specs/p/polkit/polkit-vl.spec

%bcond_with systemd

Summary: PolicyKit Authorization Framework
Summary(ja): PolicyKit 認証フレームワーク
Name: polkit
Version: 0.120
Release: 2%{?_dist_release}%{?with_systemd:.systemd}
Group: system
Vendor: Project Vine
Distribution: Vine Linux

License: LGPLv2+
URL: https://www.freedesktop.org/wiki/Software/polkit
Source0: https://www.freedesktop.org/software/%{name}/releases/%{name}-%{version}.tar.gz
Patch0: polkit-0.115-elogind.patch
Patch1001: CVE-2021-4034.patch
Patch1002: CVE-2021-4115.patch

BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: glib2-devel
BuildRequires: expat-devel
BuildRequires: pam-devel
BuildRequires: mozjs78-devel
BuildRequires: gtk-doc
BuildRequires: intltool
BuildRequires: gobject-introspection-devel
%if %{with systemd}
BuildRequires: systemd-devel
%{?systemd_requires}
%else
BuildRequires: elogind-devel
%endif

Requires: dbus

Obsoletes: PolicyKit <= 0.10
Provides: PolicyKit = 0.11

Obsoletes: polkit-desktop-policy < 0.103
Provides: polkit-desktop-policy = 0.103

%if %{with systemd}
%{?systemd_requires}
%endif

%description
PolicyKit is a toolkit for defining and handling authorizations.
It is used for allowing unprivileged processes to speak to privileged
processes.


%package devel
Summary: Development files for PolicyKit
Summary(ja): PolicyKit の開発用ファイル
Group: programming
Requires: %name = %{version}-%{release}
Requires: %name-docs = %{version}-%{release}
Requires: pkgconfig
Requires: glib2-devel

%description devel
Development files for PolicyKit.


%package docs
Summary: Development documentation for PolicyKit
Summary(ja): PolicyKit の開発用ドキュメント
Group: documentation
Requires: %name-devel = %{version}-%{release}
Requires: gtk-doc

%description docs
Development documentation for PolicyKit.


%debug_package


%prep
%setup -q
%if !%{with systemd}
%patch0 -p1
%endif
%patch1001 -p1
%patch1002 -p1


%build
autoreconf -vif
%configure \
	--with-os-type=redhat \
	--enable-gtk-doc \
	--disable-static \
	--libexecdir=%{_libexecdir}/polkit-1 \
	--enable-introspection \
%if %{with systemd}
	--enable-libsystemd-login=yes \
%else
	--enable-libelogind=yes \
%endif
	--enable-examples

make %{?_smp_mflags}


%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT

rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/polkit-1/extensions/*.la

%find_lang polkit-1


%clean
rm -rf $RPM_BUILD_ROOT


%pre
groupadd -g 27 -r polkitd >/dev/null 2>&1 || :
useradd -u 27 -g polkitd -r -d '/' -s /sbin/nologin -c "User for polkitd" polkitd >/dev/null 2>&1 || :
exit 0

%post
%if %{with systemd}
%systemd_post polkit.service
%endif

%if %{with systemd}
%preun
%systemd_preun polkit.service
%endif

%postun
%if %{with systemd}
%systemd_postun_with_restart polkit.service
%endif


%files -f polkit-1.lang
%defattr(-,root,root,-)
%license COPYING
%doc NEWS README
%{_libdir}/lib*.so.*
%{_datadir}/man/man1/*
%{_datadir}/man/man8/*
%{_datadir}/dbus-1/system-services/*
%if %{with systemd}
%{_unitdir}/polkit.service
%endif
%dir %{_datadir}/polkit-1/
%dir %{_datadir}/polkit-1/actions
%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
%dir %{_sysconfdir}/polkit-1
%{_sysconfdir}/polkit-1/rules.d/50-default.rules
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d
%dir %{_datadir}/dbus-1
%dir %{_datadir}/dbus-1/system.d
%{_datadir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
%{_sysconfdir}/pam.d/polkit-1
%{_bindir}/pkaction
%{_bindir}/pkcheck
%{_bindir}/pkttyagent
%dir %{_prefix}/lib/polkit-1
%{_prefix}/lib/polkit-1/polkitd
%{_libdir}/girepository-1.0/*.typelib

# see upstream docs for why these permissions are necessary
%attr(4755,root,root) %{_bindir}/pkexec
%attr(4755,root,root) %{_prefix}/lib/polkit-1/polkit-agent-helper-1

%files devel
%defattr(-,root,root,-)
%{_libdir}/lib*.so
%{_libdir}/pkgconfig/*.pc
%{_datadir}/gir-1.0/*.gir
%{_includedir}/*
%{_bindir}/pk-example-frobnicate
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.examples.pkexec.policy
%dir %{_datadir}/gettext
%dir %{_datadir}/gettext/its
%{_datadir}/gettext/its/*

%files docs
%defattr(-,root,root,-)
%{_datadir}/gtk-doc/html/*


%changelog
* Sat Mar 05 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.120-2
- imported Patch1002 from upstream to fix CVE-2021-4115.

