6

Running CentOS 7 with GNOME 3.22.2, and I am trying to write an Ansible playbook to copy icons from /usr/share/applications to a pre-defined user's desktop and then grant trusted permission (Using gio set "metadata::trusted" yes).

When I try to see the writeable attributes of the desktop icon from a terminal session using gio info -w /home/demo/Desktop/google-chrome.desktop, I get this result:

Settable attributes:
 standard::symlink-target (bytestring)
 time::access (uint64, Keep with file when moved)
 time::access-usec (uint32, Keep with file when moved)
 time::modified (uint64, Copy with file, Keep with file when moved)
 time::modified-usec (uint32, Copy with file, Keep with file when moved)
 unix::gid (uint32, Keep with file when moved)
 unix::mode (uint32, Copy with file, Keep with file when moved)
 unix::uid (uint32, Keep with file when moved)
Writable attribute namespaces:
 xattr (string, Copy with file, Keep with file when moved)
 xattr-sys (string, Keep with file when moved)

So when I try the to run the above gio set command, it fails with gio: Setting attribute metadata::trusted not supported because metadata can't be written. However, if I log into a GUI session and run the same command from a terminal, then I see that metadata is now a writable attribute:

Settable attributes:
 standard::symlink-target (bytestring)
 time::access (uint64, Keep with file when moved)
 time::access-usec (uint32, Keep with file when moved)
 time::modified (uint64, Copy with file, Keep with file when moved)
 time::modified-usec (uint32, Copy with file, Keep with file when moved)
 unix::gid (uint32, Keep with file when moved)
 unix::mode (uint32, Copy with file, Keep with file when moved)
 unix::uid (uint32, Keep with file when moved)
Writable attribute namespaces:
 metadata (string, Copy with file, Keep with file when moved)
 xattr (string, Copy with file, Keep with file when moved)
 xattr-sys (string, Keep with file when moved)

This means the gio set command works in a GNOME GUI session, but not in a terminal session. I'm trying to figure out if there is a way to allow the terminal session to be able to modify this (so that my playbook can make this modification). I'm not against having to use a different scripting language to do that if that's what it takes.

For information, the current Ansible playbook section looks like so:

- name: Make Chrome Launcher Trusted
  shell: gio set /home/demo/Desktop/google-chrome.desktop "metadata::trusted" yes
jhrabi
  • 309
  • 2
  • 16
  • would be interesting to add the relevant part of the playbook, thanks – Baptiste Mille-Mathias Aug 08 '18 at 19:21
  • `- name: Make Chrome Launcher Trusted shell: gio set /home/demo/Desktop/google-chrome.desktop "metadata::trusted" yes` – jhrabi Aug 08 '18 at 19:49
  • From an ansible perspective, I added a script in the /home/demo/.config/autostart directory that runs the gio set command on GNOME startup. So there's at least a workaround. – jhrabi Aug 14 '18 at 16:36

3 Answers3

13

You need dbus, which isn't running if your user hasn't logged in. You can start dbus for use by gio using dbus-launch:

- name: Make Chrome Launcher Trusted
  shell: dbus-launch gio set /home/demo/Desktop/google-chrome.desktop "metadata::trusted" yes
Cort Tompkins
  • 156
  • 2
  • 3
  • 1
    You may also find you need to set `become: true` and `become_user: demo` (assuming `demo` is the name of the user whose home directory the icon is in. It didn't seem to work for me when I ran this command as `become_user: root`. – jesseplymale Dec 16 '21 at 21:56
  • 1
    `dbus-launch: not found` ? Install `dbus-x11`. – ponsfrilus Sep 05 '22 at 16:47
2

As addition on the answer from Cort Tompkins, for ubuntu 22.* i needed to run the dbus-launch specific as the user In you case demo

- name: Make Chrome Launcher Trusted
  shell: sudo -u demo -g demo dbus-launch gio set /home/demo/Desktop/google-chrome.desktop "metadata::trusted" true

And for Ubuntu 20+ if i am correct you should use "metadata::trusted" true instead of "metadata::trusted" yes

And not sure why but needed to run it twice

Full task file:

---
- name: Install google-chrome
  package:
    name: google-chrome
    state: latest

- name: Make desktop shortcut for google-chrome
  ansible.builtin.copy:
    src: /usr/share/applications/google-chrome.desktop
    dest: /home/demo/Desktop/google-chrome.desktop
    remote_src: yes
    owner: demo
    group: demo
    mode: '0770'

- name: Changing perm of "google-chrome.desktop", adding "+x"
  file:
    dest: /home/demo/Desktop/google-chrome.desktop
    mode: a+x

- name: Make google-chrome Launcher Trusted 1/2
  shell: sudo -u demo -g demo dbus-launch gio set /home/demo/Desktop/google-chrome.desktop "metadata::trusted" true

- name: Make google-chrome Launcher Trusted 2/2
  shell: sudo -u demo -g demo dbus-launch gio set /home/demo/Desktop/google-chrome.desktop "metadata::trusted" true
J. Overmars
  • 1,653
  • 1
  • 11
  • 10
  • A little tangential, but if you set the mode to '0775' instead of '0770' you don't need the following step adding +x. Though unless you want anyone to be able to launch this users desktop shortcut, you don't need that executable bit set in the first place. – Drew Marold Jun 21 '23 at 14:29
0

"metadata::trusted" true fixed my issue

Aleksander Burzec
  • 337
  • 3
  • 19