forge/pmaports
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

temp: build networkmanager for armhf, armv7

Browse source 
Due to the following dependency chain, it is currently not available
in Alpine for armhf and armv7. This breaks postmarketos-base.

postmarketos-base -> networkmanager -> polkit -> mozjs60

This can be reverted, when networkmanager is back for arm{hf,v7} in
Alpine. The mozjs60 arm fix is from here:
https://github.com/alpinelinux/aports/pull/7561

Related: #244
This commit is contained in:
Oliver Smith 2019-05-05 17:51:04 +02:00
parent 230433ad9d
commit 271aba5d0f
No known key found for this signature in database
GPG key ID: 5AE7F5513E0885CB
24 changed files with 1036 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
temp/mozjs60/0001-silence-sandbox-violations.patch Normal file
View file

@ -0,0 +1,30 @@
Upstream: no
From 9ad10569e11a2fb96377188f895bc66abcc9511d Mon Sep 17 00:00:00 2001
From: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
Date: Wed, 5 Sep 2018 15:05:24 +0200
Subject: [PATCH] silence sandbox violations
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
---
python/mozbuild/mozbuild/frontend/emitter.py | 5 -----
1 file changed, 5 deletions(-)
diff --git a/python/mozbuild/mozbuild/frontend/emitter.py b/python/mozbuild/mozbuild/frontend/emitter.py
index 642b381c0..c37fbf5d0 100644
--- a/python/mozbuild/mozbuild/frontend/emitter.py
+++ b/python/mozbuild/mozbuild/frontend/emitter.py
@@ -1127,11 +1127,6 @@ class TreeMetadataEmitter(LoggingMixin):
raise SandboxValidationError('Path specified in LOCAL_INCLUDES '
'does not exist: %s (resolved to %s)' % (local_include,
full_path), context)
- if (full_path == context.config.topsrcdir or
- full_path == context.config.topobjdir):
- raise SandboxValidationError('Path specified in LOCAL_INCLUDES '
- 'is not allowed: %s (resolved to %s)' % (local_include,
- full_path), context)
include_obj = LocalInclude(context, local_include)
local_includes.append(include_obj.path.full_path)
yield include_obj
--
2.18.0

68
temp/mozjs60/APKBUILD Normal file
View file

@ -0,0 +1,68 @@
# Forked from Alpine, because networkmanager is currently missing in armhf, armv7 (#244)
pkgname=mozjs60
pkgver=60.6.1
_majver=${pkgver%%.*}
pkgrel=1
pkgdesc="standalone mozilla javascript engine"
url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/Releases/60"
arch="all !s390x"
license="MPL-2.0"
depends_dev="icu-dev nspr-dev libffi-dev readline-dev"
makedepends="$depends_dev zlib-dev python2 perl sed autoconf2.13 linux-headers coreutils"
subpackages="$pkgname-dev"
source="https://ftp.mozilla.org/pub/firefox/releases/${pkgver}esr/source/firefox-${pkgver}esr.source.tar.xz
0001-silence-sandbox-violations.patch
fix-musl-build.patch
fix-soname-lib.patch
"
builddir="$srcdir"/firefox-$pkgver
_builddir="$builddir/js/src"
# checks take forever in qemu
options="!check"
build() {
cd "$_builddir"
export LDFLAGS="$LDFLAGS -Wl,-z,stack-size=1048576"
# avoid complains about autoconf
touch configure
# Fix broken ARM_ARCH check which doesn't work with newer GCCs it seems.
if [ "$CTARGET = "armv* ]; then
ARM_ARCH=$(echo ${CTARGET#*armv} | sed "s|-.*||")
sed -i "s|ARM_ARCH=.*|ARM_ARCH=$ARM_ARCH|" "$builddir"/build/autoconf/arch.m4
fi
export SHELL=/bin/ash
PYTHON=/usr/bin/python2 ./configure --prefix=/usr \
--with-system-icu \
--with-system-nspr \
--with-system-zlib \
--with-intl-api \
--enable-ctypes \
--enable-shared-js \
--enable-readline \
--enable-system-ffi \
--disable-optimize \
--disable-jemalloc \
--enable-pie
make
}
check() {
cd "$_builddir"
dist/bin/jsapi-tests
}
package() {
cd "$_builddir"
make DESTDIR="$pkgdir" install
rm -f "$pkgdir"/usr/lib/*.ajs
}
sha512sums="a1683e9ad551c2aa6b84013216393fe1f7107728c253ed8e5700d419cf0956513110ed4e1b5dbac3e3bc23930e3024706f1b24d405b6edcdf8c175b03ab241ed firefox-60.6.1esr.source.tar.xz
adaacd6e087a07bd4ded598f6a66ee00c67c9092bb93d88729668516f6f00f497ad8ece1866680e6c371e4705e0f9194ade41ea3a986f793bd972c92029cf03a 0001-silence-sandbox-violations.patch
bc91c2fb15eb22acb8acc36d086fb18fbf6f202b4511d138769b5ecaaed4a673349c55f808270c762616fafa42e3b01e74dc0af1dcbeea1289e043926e2750c8 fix-musl-build.patch
4782794a0f409f767293fb5f61a9ad58985e05197538975ed8f7372bfae6921a3b9bcbbbfcf8ce2843cdfe8ee799d08cee71a6391ed5ae939f051d13038b0960 fix-soname-lib.patch"

16
temp/mozjs60/fix-musl-build.patch Normal file
View file

@ -0,0 +1,16 @@
Upstream: No
Reason: mozjs60 miscompiles on musl if built with HAVE_THREAD_TLS_KEYWORD:
https://github.com/void-linux/void-packages/issues/2598
diff --git a/js/src/old-configure.in b/js/src/old-configure.in
--- a/js/src/old-configure.in
+++ b/js/src/old-configure.in
@@ -1272,6 +1272,9 @@
*-android*|*-linuxandroid*)
:
;;
+ *-musl*)
+ :
+ ;;
*)
AC_DEFINE(HAVE_THREAD_TLS_KEYWORD)
;;

30
temp/mozjs60/fix-soname-lib.patch Normal file
View file

@ -0,0 +1,30 @@
Source: Arch Linux
Upstream: Unknown
Reason: fixes linking against libmozjs-60
diff --git i/js/src/build/Makefile.in w/js/src/build/Makefile.in
index ee19104e0ef5..a0f06fd35a18 100644
--- i/js/src/build/Makefile.in
+++ w/js/src/build/Makefile.in
@@ -89,6 +89,8 @@ ifneq (,$(REAL_LIBRARY))
endif
ifneq (,$(SHARED_LIBRARY))
$(SYSINSTALL) $(SHARED_LIBRARY) $(DESTDIR)$(libdir)
+ mv -f $(DESTDIR)$(libdir)/$(SHARED_LIBRARY) $(DESTDIR)$(libdir)/$(SHARED_LIBRARY).0
+ ln -s $(SHARED_LIBRARY).0 $(DESTDIR)$(libdir)/$(SHARED_LIBRARY)
ifeq ($(OS_ARCH),Darwin)
install_name_tool -id $(abspath $(libdir)/$(SHARED_LIBRARY)) $(DESTDIR)$(libdir)/$(SHARED_LIBRARY)
endif
diff --git i/js/src/build/moz.build w/js/src/build/moz.build
index a7f5fa4ce8eb..726687c13fb0 100644
--- i/js/src/build/moz.build
+++ w/js/src/build/moz.build
@@ -23,6 +23,7 @@ if not CONFIG['JS_STANDALONE']:
if CONFIG['JS_SHARED_LIBRARY']:
GeckoSharedLibrary('js', linkage=None)
SHARED_LIBRARY_NAME = CONFIG['JS_LIBRARY_NAME']
+ LDFLAGS += ['-Wl,-soname,lib{}.so.0'.format(SHARED_LIBRARY_NAME)]
else:
Library('js')

