Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-02-08 15:41:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "permissions", Maintainer is "lnus...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2011-11-07 14:28:56.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-02-08 15:41:13.000000000 +0100 @@ -1,0 +2,11 @@ +Wed Feb 8 08:15:50 UTC 2012 - lnus...@suse.de + +- add duplicate entries for / and /usr (bnc#745622) + +------------------------------------------------------------------- +Tue Feb 7 12:09:17 UTC 2012 - lnus...@suse.de + +- add scripts for automatic package sumission +- drop zypp-refresh-wrapper (bnc#738677) + +------------------------------------------------------------------- Old: ---- 0001-disable-run-time-fscaps-detection-bnc-728312.diff permissions-2011.09.23.1037.tar.bz2 New: ---- permissions-2012.02.08.0914.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ permissions.spec ++++++ --- /var/tmp/diff_new_pack.CeBfIs/_old 2012-02-08 15:41:16.000000000 +0100 +++ /var/tmp/diff_new_pack.CeBfIs/_new 2012-02-08 15:41:16.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,13 +24,12 @@ License: GPL-2.0+ Group: Productivity/Security AutoReqProv: on -Version: 2011.09.23.1037 +Version: 2012.02.08.0914 Release: 1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq Summary: SUSE Linux Default Permissions Source: permissions-%{version}.tar.bz2 -Patch0: 0001-disable-run-time-fscaps-detection-bnc-728312.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://gitorious.org/opensuse/permissions @@ -49,7 +48,6 @@ %prep %setup -q -%patch0 -p1 %build make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0 ++++++ permissions-2011.09.23.1037.tar.bz2 -> permissions-2012.02.08.0914.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.09.23.1037/Makefile new/permissions-2012.02.08.0914/Makefile --- old/permissions-2011.09.23.1037/Makefile 2011-09-23 10:37:01.000000000 +0200 +++ new/permissions-2012.02.08.0914/Makefile 2012-02-08 09:14:56.000000000 +0100 @@ -32,4 +32,7 @@ clean: /bin/rm chkstat -.PHONY: all clean +package: + @obs/mkpackage + +.PHONY: all clean package diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.09.23.1037/chkstat.8 new/permissions-2012.02.08.0914/chkstat.8 --- old/permissions-2011.09.23.1037/chkstat.8 2011-09-23 10:37:01.000000000 +0200 +++ new/permissions-2012.02.08.0914/chkstat.8 2012-02-08 09:14:56.000000000 +0100 @@ -52,8 +52,9 @@ Omit printing the output header lines. .TP .IR \-\-fscaps,\ \-\-no\-fscaps -Force or disable use of fscaps. Default is to automatically -determine whether the running kernel supports fscaps. +Enable or disable use of fscaps. In system mode the setting of +PERMISSIONS_FSCAPS determines whether fscaps are on or off when this +option is not set. .TP .IR \-\-examine\ file Check permissions for this file instead of all files listed in the permissions files. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.09.23.1037/chkstat.c new/permissions-2012.02.08.0914/chkstat.c --- old/permissions-2011.09.23.1037/chkstat.c 2011-09-23 10:37:01.000000000 +0200 +++ new/permissions-2012.02.08.0914/chkstat.c 2012-02-08 09:14:56.000000000 +0100 @@ -54,6 +54,7 @@ char** level; int do_set = -1; int default_set = 1; +int have_fscaps = -1; char** permfiles = NULL; int npermfiles = 0; char* force_level; @@ -281,6 +282,24 @@ //fprintf(stderr, "invalid value for CHECK_PERMISSIONS (must be 'set', 'warn' or 'no')\n"); } } + else if (have_fscaps == -1 && !strncmp(p, "PERMISSIONS_FSCAPS=", 19)) + { + p+=19; + if (isquote(*p)) + ++p; + if (!strncmp(p, "yes", 3)) + { + p+=3; + if (isquote(*p) || !*p) + have_fscaps=1; + } + else if (!strncmp(p, "no", 2)) + { + p+=2; + if (isquote(*p) || !*p) + have_fscaps=0; + } + } } fclose(fp); return 0; @@ -515,18 +534,18 @@ { FILE* fp; char line[128]; - int have_fscaps = FSCAPS_DEFAULT_ENABLED; + int val = FSCAPS_DEFAULT_ENABLED; if ((fp = fopen("/sys/kernel/fscaps", "r")) == 0) { goto out; } if (readline(fp, line, sizeof(line))) { - have_fscaps = atoi(line); + val = atoi(line); } fclose(fp); out: - return have_fscaps; + return val; } int @@ -552,7 +571,6 @@ int fd, r; int errors = 0; cap_t caps = NULL; - int have_fscaps = -1; while (argc > 1) { @@ -692,9 +710,6 @@ break; } - if (have_fscaps == -1) - have_fscaps = check_fscaps_enabled(); - if (systemmode) { const char file[] = "/etc/sysconfig/security"; @@ -747,6 +762,11 @@ permfiles = &argv[1]; } + if (have_fscaps == 1 && !check_fscaps_enabled()) + { + fprintf(stderr, "Warning: running kernel does not support fscaps\n"); + } + if (do_set == -1) do_set = 0; @@ -802,7 +822,7 @@ } if (!strncmp(p, "+capabilities ", 14)) { - if (!have_fscaps) + if (have_fscaps != 1) continue; p += 14; caps = cap_from_text(p); @@ -900,10 +920,6 @@ printf("Checking permissions and ownerships - using the permissions files\n"); for (i = 0; i < npermfiles; i++) printf("\t%s\n", permfiles[i]); - if (!have_fscaps) - { - printf("kernel has fscaps support disabled.\n"); - } if (rootl) { printf("Using root %s\n", root); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.09.23.1037/obs/mkchanges new/permissions-2012.02.08.0914/obs/mkchanges --- old/permissions-2011.09.23.1037/obs/mkchanges 1970-01-01 01:00:00.000000000 +0100 +++ new/permissions-2012.02.08.0914/obs/mkchanges 2012-02-08 09:14:56.000000000 +0100 @@ -0,0 +1,11 @@ +#!/bin/sh +# create log suitable for c&p into rpm changes file +if [ -z "$1" ]; then + set -- remotes/origin/master..HEAD +elif [ "${1%.changes}" != "$1" ]; then + # parse time stamp of .changes file + d=`awk 'NR==2{FS=" - ";$0=$0;print $1;exit}' < $1` + set -- --since="$d" HEAD +fi +# no idea why it always prints those commit lines +git rev-list --pretty=format:"- %s" "$@" |grep -v ^commit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.09.23.1037/obs/mkpackage new/permissions-2012.02.08.0914/obs/mkpackage --- old/permissions-2011.09.23.1037/obs/mkpackage 1970-01-01 01:00:00.000000000 +0100 +++ new/permissions-2012.02.08.0914/obs/mkpackage 2012-02-08 09:14:56.000000000 +0100 @@ -0,0 +1,61 @@ +#!/bin/bash +set -e +shopt -s nullglob +name="`pwd -P`" +name=${name##*/} +name=${name%%.*} +dstdir="package" +src="$PWD" +if [ ! -d "$dstdir/.osc" ]; then + echo "*** Error: please check out the package:" + echo "osc branch openSUSE:Factory $name" + echo "ln -s home\:*\:branches\:*/$name $dstdir" + exit 1 +fi +if [ "`git --no-pager diff --name-only|wc -l`" != '0' -o "`git --no-pager diff --name-only --cached|wc -l`" != 0 ]; then + echo "*** Error: uncomitted changes" + echo "run 'git add file' to add files, 'git commit -a' to commit changes" + exit 1 +fi +cd "$dstdir" +echo "osc up" +osc up +cd "$src" +"$src"/obs/mkchanges "$dstdir/$name".changes | tee "$dstdir"/.changes +#test ! -s $dstdir/.changes || git push +for i in *.bz2; do + /bin/rm -vi "$i" +done +cd "$src" +eval `"$src"/obs/mktar` +mv "$FILENAME" "$dstdir" +cd "$dstdir" +osc add "$FILENAME" +if [ -n "$VERSION" ]; then + read sourcefile < <(/usr/lib/build/spectool --tag "/source0?