Package: chromium Version: 98.0.4758.102-1~deb11u1 Severity: normal (This was initially sent to 1005...@bugs.debian.org; dilinger convinced me this should be a new ticket.)
Hi, I ship chromium in prisons, where we extremely do not want unprivileged users to be able to add new drivers (fuse) and applications (flatpak/bubblewrap/xdg-desktop-portal). [*] https://bugs.debian.org/1005230 and https://bugs.debian.org/1005410 were recently fixed by adding Depends: xdg-desktop-portal-gtk | xdg-desktop-portal-backend which means chromium now hard-depends on fuse and bubblewrap. 1. xdg-desktop-portal-* is not needed for XFCE and sway users. As an experiment, I tried dpkg --force-depends --purge \ xdg-desktop-portal \ xdg-desktop-portal-backend \ xdg-desktop-portal-gtk \ fuse libfuse2 \ fuse3 libfuse3-3 \ bubblewrap flatpak \ libgnome-desktop-3-19 And after doing so, I rebooted, logged into a GUI as a new user, started chromium, successfully browsed to https://example.com/, and successfully used File Open and File Save dialogues (the were GTK3-style). I tested this with Debian 11 / Xorg / XFCE. I tested this with Debian 11 / sway / Xwayland. In both cases, everything worked, i.e. the desktop portal is (presumably) not needed. I'm not sure why other people seem to need xdg-desktop-portal-*. My only guess is that I was testing in a qemu VM, and maybe chromium silently disables sandboxing when it detects a VM??? I briefly tried to test task-gnome-desktop, but gdm3 didn't auto-start, so I gave up. I didn't test KDE, LXDE, Cinnamon, Mate, wlroots, or plain X (no DE/WM at all). Boring details (turnkey test script &c) are in my earlier emails here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005230#25 2. I have a viable workaround, which is just to make a fake xdg-desktop-portal package. This is not really interesting to anyone else, but I attach it for completeness. >From MY perspective, the "easy" answer is to just downgrade Depends to >Recommends. However this will re-break chromium for people who have neither gtk* nor xdg-desktop-portal* installed (i.e. #1005230). dilinger suggested something like the below. Getting this just right will require some Deep Thinks. I don't understand chromium internals enough to do that myself :-( Depends: libgtk-4-1 | libgtk-3-0 | xdg-desktop-portal-gtk | xdg-desktop-portal-backend [*] I have a bunch of other layers to block these, but "libfuse* isn't even installed" is really nice layer to have. e.g. detainee kernels have CONFIG_FUSE_FS disabled (though CONFIG_USER_NS is enabled due to systemd).
Format: 3.0 (native) Source: xdg-desktop-portal-ersatz Binary: xdg-desktop-portal-ersatz Architecture: all Version: 11.0 Maintainer: Trent W. Buck <t...@cyber.com.au> Uploaders: Trent W. Buck <trentb...@gmail.com> Standards-Version: 4.3.0 Build-Depends: debhelper-compat (= 13) Package-List: xdg-desktop-portal-ersatz deb metapackages optional arch=all Checksums-Sha1: 00944a5479997e1b0bf1ee953b263e7c6eb2ada4 2008 xdg-desktop-portal-ersatz_11.0.tar.xz Checksums-Sha256: c682a6987abb0b0c6c8a9d125a544f7300d3ac114501ec44723cf9351de00e2d 2008 xdg-desktop-portal-ersatz_11.0.tar.xz Files: 6b2741ba9134a28c6e35ae8d317f7565 2008 xdg-desktop-portal-ersatz_11.0.tar.xz
xdg-desktop-portal-ersatz_11.0.tar.xz
Description: application/xz
xdg-desktop-portal-ersatz_11.0_all.deb
Description: application/vnd.debian.binary-package
dpkg-buildpackage -us -uc -ui dpkg-buildpackage: info: source package xdg-desktop-portal-ersatz dpkg-buildpackage: info: source version 11.0 dpkg-buildpackage: info: source distribution bullseye dpkg-buildpackage: info: source changed by Trent W. Buck <trentb...@gmail.com> dpkg-source --before-build . dpkg-buildpackage: info: host architecture amd64 debian/rules clean dh clean dpkg-source -b . dpkg-source: info: using source format '3.0 (native)' dpkg-source: info: building xdg-desktop-portal-ersatz in xdg-desktop-portal-ersatz_11.0.tar.xz dpkg-source: info: building xdg-desktop-portal-ersatz in xdg-desktop-portal-ersatz_11.0.dsc debian/rules binary dh binary create-stamp debian/debhelper-build-stamp dpkg-deb: building package 'xdg-desktop-portal-ersatz' in '../xdg-desktop-portal-ersatz_11.0_all.deb'. dpkg-genbuildinfo dpkg-genchanges >../xdg-desktop-portal-ersatz_11.0_amd64.changes dpkg-genchanges: info: including full source code in upload dpkg-source --after-build . dpkg-buildpackage: info: full upload; Debian-native package (full source is included) Now running lintian xdg-desktop-portal-ersatz_11.0_amd64.changes ... warning: running with root privileges is not recommended! W: xdg-desktop-portal-ersatz: debian-changelog-line-too-long line 4 W: xdg-desktop-portal-ersatz: debian-changelog-line-too-long line 7 W: xdg-desktop-portal-ersatz: extended-description-line-too-long line 14 W: xdg-desktop-portal-ersatz: extended-description-line-too-long line 15 Finished running lintian.
Format: 1.0 Source: xdg-desktop-portal-ersatz Binary: xdg-desktop-portal-ersatz Architecture: all source Version: 11.0 Checksums-Md5: f6c154b76e0749b94119ae1a829b02a3 665 xdg-desktop-portal-ersatz_11.0.dsc 1fbbb11ae2622436b0e1741d7e244e5b 2564 xdg-desktop-portal-ersatz_11.0_all.deb Checksums-Sha1: 891d5dc0a7b3cb51f7f90c757798aed4c28ce29e 665 xdg-desktop-portal-ersatz_11.0.dsc fb22dd56973e883c28a359df6709b57946e8afae 2564 xdg-desktop-portal-ersatz_11.0_all.deb Checksums-Sha256: c7d44da31a5ed228942157f1f3c975c47421474a21f775c8b58313514ebb3e24 665 xdg-desktop-portal-ersatz_11.0.dsc 9be2a965ee4899923482eca2d56f1235439c0c09d925ad8d0320d37d9a625769 2564 xdg-desktop-portal-ersatz_11.0_all.deb Build-Origin: Debian Build-Architecture: amd64 Build-Date: Tue, 22 Feb 2022 05:25:12 +0000 Installed-Build-Depends: autoconf (= 2.69-14), automake (= 1:1.16.3-2), autopoint (= 0.21-4), autotools-dev (= 20180224.1+nmu1), base-files (= 11.1+deb11u2), base-passwd (= 3.5.51), bash (= 5.1-2+b3), binutils (= 2.35.2-2), binutils-common (= 