Re: Providing polkit policy for update-alternatives?
在 2017年8月16日星期三 CST 下午3:22:55,Boyuan Yang 写道:
> [ Please CC me and/or CC galternatives@packages.debian.org, thanks ]
>
> Hello dpkg people,
>
> I am currently working on Debian package "galternatives" [1], the graphical
> front-end to the update-alternatives program which is shipped by dpkg
> package.
>
> It seems that some actions in /usr/bin/update-alternatives will modify
> system files thus requires admin privileges. When called from shell, people
> often use sudo or su to gain such privilege. However, with a graphical
> program like galternatives, running graphical appliations directly with
> privilege is risky. The best approach is to gain privilege only when
> update-alternatives is called as a subprocess.
>
> The old method is to use gksu. However, gksu is to be removed in buster
> cycle. [2] We intend to use polkit instead in future releases. However,
> using polkit (to be concrete, using pkexec(1)) requires putting policy XML
> files under /usr/share/polkit-1/actions/ [3]. Since update-alternatives is
> actually provided by dpkg, I am asking in debian-dpkg list here.
>
> I think there are two viable options:
>
> * Let galternatives ship org.debian.pkexec.update-alternatives.policy
> * Let dpkg package ship org.debian.pkexec.update-alternatives.policy
>
> Once the policy file gets settled down in the system, policykit will be
> invoked when "pkexec update-alternatives [options...]" is called. Only
> users with admin priviliges are allowed to proceed (with their own password
> checked) and such privilege promotion will last for a short while
> ("auth_admin_keep") with the help of policykit.
>
> I am wondering which one do you prefer. Any suggestions would be welcome
> too.
>
> * * * * *
>
> A draft for the file should be like this:
>
> (/usr/share/polkit-1/actions/org.debian.pkexec.update-alternatives.policy)
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE policyconfig PUBLIC
> "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
> "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
> <policyconfig>
> <vendor>galternatives</vendor>
> <vendor_url>https://tracker.debian.org/pkg/galternatives</vendor_url>
> <icon_name>galternatives</icon_name>
>
> <action id="org.debian.pkexec.update-alternatives">
> <description>Run update-alternatives tool to modify system alternative
> selections</description>
> <description xml:lang="zh_CN">运行 update-alternatives 工具以修改系统可选项配置</
> description>
> <message>Authentication is required to run update-alternatives tool</
> message>
> <message xml:lang="zh_CN">运行 update-alternatives 工具需要认证</message>
> <message xml:lang="zh_HK">執行 update-alternatives 工具前要先認證</message>
> <message xml:lang="zh_TW">需要驗證以執行 update-alternatives 工具</message>
> <defaults>
> <allow_any>auth_admin_keep</allow_any>
> <allow_inactive>auth_admin_keep</allow_inactive>
> <allow_active>auth_admin_keep</allow_active>
> </defaults>
> <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/update-
> alternatives</annotate>
> </action>
>
> </policyconfig>
>
> [1] https://tracker.debian.org/pkg/galternatives
> [2] https://bugs.debian.org/867236
> [3] man 8 polkit
>
> Thanks,
> Boyuan Yang
Seems that no one replied these days. I will start shipping policykit policy
for update-alternatives with "galternatives" package in experimental soon and
unstable later. Please contact me were there any doubts.
Regards,
Boyuan Yang
Reply to: