Just an update on this for people not following the pull requests: the initial polkit support branch has been merged to master now, and I’ve been working a few follow up PRs.
The first is to let the client decide whether to allow interactive polkit authorisation:
https://github.com/snapcore/snapd/pull/3795
If interaction is not allowed, polkit will only grant access if the system policy allows the action unconditionally or if there is a stored authorisation. This PR also changes the snap
client to only allow interaction if it is running in a terminal. There is a companion PR for snapd-glib
too.
The second PR adds polkit authorisation support for the snap install/update/remove API:
https://github.com/snapcore/snapd/pull/3797
This one will allow the user to install snaps on the desktop without creating an Ubuntu One account provided they have administrator privileges, similar to what they can do on the command line with sudo
.