Nuke desktop_admin_r and desktop_user_r groups - just use the

wheel group instead (#688363)
Update the set of configuration directives that gives users
in the wheel group extra privileges

polkit.spec

@@ -1,7 +1,7 @@
 Summary: PolicyKit Authorization Framework
 Name: polkit
 Version: 0.101
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: LGPLv2+
 URL: http://www.freedesktop.org/wiki/Software/PolicyKit
 Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz
@@ -51,15 +51,17 @@ Provides: PolicyKit-docs = 0.11
 Development documentation for PolicyKit.
 
 %package desktop-policy
-Summary: Roles and default policy for desktop usage
+Summary: PolicyKit policy for desktop users
 Group: Development/Libraries
 #Requires: %name = %{version}-%{release}
-Requires(pre): /usr/sbin/groupadd
-Requires(preun): /usr/sbin/groupdel
 BuildArch: noarch
 
 %description desktop-policy
-Roles and default policy for desktop usage.
+This package contains configuration directives to make PolicyKit use
+members of the wheel group when administrator authentication is
+required. Additionally, the package also contain configuration
+directives to allow users in the wheel group to do certain actions
+without being interrupted by password dialogs
 
 %prep
 %setup -q
@@ -88,40 +90,29 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/polkit-1/extensions/*.la
 ###
 
 cat > $RPM_BUILD_ROOT%{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf << EOF
-# This allows users in the desktop_admin_r group to authenticate as
-# the administrator.
+# This allows users in the wheel group to authenticate as the
+# administrator.
 #
 # DO NOT EDIT THIS FILE, it will be overwritten on update.
 
 [Configuration]
-AdminIdentities=unix-group:desktop_admin_r
+AdminIdentities=unix-group:wheel
 EOF
 
 cat > $RPM_BUILD_ROOT%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla << EOF
-# Authorizations/policy for the desktop_admin_r and desktop_user_r groups.
+# Authorizations/policy for the wheel group.
 #
 # DO NOT EDIT THIS FILE, it will be overwritten on update.
-
-# Allow "standard users" to do some things without being interrupted by
-# password dialogs (TODO: not complete)
 #
-[Desktop User Permissions]
+# Allow users in the wheel group to do certain actions without being
+# interrupted by password dialogs
+#
+[Wheel Group Permissions]
 Identity=unix-group:desktop_user_r
-Action=org.gnome.clockapplet.mechanism.settimezone
-ResultAny=no
-ResultInactive=no
+Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.RealtimeKit1.*;org.freedesktop.udisks.filesystem-mount-system-internal
+ResultAny=auth_admin
+ResultInactive=auth_admin
 ResultActive=yes
-
-# Allow "administrative users" to do a lot of things without being interrupted by
-# password dialogs (TODO: not complete)
-#
-[Desktop Administrator Permissions]
-Identity=unix-group:desktop_admin_r
-Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.udisks.*;org.freedesktop.RealtimeKit1.*
-ResultAny=no
-ResultInactive=no
-ResultActive=yes
-
 EOF
 
 ###
@@ -132,10 +123,6 @@ EOF
 
 %postun -p /sbin/ldconfig
 
-%pre desktop-policy
-/usr/sbin/groupadd -r desktop_admin_r 2> /dev/null || :
-/usr/sbin/groupadd -r desktop_user_r 2> /dev/null || :
-
 %files desktop-policy
 %{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf
 %{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla
@@ -188,6 +175,12 @@ EOF
 %{_datadir}/gtk-doc
 
 %changelog
+* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-2
+- Nuke desktop_admin_r and desktop_user_r groups - just use the
+  wheel group instead (#688363)
+- Update the set of configuration directives that gives users
+  in the wheel group extra privileges
+
 * Thu Mar 03 2011 David Zeuthen <davidz@redhat.com> - 0.101-1
 - New upstream version