;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 Andreas Enge ;;; Copyright © 2015 Andy Wingo ;;; Copyright © 2015, 2021-2022 Ludovic Courtès ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016, 2022 Efraim Flashner ;;; Copyright © 2017 Huang Ying ;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; Copyright © 2018 Ricardo Wurmus ;;; Copyright © 2021 Morgan Smith ;;; Copyright © 2021 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu packages polkit) #:use-module ((guix licenses) #:select (lgpl2.0+)) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix memoization) #:use-module (guix utils) #:use-module (guix build utils) #:use-module (guix build-system cmake) #:use-module (guix build-system gnu) #:use-module (gnu packages) #:use-module (gnu packages autotools) #:use-module (gnu packages freedesktop) #:use-module (gnu packages glib) #:use-module (gnu packages gtk) #:use-module (gnu packages docbook) #:autoload (gnu packages gnuzilla) (mozjs) #:autoload (gnu packages javascript) (duktape) #:use-module (gnu packages linux) #:use-module (gnu packages nss) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) #:use-module (gnu packages qt) #:use-module (gnu packages xml) #:export (polkit)) (define-public polkit-mozjs (package (name "polkit") (version "0.120") (source (origin (method url-fetch) (uri (string-append "https://www.freedesktop.org/software/polkit/releases/" name "-" version ".tar.gz")) (sha256 (base32 "00zfg9b9ivkcj2jcf5b92cpvvyljz8cmfwj86lkvy5rihnd5jypf")) (patches (search-patches "polkit-configure-elogind.patch" "polkit-CVE-2021-4034.patch")) (modules '((guix build utils))) (snippet '(begin (use-modules (guix build utils)) ;; Disable broken test. (substitute* "test/Makefile.in" (("SUBDIRS = mocklibc . polkit polkitbackend") "SUBDIRS = mocklibc . polkit")) ;; Disable a test that requires Python, D-Bus and a few ;; libraries and fails with "ERROR: timed out waiting for bus ;; process to terminate". (substitute* "test/polkitbackend/Makefile.am" (("TEST_PROGS \\+= polkitbackendjsauthoritytest-wrapper.py") "")) ;; Guix System's polkit ;; service stores actions under /etc/polkit-1/actions. (substitute* "src/polkitbackend/polkitbackendinteractiveauthority.c" (("PACKAGE_DATA_DIR \"/polkit-1/actions\"") "PACKAGE_SYSCONF_DIR \"/polkit-1/actions\"")) ;; Set the setuid helper's real location. (substitute* "src/polkitagent/polkitagentsession.c" (("PACKAGE_PREFIX \"/lib/polkit-1/polkit-agent-helper-1\"") "\"/run/setuid-programs/polkit-agent-helper-1\"")))))) (build-system gnu-build-system) (inputs (list expat linux-pam elogind mozjs nspr)) (propagated-inputs (list glib)) ; required by polkit-gobject-1.pc (native-inputs (list pkg-config `(,glib "bin") ;for glib-mkenums intltool gobject-introspection libxslt ;for man page generation docbook-xsl)) ;for man page generation (arguments `(#:configure-flags '("--sysconfdir=/etc" "--enable-man-pages" ;; Prevent ‘configure: error: cannot check for ;; file existence when cross compiling’. ,@(if (%current-target-system) '("--with-os-type=unknown") '())) #:phases (modify-phases %standard-phases (add-after 'unpack 'fix-introspection-install-dir (lambda* (#:key outputs #:allow-other-keys) (let ((out (assoc-ref outputs "out"))) (substitute* (find-files "." "Makefile.in") (("@INTROSPECTION_GIRDIR@") (string-append out "/share/gir-1.0/")) (("@INTROSPECTION_TYPELIBDIR@") (string-append out "/lib/girepository-1.0/")))))) (add-after 'unpack 'fix-manpage-generation (lambda* (#:key inputs #:allow-other-keys) (let ((xsldoc (string-append (assoc-ref inputs "docbook-xsl") "/xml/xsl/docbook-xsl-" ,(package-version docbook-xsl)))) (substitute* '("docs/man/Makefile.am" "docs/man/Makefile.in") (("http://docbook.sourceforge.net/release/xsl/current") xsldoc))))) (replace 'install (lambda* (#:key outputs (make-flags '()) #:allow-other-keys) ;; Override sysconfdir during "make install", to avoid attempting ;; to install in /etc, and to instead install the skeletons in the ;; output directory. (let ((out (assoc-ref outputs "out"))) (apply invoke "make" "install" (string-append "sysconfdir=" out "/etc") (string-append "polkit_actiondir=" out "/share/polkit-1/actions") make-flags))))))) (home-page "https://www.freedesktop.org/wiki/Software/polkit/") (synopsis "Authorization API for privilege management") (description "Polkit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes. It is a framework for centralizing the decision making process with respect to granting access to privileged operations for unprivileged applications.") (license lgpl2.0+))) ;;; Variant of polkit built with Duktape, a lighter JavaScript engine compared ;;; to mozjs. (define-public polkit-duktape (let ((base polkit-mozjs)) (package/inherit base (name "polkit-duktape") (source (origin (inherit (package-source base)) (patches (append (search-patches "polkit-use-duktape.patch") (origin-patches (package-source base)))))) (arguments (substitute-keyword-arguments (package-arguments base) ((#:configure-flags flags) `(cons "--with-duktape" ,flags)) ((#:phases phases) `(modify-phases ,phases (add-after 'unpack 'force-gnu-build-system-bootstrap (lambda _ (delete-file "configure"))))))) (native-inputs (modify-inputs (package-native-inputs base) (prepend autoconf automake libtool))) (inputs (modify-inputs (package-inputs base) (replace "mozjs" duktape)))))) (define polkit-for-system (mlambda (system) "Return a polkit package that can be built for SYSTEM; that is, either the regular polkit that requires mozjs or its duktape variant." (if (string-prefix? "x86_64" system) polkit-mozjs polkit-duktape))) ;;; Define a top level polkit variable that can be built on any of the ;;; supported platforms. This is to work around the fact that our ;;; mrustc-bootstrapped rust toolchain currently only supports the x86_64 ;;; architecture. (define-syntax polkit (identifier-syntax (polkit-for-system (or (%current-target-system) (%current-system))))) (define-public polkit-qt (package (name "polkit-qt") (version "1-0.114.0") (source (origin (method url-fetch) (uri (string-append "mirror://kde/stable/polkit-qt-1/" "polkit-qt-" version ".tar.xz")) (sha256 (base32 "0zlhwgkqn8g0rkjc7c5n7fbhyyl4jcv0rg5zlbzrb0l88ljg5c1f")))) (build-system cmake-build-system) (inputs (list polkit)) (propagated-inputs (list qtbase-5)) (native-inputs (list pkg-config)) (arguments `(#:configure-flags (list (string-append "-DCMAKE_INSTALL_RPATH=" (assoc-ref %outputs "out") "/lib:" (assoc-ref %outputs "out") "/lib64")) #:tests? #f)) ; there is a test subdirectory, but no test target (home-page "https://api.kde.org/kdesupport-api/polkit-qt-1-apidocs/") (synopsis "Qt frontend to the polkit library") (description "Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. It is mainly a wrapper around QAction and QAbstractButton that lets you integrate those two component easily with PolicyKit.") (license lgpl2.0+))) (define-public polkit-gnome (package (name "polkit-gnome") (version "0.105") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" version "/" name "-" version ".tar.xz")) (sha256 (base32 "0sckmcbxyj6sbrnfc5p5lnw27ccghsid6v6wxq09mgxqcd4lk10p")))) (build-system gnu-build-system) (inputs (list gtk+ polkit)) (native-inputs (list intltool pkg-config)) (synopsis "Legacy polkit authentication agent for GNOME") (description "PolicyKit-gnome provides a D-Bus session bus service that is used to bring up authentication dialogs used for obtaining privileges.") (home-page "https://www.freedesktop.org/wiki/Software/polkit/") (license lgpl2.0+)))