Description of problem:
A window ask for a password to apply updates, but there is no indication that it should be the user password, not the root's one.
Click on the red icon with "!".
Mageia 4, 64 bits, KDE
Steps to Reproduce:
I seem to recall something different is written when root password is asked.
Anyway this is an upstream implementation of KDE polkit agent.
Yes, when the password should the root's one, the question is explicit.
But in this case, the password to provide is the user's one.
Perhaps a translation issue?
I refer to the French language.
The "problem" is in polkit; it is not a translation problem. The original string is "An application is attempting to perform an action that requires privileges.
Authentication is required to perform this action."
A French translator propose to use workaround to make clearer the French translation but the "issue" should be the same in all languages.
So, the request should be done upstream on https://bugs.kde.org
Papoteur, if you want to open a bug report there, please do it :D
The bug is already reported since 2011 :(
I have no KDE account. Someone to reactivate it ?
Mageia 4 changed to end-of-life (EOL) status on 2015-09-19. It is is no longer
maintained, which means that it will not receive any further security or bug
Package Maintainer: If you wish for this bug to remain open because you plan to
fix it in a currently maintained version, simply change the 'version' to a later
Bug Reporter: Thank you for reporting this issue and we are sorry that we weren't
able to fix it before Mageia 4's end of life. If you are able to reproduce it
against a later version of Mageia, you are encouraged to click on "Version" and
change it against that version of Mageia. If it's valid in several versions,
select the highest and add MGAxTOO in whiteboard for each other valid release.
Example: it's valid in cauldron and Mageia 5, set to cauldron and add MGA5TOO.
Although we aim to fix as many bugs as possible during every release's lifetime,
sometimes those efforts are overtaken by events. Often a more recent Mageia
release includes newer upstream software that fixes bugs or makes them obsolete.
If you would like to help fixing bugs in the future, don't hesitate to join the
packager team via our mentoring program  or join the teams that fit you
Nothing new in KDE report.
IMHO this is not really a Mageia issue, but an upstream issue as the presentation will be different for each polkit agent that we package currently. But I totally agree, those authorisation dialogs are horrible, and most times they don't even explain if they want the user or root password, might might be a security issue to others (think phishing for root password).
Would be a good idea if someone could provide some GOOD examples of polkit dialogs asking for authorisation (making clear, which program is asking which permission to runs as what user, and hence which password should be provided) and then we can discuss how to fix this. Maybe we need to drop some polkit agents or prefer some that do a better job at this then others.
Also the details section on those dialogs should not hide essential information, like which user is affected and what program asks for authorisation.
Some good examples:
Some not-so-good examples IMHO:
Most can be found at https://commons.wikimedia.org/wiki/Category:Polkit
FWIW, e.g. if you run "drakconf" the KDE polkit agent dialog that will be displayed shows up all that information, that Mageia Control Center will be run, and that it needs the root password for that.
I don't think that problem is upstream.
For mgaupdate, the message comes from our repository, for what I understand:
Thus, we have just to change the sentence here:
<_description>Run Mageia Updater</_description>
<_message>Authentication is required to run Mageia Updater</_message>
<_description>Run Mageia Updater</_description>
<_message>Authentication as user is required to run Mageia Updater</_message>
I will commit this change on git.
There is a need to update translations too.
Created attachment 7091 [details]
Add indication of user as password owner for polkit agent
What if it's configured to require root user? Will the message be different?
(In reply to Samuel VERSCHELDE from comment #11)
> What if it's configured to require root user? Will the message be different?
Where can it be configured to ask for root's password?
I found anything in msec.
(In reply to papoteur from comment #12)
> Where can it be configured to ask for root's password?
> I found anything in msec.
In draksec: http://doc.mageia.org/mcc/5/en/content/draksec.html
The window will be the same for each case :/
But I think it is better that the message is related to the default behaviour.
Furthermore, when the password is false, we get a new window which ask:
- for the root password in case of root privileges needed, explicitly,
- for the password in case of user privileges, with any other information.
Maybe the following patch might display the requested username from the kde polkit agent.
source used for the creating the AuthDialog.cpp patch
Created attachment 11752 [details]
Patch AuthDialog.cpp for Kde Polkit agent
Should be fixed with upcoming polkit-kde-agent-1-5.19.4-2.mga8 for Cauldron and upcoming polkit-kde-agent-1-5.15.4-1.1.mga7 for mga7 in Core/Updates_testing repo!
Please test both if possible, thanks in advance.
The polkit-kde-agent packaged has been patched to have it show which user's
password (the logged in user, or root) that it is asking for when PolicyKit
is being used to allow the user to perform a privileged action.
Ran MageiaUpdate, polkit dialog popped up asking for a password but didn't say whose. Installed this update candidate, logged out and back in (to restart polkit agent), ran MageiaUpdate, and now it asked for "Password for david:" which is the intended result. Validating.
List of packages:
Packages in 7/core/updates_testing:
An update for this issue has been pushed to the Mageia Updates repository.