From 532e746da530781dbe8073021156f4f1dd8e2cda Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Wed, 11 Sep 2024 09:47:57 +0200
Subject: ship a polkit rule...

... to allow running `pacman-offline` without authentication
for users of group `wheel`.
---
 Makefile                    |  1 +
 README.md                   | 10 ++++++++++
 polkit/pacman-offline.rules | 11 +++++++++++
 3 files changed, 22 insertions(+)
 create mode 100644 polkit/pacman-offline.rules

diff --git a/Makefile b/Makefile
index 54e71c6..fca6f02 100644
--- a/Makefile
+++ b/Makefile
@@ -21,6 +21,7 @@ install-bin:
 	$(INSTALL) -D -m0755 bin/pacman-offline $(DESTDIR)/usr/bin/pacman-offline
 	$(INSTALL) -D -m0644 config/offline.conf $(DESTDIR)/etc/pacman.d/offline.conf
 	$(INSTALL) -D -m0644 hook/99-pacman-offline.hook $(DESTDIR)/usr/share/libalpm/hooks/99-pacman-offline.hook
+	$(INSTALL) -D -m0644 polkit/pacman-offline.rules $(DESTDIR)/usr/share/polkit-1/rules.d/pacman-offline.rules
 	$(INSTALL) -D -m0644 systemd/pacman-offline.service $(DESTDIR)/usr/lib/systemd/system/pacman-offline.service
 	$(INSTALL) -D -m0755 systemd/pacman-offline $(DESTDIR)/usr/lib/systemd/scripts/pacman-offline
 	$(INSTALL) -D -m0644 systemd/pacman-offline-prepare.service $(DESTDIR)/usr/lib/systemd/system/pacman-offline-prepare.service
diff --git a/README.md b/README.md
index 0a8ef9f..331ba07 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,16 @@ It accepts some arguments:
 * *-t*: start timer for nightly reboot
 * *-y*: update sync databases
 
+### Elevating privileges
+
+The privileges are elevated automatically if `polkit` is installed. This works
+with no authentication if your user is member of the group `wheel`. To add your
+user to that group run:
+
+    usermod --append --groups wheel user
+
+If your user is not member of that group you will be asked for a password.
+
 ### Timer for preparation
 
 You can enable a timer to prepare the offline update automatically.
diff --git a/polkit/pacman-offline.rules b/polkit/pacman-offline.rules
new file mode 100644
index 0000000..82cc5c2
--- /dev/null
+++ b/polkit/pacman-offline.rules
@@ -0,0 +1,11 @@
+/* Allow members of the wheel group to run pacman-offline */
+
+polkit.addRule(
+	function(action, subject) {
+		if (action.id == "org.freedesktop.policykit.exec" &&
+		    action.lookup("program") == "/usr/bin/pacman-offline" &&
+		    subject.isInGroup("wheel")) {
+			return polkit.Result.YES;
+		}
+	}
+);
-- 
cgit v1.2.3-70-g09d2