From 7d1d4dc93ae476a428322be6564ed2abad077b5d9fd92224cf60b934070aae91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= Date: Sat, 28 Jul 2018 10:59:58 +0000 Subject: [PATCH] Accepting request 624834 from home:mgerstner:branches:GNOME:Factory - polkit_rules_usability.patch: Improve usability by allowing members of the group 'wheel' to bypass polkit authentication checks when locally logged in (bnc#984817). This adds a few polkit actions to the rules that are not covered by upstream, because they are set to 'yes' for active users by default. On SUSE we require 'auth_admin' for regular users, however. OBS-URL: https://build.opensuse.org/request/show/624834 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=53 --- flatpak.changes | 9 +++++++++ flatpak.spec | 2 ++ polkit_rules_usability.patch | 16 ++++++++++++++++ 3 files changed, 27 insertions(+) create mode 100644 polkit_rules_usability.patch diff --git a/flatpak.changes b/flatpak.changes index 6ab5946..bfa12ad 100644 --- a/flatpak.changes +++ b/flatpak.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon Jul 23 15:13:44 UTC 2018 - matthias.gerstner@suse.com + +- polkit_rules_usability.patch: Improve usability by allowing members of the + group 'wheel' to bypass polkit authentication checks when locally logged in + (bnc#984817). This adds a few polkit actions to the rules that are not + covered by upstream, because they are set to 'yes' for active users by + default. On SUSE we require 'auth_admin' for regular users, however. + ------------------------------------------------------------------- Fri Jun 15 03:24:22 UTC 2018 - luc14n0@linuxmail.org diff --git a/flatpak.spec b/flatpak.spec index 068f744..d5fd6ed 100644 --- a/flatpak.spec +++ b/flatpak.spec @@ -25,6 +25,7 @@ License: LGPL-2.1-or-later Group: System/Packages URL: https://flatpak.github.io/ Source: %{name}-%{version}.tar.xz +Patch0: polkit_rules_usability.patch BuildRequires: bison BuildRequires: bubblewrap >= 0.2.1 BuildRequires: docbook-xsl-stylesheets @@ -112,6 +113,7 @@ more information. %prep %setup -q +%patch0 -p1 %build NOCONFIGURE=1 ./autogen.sh diff --git a/polkit_rules_usability.patch b/polkit_rules_usability.patch new file mode 100644 index 0000000..818eb4c --- /dev/null +++ b/polkit_rules_usability.patch @@ -0,0 +1,16 @@ +Index: flatpak-0.11.8.3/system-helper/org.freedesktop.Flatpak.rules.in +=================================================================== +--- flatpak-0.11.8.3.orig/system-helper/org.freedesktop.Flatpak.rules.in ++++ flatpak-0.11.8.3/system-helper/org.freedesktop.Flatpak.rules.in +@@ -3,7 +3,10 @@ polkit.addRule(function(action, subject) + action.id == "org.freedesktop.Flatpak.runtime-install"|| + action.id == "org.freedesktop.Flatpak.app-uninstall" || + action.id == "org.freedesktop.Flatpak.runtime-uninstall" || +- action.id == "org.freedesktop.Flatpak.modify-repo") && ++ action.id == "org.freedesktop.Flatpak.modify-repo" || ++ action.id == "org.freedesktop.Flatpak.app-update" || ++ action.id == "org.freedesktop.Flatpak.runtime-update" || ++ action.id == "org.freedesktop.Flatpak.appstream-update") && + subject.active == true && subject.local == true && + subject.isInGroup("@privileged_group@")) { + return polkit.Result.YES;