Hello, I’ve recently begun work on a GTK module only to see that they are being removed for GTK4. What this module does is pretty simple. It just adds a style provider to every window but the tricky thing is it will add different providers based on xprop information associated with the window. I’m working on this as a part of bringing gnome to Qubes OS. The decorations are labels and coloring to identify which virtual machine/qube a window belongs to.
The way it works is by setting up a x11 forwarder in a VM and then forwarding all the x11 packets to another process running in the VM attached to the display, that will then draw the window. So in the VM that’s handling the display there’s an application that simply invokes XCreateWindow and then forwards the X11 packets from the client VM to the XORG server. (simplifying a bit here). In other window managers these decorations are provided server side. But the Mutter has stated a few times they wont accept any patches for server side decorations so that’s not a feasible approach. I suspect once GTK4 is adopted by gnome-shell what I’m currently doing will cease to work. I think the only option left is to port that X11 application to GTK. So instead of XCreateWindow I would create the window in GTK, get and pass the x11 window object associated with that GTK window back to the part that forwards all the X11 packets and then use GTK client side decorations to color and theme the window. I saw this though “If you rely on loading GTK+ modules, please come and talk to us about other ways to achieve what you are doing.” So I’m curious if that’s my only option and is that a feasible approach.
I also looked into making a gnome-shell extension to try and accomplish this but it didn’t look very good and GJS APIs are constantly updated so I’m hoping for a solution thats a little more LTS. Wayland support is quite a ways out as that’s going to require a complete rewrite of several components so I’m not worried about that.
It should be clear that anything you do on the client-side cannot be trusted at all - the client can draw whatever it wants, including fake window borders in the color you’ve chosen for ‘very secure’.
If you want this information to be trustworthy, it needs to be done server-side (ideally, outside the vm).
And thats how its been done in other window managers, And back before CSD was even a thing that was the only option as there was no way to make the application modify its own decorations. GNOME-shell/mutter doesn’t have support for that though (and the patched were rejected). What I’m proposing here is to just take the existing server side decorations and incorporate them into this application as client side decorations.
This would still be secure because the application I want to add CSD to does exist outside of the VM. To the window inside the virtual machine that needs to get rendered has no way to interact with mutter and doesn’t see CSD support in the environment so it will just render without CSD (so no double borders) and then that window object will be passed to the virtual machine that is running gnome which can then forward it to this application which then would use CSD to render the decorations.
The change I’m purposing is updating this pure X application which currently expects SSD borders into one that instead conforms with CSD so it can provide its own decorations. I’m currently just hacking the decorations on with a GTK_MODULE changing decorations mutter provides to the window. But this is kinda sub-optimal right? because the X application could just tell mutter its got CSD and then render them itself. The question was more if I create a basic CSD window with GTK can I still interact and do all the rendering though X .
It looks like I should be able to but I was wanted to run it by someone as I didn’t really find a whole lot of info about this. I did see some rumblings about how this wouldn’t be possible in Wayland because GTK doesn’t have a option to pass/get the wlsurface to the application so it could just interact with the compositor directly but since I’m doing this in X still it looks thats available. https://developer.gnome.org/gdk3/stable/gdk3-X-Window-System-Interaction.html#gdk-x11-window-get-xid
We are discouraging the use of loadable modules nowadays. GTK4 will not load general purpose third-party modules. If I were to do this, I’d look at using thing server-side decorations for the security classification, and use a theme that turns off shadows and invisible borders in the client-side decorations to make this not look too terrible.
Hmm, I think that would involve having a patched version of mutter to accomplish. Or maybe mutter supports plugins? I’ll probably investigate both ways but patching the compositor sounds daunting. Thanks!