Re: [gentoo-dev] Make the policykit USE flag global
On Wed, Mar 18, 2009 at 6:42 PM, Olivier Crête tes...@gentoo.org wrote: Feel the trend? gnome-base/gnome-panel will follow soon. Lets make this global. Unless we decide that PolicyKit is the future and make it compulsory). If no one complains, I will make the changes in a couple days. So, what's the final decision on this/status of this? I don't see it in-tree as a global USE flag yet. PS: It should probably be globally use.masked till we can make it work properly as well -- ~Nirbheek Chauhan
Re: [gentoo-dev] Make the policykit USE flag global
Hi Zac, On Thursday 19 March 2009 19:20:52 Zac Medico wrote: Robert Piasek wrote: I think it would be also good idea to add policykit support and finally unmask it. It seems some packages have hardcoded --without-policy-kit / --without- policykit and some others add policykit to package.use.mask (btw can it be unmasked by user from portage level??). You can unmask the flag globally like this: mkdir -p /etc/portage/profile/ echo -policykit /etc/portage/profile/use.mask Or, you can unmask it for a specific package like this: echo gnome-base/gnome-session -policykit /etc/portage/profile/package.use.mask Thanks Zac. I asked, because I couldn't find it in documentation (maybe it's just me being lazy and not trying hard enough though). Rob signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Make the policykit USE flag global
Hi, On Wednesday 18 March 2009 13:12:45 Olivier Crête wrote: Hello, use.local.desc:app-admin/gnome-system-tools:policykit - Use sys-auth/policykit to gain privileges to change configuration files use.local.desc:app-admin/system-tools-backends:policykit - Use sys-auth/policykit to gain privileges to change configuration files use.local.desc:gnome-extra/gnome-lirc-properties:policykit - Use sys-auth/policykit to gain privileges to change configuration files use.local.desc:gnome-extra/gnome-power-manager:policykit - Enable sys-auth/policykit authentication support use.local.desc:media-sound/pulseaudio:policykit - Enable support for PolicyKit framework. use.local.desc:sys-auth/consolekit:policykit - Use the PolicyKit framework (sys-auth/policykit) to get authorization for suspend/shutdown. Feel the trend? gnome-base/gnome-panel will follow soon. Lets make this global. Unless we decide that PolicyKit is the future and make it compulsory). If no one complains, I will make the changes in a couple days. I think it would be also good idea to add policykit support and finally unmask it. It seems some packages have hardcoded --without-policy-kit / --without- policykit and some others add policykit to package.use.mask (btw can it be unmasked by user from portage level??). I've been playing with policykit for a while now and never had any real problems with it. I would gladly help to support it by default. Thanks, Rob signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Make the policykit USE flag global
Le 19/03/2009 15:23, Robert Piasek a écrit : Feel the trend? gnome-base/gnome-panel will follow soon. Lets make this global. Unless we decide that PolicyKit is the future and make it compulsory). If no one complains, I will make the changes in a couple days. That seems reasonable. ACK from me. I think it would be also good idea to add policykit support and finally unmask it. It seems some packages have hardcoded --without-policy-kit / --without- policykit and some others add policykit to package.use.mask (btw can it be unmasked by user from portage level??). I've been playing with policykit for a while now and never had any real problems with it. I would gladly help to support it by default. It's unfortunately not that simple. Some applications require very little from PK (the clock applet from gnome-panel is one of those iirc). But some others (I'm looking at you, gnome-power-manager) just fail miserably if a specific policy file isn't installed. So for each package that uses PK, we need to come up with a default policy file that fits with Gentoo tradition. Bottom line, none of us took the time to do this because we just didn't have the time to take care of this. We could definitely use some help to figure out what to ship as reasonable defaults to our users. Cheers, Rémi
Re: [gentoo-dev] Make the policykit USE flag global
On Thu, Mar 19, 2009 at 10:26 AM, Rémi Cardona r...@gentoo.org wrote: Le 19/03/2009 15:23, Robert Piasek a écrit : Feel the trend? gnome-base/gnome-panel will follow soon. Lets make this global. Unless we decide that PolicyKit is the future and make it compulsory). If no one complains, I will make the changes in a couple days. That seems reasonable. ACK from me. I think it would be also good idea to add policykit support and finally unmask it. It seems some packages have hardcoded --without-policy-kit / --without- policykit and some others add policykit to package.use.mask (btw can it be unmasked by user from portage level??). I've been playing with policykit for a while now and never had any real problems with it. I would gladly help to support it by default. It's unfortunately not that simple. Some applications require very little from PK (the clock applet from gnome-panel is one of those iirc). But some others (I'm looking at you, gnome-power-manager) just fail miserably if a specific policy file isn't installed. So for each package that uses PK, we need to come up with a default policy file that fits with Gentoo tradition. Bottom line, none of us took the time to do this because we just didn't have the time to take care of this. We could definitely use some help to figure out what to ship as reasonable defaults to our users. Cheers, Rémi The problem would be a simple fix if PolicyKit supported groups and we could just say give all access to those in the wheel group as a reasonable default. But alas, it does not. Arguably we can probably patch that in and just be done with it. Unless someone has some better ideas for a reasonable default. (IMHO, removing all of PolicyKit is a reasonable default but it looks like going forward GNOME is just using it without really any documentation or any forethought into the real world implications of PolicyKit and the inherent support/issues with ConsoleKit) -- Doug Goldstein
Re: [gentoo-dev] Make the policykit USE flag global
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert Piasek wrote: I think it would be also good idea to add policykit support and finally unmask it. It seems some packages have hardcoded --without-policy-kit / --without- policykit and some others add policykit to package.use.mask (btw can it be unmasked by user from portage level??). You can unmask the flag globally like this: mkdir -p /etc/portage/profile/ echo -policykit /etc/portage/profile/use.mask Or, you can unmask it for a specific package like this: echo gnome-base/gnome-session -policykit /etc/portage/profile/package.use.mask - -- Thanks, Zac -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (GNU/Linux) iEYEARECAAYFAknCmxAACgkQ/ejvha5XGaMQaACgp09qS5b0mnfYKioovsvyb2eS wXQAoIAKgSe/YPbGlLPFWvUogws2GOfq =5wNe -END PGP SIGNATURE-
Re: [gentoo-dev] Make the policykit USE flag global
Le 19/03/2009 19:12, Doug Goldstein a écrit : The problem would be a simple fix if PolicyKit supported groups and we could just say give all access to those in the wheel group as a reasonable default. But alas, it does not. Arguably we can probably patch that in and just be done with it. Actually, for a while, I had a policy file that returned allow to all auth requests. That was obviously not secure at all... For some reason, even _that_ didn't allow all apps to work properly, as they expect their own policy file and not just a default setting. It's as if GConf required schemas to be installed for apps to work. Unless someone has some better ideas for a reasonable default. The only way ATM is to go through the policy file for each applications, read it, make sense of it and adapt it to Gentoo... Again, the Gnome herd is quite short on manpower these days, even with the precious help of our latest recruits (Arun and Nirbheek). (IMHO, removing all of PolicyKit is a reasonable default but it looks like going forward GNOME is just using it without really any documentation or any forethought into the real world implications of PolicyKit and the inherent support/issues with ConsoleKit) I think we all agree here, Gilles, Mart and others have dutifully patched most (all?) core gnome components to at least build without PK, even if that means loosing some features. Thankfully, most of those patches have been accepted upstream. As for Gnome blindly using PK... again, we're all on the same page :) If anyone _really_ wants PK, please get in touch with us so we can try to support it in Portage. Thanks
