[oe] [PATCH 2/5] networkmanager: introduce polkit package config
Andreas Müller
schnitzeltony at gmail.com
Thu Jan 17 21:41:31 UTC 2019
On Thu, Jan 17, 2019 at 9:18 PM Stefan Agner <stefan at agner.ch> wrote:
>
> On 17.01.2019 21:01, Andreas Müller wrote:
> > On Thu, Jan 17, 2019 at 8:09 PM Stefan Agner <stefan at agner.ch> wrote:
> >>
> >> On 17.01.2019 18:50, Andreas Müller wrote:
> >> > On Thu, Jan 17, 2019 at 5:27 PM Stefan Agner <stefan at agner.ch> wrote:
> >> > Hi Stefan,
> >> >
> >> > sorry but don't like this patch as is:
> >> >>
> >> >> From: Stefan Agner <stefan.agner at toradex.com>
> >> >>
> >> >> Currently polkit is enabled if systemd is in package config. Those
> >> >> two things are orthogonal: NetworkManager can be used with systemd
> >> >> and without polkit just fine.
> >> > Did you test this (=change networkmanager connections settings) as an
> >> > unpriviledged user?
> >>
> >> Works as expected: need to be root to change connection settings :-)
> >>
> >> We plan to use D-Bus and D-Bus policies (<policy> tags) to allow some
> >> settings to unpriviledged users/groups.
> >>
> >> >>
> >> >> Introduce a new polkit package config and enable it depending on
> >> >> whether polkit is in DISTRO_FEATURES.
> >> >
> >> > * it changes the current behaviour and the default suggested by
> >> > configure.ac: 'we usually compile with polkit support.' and
> >> > meson.build sets polkit by default.
> >>
> >> Yes, this changes default behavior. I did not do that lightly, but I
> >> think it is sensible to have a global policy on polkit, and also let
> >> NetworkManager follow it. I guess the change in default behavior needs
> >> to be pointed out in the documentation e.g. in the chapter "Moving to
> >> the Yocto Project 2.7 Release".
> >>
> >> Throughout OpenEmbedded we had vastly different behavior wrt polkit.
> >> ConnMan disables it by default without any option to enable it. Quite
> >> some packages make it dependent on systemd, some have just a local
> >> package config polkit etc...
> >>
> >> We have a WiFi capable headless device with restricted flash and would
> >> like to use NetworkManager. Using polkit pulls in mozjs, which is rather
> >> large. We do not need interactive authentication capabilities, since our
> >> device does not allow direct user interaction...
> >>
> >>
> >> > * as far as I know there is no polkit DISTRO_FEATURE in metaverse yet.
> >>
> >> Hm, yes, we definitely should add polkit. How can I do this?
> >>
> >> >
> >> > I suggest to add polkit PACKAGECONFIG if systemd is in DISTRO_FEATURES
> >> > - if you don't want polkit you can add a PACKAGECONFIG_remove =
> >> > "polkit" somewhere.
> >>
> >> Yes, I know that. We had this in place so far.
> >>
> >> However, rather than having a bunch of PACKAGECONFIG, I'd rather have a
> >> distro wide policy on polkit. I did send an email to oe-core with a
> >> cover letter, and since that patch got merged, I was assuming that
> >> polkit as a distro policy is the way to go.
> >> http://lists.openembedded.org/pipermail/openembedded-core/2019-January/278021.html
> >>
> > Ahh - I see am too late in the game - decision was already made - go
> > on and forget my last email.
>
> Probably should have sent out this patch set changing meta-oe stuff at
> the same time to get the broader overview, sorry about that.
>
> NetworkManager is really the most drastic change here, since this is a
> prominent package where the change changes the current default. So if
> you have any suggestion to ease the transition, I am happy to look into
> it.
>
TBH: I haven't the time to take care for a use case I never had until
now. I'll just add polkit to my DISTRO_FEATURES and hope to get same
as before.
Andreas
More information about the Openembedded-devel
mailing list