diff --git a/pegasus-2.11.1-disable-privilege-separation.patch b/pegasus-2.11.1-disable-privilege-separation.patch new file mode 100644 index 0000000..6119eee --- /dev/null +++ b/pegasus-2.11.1-disable-privilege-separation.patch @@ -0,0 +1,12 @@ +diff -up pegasus/env_var_Linux.status.orig pegasus/env_var_Linux.status +--- pegasus/env_var_Linux.status.orig 2011-09-27 11:49:11.000000000 +0200 ++++ pegasus/env_var_Linux.status 2011-09-27 11:49:41.713613634 +0200 +@@ -31,7 +31,7 @@ PEGASUS_USE_RELEASE_DIRS=true + PEGASUS_USE_SYSLOGS=true + PEGASUS_CIM_SCHEMA=CIM228 + PEGASUS_USE_NET_SNMP=true +-PEGASUS_ENABLE_PRIVILEGE_SEPARATION=true ++PEGASUS_ENABLE_PRIVILEGE_SEPARATION=false + + PEGASUS_ENABLE_INTEROP_PROVIDER=false + PEGASUS_ENABLE_PROTOCOL_WSMAN=false diff --git a/tog-pegasus.spec b/tog-pegasus.spec index 14b061e..610a8ce 100644 --- a/tog-pegasus.spec +++ b/tog-pegasus.spec @@ -62,6 +62,9 @@ Patch18: pegasus-2.9.1-makefile-initscript.patch Patch19: pegasus-2.10.0-dont-strip.patch # 20: use posix locks on sparc arches Patch20: pegasus-2.10.0-sparc-posix-lock.patch +# 21: temporarily disable privilege separation, the package doesn't work with it, it's +# necessary to prepare it first +Patch21: pegasus-2.11.1-disable-privilege-separation.patch BuildRequires: bash, sed, grep, coreutils, procps, gcc, gcc-c++ BuildRequires: libstdc++, make, pam-devel @@ -187,6 +190,7 @@ The OpenPegasus WBEM tests for the OpenPegasus %{version} Linux rpm. %patch18 -p1 -b .makefile-initscript %patch19 -p1 -b .dont-strip %patch20 -p1 -b .sparc-locks +%patch21 -p1 -b .disable-privilege-separation %build @@ -280,12 +284,12 @@ rm -rf $RPM_BUILD_ROOT %config(noreplace) %{_sysconfdir}/tmpfiles.d/tog-pegasus.conf %endif %ghost /var/run/tog-pegasus -%ghost /var/run/tog-pegasus/cimserver.pid -%ghost /var/run/tog-pegasus/cimserver_start.lock +%ghost %attr(0640, root, pegasus) /var/run/tog-pegasus/cimserver.pid +%ghost %attr(0640, root, pegasus) /var/run/tog-pegasus/cimserver_start.lock %ghost %attr(1640,root,pegasus) /var/run/tog-pegasus/cimxml.socket %attr(0755, root, pegasus) %config(noreplace) /etc/rc.d/init.d/tog-pegasus %defattr(0640, root, pegasus, 0750) -%ghost %config(noreplace) /etc/Pegasus/cimserver_current.conf +%ghost %attr(0640, root, pegasus) %config(noreplace) /etc/Pegasus/cimserver_current.conf %ghost %config(noreplace) /etc/Pegasus/cimserver_planned.conf %config(noreplace) /etc/Pegasus/access.conf %config(noreplace) /etc/pam.d/wbem @@ -293,11 +297,11 @@ rm -rf $RPM_BUILD_ROOT %ghost /etc/Pegasus/client.pem %ghost /etc/Pegasus/server.pem %ghost /etc/Pegasus/file.pem -%ghost /etc/Pegasus/cimserver_trust -%ghost /etc/Pegasus/indication_trust -%ghost /etc/Pegasus/crl +%ghost %attr(0640, root, pegasus) /etc/Pegasus/cimserver_trust +%ghost %attr(0640, root, pegasus) /etc/Pegasus/indication_trust +%ghost %attr(0640, root, pegasus) /etc/Pegasus/crl %ghost %verify(not md5 size mtime) /var/lib/Pegasus/log/install.log -%ghost %verify(not md5 size mtime) /var/lib/Pegasus/cache/trace/cimserver.trc +%ghost %attr(0640, root, pegasus) %verify(not md5 size mtime) /var/lib/Pegasus/cache/trace/cimserver.trc %defattr(0750, root, pegasus, 0750) /usr/sbin/* /usr/bin/* @@ -416,6 +420,8 @@ fi %changelog * Tue Sep 27 2011 Vitezslav Crhonek - 2:2.11.1-1 - Update to upstream version 2.11.1 +- Add explicit file attributes where RPM requires it +- Disable privilege separation feature * Mon Jul 18 2011 Vitezslav Crhonek - 2:2.11.0-2 - Rebuild