diff --git a/0001-packagekitd-Use-export_dynamic-explicitly.patch b/0001-packagekitd-Use-export_dynamic-explicitly.patch deleted file mode 100644 index 4a167570de39f2dc2e3bdd1f8012aaafcdfb9908..0000000000000000000000000000000000000000 --- a/0001-packagekitd-Use-export_dynamic-explicitly.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 70594bbe7b3c61b7f9fe58cb77ddaeb630e7276f Mon Sep 17 00:00:00 2001 -From: Dominique Leuenberger -Date: Mon, 17 Jul 2023 15:24:14 +0200 -Subject: [PATCH] packagekitd: Use export_dynamic explicitly - -We used to get that implicitly through GModule .pc file defining -Wl,--export-dynamic so that modules could reference symbols in the main executable. - -With newer GLib including glib@11bdd6fc the gmodule .pc file will no longer define this compiler flag in a way that works for us, resulting in errors like: -packagekitd[2394]: Failed to load the backend: opening module zypp failed : /usr/lib64/packagekit-backend/libpk_backend_zypp.so: undefined symbol: pk_backend_job_require_restart ---- - src/meson.build | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/meson.build b/src/meson.build -index cae73380e..a47169c2b 100644 ---- a/src/meson.build -+++ b/src/meson.build -@@ -76,6 +76,7 @@ packagekitd_exec = executable( - ], - install: true, - install_dir: get_option('libexecdir'), -+ export_dynamic: true, - c_args: [ - '-DPK_BUILD_DAEMON=1', - '-DG_LOG_DOMAIN="PackageKit"', --- -2.41.0 - diff --git a/PackageKit-1.3.5-dnf-backend-optional-deps.patch b/PackageKit-1.3.5-dnf-backend-optional-deps.patch new file mode 100644 index 0000000000000000000000000000000000000000..bc438fcab0b01083a555c7c0c9a7881f0d51ac80 --- /dev/null +++ b/PackageKit-1.3.5-dnf-backend-optional-deps.patch @@ -0,0 +1,88 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: PkgAgent Robot +Date: Mon, 22 Jun 2026 10:56:00 +0800 +Subject: [PATCH] Make libdnf5 and sdbus-c++ optional in dnf backend + +Adapted-by: PkgAgent/deepseek-v4 (needed for OCS which lacks libdnf5-devel) + +--- + backends/dnf/meson.build | 36 +++++++++++++++++++----------------- + 1 file changed, 19 insertions(+), 17 deletions(-) + +diff --git a/backends/dnf/meson.build b/backends/dnf/meson.build +index 6efde8f..51b8d0e 100644 +--- a/backends/dnf/meson.build ++++ b/backends/dnf/meson.build +@@ -1,10 +1,8 @@ + appstream_dep = dependency('appstream', version: '>=0.14.0') + dnf_dep = dependency('libdnf', version: '>=0.43.1') +-dnf5_dep = dependency('libdnf5') +-libdnf5_version = dnf5_dep.version().split('.') ++dnf5_dep = dependency('libdnf5', required: false) + rpm_dep = dependency('rpm') +-sdbus_cpp_dep = dependency('sdbus-c++') +-sdbus_cpp_version = sdbus_cpp_dep.version().split('.') ++sdbus_cpp_dep = dependency('sdbus-c++', required: false) + c_args = ['-DG_LOG_DOMAIN="PackageKit-DNF"'] + + if meson.get_compiler('c').has_function('hy_query_get_advisory_pkgs', prefix: '#include ', dependencies: dnf_dep) +@@ -24,31 +22,35 @@ install_data( + install_dir: join_paths(python_package_dir), + ) + +-add_languages('cpp', native: false) +-shared_module( +- 'notify_packagekit', +- 'notify_packagekit.cpp', +- cpp_args: [ +- '-std=c++20', +- '-DLIBDNF5_VERSION_MAJOR=' + libdnf5_version[0], +- '-DLIBDNF5_VERSION_MINOR=' + libdnf5_version[1], +- '-DLIBDNF5_VERSION_PATCH=' + libdnf5_version[2], +- '-DSDBUSCPP_VERSION_MAJOR=' + sdbus_cpp_version[0], +- ], +- include_directories: packagekit_glib2_includes, +- dependencies: [ +- dnf5_dep, +- sdbus_cpp_dep, +- ], +- name_prefix: '', +- install: true, +- install_dir: get_option('libdir') / 'libdnf5/plugins/', +-) ++if dnf5_dep.found() and sdbus_cpp_dep.found() ++ libdnf5_version = dnf5_dep.version().split('.') ++ sdbus_cpp_version = sdbus_cpp_dep.version().split('.') ++ add_languages('cpp', native: false) ++ shared_module( ++ 'notify_packagekit', ++ 'notify_packagekit.cpp', ++ cpp_args: [ ++ '-std=c++20', ++ '-DLIBDNF5_VERSION_MAJOR=' + libdnf5_version[0], ++ '-DLIBDNF5_VERSION_MINOR=' + libdnf5_version[1], ++ '-DLIBDNF5_VERSION_PATCH=' + libdnf5_version[2], ++ '-DSDBUSCPP_VERSION_MAJOR=' + sdbus_cpp_version[0], ++ ], ++ include_directories: packagekit_glib2_includes, ++ dependencies: [ ++ dnf5_dep, ++ sdbus_cpp_dep, ++ ], ++ name_prefix: '', ++ install: true, ++ install_dir: get_option('libdir') / 'libdnf5/plugins/', ++ ) + +-install_data( +- 'notify_packagekit.conf', +- install_dir: get_option('sysconfdir') / 'dnf/libdnf5-plugins/' +-) ++ install_data( ++ 'notify_packagekit.conf', ++ install_dir: get_option('sysconfdir') / 'dnf/libdnf5-plugins/' ++ ) ++endif + + shared_module( + 'pk_backend_dnf', diff --git a/PackageKit-1.3.5-idle-timeout-default.patch b/PackageKit-1.3.5-idle-timeout-default.patch new file mode 100644 index 0000000000000000000000000000000000000000..ff827e4c86e35e239ca5f5b0145a416c7f876825 --- /dev/null +++ b/PackageKit-1.3.5-idle-timeout-default.patch @@ -0,0 +1,24 @@ +From f42096ff2427a758eda9de2e3046714167a38c95 Mon Sep 17 00:00:00 2001 +From: Russell Haley +Date: Mon, 12 Sep 2022 12:36:10 -0500 +Subject: [PATCH] Revert "Revert "Shutdown the daemon on idle by default"" + +Adapted-by: PkgAgent/deepseek-v4 (modified to adapt to opencloudos-stream PackageKit 1.3.5) + +--- + src/pk-main.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/pk-main.c b/src/pk-main.c +index 7642692..b4b48e5 100644 +--- a/src/pk-main.c ++++ b/src/pk-main.c +@@ -198,6 +198,8 @@ main (int argc, char *argv[]) + exit_idle_time = 300; + g_clear_error (&error); + } ++ if (exit_idle_time == 0) ++ exit_idle_time = 300; + if (exit_idle_time > 0) + g_debug ("daemon shutdown set to %i seconds", exit_idle_time); + else diff --git a/package-remove-password-prompt.patch b/PackageKit-1.3.5-remove-password-prompt.patch similarity index 50% rename from package-remove-password-prompt.patch rename to PackageKit-1.3.5-remove-password-prompt.patch index 3cda368bf34018a90efa22b6de17075e08a5a6bd..871f53ef80739dbd2da3fad205348c835fffcbec 100644 --- a/package-remove-password-prompt.patch +++ b/PackageKit-1.3.5-remove-password-prompt.patch @@ -7,26 +7,24 @@ A local, active admin user can install packages without a password prompt, but has to enter the admin password to remove packages. This doesn't make much sense. It should be parallel. -Note that this change has no effect on what users are able to do, -because it only applies to admin users. The password only protects -against unlocked workstation attackers, where an attacker gains physical -access to an unlocked desktop. It's pretty weird to prevent such an -attacker from removing software, but allow installing new stuff. +Adapted-by: PkgAgent/deepseek-v4 (modified to adapt to opencloudos-stream PackageKit 1.3.5) -https://pagure.io/fedora-workstation/issue/233 --- - policy/org.freedesktop.packagekit.rules | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) + policy/org.freedesktop.packagekit.rules | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/policy/org.freedesktop.packagekit.rules b/policy/org.freedesktop.packagekit.rules -index 6a1c8a701..95d21925f 100644 +index fd8374f..6caa639 100644 --- a/policy/org.freedesktop.packagekit.rules +++ b/policy/org.freedesktop.packagekit.rules -@@ -1,5 +1,6 @@ +@@ -4,7 +4,9 @@ polkit.addRule(function(action, subject) { -- if (action.id == "org.freedesktop.packagekit.package-install" && -+ if ((action.id == "org.freedesktop.packagekit.package-install" || + if ((action.id == "org.freedesktop.packagekit.system-update" || + action.id == "org.freedesktop.packagekit.trigger-offline-update" || +- action.id == "org.freedesktop.packagekit.trigger-offline-upgrade") && ++ action.id == "org.freedesktop.packagekit.trigger-offline-upgrade" || ++ action.id == "org.freedesktop.packagekit.package-install" || + action.id == "org.freedesktop.packagekit.package-remove") && - subject.active == true && subject.local == true && - subject.isInGroup("wheel")) { + subject.active == true && subject.local == true && + (subject.isInGroup("wheel") || subject.isInGroup("sudo"))) { return polkit.Result.YES; diff --git a/PackageKit.spec b/PackageKit.spec index eb8f2cc107fd987f1402bb5b5220bc9fa5c0d240..4c54d4da8684914d31a0eafee7400e7aa33b3a90 100644 --- a/PackageKit.spec +++ b/PackageKit.spec @@ -3,19 +3,19 @@ Summary: Package management service Name: PackageKit -Version: 1.2.6 -Release: 3%{?dist} +Version: 1.3.5 +Release: 1%{?dist} License: GPL-2.0-or-later AND LGPL-2.1-or-later URL: http://www.freedesktop.org/software/PackageKit/ -Source0: http://www.freedesktop.org/software/PackageKit/releases/%{name}-%{version}.tar.xz -Patch3000: package-remove-password-prompt.patch -Patch3001: shutdown-on-idle.patch -Patch3002: 0001-packagekitd-Use-export_dynamic-explicitly.patch +Source0: https://github.com/PackageKit/PackageKit/archive/refs/tags/v%{version}.tar.gz +Patch3000: PackageKit-1.3.5-remove-password-prompt.patch +Patch3001: PackageKit-1.3.5-idle-timeout-default.patch +Patch3002: PackageKit-1.3.5-dnf-backend-optional-deps.patch -BuildRequires: glib2-devel >= %{glib2_version}, xmlto, gtk-doc, sqlite-devel, polkit-devel >= 0.92 +BuildRequires: glib2-devel >= %{glib2_version}, xmlto, gtk-doc, sqlite-devel, polkit-devel >= 0.92, jansson-devel >= 2.8 BuildRequires: gtk3-devel, docbook-utils, meson, gettext, vala, gstreamer1-devel -BuildRequires: gstreamer1-plugins-base-devel, pango-devel, fontconfig-devel, libappstream-glib-devel -BuildRequires: libdnf-devel >= %{libdnf_version}, systemd, systemd-devel, gobject-introspection-devel +BuildRequires: gstreamer1-plugins-base-devel, pango-devel, fontconfig-devel +BuildRequires: libdnf-devel >= %{libdnf_version}, appstream-devel, libxslt, docbook-style-xsl, systemd, systemd-devel, gobject-introspection-devel BuildRequires: bash-completion, python3-devel Requires: %{name}-glib = %{version}-%{release} @@ -87,8 +87,16 @@ using PackageKit. %autosetup -p1 %build +# Replace remote docbook XSL URL with local path (no network in mock build env) +MAN_XSL="$(find /usr/share/sgml/docbook/xsl-stylesheets*/manpages/ -name docbook.xsl 2>/dev/null | head -1)" +if [ -n "$MAN_XSL" ]; then + sed -i "s|http://docbook.sourceforge.net/release/xsl[-a-z]*/current/manpages/docbook.xsl|$MAN_XSL|" client/meson.build + sed -i "s|http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl|$MAN_XSL|" client/pkcon/meson.build +fi %meson \ -Dgtk_doc=true \ + -Dman_pages=true \ + -Dlegacy_tools=true \ -Dpython_backend=false \ -Dpackaging_backend=dnf \ -Dlocal_checkout=false @@ -115,7 +123,7 @@ systemctl disable packagekit-offline-update.service > /dev/null 2>&1 || : %files -f %{name}.lang %license COPYING -%doc README AUTHORS NEWS +%doc README.md AUTHORS NEWS %dir %{_datadir}/PackageKit %dir %{_sysconfdir}/PackageKit %dir %{_localstatedir}/lib/PackageKit @@ -126,9 +134,10 @@ systemctl disable packagekit-offline-update.service > /dev/null 2>&1 || : %dir %{_libdir}/packagekit-backend %config(noreplace) %{_sysconfdir}/PackageKit/PackageKit.conf %config(noreplace) %{_sysconfdir}/PackageKit/Vendor.conf -%config %{_sysconfdir}/dbus-1/system.d/* -%{_bindir}/pkmon +%{_datadir}/dbus-1/system.d/org.freedesktop.PackageKit.conf +%{_bindir}/pkgcli %{_bindir}/pkcon +%{_bindir}/pkmon %exclude %{_libdir}/libpackagekit*.so.* %{_libdir}/packagekit-backend/libpk_backend_dummy.so %{_libdir}/packagekit-backend/libpk_backend_dnf.so @@ -136,8 +145,11 @@ systemctl disable packagekit-offline-update.service > /dev/null 2>&1 || : %{_libexecdir}/packagekitd %{_libexecdir}/packagekit-direct %{_libexecdir}/pk-*offline-update +%{_libexecdir}/packagekit-dnf-refresh-repo %ghost %verify(not md5 size mtime) %attr(0644,-,-) %{_localstatedir}/lib/PackageKit/transactions.db +%{_datadir}/bash-completion/completions/pkgcli %{_datadir}/bash-completion/completions/pkcon +%{_datadir}/man/man1/pkgcli.1* %{_datadir}/man/man1/pkcon.1* %{_datadir}/man/man1/pkmon.1* %{_datadir}/polkit-1/actions/*.policy @@ -146,6 +158,7 @@ systemctl disable packagekit-offline-update.service > /dev/null 2>&1 || : %{_datadir}/PackageKit/helpers/test_spawn/search-name.sh %{_datadir}/dbus-1/system-services/*.service %{_datadir}/dbus-1/interfaces/*.xml +%{_datadir}/metainfo/org.freedesktop.packagekit.metainfo.xml %{_unitdir}/packagekit-offline-update.service %{_unitdir}/packagekit.service %{_unitdir}/system-update.target.wants/ @@ -179,11 +192,15 @@ systemctl disable packagekit-offline-update.service > /dev/null 2>&1 || : %{_libdir}/libpackagekit-glib2.so %{_libdir}/pkgconfig/packagekit-glib2.pc %{_datadir}/gir-1.0/PackageKitGlib-1.0.gir -%{_datadir}/gtk-doc/html/PackageKit %{_datadir}/vala/vapi/packagekit-glib2.vapi %{_datadir}/vala/vapi/packagekit-glib2.deps +%{_datadir}/gtk-doc/html/PackageKit %changelog +* Mon Jun 22 2026 PkgAgent Robot - 1.3.5-1 +- [Type] security +- [DESC] Update to 1.3.5 (fixes CVE-2026-41651) + * Wed Jun 11 2025 bbrucezhang - 1.2.6-3 - Rebuilt for loongarch64 diff --git a/shutdown-on-idle.patch b/shutdown-on-idle.patch deleted file mode 100644 index ec18922c21dc490fa75cff1d83be7cc02df96562..0000000000000000000000000000000000000000 --- a/shutdown-on-idle.patch +++ /dev/null @@ -1,156 +0,0 @@ -From f42096ff2427a758eda9de2e3046714167a38c95 Mon Sep 17 00:00:00 2001 -From: Russell Haley -Date: Mon, 12 Sep 2022 12:36:10 -0500 -Subject: [PATCH] Revert "Revert "Shutdown the daemon on idle by default"" - -This reverts commit dca1f5b2508a4632d0b9fefab771a5a9caf83a5c. - -Which reverted commit 0c84d71509e851db20445c747529bd7d3724f081, -which reverted commit c6eb3555ec5b41e988c111d276764d55fb83bda3. - -Fixes #460. - -The memory usage of packagekitd has been observed growing well beyond -half a GiB. See: - -https://bugzilla.redhat.com/show_bug.cgi?id=1354074 -https://bugzilla.redhat.com/show_bug.cgi?id=1854875 -https://bugzilla.redhat.com/show_bug.cgi?id=1896964 - -As I understand it, this timeout causes some slightly surprising -behavior when users mix command line dnf upgades with GUI PackageKit -upgrades, and do not manually run an update check before rebooting for -update. But that is an edge case, and the price of not having it is too -high. ---- - src/pk-main.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/pk-main.c b/src/pk-main.c -index d372a7456..1de9a1390 100644 ---- a/src/pk-main.c -+++ b/src/pk-main.c -@@ -183,6 +183,11 @@ main (int argc, char *argv[]) - - /* after how long do we timeout? */ - exit_idle_time = g_key_file_get_integer (conf, "Daemon", "ShutdownTimeout", NULL); -+ /* THIS COMMENT IS A TSUNAMI STONE -+ * Before removing the default timeout, please study the git history and -+ * be sure that you are not regressing Redhat bugzilla #1354074 (again). */ -+ if (exit_idle_time == 0) -+ exit_idle_time = 300; - g_debug ("daemon shutdown set to %i seconds", exit_idle_time); - - /* override the backend name */ - -From ba378b8510133bbad081aebd15cfe2ae74fe1e8a Mon Sep 17 00:00:00 2001 -From: Gordon Messmer -Date: Sun, 15 Jan 2023 15:17:45 -0800 -Subject: [PATCH] valgrind warns that a conditional depends on an uninitialized - value. - ---- - src/pk-main.