Re: Package build of usbauth-notifier and setxid whitelist

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 24 Sep 2019, Stefan Koch wrote:


Hi

My package usbauth-notifier has passed the review:
https://bugzilla.redhat.com/show_bug.cgi?id=1554022

The package have a repositiory now:
https://src.fedoraproject.org/rpms/usbauth-notifier

I have created a build for my package:
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c486836b68

There were some errors at build:
https://taskotron.fedoraproject.org/artifacts/all/364ec852-dc8e-11e9-8845-5
2540077ca13/tests.yml/rpmgrill.json

- "/usr/bin/usbauth-npriv": "Owned by group '<tt>usbauth</tt>'; files in
/usr/bin must be group 'root'"
- "File <var>/usr/bin/usbauth-npriv</var> is setuid root but is not on the
setxid whitelist."
- "File <var>/usr/libexec/usbauth-notifier/usbauth-notifier</var> is setgid
usbauth but is not on the setxid whitelist."

Although there were errors, the package is now within the Rawhide
Repository:
https://ftp-stud.hs-esslingen.de/pub/fedora/linux/development/rawhide/Every
thing/x86_64/os/Packages/u/usbauth-notifier-1.0-1.fc32.x86_64.rpm

So is it needed to request adding it to the setxid whitelists?
Is it needed do move the usbauth-npriv binary away from /usr/bin? It must be
owned by the group usbauth, because of security architecture.
For the rpmlint errors I have provided now a rpmlintrc file athttps://src.fedoraproject.org/rpms/usbauth-notifier/blob/master/f/usbauth-n
otifier.rpmlintrc

Is there a way to get the package into the existing Fedora 31, 30 and EPEL 8
repositories?
I don't know much about setxid whitelists so I can't answer your questions there.
On getting your package into development and stable releases, yes, that is possible. You first need to request branches be created using 'fedpkg request-branch". Then once those have been processed, you can merge your changes to those branches, create builds, then create updates with bodhi to get those builds pushed stable. 

Scott
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux