Re: [DNG] elogind testing for experimental and ascii-proposed

[Erik Christiansen]

On 19.01.18 17:34, KatolaZ wrote:
> On Fri, Jan 19, 2018 at 06:03:59PM +0100, Didier Kryn wrote:
> >     But wether that session is local or not is, in my opinion, and as I
> > already said, futile; and it seems to be mostly used as a justification to
> > develop a tangle of daemons and middleware to bypass the traditional unix
> > security framework.
> 
> This is where I get totally lost with sessions: why on Earth should I
> be able to mount an external device on a remote host to which I login
> via SSH? Or unable to do that, if I am a regular user of that machine?
> What is the use case for this madness? Does it really solve a problem,
> or is just the usual non-working and useless solution to a problem
> that doesn't even exist?
> 
> I am sure I must be missing something here...

Yes, the Poettering Syndrome, but nothing else. If a device needs to be
mounted on another host, then the *nix way is to log in there via ssh or
similar. (Heck, 30 years ago we used rlogin, before security became an
issue. I even remember having root trusted from my host to the others.)

If we replicate all debian architecture, then we remain Poetteringed,
and are doomed to suffer the distasteful consequences of poor design.

On 19.01.18 14:29, Rick Moen wrote:
> Quoting Arnt Karlsen (a...@iaksess.no):
> 
> > ..so a good way forward is, treat this policykit/consolekit/logind
> > etc thing like systemd, pulseaudio etc poetterware.
...

> Why does PolicyKit want to have itself in charge of all user
> permissions, including that of the root user?  Because the
> Freedesktop.org coders decided to override user/groups permissions and
> put themselves in charge via PAM links.  And then PolicyKit
> (policykit-1) requires the rest of the marching band.

> The only real solution is to do without the Freedesktop.org 'stack' and
> give GNOME the heave-ho.  Devuan appears unwiling to take that step so
> far, therefore here you are, adopting Gentoo's systemd-logind forked
> code (which is what elogind is).

+1000

After 30 years in embedded systems design, I remain convinced that the
path to a good design is to add simplicity. The converse does not serve
the user at all well. When finished with taking out everything that can
be removed without losing essential functions, the design is complete.

The primary attribute of a good desktop is to come up fast. Gnome fails
the test. And its tentacles are a problem, not an asset.

On 19.01.18 23:36, KatolaZ wrote:
> BTW, GNOME will most probably not work anyway without systemd, and I
> haven't seen many GNOME fans around here anyway, so GNOME has
> effectively been given the heave-ho so far...

Oh-Oh, if gnome is dependent on systemd, then it is by definition
excluded from Devuan, IIUC? That is without doubt another plus for
Devuan.

Now we just need to dump polycykit and elogind, for another step toward
an elegant clean distro.

The Devuan policykit could perhaps be a text file something like:
"Linux at heart. No systemd, its dependencies, or ancilliary cruft."

Erik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Getting rid of gnome was elogind testing for experimental and ascii-proposed

[golinux]

On 2018-01-19 17:36, KatolaZ wrote:


BTW, GNOME will most probably not work anyway without systemd, and I
haven't seen many GNOME fans around here anyway, so GNOME has
effectively been given the heave-ho so far...

HND

KatolaZ



gnome as a desktop may be absent but gnome is very much entwined with 
De(bia/vua)n.  In setting up ascii for really important things :D , I 
discovered that Aisleriot overrides my mouse icon choice of DMZ (white) 
and forces use of the Adwaita icon theme within the game.  So I tried to 
uninstall adwaita and it wanted to take most of the desktop with it. So 
much for user choice in Gnomeland. For the moment I have gotten around 
this by renaming the theme adwaita.old and the DMZ theme was restored.  
Hopefully that won't break other things. So in effect gnome is equally 
as entwined with the desktop as systemd and would be equally as 
challenging to remove.  I filed a bug report with Debian but don't 
expect anything to change.


golinux
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Rick Moen]

Quoting Adam Borowski (kilob...@angband.pl):

> While I heartily agree with you about GNOME itself, there's too much
> software that uses gnome libs to allow such a move without having to patch
> hundreds if not thousands of packages.

Last time I checked, the GNOME libs required by 90%+ of those hundreds
if not thousands of packages didn't have dependency chain resolving to
systemd-logind or replacements thereof.  gnumeric didn't, Evince
did't, Dia did't, Shotwell didn't, Brasero didn't, GNOME Terminal
didn't -- not even Evolution did.

What does?  The gnome-core package, which isn't a requirement of those
90%+ of GNOME applications.  gnome-disk-utility, ditto.
gnome-settings-daemon, network-manager, modem-manager-gui,
gnome-system-tools, gnome-music, gnome-shell, gnome-disk-utility, and
the 'gnome' kitchen-sink metapackage.  Stuff like that -- GNOME-specific
glue code pieces required to run the GNOME core as opposed to GNOME
apps.  But those are not to be confused with 90%+ of those hundreds if
not thousands of packages, of which you speak.

> Thus, logind needs to be at least emulated.

I have no objection to systemd-logind being emulated.  I merely think
it's a mistake if anyone deems those emulations essential.  They're a
brittle crutch to software that IMO ought to be deemed non-essential,

> joeyh resigned right after his decision to switch to XFCE got overridden
> this way.

I didn't know that, but that makes sense.  That was a colossal blunder.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Adam Borowski]

On Fri, Jan 19, 2018 at 02:29:58PM -0800, Rick Moen wrote:
> The only real solution is to do without the Freedesktop.org 'stack' and
> give GNOME the heave-ho.  Devuan appears unwiling to take that step so
> far, therefore here you are, adopting Gentoo's systemd-logind forked
> code (which is what elogind is).

While I heartily agree with you about GNOME itself, there's too much
software that uses gnome libs to allow such a move without having to patch
hundreds if not thousands of packages.

Thus, logind needs to be at least emulated.  It's currently the most visible
bad piece of that stack, but far from being the only one.

> Debian let itself have its decisions dictated by GNOME.  Isn't this
> making the same mistake, and _even_ in the exact same place in the
> system architecture?

Well, yes.

You may want to take a look at this:
https://wiki.debian.org/DebianDesktop/Requalification/Jessie

I've watched this process in progress, it was disgusting.  This table reeks
of government procurement.  For example, Mate got docked two points for
"tasksel task quality" -- something that takes a single install run to
verify.  Or, "systemd integration" gives _positive_ points -- for me, a
desktop that works well with all unrelated software is strictly better than
one that requires a specific controversial init, thus it should be "init
compatibility" with the sign reversed.  There's also no entry for
"usability", or "discoverability" (users universally get stumped on the lack
of maximize/etc buttons; I still don't know what's the way to run a terminal
without navigating a bunch of controls then typing a name); no points were
assigned for "consistency" while GNOME works differently from what users
were accustomed to.  GNOME also fails to display systray icons (other than
its own), etc.

And, GNOME crashes on start on 9/11 primary and 13/13 secondary
architectures[1].  Take _this_ for a default!  This was papered over by
making the default vary by architecture, but any other package would be
slapped with a RC bug and kept out of release for something like this.

Or, speed: even on a few years old amd64, GNOME draws slower than a 1995ish
machine if you don't have a GPU that supports certain GL extensions that
GNOME requires.  The vast majority of x86 hardware has such GPUs, but it's
not exposed by kvm.

joeyh resigned right after his decision to switch to XFCE got overridden
this way.  He never described his reason, but I strongly suspect this was
the cause.


Meow!

[1]. I'm not aware if this still is the case: for Jessie, I tested a bunch
of machines and VMs I could and asked others for reports, no one could find
a single non-amd64 non-i386 machine where GNOME worked.  It is possible that
in Buster GNOME works on _some_ such machines -- but not on any I own.
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢰⠒⠀⣿⡁ Imagine there are bandits in your house, your kid is bleeding out,
⢿⡄⠘⠷⠚⠋⠀ the house is on fire, and seven big-ass trumpets are playing in the
⠈⠳⣄ sky.  Your cat demands food.  The priority should be obvious...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Rick Moen]

Quoting KatolaZ (kato...@freaknet.org):

> Devuan is not adopting anything atm. Those packages are in
> experimental, that is a repo meant for experimentations and tests.

Noted.  Thank you for clarifying (and yes, that was also stressed in the 
Subject header).

> The mistake made by Debian was to inconditionally adopt systemd and
> its kitchen sink, leaving behind the users who did not want to get in
> that messy wagon, i.e., us.

For the record (at the risk of repeating myself), I do not agree, and
think it worth explaining once again why.

Debian's mistake IMO was to not respond to having been put in an
untenable position by GNOME developers by unmooring themselves from
GNOME as a core distro feature required by Debian Policy.  In my view,
the General Resolution concerned the wrong question.  It should have
been about adopting a different standard DE (or no DE), not about
whether the Technical Commitee may require a specific init system as
PID1 and whether interoperation with various init systems should be
encouraged.  Wrong question.  If they had simply dis-established GNOME
as the official DE, then the ConsoleKit bitrot issue would have been
relegated to 'GNOME problem' rather than 'Debian problem'.

I blame tunnel-vision.  The DDs failed to assess the overall situation
and realise that the real problem was GNOME (and its underlying
dependencies on the ever-changing Freedesktop.org code hairball), and
that they'd need to deal with it eventually or would keep finding their
policies dictated by unplanned Freedesktop.org code churn via coercion
applied through excessive and problematic dependencies.

Devuan is at risk of falling into the same pitfall if it keeps framing
the problem as merely systemd-avoidance, and at best seeks nothing
better than compatible workalikes for Freedesktop.org components.
That is all that elogind is, and IMO that's all eudev is, too.

To quote an old movie, the only way to win is not to play.

> Being a universal distro is not about satisfying the needs of a small
> user base, rather about not leaving anybody behind. Debian has mostly
> failed at that. That's why Devuan exists.

I certainly respect Devuan for trying to respect that aspiration where
Debian failed.  However, I'm increasingly inclined to think that a
universal operating system is an unwise goal.  (As always, I'm not
offended by distro software decisions I differ from.  I'll change the
necessary implementation details locally if necessary.)
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[KatolaZ]

On Fri, Jan 19, 2018 at 02:29:58PM -0800, Rick Moen wrote:

[cut]

> 
> The only real solution is to do without the Freedesktop.org 'stack' and
> give GNOME the heave-ho.  Devuan appears unwiling to take that step so
> far, therefore here you are, adopting Gentoo's systemd-logind forked
> code (which is what elogind is).
>

BTW, GNOME will most probably not work anyway without systemd, and I
haven't seen many GNOME fans around here anyway, so GNOME has
effectively been given the heave-ho so far...

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[KatolaZ]

On Fri, Jan 19, 2018 at 02:29:58PM -0800, Rick Moen wrote:

[cut]

> 
> The only real solution is to do without the Freedesktop.org 'stack' and
> give GNOME the heave-ho.  Devuan appears unwiling to take that step so
> far, therefore here you are, adopting Gentoo's systemd-logind forked
> code (which is what elogind is).
> 
> Debian let itself have its decisions dictated by GNOME.  Isn't this
> making the same mistake, and _even_ in the exact same place in the
> system architecture?
> 

Dear Rick,

Devuan is not adopting anything atm. Those packages are in
experimental, that is a repo meant for experimentations and tests.

The mistake made by Debian was to inconditionally adopt systemd and
its kitchen sink, leaving behind the users who did not want to get in
that messy wagon, i.e., us.

With *workaraunds* like eudev and elogind we could possibly minimise
the damage for Devuan users who want to use a DE with bells and
whistles, but still don't want systemd. Despite I don't give a tiny
toss to any of these automagic things, I don't see anyhting wrong with
trying to allow other people to use them, if they want so.

Being a universal distro is not about satisfying the needs of a small
user base, rather about not leaving anybody behind. Debian has mostly
failed at that. That's why Devuan exists.

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Rick Moen]

Quoting Arnt Karlsen (a...@iaksess.no):

> ..so a good way forward is, treat this policykit/consolekit/logind
> etc thing like systemd, pulseaudio etc poetterware.

I'm bemused by people in the Devuan Project wanting to find a compatible
substitute for systemd-logind.  The entire Debian fiasco was driven by
the GNOME maintainers insisting that the 'seat' functionality of
ConsoleKit was essential, even though it was an obscure, niche function
used by almost nobody.  ConsoleKit becoming deprecated meant the GNOME
developers needed another 'seat' implementation, which effectively
forced choice of systemd-logind with the rest of that marching band.

But it should have been, and was, obvious that this trait of
reimplementing standard functions badly, EOLing and rewriting codebases
frequently, and having ridiculously excessive features and dependencies
was far from being confined to systemd but rather affected the entire
Freedesktop.org glue suite:  udisks2, PolicyKit, ConsoleKit, packagekit,
network-manager, etc.

Why does PolicyKit want to have itself in charge of all user
permissions, including that of the root user?  Because the
Freedesktop.org coders decided to override user/groups permissions and
put themselves in charge via PAM links.  And then PolicyKit
(policykit-1) requires the rest of the marching band.

The only real solution is to do without the Freedesktop.org 'stack' and
give GNOME the heave-ho.  Devuan appears unwiling to take that step so
far, therefore here you are, adopting Gentoo's systemd-logind forked
code (which is what elogind is).

Debian let itself have its decisions dictated by GNOME.  Isn't this
making the same mistake, and _even_ in the exact same place in the
system architecture?


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Arnt Karlsen]

On Fri, 19 Jan 2018 19:06:37 +0100, Didier wrote in message 
<4f0e082e-16d5-29d1-1f7a-edb06ce05...@in2p3.fr>:

>      The major use cases are:
>      1) server with remote users and only root allowed to mount 
> removable devices.
>      2) laptop/desktop with one user at a time with full authority to 
> mount removable devices. You can ssh to your desktop/laptop and still 
> have the same permissions, what's the harm? You should ask someone
> else to insert the device, and this is the true issue and it's not
> solved by the kits (-:
> 
>      If the only role of policykit/consolekit/logind is to give you 
> permissions only if you are local, then I'm just saying that they 
> provide a complex solution to a non-existing problem.
> 
>          Didier

..so a good way forward is, treat this policykit/consolekit/logind
etc thing like systemd, pulseaudio etc poetterware.

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[KatolaZ]

On Fri, Jan 19, 2018 at 09:52:03PM +0100, Irrwahn wrote:

[cut]

> 
> All in all, I think that looks somewhat promising. However, as KatolaZ 
> rightly 
> pointed out, it'd be important to know which other setups would possibly be 
> broken by that approach, and what issues in other DEs might still persist.
> Given the clusterf^W glorious goodness that all these kits'n'kats constitute,
> I doubt it would be possible for it to make it in an ascii release proper —
> unless an armada of people step forward to volunteer for smoke testing this 
> in 
> each and every conceivably sane DE configuration. (I, for one, am however 
> tempted to actually use it on my actual desktop system, provided it ever hits 
> at least the experimental repository.)
>

That's really marvellous progress guys! Congrats!!!

IMPORTANT NOTICE: whoever is reading this email and asking themselves
"How can I help Devuan?", here is a concrete task:

  Please help testing the consolekit2 + elogind + policykit
  clusterf^H^H^H^H^H^H^H combination with any conceivable Desktop
  Environment available in Devuan Ascii, and report the results
  back.

The number, quality, and completeness of Desktop Environments what
will be available and fully functional in the forthcoming Devuan Ascii
is in your hands ;)

HND

KatolaZ

P.S.: Andreas, Hleb, Urban, could you please take charge of prepare a
concise list of DEs combinations to be tested, of what should be
tested exactly, and of *easy* steps to install the required
experimental packages?

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Irrwahn]

Hleb Valoshka wrote on 19.01.2018 20:44:
> On 1/19/18, Irrwahn  wrote:
>> I think that has to be done anyway, because currently one cannot
>> have policykit without having consolekit installed with it, due to
>> the "Depends". The package should have something akin to:
>>
>>   Depends: libpam-elogind | consolekit
>>
>> Anyone up for the task?
> 
> As it has been already told this task is not about of mere package rebuilding.
> 
> But if you are in mood for testing, you can download from [1]
> policykit built with elogind support (consolekit support is dropped as
> it supports only one) and repeat your test. It was built in ascii
> chroot so it's installable both in ascii & ceres.
> 
> Repository with its source is at [2]. The branch is based on
> suites/ascii-proposed.
> 
> 1. https://mega.nz/#!lEVXUY6R!5MJOEEAtSadvwkv27tAPZguuYh0kRI8TVh-OL0VEj5Q
> 2. https://git.devuan.org/375gnu/policykit-1/tree/elogind-support

Great, thanks a bunch Hleb!

* Installed your packages over already present policykit, leaving elogind 
  in place.

* Was able to purge consolekit2 after that, without dragging policykit with 
  it, as I expected.

* Shutdown/Restart from XFCE GUI is now working correctly!

* USB drive user mount in Thunar is now working! (Admittedly, in the meantime 
  I had added udisks2 and related stuff, but that only made the drive show up
  automagically. Mounting it as user was still prohibited unless I installed 
  your reconfigured policykit.)

* "loginctl reboot" from VT now working!
  (Despite still spewing a slightly irritating message; console transcript
   follows:)

 urban@vbascii2:~$ loginctl reboot
 System is going down for reboot NOW!
 Failed to reboot system via elogind: Message recipient disconnected from 
message bus without replying
 urban@vbascii2:~$
 Broadcast message from root@vbascii2 (console) (date yadda-yadda):
 The system is going down for reboot NOW!
 INIT: Switching to runleve: 6
 INIT: Sending processes the TERM signal
 Removed session 2.
 etc. pp. (the usual runlevel change sermon)
   
   I guess that could be an artifact of the shutdown method used by elogind?

All in all, I think that looks somewhat promising. However, as KatolaZ rightly 
pointed out, it'd be important to know which other setups would possibly be 
broken by that approach, and what issues in other DEs might still persist.
Given the clusterf^W glorious goodness that all these kits'n'kats constitute,
I doubt it would be possible for it to make it in an ascii release proper —
unless an armada of people step forward to volunteer for smoke testing this in 
each and every conceivably sane DE configuration. (I, for one, am however 
tempted to actually use it on my actual desktop system, provided it ever hits 
at least the experimental repository.)

Thanks again for going to such lengths, and best regards
Urban

-- 
Sapere aude!
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Hleb Valoshka]

On 1/19/18, Irrwahn  wrote:
> I think that has to be done anyway, because currently one cannot
> have policykit without having consolekit installed with it, due to
> the "Depends". The package should have something akin to:
>
>   Depends: libpam-elogind | consolekit
>
> Anyone up for the task?

As it has been already told this task is not about of mere package rebuilding.

But if you are in mood for testing, you can download from [1]
policykit built with elogind support (consolekit support is dropped as
it supports only one) and repeat your test. It was built in ascii
chroot so it's installable both in ascii & ceres.

Repository with its source is at [2]. The branch is based on
suites/ascii-proposed.

1. https://mega.nz/#!lEVXUY6R!5MJOEEAtSadvwkv27tAPZguuYh0kRI8TVh-OL0VEj5Q
2. https://git.devuan.org/375gnu/policykit-1/tree/elogind-support
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Irrwahn]

KatolaZ wrote on 19.01.2018 19:05:
> On Fri, Jan 19, 2018 at 06:48:42PM +0100, Irrwahn wrote:
> 
> [cut]
> 
>>
>> In my mind, the whole mess looks more like a gigantic game of nuclear 
>> whack-a-mole, and the only winning move is not to play. (The optimist
>> believes we are living in the best of all possible worlds. The pessimist 
>> is afraid the optimist is right. Guess, which faction I belong to. ;^)
>>
>> But honestly, KatolaZ, thanks for damping my enthusiasm. :)
>>
> 
> Dear Urban, it was not my intention to damp your enthisiasm, at all,
> so please accept my apoligies if I did :\

Oh, no need to apologize! I guess my message read far more ironic, or 
even sarcastic, than I intended. I was trying to convey my sincere 
thanks for putting everything in perspective. Alas, English is not my 
native tongue, plus I'm German, and us being direct is a prejudice 
that oftentimes turns out to be true.  ;o)

> 
> We need a lot of enthusiasm. And we also need to test this stuff in as
> many different setups as possible, before deciding what's next,
> IMHO. The help of all the knowledgeable people who are working on that
> is very much appreciated :)

Oh, I wasn't discouraged by your input, no worries, please. :)

> TBH, it would be great if at the end of those tests we could have a
> summary that explains what are the issues, what are the possible
> solutions, and what we can do to help implementing them without
> breaking too much stuff around ;)

And I'll continue to contribute whatever my time and capabilities allow 
to reach that goal. After all, Devuan was the last straw that kept me 
from ditching GNU/Linux altogether in the wake of the systemd meltdown.
[rant] But, honestly, the *BSDs are not the best alternative when it 
comes to desktop systems; server installations are another cup of tea, 
but that's (no longer) my main concern right now. [/rant]

Best regards
Urban
-- 
Sapere aude!
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind available in experimental and ascii-proposed

[Hleb Valoshka]

On 1/19/18, Arnt Karlsen  wrote:

>> Have you rebooted your pc after upgrading CK to CK2?
>
> ..while ok for us mere mortal hobbyist end users, is this
> reboot dance acceptable in business hours?

Reboot is still required to enable a new kernel, and anyway operations
like dist-upgrade should be run out of BH because they may require
reboot.

>> I believe this crash exist only when one is still running old ck
>> daemon. Unfortunately it looks like there is no way to replace running
>> ck daemon (we can kill running one and dbus will start a new instance,
>> ck2, but it won't have information about seats, etc created by the
>> previous instance)
>
> ..why can it not read that info in e.g. a "--set-up-hijack-mode"?

We need to talk with the upstream author.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Didier Kryn]

Le 19/01/2018 à 18:34, KatolaZ a écrit :

On Fri, Jan 19, 2018 at 06:03:59PM +0100, Didier Kryn wrote:

[cut]


     I think the concept of session is still usefull in the framework of a
Desktop Environment. When you log into that kind of environment, you have a
few services associated to it which make your life easier, like monitoring
removable devices, battery or wifi status. It is also easier for dummies to
login through a display manager.


Hi Didier,

if I understand it correctly, it seems that elogind + consolekit2 +
upower + udisks + other pieces of black magic already allow to mount
removable devices, monitor battery, suspend the system, and so on, in
several DE configurations.

I personally don't get all the intricacies of this hairball of
protocols and interdependencies, but I am *very* *happy* that it
somehow works, nevertheless.

For a layman like me this means that we can consider having stuff like
KDE as a working install-time desktop option in Devuan. Maybe not
immediately, but surely in the near future.

Do I care about DEs? Not at all. Do I care about having as many
working DEs options in Devuan as physically possible? Oh yes man, I
damn do...


     But wether that session is local or not is, in my opinion, and as I
already said, futile; and it seems to be mostly used as a justification to
develop a tangle of daemons and middleware to bypass the traditional unix
security framework.

