From 7dd61b9ccf44a4811ae1257d9ff4fecfd40894bd Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Tue, 13 Apr 2021 16:56:11 +0000 Subject: Revert "Merge branch 'pwithnall/polkit-51-usr-local-share-is-my-homeboy' into 'master'" This reverts merge request !75 --- configure.ac | 11 ++- docs/man/polkit.xml | 23 ++--- docs/polkit-1-diagrams.svg | 108 +++++++++------------ docs/polkit-architecture.png | Bin 73726 -> 63503 bytes meson_post_install.py | 3 +- src/polkitbackend/Makefile.am | 4 - src/polkitbackend/meson.build | 1 - src/polkitbackend/polkitbackendjsauthority.cpp | 5 +- test/data/etc/polkit-1/rules.d/15-testing.rules | 6 -- .../local/share/polkit-1/rules.d/10-testing.rules | 24 ----- .../local/share/polkit-1/rules.d/25-testing.rules | 39 -------- .../usr/share/polkit-1/rules.d/10-testing.rules | 6 -- .../usr/share/polkit-1/rules.d/20-testing.rules | 12 --- test/polkitbackend/test-polkitbackendjsauthority.c | 43 +++----- 14 files changed, 77 insertions(+), 208 deletions(-) delete mode 100644 test/data/usr/local/share/polkit-1/rules.d/10-testing.rules delete mode 100644 test/data/usr/local/share/polkit-1/rules.d/25-testing.rules diff --git a/configure.ac b/configure.ac index e22bf86..4ac2219 100644 --- a/configure.ac +++ b/configure.ac @@ -605,9 +605,10 @@ echo "NOTE: The file ${bindir}/pkexec must be owned by root and" echo " have mode 4755 (setuid root binary)" echo -echo "NOTE: The directories:" -echo " - ${sysconfdir}/polkit-1/rules.d" -echo " - ${prefix}/local/share/polkit-1/rules.d" -echo " - ${datadir}/polkit-1/rules.d" -echo " must be owned by user '$POLKITD_USER' and have mode 700" +echo "NOTE: The directory ${sysconfdir}/polkit-1/rules.d must be owned" +echo " by user '$POLKITD_USER' and have mode 700" +echo + +echo "NOTE: The directory ${datadir}/polkit-1/rules.d must be owned" +echo " by user '$POLKITD_USER' and have mode 700" echo diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml index 8f6a26f..99aa474 100644 --- a/docs/man/polkit.xml +++ b/docs/man/polkit.xml @@ -107,11 +107,10 @@ System Context | | | | /usr/share/polkit-1/actions/*.policy | | +--------------------------------------+ | - +--------------------------------------------+ - | /etc/polkit-1/rules.d/*.rules | - | /usr/local/share/polkit-1/rules.d/*.rules | - | /usr/share/polkit-1/rules.d/*.rules | - +--------------------------------------------+ + +--------------------------------------+ + | /etc/polkit-1/rules.d/*.rules | + | /usr/share/polkit-1/rules.d/*.rules | + +--------------------------------------+ ]]> @@ -474,28 +473,24 @@ System Context | | polkitd reads .rules files from the - /etc/polkit-1/rules.d, - /usr/local/share/polkit-1/rules.d - and /usr/share/polkit-1/rules.d + /etc/polkit-1/rules.d and + /usr/share/polkit-1/rules.d directories by sorting the files in lexical order based on the basename on each file (if there's a tie, files in /etc are processed before files in - /usr/local, which is in turn - processed before /usr). - For example, for the following six + /usr). + For example, for the following four files, the order is /etc/polkit-1/rules.d/10-auth.rules - /usr/local/share/polkit-1/rules.d/10-auth.rules /usr/share/polkit-1/rules.d/10-auth.rules /etc/polkit-1/rules.d/15-auth.rules /usr/share/polkit-1/rules.d/20-auth.rules - /usr/local/share/polkit-1/rules.d/25-others.rules - All three directories are monitored so if a rules file is changed, + Both directories are monitored so if a rules file is changed, added or removed, existing rules are purged and all files are read and processed again. Rules files are written in the JavaScript diff --git a/docs/polkit-1-diagrams.svg b/docs/polkit-1-diagrams.svg index 235e22e..d595ce8 100644 --- a/docs/polkit-1-diagrams.svg +++ b/docs/polkit-1-diagrams.svg @@ -14,7 +14,7 @@ height="1052.3622047" id="svg270" sodipodi:version="0.32" - inkscape:version="0.92.3 (2405546, 2018-03-11)" + inkscape:version="0.48.2 