diff --git a/firewalld.spec b/firewalld.spec index 2ca3c85..75b9c64 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -1,13 +1,13 @@ Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Name: firewalld Version: 0.9.3 -Release: 4%{?dist} +Release: 5%{?dist} URL: http://www.firewalld.org License: GPLv2+ Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz Source1: FedoraServer.xml Source2: FedoraWorkstation.xml -Source3: org.fedoraproject.FirewallD1.rules +Source3: org.fedoraproject.FirewallD1.desktop.rules.choice Patch0: firewalld-0.2.6-MDNS-default.patch BuildArch: noarch BuildRequires: autoconf @@ -36,6 +36,7 @@ Conflicts: cockpit-ws < 173-2 Provides: variant_config(Server) Provides: variant_config(Workstation) +Provides: variant_config(KDE Plasma) # Remove old config subpackages Obsoletes: firewalld-config-standard <= 0.3.15 @@ -119,7 +120,7 @@ desktop-file-install --delete-original \ install -d -m 755 %{buildroot}%{_prefix}/lib/firewalld/zones/ install -c -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraServer.xml install -c -m 644 %{SOURCE2} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraWorkstation.xml -install -m 644 -D %{SOURCE3} %{buildroot}%{_datadir}/polkit-1/rules.d/org.fedoraproject.FirwallD1.rules +install -m 644 -D %{SOURCE3} %{buildroot}%{_datadir}/polkit-1/rules.d/org.fedoraproject.FirewallD1.desktop.rules.choice # standard firewalld.conf mv %{buildroot}%{_sysconfdir}/firewalld/firewalld.conf \ @@ -166,7 +167,7 @@ if [ ! -e %{_sysconfdir}/firewalld/firewalld.conf ]; then server) ln -sf firewalld-server.conf %{_sysconfdir}/firewalld/firewalld.conf || : ;; - workstation | silverblue) + workstation | silverblue | kde) ln -sf firewalld-workstation.conf %{_sysconfdir}/firewalld/firewalld.conf || : ;; *) @@ -177,12 +178,15 @@ fi if [ ! -e %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy ]; then case "$VARIANT_ID" in - workstation | silverblue) + workstation | silverblue | kde) ln -sf org.fedoraproject.FirewallD1.desktop.policy.choice %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || : + ln -sf org.fedoraproject.FirewallD1.desktop.rules.choice %{_datadir}/polkit-1/rules.d/org.fedoraproject.FirewallD1.rules ||: ;; *) # For all other editions, we'll use the Server polkit policy ln -sf org.fedoraproject.FirewallD1.server.policy.choice %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || : + # no extra rules choice here (yet) + rm -f %{_datadir}/polkit-1/rules.d/org.fedoraproject.FirewallD1.rules || : esac fi @@ -195,7 +199,8 @@ fi %{_datadir}/bash-completion/completions/firewall-cmd %dir %{_datadir}/zsh/site-functions %{_datadir}/zsh/site-functions/_firewalld -%{_datadir}/polkit-1/rules.d/org.fedoraproject.FirwallD1.rules +%{_datadir}/polkit-1/rules.d/org.fedoraproject.FirewallD1.desktop.rules.choice +%ghost %config(missingok,noreplace) %{_datadir}/polkit-1/rules.d/org.fedoraproject.FirewallD1.rules %{_prefix}/lib/firewalld/icmptypes/*.xml %{_prefix}/lib/firewalld/ipsets/README %{_prefix}/lib/firewalld/policies/*.xml @@ -281,6 +286,10 @@ fi %{_mandir}/man1/firewall-config*.1* %changelog +* Fri Mar 26 2021 Rex Dieter - 0.9.3-5 +- apply new policy for desktop only +- apply desktop policy to "KDE Plasma" variant too + * Tue Mar 23 2021 Rex Dieter - 0.9.3-4 - add polkit rule for admin users diff --git a/org.fedoraproject.FirewallD1.rules b/org.fedoraproject.FirewallD1.rules deleted file mode 100644 index 883c600..0000000 --- a/org.fedoraproject.FirewallD1.rules +++ /dev/null @@ -1,18 +0,0 @@ -// firewalld authorizations/policy for the wheel group. -// -// DO NOT EDIT THIS FILE, it will be overwritten on update. -// -// Allow users in the wheel group to use firewalld without being -// interrupted by a password dialog - -polkit.addRule(function(action, subject) { - if ((action.id == "org.fedoraproject.FirewallD1.config" || - action.id == "org.fedoraproject.FirewallD1.direct" || - action.id == "org.fedoraproject.FirewallD1.ipset" || - action.id == "org.fedoraproject.FirewallD1.policy" || - action.id == "org.fedoraproject.FirewallD1.zone") && - subject.active == true && subject.local == true && - subject.isInGroup("wheel")) { - return polkit.Result.YES; - } -});