diff --git a/pkexec.patch b/pkexec.patch new file mode 100644 index 0000000..b59ba87 --- /dev/null +++ b/pkexec.patch @@ -0,0 +1,68 @@ +From: Andreas Schwab +Subject: pkexec: allow --version and --help even if not setuid + +Don't check for setuid invocation until after parsing command line, to allow +running uninstalled pkexec with --help or --version. This also helps +building packages that want to check for pkexec in an emulated environment +that does not support setuid invocation (eg. QEMU linux-user). + +Index: polkit-0.113/src/programs/pkexec.c +=================================================================== +--- polkit-0.113.orig/src/programs/pkexec.c ++++ polkit-0.113/src/programs/pkexec.c +@@ -503,27 +503,6 @@ main (int argc, char *argv[]) + opt_user = NULL; + local_agent_handle = NULL; + +- /* check for correct invocation */ +- if (geteuid () != 0) +- { +- g_printerr ("pkexec must be setuid root\n"); +- goto out; +- } +- +- original_user_name = g_strdup (g_get_user_name ()); +- if (original_user_name == NULL) +- { +- g_printerr ("Error getting user name.\n"); +- goto out; +- } +- +- if ((original_cwd = g_get_current_dir ()) == NULL) +- { +- g_printerr ("Error getting cwd: %s\n", +- g_strerror (errno)); +- goto out; +- } +- + /* First process options and find the command-line to invoke. Avoid using fancy library routines + * that depend on environtment variables since we haven't cleared the environment just yet. + */ +@@ -579,6 +558,27 @@ main (int argc, char *argv[]) + goto out; + } + ++ /* check for correct invocation */ ++ if (geteuid () != 0) ++ { ++ g_printerr ("pkexec must be setuid root\n"); ++ goto out; ++ } ++ ++ original_user_name = g_strdup (g_get_user_name ()); ++ if (original_user_name == NULL) ++ { ++ g_printerr ("Error getting user name.\n"); ++ goto out; ++ } ++ ++ if ((original_cwd = g_get_current_dir ()) == NULL) ++ { ++ g_printerr ("Error getting cwd: %s\n", ++ g_strerror (errno)); ++ goto out; ++ } ++ + if (opt_user == NULL) + opt_user = g_strdup ("root"); + diff --git a/polkit.changes b/polkit.changes index 6d665c7..700421a 100644 --- a/polkit.changes +++ b/polkit.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Mar 1 11:23:00 UTC 2018 - schwab@suse.de + +- pkexec.patch: pkexec: allow --version and --help even if not setuid + ------------------------------------------------------------------- Wed Feb 28 16:38:33 UTC 2018 - dimstar@opensuse.org diff --git a/polkit.spec b/polkit.spec index 80df1e2..cbc507c 100644 --- a/polkit.spec +++ b/polkit.spec @@ -38,6 +38,8 @@ Patch2: polkit-revert-session-magic.patch Patch3: polkit-gettext.patch # PATCH-FEATURE-UPSTREAM polkit-itstools.patch dimstar@opensuse.org -- Add gettext support for .policy files, taken from git Patch4: polkit-itstools.patch +# PATCH-FIX-UPSTREAM pkexec.patch schwab@suse.de -- pkexec: allow --version and --help even if not setuid +Patch5: pkexec.patch # needed for patch1 BuildRequires: autoconf # needed for patch1 @@ -136,6 +138,7 @@ This package provides the GObject Introspection bindings for PolicyKit. %patch2 -p1 -R %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build export V=1