diff --git a/buildroot-external/Config.in b/buildroot-external/Config.in index a8b7923f6..e41683a30 100644 --- a/buildroot-external/Config.in +++ b/buildroot-external/Config.in @@ -7,3 +7,4 @@ source "$BR2_EXTERNAL_HASSOS_PATH/package/intel-e1000e/Config.in" source "$BR2_EXTERNAL_HASSOS_PATH/package/rpi-eeprom/Config.in" source "$BR2_EXTERNAL_HASSOS_PATH/package/rtl8812au/Config.in" source "$BR2_EXTERNAL_HASSOS_PATH/package/os-agent/Config.in" +source "$BR2_EXTERNAL_HASSOS_PATH/package/udisks2/Config.in" diff --git a/buildroot-external/configs/generic_x86_64_defconfig b/buildroot-external/configs/generic_x86_64_defconfig index a70b2a20a..3c7681950 100644 --- a/buildroot-external/configs/generic_x86_64_defconfig +++ b/buildroot-external/configs/generic_x86_64_defconfig @@ -36,6 +36,8 @@ BR2_PACKAGE_JQ=y BR2_PACKAGE_E2FSPROGS=y BR2_PACKAGE_E2FSPROGS_E2IMAGE=y BR2_PACKAGE_SQUASHFS=y +BR2_PACKAGE_OS_AGENT=y +BR2_PACKAGE_UDISKS2=y BR2_PACKAGE_LINUX_FIRMWARE=y BR2_PACKAGE_LINUX_FIRMWARE_IBT=y BR2_PACKAGE_LINUX_FIRMWARE_IWLWIFI_3160=y diff --git a/buildroot-external/configs/odroid_c2_defconfig b/buildroot-external/configs/odroid_c2_defconfig index 25f9afdd9..d808a6d39 100644 --- a/buildroot-external/configs/odroid_c2_defconfig +++ b/buildroot-external/configs/odroid_c2_defconfig @@ -38,6 +38,8 @@ BR2_PACKAGE_JQ=y BR2_PACKAGE_E2FSPROGS=y BR2_PACKAGE_E2FSPROGS_E2IMAGE=y BR2_PACKAGE_SQUASHFS=y +BR2_PACKAGE_OS_AGENT=y +BR2_PACKAGE_UDISKS2=y BR2_PACKAGE_LINUX_FIRMWARE=y BR2_PACKAGE_LINUX_FIRMWARE_RALINK_RT2XX=y BR2_PACKAGE_LINUX_FIRMWARE_RTL_87XX_BT=y diff --git a/buildroot-external/configs/odroid_c4_defconfig b/buildroot-external/configs/odroid_c4_defconfig index 3549033e0..123b35bd6 100644 --- a/buildroot-external/configs/odroid_c4_defconfig +++ b/buildroot-external/configs/odroid_c4_defconfig @@ -38,6 +38,8 @@ BR2_PACKAGE_JQ=y BR2_PACKAGE_E2FSPROGS=y BR2_PACKAGE_E2FSPROGS_E2IMAGE=y BR2_PACKAGE_SQUASHFS=y +BR2_PACKAGE_OS_AGENT=y +BR2_PACKAGE_UDISKS2=y BR2_PACKAGE_LINUX_FIRMWARE=y BR2_PACKAGE_LINUX_FIRMWARE_RALINK_RT2XX=y BR2_PACKAGE_LINUX_FIRMWARE_RTL_87XX_BT=y diff --git a/buildroot-external/configs/odroid_n2_defconfig b/buildroot-external/configs/odroid_n2_defconfig index f84a1e8f7..2d34def64 100644 --- a/buildroot-external/configs/odroid_n2_defconfig +++ b/buildroot-external/configs/odroid_n2_defconfig @@ -38,6 +38,8 @@ BR2_PACKAGE_JQ=y BR2_PACKAGE_E2FSPROGS=y BR2_PACKAGE_E2FSPROGS_E2IMAGE=y BR2_PACKAGE_SQUASHFS=y +BR2_PACKAGE_OS_AGENT=y +BR2_PACKAGE_UDISKS2=y BR2_PACKAGE_LINUX_FIRMWARE=y BR2_PACKAGE_LINUX_FIRMWARE_RALINK_RT2XX=y BR2_PACKAGE_LINUX_FIRMWARE_RTL_87XX_BT=y diff --git a/buildroot-external/configs/odroid_xu4_defconfig b/buildroot-external/configs/odroid_xu4_defconfig index 93d8e1301..33c13f6f1 100644 --- a/buildroot-external/configs/odroid_xu4_defconfig +++ b/buildroot-external/configs/odroid_xu4_defconfig @@ -38,6 +38,8 @@ BR2_PACKAGE_JQ=y BR2_PACKAGE_E2FSPROGS=y BR2_PACKAGE_E2FSPROGS_E2IMAGE=y BR2_PACKAGE_SQUASHFS=y +BR2_PACKAGE_OS_AGENT=y +BR2_PACKAGE_UDISKS2=y BR2_PACKAGE_LINUX_FIRMWARE=y BR2_PACKAGE_LINUX_FIRMWARE_MFC_V8=y BR2_PACKAGE_LINUX_FIRMWARE_RALINK_RT2XX=y diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 0a6a8bcd0..da3818042 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -37,6 +37,8 @@ BR2_PACKAGE_JQ=y BR2_PACKAGE_E2FSPROGS=y BR2_PACKAGE_E2FSPROGS_E2IMAGE=y BR2_PACKAGE_SQUASHFS=y +BR2_PACKAGE_OS_AGENT=y +BR2_PACKAGE_UDISKS2=y BR2_PACKAGE_LINUX_FIRMWARE=y BR2_PACKAGE_LINUX_FIRMWARE_IBT=y BR2_PACKAGE_LINUX_FIRMWARE_IWLWIFI_3160=y diff --git a/buildroot-external/configs/rpi0_w_defconfig b/buildroot-external/configs/rpi0_w_defconfig index 45906eac6..615a041f5 100644 --- a/buildroot-external/configs/rpi0_w_defconfig +++ b/buildroot-external/configs/rpi0_w_defconfig @@ -39,6 +39,8 @@ BR2_PACKAGE_JQ=y BR2_PACKAGE_E2FSPROGS=y BR2_PACKAGE_E2FSPROGS_E2IMAGE=y BR2_PACKAGE_SQUASHFS=y +BR2_PACKAGE_OS_AGENT=y +BR2_PACKAGE_UDISKS2=y BR2_PACKAGE_LINUX_FIRMWARE=y BR2_PACKAGE_LINUX_FIRMWARE_USB_SERIAL_TI=y BR2_PACKAGE_RPI_WIFI_FIRMWARE=y diff --git a/buildroot-external/configs/rpi2_defconfig b/buildroot-external/configs/rpi2_defconfig index a2296f940..791c6571f 100644 --- a/buildroot-external/configs/rpi2_defconfig +++ b/buildroot-external/configs/rpi2_defconfig @@ -39,6 +39,8 @@ BR2_PACKAGE_JQ=y BR2_PACKAGE_E2FSPROGS=y BR2_PACKAGE_E2FSPROGS_E2IMAGE=y BR2_PACKAGE_SQUASHFS=y +BR2_PACKAGE_OS_AGENT=y +BR2_PACKAGE_UDISKS2=y BR2_PACKAGE_LINUX_FIRMWARE=y BR2_PACKAGE_LINUX_FIRMWARE_RALINK_RT2XX=y BR2_PACKAGE_LINUX_FIRMWARE_RTL_87XX_BT=y diff --git a/buildroot-external/configs/rpi3_64_defconfig b/buildroot-external/configs/rpi3_64_defconfig index 6aae2409a..5d7f8b080 100644 --- a/buildroot-external/configs/rpi3_64_defconfig +++ b/buildroot-external/configs/rpi3_64_defconfig @@ -39,6 +39,8 @@ BR2_PACKAGE_JQ=y BR2_PACKAGE_E2FSPROGS=y BR2_PACKAGE_E2FSPROGS_E2IMAGE=y BR2_PACKAGE_SQUASHFS=y +BR2_PACKAGE_OS_AGENT=y +BR2_PACKAGE_UDISKS2=y BR2_PACKAGE_LINUX_FIRMWARE=y BR2_PACKAGE_LINUX_FIRMWARE_USB_SERIAL_TI=y BR2_PACKAGE_RPI_FIRMWARE=y diff --git a/buildroot-external/configs/rpi3_defconfig b/buildroot-external/configs/rpi3_defconfig index a264221ba..0d931f3f5 100644 --- a/buildroot-external/configs/rpi3_defconfig +++ b/buildroot-external/configs/rpi3_defconfig @@ -39,6 +39,8 @@ BR2_PACKAGE_JQ=y BR2_PACKAGE_E2FSPROGS=y BR2_PACKAGE_E2FSPROGS_E2IMAGE=y BR2_PACKAGE_SQUASHFS=y +BR2_PACKAGE_OS_AGENT=y +BR2_PACKAGE_UDISKS2=y BR2_PACKAGE_LINUX_FIRMWARE=y BR2_PACKAGE_LINUX_FIRMWARE_USB_SERIAL_TI=y BR2_PACKAGE_RPI_FIRMWARE=y diff --git a/buildroot-external/configs/rpi4_64_defconfig b/buildroot-external/configs/rpi4_64_defconfig index c98288a7f..228f4f119 100644 --- a/buildroot-external/configs/rpi4_64_defconfig +++ b/buildroot-external/configs/rpi4_64_defconfig @@ -40,6 +40,7 @@ BR2_PACKAGE_E2FSPROGS=y BR2_PACKAGE_E2FSPROGS_E2IMAGE=y BR2_PACKAGE_SQUASHFS=y BR2_PACKAGE_OS_AGENT=y +BR2_PACKAGE_UDISKS2=y BR2_PACKAGE_LINUX_FIRMWARE=y BR2_PACKAGE_LINUX_FIRMWARE_USB_SERIAL_TI=y BR2_PACKAGE_RPI_FIRMWARE=y diff --git a/buildroot-external/configs/rpi4_defconfig b/buildroot-external/configs/rpi4_defconfig index 5f68d7c98..3e867ebd7 100644 --- a/buildroot-external/configs/rpi4_defconfig +++ b/buildroot-external/configs/rpi4_defconfig @@ -39,6 +39,8 @@ BR2_PACKAGE_JQ=y BR2_PACKAGE_E2FSPROGS=y BR2_PACKAGE_E2FSPROGS_E2IMAGE=y BR2_PACKAGE_SQUASHFS=y +BR2_PACKAGE_OS_AGENT=y +BR2_PACKAGE_UDISKS2=y BR2_PACKAGE_LINUX_FIRMWARE=y BR2_PACKAGE_LINUX_FIRMWARE_USB_SERIAL_TI=y BR2_PACKAGE_RPI_FIRMWARE=y diff --git a/buildroot-external/configs/rpi_defconfig b/buildroot-external/configs/rpi_defconfig index 166049d90..9389f67d7 100644 --- a/buildroot-external/configs/rpi_defconfig +++ b/buildroot-external/configs/rpi_defconfig @@ -39,6 +39,8 @@ BR2_PACKAGE_JQ=y BR2_PACKAGE_E2FSPROGS=y BR2_PACKAGE_E2FSPROGS_E2IMAGE=y BR2_PACKAGE_SQUASHFS=y +BR2_PACKAGE_OS_AGENT=y +BR2_PACKAGE_UDISKS2=y BR2_PACKAGE_LINUX_FIRMWARE=y BR2_PACKAGE_LINUX_FIRMWARE_RALINK_RT2XX=y BR2_PACKAGE_LINUX_FIRMWARE_RTL_87XX_BT=y diff --git a/buildroot-external/configs/tinker_defconfig b/buildroot-external/configs/tinker_defconfig index a85be1630..0029e710b 100644 --- a/buildroot-external/configs/tinker_defconfig +++ b/buildroot-external/configs/tinker_defconfig @@ -40,6 +40,8 @@ BR2_PACKAGE_JQ=y BR2_PACKAGE_E2FSPROGS=y BR2_PACKAGE_E2FSPROGS_E2IMAGE=y BR2_PACKAGE_SQUASHFS=y +BR2_PACKAGE_OS_AGENT=y +BR2_PACKAGE_UDISKS2=y BR2_PACKAGE_LINUX_FIRMWARE=y BR2_PACKAGE_LINUX_FIRMWARE_RTL_87XX=y BR2_PACKAGE_LINUX_FIRMWARE_USB_SERIAL_TI=y diff --git a/buildroot-external/package/os-agent/os-agent.mk b/buildroot-external/package/os-agent/os-agent.mk index be0e0e32a..e56e87909 100644 --- a/buildroot-external/package/os-agent/os-agent.mk +++ b/buildroot-external/package/os-agent/os-agent.mk @@ -4,7 +4,7 @@ # ################################################################################ -OS_AGENT_VERSION = 0cb548c6acfb7e0a9542e6c85ffbce626af04cce +OS_AGENT_VERSION = 7bff7f5cd223ad439b738cea513cb558a18155c9 OS_AGENT_SITE = $(call github,home-assistant,os-agent,$(OS_AGENT_VERSION)) OS_AGENT_LICENSE = Apache License 2.0 OS_AGENT_LICENSE_FILES = LICENSE diff --git a/buildroot-external/package/udisks2/0001-Isolate-authorization-specific-functions-into-new-co.patch b/buildroot-external/package/udisks2/0001-Isolate-authorization-specific-functions-into-new-co.patch new file mode 100644 index 000000000..88fad4342 --- /dev/null +++ b/buildroot-external/package/udisks2/0001-Isolate-authorization-specific-functions-into-new-co.patch @@ -0,0 +1,1089 @@ +From abcac570bfe1db867fda504942e6c782ada2aa00 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Stefan Agner +Date: Sat, 13 Mar 2021 14:39:31 +0100 +Subject: [PATCH 1/3] Isolate authorization specific functions into new compile + unit + +Introduce udisksauthorization.c for authorization related functionality. +This allows to make polkit optional much easier. +--- + src/Makefile.am | 1 + + src/udisksauthorization.c | 382 ++++++++++++++++++++++++++++++++ + src/udisksauthorization.h | 63 ++++++ + src/udisksbasejob.c | 1 + + src/udisksdaemon.h | 1 + + src/udisksdaemontypes.h | 1 - + src/udisksdaemonutil.c | 356 ----------------------------- + src/udisksdaemonutil.h | 31 --- + src/udiskslinuxblock.c | 1 + + src/udiskslinuxdrive.c | 1 + + src/udiskslinuxdriveata.c | 1 + + src/udiskslinuxencrypted.c | 1 + + src/udiskslinuxfilesystem.c | 1 + + src/udiskslinuxloop.c | 1 + + src/udiskslinuxmanager.c | 1 + + src/udiskslinuxmdraid.c | 1 + + src/udiskslinuxpartition.c | 1 + + src/udiskslinuxpartitiontable.c | 1 + + src/udiskslinuxswapspace.c | 1 + + 19 files changed, 459 insertions(+), 388 deletions(-) + create mode 100644 src/udisksauthorization.c + create mode 100644 src/udisksauthorization.h + +diff --git a/src/Makefile.am b/src/Makefile.am +index 4048854c..bb09560a 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -92,6 +92,7 @@ libudisks_daemon_la_SOURCES = \ + udisksmount.h udisksmount.c \ + udisksmountmonitor.h udisksmountmonitor.c \ + udisksdaemonutil.h udisksdaemonutil.c \ ++ udisksauthorization.h udisksauthorization.c \ + udiskslogging.h udiskslogging.c \ + udisksstate.h udisksstate.c \ + udisksprivate.h \ +diff --git a/src/udisksauthorization.c b/src/udisksauthorization.c +new file mode 100644 +index 00000000..f74e194a +--- /dev/null ++++ b/src/udisksauthorization.c +@@ -0,0 +1,382 @@ ++/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- ++ * ++ * Copyright (C) 2007-2010 David Zeuthen ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ * ++ */ ++ ++#include ++#include ++#include "udisksdaemon.h" ++#include "udisksdaemonutil.h" ++#include "udisksauthorization.h" ++ ++/* Need this until we can depend on a libpolkit with this bugfix ++ * ++ * http://cgit.freedesktop.org/polkit/commit/?h=wip/js-rule-files&id=224f7b892478302dccbe7e567b013d3c73d376fd ++ */ ++static void ++_safe_polkit_details_insert (PolkitDetails *details, const gchar *key, const gchar *value) ++{ ++ if (value != NULL && strlen (value) > 0) ++ polkit_details_insert (details, key, value); ++} ++ ++static void ++_safe_polkit_details_insert_int (PolkitDetails *details, const gchar *key, gint value) ++{ ++ gchar buf[32]; ++ snprintf (buf, sizeof buf, "%d", value); ++ polkit_details_insert (details, key, buf); ++} ++ ++static void ++_safe_polkit_details_insert_uint64 (PolkitDetails *details, const gchar *key, guint64 value) ++{ ++ gchar buf[32]; ++ snprintf (buf, sizeof buf, "0x%08llx", (unsigned long long int) value); ++ polkit_details_insert (details, key, buf); ++} ++ ++static gboolean ++check_authorization_no_polkit (UDisksDaemon *daemon, ++ UDisksObject *object, ++ const gchar *action_id, ++ GVariant *options, ++ const gchar *message, ++ GDBusMethodInvocation *invocation, ++ GError **error) ++{ ++ gboolean ret = FALSE; ++ uid_t caller_uid = -1; ++ GError *sub_error = NULL; ++ ++ if (!udisks_daemon_util_get_caller_uid_sync (daemon, ++ invocation, ++ NULL, /* GCancellable* */ ++ &caller_uid, ++ &sub_error)) ++ { ++ g_set_error (error, ++ UDISKS_ERROR, ++ UDISKS_ERROR_FAILED, ++ "Error getting uid for caller with bus name %s: %s (%s, %d)", ++ g_dbus_method_invocation_get_sender (invocation), ++ sub_error->message, g_quark_to_string (sub_error->domain), sub_error->code); ++ g_clear_error (&sub_error); ++ goto out; ++ } ++ ++ /* only allow root */ ++ if (caller_uid == 0) ++ { ++ ret = TRUE; ++ } ++ else ++ { ++ g_set_error (error, ++ UDISKS_ERROR, ++ UDISKS_ERROR_NOT_AUTHORIZED, ++ "Not authorized to perform operation (polkit authority not available and caller is not uid 0)"); ++ } ++ ++ out: ++ return ret; ++} ++ ++/** ++ * udisks_daemon_util_check_authorization_sync: ++ * @daemon: A #UDisksDaemon. ++ * @object: (allow-none): The #GDBusObject that the call is on or %NULL. ++ * @action_id: The action id to check for. ++ * @options: (allow-none): A #GVariant to check for the auth.no_user_interaction option or %NULL. ++ * @message: The message to convey (use N_). ++ * @invocation: The invocation to check for. ++ * ++ * Checks if the caller represented by @invocation is authorized for ++ * the action identified by @action_id, optionally displaying @message ++ * if authentication is needed. Additionally, if the caller is not ++ * authorized, the appropriate error is already returned to the caller ++ * via @invocation. ++ * ++ * The calling thread is blocked for the duration of the authorization ++ * check which could be a very long time since it may involve ++ * presenting an authentication dialog and having a human user use ++ * it. If auth.no_user_interaction in @options is %TRUE ++ * no authentication dialog will be presented and the check is not ++ * expected to take a long time. ++ * ++ * See for the variables that ++ * can be used in @message but note that not all variables can be used ++ * in all checks. For example, any check involving a #UDisksDrive or a ++ * #UDisksBlock object can safely include the fragment ++ * $(drive) since it will always expand to the name of ++ * the drive, e.g. INTEL SSDSA2MH080G1GC (/dev/sda1) or ++ * the block device file e.g. /dev/vg_lucifer/lv_root ++ * or /dev/sda1. However this won't work for operations ++ * that isn't on a drive or block device, for example calls on the ++ * Manager ++ * object. ++ * ++ * Returns: %TRUE if caller is authorized, %FALSE if not. ++ */ ++gboolean ++udisks_daemon_util_check_authorization_sync (UDisksDaemon *daemon, ++ UDisksObject *object, ++ const gchar *action_id, ++ GVariant *options, ++ const gchar *message, ++ GDBusMethodInvocation *invocation) ++{ ++ GError *error = NULL; ++ if (!udisks_daemon_util_check_authorization_sync_with_error (daemon, ++ object, ++ action_id, ++ options, ++ message, ++ invocation, ++ &error)) ++ { ++ g_dbus_method_invocation_take_error (invocation, error); ++ return FALSE; ++ } ++ ++ return TRUE; ++} ++ ++gboolean ++udisks_daemon_util_check_authorization_sync_with_error (UDisksDaemon *daemon, ++ UDisksObject *object, ++ const gchar *action_id, ++ GVariant *options, ++ const gchar *message, ++ GDBusMethodInvocation *invocation, ++ GError **error) ++{ ++ PolkitAuthority *authority = NULL; ++ PolkitSubject *subject = NULL; ++ PolkitDetails *details = NULL; ++ PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE; ++ PolkitAuthorizationResult *result = NULL; ++ GError *sub_error = NULL; ++ gboolean ret = FALSE; ++ UDisksBlock *block = NULL; ++ UDisksDrive *drive = NULL; ++ UDisksPartition *partition = NULL; ++ UDisksObject *block_object = NULL; ++ UDisksObject *drive_object = NULL; ++ gboolean auth_no_user_interaction = FALSE; ++ const gchar *details_device = NULL; ++ gchar *details_drive = NULL; ++ ++ authority = udisks_daemon_get_authority (daemon); ++ if (authority == NULL) ++ { ++ ret = check_authorization_no_polkit (daemon, object, action_id, options, message, invocation, error); ++ goto out; ++ } ++ ++ subject = polkit_system_bus_name_new (g_dbus_method_invocation_get_sender (invocation)); ++ if (options != NULL) ++ { ++ g_variant_lookup (options, ++ "auth.no_user_interaction", ++ "b", ++ &auth_no_user_interaction); ++ } ++ if (!auth_no_user_interaction) ++ flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION; ++ ++ details = polkit_details_new (); ++ polkit_details_insert (details, "polkit.message", message); ++ polkit_details_insert (details, "polkit.gettext_domain", "udisks2"); ++ ++ /* Find drive associated with the block device, if any */ ++ if (object != NULL) ++ { ++ block = udisks_object_get_block (object); ++ if (block != NULL) ++ { ++ block_object = g_object_ref (object); ++ drive_object = udisks_daemon_find_object (daemon, udisks_block_get_drive (block)); ++ if (drive_object != NULL) ++ drive = udisks_object_get_drive (drive_object); ++ } ++ ++ partition = udisks_object_get_partition (object); ++ ++ if (drive == NULL) ++ drive = udisks_object_get_drive (object); ++ } ++ ++ if (block != NULL) ++ details_device = udisks_block_get_preferred_device (block); ++ ++ /* If we have a drive, use vendor/model in the message (in addition to Block:preferred-device) */ ++ if (drive != NULL) ++ { ++ gchar *s; ++ const gchar *vendor; ++ const gchar *model; ++ ++ vendor = udisks_drive_get_vendor (drive); ++ model = udisks_drive_get_model (drive); ++ if (vendor == NULL) ++ vendor = ""; ++ if (model == NULL) ++ model = ""; ++ ++ if (strlen (vendor) > 0 && strlen (model) > 0) ++ s = g_strdup_printf ("%s %s", vendor, model); ++ else if (strlen (vendor) > 0) ++ s = g_strdup (vendor); ++ else ++ s = g_strdup (model); ++ ++ if (block != NULL) ++ { ++ details_drive = g_strdup_printf ("%s (%s)", s, udisks_block_get_preferred_device (block)); ++ } ++ else ++ { ++ details_drive = s; ++ s = NULL; ++ } ++ g_free (s); ++ ++ _safe_polkit_details_insert (details, "drive.wwn", udisks_drive_get_wwn (drive)); ++ _safe_polkit_details_insert (details, "drive.serial", udisks_drive_get_serial (drive)); ++ _safe_polkit_details_insert (details, "drive.vendor", udisks_drive_get_vendor (drive)); ++ _safe_polkit_details_insert (details, "drive.model", udisks_drive_get_model (drive)); ++ _safe_polkit_details_insert (details, "drive.revision", udisks_drive_get_revision (drive)); ++ if (udisks_drive_get_removable (drive)) ++ { ++ const gchar *const *media_compat; ++ GString *media_compat_str; ++ const gchar *sep = ","; ++ ++ polkit_details_insert (details, "drive.removable", "true"); ++ _safe_polkit_details_insert (details, "drive.removable.bus", udisks_drive_get_connection_bus (drive)); ++ ++ media_compat_str = g_string_new (NULL); ++ media_compat = udisks_drive_get_media_compatibility (drive); ++ if (media_compat) ++ { ++ guint i; ++ ++ for (i = 0; media_compat[i] && strlen(media_compat[i]); i++) ++ { ++ if (i) ++ g_string_append (media_compat_str, sep); ++ g_string_append (media_compat_str, media_compat[i]); ++ } ++ } ++ ++ _safe_polkit_details_insert (details, "drive.removable.media", media_compat_str->str); ++ g_string_free (media_compat_str, TRUE); ++ } ++ } ++ ++ if (block != NULL) ++ { ++ _safe_polkit_details_insert (details, "id.type", udisks_block_get_id_type (block)); ++ _safe_polkit_details_insert (details, "id.usage", udisks_block_get_id_usage (block)); ++ _safe_polkit_details_insert (details, "id.version", udisks_block_get_id_version (block)); ++ _safe_polkit_details_insert (details, "id.label", udisks_block_get_id_label (block)); ++ _safe_polkit_details_insert (details, "id.uuid", udisks_block_get_id_uuid (block)); ++ } ++ ++ if (partition != NULL) ++ { ++ _safe_polkit_details_insert_int (details, "partition.number", udisks_partition_get_number (partition)); ++ _safe_polkit_details_insert (details, "partition.type", udisks_partition_get_type_ (partition)); ++ _safe_polkit_details_insert_uint64 (details, "partition.flags", udisks_partition_get_flags (partition)); ++ _safe_polkit_details_insert (details, "partition.name", udisks_partition_get_name (partition)); ++ _safe_polkit_details_insert (details, "partition.uuid", udisks_partition_get_uuid (partition)); ++ } ++ ++ /* Fall back to Block:preferred-device */ ++ if (details_drive == NULL && block != NULL) ++ details_drive = udisks_block_dup_preferred_device (block); ++ ++ if (details_device != NULL) ++ polkit_details_insert (details, "device", details_device); ++ if (details_drive != NULL) ++ polkit_details_insert (details, "drive", details_drive); ++ ++ sub_error = NULL; ++ result = polkit_authority_check_authorization_sync (authority, ++ subject, ++ action_id, ++ details, ++ flags, ++ NULL, /* GCancellable* */ ++ &sub_error); ++ if (result == NULL) ++ { ++ if (sub_error->domain != POLKIT_ERROR) ++ { ++ /* assume polkit authority is not available (e.g. could be the service ++ * manager returning org.freedesktop.systemd1.Masked) ++ */ ++ g_clear_error (&sub_error); ++ ret = check_authorization_no_polkit (daemon, object, action_id, options, message, invocation, error); ++ } ++ else ++ { ++ g_set_error (error, ++ UDISKS_ERROR, ++ UDISKS_ERROR_FAILED, ++ "Error checking authorization: %s (%s, %d)", ++ sub_error->message, ++ g_quark_to_string (sub_error->domain), ++ sub_error->code); ++ g_clear_error (&sub_error); ++ } ++ goto out; ++ } ++ if (!polkit_authorization_result_get_is_authorized (result)) ++ { ++ if (polkit_authorization_result_get_dismissed (result)) ++ g_set_error (error, ++ UDISKS_ERROR, ++ UDISKS_ERROR_NOT_AUTHORIZED_DISMISSED, ++ "The authentication dialog was dismissed"); ++ else ++ g_set_error (error, ++ UDISKS_ERROR, ++ polkit_authorization_result_get_is_challenge (result) ? ++ UDISKS_ERROR_NOT_AUTHORIZED_CAN_OBTAIN : ++ UDISKS_ERROR_NOT_AUTHORIZED, ++ "Not authorized to perform operation"); ++ goto out; ++ } ++ ++ ret = TRUE; ++ ++ out: ++ g_free (details_drive); ++ g_clear_object (&block_object); ++ g_clear_object (&drive_object); ++ g_clear_object (&block); ++ g_clear_object (&partition); ++ g_clear_object (&drive); ++ g_clear_object (&subject); ++ g_clear_object (&details); ++ g_clear_object (&result); ++ return ret; ++} ++ +diff --git a/src/udisksauthorization.h b/src/udisksauthorization.h +new file mode 100644 +index 00000000..4903bb57 +--- /dev/null ++++ b/src/udisksauthorization.h +@@ -0,0 +1,63 @@ ++/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- ++ * ++ * Copyright (C) 2007-2010 David Zeuthen ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ * ++ */ ++ ++#ifndef __UDISKS_AUTHORIZATION_H__ ++#define __UDISKS_AUTHORIZATION_H__ ++ ++#include "udisksdaemontypes.h" ++#include ++ ++G_BEGIN_DECLS ++ ++gboolean udisks_daemon_util_check_authorization_sync (UDisksDaemon *daemon, ++ UDisksObject *object, ++ const gchar *action_id, ++ GVariant *options, ++ const gchar *message, ++ GDBusMethodInvocation *invocation); ++ ++gboolean udisks_daemon_util_check_authorization_sync_with_error (UDisksDaemon *daemon, ++ UDisksObject *object, ++ const gchar *action_id, ++ GVariant *options, ++ const gchar *message, ++ GDBusMethodInvocation *invocation, ++ GError **error); ++ ++/* Utility macro for policy verification. */ ++#define UDISKS_DAEMON_CHECK_AUTHORIZATION(daemon, \ ++ object, \ ++ action_id, \ ++ options, \ ++ message, \ ++ invocation) \ ++ if (! udisks_daemon_util_check_authorization_sync ((daemon), \ ++ (object), \ ++ (action_id), \ ++ (options), \ ++ (message), \ ++ (invocation))) \ ++ { \ ++ goto out; \ ++ } ++ ++G_END_DECLS ++ ++#endif /* __UDISKS_AUTHORIZATION_H__ */ +diff --git a/src/udisksbasejob.c b/src/udisksbasejob.c +index 71038ec9..08da42ce 100644 +--- a/src/udisksbasejob.c ++++ b/src/udisksbasejob.c +@@ -27,6 +27,7 @@ + #include "udisksbasejob.h" + #include "udisksdaemon.h" + #include "udisksdaemonutil.h" ++#include "udisksauthorization.h" + #include "udisks-daemon-marshal.h" + + #define MAX_SAMPLES 100 +diff --git a/src/udisksdaemon.h b/src/udisksdaemon.h +index c175054d..19b4bda3 100644 +--- a/src/udisksdaemon.h ++++ b/src/udisksdaemon.h +@@ -23,6 +23,7 @@ + + #include "config.h" + #include "udisksdaemontypes.h" ++#include "udisksauthorization.h" + + G_BEGIN_DECLS + +diff --git a/src/udisksdaemontypes.h b/src/udisksdaemontypes.h +index f23a29c5..1f4e8ba1 100644 +--- a/src/udisksdaemontypes.h ++++ b/src/udisksdaemontypes.h +@@ -23,7 +23,6 @@ + #include "config.h" + + #include +-#include + #include + #include + +diff --git a/src/udisksdaemonutil.c b/src/udisksdaemonutil.c +index 60134765..66489cb9 100644 +--- a/src/udisksdaemonutil.c ++++ b/src/udisksdaemonutil.c +@@ -617,362 +617,6 @@ udisks_daemon_util_setup_by_user (UDisksDaemon *daemon, + return ret; + } + +-/* Need this until we can depend on a libpolkit with this bugfix +- * +- * http://cgit.freedesktop.org/polkit/commit/?h=wip/js-rule-files&id=224f7b892478302dccbe7e567b013d3c73d376fd +- */ +-static void +-_safe_polkit_details_insert (PolkitDetails *details, const gchar *key, const gchar *value) +-{ +- if (value != NULL && strlen (value) > 0) +- polkit_details_insert (details, key, value); +-} +- +-static void +-_safe_polkit_details_insert_int (PolkitDetails *details, const gchar *key, gint value) +-{ +- gchar buf[32]; +- snprintf (buf, sizeof buf, "%d", value); +- polkit_details_insert (details, key, buf); +-} +- +-static void +-_safe_polkit_details_insert_uint64 (PolkitDetails *details, const gchar *key, guint64 value) +-{ +- gchar buf[32]; +- snprintf (buf, sizeof buf, "0x%08llx", (unsigned long long int) value); +- polkit_details_insert (details, key, buf); +-} +- +-static gboolean +-check_authorization_no_polkit (UDisksDaemon *daemon, +- UDisksObject *object, +- const gchar *action_id, +- GVariant *options, +- const gchar *message, +- GDBusMethodInvocation *invocation, +- GError **error) +-{ +- gboolean ret = FALSE; +- uid_t caller_uid = -1; +- GError *sub_error = NULL; +- +- if (!udisks_daemon_util_get_caller_uid_sync (daemon, +- invocation, +- NULL, /* GCancellable* */ +- &caller_uid, +- &sub_error)) +- { +- g_set_error (error, +- UDISKS_ERROR, +- UDISKS_ERROR_FAILED, +- "Error getting uid for caller with bus name %s: %s (%s, %d)", +- g_dbus_method_invocation_get_sender (invocation), +- sub_error->message, g_quark_to_string (sub_error->domain), sub_error->code); +- g_clear_error (&sub_error); +- goto out; +- } +- +- /* only allow root */ +- if (caller_uid == 0) +- { +- ret = TRUE; +- } +- else +- { +- g_set_error (error, +- UDISKS_ERROR, +- UDISKS_ERROR_NOT_AUTHORIZED, +- "Not authorized to perform operation (polkit authority not available and caller is not uid 0)"); +- } +- +- out: +- return ret; +-} +- +-/** +- * udisks_daemon_util_check_authorization_sync: +- * @daemon: A #UDisksDaemon. +- * @object: (allow-none): The #GDBusObject that the call is on or %NULL. +- * @action_id: The action id to check for. +- * @options: (allow-none): A #GVariant to check for the auth.no_user_interaction option or %NULL. +- * @message: The message to convey (use N_). +- * @invocation: The invocation to check for. +- * +- * Checks if the caller represented by @invocation is authorized for +- * the action identified by @action_id, optionally displaying @message +- * if authentication is needed. Additionally, if the caller is not +- * authorized, the appropriate error is already returned to the caller +- * via @invocation. +- * +- * The calling thread is blocked for the duration of the authorization +- * check which could be a very long time since it may involve +- * presenting an authentication dialog and having a human user use +- * it. If auth.no_user_interaction in @options is %TRUE +- * no authentication dialog will be presented and the check is not +- * expected to take a long time. +- * +- * See for the variables that +- * can be used in @message but note that not all variables can be used +- * in all checks. For example, any check involving a #UDisksDrive or a +- * #UDisksBlock object can safely include the fragment +- * $(drive) since it will always expand to the name of +- * the drive, e.g. INTEL SSDSA2MH080G1GC (/dev/sda1) or +- * the block device file e.g. /dev/vg_lucifer/lv_root +- * or /dev/sda1. However this won't work for operations +- * that isn't on a drive or block device, for example calls on the +- * Manager +- * object. +- * +- * Returns: %TRUE if caller is authorized, %FALSE if not. +- */ +-gboolean +-udisks_daemon_util_check_authorization_sync (UDisksDaemon *daemon, +- UDisksObject *object, +- const gchar *action_id, +- GVariant *options, +- const gchar *message, +- GDBusMethodInvocation *invocation) +-{ +- GError *error = NULL; +- if (!udisks_daemon_util_check_authorization_sync_with_error (daemon, +- object, +- action_id, +- options, +- message, +- invocation, +- &error)) +- { +- g_dbus_method_invocation_take_error (invocation, error); +- return FALSE; +- } +- +- return TRUE; +-} +- +-gboolean +-udisks_daemon_util_check_authorization_sync_with_error (UDisksDaemon *daemon, +- UDisksObject *object, +- const gchar *action_id, +- GVariant *options, +- const gchar *message, +- GDBusMethodInvocation *invocation, +- GError **error) +-{ +- PolkitAuthority *authority = NULL; +- PolkitSubject *subject = NULL; +- PolkitDetails *details = NULL; +- PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE; +- PolkitAuthorizationResult *result = NULL; +- GError *sub_error = NULL; +- gboolean ret = FALSE; +- UDisksBlock *block = NULL; +- UDisksDrive *drive = NULL; +- UDisksPartition *partition = NULL; +- UDisksObject *block_object = NULL; +- UDisksObject *drive_object = NULL; +- gboolean auth_no_user_interaction = FALSE; +- const gchar *details_device = NULL; +- gchar *details_drive = NULL; +- +- authority = udisks_daemon_get_authority (daemon); +- if (authority == NULL) +- { +- ret = check_authorization_no_polkit (daemon, object, action_id, options, message, invocation, error); +- goto out; +- } +- +- subject = polkit_system_bus_name_new (g_dbus_method_invocation_get_sender (invocation)); +- if (options != NULL) +- { +- g_variant_lookup (options, +- "auth.no_user_interaction", +- "b", +- &auth_no_user_interaction); +- } +- if (!auth_no_user_interaction) +- flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION; +- +- details = polkit_details_new (); +- polkit_details_insert (details, "polkit.message", message); +- polkit_details_insert (details, "polkit.gettext_domain", "udisks2"); +- +- /* Find drive associated with the block device, if any */ +- if (object != NULL) +- { +- block = udisks_object_get_block (object); +- if (block != NULL) +- { +- block_object = g_object_ref (object); +- drive_object = udisks_daemon_find_object (daemon, udisks_block_get_drive (block)); +- if (drive_object != NULL) +- drive = udisks_object_get_drive (drive_object); +- } +- +- partition = udisks_object_get_partition (object); +- +- if (drive == NULL) +- drive = udisks_object_get_drive (object); +- } +- +- if (block != NULL) +- details_device = udisks_block_get_preferred_device (block); +- +- /* If we have a drive, use vendor/model in the message (in addition to Block:preferred-device) */ +- if (drive != NULL) +- { +- gchar *s; +- const gchar *vendor; +- const gchar *model; +- +- vendor = udisks_drive_get_vendor (drive); +- model = udisks_drive_get_model (drive); +- if (vendor == NULL) +- vendor = ""; +- if (model == NULL) +- model = ""; +- +- if (strlen (vendor) > 0 && strlen (model) > 0) +- s = g_strdup_printf ("%s %s", vendor, model); +- else if (strlen (vendor) > 0) +- s = g_strdup (vendor); +- else +- s = g_strdup (model); +- +- if (block != NULL) +- { +- details_drive = g_strdup_printf ("%s (%s)", s, udisks_block_get_preferred_device (block)); +- } +- else +- { +- details_drive = s; +- s = NULL; +- } +- g_free (s); +- +- _safe_polkit_details_insert (details, "drive.wwn", udisks_drive_get_wwn (drive)); +- _safe_polkit_details_insert (details, "drive.serial", udisks_drive_get_serial (drive)); +- _safe_polkit_details_insert (details, "drive.vendor", udisks_drive_get_vendor (drive)); +- _safe_polkit_details_insert (details, "drive.model", udisks_drive_get_model (drive)); +- _safe_polkit_details_insert (details, "drive.revision", udisks_drive_get_revision (drive)); +- if (udisks_drive_get_removable (drive)) +- { +- const gchar *const *media_compat; +- GString *media_compat_str; +- const gchar *sep = ","; +- +- polkit_details_insert (details, "drive.removable", "true"); +- _safe_polkit_details_insert (details, "drive.removable.bus", udisks_drive_get_connection_bus (drive)); +- +- media_compat_str = g_string_new (NULL); +- media_compat = udisks_drive_get_media_compatibility (drive); +- if (media_compat) +- { +- guint i; +- +- for (i = 0; media_compat[i] && strlen(media_compat[i]); i++) +- { +- if (i) +- g_string_append (media_compat_str, sep); +- g_string_append (media_compat_str, media_compat[i]); +- } +- } +- +- _safe_polkit_details_insert (details, "drive.removable.media", media_compat_str->str); +- g_string_free (media_compat_str, TRUE); +- } +- } +- +- if (block != NULL) +- { +- _safe_polkit_details_insert (details, "id.type", udisks_block_get_id_type (block)); +- _safe_polkit_details_insert (details, "id.usage", udisks_block_get_id_usage (block)); +- _safe_polkit_details_insert (details, "id.version", udisks_block_get_id_version (block)); +- _safe_polkit_details_insert (details, "id.label", udisks_block_get_id_label (block)); +- _safe_polkit_details_insert (details, "id.uuid", udisks_block_get_id_uuid (block)); +- } +- +- if (partition != NULL) +- { +- _safe_polkit_details_insert_int (details, "partition.number", udisks_partition_get_number (partition)); +- _safe_polkit_details_insert (details, "partition.type", udisks_partition_get_type_ (partition)); +- _safe_polkit_details_insert_uint64 (details, "partition.flags", udisks_partition_get_flags (partition)); +- _safe_polkit_details_insert (details, "partition.name", udisks_partition_get_name (partition)); +- _safe_polkit_details_insert (details, "partition.uuid", udisks_partition_get_uuid (partition)); +- } +- +- /* Fall back to Block:preferred-device */ +- if (details_drive == NULL && block != NULL) +- details_drive = udisks_block_dup_preferred_device (block); +- +- if (details_device != NULL) +- polkit_details_insert (details, "device", details_device); +- if (details_drive != NULL) +- polkit_details_insert (details, "drive", details_drive); +- +- sub_error = NULL; +- result = polkit_authority_check_authorization_sync (authority, +- subject, +- action_id, +- details, +- flags, +- NULL, /* GCancellable* */ +- &sub_error); +- if (result == NULL) +- { +- if (sub_error->domain != POLKIT_ERROR) +- { +- /* assume polkit authority is not available (e.g. could be the service +- * manager returning org.freedesktop.systemd1.Masked) +- */ +- g_clear_error (&sub_error); +- ret = check_authorization_no_polkit (daemon, object, action_id, options, message, invocation, error); +- } +- else +- { +- g_set_error (error, +- UDISKS_ERROR, +- UDISKS_ERROR_FAILED, +- "Error checking authorization: %s (%s, %d)", +- sub_error->message, +- g_quark_to_string (sub_error->domain), +- sub_error->code); +- g_clear_error (&sub_error); +- } +- goto out; +- } +- if (!polkit_authorization_result_get_is_authorized (result)) +- { +- if (polkit_authorization_result_get_dismissed (result)) +- g_set_error (error, +- UDISKS_ERROR, +- UDISKS_ERROR_NOT_AUTHORIZED_DISMISSED, +- "The authentication dialog was dismissed"); +- else +- g_set_error (error, +- UDISKS_ERROR, +- polkit_authorization_result_get_is_challenge (result) ? +- UDISKS_ERROR_NOT_AUTHORIZED_CAN_OBTAIN : +- UDISKS_ERROR_NOT_AUTHORIZED, +- "Not authorized to perform operation"); +- goto out; +- } +- +- ret = TRUE; +- +- out: +- g_free (details_drive); +- g_clear_object (&block_object); +- g_clear_object (&drive_object); +- g_clear_object (&block); +- g_clear_object (&partition); +- g_clear_object (&drive); +- g_clear_object (&subject); +- g_clear_object (&details); +- g_clear_object (&result); +- return ret; +-} +- + /* ---------------------------------------------------------------------------------------------------- */ + + static gboolean +diff --git a/src/udisksdaemonutil.h b/src/udisksdaemonutil.h +index 2d7ac981..bd628acb 100644 +--- a/src/udisksdaemonutil.h ++++ b/src/udisksdaemonutil.h +@@ -74,21 +74,6 @@ gboolean udisks_daemon_util_on_user_seat (UDisksDaemon *daemon, + UDisksObject *object, + uid_t user); + +-gboolean udisks_daemon_util_check_authorization_sync (UDisksDaemon *daemon, +- UDisksObject *object, +- const gchar *action_id, +- GVariant *options, +- const gchar *message, +- GDBusMethodInvocation *invocation); +- +-gboolean udisks_daemon_util_check_authorization_sync_with_error (UDisksDaemon *daemon, +- UDisksObject *object, +- const gchar *action_id, +- GVariant *options, +- const gchar *message, +- GDBusMethodInvocation *invocation, +- GError **error); +- + gboolean udisks_daemon_util_get_user_info (const uid_t uid, + gid_t *out_gid, + gchar **out_user_name, +@@ -129,22 +114,6 @@ gchar *udisks_daemon_util_get_free_mdraid_device (void); + + guint16 udisks_ata_identify_get_word (const guchar *identify_data, guint word_number); + +-/* Utility macro for policy verification. */ +-#define UDISKS_DAEMON_CHECK_AUTHORIZATION(daemon, \ +- object, \ +- action_id, \ +- options, \ +- message, \ +- invocation) \ +- if (! udisks_daemon_util_check_authorization_sync ((daemon), \ +- (object), \ +- (action_id), \ +- (options), \ +- (message), \ +- (invocation))) \ +- { \ +- goto out; \ +- } + + G_END_DECLS + +diff --git a/src/udiskslinuxblock.c b/src/udiskslinuxblock.c +index 901426ad..b1dd869c 100644 +--- a/src/udiskslinuxblock.c ++++ b/src/udiskslinuxblock.c +@@ -53,6 +53,7 @@ + #include "udisksprivate.h" + #include "udisksconfigmanager.h" + #include "udisksdaemonutil.h" ++#include "udisksauthorization.h" + #include "udiskslinuxprovider.h" + #include "udisksfstabentry.h" + #include "udiskscrypttabmonitor.h" +diff --git a/src/udiskslinuxdrive.c b/src/udiskslinuxdrive.c +index 592d3edc..f2f39b57 100644 +--- a/src/udiskslinuxdrive.c ++++ b/src/udiskslinuxdrive.c +@@ -49,6 +49,7 @@ + #include "udiskslinuxblockobject.h" + #include "udisksdaemon.h" + #include "udisksdaemonutil.h" ++#include "udisksauthorization.h" + #include "udiskslinuxdevice.h" + #include "udisksconfigmanager.h" + +diff --git a/src/udiskslinuxdriveata.c b/src/udiskslinuxdriveata.c +index 5ebdcd76..cd153d72 100644 +--- a/src/udiskslinuxdriveata.c ++++ b/src/udiskslinuxdriveata.c +@@ -45,6 +45,7 @@ + #include "udiskslinuxblockobject.h" + #include "udisksdaemon.h" + #include "udisksdaemonutil.h" ++#include "udisksauthorization.h" + #include "udisksbasejob.h" + #include "udiskssimplejob.h" + #include "udisksthreadedjob.h" +diff --git a/src/udiskslinuxencrypted.c b/src/udiskslinuxencrypted.c +index c3a0821a..5678cd47 100644 +--- a/src/udiskslinuxencrypted.c ++++ b/src/udiskslinuxencrypted.c +@@ -37,6 +37,7 @@ + #include "udiskslinuxblockobject.h" + #include "udisksdaemon.h" + #include "udisksdaemonutil.h" ++#include "udisksauthorization.h" + #include "udisksstate.h" + #include "udiskslinuxdevice.h" + #include "udiskslinuxblock.h" +diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c +index 279d952b..5355fc8d 100644 +--- a/src/udiskslinuxfilesystem.c ++++ b/src/udiskslinuxfilesystem.c +@@ -50,6 +50,7 @@ + #include "udisksdaemon.h" + #include "udisksstate.h" + #include "udisksdaemonutil.h" ++#include "udisksauthorization.h" + #include "udisksmountmonitor.h" + #include "udisksmount.h" + #include "udiskslinuxdevice.h" +diff --git a/src/udiskslinuxloop.c b/src/udiskslinuxloop.c +index 5d7e3553..5854220e 100644 +--- a/src/udiskslinuxloop.c ++++ b/src/udiskslinuxloop.c +@@ -42,6 +42,7 @@ + #include "udisksdaemon.h" + #include "udisksstate.h" + #include "udisksdaemonutil.h" ++#include "udisksauthorization.h" + #include "udiskslinuxdevice.h" + #include "udiskssimplejob.h" + +diff --git a/src/udiskslinuxmanager.c b/src/udiskslinuxmanager.c +index 8af65d97..f6601195 100644 +--- a/src/udiskslinuxmanager.c ++++ b/src/udiskslinuxmanager.c +@@ -41,6 +41,7 @@ + #include "udiskslinuxmanager.h" + #include "udisksdaemon.h" + #include "udisksdaemonutil.h" ++#include "udisksauthorization.h" + #include "udisksstate.h" + #include "udiskslinuxblockobject.h" + #include "udiskslinuxdevice.h" +diff --git a/src/udiskslinuxmdraid.c b/src/udiskslinuxmdraid.c +index 4560a7ab..361383c9 100644 +--- a/src/udiskslinuxmdraid.c ++++ b/src/udiskslinuxmdraid.c +@@ -43,6 +43,7 @@ + #include "udisksdaemon.h" + #include "udisksstate.h" + #include "udisksdaemonutil.h" ++#include "udisksauthorization.h" + #include "udiskslinuxdevice.h" + #include "udiskslinuxblock.h" + #include "udiskssimplejob.h" +diff --git a/src/udiskslinuxpartition.c b/src/udiskslinuxpartition.c +index ff0fdfc0..7937257a 100644 +--- a/src/udiskslinuxpartition.c ++++ b/src/udiskslinuxpartition.c +@@ -40,6 +40,7 @@ + #include "udiskslinuxblockobject.h" + #include "udisksdaemon.h" + #include "udisksdaemonutil.h" ++#include "udisksauthorization.h" + #include "udiskslinuxdevice.h" + #include "udiskslinuxblock.h" + #include "udiskssimplejob.h" +diff --git a/src/udiskslinuxpartitiontable.c b/src/udiskslinuxpartitiontable.c +index e43a0708..63c295bb 100644 +--- a/src/udiskslinuxpartitiontable.c ++++ b/src/udiskslinuxpartitiontable.c +@@ -39,6 +39,7 @@ + #include "udiskslinuxblockobject.h" + #include "udisksdaemon.h" + #include "udisksdaemonutil.h" ++#include "udisksauthorization.h" + #include "udiskslinuxdevice.h" + #include "udiskslinuxblock.h" + #include "udiskslinuxpartition.h" +diff --git a/src/udiskslinuxswapspace.c b/src/udiskslinuxswapspace.c +index bb47f3d4..6998b6ab 100644 +--- a/src/udiskslinuxswapspace.c ++++ b/src/udiskslinuxswapspace.c +@@ -35,6 +35,7 @@ + #include "udiskslinuxblockobject.h" + #include "udisksdaemon.h" + #include "udisksdaemonutil.h" ++#include "udisksauthorization.h" + #include "udisksmountmonitor.h" + #include "udiskslinuxdevice.h" + #include "udisksthreadedjob.h" +-- +2.30.2 + diff --git a/buildroot-external/package/udisks2/0002-Make-polkit-dependency-optional.patch b/buildroot-external/package/udisks2/0002-Make-polkit-dependency-optional.patch new file mode 100644 index 000000000..0fc5b97a1 --- /dev/null +++ b/buildroot-external/package/udisks2/0002-Make-polkit-dependency-optional.patch @@ -0,0 +1,264 @@ +From 573a9b6988c48abb7579acbe634d6b532ecb8517 Mon Sep 17 00:00:00 2001 +Message-Id: <573a9b6988c48abb7579acbe634d6b532ecb8517.1616318066.git.stefan@agner.ch> +In-Reply-To: +References: +From: Stefan Agner +Date: Sat, 13 Mar 2021 15:24:45 +0100 +Subject: [PATCH 2/3] Make polkit dependency optional + +Make authorization using polkit a compile time option. This allows to +build udisks2 without polkit. + +Fixes: #615 +--- + configure.ac | 33 +++++++++++++++---- + data/Makefile.am | 2 ++ + src/udisksauthorization.c | 68 +++++++++++++++++++++++---------------- + src/udisksauthorization.h | 5 +++ + src/udisksdaemon.c | 2 ++ + tools/udisksctl.c | 13 ++++++++ + 6 files changed, 89 insertions(+), 34 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 53917998..7d95bc91 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -150,13 +150,31 @@ PKG_CHECK_MODULES(GIO, [gio-unix-2.0 >= 2.50]) + AC_SUBST(GIO_CFLAGS) + AC_SUBST(GIO_LIBS) + +-PKG_CHECK_MODULES(POLKIT_GOBJECT_1, [polkit-gobject-1 >= 0.102]) +-AC_SUBST(POLKIT_GOBJECT_1_CFLAGS) +-AC_SUBST(POLKIT_GOBJECT_1_LIBS) +- +-PKG_CHECK_MODULES(POLKIT_AGENT_1, [polkit-agent-1 >= 0.102]) +-AC_SUBST(POLKIT_AGENT_1_CFLAGS) +-AC_SUBST(POLKIT_AGENT_1_LIBS) ++have_polkit=no ++AC_ARG_ENABLE(polkit, AS_HELP_STRING([--disable-polkit], [disable polkit support])) ++if test "x$enable_polkit" != "xno"; then ++ PKG_CHECK_MODULES(POLKIT_GOBJECT_1, [polkit-gobject-1 >= 0.102], ++ [have_polkit_gobject=yes], ++ [have_polkit_gobject=no]) ++ if test "x$have_polkit_gobject" = "xno"; then ++ AC_MSG_ERROR([polkit support requested but polkit-gobject libraries not found]) ++ fi ++ AC_SUBST(POLKIT_GOBJECT_1_CFLAGS) ++ AC_SUBST(POLKIT_GOBJECT_1_LIBS) ++ ++ PKG_CHECK_MODULES(POLKIT_AGENT_1, [polkit-agent-1 >= 0.102], ++ [have_polkit_agent=yes], ++ [have_polkit_agent=no]) ++ if test "x$have_polkit_agent" = "xno"; then ++ AC_MSG_ERROR([polkit support requested but polkit-agent libraries not found]) ++ fi ++ AC_SUBST(POLKIT_AGENT_1_CFLAGS) ++ AC_SUBST(POLKIT_AGENT_1_LIBS) ++ if test "$have_polkit_gobject" = "yes" -a "$have_polkit_agent" = "yes"; then ++ have_polkit=yes ++ fi ++fi ++AM_CONDITIONAL(HAVE_POLKIT, [test "$have_polkit" = "yes"]) + + if test "x$enable_daemon" = "xyes"; then + PKG_CHECK_MODULES(GUDEV, [gudev-1.0 >= 165]) +@@ -793,6 +811,7 @@ echo " + using libelogind: ${have_libelogind} + use /media for mounting: ${fhs_media} + acl support: ${have_acl} ++ polkit support: ${have_polkit} + using libmount/utab: ${have_libmount_utab} + + compiler: ${CC} +diff --git a/data/Makefile.am b/data/Makefile.am +index 758644be..bf4f29b8 100644 +--- a/data/Makefile.am ++++ b/data/Makefile.am +@@ -31,6 +31,7 @@ endif + udevrulesdir = $(udevdir)/rules.d + udevrules_DATA = 80-udisks2.rules + ++if HAVE_POLKIT + polkitdir = $(datadir)/polkit-1/actions + polkit_in_files = org.freedesktop.UDisks2.policy.in + polkit_DATA = $(polkit_in_files:.policy.in=.policy) +@@ -38,6 +39,7 @@ polkit_DATA = $(polkit_in_files:.policy.in=.policy) + $(polkit_DATA): $(polkit_in_files) + $(AM_V_GEN) $(MSGFMT) --xml --template $< -d $(top_srcdir)/po -o $@ + endif ++endif + + completionsdir = $(datadir)/bash-completion/completions + completions_DATA = \ +diff --git a/src/udisksauthorization.c b/src/udisksauthorization.c +index f74e194a..0256cef9 100644 +--- a/src/udisksauthorization.c ++++ b/src/udisksauthorization.c +@@ -24,33 +24,6 @@ + #include "udisksdaemonutil.h" + #include "udisksauthorization.h" + +-/* Need this until we can depend on a libpolkit with this bugfix +- * +- * http://cgit.freedesktop.org/polkit/commit/?h=wip/js-rule-files&id=224f7b892478302dccbe7e567b013d3c73d376fd +- */ +-static void +-_safe_polkit_details_insert (PolkitDetails *details, const gchar *key, const gchar *value) +-{ +- if (value != NULL && strlen (value) > 0) +- polkit_details_insert (details, key, value); +-} +- +-static void +-_safe_polkit_details_insert_int (PolkitDetails *details, const gchar *key, gint value) +-{ +- gchar buf[32]; +- snprintf (buf, sizeof buf, "%d", value); +- polkit_details_insert (details, key, buf); +-} +- +-static void +-_safe_polkit_details_insert_uint64 (PolkitDetails *details, const gchar *key, guint64 value) +-{ +- gchar buf[32]; +- snprintf (buf, sizeof buf, "0x%08llx", (unsigned long long int) value); +- polkit_details_insert (details, key, buf); +-} +- + static gboolean + check_authorization_no_polkit (UDisksDaemon *daemon, + UDisksObject *object, +@@ -157,6 +130,34 @@ udisks_daemon_util_check_authorization_sync (UDisksDaemon *daemon, + return TRUE; + } + ++#ifdef HAVE_POLKIT ++/* Need this until we can depend on a libpolkit with this bugfix ++ * ++ * http://cgit.freedesktop.org/polkit/commit/?h=wip/js-rule-files&id=224f7b892478302dccbe7e567b013d3c73d376fd ++ */ ++static void ++_safe_polkit_details_insert (PolkitDetails *details, const gchar *key, const gchar *value) ++{ ++ if (value != NULL && strlen (value) > 0) ++ polkit_details_insert (details, key, value); ++} ++ ++static void ++_safe_polkit_details_insert_int (PolkitDetails *details, const gchar *key, gint value) ++{ ++ gchar buf[32]; ++ snprintf (buf, sizeof buf, "%d", value); ++ polkit_details_insert (details, key, buf); ++} ++ ++static void ++_safe_polkit_details_insert_uint64 (PolkitDetails *details, const gchar *key, guint64 value) ++{ ++ gchar buf[32]; ++ snprintf (buf, sizeof buf, "0x%08llx", (unsigned long long int) value); ++ polkit_details_insert (details, key, buf); ++} ++ + gboolean + udisks_daemon_util_check_authorization_sync_with_error (UDisksDaemon *daemon, + UDisksObject *object, +@@ -379,4 +380,17 @@ udisks_daemon_util_check_authorization_sync_with_error (UDisksDaemon * + g_clear_object (&result); + return ret; + } ++#else ++gboolean ++udisks_daemon_util_check_authorization_sync_with_error (UDisksDaemon *daemon, ++ UDisksObject *object, ++ const gchar *action_id, ++ GVariant *options, ++ const gchar *message, ++ GDBusMethodInvocation *invocation, ++ GError **error) ++{ ++ return check_authorization_no_polkit (daemon, object, action_id, options, message, invocation, error); ++} ++#endif + +diff --git a/src/udisksauthorization.h b/src/udisksauthorization.h +index 4903bb57..64dcf4e4 100644 +--- a/src/udisksauthorization.h ++++ b/src/udisksauthorization.h +@@ -22,7 +22,12 @@ + #define __UDISKS_AUTHORIZATION_H__ + + #include "udisksdaemontypes.h" ++ ++#ifdef HAVE_POLKIT + #include ++#else ++typedef void* PolkitAuthority; ++#endif + + G_BEGIN_DECLS + +diff --git a/src/udisksdaemon.c b/src/udisksdaemon.c +index 51e2bb5c..8995167f 100644 +--- a/src/udisksdaemon.c ++++ b/src/udisksdaemon.c +@@ -379,6 +379,7 @@ udisks_daemon_constructed (GObject *object) + uuid_unparse (uuid, &uuid_buf[0]); + daemon->uuid = g_strdup (uuid_buf); + ++#ifdef HAVE_POLKIT + daemon->authority = polkit_authority_get_sync (NULL, &error); + if (daemon->authority == NULL) + { +@@ -386,6 +387,7 @@ udisks_daemon_constructed (GObject *object) + error->message, g_quark_to_string (error->domain), error->code); + g_clear_error (&error); + } ++#endif + + daemon->object_manager = g_dbus_object_manager_server_new ("/org/freedesktop/UDisks2"); + +diff --git a/tools/udisksctl.c b/tools/udisksctl.c +index 7a5de65d..feacfa6d 100644 +--- a/tools/udisksctl.c ++++ b/tools/udisksctl.c +@@ -35,9 +35,11 @@ + + #include + ++#ifdef HAVE_POLKIT + #include + #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE + #include ++#endif + + static UDisksClient *client = NULL; + static GMainLoop *loop = NULL; +@@ -57,6 +59,7 @@ static void modify_argv0_for_command (gint *argc, gchar **argv[], const gchar *c + + /* ---------------------------------------------------------------------------------------------------- */ + ++#ifdef HAVE_POLKIT + static PolkitAgentListener *local_polkit_agent = NULL; + static gpointer local_agent_handle = NULL; + +@@ -119,6 +122,16 @@ shutdown_local_polkit_agent (void) + if (local_polkit_agent != NULL) + g_object_unref (local_polkit_agent); + } ++#else ++static gboolean ++setup_local_polkit_agent (void) ++{ ++ return TRUE; ++} ++ ++static void ++shutdown_local_polkit_agent (void) { } ++#endif + + + /* ---------------------------------------------------------------------------------------------------- */ +-- +2.30.2 + diff --git a/buildroot-external/package/udisks2/0003-Avoid-autoreconf-error-if-introspection-macros-are-n.patch b/buildroot-external/package/udisks2/0003-Avoid-autoreconf-error-if-introspection-macros-are-n.patch new file mode 100644 index 000000000..a4083ae4b --- /dev/null +++ b/buildroot-external/package/udisks2/0003-Avoid-autoreconf-error-if-introspection-macros-are-n.patch @@ -0,0 +1,34 @@ +From 25b38dee43559d58f1bf9cc464107f32f476c753 Mon Sep 17 00:00:00 2001 +Message-Id: <25b38dee43559d58f1bf9cc464107f32f476c753.1616318066.git.stefan@agner.ch> +In-Reply-To: +References: +From: Stefan Agner +Date: Fri, 19 Mar 2021 15:54:30 +0100 +Subject: [PATCH 3/3] Avoid autoreconf error if introspection macros are not + available + +Don't make macros for introspection mandatory. This allows to run +autoreconf even without GObject introspection automake macros available. +--- + configure.ac | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 7d95bc91..30096af9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -123,7 +123,10 @@ AC_ARG_ENABLE(daemon, + enable_daemon=yes) + AM_CONDITIONAL(ENABLE_DAEMON, test "$enable_daemon" != no) + +-GOBJECT_INTROSPECTION_CHECK([0.6.2]) ++m4_ifdef([GOBJECT_INTROSPECTION_CHECK], [ ++ GOBJECT_INTROSPECTION_CHECK([0.6.2]) ++]) ++AM_CONDITIONAL(HAVE_INTROSPECTION, test "x$found_introspection" = "xyes") + + # Behavior + # +-- +2.30.2 + diff --git a/buildroot-external/package/udisks2/Config.in b/buildroot-external/package/udisks2/Config.in new file mode 100644 index 000000000..82f3ac920 --- /dev/null +++ b/buildroot-external/package/udisks2/Config.in @@ -0,0 +1,62 @@ +config BR2_PACKAGE_UDISKS2 + bool "udisks2" + depends on BR2_ENABLE_LOCALE # parted + depends on BR2_PACKAGE_HAS_UDEV + depends on BR2_USE_MMU # lvm2 + depends on BR2_USE_WCHAR # dbus-glib -> glib2 + depends on !BR2_TOOLCHAIN_USES_UCLIBC # polkit, lvm2 + select BR2_PACKAGE_DBUS + select BR2_PACKAGE_DBUS_GLIB + select BR2_PACKAGE_LIBATASMART + select BR2_PACKAGE_LIBBLOCKDEV + select BR2_PACKAGE_LIBBLOCKDEV_CRYPTO + select BR2_PACKAGE_LIBBLOCKDEV_FS + select BR2_PACKAGE_LIBBLOCKDEV_LOOP + select BR2_PACKAGE_LIBBLOCKDEV_MDRAID + select BR2_PACKAGE_LIBBLOCKDEV_PART + select BR2_PACKAGE_LIBBLOCKDEV_SWAP + select BR2_PACKAGE_LIBGUDEV + select BR2_PACKAGE_PARTED + help + The udisks2 project provides + + o A storage daemon that implements well-defined D-Bus + interfaces that can be used to query and manipulate + storage devices. + + o a command-line tool, udisksctl(1), that can be used to query + and use the daemon + + https://github.com/storaged-project/udisks + +if BR2_PACKAGE_UDISKS2 + +config BR2_PACKAGE_UDISKS2_LVM2 + bool "lvm2 support" + # The lvm app library can't compile against musl + depends on BR2_TOOLCHAIN_USES_GLIBC + depends on !BR2_STATIC_LIBS + select BR2_PACKAGE_LVM2 + select BR2_PACKAGE_LVM2_APP_LIBRARY + help + Enable LVM2 support + +comment "lvm2 support needs a glibc toolchain" + depends on !BR2_TOOLCHAIN_USES_GLIBC + +endif + +comment "udisks2 needs udev /dev management" + depends on BR2_USE_MMU + depends on !BR2_PACKAGE_HAS_UDEV + +comment "udisks2 needs a glibc or musl toolchain with locale, C++, wchar, dynamic library, NPTL, gcc >= 4.9" + depends on BR2_USE_MMU + depends on BR2_PACKAGE_SPIDERMONKEY_ARCH_SUPPORTS + depends on !BR2_ENABLE_LOCALE || BR2_TOOLCHAIN_USES_UCLIBC || \ + !BR2_INSTALL_LIBSTDCPP || \ + BR2_STATIC_LIBS || \ + !BR2_TOOLCHAIN_HAS_THREADS_NPTL || \ + !BR2_HOST_GCC_AT_LEAST_4_9 || \ + !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 || \ + !BR2_USE_WCHAR diff --git a/buildroot-external/package/udisks2/udisks2.hash b/buildroot-external/package/udisks2/udisks2.hash new file mode 100644 index 000000000..f3b33c8bf --- /dev/null +++ b/buildroot-external/package/udisks2/udisks2.hash @@ -0,0 +1,3 @@ +# Locally calculated +sha256 bda6f9d7edc632c57e55862731a8ffeff2413fa4346708a22bf31ed72b0fe058 udisks-2.9.2.tar.bz2 +sha256 98046e932dc6c739001e79d7079a3bd958fc55475dcd917d27f884c0c93525cc COPYING diff --git a/buildroot-external/package/udisks2/udisks2.mk b/buildroot-external/package/udisks2/udisks2.mk new file mode 100644 index 000000000..40243985b --- /dev/null +++ b/buildroot-external/package/udisks2/udisks2.mk @@ -0,0 +1,41 @@ +################################################################################ +# +# udisks2 +# +################################################################################ + +UDISKS2_VERSION = 2.9.2 +UDISKS2_SITE = https://github.com/storaged-project/udisks/releases/download/udisks-$(UDISKS2_VERSION) +UDISKS2_SOURCE = udisks-$(UDISKS2_VERSION).tar.bz2 +UDISKS2_LICENSE = GPL-2.0+ +UDISKS2_LICENSE_FILES = COPYING +# For 0002-Make-polkit-dependency-optional.patch +# Running autoreconf when GObject Introspection is not selected +# requires 0003-Avoid-autoreconf-error-if-introspection-macros-are-n.patch +UDISKS2_AUTORECONF = YES + +UDISKS2_DEPENDENCIES = \ + host-pkgconf \ + dbus \ + dbus-glib \ + libatasmart \ + libblockdev \ + libgudev \ + lvm2 \ + parted \ + udev + +UDISKS2_CONF_OPTS = --disable-polkit --disable-man + +ifeq ($(BR2_PACKAGE_GOBJECT_INTROSPECTION),y) +UDISKS2_CONF_OPTS += --enable-introspection +UDISKS2_DEPENDENCIES += gobject-introspection +else +UDISKS2_CONF_OPTS += --disable-introspection +endif + +ifeq ($(BR2_PACKAGE_UDISKS2_LVM2),y) +UDISKS2_CONF_OPTS += --enable-lvm2 +endif + +$(eval $(autotools-package))