Implement v2 notification spec #1298
Conversation
|
What is the case for letting an app play a sound freely? In the discussion there was talk of linking sound playback to specific cases, e.g. alarm, new message, new email. Also, it seems to me that the question of custom sounds versus system sounds still needs to be resolved for these example cases, unless there is a valid case to allow an app to play sound freely. |
It's not that apps are allowed to play sound freely, they are allowed to set it. The server may decided whether to play the sound. In GNOME Shell we have a policy system that controls whether a notification can have a sound or not.
I think this doesn't need to be exclusive and I don't see how it would conflict with class specific sounds.
Apps already can play any sound if they have the correct sandbox permission. So we prefer that apps use the notification sound so that the system policy can be respected e.g. do-not-disturb. Although, we may want to restrict the type and length of the sound a notification can have. |
jsparber
changed the title
|
What is driving me nuts in the freedesktop notification spec is that there's no way to know that system sounds are supported and which music formats are supported for custom sounds. This made the sound spec part just unusable when I attempted to play sound with it:
This resulted in application always playing the notification sound on its own. I really hope these problems will be solved in the new API. |
jsparber
force-pushed
the
implement_v2_notification_spec
branch
from
eae298c
to
6cb0d0b
Compare
jsparber
force-pushed
the
implement_v2_notification_spec
branch
2 times, most recently
from
1c893d7
to
9c11013
Compare
jsparber
force-pushed
the
implement_v2_notification_spec
branch
from
9c11013
to
60db472
Compare
I think one thing to check is if there are static permissions that can help apps guess what mode the device is in (sound, vibration, silent, DND). For example, alarms will certainly be allowed by users, because they are logically important to them. In fact, apps that will use alarm notifications will be able to play sound (because in any mode you cannot completely mute the sound, unless it can be done selectively without dynamic permission), but especially to present a notification (even more so if this is also not constrained by specific experience and actions). |
jsparber
force-pushed
the
implement_v2_notification_spec
branch
8 times, most recently
from
5705ffc
to
049806c
Compare
jsparber
changed the title
|
@pwithnall thanks for the review :) |
jsparber
force-pushed
the
implement_v2_notification_spec
branch
from
049806c
to
fc2483f
Compare
|
Still have to look at the sound validator but I'm through with everything else. |
This makes it possible to use memfd_create() to create a temporary file. And in a future commit the portal will allow passing icons as a sealable memfd.
Images shouldn't be to big in size. 4MBs is more then enough for all cases.
Since in a future commit the notification portal will also accept sealable memfds we can also use it internally so that we don't have to create a temporary file and clean it up after the validation.
Icons could potentially be really big in size. Instead of passing the data via GBytesIcon (as part of the D-Bus message) allow passing a sealed fd created with `memfd_create()`
This property allows applications to specify a sound to be played whenever the notification is displayed. The format used is inspired by the serialized from of GIcons.
The `markup-body` property allows applications to set markup on the body. The used markup is a subset of html limted to <b>, <i> and <a>.
The `desktop-file-id` allows applications to specify the desktop file that should be used to look up information about the app. This is especially useful for unsandboxed apps where the portal can't look up the desktop file id based on the app id.
This property allows apps to specify how the notification is displayed.
We need to hand out the activation token for XDG Activation in some way. I think it's pretty nice that we can just add the same platform data as used for DBus Activation to the ActionInvoked signal.
The category allows the notification server to handle specific notification different. E.g. calls notifications.
The purpose for a button allows the notification server to style the button specially and know the purpose of the button.
Let applications query supported options for category and button purpose.
jsparber
force-pushed
the
implement_v2_notification_spec
branch
from
c3ad5be
to
2b87e09
Compare
I think I addressed everything. Expect for converting all bytes icons to fds, since it involves even more changes. |
| int output_fd = -1; | ||
| xdp_autofd int stdout_fd = -1; | ||
|
|
||
| stdout_fd = memfd_create("spawn-validator-stdout", 0); |
There was a problem hiding this comment.
I don't see the point of using a memfd for stdout. It's a few bytes of text.
| lseek(input_fd, 0, SEEK_SET); | ||
|
|
||
| launcher = g_subprocess_launcher_new (G_SUBPROCESS_FLAGS_NONE); | ||
| g_subprocess_launcher_take_stdout_fd (launcher, xdp_steal_fd (&stdout_fd)); |
There was a problem hiding this comment.
This is transferring ownership. At that point using the fd (output_fd or stdout_fd) is an error! If you want to be able to use the fd while the function takes ownership, you have to dup the fd.
Nothing here is crashing because the launcher keeps the fd around until it is disposed via the autoptr but conceptually, the launcher owns the fd and could close it at any time.
| } | ||
|
|
||
| input_fd = dup(fd); | ||
| // We don't need to dup() it since it will life till the launcher is dropped |
src/xdp-utils.c
Outdated
| args[1] = "--sandbox"; | ||
| args[2] = name; | ||
| args[3] = NULL; | ||
| args[2] = NULL; |
There was a problem hiding this comment.
Can we make the validator take either a file path or a fd argument and then mmap either of them? That way using it on the command line still works which will be helpful if this something is going wrong.
There was a problem hiding this comment.
I was thinking about doing that but it's possible to just do ./_build/src/xdg-desktop-portal-validate-icon 3< image.png on the terminal so since the validator is only used by us there isn't much need to have a nicer command line interface.
There was a problem hiding this comment.
Yes, but hardcoding some fd number is just bad design and having a filename argument takes a few lines of code.
| } | ||
|
|
||
| static int | ||
| bytes_to_fd (GBytes *bytes) |
There was a problem hiding this comment.
The name itself is useless. A fd can represent anything but this specifically creates a memfd.
| void | ||
| cleanup_temp_file (void *p) | ||
| static gboolean | ||
| ensure_sealed_memfd (int fd, |
There was a problem hiding this comment.
Not really a fan of this and the other function. Can we make this one mapped_file_new_sealed_from_fd and the other one mapped_file_new_sealed_from_bytes?
There was a problem hiding this comment.
Ah, no, that doesn't work because it represents an mmap'ed area. Then maybe a XdpMemfd gobject with new_from_bytes, new_from_fd, seal, take_fd, dup_fd.
After lot of consideration I started implementing parts of the proposed and discussed notification API
For now this includes:
desktop-file-idpropertymarkup-bodypropertydisplay-hintpropertynew actions, similar to buttons (the name may be a little confusing, open for suggestions)Part of buttons nowcontent-typecategorypropertycontent-typecategory,action purposeand button purpose APIThis needs changes in libportal flatpak/libportal#147 for tests.
I also started writing the changes needed in xdg-desktop-portal-gtk: https://github.com/jsparber/xdg-desktop-portal-gtk/tree/implement_notification_v2 and other portal backends need to do the same thing.
Parts that didn't made it from #1304 into this MR may be added it a later revision of the portal.
Fixes: #485