[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#48729] [PATCH v5 25/25] services: Add bitmask-service-type.
|
From: |
Maxime Devos |
|
Subject: |
[bug#48729] [PATCH v5 25/25] services: Add bitmask-service-type. |
|
Date: |
Fri, 18 Jun 2021 21:02:39 +0200 |
|
User-agent: |
Evolution 3.34.2 |
Raghav Gururajan via Guix-patches via schreef op vr 18-06-2021 om 02:54 [-0400]:
> +;;;
> +;;; Bitmask VPN
> +;;;
> +
> +(define-public bitmask-service-type
> + (service-type
> + (name 'bitmask)
> + (description "Setup the @uref{https://bitmask.net, Bitmask} VPN
> application.")
> + (default-value bitmask)
> + (extensions
> + (list
> + ;; To configure polkit policy of bitmask.
> + (service-extension polkit-service-type list)
> + ;; To add bitmask to the system profile.
> + (service-extension profile-service-type list)))))
Is there any specific reason that bitmask must be added to the profile?
On a multi-user system, not all users might be interested in bitmask,
and do not need it in their "PATH".
I prefer only adding packages that are explicitely in the ‘packages’
field of 'operating-system' to the system profile.
One possible reason could be that the polkit policy whitelists a few
binaries, say, /gnu/store/aaa-bitmask/sbin/stuff, so
"pkexec stuff" (equivalent to "pkexec /gnu/store/aaa-bitmask/sbin/stuff")
doesn't require special permissions or a password of any kind.
However, if the user has a slightly different version of bitmask
in their profile, then the store path will be different
(/gnu/store/bbb-bitmask/sbin/stuff), then "pkexec stuff" will try
to use the not-authorised version, which will require passwords
or such.
For example, my current system generation and user profile were made
by a different version of Guix, and as a result, have two separate
store paths for "mate-power-backlight-helper".
If I run pkexec on the store path in
/run/current-system/etc/polkit-1/actions/org.mate.power.policy,
then it succeeds. But if I simply run "pkexec mate-power-backlight-helper",
then it asks for authentication.
(Actually, /run/current-system/profile/sbin/mate-power-backlight-helper points
to a binary with yet another store path, but that has nothing to do
with bitmask-service-type.)
(TODO to self: modify "pkexec" to support an --action-id argument,
in order to avoid store paths ...)
Greetings,
Maxime.
signature.asc
Description: This is a digitally signed message part
- [bug#48729] [PATCH v5 18/25] gnu: Add go-github-com-riobard-go-bloom., (continued)
- [bug#48729] [PATCH v5 18/25] gnu: Add go-github-com-riobard-go-bloom., Raghav Gururajan, 2021/06/18
- [bug#48729] [PATCH v5 16/25] gnu: Add go-github-com-mufti1-interconv., Raghav Gururajan, 2021/06/18
- [bug#48729] [PATCH v5 17/25] gnu: Add go-github-com-aead-chacha20., Raghav Gururajan, 2021/06/18
- [bug#48729] [PATCH v5 19/25] gnu: Add go-github-com-shadowsocks-go-shadowsocks2., Raghav Gururajan, 2021/06/18
- [bug#48729] [PATCH v5 15/25] gnu: Add go-github-com-opentracing-opentracing-go., Raghav Gururajan, 2021/06/18
- [bug#48729] [PATCH v5 20/25] gnu: Add go-github-com-kataras-pio., Raghav Gururajan, 2021/06/18
- [bug#48729] [PATCH v5 22/25] gnu: Add go-github-com-operatorfoundation-shapeshifter-transports., Raghav Gururajan, 2021/06/18
- [bug#48729] [PATCH v5 23/25] gnu: Add go-0xacab-org-leap-shapeshifter., Raghav Gururajan, 2021/06/18
- [bug#48729] [PATCH v5 21/25] gnu: Add go-github-com-kataras-golog., Raghav Gururajan, 2021/06/18
- [bug#48729] [PATCH v5 25/25] services: Add bitmask-service-type., Raghav Gururajan, 2021/06/18
- [bug#48729] [PATCH v5 25/25] services: Add bitmask-service-type.,
Maxime Devos <=
- [bug#48729] [PATCH v5 24/25] gnu: Add bitmask., Raghav Gururajan, 2021/06/18