Is using xdg-utils post-install safe?

Is using xdg-utils post-install safe?

[Jesse Gibbons]

I'm working on packaging The Powder Toy. When it first starts, it asks if
the user wants to install it. When the user clicks confirm, it tries to use
xdg-desktop-menu, xdg-mime, and xdg-icon-resource.
Is this a safe behavior with guix, or should I try to patch it out?
If it is safe, should I bother trying to install a desktop icon with guix if
the program will do that itself?
-- 
-Jesse

Re: Is using xdg-utils post-install safe?

[Tobias Geerinckx-Rice]

[-- Attachment #1: Type: text/plain, Size: 1165 bytes --]

Jesse,

Jesse Gibbons 写道：
> I'm working on packaging The Powder Toy. When it first starts, 
> it asks if
> the user wants to install it.

‘Install’?  That doesn't sound good.  :-)

<https://github.com/The-Powder-Toy/The-Powder-Toy/blob/master/src/client/Client.cpp#L366>.

From my reading, that will embed a store file name into a .desktop 
file somewhere in (each) user's $HOME, which will break sooner or 
later.

> When the user clicks confirm, it tries to use
> xdg-desktop-menu, xdg-mime, and xdg-icon-resource.
> Is this a safe behavior with guix, or should I try to patch it 
> out?
> If it is safe, should I bother trying to install a desktop icon 
> with guix if
> the program will do that itself?

Even if I'm wrong and it's ‘safe’, I don't see how this behaviour 
is desirable.  What is upstream trying to accomplish here?  Do you 
see how this would be helpful compared to doing things the 
normally?

If not, I think we have a responsibility towards our users to 
install a copy of the above .desktop file and patch out any 
xdg-desktop-menu calls.  Same for MIME types and icons.

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

Re: Is using xdg-utils post-install safe?

[Jesse Gibbons]

On Mon, 2019-10-28 at 20:12 +0100, Tobias Geerinckx-Rice wrote:
> Jesse,
> 
> Jesse Gibbons 写道：
> > I'm working on packaging The Powder Toy. When it first starts, 
> > it asks if
> > the user wants to install it.
> 
> ‘Install’?  That doesn't sound good.  :-)
> 
> <
> https://github.com/The-Powder-Toy/The-Powder-Toy/blob/master/src/client/Client.cpp#L366>
> ;.
Thanks for looking it up for me. This will save me some grepping.
> 
> From my reading, that will embed a store file name into a .desktop 
> file somewhere in (each) user's $HOME, which will break sooner or 
> later.
> 
I can confirm that is an accurate summary of what it does. Letting it stay
would be an error waiting to happen. 
> > When the user clicks confirm, it tries to use
> > xdg-desktop-menu, xdg-mime, and xdg-icon-resource.
> > Is this a safe behavior with guix, or should I try to patch it 
> > out?
> > If it is safe, should I bother trying to install a desktop icon 
> > with guix if
> > the program will do that itself?
> 
> Even if I'm wrong and it's ‘safe’, I don't see how this behaviour 
> is desirable.  What is upstream trying to accomplish here?
If a user decides to build from source, installing the information on first
launch would allow the user to "install" it without moving any binary. It's
just speculation, but this could be the theory behind this questionable
design choice.
>  Do you see how this would be helpful compared to doing things 
> the normally?
I cannot think of any advantage the average user running guix would gain in
leaving it in. If anything it would make the first launch a little more
complex because there would be no icon until then. 
> 
> If not, I think we have a responsibility towards our users to 
> install a copy of the above .desktop file and patch out any 
> xdg-desktop-menu calls.  Same for MIME types and icons.
I agree. I'll work on it now and send the patch when everything works.
> 
> Kind regards,
> 
> T G-R
-- 
-Jesse