Xfce Forum

Sub domains
 

You are not logged in.

#1 2022-12-16 21:38:57

Maniaxx
Member
Registered: 2019-07-16
Posts: 8

How to mass-trust .desktop files via shell?

Hi,
all my .desktop files are untrusted since 4.18. How can i mass-trust them via shell? I do not want to manually set it via appearing gui dialog or file/properties. Icons are not shown when untrusted.

Offline

#2 2022-12-16 23:55:04

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 11,440

Re: How to mass-trust .desktop files via shell?

Two things need to be done to a .desktop file to make it trusted:

  1. it needs to be marked executable:

    chmod +x FILE
  2. it needs to have an xfce-exe-checksum metadata entry created for the file:

    f=FILE; gio set -t string $f metadata::xfce-exe-checksum "$(sha256sum $f | awk '{print $1}')"

You can then script something to have that happen iteratively to a series of files.


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#3 2022-12-17 00:13:50

Maniaxx
Member
Registered: 2019-07-16
Posts: 8

Re: How to mass-trust .desktop files via shell?

Thanks, works.
There seems to be a little bug though if the .desktop file is symlinked (to the desktop). Trying to set the symlink 'trusted' via gui or file/properties only sets the symlink (not the actual linked file as well) resulting in gui/thunar still throwing the 'untrusted' warning when invoking.

Offline

#4 2022-12-19 04:01:25

Skaperen
Member
From: right by Jesus, our Saviour
Registered: 2013-06-15
Posts: 862

Re: How to mass-trust .desktop files via shell?

i have only ever done step 1 and never did step 2.  it has always worked for me when i did just that much?  what am i missing by not doing step 2?

Offline

#5 2022-12-19 11:35:49

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 11,440

Re: How to mass-trust .desktop files via shell?

Skaperen wrote:

i have only ever done step 1 and never did step 2.  it has always worked for me when i did just that much?  what am i missing by not doing step 2?

Checksum-based launcher trusts are new functionality added in Thunar 4.17.4 (also involving enhancements to exo and libxfce4util). In 4.18, you will need to do both.

Edit: From https://gitlab.xfce.org/xfce/thunar/-/c … ad6ffc08fe:

Only using the executable flag to 'trust' launchers is insecure, because the flag e.g. can be pre-set in archives.
'Trusting' a launcher now will generate a checksum of the launcher and  store it via gvfs-metadata.

Last edited by ToZ (2022-12-19 11:37:01)


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#6 2023-01-22 01:38:40

P2023
Member
Registered: 2023-01-22
Posts: 1

Re: How to mass-trust .desktop files via shell?

ToZ wrote:
f=FILE; gio set -t string $f metadata::xfce-exe-checksum "$(sha256sum $f | awk '{print $1}')"

Thanks for this solution.
If automating, it's worth quoting $f as it fails if it contains spaces or special characters...

f=FILE; gio set -t string "$f" metadata::xfce-exe-checksum "$(sha256sum "$f" | awk '{print $1}')"

Offline

#7 2023-01-22 01:58:17

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 11,440

Re: How to mass-trust .desktop files via shell?

Yes, you are right. Thanks for the catch.

Welcome to the forum.


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#8 2023-01-22 17:56:42

Maniaxx
Member
Registered: 2019-07-16
Posts: 8

Re: How to mass-trust .desktop files via shell?

P2023 wrote:

If automating, it's worth quoting $f as it fails if it contains spaces or special characters...

How do you automate this? I've tried to assemble a one-liner without success in bash with 'find [...] -exec bash -c' but it always fails as the original one-liner has single and double quotes and subshell.

Offline

#9 2023-01-22 21:20:41

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 11,440

Re: How to mass-trust .desktop files via shell?

Using for loop instead of find, this works for me:

for f in ~/Desktop/*.desktop; do chmod +x "$f"; gio set -t string "$f" metadata::xfce-exe-checksum "$(sha256sum "$f" | awk '{print $1}')"; done

Last edited by ToZ (2023-01-22 21:22:27)


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#10 2023-01-23 13:32:10

Maniaxx
Member
Registered: 2019-07-16
Posts: 8

Re: How to mass-trust .desktop files via shell?

Thanks. I've previously tried something similar with 'for f in $(find ...); do ...' that unfortunately broke on whitespaces but globbing is safe indeed.

Offline

#11 2023-02-12 11:16:24

Lizzie_A
Member
Registered: 2023-02-12
Posts: 7

Re: How to mass-trust .desktop files via shell?

ToZ, I use a Raspberry Pi 400 running Manjaro-ARM Xfce. Strit from the Manjaro ARM Team directed me here. I tried your loop

ToZ wrote:

Using for loop instead of find, this works for me:

for f in ~/Desktop/*.desktop; do chmod +x "$f"; gio set -t string "$f" metadata::xfce-exe-checksum "$(sha256sum "$f" | awk '{print $1}')"; done

and it returned the following:

chmod: changing permissions of '/home/pi/Desktop/libreoffice-base.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-calc.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-draw.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-impress.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-math.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-writer.desktop': Operation not permitted

The Permissions tab in Properties is still grey, showing Owner as Root, and the Program section still has "Allow this file to run as program" still left unchecked. Both entries in the Security section of the Launcher tab ARE checked. When I click on the icon It still says it is untrusted. The icons on the desktop still have the lock and arrow icons over them. What do do now? Am I missing anything?

Last edited by Lizzie_A (2023-02-12 11:55:01)

Offline

#12 2023-02-12 12:14:35

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 11,440

Re: How to mass-trust .desktop files via shell?

The icons on your Desktop should be owned by your user (pi) not root. You must have copied them over as root. Just mass change ownership to your account then try again.


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#13 2023-02-12 23:13:05

Lizzie_A
Member
Registered: 2023-02-12
Posts: 7

Re: How to mass-trust .desktop files via shell?

ZoT, I looked it up and I am the owner for the folder Desktop. Also other .desktop files (VLC, Audacious, and gPodder) all list me as the owner for some reason only the Libra Office .desktop files won´t let me be the owner. I did everything i found here: https://forum.manjaro.org/t/change-owne … der/110065

By the way, I installed Libre Office fresh

Last edited by Lizzie_A (2023-02-12 23:47:59)

Offline

#14 2023-02-13 02:13:44

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 11,440

Re: How to mass-trust .desktop files via shell?

What does the following return:

 ls -l ~/Desktop

Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#15 2023-02-13 10:12:28

Lizzie_A
Member
Registered: 2023-02-12
Posts: 7

Re: How to mass-trust .desktop files via shell?

ToZ wrote:

What does the following return:

 ls -l ~/Desktop
total 32
-rwxr-xr-x 1 pi pi  4103 Sep 10 18:38 audacious.desktop
-rwxr-xr-x 1 pi pi  4720 Aug  3  2022 gpodder.desktop
lrwxrwxrwx 1 pi pi    43 Feb 12 18:13 libreoffice-base.desktop -> /usr/lib/libreoffice/share/xdg/base.desktop
lrwxrwxrwx 1 pi pi    43 Feb 12 18:14 libreoffice-calc.desktop -> /usr/lib/libreoffice/share/xdg/calc.desktop
lrwxrwxrwx 1 pi pi    43 Feb 12 18:14 libreoffice-draw.desktop -> /usr/lib/libreoffice/share/xdg/draw.desktop
lrwxrwxrwx 1 pi pi    46 Feb 12 18:14 libreoffice-impress.desktop -> /usr/lib/libreoffice/share/xdg/impress.desktop
lrwxrwxrwx 1 pi pi    43 Feb 12 18:14 libreoffice-math.desktop -> /usr/lib/libreoffice/share/xdg/math.desktop
lrwxrwxrwx 1 pi pi    45 Feb 12 18:14 libreoffice-writer.desktop -> /usr/lib/libreoffice/share/xdg/writer.desktop
-rwxr-xr-x 1 pi pi 14904 Jan  4 07:11 vlc.desktop

Offline

#16 2023-02-13 11:56:50

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 11,440

Re: How to mass-trust .desktop files via shell?

Oh, they're links to the original files in /usr/share/applications. What version of thunar are you running?

thunar -V

This issue was fixed in thunar 4.17.12 (See: https://gitlab.xfce.org/xfce/thunar/-/issues/944).

If you are using an older version of thunar and can't upgrade, you can always copy the files instead of linking them. Then the script above will work.


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#17 2023-02-13 19:20:38

Lizzie_A
Member
Registered: 2023-02-12
Posts: 7

Re: How to mass-trust .desktop files via shell?

Here is my current version of

Thunar thunar 4.18.2 (Xfce 4.18)

I just reinstalled Manjaro-ARM Xfce on my Raspberry Pi

Last edited by Lizzie_A (2023-02-13 19:22:48)

Offline

#18 2023-02-13 20:11:16

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 11,440

Re: How to mass-trust .desktop files via shell?

Did you try coping the desktop files as opposed to linking them?


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#19 2023-02-13 20:38:52

Lizzie_A
Member
Registered: 2023-02-12
Posts: 7

Re: How to mass-trust .desktop files via shell?

I copies the Libra Office from /usr/share/applications/ over to the Desktop folder and then ran the loop command you created and here is the result

chmod: changing permissions of '/home/pi/Desktop/libreoffice-base.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-calc.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-draw.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-impress.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-math.desktop': Operation not permitted
chmod: changing permissions of '/home/pi/Desktop/libreoffice-writer.desktop': Operation not permitted

In propertied under the Launcher tap in the security section both things to check ar checked and still gray. Everything inthe Permissions tab is still grey and showing owner as root.

Last edited by Lizzie_A (2023-02-13 20:44:39)

Offline

#20 2023-02-13 22:44:26

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 11,440

Re: How to mass-trust .desktop files via shell?

Post back:

ls -l ~/Desktop

Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#21 2023-02-13 23:19:45

Lizzie_A
Member
Registered: 2023-02-12
Posts: 7

Re: How to mass-trust .desktop files via shell?

ToZ wrote:

Post back:

ls -l ~/Desktop

Here is the results:

lrwxrwxrwx 1 pi pi 43 Feb 13 15:27 libreoffice-base.desktop -> /usr/lib/libreoffice/share/xdg/base.desktop
lrwxrwxrwx 1 pi pi 43 Feb 13 15:27 libreoffice-calc.desktop -> /usr/lib/libreoffice/share/xdg/calc.desktop
lrwxrwxrwx 1 pi pi 43 Feb 13 15:27 libreoffice-draw.desktop -> /usr/lib/libreoffice/share/xdg/draw.desktop
lrwxrwxrwx 1 pi pi 46 Feb 13 15:28 libreoffice-impress.desktop -> /usr/lib/libreoffice/share/xdg/impress.desktop
lrwxrwxrwx 1 pi pi 43 Feb 13 15:28 libreoffice-math.desktop -> /usr/lib/libreoffice/share/xdg/math.desktop
lrwxrwxrwx 1 pi pi 45 Feb 13 15:28 libreoffice-writer.desktop -> /usr/lib/libreoffice/share/xdg/writer.desktop

Offline

#22 2023-02-14 00:26:26

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 11,440

Re: How to mass-trust .desktop files via shell?

They are still links. You need to first delete those files:

rm $HOME/Desktop/libreoffice*

...then copy over the same files from /usr/share/applications:

cp /usr/share/applications/libreoffice* $HOME/Desktop

Then the script should work.


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#23 2023-02-14 00:42:53

Lizzie_A
Member
Registered: 2023-02-12
Posts: 7

Re: How to mass-trust .desktop files via shell?

That did it!! once they were truly copied on the the desktop folder they didn´t have the lock icon and the arrow icon. In properties, the Permissions tab shows everything  normal (not grey) and owner as me. I also ran you script in the terminal and no response was returned.

The first time I opened the Whisker Menu and went to the office section right clicked on each of the apps and the clicked on Add to Desktop. In the passed it had worked and not had them locked until this time. Thank you for the help.

[SOLVED]

Last edited by Lizzie_A (2023-02-14 01:21:16)

Offline

#24 2023-10-02 09:56:15

jprofesorek
Member
Registered: 2023-10-02
Posts: 3

Re: How to mass-trust .desktop files via shell?

Argh. I've stumbled upon a "corner" case where this `checksum-based launcher trusts` causes mass havoc and so far I see no way out, if you see a way to deal with it – can you please help me out?

The scenario is as follows:
  * university computers
  * there is an external user database (ldap)
  * students log into xfce session started on virtual machines (each TA is free to a craft machine image for their course, the image is auto-fetched and started upon selecting it from a list by a student)
  * local accounts are created once a student successfully authenticates
  * /etc/skel gets copied to /home/<username>, including some '.desktop' files
  * (unrelated to this problem: network share for data gets mounted at /home/<username>/data; this way regularly-backed up NFS shares have only data explicitly put there, rather than a shitload of temporary/cache/etc. files)
  * a student clicks on any '.desktop' file on the Desktop
  * the student gets a confusing message sad

Until a sane solution emerges, desktop was added to XDG_DATA_DIRS; this is clearly a wrong solution, but at least it banishes the confusing message.

Tl;dr: when a new user account is created the '.desktop' file copied from /etc/skel to Desktop are not trusted.
How to workaround this?

Offline

#25 2023-10-02 11:50:30

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 11,440

Re: How to mass-trust .desktop files via shell?

How about creating a small script and creating an /etc/xdg/autostart entry to execute it, that checks and sets the permissions if they are not set? Something like:

#!/bin/bash

for f in ~/Desktop/*.desktop
do
   if ! gio info "$f" | grep metadata::xfce-exe-checksum > /dev/null 2>&1; then
      chmod +x "$f"
      gio set -t string "$f" metadata::xfce-exe-checksum "$(sha256sum "$f" | awk '{print $1}')"
   fi
done
exit 0

...and the desktop file:

[Desktop Entry]
Encoding=UTF-8
Version=0.9.4
Type=Application
Name=Desktop Icon Permissions
Comment=Sets desktop icon permissions to allow execution
Exec=/usr/local/bin/desktop-perms.sh
OnlyShowIn=XFCE;
RunHook=0
StartupNotify=false
Terminal=false
Hidden=false

Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

Registered users online in this topic: 0, guests: 1
[Bot] CCBot

Board footer

Powered by FluxBB
Modified by Visman

[ Generated in 0.018 seconds, 9 queries executed - Memory usage: 655.25 KiB (Peak: 688.09 KiB) ]