PolicyKit and KDE, we are ready

Hey guys, as you see, I’m not dead, just busy as always. But today I found some time to show you what we’ve been working on since some months: PolicyKit support for KDE.

This post is aimed both to users and to developers. So let’s start with the first category.

PolicyKit-KDE sits in extragear now, but will hit kdebase-workspace in time for 4.3. It includes an authorization manager and an authentication agent. But screenshots sometimes are better:

This is the authorization manager

This is the authorization manager

And that's the authentication manager

And that's the authentication manager

Yes, I forgot to tell you that the Authorization manager can be used both in SystemSettings and as a standalone application. So for everyone who was still trembling on PolicyKit support in KDE: that’s exactly what you were asking for ๐Ÿ™‚

Now to developers: we created a library, named Polkit-qt, that is also used by our authorization manager. It lets you integrate with a lot of ease your application with PolicyKit. How easy? Just as:

ActionButton *bt = new ActionButton(cryPB, "org.qt.policykit.examples.cry", this);
connect(bt, SIGNAL(triggered(bool)), this, SLOT(activateAction()));
connect(bt, SIGNAL(clicked(QAbstractButton*,bool)), bt, SLOT(activate()));
connect(bt, SIGNAL(activated()), this, SLOT(actionActivated()));

This code associates the QPushButton “cryPB” with the action org.qt.policykit.examples.cry. The library will take also care of editing the properties of your button according to the action’s authorization state. You can also use it as a QAction for inserting it into menus or toolbars. And through some nice signals, you can monitor and activate your actions with ease.

Obviously, the library gives you a lot more: you can manage stand-alone authorizations without GUI elements, informations on PolicyKit context, a special ActionButtons class to associate an infinite number of QAbstractButtons to a single Action, and everything you need to be productive with PolicyKit, but with the ease of Qt.

I keep saying Qt (and you would have noticed this in the code too), because the library is Qt only. We wanted to give the same ease to everyone using Qt, and not only KDE. It sits now in kdesupport, along with an extensive API documentation and a self-explainatory example. You are encouraged to try it out, there are no more reasons for you not to take advantage of PolicyKit in your application now.

Bottom line: we started as second-class citiziens with PolicyKit, but now our support, both for users and developers, is more than complete and is the one that grants most ease of use and less dependencies. A huge step forward.

Forgot to say: you would want to say thanks to Daniel Nicoletti, that is the one who put the majority of the code in there. Without his PolicyKit knowledge it would have been impossible to do all of this.

I will release a tarball for PolicyKit-KDE and Polkit-Qt in the next days. Packagers of distributions using PolicyKit (so most ones) are encouraged to pick up at least the Polkit-Qt tarball and start packaging it, since it will become an optional dependency of kdebase-workspace in 4.3 (and I hope a strong one for more applications in the future).

P.S.: Before you ask it, Solid-Wicd is almost completed, expect a post on it soon.

Enough talk, see you next time ๐Ÿ™‚

~ by Dario on 7 March, 2009.

30 Responses to “PolicyKit and KDE, we are ready”

  1. great! now both GNOME and KDE have one standard for root access! thanks! ๐Ÿ™‚

  2. great ๐Ÿ˜‰
    is it also possible to have the button for the action display a custom icon when not started by root. I mean, just like in… vista *gg This would make it very clear to the user that the action requires privilegies and should IMHO also be standardized for consistens look-and-feel

  3. awfully great news

  4. @KyroMaster: sure you can, and more: you can edit not only the icon, but the text, tooltip, etc. according to the policykit status for the action: Yes, No, Requires Authentication, etc. And you can already see this in the “Modify” button in PolicyKit-KDE ๐Ÿ™‚ I already poked the artists for some nice icons in regard ๐Ÿ˜€

  5. EXCELLENT! I have benn waiting this for months if not years…

  6. Great work, this looks really interesting ๐Ÿ™‚

  7. Does it mean, that we’ll finally have the admin button in systemsettings, too? ๐Ÿ˜€

  8. @sheytan: I knew somebody would have said that, so let’s clarify ๐Ÿ™‚

    PolicyKit isn’t magic, and doesn’t make an application go root or whatever. It just tells an application if an user is allowed to do an action. So we won’t have an “Administrator” button, but more the “Apply” button an ActionButton regarding the open module. It’s kcm developers that will need to add PolicyKit support to their modules, the most common way to do this is to call an helper application that runs as root.

    Sure, some more stuff can be added to systemsettings to agevolate this. But let’s not forget that “Administrator mode” was nothing but an unsecure hack. Using policykit+an helper requires more programming time, but it’s more consistent and secure in the end

  9. So, for exaple if the KDM developer adds PolicyKit support to the KDM kcm, will the user be able to change the KDM theme? Or for the K3B kcm, to change the premissions?

    sorry for my bad english. ;]

  10. Exactly. They will need to add an helper application or something similar though. PolicyKit provides a way to let the user obtain an authorization. All the rest is up to you

  11. Ok, now we have to wait for 4.3 ๐Ÿ˜€

  12. Really, really great! Eat our dust, Gnome! ๐Ÿ˜‰

  13. and what about amsn2????:):):) saluti da Facebook!

  14. By the way: great blog design.

    Thank you very much for putting so much work into KDE.

  15. Congratz on the completion!

    Also looking forward to solid-wicd!

  16. Wouldn’t it make sense to split the PolicyKit-Qt library into a version which only relies on QtCore and QtDBus and a separate library for the GUI stuff? There are places where it would make sense to prompt for authorization from non-UI code. For example, in Fedora (and hopefully upstream too), we would like to add PolicyKit prompts to solid/solid/backends/hal/halstorageaccess.cpp, to be able to provide PolicyKit credentials to HAL, needed e.g. to mount non-removable drives. The current upstream code just errors when HAL returns a PermissionDeniedByPolicy error. In Fedora, we have this crude hack (originally developed by Kubuntu for KDE 3, I rewrote it for the KDE 4 Solid code) which runs dbus-send under kdesu (and doesn’t use PolicyKit at all), which works here because HAL has special code to allow root to do anything (but most PolicyKit-using daemons don’t have such logic): http://cvs.fedoraproject.org/viewvc/rpms/kdelibs/devel/kdelibs-4.1.72-policykit-workaround.patch?revision=1.1&view=markup . We would like to use PolicyKit instead.

  17. Thanks everyone ๐Ÿ™‚ Kevin, I’ll seriously consider this. Please start taking a look at the api, and please drop into #policykit-kde on freenode, I’ll be there in some hours.

  18. @Kevin: Splitted in trunk and you got mail. Please send me your patch as soon as it’s ready

  19. @Kyashan aka Daniele Russo:
    Dario is now working on KMess which is much more “KDE” and is much more near a stable release. To me it seems like aMSN 2.0 is really far from a stable release.
    Take a lot at the commit rate here:

  20. […] versione funzionante era quella integrata in GNOME. Ieri Dario Freddi ha annunciato che PolicyKit/KDE รจ in Extragear (con tanto di schermate) e che presto ne uscirร  per essere incluso in KDE 4.3 […]

  21. Not to nit-pick, but it’s “we’ve been working on *for* some months” or “we’ve been working on since some months *ago*”.

    Lots of people seem to make this mistake on the internet. Anyway, keep up the good work. ๐Ÿ™‚

  22. Hi, nice work! Just one comment: what about showing the name of the application that requests the privileges more prominently? I mean on its own line, with a bigger/bolder font. In that way users don’t have to “parse” the full paragraph everytime.

  23. […] PolicyKit and KDE, we are ready Hey guys, as you see, I’m not dead, just busy as always. But today I found some time to show you what we’ve […] […]

  24. @Tim: ’cause english is a strange language ๐Ÿ™‚
    Just joking

  25. i would suggest to read that idea cause i think it is a good chance for kde4

  26. […] helps. FWIW, I've discovered that KDE 4.3 now has an equivalent authorisation manager as described here. Not before time […]

  27. It seems whenever I fire up something that needs administrator privileges a gnome-looking UI comes out instead of a KDE look. I just HATE it when gnome mixes with my KDE desktop! I would’ve installed Ubuntu instead of Kubuntu if this were the case.

    I looked it up through PS and it looks like this – /usr/lib/policykit-gnome/polkit-gnome-manager – is what’s being called. Then again I’m just a noob. But before I upgraded my 9.04 to KDE 4.3.2 I’m quite sure the UI looked KDE (yes the very same picture above named polkitauth11.png). How can I fix this? Any tips appreciated, just point me at the right direction please. Thanks! ๐Ÿ˜€

  28. Amazing

  29. I leave a response each time I especially enjoy a post on a website
    or I have something to add to the discussion. It is
    triggered by the passion displayed in the post I browsed.
    And on this article PolicyKit and KDE, we are ready
    | A Quiet Place. I was moved enough to leave a
    leave a responsea response ๐Ÿ™‚ I do have some questions for you if it’s okay. Could it be just me or does it give the impression like some of the responses appear as if they are coming from brain dead folks? ๐Ÿ˜› And, if you are writing at other online sites, I’d like to follow anything
    fresh you have to post. Would you make a list the complete urls of your shared pages like your twitter feed,
    Facebook page or linkedin profile?

  30. Hi there, I do believe your web site might be having web browser compatibility
    problems. When I take a look at your blog in Safari, it looks fine
    however when opening in Internet Explorer, it has some overlapping issues.
    I just wanted to provide you with a quick heads up!
    Besides that, fantastic site!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: