[arch-commits] Commit in rtkit/repos (20 files)
Jan Steffens
heftig at archlinux.org
Fri Feb 27 12:52:25 UTC 2015
Date: Friday, February 27, 2015 @ 13:52:25
Author: heftig
Revision: 232072
archrelease: copy trunk to extra-i686, extra-x86_64
Added:
rtkit/repos/extra-i686/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
(from rev 232071, rtkit/trunk/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch)
rtkit/repos/extra-i686/PKGBUILD
(from rev 232071, rtkit/trunk/PKGBUILD)
rtkit/repos/extra-i686/libsystemd.patch
(from rev 232071, rtkit/trunk/libsystemd.patch)
rtkit/repos/extra-i686/rtkit.install
(from rev 232071, rtkit/trunk/rtkit.install)
rtkit/repos/extra-i686/systemd205.patch
(from rev 232071, rtkit/trunk/systemd205.patch)
rtkit/repos/extra-x86_64/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
(from rev 232071, rtkit/trunk/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch)
rtkit/repos/extra-x86_64/PKGBUILD
(from rev 232071, rtkit/trunk/PKGBUILD)
rtkit/repos/extra-x86_64/libsystemd.patch
(from rev 232071, rtkit/trunk/libsystemd.patch)
rtkit/repos/extra-x86_64/rtkit.install
(from rev 232071, rtkit/trunk/rtkit.install)
rtkit/repos/extra-x86_64/systemd205.patch
(from rev 232071, rtkit/trunk/systemd205.patch)
Deleted:
rtkit/repos/extra-i686/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
rtkit/repos/extra-i686/PKGBUILD
rtkit/repos/extra-i686/libsystemd.patch
rtkit/repos/extra-i686/rtkit.install
rtkit/repos/extra-i686/systemd205.patch
rtkit/repos/extra-x86_64/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
rtkit/repos/extra-x86_64/PKGBUILD
rtkit/repos/extra-x86_64/libsystemd.patch
rtkit/repos/extra-x86_64/rtkit.install
rtkit/repos/extra-x86_64/systemd205.patch
---------------------------------------------------------------+
/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch | 96 ++++++++
/PKGBUILD | 104 +++++++++
/libsystemd.patch | 114 ++++++++++
/rtkit.install | 30 ++
/systemd205.patch | 32 ++
extra-i686/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch | 48 ----
extra-i686/PKGBUILD | 52 ----
extra-i686/libsystemd.patch | 57 -----
extra-i686/rtkit.install | 26 --
extra-i686/systemd205.patch | 16 -
extra-x86_64/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch | 48 ----
extra-x86_64/PKGBUILD | 52 ----
extra-x86_64/libsystemd.patch | 57 -----
extra-x86_64/rtkit.install | 26 --
extra-x86_64/systemd205.patch | 16 -
15 files changed, 376 insertions(+), 398 deletions(-)
Deleted: extra-i686/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
===================================================================
--- extra-i686/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch 2015-02-27 12:50:55 UTC (rev 232071)
+++ extra-i686/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch 2015-02-27 12:52:25 UTC (rev 232072)
@@ -1,48 +0,0 @@
-From f44c5776b25ca2abd7569fb8532c6aede9b0c6b0 Mon Sep 17 00:00:00 2001
-From: Colin Walters <walters at verbum.org>
-Date: Thu, 22 Aug 2013 16:05:22 -0400
-Subject: [PATCH] [SECURITY] Pass uid of caller to polkit
-
-Otherwise, we force polkit to look up the uid itself in /proc, which
-is racy if they execve() a setuid binary.
----
- rtkit-daemon.c | 11 ++++++++++-
- 1 files changed, 10 insertions(+), 1 deletions(-)
-
-diff --git a/rtkit-daemon.c b/rtkit-daemon.c
-index 2ebe673..3ecc1f7 100644
---- a/rtkit-daemon.c
-+++ b/rtkit-daemon.c
-@@ -1170,12 +1170,14 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
- DBusMessage *m = NULL, *r = NULL;
- const char *unix_process = "unix-process";
- const char *pid = "pid";
-+ const char *uid = "uid";
- const char *start_time = "start-time";
- const char *cancel_id = "";
- uint32_t flags = 0;
- uint32_t pid_u32 = p->pid;
-- uint64_t start_time_u64 = p->starttime;
-+ uint32_t uid_u32 = (uint32_t)u->uid;
- DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
-+ uint64_t start_time_u64 = p->starttime;
- int ret;
- dbus_bool_t authorized = FALSE;
-
-@@ -1206,6 +1208,13 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
- assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
- assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
-
-+ assert_se(dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict));
-+ assert_se(dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &uid));
-+ assert_se(dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant));
-+ assert_se(dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &uid_u32));
-+ assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
-+ assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
-+
- assert_se(dbus_message_iter_close_container(&iter_struct, &iter_array));
- assert_se(dbus_message_iter_close_container(&iter_msg, &iter_struct));
-
---
-1.7.1
-
Copied: rtkit/repos/extra-i686/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch (from rev 232071, rtkit/trunk/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch)
===================================================================
--- extra-i686/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch (rev 0)
+++ extra-i686/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch 2015-02-27 12:52:25 UTC (rev 232072)
@@ -0,0 +1,48 @@
+From f44c5776b25ca2abd7569fb8532c6aede9b0c6b0 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters at verbum.org>
+Date: Thu, 22 Aug 2013 16:05:22 -0400
+Subject: [PATCH] [SECURITY] Pass uid of caller to polkit
+
+Otherwise, we force polkit to look up the uid itself in /proc, which
+is racy if they execve() a setuid binary.
