Enable bubblewrap in gnome-desktop3 for Ubuntu 18.04 LTS

Don't we need the changes to bubblewrap itself too?

Oh, good point.

This bug was fixed in the package bubblewrap - 0.2.1-1ubuntu0.1

---------------
bubblewrap (0.2.1-1ubuntu0.1) bionic-security; urgency=medium

  [ Iain Lane ]
  * Don't install setuid on Ubuntu & derivatives since Ubuntu's
    kernel enables unprivileged user namespaces (LP: #1795668, LP: #1709164)
  * debian/tests/basic: We're not setuid - in this case we have to use a new
    user namespace. Not all the GIDs from the parent namespace are mapped
    through, and so testing that `id` is identical inside and out of the
    bubblewrap is not going to work. Let's make sure that the euid and egid
    are the same.

 -- Jeremy Bicha <email address hidden> Tue, 02 Oct 2018 11:03:48 -0400

This bug was fixed in the package gnome-desktop3 - 3.28.2-0ubuntu1.1

---------------
gnome-desktop3 (3.28.2-0ubuntu1.1) bionic-security; urgency=medium

  * Enable bubblewrap hardening for thumnbailers (LP: #1795668)

 -- Jeremy Bicha <email address hidden> Tue, 02 Oct 2018 10:26:01 -0400

This change just landed in bionic, and now my raw.thumbnailer does not work anymore. :(

raw.thumbnailer content:

[Thumbnailer Entry]
Exec=/usr/local/bin/raw-thumbnailer.sh %s %u %o
MimeType=image/x-canon-cr2;image/x-cr2;

raw-thumbnailer.sh content:

#! /bin/bash
/usr/bin/ufraw-batch --embedded-image --out-type=png --size=$1 $2 --overwrite --silent --output=$3

How can I fix this? Now I can't get any debug output from my shell script anymore.

Well, from reading gnome-desktop-thumbnail-script.c I understand thumbnailer does not have access to /usr/local, so changed raw.thumbnailer content to:

[Thumbnailer Entry]
Exec=/usr/bin/ufraw-batch --embedded-image --out-type=png --size=%s %u --overwrite --silent --output=%o
MimeType=image/x-canon-cr2;image/x-cr2;

Now it works.

This change breaks thumbnail creation on 32-bit Ubuntu. Filled bug #1807127.

This "enhancement2 broke all my thumbnailers too; unfortunately they are quite a bit more complex than the one @eros2 commented.

Is there any instruction on how enabling back a personal script for thumbnails generation after the upgrade? Note that this has been noticed by users; see for example https://askubuntu.com/questions/1088539/custom-thumbnailers-don-t-work-on-ubuntu-18-10

Thanks!

I've also encountered the same trouble with some of my external thumbnailers (lo-thumbnailer, msoffice-thumbnailer, ...).

I realised that bwarp calls fail under Ubuntu and Debian because of --symlink options used on /bin and /sbin. --ro-bind should be used instead of --symlink.

Till problem is solved on the Nautilus side, I've written a small article to explain how to get back external thumbnailers under 18.04 and 18.10 with the help of a bwrap wrapper under /usr/local/bin.

http://bernaerts.dyndns.org/linux/360-ubuntu-nautilus-external-thumbnailer-failure

Hope it helps

Yep: @nicolas-bernaerts is right. Ubuntu should include this commit:

https://gitlab.gnome.org/GNOME/gnome-desktop/commit/259e7e4edb0d9b84fb7cf0847149ff8d42ab9a56

since we have unmerged /usr.

Also, the problem with alternatives still stands, see https://gitlab.gnome.org/GNOME/gnome-desktop/issues/92

...and we have also the huge slowdown, see https://gitlab.gnome.org/GNOME/gnome-desktop/issues/90