Your message dated Fri, 20 Jan 2023 15:20:51 +0000
with message-id <[email protected]>
and subject line Bug#1023393: fixed in policykit-1 122-2
has caused the Debian Bug report #1023393,
regarding policykit-1: Not prompted to authenticate with my own identity any
more
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1023393: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023393
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: polkitd
Version: 122-1
Severity: important
X-Debbugs-Cc: [email protected]
Since updating to 122, polkit authentication prompts ask me to
authenticate as "Administrator" (root?) rather than my own user.
Here's my configuration:
# cat /etc/polkit-1/localauthority.conf.d/60-sam.conf
[Configuration]
AdminIdentities=unix-user:[email protected]
# pkla-admin-identities
unix-user:[email protected]
So it looks like polkitd-pkla still recognizes me as an administrator.
pkla-check-authorization however indicates that maybe my user is allowed
to connect/disconnect pre-existing network connections but is _not_
allowed to edit network connections. So maybe the problem is with
polkitd-pkla after all?
# pkla-check-authorization [email protected] true true
org.freedesktop.NetworkManager.network-control
yes
# pkla-check-authorization [email protected] true true
org.freedesktop.NetworkManager.settings.modify.system; echo $?
0
For the end to end test I'm running this command, which prompts me for
root's password rather than my own.
$ pkcheck -a org.freedesktop.NetworkManager.settings.modify.system -u -p $$
polkit\56dismissed=true
polkit\56retains_authorization_after_challenge=true
Authentication request was dismissed.
So based on that it's not clear to me whether the problem lies in
polkitd or polkitd-pkla...
Not sure whether the problem is with polkit itself or polkitd-pkla.
-- System Information:
Debian Release: 11.5
APT prefers stable-updates
APT policy: (570, 'stable-updates'), (570, 'stable-security'), (570,
'stable-debug'), (570, 'stable'), (550, 'testing-debug'), (550, 'testing'),
(530, 'unstable-debug'), (530, 'unstable'), (1, 'experimental-debug'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.19.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: default
Versions of packages policykit-1 depends on:
ii pkexec 122-1
ii polkitd 122-1
Versions of packages policykit-1 recommends:
ii polkitd-pkla 122-1
policykit-1 suggests no packages.
Versions of packages polkitd depends on:
ii adduser 3.118
ii dbus [default-dbus-system-bus] 1.12.24-0+deb11u1
ii libc6 2.35-4
ii libduktape207 2.7.0-1+b1
ii libexpat1 2.2.10-2+deb11u5
ii libglib2.0-0 2.74.1-1
ii libpam-systemd [logind] 251.6-1
ii libpam0g 1.4.0-9+deb11u1
ii libpolkit-agent-1-0 122-1
ii libpolkit-gobject-1-0 122-1
ii libsystemd0 251.6-1
ii systemd [systemd-sysusers] 251.6-1
ii xml-core 0.18+nmu1
Versions of packages polkitd suggests:
ii polkitd-pkla 122-1
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: policykit-1
Source-Version: 122-2
Done: Simon McVittie <[email protected]>
We believe that the bug you reported is fixed in the latest version of
policykit-1, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <[email protected]> (supplier of updated policykit-1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 20 Jan 2023 13:22:24 +0000
Source: policykit-1
Architecture: source
Version: 122-2
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Simon McVittie <[email protected]>
Closes: 1006203 1023393 1026425 1027420
Changes:
policykit-1 (122-2) unstable; urgency=medium
.
[ Debian Janitor ]
* d/changelog: Trim trailing whitespace
* d/upstream/metadata: Update URLs for Bug-Database, Bug-Submit
.
[ Simon McVittie ]
* Update how we assign root-equivalent groups
- d/p/debian/50-default.rules-Replace-wheel-group-with-sudo-group.patch,
d/rules:
Set up Debian's default root-equivalent group 'sudo' in
50-default.rules rather than in 40-debian-sudo.rules. This ensures
that users of polkitd-pkla can override it by configuring admin
identities the old way. Previously, because 40-debian-sudo.rules was
earlier in the sequence than 49-polkit-pkla-compat.rules, it would
take precedence and the admin identities from polkitd-pkla were
ignored. (Closes: #1023393)
By default, polkitd-pkla does not provide any admin identities,
which means we behave as though polkitd-pkla was not installed at all,
and fall back to the sudo group defined in 50-default.rules.
- d/p/debian/05_revert-admin-identities-unix-group-wheel.patch:
Drop patch, superseded by the one described above
- d/rules: When built for Ubuntu, also install an Ubuntu-specific file
sequenced after 49-polkit-pkla-compat.rules but before
50-default.rules, which treats both the 'sudo' group and the legacy
'admin' group as root-equivalent.
