Context Navigation

polkit.xml@ a16884c0

Visit:

12.1 12.2 gimp3 ken/TL2024 ken/tuningfonts lazarus plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/for-12.3 xry111/llvm18 xry111/spidermonkey128

Last change on this file since a16884c0 was a16884c0, checked in by Xi Ruoyao <xry111@…>, 12 months ago

polkit: Replace "JS102" with a <xref> to spidermonkey

Fix stale package name and version number.

Property mode set to 100644

File size: 15.5 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY polkit-download-http "https://gitlab.freedesktop.org/polkit/polkit/-/archive/&polkit-version;/polkit-&polkit-version;.tar.gz">
8	<!ENTITY polkit-download-ftp " ">
9	<!ENTITY polkit-md5sum "36540b837c588e1e77145523bb39f511">
10	<!ENTITY polkit-size "736 KB">
11	<!ENTITY polkit-buildsize "6.8 MB (with tests)">
12	<!ENTITY polkit-time "0.3 SBU (with tests, using parallelism=4)">
13	]>
14
15	<sect1 id="polkit" xreflabel="Polkit-&polkit-version;">
16	<?dbhtml filename="polkit.html"?>
17
18
19	<title>Polkit-&polkit-version;</title>
20
21	<indexterm zone="polkit">
22	<primary sortas="a-Polkit">Polkit</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to Polkit</title>
27
28	<para>
29	<application>Polkit</application> is a toolkit for defining and handling
30	authorizations. It is used for allowing unprivileged processes to
31	communicate with privileged processes.
32	</para>
33
34	&lfs120_checked;
35
36	<bridgehead renderas="sect3">Package Information</bridgehead>
37	<itemizedlist spacing="compact">
38	<listitem>
39	<para>
40	Download (HTTP): <ulink url="&polkit-download-http;"/>
41	</para>
42	</listitem>
43	<listitem>
44	<para>
45	Download (FTP): <ulink url="&polkit-download-ftp;"/>
46	</para>
47	</listitem>
48	<listitem>
49	<para>
50	Download MD5 sum: &polkit-md5sum;
51	</para>
52	</listitem>
53	<listitem>
54	<para>
55	Download size: &polkit-size;
56	</para>
57	</listitem>
58	<listitem>
59	<para>
60	Estimated disk space required: &polkit-buildsize;
61	</para>
62	</listitem>
63	<listitem>
64	<para>
65	Estimated build time: &polkit-time;
66	</para>
67	</listitem>
68	</itemizedlist>
69
70	<!--
71	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
72	<itemizedlist spacing="compact">
73	<listitem>
74	<para>
75	Required patch:
76	<ulink url="&patch-root;/polkit-&polkit-version;-security_fixes-1.patch"/>
77	</para>
78	</listitem>
79	<listitem>
80	<para>
81	Required patch:
82	<ulink url="&patch-root;/polkit-&polkit-version;-js91-1.patch"/>
83	</para>
84	</listitem>
85	</itemizedlist>
86	-->
87
88	<bridgehead renderas="sect3">Polkit Dependencies</bridgehead>
89
90	<bridgehead renderas="sect4">Required</bridgehead>
91	<para role="required">
92	<xref linkend="glib2"/>
93	</para>
94
95	<bridgehead renderas="sect4">Recommended</bridgehead>
96	<para role="recommended">
97	<!-- For jhalfs just make it required to avoid over-complexity. -->
98	<xref role="required" linkend="duktape"/>,
99	<xref linkend="gobject-introspection"/>,
100	<xref linkend="libxslt"/>,<phrase revision="systemd"> and</phrase>
101	<xref linkend="linux-pam"/><phrase revision="sysv">, and
102	<xref linkend="elogind"/>
103	</phrase>
104	</para>
105
106	<note>
107	<para>
108	Since <phrase revision="sysv"><command>elogind</command></phrase>
109	<phrase revision="systemd"><command>systemd-logind</command></phrase>
110	uses PAM to register user sessions, it is a good idea to build
111	<application>Polkit</application> with PAM support so
112	<phrase revision="sysv"><command>elogind</command></phrase>
113	<phrase revision="systemd"><command>systemd-logind</command></phrase>
114	can track <application>Polkit</application> sessions.
115	</para>
116	</note>
117
118
119	<!-- Due to the fact that meson will not autodetect g-i and