r9819" sodipodi:docname="polkit-1-diagrams.svg" inkscape:output_extension="org.inkscape.output.svg.inkscape" version="1.1"> @@ -562,7 +562,7 @@ x2="196.4196" y1="89.181732" x1="52.07793" - gradientTransform="matrix(1.7257205,0,0,0.71046269,163.79547,451.35903)" + gradientTransform="matrix(1.5328769,0,0,0.51700825,173.82749,458.25449)" gradientUnits="userSpaceOnUse" id="linearGradient4001" xlink:href="#linearGradient3144-1-7-5" @@ -677,13 +677,13 @@ inkscape:pageopacity="0.0" inkscape:pageshadow="2" inkscape:zoom="1.4" - inkscape:cx="251.03118" - inkscape:cy="629.56492" + inkscape:cx="347.45975" + inkscape:cy="686.70778" inkscape:document-units="px" inkscape:current-layer="layer1" showgrid="false" - inkscape:window-width="1920" - inkscape:window-height="1016" + inkscape:window-width="1600" + inkscape:window-height="841" inkscape:window-x="0" inkscape:window-y="27" inkscape:window-maximized="1" /> @@ -695,7 +695,7 @@ image/svg+xml - + @@ -745,7 +745,7 @@ inkscape:export-ydpi="96.720001" /> Subject + style="text-align:center;text-anchor:middle">Subject AuthenticationAgent org.freedesktop.PolicyKit1 Mechanism SystemMessageBus User Session System Context libpolkit-gobject-1 libpolkit-agent-1 /usr/share/polkit-1/actions/*.policy /usr/local/share/polkit-1/rules.d/*.rules + x="362.57547" + y="513.7879" + style="text-align:center;text-anchor:middle" + id="tspan740-0-5">/usr/share/polkit-1/rules.d/*.rules /etc/polkit-1/rules.d/*.rules polkitd(8) - /usr/share/polkit-1/rules.d/*.rules diff --git a/docs/polkit-architecture.png b/docs/polkit-architecture.png index c107922..57e1ba2 100644 Binary files a/docs/polkit-architecture.png and b/docs/polkit-architecture.png differ diff --git a/meson_post_install.py b/meson_post_install.py index 698d1a5..784d491 100644 --- a/meson_post_install.py +++ b/meson_post_install.py @@ -18,8 +18,7 @@ subprocess.check_call(['chmod', '4755', os.path.join(bindir, 'pkexec')]) dst_dirs = [ os.path.join(pkgsysconfdir, 'rules.d'), - os.path.join(pkgdatadir, 'rules.d'), - os.path.join(prefix, 'local', sys.argv[2], 'rules.d') + os.path.join(pkgdatadir, 'rules.d') ] for dst in dst_dirs: diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am index ae01965..7e3c080 100644 --- a/src/polkitbackend/Makefile.am +++ b/src/polkitbackend/Makefile.am @@ -15,7 +15,6 @@ AM_CPPFLAGS = \ -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ - -DPACKAGE_PREFIX=\""$(prefix)"\" \ -D_POSIX_PTHREAD_SEMANTICS \ -D_REENTRANT \ $(NULL) @@ -114,9 +113,6 @@ install-data-hook: mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1/rules.d -chmod 700 $(DESTDIR)$(sysconfdir)/polkit-1/rules.d -chown $(POLKITD_USER) $(DESTDIR)$(sysconfdir)/polkit-1/rules.d - mkdir -p $(DESTDIR)$(prefix)/local/share/polkit-1/rules.d - -chmod 700 $(DESTDIR)$(prefix)/local/share/polkit-1/rules.d - -chown $(POLKITD_USER) $(DESTDIR)$(prefix)/local/share/polkit-1/rules.d mkdir -p $(DESTDIR)$(datadir)/polkit-1/rules.d -chmod 700 $(DESTDIR)$(datadir)/polkit-1/rules.d -chown $(POLKITD_USER) $(DESTDIR)$(datadir)/polkit-1/rules.d diff --git a/src/polkitbackend/meson.build b/src/polkitbackend/meson.build index 65f1910..93c3c34 100644 --- a/src/polkitbackend/meson.build +++ b/src/polkitbackend/meson.build @@ -29,7 +29,6 @@ c_flags = [ '-D_POLKIT_BACKEND_COMPILATION', '-DPACKAGE_DATA_DIR="@0@"'.format(pk_prefix / pk_datadir), '-DPACKAGE_SYSCONF_DIR="@0@"'.format(pk_prefix / pk_sysconfdir), - '-DPACKAGE_PREFIX="@0@"'.format(pk_prefix), ] if enable_logind diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp index ba3983d..ca17108 100644 --- a/src/polkitbackend/polkitbackendjsauthority.cpp +++ b/src/polkitbackend/polkitbackendjsauthority.cpp @@ -535,10 +535,9 @@ polkit_backend_js_authority_constructed (GObject *object) if (authority->priv->rules_dirs == NULL) { - authority->priv->rules_dirs = g_new0 (gchar *, 4); + authority->priv->rules_dirs = g_new0 (gchar *, 3); authority->priv->rules_dirs[0] = g_strdup (PACKAGE_SYSCONF_DIR "/polkit-1/rules.d"); - authority->priv->rules_dirs[1] = g_strdup (PACKAGE_PREFIX "/local/share/polkit-1/rules.d"); - authority->priv->rules_dirs[2] = g_strdup (PACKAGE_DATA_DIR "/polkit-1/rules.d"); + authority->priv->rules_dirs[1] = g_strdup (PACKAGE_DATA_DIR "/polkit-1/rules.d"); } authority->priv->rkt_context = g_main_context_new (); diff --git a/test/data/etc/polkit-1/rules.d/15-testing.rules b/test/data/etc/polkit-1/rules.d/15-testing.rules index b1ae6dd..00e214b 100644 --- a/test/data/etc/polkit-1/rules.d/15-testing.rules +++ b/test/data/etc/polkit-1/rules.d/15-testing.rules @@ -16,12 +16,6 @@ polkit.addRule(function(action, subject) { polkit.addRule(function(action, subject) { if (action.id == "net.company.order2") { - return polkit.Result.NO; // earlier rule should win - } -}); - -polkit.addRule(function(action, subject) { - if (action.id == "net.company.order3") { return polkit.Result.YES; } }); diff --git a/test/data/usr/local/share/polkit-1/rules.d/10-testing.rules b/test/data/usr/local/share/polkit-1/rules.d/10-testing.rules deleted file mode 100644 index cf3cf26..0000000 --- a/test/data/usr/local/share/polkit-1/rules.d/10-testing.rules +++ /dev/null @@ -1,24 +0,0 @@ -/* -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*- */ - -/* see test/polkitbackend/test-polkitbackendjsauthority.c */ - -/* NOTE: this is the /usr/local/share/polkit-1/rules.d version of 10-testing.rules */ - -polkit.addRule(function(action, subject) { - if (action.id == "net.company.order0") { - return polkit.Result.NO; // earlier rule should win - } -}); - -polkit.addRule(function(action, subject) { - if (action.id == "net.company.order1") { - return polkit.Result.NO; // earlier rule should win - } -}); - -polkit.addRule(function(action, subject) { - if (action.id == "net.company.order2") { - return polkit.Result.YES; - } -}); - diff --git a/test/data/usr/local/share/polkit-1/rules.d/25-testing.rules b/test/data/usr/local/share/polkit-1/rules.d/25-testing.rules deleted file mode 100644 index df373b6..0000000 --- a/test/data/usr/local/share/polkit-1/rules.d/25-testing.rules +++ /dev/null @@ -1,39 +0,0 @@ -/* -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*- */ - -/* see test/polkitbackend/test-polkitbackendjsauthority.c */ - -polkit.addRule(function(action, subject) { - if (action.id == "net.company.order0") { - return polkit.Result.NO; // earlier rule should win - } -}); - -polkit.addRule(function(action, subject) { - if (action.id == "net.company.order1") { - return polkit.Result.NO; // earlier rule should win - } -}); - -polkit.addRule(function(action, subject) { - if (action.id == "net.company.order2") { - return polkit.Result.NO; // earlier rule should win - } -}); - -polkit.addRule(function(action, subject) { - if (action.id == "net.company.order3") { - return polkit.Result.NO; // earlier rule should win - } -}); - -polkit.addRule(function(action, subject) { - if (action.id == "net.company.order4") { - return polkit.Result.NO; // earlier rule should win - } -}); - -polkit.addRule(function(action, subject) { - if (action.id == "net.company.order5") { - return polkit.Result.NO; // earlier rule should win - } -}); diff --git a/test/data/usr/share/polkit-1/rules.d/10-testing.rules b/test/data/usr/share/polkit-1/rules.d/10-testing.rules index 5650945..1d553f6 100644 --- a/test/data/usr/share/polkit-1/rules.d/10-testing.rules +++ b/test/data/usr/share/polkit-1/rules.d/10-testing.rules @@ -12,12 +12,6 @@ polkit.addRule(function(action, subject) { polkit.addRule(function(action, subject) { if (action.id == "net.company.order1") { - return polkit.Result.NO; // earlier rule should win - } -}); - -polkit.addRule(function(action, subject) { - if (action.id == "net.company.order2") { return polkit.Result.YES; } }); diff --git a/test/data/usr/share/polkit-1/rules.d/20-testing.rules b/test/data/usr/share/polkit-1/rules.d/20-testing.rules index 802577f..071f135 100644 --- a/test/data/usr/share/polkit-1/rules.d/20-testing.rules +++ b/test/data/usr/share/polkit-1/rules.d/20-testing.rules @@ -19,15 +19,3 @@ polkit.addRule(function(action, subject) { return polkit.Result.NO; // earlier rule should win } }); - -polkit.addRule(function(action, subject) { - if (action.id == "net.company.order3") { - return polkit.Result.NO; // earlier rule should win - } -}); - -polkit.addRule(function(action, subject) { - if (action.id == "net.company.order4") { - return polkit.Result.YES; - } -}); diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c index 240c69c..f97e0e0 100644 --- a/test/polkitbackend/test-polkitbackendjsauthority.c +++ b/test/polkitbackend/test-polkitbackendjsauthority.c @@ -40,13 +40,12 @@ static PolkitBackendJsAuthority *get_authority (void); static PolkitBackendJsAuthority * get_authority (void) { - gchar *rules_dirs[4] = {0}; + gchar *rules_dirs[3] = {0}; PolkitBackendJsAuthority *authority; rules_dirs[0] = polkit_test_get_data_path ("etc/polkit-1/rules.d"); - rules_dirs[1] = polkit_test_get_data_path ("usr/local/share/polkit-1/rules.d"); - rules_dirs[2] = polkit_test_get_data_path ("usr/share/polkit-1/rules.d"); - rules_dirs[3] = NULL; + rules_dirs[1] = polkit_test_get_data_path ("usr/share/polkit-1/rules.d"); + rules_dirs[2] = NULL; g_assert (rules_dirs[0] != NULL); g_assert (rules_dirs[1] != NULL); @@ -183,7 +182,7 @@ static const RulesTestCase rules_test_cases[] = { NULL, POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED, }, - /* actions without explicit rules aren't automatically NOT_AUTHORIZED */ + /* actions without explict rules aren't automatically NOT_AUTHORIZED */ { "basic2", "net.company.productA.action2", @@ -192,20 +191,18 @@ static const RulesTestCase rules_test_cases[] = { POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, }, - /* Ordering tests ... we have six rules files, check they are + /* Ordering tests ... we have four rules files, check they are * evaluated in order by checking the detail set by each rules * - * - etc/polkit-1/rules.d/10-testing.rules (file a) - * - usr/local/share/polkit-1/rules.d/10-testing.rules (file b) - * - usr/share/polkit-1/rules.d/10-testing.rules (file c) - * - etc/polkit-1/rules.d/15-testing.rules (file d) - * - usr/share/polkit-1/rules.d/20-testing.rules (file e) - * - usr/local/share/polkit-1/rules.d/25-testing.rules (file f) + * - etc/polkit-1/rules.d/10-testing.rules (file a) + * - usr/share/polkit-1/rules.d/10-testing.rules (file b) + * - etc/polkit-1/rules.d/15-testing.rules (file c) + * - usr/share/polkit-1/rules.d/20-testing.rules (file d) * * file. */ { - /* defined in file a, b, c, d, e, f - should pick file a */ + /* defined in file a, b, c, d - should pick file a */ "order0", "net.company.order0", "unix-user:root", @@ -213,7 +210,7 @@ static const RulesTestCase rules_test_cases[] = { POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, }, { - /* defined in file b, c, d, e, f - should pick file b */ + /* defined in file b, c, d - should pick file b */ "order1", "net.company.order1", "unix-user:root", @@ -221,29 +218,13 @@ static const RulesTestCase rules_test_cases[] = { POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, }, { - /* defined in file c, d, e, f - should pick file c */ + /* defined in file c, d - should pick file c */ "order2", "net.company.order2", "unix-user:root", NULL, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, }, - { - /* defined in file d, e, f - should pick file d */ - "order3", - "net.company.order3", - "unix-user:root", - NULL, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - }, - { - /* defined in file e, f - should pick file e */ - "order4", - "net.company.order4", - "unix-user:root", - NULL, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - }, /* variables */ { -- cgit v1.2.1