Bug#857391: gnome-logs does not prompt the user to elevate privileges

Antoine Bernard abernard+bts at crans.org
Sat Jul 22 05:08:06 UTC 2017 

Dear Maintainer,

As suggested, I took a look at gnome-system-log package to prompt user
to elevate privileges. I enclosed the debdiff.

About the patch:

I have chosen to always prompt the user and to fallback on opening the
logs with the current user permission if the prompt is dismissed.

A ***major*** change in this patch is the change of DBusActivatable
settings from true to false in the data/org.gnome.Logs.dekstop file.
This basically make the data/org.gnome.Logs.servicefile useless and
nullify the commit 4972c62c34579983ed4a65946fa9115957ed53e3 from upstream.
This may have some other drawback I am not aware of.

I did this because I could not make pkexec to work properly with the
DBus service.

The first activation would work fine, but next call will not prompt the
user and do nothing till dbus-daemin timeout.

> Jul 21 01:52:10 arrbpc dbus-daemon[1383]: Activating service
> name='org.gnome.Logs'
> Jul 21 01:54:10 arrbpc dbus-daemon[1383]: Failed to activate service
> 'org.gnome.Logs': timed out

gnome-logs and gnome-logs-pkexec commands would still work in command
line and re-allow user to be prompted.

> Jul 21 01:50:02 arrbpc dbus-daemon[1383]: Successfully activated
> service 'org.gnome.Logs'

I am not fully knowledgeable about DBus and other issue, maybe someone
has the answer to this.

About internationalization:

The internationalization is not supported for the debian/*.policy file
added. gnome-system-log package use CDBS package but I'm not and there
is probably a way to do this by overriding the proper recipe in
debian/rule but I do not know is this is the way to do.


As I am a newcomer, I would welcome any feedback.

Cheers,

--
Antoine Bernard

-------------- next part --------------
diff -Nru gnome-logs-3.22.1/debian/changelog gnome-logs-3.22.1/debian/changelog
--- gnome-logs-3.22.1/debian/changelog	2017-02-05 20:57:42.000000000 +0100
+++ gnome-logs-3.22.1/debian/changelog	2017-07-21 23:38:19.000000000 +0200
@@ -1,3 +1,14 @@
+gnome-logs (3.22.1-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Prompt user to elevate privileges.  Closes: #857391.
+    + debian/control.in:
+      - Add policykit-1 to dependencies.
+    + debian/patches:
+      - Added 02-elevate-privileges.patch.
+
+ -- Antoine Bernard <abernard at crans.org>  Fri, 21 Jul 2017 23:38:19 +0200
+
 gnome-logs (3.22.1-2) unstable; urgency=medium
 
   * debian/patches/01-no-boot-ids.patch:
diff -Nru gnome-logs-3.22.1/debian/control gnome-logs-3.22.1/debian/control
--- gnome-logs-3.22.1/debian/control	2017-02-05 20:57:42.000000000 +0100
+++ gnome-logs-3.22.1/debian/control	2017-07-21 23:38:19.000000000 +0200
@@ -26,7 +26,8 @@
 Architecture: any
 Depends: ${shlibs:Depends},
          ${misc:Depends},
-         gsettings-desktop-schemas
+         gsettings-desktop-schemas,
+         policykit-1
 Description: viewer for the systemd journal.
  The GNOME Logs application is an application to view system logs
  (from the systemd journal) for the GNOME Desktop environment.
diff -Nru gnome-logs-3.22.1/debian/control.in gnome-logs-3.22.1/debian/control.in
--- gnome-logs-3.22.1/debian/control.in	2017-02-05 20:57:42.000000000 +0100
+++ gnome-logs-3.22.1/debian/control.in	2017-07-21 23:38:19.000000000 +0200
@@ -22,7 +22,8 @@
 Architecture: any
 Depends: ${shlibs:Depends},
          ${misc:Depends},
-         gsettings-desktop-schemas
+         gsettings-desktop-schemas,
+         policykit-1
 Description: viewer for the systemd journal.
  The GNOME Logs application is an application to view system logs
  (from the systemd journal) for the GNOME Desktop environment.
diff -Nru gnome-logs-3.22.1/debian/gnome-logs.install gnome-logs-3.22.1/debian/gnome-logs.install
--- gnome-logs-3.22.1/debian/gnome-logs.install	1970-01-01 01:00:00.000000000 +0100
+++ gnome-logs-3.22.1/debian/gnome-logs.install	2017-07-21 23:38:19.000000000 +0200
@@ -0,0 +1,2 @@
+debian/org.debian.pkexec.gnome-logs.policy /usr/share/polkit-1/actions
+debian/gnome-logs-pkexec /usr/bin/
diff -Nru gnome-logs-3.22.1/debian/gnome-logs-pkexec gnome-logs-3.22.1/debian/gnome-logs-pkexec
--- gnome-logs-3.22.1/debian/gnome-logs-pkexec	1970-01-01 01:00:00.000000000 +0100
+++ gnome-logs-3.22.1/debian/gnome-logs-pkexec	2017-07-21 23:38:19.000000000 +0200
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+pkexec /usr/bin/gnome-logs
+# Run unprivileged if the user dismissed the auth dialog
+if [ $? -eq 126 ] ; then
+	exec /usr/bin/gnome-logs
+fi
diff -Nru gnome-logs-3.22.1/debian/org.debian.pkexec.gnome-logs.policy gnome-logs-3.22.1/debian/org.debian.pkexec.gnome-logs.policy
--- gnome-logs-3.22.1/debian/org.debian.pkexec.gnome-logs.policy	1970-01-01 01:00:00.000000000 +0100
+++ gnome-logs-3.22.1/debian/org.debian.pkexec.gnome-logs.policy	2017-07-21 23:38:19.000000000 +0200
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+  <action id="org.gnome.Logs.run">
+    <description>Run gnome-logs</description>
+    <message>Authentication is required to view log</message>
+    <defaults>
+      <allow_any>no</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/gnome-logs</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
+  </action>
+
+</policyconfig>
diff -Nru gnome-logs-3.22.1/debian/patches/02-elevate-privileges.patch gnome-logs-3.22.1/debian/patches/02-elevate-privileges.patch
--- gnome-logs-3.22.1/debian/patches/02-elevate-privileges.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnome-logs-3.22.1/debian/patches/02-elevate-privileges.patch	2017-07-21 23:38:19.000000000 +0200
@@ -0,0 +1,13 @@
+--- a/data/org.gnome.Logs.desktop.in
++++ b/data/org.gnome.Logs.desktop.in
+@@ -6,8 +6,8 @@
+ _Keywords=log;journal;debug;error;
+ Type=Application
+ Categories=GTK;GNOME;System;Monitor;Utility;X-GNOME-Utilities;
+-Exec=gnome-logs
++Exec=gnome-logs-pkexec
+ Icon=gnome-logs
+ Terminal=false
+ StartupNotify=true
+-DBusActivatable=true
++DBusActivatable=false
diff -Nru gnome-logs-3.22.1/debian/patches/series gnome-logs-3.22.1/debian/patches/series
--- gnome-logs-3.22.1/debian/patches/series	2017-02-05 20:57:42.000000000 +0100
+++ gnome-logs-3.22.1/debian/patches/series	2017-07-21 23:38:19.000000000 +0200
@@ -1 +1,2 @@
 01-no-boot-ids.patch
+02-elevate-privileges.patch

More information about the pkg-gnome-maintainers mailing list