Hi everyone, Here's the patch that to address the lack of easily configuring the SUID bit on gnome-applet's cpufreq-selector wrapper. It's really just a port from what was originally included in the gnome-cpufreq-applet package that I used to maintain except the default is now set to yes ["It Should Just Work (TM)"] and the priority lowered.
Thoughts?
Cheers,
Andrew "Netsnipe" Lau
--
---------------------------------------------------------------------------
Andrew "Netsnipe" Lau <http://www.cse.unsw.edu.au/~alau/>
Debian GNU/Linux Maintainer & Computer Science, UNSW
-
"Nobody expects the Debian Inquisition!
Our two weapons are fear and surprise...and ruthless efficiency!"
---------------------------------------------------------------------------
diff -x .svn -ruN branches/2.10/gnome-applets/debian/changelog unstable/gnome-applets/debian/changelog --- branches/2.10/gnome-applets/debian/changelog 2005-06-08 02:18:35.731201272 +1000 +++ unstable/gnome-applets/debian/changelog 2005-06-08 02:21:40.011186456 +1000 @@ -1,3 +1,13 @@ +gnome-applets (2.10.1-3) DO_NOT_UPLOAD_YET; urgency=low + + * Upload gnome-applets into the unstable branch of Debian. + * Andrew Lau: + - Ported the Debconf scripts from the gnome-cpufreq-applet package to + configure cpufreq-selector's SUID status. + - Add CPUFreq daemons to the package's suggestions list. + + -- Andrew Lau <[EMAIL PROTECTED]> Wed, 8 Jun 2005 01:56:24 +1000 + gnome-applets (2.10.1-2) experimental; urgency=low * Get rid of buggy mc-install-default-macros ; made a .entries file to diff -x .svn -ruN branches/2.10/gnome-applets/debian/config unstable/gnome-applets/debian/config --- branches/2.10/gnome-applets/debian/config 1970-01-01 10:00:00.000000000 +1000 +++ unstable/gnome-applets/debian/config 2005-06-08 01:03:29.523249008 +1000 @@ -0,0 +1,32 @@ +#!/bin/sh + +# Debconf config script for gnome-applets +prog=/usr/bin/cpufreq-selector + +# Load Debconf +. /usr/share/debconf/confmodule +db_version 2.0 + +# Set default value to match current state of file +if [ -u $prog ]; then + db_set gnome-applets/SUID_bit true +else + db_set gnome-applets/SUID_bit false +fi + +# Prompt for user input +db_input low gnome-applets/SUID_bit || true +db_go + +# Update statoverrides as necessary +db_get gnome-applets/cpufreq_SUID +if [ "$RET" = "true" ]; then + if ! dpkg-statoverride --list $prog > /dev/null; then + dpkg-statoverride --add --update \ + root root 4755 $prog > /dev/null 2>&1 + fi; +else + if dpkg-statoverride --list $prog > /dev/null; then + dpkg-statoverride --remove $prog + fi; +fi; diff -x .svn -ruN branches/2.10/gnome-applets/debian/control unstable/gnome-applets/debian/control --- branches/2.10/gnome-applets/debian/control 2005-06-08 02:18:35.539230456 +1000 +++ unstable/gnome-applets/debian/control 2005-06-08 02:20:43.381795432 +1000 @@ -2,7 +2,7 @@ Section: gnome Priority: optional Maintainer: Marc Dequènes (Duck) <[EMAIL PROTECTED]> -Uploaders: Debian GNOME Maintainers <[EMAIL PROTECTED]>, Akira TAGOH <[EMAIL PROTECTED]>, Andreas Rottmann <[EMAIL PROTECTED]>, Andrew Lau <[EMAIL PROTECTED]>, Carlos Perelló Marín <[EMAIL PROTECTED]>, Ed Boraas <[EMAIL PROTECTED]>, Edd Dumbill <[EMAIL PROTECTED]>, Emil Soleyman-Zomalan <[EMAIL PROTECTED]>, Gustavo Noronha Silva <[EMAIL PROTECTED]>, J.H.M. Dassen (Ray) <[EMAIL PROTECTED]>, Joe Drew <[EMAIL PROTECTED]>, Johannes Rohr <[EMAIL PROTECTED]>, Jordi Mallach <[EMAIL PROTECTED]>, Jose Carlos Garcia Sogo <[EMAIL PROTECTED]>, Josselin Mouette <[EMAIL PROTECTED]>, Marc 'HE' Brockschmidt <[EMAIL PROTECTED]>, Ondřej Surý <[EMAIL PROTECTED]>, Rob Bradford <[EMAIL PROTECTED]>, Robert McQueen <[EMAIL PROTECTED]>, Ross Burton <[EMAIL PROTECTED]>, Sebastien Bacher <[EMAIL PROTECTED]>, Sjoerd Simons <[EMAIL PROTECTED]>, Takuo KITAME <[EMAIL