Use polkit for authorisation (mga#11125)

10 files changed, 104 insertions, 22 deletions

diff --git a/MANIFEST b/MANIFEST
index 542a09b3..7ee413d2 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -94,6 +94,9 @@ pod/8/urpmi.removemedia.pod
 pod/8/urpmi.update.pod
 pod/8/urpmihowto.pod
 pod/8/urpmq.pod
+polkit/org.mageia.urpmi.update.policy.in
+polkit/org.mageia.gurpmi2.policy.in
+polkit/Makefile
 rpm-find-leaves
 rurpme
 rurpmi
diff --git a/Makefile.PL b/Makefile.PL
index 44fba5d3..ed39b155 100755
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -13,14 +13,16 @@ use ExtUtils::MakeMaker;
 # --install-gui : install gurpmi
 my $with_rpm = 1; $with_rpm = 0 if grep $_ eq '--without-rpm', @ARGV;
 my $with_po  = 0; $with_po  = 1 if grep $_ eq '--install-po', @ARGV;
+my $with_polkit = 0; $with_polkit = 1 if grep $_ eq '--install-polkit', @ARGV;
 my $with_gui = 0; $with_gui = 1 if grep $_ eq '--install-gui', @ARGV;
 
 # All scripts, some of them go in /usr/sbin (see DESTINSTALLSBIN below)
 our @bin_scripts = qw(urpmq urpmf rpm-find-leaves);
-our @sbin_scripts = qw(urpmi urpme urpmi.addmedia urpmi.update urpmi.removemedia rurpmi rurpme);
+our @sbin_scripts = qw(urpmi urpme urpmi.addmedia urpmi.removemedia rurpmi rurpme);
+our @libexec_scripts = qw(urpmi.update);
 if ($with_gui) {
     push @bin_scripts, qw(gurpmi);
-    push @sbin_scripts, qw(gurpmi2);
+    push @libexec_scripts, qw(gurpmi2);
 }
 
 # And now, add some functionality to MakeMaker.
@@ -32,10 +34,10 @@ sub libscan {
     return !$with_gui && $path =~ /gurpmi/ ? '' : $path;
 }
 
-# Make proper sbin/man5/man8 dirs in blib
+# Make proper sbin/libexec/man5/man8 dirs in blib
 sub top_targets {
     my $inherited = shift->SUPER::top_targets(@_);
-    $inherited =~ s/^config ::/$& \$(INST_MAN5DIR)\$(DIRFILESEP).exists \$(INST_MAN8DIR)\$(DIRFILESEP).exists \$(INST_SBIN)\$(DIRFILESEP).exists/m;
+    $inherited =~ s/^config ::/$& \$(INST_MAN5DIR)\$(DIRFILESEP).exists \$(INST_MAN8DIR)\$(DIRFILESEP).exists \$(INST_SBIN)\$(DIRFILESEP).exists \$(INST_LIBEXEC)\$(DIRFILESEP).exists/m;
     $inherited;
 }
 
@@ -45,8 +47,10 @@ sub installbin {
     my $inherited = $self->SUPER::installbin(@_);
     my $s = join '|', map quotemeta, @sbin_scripts;
     $inherited =~ s{\$\(INST_SCRIPT\)/($s)}{\$(INST_SBIN)/$1}g;
+    $s = join '|', map quotemeta, @libexec_scripts;
+    $inherited =~ s{\$\(INST_SCRIPT\)/($s)}{\$(INST_LIBEXEC)/$1}g;
     # how to create needed directories under blib
-    $inherited .= $self->dir_target("\$(INST_$_)") for qw(SBIN MAN5DIR MAN8DIR);
+    $inherited .= $self->dir_target("\$(INST_$_)") for qw(SBIN LIBEXEC MAN5DIR MAN8DIR);
     $inherited;
 }
 
