Commit f35e734a authored by Mike Fleetwood's avatar Mike Fleetwood Committed by Curtis Gedak

Add required polkit action file (#776437)

An action file is always needed with polkit to describe the privileged
actions that are available to the subject (client program).  For GParted
the only available action is to run the gparted shell script as root.

Note that the polkit action file will be installed into location
$(prefix)/share/polkit-1/actions.  This is required by the GNU Coding
Standards [1] and to prevent 'make distcheck' from failing [2].  However
polkit only uses /usr/share/polkit-1/actions for it's action files [3].
This dilemma was discussed in this Bugzilla bug 776437 and on the
general Automake discussion email list [4].  The solution is to simply
document in the README file that a manual additional installation step
may be required.

The action file is marked as translatable with the underscore (_) of the
_description and _message tags identifying the string to be translated.

Use of INTLTOOL_POLICY_RULE in Makefile.am to merge translations into
the polkit action file necessitates increasing the minimum version of
intltool to 0.36.0 where it was first introduced in intltool.m4.  This
will prevent GParted building on RedHat/CentOS 5 which only has intltool
0.35.0.  But that doesn't matter because RedHat/CentOS 5 reached end of
life on 31st March 2017.

[1] GNU Coding Standards, 7.2.5 Variables for Installation Directories
    https://www.gnu.org/prep/standards/standards.html#Directory-Variables

[2] Automake Manual, 27.10 Installing to Hard-Coded Locations
    https://www.gnu.org/software/automake/manual/automake.html#Hard_002dCoded-Install-Paths
    "My package needs to populate the installation directory of another
    package at install-time.  I can easily compute that installation
    directory in configure, but if I install files therein,
    'make distcheck' fails.  How else should I do?"

[3] polkit(8), Declaring Actions
    https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html#polkit-declaring-actions

    "A mechanism need to declare a set of actions in order to use
    polkit.  Actions correspond to operations that clients can request
    the mechanism to carry out and are defined in XML files that the
    mechanism installs into the /usr/share/polkit-1/actions directory."

[4] Not installing to hard-coded locations vs polkit's fixed location
    http://lists.gnu.org/archive/html/automake/2017-08/msg00015.html

Bug 776437 - GParted fails to run as root under Wayland
parent b47528b6
...@@ -43,6 +43,8 @@ m4/*.m4 ...@@ -43,6 +43,8 @@ m4/*.m4
missing missing
mkinstalldirs mkinstalldirs
omf.make omf.make
org.gnome.gparted.policy
org.gnome.gparted.policy.in
stamp-* stamp-*
test-driver test-driver
testbuild.log testbuild.log
......
...@@ -20,8 +20,15 @@ APPDATA_FILES =$(APPDATA_IN_FILES:.xml.in=.xml) ...@@ -20,8 +20,15 @@ APPDATA_FILES =$(APPDATA_IN_FILES:.xml.in=.xml)
appdatadir = $(datadir)/appdata appdatadir = $(datadir)/appdata
appdata_DATA = $(APPDATA_FILES) appdata_DATA = $(APPDATA_FILES)
@INTLTOOL_POLICY_RULE@
polkit_action_in_in_FILES = org.gnome.gparted.policy.in.in
polkit_action_in_FILES = org.gnome.gparted.policy.in
polkit_action_FILES = $(polkit_action_in_FILES:.policy.in=.policy)
polkit_actiondir = $(datadir)/polkit-1/actions
polkit_action_DATA = $(polkit_action_FILES)
bin_SCRIPTS = gparted bin_SCRIPTS = gparted
CLEANFILES = $(bin_SCRIPTS) $(DESKTOP_IN_FILES) CLEANFILES = $(bin_SCRIPTS) $(DESKTOP_IN_FILES) $(polkit_action_in_FILES)
do_subst = sed -e 's,[@]sbindir[@],$(sbindir),g' \ do_subst = sed -e 's,[@]sbindir[@],$(sbindir),g' \
-e 's,[@]bindir[@],$(bindir),g' \ -e 's,[@]bindir[@],$(bindir),g' \
...@@ -34,6 +41,9 @@ gparted: gparted.in Makefile ...@@ -34,6 +41,9 @@ gparted: gparted.in Makefile
$(do_subst) < $(srcdir)/gparted.in > gparted $(do_subst) < $(srcdir)/gparted.in > gparted
chmod +x gparted chmod +x gparted
org.gnome.gparted.policy.in: org.gnome.gparted.policy.in.in Makefile
$(do_subst) < $(srcdir)/org.gnome.gparted.policy.in.in > org.gnome.gparted.policy.in
dist-hook: dist-hook:
@if test -d "$(srcdir)/.git"; \ @if test -d "$(srcdir)/.git"; \
then \ then \
...@@ -62,6 +72,7 @@ EXTRA_DIST = \ ...@@ -62,6 +72,7 @@ EXTRA_DIST = \
$(APPDATA_FILES) \ $(APPDATA_FILES) \
$(DESKTOP_IN_IN_FILES) \ $(DESKTOP_IN_IN_FILES) \
$(DESKTOP_FILES) \ $(DESKTOP_FILES) \
$(polkit_action_in_in_FILES) \
intltool-extract.in \ intltool-extract.in \
intltool-merge.in \ intltool-merge.in \
intltool-update.in \ intltool-update.in \
...@@ -71,6 +82,7 @@ EXTRA_DIST = \ ...@@ -71,6 +82,7 @@ EXTRA_DIST = \
DISTCLEANFILES = \ DISTCLEANFILES = \
$(appdata_DATA) \ $(appdata_DATA) \
$(desktop_DATA) \ $(desktop_DATA) \
$(polkit_action_DATA) \
intltool-extract \ intltool-extract \
intltool-merge \ intltool-merge \
intltool-update \ intltool-update \
......
...@@ -75,8 +75,11 @@ b. Building from Source ...@@ -75,8 +75,11 @@ b. Building from Source
./configure ./configure
make make
sudo make install sudo make install
This assumes all the dependencies are already installed and builds sudo install -m 644 org.gnome.gparted.policy \
the default configuration. /usr/share/polkit-1/actions/org.gnome.gparted.local.policy
This assumes all the dependencies are already installed, builds the
default configuration and polkit is being used as the graphical su
program.
The following dependencies are required to build GParted from source: The following dependencies are required to build GParted from source:
g++ g++
...@@ -147,7 +150,46 @@ b. Building from Source ...@@ -147,7 +150,46 @@ b. Building from Source
The INSTALL file contains further GNU installation instructions. The INSTALL file contains further GNU installation instructions.
c. Building using a Specific (lib)parted Version c. Installing polkit's Action File
GParted needs to run as root therefore it needs a graphical switch
user program to allow normal users to run it. Most desktops now use
polkit as their preferred authorisation mechanism. Therefore
./configure looks for polkit's pkexec as the first choice with
fallbacks in order being: gksudo, gksu, kdesudo and finally xdg-su.
Also polkit reads action files only from directory
/usr/share/polkit-1/actions. Therefore it is likely that a polkit
action file will need to be installed into this directory.
To determine if polkit's pkexec program is being used as the
graphical privilege escalation program examine the output from
./configure. These lines report that pkexec is being used:
checking for pkexec... pkexec
checking how to run pkexec... pkexec --disable-internal-agent
Where as this line of ./configure output reports that pkexec is not
being used:
checking for pkexec... no
When GParted is configured with prefix /usr (using command
./configure --prefix=/usr) then make install will automatically
install the polkit action file into the correct directory and no
further steps need to be taken. This is typically the case for
distribution builds of GParted.
However when GParted is configured with the default prefix of
/usr/local, or any prefix other than /usr, then the polkit action
file has to be manually installed into the correct directory. Also
it should have a unique file name to avoid overwriting the action
file from the distribution's package. Install the polkit action file
with a unique name including an extra ".local" in the name:
sudo install -m 644 org.gnome.gparted.policy \
/usr/share/polkit-1/actions/org.gnome.gparted.local.policy
d. Building using a Specific (lib)parted Version
1) Download the parted version you wish to use (e.g., 3.2) from: 1) Download the parted version you wish to use (e.g., 3.2) from:
......
...@@ -42,7 +42,7 @@ AC_SUBST([GETTEXT_PACKAGE]) ...@@ -42,7 +42,7 @@ AC_SUBST([GETTEXT_PACKAGE])
AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE], "$GETTEXT_PACKAGE", [description]) AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE], "$GETTEXT_PACKAGE", [description])
AM_GLIB_GNU_GETTEXT AM_GLIB_GNU_GETTEXT
IT_PROG_INTLTOOL([0.35.5]) IT_PROG_INTLTOOL([0.36.0])
dnl====================== dnl======================
......
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
<vendor>The GParted Project</vendor>
<vendor_url>http://gparted.org/</vendor_url>
<icon_name>gparted</icon_name>
<action id="org.gnome.gparted">
<_description>Run GParted as root</_description>
<_message>Authentication is required to run the GParted Partition Editor as root</_message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">@bindir@/gparted</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
</action>
</policyconfig>
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
# Please keep this file sorted alphabetically. # Please keep this file sorted alphabetically.
gparted.appdata.xml.in gparted.appdata.xml.in
gparted.desktop.in.in gparted.desktop.in.in
org.gnome.gparted.policy.in.in
include/Utils.h include/Utils.h
src/BlockSpecial.cc src/BlockSpecial.cc
src/CopyBlocks.cc src/CopyBlocks.cc
......
# List of source files containing translatable strings, but should be skipped. # List of source files containing translatable strings, but should be skipped.
# Please keep this file sorted alphabetically. # Please keep this file sorted alphabetically.
gparted.desktop.in gparted.desktop.in
org.gnome.gparted.policy.in
lib/gtest/include/gtest/internal/gtest-filepath.h lib/gtest/include/gtest/internal/gtest-filepath.h
lib/gtest/src/gtest.cc lib/gtest/src/gtest.cc
# https://bugs.launchpad.net/intltool/+bug/1117944 # https://bugs.launchpad.net/intltool/+bug/1117944
sub/gparted.desktop.in sub/gparted.desktop.in
sub/org.gnome.gparted.policy.in
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment