diff --git a/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.2.bb b/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.2.bb index a16a02aa7bd..59ae9383db5 100644 --- a/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.2.bb +++ b/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.2.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" GNOMEBASEBUILDCLASS = "meson" -inherit gnomebase gettext gsettings features_check +inherit gnomebase gettext gsettings features_check useradd REQUIRED_DISTRO_FEATURES = "opengl polkit" @@ -36,5 +36,15 @@ PACKAGECONFIG[vnc] = "-Dvnc=true,-Dvnc=false,libvncserver" PACKAGECONFIG[rdp] = "-Drdp=true,-Drdp=false,freerdp3 fuse3 libxkbcommon" PACKAGECONFIG[systemd] = "-Dsystemd=true,-Dsystemd=false,systemd" +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd" + +do_install:append() { + if [ -d ${D}${datadir}/polkit-1/rules.d ]; then + chmod 700 ${D}${datadir}/polkit-1/rules.d + chown polkitd:root ${D}${datadir}/polkit-1/rules.d + fi +} + PACKAGE_DEBUG_SPLIT_STYLE = "debug-without-src" FILES:${PN} += "${systemd_user_unitdir} ${systemd_system_unitdir} ${datadir} ${libdir}/sysusers.d ${libdir}/tmpfiles.d" diff --git a/meta-gnome/recipes-gnome/gnome-control-center/gnome-control-center_46.2.bb b/meta-gnome/recipes-gnome/gnome-control-center/gnome-control-center_46.2.bb index ae96caf94f2..152e803b5d9 100644 --- a/meta-gnome/recipes-gnome/gnome-control-center/gnome-control-center_46.2.bb +++ b/meta-gnome/recipes-gnome/gnome-control-center/gnome-control-center_46.2.bb @@ -33,7 +33,7 @@ DEPENDS = " \ upower \ " -inherit gtk-icon-cache pkgconfig gnomebase gsettings gettext upstream-version-is-even bash-completion features_check +inherit gtk-icon-cache pkgconfig gnomebase gsettings gettext upstream-version-is-even bash-completion features_check useradd REQUIRED_DISTRO_FEATURES += "opengl polkit pulseaudio systemd x11" @@ -52,6 +52,16 @@ EXTRA_OEMESON += "-Doe_sysroot=${STAGING_DIR_HOST}" export XDG_DATA_DIRS = "${STAGING_DATADIR}" +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd" + +do_install:append() { + if [ -d ${D}${datadir}/polkit-1/rules.d ]; then + chmod 700 ${D}${datadir}/polkit-1/rules.d + chown polkitd:root ${D}${datadir}/polkit-1/rules.d + fi +} + PACKAGE_DEBUG_SPLIT_STYLE = "debug-without-src" FILES:${PN} += " \ diff --git a/meta-gnome/recipes-gnome/gvfs/gvfs_1.54.0.bb b/meta-gnome/recipes-gnome/gvfs/gvfs_1.54.0.bb index 6549b1900f7..01cdb4eef59 100644 --- a/meta-gnome/recipes-gnome/gvfs/gvfs_1.54.0.bb +++ b/meta-gnome/recipes-gnome/gvfs/gvfs_1.54.0.bb @@ -2,7 +2,7 @@ DESCRIPTION = "gvfs is a userspace virtual filesystem" LICENSE = "LGPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=05df38dd77c35ec8431f212410a3329e" -inherit gnomebase gsettings bash-completion gettext upstream-version-is-even features_check +inherit gnomebase gsettings bash-completion gettext upstream-version-is-even features_check useradd DEPENDS += "\ dbus \ @@ -77,7 +77,16 @@ PACKAGECONFIG[fuse] = "-Dfuse=true, -Dfuse=false, fuse3" # libcdio-paranoia recipe doesn't exist yet PACKAGECONFIG[cdda] = "-Dcdda=true, -Dcdda=false, libcdio-paranoia" +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd" + do_install:append() { + if ${@bb.utils.contains('DISTRO_FEATURES', 'polkit', 'true', 'false', d)}; then + # Fix up permissions on polkit rules.d to work with rpm4 constraints + chmod 700 ${D}${datadir}/polkit-1/rules.d + chown polkitd:root ${D}${datadir}/polkit-1/rules.d + fi + # After rebuilds (not from scracth) it can happen that the executables in # libexec ar missing executable permission flag. Not sure but it came up # during transition to meson. Looked into build files and logs but could diff --git a/meta-networking/recipes-connectivity/blueman/blueman_2.4.3.bb b/meta-networking/recipes-connectivity/blueman/blueman_2.4.3.bb index e7f0987e0fc..42e20cc9ed0 100644 --- a/meta-networking/recipes-connectivity/blueman/blueman_2.4.3.bb +++ b/meta-networking/recipes-connectivity/blueman/blueman_2.4.3.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" DEPENDS = "gtk+3 glib-2.0 bluez5 python3-pygobject python3-cython-native" -inherit meson gettext systemd gsettings pkgconfig python3native gtk-icon-cache features_check python3targetconfig +inherit meson gettext systemd gsettings pkgconfig python3native gtk-icon-cache useradd features_check python3targetconfig REQUIRED_DISTRO_FEATURES = "gobject-introspection-data" @@ -60,3 +60,12 @@ do_install:append() { ${D}${bindir}/blueman-services \ ${D}${bindir}/blueman-tray } + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 --shell /bin/nologin polkitd" + +do_install:append() { + # Fix up permissions on polkit rules.d to work with rpm4 constraints + chmod 700 ${D}/${datadir}/polkit-1/rules.d + chown polkitd:root ${D}/${datadir}/polkit-1/rules.d +} diff --git a/meta-oe/recipes-bsp/fwupd/fwupd_1.9.24.bb b/meta-oe/recipes-bsp/fwupd/fwupd_1.9.24.bb index 15cde9f1009..8b66084b776 100644 --- a/meta-oe/recipes-bsp/fwupd/fwupd_1.9.24.bb +++ b/meta-oe/recipes-bsp/fwupd/fwupd_1.9.24.bb @@ -14,7 +14,7 @@ UPSTREAM_CHECK_REGEX = "(?P\d+(\.\d+)+)" # Machine-specific as we examine MACHINE_FEATURES to decide whether to build the UEFI plugins PACKAGE_ARCH = "${MACHINE_ARCH}" -inherit meson vala gobject-introspection systemd bash-completion pkgconfig gi-docgen ptest manpages +inherit meson vala gobject-introspection systemd bash-completion pkgconfig gi-docgen ptest manpages useradd GIDOCGEN_MESON_OPTION = 'docs' GIDOCGEN_MESON_ENABLE_FLAG = 'enabled' @@ -116,6 +116,17 @@ DISABLE_NON_X86:x86 = "" DISABLE_NON_X86:x86-64 = "" PACKAGECONFIG:remove = "${DISABLE_NON_X86}" +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 --shell /bin/nologin polkitd" + +do_install:append() { + if ${@bb.utils.contains('PACKAGECONFIG', 'polkit', 'true', 'false', d)}; then + #Fix up permissions on polkit rules.d to work with rpm4 constraints + chmod 700 ${D}/${datadir}/polkit-1/rules.d + chown polkitd:root ${D}/${datadir}/polkit-1/rules.d + fi +} + FILES:${PN} += "${libdir}/fwupd-plugins-* \ ${libdir}/fwupd-${PV} \ ${systemd_unitdir} \ diff --git a/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb b/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb index c9d04e92619..cf512c7cc6a 100644 --- a/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb +++ b/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb @@ -12,7 +12,7 @@ SRCREV = "8b4f523c4f8287d57f1a84a3a8216efe200c5fbf" S = "${WORKDIR}/git" -inherit meson pkgconfig gettext systemd gtk-doc gobject-introspection python3native mime features_check +inherit meson pkgconfig gettext systemd gtk-doc gobject-introspection python3native useradd mime features_check REQUIRED_DISTRO_FEATURES = "polkit" @@ -76,3 +76,12 @@ EXTRA_OEMESON = " \ " FILES:${PN} += "${libdir} ${datadir}" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd" + +do_install:append() { + chmod 0700 ${D}/${datadir}/polkit-1/rules.d + chown polkitd ${D}/${datadir}/polkit-1/rules.d + chgrp root ${D}/${datadir}/polkit-1/rules.d +} diff --git a/meta-oe/recipes-gnome/malcontent/malcontent.bb b/meta-oe/recipes-gnome/malcontent/malcontent.bb index b30d85080b9..c4bc50fa8e5 100644 --- a/meta-oe/recipes-gnome/malcontent/malcontent.bb +++ b/meta-oe/recipes-gnome/malcontent/malcontent.bb @@ -17,7 +17,7 @@ DEPENDS = " \ GIR_MESON_OPTION = "" -inherit meson pkgconfig gobject-introspection gettext features_check +inherit meson pkgconfig gobject-introspection gettext features_check useradd REQUIRED_DISTRO_FEATURES = "pam polkit gobject-introspection" @@ -26,6 +26,15 @@ PACKAGECONFIG[ui] = ",,,malcontent-ui" EXTRA_OEMESON = "-Dui=disabled" +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 --shell /bin/nologin polkitd" + +do_install:append() { + # Fix up permissions on polkit rules.d to work with rpm4 constraints + chmod 700 ${D}/${datadir}/polkit-1/rules.d + chown polkitd:root ${D}/${datadir}/polkit-1/rules.d +} + FILES:${PN} += " \ ${libdir}/security/pam_malcontent.so \ ${datadir}/accountsservice \ diff --git a/meta-oe/recipes-navigation/geoclue/geoclue_2.7.1.bb b/meta-oe/recipes-navigation/geoclue/geoclue_2.7.1.bb index 5d247fb9c26..9fcd1e6f1e0 100644 --- a/meta-oe/recipes-navigation/geoclue/geoclue_2.7.1.bb +++ b/meta-oe/recipes-navigation/geoclue/geoclue_2.7.1.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=bdfdd4986a0853eb84eeba85f9d0c4d6" DEPENDS = "glib-2.0 dbus json-glib libsoup-3.0 intltool-native" -inherit meson pkgconfig gtk-doc gobject-introspection vala +inherit meson pkgconfig gtk-doc gobject-introspection vala useradd SRCREV = "8a24f60969d4c235d9918796c38a6a9c42e10131" SRC_URI = "git://gitlab.freedesktop.org/geoclue/geoclue.git;protocol=https;branch=master \ @@ -36,6 +36,17 @@ EXTRA_OEMESON += " \ -Ddbus-sys-dir=${sysconfdir}/dbus-1/system.d \ " +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 --shell /bin/nologin polkitd" + +do_install:append() { + if ${@bb.utils.contains('PACKAGECONFIG', 'modem-gps', 'true', 'false', d)}; then + # Fix up permissions on polkit rules.d to work with rpm4 constraints + chmod 700 ${D}/${datadir}/polkit-1/rules.d + chown polkitd:root ${D}/${datadir}/polkit-1/rules.d + fi +} + FILES:${PN} += " \ ${datadir}/dbus-1/system-services \ ${datadir}/polkit-1/rules.d \