@@ -54,11 +58,12 @@ sub install {
     my $inherited = shift->SUPER::install(@_);
     # Take into account scripts in sbin under blib
     # and new manpage sections
-    $inherited =~ s/\$\(INST_BIN\) \$\(DESTINSTALL(\w*)BIN\)/$& \$(INST_SBIN) \$(DESTINSTALL$1SBIN) \$(INST_MAN5DIR) \$(DESTINSTALLMAN5DIR) \$(INST_MAN8DIR) \$(DESTINSTALLMAN8DIR)/g;
+    $inherited =~ s/\$\(INST_BIN\) \$\(DESTINSTALL(\w*)BIN\)/$& \$(INST_SBIN) \$(DESTINSTALL$1SBIN) \$(INST_LIBEXEC) \$(DESTINSTALLLIBEXECDIR) \$(INST_MAN5DIR) \$(DESTINSTALLMAN5DIR) \$(INST_MAN8DIR) \$(DESTINSTALLMAN8DIR)/g;
     # install files under /etc and /var
     my $po = $with_po ? ' installpo' : '';
+    my $polkit = $with_polkit ? ' installpolkit' : '';
     my $gui = $with_gui ? ' installgurpmi2' : '';
-    $inherited =~ s/^install ::/$& installconfigfiles installstatedir$po$gui/gm;
+    $inherited =~ s/^install ::/$& installconfigfiles installstatedir$po$polkit$gui/gm;
     $inherited;
 }
 
@@ -97,6 +102,9 @@ sub postamble {
 installpo:
 	\$(MAKE) -C po install
 
+installpolkit:
+	\$(MAKE) -C polkit install
+
 installconfigfiles:
 	install -d \$(SYSCONFDIR)/urpmi
 	install -m 644 inst.list skip.list \$(SYSCONFDIR)/urpmi
@@ -108,11 +116,6 @@ installstatedir:
 	install -d \$(DESTDIR)/var/cache/urpmi/rpms
 
 installgurpmi2: pure_install gurpmi.desktop
-	ln -s -f consolehelper \$(DESTINSTALLSCRIPT)/gurpmi2
-
-ChangeLog:
-	svn2cl --accum --authors ${commonusername}username.xml
-	rm -f *.bak
 
 TAGS:
 	etags *.pm */*.pm
@@ -143,18 +146,21 @@ WriteMakefile(
 	DESTINSTALLSBIN		=> '$(DESTINSTALLBIN)/../sbin',
 	DESTINSTALLSITESBIN	=> '$(DESTINSTALLSITEBIN)/../sbin',
 	DESTINSTALLVENDORSBIN	=> '$(DESTINSTALLVENDORBIN)/../sbin',
+	INSTALLLIBEXECDIR	=> '$(PERLPREFIX)/libexec',
+	DESTINSTALLLIBEXECDIR	=> '$(DESTDIR)$(INSTALLLIBEXECDIR)',
 	INSTALLMAN5DIR		=> '$(PERLPREFIX)/share/man/man5',
 	DESTINSTALLMAN5DIR	=> '$(DESTDIR)$(INSTALLMAN5DIR)',
 	INSTALLMAN8DIR		=> '$(PERLPREFIX)/share/man/man8',
 	DESTINSTALLMAN8DIR	=> '$(DESTDIR)$(INSTALLMAN8DIR)',
 	INST_SBIN		=> 'blib/sbin',
+	INST_LIBEXEC		=> 'blib/libexec',
 	INST_MAN5DIR		=> 'blib/man5',
 	INST_MAN8DIR		=> 'blib/man8',
 	# We could read those values from rpm macros.
 	SYSCONFDIR		=> '$(DESTDIR)/etc',
 	LOCALSTATEDIR		=> '$(DESTDIR)/var/lib',
     },
-    EXE_FILES		=> [ @bin_scripts, @sbin_scripts ],
+    EXE_FILES		=> [ @bin_scripts, @sbin_scripts, @libexec_scripts ],
     PMLIBDIRS		=> [ qw(gurpm urpm) ],
     $with_po ? (DIR	=> [ 'po' ]) : (),
     MAN1PODS		=> {
diff --git a/NEWS b/NEWS
index c8764a22..1206a1f2 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,5 @@
+- use polkit for authorisation (mga#11125)
+
 Version 7.27.4 - 4 October 2013, by Thierry Vignaud
 
 - library:
diff --git a/gurpmi b/gurpmi
index fd07c35f..010e67c6 100755
--- a/gurpmi
+++ b/gurpmi
@@ -60,9 +60,9 @@ foreach (@all_rpms) {
 }
 
 sub proceed() {
-    #- we need to switch to root if we're not already (via consolehelper)
+    #- we need to switch to root if we're not already (via polkit)
     #- yes. hardcoded paths. safe.
-    exec $> ? '/usr/bin/gurpmi2' : '/usr/sbin/gurpmi2', @ARGV;
+    exec $> ? '/usr/bin/gurpmi2' : '/usr/libexec/gurpmi2', @ARGV;
 }
 
