Re: [CentOS] "Untrusted application launcher (desktop launchers)"
At Sun, 28 Apr 2019 19:42:40 +0100 CentOS mailing list wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Sun, 2019-04-28 at 14:25 -0400, Robert Heller wrote: > > At Sun, 28 Apr 2019 18:53:21 +0100 CentOS mailing list > > wrote: > > > > > > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > On Sun, 2019-04-28 at 12:11 -0400, Robert Heller wrote: > > > > I am having this problem on Ubuntu 18.04 -- I manage a batch of desktop > > > > machines with some convience desktop launchers, which gnome3 insists are > > > > "untrusted". With some general websearching reveals that this is a > > > > *GNome3* > > > > so-called "security" issue > > > > (https://gitlab.gnome.org/GNOME/nautilus/commit/1630f5348). I found a > > > > thread > > > > on the CentOS Forums (I don't have an account there), where another > > > > sysadmin > > > > is strugling with this issue: > > > > > > > > https://www.centos.org/forums/viewtopic.php?f=47=65864=10 > > > > > > > > If anyone has come up with a script that can be dropped into > > > > ~/.config/autostart/ to "fix" this "feature" of gnome3 I would be > > > > interested > > > > in it. > > > > > > > > > > > > > > Hi, > > > > > > Just chmod +x the desktop files. > > > > That is NOT the problem... > > > > > > > > That or teach the users how to do things correctly. > > > > > > > Oh, yeah, you really think I am going to get very far telling *non-techies* > > to: > > > > 1) Open up a terminal (right-click on the desktop and select "Open > > Terminal") > > 2) Type at the shell prompt (huh? what is a "shell prompt") > > > >/usr/local/bin/arduino & > > > > OR > >gnucash & > > > > OR > > > >scratch & > > > > These happen to be the three desktop shortcuts I am providing. Yes, the > > last > > two can be found by searching through all available applications, if they > > know what to look for. It is so much easier to say: click on the light > > blue-green infinity sign for Arduino, click on the pile of money for > > GnuCash, > > or click on the scratch cat for scratch. > > > > > > Hi, > > 1. Do not jump to caps and shout at me. Not polite and will not get you > anywhere. > > Ok, go back to a debian based list and learn how to bundle the applications > yourself. This way you can supply all the required desktop files. If you > cannot > do this, get another job. > > I would test this on debian stable as I was the author of the backported > security patch. However, I am not inclined to do so. It is not a debian specific problem. It is a Gnome3 / nautilus issue. The Gnome3 devs have basically decided that nautilus should not be in the business of launching applications. So the use of desktop shortcuts to run applications is depreciated / discurraged with gnome3. The problem also exists for CentOS 7. I found a solution: use gio to set the trusted metadata in a startup application (script run from ~/.config/autostart/). > > Regards > > Phil > > - -- > *** If this is a mailing list, I am subscribed, no need to CC me.*** > > Playing the game for the games sake. > > Twitter: kathenasorg > IRC: kathenas > Web: https://kathenas.org > Github: https://github.com/kathenas > GitLab: https://gitlab.com/kathenas > > GPG: A0C3 4C6A AC2B B8F4 F1E5 EDF4 333F 60DC B0B9 BB77 > -BEGIN PGP SIGNATURE- > Version: GnuPG v2.0.22 (GNU/Linux) > > iQIcBAEBAgAGBQJcxfQgAAoJEDM/YNywubt3gSYQAIypXswVX59FBVlbz5evtF49 > mJRqF6gm4xiHg1SFCt0IWDxFf+fNPkQOfmfE47dVqwWRIezsqNHzmFzog3oyZg2h > UzsOg/JsSFTjxqIg+9YLR848+cRCFxuJEmkegeBApGQj+Rx3l3nfAWANQCLL2j9l > iLU8cwH7oFBr9F4stkkL9ypbaRtnqgL1Mz0f+gXuhbcUkRHDCcIoKJTa8jPG9Kpx > Knl5Z0JAY7P07y72iZ/E1ZWvh/pkaeOljJwMwR51V5vgqZifrVPZzNL3SWxXJEQY > BnWYyanEBR0ZuLGjd2Nd6JgrKFGhx6Q1BfqgWuGQGGQ3bRN2LfjKUfoKnGhW9NWj > yWFvKIX1hkVaTBK1Iww8oesp1zb89CbzRY0ga34x0uI9nvXbVo6eNpou6QiinipQ > T2ioVVuaEHALit7htm8TP88L4Y3pcCuaTF2e9KSp9RE4XjLmeOH/pcgDnRw3K8o3 > 84pdVVvjQuQClofoqFCCzdaMat03ZAKjVDFHiCDAFpmkbxJhvcal7rEAHr9GP/yU > rmDevz9BDKrW1HtPQtLy7Ws2WP+LjkaXPEh5W/k81am8SM1FDB0sSZ/t0XDIXVAl > f3xmZnTlwXl6jwoH94uYIj3oAoDeh2Q8AA6pu3tYhrUMcih9heEHQAq5D6fV3IFK > pBef5IfjuzltOMP+XgMz > =AfW7 > -END PGP SIGNATURE- > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > > -- Robert Heller -- 978-544-6933 Deepwoods Software-- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services hel...@deepsoft.com -- Webhosting Services ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] "Untrusted application launcher (desktop launchers)"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 2019-04-28 at 19:42 +0100, Phil Wyett wrote: > On Sun, 2019-04-28 at 14:25 -0400, Robert Heller wrote: > > At Sun, 28 Apr 2019 18:53:21 +0100 CentOS mailing list > > wrote: > > > > > > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > On Sun, 2019-04-28 at 12:11 -0400, Robert Heller wrote: > > > > I am having this problem on Ubuntu 18.04 -- I manage a batch of desktop > > > > machines with some convience desktop launchers, which gnome3 insists are > > > > "untrusted". With some general websearching reveals that this is a > > > > *GNome3* > > > > so-called "security" issue > > > > (https://gitlab.gnome.org/GNOME/nautilus/commit/1630f5348). I found a > > > > thread > > > > on the CentOS Forums (I don't have an account there), where another > > > > sysadmin > > > > is strugling with this issue: > > > > > > > > https://www.centos.org/forums/viewtopic.php?f=47=65864=10 > > > > > > > > If anyone has come up with a script that can be dropped into > > > > ~/.config/autostart/ to "fix" this "feature" of gnome3 I would be > > > > interested > > > > in it. > > > > > > > > > > > > > > Hi, > > > > > > Just chmod +x the desktop files. > > > > That is NOT the problem... > > > > > > > > That or teach the users how to do things correctly. > > > > > > > Oh, yeah, you really think I am going to get very far telling *non-techies* > > to: > > > > 1) Open up a terminal (right-click on the desktop and select "Open > > Terminal") > > 2) Type at the shell prompt (huh? what is a "shell prompt") > > > >/usr/local/bin/arduino & > > > > OR > >gnucash & > > > > OR > > > >scratch & > > > > These happen to be the three desktop shortcuts I am providing. Yes, the > > last > > two can be found by searching through all available applications, if they > > know what to look for. It is so much easier to say: click on the light > > blue-green infinity sign for Arduino, click on the pile of money for > > GnuCash, > > or click on the scratch cat for scratch. > > > > > > Hi, > > 1. Do not jump to caps and shout at me. Not polite and will not get you > anywhere. > > Ok, go back to a debian based list and learn how to bundle the applications > yourself. This way you can supply all the required desktop files. If you > cannot > do this, get another job. > > I would test this on debian stable as I was the author of the backported > security patch. However, I am not inclined to do so. > > Regards > > Phil > > Hi, You could always try gio setting the metadata for trust. A little google gave this thread that may help. Regards Phil - -- *** If this is a mailing list, I am subscribed, no need to CC me.*** Playing the game for the games sake. Twitter: kathenasorg IRC: kathenas Web: https://kathenas.org Github: https://github.com/kathenas GitLab: https://gitlab.com/kathenas GPG: A0C3 4C6A AC2B B8F4 F1E5 EDF4 333F 60DC B0B9 BB77 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJcxfW6AAoJEDM/YNywubt3bboP/ijpc5uKTQqKxSL2l67IyflK Jcz5DNDlDYgsm7J5EK+owRy+/pX/bLzMuwwkqDCzJHsaV3PlwsBvheHqsMzhlKb8 fz7AlVmomO2wVowR2weBx41LamDCdXhqPstaK2JoZup4/rcW6fAMBkZDqfF7SPQw PpiKRec+pBXOPPjO39YdcSb6zUq4W2XeycqGOBLyLLa1EG30ipU/25rJBFEgEkds YeBFgdFTlWdnyqMeKxd43qcxaBmtjdFNO7UXRTBPHwzqMUNCRz2FbzwwbdsBLdjl dzzV0POclsPR/uM2m/5tBbdeXZPIAXRWlO4nPtPn444Unk+mQ0d1zT7QtJ5qiW2q l7PiNK27dZIPZKEKDZaKlWB+tKKWFC7qiAsnIJtIJoiH7VFF595jvwm8vhhfyDpq UduecmJxjCAmtBmVdgDd6ZJoeZyXmvOdpQnpMBEMtkJmwlFd756Mzrsy71eS95jf G+FObNMbmVusZ8ZbOsno+R8eHudvo55ykfU5xdVBlraWM2OGaiyP9oy98CqkoB4r 2dLS88y7r2aZEJWEqlfpr7BhY8Zf1GV86eT9lnLBJOYk3E3dQR1x2d3EyqQplGOj 1W+QfvWrk18mKhOJl78Lne1qeGsq1DEhjg9alyV0CH50HI2rha41+vVoNQsD7I6c iGY+keXTX6HEDoSOUduG =zvIL -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] "Untrusted application launcher (desktop launchers)"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 2019-04-28 at 14:25 -0400, Robert Heller wrote: > At Sun, 28 Apr 2019 18:53:21 +0100 CentOS mailing list > wrote: > > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > On Sun, 2019-04-28 at 12:11 -0400, Robert Heller wrote: > > > I am having this problem on Ubuntu 18.04 -- I manage a batch of desktop > > > machines with some convience desktop launchers, which gnome3 insists are > > > "untrusted". With some general websearching reveals that this is a > > > *GNome3* > > > so-called "security" issue > > > (https://gitlab.gnome.org/GNOME/nautilus/commit/1630f5348). I found a > > > thread > > > on the CentOS Forums (I don't have an account there), where another > > > sysadmin > > > is strugling with this issue: > > > > > > https://www.centos.org/forums/viewtopic.php?f=47=65864=10 > > > > > > If anyone has come up with a script that can be dropped into > > > ~/.config/autostart/ to "fix" this "feature" of gnome3 I would be > > > interested > > > in it. > > > > > > > > > > Hi, > > > > Just chmod +x the desktop files. > > That is NOT the problem... > > > > > That or teach the users how to do things correctly. > > > > Oh, yeah, you really think I am going to get very far telling *non-techies* > to: > > 1) Open up a terminal (right-click on the desktop and select "Open Terminal") > 2) Type at the shell prompt (huh? what is a "shell prompt") > >/usr/local/bin/arduino & > > OR >gnucash & > > OR > >scratch & > > These happen to be the three desktop shortcuts I am providing. Yes, the last > two can be found by searching through all available applications, if they > know what to look for. It is so much easier to say: click on the light > blue-green infinity sign for Arduino, click on the pile of money for GnuCash, > or click on the scratch cat for scratch. > > Hi, 1. Do not jump to caps and shout at me. Not polite and will not get you anywhere. Ok, go back to a debian based list and learn how to bundle the applications yourself. This way you can supply all the required desktop files. If you cannot do this, get another job. I would test this on debian stable as I was the author of the backported security patch. However, I am not inclined to do so. Regards Phil - -- *** If this is a mailing list, I am subscribed, no need to CC me.