apply new rules for desktop only, apply desktop polity for kde variant

2021-03-26 13:21:12 -05:00 · 2021-03-26 13:21:12 -05:00 · a4cd21f754
commit a4cd21f754
parent be056e2323
2 changed files with 15 additions and 24 deletions
--- a/firewalld.spec
+++ b/firewalld.spec
@ -1,13 +1,13 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 0.9.3
-Release: 4%{?dist}
+Release: 5%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
 Source1: FedoraServer.xml
 Source2: FedoraWorkstation.xml
-Source3: org.fedoraproject.FirewallD1.rules
+Source3: org.fedoraproject.FirewallD1.desktop.rules.choice
 Patch0: firewalld-0.2.6-MDNS-default.patch
 BuildArch: noarch
 BuildRequires: autoconf
@ -36,6 +36,7 @@ Conflicts: cockpit-ws < 173-2
 Provides: variant_config(Server)
 Provides: variant_config(Workstation)
 Provides: variant_config(KDE Plasma)
 # Remove old config subpackages
 Obsoletes: firewalld-config-standard <= 0.3.15
@ -119,7 +120,7 @@ desktop-file-install --delete-original \
 install -d -m 755 %{buildroot}%{_prefix}/lib/firewalld/zones/
 install -c -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraServer.xml
 install -c -m 644 %{SOURCE2} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraWorkstation.xml
-install -m 644 -D %{SOURCE3} %{buildroot}%{_datadir}/polkit-1/rules.d/org.fedoraproject.FirwallD1.rules
+install -m 644 -D %{SOURCE3} %{buildroot}%{_datadir}/polkit-1/rules.d/org.fedoraproject.FirewallD1.desktop.rules.choice
 # standard firewalld.conf
 mv %{buildroot}%{_sysconfdir}/firewalld/firewalld.conf \
@ -166,7 +167,7 @@ if [ ! -e %{_sysconfdir}/firewalld/firewalld.conf ]; then
        server)
            ln -sf firewalld-server.conf %{_sysconfdir}/firewalld/firewalld.conf || :
            ;;
-        workstation | silverblue)
+        workstation | silverblue | kde)
            ln -sf firewalld-workstation.conf %{_sysconfdir}/firewalld/firewalld.conf || :
            ;;
        *)
@ -177,12 +178,15 @@ fi
 if [ ! -e %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy ]; then
    case "$VARIANT_ID" in
-        workstation | silverblue)
+        workstation | silverblue | kde)
            ln -sf org.fedoraproject.FirewallD1.desktop.policy.choice %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
            ln -sf org.fedoraproject.FirewallD1.desktop.rules.choice  %{_datadir}/polkit-1/rules.d/org.fedoraproject.FirewallD1.rules ||:
            ;;
        *)
            # For all other editions, we'll use the Server polkit policy
            ln -sf org.fedoraproject.FirewallD1.server.policy.choice %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
            # no extra rules choice here (yet)
            rm -f %{_datadir}/polkit-1/rules.d/org.fedoraproject.FirewallD1.rules || :
    esac
 fi
@ -195,7 +199,8 @@ fi
 %{_datadir}/bash-completion/completions/firewall-cmd
 %dir %{_datadir}/zsh/site-functions
 %{_datadir}/zsh/site-functions/_firewalld
-%{_datadir}/polkit-1/rules.d/org.fedoraproject.FirwallD1.rules
+%{_datadir}/polkit-1/rules.d/org.fedoraproject.FirewallD1.desktop.rules.choice
 %ghost %config(missingok,noreplace) %{_datadir}/polkit-1/rules.d/org.fedoraproject.FirewallD1.rules
 %{_prefix}/lib/firewalld/icmptypes/*.xml
 %{_prefix}/lib/firewalld/ipsets/README
 %{_prefix}/lib/firewalld/policies/*.xml
@ -281,6 +286,10 @@ fi
 %{_mandir}/man1/firewall-config*.1*
 %changelog
 * Fri Mar 26 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.9.3-5
 - apply new policy for desktop only
 - apply desktop policy to "KDE Plasma" variant too
 * Tue Mar 23 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.9.3-4
 - add polkit rule for admin users
--- a/org.fedoraproject.FirewallD1.rules
+++ b/org.fedoraproject.FirewallD1.rules
@ -1,18 +0,0 @@
 // firewalld authorizations/policy for the wheel group.
 //
 // DO NOT EDIT THIS FILE, it will be overwritten on update.
 //
 // Allow users in the wheel group to use firewalld without being 
 // interrupted by a password dialog
 polkit.addRule(function(action, subject) {
    if ((action.id == "org.fedoraproject.FirewallD1.config" ||
 	 action.id == "org.fedoraproject.FirewallD1.direct" ||
         action.id == "org.fedoraproject.FirewallD1.ipset" ||
         action.id == "org.fedoraproject.FirewallD1.policy" ||
         action.id == "org.fedoraproject.FirewallD1.zone") &&
 	 subject.active == true && subject.local == true &&
         subject.isInGroup("wheel")) {
         return polkit.Result.YES;
    }
 });