Re: [libvirt] [PATCH 0/3] Add capability for text based polkit authentication for virsh
On 02/11/2016 05:11 AM, Daniel P. Berrange wrote:
On Wed, Feb 10, 2016 at 02:46:33PM -0500, John Ferlan wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=872166
>
> As an alternative to commit id 'e94979e90' which allows polkit
> authentication by adding users to the 'libvirt' group, add the
> ability to start and utilize a text based authentication agent
> for virsh.
>
> At the very least patch 1 will suffice part of the issue listed
> in the bz - the opaque error message related to "some agent".
>
> For patch 2, it was far easier to utilize what polkit provides
> in pkttyagent and pkcheck utilities, than adding some code which
> requires POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE being
> #defined for compilation.
Sigh, that define is a bit of a bad joke really. polkit was first
added in Fedora 12, and comparing the header files between then
and now, they've never broken their ABI. They're merely added new
APIs. IMHO, we can just define that, and use the API from libvirt
without trouble.
I had code generated that tried to use those API's, but couldn't find
the correct magic incantation to convince the build to find the
polkitagent/polkitagent.h file.
#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
#include <polkitagent/polkitagent.h>
...
util/virpolkit.c:30:37: fatal error: polkitagent/polkitagent.h: No such
file or directory
...
/usr/include/polkit-1/polkitagent/polkitagent.h
That is, how do I ensure that somehow automagically add that
-I/usr/include/polkit-1 ?
I did try to "follow" examples of adding POLKIT_AGENT_CFLAGS and
POLKIT_AGENT_LIBS to configure.ac and src/Makefile.am, but still no luck.
Tks -
John
>
> I chose 'pkauth' to mean polkit authentication - figured it was
> a workable shorthand, but if there's better suggestions those
> can be considered.
Regards,
Daniel