From 406ebfe9d7dc041b8540813531f3acd45f5f80ad Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Thu, 13 Aug 2009 17:56:44 +0000 Subject: [PATCH] - Add desktop_admin_r and desktop_user_r groups along with a first cut of default authorizations for users in these groups. --- polkit.spec | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 73 insertions(+), 1 deletion(-) diff --git a/polkit.spec b/polkit.spec index 34d95e7..ea37fa6 100644 --- a/polkit.spec +++ b/polkit.spec @@ -1,7 +1,7 @@ Summary: PolicyKit Authorization Framework Name: polkit Version: 0.94 -Release: 2%{?dist} +Release: 3%{?dist} License: LGPLv2+ URL: http://www.freedesktop.org/wiki/Software/PolicyKit Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz @@ -43,6 +43,17 @@ Requires: gtk-doc %description docs Development documentation for PolicyKit. +%package desktop-policy +Summary: Roles and default policy for desktop usage +Group: Development/Libraries +#Requires: %name = %{version}-%{release} +Requires(pre): /usr/sbin/groupadd +Requires(preun): /usr/sbin/groupdel +BuildArch: noarch + +%description desktop-policy +Roles and default policy for desktop usage. + %prep %setup -q @@ -59,6 +70,51 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/polkit-1/extensions/*.la %find_lang polkit-1 +### +### BEGIN DESKTOP POLICY CONFIGURATION ### +### + +cat > $RPM_BUILD_ROOT%{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf << EOF +# This allows users in the desktop_admin_r group to authenticate as +# the administrator. +# +# DO NOT EDIT THIS FILE, it will be overwritten on update. + +[Configuration] +AdminIdentities=unix-group:desktop_admin_r +EOF + +cat > $RPM_BUILD_ROOT%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla << EOF +# Authorizations/policy for the desktop_admin_r and desktop_user_r groups. +# +# DO NOT EDIT THIS FILE, it will be overwritten on update. + +# Allow "standard users" to do some things without being interrupted by +# password dialogs (TODO: not complete) +# +[Desktop User Permissions] +Identity=unix-group:desktop_user_r +Action=org.gnome.clockapplet.mechanism.settimezone +ResultAny=no +ResultInactive=no +ResultActive=yes + +# Allow "administrative users" to do a lot of things without being interrupted by +# password dialogs (TODO: not complete) +# +[Desktop Administrator Permissions] +Identity=unix-group:desktop_admin_r +Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.devicekit.disks.*;org.freedesktop.RealtimeKit1.* +ResultAny=no +ResultInactive=no +ResultActive=yes + +EOF + +### +### END DESKTOP POLICY CONFIGURATION +### + %clean rm -rf $RPM_BUILD_ROOT @@ -66,6 +122,18 @@ rm -rf $RPM_BUILD_ROOT %postun -p /sbin/ldconfig +%pre desktop-policy +/usr/sbin/groupadd -r desktop_admin_r 2> /dev/null || : +/usr/sbin/groupadd -r desktop_user_r 2> /dev/null || : + +%preun desktop-policy +/usr/sbin/groupdel desktop_admin_r 2> /dev/null || : +/usr/sbin/groupdel desktop_user_r 2> /dev/null || : + +%files desktop-policy +%{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf +%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla + %files -f polkit-1.lang %defattr(-,root,root,-) %doc COPYING @@ -114,6 +182,10 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/gtk-doc/html/* %changelog +* Thu Aug 13 2009 David Zeuthen - 0.94-3 +- Add desktop_admin_r and desktop_user_r groups along with a first cut + of default authorizations for users in these groups. + * Wed Aug 12 2009 David Zeuthen - 0.94-2 - Disable GObject Introspection for now as it breaks the build