gdebi-gtk calls pkexec inappropriately

Bug #1854588 reported by Lantizia
68
This bug affects 15 people
Affects Status Importance Assigned to Milestone
gdebi
Confirmed
Undecided
Unassigned
gdebi (Ubuntu)
Undecided
Unassigned

Bug Description

Steps to reproduce:

1. Have Ubuntu with gdebi-gtk installed
2. Open Firefox
3. Visit some site with deb-package download link or use direct link like https://github.com/jgm/pandoc/releases/download/2.9.2.1/pandoc-2.9.2.1-1-amd64.deb
4. Proceed with file downloading
5. In Firefox select Library → Downloads, click on downloaded deb-file

Expected results:
* gdebi-gtk is opened, the package installs normally after users clicks Install button

Actual results:
* gdebi-gtk is opened, the package is not installed because of vanishing of gdebi-gtk window just after clicking Install button

----

Before anyone says this bug already exists... it doesn't (at least as far as I can see). It's just that a lot of similar bugs do/did exist where people have also experienced the same symptoms (of gdebi-gtk vanishing upon clicking 'Install').

So yes this is the same symptoms, but it must be a different cause as the circumstances are different and doesn't have the same resolution.

The meat of it...

Basically on a fresh install of Ubuntu MATE 18.04.3 amd64... with Firefox (or with Chrome if you installed that) go to any site that offers a .deb package and either...
a) choose to open it directly from the browser (rather than saving it to 'Downloads' folder)
b) or... save the file (e.g. to the 'Downloads' folder), BUT!.. open that file from within the browser itself.

You should find that gdebi-gtk appears but vanishes the moment you click 'Install' without a prompt for a password, an explanation or the package actually getting installed.

This bug has existed since the beginning of Ubuntu 18.04 however it's been largely confused with other similar bugs. I've had it on half a dozen machines and confirmed it exists with IRC users on #ubuntu-mate of freenode.

However with *this* bug (compared to others) gdebi-gtk works perfectly fine if you run it from the terminal or just double click the .deb package from your file manager.

It's the kind of bug which if you're a hardened desktop Linux user, you'd just work around it...

But if you're a novice and you can't get a simple thing like Teamviewer installed (which is a .deb, and a thing I might ask someone to do over the phone to try to help them) you likely get fed up and re-install Windows :S

Any input on this would be brilliant as I can't seem to get any logs/output.

~lantizia

Revision history for this message
Lantizia (lantizia) wrote :

So a workaround for anyone reading this... (thanks to alkisg on freenode for working with me on this)...

sudo rm /usr/bin/gdebi-gtk
echo '#!/bin/sh' | sudo tee /usr/bin/gdebi-gtk
echo '/usr/share/gdebi/gdebi-gtk "$@"' | sudo tee -a /usr/bin/gdebi-gtk
sudo chmod +x /usr/bin/gdebi-gtk

Don't worry deleting 'gdebi-gtk' on that first line, it's only a symlink.

Basically this wrapper is needed otherwise policy kit complains and states "Refusing to render service to dead parents."

Revision history for this message
Lantizia (lantizia) wrote :
description: updated
Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

The following workaround doesn't remove anything and allows the wrapper to survive updates:

sudo -i
printf '#!/bin/sh\n\n/usr/share/gdebi/gdebi-gtk "$@"\n' > /usr/local/bin/gdebi-gtk
chmod +x /usr/local/bin/gdebi-gtk
exit

Revision history for this message
Elliot (cheese-e-boi) wrote :

No issue on Ubuntu MATE 19.10! This was tested with Firefox 70.0.1 and the Minecraft deb package.

Revision history for this message
Nicholas Harvey (mobile-harvey) wrote :

Still seeing this issue on 19.10 with Firefox and 20.04 also.

Norbert (nrbrtx)
tags: added: bionic
Norbert (nrbrtx)
tags: added: eoan focal
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gdebi (Ubuntu):
status: New → Confirmed
Revision history for this message
Norbert (nrbrtx) wrote :

Still happens on Focal final. Do not have any clues how to debug this.

description: updated
Changed in firefox (Ubuntu):
status: New → Incomplete
status: Incomplete → Confirmed
Changed in ubuntu-mate:
status: New → Confirmed
Changed in firefox (Ubuntu):
importance: Undecided → Low
Norbert (nrbrtx)
tags: removed: eoan
Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

The problem is not in firefox or mate, it's in gdebi-gtk, and specifically in GDebiGtk.py, line 619:

os.execv(pkexec_cmd, pkexec_args+gdebi_args)

This replaces the current process with a pkexec call. This is not a valid usage of pkexec, as pkexec requires the parent process to not be init (ppid!=1).

To reproduce the issue without firefox, one can just run `setsid gdebi-gtk package.deb`.

In a similar bug report for update-manager (LP: #1020115), this flag was used instead of os.execv:

flags = GObject.SPAWN_DO_NOT_REAP_CHILD
https://bazaar.launchpad.net/~ubuntu-core-dev/update-manager/main/view/head:/UpdateManager/backend/InstallBackendSynaptic.py#L63

Is gdebi still maintained by Ubuntu developers, or should we report this in Debian?
Can we propose a patch similar to the update manager, or even just use a simple shell wrapper?

summary: - Clicking 'Install' on gdebi-gtk makes it vanish ONLY when .deb opened
- from Chrome/Firefox
+ gdebi-gtk calls pkexec inappropriately
no longer affects: firefox (Ubuntu)
affects: ubuntu-mate → gdebi
Revision history for this message
Marcel Partap (empee584) wrote :

Thanks for the workarounds! Fantastic that progress is picking up, it seemed doubtful this would ever be resolved. ⏳😅

Sai Vinoba (saivinob)
tags: added: hirsute
Revision history for this message
Norbert (nrbrtx) wrote :

Still happens on Bionic. Need official fix.

Revision history for this message
Sai Vinoba (saivinob) wrote :

Can somebody please re-check and confirm on focal? On UM focal I'm not seeing this issue but do so on hirsute and impish.

When we click on a .deb file firefox asks 'What should Firefox do with this file?, with `open with` and `save` being two options. I tried the following one by one.
  a) Chose open with. Install with gdebi was OK.
  b) Chose save. But opened downloaded file from within firefox (from download icon on navigation bar). OK.
  c) Chose save but then opened downloaded file from Caja. OK.

On hirsute and impish only c) works. a) and b) fail.

Gdebi version on focal: 0.9.5.7+nmu3

Revision history for this message
Norbert (nrbrtx) wrote :

I'm seeing the same buggy behavior on freshly installed Ubuntu MATE 20.04.2 LTS running inside VirtualBox.

Revision history for this message
Norbert (nrbrtx) wrote :

21.04 is still affected.

tags: added: impish
Revision history for this message
Norbert (nrbrtx) wrote :

21.10 is confirmed as affected.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers