Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2012-02-08 15:41:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "permissions", Maintainer is "lnus...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2011-11-07
14:28:56.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2012-02-08 15:41:13.000000000 +0100
@@ -1,0 +2,11 @@
+Wed Feb 8 08:15:50 UTC 2012 - lnus...@suse.de
+
+- add duplicate entries for / and /usr (bnc#745622)
+
+-------------------------------------------------------------------
+Tue Feb 7 12:09:17 UTC 2012 - lnus...@suse.de
+
+- add scripts for automatic package sumission
+- drop zypp-refresh-wrapper (bnc#738677)
+
+-------------------------------------------------------------------
Old:
----
0001-disable-run-time-fscaps-detection-bnc-728312.diff
permissions-2011.09.23.1037.tar.bz2
New:
----
permissions-2012.02.08.0914.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ permissions.spec ++++++
--- /var/tmp/diff_new_pack.CeBfIs/_old 2012-02-08 15:41:16.000000000 +0100
+++ /var/tmp/diff_new_pack.CeBfIs/_new 2012-02-08 15:41:16.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package permissions
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,13 +24,12 @@
License: GPL-2.0+
Group: Productivity/Security
AutoReqProv: on
-Version: 2011.09.23.1037
+Version: 2012.02.08.0914
Release: 1
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
Summary: SUSE Linux Default Permissions
Source: permissions-%{version}.tar.bz2
-Patch0: 0001-disable-run-time-fscaps-detection-bnc-728312.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: http://gitorious.org/opensuse/permissions
@@ -49,7 +48,6 @@
%prep
%setup -q
-%patch0 -p1
%build
make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0
++++++ permissions-2011.09.23.1037.tar.bz2 ->
permissions-2012.02.08.0914.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.09.23.1037/Makefile
new/permissions-2012.02.08.0914/Makefile
--- old/permissions-2011.09.23.1037/Makefile 2011-09-23 10:37:01.000000000
+0200
+++ new/permissions-2012.02.08.0914/Makefile 2012-02-08 09:14:56.000000000
+0100
@@ -32,4 +32,7 @@
clean:
/bin/rm chkstat
-.PHONY: all clean
+package:
+ @obs/mkpackage
+
+.PHONY: all clean package
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.09.23.1037/chkstat.8
new/permissions-2012.02.08.0914/chkstat.8
--- old/permissions-2011.09.23.1037/chkstat.8 2011-09-23 10:37:01.000000000
+0200
+++ new/permissions-2012.02.08.0914/chkstat.8 2012-02-08 09:14:56.000000000
+0100
@@ -52,8 +52,9 @@
Omit printing the output header lines.
.TP
.IR \-\-fscaps,\ \-\-no\-fscaps
-Force or disable use of fscaps. Default is to automatically
-determine whether the running kernel supports fscaps.
+Enable or disable use of fscaps. In system mode the setting of
+PERMISSIONS_FSCAPS determines whether fscaps are on or off when this
+option is not set.
.TP
.IR \-\-examine\ file
Check permissions for this file instead of all files listed in the permissions
files.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.09.23.1037/chkstat.c
new/permissions-2012.02.08.0914/chkstat.c
--- old/permissions-2011.09.23.1037/chkstat.c 2011-09-23 10:37:01.000000000
+0200
+++ new/permissions-2012.02.08.0914/chkstat.c 2012-02-08 09:14:56.000000000
+0100
@@ -54,6 +54,7 @@
char** level;
int do_set = -1;
int default_set = 1;
+int have_fscaps = -1;
char** permfiles = NULL;
int npermfiles = 0;
char* force_level;
@@ -281,6 +282,24 @@
//fprintf(stderr, "invalid value for CHECK_PERMISSIONS (must be
'set', 'warn' or 'no')\n");
}
}
+ else if (have_fscaps == -1 && !strncmp(p, "PERMISSIONS_FSCAPS=", 19))
+ {
+ p+=19;
+ if (isquote(*p))
+ ++p;
+ if (!strncmp(p, "yes", 3))
+ {
+ p+=3;
+ if (isquote(*p) || !*p)
+ have_fscaps=1;
+ }
+ else if (!strncmp(p, "no", 2))
+ {
+ p+=2;
+ if (isquote(*p) || !*p)
+ have_fscaps=0;
+ }
+ }
}
fclose(fp);
return 0;
@@ -515,18 +534,18 @@
{
FILE* fp;