120	has it set to required unless you pass an option, and the likelihood
121	of users ignoring a command explanation and then sending in mails
122	regarding KDE or GNOME not working after installing polkit, let's move
123	it to recommended. See #15640 for logic
124	<bridgehead renderas="sect4">Optional (Required if building GNOME)</bridgehead>
125	<para role="optional">
126	<xref linkend="gobject-introspection"/>
127	</para>
128	-->
129
130	<bridgehead renderas="sect4">Optional</bridgehead>
131	<para role="optional">
132	<xref linkend="gtk-doc"/>,
133	<xref linkend="python-dbusmock"/>, and
134	<xref linkend="spidermonkey"/> (can be used in place of duktape)
135	</para>
136
137	<bridgehead renderas="sect4" revision="systemd">Required Runtime Dependencies</bridgehead>
138	<para role="required" revision="systemd">
139	<xref role="runtime" linkend="systemd"/>
140	</para>
141
142	<bridgehead renderas="sect4" id="polkit-agent" xreflabel="Polkit Authentication Agent">
143	Optional Runtime Dependencies
144	</bridgehead>
145	<para role="optional">
146	One polkit authentication agent for using polkit in the graphical
147	environment:
148	<application>polkit-kde-agent</application> in
149	<xref role="runtime" linkend="plasma5-build"/> for KDE,
150	the agent built in
151	<xref role="runtime" linkend="gnome-shell"/> for GNOME3, and
152	<xref role="runtime" linkend="polkit-gnome"/> for XFCE
153	<!--<application>lxpolkit</application> in
154	<xref role="runtime" linkend="lxsession"/> for LXDE-->
155	</para>
156
157	<note>
158	<para>
159	If <xref linkend="libxslt"/> is installed,
160	then <xref linkend="DocBook"/> and <xref linkend="docbook-xsl"/> are
161	required. If you have installed <xref linkend="libxslt"/>, but you do
162	not want to install any of the DocBook packages mentioned, you will
163	need to use <option>-Dman=false</option> in the instructions
164	below.
165	</para>
166	</note>
167
168	</sect2>
169
170	<sect2 role="installation">
171	<title>Installation of Polkit</title>
172
173	<para>
174	There should be a dedicated user and group to take control
175	of the <command>polkitd</command> daemon after it is
176	started. Issue the following commands as the
177	<systemitem class="username">root</systemitem> user:
178	</para>
179
180	<screen role="root"><userinput>groupadd -fg 27 polkitd &&
181	useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \
182	-g polkitd -s /bin/false polkitd</userinput></screen>
183
184	<para>
185	If using <xref linkend="spidermonkey"/>, make the following change
186	(see Command Explanations below for more information):
187	</para>
188
189	<screen><userinput remap="nodump">sed -e '/mozjs/s/102/115/' -i meson.build &&
190	sed -e 's/JS_Init/JS::DisableJitBackend(); &/' \
191	-i src/polkitbackend/polkitbackendjsauthority.cpp</userinput></screen>
192
193	<!--
194	<para>
195	Apply a patch to fix two security issues:
196	</para>
197
198	<screen><userinput remap="pre">patch -Np1 -i ../polkit-&polkit-version;-security_fixes-1.patch</userinput></screen>
199
200	<para>
201	Port this package to use JS-91:
202	</para>
203
204	<screen><userinput remap="pre">patch -Np1 -i ../polkit-&polkit-version;-js91-1.patch</userinput></screen>
205	-->
206
207	<para>
208	Install <application>Polkit</application> by running the following
209	commands:
210	</para>
211
212	<screen revision="systemd"><userinput>mkdir build &&
213	cd build &&
214
215	meson setup .. \
216	--prefix=/usr \
217	--buildtype=release \
218	-Dman=true \
219	-Dsession_tracking=libsystemd-login \
220	-Dtests=true &&
221	ninja</userinput></screen>
222
223	<screen revision="sysv"><userinput>mkdir build &&
224	cd build &&
225
226	meson setup .. \
227	--prefix=/usr \
228	--buildtype=release \
229	-Dman=true \
230	-Dsession_tracking=libelogind \
231	-Dtests=true &&
