You are not logged in.
Hi,
all my .desktop files are untrusted since 4.18. How can i mass-trust them via shell? I do not want to manually set it via appearing gui dialog or file/properties. Icons are not shown when untrusted.
Offline
Two things need to be done to a .desktop file to make it trusted:
it needs to be marked executable:
chmod +x FILE
it needs to have an xfce-exe-checksum metadata entry created for the file:
f=FILE; gio set -t string $f metadata::xfce-exe-checksum "$(sha256sum $f | awk '{print $1}')"
You can then script something to have that happen iteratively to a series of files.
Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki | Community | Contribute ---
Offline
Thanks, works.
There seems to be a little bug though if the .desktop file is symlinked (to the desktop). Trying to set the symlink 'trusted' via gui or file/properties only sets the symlink (not the actual linked file as well) resulting in gui/thunar still throwing the 'untrusted' warning when invoking.
Offline
i have only ever done step 1 and never did step 2. it has always worked for me when i did just that much? what am i missing by not doing step 2?
Offline
i have only ever done step 1 and never did step 2. it has always worked for me when i did just that much? what am i missing by not doing step 2?
Checksum-based launcher trusts are new functionality added in Thunar 4.17.4 (also involving enhancements to exo and libxfce4util). In 4.18, you will need to do both.
Edit: From https://gitlab.xfce.org/xfce/thunar/-/c … ad6ffc08fe:
Only using the executable flag to 'trust' launchers is insecure, because the flag e.g. can be pre-set in archives.
'Trusting' a launcher now will generate a checksum of the launcher and store it via gvfs-metadata.
Last edited by ToZ (2022-12-19 11:37:01)
Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki | Community | Contribute ---
Offline
f=FILE; gio set -t string $f metadata::xfce-exe-checksum "$(sha256sum $f | awk '{print $1}')"
Thanks for this solution.
If automating, it's worth quoting $f as it fails if it contains spaces or special characters...
f=FILE; gio set -t string "$f" metadata::xfce-exe-checksum "$(sha256sum "$f" | awk '{print $1}')"
Offline
Yes, you are right. Thanks for the catch.
Welcome to the forum.
Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki | Community | Contribute ---
Offline
If automating, it's worth quoting $f as it fails if it contains spaces or special characters...
How do you automate this? I've tried to assemble a one-liner without success in bash with 'find [...] -exec bash -c' but it always fails as the original one-liner has single and double quotes and subshell.
Offline
Using for loop instead of find, this works for me:
for f in ~/Desktop/*.desktop; do chmod +x "$f"; gio set -t string "$f" metadata::xfce-exe-checksum "$(sha256sum "$f" | awk '{print $1}')"; done
Last edited by ToZ (2023-01-22 21:22:27)
Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki | Community | Contribute ---
Offline
Thanks. I've previously tried something similar with 'for f in $(find ...); do ...' that unfortunately broke on whitespaces but globbing is safe indeed.
Offline
ToZ, I use a Raspberry Pi 400 running Manjaro-ARM Xfce. Strit from the Manjaro ARM Team directed me here. I tried your loop
Using for loop instead of find, this works for me:
for f in ~/Desktop/*.desktop; do chmod +x "$f"; gio set -t string "$f" metadata::xfce-exe-checksum "$(sha256sum "$f" | awk '{print $1}')"; done
and it returned the following:
chmod: changing permissions of '/home/pi/Desktop/libreoffice-base.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-calc.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-draw.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-impress.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-math.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-writer.desktop': Operation not permitted
The Permissions tab in Properties is still grey, showing Owner as Root, and the Program section still has "Allow this file to run as program" still left unchecked. Both entries in the Security section of the Launcher tab ARE checked. When I click on the icon It still says it is untrusted. The icons on the desktop still have the lock and arrow icons over them. What do do now? Am I missing anything?
Last edited by Lizzie_A (2023-02-12 11:55:01)
Offline
The icons on your Desktop should be owned by your user (pi) not root. You must have copied them over as root. Just mass change ownership to your account then try again.
Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki | Community | Contribute ---
Offline
ZoT, I looked it up and I am the owner for the folder Desktop. Also other .desktop files (VLC, Audacious, and gPodder) all list me as the owner for some reason only the Libra Office .desktop files won´t let me be the owner. I did everything i found here: https://forum.manjaro.org/t/change-owne … der/110065
By the way, I installed Libre Office fresh
Last edited by Lizzie_A (2023-02-12 23:47:59)
Offline
What does the following return:
ls -l ~/Desktop
Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki | Community | Contribute ---
Offline
What does the following return:
ls -l ~/Desktop
total 32
-rwxr-xr-x 1 pi pi 4103 Sep 10 18:38 audacious.desktop
-rwxr-xr-x 1 pi pi 4720 Aug 3 2022 gpodder.desktop
lrwxrwxrwx 1 pi pi 43 Feb 12 18:13 libreoffice-base.desktop -> /usr/lib/libreoffice/share/xdg/base.desktop
lrwxrwxrwx 1 pi pi 43 Feb 12 18:14 libreoffice-calc.desktop -> /usr/lib/libreoffice/share/xdg/calc.desktop
lrwxrwxrwx 1 pi pi 43 Feb 12 18:14 libreoffice-draw.desktop -> /usr/lib/libreoffice/share/xdg/draw.desktop
lrwxrwxrwx 1 pi pi 46 Feb 12 18:14 libreoffice-impress.desktop -> /usr/lib/libreoffice/share/xdg/impress.desktop
lrwxrwxrwx 1 pi pi 43 Feb 12 18:14 libreoffice-math.desktop -> /usr/lib/libreoffice/share/xdg/math.desktop
lrwxrwxrwx 1 pi pi 45 Feb 12 18:14 libreoffice-writer.desktop -> /usr/lib/libreoffice/share/xdg/writer.desktop
-rwxr-xr-x 1 pi pi 14904 Jan 4 07:11 vlc.desktop
Offline
Oh, they're links to the original files in /usr/share/applications. What version of thunar are you running?
thunar -V
This issue was fixed in thunar 4.17.12 (See: https://gitlab.xfce.org/xfce/thunar/-/issues/944).
If you are using an older version of thunar and can't upgrade, you can always copy the files instead of linking them. Then the script above will work.
Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki | Community | Contribute ---
Offline
Here is my current version of
Thunar thunar 4.18.2 (Xfce 4.18)
I just reinstalled Manjaro-ARM Xfce on my Raspberry Pi
Last edited by Lizzie_A (2023-02-13 19:22:48)
Offline
Did you try coping the desktop files as opposed to linking them?
Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki | Community | Contribute ---
Offline
I copies the Libra Office from /usr/share/applications/ over to the Desktop folder and then ran the loop command you created and here is the result
chmod: changing permissions of '/home/pi/Desktop/libreoffice-base.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-calc.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-draw.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-impress.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-math.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-writer.desktop': Operation not permitted
In propertied under the Launcher tap in the security section both things to check ar checked and still gray. Everything inthe Permissions tab is still grey and showing owner as root.
Last edited by Lizzie_A (2023-02-13 20:44:39)
Offline
Post back:
ls -l ~/Desktop
Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki | Community | Contribute ---
Offline
Post back:
ls -l ~/Desktop
Here is the results:
lrwxrwxrwx 1 pi pi 43 Feb 13 15:27 libreoffice-base.desktop -> /usr/lib/libreoffice/share/xdg/base.desktop
lrwxrwxrwx 1 pi pi 43 Feb 13 15:27 libreoffice-calc.desktop -> /usr/lib/libreoffice/share/xdg/calc.desktop
lrwxrwxrwx 1 pi pi 43 Feb 13 15:27 libreoffice-draw.desktop -> /usr/lib/libreoffice/share/xdg/draw.desktop
lrwxrwxrwx 1 pi pi 46 Feb 13 15:28 libreoffice-impress.desktop -> /usr/lib/libreoffice/share/xdg/impress.desktop
lrwxrwxrwx 1 pi pi 43 Feb 13 15:28 libreoffice-math.desktop -> /usr/lib/libreoffice/share/xdg/math.desktop
lrwxrwxrwx 1 pi pi 45 Feb 13 15:28 libreoffice-writer.desktop -> /usr/lib/libreoffice/share/xdg/writer.desktop
Offline
They are still links. You need to first delete those files:
rm $HOME/Desktop/libreoffice*
...then copy over the same files from /usr/share/applications:
cp /usr/share/applications/libreoffice* $HOME/Desktop
Then the script should work.
Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki | Community | Contribute ---
Offline
That did it!! once they were truly copied on the the desktop folder they didn´t have the lock icon and the arrow icon. In properties, the Permissions tab shows everything normal (not grey) and owner as me. I also ran you script in the terminal and no response was returned.
The first time I opened the Whisker Menu and went to the office section right clicked on each of the apps and the clicked on Add to Desktop. In the passed it had worked and not had them locked until this time. Thank you for the help.
[SOLVED]
Last edited by Lizzie_A (2023-02-14 01:21:16)
Offline
Argh. I've stumbled upon a "corner" case where this `checksum-based launcher trusts` causes mass havoc and so far I see no way out, if you see a way to deal with it – can you please help me out?
The scenario is as follows:
* university computers
* there is an external user database (ldap)
* students log into xfce session started on virtual machines (each TA is free to a craft machine image for their course, the image is auto-fetched and started upon selecting it from a list by a student)
* local accounts are created once a student successfully authenticates
* /etc/skel gets copied to /home/<username>, including some '.desktop' files
* (unrelated to this problem: network share for data gets mounted at /home/<username>/data; this way regularly-backed up NFS shares have only data explicitly put there, rather than a shitload of temporary/cache/etc. files)
* a student clicks on any '.desktop' file on the Desktop
* the student gets a confusing message
Until a sane solution emerges, desktop was added to XDG_DATA_DIRS; this is clearly a wrong solution, but at least it banishes the confusing message.
Tl;dr: when a new user account is created the '.desktop' file copied from /etc/skel to Desktop are not trusted.
How to workaround this?
Offline
How about creating a small script and creating an /etc/xdg/autostart entry to execute it, that checks and sets the permissions if they are not set? Something like:
#!/bin/bash
for f in ~/Desktop/*.desktop
do
if ! gio info "$f" | grep metadata::xfce-exe-checksum > /dev/null 2>&1; then
chmod +x "$f"
gio set -t string "$f" metadata::xfce-exe-checksum "$(sha256sum "$f" | awk '{print $1}')"
fi
done
exit 0
...and the desktop file:
[Desktop Entry]
Encoding=UTF-8
Version=0.9.4
Type=Application
Name=Desktop Icon Permissions
Comment=Sets desktop icon permissions to allow execution
Exec=/usr/local/bin/desktop-perms.sh
OnlyShowIn=XFCE;
RunHook=0
StartupNotify=false
Terminal=false
Hidden=false
Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki | Community | Contribute ---
Offline
[ Generated in 0.018 seconds, 9 queries executed - Memory usage: 655.25 KiB (Peak: 688.09 KiB) ]