118
temp/networkmanager/APKBUILD Normal file
View file

@ -0,0 +1,118 @@
# Forked from Alpine, because networkmanager is currently missing in armhf, armv7 (#244)
pkgname=networkmanager
pkgver=1.18.1
pkgrel=1
pkgdesc="Network Management daemon"
url="https://wiki.gnome.org/Projects/NetworkManager"
arch="all"
license="GPL-2.0-or-later"
depends="dhcpcd iptables dbus"
install="$pkgname.pre-install $pkgname.pre-upgrade"
makedepends="$depends_dev
curl-dev
dbus-glib-dev
eudev-dev
libgudev-dev
gobject-introspection-dev
intltool
libndp-dev
libnl3-dev
libsoup-dev
libteam-dev
linux-headers
modemmanager-dev
newt-dev
nss-dev
polkit-dev
ppp-dev
readline-dev
util-linux-dev
jansson-dev
vala
meson
py-gobject3
libpsl-dev
python2
"
subpackages="$pkgname-dev $pkgname-doc $pkgname-lang $pkgname-openrc"
source="https://download.gnome.org/sources/NetworkManager/${pkgver:0:4}/NetworkManager-$pkgver.tar.xz
$pkgname.conf
$pkgname.initd
$pkgname.rules
musl-basic.patch
musl-network-support.patch
musl-fix-includes.patch
musl-process-util.patch
musl-has-not-secure-getenv.patch
musl-compar.patch
fix-ppc64le-build.patch
"
options="!check" # fail to compile on musl
builddir="$srcdir"/NetworkManager-$pkgver
build() {
meson \
--prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
-Dsystemdsystemunitdir=no \
-Dudev_dir=/lib/udev \
-Diptables=/sbin/iptables \
-Ddnsmasq=/usr/sbin/dnsmasq \
-Dmodify_system=true \
-Dselinux=false \
-Dsystemd_journal=false \
-Dlibaudit=no \
-Diwd=true \
-Dpppd=/usr/sbin/pppd \
-Dconfig_plugins_default=ifupdown \
-Difupdown=true \
-Ddhcpcd=true \
-Dconfig_dhcp_default=dhcpcd \
-Dvapi=true \
-Dtests=no \
-Dlibnm_glib=true \
-Dpolkit_agent=true \
-Dsession_tracking=no \
-Dqt=false \
. output
ninja -C output
}
check() {
ninja -C output test
}
package() {
DESTDIR="$pkgdir" ninja -C output install
install -m755 -D "$srcdir"/networkmanager.initd "$pkgdir"/etc/init.d/networkmanager
install -m644 -D "$srcdir/$pkgname.conf" "$pkgdir"/etc/NetworkManager/NetworkManager.conf
# allow plugdev users to modify connections
install -m644 -D "$srcdir/$pkgname.rules" \
"$pkgdir/usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings.modify.system.rules"
mkdir -p "$pkgdir/usr/share/apk-tools/$pkgname"
# post-install message
mv "$pkgdir/usr/share/doc/NetworkManager" "$pkgdir/usr/share/doc/$pkgname"
cat > $pkgdir/usr/share/doc/$pkgname/README.alpine <<EOF
To modify system network connections without the root password: add your user account to the 'plugdev' group, or use Polkit.
To use iwd instead of the default wpa_supplicant install iwd, start its service and the following to your /etc/NetworkManager/NetworkManager.conf:
[device]
wifi.backend=iwd
EOF
}
sha512sums="24ffd5b5802692ce392a5ce65623679014d4e476cddedf76222829118f3ab4c92e180c1814db80438f66e2ab7a4e93eb1bac1e0b77575ff7620b0bf0e27d2992 NetworkManager-1.18.1.tar.xz
a6e507260e2ceffad4cacb2b49a1d4f6b933e5ae8bc50c1bd56f828298c5dc8d9d17aa4be766faeacefbe3c6c0c748e4ef499a55bb5ee40f0f04bbf766fbbc82 networkmanager.conf
477c4cbb6e8c4805a61cdd9442c6a951c8f96173552d943a2f21938ba0facead455f247d65b2b79d1dcdd42abc6db8a8d06c49847bf028001c99ccfca1782bbd networkmanager.initd
9820ed2ead0af689644842de57657bb10330a1eaff0e85b21ae9913f55e399e47d8b41b0a12956f30de80272b4424c6e55f33acbc88e156879003a260bf576f6 networkmanager.rules
9d1a9185b0b50f677a4173a8b67e808ba36971111165ae446e9a15b5c7adcc8cc6d44fa7bddac05762c50d80b04818a483756eaf2aaefe0162e1f37cd070fca4 musl-basic.patch
095c1d944f3274ba31435cd1af8e2affb4187bdd921a0cc0c185b59810b73cfab7919b5f551bab3d9e4644fbee8f9ac017b4c5d69a771fb68319cbefa37c71a3 musl-network-support.patch
a3fe34eb93cb918650390ea01696a8e8489455a89721e479d6b83ab730f6608e9cf78cd0d993e7c8051708b695eea420490e36d85d400fa39ec0ff5d3882d26b musl-fix-includes.patch
b5cd94928ca3ba1fb71aec28d9ff66f319f6d23131e02c90f1dfbfaf16c537935228a9981c95f29ffb74e91752a17801c94d09ca57b7ba98028262b9e8e5d322 musl-process-util.patch
76b6728389686c91df6acafbbe17af7f0e01971e5f7185e164dcb39f93982ac6b73fc2cdf0ba2018e3fa80321178621fe2a5d910546de98bfc52484aa5d90d34 musl-has-not-secure-getenv.patch
634377674691b52da80ca4c445a727d39cd40269f7deef0d3ccc1e1041cc262e8bc1423200e9a2b0cf1804e9950059ebbbc827f1200c6a97c58bc76080a6d6d2 musl-compar.patch
c2dbdf31adb472dc6b14aad6d7a0981b2618880df7c9081ebb9bc6da8af4c5e791c36c4e997878d5e1e7f96bd65814f718e7ae23dcfea5ac5aa91acdab3775ae fix-ppc64le-build.patch"

12
temp/networkmanager/fix-ppc64le-build.patch Normal file
View file

@ -0,0 +1,12 @@
diff --git a/libnm/meson.build b/libnm/meson.build
index 4b3df97..31c6fa6 100644
--- a/libnm/meson.build
+++ b/libnm/meson.build
@@ -162,6 +162,7 @@ libnm = shared_library(
libnm_core_dep,
uuid_dep,
libnm_systemd_shared_no_logging_dep,
+ libnmdbus_dep,
],
c_args: cflags,
link_with: libnm_utils,

46
temp/networkmanager/musl-basic.patch Normal file
View file

@ -0,0 +1,46 @@
diff --git a/libnm-core/nm-json.c b/libnm-core/nm-json.c
index aa181a4..98c39fc 100644
--- a/libnm-core/nm-json.c
+++ b/libnm-core/nm-json.c
@@ -23,6 +23,10 @@
#include <dlfcn.h>
+#ifndef RTLD_DEEPBIND
+#define RTLD_DEEPBIND 0
+#endif
+
void *_nm_jansson_json_object_iter_value;
void *_nm_jansson_json_object_key_to_iter;
void *_nm_jansson_json_integer;
diff --git a/shared/systemd/src/basic/stdio-util.h b/shared/systemd/src/basic/stdio-util.h
index c3b9448..e80a938 100644
--- a/shared/systemd/src/basic/stdio-util.h
+++ b/shared/systemd/src/basic/stdio-util.h
@@ -1,7 +1,9 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once
+#if defined(__GLIBC__)
#include <printf.h>
+#endif
#include <stdarg.h>
#include <stdio.h>
#include <sys/types.h>
diff --git a/shared/systemd/src/basic/util.h b/shared/systemd/src/basic/util.h
index 25e6ab8..7967e8a 100644
--- a/shared/systemd/src/basic/util.h
+++ b/shared/systemd/src/basic/util.h
@@ -46,6 +46,12 @@ static inline unsigned u64log2(uint64_t n) {
#endif
}
+#if !defined(__GLIBC__)
+typedef int (*__compar_fn_t) (const void*, const void*);
+typedef __compar_fn_t comparison_fn_t;
+typedef int (*__compar_d_fn_t) (const void *, const void *, void *);
+#endif
+
static inline unsigned u32ctz(uint32_t n) {
#if __SIZEOF_INT__ == 4
return n != 0 ? __builtin_ctz(n) : 32;

18
temp/networkmanager/musl-compar.patch Normal file
View file

@ -0,0 +1,18 @@
diff --git a/shared/systemd/src/basic/sort-util.h b/shared/systemd/src/basic/sort-util.h
index e029f86..935f136 100644
--- a/shared/systemd/src/basic/sort-util.h
+++ b/shared/systemd/src/basic/sort-util.h
@@ -5,6 +5,13 @@
#include "macro.h"
+#ifndef __COMPAR_FN_T
+# define __COMPAR_FN_T
+typedef int (*__compar_fn_t) (const void *, const void *);
+typedef __compar_fn_t comparison_fn_t;
+typedef int (*__compar_d_fn_t) (const void *, const void *, void *);
+#endif
+
void *xbsearch_r(const void *key, const void *base, size_t nmemb, size_t size,
__compar_d_fn_t compar, void *arg);

52
temp/networkmanager/musl-fix-includes.patch Normal file
View file

@ -0,0 +1,52 @@
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index bd4fbcc..cb5436f 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -32,7 +32,11 @@
#include <arpa/inet.h>
#include <fcntl.h>
#include <linux/if_addr.h>
+#if defined(__GLIBC__)
#include <linux/if_arp.h>
+#else
+#include <linux/if.h>
+#endif
#include <linux/rtnetlink.h>
#include <linux/pkt_sched.h>
diff --git a/src/nm-manager.c b/src/nm-manager.c
index 40e068a..aa57ce8 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -26,6 +26,7 @@
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
+#include <asm/types.h>
#include "nm-glib-aux/nm-c-list.h"
diff --git a/src/platform/nm-linux-platform.c b/src/platform/nm-linux-platform.c
index d4b0115..c934f10 100644
--- a/src/platform/nm-linux-platform.c
+++ b/src/platform/nm-linux-platform.c
@@ -20,6 +20,7 @@
#include "nm-default.h"
#include "nm-linux-platform.h"
+#include "wpan/nm-wpan-utils.h"
#include <arpa/inet.h>
#include <dlfcn.h>
@@ -28,7 +29,11 @@
#include <libudev.h>
#include <linux/fib_rules.h>
#include <linux/ip.h>
+#if defined(__GLIBC__)
#include <linux/if_arp.h>
+#else
+#include <linux/if.h>
+#endif
#include <linux/if_bridge.h>
#include <linux/if_link.h>
#include <linux/if_tun.h>

13
temp/networkmanager/musl-has-not-secure-getenv.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/src/systemd/sd-adapt-core/nm-sd-adapt-core.h b/src/systemd/sd-adapt-core/nm-sd-adapt-core.h
index 8c07c53..d043afc 100644
--- a/src/systemd/sd-adapt-core/nm-sd-adapt-core.h
+++ b/src/systemd/sd-adapt-core/nm-sd-adapt-core.h
@@ -65,7 +65,7 @@
# ifdef HAVE___SECURE_GETENV
# define secure_getenv __secure_getenv
# else
-# error neither secure_getenv nor __secure_getenv is available
+# define secure_getenv getenv
# endif
#endif

42
temp/networkmanager/musl-network-support.patch Normal file
View file

@ -0,0 +1,42 @@
--- a/libnm-core/nm-utils.h
+++ b/libnm-core/nm-utils.h
@@ -30,7 +30,11 @@
#include <netinet/in.h>
/* For ETH_ALEN and INFINIBAND_ALEN */
+#if defined(__GLIBC__)
#include <linux/if_ether.h>
+#else
+#define ETH_ALEN 6 /* Octets in one ethernet addr */
+#endif
#include <linux/if_infiniband.h>
#include "nm-core-enum-types.h"
--- a/src/platform/wifi/nm-wifi-utils.h
+++ b/src/platform/wifi/nm-wifi-utils.h
@@ -22,7 +22,11 @@
#ifndef __WIFI_UTILS_H__
#define __WIFI_UTILS_H__
+#if defined(__GLIBC__)
#include <net/ethernet.h>
+#else /* musl libc */
+#define ETH_ALEN 6 /* Octets in one ethernet addr */
+#endif
#include "nm-dbus-interface.h"
--- a/shared/systemd/src/basic/socket-util.h 2019-03-16 15:41:33.287235649 +0100
+++ b/shared/systemd/src/basic/socket-util.h 2019-03-16 15:42:24.273912106 +0100
@@ -12,6 +12,11 @@
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/un.h>
+#if !defined(__GLIBC__)
+/* SIOCGSTAMPNS from linux/asm-generic.h
+ * for src/systemd/src/libsystemd-network/sd-lldp.c */
+#include <linux/sockios.h>
+#endif
#include "macro.h"
#include "missing_socket.h"

40
temp/networkmanager/musl-process-util.patch Normal file
View file

@ -0,0 +1,40 @@
--- a/shared/systemd/src/basic/process-util.c
+++ b/shared/systemd/src/basic/process-util.c
@@ -21,6 +21,9 @@
#include <sys/wait.h>
#include <syslog.h>
#include <unistd.h>
+#ifndef __GLIBC__
+#include <pthread.h>
+#endif
#if 0 /* NM_IGNORED */
#if HAVE_VALGRIND_VALGRIND_H
#include <valgrind/valgrind.h>
@@ -1168,11 +1171,13 @@ void reset_cached_pid(void) {
cached_pid = CACHED_PID_UNSET;
}
+#ifdef __GLIBC__
/* We use glibc __register_atfork() + __dso_handle directly here, as they are not included in the glibc
* headers. __register_atfork() is mostly equivalent to pthread_atfork(), but doesn't require us to link against
* libpthread, as it is part of glibc anyway. */
extern int __register_atfork(void (*prepare) (void), void (*parent) (void), void (*child) (void), void *dso_handle);
extern void* __dso_handle _weak_;
+#endif
pid_t getpid_cached(void) {
static bool installed = false;
@@ -1201,7 +1206,12 @@ pid_t getpid_cached(void) {
* only half-documented (glibc doesn't document it but LSB does — though only superficially)
* we'll check for errors only in the most generic fashion possible. */
- if (__register_atfork(NULL, NULL, reset_cached_pid, __dso_handle) != 0) {
+ #ifdef __GLIBC__
+ if (__register_atfork(NULL, NULL, reset_cached_pid, __dso_handle) != 0) {
+ #else
+ if (pthread_atfork(NULL, NULL, reset_cached_pid) != 0) {
+ #endif
+
/* OOM? Let's try again later */
cached_pid = CACHED_PID_UNSET;
return new_pid;

2
temp/networkmanager/networkmanager.conf Normal file
View file

@ -0,0 +1,2 @@
[main]
dhcp=dhcpcd

24
temp/networkmanager/networkmanager.initd Normal file
View file

@ -0,0 +1,24 @@
#!/sbin/openrc-run
# Copyright (c) 2008 Saleem Abdulrasool <compnerd@compnerd.org>
# Distributed under the terms of the GNU General Purpose License v2
# $Header: $
depend() {
need dbus
provide net
}
start() {
ebegin "Starting NetworkManager"
start-stop-daemon --start --quiet --pidfile /var/run/NetworkManager.pid \
--exec /usr/sbin/NetworkManager -- --pid-file /var/run/NetworkManager.pid
eend $?
}
stop() {
ebegin "Stopping NetworkManager"
start-stop-daemon --stop --quiet --pidfile /var/run/NetworkManager.pid
eend $?
}
# vim: set ft=gentoo-init-d ts=3 sw=3 et:

9
temp/networkmanager/networkmanager.pre-install Normal file
View file

@ -0,0 +1,9 @@
#!/bin/sh
addgroup -S plugdev 2>/dev/null
printf " *\n * To setup system connections, regular users must be member of 'plugdev' group.\n *\n"
printf " *\n * To control WiFi devices, enable wpa_supplicant service: 'rc-update add wpa_supplicant default'\n"
printf " * then reboot the system or restart 'wpa_supplicant' and 'networkmanager' services respectively.\n *\n"
exit 0

