From 7482711a664b1e63b19e2fd41c507ae098726f41 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 1 Oct 2013 13:36:52 +0200
Subject: [PATCH] mtr-gtk: migrate from consolehelper to polkit

Previously we used consolehelper in order to authenticate user who wants to run
mtr-gtk. In Fedora we have newer framework providing access control for
privileged operations, policykit.

This commit replaces consolehelper configuration and provides policy file for
policykit and shell wrapper which runs mtr via pkexec. Note that this is not ideal and
we haven't gained a lot by this.

In the long run we should really decouple gtk frontend and mtr backend. Backend
then would have CAP_NET_RAW capability encoded in filesystem and as soon as
possible it would drop that capability and start providing data to be rendered
by gtk frontend which would run completely unprivileged.

http://fedoraproject.org/wiki/Features/UsermodeMigration

Resolves: #502750
---
 .gitignore |  2 ++
 mtr.spec   | 51 +++++++++++++++++++++------------------------------
 sources    |  3 ++-
 3 files changed, 25 insertions(+), 31 deletions(-)

diff --git a/.gitignore b/.gitignore
index 3ff268f..f4ea640 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,5 @@ mtr-0.79.tar.gz
 /mtr-0.84.tar.gz
 /mtr-0.85.tar.gz
 /mtr-0.85.tar.xz
+/mtr-gtk-pkexec-wrapper.sh
+/org.fedoraproject.mtr.policy
diff --git a/mtr.spec b/mtr.spec
index 1d442df..287ac43 100644
--- a/mtr.spec
+++ b/mtr.spec
@@ -3,17 +3,17 @@
 Summary: A network diagnostic tool
 Name: mtr
 Version: 0.85
-Release: 3%{?dist}
+Release: 4%{?dist}
 Epoch: 2
 Group: Applications/Internet
 License: GPLv2+
 URL: http://www.BitWizard.nl/mtr
 Source: %{name}-%{version}.tar.xz
-Source1: xmtr.consolehelper
-Source2: xmtr.pam
-Source3: net-x%{name}.desktop
+Source1: net-x%{name}.desktop
 # script will remove all object files from upstream tarball
-Source4: generate-tarball.sh
+Source2: generate-tarball.sh
+Source3: mtr-gtk-pkexec-wrapper.sh
+Source4: org.fedoraproject.mtr.policy
 
 Patch1: mtr-crash-in-xml-mode.patch
 Patch2: mtr-xml-format-fixes.patch
@@ -33,7 +33,6 @@ useful for using Mtr from a telnet session; and a GTK+ interface for X
 Summary: The GTK+ interface for mtr
 Group: Applications/Internet
 Requires: mtr = %{epoch}:%{version}-%{release}
-Requires: usermode >= 1.37
 
 %description gtk
 The mtr-gtk package provides the GTK+ interface for the mtr network
@@ -52,56 +51,48 @@ export CFLAGS="%{optflags} -fPIE"
 export LDFLAGS="-z now -pie"
 
 %configure --enable-gtk2
-make %{?_smp_mflags} && mv mtr xmtr && make distclean
+make %{?_smp_mflags} && mv mtr xmtr.bin && make distclean
 %configure --without-gtk
 make %{?_smp_mflags}
 
 %install
-mkdir -p %{buildroot}/%{_bindir}
-mkdir -p %{buildroot}/%{_sbindir}
-mkdir -p %{buildroot}/%{_datadir}/pixmaps
-mkdir -p %{buildroot}/%{_mandir}/man8
-install -m 0755 mtr %{buildroot}/%{_sbindir}/mtr
+install -D -p -m 0755 mtr %{buildroot}/%{_sbindir}/mtr
+install -D -p -m 0755 xmtr.bin %{buildroot}/%{_bindir}/xmtr.bin
+install -D -p -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}/xmtr
+install -D -p -m 644 %{SOURCE4} %{buildroot}/%{_datadir}/polkit-1/actions/org.fedoraproject.mtr.policy
+install -D -p -m 644 img/mtr_icon.xpm %{buildroot}/%{_datadir}/pixmaps/mtr_icon.xpm
 make DESTDIR=%{buildroot} install
 
-install -m 0755 xmtr %{buildroot}/%{_bindir}/xmtr.bin
-install -m 644 img/mtr_icon.xpm %{buildroot}/usr/share/pixmaps
-mkdir -p %{buildroot}/%{_sysconfdir}/security/console.apps
-install -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/security/console.apps/xmtr
-mkdir -p %{buildroot}/%{_sysconfdir}/pam.d
-install -m 644 %{SOURCE2} %{buildroot}/etc/pam.d/xmtr
-mkdir -p  %{buildroot}/%{_bindir}
-ln -fs consolehelper %{buildroot}/%{_bindir}/xmtr
-
-mkdir -p %{buildroot}/%{_datadir}/applications
-
 desktop-file-install \
 %if 0%{?fedora} && 0%{?fedora} < 19
     --vendor="fedora"\
 %endif
     --dir=%{buildroot}/%{_datadir}/applications\
-    %{SOURCE3}
+    %{SOURCE1}
 
 %files
 %defattr(-,root,root,-)
 %doc AUTHORS COPYING FORMATS NEWS README SECURITY
-%attr(0755,root,root) %caps(cap_net_raw=pe) %{_sbindir}/mtr
+%caps(cap_net_raw=pe) %{_sbindir}/mtr
 %{_mandir}/man8/*
 
 %files gtk
 %defattr(-,root,root,-)
+%{_bindir}/xmtr
+%{_bindir}/xmtr.bin
+%{_datadir}/pixmaps/mtr_icon.xpm
+%{_datadir}/polkit-1/actions/org.fedoraproject.mtr.policy
 %if 0%{?fedora} && 0%{?fedora} < 19
 %{_datadir}/applications/fedora-net-x%{name}.desktop
 %else
 %{_datadir}/applications/net-x%{name}.desktop
 %endif
-%attr(0755,root,root) %{_bindir}/xmtr.bin
-%{_bindir}/xmtr
-%config(noreplace) %{_sysconfdir}/pam.d/*
-%config(noreplace) %{_sysconfdir}/security/console.apps/*
-%{_datadir}/pixmaps/mtr_icon.xpm
 
 %changelog
+* Tue Oct  1 2013 Michal Sekletar <msekleta@redhat.com> - 2:0.85-4
+- migrate from consolehelper to policykit (#502750)
+- specfile cleanup
+
 * Sat Sep 14 2013 Michal Sekletar <msekleta@redhat.com> - 2:0.85-3
 - enable hardened build
 
diff --git a/sources b/sources
index 5e4017f..e430678 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
-14fd16f69514c70ff646c529794f5d98  mtr-0.85.tar.xz
+8a65f6aec5e2d5f1a665aa76ae649bc9  mtr-gtk-pkexec-wrapper.sh
+c4fb53f4fdb3bbccdace06d34be87dd0  org.fedoraproject.mtr.policy