On Thu, Jan 17, 2019 at 9:18 PM Stefan Agner <[email protected]> wrote: > > On 17.01.2019 21:01, Andreas Müller wrote: > > On Thu, Jan 17, 2019 at 8:09 PM Stefan Agner <[email protected]> wrote: > >> > >> On 17.01.2019 18:50, Andreas Müller wrote: > >> > On Thu, Jan 17, 2019 at 5:27 PM Stefan Agner <[email protected]> wrote: > >> > Hi Stefan, > >> > > >> > sorry but don't like this patch as is: > >> >> > >> >> From: Stefan Agner <[email protected]> > >> >> > >> >> Currently polkit is enabled if systemd is in package config. Those > >> >> two things are orthogonal: NetworkManager can be used with systemd > >> >> and without polkit just fine. > >> > Did you test this (=change networkmanager connections settings) as an > >> > unpriviledged user? > >> > >> Works as expected: need to be root to change connection settings :-) > >> > >> We plan to use D-Bus and D-Bus policies (<policy> tags) to allow some > >> settings to unpriviledged users/groups. > >> > >> >> > >> >> Introduce a new polkit package config and enable it depending on > >> >> whether polkit is in DISTRO_FEATURES. > >> > > >> > * it changes the current behaviour and the default suggested by > >> > configure.ac: 'we usually compile with polkit support.' and > >> > meson.build sets polkit by default. > >> > >> Yes, this changes default behavior. I did not do that lightly, but I > >> think it is sensible to have a global policy on polkit, and also let > >> NetworkManager follow it. I guess the change in default behavior needs > >> to be pointed out in the documentation e.g. in the chapter "Moving to > >> the Yocto Project 2.7 Release". > >> > >> Throughout OpenEmbedded we had vastly different behavior wrt polkit. > >> ConnMan disables it by default without any option to enable it. Quite > >> some packages make it dependent on systemd, some have just a local > >> package config polkit etc... > >> > >> We have a WiFi capable headless device with restricted flash and would > >> like to use NetworkManager. Using polkit pulls in mozjs, which is rather > >> large. We do not need interactive authentication capabilities, since our > >> device does not allow direct user interaction... > >> > >> > >> > * as far as I know there is no polkit DISTRO_FEATURE in metaverse yet. > >> > >> Hm, yes, we definitely should add polkit. How can I do this? > >> > >> > > >> > I suggest to add polkit PACKAGECONFIG if systemd is in DISTRO_FEATURES > >> > - if you don't want polkit you can add a PACKAGECONFIG_remove = > >> > "polkit" somewhere. > >> > >> Yes, I know that. We had this in place so far. > >> > >> However, rather than having a bunch of PACKAGECONFIG, I'd rather have a > >> distro wide policy on polkit. I did send an email to oe-core with a > >> cover letter, and since that patch got merged, I was assuming that > >> polkit as a distro policy is the way to go. > >> http://lists.openembedded.org/pipermail/openembedded-core/2019-January/278021.html > >> > > Ahh - I see am too late in the game - decision was already made - go > > on and forget my last email. > > Probably should have sent out this patch set changing meta-oe stuff at > the same time to get the broader overview, sorry about that. > > NetworkManager is really the most drastic change here, since this is a > prominent package where the change changes the current default. So if > you have any suggestion to ease the transition, I am happy to look into > it. > TBH: I haven't the time to take care for a use case I never had until now. I'll just add polkit to my DISTRO_FEATURES and hope to get same as before.
Andreas -- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