+---
+ rtkit-daemon.c | 11 ++++++++++-
+ 1 files changed, 10 insertions(+), 1 deletions(-)
+
+diff --git a/rtkit-daemon.c b/rtkit-daemon.c
+index 2ebe673..3ecc1f7 100644
+--- a/rtkit-daemon.c
++++ b/rtkit-daemon.c
+@@ -1170,12 +1170,14 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
+ DBusMessage *m = NULL, *r = NULL;
+ const char *unix_process = "unix-process";
+ const char *pid = "pid";
++ const char *uid = "uid";
+ const char *start_time = "start-time";
+ const char *cancel_id = "";
+ uint32_t flags = 0;
+ uint32_t pid_u32 = p->pid;
+- uint64_t start_time_u64 = p->starttime;
++ uint32_t uid_u32 = (uint32_t)u->uid;
+ DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
++ uint64_t start_time_u64 = p->starttime;
+ int ret;
+ dbus_bool_t authorized = FALSE;
+
+@@ -1206,6 +1208,13 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
+ assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
+ assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
+
++ assert_se(dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict));
++ assert_se(dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &uid));
++ assert_se(dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant));
++ assert_se(dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &uid_u32));
++ assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
++ assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
++
+ assert_se(dbus_message_iter_close_container(&iter_struct, &iter_array));
+ assert_se(dbus_message_iter_close_container(&iter_msg, &iter_struct));
+
+--
+1.7.1
+
Deleted: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD 2015-02-27 12:50:55 UTC (rev 232071)
+++ extra-i686/PKGBUILD 2015-02-27 12:52:25 UTC (rev 232072)
@@ -1,52 +0,0 @@
-# $Id$
-# Maintainer: Jan Alexander Steffens (heftig) <jan.steffens at gmail.com>
-# Contributor: Corrado Primier <bardo at aur.archlinux.org>
-
-pkgname=rtkit
-pkgver=0.11
-pkgrel=4
-pkgdesc="Realtime Policy and Watchdog Daemon"
-arch=(i686 x86_64)
-url="http://git.0pointer.de/?p=rtkit.git"
-license=(GPL 'custom:BSD')
-depends=(dbus polkit systemd)
-install=rtkit.install
-source=(http://0pointer.de/public/$pkgname-$pkgver.tar.xz
- libsystemd.patch systemd205.patch
- 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch)
-md5sums=('a96c33b9827de66033d2311f82d79a5d'
- '35089c0a284005f4abcf45168415857e'
- '95195a70551057aca833da6bdbf2e35b'
- '70df212cba2a6366ff960b60d55858d3')
-
-prepare() {
- cd $pkgname-$pkgver
- patch -Np1 -i ../libsystemd.patch
- patch -Np1 -i ../systemd205.patch
- patch -Np1 -i ../0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
- autoreconf -fi
-}
-
-build() {
- cd $pkgname-$pkgver
- ./configure \
- --prefix=/usr \
- --sbindir=/usr/bin \
- --sysconfdir=/etc \
- --libexecdir=/usr/lib/$pkgname \
- --with-systemdsystemunitdir=/usr/lib/systemd/system
- make
-
- ./rtkit-daemon --introspect > org.freedesktop.RealtimeKit1.xml
-}
-
-package() {
- cd $pkgname-$pkgver
- make DESTDIR="$pkgdir" install
-
- install -Dm644 org.freedesktop.RealtimeKit1.xml \
- "$pkgdir/usr/share/dbus-1/interfaces/org.freedesktop.RealtimeKit1.xml"
-
- install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
- sed -ne '4,25p' rtkit.c >"$pkgdir/usr/share/licenses/$pkgname/COPYING"
-}
Copied: rtkit/repos/extra-i686/PKGBUILD (from rev 232071, rtkit/trunk/PKGBUILD)
===================================================================
--- extra-i686/PKGBUILD (rev 0)
+++ extra-i686/PKGBUILD 2015-02-27 12:52:25 UTC (rev 232072)
@@ -0,0 +1,52 @@
+# $Id$
+# Maintainer: Jan Alexander Steffens (heftig) <jan.steffens at gmail.com>
+# Contributor: Corrado Primier <bardo at aur.archlinux.org>
+
+pkgname=rtkit
+pkgver=0.11
+pkgrel=5
+pkgdesc="Realtime Policy and Watchdog Daemon"
+arch=(i686 x86_64)
+url="http://git.0pointer.de/?p=rtkit.git"
+license=(GPL 'custom:BSD')
+depends=(dbus polkit systemd)
+install=rtkit.install
+source=(http://0pointer.de/public/$pkgname-$pkgver.tar.xz
+ libsystemd.patch systemd205.patch
+ 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch)
+md5sums=('a96c33b9827de66033d2311f82d79a5d'
+ '35089c0a284005f4abcf45168415857e'
+ '95195a70551057aca833da6bdbf2e35b'
+ '70df212cba2a6366ff960b60d55858d3')
+
+prepare() {
+ cd $pkgname-$pkgver
+ patch -Np1 -i ../libsystemd.patch
+ patch -Np1 -i ../systemd205.patch
+ patch -Np1 -i ../0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
+ autoreconf -fi
+}
+
+build() {
+ cd $pkgname-$pkgver
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --sysconfdir=/etc \
+ --libexecdir=/usr/lib/$pkgname \
+ --with-systemdsystemunitdir=/usr/lib/systemd/system
+ make
+
+ ./rtkit-daemon --introspect > org.freedesktop.RealtimeKit1.xml
+}
+
+package() {
+ cd $pkgname-$pkgver
+ make DESTDIR="$pkgdir" install
+
+ install -Dm644 org.freedesktop.RealtimeKit1.xml \
+ "$pkgdir/usr/share/dbus-1/interfaces/org.freedesktop.RealtimeKit1.xml"
+
+ install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+ sed -ne '4,25p' rtkit.c >"$pkgdir/usr/share/licenses/$pkgname/COPYING"
+}
Deleted: extra-i686/libsystemd.patch
===================================================================
--- extra-i686/libsystemd.patch 2015-02-27 12:50:55 UTC (rev 232071)
+++ extra-i686/libsystemd.patch 2015-02-27 12:52:25 UTC (rev 232072)
@@ -1,57 +0,0 @@
-diff -u -r rtkit-0.11/configure.ac rtkit-0.11-sd/configure.ac
---- rtkit-0.11/configure.ac 2012-05-15 15:25:40.000000000 +0200
-+++ rtkit-0.11-sd/configure.ac 2013-05-13 08:12:17.616825455 +0200
-@@ -115,6 +115,7 @@
- AC_SEARCH_LIBS([cap_init], [cap])
-
- PKG_CHECK_MODULES(DBUS, dbus-1)
-+PKG_CHECK_MODULES(LIBSYSTEMD_DAEMON, libsystemd-daemon)
-
- AC_ARG_WITH([systemdsystemunitdir],
- AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]),
-diff -u -r rtkit-0.11/Makefile.am rtkit-0.11-sd/Makefile.am
---- rtkit-0.11/Makefile.am 2012-05-15 15:38:05.000000000 +0200
-+++ rtkit-0.11-sd/Makefile.am 2013-05-13 08:12:18.086822253 +0200
-@@ -56,13 +56,14 @@
- endif
-
- rtkit_daemon_SOURCES = \
-- rtkit-daemon.c rtkit.h \
-- sd-daemon.c sd-daemon.h
-+ rtkit-daemon.c rtkit.h
- rtkit_daemon_LDADD = \
-- $(DBUS_LIBS)
-+ $(DBUS_LIBS) \
-+ $(LIBSYSTEMD_DAEMON_LIBS)
- rtkit_daemon_CFLAGS = \
- $(AM_CFLAGS) \
-- $(DBUS_CFLAGS)
-+ $(DBUS_CFLAGS) \
-+ $(LIBSYSTEMD_DAEMON_CFLAGS)
-
- rtkitctl_SOURCES = \
- rtkitctl.c rtkit.h
-@@ -93,7 +94,3 @@
-
- DISTCHECK_CONFIGURE_FLAGS = \
- --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir)
--
--update-systemd:
-- curl http://cgit.freedesktop.org/systemd/systemd/plain/src/libsystemd-daemon/sd-daemon.c > sd-daemon.c
-- curl http://cgit.freedesktop.org/systemd/systemd/plain/src/systemd/sd-daemon.h > sd-daemon.h
-diff -u -r rtkit-0.11/rtkit-daemon.c rtkit-0.11-sd/rtkit-daemon.c
---- rtkit-0.11/rtkit-daemon.c 2012-05-15 15:25:40.000000000 +0200
-+++ rtkit-0.11-sd/rtkit-daemon.c 2013-05-13 08:13:07.933149359 +0200
-@@ -50,9 +50,9 @@
- #include <dirent.h>
- #include <syslog.h>
- #include <grp.h>
-+#include <systemd/sd-daemon.h>
-
- #include "rtkit.h"
--#include "sd-daemon.h"
-
- #ifndef __linux__
- #error "This stuff only works on Linux!"
-Only in rtkit-0.11: sd-daemon.c
-Only in rtkit-0.11: sd-daemon.h
Copied: rtkit/repos/extra-i686/libsystemd.patch (from rev 232071, rtkit/trunk/libsystemd.patch)
===================================================================
--- extra-i686/libsystemd.patch (rev 0)
+++ extra-i686/libsystemd.patch 2015-02-27 12:52:25 UTC (rev 232072)
@@ -0,0 +1,57 @@
+diff -u -r rtkit-0.11/configure.ac rtkit-0.11-sd/configure.ac
+--- rtkit-0.11/configure.ac 2012-05-15 15:25:40.000000000 +0200
++++ rtkit-0.11-sd/configure.ac 2013-05-13 08:12:17.616825455 +0200
+@@ -115,6 +115,7 @@
+ AC_SEARCH_LIBS([cap_init], [cap])
+
+ PKG_CHECK_MODULES(DBUS, dbus-1)
++PKG_CHECK_MODULES(LIBSYSTEMD_DAEMON, libsystemd-daemon)
+
+ AC_ARG_WITH([systemdsystemunitdir],
+ AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]),
+diff -u -r rtkit-0.11/Makefile.am rtkit-0.11-sd/Makefile.am
+--- rtkit-0.11/Makefile.am 2012-05-15 15:38:05.000000000 +0200
++++ rtkit-0.11-sd/Makefile.am 2013-05-13 08:12:18.086822253 +0200
+@@ -56,13 +56,14 @@
+ endif
+
+ rtkit_daemon_SOURCES = \
+- rtkit-daemon.c rtkit.h \
+- sd-daemon.c sd-daemon.h
++ rtkit-daemon.c rtkit.h
+ rtkit_daemon_LDADD = \
+- $(DBUS_LIBS)
++ $(DBUS_LIBS) \
++ $(LIBSYSTEMD_DAEMON_LIBS)
+ rtkit_daemon_CFLAGS = \
+ $(AM_CFLAGS) \
+- $(DBUS_CFLAGS)
++ $(DBUS_CFLAGS) \
++ $(LIBSYSTEMD_DAEMON_CFLAGS)
+
+ rtkitctl_SOURCES = \
+ rtkitctl.c rtkit.h
+@@ -93,7 +94,3 @@
+
+ DISTCHECK_CONFIGURE_FLAGS = \
+ --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir)
+-
+-update-systemd:
+- curl http://cgit.freedesktop.org/systemd/systemd/plain/src/libsystemd-daemon/sd-daemon.c > sd-daemon.c
+- curl http://cgit.freedesktop.org/systemd/systemd/plain/src/systemd/sd-daemon.h > sd-daemon.h
+diff -u -r rtkit-0.11/rtkit-daemon.c rtkit-0.11-sd/rtkit-daemon.c
+--- rtkit-0.11/rtkit-daemon.c 2012-05-15 15:25:40.000000000 +0200
++++ rtkit-0.11-sd/rtkit-daemon.c 2013-05-13 08:13:07.933149359 +0200
+@@ -50,9 +50,9 @@
+ #include <dirent.h>
+ #include <syslog.h>
+ #include <grp.h>
++#include <systemd/sd-daemon.h>
+
+ #include "rtkit.h"
+-#include "sd-daemon.h"
+
+ #ifndef __linux__
+ #error "This stuff only works on Linux!"
+Only in rtkit-0.11: sd-daemon.c
+Only in rtkit-0.11: sd-daemon.h
Deleted: extra-i686/rtkit.install
===================================================================
--- extra-i686/rtkit.install 2015-02-27 12:50:55 UTC (rev 232071)
+++ extra-i686/rtkit.install 2015-02-27 12:52:25 UTC (rev 232072)
@@ -1,26 +0,0 @@
-post_install() {
- getent group rtkit &>/dev/null || /usr/sbin/groupadd -g 133 rtkit || return 1
- getent passwd rtkit &>/dev/null || /usr/sbin/useradd -u 133 -g rtkit -c 'RealtimeKit' -s /sbin/nologin -d /proc rtkit || return 1
-
- dbus-send --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig >/dev/null 2>&1
-
- true
-}
-
-post_upgrade() {
- if (( $(vercmp $2 0.10) < 0 )); then
- # Get rid of old user and group
- post_remove
- fi
-
- post_install
-}
-
-post_remove() {
- getent passwd rtkit &>/dev/null && /usr/sbin/userdel -f rtkit
- getent group rtkit &>/dev/null && /usr/sbin/groupdel rtkit
-
- true
-}
-
-# vim:set ts=2 sw=2 et:
Copied: rtkit/repos/extra-i686/rtkit.install (from rev 232071, rtkit/trunk/rtkit.install)
===================================================================
--- extra-i686/rtkit.install (rev 0)
+++ extra-i686/rtkit.install 2015-02-27 12:52:25 UTC (rev 232072)
@@ -0,0 +1,15 @@
+post_install() {
+ if ! getent passwd rtkit &>/dev/null; then
+ groupadd -g 133 rtkit
+ useradd -u 133 -g rtkit -c 'RealtimeKit' -s /bin/false -d /proc rtkit
+ fi
+
+ post_upgrade
+}
+
+post_upgrade() {
+ dbus-send --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig &>/dev/null
+ return 0
+}
+
+# vim:set ts=2 sw=2 et:
Deleted: extra-i686/systemd205.patch
===================================================================
--- extra-i686/systemd205.patch 2015-02-27 12:50:55 UTC (rev 232071)
+++ extra-i686/systemd205.patch 2015-02-27 12:52:25 UTC (rev 232072)
@@ -1,16 +0,0 @@
-diff -u -r rtkit-0.11/rtkit-daemon.service.in rtkit-0.11-sd205/rtkit-daemon.service.in
---- rtkit-0.11/rtkit-daemon.service.in 2012-05-15 15:25:40.000000000 +0200
-+++ rtkit-0.11-sd205/rtkit-daemon.service.in 2013-07-25 10:27:37.790884664 +0200
-@@ -24,12 +24,7 @@
- BusName=org.freedesktop.RealtimeKit1
- NotifyAccess=main
