polkit/polkit.spec

449 lines
15 KiB
RPMSpec
Raw Normal View History

# Only enable if using patches that touches configure.ac,
# Makefile.am or other build system related files
#
%define enable_autoreconf 1
Summary: An authorization framework
2009-06-08 20:42:27 +00:00
Name: polkit
2013-09-18 17:39:38 +00:00
Version: 0.112
Release: 4%{?dist}
License: LGPLv2+
URL: http://www.freedesktop.org/wiki/Software/polkit
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
2013-05-15 21:41:05 +00:00
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
# https://bugs.freedesktop.org/show_bug.cgi?id=71894
Patch0: polkit-0.112-XDG_RUNTIME_DIR.patch
# https://bugs.freedesktop.org/show_bug.cgi?id=60847
Patch1: polkit-0.112-PolkitAgentSession-race.patch
# http://cgit.freedesktop.org/polkit/commit/?id=26d0c0578211fb96fc8fe75572aa11ad6ecbf9b8
Patch2: polkit-0.112-systemd-Deduplicate-code-paths.patch
# http://cgit.freedesktop.org/polkit/commit/?id=a68f5dfd7662767b7b9822090b70bc5bd145c50c
Patch3: polkit-0.112-systemd-prepare-for-D-Bus-user-bus.patch
2009-06-08 20:42:27 +00:00
Group: System Environment/Libraries
BuildRequires: glib2-devel >= 2.30.0
2009-06-08 20:42:27 +00:00
BuildRequires: expat-devel
BuildRequires: pam-devel
BuildRequires: gtk-doc
BuildRequires: intltool
2009-08-12 19:25:45 +00:00
BuildRequires: gobject-introspection-devel
BuildRequires: systemd-devel
BuildRequires: mozjs17-devel
2009-06-08 20:42:27 +00:00
%if 0%{?enable_autoreconf}
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
%endif
2013-05-15 21:40:25 +00:00
Requires: dbus, polkit-pkla-compat
2009-06-08 20:42:27 +00:00
Requires(pre): shadow-utils
Requires(post): /sbin/ldconfig, systemd
Requires(preun): systemd
Requires(postun): /sbin/ldconfig, systemd
Obsoletes: PolicyKit <= 0.10
Provides: PolicyKit = 0.11
# polkit saw some API/ABI changes from 0.96 to 0.97 so require a
# sufficiently new polkit-gnome package
Conflicts: polkit-gnome < 0.97
Obsoletes: polkit-desktop-policy < 0.103
Provides: polkit-desktop-policy = 0.103
Obsoletes: polkit-js-engine < 0.110-4
Provides: polkit-js-engine = %{version}-%{release}
2009-06-08 20:42:27 +00:00
%description
polkit is a toolkit for defining and handling authorizations. It is
used for allowing unprivileged processes to speak to privileged
2009-06-08 20:42:27 +00:00
processes.
%package devel
Summary: Development files for polkit
2009-06-08 20:42:27 +00:00
Group: Development/Libraries
Requires: %name = %{version}-%{release}
Requires: %name-docs = %{version}-%{release}
Requires: glib2-devel
Obsoletes: PolicyKit-devel <= 0.10
Provides: PolicyKit-devel = 0.11
2009-06-08 20:42:27 +00:00
%description devel
Development files for polkit.
2009-06-08 20:42:27 +00:00
%package docs
Summary: Development documentation for polkit
2009-06-08 20:42:27 +00:00
Group: Development/Libraries
Requires: %name-devel = %{version}-%{release}
Obsoletes: PolicyKit-docs <= 0.10
Provides: PolicyKit-docs = 0.11
BuildArch: noarch
2009-06-08 20:42:27 +00:00
%description docs
Development documentation for polkit.
2009-06-08 20:42:27 +00:00
%prep
%setup -q
%patch0 -p1 -b .XDG_RUNTIME_DIR
%patch1 -p1 -b .PolkitAgentSession-race
%patch2 -p1 -b .dbus-user-bus
%patch3 -p1 -b .session-dedup-code
2009-06-08 20:42:27 +00:00
%build
%if 0%{?enable_autoreconf}
autoreconf -i
%endif
2013-01-08 00:43:29 +00:00
# we can't use _hardened_build here, see
# https://bugzilla.redhat.com/show_bug.cgi?id=962005
2013-01-08 00:43:29 +00:00
export CFLAGS='-fPIC %optflags'
export LDFLAGS='-pie -Wl,-z,now -Wl,-z,relro'
2010-11-13 04:02:06 +00:00
%configure --enable-gtk-doc \
--disable-static \
--enable-introspection \
--disable-examples \
--enable-libsystemd-login=yes --with-mozjs=mozjs-17.0
2013-05-10 22:44:20 +00:00
make V=1
2009-06-08 20:42:27 +00:00
%install
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
2009-06-08 20:42:27 +00:00
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
%find_lang polkit-1
%pre
getent group polkitd >/dev/null || groupadd -r polkitd
getent passwd polkitd >/dev/null || useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd
exit 0
%post
/sbin/ldconfig
# The implied (systemctl preset) will fail and complain, but the macro hides
# and ignores the fact. This is in fact what we want, polkit.service does not
# have an [Install] section and it is always started on demand.
%systemd_post polkit.service
2009-06-08 20:42:27 +00:00
%preun
%systemd_preun polkit.service
%postun
/sbin/ldconfig
# Not %%systemd_postun_with_restart - let's err on the side of safety, and keep
# the daemon, with its temporary authorizations and agent registrations, running
# after the upgrade as well; it would be unfortunate if the upgrade tool failed
# because a component can't handle polkitd losing state.
%systemd_postun
2009-06-08 20:42:27 +00:00
%files -f polkit-1.lang
%defattr(-,root,root,-)
%doc COPYING NEWS README
2009-06-08 20:42:27 +00:00
%{_libdir}/lib*.so.*
2009-08-12 19:25:45 +00:00
%{_datadir}/man/man1/*
%{_datadir}/man/man8/*
2009-06-08 20:42:27 +00:00
%{_datadir}/dbus-1/system-services/*
2013-05-10 23:43:02 +00:00
%{_unitdir}/polkit.service
2009-06-08 20:42:27 +00:00
%dir %{_datadir}/polkit-1/
%dir %{_datadir}/polkit-1/actions
%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d
2009-06-08 20:42:27 +00:00
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
%dir %{_sysconfdir}/polkit-1
%{_sysconfdir}/polkit-1/rules.d/50-default.rules
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d
2009-06-08 20:42:27 +00:00
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
%{_sysconfdir}/pam.d/polkit-1
%{_bindir}/pkaction
%{_bindir}/pkcheck
%{_bindir}/pkttyagent
%dir %{_prefix}/lib/polkit-1
%{_prefix}/lib/polkit-1/polkitd
2010-11-13 04:02:06 +00:00
%{_libdir}/girepository-1.0/*.typelib
2009-06-08 20:42:27 +00:00
# see upstream docs for why these permissions are necessary
%attr(4755,root,root) %{_bindir}/pkexec
%attr(4755,root,root) %{_prefix}/lib/polkit-1/polkit-agent-helper-1
2009-08-12 19:25:45 +00:00
2009-06-08 20:42:27 +00:00
%files devel
%defattr(-,root,root,-)
%{_libdir}/lib*.so
%{_libdir}/pkgconfig/*.pc
2010-11-13 04:02:06 +00:00
%{_datadir}/gir-1.0/*.gir
2009-06-08 20:42:27 +00:00
%{_includedir}/*
%files docs
%defattr(-,root,root,-)
2010-08-23 23:19:35 +00:00
%{_datadir}/gtk-doc
2009-06-08 20:42:27 +00:00
%changelog
* Thu Jun 5 2014 Kay Sievers <kay@redhat.com> - 0.112-4
- backport upstream D-Bus "user bus" changes
* Mon Feb 10 2014 Miloslav Trmač <mitr@redhat.com> - 0.112-3
- Fix a PolkitAgentSession race condition
Resolves: #1063193
* Sat Dec 7 2013 Miloslav Trmač <mitr@redhat.com> - 0.112-2
- Workaround pam_systemd setting broken XDG_RUNTIME_DIR
Resolves: #1033774
- Always use mozjs-17.0 even if js-devel is installed
2013-09-18 17:39:38 +00:00
* Wed Sep 18 2013 Miloslav Trmač <mitr@redhat.com> - 0.112-1
- Update to polkit-0.112
- Resolves: #1009538, CVE-2013-4288
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.111-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed May 29 2013 Tomas Bzatek <tbzatek@redhat.com> - 0.111-2
- Fix a race on PolkitSubject type registration (#866718)
2013-05-15 21:40:25 +00:00
* Wed May 15 2013 Miloslav Trmač <mitr@redhat.com> - 0.111-1
- Update to polkit-0.111
Resolves: #917888
- Use SpiderMonkey from mozjs17 instead of js
2013-05-15 21:41:05 +00:00
- Ship the signature in the srpm
- Try to preserve timestamps in (make install)
2013-05-15 21:40:25 +00:00
2013-05-10 22:44:20 +00:00
* Fri May 10 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-4
- Shut up rpmlint about Summary:
2013-05-10 22:44:20 +00:00
- Build with V=1
2013-05-10 23:43:02 +00:00
- Use %%{_unitdir} instead of hard-coding the path
- Use the new systemd macros, primarily to run (systemctl daemon-reload)
Resolves: #857382
2013-05-10 22:44:20 +00:00
* Fri May 10 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-4
- Make the JavaScript engine mandatory. The polkit-js-engine package has been
removed, main polkit package Provides:polkit-js-engine for compatibility.
- Add Requires: polkit-pkla-compat
Resolves: #908808
* Wed Feb 13 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-3
- Don't ship pk-example-frobnicate in the "live" configuration
Resolves: #878112
* Fri Feb 8 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-2
- Own %%{_docdir}/polkit-js-engine-*
Resolves: #907668
2013-01-09 20:11:15 +00:00
* Wed Jan 9 2013 David Zeuthen <davidz@redhat.com> - 0.110-1%{?dist}
- Update to upstream release 0.110
2013-01-08 00:43:29 +00:00
* Mon Jan 7 2013 Matthias Clasen <mclasen@redhat.com> - 0.109-2%{?dist}
- Build with pie and stuff
* Wed Dec 19 2012 David Zeuthen <davidz@redhat.com> 0.109-1%{?dist}
- Update to upstream release 0.109
- Drop upstreamed patches
* Thu Nov 15 2012 David Zeuthen <davidz@redhat.com> 0.108-3%{?dist}
- Attempt to open the correct libmozjs185 library, otherwise polkit
authz rules will not work unless js-devel is installed (fdo #57146)
* Wed Nov 14 2012 David Zeuthen <davidz@redhat.com> 0.108-2%{?dist}
- Include gmodule-2.0 to avoid build error
* Wed Nov 14 2012 David Zeuthen <davidz@redhat.com> 0.108-1%{?dist}
- Update to upstream release 0.108
- Drop upstreamed patches
- This release dynamically loads the JavaScript interpreter and can
cope with it not being available. In this case, polkit authorization
rules are not processed and the defaults for an action - as defined
in its .policy file - are used for authorization decisions.
- Add new meta-package, polkit-js-engine, that pulls in the required
JavaScript bits to make polkit authorization rules work. The default
install - not the minimal install - should include this package
* Wed Oct 10 2012 Adam Jackson <ajax@redhat.com> 0.107-4
- Don't crash if initializing the server object fails
* Tue Sep 18 2012 David Zeuthen <davidz@redhat.com> 0.107-3%{?dist}
- Authenticate as root if e.g. the wheel group is empty (#834494)
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.107-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
2013-05-15 20:55:51 +00:00
* Wed Jul 11 2012 David Zeuthen <davidz@redhat.com> 0.107-1%{?dist}
2012-07-11 17:38:33 +00:00
- Update to upstream release 0.107
* Fri Jun 29 2012 David Zeuthen <davidz@redhat.com> 0.106-2%{?dist}
- Add forgotten Requires(pre): shadow-utils
* Thu Jun 07 2012 David Zeuthen <davidz@redhat.com> 0.106-1%{?dist}
- Update to upstream release 0.106
- Authorizations are no longer controlled by .pkla files - from now
on, use the new .rules files described in the polkit(8) man page
* Tue Apr 24 2012 David Zeuthen <davidz@redhat.com> 0.105-1%{?dist}
- Update to upstream release 0.105
- Nuke patches that are now upstream
- Change 'PolicyKit' to 'polkit' in summary and descriptions
* Thu Mar 08 2012 David Zeuthen <davidz@redhat.com> 0.104-6%{?dist}
- Don't leak file descriptors (bgo #671486)
* Mon Feb 13 2012 Matthias Clasen <mclasen@redhat.com> - 0.104-5%{?dist}
- Make the -docs subpackage noarch
* Mon Feb 06 2012 David Zeuthen <davidz@redhat.com> 0.104-4%{?dist}
- Set error if we cannot obtain a PolkitUnixSession for a given PID (#787222)
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.104-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Jan 03 2012 David Zeuthen <davidz@redhat.com> 0.104-2%{?dist}
- Nuke the ConsoleKit run-time requirement
* Tue Jan 03 2012 David Zeuthen <davidz@redhat.com> 0.104-1%{?dist}
- Update to upstream release 0.104
- Force usage of systemd (instead of ConsoleKit) for session tracking
* Tue Dec 06 2011 David Zeuthen <davidz@redhat.com> 0.103-1%{?dist}
- Update to upstream release 0.103
- Drop upstreamed patch
- Drop Fedora-specific policy, it is now upstream (fdo #41008)
2011-10-27 00:18:49 +00:00
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.102-3
- Rebuilt for glibc bug#747377
* Tue Oct 18 2011 David Zeuthen <davidz@redhat.com> 0.102-2%{?dist}
- Add patch to neuter the annoying systemd behavior where stdout/stderr
is sent to the system logs
2013-05-15 20:55:51 +00:00
* Thu Aug 04 2011 David Zeuthen <davidz@redhat.com> 0.102-1
- Update to 0.102 release
* Fri May 13 2011 Bastien Nocera <bnocera@redhat.com> 0.101-7
- Allow setting the pretty hostname without a password for wheel,
change matches systemd in git
2011-05-02 15:16:38 +00:00
* Mon May 2 2011 Matthias Clasen <mclasen@redhat.com> - 0.101-6
- Update the action id of the datetime mechanism
2011-04-19 19:09:42 +00:00
* Tue Apr 19 2011 David Zeuthen <davidz@redhat.com> - 0.101-5
- CVE-2011-1485 (#697951)
* Tue Mar 22 2011 Kevin Kofler <Kevin@tigcc.ticalc.org> - 0.101-4
- Also allow org.kde.kcontrol.kcmclock.save without password for wheel
2011-03-17 14:52:48 +00:00
* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-3
- Fix typo in pkla file (thanks notting)
* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-2
- Nuke desktop_admin_r and desktop_user_r groups - just use the
wheel group instead (#688363)
- Update the set of configuration directives that gives users
in the wheel group extra privileges
2011-03-03 19:00:44 +00:00
* Thu Mar 03 2011 David Zeuthen <davidz@redhat.com> - 0.101-1
- New upstream version
2011-02-21 23:01:08 +00:00
* Mon Feb 21 2011 David Zeuthen <davidz@redhat.com> - 0.100-1
- New upstream version
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.98-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
2011-01-28 18:56:06 +00:00
* Fri Jan 28 2011 Matthias Clasen <mclasen@redhat.com> - 0.98-6
- Own /usr/libexec/polkit-1
2013-05-15 20:55:51 +00:00
* Fri Nov 12 2010 Matthias Clasen <mclasen@redhat.com> - 0.98-5
2010-11-13 04:02:06 +00:00
- Enable introspection
* Thu Sep 02 2010 David Zeuthen <davidz@redhat.com> - 0.98-4
- Fix #629515 in a way that doesn't require autoreconf
* Thu Sep 02 2010 David Zeuthen <davidz@redhat.com> - 0.98-2
- Include polkitagentenumtypes.h (#629515)
2010-08-23 23:19:35 +00:00
* Mon Aug 23 2010 Matthias Clasen <mclasen@redhat.com> - 0.98-1
- Update to upstream release 0.98
2010-08-23 23:19:35 +00:00
- Co-own /usr/share/gtk-doc (#604410)
2010-08-18 18:57:22 +00:00
* Wed Aug 18 2010 Matthias Clasen <mclasen@redhat.com> - 0.97-5
- Rebuid to work around bodhi limitations
2010-08-18 18:38:44 +00:00
* Wed Aug 18 2010 Matthias Clasen <mclasen@redhat.com> - 0.97-4
- Fix a ConsoleKit interaction bug
* Fri Aug 13 2010 David Zeuthen <davidz@redhat.com> - 0.97-3
- Add a patch to make pkcheck(1) work the way libvirtd uses it (#623257)
- Require GLib >= 2.25.12 instead of 2.25.11
- Ensure polkit-gnome packages earlier than 0.97 are not used with
these packages
* Mon Aug 09 2010 David Zeuthen <davidz@redhat.com> - 0.97-2
- Rebuild
* Mon Aug 09 2010 David Zeuthen <davidz@redhat.com> - 0.97-1
- Update to 0.97. This release contains a port from EggDBus to the
GDBus code available in recent GLib releases.
* Fri Jan 15 2010 David Zeuthen <davidz@redhat.com> - 0.96-1
- Update to 0.96
- Disable introspection support for the time being
* Fri Nov 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-2
- Rebuild
* Fri Nov 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-1
- Update to 0.95
- Drop upstreamed patches
* Tue Oct 20 2009 Matthias Clasen <mclasen@redhat.com> - 0.95-0.git20090913.3
- Fix a typo in pklocalauthority(8)
* Mon Sep 14 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913.2
- Refine how Obsolete: is used and also add Provides: (thanks Jesse
Keating and nim-nim)
* Mon Sep 14 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913.1
- Add bugfix for polkit_unix_process_new_full() (thanks Bastien Nocera)
- Obsolete old PolicyKit packages
* Sun Sep 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913
- Update to git snapshot
- Drop upstreamed patches
- Turn on GObject introspection
- Don't delete desktop_admin_r and desktop_user_r groups when
uninstalling polkit-desktop-policy
* Fri Sep 11 2009 David Zeuthen <davidz@redhat.com> - 0.94-4
- Add some patches from git master
- Sort pkaction(1) output
- Bug 23867 UnixProcess vs. SystemBusName aliasing
* Thu Aug 13 2009 David Zeuthen <davidz@redhat.com> - 0.94-3
- Add desktop_admin_r and desktop_user_r groups along with a first cut
of default authorizations for users in these groups.
* Wed Aug 12 2009 David Zeuthen <davidz@redhat.com> - 0.94-2
- Disable GObject Introspection for now as it breaks the build
2009-08-12 19:25:45 +00:00
* Wed Aug 12 2009 David Zeuthen <davidz@redhat.com> - 0.94-1
- Update to upstream release 0.94
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.93-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
2009-07-21 00:47:47 +00:00
* Mon Jul 20 2009 David Zeuthen <davidz@redhat.com> - 0.93-2
- Rebuild
2009-07-21 00:30:33 +00:00
* Mon Jul 20 2009 David Zeuthen <davidz@redhat.com> - 0.93-1
- Update to 0.93
* Tue Jun 09 2009 David Zeuthen <davidz@redhat.com> - 0.92-3
- Don't make docs noarch (I *heart* multilib)
- Change license to LGPLv2+
2009-06-08 20:42:58 +00:00
* Mon Jun 08 2009 David Zeuthen <davidz@redhat.com> - 0.92-2
- Rebuild
2009-06-08 20:42:27 +00:00
* Mon Jun 08 2009 David Zeuthen <davidz@redhat.com> - 0.92-1
- Update to 0.92 release
* Wed May 27 2009 David Zeuthen <davidz@redhat.com> - 0.92-0.git20090527
- Update to 0.92 snapshot
* Mon Feb 9 2009 David Zeuthen <davidz@redhat.com> - 0.91-1
- Initial spec file.