diff --git a/polkit-0.104.tar.gz b/polkit-0.104.tar.gz deleted file mode 100644 index b42da34..0000000 --- a/polkit-0.104.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6b0a13d8381e4a7b7e37c18a54595191b50757e0fcd186cd9918e9ad0f18c7f9 -size 1416583 diff --git a/polkit-0.107.tar.gz b/polkit-0.107.tar.gz new file mode 100644 index 0000000..e9f11f2 --- /dev/null +++ b/polkit-0.107.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c826973db2b226dc8f807af5143f7b8be5d0270f46c0c1241a83b067db9d8311 +size 1383089 diff --git a/polkit-no-systemd.patch b/polkit-no-systemd.patch new file mode 100644 index 0000000..6ddb858 --- /dev/null +++ b/polkit-no-systemd.patch @@ -0,0 +1,9 @@ +Index: polkit-0.107/data/org.freedesktop.PolicyKit1.service.in +=================================================================== +--- polkit-0.107.orig/data/org.freedesktop.PolicyKit1.service.in ++++ polkit-0.107/data/org.freedesktop.PolicyKit1.service.in +@@ -2,4 +2,3 @@ + Name=org.freedesktop.PolicyKit1 + Exec=@libprivdir@/polkitd --no-debug + User=root +-SystemdService=polkit.service diff --git a/polkit-no-wheel-group.patch b/polkit-no-wheel-group.patch index af7a817..826bcd0 100644 --- a/polkit-no-wheel-group.patch +++ b/polkit-no-wheel-group.patch @@ -1,10 +1,11 @@ -Index: polkit-0.104/src/polkitbackend/50-localauthority.conf +Index: polkit-0.107/src/polkitbackend/50-default.rules =================================================================== ---- polkit-0.104.orig/src/polkitbackend/50-localauthority.conf -+++ polkit-0.104/src/polkitbackend/50-localauthority.conf -@@ -7,4 +7,4 @@ - # +--- polkit-0.107.orig/src/polkitbackend/50-default.rules ++++ polkit-0.107/src/polkitbackend/50-default.rules +@@ -8,5 +8,5 @@ + // about configuring polkit. - [Configuration] --AdminIdentities=unix-group:wheel -+AdminIdentities=unix-user:0 + polkit.addAdminRule(function(action, subject) { +- return ["unix-group:wheel"]; ++ return ["unix-user:0"]; + }); diff --git a/polkit-suid_flags.patch b/polkit-suid_flags.patch index 5c7e741..d9b0bc5 100644 --- a/polkit-suid_flags.patch +++ b/polkit-suid_flags.patch @@ -44,8 +44,8 @@ index e8c9fb1..f0f8419 100644 + $(NULL) + if HAVE_INTROSPECTION + girdir = $(INTROSPECTION_GIRDIR) - gir_DATA = PolkitAgent-1.0.gir diff --git a/src/programs/Makefile.am b/src/programs/Makefile.am index c260dee..6aac06b 100644 --- a/src/programs/Makefile.am diff --git a/polkit.changes b/polkit.changes index 36aeff4..b642481 100644 --- a/polkit.changes +++ b/polkit.changes @@ -1,3 +1,64 @@ +------------------------------------------------------------------- +Thu Nov 8 21:34:15 UTC 2012 - aj@suse.de + +- Add pwdutils to prereq for groupadd and useradd. + +------------------------------------------------------------------- +Thu Sep 27 07:55:23 UTC 2012 - vuntz@opensuse.org + +- Add polkit-no-systemd.patch: this patch, only applied when not + building systemd support, removes the systemd service reference + from the dbus .service file. This is needed as the systemd + .service file does not get installed in that case and dbus gets + confused because it expects it. +- Make %{_datadir}/polkit-1/rules.d and + %{_sysconfdir}/polkit-1/rules.d owned by user polkitd, as those + directories have 0700 as permissions. +- Those two changes should fix polkit so it can start. + Fix bnc#782395. + +------------------------------------------------------------------- +Tue Sep 25 09:05:02 UTC 2012 - vuntz@opensuse.org + +- Use %{_localstatedir}/lib/polkit for $HOME of polkit user, + instead of %{_libexecdir}/polkit-1. The directory is manually + created in %install. + +------------------------------------------------------------------- +Fri Sep 14 18:20:06 UTC 2012 - vuntz@opensuse.org + +- Update to version 0.107: + + Try harder to look up the right