forked from pool/rpmlint
Accepting request 72894 from devel:openSUSE:Factory:rpmlint
- add colord to dbus whitelist (bnc#698250) - CheckPolkitPrivs.py: use different tag for non-fatal issues - CheckBuildDate.py: print either file-contains-current-date or file-contains-current-date but not both OBS-URL: https://build.opensuse.org/request/show/72894 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rpmlint?expand=0&rev=123
This commit is contained in:
Sascha Peilicke
Git OBS Bridge
commit
7f93324ea2
@ -30,13 +30,13 @@ class BuildDateCheck(AbstractCheck.AbstractFilesCheck):
|
|||||||
|
|
||||||
grep_date = pkg.grep(self.istoday, filename)
|
grep_date = pkg.grep(self.istoday, filename)
|
||||||
|
|
||||||
if len(grep_date):
|
|
||||||
printWarning(pkg, "file-contains-current-date", filename)
|
|
||||||
|
|
||||||
grep_time = pkg.grep(self.looksliketime, filename)
|
grep_time = pkg.grep(self.looksliketime, filename)
|
||||||
|
|
||||||
if len(grep_date) and len(grep_time):
|
if len(grep_date):
|
||||||
|
if len(grep_time):
|
||||||
printError(pkg, "file-contains-date-and-time", filename)
|
printError(pkg, "file-contains-date-and-time", filename)
|
||||||
|
else:
|
||||||
|
printWarning(pkg, "file-contains-current-date", filename)
|
||||||
|
|
||||||
check=BuildDateCheck()
|
check=BuildDateCheck()
|
||||||
|
|
||||||
|
|||||||
@ -77,37 +77,50 @@ class PolkitCheck(AbstractCheck.AbstractCheck):
|
|||||||
try:
|
try:
|
||||||
if f.startswith("/usr/share/PolicyKit/policy/")\
|
if f.startswith("/usr/share/PolicyKit/policy/")\
|
||||||
or f.startswith("/usr/share/polkit-1/actions/"):
|
or f.startswith("/usr/share/polkit-1/actions/"):
|
||||||
f = pkg.dirName() + f
|
xml = parse(pkg.dirName() + f)
|
||||||
xml = parse(f)
|
|
||||||
for a in xml.getElementsByTagName("action"):
|
for a in xml.getElementsByTagName("action"):
|
||||||
action = a.getAttribute('id')
|
action = a.getAttribute('id')
|
||||||
if not action in self.privs:
|
if not action in self.privs:
|
||||||
iserr = 0
|
iserr = 0
|
||||||
foundno = 0
|
foundno = 0
|
||||||
anyseen = 0
|
foundundef = 0
|
||||||
|
settings = {}
|
||||||
try:
|
try:
|
||||||
defaults = a.getElementsByTagName("defaults")[0]
|
defaults = a.getElementsByTagName("defaults")[0]
|
||||||
for i in defaults.childNodes:
|
for i in defaults.childNodes:
|
||||||
if not i.nodeType == i.ELEMENT_NODE:
|
if not i.nodeType == i.ELEMENT_NODE:
|
||||||
continue
|
continue
|
||||||
if i.nodeName == 'allow_any':
|
|
||||||
anyseen = 1
|
if i.nodeName in ('allow_any', 'allow_inactive', 'allow_active'):
|
||||||
if i.firstChild.data.find("auth_admin") != 0:
|
settings[i.nodeName] = i.firstChild.data
|
||||||
if i.firstChild.data == 'no':
|
|
||||||
|
except:
|
||||||
|
iserr = 1
|
||||||
|
|
||||||
|
for i in ('allow_any', 'allow_inactive', 'allow_active'):
|
||||||
|
if not i in settings:
|
||||||
|
foundundef = 1
|
||||||
|
settings[i] = '??'
|
||||||
|
elif settings[i].find("auth_admin") != 0:
|
||||||
|
if settings[i] == 'no':
|
||||||
foundno = 1
|
foundno = 1
|
||||||
else:
|
else:
|
||||||
iserr = 1
|
iserr = 1
|
||||||
except:
|
|
||||||
iserr = 1
|
|
||||||
|
|
||||||
if iserr:
|
if iserr:
|
||||||
printError(pkg, 'polkit-unauthorized-privilege', action)
|
printError(pkg, 'polkit-unauthorized-privilege', '%s (%s:%s:%s)' % (action, \
|
||||||
|
settings['allow_any'], settings['allow_inactive'], settings['allow_active']))
|
||||||
else:
|
else:
|
||||||
printInfo(pkg, 'polkit-unauthorized-privilege', action)
|
printInfo(pkg, 'polkit-untracked-privilege', '%s (%s:%s:%s)' % (action, \
|
||||||
|
settings['allow_any'], settings['allow_inactive'], settings['allow_active']))
|
||||||
|
|
||||||
if foundno or not anyseen:
|
if foundno or foundundef:
|
||||||
printWarning(pkg, 'polkit-cant-acquire-privilege', action)
|
printInfo(pkg,
|
||||||
except:
|
'polkit-cant-acquire-privilege', '%s (%s:%s:%s)' % (action, \
|
||||||
|
settings['allow_any'], settings['allow_inactive'], settings['allow_active']))
|
||||||
|
|
||||||
|
except Exception, x:
|
||||||
|
printError(pkg, 'rpmlint-exception', "%(file)s raised an exception: %(x)s" % {'file':f, 'x':x})
|
||||||
continue
|
continue
|
||||||
|
|
||||||
check=PolkitCheck()
|
check=PolkitCheck()
|
||||||
@ -119,10 +132,18 @@ if Config.info:
|
|||||||
please open a bug report to request review of the package by the
|
please open a bug report to request review of the package by the
|
||||||
security team""",
|
security team""",
|
||||||
'polkit-unauthorized-privilege',
|
'polkit-unauthorized-privilege',
|
||||||
"""If the package is intended for inclusion in any SUSE product
|
"""The package allows unprivileged users to carry out privileged
|
||||||
please open a bug report to request review of the package by the
|
operations without authentication. This could cause security
|
||||||
security team""",
|
problems if not done carefully. If the package is intended for
|
||||||
|
inclusion in any SUSE product please open a bug report to request
|
||||||
|
review of the package by the security team""",
|
||||||
|
'polkit-untracked-privilege',
|
||||||
|
"""The privilege is not listed in /etc/polkit-default-privs.*
|
||||||
|
which makes it harder for admins to find. If the package is intended
|
||||||
|
for inclusion in any SUSE product please open a bug report to
|
||||||
|
request review of the package by the security team""",
|
||||||
'polkit-cant-acquire-privilege',
|
'polkit-cant-acquire-privilege',
|
||||||
"""Usability can be improved by allowing users to acquire privileges
|
"""Usability can be improved by allowing users to acquire privileges
|
||||||
via authentication. Use e.g. 'auth_admin' instead of 'no' and make
|
via authentication. Use e.g. 'auth_admin' instead of 'no' and make
|
||||||
sure to define 'allow_any'.""")
|
sure to define 'allow_any'. This is an issue only if the privilege
|
||||||
|
is not listed in /etc/polkit-default-privs.*""")
|
||||||
|
|||||||
3
config
3
config
@ -425,6 +425,9 @@ setOption("DBUSServices.WhiteList", (
|
|||||||
# synche-connector (bnc#683956)
|
# synche-connector (bnc#683956)
|
||||||
"org.synce.dccm.service",
|
"org.synce.dccm.service",
|
||||||
"org.synce.dccm.conf",
|
"org.synce.dccm.conf",
|
||||||
|
# colord (bnc#698250)
|
||||||
|
"org.freedesktop.ColorManager.service",
|
||||||
|
"org.freedesktop.ColorManager.conf",
|
||||||
))
|
))
|
||||||
|
|
||||||
# Output filters
|
# Output filters
|
||||||
|
|||||||
@ -1,3 +1,15 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 7 15:14:20 UTC 2011 - lnussel@suse.de
|
||||||
|
|
||||||
|
- add colord to dbus whitelist (bnc#698250)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 7 15:03:54 UTC 2011 - lnussel@suse.de
|
||||||
|
|
||||||
|
- CheckPolkitPrivs.py: use different tag for non-fatal issues
|
||||||
|
- CheckBuildDate.py: print either file-contains-current-date or
|
||||||
|
file-contains-current-date but not both
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue May 31 11:29:52 UTC 2011 - lnussel@suse.de
|
Tue May 31 11:29:52 UTC 2011 - lnussel@suse.de
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user