From cae1f59f7459a136cf52ae3a868b8733ef8c0e80 Mon Sep 17 00:00:00 2001 From: Colin Guthrie Date: Sat, 12 Oct 2013 15:20:51 +0100 Subject: Use polkit for authorisation (mga#11125) --- Makefile | 22 ++++++-------------- NEWS | 1 + console.apps_urpmi.update | 2 -- pam.d_urpmi.update | 5 ----- pam.mgaonline | 6 ------ po/Makefile | 15 +++++++++----- po/POTFILES.in | 6 ------ polkit/Makefile | 24 ++++++++++++++++++++++ polkit/org.mageia.mgaapplet-config.policy.in | 22 ++++++++++++++++++++ .../org.mageia.mgaapplet-upgrade-helper.policy.in | 22 ++++++++++++++++++++ polkit/org.mageia.mgaupdate.policy.in | 22 ++++++++++++++++++++ 11 files changed, 107 insertions(+), 40 deletions(-) delete mode 100644 console.apps_urpmi.update delete mode 100644 pam.d_urpmi.update delete mode 100644 pam.mgaonline delete mode 100644 po/POTFILES.in create mode 100644 polkit/Makefile create mode 100644 polkit/org.mageia.mgaapplet-config.policy.in create mode 100644 polkit/org.mageia.mgaapplet-upgrade-helper.policy.in create mode 100644 polkit/org.mageia.mgaupdate.policy.in diff --git a/Makefile b/Makefile index 001563be..77c72c4d 100644 --- a/Makefile +++ b/Makefile @@ -1,17 +1,16 @@ PACKAGE = mgaonline VERSION:=2.81 -SVNROOT = svn+ssh://svn.mageia.org/svn/soft/$(PACKAGE) NAME = mgaonline MGAUPDATE = mgaupdate MGAAPPLET = mgaapplet -SUBDIRS = po +SUBDIRS = po polkit PREFIX = / DATADIR = $(PREFIX)/usr/share ICONSDIR = $(DATADIR)/icons PIXDIR = $(DATADIR)/$(NAME) -SBINDIR = $(PREFIX)/usr/sbin +LIBEXECDIR = $(PREFIX)/usr/libexec BINDIR = $(PREFIX)/usr/bin FBLIBDIR = $(PREFIX)/usr/lib/libDrakX/drakfirsttime SYSCONFDIR = $(PREFIX)/etc/sysconfig @@ -23,17 +22,17 @@ override CFLAGS += -DPACKAGE=\"$(NAME)\" -DLOCALEDIR=\"$(localedir)\" all: (find -name .svn -prune -name '*.pm' -o -name mgaapplet\* -o -name mgaupdate -o -name mgaonline_agent.pl -type f) | xargs perl -pi -e 's/\s*use\s+(diagnostics|vars|strict).*//g' - for d in $(SUBDIRS); do ( cd $$d ; make $@ ) ; done + for d in $(SUBDIRS); do ( make -C $$d $@ ) ; done clean: $(MAKE) -C po $@ rm -f core .#*[0-9] - for d in $(SUBDIRS); do ( cd $$d ; make $@ ) ; done + for d in $(SUBDIRS); do ( make -C $$d $@ ) ; done find . -name '*~' | xargs rm -f install: all - install -d $(PREFIX)/usr/{sbin,bin,share/{mime/packages,$(NAME)/pixmaps,autostart,gnome/autostart,icons/{mini,large}},lib/libDrakX/drakfirsttime} - install -m755 $(MGAUPDATE) $(SBINDIR) + install -d $(PREFIX)/usr/{bin,libexec,share/{mime/packages,$(NAME)/pixmaps,autostart,gnome/autostart,icons/{mini,large}},lib/libDrakX/drakfirsttime} + install -m755 $(MGAUPDATE) $(MGAAPPLET)-config $(MGAAPPLET)-upgrade-helper $(LIBEXECDIR) install -m755 $(MGAAPPLET) $(BINDIR) install -d $(SYSCONFDIR) install -m644 mgaapplet.conf $(SYSCONFDIR)/mgaapplet @@ -50,15 +49,6 @@ install: all install -m644 mgaonline.xml $(DATADIR)/mime/packages/mgaonline.xml mkdir -p $(DATADIR)/mimelnk/application/ install -m644 x-mga-exec.desktop $(DATADIR)/mimelnk/application/ - mkdir -p $(PREFIX)/etc/security/console.apps/ - install -m644 console.apps_urpmi.update $(PREFIX)/etc/security/console.apps/urpmi.update - mkdir -p $(PREFIX)/etc/pam.d - install -m644 pam.d_urpmi.update $(PREFIX)/etc/pam.d/urpmi.update - ln -sf consolehelper $(PREFIX)/usr/bin/urpmi.update - for i in mgaapplet-config mgaapplet-upgrade-helper; do \ - install -m755 $$i $(SBINDIR); \ - ln -sf consolehelper $(PREFIX)/usr/bin/$$i; \ - done cleandist: rm -rf $(PACKAGE)-$(VERSION) ../$(PACKAGE)-$(VERSION).tar.bz2 diff --git a/NEWS b/NEWS index e9226fa3..833a0cbe 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,4 @@ +- use polkit for authorisation (mga#11125) - do not handle priority upgrades specially. This is now fixed in urpmi itself - do not pass invalid --nocheck option to urpmi.update diff --git a/console.apps_urpmi.update b/console.apps_urpmi.update deleted file mode 100644 index a907d513..00000000 --- a/console.apps_urpmi.update +++ /dev/null @@ -1,2 +0,0 @@ -FALLBACK=false -SESSION=true diff --git a/pam.d_urpmi.update b/pam.d_urpmi.update deleted file mode 100644 index f2b63f5a..00000000 --- a/pam.d_urpmi.update +++ /dev/null @@ -1,5 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -auth required pam_console.so -account required pam_permit.so -session optional pam_xauth.so diff --git a/pam.mgaonline b/pam.mgaonline deleted file mode 100644 index bc9a8d61..00000000 --- a/pam.mgaonline +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth sufficient /lib/security/pam_rootok.so -auth required /lib/security/pam_stack.so service=system-auth -account required /lib/security/pam_permit.so -session optional /lib/security/pam_xauth.so - diff --git a/po/Makefile b/po/Makefile index 0db50a50..243f5497 100644 --- a/po/Makefile +++ b/po/Makefile @@ -3,10 +3,9 @@ localedir = $(PREFIX)/usr/share/locale PGOAL = mgaonline -PL_FILES = $(shell cat POTFILES.in | sed 's,^,../,' ) +PL_FILES = ../mga*.pm ../mgaupdate ../mgaapplet ../mgaapplet-config POFILES = $(shell ls *.po) -PL_CFILES = $(PL_FILES:%=%_.c) POFILES = $(shell ls *.po) MOFILES = $(POFILES:%.po=%.mo) LANGS = $(POFILES:%.po=%) @@ -22,13 +21,19 @@ install: all done clean: - rm -f *~ *.[oas] *.mo TAGS $(PL_CFILES) + rm -f *~ *.[oas] *.mo TAGS POTFILES.in %.mo: %.po msgfmt -o $@ $< -$(PGOAL).pot: $(PL_FILES) $(CFILES) - perl_checker -q --generate-pot $(PGOAL).pot $(PL_FILES) +$(PGOAL).pot: $(PL_FILES) POTFILES.in + intltool-update --gettext-package non-perl --pot + perl_checker -q --generate-pot .$@ $(PL_FILES) + msgcat -w 2048 --use-first .$@ non-perl.pot > $@ + rm -f non-perl.pot ..$@ .$@ + +POTFILES.in: + (cd .. ; /bin/ls -1 polkit/*.policy.in; ) > POTFILES.in update_n_merge: $(PGOAL).pot merge diff --git a/po/POTFILES.in b/po/POTFILES.in deleted file mode 100644 index 72e4262d..00000000 --- a/po/POTFILES.in +++ /dev/null @@ -1,6 +0,0 @@ -mgaupdate -mgaapplet-config -mgaapplet -mgaapplet_gui.pm -mgaapplet_urpm.pm -mgaonline.pm diff --git a/polkit/Makefile b/polkit/Makefile new file mode 100644 index 00000000..a8b5a51d --- /dev/null +++ b/polkit/Makefile @@ -0,0 +1,24 @@ +BINDIR = /usr/bin +LIBEXECDIR = /usr/libexec +BINDEST = $(PREFIX)$(BINDIR) +POLKITPOLICYDEST = $(PREFIX)/usr/share/polkit-1/actions + +POLICY_IN := $(wildcard *.policy.in) +POLICY = $(POLICY_IN:.policy.in=.policy) +WRAPPERS = $(patsubst org.mageia.%.policy,%,$(POLICY)) + +all: $(WRAPPERS) $(POLICY) + +clean: + rm -f $(WRAPPERS) $(POLICY) + +%: org.mageia.%.policy.in + @echo -e "#!/bin/sh\nexec $(BINDIR)/pkexec $(LIBEXECDIR)/$@ $$""*" > $@ + +%.policy: %.policy.in + intltool-merge --utf8 ../po $< $@ -x -u -c ../po/.intltool-merge-cache + +install: all + install -d $(BINDEST) $(POLKITPOLICYDEST) + install -m755 $(WRAPPERS) $(BINDEST) + install -m644 $(POLICY) $(POLKITPOLICYDEST) diff --git a/polkit/org.mageia.mgaapplet-config.policy.in b/polkit/org.mageia.mgaapplet-config.policy.in new file mode 100644 index 00000000..750d00c3 --- /dev/null +++ b/polkit/org.mageia.mgaapplet-config.policy.in @@ -0,0 +1,22 @@ + + + + + Mageia + http://www.mageia.org/ + + + <_description>Run Mageia Update Applet Configuration + <_message>Authentication is required to run Mageia Update Applet Configuration + drakconf + + no + no + auth_admin_keep + + /usr/libexec/mgaapplet-config + true + + diff --git a/polkit/org.mageia.mgaapplet-upgrade-helper.policy.in b/polkit/org.mageia.mgaapplet-upgrade-helper.policy.in new file mode 100644 index 00000000..2729e154 --- /dev/null +++ b/polkit/org.mageia.mgaapplet-upgrade-helper.policy.in @@ -0,0 +1,22 @@ + + + + + Mageia + http://www.mageia.org/ + + + <_description>Run Mageia Upgrade Helper + <_message>Authentication is required to run Mageia Upgrade Helper + drakconf + + no + no + auth_admin_keep + + /usr/libexec/mgaapplet-upgrade-helper + true + + diff --git a/polkit/org.mageia.mgaupdate.policy.in b/polkit/org.mageia.mgaupdate.policy.in new file mode 100644 index 00000000..1994a378 --- /dev/null +++ b/polkit/org.mageia.mgaupdate.policy.in @@ -0,0 +1,22 @@ + + + + + Mageia + http://www.mageia.org/ + + + <_description>Run Mageia Updater + <_message>Authentication is required to run Mageia Updater + drakconf + + no + no + auth_admin_keep + + /usr/libexec/mgaupdate + true + + -- cgit v1.2.1