This is where I get totally lost with sessions: why on Earth should I
be able to mount an external device on a remote host to which I login
via SSH? Or unable to do that, if I am a regular user of that machine?
What is the use case for this madness? Does it really solve a problem,
or is just the usual non-working and useless solution to a problem
that doesn't even exist?


    Hi Enzo.

    The major use cases are:
    1) server with remote users and only root allowed to mount 
removable devices.
    2) laptop/desktop with one user at a time with full authority to 
mount removable devices. You can ssh to your desktop/laptop and still 
have the same permissions, what's the harm? You should ask someone else 
to insert the device, and this is the true issue and it's not solved by 
the kits (-:


    If the only role of policykit/consolekit/logind is to give you 
permissions only if you are local, then I'm just saying that they 
provide a complex solution to a non-existing problem.


        Didier



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[KatolaZ]

On Fri, Jan 19, 2018 at 06:48:42PM +0100, Irrwahn wrote:

[cut]

> 
> In my mind, the whole mess looks more like a gigantic game of nuclear 
> whack-a-mole, and the only winning move is not to play. (The optimist
> believes we are living in the best of all possible worlds. The pessimist 
> is afraid the optimist is right. Guess, which faction I belong to. ;^)
> 
> But honestly, KatolaZ, thanks for damping my enthusiasm. :)
> 

Dear Urban, it was not my intention to damp your enthisiasm, at all,
so please accept my apoligies if I did :\

We need a lot of enthusiasm. And we also need to test this stuff in as
many different setups as possible, before deciding what's next,
IMHO. The help of all the knowledgeable people who are working on that
is very much appreciated :)

TBH, it would be great if at the end of those tests we could have a
summary that explains what are the issues, what are the possible
solutions, and what we can do to help implementing them without
breaking too much stuff around ;)

My2Cents

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Irrwahn]

KatolaZ wrote on 19.01.2018 17:36:
> On Fri, Jan 19, 2018 at 02:17:28PM +0100, Irrwahn wrote:
>> [...], because currently one cannot 
>> have policykit without having consolekit installed with it, due to 
>> the "Depends". The package should have something akin to: 
>>
>>   Depends: libpam-elogind | consolekit
>>
>> Anyone up for the task?
>>
> 
> Urban, it's not just a matter of recompiling a single package. It is
> more about knowing how such a change would impact the whole
> distribution, and desktop-things in particular. 
> 
> So before we rush into "remove that dep...oh no add that other one
> instead...oh no, let's replace this component with a brand-new one
> which does not exist yet..." we must know exactly where we want to go,
> how to get there, and if the trip is worth the effort at all.

Yeah, I'm beginning to grasp how deeply intertwined this entire
hairball is. Either things used to be much easier in the past, or 
I've become substantially dumber. (Probably both. :P)

> Having elogind and consolekit2 in experimental is all about trying to
> see if some of the few glitches on the Devuan desktop can be easily
> solved. IMHO, this does not mean that we must solve *all* of those
> glitches, especially because the same concept of "session" (which is
> the root of all this evil) looks at best badly defined, if not totally
> bogus.

I agree, but as is, for elogind to be of any use, policykit must be 
installable independently of consolekit(2). Or maybe I completely 
misinterpreted the whole situation, which is absolutely possible —
in which case I apologize for the noise.

> We don't necessarily have to follow the white rabbit into its dark
> hole, especially because there is a high probability that the rabbit
> will turn into a snake. We have the option to stay outside and enjoy
> the sun...

In my mind, the whole mess looks more like a gigantic game of nuclear 
whack-a-mole, and the only winning move is not to play. (The optimist
believes we are living in the best of all possible worlds. The pessimist 
is afraid the optimist is right. Guess, which faction I belong to. ;^)

But honestly, KatolaZ, thanks for damping my enthusiasm. :)

Best regards
Urban

-- 
Sapere aude!
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[KatolaZ]

On Fri, Jan 19, 2018 at 06:03:59PM +0100, Didier Kryn wrote:

[cut]

> 
>     I think the concept of session is still usefull in the framework of a
> Desktop Environment. When you log into that kind of environment, you have a
> few services associated to it which make your life easier, like monitoring
> removable devices, battery or wifi status. It is also easier for dummies to
> login through a display manager.
>

Hi Didier,

if I understand it correctly, it seems that elogind + consolekit2 +
upower + udisks + other pieces of black magic already allow to mount
removable devices, monitor battery, suspend the system, and so on, in
several DE configurations.

I personally don't get all the intricacies of this hairball of
protocols and interdependencies, but I am *very* *happy* that it
somehow works, nevertheless.

For a layman like me this means that we can consider having stuff like
KDE as a working install-time desktop option in Devuan. Maybe not
immediately, but surely in the near future.

Do I care about DEs? Not at all. Do I care about having as many
working DEs options in Devuan as physically possible? Oh yes man, I
damn do...

>     But wether that session is local or not is, in my opinion, and as I
> already said, futile; and it seems to be mostly used as a justification to
> develop a tangle of daemons and middleware to bypass the traditional unix
> security framework.

This is where I get totally lost with sessions: why on Earth should I
be able to mount an external device on a remote host to which I login
via SSH? Or unable to do that, if I am a regular user of that machine?
What is the use case for this madness? Does it really solve a problem,
or is just the usual non-working and useless solution to a problem
that doesn't even exist?

I am sure I must be missing something here...

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind available in experimental and ascii-proposed

[Arnt Karlsen]

On Wed, 17 Jan 2018 13:22:13 +0300, Hleb wrote in message 
:

> On 1/17/18, Andreas Messer  wrote:
> 
> > Btw, "ck-list-sessions" crashes for me:  
> ...
> 
> Have you rebooted your pc after upgrading CK to CK2?

..while ok for us mere mortal hobbyist end users, is this 
reboot dance acceptable in business hours?

> I believe this crash exist only when one is still running old ck
> daemon. Unfortunately it looks like there is no way to replace running
> ck daemon (we can kill running one and dbus will start a new instance,
> ck2, but it won't have information about seats, etc created by the
> previous instance)

..why can it not read that info in e.g. a "--set-up-hijack-mode"? 

> > Maybe something to forward to upstream.  
> 
> I need a bit more time to check that this crash is actually caused by
> the old daemon.

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Didier Kryn]

Le 19/01/2018 à 16:42, Irrwahn a écrit :

Adam Borowski wrote on 19.01.2018 15:56:

On Fri, Jan 19, 2018 at 02:17:28PM +0100, Irrwahn wrote:

I think that has to be done anyway, because currently one cannot
have policykit without having consolekit installed with it, due to
the "Depends". The package should have something akin to:

   Depends: libpam-elogind | consolekit

Anyone up for the task?

You would have to change policykit to allow runtime detection of logind vs
consolekit.  Currently it can be compiled only one way or the other.

Oh, crud! Nothings ever easy. Having two versions of policykit
probably would be an even worse idea, wouldn't it?


The dbus API is incompatible.  Both can coexist, but it's a bad idea to have
consolekit be unaware of sessions handled by logind -- thus, if you want to
keep consolekit alive, it'd better to implement logind API, as that's what
the desktop environments ecosystem moved to.

I somehow doubt there's a lot of capable people willing to
do it. Of course, I'd be happily proven wrong on that account.


Devuan doesn't (currently?) support non-Linux kernels, but Debian/kfreebsd
and Debian/hurd guys would thank you for this.

Hm, that increases the chances again, I guess.


On the other hand, I have doubts whether logind or consolekit are the best
approaches.  The more I look at them, the more I boggle about the
pointlessness of the whole concept of "sessions": with systemd, you can't
have more than one GUI session; when a GUI session is on, ssh-ing in lets
you access all resources that are supposed to be restricted to that GUI
session; switching to another VT stops music from playing (because
security).  Thus, if you drop things we don't want, it all boils down to
"does this user have a locally logged in session?".  Type "who" and here's
your answer.  It would be possible to have a thin stub that answers dbus
requests with standard POSIX backends, or similar non-NIH tools like
pm-suspend.

[Rant]
Honestly, I'm already close to the point to kick all that session bullshit
to the curb, and go back to startx or the like to bring up a graphical
environment, and sudo-mount my thumbdrives, or whatever. And before anyone
cries "but, but, but security": there are much, much more serious security
holes to plug, besides me running X as root on my @/)%$$ desktop!)
[/Rant]


Such a stub would lose that "fast user switching" feature, but come on -- we
live in a many computers per person world, rather than many persons per
computer as it was the case in the past.  Thus, my idea would have the
following assumptions:
* someone with physical access can always shutdown/reboot the machine: if
   the software disagrees, there's a big button and a small one close to it,
   if even that fails, there's a power cord (or a laptop battery).  Kiosks
   are about the only cases to the contrary, and they already restrict you
   from issuing a "shutdown" command anyway.
* multiple remote users are an important use case, both for command-line and
   GUI (vnc/...) logins
* conversely, multiple local users don't matter anymore: everyone has
   multiple screen-attached computers.  Note the name: _personal_ computer.
   When I say this, someone always responds with "but sub-saharan
   classrooms".  Nope: ages ago we had such a situation in our world, and
   I don't remember a single case when kids had separate accounts where
   they'd lock a session before passing the keyboard to their neighbour.
Thus, I knowingly dismiss a valid use case as irrelevant, to buy us KISS.
It's not so different from systemd: it disallows you to log in via vnc if
you have a local session, which is an use case I did need in the past.

I wholeheartedly agree. I never were able to find a single person that
used, lest relied upon, that multi-seat/multi-session pseudo-feature.
We've come a long way since 1984.



    I think the concept of session is still usefull in the framework of 
a Desktop Environment. When you log into that kind of environment, you 
have a few services associated to it which make your life easier, like 
monitoring removable devices, battery or wifi status. It is also easier 
for dummies to login through a display manager.


    But wether that session is local or not is, in my opinion, and as I 
already said, futile; and it seems to be mostly used as a justification 
to develop a tangle of daemons and middleware to bypass the traditional 
unix security framework.


    This said, getting rid of all that crap without breaking anything 
is certainly not trivial.


        Didier

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[KatolaZ]

On Fri, Jan 19, 2018 at 02:17:28PM +0100, Irrwahn wrote:

[cut]

> 
> Yes, that appears to be the most likely explanation. 
> 
> > Maybe we need to rebuild it with support for elogind.
> 
> I think that has to be done anyway, because currently one cannot 
> have policykit without having consolekit installed with it, due to 
> the "Depends". The package should have something akin to: 
> 
>   Depends: libpam-elogind | consolekit
> 
> Anyone up for the task?
> 

Urban, it's not just a matter of recompiling a single package. It is
more about knowing how such a change would impact the whole
distribution, and desktop-things in particular. 

So before we rush into "remove that dep...oh no add that other one
instead...oh no, let's replace this component with a brand-new one
which does not exist yet..." we must know exactly where we want to go,
how to get there, and if the trip is worth the effort at all.

Having elogind and consolekit2 in experimental is all about trying to
see if some of the few glitches on the Devuan desktop can be easily
solved. IMHO, this does not mean that we must solve *all* of those
glitches, especially because the same concept of "session" (which is
the root of all this evil) looks at best badly defined, if not totally
bogus.

We don't necessarily have to follow the white rabbit into its dark
hole, especially because there is a high probability that the rabbit
will turn into a snake. We have the option to stay outside and enjoy
the sun...

