Ok, thank you. I have requested a branch for f31 and epel8.
May be, there is no whitelist within fedora.
Regardless of this the package appears in the repo:
https://ftp-stud.hs-esslingen.de/pub/fedora/linux/development/rawhide/Eve...
Stefan
Am Di., 24. Sept. 2019 um 02:06 Uhr schrieb Scott Talbert <swt(a)techie.net>:
>
> On Tue, 24 Sep 2019, Stefan Koch wrote:
>
> > Hi
> >
> > My package usbauth-notifier has passed the review:
> >
https://bugzilla.redhat.com/show_bug.cgi?id=1554022
> >
> > The package have a repositiory now:
> >
https://src.fedoraproject.org/rpms/usbauth-notifier
> >
> > I have created a build for my package:
> >
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c486836b68
> >
> > There were some errors at build:
> >
https://taskotron.fedoraproject.org/artifacts/all/364ec852-dc8e-11e9-8845-5
> > 2540077ca13/tests.yml/rpmgrill.json
> >
> > - "/usr/bin/usbauth-npriv": "Owned by group
'<tt>usbauth</tt>'; files in
> > /usr/bin must be group 'root'"
> > - "File <var>/usr/bin/usbauth-npriv</var> is setuid root but is
not on the
> > setxid whitelist."
> > - "File
<var>/usr/libexec/usbauth-notifier/usbauth-notifier</var> is setgid
> > usbauth but is not on the setxid whitelist."
> >
> > Although there were errors, the package is now within the Rawhide
> > Repository:
> >
https://ftp-stud.hs-esslingen.de/pub/fedora/linux/development/rawhide/Every
> > thing/x86_64/os/Packages/u/usbauth-notifier-1.0-1.fc32.x86_64.rpm
> >
> > So is it needed to request adding it to the setxid whitelists?
> > Is it needed do move the usbauth-npriv binary away from /usr/bin? It must be
> > owned by the group usbauth, because of security architecture.
> > For the rpmlint errors I have provided now a rpmlintrc file
athttps://src.fedoraproject.org/rpms/usbauth-notifier/blob/master/f/usbau...
> > otifier.rpmlintrc
> >
> > Is there a way to get the package into the existing Fedora 31, 30 and EPEL 8
> > repositories?
>
> I don't know much about setxid whitelists so I can't answer your questions
> there.
>
> On getting your package into development and stable releases, yes, that is
> possible. You first need to request branches be created using 'fedpkg
> request-branch". Then once those have been processed, you can merge your
> changes to those branches, create builds, then create updates with bodhi
> to get those builds pushed stable.
>
> Scott
> _______________________________________________
> devel mailing list -- devel(a)lists.fedoraproject.org
> To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org