Comment 17 for bug 909189

I believe I have fixed these - the only temporary files still used in /tmp are never used as executables (made by voice_list.sh). For the sketchy creation of the root playfile, I now have a separate script to create and write to the file which is run as root so that the file is created with root permissions before writing to.

In fixing these, however, I noticed that gksudo/sudo has been giving recent problems. In particular, calls to sudo fail even after calls to gksudo IF wakeup-settings is not run through a terminal. I decided to try to migrate to using pkexec, since this seems the more up-to-date approach anyway, but it is poorly documented. I tried creating a .policy file which would allow only the commands needed (crontab, setalarm, setnextalarm.py, createRootPlayfile.py) with an allow_active default as auth_admin_keep for a "meta-action" defined using annotation org.freedesktop.policykit.imply, but every action defined using this method needs to be separately authenticated.

I've attached the .policy file. Do you have suggestions on how to fix this? The behavior I get is:
1. authenticate com.ubuntu.wakeup.exec using (prompts for password for com.ubuntu.wakeup.exec, is_auth returns True):
pid=os.getpid()
action_id='com.ubuntu.wakeup.exec'
service = dbus.SystemBus().get_object('org.freedesktop.PolicyKit1', '/org/freedesktop/PolicyKit1/Authority')
policy_kit=dbus.Interface(service, 'org.freedesktop.PolicyKit1.Authority')
(granted, _, details) = policy_kit.CheckAuthorization(('unix-process', {'pid':dbus.UInt32(pid, variant_level=1), 'start-time':dbus.UInt64(0,variant_level=1)}),action_id,{},dbus.UInt32(1),'',timeout=600)
(is_auth, _, details) = policy_kit.CheckAuthorization(('unix-process', {'pid':dbus.UInt32(pid, variant_level=1), 'start-time':dbus.UInt64(0,variant_level=1)}),action_id,{},dbus.UInt32(0),'',timeout=600)
2. try calling subprocess.call(['pkexec', 'setnextalarm.py'])
    ---> get pkexec popup asking for authentication for com.ubuntu.wakeup.exec.setnextalarm