patch -- config files in /etc

Matthew Miller mattdm at mattdm.org
Tue Nov 24 16:50:58 PST 2009 

Hi everyone.

I have a patch I'd really like to see make it into PolicyKit before it hits
1.0. It's not a very big change in one sense -- not much altered in the
code -- but it's the kind of thing that's harder to change after a
"production level" release. As the subject line says, in order to comply
with the FHS (as mandated by Fedora and other distros), we want to store our
config files in /etc, not /var/lib. I know the FHS has its flaws, but this
should be pretty uncontroversial.

This is based off of a bug report at in the Red Hat / Fedora bugzilla:
<https://bugzilla.redhat.com/show_bug.cgi?id=538615>, and I've attached
patches there. There's a specfile patch which you'll want to build an RPM,
and then this patch which is against current git:

<https://bugzilla.redhat.com/attachment.cgi?id=373483>

(Also attached to this message)

I'd really appreciate testing, feedback, and any other comments. Like I
said, I'd really like this to see the 1.0 cutoff, and I see from the list
archives that this is impending.

Thanks everyone.

$ diffstat polkit-0.95-git-use_etc_for_pkla.patch
 configure.ac                                    |    2 +-
 docs/man/pklocalauthority.xml                   |    2 +-
 src/polkitbackend/Makefile.am                   |    6 +++---
 src/polkitbackend/polkitbackendlocalauthority.c |    9 +++++++--
 4 files changed, 12 insertions(+), 7 deletions(-)  




-- 
Matthew Miller           mattdm at mattdm.org          <http://mattdm.org/>
-------------- next part --------------
diff -ur PolicyKit.orig/configure.ac PolicyKit/configure.ac
--- PolicyKit.orig/configure.ac	2009-11-24 11:34:11.000000000 -0500
+++ PolicyKit/configure.ac	2009-11-24 11:41:27.000000000 -0500
@@ -484,7 +484,7 @@
 
 "
 
-echo "NOTE: The directory ${localstatedir}/lib/polkit-1 must be owned"
+echo "NOTE: The directory ${sysconfdir}/security/polkit-1 must be owned"
 echo "      by root and have mode 700"
 echo
 
diff -ur PolicyKit.orig/docs/man/pklocalauthority.xml PolicyKit/docs/man/pklocalauthority.xml
--- PolicyKit.orig/docs/man/pklocalauthority.xml	2009-11-24 11:34:11.000000000 -0500
+++ PolicyKit/docs/man/pklocalauthority.xml	2009-11-24 11:44:14.000000000 -0500
@@ -94,7 +94,7 @@
       extension from the following directories
     </para>
     <programlisting>
-/var/lib/polkit-1/
+/etc/security/polkit-1/
 `-- localauthority
     |-- 10-vendor.d
     |-- 20-org.d
diff -ur PolicyKit.orig/src/polkitbackend/Makefile.am PolicyKit/src/polkitbackend/Makefile.am
--- PolicyKit.orig/src/polkitbackend/Makefile.am	2009-11-24 11:34:11.000000000 -0500
+++ PolicyKit/src/polkitbackend/Makefile.am	2009-11-24 11:41:46.000000000 -0500
@@ -100,7 +100,7 @@
 	rm -f *~ $(ck_built_sources) $(BUILT_SOURCES)
 
 install-exec-hook:
-	mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1
-	mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d}
-	-chmod 700 $(DESTDIR)$(localstatedir)/lib/polkit-1
+	mkdir -p $(DESTDIR)$(sysconfdir)/security/polkit-1
+	mkdir -p $(DESTDIR)$(sysconfdir)/security/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d}
+	-chmod 700 $(DESTDIR)$(sysconfdir)/security/polkit-1
 	mkdir -p $(DESTDIR)$(libdir)/polkit-1/extensions
diff -ur PolicyKit.orig/src/polkitbackend/polkitbackendlocalauthority.c PolicyKit/src/polkitbackend/polkitbackendlocalauthority.c
--- PolicyKit.orig/src/polkitbackend/polkitbackendlocalauthority.c	2009-11-24 11:34:11.000000000 -0500
+++ PolicyKit/src/polkitbackend/polkitbackendlocalauthority.c	2009-11-24 11:44:06.000000000 -0500
@@ -140,10 +140,15 @@
   const gchar *store_locations[] =
     {
       PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority/10-vendor.d",
+      PACKAGE_SYSCONF_DIR "/security/polkit-1/localauthority/10-vendor.d",
       PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority/20-org.d",
+      PACKAGE_SYSCONF_DIR "/security/polkit-1/localauthority/20-org.d",
       PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority/30-site.d",
+      PACKAGE_SYSCONF_DIR "/security/polkit-1/localauthority/30-site.d",
       PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority/50-local.d",
+      PACKAGE_SYSCONF_DIR "/security/polkit-1/localauthority/50-local.d",
       PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority/90-mandatory.d",
+      PACKAGE_SYSCONF_DIR "/security/polkit-1/localauthority/90-mandatory.d",
       NULL
     };
 
@@ -507,8 +512,8 @@
 static gchar *
 lockdown_get_filename (const gchar *action_id)
 {
-  return g_strdup_printf (PACKAGE_LOCALSTATE_DIR
-                          "/lib/polkit-1/localauthority/90-mandatory.d/"
+  return g_strdup_printf (PACKAGE_SYSCONF_DIR
+                          "/security/polkit-1/localauthority/90-mandatory.d/"
                           "org.freedesktop.policykit.localauthority.lockdown.action-%s.pkla",
                           action_id);
 }

More information about the polkit-devel mailing list