MBF: dependency on policykit-1 -> polkitd or pkexec

To: debian-devel@lists.debian.org
Subject: MBF: dependency on policykit-1 -> polkitd or pkexec
From: Simon McVittie <smcv@debian.org>
Date: Fri, 14 Oct 2022 11:27:05 +0100
Message-id: <[🔎] Y0k5ebqfBjoLoBuv@momentum.pseudorandom.co.uk>

A while ago I split the policykit-1 package into two binary packages:

- polkitd: the authorization daemon and associated utilities
- pkexec: the sudo-like tool to run arbitrary commands as root

policykit-1 is a transitional package to pull in both. Since upgrading
to upstream version 121 which uses JavaScript as the primary format
for authorization rules, it also pulls in polkitd-pkla (also known as
polkit-pkla-compat upstream), which provides backwards compatibility
with sysadmins' existing .pkla authorization policies if any.

I'd like to reduce the number of dependencies on the transitional
policykit-1 package for bookworm, ideally to zero. This gives us two
desirable properties:

- The setuid /usr/bin/pkexec will be present on fewer systems, reducing
  attack surface: for example CVE-2021-4034 only affected pkexec, and
  polkitd was not vulnerable. After we get the dependencies fixed, I would
  expect to see pkexec installed on typical laptop/desktop systems, but
  not on typical servers.

- New installations won't get polkitd-pkla, so it's easier to see what
  policies are applied and in what order (all backwards-compatibility
  .pkla files get applied in the middle of the new sequence of .rules
  files, which can be quite confusing).

A template bug mail:

-------------------------------- 8< -----------------------------------

This package has a Depends, Recommends, Suggests or Build-Depends on the
transitional package policykit-1, which has been separated into polkitd
and pkexec packages.

If this package communicates with polkitd via D-Bus, please represent that
as a Depends, Recommends or Suggests on polkitd, whichever is appropriate.

If this package runs /usr/bin/pkexec, please represent that as a Depends,
Recommends or Suggests on pkexec, whichever is appropriate.

If this package requires polkit at build-time (usually for the gettext
extensions polkit.its and polkit.loc), please build-depend on both
libpolkit-gobject-1-dev and polkitd, even if the package does not
actually depend on libpolkit-gobject-1 at runtime. This is because
the gettext extensions are currently in polkitd, but might be moved to
libpolkit-gobject-1-dev in future (see #955204). pkexec is usually not
required at build-time.

For packages that are expected to be backported to bullseye, it's OK to
use an alternative dependency: polkitd | policykit-1 and/or
pkexec | policykit-1.

-------------------------------- 8< -----------------------------------

dd-list attached. I've tried to filter out false positives for packages
that already use polkitd | policykit-1, such as flatpak.

The next Lintian release will emit a depends-on-obsolete-package error
for dependencies on policykit-1 (and several other transitional packages)
which will help to make progress in this direction.

Thanks,
    smcv

Alessio Treglia <alessio@debian.org>
   rtkit (U)

Andrea Bolognani <eof@kiyuko.org>
   libvirt (U)
   libvirt-dbus (U)

Andreas Messer <andi@bastelmap.de>
   elogind (U)

Andrew Lee (李健秋) <ajqlee@debian.org>
   lxde-metapackages (U)
   lxsession (U)

Andrew Pollock <apollock@debian.org>
   isc-dhcp (U)

Andriy Grytsenko <andrej@rep.kiev.ua>
   lxde-metapackages (U)
   lxsession (U)

Anibal Monsalve Salazar <anibal@debian.org>
   gparted (U)

Anthony Fok <foka@debian.org>
   timekpr-next (U)

Antonio Cardoso Martins <digiplan.pt@gmail.com>
   guidedog

Arnaud Ferraris <aferraris@debian.org>
   modemmanager (U)

Aron Xu <aron@debian.org>
   network-manager (U)

Axel Beckert <abe@debian.org>
   wicd (U)

Barak A. Pearlmutter <bap@debian.org>
   ettercap
   ettercap (U)

Bertrand Marc <bmarc@debian.org>
   gnunet-gtk

Boyuan Yang <byang@debian.org>
   galternatives (U)
   mintstick

Carl Fürstenberg <azatoth@gmail.com>
   obs-studio (U)

