Commit 10387fdf authored by Michael Biebl's avatar Michael Biebl

Imported Upstream version 0.94

parent dcff7610
David Zeuthen <davidz@redhat.com>
This diff is collapsed.
This diff is collapsed.
......@@ -64,7 +64,7 @@ tracker reference if applicable) and so forth. Be concise but not too brief.
- Always add a brief description of the commit to the _first_ line of
the commit and terminate by two newlines (it will work without the
second newline, but that is not nice for the interfaces).
second newline, but that is not nice for the interfaces).
- First line (the brief description) must only be one sentence and
must not start with a capital letter. Don't use a trailing period
......@@ -80,8 +80,7 @@ tracker reference if applicable) and so forth. Be concise but not too brief.
Coding Style
===
- Please follow the coding style already used - it's not a must, but it's
nice to have consistency.
- Please follow the coding style already used.
- Write docs for all functions and structs and so on. We use gtkdoc format.
......
......@@ -2,15 +2,15 @@ Installation Instructions
*************************
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
2006, 2007 Free Software Foundation, Inc.
2006, 2007, 2008, 2009 Free Software Foundation, Inc.
This file is free documentation; the Free Software Foundation gives
This file is free documentation; the Free Software Foundation gives
unlimited permission to copy, distribute and modify it.
Basic Installation
==================
Briefly, the shell commands `./configure; make; make install' should
Briefly, the shell commands `./configure; make; make install' should
configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
instructions specific to this package.
......@@ -73,9 +73,9 @@ The simplest way to compile this package is:
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that the
`configure' script does not know about. Run `./configure --help' for
details on some of the pertinent environment variables.
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. Run `./configure --help'
for details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
......@@ -88,7 +88,7 @@ is an example:
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
......@@ -100,10 +100,24 @@ architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before
reconfiguring for another architecture.
On MacOS X 10.5 and later systems, you can create libraries and
executables that work on multiple system types--known as "fat" or
"universal" binaries--by specifying multiple `-arch' options to the
compiler but only a single `-arch' option to the preprocessor. Like
this:
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CPP="gcc -E" CXXCPP="g++ -E"
This is not guaranteed to produce working output in all cases, you
may have to build one architecture at a time and combine the results
using the `lipo' tool if you have problems.
Installation Names
==================
By default, `make install' installs the package's commands under
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
`configure' the option `--prefix=PREFIX'.
......@@ -126,7 +140,7 @@ option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Optional Features
=================
Some packages pay attention to `--enable-FEATURE' options to
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
......@@ -138,14 +152,46 @@ find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Particular systems
==================
On HP-UX, the default C compiler is not ANSI C compatible. If GNU
CC is not installed, it is recommended to use the following options in
order to use an ANSI C compiler:
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
a workaround. If GNU CC is not installed, it is therefore recommended
to try
./configure CC="cc"
and if that doesn't work, try
./configure CC="cc -nodtk"
On Solaris, don't put `/usr/ucb' early in your `PATH'. This
directory contains several dysfunctional programs; working variants of
these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
in your `PATH', put it _after_ `/usr/bin'.
On Haiku, software installed for all users goes in `/boot/common',
not `/usr/local'. It is recommended to use the following options:
./configure --prefix=/boot/common
Specifying the System Type
==========================
There may be some features `configure' cannot figure out automatically,
but needs to determine by the type of machine the package will run on.
Usually, assuming the package is built to be run on the _same_
architectures, `configure' can figure that out, but if it prints a
message saying it cannot guess the machine type, give it the
There may be some features `configure' cannot figure out
automatically, but needs to determine by the type of machine the package
will run on. Usually, assuming the package is built to be run on the
_same_ architectures, `configure' can figure that out, but if it prints
a message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
......@@ -153,7 +199,8 @@ type, such as `sun4', or a canonical name which has the form:
where SYSTEM can have one of these forms:
OS KERNEL-OS
OS
KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
......@@ -171,9 +218,9 @@ eventually be run) with `--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share, you
can create a site shell script called `config.site' that gives default
values for variables like `CC', `cache_file', and `prefix'.
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
......@@ -182,7 +229,7 @@ A warning: not all `configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
......@@ -201,11 +248,19 @@ an Autoconf bug. Until the bug is fixed you can use this workaround:
`configure' Invocation
======================
`configure' recognizes the following options to control how it operates.
`configure' recognizes the following options to control how it
operates.
`--help'
`-h'
Print a summary of the options to `configure', and exit.
Print a summary of all of the options to `configure', and exit.
`--help=short'
`--help=recursive'
Print a summary of the options unique to this package's
`configure', and exit. The `short' variant lists options used
only in the top level, while the `recursive' variant lists options
also present in any nested packages.
`--version'
`-V'
......@@ -232,6 +287,16 @@ an Autoconf bug. Until the bug is fixed you can use this workaround:
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`--prefix=DIR'
Use DIR as the installation prefix. *Note Installation Names::
for more details, including other options available for fine-tuning
the installation locations.
