Update for polkit

author: Wilhelm Schuster 2022-01-29 20:21:07 +0100
committer: Wilhelm Schuster 2022-01-29 20:21:07 +0100
commit: ec3eeaa22dde364383a21c03c360a0dd51b950ea (patch)
tree: 0ca2f46a942f599b278be64736cda0c3b710c3f2
parent: bdf6fc91d1e208504882e459e6c21abcf5ad9f16 (diff)
download: aur-ec3eeaa22dde364383a21c03c360a0dd51b950ea.tar.gz
6 files changed, 64 insertions, 8 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 3dc1bd6c58e7..2d43b7cfd5ac 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = moonraker-git
 	pkgdesc = HTTP frontend for Klipper 3D printer firmware
-	pkgver = r1092.f5ceefb
+	pkgver = r1125.13591d0
 	pkgrel = 1
 	url = https://github.com/Arksine/moonraker
 	arch = any
@@ -18,7 +18,10 @@ pkgbase = moonraker-git
 	depends = python-paho-mqtt
 	depends = python-pycurl
 	depends = python-zeroconf
+	depends = python-jinja
+	depends = python-dbus-next
 	depends = libgpiod
+	optdepends = polkit: enable service and machine control through moonraker
 	optdepends = python-preprocess-cancellation: enables exclude object processing
 	provides = moonraker
 	conflicts = moonraker
@@ -26,11 +29,15 @@ pkgbase = moonraker-git
 	source = git+https://github.com/Arksine/moonraker.git#branch=master
 	source = moonraker.conf
 	source = moonraker.service
+	source = moonraker.rules
+	source = sysusers.conf
 	source = tmpfiles.conf
 	source = moonraker-klipper.cfg
 	sha256sums = SKIP
-	sha256sums = 54d34777723232425240da5b75a04e73d25c459cc42ea3f01ecfebab0d232f34
-	sha256sums = 079711d571f950a5dc7dc3b48d59e3f13947db92a22753936e2e2f5c828fbee6
+	sha256sums = 644da0c92412a48e4c612a12a678f981da1be9cfa1d73f2443680c6cfbbebe77
+	sha256sums = b47549a8b888018b03bf41c9b6ccabf8c9e15d3b00a98bd21af85e9b4ec77f5c
+	sha256sums = cef040e973a9bb697659d1506a37a5f829551d5cc96e3f81ff588d5bd67cf1d0
+	sha256sums = 549309fd129c8c665a5aed2d4229c20e5a9927f4fbdc937e0982db4785b9ee0d
 	sha256sums = 7b908a1c3e0b56523d27db5283e2f546f93051fe855cc949635fafa37ba2f416
 	sha256sums = caa868a447ab94bd3e5f86cdf70e5deeb17b233077d94a424a682dfe49349a96
 
diff --git a/PKGBUILD b/PKGBUILD
index 319482ed6316..b048f13c1abe 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,6 +1,6 @@
 # Maintainer: Wilhelm Schuster <aur [aT] rot13 dot io>
 pkgname=moonraker-git
-pkgver=r1092.f5ceefb
+pkgver=r1125.13591d0
 pkgrel=1
 pkgdesc="HTTP frontend for Klipper 3D printer firmware"
 arch=(any)
@@ -18,16 +18,21 @@ depends=(klipper
          python-paho-mqtt
          python-pycurl
          python-zeroconf
+         python-jinja
+         python-dbus-next
          libgpiod)
 makedepends=(git)
-optdepends=("python-preprocess-cancellation: enables exclude object processing")
+optdepends=("polkit: enable service and machine control through moonraker"
+            "python-preprocess-cancellation: enables exclude object processing")
 provides=("${pkgname%-git}")
 conflicts=("${pkgname%-git}")
 backup=('etc/klipper/moonraker.conf')
-source=('git+https://github.com/Arksine/moonraker.git#branch=master' 'moonraker.conf' 'moonraker.service' 'tmpfiles.conf' 'moonraker-klipper.cfg')
+source=('git+https://github.com/Arksine/moonraker.git#branch=master' 'moonraker.conf' 'moonraker.service' 'moonraker.rules' 'sysusers.conf' 'tmpfiles.conf' 'moonraker-klipper.cfg')
 sha256sums=('SKIP'
-            '54d34777723232425240da5b75a04e73d25c459cc42ea3f01ecfebab0d232f34'
-            '079711d571f950a5dc7dc3b48d59e3f13947db92a22753936e2e2f5c828fbee6'
+            '644da0c92412a48e4c612a12a678f981da1be9cfa1d73f2443680c6cfbbebe77'
+            'b47549a8b888018b03bf41c9b6ccabf8c9e15d3b00a98bd21af85e9b4ec77f5c'
+            'cef040e973a9bb697659d1506a37a5f829551d5cc96e3f81ff588d5bd67cf1d0'
+            '549309fd129c8c665a5aed2d4229c20e5a9927f4fbdc937e0982db4785b9ee0d'
             '7b908a1c3e0b56523d27db5283e2f546f93051fe855cc949635fafa37ba2f416'
             'caa868a447ab94bd3e5f86cdf70e5deeb17b233077d94a424a682dfe49349a96')
 
