[ Please CC me and/or CC galternati...@packages.debian.org, thanks ]
Hello dpkg people,
I am currently working on Debian package "galternatives" [1], the graphical
front-end to the update-alternatives program which is shipped by dpkg package.
It seems that some actions in /usr/bin/update-alternatives will modify system
files thus requires admin privileges. When called from shell, people often use
sudo or su to gain such privilege. However, with a graphical program like
galternatives, running graphical appliations directly with privilege is risky.
The best approach is to gain privilege only when update-alternatives is called
as a subprocess.
The old method is to use gksu. However, gksu is to be removed in buster cycle.
[2] We intend to use polkit instead in future releases. However, using polkit
(to be concrete, using pkexec(1)) requires putting policy XML files under
/usr/share/polkit-1/actions/ [3]. Since update-alternatives is actually
provided by dpkg, I am asking in debian-dpkg list here.
I think there are two viable options:
* Let galternatives ship org.debian.pkexec.update-alternatives.policy
* Let dpkg package ship org.debian.pkexec.update-alternatives.policy
Once the policy file gets settled down in the system, policykit will be invoked
when "pkexec update-alternatives [options...]" is called. Only users with
admin priviliges are allowed to proceed (with their own password checked) and
such privilege promotion will last for a short while ("auth_admin_keep") with
the help of policykit.
I am wondering which one do you prefer. Any suggestions would be welcome too.
* * * * *
A draft for the file should be like this:
(/usr/share/polkit-1/actions/org.debian.pkexec.update-alternatives.policy)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd";>
<policyconfig>
<vendor>galternatives</vendor>
<vendor_url>https://tracker.debian.org/pkg/galternatives</vendor_url>
<icon_name>galternatives</icon_name>
<action id="org.debian.pkexec.update-alternatives">
<description>Run update-alternatives tool to modify system alternative
selections</description>
<description xml:lang="zh_CN">运行 update-alternatives 工具以修改系统可选项配置</
description>
<message>Authentication is required to run update-alternatives tool</
message>
<message xml:lang="zh_CN">运行 update-alternatives 工具需要认证</message>
<message xml:lang="zh_HK">執行 update-alternatives 工具前要先認證</message>
<message xml:lang="zh_TW">需要驗證以執行 update-alternatives 工具</message>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/update-
alternatives</annotate>
</action>
</policyconfig>
[1] https://tracker.debian.org/pkg/galternatives
[2] https://bugs.debian.org/867236
[3] man 8 polkit
Thanks,
Boyuan Yang
