From c28a13b5afcf021191494bfa565c55b784dc08fa Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 11 Oct 2024 09:55:07 +0200 Subject: [PATCH] docs: don't mention split-usr path anymore We don't support split /usr/ anymore. Hence fix the paths. This apparently matters because of PK validating the binary path. Fixes: #34712 --- docs/PASSWORD_AGENTS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/PASSWORD_AGENTS.md b/docs/PASSWORD_AGENTS.md index 297d8ea13bc..bc4acfc5416 100644 --- a/docs/PASSWORD_AGENTS.md +++ b/docs/PASSWORD_AGENTS.md @@ -42,7 +42,7 @@ It is easy to write additional agents. The basic algorithm to follow looks like * Make sure to hide a password query dialog as soon as a) the `ask.xxxx` file is deleted, watch this with inotify. b) the `NotAfter=` time elapses, if it is set `!= 0`. * Access to the socket is restricted to privileged users. To acquire the necessary privileges to send the answer back, consider using PolicyKit. - In fact, the GNOME agent we ship does that, and you may simply piggyback on that, by executing "`/usr/bin/pkexec /lib/systemd/systemd-reply-password 1 /path/to/socket`" or "`/usr/bin/pkexec /lib/systemd/systemd-reply-password 0 /path/to/socket`" and writing the password to its standard input. + In fact, the GNOME agent we ship does that, and you may simply piggyback on that, by executing "`/usr/bin/pkexec /usr/lib/systemd/systemd-reply-password 1 /path/to/socket`" or "`/usr/bin/pkexec /usr/lib/systemd/systemd-reply-password 0 /path/to/socket`" and writing the password to its standard input. Use '`1`' as argument if a password was entered by the user, or '`0`' if the user canceled the request. * If you do not want to use PK ensure to acquire the necessary privileges in some other way and send a single datagram to the socket consisting of the password string either prefixed with "`+`" or with "`-`" depending on whether the password entry was successful or not. -- 2.47.3