`--no-create'
`-n'
Run the configure checks, but stop before creating any output
files.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.
## Process this file with automake to produce Makefile.in
SUBDIRS = data src polkitd doc tools policy po test
SUBDIRS = actions data src docs po
# Creating ChangeLog from git log (taken from cairo/Makefile.am):
ChangeLog: $(srcdir)/ChangeLog
$(srcdir)/ChangeLog:
@if test -d "$(srcdir)/.git"; then \
(cd "$(srcdir)" && \
./missing --run git-log --stat) | fmt --split-only > $@.tmp \
&& mv -f $@.tmp $@ \
|| ($(RM) $@.tmp; \
echo Failed to generate ChangeLog, your ChangeLog may be outdated >&2; \
(test -f $@ || echo git-log is required to generate this file >> $@)); \
else \
test -f $@ || \
(echo A git checkout and git-log is required to generate ChangeLog >&2 && \
echo A git checkout and git-log is required to generate this file >> $@); \
fi
if POLKIT_GCOV_ENABLED
.PHONY: ChangeLog $(srcdir)/ChangeLog coverage-report.txt
coverage-report.txt :
make -C src/kit coverage-report.txt
make -C src/polkit coverage-report.txt
make -C src/polkit-dbus coverage-report.txt
make -C src/polkit-grant coverage-report.txt
$(top_srcdir)/test/create-coverage-report.sh "PolicyKit" `cat src/kit/covered-files.txt src/polkit/covered-files.txt src/polkit-dbus/covered-files.txt src/polkit-grant/covered-files.txt` > coverage-report.txt
check-coverage: coverage-report.txt
cat coverage-report.txt
else
.PHONY: ChangeLog $(srcdir)/ChangeLog
coverage-report.txt:
@echo "Need to reconfigure with --enable-gcov"
check-coverage:
@echo "Need to reconfigure with --enable-gcov"
endif
if POLKIT_BUILD_TESTS
install:
@echo "Cowardly refusing to install with --enable-tests."
@exit 1
endif
NULL =
EXTRA_DIST = \
HACKING \
mkinstalldirs \
ChangeLog \
intltool-extract.in \
intltool-merge.in \
intltool-update.in
DISTCLEANFILES = \
intltool-extract \
intltool-merge \
intltool-update
$(NULL)
# xsltproc barfs on 'make distcheck'; disable for now
DISTCHECK_CONFIGURE_FLAGS=--disable-man-pages --disable-gtk-doc
......
This diff is collapsed.
This diff is collapsed.
PolicyKit is an authorization framework. It is typically used by
privileged user space daemons to control access.
See also the file HACKING for notes of interest to developers working
on PolicyKit.
See http://www.freedesktop.org/wiki/Software/PolicyKit for lots of
documentation, mailing lists, etc.
-------------------------------------------------------
Rationale for permissions/modes for the default backend
-------------------------------------------------------
0770 root:polkituser /var/run/PolicyKit
0770 root:polkituser /var/lib/PolicyKit
We store authorizations for each user here. Since we don't want users
to know what authorizations other users has, no one can read these
files. However, when checking authorizations we need to be able to
read from here; we use this helper
2755 root:polkituser /usr/libexec/polkit-read-auth-helper
which can read from here since it's setgid 'polkituser'. This helper
will refuse to return authorizations for other users than the calling
user except if the calling user is authorized for org.fd.pk.read.
We also want to be able to grant authorizations through authentication.
That happens with this helper
2755 root:polkituser /usr/libexec/polkit-grant-helper
This program is setgid 'polkituser' so it can write files in
/var/{run,lib}/PolicyKit. Note that these files are created with mode
464.
To do the actual authentication check when granting authorizations
through authentication, polkit-grant-helper uses another helper
4754 root:polkituser /usr/libexec/polkit-grant-helper-pam
This one is setuid root because checking authentications might need
require that (you may be checking the root password). The reason
polkit-grant-helper-pam is is owned by group 'polkituser' is to ensure
that random users can't execute it; only setgid 'polkituser' programs
can do this. Which polkit-grant-helper is.
On to
2755 root:polkituser /libexec/polkit-revoke-helper
This one is used to revoke authorizations. It will only allow uid 0 and
users with the org.fd.pk.revoke authorization to do so. It needs to be
setgid polkituser to be able to modify authorization files
in /var/{run,lib}/PolicyKit.
2755 root:polkituser /usr/libexec/polkit-explicit-grant-helper
Same story as for polkit-revoke-helper only this grants authorizations.
Only allowed for uid 0 and users with the org.fd.pk.grant authorization.
On to
0755 polkituser:root /var/lib/PolicyKit-public
This is where we store modifications to the defaults. Anyone should be
able to read these files. They are created with mode 644. These files
are written / modified by this helper
4755 polkituser:root /usr/libexec/polkit-set-default-helper
which is setuid polkituser to be able to write/modify files.
