plautrba pushed to setroubleshoot (f22). "* Thu Apr 09 2015 Petr Lautrbach <plautrba at redhat.com> 3.2.23-1 (..more)"

notifications at fedoraproject.org notifications at fedoraproject.org
Thu Apr 9 13:44:32 UTC 2015 

>From 0d5986d28bf8a5b854484154a2afc4bb2a1db3f0 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba at redhat.com>
Date: Thu, 9 Apr 2015 15:42:50 +0200
Subject: * Thu Apr 09 2015 Petr Lautrbach <plautrba at redhat.com> 3.2.23-1 -
 setroubleshootd is set to be run as setroubleshoot user instead of root user
 - several bugfixes


diff --git a/.gitignore b/.gitignore
index cd12c21..3aeebee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -183,3 +183,4 @@ setroubleshoot-2.2.93.tar.gz
 /setroubleshoot-3.2.20.tar.gz
 /setroubleshoot-3.2.21.tar.gz
 /setroubleshoot-3.2.22.tar.gz
+/setroubleshoot-3.2.23.tar.gz
diff --git a/setroubleshoot.spec b/setroubleshoot.spec
index bf2b46d..684fffb 100644
--- a/setroubleshoot.spec
+++ b/setroubleshoot.spec
@@ -1,7 +1,7 @@
 Summary: Helps troubleshoot SELinux problems
 Name: setroubleshoot
-Version: 3.2.22
-Release: 2%{?dist}
+Version: 3.2.23
+Release: 1%{?dist}
 License: GPLv2+
 Group: Applications/System
 URL: https://fedorahosted.org/setroubleshoot
@@ -11,6 +11,7 @@ URL: https://fedorahosted.org/setroubleshoot
 # ./autogen.sh
 # make dist
 Source0: %{name}-%{version}.tar.gz
+Source1: %{name}.tmpfiles
 BuildRequires: perl-XML-Parser
 BuildRequires: libcap-ng-devel
 BuildRequires: intltool gettext python
@@ -34,6 +35,7 @@ Requires: xdg-utils
 %define pkgvardatadir %{_localstatedir}/lib/%{name}
 %define pkgconfigdir  %{_sysconfdir}/%{name}
 %global pkgdatabase   %{pkgvardatadir}/setroubleshoot_database.xml
+%define username      setroubleshoot
 
 %description
 setroubleshoot GUI. Application that allows you to view setroubleshoot-server 
@@ -54,7 +56,8 @@ to user preference. The same tools can be run on existing log files.
 %{pkgpythondir}/browser.py*
 %{pkgpythondir}/gui_utils.py*
 %{_bindir}/seapplet
-%ghost /var/run/setroubleshoot
+%attr(0644,root,root) %{_tmpfilesdir}/%{name}.conf
+%attr(0711,setroubleshoot,setroubleshoot) %dir %{_rundir}/setroubleshoot
 
 %post
 touch --no-create %{_datadir}/icons/hicolor || :
@@ -84,48 +87,13 @@ rm -rf %{buildroot}
 make DESTDIR=%{buildroot} install
 desktop-file-install --vendor="" --dir=%{buildroot}%{_datadir}/applications %{buildroot}/%{_datadir}/applications/%{name}.desktop
 mkdir -p %{buildroot}%{pkgvardatadir}
+mkdir -p %{buildroot}%{_rundir}/setroubleshoot
 touch %{buildroot}%{pkgdatabase}
 touch %{buildroot}%{pkgvardatadir}/email_alert_recipients
 rm -rf %{buildroot}/usr/share/doc/
+# create /run/setroubleshoot on boot
+install -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
 
-# Register as an application to be visible in the software center
-#
-# NOTE: It would be *awesome* if this file was maintained by the upstream
-# project, translated and installed into the right place during `make install`.
-#
-# See http://www.freedesktop.org/software/appstream/docs/ for more details.
-#
-mkdir -p $RPM_BUILD_ROOT%{_datadir}/appdata
-cat > $RPM_BUILD_ROOT%{_datadir}/appdata/%{name}.appdata.xml <<EOF
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Copyright 2014 Ryan Lerch <rlerch at redhat.com> -->
-<!--
-BugReportURL: https://fedorahosted.org/setroubleshoot/ticket/14
-SentUpstream: 2014-07-02
--->
-<application>
-  <id type="desktop">setroubleshoot.desktop</id>
-  <metadata_license>CC0-1.0</metadata_license>
-  <summary>Troubleshoot SELinux policy and access denials</summary>
-  <description>
-    <p>
-      The SELinux Troubleshooter provides a graphical user interface to help
-      diagnose SELinux policy issues.
-      When Access Vector Cache (AVC) denial messages are logged by SELinux,
-      the SELinux Troubleshooter generates a desktop notification containing
-      information about the problem and allows the user to launch the
-      troubleshooting interface to help track down the cause of the denial.
-    </p>
-  </description>
-  <url type="homepage">https://fedorahosted.org/setroubleshoot/</url>
-  <screenshots>
-    <screenshot type="default">https://fedorahosted.org/setroubleshoot/raw-attachment/wiki/WikiStart/setroubleshoot.png</screenshot>
-  </screenshots>
-  <!-- FIXME: change this to an upstream email address for spec updates
-  <updatecontact>someone_who_cares at upstream_project.org</updatecontact>
-   -->
-</application>
-EOF
 
 %find_lang %{name}
 
@@ -147,6 +115,7 @@ Requires: pygobject2
 Requires: dbus
 Requires: dbus-python
 Requires: polkit
+Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd
 
 %description server
 Provides tools to help diagnose SELinux problems. When AVC messages
@@ -154,6 +123,9 @@ are generated an alert can be generated that will give information
 about the problem and help track its resolution. Alerts can be configured
 to user preference. The same tools can be run on existing log files.
 
+%pre server
+getent passwd %{username} >/dev/null || useradd -r -U -s /sbin/nologin -d %{pkgvardatadir} %{username}
+
 %post server
 %systemd_post auditd.service
 
@@ -199,9 +171,9 @@ rm -rf %{buildroot}
 %{pkgdatadir}/updater.py*
 %config(noreplace) %{pkgconfigdir}/%{name}.conf
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.Setroubleshootd.conf
-%dir %{pkgvardatadir}
-%ghost %attr(0600,root,root) %{pkgdatabase}
-%ghost %attr(0644,root,root) %{pkgvardatadir}/email_alert_recipients
+%attr(0700,setroubleshoot,setroubleshoot) %dir %{pkgvardatadir}
+%attr(0600,setroubleshoot,setroubleshoot) %{pkgdatabase}
+%attr(0644,setroubleshoot,setroubleshoot) %{pkgvardatadir}/email_alert_recipients
 %{_mandir}/man8/sealert.8.gz
 %{_mandir}/man8/sedispatch.8.gz
 %{_mandir}/man8/setroubleshootd.8.gz
@@ -212,6 +184,10 @@ rm -rf %{buildroot}
 %{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootFixit.service
 
 %changelog
+* Thu Apr 09 2015 Petr Lautrbach <plautrba at redhat.com> 3.2.23-1
+- setroubleshootd is set to be run as setroubleshoot user instead of root user
+- several bugfixes
+
 * Thu Mar 26 2015 Richard Hughes <rhughes at redhat.com> - 3.2.22-2
 - Add an AppData file for the software center
 
diff --git a/setroubleshoot.tmpfiles b/setroubleshoot.tmpfiles
new file mode 100644
index 0000000..8f68570
--- /dev/null
+++ b/setroubleshoot.tmpfiles
@@ -0,0 +1 @@
+d /run/setroubleshoot 711 setroubleshoot setroubleshoot -
diff --git a/sources b/sources
index 819cef4..8664cca 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
 ed14365d69cc9469e190cbe8cb88377e  setroubleshoot-3.2.22.tar.gz
+5623b088d6847e79c00a2b1cabad9555  setroubleshoot-3.2.23.tar.gz
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/setroubleshoot.git/commit/?h=f22&id=0d5986d28bf8a5b854484154a2afc4bb2a1db3f0

More information about the scm-commits mailing list