Privileged helper for xdg-app

[Richard Hughes]

Hi all,

For gnome-software we need to do all actions with user permissions.
We'd then need a privileged helper to install applications
system-wide. Several thoughts come to mind:

1. Just reuse PackageKit: I think this is using a steamroller to crack
a nut, and also ties us to a lot of the traditional problems, and
would also need us to support mixed-backend functionality
2. Just use a pkexec binary: I think this would work, but doesn't give
us any of the progress information we need for a GUI client (i.e. is
fire-and-forget)
3. Create a small daemon (possibly living in xdg-app git) which just
auto-launches, claims a bus name systemwide, does the operation and
then quits.

Option 3 makes most sense in my head, but does need the usual GDBus
overhead, XML interface files, dbus permission file, etc. We'd also
have to decide some key things like:

* default policy of who can do what: PK makes this even harder by
allowing "signed" applications to be installed without the admin
password
* do we support more than one operation to be done in parallel: making
things simple means we have to just have a percentage property without
worrying about "transactions" and things happening in threads
* what should we log, and where?
* do we support adding and removing remotes system-wide as well, if so, policy?
* who can cancel operations: just the current user/should operations
be cancelled if the session also goes away?

I guess we also need to talk about how we work out simple thing like
"what updates are available" when we could have different versions of
the app installed system-wide vs. per-user; I don't know how much code
there is in xdg-app right now dealing with that, but it seemed to be
just "switching modes" between user and system. Of course, "just do
everything for all users" is valid too, and let the power users
wanting a per-user gimp-gtk3-nightly use the command line... Thoughts
welcome.

Richard.