Bug 1125428

Summary: fwupd: removal of /usr/share/polkit-1/rules.d/org.freedesktop.fwupd.rules
Product: [openSUSE] openSUSE Tumbleweed Reporter: Matthias Gerstner <matthias.gerstner>
Component: SecurityAssignee: Dominique Leuenberger <dimstar>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: meissner, security-team
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1125314    

Description Matthias Gerstner 2019-02-14 10:43:56 UTC 
As described in bug 1125314 we want to remove polkit rules files that grant
members of the wheel group special privileges. fwupd ships one such rules file
in /usr/share/polkit-1/rules.d/org.freedesktop.fwupd.rules.

This file is currently not effective anyways, because the polkit-default-privs
take precendence over it. I suggest to move this file to /usr/share/doc/...
as an example for users that want to manually enable this rule on their system.
Comment 1 Matthias Gerstner 2019-03-15 14:08:28 UTC 
A new rpmlint-check is effective in Factory by now that generates a warning
about files installed in rules.d without a whitelisting. In a while we will
make this an error. So please adjust your package accordingly to avoid a
broken build. Thank you.
Comment 2 Matthias Gerstner 2019-05-03 13:20:13 UTC 
This is a friendly reminder to work on this topic. In a while the new rpmlint
check will cause badness and thus the package build will fail if this is not
adjusted accordingly. Thank you!
Comment 3 Dominique Leuenberger 2019-06-24 09:42:09 UTC 
A fix for this was created on May 3rd:

Fri May  3 15:53:17 UTC 2019 - Dominique Leuenberger

- Stop shipping polkit rules, as we have the distro specific setup
  in polkit-default-privs (boo#1125428).