Accepting request 1328443 from Base:System

- change to /var/lib/polkit-1 being tmpfiles created (jsc#PED-14794) (forwarded request 1328198 from msmeissn)

OBS-URL: https://build.opensuse.org/request/show/1328443
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/polkit?expand=0&rev=98

127.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9b7bc16f086479dcc626c575976568ba4a85d34297a750d8ab3d2e57f6d8b988
+size 472872

polkit-actions-in-etc.patch

@@ -1,227 +0,0 @@
-diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml
-index 90715a5..10dd217 100644
---- a/docs/man/polkit.xml
-+++ b/docs/man/polkit.xml
-@@ -104,6 +104,7 @@ System Context         |                        |
- +------------------+          |
-           ^                   |
-           |            +--------------------------------------+
-+          |            | /etc/polkit-1/actions/*.policy       |
-           |            | /usr/share/polkit-1/actions/*.policy |
-           |            +--------------------------------------+
-           |
-diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c
-index 3894fe9..17652e6 100644
---- a/src/polkitbackend/polkitbackendactionpool.c
-+++ b/src/polkitbackend/polkitbackendactionpool.c
-@@ -91,8 +91,10 @@ typedef struct
- {
-   /* directory with .policy files, e.g. /usr/share/polkit-1/actions */
-   GFile *directory;
-+  GFile *directory_alt;
- 
-   GFileMonitor *dir_monitor;
-+  GFileMonitor *dir_monitor_alt;
- 
-   /* maps from action_id to a ParsedAction struct */
-   GHashTable *parsed_actions;
-@@ -109,6 +111,8 @@ enum
- {
-   PROP_0,
-   PROP_DIRECTORY,
-+  /* TODO combine into PROP_DIRECTORIES? */
-+  PROP_DIRECTORY_ALT,
- };
- 
- #define POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), POLKIT_BACKEND_TYPE_ACTION_POOL, PolkitBackendActionPoolPrivate))
-@@ -153,9 +157,15 @@ polkit_backend_action_pool_finalize (GObject *object)
-   if (priv->directory != NULL)
-     g_object_unref (priv->directory);
- 
-+  if (priv->directory_alt != NULL)
-+    g_object_unref (priv->directory_alt);
-+
-   if (priv->dir_monitor != NULL)
-     g_object_unref (priv->dir_monitor);
- 
-+  if (priv->dir_monitor_alt != NULL)
-+    g_object_unref (priv->dir_monitor_alt);
-+
-   if (priv->parsed_actions != NULL)
-     g_hash_table_unref (priv->parsed_actions);
- 
-@@ -183,6 +193,10 @@ polkit_backend_action_pool_get_property (GObject     *object,
-       g_value_set_object (value, priv->directory);
-       break;
- 
-+    case PROP_DIRECTORY_ALT:
-+      g_value_set_object (value, priv->directory_alt);
-+      break;
-+
-     default:
-       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
-       break;
-@@ -274,6 +288,28 @@ polkit_backend_action_pool_set_property (GObject       *object,
-         }
-       break;
- 
-+    case PROP_DIRECTORY_ALT:
-+      priv->directory_alt = g_value_dup_object (value);
-+
-+      error = NULL;
-+      priv->dir_monitor_alt = g_file_monitor_directory (priv->directory_alt,
-+                                                    G_FILE_MONITOR_NONE,
-+                                                    NULL,
-+                                                    &error);
-+      if (priv->dir_monitor_alt == NULL)
-+        {
-+          g_warning ("Error monitoring actions alt directory: %s", error->message);
-+          g_error_free (error);
-+        }
-+      else
-+        {
-+          g_signal_connect (priv->dir_monitor_alt,
-+                            "changed",
-+                            (GCallback) dir_monitor_changed,
-+                            pool);
-+        }
-+      break;
-+
-     default:
-       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
-       break;
-@@ -308,6 +344,18 @@ polkit_backend_action_pool_class_init (PolkitBackendActionPoolClass *klass)
-                                                         G_PARAM_STATIC_NICK |
-                                                         G_PARAM_STATIC_BLURB));
- 
-+  g_object_class_install_property (gobject_class,
-+                                   PROP_DIRECTORY_ALT,
-+                                   g_param_spec_object ("directoryalt",
-+                                                        "DirectoryAlt",
-+                                                        "Alternative directory to load action description files from",
-+                                                        G_TYPE_FILE,
-+                                                        G_PARAM_READWRITE |
-+                                                        G_PARAM_CONSTRUCT_ONLY |
