Add patch from github to avoid setting default (users) group on home dirs

0003-do-not-set-default-users-group-on-home.patch

@@ -0,0 +1,132 @@
+From a95be0ca5aae5fa08348b95e631671257effd457 Mon Sep 17 00:00:00 2001
+From: codeworkx <codeworkx@cyanogenmod.org>
+Date: Tue, 17 Nov 2015 21:55:50 +0100
+Subject: [PATCH] don't set default "users" group on home dirs
+
+Fixes CAL-345.
+
+Changing group of home dir to the default "users" group might be a security risk
+because every user which belongs to the default "users" group
+might be able to access private data on home dirs of other users.
+---
+ src/modules/users/CreateUserJob.cpp |  4 +---
+ src/modules/users/CreateUserJob.h   |  2 --
+ src/modules/users/UsersPage.cpp     |  3 +--
+ src/modules/users/UsersViewStep.cpp | 10 +---------
+ src/modules/users/UsersViewStep.h   |  1 -
+ src/modules/users/users.conf        |  2 +-
+ 6 files changed, 4 insertions(+), 18 deletions(-)
+
+diff -urN calamares-1.1.4.2/src/modules/users/CreateUserJob.cpp calamares-1.1.4.2-patched/src/modules/users/CreateUserJob.cpp
+--- calamares-1.1.4.2/src/modules/users/CreateUserJob.cpp	2015-11-28 01:58:05.524593939 +1000
++++ calamares-1.1.4.2-patched/src/modules/users/CreateUserJob.cpp	2015-11-28 01:58:31.115595103 +1000
+@@ -33,13 +33,11 @@
+ CreateUserJob::CreateUserJob( const QString& userName,
+                               const QString& fullName,
+                               bool autologin,
+-                              const QString& userGroup,
+                               const QStringList& defaultGroups )
+     : Calamares::Job()
+     , m_userName( userName )
+     , m_fullName( fullName )
+     , m_autologin( autologin )
+-    , m_userGroup( userGroup )
+     , m_defaultGroups( defaultGroups )
+ {
+ }
+@@ -148,7 +146,7 @@
+     ec = CalamaresUtils::chrootCall( { "chown",
+                                        "-R",
+                                        QString( "%1:%2" ).arg( m_userName )
+-                                                         .arg( m_userGroup ),
++                                                         .arg( m_userName ),
+                                        QString( "/home/%1" ).arg( m_userName ) } );
+     if ( ec )
+         return Calamares::JobResult::error( tr( "Cannot set home directory ownership for user %1." )
+diff -urN calamares-1.1.4.2/src/modules/users/CreateUserJob.h calamares-1.1.4.2-patched/src/modules/users/CreateUserJob.h
+--- calamares-1.1.4.2/src/modules/users/CreateUserJob.h	2015-08-06 19:58:32.000000000 +1000
++++ calamares-1.1.4.2-patched/src/modules/users/CreateUserJob.h	2015-11-28 01:58:31.116595103 +1000
+@@ -30,7 +30,6 @@
+     CreateUserJob( const QString& userName,
+                    const QString& fullName,
+                    bool autologin,
+-                   const QString& userGroup,
+                    const QStringList& defaultGroups );
+     QString prettyName() const override;
+     QString prettyDescription() const override;
+@@ -41,7 +40,6 @@
+     QString m_userName;
+     QString m_fullName;
+     bool m_autologin;
+-    QString m_userGroup;
+     QStringList m_defaultGroups;
+ };
+ 
+diff -urN calamares-1.1.4.2/src/modules/users/users.conf calamares-1.1.4.2-patched/src/modules/users/users.conf
+--- calamares-1.1.4.2/src/modules/users/users.conf	2015-08-19 20:52:13.000000000 +1000
