From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ricardo Wurmus <rekado@elephly.net>
Subject: Re: [PATCH] Fix XFCE shutdown/reboot via menu.
Date: Sat, 21 Nov 2015 22:06:58 +0100
Message-ID: <87si3zqcy5.fsf@elephly.net>
References: <87vb8vqolg.fsf@elephly.net> <87fuzz5bs5.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54545)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rekado@elephly.net>) id 1a0FNH-0001Bt-5L
	for guix-devel@gnu.org; Sat, 21 Nov 2015 16:07:12 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rekado@elephly.net>) id 1a0FNG-0006br-3D
	for guix-devel@gnu.org; Sat, 21 Nov 2015 16:07:11 -0500
In-reply-to: <87fuzz5bs5.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: guix-devel <guix-devel@gnu.org>


Ludovic Courtès <ludo@gnu.org> writes:

> Ricardo Wurmus <rekado@elephly.net> skribis:
>
>> First I had to patch our xfce-session package.  Upower is checked for at
>> configure time and needed for shutdown and reboot.  Polkit’s “pkexec” is
>> required to run the shutdown helper.
>>
>> The helper contains a bunch of hardcoded paths to /sbin/shutdown, which
>> are replaced in a build phase — not in a snippet because eventually we
>> should also fix the paths to pm-{suspend,hibernate}, which would be
>> provided by an input that is currently not present(?).
>
> The ‘run’ function in xfsm-shutdown-helper/main.c runs these programs
> with:
>
>       result = g_spawn_sync (NULL, argv, envp,
>                              G_SPAWN_SEARCH_PATH | G_SPAWN_STDOUT_TO_DEV_NULL |
>                              G_SPAWN_STDERR_TO_DEV_NULL,
>                              NULL, NULL, NULL, NULL, &status, &err);
>
> I’m guessing G_SPAWN_SEARCH_PATH means that the program is searched for
> in $PATH, in which case writing ‘halt’ would be enough (it would be
> found in /run/setuid-programs.)

I see.

>> I also needed to change my system configuration to add “pkexec” to the
>> list of setuid programs:
>>
>>   (setuid-programs (cons #~(string-append #$polkit "/bin/pkexec")
>>                            %setuid-programs))
>>
>> Maybe this should just be added to %setuid-programs?
>
> I think polkit-service-type should extend setuid-service-type to add
> that program.

‘polkit-service-type’ already extends ‘setuid-programs-service-type’
with ‘polkit-setuid-programs’:

  (define polkit-setuid-programs
    (match-lambda
      (($ <polkit-configuration> polkit)
       (list #~(string-append #$polkit
                              "/lib/polkit-1/polkit-agent-helper-1")))))

I guess we can just append ‘#~(string-append #$polkit "/bin/pkexec")’
here.

>> Is it okay to use /run/setuid-programs/pkexec in the shutdown helper or
>> should this rather be a reference to the polkit input?
>
> The code that spawns pkexec looks like this:
>
>   command = g_strdup_printf ("pkexec " XFSM_SHUTDOWN_HELPER_CMD " --%s", action);
>   ret = g_spawn_command_line_sync (command, NULL, NULL, &exit_status, error);
>
> I think this can be left unchanged, as long as we provide pkexec in
> $PATH (which is the case if it’s in /run/setuid-programs.)

Okay.  I’ll try the above changes and report back.

~~ Ricardo