[opensuse-packaging] Packaging wicd for 11.4, dbus security issue
Wicd has some issues on 11.4 due to the upgrade to Python 2.7, and as such I'm trying to package up the latest tip of their bazaar tree on Launchpad. wicd.x86_64: E: suse-dbus-unauthorized-service (Badness: 10000) /etc/dbus-1/system.d/wicd.conf The package installs a DBUS system service file. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team. What confuses me about this is that wicd was already packaged at one point for 11.3, so I don't understand why I'm getting this badness now. Aside from that, I can open a bug report with the SUSE security team, but is there anything I can do on `osc build` to side-step that check and get a testable package in a repo on build.opensuse.org? - R. Tyler Croy -------------------------------------- Code: http://github.com/rtyler Chatter: http://twitter.com/agentdero http://identi.ca/agentdero
On Monday 14 March 2011 19:52:15 R. Tyler Croy wrote:
wicd.x86_64: E: suse-dbus-unauthorized-service (Badness: 10000) /etc/dbus-1/system.d/wicd.conf The package installs a DBUS system service file. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team.
What confuses me about this is that wicd was already packaged at one point for 11.3, so I don't understand why I'm getting this badness now.
Aside from that, I can open a bug report with the SUSE security team, but is there anything I can do on `osc build` to side-step that check and get a testable package in a repo on build.opensuse.org?
Add to the source a text file with name wicd-rpmlintrc with the following content: addFilter("suse-dbus-unauthorized-service") Then add this file as source: Source99: wicd-rpmlintrc This should help. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
On Monday, March 14, 2011 05:57:31 PM Ilya Chernykh wrote:
On Monday 14 March 2011 19:52:15 R. Tyler Croy wrote:
wicd.x86_64: E: suse-dbus-unauthorized-service (Badness: 10000) /etc/dbus-1/system.d/wicd.conf The package installs a DBUS system service file. If the package is
intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team.
What confuses me about this is that wicd was already packaged at one point for 11.3, so I don't understand why I'm getting this badness now.
Some of those checks where only added later...
Aside from that, I can open a bug report with the SUSE security team, but is there anything I can do on `osc build` to side-step that check and get a testable package in a repo on build.opensuse.org?
Add to the source a text file with name wicd-rpmlintrc with the following content:
addFilter("suse-dbus-unauthorized-service")
Yeah, this is the short-time solution but the bugreport is the proper solution, Andreas -- Andreas Jaeger, Program Manager openSUSE, aj@{novell.com,opensuse.org} Twitter: jaegerandi | Identica: jaegerandi SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
On Mon, 14 Mar 2011, Andreas Jaeger wrote:
On Monday, March 14, 2011 05:57:31 PM Ilya Chernykh wrote:
On Monday 14 March 2011 19:52:15 R. Tyler Croy wrote:
wicd.x86_64: E: suse-dbus-unauthorized-service (Badness: 10000) /etc/dbus-1/system.d/wicd.conf The package installs a DBUS system service file. If the package is
intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team.
What confuses me about this is that wicd was already packaged at one point for 11.3, so I don't understand why I'm getting this badness now.
Some of those checks where only added later...
Aside from that, I can open a bug report with the SUSE security team, but is there anything I can do on `osc build` to side-step that check and get a testable package in a repo on build.opensuse.org?
Add to the source a text file with name wicd-rpmlintrc with the following content:
addFilter("suse-dbus-unauthorized-service")
Yeah, this is the short-time solution but the bugreport is the proper solution,
Understood. As you might have gathered, I'm relatively new to packaging (although, Python is my dayjob). I want to test the crap out of this before I waste others' time with it :) - R. Tyler Croy -------------------------------------- Code: http://github.com/rtyler Chatter: http://twitter.com/agentdero http://identi.ca/agentdero
On Mon, Mar 14, 2011 at 07:57:31PM +0300, Ilya Chernykh wrote:
On Monday 14 March 2011 19:52:15 R. Tyler Croy wrote:
wicd.x86_64: E: suse-dbus-unauthorized-service (Badness: 10000) /etc/dbus-1/system.d/wicd.conf The package installs a DBUS system service file. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team.
What confuses me about this is that wicd was already packaged at one point for 11.3, so I don't understand why I'm getting this badness now.
Aside from that, I can open a bug report with the SUSE security team, but is there anything I can do on `osc build` to side-step that check and get a testable package in a repo on build.opensuse.org?
Add to the source a text file with name wicd-rpmlintrc with the following content:
addFilter("suse-dbus-unauthorized-service")
Then add this file as source:
Source99: wicd-rpmlintrc
Dont, set the badness down to 0 instead. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Moin Marcus! Marcus Meissner schrieb am Montag, den 14. M?rz 2011:
On Mon, Mar 14, 2011 at 07:57:31PM +0300, Ilya Chernykh wrote:
On Monday 14 March 2011 19:52:15 R. Tyler Croy wrote:
wicd.x86_64: E: suse-dbus-unauthorized-service (Badness: 10000) /etc/dbus-1/system.d/wicd.conf The package installs a DBUS system service file. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team.
What confuses me about this is that wicd was already packaged at one point for 11.3, so I don't understand why I'm getting this badness now.
Aside from that, I can open a bug report with the SUSE security team, but is there anything I can do on `osc build` to side-step that check and get a testable package in a repo on build.opensuse.org?
Add to the source a text file with name wicd-rpmlintrc with the following content:
addFilter("suse-dbus-unauthorized-service")
Then add this file as source:
Source99: wicd-rpmlintrc
Dont, set the badness down to 0 instead.
In order to get the package *testable* I had to add that rpmlint hack, which I would very much like to remove, following a proper audit by the SUSE Security team. I've filed this ticket: <https://bugzilla.novell.com/show_bug.cgi?id=681125> Which I'm not sure is correct. This page <http://en.opensuse.org/openSUSE:Security_packaging_policy#DBus_Services> references *nothing* useful for creating a good audit request in Bugzilla, and neither does the output of rpmlint. Perhaps this should be changed by somebody with a greater clue than I? :) - R. Tyler Croy -------------------------------------- Code: http://github.com/rtyler Chatter: http://identi.ca/agentdero http://twitter.com/agentdero
Moin Marcus!
Marcus Meissner schrieb am Montag, den 14. M?rz 2011:
On Mon, Mar 14, 2011 at 07:57:31PM +0300, Ilya Chernykh wrote:
On Monday 14 March 2011 19:52:15 R. Tyler Croy wrote:
wicd.x86_64: E: suse-dbus-unauthorized-service (Badness: 10000) /etc/dbus-1/system.d/wicd.conf The package installs a DBUS system service file. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team.
What confuses me about this is that wicd was already packaged at one point for 11.3, so I don't understand why I'm getting this badness now.
Aside from that, I can open a bug report with the SUSE security team, but is there anything I can do on `osc build` to side-step that check and get a testable package in a repo on build.opensuse.org?
Add to the source a text file with name wicd-rpmlintrc with the following content:
addFilter("suse-dbus-unauthorized-service")
Then add this file as source:
Source99: wicd-rpmlintrc Dont, set the badness down to 0 instead.
In order to get the package *testable* I had to add that rpmlint hack, which I would very much like to remove, following a proper audit by the SUSE Security team.
I've filed this ticket:<https://bugzilla.novell.com/show_bug.cgi?id=681125>
Which I'm not sure is correct.
This page <http://en.opensuse.org/openSUSE:Security_packaging_policy#DBus_Services> references *nothing* useful for creating a good audit request in Bugzilla, and neither does the output of rpmlint. Perhaps this should be changed by somebody with a greater clue than I? :)
- R. Tyler Croy -------------------------------------- Code: http://github.com/rtyler Chatter: http://identi.ca/agentdero http://twitter.com/agentdero I would have done the same thing so if it doesn't exist yet, this should be the right channel for a security review and the reviewers watch
On 03/21/2011 12:11 AM, R. Tyler Croy wrote: this list. If there's no action try the factory list. I have a package (bacula) that needs a security review before I think of submitting to factory so I'm interested in the outcome of this. Regards Dave P -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Hi, On Sun, 20 Mar 2011, R. Tyler Croy wrote:
Add to the source a text file with name wicd-rpmlintrc with the following content:
addFilter("suse-dbus-unauthorized-service")
Then add this file as source:
Source99: wicd-rpmlintrc
Dont, set the badness down to 0 instead.
In order to get the package *testable* I had to add that rpmlint hack,
Without going into the sec review topic right now, but what Marcus meant was that instead of disabling the whole check set its badness to 0. That way it still will show in the logs but won't prevent building (and hence testing). See http://en.opensuse.org/openSUSE:Packaging_checks#Disarming_Fatal_Errors Disabling really should only be done for false positives which this of course isn't. In short do this in a rpmlintrc: setBadness('suse-dbus-unauthorized-service', 0) instead of addFilter. Ciao, Michael. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Moin Michael! Michael Matz schrieb am Montag, den 21. M?rz 2011:
Hi,
On Sun, 20 Mar 2011, R. Tyler Croy wrote:
Add to the source a text file with name wicd-rpmlintrc with the following content:
addFilter("suse-dbus-unauthorized-service")
Then add this file as source:
Source99: wicd-rpmlintrc
Dont, set the badness down to 0 instead.
In order to get the package *testable* I had to add that rpmlint hack,
Without going into the sec review topic right now, but what Marcus meant was that instead of disabling the whole check set its badness to 0. That way it still will show in the logs but won't prevent building (and hence testing). See http://en.opensuse.org/openSUSE:Packaging_checks#Disarming_Fatal_Errors
Disabling really should only be done for false positives which this of course isn't. In short do this in a rpmlintrc:
setBadness('suse-dbus-unauthorized-service', 0)
instead of addFilter.
Ahh, I gotcha. I'm new to packaging for openSUSE, and I thought Marcus (being a security guy) was being mean as in "just fix the problem instead of working around it." Good to know, I've updated the package with r7. - R. Tyler Croy -------------------------------------- Code: http://github.com/rtyler Chatter: http://identi.ca/agentdero http://twitter.com/agentdero
On Mon, Mar 21, 2011 at 09:44:28AM -0700, R. Tyler Croy wrote:
Moin Michael!
Michael Matz schrieb am Montag, den 21. M?rz 2011:
Hi,
On Sun, 20 Mar 2011, R. Tyler Croy wrote:
Add to the source a text file with name wicd-rpmlintrc with the following content:
addFilter("suse-dbus-unauthorized-service")
Then add this file as source:
Source99: wicd-rpmlintrc
Dont, set the badness down to 0 instead.
In order to get the package *testable* I had to add that rpmlint hack,
Without going into the sec review topic right now, but what Marcus meant was that instead of disabling the whole check set its badness to 0. That way it still will show in the logs but won't prevent building (and hence testing). See http://en.opensuse.org/openSUSE:Packaging_checks#Disarming_Fatal_Errors
Disabling really should only be done for false positives which this of course isn't. In short do this in a rpmlintrc:
setBadness('suse-dbus-unauthorized-service', 0)
instead of addFilter.
Ahh, I gotcha. I'm new to packaging for openSUSE, and I thought Marcus (being a security guy) was being mean as in "just fix the problem instead of working around it."
Good to know, I've updated the package with r7.
I am sorry I was not clear :) Ciao, Marcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
participants (6)
-
Andreas Jaeger -
Dave Plater -
Ilya Chernykh -
Marcus Meissner -
Michael Matz -
R. Tyler Croy