* Replace /etc/pam.d/polkit-1 with /usr/lib/pam.d/polkit-1.
/usr/lib/pam.d has been supported since at least 1.4.0 (Debian 11),
so we can make this an ordinary packaged file instead of a conffile.
Local sysadmin overrides can still be done via /etc/pam.d/polkit-1
as before.
This sidesteps dpkg's inability to keep track of a conffile when it is
moved from one package to another (#399829, #645849, #163657, #595112).
(Closes: #1006203)
* postinst: Only clean up config directories if not owned.
If we only have polkitd installed, then we want to clean up the obsolete
directory /etc/polkit-1/localauthority.conf.d on upgrade, but if we
have polkitd-pkla installed, then it owns that directory and we should
not remove it. (Closes: #1026425)
* d/policykit-1.dirs: Continue to own some legacy directory names.
Having the transitional package continue to own these directories until
it has had a chance to clean up obsolete conffiles will silence warnings
from dpkg about inability to remove them. (Closes: #1027420)
* d/polkitd.postrm: Clean up /var/lib/polkit-1 on purge.
If /var/lib/polkit-1 was the polkitd user's home directory, then it
might contain a .cache subdirectory; clean that up too.
* Create polkitd user with home directory /nonexistent in new installations.
This will prevent it from creating detritus in /var/lib/polkit-1.
* polkitd.postinst: Change polkitd home directory to /nonexistent on upgrade
* Remove version constraints unnecessary since buster (oldstable)
* Update standards version to 4.6.2 (no changes needed)
Checksums-Sha1:
a8e3fbf4fbd919e9da88ee4e439addc3dd325219 3556 policykit-1_122-2.dsc
a2feaf746dd9ace0b93fab5db7f7afbb5d4bbf6f 45076 policykit-1_122-2.debian.tar.xz
2ca908f19286c592bff4826372a201758effa919 8593
policykit-1_122-2_source.buildinfo
Checksums-Sha256:
1c5f1e2430ad805fe27131e812653e8ce9712a41321240eb9a63bc340f895a98 3556
policykit-1_122-2.dsc
95c6abf7c872ac89fc999ce463d40b34a203e891c3ae63f9d18dfae89803ae89 45076
policykit-1_122-2.debian.tar.xz
fa8760e1cf14b00a00d31ffed9808e355d0e529bcded47e6442095c3f8060827 8593
policykit-1_122-2_source.buildinfo
Files:
47945dcf9e9f0e283c7965383645c8eb 3556 admin optional policykit-1_122-2.dsc
339f18075a6a9af9d1d1f117f8a3b084 45076 admin optional
policykit-1_122-2.debian.tar.xz
e8be4bd285d8f90396e372aaa15788e1 8593 admin optional
policykit-1_122-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmPKrmcACgkQ4FrhR4+B
TE/B3Q//Yl0VDLHlZeE3mwLfbwN+MMRqiYo5xbWQHu8MLZTR9AS9HqUXW8FBkrEu
YjEt2K764/D4FMHSipGeLgxLRCqXaRkpiXUEhnbAELaZdQCLLaVWlZkDQFYJlERA
LwRGx/ZoGsm5oInoTpRiuz6RvXkVv4oDpKJxs4PeRpUO2NdNHNyqbjU+BTZSoBob
WDynrl90vghU+HKjls+WTE1y+Q9+nY7wyIFk4fVCE9PzYo7Vp700hSQjm1wBqGyT
5f+XjeeCVVzf2gHfhppzX4vKPDp9qw2MV+5k7QHfbMvWRINRkPaGDn9+L38ahc+X
g+ElFB7awkJSXgeAnZbaqHLWWGT4gtJ4WYMEuqwRrhmLgp0KrwfUgvtSXYQbQYrm
Qa27mCiiyH+gOMJNMy1UegoltHjA5Ie/CMqsj08jew1O2UoY4YgN/OMC9W8RNF/y
e8oNijCBpkZnSz6/QiCDEiu1U6r2zS4M5k+OrdikpN+8LoslO7XlY0zwqAooPGD8
ZoWdr72z7ec58BuNnMEr06NS4oVaOdZIbwmeqTnJB0b8ei5oZ/MjxDWgrEVba+L/
3cM3PFvqUz1cucVHN5infmUnBivsSnJ2Y9zHft4sfkMUDPm3YxUWhUCOIj+z6FAp
3uEZECanR48r6odRReJ3XUY7UYOxgrmCGBK7SQAcRl0VJNJQ/Uc=
=1idG
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-utopia-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
