Summary: PolicyKit Authorization Framework Name: polkit Version: 0.101 Release: 7%{?dist} License: LGPLv2+ URL: http://www.freedesktop.org/wiki/Software/PolicyKit Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz Group: System Environment/Libraries BuildRequires: glib2-devel >= 2.28.0 BuildRequires: expat-devel BuildRequires: pam-devel BuildRequires: gtk-doc BuildRequires: intltool BuildRequires: gobject-introspection-devel Patch1: 0001-PolkitUnixProcess-Clarify-that-the-real-uid-is-retur.patch Patch2: 0002-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch Patch3: 0003-Use-polkit_unix_process_get_uid-to-get-the-owner-of-.patch Patch4: 0004-pkexec-Avoid-TOCTTOU-problems-with-parent-process.patch Requires: ConsoleKit Requires: dbus Obsoletes: PolicyKit <= 0.10 Provides: PolicyKit = 0.11 # polkit saw some API/ABI changes from 0.96 to 0.97 so require a # sufficiently new polkit-gnome package Conflicts: polkit-gnome < 0.97 %description PolicyKit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. %package devel Summary: Development files for PolicyKit Group: Development/Libraries Requires: %name = %{version}-%{release} Requires: %name-docs = %{version}-%{release} Requires: glib2-devel Obsoletes: PolicyKit-devel <= 0.10 Provides: PolicyKit-devel = 0.11 %description devel Development files for PolicyKit. %package docs Summary: Development documentation for PolicyKit Group: Development/Libraries Requires: %name-devel = %{version}-%{release} Obsoletes: PolicyKit-docs <= 0.10 Provides: PolicyKit-docs = 0.11 %description docs Development documentation for PolicyKit. %package desktop-policy Summary: PolicyKit policy for desktop users Group: Development/Libraries #Requires: %name = %{version}-%{release} BuildArch: noarch %description desktop-policy This package contains configuration directives to make PolicyKit use members of the wheel group when administrator authentication is required. Additionally, the package also contain configuration directives to allow users in the wheel group to do certain actions without being interrupted by password dialogs %prep %setup -q %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %build %configure --enable-gtk-doc \ --disable-static \ --libexecdir=%{_libexecdir}/polkit-1 \ --enable-introspection \ --enable-examples make %install make install DESTDIR=$RPM_BUILD_ROOT # bug 629515 cp src/polkitagent/polkitagentenumtypes.h $RPM_BUILD_ROOT%{_includedir}/polkit-1/polkitagent rm -f $RPM_BUILD_ROOT%{_libdir}/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/polkit-1/extensions/*.la %find_lang polkit-1 ### ### BEGIN DESKTOP POLICY CONFIGURATION ### ### cat > $RPM_BUILD_ROOT%{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf << EOF # This allows users in the wheel group to authenticate as the # administrator. # # DO NOT EDIT THIS FILE, it will be overwritten on update. [Configuration] AdminIdentities=unix-group:wheel EOF cat > $RPM_BUILD_ROOT%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla << EOF # Authorizations/policy for the wheel group. # # DO NOT EDIT THIS FILE, it will be overwritten on update. # # Allow users in the wheel group to do certain actions without being # interrupted by password dialogs # [Wheel Group Permissions] Identity=unix-group:wheel Action=org.gnome.settingsdaemon.datetimemechanism.*;org.kde.kcontrol.kcmclock.save;org.freedesktop.RealtimeKit1.*;org.freedesktop.udisks.filesystem-mount-system-internal;org.freedesktop.hostname1.set-static-hostname ResultAny=auth_admin ResultInactive=auth_admin ResultActive=yes EOF ### ### END DESKTOP POLICY CONFIGURATION ### %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files desktop-policy %{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf %{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla %files -f polkit-1.lang %defattr(-,root,root,-) %doc COPYING %{_libdir}/lib*.so.* %dir %{_libdir}/polkit-1 %dir %{_libdir}/polkit-1/extensions %{_libdir}/polkit-1/extensions/*.so %{_datadir}/man/man1/* %{_datadir}/man/man8/* %{_datadir}/dbus-1/system-services/* %dir %{_datadir}/polkit-1/ %dir %{_datadir}/polkit-1/actions %{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy %{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf %{_sysconfdir}/pam.d/polkit-1 %{_sysconfdir}/polkit-1 %{_bindir}/pkaction %{_bindir}/pkcheck %dir %{_libexecdir}/polkit-1 %{_libexecdir}/polkit-1/polkitd %{_libdir}/girepository-1.0/*.typelib # see upstream docs for why these permissions are necessary %attr(4755,root,root) %{_bindir}/pkexec %attr(4755,root,root) %{_libexecdir}/polkit-1/polkit-agent-helper-1 %attr(0700,root,root) %dir %{_localstatedir}/lib/polkit-1/ %dir %{_localstatedir}/lib/polkit-1/localauthority %dir %{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d %dir %{_localstatedir}/lib/polkit-1/localauthority/20-org.d %dir %{_localstatedir}/lib/polkit-1/localauthority/30-site.d %dir %{_localstatedir}/lib/polkit-1/localauthority/50-local.d %dir %{_localstatedir}/lib/polkit-1/localauthority/90-mandatory.d %files devel %defattr(-,root,root,-) %{_libdir}/lib*.so %{_libdir}/pkgconfig/*.pc %{_datadir}/gir-1.0/*.gir %{_includedir}/* %{_bindir}/pk-example-frobnicate %{_datadir}/polkit-1/actions/org.freedesktop.policykit.examples.pkexec.policy %files docs %defattr(-,root,root,-) %{_datadir}/gtk-doc %changelog * Fri May 13 2011 Bastien Nocera 0.101-7 - Allow setting the pretty hostname without a password for wheel, change matches systemd in git * Mon May 2 2011 Matthias Clasen - 0.101-6 - Update the action id of the datetime mechanism * Tue Apr 19 2011 David Zeuthen - 0.101-5 - CVE-2011-1485 (#697951) * Tue Mar 22 2011 Kevin Kofler - 0.101-4 - Also allow org.kde.kcontrol.kcmclock.save without password for wheel * Thu Mar 17 2011 David Zeuthen - 0.101-3 - Fix typo in pkla file (thanks notting) * Thu Mar 17 2011 David Zeuthen - 0.101-2 - Nuke desktop_admin_r and desktop_user_r groups - just use the wheel group instead (#688363) - Update the set of configuration directives that gives users in the wheel group extra privileges * Thu Mar 03 2011 David Zeuthen - 0.101-1 - New upstream version * Mon Feb 21 2011 David Zeuthen - 0.100-1 - New upstream version * Wed Feb 09 2011 Fedora Release Engineering - 0.98-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Fri Jan 28 2011 Matthias Clasen - 0.98-6 - Own /usr/libexec/polkit-1 * Fri Nov 14 2010 Matthias Clasen - 0.98-5 - Enable introspection * Thu Sep 02 2010 David Zeuthen - 0.98-4 - Fix #629515 in a way that doesn't require autoreconf * Thu Sep 02 2010 David Zeuthen - 0.98-2 - Include polkitagentenumtypes.h (#629515) * Mon Aug 23 2010 Matthias Clasen - 0.98-1 - Update to upstream release 0.98 - Co-own /usr/share/gtk-doc (#604410) * Wed Aug 18 2010 Matthias Clasen - 0.97-5 - Rebuid to work around bodhi limitations * Wed Aug 18 2010 Matthias Clasen - 0.97-4 - Fix a ConsoleKit interaction bug * Fri Aug 13 2010 David Zeuthen - 0.97-3 - Add a patch to make pkcheck(1) work the way libvirtd uses it (#623257) - Require GLib >= 2.25.12 instead of 2.25.11 - Ensure polkit-gnome packages earlier than 0.97 are not used with these packages * Mon Aug 09 2010 David Zeuthen - 0.97-2 - Rebuild * Mon Aug 09 2010 David Zeuthen - 0.97-1 - Update to 0.97. This release contains a port from EggDBus to the GDBus code available in recent GLib releases. * Fri Jan 15 2010 David Zeuthen - 0.96-1 - Update to 0.96 - Disable introspection support for the time being * Fri Nov 13 2009 David Zeuthen - 0.95-2 - Rebuild * Fri Nov 13 2009 David Zeuthen - 0.95-1 - Update to 0.95 - Drop upstreamed patches * Tue Oct 20 2009 Matthias Clasen - 0.95-0.git20090913.3 - Fix a typo in pklocalauthority(8) * Mon Sep 14 2009 David Zeuthen - 0.95-0.git20090913.2 - Refine how Obsolete: is used and also add Provides: (thanks Jesse Keating and nim-nim) * Mon Sep 14 2009 David Zeuthen - 0.95-0.git20090913.1 - Add bugfix for polkit_unix_process_new_full() (thanks Bastien Nocera) - Obsolete old PolicyKit packages * Sun Sep 13 2009 David Zeuthen - 0.95-0.git20090913 - Update to git snapshot - Drop upstreamed patches - Turn on GObject introspection - Don't delete desktop_admin_r and desktop_user_r groups when uninstalling polkit-desktop-policy * Fri Sep 11 2009 David Zeuthen - 0.94-4 - Add some patches from git master - Sort pkaction(1) output - Bug 23867 – UnixProcess vs. SystemBusName aliasing * Thu Aug 13 2009 David Zeuthen - 0.94-3 - Add desktop_admin_r and desktop_user_r groups along with a first cut of default authorizations for users in these groups. * Wed Aug 12 2009 David Zeuthen - 0.94-2 - Disable GObject Introspection for now as it breaks the build * Wed Aug 12 2009 David Zeuthen - 0.94-1 - Update to upstream release 0.94 * Sun Jul 26 2009 Fedora Release Engineering - 0.93-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Mon Jul 20 2009 David Zeuthen - 0.93-2 - Rebuild * Mon Jul 20 2009 David Zeuthen - 0.93-1 - Update to 0.93 * Tue Jun 09 2009 David Zeuthen - 0.92-3 - Don't make docs noarch (I *heart* multilib) - Change license to LGPLv2+ * Mon Jun 08 2009 David Zeuthen - 0.92-2 - Rebuild * Mon Jun 08 2009 David Zeuthen - 0.92-1 - Update to 0.92 release * Wed May 27 2009 David Zeuthen - 0.92-0.git20090527 - Update to 0.92 snapshot * Mon Feb 9 2009 David Zeuthen - 0.91-1 - Initial spec file.