Turn polkit-agent support into an optional feature.

This simplifies deployment on embedded devices, where polkit is usually unncessary at runtime, but pulls in quite a few otherwise unncessary dependencies. Start to improve the situation by allowing to selectively disable polkit-agent support at compile time, which aids in container usage scenarios, where one wants to invoke 'sysprof-cli' from within the container. Bypassing polkit-agent in the container is then desired, since the host sysprofd will handle asking for permissions to enable the tracing. It allows for a simpler setup of rootless podman containers, avoiding UID mismatches, that lead to rejection of the tracing enablement. - Add a new 'polkit-agent' meson build feature, that allows to force disabling polkit-agent support (-Dpolkit-agent=disabled). - Mark the 'polkit-agent' feature as enabled, by default, to reflect the current status (sysprof-cli did not build without polkit-agent support). - libsysprof/sysprof-instrument.c: Build fix when polkit is not available, remove the unnecessary 'g_autopr(PolkitDetails) details' variable. - Alter the sysprof-cli dependencies to only attempt to link against polkit-agent, if necessary. Modify sysprof-cli.c to wrap all code using polkit-agent in HAVE_POLKIT_AGENT blocks.
2025-12-31 20:36:25 +00:00 · 2024-08-20 20:46:11 +02:00
parent 9276012c2b
commit b726f49d15
5 changed files with 21 additions and 8 deletions
--- a/meson.build
+++ b/meson.build
@ -100,7 +100,7 @@ config_h.set_quoted('GETTEXT_PACKAGE', 'sysprof')
 config_h.set_quoted('PACKAGE_LOCALE_DIR', join_paths(get_option('prefix'), get_option('datadir'), 'locale'))
 config_h.set10('HAVE_LIBSYSTEMD', libsystemd_dep.found())

-polkit_agent_dep = dependency('polkit-agent-1', required: false)
+polkit_agent_dep = dependency('polkit-agent-1', required: get_option('polkit-agent'))
 config_h.set10('HAVE_POLKIT_AGENT', polkit_agent_dep.found())

 polkit_dep = dependency('polkit-gobject-1', version: polkit_req_version, required: false)
--- a/meson_options.txt
+++ b/meson_options.txt
@ -11,6 +11,12 @@ option('gtk', type: 'boolean')
 # Allow disabling the installation of libsysprof-capture*.a
 option('install-static', type: 'boolean')

+# Allow disabling of features that depend on polkit-agent.
+option('polkit-agent', type: 'feature',
+  value: 'auto',
+  description: 'Enable features which require polkit-agent-1'
+)
+
 # Optionally compile sysprofd, which is needed to get elevated privileges.
 # You only really want to ignore this if you are running from a container
 # and are talking to a host daemon. Also, if you're compiling for something
--- a/src/libsysprof/sysprof-instrument.c
+++ b/src/libsysprof/sysprof-instrument.c
@ -178,7 +178,6 @@ _sysprof_instruments_acquire_policy (GPtrArray        *instruments,
                                     SysprofRecording *recording)
 {
  g_autoptr(GDBusConnection) connection = NULL;
-  g_autoptr(PolkitDetails) details = NULL;
  g_autoptr(GError) error = NULL;
  g_auto(GStrv) required_policy = NULL;

@ -202,7 +201,7 @@ _sysprof_instruments_acquire_policy (GPtrArray        *instruments,
        {
          if (!dex_await_boolean (_sysprof_polkit_authorize (connection,
                                                             required_policy[i],
-                                                             details,
+                                                             NULL,
                                                             TRUE), &error))
            return dex_future_new_for_error (g_steal_pointer (&error));
        }
--- a/src/sysprof-cli/meson.build
+++ b/src/sysprof-cli/meson.build
@ -6,11 +6,13 @@ sysprof_cli_c_args = [
 ]

 sysprof_cli_deps = [
-  dependency('polkit-agent-1'),
-
  libsysprof_static_dep,
 ]

+if polkit_agent_dep.found()
+  sysprof_cli_deps += polkit_agent_dep
+endif
+
 sysprof_cli = executable('sysprof-cli', sysprof_cli_sources,
  dependencies: sysprof_cli_deps,
        c_args: release_flags + sysprof_cli_c_args,
--- a/src/sysprof-cli/sysprof-cli.c
+++ b/src/sysprof-cli/sysprof-cli.c
@ -32,9 +32,11 @@

 #include <sysprof.h>

-#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
-#include <polkit/polkit.h>
-#include <polkitagent/polkitagent.h>
+#if HAVE_POLKIT_AGENT
+# define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
+# include <polkit/polkit.h>
+# include <polkitagent/polkitagent.h>
+#endif

 #include "sysprof-capture-util-private.h"

@ -266,8 +268,10 @@ int
 main (int   argc,
      char *argv[])
 {
+#if HAVE_POLKIT_AGENT
  PolkitAgentListener *polkit = NULL;
  PolkitSubject *subject = NULL;
+#endif
  g_autoptr(SysprofCaptureWriter) writer = NULL;
  g_autoptr(SysprofProfiler) profiler = NULL;
  g_autofree char *power_profile = NULL;
@ -413,6 +417,7 @@ Examples:\n\

  main_loop = g_main_loop_new (NULL, FALSE);

+#if HAVE_POLKIT_AGENT
  /* Start polkit agent so that we can elevate privileges from a TTY */
  if (g_getenv ("DESKTOP_SESSION") == NULL &&
      (subject = polkit_unix_process_new_for_owner (getpid (), 0, -1)))
@ -434,6 +439,7 @@ Examples:\n\
                      pkerror->message);
        }
    }
+#endif

  /* Warn about access if we're in a container */
  if (g_file_test ("/.flatpak-info", G_FILE_TEST_EXISTS))