On Mon, 4 Jan 2021 at 20:12, Eli Schwartz via pacman-dev <pacman-dev@lists.archlinux.org> wrote:
On 1/4/21 1:46 PM, Emil Velikov via pacman-dev wrote:
After a casual chat with some systemd and dbus devs - I was pointed at polkit. With polkit a) gaining and revoking root is trivial, b) it integrates nicely (better than gpg/pinentry) with tty, gnome, kde, etc, while it also c) provides for a consistent user experience.
"pinentry-program /usr/bin/pinentry-curses" integrates very nicely with the tty too, and is apropos for not context-switching between a terminal emulator running in a WM, and some popup window.
pinentry fairly often chokes here, if GPG_TTY and the startup TTY aren't reset in just the right moment...
I'm not aware of a similar option for polkit, it would likely defeat the purpose of most polkit uses though...
... do agree though the explicit override pinentry-program is priceless.
I'm not sure if you're joking or trolling here. I am aiming for "least privilege", moving from yaourt which absolutely sucks in that department, with pacman being a tiny bit better.
I don't see how yaourt is tied to principle of least privilege. Neither with yaourt, nor without yaourt, do you have principle of least privilege.
Was trying to illustrate that yaourt is a step in the opposite direction - worst (yaourt) -> bad (pacman) -> good (polkit based pacman). Duly noted will not mention that helper again.
Last but not least, to reiterate pacman will work as original when the system lacks polkit all together.
No it won't... because you need to link to libpolkit-agent in order to support it, therefore it's a compile-time choice whether the "pacman" package depends on the "polkit" package.
Is dlopen/dlsym banned in pacman?
You could circumvent this by using exec(2) + /usr/bin/pkexec on the whole process, or if, like systemd, you *already* contain a dbus implementation that can send messages to org.freedesktop.PolicyKit1 without linking to polkit.
My initial idea was to try the systemd route and if implementation (or interdependencies) gets too messy - to fallback to pkexec. As you mentioned before separation is priority #1, elevation is 3+ Thanks Emil