KDE Neon is build on Ubuntu LTS (currently 18.04) with up-to-date Qt and KDE libraries. Updates tend to arrive pretty much every other day and it gets annoying to enter your password every time you launch Discover to install an update.

There is a way to allow software to work with packages without them asking for a password. The key is configuring Polkit properly.

When Discover wants to run an update, it uses the PackageKit backend, which in turn asks Polkit for permissions. In this request it sends a type of action it intends to perform. Since these permissions are managed by PackageKit, it’s possible to find their names in it’s source. In this case:

org.freedesktop.packagekit.system-update

Polkit then looks into defined rules and proceeds accordingly. By default there is no special rule for this kind of action in Ubuntu 18.04 so the password requesting popup shows up.

It’s possible to add new rules overriding this default behaviour. Ubuntu 18.04 uses a rather old version of Polkit. This version can be checked by running:

pkaction --version

If you get version 0.105 or lower, you can use following procedure.

1. Add a new file in folder /etc/polkit-1/localauthority/50-local.d/, for example “10-package-manipulation-nopasswd.pkla”
2. Find out name of the required action.
3. Enter required configuration following the polkit rules syntax
4. Save the file and try it out

Your configuration can look something like this:

[Configuration]
Identity=unix-user:wincak
Action=org.freedesktop.packagekit.system-update
ResultAny=yes
ResultInactive=yes
ResultActive=yes

Now, since it’s possible to run updates without entering a password, how about also installing and uninstalling the same way?

To do this, just add more actions separated by semicolon.

Action=org.freedesktop.packagekit.package-install;org.freedesktop.packagekit.package-remove;org.freedesktop.packagekit.system-update

And now you can install, remove and update packages using Discover without entering a password.