* Thu Jan 27 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.120-1
- new upstream release.
- dropped Patch1000: fixed in upstream.
- imported Patch1001 from upstream to fix CVE-2021-4034.

* Sat Jun 12 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.118-2
- added Patch1000 to fix CVE-2021-3560.
- dropped ldconfig scriptlets.

* Wed Feb 24 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.118-1
- new upstream release.

* Fri Aug 07 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.117-1
- new upstream release.
- dropped Patch1-3: fixed in upstream.

* Sat Jul 25 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.116-2
- added systemd support (disabled as default).
- imported Patch1-3 from rawhide.

* Tue Mar 24 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.116-1
- new upstream release.

* Fri Jan 04 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.115-2
- really enabled elogind.

* Sun Dec 16 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.115-1
- new upstream release.
- enabled elogind: ConsoleKit is obsolete.

* Mon Dec 30 2013 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.112-2
- new upstream release

* Sat Oct 26 2013 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.112-1
- new upstream release

* Wed Apr 17 2013 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.110-1
- new upstream release

* Thu Sep 27 2012 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.107-1
- new upstream release
- add BuildRequires: js-devel
- remove BuildRequires: eggdbus-devel
- remove polkit-desktop-policy subpackage (based on fedora)
- historical changelogs are following:

  * Tue May 08 2012 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.105-1
  - new upstream release

  * Sat Feb 25 2012 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.104-1
  - new upstream release

  * Sat Aug 20 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.102-1
  - new upstream release

  * Sat Oct 02 2010 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.99-1
  - new upstream release

  * Tue Sep 21 2010 IWAI, Masaharu <iwai@alib.jp> 0.96-2
  - build with rpm-4.8.1-1 for pkg-config file

  * Mon Feb 22 2010 Daisuke SUZUKI <daisuke@linux.or.jp> 0.96-1
  - update to 0.96
  - BR: eggdbus-devel >= 0.6

  * Mon Oct 19 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 0.95-0.2.git20090913
  - remove Obsoletes:/Provides: PolicyKit*

  * Sat Sep 26 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 0.95-0.1.git20090913
  - initial build for Vine Linux

* Wed Jul 11 2012 David Zeuthen <davidz@redhat.com> 0.107-1%{?dist}
- Update to upstream release 0.107

* Fri Jun 29 2012 David Zeuthen <davidz@redhat.com> 0.106-2%{?dist}
- Add forgotten Requires(pre): shadow-utils

* Thu Jun 07 2012 David Zeuthen <davidz@redhat.com> 0.106-1%{?dist}
- Update to upstream release 0.106
- Authorizations are no longer controlled by .pkla files - from now
  on, use the new .rules files described in the polkit(8) man page

* Tue Apr 24 2012 David Zeuthen <davidz@redhat.com> 0.105-1%{?dist}
- Update to upstream release 0.105
- Nuke patches that are now upstream
- Change 'PolicyKit' to 'polkit' in summary and descriptions

* Thu Mar 08 2012 David Zeuthen <davidz@redhat.com> 0.104-6%{?dist}
- Don't leak file descriptors (bgo #671486)

* Mon Feb 13 2012 Matthias Clasen <mclasen@redhat.com> - 0.104-5%{?dist}
- Make the -docs subpackage noarch

* Mon Feb 06 2012 David Zeuthen <davidz@redhat.com> 0.104-4%{?dist}
- Set error if we cannot obtain a PolkitUnixSession for a given PID (#787222)

* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.104-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Tue Jan 03 2012 David Zeuthen <davidz@redhat.com> 0.104-2%{?dist}
- Nuke the ConsoleKit run-time requirement

* Tue Jan 03 2012 David Zeuthen <davidz@redhat.com> 0.104-1%{?dist}
- Update to upstream release 0.104
- Force usage of systemd (instead of ConsoleKit) for session tracking

* Tue Dec 06 2011 David Zeuthen <davidz@redhat.com> 0.103-1%{?dist}
- Update to upstream release 0.103
- Drop upstreamed patch
- Drop Fedora-specific policy, it is now upstream (fdo #41008)

* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.102-3
- Rebuilt for glibc bug#747377

* Tue Oct 18 2011 David Zeuthen <davidz@redhat.com> 0.102-2%{?dist}
- Add patch to neuter the annoying systemd behavior where stdout/stderr
  is sent to the system logs

* Thu Aug 04 2011 David Zeuthen <davidz@redhat.com> 0.102-1
- Update to 0.102 release

* Fri May 13 2011 Bastien Nocera <bnocera@redhat.com> 0.101-7
- Allow setting the pretty hostname without a password for wheel,
  change matches systemd in git

* Mon May  2 2011 Matthias Clasen <mclasen@redhat.com> - 0.101-6
- Update the action id of the datetime mechanism

* Tue Apr 19 2011 David Zeuthen <davidz@redhat.com> - 0.101-5
- CVE-2011-1485 (#697951)

