search

pieroproietti / penguins-eggs

On the road of Remastersys, Refracta, Systemback and father Knoppix!
https://penguins-eggs.net
397 stars 44 forks source link

Untrusted Launchers on Live Desktop #381

Closed C4C-Web closed 1 month ago

C4C-Web commented 2 months ago

Running my ISO live, both the penguins-eggs.desktop and install-system.desktop shortcuts on the Desktop are Untrusted application launchers. They work fine once [Launch Anyway] or [Mark Executible] are chosen, but it's disconcerting. These same launchers appear in the menu too and run without issue from there.

Also krill runs without issue from the live system (and only appears in the menu) but unlike the other two shortcuts - remains in the menu after installation and no longer functions.

Xubuntu 24.04, penguins-eggs/10.0.27 linux-x64 node-v18.19.1

pieroproietti commented 2 months ago

Yes, it's true.

the way to sign desktop links is a bit confusing and different from differents desktops: plasma, gnome, xfce, etc.

So just sign them as executable - a was before - but don't use:

All the links remain in the menu: penguins-eggs.desktop and system-install.desktop, probably I can delete system-install.desktop once installed, don't see contraindications.

Ok, this are notes to implement trust desktop links in the next versions.

pieroproietti commented 2 months ago

Using gio info Desktop/penguins-eggs.desktop and comparing before enable the link and after, another field is involved:

metadata::xfce-exe-checksum: f3018e0f6a808af43d3c75c19a069945f80b74f4e4e3535497e3c98624bb2ab0

where xfce-checksum is the sha256sum of the link.

Remain to look to gnome.

pieroproietti commented 2 months ago

As I understood, on gnome and others derivatives use the command gio, and gio use GVfs to store data and the store is under ~/.local/share/gvfs-metadata/ so became a caos manage all the cases: we don't export users!.

For KDE must to be more simple probably, I had not tested.

I need a more clear and simple solution to implement it.

C4C-Web commented 2 months ago

Thanks so much for looking into this. I believe I found the file that creates these shortcuts on the live desktop and edited it to try to fix, but that file appears to be re-created every time so my edits didn't stick.

pieroproietti commented 2 months ago

If you find the way you can share, perhaps help me to understand.

I noticed that if I take the link with "add to desktop" the xfce-checksum is created automatically, but I must to work with scripts no gui.

Il giorno ven 23 ago 2024 alle ore 21:02 Eric Bradshaw < @.***> ha scritto:

Thanks so much for looking into this. I believe I found the file that creates these shortcuts on the live desktop and edited it to try to fix, but that file appears to be re-created every time so my edits didn't stick.

— Reply to this email directly, view it on GitHub https://github.com/pieroproietti/penguins-eggs/issues/381#issuecomment-2307651758, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHKBFKJYUOTYAAWWIPJEG3ZS6BMLAVCNFSM6AAAAABM7G4OWKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMBXGY2TCNZVHA . You are receiving this because you commented.Message ID: @.***>

-- Piero Proietti Via Pio Joris 15, 00155 Roma *sito: h @.>ttp://penguins-eggs.net http://penguins-eggs.net Internet MAIL: @. @.**>

C4C-Web commented 2 months ago

Found /usr/bin/penguins-links-add.sh which I believe tells the live system to copy install-system.desktop and penguins-eggs.desktop and paste them on the Desktop and then runs a command that makes them trusted - but that part of it is apparently not working.

#!/bin/sh
DESKTOP=$(xdg-user-dir DESKTOP)
while [ ! -d "$DESKTOP" ]; do
  DESKTOP=$(xdg-user-dir DESKTOP)
  sleep 1
done
cp /usr/share/applications/install-system.desktop "$DESKTOP"
cp /usr/share/applications/penguins-eggs.desktop "$DESKTOP"
chmod +x "$DESKTOP"/*.desktop

So, I removed cp /usr/share/applications/penguins-eggs.desktop "$DESKTOP" altogether and changed the command to be a+x, tried to specifically point to install-system.desktop, make it trusted and then try and force the Desktop to refresh (like pressing F5), create and then immediately remove a folder (I named c4c)

#!/bin/sh
DESKTOP=$(xdg-user-dir DESKTOP)
while [ ! -d "$DESKTOP" ]; do
  DESKTOP=$(xdg-user-dir DESKTOP)
  sleep 1
done
cp /usr/share/applications/install-system.desktop "$DESKTOP"
chmod a+x "$DESKTOP"/install-system.desktop
gioset "$DESKTOP"/install-system.desktop
metadata::trusted true
mkdir "$DESKTOP"/c4c && rm -rf "$DESKTOP"/c4c

That didn't work so I decided to try hard links instead. I deleted /usr/lib/penguins-eggs/assets/penguins-eggs.desktop and /usr/share/applications/penguins-eggs.desktop then changed /usr/bin/penguins-links-add.sh to see if I could add krill on the live desktop

#!/bin/sh
DESKTOP=$(xdg-user-dir DESKTOP)
while [ ! -d "$DESKTOP" ]; do
  DESKTOP=$(xdg-user-dir DESKTOP)
  sleep 1
done
ln /usr/share/applications/install-system.desktop "$DESKTOP"
ln /usr/share/applications/penguins-krill.desktop "$DESKTOP"

That half-way worked? Deleting both instances of penguins-eggs.desktop made that shortcut stop showing up on the live Desktop, but krill did not get added to the live desktop and install-system.desktop didn't change a bit - it's still an untrusted shortcut, not a hard link. Just dawned on me this may be how I ended up will krill in the menu after install.

penguins-links-add.sh always gets reset to it's original values. /usr/lib/penguins-eggs/assets/penguins-links-add.desktop seems to initialize it but I can't see where Penguins' eggs re-creates it.

C4C-Web commented 1 month ago

This really looks like it could solve the issue: How to Mass-Trust .desktop Files Via Shell on XFCE Forums https://forum.xfce.org/viewtopic.php?pid=70143#p70143

pieroproietti commented 1 month ago

FILE; gio set -t string $f metadata::xfce-exe-checksum "$(sha256sum $f | awk '{print $1}')"

Thanks for this solution.

Il gio 29 ago 2024, 22:27 Eric Bradshaw @.***> ha scritto:

This really looks like it could solve the issue: How to Mass-Trust .desktop Files Via Shell on XFCE Forums https://forum.xfce.org/viewtopic.php?pid=70143#p70143

— Reply to this email directly, view it on GitHub https://github.com/pieroproietti/penguins-eggs/issues/381#issuecomment-2318904671, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHKBFIAX7H2UVGVYU4LWQ3ZT57ZTAVCNFSM6AAAAABM7G4OWKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMJYHEYDINRXGE . You are receiving this because you commented.Message ID: @.***>

C4C-Web commented 1 month ago

Ran penguins-eggs_10.0.33-1_amd64 and it's fixed! Penguins' eggs and Install System launchers on the Desktop both worked without issue.