[packagekit] Proxy

Bastien Nocera hadess at hadess.net
Wed Mar 26 05:03:18 PDT 2008


On Tue, 2008-03-25 at 14:47 -0400, David Zeuthen wrote:
> On Tue, 2008-03-25 at 05:27 -0400, David Zeuthen wrote:
> > On Tue, 2008-03-25 at 05:16 -0400, David Zeuthen wrote:
> > > On Tue, 2008-03-25 at 08:28 +0000, Richard Hughes wrote:
> > > > Doing it per-user, also means we don't have to add extra configuration
> > > > as we can use the gnome-desktop settings if we are in GNOME and the KDE
> > > > ones if we are in KDE.
> > > 
> > > That would be nice. However it would be a big security hole to do so.
> > > Keep in mind that the user session is always to be considered hostile.
> > > 
> > > (What you could do instead is making the packagekit system daemon read
> > > the proxy settings from the mandatory and default area of gconf.)
> > 
> > Or even better. Restrict the ability to set proxy settings from the user
> > session with a PolicyKit action. Then big sites can lock this down.
> 
> Richard asked me to follow up here
> 
>  - Daemon provides a SetProxySettings() method on the public interface.
>    On the interface to the backends, there's a GetProxySettings. So e.g.
>    the yum backend would get the proxy settings from the main daemon.
> 
>  - To use it you'll need authorization for the action
> 
>     org.freedesktop.packagekit.set-proxy-settings 
> 
>    which the daemon defines. By default, we'd default to implicitly
>    granting this to local active sessions.
> 
>  - The client tools (e.g. pk-update-icon or whatever) reads the proxy
>    settings from the desktop / environment / whatever they're running
>    in and calls SetProxySettings() before doing their normal job of
>    interacting with the daemon.
> 
>  - Don't think you need to report errors / throw any UI at this.

This is missing the PAC case. Right now, in GNOME, there are a few D-Bus
session services [1] that can check whether a particular address needs a
proxy and the address of that proxy.

[1]:
http://mail.gnome.org/archives/gnome-announce-list/2006-October/msg00071.html
and
http://code.google.com/p/gnome-proxy/




More information about the PackageKit mailing list