sys-auth/polkit: fix feature detection reliant on K&R C

Closes: https://bugs.gentoo.org/938870
Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>

2 files changed, 217 insertions, 0 deletions

diff --git a/sys-auth/polkit/files/8cf58abef12e61f369af3f583af349b0e086ba27.patch b/sys-auth/polkit/files/8cf58abef12e61f369af3f583af349b0e086ba27.patch
new file mode 100644
index 000000000000..44a6958eb493
--- /dev/null
+++ b/sys-auth/polkit/files/8cf58abef12e61f369af3f583af349b0e086ba27.patch
@@ -0,0 +1,58 @@
+From 8cf58abef12e61f369af3f583af349b0e086ba27 Mon Sep 17 00:00:00 2001
+From: Eli Schwartz <eschwartz@gentoo.org>
+Date: Sun, 20 Oct 2024 15:18:55 -0400
+Subject: [PATCH] meson: correctly test for setnetgrent return type
+
+meson doesn't automatically add all project arguments to configure
+checks -- nor incrementally the inline value of all configuration_data
+entries.
+
+But that meant it was missing -D_GNU_SOURCE, as well as a define added
+to config.h itself. As a result, this check failed to detect the
+necessary function definition and failed to link.
+
+```
+Command line: `gcc-14 /var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c -o /var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/output.obj -c -pipe -march=native -fstack-protector-all -O2 -fdiagnostics-color=always -frecord-gcc-switches -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing -Wformat -Werror=format-security -Werror=implicit-function-declaration -Werror=implicit-int -Werror=int-conversion -Werror=incompatible-pointer-types -D_FILE_OFFSET_BITS=64 -O0 -std=c99` -> 1
+stderr:
+/var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c: In function 'main':
+/var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c:9:17: error: implicit declaration of function 'setnetgrent'; did you mean 'setnetent'? [-Wimplicit-function-declaration]
+    9 |         int r = setnetgrent (NULL);
+      |                 ^~~~~~~~~~~
+      |                 setnetent
+-----------
+Checking if "setnetgrent return support" compiles: NO
+```
+
+Bug: https://bugs.gentoo.org/938870
+Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>
+---
+ meson.build | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 0800c88..a0b440d 100644
+--- a/meson.build
++++ b/meson.build
+@@ -159,7 +159,8 @@ host_system = host_machine.system()
+ config_data.set('HAVE_' + host_system.to_upper(), true)
+ 
+ # Check whether setnetgrent has a return value
+-config_data.set('HAVE_NETGROUP_H', cc.has_header('netgroup.h'))
++have_netgroup_h = cc.has_header('netgroup.h')
++config_data.set('HAVE_NETGROUP_H', have_netgroup_h)
+ 
+ if config_data.get('HAVE_SETNETGRENT', false)
+   setnetgrent_return_src = '''
+@@ -174,7 +175,11 @@ if config_data.get('HAVE_SETNETGRENT', false)
+     };
+   '''
+ 
+-  config_data.set('HAVE_SETNETGRENT_RETURN', cc.compiles(setnetgrent_return_src, name: 'setnetgrent return support'))
++  args = ['-D_GNU_SOURCE']
++  if have_netgroup_h
++    args += '-DHAVE_NETGROUP_H'
++  endif
++  config_data.set('HAVE_SETNETGRENT_RETURN', cc.compiles(setnetgrent_return_src, args: args, name: 'setnetgrent return support'))
+ endif
+ 
+ # Select wether to use logind, elogind or ConsoleKit for session tracking
diff --git a/sys-auth/polkit/polkit-125-r1.ebuild b/sys-auth/polkit/polkit-125-r1.ebuild
new file mode 100644
index 000000000000..bc29505bda4f
--- /dev/null
+++ b/sys-auth/polkit/polkit-125-r1.ebuild
@@ -0,0 +1,159 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
+if [[ ${PV} == *_p* ]] ; then
+	# Upstream don't make releases very often. Test snapshots throughly
+	# and review commits, but don't shy away if there's useful stuff there
+	# we want.
+	MY_COMMIT=""
+	SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz"
+
+	S="${WORKDIR}"/${PN}-${MY_COMMIT}
+else
+	SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz"
+fi
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
+# Tests restricted b/c of permissions
+RESTRICT="!test? ( test ) test"
+
+BDEPEND="
+	acct-user/polkitd
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/docbook-xsl-stylesheets
+	dev-libs/glib
+	dev-libs/gobject-introspection-common
+	dev-libs/libxslt
+	dev-util/glib-utils
+	sys-devel/gettext
+	virtual/pkgconfig
+	introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
+	test? (
+		$(python_gen_any_dep '
+			dev-python/dbus-python[${PYTHON_USEDEP}]
+			dev-python/python-dbusmock[${PYTHON_USEDEP}]
+		')
+	)
+"
+DEPEND="
+	>=dev-libs/glib-2.32:2
+	dev-libs/expat
+	daemon? (
+		duktape? ( dev-lang/duktape:= )
+		!duktape? ( dev-lang/spidermonkey:115[-debug] )
+	)
+	pam? (
+		sys-auth/pambase
+		sys-libs/pam
+	)
+	!pam? ( virtual/libcrypt:= )
+	systemd? ( sys-apps/systemd:0=[policykit] )
+	!systemd? ( sys-auth/elogind )
+"
+RDEPEND="
+	${DEPEND}
+	acct-user/polkitd
+	selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+	gtk? ( || (
+		>=gnome-extra/polkit-gnome-0.105
+		>=lxde-base/lxsession-0.5.2
+	) )
+	kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING.md NEWS.md README.md )
+
+QA_MULTILIB_PATHS="
+	usr/lib/polkit-1/polkit-agent-helper-1
+	usr/lib/polkit-1/polkitd
+"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-musl.patch
+	# fix incorrect feature detection
+	"${FILESDIR}"/8cf58abef12e61f369af3f583af349b0e086ba27.patch
+)
+
+python_check_deps() {
+	python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
+	python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	# bug #401513
+	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
+}
+
+src_configure() {
+	xdg_environment_reset
+
+	local emesonargs=(
+		--localstatedir="${EPREFIX}"/var
+		-Dauthfw="$(usex pam pam shadow)"
+		-Dexamples=false
+		-Dgtk_doc=false
+		-Dman=true
+		-Dos_type=gentoo
+		-Djs_engine=$(usex duktape duktape mozjs)
+		-Dpam_module_dir=$(getpam_mod_dir)
+		-Dsession_tracking="$(usex systemd logind elogind)"
+		-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+		$(meson_use !daemon libs-only)
+		$(meson_use introspection)
+		$(meson_use test tests)
+	)
+	meson_src_configure
+}
+
+src_compile() {
+	meson_src_compile
+
+	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
+	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+	meson_src_install
+
+	# acct-user/polkitd installs its own (albeit with a different filename)
+	rm -rf "${ED}"/usr/lib/sysusers.d || die
+
+	if use examples ; then
+		docinto examples
+		dodoc src/examples/{*.c,*.policy*}
+	fi
+
+	if use daemon; then
+		if [[ ${EUID} == 0 ]]; then
+			diropts -m 0700 -o polkitd
+		fi
+		keepdir /etc/polkit-1/rules.d
+	fi
+}
+
+pkg_postinst() {
+	tmpfiles_process polkit-tmpfiles.conf
+
+	if use daemon && [[ ${EUID} == 0 ]]; then
+		chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+		chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+	fi
+}