PolicyKit releases and !AWOL

Doug Klima cardoe at gentoo.org
Thu Dec 6 08:32:35 PST 2007 

David Zeuthen wrote:
> Hi,
>
> First sorry for not being more active on the list. Been busy with lots
> and lots of stuff including PolicyKit and trying to put my thoughts down
> about the next major version of HAL (basically a rewrite, more on that
> soon!). 
>   
Not looking forward to this at all. After all the work that all the
distro maintainers have put in to patch HAL and to fix a lot of the
bugs, it seems a bit worrisome to throw away all that knowledge and code
review.


> Sorry again. I'll try to catch up on the mails tomorrow and Friday;
> fortunately all the mails I haven't replied to are still marked as
> unread so I should be able to get back to most of you.
>   
Again, this troubles me as well since this means that all the patches
for PolicyKit and feedback sent to the mailing list and to you, which is
the only way to communicate feedback, have gone ignored for yet another
release.

> Second, and the reason I'm surfacing from hide + seek, here's a new
> PolicyKit release
>
> http://hal.freedesktop.org/releases/PolicyKit-0.7.tar.gz
> http://hal.freedesktop.org/releases/PolicyKit-gnome-0.7.tar.bz2
>
> For all intents and purposes, software (such as intlclock, PackageKit,
> gnome-system-monitor, pulseaudio and so on) built against PolicyKit 0.6
> will continue to work unmodified with 0.7 (there's a few semantic
> changes in API that mechanisms don't use but not enough to warrant
> bumping the so-name since we're pre-1.0).
>   
Are these documented somewhere?

> However, there's, literally, tons and tons of changes and new API in
> both tarballs, see [1] for details. 
>
> I was fortunate enough to have a few people at Red Hat review the 0.6
> release for security issues; there's a few of changes in 0.7 too (the
> whole auth backend was basically redone) so review of the new bits would
> be welcome. I'm pretty confident there are no bugs / security issues
> (having a test suite makes me sleep better!) but nonetheless this is new
> code so do exercise caution. In other words, I'd wait for 0.8 to ship it
> in a stable release (0.6 is fine though).
>   
Again, this smells of "here's a code drop from Red Hat rather then
working with the community at large which now depends on this software
since GNOME has made it a requirement". I'm glad it's been reviewed by
Red Hat people on Red Hat systems. Has it been tested on any other
systems. There's already reports of basic Makefile mistakes and
compiling issues in the IRC channel.

> Also, packagers should be careful, there's a few new setgid helpers; the
> blurb at the end of ./configure should be useful. And here's the Fedora
> spec files for reference
>
> http://cvs.fedoraproject.org/viewcvs/devel/PolicyKit/PolicyKit.spec?rev=1.9&view=auto
> http://cvs.fedoraproject.org/viewcvs/devel/PolicyKit-gnome/PolicyKit-gnome.spec?rev=1.14&view=auto
>
> where all the juicy permissions bits are repeated again.
>
> Also, specifically, since HAL runs unprivileged and reading of PolicyKit
> authorizations of other users is now a privileged operation (it now
> requires an authorization for org.freedesktop.policykit.read), one will
> need to do things like this in %pre for the hal packages
>
> # User haldaemon needs to be able to read authorizations
> /usr/bin/polkit-auth --user haldaemon --grant org.freedesktop.policykit.read >& /dev/null || :
>
> See here for details:
>
> http://cvs.fedoraproject.org/viewcvs/devel/hal/hal.spec?rev=1.140&view=auto
>   
This is where release candidates would be nice or some notification
prior to a release.

> Here are some screenshots of the new UI
>
> http://people.freedesktop.org/~david/polkitg-auth-1.png
> http://people.freedesktop.org/~david/polkitg-auth-2.png
> http://people.freedesktop.org/~david/polkitg-auth-3.png
> http://people.freedesktop.org/~david/polkit-icon-and-vendor.png
>
> and here are the docs for 0.7
>
>  http://hal.freedesktop.org/docs/PolicyKit/
>  http://hal.freedesktop.org/docs/PolicyKit-gnome/
>   
These documents have a lot of "fill me in" sections. Also, they
reference a DTD which doesn't exist and hasn't existed since PolicyKit
started, I've been providing feedback about this issue for months.

> The next release of PolicyKit will likely break some ABI and so-name
> bumping (I do plan to keep the API for mechanisms intact so just a
> recompile is needed) and after that we should be good to go to 1.0. The
> plans are roughly sketched out in the TODO list here
>
> http://gitweb.freedesktop.org/?p=PolicyKit.git;a=blob_plain;h=b865d2ca583afce8eb2cf5ebfe3bfc96cbe8996d;f=doc/TODO
>
> Patches welcome (there's one from the Slackware guys about not relying
> on PAM that is in my queue already). Comments on the direction on the
> project / feature requests etc. also welcome.
>
>       David
>   
This is a bit of a catch-22 since feedback (i.e. all the bugs on
Freedesktop.org's bugzilla.. all the bug's on Red Hat's bugzilla) seem
to be ignored. E-mails to you and the ML are not consulted between
releases (you said it yourself).

I'm not the only one with these frustrations, I've seen them echoed on
the ML and in IRC as well as by users trying to take advantage of these
apps for new apps of their own.

More information about the hal mailing list