# Contributor: Carlo Landmeter
# Contributor: Rasmus Thomsen <oss@cogitri.dev>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=polkit
pkgver=121
pkgrel=0
pkgdesc="Application development toolkit for controlling system-wide privileges"
url="https://www.freedesktop.org/wiki/Software/polkit/"
arch="all"
license="GPL-2.0-or-later"
options="suid !check"  # Needs a functioning dbus daemon
depends="$pkgname-common=$pkgver-r$pkgrel $pkgname-libs=$pkgver-r$pkgrel"
makedepends="
	bash
	dbus-glib-dev
	duktape-dev
	elogind-dev
	expat-dev
	glib-dev
	gobject-introspection-dev
	gtk-doc
	intltool
	linux-pam-dev
	meson
	"
pkgusers="polkitd"
pkggroups="polkitd"
install="$pkgname-common.pre-install $pkgname-common.pre-upgrade"
subpackages="
	$pkgname-dev
	$pkgname-libs
	$pkgname-doc
	$pkgname-lang
	$pkgname-openrc
	$pkgname-common
	$pkgname-elogind
	$pkgname-elogind-dev:_elogind_dev
	$pkgname-elogind-libs:_elogind_libs
	"
source="https://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz
	make-innetgr-optional.patch
	alpine-polkit.pam
	polkit.initd
	"
builddir="$srcdir/$pkgname-v.$pkgver"

# secfixes:
#   0.120-r2:
#     - CVE-2021-4034
#   0.119-r0:
#     - CVE-2021-3560

build() {
	msg 'Building without elogind'
	_build no-elogind -Dsession_tracking="ConsoleKit"

	msg 'Building with elogind'
	_build elogind -Dsession_tracking="libelogind"
}

_build() {
	local outdir="$1"
	shift
	abuild-meson \
		-Dtests="$(want_check && echo true || echo false)" \
		-Dman=true \
		-Dsystemdsystemunitdir=/trash \
		"$@" \
		. "$outdir"
	meson compile -C "$outdir"
}

check() {
	meson test -v --no-rebuild -C elogind
}

package() {
	provider_priority=100  # highest

	DESTDIR="$pkgdir" meson install --no-rebuild -C no-elogind
	DESTDIR="$builddir/elogind/dest" meson install --no-rebuild -C elogind

	cd "$pkgdir"

	# systemd files
	rm -rf ./trash

	# Use our own polkit rules, upstream may change them
	install -m644 "$srcdir"/alpine-polkit.pam etc/pam.d/polkit-1

	# See polkit's configure script which tells us what permissions to set
	chown -R polkitd:polkitd etc/polkit-1/rules.d usr/share/polkit-1/rules.d
	chmod -R 700 etc/polkit-1/rules.d usr/share/polkit-1/rules.d
	chmod 4755 usr/lib/polkit-1/polkit-agent-helper-1
	chmod 4755 usr/bin/pkexec

	install -Dm755 "$srcdir"/polkit.initd etc/init.d/polkit
}

libs() {
	provider_priority=100  # highest
	depends=""

	default_libs
}

dev() {
	default_dev

	# XXX: We have to disable tracedeps to avoid abuild adding both
	# polkit-libs and polkit-elogind-libs to depends - they are autodetected
	# via symlinks in /usr/lib.
	options="!tracedeps"
	# XXX: Since we disabled tracedeps, all depends and provides must be
	# specified. This sucks, but I don't know of a better solution (@jirutka).
	depends="$depends_dev
		$pkgname-common=$pkgver-r$pkgrel
		$pkgname-libs=$pkgver-r$pkgrel
		dbus-glib-dev
		pc:gio-2.0>=2.18
		pc:glib-2.0>=2.18
		pkgconfig
		"
	provides="pc:polkit-agent-1=$pkgver pc:polkit-gobject-1=$pkgver"
}

elogind() {
	pkgdesc="Polkit with elogind session tracking"
	depends="$pkgname-elogind-libs=$pkgver-r$pkgrel $pkgname-common=$pkgver-r$pkgrel"
	provides="$pkgname=$pkgver-r$pkgrel"
	provider_priority=10  # lowest
	replaces="$pkgname"  # for backward compatibility

	cd "$builddir"/elogind/dest

	mkdir -p "$subpkgdir"/usr/lib/polkit-1
	mv usr/lib/polkit-1/polkitd "$subpkgdir"/usr/lib/polkit-1/
}

_elogind_dev() {
	pkgdesc="Polkit with elogind session tracking (development files)"
	depends="$pkgname-dev=$pkgver-r$pkgrel $pkgname-elogind-libs=$pkgver-r$pkgrel"
	replaces="$pkgname-dev"

	cd "$builddir"/elogind/dest

	# *.gir files for the default and the elogind variant differ, the rest
	# is the same.
	mkdir -p "$subpkgdir"/usr/share
	mv usr/share/gir-1.0 "$subpkgdir"/usr/share/
}

_elogind_libs() {
	pkgdesc="Polkit with elogind session tracking (libraries)"
	depends=""
	provides="$pkgname-libs=$pkgver-r$pkgrel"
	provider_priority=10  # lowest
	replaces="$pkgname-libs $pkgname-elogind<=0.118"  # for backward compatibility

	cd "$builddir"/elogind/dest

	mkdir -p "$subpkgdir"/usr/lib
	mv usr/lib/lib*.so.* "$subpkgdir"/usr/lib/
}

common() {
	pkgdesc="Common files for polkit and polkit-elogind"
	depends=""
	replaces="$pkgname $pkgname-elogind"  # for backward compatibility

	# Move all that left to subpackage.
	amove etc/*
	amove usr/*

	# Move polkitd back to the base package (that's the only file from the
	# polkit package that differs between default and elogind variant).
	mkdir -p "$pkgdir"/usr/lib/polkit-1
	mv "$subpkgdir"/usr/lib/polkit-1/polkitd "$pkgdir"/usr/lib/polkit-1/
}

sha512sums="
f565027b80f32833c558900b612e089ab25027da5bf9a90c421a292467d4db9a291f6dc9850c4bca8f9ee890d476fd064a643a5f7e28497661ba1e31d4227624  polkit-121.tar.gz
95fd0e4d546929bfbdbfd3e169a9169fb16f9ce005d75dd420c15ce091bf8c871a44e6aaf24906c41f0eeb80d5b2a93ffd09202ddccea2c372df533ef2550112  make-innetgr-optional.patch
f5102dc00d390b3a3c957b62e1712db778c7ffb7378f3d8e816c0757c11a308c5d5303e42595b0d6add9839247c773880cd34e56afacc89eb6efaadf9aae7826  alpine-polkit.pam
f6e5ac0ed41feb392dfd104979ec577c5936f3db2bd252b12b7b9b2609a0901dae38bebec1ea65ccf4f427860b520383ae4d2c66fb74ab986c715f6b0ad50473  polkit.initd
"