# Buildsheet autogenerated by ravenadm tool -- Do not edit.
NAMEBASE= polkit
VERSION= 127
KEYWORDS= sysutils
VARIANTS= std
SDESC[std]= Framework for access control to system components
HOMEPAGE= https://www.freedesktop.org/wiki/Software/polkit/
CONTACT= Michael_Reim[kraileth@elderlinux.org]
DOWNLOAD_GROUPS= main
SITES[main]= GITHUB/polkit-org:polkit:127
DISTFILE[1]= generated:main
DF_INDEX= 1
SPKGS[std]= set
primary
dev
man
nls
OPTIONS_AVAILABLE= none
OPTIONS_STANDARD= none
BUILD_DEPENDS= docbook-xsl:primary:std
dbus:dev:std
duktape:dev:std
openpam:dev:std
BUILDRUN_DEPENDS= dbus:primary:std
openpam:primary:std
duktape:primary:std
USERS= polkitd
GROUPS= polkitd
USERGROUP_SPKG= primary
USES= meson pkgconfig shebangfix expat cpe
GNOME_COMPONENTS= glib introspection libxslt intltool
LICENSE= LGPL21+:primary
LICENSE_TERMS= primary:{{WRKDIR}}/TERMS
LICENSE_FILE= LGPL21+:stock
LICENSE_AWK= TERMS:"^$$"
LICENSE_SOURCE= TERMS:{{WRKSRC}}/src/polkit/polkit.h
LICENSE_SCHEME= solo
CPE_VENDOR= polkit_project
FPC_EQUIVALENT= sysutils/polkit
MESON_ARGS= -Dauthfw=pam
-Dpam_prefix={{LOCALBASE}}/etc/pam.d
-Dos_type=netbsd
-Dintrospection=true
-Dtests=false
-Dman=true
-Dgtk_doc=false
-Dpolkitd_user=polkitd
-Dsession_tracking=ConsoleKit
-Dgettext=true
SHEBANG_FILES= {{WRKSRC}}/src/polkitbackend/toarray.pl
CFLAGS= -Wno-deprecated-declarations
-Wno-implicit-function-declaration
-Wno-int-conversion
post-install:
${MKDIR} ${STAGEDIR}/var/lib/polkit-1
${MV} ${STAGEDIR}${PREFIX}/share/dbus-1/system.d/org.freedesktop.PolicyKit1.conf \
${STAGEDIR}${PREFIX}/share/dbus-1/system.d/org.freedesktop.PolicyKit1.conf.sample
.for i in 10-vendor.d 20-org.d 30-site.d 50-local.d 90-mandatory.d
${MKDIR} ${STAGEDIR}${PREFIX}/share/polkit-1/localauthority/${i}
${MKDIR} ${STAGEDIR}/var/lib/polkit-1/localauthority/${i}
.endfor
${MV} ${STAGEDIR}/usr/lib/sysusers.d ${STAGEDIR}${PREFIX}/lib/
${MV} ${STAGEDIR}/usr/lib/tmpfiles.d ${STAGEDIR}${PREFIX}/lib/
${RM} -r ${STAGEDIR}/usr
# Disable system-d for now
${RM} -r ${STAGEDIR}${PREFIX}/share/dbus-1/system.d
pre-configure:
${REINPLACE_CMD} -e 's|__DBPATH__|${PREFIX}/share/xsl/docbook/manpages|' \
${WRKSRC}/docs/man/meson.build
${REINPLACE_CMD} -e 's|/usr/bin/|${PREFIX}/bin/|g' \
${WRKSRC}/docs/man/pkexec.xml \
${WRKSRC}/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in
${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${PREFIX}|g' \
${WRKSRC}/docs/man/polkit.xml
post-patch-sunos:
${REINPLACE_CMD} -e '/as-needed/ s/^.*$$/NOOP=1/' ${WRKSRC}/configure
[FILE:300:descriptions/desc.primary]
Polkit is an application-level toolkit for defining and handling the
policy that allows unprivileged processes to speak to privileged
processes. It is a framework for centralizing the decision making process
with respect to granting access to privileged operations for unprivileged
applications.
[FILE:107:distinfo]
9b7bc16f086479dcc626c575976568ba4a85d34297a750d8ab3d2e57f6d8b988 472872 polkit-org-polkit-127.tar.gz
[FILE:1175:manifests/plist.primary]
bin/
pkaction
pkcheck
@(root,,4755) bin/pkexec
pkttyagent
etc/pam.d/polkit-1
etc/polkit-1/rules.d/50-default.rules
lib/
libpolkit-agent-1.so.0
libpolkit-agent-1.so.0.0.0
libpolkit-gobject-1.so.0
libpolkit-gobject-1.so.0.0.0
lib/girepository-1.0/
Polkit-1.0.typelib
PolkitAgent-1.0.typelib
@(root,,4755) lib/polkit-1/polkit-agent-helper-1
lib/polkit-1/polkitd
lib/sysusers.d/polkit.conf
lib/tmpfiles.d/polkit-tmpfiles.conf
share/dbus-1/system-services/org.freedesktop.PolicyKit1.service
share/gettext/its/
polkit.its
polkit.loc
share/gir-1.0/
Polkit-1.0.gir
PolkitAgent-1.0.gir
share/polkit-1/
policyconfig-1.dtd
polkitd.conf
share/polkit-1/actions/org.freedesktop.policykit.policy
@dir /var/lib/polkit-1/localauthority/10-vendor.d
@dir /var/lib/polkit-1/localauthority/20-org.d
@dir /var/lib/polkit-1/localauthority/30-site.d
@dir /var/lib/polkit-1/localauthority/50-local.d
@dir /var/lib/polkit-1/localauthority/90-mandatory.d
@dir share/polkit-1/localauthority/10-vendor.d
@dir share/polkit-1/localauthority/20-org.d
@dir share/polkit-1/localauthority/30-site.d
@dir share/polkit-1/localauthority/50-local.d
@dir share/polkit-1/localauthority/90-mandatory.d
[FILE:762:manifests/plist.dev]
include/polkit-1/polkit/
polkit.h
polkitactiondescription.h
polkitauthority.h
polkitauthorityfeatures.h
polkitauthorizationresult.h
polkitcheckauthorizationflags.h
polkitdetails.h
polkitenumtypes.h
polkiterror.h
polkitidentity.h
polkitimplicitauthorization.h
polkitpermission.h
polkitprivate.h
polkitsubject.h
polkitsystembusname.h
polkittemporaryauthorization.h
polkittypes.h
polkitunixgroup.h
polkitunixnetgroup.h
polkitunixprocess.h
polkitunixsession.h
polkitunixuser.h
include/polkit-1/polkitagent/
polkitagent.h
polkitagentenumtypes.h
polkitagentlistener.h
polkitagentsession.h
polkitagenttextlistener.h
polkitagenttypes.h
lib/
libpolkit-agent-1.so
libpolkit-gobject-1.so
lib/pkgconfig/
polkit-agent-1.pc
polkit-gobject-1.pc
[FILE:130:manifests/plist.man]
share/man/man1/
pkaction.1
pkcheck.1
pkexec.1
pkttyagent.1
share/man/man5/polkitd.conf.5
share/man/man8/
polkit.8
polkitd.8
[FILE:1009:manifests/plist.nls]
share/locale/bg/LC_MESSAGES/polkit-1.mo
share/locale/cs/LC_MESSAGES/polkit-1.mo
share/locale/da/LC_MESSAGES/polkit-1.mo
share/locale/de/LC_MESSAGES/polkit-1.mo
share/locale/hi/LC_MESSAGES/polkit-1.mo
share/locale/hr/LC_MESSAGES/polkit-1.mo
share/locale/hu/LC_MESSAGES/polkit-1.mo
share/locale/id/LC_MESSAGES/polkit-1.mo
share/locale/it/LC_MESSAGES/polkit-1.mo
share/locale/ka/LC_MESSAGES/polkit-1.mo
share/locale/nl/LC_MESSAGES/polkit-1.mo
share/locale/nn/LC_MESSAGES/polkit-1.mo
share/locale/oc/LC_MESSAGES/polkit-1.mo
share/locale/pl/LC_MESSAGES/polkit-1.mo
share/locale/pt/LC_MESSAGES/polkit-1.mo
share/locale/pt_BR/LC_MESSAGES/polkit-1.mo
share/locale/ro/LC_MESSAGES/polkit-1.mo
share/locale/ru/LC_MESSAGES/polkit-1.mo
share/locale/sk/LC_MESSAGES/polkit-1.mo
share/locale/sl/LC_MESSAGES/polkit-1.mo
share/locale/sv/LC_MESSAGES/polkit-1.mo
share/locale/tr/LC_MESSAGES/polkit-1.mo
share/locale/uk/LC_MESSAGES/polkit-1.mo
share/locale/zh_CN/LC_MESSAGES/polkit-1.mo
share/locale/zh_TW/LC_MESSAGES/polkit-1.mo
[FILE:441:patches/patch-docs_man_meson.build]
--- docs/man/meson.build.orig 2025-12-17 16:14:53 UTC
+++ docs/man/meson.build
@@ -5,8 +5,10 @@ xsltproc_cmd = [
xsltproc,
'--output', '@OUTPUT@',
'--nonet',
+ '--path',
+ '__DBPATH__',
'--stringparam', 'man.base.url.for.relative.links', pk_api_docpath + '/',
- 'http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl',
+ 'http://cdn.docbook.org/release/xsl/current/manpages/docbook.xsl',
'@INPUT@',
]
[FILE:5217:patches/patch-docs_man_polkit.xml]
--- docs/man/polkit.xml.orig 2025-12-17 16:14:53 UTC
+++ docs/man/polkit.xml
@@ -104,17 +104,15 @@ System Context |
+------------------+ |
^ |
| +--------------------------------------------+
- | | /etc/polkit-1/actions/*.policy |
+ | | %%LOCALBASE%%/etc/polkit-1/actions/*.policy |
| | /run/polkit-1/actions/*.policy |
| | /usr/local/share/polkit-1/actions/*.policy |
- | | /usr/share/polkit-1/actions/*.policy |
| +--------------------------------------------+
|
+--------------------------------------------+
- | /etc/polkit-1/rules.d/*.rules |
+ | %%LOCALBASE%%/etc/polkit-1/rules.d/*.rules |
| /run/polkit-1/rules.d/*.rules |
| /usr/local/share/polkit-1/rules.d/*.rules |
- | /usr/share/polkit-1/rules.d/*.rules |
+--------------------------------------------+
]]>
@@ -222,7 +220,7 @@ System Context |
order to use polkit. Actions correspond to operations that
clients can request the mechanism to carry out and are defined
in XML files that the mechanism installs into the /usr/share/polkit-1/actions
+ class='directory'>%%LOCALBASE%%/share/polkit-1/actions
directory.
@@ -481,10 +479,9 @@ System Context |
directories in this order:
- /etc/polkit-1/rules.d
+ %%LOCALBASE%%/etc/polkit-1/rules.d
/run/polkit-1/rules.d
/usr/local/share/polkit-1/rules.d
- /usr/share/polkit-1/rules.d
These directories are processed in lexical order based on the basename
@@ -493,10 +490,9 @@ System Context |
files, the order is:
- /etc/polkit-1/rules.d/10-auth.rules
+ %%LOCALBASE%%/etc/polkit-1/rules.d/10-auth.rules
/run/polkit-1/rules.d/10-auth.rules
/usr/local/share/polkit-1/rules.d/10-auth.rules
- /usr/share/polkit-1/rules.d/10-auth.rules
All of these directories are monitored, so if a rules file is changed,
@@ -576,7 +572,7 @@ System Context |
called in the order they have been added until one of the
functions returns a value. Hence, to add an authorization rule
that is processed before other rules, put it in a file in
- /etc/polkit-1/rules.d
+ %%LOCALBASE%%/etc/polkit-1/rules.d
with a name that sorts before other rules files, for example
00-early-checks.rules. Each function should
return a value from polkit.Result
@@ -692,8 +688,8 @@ polkit.addRule(function(action, subject)
will produce the following when the user runs 'pkexec -u bateman bash -i' from a shell:
@@ -960,7 +956,7 @@ polkit.addRule(function(action, subject)
#endif
#include
+#ifdef HAVE_SOLARIS
+#include
+#include
+#include
+#endif
#ifdef HAVE_FREEBSD
#include
#include
@@ -189,7 +194,7 @@ enum
static void subject_iface_init (PolkitSubjectIface *subject_iface);
-static guint64 get_start_time_for_pid (gint pid,
+static guint64 get_start_time_for_pid (pid_t pid,
GError **error);
static gint
[FILE:1459:patches/patch-src_polkitagent_polkitagenthelper-pam.c]
Fix build on NetBSD.
https://github.com/polkit-org/polkit/pull/624
Combined with FreeBSD's FPC patch
--- src/polkitagent/polkitagenthelper-pam.c.orig 2025-12-17 16:14:53 UTC
+++ src/polkitagent/polkitagenthelper-pam.c
@@ -38,7 +38,7 @@
# define SO_PEERPIDFD 0x404B
# elif defined(__sparc__)
# define SO_PEERPIDFD 0x0056
-# else
+# elif defined(__linux__)
# define SO_PEERPIDFD 77
# endif
#endif
@@ -137,11 +137,14 @@ main (int argc, char *argv[])
goto error;
}
+#ifdef SO_PEERPIDFD
/* We are socket activated and the socket has been set up as stdio/stdout, read user from it */
if (argv[1] != NULL && strcmp (argv[1], "--socket-activated") == 0)
{
socklen_t socklen = sizeof(int);
+# ifdef SO_PEERCRED
struct ucred ucred;
+# endif
user_to_auth_free = read_cookie (argc, argv);
if (!user_to_auth_free)
@@ -165,8 +168,12 @@ main (int argc, char *argv[])
goto error;
}
+# ifdef SO_PEERCRED
socklen = sizeof(ucred);
rc = getsockopt(STDIN_FILENO, SOL_SOCKET, SO_PEERCRED, &ucred, &socklen);
+# else
+ rc = -1;
+# endif
if (rc < 0)
{
syslog (LOG_ERR, "Unable to get credentials from socket");
@@ -174,9 +181,12 @@ main (int argc, char *argv[])
goto error;
}
+# ifdef SO_PEERCRED
uid = ucred.uid;
+# endif
}
else
+#endif
user_to_auth = argv[1];
cookie = read_cookie (argc, argv);
[FILE:313:patches/patch-src_polkitbackend_meson.build]
--- src/polkitbackend/meson.build.orig 2025-12-17 16:14:53 UTC
+++ src/polkitbackend/meson.build
@@ -58,7 +58,7 @@ configure_file(
'PRIVILEGED_GROUP': privileged_group,
},
install: true,
- install_dir: pk_pkgdatadir / 'rules.d',
+ install_dir: pk_pkgsysconfdir / 'rules.d',
)
program = 'polkitd'
[FILE:330:patches/patch-src_polkitbackend_polkitbackendauthority.c]
--- src/polkitbackend/polkitbackendauthority.c.orig 2025-12-17 16:14:53 UTC
+++ src/polkitbackend/polkitbackendauthority.c
@@ -24,6 +24,9 @@
#include
#include
#include
+#ifdef HAVE_SOLARIS
+#include
+#endif
#include
#include
[FILE:945:patches/patch-src_polkitbackend_polkitbackendinteractiveauthority.c]
$NetBSD: patch-src_polkitbackend_polkitbackendinteractiveauthority.c,v 1.5 2025/12/21 15:44:05 wiz Exp $
* for *BSD netgroup functions
https://github.com/polkit-org/polkit/pull/624
--- src/polkitbackend/polkitbackendinteractiveauthority.c.orig 2025-12-17 16:14:53 UTC
+++ src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -25,8 +25,13 @@
#ifdef HAVE_NETGROUP_H
#include
#else
+#if defined(__NetBSD__)
+#include
+#define BSD_NETGROUP
+#else
#include
#endif
+#endif
#include
#include
#include
@@ -2383,7 +2388,7 @@ get_users_in_net_group (PolkitIdentity
name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
-# ifdef HAVE_SETNETGRENT_RETURN
+#if defined(HAVE_SETNETGRENT_RETURN) && !defined(__NetBSD__)
if (setnetgrent (name) == 0)
{
g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
[FILE:2251:patches/patch-src_polkitbackend_polkitd.c]
$NetBSD: patch-src_polkitbackend_polkitd.c,v 1.4 2025/12/21 15:44:05 wiz Exp $
Avoid %m usage in printf.
https://github.com/polkit-org/polkit/pull/624
--- src/polkitbackend/polkitd.c.orig 2025-12-17 16:14:53 UTC
+++ src/polkitbackend/polkitd.c
@@ -20,6 +20,7 @@
*/
#include
+#include
#include
#include
@@ -248,7 +249,7 @@ become_user (const gchar *user,
if (pw == NULL)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
- "Error calling getpwnam(): %m");
+ "Error calling getpwnam(): %s", g_strerror(errno));
goto out;
}
@@ -263,13 +264,13 @@ become_user (const gchar *user,
if (setgroups (0, NULL) != 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
- "Error clearing groups: %m");
+ "Error clearing groups: %s", g_strerror(errno));
goto out;
}
if (initgroups (pw->pw_name, pw->pw_gid) != 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
- "Error initializing groups: %m");
+ "Error initializing groups: %s", g_strerror(errno));
goto out;
}
@@ -279,16 +280,16 @@ become_user (const gchar *user,
(getegid () != pw->pw_gid) || (getgid () != pw->pw_gid))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
- "Error becoming real+effective uid %d and gid %d: %m",
- (int) pw->pw_uid, (int) pw->pw_gid);
+ "Error becoming real+effective uid %d and gid %d: %s",
+ (int) pw->pw_uid, (int) pw->pw_gid, g_strerror(errno));
goto out;
}
if (chdir ("/") != 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
- "Error changing to root directory %s: %m",
- pw->pw_dir);
+ "Error changing to root directory %s: %s",
+ pw->pw_dir, g_strerror(errno));
goto out;
}
@@ -346,7 +347,7 @@ main (int argc,
}
else
{
- g_warning ("Error opening /dev/null: %m");
+ g_warning ("Error opening /dev/null: %s", g_strerror(errno));
}
}
[FILE:329:patches/patch-src_programs_pkexec.c]
Provide solaris header for LOG_AUTHPRIV
--- src/programs/pkexec.c.orig 2025-12-17 16:14:53 UTC
+++ src/programs/pkexec.c
@@ -47,6 +47,9 @@
#include
#include
+#ifdef HAVE_SOLARIS
+#include
+#endif
#include
#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
[FILE:684:patches/patch-src_programs_pkttyagent.c]
$NetBSD: patch-src_programs_pkttyagent.c,v 1.5 2025/12/21 15:44:05 wiz Exp $
Avoid %m usage in printf.
https://github.com/polkit-org/polkit/pull/624
--- src/programs/pkttyagent.c.orig 2025-12-17 16:14:53 UTC
+++ src/programs/pkttyagent.c
@@ -20,6 +20,7 @@
*/
#include
+#include
#include
#include
#include
@@ -256,7 +257,7 @@ main (int argc, char *argv[])
{
if (close (opt_notify_fd) != 0)
{
- g_printerr ("Error closing notify-fd %d: %m\n", opt_notify_fd);
+ g_printerr ("Error closing notify-fd %d: %s\n", opt_notify_fd, g_strerror(errno));
goto out;
}
}
[FILE:561:patches/patch-test_data_etc_polkit-1_rules.d_10-testing.rules]
--- test/data/etc/polkit-1/rules.d/10-testing.rules.orig 2025-12-17 16:14:53 UTC
+++ test/data/etc/polkit-1/rules.d/10-testing.rules
@@ -162,7 +162,7 @@ polkit.addRule(function(action, subject)
polkit.addRule(function(action, subject) {
if (action.id == "net.company.spawning.helper_with_output") {
try {
- var out = polkit.spawn(["echo", "-n", "-e", "Hello\nWorld"]);
+ var out = polkit.spawn(["printf", "Hello\nWorld"]);
if (out == "Hello\nWorld")
return polkit.Result.YES;
else
[FILE:2838:patches/patch-test_wrapper.py]
--- test/wrapper.py.orig 2025-12-17 16:14:53 UTC
+++ test/wrapper.py
@@ -3,7 +3,9 @@
import argparse
import atexit
import os
+import platform
import subprocess
+import shutil
import sys
import signal
import time
@@ -34,10 +36,11 @@ def setup_test_namespace(data_dir):
subprocess.check_call(["mount", "--bind", os.path.join(data_dir, "etc"), "/etc"])
except PermissionError:
print("Lacking permissions to set up test harness, skipping")
- sys.exit(77)
+ return False
except AttributeError:
print("Python 3.12 is required for os.unshare(), skipping")
- sys.exit(77)
+ return False
+ return True
def stop_dbus(pid: int) -> None:
@@ -69,6 +72,32 @@ def stop_dbus(pid: int) -> None:
signal.signal(signal.SIGTERM, signal.SIG_DFL)
+def setup_test_unconstrained_freebsd(data_dir):
+ passwd = os.path.join(data_dir, "etc", "passwd")
+ with open(passwd, 'r') as file:
+ for line in file:
+ fields = line.split(":")
+ if fields[0] == "root":
+ continue
+ subprocess.call(["pw", "useradd", "-n", fields[0], "-u", fields[2], "-c", fields[4], "-d", fields[5], "-s", fields[6].strip()])
+ group = os.path.join(data_dir, "etc", "group")
+ with open(group, 'r') as file:
+ for line in file:
+ fields = line.split(":")
+ cmd = ["pw", "groupadd", "-n", fields[0], "-g", fields[2]]
+ members = fields[3].strip()
+ if len(members) > 0:
+ cmd.append("-M")
+ cmd.append(members)
+ if fields[0] == "root":
+ cmd = ["pw", "groupmod", "-g", "0", "-l", "root"]
+ subprocess.call(cmd)
+ shutil.copy2(os.path.join(data_dir, "etc", "netgroup"), "/etc/netgroup")
+ shutil.copy2("/usr/bin/true", "/bin/true")
+ bus = dbus.SystemBus()
+ consolekit = bus.get_object("org.freedesktop.ConsoleKit", "/org/freedesktop/ConsoleKit/Manager")
+ consolekit.GetSeats(dbus_interface="org.freedesktop.ConsoleKit.Manager")
+
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument("test_executable",
@@ -79,7 +108,15 @@ if __name__ == "__main__":
help="set up a mock system D-Bus using dbusmock")
args = parser.parse_args()
- setup_test_namespace(args.data_dir)
+ if not setup_test_namespace(args.data_dir):
+ if os.getenv("ALLOW_SYSTEM_AFFECTING_TESTS") == "1":
+ if platform.system() == 'FreeBSD':
+ setup_test_unconstrained_freebsd(args.data_dir)
+ else:
+ setup_test_unconstrained_linux(args.data_dir)
+ else:
+ # skip tests
+ sys.exit(77)
if args.mock_dbus:
dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
[FILE:192:files/scripts-primary.ucl]
post-install-lua: [{
args: ""
code: <