systemd}) %patch1 -p1 %endif %patch2 -R -p1 %patch3 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %build export V=1 # needed for patch1 autoreconf -fi export SUID_CFLAGS="-fPIE" export SUID_LDFLAGS="-z now -pie" %configure \ --with-os-type=suse \ --enable-gtk-doc \ --with-pic \ --disable-static \ --enable-introspection \ --enable-examples \ %if 0%{?with_systemd} --enable-libsystemd-login \ %else --disable-libsystemd-login \ %endif --libexecdir=%{_libexecdir}/polkit-1 make %{?_smp_mflags} %install %make_install rm $RPM_BUILD_ROOT%{_libdir}/*.la # create $HOME for polkit user install -d %{buildroot}%{_localstatedir}/lib/polkit %find_lang polkit-1 %pre getent group polkitd > /dev/null || groupadd -r polkitd getent passwd polkitd > /dev/null || useradd -r -g polkitd -d %{_localstatedir}/lib/polkit -s /sbin/nologin -c "User for polkitd" polkitd %if %{with_systemd} %service_add_pre polkit.service %endif exit 0 %if %{with_systemd} %preun %service_del_preun polkit.service %postun %service_del_postun polkit.service %endif %post %set_permissions %{_bindir}/pkexec %set_permissions %{_prefix}/lib/polkit-1/polkit-agent-helper-1 %if %{with_systemd} %service_add_post polkit.service %endif %verifyscript %verify_permissions -e %{_bindir}/pkexec %verify_permissions -e %{_prefix}/lib/polkit-1/polkit-agent-helper-1 %post -n libpolkit0 -p /sbin/ldconfig %postun -n libpolkit0 -p /sbin/ldconfig %files -n libpolkit0 %defattr(-,root,root,-) %{_libdir}/libpolkit-agent-1.so.* %{_libdir}/libpolkit-gobject-1.so.* %files -n typelib-1_0-Polkit-1_0 %defattr(-,root,root,-) %{_libdir}/girepository-1.0/Polkit-1.0.typelib %{_libdir}/girepository-1.0/PolkitAgent-1.0.typelib %files -f polkit-1.lang %defattr(-,root,root,-) %doc COPYING %{_mandir}/man1/pkexec.1%{?ext_man} %{_mandir}/man1/pkaction.1%{?ext_man} %{_mandir}/man1/pkcheck.1%{?ext_man} %{_mandir}/man1/pkttyagent.1%{?ext_man} %{_mandir}/man8/polkitd.8%{?ext_man} %{_mandir}/man8/polkit.8%{?ext_man} %dir %{_datadir}/dbus-1 %dir %{_datadir}/dbus-1/system-services %{_datadir}/dbus-1/system-services/org.freedesktop.PolicyKit1.service %dir %{_datadir}/polkit-1 %dir %{_datadir}/polkit-1/actions %{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy %attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d %dir %{_sysconfdir}/dbus-1 %dir %{_sysconfdir}/dbus-1/system.d %config %{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf %config %{_sysconfdir}/pam.d/polkit-1 %dir %{_sysconfdir}/polkit-1 %attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d %config %{_sysconfdir}/polkit-1/rules.d/50-default.rules %{_bindir}/pkaction %{_bindir}/pkcheck %verify(not mode) %attr(4755,root,root) %{_bindir}/pkexec %{_bindir}/pkttyagent %dir %{_libexecdir}/polkit-1 %{_libexecdir}/polkit-1/polkitd %verify(not mode) %attr(4755,root,root) %{_prefix}/lib/polkit-1/polkit-agent-helper-1 # $HOME for polkit user %dir %{_localstatedir}/lib/polkit %if %{with_systemd} %{systemdsystemunitdir}/polkit.service %endif %files devel %defattr(-,root,root,-) %{_libdir}/libpolkit-agent-1.so %{_libdir}/libpolkit-gobject-1.so %{_libdir}/pkgconfig/polkit-agent-1.pc %{_libdir}/pkgconfig/polkit-gobject-1.pc %{_includedir}/polkit-1/ %{_bindir}/pk-example-frobnicate %{_datadir}/gir-1.0/*.gir %{_datadir}/polkit-1/actions/org.freedesktop.policykit.examples.pkexec.policy %files doc %defattr(-,root,root,-) %doc NEWS %doc %{_datadir}/gtk-doc/html/polkit-1/ %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor