Permissions accepter asking to accept permisisons which haven't changed

[timthelion]

subuser repair asks me to accept a bunch of permissions and I don't know why.

[timthelion]

Here is an example:

> ./logic/subuser repair firefox
[sudo] password for timothy: 
Sorry, try again.
[sudo] password for timothy: 
Verifying subuser configuration.
WARNING: !subuser-texttest is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: calibre is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: camlistore-dev@camlistore-1ab6f789-3267-4d13-bf92-30d36c73c956 is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: camlistore-dev@camlistore-be1a76e7-2c0b-4895-a2ea-718731aa28e8 is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: docs-dev@subuser-70f46076-0b43-4584-a5af-980a0cba5495 is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: emacs is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: factor-dev@factor-subuser-160094ed-d3b8-4693-9829-3c950572db58 is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: fenfire-dev@fenfire-1665b48a-734e-43a9-9675-40aff24e11ea is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: freecad-dev is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: freecad-dev@Freecad-code-fa4982fa-ce44-48ff-8bab-7cd76db86604 is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: hg is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: plover-devel is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: screenkey is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: subuser-gui-devel is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: texttest-dev@subuser-645805a9-e4a8-4786-a929-38076346fa31 is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: texttest-dev@subuser-a54030dc-b415-405e-aac5-76ae266400ae is no longer present in it's source repository. Support for this progam may have been dropped.
WARNING: tor is no longer present in it's source repository. Support for this progam may have been dropped.
Warning: The image source for subuser !test-image-subuser-subuser-dev-dev is no longer available.
!xterm-subuser-for-xpra-bridge-test would like to add/change the following permissions:
   - To be able to display windows.
   - Is able to access the host's clipboard.
   - Is able to change the mouse's cursor icon.
   - Window borders will be red
A - Accept and apply changes
E - Apply changes and edit result
e - Ignore request and edit permissions by hand
r - Reject permissions.
Please select an option:A 

As can be seen, permissions have not changed:

> subuser describe subuser \!xterm-subuser-for-xpra-bridge-test
Subuser: !xterm-subuser-for-xpra-bridge-test
------------------
xterm@default
Docker image Id: sha256:d24f0509e0d46a0181e9135e044046a9fac3dd50560d0134a86a89ea7b924793
 Description: A trivial terminal emulator
 Maintainer: Timothy Hobbs <timothyhobbs (at) seznam dot cz>
 Executable: /usr/bin/xterm
 Conservative permissions(These are safe):
  - stateful-home: To have its own home directory where it can save files and settings.
  - inherit-locale: To find out which language you speak and what region you live in.
  - inherit-timezone: To find out your current timezone.
 Moderate permissions(These are probably safe):
  - gui:
   * To be able to display windows.
   * Is able to access the host's clipboard.
   * Is able to change the mouse's cursor icon.
   * Window borders will be red
  - access-working-directory: To access the directory from which it was launched.
  - allow-network-access: To access the network/internet.

Seems to me that maybe this is a problem with dict ordering/comparison which is specific to the gui permission.

[timthelion]

Yup, seems like this bug is specific to the gui permissions.

ff would like to add/change the following permissions:
   - To be able to display windows.
   - Is able to access the host's clipboard.
   - Is able to change the mouse's cursor icon.
   - Window borders will be red
A - Accept and apply changes
E - Apply changes and edit result
e - Ignore request and edit permissions by hand
r - Reject permissions.

> subuser describe subuser ff
[sudo] password for timothy: 
Subuser: ff
------------------
iceweasel@default
Docker image Id: sha256:dc5f0bd772effc5e8756bd879823e064971a91acf5556fcbee6aa0dd133e9493
 Description: The firefox web browser.
 Maintainer: Timothy Hobbs <timothyhobbs (at) seznam dot cz>
 Executable: /usr/bin/firefox
 Conservative permissions(These are safe):
  - stateful-home: To have its own home directory where it can save files and settings.
  - inherit-locale: To find out which language you speak and what region you live in.
  - inherit-timezone: To find out your current timezone.
 Moderate permissions(These are probably safe):
  - gui:
   * To be able to display windows.
   * Is able to access the host's clipboard.
   * Is able to change the mouse's cursor icon.
   * Window borders will be red
  - user-dirs: To access to the following user directories: '~/Downloads'
  - sound-card: To access to your soundcard, can play sounds/record sound.
  - allow-network-access: To access the network/internet.

Time to go test: https://github.com/subuser-security/subuser/blob/master/logic/subuserlib/permissions.py#L240 better.