++++ calamares-1.1.4.2-patched/src/modules/users/users.conf	2015-11-28 01:58:31.116595103 +1000
+@@ -1,6 +1,6 @@
+ ---
+-userGroup:       users
+ defaultGroups:
++    - users
+     - lp
+     - video
+     - network
+diff -urN calamares-1.1.4.2/src/modules/users/UsersPage.cpp calamares-1.1.4.2-patched/src/modules/users/UsersPage.cpp
+--- calamares-1.1.4.2/src/modules/users/UsersPage.cpp	2015-11-28 01:58:05.523593939 +1000
++++ calamares-1.1.4.2-patched/src/modules/users/UsersPage.cpp	2015-11-28 01:58:31.116595103 +1000
+@@ -94,7 +94,7 @@
+ 
+ 
+ QList< Calamares::job_ptr >
+-UsersPage::createJobs( const QString& defaultUserGroup, const QStringList& defaultGroupsList )
++UsersPage::createJobs( const QStringList& defaultGroupsList )
+ {
+     QList< Calamares::job_ptr > list;
+     if ( !isReady() )
+@@ -106,7 +106,6 @@
+                                ui->textBoxUsername->text() :
+                                ui->textBoxFullName->text(),
+                            ui->checkBoxLoginAuto->isChecked(),
+-                           defaultUserGroup,
+                            defaultGroupsList );
+     list.append( Calamares::job_ptr( j ) );
+ 
+diff -urN calamares-1.1.4.2/src/modules/users/UsersViewStep.cpp calamares-1.1.4.2-patched/src/modules/users/UsersViewStep.cpp
+--- calamares-1.1.4.2/src/modules/users/UsersViewStep.cpp	2015-10-01 01:24:47.000000000 +1000
++++ calamares-1.1.4.2-patched/src/modules/users/UsersViewStep.cpp	2015-11-28 01:58:31.117595103 +1000
+@@ -113,21 +113,13 @@
+ {
+     m_jobs.clear();
+ 
+-    m_jobs.append( m_widget->createJobs( m_userGroup, m_defaultGroups ) );
++    m_jobs.append( m_widget->createJobs( m_defaultGroups ) );
+ }
+ 
+ 
+ void
+ UsersViewStep::setConfigurationMap( const QVariantMap& configurationMap )
+ {
+-    if ( configurationMap.contains( "userGroup" ) &&
+-         configurationMap.value( "userGroup" ).type() == QVariant::String )
+-    {
+-        m_userGroup = configurationMap.value( "userGroup" ).toString();
+-    }
+-    if ( m_userGroup.isEmpty() )
+-        m_userGroup = QStringLiteral( "users" );
+-
+     if ( configurationMap.contains( "defaultGroups" ) &&
+          configurationMap.value( "defaultGroups" ).type() == QVariant::List )
+     {
+diff -urN calamares-1.1.4.2/src/modules/users/UsersViewStep.h calamares-1.1.4.2-patched/src/modules/users/UsersViewStep.h
+--- calamares-1.1.4.2/src/modules/users/UsersViewStep.h	2015-10-01 01:24:47.000000000 +1000
++++ calamares-1.1.4.2-patched/src/modules/users/UsersViewStep.h	2015-11-28 01:58:31.117595103 +1000
+@@ -63,7 +63,6 @@
+     UsersPage* m_widget;
+     QList< Calamares::job_ptr > m_jobs;
+ 
+-    QString m_userGroup;
+     QStringList m_defaultGroups;
+ };
+ 

calamares.spec

@@ -6,7 +6,7 @@
 Summary:	Distribution-independent installer framework
 Name:		calamares
 Version:	1.1.4.2
-Release:	8
+Release:	9
 License:	GPLv3+
 Group:		System/Configuration/Other
 Url:		http://calamares.io/
@@ -41,6 +41,7 @@ Patch1:		calamares-1.1.4.2-desktop-file.patch
 Patch2:		calamares-libparted-detection.patch
 Patch3:		0001-Make-sure-the-FullName-is-not-empty.patch
 Patch4:		0002-do-not-use-users-group.patch
+Patch5:		0003-do-not-set-default-users-group-on-home.patch
 BuildRequires:	cmake
 BuildRequires:	extra-cmake-modules
 BuildRequires:	imagemagick

rosa-users.conf

@@ -1,5 +1,4 @@
 ---
-userGroup:      users
 defaultGroups:
     - lp
     - video