Should we use polkit for local auth

Just an update on this for people not following the pull requests: the initial polkit support branch has been merged to master now, and I’ve been working a few follow up PRs.

The first is to let the client decide whether to allow interactive polkit authorisation:

If interaction is not allowed, polkit will only grant access if the system policy allows the action unconditionally or if there is a stored authorisation. This PR also changes the snap client to only allow interaction if it is running in a terminal. There is a companion PR for snapd-glib too.

The second PR adds polkit authorisation support for the snap install/update/remove API:

This one will allow the user to install snaps on the desktop without creating an Ubuntu One account provided they have administrator privileges, similar to what they can do on the command line with sudo.


In a summary that’s easy for a non-technical user to understand (if possible), it’s great that one doesn’t need the store login to manage snaps but why does one need root or the store login to manage them anyway?