Checkbox

Merge lp:~roadmr/checkbox/1097816-pkexec into lp:checkbox

  1. 1097816-pkexec
  2. Merge into trunk
Proposed by Daniel Manrique
Status: Merged
Approved by: Zygmunt Krynicki
Approved revision: 2212
Merged at revision: 2219
Proposed branch: lp:~roadmr/checkbox/1097816-pkexec
Merge into: lp:checkbox
Diff against target: 146 lines (+52/-24)
4 files modified
checkbox-old/debian/checkbox.install (+1/-0)
checkbox-old/debian/control (+12/-12)
checkbox-old/examples/org.freedesktop.policykit.checkbox.policy (+31/-0)
checkbox-old/plugins/backend_info.py (+8/-12)
To merge this branch: bzr merge lp:~roadmr/checkbox/1097816-pkexec
Reviewer Review Type Date Requested Status
Zygmunt Krynicki (community) Approve
Review via email: mp+171930@code.launchpad.net

Commit message

This removes the deprecated gksu privileged execution mechanism, and replaces it with pkexec, along with a policy file so the backend can launch graphical programs and ask for proper authorization.

Description of the change

This removes the deprecated gksu privileged execution mechanism, and replaces it with pkexec, along with a policy file so the backend can launch graphical programs and ask for proper authorization.

An instance of sudo (not gksudo) is kept as a desperate measure in case pkexec is not present.

Note that if you want to test this from a source tree, the policy file needs to be copied to /usr/share/polkit-1/actions, and edited so the path points to the source tree's location.

Then run checkbox specifying a full path for CHECKBOX_SHARE, like:

CHECKBOX_SHARE=`pwd` bin/checkbox-qt

this is because full paths are needed for things to work correctly. Optionally, just copy the policy file to the above location, and copy the updated plugins/backend_info.py to /usr/share/checkbox/plugins.

An important part of this set of changes is changing the policykit dependency and installing the policy file, for this a package can be built and installed in a VM. I tested this and it works, although I tested only on a raring VM. This mechanism would need to work on Precise, Quantal, Raring and Saucy, though I'm confident it will as all the underlying components are present in those.

Finally, this could potentially need a change in our preseeds for certification, to avoid asking for the password when it's run. I'm thinking this may not be so necessary anymore, since plainbox (which already has sensible policy packages for this) is used for automated (SRU) testing, and on a manual certification run inputting the password may not be such a bother. If needed, however, the preseeds can simply be modified with a s/auth_admin/yes/ on the policy file that checkbox will now install.

To post a comment you must log in.
Revision history for this message
Zygmunt Krynicki (zyga) wrote :

+1

review: Approve
Revision history for this message
Zygmunt Krynicki (zyga) wrote :

BTW: I'd love if you could put that awesome branch description into your commit messages! That way it's not lost and it's really the quality that we are after!

Revision history for this message
Daniel Manrique (roadmr) wrote :

Hi, I was under the assumption that the commit message has to be short-ish since it'll be in bzr/git. I can try putting a short one-line description and then the long explanation, in the commit message as well. I'll do this in future merge requests.

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

The first line needs to be short

The rest can be as long as you want!

On Tue, Jul 2, 2013 at 4:18 PM, Daniel Manrique <
<email address hidden>> wrote:

> Hi, I was under the assumption that the commit message has to be short-ish
> since it'll be in bzr/git. I can try putting a short one-line description
> and then the long explanation, in the commit message as well. I'll do this
> in future merge requests.
> --
> https://code.launchpad.net/~roadmr/checkbox/1097816-pkexec/+merge/171930
> You are reviewing the proposed merge of lp:~roadmr/checkbox/1097816-pkexec
> into lp:checkbox.
>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'checkbox-old/debian/checkbox.install'
2--- checkbox-old/debian/checkbox.install 2013-06-21 20:43:39 +0000
3+++ checkbox-old/debian/checkbox.install 2013-06-27 23:07:33 +0000
4@@ -7,6 +7,7 @@
5 usr/share/checkbox/data/*
6 usr/share/checkbox/examples/checkbox.ini
7 usr/share/checkbox/examples/network.cfg
8+usr/share/checkbox/examples/org.freedesktop.policykit.checkbox.policy usr/share/polkit-1/actions/
9 usr/share/checkbox/install/*
10 usr/share/checkbox/jobs/*
11 usr/share/checkbox/patches/*
12
13=== modified file 'checkbox-old/debian/control'
14--- checkbox-old/debian/control 2013-06-21 20:43:39 +0000
15+++ checkbox-old/debian/control 2013-06-27 23:07:33 +0000
16@@ -11,34 +11,34 @@
17 python,
18 python-distutils-extra,
19 python-setuptools,
20+ python3-setuptools,
21 python3-all,
22 python3-distutils-extra,
23 python3-gi,
24 python3-lxml,
25 python3-mock,
26 python3-pkg-resources,
27- python3-setuptools,
28 qt4-qmake
29-Vcs-Bzr: https://code.launchpad.net/~hardware-certification/checkbox/trunk
30+Vcs-Bzr: https://code.launchpad.net/~checkbox-dev/checkbox/trunk
31
32 Package: checkbox
33 Section: python
34 Architecture: any
35 Depends: debconf,
36- gir1.2-gudev-1.0,
37 python3-lxml,
38+ policykit-1,
39 udev,
40+ gir1.2-gudev-1.0,
41 udisks2 | udisks,
42 ${misc:Depends},
43 ${python3:Depends},
44 ${shlibs:Depends}
45-Recommends: alsa-base,
46- dpkg (>= 1.13),
47- gir1.2-gst-plugins-base-0.10 | gir1.2-gst-plugins-base-1.0,
48- gir1.2-gstreamer-1.0,
49- gstreamer0.10-gconf | gstreamer1.0-plugins-good,
50- gstreamer1.0-pulseaudio,
51- libgstreamer1.0-0,
52+Recommends: dpkg (>= 1.13),
53+ gir1.2-gst-plugins-base-1.0 | gir1.2-gst-plugins-base-0.10,
54+ gir1.2-gstreamer-1.0 | gir1.2-gstreamer-0.10,
55+ gstreamer1.0-plugins-good | gstreamer0.10-gconf,
56+ gstreamer1.0-pulseaudio | gstreamer0.10-pulseaudio,
57+ libgstreamer1.0-0 | libgstreamer0.10-0,
58 lsb-release,
59 perl,
60 pm-utils,
61@@ -95,7 +95,6 @@
62 Architecture: all
63 Depends: checkbox (>= ${source:Version}),
64 gir1.2-gtk-3.0,
65- gksu,
66 python3-gi,
67 python3-gi-cairo,
68 ${misc:Depends}
69@@ -121,7 +120,8 @@
70
71 Package: checkbox-hw-collection
72 Architecture: any
73-Depends: checkbox (>= ${source:Version}), ${misc:Depends}
74+Depends: checkbox (>= ${source:Version}),
75+ ${misc:Depends}
76 Description: CLI tool for collecting HW information from a system
77 .
78 This package provides a tool for collecting hardware information from
79
80=== added file 'checkbox-old/examples/org.freedesktop.policykit.checkbox.policy'
81--- checkbox-old/examples/org.freedesktop.policykit.checkbox.policy 1970-01-01 00:00:00 +0000
82+++ checkbox-old/examples/org.freedesktop.policykit.checkbox.policy 2013-06-27 23:07:33 +0000
83@@ -0,0 +1,31 @@
84+<?xml version="1.0" encoding="UTF-8"?>
85+<!DOCTYPE policyconfig PUBLIC
86+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
87+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
88+<policyconfig>
89+
90+ <!--
91+ Policy definitions for Checkbox system runner backend.
92+ (C) 2013 Canonical Ltd.
93+ Authors: Sylvain Pineau <sylvain.pineau@canonical.com>
94+ Daniel Manrique <daniel.manrique@canonical.com>
95+ -->
96+
97+ <vendor>Checkbox</vendor>
98+ <vendor_url>https://launchpad.net/checkbox</vendor_url>
99+ <icon_name>checkbox</icon_name>
100+
101+ <action id="org.freedesktop.policykit.pkexec.run-checkbox-backend">
102+ <description>Checkbox privileged command runner</description>
103+ <message>SYSTEM TESTING: Please enter your password. Some tests require root access to run properly. Your password will never be stored and will never be submitted with test results.</message>
104+ <defaults>
105+ <allow_any>auth_admin</allow_any>
106+ <allow_inactive>auth_admin</allow_inactive>
107+ <allow_active>auth_admin</allow_active>
108+ </defaults>
109+ <annotate key="org.freedesktop.policykit.exec.path">/usr/share/checkbox/backend</annotate>
110+ <annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
111+ </action>
112+
113+</policyconfig>
114+
115
116=== modified file 'checkbox-old/plugins/backend_info.py'
117--- checkbox-old/plugins/backend_info.py 2013-05-29 07:50:30 +0000
118+++ checkbox-old/plugins/backend_info.py 2013-06-27 23:07:33 +0000
119@@ -94,20 +94,16 @@
120 "Your password will never be stored and will never "
121 "be submitted with test results.")
122 password_prompt = _("PASSWORD: ")
123+
124 if uid == 0:
125 prefix = []
126- elif os.getenv("DISPLAY") and \
127- call(["which", "kdesudo"],
128- stdout=PIPE, stderr=PIPE) == 0 and \
129- call(["pgrep", "-x", "-u", str(uid), "ksmserver"],
130- stdout=PIPE, stderr=PIPE) == 0:
131- prefix = ["kdesudo", "--comment", password_text, "-d", "--"]
132- elif os.getenv("DISPLAY") and \
133- call(["which", "gksu"],
134- stdout=PIPE, stderr=PIPE) == 0 and \
135- call(["pgrep", "-x", "-u", str(uid), "gnome-panel|gconfd-2"],
136- stdout=PIPE, stderr=PIPE) == 0:
137- prefix = ["gksu", "--message", password_text, "--"]
138+ #We will try to use pkexec, should be installed by default on desktop
139+ #installs and is likely to be there for servers too.
140+ elif call(["which", "pkexec"],
141+ stdout=PIPE, stderr=PIPE) == 0:
142+ prefix = ["pkexec"]
143+ #We fall back to good old sudo if pkexec is not present. Sudo
144+ #*should* be present in any Ubuntu installation.
145 else:
146 prefix = ["sudo", "-p", password_text + " " + password_prompt]
147

Subscribers

People subscribed via source and target branches