Chris Lamb <lamby@debian.org>
   zoneminder (U)

Christopher James Halse Rogers <raof@ubuntu.com>
   colord

Christopher Schramm <debian@cschramm.eu>
   blueman

Clément Hermann <nodens@debian.org>
   libgsecuredelete (U)

Daniel Baumann <daniel.baumann@progress-linux.org>
   bfh-metapackages
   gnunet-gtk
   progress-linux-metapackages

Daniel Jared Dominguez <jared.dominguez@dell.com>
   fwupd (U)

David Mohammed <fossfreedom@ubuntu.com>
   budgie-control-center

Debian Accessibility Team <pkg-a11y-devel@alioth-lists.debian.net>
   brltty

Debian Accessibility Team <pkg-a11y-devel@lists.alioth.debian.org>
   brltty

Debian Chinese Team <chinese-developers@lists.alioth.debian.org>
   galternatives

Debian Ecosystem Init Diversity Team <debian-init-diversity@chiark.greenend.org.uk>
   elogind

Debian Edu Packaging Team <debian-edu-pkg-team@lists.alioth.debian.org>
   veyon

Debian EFI <debian-efi@lists.debian.org>
   fwupd

Debian Electronics Team <pkg-electronics-devel@lists.alioth.debian.org>
   arduino

Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org>
   accountsservice
   malcontent

Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
   deja-dup
   gnome-applets
   gnome-initial-setup
   gnome-multi-writer
   gnome-system-log
   sysprof

Debian ISC DHCP Maintainers <isc-dhcp@packages.debian.org>
   isc-dhcp

Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>
   isc-dhcp

Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
   libvirt
   libvirt-dbus

Debian LXDE Maintainers <pkg-lxde-maintainers@lists.alioth.debian.org>
   lxde-metapackages
   lxsession

Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
   obs-studio
   rtkit

Debian Printing Team <debian-printing@lists.debian.org>
   hannah-foo2zjs
   hplip

Debian Privacy Tools Maintainers <pkg-privacy-maintainers@lists.alioth.debian.org>
   libgsecuredelete

Debian Python Team <team+python@tracker.debian.org>
   bleachbit (U)
   gui-ufw
   timekpr-next

Debian Remote Maintainers <debian-remote@lists.debian.org>
   x2gothinclient

Debian Security Tools <team+pkg-security@tracker.debian.org>
   ettercap
   guymager

Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>
   selinux-dbus
   selinux-python

Debian Sugar Team <pkg-sugar-devel@lists.alioth.debian.org>
   sugar

Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
   systemd

Debian WICD Packaging Team <pkg-wicd-maint@lists.alioth.debian.org>
   wicd

Debian Wine Team <debian-wine@lists.debian.org>
   winetricks

Debian Xfce Maintainers <debian-xfce@lists.debian.org>
   lightdm-gtk-greeter

Debian+Ubuntu MATE Packaging Team <debian-mate@lists.debian.org>
   caja-admin
   caja-dropbox
   mate-applets
   mate-polkit
   mate-power-manager
   mate-settings-daemon
   mate-system-monitor

DebianOnMobile Maintainers <debian-on-mobile-maintainers@alioth-lists.debian.net>
   modemmanager

Devid Antonio Filoni <d.filoni@ubuntu.com>
   gui-ufw (U)

Didier Raboud <odyx@debian.org>
   fprintd (U)
   hplip (U)

Dmitry Shachnev <mitya57@debian.org>
   gnome-applets (U)

Dmitry Smirnov <onlyjob@debian.org>
   zoneminder

Emilio Pozuelo Monfort <pochu@debian.org>
   accountsservice (U)

Evangelos Rigas <e.rigas@cranfield.ac.uk>
   cpupower-gui

Evgeni Golov <evgeni@debian.org>
   tuned

Fabian Wolff <fabi.wolff@arcor.de>
   backintime (U)

Felipe Sateler <fsateler@debian.org>
   rtkit (U)
   systemd (U)

FingerForce Team <fingerforce-devel@lists.alioth.debian.org>
   fprintd

gdebi developers <gdebi@packages.debian.org>
   gdebi

Gianfranco Costamagna <locutusofborg@debian.org>
   ettercap (U)
   guidedog (U)

