PolKit and KDE4_AUTH_POLICY_FILES_INSTALL_DIR
John Layt
johnlayt at googlemail.com
Wed Feb 16 20:07:13 CET 2011
Hi,
I've hit an issue with polkit-qt and the KDE4_AUTH_POLICY_FILES_INSTALL_DIR
variable where the variable seems to always be set to the polkit-qt path and
your $KDEDIR path is ignored.
The problem comes if you do not build kdesupport/polkit-qt yourself and
instead try to rely on the system polkit-qt packages. This causes
kde4_install_auth_actions() to try install the actions to the system path
instead of your $KDEDIR path. If you build polkit-qt yourself then your
polkit-qt install path is $KDEDIR so there are no problems.
Additionally, if you try to override the path then kdelibs ignores both the
env var value and the cmake -D value, and the other modules ignore the env var
but pay attention to the cmake -D, giving a somewhat unsatisfactory temporary
hack around the problem.
Is this the intended behaviour, or is it a bug? If intended then why have the
KDE4_AUTH_POLICY_FILES_INSTALL_DIR variable at all?
The consequence is we are effectively telling anyone who wishes to build any
module of KDE that they must always build polkit-kde themselves (and possibly
kdelibs?). I can see this might be needed if you want to test things that
rely on polkit, but it is not exactly newbie friendly and will need to be
documented if true.
There is a warning message displayed in the kdelibs cmake about it:
WARNING: Installation prefix does not match PolicyKit install prefixes.
You probably will need to move files installed in POLICY_FILES_INSTALL_DIR
and by dbus_add_activation_system_service to the prefix
I'm sorry, but I can't understand what that means, a newbie has even less
hope. It's also only displayed in kdelibs which is of no use when trying to
build kde-workspace.
I'm guessing here, but I assume that for security reasons polkit-qt only reads
action files from the one path it was given at build
(AUTH_POLICY_FILES_INSTALL_DIR), hence anything installed into $KDEDIR would
be ignored by a system install of polkit-qt, so by ignoring $KDEDIR we're
trying to be helpful? If that's the case, that seems like the less safe
option to me. Surely it would be better to install to the requested inactive
path and leave it to the dev to sort out afterwards? It seems less likely to
cause security problems, and in most cases the dev isn't even interested in
the code that needs the actions file.
The way I think this should work is:
1) Use KDE4_AUTH_POLICY_FILES_INSTALL_DIR if specified, else use KDEDIR
2) If path different from polkit-qt AUTH_POLICY_FILES_INSTALL_DIR then display
an appropriate warning
3) Install to the requested location, it's then up to the dev to fix if needed
by either moving the files or by building polkit-qt themselves.
The warning message itself should be clearer and displayed in all modules not
just kdelibs, possibly at the bottom of the cmake output with the missing
dependencies where it is more visible. A link to a techbase page explaining
why might be a good idea.
Thoughts?
John.
More information about the Kde-buildsystem
mailing list