On Wed, Jun 03, 2020 at 12:12:31PM +0200, Landry Breuil wrote: Hello Landry,
>> I'm not sure how best to handle this going forward, but unveiling /bin/sh >> is not a good idea. > Definitely. Filed https://gitlab.gnome.org/GNOME/glib/-/issues/2123 to try > to get upstream to revert said MR and reinstate gio-launch-desktop, thanks > for finding this change. It's not sounding very positive upstream :/ >> Perhaps we include a small compiled utility with Firefox that just >> hard-codes execve("/usr/local/bin/xdg-open", ...) and then unveil that >> binary instead of gio-launch-desktop? Firefox would still need modifying >> to exec that utility directly instead of using Glib's >> g_app_info_create_from_commandline. > That's imo ugly, as it would only 'fix' it for firefox and not all > potential unveiled glib apps. Plus, it would have to be upstreamed first at > mozilla (you know my own policy..) Perhaps the idea of making a separate port (maybe called "gio_launch_desktop" or whatever) with this utility is, then, the way to go? That way, every unveiled port that needs it can have it as a dependency. Another alternative is that we could admit defeat and update pkg/README so that it no longer gives the impression that you can invoke apps via xdg-mime. That would be a bit disappointing in some ways, but at least users won't bash their heads trying something that can't work. Laurie
