[packagekit] Proxy
Bastien Nocera
hadess at hadess.net
Wed Mar 26 05:03:18 PDT 2008
On Tue, 2008-03-25 at 14:47 -0400, David Zeuthen wrote:
> On Tue, 2008-03-25 at 05:27 -0400, David Zeuthen wrote:
> > On Tue, 2008-03-25 at 05:16 -0400, David Zeuthen wrote:
> > > On Tue, 2008-03-25 at 08:28 +0000, Richard Hughes wrote:
> > > > Doing it per-user, also means we don't have to add extra configuration
> > > > as we can use the gnome-desktop settings if we are in GNOME and the KDE
> > > > ones if we are in KDE.
> > >
> > > That would be nice. However it would be a big security hole to do so.
> > > Keep in mind that the user session is always to be considered hostile.
> > >
> > > (What you could do instead is making the packagekit system daemon read
> > > the proxy settings from the mandatory and default area of gconf.)
> >
> > Or even better. Restrict the ability to set proxy settings from the user
> > session with a PolicyKit action. Then big sites can lock this down.
>
> Richard asked me to follow up here
>
> - Daemon provides a SetProxySettings() method on the public interface.
> On the interface to the backends, there's a GetProxySettings. So e.g.
> the yum backend would get the proxy settings from the main daemon.
>
> - To use it you'll need authorization for the action
>
> org.freedesktop.packagekit.set-proxy-settings
>
> which the daemon defines. By default, we'd default to implicitly
> granting this to local active sessions.
>
> - The client tools (e.g. pk-update-icon or whatever) reads the proxy
> settings from the desktop / environment / whatever they're running
> in and calls SetProxySettings() before doing their normal job of
> interacting with the daemon.
>
> - Don't think you need to report errors / throw any UI at this.
This is missing the PAC case. Right now, in GNOME, there are a few D-Bus
session services [1] that can check whether a particular address needs a
proxy and the address of that proxy.
[1]:
http://mail.gnome.org/archives/gnome-announce-list/2006-October/msg00071.html
and
http://code.google.com/p/gnome-proxy/
More information about the PackageKit
mailing list