Hello community, here is the log from the commit of package webyast-base for openSUSE:Factory checked in at 2012-06-14 21:11:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/webyast-base (Old) and /work/SRC/openSUSE:Factory/.webyast-base.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "webyast-base", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/webyast-base/webyast-base.changes 2011-12-30 08:46:48.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.webyast-base.new/webyast-base.changes 2012-06-14 21:11:40.000000000 +0200 @@ -1,0 +2,78 @@ +Thu Jun 14 08:36:05 UTC 2012 - [email protected] + +- license update: LGPL-2.1 and GPL-2.0 and Apache-2.0 + Contains components under GPL-2.0 and javascript components under + Apache-2.0 license + +------------------------------------------------------------------- +Wed Jun 13 12:14:54 UTC 2012 - [email protected] + +- added versioned Provides/Obsoletes, use "try-restart" for + restarting SUSE Firewall + +------------------------------------------------------------------- +Wed Jun 6 14:36:56 UTC 2012 - [email protected] + +- Provide/Obsolete webyast-base-ui-branding-default and + webyast-firstboot-ws packages (to remove them at update) +- 0.3.10 + +------------------------------------------------------------------- +Wed Jun 6 12:07:35 UTC 2012 - [email protected] + +- update to delayed_job 3.0 +- 0.3.9 + +------------------------------------------------------------------- +Mon Jun 4 15:18:57 UTC 2012 - [email protected] + +- reload firewall after modifying /etc/sysconfig/SuSEfirewall2 +- 0.3.8 + +------------------------------------------------------------------- +Fri Jun 1 14:10:34 UTC 2012 - [email protected] + +- fixed update problems (fixed %pre and %post scripts in .spec + file) +- 0.3.7 + +------------------------------------------------------------------- +Wed May 30 08:14:40 UTC 2012 - [email protected] + +- fixed control panel tests +- 0.3.6 + +------------------------------------------------------------------- +Fri May 25 13:28:08 UTC 2012 - [email protected] + +- switched to Rails 3.2 +- removed usage of static_record_cache gem (incompatible with + Rails 3.2), the missing caching should not have big impact +- 0.3.5 + +------------------------------------------------------------------- +Fri May 25 11:10:23 UTC 2012 - [email protected] + +- do not compress JS files - less build dependencies, + the compression ratio is small anyway +- 0.3.4 + +------------------------------------------------------------------- +Thu May 24 09:56:56 UTC 2012 - [email protected] + +- ApplicationController - fixed rendering uncaught exceptions + in XML format +- 0.3.3 + +------------------------------------------------------------------- +Fri May 18 09:58:45 UTC 2012 - [email protected] + +- added "help_text" view helper for displaying inline help texts +- 0.3.2 + +------------------------------------------------------------------- +Tue Apr 17 11:03:51 UTC 2012 - [email protected] + +- updated copyrights + +------------------------------------------------------------------- New: ---- config.yml ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ webyast-base.spec ++++++ --- /var/tmp/diff_new_pack.MbWNQn/_old 2012-06-14 21:11:42.000000000 +0200 +++ /var/tmp/diff_new_pack.MbWNQn/_new 2012-06-14 21:11:42.000000000 +0200 @@ -1,27 +1,32 @@ # -# spec file for package webyast-base +# spec file for package webyast-base (Version 0.1.19) # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. # -# All modifications and additions to the file contributed by third parties -# remain the property of their copyright owners, unless otherwise agreed -# upon. The license for this file, and modifications and additions to the -# file, is the same license as for the pristine package itself (unless the -# license for the pristine package is not an Open Source License, in which -# case the license is the MIT License). An "Open Source License" is a -# license that conforms to the Open Source Definition (Version 1.9) -# published by the Open Source Initiative. - # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - Name: webyast-base +Version: 0.3.10 +Release: 0 +Provides: yast2-webservice = %{version} +Obsoletes: yast2-webservice < %{version} Provides: webyast-language-ws = 0.1.0 Obsoletes: webyast-language-ws <= 0.1.0 -Provides: webyast-base-ws = 0.2.24, webyast-base-ui = 0.2.65 -Obsoletes: webyast-base-ws <= 0.2.24, webyast-base-ui <= 0.2.65 + +Obsoletes: webyast-base-ui < %{version} +Obsoletes: webyast-base-ws < %{version} +Obsoletes: yast2-webclient < %{version} +Obsoletes: yast2-webservice < %{version} +Obsoletes: webyast-firstboot-ws < %{version} +Provides: webyast-base-ui = %{version} +Provides: webyast-base-ws = %{version} +Provides: yast2-webclient = %{version} +Provides: yast2-webservice = %{version} +Provides: webyast-firstboot-ws = %{version} %if 0%{?suse_version} == 0 || %suse_version > 1110 # 11.2 or newer @@ -39,31 +44,33 @@ Requires: yast2-core >= 2.17.30.1 Requires: sysvinit > 2.86-195.3.1 %endif -Requires: webyast-base-branding-default Requires: rubygem-passenger-nginx, rubygem-nokogiri Requires: nginx >= 1.0 -Requires: ruby-fcgi, sqlite, syslog-ng, check-create-certificate +Requires: sqlite3, syslog-ng, check-create-certificate, yast2-dbus-server %if 0%{?suse_version} == 0 || %suse_version <= 1130 Requires: ruby-dbus %else Requires: rubygem-ruby-dbus %endif -Requires: rubygem-webyast-rake-tasks -Requires: rubygem-static_record_cache -Requires: yast2-dbus-server + +Requires: rubygem-webyast-rake-tasks >= 0.2, webyast-base-branding +PreReq: rubygem-bundler # 634404 Recommends: logrotate -PreReq: polkit, PackageKit, rubygem-rake, rubygem-sqlite3 -PreReq: rubygem-rails-2_3 >= 2.3.8 -PreReq: rubygem-rpam, rubygem-polkit1, rubygem-gettext_rails -PreReq: yast2-runlevel -License: LGPL-2.0 +%if 0%{?suse_version} == 0 || %suse_version > 1110 +PreReq: polkit, rubygem-polkit1 +%else +# <11.1 or SLES11 +PreReq: PolicyKit, rubygem-polkit +%endif +PreReq: rubygem-rake, rubygem-sqlite3 +PreReq: rubygem-rails-3_2 >= 3.2.3 +PreReq: rubygem-fast_gettext, rubygem-gettext_i18n_rails, rubygem-inifile +License: LGPL-2.1 and GPL-2.0 and Apache-2.0 Group: Productivity/Networking/Web/Utilities -Url: http://en.opensuse.org/Portal:WebYaST -AutoReqProv: on -Version: 0.3.1 -Release: 0 +URL: http://en.opensuse.org/Portal:WebYaST +Autoreqprov: on Summary: WebYaST - base components Source: www.tar.bz2 Source1: webyastPermissionsService.rb @@ -77,36 +84,45 @@ Source11: webyast.lr.conf Source12: nginx.conf Source13: control_panel.yml +Source14: config.yml BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: pkg-config ruby rubygem-mocha rubygem-static_record_cache +BuildRequires: ruby, pkg-config, rubygem-mocha # if we run the tests during build, we need most of Requires here too, # except for deployment specific stuff -BuildRequires: rubygem-restility rubygem-webyast-rake-tasks -BuildRequires: dbus-1 sqlite yast2-core yast2-dbus-server +BuildRequires: rubygem-webyast-rake-tasks >= 0.2 +BuildRequires: sqlite3, dbus-1 %if 0%{?suse_version} == 0 || %suse_version <= 1130 BuildRequires: ruby-dbus %else BuildRequires: rubygem-ruby-dbus %endif -BuildRequires: PackageKit polkit rubygem-sqlite3 -BuildRequires: rubygem-rails-2_3 >= 2.3.8 -BuildRequires: rubygem-polkit1 rubygem-rpam -# the testsuite is run during build -BuildRequires: rubygem-mocha rubygem-test-unit -BuildRequires: rubygem-haml rubygem-nokogiri tidy -BuildRequires: nginx >= 1.0 rubygem-passenger-nginx - -%if 0%{?suse_version} != 1140 -# since 12*, sass conflicts with haml, but SLES11 has already the new sass -#BuildRequires: rubygem-sass +BuildRequires: rubygem-sqlite3 +BuildRequires: rubygem-rails-3_2 +%if 0%{?suse_version} == 0 || %suse_version > 1110 +BuildRequires: polkit, rubygem-polkit1 +%else +# <11.1 or SLES11 +BuildRequires: PolicyKit, rubygem-polkit %endif +# the testsuite is run during build +BuildRequires: rubygem-test-unit rubygem-mocha +BuildRequires: rubygem-haml, rubygem-nokogiri, rubygem-builder-3_0 +BuildRequires: nginx >= 1.0 +BuildRequires: rubygem-bundler +BuildRequires: rubygem-devise, rubygem-devise_unix2_chkpwd_authenticatable, rubygem-devise-i18n +BuildRequires: rubygem-cancan, rubygem-delayed_job-3_0, rubygem-delayed_job_active_record + +BuildRequires: rubygem-gettext, rubygem-ruby_parser, rubygem-inifile + +BuildRequires: rubygem-factory_girl, rubygem-factory_girl_rails, rubygem-mocha + +Requires: rubygem-haml, rubygem-sqlite3, rubygem-builder-3_0 +Requires: rubygem-fast_gettext, rubygem-gettext_i18n_rails, rubygem-rails-i18n + +Requires: rubygem-devise, rubygem-devise_unix2_chkpwd_authenticatable, rubygem-devise-i18n +Requires: rubygem-cancan, rubygem-delayed_job-3_0, rubygem-delayed_job_active_record -#rubygem-rack > 1.1 is has problems with rails/rake. So we ensure that we -#still uses 1.1. (Can be removed if there is a stable version available) -BuildRequires: rubygem-rack <= 1.2 -Requires: rubygem-rack <= 1.2 -Conflicts: rubygem-rack > 1.2 # This is for Hudson (build service) to setup the build env correctly %if 0 @@ -129,15 +145,14 @@ %package testsuite Group: Productivity/Networking/Web/Utilities Requires: webyast-base = %{version} -Provides: webyast-base-ws-testsuite = 0.2.24, webyast-base-ui-testsuite = 0.2.65 -Obsoletes: webyast-base-ws-testsuite <= 0.2.24, webyast-base-ui-testsuite <= 0.2.65 - Summary: Testsuite for webyast-base package # %define pkg_home /var/lib/%{webyast_user} # +Requires: rubygem-factory_girl, rubygem-factory_girl_rails, rubygem-mocha, tidy + %description WebYaST - Core components for UI and REST based interface to system manipulation. Authors: @@ -152,11 +167,14 @@ %package branding-default Group: Productivity/Networking/Web/Utilities -Provides: webyast-branding -Provides: webyast-base-ui-branding-default = 0.2.65 -Obsoletes: webyast-base-ui-branding-default <= 0.2.65 +Provides: webyast-base-branding = %{version} Requires: %{name} = %{version} -#Requires: rubygem-mocha rubygem-test-unit tidy +Conflicts: otherproviders(webyast-base-branding) +Supplements: packageand(webyast-base:branding-default) + +Provides: webyast-base-ui-branding-default +Obsoletes: webyast-base-ui-branding-default + Summary: Branding package for webyast-base package %description branding-default @@ -167,20 +185,46 @@ %setup -q -n www %build -env LANG=en rake makemo -rake sass:update -rake js:base -rm -r app/sass +%if %suse_version <= 1110 +export WEBYAST_POLICYKIT='true' +%endif +# build *.mo files (redirect sterr to /dev/null as it contains tons of warnings about obsoleted (commented) msgids) +LANG=en rake gettext:pack 2> /dev/null +# gettext:pack for some reason creates empty db/development.sqlite3 file +rm -rf db/development.sqlite3 + +# precompile assets +rake assets:precompile + +# split manifest file +rake assets:split_manifest +rm -rf public/assets/manifest.yml + +# cleanup +rm -rf tmp +rm -rf log + +# remove Gemfile.lock created by the above rake calls +rm Gemfile.lock %check + +%if %suse_version <= 1110 +export WEBYAST_POLICYKIT='true' +%endif # run the testsuite RAILS_ENV=test rake db:migrate +rake tmp:create RAILS_ENV=test $RPM_BUILD_ROOT%{webyast_dir}/test/dbus-launch-simple rake test -#--------------------------------------------------------------- +#--------------------------------------------------------------- %install +%if %suse_version <= 1110 +export WEBYAST_POLICYKIT='true' +%endif + # # Install all web and frontend parts. # @@ -189,7 +233,20 @@ rm -f $RPM_BUILD_ROOT%{webyast_dir}/log/* rm -rf $RPM_BUILD_ROOT/%{webyast_dir}/po rm -f $RPM_BUILD_ROOT%{webyast_dir}/COPYING -touch $RPM_BUILD_ROOT%{webyast_dir}/db/schema.rb + +# install production mode Gemfile +rake gemfile:production > $RPM_BUILD_ROOT%{webyast_dir}/Gemfile +# install test mode Gemfile +rake gemfile:test > $RPM_BUILD_ROOT%{webyast_dir}/Gemfile.test +# install assets mode Gemfile +rake gemfile:assets > $RPM_BUILD_ROOT%{webyast_dir}/Gemfile.assets + +# remove .gitkeep files +find $RPM_BUILD_ROOT%{webyast_dir} -name .gitkeep -delete + +# remove *.po files (compiled *.mo files are sufficient) +find $RPM_BUILD_ROOT%{webyast_dir}/locale -name '*.po' -delete + %{__install} -d -m 0755 \ %{buildroot}%{pkg_home}/sockets/ \ @@ -221,8 +278,8 @@ ln -s /etc/nginx/win-utf $RPM_BUILD_ROOT/etc/webyast # Policies -mkdir -p $RPM_BUILD_ROOT/usr/share/polkit-1/actions -install -m 0644 %SOURCE4 $RPM_BUILD_ROOT/usr/share/polkit-1/actions +mkdir -p $RPM_BUILD_ROOT/usr/share/%{webyast_polkit_dir} +install -m 0644 %SOURCE4 $RPM_BUILD_ROOT/usr/share/%{webyast_polkit_dir} install -m 0644 %SOURCE6 $RPM_BUILD_ROOT/etc/ install -m 0555 %SOURCE5 $RPM_BUILD_ROOT/usr/sbin/ @@ -250,6 +307,10 @@ mkdir -p $RPM_BUILD_ROOT/etc/webyast/ cp %SOURCE13 $RPM_BUILD_ROOT/etc/webyast/ +%if %suse_version <= 1110 +cp %SOURCE14 $RPM_BUILD_ROOT/etc/webyast/ +%endif + # install permissions service mkdir -p $RPM_BUILD_ROOT/usr/sbin/ install -m 0500 %SOURCE1 $RPM_BUILD_ROOT/usr/sbin/ @@ -262,13 +323,14 @@ mkdir -p %buildroot/var/adm/update-scripts touch %buildroot/var/adm/update-scripts/%name-%version-%release-1 -#--------------------------------------------------------------- +# for basesystem setup (firstboot) +mkdir -p $RPM_BUILD_ROOT%{webyast_vardir}/basesystem +#--------------------------------------------------------------- %clean rm -rf $RPM_BUILD_ROOT #--------------------------------------------------------------- - %pre # @@ -283,13 +345,13 @@ # which will be called AFTER the installation if /bin/rpm -q webyast-base-ui > /dev/null ; then echo "renaming webyast-base-ui to webyast-base" - if /sbin/yast runlevel summary service=webyast 2>&1|grep " 3 "|grep webyast >/dev/null ; then + if /sbin/chkconfig -l yastwc 2> /dev/null | grep " 3:on " >/dev/null ; then echo "webyast is inserted into the runlevel" echo "#!/bin/sh" > %name-%version-%release-1 - echo "/sbin/yast runlevel add service=webyast" >> %name-%version-%release-1 + echo "/sbin/chkconfig -a webyast" >> %name-%version-%release-1 echo "/usr/sbin/rcwebyast restart" >> %name-%version-%release-1 else - if /usr/sbin/rcwebyast status > /dev/null ; then + if /usr/sbin/rcyastwc status > /dev/null ; then echo "webyast is running" echo "#!/bin/sh" > %name-%version-%release-1 echo "/usr/sbin/rcwebyast restart" >> %name-%version-%release-1 @@ -302,8 +364,12 @@ if /usr/sbin/rcyastws status > /dev/null ; then echo "yastws is running under lighttpd -> switching to nginx" /usr/sbin/rcyastws stop > /dev/null + + # check if the restart file already exists + if [ ! -f %name-%version-%release-1 ] ; then echo "#!/bin/sh" > %name-%version-%release-1 - echo "/usr/sbin/rcywebyast restart" >> %name-%version-%release-1 + echo "/usr/sbin/rcwebyast restart" >> %name-%version-%release-1 + fi fi fi if [ -f %name-%version-%release-1 ] ; then @@ -314,13 +380,11 @@ exit 0 #--------------------------------------------------------------- - %post %fillup_and_insserv %{webyast_service} # #granting permissions for webyast # -/usr/sbin/grantwebyastrights --user %{webyast_user} --action grant --policy org.freedesktop.packagekit.system-update > /dev/null ||: /usr/sbin/grantwebyastrights --user %{webyast_user} --action grant --policy org.opensuse.yast.module-manager.import > /dev/null ||: # # granting all permissions for root @@ -330,7 +394,14 @@ # create database # cd %{webyast_dir} + +# force refreshing the Gemfile.lock +rm -f Gemfile.lock + #migrate database +%if %suse_version <= 1110 +export WEBYAST_POLICYKIT='true' +%endif RAILS_ENV=production rake db:migrate chown -R %{webyast_user}: db chown -R %{webyast_user}: log @@ -346,32 +417,43 @@ # dbus-send --print-reply --system --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig >/dev/null ||: -#--------------------------------------------------------------- +# update firewall config +if grep -q webyast-ui /etc/sysconfig/SuSEfirewall2; then + echo "Updating firewall config..." + sed -i "s/\(^[ \t]*FW_CONFIGURATIONS_.*[ \t]*=[ \t]*\".*[ \t]*\)webyast-ui\(.*$\)/\1webyast\2/" /etc/sysconfig/SuSEfirewall2 + + # reload the changes + echo "Restarting firewall..." + /sbin/rcSuSEfirewall2 try-restart +fi +#--------------------------------------------------------------- %preun %stop_on_removal %{webyast_service} #--------------------------------------------------------------- - %postun %restart_on_update %{webyast_service} %{insserv_cleanup} #--------------------------------------------------------------- # restart webyast on nginx update (bnc#559534) - %triggerin -- nginx %restart_on_update %{webyast_service} -#--------------------------------------------------------------- +%post branding-default +%webyast_update_assets + +%postun branding-default +%webyast_update_assets +#--------------------------------------------------------------- %files %defattr(-,root,root) #this /etc/webyast is for nginx conf for webyast %dir /etc/webyast %dir %{webyast_dir} -%dir %{_datadir}/polkit-1 -%dir %{_datadir}/polkit-1/actions +%attr(-,root,root) %{_datadir}/%{webyast_polkit_dir} %attr(-,%{webyast_user},%{webyast_user}) %dir %{pkg_home} %attr(-,%{webyast_user},%{webyast_user}) %dir %{pkg_home}/sockets %attr(-,%{webyast_user},%{webyast_user}) %dir %{pkg_home}/cache @@ -389,8 +471,15 @@ %ghost %{webyast_dir}/db/schema.rb %{webyast_dir}/doc %{webyast_dir}/lib -%{webyast_dir}/public +%dir %{webyast_dir}/public +%{webyast_dir}/public/*.html +%{webyast_dir}/public/dispatch.* +%{webyast_dir}/public/apache.htaccess +%{webyast_dir}/public/favicon.ico +%{webyast_dir}/Gemfile +%{webyast_dir}/Gemfile.assets %{webyast_dir}/Rakefile +%{webyast_dir}/config.ru %{webyast_dir}/script %{webyast_dir}/vendor %dir %{webyast_dir}/config @@ -399,6 +488,7 @@ %{webyast_dir}/config/environments %{webyast_dir}/config/initializers %{webyast_dir}/config/routes.rb +%{webyast_dir}/config/application.rb #also users can run granting script, as permissions is handled by polkit right for granting permissions %attr(555,root,root) /usr/sbin/grantwebyastrights %attr(755,root,root) %{webyast_dir}/start.sh @@ -408,12 +498,16 @@ %doc %{webyast_dir}/README %attr(-,%{webyast_user},%{webyast_user}) %{webyast_dir}/log %attr(-,%{webyast_user},%{webyast_user}) %{webyast_dir}/tmp +%dir %{webyast_vardir} +%attr(-,%{webyast_user},%{webyast_user}) %dir %{webyast_vardir}/basesystem %dir /etc/nginx/certs #this /etc/webyast is for webyast configuration files %dir /etc/webyast/ %config /etc/webyast/control_panel.yml - +%if %suse_version <= 1110 +%config /etc/webyast/config.yml +%endif #nginx stuff %config(noreplace) /etc/webyast/nginx.conf %config /etc/webyast/fastcgi.conf @@ -426,31 +520,41 @@ %config /etc/webyast/win-utf %config /etc/sysconfig/SuSEfirewall2.d/services/webyast -%config /usr/share/polkit-1/actions/org.opensuse.yast.permissions.policy +%config /usr/share/%{webyast_polkit_dir}/org.opensuse.yast.permissions.policy %config %{webyast_dir}/config/environment.rb %config(noreplace) /etc/yast_user_roles %config %{_sysconfdir}/init.d/%{webyast_service} %{_sbindir}/rc%{webyast_service} %doc COPYING -### exclude css, icons and images -%exclude %{webyast_dir}/public/stylesheets -%exclude %{webyast_dir}/public/icons -%exclude %{webyast_dir}/public/images +### include JS assets +%exclude %{webyast_dir}/app/assets/icons +%exclude %{webyast_dir}/app/assets/images +%exclude %{webyast_dir}/app/assets/stylesheets +%{webyast_dir}/app/assets/javascripts +%{webyast_dir}/public/assets/*.js +%{webyast_dir}/public/assets/*.js.gz +%{webyast_dir}/public/assets/manifest.yml.base + +%exclude %{webyast_dir}/test %ghost %attr(755,root,root) /var/adm/update-scripts/%name-%version-%release-1 %files testsuite %defattr(-,root,root) %{webyast_dir}/test +%{webyast_dir}/Gemfile.test %files branding-default %defattr(-,root,root) ### include css, icons and images -%{webyast_dir}/public/stylesheets -%{webyast_dir}/public/icons -%{webyast_dir}/public/images +%{webyast_dir}/app/assets +%{webyast_dir}/public/assets +# exclude files belonging to the base +%exclude %{webyast_dir}/app/assets/javascripts/* +%exclude %{webyast_dir}/public/assets/*.js +%exclude %{webyast_dir}/public/assets/*.js.gz +%exclude %{webyast_dir}/public/assets/manifest.yml.base #--------------------------------------------------------------- - %changelog ++++++ config.yml ++++++ # This is a general config file for WebYaST # # The file needs to be located under /etc/webyast/ --- # Using the new # default: false polkit1: false ++++++ grantwebyastrights ++++++ --- /var/tmp/diff_new_pack.MbWNQn/_old 2012-06-14 21:11:42.000000000 +0200 +++ /var/tmp/diff_new_pack.MbWNQn/_new 2012-06-14 21:11:42.000000000 +0200 @@ -1,4 +1,4 @@ -#!/usr/bin/ruby +#!/usr/bin/env ruby # #-- # Webyast framework @@ -28,7 +28,21 @@ require 'fileutils' require 'getoptlong' require 'rubygems' -require 'polkit1' +require 'yaml' + +#checking which policykit is used +WEBYAST_CONFIG_FILE = "/etc/webyast/config.yml" +@polkit1 = true +if File.exist?(WEBYAST_CONFIG_FILE) + values = YAML::load(File.open(WEBYAST_CONFIG_FILE, 'r').read) + @polkit1 = false if values["polkit1"] == false +end + +STDOUT.puts "Using old PolicyKit" unless @polkit1 + +if @polkit1 + require 'polkit1' +end $debug = 0 @@ -41,8 +55,17 @@ STDERR.puts "NOTE: This program should be run by user root" STDERR.puts "" STDERR.puts "" - STDERR.puts "In order to show all possible permissions use:" - STDERR.puts "pkaction" + unless @polkit1 + STDERR.puts "This call grant/revoke ALL permissions for the YaST Webservice." + STDERR.puts "In order to grant/revoke single rights use:" + STDERR.puts "polkit-auth --user <user> (--grant|-revoke) <policyname>" + STDERR.puts "" + STDERR.puts "In order to show all possible permissions use:" + STDERR.puts "polkit-action" + else + STDERR.puts "In order to show all possible permissions use:" + STDERR.puts "pkaction" + end exit 1 end @@ -60,10 +83,10 @@ begin options.each do |opt, arg| case opt - when "--user": user = arg - when "--action": action = arg - when "--policy": single_policy = arg - when "--debug": $debug += 1 + when "--user"; user = arg + when "--action"; action = arg + when "--policy"; single_policy = arg + when "--debug"; $debug += 1 end end rescue GetoptLong::InvalidOption => o @@ -83,16 +106,28 @@ end def granted_perms(user) - perms = webyast_perms - perms.reject! { |perm| - PolKit1::polkit1_check(perm, user) == :no } + if @polkit1 + perms = webyast_perms + perms.reject! { |perm| + PolKit1::polkit1_check(perm, user) == :no + } + else + perms = `polkit-auth --user '#{user}' --explicit` + #do NOT raise if an error happens here cause while the package installation this call returns always an error + # raise "polkit-auth failed with ret code #{$?.exitstatus}. Output: #{perms}" unless $?.exitstatus.zero? + perms = perms.split "\n" + perms.reject! { |perm| not webyast_perm?(perm) } + end return perms end def webyast_perms - # this is a reimplementation of `pkaction`, because it relies on d-bus and does not work - # while building an appliane image - perms = `grep 'action id' /usr/share/polkit-1/actions/* |sed 's/^.*action id="\\(.*\\)".*$/\\1/'` + if @polkit1 + perms = `pkaction` + else + perms = `polkit-action` + raise "polkit-action failed with ret code #{$?.exitstatus}. Output: #{perms}" unless $?.exitstatus.zero? + end perms = perms.split "\n" perms.reject! { |perm| not webyast_perm?(perm) } return perms @@ -103,31 +138,54 @@ when "grant" then unless single_policy == nil STDOUT.puts "granting: #{single_policy}" - PolKit1::polkit1_write(POLKIT_SECTION, single_policy, true, user) + if @polkit1 + PolKit1::polkit1_write(POLKIT_SECTION, single_policy, true, user) + else + out = `polkit-auth --user '#{user}' --grant '#{single_policy}'` + #do NOT raise if an error happens here cause while the package installation this call can return an error for already existing + #permissions ( It is not possible to check this before) + #raise "Granting permissions failed with ret code #{$?.exitstatus}. Output: #{out}" unless $?.exitstatus.zero? + end else - # go through all webyast perms, checking granted permissions does not work - # well during build - # polkit1_write makes sure not to grant a permission multiple times itself - webyast_perms.each do |policy| + granted = granted_perms user + non_granted = webyast_perms.reject{ |perm| granted.include? perm } + non_granted.each do |policy| STDOUT.puts "granting: #{policy}" - PolKit1::polkit1_write(POLKIT_SECTION, policy, true, user) + if @polkit1 + PolKit1::polkit1_write(POLKIT_SECTION, policy, true, user) + else + out = `polkit-auth --user '#{user}' --grant '#{policy}'` + #do NOT raise if an error happens here cause while the package installation this call can return an error for already existing + #permissions ( It is not possible to check this before) + #raise "Granting permissions failed with ret code #{$?.exitstatus}. Output: #{out}" unless $?.exitstatus.zero? + end end end when "show" unless single_policy == nil - STDOUT.puts single_policy if PolKit1::polkit1_check(single_policy, user) == :yes + STDOUT.puts single_policy if granted_perms(user).include?(single_policy) else STDOUT.puts granted_perms(user).join("\n") end when "revoke" unless single_policy == nil STDOUT.puts "revoking: #{single_policy}" - PolKit1::polkit1_write(POLKIT_SECTION, single_policy, false, user) + if @polkit1 + PolKit1::polkit1_write(POLKIT_SECTION, single_policy, false, user) + else + out = `polkit-auth --user '#{user}' --revoke '#{single_policy}'` + raise "Revoking permissions failed with ret code #{$?.exitstatus}. Output: #{out}" unless $?.exitstatus.zero? + end else granted = granted_perms user granted.each do |policy| STDOUT.puts "revoking: #{policy}" - PolKit1::polkit1_write(POLKIT_SECTION, policy, false, user) + if @polkit1 + PolKit1::polkit1_write(POLKIT_SECTION, policy, false, user) + else + out = `polkit-auth --user '#{user}' --revoke '#{policy}'` + raise "Revoking permissions failed with ret code #{$?.exitstatus}. Output: #{out}" unless $?.exitstatus.zero? + end end end end ++++++ nginx.conf ++++++ --- /var/tmp/diff_new_pack.MbWNQn/_old 2012-06-14 21:11:42.000000000 +0200 +++ /var/tmp/diff_new_pack.MbWNQn/_new 2012-06-14 21:11:42.000000000 +0200 @@ -73,6 +73,10 @@ ssl_ciphers ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH; ssl_prefer_server_ciphers on; + # redirect HTTP requests to HTTPS + # Error 497 is internal code for Error 400 "The plain HTTP request was sent to HTTPS port" + error_page 497 https://$host:4984$request_uri; + location ~* \.(png|gif|jpg|jpeg|css|js|swf|ico)(\?[0-9]+)?$ { passenger_enabled on; access_log off; ++++++ rcwebyast ++++++ --- /var/tmp/diff_new_pack.MbWNQn/_old 2012-06-14 21:11:42.000000000 +0200 +++ /var/tmp/diff_new_pack.MbWNQn/_new 2012-06-14 21:11:42.000000000 +0200 @@ -128,6 +128,7 @@ CERTIFICATEFILE=/etc/nginx/certs/webyast.pem CERTKEYFILE=/etc/nginx/certs/webyast.key COMBINEDCERTFILE=/etc/nginx/certs/webyast-combined.pem +GEMFILE_LOCK=/srv/www/webyast/Gemfile.lock # Source LSB init functions # providing start_daemon, killproc, pidofproc, @@ -186,6 +187,9 @@ fi echo -n "Starting webyast " + # refresh the Gemfile.lock content before starting the server + # (outdated file can cause problems after upgrading needed rubygems) + rm -f $GEMFILE_LOCK #generate deployment specific secret key (bnc#591345) SECRET=`cd /srv/www/webyast/ && rake -s secret` if [ -z $SECRET ]; then ++++++ webyast.lr.conf ++++++ --- /var/tmp/diff_new_pack.MbWNQn/_old 2012-06-14 21:11:42.000000000 +0200 +++ /var/tmp/diff_new_pack.MbWNQn/_new 2012-06-14 21:11:42.000000000 +0200 @@ -1,4 +1,4 @@ -/srv/www/webyast/log/production.log /srv/www/webyast/log/development.log /srv/www/webyast/log/lighttpd.access.log /srv/www/webyast/log/lighttpd.error.log { +/srv/www/webyast/log/production.log /srv/www/webyast/log/development.log /srv/www/webyast/log/access.log /srv/www/webyast/log/error.log /srv/www/webyast/log/permission_service.log /srv/www/webyast/log/passenger.log { compress dateext maxage 365 ++++++ webyastPermissionsService.rb ++++++ --- /var/tmp/diff_new_pack.MbWNQn/_old 2012-06-14 21:11:42.000000000 +0200 +++ /var/tmp/diff_new_pack.MbWNQn/_new 2012-06-14 21:11:42.000000000 +0200 @@ -21,7 +21,22 @@ require 'rubygems' require 'dbus' require 'etc' -require 'polkit1' + +require 'yaml' + +#checking which policykit is used +WEBYAST_CONFIG_FILE = "/etc/webyast/config.yml" +polkit1_enabled = true +if File.exist?(WEBYAST_CONFIG_FILE) + values = YAML::load(File.open(WEBYAST_CONFIG_FILE, 'r').read) + polkit1_enabled = false if values["polkit1"] == false +end + +if polkit1_enabled + require 'polkit1' +else + require 'polkit' +end # Choose the bus (could also be DBus::session_bus, which is not suitable for a system service) bus = DBus::system_bus @@ -30,6 +45,13 @@ class WebyastPermissionsService < DBus::Object + attr_accessor :polkit1 + + def initialize(polkit1_enabled, options={}) + @polkit1 = polkit1_enabled + super options + end + # overriding DBus::Object#dispatch # It is needed because dispatch sent just parameters and without sender it is # imposible to check permissions of sender. So to avoid it add as last @@ -49,17 +71,20 @@ dbus_interface "webyast.permissions.Interface" do dbus_method :grant, "out result:as, in permissions:as, in user:s" do |permissions,user,sender| result = execute(:grant, permissions, user,sender) - log "Grant permissions #{permissions.inspect} for user #{user} with result #{result.inspect}" + log "Grant permissions #{permissions.inspect} for user #{user} with result #{result.inspect} " + + (@polkit1 ? "(Polkit1)" : "(PolicyKit)") [result] end dbus_method :revoke, "out result:as, in permissions:as, in user:s" do |permissions,user,sender| result = execute(:revoke, permissions, user,sender) - log "Revoke permissions #{permissions.inspect} for user #{user} with result #{result.inspect}" + log "Revoke permissions #{permissions.inspect} for user #{user} with result #{result.inspect} " + + (@polkit1 ? "(Polkit1)" : "(PolicyKit)") [result] end dbus_method :check, "out result:as, in permissions:as, in user:s" do |permissions,user,sender| result = execute(:check, permissions, user,sender) - log "check permissions #{permissions.inspect} for user #{user} with result #{result.inspect}" + log "check permissions #{permissions.inspect} for user #{user} with result #{result.inspect} " + + (@polkit1 ? "(Polkit1)" : "(PolicyKit)") [result] end end @@ -81,23 +106,51 @@ case command when :grant: begin - PolKit1::polkit1_write(POLKIT_SECTION, p, true, user) - result << "true" + if @polkit1 + PolKit1::polkit1_write(POLKIT_SECTION, p, true, user) + result << "true" + else + #whitespace check for valid permission string to avoid attack + if p.match(/^[a-zA-Z][a-zA-Z0-9.-]*$/) + result << `polkit-auth --user '#{user}' --grant '#{p}' 2>&1` # RORSCAN_ITL + else + result << "perm #{p} is INVALID" # XXX tom: better don't include invalif perms here, we do not know what the calling function is doing with it, like displaying it via the browser, passing it to the shell etc. + end + end rescue Exception => e result << e.message end when :revoke: begin - PolKit1::polkit1_write(POLKIT_SECTION, p, false, user) - result << "true" + if @polkit1 + PolKit1::polkit1_write(POLKIT_SECTION, p, false, user) + result << "true" + else + #whitespace check for valid permission string to avoid attack + if p.match(/^[a-zA-Z][a-zA-Z0-9.-]*$/) + result << `polkit-auth --user '#{user}' --revoke '#{p}' 2>&1` # RORSCAN_ITL + else + result << "perm #{p} is INVALID" # XXX tom: better don't include invalif perms here, we do not know what the calling function is doing with it, like displaying it via the browser, passing it to the shell etc. + end + end rescue Exception => e result << e.message end when :check: - if PolKit1::polkit1_check(p, user) == :yes - result << "yes" + if @polkit1 + if PolKit1::polkit1_check(p, user) == :yes + result << "yes" + else + result << "no" + end else - result << "no" + uid = DBus::SystemBus.instance.proxy.GetConnectionUnixUser(sender)[0] + user = Etc.getpwuid(uid).name + if PolKit.polkit_check(p, user) == :yes + result << "yes" + else + result << "no" + end end else end @@ -114,16 +167,28 @@ begin case command when :grant: - return PolKit1.polkit1_check(PERMISSION_WRITE, user) == :yes + if @polkit1 + return PolKit1.polkit1_check(PERMISSION_WRITE, user) == :yes + else + return PolKit.polkit_check(PERMISSION_WRITE, user) == :yes + end when :revoke: - return PolKit1.polkit1_check(PERMISSION_WRITE, user) == :yes + if @polkit1 + return PolKit1.polkit1_check(PERMISSION_WRITE, user) == :yes + else + return PolKit.polkit_check(PERMISSION_WRITE, user) == :yes + end when :check: - return PolKit1.polkit1_check(PERMISSION_READ, user) == :yes + if @polkit1 + return PolKit1.polkit1_check(PERMISSION_READ, user) == :yes + else + return PolKit.polkit_check(PERMISSION_READ, user) == :yes + end else return false end rescue Exception => e - log "PolKit1 returns an error: #{e.inspect}" + log "PolKit returns an error: #{e.inspect}" return false end end @@ -137,7 +202,7 @@ end # Set the object path -obj = WebyastPermissionsService.new("/webyast/permissions/Interface") +obj = WebyastPermissionsService.new(polkit1_enabled, "/webyast/permissions/Interface") # Export it! service.export(obj) ++++++ www.tar.bz2 ++++++ ++++ 563237 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