*** Playing the game for the games sake. Twitter: kathenasorg IRC: kathenas Web: https://kathenas.org Github: https://github.com/kathenas GitLab: https://gitlab.com/kathenas GPG: A0C3 4C6A AC2B B8F4 F1E5 EDF4 333F 60DC B0B9 BB77 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJcxfQgAAoJEDM/YNywubt3gSYQAIypXswVX59FBVlbz5evtF49 mJRqF6gm4xiHg1SFCt0IWDxFf+fNPkQOfmfE47dVqwWRIezsqNHzmFzog3oyZg2h UzsOg/JsSFTjxqIg+9YLR848+cRCFxuJEmkegeBApGQj+Rx3l3nfAWANQCLL2j9l iLU8cwH7oFBr9F4stkkL9ypbaRtnqgL1Mz0f+gXuhbcUkRHDCcIoKJTa8jPG9Kpx Knl5Z0JAY7P07y72iZ/E1ZWvh/pkaeOljJwMwR51V5vgqZifrVPZzNL3SWxXJEQY BnWYyanEBR0ZuLGjd2Nd6JgrKFGhx6Q1BfqgWuGQGGQ3bRN2LfjKUfoKnGhW9NWj yWFvKIX1hkVaTBK1Iww8oesp1zb89CbzRY0ga34x0uI9nvXbVo6eNpou6QiinipQ T2ioVVuaEHALit7htm8TP88L4Y3pcCuaTF2e9KSp9RE4XjLmeOH/pcgDnRw3K8o3 84pdVVvjQuQClofoqFCCzdaMat03ZAKjVDFHiCDAFpmkbxJhvcal7rEAHr9GP/yU rmDevz9BDKrW1HtPQtLy7Ws2WP+LjkaXPEh5W/k81am8SM1FDB0sSZ/t0XDIXVAl f3xmZnTlwXl6jwoH94uYIj3oAoDeh2Q8AA6pu3tYhrUMcih9heEHQAq5D6fV3IFK pBef5IfjuzltOMP+XgMz =AfW7 -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] "Untrusted application launcher (desktop launchers)"
At Sun, 28 Apr 2019 18:53:21 +0100 CentOS mailing list wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Sun, 2019-04-28 at 12:11 -0400, Robert Heller wrote: > > I am having this problem on Ubuntu 18.04 -- I manage a batch of desktop > > machines with some convience desktop launchers, which gnome3 insists are > > "untrusted". With some general websearching reveals that this is a *GNome3* > > so-called "security" issue > > (https://gitlab.gnome.org/GNOME/nautilus/commit/1630f5348). I found a thread > > on the CentOS Forums (I don't have an account there), where another sysadmin > > is strugling with this issue: > > > > https://www.centos.org/forums/viewtopic.php?f=47=65864=10 > > > > If anyone has come up with a script that can be dropped into > > ~/.config/autostart/ to "fix" this "feature" of gnome3 I would be > > interested > > in it. > > > > > > Hi, > > Just chmod +x the desktop files. That is NOT the problem... > > That or teach the users how to do things correctly. > Oh, yeah, you really think I am going to get very far telling *non-techies* to: 1) Open up a terminal (right-click on the desktop and select "Open Terminal") 2) Type at the shell prompt (huh? what is a "shell prompt") /usr/local/bin/arduino & OR gnucash & OR scratch & These happen to be the three desktop shortcuts I am providing. Yes, the last two can be found by searching through all available applications, if they know what to look for. It is so much easier to say: click on the light blue-green infinity sign for Arduino, click on the pile of money for GnuCash, or click on the scratch cat for scratch. > Regards > > Phil > > - -- > *** If this is a mailing list, I am subscribed, no need to CC me.*** > > Playing the game for the games sake. > > Twitter: kathenasorg > IRC: kathenas > Web: https://kathenas.org > Github: https://github.com/kathenas > GitLab: https://gitlab.com/kathenas > > GPG: A0C3 4C6A AC2B B8F4 F1E5 EDF4 333F 60DC B0B9 BB77 > -BEGIN PGP SIGNATURE- > Version: GnuPG v2.0.22 (GNU/Linux) > > iQIcBAEBAgAGBQJcxeiRAAoJEDM/YNywubt3A+AP/RvYJ2Qr1ugBldJyvFnqSD5c > p3+dJq26dKGyrY0DqMXC4S7tG1MwEFEbq6OdT0UAHQD0UdvFF6CxbiNwxt6uSg4H > 14qtDPTT+TtcoSQbmIiLNfwMaSD+TFcIxBSHUkmmvzcpeJ1xft1fjuirpJpz5yLO > v7oTJkvpu38DY6Rb9ukoXEpctHxQlC+1eoK+PWMEoLCKski47hfGkBg2Ej0JM1De > ViEMRYfleYYm+zom6F+bjR0QNDbODnZPPicQ0hWuxUF0i7CShKTXFIjLHEMGiyOU > 0wAZvUiOrQ1n19hce3+/ELMU597extXf73rFnEDW71pdbXVPweAZAATSuApgUPCb > TAdG3YIhjqBcqUDiMvjyySYQsPn0Y5NYAU/v3eSsW8tz8MuwmQBzkNSao8qtYAp+ > eD0WtEjwPQiTHqyAz8M8eSBBT7GlyCRh+tdgIjeJk45zDqIGIqKLuzS3lxT6Ijl9 > vFrgvyB6PeGjXWGsB1NfVFdXMKTxIZ2JR7xeMI1xnyRwTU0c7toHXZ8BmxdM1BIy > nkEiyyOfUY7UVgXLsJAJ8+Zo0htp8Vz0JNHbhjlJZNuDN+oOOzqcZ4J5bdWE1N89 > vBA4f+cpq5zm/ij8q545E3Twm3WCJpK7A73BhLAFb/i5qsuLcU2wS/o0b1YLVx52 > BSsTJv2ofFxKl61dr9fn > =8sxI > -END PGP SIGNATURE- > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > > -- Robert Heller -- 978-544-6933 Deepwoods Software-- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services hel...@deepsoft.com -- Webhosting Services ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] "Untrusted application launcher (desktop launchers)"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 2019-04-28 at 12:11 -0400, Robert Heller wrote: > I am having this problem on Ubuntu 18.04 -- I manage a batch of desktop > machines with some convience desktop launchers, which gnome3 insists are > "untrusted". With some general websearching reveals that this is a *GNome3* > so-called "security" issue > (https://gitlab.gnome.org/GNOME/nautilus/commit/1630f5348). I found a thread > on the CentOS Forums (I don't have an account there), where another sysadmin > is strugling with this issue: > > https://www.centos.org/forums/viewtopic.php?f=47=65864=10 > > If anyone has come up with a script that can be dropped into > ~/.config/autostart/ to "fix" this "feature" of gnome3 I would be interested > in it. > > Hi, Just chmod +x the desktop files. That or teach the users how to do things correctly. Regards Phil - -- *** If this is a mailing list, I am subscribed, no need to CC me.*** Playing the game for the games sake. Twitter: kathenasorg IRC: kathenas Web: https://kathenas.org Github: https://github.com/kathenas GitLab: https://gitlab.com/kathenas GPG: A0C3 4C6A AC2B B8F4 F1E5 EDF4 333F 60DC B0B9 BB77 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJcxeiRAAoJEDM/YNywubt3A+AP/RvYJ2Qr1ugBldJyvFnqSD5c p3+dJq26dKGyrY0DqMXC4S7tG1MwEFEbq6OdT0UAHQD0UdvFF6CxbiNwxt6uSg4H 14qtDPTT+TtcoSQbmIiLNfwMaSD+TFcIxBSHUkmmvzcpeJ1xft1fjuirpJpz5yLO v7oTJkvpu38DY6Rb9ukoXEpctHxQlC+1eoK+PWMEoLCKski47hfGkBg2Ej0JM1De ViEMRYfleYYm+zom6F+bjR0QNDbODnZPPicQ0hWuxUF0i7CShKTXFIjLHEMGiyOU 0wAZvUiOrQ1n19hce3+/ELMU597extXf73rFnEDW71pdbXVPweAZAATSuApgUPCb TAdG3YIhjqBcqUDiMvjyySYQsPn0Y5NYAU/v3eSsW8tz8MuwmQBzkNSao8qtYAp+ eD0WtEjwPQiTHqyAz8M8eSBBT7GlyCRh+tdgIjeJk45zDqIGIqKLuzS3lxT6Ijl9 vFrgvyB6PeGjXWGsB1NfVFdXMKTxIZ2JR7xeMI1xnyRwTU0c7toHXZ8BmxdM1BIy nkEiyyOfUY7UVgXLsJAJ8+Zo0htp8Vz0JNHbhjlJZNuDN+oOOzqcZ4J5bdWE1N89 vBA4f+cpq5zm/ij8q545E3Twm3WCJpK7A73BhLAFb/i5qsuLcU2wS/o0b1YLVx52 BSsTJv2ofFxKl61dr9fn =8sxI -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] "Untrusted application launcher (desktop launchers)"
I am having this problem on Ubuntu 18.04 -- I manage a batch of desktop machines with some convience desktop launchers, which gnome3 insists are "untrusted". With some general websearching reveals that this is a *GNome3* so-called "security" issue (https://gitlab.gnome.org/GNOME/nautilus/commit/1630f5348). I found a thread on the CentOS Forums (I don't have an account there), where another sysadmin is strugling with this issue: https://www.centos.org/forums/viewtopic.php?f=47=65864=10 If anyone has come up with a script that can be dropped into ~/.config/autostart/ to "fix" this "feature" of gnome3 I would be interested in it. -- Robert Heller -- 978-544-6933 Deepwoods Software-- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services hel...@deepsoft.com -- Webhosting Services ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos