Packaging Request #1413
[partial fixes] Package deblobed version of gnome-software. Was: [gnome-software][discover] offers non-free software & shows incorrect licenses
50%
Description
Hi, I recently installed the gnome-software pkg in my system and guess what I found: Chromium, Opera, Firefox, playonlinux, Oracle VM Virtual-box, etc. However, I've been told (I'm not sure) that Debian's version does not have those nonfree recommendations. We could have a look at it, and if there are no patches, we'll have to blacklist gnome-software unless we effectively block the proprietary crap.
Related issues
History
Updated by Megver83 almost 7 years ago
- Subject changed from gnome-software offers non-free software to gnome-software offers non-free software & shows incorrect licenses
To make it worse: I found Kodi, and it says that the license is proprietary, when it is GPL2. This is also with most programs, there are many that also appear as "unknown" licenses. Firefox says "Unknown", VLC says "Proprietary", etc... I'll temporally blacklist it, this is too much
https://git.parabola.nu/blacklist.git/commit/?id=47620a1ff37c23b62939dbf60c382c3d912f4c67
Updated by isacdaavid almost 7 years ago
- Related to Bug #813: [archlinux-appstream-data] problem with gnome-software added
Updated by isacdaavid almost 7 years ago
Updated by Megver83 almost 7 years ago
isacdaavid wrote:
I think all that information is coming from archlinux-appstream-data (bug #813). I have mentioned this bug in relation to #1371, I suspect apparmor-profiles and archlinux-appstream-data stay or fall together.
so then we must replace archlinux-appstream-data with sth. like parabola-appstream-data, or lets see what happens if we remove it as Emulatorman suggested at #hyperbola
22:21:22 - Megver83: Emulatorman: https://git.parabola.nu/blacklist.git/commit/?id=47620a1ff37c23b62939dbf60c382c3d912f4c67
22:23:09 - Emulatorman: Megver83: no hay manera de salvarlo?
22:23:28 - Megver83: Emulatorman: isacdaavid actualizo el issue, revisalo
22:23:28 - Emulatorman: Megver83: no sera algo secundario que lo esta afectando
22:23:30 - Emulatorman: ?
22:23:48 - Megver83: Emulatorman: parece que si, creo que es archlinux-appstream-data
22:24:06 - Megver83: Emulatorman: sin embargo, no podemos tener gnome-software hasta que arreglen eso
22:24:07 - Emulatorman: Megver83: nosotros aqui, "blacklistiamos" a archlinux-appstream-data
22:24:27 - Emulatorman: Megver83: recomiendo que eliminen esa basura de paquete ya que compromete la libertad
22:24:39 - Emulatorman: Megver83: dejame pasarte nuestro blacklist
22:26:02 - Emulatorman: isacdaavid: Megver83: https://git.hyperbola.info:50100/software/blacklist.git/tree/blacklist.txt#n32
22:26:19 - Megver83: Emulatorman: pero es una dependencia de gnome-software
22:26:34 - Emulatorman: isacdaavid: Megver83: aqui eliminamos y funciona perfectamente
Updated by isacdaavid almost 7 years ago
- % Done changed from 0 to 50
- Priority changed from freedom issue to wish
- Status changed from open to in progress
- Subject changed from gnome-software offers non-free software & shows incorrect licenses to [gnome-software][discover] offers non-free software & shows incorrect licenses
my verdict: temporarily block.
rebuilding in [libre] without depending on archlinux-appstream-data
is enough to sway mentions of nonfree software away (i tested this using Hyperbola's gnome-software
. i imagine it's similar for KDE discover
). in fact, all it can do afterwards is show installed programs (i'm kinda disappointed it doesn't use packagekit
to explore the repos despite needing it). i'll write in #813 about how we could develop a parabola-appstream-data
package to restore full functionality.
meanwhile, there's a plethora of places incorrect license information could come from: archlinux-appstream-data
, packages themselves (/usr/share/appdata/${pkgname}.appdata.xml
, maybe even the more traditional .desktop files?). for instance, while also doing without archlinux-appstream-data
, i found that gnome-software
would label an already-installed audacity
as proprietary; even though it's "GPL" according to pacman and "CC-BY" per audacity
's own reporting (/usr/share/appdata/audacity.appdata.xml
). as for free programs being mislabeled, i would say let's not be anal about it until it starts causing us tons of alarmed reports.
Updated by Megver83 almost 7 years ago
isacdaavid wrote:
my verdict: temporarily block.
rebuilding in [libre] without depending on
archlinux-appstream-data
is enough to sway mentions of nonfree software away (i tested this using Hyperbola'sgnome-software
. i imagine it's similar for KDEdiscover
). in fact, all it can do afterwards is show installed programs (i'm kinda disappointed it doesn't usepackagekit
to explore the repos despite needing it). i'll write in #813 about how we could develop aparabola-appstream-data
package to restore full functionality.meanwhile, there's a plethora of places incorrect license information could come from:
archlinux-appstream-data
, packages themselves (/usr/share/appdata/${pkgname}.appdata.xml
, maybe even the more traditional .desktop files?). for instance, while also doing withoutarchlinux-appstream-data
, i found thatgnome-software
would label an already-installedaudacity
as proprietary; even though it's "GPL" according to pacman and "CC-BY" peraudacity
's own reporting (/usr/share/appdata/audacity.appdata.xml
). as for free programs being mislabeled, i would say let's not be anal about it until it starts causing us tons of alarmed reports.
AFAIK Discover does not have this issue, I've look at it and for now no problems, but it's better to prevent anything
Updated by brainblasted almost 6 years ago
Someone put together a HOWTO on how archlinux-appstream-data is generated. https://sources.archlinux.org/other/packages/archlinux-appstream-data/HOWTO.
Basically someone with access to the package servers needs to use https://sources.archlinux.org/other/packages/archlinux-appstream-data/asgen-config.json, change 'arch' in the suites section to parabola, add the extra parabola repos (eg libre, pcr), and run the command in number 2. If we can do this, then gnome-software gets closer to getting in the repos again.
Another issue is flatpak. The flatpak package for arch includes flathub by default, which includes proprietary software. GNOME software would use this and end up showing and allowing users to install proprietary software. I see three solutions to this:
- Remove flathub from default install of flatpak
- Ask for a patch upstream to block proprietary apps in flatpak
- I've heard GNOME Software can filter out proprietary apps (this would be suboptimal on arch due to janky reporting within the appstream data, but everything in parabola repos is libre)
Updated by brainblasted almost 6 years ago
Another solution would be to host a mirror of flathub without proprietary apps. Thinking about it, the third point is suboptimal because libre apps may show as proprietary in GNOME Software, and thus be filtered out erroneously.
Updated by bill-auger almost 6 years ago
- Related to Freedom Issue #1035: [your-system-sanity]: Non-Free Software From Third-party Package Managers (TPPM) added
Updated by Megver83 almost 6 years ago
brainblasted wrote:
Someone put together a HOWTO on how archlinux-appstream-data is generated. https://sources.archlinux.org/other/packages/archlinux-appstream-data/HOWTO.
Basically someone with access to the package servers needs to use https://sources.archlinux.org/other/packages/archlinux-appstream-data/asgen-config.json, change 'arch' in the suites section to parabola, add the extra parabola repos (eg libre, pcr), and run the command in number 2. If we can do this, then gnome-software gets closer to getting in the repos again.
Didn't know about this. I'll look at this later at some moment ... no promises
Another issue is flatpak. The flatpak package for arch includes flathub by default, which includes proprietary software. GNOME software would use this and end up showing and allowing users to install proprietary software. I see three solutions to this:
- Remove flathub from default install of flatpak
- Ask for a patch upstream to block proprietary apps in flatpak
- I've heard GNOME Software can filter out proprietary apps (this would be suboptimal on arch due to janky reporting within the appstream data, but everything in parabola repos is libre)
Could you make a freedom issue report about this, specifying this too? (solutions, send patches, PKGBUILDs, etc) thx
Updated by bill-auger almost 6 years ago
- Tracker changed from Bug to Freedom Issue
if the bug (displays incorrect licenses) is itself a freedom issue (its the kind of bug that would prevent this program from being in parabola) - then probably this ticket can just be changed to "Freedom Issue"
is it even verified that this is a legimate bug ? - perhaps the licenses are being displayed as the packager has incorectly labeled them
Updated by Megver83 almost 6 years ago
bill-auger wrote:
if the bug (displays incorrect licenses) is itself a freedom issue (its the kind of bug that would prevent this program from being in parabola) - then probably this ticket can just be changed to "Freedom Issue"
is it even verified that this is a legimate bug ? - perhaps the licenses are being displayed as the packager has incorectly labeled them
idk why I marked it as a bug, but you're right, it's a freedom issue
Updated by GNUtoo about 2 years ago
- Subject changed from [gnome-software][discover] offers non-free software & shows incorrect licenses to ]Was: [gnome-software][discover] offers non-free software & shows incorrect licenses
- Tracker changed from Freedom Issue to Packaging Request
Updated by GNUtoo about 2 years ago
- Subject changed from ]Was: [gnome-software][discover] offers non-free software & shows incorrect licenses to [partial fixes] Package deblobed version of gnome-software. Was: [gnome-software][discover] offers non-free software & shows incorrect licenses
Updated by GNUtoo about 2 years ago
I've moved it as we don't have gnome-software anymore so there is no direct freedom issue anymore. I also made sure to promote the fact that it's half done so we do have infos on how to fix part of the issues.