diff --git a/PKGBUILD b/arch/PKGBUILD similarity index 94% rename from PKGBUILD rename to arch/PKGBUILD index 74dad4a..87f7fff 100644 --- a/PKGBUILD +++ b/arch/PKGBUILD @@ -12,8 +12,7 @@ url="http://arcanis.name/projects/netctl-gui" license=('GPL3') makedepends=('automoc4' 'cmake' 'kdelibs' 'qt5-base' 'qt5-tools') source=("https://github.com/arcan1s/netctl-gui/releases/download/V.${pkgver}/${pkgbase}-${pkgver}-src.tar.xz") -install="${pkgbase}.install" -md5sums=('65b6b2ff184de7e55a70645dc4e2f43a') +md5sums=('958d4639b8768407a70935cbc008f3a3') prepare() { @@ -60,7 +59,7 @@ package_kdeplasma-applets-netctl-gui() { 'netctl-gui: graphical front-end' 'netctl-gui-qt4: graphical front-end' 'sudo: sudo support') - install="${pkgbase}.install" + install="kdeplasma-applets-netctl-gui.install" cd "${srcdir}/build-plasmoid" make DESTDIR="${pkgdir}" install @@ -87,6 +86,7 @@ package_netctlgui-helper() { provides=('netctlgui-helper-qt4') conflicts=('netctlgui-helper-qt4') backup=('etc/netctlgui-helper.conf') + install="netctlgui-helper.install" cd "${srcdir}/build-qt5/helper" make DESTDIR="${pkgdir}" install @@ -100,7 +100,7 @@ package_netctl-gui() { 'netctlgui-helper: DBus helper daemon') provides=('netctl-gui-qt4') conflicts=('netctl-gui-qt4') - install="${pkgbase}.install" + install="netctl-gui.install" cd "${srcdir}/build-qt5/gui" make DESTDIR="${pkgdir}" install @@ -115,6 +115,7 @@ package_libnetctlgui-qt4() { 'wpa_supplicant: wifi support') provides=('libnetctlgui') conflicts=('libnetctlgui') + install="" cd "${srcdir}/build-qt4/netctlgui" make DESTDIR="${pkgdir}" install @@ -127,6 +128,7 @@ package_netctlgui-helper-qt4() { provides=('netctlgui-helper') conflicts=('netctlgui-helper') backup=('etc/netctlgui-helper.conf') + install="netctlgui-helper.install" cd "${srcdir}/build-qt4/helper" make DESTDIR="${pkgdir}" install @@ -140,7 +142,7 @@ package_netctl-gui-qt4() { 'netctlgui-helper-qt4: DBus helper daemon') provides=('netctl-gui') conflicts=('netctl-gui') - install="${pkgbase}.install" + install="netctl-gui.install" cd "${srcdir}/build-qt4/gui" make DESTDIR="${pkgdir}" install diff --git a/arch/kdeplasma-applets-netctl-gui.install b/arch/kdeplasma-applets-netctl-gui.install new file mode 100644 index 0000000..58c909f --- /dev/null +++ b/arch/kdeplasma-applets-netctl-gui.install @@ -0,0 +1,14 @@ +post_install() { + cat << EOF +Update plasmoids... +EOF + kbuildsycoca4 > /dev/null 2>&1 +} + +post_upgrade() { + post_install "$1" +} + +post_remove() { + post_install "$1" +} diff --git a/arch/libnetctlgui.install b/arch/libnetctlgui.install new file mode 100644 index 0000000..1c08bca --- /dev/null +++ b/arch/libnetctlgui.install @@ -0,0 +1,11 @@ +post_install() { + xdg-icon-resource forceupdate --theme hicolor 2> /dev/null +} + +post_upgrade() { + post_install "$1" +} + +post_remove() { + post_install "$1" +} diff --git a/netctl-gui.install b/arch/netctl-gui.install similarity index 78% rename from netctl-gui.install rename to arch/netctl-gui.install index 029294d..9fae526 100644 --- a/netctl-gui.install +++ b/arch/netctl-gui.install @@ -4,9 +4,9 @@ post_install() { } post_upgrade() { - post_install + post_install "$1" } post_remove() { - post_install + post_install "$1" } diff --git a/arch/netctlgui-helper.install b/arch/netctlgui-helper.install new file mode 100644 index 0000000..655fa6a --- /dev/null +++ b/arch/netctlgui-helper.install @@ -0,0 +1,7 @@ +post_install() { + setcap cap_setuid=ep usr/bin/netctlgui-helper 2>/dev/null || chmod +s usr/bin/ping +} + +post_upgrade() { + post_install "$1" +} diff --git a/create_archive.sh b/create_archive.sh index 0bf3ed5..13b5bf5 100755 --- a/create_archive.sh +++ b/create_archive.sh @@ -17,5 +17,5 @@ tar cJf "${ARCHIVE}-${VERSION}-src.tar.xz" "${ARCHIVE}" rm -rf "${ARCHIVE}" # update md5sum MD5SUMS=$(md5sum ${ARCHIVE}-${VERSION}-src.tar.xz | awk '{print $1}') -sed -i "/md5sums=('[0-9A-Fa-f]*/s/[^'][^)]*/md5sums=('${MD5SUMS}'/" PKGBUILD -sed -i "s/pkgver=[0-9.]*/pkgver=${VERSION}/" PKGBUILD +sed -i "/md5sums=('[0-9A-Fa-f]*/s/[^'][^)]*/md5sums=('${MD5SUMS}'/" arch/PKGBUILD +sed -i "s/pkgver=[0-9.]*/pkgver=${VERSION}/" arch/PKGBUILD diff --git a/sources/gui/docs/netctl-gui-security-notes.html b/sources/gui/docs/netctl-gui-security-notes.html index 36f1d38..18f3db3 100644 --- a/sources/gui/docs/netctl-gui-security-notes.html +++ b/sources/gui/docs/netctl-gui-security-notes.html @@ -49,7 +49,7 @@

