Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2019-05-06 13:19:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.5148 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "permissions"
Mon May 6 13:19:38 2019 rev:122 rq:700154 version:unknown
Changes:
--------
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-02-19
13:54:52.508726137 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new.5148/permissions.changes
2019-05-06 13:19:43.108310935 +0200
@@ -1,0 +2,30 @@
+Thu May 2 09:46:05 UTC 2019 - jseg...@suse.com
+
+- Fixed versions. Removed set_version from _service file, doesn't
+ work with the new packaging. Call fix_version.sh to set current
+ date as version instead
+- Fixed requires for -config and -zypp-plugin
+
+-------------------------------------------------------------------
+Tue Apr 30 08:57:37 UTC 2019 - opensuse-packag...@opensuse.org
+
+- Update to version 20190429:
+ * removed entry for /var/cache/man. Conflicts with packaging and man:man is
+ the better setting anyway (bsc#1133678)
+ * fixed error in description of permissions.paranoid. Make it clear that this
+ is not a usable profile, but intended as a base for own developments
+
+-------------------------------------------------------------------
+Sat Apr 13 17:12:12 UTC 2019 - Jan Engelhardt <jeng...@inai.de>
+
+- Fix RPM group, fix hard requirement on documentation.
+ Update description typography.
+
+-------------------------------------------------------------------
+Thu Apr 11 11:18:36 UTC 2019 - jseg...@suse.com
+
+- Created new subpackages -config, -doc and standalone package chkstat
+ where we can start a better versioning scheme and require it from the
+ original package
+
+-------------------------------------------------------------------
Old:
----
permissions-20190212.tar.xz
New:
----
fix_version.sh
permissions-20190429.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ permissions.spec ++++++
--- /var/tmp/diff_new_pack.W95Pli/_old 2019-05-06 13:19:43.568311983 +0200
+++ /var/tmp/diff_new_pack.W95Pli/_new 2019-05-06 13:19:43.572311992 +0200
@@ -16,8 +16,10 @@
#
+%define VERSION 20190429
+
Name: permissions
-Version: 20190212
+Version: %{VERSION}
Release: 0
Summary: SUSE Linux Default Permissions
# Maintained in github by the security team.
@@ -25,17 +27,16 @@
Group: Productivity/Security
Url: http://github.com/openSUSE/permissions
Source: permissions-%{version}.tar.xz
+Source1: fix_version.sh
BuildRequires: libcap-devel
#!BuildIgnore: group(trusted)
Requires(post): %fillup_prereq
Requires(pre): group(trusted)
+Requires: chkstat
+Requires: permissions-config
+Recommends: permissions-doc
Provides: aaa_base:%{_sysconfdir}/permissions
-%description
-Permission settings of files and directories depending on the local
-security settings. The local security setting (easy, secure, or paranoid)
-can be configured in /etc/sysconfig/security.
-
%prep
%setup -q
@@ -45,25 +46,66 @@
%install
%make_install fillupdir=%{_fillupdir}
-%post
-%{fillup_only -n security}
-# apply all potentially changed permissions
-%{_bindir}/chkstat --system
+%description
+Permission settings of files and directories depending on the local
+security settings. The local security setting ("easy", "secure", or "paranoid")
+can be configured in /etc/sysconfig/security.
+
+This package does not contain files, it just requires the necessary packages.
%files
+
+%package doc
+Summary: SUSE Linux Default Permissions documentation
+Group: Documentation/Man
+Version: %{suse_version}_%{VERSION}
+Release: 0
+
+%description doc
+Documentation for the permission files /etc/permissions*.
+
+%files doc
+%{_mandir}/man5/permissions.5%{ext_man}
+
+%package config
+Summary: SUSE Linux Default Permissions config files
+Group: Productivity/Security
+Version: %{suse_version}_%{VERSION}
+Release: 0
+Requires(post): chkstat
+
+%description config
+The actual permissions configuration files, /etc/permission.*.
+
+%files config
%config %{_sysconfdir}/permissions
%config %{_sysconfdir}/permissions.easy
%config %{_sysconfdir}/permissions.secure
%config %{_sysconfdir}/permissions.paranoid
%config(noreplace) %{_sysconfdir}/permissions.local
+%{_fillupdir}/sysconfig.security
+
+%post config
+%{fillup_only -n security}
+# apply all potentially changed permissions
+%{_bindir}/chkstat --system
+
+%package -n chkstat
+Summary: SUSE Linux Default Permissions tool
+Group: Productivity/Security
+Version: %{suse_version}_%{VERSION}
+Release: 0
+
+%description -n chkstat
+Tool to check and set file permissions.
+
+%files -n chkstat
%{_bindir}/chkstat
-%{_mandir}/man5/permissions.5%{ext_man}
%{_mandir}/man8/chkstat.8%{ext_man}
-%{_fillupdir}/sysconfig.security
%package -n permissions-zypp-plugin
BuildArch: noarch
-Requires: permissions = %version
+Requires: permissions = %{VERSION}
Requires: python3-zypp-plugin
Requires: libzypp(plugin:commit) = 1
Summary: A zypper commit plugin for calling chkstat
++++++ _service ++++++
--- /var/tmp/diff_new_pack.W95Pli/_old 2019-05-06 13:19:43.592312037 +0200
+++ /var/tmp/diff_new_pack.W95Pli/_new 2019-05-06 13:19:43.592312037 +0200
@@ -9,5 +9,4 @@
<param name="file">*.tar</param>
<param name="compression">xz</param>
</service>
- <service name="set_version" mode="disabled"/>
</services>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.W95Pli/_old 2019-05-06 13:19:43.604312065 +0200
+++ /var/tmp/diff_new_pack.W95Pli/_new 2019-05-06 13:19:43.604312065 +0200
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/openSUSE/permissions.git</param>
- <param
name="changesrevision">b3af647ecf37350b62e774e798e2ce4b7f0bff60</param></service></servicedata>
\ No newline at end of file
+ <param
name="changesrevision">938c49d3c1b0820d2a301a8018709efed9a6ce61</param></service></servicedata>
\ No newline at end of file
++++++ fix_version.sh ++++++
#!/bin/sh
version=`date '+%Y%m%d'`
echo "setting version to ${version}"
sed -E -i -e "s/^%define VERSION [0-9]+/%define VERSION ${version}/"
permissions.spec
++++++ permissions-20190212.tar.xz -> permissions-20190429.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20190212/permissions
new/permissions-20190429/permissions
--- old/permissions-20190212/permissions 2019-02-12 15:17:25.000000000
+0100
+++ new/permissions-20190429/permissions 2019-04-29 17:10:17.000000000
+0200
@@ -67,7 +67,6 @@
/var/adm/ root:root 755
/var/adm/backup/ root:root 700
/var/cache/ root:root 755
-/var/cache/man/ man:root 755
/var/run/nscd/socket root:root 666
/run/nscd/socket root:root 666
/var/run/sudo/ root:root 700
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20190212/permissions.paranoid
new/permissions-20190429/permissions.paranoid
--- old/permissions-20190212/permissions.paranoid 2019-02-12
15:17:25.000000000 +0100
+++ new/permissions-20190429/permissions.paranoid 2019-04-29
17:10:17.000000000 +0200
@@ -9,9 +9,10 @@
#
# /etc/permissions.paranoid is NOT designed to be used in a single-user as
# well as a multi-user installation, be it networked or not.
+#
# Derived from /etc/permissions.secure, it has _all_ sgid and suid bits
-# cleared - therefore, the system might be useable for non-privileged users
-# except for simple tasks like changing passwords and such. In addition,
+# cleared - therefore, the system is probably not useable for non-privileged
+# users except for simple tasks like changing passwords and such. In addition,
# some of the configuration files are not readable for world any more.
#
# Feel free to use this file as a basis of a system configuration that meets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20190212/permissions.secure
new/permissions-20190429/permissions.secure
--- old/permissions-20190212/permissions.secure 2019-02-12 15:17:25.000000000
+0100
+++ new/permissions-20190429/permissions.secure 2019-04-29 17:10:17.000000000
+0200
@@ -27,7 +27,7 @@
# file is of no use since the data used can be obtained from the /proc file
# system or interface configuration as well. Also, system programs such as
# /sbin/ifconfig or /sbin/route are not changed because nosey users can
-# bring their own. "Security by obscurity" will add any significant
+# bring their own. "Security by obscurity" will not add any significant
# security-related advantage to the system. Keep in mind that curiosity
# is a major motivation for your users to try to see behind the curtain.
#
@@ -81,7 +81,7 @@
# suid system programs that need the suid bit to work:
#
/bin/su root:root 4755
-# disable at and cron for users that do not belnong to the group "trusted"
+# disable at and cron for users that do not belong to the group "trusted"
/usr/bin/at root:trusted 4750
/usr/bin/crontab root:trusted 4750
/usr/bin/gpasswd root:shadow 4755