-+                                                        G_PARAM_STATIC_NAME |
-+                                                        G_PARAM_STATIC_NICK |
-+                                                        G_PARAM_STATIC_BLURB));
-+
-   /**
-    * PolkitBackendActionPool::changed:
-    * @action_pool: A #PolkitBackendActionPool.
-@@ -334,12 +382,13 @@ polkit_backend_action_pool_class_init (PolkitBackendActionPoolClass *klass)
-  * Returns: A #PolkitBackendActionPool. Free with g_object_unref().
-  **/
- PolkitBackendActionPool *
--polkit_backend_action_pool_new (GFile *directory)
-+polkit_backend_action_pool_new (GFile *directory, GFile *directory_alt)
- {
-   PolkitBackendActionPool *pool;
- 
-   pool = POLKIT_BACKEND_ACTION_POOL (g_object_new (POLKIT_BACKEND_TYPE_ACTION_POOL,
-                                                    "directory", directory,
-+                                                   "directoryalt", directory_alt,
-                                                    NULL));
- 
-   return pool;
-@@ -505,12 +554,14 @@ ensure_all_files (PolkitBackendActionPool *pool)
- {
-   PolkitBackendActionPoolPrivate *priv;
-   GFileEnumerator *e;
-+  GFileEnumerator *e_alt;
-   GFileInfo *file_info;
-   GError *error;
- 
-   priv = POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE (pool);
- 
-   e = NULL;
-+  e_alt = NULL;
- 
-   if (priv->has_loaded_all_files)
-     goto out;
-@@ -548,12 +599,48 @@ ensure_all_files (PolkitBackendActionPool *pool)
- 
-     } /* for all files */
- 
-+  /* TODO priority for files in /etc */
-+
-+  e_alt = g_file_enumerate_children (priv->directory_alt,
-+				     "standard::name",
-+				     G_FILE_QUERY_INFO_NONE,
-+				     NULL,
-+				     &error);
-+  if (error != NULL)
-+    {
-+      g_warning ("Error enumerating files: %s", error->message);
-+      goto out;
-+    }
-+
-+  while ((file_info = g_file_enumerator_next_file (e_alt, NULL, &error)) != NULL)
-+    {
-+      const gchar *name;
-+
-+      name = g_file_info_get_name (file_info);
-+      /* only consider files with the right suffix */
-+      if (g_str_has_suffix (name, ".policy"))
-+        {
-+          GFile *file;
-+
-+          file = g_file_get_child (priv->directory_alt, name);
-+
-+          ensure_file (pool, file);
-+
-+          g_object_unref (file);
-+        }
-+
-+      g_object_unref (file_info);
-+
-+    } /* for all files */
-+
-   priv->has_loaded_all_files = TRUE;
- 
-  out:
- 
-   if (e != NULL)
-     g_object_unref (e);
-+  if (e_alt != NULL)
-+    g_object_unref (e_alt);
- }
- 
- /* ---------------------------------------------------------------------------------------------------- */
-diff --git a/src/polkitbackend/polkitbackendactionpool.h b/src/polkitbackend/polkitbackendactionpool.h
-index e992eea..9ccb526 100644
---- a/src/polkitbackend/polkitbackendactionpool.h
-+++ b/src/polkitbackend/polkitbackendactionpool.h
-@@ -64,7 +64,7 @@ struct _PolkitBackendActionPoolClass
- };
- 
- GType                    polkit_backend_action_pool_get_type         (void) G_GNUC_CONST;
--PolkitBackendActionPool *polkit_backend_action_pool_new              (GFile *directory);
-+PolkitBackendActionPool *polkit_backend_action_pool_new              (GFile *directory, GFile *directory_alt);
- GList                   *polkit_backend_action_pool_get_all_actions  (PolkitBackendActionPool  *pool,
-                                                                       const gchar              *locale);
- 
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 1cfc88e..a975cac 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -292,6 +292,7 @@ polkit_backend_interactive_authority_init (PolkitBackendInteractiveAuthority *au
- {
-   PolkitBackendInteractiveAuthorityPrivate *priv;
-   GFile *directory;
-+  GFile *directory_alt;
-   GError *error;
- 
-   /* Force registering error domain */
-@@ -300,8 +301,10 @@ polkit_backend_interactive_authority_init (PolkitBackendInteractiveAuthority *au
-   priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority);
- 
-   directory = g_file_new_for_path (PACKAGE_DATA_DIR "/polkit-1/actions");
--  priv->action_pool = polkit_backend_action_pool_new (directory);
-+  directory_alt = g_file_new_for_path (PACKAGE_SYSCONF_DIR "/polkit-1/actions");
-+  priv->action_pool = polkit_backend_action_pool_new (directory, directory_alt);
-   g_object_unref (directory);
-+  g_object_unref (directory_alt);
-   g_signal_connect (priv->action_pool,
-                     "changed",
-                     (GCallback) action_pool_changed,

