- Jan 18, 2025
-
-
Michael Biebl authored
No longer needed since https://github.com/polkit-org/polkit/commit/8e17f09c770bc2efd5deb40ba2b6032d40603578
-
- Jan 17, 2025
-
-
Michael Biebl authored
-
Michael Biebl authored
This directory served two purposes: - Shipping the configuration files of the pkla based backend - Being the runtime/home directory of the polkitd system service Both cases no longer apply, so remove the directory. As there might be files/directories not tracked by dpkg, try a manual cleanup.
-
- Jan 13, 2025
-
-
Luca Boccassi authored
-
Luca Boccassi authored
External pkla code was dropped
-
Luca Boccassi authored
-
Luca Boccassi authored
The privileged group can now be specified via a Meson option, set it to 'sudo' and drop the out-of-tree patch
-
Luca Boccassi authored
The Debian-specific PAM config is now upstream and it gets installed if the os_type build config is set to 'debian'
-
Luca Boccassi authored
Patch is merged upstream behind a build flag, enable it
-
Luca Boccassi authored
Gbp-Dch: ignore
-
Luca Boccassi authored
This is not a workaround, so move it outside of the group of workarounds, so that they can be dropped in one block in forky. Gbp-Dch: ignore
-
Luca Boccassi authored
This has been removed now, so there's no need to apply workarounds specific for that case
-
Luca Boccassi authored
This is no longer used, stop changing its permissions
-
-
polkit.service sets the user/group already, so polkitd will no longer change user and chdir manually, drop this out-of-tree patch as it's no longer needed
-
Luca Boccassi authored
Update to upstream version '126' with Debian dir 425bf49cda516ffd71e3f61648194d8d7412b241
-
Luca Boccassi authored
-
Jan Rybar authored
-
- Dec 20, 2024
-
-
Michael Biebl authored
On non-systemd systems if the user is changed manually, polkitd will also change directory. The homedir of the user might not be set correctly, so just change to /. This is a no-op on systemd systems, as the user is set in the unit file, so this code never runs.
-
- Dec 19, 2024
-
-
Luca Boccassi authored
On Debian and derivatives the privileged group is sudo, so adjust the default accordingly, if not explicitly provided
-
Luca Boccassi authored
In Debian and derivatives PAM uses different syntax, so add an alternative PAM config file, and install it instead of the default one if the os_type is debian. We have been using this PAM config in Debian and derivatives since pretty much forever.
-
Luca Boccassi authored
-
Luca Boccassi authored
Error opening `/proc/0/cmdline': Failed to open file ?/proc/0/cmdline?: No such file or directory
-
Luca Boccassi authored
The allowed values start at 0, so glib complains: GLib-GObject-CRITICAL **: 15:46:56.302: value -1 of type 'gint' is invalid or out of range for property 'pid' of type 'gint'
-
- Dec 03, 2024
-
-
KT-lcz authored
goto out needs to be executed after g_set_error , otherwise the assertion will be triggered in g_assert (process != NULL);
-
- Nov 28, 2024
-
-
Frantisek Sumsal authored
GCC analyzer in some cases depends on information provided by LTO to generate accurate results, but the LTO support in GCC analyzer is still experimental, so it's not enabled by default. In Polkit, however, this seems to work pretty well, so let's tell OSH to build our code with LTO when running GCC analyzer.
-
Frantisek Sumsal authored
The error object in this case should always be allocated if polkit_authority_check_authorization_finish() returns NULL, so let's convey this message to static analyzers as well. Another potential "solution" for this could be checking the error object instead of the result one when returning from polkit_authority_check_authorization_finish() (like it's done in the respective example - src/examples/cancel.c), but we already have a precedent of using g_assert() on the error object for this in our codebase. This should address following warning from GCC analyzer: [75/89] Linking target src/polkit/libpolkit-gobject-1.so.0.0.0 ../src/polkit/polkitpermission.c: In function ‘changed_check_cb’: ../src/polkit/polkitpermission.c:485:7: warning: dereference of NULL ‘error’ [CWE-476] [-Wanalyzer-null-dereference] 485 | g_warning ("Error checking authorization for action id %s: %s", | ^
-
Frantisek Sumsal authored
push_action_and_details() never used the "error" argument internally, so it always remained set to NULL, which would lead to nasty surprises in the error paths. Found by GCC analyzer: [84/84] Linking target src/polkitbackend/polkitd ../src/polkitbackend/polkitbackendduktapeauthority.c: In function ‘polkit_backend_common_js_authority_check_authorization_sync’: ../src/polkitbackend/polkitbackendduktapeauthority.c:1015:7: warning: dereference of NULL ‘error’ [CWE-476] [-Wanalyzer-null-dereference] 1015 | polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
-
Frantisek Sumsal authored
As that's a way to a certain segmentation fault. Discovered by GCC analyzer: [74/84] Linking target src/polkitagent/polkit-agent-helper-1 ../src/polkitagent/polkitagenthelper-pam.c: In function ‘send_to_helper’: ../src/polkitagent/polkitagenthelper-pam.c:46:10: warning: use of NULL where non-null expected [CWE-476] [-Wanalyzer-null-argument] 46 | len2 = strlen(tmp2); | ^ [83/84] Linking target src/programs/pkexec ../src/programs/pkexec.c: In function ‘main’: ../src/programs/pkexec.c:817:7: warning: use of NULL ‘command_line’ where non-null expected [CWE-476] [-Wanalyzer-null-argument] 817 | if (strlen(command_line) > 80) | ^
-
- Nov 14, 2024
-
-
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4 ) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
-
Jan Macku authored
-
-
Frantisek Sumsal authored
Let's reintroduce regular Coverity builds. Since there's a pretty strict rate limit [0], do one nightly build each day, and upload it to Coverity for analysis. The results can be then found in the project dashboard [1]. [0] https://scan.coverity.com/faq#frequency [1] https://scan.coverity.com/projects/polkit?tab=overview Resolves: #517
-
Frantisek Sumsal authored
Let's run dfuzzer to fuzz polkit's own D-Bus interface to catch issues like [0][1][2] early. The test implementation is a _bit_ convoluted, caused by the fact that we have to rebuild polkit with Address and Undefined sanitizers to make dfuzzer considerably more effective. This also involves running the just built polkit in a lightweight container so we don't mess with the already installed polkit (which could affect tests running after this one that don't expect sanitized polkit). All this extra code can be potentially dropped once we're able to do multiple Packit builds in one PR (currently in an RFC stage). Resolves: #515 [0] https://github.com/polkit-org/polkit/issues/506 [1] https://github.com/polkit-org/polkit/commit/b709b693346712bf8e8d8e8c77f71b7918fa367d [2] https://github.com/polkit-org/polkit/commit/5cce296a8d60a3395c1a372377bdf8f01ed93872
-
Frantisek Sumsal authored
Let's do a Packit build on "commit" events as well, which automagically enables Packit's OpenScanHub integration [0]. Since OSH runs only on x86_64 Fedora Rawhide builds, let's limit the scope for the "commit" event adequately; we still do the usual builds across all supported Fedora releases (and architectures) in PRs. The OSH integration is still in its experimental stage, but there's a plan to add SARIF support and integrate it into GitHub's UI (see [1]), which should make it quite useful. [0] https://packit.dev/posts/openscanhub-prototype [1] https://github.com/packit/dashboard/issues/441
-
- Nov 07, 2024
-
-
Vincent Mihalkovic authored
Closes: https://github.com/polkit-org/polkit/issues/512
-
- Nov 06, 2024
-
-
Frantisek Sumsal authored
These were fixed by dropping mocklibc.
-
Frantisek Sumsal authored
Suppress the outstanding -Wdeprecated-declarations warnings for now, so we don't miss real issues in the future.
-
Frantisek Sumsal authored
setre*id() functions are declared with `warn_unused_result` which makes them emit a warning when their result is unused. This warning can be suppressed by using (void) cast in clang, so do this where appropriate. As gcc doesn't support this, disable the warning completely when gcc is used. See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425
-
Frantisek Sumsal authored
Which allows correct type-checking during compilation and avoids errors when building with clang + -Werror: [58/71] Compiling C object src/programs/pkexec.p/pkexec.c.o FAILED: src/programs/pkexec.p/pkexec.c.o clang -Isrc/programs/pkexec.p -Isrc/programs -I../src/programs -I. -I.. -Isrc/polkitagent -I../src/polkitagent -Isrc -I../src -Isrc/polkit -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/sysprof-6 -I/usr/include/gio-unix-2.0 -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Werror -std=c99 -O2 -g -D_GNU_SOURCE -include config.h -Waggregate-return -Wdeclaration-after-statement -Wformat=2 -Wimplicit-function-declaration -Winit-self -Wmissing-declarations -Wmissing-include-dirs -Wmissing-prototypes -Wstrict-prototypes -Wno-format-y2k -Wno-declaration-after-statement -Wno-deprecated-declarations -pthread -DWITH_GZFILEOP -MD -MQ src/programs/pkexec.p/pkexec.c.o -MF src/programs/pkexec.p/pkexec.c.o.d -o src/programs/pkexec.p/pkexec.c.o -c ../src/programs/pkexec.c ../src/programs/pkexec.c:109:25: error: format string is not a string literal [-Werror,-Wformat-nonliteral] 109 | s = g_strdup_vprintf (format, var_args); | ^~~~~~ 1 error generated. [59/71] Compiling C object src/polkitbackend/libpolkit-backend-1.a.p/polkitbackendauthority.c.o FAILED: src/polkitbackend/libpolkit-backend-1.a.p/polkitbackendauthority.c.o clang -Isrc/polkitbackend/libpolkit-backend-1.a.p -Isrc/polkitbackend -I../src/polkitbackend -I. -I.. -Isrc -I../src -Isrc/polkit -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/sysprof-6 -I/usr/include/gio-unix-2.0 -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Werror -std=c99 -O2 -g -D_GNU_SOURCE -include config.h -Waggregate-return -Wdeclaration-after-statement -Wformat=2 -Wimplicit-function-declaration -Winit-self -Wmissing-declarations -Wmissing-include-dirs -Wmissing-prototypes -Wstrict-prototypes -Wno-format-y2k -Wno-declaration-after-statement -Wno-deprecated-declarations -fPIC -pthread -DWITH_GZFILEOP -D_POLKIT_COMPILATION -D_POLKIT_BACKEND_COMPILATION '-DPACKAGE_DATA_DIR="/usr/share"' '-DPACKAGE_SYSCONF_DIR="/etc"' -MD -MQ src/polkitbackend/libpolkit-backend-1.a.p/polkitbackendauthority.c.o -MF src/polkitbackend/libpolkit-backend-1.a.p/polkitbackendauthority.c.o.d -o src/polkitbackend/libpolkit-backend-1.a.p/polkitbackendauthority.c.o -c ../src/polkitbackend/polkitbackendauthority.c ../src/polkitbackend/polkitbackendauthority.c:1721:31: error: format string is not a string literal [-Werror,-Wformat-nonliteral] 1721 | message = g_strdup_vprintf (format, var_args); | ^~~~~~ 1 error generated.
-