Helper

First of all the helper does not interact with netctl directly, it uses the library to do it. So all library security notes are applicable here. To start the helper and to create DBus services user must be in network group by default (or must be root). But you may change it by editing $DBUS_SYSTEMCONF_PATH/org.netctlgui.helper.conf policy file (/etc/dbus-1/system.d/org.netctlgui.helper.conf by default). Please refer to DBus documentation to do it.

-

There are two binaries netctgui-helper and netctlgui-helper-suid. They are the same, but the second one has SUID bit, so it can be running by normal user without any password. Please note that it is dangerous and recommended way is to use systemd daemon. In this case you may not install netctlgui-helper-suid binary.

+

By default netctgui-helper binary has capabilities to set UID to the children processes (CAP_SETUID). If you do not want to get these capabilities you may use -DUSE_CAPABILITIES cmake flag. Please refer to man 7 capabilities for more details.

There are two configuration files $HOME/.config/netctl-gui.conf and /etc/netctl-gui.conf. The first one is a user configuration and the second one is a system-wide. Please note that by default user configuration has higher priority than system-wide, but running with --system flag user configuration will not be reading. The helper and GUI configurations are the same (although some keys aren't needed).

diff --git a/sources/gui/src/settingswindow.ui b/sources/gui/src/settingswindow.ui index 8662711..6853ae0 100644 --- a/sources/gui/src/settingswindow.ui +++ b/sources/gui/src/settingswindow.ui @@ -211,8 +211,8 @@ 0 0 - 397 - 322 + 464 + 336 @@ -296,16 +296,6 @@ - - - - There are too binaries. `netctlgui-helper` should be running as root (for example from systemd), otherwise interface `/ctrl` will not be available. `netctlgui-helper-suid` may be running as normal user, but you should keep it in mind that it has SUID bit. - - - true - - - diff --git a/sources/helper/src/CMakeLists.txt b/sources/helper/src/CMakeLists.txt index 76c5b26..defd301 100644 --- a/sources/helper/src/CMakeLists.txt +++ b/sources/helper/src/CMakeLists.txt @@ -53,5 +53,5 @@ target_link_libraries (${SUBPROJECT} ${PROJECT_LIBRARY} ${QT_NEEDED_LIBS}) # install properties install (TARGETS ${SUBPROJECT} DESTINATION bin) if (USE_CAPABILITIES) - install (CODE "exec_program (setcap ARGS \\\"cap_setuid+iep cap_setgid+iep\\\" \"$ENV{DESTDIR}/bin/${SUBPROJECT}\")") + install (CODE "exec_program (setcap ARGS \"cap_setuid=ep\" \"$ENV{DESTDIR}/bin/${SUBPROJECT}\")") endif () diff --git a/sources/resources/translations/en.ts b/sources/resources/translations/en.ts index df291ab..f3c4ab3 100644 --- a/sources/resources/translations/en.ts +++ b/sources/resources/translations/en.ts @@ -1873,7 +1873,7 @@ There are too binaries. `netctlgui-helper` should be running as root (for example from systemd), otherwise interface `/ctrl` will not be available. `netctlgui-helper-suid` may be running as normal user, but you should keep it in mind that it has SUID bit. - There are too binaries. `netctlgui-helper` should be running as root (for example from systemd), otherwise interface `/ctrl` will not be available. `netctlgui-helper-suid` may be running as normal user, but you