[Pkg-utopia-maintainers] Bug#1094078: polkitd: Error opening directory /run/polkit-1/rules.d and /usr/local/share/polkit-1/rules.d

[Simon McVittie]

On Fri, 24 Jan 2025 at 20:17:02 +0000, Andrew Sayers wrote:
> Observed:
> Error opening rules directory: Error opening directory
> “/usr/local/share/polkit-1/rules.d”: No such file or directory (g-file-error-
> quark, 4)
> Error opening rules directory: Error opening directory “/run/polkit-1/rules.d”:
> No such file or directory (g-file-error-quark, 4)

I think polkitd should probably special-case G_FILE_ERROR_NOENT and silence
these messages: it seems legitimate for some of the rules directories
that are searched to not exist. I suspect this was an oversight while
implementing the longer search path.

> I have an upstream PR awaiting review to change these to priority 4 (warning):
> https://github.com/polkit-org/polkit/pull/536

I personally think that's the wrong direction. Any other error opening these
directories (for example permissions problems) should be a warning, yes,
but I don't think G_FILE_ERROR_NOENT should be.

> /run/polkit-1/rules.d is in a tmpfs, so can't be created at install-time.
> Adding this to the [Service] section of /usr/lib/systemd/system/polkit.service
> would solve the problem, and I would argue is the right solution:
> 
>     RuntimeDirectory=polkit-1
>     ExecStartPre=/bin/mkdir ${RUNTIME_DIRECTORY}/rules.d

A tmpfiles.d snippet would probably be better (certainly simpler). But
it might be better to not create it at all until it's needed, and just
silence the warning.

> /usr/local/share/polkit-1/rules.d is in /usr/local, so Debian should ignore it.
> #1010228 suggests that directory should still be supported in Debian,
> so should upstream create the directory somehow?

Maintainer scripts are allowed to create directories in /usr/local,
but it would perhaps be better to silence the warning instead.

    smcv