Bug 1217707

Summary: AUDIT-WHITELIST: plasma-branding-Kalpa: Review of polkit file 49-Kalpa.rules
Product: [openSUSE] openSUSE Tumbleweed Reporter: Shawn Dunn <sfalken>
Component: SecurityAssignee: Matthias Gerstner <matthias.gerstner>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None    
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Shawn Dunn 2023-11-30 16:27:54 UTC 
For my package found in OBS in devel:microos:kalpa:plasma-branding-Kalpa I would like a whitelisting for the following rpmlint error:

[   14s] plasma-branding-Kalpa.noarch: E: polkit-file-unauthorized (Badness: 10) /usr/share/polkit-1/rules.d/49-kalpa.rules (sha256 file digest default filter:b07feaf4e306853ec6441a45ed2e2e7da14de00edac6d86bfc96835c76dae9a2 shell filter:b07feaf4e306853ec6441a45ed2e2e7da14de00edac6d86bfc96835c76dae9a2 xml filter:<failed-to-calculate>)
[   14s] Packaging polkit rules requires a review and whitelisting by the SUSE security
[   14s] team. If the package is intended for inclusion in any SUSE product please open
[   14s] a bug report to request review of the package by the security team. Please
[   14s] refer to
[   14s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for
[   14s] more information.
Comment 1 Matthias Gerstner 2023-12-01 09:37:31 UTC 
This is also the same as for openSUSE Aeon:

```
polkit.addAdminRule(function(action, subject) {
	return ["unix-group:wheel"];
]);
```
Comment 2 Shawn Dunn 2023-12-01 16:01:34 UTC 
Aye, Aeon and Kalpa are following similar design ideas.
Comment 3 Matthias Gerstner 2023-12-08 11:43:05 UTC 
It looks like the rules file you packaged here has a syntax error in it. Diff
against the openSUSE-Aeon branding rules:

```
diff /usr/share/polkit-1/rules.d/49-kalpa.rules aeon.rules
3c3
< ]);
---
> });
```

Please fix this, then we can do the whitelisting.
Comment 4 Shawn Dunn 2023-12-10 20:35:35 UTC 
Fixed:

https://build.opensuse.org/request/show/1132361
Comment 5 Matthias Gerstner 2023-12-11 14:54:21 UTC 
we started the whitelisting process and a submission is on its way to Factory.
Comment 6 OBSbugzilla Bot 2023-12-11 15:25:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1217707) was mentioned in
https://build.opensuse.org/request/show/1132520 Factory / rpmlint
Comment 7 OBSbugzilla Bot 2023-12-14 17:35:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1217707) was mentioned in
https://build.opensuse.org/request/show/1133150 Factory / rpmlint
Comment 8 Matthias Gerstner 2024-01-08 09:50:02 UTC 
This whitelisting should be effective by now. Closing the bug as fixed.