 #- Ask question: save or install ?
diff --git a/po/.gitignore b/po/.gitignore
new file mode 100644
index 00000000..0d91a622
--- /dev/null
+++ b/po/.gitignore
@@ -0,0 +1 @@
+POTFILES.in
diff --git a/po/Makefile b/po/Makefile
index facf804a..ac5fc0f8 100644
--- a/po/Makefile
+++ b/po/Makefile
@@ -30,11 +30,14 @@ merge:
 	    mv -f "$$n"t "$$n"; \
 	done
 
-$(PGOAL).pot: $(PL_FILES)
-	intltool-update --gettext-package desktopstuff --pot
-	perl_checker -q --generate-pot $(PGOAL)_tmp.pot $(PL_FILES)
-	[ ! -e $(PGOAL)_tmp.pot ] || msgcat --use-first $(PGOAL)_tmp.pot desktopstuff.pot > $@
-	rm -f desktopstuff.pot $(PGOAL)_tmp.pot 
+$(PGOAL).pot: $(PL_FILES) POTFILES.in
+	intltool-update --gettext-package non-perl --pot
+	perl_checker -q --generate-pot .$@ $(PL_FILES)
+	msgcat -w 2048 --use-first .$@ non-perl.pot > $@
+	rm -f non-perl.pot .$@
+
+POTFILES.in:
+	(cd .. ; /bin/ls -1 *.desktop.in polkit/*.policy.in; ) > POTFILES.in
 
 install: all
 	for l in $(LANGS); do \
@@ -43,7 +46,7 @@ install: all
 	done
 
 clean:
-	@rm -rf *~ *.mo $(GOALS) $(PGOAL)_tmp.pot
+	@rm -rf *~ *.mo $(GOALS) $(PGOAL)_tmp.pot POTFILES.in
 
 test:
 
diff --git a/po/POTFILES.in b/po/POTFILES.in
deleted file mode 100644
index 13ff90f9..00000000
--- a/po/POTFILES.in
+++ /dev/null
@@ -1 +0,0 @@
-gurpmi.desktop.in
diff --git a/polkit/Makefile b/polkit/Makefile
new file mode 100644
index 00000000..34e81069
--- /dev/null
+++ b/polkit/Makefile
@@ -0,0 +1,24 @@
+BINDIR = /usr/bin
+LIBEXECDIR = /usr/libexec
+BINDEST = $(DESTDIR)$(BINDIR)
+POLKITPOLICYDEST = $(DESTDIR)/usr/share/polkit-1/actions
+
+POLICY_IN := $(wildcard *.policy.in)
+POLICY = $(POLICY_IN:.policy.in=.policy)
+WRAPPERS = $(patsubst org.mageia.%.policy,%,$(POLICY))
+
+all: $(WRAPPERS) $(POLICY)
+
+clean:
+	rm -f  $(WRAPPERS) $(POLICY)
+
+%: org.mageia.%.policy.in
+	@echo -e "#!/bin/sh\nexec $(BINDIR)/pkexec $(LIBEXECDIR)/$@ $$""*" > $@
+
+%.policy: %.policy.in
+	intltool-merge --utf8 ../po $< $@ -x -u -c ../po/.intltool-merge-cache
+
+install: all
+	install -d $(BINDEST) $(POLKITPOLICYDEST)
+	install -m755 $(WRAPPERS) $(BINDEST)
+	install -m644 $(POLICY) $(POLKITPOLICYDEST)
diff --git a/polkit/org.mageia.gurpmi2.policy.in b/polkit/org.mageia.gurpmi2.policy.in
new file mode 100644
index 00000000..4768e142
--- /dev/null
+++ b/polkit/org.mageia.gurpmi2.policy.in
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.gurpmi2.pkexec.run">
+    <_description>Run Mageia Package Installer</_description>
+    <_message>Authentication is required to run Mageia Package Installer</_message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/gurpmi2</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/org.mageia.urpmi.update.policy.in b/polkit/org.mageia.urpmi.update.policy.in
new file mode 100644
index 00000000..dabef903
--- /dev/null
+++ b/polkit/org.mageia.urpmi.update.policy.in
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.urpmi.update.pkexec.run">
+    <_description>Run Mageia Package Media Updater</_description>
+    <_message>Authentication is required to run Mageia Package Media Updater</_message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>yes</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/urpmi.update</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>