| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Dan Tran <dantran@microsoft.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
In PolicyKit (aka polkit) 0.115, the start time protection mechanism can
be bypassed because fork() is not atomic, and therefore authorization
decisions are improperly cached. This is related to lack of uid checking
in polkitbackend/polkitbackendinteractiveauthority.c.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-6133
Upstream patch:
https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- Rebase patches to 0.115
0001-make-netgroup-support-configurable.patch
polkit-1_pam.patch
- Add --disable-libelogind which OE does not have recipe
libelogind
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* last release was 2011
* it fails on autobuilder
* nothing uses it
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
consolekit depends on virtual/libx11 then it requires x11
distro feature, so add consolekit option only when x11
is in DISTRO_FEATURES.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Use '${COMMON_LICENSE_DIR}/MIT' for MIT License to fix the warning:
| WARNING: packagegroup-xfce-base-1.0-r5 do_populate_lic:
${COREBASE}/LICENSE is not a valid license file, please use
'${COMMON_LICENSE_DIR}/MIT' for a MIT License file in LIC_FILES_CHKSUM.
This will become an error in the future
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* remove tabs which sneaked in since last cleanup
* meta-oe layers are using consistent indentation with 4 spaces, see
http://www.openembedded.org/wiki/Styleguide
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Make features like netgroup optional, these are not supported by posix
secondly they are poked at during configure so nothing changes for glibc
based systems but it helps compiling with musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Fix QA warning:
WARNING: QA Issue: polkit-gnome: configure was passed unrecognised options:
--disable-examples --disable-introspection [unknown-configure-option]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Polkit is currently broken in images built with multilib and systemd.
This is because the patch, 0001-do-not-hardcoded-libdir.patch, applied on
top of the polkit source code modifies where the polkitd binary is
installed, but it does not modify the polkit.service file to start the
binary from its new location.
At first it seemed reasonable to modify the systemd service file to
search for the binary in the correct place. This change, as well as what
the patch (0001-do-not-hardcoded-libdir.patch) already does was proposed to
the polkit maintainers at https://bugs.freedesktop.org/show_bug.cgi?id=92094
During the discussion with the polkit maintainers it became apparent that the
change to support multilib polkit should not be done with a patch to
the polkit source code, but instead a change to the polkit recipe.
Polkit correctly installs libraries when multilib is in use without any
changes to its source code. What is being changed by
0001-do-not-hardcoded-libdir.patch is not where the polkit libraries are
installed but where the binaries are installed.
Installing binaries in /usr/lib when baselib is lib64 is acceptable (see
http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s06.html ).
So, instead of patching polkit to install its binaries under the same
library directory as its libraries we maintain the design of the polkit
installer to install the binaries in /usr/lib. This is the same as what is
done in distros like Fedora that supports multilib.
With this patch the polkit package, when built with multilib, installs
files into /usr/lib* as follows:
polkit/usr/lib64/libpolkit-agent-1.so.0
polkit/usr/lib64/libpolkit-gobject-1.so.0
polkit/usr/lib64/libpolkit-gobject-1.so.0.0.0
polkit/usr/lib64/libpolkit-agent-1.so.0.0.0
polkit/usr/lib
polkit/usr/lib/polkit-1
polkit/usr/lib/polkit-1/polkitd
polkit/usr/lib/polkit-1/polkit-agent-helper-1
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Recipes using this include depend on polkit which is not allarch.
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Remove 0001-configure.ac-Check-only-for-libsystemd-not-libsystem.patch,
it is not needed anymore.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
libdir is defined as ${prefix}/lib/, but we want it to support multilib path
Signed-off-by: Chunrong Guo <B40290@freescale.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
add missing dep on gtk+3
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Recipes including polkit-group-rule.inc correctly install a directory
with the user and group set as 'polkitd'. To avoid warnings like
these when assemblying the rootfs,
WARNING: log_check: warning: user polkitd does not exist - using root
...
WARNING: log_check: warning: group polkitd does not exist - using root
create this user and group.
Note: although the polkit recipe itself, on which this depends, is
creating this same user and group, it seems that the useradd class
needs this to be specified independently.
Signed-off-by: Ash Charles <ashcharles@gmail.com>
Acked-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
polkit-gnome.do_configure fails
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
checked in logfile: setting up ownership/permission is performed by make install
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
|
|
* fixes following QA warnings:
polkit-gnome-0.102: polkit-gnome: configure was passed unrecognised
options: --disable-scrollkeeper --disable-man-pages
[unknown-configure-option]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* These recipes all require intltool-native to build but were missing
a dependency on it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
add user-group 'datetime' allowing members to change date/time/timezone settings
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
|
|
add user-group 'network' allowing memebers to change networkmanager settings
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
|
|
note: this version's rules are written in jscript.
The following tests were performed:
* run-tests for gnome- and xfce-based image
* update a package that installs a new rule to check if the restricted access
rights for /etc/polkit-1/rules.d don't cause trouble
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
|
|
* This change is only aesthetic (unlike indentation in Python
tasks).
* Some recipes were using tabs.
* Some were using 8 spaces.
* Some were using mix or different number of spaces.
* Make them consistently use 4 spaces everywhere.
* Yocto styleguide advises to use tabs (but the only reason to keep
tabs is the need to update a lot of recipes). Lately this advice
was also merged into the styleguide on the OE wiki.
* Using 4 spaces in both types of tasks is better because it's less
error prone when someone is not sure if e.g.
do_generate_toolchain_file() is Python or shell task and also allows
to highlight every tab used in .bb, .inc, .bbappend, .bbclass as
potentially bad (shouldn't be used for indenting of multiline
variable assignments and cannot be used for Python tasks).
* Don't indent closing quote on multiline variables
we're quite inconsistent wheater it's first character on line
under opening quote or under first non-whitespace character in
previous line.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Acked-by: Koen Kooi <koen@dominion.thruhere.net>
|
|
* POLKITAUTH isn't used anymore PACKAGECONFIG should select right version for systemd now
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
PolKit will be removed from oe-core as it isn't massively applicable in
embedded, isn't used by anything by default anymore, and future upgrades require
the SpiderMonkey JavaScript runtime.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
OE-Core now handles the detection of authentication so we don't need
to do it here. The bbappend file is kept to provide the upgrade path
only, or the revision would go backwards.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
|
|
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
|
|
* people using sysvinit need to add something like
PACKAGECONFIG = "${@base_contains('VIRTUAL-RUNTIME_init_manager', 'sysvinit', 'consolekit', 'systemd', d)}"
or just
PACKAGECONFIG = "consolekit"
to their own .bbappend if they don't want to get systemd in their
images.
* and for the rest it will enable systemd explititly
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
|
Dan Tran
Ovidiu Panait
Hongxu Jia
Andreas Müller
Armin Kuster
Jackie Huang
Robert P. J. Day
Peter Kjellerstedt
Martin Jansa
Ross Burton
Alexander Kanavin
Khem Raj
Yi Zhao
Reinette Chatre
Andreas Müller
Li xin
Chunrong Guo
Ash Charles
Richard Purdie
Otavio Salvador
Koen Kooi