1
temp/networkmanager/networkmanager.pre-upgrade Symbolic link
View file

@ -0,0 +1 @@
networkmanager.pre-install

9
temp/networkmanager/networkmanager.rules Normal file
View file

@ -0,0 +1,9 @@
// Let users in plugdev group modify NetworkManager
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" &&
subject.isInGroup("plugdev") && subject.active) {
return "yes";
}
});

78
temp/polkit/APKBUILD Normal file
View file

@ -0,0 +1,78 @@
# Forked from Alpine, because networkmanager is currently missing in armhf, armv7 (#244)
pkgname=polkit
pkgver=0.115
pkgrel=0
pkgdesc="Application development toolkit for controlling system-wide privileges"
url="https://www.freedesktop.org/wiki/Software/polkit/"
arch="all"
license="GPL-2.0-or-later"
options="suid !check"
depends_dev="dbus-glib-dev"
makedepends="$depends_dev expat-dev glib-dev gtk-doc gobject-introspection-dev
intltool autoconf automake libtool bash mozjs60-dev linux-pam-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
source="https://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz
CVE-2018-19788.patch
make-innetgr-optional.patch
mozjs60-1.patch
mozjs60-2.patch
alpine-pam.patch
"
install="polkit.pre-install"
pkgusers="polkitd"
pkggroups="polkitd"
builddir="$srcdir/$pkgname-$pkgver"
prepare() {
cd "$builddir"
default_prepare
autoreconf -fi
}
build() {
cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--libexecdir=/usr/lib/polkit-1 \
--localstatedir=/var \
--disable-static \
--enable-introspection \
--with-authfw=pam \
--with-os-type=alpine \
--disable-gtk-doc \
--disable-gtk-doc-html \
--disable-gtk-doc-pdf \
--disable-libelogind \
--disable-systemd \
--disable-libsystemd-login
make
}
check() {
cd "$builddir"
make check
}
package() {
cd "$builddir"
# Set SHELL as a workaround for #10081
make SHELL=/bin/bash DESTDIR="$pkgdir" install
# Required to run the polkitd daemon as non-root
chown -R polkitd:polkitd "$pkgdir"/etc/polkit-1/rules.d "$pkgdir"/usr/share/polkit-1/rules.d
chmod -R 700 "$pkgdir"/etc/polkit-1/rules.d "$pkgdir"/usr/share/polkit-1/rules.d
}
sha512sums="1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc polkit-0.115.tar.gz
5b951d7532b0ad51214cf63814cb863fe83ebc57722245cef3f5f003bba368ffd18fab03b9f23bbef8ed30972ad32f074d25491c3fe338389e02e279b4ced62c CVE-2018-19788.patch
1e679eda2cacb25ad0d7409ab7c5811697519e46d3873a86a9ff2d8d3d3664e63c925ab13e5faf643031ea27e8e35730556121c96e06acd28c5f690848a8ce00 make-innetgr-optional.patch
8d71494ddfc3f8d24b6c7dbab2b0440d9ab9df49d9e095c90f3802054bf858f4c81c644d1ab64872a6ea61ae70c58a181e47123a4c50bd8a339b27a23bfffaaa mozjs60-1.patch
d7dc9fc3189a0897e8f484f7dfcee3722f75694401f7a01cac3eb1f0f6cb639081136e86e4bf467c908f77c847d4ddf310817c722fd21a73662ca6b908ce8d53 mozjs60-2.patch
077a3e10ada918e6f9879ce50bba9145229bd92d3f13d4c6454147eb051086afbcf8d0a683a5ebe583ba00f956db011aa1afd3d9e99d7693e288737191468b8f alpine-pam.patch"

