Ask your questions here.
Post a reply

Re: Well I broke pkexec somehow, synaptic opens without a pa

Thu Sep 22, 2016 11:17 pm

@ thwak: If you wanted to go that route, wouldn't it be easier and less likely to break anything just to make a pin file in etc/apt/preferences and pin Synaptic?

Re: Well I broke pkexec somehow, synaptic opens without a pa

Thu Sep 22, 2016 11:35 pm

greenjeans wrote:I think pkexec is installed by default with the mate-policy-kit, so maybe it's not in xfce?
It's definitely in there on a Devuan install with the mate desktop, haven't tried a Devuan install with any of the other DE's.

On refracta, is pkexec not pulled in by gparted?
locate pkexec
even with "just fluxbox", me gots pkexec
Code:
root@antix1:/home/demo# locate pkexec
/usr/bin/gparted-pkexec
/usr/bin/pkexec
/usr/bin/synaptic-pkexec
/usr/share/man/man1/pkexec.1.gz
/usr/share/polkit-1/actions/com.ubuntu.pkexec.gparted.policy
/usr/share/polkit-1/actions/com.ubuntu.pkexec.synaptic.policy


Mate still has some minor dependencies here and there on some gnome libraries too,
some I can't get rid of, but found several that I could, don't know why they're still there...
maybe some of the other stuff I dumped needed them.

(unless you would prefer to grep awk and pipe rdepends output, and suchlike, in terminal)
In synaptic preferences, tick the "show package properties in main window".
(perform a search in order to filter and) Click to focus any package (likely perps: gconf, gvfs, polkit*).
In the lower-right pane, select the 'Dependencies' tab and via the selectbox choose 'Dependants'.
You can see the "why" for that package, and afterward, as you click onto other top-right rows their "why" will immediately be displayed to the lower pane.
-=-
Alternatively, right-click and "Mark for Complete Removal" a package of interest, then click 'Apply' in toolbar.
The "Are you sure? xx packages will be removed" dialog provides a CANCEL button, and displays all the
currently-installed dependants that would concurrently, necessarily, be uninstalled.

Bear in mind: "gnome-developed packages" is not analagous to "gnome (shell) packages"
Personally, I (bite off my nose to spite my face) avoid gvfs but if you setup a system without it...
as soon as enduser installs any of a myriad packages, that (gvfs) winds up getting reinstalled
(and, if you pin to prevent its installation, lotta endusers will be inconvenienced.)

Re: Well I broke pkexec somehow, synaptic opens without a pa

Thu Sep 22, 2016 11:54 pm

Before someone here posts
but, but... EVERYTHING depends on gvfs
alternatives do exist (and IMO are usually superior) for each of the gvfs-dependant apps, e.g.
thunar }} spacefm

Re: Well I broke pkexec somehow, synaptic opens without a pa

Fri Sep 23, 2016 12:18 am

thwak wrote:On refracta, is pkexec not pulled in by gparted?
locate pkexec
even with "just fluxbox", me gots pkexec
Code:
root@antix1:/home/demo# locate pkexec
/usr/bin/gparted-pkexec
/usr/bin/pkexec
/usr/bin/synaptic-pkexec
/usr/share/man/man1/pkexec.1.gz
/usr/share/polkit-1/actions/com.ubuntu.pkexec.gparted.policy
/usr/share/polkit-1/actions/com.ubuntu.pkexec.synaptic.policy



Ahh, pulled in by policykit-1 then?
Last edited by greenjeans on Fri Sep 23, 2016 12:32 am, edited 2 times in total.

Re: Well I broke pkexec somehow, synaptic opens without a pa

Fri Sep 23, 2016 12:24 am

@thwak . . . it would be helpful if your lines didn't break. Makes it challenging to read your posts. Are you c/p from a word processor?

Re: Well I broke pkexec somehow, synaptic opens without a pa

Fri Sep 23, 2016 12:28 am

thwak wrote:
greenjeans wrote:I think pkexec is installed by default with the mate-policy-kit, so maybe it's not in xfce?
It's definitely in there on a Devuan install with the mate desktop, haven't tried a Devuan install with any of the other DE's.

On refracta, is pkexec not pulled in by gparted?
locate pkexec
even with "just fluxbox", me gots pkexec
[...

aptitude why pkexec
might be of help.

Re: Well I broke pkexec somehow, synaptic opens without a pa

Fri Sep 23, 2016 12:48 am

There's some info on the archwiki about polkit, seems it's possible bypass password by creating a rules file either globally or for individual actions, but I haven't created one and there's not one in the system in question. So i'm stumped so far.

Re: Well I broke pkexec somehow, synaptic opens without a pa

Fri Sep 23, 2016 1:11 am

Sonuvagun, there's a folder and file in the remastered/installed system that doesn't exist in the Devuan installs, it's under etc, and the folder is "PolicyKit" (with the capital letters), and the file in it is "PolicyKit.conf", an xml file that looks like this:

Code:
<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->

<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">

<!-- See the manual page PolicyKit.conf(5) for file format -->

<config version="0.1">
   <match user="root">
      <return result="yes"/>
   </match>
   <!-- don't ask password for user in live session -->
   <match user="guest">
      <return result="yes"/>
   </match>
   <define_admin_auth group="adm"/>
</config>


Wonder where that came from? I see that it has the comment about not asking for password in live session, but don't see anything specifying a live session.

Mebbe I should kill it and see what happens.

Re: Well I broke pkexec somehow, synaptic opens without a pa

Fri Sep 23, 2016 1:29 am

Yeah, it's letting me mount other partitions too without asking for a password, it's behaving just like the livecd does, is there something I need to do to retract those permissions during install from the livecd?

Re: Well I broke pkexec somehow, synaptic opens without a pa

Fri Sep 23, 2016 2:03 am

gparted-pkexec is in Refracta, but starting it from the menu does nothing. If I start it in a terminal, I'm asked for the root password. I don't really remember how it was a year or two ago, but I recall that pkexec didn't work, and for a while, gksu could not be installed. I made some changes in snapshot and installer for that.

See /lib/live/config/1080-policykit for where that file comes from.

I'm getting the same behavior on a fresh install - I can start gparted from the menu without a password. Maybe PolicyKit.conf needs to be added to the rsync excludes list.

On my main installation, the stock .desktop file does nothing, but gparted-pkexec in a terminal asks for the root password. I think I see why there's a difference.
Code:
   <!-- don't ask password for user in live session -->
   <match user="user">
That's not my user name on my main box. It is my user name on the fresh install.

I guess this is everything installed that has a pkexec file.
Code:
$ dpkg -S pkexec
mate-system-tools: /usr/share/man/man1/mate-services-admin-pkexec.1.gz
mate-system-tools: /usr/share/man/man1/mate-shares-admin-pkexec.1.gz
mate-system-tools: /usr/bin/mate-shares-admin-pkexec
policykit-1: /usr/share/man/man1/pkexec.1.gz
mate-system-tools: /usr/bin/mate-network-admin-pkexec
policykit-1: /usr/bin/pkexec
mate-system-tools: /usr/bin/mate-services-admin-pkexec
synaptic: /usr/share/polkit-1/actions/com.ubuntu.pkexec.synaptic.policy
synaptic: /usr/bin/synaptic-pkexec
mate-system-tools: /usr/share/man/man1/mate-network-admin-pkexec.1.gz
gparted: /usr/bin/gparted-pkexec
gparted: /usr/share/polkit-1/actions/com.ubuntu.pkexec.gparted.policy
mate-system-tools: /usr/share/man/man1/mate-time-admin-pkexec.1.gz
mate-system-tools-common: /usr/share/polkit-1/actions/org.debian.pkexec.mate-system-tools.policy
mate-system-tools: /usr/bin/mate-time-admin-pkexec


Edit: Deleting PolicyKit.conf does not change it. I tried logging out, restarting lightdm and rebooting. No change.
Post a reply