/var/lib/PolicyKit must have mode 770 and be owned by root:policykit (this is because normal users must only read and write to it via a specific setgid binary, /usr/libexec/polkit-grant-helper). And indeed, this is how the /var/lib/PolicyKit directory is created on a first install of policykit-0.9 Unfortunately, earlier versions of policykit installed /var/lib/PolicyKit directory as owned by polkituser:polkituser, mode 755. When upgrading from an earlier version of policykit to 0.9, the ebuild check that the group and mode for the directory are valid, which leads to authorization failure because polkit-grant-helper can no longer save authorization info for users. At the minimum, the ebuild should check the group and permissions of /var/lib/PolicyKit print an ewarn if they are incorrect.
> /var/lib/PolicyKit must have mode 770 and be owned by root:policykit Typo, I meant must have mode 770 and be owned by root:polkituser
Additionally, the ebuild should check that /var/run/PolicyKit is mode 770, owned by root:polkituser (again, older versions of policykit had /var/run/PolicyKit as mode 755, which leads to authorization failures after upgrading to policykit-0.9),
ok I've pushed something to the overlay, without a bump. It should do the right thing if user had a <0.9 release installed. Please tell me if everything looks ok to you and reopen if it's not.
Ebuild fails with this new check; it uses braces inside quotes, expecting the shell to expand the braces (when it doesn't.) chmod 0770 "${ROOT}var/{lib,run}/PolicyKit" || die "chmod failed" ^ ^ chgrp -R polkituser "${ROOT}var/{lib,run}/PolicyKit" || die "chgrp failed" ^ ^ Removing the quotes works fine, though I'm not sure if it's exactly proper...
(In reply to comment #4) > Ebuild fails with this new check; it uses braces inside quotes, expecting the > shell to expand the braces (when it doesn't.) Fixed in the overlay without a bump (not sure if there _should've_ been a bump :p)