Re: [gpm] Installing a package that uses pkexec... [was Re: [Bug 617529]]

From: Brian Hutsell <bhut_ooto yahoo com>
To: Richard Hughes <hughsient gmail com>, davidz redhat com
Cc: GPM Mailing List <gnome-power-manager-list gnome org>
Subject: Re: [gpm] Installing a package that uses pkexec... [was Re: [Bug 617529]]
Date: Mon, 17 May 2010 09:05:59 -0700 (PDT)

Attached is a patch which removes the hardcoded paths from gpm's pkexec setup.

If installing somewhere other than prefix=/usr, it gives the following warning:

+WARNING!!! GNOME Power Manager uses the "pkexec" utility to provide root
+permissions necessary for the "gnome-power-backlight-helper" executable to run.
+
+A link should be provided from the file
+"/usr/share/polkit-1/actions/org.gnome.power.policy" to the installed version
+"${prefix}/share/polkit-1/actions/org.gnome.power.policy" after installation.
+
+For security reasons, it is recommended to only install as prefix="/usr" or
+prefix="/usr/local".

This should make the build process more straightforward for others.

BTW, I haven't gotten a response from davidz yet about the proposed polkit enhancement. Does anyone else know a better way to get in touch with the PolicyKit folks?

--Brian

From: Brian Hutsell <bhut_ooto yahoo com>
To: Richard Hughes <hughsient gmail com>; davidz redhat com
Cc: GPM Mailing List <gnome-power-manager-list gnome org>
Sent: Thu, May 13, 2010 10:13:08 PM
Subject: Installing a package that uses pkexec... [was Re: [Bug 617529]]

[Expanding scope: Including David Z: PolicyKit's author]

> You need to install system wide for the PolicyKit stuff to work
> correctly, or, you have to build a PolicyKit in the same prefix that
> you're installing to, and start it by hand.

Installing in /usr/local still counts as installed system wide, but requiring PolicyKit to be installed under the same-prefix defies expectations based on how other packages work. I prefer installing in /usr/local, so if what I install is busted, I can simply uninstall it and the original version is still there in /usr. The GPM code can be cleaned up to achieve most of these goals.

1) The code for pkexec uses and respects the path, so there is no need to hardcode the path to the binary in "brightness.c". I inspected the PolicyKit code to confirm this, and then tested the code to double check.
2) The file "policy/org.gnome.power.policy" should accurately reflect the --prefix specified. This probably requires an extra preprocessing step.

After fixing #1 & #2, it only requires a symbolic link from /usr/share/polkit-1/actions/org.gnome.power.policy to the corresponding file in under the installation prefix (/usr/local) to make this work. If you use /usr as your prefix, the symbolic link isn't even needed. This approach allows the painless uninstall, if necessary, and only minimal hacks (1 symbolic link). The symbolic link creation could even be made part of the install, eliminating the mess from the user's point-of-view. Also, it should yell loudly if the prefix is anything other than /usr or /usr/local, warning the user that it isn't safe from a security point-of-view.

IMO, step #3 would be to enhance PolicyKit in order to detect where its ${dir}/share/polkit-1/actions files should be read from based on the executable's path. If the executable is under /usr/local, then look under /usr/local/share/.., otherwise, look under /usr/share/... This would eliminate the need for the symbolic link and then everything would just work. (*** David Z., what are your thoughts about this idea? ***)

> Sure, that could be the case. It should only fallback to the helper
> code if xrandr failed to find a device and change the brightness. I
> assume if you kill g-p-m you can still change the brightness using the
> hotkeys?

Yes.

--Brian

From: Richard Hughes <hughsient gmail com>
To: Brian Hutsell <bhut_ooto yahoo com>
Cc: GPM Mailing List <gnome-power-manager-list gnome org>
Sent: Wed, May 12, 2010 11:56:18 PM
Subject: Re: [Bug 617529] gnome power manager doesn't recognize battery at startup

On 12 May 2010 16:28, Brian Hutsell <bhut_ooto yahoo com> wrote:
> The brightness settings are busted on master. There appear to be several
> levels of issues.

ccing the mailing list, I hope this is okay.

> 1) The most obvious problem was caused by commit
> d3594664f59ef31278f7d95f9f73e2d52fe3a3f6
> Author: Richard Hughes <richard hughsie com>
> Date:   Thu May 6 20:40:07 2010 +0100
>
>     Provide a pkexec helper for systems that do not have xbacklight
> capability
>
>     a) It explicitly references /usr/sbin/ instead of pulling the file from
> the path. It's fairly standard practice (and default) to install programs
> you compile yourself into /usr/local, and to setup precidence between the
> versions in /usr/local/{bin,sbin} and /usr/{bin,sbin} by setting up the
> path. Please remove the hardcoded reference. After installing into
> --prefix=/usr/local, this causes a long stream of errors to .xsession-errors
> of the variety:
>         Error accessing /usr/sbin/gnome-power-backlight-helper: No such file
> or directory

This is the way pkexec works. pkexec is not supported on any other
root as the binary name is hardcoded in the policy file. You'll need
to install the package systemwide for this to work correctly.

>    b) When providing either a symbolic link or copying
> /usr/sbin/gnome-power-backlight-helper to its desired place, even with suid
> set, it requires root permissions in order to run. A pop-up window appears
> to allow entering the root password. After this password is entered, as you
> move the slider, you are continuously barraged with these pop-up windows.
> From a user point-of-view, this is intolerable.

Well, if you installed the package systemwide then the polkit policy
file would have been installed in /usr/share/polkit-1/actions/ and the
UI would have not been shown.

>     c) The commit message appears to suggest that this is to fix systems
> that couldn't do it for themselves in user mode. Before this commit, system
> could adjust the brightness on my LCD just fine. This suggests that the
> code that detects when this mechanism should be used isn't working properly.

Sure, that could be the case. It should only fallback to the helper
code if xrandr failed to find a device and change the brightness. I
assume if you kill g-p-m you can still change the brightness using the
hotkeys?

> 2) The following commits appear to be intertwined, s.t. reverting just one
> isn't enough:
>         a) commit d3594664f59ef31278f7d95f9f73e2d52fe3a3f6: Provide a
> pkexec helper for systems that do not have xbacklight capability
>         b) commit 176df6b38f26936d05705a548f3ea2356c2b42b1: As we no longer
> have more than one backlight mechanism, remove a ton of abstract code.
>         c) commit d23f4afbb99ad914ca0e33feff365d15a1e60532: Remove
> GetPreferencesOptions() and untie the preferences fro the daemon. Fixes
> #617529
>
> Since 2c) is the change I was supposed to test, continuing to revert changes
> is sort of pointless.

You need to install system wide for the PolicyKit stuff to work
correctly, or, you have to build a PolicyKit in the same prefix that
you're installing to, and start it by hand.

Richard.

Attachment: 0001-Remove-hardcoded-paths-from-pkexec-setup.patch
Description: Binary data

Follow-Ups:
- Re: [gpm] Installing a package that uses pkexec... [was Re: [Bug 617529]]
  - From: Richard Hughes

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]