* Tue Mar 22 2011 Kevin Kofler <Kevin@tigcc.ticalc.org> - 0.101-4
- Also allow org.kde.kcontrol.kcmclock.save without password for wheel

* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-3
- Fix typo in pkla file (thanks notting)

* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-2
- Nuke desktop_admin_r and desktop_user_r groups - just use the
  wheel group instead (#688363)
- Update the set of configuration directives that gives users
  in the wheel group extra privileges

* Thu Mar 03 2011 David Zeuthen <davidz@redhat.com> - 0.101-1
- New upstream version

* Mon Feb 21 2011 David Zeuthen <davidz@redhat.com> - 0.100-1
- New upstream version

* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.98-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Fri Jan 28 2011 Matthias Clasen <mclasen@redhat.com> - 0.98-6
- Own /usr/libexec/polkit-1

* Sun Nov 14 2010 Matthias Clasen <mclasen@redhat.com> - 0.98-5
- Enable introspection

* Thu Sep 02 2010 David Zeuthen <davidz@redhat.com> - 0.98-4
- Fix #629515 in a way that doesn't require autoreconf

* Thu Sep 02 2010 David Zeuthen <davidz@redhat.com> - 0.98-2
- Include polkitagentenumtypes.h (#629515)

* Mon Aug 23 2010 Matthias Clasen <mclasen@redhat.com> - 0.98-1
- Update to upstream release 0.98
- Co-own /usr/share/gtk-doc (#604410)

* Wed Aug 18 2010 Matthias Clasen <mclasen@redhat.com> - 0.97-5
- Rebuid to work around bodhi limitations

* Wed Aug 18 2010 Matthias Clasen <mclasen@redhat.com> - 0.97-4
- Fix a ConsoleKit interaction bug

* Fri Aug 13 2010 David Zeuthen <davidz@redhat.com> - 0.97-3
- Add a patch to make pkcheck(1) work the way libvirtd uses it (#623257)
- Require GLib >= 2.25.12 instead of 2.25.11
- Ensure polkit-gnome packages earlier than 0.97 are not used with
  these packages

* Mon Aug 09 2010 David Zeuthen <davidz@redhat.com> - 0.97-2
- Rebuild

* Mon Aug 09 2010 David Zeuthen <davidz@redhat.com> - 0.97-1
- Update to 0.97. This release contains a port from EggDBus to the
  GDBus code available in recent GLib releases.

* Fri Jan 15 2010 David Zeuthen <davidz@redhat.com> - 0.96-1
- Update to 0.96
- Disable introspection support for the time being

* Fri Nov 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-2
- Rebuild

* Fri Nov 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-1
- Update to 0.95
- Drop upstreamed patches

* Tue Oct 20 2009 Matthias Clasen <mclasen@redhat.com> - 0.95-0.git20090913.3
- Fix a typo in pklocalauthority(8)

* Mon Sep 14 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913.2
- Refine how Obsolete: is used and also add Provides: (thanks Jesse
  Keating and nim-nim)

* Mon Sep 14 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913.1
- Add bugfix for polkit_unix_process_new_full() (thanks Bastien Nocera)
- Obsolete old PolicyKit packages

* Sun Sep 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913
- Update to git snapshot
- Drop upstreamed patches
- Turn on GObject introspection
- Don't delete desktop_admin_r and desktop_user_r groups when
  uninstalling polkit-desktop-policy

* Fri Sep 11 2009 David Zeuthen <davidz@redhat.com> - 0.94-4
- Add some patches from git master
- Sort pkaction(1) output
- Bug 23867 – UnixProcess vs. SystemBusName aliasing

* Thu Aug 13 2009 David Zeuthen <davidz@redhat.com> - 0.94-3
- Add desktop_admin_r and desktop_user_r groups along with a first cut
  of default authorizations for users in these groups.

* Wed Aug 12 2009 David Zeuthen <davidz@redhat.com> - 0.94-2
- Disable GObject Introspection for now as it breaks the build

* Wed Aug 12 2009 David Zeuthen <davidz@redhat.com> - 0.94-1
- Update to upstream release 0.94

* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.93-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Mon Jul 20 2009 David Zeuthen <davidz@redhat.com> - 0.93-2
- Rebuild

* Mon Jul 20 2009 David Zeuthen <davidz@redhat.com> - 0.93-1
- Update to 0.93

* Tue Jun 09 2009 David Zeuthen <davidz@redhat.com> - 0.92-3
- Don't make docs noarch (I *heart* multilib)
- Change license to LGPLv2+

* Mon Jun 08 2009 David Zeuthen <davidz@redhat.com> - 0.92-2
- Rebuild

* Mon Jun 08 2009 David Zeuthen <davidz@redhat.com> - 0.92-1
- Update to 0.92 release

* Wed May 27 2009 David Zeuthen <davidz@redhat.com> - 0.92-0.git20090527
- Update to 0.92 snapshot

* Mon Feb  9 2009 David Zeuthen <davidz@redhat.com> - 0.91-1
- Initial spec file.