rpms/PackageKit/devel PackageKit-port-to-polkit1.patch, NONE, 1.1 PackageKit.spec, 1.104, 1.105
Richard Hughes
rhughes at fedoraproject.org
Tue Jun 16 11:21:15 UTC 2009
Author: rhughes
Update of /cvs/pkgs/rpms/PackageKit/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19990
Modified Files:
PackageKit.spec
Added Files:
PackageKit-port-to-polkit1.patch
Log Message:
* Tue Jun 16 2009 Richard Hughes <rhughes at redhat.com> - 0.4.9-0.2.20090616git
- Apply a patch to convert to the PolKit1 API.
- Do autoreconf and automake as the polkit patch is pretty invasive
- Fix up file lists with the new polkit action paths
PackageKit-port-to-polkit1.patch:
--- NEW FILE PackageKit-port-to-polkit1.patch ---
diff --git a/configure.ac b/configure.ac
index 47b6e4e..d6364d2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -130,8 +130,7 @@ GIO_REQUIRED=2.16.1
DBUS_REQUIRED=1.1.1
DBUS_GLIB_REQUIRED=0.74
LIBNM_GLIB_REQUIRED=0.6.4
-POLKIT_DBUS_REQUIRED=0.8
-POLKIT_GRANT_REQUIRED=0.8
+POLKIT_GOBJECT_REQUIRED=0.91
QTCORE_REQUIRED=4.4.0
QTDBUS_REQUIRED=4.4.0
QTGUI_REQUIRED=4.4.0
@@ -549,15 +548,9 @@ AC_SUBST(security_framework, "$with_security_framework")
if test x$with_security_framework = xpolkit; then
PKG_CHECK_MODULES(POLKIT, \
- polkit-dbus >= $POLKIT_DBUS_REQUIRED \
- polkit-grant >= $POLKIT_GRANT_REQUIRED)
+ polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED)
AC_SUBST(POLKIT_CFLAGS)
AC_SUBST(POLKIT_LIBS)
- AC_CHECK_PROG([POLKIT_POLICY_FILE_VALIDATE],
- [polkit-policy-file-validate], [polkit-policy-file-validate])
- if test -z "$POLKIT_POLICY_FILE_VALIDATE"; then
- AC_MSG_ERROR([polkit-policy-file-validate not found])
- fi
AC_DEFINE(USE_SECURITY_POLKIT, 1, [if we should use PolicyKit])
elif test x$with_security_framework = xdummy; then
AC_DEFINE(USE_SECURITY_DUMMY, 1, [if we should use a dummy security framework])
diff --git a/lib/packagekit-glib/pk-client.c b/lib/packagekit-glib/pk-client.c
index c9200e9..1461451 100644
--- a/lib/packagekit-glib/pk-client.c
+++ b/lib/packagekit-glib/pk-client.c
@@ -42,10 +42,6 @@
#include <glib/gprintf.h>
#include <dbus/dbus-glib.h>
-#ifdef USE_SECURITY_POLKIT
-#include <polkit-dbus/polkit-dbus.h>
-#endif
-
#include <packagekit-glib/pk-enum.h>
#include <packagekit-glib/pk-bitfield.h>
#include <packagekit-glib/pk-client.h>
@@ -190,131 +186,53 @@ pk_client_error_get_type (void)
* pk_client_error_fixup:
* @error: a %GError
**/
-static gboolean
-pk_client_error_fixup (GError **error)
+static GError *
+pk_client_error_fixup (GError *error_local)
{
+ GError *error;
const gchar *name;
- guint code;
- if (error != NULL && *error != NULL) {
- /* get some proper debugging */
- if ((*error)->domain == DBUS_GERROR &&
- (*error)->code == DBUS_GERROR_REMOTE_EXCEPTION) {
- /* use one of our local codes */
- name = dbus_g_error_get_name (*error);
- code = PK_CLIENT_ERROR_FAILED;
-
- /* trim common prefix */
- if (g_str_has_prefix (name, "org.freedesktop.PackageKit.Transaction."))
