GitLab

Signed-off-by: David Zeuthen <zeuthen@gmail.com>

Signed-off-by: David Zeuthen <zeuthen@gmail.com>

A number of downstream distributors have - one way or the other -
requested this feature.
Signed-off-by: David Zeuthen <zeuthen@gmail.com>

As per the intructions in the introspection Makefile, we should have a
line declaring a dependency between the .gir and .la files.

https://bugs.freedesktop.org/show_bug.cgi?id=57077Signed-off-by: David Zeuthen <zeuthen@gmail.com>

Note that otherwise we return a freed server object.  Since later in
polkit_agent_listener_register_with_options we check against NULL to
determine failure, this makes for sad times later when we call
server_free() on it again.

https://bugs.freedesktop.org/show_bug.cgi?id=55776Signed-off-by: David Zeuthen <zeuthen@gmail.com>

For example, this can happen if the wheel group has no members. This
was reported in Red Hat bug 834494, see

 https://bugzilla.redhat.com/show_bug.cgi?id=834494Signed-off-by: David Zeuthen <zeuthen@gmail.com>

Signed-off-by: David Zeuthen <zeuthen@gmail.com>

Signed-off-by: David Zeuthen <zeuthen@gmail.com>

Signed-off-by: David Zeuthen <zeuthen@gmail.com>

This way an authorization rule can do this

 return polkit.Result.YES;

which is slightly nicer than

 return "yes";

https://bugs.freedesktop.org/show_bug.cgi?id=50983Signed-off-by: David Zeuthen <zeuthen@gmail.com>

It doesn't do anything. This was pointed out in

 https://bugs.freedesktop.org/show_bug.cgi?id=51470Signed-off-by: David Zeuthen <zeuthen@gmail.com>

This was reported in https://bugs.freedesktop.org/show_bug.cgi?id=51466Signed-off-by: David Zeuthen <zeuthen@gmail.com>

The code for looking up localized strings for action descriptions
was manually trying to break locale names into pieces, but didn't
get it right for e.g. zh_CN.utf-8. Instead, use the GLib function
g_get_locale_variants(), which handles this (and more). This fixes
the translation problem reported in
https://bugzilla.gnome.org/show_bug.cgi?id=665497Signed-off-by: David Zeuthen <zeuthen@gmail.com>

Now that GDBusProxy does something reasonable for a masked systemd
service, see

 https://bugzilla.gnome.org/show_bug.cgi?id=677718

construction of the PolkitAuthority object does not fail anymore. That
doesn't mean the authority is available, though, so mention that users
should check the result of the CheckAuthorization() call as well. Or
in the case of PolkitAuthority, that the error is not a POLKIT_ERROR.

This is actually a nice feature, it means that if you unmask
polkit.service then mechanisms using PolkitAuthority will start using
it without a restart.
Signed-off-by: David Zeuthen <zeuthen@gmail.com>

Signed-off-by: David Zeuthen <zeuthen@gmail.com>

Signed-off-by: David Zeuthen <zeuthen@gmail.com>

Signed-off-by: David Zeuthen <zeuthen@gmail.com>

Pointed out by Dan Williams <dcbw@redhat.com> on IRC.
Signed-off-by: David Zeuthen <zeuthen@gmail.com>

... although it would be nicer to just rip out the CK bits and simply
hard-require libsystemd-login instead - it should work just fine on
non-systemd systems, same way systemd-udev works fine there.
Signed-off-by: David Zeuthen <zeuthen@gmail.com>

First, we were using == instead of =, as the author probably intended.
But after changing that, we're now assigning to const memory.  Fix
that by writing to a temporary string buffer.
Signed-off-by: David Zeuthen <zeuthen@gmail.com>

A pre-built libtool copy may not be installed on all systems; all
we need is libtoolize.
Signed-off-by: David Zeuthen <zeuthen@gmail.com>

libjs is a Fedora-specific invention; mozjs185.pc lives in the
upstream tarball.
Signed-off-by: David Zeuthen <zeuthen@gmail.com>

... e.g. we reserve the right to switch out the JS engine.
Signed-off-by: David Zeuthen <zeuthen@gmail.com>

Signed-off-by: David Zeuthen <zeuthen@gmail.com>

Signed-off-by: David Zeuthen <zeuthen@gmail.com>

Signed-off-by: David Zeuthen <zeuthen@gmail.com>

Signed-off-by: David Zeuthen <davidz@redhat.com>

Signed-off-by: David Zeuthen <davidz@redhat.com>

There's really no reason to run all this code as uid 0.
Signed-off-by: David Zeuthen <davidz@redhat.com>

Signed-off-by: David Zeuthen <davidz@redhat.com>

Signed-off-by: David Zeuthen <davidz@redhat.com>

Signed-off-by: David Zeuthen <davidz@redhat.com>

... instead of the one I wrote myself.
Signed-off-by: David Zeuthen <davidz@redhat.com>

Signed-off-by: David Zeuthen <davidz@redhat.com>

This also removes the ability to change detail parameters which is
actually a good thing. If we later need a way to change the
authentication message, we can always add something like
polkit.addAuthenticationMessageRule() so the user can register a
function returning a string.
Signed-off-by: David Zeuthen <davidz@redhat.com>

... instead of the unsafe g_thread_yield() busy-wait loop.
Signed-off-by: David Zeuthen <davidz@redhat.com>

Signed-off-by: David Zeuthen <davidz@redhat.com>

Signed-off-by: David Zeuthen <davidz@redhat.com>

... otherwise it things like admin-identities being set to
["unix-group:session"] won't work.
Signed-off-by: David Zeuthen <davidz@redhat.com>

Signed-off-by: David Zeuthen <davidz@redhat.com>