Convert to polkit from usermode consolehelper for gaining root privileges

polkit is better integrated into various environments, both console and GUI and offers better access rules and prevents the internal need to run su which is prone to errors and doesn't offer an environment agnostic prompt to the user. The 'auth as user' (as opposed to 'auth as root') for the 'MageiaUpdate' binary has been ported to the polkit equiv. mga#11125
author: Colin Guthrie <colin@mageia.org> 2013-09-03 11:58:05 +0100
committer: Colin Guthrie <colin@mageia.org> 2013-09-03 12:15:20 +0100
commit: f7cc863196075c0f0634a115e3417370e8646acd (patch)
tree: d1e48cddebb32982e154c543bc69a2133a1680fa
parent: ce2a0726339307d5b747ac397825adf2cad396ac (diff)
download: rpmdrake-f7cc863196075c0f0634a115e3417370e8646acd.tar
rpmdrake-f7cc863196075c0f0634a115e3417370e8646acd.tar.gz
rpmdrake-f7cc863196075c0f0634a115e3417370e8646acd.tar.bz2
rpmdrake-f7cc863196075c0f0634a115e3417370e8646acd.tar.xz
rpmdrake-f7cc863196075c0f0634a115e3417370e8646acd.zip
11 files changed, 108 insertions, 14 deletions
diff --git a/Makefile b/Makefile
index 2d3dc470..fc6b7137 100644
--- a/Makefile
+++ b/Makefile
@@ -7,7 +7,7 @@ PREFIX = /usr/local
 DATADIR = $(PREFIX)/share
 BINDIR = $(PREFIX)/bin
 SBINDIR = $(PREFIX)/sbin
-RELATIVE_SBIN = ../sbin
+LIBEXECDIR = $(PREFIX)/libexec
 RPM=$(shell rpm --eval %_topdir)
 PERL_VENDORLIB=$(DESTDIR)/$(shell perl -V:installvendorlib   | perl -pi -e "s/.*=//; s/[;']//g")
 
@@ -22,18 +22,14 @@ install: $(ALL)
 	find -name '*.pm' -o -name rpmdrake -o -name MageiaUpdate | xargs ./simplify-drakx-modules
 	./simplify-drakx-modules {gurpmi.addmedia,edit-urpm-sources.pl}
 	@for n in $(DIRS); do make -C $$n install; done
-	install -d $(SBINDIR)
-	install rpmdrake MageiaUpdate edit-urpm-sources.pl gurpmi.addmedia $(SBINDIR)
-	install -d $(BINDIR)
-	ln -sf $(RELATIVE_SBIN)/rpmdrake $(BINDIR)/rpmdrake
-	ln -sf $(RELATIVE_SBIN)/MageiaUpdate $(BINDIR)/MageiaUpdate
-	ln -sf $(RELATIVE_SBIN)/edit-urpm-sources.pl $(BINDIR)/edit-urpm-sources.pl
-	ln -sf edit-urpm-sources.pl $(SBINDIR)/drakrpm-edit-media
-	ln -sf $(RELATIVE_SBIN)/drakrpm-edit-media $(BINDIR)/drakrpm-edit-media
-	ln -sf $(RELATIVE_SBIN)/gurpmi.addmedia $(BINDIR)/gurpmi.addmedia
-	ln -sf $(RELATIVE_SBIN)/rpmdrake $(BINDIR)/drakrpm
-	ln -sf $(RELATIVE_SBIN)/MageiaUpdate $(SBINDIR)/drakrpm-update
-	ln -sf $(RELATIVE_SBIN)/drakrpm-update $(BINDIR)/drakrpm-update
+	install -d $(BINDIR) $(SBINDIR) $(LIBEXECDIR) $(PREFIX)/share/polkit-1/actions
+	install rpmdrake MageiaUpdate gurpmi.addmedia $(LIBEXECDIR)
+	install edit-urpm-sources.pl $(LIBEXECDIR)/drakrpm-edit-media
+	install polkit/wrappers/* $(BINDIR)
+	install polkit/policy/* $(PREFIX)/share/polkit-1/actions
+	ln -sf drakrpm-edit-media $(BINDIR)/edit-urpm-sources.pl
+	ln -sf rpmdrake $(BINDIR)/drakrpm
+	ln -sf MageiaUpdate $(BINDIR)/drakrpm-update
 	install -d $(DATADIR)/rpmdrake/icons
 	install -m644 icons/*.png $(DATADIR)/rpmdrake/icons
 	install -m644 gui.lst $(DATADIR)/rpmdrake
diff --git a/NEWS b/NEWS
index c2bf953c..67dc2037 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,5 @@
+- use polkit for authorisation (mga#11125)
+
 Version 5.49 - 9 Mayr 2013, Thomas Backlund
 
 - --merge-all-rpmnew mode:
diff --git a/data/rpmdrake-browse-only.desktop.in b/data/rpmdrake-browse-only.desktop.in
index 80802b05..88d18530 100644
--- a/data/rpmdrake-browse-only.desktop.in
+++ b/data/rpmdrake-browse-only.desktop.in
@@ -2,7 +2,7 @@
 _Name=Browse Available Software
 Icon=rpmdrake
 _Comment=A graphical front end for browsing installed & available packages
-Exec=/usr/sbin/rpmdrake
+Exec=/usr/bin/rpmdrake
 Terminal=false
 Type=Application
 Categories=X-MandrivaLinux-CrossDesktop;GTK;System;PackageManager;
diff --git a/polkit/policy/org.mageia.rpmdrake-addmedia.policy b/polkit/policy/org.mageia.rpmdrake-addmedia.policy
new file mode 100644
index 00000000..4f4435f5
--- /dev/null
+++ b/polkit/policy/org.mageia.rpmdrake-addmedia.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.rpmdrake-addmedia.pkexec.run">
+    <description>Run Mageia Package Media Adder</description>
+    <message>Authentication is required to run Mageia Package Media Adder</message>
+    <icon_name>rpmdrake</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/gurpmi.addmedia</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/policy/org.mageia.rpmdrake-editmedia.policy b/polkit/policy/org.mageia.rpmdrake-editmedia.policy
new file mode 100644
index 00000000..d5a56cd4
--- /dev/null
+++ b/polkit/policy/org.mageia.rpmdrake-editmedia.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.rpmdrake-editmedia.pkexec.run">
+    <description>Run Mageia Package Media Editor</description>
+    <message>Authentication is required to run Mageia Package Media Editor</message>
+    <icon_name>rpmdrake</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakrpm-edit-media</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/policy/org.mageia.rpmdrake-update.policy b/polkit/policy/org.mageia.rpmdrake-update.policy
new file mode 100644
index 00000000..c9437bfb
--- /dev/null
+++ b/polkit/policy/org.mageia.rpmdrake-update.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.rpmdrake-update.pkexec.run">
+    <description>Run Mageia Updater</description>
+    <message>Authentication is required to run Mageia Updater</message>
+    <icon_name>rpmdrake</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_self_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/MageiaUpdate</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/policy/org.mageia.rpmdrake.policy b/polkit/policy/org.mageia.rpmdrake.policy
new file mode 100644
index 00000000..5b7b3ee8
--- /dev/null
+++ b/polkit/policy/org.mageia.rpmdrake.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.rpmdrake.pkexec.run">
+    <description>Run Mageia Package Manager</description>
+    <message>Authentication is required to run Mageia Package Manager</message>
+    <icon_name>rpmdrake</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/rpmdrake</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/wrappers/MageiaUpdate b/polkit/wrappers/MageiaUpdate
new file mode 100755
index 00000000..f732b981
--- /dev/null
+++ b/polkit/wrappers/MageiaUpdate
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/MageiaUpdate $*
diff --git a/polkit/wrappers/drakrpm-edit-media b/polkit/wrappers/drakrpm-edit-media
new file mode 100755
index 00000000..30fb48d3
--- /dev/null
+++ b/polkit/wrappers/drakrpm-edit-media
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakrpm-edit-media $*
diff --git a/polkit/wrappers/gurpmi.addmedia b/polkit/wrappers/gurpmi.addmedia
new file mode 100755
index 00000000..2e029258
--- /dev/null
+++ b/polkit/wrappers/gurpmi.addmedia
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/gurpmi.addmedia $*
diff --git a/polkit/wrappers/rpmdrake b/polkit/wrappers/rpmdrake
new file mode 100755
index 00000000..60a00841
--- /dev/null
+++ b/polkit/wrappers/rpmdrake
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/rpmdrake $*
author	Colin Guthrie <colin@mageia.org>	2013-09-03 11:58:05 +0100
committer	Colin Guthrie <colin@mageia.org>	2013-09-03 12:15:20 +0100
commit	f7cc863196075c0f0634a115e3417370e8646acd (patch)
tree	d1e48cddebb32982e154c543bc69a2133a1680fa
parent	ce2a0726339307d5b747ac397825adf2cad396ac (diff)
download	rpmdrake-f7cc863196075c0f0634a115e3417370e8646acd.tar rpmdrake-f7cc863196075c0f0634a115e3417370e8646acd.tar.gz rpmdrake-f7cc863196075c0f0634a115e3417370e8646acd.tar.bz2 rpmdrake-f7cc863196075c0f0634a115e3417370e8646acd.tar.xz rpmdrake-f7cc863196075c0f0634a115e3417370e8646acd.zip