- CapabilityBoundingSet=CAP_SYS_NICE CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SYS_CHROOT CAP_SETGID CAP_SETUID
--PrivateTmp=yes
- PrivateNetwork=yes
-
--# Work around the fact that the Linux currently doesn't assign any RT
--# budget to CPU control groups that have none configured explicitly
--ControlGroup=cpu:/
--
- [Install]
- WantedBy=graphical.target
Copied: rtkit/repos/extra-i686/systemd205.patch (from rev 232071, rtkit/trunk/systemd205.patch)
===================================================================
--- extra-i686/systemd205.patch (rev 0)
+++ extra-i686/systemd205.patch 2015-02-27 12:52:25 UTC (rev 232072)
@@ -0,0 +1,16 @@
+diff -u -r rtkit-0.11/rtkit-daemon.service.in rtkit-0.11-sd205/rtkit-daemon.service.in
+--- rtkit-0.11/rtkit-daemon.service.in 2012-05-15 15:25:40.000000000 +0200
++++ rtkit-0.11-sd205/rtkit-daemon.service.in 2013-07-25 10:27:37.790884664 +0200
+@@ -24,12 +24,7 @@
+ BusName=org.freedesktop.RealtimeKit1
+ NotifyAccess=main
+ CapabilityBoundingSet=CAP_SYS_NICE CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SYS_CHROOT CAP_SETGID CAP_SETUID
+-PrivateTmp=yes
+ PrivateNetwork=yes
+
+-# Work around the fact that the Linux currently doesn't assign any RT
+-# budget to CPU control groups that have none configured explicitly
+-ControlGroup=cpu:/
+-
+ [Install]
+ WantedBy=graphical.target
Deleted: extra-x86_64/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
===================================================================
--- extra-x86_64/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch 2015-02-27 12:50:55 UTC (rev 232071)
+++ extra-x86_64/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch 2015-02-27 12:52:25 UTC (rev 232072)
@@ -1,48 +0,0 @@
-From f44c5776b25ca2abd7569fb8532c6aede9b0c6b0 Mon Sep 17 00:00:00 2001
-From: Colin Walters <walters at verbum.org>
-Date: Thu, 22 Aug 2013 16:05:22 -0400
-Subject: [PATCH] [SECURITY] Pass uid of caller to polkit
-
-Otherwise, we force polkit to look up the uid itself in /proc, which
-is racy if they execve() a setuid binary.
----
- rtkit-daemon.c | 11 ++++++++++-
- 1 files changed, 10 insertions(+), 1 deletions(-)
-
-diff --git a/rtkit-daemon.c b/rtkit-daemon.c
-index 2ebe673..3ecc1f7 100644
---- a/rtkit-daemon.c
-+++ b/rtkit-daemon.c
-@@ -1170,12 +1170,14 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
- DBusMessage *m = NULL, *r = NULL;
- const char *unix_process = "unix-process";
- const char *pid = "pid";
-+ const char *uid = "uid";
- const char *start_time = "start-time";
- const char *cancel_id = "";
- uint32_t flags = 0;
- uint32_t pid_u32 = p->pid;
-- uint64_t start_time_u64 = p->starttime;
-+ uint32_t uid_u32 = (uint32_t)u->uid;
- DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
-+ uint64_t start_time_u64 = p->starttime;
- int ret;
- dbus_bool_t authorized = FALSE;
-
-@@ -1206,6 +1208,13 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
- assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
- assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
-
-+ assert_se(dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict));
-+ assert_se(dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &uid));
-+ assert_se(dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant));
-+ assert_se(dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &uid_u32));
-+ assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
-+ assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
-+
- assert_se(dbus_message_iter_close_container(&iter_struct, &iter_array));
- assert_se(dbus_message_iter_close_container(&iter_msg, &iter_struct));
-
---
-1.7.1
-
Copied: rtkit/repos/extra-x86_64/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch (from rev 232071, rtkit/trunk/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch)
===================================================================
--- extra-x86_64/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch (rev 0)
+++ extra-x86_64/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch 2015-02-27 12:52:25 UTC (rev 232072)
@@ -0,0 +1,48 @@
+From f44c5776b25ca2abd7569fb8532c6aede9b0c6b0 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters at verbum.org>
+Date: Thu, 22 Aug 2013 16:05:22 -0400
+Subject: [PATCH] [SECURITY] Pass uid of caller to polkit
+
+Otherwise, we force polkit to look up the uid itself in /proc, which
+is racy if they execve() a setuid binary.
