How to mass-trust .desktop files via shell?

Maniaxx · 2022-12-16 21:38:57

Hi,
all my .desktop files are untrusted since 4.18. How can i mass-trust them via shell? I do not want to manually set it via appearing gui dialog or file/properties. Icons are not shown when untrusted.

ToZ · 2022-12-16 23:55:04

Two things need to be done to a .desktop file to make it trusted:

it needs to be marked executable:
```
chmod +x FILE
```

it needs to have an xfce-exe-checksum metadata entry created for the file:

f=FILE; gio set -t string $f metadata::xfce-exe-checksum "$(sha256sum $f | awk '{print $1}')"

You can then script something to have that happen iteratively to a series of files.

Maniaxx · 2022-12-17 00:13:50

Thanks, works.
There seems to be a little bug though if the .desktop file is symlinked (to the desktop). Trying to set the symlink 'trusted' via gui or file/properties only sets the symlink (not the actual linked file as well) resulting in gui/thunar still throwing the 'untrusted' warning when invoking.

Skaperen · 2022-12-19 04:01:25

i have only ever done step 1 and never did step 2. it has always worked for me when i did just that much? what am i missing by not doing step 2?

ToZ · 2022-12-19 11:35:49

Skaperen wrote:

i have only ever done step 1 and never did step 2. it has always worked for me when i did just that much? what am i missing by not doing step 2?

Checksum-based launcher trusts are new functionality added in Thunar 4.17.4 (also involving enhancements to exo and libxfce4util). In 4.18, you will need to do both.

Edit: From https://gitlab.xfce.org/xfce/thunar/-/c … ad6ffc08fe:

Only using the executable flag to 'trust' launchers is insecure, because the flag e.g. can be pre-set in archives.
'Trusting' a launcher now will generate a checksum of the launcher and store it via gvfs-metadata.

Last edited by ToZ (2022-12-19 11:37:01)

P2023 · 2023-01-22 01:38:40

ToZ wrote:

f=FILE; gio set -t string $f metadata::xfce-exe-checksum "$(sha256sum $f | awk '{print $1}')"

Thanks for this solution.
If automating, it's worth quoting $f as it fails if it contains spaces or special characters...

f=FILE; gio set -t string "$f" metadata::xfce-exe-checksum "$(sha256sum "$f" | awk '{print $1}')"

ToZ · 2023-01-22 01:58:17

Yes, you are right. Thanks for the catch.

Welcome to the forum.

Maniaxx · 2023-01-22 17:56:42

P2023 wrote:

If automating, it's worth quoting $f as it fails if it contains spaces or special characters...

How do you automate this? I've tried to assemble a one-liner without success in bash with 'find [...] -exec bash -c' but it always fails as the original one-liner has single and double quotes and subshell.

ToZ · 2023-01-22 21:20:41

Using for loop instead of find, this works for me:

for f in ~/Desktop/*.desktop; do chmod +x "$f"; gio set -t string "$f" metadata::xfce-exe-checksum "$(sha256sum "$f" | awk '{print $1}')"; done

Last edited by ToZ (2023-01-22 21:22:27)

Maniaxx · 2023-01-23 13:32:10

Thanks. I've previously tried something similar with 'for f in $(find ...); do ...' that unfortunately broke on whitespaces but globbing is safe indeed.

Xfce Forum

Sub domains

#1 2022-12-16 21:38:57

How to mass-trust .desktop files via shell?

#2 2022-12-16 23:55:04

Re: How to mass-trust .desktop files via shell?

#3 2022-12-17 00:13:50

Re: How to mass-trust .desktop files via shell?

#4 2022-12-19 04:01:25

Re: How to mass-trust .desktop files via shell?

#5 2022-12-19 11:35:49

Re: How to mass-trust .desktop files via shell?

#6 2023-01-22 01:38:40

Re: How to mass-trust .desktop files via shell?

#7 2023-01-22 01:58:17

Re: How to mass-trust .desktop files via shell?

#8 2023-01-22 17:56:42

Re: How to mass-trust .desktop files via shell?

#9 2023-01-22 21:20:41

Re: How to mass-trust .desktop files via shell?

#10 2023-01-23 13:32:10

Re: How to mass-trust .desktop files via shell?

Board footer