Bug#825766: marked as done (flatpak: Allow passwordless app-install and runtime-install for sudoers in polkit 0.105)

[Debian Bug Tracking System]

Your message dated Sun, 05 Jun 2016 16:35:38 +0000
with message-id <e1b9b1w-0000qh...@franck.debian.org>
and subject line Bug#825766: fixed in flatpak 0.6.4-1
has caused the Debian Bug report #825766,
regarding flatpak: Allow passwordless app-install and runtime-install for 
sudoers in polkit 0.105
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
825766: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825766
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: flatpak
Version: 0.6.2-1
Severity: normal

Flatpak installs /usr/share/polkit-1/rules.d/org.freedesktop.Flatpak.rules
as follows:

polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.Flatpak.app-install" ||
         action.id == "org.freedesktop.Flatpak.runtime-install") &&
        subject.active == true && subject.local == true &&
        subject.isInGroup("sudo")) {
            return polkit.Result.YES;
    }
});

... in other words, sudoers who are logged in to an active session may
install apps and runtimes system-wide without authenticating. (The
justification is that they would already have had to authenticate when
they added the repository and its associated GPG key, which is the point
at which the trust decision was made.)

This only works with policykit-1/experimental. Since it doesn't seem
likely that we will move to that version in stretch, it would improve
convenience for users of policykit-1/unstable if we had an equivalent
"local authority" configuration file for that version, perhaps something
analogous to
/var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla.

    S

--- End Message ---

--- Begin Message ---

Source: flatpak
Source-Version: 0.6.4-1

We believe that the bug you reported is fixed in the latest version of
flatpak, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 825...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie <s...@debian.org> (supplier of updated flatpak package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 05 Jun 2016 15:19:00 +0100
Source: flatpak
Binary: flatpak flatpak-builder flatpak-tests gir1.2-flatpak-1.0 libflatpak-dev 
libflatpak-doc libflatpak0
Architecture: source
Version: 0.6.4-1
Distribution: experimental
Urgency: medium
Maintainer: Utopia Maintenance Team 
<pkg-utopia-maintain...@lists.alioth.debian.org>
Changed-By: Simon McVittie <s...@debian.org>
Description:
 flatpak    - Application deployment framework for desktop apps
 flatpak-builder - Flatpak application building helper
 flatpak-tests - Application deployment framework for desktop apps (tests)
 gir1.2-flatpak-1.0 - Application deployment framework for desktop apps 
(introspection)
 libflatpak-dev - Application deployment framework for desktop apps 
(development)
 libflatpak-doc - Application deployment framework for desktop apps 
(documentation)
 libflatpak0 - Application deployment framework for desktop apps (library)
Closes: 825766
Changes:
 flatpak (0.6.4-1) experimental; urgency=medium
 .
   * New upstream release
     - d/p/Correctly-handle-with-privileged-group.patch: drop, no longer
       necessary
     - adjust packaging for new name and location of flatpak-bwrap
     - adjust packaging for new location of installed-tests
   * Unconditionally recommend gtk-update-icon-cache now that it's in
     testing
     - d/p/Try-gtk-3.0-version-of-the-icon-cache-utility-first.patch:
         drop, no longer necessary
   * d/control: update Homepage
   * d/copyright: update Source
   * tests: depend on attr, for setfattr, to get better test coverage
     (still skipped if /var/tmp on the testbed does not support xattrs)
   * d/p/flatpak-run-don-t-fail-if-there-are-no-system-fonts.patch:
     don't fail uses of flatpak-run or the builder test if the system
     has no fonts
   * debian/org.freedesktop.Flatpak.pkla: add an equivalent of the
     upstream JavaScript polkit rules (used by polkit >= 0.106),
     for use with polkit 0.105 as shipped in Debian. This allows members
     of group 'sudo' to install apps and runtimes into the system-wide
     location, from any remote that was previously added/trusted by a
     privileged user, without re-authenticating. (Closes: #825766)
Checksums-Sha1:
 3f27ef6227435d1fc05bd5fc7002a91624b6e6e7 2764 flatpak_0.6.4-1.dsc
 75abe5774f2f5d622271c66a86e2f7688d964164 558052 flatpak_0.6.4.orig.tar.xz
 8cd81e167320e6439beabda837a5b1bb6d5f0472 10872 flatpak_0.6.4-1.debian.tar.xz
Checksums-Sha256:
 c76828697a92f42a48b30a2042dbef96580b68536d41fda25036c9b0e5dd6271 2764 
flatpak_0.6.4-1.dsc
 19ffcff550e71dfd810df2d465fbde1b5539ce0cb83a4ed6de1558c3e91fb275 558052 
flatpak_0.6.4.orig.tar.xz
 1489161424b6caa147f850878295bcc170fb5bdb42ee19312f5cd249e75f9998 10872 
flatpak_0.6.4-1.debian.tar.xz
Files:
 15f46f014bca372faabecb6fb4d0c5c0 2764 admin optional flatpak_0.6.4-1.dsc
 2e27425e2f895177f7f4d4156172676f 558052 admin optional 
flatpak_0.6.4.orig.tar.xz
 1a6b9e7a6a10df2e831f49c5009d31fd 10872 admin optional 
flatpak_0.6.4-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJXVE5RAAoJEE3o/ypjx8yQ/jQP/in09gUCSFW8oRr46oY4Hhe6
dgRzSRx/3Q10iH4DI5qk/mOlcC66V4GtVmEWmj+dKnvzUkcHSd6xkewWEUpcztcc
zBkQ8V1H1wB8lHi54iSKJ5PFrp6VWbSgYg1h4y58KTH3k87NZsFcAN6YYrgfMhnY
KKqPpwXAmJklwNbuQvnDqTn22xuuSt0zvUodpA4Ml9zECPVw0oAFiwXwJ80jkYb3
CRSskqjpJJqD32UWKzefERTM3ZCVybmFcNv71UiFlTyDuEuauhExfym5yvYeMEXU
JW8zR3Ahg+0fLREFRMLkGS8zt0GJX6pi+UW97K+/U4REywcB+pCWNp1fJ3/aOzhS
3DQFrgs4dSgkKPOx7jCCYlP26CxBjqsVdXF40q1jIHRqB8qnIEJvMnqOM8L/DJ8s
U3GTImtbMPI5fGy61fmJkLJitv6U3fZRowBc9lPpJkNMWcgz5QYOTUC+xhwu6RVO
csjC6oWMWO4cVE+ufEA3wjAWXtRVsYlC+472vzrAGuCLSuC3Pmqfo2o7xXXifICP
IrUTpVLy6r4t14eTsUFRx1QQEDGJ6i35RsdgUZwwuV/2oqc2L8cdpHnzB+c3RmMp
QBWTv9zpJrfEwFAZva2UXD5DojsdZressbCKi49a4f2oxHgvlWtzgSzPoJN5zozz
Ueird+hm2Uw9ZijSyTN8
=urfh
-----END PGP SIGNATURE-----

--- End Message ---