char line[128];
- int have_fscaps = FSCAPS_DEFAULT_ENABLED;
+ int val = FSCAPS_DEFAULT_ENABLED;
if ((fp = fopen("/sys/kernel/fscaps", "r")) == 0)
{
goto out;
}
if (readline(fp, line, sizeof(line)))
{
- have_fscaps = atoi(line);
+ val = atoi(line);
}
fclose(fp);
out:
- return have_fscaps;
+ return val;
}
int
@@ -552,7 +571,6 @@
int fd, r;
int errors = 0;
cap_t caps = NULL;
- int have_fscaps = -1;
while (argc > 1)
{
@@ -692,9 +710,6 @@
break;
}
- if (have_fscaps == -1)
- have_fscaps = check_fscaps_enabled();
-
if (systemmode)
{
const char file[] = "/etc/sysconfig/security";
@@ -747,6 +762,11 @@
permfiles = &argv[1];
}
+ if (have_fscaps == 1 && !check_fscaps_enabled())
+ {
+ fprintf(stderr, "Warning: running kernel does not support fscaps\n");
+ }
+
if (do_set == -1)
do_set = 0;
@@ -802,7 +822,7 @@
}
if (!strncmp(p, "+capabilities ", 14))
{
- if (!have_fscaps)
+ if (have_fscaps != 1)
continue;
p += 14;
caps = cap_from_text(p);
@@ -900,10 +920,6 @@
printf("Checking permissions and ownerships - using the permissions
files\n");
for (i = 0; i < npermfiles; i++)
printf("\t%s\n", permfiles[i]);
- if (!have_fscaps)
- {
- printf("kernel has fscaps support disabled.\n");
- }
if (rootl)
{
printf("Using root %s\n", root);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.09.23.1037/obs/mkchanges
new/permissions-2012.02.08.0914/obs/mkchanges
--- old/permissions-2011.09.23.1037/obs/mkchanges 1970-01-01
01:00:00.000000000 +0100
+++ new/permissions-2012.02.08.0914/obs/mkchanges 2012-02-08
09:14:56.000000000 +0100
@@ -0,0 +1,11 @@
+#!/bin/sh
+# create log suitable for c&p into rpm changes file
+if [ -z "$1" ]; then
+ set -- remotes/origin/master..HEAD
+elif [ "${1%.changes}" != "$1" ]; then
+ # parse time stamp of .changes file
+ d=`awk 'NR==2{FS=" - ";$0=$0;print $1;exit}' < $1`
+ set -- --since="$d" HEAD
+fi
+# no idea why it always prints those commit lines
+git rev-list --pretty=format:"- %s" "$@" |grep -v ^commit
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.09.23.1037/obs/mkpackage
new/permissions-2012.02.08.0914/obs/mkpackage
--- old/permissions-2011.09.23.1037/obs/mkpackage 1970-01-01
01:00:00.000000000 +0100
+++ new/permissions-2012.02.08.0914/obs/mkpackage 2012-02-08
09:14:56.000000000 +0100
@@ -0,0 +1,61 @@
+#!/bin/bash
+set -e
+shopt -s nullglob
+name="`pwd -P`"
+name=${name##*/}
+name=${name%%.*}
+dstdir="package"
+src="$PWD"
+if [ ! -d "$dstdir/.osc" ]; then
+ echo "*** Error: please check out the package:"
+ echo "osc branch openSUSE:Factory $name"
+ echo "ln -s home\:*\:branches\:*/$name $dstdir"
+ exit 1
+fi
+if [ "`git --no-pager diff --name-only|wc -l`" != '0' -o "`git --no-pager diff
--name-only --cached|wc -l`" != 0 ]; then
+ echo "*** Error: uncomitted changes"
+ echo "run 'git add file' to add files, 'git commit -a' to commit
changes"
+ exit 1
+fi
+cd "$dstdir"
+echo "osc up"
+osc up
+cd "$src"
+"$src"/obs/mkchanges "$dstdir/$name".changes | tee "$dstdir"/.changes
+#test ! -s $dstdir/.changes || git push
+for i in *.bz2; do
+ /bin/rm -vi "$i"
+done
+cd "$src"
+eval `"$src"/obs/mktar`
+mv "$FILENAME" "$dstdir"
+cd "$dstdir"
+osc add "$FILENAME"
+if [ -n "$VERSION" ]; then
+ read sourcefile < <(/usr/lib/build/spectool --tag "/source0?/"
"$name".spec)
+ if [ -n "$sourcefile" ]; then
+ sourcefile="${sourcefile/*: /}"
+ if [ -e "$sourcefile" ]; then
+ osc rm -f "$sourcefile" || true
+ fi
+ fi
+ sed -i -e "0,/^Version: /{s/^\(Version: *\).*/\1$VERSION/;}"
"$name".spec
+fi
+osc vc "$name".changes .changes && rm -f .changes
+cd "$src"
+if [ -n "`git rev-list remotes/origin/master..HEAD`" ]; then
+ pushed=
+ if ! grep -q refs/heads/master .git/HEAD; then
+ echo "Warning: not on master branch"
+ elif read -p "push changes now? (Y/n) "; then
+ if [ -z "$REPLY" -o "${REPLY#y}" != "$REPLY" ]; then
+ git push && pushed=1 || true
+ fi
+ fi
+ if [ -z "$pushed" ]; then
+ echo "*** Warning: changes not pushed!"
+ else
+ cd "$dstdir"
+ osc ci
+ fi
+fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.09.23.1037/obs/mktar
new/permissions-2012.02.08.0914/obs/mktar
--- old/permissions-2011.09.23.1037/obs/mktar 1970-01-01 01:00:00.000000000
+0100
+++ new/permissions-2012.02.08.0914/obs/mktar 2012-02-08 09:14:56.000000000
+0100
@@ -0,0 +1,18 @@
+#!/bin/sh
+set -e
+NAME=permissions
+VERSION=unused
+datefmt="%Y.%m.%d.%H%M"
+LAST_COMMIT=(`git rev-list --timestamp HEAD^..HEAD`)
+DATE=`date +$datefmt -d "1970-01-01 00:00 UTC $LAST_COMMIT seconds"`
+#revs=`git rev-list master|wc -l`
+#scmver="$revs"
+vers="$DATE"
+pfx="$NAME${vers:+-$vers}"
+fn="$pfx".tar.bz2
+if ! git config --get tar.umask >/dev/null 2>&1 ; then
+ git config --add tar.umask 022
+fi
+git archive --prefix="$pfx"/ HEAD | bzip2 > $fn
+echo "VERSION=$vers"
+echo "FILENAME=$fn"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.09.23.1037/permissions.easy
new/permissions-2012.02.08.0914/permissions.easy
--- old/permissions-2011.09.23.1037/permissions.easy 2011-09-23
10:37:01.000000000 +0200
+++ new/permissions-2012.02.08.0914/permissions.easy 2012-02-08
09:14:56.000000000 +0100
@@ -58,7 +58,6 @@
/usr/bin/ncpumount root:trusted 4750
# #331020
/sbin/mount.nfs root:root 4755
-# mount/umount have had their problems already:
/bin/mount root:root 4755
/bin/umount root:root 4755
/bin/eject root:audio 4755
@@ -274,9 +273,6 @@
/usr/lib/uucp/uucico uucp:uucp 6555
/usr/lib/uucp/uuxqt uucp:uucp 6555
-# zypp (#385207)
-/usr/sbin/zypp-refresh-wrapper root:root 4755
-
# PolicyKit (#295341)
/usr/lib/PolicyKit/polkit-set-default-helper polkituser:root 4755
/usr/lib/PolicyKit/polkit-read-auth-helper root:polkituser 2755
@@ -319,3 +315,25 @@
# chromium (bnc#718016)
/usr/lib/chrome_sandbox root:root
4755
+
+#
+# XXX: / -> /usr merge and sbin -> bin merge
+# XXX: duplicated entries need to be cleaned up before 12.2
+/usr/bin/su root:root 4755
+/usr/sbin/mount.nfs root:root 4755
+/usr/bin/mount.nfs root:root 4755
+/usr/bin/mount root:root 4755
+/usr/bin/umount root:root 4755
+/usr/bin/eject root:audio 4755
+/usr/sbin/unix_chkpwd root:shadow 4755
+/usr/bin/unix_chkpwd root:shadow 4755
+/usr/sbin/unix2_chkpwd root:shadow 4755
+/usr/bin/unix2_chkpwd root:shadow 4755
+/usr/sbin/isdnctrl root:dialout 4750
+/usr/bin/isdnctrl root:dialout 4750
+/usr/sbin/pccardctl root:trusted 4755
+/usr/bin/pccardctl root:trusted 4755
+/usr/bin/ping root:root 4755
+ +capabilities cap_net_raw=ep
+/usr/bin/ping6 root:root 4755
+ +capabilities cap_net_raw=ep
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.09.23.1037/permissions.paranoid
new/permissions-2012.02.08.0914/permissions.paranoid
--- old/permissions-2011.09.23.1037/permissions.paranoid 2011-09-23
10:37:01.000000000 +0200
+++ new/permissions-2012.02.08.0914/permissions.paranoid 2012-02-08
09:14:56.000000000 +0100
@@ -73,7 +73,6 @@
/usr/bin/ncpumount root:trusted 0755
# #331020
/sbin/mount.nfs root:root 0755
-# mount/umount have had their problems already:
/bin/mount root:root 0755
/bin/umount root:root 0755
/bin/eject root:audio 0755
@@ -286,9 +285,6 @@
/usr/lib/uucp/uucico uucp:uucp 0555
/usr/lib/uucp/uuxqt uucp:uucp 0555
-# zypp (#385207)
-/usr/sbin/zypp-refresh-wrapper root:root 0755
-
# PolicyKit (#295341)
/usr/lib/PolicyKit/polkit-set-default-helper root:polkituser 0755
/usr/lib/PolicyKit/polkit-read-auth-helper root:polkituser 0755
@@ -331,3 +327,23 @@
# chromium (bnc#718016)
/usr/lib/chrome_sandbox root:root
0755
+
+#
+# XXX: / -> /usr merge and sbin -> bin merge
+# XXX: duplicated entries need to be cleaned up before 12.2
+/usr/bin/su root:root 0755
+/usr/sbin/mount.nfs root:root 0755
+/usr/bin/mount.nfs root:root 0755
+/usr/bin/mount root:root 0755
+/usr/bin/umount root:root 0755
+/usr/bin/eject root:audio 0750
+/usr/sbin/unix_chkpwd root:shadow 0755
+/usr/bin/unix_chkpwd root:shadow 0755
+/usr/sbin/unix2_chkpwd root:shadow 0755
+/usr/bin/unix2_chkpwd root:shadow 0755
+/usr/sbin/isdnctrl root:dialout 0755
+/usr/bin/isdnctrl root:dialout 0755
+/usr/sbin/pccardctl root:trusted 0755
+/usr/bin/pccardctl root:trusted 0755
+/usr/bin/ping root:root 0755
+/usr/bin/ping6 root:root 0755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.09.23.1037/permissions.secure
new/permissions-2012.02.08.0914/permissions.secure
--- old/permissions-2011.09.23.1037/permissions.secure 2011-09-23
10:37:01.000000000 +0200
+++ new/permissions-2012.02.08.0914/permissions.secure 2012-02-08
09:14:56.000000000 +0100
@@ -96,7 +96,6 @@
/usr/bin/ncpumount root:trusted 4750
# #331020
/sbin/mount.nfs root:root 0755
-# mount/umount have had their problems already:
/bin/mount root:root 4755
/bin/umount root:root 4755
/bin/eject root:audio 4750
@@ -312,9 +311,6 @@
/usr/lib/uucp/uucico uucp:uucp 6555
/usr/lib/uucp/uuxqt uucp:uucp 6555
-# zypp (#385207)
-/usr/sbin/zypp-refresh-wrapper root:root 0755
-
# PolicyKit (#295341)
/usr/lib/PolicyKit/polkit-set-default-helper polkituser:root 4755
/usr/lib/PolicyKit/polkit-read-auth-helper root:polkituser 2755
@@ -357,3 +353,25 @@
# chromium (bnc#718016)
/usr/lib/chrome_sandbox root:root
0755
+
+#
+# XXX: / -> /usr merge and sbin -> bin merge
+# XXX: duplicated entries need to be cleaned up before 12.2
+/usr/bin/su root:root 4755
+/usr/sbin/mount.nfs root:root 0755
+/usr/bin/mount.nfs root:root 0755
+/usr/bin/mount root:root 4755
+/usr/bin/umount root:root 4755
+/usr/bin/eject root:audio 4750
+/usr/sbin/unix_chkpwd root:shadow 4755
+/usr/bin/unix_chkpwd root:shadow 4755
+/usr/sbin/unix2_chkpwd root:shadow 4755
+/usr/bin/unix2_chkpwd root:shadow 4755
+/usr/sbin/isdnctrl root:dialout 4750
+/usr/bin/isdnctrl root:dialout 4750
+/usr/sbin/pccardctl root:trusted 4750
+/usr/bin/pccardctl root:trusted 4750
+/usr/bin/ping root:root 4755
+ +capabilities cap_net_raw=ep
+/usr/bin/ping6 root:root 4755
+ +capabilities cap_net_raw=ep
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
