Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package polkit-default-privs for
openSUSE:Factory checked in at 2025-02-25 16:40:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/polkit-default-privs (Old)
and /work/SRC/openSUSE:Factory/.polkit-default-privs.new.1873 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polkit-default-privs"
Tue Feb 25 16:40:53 2025 rev:250 rq:1248373 version:1550+20250225.49f846d
Changes:
--------
---
/work/SRC/openSUSE:Factory/polkit-default-privs/polkit-default-privs.changes
2025-02-19 15:58:21.067578706 +0100
+++
/work/SRC/openSUSE:Factory/.polkit-default-privs.new.1873/polkit-default-privs.changes
2025-02-25 16:41:40.196076370 +0100
@@ -1,0 +2,12 @@
+Tue Feb 25 12:57:38 UTC 2025 - matthias.gerst...@suse.com
+
+- Update to version 1550+20250225.49f846d:
+ * profiles: whitelist kio-admin (bsc#1229913)
+
+-------------------------------------------------------------------
+Mon Feb 24 13:23:15 UTC 2025 - filippo.bona...@suse.com
+
+- Update to version 1550+20250224.8d1bf49:
+ * profiles: whitelist apparmor-utils (bsc#1237329)
+
+-------------------------------------------------------------------
Old:
----
polkit-default-privs-1550+20250217.25d4aef.tar.xz
New:
----
polkit-default-privs-1550+20250225.49f846d.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ polkit-default-privs.spec ++++++
--- /var/tmp/diff_new_pack.I2XI0j/_old 2025-02-25 16:41:40.904105951 +0100
+++ /var/tmp/diff_new_pack.I2XI0j/_new 2025-02-25 16:41:40.908106118 +0100
@@ -23,7 +23,7 @@
%endif
Name: polkit-default-privs
-Version: 1550+20250217.25d4aef
+Version: 1550+20250225.49f846d
Release: 0
Summary: SUSE PolicyKit default permissions
License: GPL-2.0-or-later
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.I2XI0j/_old 2025-02-25 16:41:40.948107789 +0100
+++ /var/tmp/diff_new_pack.I2XI0j/_new 2025-02-25 16:41:40.952107956 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/openSUSE/polkit-default-privs.git</param>
- <param
name="changesrevision">2bef7fc9d45d148956bb54f09939d8ff7fe2e2dc</param></service></servicedata>
+ <param
name="changesrevision">793ef8e0133eb7732844eee0c2524e36192257cf</param></service></servicedata>
(No newline at EOF)
++++++ polkit-default-privs-1550+20250217.25d4aef.tar.xz ->
polkit-default-privs-1550+20250225.49f846d.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/polkit-default-privs-1550+20250217.25d4aef/profiles/easy
new/polkit-default-privs-1550+20250225.49f846d/profiles/easy
--- old/polkit-default-privs-1550+20250217.25d4aef/profiles/easy
2025-02-17 15:30:46.000000000 +0100
+++ new/polkit-default-privs-1550+20250225.49f846d/profiles/easy
2025-02-25 13:41:37.000000000 +0100
@@ -198,6 +198,8 @@
org.kde.drkonqi.saveCoreToFile
no:no:auth_admin_keep
# kdeplasma-addons-kameleon (bsc#1226306)
org.kde.kameleonhelper.writecolor no:yes:yes
+# privileged file operations in KDE used e.g. in Dolphin (bsc#1229913)
+org.kde.kio.admin.commands
no:no:auth_admin_keep
# systemd (bsc#641924)
org.freedesktop.hostname1.set-hostname auth_admin
@@ -856,3 +858,7 @@
org.freedesktop.sysupdate1.update-to-version
auth_admin:auth_admin:auth_admin_keep
org.freedesktop.sysupdate1.vacuum auth_admin:auth_admin:auth_admin_keep
org.freedesktop.sysupdate1.manage-features
auth_admin:auth_admin:auth_admin_keep
+
+# apparmor-utils: helper to whitelist violations found in the audit.log
(bsc#1237329)
+net.apparmor.pkexec.aa-notify.modify_profile auth_admin:auth_admin:auth_admin
+net.apparmor.pkexec.aa-notify.create_userns auth_admin:auth_admin:auth_admin
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/polkit-default-privs-1550+20250217.25d4aef/profiles/restrictive
new/polkit-default-privs-1550+20250225.49f846d/profiles/restrictive
--- old/polkit-default-privs-1550+20250217.25d4aef/profiles/restrictive
2025-02-17 15:30:46.000000000 +0100
+++ new/polkit-default-privs-1550+20250225.49f846d/profiles/restrictive
2025-02-25 13:41:37.000000000 +0100
@@ -199,6 +199,8 @@
org.kde.drkonqi.saveCoreToFile
no:no:auth_admin
# kdeplasma-addons-kameleon (bsc#1226306)
org.kde.kameleonhelper.writecolor no:no:yes
+# privileged file operations in KDE used e.g. in Dolphin (bsc#1229913)
+org.kde.kio.admin.commands
no:no:auth_admin_keep
# systemd (bsc#641924)
org.freedesktop.hostname1.set-hostname auth_admin
@@ -857,3 +859,7 @@
org.freedesktop.sysupdate1.update-to-version
auth_admin:auth_admin:auth_admin_keep
org.freedesktop.sysupdate1.vacuum auth_admin:auth_admin:auth_admin_keep
org.freedesktop.sysupdate1.manage-features
auth_admin:auth_admin:auth_admin_keep
+
+# apparmor-utils: helper to whitelist violations found in the audit.log
(bsc#1237329)
+net.apparmor.pkexec.aa-notify.modify_profile auth_admin:auth_admin:auth_admin
+net.apparmor.pkexec.aa-notify.create_userns auth_admin:auth_admin:auth_admin
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/polkit-default-privs-1550+20250217.25d4aef/profiles/standard
new/polkit-default-privs-1550+20250225.49f846d/profiles/standard
--- old/polkit-default-privs-1550+20250217.25d4aef/profiles/standard
2025-02-17 15:30:46.000000000 +0100
+++ new/polkit-default-privs-1550+20250225.49f846d/profiles/standard
2025-02-25 13:41:37.000000000 +0100
@@ -199,6 +199,8 @@
org.kde.drkonqi.saveCoreToFile
no:no:auth_admin
# kdeplasma-addons-kameleon (bsc#1226306)
org.kde.kameleonhelper.writecolor no:yes:yes
+# privileged file operations in KDE used e.g. in Dolphin (bsc#1229913)
+org.kde.kio.admin.commands
no:no:auth_admin_keep
# systemd (bsc#641924)
org.freedesktop.hostname1.set-hostname auth_admin
@@ -857,3 +859,7 @@
org.freedesktop.sysupdate1.update-to-version
auth_admin:auth_admin:auth_admin_keep
org.freedesktop.sysupdate1.vacuum auth_admin:auth_admin:auth_admin_keep
org.freedesktop.sysupdate1.manage-features
auth_admin:auth_admin:auth_admin_keep
+
+# apparmor-utils: helper to whitelist violations found in the audit.log
(bsc#1237329)
+net.apparmor.pkexec.aa-notify.modify_profile auth_admin:auth_admin:auth_admin
+net.apparmor.pkexec.aa-notify.create_userns auth_admin:auth_admin:auth_admin
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/polkit-default-privs-1550+20250217.25d4aef/tools/add_polkit_action.py
new/polkit-default-privs-1550+20250225.49f846d/tools/add_polkit_action.py
--- old/polkit-default-privs-1550+20250217.25d4aef/tools/add_polkit_action.py
2025-02-17 15:30:46.000000000 +0100
+++ new/polkit-default-privs-1550+20250225.49f846d/tools/add_polkit_action.py
2025-02-25 13:41:37.000000000 +0100
@@ -28,20 +28,20 @@
def __init__(self):
- self.m_parser = argparse.ArgumentParser(
+ self.parser = argparse.ArgumentParser(
description="Adds a new action with associated authentication
settings to the polkit profiles managed by polkit-default-privs",
formatter_class=argparse.RawTextHelpFormatter,
epilog=epilog
)
- self.m_parser.add_argument(
+ self.parser.add_argument(
"--new-group",
metavar="bsc#<bug>:<comment>",
type=self.parseGroupArg,
help="Introduces a new group block of related polkit actions.
Requires a bug reference and comment string"
)
- self.m_parser.add_argument(
+ self.parser.add_argument(
"--action",
help="the canonical action name to add like
'in.teejeetech.pkexec.timeshift'",
required=True,
@@ -50,14 +50,22 @@
for profile in PROFILES:
- self.m_parser.add_argument(
+ self.parser.add_argument(
"--" + profile,
metavar=':'.join(self.AUTH_CATEGORIES),
type=self.parseAuthTuple,
help="Specifies the settings for the --action in this profile.
If all three fields are equal you may also specify only a single field without
colons.",
- required=True
+ default=None
)
+ self.parser.add_argument(
+ "--all",
+ metavar=':'.join(self.AUTH_CATEGORIES),
+ type=self.parseAuthTuple,
+ help="Use these settings for all profiles (conflicts with --easy,
--standard, --restrictive)",
+ default=None
+ )
+
def parseAuthTuple(self, s):
s = s.lower()
if s in self.AUTH_TYPES:
@@ -127,9 +135,16 @@
def run(self):
- self.m_args = self.m_parser.parse_args()
+ self.args = self.parser.parse_args()
+
+ if not self.checkArgs():
+ sys.exit(1)
+
+ if self.args.all:
+ self.args.easy = self.args.standard = self.args.restrictive =
self.args.all
+
# tuple of auth types matching the profiles
- self.m_auth_types = tuple(getattr(self.m_args, profile) for profile in
PROFILES)
+ self.auth_types = tuple(getattr(self.args, profile) for profile in
PROFILES)
if not self.sanityCheck():
printerr("Not adding new action since sanity check(s) failed")
@@ -137,6 +152,25 @@
self.addAction()
+ def checkArgs(self):
+ """Verify logical consistency of command line arguments."""
+ num_profiles = 0
+ for prof in (self.args.easy, self.args.standard,
self.args.restrictive):
+ if prof is not None:
+ num_profiles += 1
+
+ if num_profiles == 0 and not self.args.all:
+ printerr("Need to specify --all _or_ all off --easy, --standard
and --restrictive")
+ return False
+ elif num_profiles > 0 and self.args.all:
+ printerr("Cannot specify --all _and_ any of --easy, --standard or
--restrictive")
+ return False
+ elif num_profiles > 0 and num_profiles < 3:
+ printerr("Need to specify _all_ of --easy, --standard and
--restrictive")
+ return False
+
+ return True
+
def sanityCheck(self):
"""Perform a couple of sanity checks for the newly added actions. This
is somewhat redundant to the linter in the security-tools repository
@@ -164,7 +198,7 @@
return ret
def checkDuplicate(self, entry):
- if entry.action == self.m_args.action:
+ if entry.action == self.args.action:
printerr("ERROR: action to be added already exists in
{}:{}".format(
entry.path, entry.linenr
))
@@ -179,7 +213,7 @@
ret = True
strongest = [self.AUTH_TYPES[0]] * 3
- for profile, auth_types in zip(PROFILES, self.m_auth_types):
+ for profile, auth_types in zip(PROFILES, self.auth_types):
for nr, old, new in zip(range(len(strongest)), strongest,
auth_types):
if self.AUTH_TYPES.index(old) > self.AUTH_TYPES.index(new):
@@ -200,10 +234,10 @@
import subprocess
import shutil
- if not self.m_args.new_group:
+ if not self.args.new_group:
return True
- bug = self.m_args.new_group[0]
+ bug = self.args.new_group[0]
nr = bug[1]
insect = shutil.which("insect")
@@ -229,21 +263,21 @@
def addAction(self):
- for profile, auth_settings in zip(PROFILES, self.m_auth_types):
+ for profile, auth_settings in zip(PROFILES, self.auth_types):
path = getProfilePath(profile)
with open(path, 'a') as fd:
- if self.m_args.new_group:
- bug, comment = self.m_args.new_group
+ if self.args.new_group:
+ bug, comment = self.args.new_group
fd.write("\n")
fd.write("# {} ({}#{})\n".format(
comment, *bug
))
fd.write("{} {}\n".format(
- self.m_args.action,
+ self.args.action,
':'.join(auth_settings)
))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/polkit-default-privs-1550+20250217.25d4aef/tools/run_flake8
new/polkit-default-privs-1550+20250225.49f846d/tools/run_flake8
--- old/polkit-default-privs-1550+20250217.25d4aef/tools/run_flake8
1970-01-01 01:00:00.000000000 +0100
+++ new/polkit-default-privs-1550+20250225.49f846d/tools/run_flake8
2025-02-25 13:41:37.000000000 +0100
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+flake8 --max-line-length=120 --ignore=E265,E266,E501,E402 tools/*.py
