How to mass-trust .desktop files via shell?

Maniaxx · 2022-12-16 21:38:57

Hi,
all my .desktop files are untrusted since 4.18. How can i mass-trust them via shell? I do not want to manually set it via appearing gui dialog or file/properties. Icons are not shown when untrusted.

ToZ · 2022-12-16 23:55:04

Two things need to be done to a .desktop file to make it trusted:

it needs to be marked executable:
```
chmod +x FILE
```

it needs to have an xfce-exe-checksum metadata entry created for the file:

f=FILE; gio set -t string $f metadata::xfce-exe-checksum "$(sha256sum $f | awk '{print $1}')"

You can then script something to have that happen iteratively to a series of files.

Maniaxx · 2022-12-17 00:13:50

Thanks, works.
There seems to be a little bug though if the .desktop file is symlinked (to the desktop). Trying to set the symlink 'trusted' via gui or file/properties only sets the symlink (not the actual linked file as well) resulting in gui/thunar still throwing the 'untrusted' warning when invoking.

Skaperen · 2022-12-19 04:01:25

i have only ever done step 1 and never did step 2. it has always worked for me when i did just that much? what am i missing by not doing step 2?

ToZ · 2022-12-19 11:35:49

Skaperen wrote:

i have only ever done step 1 and never did step 2. it has always worked for me when i did just that much? what am i missing by not doing step 2?

Checksum-based launcher trusts are new functionality added in Thunar 4.17.4 (also involving enhancements to exo and libxfce4util). In 4.18, you will need to do both.

Edit: From https://gitlab.xfce.org/xfce/thunar/-/c … ad6ffc08fe:

Only using the executable flag to 'trust' launchers is insecure, because the flag e.g. can be pre-set in archives.
'Trusting' a launcher now will generate a checksum of the launcher and store it via gvfs-metadata.

Last edited by ToZ (2022-12-19 11:37:01)

P2023 · 2023-01-22 01:38:40

ToZ wrote:

f=FILE; gio set -t string $f metadata::xfce-exe-checksum "$(sha256sum $f | awk '{print $1}')"

Thanks for this solution.
If automating, it's worth quoting $f as it fails if it contains spaces or special characters...

f=FILE; gio set -t string "$f" metadata::xfce-exe-checksum "$(sha256sum "$f" | awk '{print $1}')"

ToZ · 2023-01-22 01:58:17

Yes, you are right. Thanks for the catch.

Welcome to the forum.

Maniaxx · 2023-01-22 17:56:42

P2023 wrote:

If automating, it's worth quoting $f as it fails if it contains spaces or special characters...

How do you automate this? I've tried to assemble a one-liner without success in bash with 'find [...] -exec bash -c' but it always fails as the original one-liner has single and double quotes and subshell.

ToZ · 2023-01-22 21:20:41

Using for loop instead of find, this works for me:

for f in ~/Desktop/*.desktop; do chmod +x "$f"; gio set -t string "$f" metadata::xfce-exe-checksum "$(sha256sum "$f" | awk '{print $1}')"; done

Last edited by ToZ (2023-01-22 21:22:27)

Maniaxx · 2023-01-23 13:32:10

Thanks. I've previously tried something similar with 'for f in $(find ...); do ...' that unfortunately broke on whitespaces but globbing is safe indeed.

Lizzie_A · 2023-02-12 11:16:24

ToZ, I use a Raspberry Pi 400 running Manjaro-ARM Xfce. Strit from the Manjaro ARM Team directed me here. I tried your loop

ToZ wrote:

Using for loop instead of find, this works for me:

for f in ~/Desktop/*.desktop; do chmod +x "$f"; gio set -t string "$f" metadata::xfce-exe-checksum "$(sha256sum "$f" | awk '{print $1}')"; done

and it returned the following:

chmod: changing permissions of '/home/pi/Desktop/libreoffice-base.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-calc.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-draw.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-impress.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-math.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-writer.desktop': Operation not permitted

The Permissions tab in Properties is still grey, showing Owner as Root, and the Program section still has "Allow this file to run as program" still left unchecked. Both entries in the Security section of the Launcher tab ARE checked. When I click on the icon It still says it is untrusted. The icons on the desktop still have the lock and arrow icons over them. What do do now? Am I missing anything?

Last edited by Lizzie_A (2023-02-12 11:55:01)

ToZ · 2023-02-12 12:14:35

The icons on your Desktop should be owned by your user (pi) not root. You must have copied them over as root. Just mass change ownership to your account then try again.

Lizzie_A · 2023-02-12 23:13:05

ZoT, I looked it up and I am the owner for the folder Desktop. Also other .desktop files (VLC, Audacious, and gPodder) all list me as the owner for some reason only the Libra Office .desktop files won´t let me be the owner. I did everything i found here: https://forum.manjaro.org/t/change-owne … der/110065

By the way, I installed Libre Office fresh

Last edited by Lizzie_A (2023-02-12 23:47:59)

ToZ · 2023-02-13 02:13:44

What does the following return:

 ls -l ~/Desktop

Lizzie_A · 2023-02-13 10:12:28

ToZ wrote:

What does the following return:
 ls -l ~/Desktop

total 32
-rwxr-xr-x 1 pi pi  4103 Sep 10 18:38 audacious.desktop
-rwxr-xr-x 1 pi pi  4720 Aug  3  2022 gpodder.desktop
lrwxrwxrwx 1 pi pi    43 Feb 12 18:13 libreoffice-base.desktop -> /usr/lib/libreoffice/share/xdg/base.desktop
lrwxrwxrwx 1 pi pi    43 Feb 12 18:14 libreoffice-calc.desktop -> /usr/lib/libreoffice/share/xdg/calc.desktop
lrwxrwxrwx 1 pi pi    43 Feb 12 18:14 libreoffice-draw.desktop -> /usr/lib/libreoffice/share/xdg/draw.desktop
lrwxrwxrwx 1 pi pi    46 Feb 12 18:14 libreoffice-impress.desktop -> /usr/lib/libreoffice/share/xdg/impress.desktop
lrwxrwxrwx 1 pi pi    43 Feb 12 18:14 libreoffice-math.desktop -> /usr/lib/libreoffice/share/xdg/math.desktop
lrwxrwxrwx 1 pi pi    45 Feb 12 18:14 libreoffice-writer.desktop -> /usr/lib/libreoffice/share/xdg/writer.desktop
-rwxr-xr-x 1 pi pi 14904 Jan  4 07:11 vlc.desktop

ToZ · 2023-02-13 11:56:50

Oh, they're links to the original files in /usr/share/applications. What version of thunar are you running?

thunar -V

This issue was fixed in thunar 4.17.12 (See: https://gitlab.xfce.org/xfce/thunar/-/issues/944).

If you are using an older version of thunar and can't upgrade, you can always copy the files instead of linking them. Then the script above will work.

Lizzie_A · 2023-02-13 19:20:38

Here is my current version of

Thunar thunar 4.18.2 (Xfce 4.18)

I just reinstalled Manjaro-ARM Xfce on my Raspberry Pi

Last edited by Lizzie_A (2023-02-13 19:22:48)

ToZ · 2023-02-13 20:11:16

Did you try coping the desktop files as opposed to linking them?

Lizzie_A · 2023-02-13 20:38:52

I copies the Libra Office from /usr/share/applications/ over to the Desktop folder and then ran the loop command you created and here is the result

chmod: changing permissions of '/home/pi/Desktop/libreoffice-base.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-calc.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-draw.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-impress.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-math.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-writer.desktop': Operation not permitted

In propertied under the Launcher tap in the security section both things to check ar checked and still gray. Everything inthe Permissions tab is still grey and showing owner as root.

Last edited by Lizzie_A (2023-02-13 20:44:39)

ToZ · 2023-02-13 22:44:26

Post back:

ls -l ~/Desktop

Lizzie_A · 2023-02-13 23:19:45

ToZ wrote:

Post back:
ls -l ~/Desktop

Here is the results:

lrwxrwxrwx 1 pi pi 43 Feb 13 15:27 libreoffice-base.desktop -> /usr/lib/libreoffice/share/xdg/base.desktop
lrwxrwxrwx 1 pi pi 43 Feb 13 15:27 libreoffice-calc.desktop -> /usr/lib/libreoffice/share/xdg/calc.desktop
lrwxrwxrwx 1 pi pi 43 Feb 13 15:27 libreoffice-draw.desktop -> /usr/lib/libreoffice/share/xdg/draw.desktop
lrwxrwxrwx 1 pi pi 46 Feb 13 15:28 libreoffice-impress.desktop -> /usr/lib/libreoffice/share/xdg/impress.desktop
lrwxrwxrwx 1 pi pi 43 Feb 13 15:28 libreoffice-math.desktop -> /usr/lib/libreoffice/share/xdg/math.desktop
lrwxrwxrwx 1 pi pi 45 Feb 13 15:28 libreoffice-writer.desktop -> /usr/lib/libreoffice/share/xdg/writer.desktop

ToZ · 2023-02-14 00:26:26

They are still links. You need to first delete those files:

rm $HOME/Desktop/libreoffice*

...then copy over the same files from /usr/share/applications:

cp /usr/share/applications/libreoffice* $HOME/Desktop

Then the script should work.

Lizzie_A · 2023-02-14 00:42:53

That did it!! once they were truly copied on the the desktop folder they didn´t have the lock icon and the arrow icon. In properties, the Permissions tab shows everything normal (not grey) and owner as me. I also ran you script in the terminal and no response was returned.

The first time I opened the Whisker Menu and went to the office section right clicked on each of the apps and the clicked on Add to Desktop. In the passed it had worked and not had them locked until this time. Thank you for the help.

[SOLVED]

Last edited by Lizzie_A (2023-02-14 01:21:16)

jprofesorek · 2023-10-02 09:56:15

Argh. I've stumbled upon a "corner" case where this `checksum-based launcher trusts` causes mass havoc and so far I see no way out, if you see a way to deal with it – can you please help me out?

The scenario is as follows:
* university computers
* there is an external user database (ldap)
* students log into xfce session started on virtual machines (each TA is free to a craft machine image for their course, the image is auto-fetched and started upon selecting it from a list by a student)
* local accounts are created once a student successfully authenticates
* /etc/skel gets copied to /home/<username>, including some '.desktop' files
* (unrelated to this problem: network share for data gets mounted at /home/<username>/data; this way regularly-backed up NFS shares have only data explicitly put there, rather than a shitload of temporary/cache/etc. files)
* a student clicks on any '.desktop' file on the Desktop
* the student gets a confusing message sad

Until a sane solution emerges, desktop was added to XDG_DATA_DIRS; this is clearly a wrong solution, but at least it banishes the confusing message.

Tl;dr: when a new user account is created the '.desktop' file copied from /etc/skel to Desktop are not trusted.
How to workaround this?

ToZ · 2023-10-02 11:50:30

How about creating a small script and creating an /etc/xdg/autostart entry to execute it, that checks and sets the permissions if they are not set? Something like:

#!/bin/bash

for f in ~/Desktop/*.desktop
do
   if ! gio info "$f" | grep metadata::xfce-exe-checksum > /dev/null 2>&1; then
      chmod +x "$f"
      gio set -t string "$f" metadata::xfce-exe-checksum "$(sha256sum "$f" | awk '{print $1}')"
   fi
done
exit 0

...and the desktop file:

[Desktop Entry]
Encoding=UTF-8
Version=0.9.4
Type=Application
Name=Desktop Icon Permissions
Comment=Sets desktop icon permissions to allow execution
Exec=/usr/local/bin/desktop-perms.sh
OnlyShowIn=XFCE;
RunHook=0
StartupNotify=false
Terminal=false
Hidden=false

Xfce Forum

Sub domains

#1 2022-12-16 21:38:57

How to mass-trust .desktop files via shell?

#2 2022-12-16 23:55:04

Re: How to mass-trust .desktop files via shell?

#3 2022-12-17 00:13:50

Re: How to mass-trust .desktop files via shell?

#4 2022-12-19 04:01:25

Re: How to mass-trust .desktop files via shell?

#5 2022-12-19 11:35:49

Re: How to mass-trust .desktop files via shell?

#6 2023-01-22 01:38:40

Re: How to mass-trust .desktop files via shell?

#7 2023-01-22 01:58:17

Re: How to mass-trust .desktop files via shell?

#8 2023-01-22 17:56:42

Re: How to mass-trust .desktop files via shell?

#9 2023-01-22 21:20:41

Re: How to mass-trust .desktop files via shell?

#10 2023-01-23 13:32:10

Re: How to mass-trust .desktop files via shell?

#11 2023-02-12 11:16:24

Re: How to mass-trust .desktop files via shell?

#12 2023-02-12 12:14:35

Re: How to mass-trust .desktop files via shell?

#13 2023-02-12 23:13:05

Re: How to mass-trust .desktop files via shell?

#14 2023-02-13 02:13:44

Re: How to mass-trust .desktop files via shell?

#15 2023-02-13 10:12:28

Re: How to mass-trust .desktop files via shell?

#16 2023-02-13 11:56:50

Re: How to mass-trust .desktop files via shell?

#17 2023-02-13 19:20:38

Re: How to mass-trust .desktop files via shell?

#18 2023-02-13 20:11:16

Re: How to mass-trust .desktop files via shell?

#19 2023-02-13 20:38:52

Re: How to mass-trust .desktop files via shell?

#20 2023-02-13 22:44:26

Re: How to mass-trust .desktop files via shell?

#21 2023-02-13 23:19:45

Re: How to mass-trust .desktop files via shell?

#22 2023-02-14 00:26:26

Re: How to mass-trust .desktop files via shell?

#23 2023-02-14 00:42:53

Re: How to mass-trust .desktop files via shell?

#24 2023-10-02 09:56:15

Re: How to mass-trust .desktop files via shell?

#25 2023-10-02 11:50:30

Re: How to mass-trust .desktop files via shell?

Board footer