I’m developing an application that needs to run some commands that require sudo perms. I’m currently using /usr/libexec/openssh/ssh-askpass which works fine in fedora 37, but appears to be bugged in ubuntu. Looking at arch, it seems they are using seahorse to provide ssh-askpass capability. I have not tested that yet. I also see GCR (GNOME Crypto REEEEEE?) mentioned, but i’m not sure if it is intended to be usable for sudo password collection, nor of it’s current dev state.
My question is… what is the best integrated, preferably universal to all/major/most distros, currently working, and future-proof method to use going forward? Is fedora going to keep using the gnome askpass from openssh? seahorse? GCR ?
Why are you integrating with it directly like that? If you use polkit, it will automatically select an appropriate agent to use based on what is available on that user’s system.
thanks for your answer. i think i just completely forgot about polkit. Assuming i use pkexec then; what auth agent(s) is best integrated and supported across distros like fedora, ubuntu, arch, alpine, and opensuse? Assuming Gnome, and then just gtk available, now and going forward.
yes, i agree that i shouldn’t, but i wanted to know what the options are in case i want to test them, make recommendations, or document things. I guess i’ll just try it out with different distros and DEs and see what happens. I can always ask again if it doesn’t work out. thanks for the info.
just wanted to say thanks again to @dalto for nudging me towards a polkit solution. I was indeed doing things in a suboptimal way. Using pkexec to call a separate process (that runs the multiple commands) works with one password entry, no inhibitShortcutsDialog from GNOME, and uses a more appropriate agent/password collection dialog.
Assuming i use