Created attachment 757064 [details] build.log Expected Result: - When emerge sys-block/gparted-1.3.1::gentoo it should able to identify pkexec and build a gparted with policykit support and has policykit file org.gnome.gparted.policy installed. Actual Result: - During emerge it could not find pkexec and ignore all policykit stuff. Step to reproduce: - emerge -pv =sys-block/gparted-1.3.1::gentoo Additional information: 1. pkexec do exist on my system, and has correct version. RyzenDesktop ~ # which pkexec /usr/bin/pkexec RyzenDesktop ~ # pkexec --version pkexec version 0.120 2. When run ./configure directly instead of using portage to emerge gparted-1.3.1, it could detect pkexec correctly.
RyzenDesktop ~ # emerge --info Portage 3.0.28 (python 3.9.9-final-0, default/linux/amd64/17.1/desktop, gcc-11.2.0, glibc-2.34-r2, 5.15.5-gentoo-dist x86_64) ================================================================= System uname: Linux-5.15.5-gentoo-dist-x86_64-AMD_Ryzen_9_5900X_12-Core_Processor-with-glibc2.34 KiB Mem: 32847748 total, 27291012 free KiB Swap: 0 total, 0 free Timestamp of repository gentoo: Sun, 28 Nov 2021 04:30:01 +0000 Head commit of repository gentoo: da8d9fcdeabfe36f4b093db7c65d90e306799beb Timestamp of repository 4nykey: Thu, 25 Nov 2021 15:36:30 +0000 Head commit of repository 4nykey: 6091640dded5dfab2ad46c53b897eb7af31c5c91 Timestamp of repository gentoo-zh: Sat, 27 Nov 2021 22:07:31 +0000 Head commit of repository gentoo-zh: 363129ba54861b5554373cb9527a4c60c283981f Timestamp of repository guru: Sat, 27 Nov 2021 22:07:34 +0000 Head commit of repository guru: bc0245354abfeb173c1a76d55329a8786edaac08 Timestamp of repository jorgicio: Thu, 25 Nov 2021 12:36:41 +0000 Head commit of repository jorgicio: f337d20afdf1ff277be551c428830caed68908cc Timestamp of repository steam-overlay: Tue, 09 Nov 2021 10:53:07 +0000 Head commit of repository steam-overlay: b21d724e69a176a398cae2db70172cb9dfede48a sh bash 5.1_p12 ld GNU ld (Gentoo 2.37_p1 p1) 2.37 app-shells/bash: 5.1_p12::gentoo dev-java/java-config: 2.3.1::gentoo dev-lang/perl: 5.34.0-r5::gentoo dev-lang/python: 3.9.9::gentoo, 3.10.0_p1::gentoo dev-lang/rust: 1.56.1::gentoo dev-util/cmake: 3.22.0::gentoo sys-apps/baselayout: 2.8::gentoo sys-apps/openrc: 0.44.8::gentoo sys-apps/sandbox: 2.29::gentoo sys-devel/autoconf: 2.13-r1::gentoo, 2.71-r1::gentoo sys-devel/automake: 1.16.5::gentoo sys-devel/binutils: 2.37_p1-r1::gentoo sys-devel/gcc: 11.2.0::gentoo sys-devel/gcc-config: 2.5-r1::gentoo sys-devel/libtool: 2.4.6-r6::gentoo sys-devel/make: 4.3::gentoo sys-kernel/linux-headers: 5.15::gentoo (virtual/os-headers) sys-libs/glibc: 2.34-r2::gentoo Repositories: gentoo location: /var/db/repos/gentoo sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 sync-rsync-verify-jobs: 1 sync-rsync-verify-max-age: 24 sync-rsync-extra-opts: sync-rsync-verify-metamanifest: yes 4nykey location: /var/db/repos/4nykey sync-type: git sync-uri: https://github.com/gentoo-mirror/4nykey.git masters: gentoo gentoo-zh location: /var/db/repos/gentoo-zh sync-type: git sync-uri: https://github.com/gentoo-mirror/gentoo-zh.git masters: gentoo guru location: /var/db/repos/guru sync-type: git sync-uri: https://github.com/gentoo-mirror/guru.git masters: gentoo jorgicio location: /var/db/repos/jorgicio sync-type: git sync-uri: https://github.com/gentoo-mirror/jorgicio.git masters: gentoo steam-overlay location: /var/db/repos/steam-overlay sync-type: git sync-uri: https://github.com/gentoo-mirror/steam-overlay.git masters: gentoo ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/var/cache/distfiles" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-march=native -O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-march=native -O2 -pipe" GENTOO_MIRRORS="http://ftp.twaren.net/Linux/Gentoo http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" LANG="zh_TW.