diff --git a/polkit.spec b/polkit.spec index bbf07b8..6e6fed3 100644 --- a/polkit.spec +++ b/polkit.spec @@ -1,7 +1,7 @@ Summary: PolicyKit Authorization Framework Name: polkit Version: 0.101 -Release: 1%{?dist} +Release: 2%{?dist} License: LGPLv2+ URL: http://www.freedesktop.org/wiki/Software/PolicyKit Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz @@ -51,15 +51,17 @@ Provides: PolicyKit-docs = 0.11 Development documentation for PolicyKit. %package desktop-policy -Summary: Roles and default policy for desktop usage +Summary: PolicyKit policy for desktop users Group: Development/Libraries #Requires: %name = %{version}-%{release} -Requires(pre): /usr/sbin/groupadd -Requires(preun): /usr/sbin/groupdel BuildArch: noarch %description desktop-policy -Roles and default policy for desktop usage. +This package contains configuration directives to make PolicyKit use +members of the wheel group when administrator authentication is +required. Additionally, the package also contain configuration +directives to allow users in the wheel group to do certain actions +without being interrupted by password dialogs %prep %setup -q @@ -88,40 +90,29 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/polkit-1/extensions/*.la ### cat > $RPM_BUILD_ROOT%{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf << EOF -# This allows users in the desktop_admin_r group to authenticate as -# the administrator. +# This allows users in the wheel group to authenticate as the +# administrator. # # DO NOT EDIT THIS FILE, it will be overwritten on update. [Configuration] -AdminIdentities=unix-group:desktop_admin_r +AdminIdentities=unix-group:wheel EOF cat > $RPM_BUILD_ROOT%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla << EOF -# Authorizations/policy for the desktop_admin_r and desktop_user_r groups. +# Authorizations/policy for the wheel group. # # DO NOT EDIT THIS FILE, it will be overwritten on update. - -# Allow "standard users" to do some things without being interrupted by -# password dialogs (TODO: not complete) # -[Desktop User Permissions] +# Allow users in the wheel group to do certain actions without being +# interrupted by password dialogs +# +[Wheel Group Permissions] Identity=unix-group:desktop_user_r -Action=org.gnome.clockapplet.mechanism.settimezone -ResultAny=no -ResultInactive=no +Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.RealtimeKit1.*;org.freedesktop.udisks.filesystem-mount-system-internal +ResultAny=auth_admin +ResultInactive=auth_admin ResultActive=yes - -# Allow "administrative users" to do a lot of things without being interrupted by -# password dialogs (TODO: not complete) -# -[Desktop Administrator Permissions] -Identity=unix-group:desktop_admin_r -Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.udisks.*;org.freedesktop.RealtimeKit1.* -ResultAny=no -ResultInactive=no -ResultActive=yes - EOF ### @@ -132,10 +123,6 @@ EOF %postun -p /sbin/ldconfig -%pre desktop-policy -/usr/sbin/groupadd -r desktop_admin_r 2> /dev/null || : -/usr/sbin/groupadd -r desktop_user_r 2> /dev/null || : - %files desktop-policy %{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf %{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla @@ -188,6 +175,12 @@ EOF %{_datadir}/gtk-doc %changelog +* Thu Mar 17 2011 David Zeuthen - 0.101-2 +- Nuke desktop_admin_r and desktop_user_r groups - just use the + wheel group instead (#688363) +- Update the set of configuration directives that gives users + in the wheel group extra privileges + * Thu Mar 03 2011 David Zeuthen - 0.101-1 - New upstream version