Page MenuHomePhabricator

Packagekit without autentification ?
Closed, InvalidPublic

Description

With last E22rc on manjaro, packagekit update directly (after locking stuff via db.lck) but without any asked pwd..?
Delibarate or something else ?

fassil created this task.Oct 30 2017, 11:27 PM

With last E22rc on manjaro, packagekit update directly (after locking stuff via db.lck) but without any asked pwd..?
Delibarate or something else ?

zmike reassigned this task from zmike to DaveMDS.Oct 31 2017, 6:43 AM
zmike added a subscriber: zmike.

Hi, packagekit use polkit to manage permissions, seems quite all distro is going in the direction of allow a local user to update already installed packages without a password.

This in real has nothing to do with the pakagekit gadget, the gadget just ask packagekit to install and pkit does the necessary auth.

I don't know about manjaro, but on my arch this config is in the file:

/usr/share/polkit-1/rules.d/org.freedesktop.packagekit.rules

And this is the content on my system:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.packagekit.package-install" &&
        subject.active == true && subject.local == true &&
        subject.isInGroup("wheel")) {
            return polkit.Result.YES;
    }
});

But please note that the E gadget will not ask for a password itself, so I think you will not be able to update from the gadget if you change the default polkit rules.

fassil added a comment.Nov 1 2017, 3:38 AM

'LLo, thanks for clarification
i've exactly the same .rules file here !

& sorry too, because I could've found that myself in STFW as it sounds this default packagekit policy is present since a few year in some distro like fedora !

On the other hand, i use pamac-manager with polkit-efl from here, which is the only way i found to make it works correctly, but it's certainly another story...
Thanks again

DaveMDS closed this task as Invalid.Nov 1 2017, 7:20 AM

de nada