[opensuse-packaging] How to fix rpmlint warnings "polkit-untracked-privilege","suse-dbus-unauthorized-service" and kbuildsycoca4?
Hi, all, I'm working on a "clean" version of RecordItNow( strip ffmpeg and mplayer off by default but provide rebuild possibility), which actually is the most powerful desktop recorder under KDE enviroment. packge here: https://build.opensuse.org/package/show?package=recorditnow&project=home%3AMargueriteSu and the rpmlint.log returns lots of dbus service and polkit policy warnings. I tried and fixed some, but these two are out of my capability. recorditnow.x86_64: W: suse-dbus-unauthorized-service /etc/dbus-1/system.d/org.kde.recorditnow.helper.conf recorditnow.x86_64: W: suse-dbus-unauthorized-service /usr/share/dbus-1/system-services/org.kde.recorditnow.helper.service The package installs a DBUS system service file. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team. and recorditnow.x86_64: I: polkit-untracked-privilege org.kde.recorditnow.helper.watch (auth_admin_keep_always:auth_admin_keep_always:auth_admin) The privilege is not listed in /etc/polkit-default-privs.* which makes it harder for admins to find. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the security team the first seems okay and can be safely ignored by .rpmlintrc. the second makes some senses. so I tried to fix it by adding these scriptlets below info %post and %postun: #fix the submit to suse security team warning %post /sbin/ldconfig kbuildsycoca4 echo "org.kde.recorditnow.helper.watch auth_admin_keep_always:auth_admin_keep_always:auth_admin" >> /etc/polkit-default-privs.standard %postun /sbin/ldconfig kbuildsycoca4 sed -i "s/org.kde.recorditnow.helper.watch auth_admin_keep_always\:auth_admin_keep_always\:auth_admin//" /etc/polkit-default-privs.standard on OBS it's just okay, but if you test the generated packages on your own machine, the %post scripts can't be executed and failed. so any suggestion on how to append a new line to /etc/polkit-default-privs.standard? it's already on your system, we can't do a dirty fix by replacing it with a new file with a new line when installation and replacing it with an old file without that new line when uninstallation. and kbuildsycoca4 code is also something needed be better designed. I installed the generated packages on my own machine and started it, it can't find any backends or "recorder", in konsole it suggested you to run kbuildsycoca4. so I add it to %post and %postun area, but it turns out to be: kbuildsycoca4 running... kbuildsycoca4(9523): "applications.menu" not found in ("//.config/menus/", "/etc/xdg/menus/") anyone knows any macros can do the job? I checked /etc/rpm/macro.kde4 but no such macros found. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Sat, Mar 24, 2012 at 10:39:00PM +0800, Marguerite Su wrote:
Hi, all,
I'm working on a "clean" version of RecordItNow( strip ffmpeg and mplayer off by default but provide rebuild possibility), which actually is the most powerful desktop recorder under KDE enviroment. packge here:
https://build.opensuse.org/package/show?package=recorditnow&project=home%3AMargueriteSu
and the rpmlint.log returns lots of dbus service and polkit policy warnings.
I tried and fixed some, but these two are out of my capability.
recorditnow.x86_64: W: suse-dbus-unauthorized-service /etc/dbus-1/system.d/org.kde.recorditnow.helper.conf recorditnow.x86_64: W: suse-dbus-unauthorized-service /usr/share/dbus-1/system-services/org.kde.recorditnow.helper.service The package installs a DBUS system service file. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team.
and
recorditnow.x86_64: I: polkit-untracked-privilege org.kde.recorditnow.helper.watch (auth_admin_keep_always:auth_admin_keep_always:auth_admin) The privilege is not listed in /etc/polkit-default-privs.* which makes it harder for admins to find. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the security team
the first seems okay and can be safely ignored by .rpmlintrc. the second makes some senses.
so I tried to fix it by adding these scriptlets below info %post and %postun:
#fix the submit to suse security team warning %post /sbin/ldconfig kbuildsycoca4 echo "org.kde.recorditnow.helper.watch auth_admin_keep_always:auth_admin_keep_always:auth_admin" >> /etc/polkit-default-privs.standard
%postun /sbin/ldconfig kbuildsycoca4 sed -i "s/org.kde.recorditnow.helper.watch auth_admin_keep_always\:auth_admin_keep_always\:auth_admin//" /etc/polkit-default-privs.standard
on OBS it's just okay, but if you test the generated packages on your own machine, the %post scripts can't be executed and failed. so any suggestion on how to append a new line to /etc/polkit-default-privs.standard? it's already on your system, we can't do a dirty fix by replacing it with a new file with a new line when installation and replacing it with an old file without that new line when uninstallation.
and kbuildsycoca4 code is also something needed be better designed. I installed the generated packages on my own machine and started it, it can't find any backends or "recorder", in konsole it suggested you to run kbuildsycoca4. so I add it to %post and %postun area, but it turns out to be:
kbuildsycoca4 running... kbuildsycoca4(9523): "applications.menu" not found in ("//.config/menus/", "/etc/xdg/menus/")
anyone knows any macros can do the job? I checked /etc/rpm/macro.kde4 but no such macros found.