On to
4755 root:root /usr/libexec/polkit-resolve-exe-helper
This is used to find the executable name for a process. On Linux this is
the /proc/<pid>/exe symlink and you can only do this for processes you
own. This helper finds the executable name for processes not owned by
you but only if you have the org.fd.pk.read authorization. This is
important to let e.g. user 'haldaemon' check authorizations for a user
requesting service.
0664 polkituser:polkituser /var/lib/misc/PolicyKit.reload
This file is used by libpolkit to detect when something has changed
(authorizations granted/revoked, defaults changed etc.). It is
writable by both user 'polkituser' and group 'polkituser' because we
have helpers running with both euid 'polkituser' and egid 'polkituser'
that wants to trigger a reload.
dnl GTK_DOC_CHECK borrowed from cairo, thanks!
dnl Usage:
dnl GTK_DOC_CHECK([minimum-gtk-doc-version])
AC_DEFUN([GTK_DOC_CHECK],
[
AC_BEFORE([AC_PROG_LIBTOOL],[$0])dnl setup libtool first
AC_BEFORE([AM_PROG_LIBTOOL],[$0])dnl setup libtool first
dnl for overriding the documentation installation directory
AC_ARG_WITH(html-dir,
AC_HELP_STRING([--with-html-dir=PATH], [path to installed docs]),,
[with_html_dir='${datadir}/gtk-doc/html'])
HTML_DIR="$with_html_dir"
AC_SUBST(HTML_DIR)
dnl enable/disable documentation building
AC_ARG_ENABLE(gtk-doc,
AC_HELP_STRING([--enable-gtk-doc],
[use gtk-doc to build documentation [default=yes]]),,
enable_gtk_doc=yes)
have_gtk_doc=no
if test x$enable_gtk_doc = xyes; then
if test -z "$PKG_CONFIG"; then
AC_PATH_PROG(PKG_CONFIG, pkg-config, no)
fi
if test "$PKG_CONFIG" != "no" && $PKG_CONFIG --exists gtk-doc; then
have_gtk_doc=yes
fi
dnl do we want to do a version check?
ifelse([$1],[],,
[gtk_doc_min_version=$1
if test "$have_gtk_doc" = yes; then
AC_MSG_CHECKING([gtk-doc version >= $gtk_doc_min_version])
if $PKG_CONFIG --atleast-version $gtk_doc_min_version gtk-doc; then
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
have_gtk_doc=no
fi
fi
])
if test "$have_gtk_doc" != yes; then
enable_gtk_doc=no
fi
fi
AM_CONDITIONAL(ENABLE_GTK_DOC, test x$enable_gtk_doc = xyes)
AM_CONDITIONAL(GTK_DOC_USE_LIBTOOL, test -n "$LIBTOOL")
])
This diff is collapsed.
polkit_policydir = $(datadir)/PolicyKit/policy
polkit_actiondir = $(datadir)/polkit-1/actions
dist_polkit_policy_DATA = org.freedesktop.policykit.policy
dist_polkit_action_DATA = org.freedesktop.policykit.policy
@INTLTOOL_POLICY_RULE@
check:
$(top_builddir)/tools/polkit-policy-file-validate $(top_srcdir)/policy/$(dist_polkit_policy_DATA)
#check:
# $(top_builddir)/tools/polkit-policy-file-validate-1 $(top_srcdir)/policy/$(dist_polkit_action_DATA)
clean-local :
rm -f *~
......
This diff is collapsed.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
<vendor>The PolicyKit Project</vendor>
<vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>
<action id="org.freedesktop.policykit.read">
<description>Read authorizations of other users</description>
<description xml:lang="da">Læs andre brugers autoriseringer</description>
<message>Authentication is required to read authorizations of other users</message>
<message xml:lang="da">Autorisering er påkrævet for at læse andre brugers autoriseringer</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep_always</allow_active>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.policykit.revoke">
<description>Revoke authorizations from other users</description>
<description xml:lang="da">Fjern autorisering fra en anden bruger</description>
<message>Authentication is required to revoke authorizations other users</message>
<message xml:lang="da">Autorisering er påkrævet for at fjerne en autosering fra en anden bruger</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep_always</allow_active>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.policykit.grant">
<description>Grant authorizations to other users</description>
<description xml:lang="da">Autoriser en anden bruger</description>
<message>Authentication is required to grant authorizations to other users</message>
<message xml:lang="da">Autorisering er påkrævet for at autorisere andre brugere</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep_always</allow_active>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.policykit.modify-defaults">
<description>Modify defaults for implicit authorizations</description>
<description xml:lang="da">Konfigurer implicit autorisering</description>
<message>Authentication is required to modify the defaults for implicit authorizations</message>
<message xml:lang="da">Autorisering er påkrævet for ændre implicit autorisering</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep_always</allow_active>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.policykit.exec">
<description>Run programs as another user</description>
<description xml:lang="da">Kør et program som en anden bruger</description>
<message>Authentication is required to run a program as another user</message>