mon journal - par Vincent - freedesktop.orgmon journal - par Vincent2023-01-23T10:27:08+00:00Vincent Untzurn:md5:7aa93f65570cd775650ccbcbffddebcfDotclearcups-pk-helper & desktop-file-utils releasesurn:md5:c943fbc2fe0e0dd433c0759bf7661b882012-10-12T15:05:00+02:002012-10-12T16:57:04+02:00Vincent Untzfreedesktop.org <p>In the last two weeks, I took some time to review patches submitted for <a href="http://www.freedesktop.org/wiki/Software/cups-pk-helper">cups-pk-helper</a> and <a href="http://www.freedesktop.org/wiki/Software/desktop-file-utils">desktop-file-utils</a>, and worked a bit on the code. This means new releases, which keeps me on track for the "two releases a year" schedule followed for those software :-)</p>
<p><strong>cups-pk-helper <del>0.2.3</del> 0.2.4</strong></p>
<p>It is recommended to update to the <a href="http://www.freedesktop.org/software/cups-pk-helper/releases/cups-pk-helper-0.2.3.tar.xz">0.2.3</a> version of <a href="http://www.freedesktop.org/wiki/Software/cups-pk-helper">cups-pk-helper</a>, due to a security flaw in the old code (<a href="http://www.openwall.com/lists/oss-security/2012/10/12/2">CVE-2012-4510</a>). I found it while fixing a compiler warning about a return value being ignored; re-reading that old code, I realized that it was, hrm, not really solid, that it was not checking permissions, and that it could actually be abused to overwrite any file (among other issues)... Thankfully, this can only be exploited if the user explicitly approves the action since it's protected with polkit authentication (using the admin password). So this is not as severe as it could have been. I want to thank Sebastian Krahmer from the SUSE Security Team, who was really helpful in reviewing my iterative fixes.</p>
<p>The other changes are build-time compatibility with cups 1.6, some additional paranoid processing of the input we get via dbus, and updated translations (thanks to <a href="https://www.transifex.com/projects/p/cups-pk-helper/">transifex</a>).</p>
<p><em>Update:</em> the 0.2.3 tarball had a small bug when detecting the cups version, try <a href="http://www.freedesktop.org/software/cups-pk-helper/releases/cups-pk-helper-0.2.4.tar.xz">0.2.4</a> instead ;-)</p>
<p><strong>desktop-file-utils 0.21</strong></p>
<p>The <a href="http://www.freedesktop.org/software/desktop-file-utils/releases/desktop-file-utils-0.21.tar.xz">0.21</a> release of <a href="http://www.freedesktop.org/wiki/Software/desktop-file-utils">desktop-file-utils</a> is mainly about an update of the validator to deal with several recent (and not so recent) changes in the <a href="http://specifications.freedesktop.org/menu-spec/menu-spec-latest.html">XDG Menu specification</a>: a main category is not required anymore (although still recommended if one main category makes sense for the application), Science is now a main category, and new categories have been registered (including the Spirituality one, that has been discussed years ago).</p>
<p>The validator now also correctly handles the new values for the <code>AutostartCondition</code> field used by GNOME 3, and features some experimental hints in the output for .desktop files that could possibly be improved. Those hints are experimental since I'm unsure if they will really help, or just annoy people (note that they can be ignored with the <code>--no-hints</code> option). At the moment, they only deal with categories, but I guess it shouldn't be hard to find more hints to add (such as <q>hey, you're missing an icon!</q>).</p>
<p>Of course, while working on desktop-file-utils, I took a look at some patches and issues that were recently discussed on the <a href="http://lists.freedesktop.org/mailman/listinfo/xdg">xdg mailing list</a>, and pushed some changes to the menu specification. I'm a bit sad about the fact that nearly nobody is actively working on most specs (blaming myself too, since I look at patches/issues only a few times a year) and that feedback about the proposed changes is rare (these days, I'd say getting two or more people to approve a change is an exception). It'd be great to have a few people step up and bring new energy to this effort!</p>freedesktop.org specifications migrated to giturn:md5:44ac5614ffef4038ad083ec7ba0b22472010-10-16T10:43:00+02:002010-10-16T09:52:25+02:00Vincent Untzfreedesktop.org <p>A few months ago, after talking about this for a while, I finally did a git migration of various <a href="http://freedesktop.org/wiki/Specifications">XDG specifications</a> (<a href="http://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html">autostart</a>, <a href="http://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html">basedir</a>, <a href="http://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html">desktop-entry</a>, <a href="http://specifications.freedesktop.org/menu-spec/menu-spec-latest.html">menu</a> and <a href="http://specifications.freedesktop.org/systemtray-spec/systemtray-spec-latest.html">systemtray</a>). It was a test migration, so I only published this in a personal repository on freedesktop.org. And I quickly became busy with other things.</p>
<p>I finally pushed this repository to <a href="http://cgit.freedesktop.org/xdg/xdg-specs/">xdg/xdg-specs</a> on Thursday. It's a shame it took so long, especially since some people were waiting for it. But it's done. So what's next? I'll see if we can <a href="http://specifications.freedesktop.org/systemtray-spec/systemtray-spec-latest.html">import a few more specifications</a> in there, but I'll also look at improving the <a href="http://specifications.freedesktop.org/">website</a>, and how it's generated. It might make sense to re-use what was done for <a href="http://library.gnome.org/">library.gnome.org</a> here.</p>
<p>Oh, and it's also a good opportunity to start fixing some long-standing issues with some specifications :-) I have some list of improvements I'd like to see, but do not hesitate to share some of the annoyances you experience with the specifications!</p>desktop-file-utils news, and an easy way to contributeurn:md5:7731f673dc6a8af5f07585702ae7a9fa2010-03-15T18:04:00+01:002010-03-15T18:04:00+01:00Vincent Untzfreedesktop.org <p>A few weeks ago, I migrated <a href="http://www.freedesktop.org/wiki/Software/desktop-file-utils">desktop-file-utils</a> from CVS to git, but after pushing it, I realized I could have done the migration in a slightly better way. Ouch. Enters one hero, <a href="http://err.no/personal/blog/">Tollef</a>: he was kind enough to allow me to kill the old git repository and start from scratch. This means desktop-file-utils finally lives in <a href="http://cgit.freedesktop.org/xdg/desktop-file-utils/">git</a>. Woohoo!</p>
<p>It enabled me to commit various patches I had done locally in the meantime (I really didn't want to use CVS again, so I was waiting for git ;-)), and then to release <a href="http://www.freedesktop.org/software/desktop-file-utils/releases/desktop-file-utils-0.16.tar.bz2">desktop-file-utils 0.16</a>. It's the first release since February 2008! Two years without a tarball is quite bad, especially since there were fixes waiting in CVS. But everything is good again, and we should now be back on track, with more frequent releases.</p>
<p>There are a bunch of changes in this release, including improved checks when validating a .desktop file. Of course, there's always the risk that this will result in files that are now invalid while they used to be marked as valid, but the new <q>future error</q> type of warnings should mitigate this. The other good news is that there's only <a href="https://bugs.freedesktop.org/show_bug.cgi?id=18817">one enhancement request</a> opened in bugzilla, and I'm not even sure there's something we can do about it. But I'm confident you've already find a bug, so don't forget to file it ;-)</p>
<p>It all looks perfect, doesn't it? Well, there's one big thing missing, though: a regression suite. I still can't believe that we're releasing a validator for .desktop files without a regression suite, and I'm convinced there have been regressions in the past (or even in this release) that went unnoticed. I'd really love to have a few people help create tons of .desktop files that would stress the validator and make sure it validates what the <a href="http://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html">specification</a> says. It's an easy way to contribute: it just requires free time and understanding of the specification. Please contact me if you want to give it a try!</p>A few words about cups-pk-helper...urn:md5:4150e48e0f6d87c95ec9cd6b95388b692010-02-19T17:52:00+01:002010-02-19T17:52:00+01:00Vincent Untzfreedesktop.org <p>It looks like I succeeded in never promoting cups-pk-helper... Let me try to fix this so that more distributions start to look at it :-)</p>
<p>One year and a half ago, for openSUSE 11.1, we wanted to make it easy to configure printers. So naturally, we integrated <a href="http://cyberelk.net/tim/software/system-config-printer/">system-config-printer</a> since it works well, is well-maintained, and is adopted by other distributions. However, the security team didn't want to make the default cups configuration too permissive (for good reasons), and it resulted in lots of root password prompts by default, which is not so cool for end-users. And we thought: <q>So if we don't want to make the whole cups configuration permissive, maybe we could have a mechanism to have fine-grained privileges... There's this cool little project called <a href="http://www.freedesktop.org/wiki/Software/PolicyKit">PolicyKit</a> that could help.</q> This is how cups-pk-helper was born.</p>
<p>We could of course have tried to push this solution in cups itself, and to be honest, this is what would make most sense. However it would have required much more effort: nobody wants a patch that wouldn't get accepted by the cups team, and the cups team would certainly require this feature to work in a way that would make it implementable on other operating systems. And I didn't feel ready for such a battle.</p>
<p>So I went ahead with the small helper, and after a few hours of hacking in September 2008, there was already some working code and a patch to make system-config-printer use this. A few bugs later, it all went in openSUSE. At some point, <a href="http://cyberelk.net/tim/">Tim Waugh</a> accepted the system-config-printer and Fedora also started using cups-pk-helper. This is also when Marek Kasik started working on cups-pk-helper, implementing some additional features.</p>
<p>Fast-forward to today. I've just released <a href="https://www.vuntz.net/download/cups-pk-helper/cups-pk-helper-0.1.0.tar.bz2">cups-pk-helper 0.1.0</a>, and I'm hopeful that the code will <a href="http://bugs.freedesktop.org/show_bug.cgi?id=21345">move to git.freedesktop.org</a> really soon now.</p>
<p>So what kind of fine-grained privileges do we offer? There are actions for editing local printers, remote printers, classes, jobs you own, or jobs you don't own, as well as simpler actions like the one to enable a printer (something you might want to allow without allowing the edition of a printer), or a low-level action that can be used to upload/download a file to/from the cups configuration. We're trying to be relatively flexible, while still limiting the actions to what we believe is really useful. What we have right now looks relatively reasonable, but it's certainly also wrong in some ways. We just need feedback to know how it's wrong ;-)</p>
<p>To make it easy to integrate cups-pk-helper in system-config-printer, the D-Bus <acronym title="Application Programming Interface">API</acronym> is based to a large extent on the <a href="http://cyberelk.net/tim/software/pycups/">pycups</a> one. The good news is that the <acronym title="Application Programming Interface">API</acronym> makes sense, so it's no big deal; but we could possibly diverge a bit if needed. So if you're working on another tool to configure printers, don't hesitate to look at the D-Bus <acronym title="Application Programming Interface">API</acronym> and send comments on what is missing there for you.</p>
<p>Oh, and of course, in openSUSE, we still require the root password for all those fine-grained privileges, but at least this is easily configurable now :-)</p>Live from GUADEMY (bis)urn:md5:a05b6223181cb3822595a9199e4f370c2008-04-27T11:17:04+00:002008-04-27T11:17:04+00:00Vincent Untzfreedesktop.org <p>So, <a href="http://blogs.gnome.org/hughsie">Richard</a> is giving his talk about PackageKit. But you, know even his talk has <a href="https://bugs.freedesktop.org/show_bug.cgi?id=15723">major</a> <a href="https://bugs.freedesktop.org/show_bug.cgi?id=15724">bugs</a>. Clearly bad. I guess he will argue that it's not his fault, and that's because we went to a <a href="http://www.losbestias.com/">typical spanish restaurant</a> on Friday evening. I'm not sure I can talk about this unique experience, though, to be honest. <a href="http://www.kdedevelopers.org/node/3438">Will</a> doesn't want to share too much details either, but I'm sure Richard will be glad to write about the whole story.</p>
<p>On the constructive side, yesterday, I've been hacking a bit on <a href="http://www.freedesktop.org/wiki/Software/desktop-file-utils">desktop-file-utils</a> and ironing out the plan to take over the world, err, I mean, the plan to fix many issues with the fd.o specs. Hopefully, everything will go smooth.</p>Live from GUADEMYurn:md5:3206f9a434b37779b9fee0a3db854a312008-04-25T19:55:52+00:002008-04-25T19:55:52+00:00Vincent Untzfreedesktop.org <p>It feels like summer here. Oh, you might not know where "here" is: Valencia. I got invited to talk at <a href="http://www.guademy.org/">GUADEMY</a>, and so far it's pretty good. Good <a href="http://www.kdedevelopers.org/blog/77">to</a> <a href="http://blogs.gnome.org/carlosg">see</a> <a href="http://www.alobbs.com/">some</a> <a href="http://blogs.gnome.org/rodrigo">friendly</a> <a href="http://blogs.gnome.org/hughsie">faces</a> (can't find all the links to all blogs), and to be lost in translation again (although I can get a few words here and there if I listen carefully). Thanks to the organizers for having thought to me (and of course, to Novell for having let me come ;-)).</p>
<p>I finished my <q>freedesktop.org specifications: are they boring?</q> talk nearly a hour ago. I should probably put the slides somewhere, but basically it was about explaining the current status of the specifications and describing the huge list of things that we're doing wrong there. But there's no need to be negative about the future: there are some basic steps that we can follow to help improve the situation. Like better hosting, better update process, better consistency, more visibility. I'll probably talk a bit more about this in the future. The feedback was good, so at least, it seems I'm not thinking totally wrong ;-) Also, the talk was live-translated, which was pretty amazing, although I can't be sure I wasn't insulted in some way in the translations (nah, kidding, everybody is warmly welcoming here).</p>
<p>Oh, and I wish we had university campus in France as nice as the one in Valencia. It surely feels good. Or maybe it's just that it feels like summer :-)</p>freedesktop.org & Google Summer of Codeurn:md5:c2396023806c8d6cdc1554cede89bb7b2008-03-18T15:22:50+00:002008-03-18T15:22:50+00:00Vincent Untzfreedesktop.org <p>GNOME and KDE both use a lot of technologies and projects which often falls under the <a href="http://freedesktop.org/">freedesktop.org</a> umbrella (hmm, <q>freedesktop.org umbrella</q>, that's a topic for yet another blog post I have to write; or you can <a href="https://www.vuntz.net/journal/2007/01/14/407-definition-de-freedesktoporg-ou-de-l-usage-de-freedesktoporg-dans-les-argumentations" hreflang="fr" title="Définition de freedesktop.org (ou « De l'usage de freedesktop.org dans les argumentations »)">read a french post</a> I wrote last year) , and it totally makes sense for our pojects to help those projects whenever we can. For example, in the past, we've been open about Google Summer of Code projects that were not stricly related to GNOME (or KDE, although I can't speak for the KDE administrators). But for some reason, it never crossed our minds to go a step further and really announce this and cooperate on this. Well, after a brief mail exchange with <a href="http://labs.trolltech.com/blogs/author/thiago">Thiago</a>, now <a href="http://lists.freedesktop.org/archives/xdg/2008-March/009310.html">it's fixed</a>.</p>
<p>So all <a href="http://www.avahi.org/">avahi</a>, ConsoleKit, <a href="http://www.freedesktop.org/wiki/Software/dbus">D-Bus</a>, <a href="http://www.freedesktop.org/wiki/Software/hal">hal</a>, <a href="http://www.freedesktop.org/wiki/Software/HarfBuzz">HarfBuzz</a>, <a href="http://www.gnome.org/projects/NetworkManager/">NetworkManager</a>, <a href="http://poppler.freedesktop.org/">poppler</a>, etc. (I'm sure I'm forgetting tons of projects) people out there, make sure to read <a href="http://lists.freedesktop.org/archives/xdg/2008-March/009310.html">Thiago's mail</a> and to help us improve your projects! You just need ideas for Google Summer of Code projects and also time to mentors students.</p>Two planets, two mailing listsurn:md5:a12184541e9e26d36448e9a3349af91f2008-03-04T14:39:34+00:002008-03-04T14:39:34+00:00Vincent Untzfreedesktop.org <p>Woohoo, I've progressed in my quest to rule the world. Oh, those are secret plans, I shouldn't talk about them here, I guess. Anyway, I got added to <a href="http://planet.freedesktop.org/">Planet freedesktop.org</a> and <a href="http://www.planetsuse.org/">Planet SUSE</a>. Hi there! Since I still didn't enter the aggressive mode for another secret plan (you know, the one about making french the only true language), only the english posts should show there. Yeah, I know, it's a bit sad... Did I hear someone say "yay, less blog entries from this guy?" ;-)</p>
<p>So, today, I want to tell you about two new freedesktop.org mailing lists which should be of interest to at least some people: <a href="http://lists.freedesktop.org/mailman/listinfo/ftp-release">ftp-release</a> and <a href="http://lists.freedesktop.org/mailman/listinfo/distributions">distributions</a>.</p>
<p>The goal of the first one is to be the place where announces of new releases for projects hosted by freedesktop.org should go. It seems a good idea since, for example, nobody knows when a new desktop-file-utils release is <a href="http://lists.freedesktop.org/archives/ftp-release/2008-February/000000.html">out</a> and so it doesn't get packaged anywhere. I'd love to see some <a href="http://xorg.freedesktop.org/">Xorg</a> announces there, and also some <a href="http://telepathy.freedesktop.org/">telepathy</a>, <a href="http://poppler.freedesktop.org/">poppler</a>, <a href="http://swfdec.freedesktop.org/">swfdec</a>, etc. announces. You can simply cc the list if you still want to send the announces to your development mailing list. It would help make the world a better place, at least for some packagers, I guess. Sure, tt's not perfect since right now, maintainers need to write the mail themselves, but maybe at some point in the future, we'll be able to improve the freedesktop.org infrastructure and get this done automatically in some way.</p>
<p>The <a href="http://lists.freedesktop.org/mailman/listinfo/distributions">distributions</a> list is an interesting project to get some cross-distribution collaboration. It's not about <q>which one is better?</q> or some other totally cool debate, but really about some low-level topics that could help improve the overall quality of distributions. Oh, and it's distributions as in <q>free software distributions</q>, not as in <q>Linux or GNU/Linux distributions</q>, so everybody is welcome, including our friends working on OpenSolariis, *BSD, etc. Lucas, who pushed for the creation of this list, has more <a href="http://www.lucas-nussbaum.net/blog/?p=281">details</a> about it. I'm happy because this mailing list will make it possible for me to start working on another (small) secret plan that could be interesting to many distributions.</p>
<p>Hrm, maybe I have too many secret plans? I guess I'll just postpone a bit the one about ruling the world... Anyway, everybody, go subscribe to those <a href="http://lists.freedesktop.org/mailman/listinfo/ftp-release">two</a> <a href="http://lists.freedesktop.org/mailman/listinfo/distributions">lists</a>. I know you'll feel empty if you don't do so now.</p>