What about opening a bugreport for the security team like every of those messages say? Ciao, Marcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Oh, and the trick is to create a /etc/polkit-default-privs.d/ directory and drop a package specific file into that. This should also get it to be evaluated. Ciao, Marcus On Sat, Mar 24, 2012 at 05:24:27PM +0100, Marcus Meissner wrote:
On Sat, Mar 24, 2012 at 10:39:00PM +0800, Marguerite Su wrote:
Hi, all,
I'm working on a "clean" version of RecordItNow( strip ffmpeg and mplayer off by default but provide rebuild possibility), which actually is the most powerful desktop recorder under KDE enviroment. packge here:
https://build.opensuse.org/package/show?package=recorditnow&project=home%3AMargueriteSu
and the rpmlint.log returns lots of dbus service and polkit policy warnings.
I tried and fixed some, but these two are out of my capability.
recorditnow.x86_64: W: suse-dbus-unauthorized-service /etc/dbus-1/system.d/org.kde.recorditnow.helper.conf recorditnow.x86_64: W: suse-dbus-unauthorized-service /usr/share/dbus-1/system-services/org.kde.recorditnow.helper.service The package installs a DBUS system service file. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team.
and
recorditnow.x86_64: I: polkit-untracked-privilege org.kde.recorditnow.helper.watch (auth_admin_keep_always:auth_admin_keep_always:auth_admin) The privilege is not listed in /etc/polkit-default-privs.* which makes it harder for admins to find. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the security team
the first seems okay and can be safely ignored by .rpmlintrc. the second makes some senses.
so I tried to fix it by adding these scriptlets below info %post and %postun:
#fix the submit to suse security team warning %post /sbin/ldconfig kbuildsycoca4 echo "org.kde.recorditnow.helper.watch auth_admin_keep_always:auth_admin_keep_always:auth_admin" >> /etc/polkit-default-privs.standard
%postun /sbin/ldconfig kbuildsycoca4 sed -i "s/org.kde.recorditnow.helper.watch auth_admin_keep_always\:auth_admin_keep_always\:auth_admin//" /etc/polkit-default-privs.standard
on OBS it's just okay, but if you test the generated packages on your own machine, the %post scripts can't be executed and failed. so any suggestion on how to append a new line to /etc/polkit-default-privs.standard? it's already on your system, we can't do a dirty fix by replacing it with a new file with a new line when installation and replacing it with an old file without that new line when uninstallation.
and kbuildsycoca4 code is also something needed be better designed. I installed the generated packages on my own machine and started it, it can't find any backends or "recorder", in konsole it suggested you to run kbuildsycoca4. so I add it to %post and %postun area, but it turns out to be:
kbuildsycoca4 running... kbuildsycoca4(9523): "applications.menu" not found in ("//.config/menus/", "/etc/xdg/menus/")
anyone knows any macros can do the job? I checked /etc/rpm/macro.kde4 but no such macros found.
What about opening a bugreport for the security team like every of those messages say?
Ciao, Marcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
-- Working, but not speaking, for the following german company: SUSE LINUX Products GmbH, HRB 16746 (AG Nuernberg) Geschaeftsfuehrer: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Sun, Mar 25, 2012 at 12:27 AM, Marcus Meissner <meissner@suse.de> wrote:
Oh,
and the trick is to create a /etc/polkit-default-privs.d/
directory and drop a package specific file into that.
This should also get it to be evaluated.
Ciao, Marcus
On Sat, Mar 24, 2012 at 05:24:27PM +0100, Marcus Meissner wrote:
On Sat, Mar 24, 2012 at 10:39:00PM +0800, Marguerite Su wrote:
Hi, all,
I'm working on a "clean" version of RecordItNow( strip ffmpeg and mplayer off by default but provide rebuild possibility), which actually is the most powerful desktop recorder under KDE enviroment. packge here:
https://build.opensuse.org/package/show?package=recorditnow&project=home%3AMargueriteSu
and the rpmlint.log returns lots of dbus service and polkit policy warnings.
I tried and fixed some, but these two are out of my capability.
recorditnow.x86_64: W: suse-dbus-unauthorized-service /etc/dbus-1/system.d/org.kde.recorditnow.helper.conf recorditnow.x86_64: W: suse-dbus-unauthorized-service /usr/share/dbus-1/system-services/org.kde.recorditnow.helper.service The package installs a DBUS system service file. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team.
and
recorditnow.x86_64: I: polkit-untracked-privilege org.kde.recorditnow.helper.watch (auth_admin_keep_always:auth_admin_keep_always:auth_admin) The privilege is not listed in /etc/polkit-default-privs.* which makes it harder for admins to find. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the security team
the first seems okay and can be safely ignored by .rpmlintrc. the second makes some senses.
