Public bug reported: Hey!
I would like to request a SRU of the following upstream PR for Noble. https://github.com/polkit-org/polkit/pull/499 I have applied this to ubuntu/noble-updates and produced a new patch that is attached with identical changes. The PR does not apply directly due to mismatch in a couple of lines that differ from upstream. [ Impact ] On Ubuntu Core we've had not historically carried polkit before, it has only recently been decided to include polkit into the Core24 base (and future bases), so this has not been an issue up until now. The decision changed as Core Desktop is moving its architecture to using the official core24 base snap as their base for all the desktop snaps. Core Desktop needs to use polkit for the desktop/user environment, but this brings us to this request. The polkit version currently in Noble does only support reading actions from /usr/share/polkit-1/actions, but this is a protected read-only path on Ubuntu Core. We could change this and map this path into the writable area, but this would bring us into transition issues when/if people want to migrate from core24 to core26 (i.e remodelling), where newer polkit supports reading actions from /etc. This would leave files in a weird state moving away from mapping that path, to the more appropriate /etc. The more sustainable plan is to SRU the mentioned patch, allowing polkit to read actions from /etc, and would provide us with more consistent behaviour moving forward with newer bases, that may contain newer polkit versions that naturally support /etc. [ Where problems could occur ] * Think about what the upload changes in the software. Imagine the change is wrong or breaks something else: how would this show up? Since this is about loading actions, any issues resulting from this change should show up immediately by identifying whether the actions are loaded. * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. In case of a regression, actions from /usr/share/polkit-1/actions would not be loaded either. * This must never be "None" or "Low", or entirely an argument as to why your upload is low risk. I would indicate this is a 'Medium' in risk, as this code change is very isolated. There is no functional or behavioural changes. This is specifically the places we load configuration / actions from. ** Affects: policykit-1 (Ubuntu) Importance: Undecided Status: New ** Patch added: "Applied version to noble-updates source" https://bugs.launchpad.net/bugs/2089145/+attachment/5838789/+files/read-actions-from-etc-run.patch -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/2089145 Title: Backport patch to read actions from /etc and /run Status in policykit-1 package in Ubuntu: New Bug description: Hey! I would like to request a SRU of the following upstream PR for Noble. https://github.com/polkit-org/polkit/pull/499 I have applied this to ubuntu/noble-updates and produced a new patch that is attached with identical changes. The PR does not apply directly due to mismatch in a couple of lines that differ from upstream. [ Impact ] On Ubuntu Core we've had not historically carried polkit before, it has only recently been decided to include polkit into the Core24 base (and future bases), so this has not been an issue up until now. The decision changed as Core Desktop is moving its architecture to using the official core24 base snap as their base for all the desktop snaps. Core Desktop needs to use polkit for the desktop/user environment, but this brings us to this request. The polkit version currently in Noble does only support reading actions from /usr/share/polkit-1/actions, but this is a protected read-only path on Ubuntu Core. We could change this and map this path into the writable area, but this would bring us into transition issues when/if people want to migrate from core24 to core26 (i.e remodelling), where newer polkit supports reading actions from /etc. This would leave files in a weird state moving away from mapping that path, to the more appropriate /etc. The more sustainable plan is to SRU the mentioned patch, allowing polkit to read actions from /etc, and would provide us with more consistent behaviour moving forward with newer bases, that may contain newer polkit versions that naturally support /etc. [ Where problems could occur ] * Think about what the upload changes in the software. Imagine the change is wrong or breaks something else: how would this show up? Since this is about loading actions, any issues resulting from this change should show up immediately by identifying whether the actions are loaded. * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. In case of a regression, actions from /usr/share/polkit-1/actions would not be loaded either. * This must never be "None" or "Low", or entirely an argument as to why your upload is low risk. I would indicate this is a 'Medium' in risk, as this code change is very isolated. There is no functional or behavioural changes. This is specifically the places we load configuration / actions from. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/2089145/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
