On Mon, 4 Jan 2021 at 20:12, Eli Schwartz via pacman-dev <[email protected]> wrote: > > On 1/4/21 1:46 PM, Emil Velikov via pacman-dev wrote: > > After a casual chat with some systemd and dbus devs - I was pointed at > > polkit. > > With polkit a) gaining and revoking root is trivial, b) it integrates > > nicely (better than gpg/pinentry) with tty, gnome, kde, etc, while it > > also c) provides for a consistent user experience. > > "pinentry-program /usr/bin/pinentry-curses" integrates very nicely with > the tty too, and is apropos for not context-switching between a terminal > emulator running in a WM, and some popup window. > pinentry fairly often chokes here, if GPG_TTY and the startup TTY aren't reset in just the right moment...
> I'm not aware of a similar option for polkit, it would likely defeat the > purpose of most polkit uses though... > ... do agree though the explicit override pinentry-program is priceless. > > I'm not sure if you're joking or trolling here. I am aiming for "least > > privilege", moving from yaourt which absolutely sucks in that > > department, with pacman being a tiny bit better. > > I don't see how yaourt is tied to principle of least privilege. Neither > with yaourt, nor without yaourt, do you have principle of least privilege. > Was trying to illustrate that yaourt is a step in the opposite direction - worst (yaourt) -> bad (pacman) -> good (polkit based pacman). Duly noted will not mention that helper again. > > Last but not least, to reiterate pacman will work as original when the > > system lacks polkit all together. > > No it won't... because you need to link to libpolkit-agent in order to > support it, therefore it's a compile-time choice whether the "pacman" > package depends on the "polkit" package. > Is dlopen/dlsym banned in pacman? > You could circumvent this by using exec(2) + /usr/bin/pkexec on the > whole process, or if, like systemd, you *already* contain a dbus > implementation that can send messages to org.freedesktop.PolicyKit1 > without linking to polkit. > My initial idea was to try the systemd route and if implementation (or interdependencies) gets too messy - to fallback to pkexec. As you mentioned before separation is priority #1, elevation is 3+ Thanks Emil
