Hello community,
here is the log from the commit of package polkit-default-privs for
openSUSE:Factory checked in at 2019-02-24 17:06:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/polkit-default-privs (Old)
and /work/SRC/openSUSE:Factory/.polkit-default-privs.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polkit-default-privs"
Sun Feb 24 17:06:36 2019 rev:158 rq:674600 version:13.2+20190213.2f39f9b
Changes:
--------
---
/work/SRC/openSUSE:Factory/polkit-default-privs/polkit-default-privs.changes
2019-02-08 13:48:48.138771697 +0100
+++
/work/SRC/openSUSE:Factory/.polkit-default-privs.new.28833/polkit-default-privs.changes
2019-02-24 17:06:40.108587056 +0100
@@ -1,0 +2,9 @@
+Wed Feb 13 14:35:18 UTC 2019 - [email protected]
+
+- Update to version 13.2+20190213.2f39f9b:
+ * add whitelisting file for files installed in polkit-1/rules.d *
(bsc#1125314)
+ * the new whitelisting is packaged in a separate subpackage, because it is
+ not needed for normal operation, only during OBS build time for rpmlint to
+ find it.
+
+-------------------------------------------------------------------
Old:
----
polkit-default-privs-13.2+20190207.4d86620.tar.xz
New:
----
polkit-default-privs-13.2+20190213.2f39f9b.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ polkit-default-privs.spec ++++++
--- /var/tmp/diff_new_pack.pMEEbA/_old 2019-02-24 17:06:40.636586805 +0100
+++ /var/tmp/diff_new_pack.pMEEbA/_new 2019-02-24 17:06:40.640586803 +0100
@@ -23,7 +23,7 @@
%endif
Name: polkit-default-privs
-Version: 13.2+20190207.4d86620
+Version: 13.2+20190213.2f39f9b
Release: 0
Summary: SUSE PolicyKit default permissions
License: GPL-2.0-or-later
@@ -52,6 +52,18 @@
--------
Ludwig Nussel
+# use a separate package for the static whitelist (i.e. the one that isn't
+# part of the different profile selectable during runtime). This whitelist is
+# of no use for users and only needed during rpmlint time.
+%package -n polkit-whitelisting
+Summary: Static polkit whitelists for processing by rpmlint-checks
+Group: Productivity/Security
+
+%description -n polkit-whitelisting
+This package contains static polkit whitelistings for polkit Java Script rule
+files. The whitelistings will be processed by rpmlint-checks to determine
+valid rule file installations by other packages.
+
%prep
%setup -q
@@ -79,4 +91,8 @@
%_mandir/man*/*
%{_fillupdir}/sysconfig.security-polkit_default_privs
+%files -n polkit-whitelisting
+%defattr(-,root,root)
+/etc/polkit-rules-whitelist.json
+
%changelog
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.pMEEbA/_old 2019-02-24 17:06:40.676586786 +0100
+++ /var/tmp/diff_new_pack.pMEEbA/_new 2019-02-24 17:06:40.676586786 +0100
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/openSUSE/polkit-default-privs.git</param>
- <param
name="changesrevision">4d866205ba66e3264b834049c26f8a84475edf88</param></service></servicedata>
\ No newline at end of file
+ <param
name="changesrevision">2f39f9b0558d55c7ae87fa7542bf3d84f12eec69</param></service></servicedata>
\ No newline at end of file
++++++ polkit-default-privs-13.2+20190207.4d86620.tar.xz ->
polkit-default-privs-13.2+20190213.2f39f9b.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polkit-default-privs-13.2+20190207.4d86620/Makefile
new/polkit-default-privs-13.2+20190213.2f39f9b/Makefile
--- old/polkit-default-privs-13.2+20190207.4d86620/Makefile 2019-02-07
12:23:51.000000000 +0100
+++ new/polkit-default-privs-13.2+20190213.2f39f9b/Makefile 2019-02-13
15:26:06.000000000 +0100
@@ -25,6 +25,7 @@
install -m 755 src/chkstat-polkit $(DESTDIR)$(sbindir)
install -m 644
profiles/polkit-default-privs.{easy,standard,restrictive,local}
$(DESTDIR)$(sysconfdir)
install -m 644 etc/sysconfig.security-polkit_default_privs
$(DESTDIR)$(fillupdir)
+ install -m 644 etc/polkit-rules-whitelist.json $(DESTDIR)$(sysconfdir)
install -m 644 README.md $(DESTDIR)$(docdir)/polkit-default-privs
@for src in $(manpages); do \
page=`basename $$src` \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polkit-default-privs-13.2+20190207.4d86620/README.md
new/polkit-default-privs-13.2+20190213.2f39f9b/README.md
--- old/polkit-default-privs-13.2+20190207.4d86620/README.md 2019-02-07
12:23:51.000000000 +0100
+++ new/polkit-default-privs-13.2+20190213.2f39f9b/README.md 2019-02-13
15:26:06.000000000 +0100
@@ -43,6 +43,17 @@
broken software in extreme cases. We are trying to catch theses cases and
patch our packages or improve upstream code.
+rules.d whitelisting
+--------------------
+
+Polkit uses Java Script snippets to allow customization of the authentication
+process. Additional rule files can be installed in `/etc/polkit-1/rules.d` and
+`/usr/share/polkit-1/rules.d`. These files are independent of the polkit
+profiles implemented by polkit-default-privs. Therefore a separate
+whitelisting for them is managed in this repository found in
+`etc/polkit-rules-whitelist.json`. This whitelist is used by SUSE
+rpmlint-checks to determine valid additions to those directories.
+
Maintainer
----------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/polkit-default-privs-13.2+20190207.4d86620/etc/polkit-rules-whitelist.json
new/polkit-default-privs-13.2+20190213.2f39f9b/etc/polkit-rules-whitelist.json
---
old/polkit-default-privs-13.2+20190207.4d86620/etc/polkit-rules-whitelist.json
1970-01-01 01:00:00.000000000 +0100
+++
new/polkit-default-privs-13.2+20190213.2f39f9b/etc/polkit-rules-whitelist.json
2019-02-13 15:26:06.000000000 +0100
@@ -0,0 +1,14 @@
+[
+ {
+ "package": "polkit-default-privs",
+ "path": "/etc/polkit-1/rules.d/90-default-privs.rules",
+ "audit-bug": "bsc#1125314",
+ "comment": "rules dynamically generated by our own polkit
profile tooling"
+ },
+ {
+ "package": "polkit",
+ "path": "/etc/polkit-1/rules.d/50-default.rules",
+ "audit-bug": "bsc#1125314",
+ "comment": "default rule shipped by polkit, allows uid 0 to do
everything"
+ }
+]
