From 9599d3da9dfc168234dcdade8ab2a773a14e5c62 Mon Sep 17 00:00:00 2001 From: Bruce Leidl Date: Fri, 27 Sep 2024 07:39:48 -0400 Subject: [PATCH] Add patch for GNOME Software to facilitate sandboxing --- ...em-Bus-and-close-application-on-quit.patch | 73 +++++++++++++++++++ .../gnome-software/gnome-software_46.1.bb | 1 + 2 files changed, 74 insertions(+) create mode 100644 meta-gnome/recipes-gnome/gnome-software/gnome-software/0001-Remove-System-Bus-and-close-application-on-quit.patch diff --git a/meta-gnome/recipes-gnome/gnome-software/gnome-software/0001-Remove-System-Bus-and-close-application-on-quit.patch b/meta-gnome/recipes-gnome/gnome-software/gnome-software/0001-Remove-System-Bus-and-close-application-on-quit.patch new file mode 100644 index 0000000..2ffbc8a --- /dev/null +++ b/meta-gnome/recipes-gnome/gnome-software/gnome-software/0001-Remove-System-Bus-and-close-application-on-quit.patch @@ -0,0 +1,73 @@ +From cfb9327280c3e173b4cfb0ec3ec3d62e729f1e21 Mon Sep 17 00:00:00 2001 +From: Bruce Leidl +Date: Fri, 27 Sep 2024 07:34:13 -0400 +Subject: [PATCH] Remove System Bus and close application on quit + +To facilitage sandboxing remove dependency on system bus. The +system bus is not needed for any plugin that we are using. Also +close the application rather than just hiding the window when +the user exits the application. Otherwise the sandbox will run +forever. +--- + lib/gs-plugin-loader.c | 5 +---- + lib/gs-plugin.c | 1 - + src/gs-shell.c | 4 +++- + 3 files changed, 4 insertions(+), 6 deletions(-) + +diff --git a/lib/gs-plugin-loader.c b/lib/gs-plugin-loader.c +index 6661b73..ac57bdc 100644 +--- a/lib/gs-plugin-loader.c ++++ b/lib/gs-plugin-loader.c +@@ -1964,8 +1964,6 @@ gs_plugin_loader_setup_async (GsPluginLoader *plugin_loader, + * time. */ + if (plugin_loader->session_bus_connection == NULL) + g_bus_get (G_BUS_TYPE_SESSION, cancellable, get_session_bus_cb, g_object_ref (task)); +- if (plugin_loader->system_bus_connection == NULL) +- g_bus_get (G_BUS_TYPE_SYSTEM, cancellable, get_system_bus_cb, g_object_ref (task)); + + finish_setup_get_bus (task); + } +@@ -2032,8 +2030,7 @@ finish_setup_get_bus (GTask *task) + g_autoptr(GError) local_error = NULL; + + /* Wait until we’ve got all the buses we need. */ +- if (plugin_loader->session_bus_connection == NULL || +- plugin_loader->system_bus_connection == NULL) ++ if (plugin_loader->session_bus_connection == NULL) + return; + + /* use the default, but this requires a 'make install' */ +diff --git a/lib/gs-plugin.c b/lib/gs-plugin.c +index 97bc47e..514d97a 100644 +--- a/lib/gs-plugin.c ++++ b/lib/gs-plugin.c +@@ -1606,7 +1606,6 @@ gs_plugin_constructed (GObject *object) + + /* Check all required properties have been set. */ + g_assert (priv->session_bus_connection != NULL); +- g_assert (priv->system_bus_connection != NULL); + } + + static void +diff --git a/src/gs-shell.c b/src/gs-shell.c +index 5c069e2..13bdcc6 100644 +--- a/src/gs-shell.c ++++ b/src/gs-shell.c +@@ -1081,6 +1081,8 @@ main_window_closed_cb (GtkWidget *dialog, gpointer user_data) + /* Free unused memory with GNU extension of malloc.h */ + malloc_trim (0); + #endif ++ GApplication *app = g_application_get_default (); ++ g_action_group_activate_action(G_ACTION_GROUP(app), "quit", NULL); + + return TRUE; + } +@@ -2505,7 +2507,7 @@ gs_shell_class_init (GsShellClass *klass) + gtk_widget_class_bind_template_callback (widget_class, gs_shell_details_page_metainfo_loaded_cb); + gtk_widget_class_bind_template_callback (widget_class, details_page_app_clicked_cb); + +- gtk_widget_class_add_binding_action (widget_class, GDK_KEY_q, GDK_CONTROL_MASK, "window.close", NULL); ++ gtk_widget_class_add_binding_action (widget_class, GDK_KEY_q, GDK_CONTROL_MASK, "app.quit", NULL); + } + + static void diff --git a/meta-gnome/recipes-gnome/gnome-software/gnome-software_46.1.bb b/meta-gnome/recipes-gnome/gnome-software/gnome-software_46.1.bb index 34d0429..a684741 100644 --- a/meta-gnome/recipes-gnome/gnome-software/gnome-software_46.1.bb +++ b/meta-gnome/recipes-gnome/gnome-software/gnome-software_46.1.bb @@ -28,6 +28,7 @@ RDEPENDS:${PN} = "iso-codes" EXTRA_OEMESON += "-Dtests=false -Dsoup2=false" +SRC_URI += " file://0001-Remove-System-Bus-and-close-application-on-quit.patch" SRC_URI[archive.sha256sum] = "b6eeb789100de94b50ebe2e77f16b26be4c2db15489905f198d060c425e19076" PACKAGECONFIG ?= "flatpak"