+---
+ rtkit-daemon.c | 11 ++++++++++-
+ 1 files changed, 10 insertions(+), 1 deletions(-)
+
+diff --git a/rtkit-daemon.c b/rtkit-daemon.c
+index 2ebe673..3ecc1f7 100644
+--- a/rtkit-daemon.c
++++ b/rtkit-daemon.c
+@@ -1170,12 +1170,14 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
+ DBusMessage *m = NULL, *r = NULL;
+ const char *unix_process = "unix-process";
+ const char *pid = "pid";
++ const char *uid = "uid";
+ const char *start_time = "start-time";
+ const char *cancel_id = "";
+ uint32_t flags = 0;
+ uint32_t pid_u32 = p->pid;
+- uint64_t start_time_u64 = p->starttime;
++ uint32_t uid_u32 = (uint32_t)u->uid;
+ DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
++ uint64_t start_time_u64 = p->starttime;
+ int ret;
+ dbus_bool_t authorized = FALSE;
+
+@@ -1206,6 +1208,13 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
+ assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
+ assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
+
++ assert_se(dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict));
++ assert_se(dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &uid));
++ assert_se(dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant));
++ assert_se(dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &uid_u32));
++ assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
++ assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
++
+ assert_se(dbus_message_iter_close_container(&iter_struct, &iter_array));
+ assert_se(dbus_message_iter_close_container(&iter_msg, &iter_struct));
+
+--
+1.7.1
+
Deleted: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD 2015-02-27 12:50:55 UTC (rev 232071)
+++ extra-x86_64/PKGBUILD 2015-02-27 12:52:25 UTC (rev 232072)
@@ -1,52 +0,0 @@
-# $Id$
-# Maintainer: Jan Alexander Steffens (heftig) <jan.steffens at gmail.com>
-# Contributor: Corrado Primier <bardo at aur.archlinux.org>
-
-pkgname=rtkit
-pkgver=0.11
-pkgrel=4
-pkgdesc="Realtime Policy and Watchdog Daemon"
-arch=(i686 x86_64)
-url="http://git.0pointer.de/?p=rtkit.git"
-license=(GPL 'custom:BSD')
-depends=(dbus polkit systemd)
-install=rtkit.install
-source=(http://0pointer.de/public/$pkgname-$pkgver.tar.xz
- libsystemd.patch systemd205.patch
- 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch)
-md5sums=('a96c33b9827de66033d2311f82d79a5d'
- '35089c0a284005f4abcf45168415857e'
- '95195a70551057aca833da6bdbf2e35b'
- '70df212cba2a6366ff960b60d55858d3')
-
-prepare() {
- cd $pkgname-$pkgver
- patch -Np1 -i ../libsystemd.patch
- patch -Np1 -i ../systemd205.patch
- patch -Np1 -i ../0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
- autoreconf -fi
-}
-
-build() {
- cd $pkgname-$pkgver
- ./configure \
- --prefix=/usr \
- --sbindir=/usr/bin \
- --sysconfdir=/etc \
- --libexecdir=/usr/lib/$pkgname \
- --with-systemdsystemunitdir=/usr/lib/systemd/system
- make
-
- ./rtkit-daemon --introspect > org.freedesktop.RealtimeKit1.xml
-}
-
-package() {
- cd $pkgname-$pkgver
- make DESTDIR="$pkgdir" install
-
- install -Dm644 org.freedesktop.RealtimeKit1.xml \
- "$pkgdir/usr/share/dbus-1/interfaces/org.freedesktop.RealtimeKit1.xml"
-
- install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
- sed -ne '4,25p' rtkit.c >"$pkgdir/usr/share/licenses/$pkgname/COPYING"
-}
Copied: rtkit/repos/extra-x86_64/PKGBUILD (from rev 232071, rtkit/trunk/PKGBUILD)
===================================================================
--- extra-x86_64/PKGBUILD (rev 0)
+++ extra-x86_64/PKGBUILD 2015-02-27 12:52:25 UTC (rev 232072)
@@ -0,0 +1,52 @@
+# $Id$
+# Maintainer: Jan Alexander Steffens (heftig) <jan.steffens at gmail.com>
+# Contributor: Corrado Primier <bardo at aur.archlinux.org>
+
+pkgname=rtkit
+pkgver=0.11
+pkgrel=5
+pkgdesc="Realtime Policy and Watchdog Daemon"
+arch=(i686 x86_64)
+url="http://git.0pointer.de/?p=rtkit.git"
+license=(GPL 'custom:BSD')
+depends=(dbus polkit systemd)
+install=rtkit.install
+source=(http://0pointer.de/public/$pkgname-$pkgver.tar.xz
+ libsystemd.patch systemd205.patch
+ 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch)
+md5sums=('a96c33b9827de66033d2311f82d79a5d'
+ '35089c0a284005f4abcf45168415857e'
+ '95195a70551057aca833da6bdbf2e35b'
+ '70df212cba2a6366ff960b60d55858d3')
+
+prepare() {
+ cd $pkgname-$pkgver
+ patch -Np1 -i ../libsystemd.patch
+ patch -Np1 -i ../systemd205.patch
+ patch -Np1 -i ../0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
+ autoreconf -fi
+}
+
+build() {
+ cd $pkgname-$pkgver
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --sysconfdir=/etc \
+ --libexecdir=/usr/lib/$pkgname \
+ --with-systemdsystemunitdir=/usr/lib/systemd/system
+ make
+
