Hello community, here is the log from the commit of package polkit-default-privs for openSUSE:Factory checked in at 2019-02-24 17:06:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/polkit-default-privs (Old) and /work/SRC/openSUSE:Factory/.polkit-default-privs.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polkit-default-privs" Sun Feb 24 17:06:36 2019 rev:158 rq:674600 version:13.2+20190213.2f39f9b Changes: -------- --- /work/SRC/openSUSE:Factory/polkit-default-privs/polkit-default-privs.changes 2019-02-08 13:48:48.138771697 +0100 +++ /work/SRC/openSUSE:Factory/.polkit-default-privs.new.28833/polkit-default-privs.changes 2019-02-24 17:06:40.108587056 +0100 @@ -1,0 +2,9 @@ +Wed Feb 13 14:35:18 UTC 2019 - opensuse-packag...@opensuse.org + +- Update to version 13.2+20190213.2f39f9b: + * add whitelisting file for files installed in polkit-1/rules.d * (bsc#1125314) + * the new whitelisting is packaged in a separate subpackage, because it is + not needed for normal operation, only during OBS build time for rpmlint to + find it. + +------------------------------------------------------------------- Old: ---- polkit-default-privs-13.2+20190207.4d86620.tar.xz New: ---- polkit-default-privs-13.2+20190213.2f39f9b.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ polkit-default-privs.spec ++++++ --- /var/tmp/diff_new_pack.pMEEbA/_old 2019-02-24 17:06:40.636586805 +0100 +++ /var/tmp/diff_new_pack.pMEEbA/_new 2019-02-24 17:06:40.640586803 +0100 @@ -23,7 +23,7 @@ %endif Name: polkit-default-privs -Version: 13.2+20190207.4d86620 +Version: 13.2+20190213.2f39f9b Release: 0 Summary: SUSE PolicyKit default permissions License: GPL-2.0-or-later @@ -52,6 +52,18 @@ -------- Ludwig Nussel +# use a separate package for the static whitelist (i.e. the one that isn't +# part of the different profile selectable during runtime). This whitelist is +# of no use for users and only needed during rpmlint time. +%package -n polkit-whitelisting +Summary: Static polkit whitelists for processing by rpmlint-checks +Group: Productivity/Security + +%description -n polkit-whitelisting +This package contains static polkit whitelistings for polkit Java Script rule +files. The whitelistings will be processed by rpmlint-checks to determine +valid rule file installations by other packages. + %prep %setup -q @@ -79,4 +91,8 @@ %_mandir/man*/* %{_fillupdir}/sysconfig.security-polkit_default_privs +%files -n polkit-whitelisting +%defattr(-,root,root) +/etc/polkit-rules-whitelist.json + %changelog ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.pMEEbA/_old 2019-02-24 17:06:40.676586786 +0100 +++ /var/tmp/diff_new_pack.pMEEbA/_new 2019-02-24 17:06:40.676586786 +0100 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/openSUSE/polkit-default-privs.git</param> - <param name="changesrevision">4d866205ba66e3264b834049c26f8a84475edf88</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">2f39f9b0558d55c7ae87fa7542bf3d84f12eec69</param></service></servicedata> \ No newline at end of file ++++++ polkit-default-privs-13.2+20190207.4d86620.tar.xz -> polkit-default-privs-13.2+20190213.2f39f9b.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-13.2+20190207.4d86620/Makefile new/polkit-default-privs-13.2+20190213.2f39f9b/Makefile --- old/polkit-default-privs-13.2+20190207.4d86620/Makefile 2019-02-07 12:23:51.000000000 +0100 +++ new/polkit-default-privs-13.2+20190213.2f39f9b/Makefile 2019-02-13 15:26:06.000000000 +0100 @@ -25,6 +25,7 @@ install -m 755 src/chkstat-polkit $(DESTDIR)$(sbindir) install -m 644 profiles/polkit-default-privs.{easy,standard,restrictive,local} $(DESTDIR)$(sysconfdir) install -m 644 etc/sysconfig.security-polkit_default_privs $(DESTDIR)$(fillupdir) + install -m 644 etc/polkit-rules-whitelist.json $(DESTDIR)$(sysconfdir) install -m 644 README.md $(DESTDIR)$(docdir)/polkit-default-privs @for src in $(manpages); do \ page=`basename $$src` \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-13.2+20190207.4d86620/README.md new/polkit-default-privs-13.2+20190213.2f39f9b/README.md --- old/polkit-default-privs-13.2+20190207.4d86620/README.md 2019-02-07 12:23:51.000000000 +0100 +++ new/polkit-default-privs-13.2+20190213.2f39f9b/README.md 2019-02-13 15:26:06.000000000 +0100 @@ -43,6 +43,17 @@ broken software in extreme cases. We are trying to catch theses cases and patch our packages or improve upstream code. +rules.d whitelisting +-------------------- + +Polkit uses Java Script snippets to allow customization of the authentication +process. Additional rule files can be installed in `/etc/polkit-1/rules.d` and +`/usr/share/polkit-1/rules.d`. These files are independent of the polkit +profiles implemented by polkit-default-privs. Therefore a separate +whitelisting for them is managed in this repository found in +`etc/polkit-rules-whitelist.json`. This whitelist is used by SUSE +rpmlint-checks to determine valid additions to those directories. + Maintainer ---------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-13.2+20190207.4d86620/etc/polkit-rules-whitelist.json new/polkit-default-privs-13.2+20190213.2f39f9b/etc/polkit-rules-whitelist.json --- old/polkit-default-privs-13.2+20190207.4d86620/etc/polkit-rules-whitelist.json 1970-01-01 01:00:00.000000000 +0100 +++ new/polkit-default-privs-13.2+20190213.2f39f9b/etc/polkit-rules-whitelist.json 2019-02-13 15:26:06.000000000 +0100 @@ -0,0 +1,14 @@ +[ + { + "package": "polkit-default-privs", + "path": "/etc/polkit-1/rules.d/90-default-privs.rules", + "audit-bug": "bsc#1125314", + "comment": "rules dynamically generated by our own polkit profile tooling" + }, + { + "package": "polkit", + "path": "/etc/polkit-1/rules.d/50-default.rules", + "audit-bug": "bsc#1125314", + "comment": "default rule shipped by polkit, allows uid 0 to do everything" + } +]