1*4882a593SmuzhiyunFrom 6c8022392713955c5ae0061e22b50a16a1c2252a Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Simon McVittie <smcv@collabora.com> 3*4882a593SmuzhiyunDate: Thu, 15 Jul 2021 12:36:05 +0000 4*4882a593SmuzhiyunSubject: [PATCH] Improve meson_post_install script 5*4882a593Smuzhiyun 6*4882a593Smuzhiyun[Retrieved from: 7*4882a593Smuzhiyunhttps://gitlab.freedesktop.org/polkit/polkit/-/commit/6c8022392713955c5ae0061e22b50a16a1c2252a] 8*4882a593SmuzhiyunSigned-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> 9*4882a593Smuzhiyun--- 10*4882a593Smuzhiyun .gitlab-ci.yml | 3 +-- 11*4882a593Smuzhiyun meson_post_install.py | 58 +++++++++++++++++++++++++++++++++++-------- 12*4882a593Smuzhiyun 2 files changed, 49 insertions(+), 12 deletions(-) 13*4882a593Smuzhiyun 14*4882a593Smuzhiyundiff --git a/.gitlab-ci.yml b/.gitlab-ci.yml 15*4882a593Smuzhiyunindex 8ac3e9f..6d0abb4 100644 16*4882a593Smuzhiyun--- a/.gitlab-ci.yml 17*4882a593Smuzhiyun+++ b/.gitlab-ci.yml 18*4882a593Smuzhiyun@@ -26,8 +26,6 @@ build_stable: 19*4882a593Smuzhiyun before_script: 20*4882a593Smuzhiyun - dnf upgrade -y --nogpgcheck fedora-release fedora-repos* 21*4882a593Smuzhiyun - dnf update -y && dnf install -y $DEPENDENCIES 22*4882a593Smuzhiyun- - getent group polkitd >/dev/null || groupadd -r polkitd 23*4882a593Smuzhiyun- - getent passwd polkitd >/dev/null || useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd 24*4882a593Smuzhiyun 25*4882a593Smuzhiyun script: 26*4882a593Smuzhiyun - meson setup 27*4882a593Smuzhiyun@@ -43,6 +41,7 @@ build_stable: 28*4882a593Smuzhiyun - meson compile -C builddir 29*4882a593Smuzhiyun - meson test -C builddir 30*4882a593Smuzhiyun - meson install -C builddir 31*4882a593Smuzhiyun+ - DESTDIR=$(pwd)/DESTDIR meson install -C builddir 32*4882a593Smuzhiyun artifacts: 33*4882a593Smuzhiyun name: 'test logs' 34*4882a593Smuzhiyun when: 'always' 35*4882a593Smuzhiyundiff --git a/meson_post_install.py b/meson_post_install.py 36*4882a593Smuzhiyunindex 0a0fccf..0ab7469 100644 37*4882a593Smuzhiyun--- a/meson_post_install.py 38*4882a593Smuzhiyun+++ b/meson_post_install.py 39*4882a593Smuzhiyun@@ -1,20 +1,44 @@ 40*4882a593Smuzhiyun #!/usr/bin/env python3 41*4882a593Smuzhiyun 42*4882a593Smuzhiyun-import getpass 43*4882a593Smuzhiyun import os 44*4882a593Smuzhiyun import pwd 45*4882a593Smuzhiyun import sys 46*4882a593Smuzhiyun 47*4882a593Smuzhiyun+destdir = os.environ.get('DESTDIR') 48*4882a593Smuzhiyun prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX'] 49*4882a593Smuzhiyun 50*4882a593Smuzhiyun-bindir = os.path.join(prefix, sys.argv[1]) 51*4882a593Smuzhiyun-pkgdatadir = os.path.join(prefix, sys.argv[2]) 52*4882a593Smuzhiyun-pkglibdir = os.path.join(prefix, sys.argv[3]) 53*4882a593Smuzhiyun-pkgsysconfdir = os.path.join(prefix, sys.argv[4]) 54*4882a593Smuzhiyun+def destdir_path(p): 55*4882a593Smuzhiyun+ if os.path.isabs(p): 56*4882a593Smuzhiyun+ if destdir is None: 57*4882a593Smuzhiyun+ return p 58*4882a593Smuzhiyun+ else: 59*4882a593Smuzhiyun+ return os.path.join(destdir, os.path.relpath(p, '/')) 60*4882a593Smuzhiyun+ else: 61*4882a593Smuzhiyun+ return os.path.join(prefix, p) 62*4882a593Smuzhiyun 63*4882a593Smuzhiyun-polkitd_uid = pwd.getpwnam(sys.argv[5]).pw_uid 64*4882a593Smuzhiyun+bindir = destdir_path(sys.argv[1]) 65*4882a593Smuzhiyun+pkgdatadir = destdir_path(sys.argv[2]) 66*4882a593Smuzhiyun+pkglibdir = destdir_path(sys.argv[3]) 67*4882a593Smuzhiyun+pkgsysconfdir = destdir_path(sys.argv[4]) 68*4882a593Smuzhiyun+polkitd_user = sys.argv[5] 69*4882a593Smuzhiyun 70*4882a593Smuzhiyun-os.chmod(os.path.join(bindir, 'pkexec'), 0o4775) 71*4882a593Smuzhiyun+try: 72*4882a593Smuzhiyun+ polkitd_uid = pwd.getpwnam(polkitd_user).pw_uid 73*4882a593Smuzhiyun+except KeyError: 74*4882a593Smuzhiyun+ polkitd_uid = None 75*4882a593Smuzhiyun+ 76*4882a593Smuzhiyun+dst = os.path.join(bindir, 'pkexec') 77*4882a593Smuzhiyun+ 78*4882a593Smuzhiyun+if os.geteuid() == 0: 79*4882a593Smuzhiyun+ os.chmod(dst, 0o4755) 80*4882a593Smuzhiyun+ os.chown(dst, 0, -1) 81*4882a593Smuzhiyun+else: 82*4882a593Smuzhiyun+ print( 83*4882a593Smuzhiyun+ 'Owner and mode of {} need to be setuid root (04755) after ' 84*4882a593Smuzhiyun+ 'installation'.format( 85*4882a593Smuzhiyun+ dst, 86*4882a593Smuzhiyun+ ) 87*4882a593Smuzhiyun+ ) 88*4882a593Smuzhiyun 89*4882a593Smuzhiyun dst_dirs = [ 90*4882a593Smuzhiyun os.path.join(pkgsysconfdir, 'rules.d'), 91*4882a593Smuzhiyun@@ -24,13 +48,27 @@ dst_dirs = [ 92*4882a593Smuzhiyun for dst in dst_dirs: 93*4882a593Smuzhiyun if not os.path.exists(dst): 94*4882a593Smuzhiyun os.makedirs(dst, mode=0o700) 95*4882a593Smuzhiyun- if getpass.getuser() == "root": 96*4882a593Smuzhiyun+ if os.geteuid() == 0 and polkitd_uid is not None: 97*4882a593Smuzhiyun os.chown(dst, polkitd_uid, -1) 98*4882a593Smuzhiyun+ else: 99*4882a593Smuzhiyun+ print( 100*4882a593Smuzhiyun+ 'Owner of {} needs to be set to {} after installation'.format( 101*4882a593Smuzhiyun+ dst, polkitd_user, 102*4882a593Smuzhiyun+ ) 103*4882a593Smuzhiyun+ ) 104*4882a593Smuzhiyun 105*4882a593Smuzhiyun # polkit-agent-helper-1 need to be setuid root because it's used to 106*4882a593Smuzhiyun # authenticate not only the invoking user, but possibly also root 107*4882a593Smuzhiyun # and/or other users. 108*4882a593Smuzhiyun dst = os.path.join(pkglibdir, 'polkit-agent-helper-1') 109*4882a593Smuzhiyun-os.chmod(dst, 0o4755) 110*4882a593Smuzhiyun-if getpass.getuser() == "root": 111*4882a593Smuzhiyun+ 112*4882a593Smuzhiyun+if os.geteuid() == 0: 113*4882a593Smuzhiyun+ os.chmod(dst, 0o4755) 114*4882a593Smuzhiyun os.chown(dst, 0, -1) 115*4882a593Smuzhiyun+else: 116*4882a593Smuzhiyun+ print( 117*4882a593Smuzhiyun+ 'Owner and mode of {} need to be setuid root (04755) after ' 118*4882a593Smuzhiyun+ 'installation'.format( 119*4882a593Smuzhiyun+ dst, 120*4882a593Smuzhiyun+ ) 121*4882a593Smuzhiyun+ ) 122*4882a593Smuzhiyun-- 123*4882a593SmuzhiyunGitLab 124*4882a593Smuzhiyun 125