/" "$name".spec) + if [ -n "$sourcefile" ]; then + sourcefile="${sourcefile/*: /}" + if [ -e "$sourcefile" ]; then + osc rm -f "$sourcefile" || true + fi + fi + sed -i -e "0,/^Version: /{s/^\(Version: *\).*/\1$VERSION/;}" "$name".spec +fi +osc vc "$name".changes .changes && rm -f .changes +cd "$src" +if [ -n "`git rev-list remotes/origin/master..HEAD`" ]; then + pushed= + if ! grep -q refs/heads/master .git/HEAD; then + echo "Warning: not on master branch" + elif read -p "push changes now? (Y/n) "; then + if [ -z "$REPLY" -o "${REPLY#y}" != "$REPLY" ]; then + git push && pushed=1 || true + fi + fi + if [ -z "$pushed" ]; then + echo "*** Warning: changes not pushed!" + else + cd "$dstdir" + osc ci + fi +fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.09.23.1037/obs/mktar new/permissions-2012.02.08.0914/obs/mktar --- old/permissions-2011.09.23.1037/obs/mktar 1970-01-01 01:00:00.000000000 +0100 +++ new/permissions-2012.02.08.0914/obs/mktar 2012-02-08 09:14:56.000000000 +0100 @@ -0,0 +1,18 @@ +#!/bin/sh +set -e +NAME=permissions +VERSION=unused +datefmt="%Y.%m.%d.%H%M" +LAST_COMMIT=(`git rev-list --timestamp HEAD^..HEAD`) +DATE=`date +$datefmt -d "1970-01-01 00:00 UTC $LAST_COMMIT seconds"` +#revs=`git rev-list master|wc -l` +#scmver="$revs" +vers="$DATE" +pfx="$NAME${vers:+-$vers}" +fn="$pfx".tar.bz2 +if ! git config --get tar.umask >/dev/null 2>&1 ; then + git config --add tar.umask 022 +fi +git archive --prefix="$pfx"/ HEAD | bzip2 > $fn +echo "VERSION=$vers" +echo "FILENAME=$fn" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.09.23.1037/permissions.easy new/permissions-2012.02.08.0914/permissions.easy --- old/permissions-2011.09.23.1037/permissions.easy 2011-09-23 10:37:01.000000000 +0200 +++ new/permissions-2012.02.08.0914/permissions.easy 2012-02-08 09:14:56.000000000 +0100 @@ -58,7 +58,6 @@ /usr/bin/ncpumount root:trusted 4750 # #331020 /sbin/mount.nfs root:root 4755 -# mount/umount have had their problems already: /bin/mount root:root 4755 /bin/umount root:root 4755 /bin/eject root:audio 4755 @@ -274,9 +273,6 @@ /usr/lib/uucp/uucico uucp:uucp 6555 /usr/lib/uucp/uuxqt uucp:uucp 6555 -# zypp (#385207) -/usr/sbin/zypp-refresh-wrapper root:root 4755 - # PolicyKit (#295341) /usr/lib/PolicyKit/polkit-set-default-helper polkituser:root 4755 /usr/lib/PolicyKit/polkit-read-auth-helper root:polkituser 2755 @@ -319,3 +315,25 @@ # chromium (bnc#718016) /usr/lib/chrome_sandbox root:root 4755 + +# +# XXX: / -> /usr merge and sbin -> bin merge +# XXX: duplicated entries need to be cleaned up before 12.2 +/usr/bin/su root:root 4755 +/usr/sbin/mount.nfs root:root 4755 +/usr/bin/mount.nfs root:root 4755 +/usr/bin/mount root:root 4755 +/usr/bin/umount root:root 4755 +/usr/bin/eject root:audio 4755 +/usr/sbin/unix_chkpwd root:shadow 4755 +/usr/bin/unix_chkpwd root:shadow 4755 +/usr/sbin/unix2_chkpwd root:shadow 4755 +/usr/bin/unix2_chkpwd root:shadow 4755 +/usr/sbin/isdnctrl root:dialout 4750 +/usr/bin/isdnctrl root:dialout 4750 +/usr/sbin/pccardctl root:trusted 4755 +/usr/bin/pccardctl root:trusted 4755 +/usr/bin/ping root:root 4755 + +capabilities cap_net_raw=ep +/usr/bin/ping6 root:root 4755 + +capabilities cap_net_raw=ep diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.09.23.1037/permissions.paranoid new/permissions-2012.02.08.0914/permissions.paranoid --- old/permissions-2011.09.23.1037/permissions.paranoid 2011-09-23 10:37:01.000000000 +0200 +++ new/permissions-2012.02.08.0914/permissions.paranoid 2012-02-08 09:14:56.000000000 +0100 @@ -73,7 +73,6 @@ /usr/bin/ncpumount root:trusted 0755 # #331020 /sbin/mount.nfs root:root 0755 -# mount/umount have had their problems already: /bin/mount root:root 0755 /bin/umount root:root 0755 /bin/eject root:audio 0755 @@ -286,9 +285,6 @@ /usr/lib/uucp/uucico uucp:uucp 0555 /usr/lib/uucp/uuxqt uucp:uucp 0555 -# zypp (#385207) -/usr/sbin/zypp-refresh-wrapper root:root 0755 - # PolicyKit (#295341) /usr/lib/PolicyKit/polkit-set-default-helper root:polkituser 0755 /usr/lib/PolicyKit/polkit-read-auth-helper root:polkituser 0755 @@ -331,3 +327,23 @@ # chromium (bnc#718016) /usr/lib/chrome_sandbox root:root 0755 + +# +# XXX: / -> /usr merge and sbin -> bin merge +# XXX: duplicated entries need to be cleaned up before 12.2 +/usr/bin/su root:root 0755 +/usr/sbin/mount.nfs root:root 0755 +/usr/bin/mount.nfs root:root 0755 +/usr/bin/mount root:root 0755 +/usr/bin/umount root:root 0755 +/usr/bin/eject root:audio 0750 +/usr/sbin/unix_chkpwd root:shadow 0755 +/usr/bin/unix_chkpwd root:shadow 0755 +/usr/sbin/unix2_chkpwd root:shadow 0755 +/usr/bin/unix2_chkpwd root:shadow 0755 +/usr/sbin/isdnctrl root:dialout 0755 +/usr/bin/isdnctrl root:dialout 0755 +/usr/sbin/pccardctl root:trusted 0755 +/usr/bin/pccardctl root:trusted 0755 +/usr/bin/ping root:root 0755 +/usr/bin/ping6 root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.09.23.1037/permissions.secure new/permissions-2012.02.08.0914/permissions.secure --- old/permissions-2011.09.23.1037/permissions.secure 2011-09-23 10:37:01.000000000 +0200 +++ new/permissions-2012.02.08.0914/permissions.secure 2012-02-08 09:14:56.000000000 +0100 @@ -96,7 +96,6 @@ /usr/bin/ncpumount root:trusted 4750 # #331020 /sbin/mount.nfs root:root 0755 -# mount/umount have had their problems already: /bin/mount root:root 4755 /bin/umount root:root 4755 /bin/eject root:audio 4750 @@ -312,9 +311,6 @@ /usr/lib/uucp/uucico uucp:uucp 6555 /usr/lib/uucp/uuxqt uucp:uucp 6555 -# zypp (#385207) -/usr/sbin/zypp-refresh-wrapper root:root 0755 - # PolicyKit (#295341) /usr/lib/PolicyKit/polkit-set-default-helper polkituser:root 4755 /usr/lib/PolicyKit/polkit-read-auth-helper root:polkituser 2755 @@ -357,3 +353,25 @@ # chromium (bnc#718016) /usr/lib/chrome_sandbox root:root 0755 + +# +# XXX: / -> /usr merge and sbin -> bin merge +# XXX: duplicated entries need to be cleaned up before 12.2 +/usr/bin/su root:root 4755 +/usr/sbin/mount.nfs root:root 0755 +/usr/bin/mount.nfs root:root 0755 +/usr/bin/mount root:root 4755 +/usr/bin/umount root:root 4755 +/usr/bin/eject root:audio 4750 +/usr/sbin/unix_chkpwd root:shadow 4755 +/usr/bin/unix_chkpwd root:shadow 4755 +/usr/sbin/unix2_chkpwd root:shadow 4755 +/usr/bin/unix2_chkpwd root:shadow 4755 +/usr/sbin/isdnctrl root:dialout 4750 +/usr/bin/isdnctrl root:dialout 4750 +/usr/sbin/pccardctl root:trusted 4750 +/usr/bin/pccardctl root:trusted 4750 +/usr/bin/ping root:root 4755 + +capabilities cap_net_raw=ep +/usr/bin/ping6 root:root 4755 + +capabilities cap_net_raw=ep -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org