- name = &name[39];
-
- /* try to get a better error */
- if (g_str_has_prefix (name, "PermissionDenied") ||
- g_str_has_prefix (name, "RefusedByPolicy"))
- code = PK_CLIENT_ERROR_FAILED_AUTH;
- else if (g_str_has_prefix (name, "PackageIdInvalid") ||
- g_str_has_prefix (name, "SearchInvalid") ||
- g_str_has_prefix (name, "FilterInvalid") ||
- g_str_has_prefix (name, "InvalidProvide") ||
- g_str_has_prefix (name, "InputInvalid"))
- code = PK_CLIENT_ERROR_INVALID_INPUT;
- else if (g_str_has_prefix (name, "PackInvalid") ||
- g_str_has_prefix (name, "NoSuchFile") ||
- g_str_has_prefix (name, "NoSuchDirectory"))
- code = PK_CLIENT_ERROR_INVALID_FILE;
- else if (g_str_has_prefix (name, "NotSupported"))
- code = PK_CLIENT_ERROR_NOT_SUPPORTED;
-
- egg_debug ("fixing up code from %s to %i", name, code);
- (*error)->code = code;
- }
- if (g_str_has_prefix ((*error)->message, "org.freedesktop.packagekit.")) {
- egg_debug ("fixing up code for Policykit auth failure");
- g_error_free (*error);
- *error = g_error_new (PK_CLIENT_ERROR, PK_CLIENT_ERROR_FAILED_AUTH, "PolicyKit authorization failure");
- }
- return TRUE;
- }
- return FALSE;
-}
-
-/**
- * pk_client_error_refused_by_policy:
- * @error: a valid #GError
- *
- * Return value: %TRUE if the error is the PolicyKit "RefusedByPolicy"
- **/
-static gboolean
-pk_client_error_refused_by_policy (GError *error)
-{
- const gchar *error_name;
-
- /* if not set */
- if (error == NULL)
- return FALSE;
-
- /* not a dbus error */
- if (error->code != DBUS_GERROR_REMOTE_EXCEPTION) {
- egg_warning ("not a remote exception: %s", error->message);
- return FALSE;
- }
-
- /* check for specific error */
- error_name = dbus_g_error_get_name (error);
- egg_debug ("ERROR: %s: %s", error_name, error->message);
- if (egg_strequal (error_name, "org.freedesktop.PackageKit.RefusedByPolicy"))
- return TRUE;
- if (egg_strequal (error_name, "org.freedesktop.PackageKit.Transaction.RefusedByPolicy"))
- return TRUE;
- return FALSE;
-}
-
-/**
- * pk_client_error_auth_obtain:
- * @error: the GError with the failure
- *
- * This function is indented to be passed failure messages from dbus methods
- * so that extra auth can be requested.
- *
- * Return value: if we gained the privilege we asked for
- **/
-static gboolean
-pk_client_error_auth_obtain (GError *error)
-{
- gboolean ret = FALSE;
-#ifdef USE_SECURITY_POLKIT
- PolKitAction *action = NULL;
- PolKitResult result;
- gchar *action_id = NULL; /* we don't free this */
- DBusError error2;
- dbus_error_init (&error2);
- g_return_val_if_fail (error != NULL, FALSE);
+ g_return_val_if_fail (error_local != NULL, NULL);
- /* get PolKitAction */
- ret = polkit_dbus_error_parse_from_strings ("org.freedesktop.PolicyKit.Error.NotAuthorized", error->message, &action, &result);
- if (!ret) {
- egg_warning ("Not a polkit auth failure: %s", error->message);
- return FALSE;
+ /* PolicyKit failure */
+ if (g_str_has_prefix (error_local->message, "org.freedesktop.packagekit.")) {
+ egg_debug ("fixing up code for Policykit auth failure");
+ error = g_error_new (PK_CLIENT_ERROR, PK_CLIENT_ERROR_FAILED_AUTH, "PolicyKit authorization failure");
+ goto out;
}
- /* get action_id from PolKitAction */
- ret = polkit_action_get_action_id (action, &action_id);
- if (!ret) {
- egg_warning ("Unable to get an action ID");
- return FALSE;
+ /* new default error with correct domain and code */
+ error = g_error_new (PK_CLIENT_ERROR, PK_CLIENT_ERROR_FAILED, "%s", error_local->message);
+
+ /* get some proper debugging */
+ if (error_local->domain == DBUS_GERROR &&
+ error_local->code == DBUS_GERROR_REMOTE_EXCEPTION) {
+ /* use one of our local codes */
+ name = dbus_g_error_get_name (error_local);
+
+ /* trim common prefix */
+ if (g_str_has_prefix (name, "org.freedesktop.PackageKit.Transaction."))
+ name = &name[39];
+
+ /* try to get a better error */
+ if (g_str_has_prefix (name, "PermissionDenied") ||
+ g_str_has_prefix (name, "RefusedByPolicy"))
+ error->code = PK_CLIENT_ERROR_FAILED_AUTH;
+ else if (g_str_has_prefix (name, "PackageIdInvalid") ||
+ g_str_has_prefix (name, "SearchInvalid") ||
+ g_str_has_prefix (name, "FilterInvalid") ||
+ g_str_has_prefix (name, "InvalidProvide") ||
+ g_str_has_prefix (name, "InputInvalid"))
+ error->code = PK_CLIENT_ERROR_INVALID_INPUT;
+ else if (g_str_has_prefix (name, "PackInvalid") ||
+ g_str_has_prefix (name, "NoSuchFile") ||
+ g_str_has_prefix (name, "NoSuchDirectory"))
+ error->code = PK_CLIENT_ERROR_INVALID_FILE;
+ else if (g_str_has_prefix (name, "NotSupported"))
[...5121 lines suppressed...]
}
- /* check if the action is allowed from this client - if not, set an error */
- ret = pk_transaction_action_is_allowed (transaction, FALSE, PK_ROLE_ENUM_UPDATE_PACKAGES, &error);
- if (!ret) {
- pk_transaction_release_tid (transaction);
- pk_transaction_dbus_return_error (context, error);
- return;
- }
-
/* save so we can run later */
transaction->priv->cached_package_ids = g_strdupv (package_ids);
pk_transaction_set_role (transaction, PK_ROLE_ENUM_UPDATE_PACKAGES);
- /* try to commit this */
- ret = pk_transaction_commit (transaction);
+ /* try to get authorization */
+ ret = pk_transaction_obtain_authorization (transaction, FALSE, PK_ROLE_ENUM_UPDATE_PACKAGES, &error);
if (!ret) {
- error = g_error_new (PK_TRANSACTION_ERROR, PK_TRANSACTION_ERROR_COMMIT_FAILED,
- "Could not commit to a transaction object");
pk_transaction_release_tid (transaction);
pk_transaction_dbus_return_error (context, error);
return;
@@ -3703,14 +3857,6 @@ pk_transaction_update_system (PkTransaction *transaction, DBusGMethodInvocation
return;
}
- /* check if the action is allowed from this client - if not, set an error */
- ret = pk_transaction_action_is_allowed (transaction, FALSE, PK_ROLE_ENUM_UPDATE_SYSTEM, &error);
- if (!ret) {
- pk_transaction_release_tid (transaction);
- pk_transaction_dbus_return_error (context, error);
- return;
- }
-
/* are we already performing an update? */
if (pk_transaction_list_role_present (transaction->priv->transaction_list, PK_ROLE_ENUM_UPDATE_SYSTEM)) {
error = g_error_new (PK_TRANSACTION_ERROR, PK_TRANSACTION_ERROR_TRANSACTION_EXISTS_WITH_ROLE,
@@ -3722,11 +3868,9 @@ pk_transaction_update_system (PkTransaction *transaction, DBusGMethodInvocation
pk_transaction_set_role (transaction, PK_ROLE_ENUM_UPDATE_SYSTEM);
- /* try to commit this */
- ret = pk_transaction_commit (transaction);
+ /* try to get authorization */
+ ret = pk_transaction_obtain_authorization (transaction, FALSE, PK_ROLE_ENUM_UPDATE_SYSTEM, &error);
if (!ret) {
- error = g_error_new (PK_TRANSACTION_ERROR, PK_TRANSACTION_ERROR_COMMIT_FAILED,
- "Could not commit to a transaction object");
pk_transaction_release_tid (transaction);
pk_transaction_dbus_return_error (context, error);
return;
@@ -3943,10 +4087,13 @@ pk_transaction_class_init (PkTransactionClass *klass)
static void
