GNOME Bugzilla – Bug 781596
apps-menu: DnD to Desktop doesn't set executable bit [3.24.1]
Last modified: 2017-04-24 15:24:17 UTC
Ubuntu GNOME 17.04 I built gnome-shell-extensions 3.24.1 and tried out the new feature where you can drag and drop an Applications launcher from the Applications menu to the Desktop if you have Desktop Icons turned on. The feature doesn't work in Ubuntu because the newly created file does not have the executable bit set. I think the failure is because of a patch in Ubuntu that was not accepted into GNOME. https://wiki.ubuntu.com/SecurityTeam/Policies#Execute-Permission_Bit_Required https://bazaar.launchpad.net/~ubuntu-desktop/nautilus/ubuntu/view/head:/debian/patches/06_never_exec_nonexec_launchers.patch Without the executable bit, the file does not show the app icon and shows as a text file named org.gnome.Calculator.desktop (for instance). Therefore, it does not make sense for me to push this package through Ubuntu's Stable Release Updates process if the new feature in a "bugfix" release doesn't work.
Created attachment 350214 [details] [review] apps-menu: Mark copied .desktop files as trusted The application can already be launched from the menu without further confirmation from the user, so there is no security gain in asking the user to trust it when launched from the desktop - just set the appropriate attributes of the newly copied file to mark it as trusted to nautilus.
Created attachment 350215 [details] [review] apps-menu: 'Touch' copied .desktop file after updating attributes At least for now, nautilus' file monitor is blind to certain metadata updates: https://git.gnome.org/browse/nautilus/tree/src/nautilus-mime-actions.c#n1537 So in order for the changes in the previous patch to take effect immediately, we need to force nautilus to reload the file info. Achieve this by updating the access time of the newly copied file after marking it as trusted.
Thanks for the quick fix! I tested with these 2 patches and my test case works now.
Review of attachment 350214 [details] [review]: who consumes the metadata::trusted attribute? logic seems fine
Review of attachment 350215 [details] [review]: ok
(In reply to Rui Matos from comment #4) > who consumes the metadata::trusted attribute? Nautilus: https://git.gnome.org/browse/nautilus/tree/src/nautilus-directory-async.c#n3591
Attachment 350214 [details] pushed as 5cb2657 - apps-menu: Mark copied .desktop files as trusted Attachment 350215 [details] pushed as 8453cf0 - apps-menu: 'Touch' copied .desktop file after updating attributes