Ubuntu
xdg-desktop-portal-gnome package

[MIR] xdg-desktop-portal-gnome

Bug #1953197 reported by Sebastien Bacher
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
xdg-desktop-portal-gnome (Ubuntu)
Fix Released
High
Unassigned

Bug Description

The project has been started by copying xdg-desktop-portal-gtk, which is already in main, with the intend to make the gtk variant desktop neutral and provide the GNOME specific parts in the new source.

[Availability]
The package xdg-desktop-portal-gnome is already in Ubuntu universe.
The package xdg-desktop-portal-gnome build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64 arm64 armhf ppc64el riscv64 s390x
Link to package https://launchpad.net/ubuntu/+source/xdg-desktop-portal-gnome

[Rationale]
- The package xdg-desktop-portal-gnome is required in Ubuntu main for better snaps integration. It's taking over some GNOME specific features that were included in the gtk portal before because that one is being turned into a more desktop neutral variant;

[Security]
- No CVEs/security issues in this software in the past but it's a rather new component.
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package installs an user session service, but they are safe because it's unpriviledged
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
- The package is providing an interface between confined software and the user session

[Quality assurance - function/usage]
- The package works well right after install

[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has no open reports
  - Ubuntu https://bugs.launchpad.net/ubuntu/+source/xdg-desktop-portal-gnome
  - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=xdg-desktop-portal-gnome
- The package does not deal with exotic hardware we cannot support

[Quality assurance - testing]
- The package does not run a test at build time because upstream doesn't provide tests at the moment. The situation isn't a change from the current xdg-desktop-portal-gtk
- The package does not run an autopkgtest because integration to the desktop isn't something easy to test in the autopkgtest setup. Similarly to the previous point, the situation is identic to the gtk source we are currently using
- Since there is no automated testing we will follow https://wiki.ubuntu.com/DesktopTeam/TestPlans/XdgDesktopPortalGnome manually for updates

[Quality assurance - packaging]
- debian/watch is present and works
- The only lintian warning is a casing issue in debian/control, Multi-arch vs Multi-Arch, which is fixed in the packaging vcs now

# lintian --pedantic
#

- Lintian overrides are not present

- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies

- The package will be installed by default, but does not ask debconf questions
- Packaging and build is easy, link to d/rules https://salsa.debian.org/gnome-team/xdg-desktop-portal-gnome/-/blob/debian/master/debian/rules

[UI standards]
- The permission dialogs are end-user facing, Translation is present using standard gettext

[Dependencies]
- No further depends or recommends dependencies that are not yet in main

[Standards compliance]
- This package correctly follows FHS and Debian Policy

[Maintenance/Owner]
- Owning Team will be desktop-packages
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code

[Background information]
The Package description explains the package well
Upstream Name is xdg-desktop-portal-gnome
Link to upstream project https://gitlab.gnome.org/GNOME/xdg-desktop-portal-gnome/

See original description
Sebastien Bacher (seb128)
description: updated
Christian Ehrhardt  (paelzer)
Changed in xdg-desktop-portal-gnome (Ubuntu):
assignee: nobody → Didier Roche (didrocks)
Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :

Similarly to https://bugs.launchpad.net/ubuntu/+source/pipewire-media-session/+bug/1952924 and as documented in the MIR template, a written test plan is required and should be linked from the MIR description.

Do you mind providing one before I spend some time on the MIR itself? Thanks.

Changed in xdg-desktop-portal-gnome (Ubuntu):
assignee: Didier Roche (didrocks) → nobody
status: New → Incomplete
Revision history for this message
Sebastien Bacher (seb128) wrote :

Description updated with a pointer to https://wiki.ubuntu.com/DesktopTeam/TestPlans/XdgDesktopPortalGnome

Changed in xdg-desktop-portal-gnome (Ubuntu):
status: Incomplete → New
assignee: nobody → Didier Roche (didrocks)
description: updated
description: updated
Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :

As discussed together, this will be reviewed post-christmas (letting this for the MIR team on next weekly meeting)

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in xdg-desktop-portal-gnome (Ubuntu):
status: New → Confirmed
Revision history for this message
corrado venturini (corradoventu) wrote :

The package xdg-desktop-portal-gnome is required in Ubuntu not only for better snaps integration but also for some non-snap applications like GIMP https://gitlab.gnome.org/GNOME/gimp/-/issues/1074

Revision history for this message
amano (jyaku) wrote :

Yes, the other Ubuntu bug is https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1956350

Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :

Review for Package: xdg-desktop-portal-gnome

[Summary]
MIR team ack from my standpoint. Just a recommended TODO that will be great to look at, but not a blocker.

Recommended TODOs:
- There are a number of deprecation and compiler warnings. Mind reporting them upstream and check if any could create issues?
[Duplication]
There is no other package in main providing the same functionality.

[Dependencies]
OK:
- no other Dependencies to MIR due to this
   - checked with check-mir
   - not listed in seeded-in-ubuntu
   - none of the (potentially auto-generated) dependencies (Depends
     and Recommends) that are present after build are not in main
- no -dev/-debug/-doc packages that need exclusion
- No dependencies in main that are only superficially tested requiring
  more tests now.

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
- does not have odd Built-Using entries
- not a go package, no extra constraints to consider in that regard
- No vendoring used, all Built-Using are in main

[Security]
OK:
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port/socket
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
- does not deal with security attestation (secure boot, tpm, signatures)

[Common blockers]
OK:
- does not FTBFS currently
- does not have a test suite that runs at build time, but have a manual test written in the description
- does not have a non-trivial test suite that runs as autopkgtest, but have a manual test written in the description
- no new python2 dependency

[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok (if needed, e.g. non-native)
- Upstream update history is good
- Debian/Ubuntu update history is good
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
- no massive Lintian warnings
- d/rules is rather clean
- It is not on the lto-disabled list

[Upstream red flags]
OK:
- no Errors but some warnings during the build
- no incautious use of malloc/sprintf (as far as we can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH (usage is OK inside
  tests)
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu
- no dependency on webkit, qtwebkit, seed or libgoa-*
- part of the UI, but does not need desktop file
- translation present

Problems:
- There are a number of deprecation and compiler warnings. Mind reporting them upstream and check if any could create issues?

Sebastien Bacher (seb128)
Changed in xdg-desktop-portal-gnome (Ubuntu):
importance: Undecided → High
Didier Roche-Tolomelli (didrocks)
Changed in xdg-desktop-portal-gnome (Ubuntu):
status: Confirmed → Fix Committed
assignee: Didier Roche (didrocks) → nobody
Revision history for this message
Steve Langasek (vorlon) wrote :

Override component to main
xdg-desktop-portal-gnome 41.1-1 in jammy: universe/misc -> main
xdg-desktop-portal-gnome 41.1-1 in jammy amd64: universe/gnome/optional/100% -> main
xdg-desktop-portal-gnome 41.1-1 in jammy arm64: universe/gnome/optional/100% -> main
xdg-desktop-portal-gnome 41.1-1 in jammy armhf: universe/gnome/optional/100% -> main
xdg-desktop-portal-gnome 41.1-1 in jammy ppc64el: universe/gnome/optional/100% -> main
xdg-desktop-portal-gnome 41.1-1 in jammy riscv64: universe/gnome/optional/100% -> main
xdg-desktop-portal-gnome 41.1-1 in jammy s390x: universe/gnome/optional/100% -> main
7 publications overridden.

Changed in xdg-desktop-portal-gnome (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.