itzks-systems-smartboard: Start SMARTBoardService daemon in user context (not as root) and provide proper udev rules to grant normal users sufficient access to SMART whiteboard devices.

11 files changed, 77 insertions, 30 deletions

diff --git a/bin/smarttech-SMARTBoardService b/bin/smarttech-SMARTBoardService
index 8b91702..fa53617 100755
--- a/bin/smarttech-SMARTBoardService
+++ b/bin/smarttech-SMARTBoardService
@@ -1,3 +1,3 @@
 #!/bin/bash
 
-pkexec smarttech-SMARTBoardService.as-root
\ No newline at end of file
+schroot -p -c precise-i386-smartboard-ITZkS "/opt/SMART Technologies/SMART Product Drivers/bin/SMARTBoardService" -start &
\ No newline at end of file
diff --git a/bin/smarttech-SMARTBoardService.as-root b/bin/smarttech-SMARTBoardService.as-root
deleted file mode 100755
index eaeb97c..0000000
--- a/bin/smarttech-SMARTBoardService.as-root
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-schroot -p -u root -c precise-i386-smartboard-ITZkS "/opt/SMART Technologies/SMART Product Drivers/bin/SMARTBoardService" -start &
\ No newline at end of file
diff --git a/debian/changelog b/debian/changelog
index 790954d..6797e8f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ itzks-systems (2015.02.17.1) UNRELEASED; urgency=medium
 
   * debian/control:
     + Add D (workstation-like systems): audacity.
+  * itzks-systems-smartboard: Start SMARTBoardService daemon in user
+    context (not as root) and provide proper udev rules to grant
+    normal users sufficient access to SMART whiteboard devices.
 
  -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de>  Tue, 17 Feb 2015 13:55:00 +0100
 
diff --git a/debian/control b/debian/control
index 9a8c8db..9fe7e31 100644
--- a/debian/control
+++ b/debian/control
@@ -380,7 +380,6 @@ Depends:
  mate-desktop-environment,
  mate-desktop-environment-extras,
  mate-media-pulse,
- mate-screensaver,
  mate-settings-daemon-pulse,
  mc,
  memtest86,
@@ -528,7 +527,6 @@ Depends:
  imagemagick,
  itzks-keyring,
  kdm,
- kdm-gdmcompat,
  kturtle,
  lazarus,
  libreoffice,
@@ -569,7 +567,6 @@ Depends:
  mate-desktop-environment,
  mate-desktop-environment-extras,
  mate-media-pulse,
- mate-screensaver,
  mate-settings-daemon-pulse,
  mc,
  musescore,
@@ -720,7 +717,6 @@ Depends:
  imagemagick,
  itzks-keyring,
  kdm,
- kdm-gdmcompat,
  kturtle,
  lazarus,
  libreoffice,
@@ -761,7 +757,6 @@ Depends:
  mate-desktop-environment,
  mate-desktop-environment-extras,
  mate-media-pulse,
- mate-screensaver,
  mate-settings-daemon-pulse,
  mc,
  musescore,
@@ -848,6 +843,8 @@ Conflicts:
  openoffice.org-thesaurus-de,
  openoffice.org-thesaurus-de-ch,
  openoffice.org-writer,
+Recommends:
+ kdm-gdmcompat,
 Description: Profiling for ITZkS Workstation Systems
  Install this package to pull in all dependencies required on
  ITZkS (diskfull) Workstation systems.
@@ -862,6 +859,9 @@ Depends:
  ${misc:Depends},
 Recommends:
  itzks-systems-workstation (>= ${source:Version}),
+ xscreensaver,
+Conflicts:
+ mate-screensaver,
 Description: Profiling for ITZkS Workstation Systems running a SMART Board
  Install this package to pull in all dependencies required on
  ITZkS (diskfull) Workstation systems.
diff --git a/debian/itzks-systems-smartboard.install b/debian/itzks-systems-smartboard.install
index 5db729b..8e21a6c 100644
--- a/debian/itzks-systems-smartboard.install
+++ b/debian/itzks-systems-smartboard.install
@@ -1,5 +1,6 @@
 bin/smarttech* usr/bin/
 etc/xdg/autostart/smarttech-SMART*.desktop etc/xdg/autostart/
 etc/schroot/chroot.d/precise-i386-smartboard-ITZkS etc/schroot/chroot.d/
+etc/schroot/slxdesktop.ITZkS etc/schroot/
 share/itzks-systems-smartboard/ usr/share/
-share/polkit-1/actions/*smarttech*.policy usr/share/polkit-1/actions/
\ No newline at end of file
+lib-udev-rules.d/60-SMARTBoard32.rules lib/udev/rules.d/
\ No newline at end of file
diff --git a/etc/schroot/chroot.d/precise-i386-smartboard-ITZkS b/etc/schroot/chroot.d/precise-i386-smartboard-ITZkS
index eb1ace3..f61334d 100644
--- a/etc/schroot/chroot.d/precise-i386-smartboard-ITZkS
+++ b/etc/schroot/chroot.d/precise-i386-smartboard-ITZkS
@@ -5,5 +5,5 @@ description=Ubuntu precise/i386 with SMART Notebook
 directory=/srv/schroot/precise-i386-smartboard-ITZkS
 groups=root,teachers,admins,sudo
 root-groups=root,admins,sudo
-profile=desktop
+profile=slxdesktop.ITZkS
 personality=linux32
diff --git a/etc/schroot/slxdesktop.ITZkS/copyfiles b/etc/schroot/slxdesktop.ITZkS/copyfiles
new file mode 100644
index 0000000..22b2961
--- /dev/null
+++ b/etc/schroot/slxdesktop.ITZkS/copyfiles
@@ -0,0 +1,4 @@
+# Files to copy into the chroot from the host system.
+#
+# <source and destination>
+/etc/resolv.conf
diff --git a/etc/schroot/slxdesktop.ITZkS/fstab b/etc/schroot/slxdesktop.ITZkS/fstab
new file mode 100644
index 0000000..481db98
--- /dev/null
+++ b/etc/schroot/slxdesktop.ITZkS/fstab
@@ -0,0 +1,27 @@
+# fstab: static file system information for chroots.
+# Note that the mount point will be prefixed by the chroot path
+# (CHROOT_PATH)
+#
+# <file system> <mount point>   <type>  <options>       <dump>  <pass>
+/proc           /proc           none    rw,bind         0       0
+/sys            /sys            none    rw,bind         0       0
+/dev            /dev            none    rw,bind         0       0
+/dev/pts        /dev/pts        none    rw,bind         0       0
+/home           /home           none    rw,bind         0       0
+/tmp            /tmp            none    rw,bind         0       0
+/srv            /srv            none    rw,bind         0       0 
+/skole          /skole          none    rw,rbind         0       0
+
+# If you use gdm3, uncomment this line to allow Xauth to work
+#/var/run/gdm3  /var/run/gdm3   none    rw,bind         0       0
+# For PulseAudio and other desktop-related things
+/var/lib/dbus    /var/lib/dbus  none    rw,bind         0       0
+
+# It may be desirable to have access to /run, especially if you wish
+# to run additional services in the chroot.  However, note that this
+# may potentially cause undesirable behaviour on upgrades, such as
+# killing services on the host.
+#/run           /run            none    rw,bind         0       0
+#/run/lock      /run/lock       none    rw,bind         0       0
+#/dev/shm       /dev/shm        none    rw,bind         0       0
+#/run/shm       /run/shm        none    rw,bind         0       0
diff --git a/etc/schroot/slxdesktop.ITZkS/nssdatabases b/etc/schroot/slxdesktop.ITZkS/nssdatabases
new file mode 100644
index 0000000..722a451
--- /dev/null
+++ b/etc/schroot/slxdesktop.ITZkS/nssdatabases
@@ -0,0 +1,11 @@
+# System databases to copy into the chroot from the host system.
+#
+# <database name>
+passwd
+shadow
+group
+gshadow
+services
+protocols
+networks
+hosts
diff --git a/lib-udev-rules.d/60-SMARTBoard32.rules b/lib-udev-rules.d/60-SMARTBoard32.rules
new file mode 100644
index 0000000..1737de2
--- /dev/null
+++ b/lib-udev-rules.d/60-SMARTBoard32.rules
@@ -0,0 +1,23 @@
+#SMART Technologies rules for permissions.
+SUBSYSTEM=="usb", ATTR{idVendor}=="0b8c", MODE="0666"
+SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_interface", ATTR{idVendor}=="0b8c", MODE="0666"
+SUBSYSTEMS=="usb", DRIVERS=="usb", ATTRS{idVendor}=="0b8c", MODE:="0666"
+#
+#Kernel 2.6.32 and greater has a bug that causes the mouse pointer to jump to the top left corner in HID mouse mode.
+#Disable the event stream for affected products.
+#Actually the bug began in 2.6.30, but these rules only work on 2.6.32.  You need an fdi policy file to work around 2.6.31.
+#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0001", NAME="SB%k"
+#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0002", NAME="SB%k"
+#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0003", NAME="SB%k"
+#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0004", NAME="SB%k"
+#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0005", NAME="SB%k"
+#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0006", NAME="SB%k"
+#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0007", NAME="SB%k"
+#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0008", NAME="SB%k"
+#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="000a", NAME="SB%k"
+#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="000b", NAME="SB%k"
+#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0017", NAME="SB%k"
+#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0060", NAME="SB%k"
+#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0061", NAME="SB%k"
+#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0042", NAME="SB%k"
+
diff --git a/share/polkit-1/actions/org.debian.pkexec.smarttech-SMARTBoardService.policy b/share/polkit-1/actions/org.debian.pkexec.smarttech-SMARTBoardService.policy
deleted file mode 100644
index 6184c57..0000000
--- a/share/polkit-1/actions/org.debian.pkexec.smarttech-SMARTBoardService.policy
+++ /dev/null
@@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE policyconfig PUBLIC
- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
-<policyconfig>
-
-  <action id="org.debian.pkexec.smarttech-SMARTBoardService">
-    <message>Authentication is required to run the SMART Board Service</message>
-    <icon_name>system-run</icon_name>
-    <defaults>
-      <allow_any>no</allow_any>
-      <allow_inactive>no</allow_inactive>
-      <allow_active>yes</allow_active>
-    </defaults>
-    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/smarttech-SMARTBoardService.as-root</annotate>
-    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
-  </action>
-
-</policyconfig>