I just imported lxpolkit into CVS, but it's not yet build because I don't want to break anything.
We now have 3 PolicyKit-authentication-agents in Fedora: * polkit-gnome * polkit-kde * lxpolkit
As you can see lxpolkit has the shortest name and will therefore be chosen by yum if anything requires PolicyKit-authentication-agent (ATM system-config-samba and system-config-services). There is no problem having several agents installed but we need to make sure that only one gets started at a time.
Suggestion: GNOME and KDE use their agents, everything else, for example window managers like icewm or openbox, gets lxpolkit.
Rationale: 1. lxpolkit has the least dependencies. Currently polkit-gnome doesn't require anything but gtk2 ether, but I guess it will require GConf2 again once the group policy editor is ready (Please correct me if my assumption is wrong) 2. lxpolkit is the smallest package. 3. lxpolkit will be pulled in anyway due to the shortest name.
Implementation: 1. Desktops are to have their authentication agent as required or default in comps, so the proper agent gets installed with the desktop. 2. The desktop files in /etc/xdg/autostart get OnlyShowIn/NotShowIn keys: * polkit-gnome gets OnlyShowIn=GNOME; (currently NotShowIn=KDE;) * polkit-kde gets OnlyShowIn=KDE; (done) * lxpolkit gets NotShowIn=GNOME;KDE; (done, LXDE is currently not supported as OnlyShowIn environment, this requires desktop-file-utils >= 0.16 which is only available rawhide and F-13 updates-testing.) 3. Changes are released in one update
Does this all sound reasonable? Did I miss something?
Regards, Christoph
On Thu, 8 Apr 2010, Christoph Wickert wrote:
I just imported lxpolkit into CVS, but it's not yet build because I don't want to break anything.
We now have 3 PolicyKit-authentication-agents in Fedora: * polkit-gnome * polkit-kde * lxpolkit
As you can see lxpolkit has the shortest name and will therefore be chosen by yum if anything requires PolicyKit-authentication-agent (ATM system-config-samba and system-config-services). There is no problem having several agents installed but we need to make sure that only one gets started at a time.
Shortest name is not the only criteria yum uses anymore. Not in quite a while, now, actually.
Now if all other things are equal it will come down to shortestname.
just a fyi. -sv
On Thu, 2010-04-08 at 18:05 +0200, Christoph Wickert wrote:
I just imported lxpolkit into CVS, but it's not yet build because I don't want to break anything.
We now have 3 PolicyKit-authentication-agents in Fedora: * polkit-gnome * polkit-kde * lxpolkit
As you can see lxpolkit has the shortest name and will therefore be chosen by yum if anything requires PolicyKit-authentication-agent (ATM system-config-samba and system-config-services). There is no problem having several agents installed but we need to make sure that only one gets started at a time.
First, PolicyKit-authentication-agent is a holdover from the old days when the package was called PolicyKit, not polkit, and things worked in different ways.
Second, we should just get rid of the PolicyKit-authentication-agent virtual package - mechanisms/policy agents like system-config-samba (which I believe is both a mechanism and a policy agent) etc. should not be concerned with whether the administrator has configured the system correctly.
As the polkit docs clearly spells out, it is the responsibility of each environment to provide authentication agents that register with the polkit authority - see
http://hal.freedesktop.org/docs/polkit/polkit-agents.html
The way it should work is this
- polkit-gnome, lxpolkit, polkit-kde etc. should NOT provide an autostart desktop file. These packages really just provide code; in particular they MUST NOT encode policy e.g. make assumptions that people would want to run their code.
- Packages containing environments like GNOME, KDE, LXDE should - Require a suitable polkit authentication agent, e.g. polkit-gnome - Ensure itself the authentication agent is started - this can be done via hard-coding stuff in gnome-session.c or using an autostart file or whatever
David
On Fri, 2010-04-09 at 12:54 -0400, David Zeuthen wrote:
http://hal.freedesktop.org/docs/polkit/polkit-agents.html
The way it should work is this
polkit-gnome, lxpolkit, polkit-kde etc. should NOT provide an autostart desktop file. These packages really just provide code; in particular they MUST NOT encode policy e.g. make assumptions that people would want to run their code.
Packages containing environments like GNOME, KDE, LXDE should
- Require a suitable polkit authentication agent, e.g. polkit-gnome
- Ensure itself the authentication agent is started
- this can be done via hard-coding stuff in gnome-session.c or using an autostart file or whatever
We should probably bring polkit-gnome in compliance with this, then. It still ships an autostart file.
On Fri, 2010-04-09 at 14:30 -0400, David Zeuthen wrote:
On Fri, 2010-04-09 at 14:00 -0400, Matthias Clasen wrote:
We should probably bring polkit-gnome in compliance with this, then. It still ships an autostart file.
Well, the whole mess needs sorting distro-wide - probably want a F14 feature + driver for this.
Ok, I'll bite. We can start getting this sorted out in rawhide now. Here is a feature page describing what needs to happen:
https://fedoraproject.org/wiki/Features/PolkitAgentReorg
I took the freedom to coopt Christoph and Jaroslav as co-owners, since they are reponsible (I think ?) for the other agent implementations.
Matthias
desktop@lists.fedoraproject.org
-
Christoph Wickert -
David Zeuthen -
Matthias Clasen -
Seth Vidal