diff options
author | Colin Guthrie <colin@mageia.org> | 2013-09-04 20:15:38 +0100 |
---|---|---|
committer | Colin Guthrie <colin@mageia.org> | 2013-09-06 15:29:45 +0100 |
commit | c9ecd03156418390fa28b12825beb90626709c95 (patch) | |
tree | 4971c41238f93ab3297d431aaf9e2fe9fe999278 | |
parent | b7fa02336d4bfe8b9391d08ad0b6554a68a673e3 (diff) | |
download | drakx-c9ecd03156418390fa28b12825beb90626709c95.tar drakx-c9ecd03156418390fa28b12825beb90626709c95.tar.gz drakx-c9ecd03156418390fa28b12825beb90626709c95.tar.bz2 drakx-c9ecd03156418390fa28b12825beb90626709c95.tar.xz drakx-c9ecd03156418390fa28b12825beb90626709c95.zip |
Convert to polkit from usermode consolehelper for gaining root privileges
polkit is better integrated into various environments, both console and GUI
and offers better access rules and prevents the internal need to run
su which is prone to errors and doesn't offer an environment agnostic
prompt to the user.
In this case the current package policy (in rpm spec) has been migrated
here and is as follows:
drakclock requires no authentication to run (just a console login)
drakfont requires authentication as the current user.
drakups, drakauth, draklog and drakxservices require authentication as and
administrator.
-rw-r--r-- | perl-install/Makefile.drakxtools | 11 | ||||
-rw-r--r-- | perl-install/polkit/policy/org.mageia.drakauth.policy | 22 | ||||
-rw-r--r-- | perl-install/polkit/policy/org.mageia.drakboot.policy | 22 | ||||
-rw-r--r-- | perl-install/polkit/policy/org.mageia.drakclock.policy | 22 | ||||
-rw-r--r-- | perl-install/polkit/policy/org.mageia.drakfont.policy | 22 | ||||
-rw-r--r-- | perl-install/polkit/policy/org.mageia.draklog.policy | 22 | ||||
-rw-r--r-- | perl-install/polkit/policy/org.mageia.drakups.policy | 22 | ||||
-rw-r--r-- | perl-install/polkit/policy/org.mageia.drakxservices.policy | 22 | ||||
-rwxr-xr-x | perl-install/polkit/wrappers/drakauth | 2 | ||||
-rwxr-xr-x | perl-install/polkit/wrappers/drakboot | 2 | ||||
-rwxr-xr-x | perl-install/polkit/wrappers/drakclock | 2 | ||||
-rwxr-xr-x | perl-install/polkit/wrappers/drakfont | 2 | ||||
-rwxr-xr-x | perl-install/polkit/wrappers/draklog | 2 | ||||
-rwxr-xr-x | perl-install/polkit/wrappers/drakups | 2 | ||||
-rwxr-xr-x | perl-install/polkit/wrappers/drakxservices | 2 |
15 files changed, 177 insertions, 2 deletions
diff --git a/perl-install/Makefile.drakxtools b/perl-install/Makefile.drakxtools index a5a9394e2..92b2951e4 100644 --- a/perl-install/Makefile.drakxtools +++ b/perl-install/Makefile.drakxtools @@ -16,10 +16,12 @@ DATADIR = $(PREFIX)/usr/share ICONSDIR= $(DATADIR)/icons BINDEST = $(PREFIX)/usr/bin SBINDEST = $(PREFIX)/usr/sbin +LIBEXECDEST = $(PREFIX)/usr/libexec ETCDEST = $(PREFIX)/etc/gtk LIBDEST = $(LIBDIR)/$(NAME) PIXDIR = $(DATADIR)/$(NAME)/pixmaps INITDIR = $(PREFIX)/etc/rc.d/init.d +POLKITPOLICYDEST = $(PREFIX)/usr/share/polkit-1/actions .PHONY: $(DIRS) all: ../tools/rpcinfo-flushed $(DIRS) @@ -30,7 +32,7 @@ $(DIRS): install: perl -pi -e "s/\"VER\"(; # version)/\"$(VERSION)\"\1/" standalone.pm - mkdir -p $(BINDEST) $(ETCDEST) $(SBINDEST) $(DATADIR)/{applications,harddrake,pixmaps,icons/{large,mini},autostart} $(PIXDIR) $(INITDIR) $(MENUDIR) + mkdir -p $(BINDEST) $(ETCDEST) $(SBINDEST) $(DATADIR)/{applications,harddrake,pixmaps,icons/{large,mini},autostart} $(PIXDIR) $(INITDIR) $(MENUDIR) $(LIBEXECDEST) $(POLKITPOLICYDEST) install -d $(INLIBDEST_DIRS:%=$(LIBDEST)/%) install $(STANDALONEPMS) standalone/convert $(SBINDEST) install -s ../tools/rpcinfo-flushed ../tools/serial_probe/serial_probe $(SBINDEST) @@ -42,6 +44,11 @@ install: mv -f $(SBINDEST)/display_help $(BINDEST) mv -f $(SBINDEST)/display_release_notes.pl $(BINDEST) mv -f $(SBINDEST)/localedrake $(BINDEST) + # All the things handled by polkit + mv -f $(SBINDEST)/drak{auth,boot,clock,font,ups,xservices} $(LIBEXECDEST) + mv -f $(SBINDEST)/logdrake $(LIBEXECDEST)/draklog + install polkit/wrappers/* $(BINDEST) + install polkit/policy/* $(POLKITPOLICYDEST) install -m 644 *.pm $(LIBDEST) for i in $(PMS_DIRS); do install -d $(LIBDEST)/$$i ; install -m 644 $$i/*.pm $(LIBDEST)/$$i/;done @@ -78,7 +85,7 @@ install: ln -s {drakclock,$(SBINDEST)/clock.pl} ln -s {harddrake2,$(SBINDEST)/drakhardware} ln -s {localedrake,$(BINDEST)/draklocale} - ln -s {logdrake,$(SBINDEST)/draklog} + ln -s {draklog,$(BINDEST)/logdrake} ln -s {scannerdrake,$(SBINDEST)/drakscanner} check: diff --git a/perl-install/polkit/policy/org.mageia.drakauth.policy b/perl-install/polkit/policy/org.mageia.drakauth.policy new file mode 100644 index 000000000..905be635e --- /dev/null +++ b/perl-install/polkit/policy/org.mageia.drakauth.policy @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC +"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" +"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>Mageia</vendor> + <vendor_url>http://www.mageia.org/</vendor_url> + + <action id="org.mageia.drakauth.pkexec.run"> + <description>Run Mageia Authentication Configuration</description> + <message>Authentication is required to run Mageia Authentication Configuration</message> + <icon_name>drakconf</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakauth</annotate> + <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> + </action> +</policyconfig> diff --git a/perl-install/polkit/policy/org.mageia.drakboot.policy b/perl-install/polkit/policy/org.mageia.drakboot.policy new file mode 100644 index 000000000..e41372f73 --- /dev/null +++ b/perl-install/polkit/policy/org.mageia.drakboot.policy @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC +"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" +"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>Mageia</vendor> + <vendor_url>http://www.mageia.org/</vendor_url> + + <action id="org.mageia.drakboot.pkexec.run"> + <description>Run Mageia Boot Configuration</description> + <message>Authentication is required to run Mageia Boot Configuration</message> + <icon_name>drakconf</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakboot</annotate> + <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> + </action> +</policyconfig> diff --git a/perl-install/polkit/policy/org.mageia.drakclock.policy b/perl-install/polkit/policy/org.mageia.drakclock.policy new file mode 100644 index 000000000..627f8745b --- /dev/null +++ b/perl-install/polkit/policy/org.mageia.drakclock.policy @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC +"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" +"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>Mageia</vendor> + <vendor_url>http://www.mageia.org/</vendor_url> + + <action id="org.mageia.drakclock.pkexec.run"> + <description>Run Mageia Date and Time Configuration</description> + <message>Authentication is required to run Mageia Date and Time Configuration</message> + <icon_name>drakconf</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakclock</annotate> + <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> + </action> +</policyconfig> diff --git a/perl-install/polkit/policy/org.mageia.drakfont.policy b/perl-install/polkit/policy/org.mageia.drakfont.policy new file mode 100644 index 000000000..c4837cca5 --- /dev/null +++ b/perl-install/polkit/policy/org.mageia.drakfont.policy @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC +"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" +"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>Mageia</vendor> + <vendor_url>http://www.mageia.org/</vendor_url> + + <action id="org.mageia.drakfont.pkexec.run"> + <description>Run Mageia Font Configuration</description> + <message>Authentication is required to run Mageia Font Configuration</message> + <icon_name>drakconf</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>auth_self_keep</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakfont</annotate> + <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> + </action> +</policyconfig> diff --git a/perl-install/polkit/policy/org.mageia.draklog.policy b/perl-install/polkit/policy/org.mageia.draklog.policy new file mode 100644 index 000000000..85842378f --- /dev/null +++ b/perl-install/polkit/policy/org.mageia.draklog.policy @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC +"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" +"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>Mageia</vendor> + <vendor_url>http://www.mageia.org/</vendor_url> + + <action id="org.mageia.draklog.pkexec.run"> + <description>Run Mageia Log Viewer</description> + <message>Authentication is required to run Mageia Log Viewer</message> + <icon_name>drakconf</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/draklog</annotate> + <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> + </action> +</policyconfig> diff --git a/perl-install/polkit/policy/org.mageia.drakups.policy b/perl-install/polkit/policy/org.mageia.drakups.policy new file mode 100644 index 000000000..2af273084 --- /dev/null +++ b/perl-install/polkit/policy/org.mageia.drakups.policy @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC +"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" +"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>Mageia</vendor> + <vendor_url>http://www.mageia.org/</vendor_url> + + <action id="org.mageia.drakups.pkexec.run"> + <description>Run Mageia UPS Configuration</description> + <message>Authentication is required to run Mageia UPS Configuration</message> + <icon_name>drakconf</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakups</annotate> + <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> + </action> +</policyconfig> diff --git a/perl-install/polkit/policy/org.mageia.drakxservices.policy b/perl-install/polkit/policy/org.mageia.drakxservices.policy new file mode 100644 index 000000000..daa9a7267 --- /dev/null +++ b/perl-install/polkit/policy/org.mageia.drakxservices.policy @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC +"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" +"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>Mageia</vendor> + <vendor_url>http://www.mageia.org/</vendor_url> + + <action id="org.mageia.drakxservices.pkexec.run"> + <description>Run Mageia Service Configuration</description> + <message>Authentication is required to run Mageia Service Configuration</message> + <icon_name>drakconf</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakxservices</annotate> + <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> + </action> +</policyconfig> diff --git a/perl-install/polkit/wrappers/drakauth b/perl-install/polkit/wrappers/drakauth new file mode 100755 index 000000000..b6bcf029d --- /dev/null +++ b/perl-install/polkit/wrappers/drakauth @@ -0,0 +1,2 @@ +#!/bin/sh +exec /usr/bin/pkexec /usr/libexec/drakauth $* diff --git a/perl-install/polkit/wrappers/drakboot b/perl-install/polkit/wrappers/drakboot new file mode 100755 index 000000000..477ed03af --- /dev/null +++ b/perl-install/polkit/wrappers/drakboot @@ -0,0 +1,2 @@ +#!/bin/sh +exec /usr/bin/pkexec /usr/libexec/drakboot $* diff --git a/perl-install/polkit/wrappers/drakclock b/perl-install/polkit/wrappers/drakclock new file mode 100755 index 000000000..1c10aa7b3 --- /dev/null +++ b/perl-install/polkit/wrappers/drakclock @@ -0,0 +1,2 @@ +#!/bin/sh +exec /usr/bin/pkexec /usr/libexec/drakclock $* diff --git a/perl-install/polkit/wrappers/drakfont b/perl-install/polkit/wrappers/drakfont new file mode 100755 index 000000000..664865f0a --- /dev/null +++ b/perl-install/polkit/wrappers/drakfont @@ -0,0 +1,2 @@ +#!/bin/sh +exec /usr/bin/pkexec /usr/libexec/drakfont $* diff --git a/perl-install/polkit/wrappers/draklog b/perl-install/polkit/wrappers/draklog new file mode 100755 index 000000000..b552273dd --- /dev/null +++ b/perl-install/polkit/wrappers/draklog @@ -0,0 +1,2 @@ +#!/bin/sh +exec /usr/bin/pkexec /usr/libexec/draklog $* diff --git a/perl-install/polkit/wrappers/drakups b/perl-install/polkit/wrappers/drakups new file mode 100755 index 000000000..e2c892b64 --- /dev/null +++ b/perl-install/polkit/wrappers/drakups @@ -0,0 +1,2 @@ +#!/bin/sh +exec /usr/bin/pkexec /usr/libexec/drakups $* diff --git a/perl-install/polkit/wrappers/drakxservices b/perl-install/polkit/wrappers/drakxservices new file mode 100755 index 000000000..f4bb18b41 --- /dev/null +++ b/perl-install/polkit/wrappers/drakxservices @@ -0,0 +1,2 @@ +#!/bin/sh +exec /usr/bin/pkexec /usr/libexec/drakxservices $* |