golinux | This week's pad is here: https://pad.dyne.org/code/#/1/edit/r19TrndN3oNTrG6UIoe5cw/52IJ2Hd-Pjl9uiyvQRPDCxT2/ | 10:10 |
---|---|---|
LeePen | Hi. | 12:27 |
LeePen | What's the process for closing bugs? | 12:28 |
LeePen | I really mean who is responsible for it? Shall I close #275 after the new policykit-1 is in ceres/beowulf? | 13:01 |
fsmithred | usually the maintainer but not necessarily | 13:14 |
KatolaZ | LeePen: email NNN-done@bugs.devuan.org | 13:24 |
KatolaZ | where NNN is the bug-number | 13:25 |
KatolaZ | include an explanation in the body | 13:25 |
KatolaZ | and you are done | 13:25 |
fsmithred | NNN-done or NNN-close? | 13:25 |
KatolaZ | it's the same | 13:25 |
KatolaZ | (or it should) | 13:25 |
KatolaZ | I use NNN-done, normally | 13:25 |
fsmithred | ok, I use NNN-close (not lateley) | 13:25 |
KatolaZ | it's the same | 13:26 |
fsmithred | so i guess they both do work | 13:26 |
KatolaZ | they are treated the same | 13:26 |
KatolaZ | IIRC | 13:26 |
fsmithred | I just upgraded a refracta ascii to beowulf, and it went very smoothly | 13:26 |
fsmithred | except synaptic package manager lets user install software. | 13:27 |
LeePen | fsmithred: Maintainer: Devuan Dev Team <devuan-dev@lists.dyne.org> | 13:27 |
LeePen | so it looks like it is us! ;) | 13:27 |
LeePen | KatolaZ: thanks. Yes, I just wanted to be sure I wasn't treading on toes by doing it. | 13:28 |
fsmithred | yeah, you want to off-shore that job to someone else? | 13:28 |
fsmithred | any ideas on how to force synaptic to require a password? | 13:30 |
KatolaZ | LeePen: quite the opposite | 13:30 |
fsmithred | seriously, guys, I could use some help diagnosing this. It's been going on for at least a couple of years - either synaptic won't start or anybody can start it and install software. | 13:36 |
fsmithred | same for gparted | 13:36 |
LeePen | fsmithred: I don't use either. Is it related to sudo? I know on my n900 the order of entries in sudoers is critical. | 13:39 |
fsmithred | maybe - I have a file in sudoers.d that allows user to shutdown/reboot without password | 13:41 |
fsmithred | I'll delete it and try again | 13:41 |
fsmithred | ot | 13:41 |
fsmithred | it's related to pkexec | 13:41 |
fsmithred | auth.log shows that pkexec opens synaptic as root for user (1000) | 13:41 |
LeePen | OK, not sudo related then. | 13:42 |
LeePen | I suppose you must have a polkit rule that is allowing that somewhere? | 13:42 |
LeePen | Have you got packagekit installed? | 13:45 |
fsmithred | I don't think I changed any rules - no polkit related config files were changed according to my upgrade | 13:46 |
fsmithred | no packagekit | 13:46 |
KatolaZ | fsmithred: I guess that rule has been in polkit forever | 13:49 |
KatolaZ | (forever == at least since ascii beta) | 13:49 |
fsmithred | which rule? | 13:49 |
KatolaZ | a rule to fix synaptic with pkexec | 13:50 |
KatolaZ | I don't have any polkit installed anywhere, so I can't really check | 13:51 |
KatolaZ | I remember we fiddled with this before ascii beta | 13:51 |
fsmithred | ok, I think I know what you're talking about | 13:51 |
fsmithred | yeah, I even fiddled with it in jessie at one point | 13:51 |
KatolaZ | 'cause synaptic wouldn't start in any live media and/or installation | 13:51 |
fsmithred | yeah, it starts fine in live | 13:51 |
KatolaZ | so we included a polkit rule for that | 13:51 |
KatolaZ | it must have been ascii beta | 13:51 |
KatolaZ | IIRC | 13:51 |
fsmithred | sudo nopasswd in live session | 13:51 |
KatolaZ | so around one year ago, more or less | 13:52 |
fsmithred | I just tried removing sudo but it's the same | 13:52 |
KatolaZ | it's not in sudo | 13:54 |
KatolaZ | IIRC it's a polkit rule | 13:54 |
fsmithred | maybe /usr/share/polkit-1/actions/com.ubuntu.synaptic\ | 13:58 |
fsmithred | not quite, but close | 13:58 |
fsmithred | it only works like that for uid 1000. Second user does not get to run synaptic. | 14:03 |
fsmithred | if second user tries 'pkexec /usr/sbin/synaptic' he gets asked for root password. Entering root password gives an error "No session for cookie" | 14:04 |
LeePen | fsmithred: I am just installing synaptic in a VM to see if I can reproduce this rather than scattering untried suggestions. | 14:17 |
fsmithred | LeePen, thanks | 14:19 |
LeePen | fsmithred: is uid 1000 in the sudo group? | 14:45 |
fsmithred | no | 14:47 |
LeePen | What AdminIdentities do you have set in /etc/polkit-1/ or /var/lib/polkit-1 | 14:50 |
fsmithred | will check in a minute - rebooting | 14:53 |
fsmithred | oh, no I'm not. | 14:53 |
fsmithred | This? 10-vendor.d 20-org.d 30-site.d 50-local.d 90-mandatory.d | 14:55 |
LeePen | But no files in the directories with AdminIdentities configured? | 15:00 |
LeePen | You should have /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf at least. | 15:00 |
LeePen | 15:00 | |
fsmithred | yeah, 51 names sudo group, and 50-localauthority names user as admin | 15:03 |
fsmithred | also found /var/lib/polkit... 10-live-user or something like that | 15:04 |