PROTECTED]> +Uploaders: Debian GNOME Maintainers <[EMAIL PROTECTED]>, Akira TAGOH <[EMAIL PROTECTED]>, Andreas Rottmann <[EMAIL PROTECTED]>, Andrew Lau <[EMAIL PROTECTED]>, Carlos Perelló Marín <[EMAIL PROTECTED]>, Ed Boraas <[EMAIL PROTECTED]>, Edd Dumbill <[EMAIL PROTECTED]>, Emil Soleyman-Zomalan <[EMAIL PROTECTED]>, Gustavo Noronha Silva <[EMAIL PROTECTED]>, J.H.M. Dassen (Ray) <[EMAIL PROTECTED]>, Joe Drew <[EMAIL PROTECTED]>, Johannes Rohr <[EMAIL PROTECTED]>, Jordi Mallach <[EMAIL PROTECTED]>, Jose Carlos Garcia Sogo <[EMAIL PROTECTED]>, Josselin Mouette <[EMAIL PROTECTED]>, Loic Minier <[EMAIL PROTECTED]>, Marc 'HE' Brockschmidt <[EMAIL PROTECTED]>, Ondřej Surý <[EMAIL PROTECTED]>, Rob Bradford <[EMAIL PROTECTED]>, Robert McQueen <[EMAIL PROTECTED]>, Ross Burton <[EMAIL PROTECTED]>, Sebastien Bacher <[EMAIL PROTECTED]>, Sjoerd Simons <[EMAIL PROTECTED]>, Takuo KITAME <[EMAIL PROTECTED]> Standards-Version: 3.6.1.1 Build-Depends: cdbs (>= 0.4.23-1.1), autotools-dev, debhelper (>= 4.1.0), patchutils, debhelper (>= 4.2.21), type-handling, libgtop2-dev (>= 2.10.0-1), intltool, libpanel-applet2-dev (>= 2.10.1-1), liborbit2-dev (>= 1:2.12.1-1), scrollkeeper (>= 0.3.14-9.1), libgail-dev (>= 1.8.2-1), libwnck-dev (>= 2.10.0-1), libgconf2-dev (>= 2.10.0-1), libglade2-dev (>= 1:2.5.1-1), libapm-dev [alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 s390x sh3 sh3eb sh4 sh4eb sparc sparc64 amd64], libgnomeui-dev (>= 2.10.0-1), libgnome-keyring-dev (>= 0.4.2-1) , libxklavier-dev (>= 1.14-1), gnome-pkg-tools, xsltproc, docbook-xsl, xlibs-static-dev, sharutils, libgstreamer-plugins0.8-dev (>= 0.8.8), libgnomevfs2-dev (>= 2.10.0-1), libgucharmap4-dev (>= 1:1.4.2-1), system-tools-backends-dev (>= 1.1.3), xlibs-static-dev @@ -22,7 +22,7 @@ Replaces: gnome-panel-data (<= 2.2.2.2-2), gnome-cpufreq-applet, trashapplet Provides: gnome-cpufreq-applet, trashapplet Recommends: imagemagick, gnome-system-monitor, gnome-media, gnome-netstatus -Suggests: acpid [i386 ia64 amd64] +Suggests: acpid [i386 ia64 amd64], | cpufreqd | cpudyn | powernowd Description: Various applets for GNOME 2 panel - binary files accessx-status: shows you the status of the keyboard accessibility features, including the current state of the keyboard, if those features diff -x .svn -ruN branches/2.10/gnome-applets/debian/control.in unstable/gnome-applets/debian/control.in --- branches/2.10/gnome-applets/debian/control.in 2005-06-08 02:18:35.542230000 +1000 +++ unstable/gnome-applets/debian/control.in 2005-06-08 02:00:16.861254896 +1000 @@ -22,7 +22,7 @@ Replaces: gnome-panel-data (<= 2.2.2.2-2), gnome-cpufreq-applet, trashapplet Provides: gnome-cpufreq-applet, trashapplet Recommends: imagemagick, gnome-system-monitor, gnome-media, gnome-netstatus -Suggests: acpid [i386 ia64 amd64] +Suggests: acpid [i386 ia64 amd64], | cpufreqd | cpudyn | powernowd Description: Various applets for GNOME 2 panel - binary files accessx-status: shows you the status of the keyboard accessibility features, including the current state of the keyboard, if those features diff -x .svn -ruN branches/2.10/gnome-applets/debian/gnome-applets.postinst unstable/gnome-applets/debian/gnome-applets.postinst --- branches/2.10/gnome-applets/debian/gnome-applets.postinst 1970-01-01 10:00:00.000000000 +1000 +++ unstable/gnome-applets/debian/gnome-applets.postinst 2005-06-08 01:02:11.193156992 +1000 @@ -0,0 +1,31 @@ +#!/bin/sh +# postinst script for gnome-cpufreq-selector + +set -e + +. /usr/share/debconf/confmodule +db_version 2.0 + +prog=/usr/bin/cpufreq-selector + +case "$1" in + configure) + db_get gnome-applets/cpufreq_SUID + if [ "$RET" = "false" ]; then + chmod 0755 $prog + fi; + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff -x .svn -ruN branches/2.10/gnome-applets/debian/gnome-applets.postrm unstable/gnome-applets/debian/gnome-applets.postrm --- branches/2.10/gnome-applets/debian/gnome-applets.postrm 1970-01-01 10:00:00.000000000 +1000 +++ unstable/gnome-applets/debian/gnome-applets.postrm 2005-06-08 00:54:18.189064544 +1000 @@ -0,0 +1,23 @@ +#!