[ejabberd] Fix polkit
Peter Lemenkov
peter at fedoraproject.org
Sat Oct 26 11:51:31 UTC 2013
commit 5357d2dc969f94200e776cc864f0fc1b6e6b311a
Author: Peter Lemenkov <lemenkov at gmail.com>
Date: Sat Oct 26 15:51:33 2013 +0400
Fix polkit
Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
.gitignore | 1 +
...-service-example-name-to-match-actual-one.patch | 2 +-
...berd-0002-Fixed-delays-in-s2s-connections.patch | 2 +-
ejabberd-0003-Introducing-mod_admin_extra.patch | 2 +-
...04-Fedora-specific-changes-to-ejabberdctl.patch | 2 +-
...Install-.so-objects-with-0755-permissions.patch | 2 +-
...L-GSSAPI-authentication-thanks-to-Mikael-.patch | 2 +-
...07-Disable-INET_DIST_INTERFACE-by-default.patch | 2 +-
...berd-0008-Clean-up-false-security-measure.patch | 2 +-
ejabberd-0009-Enable-polkit-support.patch | 23 +++++++
...10-Install-into-BINDIR-instead-of-SBINDIR.patch | 50 +++++++++++++++
ejabberd.spec | 64 +++++++++++++-------
ejabberdctl.polkit.actions | 17 +++++
ejabberdctl.polkit.rules | 9 +--
ejabberdctl.sh | 2 -
sources | 2 +-
16 files changed, 144 insertions(+), 40 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 107c82d..b2b84eb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ ejabberd-2.1.5.tar.gz
/ejabberd-2.1.11.tgz
/processone-ejabberd-v2.1.12-0-gc058687.tar.gz
/processone-ejabberd-v2.1.13-0-g5feeacf.tar.gz
+/ejabberd-v2.1.13.tar.gz
diff --git a/ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch b/ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch
index b3f929f..8883f15 100644
--- a/ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch
+++ b/ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch
@@ -1,7 +1,7 @@
From b3a61330f7328507e1608e437a152e806ef520d1 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov at gmail.com>
Date: Tue, 16 Feb 2010 16:03:38 +0300
-Subject: [PATCH 1/8] Fix PAM service example name to match actual one
+Subject: [PATCH 01/10] Fix PAM service example name to match actual one
Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
---
diff --git a/ejabberd-0002-Fixed-delays-in-s2s-connections.patch b/ejabberd-0002-Fixed-delays-in-s2s-connections.patch
index 4533041..8572111 100644
--- a/ejabberd-0002-Fixed-delays-in-s2s-connections.patch
+++ b/ejabberd-0002-Fixed-delays-in-s2s-connections.patch
@@ -1,7 +1,7 @@
From ec26218c6f2374f4e39e50c194150065cc5da275 Mon Sep 17 00:00:00 2001
From: Sergei Golovan <sgolovan at nes.ru>
Date: Tue, 16 Feb 2010 16:07:37 +0300
-Subject: [PATCH 2/8] Fixed delays in s2s connections.
+Subject: [PATCH 02/10] Fixed delays in s2s connections.
Patch by Sergei Golovan increases timeouts in S2S and removes horrible 5-minute
delay between remote server connection attempts after a falure (in case of
diff --git a/ejabberd-0003-Introducing-mod_admin_extra.patch b/ejabberd-0003-Introducing-mod_admin_extra.patch
index cac9b0a..3f9d8a7 100644
--- a/ejabberd-0003-Introducing-mod_admin_extra.patch
+++ b/ejabberd-0003-Introducing-mod_admin_extra.patch
@@ -1,7 +1,7 @@
From 363bfab713d9267e3186126d2df4162f24969d8c Mon Sep 17 00:00:00 2001
From: Badlop <badlop at process-one.net>
Date: Tue, 16 Feb 2010 16:12:17 +0300
-Subject: [PATCH 3/8] Introducing mod_admin_extra
+Subject: [PATCH 03/10] Introducing mod_admin_extra
Adds the mod_admin_extra module to ejabberd.
