commit deepin-daemon for openSUSE:Factory

Source-Sync Tue, 14 Sep 2021 12:14:41 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package deepin-daemon for openSUSE:Factory 
checked in at 2021-09-14 21:14:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/deepin-daemon (Old)
 and      /work/SRC/openSUSE:Factory/.deepin-daemon.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "deepin-daemon"

Tue Sep 14 21:14:22 2021 rev:5 rq:918798 version:5.13.36

Changes:
--------
--- /work/SRC/openSUSE:Factory/deepin-daemon/deepin-daemon.changes      
2021-08-29 21:34:15.150701424 +0200
+++ /work/SRC/openSUSE:Factory/.deepin-daemon.new.1899/deepin-daemon.changes    
2021-09-14 21:14:30.528412048 +0200
@@ -1,0 +2,7 @@
+Fri Sep  3 07:04:36 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s). Added patch(es):
+  * harden_deepin-accounts-daemon.service.patch
+  * harden_hwclock_stop.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_deepin-accounts-daemon.service.patch
  harden_hwclock_stop.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ deepin-daemon.spec ++++++
--- /var/tmp/diff_new_pack.UEf8rw/_old  2021-09-14 21:14:31.792413288 +0200
+++ /var/tmp/diff_new_pack.UEf8rw/_new  2021-09-14 21:14:31.796413292 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package deepin-daemon
 #
-# Copyright (c) 2021 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,9 +12,10 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
+
 %define   _name       dde-daemon
 %define   import_path pkg.deepin.io/dde/daemon
 
@@ -22,7 +23,8 @@
 Version:        5.13.36
 Release:        0
 Summary:        Daemon handling the DDE session settings
-License:        GPL-3.0+
+License:        GPL-3.0-or-later
+Group:          System/GUI/Other
 URL:            https://github.com/linuxdeepin/dde-daemon
 Source0:        
https://github.com/linuxdeepin/dde-daemon/archive/%{version}/%{_name}-%{version}.tar.gz
 Source1:        %{name}.sysusers
@@ -38,39 +40,40 @@
 # PATCH-FIX-OPENSUSE disable-gobuild-in-makefile.patch hillw...@opensuse.org
 # Use gobuild macro instead of makefile to build go binaries
 Patch2:         disable-gobuild-in-makefile.patch
-Group:          System/GUI/Other
+Patch3:         harden_deepin-accounts-daemon.service.patch
+Patch4:         harden_hwclock_stop.service.patch
 %if 0%{?suse_version} > 1500
 BuildRequires:  golang(API) = 1.15
 %endif
-BuildRequires:  golang-packaging
 BuildRequires:  deepin-gettext-tools
 BuildRequires:  fontpackages-devel
+BuildRequires:  golang-github-linuxdeepin-dde-api
+BuildRequires:  golang-github-linuxdeepin-go-dbus-factory
+BuildRequires:  golang-packaging
 BuildRequires:  pam-devel
 BuildRequires:  pkgconfig(alsa)
 BuildRequires:  pkgconfig(fontconfig)
-BuildRequires:  pkgconfig(gnome-keyring-1)
 BuildRequires:  pkgconfig(gdk-pixbuf-xlib-2.0)
-BuildRequires:  pkgconfig(gtk+-3.0)
 BuildRequires:  pkgconfig(gio-2.0)
+BuildRequires:  pkgconfig(gnome-keyring-1)
+BuildRequires:  pkgconfig(gtk+-3.0)
+BuildRequires:  pkgconfig(gudev-1.0)
 BuildRequires:  pkgconfig(libbamf3)
 BuildRequires:  pkgconfig(libcanberra)
+BuildRequires:  pkgconfig(libinput)
 BuildRequires:  pkgconfig(libnl-3.0)
 BuildRequires:  pkgconfig(libnl-genl-3.0)
 BuildRequires:  pkgconfig(libpulse)
+BuildRequires:  pkgconfig(librsvg-2.0)
 BuildRequires:  pkgconfig(libsystemd)
 BuildRequires:  pkgconfig(libudev)
-BuildRequires:  pkgconfig(gudev-1.0)
-BuildRequires:  pkgconfig(librsvg-2.0)
-BuildRequires:  pkgconfig(libinput)
 BuildRequires:  pkgconfig(poppler-glib)
 BuildRequires:  pkgconfig(x11)
-BuildRequires:  pkgconfig(xi)
-BuildRequires:  pkgconfig(xtst)
 BuildRequires:  pkgconfig(xcursor)
 BuildRequires:  pkgconfig(xfixes)
+BuildRequires:  pkgconfig(xi)
 BuildRequires:  pkgconfig(xkbfile)
-BuildRequires:  golang-github-linuxdeepin-go-dbus-factory
-BuildRequires:  golang-github-linuxdeepin-dde-api
+BuildRequires:  pkgconfig(xtst)
 %if 0%{?sle_version} == 150200
 BuildRequires:  golang-github-stretchr-testify
 %endif
@@ -86,9 +89,9 @@
 Requires:       iw
 Requires:       rfkill
 Requires:       upower
+Requires:       wallpaper-branding-openSUSE
 Requires:       xdotool
 Requires:       xvfb-run
-Requires:       wallpaper-branding-openSUSE
 %if %{suse_version} > 1500
 Requires:       libgdk_pixbuf_xlib-2_0-0
 %else
@@ -106,6 +109,7 @@
 
 %package polkit
 Summary:        Deepin daemon polkit profiles
+Group:          System/GUI/Other
 Requires:       %{name} = %{version}-%{release}
 BuildArch:      noarch
 AutoReqProv:    Off
@@ -117,6 +121,7 @@
 
 %package dbus
 Summary:        Deepin daemon DBus profiles
+Group:          System/GUI/Other
 Requires:       %{name} = %{version}-%{release}
 BuildArch:      noarch
 AutoReqProv:    Off
@@ -129,10 +134,9 @@
 %package -n golang-github-linuxdeepin-deepin-daemon
 Summary:        Deepin daemon golang codes
 Group:          Development/Languages/Golang
-Requires:       golang-github-linuxdeepin-go-dbus-factory
 Requires:       golang-github-linuxdeepin-dde-api
+Requires:       golang-github-linuxdeepin-go-dbus-factory
 BuildArch:      noarch
-AutoReqProv:    On
 AutoReq:        Off
 %{go_provides}
 

++++++ harden_deepin-accounts-daemon.service.patch ++++++
Index: dde-daemon-5.13.36/misc/systemd/services/deepin-accounts-daemon.service
===================================================================
--- dde-daemon-5.13.36.orig/misc/systemd/services/deepin-accounts-daemon.service
+++ dde-daemon-5.13.36/misc/systemd/services/deepin-accounts-daemon.service
@@ -8,6 +8,19 @@ After=nss-user-lookup.target lightdm.ser
 Wants=nss-user-lookup.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=dbus
 BusName=com.deepin.daemon.Accounts
 ExecStart=/usr/lib/deepin-daemon/dde-system-daemon
++++++ harden_hwclock_stop.service.patch ++++++
Index: dde-daemon-5.13.36/misc/systemd/services/hwclock_stop.service
===================================================================
--- dde-daemon-5.13.36.orig/misc/systemd/services/hwclock_stop.service
+++ dde-daemon-5.13.36/misc/systemd/services/hwclock_stop.service
@@ -3,6 +3,18 @@ Description=sync RTC from system time
 Before=shutdown.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=hwclock -s
 ExecStop=hwclock -w
 RemainAfterExit=yes

commit deepin-daemon for openSUSE:Factory

Reply via email to