should keep it in mind that it has SUID bit. + There are too binaries. `netctlgui-helper` should be running as root (for example from systemd), otherwise interface `/ctrl` will not be available. `netctlgui-helper-suid` may be running as normal user, but you should keep it in mind that it has SUID bit. diff --git a/sources/resources/translations/netctl-gui.ts b/sources/resources/translations/netctl-gui.ts index eeada97..7961058 100644 --- a/sources/resources/translations/netctl-gui.ts +++ b/sources/resources/translations/netctl-gui.ts @@ -1845,267 +1845,262 @@ SettingsWindow - + Settings - + General - + Language - + Select a language - + netctl - + netctl path - + Path to netctl - - - - - - - - - - + + + + + + + + + + Browse - + Profile path - + Path to profile directory - + sudo - + sudo path - + Path to sudo - + wpa_supplicant - + Helper - + Enable system tray - + Minimize to tray instead of closing - + Start minimized to tray - + It is recommended to use systemd integration. See `man 1 netctlgui-helper` for more details. - + Helper status - + Use helper - + Force use sudo in helper - - There are too binaries. `netctlgui-helper` should be running as root (for example from systemd), otherwise interface `/ctrl` will not be available. `netctlgui-helper-suid` may be running as normal user, but you should keep it in mind that it has SUID bit. - - - - + Helper command - + Helper service - + Name of netctlgui-helper service - + systemctl path - + Path to systemctl - + netctl-auto path - + Path to netctl-auto - + netctl-auto service - + Name of netctl-auto systemd service - + wpa_supplicant path - + Path to wpa_supplicant - + wpa_cli path - + Path to wpa_cli - + PID file - + wpa_supplicant PID file - + wpa_supplicant drivers - + wpa_supplicant drivers comma separated - + ctrl_interface directory - + Path to control directory - + ctrl_interface group - + Group of control directory - + Other - + Close helper after exit (doesn't work while systemd service is active) - + Path to interface list - + Path to directory which contains network devices - + Path to rfkill device list - + Path to directory which contains rfkill devices - - + + Prefered wireless interface @@ -2188,7 +2183,7 @@ - + Start diff --git a/sources/resources/translations/ru.ts b/sources/resources/translations/ru.ts index f7ba1e0..d0d6f00 100644 --- a/sources/resources/translations/ru.ts +++ b/sources/resources/translations/ru.ts @@ -1872,7 +1872,7 @@ There are too binaries. `netctlgui-helper` should be running as root (for example from systemd), otherwise interface `/ctrl` will not be available. `netctlgui-helper-suid` may be running as normal user, but you should keep it in mind that it has SUID bit. - Существует два бинарных файла. `netctlgui-helper` должен быть запущен от root'а (например, через systemd), в противном случае интерфейс `/ctrl` не будет доступен. `netctlgui-helper-suid` может быть запущен от обычного пользователя, однако Вы должны иметь в виду, что он имеет SUID бит. + Существует два бинарных файла. `netctlgui-helper` должен быть запущен от root'а (например, через systemd), в противном случае интерфейс `/ctrl` не будет доступен. `netctlgui-helper-suid` может быть запущен от обычного пользователя, однако Вы должны иметь в виду, что он имеет SUID бит.