** Description changed: - For the unity-webapps work the webapps team would like to install packages that only contain unity-webapps - passwordless for a better user experience. They are regular packages but of a very simple form, essentially - just a javascript file and a icon and no maintainer scripts. + For the unity-webapps work the webapps team would like to install packages that only + contain unity-webapps passwordless for a better user experience. They are regular packages but of a very simple form, essentially just a javascript file and a icon and no + maintainer scripts. - My proposal would be to add a new class of policykit action "org.debian.apt.install-package-whitelisted" that - we can override the permissons via /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla (policykit-desktop-privileges) similar to what we did with "org.debian.apt.upgrade-packages". + My proposal would be to add a new class of policykit action: + "org.debian.apt.install-packages.high-trust-repo" that requires the same authentication by default as install-or-remove-packages (i.e. auth_admin). - The whitelist of the repository would be based on "Origin,Components" and packagename regexp. So something like: - (LP-PPA-app-review-board, main, ^unity-webapps-.*") for the webapps case. + This can then be override by the webapps package via + /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla + (policykit-desktop-privileges) similar to what we did in the policykit- + desktop-priviledges with "org.debian.apt.upgrade-packages" to not + require a password prompt. - Does that looks like a good approach to you? + The whitelist of the repository would be based on "Origin,Components" and packagename regexp. So something like: (LP-PPA-app-review-board, main, ^unity-webapps-.*") for the webapps case and this would be shipped as part of the webapps-package into + /etc/aptdaemon/high-trust-repository-whitelist.d/ + + This is all implemented now and I would like to ask for a feature freeze exception to add + this into current quantal. + + Note that this feature is generic enough to be useful other use-cases + like internal company repositories that are trusted.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1035207 Title: [FFe] passwordless install of webapps (based on repo whitelist) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1035207/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
