rpms/mtr
5
0
Fork 0
Code Issues Pull Requests Releases Activity

mtr-gtk: migrate from consolehelper to polkit

Browse Source 
Previously we used consolehelper in order to authenticate user who wants to run
mtr-gtk. In Fedora we have newer framework providing access control for
privileged operations, policykit.

This commit replaces consolehelper configuration and provides policy file for
policykit and shell wrapper which runs mtr via pkexec. Note that this is not ideal and
we haven't gained a lot by this.

In the long run we should really decouple gtk frontend and mtr backend. Backend
then would have CAP_NET_RAW capability encoded in filesystem and as soon as
possible it would drop that capability and start providing data to be rendered
by gtk frontend which would run completely unprivileged.

http://fedoraproject.org/wiki/Features/UsermodeMigration

Resolves: #502750
This commit is contained in:
Michal Sekletar 2013-10-01 13:36:52 +02:00
parent be24752376
commit 7482711a66
3 changed files with 25 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -6,3 +6,5 @@ mtr-0.79.tar.gz
/mtr-0.84.tar.gz /mtr-0.84.tar.gz
/mtr-0.85.tar.gz /mtr-0.85.tar.gz
/mtr-0.85.tar.xz /mtr-0.85.tar.xz
/mtr-gtk-pkexec-wrapper.sh
/org.fedoraproject.mtr.policy

51
mtr.spec
View File

@ -3,17 +3,17 @@
Summary: A network diagnostic tool Summary: A network diagnostic tool
Name: mtr Name: mtr
Version: 0.85 Version: 0.85
Release: 3%{?dist} Release: 4%{?dist}
Epoch: 2 Epoch: 2
Group: Applications/Internet Group: Applications/Internet
License: GPLv2+ License: GPLv2+
URL: http://www.BitWizard.nl/mtr URL: http://www.BitWizard.nl/mtr
Source: %{name}-%{version}.tar.xz Source: %{name}-%{version}.tar.xz
Source1: xmtr.consolehelper Source1: net-x%{name}.desktop
Source2: xmtr.pam
Source3: net-x%{name}.desktop
# script will remove all object files from upstream tarball # script will remove all object files from upstream tarball
Source4: generate-tarball.sh Source2: generate-tarball.sh
Source3: mtr-gtk-pkexec-wrapper.sh
Source4: org.fedoraproject.mtr.policy
Patch1: mtr-crash-in-xml-mode.patch Patch1: mtr-crash-in-xml-mode.patch
Patch2: mtr-xml-format-fixes.patch Patch2: mtr-xml-format-fixes.patch
@ -33,7 +33,6 @@ useful for using Mtr from a telnet session; and a GTK+ interface for X
Summary: The GTK+ interface for mtr Summary: The GTK+ interface for mtr
Group: Applications/Internet Group: Applications/Internet
Requires: mtr = %{epoch}:%{version}-%{release} Requires: mtr = %{epoch}:%{version}-%{release}
Requires: usermode >= 1.37
%description gtk %description gtk
The mtr-gtk package provides the GTK+ interface for the mtr network The mtr-gtk package provides the GTK+ interface for the mtr network
@ -52,56 +51,48 @@ export CFLAGS="%{optflags} -fPIE"
export LDFLAGS="-z now -pie" export LDFLAGS="-z now -pie"
%configure --enable-gtk2 %configure --enable-gtk2
make %{?_smp_mflags} && mv mtr xmtr && make distclean make %{?_smp_mflags} && mv mtr xmtr.bin && make distclean
%configure --without-gtk %configure --without-gtk
make %{?_smp_mflags} make %{?_smp_mflags}
%install %install
mkdir -p %{buildroot}/%{_bindir} install -D -p -m 0755 mtr %{buildroot}/%{_sbindir}/mtr
mkdir -p %{buildroot}/%{_sbindir} install -D -p -m 0755 xmtr.bin %{buildroot}/%{_bindir}/xmtr.bin
mkdir -p %{buildroot}/%{_datadir}/pixmaps install -D -p -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}/xmtr
mkdir -p %{buildroot}/%{_mandir}/man8 install -D -p -m 644 %{SOURCE4} %{buildroot}/%{_datadir}/polkit-1/actions/org.fedoraproject.mtr.policy
install -m 0755 mtr %{buildroot}/%{_sbindir}/mtr install -D -p -m 644 img/mtr_icon.xpm %{buildroot}/%{_datadir}/pixmaps/mtr_icon.xpm
make DESTDIR=%{buildroot} install make DESTDIR=%{buildroot} install
install -m 0755 xmtr %{buildroot}/%{_bindir}/xmtr.bin
install -m 644 img/mtr_icon.xpm %{buildroot}/usr/share/pixmaps
mkdir -p %{buildroot}/%{_sysconfdir}/security/console.apps
install -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/security/console.apps/xmtr
mkdir -p %{buildroot}/%{_sysconfdir}/pam.d
install -m 644 %{SOURCE2} %{buildroot}/etc/pam.d/xmtr
mkdir -p %{buildroot}/%{_bindir}
ln -fs consolehelper %{buildroot}/%{_bindir}/xmtr
mkdir -p %{buildroot}/%{_datadir}/applications
desktop-file-install \ desktop-file-install \
%if 0%{?fedora} && 0%{?fedora} < 19 %if 0%{?fedora} && 0%{?fedora} < 19
--vendor="fedora"\ --vendor="fedora"\
%endif %endif
--dir=%{buildroot}/%{_datadir}/applications\ --dir=%{buildroot}/%{_datadir}/applications\
%{SOURCE3} %{SOURCE1}
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc AUTHORS COPYING FORMATS NEWS README SECURITY %doc AUTHORS COPYING FORMATS NEWS README SECURITY
%attr(0755,root,root) %caps(cap_net_raw=pe) %{_sbindir}/mtr %caps(cap_net_raw=pe) %{_sbindir}/mtr
%{_mandir}/man8/* %{_mandir}/man8/*
%files gtk %files gtk
%defattr(-,root,root,-) %defattr(-,root,root,-)
%{_bindir}/xmtr
%{_bindir}/xmtr.bin
%{_datadir}/pixmaps/mtr_icon.xpm
%{_datadir}/polkit-1/actions/org.fedoraproject.mtr.policy
%if 0%{?fedora} && 0%{?fedora} < 19 %if 0%{?fedora} && 0%{?fedora} < 19
%{_datadir}/applications/fedora-net-x%{name}.desktop %{_datadir}/applications/fedora-net-x%{name}.desktop
%else %else
%{_datadir}/applications/net-x%{name}.desktop %{_datadir}/applications/net-x%{name}.desktop
%endif %endif
%attr(0755,root,root) %{_bindir}/xmtr.bin
%{_bindir}/xmtr
%config(noreplace) %{_sysconfdir}/pam.d/*
%config(noreplace) %{_sysconfdir}/security/console.apps/*
%{_datadir}/pixmaps/mtr_icon.xpm
%changelog %changelog
* Tue Oct 1 2013 Michal Sekletar <msekleta@redhat.com> - 2:0.85-4
- migrate from consolehelper to policykit (#502750)
- specfile cleanup
* Sat Sep 14 2013 Michal Sekletar <msekleta@redhat.com> - 2:0.85-3 * Sat Sep 14 2013 Michal Sekletar <msekleta@redhat.com> - 2:0.85-3
- enable hardened build - enable hardened build

3
sources
View File

@ -1 +1,2 @@
14fd16f69514c70ff646c529794f5d98 mtr-0.85.tar.xz 8a65f6aec5e2d5f1a665aa76ae649bc9 mtr-gtk-pkexec-wrapper.sh
c4fb53f4fdb3bbccdace06d34be87dd0 org.fedoraproject.mtr.policy