/bin/sh +# postrm script for gnome-cpufreq-selector + +set -e + +prog=/usr/bin/cpufreq-selector + +case "$1" in + purge) + if dpkg-statoverride --list $prog > /dev/null; then + dpkg-statoverride --remove $prog + fi; + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 +esac + +#DEBHELPER# + +exit 0 diff -x .svn -ruN branches/2.10/gnome-applets/debian/po/POTFILES.in unstable/gnome-applets/debian/po/POTFILES.in --- branches/2.10/gnome-applets/debian/po/POTFILES.in 1970-01-01 10:00:00.000000000 +1000 +++ unstable/gnome-applets/debian/po/POTFILES.in 2005-06-08 00:53:35.120611944 +1000 @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates diff -x .svn -ruN branches/2.10/gnome-applets/debian/po/templates.pot unstable/gnome-applets/debian/po/templates.pot --- branches/2.10/gnome-applets/debian/po/templates.pot 1970-01-01 10:00:00.000000000 +1000 +++ unstable/gnome-applets/debian/po/templates.pot 2005-06-08 01:55:54.133195632 +1000 @@ -0,0 +1,65 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-06-08 01:55+1000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <[EMAIL PROTECTED]>\n" +"Language-Team: LANGUAGE <[EMAIL PROTECTED]>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "Install cpufreq-selector with SUID root?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "" +"You have the option of installing a component of the CPU Frequency Scaling " +"GNOME applet (cpufreq-selector) with the \"set user ID\" (SUID) bit enabled." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "" +"If you make cpufreq-selector SUID, any user can then set the CPU's clock " +"frequency without needing any additional privileges. This could, however, " +"potentially allow it to be used during a security attack on your computer. " +"If your CPU does not support CPUFreq or you are in doubt, then it is " +"suggested that you answer \"No\"." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "" +"The applet will continue to work if you choose to disable SUID for cpufreq-" +"selector, but only for monitoring the CPU clock frequency. You will need to " +"restart this applet before this decision takes effect." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "If you change your mind later, run \"dpkg-reconfigure gnome-applets\"" +msgstr "" diff -x .svn -ruN branches/2.10/gnome-applets/debian/templates unstable/gnome-applets/debian/templates --- branches/2.10/gnome-applets/debian/templates 1970-01-01 10:00:00.000000000 +1000 +++ unstable/gnome-applets/debian/templates 2005-06-08 01:55:46.857301736 +1000 @@ -0,0 +1,18 @@ +Template: gnome-applets/cpufreq_SUID +Type: boolean +Default: true +_Description: Install cpufreq-selector with SUID root? + You have the option of installing a component of the CPU Frequency Scaling + GNOME applet (cpufreq-selector) with the "set user ID" (SUID) bit enabled. + . + If you make cpufreq-selector SUID, any user can then set the CPU's clock + frequency without needing any additional privileges. This could, however, + potentially allow it to be used during a security attack on your computer. If + your CPU does not support CPUFreq or you are in doubt, then it is suggested + that you answer "No". + . + The applet will continue to work if you choose to disable SUID for + cpufreq-selector, but only for monitoring the CPU clock frequency. You will + need to restart this applet before this decision takes effect. + . + If you change your mind later, run "dpkg-reconfigure gnome-applets"
signature.asc
Description: Digital signature
