import CS gnome-shell-40.10-17.el9

This commit is contained in:
eabdullin 2024-03-28 10:17:22 +00:00
parent a801ef2715
commit f8a5416d67
5 changed files with 297 additions and 1 deletions

View File

@ -0,0 +1,92 @@
From 91449e6a19af63eebaf5f97f85ba44f69259075a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Sat, 10 Feb 2024 00:58:27 +0100
Subject: [PATCH] extensionSystem: Support locking down extension installation
Currently extensions can only be locked down completely by
restricting the `enabled-extensions` key via dconf.
This is too restrictive for environments that want to allow users
to customize their system with extensions, while still limiting
the set of possible extensions.
To fill that gap, add a new `allow-extension-installation` setting,
which restricts extensions to system extensions when disabled.
As the setting is mainly intended for locking down by system
administrators, there is no attempt to load/unload extensions
on settings changes.
---
data/org.gnome.shell.gschema.xml.in | 11 +++++++++++
js/ui/extensionDownloader.js | 6 ++++++
js/ui/extensionSystem.js | 8 ++++++--
3 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/data/org.gnome.shell.gschema.xml.in b/data/org.gnome.shell.gschema.xml.in
index 6f1c424bad..b5921983cd 100644
--- a/data/org.gnome.shell.gschema.xml.in
+++ b/data/org.gnome.shell.gschema.xml.in
@@ -40,6 +40,17 @@
the “enabled-extension” setting.
</description>
</key>
+ <key name="allow-extension-installation" type="b">
+ <default>true</default>
+ <summary>Allow extension installation</summary>
+ <description>
+ Allow users to install extensions in their home folder. If disabled,
+ the InstallRemoteExtension D-Bus method will fail, and extensions
+ are only loaded from system directories on startup.
+ It does not affect extensions that are already loaded, so a change
+ only takes full effect on the next login.
+ </description>
+ </key>
<key name="disable-extension-version-validation" type="b">
<default>false</default>
<summary>Disables the validation of extension version compatibility</summary>
diff --git a/js/ui/extensionDownloader.js b/js/ui/extensionDownloader.js
index 471ddab147..01ed165c01 100644
--- a/js/ui/extensionDownloader.js
+++ b/js/ui/extensionDownloader.js
@@ -17,6 +17,12 @@ var REPOSITORY_URL_UPDATE = 'https://extensions.gnome.org/update-info/';
let _httpSession;
function installExtension(uuid, invocation) {
+ if (!global.settings.get_boolean('allow-extension-installation')) {
+ invocation.return_dbus_error('org.gnome.Shell.InstallError',
+ 'Extension installation is not allowed');
+ return;
+ }
+
const oldExt = Main.extensionManager.lookup(uuid);
if (oldExt && oldExt.type === ExtensionUtils.ExtensionType.SYSTEM) {
log('extensionDownloader: Trying to replace system extension %s'.format(uuid));
diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js
index 937f861994..528d9ea450 100644
--- a/js/ui/extensionSystem.js
+++ b/js/ui/extensionSystem.js
@@ -64,7 +64,10 @@ var ExtensionManager = class {
get updatesSupported() {
const appSys = Shell.AppSystem.get_default();
- return appSys.lookup_app('org.gnome.Extensions.desktop') !== null;
+ const hasUpdatesApp =
+ appSys.lookup_app('org.gnome.Extensions.desktop') !== null;
+ const allowed = global.settings.get_boolean('allow-extension-installation');
+ return allowed && hasUpdatesApp;
}
lookup(uuid) {
@@ -595,7 +598,8 @@ var ExtensionManager = class {
this._enabledExtensions = this._getEnabledExtensions();
let perUserDir = Gio.File.new_for_path(global.userdatadir);
- FileUtils.collectFromDatadirs('extensions', true, (dir, info) => {
+ const includeUserDir = global.settings.get_boolean('allow-extension-installation');
+ FileUtils.collectFromDatadirs('extensions', includeUserDir, (dir, info) => {
let fileType = info.get_file_type();
if (fileType != Gio.FileType.DIRECTORY)
return;
--
2.43.0

View File

@ -0,0 +1,26 @@
From b3cac57511575e1265ab0ebd9c7465a6ade913e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Thu, 28 Sep 2023 14:34:24 +0200
Subject: [PATCH] windowMenu: Ignore release
If the menu was open on button-press, make sure it is kept open
until explicitly dismissed, regardless of the pointer position.
---
js/ui/windowMenu.js | 1 +
1 file changed, 1 insertion(+)
diff --git a/js/ui/windowMenu.js b/js/ui/windowMenu.js
index 3449f759da..ad5c2a74cc 100644
--- a/js/ui/windowMenu.js
+++ b/js/ui/windowMenu.js
@@ -229,6 +229,7 @@ var WindowMenuManager = class {
let menu = new WindowMenu(window, this._sourceActor);
this._manager.addMenu(menu);
+ this._manager.ignoreRelease();
menu.connect('activate', () => {
window.check_alive(global.get_current_time());
--
2.41.0

View File

@ -0,0 +1,51 @@
diff --git a/js/portalHelper/main.js b/js/portalHelper/main.js
index 25f866281..a221c3b88 100644
--- a/js/portalHelper/main.js
+++ b/js/portalHelper/main.js
@@ -4,10 +4,17 @@ imports.gi.versions.Soup = '2.4';
const Format = imports.format;
const Gettext = imports.gettext;
-const { Gio, GLib, GObject, Gtk, Pango, Soup, WebKit2: WebKit } = imports.gi;
+const { Gio, GLib, GObject, Gtk, Pango, Soup } = imports.gi;
const _ = Gettext.gettext;
+let WebKit;
+try {
+ WebKit = imports.gi.WebKit2;
+} catch {
+ WebKit = null;
+}
+
const Config = imports.misc.config;
const { loadInterfaceXML } = imports.misc.fileUtils;
@@ -346,6 +353,11 @@ function initEnvironment() {
function main(argv) {
initEnvironment();
+ if (!WebKit) {
+ log('WebKit2 typelib is not installed, captive portal helper will be disabled');
+ return 1;
+ }
+
if (!WebKit.WebContext.new_ephemeral) {
log('WebKitGTK 2.16 is required for the portal-helper, see https://bugzilla.gnome.org/show_bug.cgi?id=780453');
return 1;
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
index 01c83c86b..8c5bd8dcb 100644
--- a/js/ui/status/network.js
+++ b/js/ui/status/network.js
@@ -2070,7 +2070,9 @@ class Indicator extends PanelMenu.SystemIndicator {
new PortalHelperProxy(Gio.DBus.session, 'org.gnome.Shell.PortalHelper',
'/org/gnome/Shell/PortalHelper', (proxy, error) => {
if (error) {
- log('Error launching the portal helper: %s'.format(error));
+ // Timeout is expected if WebKit is unavailable
+ if (!error.matches(Gio.IOErrorEnum, Gio.IOErrorEnum.TIMED_OUT))
+ log('Error launching the portal helper: ' + error);
return;
}

107
SOURCES/owe-support.patch Normal file
View File

@ -0,0 +1,107 @@
From ad431c28788ac1a4ec815cc4985cdb09a1a82226 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Mon, 11 Sep 2023 19:20:14 +0200
Subject: [PATCH 1/2] status/network: Fix fallback SSID label
We currently only return the fallback label if the string returned
from the ssid was invalid or couldn't be transformed to UTF-8.
If the ssid parameter itself is empty, we throw an error.
Handle this case as well, as callers otherwise would need to duplicate
the existing error path themselves.
---
js/ui/status/network.js | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
index 1f17ca8f97..99a8d51f82 100644
--- a/js/ui/status/network.js
+++ b/js/ui/status/network.js
@@ -67,7 +67,9 @@ function signalToIcon(value) {
}
function ssidToLabel(ssid) {
- let label = NM.utils_ssid_to_utf8(ssid.get_data());
+ let label;
+ if (ssid)
+ label = NM.utils_ssid_to_utf8(ssid.get_data());
if (!label)
label = _("<unknown>");
return label;
--
2.41.0
From 0409f18446cb55a45187e00feadb12e4389381dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Wed, 30 Aug 2023 01:47:00 +0200
Subject: [PATCH 2/2] status/network: Use connection name with hidden AP
When connected to an OWE transition network, NetworkManager
reports the connected API with a hidden SSID.
Handle this by using the active connection's name before
ultimately falling back to the device name.
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6918
Part-of:
<https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2927>
---
js/ui/status/network.js | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
index 99a8d51f82..b407d8e78d 100644
--- a/js/ui/status/network.js
+++ b/js/ui/status/network.js
@@ -1395,26 +1395,36 @@ var NMDeviceWireless = class {
_getStatus() {
let ap = this._device.active_access_point;
- if (this._isHotSpotMaster())
+ if (this._isHotSpotMaster()) {
/* Translators: %s is a network identifier */
return _("%s Hotspot Active").format(this._description);
- else if (this._device.state >= NM.DeviceState.PREPARE &&
- this._device.state < NM.DeviceState.ACTIVATED)
+ } else if (this._device.state >= NM.DeviceState.PREPARE &&
+ this._device.state < NM.DeviceState.ACTIVATED) {
/* Translators: %s is a network identifier */
return _("%s Connecting").format(this._description);
- else if (ap)
- return ssidToLabel(ap.get_ssid());
- else if (!this._client.wireless_hardware_enabled)
+ } else if (ap) {
+ const ssid = ap.get_ssid();
+ if (ssid)
+ return ssidToLabel(ssid);
+
+ // Use connection name when connected to hidden AP
+ const activeConnection = this._device.get_active_connection();
+ if (activeConnection)
+ return activeConnection.connection.get_id();
+
+ return ssidToLabel(null);
+ } else if (!this._client.wireless_hardware_enabled) {
/* Translators: %s is a network identifier */
return _("%s Hardware Disabled").format(this._description);
- else if (!this._client.wireless_enabled)
+ } else if (!this._client.wireless_enabled) {
/* Translators: %s is a network identifier */
return _("%s Off").format(this._description);
- else if (this._device.state == NM.DeviceState.DISCONNECTED)
+ } else if (this._device.state == NM.DeviceState.DISCONNECTED) {
/* Translators: %s is a network identifier */
return _("%s Not Connected").format(this._description);
- else
+ } else {
return '';
+ }
}
_getMenuIcon() {
--
2.41.0

View File

@ -2,7 +2,7 @@
Name: gnome-shell Name: gnome-shell
Version: 40.10 Version: 40.10
Release: 13%{?dist} Release: 17%{?dist}
Summary: Window management and application launching for GNOME Summary: Window management and application launching for GNOME
License: GPLv2+ License: GPLv2+
@ -56,6 +56,10 @@ Patch52: 0001-osk-layouts-Replace-SS-extra-key-with.patch
Patch53: 0001-po-Update-translations.patch Patch53: 0001-po-Update-translations.patch
Patch54: 0001-st-icon-Only-get-resource-scale-after-peeking-theme-.patch Patch54: 0001-st-icon-Only-get-resource-scale-after-peeking-theme-.patch
Patch55: 0001-window-tracker-Only-emit-tracked-windows-changed-on-.patch Patch55: 0001-window-tracker-Only-emit-tracked-windows-changed-on-.patch
Patch56: owe-support.patch
Patch57: 0001-windowMenu-Ignore-release.patch
Patch58: optional-portal-helper.patch
Patch59: 0001-extensionSystem-Support-locking-down-extension-insta.patch
%define eds_version 3.33.1 %define eds_version 3.33.1
%define gnome_desktop_version 3.35.91 %define gnome_desktop_version 3.35.91
@ -275,6 +279,22 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/evolution-calendar.de
%{_mandir}/man1/gnome-shell.1* %{_mandir}/man1/gnome-shell.1*
%changelog %changelog
* Sat Feb 10 2024 Florian Müllner <fmuellner@redhat.com> - 40.10-17
- Allow restricting extension installation
Resolves: RHEL-25017
* Wed Nov 01 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 40.10-16
- Disable captive portal helper if WebKitGTK is not installed
Resolves: RHEL-10487
* Wed Oct 18 2023 Florian Müllner <fmuellner@redhat.com> - 40.10-15
- Fix window-menu closing immediately on open
Resolves: RHEL-2663
* Wed Sep 06 2023 Florian Müllner <fmuellner@redhat.com> - 40.10-14
- Support OWE networks
Resolves: #2236665
* Mon May 15 2023 Ray Strode <rstrode@redhat.com> - 40.10-13 * Mon May 15 2023 Ray Strode <rstrode@redhat.com> - 40.10-13
- Don't reset smartcard conversation twice when smartcard is inserted. - Don't reset smartcard conversation twice when smartcard is inserted.
Resolves: #2140898 Resolves: #2140898