cli: Work on the console

Install a polkit text agent that can ask for
authorization when we are on the console.

This brings us closer to best practice for polkit use.

Closes: #2379
Approved by: alexlarsson

app/Makefile.am.inc

@@ -83,9 +83,9 @@ app/parse-datetime.c: app/parse-datetime.y Makefile
 BUILT_SOURCES += $(flatpak_dbus_built_sources)
 CLEANFILES += app/parse-datetime.c $(flatpak_dbus_built_sources)
 
-flatpak_LDADD = $(AM_LDADD) $(BASE_LIBS) $(OSTREE_LIBS) $(SOUP_LIBS) $(JSON_LIBS) $(APPSTREAM_GLIB_LIBS) $(SYSTEMD_LIBS) \
+flatpak_LDADD = $(AM_LDADD) $(BASE_LIBS) $(OSTREE_LIBS) $(SOUP_LIBS) $(JSON_LIBS) $(APPSTREAM_GLIB_LIBS) $(SYSTEMD_LIBS) $(POLKIT_LIBS) \
 	libglnx.la libflatpak-common.la
-flatpak_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS) $(OSTREE_CFLAGS) $(SOUP_CFLAGS) $(JSON_CFLAGS) $(APPSTREAM_GLIB_CFLAGS) $(SYSTEMD_CFLAGS) \
+flatpak_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS) $(OSTREE_CFLAGS) $(SOUP_CFLAGS) $(JSON_CFLAGS) $(APPSTREAM_GLIB_CFLAGS) $(SYSTEMD_CFLAGS) $(POLKIT_CFLAGS) \
 	-DFLATPAK_COMPILATION \
         -I$(srcdir)/app \
         -I$(builddir)/app \

app/flatpak-main.c

@@ -30,6 +30,12 @@
 #include <gio/gio.h>
 #include "libglnx/libglnx.h"
 
+#ifdef USE_SYSTEM_HELPER
+#include <polkit/polkit.h>
+#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
+#include <polkitagent/polkitagent.h>
+#endif
+
 #include "flatpak-builtins.h"
 #include "flatpak-builtins-utils.h"
 #include "flatpak-utils-private.h"
@@ -601,6 +607,10 @@ main (int    argc,
   GError *error = NULL;
   g_autofree const char *old_env = NULL;
   int ret;
+#ifdef USE_SYSTEM_HELPER
+  PolkitAgentListener *listener = NULL;
+  gpointer agent = NULL;
+#endif
 
   setlocale (LC_ALL, "");
   bindtextdomain (GETTEXT_PACKAGE, LOCALEDIR);
@@ -626,8 +636,49 @@ main (int    argc,
   if (argc >= 4 && strcmp (argv[1], "complete") == 0)
     return complete (argc, argv);
 
+#ifdef USE_SYSTEM_HELPER
+  /* Install a polkit agent as fallback, in case we're running on a console */
+  listener = polkit_agent_text_listener_new (NULL, &error);
+  if (listener == NULL)
+    {
+      g_debug ("Failed to create polkit agent listener: %s", error->message);
+      g_clear_error (&error);
+    }
+  else
+    {
+      g_autoptr(PolkitSubject) subject = NULL;
+      GVariantBuilder opt_builder;
+      g_autoptr(GVariant) options = NULL;
+
+      subject = polkit_unix_process_new_for_owner (getpid (), 0, -1);
+
+      g_variant_builder_init (&opt_builder, G_VARIANT_TYPE_VARDICT);
+      g_variant_builder_add (&opt_builder, "{sv}", "fallback", g_variant_new_boolean (TRUE));
+      options = g_variant_ref_sink (g_variant_builder_end (&opt_builder));
+
+      agent = polkit_agent_listener_register_with_options (listener,
+                                                           POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD,
+                                                           subject,
+                                                           NULL,
+                                                           options,
+                                                           NULL,
+                                                           &error);
+      if (agent == NULL)
+        {
+          g_debug ("Failed to register polkit agent listener: %s", error->message);
+          g_clear_error (&error);
+        }
+      g_object_unref (listener);
+    }
+#endif
+
   ret = flatpak_run (argc, argv, &error);
 
+#ifdef USE_SYSTEM_HELPER
+  if (agent)
+    polkit_agent_listener_unregister (agent);
+#endif
+
   if (error != NULL)
     {
       const char *prefix = "";

configure.ac

@@ -230,7 +230,7 @@ AC_ARG_ENABLE([system-helper],
               [enable_system_helper=yes])
 if test "x$enable_system_helper" = "xyes"; then
   PKG_CHECK_MODULES(POLKIT, \
-  		    polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED)
+		    polkit-agent-1 >= $POLKIT_GOBJECT_REQUIRED)
   AC_DEFINE([USE_SYSTEM_HELPER], [1], [Define if using system-helper])
 fi
 AM_CONDITIONAL(BUILD_SYSTEM_HELPER, test x$enable_system_helper = xyes)