2006-07-28 Laszlo (Laca) Peter <
[email protected]>
* dbus.spec: add patch priv.spec (from Artem Kachitchkine),
* patches/dbus-05-priv.diff: (new) patch that makes dbus run as user
'daemon' and also with least privileges
2006-07-28 Laszlo (Laca) Peter <
[email protected]>
* SUNWdbus.spec: add pre and post scripts for enabling the dbus
svc upon installation but leaving it as is upon upgrade
(Artem Kachitchkine, reviewed by David Bustos);
add %{_libexecdir}/dbus-daemon to the pkgmap
--- a/ChangeLog Fri Jul 28 19:42:59 2006 +0000
+++ b/ChangeLog Sat Jul 29 02:31:16 2006 +0000
@@ -1,3 +1,9 @@
+2006-07-28 Laszlo (Laca) Peter <[email protected]>
+
+ * dbus.spec: add patch priv.spec (from Artem Kachitchkine),
+ * patches/dbus-05-priv.diff: (new) patch that makes dbus run as user
+ 'daemon' and also with least privileges
+
2006-07-27 Brian Cameron <[email protected]>
* gnome-session.spec,
--- a/Solaris/ChangeLog Fri Jul 28 19:42:59 2006 +0000
+++ b/Solaris/ChangeLog Sat Jul 29 02:31:16 2006 +0000
@@ -1,3 +1,10 @@
+2006-07-28 Laszlo (Laca) Peter <[email protected]>
+
+ * SUNWdbus.spec: add pre and post scripts for enabling the dbus
+ svc upon installation but leaving it as is upon upgrade
+ (Artem Kachitchkine, reviewed by David Bustos);
+ add %{_libexecdir}/dbus-daemon to the pkgmap
+
2006-07-28 Brian Cameron <[email protected]>
* Solaris/SUNWgnome-file-mgr.spec: Add gnome-volume-manager and
@@ -11,10 +18,10 @@
apply if HAL is not enabled, since we only want to run gnome-volcheck
if HAL is not enabled.
-2006-07-28 Darren Kenny <[email protected]>
-
- * SUNWgnome-perf-meter.spec:
- Remove as per LSARC 2006/347 - replaced by the multiload panel applet.
+2006-07-28 Darren Kenny <[email protected]>
+
+ * SUNWgnome-perf-meter.spec: Remove as per LSARC 2006/347 - replaced
+ by the multiload panel applet.
2006-07-27 Laszlo (Laca) Peter <[email protected]>
@@ -38,8 +45,10 @@
* manpages/sman1/gnome-system-log.1: Changed to nroff manpages.
2006-07-24 Darren Kenny <[email protected]>
- * SUNWgnome-pdf-viewer.spec: Add XPDF Language Support Packages that are
- used by poppler to correctly view localised PDF files. Fixes Bug 6439544.
+
+ * SUNWgnome-pdf-viewer.spec: Add XPDF Language Support Packages that
+ are used by poppler to correctly view localised PDF files. Fixes
+ Bug 6439544.
2006-07-21 Laszlo (Laca) Peter <[email protected]>
--- a/Solaris/SUNWdbus.spec Fri Jul 28 19:42:59 2006 +0000
+++ b/Solaris/SUNWdbus.spec Sat Jul 29 02:31:16 2006 +0000
@@ -80,12 +80,64 @@
%iclass manifest -f i.manifest
%endif
+%pre root
+#!/bin/sh
+#
+# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+# Use is subject to license terms.
+#
+
+# Presence of this temp file will tell postinstall script
+# that the dbus service is already installed, in which case
+# the current service state will be preserved, be it enabled
+# or disabled.
+rm -f $PKG_INSTALL_ROOT/var/dbus_installed.tmp > /dev/null 2>&1
+
+if [ -f $PKG_INSTALL_ROOT/var/svc/manifest/system/dbus.xml ]; then
+ touch $PKG_INSTALL_ROOT/var/dbus_installed.tmp
+fi
+
+exit 0
+
+%post root
+#!/bin/sh
+#
+# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+# Use is subject to license terms.
+#
+
+# Preinstall script will create this file if dbus service was already
+# installed, in which case we preserve current service state,
+# be it enabled or disabled.
+if [ -f $PKG_INSTALL_ROOT/var/dbus_installed.tmp ]; then
+ rm -f $PKG_INSTALL_ROOT/var/dbus_installed.tmp
+else
+ # enable dbus:
+ # - PKG_INSTALL_ROOT is / or empty when installing onto a live system
+ # and we can invoke svcadm directly;
+ # - otherwise it's upgrade, so we append to the upgrade script
+ if [ "${PKG_INSTALL_ROOT:-/}" = "/" ]; then
+ if [ `/sbin/zonename` = global ]; then
+ /usr/sbin/svcadm enable svc:/system/dbus:default
+ fi
+ else
+ cat >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade <<-EOF
+ if [ \`/sbin/zonename\` = global ]; then
+ /usr/sbin/svcadm enable svc:/system/dbus:default
+ fi
+EOF
+ fi
+fi
+
+exit 0
+
%files
%defattr (-, root, bin)
%dir %attr (0755, root, bin) %{_bindir}
%{_bindir}/*
%dir %attr (0755, root, bin) %{_libdir}
%{_libdir}/libdbus*
+%{_libexecdir}/dbus-daemon
%dir %attr (0755, root, sys) %dir %{_datadir}
%{_datadir}/dbus-1
%dir %attr(0755, root, bin) %{_mandir}
@@ -119,6 +171,10 @@
%changelog
+* Fri Jul 28 2006 - [email protected]
+- add pre and post scripts for enabling the dbus svc upon installation
+ but leaving it as is upon upgrade (Artem Kachitchkine, David Bustos)
+- add %{_libexecdir}/dbus-daemon to the pkgmap
* Fri Jul 21 2006 - [email protected]
- Add dbus RBAC entries to auth_attr and prof_attr
* Mon May 08 2006 - [email protected]
--- a/dbus.spec Fri Jul 28 19:42:59 2006 +0000
+++ b/dbus.spec Sat Jul 29 02:31:16 2006 +0000
@@ -19,6 +19,7 @@
Patch2: dbus-02-python.diff
Patch3: dbus-03-dbus-launch.diff
Patch4: dbus-04-libexec.diff
+Patch5: dbus-05-priv.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Docdir: %{_defaultdocdir}/doc
Autoreqprov: on
@@ -66,6 +67,7 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%endif
%build
@@ -127,43 +129,34 @@
%{_libdir}/python?.?/vendor-packages/*
%changelog
+* Fri Jul 28 2006 - [email protected]
+- add patch priv.spec (from Artem Kachitchkine), makes dbus run as user
+ 'daemon' and also with least privileges
* Fri Jul 21 2006 - [email protected]
- Add patch to move dbus-daemon to /usr/lib, required by ARC.
-
* Tue May 02 2006 - [email protected]
- add patch console.diff that allows D-BUS to authenticate console user
-
* Sun Feb 26 2006 - [email protected]
- Bump to 0.61.
- move python stuff to vendor-packages, remove .pyo and *.la
-
* Thu Jan 19 2006 - [email protected]
- Remove upstream patch, 01-auth-external. Renumber remaining.
-
* Tue Jan 17 2006 - [email protected]
- Bump to 0.60.
-
* Tue Oct 25 2005 - [email protected]
- Remove patch3 as an include dir under _libdir is okay. Bump to 0.50. Disable
python bindings as they fail. Bug 4878 files at freedesktop.org.
-
* Fri Oct 21 2005 - [email protected]
- Add patches to build on Solaris.
-
* Tue Aug 30 2005 - [email protected]
- Create the dbus-1 services directory
-
* Tue Aug 16 2005 - [email protected]
- Add python >= 2.4 dependency. Reformat description text.
-
* Mon Aug 15 2005 - [email protected]
- Bump to 0.35.2.
-
* Mon Jun 20 2005 - [email protected]
- dbus 0.23 is actually shipped with gnome 2.10 so bumping down tarball
-
* Thu Jun 09 2005 - [email protected]
- add buildrequires glib2, libxml2
-
* Thu May 12 2005 - [email protected]
- Initial spec file for dbus.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/dbus-05-priv.diff Sat Jul 29 02:31:16 2006 +0000
@@ -0,0 +1,82 @@
+--- dbus-0.62/dbus/dbus-sysdeps-util-orig.c Fri Jul 28 17:54:16 2006
++++ dbus-0.62/dbus/dbus-sysdeps-util.c Fri Jul 28 17:54:24 2006
+@@ -43,6 +43,10 @@
+ #include <dirent.h>
+ #include <sys/un.h>
+
++#ifdef sun
++#include <priv.h>
++#endif
++
+ #ifndef O_BINARY
+ #define O_BINARY 0
+ #endif
+@@ -242,6 +246,8 @@
+ * @param error return location for errors
+ * @returns #FALSE on failure
+ */
++#ifndef sun
++
+ dbus_bool_t
+ _dbus_change_identity (dbus_uid_t uid,
+ dbus_gid_t gid,
+@@ -279,6 +285,59 @@
+ return TRUE;
+ }
+
++#else /* sun */
++
++dbus_bool_t
++_dbus_change_identity (dbus_uid_t uid,
++ dbus_gid_t gid,
++ DBusError *error)
++{
++ priv_set_t *pPrivSet = NULL;
++ priv_set_t *lPrivSet = NULL;
++
++ /* become user daemon */
++ (void) setgroups(0, NULL);
++ if (setgid(12) != 0)
++ return FALSE;
++ if (setreuid(1, 1) != 0)
++ return FALSE;
++
++ /*
++ * Start with the 'basic' privilege set and then remove any
++ * of the 'basic' privileges that will not be needed by this
++ * process. The 'net_icmpaccess' privilege will be added
++ * since we know that we will need it for the permitted set.
++ */
++ if ((pPrivSet = priv_str_to_set("basic", ",", NULL)) == NULL)
++ return FALSE;
++
++ /*
++ * Let's clear all of the privileges we know we will not
++ * need from the 'basic' set.
++ */
++ (void) priv_delset(pPrivSet, PRIV_FILE_LINK_ANY);
++ (void) priv_delset(pPrivSet, PRIV_PROC_INFO);
++
++ /* Set the permitted privilege set. */
++ if (setppriv(PRIV_SET, PRIV_PERMITTED, pPrivSet) != 0)
++ return FALSE;
++
++ /* Clear the limit set. */
++ if ((lPrivSet = priv_allocset()) == NULL)
++ return FALSE;
++
++ priv_emptyset(lPrivSet);
++
++ if (setppriv(PRIV_SET, PRIV_LIMIT, lPrivSet) != 0)
++ return FALSE;
++
++ priv_freeset(lPrivSet);
++
++ return TRUE;
++}
++
++#endif /* sun */
++
+ /** Installs a UNIX signal handler
+ *
+ * @param sig the signal to handle