[mtr/f19] mtr-gtk: migrate from consolehelper to polkit

Michal Sekletar msekleta at fedoraproject.org
Tue Oct 8 13:14:15 UTC 2013 

commit 785e43f7a4dea616a07b9e9847f1608855df5238
Author: Michal Sekletar <msekleta at redhat.com>
Date:   Tue Oct 8 13:40:59 2013 +0200

    mtr-gtk: migrate from consolehelper to polkit
    
    Previously we used consolehelper in order to authenticate user who wants to run
    mtr-gtk. In Fedora we have newer framework providing access control for
    privileged operations, policykit.
    
    This commit replaces consolehelper configuration and provides policy file for
    policykit and shell wrapper which runs mtr via pkexec. Note that this is not ideal and
    we haven't gained a lot by this.
    
    In the long run we should really decouple gtk frontend and mtr backend. Backend
    then would have CAP_NET_RAW capability encoded in filesystem and as soon as
    possible it would drop that capability and start providing data to be rendered
    by gtk frontend which would run completely unprivileged.
    
    http://fedoraproject.org/wiki/Features/UsermodeMigration
    
    Resolves: #502750
    
    Conflicts:
    	.gitignore
    	mtr.spec
    	sources

 .gitignore |    2 ++
 mtr.spec   |   45 +++++++++++++++++----------------------------
 sources    |    2 ++
 3 files changed, 21 insertions(+), 28 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index cacfb4d..abc15cb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,5 @@ mtr-0.79.tar.gz
 /mtr-0.82.tar.gz
 /mtr-0.83.tar.gz
 /mtr-0.84.tar.gz
+/mtr-gtk-pkexec-wrapper.sh
+/org.fedoraproject.mtr.policy
diff --git a/mtr.spec b/mtr.spec
index 534760c..e483f52 100644
--- a/mtr.spec
+++ b/mtr.spec
@@ -9,9 +9,9 @@ Group: Applications/Internet
 License: GPLv2+
 URL: http://www.BitWizard.nl/mtr
 Source: ftp://ftp.bitwizard.nl/mtr/%{name}-%{version}.tar.gz
-Source1: xmtr.consolehelper
-Source2: xmtr.pam
-Source3: net-x%{name}.desktop
+Source1: net-x%{name}.desktop
+Source2: mtr-gtk-pkexec-wrapper.sh
+Source3: org.fedoraproject.mtr.policy
 
 Patch1: mtr-crash-in-xml-mode.patch
 Patch2: mtr-xml-format-fixes.patch
@@ -30,7 +30,6 @@ useful for using Mtr from a telnet session; and a GTK+ interface for X
 Summary: The GTK+ interface for mtr
 Group: Applications/Internet
 Requires: mtr = %{epoch}:%{version}-%{release}
-Requires: usermode >= 1.37
 
 %description gtk
 The mtr-gtk package provides the GTK+ interface for the mtr network
@@ -48,58 +47,48 @@ export CFLAGS="%{optflags} -fPIE"
 export LDFLAGS="-z now -pie"
 
 %configure --enable-gtk2
-make %{?_smp_mflags} && mv mtr xmtr && make distclean
+make %{?_smp_mflags} && mv mtr xmtr.bin && make distclean
 %configure --without-gtk
 make %{?_smp_mflags}
 
 %install
-mkdir -p %{buildroot}/%{_bindir}
-mkdir -p %{buildroot}/%{_sbindir}
-mkdir -p %{buildroot}/%{_datadir}/pixmaps
-mkdir -p %{buildroot}/%{_mandir}/man8
-install -m 0755 mtr %{buildroot}/%{_sbindir}/mtr
+install -D -p -m 0755 mtr %{buildroot}/%{_sbindir}/mtr
+install -D -p -m 0755 xmtr.bin %{buildroot}/%{_bindir}/xmtr.bin
+install -D -p -m 0755 %{SOURCE2} %{buildroot}/%{_bindir}/xmtr
+install -D -p -m 644 %{SOURCE3} %{buildroot}/%{_datadir}/polkit-1/actions/org.fedoraproject.mtr.policy
+install -D -p -m 644 img/mtr_icon.xpm %{buildroot}/%{_datadir}/pixmaps/mtr_icon.xpm
 make DESTDIR=%{buildroot} install
 
-install -m 0755 xmtr %{buildroot}/%{_bindir}/xmtr.bin
-install -m 644 img/mtr_icon.xpm %{buildroot}/usr/share/pixmaps
-mkdir -p %{buildroot}/%{_sysconfdir}/security/console.apps
-install -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/security/console.apps/xmtr
-mkdir -p %{buildroot}/%{_sysconfdir}/pam.d
-install -m 644 %{SOURCE2} %{buildroot}/etc/pam.d/xmtr
-mkdir -p  %{buildroot}/%{_bindir}
-ln -fs consolehelper %{buildroot}/%{_bindir}/xmtr
-
-mkdir -p %{buildroot}/%{_datadir}/applications
-
 desktop-file-install \
 %if 0%{?fedora} && 0%{?fedora} < 19
     --vendor="fedora"\
 %endif
     --dir=%{buildroot}/%{_datadir}/applications\
-    %{SOURCE3}
+    %{SOURCE1}
 
 %files
 %defattr(-,root,root,-)
 %doc AUTHORS COPYING FORMATS NEWS README SECURITY
-%attr(0755,root,root) %caps(cap_net_raw=pe) %{_sbindir}/mtr
+%caps(cap_net_raw=pe) %{_sbindir}/mtr
 %{_mandir}/man8/*
 
 %files gtk
 %defattr(-,root,root,-)
+%{_bindir}/xmtr
+%{_bindir}/xmtr.bin
+%{_datadir}/pixmaps/mtr_icon.xpm
+%{_datadir}/polkit-1/actions/org.fedoraproject.mtr.policy
 %if 0%{?fedora} && 0%{?fedora} < 19
 %{_datadir}/applications/fedora-net-x%{name}.desktop
 %else
 %{_datadir}/applications/net-x%{name}.desktop
 %endif
-%attr(0755,root,root) %{_bindir}/xmtr.bin
-%{_bindir}/xmtr
-%config(noreplace) %{_sysconfdir}/pam.d/*
-%config(noreplace) %{_sysconfdir}/security/console.apps/*
-%{_datadir}/pixmaps/mtr_icon.xpm
 
 %changelog
 * Tue Oct 08 2013  Michal Sekletar <msekleta at redhat.com> - 2:0.84-3
 - enable hardened build
+- migrate from consolehelper to policykit (#502750)
+- specfile cleanup
 
 * Thu Jun 06 2013 Michal Sekletar <msekleta at redhat.com> - 2:0.84-2
 - fix crash when dns resolver is configured with both IPv4 and IPv6 nameservers
diff --git a/sources b/sources
index 502c490..1af87d6 100644
--- a/sources
+++ b/sources
@@ -1 +1,3 @@
 df61096ae1b18b27f915feeb907ae48c  mtr-0.84.tar.gz
+8a65f6aec5e2d5f1a665aa76ae649bc9  mtr-gtk-pkexec-wrapper.sh
+c4fb53f4fdb3bbccdace06d34be87dd0  org.fedoraproject.mtr.policy

More information about the scm-commits mailing list