Running CentOS 7 with GNOME 3.22.2, and I am trying to write an Ansible playbook to copy icons from /usr/share/applications to a pre-defined user's desktop and then grant trusted permission (Using gio set "metadata::trusted" yes).
When I try to see the writeable attributes of the desktop icon from a terminal session using gio info -w /home/demo/Desktop/google-chrome.desktop, I get this result:
Settable attributes:
standard::symlink-target (bytestring)
time::access (uint64, Keep with file when moved)
time::access-usec (uint32, Keep with file when moved)
time::modified (uint64, Copy with file, Keep with file when moved)
time::modified-usec (uint32, Copy with file, Keep with file when moved)
unix::gid (uint32, Keep with file when moved)
unix::mode (uint32, Copy with file, Keep with file when moved)
unix::uid (uint32, Keep with file when moved)
Writable attribute namespaces:
xattr (string, Copy with file, Keep with file when moved)
xattr-sys (string, Keep with file when moved)
So when I try the to run the above gio set command, it fails with gio: Setting attribute metadata::trusted not supported because metadata can't be written. However, if I log into a GUI session and run the same command from a terminal, then I see that metadata is now a writable attribute:
Settable attributes:
standard::symlink-target (bytestring)
time::access (uint64, Keep with file when moved)
time::access-usec (uint32, Keep with file when moved)
time::modified (uint64, Copy with file, Keep with file when moved)
time::modified-usec (uint32, Copy with file, Keep with file when moved)
unix::gid (uint32, Keep with file when moved)
unix::mode (uint32, Copy with file, Keep with file when moved)
unix::uid (uint32, Keep with file when moved)
Writable attribute namespaces:
metadata (string, Copy with file, Keep with file when moved)
xattr (string, Copy with file, Keep with file when moved)
xattr-sys (string, Keep with file when moved)
This means the gio set command works in a GNOME GUI session, but not in a terminal session. I'm trying to figure out if there is a way to allow the terminal session to be able to modify this (so that my playbook can make this modification). I'm not against having to use a different scripting language to do that if that's what it takes.
For information, the current Ansible playbook section looks like so:
- name: Make Chrome Launcher Trusted
shell: gio set /home/demo/Desktop/google-chrome.desktop "metadata::trusted" yes
You need dbus, which isn't running if your user hasn't logged in. You can start dbus for use by gio using dbus-launch:
- name: Make Chrome Launcher Trusted
shell: dbus-launch gio set /home/demo/Desktop/google-chrome.desktop "metadata::trusted" yes