Giap Tran <txgvnn@gmail.com>
   wicd (U)

Graham Inggs <ginggs@debian.org>
   modem-manager-gui
   modem-manager-gui (U)

Guido Günther <agx@sigxcpu.org>
   libvirt (U)
   modemmanager (U)

gustavo panizzo <gfa@zumbi.com.ar>
   tuned (U)

handsome_feng <jianfengli@ubuntukylin.com>
   ukui-biometric-auth (U)

Henry-Nicolas Tourneur <debian@nilux.be>
   modemmanager (U)

Hugo Lefeuvre <hle@debian.org>
   bleachbit

Iain Lane <laney@debian.org>
   deja-dup (U)
   gnome-applets (U)
   gnome-system-log (U)

Ian Jackson <ijackson@chiark.greenend.org.uk>
   elogind (U)

intrigeri <intrigeri@debian.org>
   libgsecuredelete (U)

James Lu <james@overdrivenetworks.com>
   lightdm-gtk-greeter-settings

Jens Reyer <jre.winesim@gmail.com>
   winetricks (U)

Jeremy Bicha <jbicha@debian.org>
   deja-dup (U)
   gnome-applets (U)
   gnome-initial-setup (U)
   gnome-multi-writer (U)
   gnome-system-log (U)
   sysprof (U)

Jeremy Bicha <jbicha@ubuntu.com>
   deja-dup (U)
   gnome-initial-setup (U)
   sysprof (U)

Joao Eriberto Mota Filho <eriberto@debian.org>
   grub-customizer
   linssid

John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
   caja-dropbox (U)
   mate-applets (U)
   mate-polkit (U)
   mate-power-manager (U)
   mate-settings-daemon (U)
   mate-system-monitor (U)

Jonas Smedegaard <dr@jones.dk>
   sugar (U)

Jonathan Carter <jcc@debian.org>
   calamares

Jonathan Wiltshire <jmw@debian.org>
   backintime

Joseph Bisch <joseph.bisch@gmail.com>
   winetricks (U)

Josselin Mouette <joss@debian.org>
   gnome-system-log (U)

Julian Andres Klode <jak@debian.org>
   hplip (U)
   packagekit (U)

Kamal Mostafa <kamal@canonical.com>
   trace-cmd (U)

Kartik Mistry <kartik@debian.org>
   scanmem (U)

Kylin Team <team+kylin@tracker.debian.org>
   ukui-biometric-auth

Laurent Bigonville <bigon@debian.org>
   deja-dup (U)
   gnome-initial-setup (U)
   gnome-system-log (U)
   malcontent (U)
   realmd (U)
   selinux-dbus (U)
   selinux-python (U)
   sysprof (U)

Laurent Léonard <laurent@open-minds.org>
   libvirt (U)

Luca Boccassi <bluca@debian.org>
   systemd (U)

Luke Yelavich <themuso@ubuntu.com>
   rtkit (U)

Marcio de Souza Oliveira <marciosouza@debian.org>
   zulucrypt

Marco d'Itri <md@linux.it>
   systemd (U)

Marco Trevisan <marco@ubuntu.com>
   fprintd (U)

Mario Limonciello <mario.limonciello@dell.com>
   fwupd (U)

Mario Limonciello <superm1@gmail.com>
   fwupd (U)

Mark Hindley <mark@hindley.org.uk>
   elogind (U)

Mark Purcell <msp@debian.org>
   hplip (U)

Martin <debacle@debian.org>
   modemmanager (U)

Martin Pitt <mpitt@debian.org>
   cockpit (U)
   policykit-1-gnome (U)
   systemd (U)
   udisks2 (U)
   upower (U)

Martin Wimpress <code@flexion.org>
   caja-dropbox (U)
   mate-applets (U)
   mate-system-monitor (U)

Mathieu Trudel-Lapierre <mathieu.tl@gmail.com>
   modemmanager

Matteo F. Vescovi <mfv@debian.org>
   modem-manager-gui

Matthias Klumpp <mak@debian.org>
   fwupd (U)
   packagekit

Michael Biebl <biebl@debian.org>
   cockpit (U)
   gnome-multi-writer (U)
   gnome-system-log (U)
   network-manager (U)
   policykit-1-gnome (U)
   sysprof (U)
   systemd (U)
   udisks2 (U)
   upower (U)

Michael Gilbert <mgilbert@debian.org>
   isc-dhcp (U)

Michael Prokop <mika@debian.org>
   guymager (U)

Michael Vogt <mvo@debian.org>
   gdebi (U)
   synaptic

Mihai Moldovan <ionic@ionic.de>
   x2gothinclient (U)

Mike Gabriel <sunweaver@debian.org>
   caja-admin (U)
   caja-dropbox (U)
   mate-applets (U)
   mate-polkit (U)
   mate-power-manager (U)
   mate-settings-daemon (U)
   mate-system-monitor (U)
   veyon (U)
   x2gothinclient (U)

Miriam Ruiz <miriam@debian.org>
   gui-ufw (U)

Murat Demirten <murat@debian.org>
   ettercap (U)

Patrick Matthäi <pmatthaei@debian.org>
   needrestart-session

Petr Baudis <pasky@ucw.cz>
   mate-power-manager (U)

Philip Hands <phil@hands.com>
   arduino (U)

Phillip Susi <phill@thesusis.net>
   gparted

Phillip Susi <psusi@ubuntu.com>
   gparted

Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>
   bleachbit (U)
   gui-ufw

Ritesh Raj Sarraf <rrs@debian.org>
   sysprof (U)

Russell Coker <russell@coker.com.au>
   selinux-dbus (U)
   selinux-python (U)

Samuel Thibault <sthibault@debian.org>
   brltty (U)

Santiago Ruano Rincón <santiago@debian.org>
   isc-dhcp (U)
   sugar (U)

Scott Howard <showard@debian.org>
   arduino
   arduino (U)

Sebastian Parschauer <s.parschauer@gmx.de>
   scanmem

Sebastian Ramacher <sramacher@debian.org>
   obs-studio (U)

Sebastien Bacher <seb128@debian.org>
   deja-dup (U)
   gnome-initial-setup (U)

Seth Forshee <seth.forshee@canonical.com>
   trace-cmd (U)

Sjoerd Simons <sjoerd@debian.org>
   network-manager (U)
   systemd (U)

Stefano Karapetsas <stefano@karapetsas.com>
   caja-dropbox (U)
   mate-applets (U)
   mate-polkit (U)
   mate-power-manager (U)
   mate-settings-daemon (U)
   mate-system-monitor (U)

Steve McIntyre <93sam@debian.org>
   fwupd (U)

Sudip Mukherjee <sudipm.mukherjee@gmail.com>
   kernelshark
   trace-cmd

Thorsten Alteholz <debian@alteholz.de>
   hplip (U)

Till Kamppeter <till.kamppeter@gmail.com>
   hplip (U)

Ubuntu Developers <ubuntu-dev-team@lists.alioth.debian.org>
   gdebi

Ubuntu Kernel Team <kernel-team@lists.ubuntu.com>
   trace-cmd

Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
   cockpit
   network-manager
   policykit-1-gnome
   realmd
   udisks2
   upower

Vangelis Mouhtsis <vangelis@gnugr.org>
   caja-admin (U)
   caja-dropbox (U)
   mate-applets (U)
   mate-polkit (U)
   mate-power-manager (U)
   mate-settings-daemon (U)
   mate-system-monitor (U)

xiao sheng wen <atzlinux@sina.com>
   grub-customizer

Yangfl <mmyangfl@gmail.com>
   galternatives (U)

Yanhao Mo <yanhaocs@gmail.com>
   hotspot

Yann Amar <quidame@poivron.org>
   bilibop

Yves-Alexis Perez <corsac@debian.org>
   lightdm-gtk-greeter (U)

Reply to:

Prev by Date: Bug#1021750: general: the nodelalloc mount option should be used by default for ext4 in /etc/fstab
Next by Date: Bug#1021750: general: the nodelalloc mount option should be used by default for ext4 in /etc/fstab
Previous by thread: Bug#1021759: ITP: py-rnp -- Python bindings for librnp
Next by thread: [MASS-NMU] rebuild with new debhelper 13.10 / changes to dh_installinit and dh_installsystemd
Index(es):
- Date
- Thread