+ ./rtkit-daemon --introspect > org.freedesktop.RealtimeKit1.xml
+}
+
+package() {
+ cd $pkgname-$pkgver
+ make DESTDIR="$pkgdir" install
+
+ install -Dm644 org.freedesktop.RealtimeKit1.xml \
+ "$pkgdir/usr/share/dbus-1/interfaces/org.freedesktop.RealtimeKit1.xml"
+
+ install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+ sed -ne '4,25p' rtkit.c >"$pkgdir/usr/share/licenses/$pkgname/COPYING"
+}
Deleted: extra-x86_64/libsystemd.patch
===================================================================
--- extra-x86_64/libsystemd.patch 2015-02-27 12:50:55 UTC (rev 232071)
+++ extra-x86_64/libsystemd.patch 2015-02-27 12:52:25 UTC (rev 232072)
@@ -1,57 +0,0 @@
-diff -u -r rtkit-0.11/configure.ac rtkit-0.11-sd/configure.ac
---- rtkit-0.11/configure.ac 2012-05-15 15:25:40.000000000 +0200
-+++ rtkit-0.11-sd/configure.ac 2013-05-13 08:12:17.616825455 +0200
-@@ -115,6 +115,7 @@
- AC_SEARCH_LIBS([cap_init], [cap])
-
- PKG_CHECK_MODULES(DBUS, dbus-1)
-+PKG_CHECK_MODULES(LIBSYSTEMD_DAEMON, libsystemd-daemon)
-
- AC_ARG_WITH([systemdsystemunitdir],
- AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]),
-diff -u -r rtkit-0.11/Makefile.am rtkit-0.11-sd/Makefile.am
---- rtkit-0.11/Makefile.am 2012-05-15 15:38:05.000000000 +0200
-+++ rtkit-0.11-sd/Makefile.am 2013-05-13 08:12:18.086822253 +0200
-@@ -56,13 +56,14 @@
- endif
-
- rtkit_daemon_SOURCES = \
-- rtkit-daemon.c rtkit.h \
-- sd-daemon.c sd-daemon.h
-+ rtkit-daemon.c rtkit.h
- rtkit_daemon_LDADD = \
-- $(DBUS_LIBS)
-+ $(DBUS_LIBS) \
-+ $(LIBSYSTEMD_DAEMON_LIBS)
- rtkit_daemon_CFLAGS = \
- $(AM_CFLAGS) \
-- $(DBUS_CFLAGS)
-+ $(DBUS_CFLAGS) \
-+ $(LIBSYSTEMD_DAEMON_CFLAGS)
-
- rtkitctl_SOURCES = \
- rtkitctl.c rtkit.h
-@@ -93,7 +94,3 @@
-
- DISTCHECK_CONFIGURE_FLAGS = \
- --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir)
--
--update-systemd:
-- curl http://cgit.freedesktop.org/systemd/systemd/plain/src/libsystemd-daemon/sd-daemon.c > sd-daemon.c
-- curl http://cgit.freedesktop.org/systemd/systemd/plain/src/systemd/sd-daemon.h > sd-daemon.h
-diff -u -r rtkit-0.11/rtkit-daemon.c rtkit-0.11-sd/rtkit-daemon.c
---- rtkit-0.11/rtkit-daemon.c 2012-05-15 15:25:40.000000000 +0200
-+++ rtkit-0.11-sd/rtkit-daemon.c 2013-05-13 08:13:07.933149359 +0200
-@@ -50,9 +50,9 @@
- #include <dirent.h>
- #include <syslog.h>
- #include <grp.h>
-+#include <systemd/sd-daemon.h>
-
- #include "rtkit.h"
--#include "sd-daemon.h"
-
- #ifndef __linux__
- #error "This stuff only works on Linux!"
-Only in rtkit-0.11: sd-daemon.c
-Only in rtkit-0.11: sd-daemon.h
Copied: rtkit/repos/extra-x86_64/libsystemd.patch (from rev 232071, rtkit/trunk/libsystemd.patch)
===================================================================
--- extra-x86_64/libsystemd.patch (rev 0)
+++ extra-x86_64/libsystemd.patch 2015-02-27 12:52:25 UTC (rev 232072)
@@ -0,0 +1,57 @@
+diff -u -r rtkit-0.11/configure.ac rtkit-0.11-sd/configure.ac
+--- rtkit-0.11/configure.ac 2012-05-15 15:25:40.000000000 +0200
++++ rtkit-0.11-sd/configure.ac 2013-05-13 08:12:17.616825455 +0200
+@@ -115,6 +115,7 @@
+ AC_SEARCH_LIBS([cap_init], [cap])
+
+ PKG_CHECK_MODULES(DBUS, dbus-1)
++PKG_CHECK_MODULES(LIBSYSTEMD_DAEMON, libsystemd-daemon)
+
+ AC_ARG_WITH([systemdsystemunitdir],
+ AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]),
+diff -u -r rtkit-0.11/Makefile.am rtkit-0.11-sd/Makefile.am
+--- rtkit-0.11/Makefile.am 2012-05-15 15:38:05.000000000 +0200
++++ rtkit-0.11-sd/Makefile.am 2013-05-13 08:12:18.086822253 +0200
+@@ -56,13 +56,14 @@
+ endif
+
+ rtkit_daemon_SOURCES = \
+- rtkit-daemon.c rtkit.h \
+- sd-daemon.c sd-daemon.h
++ rtkit-daemon.c rtkit.h
+ rtkit_daemon_LDADD = \
+- $(DBUS_LIBS)
++ $(DBUS_LIBS) \
++ $(LIBSYSTEMD_DAEMON_LIBS)
+ rtkit_daemon_CFLAGS = \
+ $(AM_CFLAGS) \
+- $(DBUS_CFLAGS)
++ $(DBUS_CFLAGS) \
++ $(LIBSYSTEMD_DAEMON_CFLAGS)
+
+ rtkitctl_SOURCES = \
+ rtkitctl.c rtkit.h
+@@ -93,7 +94,3 @@
+
+ DISTCHECK_CONFIGURE_FLAGS = \
+ --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir)
+-
+-update-systemd:
+- curl http://cgit.freedesktop.org/systemd/systemd/plain/src/libsystemd-daemon/sd-daemon.c > sd-daemon.c
+- curl http://cgit.freedesktop.org/systemd/systemd/plain/src/systemd/sd-daemon.h > sd-daemon.h
+diff -u -r rtkit-0.11/rtkit-daemon.c rtkit-0.11-sd/rtkit-daemon.c
+--- rtkit-0.11/rtkit-daemon.c 2012-05-15 15:25:40.000000000 +0200
++++ rtkit-0.11-sd/rtkit-daemon.c 2013-05-13 08:13:07.933149359 +0200
+@@ -50,9 +50,9 @@
+ #include <dirent.h>
+ #include <syslog.h>
+ #include <grp.h>
++#include <systemd/sd-daemon.h>
+
+ #include "rtkit.h"
+-#include "sd-daemon.h"
+
+ #ifndef __linux__
+ #error "This stuff only works on Linux!"
