Merge with i9

i9-beta
Arkady L. Shane 8 months ago
parent 366349b641
commit 576f9d0453
Signed by: tigro
GPG Key ID: 1EC08A25C9DB2503

@ -0,0 +1,92 @@
From 91449e6a19af63eebaf5f97f85ba44f69259075a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Sat, 10 Feb 2024 00:58:27 +0100
Subject: [PATCH] extensionSystem: Support locking down extension installation
Currently extensions can only be locked down completely by
restricting the `enabled-extensions` key via dconf.
This is too restrictive for environments that want to allow users
to customize their system with extensions, while still limiting
the set of possible extensions.
To fill that gap, add a new `allow-extension-installation` setting,
which restricts extensions to system extensions when disabled.
As the setting is mainly intended for locking down by system
administrators, there is no attempt to load/unload extensions
on settings changes.
---
data/org.gnome.shell.gschema.xml.in | 11 +++++++++++
js/ui/extensionDownloader.js | 6 ++++++
js/ui/extensionSystem.js | 8 ++++++--
3 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/data/org.gnome.shell.gschema.xml.in b/data/org.gnome.shell.gschema.xml.in
index 6f1c424bad..b5921983cd 100644
--- a/data/org.gnome.shell.gschema.xml.in
+++ b/data/org.gnome.shell.gschema.xml.in
@@ -40,6 +40,17 @@
the “enabled-extension” setting.
</description>
</key>
+ <key name="allow-extension-installation" type="b">
+ <default>true</default>
+ <summary>Allow extension installation</summary>
+ <description>
+ Allow users to install extensions in their home folder. If disabled,
+ the InstallRemoteExtension D-Bus method will fail, and extensions
+ are only loaded from system directories on startup.
+ It does not affect extensions that are already loaded, so a change
+ only takes full effect on the next login.
+ </description>
+ </key>
<key name="disable-extension-version-validation" type="b">
<default>false</default>
<summary>Disables the validation of extension version compatibility</summary>
diff --git a/js/ui/extensionDownloader.js b/js/ui/extensionDownloader.js
index 471ddab147..01ed165c01 100644
--- a/js/ui/extensionDownloader.js
+++ b/js/ui/extensionDownloader.js
@@ -17,6 +17,12 @@ var REPOSITORY_URL_UPDATE = 'https://extensions.gnome.org/update-info/';
let _httpSession;
function installExtension(uuid, invocation) {
+ if (!global.settings.get_boolean('allow-extension-installation')) {
+ invocation.return_dbus_error('org.gnome.Shell.InstallError',
+ 'Extension installation is not allowed');
+ return;
+ }
+
const oldExt = Main.extensionManager.lookup(uuid);
if (oldExt && oldExt.type === ExtensionUtils.ExtensionType.SYSTEM) {
log('extensionDownloader: Trying to replace system extension %s'.format(uuid));
diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js
index 937f861994..528d9ea450 100644
--- a/js/ui/extensionSystem.js
+++ b/js/ui/extensionSystem.js
@@ -64,7 +64,10 @@ var ExtensionManager = class {
get updatesSupported() {
const appSys = Shell.AppSystem.get_default();
- return appSys.lookup_app('org.gnome.Extensions.desktop') !== null;
+ const hasUpdatesApp =
+ appSys.lookup_app('org.gnome.Extensions.desktop') !== null;
+ const allowed = global.settings.get_boolean('allow-extension-installation');
+ return allowed && hasUpdatesApp;
}
lookup(uuid) {
@@ -595,7 +598,8 @@ var ExtensionManager = class {
this._enabledExtensions = this._getEnabledExtensions();
let perUserDir = Gio.File.new_for_path(global.userdatadir);
- FileUtils.collectFromDatadirs('extensions', true, (dir, info) => {
+ const includeUserDir = global.settings.get_boolean('allow-extension-installation');
+ FileUtils.collectFromDatadirs('extensions', includeUserDir, (dir, info) => {
let fileType = info.get_file_type();
if (fileType != Gio.FileType.DIRECTORY)
return;
--
2.43.0

@ -2,7 +2,7 @@
Name: gnome-shell Name: gnome-shell
Version: 40.10 Version: 40.10
Release: 13%{?dist}.inferit.2 Release: 14%{?dist}.inferit
Summary: Window management and application launching for GNOME Summary: Window management and application launching for GNOME
License: GPLv2+ License: GPLv2+
@ -56,6 +56,7 @@ Patch52: 0001-osk-layouts-Replace-SS-extra-key-with.patch
Patch53: 0001-po-Update-translations.patch Patch53: 0001-po-Update-translations.patch
Patch54: 0001-st-icon-Only-get-resource-scale-after-peeking-theme-.patch Patch54: 0001-st-icon-Only-get-resource-scale-after-peeking-theme-.patch
Patch55: 0001-window-tracker-Only-emit-tracked-windows-changed-on-.patch Patch55: 0001-window-tracker-Only-emit-tracked-windows-changed-on-.patch
Patch56: 0001-extensionSystem-Support-locking-down-extension-insta.patch
# MSVSphere # MSVSphere
Patch100: 0001-MSVSphere-welcomeDialog-Adapt-dialog-title.patch Patch100: 0001-MSVSphere-welcomeDialog-Adapt-dialog-title.patch
@ -174,7 +175,7 @@ Requires: bolt%{?_isa}
Requires: xdg-desktop-portal-gtk >= 1.8.0 Requires: xdg-desktop-portal-gtk >= 1.8.0
Requires: xdg-desktop-portal-gnome Requires: xdg-desktop-portal-gnome
# needed by the welcome dialog # needed by the welcome dialog
#Recommends: gnome-tour # Recommends: gnome-tour
Provides: desktop-notification-daemon = %{version}-%{release} Provides: desktop-notification-daemon = %{version}-%{release}
Provides: PolicyKit-authentication-agent = %{version}-%{release} Provides: PolicyKit-authentication-agent = %{version}-%{release}
@ -280,23 +281,36 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/evolution-calendar.de
%{_mandir}/man1/gnome-shell.1* %{_mandir}/man1/gnome-shell.1*
%changelog %changelog
* Sat Nov 5 2023 Arkady L. Shane <tigro@msvsphere-os.ru> - 40.10-13.inferit.2 * Wed Mar 6 2024 Florian Müllner <fmuellner@redhat.com> - 40.10-14
- Allow restricting extension installation
Resolves: RHEL-25201
* Wed Mar 6 2024 Ray Strode <rstrode@redhat.com> - 40.10-13
- Don't reset smartcard conversation twice when smartcard is inserted.
Resolves: #2140898
* Sat Oct 28 2023 Arkady L. Shane <tigro@msvsphere-os.ru> - 40.10-12.inferit.5
- Drop gnome-tour from Recommends - Drop gnome-tour from Recommends
* Tue Oct 24 2023 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 40.10-13.inferit.1 * Tue Oct 24 2023 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 40.10-12.inferit.4
- Updated the Russian translation of the context menu - Updated Russian translation
* Thu Oct 12 2023 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 40.10-13.inferit * Tue Aug 29 2023 Sergey Cherevko <s.cherevko@msvsphere.ru> - 40.10-12.inferit.3
- Translated names of power profiles in menu - Translated names of power profiles in menu
- Rebuilt for MSVSphere 9.2
* Thu Aug 10 2023 Arkady L. Shane <ashejn@msvsphere.ru> - 40.10-12.inferit.2
- Fix OS Name
* Wed Jun 28 2023 Sergey Cherevko <s.cherevko@msvsphere.ru> - 40.10-12.inferit.1
- Fix Russian Translation in welcome dialog - Fix Russian Translation in welcome dialog
- Rebuilt for MSVSphere 9.3
* Mon May 15 2023 Ray Strode <rstrode@redhat.com> - 40.10-13 * Mon May 15 2023 Sergey Cherevko <s.cherevko@msvsphere.ru> - 40.10-12.inferit
- Don't reset smartcard conversation twice when smartcard is inserted. - Updated Russian translation
Resolves: #2140898 - Rebuilt for MSVSphere 9.2
* Fri Apr 14 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 40.10-12 * Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 40.10-12
- Rebuilt for MSVSphere 9.2 beta - Rebuilt for MSVSphere 9.1.
* Wed Feb 22 2023 Florian Müllner <fmuellner@redhat.com> - 40.10-12 * Wed Feb 22 2023 Florian Müllner <fmuellner@redhat.com> - 40.10-12
- Require xdg-desktop-portal-gnome - Require xdg-desktop-portal-gnome

Loading…
Cancel
Save