fsmithred | live-cd user (a leftover) | 15:04 |
LeePen | default 50-localauthority says AdminIdentities=unix-user:0 | 15:06 |
LeePen | Do either 10-live-user or live-cd-user have AdminIdentities configuration? | 15:08 |
fsmithred | yeah, hang on. rebooting again | 15:08 |
fsmithred | 50-localauthority.conf is same as yours | 15:10 |
fsmithred | if I move /var/lib/polkit-1/localauthority/10-vendor.d/10-live-cd.pkla then synaptic no longer starts from the menu | 15:11 |
fsmithred | and running pkexec /usr/sbin/synaptic asks for root pass and then rejects it | 15:12 |
LeePen | What is configured in 10-live-cd-pkla? | 15:12 |
fsmithred | Identity=unix-user:user | 15:12 |
fsmithred | Action=* | 15:12 |
fsmithred | ResultAny=no | 15:12 |
fsmithred | ResultInactive=no | 15:12 |
fsmithred | ResultActive=yes | 15:12 |
fsmithred | # Policy to allow the livecd user to bypass policykit | 15:13 |
LeePen | OK. That is why the user doesn't get a password prompt for running synaptic | 15:14 |
fsmithred | that file probably should get removed on installation of the system to hard drive | 15:16 |
fsmithred | but then synaptic does not start at all | 15:16 |
LeePen | Maybe. It does on my install I have just done. You seem to have polkit remnants that shouldn't be there. | 15:17 |
LeePen | What package is it from? | 15:18 |
fsmithred | in /usr/share/polkit-1/actions/com.ubuntu.pkexec.synaptic.policy it says 'auth_admin' | 15:18 |
fsmithred | good question | 15:18 |
fsmithred | dpkg -S should tell me? | 15:19 |
LeePen | Yes | 15:19 |
fsmithred | dpkg-query: no path found matching pattern /var/lib/polkit-1/localauthority/10-vendor.d/10-live-cd.pkla | 15:19 |
LeePen | Maybe it is part of the live CD then. Is that where this system came from? | 15:20 |
fsmithred | it's in /lib/live/config/1080-policykit | 15:20 |
fsmithred | that script adds stuff to /etc/PolicyKit/PolicyKit.conf | 15:23 |
fsmithred | See the manual page PolicyKit.conf(5) for file format | 15:24 |
LeePen | I don't have any experience of live-cd. But at least that explains why there is no polkit prompt to synaptic. | 15:28 |
fsmithred | https://termbin.com/aplg /etc/PolicyKit/PolicyKit.conf | 15:29 |
LeePen | On my install, I have neither /etc/PolicyKit/PolicyKit.conf not 10-live-cd.pkla | 15:31 |
fsmithred | cool. I'm moving both of those. | 15:31 |
LeePen | If you move them both out of the way does synaptic run? | 15:31 |
fsmithred | testing that... | 15:31 |
LeePen | Or the 10-live-user | 15:33 |
fsmithred | moving just 10-live-user or moving both has same effect: synaptic won't run from menu and 'pkexec /usr/sbin/synaptic' asks for root password and then rejects it | 15:34 |
LeePen | Did you kill polkitd after mmoving /etc/PolicyKit/PolicyKit.conf? | 15:36 |
fsmithred | https://termbin.com/s4k4 | 15:37 |
fsmithred | I rebooted after moving them | 15:37 |
fsmithred | bb in 15-20 min | 15:43 |
LeePen | Try installing policykit-1-gnome and then | 15:44 |
LeePen | logging in and out again. | 15:44 |
LeePen | There is an upstream bug https://gitlab.freedesktop.org/polkit/polkit/issues/17 and I think pkttyagent is broken | 15:51 |
fsmithred | FIXED!!! | 16:07 |
fsmithred | I did a few things | 16:07 |
fsmithred | I moved those two files, removed gksu, did an autoremove which took out gconf2 and a few others, added policykit-1-gnome, moved ~/.su-to-rootrc (another live file) | 16:09 |
KatolaZ | but wasn't gksu dead and buried? | 16:10 |
LeePen | Excellent | 16:10 |
fsmithred | gksu did not get removed in the upgrade to beowulf | 16:11 |
fsmithred | maybe because I didn't remove ascii lines in sources.list | 16:12 |
KatolaZ | fsmithred: I didn't know it was an upgraded box | 16:15 |
KatolaZ | in this case, old stuff will never be uninstalled | 16:15 |
KatolaZ | there would be no way of knowing which package was in the previous repo, and is not any more now, and which package was manually installed from third party sources | 16:16 |
fsmithred | I'm now on pure beowulf - commented out the ascii lines, update/upgrade | 16:18 |
KatolaZ | fsmithred: if you updated from *something*, dpkg won't remove any package that is not available in beowulf but is installed in your box | 16:19 |
fsmithred | the only things that might be from third-party source would be refracta tools | 16:44 |
furrymcgee | I see jitsi instance on dyne.org. how do you install jitsi in devuan? jitsi-videobridge has unmet dependencies ... | 16:45 |
obeardly | furrymcgee: Do you mean jitsi server? | 17:52 |
obeardly | The jitsi-videobridge is just a piece of it. | 17:55 |
furrymcgee | jitsi install fails because of jitsi-videobridge dependency | 18:32 |
plasma41 | From today's meet: https://www.youtube.com/watch?v=O6l8KcF8vLs "Keyboard Lag Sucks" rant | 22:15 |
* rrq not watching videos, but I do remember the transition from 300 to 9600 baud; bliss! :) | 23:06 | |
golinux | That vid was fo full of promotions I could barely find the topic. It was useless imo | 23:17 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!