+Only in rtkit-0.11: sd-daemon.c
+Only in rtkit-0.11: sd-daemon.h
Deleted: extra-x86_64/rtkit.install
===================================================================
--- extra-x86_64/rtkit.install 2015-02-27 12:50:55 UTC (rev 232071)
+++ extra-x86_64/rtkit.install 2015-02-27 12:52:25 UTC (rev 232072)
@@ -1,26 +0,0 @@
-post_install() {
- getent group rtkit &>/dev/null || /usr/sbin/groupadd -g 133 rtkit || return 1
- getent passwd rtkit &>/dev/null || /usr/sbin/useradd -u 133 -g rtkit -c 'RealtimeKit' -s /sbin/nologin -d /proc rtkit || return 1
-
- dbus-send --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig >/dev/null 2>&1
-
- true
-}
-
-post_upgrade() {
- if (( $(vercmp $2 0.10) < 0 )); then
- # Get rid of old user and group
- post_remove
- fi
-
- post_install
-}
-
-post_remove() {
- getent passwd rtkit &>/dev/null && /usr/sbin/userdel -f rtkit
- getent group rtkit &>/dev/null && /usr/sbin/groupdel rtkit
-
- true
-}
-
-# vim:set ts=2 sw=2 et:
Copied: rtkit/repos/extra-x86_64/rtkit.install (from rev 232071, rtkit/trunk/rtkit.install)
===================================================================
--- extra-x86_64/rtkit.install (rev 0)
+++ extra-x86_64/rtkit.install 2015-02-27 12:52:25 UTC (rev 232072)
@@ -0,0 +1,15 @@
+post_install() {
+ if ! getent passwd rtkit &>/dev/null; then
+ groupadd -g 133 rtkit
+ useradd -u 133 -g rtkit -c 'RealtimeKit' -s /bin/false -d /proc rtkit
+ fi
+
+ post_upgrade
+}
+
+post_upgrade() {
+ dbus-send --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig &>/dev/null
+ return 0
+}
+
+# vim:set ts=2 sw=2 et:
Deleted: extra-x86_64/systemd205.patch
===================================================================
--- extra-x86_64/systemd205.patch 2015-02-27 12:50:55 UTC (rev 232071)
+++ extra-x86_64/systemd205.patch 2015-02-27 12:52:25 UTC (rev 232072)
@@ -1,16 +0,0 @@
-diff -u -r rtkit-0.11/rtkit-daemon.service.in rtkit-0.11-sd205/rtkit-daemon.service.in
---- rtkit-0.11/rtkit-daemon.service.in 2012-05-15 15:25:40.000000000 +0200
-+++ rtkit-0.11-sd205/rtkit-daemon.service.in 2013-07-25 10:27:37.790884664 +0200
-@@ -24,12 +24,7 @@
- BusName=org.freedesktop.RealtimeKit1
- NotifyAccess=main
- CapabilityBoundingSet=CAP_SYS_NICE CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SYS_CHROOT CAP_SETGID CAP_SETUID
--PrivateTmp=yes
- PrivateNetwork=yes
-
--# Work around the fact that the Linux currently doesn't assign any RT
--# budget to CPU control groups that have none configured explicitly
--ControlGroup=cpu:/
--
- [Install]
- WantedBy=graphical.target
Copied: rtkit/repos/extra-x86_64/systemd205.patch (from rev 232071, rtkit/trunk/systemd205.patch)
===================================================================
--- extra-x86_64/systemd205.patch (rev 0)
+++ extra-x86_64/systemd205.patch 2015-02-27 12:52:25 UTC (rev 232072)
@@ -0,0 +1,16 @@
+diff -u -r rtkit-0.11/rtkit-daemon.service.in rtkit-0.11-sd205/rtkit-daemon.service.in
+--- rtkit-0.11/rtkit-daemon.service.in 2012-05-15 15:25:40.000000000 +0200
++++ rtkit-0.11-sd205/rtkit-daemon.service.in 2013-07-25 10:27:37.790884664 +0200
+@@ -24,12 +24,7 @@
+ BusName=org.freedesktop.RealtimeKit1
+ NotifyAccess=main
+ CapabilityBoundingSet=CAP_SYS_NICE CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SYS_CHROOT CAP_SETGID CAP_SETUID
+-PrivateTmp=yes
+ PrivateNetwork=yes
+
+-# Work around the fact that the Linux currently doesn't assign any RT
+-# budget to CPU control groups that have none configured explicitly
+-ControlGroup=cpu:/
+-
+ [Install]
+ WantedBy=graphical.target
More information about the arch-commits
mailing list