[libvirt] [PATCH 0/3] Add capability for text based polkit authentication for virsh

[John Ferlan]

On 02/11/2016 05:11 AM, Daniel P. Berrange wrote:
> On Wed, Feb 10, 2016 at 02:46:33PM -0500, John Ferlan wrote:
>> https://bugzilla.redhat.com/show_bug.cgi?id=872166
>>
>> As an alternative to commit id 'e94979e90' which allows polkit
>> authentication by adding users to the 'libvirt' group, add the
>> ability to start and utilize a text based authentication agent
>> for virsh.
>>
>> At the very least patch 1 will suffice part of the issue listed
>> in the bz - the opaque error message related to "some agent".
>>
>> For patch 2, it was far easier to utilize what polkit provides
>> in pkttyagent and pkcheck utilities, than adding some code which
>> requires POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE being
>> #defined for compilation.
> 
> Sigh, that define is a bit of a bad joke really. polkit was first
> added in Fedora 12, and comparing the header files between then
> and now, they've never broken their ABI. They're merely added new
> APIs.  IMHO, we can just define that, and use the API from libvirt
> without trouble.
> 

I had code generated that tried to use those API's, but couldn't find
the correct magic incantation to convince the build to find the
polkitagent/polkitagent.h file.

#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
#include <polkitagent/polkitagent.h>

...
util/virpolkit.c:30:37: fatal error: polkitagent/polkitagent.h: No such
file or directory
...


/usr/include/polkit-1/polkitagent/polkitagent.h


That is, how do I ensure that somehow automagically add that
-I/usr/include/polkit-1 ?


I did try to "follow" examples of adding POLKIT_AGENT_CFLAGS and
POLKIT_AGENT_LIBS to configure.ac and src/Makefile.am, but still no luck.

Tks -

John
>>
>> I chose 'pkauth' to mean polkit authentication - figured it was
>> a workable shorthand, but if there's better suggestions those
>> can be considered.
> 
> Regards,
> Daniel
>