Merge pull request #1197 from openziti/allow-polkit

let polkitd satisfy the package dependency for policy kit

Author: qrkourier

programs/ziti-edge-tunnel/package/CPackGenConfig.cmake

@@ -39,6 +39,6 @@ if(CPACK_GENERATOR MATCHES "DEB")
     # specify "libssl3 if it exists in the repos, or nothing" as a dependency.
     # systemd package on older distros does not contain `systemd-sysusers`, so include passwd for `useradd`, `groupadd`.
     # login provides `/usr/sbin/nologin`.
-    set(CPACK_DEBIAN_PACKAGE_DEPENDS "debconf, iproute2, sed, systemd, libatomic1, libjson-c3 | libjson-c4 | libjson-c5 , libprotobuf-c1, libssl3 | libssl1.1 | libssl1.0.0, login, passwd, policykit-1, zlib1g")
+    set(CPACK_DEBIAN_PACKAGE_DEPENDS "debconf, iproute2, sed, systemd, libatomic1, libjson-c3 | libjson-c4 | libjson-c5 , libprotobuf-c1, libssl3 | libssl1.1 | libssl1.0.0, login, passwd, policykit-1 | polkitd, zlib1g")
     set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA "${CPACK_DEB_CONFFILES};${CPACK_DEB_PRE_INSTALL};${CPACK_DEB_POST_INSTALL};${CPACK_DEB_PRE_UNINSTALL};${CPACK_DEB_POST_UNINSTALL};${CPACK_DEB_TEMPLATES}")
 endif(CPACK_GENERATOR MATCHES "DEB")

programs/ziti-edge-tunnel/package/deb/postinst.in

@@ -47,29 +47,32 @@ if [ "$1" = "configure" ]; then
   chmod 0770 "@ZITI_IDENTITY_DIR@"
   find "@ZITI_IDENTITY_DIR@" -maxdepth 1 -name "*.json" -type f -exec chown ziti:ziti "{}" + -exec chmod 0660 "{}" +
 
-  # sort ascending the installed and max policykit versions, saving the highest version, so we
-  # can ensure the installed version is less than the max version
-  policykit_version="$(dpkg-query -Wf '${Version}' policykit-1)"
-  max_policykit_version="0.106"
-  highest_policykit_version="$(printf '%s\n' ${policykit_version} ${max_policykit_version} | sort -V | tail -n1)"
-
-  # sort ascending the installed and min systemd versions, saving the lowest version, so we can ensure the installed
-  # version is greater than or equal to the min version
-  systemd_version=$(dpkg-query -Wf '${Version}' systemd)
-  min_systemd_version="243"
-  lowest_systemd_version="$(printf '%s\n' ${systemd_version} ${min_systemd_version} | sort -V | head -n1)"
-
-  # install PolicyKit policy if < v0.106 (https://askubuntu.com/questions/1287924/whats-going-on-with-policykit)
-  if [ ${policykit_version} != ${max_policykit_version} ] && [ ${max_policykit_version} = ${highest_policykit_version} ]; then
-    # run as root unless systemd >= v243 (required set-llmnr introduced v243 https://github.com/systemd/systemd/commit/52aaef0f5dc81b9a08d720f551eac53ac88aa596)
-    if [ ${systemd_version} = ${min_systemd_version} ] || [ ${min_systemd_version} = ${lowest_systemd_version} ]; then
-      cp "@CPACK_SHARE_DIR@/@[email protected]" "/var/lib/polkit-1/localauthority/10-vendor.d/@ZITI_POLKIT_PKLA_FILE@"
-      db_set ziti_edge_tunnel/install_pkla true
-    else
-      service_user=root
-      override_dir="@SYSTEMD_UNIT_DIR@/@[email protected]"
-      mkdir -p "${override_dir}/"
-      ( echo '[Service]'; echo "User=root" ) > "${override_dir}/10-run-as-root.conf"
+  # If polkitd is installed, skip PolicyKit-1 evaluation and do not place a .pkla file
+  if dpkg-query -W -f='${Status}' polkitd 2>/dev/null | grep -q "install ok installed"; then
+    : # no-op when polkitd is present
+  else
+    # determine PolicyKit-1 version robustly
+    policykit_version="$(dpkg-query -Wf '${Version}' policykit-1 2>/dev/null || true)"
+    max_policykit_version="0.106"
+    highest_policykit_version="$(printf '%s\n' "${policykit_version}" "${max_policykit_version}" | sort -V | tail -n1)"
+
+    # determine installed systemd version robustly
+    systemd_version="$(dpkg-query -Wf '${Version}' systemd 2>/dev/null || true)"
+    min_systemd_version="243"
+    lowest_systemd_version="$(printf '%s\n' "${systemd_version}" "${min_systemd_version}" | sort -V | head -n1)"
+
+    # install PolicyKit localauthority policy if PolicyKit-1 < v0.106 (https://askubuntu.com/questions/1287924/whats-going-on-with-policykit)
+    if [ -n "${policykit_version}" ] && [ "${policykit_version}" != "${max_policykit_version}" ] && [ "${max_policykit_version}" = "${highest_policykit_version}" ]; then
+      # run as root unless systemd >= v243 (required set-llmnr introduced v243 https://github.com/systemd/systemd/commit/52aaef0f5dc81b9a08d720f551eac53ac88aa596)
+      if [ -n "${systemd_version}" ] && { [ "${systemd_version}" = "${min_systemd_version}" ] || [ "${min_systemd_version}" = "${lowest_systemd_version}" ]; }; then
+        cp "@CPACK_SHARE_DIR@/@[email protected]" "/var/lib/polkit-1/localauthority/10-vendor.d/@ZITI_POLKIT_PKLA_FILE@"
+        db_set ziti_edge_tunnel/install_pkla true
+      else
+        service_user=root
+        override_dir="@SYSTEMD_UNIT_DIR@/@[email protected]"
+        mkdir -p "${override_dir}/"
+        ( echo '[Service]'; echo "User=root" ) > "${override_dir}/10-run-as-root.conf"
+      fi
     fi
   fi
 

scripts/ziti-builder.sh

@@ -70,7 +70,7 @@ function set_workspace(){
             --volume "${REPODIR}:${WORKSPACE}" \
             "${ZITI_SDK_DIR:+--volume=${ZITI_SDK_DIR}:${ZITI_SDK_DIR}}" \
             --platform "linux/amd64" \
-            --env "VCPKG_DEFAULT_BINARY_CACHE=${WORKSPACE}/.cache" \
+            --env "VCPKG_BINARY_SOURCES=clear;files,${WORKSPACE}/vcpkg_cache,readwrite" \
             --env "TLSUV_TLSLIB" \
             --env "ZITI_SDK_DIR" \
             --env "ZITI_SDK_VERSION" \
@@ -119,10 +119,10 @@ function main() {
         exec "${@}"
     else
         [[ -d ./build ]] && rm -rf ./build
-        [[ -d ./.cache ]] || mkdir -v ./.cache
+        mkdir -pv ./vcpkg_cache
         cmake \
             -E make_directory \
-            ./build  
+            ./build
         cmake \
             --preset "${CMAKE_PRESET:-ci-linux-x64}" \
             -DCMAKE_BUILD_TYPE="${CMAKE_CONFIG:-Release}" \