Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for GNOME in dom0/GUI domain #1806

Closed
4 tasks
marmarek opened this issue Mar 4, 2016 · 130 comments
Closed
4 tasks

Add support for GNOME in dom0/GUI domain #1806

marmarek opened this issue Mar 4, 2016 · 130 comments
Labels
bounty This issue has a public bounty associated with it. C: desktop-linux help wanted This issue will probably not get done in a timely fashion without help from community contributors. P: major Priority: major. Between "default" and "critical" in severity. R: declined Resolution: While a legitimate bug or proposal, it has been decided that no action will be taken. release notes This issue should be mentioned in the release notes. ux User experience

Comments

@marmarek
Copy link
Member

marmarek commented Mar 4, 2016

Tasks here:

  • window decoration (colorful frames)
  • stripping unneeded components (file manager, automounting devices etc)
  • adjusting application menu
  • Qubes Manager integration (whatever it means)
@marmarek marmarek added C: desktop-linux P: major Priority: major. Between "default" and "critical" in severity. task release notes This issue should be mentioned in the release notes. ux User experience labels Mar 4, 2016
@marmarek marmarek added this to the Release 4.0 milestone Mar 4, 2016
@tasket
Copy link

tasket commented Mar 11, 2016

Has there been any open discussion of the need/desire for this?

@bnvk
Copy link

bnvk commented Mar 14, 2016

@ttasket yes, there has been some discussion on the mailing lists, but ultimately it was a decision of core team to work towards this!

@woju
Copy link
Member

woju commented Mar 29, 2016

Results of a preliminary research:

  • GTK+3 prefers client-side decorations (CSD), though it still draws decorations around windows which don't draw them the GTK+ way; the code used is the same, CSS based, but done by the window manager (Mutter)
  • one general problem with GTK is that some applications want to customise their headerbars (they add some buttons); the result is two sets of decorations; we probably can design our decorations to just include thin border (like in "Activities" gnome-shell panel) and a label with domain name
  • based on comment by someone on one of the gnome-related IRC channels, it's currently not possible to do it in Mutter without patching
  • we control both the client and server side (the window belongs to gui-daemon and we can supply an extension to gnome shell)
  • @marmarek doesn't want to convert gui-daemon into GTK+ application, because:
    • there are some problems foreseen (something around event ordering, which I didn't understand
    • he would have to do it
  • playing around gnome shell JS console proved unsuccesful (the guy on IRC was probably right)
  • the following code is an example of styling window decoration; instantiation of Gtk.HeaderBar seems to be mandatory, if not created, the decorations are drawn by Mutter at least in 3.10 (Debian 8)
  • messing around style providers to write custom implementation in Python (to generate dynamic colours, because labels may be changed) was also fruitless, because they use private interfaces and the public, documented interfaces don't really work
#!/usr/bin/env python3

import pdb
import gi
from gi.repository import Gdk, Gtk

def get_css():
    return ''.join(
        '''
        .qubes-label-{name} .header-bar,
        .qubes-label-{name} .titlebar,
        .qubes-label-{name}
        {{
            background: dark{name};
        }}
        '''.format(name=name)
        for name in ('red', 'green', 'blue')).encode('ascii')

def main():
    provider = Gtk.CssProvider()
    provider.load_from_data(get_css())
#   provider.load_from_file(FILENAME)

    Gtk.StyleContext.add_provider_for_screen(
        Gdk.Screen.get_default(),
        provider,
        Gtk.STYLE_PROVIDER_PRIORITY_APPLICATION
    )

    win = Gtk.Window(title='titlebar')
    win.get_style_context().add_class('qubes-label-blue')

    header_bar = Gtk.HeaderBar()
    header_bar.set_title('header-bar')
    header_bar.set_subtitle('dom0')
    header_bar.set_show_close_button(True)
    win.set_titlebar(header_bar)

    button = Gtk.Button(label='Break to PDB')
    def on_clicked(widget, win=win): #, header_bar=header_bar):
        try:
            pdb.set_trace()
        except bdb.BdbQuit:
            Gtk.main_quit(widget)
    button.connect('clicked', on_clicked)
    win.add(button)

    win.connect('delete-event', Gtk.main_quit)
    win.show_all()
    Gtk.main()

if __name__ == '__main__':
    main()

# vim: ts=4 sts=4 sw=4 et

@woju
Copy link
Member

woju commented Mar 30, 2016

Oh, and forgot to add: there are two programs which aid debugging GTK+ applications: GTK+ Inspector (>= gtk 3.14) and gtkparasite (for older, like 3.10 in jessie).

@mfc
Copy link
Member

mfc commented May 6, 2016

from my understanding of the warsaw meetings, @bnvk is no longer attempting to implement this anymore, so I removing it from being assigned to him. I am assigning a help wanted label as well.

@mfc mfc unassigned bnvk May 6, 2016
@mfc mfc added the help wanted This issue will probably not get done in a timely fashion without help from community contributors. label May 6, 2016
@ghost
Copy link

ghost commented May 7, 2016

What's the reason @bnvk stopped?