My2Cents

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Irrwahn]

Adam Borowski wrote on 19.01.2018 15:56:
> On Fri, Jan 19, 2018 at 02:17:28PM +0100, Irrwahn wrote:
>> I think that has to be done anyway, because currently one cannot 
>> have policykit without having consolekit installed with it, due to 
>> the "Depends". The package should have something akin to: 
>>
>>   Depends: libpam-elogind | consolekit
>>
>> Anyone up for the task?
> 
> You would have to change policykit to allow runtime detection of logind vs
> consolekit.  Currently it can be compiled only one way or the other.

Oh, crud! Nothings ever easy. Having two versions of policykit 
probably would be an even worse idea, wouldn't it?

> The dbus API is incompatible.  Both can coexist, but it's a bad idea to have
> consolekit be unaware of sessions handled by logind -- thus, if you want to
> keep consolekit alive, it'd better to implement logind API, as that's what
> the desktop environments ecosystem moved to.

I somehow doubt there's a lot of capable people willing to 
do it. Of course, I'd be happily proven wrong on that account.

> 
> Devuan doesn't (currently?) support non-Linux kernels, but Debian/kfreebsd
> and Debian/hurd guys would thank you for this.

Hm, that increases the chances again, I guess. 

> 
> On the other hand, I have doubts whether logind or consolekit are the best
> approaches.  The more I look at them, the more I boggle about the
> pointlessness of the whole concept of "sessions": with systemd, you can't
> have more than one GUI session; when a GUI session is on, ssh-ing in lets
> you access all resources that are supposed to be restricted to that GUI
> session; switching to another VT stops music from playing (because
> security).  Thus, if you drop things we don't want, it all boils down to
> "does this user have a locally logged in session?".  Type "who" and here's
> your answer.  It would be possible to have a thin stub that answers dbus
> requests with standard POSIX backends, or similar non-NIH tools like
> pm-suspend.

[Rant]
Honestly, I'm already close to the point to kick all that session bullshit 
to the curb, and go back to startx or the like to bring up a graphical
environment, and sudo-mount my thumbdrives, or whatever. And before anyone 
cries "but, but, but security": there are much, much more serious security 
holes to plug, besides me running X as root on my @/)%$$ desktop!)
[/Rant]

> 
> Such a stub would lose that "fast user switching" feature, but come on -- we
> live in a many computers per person world, rather than many persons per
> computer as it was the case in the past.  Thus, my idea would have the
> following assumptions:
> * someone with physical access can always shutdown/reboot the machine: if
>   the software disagrees, there's a big button and a small one close to it,
>   if even that fails, there's a power cord (or a laptop battery).  Kiosks
>   are about the only cases to the contrary, and they already restrict you
>   from issuing a "shutdown" command anyway.
> * multiple remote users are an important use case, both for command-line and
>   GUI (vnc/...) logins
> * conversely, multiple local users don't matter anymore: everyone has
>   multiple screen-attached computers.  Note the name: _personal_ computer.
>   When I say this, someone always responds with "but sub-saharan
>   classrooms".  Nope: ages ago we had such a situation in our world, and
>   I don't remember a single case when kids had separate accounts where
>   they'd lock a session before passing the keyboard to their neighbour.
> Thus, I knowingly dismiss a valid use case as irrelevant, to buy us KISS.
> It's not so different from systemd: it disallows you to log in via vnc if
> you have a local session, which is an use case I did need in the past.

I wholeheartedly agree. I never were able to find a single person that 
used, lest relied upon, that multi-seat/multi-session pseudo-feature.
We've come a long way since 1984.

> 
> But, it's good to have elogind available, even if just for a transition.
> For starters, such an unix-logind doesn't exist yet.  Vapourware that I
> don't volunteer to write is quite a weak argument...
> (Compare the complete code of loginkit:
> https://github.com/dimkr/LoginKit/blob/jessie/loginkitd/loginkitd.c)

True dat. That's one, if not /the/, crucial point. I'd volunteer to 
support such an endeavor in whatever way I can, however writing stuff 
like that from scratch is currently beyond my capabilities, and would 
probably drive what's left of my sanity right over the edge (I've touched 
dbus before, will never touch that POC again!), so unfortunately I too 
have to pass on taking a lead role in that, sorry.

> 
> Meow!

Eek!

Urban

-- 
Sapere aude!
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Adam Borowski]

On Fri, Jan 19, 2018 at 02:17:28PM +0100, Irrwahn wrote:
> > It seems to me that these issues are caused by policykit, in devuan it
> > doesn't support logind (obviously) so it's unable to authenticate
> > user's requests.
> 
> Yes, that appears to be the most likely explanation. 
> 
> > Maybe we need to rebuild it with support for elogind.
> 
> I think that has to be done anyway, because currently one cannot 
> have policykit without having consolekit installed with it, due to 
> the "Depends". The package should have something akin to: 
> 
>   Depends: libpam-elogind | consolekit
>
> Anyone up for the task?

You would have to change policykit to allow runtime detection of logind vs
consolekit.  Currently it can be compiled only one way or the other.

The dbus API is incompatible.  Both can coexist, but it's a bad idea to have
consolekit be unaware of sessions handled by logind -- thus, if you want to
keep consolekit alive, it'd better to implement logind API, as that's what
the desktop environments ecosystem moved to.

Devuan doesn't (currently?) support non-Linux kernels, but Debian/kfreebsd
and Debian/hurd guys would thank you for this.

On the other hand, I have doubts whether logind or consolekit are the best
approaches.  The more I look at them, the more I boggle about the
pointlessness of the whole concept of "sessions": with systemd, you can't
have more than one GUI session; when a GUI session is on, ssh-ing in lets
you access all resources that are supposed to be restricted to that GUI
session; switching to another VT stops music from playing (because
security).  Thus, if you drop things we don't want, it all boils down to
"does this user have a locally logged in session?".  Type "who" and here's
your answer.  It would be possible to have a thin stub that answers dbus
requests with standard POSIX backends, or similar non-NIH tools like
pm-suspend.

Such a stub would lose that "fast user switching" feature, but come on -- we
live in a many computers per person world, rather than many persons per
computer as it was the case in the past.  Thus, my idea would have the
following assumptions:
* someone with physical access can always shutdown/reboot the machine: if
  the software disagrees, there's a big button and a small one close to it,
  if even that fails, there's a power cord (or a laptop battery).  Kiosks
  are about the only cases to the contrary, and they already restrict you
  from issuing a "shutdown" command anyway.
* multiple remote users are an important use case, both for command-line and
  GUI (vnc/...) logins
* conversely, multiple local users don't matter anymore: everyone has
  multiple screen-attached computers.  Note the name: _personal_ computer.
  When I say this, someone always responds with "but sub-saharan
  classrooms".  Nope: ages ago we had such a situation in our world, and
  I don't remember a single case when kids had separate accounts where
  they'd lock a session before passing the keyboard to their neighbour.
Thus, I knowingly dismiss a valid use case as irrelevant, to buy us KISS.
It's not so different from systemd: it disallows you to log in via vnc if
you have a local session, which is an use case I did need in the past.

But, it's good to have elogind available, even if just for a transition.
For starters, such an unix-logind doesn't exist yet.  Vapourware that I
don't volunteer to write is quite a weak argument...
(Compare the complete code of loginkit:
https://github.com/dimkr/LoginKit/blob/jessie/loginkitd/loginkitd.c)


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢰⠒⠀⣿⡁ Imagine there are bandits in your house, your kid is bleeding out,
⢿⡄⠘⠷⠚⠋⠀ the house is on fire, and seven big-ass trumpets are playing in the
⠈⠳⣄ sky.  Your cat demands food.  The priority should be obvious...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Irrwahn]

Hleb Valoshka wrote on 19.01.2018 13:28:
> On 1/19/18, Irrwahn  wrote:
>> Scenario 1:
>> ---
>>  │ PAM profiles to enable:
>>  │
>>  │[*] Unix authentication
>>  │[*] Authenticate using SSH keys and start ssh-agent
>>  │[*] elogind Session Management
>>  │[ ] ConsoleKit Session Management
>>
>>   User loggind in via GUI:
>> * session is listed by loginctl
>> * Restart/Shutdown only logs out and leads back to lightdm greeter.
>>
>>   User logged in via VT:
>> * session is listed by loginctl
>> * "loginctl reboot": "Failed to reboot system via elogind:
>>   Interactive authentication required."
> 
> It seems to me that these issues are caused by policykit, in devuan it
> doesn't support logind (obviously) so it's unable to authenticate
> user's requests.

Yes, that appears to be the most likely explanation. 

> Maybe we need to rebuild it with support for elogind.

I think that has to be done anyway, because currently one cannot 
have policykit without having consolekit installed with it, due to 
the "Depends". The package should have something akin to: 

  Depends: libpam-elogind | consolekit

Anyone up for the task?

Best regards
Urban

-- 
Sapere aude!
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Hleb Valoshka]

On 1/19/18, Irrwahn  wrote:
> Scenario 1:
> ---
>  │ PAM profiles to enable:
>  │
>  │[*] Unix authentication
>  │[*] Authenticate using SSH keys and start ssh-agent
>  │[*] elogind Session Management
>  │[ ] ConsoleKit Session Management
>
>   User loggind in via GUI:
> * session is listed by loginctl
> * Restart/Shutdown only logs out and leads back to lightdm greeter.
>
>   User logged in via VT:
> * session is listed by loginctl
> * "loginctl reboot": "Failed to reboot system via elogind:
>   Interactive authentication required."

It seems to me that these issues are caused by policykit, in devuan it
doesn't support logind (obviously) so it's unable to authenticate
user's requests. Maybe we need to rebuild it with support for elogind.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

[Irrwahn]

Andreas Messer wrote on 19.01.2018 07:16:
> That seems strange. loginctl is a elogind command and when elogind does not
> know about the session loginctl should reject or ask for auth. I'll dig into
> this a little bit more. Probably time to setup a vm.

So, I did a little more testing:

* Fresh ascii VM with lightdm and XFCE4; not tampered with.
* ConsoleKit is actually consolekit2 from experimental.
* VM was rebooted after each PAM configuration change.
* USB mass storage devices do not show up in Thunar at all, let 
  alone being user mountable - despite udisks2 being installed.
  (So, I definitely did something special on the other, older VM!)

Scenario 1:
---
 │ PAM profiles to enable:
 │
 │[*] Unix authentication
 │[*] Authenticate using SSH keys and start ssh-agent
 │[*] elogind Session Management
 │[ ] ConsoleKit Session Management

  User loggind in via GUI:
* session is listed by loginctl
* Restart/Shutdown only logs out and leads back to lightdm greeter.

  User logged in via VT:
* session is listed by loginctl
* "loginctl reboot": "Failed to reboot system via elogind:
  Interactive authentication required."


Scenario 2:
---
 │ PAM profiles to enable:
 │
 │[*] Unix authentication
 │[*] Authenticate using SSH keys and start ssh-agent
 │[ ] elogind Session Management
 │[*] ConsoleKit Session Management

  User loggind in via GUI:
* session not listed by loginctl
* Restart/Shutdown work as intended.

  User logged in on VT:
* session not listed by loginctl
* "loginctl reboot": complains (dbus service unavailable), but works!


Scenario 3:
---
 │ PAM profiles to enable:
 │
 │[*] Unix authentication
 │[*] Authenticate using SSH keys and start ssh-agent
 │[*] elogind Session Management
 │[*] ConsoleKit Session Management

  User loggind in via GUI:
* session is listed by loginctl
* Restart/Shutdown only logs out and leads back to lightdm greeter.

  User logged in on VT:
* session is listed by loginctl
* "loginctl reboot": asks to authenticate as root.


HTH, best regards
Urban

-- 
Sapere aude!
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng