From f7cc863196075c0f0634a115e3417370e8646acd Mon Sep 17 00:00:00 2001
From: Colin Guthrie <colin@mageia.org>
Date: Tue, 3 Sep 2013 11:58:05 +0100
Subject: Convert to polkit from usermode consolehelper for gaining root
 privileges

polkit is better integrated into various environments, both console and GUI
and offers better access rules and prevents the internal need to run
su which is prone to errors and doesn't offer an environment agnostic
prompt to the user.

The 'auth as user' (as opposed to 'auth as root') for the 'MageiaUpdate'
binary has been ported to the polkit equiv.

mga#11125
---
 Makefile                                           | 22 +++++++++-------------
 NEWS                                               |  2 ++
 data/rpmdrake-browse-only.desktop.in               |  2 +-
 polkit/policy/org.mageia.rpmdrake-addmedia.policy  | 22 ++++++++++++++++++++++
 polkit/policy/org.mageia.rpmdrake-editmedia.policy | 22 ++++++++++++++++++++++
 polkit/policy/org.mageia.rpmdrake-update.policy    | 22 ++++++++++++++++++++++
 polkit/policy/org.mageia.rpmdrake.policy           | 22 ++++++++++++++++++++++
 polkit/wrappers/MageiaUpdate                       |  2 ++
 polkit/wrappers/drakrpm-edit-media                 |  2 ++
 polkit/wrappers/gurpmi.addmedia                    |  2 ++
 polkit/wrappers/rpmdrake                           |  2 ++
 11 files changed, 108 insertions(+), 14 deletions(-)
 create mode 100644 polkit/policy/org.mageia.rpmdrake-addmedia.policy
 create mode 100644 polkit/policy/org.mageia.rpmdrake-editmedia.policy
 create mode 100644 polkit/policy/org.mageia.rpmdrake-update.policy
 create mode 100644 polkit/policy/org.mageia.rpmdrake.policy
 create mode 100755 polkit/wrappers/MageiaUpdate
 create mode 100755 polkit/wrappers/drakrpm-edit-media
 create mode 100755 polkit/wrappers/gurpmi.addmedia
 create mode 100755 polkit/wrappers/rpmdrake

diff --git a/Makefile b/Makefile
index 2d3dc470..fc6b7137 100644
--- a/Makefile
+++ b/Makefile
@@ -7,7 +7,7 @@ PREFIX = /usr/local
 DATADIR = $(PREFIX)/share
 BINDIR = $(PREFIX)/bin
 SBINDIR = $(PREFIX)/sbin
-RELATIVE_SBIN = ../sbin
+LIBEXECDIR = $(PREFIX)/libexec
 RPM=$(shell rpm --eval %_topdir)
 PERL_VENDORLIB=$(DESTDIR)/$(shell perl -V:installvendorlib   | perl -pi -e "s/.*=//; s/[;']//g")
 
@@ -22,18 +22,14 @@ install: $(ALL)
 	find -name '*.pm' -o -name rpmdrake -o -name MageiaUpdate | xargs ./simplify-drakx-modules
 	./simplify-drakx-modules {gurpmi.addmedia,edit-urpm-sources.pl}
 	@for n in $(DIRS); do make -C $$n install; done
-	install -d $(SBINDIR)
-	install rpmdrake MageiaUpdate edit-urpm-sources.pl gurpmi.addmedia $(SBINDIR)
-	install -d $(BINDIR)
-	ln -sf $(RELATIVE_SBIN)/rpmdrake $(BINDIR)/rpmdrake
-	ln -sf $(RELATIVE_SBIN)/MageiaUpdate $(BINDIR)/MageiaUpdate
-	ln -sf $(RELATIVE_SBIN)/edit-urpm-sources.pl $(BINDIR)/edit-urpm-sources.pl
-	ln -sf edit-urpm-sources.pl $(SBINDIR)/drakrpm-edit-media
-	ln -sf $(RELATIVE_SBIN)/drakrpm-edit-media $(BINDIR)/drakrpm-edit-media
-	ln -sf $(RELATIVE_SBIN)/gurpmi.addmedia $(BINDIR)/gurpmi.addmedia
-	ln -sf $(RELATIVE_SBIN)/rpmdrake $(BINDIR)/drakrpm
-	ln -sf $(RELATIVE_SBIN)/MageiaUpdate $(SBINDIR)/drakrpm-update
-	ln -sf $(RELATIVE_SBIN)/drakrpm-update $(BINDIR)/drakrpm-update
+	install -d $(BINDIR) $(SBINDIR) $(LIBEXECDIR) $(PREFIX)/share/polkit-1/actions
+	install rpmdrake MageiaUpdate gurpmi.addmedia $(LIBEXECDIR)
+	install edit-urpm-sources.pl $(LIBEXECDIR)/drakrpm-edit-media
+	install polkit/wrappers/* $(BINDIR)
+	install polkit/policy/* $(PREFIX)/share/polkit-1/actions
+	ln -sf drakrpm-edit-media $(BINDIR)/edit-urpm-sources.pl
+	ln -sf rpmdrake $(BINDIR)/drakrpm
+	ln -sf MageiaUpdate $(BINDIR)/drakrpm-update
 	install -d $(DATADIR)/rpmdrake/icons
 	install -m644 icons/*.png $(DATADIR)/rpmdrake/icons
 	install -m644 gui.lst $(DATADIR)/rpmdrake
diff --git a/NEWS b/NEWS
index c2bf953c..67dc2037 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,5 @@
+- use polkit for authorisation (mga#11125)
+
 Version 5.49 - 9 Mayr 2013, Thomas Backlund
 
 - --merge-all-rpmnew mode:
diff --git a/data/rpmdrake-browse-only.desktop.in b/data/rpmdrake-browse-only.desktop.in
index 80802b05..88d18530 100644
--- a/data/rpmdrake-browse-only.desktop.in
+++ b/data/rpmdrake-browse-only.desktop.in
@@ -2,7 +2,7 @@
 _Name=Browse Available Software
 Icon=rpmdrake
 _Comment=A graphical front end for browsing installed & available packages
-Exec=/usr/sbin/rpmdrake
+Exec=/usr/bin/rpmdrake
 Terminal=false
 Type=Application
 Categories=X-MandrivaLinux-CrossDesktop;GTK;System;PackageManager;
diff --git a/polkit/policy/org.mageia.rpmdrake-addmedia.policy b/polkit/policy/org.mageia.rpmdrake-addmedia.policy
new file mode 100644
index 00000000..4f4435f5
--- /dev/null
+++ b/polkit/policy/org.mageia.rpmdrake-addmedia.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.rpmdrake-addmedia.pkexec.run">
+    <description>Run Mageia Package Media Adder</description>
+    <message>Authentication is required to run Mageia Package Media Adder</message>
+    <icon_name>rpmdrake</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/gurpmi.addmedia</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/policy/org.mageia.rpmdrake-editmedia.policy b/polkit/policy/org.mageia.rpmdrake-editmedia.policy
new file mode 100644
index 00000000..d5a56cd4
--- /dev/null
+++ b/polkit/policy/org.mageia.rpmdrake-editmedia.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.rpmdrake-editmedia.pkexec.run">
+    <description>Run Mageia Package Media Editor</description>
+    <message>Authentication is required to run Mageia Package Media Editor</message>
+    <icon_name>rpmdrake</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakrpm-edit-media</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/policy/org.mageia.rpmdrake-update.policy b/polkit/policy/org.mageia.rpmdrake-update.policy
new file mode 100644
index 00000000..c9437bfb
--- /dev/null
+++ b/polkit/policy/org.mageia.rpmdrake-update.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.rpmdrake-update.pkexec.run">
+    <description>Run Mageia Updater</description>
+    <message>Authentication is required to run Mageia Updater</message>
+    <icon_name>rpmdrake</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_self_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/MageiaUpdate</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/policy/org.mageia.rpmdrake.policy b/polkit/policy/org.mageia.rpmdrake.policy
new file mode 100644
index 00000000..5b7b3ee8
--- /dev/null
+++ b/polkit/policy/org.mageia.rpmdrake.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.rpmdrake.pkexec.run">
+    <description>Run Mageia Package Manager</description>
+    <message>Authentication is required to run Mageia Package Manager</message>
+    <icon_name>rpmdrake</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/rpmdrake</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/wrappers/MageiaUpdate b/polkit/wrappers/MageiaUpdate
new file mode 100755
index 00000000..f732b981
--- /dev/null
+++ b/polkit/wrappers/MageiaUpdate
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/MageiaUpdate $*
diff --git a/polkit/wrappers/drakrpm-edit-media b/polkit/wrappers/drakrpm-edit-media
new file mode 100755
index 00000000..30fb48d3
--- /dev/null
+++ b/polkit/wrappers/drakrpm-edit-media
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakrpm-edit-media $*
diff --git a/polkit/wrappers/gurpmi.addmedia b/polkit/wrappers/gurpmi.addmedia
new file mode 100755
index 00000000..2e029258
--- /dev/null
+++ b/polkit/wrappers/gurpmi.addmedia
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/gurpmi.addmedia $*
diff --git a/polkit/wrappers/rpmdrake b/polkit/wrappers/rpmdrake
new file mode 100755
index 00000000..60a00841
--- /dev/null
+++ b/polkit/wrappers/rpmdrake
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/rpmdrake $*
-- 
cgit v1.2.1