[Pkg-ayatana-devel] Bug#1015156: ayatana-indicator-sound: please provide equivalents of .pkla files for polkit >= 0.106
Simon McVittie
smcv at debian.org
Sat Jul 16 21:47:27 BST 2022
Package: ayatana-indicator-sound
Version: 22.2.0-2
Severity: normal
User: pkg-utopia-maintainers at lists.alioth.debian.org
Usertags: pkla-without-js
ayatana-indicator-sound currently ships polkit 0.105 configuration fragments
at /var/lib/polkit-1/localauthority/10-vendor.d/50-org.ayatana.AccountsService.Sound.pkla
and /var/lib/polkit-1/localauthority/10-vendor.d/50-org.ayatana.indicator.sound.AccountsService.pkla,
but does not seem to have a polkit >= 0.106 equivalent in
/usr/share/polkit-1/rules.d. This means the customizations to the default
polkit policies that are made by this package will not be taken into
account when running polkit >= 0.106.
Debian and Ubuntu are currently using polkit 0.105 with the old .pkla
rules (and an increasingly large patch series to fix 9 years' worth of
bugs and security vulnerabilities), but it has become clear that this
is not sustainable, and I'm looking at whether we can replace polkit
0.105 with version 121 or newer for Debian 12. You can try these newer
versions by installing the polkitd and polkitd-javascript packages
from experimental.
To make this transition go smoothly, packages that ship a
.pkla file should also provide an equivalent JavaScript file
/usr/share/polkit-1/rules.d/*.rules which will be used by newer versions
of polkit. Most already do, but this is one of a few that do not. It is
appropriate to contribute these .rules files upstream.
System administrators can override the rules in /usr/share/polkit-1/rules.d
by creating a file of the same name in /etc/polkit-1/rules.d, or add
local rules by creating a file with a different name in
/etc/polkit-1/rules.d.
Please don't remove the .pkla file when adding the .rules file: keep the
.pkla file in place until this transition has finished.
/usr/share/polkit-1/actions/*.policy files are not affected by this
transition: they are used by both the old and new versions of polkit.
For example, here's the .pkla file for systemd-networkd in stable, which
allows the systemd-network user to take some privileged actions:
https://sources.debian.org/src/systemd/247.3-7/src/network/systemd-networkd.pkla/
and here's the JavaScript equivalent:
https://sources.debian.org/src/systemd/247.3-7/src/network/systemd-networkd.rules/
flatpak, fwupd and network-manager have other good examples.
Thanks,
smcv
More information about the Pkg-ayatana-devel
mailing list