* [gentoo-dev] Make the "policykit" USE flag global
@ 2009-03-18 13:12 Olivier Crête
2009-03-19 14:23 ` Robert Piasek
2009-03-22 8:05 ` Nirbheek Chauhan
0 siblings, 2 replies; 11+ messages in thread
From: Olivier Crête @ 2009-03-18 13:12 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1037 bytes --]
Hello,
use.local.desc:app-admin/gnome-system-tools:policykit - Use
sys-auth/policykit to gain privileges to change configuration files
use.local.desc:app-admin/system-tools-backends:policykit - Use
sys-auth/policykit to gain privileges to change configuration files
use.local.desc:gnome-extra/gnome-lirc-properties:policykit - Use
sys-auth/policykit to gain privileges to change configuration files
use.local.desc:gnome-extra/gnome-power-manager:policykit - Enable
sys-auth/policykit authentication support
use.local.desc:media-sound/pulseaudio:policykit - Enable support for
PolicyKit framework.
use.local.desc:sys-auth/consolekit:policykit - Use the PolicyKit
framework (sys-auth/policykit) to get authorization for
suspend/shutdown.
Feel the trend? gnome-base/gnome-panel will follow soon. Lets make this
global. Unless we decide that PolicyKit is the future and make it
compulsory).
If no one complains, I will make the changes in a couple days.
--
Olivier Crête
tester@gentoo.org
Gentoo Developer
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Make the "policykit" USE flag global
2009-03-18 13:12 [gentoo-dev] Make the "policykit" USE flag global Olivier Crête
@ 2009-03-19 14:23 ` Robert Piasek
2009-03-19 15:26 ` Rémi Cardona
2009-03-19 19:20 ` [gentoo-dev] " Zac Medico
2009-03-22 8:05 ` Nirbheek Chauhan
1 sibling, 2 replies; 11+ messages in thread
From: Robert Piasek @ 2009-03-19 14:23 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1519 bytes --]
Hi,
On Wednesday 18 March 2009 13:12:45 Olivier Crête wrote:
> Hello,
>
> use.local.desc:app-admin/gnome-system-tools:policykit - Use
> sys-auth/policykit to gain privileges to change configuration files
> use.local.desc:app-admin/system-tools-backends:policykit - Use
> sys-auth/policykit to gain privileges to change configuration files
> use.local.desc:gnome-extra/gnome-lirc-properties:policykit - Use
> sys-auth/policykit to gain privileges to change configuration files
> use.local.desc:gnome-extra/gnome-power-manager:policykit - Enable
> sys-auth/policykit authentication support
> use.local.desc:media-sound/pulseaudio:policykit - Enable support for
> PolicyKit framework.
> use.local.desc:sys-auth/consolekit:policykit - Use the PolicyKit
> framework (sys-auth/policykit) to get authorization for
> suspend/shutdown.
>
> Feel the trend? gnome-base/gnome-panel will follow soon. Lets make this
> global. Unless we decide that PolicyKit is the future and make it
> compulsory).
>
> If no one complains, I will make the changes in a couple days.
I think it would be also good idea to add policykit support and finally unmask
it. It seems some packages have hardcoded --without-policy-kit / --without-
policykit and some others add policykit to package.use.mask (btw can it be
unmasked by user from portage level??).
I've been playing with policykit for a while now and never had any real
problems with it. I would gladly help to support it by default.
Thanks,
Rob
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Make the "policykit" USE flag global
2009-03-19 14:23 ` Robert Piasek
@ 2009-03-19 15:26 ` Rémi Cardona
2009-03-19 18:12 ` Doug Goldstein
2009-03-19 19:20 ` [gentoo-dev] " Zac Medico
1 sibling, 1 reply; 11+ messages in thread
From: Rémi Cardona @ 2009-03-19 15:26 UTC (permalink / raw
To: gentoo-dev
Le 19/03/2009 15:23, Robert Piasek a écrit :
>> Feel the trend? gnome-base/gnome-panel will follow soon. Lets make this
>> global. Unless we decide that PolicyKit is the future and make it
>> compulsory).
>>
>> If no one complains, I will make the changes in a couple days.
That seems reasonable. ACK from me.
> I think it would be also good idea to add policykit support and finally unmask
> it. It seems some packages have hardcoded --without-policy-kit / --without-
> policykit and some others add policykit to package.use.mask (btw can it be
> unmasked by user from portage level??).
>
> I've been playing with policykit for a while now and never had any real
> problems with it. I would gladly help to support it by default.
It's unfortunately not that simple. Some applications require very
little from PK (the clock applet from gnome-panel is one of those iirc).
But some others (I'm looking at you, gnome-power-manager) just fail
miserably if a specific policy file isn't installed. So for each package
that uses PK, we need to come up with a default policy file that fits
with Gentoo tradition.
Bottom line, none of us took the time to do this because we just didn't
have the time to take care of this. We could definitely use some help to
figure out what to ship as "reasonable" defaults to our users.
Cheers,
Rémi
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Make the "policykit" USE flag global
2009-03-19 15:26 ` Rémi Cardona
@ 2009-03-19 18:12 ` Doug Goldstein
2009-03-19 20:11 ` Rémi Cardona
2009-03-19 20:55 ` [gentoo-dev] " Duncan
0 siblings, 2 replies; 11+ messages in thread
From: Doug Goldstein @ 2009-03-19 18:12 UTC (permalink / raw
To: gentoo-dev
On Thu, Mar 19, 2009 at 10:26 AM, Rémi Cardona <remi@gentoo.org> wrote:
> Le 19/03/2009 15:23, Robert Piasek a écrit :
>>>
>>> Feel the trend? gnome-base/gnome-panel will follow soon. Lets make this
>>> global. Unless we decide that PolicyKit is the future and make it
>>> compulsory).
>>>
>>> If no one complains, I will make the changes in a couple days.
>
> That seems reasonable. ACK from me.
>
>> I think it would be also good idea to add policykit support and finally
>> unmask
>> it. It seems some packages have hardcoded --without-policy-kit /
>> --without-
>> policykit and some others add policykit to package.use.mask (btw can it be
>> unmasked by user from portage level??).
>>
>> I've been playing with policykit for a while now and never had any real
>> problems with it. I would gladly help to support it by default.
>
> It's unfortunately not that simple. Some applications require very little
> from PK (the clock applet from gnome-panel is one of those iirc).
>
> But some others (I'm looking at you, gnome-power-manager) just fail
> miserably if a specific policy file isn't installed. So for each package
> that uses PK, we need to come up with a default policy file that fits with
> Gentoo tradition.
>
> Bottom line, none of us took the time to do this because we just didn't have
> the time to take care of this. We could definitely use some help to figure
> out what to ship as "reasonable" defaults to our users.
>
> Cheers,
>
> Rémi
>
>
The problem would be a simple fix if PolicyKit supported groups and we
could just say "give all access to those in the wheel" group as a
reasonable default. But alas, it does not. Arguably we can probably
patch that in and just be done with it.
Unless someone has some better ideas for a reasonable default. (IMHO,
removing all of PolicyKit is a reasonable default but it looks like
going forward GNOME is just using it without really any documentation
or any forethought into the real world implications of PolicyKit and
the inherent support/issues with ConsoleKit)
--
Doug Goldstein
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Make the "policykit" USE flag global
2009-03-19 14:23 ` Robert Piasek
2009-03-19 15:26 ` Rémi Cardona
@ 2009-03-19 19:20 ` Zac Medico
2009-03-20 8:06 ` Robert Piasek
1 sibling, 1 reply; 11+ messages in thread
From: Zac Medico @ 2009-03-19 19:20 UTC (permalink / raw
To: gentoo-dev
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert Piasek wrote:
> I think it would be also good idea to add policykit support and finally unmask
> it. It seems some packages have hardcoded --without-policy-kit / --without-
> policykit and some others add policykit to package.use.mask (btw can it be
> unmasked by user from portage level??).
You can unmask the flag globally like this:
mkdir -p /etc/portage/profile/
echo -policykit >> /etc/portage/profile/use.mask
Or, you can unmask it for a specific package like this:
echo gnome-base/gnome-session -policykit >>
/etc/portage/profile/package.use.mask
- --
Thanks,
Zac
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)
iEYEARECAAYFAknCmxAACgkQ/ejvha5XGaMQaACgp09qS5b0mnfYKioovsvyb2eS
wXQAoIAKgSe/YPbGlLPFWvUogws2GOfq
=5wNe
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Make the "policykit" USE flag global
2009-03-19 18:12 ` Doug Goldstein
@ 2009-03-19 20:11 ` Rémi Cardona
2009-03-19 20:55 ` [gentoo-dev] " Duncan
1 sibling, 0 replies; 11+ messages in thread
From: Rémi Cardona @ 2009-03-19 20:11 UTC (permalink / raw
To: gentoo-dev
Le 19/03/2009 19:12, Doug Goldstein a écrit :
> The problem would be a simple fix if PolicyKit supported groups and we
> could just say "give all access to those in the wheel" group as a
> reasonable default. But alas, it does not. Arguably we can probably
> patch that in and just be done with it.
Actually, for a while, I had a policy file that returned "allow" to all
auth requests. That was obviously not "secure" at all...
