[ Please CC me and/or CC galternati...@packages.debian.org, thanks ] Hello dpkg people,
I am currently working on Debian package "galternatives" [1], the graphical front-end to the update-alternatives program which is shipped by dpkg package. It seems that some actions in /usr/bin/update-alternatives will modify system files thus requires admin privileges. When called from shell, people often use sudo or su to gain such privilege. However, with a graphical program like galternatives, running graphical appliations directly with privilege is risky. The best approach is to gain privilege only when update-alternatives is called as a subprocess. The old method is to use gksu. However, gksu is to be removed in buster cycle. [2] We intend to use polkit instead in future releases. However, using polkit (to be concrete, using pkexec(1)) requires putting policy XML files under /usr/share/polkit-1/actions/ [3]. Since update-alternatives is actually provided by dpkg, I am asking in debian-dpkg list here. I think there are two viable options: * Let galternatives ship org.debian.pkexec.update-alternatives.policy * Let dpkg package ship org.debian.pkexec.update-alternatives.policy Once the policy file gets settled down in the system, policykit will be invoked when "pkexec update-alternatives [options...]" is called. Only users with admin priviliges are allowed to proceed (with their own password checked) and such privilege promotion will last for a short while ("auth_admin_keep") with the help of policykit. I am wondering which one do you prefer. Any suggestions would be welcome too. * * * * * A draft for the file should be like this: (/usr/share/polkit-1/actions/org.debian.pkexec.update-alternatives.policy) <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> <policyconfig> <vendor>galternatives</vendor> <vendor_url>https://tracker.debian.org/pkg/galternatives</vendor_url> <icon_name>galternatives</icon_name> <action id="org.debian.pkexec.update-alternatives"> <description>Run update-alternatives tool to modify system alternative selections</description> <description xml:lang="zh_CN">运行 update-alternatives 工具以修改系统可选项配置</ description> <message>Authentication is required to run update-alternatives tool</ message> <message xml:lang="zh_CN">运行 update-alternatives 工具需要认证</message> <message xml:lang="zh_HK">執行 update-alternatives 工具前要先認證</message> <message xml:lang="zh_TW">需要驗證以執行 update-alternatives 工具</message> <defaults> <allow_any>auth_admin_keep</allow_any> <allow_inactive>auth_admin_keep</allow_inactive> <allow_active>auth_admin_keep</allow_active> </defaults> <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/update- alternatives</annotate> </action> </policyconfig> [1] https://tracker.debian.org/pkg/galternatives [2] https://bugs.debian.org/867236 [3] man 8 polkit Thanks, Boyuan Yang