Overly-broad permissions added for Electron's StatusNotifier

[jntesteves]

I'm creating an issue to track the resolution of the overly-broad permissions added by commit f1f6302.

Recent Electron updates have moved from libappindicator to directly using StatusNotifier.

Unfortunately the initial version of this required a sandbox escape.

This will be fixed in a future release of electron: electron/electron#37053

Related to: electron/electron#37053

Was this really necessary? Could this app keep using an older Electron until the issue is resolved upstream? As is, I've masked the app on my system until this issue is resolved.

[TingPing]

Could this app keep using an older Electron until the issue is resolved upstream?

No. Discord is proprietary and developed against whatever version of Electron they wish.

[TingPing]

As is, I've masked the app on my system until this issue is resolved.

Discord also doesn't actually support old versions of the app. We disable the update checker but if the app works or not is up to luck.

[jntesteves]

Hi, thanks for the answers.

We disable the update checker but if the app works or not is up to luck.

Unrelated to this issue, but does this mean the auto-updater on the app is supposed to be disabled? Because I think I've been getting updates within the app, or at least I get the green arrow notification in-app saying there's an update, and it seems to apply when clicking on it or restarting the app.

[TingPing]

The normal behavior of Discord is upon start it refuses to run unless the core app is updated. We bypass that: https://github.com/flathub/com.discordapp.Discord/blob/master/disable-breaking-updates.py

I'm not certain what types of updates it can still apply to itself. The app binary we launch will always remain unchanged. But it can probably update some data.

[lionirdeadman]

So my understanding is that there are two types of updates that Discord pushes.

1. Node module and web interface updates
2. Binary app updates

The first type should always work as it simply updates modifiable stuff and they handle that well.

The second will block the app at startup and locks the software version with electron. It will ask people using the app to download a tarball or a deb file, neither of which are likely to be wanted by a person using this and it's just generally overly confusing to people.

The setting we apply is supposed to be respected by Discord and block the second type of updates. We do this because otherwise people get locked up very quickly and puts a lot of pressure on us to update unreasonably quickly.

[jntesteves]

Hi, I think the permission --own-name=org.kde.* might not be necessary anymore. Today I unmasked Discord (I had it masked since this change) and the first thing I did was to override this permission before launching the app, and the tray icon appeared and is working as usual.

My test is on Gnome 45 (Fedora Silverblue 39).

Edit: To make it clear — because Gnome doesn't support App Indicators by default — I'm using the AppIndicator and KStatusNotifierItem Support extension for gnome-shell.

[guihkx]

Latest Discord now ships with Electron 32.0.0, so if anyone is still interested on this, feel free to send a PR, because I'm not entirely sure the exact permissions we should remove.

Plus, I can only really do my testing on X11, but I'd like to have someone test this on Wayland as well.