Bug#1033511: marked as done (release-notes: mention the switch from old polkit .pkla files to JavaScript .rules)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 30 May 2023 21:25:29 +0200
with message-id <e8ea6cb5-ed75-31d0-a746-ec9c2a550f1c@debian.org>
and subject line Re: Bug#1033511: release-notes: mention the switch from old polkit .pkla files to JavaScript .rules
has caused the Debian Bug report #1033511,
regarding release-notes: mention the switch from old polkit .pkla files to JavaScript .rules
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1033511: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033511
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: release-notes: mention the switch from old polkit .pkla files to JavaScript .rules
• From: Simon McVittie <smcv@debian.org>
• Date: Sun, 26 Mar 2023 14:48:12 +0100
• Message-id: <ZCBNHNGQOYdDwXDA@tautology.pseudorandom.co.uk>

Package: release-notes
Severity: normal
Control: affects -1 src:policykit-1
X-Debbugs-Cc: policykit-1@packages.debian.org

I think the transition mentioned in /usr/share/doc/polkitd/NEWS.Debian.gz
deserves to be included in the bookworm release notes. I attach some
possible wording. I'm not entirely sure which section this should go
in, so the location suggested below is only a guess: please move it
as necessary.

Note that I've included a link to the bookworm polkit(8) man page, but
the version displayed on manpages.debian.org is currently wrong (it
seems to be a cached version of the man page as it appeared in bullseye).
I've reported a separate bug. If the manpages.d.o bug is not fixed by
the time this is ready for merge, then a workaround would be to link
to the unstable version of polkit(8), which has the correct content.

    smcv

diff --git a/en/issues.dbk b/en/issues.dbk
index 4b7b9dda..38e79ce9 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -55,6 +55,54 @@
 
     </section>
 
+    <section id="polkitd-pkla">
+      <!-- bullseye to bookworm -->
+      <title>polkit .pkla files deprecated</title>
+      <para>
+        polkit (formerly PolicyKit) has been upgraded from version 0.105 to
+        version 122.
+        This version changes the syntax used for local policy rules:
+        it is now the same JavaScript-based format used by the upstream polkit
+        project and by other Linux distributions.
+      </para>
+      <para>
+        System administrators can override the default security policy by
+        installing local policy overrides into
+        <filename>/etc/polkit-1/rules.d/*.rules</filename>,
+        which can either make the policy more restrictive or more
+        permissive.
+        Some sample policy rules can be found in the
+        <filename>/usr/share/doc/polkitd/examples</filename> directory.
+        Please see the <ulink
+          url="&url-man;/&releasename;/polkitd/polkit.8.html#AUTHORIZATION_RULES">polkit(8)
+          manual page</ulink> for more details.
+      </para>
+      <para>
+        Older Debian releases used the "local authority" rules format from
+        upstream version 0.105, consisting of <literal>.pkla</literal>
+        files with a <literal>.desktop</literal>-like syntax,
+        installed into subdirectories of
+        <filename>/etc/polkit-1/localauthority</filename>
+        or <filename>/var/lib/polkit-1/localauthority</filename>.
+        The <systemitem role="package">polkitd-pkla</systemitem> package
+        provides compatibility with these files, and will usually be
+        installed during upgrades.
+        If it is installed, then <literal>.pkla</literal> files will be
+        processed at a higher priority than most <literal>.rules</literal>
+        files.
+        If the <systemitem role="package">polkitd-pkla</systemitem>
+        package is removed, <literal>.pkla</literal> files will no longer
+        be used.
+      </para>
+      <para>
+        The <literal>.pkla</literal> files should be considered deprecated,
+        and <systemitem role="package">polkitd-pkla</systemitem> is likely
+        to be removed in a future Debian release.
+        Please migrate any local policy overrides to the JavaScript format
+        after upgrading.
+      </para>
+    </section>
+
     <section id="puppetserver">
       <!-- bullseye to bookworm -->
       <title>Puppet configuration management system upgraded to 7</title>

--- End Message ---

--- Begin Message ---

• To: Simon McVittie <smcv@debian.org>, 1033511-done@bugs.debian.org
• Subject: Re: Bug#1033511: release-notes: mention the switch from old polkit .pkla files to JavaScript .rules
• From: Paul Gevers <elbrus@debian.org>
• Date: Tue, 30 May 2023 21:25:29 +0200
• Message-id: <e8ea6cb5-ed75-31d0-a746-ec9c2a550f1c@debian.org>
• In-reply-to: <ZCBNHNGQOYdDwXDA@tautology.pseudorandom.co.uk>
• References: <ZCBNHNGQOYdDwXDA@tautology.pseudorandom.co.uk>

Hi,

On 26-03-2023 15:48, Simon McVittie wrote:

I think the transition mentioned in /usr/share/doc/polkitd/NEWS.Debian.gz
deserves to be included in the bookworm release notes.

I have just hit the merge button on Salsa for https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/170

Thanks for your attention.

Paul

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

--- End Message ---