polkit-adjust-libexec-path.patch

@@ -1,17 +1,21 @@
---- a/src/polkitagent/polkitagentsession.c
-+++ b/src/polkitagent/polkitagentsession.c
-@@ -596,7 +596,7 @@ polkit_agent_session_initiate (PolkitAge
-       goto error;
-     }
+Index: polkit-127/src/polkitagent/polkitagentsession.c
+===================================================================
+--- polkit-127.orig/src/polkitagent/polkitagentsession.c
++++ polkit-127/src/polkitagent/polkitagentsession.c
+@@ -640,7 +640,7 @@ polkit_agent_session_initiate (PolkitAge
  
--  helper_argv[0] = PACKAGE_PREFIX "/lib/polkit-1/polkit-agent-helper-1";
-+  helper_argv[0] = PACKAGE_PREFIX "/libexec/polkit-1/polkit-agent-helper-1";
-   helper_argv[1] = passwd->pw_name;
-   helper_argv[2] = NULL;
+   if (session->child_stdout == -1)
+     {
+-      helper_argv[0] = PACKAGE_PREFIX "/lib/polkit-1/polkit-agent-helper-1";
++      helper_argv[0] = PACKAGE_PREFIX "/libexec/polkit-1/polkit-agent-helper-1";
+       helper_argv[1] = passwd->pw_name;
+       helper_argv[2] = NULL;
  
---- a/meson.build
-+++ b/meson.build
-@@ -28,7 +28,7 @@ pk_sysconfdir = get_option('sysconfdir')
+Index: polkit-127/meson.build
+===================================================================
+--- polkit-127.orig/meson.build
++++ polkit-127/meson.build
+@@ -29,7 +29,7 @@ pk_sysconfdir = get_option('sysconfdir')
  pk_pkgdatadir = pk_datadir / pk_api_name
  pk_pkgincludedir = pk_includedir / pk_api_name
  # note that this is always 'lib', not lib64 or lib/x86_64-linux-gnu

polkit-gettext.patch

@@ -17,19 +17,19 @@ translations for the requested language.
  src/polkitbackend/polkitbackendactionpool.c | 17 +++++++++++++++--
  1 file changed, 15 insertions(+), 2 deletions(-)
 
-diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c
-index 3894fe9..9252788 100644
---- a/src/polkitbackend/polkitbackendactionpool.c
-+++ b/src/polkitbackend/polkitbackendactionpool.c
-@@ -24,6 +24,7 @@
+Index: polkit-126/src/polkitbackend/polkitbackendactionpool.c
+===================================================================
+--- polkit-126.orig/src/polkitbackend/polkitbackendactionpool.c
++++ polkit-126/src/polkitbackend/polkitbackendactionpool.c
+@@ -23,6 +23,7 @@
  #include <pwd.h>
  #include <string.h>
  #include <expat.h>
 +#include <locale.h>
  
