On 1/4/21 1:46 PM, Emil Velikov via pacman-dev wrote:
After a casual chat with some systemd and dbus devs - I was pointed at polkit. With polkit a) gaining and revoking root is trivial, b) it integrates nicely (better than gpg/pinentry) with tty, gnome, kde, etc, while it also c) provides for a consistent user experience.
"pinentry-program /usr/bin/pinentry-curses" integrates very nicely with the tty too, and is apropos for not context-switching between a terminal emulator running in a WM, and some popup window. I'm not aware of a similar option for polkit, it would likely defeat the purpose of most polkit uses though...
I'm not sure if you're joking or trolling here. I am aiming for "least privilege", moving from yaourt which absolutely sucks in that department, with pacman being a tiny bit better.
I don't see how yaourt is tied to principle of least privilege. Neither with yaourt, nor without yaourt, do you have principle of least privilege.
Last but not least, to reiterate pacman will work as original when the system lacks polkit all together.
No it won't... because you need to link to libpolkit-agent in order to support it, therefore it's a compile-time choice whether the "pacman" package depends on the "polkit" package. You could circumvent this by using exec(2) + /usr/bin/pkexec on the whole process, or if, like systemd, you *already* contain a dbus implementation that can send messages to org.freedesktop.PolicyKit1 without linking to polkit. -- Eli Schwartz Bug Wrangler and Trusted User