| View previous topic :: View next topic |
| Author |
Message |
ulenrich
Veteran
Joined: 10 Oct 2010
Posts: 1483
|
 Posted: Tue Jan 14, 2020 3:20 am Post subject: Perhaps I just have ridiculed myself at freedesktop.org |
 |
|
I posted a wish at https://gitlab.freedesktop.org/polkit/polkit/issues/116
to replace polkits dependency on spidermonkey with eBPF
What do you know about eBPF? Is it only a masking tool for firewalls
or could it replace the use of spidermonkey during polkits action? |
|
| Back to top |
|
 |
spork_kitty
Tux's lil' helper
Joined: 05 Jul 2019
Posts: 124
|
| Posted: Wed Jan 15, 2020 1:51 am Post subject: |
|
|
I don't know about eBPF since I don't hack on the kernel, but if it's meant for firewalls and polkit is meant to handle access policy... I dunno. Might work.
Surprised you bothered to submit anything over there. |
|
| Back to top |
|
|
sdauth
l33t
Joined: 19 Sep 2018
Posts: 667
Location: Ásgarðr
|
| Posted: Wed Jan 15, 2020 5:16 am Post subject: |
|
|
When I noticed polkit was pulling spidermonkey, I decided it was enough. 
/etc/portage/package.mask/crap
| Code: |
dev-libs/libdaemon
dev-libs/openssl
gnome-base/dconf
gnome-base/gconf
media-sound/pavumeter
media-sound/pulseaudio
net-analyzer/ifmetric
net-libs/libasyncns
net-p2p/syrep
sys-apps/dbus
sys-apps/ifplugd
sys-apps/systemd
sys-auth/consolekit
sys-auth/elogind
sys-auth/nss-mdns
sys-auth/nss-myhostname
sys-auth/pam_dotfile
sys-auth/pambase
sys-auth/polkit
sys-fs/udev
www-apache/mod_dnssd |
Still, for those using polkit, it would be good to get rid of spidermonkey. |
|
| Back to top |
|
|
erm67
l33t
Joined: 01 Nov 2005
Posts: 653
Location: EU
|
| Posted: Wed Jan 15, 2020 8:57 am Post subject: |
|
|
| Quote: | Rules files are written in the JavaScript programming language and interface with polkitd through the global polkit object (of type Polkit).
While the JavaScript interpreter used in particular versions of polkit may support non-standard features (such as the let keyword), authorization rules must conform to ECMA-262 edition 5 (in other words, the JavaScript interpreter used may change in future versions of polkit). |
In theory any JS interpreter can be used as long as it is conformant to ECMA-262 edition 5, I doubt it is possible to avoid a javascript interpreter since the rules are written in JavaScript .....
In theory https://duktape.org/ could be used as a replacement, duktape claims to be compatible with ECMAScript E5/E5.1, and according to polkit documentation any JS interpreter conformant to ECMA-262 edition 5 can be used. Probably nobody tried to write the glue required to bind the two things 
The list of JS interpreters is very long:
https://en.wikipedia.org/wiki/List_of_ECMAScript_engines
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia
My fediverse account: @erm67@erm67.dynu.net |
|
| Back to top |
|
|
erm67
l33t
Joined: 01 Nov 2005
Posts: 653
Location: EU
|
| Posted: Wed Jan 15, 2020 9:17 am Post subject: |
|
|
https://dev.getsol.us/T4824
Interesting, apparently not all distro are just passive/aggressive, Solus replaced spidermonkey with ducktape and now forked polkit into a "noscript" polkit without JavaScript.
https://dev.getsol.us/R2462:8e6561508710fb871fb7cada697717e0d0ad48c4
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia
My fediverse account: @erm67@erm67.dynu.net |
|
| Back to top |
|
|
Anon-E-moose
Watchman
Joined: 23 May 2008
Posts: 6204
Location: Dallas area
|
| Posted: Wed Jan 15, 2020 10:34 am Post subject: |
|
|
Nice other than the last update was from 2017 
_________________
UM780, 6.12 zen kernel, gcc 13, openrc, wayland |
|
| Back to top |
|
|
erm67
l33t
Joined: 01 Nov 2005
Posts: 653
Location: EU
|
| Posted: Wed Jan 15, 2020 12:50 pm Post subject: |
|
|
https://github.com/ikeydoherty/polkit-no-script
Well, it might be a starting point however, now what was the problem with that?
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia
My fediverse account: @erm67@erm67.dynu.net |
|
| Back to top |
|
|
ff11
l33t
Joined: 10 Mar 2014
Posts: 664
|
| Posted: Fri Feb 21, 2020 11:53 pm Post subject: |
|
|
For me the time is today!
Good bye spidermonkey. Just to remember you, I have put your name on my package.mask file.
My solution was using the duktape: Installed it have less than 1MB (and can run on platforms with 160kB flash and 64kB RAM),
My repo have polkit with the user flag duktape that need to be on package.use file: https://github.com/ferion11/danrepo/tree/master/sys-auth/polkit
_________________
| Proverbs 26:12 |
| There is more hope for a fool than for a wise man that are wise in his own eyes. |
* AlphaGo - The Movie - Full Documentary "I want to apologize for being so powerless" - Lee |
|
| Back to top |
|
|
costel78
Guru
Joined: 20 Apr 2007
Posts: 407
|
| Posted: Fri May 01, 2020 7:47 am Post subject: |
|
|
@ff11
I tried to get rid of spidermonkey using your overlay, but duktape seems flawed:
| Code: | gentoo ~ # /usr/lib/polkit-1/polkitd
Successfully changed to user polkitd
10:19:41.513: Loading rules from directory /etc/polkit-1/rules.d
10:19:41.515: Loading rules from directory /usr/share/polkit-1/rules.d
/usr/lib/polkit-1/polkitd: symbol lookup error: /usr/lib64/libduktape.so.205: undefined symbol: fmod |
| Code: | | LDFLAGS="${LDFLAGS} -lm" |
did not help.
Do you know how to solve it ?
_________________
Sorry for my English. I'm still learning this language. |
|
| Back to top |
|
|
ff11
l33t
Joined: 10 Mar 2014
Posts: 664
|
| Posted: Fri May 01, 2020 9:53 am Post subject: |
|
|
| costel78 wrote: | @ff11
I tried to get rid of spidermonkey using your overlay, but duktape seems flawed:
| Code: | gentoo ~ # /usr/lib/polkit-1/polkitd
Successfully changed to user polkitd
10:19:41.513: Loading rules from directory /etc/polkit-1/rules.d
10:19:41.515: Loading rules from directory /usr/share/polkit-1/rules.d
/usr/lib/polkit-1/polkitd: symbol lookup error: /usr/lib64/libduktape.so.205: undefined symbol: fmod |
| Code: | | LDFLAGS="${LDFLAGS} -lm" |
did not help.
Do you know how to solve it ? |
I have solved this bug sometime ago here. For some reason some system will need the flag libm and/or debug: "dev-lang/duktape debug libm"
_________________
| Proverbs 26:12 |
| There is more hope for a fool than for a wise man that are wise in his own eyes. |
* AlphaGo - The Movie - Full Documentary "I want to apologize for being so powerless" - Lee |
|
| Back to top |
|
|
costel78
Guru
Joined: 20 Apr 2007
Posts: 407
|
| Posted: Fri May 01, 2020 10:30 am Post subject: |
|
|
libm flag was set, but I didn't recompile polkit. After recompile it, everything is fine.
Thank you!
_________________
Sorry for my English. I'm still learning this language. |
|
| Back to top |
|
|
ipic
Guru
Joined: 29 Dec 2003
Posts: 429
Location: UK
|
| Posted: Fri May 01, 2020 12:26 pm Post subject: |
|
|
Looking at the dev response to the request, he says this | Code: | | Polkit is primarily meant to serve as authentication/authorization software with integration within user desktop environments, namely Gnome, which runs heavily on JavaScript, so some sort of JS engine is present on the system anyway. |
That is the sort of "I know best" response one tends to expect from the systemd crowd. Besides, I use XFCE, and because there are a few Gnome packages I like I have to drag the monstrosity that is spidermonkey into my system.
Like others here I have successfully used the overlay that provides an ebuild that uses duktape. It works. Clearly I have no need for spidermonkey since it got removed with a --depclean.
So - Gentoo is all about choice, isn't it? polkit does not appear to mandate a specific JS engine, just a conformant one. Gentoo provide the ideal way of dealing with this - USE flags.
Would I get any support for raising a bug on polkit to introduce a duktape USE flag? Not wedded to duktape - it's just one that came to my attention.
(I have never written an ebuild in my life, so when I say "I" I probably mean "we"  ) |
|
| Back to top |
|
|
ff11
l33t
Joined: 10 Mar 2014
Posts: 664
|
| Posted: Fri May 01, 2020 12:57 pm Post subject: |
|
|
| ipic wrote: | Looking at the dev response to the request, he says this | Code: | | Polkit is primarily meant to serve as authentication/authorization software with integration within user desktop environments, namely Gnome, which runs heavily on JavaScript, so some sort of JS engine is present on the system anyway. |
That is the sort of "I know best" response one tends to expect from the systemd crowd. Besides, I use XFCE, and because there are a few Gnome packages I like I have to drag the monstrosity that is spidermonkey into my system.
Like others here I have successfully used the overlay that provides an ebuild that uses duktape. It works. Clearly I have no need for spidermonkey since it got removed with a --depclean.
So - Gentoo is all about choice, isn't it? polkit does not appear to mandate a specific JS engine, just a conformant one. Gentoo provide the ideal way of dealing with this - USE flags.
Would I get any support for raising a bug on polkit to introduce a duktape USE flag? Not wedded to duktape - it's just one that came to my attention.
(I have never written an ebuild in my life, so when I say "I" I probably mean "we" ) |
Don't need, we all are drinking from the same source here: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/35
And there is still some issue with the patch (you can see the review there). I hope that Wu Xiaotian will fix and that it will be merged.
The polkit devs want to remove JS deps, but can't because of the past decisions and backward compatibility (the Jan Rybar is very happy about the duktape patch, but need to be fixed first).
_________________
| Proverbs 26:12 |
| There is more hope for a fool than for a wise man that are wise in his own eyes. |
* AlphaGo - The Movie - Full Documentary "I want to apologize for being so powerless" - Lee |
|
| Back to top |
|
|
geki
Advocate
Joined: 13 May 2004
Posts: 2387
Location: Germania
|
| Posted: Sat May 02, 2020 1:03 pm Post subject: |
|
|
OT: If you feel the need of polkit without JS, write an ebuild for Debian's policykit package. They still have version 0.105, which has no JS dependency. Revision 25 with security patches backported, hopefully.  And you take the pieces with the old configuration files. O well, for the brave. 
See: https://packages.debian.org/source/buster/policykit-1
_________________
hear hear |
|
| Back to top |
|
|
xavier10
Guru
Joined: 19 Jan 2004
Posts: 485
Location: Paris, France
|
| Posted: Tue May 05, 2020 7:48 am Post subject: |
|
|
I was also too upset with these unfortunate dependencies, so I just killed polkit alltogether. I had to move to split ebuilds for XFCE in order to achieve that. And then I could just let depclean finish the work.  |
|
| Back to top |
|
|
shevy
n00b
Joined: 28 Aug 2017
Posts: 16
|
| Posted: Wed May 06, 2020 9:34 pm Post subject: |
|
|
Spidermonkey is that Mozilla-code? I don't know all the particulars but I always had a hard time
compiling it.
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey
So I don't know about the replacement mentioned such as eBPF but IF there is anything of
higher quality then that would be very, very welcome. Mozilla code base is often such a
big mess, which is a(n indirect) reason why their build system is often so outdated too. |
|
| Back to top |
|
|
|
Gentoo Chat
