[gnome-software] Do not allow plugins to the origin title in the UI
- From: Richard Hughes <rhughes src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-software] Do not allow plugins to the origin title in the UI
- Date: Tue, 2 May 2017 07:27:08 +0000 (UTC)
commit 2ae02bf03baf5933c0a73a7c53bc0c54baf7fd3b
Author: Richard Hughes <richard hughsie com>
Date: Fri Apr 28 17:11:56 2017 +0100
Do not allow plugins to the origin title in the UI
This can easily be spoofed with a malicious flatpakrepo or distro repo file.
Fixes: https://bugzilla.gnome.org/show_bug.cgi?id=781895
contrib/gnome-software.spec.in | 1 -
doc/api/gnome-software-docs.xml | 2 +-
lib/gs-app.c | 39 ------
lib/gs-app.h | 3 -
plugins/dummy/gs-plugin-dummy.c | 2 -
.../gs-plugin-fedora-distro-upgrades.c | 2 -
plugins/flatpak/gs-flatpak.c | 55 --------
plugins/fwupd/gs-plugin-fwupd.c | 1 -
plugins/odrs/gs-plugin-odrs.c | 1 -
plugins/packagekit/gs-plugin-packagekit-origin.c | 145 --------------------
plugins/packagekit/meson.build | 16 --
.../shell-extensions/gs-plugin-shell-extensions.c | 1 -
plugins/snap/gs-plugin-snap.c | 4 -
src/gs-details-page.c | 10 +-
src/gs-shell.c | 25 +---
15 files changed, 12 insertions(+), 295 deletions(-)
---
diff --git a/contrib/gnome-software.spec.in b/contrib/gnome-software.spec.in
index 5540742..ab82d24 100644
--- a/contrib/gnome-software.spec.in
+++ b/contrib/gnome-software.spec.in
@@ -179,7 +179,6 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%{_libdir}/gs-plugins-%{gs_plugin_version}/libgs_plugin_packagekit-history.so
%{_libdir}/gs-plugins-%{gs_plugin_version}/libgs_plugin_packagekit-local.so
%{_libdir}/gs-plugins-%{gs_plugin_version}/libgs_plugin_packagekit-offline.so
-%{_libdir}/gs-plugins-%{gs_plugin_version}/libgs_plugin_packagekit-origin.so
%{_libdir}/gs-plugins-%{gs_plugin_version}/libgs_plugin_packagekit-proxy.so
%{_libdir}/gs-plugins-%{gs_plugin_version}/libgs_plugin_packagekit-refine.so
%{_libdir}/gs-plugins-%{gs_plugin_version}/libgs_plugin_packagekit-refresh.so
diff --git a/doc/api/gnome-software-docs.xml b/doc/api/gnome-software-docs.xml
index d3a171b..4ba30be 100644
--- a/doc/api/gnome-software-docs.xml
+++ b/doc/api/gnome-software-docs.xml
@@ -215,7 +215,7 @@ gs_plugin_add_installed (GsPlugin *plugin,
gs_app_set_version (app, "1.2.3");
gs_app_set_size_installed (app, 2 * 1024 * 1024);
gs_app_set_size_download (app, 3 * 1024 * 1024);
- gs_app_set_origin_ui (app, "The example plugin");
+ gs_app_set_origin_hostname (app, "http://www.teaching-example.org/";);
gs_app_add_category (app, "Game");
gs_app_add_category (app, "ActionGame");
gs_app_add_kudo (app, GS_APP_KUDO_INSTALLS_USER_DOCS);
diff --git a/lib/gs-app.c b/lib/gs-app.c
index 3d20b8b..206827b 100644
--- a/lib/gs-app.c
+++ b/lib/gs-app.c
@@ -86,7 +86,6 @@ struct _GsApp
GsAppQuality license_quality;
gchar **menu_path;
gchar *origin;
- gchar *origin_ui;
gchar *origin_hostname;
gchar *update_version;
gchar *update_version_ui;
@@ -501,8 +500,6 @@ gs_app_to_string (GsApp *app)
gs_app_kv_lpad (str, "branch", app->branch);
if (app->origin != NULL && app->origin[0] != '\0')
gs_app_kv_lpad (str, "origin", app->origin);
- if (app->origin_ui != NULL && app->origin_ui[0] != '\0')
- gs_app_kv_lpad (str, "origin-ui", app->origin_ui);
if (app->origin_hostname != NULL && app->origin_hostname[0] != '\0')
gs_app_kv_lpad (str, "origin-hostname", app->origin_hostname);
if (app->rating != -1)
@@ -2146,41 +2143,6 @@ gs_app_set_origin (GsApp *app, const gchar *origin)
}
/**
- * gs_app_get_origin_ui:
- * @app: a #GsApp
- *
- * Gets the UI-visible origin used to install the application, e.g. "Fedora".
- *
- * Returns: a string, or %NULL for unset
- *
- * Since: 3.22
- **/
-const gchar *
-gs_app_get_origin_ui (GsApp *app)
-{
- g_return_val_if_fail (GS_IS_APP (app), NULL);
- return app->origin_ui;
-}
-
-/**
- * gs_app_set_origin_ui:
- * @app: a #GsApp
- * @origin_ui: a string, or %NULL
- *
- * The origin is the original source of the application to show in the UI,
- * e.g. "Fedora"
- *
- * Since: 3.22
- **/
-void
-gs_app_set_origin_ui (GsApp *app, const gchar *origin_ui)
-{
- g_autoptr(GMutexLocker) locker = g_mutex_locker_new (&app->mutex);
- g_return_if_fail (GS_IS_APP (app));
- _g_set_str (&app->origin_ui, origin_ui);
-}
-
-/**
* gs_app_get_origin_hostname:
* @app: a #GsApp
*
@@ -3645,7 +3607,6 @@ gs_app_finalize (GObject *object)
g_free (app->license);
g_strfreev (app->menu_path);
g_free (app->origin);
- g_free (app->origin_ui);
g_free (app->origin_hostname);
g_ptr_array_unref (app->sources);
g_ptr_array_unref (app->source_ids);
diff --git a/lib/gs-app.h b/lib/gs-app.h
index 284a90e..bddc068 100644
--- a/lib/gs-app.h
+++ b/lib/gs-app.h
@@ -178,9 +178,6 @@ void gs_app_set_menu_path (GsApp *app,
const gchar *gs_app_get_origin (GsApp *app);
void gs_app_set_origin (GsApp *app,
const gchar *origin);
-const gchar *gs_app_get_origin_ui (GsApp *app);
-void gs_app_set_origin_ui (GsApp *app,
- const gchar *origin_ui);
const gchar *gs_app_get_origin_hostname (GsApp *app);
void gs_app_set_origin_hostname (GsApp *app,
const gchar *origin_hostname);
diff --git a/plugins/dummy/gs-plugin-dummy.c b/plugins/dummy/gs-plugin-dummy.c
index e26dd0b..182e646 100644
--- a/plugins/dummy/gs-plugin-dummy.c
+++ b/plugins/dummy/gs-plugin-dummy.c
@@ -82,7 +82,6 @@ gs_plugin_initialize (GsPlugin *plugin)
priv->cached_origin = gs_app_new (gs_plugin_get_name (plugin));
gs_app_set_kind (priv->cached_origin, AS_APP_KIND_SOURCE);
gs_app_set_origin_hostname (priv->cached_origin, "http://www.bbc.co.uk/";);
- gs_app_set_origin_ui (priv->cached_origin, "Dummy Repo");
/* add the source to the plugin cache which allows us to match the
* unique ID to a GsApp when creating an event */
@@ -720,7 +719,6 @@ gs_plugin_add_distro_upgrades (GsPlugin *plugin,
gs_app_set_size_installed (app, 256 * 1024 * 1024);
gs_app_set_size_download (app, 1024 * 1024 * 1024);
gs_app_set_license (app, GS_APP_QUALITY_LOWEST, "LicenseRef-free");
- gs_app_set_origin_ui (app, "Dummy");
gs_app_set_management_plugin (app, gs_plugin_get_name (plugin));
gs_app_set_metadata (app, "GnomeSoftware::UpgradeBanner-css",
"background: url('" DATADIR "/gnome-software/upgrade-bg.png');"
diff --git a/plugins/fedora-distro-upgrades/gs-plugin-fedora-distro-upgrades.c
b/plugins/fedora-distro-upgrades/gs-plugin-fedora-distro-upgrades.c
index 4ff2d4d..9bec129 100644
--- a/plugins/fedora-distro-upgrades/gs-plugin-fedora-distro-upgrades.c
+++ b/plugins/fedora-distro-upgrades/gs-plugin-fedora-distro-upgrades.c
@@ -134,7 +134,6 @@ gs_plugin_setup (GsPlugin *plugin, GCancellable *cancellable, GError **error)
/* add source */
priv->cached_origin = gs_app_new (gs_plugin_get_name (plugin));
gs_app_set_kind (priv->cached_origin, AS_APP_KIND_SOURCE);
- gs_app_set_origin_ui (priv->cached_origin, "Fedora Project PkgDb");
gs_app_set_origin_hostname (priv->cached_origin,
FEDORA_PKGDB_COLLECTIONS_API_URI);
@@ -431,7 +430,6 @@ gs_plugin_add_distro_upgrades (GsPlugin *plugin,
gs_app_add_quirk (app, AS_APP_QUIRK_NEEDS_REBOOT);
gs_app_add_quirk (app, AS_APP_QUIRK_PROVENANCE);
gs_app_add_quirk (app, AS_APP_QUIRK_NOT_REVIEWABLE);
- gs_app_set_origin_ui (app, distro_info->name);
gs_app_add_icon (app, ic);
gs_app_set_management_plugin (app, "packagekit");
diff --git a/plugins/flatpak/gs-flatpak.c b/plugins/flatpak/gs-flatpak.c
index ebdd135..65565ad 100644
--- a/plugins/flatpak/gs-flatpak.c
+++ b/plugins/flatpak/gs-flatpak.c
@@ -1239,49 +1239,6 @@ gs_flatpak_refresh (GsFlatpak *self,
}
static gboolean
-gs_plugin_refine_item_origin_ui (GsFlatpak *self, GsApp *app,
- GCancellable *cancellable,
- GError **error)
-{
- const gchar *origin;
- guint i;
- g_autoptr(GPtrArray) xremotes = NULL;
- g_autoptr(AsProfileTask) ptask = NULL;
-
- /* already set */
- origin = gs_app_get_origin_ui (app);
- if (origin != NULL)
- return TRUE;
-
- /* find list of remotes */
- ptask = as_profile_start (gs_plugin_get_profile (self->plugin),
- "%s::refine-origin-ui",
- gs_flatpak_get_id (self));
- g_assert (ptask != NULL);
- xremotes = flatpak_installation_list_remotes (self->installation,
- cancellable,
- error);
- if (xremotes == NULL) {
- gs_plugin_flatpak_error_convert (error);
- return FALSE;
- }
- for (i = 0; i < xremotes->len; i++) {
- FlatpakRemote *xremote = g_ptr_array_index (xremotes, i);
- if (flatpak_remote_get_disabled (xremote))
- continue;
- if (g_strcmp0 (gs_app_get_origin (app),
- flatpak_remote_get_name (xremote)) == 0) {
- g_autofree gchar *title = NULL;
- title = flatpak_remote_get_title (xremote);
- gs_app_set_origin_ui (app, title);
- break;
- }
- }
-
- return TRUE;
-}
-
-static gboolean
gs_plugin_refine_item_origin_hostname (GsFlatpak *self, GsApp *app,
GCancellable *cancellable,
GError **error)
@@ -2129,15 +2086,6 @@ gs_flatpak_refine_app (GsFlatpak *self,
}
}
- /* origin */
- if (flags & GS_PLUGIN_REFINE_FLAGS_REQUIRE_ORIGIN) {
- if (!gs_plugin_refine_item_origin_ui (self, app,
- cancellable, error)) {
- g_prefix_error (error, "failed to get origin: ");
- return FALSE;
- }
- }
-
/* origin-hostname */
if (flags & GS_PLUGIN_REFINE_FLAGS_REQUIRE_ORIGIN_HOSTNAME) {
if (!gs_plugin_refine_item_origin_hostname (self, app,
@@ -3002,7 +2950,6 @@ gs_flatpak_file_to_app_ref (GsFlatpak *self,
g_autoptr(FlatpakRemote) xremote = NULL;
g_autoptr(GKeyFile) kf = NULL;
g_autofree gchar *origin_url = NULL;
- g_autofree gchar *origin_title = NULL;
g_autofree gchar *ref_comment = NULL;
g_autofree gchar *ref_description = NULL;
g_autofree gchar *ref_homepage = NULL;
@@ -3130,7 +3077,6 @@ gs_flatpak_file_to_app_ref (GsFlatpak *self,
gs_plugin_flatpak_error_convert (error);
return FALSE;
}
- origin_title = flatpak_remote_get_title (xremote);
origin_url = flatpak_remote_get_url (xremote);
if (origin_url == NULL) {
g_set_error (error,
@@ -3142,7 +3088,6 @@ gs_flatpak_file_to_app_ref (GsFlatpak *self,
}
gs_app_set_origin (app, remote_name);
gs_app_set_origin_hostname (app, origin_url);
- gs_app_set_origin_ui (app, origin_title);
/* get the new appstream data (nonfatal for failure) */
if (!gs_flatpak_refresh_appstream_remote (self, remote_name,
diff --git a/plugins/fwupd/gs-plugin-fwupd.c b/plugins/fwupd/gs-plugin-fwupd.c
index 208092a..1e59909 100644
--- a/plugins/fwupd/gs-plugin-fwupd.c
+++ b/plugins/fwupd/gs-plugin-fwupd.c
@@ -253,7 +253,6 @@ gs_plugin_setup (GsPlugin *plugin, GCancellable *cancellable, GError **error)
gs_app_set_kind (priv->cached_origin, AS_APP_KIND_SOURCE);
gs_app_set_bundle_kind (priv->cached_origin, AS_BUNDLE_KIND_CABINET);
gs_app_set_origin_hostname (priv->cached_origin, priv->download_uri);
- gs_app_set_origin_ui (priv->cached_origin, "Linux Vendor Firmware Project");
/* add the source to the plugin cache which allows us to match the
* unique ID to a GsApp when creating an event */
diff --git a/plugins/odrs/gs-plugin-odrs.c b/plugins/odrs/gs-plugin-odrs.c
index be6a27f..c3fca86 100644
--- a/plugins/odrs/gs-plugin-odrs.c
+++ b/plugins/odrs/gs-plugin-odrs.c
@@ -80,7 +80,6 @@ gs_plugin_initialize (GsPlugin *plugin)
priv->cached_origin = gs_app_new (gs_plugin_get_name (plugin));
gs_app_set_kind (priv->cached_origin, AS_APP_KIND_SOURCE);
gs_app_set_origin_hostname (priv->cached_origin, priv->review_server);
- gs_app_set_origin_ui (priv->cached_origin, "Open Desktop Review Server");
/* add the source to the plugin cache which allows us to match the
* unique ID to a GsApp when creating an event */
diff --git a/plugins/packagekit/meson.build b/plugins/packagekit/meson.build
index 9bc4237..f9e57ab 100644
--- a/plugins/packagekit/meson.build
+++ b/plugins/packagekit/meson.build
@@ -125,22 +125,6 @@ sources : 'gs-plugin-packagekit-offline.c',
)
shared_module(
- 'gs_plugin_packagekit-origin',
- sources : [
- 'gs-plugin-packagekit-origin.c',
- 'packagekit-common.c',
- ],
- include_directories : [
- include_directories('../..'),
- include_directories('../../lib'),
- ],
- install : true,
- install_dir: plugin_dir,
- c_args : cargs,
- dependencies : [ plugin_libs, packagekit ]
-)
-
-shared_module(
'gs_plugin_packagekit-proxy',
sources : 'gs-plugin-packagekit-proxy.c',
include_directories : [
diff --git a/plugins/shell-extensions/gs-plugin-shell-extensions.c
b/plugins/shell-extensions/gs-plugin-shell-extensions.c
index 9abc3e5..3a3a141 100644
--- a/plugins/shell-extensions/gs-plugin-shell-extensions.c
+++ b/plugins/shell-extensions/gs-plugin-shell-extensions.c
@@ -71,7 +71,6 @@ gs_plugin_initialize (GsPlugin *plugin)
priv->cached_origin = gs_app_new (gs_plugin_get_name (plugin));
gs_app_set_kind (priv->cached_origin, AS_APP_KIND_SOURCE);
gs_app_set_origin_hostname (priv->cached_origin, SHELL_EXTENSIONS_API_URI);
- gs_app_set_origin_ui (priv->cached_origin, "GNOME Shell Extensions");
/* add the source to the plugin cache which allows us to match the
* unique ID to a GsApp when creating an event */
diff --git a/plugins/snap/gs-plugin-snap.c b/plugins/snap/gs-plugin-snap.c
index 6ca5e82..4e9eece 100644
--- a/plugins/snap/gs-plugin-snap.c
+++ b/plugins/snap/gs-plugin-snap.c
@@ -268,10 +268,6 @@ gs_plugin_snap_refine_app (GsPlugin *plugin,
gs_app_set_origin_hostname (app, "myapps.developer.ubuntu.com");
else if (origin_hostname != NULL)
gs_app_set_origin_hostname (app, origin_hostname);
-
- /* derive this from the origin hosname */
- if (g_strcmp0 (gs_app_get_origin_hostname (app), "myapps.developer.ubuntu.com") == 0)
- gs_app_set_origin_ui (app, "The Ubuntu Store");
}
if (!from_search) {
diff --git a/src/gs-details-page.c b/src/gs-details-page.c
index c8a271e..d58c45c 100644
--- a/src/gs-details-page.c
+++ b/src/gs-details-page.c
@@ -895,9 +895,7 @@ gs_details_page_refresh_all (GsDetailsPage *self)
}
/* set the origin */
- tmp = gs_app_get_origin_ui (self->app);
- if (tmp == NULL)
- tmp = gs_app_get_origin_hostname (self->app);
+ tmp = gs_app_get_origin_hostname (self->app);
if (tmp == NULL)
tmp = gs_app_get_origin (self->app);
if (tmp == NULL || tmp[0] == '\0') {
@@ -1543,7 +1541,7 @@ gs_details_page_set_local_file (GsDetailsPage *self, GFile *file)
GS_PLUGIN_REFINE_FLAGS_REQUIRE_SIZE |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_VERSION |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_HISTORY |
- GS_PLUGIN_REFINE_FLAGS_REQUIRE_ORIGIN_UI |
+ GS_PLUGIN_REFINE_FLAGS_REQUIRE_ORIGIN_HOSTNAME |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_MENU_PATH |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_URL |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_SETUP_ACTION |
@@ -1568,7 +1566,7 @@ gs_details_page_set_url (GsDetailsPage *self, const gchar *url)
GS_PLUGIN_REFINE_FLAGS_REQUIRE_SIZE |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_VERSION |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_HISTORY |
- GS_PLUGIN_REFINE_FLAGS_REQUIRE_ORIGIN_UI |
+ GS_PLUGIN_REFINE_FLAGS_REQUIRE_ORIGIN_HOSTNAME |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_MENU_PATH |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_URL |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_SETUP_ACTION |
@@ -1593,7 +1591,7 @@ gs_details_page_load (GsDetailsPage *self)
GS_PLUGIN_REFINE_FLAGS_REQUIRE_VERSION |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_HISTORY |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_SETUP_ACTION |
- GS_PLUGIN_REFINE_FLAGS_REQUIRE_ORIGIN_UI |
+ GS_PLUGIN_REFINE_FLAGS_REQUIRE_ORIGIN_HOSTNAME |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_MENU_PATH |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_URL |
GS_PLUGIN_REFINE_FLAGS_REQUIRE_SETUP_ACTION |
diff --git a/src/gs-shell.c b/src/gs-shell.c
index a45e5a8..14c811a 100644
--- a/src/gs-shell.c
+++ b/src/gs-shell.c
@@ -799,27 +799,16 @@ static gchar *
gs_shell_get_title_from_origin (GsApp *app)
{
/* get a title, falling back */
- if (gs_app_get_origin_ui (app) != NULL &&
- gs_app_get_origin_hostname (app) != NULL) {
- /* TRANSLATORS: this is part of the in-app notification,
- * where the first %s is a possibly multi-word localised distro
- * e.g. 'Fedora Project" and the second %s is the truncated
- * hostname, e.g. 'alt.fedoraproject.org' */
- return g_strdup_printf (_("“%s” [%s]"),
- gs_app_get_origin_ui (app),
- gs_app_get_origin_hostname (app));
- } else if (gs_app_get_origin_ui (app) != NULL) {
- /* TRANSLATORS: this is part of the in-app notification,
- * where the %s is a possibly multi-word localised distro
- * e.g. 'Fedora Project" */
- return g_strdup_printf (_("“%s”"),
- gs_app_get_origin_ui (app));
- } else if (gs_app_get_origin_hostname (app) != NULL) {
+ if (gs_app_get_origin_hostname (app) != NULL) {
/* TRANSLATORS: this is part of the in-app notification,
* where the %s is the truncated hostname, e.g.
* 'alt.fedoraproject.org' */
- return g_strdup_printf (_("“%s”"),
- gs_app_get_origin_hostname (app));
+ return g_strdup_printf (_("“%s”"), gs_app_get_origin_hostname (app));
+ }
+ if (gs_app_get_origin (app) != NULL) {
+ /* TRANSLATORS: this is part of the in-app notification,
+ * where the %s is the origin id, e.g. 'fedora' */
+ return g_strdup_printf (_("“%s”"), gs_app_get_origin (app));
}
return g_strdup_printf ("“%s”", gs_app_get_id (app));
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
