PolicyKit 0.3
David Zeuthen
david at fubar.dk
Tue Jun 19 23:15:49 PDT 2007
Hi,
Here's (finally!) a release of PolicyKit! See [1] for details.
http://people.freedesktop.org/~david/dist/PolicyKit-0.3.tar.gz
http://people.freedesktop.org/~david/dist/PolicyKit-gnome-0.3.tar.bz2
At least it works for me, but expect some build issues; no-one but me
really built this code yet. If you're running Fedora Rawhide, here are
some SRPM's
http://people.freedesktop.org/~david/PolicyKit-0.3-1.fc8.src.rpm
http://people.freedesktop.org/~david/PolicyKit-gnome-0.3-1.fc8.src.rpm
They might be useful for others too - such as to get the packaging
details right since PolicyKit contains a setgid binary etc. These SRPM's
will probably hit Fedora Rawhide soon.
Right now it doesn't do a lot; it's a library after all. There is
however, a small demo in the GNOME tarball; here's a screenshot
http://people.freedesktop.org/~david/PolicyKit-0.3.png
and the source is in examples/ in the tarball. I've also written down
the why+how document and there's a copy here
http://people.freedesktop.org/~david/polkit-spec.html
Later this week I'll release HAL 0.5.10rc1 (there's a few patches on the
list I want to commit; sorry for being slow to respond) + an updated
gnome-mount that will take advantage of this new library.
As noted in the NEWS files I cannot recommend including this yet in a
stable distro; it's security sensitive code and there's still a few
things that need to be properly audited. The plan is to release PK 0.4
within a month or so and then HAL 0.5.10 right after that. It should be
feasible, here's a list of TODO items:
- Have someone review the external API
- Verify the security model
- Audit all code; especially the setgid helper
- Completely rework the lower layer that reads machine-local
configuration; right now we have the notion of PolicyKit modules;
am almost certain that needs to go. Especially in the light of the
fact that we no longer care about Objects/PolKitResource. Probably
some simple XML will do; no need to load .so files I think. Keep
It Simple.
- Granted privileges are currently world-visible; see
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244941
for details. This may just be a Fedora-ism. Alternatively, depending
on what the FHS says, punt it to the distros and ask them to clean
up the directories during boot?
- Add missing details to the spec document
- provide some real world examples e.g. how the example from
the PolicyKit-gnome app works. Preferably in tutorial form.
- more detailed description of the internals, e.g. the dirs
/var/lib/PolicyKit and /var/run/PolicyKit
- Clean up all man pages
- Polish the commandline tools (especially polkit-list-actions could
be nicer)
- Make sure API coverage is 100%
- Have support for systems that don't use the root account; e.g.
instead of authenticating as root, authenticate any user in
e.g. the 'wheel' group. Probably means we need a combobox in the UI
bits (e.g. PolicyKit-gnome + friends) for selecting the user to
auth as.
- Go to 1.0 soon
- Potentially drop the glib dependency (it's not visible in the
external API)
and not all of them applies to 0.4. For PolicyKit-gnome, here's the list
- Extend the D-Bus interface to take an XID so the dialog can be
managed accordingly by the Window Manager
- Would it make sense to have a convience library libpolkit-gnome
that calls into the D-Bus service?
- HIGgy stuff
- Clean up the code; parts of it is somewhat a mess right now; do
we really need to link to libgnome and libgnome-ui?
- Support for systems that don't use the root account; e.g. instead
of authenticating as root, authenticate any user in e.g. the
'wheel' group. Probably means we need a combobox for selecting the
user to auth as.
- Move the GNOME SVN (ticket ID [gnome.org #2863])
- Make the daemon exit after 30 seconds of no service requests
- Make the example use the new D-Bus system bus activation for the
helper as well as the (to be) setuid binary we've got now
Thoughts and feedback is very welcome. Thanks.
David
[1] : From the NEWS file
==========
PolicyKit 0.3 "No Man's Land"
==========
Released on June 20th 2007.
This is the first release of PolicyKit.
WARNING WARNING WARNING: do not use this software in a stable
distribution; there are still security sensitive things that needs to
be audited.
Requirements for PolicyKit 0.3 "No Man's Land"
- dbus >= 0.90
- glib >= 2.6.0
- ConsoleKit >= 0.2.1
- expat >= 1.95.8
More information about the hal
mailing list