[game-data-packager] 06/07: Auto-detect whether to use pkexec, sudo or su by default
Simon McVittie
smcv at debian.org
Wed Oct 21 11:00:46 UTC 2015
This is an automated email from the git hooks/post-receive script.
smcv pushed a commit to branch master
in repository game-data-packager.
commit 3a510acb833a4fbc8ec0d02c296933a0ee311e8b
Author: Simon McVittie <smcv at debian.org>
Date: Wed Oct 21 10:20:56 2015 +0100
Auto-detect whether to use pkexec, sudo or su by default
---
debian/changelog | 4 +++-
debian/rules | 5 +++--
doc/game-data-packager.6 | 12 +++++++++---
etc/game-data-packager.conf | 4 ++--
game_data_packager/util.py | 39 ++++++++++++++++++++++++++++++++++++++-
5 files changed, 55 insertions(+), 9 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 2583a8c..9cfc5ad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -82,7 +82,9 @@ game-data-packager (43) UNRELEASED; urgency=medium
and *sums files, which are loaded lazily. This speeds up
"game-data-packager --help" considerably. (Continuation of #779937)
* Add configurable installation method instead of always using dpkg or apt
- * Add configurable privilege-gaining method instead of always using su
+ * Add configurable privilege-gaining method instead of always using su,
+ defaulting to pkexec if available, or sudo if available and the user
+ is in a privileged group, or su
* Update metadata for yquake2 mod code
- The Reckoning (xatrix) 2.03 (Closes: #799954)
- Ground Zero (rogue) 2.02 (Closes: #799955)
diff --git a/debian/rules b/debian/rules
index 18fdeda..80759be 100755
--- a/debian/rules
+++ b/debian/rules
@@ -32,8 +32,9 @@ override_dh_auto_clean:
override_dh_install:
dh_install
echo 'GAME_PACKAGE_VERSION = """$(DEB_VERSION)"""' > debian/game-data-packager/usr/share/games/game-data-packager/game_data_packager/version.py
- if dpkg-vendor --is Raspbian; then sed -i 's#"su"#"sudo"#' debian/game-data-packager/etc/game-data-packager.conf; fi
- if dpkg-vendor --derives-from Ubuntu; then sed -i 's#"su"#"sudo"#' debian/game-data-packager/etc/game-data-packager.conf; fi
+ if dpkg-vendor --derives-from Ubuntu; then \
+ touch debian/game-data-packager/usr/share/games/game-data-packager/is-ubuntu-derived; \
+ fi
install -D -m755 runtime/doom2-masterlevels.py debian/game-data-packager/usr/games/doom2-masterlevels
override_dh_installdocs:
diff --git a/doc/game-data-packager.6 b/doc/game-data-packager.6
index dc07517..bd94057 100644
--- a/doc/game-data-packager.6
+++ b/doc/game-data-packager.6
@@ -51,9 +51,15 @@ such game data from CD-ROMs, the Internet or elsewhere.
.TP
.B \-i
attempt to install the generated Debian package via
-.B dpkg(1)
-and
-.B su(1)
+.BR dpkg (1)
+or
+.BR apt (8),
+using
+.BR pkexec (1),
+.BR sudo (1)
+or
+.BR su (1)
+to obtain suitable privileges.
\.
.TP
.B \-d out-directory
diff --git a/etc/game-data-packager.conf b/etc/game-data-packager.conf
index 1580a26..0b3c70a 100644
--- a/etc/game-data-packager.conf
+++ b/etc/game-data-packager.conf
@@ -5,6 +5,6 @@ INSTALL="no" # install the generated package on the local system
PRESERVE="yes" # not preserve the generated package file(s)
VERBOSE="no" # show output from external tools
-# arguments are program names
+# arguments are program names, or empty to choose automatically
INSTALL_METHOD="" # uses apt 1.1 if available, or dpkg
-GAIN_ROOT_COMMAND="su" # su on Debian, sudo on Raspbian & Ubuntu
+GAIN_ROOT_COMMAND="" # su, sudo, pkexec
diff --git a/game_data_packager/util.py b/game_data_packager/util.py
index 76a662a..2d96c1f 100644
--- a/game_data_packager/util.py
+++ b/game_data_packager/util.py
@@ -16,6 +16,7 @@
# You can find the GPL license text on a Debian system under
# /usr/share/common-licenses/GPL-2.
+import grp
import logging
import os
import shlex
@@ -26,6 +27,7 @@ import sys
from debian.debian_support import Version
+from .paths import DATADIR
from .version import GAME_PACKAGE_VERSION
logger = logging.getLogger('game-data-packager.util')
@@ -181,7 +183,42 @@ def ascii_safe(string, force=False):
'aacceeeeiiiln***'))
return string
-def run_as_root(argv, gain_root='su'):
+def run_as_root(argv, gain_root=''):
+ if not gain_root and which('pkexec') is not None:
+ # Use pkexec if possible. It has desktop integration, and will
+ # prompt for the user's password if they are administratively
+ # privileged (a member of group sudo), or root's password
+ # otherwise.
+ gain_root = 'pkexec'
+
+ if not gain_root and which('sudo') is not None:
+ # Use sudo as the next choice after pkexec, but only if we're in
+ # a group that should be able to use it.
+ try:
+ sudo_group = grp.getgrnam('sudo')
+ except KeyError:
+ pass
+ else:
+ if sudo_group.gr_gid in os.getgroups():
+ gain_root = 'sudo'
+
+ # If we are in the admin group, also use sudo, but only
+ # if this looks like Ubuntu. We use dpkg-vendor at build time
+ # to detect Ubuntu derivatives.
+ try:
+ admin_group = grp.getgrnam('admin')
+ except KeyError:
+ pass
+ else:
+ if (admin_group.gr_gid in os.getgroups() and
+ os.path.exists(os.path.join(DATADIR,
+ 'is-ubuntu-derived'))):
+ gain_root = 'sudo'
+
+ if not gain_root:
+ # Use su if we don't have anything better.
+ gain_root = 'su'
+
if gain_root not in ('su', 'pkexec' ,'sudo', 'super', 'really'):
logger.warning(('Unknown privilege escalation method %r, assuming ' +
'it works like sudo') % gain_root)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/game-data-packager.git
More information about the Pkg-games-commits
mailing list