232	ninja</userinput></screen>
233
234	<para>
235	To test the results, first ensure that the system
236	<application>D-Bus</application> daemon is running,
237	and both <xref linkend='dbus-python'/> and
238	<xref linkend='python-dbusmock'/> are installed.
239	Then run <command>ninja test</command>.
240	</para>
241
242	<para>
243	Now, as the <systemitem class="username">root</systemitem> user:
244	</para>
245
246	<screen role="root"><userinput>ninja install</userinput></screen>
247
248	</sect2>
249
250	<sect2 role="commands">
251	<title>Command Explanations</title>
252
253	<para>
254	<command>sed -e '/mozjs/s/102/115/' meson.build</command>:
255	Allow building this package with SpiderMonkey from Firefox 115 ESR
256	releases.
257	</para>
258
259	<para>
260	<command>sed -e 's/JS_Init/JS::DisableJitBackend(); &/' ...
261	</command>: The JIT compiling of <xref linkend='spidermonkey'/>
262	needs W+X mapping which
263	is dangerous and is not permitted by the
264	<application>systemd</application> unit file shipped within the polkit
265	package. This command is not strictly needed on systems based on
266	sysvinit but it still improves security. It has no effect if building
267	polkit with the recommended <xref linkend='duktape'/> Javascript
268	engine.
269	</para>
270
271	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
272	href="../../xincludes/meson-buildtype-release.xml"/>
273
274	<para>
275	<parameter>-Dtests=true</parameter>: This switch allows to run the
276	test suite of this package. As <application>Polkit</application> is
277	used for authorizations, its integrity can affect system security.
278	So it's recommended to run the test suite building this package.
279	</para>
280
281	<para>
282	<option>-Djs_engine=mozjs</option>: This switch allows using the
283	<xref linkend="spidermonkey"/> JavaScript engine instead of the
284	<xref linkend='duktape'/> JavaScript engine.
285	</para>
286
287	<!--
288	<para revision="sysv">
289	<parameter>- -disable-libsystemd-login</parameter>: This switch forces
290	polkit to build with elogind support (if available) rather than
291	systemd-logind.
292	</para>
293
294
295	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
296	href="../../xincludes/static-libraries.xml"/>
297	-->
298
299	<para>
300	<option>-Dos_type=lfs</option>: Use this switch if you did not create
301	the <filename>/etc/lfs-release</filename> file or distribution auto
302	detection will fail and you will be unable to use
303	<application>Polkit</application>.
304	</para>
305
306	<para>
307	<option>-Dauthfw=shadow</option>: This switch enables the
308	package to use the <application>Shadow</application> rather than the
309	<application>Linux PAM</application> Authentication framework. Use it
310	if you have not installed <application>Linux PAM</application>.
311	</para>
312
313	<!--
314	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
315	href="../../xincludes/gtk-doc-rebuild.xml"/>
316	-->
317
318	<para>
319	<option>-Dintrospection=false</option>: Use this option if you are certain
320	that you do not need gobject-introspection files for polkit, or do not have
321	gobject-introspection installed.
322	</para>
323
324	<para>
325	<option>-Dman=false</option>: Use this option to disable generating and
326	installing manual pages. This is useful if libxslt is not installed.
327	</para>
328
329	<para>
330	<option>-Dexamples=true</option>: Use this option to build the example
331	programs.
332	</para>
333
334	<para>
335	<option>-Dgtk_doc=true</option>: Use this option to enable building and
336	installing the API documentation.
337	</para>
338
339	</sect2>
340
341	<sect2 role="content">
342	<title>Contents</title>
343
344	<segmentedlist>
345	<segtitle>Installed Programs</segtitle>
346	<segtitle>Installed Libraries</segtitle>
347	<segtitle>Installed Directories</segtitle>
348
349	<seglistitem>
350	<seg>
351	pkaction, pkcheck, <!--pk-example-frobnicate,--> pkexec,
352	pkttyagent, and polkitd
353	</seg>
354	<seg>
355	libpolkit-agent-1.so and
356	libpolkit-gobject-1.so
357	</seg>
358	<seg>
359	/etc/polkit-1,
360	/usr/include/polkit-1,
361	/usr/lib/polkit-1,
362	/usr/share/gtk-doc/html/polkit-1, and
363	/usr/share/polkit-1
364	</seg>
365	</seglistitem>
366	</segmentedlist>
367
368	<variablelist>
369	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
370	<?dbfo list-presentation="list"?>
371	<?dbhtml list-presentation="table"?>
372
373	<varlistentry id="pkaction">
374	<term><command>pkaction</command></term>
375	<listitem>
376	<para>
377	is used to obtain information about registered PolicyKit actions
378	</para>
379	<indexterm zone="polkit pkaction">
380	<primary sortas="b-pkaction">pkaction</primary>
381	</indexterm>
382	</listitem>
383	</varlistentry>
384
385	<varlistentry id="pkcheck">
386	<term><command>pkcheck</command></term>
387	<listitem>
388	<para>
389	is used to check whether a process is authorized for action
390	</para>
391	<indexterm zone="polkit pkcheck">
392	<primary sortas="b-pkcheck">pkcheck</primary>
393	</indexterm>
394	</listitem>
395	</varlistentry>
396
397	<!--
398	<varlistentry id="pk-example-frobnicate">
399	<term><command>pk-example-frobnicate</command></term>
400	<listitem>
401	<para>
402	is an example program to test the <command>pkexec</command>
403	command
404	</para>
405	<indexterm zone="polkit pk-example-frobnicate">
406	<primary sortas="b-pk-example-frobnicate">pk-example-frobnicate</primary>
407	</indexterm>
408	</listitem>
409	</varlistentry>
410	-->
411
412	<varlistentry id="pkexec">
413	<term><command>pkexec</command></term>
414	<listitem>
415	<para>
416	allows an authorized user to execute a command as another user
417	</para>
418	<indexterm zone="polkit pkexec">
419	<primary sortas="b-pkexec">pkexec</primary>
420	</indexterm>
421	</listitem>
422	</varlistentry>
423
424	<varlistentry id="pkttyagent">
425	<term><command>pkttyagent</command></term>
426	<listitem>
427	<para>
428	is used to start a textual authentication agent for the subject
429	</para>
430	<indexterm zone="polkit pkttyagent">
431	<primary sortas="b-pkttyagent">pkttyagent</primary>
432	</indexterm>
433	</listitem>
434	</varlistentry>
435
436	<varlistentry id="polkitd">
437	<term><command>polkitd</command></term>
438	<listitem>
439	<para>
440	provides the org.freedesktop.PolicyKit1 <application>D-Bus</application>
441	service on the system message bus
442	</para>
443	<indexterm zone="polkit polkitd">
444	<primary sortas="b-polkitd">polkitd</primary>
445	</indexterm>
446	</listitem>
447	</varlistentry>
448
449	<varlistentry id="libpolkit-agent-1">
450	<term><filename class="libraryfile">libpolkit-agent-1.so</filename></term>
451	<listitem>
452	<para>
453	contains the <application>Polkit</application> authentication
454	agent API functions
455	</para>
456	<indexterm zone="polkit libpolkit-agent-1">
457	<primary sortas="c-libpolkit-agent-1">libpolkit-agent-1.so</primary>
458	</indexterm>
459	</listitem>
460	</varlistentry>
461
462	<varlistentry id="libpolkit-gobject-1">
463	<term><filename class="libraryfile">libpolkit-gobject-1.so</filename></term>
464	<listitem>
465	<para>
466	contains the <application>Polkit</application> authorization API functions
467	</para>
468	<indexterm zone="polkit libpolkit-gobject-1">
469	<primary sortas="c-libpolkit-gobject-1">libpolkit-gobject-1.so</primary>
470	</indexterm>
471	</listitem>
472	</varlistentry>
473
474	</variablelist>
475
476	</sect2>
477
478	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/polkit.xml@ a16884c0

Download in other formats: