On (02/02/16 13:44), Lukas Slebodnik wrote:
>On (01/02/16 10:09), Alexander Bokovoy wrote:
>>On Thu, 28 Jan 2016, Lukas Slebodnik wrote:
>>>On (26/01/16 11:10), Alexander Bokovoy wrote:
>>>>On Tue, 26 Jan 2016, Lukas Slebodnik wrote:
>>>>>On (26/01/16 10:44), Alexander Bokovoy wrote:
>>>>>>On Tue, 26 Jan 2016, Sumit Bose wrote:
>>>>>>>On Tue, Jan 26, 2016 at 09:09:06AM +0100, Lukas Slebodnik wrote:
>>>>>>>>On (25/01/16 18:40), Sumit Bose wrote:
>>>>>>>>>On Mon, Jan 25, 2016 at 06:24:54PM +0100, Lukas Slebodnik wrote:
>>>>>>>>>>On (25/01/16 18:12), Sumit Bose wrote:
>>>>>>>>>>>On Mon, Jan 25, 2016 at 03:35:03PM +0100, Lukas Slebodnik wrote:
>>>>>>>>>>>>ehlo,
>>>>>>>>>>>>
>>>>>>>>>>>>we (Jakub, me) didn't catch this as part of review.
>>>>>>>>>>>>I tested on minimal machine. Later I saw conflict when I was testing
>>>>>>>>>>>>latest sssd with freeipa-server.
>>>>>>>>>>>>
>>>>>>>>>>>>I think we can ignore unowned directory /usr/share/polkit-1/rules.d
>>>>>>>>>>>>or we can add dependecy (soft dependency on fedora) to polkit.
>>>>>>>>>>>>
>>>>>>>>>>>>LS
>>>>>>>>>>>
>>>>>>>>>>>I think you see the conflict because of different permissions and
>>>>>>>>>>>ownerships of the directory:
>>>>>>>>>>>
>>>>>>>>>>>polkit:
>>>>>>>>>>>drwx------ 2 polkitd root 0 Jul 14 2015
>>>>>>>>>>>/usr/share/polkit-1/rules.d
>>>>>>>>>>>
>>>>>>>>>>>sssd-common:
>>>>>>>>>>>drwxr-xr-x 2 root root 0 Jan 22 18:28
>>>>>>>>>>>/usr/share/polkit-1/rules.d
>>>>>>>>>>>
>>>>>>>>>>>so something like
>>>>>>>>>>>
>>>>>>>>>>>-%dir %{_datadir}/polkit-1/rules.d
>>>>>>>>>>>+%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d
>>>>>>>>>>>
>>>>>>>>>>>should (hopefully) resolve the conflict.
>>>>>>>>>>>
>>>>>>>>>>No :-(,
>>>>>>>>>>@see commit message.
>>>>>>>>>
>>>>>>>>>ah, sorry for not reading carefully enough. It looks like the other
>>>>>>>>>packages which put stuff in /usr/share/polkit-1/rules.d directly or
>>>>>>>>>indirectly require polkit.
>>>>>>>>Should we depend on polkit as well?
>>>>>>>
>>>>>>>no, because it is only needed if you want to do Smartcard authentication
>>>>>>>and SSSD is not running as root.
>>>>>>Then I would suggest to put these files into a sub-package and make that
>>>>>>sub-package to depend on polkit.
>>>>>>
>>>>>>Current situation is definitely a blocker as almost all interactive
>>>>>>installs of
>>>>>>Fedora have polkit whether via xorg-x11-drv-intel or rolekit.
>>>>>>Additionally, all IPA clients will have polkit installed due to
>>>>>>ntp/chrony requiring timedatex which requires polkit.
>>>>>>
>>>>>It's not a problem in fedora ATM.
>>>>>Because fedora is build with --disable-polkit-rules-path.
>>>>>
>>>>>The question is what soudl be done if we install_pcscd_polkit_rule.
>>>>>optional sub-package might be a good compromise.
>>>>>
>>>>>Do you have an idea for name?
>>>>sssd-polkit-policies ?
>>>Alexander has already WIP patch
>>>https://github.com/abbra/sssd/commit/5dc6cf3af155c0a014be84aa944a4c7a4aa876ea
>>>
>>>But he is busy with preparation for FOSDEM.
>>>He will send patch later.
>>Patch attached. I've renamed the subpackage to sssd-polkit-rules as
>>discussed on IRC last week.
>>
>>--
>>/ Alexander Bokovoy
>
>>From 2bffdd0142960dcf559c072c5d5a6784e8dacec0 Mon Sep 17 00:00:00 2001
>>From: Alexander Bokovoy <aboko...@redhat.com>
>>Date: Wed, 27 Jan 2016 09:48:39 +0200
>>Subject: [PATCH 7/7] Move polkit rules into sssd-polkit-rules subpackage
>>
>>---
>> contrib/sssd.spec.in | 24 ++++++++++++++++++------
>> 1 file changed, 18 insertions(+), 6 deletions(-)
>>
>>diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
>
>ACK
>http://sssd-ci.duckdns.org/logs/job/36/97/summary.html
>
>Sumit is fine as well
>
>14:34 < lslebodn> sbose: Any comments/objections to Alexander's polkit patch
>14:35 < sbose> lslebodn, no, I'm fine.
>
master:
* ff970b06abf095d6611b356c392697b39347ad94
LS
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
