Kontact Touch running on Harmattan

Andre Heinecke aheinecke at intevation.de
Wed Oct 26 08:18:15 UTC 2011 

Hi Laszlo,

thanks for the feedback, I'll have another go at this later, as you have seen 
i've misunderstood the way this is implemented. 

For me it was the goal was to have the file with group gnupg if i want that 
users/processes of group gnupg can read it i thought this is how it should 
be. And in #harmattan i've also got the advice from describing my problem 
that i should request chown to archive that. That together with the error 
message "File not installed" caused some frustration on my end.

I agree with you that the bitching about aegis does not help us at all and we 
have to take it as it is. So i will read more of the documentation about this 
to get a better understanding how this is meant to work (In contrast to 
seeing it as a restriction that has to be worked around). We also need some 
more aegis privileges in some other kde packages at least i get errors that 
the cache can not be symlinked from /var/tmp etc.

Regards,
Andre

At Tuesday 25 October 2011 10:23:46 Laszlo Papp wrote:
> > I think this is acceptable on a typical "single user" device.
>
> I think it is a security principle violation, and it is more like just
> a workaround. I am not sure it will pass the OVI QA process, but
> certainly not recommended.
>
> I am trying to give you an example how to do it properly:
>
> debian/yourpackage.aegis:
>
> <aegis>
>   <request>
>     <credential name="UID::A"/>
>     <credential name="GID::B"/>
>     <for path="/usr/bin/helloworld"/>
>     <for path="/usr/sbin/foobar>
>   </request>
> </aegis>
>
> A: The user of the relevant file or/and directory you wanted to modify by
> chown B: The group of the relevant file or/and directory you wanted to
> modify by chown
>
> You can get those user and group by using "ls -lda"-like commands.
>
> /usr/bin/helloworld: The process one which would like to have the
> relevant access to the desired file or/and directory
> /usr/sbin/foobar: Another process which would like to thave the
> relevant access to the desired file or/and directory
>
> Note that you request the credential for the process which needs to
> have the accesses and not the output file.
>
> If it is for maintainer scripts, it is better to use this:
> <request context="INSTALL">
> ...
> </request>
>
> In order to understand the logic: your process will run with the
> relevant user/group privileges, and you do not need to use chown
> because of this logic.
>
> Hope it helps. I am all for help, just ask if something is not clear. :)
>
> Best Regards,
> Laszlo Papp


-- 
Andre Heinecke |  ++49-541-335083-262 |  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

More information about the Kde-mobile mailing list