Overview
We got a rpmlint update already for kalpa but it seems there is a new rules file:
[ 10s] plasma-branding-Kalpa.noarch: E: polkit-file-unauthorized (Badness: 10000) /usr/share/polkit-1/rules.d/49-kalpa.rules (sha256 file digest default filter:d26cd444235c36d2270a4950b24e2aefbb772d5654232338289a4f2775aebb5d shell filter:d26cd444235c36d2270a4950b24e2aefbb772d5654232338289a4f2775aebb5d xml filter:<failed-to-calculate>) [ 10s] Packaging polkit rules requires a review and whitelisting by the SUSE security [ 10s] team. If the package is intended for inclusion in any SUSE product please open [ 10s] a bug report to request review of the package by the security team. Please [ 10s] refer to [ 10s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 10s] more information.
Ok, that's really weird, because I haven't touched that file since submitting it, or sending it through the whitelisting process.
Ah, I take that back. I fixed a typo at the request of the security team. I'm assuming that whitelisting hasn't made it into rpmlint yet.
Yep, thank you. There should be a rpmlint update soon with that fix that will allow plasma-branding-Kalpa to be accepted.
found conflict of plasma-branding-Kalpa-20231210-1.1.noarch with sudo-1.9.15p2-3.1.x86_64 /etc/sudoers.d [mode mismatch: d755 root:root, d750 root:root]
There are two things:
- Do not own system directories; only files therein
- The package should install its config file to /usr/etc/sudoers.d; /etc is for admins
So I've checked and the setup for this package is identical, for the sudoers setup as gnome-branding-Aeon, which is in :Factory.
if I remove the %dir ownership of %{_sysconfdir}/sudoers.d, the build fails with:
plasma-branding-Kalpa-20231210-0.noarch.rpm: directories not owned by a package: [ 13s] - /etc/sudoers.d
I'm fine with moving the file to /usr/etc but what's the macro for that?
No, it's definitively not the same:
gnome-branding-Aeon has this in the files section:
%{_sysconfdir}/sudoers.d/50-aeon
and does not own the directory. There is a BuildRequires: sudo
for the directory not owned issue you reported.
%{_distconfdir}
would be /usr/etc/
Ah, I missed that, thanks. Not sure how missed it, but I did. Superseded request incoming shortly.
Request History
sfalken created request
Supercede with changes to address https://build.opensuse.org/request/show/1132361#comment-1859996
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
staging-bot set openSUSE:Factory:Staging:E as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:E"
staging-bot accepted review
Picked "openSUSE:Factory:Staging:E"
licensedigger accepted review
ok
dimstar accepted review
anag+factory accepted review
Staging Project openSUSE:Factory:Staging:E got accepted.
anag+factory approved review
Staging Project openSUSE:Factory:Staging:E got accepted.
anag+factory accepted request
Staging Project openSUSE:Factory:Staging:E got accepted.