Update manager now requires two authentications

Confirming the bug, as I've experienced this myself.

I can confirm this on two different installations of karmic, and it has been happening for a few days.

I've also noticed that the PolicyKit action list (System > Administration > Authorisations) only contains org.freedesktop.policykit and com.ubuntu.checkbox -- shouldn't update-manager (and a bunch of other stuff) appear there as well?

The problem seems to be that action "org.debian.apt.update-cache", contained in file /usr/share/polkit-1/actions/org.debian.apt.policy, now has all the "allow"s set to "auth_admin[_keep]" instead of "yes". Changing these by hand brings back passwordless checking of repositories. This .policy file is provided by package aptdaemon.

I'm still wondering, though -- shouldn't polkit-gnome-authorization display all the entries in /usr/share/polkit-1/actions in addition to the ones in /usr/share/PolicyKit/policy?

Bug #448192 addresses the polkit-gnome-authorization issue.

Actually the default policy allows every user who sits in front of the computer to update the package cache. Do you run from a VNC/remote session?

Aptdaemon uses PolicyKit-1. AFAIK there isn't yet any graphical admin client for PolicyKit-1

I get this bug too and I'm definitely not running from a VNC or remote session.

> Actually the default policy allows every user who sits in front of the computer to
> update the package cache. Do you run from a VNC/remote session?

Nope. The relevant bit of /usr/share/polkit-1/actions/org.debian.apt.policy, as installed by aptdaemon, is:

  <action id="org.debian.apt.update-cache">
    <description>Update package information</description>
    <message>Authentication is required to query the software repositories for installable packages</message>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
  </action>

The above matches the behaviour we have been seeing. Changing "auth_admin" and "auth_admin_keep" to "yes" works as expected, removing the need to authenticate.

Is there a way to only allow a specified user?

(or a specific group?)

I'm running a normal desktop session. Nothing remote or abnormal.

@Nicolò:

Create a file /var/lib/polkit-1/localauthority/50-local.d/localhost.pkla (as root) with the following contents:

[Allow myself updating packages]
Identity=unix-user:<user-name>
Action=org.debian.apt.update-cache
ResultAny=no
ResultInactive=no
ResultActive=yes

You can also replace 'unix-user:<user-name>' with 'unix-group:<group-name>'. A semicolon-separated list is also allowed. You can of course set all three 'Result*' to 'yes' if you wish. And the title "Allow myself ..." is also entirely arbitrary. See more in 'man 8 pklocalauthority'. Type 'pkaction' for a list of other actions you can tweak the authorisation requirements for.

Sorry the default policy was changed by/in Ubuntu. You are correct about this issue.

@Sebastian: was the policy change intended, then?

Hmm.. The latest update-manager 1:0.126.2 seems to have reverted to using gksudo for authentication - and possibly not using aptdaemon (!?). Can anyone confirm this, or did I mess something up badly? If this is correct, this bug would be resolved (not in the way I would have expected, though).

Right. Update-manager now uses the synaptic backend again since we don't think that aptdaemon can provide the same stability now. But as it will improve things may change in the next release of Ubuntu.

The policy change was intended since it is now possible to set the HttpProxy for a cache update. This would result in a leak of usernames and passwords in the sources url, e.g. "deb http://joe:<email address hidden>/ubuntu karmic main".

I see. I'll mark the bug as fixed, then.

In Maverick Update Manager asks password twice: on check and on install updates