[arch-general] How to enable Archlinux users to easily avoid Polkit?

Sun May 30 02:51:14 UTC 2021

On 5/29/21 7:11 AM, Neven Sajko via arch-general wrote:
> Hi
> 
> On my up-to-date Archlinux system, the only package that depends on
> Polkit is Colord, which, in turn, is only depended on by GTK3.
> 
> Forcefully removing the Polkit package (with pacman -R
> --assume-installed polkit polkit), works fine: after doing it, I
> rebooted and printed a page from Chromium (which uses GTK3 for this)
> on my black-and-white printer over USB.

/usr/lib/gtk-3.0/3.0.0/printbackends/libprintbackend-cups.so directly
links to libcolord and will fail to load if it is unavailable. But
perhaps you used a different printbackend...

(I don't know enough about gtk3 to say whether making shared libraries
for printbackends into optional deps, is reasonable. If gtk3 is able to
gracefully handle printbackends which fail to load, then it should be
fine to change...)

> It would be very nice to give Arch and GTK3 users like me the
> opportunity to avoid Polkit without hassle.
> 
> The only idea I got is to move polkit from depends to optdepends in
> the colord package, and add post_install and post_upgrade messages
> saying something like:
> 
>> WARNING: install polkit if you plan on actually using colord!
> 
> Do others agree that this would be more good than bad? In any case,
> I'm not a Pacman expert, so I'm hoping somebody can come up with an
> even better solution?

This is improper, the correct pacman solution for colord would be to do
as Nick suggested and build a split package for:

- libcolord to satisfy programs linking to colord
- colord to run the daemon which libcolord tries to send messages to

> Tangentially, what are the chances of convincing upstream to relax the
> Colord dependency on Polkit? Could such a patch get accepted?

idk how that would work, since /usr/bin/colord has a shared library link
to libpolkit-gobject-1.so.0

And back in mid 2017 they completely removed support for building colord
with --disable-polkit, as well as the warning if you did so, which said:

"YOU ARE NOT USING A SECURE DAEMON. ALL USERS CAN DO ANYTHING!"

during configure.

> BTW, does somebody know what happened to the packages for building
> GTK3 without Colord, building Colord without Polkit, and similar? I
> think those were available on AUR previosuly.

I didn't stumble across any relevant deletion requests. What were the
exact package names?

-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20210529/533dfe7a/attachment.sig>