Hello Attilla, live-config maintainers, On 26/11/2023 07:54, dubser@grey-panther.net wrote:
I was directed to this list after my post on debian-users [1]. I would like to report two issues with the Debian LiveCD (specifically the debian-live-12.2.0-amd64-gnome.iso one):1) if one starts the installer from the live environment, one is asked for a password, that is (as far as I can tell) not documented anywhere inside the CD: https://kdrive.infomaniak.com/app/share/545250/a4c87792-3ed2-4a70-bc1c-ae629842f9cb/preview/image/876245 <https://kdrive.infomaniak.com/app/share/545250/a4c87792-3ed2-4a70-bc1c-ae629842f9cb/preview/image/876245>
This issue has been fixed in live-config 11.0.4. The version in stable is 11.0.3-nmu1, which does not have this fix yet. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037295
I've extracted the difference between 11.0.3+nmu1 and 11.0.4 with the .dsc files and dget, attached is the diff file. It contains this specific fix in components/1080-policykit and some administrative changes in debian/control.
@live-config maintainers: Could live-config 11.0.4 be backported to stable (Bookworm) or should I prepare a patch for the live-build configuration? If we can manage before the 9th December, the fix can be present in the next liveCD for 12.3.
[snip issue 2, to be answered in a separate mail] With kind regards, Roland Clobus
[1] https://lists.debian.org/debian-user/2023/11/msg00733.html <https://lists.debian.org/debian-user/2023/11/msg00733.html>
diff -r -u live-config-11.0.3+nmu1/components/1080-policykit live-config-11.0.4/components/1080-policykit
--- live-config-11.0.3+nmu1/components/1080-policykit 2021-06-28 11:40:26.000000000 +0200
+++ live-config-11.0.4/components/1080-policykit 2023-07-10 20:40:01.000000000 +0200
@@ -3,7 +3,7 @@
. /lib/live/config.sh
## live-config(7) - System Configuration Components
-## Copyright (C) 2016-2020 The Debian Live team
+## Copyright (C) 2016-2023 The Debian Live team
## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
##
## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -40,7 +40,8 @@
esac
# Checking if package is installed
- if ! pkg_is_installed "policykit-1" || \
+ if (! pkg_is_installed "polkitd" &&
+ ! pkg_is_installed "policykit-1") || \
component_was_executed "policykit"
then
exit 0
@@ -51,53 +52,34 @@
Config ()
{
- # Grant administrative PolicyKit pivilieges to default user
-
# Configure PolicyKit in live session
- mkdir -p /etc/PolicyKit
-
-cat > /etc/PolicyKit/PolicyKit.conf << EOF
-<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
-
-<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
-"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd";>
-
-<!-- See the manual page PolicyKit.conf(5) for file format -->
-
-<config version="0.1">
- <match user="root">
- <return result="yes"/>
- </match>
-EOF
+ mkdir -p /usr/share/polkit-1/rules.d
if [ -n "${LIVE_USERNAME}" ]
then
-
-cat >> /etc/PolicyKit/PolicyKit.conf << EOF
- <!-- don't ask password for user in live session -->
- <match user="${LIVE_USERNAME}">
- <return result="yes"/>
- </match>
+ cat > /usr/share/polkit-1/rules.d/sudo_on_live.rules << EOF
+// Grant the live user access without a prompt
+polkit.addRule(function(action, subject) {
+ if (subject.local &&
+ subject.active &&
+ subject.user === "${LIVE_USERNAME}" &&
+ subject.isInGroup("sudo")) {
+ return polkit.Result.YES;
+ }
+});
EOF
-
- fi
-
-cat >> /etc/PolicyKit/PolicyKit.conf << EOF
- <define_admin_auth group="adm"/>
-</config>
-EOF
-
- mkdir -p /var/lib/polkit-1/localauthority/10-vendor.d
-
-cat > /var/lib/polkit-1/localauthority/10-vendor.d/10-live-cd.pkla << EOF
-# Policy to allow the livecd user to bypass policykit
-[Live CD user permissions]
-Identity=unix-user:${LIVE_USERNAME}
-Action=*
-ResultAny=no
-ResultInactive=no
-ResultActive=yes
+ else
+ cat > /usr/share/polkit-1/rules.d/sudo_on_live.rules << EOF
+// Grant the sudo users access without a prompt
+polkit.addRule(function(action, subject) {
+ if (subject.local &&
+ subject.active &&
+ subject.isInGroup("sudo")) {
+ return polkit.Result.YES;
+ }
+});
EOF
+ fi
# Creating state file
touch /var/lib/live/config/policykit
diff -r -u live-config-11.0.3+nmu1/debian/changelog live-config-11.0.4/debian/changelog
--- live-config-11.0.3+nmu1/debian/changelog 2022-10-15 12:16:02.000000000 +0200
+++ live-config-11.0.4/debian/changelog 2023-07-10 20:43:26.000000000 +0200
@@ -1,9 +1,13 @@
-live-config (11.0.3+nmu1) unstable; urgency=medium
+live-config (11.0.4) unstable; urgency=medium
- * Non-maintainer upload.
- * No source change upload to rebuild with debhelper 13.10.
+ [ Jonathan Carter ]
+ * Add changelog entries for Roland's recent changes
- -- Michael Biebl <biebl@debian.org> Sat, 15 Oct 2022 12:16:02 +0200
+ [ Roland Clobus]
+ * Update the polkit configuration to polkitd (Closes: #1037295)
+ * Add lintian overrides
+
+ -- Jonathan Carter <jcc@debian.org> Mon, 10 Jul 2023 20:43:26 +0200
live-config (11.0.3) unstable; urgency=medium
diff -r -u live-config-11.0.3+nmu1/debian/control live-config-11.0.4/debian/control
--- live-config-11.0.3+nmu1/debian/control 2021-06-28 11:40:26.000000000 +0200
+++ live-config-11.0.4/debian/control 2023-07-10 20:40:01.000000000 +0200
@@ -4,9 +4,9 @@
Jonathan Carter <jcc@debian.org>
Section: misc
Priority: optional
-Build-Depends: debhelper-compat (= 12)
+Build-Depends: debhelper-compat (= 13)
Build-Depends-Indep: lsb-release
-Standards-Version: 4.5.1
+Standards-Version: 4.6.2
Vcs-Browser: https://salsa.debian.org/live-team/live-config
Vcs-Git: https://salsa.debian.org/live-team/live-config.git
Homepage: https://salsa.debian.org/live-team/live-config
diff -r -u live-config-11.0.3+nmu1/debian/live-config-systemd.lintian-overrides live-config-11.0.4/debian/live-config-systemd.lintian-overrides
--- live-config-11.0.3+nmu1/debian/live-config-systemd.lintian-overrides 2021-06-28 11:40:26.000000000 +0200
+++ live-config-11.0.4/debian/live-config-systemd.lintian-overrides 2023-07-10 20:40:01.000000000 +0200
@@ -1,5 +1,5 @@
# live-config is special and wants to run very early before most services
-systemd-service-file-refers-to-unusual-wantedby-target lib/systemd/system/live-config.service basic.target
+systemd-service-file-refers-to-unusual-wantedby-target basic.target [lib/systemd/system/live-config.service]
# Yes this package is dedicated to systemd, it will not provide SysV
# scripts
package-supports-alternative-init-but-no-init.d-script lib/systemd/system/live-config.service
diff -r -u live-config-11.0.3+nmu1/debian/live-config-sysvinit.lintian-overrides live-config-11.0.4/debian/live-config-sysvinit.lintian-overrides
--- live-config-11.0.3+nmu1/debian/live-config-sysvinit.lintian-overrides 2021-06-28 11:40:26.000000000 +0200
+++ live-config-11.0.4/debian/live-config-sysvinit.lintian-overrides 2023-07-10 20:43:20.000000000 +0200
@@ -1,5 +1,5 @@
# This is expected, the package is dedicated to sysvinit
-systemd-no-service-for-init-rcS-script live-config
+missing-systemd-service-for-init.d-rcS-script live-config
init.d-script-does-not-source-init-functions etc/init.d/live-config
# Status is not useful, it's a oneshot bootup script
init.d-script-does-not-implement-status-option etc/init.d/live-config
diff -r -u live-config-11.0.3+nmu1/debian/rules live-config-11.0.4/debian/rules
--- live-config-11.0.3+nmu1/debian/rules 2019-05-19 10:11:26.000000000 +0200
+++ live-config-11.0.4/debian/rules 2023-07-10 20:40:01.000000000 +0200
@@ -26,8 +26,5 @@
override_dh_compress:
dh_compress -Xusr/share/doc/live-config/examples
-override_dh_missing:
- dh_missing --fail-missing
-
override_dh_installinit:
dh_installinit -p live-config-sysvinit --no-stop-on-upgrade --no-start --update-rcd-params='start 00 S .' --name live-config --onlyscripts
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature