Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2019-05-06 13:19:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "permissions" Mon May 6 13:19:38 2019 rev:122 rq:700154 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-02-19 13:54:52.508726137 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new.5148/permissions.changes 2019-05-06 13:19:43.108310935 +0200 @@ -1,0 +2,30 @@ +Thu May 2 09:46:05 UTC 2019 - jseg...@suse.com + +- Fixed versions. Removed set_version from _service file, doesn't + work with the new packaging. Call fix_version.sh to set current + date as version instead +- Fixed requires for -config and -zypp-plugin + +------------------------------------------------------------------- +Tue Apr 30 08:57:37 UTC 2019 - opensuse-packag...@opensuse.org + +- Update to version 20190429: + * removed entry for /var/cache/man. Conflicts with packaging and man:man is + the better setting anyway (bsc#1133678) + * fixed error in description of permissions.paranoid. Make it clear that this + is not a usable profile, but intended as a base for own developments + +------------------------------------------------------------------- +Sat Apr 13 17:12:12 UTC 2019 - Jan Engelhardt <jeng...@inai.de> + +- Fix RPM group, fix hard requirement on documentation. + Update description typography. + +------------------------------------------------------------------- +Thu Apr 11 11:18:36 UTC 2019 - jseg...@suse.com + +- Created new subpackages -config, -doc and standalone package chkstat + where we can start a better versioning scheme and require it from the + original package + +------------------------------------------------------------------- Old: ---- permissions-20190212.tar.xz New: ---- fix_version.sh permissions-20190429.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ permissions.spec ++++++ --- /var/tmp/diff_new_pack.W95Pli/_old 2019-05-06 13:19:43.568311983 +0200 +++ /var/tmp/diff_new_pack.W95Pli/_new 2019-05-06 13:19:43.572311992 +0200 @@ -16,8 +16,10 @@ # +%define VERSION 20190429 + Name: permissions -Version: 20190212 +Version: %{VERSION} Release: 0 Summary: SUSE Linux Default Permissions # Maintained in github by the security team. @@ -25,17 +27,16 @@ Group: Productivity/Security Url: http://github.com/openSUSE/permissions Source: permissions-%{version}.tar.xz +Source1: fix_version.sh BuildRequires: libcap-devel #!BuildIgnore: group(trusted) Requires(post): %fillup_prereq Requires(pre): group(trusted) +Requires: chkstat +Requires: permissions-config +Recommends: permissions-doc Provides: aaa_base:%{_sysconfdir}/permissions -%description -Permission settings of files and directories depending on the local -security settings. The local security setting (easy, secure, or paranoid) -can be configured in /etc/sysconfig/security. - %prep %setup -q @@ -45,25 +46,66 @@ %install %make_install fillupdir=%{_fillupdir} -%post -%{fillup_only -n security} -# apply all potentially changed permissions -%{_bindir}/chkstat --system +%description +Permission settings of files and directories depending on the local +security settings. The local security setting ("easy", "secure", or "paranoid") +can be configured in /etc/sysconfig/security. + +This package does not contain files, it just requires the necessary packages. %files + +%package doc +Summary: SUSE Linux Default Permissions documentation +Group: Documentation/Man +Version: %{suse_version}_%{VERSION} +Release: 0 + +%description doc +Documentation for the permission files /etc/permissions*. + +%files doc +%{_mandir}/man5/permissions.5%{ext_man} + +%package config +Summary: SUSE Linux Default Permissions config files +Group: Productivity/Security +Version: %{suse_version}_%{VERSION} +Release: 0 +Requires(post): chkstat + +%description config +The actual permissions configuration files, /etc/permission.*. + +%files config %config %{_sysconfdir}/permissions %config %{_sysconfdir}/permissions.easy %config %{_sysconfdir}/permissions.secure %config %{_sysconfdir}/permissions.paranoid %config(noreplace) %{_sysconfdir}/permissions.local +%{_fillupdir}/sysconfig.security + +%post config +%{fillup_only -n security} +# apply all potentially changed permissions +%{_bindir}/chkstat --system + +%package -n chkstat +Summary: SUSE Linux Default Permissions tool +Group: Productivity/Security +Version: %{suse_version}_%{VERSION} +Release: 0 + +%description -n chkstat +Tool to check and set file permissions. + +%files -n chkstat %{_bindir}/chkstat -%{_mandir}/man5/permissions.5%{ext_man} %{_mandir}/man8/chkstat.8%{ext_man} -%{_fillupdir}/sysconfig.security %package -n permissions-zypp-plugin BuildArch: noarch -Requires: permissions = %version +Requires: permissions = %{VERSION} Requires: python3-zypp-plugin Requires: libzypp(plugin:commit) = 1 Summary: A zypper commit plugin for calling chkstat ++++++ _service ++++++ --- /var/tmp/diff_new_pack.W95Pli/_old 2019-05-06 13:19:43.592312037 +0200 +++ /var/tmp/diff_new_pack.W95Pli/_new 2019-05-06 13:19:43.592312037 +0200 @@ -9,5 +9,4 @@ <param name="file">*.tar</param> <param name="compression">xz</param> </service> - <service name="set_version" mode="disabled"/> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.W95Pli/_old 2019-05-06 13:19:43.604312065 +0200 +++ /var/tmp/diff_new_pack.W95Pli/_new 2019-05-06 13:19:43.604312065 +0200 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/openSUSE/permissions.git</param> - <param name="changesrevision">b3af647ecf37350b62e774e798e2ce4b7f0bff60</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">938c49d3c1b0820d2a301a8018709efed9a6ce61</param></service></servicedata> \ No newline at end of file ++++++ fix_version.sh ++++++ #!/bin/sh version=`date '+%Y%m%d'` echo "setting version to ${version}" sed -E -i -e "s/^%define VERSION [0-9]+/%define VERSION ${version}/" permissions.spec ++++++ permissions-20190212.tar.xz -> permissions-20190429.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20190212/permissions new/permissions-20190429/permissions --- old/permissions-20190212/permissions 2019-02-12 15:17:25.000000000 +0100 +++ new/permissions-20190429/permissions 2019-04-29 17:10:17.000000000 +0200 @@ -67,7 +67,6 @@ /var/adm/ root:root 755 /var/adm/backup/ root:root 700 /var/cache/ root:root 755 -/var/cache/man/ man:root 755 /var/run/nscd/socket root:root 666 /run/nscd/socket root:root 666 /var/run/sudo/ root:root 700 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20190212/permissions.paranoid new/permissions-20190429/permissions.paranoid --- old/permissions-20190212/permissions.paranoid 2019-02-12 15:17:25.000000000 +0100 +++ new/permissions-20190429/permissions.paranoid 2019-04-29 17:10:17.000000000 +0200 @@ -9,9 +9,10 @@ # # /etc/permissions.paranoid is NOT designed to be used in a single-user as # well as a multi-user installation, be it networked or not. +# # Derived from /etc/permissions.secure, it has _all_ sgid and suid bits -# cleared - therefore, the system might be useable for non-privileged users -# except for simple tasks like changing passwords and such. In addition, +# cleared - therefore, the system is probably not useable for non-privileged +# users except for simple tasks like changing passwords and such. In addition, # some of the configuration files are not readable for world any more. # # Feel free to use this file as a basis of a system configuration that meets diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20190212/permissions.secure new/permissions-20190429/permissions.secure --- old/permissions-20190212/permissions.secure 2019-02-12 15:17:25.000000000 +0100 +++ new/permissions-20190429/permissions.secure 2019-04-29 17:10:17.000000000 +0200 @@ -27,7 +27,7 @@ # file is of no use since the data used can be obtained from the /proc file # system or interface configuration as well. Also, system programs such as # /sbin/ifconfig or /sbin/route are not changed because nosey users can -# bring their own. "Security by obscurity" will add any significant +# bring their own. "Security by obscurity" will not add any significant # security-related advantage to the system. Keep in mind that curiosity # is a major motivation for your users to try to see behind the curtain. # @@ -81,7 +81,7 @@ # suid system programs that need the suid bit to work: # /bin/su root:root 4755 -# disable at and cron for users that do not belnong to the group "trusted" +# disable at and cron for users that do not belong to the group "trusted" /usr/bin/at root:trusted 4750 /usr/bin/crontab root:trusted 4750 /usr/bin/gpasswd root:shadow 4755