so I tried to fix it by adding these scriptlets below info %post and %postun:
#fix the submit to suse security team warning %post /sbin/ldconfig kbuildsycoca4 echo "org.kde.recorditnow.helper.watch auth_admin_keep_always:auth_admin_keep_always:auth_admin" >> /etc/polkit-default-privs.standard
%postun /sbin/ldconfig kbuildsycoca4 sed -i "s/org.kde.recorditnow.helper.watch auth_admin_keep_always\:auth_admin_keep_always\:auth_admin//" /etc/polkit-default-privs.standard
on OBS it's just okay, but if you test the generated packages on your own machine, the %post scripts can't be executed and failed. so any suggestion on how to append a new line to /etc/polkit-default-privs.standard? it's already on your system, we can't do a dirty fix by replacing it with a new file with a new line when installation and replacing it with an old file without that new line when uninstallation.
and kbuildsycoca4 code is also something needed be better designed. I installed the generated packages on my own machine and started it, it can't find any backends or "recorder", in konsole it suggested you to run kbuildsycoca4. so I add it to %post and %postun area, but it turns out to be:
kbuildsycoca4 running... kbuildsycoca4(9523): "applications.menu" not found in ("//.config/menus/", "/etc/xdg/menus/")
anyone knows any macros can do the job? I checked /etc/rpm/macro.kde4 but no such macros found.
What about opening a bugreport for the security team like every of those messages say?
Ciao, Marcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
-- Working, but not speaking, for the following german company: SUSE LINUX Products GmbH, HRB 16746 (AG Nuernberg) Geschaeftsfuehrer: Jeff Hawn, Jennifer Guild, Felix Imendoerffer
1. Of course...I'll file a bugreport with these files. 2. Thanks for your tips in your second mail. I'll do it also, for it takes time for your team to evaluate the files. 3. Now the question left is: is there any macro can be called to trigger kbuildsycoca4? /etc/rpm/macro.kde4 has only one useful macro, %kde_post_install, which actually is desktop file related. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Sun, Mar 25, 2012 at 12:58:33AM +0800, Marguerite Su wrote:
3. Now the question left is: is there any macro can be called to trigger kbuildsycoca4? /etc/rpm/macro.kde4 has only one useful macro, %kde_post_install, which actually is desktop file related.
kbuildsycoca runs automatically when it picks up new files, as it watches the filesystem. You usually do not need to anything. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Sun, Mar 25, 2012 at 12:24 AM, Marcus Meissner <meissner@suse.de> wrote:
On Sat, Mar 24, 2012 at 10:39:00PM +0800, Marguerite Su wrote:
Hi, all,
I'm working on a "clean" version of RecordItNow( strip ffmpeg and mplayer off by default but provide rebuild possibility), which actually is the most powerful desktop recorder under KDE enviroment. packge here:
https://build.opensuse.org/package/show?package=recorditnow&project=home%3AMargueriteSu
and the rpmlint.log returns lots of dbus service and polkit policy warnings.
I tried and fixed some, but these two are out of my capability.
recorditnow.x86_64: W: suse-dbus-unauthorized-service /etc/dbus-1/system.d/org.kde.recorditnow.helper.conf recorditnow.x86_64: W: suse-dbus-unauthorized-service /usr/share/dbus-1/system-services/org.kde.recorditnow.helper.service The package installs a DBUS system service file. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team.
and
recorditnow.x86_64: I: polkit-untracked-privilege org.kde.recorditnow.helper.watch (auth_admin_keep_always:auth_admin_keep_always:auth_admin) The privilege is not listed in /etc/polkit-default-privs.* which makes it harder for admins to find. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the security team
the first seems okay and can be safely ignored by .rpmlintrc. the second makes some senses.
so I tried to fix it by adding these scriptlets below info %post and %postun:
#fix the submit to suse security team warning %post /sbin/ldconfig kbuildsycoca4 echo "org.kde.recorditnow.helper.watch auth_admin_keep_always:auth_admin_keep_always:auth_admin" >> /etc/polkit-default-privs.standard
%postun /sbin/ldconfig kbuildsycoca4 sed -i "s/org.kde.recorditnow.helper.watch auth_admin_keep_always\:auth_admin_keep_always\:auth_admin//" /etc/polkit-default-privs.standard
on OBS it's just okay, but if you test the generated packages on your own machine, the %post scripts can't be executed and failed. so any suggestion on how to append a new line to /etc/polkit-default-privs.standard? it's already on your system, we can't do a dirty fix by replacing it with a new file with a new line when installation and replacing it with an old file without that new line when uninstallation.
and kbuildsycoca4 code is also something needed be better designed. I installed the generated packages on my own machine and started it, it can't find any backends or "recorder", in konsole it suggested you to run kbuildsycoca4. so I add it to %post and %postun area, but it turns out to be:
kbuildsycoca4 running... kbuildsycoca4(9523): "applications.menu" not found in ("//.config/menus/", "/etc/xdg/menus/")
anyone knows any macros can do the job? I checked /etc/rpm/macro.kde4 but no such macros found.
What about opening a bugreport for the security team like every of those messages say?
Ciao, Marcus
Hi, Marcus, I have done this : https://bugzilla.novell.com/show_bug.cgi?id=753908 Thanks for your review. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
participants (2)
-
Marcus Meissner
-
Marguerite Su