0

I have made a GUI application which I pack into a deb package and distribute it using my repository. I would like to check on the application startup if there is an available update in the repository and show a popup window that asks the user if he wants to install this update or ignore it. If he would like to install it - the application will download a new deb file in the background, then launch sudo gdebi packagepath or sudo dpkg -i packagepath. At this moment I need root access so I think to use pkexec in order to request it.

Am I correct doing this or there is a better approach and is pkexec designed for cases like this? Also, can I call pkexec from C or there are only bash commands available? Thank anyone for help

Sergey Anisimov
  • 885
  • 8
  • 22
  • This seems like an odd thing to put in your own application. Using `apt` to update the system is easier and less error-prone than doing the download and upgrade yourself. – tripleee Jun 21 '20 at 07:14
  • @tripleee, there can be different ways of doing it. Yeah, I can do it with apt but it still requires root access and my question is about using pkexec for this kind of things – Sergey Anisimov Jun 21 '20 at 07:16
  • Why do you need `pkexec` if you already use `sudo`? – tripleee Jun 21 '20 at 07:16
  • @tripleee because this is called from gui. These commands can be launched without sudo if it's called with pkexec like `pkexec dpkg -i package` – Sergey Anisimov Jun 21 '20 at 07:19
  • to elevate priveleges from C code, you have to use *setuid*..for an example see https://cboard.cprogramming.com/linux-programming/166827-temporarily-gain-root-privileges-perform-open-file.html – secret squirrel Jun 22 '20 at 10:37
  • @secretsquirrel I've checked the link and man page, not sure if it's what I can use here. Could you please give an example on how to use it for apt update? – Sergey Anisimov Jun 22 '20 at 10:57
  • @sergeyansimov, like triplee said above, using apt or any kind of update manager should mean your own application doesn't need this kind of thing, but if you do - and beware about security - you can create a specific installer as part of your initial package whose only function is to install your updates, using the setuid, setguid system calls like in the example. It doesn't mean its the best way, I'm only answering that there is no pkexec system call for C, setuid is used within code. See https://stackoverflow.com/a/690925/5639126 – secret squirrel Jun 22 '20 at 11:11

0 Answers0