496983 – Discover does not warn about new Flatpak permissions

Bug 496983 - Discover does not warn about new Flatpak permissions

Summary: Discover does not warn about new Flatpak permissions

Status:	RESOLVED FIXED

Alias:	None

Product:	Discover
Classification:	Applications
Component:	discover (show other bugs)
Version:	unspecified
Platform:	Fedora RPMs Linux

Importance:	NOR major
Target Milestone:	---
Assignee:	Plasma Bugs List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-12-03 12:36 UTC by kde-bugzilla
Modified:	2025-01-04 12:23 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:	https://invent.kde.org/plasma/discover/-/commit/b20f775e7894ed2ea484fa18ce92bcc409211070
Version Fixed In:	6.3.0
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description kde-bugzilla 2024-12-03 12:36:57 UTC

SUMMARY
Unlike gnome-software and regular `flatpak update`, KDE Discover does not warn about when an app that's being updated gets a new permission.

STEPS TO REPRODUCE
1. Check the updates page when there's an update to a flatpak that requests a new permission 

OBSERVED RESULT
No warning about the new permission

EXPECTED RESULT
It should show an indicator that the app is now requesting a newly added permission

SOFTWARE/OS VERSIONS
Operating System: Fedora Linux 41
KDE Plasma Version: 6.2.4
KDE Frameworks Version: 6.8.0
Qt Version: 6.8.0
Kernel Version: 6.11.10-300.fc41.x86_64 (64-bit)
Graphics Platform: Wayland
Processors: 12 × AMD Ryzen 5 5600G with Radeon Graphics
Memory: 13.5 GiB of RAM
Graphics Processor: AMD Radeon Graphics


ADDITIONAL INFORMATION
Many people like me manually manage flatpak permissions, a silent update could cause a security vulnerability to that user that creates a higher restriction for their flatpaks.

Comment 1 Bug Janitor Service 2024-12-05 01:35:49 UTC

A possibly relevant merge request was started @ https://invent.kde.org/plasma/discover/-/merge_requests/981

Comment 2 Aleix Pol 2024-12-24 00:30:37 UTC

Git commit b20f775e7894ed2ea484fa18ce92bcc409211070 by Aleix Pol Gonzalez, on behalf of Aleix Pol.
Committed on 24/12/2024 at 00:25.
Pushed by apol into branch 'master'.

flatpak: Include changes in permissions on the changelog

Adds a "New Permissions" section on the changelog that lists the new
permissions among those we track.

M  +5    -0    libdiscover/backends/FlatpakBackend/FlatpakPermission.h
M  +38   -18   libdiscover/backends/FlatpakBackend/FlatpakResource.cpp
M  +1    -0    libdiscover/backends/FlatpakBackend/FlatpakResource.h

https://invent.kde.org/plasma/discover/-/commit/b20f775e7894ed2ea484fa18ce92bcc409211070

Comment 3 Aleix Pol 2024-12-24 00:30:38 UTC

Git commit 5573325f1b587ba7066091b0143e4f9891ca4219 by Aleix Pol Gonzalez, on behalf of Aleix Pol.
Committed on 24/12/2024 at 00:25.
Pushed by apol into branch 'master'.

flatpak: Display as extended update delegates that need attention

That would be when new permissions are requested.

M  +6    -1    discover/qml/UpdatesPage.qml
M  +1    -0    libdiscover/UpdateModel/UpdateItem.cpp
M  +19   -10   libdiscover/backends/FlatpakBackend/FlatpakResource.cpp
M  +2    -0    libdiscover/backends/FlatpakBackend/FlatpakResource.h
M  +5    -0    libdiscover/resources/AbstractResource.h

https://invent.kde.org/plasma/discover/-/commit/5573325f1b587ba7066091b0143e4f9891ca4219