Workaround for hardcoded tray icons without using Hardcode-Tray: fallback to standard icons for single app?

[korg91]

Hi,

I'm trying to have a monochrome tray icon for KeepasXC. I know that unfortunately Numix cannot replace it with a custom tray icon as it's hardcoded (https://github.com/numixproject/numix-icon-theme/issues/1289). KeepassXC does offer a monochrome tray icon in the settings, but it doesn't work because Numix replaces the tray icon with the app icon for KeepassXC (which is colorful). KeepassXC's tray icon does work if I select Yaru icons in gnome-tweaks.

I believe Hardcode-Tray could fix that, but I'm quite security-conscious and while I'm sure the team behind Hardcode-Tray is trustworthy, I'm really trying to keep to a minimum the software from outside the official Ubuntu repos.

As a workaround, I could accept using KeepassXC's default tray icons (while keeping Numix's app KeepassXC icon, if possible). Is there a way to "exclude" a single app from Numix without installing additional software?

Thank you!

[Foggalong]

As possible reassurance about security, there's some overlap between Hardcode-Tray's development team and Numix's team. I was one of the folks who worked with @bilelmoussaoui, another Numix contributor, on its initial versions. Since (like hardcode-fixer) it's icon-theme-agnostic though, it made sense to package it separately rather than for one specific theme.

That said, this doesn't sound like a hardcoded tray icon. What's likely happening is that KeepassXC is requesting an icon lookup from your Ubuntu system for something like keepassxc-tray.svg. When the lookup method returns that it doesn't exist in Numix, KeepassXC then requests it look for keepassxc.svg as a fallback. This of course does exist in Numix as its app icon.

The reason you're not seeing this happen with Yaru is because it provides neither keepassxc.-tray.svg or keepassxc.svg, so instead fallback to using the icons that came bundled with KeepassXC which it'll have placed in $$XDG_DATA_DIRS/icons/hicolor.

What we need on our end to fix this is the actual filename KeepassXC uses for keepassxc-tray.svg. We can then make an icon for it in the relevant director and then package it for part of the base theme, which will be detected by Keepass' icon lookups when used with Numix Circle and Square.

[korg91]

Many thanks for this @Foggalong! I know nothing about icon theming so I might be wrong, but looking at the issue that I linked in the OP (https://github.com/numixproject/numix-icon-theme/issues/1289) it looks like Numix can't really theme KeepassXC's tray icon. Do you know if anything has changed since then?

As a hopeful attempt, I've tried to copy-paste all keepassxc* files from $XDG_DATA_DIRS/icons/hicolor (could find any only in scalable/apps/) into these folders:

/usr/share/icons/Numix/24/panel
/usr/share/icons/Numix/24/status
/usr/share/icons/Numix/scalable/status
/usr/share/icons/Numix/scalable/apps (I've created the folder)

Tried to reboot, it doesn't work: it still shows Numix's KeepassXC app icon.

Regarding security, it is good to know that the Numix team is involved in Hardcode-Tray, but unfortunately that doesn't really address my attack model. I do trust that Hardcode-Tray developers are not malicious, but I'm worried of potential vulnerabilities introduced by the code, either unknowingly or maliciously by an external adversary (e.g. by stealing credentials or sending malicious PR requests). There are a lot of open source developers who use good security practices, but by now we know that security has currently become a big issue in "minor" open source software -- so I've recently decided to take a heavy minimization approach on everything I install from unofficial sources. Unfortunately I don't have the skills nor the time to manually check the code. In fact, even for Numix I stick to the package in the official Ubuntu repo, even though it's outdated. Unfortunately there's no easy solution to this, the Linux security model for external apps is quite broken and very broken when it comes to customization. I hope you won't take this personally: I'm a big fan of Numix and I've been using your icons for many years now, you guys make my user experience so much more pleasant and I'm super grateful for that. [actually, I've just realized I haven't made a donation in a while, but I can't find any donation address?]

[Foggalong]

looking at the issue that I linked in the OP (#1289)

This is entirely my bad, I completely glossed over the issue reference. Judging by this comment, if you were using the version which was hardcoded then the colourful Numix icon wouldn't be showing up at all. That makes me think it might be the non-hardcoded version you have? (and we just haven't yet fixed #1289)

I hope you won't take this personally

No offence at all, completely get where you're coming from. It'll be very interesting to see how increasing demand for greater security comes up against demand for customisability and how that all shakes out.

I've just realized I haven't made a donation in a while, but I can't find any donation address?

We actually stopped accepting donations a while back! The projects weren't as active as they'd once been and the only infrastructure cost we have is our domain name, so for now at least we've been asking people to donate either to GNOME (who make librsvg and gtk) or Inkscape, without whom none of our work would be possible :slightly_smiling_face:

[palob]

Closing this because there is nothing we can do about this. (Feel free to reopen in case you think I'm wrong here).