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/pk-main.c b/src/pk-main.c -index d372a7456..43727d206 100644 ---- a/src/pk-main.c -+++ b/src/pk-main.c -@@ -241,6 +241,8 @@ main (int argc, char *argv[]) - helper.loop = loop; - helper.timer_id = g_timeout_add_seconds (5, (GSourceFunc) pk_main_timeout_check_cb, &helper); - g_source_set_name_by_id (helper.timer_id, "[PkMain] main poll"); -+ } else { -+ helper.timer_id = 0; - } - - /* immediatly exit */ - -From 8c22a0e2f3caf7df8728eec0dbf04d9c3c69f32e Mon Sep 17 00:00:00 2001 -From: Gordon Messmer -Date: Tue, 17 Jan 2023 08:45:16 -0800 -Subject: [PATCH] Notify PackageKit when dnf installs or removes packages. - ---- - backends/dnf/meson.build | 13 +++++++++ - backends/dnf/notify_packagekit.py | 45 +++++++++++++++++++++++++++++++ - contrib/PackageKit.spec.in | 2 ++ - 3 files changed, 60 insertions(+) - create mode 100644 backends/dnf/notify_packagekit.py - -diff --git a/backends/dnf/meson.build b/backends/dnf/meson.build -index ac75a1b6c..09718baf1 100644 ---- a/backends/dnf/meson.build -+++ b/backends/dnf/meson.build -@@ -7,6 +7,19 @@ if meson.get_compiler('c').has_function('hy_query_get_advisory_pkgs', prefix: '# - c_args += ['-DHAVE_HY_QUERY_GET_ADVISORY_PKGS'] - endif - -+python = import('python') -+python_exec = python.find_installation() -+python_package_dir = get_option('pythonpackagedir') -+if python_package_dir == '' -+ python_package_dir = python_exec.get_install_dir() -+endif -+python_package_dir = join_paths(python_package_dir, 'dnf-plugins') -+ -+install_data( -+ 'notify_packagekit.py', -+ install_dir: join_paths(python_package_dir), -+) -+ - shared_module( - 'pk_backend_dnf', - 'dnf-backend-vendor-@0@.c'.format(get_option('dnf_vendor')), -diff --git a/backends/dnf/notify_packagekit.py b/backends/dnf/notify_packagekit.py -new file mode 100644 -index 000000000..3be1fadd8 ---- /dev/null -+++ b/backends/dnf/notify_packagekit.py -@@ -0,0 +1,45 @@ -+# -*- coding: utf-8 -*- -+# -+# Copyright (C) 2022 Gordon Messmer -+# -+# Licensed under the GNU Lesser General Public License Version 2.1 -+# -+# This library is free software; you can redistribute it and/or -+# modify it under the terms of the GNU Lesser General Public -+# License as published by the Free Software Foundation; either -+# version 2.1 of the License, or (at your option) any later version. -+# -+# This library is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+# Lesser General Public License for more details. -+# -+# You should have received a copy of the GNU Lesser General Public -+# License along with this library; if not, write to the Free Software -+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -+ -+""" -+Notify packagekitd when packages are installed, updated, or removed. -+""" -+ -+import dbus -+import dnf -+from dnfpluginscore import _ -+ -+ -+class NotifyPackagekit(dnf.Plugin): -+ name = "notify-packagekit" -+ -+ def __init__(self, base, cli): -+ super(NotifyPackagekit, self).__init__(base, cli) -+ self.base = base -+ self.cli = cli -+ -+ def transaction(self): -+ try: -+ bus = dbus.SystemBus() -+ proxy = bus.get_object('org.freedesktop.PackageKit', '/org/freedesktop/PackageKit') -+ iface = dbus.Interface(proxy, dbus_interface='org.freedesktop.PackageKit') -+ iface.StateHasChanged('posttrans') -+ except: -+ pass diff --git a/sources b/sources index 7438167da9df48b98ae96e596e77f5dc7750cb9f..8b841a821e766973d39cac605d1ef39430e8cdb4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (PackageKit-1.2.6.tar.xz) = 0861c539e4427f0b5104dc54a9c9cd6c9311d245732290864dd602a0c5959fce028553c8f8ed38f5fd826e32b31c765710c76e282450b6590af0c49116f29bae +SHA512 (v1.3.5.tar.gz) = 28cde8449a0642537fe301e66a41122846d039f13230f0034e7d265656b982a5da66d12809a4835d344952283f1176431c2759d7ffbf7e724fe30f9b0c821ec0