search

coreos / rpm-ostree

⚛📦 Hybrid image/package system with atomic upgrades and package layering
https://coreos.github.io/rpm-ostree
Other
872 stars 195 forks source link

Possibility to do non-interactive PolKit calls #4415

Open mcrha opened 1 year ago

mcrha commented 1 year ago

This is not the same as https://github.com/coreos/rpm-ostree/issues/1128 , this is only about the PolKit credential prompts.

It had been reported downstream at:
https://bugzilla.redhat.com/show_bug.cgi?id=2203555

The non-wheel users can be asked for the admin/root credentials shortly after boot, when gnome-software asks for new updates. This is wrong and unexpected, because it's a background operation, which results into an out of blue credentials prompt, which blocks the whole desktop.

The gnome-software calls the D-Bus function with G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION flag since 45.alpha (to be released) , which makes it easy to be propagated to the daemon, because that flag is reflected in the D-Bus message flags. The change would look like this, but it cannot be used, because it requires every daemon user to explicitly set the G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION flag, because the default is to not have it set, which makes all calls non-interactive by default, including those from the rpm-ostree command line tool.

That means you'd need to add an explicit option for the calls. I'd suggest to call it interactive with the default to true, thus the current behaviour is preserved, but maybe you'd prefer background=false instead. It's up to you.

jlebon commented 1 year ago

Thanks for the detailed report.

The suggestion makes sense to me. Though... definitely tempting to just flip the default. For the rpm-ostree CLI, we can have it pass the flag too. It sounds like g-s is already doing it. There's KDE and Cockpit that I know of left that we'd have to coordinate with. I guess we could add a background option, but eventually yank it out and flip the default after sufficient notice.

mcrha commented 1 year ago

I agree to be careful with changing the default, it can be harmful for projects not noticing the change. That's the reason why I did not propose my test change as a pull request.

cgwalters commented 1 year ago

OK right fun, so we have been doing polkit wrong from the start. Well...the obvious thing to me here is to change RegisterClient to have a global flag that says "I will use the INTERACTIVE_AUTHORIZATION flag correctly".

It's a bit recursive though because we actually call into polkit for RegisterClient...but maybe we should stop allowing interactive auth just for that at all.

cgwalters commented 1 year ago

PR in https://github.com/coreos/rpm-ostree/pull/4420

travier commented 1 year ago

From my understanding of the issue, fixing it would also fix the same case for Discover in Kinoite so I'm in favor of flipping the default.

Edit: Right now we directly call to rpm-ostree in Discover for those operations so changing the default would not have an impact on Discover. Once we have a "--background" / "--non-interactive" switch, we can start using that in Discover.