pk_transaction_init (PkTransaction *transaction)
{
+ GError *error = NULL;
+
transaction->priv = PK_TRANSACTION_GET_PRIVATE (transaction);
transaction->priv->finished = FALSE;
transaction->priv->running = FALSE;
transaction->priv->has_been_run = FALSE;
+ transaction->priv->waiting_for_auth = FALSE;
transaction->priv->allow_cancel = TRUE;
transaction->priv->emit_eula_required = FALSE;
transaction->priv->emit_signature_required = FALSE;
@@ -3967,8 +4114,10 @@ pk_transaction_init (PkTransaction *transaction)
transaction->priv->tid = NULL;
transaction->priv->sender = NULL;
transaction->priv->locale = NULL;
- transaction->priv->caller = NULL;
- transaction->priv->uid = PK_SECURITY_UID_INVALID;
+#ifdef USE_SECURITY_POLKIT
+ transaction->priv->subject = NULL;
+#endif
+ transaction->priv->uid = PK_TRANSACTION_UID_INVALID;
transaction->priv->role = PK_ROLE_ENUM_UNKNOWN;
transaction->priv->status = PK_STATUS_ENUM_WAIT;
transaction->priv->percentage = PK_BACKEND_PERCENTAGE_INVALID;
@@ -3976,7 +4125,6 @@ pk_transaction_init (PkTransaction *transaction)
transaction->priv->elapsed = 0;
transaction->priv->remaining = 0;
transaction->priv->backend = pk_backend_new ();
- transaction->priv->security = pk_security_new ();
transaction->priv->cache = pk_cache_new ();
transaction->priv->conf = pk_conf_new ();
transaction->priv->notify = pk_notify_new ();
@@ -3984,6 +4132,10 @@ pk_transaction_init (PkTransaction *transaction)
transaction->priv->package_list = pk_package_list_new ();
transaction->priv->transaction_list = pk_transaction_list_new ();
transaction->priv->syslog = pk_syslog_new ();
+#ifdef USE_SECURITY_POLKIT
+ transaction->priv->authority = polkit_authority_get ();
+ transaction->priv->cancellable = g_cancellable_new ();
+#endif
transaction->priv->post_trans = pk_post_trans_new ();
g_signal_connect (transaction->priv->post_trans, "status-changed",
@@ -3998,6 +4150,17 @@ pk_transaction_init (PkTransaction *transaction)
transaction->priv->monitor = egg_dbus_monitor_new ();
g_signal_connect (transaction->priv->monitor, "connection-changed",
G_CALLBACK (pk_transaction_caller_active_changed_cb), transaction);
+
+ /* connect to DBus so we can get the pid */
+ transaction->priv->connection = dbus_g_bus_get (DBUS_BUS_SYSTEM, NULL);
+ transaction->priv->proxy_pid = dbus_g_proxy_new_for_name_owner (transaction->priv->connection,
+ "org.freedesktop.DBus",
+ "/org/freedesktop/DBus/Bus",
+ "org.freedesktop.DBus", &error);
+ if (transaction->priv->proxy_pid == NULL) {
+ egg_warning ("cannot connect to DBus: %s", error->message);
+ g_error_free (error);
+ }
}
/**
@@ -4015,6 +4178,16 @@ pk_transaction_dispose (GObject *object)
/* remove any inhibit, it's okay to call this function when it's not needed */
pk_inhibit_remove (transaction->priv->inhibit, transaction);
+ /* were we waiting for the client to authorise */
+ if (transaction->priv->waiting_for_auth) {
+#ifdef USE_SECURITY_POLKIT
+ g_cancellable_cancel (transaction->priv->cancellable);
+#endif
+ /* emit an ::ErrorCode() and then ::Finished() */
