@@ -47,32 +47,36 @@ if [ "$1" = "configure" ]; then
4747 chmod 0770 "@ZITI_IDENTITY_DIR@"
4848 find "@ZITI_IDENTITY_DIR@" -maxdepth 1 -name "*.json" -type f -exec chown ziti:ziti "{}" + -exec chmod 0660 "{}" +
4949
50- # If polkitd is installed, skip PolicyKit-1 evaluation and do not place a .pkla file
51- if dpkg-query -W -f='${Status}' polkitd 2>/dev/null | grep -q "install ok installed"; then
52- : # no-op when polkitd is present
53- else
54- # determine PolicyKit-1 version robustly
55- policykit_version="$(dpkg-query -Wf '${Version}' policykit-1 2>/dev/null || true)"
56- max_policykit_version="0.106"
57- highest_policykit_version="$(printf '%s\n' "${policykit_version}" "${max_policykit_version}" | sort -V | tail -n1)"
58-
59- # determine installed systemd version robustly
60- systemd_version="$(dpkg-query -Wf '${Version}' systemd 2>/dev/null || true)"
61- min_systemd_version="243"
62- lowest_systemd_version="$(printf '%s\n' "${systemd_version}" "${min_systemd_version}" | sort -V | head -n1)"
63-
64- # install PolicyKit localauthority policy if PolicyKit-1 < v0.106 (https://askubuntu.com/questions/1287924/whats-going-on-with-policykit)
65- if [ -n "${policykit_version}" ] && [ "${policykit_version}" != "${max_policykit_version}" ] && [ "${max_policykit_version}" = "${highest_policykit_version}" ]; then
66- # run as root unless systemd >= v243 (required set-llmnr introduced v243 https://github.com/systemd/systemd/commit/52aaef0f5dc81b9a08d720f551eac53ac88aa596)
67- if [ -n "${systemd_version}" ] && { [ "${systemd_version}" = "${min_systemd_version}" ] || [ "${min_systemd_version}" = "${lowest_systemd_version}" ]; }; then
68- cp "@CPACK_SHARE_DIR@/@
[email protected] " "/var/lib/polkit-1/localauthority/10-vendor.d/@ZITI_POLKIT_PKLA_FILE@"
69- db_set ziti_edge_tunnel/install_pkla true
70- else
71- service_user=root
72- override_dir="@SYSTEMD_UNIT_DIR@/@
[email protected] "
73- mkdir -p "${override_dir}/"
74- ( echo '[Service]'; echo "User=root" ) > "${override_dir}/10-run-as-root.conf"
75- fi
50+ # Determine installed policy kit version:
51+ # Prefer polkitd if installed; otherwise fall back to policykit-1 (older releases)
52+ polkit_pkg=""
53+ if dpkg-query -W -f='${Status}' polkitd 2>/dev/null | grep -q '^install ok installed$'; then
54+ polkit_pkg="polkitd"
55+ elif dpkg-query -W -f='${Status}' policykit-1 2>/dev/null | grep -q '^install ok installed$'; then
56+ polkit_pkg="policykit-1"
57+ fi
58+
59+ polkit_version="$(dpkg-query -Wf '${Version}' "${polkit_pkg}" 2>/dev/null || true)"
60+ max_polkit_version="0.106"
61+ highest_polkit_version="$(printf '%s\n' "${polkit_version}" "${max_polkit_version}" | sort -V | tail -n1)"
62+
63+ # determine installed systemd version robustly
64+ systemd_version="$(dpkg-query -Wf '${Version}' systemd 2>/dev/null || true)"
65+ min_systemd_version="243"
66+ lowest_systemd_version="$(printf '%s\n' "${systemd_version}" "${min_systemd_version}" | sort -V | head -n1)"
67+
68+ # install PolicyKit localauthority policy if polkitd < v0.106 (https://askubuntu.com/questions/1287924/whats-going-on-with-policykit)
69+ if [ -n "${polkit_version}" ] && [ "${polkit_version}" != "${max_polkit_version}" ] && [ "${max_polkit_version}" = "${highest_polkit_version}" ]; then
70+ # run as root unless systemd >= v243 (required set-llmnr introduced v243 https://github.com/systemd/systemd/commit/52aaef0f5dc81b9a08d720f551eac53ac88aa596)
71+ if [ -n "${systemd_version}" ] && { [ "${systemd_version}" = "${min_systemd_version}" ] || [ "${min_systemd_version}" = "${lowest_systemd_version}" ]; }; then
72+ install -D -m 0644 "@CPACK_SHARE_DIR@/@
[email protected] " \
73+ "/var/lib/polkit-1/localauthority/10-vendor.d/@ZITI_POLKIT_PKLA_FILE@"
74+ db_set ziti_edge_tunnel/install_pkla true
75+ else
76+ service_user=root
77+ override_dir="@SYSTEMD_UNIT_DIR@/@
[email protected] "
78+ mkdir -p "${override_dir}/"
79+ ( echo '[Service]'; echo "User=root" ) > "${override_dir}/10-run-as-root.conf"
7680 fi
7781 fi
7882
0 commit comments