rpms/hal/devel hal-0.5.12-use-at-console.patch, NONE, 1.1 hal.spec, 1.195, 1.196

Matthias Clasen mclasen at fedoraproject.org
Thu Jul 23 01:28:12 UTC 2009 

Author: mclasen

Update of /cvs/pkgs/rpms/hal/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2566

Modified Files:
	hal.spec 
Added Files:
	hal-0.5.12-use-at-console.patch 
Log Message:
- Disable ConsoleKit+PolicyKit support and lock down most interfaces with at_console
- Disable ACL management, this is now handled by udev >= 145



hal-0.5.12-use-at-console.patch:
 hal.conf.in |    3 +++
 1 file changed, 3 insertions(+)

--- NEW FILE hal-0.5.12-use-at-console.patch ---
--- hal-0.5.12/hal.conf.in.orig	2009-07-22 19:58:15.000000000 -0400
+++ hal-0.5.12/hal.conf.in	2009-07-22 20:03:01.000000000 -0400
@@ -25,7 +25,10 @@
            send_interface="org.freedesktop.Hal.Device"/>
     <allow send_destination="org.freedesktop.Hal"
            send_interface="org.freedesktop.Hal.Manager"/>
+  </policy>
 
+  <!-- Only allow users at the local console to manipulate devices -->
+  <policy at_console="true">
     <allow send_destination="org.freedesktop.Hal"
            send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
     <allow send_destination="org.freedesktop.Hal"


Index: hal.spec
===================================================================
RCS file: /cvs/pkgs/rpms/hal/devel/hal.spec,v
retrieving revision 1.195
retrieving revision 1.196
diff -u -p -r1.195 -r1.196
--- hal.spec	14 Jun 2009 21:11:46 -0000	1.195
+++ hal.spec	23 Jul 2009 01:28:11 -0000	1.196
@@ -5,7 +5,7 @@
 %define dbus_python_version     0.70
 %define pygtk2                  2.0.0
 %define gnome_python2           2.0.0
-%define udev_version            089-1
+%define udev_version            145
 %define util_linux_version      2.12a-16
 %define initscripts_version     8.04-1
 %define kernel_version          2.6.17
@@ -18,7 +18,6 @@
 %define gtk_doc_version         1.4
 %define consolekit_version      0.2.0
 %define acl_version             2.2.39
-%define policykit_version       0.7
 %define gperf_version           3.0.1
 %define alphatag                20090226git
 
@@ -28,7 +27,7 @@ Summary: Hardware Abstraction Layer
 Name: hal
 Version: 0.5.12
 #Release: 14%{?dist}
-Release: 26.%{?alphatag}%{?dist}.3
+Release: 26.%{?alphatag}%{?dist}.4
 URL: http://www.freedesktop.org/Software/hal
 #Source0: http://hal.freedesktop.org/releases/%{name}-%{version}rc1.tar.bz2
 Source0: http://hal.freedesktop.org/releases/%{name}-%{version}-%{?alphatag}.tar.gz
@@ -54,6 +53,8 @@ Patch9: hal-KVM-evdev.patch
 # from upstream
 Patch10: blkid.patch
 
+Patch100: hal-0.5.12-use-at-console.patch
+
 License: AFL or GPLv2
 Group: System Environment/Libraries
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) 
@@ -61,7 +62,6 @@ Requires(post): chkconfig
 Requires(preun): chkconfig
 Requires(post): /sbin/ldconfig
 Requires(pre): /usr/sbin/useradd
-Requires(pre): /usr/bin/polkit-auth
 Requires(postun): gawk, grep, coreutils, /sbin/ldconfig
 BuildRequires: expat-devel >= %{expat_version}
 BuildRequires: glib2-devel >= %{glib2_version}
@@ -76,7 +76,6 @@ BuildRequires: gtk-doc >= %{gtk_doc_vers
 BuildRequires: libblkid-devel
 BuildRequires: pciutils-devel >= %{pciutils_version}
 BuildRequires: xmlto
-BuildRequires: PolicyKit-devel >= %{policykit_version}
 BuildRequires: gperf >= %{gperf_version}
 
 %ifnarch s390 s390x
@@ -100,7 +99,6 @@ Requires: libusb >= %{libusb_version}
 Requires: dmidecode >= %{dmidecode_version}
 %endif
 Requires: ConsoleKit >= %{consolekit_version}
-Requires: PolicyKit >= %{policykit_version}
 Requires: acl >= %{acl_version}
 Requires: hal-libs = %{version}-%{release}
 Requires: hal-info
@@ -150,6 +148,7 @@ API docs for HAL.
 %patch8 -p1 -b .fix-udev
 %patch9 -p1 -b .kvm-evdev
 %patch10 -p1 -b .blkid
+%patch100 -p1 -b .drop-polkit
 
 autoreconf -i -f
 
@@ -159,9 +158,8 @@ autoreconf -i -f
     --docdir=%{_docdir}/%{name}-%{version}  \
     --with-os-type=redhat                   \
     --with-udev-prefix=/etc                 \
-    --enable-console-kit                    \
-    --enable-policy-kit                     \
-    --enable-acl-management                 \
+    --disable-console-kit                   \
+    --disable-policy-kit                    \
     --enable-umount-helper                  \
     --enable-acpi-ibm                       \
     --disable-smbios			    \
@@ -179,9 +177,6 @@ make install DESTDIR=$RPM_BUILD_ROOT
 # deprecated keys
 cp -p fdi/information/10freedesktop/01-deprecated-keys.fdi $RPM_BUILD_ROOT%{_datadir}/hal/fdi/information/10freedesktop/
 
-# OLPC detection hack
-install -D -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_datadir}/hal/fdi/policy/10osvendor/05-olpc-detect.fdi
-
 cp README AUTHORS NEWS COPYING HACKING $RPM_BUILD_ROOT%{_datadir}/doc/%{name}-%{version}
 
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
@@ -198,9 +193,6 @@ rm -rf $RPM_BUILD_ROOT
 /usr/sbin/useradd -c 'HAL daemon' -u %{hal_user_uid} \
     -s /sbin/nologin -r -d '/' haldaemon 2> /dev/null || :
 
-# User haldaemon needs to be able to read authorizations
-/usr/bin/polkit-auth --user haldaemon --grant org.freedesktop.policykit.read >& /dev/null || :
-
 %post
 /sbin/ldconfig
 /sbin/chkconfig --add haldaemon
@@ -268,8 +260,6 @@ fi
 
 /etc/udev/rules.d/90-hal.rules
 
-%{_datadir}/PolicyKit/policy/*
-
 %attr(0700,haldaemon,haldaemon) %dir %{_localstatedir}/cache/hald
 %attr(0700,haldaemon,haldaemon) %dir %{_localstatedir}/run/hald
 %ghost %{_localstatedir}/run/hald/acl-list
@@ -298,6 +288,10 @@ fi
 %{_datadir}/gtk-doc/html/libhal-storage/*
 
 %changelog
+* Wed Jul 22 2009 David Zeuthen <davidz at redhat.com> - 0.5.12-26.20090226git.4
+- Disable ConsoleKit+PolicyKit support and lock down most interfaces with at_console
+- Disable ACL management, this is now handled by udev >= 145
+
 * Sun Jun 14 2009 Matthias Clasen <mclasen at redhat.com> - 0.5.12-26.20090226git.3
 - Should not own /etc/dbus-1/system.d

More information about the fedora-extras-commits mailing list