For some reason, even _that_ didn't allow all apps to work properly, as
they expect their own policy file and not just a default setting.
It's as if GConf required schemas to be installed for apps to work.
> Unless someone has some better ideas for a reasonable default.
The only way ATM is to go through the policy file for each applications,
read it, make sense of it and adapt it to Gentoo... Again, the Gnome
herd is quite short on manpower these days, even with the precious help
of our latest recruits (Arun and Nirbheek).
> (IMHO,
> removing all of PolicyKit is a reasonable default but it looks like
> going forward GNOME is just using it without really any documentation
> or any forethought into the real world implications of PolicyKit and
> the inherent support/issues with ConsoleKit)
I think we all agree here, Gilles, Mart and others have dutifully
patched most (all?) core gnome components to at least build without PK,
even if that means loosing some features. Thankfully, most of those
patches have been accepted upstream.
As for Gnome blindly using PK... again, we're all on the same page :)
If anyone _really_ wants PK, please get in touch with us so we can try
to support it in Portage.
Thanks
^ permalink raw reply [flat|nested] 11+ messages in thread
* [gentoo-dev] Re: Make the "policykit" USE flag global
2009-03-19 18:12 ` Doug Goldstein
2009-03-19 20:11 ` Rémi Cardona
@ 2009-03-19 20:55 ` Duncan
2009-03-19 22:58 ` Gilles Dartiguelongue
1 sibling, 1 reply; 11+ messages in thread
From: Duncan @ 2009-03-19 20:55 UTC (permalink / raw
To: gentoo-dev
Doug Goldstein <cardoe@gentoo.org> posted
eafa4c130903191112t50cef619l1a2eeb8c45898e7b@mail.gmail.com, excerpted
below, on Thu, 19 Mar 2009 13:12:15 -0500:
> Unless someone has some better ideas for a reasonable default. (IMHO,
> removing all of PolicyKit is a reasonable default but it looks like
> going forward GNOME is just using it without really any documentation or
> any forethought into the real world implications of PolicyKit and the
> inherent support/issues with ConsoleKit)
Just asking, can the following be made to avoid #4 in the following
sequence with policykit, now? It used to be a terrible issue with
consolekit or whatever it was called. Or is that still one of the
problems?
1. Boot to a VT.
2. Login at VT.
3. startx by sourcing a script that logs out of the VT after the startx,
as that login is now unneeded.
4. Have sound and various other device permissions break as there's no
active login, despite X and all its apps otherwise running normally.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Re: Make the "policykit" USE flag global
2009-03-19 20:55 ` [gentoo-dev] " Duncan
@ 2009-03-19 22:58 ` Gilles Dartiguelongue
2009-03-20 0:42 ` Duncan
0 siblings, 1 reply; 11+ messages in thread
From: Gilles Dartiguelongue @ 2009-03-19 22:58 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1496 bytes --]
Le jeudi 19 mars 2009 à 20:55 +0000, Duncan a écrit :
> Doug Goldstein <cardoe@gentoo.org> posted
> eafa4c130903191112t50cef619l1a2eeb8c45898e7b@mail.gmail.com, excerpted
> below, on Thu, 19 Mar 2009 13:12:15 -0500:
>
> > Unless someone has some better ideas for a reasonable default. (IMHO,
> > removing all of PolicyKit is a reasonable default but it looks like
> > going forward GNOME is just using it without really any documentation or
> > any forethought into the real world implications of PolicyKit and the
> > inherent support/issues with ConsoleKit)
>
> Just asking, can the following be made to avoid #4 in the following
> sequence with policykit, now? It used to be a terrible issue with
> consolekit or whatever it was called. Or is that still one of the
> problems?
>
> 1. Boot to a VT.
> 2. Login at VT.
> 3. startx by sourcing a script that logs out of the VT after the startx,
> as that login is now unneeded.
> 4. Have sound and various other device permissions break as there's no
> active login, despite X and all its apps otherwise running normally.
>
could you report a bug ? I've been discussing with diego about issues
with where pam_ck_connector is placed in our pam stack having someone
with a real problem with how things are today would probably help to
iron out this once and for all. Also you might want to try
consolekit-0.3 (and especially read the elog messages).
--
Gilles Dartiguelongue <eva@gentoo.org>
Gentoo
[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* [gentoo-dev] Re: Make the "policykit" USE flag global
2009-03-19 22:58 ` Gilles Dartiguelongue
@ 2009-03-20 0:42 ` Duncan
0 siblings, 0 replies; 11+ messages in thread
From: Duncan @ 2009-03-20 0:42 UTC (permalink / raw
To: gentoo-dev
Gilles Dartiguelongue <eva@gentoo.org> posted
1237503483.7654.1.camel@keitaro, excerpted below, on Thu, 19 Mar 2009
23:58:03 +0100:
> could you report a bug ? I've been discussing with diego about issues
> with where pam_ck_connector is placed in our pam stack having someone
> with a real problem with how things are today would probably help to
> iron out this once and for all. Also you might want to try
> consolekit-0.3 (and especially read the elog messages).
Umm... not really. I think I got the name wrong (I did say "or whatever
it was called). I was thinking earlier, pam-console maybe?
It's quite evident I'm rather confused by this consolekit stuff. It
became a requirement for xorg somewhere along the line and I have it
installed (the 0.3.0 version you mention), but I've not touched the
configuration at all as I haven't the foggiest, except that I know that
despite starting it as a service, xorg still complains about it in that
brief half-second or so before it switches to the X VT... and it's
scrolled out of the buffer by the usual assortment of KDE complaints long
before I get back to it, and doesn't appear in the xorg log. Despite the
complaint, X still works, certainly the reason I've not spent more time
on it.
There's probably some documentation about it somewhere, but while I make
it a point to read the elog messages, either I've a blind spot in that
regard (entirely possible), or there's been nothing pointing out what
it's all about.
I feel like this is a bit of an abuse of the devel list for user
issues... anyway, feel free to mail me directly or take it to the
desktop list, which is somewhat topical at least. Or just point me to
some documentation, and I'll shut up and read it and post any questions
to the desktop list or whatever when I'm done.
But bringing it back to development and thus on topic, if I'm missing the
documentation, I'm sure others are as well. Maybe that's what I should
file a bug on? As should be evident by now, I'm rather confused on the
topic... but I guess having it so publicly demonstrated keeps me humble.
=:^) But if I'm confused and I spend quite some time on trying to keep
up with such things, what about the poor user that doesn't have that time
to spend?
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Make the "policykit" USE flag global
2009-03-19 19:20 ` [gentoo-dev] " Zac Medico
@ 2009-03-20 8:06 ` Robert Piasek
0 siblings, 0 replies; 11+ messages in thread
From: Robert Piasek @ 2009-03-20 8:06 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 821 bytes --]
Hi Zac,
On Thursday 19 March 2009 19:20:52 Zac Medico wrote:
> Robert Piasek wrote:
> > I think it would be also good idea to add policykit support and finally
> > unmask it. It seems some packages have hardcoded --without-policy-kit /
> > --without- policykit and some others add policykit to package.use.mask
> > (btw can it be unmasked by user from portage level??).
>
> You can unmask the flag globally like this:
>
> mkdir -p /etc/portage/profile/
> echo -policykit >> /etc/portage/profile/use.mask
>
> Or, you can unmask it for a specific package like this:
>
> echo gnome-base/gnome-session -policykit >>
> /etc/portage/profile/package.use.mask
Thanks Zac. I asked, because I couldn't find it in documentation (maybe it's
just me being lazy and not trying hard enough though).
Rob
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Make the "policykit" USE flag global
2009-03-18 13:12 [gentoo-dev] Make the "policykit" USE flag global Olivier Crête
2009-03-19 14:23 ` Robert Piasek
@ 2009-03-22 8:05 ` Nirbheek Chauhan
1 sibling, 0 replies; 11+ messages in thread
From: Nirbheek Chauhan @ 2009-03-22 8:05 UTC (permalink / raw
To: gentoo-dev
On Wed, Mar 18, 2009 at 6:42 PM, Olivier Crête <tester@gentoo.org> wrote:
> Feel the trend? gnome-base/gnome-panel will follow soon. Lets make this
> global. Unless we decide that PolicyKit is the future and make it
> compulsory).
>
> If no one complains, I will make the changes in a couple days.
>
So, what's the final decision on this/status of this? I don't see it
in-tree as a global USE flag yet.
PS: It should probably be globally use.masked till we can make it work
properly as well
--
~Nirbheek Chauhan
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2009-03-22 8:06 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-18 13:12 [gentoo-dev] Make the "policykit" USE flag global Olivier Crête
2009-03-19 14:23 ` Robert Piasek
2009-03-19 15:26 ` Rémi Cardona
2009-03-19 18:12 ` Doug Goldstein
2009-03-19 20:11 ` Rémi Cardona
2009-03-19 20:55 ` [gentoo-dev] " Duncan
2009-03-19 22:58 ` Gilles Dartiguelongue
2009-03-20 0:42 ` Duncan
2009-03-19 19:20 ` [gentoo-dev] " Zac Medico
2009-03-20 8:06 ` Robert Piasek
2009-03-22 8:05 ` Nirbheek Chauhan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox