Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-08-31 16:47:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "permissions" Mon Aug 31 16:47:18 2020 rev:141 rq:829800 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-08-17 12:00:02.310515648 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.3399/permissions.changes 2020-08-31 16:47:25.108272046 +0200 @@ -1,0 +2,11 @@ +Wed Aug 26 12:33:11 UTC 2020 - malte.kr...@suse.com + +- Update to version 20200826: + * mtr-packet: stop requiring dialout group + * etc/permissions: fix mtr permission + * list_permissions: improve output format + * list_permissions: support globbing in --path argument + * list_permissions: implement simplifications suggested in PR#92 + * list_permissions: new tool for better path configuration overview + +------------------------------------------------------------------- Old: ---- permissions-20200811.tar.xz New: ---- permissions-20200826.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ permissions.spec ++++++ --- /var/tmp/diff_new_pack.hrRaOF/_old 2020-08-31 16:47:25.980272468 +0200 +++ /var/tmp/diff_new_pack.hrRaOF/_new 2020-08-31 16:47:25.984272470 +0200 @@ -16,7 +16,7 @@ # -%define VERSION_DATE 20200811 +%define VERSION_DATE 20200826 Name: permissions Version: %{VERSION_DATE}.%{suse_version} ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.hrRaOF/_old 2020-08-31 16:47:26.024272490 +0200 +++ /var/tmp/diff_new_pack.hrRaOF/_new 2020-08-31 16:47:26.024272490 +0200 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/openSUSE/permissions.git</param> - <param name="changesrevision">a42371988f74c07914cc681f29d8a85b1f043d27</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">4d0b7f3f806b4a5f39c61a90fa36de6c6bb6ed9a</param></service></servicedata> \ No newline at end of file ++++++ permissions-20200811.tar.xz -> permissions-20200826.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200811/profiles/permissions.easy new/permissions-20200826/profiles/permissions.easy --- old/permissions-20200811/profiles/permissions.easy 2020-08-11 13:56:21.000000000 +0200 +++ new/permissions-20200826/profiles/permissions.easy 2020-08-26 14:32:45.000000000 +0200 @@ -98,8 +98,8 @@ +capabilities cap_net_raw=p /usr/bin/ping root:root 0755 +capabilities cap_net_raw=p -# mtr is linked against ncurses. For dialout only. -/usr/sbin/mtr root:dialout 0750 +# mtr +/usr/sbin/mtr-packet root:root 0755 +capabilities cap_net_raw=ep # exim diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200811/profiles/permissions.paranoid new/permissions-20200826/profiles/permissions.paranoid --- old/permissions-20200811/profiles/permissions.paranoid 2020-08-11 13:56:21.000000000 +0200 +++ new/permissions-20200826/profiles/permissions.paranoid 2020-08-26 14:32:45.000000000 +0200 @@ -113,8 +113,8 @@ # /usr/bin/clockdiff root:root 0755 /usr/bin/ping root:root 0755 -# mtr is linked against ncurses. -/usr/sbin/mtr root:dialout 0750 +# mtr +/usr/sbin/mtr-packet root:root 0755 # exim /usr/sbin/exim root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200811/profiles/permissions.secure new/permissions-20200826/profiles/permissions.secure --- old/permissions-20200811/profiles/permissions.secure 2020-08-11 13:56:21.000000000 +0200 +++ new/permissions-20200826/profiles/permissions.secure 2020-08-26 14:32:45.000000000 +0200 @@ -139,8 +139,8 @@ +capabilities cap_net_raw=p /usr/bin/ping root:root 0755 +capabilities cap_net_raw=p -# mtr is linked against ncurses. no suid bit, for root only: -/usr/sbin/mtr root:dialout 0750 +# mtr +/usr/sbin/mtr-packet root:root 0755 # exim /usr/sbin/exim root:root 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200811/tools/list_permissions.py new/permissions-20200826/tools/list_permissions.py --- old/permissions-20200811/tools/list_permissions.py 1970-01-01 01:00:00.000000000 +0100 +++ new/permissions-20200826/tools/list_permissions.py 2020-08-26 14:32:45.000000000 +0200 @@ -0,0 +1,144 @@ +#!/usr/bin/python3 + +# vim: ts=8 noet sw=8 sts=8 : + +import argparse +import fnmatch +from pathlib import Path + +parser = argparse.ArgumentParser("list assembled permissions profile information for individual paths") +parser.add_argument("-p", "--path", type=str, default = "*", help = "list only information about the given path, supports globbing") + +repo_root = (Path(__file__).parent.parent).resolve() +profile_dir = repo_root / "profiles" +etc_dir = repo_root / "etc" + +PROFILE_SUFFIXES = ("easy", "secure", "paranoid") + +class ProfileParser: + + def __init__(self, paths): + self.m_paths = paths + # a dictionary like + # { + # "/some/path": { + # "permissions.secure": { + # "comments": ["# some comment", ...], + # "config": [ "/some/path user:group 0441", "+capability ..." ], + # ... + # }, + # ... + # } + self.m_entries = {} + + def parse(self): + for path in self.m_paths: + label = path.name + + with open(path) as fd: + self._parseFile(fd, label) + + def _getDictEntry(self, path, label): + path_entries = self.m_entries.setdefault(path, {}) + return path_entries.setdefault(label, {}) + + def _parseFile(self, fd, label): + + comments = [] + current_path = None + + for line in fd.readlines(): + + line = line.strip() + + if line.startswith("#"): + # keep track of a comment block header before + # a path line appears. empty/other lines cause + # comment blocks to be reset in the else + # branch. + # Also skip empty comment lines. + if line != "#": + comments.append(line) + elif line.startswith("/"): + path, config = line.split(None, 1) + current_path = path + + entry = self._getDictEntry(path, label) + entry["comments"] = comments + comments = [] + + lines = entry.setdefault("config", []) + lines.append(config) + elif line.startswith("+"): + entry = self._getDictEntry(current_path, label) + entry["config"].append(line) + else: + comments = [] + current_path = None + + def getEntries(self): + return self.m_entries + + def getMaxLabelLen(self): + return max( len(str(label.name)) for label in self.m_paths ) + +def extractCommonComments(profiles): + # merge comments for different profiles if they are present and equal + ret = [] + while True: + comments = { entry["comments"][0] if entry["comments"] else "" for entry in profiles.values() } + line = comments.pop() if len(comments) == 1 else "" + if line: + ret.append(line) + for profile in profiles: + profiles[profile]["comments"].pop(0) + else: + return ret + +args = parser.parse_args() + +profiles = [profile_dir / "permissions.{}".format(profile) for profile in PROFILE_SUFFIXES] +fixed_config = etc_dir / "permissions" + +pp = ProfileParser([fixed_config] + profiles) +pp.parse() + +max_label_len = pp.getMaxLabelLen() + +for path, profiles in pp.getEntries().items(): + # apply filtering logic from command line (default matches all files) + if not fnmatch.fnmatch(path, args.path): + continue + + print(path + "\n") + + common_comments = extractCommonComments(profiles) + comment_indent = "\t" + " ".ljust(max_label_len) + "\t\t" + + for comment in common_comments: + print(comment_indent + comment) + + for i, profile in enumerate(profiles): + entry = profiles[profile] + + if entry["comments"] or (i == 0 and common_comments): + print() + for line in entry["comments"]: + print(comment_indent + line) + + print("\t" + profile.ljust(max_label_len), end = '') + + # merge the config into a single line to allow for a simpler + # output structure with a single line per profile + config = ' '.join(entry["config"]) + + # if the config is equal to the previous profile's then don't + # print it again, to avoid printing redundant information + if i > 0 and list(profiles.values())[i-1]["config"] == entry["config"]: + print('\t\t"{spaces}"'.format( + spaces = ' ' * (len(config.expandtabs()) - 2))) + continue + + print("\t\t" + config) + print() +