Skip to content

gs-app-context-bar: Improve handling of non-sandboxed applications

Philip Withnall requested to merge pwithnall/gnome-software:1450-rpm-app-context into main

Non-sandboxed applications (basically anything provided by standard RPM or DEB distro packaging) has ‘unknown’ permissions in gnome-software’s internal model. Previously, this fact was stated explicitly (“Software has unknown permissions”).

That’s not particularly helpful to users. They don’t know what the permissions are, or what having unknown permissions means for how an application can be trusted. There’s a large amount of RPM/DEB packaged software out there and distros actually do a pretty good job of vetting it for malicious things. While the lack of sandboxing for such applications means that bugs in them can be exploited with sometimes wide-ranging effects (full access to the user’s home directory, for example), the applications can be trusted.

Let the user know that explicitly. Instead of saying the permissions are unknown, say that an application is not sandboxed and either comes from a (trusted) distribution repo, or from a (potentially less trusted) third party repo.

For GNOME 42 we can look at differentiating on the basis of sandboxing even more explicitly by (potentially) introducing a ‘trusted’ state for the tiles as a counterpoint to ‘safe’. It’s too late in the 41 cycle for that, though. See #1451 (closed) for that.

The differentiation between distro repos and third-party repos is done on the presence of the GS_APP_QUIRK_PROVENANCE quirk, which is set by the provenance plugin. In order to work correctly, this requires distros to configure the list of trusted repo IDs in the org.gnome.software.official-repos GSettings key. Fedora, for example, does this as a step in the gnome-software package install process. (See https://src.fedoraproject.org/rpms/gnome-software/blob/rawhide/f/gnome-software.spec#_130.)

As part of this, this commit removes the old handling of GS_APP_QUIRK_PROVENANCE: the strings weren’t entirely helpful, and it didn’t have a converse implemented.

Signed-off-by: Philip Withnall pwithnall@endlessos.org

Fixes: #1450 (closed)

Closes #1450 (closed)

Merge request reports