From fb82468715f9f5b97b858cbf13f7fc58c4df2a0d Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Tue, 3 Apr 2018 15:18:34 +0200 Subject: [PATCH 01/14] js: Add version 38.2.1 from BLFS Description [1]: > JS is Mozilla's JavaScript engine written in C. ``` $ bee init -o js-38.2.1-0.bee http://anduin.linuxfromscratch.org/BLFS/mozjs/mozjs-38.2.1.rc0.tar.bz2 creating js-38.2.1-0.bee from template '/etc/default/bee/templates/fallback' ``` [1]: http://www.linuxfromscratch.org/blfs/view/stable-systemd/general/js38.html --- js-38.2.1-0.bee | 83 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100755 js-38.2.1-0.bee diff --git a/js-38.2.1-0.bee b/js-38.2.1-0.bee new file mode 100755 index 000000000..9c56e3279 --- /dev/null +++ b/js-38.2.1-0.bee @@ -0,0 +1,83 @@ +#!/usr/bin/env beesh + +## this file was created by bee init and should be executed to build a +## bee-package. (Additional hints are located at the end of this file.) + +############################################################################### +## The source URL(s) define the location of the sources that will be +## downloaded. Version variables may be used to simplify reuse of this bee-file. + +SRCURL[0]="http://anduin.linuxfromscratch.org/BLFS/mozjs/mozjs-${PKGVERSION}.rc0.tar.bz2" + +############################################################################### +## Add URLs/pathes to patch files to the PATCHURL array. +## The sources will be patched in the order of the array. + +# PATCHURL+=() + +############################################################################### +## Add filename patterns to the EXCLUDE array of files that should not +## be added to you package but may be present in the image directory. + +# EXCLUDE+=() + +############################################################################### +## Uncomment the next statement, if the software may not be able to be built +## outside the source directory and needs to be built inside the source +## directory. + +# build_in_sourcedir + +############################################################################### +## bee cannot detect buildtypes specified in subdirectories. +## Sometimes packages "hide" the real sources in a subdirectory named +## 'src' or 'cmake' or .. +## use 'sourcesubdir_append' to specify this directory if known. + +# sourcesubdir_append src + + +############################################################################### +## Change the default (auto-detected) steps to +## extract, patch, configure/setup, build and install the software. +## Make sure the mee_install function does install everything to the +## image directory "${D}" + +#mee_extract() { +# bee_extract "${@}" +#} + +#mee_patch() { +# bee_patch "${@}" +#} + +#mee_configure() { +# bee_configure +#} + +#mee_build() { +# bee_build +#} + +#mee_install() { +# bee_install +#} +## by default this may be 'make install DESTDIR="${D}"' + +############################################################################### +## +## Additional hints: +## +## The name of this bee-file should follow the following naming convention: +## pkgname-pkgversion-pkgrevision.bee +## +## You may remove all comments as long as SRCURL[0] is set. +## +## Everything in this file will be executed in a bash environment. +## +## Build the package by executing +## './pkg-version-N.bee' or +## 'beesh ./pkg-version-N.bee' +## +## see http://beezinga.org/ +## From 2e83dd912a7ef9cf38ae2114a9f271fdb4f26727 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Tue, 3 Apr 2018 15:20:02 +0200 Subject: [PATCH 02/14] js: Convert to versionless bee file --- js-38.2.1-0.bee => js.be0 | 2 ++ 1 file changed, 2 insertions(+) rename js-38.2.1-0.bee => js.be0 (98%) diff --git a/js-38.2.1-0.bee b/js.be0 similarity index 98% rename from js-38.2.1-0.bee rename to js.be0 index 9c56e3279..1c08b5a8b 100755 --- a/js-38.2.1-0.bee +++ b/js.be0 @@ -1,5 +1,7 @@ #!/usr/bin/env beesh +# BEE_VERSION js-38.2.1-0 + ## this file was created by bee init and should be executed to build a ## bee-package. (Additional hints are located at the end of this file.) From 721316f0ff6c387f14c8243e5678f32fd6b02ac1 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Tue, 3 Apr 2018 15:32:29 +0200 Subject: [PATCH 03/14] js: Adapt for successfull building --- js.be0 | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/js.be0 b/js.be0 index 1c08b5a8b..9f3783b8b 100755 --- a/js.be0 +++ b/js.be0 @@ -15,7 +15,7 @@ SRCURL[0]="http://anduin.linuxfromscratch.org/BLFS/mozjs/mozjs-${PKGVERSION}.rc0 ## Add URLs/pathes to patch files to the PATCHURL array. ## The sources will be patched in the order of the array. -# PATCHURL+=() +PATCHURL+=(/src/mariux/patches/js38-38.2.1-upstream_fixes-2.patch) ############################################################################### ## Add filename patterns to the EXCLUDE array of files that should not @@ -53,9 +53,16 @@ SRCURL[0]="http://anduin.linuxfromscratch.org/BLFS/mozjs/mozjs-${PKGVERSION}.rc0 # bee_patch "${@}" #} -#mee_configure() { -# bee_configure -#} +mee_configure() { + bee_configure \ + --with-intl-api \ + --with-system-zlib \ + --with-system-ffi \ + --with-system-nspr \ + --with-system-icu \ + --enable-threadsafe \ + --enable-readline +} #mee_build() { # bee_build From 8841e907b2663fdf6d8fea1118e7cb4ed1b38506 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Tue, 3 Apr 2018 15:32:59 +0200 Subject: [PATCH 04/14] js: Specify that sources are in `js/src` --- js.be0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js.be0 b/js.be0 index 9f3783b8b..b1b7852e2 100755 --- a/js.be0 +++ b/js.be0 @@ -36,7 +36,7 @@ PATCHURL+=(/src/mariux/patches/js38-38.2.1-upstream_fixes-2.patch) ## 'src' or 'cmake' or .. ## use 'sourcesubdir_append' to specify this directory if known. -# sourcesubdir_append src +sourcesubdir_append js/src ############################################################################### From 48feea650117a43e9d97f96c8ad19f59f5bb2c3e Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Tue, 3 Apr 2018 16:51:20 +0200 Subject: [PATCH 05/14] js: Update build --- js.be0 | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/js.be0 b/js.be0 index b1b7852e2..e9136b551 100755 --- a/js.be0 +++ b/js.be0 @@ -15,7 +15,7 @@ SRCURL[0]="http://anduin.linuxfromscratch.org/BLFS/mozjs/mozjs-${PKGVERSION}.rc0 ## Add URLs/pathes to patch files to the PATCHURL array. ## The sources will be patched in the order of the array. -PATCHURL+=(/src/mariux/patches/js38-38.2.1-upstream_fixes-2.patch) +# PATCHURL+=(/src/mariux/patches/js38-38.2.1-upstream_fixes-2.patch) ############################################################################### ## Add filename patterns to the EXCLUDE array of files that should not @@ -49,9 +49,11 @@ sourcesubdir_append js/src # bee_extract "${@}" #} -#mee_patch() { -# bee_patch "${@}" -#} +mee_patch() { + # Work around sourcesubdir_append and paths in patch + start_cmd cd ../.. ; patch -N -p1 -i /src/mariux/patches/js38-38.2.1-upstream_fixes-2.patch + bee_patch "${@}" +} mee_configure() { bee_configure \ @@ -73,6 +75,15 @@ mee_configure() { #} ## by default this may be 'make install DESTDIR="${D}"' +mee_install_post() { + for link in `find ${D}/usr/include/mozjs-38 -type l`; do + header=`readlink $link` + rm -f $link + cp -pv $header $link + chmod 644 $link + done +} + ############################################################################### ## ## Additional hints: From f4dba52568bd42e9e95f1e11eaa22a8a87206b54 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Tue, 3 Apr 2018 14:30:45 +0200 Subject: [PATCH 06/14] polkit: Use current bee file template Recreate the bee file with the command below, and add customizations back. ``` $ bee init -f -o polkit-0.104-1.bee http://hal.freedesktop.org/releases/polkit-0.104.tar.gz ``` --- polkit-0.104-1.bee | 61 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 54 insertions(+), 7 deletions(-) diff --git a/polkit-0.104-1.bee b/polkit-0.104-1.bee index 184ef2c43..abbbe0be9 100755 --- a/polkit-0.104-1.bee +++ b/polkit-0.104-1.bee @@ -1,27 +1,55 @@ #!/usr/bin/env beesh +## this file was created by bee init and should be executed to build a +## bee-package. (Additional hints are located at the end of this file.) + +############################################################################### +## The source URL(s) define the location of the sources that will be +## downloaded. Version variables may be used to simplify reuse of this bee-file. + SRCURL[0]="http://hal.freedesktop.org/releases/polkit-${PKGVERSION}.tar.gz" -PATCHURL[0]="" +############################################################################### +## Add URLs/pathes to patch files to the PATCHURL array. +## The sources will be patched in the order of the array. -# BEE_CONFIGURE=compat +# PATCHURL+=() -# BEE_BUILDTYPE= +############################################################################### +## Add filename patterns to the EXCLUDE array of files that should not +## be added to you package but may be present in the image directory. -# EXCLUDE="" +# EXCLUDE+=() + +############################################################################### +## Uncomment the next statement, if the software may not be able to be built +## outside the source directory and needs to be built inside the source +## directory. build_in_sourcedir -LIBEXECDIR=/usr/lib/polkit-1 +############################################################################### +## bee cannot detect buildtypes specified in subdirectories. +## Sometimes packages "hide" the real sources in a subdirectory named +## 'src' or 'cmake' or .. +## use 'sourcesubdir_append' to specify this directory if known. +# sourcesubdir_append src +LIBEXECDIR=/usr/lib/polkit-1 + +############################################################################### +## Change the default (auto-detected) steps to +## extract, patch, configure/setup, build and install the software. +## Make sure the mee_install function does install everything to the +## image directory "${D}" #mee_extract() { -# bee_extract ${@} +# bee_extract "${@}" #} #mee_patch() { -# bee_patch ${@} +# bee_patch "${@}" #} mee_configure() { @@ -35,3 +63,22 @@ mee_configure() { #mee_install() { # bee_install #} +## by default this may be 'make install DESTDIR="${D}"' + +############################################################################### +## +## Additional hints: +## +## The name of this bee-file should follow the following naming convention: +## pkgname-pkgversion-pkgrevision.bee +## +## You may remove all comments as long as SRCURL[0] is set. +## +## Everything in this file will be executed in a bash environment. +## +## Build the package by executing +## './pkg-version-N.bee' or +## 'beesh ./pkg-version-N.bee' +## +## see http://beezinga.org/ +## From 27c508ce2c1d7211fccdf0cda6f0f3a0633e8612 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Tue, 3 Apr 2018 14:34:54 +0200 Subject: [PATCH 07/14] polkit: Securely download source archive Use HTTPS to securely download the source archive. --- polkit-0.104-1.bee | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/polkit-0.104-1.bee b/polkit-0.104-1.bee index abbbe0be9..22552fd95 100755 --- a/polkit-0.104-1.bee +++ b/polkit-0.104-1.bee @@ -7,7 +7,7 @@ ## The source URL(s) define the location of the sources that will be ## downloaded. Version variables may be used to simplify reuse of this bee-file. -SRCURL[0]="http://hal.freedesktop.org/releases/polkit-${PKGVERSION}.tar.gz" +SRCURL[0]="https://hal.freedesktop.org/releases/polkit-${PKGVERSION}.tar.gz" ############################################################################### ## Add URLs/pathes to patch files to the PATCHURL array. From 02b0f75d9ccaa81e37141ea792ddf884be81e2ef Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Tue, 3 Apr 2018 14:37:31 +0200 Subject: [PATCH 08/14] polkit: Convert to versionless bee file --- polkit-0.104-1.bee => polkit.be0 | 2 ++ 1 file changed, 2 insertions(+) rename polkit-0.104-1.bee => polkit.be0 (98%) diff --git a/polkit-0.104-1.bee b/polkit.be0 similarity index 98% rename from polkit-0.104-1.bee rename to polkit.be0 index 22552fd95..c5849f25c 100755 --- a/polkit-0.104-1.bee +++ b/polkit.be0 @@ -1,5 +1,7 @@ #!/usr/bin/env beesh +# BEE_VERSION polkit-0.104-1 + ## this file was created by bee init and should be executed to build a ## bee-package. (Additional hints are located at the end of this file.) From 7983ad08cb3f5a6851344ea3fc528de63277f064 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Tue, 3 Apr 2018 14:37:55 +0200 Subject: [PATCH 09/14] polkit: Update version from 104 to 113 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The [announcement][1] is available online. > Hello, > polkit-0.113 is now available at > http://www.freedesktop.org/software/polkit/releases/polkit-0.113.tar.gz > http://www.freedesktop.org/software/polkit/releases/polkit-0.113.tar.gz.sign > > -------------- > polkit 0.113 > -------------- > > NOTE: This release is an important security update, see below. > > WARNING WARNING WARNING: This is a prerelease on the road to polkit > 1.0. Public API might change and certain parts of the code still needs > some security review. Use at your own risk. > > This is polkit 0.113. > > Highlights: > Fixes CVE-2015-4625, a local privilege escalation due to predictable > authentication session cookie values. Thanks to Tavis Ormandy, Google Project > Zero for reporting this issue. For the future, authentication agents are > encouraged to use PolkitAgentSession instead of using the D-Bus agent response > API directly. > > Fixes CVE-2015-3256, various memory corruption vulnerabilities in use of the > JavaScript interpreter, possibly leading to local privilege escalation. > > Fixes CVE-2015-3255, a memory corruption vulnerability in handling duplicate > action IDs, possibly leading to local privilege escalation. Thanks to > Laurent Bigonville for reporting this issue. > > Fixes CVE-2015-3218, which allowed any local user to crash polkitd. Thanks to > Tavis Ormandy, Google Project Zero, for reporting this issue. > > On systemd-213 and later, the “active” state is shared across all sessions of > an user, instead of being tracked separately. > > (pkexec), when not given a program to execute, runs the users’ shell by > default. > > Build requirements > > glib, gobject, gio >= 2.30 > mozjs185 or mozjs-17.0 > gobject-introspection >= 0.6.2 (optional) > pam (optional) > ConsoleKit OR systemd > > Changes since polkit 0.112: > > Colin Walters (17): > PolkitSystemBusName: Add public API to retrieve Unix user > examples/cancel: Fix to securely lookup subject > sessionmonitor-systemd: Deduplicate code paths > PolkitSystemBusName: Retrieve both pid and uid > Port internals non-deprecated PolkitProcess API where possible > Use G_GNUC_BEGIN_IGNORE_DEPRECATIONS to avoid warning spam > pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR > pkexec: Support just plain "pkexec" to run shell > .dir-locals: Style for Emacs - we don't use tabs > authority: Avoid cookie wrapping by using u64 counter > CVE-2015-3218: backend: Handle invalid object paths in RegisterAuthenticationAgent > build: Start using git.mk > Revert "authority: Avoid cookie wrapping by using u64 counter" > authority: Add a helper method for checking whether an identity is root > CVE-2015-4625: Use unpredictable cookie values, keep them secret > CVE-2015-4625: Bind use of cookies to specific uids > README: Note to send security reports via DBus's mechanism > > Kay Sievers (1): > sessionmonitor-systemd: prepare for D-Bus "user bus" model > > Lukasz Skalski (1): > polkitd: Fix problem with removing non-existent source > > Max A. Dednev (1): > authority: Fix memory leak in EnumerateActions call results handler > > Miloslav Trmač (24): > Post-release version bump to 0.113 > Don't discard error data returned by polkit_system_bus_name_get_user_sync > Fix a memory leak > Refuse duplicate --user arguments to pkexec > Fix a possible NULL dereference. > Remove a redundant assignment. > Simplify forced error domain registration > Fix a typo, s/Evaluting/Evaluating/g > s/INCLUDES/AM_CPPFLAGS/g > Fix duplicate GError use when "uid" is missing > Fix a crash when two authentication requests are in flight. > docs: Update for changes to uid binding/AuthenticationAgentResponse2 > Don't pass an uninitialized JS parameter > Don't add extra NULL group to subject.groups > Don't store unrooted jsvals on heap > Fix a per-authorization memory leak > Fix a memory leak when registering an authentication agent > Wrap all JS usage within “requests” > Register heap-based JSObject pointers to GC > Prevent builds against SpiderMonkey with exact stack rooting > Clear the JS operation callback before invoking JS in the callback > Fix spurious timeout exceptions on GC > Fix GHashTable usage. > Fix use-after-free in polkitagentsession.c > > Philip Withnall (1): > sessionmonitor-systemd: Use sd_uid_get_state() to check session activity > > Rui Matos (1): > PolkitAgentSession: fix race between child and io watches > > Simon McVittie (1): > Use libsystemd instead of older libsystemd-login if possible > > Ting-Wei Lan (1): > build: Fix several issues on FreeBSD > > Xabier Rodriguez Calvar (1): > Fixed compilation problem in the backend > > Thanks to our contributors. > > Colin Walters and Miloslav Trmač, > July 2, 2015 [1]: https://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html "polkit-0.113 released" --- polkit.be0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/polkit.be0 b/polkit.be0 index c5849f25c..42e2ee126 100755 --- a/polkit.be0 +++ b/polkit.be0 @@ -1,6 +1,6 @@ #!/usr/bin/env beesh -# BEE_VERSION polkit-0.104-1 +# BEE_VERSION polkit-0.113-0 ## this file was created by bee init and should be executed to build a ## bee-package. (Additional hints are located at the end of this file.) From 1658482d3d365ed7b4c3d5bde0f20f1245b79cf8 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Tue, 3 Apr 2018 14:45:24 +0200 Subject: [PATCH 10/14] polkit: Update version from 0.113 to 0.113+git_2919920+js38 from LFS From BLFS with systemd [1]: > Due to lack of releases, a tarball has been generated for use by > BLFS, which includes a git checkout at ref 2919920, and a pending > patch to use js38. The patch is included in the tarball for review. Use systemd-logind for session tracking. ``` polkit 0.114 ================= prefix: /usr libdir: /usr/lib libexecdir: /usr/lib/polkit-1 bindir: /usr/bin sbindir: /usr/sbin datadir: /usr/share sysconfdir: /etc localstatedir: /var docdir: /usr/share/doc/polkit compiler: gcc cflags: -g -O2 cppflags: xsltproc: /usr/bin/xsltproc introspection: yes Distribution/OS: unknown Authentication framework: pam Session tracking: libsystemd-login PAM support: yes systemdsystemunitdir: /lib/systemd/system polkitd user: polkitd PAM file auth: system-auth PAM file account: system-auth PAM file password: system-auth PAM file session: system-auth Maintainer mode: no Building api docs: no Building man pages: yes Building examples: yes ``` [1]: http://www.linuxfromscratch.org/blfs/view/stable-systemd/postlfs/polkit.html --- polkit.be0 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/polkit.be0 b/polkit.be0 index 42e2ee126..0ba72f26d 100755 --- a/polkit.be0 +++ b/polkit.be0 @@ -1,6 +1,6 @@ #!/usr/bin/env beesh -# BEE_VERSION polkit-0.113-0 +# BEE_VERSION polkit-0.113_lfs-0 ## this file was created by bee init and should be executed to build a ## bee-package. (Additional hints are located at the end of this file.) @@ -9,7 +9,7 @@ ## The source URL(s) define the location of the sources that will be ## downloaded. Version variables may be used to simplify reuse of this bee-file. -SRCURL[0]="https://hal.freedesktop.org/releases/polkit-${PKGVERSION}.tar.gz" +SRCURL[0]="http://anduin.linuxfromscratch.org/BLFS/polkit/polkit-0.113+git_2919920+js38.tar.xz" ############################################################################### ## Add URLs/pathes to patch files to the PATCHURL array. @@ -28,7 +28,7 @@ SRCURL[0]="https://hal.freedesktop.org/releases/polkit-${PKGVERSION}.tar.gz" ## outside the source directory and needs to be built inside the source ## directory. -build_in_sourcedir +# build_in_sourcedir ############################################################################### ## bee cannot detect buildtypes specified in subdirectories. From 7904f6fb155c1c13e446e96325c8acdce44cdd7d Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Tue, 3 Apr 2018 14:45:48 +0200 Subject: [PATCH 11/14] polkit: Wrap long line --- polkit.be0 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/polkit.be0 b/polkit.be0 index 0ba72f26d..f18fabbdf 100755 --- a/polkit.be0 +++ b/polkit.be0 @@ -55,7 +55,8 @@ LIBEXECDIR=/usr/lib/polkit-1 #} mee_configure() { - bee_configure --with-polkit-user=polkit + bee_configure \ + --with-polkit-user=polkit } #mee_build() { From 1128d7cc09fade4135cb2f120ab3523ce91e910a Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Tue, 3 Apr 2018 14:46:33 +0200 Subject: [PATCH 12/14] polkit: Prevent installation of static versions of libraries --- polkit.be0 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/polkit.be0 b/polkit.be0 index f18fabbdf..4a4e4f736 100755 --- a/polkit.be0 +++ b/polkit.be0 @@ -56,7 +56,8 @@ LIBEXECDIR=/usr/lib/polkit-1 mee_configure() { bee_configure \ - --with-polkit-user=polkit + --with-polkit-user=polkit \ + --disable-static } #mee_build() { From 8da9ce93a0b608c59e99718d4c26e8d6e42559cf Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Tue, 3 Apr 2018 15:15:19 +0200 Subject: [PATCH 13/14] polkit: Remove obsolete configure option The current option name is `polkitd`, and we set the default value. --- polkit.be0 | 1 - 1 file changed, 1 deletion(-) diff --git a/polkit.be0 b/polkit.be0 index 4a4e4f736..3a95ac2db 100755 --- a/polkit.be0 +++ b/polkit.be0 @@ -56,7 +56,6 @@ LIBEXECDIR=/usr/lib/polkit-1 mee_configure() { bee_configure \ - --with-polkit-user=polkit \ --disable-static } From 6942895bbf095ecde9bb5c33136459158bda3598 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Wed, 4 Apr 2018 10:44:34 +0200 Subject: [PATCH 14/14] scripts: Add polkit update to systemd update script --- scripts/update-systemd-from-27-to-238.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/update-systemd-from-27-to-238.sh b/scripts/update-systemd-from-27-to-238.sh index 33882d897..6d54b6ca8 100755 --- a/scripts/update-systemd-from-27-to-238.sh +++ b/scripts/update-systemd-from-27-to-238.sh @@ -25,8 +25,11 @@ bee update -f util-linux-2.31.1-1 xorg-server pulseaudio libgudev libusb xf86-in bee remove systemd-27-0.x86_64 bee update -f systemd-238-0 bee install udev_compat-1.0-0 qtwebkit-5.9.0-0 +bee install js-38.2.1-0 +bee update polkit systemctl daemon-reload systemctl disable console-kit-daemon +# systemctl restart polkit.service # we are going to reboot anyway sed -i '/pam_ck_connector.so/d' /etc/pam.d/system-auth sed -i 's/required pam_systemd.so create-session=1 kill-user=0 kill-session=0/optional pam_systemd.so/' /etc/pam.d/system-auth