8 files changed, 76 insertions, 73 deletions

diff --git a/source/l/polkit/05_revert-admin-identities-unix-group-wheel.patch b/source/l/polkit/05_revert-admin-identities-unix-group-wheel.patch
deleted file mode 100644
index 1562e69d..00000000
--- a/source/l/polkit/05_revert-admin-identities-unix-group-wheel.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 1892aeb9c13841335a4ac383e8a787a3c2728c45 Mon Sep 17 00:00:00 2001
-From: Michael Biebl <biebl@debian.org>
-Date: Fri, 9 Dec 2011 00:31:21 +0100
-Subject: [PATCH] Revert "Default to AdminIdentities=unix-group:wheel for
- local authority"
-
-This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9.
----
- docs/man/pklocalauthority.xml            |    4 ++--
- src/polkitbackend/50-localauthority.conf |    2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-Index: policykit/docs/man/pklocalauthority.xml
-===================================================================
---- policykit.orig/docs/man/pklocalauthority.xml	2012-01-06 10:34:01.830221577 +0100
-+++ policykit/docs/man/pklocalauthority.xml	2012-01-06 10:39:24.206237179 +0100
-@@ -385,10 +385,10 @@
-     </para>
-     <programlisting>
- [Configuration]
--AdminIdentities=unix-group:staff
-+AdminIdentities=unix-group:desktop_admin_r
-     </programlisting>
-     <para>
--      specifies that any user in the <literal>staff</literal> UNIX
-+      that any user in the <literal>desktop_admin_r</literal> UNIX
-       group can be used for authentication when administrator
-       authentication is needed. This file would typically be installed
-       in the <filename>/etc/polkit-1/localauthority.conf.d</filename>
-Index: policykit/src/polkitbackend/50-localauthority.conf
-===================================================================
---- policykit.orig/src/polkitbackend/50-localauthority.conf	2012-01-06 10:33:58.254221404 +0100
-+++ policykit/src/polkitbackend/50-localauthority.conf	2012-01-06 10:39:24.210237180 +0100
-@@ -7,4 +7,4 @@
- #
- 
- [Configuration]
--AdminIdentities=unix-group:wheel
-+AdminIdentities=unix-user:0
diff --git a/source/l/polkit/10-org.freedesktop.NetworkManager.pkla b/source/l/polkit/10-org.freedesktop.NetworkManager.pkla
deleted file mode 100644
index b2491602..00000000
--- a/source/l/polkit/10-org.freedesktop.NetworkManager.pkla
+++ /dev/null
@@ -1,6 +0,0 @@
-[nm-applet]
-Identity=unix-group:netdev
-Action=org.freedesktop.NetworkManager.*
-ResultAny=yes
-ResultInactive=no
-ResultActive=yes
diff --git a/source/l/polkit/10-org.freedesktop.NetworkManager.rules b/source/l/polkit/10-org.freedesktop.NetworkManager.rules
new file mode 100644
index 00000000..9d6557b3
--- /dev/null
+++ b/source/l/polkit/10-org.freedesktop.NetworkManager.rules
@@ -0,0 +1,7 @@
+polkit.addRule(function(action, subject) {
+  if (action.id.indexOf("org.freedesktop.NetworkManager.") == 0 && 
+      subject.isInGroup("netdev")) {
+      return polkit.Result.YES;
+  }
+});
+
diff --git a/source/l/polkit/20-plugdev-group-mount-override.pkla b/source/l/polkit/20-plugdev-group-mount-override.pkla
deleted file mode 100644
index 8149de67..00000000
--- a/source/l/polkit/20-plugdev-group-mount-override.pkla
+++ /dev/null
@@ -1,6 +0,0 @@
-[plugdev group mount override]
-Identity=unix-group:plugdev
-Action=org.freedesktop.udisks2.filesystem-*;org.freedesktop.udisks2.eject-*
-ResultAny=yes
-ResultInactive=yes
-ResultActive=yes
diff --git a/source/l/polkit/20-plugdev-group-mount-override.rules b/source/l/polkit/20-plugdev-group-mount-override.rules
new file mode 100644
index 00000000..c47a66cf
--- /dev/null
+++ b/source/l/polkit/20-plugdev-group-mount-override.rules
@@ -0,0 +1,16 @@
+/* http://udisks.freedesktop.org/docs/latest/udisks-polkit-actions.html */
+
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.freedesktop.udisks2.filesystem-mount" &&
+        subject.isInGroup("plugdev")) {
+        return polkit.Result.YES;
+    }
+});
+
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.freedesktop.udisks2.eject-media" &&
+        subject.isInGroup("plugdev")) {
+        return polkit.Result.YES;
+    }
+});
+
diff --git a/source/l/polkit/doinst.sh b/source/l/polkit/doinst.sh
index bce9ca90..887bb792 100644
--- a/source/l/polkit/doinst.sh
+++ b/source/l/polkit/doinst.sh
@@ -1,13 +1,30 @@
 config() {
   NEW="$1"
-  OLD="`dirname $NEW`/`basename $NEW .new`"
+  OLD="$(dirname $NEW)/$(basename $NEW .new)"
   # If there's no config file by that name, mv it over:
   if [ ! -r $OLD ]; then
     mv $NEW $OLD
-  elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
+  elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy
     rm $NEW
   fi
   # Otherwise, we leave the .new copy for the admin to consider...
 }
-config etc/polkit-1/localauthority/50-local.d/20-plugdev-group-mount-override.pkla.new
-config etc/polkit-1/localauthority/50-local.d/10-org.freedesktop.NetworkManager.pkla.new
+config etc/polkit-1/rules.d/20-plugdev-group-mount-override.rules.new
+config etc/polkit-1/rules.d/10-org.freedesktop.NetworkManager.rules.new
+
+# Make sure the polkitd user and group exist:
+if ! grep -q "^polkitd:" etc/passwd ; then
+  echo "polkitd:x:87:87:PolicyKit daemon owner:/var/lib/polkit:/bin/false" >> etc/passwd
+fi
+if ! grep -q "^polkitd:" etc/group ; then
+  echo "polkitd:x:87:" >> etc/group
+fi
+
+# Remove obsolete rules:
+rm -f etc/polkit-1/localauthority/50-local.d/*.pkla{,.new}
+rm -f etc/polkit-1/rules.d/*.pkla{,.new}
+
+# Remove obsolete directory:
+rmdir etc/polkit-1/localauthority/50-local.d 2> /dev/null
+rmdir etc/polkit-1/localauthority 2> /dev/null
+
diff --git a/source/l/polkit/dont-set-wheel-group-as-admin.diff b/source/l/polkit/dont-set-wheel-group-as-admin.diff
new file mode 100644
index 00000000..6a86ac28
--- /dev/null
+++ b/source/l/polkit/dont-set-wheel-group-as-admin.diff
@@ -0,0 +1,10 @@
+diff -Nur polkit-0.112.orig/src/polkitbackend/50-default.rules polkit-0.112/src/polkitbackend/50-default.rules
+--- polkit-0.112.orig/src/polkitbackend/50-default.rules	2013-04-29 12:28:57.000000000 -0500
++++ polkit-0.112/src/polkitbackend/50-default.rules	2015-01-01 23:32:40.154400050 -0600
+@@ -8,5 +8,5 @@
+ // about configuring polkit.
+ 
+ polkit.addAdminRule(function(action, subject) {
+-    return ["unix-group:wheel"];
++    return ["unix-user:root"];
+ });
diff --git a/source/l/polkit/polkit.SlackBuild b/source/l/polkit/polkit.SlackBuild
index 9784bdb5..0d89e18b 100755
--- a/source/l/polkit/polkit.SlackBuild
+++ b/source/l/polkit/polkit.SlackBuild
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright 2009, 2011  Robby Workman, Northport, Alabama, USA
+# Copyright 2009, 2011, 2015  Robby Workman, Northport, Alabama, USA
 # Copyright 2010  Eric Hameleers, Eindhoven, NL
 # Copyright 2009, 2010, 2011, 2012, 2013  Patrick J. Volkerding, Sebeka, MN, USA
 # All rights reserved.
@@ -24,13 +24,13 @@
 
 
 PKGNAM=polkit
-VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-4}
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-2}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
   case "$( uname -m )" in
-    i?86) export ARCH=i486 ;;
+    i?86) export ARCH=i586 ;;
     arm*) export ARCH=arm ;;
     # Unless $ARCH is already set, use uname -m for all other archs:
        *) export ARCH=$( uname -m ) ;;
@@ -43,8 +43,8 @@ CWD=$(pwd)
 TMP=${TMP:-/tmp}
 PKG=$TMP/package-$PKGNAM
 
-if [ "$ARCH" = "i486" ]; then
-  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+if [ "$ARCH" = "i586" ]; then
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
   LIBDIRSUFFIX=""
 elif [ "$ARCH" = "s390" ]; then
   SLKCFLAGS="-O2"
@@ -72,7 +72,14 @@ find . \
  \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
  -exec chmod 644 {} \;
 
-zcat $CWD/05_revert-admin-identities-unix-group-wheel.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/dont-set-wheel-group-as-admin.diff.gz | patch -p1 || exit 1
+
+# If we get here and don't have a polkitd user/group, add one.
+# Otherwise a few directories in the package will have wrong permissions.
+if ! grep -q "^polkitd:" /etc/passwd ; then
+  groupadd -fg 87 polkitd
+  useradd -c "PolicyKit daemon owner" -d /var/lib/polkit -u 87 -g polkitd -s /bin/false polkitd
+fi
 
 CFLAGS="$SLKCFLAGS" \
 CXXFLAGS="$SLKCFLAGS" \
@@ -86,28 +93,25 @@ CXXFLAGS="$SLKCFLAGS" \
   --enable-gtk-doc \
   --mandir=/usr/man \
   --disable-static \
+  --disable-examples \
   --enable-introspection \
+  --enable-libsystemd-login=no \
   --with-authfw=shadow \
   --enable-verbose-mode \
   --with-os-type=Slackware \
   --build=$ARCH-slackware-linux
 
-#NOTE: The directory /etc/polkit-1/localauthority must be owned
-#      by root and have mode 700
-#NOTE: The directory /var/lib/polkit-1 must be owned
-#      by root and have mode 700
-#NOTE: The file ${exec_prefix}/libexec/polkit-agent-helper-1 must be owned
-#      by root and have mode 4755 (setuid root binary)
-#NOTE: The file ${exec_prefix}/bin/pkexec must be owned by root and
-#      have mode 4755 (setuid root binary)
-
 # Build and install:
 make $NUMJOBS || make || exit 1
 make install DESTDIR=$PKG || exit 1
 
+# Create homedir for polkit.  This is mentioned in /etc/passwd, but isn't
+# actually used for anything later.  Perms don't matter.
+mkdir -p $PKG/var/lib/polkit
+
 # Add default policy files for udisks2 and NetworkManager events:
-cat $CWD/20-plugdev-group-mount-override.pkla > $PKG/etc/polkit-1/localauthority/50-local.d/20-plugdev-group-mount-override.pkla.new
-cat $CWD/10-org.freedesktop.NetworkManager.pkla > $PKG/etc/polkit-1/localauthority/50-local.d/10-org.freedesktop.NetworkManager.pkla.new
+cat $CWD/10-org.freedesktop.NetworkManager.rules > $PKG/etc/polkit-1/rules.d/10-org.freedesktop.NetworkManager.rules.new
+cat $CWD/20-plugdev-group-mount-override.rules > $PKG/etc/polkit-1/rules.d/20-plugdev-group-mount-override.rules.new
 
 # Strip binaries:
 find $PKG | xargs file | grep -e "executable" -e "shared object" \