2.35.2-2), binutils-x86-64-linux-gnu (= 2.35.2-2), bsdextrautils (= 2.36.1-8+deb11u1), bsdutils (= 1:2.36.1-8+deb11u1), build-essential (= 12.9), bzip2 (= 1.0.8-4), coreutils (= 8.32-4+b1), cpp (= 4:10.2.1-1), cpp-10 (= 10.2.1-6), dash (= 0.5.11+git20200708+dd9ef66-5), debconf (= 1.5.77), debhelper (= 13.3.4), debianutils (= 4.11.2), dh-autoreconf (= 20), dh-strip-nondeterminism (= 1.12.0-1), diffutils (= 1:3.7-5), dpkg (= 1.20.9), dpkg-dev (= 1.20.9), dwz (= 0.13+20210201-1), file (= 1:5.39-3), findutils (= 4.8.0-1), g++ (= 4:10.2.1-1), g++-10 (= 10.2.1-6), gcc (= 4:10.2.1-1), gcc-10 (= 10.2.1-6), gcc-10-base (= 10.2.1-6), gettext (= 0.21-4), gettext-base (= 0.21-4), grep (= 3.6-1), groff-base (= 1.22.4-6), gzip (= 1.10-4), hostname (= 3.23), init-system-helpers (= 1.60), intltool-debian (= 0.35.0+20060710.5), libacl1 (= 2.2.53-10), libarchive-zip-perl (= 1.68-1), libasan6 (= 10.2.1-6), libatomic1 (= 10.2.1-6), libattr1 (= 1:2.4.48-6), libaudit-common (= 1:3.0-2), libaudit1 (= 1:3.0-2), libbinutils (= 2.35.2-2), libblkid1 (= 2.36.1-8+deb11u1), libbz2-1.0 (= 1.0.8-4), libc-bin (= 2.31-13+deb11u2), libc-dev-bin (= 2.31-13+deb11u2), libc6 (= 2.31-13+deb11u2), libc6-dev (= 2.31-13+deb11u2), libcap-ng0 (= 0.7.9-2.2+b1), libcc1-0 (= 10.2.1-6), libcom-err2 (= 1.46.2-2), libcrypt-dev (= 1:4.4.18-4), libcrypt1 (= 1:4.4.18-4), libctf-nobfd0 (= 2.35.2-2), libctf0 (= 2.35.2-2), libdb5.3 (= 5.3.28+dfsg1-0.8), libdebconfclient0 (= 0.260), libdebhelper-perl (= 13.3.4), libdpkg-perl (= 1.20.9), libelf1 (= 0.183-1), libfile-stripnondeterminism-perl (= 1.12.0-1), libgcc-10-dev (= 10.2.1-6), libgcc-s1 (= 10.2.1-6), libgcrypt20 (= 1.8.7-6), libgdbm-compat4 (= 1.19-2), libgdbm6 (= 1.19-2), libgmp10 (= 2:6.2.1+dfsg-1+deb11u1), libgomp1 (= 10.2.1-6), libgpg-error0 (= 1.38-2), libgssapi-krb5-2 (= 1.18.3-6+deb11u1), libicu67 (= 67.1-7), libisl23 (= 0.23-1), libitm1 (= 10.2.1-6), libk5crypto3 (= 1.18.3-6+deb11u1), libkeyutils1 (= 1.6.1-2), libkrb5-3 (= 1.18.3-6+deb11u1), libkrb5support0 (= 1.18.3-6+deb11u1), liblsan0 (= 10.2.1-6), liblz4-1 (= 1.9.3-2), liblzma5 (= 5.2.5-2), libmagic-mgc (= 1:5.39-3), libmagic1 (= 1:5.39-3), libmount1 (= 2.36.1-8+deb11u1), libmpc3 (= 1.2.0-1), libmpfr6 (= 4.1.0-3), libnsl-dev (= 1.3.0-2), libnsl2 (= 1.3.0-2), libpam-modules (= 1.4.0-9+deb11u1), libpam-modules-bin (= 1.4.0-9+deb11u1), libpam-runtime (= 1.4.0-9+deb11u1), libpam0g (= 1.4.0-9+deb11u1), libpcre2-8-0 (= 10.36-2), libpcre3 (= 2:8.39-13), libperl5.32 (= 5.32.1-4+deb11u2), libpipeline1 (= 1.5.3-1), libquadmath0 (= 10.2.1-6), libseccomp2 (= 2.5.1-1+deb11u1), libselinux1 (= 3.1-3), libsigsegv2 (= 2.13-1), libsmartcols1 (= 2.36.1-8+deb11u1), libssl1.1 (= 1.1.1k-1+deb11u1), libstdc++-10-dev (= 10.2.1-6), libstdc++6 (= 10.2.1-6), libsub-override-perl (= 0.09-2), libsystemd0 (= 247.3-6), libtinfo6 (= 6.2+20201114-2), libtirpc-common (= 1.3.1-1), libtirpc-dev (= 1.3.1-1), libtirpc3 (= 1.3.1-1), libtool (= 2.4.6-15), libtsan0 (= 10.2.1-6), libubsan1 (= 10.2.1-6), libuchardet0 (= 0.0.7-1), libudev1 (= 247.3-6), libunistring2 (= 0.9.10-4), libuuid1 (= 2.36.1-8+deb11u1), libxml2 (= 2.9.10+dfsg-6.7), libzstd1 (= 1.4.8+dfsg-2.1), linux-libc-dev (= 5.10.92-1), login (= 1:4.8.1-1), lsb-base (= 11.1.0), m4 (= 1.4.18-5), make (= 4.3-4.1), man-db (= 2.9.4-2), mawk (= 1.3.4.20200120-2), ncurses-base (= 6.2+20201114-2), ncurses-bin (= 6.2+20201114-2), patch (= 2.7.6-7), perl (= 5.32.1-4+deb11u2), perl-base (= 5.32.1-4+deb11u2), perl-modules-5.32 (= 5.32.1-4+deb11u2), po-debconf (= 1.0.21+nmu1), sed (= 4.7-1), sensible-utils (= 0.0.14), sysvinit-utils (= 2.96-7), tar (= 1.34+dfsg-1), util-linux (= 2.36.1-8+deb11u1), xz-utils (= 5.2.5-2), zlib1g (= 1:1.2.11.dfsg-2) Environment: DEB_BUILD_OPTIONS="parallel=8 terse" LANG="C.UTF-8" LC_ALL="C.UTF-8" LC_COLLATE="C" SOURCE_DATE_EPOCH="1645506077"
Format: 1.8 Date: Tue, 22 Feb 2022 16:01:17 +1100 Source: xdg-desktop-portal-ersatz Binary: xdg-desktop-portal-ersatz Architecture: source all Version: 11.0 Distribution: bullseye Urgency: medium Maintainer: Trent W. Buck <t...@cyber.com.au> Changed-By: Trent W. Buck <trentb...@gmail.com> Description: xdg-desktop-portal-ersatz - work around https://bugs.debian.org/1005230 Changes: xdg-desktop-portal-ersatz (11.0) bullseye; urgency=medium . * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005230#25 Chromium wrongly claims it needs xdg-desktop-portal-gtk | xdg-desktop-portal-backend. It does not. While I wait for a human to reply to my emails (see URL), create a dummy package that will prevent chromium from installing fuse and bubblewrap. . * This belongs in prisonpc-ersatz, but if upstream responds soon, I can roll-back this entire stub package. Keeping it separate makes it easier to redact from the apt repo. Checksums-Sha1: 891d5dc0a7b3cb51f7f90c757798aed4c28ce29e 665 xdg-desktop-portal-ersatz_11.0.dsc 00944a5479997e1b0bf1ee953b263e7c6eb2ada4 2008 xdg-desktop-portal-ersatz_11.0.tar.xz fb22dd56973e883c28a359df6709b57946e8afae 2564 xdg-desktop-portal-ersatz_11.0_all.deb 458dcb3cfbdf1562d243710d23e7f3b3cf564417 4992 xdg-desktop-portal-ersatz_11.0_amd64.buildinfo Checksums-Sha256: c7d44da31a5ed228942157f1f3c975c47421474a21f775c8b58313514ebb3e24 665 xdg-desktop-portal-ersatz_11.0.dsc c682a6987abb0b0c6c8a9d125a544f7300d3ac114501ec44723cf9351de00e2d 2008 xdg-desktop-portal-ersatz_11.0.tar.xz 9be2a965ee4899923482eca2d56f1235439c0c09d925ad8d0320d37d9a625769 2564 xdg-desktop-portal-ersatz_11.0_all.deb 0d89496165801499f7f1b68e3438a2e72698e3af2898316103e486cef56a6959 4992 xdg-desktop-portal-ersatz_11.0_amd64.buildinfo Files: f6c154b76e0749b94119ae1a829b02a3 665 metapackages optional xdg-desktop-portal-ersatz_11.0.dsc 6b2741ba9134a28c6e35ae8d317f7565 2008 metapackages optional xdg-desktop-portal-ersatz_11.0.tar.xz 1fbbb11ae2622436b0e1741d7e244e5b 2564 metapackages optional xdg-desktop-portal-ersatz_11.0_all.deb daef2ca7671a3f75e5a41363b445c367 4992 metapackages optional xdg-desktop-portal-ersatz_11.0_amd64.buildinfo