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j24" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="X a52 aac acl acpi alsa amd64 bluetooth branding bzip2 cairo cdda cjk cli crypt cups dbus dri dts dvd dvdr elogind emboss encode exif ffmpeg flac fortran gdbm gif gtk gtk3 gui iconv icu ipv6 jpeg lcms libglvnd libnotify libtirpc mad mng mp3 mp4 mpeg mtp multilib ncurses networkmanager nls nptl ogg opengl openmp pam pango pcre pdf plymouth png policykit ppds pulseaudio readline sdl seccomp spell split-usr ssl startup-notification svg tiff truetype udev udisks unicode upower usb vaapi vorbis vulkan wxwidgets x264 xattr xcb xft xinerama xml xv xvid zlib" ABI_X86="64" ADA_TARGET="gnat_2020" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 aes avx avx2 sse4_1 sse4_2 ssse3 sse3 f16c" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput joystick" KERNEL="linux" L10N="zh-CN ja ko zh-TW zh" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-3 php7-4" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_9" PYTHON_TARGETS="python3_9" RUBY_TARGETS="ruby26 ruby27" USERLAND="GNU" VIDEO_CARDS="amdgpu radeonsi radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RUSTFLAGS
Created attachment 757065 [details] the log of ./configure outside portage emerge Please not the difference of the following line between this file and the build.log: checking for pkexec >= 0.102... 0.120 found
This appears to be because we pass GKSUPROG=kdesu as a configure argument. It was added without explanation in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcfd176a0ebb96b43d221543edbfd2586d96f433 I think that was a mistake and the intention was to override GKSUPROG if USE=kde was set.
Hm, but there's code in src_install that looks like it tries to sed out kdesu if USE=policykit: if ! use policykit; then if use kde; then cp "${_ddir}"/gparted{,-kde}.desktop || die cp "${_bdir}"/gparted{,-kde} || die sed -i -e '/Exec/ s:gparted:gparted-kde:' "${_ddir}"/gparted-kde.desktop || die echo 'OnlyShowIn=KDE;' >> "${_ddir}"/gparted-kde.desktop || die fi else sed -i -e 's:kdesu::' "${_bdir}"/gparted || die fi
Huh. No, that's not it. Removing GKSUPROG=kdesu doesn't allow configure to detect pkexec. Weird.
Ah, got it. When pkexec is run from configure via portage it fails with: > pkexec must be setuid root
FEATURES=-userpriv allows it to be detected.
(In reply to Matt Turner from comment #7) > FEATURES=-userpriv allows it to be detected. which also disables usersandbox. FEATURES=-usersandbox is enough to allow it to be detected.
Filed a merge request upstream with polkit to allow printing the version even when the pkexec binary is not setuid root.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bb73255629cc4999ff198fda276d593657609b8 commit 7bb73255629cc4999ff198fda276d593657609b8 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-05-04 02:32:40 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-04 02:32:40 +0000 sys-auth/polkit: backport pkexec help/version fix (fixes gparted) Closes: https://bugs.gentoo.org/827884 Signed-off-by: Sam James <sam@gentoo.org> .../files/polkit-0.120_p20220221-pkexec-suid.patch | 67 +++++++++++ sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild | 129 +++++++++++++++++++++ 2 files changed, 196 insertions(+)
*** Bug 851549 has been marked as a duplicate of this bug. ***