@marmarek
Copy link
Member Author

marmarek commented May 7, 2016

Turned out to be harder than "just create custom theme", see #1806 (comment)

@adrelanos
Copy link
Member

This might not happen for Qubes R4. Source: Qubes lead engineer @marmarek:
https://groups.google.com/d/msg/qubes-devel/cberCRs_nFE/reNS1BKOBwAJ

@liilac
Copy link

liilac commented Jul 4, 2016

I will try find them later, but there are a set of patches to metacity to enable window labelling and colouring for the MLS policy under SELinux. I imagine that may be helpful as reference (SELinux window labels are stored the same way as Qubes ones).

@marmarek
Copy link
Member Author

marmarek commented Jul 6, 2016

Very interesting, can you paste a link? @ileyd

@liilac
Copy link

liilac commented Jul 6, 2016

@marmarek Sure

I believe there are two different sets of patches available publicly. Also, I think there are some for Openbox and XFCE as well.

Mind you these are OLD, from when there seemed to be a burst in interest in producing a functional MLS desktop with SELinux/X11, but I'm sure newer versions exist.

It might be worth emailing the authors to that effect (there are definitely still people working on MLS with SELinux).

Bugzilla page
Screenshot of demo

Different patch (mailing list thread)


Some related links
Presentation relating to the above
Notes on a previous SELinux summit, covering some similar things as above
SELinux wiki page on MLS

@Drubble
Copy link

Drubble commented Jan 8, 2017

It'd be a shame if Qubes gave up on Gnome altogether. I really find it a much nicer DE than Xfce/KDE. Is it still on the roadmap?

@andrewdavidwong
Copy link
Member

@Drubble: AFAIK, we're still looking for a GNOME dev:
https://www.qubes-os.org/join/#gnome-desktop-environment-developer

@DemiMarie
Copy link

Right now I feel the central "problem" this issue was created to address, has been lost. Where would the value of Flatpak integration be, and to whom? What features, also?

Sorry, that was poorly phrased. What I meant is that if GNOME had already written code for Flatpak integration, we might be able to use some of it.

@demeralde
Copy link

I'd even argue using the Pop!_OS shell instead of regular GNOME. It's the best of both GNOME and i3. If someone implements this flawlessly with Qubes, I think I'd be sold.

@ninavizz
Copy link
Member

ninavizz commented May 23, 2021

Being able to integrate the DMenu stuff into Qubes w/o requiring the full tiling (primary) switchover to i3 would be a giant win for users, I suspect. LOTS of requests to bring D3 functionality into the new app menu stuff, so i3 users don't have to pick one or the other.

@v6ak
Copy link

v6ak commented May 23, 2021 via email

@v6ak
Copy link

v6ak commented May 23, 2021 via email

@ninavizz
Copy link
Member

On this topic, from the AppMenu survey:

"1) Make Qubes OS more usable for people with KDE-based templates, dolphin and Qt filesave/fileopen dialogs.
2) Each KDE-based qube should have shortcut in tray menu - open dolphin (or filenamanger script, the same as currently done with terminal).
3) Each qube should have an optional submenu with custom links, e.g. this qubes is for browser, this one dolphin (e,g. samba via vpn), this one qbittorrent and etc.
4) Make Qubes OS better for people with 30+ VMs. Storage space is cheap, so why not use plenty of them. But it causes troubles currently, start menu in XFCE opens 3 seconds for the first time. It has no search too (XFCE is not great and nor comfortable), so scrolling and searching VM manually is also a pain. So, I prefer not use start menu at all in XFCE, better to open dom0 terminal and run qvm-run vm konsole & from history. Yes, current XFCE menu is that bad if you have many VMs.

@ninavizz
Copy link
Member

@v6ak Thank you for the excellent feedback points on the DMenu stuff! Users across DEs really want more keyboard-only control of their OS... so while, yes, it was only really i3 and super-Linux folks requesting DMenu outright, it is a realm of inquiry I like having open to explore some more (both with users, and technically).

@v6ak
Copy link

v6ak commented May 23, 2021 via email

@SvenSemmler
Copy link

SvenSemmler commented May 24, 2021 via email

@ninavizz
Copy link
Member

Yup! All of this, we need to make work with Qubes. Not rocket science, just mental models and details to finesse. And, developer time to make fit well.

Also: Having now finished the first pass of synthesis on the appmenu survey (it'll take about 3 passes until I'm "done" with a publishable article), I can assert a strong interest in Gnome from just the open form comments on that. There were also some open form comments about KDE (and many complaining about its perceived bloat on system resources, heh), but all of that will be quantified in the article that ends up getting published. Just FYI.

@unman
Copy link
Member

unman commented May 24, 2021 via email

@DemiMarie
Copy link

There is a major problem with GNOME’s Wayland compositor, Mutter: https://gitlab.gnome.org/GNOME/mutter/-/issues/1836. In short, GNOME does not support server-side decorations on Wayland, at all. It expects each client to draw their own. That means we need to either draw these decorations ourselves in the GUI daemon, or convince Mutter’s developers to change their mind.

@DemiMarie
Copy link

Update: Mutter will never support server-side decorations, which means that the GUI daemon will need to draw its own decorations itself. GTK is the only way to draw decorations that are consistent with the rest of the desktop environment, but GTK is not well-suited for this task, as it is not friendly to direct interaction with Wayland.

@ninavizz: how important is it that the window decorations be consistent with those provided by GNOME? Ensuring this will likely add substantial complexity and may cause problems with accessibility support.

@ninavizz
Copy link
Member

Responded to @DemiMarie in an outside chat. TL;DR, "GNOME-y" or "KDE-y" etc are less important, than supporting colored frames in Qubes as elegantly, usably, and otherwise neutrally as possible. #6414 shows a proposal that does not have to be married to XFCE, but in an ideal universe is how I'd like windows to look in Qubes. :)

My preference for GNOME overall, is for how its family of components all work across UI functions. Can elaborate later, if desired.

@DemiMarie
Copy link

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/1014 is going to be another difficulty. The recommended workaround appears to be a shell extension in JavaScript, but that is only an option for icons in the GUI qube.

@DemiMarie
Copy link

Not sure if that is helpful, but there is an alternative solution: use client-side decorations. The actual VM windows are technically owned by gui-daemon process in dom0 (or other GUI VM in the future), so we have full control what is does. The issue here is it being plain C application, accessing X11 messages directly - which may be highly non-trivial to combine with GTK3 code for drawing decorations. But maybe I'm wrong here? Note this part of qubes is very fragile, as there are a lot of different applications, each with own set of quirks - causing issues like like #5424 or #3982.

From a purely technical perspective, client-side decorations are probably the best option. They are fail-secure, as errors will crash the GUI daemon. They are also portable to all Wayland compositors and X window managers, and have the same look and feel on all of these platforms. In light of #6414, this is actually desirable! Desktop environment theming code is very complex and I would prefer to not rely on it for security, whereas client-side decorations should Just Work.

That said, good client-side decorations are a LOT of work, especially since accessibility is a requirement. Having the GUI daemon draw them would add a significant amount of complexity. That is undesirable in one of the most security-critical parts of the system.

@DemiMarie
Copy link

I finally figured out a solution last night:

Instead of launching the GUI daemon normally, the GUI daemon is launched by a GNOME shell extension. The extension uses the MetaWaylandClient API to allow it to identify the windows owned by the daemon. This is race-free by design, and is designed to be secure against spoofing by untrusted sandboxed (ex: Flatpak) clients, so it is more than sufficient for our purposes.

Before the daemon draws a window, it asks the extension to draw the window’s border. The daemon only draws the window if the extension draws the border successfully. Otherwise, the daemon considers this to be an error condition, preventing a window from being drawn without a suitable border. If the extension is not loaded, the GUI daemon will never be launched, which is again a safe failure mode.

@jonkri
Copy link

jonkri commented Dec 24, 2021

It's great to see that the Bountysource bounty has reached $6,400. Hopefully we can see some more progress towards this soon!

Merry Christmas, all! 🎄

@code3z
Copy link

code3z commented Dec 29, 2021

Hi, I already got this working a little while ago: https://gist.github.com/code3z/244ea17d306f11fdf1127c8d4ce5296c
There are a few bugs, like with the microphone and HDMI, but I think those have to do with the OS and my hardware, not GNOME. I have been using GNOME with a second display for a few months now. I posted the code and instructions for window decorations but it is a bit hacky.

@ghost

This comment was marked as off-topic.

@anonaddict

This comment was marked as off-topic.

@ghost

This comment was marked as off-topic.

@andrewdavidwong

This comment was marked as off-topic.

@QubesOS QubesOS locked as off-topic and limited conversation to collaborators Mar 13, 2022
@andrewdavidwong andrewdavidwong removed this from the Release TBD milestone Aug 13, 2023
@marmarek
Copy link
Member Author

After several considerations, sadly it seems like official support for GNOME is not a viable in Qubes OS. There are several technical details (you can find them in the discussion above), but the summary is that GNOME is tightly integrated with their vision of the desktop which is incompatible with Qubes OS. Some of it can be tweaked with extensions (but the API there changes so maintaining it will be substantial amount of work), some requires patching at source code level (which is even more work to maintain). And some (like server-side decorations) won't work under Wayland at all (and the native X11 support is going away).

If GNOME approach will change, we may reconsider this decision. Until then, there won't be official support for GNOME. If somebody is willing to maintain set of packages and extensions that make GNOME functional on Qubes OS, we have a contrib repository that could be used for that.

@marmarek marmarek closed this as not planned Won't fix, can't repro, duplicate, stale Oct 18, 2023
@andrewdavidwong andrewdavidwong added the R: declined Resolution: While a legitimate bug or proposal, it has been decided that no action will be taken. label Oct 18, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bounty This issue has a public bounty associated with it. C: desktop-linux help wanted This issue will probably not get done in a timely fashion without help from community contributors. P: major Priority: major. Between "default" and "critical" in severity. R: declined Resolution: While a legitimate bug or proposal, it has been decided that no action will be taken. release notes This issue should be mentioned in the release notes. ux User experience
Projects
None yet
Development

No branches or pull requests