:: Re: [DNG] why is polkit needed? dro…
Góra strony
Delete this message
Reply to this message
Autor: tom
Data:  
Dla: dng
Temat: Re: [DNG] why is polkit needed? dropin replacement
On Wed, 19 Feb 2020 15:17:06 +0100
Tito via Dng <dng@???> wrote:

>
>
> On 2/19/20 10:23 AM, tom wrote:
> > On Wed, 19 Feb 2020 00:35:26 -0800
> > tom <tom@???> wrote:
> >
> >> Deprecated gksudo? Well thats pretty dumb. Any particular reason
> >> Devuan doesn't just fish around for the old gksudo git repo and
> >> continue that instead of dealing with this policykit mess of
> >> complexity? You can allow users in your a group for example
> >> 'installers' to run synaptic by editing sudo's config like so:
> >>
> >> %installers ALL=(ALL) NOPASSWD: /usr/sbin/synaptic
> >>
> >> This Policykit stuff just seems like completely unneeded and
> >> unstable cruft like systemd or pulseaudio.
> >>
> >> Thank you for clarifying though. I'm going to see about getting it
> >> working on Gentoo since I have more experience with ebuilds than I
> >> do with Debian packaging currently.
> >>
> >>
> >>
> >
> > Just found a drop-in replacement for gksudo. It's called lxqt-sudo.
> > https://github.com/lxqt/lxqt-sudo
> > It works pretty well.
> >
> Hi,
>
> this one is nice! but it solves only partially the problem
> of eventually removing policykit because most packages
> like for example synaptic or network-manager have a
> dependency on polkit or on libpolkit-gobject-1.
> Replacing pkexec could be easily done with a wrapper
> calling lxqt-sudo, but I cannot imagine what
> debian packaging voodoo would be needed to
> remove polkit, but for sure a lot of work.
> It is hard to weed out over-complexity once
> it slipped in.
>
> Ciao,
> Tito
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng


If someone had some time they could patch synaptic to remove any pkexec
stuff. But a quick and dirty hack would be to simply modify the
XDG .desktop file and prepend lxsudo to the command line. Here is an
example I did for Zenmap: https://0x0.st/iZpe.png

[Desktop Entry]
Name=Zenmap (as root)
GenericName=GUI Port Scanner
TryExec=/usr/share/zenmap/su-to-zenmap.sh
Exec=lxsudo zenmap
Terminal=false
Icon=/usr/share/zenmap/pixmaps/zenmap.png
Type=Application
Categories=Network;System;Security;
Comment=A cross-platform GUI for the Nmap Security Scanner.
Keywords=network;scan;scanner;IP;security;
Path=
StartupNotify=false

It should also be noted the Zenmap already came with a decent script to
do this, but for my purposes this simple hack worked well enough. I
didn't like the jarring visual discontinuity of xterm. I also would
rather use sudo than su based tools since sudo can have finer grained
polices set

--
________________________________________
/ Maternity pay? Now every Tom, Dick and \
| Harry will get pregnant.               |
|                                        |

\ -- Malcolm Smith                       /
 ---------------------------------------- 
\
 \
   /\   /\   
  //\\_//\\     ____
  \_     _/    /   /
   / * * \    /^^^]
   \_\O/_/    [   ]
    /   \_    [   /
    \     \_  /  /
     [ [ /  \/ _/
    _[ [ \  /_/