[game-data-packager] 06/07: Auto-detect whether to use pkexec, sudo or su by default

Simon McVittie smcv at debian.org
Wed Oct 21 11:00:46 UTC 2015 

This is an automated email from the git hooks/post-receive script.

smcv pushed a commit to branch master
in repository game-data-packager.

commit 3a510acb833a4fbc8ec0d02c296933a0ee311e8b
Author: Simon McVittie <smcv at debian.org>
Date:   Wed Oct 21 10:20:56 2015 +0100

    Auto-detect whether to use pkexec, sudo or su by default
---
 debian/changelog            |  4 +++-
 debian/rules                |  5 +++--
 doc/game-data-packager.6    | 12 +++++++++---
 etc/game-data-packager.conf |  4 ++--
 game_data_packager/util.py  | 39 ++++++++++++++++++++++++++++++++++++++-
 5 files changed, 55 insertions(+), 9 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 2583a8c..9cfc5ad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -82,7 +82,9 @@ game-data-packager (43) UNRELEASED; urgency=medium
     and *sums files, which are loaded lazily. This speeds up
     "game-data-packager --help" considerably. (Continuation of #779937)
   * Add configurable installation method instead of always using dpkg or apt
-  * Add configurable privilege-gaining method instead of always using su
+  * Add configurable privilege-gaining method instead of always using su,
+    defaulting to pkexec if available, or sudo if available and the user
+    is in a privileged group, or su
   * Update metadata for yquake2 mod code
     - The Reckoning (xatrix) 2.03 (Closes: #799954)
     - Ground Zero (rogue) 2.02 (Closes: #799955)
diff --git a/debian/rules b/debian/rules
index 18fdeda..80759be 100755
--- a/debian/rules
+++ b/debian/rules
@@ -32,8 +32,9 @@ override_dh_auto_clean:
 override_dh_install:
 	dh_install
 	echo 'GAME_PACKAGE_VERSION = """$(DEB_VERSION)"""' > debian/game-data-packager/usr/share/games/game-data-packager/game_data_packager/version.py
-	if dpkg-vendor --is Raspbian; then sed -i 's#"su"#"sudo"#' debian/game-data-packager/etc/game-data-packager.conf; fi
-	if dpkg-vendor --derives-from Ubuntu; then sed -i 's#"su"#"sudo"#' debian/game-data-packager/etc/game-data-packager.conf; fi
+	if dpkg-vendor --derives-from Ubuntu; then \
+		touch debian/game-data-packager/usr/share/games/game-data-packager/is-ubuntu-derived; \
+	fi
 	install -D -m755 runtime/doom2-masterlevels.py debian/game-data-packager/usr/games/doom2-masterlevels
 
 override_dh_installdocs:
diff --git a/doc/game-data-packager.6 b/doc/game-data-packager.6
index dc07517..bd94057 100644
--- a/doc/game-data-packager.6
+++ b/doc/game-data-packager.6
@@ -51,9 +51,15 @@ such game data from CD-ROMs, the Internet or elsewhere.
 .TP
 .B \-i
 attempt to install the generated Debian package via
-.B dpkg(1)
-and 
-.B su(1)
+.BR dpkg (1)
+or
+.BR apt (8),
+using
+.BR pkexec (1),
+.BR sudo (1)
+or
+.BR su (1)
+to obtain suitable privileges.
 \.
 .TP
 .B \-d out-directory
diff --git a/etc/game-data-packager.conf b/etc/game-data-packager.conf
index 1580a26..0b3c70a 100644
--- a/etc/game-data-packager.conf
+++ b/etc/game-data-packager.conf
@@ -5,6 +5,6 @@ INSTALL="no"	# install the generated package on the local system
 PRESERVE="yes"	# not preserve the generated package file(s)
 VERBOSE="no"    # show output from external tools
 
-# arguments are program names
+# arguments are program names, or empty to choose automatically
 INSTALL_METHOD=""      # uses apt 1.1 if available, or dpkg
-GAIN_ROOT_COMMAND="su" # su on Debian, sudo on Raspbian & Ubuntu
+GAIN_ROOT_COMMAND=""   # su, sudo, pkexec
diff --git a/game_data_packager/util.py b/game_data_packager/util.py
index 76a662a..2d96c1f 100644
--- a/game_data_packager/util.py
+++ b/game_data_packager/util.py
@@ -16,6 +16,7 @@
 # You can find the GPL license text on a Debian system under
 # /usr/share/common-licenses/GPL-2.
 
+import grp
 import logging
 import os
 import shlex
@@ -26,6 +27,7 @@ import sys
 
 from debian.debian_support import Version
 
+from .paths import DATADIR
 from .version import GAME_PACKAGE_VERSION
 
 logger = logging.getLogger('game-data-packager.util')
@@ -181,7 +183,42 @@ def ascii_safe(string, force=False):
                                                 'aacceeeeiiiln***'))
     return string
 
-def run_as_root(argv, gain_root='su'):
+def run_as_root(argv, gain_root=''):
+    if not gain_root and which('pkexec') is not None:
+            # Use pkexec if possible. It has desktop integration, and will
+            # prompt for the user's password if they are administratively
+            # privileged (a member of group sudo), or root's password
+            # otherwise.
+            gain_root = 'pkexec'
+
+    if not gain_root and which('sudo') is not None:
+        # Use sudo as the next choice after pkexec, but only if we're in
+        # a group that should be able to use it.
+        try:
+            sudo_group = grp.getgrnam('sudo')
+        except KeyError:
+            pass
+        else:
+            if sudo_group.gr_gid in os.getgroups():
+                gain_root = 'sudo'
+
+        # If we are in the admin group, also use sudo, but only
+        # if this looks like Ubuntu. We use dpkg-vendor at build time
+        # to detect Ubuntu derivatives.
+        try:
+            admin_group = grp.getgrnam('admin')
+        except KeyError:
+            pass
+        else:
+            if (admin_group.gr_gid in os.getgroups() and
+                    os.path.exists(os.path.join(DATADIR,
+                        'is-ubuntu-derived'))):
+                gain_root = 'sudo'
+
+    if not gain_root:
+        # Use su if we don't have anything better.
+        gain_root = 'su'
+
     if gain_root not in ('su', 'pkexec' ,'sudo', 'super', 'really'):
         logger.warning(('Unknown privilege escalation method %r, assuming ' +
             'it works like sudo') % gain_root)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/game-data-packager.git

More information about the Pkg-games-commits mailing list