:: [devuan-dev] policykit-1 ascii and …
Forside
Slet denne besked
Besvar denne besked
Skribent: Mark Hindley
Dato:  
Til: devuan-dev
Emne: [devuan-dev] policykit-1 ascii and ceres updates for review
Hi all,

I have some policykit-1 updates for review.

https://git.devuan.org/LeePen/policykit-1/commits/suites/ascii-security

This is a backport of 0.105-25+devuan1 (currently in beowulf/ceres) for
ascii. The only requirement for the backport was to reduce debhelper compat to
10. This makes the latest security fixes available in ascii, notably CVE-2019-6133.

https://git.devuan.org/LeePen/policykit-1/commits/suites/unstable-proposed

0.105-25+devuan2 that I propose for ceres. I have

   * Removed the ascii transitional packages that are no longer required.
   * Configured dh_shlibdeps to generate direct depends on the relevant
     backend. This is simpler and allows refinement of the dependency handling.
   * gir1.2-polkit-1.0 Provides: gir1.2-polkitagent-1.0 as required by lintian.
   * Recommend polkit-1-auth-agent to work around broken pkttyagent.


This last item maybe requires some clarification. The default auth agent,
pkttyagent, is difficult to use, requiring two terminals or a slightly obscure
command-line invocation. See https://github.com/NixOS/nixpkgs/issues/18012 and
https://gitlab.freedesktop.org/polkit/polkit/issues/17. We have had a number of
people bump into this same issue on Devuan. It can be avoided by installing a
graphical auth agent (usually policykit-1-gnome). If we recommend the virtual
package polkit-1-auth-agent, this will pull in the necessary package on most
installations without creating a hard and unnecessary dependency.

If anybody can think of an alternative or better work around for this I would
be grateful to hear.

Cheers!

Mark