Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-08-31 16:47:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.3399 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "permissions"
Mon Aug 31 16:47:18 2020 rev:141 rq:829800 version:unknown
Changes:
--------
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-08-17
12:00:02.310515648 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.3399/permissions.changes
2020-08-31 16:47:25.108272046 +0200
@@ -1,0 +2,11 @@
+Wed Aug 26 12:33:11 UTC 2020 - malte.kr...@suse.com
+
+- Update to version 20200826:
+ * mtr-packet: stop requiring dialout group
+ * etc/permissions: fix mtr permission
+ * list_permissions: improve output format
+ * list_permissions: support globbing in --path argument
+ * list_permissions: implement simplifications suggested in PR#92
+ * list_permissions: new tool for better path configuration overview
+
+-------------------------------------------------------------------
Old:
----
permissions-20200811.tar.xz
New:
----
permissions-20200826.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ permissions.spec ++++++
--- /var/tmp/diff_new_pack.hrRaOF/_old 2020-08-31 16:47:25.980272468 +0200
+++ /var/tmp/diff_new_pack.hrRaOF/_new 2020-08-31 16:47:25.984272470 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION_DATE 20200811
+%define VERSION_DATE 20200826
Name: permissions
Version: %{VERSION_DATE}.%{suse_version}
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.hrRaOF/_old 2020-08-31 16:47:26.024272490 +0200
+++ /var/tmp/diff_new_pack.hrRaOF/_new 2020-08-31 16:47:26.024272490 +0200
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/openSUSE/permissions.git</param>
- <param
name="changesrevision">a42371988f74c07914cc681f29d8a85b1f043d27</param></service></servicedata>
\ No newline at end of file
+ <param
name="changesrevision">4d0b7f3f806b4a5f39c61a90fa36de6c6bb6ed9a</param></service></servicedata>
\ No newline at end of file
++++++ permissions-20200811.tar.xz -> permissions-20200826.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200811/profiles/permissions.easy
new/permissions-20200826/profiles/permissions.easy
--- old/permissions-20200811/profiles/permissions.easy 2020-08-11
13:56:21.000000000 +0200
+++ new/permissions-20200826/profiles/permissions.easy 2020-08-26
14:32:45.000000000 +0200
@@ -98,8 +98,8 @@
+capabilities cap_net_raw=p
/usr/bin/ping root:root 0755
+capabilities cap_net_raw=p
-# mtr is linked against ncurses. For dialout only.
-/usr/sbin/mtr root:dialout 0750
+# mtr
+/usr/sbin/mtr-packet root:root 0755
+capabilities cap_net_raw=ep
# exim
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200811/profiles/permissions.paranoid
new/permissions-20200826/profiles/permissions.paranoid
--- old/permissions-20200811/profiles/permissions.paranoid 2020-08-11
13:56:21.000000000 +0200
+++ new/permissions-20200826/profiles/permissions.paranoid 2020-08-26
14:32:45.000000000 +0200
@@ -113,8 +113,8 @@
#
/usr/bin/clockdiff root:root 0755
/usr/bin/ping root:root 0755
-# mtr is linked against ncurses.
-/usr/sbin/mtr root:dialout 0750
+# mtr
+/usr/sbin/mtr-packet root:root 0755
# exim
/usr/sbin/exim root:root 0755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200811/profiles/permissions.secure
new/permissions-20200826/profiles/permissions.secure
--- old/permissions-20200811/profiles/permissions.secure 2020-08-11
13:56:21.000000000 +0200
+++ new/permissions-20200826/profiles/permissions.secure 2020-08-26
14:32:45.000000000 +0200
@@ -139,8 +139,8 @@
+capabilities cap_net_raw=p
/usr/bin/ping root:root 0755
+capabilities cap_net_raw=p
-# mtr is linked against ncurses. no suid bit, for root only:
-/usr/sbin/mtr root:dialout 0750
+# mtr
+/usr/sbin/mtr-packet root:root 0755
# exim
/usr/sbin/exim root:root 4755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200811/tools/list_permissions.py
new/permissions-20200826/tools/list_permissions.py
--- old/permissions-20200811/tools/list_permissions.py 1970-01-01
01:00:00.000000000 +0100
+++ new/permissions-20200826/tools/list_permissions.py 2020-08-26
14:32:45.000000000 +0200
@@ -0,0 +1,144 @@
+#!/usr/bin/python3
+
+# vim: ts=8 noet sw=8 sts=8 :
+
+import argparse
+import fnmatch
+from pathlib import Path
+
+parser = argparse.ArgumentParser("list assembled permissions profile
information for individual paths")
+parser.add_argument("-p", "--path", type=str, default = "*", help = "list only
information about the given path, supports globbing")
+
+repo_root = (Path(__file__).parent.parent).resolve()
+profile_dir = repo_root / "profiles"
+etc_dir = repo_root / "etc"
+
+PROFILE_SUFFIXES = ("easy", "secure", "paranoid")
+
+class ProfileParser:
+
+ def __init__(self, paths):
+ self.m_paths = paths
+ # a dictionary like
+ # {
+ # "/some/path": {
+ # "permissions.secure": {
+ # "comments": ["# some comment", ...],
+ # "config": [ "/some/path user:group 0441",
"+capability ..." ],
+ # ...
+ # },
+ # ...
+ # }
+ self.m_entries = {}
+
+ def parse(self):
+ for path in self.m_paths:
+ label = path.name
+
+ with open(path) as fd:
+ self._parseFile(fd, label)
+
+ def _getDictEntry(self, path, label):
+ path_entries = self.m_entries.setdefault(path, {})
+ return path_entries.setdefault(label, {})
+
+ def _parseFile(self, fd, label):
+
+ comments = []
+ current_path = None
+
+ for line in fd.readlines():
+
+ line = line.strip()
+
+ if line.startswith("#"):
+ # keep track of a comment block header before
+ # a path line appears. empty/other lines cause
+ # comment blocks to be reset in the else
+ # branch.
+ # Also skip empty comment lines.
+ if line != "#":
+ comments.append(line)
+ elif line.startswith("/"):
+ path, config = line.split(None, 1)
+ current_path = path
+
+ entry = self._getDictEntry(path, label)
+ entry["comments"] = comments
+ comments = []
+
+ lines = entry.setdefault("config", [])
+ lines.append(config)
+ elif line.startswith("+"):
+ entry = self._getDictEntry(current_path, label)
+ entry["config"].append(line)
+ else:
+ comments = []
+ current_path = None
+
+ def getEntries(self):
+ return self.m_entries
+
+ def getMaxLabelLen(self):
+ return max( len(str(label.name)) for label in self.m_paths )
+
+def extractCommonComments(profiles):
+ # merge comments for different profiles if they are present and equal
+ ret = []
+ while True:
+ comments = { entry["comments"][0] if entry["comments"] else ""
for entry in profiles.values() }
+ line = comments.pop() if len(comments) == 1 else ""
+ if line:
+ ret.append(line)
+ for profile in profiles:
+ profiles[profile]["comments"].pop(0)
+ else:
+ return ret
+
+args = parser.parse_args()
+
+profiles = [profile_dir / "permissions.{}".format(profile) for profile in
PROFILE_SUFFIXES]
+fixed_config = etc_dir / "permissions"
+
+pp = ProfileParser([fixed_config] + profiles)
+pp.parse()
+
+max_label_len = pp.getMaxLabelLen()
+
+for path, profiles in pp.getEntries().items():
+ # apply filtering logic from command line (default matches all files)
+ if not fnmatch.fnmatch(path, args.path):
+ continue
+
+ print(path + "\n")
+
+ common_comments = extractCommonComments(profiles)
+ comment_indent = "\t" + " ".ljust(max_label_len) + "\t\t"
+
+ for comment in common_comments:
+ print(comment_indent + comment)
+
+ for i, profile in enumerate(profiles):
+ entry = profiles[profile]
+
+ if entry["comments"] or (i == 0 and common_comments):
+ print()
+ for line in entry["comments"]:
+ print(comment_indent + line)
+
+ print("\t" + profile.ljust(max_label_len), end = '')
+
+ # merge the config into a single line to allow for a simpler
+ # output structure with a single line per profile
+ config = ' '.join(entry["config"])
+
+ # if the config is equal to the previous profile's then don't
+ # print it again, to avoid printing redundant information
+ if i > 0 and list(profiles.values())[i-1]["config"] ==
entry["config"]:
+ print('\t\t"{spaces}"'.format(
+ spaces = ' ' * (len(config.expandtabs()) - 2)))
+ continue
+
+ print("\t\t" + config)
+ print()
+
