#!/usr/bin/env bash # Repair trusted desktop launcher metadata in an existing sc-workstation VM. set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "$SCRIPT_DIR/lib/common.sh" DOMAIN="${SC_WORKSTATION_DOMAIN:-sc-workstation}" tmp_script="$(mktemp)" trap 'rm -f "$tmp_script"' EXIT cat > "$tmp_script" <<'GUESTEOF' set -euo pipefail install -d -o player -g player /home/player/Desktop /home/player/.local/bin /home/player/.config/autostart find /home/player/Desktop -maxdepth 1 -type f -name '*.desktop' -exec chown player:player {} + find /home/player/Desktop -maxdepth 1 -type f -name '*.desktop' -exec chmod 0755 {} + if [ -f /home/player/.config/chromium/Default/Bookmarks ]; then sudo -u player sed -i 's#http://www\.axiomworks\.corp/#https://www.axiomworks.corp/#g' /home/player/.config/chromium/Default/Bookmarks fi cat > /usr/local/bin/trust-desktop-launchers <<'SCRIPTEOF' #!/bin/bash set -u PATH=/usr/local/bin:/usr/bin:/bin player_uid="$(id -u player)" desktop_dir=/home/player/Desktop export HOME=/home/player export USER=player export LOGNAME=player export DISPLAY="${DISPLAY:-:0}" export XAUTHORITY="${XAUTHORITY:-/home/player/.Xauthority}" export XDG_RUNTIME_DIR="/run/user/$player_uid" if [ -S "$XDG_RUNTIME_DIR/bus" ]; then export DBUS_SESSION_BUS_ADDRESS="unix:path=$XDG_RUNTIME_DIR/bus" fi metadata_daemon="" for candidate in /usr/libexec/gvfsd-metadata /usr/lib/gvfs/gvfsd-metadata /usr/lib/x86_64-linux-gnu/gvfs/gvfsd-metadata; do if [ -x "$candidate" ]; then metadata_daemon="$candidate" break fi done if [ -n "$metadata_daemon" ] && ! /usr/bin/pgrep -u "$player_uid" -x gvfsd-metadata >/dev/null 2>&1; then "$metadata_daemon" >/dev/null 2>&1 & sleep 1 fi for i in $(/usr/bin/seq 1 20); do trusted_any=false failed=false for launcher in "$desktop_dir"/*.desktop; do [ -e "$launcher" ] || continue chmod 0755 "$launcher" 2>/dev/null || true checksum="$(/usr/bin/sha256sum "$launcher" | /usr/bin/awk '{print $1}')" || { failed=true continue } if /usr/bin/gio set -t string "$launcher" metadata::xfce-exe-checksum "$checksum" 2>/dev/null; then actual_checksum="$(/usr/bin/gio info -a metadata::xfce-exe-checksum "$launcher" 2>/dev/null | /usr/bin/awk -F': ' '/metadata::xfce-exe-checksum:/ {print $2; exit}')" owner_mode="$(/usr/bin/stat -c '%U:%G %a' "$launcher" 2>/dev/null || true)" if [ "$actual_checksum" != "$checksum" ] || [ "$owner_mode" != "player:player 755" ]; then failed=true continue fi trusted_any=true else failed=true fi done if [ "$trusted_any" = true ] && [ "$failed" = false ]; then /usr/bin/xfdesktop --reload >/dev/null 2>&1 || /usr/bin/pkill -HUP xfdesktop 2>/dev/null || true rm -f /home/player/.config/autostart/trust-launchers.desktop exit 0 fi sleep 1 done exit 1 SCRIPTEOF chmod 0755 /usr/local/bin/trust-desktop-launchers cat > /home/player/.local/bin/trust-desktop-launchers.sh <<'SCRIPTEOF' #!/bin/bash exec /usr/local/bin/trust-desktop-launchers SCRIPTEOF chown player:player /home/player/.local/bin/trust-desktop-launchers.sh chmod 0755 /home/player/.local/bin/trust-desktop-launchers.sh cat > /home/player/.config/autostart/trust-launchers.desktop <<'DESKTOPEOF' [Desktop Entry] Type=Application Name=Trust Desktop Launchers Exec=/usr/local/bin/trust-desktop-launchers Terminal=false X-GNOME-Autostart-enabled=true Hidden=false NoDisplay=true DESKTOPEOF chown player:player /home/player/.config/autostart/trust-launchers.desktop chmod 0644 /home/player/.config/autostart/trust-launchers.desktop if [ -S "/run/user/$(id -u player)/bus" ]; then sudo -u player env HOME=/home/player /usr/local/bin/trust-desktop-launchers else echo "Player DBus session is not active; repair will retry on next graphical login." >&2 fi GUESTEOF guest_run_sudo_script "$DOMAIN" "$tmp_script" ok "Desktop launcher repair applied to $DOMAIN"