diff options
author | Wilhelm Schuster | 2022-01-29 20:21:07 +0100 |
---|---|---|
committer | Wilhelm Schuster | 2022-01-29 20:21:07 +0100 |
commit | ec3eeaa22dde364383a21c03c360a0dd51b950ea (patch) | |
tree | 0ca2f46a942f599b278be64736cda0c3b710c3f2 | |
parent | bdf6fc91d1e208504882e459e6c21abcf5ad9f16 (diff) | |
download | aur-ec3eeaa22dde364383a21c03c360a0dd51b950ea.tar.gz |
Update for polkit
-rw-r--r-- | .SRCINFO | 13 | ||||
-rw-r--r-- | PKGBUILD | 20 | ||||
-rw-r--r-- | moonraker.conf | 7 | ||||
-rw-r--r-- | moonraker.rules | 30 | ||||
-rw-r--r-- | moonraker.service | 1 | ||||
-rw-r--r-- | sysusers.conf | 1 |
6 files changed, 64 insertions, 8 deletions
@@ -1,6 +1,6 @@ pkgbase = moonraker-git pkgdesc = HTTP frontend for Klipper 3D printer firmware - pkgver = r1092.f5ceefb + pkgver = r1125.13591d0 pkgrel = 1 url = https://github.com/Arksine/moonraker arch = any @@ -18,7 +18,10 @@ pkgbase = moonraker-git depends = python-paho-mqtt depends = python-pycurl depends = python-zeroconf + depends = python-jinja + depends = python-dbus-next depends = libgpiod + optdepends = polkit: enable service and machine control through moonraker optdepends = python-preprocess-cancellation: enables exclude object processing provides = moonraker conflicts = moonraker @@ -26,11 +29,15 @@ pkgbase = moonraker-git source = git+https://github.com/Arksine/moonraker.git#branch=master source = moonraker.conf source = moonraker.service + source = moonraker.rules + source = sysusers.conf source = tmpfiles.conf source = moonraker-klipper.cfg sha256sums = SKIP - sha256sums = 54d34777723232425240da5b75a04e73d25c459cc42ea3f01ecfebab0d232f34 - sha256sums = 079711d571f950a5dc7dc3b48d59e3f13947db92a22753936e2e2f5c828fbee6 + sha256sums = 644da0c92412a48e4c612a12a678f981da1be9cfa1d73f2443680c6cfbbebe77 + sha256sums = b47549a8b888018b03bf41c9b6ccabf8c9e15d3b00a98bd21af85e9b4ec77f5c + sha256sums = cef040e973a9bb697659d1506a37a5f829551d5cc96e3f81ff588d5bd67cf1d0 + sha256sums = 549309fd129c8c665a5aed2d4229c20e5a9927f4fbdc937e0982db4785b9ee0d sha256sums = 7b908a1c3e0b56523d27db5283e2f546f93051fe855cc949635fafa37ba2f416 sha256sums = caa868a447ab94bd3e5f86cdf70e5deeb17b233077d94a424a682dfe49349a96 @@ -1,6 +1,6 @@ # Maintainer: Wilhelm Schuster <aur [aT] rot13 dot io> pkgname=moonraker-git -pkgver=r1092.f5ceefb +pkgver=r1125.13591d0 pkgrel=1 pkgdesc="HTTP frontend for Klipper 3D printer firmware" arch=(any) @@ -18,16 +18,21 @@ depends=(klipper python-paho-mqtt python-pycurl python-zeroconf + python-jinja + python-dbus-next libgpiod) makedepends=(git) -optdepends=("python-preprocess-cancellation: enables exclude object processing") +optdepends=("polkit: enable service and machine control through moonraker" + "python-preprocess-cancellation: enables exclude object processing") provides=("${pkgname%-git}") conflicts=("${pkgname%-git}") backup=('etc/klipper/moonraker.conf') -source=('git+https://github.com/Arksine/moonraker.git#branch=master' 'moonraker.conf' 'moonraker.service' 'tmpfiles.conf' 'moonraker-klipper.cfg') +source=('git+https://github.com/Arksine/moonraker.git#branch=master' 'moonraker.conf' 'moonraker.service' 'moonraker.rules' 'sysusers.conf' 'tmpfiles.conf' 'moonraker-klipper.cfg') sha256sums=('SKIP' - '54d34777723232425240da5b75a04e73d25c459cc42ea3f01ecfebab0d232f34' - '079711d571f950a5dc7dc3b48d59e3f13947db92a22753936e2e2f5c828fbee6' + '644da0c92412a48e4c612a12a678f981da1be9cfa1d73f2443680c6cfbbebe77' + 'b47549a8b888018b03bf41c9b6ccabf8c9e15d3b00a98bd21af85e9b4ec77f5c' + 'cef040e973a9bb697659d1506a37a5f829551d5cc96e3f81ff588d5bd67cf1d0' + '549309fd129c8c665a5aed2d4229c20e5a9927f4fbdc937e0982db4785b9ee0d' '7b908a1c3e0b56523d27db5283e2f546f93051fe855cc949635fafa37ba2f416' 'caa868a447ab94bd3e5f86cdf70e5deeb17b233077d94a424a682dfe49349a96') @@ -48,9 +53,14 @@ package() { install -Dm644 "$srcdir/moonraker.conf" "$pkgdir/etc/klipper/moonraker.conf" install -Dm644 "$srcdir/moonraker.service" "$pkgdir/usr/lib/systemd/system/moonraker.service" + install -Dm644 "$srcdir/sysusers.conf" "$pkgdir/usr/lib/sysusers.d/moonraker.conf" install -Dm644 "$srcdir/tmpfiles.conf" "$pkgdir/usr/lib/tmpfiles.d/moonraker.conf" install -Dm644 "$srcdir/moonraker-klipper.cfg" "$pkgdir/usr/share/doc/moonraker/moonraker-klipper.cfg" + # match directory owner/group and mode from [extra]/polkit + install -d -o root -g 102 -m 0750 "$pkgdir"/usr/share/polkit-1/rules.d + install -Dm644 "$srcdir/moonraker.rules" "$pkgdir/usr/share/polkit-1/rules.d/moonraker.rules" + install -dm755 "$pkgdir/opt/moonraker" GLOBIGNORE=.git cp -r * "$pkgdir/opt/moonraker" } diff --git a/moonraker.conf b/moonraker.conf index 83c10fc10b29..2b13a66a2501 100644 --- a/moonraker.conf +++ b/moonraker.conf @@ -49,6 +49,13 @@ config_path: /etc/klipper # The default is False. #enable_object_processing: False +[machine] +# The provider implementation used to collect system service information +# and run service actions (ie: start, restart, stop). This can be "none", +# "systemd_dbus", or "systemd_cli". If the provider is set to "none" service +# action APIs will be disabled. The default is systemd_dbus. +provider: systemd_cli + [database] # The path to the folder that stores Moonraker's lmdb database files. # It is NOT recommended to place this file in a location that is served by diff --git a/moonraker.rules b/moonraker.rules new file mode 100644 index 000000000000..0a796274a035 --- /dev/null +++ b/moonraker.rules @@ -0,0 +1,30 @@ +// Allow Moonraker User to manage systemd units, reboot and shutdown +// the system +polkit.addRule(function(action, subject) { + if ((action.id == "org.freedesktop.systemd1.manage-units" || + action.id == "org.freedesktop.login1.power-off" || + action.id == "org.freedesktop.login1.power-off-multiple-sessions" || + action.id == "org.freedesktop.login1.reboot" || + action.id == "org.freedesktop.login1.reboot-multiple-sessions" || + action.id.startsWith("org.freedesktop.packagekit.")) && + subject.user == "klipper") { + // Only allow processes with the "moonraker-admin" supplementary group + // access + try { + // more concise, but probably slightly slower: + /*var groups = polkit.spawn(["ps", "-o", "supgrp=", subject.pid.toString()]).split(","); + if (groups.indexOf("moonraker-admin") > -1) { + return polkit.Result.YES; + }*/ + + var gid = polkit.spawn(["getent", "group", "moonraker-admin"]).split(":")[2]; + var cmdpath = "/proc/" + subject.pid.toString() + "/status"; + var groups = polkit.spawn(["grep", "^Groups:", cmdpath]).split(" "); + if (groups.indexOf(gid) > -1) { + return polkit.Result.YES; + } + } catch (error) { + return polkit.Result.NOT_HANDLED; + } + } +}); diff --git a/moonraker.service b/moonraker.service index 335f4c7a17ac..b93a2a31d1c6 100644 --- a/moonraker.service +++ b/moonraker.service @@ -6,6 +6,7 @@ After=network.target klipper.service [Service] Type=simple User=klipper +SupplementaryGroups=moonraker-admin SyslogIdentifier=moonraker RemainAfterExit=yes ExecStart=/usr/bin/python /opt/moonraker/moonraker/moonraker.py -c /etc/klipper/moonraker.conf -n diff --git a/sysusers.conf b/sysusers.conf new file mode 100644 index 000000000000..d5f098a29979 --- /dev/null +++ b/sysusers.conf @@ -0,0 +1 @@ +g moonraker-admin - |