Closed developeer closed 3 years ago
Reproduced on Ubuntu 16.04 using these instructions. This issue occurs because of https://github.com/TurboVNC/turbovnc/commit/f90561d0500690690cd2865cb61e8be0a7751b89, which was introduced in order to prevent a dialog ("Authentication is required to refresh the system repositories") from popping up multiple times when users connected to a TurboVNC session running GNOME 3 on RHEL/CentOS 8.
Specifically, the PKLA file that TurboVNC installs (/etc/polkit-1/localauthority/50-local.d/45-turbovnc-gnome3.pkla) disables the org.freedesktop.packagekit.system-sources-refresh
action for remote sessions. The most robust way to re-enable it ("robust" = "in a way that will survive the next TurboVNC Server update") is to create your own PKLA file that override's TurboVNC's. For instance:
/etc/polkit-1/localauthority/50-local.d/46-turbovnc-appcenter.pkla
[Restore authentication dialog for elementary OS AppCenter]
Identity=unix-user:*
Action=org.freedesktop.packagekit.system-sources-refresh
ResultAny=auth_admin
The other two dialogs that TurboVNC's PKLA file disables (related to color management and smart card authentication) aren't particularly relevant in a TurboVNC session, but I would be open to another solution for org.freedesktop.packagekit.system-sources-refresh
. By default, that PolKit action requires authentication only for remote sessions (ResultAny
is for remote sessions, whereas ResultActive
and ResultInactive
are for local sessions.) I'm not sure what the security ramifications would be for setting ResultAny=yes
for that action, which is why I erred on the side of caution and set it to ResultAny=no
. If someone could adequately explain those ramifications to me and convince me that there is no serious risk from setting ResultAny=yes
for org.freedesktop.packagekit.system-sources-refresh
, I would consider making that the default.
I am using server TurboVNC 2.2.4 on elementary os and client 2.24 on Windows 10. When I run an update using AppCenter (on elementary os), the desktop prompts for sudo password.
If I upgrade the to 2.2.5 or 2.2.6, the AppCenter stops prompting for password and does not allow for updates. I must run updates from command line. I downgraded back to 2.2.4.
I am running elementary os hera with all updates on Hyper-V on Windows 10.
This occurs on lubuntu and kubuntu also.
Working version 2.2.4 on elementary os
After upgrade to 2.2.6 on elelementary os. happens on startup of appcenter.
Feb 23 10:57:53 turtle io.elementary.a[8821]: Client.vala:148: Update_cache: Refesh cache async failed - Failed to obtain authentication Feb 23 10:57:54 turtle PackageKit[4418]: get-packages transaction /113_addbbaad from uid 1000 finished with success after 717ms Feb 23 10:57:54 turtle PackageKit[4418]: get-updates transaction /114_ebebcdce from uid 1000 finished with success after 589ms Feb 23 10:57:54 turtle PackageKit[4418]: uid 1000 is trying to obtain org.freedesktop.packagekit.system-sources-refresh auth (only_trust Feb 23 10:57:54 turtle PackageKit[4418]: uid 1000 failed to obtain auth