Re: Stable Gnome 3.20 and Freedesktop 1.4 runtimes released

From: Alexander Larsson <alexl redhat com>
To: Daniel Espinosa <esodan gmail com>
Cc: gnome-os-list gnome org, xdg-app lists freedesktop org
Subject: Re: Stable Gnome 3.20 and Freedesktop 1.4 runtimes released
Date: Fri, 15 Apr 2016 14:04:54 +0200

On fre, 2016-04-15 at 06:02 -0500, Daniel Espinosa wrote:

Could you add documentation about how to permissions on xdg-app. This
is because I've build an app, but it doesn't update settings, then is
every important to know each permission reach.


Part 4 of my tutorial explains this a bit:

https://blogs.gnome.org/alexl/2016/02/23/building-an-xdg-app-part-4/

I'm not sure exactly what you mean by "settings". But I assume you mean
dconf/gsettings. The way to currently allow dconf access is this piece
of magic:

 /* Needed for dconf to work */
 "--filesystem=xdg-run/dconf", "--filesystem=~/.config/dconf:ro",
 "--talk-name=ca.desrt.dconf", "--env=DCONF_USER_CONFIG_DIR=.config/dconf",

I realize thats not easy to figure out this, but here is what it does,
in order:

 * Allow apps to look in /run/user/1000/dconf which is a directory that
   dconf uses to tell you about database updates
 * Allow your app read-only access to ~/.config/dconf which is the 
   default location for the per-user database. 
 * Allow your app to talk to the dconf dbus service.
 * Magic environment variable to tell dconf to look in ~/.config/dconf
   for the dconf database instead of using XDG_CONFIG_DIR, which would
   point to ~/.var/app/org.something.App/config/

Note that this allows your app to read settings from all other apps,
which is clearly not ideal. The plan going forward is to have a
gsettings backend which is explicitly designed to run sandboxed. Work
has started on this, but I don't know the current state of it.

As a side note, but important too, have Software listing an app
permissions list before install it? A la Android, with explanation
about risks on each one.


Yes, this is in the plans. There is APIs in libxdgapp to allow you to
query the metadata for apps. This could be used by gnome-software to
explain these permissions.

This is not used yet, and since the work on portals are yet in its
infancy all current xdg-apps request pretty broad permissions.
Hopefully we will be able to change this in the near future.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
       alexl redhat com            alexander larsson gmail com 
He's a fiendish chivalrous firefighter who hangs with the wrong crowd. 
She's a wealthy motormouth pearl diver descended from a line of powerful 
witches. They fight crime!

Follow-Ups:
- Re: Stable Gnome 3.20 and Freedesktop 1.4 runtimes released
  - From: Daniel Espinosa

References:
- Stable Gnome 3.20 and Freedesktop 1.4 runtimes released
  - From: Alexander Larsson
- Re: Stable Gnome 3.20 and Freedesktop 1.4 runtimes released
  - From: Daniel Espinosa

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]