mtr-gtk: migrate from consolehelper to polkit
Previously we used consolehelper in order to authenticate user who wants to run mtr-gtk. In Fedora we have newer framework providing access control for privileged operations, policykit. This commit replaces consolehelper configuration and provides policy file for policykit and shell wrapper which runs mtr via pkexec. Note that this is not ideal and we haven't gained a lot by this. In the long run we should really decouple gtk frontend and mtr backend. Backend then would have CAP_NET_RAW capability encoded in filesystem and as soon as possible it would drop that capability and start providing data to be rendered by gtk frontend which would run completely unprivileged. http://fedoraproject.org/wiki/Features/UsermodeMigration Resolves: #502750
This commit is contained in:
Michal Sekletar
parent
be24752376
commit
7482711a66
2
.gitignore
vendored
2
.gitignore
vendored
@ -6,3 +6,5 @@ mtr-0.79.tar.gz
|
||||
/mtr-0.84.tar.gz
|
||||
/mtr-0.85.tar.gz
|
||||
/mtr-0.85.tar.xz
|
||||
/mtr-gtk-pkexec-wrapper.sh
|
||||
/org.fedoraproject.mtr.policy
|
||||
|
||||
51
mtr.spec
51
mtr.spec
@ -3,17 +3,17 @@
|
||||
Summary: A network diagnostic tool
|
||||
Name: mtr
|
||||
Version: 0.85
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Epoch: 2
|
||||
Group: Applications/Internet
|
||||
License: GPLv2+
|
||||
URL: http://www.BitWizard.nl/mtr
|
||||
Source: %{name}-%{version}.tar.xz
|
||||
Source1: xmtr.consolehelper
|
||||
Source2: xmtr.pam
|
||||
Source3: net-x%{name}.desktop
|
||||
Source1: net-x%{name}.desktop
|
||||
# script will remove all object files from upstream tarball
|
||||
Source4: generate-tarball.sh
|
||||
Source2: generate-tarball.sh
|
||||
Source3: mtr-gtk-pkexec-wrapper.sh
|
||||
Source4: org.fedoraproject.mtr.policy
|
||||
|
||||
Patch1: mtr-crash-in-xml-mode.patch
|
||||
Patch2: mtr-xml-format-fixes.patch
|
||||
@ -33,7 +33,6 @@ useful for using Mtr from a telnet session; and a GTK+ interface for X
|
||||
Summary: The GTK+ interface for mtr
|
||||
Group: Applications/Internet
|
||||
Requires: mtr = %{epoch}:%{version}-%{release}
|
||||
Requires: usermode >= 1.37
|
||||
|
||||
%description gtk
|
||||
The mtr-gtk package provides the GTK+ interface for the mtr network
|
||||
@ -52,56 +51,48 @@ export CFLAGS="%{optflags} -fPIE"
|
||||
export LDFLAGS="-z now -pie"
|
||||
|
||||
%configure --enable-gtk2
|
||||
make %{?_smp_mflags} && mv mtr xmtr && make distclean
|
||||
make %{?_smp_mflags} && mv mtr xmtr.bin && make distclean
|
||||
%configure --without-gtk
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}/%{_bindir}
|
||||
mkdir -p %{buildroot}/%{_sbindir}
|
||||
mkdir -p %{buildroot}/%{_datadir}/pixmaps
|
||||
mkdir -p %{buildroot}/%{_mandir}/man8
|
||||
install -m 0755 mtr %{buildroot}/%{_sbindir}/mtr
|
||||
install -D -p -m 0755 mtr %{buildroot}/%{_sbindir}/mtr
|
||||
install -D -p -m 0755 xmtr.bin %{buildroot}/%{_bindir}/xmtr.bin
|
||||
install -D -p -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}/xmtr
|
||||
install -D -p -m 644 %{SOURCE4} %{buildroot}/%{_datadir}/polkit-1/actions/org.fedoraproject.mtr.policy
|
||||
install -D -p -m 644 img/mtr_icon.xpm %{buildroot}/%{_datadir}/pixmaps/mtr_icon.xpm
|
||||
make DESTDIR=%{buildroot} install
|
||||
|
||||
install -m 0755 xmtr %{buildroot}/%{_bindir}/xmtr.bin
|
||||
install -m 644 img/mtr_icon.xpm %{buildroot}/usr/share/pixmaps
|
||||
mkdir -p %{buildroot}/%{_sysconfdir}/security/console.apps
|
||||
install -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/security/console.apps/xmtr
|
||||
mkdir -p %{buildroot}/%{_sysconfdir}/pam.d
|
||||
install -m 644 %{SOURCE2} %{buildroot}/etc/pam.d/xmtr
|
||||
mkdir -p %{buildroot}/%{_bindir}
|
||||
ln -fs consolehelper %{buildroot}/%{_bindir}/xmtr
|
||||
|
||||
mkdir -p %{buildroot}/%{_datadir}/applications
|
||||
|
||||
desktop-file-install \
|
||||
%if 0%{?fedora} && 0%{?fedora} < 19
|
||||
--vendor="fedora"\
|
||||
%endif
|
||||
--dir=%{buildroot}/%{_datadir}/applications\
|
||||
%{SOURCE3}
|
||||
%{SOURCE1}
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%doc AUTHORS COPYING FORMATS NEWS README SECURITY
|
||||
%attr(0755,root,root) %caps(cap_net_raw=pe) %{_sbindir}/mtr
|
||||
%caps(cap_net_raw=pe) %{_sbindir}/mtr
|
||||
%{_mandir}/man8/*
|
||||
|
||||
%files gtk
|
||||
%defattr(-,root,root,-)
|
||||
%{_bindir}/xmtr
|
||||
%{_bindir}/xmtr.bin
|
||||
%{_datadir}/pixmaps/mtr_icon.xpm
|
||||
%{_datadir}/polkit-1/actions/org.fedoraproject.mtr.policy
|
||||
%if 0%{?fedora} && 0%{?fedora} < 19
|
||||
%{_datadir}/applications/fedora-net-x%{name}.desktop
|
||||
%else
|
||||
%{_datadir}/applications/net-x%{name}.desktop
|
||||
%endif
|
||||
%attr(0755,root,root) %{_bindir}/xmtr.bin
|
||||
%{_bindir}/xmtr
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/*
|
||||
%config(noreplace) %{_sysconfdir}/security/console.apps/*
|
||||
%{_datadir}/pixmaps/mtr_icon.xpm
|
||||
|
||||
%changelog
|
||||
* Tue Oct 1 2013 Michal Sekletar <msekleta@redhat.com> - 2:0.85-4
|
||||
- migrate from consolehelper to policykit (#502750)
|
||||
- specfile cleanup
|
||||
|
||||
* Sat Sep 14 2013 Michal Sekletar <msekleta@redhat.com> - 2:0.85-3
|
||||
- enable hardened build
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user