localization + + Introduce a polkit.Result enumeration for authorization rules + + pkexec: add support for argv1 annotation and mention + shebang-wrappers + + doc: update guidance on situations where there is no polkit + authority +- Changes from version 0.106: + + Major change: switch from .pkla files (keyfile-format) to + .rules files (JavaScript) + + Nuke polkitbackend library, localauthority backend and + extension system + + Run polkitd as an unprivileged user + + Add a systemd .service file + + Several other code changes. + + Updated documentation. +- Changes from version 0.105: + + Add pkttyagent(1) helper + + Make it possible to influence agent registration with an a{sv} + parameter + + Several other code changes. +- Add pkgconfig(mozjs185) BuildRequires: new dependency for the + authority backend. +- Rebase polkit-no-wheel-group.patch: the admin configuration is + now in a .rules file. +- Rebase polkit-suid_flags.patch. +- Explicitly pass --enable-libsystemd-login or + --disable-libsystemd-login, depending on whether we build systemd + support. +- Add a %pre script to create the polkitd group and user, as + polkitd now run as an unprivileged user. + ------------------------------------------------------------------- Wed Aug 22 15:52:30 UTC 2012 - meissner@suse.com diff --git a/polkit.spec b/polkit.spec index 157c987..0b234c4 100644 --- a/polkit.spec +++ b/polkit.spec @@ -22,21 +22,23 @@ Name: polkit Summary: PolicyKit Authorization Framework License: LGPL-2.1+ Group: System/Libraries -Version: 0.104 +Version: 0.107 Release: 0 Url: http://www.freedesktop.org/wiki/Software/PolicyKit BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz +Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz Source99: baselibs.conf # PATCH-FIX-OPENSUSE polkit-no-wheel-group.patch vuntz@opensuse.org -- In openSUSE, there's no special meaning for the wheel group, so we shouldn't allow it to be admin Patch0: polkit-no-wheel-group.patch # PATCH-FIX-UPSTREAM polkit-suid_flags.patch bnc#743145 fdo#46569 vuntz@opensuse.org -- Respect SUID_CFLAGS/SUID_LDFLAGS Patch1: polkit-suid_flags.patch +# PATCH-FIX-UPSTREAM polkit-no-systemd.patch bnc#782395 fdo#55377 vuntz@opensuse.org -- Do not reference non-existing polkit.service file for systemd (only applied if not built with systemd support) +Patch2: polkit-no-systemd.patch # needed for patch1 BuildRequires: autoconf # needed for patch1 BuildRequires: automake -BuildRequires: glib2-devel >= 2.25.12 +BuildRequires: glib2-devel >= 2.30.0 BuildRequires: gobject-introspection-devel >= 0.6.2 BuildRequires: gtk-doc # gtk-doc drags indirectyly ruby in for one of the helpers. This in turn causes a build cycle. @@ -49,7 +51,8 @@ BuildRequires: pam-devel %if 0%{?with_systemd} BuildRequires: systemd-devel %endif -PreReq: permissions +BuildRequires: pkgconfig(mozjs185) +PreReq: permissions pwdutils Requires: ConsoleKit Requires: dbus-1 Requires: libpolkit0 = %{version}-%{release} @@ -112,6 +115,9 @@ This package provides the GObject Introspection bindings for PolicyKit. %setup -q %patch0 -p1 %patch1 -p1 +%if !(0%{?with_systemd}) +%patch2 -p1 +%endif %build export V=1 @@ -126,22 +132,29 @@ export SUID_LDFLAGS="-z now -pie" --disable-static \ --enable-introspection \ --enable-examples \ - --libexecdir=%{_prefix}/lib/polkit-1 +%if 0%{?with_systemd} + --enable-libsystemd-login \ +%else + --disable-libsystemd-login \ +%endif + --libexecdir=%{_libexecdir}/polkit-1 make %{?_smp_mflags} %install -make install DESTDIR=$RPM_BUILD_ROOT -rm -f $RPM_BUILD_ROOT%{_libdir}/*.la -rm -f $RPM_BUILD_ROOT%{_libdir}/polkit-1/extensions/*.la -# For some reason, "smart" parts of the build are _sometimes_ -# not smart enough to handle a 0700 directory. We set that back to -# the proper original value in the %file list -chmod 0755 $RPM_BUILD_ROOT%{_localstatedir}/lib/polkit-1 +%make_install +rm $RPM_BUILD_ROOT%{_libdir}/*.la +# create $HOME for polkit user +install -d %{buildroot}%{_localstatedir}/lib/polkit %find_lang polkit-1 %clean rm -rf $RPM_BUILD_ROOT +%pre +getent group polkitd > /dev/null || groupadd -r polkitd +getent passwd polkitd > /dev/null || useradd -r -g polkitd -d %{_localstatedir}/lib/polkit -s /sbin/nologin -c "User for polkitd" polkitd +exit 0 + %post %set_permissions %{_bindir}/pkexec %set_permissions %{_prefix}/lib/polkit-1/polkit-agent-helper-1 @@ -156,7 +169,8 @@ rm -rf $RPM_BUILD_ROOT %files -n libpolkit0 %defattr(-,root,root,-) -%{_libdir}/lib*.so.* +%{_libdir}/libpolkit-agent-1.so.* +%{_libdir}/libpolkit-gobject-1.so.* %files -n typelib-1_0-Polkit-1_0 %defattr(-,root,root,-) @@ -166,48 +180,43 @@ rm -rf $RPM_BUILD_ROOT %files -f polkit-1.lang %defattr(-,root,root,-) %doc COPYING -%dir %{_libdir}/polkit-1 -%dir %{_libdir}/polkit-1/extensions -%{_libdir}/polkit-1/extensions/*.so -%{_datadir}/man/man1/pkexec.1.gz -%{_datadir}/man/man1/pkaction.1.gz -%{_datadir}/man/man1/pkcheck.1.gz -%{_datadir}/man/man8/polkitd.8.gz -%{_datadir}/man/man8/polkit.8.gz -%{_datadir}/man/man8/pklocalauthority.8.gz +%{_mandir}/man1/pkexec.1%{?ext_man} +%{_mandir}/man1/pkaction.1%{?ext_man} +%{_mandir}/man1/pkcheck.1%{?ext_man} +%{_mandir}/man1/pkttyagent.1%{?ext_man} +%{_mandir}/man8/polkitd.8%{?ext_man} +%{_mandir}/man8/polkit.8%{?ext_man} %dir %{_datadir}/dbus-1 -%{_datadir}/dbus-1/system-services +%dir %{_datadir}/dbus-1/system-services +%{_datadir}/dbus-1/system-services/org.freedesktop.PolicyKit1.service %dir %{_datadir}/polkit-1 %dir %{_datadir}/polkit-1/actions %{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy +%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d %dir %{_sysconfdir}/dbus-1 %dir %{_sysconfdir}/dbus-1/system.d %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf %config(noreplace) %{_sysconfdir}/pam.d/polkit-1 %dir %{_sysconfdir}/polkit-1 -%dir %{_sysconfdir}/polkit-1/nullbackend.conf.d -%config(noreplace) %{_sysconfdir}/polkit-1/nullbackend.conf.d/50-nullbackend.conf -%attr(0700,root,root) %dir %{_sysconfdir}/polkit-1/localauthority -%dir %{_sysconfdir}/polkit-1/localauthority/10-vendor.d -%dir %{_sysconfdir}/polkit-1/localauthority/20-org.d -%dir %{_sysconfdir}/polkit-1/localauthority/30-site.d -%dir %{_sysconfdir}/polkit-1/localauthority/50-local.d -%dir %{_sysconfdir}/polkit-1/localauthority/90-mandatory.d -%dir %{_sysconfdir}/polkit-1/localauthority.conf.d -%config(noreplace) %{_sysconfdir}/polkit-1/localauthority.conf.d/50-localauthority.conf +%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d +%config(noreplace) %{_sysconfdir}/polkit-1/rules.d/50-default.rules %{_bindir}/pkaction %{_bindir}/pkcheck %verify(not mode) %attr(4755,root,root) %{_bindir}/pkexec -%dir %{_prefix}/lib/polkit-1 -%{_prefix}/lib/polkit-1/polkitd +%{_bindir}/pkttyagent +%dir %{_libexecdir}/polkit-1 +%{_libexecdir}/polkit-1/polkitd %verify(not mode) %attr(4755,root,root) %{_prefix}/lib/polkit-1/polkit-agent-helper-1 -%attr(0700,root,root) %dir %{_localstatedir}/lib/polkit-1 +# $HOME for polkit user +%dir %{_localstatedir}/lib/polkit %files devel %defattr(-,root,root,-) -%{_libdir}/lib*.so -%{_libdir}/pkgconfig/*.pc -%{_includedir}/* +%{_libdir}/libpolkit-agent-1.so +%{_libdir}/libpolkit-gobject-1.so +%{_libdir}/pkgconfig/polkit-agent-1.pc +%{_libdir}/pkgconfig/polkit-gobject-1.pc +%{_includedir}/polkit-1/ %{_bindir}/pk-example-frobnicate %{_datadir}/gir-1.0/*.gir %{_datadir}/polkit-1/actions/org.freedesktop.policykit.examples.pkexec.policy @@ -215,6 +224,6 @@ rm -rf $RPM_BUILD_ROOT %files doc %defattr(-,root,root,-) %doc NEWS -%{_datadir}/gtk-doc/html/* +%doc %{_datadir}/gtk-doc/html/polkit-1/ %changelog