Build: Prevent GNOME 3+ auth dlgs in TVNC sessions

... on platforms that use newer polkit versions that don't support PKLA files, including: - Ubuntu 23.10 and later if the polkitd-pkla package is not installed - RHEL 7 and Fedora 19 and later if the polkit-pkla-compat package is not installed (but only RHEL 8 seems to allow it to be uninstalled) - SUSE (in theory, but the dialogs were never observed in practice)
TurboVNC · Jul 18, 2024 · 6a5352b · 6a5352b
1 parent b7f4ac3
commit 6a5352b
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 2 deletions.
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -60,6 +60,15 @@ indefinitely if a viewer's network connection drops while it is dragging the
 mouse. A new Xvnc command-line option (`-pointerlocktimeout`) can be used to
 specify the time limit.
 
+11. The RPM and DEB packages generated by the TurboVNC build/packaging system
+now include a polkit rules file that prevents various authentication dialogs
+("Authentication is required to create a color managed device", "Authentication
+is required to access the PC/SC daemon", "Authentication is required to refresh
+the system repositories") from popping up when using the GNOME window manager
+with the TurboVNC Server on Ubuntu 23.10 and later (if the `polkitd-pkla`
+package is not installed) and on RHEL 7 and Fedora 19 and later (if the
+`polkit-pkla-compat` package is not installed.)
+
 
 3.0.3
 =====

diff --git a/release/makedpkg.in b/release/makedpkg.in
@@ -88,11 +88,28 @@ EOF
 if [ "$SYSCONFDIR" = "/etc" ]; then
 mkdir -p $TMPDIR/etc/polkit-1/localauthority/50-local.d
 cat > $TMPDIR/etc/polkit-1/localauthority/50-local.d/45-turbovnc-gnome3.pkla << EOF
-[Eliminate GNOME 3 dialogs in TurboVNC]
+[Eliminate GNOME 3+ dialogs in TurboVNC]
 Identity=unix-user:*
 Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile;org.debian.pcsc-lite.access_pcsc;org.freedesktop.packagekit.system-sources-refresh;org.freedesktop.packagekit.system-network-proxy-configure
 ResultAny=no
 EOF
+mkdir -p $TMPDIR/etc/polkit-1/rules.d
+cat > $TMPDIR/etc/polkit-1/rules.d/45-turbovnc-gnome3.rules << EOF
+// Eliminate GNOME 3+ dialogs in TurboVNC
+polkit.addRule(function(action, subject) {
+ if ((action.id == "org.freedesktop.color-manager.create-device" ||
+ action.id == "org.freedesktop.color-manager.create-profile" ||
+ action.id == "org.freedesktop.color-manager.delete-device" ||
+ action.id == "org.freedesktop.color-manager.delete-profile" ||
+ action.id == "org.freedesktop.color-manager.modify-device" ||
+ action.id == "org.freedesktop.color-manager.modify-profile" ||
+ action.id == "org.debian.pcsc-lite.access_pcsc" ||
+ action.id == "org.freedesktop.packagekit.system-sources-refresh" ||
+ action.id == "org.freedesktop.packagekit.system-network-proxy-configure") &&
+ !subject.local)
+ return polkit.Result.NO;
+});
+EOF
 fi
 
 if [ "$BUILDVIEWER" = "1" -a "$BUILDHELPER" = "1" -a ! "$DATADIR" = "/usr/share" ]; then

diff --git a/release/rpm.spec.in b/release/rpm.spec.in
@@ -179,11 +179,28 @@ EOF
 %if "%{sysconfdir}" == "%{_sysconfdir}"
 mkdir -p %{buildroot}/%{sysconfdir}/polkit-1/localauthority/50-local.d
 cat > %{buildroot}/%{sysconfdir}/polkit-1/localauthority/50-local.d/45-turbovnc-gnome3.pkla << EOF
-[Eliminate GNOME 3 dialogs in TurboVNC]
+[Eliminate GNOME 3+ dialogs in TurboVNC]
 Identity=unix-user:*
 Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile;org.debian.pcsc-lite.access_pcsc;org.freedesktop.packagekit.system-sources-refresh;org.freedesktop.packagekit.system-network-proxy-configure
 ResultAny=no
 EOF
+mkdir -p %{buildroot}/%{sysconfdir}/polkit-1/rules.d
+cat > %{buildroot}/%{sysconfdir}/polkit-1/rules.d/45-turbovnc-gnome3.rules << EOF
+// Eliminate GNOME 3+ dialogs in TurboVNC
+polkit.addRule(function(action, subject) {
+ if ((action.id == "org.freedesktop.color-manager.create-device" ||
+ action.id == "org.freedesktop.color-manager.create-profile" ||
+ action.id == "org.freedesktop.color-manager.delete-device" ||
+ action.id == "org.freedesktop.color-manager.delete-profile" ||
+ action.id == "org.freedesktop.color-manager.modify-device" ||
+ action.id == "org.freedesktop.color-manager.modify-profile" ||
+ action.id == "org.debian.pcsc-lite.access_pcsc" ||
+ action.id == "org.freedesktop.packagekit.system-sources-refresh" ||
+ action.id == "org.freedesktop.packagekit.system-network-proxy-configure") &&
+ !subject.local)
+ return polkit.Result.NO;
+});
+EOF
 %endif
 %endif
 
@@ -264,6 +281,7 @@ fi
  %attr(0750,root,polkitd) %dir %{sysconfdir}/polkit-1/localauthority
  %dir %{sysconfdir}/polkit-1/localauthority/50-local.d
  %config %{sysconfdir}/polkit-1/localauthority/50-local.d/45-turbovnc-gnome3.pkla
+ %config %{sysconfdir}/polkit-1/rules.d/45-turbovnc-gnome3.rules
  %endif
 %endif