parent
0476ff43e8
commit
8bb5db77e2
@ -0,0 +1,92 @@
|
|||||||
|
From 91449e6a19af63eebaf5f97f85ba44f69259075a Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
|
||||||
|
Date: Sat, 10 Feb 2024 00:58:27 +0100
|
||||||
|
Subject: [PATCH] extensionSystem: Support locking down extension installation
|
||||||
|
|
||||||
|
Currently extensions can only be locked down completely by
|
||||||
|
restricting the `enabled-extensions` key via dconf.
|
||||||
|
|
||||||
|
This is too restrictive for environments that want to allow users
|
||||||
|
to customize their system with extensions, while still limiting
|
||||||
|
the set of possible extensions.
|
||||||
|
|
||||||
|
To fill that gap, add a new `allow-extension-installation` setting,
|
||||||
|
which restricts extensions to system extensions when disabled.
|
||||||
|
|
||||||
|
As the setting is mainly intended for locking down by system
|
||||||
|
administrators, there is no attempt to load/unload extensions
|
||||||
|
on settings changes.
|
||||||
|
---
|
||||||
|
data/org.gnome.shell.gschema.xml.in | 11 +++++++++++
|
||||||
|
js/ui/extensionDownloader.js | 6 ++++++
|
||||||
|
js/ui/extensionSystem.js | 8 ++++++--
|
||||||
|
3 files changed, 23 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/data/org.gnome.shell.gschema.xml.in b/data/org.gnome.shell.gschema.xml.in
|
||||||
|
index 6f1c424bad..b5921983cd 100644
|
||||||
|
--- a/data/org.gnome.shell.gschema.xml.in
|
||||||
|
+++ b/data/org.gnome.shell.gschema.xml.in
|
||||||
|
@@ -40,6 +40,17 @@
|
||||||
|
the “enabled-extension” setting.
|
||||||
|
</description>
|
||||||
|
</key>
|
||||||
|
+ <key name="allow-extension-installation" type="b">
|
||||||
|
+ <default>true</default>
|
||||||
|
+ <summary>Allow extension installation</summary>
|
||||||
|
+ <description>
|
||||||
|
+ Allow users to install extensions in their home folder. If disabled,
|
||||||
|
+ the InstallRemoteExtension D-Bus method will fail, and extensions
|
||||||
|
+ are only loaded from system directories on startup.
|
||||||
|
+ It does not affect extensions that are already loaded, so a change
|
||||||
|
+ only takes full effect on the next login.
|
||||||
|
+ </description>
|
||||||
|
+ </key>
|
||||||
|
<key name="disable-extension-version-validation" type="b">
|
||||||
|
<default>false</default>
|
||||||
|
<summary>Disables the validation of extension version compatibility</summary>
|
||||||
|
diff --git a/js/ui/extensionDownloader.js b/js/ui/extensionDownloader.js
|
||||||
|
index 471ddab147..01ed165c01 100644
|
||||||
|
--- a/js/ui/extensionDownloader.js
|
||||||
|
+++ b/js/ui/extensionDownloader.js
|
||||||
|
@@ -17,6 +17,12 @@ var REPOSITORY_URL_UPDATE = 'https://extensions.gnome.org/update-info/';
|
||||||
|
let _httpSession;
|
||||||
|
|
||||||
|
function installExtension(uuid, invocation) {
|
||||||
|
+ if (!global.settings.get_boolean('allow-extension-installation')) {
|
||||||
|
+ invocation.return_dbus_error('org.gnome.Shell.InstallError',
|
||||||
|
+ 'Extension installation is not allowed');
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
const oldExt = Main.extensionManager.lookup(uuid);
|
||||||
|
if (oldExt && oldExt.type === ExtensionUtils.ExtensionType.SYSTEM) {
|
||||||
|
log('extensionDownloader: Trying to replace system extension %s'.format(uuid));
|
||||||
|
diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js
|
||||||
|
index 937f861994..528d9ea450 100644
|
||||||
|
--- a/js/ui/extensionSystem.js
|
||||||
|
+++ b/js/ui/extensionSystem.js
|
||||||
|
@@ -64,7 +64,10 @@ var ExtensionManager = class {
|
||||||
|
|
||||||
|
get updatesSupported() {
|
||||||
|
const appSys = Shell.AppSystem.get_default();
|
||||||
|
- return appSys.lookup_app('org.gnome.Extensions.desktop') !== null;
|
||||||
|
+ const hasUpdatesApp =
|
||||||
|
+ appSys.lookup_app('org.gnome.Extensions.desktop') !== null;
|
||||||
|
+ const allowed = global.settings.get_boolean('allow-extension-installation');
|
||||||
|
+ return allowed && hasUpdatesApp;
|
||||||
|
}
|
||||||
|
|
||||||
|
lookup(uuid) {
|
||||||
|
@@ -595,7 +598,8 @@ var ExtensionManager = class {
|
||||||
|
this._enabledExtensions = this._getEnabledExtensions();
|
||||||
|
|
||||||
|
let perUserDir = Gio.File.new_for_path(global.userdatadir);
|
||||||
|
- FileUtils.collectFromDatadirs('extensions', true, (dir, info) => {
|
||||||
|
+ const includeUserDir = global.settings.get_boolean('allow-extension-installation');
|
||||||
|
+ FileUtils.collectFromDatadirs('extensions', includeUserDir, (dir, info) => {
|
||||||
|
let fileType = info.get_file_type();
|
||||||
|
if (fileType != Gio.FileType.DIRECTORY)
|
||||||
|
return;
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,26 @@
|
|||||||
|
From b3cac57511575e1265ab0ebd9c7465a6ade913e8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
|
||||||
|
Date: Thu, 28 Sep 2023 14:34:24 +0200
|
||||||
|
Subject: [PATCH] windowMenu: Ignore release
|
||||||
|
|
||||||
|
If the menu was open on button-press, make sure it is kept open
|
||||||
|
until explicitly dismissed, regardless of the pointer position.
|
||||||
|
---
|
||||||
|
js/ui/windowMenu.js | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/js/ui/windowMenu.js b/js/ui/windowMenu.js
|
||||||
|
index 3449f759da..ad5c2a74cc 100644
|
||||||
|
--- a/js/ui/windowMenu.js
|
||||||
|
+++ b/js/ui/windowMenu.js
|
||||||
|
@@ -229,6 +229,7 @@ var WindowMenuManager = class {
|
||||||
|
let menu = new WindowMenu(window, this._sourceActor);
|
||||||
|
|
||||||
|
this._manager.addMenu(menu);
|
||||||
|
+ this._manager.ignoreRelease();
|
||||||
|
|
||||||
|
menu.connect('activate', () => {
|
||||||
|
window.check_alive(global.get_current_time());
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -0,0 +1,51 @@
|
|||||||
|
diff --git a/js/portalHelper/main.js b/js/portalHelper/main.js
|
||||||
|
index 25f866281..a221c3b88 100644
|
||||||
|
--- a/js/portalHelper/main.js
|
||||||
|
+++ b/js/portalHelper/main.js
|
||||||
|
@@ -4,10 +4,17 @@ imports.gi.versions.Soup = '2.4';
|
||||||
|
|
||||||
|
const Format = imports.format;
|
||||||
|
const Gettext = imports.gettext;
|
||||||
|
-const { Gio, GLib, GObject, Gtk, Pango, Soup, WebKit2: WebKit } = imports.gi;
|
||||||
|
+const { Gio, GLib, GObject, Gtk, Pango, Soup } = imports.gi;
|
||||||
|
|
||||||
|
const _ = Gettext.gettext;
|
||||||
|
|
||||||
|
+let WebKit;
|
||||||
|
+try {
|
||||||
|
+ WebKit = imports.gi.WebKit2;
|
||||||
|
+} catch {
|
||||||
|
+ WebKit = null;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
const Config = imports.misc.config;
|
||||||
|
const { loadInterfaceXML } = imports.misc.fileUtils;
|
||||||
|
|
||||||
|
@@ -346,6 +353,11 @@ function initEnvironment() {
|
||||||
|
function main(argv) {
|
||||||
|
initEnvironment();
|
||||||
|
|
||||||
|
+ if (!WebKit) {
|
||||||
|
+ log('WebKit2 typelib is not installed, captive portal helper will be disabled');
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (!WebKit.WebContext.new_ephemeral) {
|
||||||
|
log('WebKitGTK 2.16 is required for the portal-helper, see https://bugzilla.gnome.org/show_bug.cgi?id=780453');
|
||||||
|
return 1;
|
||||||
|
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
|
||||||
|
index 01c83c86b..8c5bd8dcb 100644
|
||||||
|
--- a/js/ui/status/network.js
|
||||||
|
+++ b/js/ui/status/network.js
|
||||||
|
@@ -2070,7 +2070,9 @@ class Indicator extends PanelMenu.SystemIndicator {
|
||||||
|
new PortalHelperProxy(Gio.DBus.session, 'org.gnome.Shell.PortalHelper',
|
||||||
|
'/org/gnome/Shell/PortalHelper', (proxy, error) => {
|
||||||
|
if (error) {
|
||||||
|
- log('Error launching the portal helper: %s'.format(error));
|
||||||
|
+ // Timeout is expected if WebKit is unavailable
|
||||||
|
+ if (!error.matches(Gio.IOErrorEnum, Gio.IOErrorEnum.TIMED_OUT))
|
||||||
|
+ log('Error launching the portal helper: ' + error);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
@ -0,0 +1,107 @@
|
|||||||
|
From ad431c28788ac1a4ec815cc4985cdb09a1a82226 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
|
||||||
|
Date: Mon, 11 Sep 2023 19:20:14 +0200
|
||||||
|
Subject: [PATCH 1/2] status/network: Fix fallback SSID label
|
||||||
|
|
||||||
|
We currently only return the fallback label if the string returned
|
||||||
|
from the ssid was invalid or couldn't be transformed to UTF-8.
|
||||||
|
|
||||||
|
If the ssid parameter itself is empty, we throw an error.
|
||||||
|
|
||||||
|
Handle this case as well, as callers otherwise would need to duplicate
|
||||||
|
the existing error path themselves.
|
||||||
|
---
|
||||||
|
js/ui/status/network.js | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
|
||||||
|
index 1f17ca8f97..99a8d51f82 100644
|
||||||
|
--- a/js/ui/status/network.js
|
||||||
|
+++ b/js/ui/status/network.js
|
||||||
|
@@ -67,7 +67,9 @@ function signalToIcon(value) {
|
||||||
|
}
|
||||||
|
|
||||||
|
function ssidToLabel(ssid) {
|
||||||
|
- let label = NM.utils_ssid_to_utf8(ssid.get_data());
|
||||||
|
+ let label;
|
||||||
|
+ if (ssid)
|
||||||
|
+ label = NM.utils_ssid_to_utf8(ssid.get_data());
|
||||||
|
if (!label)
|
||||||
|
label = _("<unknown>");
|
||||||
|
return label;
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
|
From 0409f18446cb55a45187e00feadb12e4389381dd Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
|
||||||
|
Date: Wed, 30 Aug 2023 01:47:00 +0200
|
||||||
|
Subject: [PATCH 2/2] status/network: Use connection name with hidden AP
|
||||||
|
|
||||||
|
When connected to an OWE transition network, NetworkManager
|
||||||
|
reports the connected API with a hidden SSID.
|
||||||
|
|
||||||
|
Handle this by using the active connection's name before
|
||||||
|
ultimately falling back to the device name.
|
||||||
|
|
||||||
|
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6918
|
||||||
|
|
||||||
|
Part-of:
|
||||||
|
<https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2927>
|
||||||
|
---
|
||||||
|
js/ui/status/network.js | 28 +++++++++++++++++++---------
|
||||||
|
1 file changed, 19 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
|
||||||
|
index 99a8d51f82..b407d8e78d 100644
|
||||||
|
--- a/js/ui/status/network.js
|
||||||
|
+++ b/js/ui/status/network.js
|
||||||
|
@@ -1395,26 +1395,36 @@ var NMDeviceWireless = class {
|
||||||
|
_getStatus() {
|
||||||
|
let ap = this._device.active_access_point;
|
||||||
|
|
||||||
|
- if (this._isHotSpotMaster())
|
||||||
|
+ if (this._isHotSpotMaster()) {
|
||||||
|
/* Translators: %s is a network identifier */
|
||||||
|
return _("%s Hotspot Active").format(this._description);
|
||||||
|
- else if (this._device.state >= NM.DeviceState.PREPARE &&
|
||||||
|
- this._device.state < NM.DeviceState.ACTIVATED)
|
||||||
|
+ } else if (this._device.state >= NM.DeviceState.PREPARE &&
|
||||||
|
+ this._device.state < NM.DeviceState.ACTIVATED) {
|
||||||
|
/* Translators: %s is a network identifier */
|
||||||
|
return _("%s Connecting").format(this._description);
|
||||||
|
- else if (ap)
|
||||||
|
- return ssidToLabel(ap.get_ssid());
|
||||||
|
- else if (!this._client.wireless_hardware_enabled)
|
||||||
|
+ } else if (ap) {
|
||||||
|
+ const ssid = ap.get_ssid();
|
||||||
|
+ if (ssid)
|
||||||
|
+ return ssidToLabel(ssid);
|
||||||
|
+
|
||||||
|
+ // Use connection name when connected to hidden AP
|
||||||
|
+ const activeConnection = this._device.get_active_connection();
|
||||||
|
+ if (activeConnection)
|
||||||
|
+ return activeConnection.connection.get_id();
|
||||||
|
+
|
||||||
|
+ return ssidToLabel(null);
|
||||||
|
+ } else if (!this._client.wireless_hardware_enabled) {
|
||||||
|
/* Translators: %s is a network identifier */
|
||||||
|
return _("%s Hardware Disabled").format(this._description);
|
||||||
|
- else if (!this._client.wireless_enabled)
|
||||||
|
+ } else if (!this._client.wireless_enabled) {
|
||||||
|
/* Translators: %s is a network identifier */
|
||||||
|
return _("%s Off").format(this._description);
|
||||||
|
- else if (this._device.state == NM.DeviceState.DISCONNECTED)
|
||||||
|
+ } else if (this._device.state == NM.DeviceState.DISCONNECTED) {
|
||||||
|
/* Translators: %s is a network identifier */
|
||||||
|
return _("%s Not Connected").format(this._description);
|
||||||
|
- else
|
||||||
|
+ } else {
|
||||||
|
return '';
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
_getMenuIcon() {
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
Loading…
Reference in new issue