print: Use Poppler to render pages to print #366
Conversation
TingPing
changed the title
|
Your description of this change isn't very helpful. Could you go into more detail why its necessary to depend on Poppler? |
This comment has been minimized.
This comment has been minimized.
|
Firefox sends a pdf file that contains all the information, paper size, margins... |
|
I don't agree: This is the behavior of xdg-desktop-porta-kdel |
|
One thing I am certain of: Poppler is not a safe library to use as you use it here. The data that applications send is considered untrusted and the xdg-desktop-portal-gtk process is on the host. If poppler really is something we should be using it needs to be executed in a sandboxed subprocess. |
|
I have no idea how to sandboxed the use of poppler, I am taking advice |
|
We use the bubblewrap tool for sandboxing. Broadly speaking you use the This will execute a process that has no network access, can't write to disk, etc. You could transfer return data over I'm not sure the exact format you would return necessarily, its just I don't believe we should be doing any PDF processing in the main process. |
|
Thanks, I'll take a look. |
Also to answer my own question. You are right.
|
|
I based myself on the implementation of kde, if there is a token we use it. otherwise we launch directly the printing, we never launch the dialog box. |
|
It sounds like KDE is not following the documentation: https://flatpak.github.io/xdg-desktop-portal/#gdbus-org.freedesktop.portal.Print |
Thanks for the documentation, and you are right. |
Yes that is on purpose. Again the point of portals is for users to always be in control, not applications. If an application can print anything it is a bypass. |
|
This can also be seen as an evolution. A PDF contains all the information necessary to be processed by a printer. Why transmit more information than necessary. For a long time the standard printer was postscript, the pdf is an evolution. |
|
This is a security boundary it has nothing to do with the format. Applications in Flatpak cannot print without explicit user approval. |
|
That I understand! |
|
@TingPing |
|
The safest format might be a raw GdkPixbuf, since it doesn't involve parsing anything. Or a similar pixel format in cairo. |
|
Can we add a binary to the project that does the work? |
|
Yes absolutely you can build the binary here, install it to |
|
I'm almost done! This gives you an idea of things. |
Fix build dependency. Refactoring of the MR to sandbox dangerous code Fix printing Update test.yml Force install deps Fix build Fix the print quality Test if the file is a pdf and finish the print job properly
ThierryHFR
force-pushed
the
fix-signal-print-with-mozilla
branch
from
e48a194
to
9cb421f
Compare
|
@TingPing,
3 - Otherwise open the print dialog box |
| @@ -42,6 +43,15 @@ | |||
|
|
|||
| #include "gtkbackports.h" | |||
|
|
|||
| #define DPI 150.0 | |||
There was a problem hiding this comment.
Document origin of this magic number?
There was a problem hiding this comment.
I'm still not sure I understand the reasoning behind "my choice".
There was a problem hiding this comment.
I chose 150 as the print resolution, I hesitated with 300 but that corresponds more to a print resolution for graphic designer.
There was a problem hiding this comment.
Please edit this comment to say that. Something along the lines of "150 is a reasonable resolution for consumer printing".
Co-authored-by: Patrick <[email protected]>
…xdg-desktop-portal-gtk into fix-signal-print-with-mozilla
Co-authored-by: Patrick <[email protected]>
|
It would be nice to integrate a git script analyzing the style as it is done on the gitlab project of sane-backend : Correct: |
|
I broke something, I'm looking for ... |
|
I think I'm done! |
| g_ptr_array_add (args, g_strdup_printf ("--file=%s", filename)); | ||
| g_ptr_array_add (args, g_strdup_printf ("--raw=%d", page)); | ||
| g_ptr_array_add (args, NULL); | ||
| process = g_subprocess_newv ((const gchar * const *)args->pdata, G_SUBPROCESS_FLAGS_STDOUT_PIPE, NULL); |
There was a problem hiding this comment.
This still needs to run under bwrap to be sandboxed.
There was a problem hiding this comment.
I don't understand, can you give me more details? Thank you
There was a problem hiding this comment.
This discussion: #366 (comment)
There was a problem hiding this comment.
I think that bwrap is completely respected!
The executed process does not access the network, does not write to the disk and the return is done on STDOUT
If we talk about this line :
413 if ((fd2 = g_file_open_tmp (PACKAGE_NAME "XXXXXX", &filename, &err)) == -1)
414 return FALSE;
415
416 ostream = g_unix_output_stream_new (fd2, TRUE);
This is a copy of the code in the same file:
503 if ((fd2 = g_file_open_tmp (PACKAGE_NAME "XXXXXX", &filename, error)) == -1)
504 return FALSE;
505
506 ostream = (GUnixOutputStream *)g_unix_output_stream_new (fd2, TRUE);1
I am open to your suggestions.
| @@ -42,6 +43,15 @@ | |||
|
|
|||
| #include "gtkbackports.h" | |||
|
|
|||
| #define DPI 150.0 | |||
There was a problem hiding this comment.
Please edit this comment to say that. Something along the lines of "150 is a reasonable resolution for consumer printing".
Co-authored-by: Patrick <[email protected]>
Co-authored-by: Patrick <[email protected]>
|
Can this be behind a make configure option? |
Fixed by ee2cc51 |
Thanks! |
When you print (event "handle_print") with the new mozilla printing interface (thunderbird and firefox), you systematically open the portal printing box.
The printing is supposed to start immediately.
The eventemnent "handle-prepare-print" is the only one to open the portal print box.