gunterkoenigsmann
commented
7 years ago Open vanillajonathan opened 7 years ago
gunterkoenigsmann
commented
7 years ago 
julian-alarcon
commented
7 years ago 
franko108
commented
7 years ago Same problem on Debian 9 with Gnome 3.22.3, opening from a menu doesn't work, from shell is such an error:
$ synaptic-pkexec No protocol specified Unable to init server: Could not connect: Connection refused (synaptic:6206): Gtk-WARNING **: cannot open display: :0
Firstly prompted for a password, and then error above.
Same situation with synaptic or synaptic-pkexec command. Launched as root or a non root, same error.
EDIT.
Actually, it happened to me after I installed proprietary ATI VGA drivers (xserver-xorg-video-ati libgl1-mesa-dri). Before that, Synaptic did work, but on the small resolution (1024x768)
DarkFenX
commented
6 years ago Doesn't work on 1920x1080 on intel OSS drivers. I very much doubt it depends on this though.
vanillajonathan
commented
6 years ago References to X11: https://github.com/mvo5/synaptic/search?l=C%2B%2B&q=X11&type=&utf8=%E2%9C%93
gunterkoenigsmann
commented
6 years ago Nah... ...it is simpler: Wayland tries to enhance security by making applications choose if they want root rights or access to the graphical display. Synaptic wants the first - and therefore doesn't get the latter. The only way around this is drawing the gui from a non-root process and using policykit to create a worker process that does the things root rights are needed for.
Pjotr123
commented
6 years ago @gunterkoenigsmann : I understand, thanks for your explanation.... Is there any chance of us being able to use Synaptic with Wayland, at some point? For me, it's an absolutely essential tool.
mvo5
commented
6 years ago Hey, thanks for the problem report. I'm aware of the issue and I'm sorry that I have not tried to fix it yet.
Unfortunately fixing this is quite a bit of work as it needs some re-architecturing of the current code. Synaptic has a "non-root" mode already but that is read-only. So to get the current behaviour this non-root mode would need a companion dbus service that runs as root and uses policykit and this would need the ability to locks the apt cache and to commit changes and send the progress (including the dpkg pty) to the non-root part of synaptic. If someone is keen to help with this effort I'm happy to guide. My own time is unfortunately limited to work on this.
Pjotr123
commented
6 years ago @mvo5 : thanks for responding! Unfortunately I have no coding skills, so I hope you (or someone else) will be able to find some time to fix this....
yareckon
commented
6 years ago Hmm, sounds like a major effort that isn't gonna happen any time soon without some help. It's not too late for Google Summer of Code for Debian: https://wiki.debian.org/SummerOfCode2018 @mvo5 would you able to participate in that as a mentor?
franko108
commented
6 years ago On my Debian 9 (testing repo) synaptic started to work after some updates. Synaptic version is 0.8.42, kernel 4.14.0-3-amd64, GNOME Shell 3.22.3
vanillajonathan
commented
6 years ago @franko108 You mean Synaptic version 0.84.2. http://metadata.ftp-master.debian.org/changelogs/main/s/synaptic/synaptic_0.84.2_changelog
Depend on policykit-1 instead of recommending gksu|kdebase-bin|policykit-1. data/synaptic.desktop.in and debian/synaptic.menu both use debian/synaptic-pkexec, which unconditionally runs pkexec. (Closes: #856520)
franko108
commented
6 years ago @vanillajonathan yes, Synaptic version is 0.8.42. If you need some more information about my setup/dependencies, let me know.
geki-yaba
commented
5 years ago Unfortunately fixing this is quite a bit of work as it needs some re-architecturing of the current code. Synaptic has a "non-root" mode already but that is read-only. So to get the current behaviour this non-root mode would need a companion dbus service that runs as root and uses policykit and this would need the ability to locks the apt cache and to commit changes and send the progress (including the dpkg pty) to the non-root part of synaptic. If someone is keen to help with this effort I'm happy to guide. My own time is unfortunately limited to work on this.
Well, just a dumb idea, but before you do the dbus service from scratch, I'd recommend packagekit with aptcc as backend and libpackagekit gobject library as frontend. I wonder, if a dpkg pty is still necessary with that? Though, I just don't know.
AsciiWolf
commented
5 years ago Debian Buster was released today with Wayland as default, but Synaptic unfortunately still does not work on Wayland.
vanillajonathan
commented
5 years ago Here is a temporary workaround:
Create a file named "sugo" with this content:
#!/bin/sh
[ -n "$@" ] || exit 0
xhost si:localuser:root
sudo $@
xhost -si:localuser:rootGive it permission to execute (chmod +x sugo). Now you can run ./sugo synaptic to start Synaptic.
AsciiWolf
commented
5 years ago Thanks. I really hope this issue will get properly fixed in a future release.
AsciiWolf
commented
5 years ago @mvo5 Just an idea: Couldn't this be solved by creating a specific polkit policy for Synaptic? I think some applications use this on Wayland to run as root and it works.
gunterkoenigsmann
commented
5 years ago The graphical user interface of these applications doesn't run as root (at least the ones that don't use Xwayland in order to defeat all security). But they can use polkit and dbus to order a backend to do things as root.
Synaptic could use already-existing services by telling dbus to tell packagekit to install or uninstall packages...
AsciiWolf
commented
5 years ago I am not sure if using PackageKit is a good idea. As far as i know, PackageKit is deprecated.
dupondje
commented
5 years ago Since Gnome/Mutter 3.34, Wayland can run X11 software with root permissions. No need for specific workarounds anymore. pkexec synaptic just works fine on Ubuntu 19.10 for example now.
But we need to revert/fix https://github.com/mvo5/synaptic/commit/5f3151b19f4277150d501afae915d8f7abfeb0ab#diff-6e0cf79e03f9bdebf99dc9f3759f0950 As since 3.34 its contra productive now :)
AsciiWolf
commented
5 years ago GNOME 3.34 is now in Debian Testing and will be in Ubuntu 20.04. @mvo5 Please, consider reverting 5f3151b.
jbicha
commented
5 years ago @mvo5 Ping! Ubuntu 19.10 will be released in less than a week
mvo5
commented
5 years ago @jbicha Do we have all the required bits in 19.10 for synaptic to work under wayland?
mvo5
commented
5 years ago @jbicha, @AsciiWolf Thanks for the reminder and sorry for my slow reaction. I reverted the patch and uploaded an updated version to both debian and ubuntu.
vanillajonathan
commented
5 years ago I guess this issue could be considered kind of resolved. Which would bring us to the next issue, that Synaptic still relies on X, hence requires XWayland. Also, not sure it works on any other Wayland environment other than GNOME.
AsciiWolf
commented
5 years ago I see that this issue was most likely fixed in 0.84.7. Thanks! :-)
Isakku
commented
5 years ago I consider Synaptic package manager critical for my usage of debian based distros (Ubuntu, Mint, etc.) If Mint 20 would come with Wayland as some people are asking for, I really hope there will be no problems whatsoever.
Vicente-M
commented
4 years ago 
leagris
commented
3 years ago Does not work for ssh -X user@host: sudo synaptic.
goyodiaz
commented
3 years ago This issue have been solved for several gnome releases already and should be closed. Non-root GUI + policykit would be nice to have but having synaptic work on wayland no longer depends on it.
schauveau
commented
2 years ago The solutions proposed above require to have XWayland running.
I just noticed that is is actually possible to run synaptic as root by setting WAYLAND_DISPLAY to the wayland socket file and XDG_RUNTIME_DIR ideally to a directory such as "/run/user/0" but using a non-existing directory does not seem to cause any issues (more tests are needed). I assume that this is because the wayland client library is testing the existence of XDG_RUNTIME_DIR even though it is not actually needed to find the wayland socket.
sudo /bin/env WAYLAND_DISPLAY=$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY XDG_RUNTIME_DIR=/run/user/0 /usr/sbin/synapticWith pkexec : pkexec /bin/env WAYLAND_DISPLAY=$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY XDG_RUNTIME_DIR=/run/user/0 /usr/sbin/synaptic
It should be noted that pkexec may still open a X11 dialog window to query the password.
Tested on Debian unstable with Synaptic 0.90.2 and Sway 1.7
rwperrott
commented
3 months ago This issue have been solved for several gnome releases already and should be closed. Non-root GUI + policykit would be nice to have but having synaptic work on wayland no longer depends on it.
It still isn't working, several years later in (2024-07-04-raspios-bookworm-armhf.img.xz) RaspIOS 32-bit bookworm, so it should stay open until really fixed. This is quite disappointing.
rwperrott
commented
3 months ago The "waysu" script provided by "S. Chauveau" for How to run graphical applications as root under wayland , using waypipe mentioned in the prior answer, can replace pkexec in the /usr/bin/synaptic-pkexec script file.
My concern was that I didn't see a root password prompt when run on RaspiOS, which maybe a security bug in Wayland! Probably Wayland will have to close this hole and provide an approved way to request a super user access session, and not just assume that no interactive task will need this; repeated root password prompts gets old really-fast, e.g. when using admin:// file URIs to edit system files!
The problem that causes this is that in order to improve security wayland doesn't support gui applications to run as root. The preferred way to get root access for an application is to make it run unprivilleged and to elevate the rights of a worker task using policykit, whenever needed.