Hi, On Mon, 2007-10-29 at 17:45 +0100, Vincent Untz wrote: > All the details about proposing new modules for 2.22 are available at: > > http://mail.gnome.org/archives/devel-announce-list/2007-September/msg00008.html
I'd like to proposed PolicyKit and PolicyKit-gnome as blessed dependencies for GNOME 2.22. For GNOME 2.24 I'm probably going to proposed PolicyKit-gnome for the Desktop release (hoping to have PolicyKit 1.0 out by then) and in the future it might make sense to have it in the Platform too. But first things first! (Not sure it's necessary for blessed deps; however, the answers to the questions in http://live.gnome.org/ReleasePlanning/ModuleProposing are in [1]). So what is all this about? PolicyKit --------- There's a ton of documentation and API docs here http://hal.freedesktop.org/docs/PolicyKit/ but let me briefly describe what it is. In a nutshell, PolicyKit aims to provide an API for querying and managing "authorizations" and answer the question "Is $PROGRAM allowed to do $ACTION on $OBJECT". Let me dwell on that for a bit. The answer may be one of: "Yes", "No", "the user needs to prove his identity" or "the user needs to prove he's an administrator". This is useful in at least two scenarios - Enterprise/Kiosk: typically enterprises and kiosk setups like to lock down their systems because they don't trust their users - Trusted path: it's useful to check that the request to install some new software, wipe the hard-drive or make a 1-800 call to a foreign country really originates from the user. As such we ask him to prove his identity by making him authenticate. PolicyKit provides an API for modeling this. The idea is that privileged software such as HAL or NetworkManager uses libpolkit as a "decider" component. The main driver behind PolicyKit is that it's desirable to have a very fine-grained permission system. This is in stark contrast to the current state of the art where you either know the root password (or sudo equivalent) or you don't. The other driver was to provide the decision-making component with a lot of data to make the decision. E.g. for local users on the console in active sessions we say "YES"; for inactive sessions we can say "NO" and so on. As a matter of fact, the main driver for William Jon McCann's ConsoleKit work originated from this need http://gitweb.freedesktop.org/?p=ConsoleKit.git;a=summary Notably, PolicyKit supports pluggable back-ends. The default back-end supports all these capabilities (obtain authorizations through authentication) but it's designed in a way so you can plug in other back-ends; for example SUN's Role Base Acccess Control in Solaris comes to mind (and I'm talking to these guys about writing a back-end). (Personally I think we need this kind of thing in GNOME; having an Authorization API is someone you can find in other platforms such as Mac OS X.) PolicyKit-gnome --------------- There's a ton of docs here http://hal.freedesktop.org/docs/PolicyKit-gnome/ Basically, PolicyKit-gnome provides three things - An Authentication Agent that can prompt the user for his credentials; see http://hal.freedesktop.org/docs/PolicyKit-gnome/ref-auth-daemon.html and scroll down a bit - A set of classes to make it very easy to use PolicyKit from GTK+ applications: http://hal.freedesktop.org/docs/PolicyKit-gnome/PolKitGnomeAction.html http://hal.freedesktop.org/docs/PolicyKit-gnome/PolKitGnomeToggleAction.html (scroll down for example code and screenshots) - Work has begun on an the UI for managing authorizations http://people.freedesktop.org/~david/polkit-gnome-authorizations.png but this is stil pretty early; I'm going to work on that (need input from UI ninja's like Bryan Clark) and hope it will be nice for 2.22 Adoption -------- The following GNOME or GNOME-ish apps use PolicyKit - gnome-mount http://people.freedesktop.org/~david/pk-gnome-mount.png http://people.freedesktop.org/~david/pk-gnome-unmount.png - PackageKit http://hughsient.livejournal.com/39378.html - intlclock http://people.freedesktop.org/~david/intlclock-applet.png - gnome-system-monitor; I just submitted a preliminary patch here http://bugzilla.gnome.org/show_bug.cgi?id=491462 http://people.freedesktop.org/~david/gnome-system-monitor-polkit-1.png http://people.freedesktop.org/~david/gnome-system-monitor-polkit-2.png In Fedora we're planning to make use of PolicyKit mostly everywhere on the desktop; effectively replacing the console-helper program (which is similar to gksu). I'm talking to Dan Williams about adding support to NetworkManager. Also, there's some patches by Dan Berrange of Red Hat for virt-manager and libvirt to use this too. At least Fedora, SUSE, Mandriva and Gentoo (I think) already ship PolicyKit 0.6. I talked to Sjoerd Simons of Debian utopia fame and few weeks ago and he said they're in the process of getting it packaged for Debian. The next release of PolicyKit and PolicyKit-gnome will be the 0.7 release hopefully this week. I had hoped to get this done by the deadline for new modules proposals.. but for some reason I had the dates mixed up. Sorry about that. So is it OK to add PolicyKit and PolicyKit-gnome as an optionally blessed dependency for 2.22? Any questions/concerns/comments? Thanks, David [1] : From http://live.gnome.org/ReleasePlanning/ModuleProposing PolicyKit --------- Purpose: See above Target: blessed dep (it's an fd.o project and will stay that way) Dependencies: XML parser (libexpat works), glib2 (for now), D-Bus Optionally PAM Resource usage: Hosted on fd.o infrastructure Adoption: See above Docs: 100% API coverage (gtk-doc); 100% man pages; extensive design docs GNOME-ness / community: See above PolicyKit-gnome --------------- Purpose: See above Target: Blessed dep for now Deps: PolicyKit, GTK+, D-Bus, Resource usage: right now on fd.o; wants to move to GNOME SVN Adoption: See above Docs: 100% API coverage; planning to write a Yelp document GNOME-ness / community: See above _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org http://mail.gnome.org/mailman/listinfo/desktop-devel-list