+ pk_transaction_error_code_emit (transaction, PK_ERROR_ENUM_NOT_AUTHORIZED, "client did not authorize action");
+ pk_transaction_finished_emit (transaction, PK_EXIT_ENUM_FAILED, 0);
+ }
+
/* send signal to clients that we are about to be destroyed */
egg_debug ("emitting destroy %s", transaction->priv->tid);
g_signal_emit (transaction, signals [PK_TRANSACTION_DESTROY], 0);
@@ -4034,6 +4207,11 @@ pk_transaction_finalize (GObject *object)
transaction = PK_TRANSACTION (object);
+#ifdef USE_SECURITY_POLKIT
+ if (transaction->priv->subject != NULL)
+ g_object_unref (transaction->priv->subject);
+#endif
+
g_free (transaction->priv->last_package_id);
g_free (transaction->priv->locale);
g_free (transaction->priv->cached_package_id);
@@ -4056,11 +4234,14 @@ pk_transaction_finalize (GObject *object)
g_object_unref (transaction->priv->package_list);
g_object_unref (transaction->priv->transaction_list);
g_object_unref (transaction->priv->transaction_db);
- g_object_unref (transaction->priv->security);
+ g_object_unref (transaction->priv->proxy_pid);
g_object_unref (transaction->priv->notify);
g_object_unref (transaction->priv->syslog);
g_object_unref (transaction->priv->post_trans);
- pk_security_caller_unref (transaction->priv->caller);
+#ifdef USE_SECURITY_POLKIT
+// g_object_unref (transaction->priv->authority);
+ g_object_unref (transaction->priv->cancellable);
+#endif
G_OBJECT_CLASS (pk_transaction_parent_class)->finalize (object);
}
@@ -4091,6 +4272,9 @@ egg_test_transaction (EggTest *test)
gboolean ret;
const gchar *temp;
GError *error = NULL;
+#ifdef USE_SECURITY_POLKIT
+ const gchar *action;
+#endif
if (!egg_test_start (test, "PkTransaction"))
return;
@@ -4101,6 +4285,26 @@ egg_test_transaction (EggTest *test)
egg_test_assert (test, transaction != NULL);
/************************************************************
+ **************** MAP ROLES ******************
+ ************************************************************/
+#ifdef USE_SECURITY_POLKIT
+ egg_test_title (test, "map valid role to action");
+ action = pk_transaction_role_to_action (FALSE, PK_ROLE_ENUM_UPDATE_PACKAGES);
+ if (egg_strequal (action, "org.freedesktop.packagekit.system-update"))
+ egg_test_success (test, NULL);
+ else
+ egg_test_failed (test, "did not get correct action '%s'", action);
+
+ /************************************************************/
+ egg_test_title (test, "map invalid role to action");
+ action = pk_transaction_role_to_action (FALSE, PK_ROLE_ENUM_SEARCH_NAME);
+ if (action == NULL)
+ egg_test_success (test, NULL);
+ else
+ egg_test_failed (test, "did not get correct action '%s'", action);
+#endif
+
+ /************************************************************
**************** FILTERS ******************
************************************************************/
temp = NULL;
Index: PackageKit.spec
===================================================================
RCS file: /cvs/pkgs/rpms/PackageKit/devel/PackageKit.spec,v
retrieving revision 1.104
retrieving revision 1.105
diff -u -p -r1.104 -r1.105
--- PackageKit.spec 16 Jun 2009 09:52:41 -0000 1.104
+++ PackageKit.spec 16 Jun 2009 11:20:43 -0000 1.105
@@ -1,15 +1,15 @@
-%define glib2_version 2.16.1
-%define dbus_version 1.1.1
-%define dbus_glib_version 0.74
-%define policykit_version 0.8
-%define alphatag 20090616
+%define glib2_version 2.16.1
+%define dbus_version 1.1.1
+%define dbus_glib_version 0.74
+%define polkit_version 0.92
+%define alphatag 20090616
%{!?python_sitelib: %define python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
Summary: Package management service
Name: PackageKit
Version: 0.4.9
-Release: 0.1.%{?alphatag}git%{?dist}
+Release: 0.2.%{?alphatag}git%{?dist}
#Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Libraries
@@ -24,6 +24,9 @@ Patch0: PackageKit-0.3.8-Fedora-Vendo
# Fedora specific: the yum backend doesn't do time estimation correctly
Patch1: PackageKit-0.4.4-Fedora-turn-off-time.conf.patch
+# from upstream polkit1 branch, automatically generated
+Patch2: PackageKit-port-to-polkit1.patch
+
Requires: dbus >= %{dbus_version}
Requires: dbus-glib >= %{dbus_glib_version}
Requires: PackageKit-glib = %{version}-%{release}
@@ -42,7 +45,7 @@ BuildRequires: libX11-devel
BuildRequires: xmlto
BuildRequires: sqlite-devel
BuildRequires: NetworkManager-glib-devel >= %{libnm_glib_version}
-BuildRequires: PolicyKit-devel >= %{policykit_version}
+BuildRequires: polkit-devel >= %{polkit_version}
BuildRequires: libtool
BuildRequires: docbook-utils
BuildRequires: gnome-doc-utils
@@ -61,6 +64,9 @@ BuildRequires: fontconfig-devel
#BuildRequires: gtk-sharp2-devel
#BuildRequires: mono-core
+# low level icky tools (due to polkit1 patch)
+BuildRequires: automake, autoconf, libtool
+
# functionality moved to udev itself
Obsoletes: PackageKit-udev-helper < %{version}-%{release}
Obsoletes: udev-packagekit < %{version}-%{release}
@@ -217,6 +223,11 @@ using PackageKit.
#%setup -q
%patch0 -p1 -b .fedora
%patch1 -p1 -b .no-time
+%patch2 -p1 -b .polkit1
+
+# we messed about with configure.ac and Makefile.am, so regenerate (due to polkit1 patch)
+autoreconf
+automake
%build
%configure --enable-yum --enable-smart --with-default-backend=yum --disable-local --disable-ruck
@@ -289,7 +300,7 @@ update-mime-database %{_datadir}/mime &>
%dir %{_datadir}/PackageKit/icons
%{_datadir}/PackageKit/helpers/test_spawn/*
%{_datadir}/man/man1/*.1.gz
-%{_datadir}/PolicyKit/policy/*.policy
+%{_datadir}/polkit-1/actions/*.policy
%{_datadir}/mime/packages/packagekit-*.xml
%{_datadir}/PackageKit/pk-upgrade-distro.sh
%{_sbindir}/packagekitd
@@ -402,6 +413,11 @@ update-mime-database %{_datadir}/mime &>
%{_includedir}/PackageKit/backend/*.h
%changelog
+* Tue Jun 16 2009 Richard Hughes <rhughes at redhat.com> - 0.4.9-0.2.20090616git
+- Apply a patch to convert to the PolKit1 API.
+- Do autoreconf and automake as the polkit patch is pretty invasive
+- Fix up file lists with the new polkit action paths
+
* Tue Jun 16 2009 Richard Hughes <rhughes at redhat.com> - 0.4.9-0.1.20090616git
- Don't hardcode network access to install or update packages
- Add subclasses to our registered mime-types
More information about the scm-commits
mailing list