This module extends the functionality provided by ejabberdctl
diff --git a/ejabberd-0004-Fedora-specific-changes-to-ejabberdctl.patch b/ejabberd-0004-Fedora-specific-changes-to-ejabberdctl.patch
index 6a3e5d2..20cf399 100644
--- a/ejabberd-0004-Fedora-specific-changes-to-ejabberdctl.patch
+++ b/ejabberd-0004-Fedora-specific-changes-to-ejabberdctl.patch
@@ -1,7 +1,7 @@
From 2e72b2ac86fcbc5902555621422db36684d42385 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov at gmail.com>
Date: Tue, 16 Feb 2010 16:30:05 +0300
-Subject: [PATCH 4/8] Fedora-specific changes to ejabberdctl
+Subject: [PATCH 04/10] Fedora-specific changes to ejabberdctl
Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
---
diff --git a/ejabberd-0005-Install-.so-objects-with-0755-permissions.patch b/ejabberd-0005-Install-.so-objects-with-0755-permissions.patch
index 354b1d3..af85b3c 100644
--- a/ejabberd-0005-Install-.so-objects-with-0755-permissions.patch
+++ b/ejabberd-0005-Install-.so-objects-with-0755-permissions.patch
@@ -1,7 +1,7 @@
From 75f9fdbe72c77c1521edc7402c0d27883dadf46c Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov at gmail.com>
Date: Sat, 12 Jun 2010 14:14:52 +0400
-Subject: [PATCH 5/8] Install *.so objects with 0755 permissions
+Subject: [PATCH 05/10] Install *.so objects with 0755 permissions
Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
---
diff --git a/ejabberd-0006-Support-SASL-GSSAPI-authentication-thanks-to-Mikael-.patch b/ejabberd-0006-Support-SASL-GSSAPI-authentication-thanks-to-Mikael-.patch
index 30c5df1..a9b4dda 100644
--- a/ejabberd-0006-Support-SASL-GSSAPI-authentication-thanks-to-Mikael-.patch
+++ b/ejabberd-0006-Support-SASL-GSSAPI-authentication-thanks-to-Mikael-.patch
@@ -1,7 +1,7 @@
From e49dbaca001a3d311a2f8a8e878c5b8b6fc385c0 Mon Sep 17 00:00:00 2001
From: Badlop <badlop at process-one.net>
Date: Thu, 15 Apr 2010 17:20:16 +0200
-Subject: [PATCH 6/8] Support SASL GSSAPI authentication (thanks to Mikael
+Subject: [PATCH 06/10] Support SASL GSSAPI authentication (thanks to Mikael
Magnusson)(EJAB-831)
---
diff --git a/ejabberd-0007-Disable-INET_DIST_INTERFACE-by-default.patch b/ejabberd-0007-Disable-INET_DIST_INTERFACE-by-default.patch
index 09f67fb..d0d1d40 100644
--- a/ejabberd-0007-Disable-INET_DIST_INTERFACE-by-default.patch
+++ b/ejabberd-0007-Disable-INET_DIST_INTERFACE-by-default.patch
@@ -1,7 +1,7 @@
From a8910615b82e7af8cb32916792970de0b53e5872 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov at gmail.com>
Date: Sat, 18 Jun 2011 23:24:28 +0400
-Subject: [PATCH 7/8] Disable INET_DIST_INTERFACE by default
+Subject: [PATCH 07/10] Disable INET_DIST_INTERFACE by default
Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
---
diff --git a/ejabberd-0008-Clean-up-false-security-measure.patch b/ejabberd-0008-Clean-up-false-security-measure.patch
index 83fa98c..a44f130 100644
--- a/ejabberd-0008-Clean-up-false-security-measure.patch
+++ b/ejabberd-0008-Clean-up-false-security-measure.patch
@@ -1,7 +1,7 @@
From c827055ee650243c2af546753743f692ae0fe758 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov at gmail.com>
Date: Wed, 17 Jul 2013 14:56:09 +0400
-Subject: [PATCH 8/8] Clean up false security measure
+Subject: [PATCH 08/10] Clean up false security measure
Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
---
diff --git a/ejabberd-0009-Enable-polkit-support.patch b/ejabberd-0009-Enable-polkit-support.patch
new file mode 100644
index 0000000..fd31fd1
--- /dev/null
+++ b/ejabberd-0009-Enable-polkit-support.patch
@@ -0,0 +1,23 @@
+From f2420ac96bb52eeb5a01111cabb4f5580db42142 Mon Sep 17 00:00:00 2001
+From: Peter Lemenkov <lemenkov at gmail.com>
+Date: Wed, 17 Jul 2013 14:51:04 +0400
+Subject: [PATCH 09/10] Enable polkit support
+
+Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
+---
+ src/ejabberdctl.template | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ejabberdctl.template b/src/ejabberdctl.template
+index b298e01..fa6c5c2 100644
+--- a/src/ejabberdctl.template
++++ b/src/ejabberdctl.template
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/usr/bin/pkexec /bin/sh
+
+ # define default configuration
+ POLL=true
+--
+1.8.3.1
+
diff --git a/ejabberd-0010-Install-into-BINDIR-instead-of-SBINDIR.patch b/ejabberd-0010-Install-into-BINDIR-instead-of-SBINDIR.patch
new file mode 100644
index 0000000..3868b01
--- /dev/null
+++ b/ejabberd-0010-Install-into-BINDIR-instead-of-SBINDIR.patch
@@ -0,0 +1,50 @@
+From 729db839b762a472444bacff22a1cb8870635272 Mon Sep 17 00:00:00 2001
+From: Peter Lemenkov <lemenkov at gmail.com>
+Date: Wed, 17 Jul 2013 14:53:49 +0400
+Subject: [PATCH 10/10] Install into BINDIR instead of SBINDIR
+
+Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
+---
+ src/Makefile.in | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/Makefile.in b/src/Makefile.in
+index 1a1fa41..1578183 100644
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -92,7 +92,7 @@ DESTDIR =
+ ETCDIR = $(DESTDIR)@sysconfdir@/ejabberd
+
+ # /sbin/
+-SBINDIR = $(DESTDIR)@sbindir@
++BINDIR = $(DESTDIR)@bindir@
+
+ # /lib/ejabberd/
+ EJABBERDDIR = $(DESTDIR)@libdir@/ejabberd
+@@ -201,11 +201,11 @@ install: all
+ install -b -m 644 $(G_USER) inetrc $(ETCDIR)/inetrc
+ #
+ # Administration script
+- [ -d $(SBINDIR) ] || install -d -m 755 $(SBINDIR)
+- install -m 755 $(G_USER) ejabberdctl.example $(SBINDIR)/ejabberdctl
++ [ -d $(BINDIR) ] || install -d -m 755 $(BINDIR)
++ install -m 755 $(G_USER) ejabberdctl.example $(BINDIR)/ejabberdctl
+ #
+ # Init script
+- sed -e "s*@ctlscriptpath@*$(SBINDIR)*" \
++ sed -e "s*@ctlscriptpath@*$(BINDIR)*" \
+ -e "s*@installuser@*$(INIT_USER)*" ejabberd.init.template \
+ > ejabberd.init
+ chmod 755 ejabberd.init
+@@ -273,7 +273,7 @@ install: all
+ uninstall: uninstall-binary
+
+ uninstall-binary:
+- rm -f $(SBINDIR)/ejabberdctl
++ rm -f $(BINDIR)/ejabberdctl
+ rm -fr $(DOCDIR)
+ rm -f $(BEAMDIR)/*.beam
+ rm -f $(BEAMDIR)/*.app
+--
+1.8.3.1
+
diff --git a/ejabberd.spec b/ejabberd.spec
index 2994ccb..0da7471 100644
--- a/ejabberd.spec
+++ b/ejabberd.spec
@@ -1,10 +1,11 @@
-%global realname ejabberd
-%global upstream processone
-%global git_tag 5feeacf
-%global patchnumber 0
-
-
%global _hardened_build 1
+# FIXME non-standard directory for storing *.so objects
+%{?filter_setup:
+%filter_provides_in %{_libdir}/ejabberd/priv/lib/.*\.so$
+%filter_setup
+}
+%{expand: %(NIF_VER=`rpm -q erlang-erts --provides | grep --color=no erl_nif_version` ; if [ "$NIF_VER" != "" ]; then echo %%global __erlang_nif_version $NIF_VER ; fi)}
+%{expand: %(DRV_VER=`rpm -q erlang-erts --provides | grep --color=no erl_drv_version` ; if [ "$DRV_VER" != "" ]; then echo %%global __erlang_drv_version $DRV_VER ; fi)}
# Currently, hevea available only in Fedora
@@ -12,24 +13,26 @@
%ifarch %{power64} s390 s390x sparc64
# No hevea for these architectures
# see https://bugzilla.redhat.com/bugzilla/250253
-%global with_hevea 0
+%global _with_hevea 0
%else
-# Hevea is deadly broken currently
-%global with_hevea 0
+# FIXME Hevea is deadly broken currently
+%global _with_hevea 0
%endif
%endif
Name: ejabberd
Version: 2.1.13
-Release: 4%{?dist}
+Release: 6%{?dist}
Summary: A distributed, fault-tolerant Jabber/XMPP server
Group: Applications/Internet
License: GPLv2+
URL: http://www.ejabberd.im/
-# wget --content-disposition https://github.com/processone/ejabberd/tarball/v2.1.13
-Source0: %{upstream}-%{realname}-v%{version}-%{patchnumber}-g%{git_tag}.tar.gz
+%if 0%{?el7}%{?fedora}
+VCS: scm:git:https://github.com/processone/ejabberd.git
+%endif
+Source0: https://github.com/processone/%{name}/archive/v%{version}/%{name}-v%{version}.tar.gz
Source1: ejabberd.init
Source2: ejabberd.logrotate
Source3: ejabberd.sysconfig
@@ -45,8 +48,8 @@ Source11: ejabberd.pam
# usermode support for old systems
Source10: ejabberdctl.apps
# polkit support
-Source12: ejabberdctl.polkit.rules
-Source13: ejabberdctl.sh
+Source12: ejabberdctl.polkit.actions
+Source13: ejabberdctl.polkit.rules
# Use ejabberd as an example for PAM service name (fedora/epel-specific)
Patch1: ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch
@@ -64,6 +67,10 @@ Patch6: ejabberd-0006-Support-SASL-GSSAPI-authentication-thanks-to-Mikael-.patch
Patch7: ejabberd-0007-Disable-INET_DIST_INTERFACE-by-default.patch
# Don't try to make system-wide scripts unreadable for users (fedora/epel-specific)
Patch8: ejabberd-0008-Clean-up-false-security-measure.patch
+# polkit support
+Patch9: ejabberd-0009-Enable-polkit-support.patch
+# polkit support
+Patch10:ejabberd-0010-Install-into-BINDIR-instead-of-SBINDIR.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -71,7 +78,7 @@ BuildRequires: expat-devel
BuildRequires: openssl-devel >= 0.9.8
BuildRequires: pam-devel
BuildRequires: erlang
-%if 0%{?with_hevea}
+%if 0%{?_with_hevea}
BuildRequires: hevea
BuildRequires: texlive
BuildRequires: texlive-comment
@@ -137,6 +144,7 @@ Requires: polkit
%endif
# for flock in ejabberdctl
Requires: util-linux
+%{?__erlang_drv_version:Requires: %{__erlang_drv_version}}
%description
@@ -159,7 +167,7 @@ Group: Documentation
Documentation for ejabberd.
%prep
-%setup -q -n %{upstream}-%{realname}-2ed62dc
+%setup -q
%patch1 -p1 -b .pam_name
%patch2 -p1 -b .s2s_delays
@@ -169,6 +177,10 @@ Documentation for ejabberd.
%patch6 -p1 -b .gssapi
%patch7 -p1 -b .disable_ip_restriction_for_ejabberdctl
%patch8 -p1 -b .dont_hide
+%if 0%{?el7}%{?fedora}
+%patch9 -p1 -b .use_polkit
+%patch10 -p1 -b .usr_bin
+%endif
%build
@@ -178,7 +190,7 @@ autoreconf -ivf
# doesn't build on SMP currently
make
popd
-%if 0%{?with_hevea}
+%if 0%{?_with_hevea}
pushd doc
# remove pre-built docs
rm -f dev.html features.html features.pdf guide.html guide.pdf
@@ -245,9 +257,9 @@ mkdir -p %{buildroot}%{_bindir}
ln -s consolehelper %{buildroot}%{_bindir}/ejabberdctl
install -D -p -m 0644 %{S:10} %{buildroot}%{_sysconfdir}/security/console.apps/ejabberdctl
%else
-# Install polkit file
-install -D -p -m 0644 %{S:12} %{buildroot}%{_datadir}/polkit-1/rules.d/51-ejabberdctl.rules
-install -D -p -m 0755 %{S:13} %{buildroot}%{_bindir}/ejabberdctl
+# Use polkit
+install -D -p -m 0644 %{S:12} %{buildroot}%{_datadir}/polkit-1/actions/ejabberdctl.policy
+install -D -p -m 0644 %{S:13} %{buildroot}%{_datadir}/polkit-1/rules.d/51-ejabberdctl.rules
%endif
# Remove installed doc-files
@@ -370,12 +382,13 @@ rm -rf %{buildroot}
%config(noreplace) %{_sysconfdir}/pam.d/%{name}
%config(noreplace) %{_sysconfdir}/pam.d/ejabberdctl
%if 0%{?el5}%{?el6}
+%{_sbindir}/ejabberdctl
%config(noreplace) %{_sysconfdir}/security/console.apps/ejabberdctl
%else
+%{_datadir}/polkit-1/actions/ejabberdctl.policy
%{_datadir}/polkit-1/rules.d/51-ejabberdctl.rules
%endif
%{_bindir}/ejabberdctl
-%{_sbindir}/ejabberdctl
%dir %{_libdir}/%{name}
%dir %{_libdir}/%{name}/ebin
@@ -434,13 +447,20 @@ rm -rf %{buildroot}
%files doc
%doc doc/*.html
%doc doc/*.png
-%if 0%{?with_hevea}
+%if 0%{?_with_hevea}
%doc doc/*.pdf
%endif
%doc doc/*.txt
%changelog
+* Sat Oct 26 2013 Peter Lemenkov <lemenkov at gmail.com> - 2.1.13-6
+- Fix polkit again
+- Add dependency on Erlang's driver version
+
+* Fri Sep 27 2013 Peter Lemenkov <lemenkov at gmail.com> - 2.1.13-5
+- Fix wrong polkit policy (rhbz #1009408)
+
* Sun Sep 15 2013 Peter Lemenkov <lemenkov at gmail.com> - 2.1.13-4
- Use polkit instead of usermode on modern systems
- Restore user/group provides
diff --git a/ejabberdctl.polkit.actions b/ejabberdctl.polkit.actions
new file mode 100644
index 0000000..f3ef4f4
--- /dev/null
+++ b/ejabberdctl.polkit.actions
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+ <action id="ejabberd.ejabberdctl.run">
+ <_description>Run ejabberd control script</_description>
+ <_message>Authentication is required for running ejabberdctl</_message>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>auth_self</allow_inactive>
+ <allow_active>auth_self</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">/bin/sh</annotate>
+ <annotate key="org.freedesktop.policykit.exec.argv1">/usr/bin/ejabberdctl</annotate>
+ </action>
+</policyconfig>
diff --git a/ejabberdctl.polkit.rules b/ejabberdctl.polkit.rules
index 1037d3a..cf899b5 100644
--- a/ejabberdctl.polkit.rules
+++ b/ejabberdctl.polkit.rules
@@ -1,9 +1,4 @@
polkit.addRule(function(action, subject) {
- var CommandLine = action.lookup("command_line").split(" ");
- if (action.id == "org.freedesktop.policykit.exec" && (CommandLine[0] == "/sbin/ejabberdctl" || CommandLine[0] == "/usr/sbin/ejabberdctl")){
- if(subject.isInGroup("ejabberd"))
- return polkit.Result.YES;
- else
- return polkit.Result.NO;
- }
+ if ((action.id == "ejabberd.ejabberdctl.run") && (subject.isInGroup("ejabberd")))
+ return polkit.Result.YES;
});
diff --git a/sources b/sources
index 763209d..4c10b8d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-ed78ba6f50d3e2695234ace534e4a932 processone-ejabberd-v2.1.13-0-g5feeacf.tar.gz
+2a7c3b711b4f7091f811c51b52beb735 ejabberd-v2.1.13.tar.gz
More information about the scm-commits
mailing list