On Sat, 10 Jun 2023 at 16:24:03 +0100, Simon McVittie wrote:
> Untrusted application launcher
>
> The desktop file "install-debian.desktop" is in an insecure location
> and not marked as executable. If you do not trust this program, click
> Cancel.
Here is a route towards a proper fix which can hopefully go into the
12.1 point release:
# as root
apt install libglib2.0-bin
# as the 'live' user
gio set --type=string ~/Desktop/install-debian.desktop \
metadata::trusted true
gio set --type=string ~/Desktop/install-debian.desktop \
metadata::xfce-exe-checksum \
"$(sha256sum ~/Desktop/install-debian.desktop | cut -f1)"
touch ~/Desktop/install-debian.desktop
Setting metadata::xfce-exe-checksum is the actual solution for XFCE.
metadata::trusted is a GNOME thing and XFCE doesn't actually use it,
but it doesn't do any harm to add it while we're here. It doesn't
affect current GNOME live images, because current live images don't have
application icons on the desktop at all, but it would become interesting
if the user installs certain GNOME Shell extensions.
The call to touch(1) doesn't seem to be strictly necessary for XFCE,
but according to my notes in the Steam packaging, some desktops need an
inotify event to remind them to re-read it. Again, it's either helpful
or useless-but-harmless, so we might as well.
smcv