150
temp/polkit/CVE-2018-19788.patch Normal file
View file

@ -0,0 +1,150 @@
--- a/src/polkit/polkitunixgroup.c
+++ b/src/polkit/polkitunixgroup.c
@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
static void
polkit_unix_group_init (PolkitUnixGroup *unix_group)
{
+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */
}
static void
@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object,
GParamSpec *pspec)
{
PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
+ gint val;
switch (prop_id)
{
case PROP_GID:
- unix_group->gid = g_value_get_int (value);
+ val = g_value_get_int (value);
+ g_return_if_fail (val != -1);
+ unix_group->gid = val;
break;
default:
@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
g_param_spec_int ("gid",
"Group ID",
"The UNIX group ID",
- 0,
+ G_MININT,
G_MAXINT,
- 0,
+ -1,
G_PARAM_CONSTRUCT |
G_PARAM_READWRITE |
G_PARAM_STATIC_NAME |
@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group)
*/
void
polkit_unix_group_set_gid (PolkitUnixGroup *group,
- gint gid)
+ gint gid)
{
g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
+ g_return_if_fail (gid != -1);
group->gid = gid;
}
@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
PolkitIdentity *
polkit_unix_group_new (gint gid)
{
+ g_return_val_if_fail (gid != -1, NULL);
+
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
"gid", gid,
NULL));
--- a/src/polkit/polkitunixprocess.c
+++ b/src/polkit/polkitunixprocess.c
@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object,
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
break;
- case PROP_UID:
- polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
+ case PROP_UID: {
+ gint val;
+
+ val = g_value_get_int (value);
+ g_return_if_fail (val != -1);
+ polkit_unix_process_set_uid (unix_process, val);
break;
+ }
case PROP_START_TIME:
polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
g_param_spec_int ("uid",
"User ID",
"The UNIX user ID",
- -1,
+ G_MININT,
G_MAXINT,
-1,
G_PARAM_CONSTRUCT |
@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process,
gint uid)
{
g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
- g_return_if_fail (uid >= -1);
process->uid = uid;
}
--- a/src/polkit/polkitunixuser.c
+++ b/src/polkit/polkitunixuser.c
@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
static void
polkit_unix_user_init (PolkitUnixUser *unix_user)
{
+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */
unix_user->name = NULL;
}
@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object,
GParamSpec *pspec)
{
PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
+ gint val;
switch (prop_id)
{
case PROP_UID:
- unix_user->uid = g_value_get_int (value);
+ val = g_value_get_int (value);
+ g_return_if_fail (val != -1);
+ unix_user->uid = val;
break;
default:
@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
g_param_spec_int ("uid",
"User ID",
"The UNIX user ID",
- 0,
+ G_MININT,
G_MAXINT,
- 0,
+ -1,
G_PARAM_CONSTRUCT |
G_PARAM_READWRITE |
G_PARAM_STATIC_NAME |
@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
gint uid)
{
g_return_if_fail (POLKIT_IS_UNIX_USER (user));
+ g_return_if_fail (uid != -1);
user->uid = uid;
}
@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
PolkitIdentity *
polkit_unix_user_new (gint uid)
{
+ g_return_val_if_fail (uid != -1, NULL);
+
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
"uid", uid,
NULL));

18
temp/polkit/alpine-pam.patch Normal file
View file

@ -0,0 +1,18 @@
Point /etc/pam.d/polkit-1 to the right PAM files.
diff --git configure.ac configure.ac
index 36df239..53b5573 100644
--- a/configure.ac
+++ b/configure.ac
@@ -470,6 +470,11 @@ elif test x$with_os_type = xfreebsd -o x$with_os_type = xnetbsd; then
PAM_FILE_INCLUDE_ACCOUNT=system
PAM_FILE_INCLUDE_PASSWORD=system
PAM_FILE_INCLUDE_SESSION=system
+elif test x$with_os_type = xalpine; then
+ PAM_FILE_INCLUDE_AUTH=base-auth
+ PAM_FILE_INCLUDE_ACCOUNT=base-account
+ PAM_FILE_INCLUDE_PASSWORD=base-password
+ PAM_FILE_INCLUDE_SESSION=base-session
else
PAM_FILE_INCLUDE_AUTH=system-auth
PAM_FILE_INCLUDE_ACCOUNT=system-auth

68
temp/polkit/make-innetgr-optional.patch Normal file
View file

@ -0,0 +1,68 @@
--- a/configure.ac
+++ b/configure.ac
@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
[AC_MSG_ERROR([Can't find expat library. Please install expat.])])
AC_SUBST(EXPAT_LIBS)
-AC_CHECK_FUNCS(clearenv fdatasync)
+AC_CHECK_FUNCS(clearenv fdatasync getnetgrent)
if test "x$GCC" = "xyes"; then
LDFLAGS="-Wl,--as-needed $LDFLAGS"
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -2228,6 +2228,7 @@ get_users_in_net_group (PolkitIdentity *group,
ret = NULL;
name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
+#if defined HAVE_GETNETGRENT
#ifdef HAVE_SETNETGRENT_RETURN
if (setnetgrent (name) == 0)
{
@@ -2236,6 +2237,7 @@ get_users_in_net_group (PolkitIdentity *group,
}
#else
setnetgrent (name);
+#endif
#endif
for (;;)
@@ -2248,8 +2250,10 @@ get_users_in_net_group (PolkitIdentity *group,
PolkitIdentity *user;
GError *error = NULL;
+#if defined HAVE_GETNETGRENT
if (getnetgrent (&hostname, &username, &domainname) == 0)
break;
+#endif
/* Skip NULL entries since we never want to make everyone an admin
* Skip "-" entries which mean "no match ever" in netgroup land */
@@ -2274,7 +2278,9 @@ get_users_in_net_group (PolkitIdentity *group,
ret = g_list_reverse (ret);
out:
+#if defined HAVE_GETNETGRENT
endnetgrent ();
+#endif
return ret;
}
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -1499,6 +1499,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
+#if defined HAVE_GETNETGRENT
user = JS_EncodeString (cx, args[0].toString());
netgroup = JS_EncodeString (cx, args[1].toString());
@@ -1514,6 +1515,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
JS_free (cx, user);
ret = true;
+#endif
args.rval ().setBoolean (is_in_netgroup);

28
temp/polkit/mozjs60-1.patch Normal file
View file

@ -0,0 +1,28 @@
Upstream: yes
From c9cd7024140b837b5693d7c1bbaad1b0cd31cce6 Mon Sep 17 00:00:00 2001
From: Emmanuele Bassi <ebassi@gnome.org>
Date: Fri, 31 Aug 2018 13:32:16 +0100
Subject: Depend on mozjs-60
This is the new ESR version of the Mozilla JS engine, superceding
mozjs-52.
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 5c37e48..5cedb4e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
AC_SUBST(GLIB_CFLAGS)
AC_SUBST(GLIB_LIBS)
-PKG_CHECK_MODULES(LIBJS, [mozjs-52])
+PKG_CHECK_MODULES(LIBJS, [mozjs-60])
AC_SUBST(LIBJS_CFLAGS)
AC_SUBST(LIBJS_CXXFLAGS)
--
cgit v1.1

158
temp/polkit/mozjs60-2.patch Normal file
View file

@ -0,0 +1,158 @@
Upstream: yes
From dd00683e8781d230a45781d509d86ad676138564 Mon Sep 17 00:00:00 2001
From: Emmanuele Bassi <ebassi@gnome.org>
Date: Fri, 31 Aug 2018 13:33:20 +0100
Subject: Port the JS authority to mozjs-60
API changes in mozjs that need to be reflected in the JS authority:
- the JS::CompileOptions constructor and the JS::CompartmentOptions
do not allow setting a JS version any more
- do not use NULL comparisons for C++ objects
- the resize() method for a vector has a return value that needs
to be handled
- JSClassOps has different fields
---
src/polkitbackend/polkitbackendjsauthority.cpp | 65 +++++++++++++-------------
1 file changed, 32 insertions(+), 33 deletions(-)
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
index 7602714..984a0f0 100644
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC
/* ---------------------------------------------------------------------------------------------------- */
static const struct JSClassOps js_global_class_ops = {
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL
+ nullptr, // addProperty
+ nullptr, // deleteProperty
+ nullptr, // enumerate
+ nullptr, // newEnumerate
+ nullptr, // resolve
+ nullptr, // mayResolve
+ nullptr, // finalize
+ nullptr, // call
+ nullptr, // hasInstance
+ nullptr, // construct
+ JS_GlobalObjectTraceHook
};
static JSClass js_global_class = {
@@ -172,18 +171,17 @@ static JSClass js_global_class = {
/* ---------------------------------------------------------------------------------------------------- */
static const struct JSClassOps js_polkit_class_ops = {
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL
+ nullptr, // addProperty
+ nullptr, // deleteProperty
+ nullptr, // enumerate
+ nullptr, // newEnumerate
+ nullptr, // resolve
+ nullptr, // mayResolve
+ nullptr, // finalize
+ nullptr, // call
+ nullptr, // hasInstance
+ nullptr, // construct
+ nullptr // trace
};
static JSClass js_polkit_class = {
@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object)
{
JS::CompartmentOptions compart_opts;
- compart_opts.behaviors().setVersion(JSVERSION_LATEST);
+
JS::RootedObject global(authority->priv->cx);
authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts));
global = authority->priv->js_global->get ();
-
- if (global == NULL)
+ if (!global)
goto fail;
authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global);
- if (authority->priv->ac == NULL)
+ if (!authority->priv->ac)
goto fail;
if (!JS_InitStandardClasses (authority->priv->cx, global))
@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object)
polkit = authority->priv->js_polkit->get ();
- if (polkit == NULL)
+ if (!polkit)
goto fail;
if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE))
@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object)
js_polkit_functions))
goto fail;
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
+ JS::CompileOptions options(authority->priv->cx);
JS::RootedValue rval(authority->priv->cx);
if (!JS::Evaluate (authority->priv->cx,
options,
@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority *authority,
JS::AutoValueVector elems(authority->priv->cx);
guint n;
- elems.resize(value->len);
+ if (!elems.resize(value->len))
+ g_error ("Unable to resize vector");
+
for (n = 0; n < value->len; n++)
{
const char *c_string = (const char *) g_ptr_array_index(value, n);
@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority *authority,
GError **error)
{
gboolean ret = FALSE;
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
+ JS::CompileOptions options(authority->priv->cx);
const char *src;
JS::RootedObject obj(authority->priv->cx);
pid_t pid;
@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority,
GError **error)
{
gboolean ret = FALSE;
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
+ JS::CompileOptions options(authority->priv->cx);
const char *src;
JS::RootedObject obj(authority->priv->cx);
gchar **keys;
--
cgit v1.1

6
temp/polkit/polkit.pre-install Normal file
View file

@ -0,0 +1,6 @@
#!/bin/sh
addgroup -S polkitd 2>/dev/null
adduser -S -D -H -h /var/empty -s /sbin/nologin -G polkitd -g polkitd polkitd 2>/dev/null
exit 0