- #include <polkit/polkit.h>
- #include <polkit/polkitprivate.h>
-@@ -1132,8 +1133,20 @@ _localize (GHashTable *translations,
+ #ifdef ENABLE_GETTEXT
+ #include <locale.h>
+@@ -1232,8 +1233,20 @@ _localize (GHashTable *translations,
    if (result != NULL)
      goto out;
  
@@ -52,6 +52,3 @@ index 3894fe9..9252788 100644
  
  out:
    return result;
--- 
-2.12.2
-

polkit.changes

@@ -1,3 +1,88 @@
+-------------------------------------------------------------------
+Tue Jan 20 08:46:38 UTC 2026 - Marcus Meissner <meissner@suse.com>
+
+- change to /var/lib/polkit-1 being tmpfiles created (jsc#PED-14794)
+
+-------------------------------------------------------------------
+Thu Jan  8 12:28:03 UTC 2026 - Marcus Meissner <meissner@suse.com>
+
+- Updated to version 127:
+  - socket-activated polkit-agent-helper can now run without SETUID (Luca Boccassi)
+  - user id (UID) now accessible to JavaScript rules via subject.uid (Rosentti, Jan Rybar)
+  - INI config file support for polkitd with configurable auth expiration timer (Luca Boccassi)
+  - auth_keep: skip re-authentication if new process shares same UID/parent/cgroup/tty (Luca Boccassi)
+  - CheckAuthorization now returns 'polkit.result' in the details dict (Luca Boccassi)
+  - pkexec: set $SUDO_UID/$SUDO_GID for compatibility with sudo (Lennart Poettering)
+  - pkexec: use realpath when comparing org.freedesktop.policykit.exec.path (Walter Doekes)
+  - memory limits added to systemd unit to mitigate memory leaks (Alexander Meshcheryakov)
+  - new translations: Bulgarian (twlvnn kraftwerk), Occitan (Mejans)
+- systemd-socket-activation.patch: upstream, removed
+- auth_keep.patch: upstream, removed
+- sudo_uid.patch: upstream, removed
+- added polkitd.conf.5 manpage, added polkitd.conf
+
+-------------------------------------------------------------------
+Mon Oct 13 08:31:45 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
+
+- Backport for NoNewPrivs support:
+  - systemd-socket-activation.patch: start agent via socket, no setuid
+- Backport of patches for better run0 usability:
+  - auth_keep.patch: do not ask for reauth if new process shares same UID/parent/cgroup/tty
+  - sudo_uid.patch: also set $SUDO_UID/$SUDO_GID for compat with sudo
+
+-------------------------------------------------------------------
+Tue Sep 16 14:46:00 UTC 2025 - Andreas Schwab <schwab@suse.de>
+
+- Skip tests in qemu emulation
+
+-------------------------------------------------------------------
+Mon Sep 15 09:12:08 UTC 2025 - Marcus Meissner <meissner@suse.com>
+
+- change /etc/polkit-1/rules.d group ownership back to polkitd 
+  (bsc#1249581)
+
+-------------------------------------------------------------------
+Fri Sep 12 07:31:43 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Fix user generation: move sysusers_generate_pre to install
+  section and use the - by then installed - polkit.conf from the
+  sources.
+
+-------------------------------------------------------------------
+Tue Jul 15 14:30:09 UTC 2025 - Marcus Meissner <meissner@suse.com>
+
+- Updated to version 126:
+  + Highlights:
+    - many code fixes detected either by CI or the author himself (Frantisek Sumsal)
+    - shellcheck and dependabot integration (Jan Macku)
+    - search for rules in /usr/local/share rather than /usr/local/lib (Luca Boccassi)
+    - Implement LogControl1 protocol for dynamic log level changes (Luca Boccassi)
+    - read actions also from /etc/, /run/ and /usr/local/share/ (Luca Boccassi)
+    - mozjs dropped in favor of duktape (Xi Ruoyao)
+    - many other fixes in build system and polkit code (Many thanks to all the authors.)
+- Updated to version 125:
+  + Highlights:
+    - introduction of CodeQL and a new integration test suite (Frantisek Sumsal)
+    - dropped mocklibc (Frantisek Sumsal)
+    - syslog-style log-levels introduction (Jan Rybar)
+    - LogControl integration (Luca Boccassi)
+    - pkexec: "No session for cookie" finally fixed (huxiaodong)
+    - resources optimizations: only instances affected by sessions-change recalculate authorizations (Jan Rybar, thanks to Michal Sekletar and Milan Crha)
+    - meson tweaks (Alyssa Ross, Luca Boccassi, Michael Biebl, Michael Olbrich)
+    - build warnings cleanup (peelz)
+    - Packit service configuration for the new upstream platform (Vincent Mihalkovic)
+    - systemd-tmpfiles.d integration (Vincent Mihalkovic)
+    - other fixes and changes (Gleb Popov, heather7283, Tianyu Chen, Tobias Stoeckmann)
+    - internationalization: Slovenian (filmsi), Hindi (Scrambled777)
+- Updated to version 124:
+  + Highlights:
+    - PIDFDs are used if available to track processes
+    - pidfd parameter available for CheckAuthorization()
+    - systemd-sysuser enabled for polkit
+- polkit-actions-in-etc.patch: done upstream in commit 9958c259f82b066f613d171d2934c1bd829e31a4
+- polkit-fix-implicit.patch: not needed anymore
+- revert upstream change to have /etc/polkit-1/rules.d as tempdir
+
 -------------------------------------------------------------------
 Wed Aug 14 12:33:37 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
 
@@ -11,6 +96,11 @@ Fri Jul 12 12:53:13 UTC 2024 - Martin Jambor <mjambor@suse.com>
   work-around an issue in mocklibc (which has been meanwhile removed
   by upstream) with exactly this kind of issue.
 
+-------------------------------------------------------------------
+Tue Jun  4 11:54:16 UTC 2024 - Marcus Meissner <meissner@suse.com>
+
+- polkit-fix-implicit.patch: fixed implicit to make it build with gcc14.
+
 -------------------------------------------------------------------
 Fri Dec  8 22:20:51 UTC 2023 - Tobias Klausmann <tobias.klausmann@freenet.de>
 

polkit.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package polkit
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,17 +18,20 @@
 
 %define _polkit_rulesdir %{_datadir}/polkit-1/rules.d
 %define glib_br_version  2.30.0
+# qemu emulation creates multiple threads, so unshare(CLONE_THREAD) always
+# fails.
+%if !0%{?qemu_user_space_build}
 %define run_tests        1
+%endif
 
 Name:           polkit
-Version:        123
+Version:        127
 Release:        0
 Summary:        PolicyKit Authorization Framework
 License:        LGPL-2.1-or-later
 Group:          System/Libraries
-URL:            https://gitlab.freedesktop.org/polkit/polkit/
-Source0:        %{url}/-/archive/%{version}/%{name}-%{version}.tar.bz2
-Source3:        system-user-polkitd.conf
+URL:            https://github.com/polkit-org/polkit
+Source0:        %{url}/archive/refs/tags/%{version}.tar.gz
 Source4:        50-default.rules
 Source99:       baselibs.conf
 
@@ -44,8 +47,6 @@ Patch1:         polkit-gettext.patch
 Patch3:         polkit-keyinit.patch
 # PATCH-FIX-OPENSUSE polkit-adjust-libexec-path.patch -- Adjust path to polkit-agent-helper-1 (bsc#1180474)
 Patch4:         polkit-adjust-libexec-path.patch
-# Read actions also from /etc/polkit-1/actions
-Patch6:         polkit-actions-in-etc.patch
 
 BuildRequires:  gcc-c++
 BuildRequires:  gettext-devel
@@ -163,7 +164,7 @@ This package provides the GObject Introspection bindings for PolicyKit.
 %global optflags %{optflags} -Wno-error=implicit-function-declaration
 
 %meson                                     \
-    -D session_tracking=libsystemd-login   \
+    -D session_tracking=logind             \
     -D systemdsystemunitdir="%{_unitdir}"  \
     -D os_type=suse                        \
     -D pam_module_dir="%{_pam_moduledir}"  \
@@ -172,10 +173,9 @@ This package provides the GObject Introspection bindings for PolicyKit.
     -D tests=true                          \
     -D gtk_doc=true                        \
     -D man=true                            \
-    -D js_engine=duktape                   \
     %{nil}
+
 %meson_build
-%sysusers_generate_pre %{SOURCE3} polkit system-user-polkitd.conf
 
 %if 0%{?run_tests}
 %check
@@ -197,16 +197,13 @@ This package provides the GObject Introspection bindings for PolicyKit.
 # create $HOME for polkit user
 install -d %{buildroot}%{_localstatedir}/lib/polkit
 
-rm -v %{buildroot}%{_polkit_rulesdir}/50-default.rules
-install -m0644 %{SOURCE4} %{buildroot}%{_polkit_rulesdir}/50-default.rules
-
-# Install the polkitd user creation file:
-mkdir -p %{buildroot}%{_sysusersdir}
-install -m0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/
+install -m0644 %{SOURCE4} %{buildroot}/%{_polkit_rulesdir}/50-default.rules
 
 # create actions dir in /etc
 mkdir %{buildroot}/%{_sysconfdir}/polkit-1/actions
 
+%sysusers_generate_pre %{buildroot}%{_sysusersdir}/polkit.conf polkit polkitd.conf
+
 %pre -f polkit.pre
 %service_add_pre polkit.service
 
@@ -222,6 +219,7 @@ mkdir %{buildroot}/%{_sysconfdir}/polkit-1/actions
 %post
 %set_permissions %{_libexecdir}/polkit-1/polkit-agent-helper-1
 %service_add_post polkit.service
+%tmpfiles_create %{_tmpfilesdir}/polkit-tmpfiles.conf
 
 %verifyscript -n pkexec
 %verify_permissions -e %{_bindir}/pkexec
@@ -251,6 +249,7 @@ mkdir %{buildroot}/%{_sysconfdir}/polkit-1/actions
 %{_mandir}/man1/pkaction.1%{?ext_man}
 %{_mandir}/man1/pkcheck.1%{?ext_man}
 %{_mandir}/man1/pkttyagent.1%{?ext_man}
+%{_mandir}/man5/polkitd.conf.5%{?ext_man}
 %{_mandir}/man8/polkitd.8%{?ext_man}
 %{_mandir}/man8/polkit.8%{?ext_man}
 %dir %{_datadir}/dbus-1
@@ -259,11 +258,13 @@ mkdir %{buildroot}/%{_sysconfdir}/polkit-1/actions
 %dir %{_datadir}/dbus-1/system.d
 %{_datadir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
 %dir %{_datadir}/polkit-1
+%{_datadir}/polkit-1/polkitd.conf
 %{_datadir}/polkit-1/policyconfig-1.dtd
 %dir %{_datadir}/polkit-1/actions
 %{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
 %attr(0555,root,root) %dir %{_polkit_rulesdir}
- %{_polkit_rulesdir}/50-default.rules
+%{_polkit_rulesdir}/50-default.rules
+%{_tmpfilesdir}/polkit-tmpfiles.conf
 %{_pam_vendordir}/polkit-1
 %dir %{_sysconfdir}/polkit-1
 %attr(0750,root,polkitd) %dir %{_sysconfdir}/polkit-1/rules.d
@@ -275,9 +276,11 @@ mkdir %{buildroot}/%{_sysconfdir}/polkit-1/actions
 %{_libexecdir}/polkit-1/polkitd
 %verify(not mode) %attr(4755,root,root) %{_libexecdir}/polkit-1/polkit-agent-helper-1
 # $HOME for polkit user
-%dir %{_localstatedir}/lib/polkit
-%{_sysusersdir}/system-user-polkitd.conf
+#dir %{_localstatedir}/lib/polkit
+%{_sysusersdir}/polkit.conf
 %{_unitdir}/polkit.service
+%{_unitdir}/polkit-agent-helper.socket
+%{_unitdir}/polkit-agent-helper@.service
 
 %files devel
 %{_libdir}/libpolkit-agent-1.so

system-user-polkitd.conf

@@ -1,2 +0,0 @@
-#Type Name    ID GECOS              Home directory  Shell
-u     polkitd -  "User for polkitd" /var/lib/polkit -