From 50f73a57b7378e37b2debaccad090c52f449cc90 Mon Sep 17 00:00:00 2001 From: Antonio Scandurra Date: Tue, 28 May 2019 11:52:47 +0200 Subject: [PATCH] Add policy to prevent asking password more than once on Debian This is a polkit policy that is read when fs-admin invokes `dd` via `pkexec` after trying to write into a restricted location. By specifying `auth_admin_keep`, we are telling the polkit daemon to not prompt users for a password again if they have already escalated privileges recently. Co-Authored-By: Rafael Oleza --- resources/linux/atom.policy | 18 ++++++++++++++++++ script/lib/create-debian-package.js | 6 ++++++ 2 files changed, 24 insertions(+) create mode 100644 resources/linux/atom.policy diff --git a/resources/linux/atom.policy b/resources/linux/atom.policy new file mode 100644 index 000000000..0dd19d216 --- /dev/null +++ b/resources/linux/atom.policy @@ -0,0 +1,18 @@ + + + + Atom + + Admin privileges required + Please enter your password to save this file + /bin/dd + true + + auth_admin_keep + auth_admin_keep + auth_admin_keep + + + diff --git a/script/lib/create-debian-package.js b/script/lib/create-debian-package.js index 1aa179b70..cf5aaecf8 100644 --- a/script/lib/create-debian-package.js +++ b/script/lib/create-debian-package.js @@ -113,6 +113,12 @@ module.exports = function (packagedAppPath) { path.join(debianPackageLintianOverridesDirPath, atomExecutableName) ) + console.log(`Copying polkit configuration into "${debianPackageShareDirPath}"`) + fs.copySync( + path.join(CONFIG.repositoryRootPath, 'resources', 'linux', 'atom.policy'), + path.join(debianPackageShareDirPath, 'polkit-1', 'actions', 'atom.policy') + ) + console.log(`Generating .deb file from ${debianPackageDirPath}`) spawnSync('fakeroot', ['dpkg-deb', '-b', debianPackageDirPath], {stdio: 'inherit'})