[PATCH 0/5] Add polkit distro feature

[PATCH 0/5] Add polkit distro feature

[Stefan Agner]

From: Stefan Agner <stefan.agner@toradex.com>

This patchset adds Polkit (formerly known as PolicyKit) as a distro feature.
Polkit is used to centrally manage system policies and allows non-privileged
processes access privileged operations.

Since various packages such as systemd, ConnMan or NetworkManager allow building
with/without Polkit support it is sensible to have a global policy by using a
distro feature to descide whether to use Polkit.

Currently there is NetworkManager and xfce4 which enable polkit if systemd is
enabled. Using Polkit as a distro feature allows to easily prevent any Polkit
use while still using systemd.

I plan to send another patch to wire this up in various packages in
meta-openembedded as well as documentation update.

--
Stefan

Stefan Agner (5):
  systemd: only enable polkit if DISTRO_FEATURES asks for polkit
  gconf: rename policykit to polkit
  gconf: enable polkit if polkit distro feature is set
  consolekit: rename policykit to polkit
  consolekit: enable polkit if polkit distro feature is set

 meta/recipes-core/systemd/systemd_239.bb            | 3 +--
 meta/recipes-gnome/gnome/gconf_3.2.6.bb             | 7 +++----
 meta/recipes-support/consolekit/consolekit_0.4.6.bb | 4 ++--
 3 files changed, 6 insertions(+), 8 deletions(-)

-- 
2.13.6

[PATCH 1/5] systemd: only enable polkit if DISTRO_FEATURES asks for polkit

[Stefan Agner]

From: Stefan Agner <stefan.agner@toradex.com>

Only add polkit to PACKAGECONFIG if polkit is in DISTRO_FEATURES.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
---
 meta/recipes-core/systemd/systemd_239.bb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/meta/recipes-core/systemd/systemd_239.bb b/meta/recipes-core/systemd/systemd_239.bb
index be836ffa42..586ef65299 100644
--- a/meta/recipes-core/systemd/systemd_239.bb
+++ b/meta/recipes-core/systemd/systemd_239.bb
@@ -76,7 +76,7 @@ PAM_PLUGINS = " \
 "
 
 PACKAGECONFIG ??= " \
-    ${@bb.utils.filter('DISTRO_FEATURES', 'efi ldconfig pam selinux usrmerge', d)} \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'efi ldconfig pam selinux usrmerge polkit', d)} \
     ${@bb.utils.contains('DISTRO_FEATURES', 'wifi', 'rfkill', '', d)} \
     ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'xkbcommon', '', d)} \
     acl \
@@ -94,7 +94,6 @@ PACKAGECONFIG ??= " \
     myhostname \
     networkd \
     nss \
-    polkit \
     quotacheck \
     randomseed \
     resolved \
-- 
2.13.6

[PATCH 2/5] gconf: rename policykit to polkit

[Stefan Agner]

From: Stefan Agner <stefan.agner@toradex.com>

PolicyKit has been renamed to Polkit since quite a while. Rename
the PACKAGECONFIG accordingly.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
---
 meta/recipes-gnome/gnome/gconf_3.2.6.bb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-gnome/gnome/gconf_3.2.6.bb b/meta/recipes-gnome/gnome/gconf_3.2.6.bb
index 120ae3e021..1e8ca2e5d2 100644
--- a/meta/recipes-gnome/gnome/gconf_3.2.6.bb
+++ b/meta/recipes-gnome/gnome/gconf_3.2.6.bb
@@ -22,12 +22,12 @@ S = "${WORKDIR}/GConf-${PV}"
 EXTRA_OECONF = "--enable-shared --disable-static \
                 --disable-orbit --with-openldap=no --disable-gtk"
 
-# Disable PolicyKit by default
+# Disable Polkit by default
 PACKAGECONFIG ??= ""
-# We really don't want PolicyKit for native
+# We really don't want Polkit for native
 PACKAGECONFIG_class-native = ""
 
-PACKAGECONFIG[policykit] = "--enable-defaults-service,--disable-defaults-service,polkit"
+PACKAGECONFIG[polkit] = "--enable-defaults-service,--disable-defaults-service,polkit"
 PACKAGECONFIG[debug] = "--enable-debug=yes, --enable-debug=minimum"
 
 do_install_append() {
-- 
2.13.6

[PATCH 3/5] gconf: enable polkit if polkit distro feature is set

[Stefan Agner]

From: Stefan Agner <stefan.agner@toradex.com>

Enable polkit depending on whether polkit distro feature is set.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
---
 meta/recipes-gnome/gnome/gconf_3.2.6.bb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/meta/recipes-gnome/gnome/gconf_3.2.6.bb b/meta/recipes-gnome/gnome/gconf_3.2.6.bb
index 1e8ca2e5d2..e6742f37d8 100644
--- a/meta/recipes-gnome/gnome/gconf_3.2.6.bb
+++ b/meta/recipes-gnome/gnome/gconf_3.2.6.bb
@@ -22,8 +22,7 @@ S = "${WORKDIR}/GConf-${PV}"
 EXTRA_OECONF = "--enable-shared --disable-static \
                 --disable-orbit --with-openldap=no --disable-gtk"
 
-# Disable Polkit by default
-PACKAGECONFIG ??= ""
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)}"
 # We really don't want Polkit for native
 PACKAGECONFIG_class-native = ""
 
-- 
2.13.6

[PATCH 4/5] consolekit: rename policykit to polkit

[Stefan Agner]

From: Stefan Agner <stefan.agner@toradex.com>

PolicyKit has been renamed to Polkit since quite a while. Rename
the PACKAGECONFIG accordingly.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
---
 meta/recipes-support/consolekit/consolekit_0.4.6.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/consolekit/consolekit_0.4.6.bb b/meta/recipes-support/consolekit/consolekit_0.4.6.bb
index 80d48bf84f..15b39046e3 100644
--- a/meta/recipes-support/consolekit/consolekit_0.4.6.bb
+++ b/meta/recipes-support/consolekit/consolekit_0.4.6.bb
@@ -26,7 +26,7 @@ S = "${WORKDIR}/ConsoleKit-${PV}"
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd', d)}"
 
 PACKAGECONFIG[pam] = "--enable-pam-module --with-pam-module-dir=${base_libdir}/security,--disable-pam-module,libpam"
-PACKAGECONFIG[policykit] = "--with-polkit,--without-polkit,polkit"
+PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit,polkit"
 PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,--with-systemdsystemunitdir="
 
 FILES_${PN} += "${exec_prefix}/lib/ConsoleKit \
-- 
2.13.6

[PATCH 5/5] consolekit: enable polkit if polkit distro feature is set

[Stefan Agner]

From: Stefan Agner <stefan.agner@toradex.com>

Enable polkit depending on whether polkit distro feature is set.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
---
 meta/recipes-support/consolekit/consolekit_0.4.6.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/consolekit/consolekit_0.4.6.bb b/meta/recipes-support/consolekit/consolekit_0.4.6.bb
index 15b39046e3..a17f739d4d 100644
--- a/meta/recipes-support/consolekit/consolekit_0.4.6.bb
+++ b/meta/recipes-support/consolekit/consolekit_0.4.6.bb
@@ -23,7 +23,7 @@ SRC_URI[sha256sum] = "b41d17e06f80059589fbeefe96ad07bcc564c49e65516da1caf9751464
 
 S = "${WORKDIR}/ConsoleKit-${PV}"
 
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd', d)}"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd polkit', d)}"
 
 PACKAGECONFIG[pam] = "--enable-pam-module --with-pam-module-dir=${base_libdir}/security,--disable-pam-module,libpam"
 PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit,polkit"
-- 
2.13.6

Re: [PATCH 0/5] Add polkit distro feature

[Randy MacLeod]

On 1/15/19 5:27 PM, Stefan Agner wrote:
> From: Stefan Agner <stefan.agner@toradex.com>
> 
> This patchset adds Polkit (formerly known as PolicyKit) as a distro feature.
> Polkit is used to centrally manage system policies and allows non-privileged
> processes access privileged operations.
> 
> Since various packages such as systemd, ConnMan or NetworkManager allow building
> with/without Polkit support it is sensible to have a global policy by using a
> distro feature to descide whether to use Polkit.
> 
> Currently there is NetworkManager and xfce4 which enable polkit if systemd is
> enabled. Using Polkit as a distro feature allows to easily prevent any Polkit
> use while still using systemd.
> 
> I plan to send another patch to wire this up in various packages in
> meta-openembedded as well as documentation update.

Thanks.

The patches are pretty straight-forward.
LGTM.

../Randy

> 
> --
> Stefan
> 
> Stefan Agner (5):
>    systemd: only enable polkit if DISTRO_FEATURES asks for polkit
>    gconf: rename policykit to polkit
>    gconf: enable polkit if polkit distro feature is set
>    consolekit: rename policykit to polkit
>    consolekit: enable polkit if polkit distro feature is set
> 
>   meta/recipes-core/systemd/systemd_239.bb            | 3 +--
>   meta/recipes-gnome/gnome/gconf_3.2.6.bb             | 7 +++----
>   meta/recipes-support/consolekit/consolekit_0.4.6.bb | 4 ++--
>   3 files changed, 6 insertions(+), 8 deletions(-)
> 


-- 
# Randy MacLeod
# Wind River Linux