policykit-1 (122-2) unstable; urgency=medium
[ Debian Janitor ]
* d/changelog: Trim trailing whitespace
* d/upstream/metadata: Update URLs for Bug-Database, Bug-Submit
[ Simon McVittie ]
* Update how we assign root-equivalent groups
- d/p/debian/50-default.rules-Replace-wheel-group-with-sudo-group.patch,
d/rules:
Set up Debian's default root-equivalent group 'sudo' in
50-default.rules rather than in 40-debian-sudo.rules. This ensures
that users of polkitd-pkla can override it by configuring admin
identities the old way. Previously, because 40-debian-sudo.rules was
earlier in the sequence than 49-polkit-pkla-compat.rules, it would
take precedence and the admin identities from polkitd-pkla were
ignored. (Closes: #1023393)
By default, polkitd-pkla does not provide any admin identities,
which means we behave as though polkitd-pkla was not installed at all,
and fall back to the sudo group defined in 50-default.rules.
- d/p/debian/05_revert-admin-identities-unix-group-wheel.patch:
Drop patch, superseded by the one described above
- d/rules: When built for Ubuntu, also install an Ubuntu-specific file
sequenced after 49-polkit-pkla-compat.rules but before
50-default.rules, which treats both the 'sudo' group and the legacy
'admin' group as root-equivalent.
* Replace /etc/pam.d/polkit-1 with /usr/lib/pam.d/polkit-1.
/usr/lib/pam.d has been supported since at least 1.4.0 (Debian 11),
so we can make this an ordinary packaged file instead of a conffile.
Local sysadmin overrides can still be done via /etc/pam.d/polkit-1
as before.
This sidesteps dpkg's inability to keep track of a conffile when it is
moved from one package to another (#399829, #645849, #163657, #595112).
(Closes: #1006203)
* postinst: Only clean up config directories if not owned.
If we only have polkitd installed, then we want to clean up the obsolete
directory /etc/polkit-1/localauthority.conf.d on upgrade, but if we
have polkitd-pkla installed, then it owns that directory and we should
not remove it. (Closes: #1026425)
* d/policykit-1.dirs: Continue to own some legacy directory names.
Having the transitional package continue to own these directories until
it has had a chance to clean up obsolete conffiles will silence warnings
from dpkg about inability to remove them. (Closes: #1027420)
* d/polkitd.postrm: Clean up /var/lib/polkit-1 on purge.
If /var/lib/polkit-1 was the polkitd user's home directory, then it
might contain a .cache subdirectory; clean that up too.
* Create polkitd user with home directory /nonexistent in new installations.
This will prevent it from creating detritus in /var/lib/polkit-1.
* polkitd.postinst: Change polkitd home directory to /nonexistent on upgrade
* Remove version constraints unnecessary since buster (oldstable)
* Update standards version to 4.6.2 (no changes needed)
-- Simon McVittie <email address hidden> Fri, 20 Jan 2023 13:22:24 +0000