[Pkg-utopia-maintainers] Bug#965210: Bug#965210: policykit-1: libpolkit-agent-1-0 from buster will be unable to authenticate user after upgrade to bullseye

Mon Aug 3 09:44:33 BST 2020

Hi Simon

Am 17.07.20 um 19:18 schrieb Simon McVittie:

> I notice that the polkit-agent-helper in unstable has been moved into
> /usr/libexec. I have not reproduced this myself (I'm currently running
> the experimental version), but I think this will cause upgrade issues
> similar to #699447.
> 
> During upgrades, typically a polkit agent (an implementation of
> polkit-1-auth-agent) will already be running, either integrated into
> a desktop shell like GNOME Shell, gnome-flashback or phosh, or as a
> separate standalone program like polkit-kde-agent-1 or lxpolkit. Until
> the next reboot or logout/login, the agent will already have the old
> libpolkit-agent-1.so.0 in its address space, which means that when it
> tries to authenticate the user, that copy of libpolkit-agent-1.so.0
> will try to run the agent-helper by its old path. In experimental, we
> solved #699447 by creating a symlink at the old path of the agent-helper,
> pointing to its new path.

I wasn't aware of this issue. Thanks for the heads up.
I guess it makes sense to ship such a compat symlink as this is rather
cheap and if it avoids any upgrade problems, then let's do that.
I'll keep /usr/libexec for the time being and update experimental as
well. See below.

> This would also cause upgrade issues if we ever get as far as upgrading
> to the latest upstream polkit as shipped in experimental, either
> as-is (with JavaScript rules) or with the .pkla backend patched back
> in. In the latest upstream polkit, the agent-helper has been moved into
> ${prefix}/lib/polkit-1 (again, see #699447), independent of ${libexecdir}
> or even ${libdir}. As a result, I think it would be a good idea to put
> the agent-helper in the same location in bullseye that it already has
> in experimental, with the same compat symlink, so that we don't have to
> have a double transition. We can drop the compat symlink after bullseye
> is released.
> 
> Concrete steps to achieve that would be something like this:
> - d/rules: set --libexecdir=/usr/lib/polkit-1
> - *.install, postinst, polkit.service: adjust to that path
> - cherry-pick be4fed1f from experimental to create the compat symlink
> 
> Alternatively, if we strongly prefer /usr/libexec, we should talk
> to upstream about reverting 6fbcc6cd (which unhelpfully does not say
> anything about why the change was made), carry out a transition in both
> bullseye and experimental, and create a compat symlink similar to be4fed1f
> (for completeness, we might as well create compat symlinks for *both*
> old paths if we go this route).

Personally I would prefer to use $libexecdir instead of a hard-coded
$(prefix)/lib/polkit-1.

I've filed https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/63
in case you want to chime in there. Let's see what upstream says here.
If upstream is strongly against moving the private binaries to
$libexecdir, I guess we can recosider the move in unstable/bullseye.

Regards,
Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20200803/d3b326d9/attachment.sig>