Stable Gnome 3.20 and Freedesktop 1.4 runtimes released

Fri Apr 15 12:04:54 UTC 2016

On fre, 2016-04-15 at 06:02 -0500, Daniel Espinosa wrote:
> Could you add documentation about how to permissions on xdg-app. This
> is because I've build an app, but it doesn't update settings, then is
> every important to know each permission reach.

Part 4 of my tutorial explains this a bit:

https://blogs.gnome.org/alexl/2016/02/23/building-an-xdg-app-part-4/

I'm not sure exactly what you mean by "settings". But I assume you mean
dconf/gsettings. The way to currently allow dconf access is this piece
of magic:

 /* Needed for dconf to work */
 "--filesystem=xdg-run/dconf", "--filesystem=~/.config/dconf:ro",
 "--talk-name=ca.desrt.dconf", "--env=DCONF_USER_CONFIG_DIR=.config/dconf",

I realize thats not easy to figure out this, but here is what it does,
in order:

 * Allow apps to look in /run/user/1000/dconf which is a directory that
   dconf uses to tell you about database updates
 * Allow your app read-only access to ~/.config/dconf which is the 
   default location for the per-user database. 
 * Allow your app to talk to the dconf dbus service.
 * Magic environment variable to tell dconf to look in ~/.config/dconf
   for the dconf database instead of using XDG_CONFIG_DIR, which would
   point to ~/.var/app/org.something.App/config/

Note that this allows your app to read settings from all other apps,
which is clearly not ideal. The plan going forward is to have a
gsettings backend which is explicitly designed to run sandboxed. Work
has started on this, but I don't know the current state of it.

> As a side note, but important too, have Software listing an app
> permissions list before install it? A la Android, with explanation
> about risks on each one.

Yes, this is in the plans. There is APIs in libxdgapp to allow you to
query the metadata for apps. This could be used by gnome-software to
explain these permissions.

This is not used yet, and since the work on portals are yet in its
infancy all current xdg-apps request pretty broad permissions.
Hopefully we will be able to change this in the near future.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
       alexl at redhat.com            alexander.larsson at gmail.com 
He's a fiendish chivalrous firefighter who hangs with the wrong crowd. 
She's a wealthy motormouth pearl diver descended from a line of powerful 
witches. They fight crime! 