Wiki: https://fedoraproject.org/wiki/Changes/AtomicDesktopDropPklaCompat
Discussion Thread: https://discussion.fedoraproject.org/t/179411 **This is a proposed Change for Fedora Linux.** This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee. == Summary == Remove support for deprecated pkla polkit rules from all Fedora Atomic Desktops. All other ostree/bootable container images dropped it already. == Owner == * Name/Email: [[User:Siosm|Timothée Ravier]], [email protected] == Detailed Description == Compatibility support for the legacy pkla format of pokit rules has been moved to `Recommends` in [ https://src.fedoraproject.org/rpms/polkit/c/f306ce1b70287b9d39e5961ca0703871edb179d5?branch=rawhide f306ce1 polkit hogs cpu on every login/logout] which landed in Fedora 41. At the exception of the Fedora Atomic Desktops, all ostree/bootable container systems disable recommends thus they dropped the `polkit-pkla-compat` package with the update to Fedora 41 (see for [ https://github.com/coreos/fedora-coreos-tracker/issues/1785 Fedora CoreOS]). This change does it for the Atomic Destkops. == Feedback == This was initially suggested in [ https://fedoraproject.org/wiki/Changes/polkit_recommends_pkla_pkexec F37: Make pkexec and pkla-compat optional] which was rejected at the time (see discussion in https://pagure.io/fesco/issue/2766). Since then: * the `polkit-pkla-compat` package has been made optional by the polkit maintainer * this change reduces the scope to Atomic Desktops only where we currently don't include any package using pkla legacy rules and leaves pkexec as is Users that still want to use pkla rules can layer the `polkit-pkla-compat` package on their systems or build derived images. However, it's likely that the ecosystem has moved on at this point: * The last version of Debian with support for those rules is Debian 12 (oldstable) as Debian 13 (stable) dropped the package ( https://packages.debian.org/bookworm/polkitd-pkla) * The last version of Ubuntu with support for those rules is 24.04 ( https://packages.ubuntu.com/search?suite=noble&searchon=names&keywords=pkla) and the package has not been included by default since Ubuntu 24.04 (at least). == Benefit to Fedora == Remove support for obsolete configuration files for a privileged component of the OS and align Atomic Desktops will other ostree/bootable container images. == Scope == * Proposal owners: Will exclude `polkit-pkla-compat` from Atomic Desktops * Other developers: Convert remaining pkla rules to the new format as needed for the remaining packages. * Release engineering: N/A * Policies and guidelines: N/A (not needed for this Change) * Trademark approval: N/A (not needed for this Change) * Alignment with the Fedora Strategy: General improvement for Atomic Desktops == Upgrade/compatibility impact == Systems that still rely on pkla rules will need to have those rules converted to the new polkit format. == Early Testing (Optional) == Do you require 'QA Blueprint' support? N == How To Test == Remove the `polkit-pkla-compat` locally or from the container image. Verify normal operation of privileged operations. == User Experience == Nothing specific to note. == Dependencies == None. == Contingency Plan == * Contingency mechanism: (What to do? Who will do it?) Revert the change. The Atomic Desktops maintainers will do it. * Contingency deadline: N/A (not a System Wide Change) but Beta/Final freeze * Blocks release? N/A (not a System Wide Change) but No, can be easily reverted == Documentation == See release notes. == Release Notes == \nSupport for the legacy pkla format for polkit rules has been removed from all Fedora Atomic Desktops. If you have applications that still rely on those rules, you can re-install the package (by overlaying it or by building your own container image).
-- _______________________________________________ devel-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
-- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
