[Pkg-utopia-commits] r942 - in packages/unstable/hal/debian: . patches

Sjoerd Simons sjoerd at costa.debian.org
Tue Aug 15 11:11:47 UTC 2006 

Author: sjoerd
Date: 2006-08-15 11:11:46 +0000 (Tue, 15 Aug 2006)
New Revision: 942

Added:
   packages/unstable/hal/debian/patches/15_mount_scripts_pmount.patch
Modified:
   packages/unstable/hal/debian/changelog
   packages/unstable/hal/debian/patches/01_hal_debian_dbuspolicy.patch
Log:
* Let the hal mount scripts run pmount. So it just works for things like KDE
  while still being secure enough.



Modified: packages/unstable/hal/debian/changelog
===================================================================
--- packages/unstable/hal/debian/changelog	2006-08-15 10:51:43 UTC (rev 941)
+++ packages/unstable/hal/debian/changelog	2006-08-15 11:11:46 UTC (rev 942)
@@ -21,6 +21,16 @@
       more than 20% of the characters is invalid.  This avoids totally
       unintelligible labels while still preserving only mildly damaged ones.
     - From the ubuntu hal package, patch created by Martin Pitt
+  * debian/patches/15_mount_scripts_pmount.patch:
+    - Change mount/umount scripts to call pmount-hal/pumount as the
+      destination user instead of mount/umount as root. This way, we do not
+      have to rely on hal properties for sanity checking, which are unreliable
+      in hal's current trust model.
+    - Change eject script to call eject as the destination user instead of
+      root.
+    - This change should be completely transparent to the outside world, so
+      that KDE and gnome-mount will just work. (Closes: #377689)
+    - From the ubuntu hal package, patch created by Martin Pitt.
 
   [ Sebastian Dröge  ]
   * debian/pycompat,
@@ -31,8 +41,9 @@
     + Bump Standards-Version to 3.7.2
     + Add myself to Uploaders
 
+  * 
 
- -- Sjoerd Simons <sjoerd at debian.org>  Tue, 15 Aug 2006 00:03:31 +0200
+ -- Sjoerd Simons <sjoerd at debian.org>  Tue, 15 Aug 2006 12:32:05 +0200
 
 hal (0.5.7-2) unstable; urgency=low
 

Modified: packages/unstable/hal/debian/patches/01_hal_debian_dbuspolicy.patch
===================================================================
--- packages/unstable/hal/debian/patches/01_hal_debian_dbuspolicy.patch	2006-08-15 10:51:43 UTC (rev 941)
+++ packages/unstable/hal/debian/patches/01_hal_debian_dbuspolicy.patch	2006-08-15 11:11:46 UTC (rev 942)
@@ -1,14 +1,7 @@
-diff -ruN hal-0.5.6+cvs20060217-old/hal.conf.in hal-0.5.6+cvs20060217/hal.conf.in
---- hal-0.5.6+cvs20060217-old/hal.conf.in	2006-02-17 21:15:40.000000000 +0100
-+++ hal-0.5.6+cvs20060217/hal.conf.in	2006-02-20 23:29:14.000000000 +0100
-@@ -37,16 +37,20 @@
-   <policy at_console="true">
-     <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
-     <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
-+    <!-- 
-     <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
-     <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
-+    -->
+diff -ruN hal-0.5.7.1-old/hal.conf.in hal-0.5.7.1/hal.conf.in
+--- hal-0.5.7.1-old/hal.conf.in	2006-01-10 20:03:45.000000000 +0100
++++ hal-0.5.7.1/hal.conf.in	2006-08-15 12:25:06.000000000 +0200
+@@ -42,9 +42,11 @@
    </policy>
  
    <!-- You can change this to a more suitable user, or make per-group -->
@@ -16,10 +9,8 @@
 +  <policy group="powerdev">
      <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
      <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
-+    <!-- 
++  </policy>
++  <policy group="plugdev">
      <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
      <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
-+    -->
    </policy>
- 
- </busconfig>

Added: packages/unstable/hal/debian/patches/15_mount_scripts_pmount.patch
===================================================================
--- packages/unstable/hal/debian/patches/15_mount_scripts_pmount.patch	2006-08-15 10:51:43 UTC (rev 941)
+++ packages/unstable/hal/debian/patches/15_mount_scripts_pmount.patch	2006-08-15 11:11:46 UTC (rev 942)
@@ -0,0 +1,71 @@
+diff -Nur hal/build-tree/hal-0.5.7.1/tools/hal-system-storage-eject hal.new/build-tree/hal-0.5.7.1/tools/hal-system-storage-eject
+--- hal-0.5.7.1/tools/hal-system-storage-eject	2006-02-10 04:41:54.000000000 +0100
++++ hal-0.5.7.1/tools/hal-system-storage-eject	2006-08-04 09:57:41.000000000 +0200
+@@ -31,7 +31,18 @@
+ read GIVEN_EJECTOPTIONS
+ GIVEN_EJECTOPTIONS=${GIVEN_EJECTOPTIONS//[^a-zA-Z0-9_=[:space:]]/_}
+ 
+-RESULT=$(eject "$HAL_PROP_BLOCK_DEVICE" 2>&1)
++# check validity of user id
++if [ "$HAL_METHOD_INVOKED_BY_UID" = "0" ]; then
++    echo "Script was called with HAL_METHOD_INVOKED_BY_UID=0, aborting." >&2
++    exit 1
++fi
++PWD=`getent passwd "$HAL_METHOD_INVOKED_BY_UID"` || {
++    echo "User id $HAL_METHOD_INVOKED_BY_UID does not exist." >&2
++    exit 1
++}
++USER="`echo "$PWD" | cut -f 1 -d: | head -n 1`"
++
++RESULT=$(su -c "eject '$HAL_PROP_BLOCK_DEVICE'" "$USER" 2>&1)
+ if [ $? -ne 0 ]; then
+     case "$RESULT" in
+ 	*busy*)
+diff -Nur hal/build-tree/hal-0.5.7.1/tools/hal-system-storage-mount hal.new/build-tree/hal-0.5.7.1/tools/hal-system-storage-mount
+--- hal-0.5.7.1/tools/hal-system-storage-mount	2006-02-14 19:49:55.000000000 +0100
++++ hal-0.5.7.1/tools/hal-system-storage-mount	2006-08-04 09:57:32.000000000 +0200
+@@ -15,6 +15,20 @@
+     exit 1
+ fi
+ 
++# check validity of user id
++if [ "$HAL_METHOD_INVOKED_BY_UID" = "0" ]; then
++    echo "Script was called with HAL_METHOD_INVOKED_BY_UID=0, aborting." >&2
++    exit 1
++fi
++PWD=`getent passwd "$HAL_METHOD_INVOKED_BY_UID"` || {
++    echo "User id $HAL_METHOD_INVOKED_BY_UID does not exist." >&2
++    exit 1
++}
++USER="`echo "$PWD" | cut -f 1 -d:`"
++
++su -c "pmount-hal \"$HAL_PROP_BLOCK_DEVICE\"" "$USER"
++exit $?
++
+ # check if device is already mounted
+ if [ "$HAL_PROP_VOLUME_IS_MOUNTED" = "true" ]; then
+     echo "org.freedesktop.Hal.Device.Volume.AlreadyMounted" >&2
+diff -Nur hal/build-tree/hal-0.5.7.1/tools/hal-system-storage-unmount hal.new/build-tree/hal-0.5.7.1/tools/hal-system-storage-unmount
+--- hal-0.5.7.1/tools/hal-system-storage-unmount	2006-02-13 08:29:44.000000000 +0100
++++ hal-0.5.7.1/tools/hal-system-storage-unmount	2006-08-04 09:57:39.000000000 +0200
+@@ -13,6 +13,20 @@
+     exit 1
+ fi
+ 
++# check validity of user id
++if [ "$HAL_METHOD_INVOKED_BY_UID" = "0" ]; then
++    echo "Script was called with HAL_METHOD_INVOKED_BY_UID=0, aborting." >&2
++    exit 1
++fi
++PWD=`getent passwd "$HAL_METHOD_INVOKED_BY_UID"` || {
++    echo "User id $HAL_METHOD_INVOKED_BY_UID does not exist." >&2
++    exit 1
++}
++USER="`echo "$PWD" | cut -f 1 -d:`"
++
++su -c "pumount \"$HAL_PROP_BLOCK_DEVICE\"" "$USER"
++exit $?
++
+ MOUNT_POINT="$HAL_PROP_INFO_HAL_MOUNT_CREATED_MOUNT_POINT"
+ if [ "$MOUNT_POINT" == "" ]; then
+     MOUNT_POINT="$HAL_PROP_VOLUME_MOUNT_POINT"

More information about the Pkg-utopia-commits mailing list