diff --git a/flatpak.changes b/flatpak.changes index 56df280..26ab20f 100644 --- a/flatpak.changes +++ b/flatpak.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Nov 16 10:09:01 UTC 2018 - matthias.gerstner@suse.com + +- Make polkit_rules_usability.patch effective by adding a 60- prefix to the + rules file. This will cause it to be executed before the + polkit-default-privs are executed (bsc#984817). + ------------------------------------------------------------------- Tue Nov 13 08:55:03 UTC 2018 - Antonio Larrosa diff --git a/flatpak.spec b/flatpak.spec index 3e69b7c..ecde752 100644 --- a/flatpak.spec +++ b/flatpak.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -132,6 +132,12 @@ make %{?_smp_mflags} find %{buildroot} -type f -name "*.la" -delete -print mkdir -p %{buildroot}%{_sbindir} ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper +# add a 60- prefix to the rules file, otherwise it is not effective, because +# /etc/polkit-1/rules.d/90-default-privs.rules is executed first and if no +# polkit-default-privs rule grants access then an explicit reject is the +# result. This should fix bsc#984817, granting members of group wheel access +# w/o password entry. +mv %{buildroot}/%{_datadir}/polkit-1/rules.d/{,60-}org.freedesktop.Flatpak.rules %find_lang %{name} @@ -170,7 +176,7 @@ ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper %{_datadir}/dbus-1/system-services/org.freedesktop.Flatpak.SystemHelper.service # policykit rules %{_datadir}/polkit-1/actions/org.freedesktop.Flatpak.policy -%{_datadir}/polkit-1/rules.d/org.freedesktop.Flatpak.rules +%{_datadir}/polkit-1/rules.d/60-org.freedesktop.Flatpak.rules %{_mandir}/man1/%{name}*.1%{ext_man} %{_mandir}/man5/flatpak-metadata.5%{ext_man} %{_mandir}/man5/flatpak-flatpakref.5%{ext_man}