Daniel Lange's blog

On the way to Trixie, polkitd (Policy Kit Daemon) has lost the functionality to evaluate its .pkla (Polkit Local Authority) files.

$ zcat /usr/share/doc/polkitd/NEWS.Debian.gz 
policykit-1 (121+compat0.1-2) experimental; urgency=medium

  This version of polkit changes the syntax used for local policy rules:
  it is now the same JavaScript-based format used by the upstream polkit
  project and by other Linux distributions.

  System administrators can override the default security policy by
  installing local policy overrides into /etc/polkit-1/rules.d/*.rules,
  which can either make the policy more restrictive or more
  permissive. Some sample policy rules can be found in the
  /usr/share/doc/polkitd/examples directory. Please see polkit(8) for
  more details.

  Some Debian packages include security policy overrides, typically to
  allow members of the sudo group to carry out limited administrative
  actions without re-authenticating. These packages should install their
  rules as /usr/share/polkit-1/rules.d/*.rules. Typical examples can be
  found in packages like flatpak, network-manager and systemd.

  Older Debian releases used the "local authority" rules format from
  upstream version 0.105 (.pkla files with an .desktop-like syntax,
  installed into subdirectories of /etc/polkit-1/localauthority
  or /var/lib/polkit-1/localauthority). The polkitd-pkla package
  provides compatibility with these files: if it is installed, they
  will be processed at a higher priority than most .rules files. If the
  polkitd-pkla package is removed, .pkla files will no longer be used.

 -- Simon McVittie   Wed, 14 Sep 2022 21:33:22 +0100

This applies now to the polkitd version 126-2 destined for Trixie.

The most prominent issue is that you will get an error message: "Authentication is required to create a color profile" asking for the root(!) password every time you remotely log into a Debian Trixie system via RDP, x2go or the like.

This used to be mendable with a .pkla file dropped into /etc/polkit-1/localauthority/50-local.d/ ... but these .pkla files are void now and need to be replace with a Javascript "rules" file.

The background to his is quite a fascinating read ... 13 years later:
https://davidz25.blogspot.com/2012/06/authorization-rules-in-polkit.html

The solution has been listed in DevAnswers as other distros (Fedora, ArchLinux, OpenSuse) have been faster to depreciate the .pkla files and require .rules files. I amended the solution given there with checking for root to be automatically authenticated, too.

So, create a 50-color-manager.rules file in /etc/polkit-1/rules.d/:

and run systemctl restart polkit.

You should be good until polkit is rewritten in Rust.

The key on my girlfriend's MINI had to be replaced as the remote control parts of it decided to cease functioning.

The key is an interesting piece of engineering as it communicates with the car wirelessly, charges via electromagnetic induction and has a standard key quite elegantly hidden inside.

When the replacement key arrived it was already bruised on the chrome ring. So I went "duh, another two weeks wait on the next key" but the dealer just smiled, removed the chrome ring and replaced it with a new one.

Playing around with the key it had not occurred to me that the (quite easily scratched and bruised) chrome ring can simply be replaced.

So I figured, I'd document it: Using (strong enough) fingernails or a plastic or wooden spatula you can carefully remove the chrome ring from you MINI key and replace / refurbish / re-paint it. Work from one side. Push up as the chrome ring is open only on one side. There are four 8mm wide notches at 55° measured from the longitudinal axes of the key below the chrome ring. If you get your spatula locked in there you can easily leverage the chrome ring off the black plastic body of the key. Before you break things ask somebody with more manual skill to help you or pay a visit to your car dealer's spare parts desk.

The chrome ring as a spare part should be somewhat affordable as well. But I think being able to grind the ring and paint it matching the color of your MINI is a much cooler option. Please leave a comment / send a picture if you do this.

The engineer in me demanded to take the broken key apart. The inner shell is quite sturdy and the halves are tightly molded into each other, so removing the electronics will quite likely break the thing. Don't do it. But my girlfriend's was broken already, so this is what it looks inside.