@@ -48,9 +53,14 @@ package() {
 
   install -Dm644 "$srcdir/moonraker.conf" "$pkgdir/etc/klipper/moonraker.conf"
   install -Dm644 "$srcdir/moonraker.service" "$pkgdir/usr/lib/systemd/system/moonraker.service"
+  install -Dm644 "$srcdir/sysusers.conf" "$pkgdir/usr/lib/sysusers.d/moonraker.conf"
   install -Dm644 "$srcdir/tmpfiles.conf" "$pkgdir/usr/lib/tmpfiles.d/moonraker.conf"
   install -Dm644 "$srcdir/moonraker-klipper.cfg" "$pkgdir/usr/share/doc/moonraker/moonraker-klipper.cfg"
 
+  # match directory owner/group and mode from [extra]/polkit
+  install -d -o root -g 102 -m 0750 "$pkgdir"/usr/share/polkit-1/rules.d
+  install -Dm644 "$srcdir/moonraker.rules" "$pkgdir/usr/share/polkit-1/rules.d/moonraker.rules"
+
   install -dm755 "$pkgdir/opt/moonraker"
   GLOBIGNORE=.git cp -r * "$pkgdir/opt/moonraker"
 }
diff --git a/moonraker.conf b/moonraker.conf
index 83c10fc10b29..2b13a66a2501 100644
--- a/moonraker.conf
+++ b/moonraker.conf
@@ -49,6 +49,13 @@ config_path: /etc/klipper
 #   The default is False.
 #enable_object_processing: False
 
+[machine]
+#   The provider implementation used to collect system service information
+#   and run service actions (ie: start, restart, stop).  This can be "none",
+#   "systemd_dbus", or "systemd_cli".  If the provider is set to "none" service
+#   action APIs will be disabled.  The default is systemd_dbus.
+provider: systemd_cli
+
 [database]
 #   The path to the folder that stores Moonraker's lmdb database files.
 #   It is NOT recommended to place this file in a location that is served by
diff --git a/moonraker.rules b/moonraker.rules
new file mode 100644
index 000000000000..0a796274a035
--- /dev/null
+++ b/moonraker.rules
@@ -0,0 +1,30 @@
+// Allow Moonraker User to manage systemd units, reboot and shutdown
+// the system
+polkit.addRule(function(action, subject) {
+    if ((action.id == "org.freedesktop.systemd1.manage-units" ||
+         action.id == "org.freedesktop.login1.power-off" ||
+         action.id == "org.freedesktop.login1.power-off-multiple-sessions" ||
+         action.id == "org.freedesktop.login1.reboot" ||
+         action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
+         action.id.startsWith("org.freedesktop.packagekit.")) &&
+        subject.user == "klipper") {
+        // Only allow processes with the "moonraker-admin" supplementary group
+        // access
+        try {
+            // more concise, but probably slightly slower:
+            /*var groups = polkit.spawn(["ps", "-o", "supgrp=", subject.pid.toString()]).split(",");
+            if (groups.indexOf("moonraker-admin") > -1) {
+                return polkit.Result.YES;
+            }*/
+
+            var gid = polkit.spawn(["getent", "group", "moonraker-admin"]).split(":")[2];
+            var cmdpath = "/proc/" + subject.pid.toString() + "/status";
+            var groups = polkit.spawn(["grep", "^Groups:", cmdpath]).split(" ");
+            if (groups.indexOf(gid) > -1) {
+                return polkit.Result.YES;
+            }
+        } catch (error) {
+            return polkit.Result.NOT_HANDLED;
+        }
+    }
+});
diff --git a/moonraker.service b/moonraker.service
index 335f4c7a17ac..b93a2a31d1c6 100644
--- a/moonraker.service
+++ b/moonraker.service
@@ -6,6 +6,7 @@ After=network.target klipper.service
 [Service]
 Type=simple
 User=klipper
+SupplementaryGroups=moonraker-admin
 SyslogIdentifier=moonraker
 RemainAfterExit=yes
 ExecStart=/usr/bin/python /opt/moonraker/moonraker/moonraker.py -c /etc/klipper/moonraker.conf -n
diff --git a/sysusers.conf b/sysusers.conf
new file mode 100644
index 000000000000..d5f098a29979
--- /dev/null
+++ b/sysusers.conf
@@ -0,0 +1 @@
+g moonraker-admin -
author	Wilhelm Schuster	2022-01-29 20:21:07 +0100
committer	Wilhelm Schuster	2022-01-29 20:21:07 +0100
commit	ec3eeaa22dde364383a21c03c360a0dd51b950ea (patch)
tree	0ca2f46a942f599b278be64736cda0c3b710c3f2
parent	bdf6fc91d1e208504882e459e6c21abcf5ad9f16 (diff)
download	aur-ec3eeaa22dde364383a21c03c360a0dd51b950ea.tar.gz