Project

General

Profile

Freedom issue #1413

[gnome-software][discover] offers non-free software & shows incorrect licenses

Megver83 - over 2 years ago - . Updated over 1 year ago.

Status:
in progress
Priority:
wish
Assignee:
-
% Done:

50%


Description

Hi, I recently installed the gnome-software pkg in my system and guess what I found: Chromium, Opera, Firefox, playonlinux, Oracle VM Virtual-box, etc. However, I've been told (I'm not sure) that Debian's version does not have those nonfree recommendations. We could have a look at it, and if there are no patches, we'll have to blacklist gnome-software unless we effectively block the proprietary crap.


Related issues

Related to Packages - Bug #813: [archlinux-appstream-data] problem with gnome-softwarein progress2015-09-26

Actions
Related to Packages - Freedom issue #1035: [your-system-sanity]: Non-Free Software From Third-party Package Managersin progress

Actions

History

#1

Updated by Megver83 over 2 years ago

  • Subject changed from gnome-software offers non-free software to gnome-software offers non-free software & shows incorrect licenses

To make it worse: I found Kodi, and it says that the license is proprietary, when it is GPL2. This is also with most programs, there are many that also appear as "unknown" licenses. Firefox says "Unknown", VLC says "Proprietary", etc... I'll temporally blacklist it, this is too much

https://git.parabola.nu/blacklist.git/commit/?id=47620a1ff37c23b62939dbf60c382c3d912f4c67

#2

Updated by isacdaavid over 2 years ago

  • Related to Bug #813: [archlinux-appstream-data] problem with gnome-software added
#3

Updated by isacdaavid over 2 years ago

I think all that information is coming from archlinux-appstream-data (bug #813). I have mentioned this bug in relation to #1371, I suspect apparmor-profiles and archlinux-appstream-data stay or fall together.

#4

Updated by Megver83 over 2 years ago

isacdaavid wrote:

I think all that information is coming from archlinux-appstream-data (bug #813). I have mentioned this bug in relation to #1371, I suspect apparmor-profiles and archlinux-appstream-data stay or fall together.

so then we must replace archlinux-appstream-data with sth. like parabola-appstream-data, or lets see what happens if we remove it as Emulatorman suggested at #hyperbola

22:21:22 - Megver83: Emulatorman: https://git.parabola.nu/blacklist.git/commit/?id=47620a1ff37c23b62939dbf60c382c3d912f4c67
22:23:09 - Emulatorman: Megver83: no hay manera de salvarlo?
22:23:28 - Megver83: Emulatorman: isacdaavid actualizo el issue, revisalo
22:23:28 - Emulatorman: Megver83: no sera algo secundario que lo esta afectando
22:23:30 - Emulatorman: ?
22:23:48 - Megver83: Emulatorman: parece que si, creo que es archlinux-appstream-data
22:24:06 - Megver83: Emulatorman: sin embargo, no podemos tener gnome-software hasta que arreglen eso
22:24:07 - Emulatorman: Megver83: nosotros aqui, "blacklistiamos" a archlinux-appstream-data
22:24:27 - Emulatorman: Megver83: recomiendo que eliminen esa basura de paquete ya que compromete la libertad
22:24:39 - Emulatorman: Megver83: dejame pasarte nuestro blacklist
22:26:02 - Emulatorman: isacdaavid: Megver83: https://git.hyperbola.info:50100/software/blacklist.git/tree/blacklist.txt#n32
22:26:19 - Megver83: Emulatorman: pero es una dependencia de gnome-software
22:26:34 - Emulatorman: isacdaavid: Megver83: aqui eliminamos y funciona perfectamente

#5

Updated by isacdaavid over 2 years ago

  • % Done changed from 0 to 50
  • Priority changed from freedom issue to wish
  • Status changed from open to in progress
  • Subject changed from gnome-software offers non-free software & shows incorrect licenses to [gnome-software][discover] offers non-free software & shows incorrect licenses

my verdict: temporarily block.

rebuilding in [libre] without depending on archlinux-appstream-data is enough to sway mentions of nonfree software away (i tested this using Hyperbola's gnome-software. i imagine it's similar for KDE discover). in fact, all it can do afterwards is show installed programs (i'm kinda disappointed it doesn't use packagekit to explore the repos despite needing it). i'll write in #813 about how we could develop a parabola-appstream-data package to restore full functionality.

meanwhile, there's a plethora of places incorrect license information could come from: archlinux-appstream-data, packages themselves (/usr/share/appdata/${pkgname}.appdata.xml, maybe even the more traditional .desktop files?). for instance, while also doing without archlinux-appstream-data, i found that gnome-software would label an already-installed audacity as proprietary; even though it's "GPL" according to pacman and "CC-BY" per audacity's own reporting (/usr/share/appdata/audacity.appdata.xml). as for free programs being mislabeled, i would say let's not be anal about it until it starts causing us tons of alarmed reports.

#6

Updated by Megver83 over 2 years ago

isacdaavid wrote:

my verdict: temporarily block.

rebuilding in [libre] without depending on archlinux-appstream-data is enough to sway mentions of nonfree software away (i tested this using Hyperbola's gnome-software. i imagine it's similar for KDE discover). in fact, all it can do afterwards is show installed programs (i'm kinda disappointed it doesn't use packagekit to explore the repos despite needing it). i'll write in #813 about how we could develop a parabola-appstream-data package to restore full functionality.

meanwhile, there's a plethora of places incorrect license information could come from: archlinux-appstream-data, packages themselves (/usr/share/appdata/${pkgname}.appdata.xml, maybe even the more traditional .desktop files?). for instance, while also doing without archlinux-appstream-data, i found that gnome-software would label an already-installed audacity as proprietary; even though it's "GPL" according to pacman and "CC-BY" per audacity's own reporting (/usr/share/appdata/audacity.appdata.xml). as for free programs being mislabeled, i would say let's not be anal about it until it starts causing us tons of alarmed reports.

AFAIK Discover does not have this issue, I've look at it and for now no problems, but it's better to prevent anything

#7

Updated by brainblasted over 1 year ago

Someone put together a HOWTO on how archlinux-appstream-data is generated. https://sources.archlinux.org/other/packages/archlinux-appstream-data/HOWTO.

Basically someone with access to the package servers needs to use https://sources.archlinux.org/other/packages/archlinux-appstream-data/asgen-config.json, change 'arch' in the suites section to parabola, add the extra parabola repos (eg libre, pcr), and run the command in number 2. If we can do this, then gnome-software gets closer to getting in the repos again.

Another issue is flatpak. The flatpak package for arch includes flathub by default, which includes proprietary software. GNOME software would use this and end up showing and allowing users to install proprietary software. I see three solutions to this:

  • Remove flathub from default install of flatpak
  • Ask for a patch upstream to block proprietary apps in flatpak
  • I've heard GNOME Software can filter out proprietary apps (this would be suboptimal on arch due to janky reporting within the appstream data, but everything in parabola repos is libre)
#8

Updated by brainblasted over 1 year ago

Another solution would be to host a mirror of flathub without proprietary apps. Thinking about it, the third point is suboptimal because libre apps may show as proprietary in GNOME Software, and thus be filtered out erroneously.

#9

Updated by bill-auger over 1 year ago

  • Related to Freedom issue #1035: [your-system-sanity]: Non-Free Software From Third-party Package Managers added
#10

Updated by Megver83 over 1 year ago

brainblasted wrote:

Someone put together a HOWTO on how archlinux-appstream-data is generated. https://sources.archlinux.org/other/packages/archlinux-appstream-data/HOWTO.

Basically someone with access to the package servers needs to use https://sources.archlinux.org/other/packages/archlinux-appstream-data/asgen-config.json, change 'arch' in the suites section to parabola, add the extra parabola repos (eg libre, pcr), and run the command in number 2. If we can do this, then gnome-software gets closer to getting in the repos again.

Didn't know about this. I'll look at this later at some moment ... no promises

Another issue is flatpak. The flatpak package for arch includes flathub by default, which includes proprietary software. GNOME software would use this and end up showing and allowing users to install proprietary software. I see three solutions to this:

  • Remove flathub from default install of flatpak
  • Ask for a patch upstream to block proprietary apps in flatpak
  • I've heard GNOME Software can filter out proprietary apps (this would be suboptimal on arch due to janky reporting within the appstream data, but everything in parabola repos is libre)

Could you make a freedom issue report about this, specifying this too? (solutions, send patches, PKGBUILDs, etc) thx

#11

Updated by bill-auger over 1 year ago

  • Tracker changed from Bug to Freedom issue

if the bug (displays incorrect licenses) is itself a freedom issue (its the kind of bug that would prevent this program from being in parabola) - then probably this ticket can just be changed to "Freedom Issue"

is it even verified that this is a legimate bug ? - perhaps the licenses are being displayed as the packager has incorectly labeled them

#12

Updated by Megver83 over 1 year ago

bill-auger wrote:

if the bug (displays incorrect licenses) is itself a freedom issue (its the kind of bug that would prevent this program from being in parabola) - then probably this ticket can just be changed to "Freedom Issue"

is it even verified that this is a legimate bug ? - perhaps the licenses are being displayed as the packager has incorectly labeled them

idk why I marked it as a bug, but you're right, it's a freedom issue

Also available in: Atom PDF