From: Markus Volk <f_l_k@t-online.de>
Date: Wed, 14 Aug 2024 08:29:25 +0000 (+0200)
Subject: systemd: dont set polkit permissions manually
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d27961962d2c8456d9a90148943d4282494146c2;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

systemd: dont set polkit permissions manually

According to this commit polkit rules should go to ${datadir} instead of ${sysconfdir}:
https://git.openembedded.org/meta-openembedded/commit/?h=master-next&id=d5e90541f8e35916abc930b2da6de037b23d51a1
Theres no need to adjust the permissions for ${datadir} anymore:
https://git.openembedded.org/meta-openembedded/commit/?h=master-next&id=6da0fd21c900e32a0693a6b27d38182f19c8c76c

Dont set polkit permissions manually. This allows to drop the manually
set polkit permissions for all files in meta-openembedded and also for
libvirt in meta-virtualization.

In addition, manually setting the permissions would not be needed for
new recipes anymore.

Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-core/systemd/systemd_256.5.bb b/meta/recipes-core/systemd/systemd_256.5.bb
index 1485614c713..1d456707801 100644
--- a/meta/recipes-core/systemd/systemd_256.5.bb
+++ b/meta/recipes-core/systemd/systemd_256.5.bb
@@ -368,14 +368,6 @@ do_install() {
 		rm -r ${D}${sysconfdir}/X11
 	fi
 
-	# If polkit is setup fixup permissions and ownership
-	if ${@bb.utils.contains('PACKAGECONFIG', 'polkit', 'true', 'false', d)}; then
-		if [ -d ${D}${datadir}/polkit-1/rules.d ]; then
-			chmod 700 ${D}${datadir}/polkit-1/rules.d
-			chown polkitd:root ${D}${datadir}/polkit-1/rules.d
-		fi
-	fi
-
 	# If polkit is not available and a fallback was requested, install a drop-in that allows networkd to
 	# request hostname changes via DBUS without elevating its privileges
 	if ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'true', 'false', d)}; then
@@ -471,7 +463,7 @@ GROUPADD_PARAM:udev = "-r render"
 GROUPADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}"
 USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}"
 USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}"
-USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;', '', d)}"
+USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${datadir}/polkit-1 polkitd;', '', d)}"
 USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '--system -d / -M --shell /sbin/nologin systemd-resolve;', '', d)}"
 USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'timesyncd', '--system -d / -M --shell /sbin/nologin systemd-timesync;', '', d)}"
 USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'oomd', '--system -d / -M --shell /sbin/nologin systemd-oom;', '', d)}"