cherry-pick bug-fix of release/eagle

[LiHua000]

fix: [env] set user`s environment to QApt (#334)
fix: 双击ddim文件使用软件包安装器打开

Summary by Sourcery

Propagate the real invoking user into QApt transactions when uninstalling or installing packages to ensure the correct environment is used for deb operations.

Bug Fixes:

• Ensure QApt transactions inherit the real user (SUDO_USER or USER) environment when uninstalling packages.
• Ensure QApt transactions inherit the real user (SUDO_USER or USER) environment when installing deb packages.

[sourcery-ai]

Reviewer's Guide

This PR cherry-picks a bug fix to ensure QApt transactions run under the real user’s environment (particularly when launched via sudo), by passing the appropriate SUDO_USER value into uninstall and install transactions when virtual package enhancements are enabled.

Sequence diagram for installDebs transaction with real user environment

sequenceDiagram
    actor User
    participant FileManager
    participant DebInstaller as DebInstallerApp
    participant DebListModel
    participant QAptTransaction

    User->>FileManager: Double-click .deb/.ddim
    FileManager->>DebInstaller: Launch with package path
    DebInstaller->>DebListModel: installDebs()
    DebListModel->>DebListModel: Create QAptTransaction transaction
    DebListModel->>DebListModel: m_currentTransaction = transaction

    opt ENABLE_VIRTUAL_PACKAGE_ENHANCE
        DebListModel->>DebListModel: env = QProcessEnvironment::systemEnvironment()
        DebListModel->>DebListModel: currentUser = env.value(USER)
        DebListModel->>DebListModel: realUser = env.value(SUDO_USER)
        DebListModel->>DebListModel: if realUser is empty then realUser = currentUser
        DebListModel->>QAptTransaction: setEnvVariable({ SUDO_USER: realUser })
    end

    DebListModel->>QAptTransaction: run()
    QAptTransaction-->>DebListModel: Installation result

Loading

Sequence diagram for slotUninstallPackage with real user environment

sequenceDiagram
    actor User
    participant DebInstaller as DebInstallerApp
    participant DebListModel
    participant QAptTransaction

    User->>DebInstaller: Request uninstall package
    DebInstaller->>DebListModel: slotUninstallPackage(index)
    DebListModel->>DebListModel: Create QAptTransaction transsaction
    DebListModel->>DebListModel: m_currentTransaction = transsaction

    opt ENABLE_VIRTUAL_PACKAGE_ENHANCE
        DebListModel->>DebListModel: env = QProcessEnvironment::systemEnvironment()
        DebListModel->>DebListModel: currentUser = env.value(USER)
        DebListModel->>DebListModel: realUser = env.value(SUDO_USER)
        DebListModel->>DebListModel: if realUser is empty then realUser = currentUser
        DebListModel->>QAptTransaction: setEnvVariable({ SUDO_USER: realUser })
    end

    DebListModel->>QAptTransaction: run()
    QAptTransaction-->>DebListModel: Uninstall result

Loading

Class diagram for DebListModel environment-aware transactions

classDiagram
    class DebListModel {
        - QAptTransaction* m_currentTransaction
        + bool slotUninstallPackage(int index)
        + void installDebs()
    }

    class QAptTransaction {
        + void setEnvVariable(QVariantMap env)
        + void run()
    }

    class QProcessEnvironment {
        + static QProcessEnvironment systemEnvironment()
        + QString value(QString name)
    }

    class QVariantMap
    class QString

    DebListModel --> QAptTransaction : uses
    DebListModel --> QProcessEnvironment : reads_system_env
    DebListModel --> QVariantMap : builds_env_map
    DebListModel --> QString : uses_for_usernames
    QAptTransaction --> QVariantMap : env_variables

Loading

File-Level Changes

Change	Details	Files
Ensure QApt transactions execute with the correct real user environment when invoked via sudo, for both uninstall and install flows, gated by ENABLE_VIRTUAL_PACKAGE_ENHANCE.	On uninstall, capture USER and SUDO_USER from the system environment, resolve the real user, and pass it to the transaction via setEnvVariable On install, apply the same environment extraction and SUDO_USER propagation logic to the current transaction via setEnvVariable Guard the new environment handling logic with ENABLE_VIRTUAL_PACKAGE_ENHANCE so it only applies to compatible QApt versions	src/deb-installer/model/deblistmodel.cpp

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• The logic that builds and sets the SUDO_USER environment for transactions is duplicated in both uninstall and install; consider extracting this into a small helper method to keep the behavior in one place and reduce maintenance overhead.
• In slotUninstallPackage, m_currentTransaction is assigned twice (once before the #ifdef and once inside it); the second assignment appears redundant and could be removed to avoid confusion about when the member is initialized.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The logic that builds and sets the SUDO_USER environment for transactions is duplicated in both uninstall and install; consider extracting this into a small helper method to keep the behavior in one place and reduce maintenance overhead.
- In slotUninstallPackage, m_currentTransaction is assigned twice (once before the #ifdef and once inside it); the second assignment appears redundant and could be removed to avoid confusion about when the member is initialized.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[LiHua000]

/merge

[deepin-bot]

This pr cannot be merged! (status: unstable)

[deepin-ci-robot]

deepin pr auto review

我来对这个diff进行详细的代码审查：

1. 功能变更分析：

• 主要增加了对新的MIME类型(application/x-ddim)的支持
• 增加了ENABLE_QAPT_SETENV宏定义，用于在特定版本下启用环境变量设置功能
• 在安装和卸载操作中增加了环境变量设置，用于保存真实的用户信息

2. 代码质量问题：

(1) 代码重复：

// 在slotUninstallPackage和installDebs中存在重复代码块
#ifdef ENABLE_QAPT_SETENV
    QProcessEnvironment env = QProcessEnvironment::systemEnvironment();
    QVariantMap map;
    // 获取当前真实用户信息
    QString currentUser = env.value("USER");
    // 如果SUDO_USER存在，说明当前是通过sudo启动的
    QString realUser = env.value("SUDO_USER");
    if (realUser.isEmpty())
        realUser = currentUser;
    map.insert("SUDO_USER", realUser);
    transsaction->setEnvVariable(map);
#endif

建议：将这段代码抽取为一个独立的方法，如setTransactionEnvironment(QApt::Transaction* transaction)

(2) 变量重复赋值：

m_currentTransaction = transsaction;  // 第一次赋值
...
m_currentTransaction = transsaction;   // 在#ifdef块内重复赋值

建议：删除重复赋值，保留一处即可。

3. 安全性问题：

• 使用QProcessEnvironment::systemEnvironment()获取环境变量是安全的
• 保存SUDO_USER环境变量有助于追踪实际操作用户，这是一个好的安全实践

4. 性能问题：

• 获取环境变量的操作开销很小，对性能影响可忽略
• 建议在构造函数中缓存环境变量值，避免重复获取

5. 改进建议：

(1) 重构代码：

void DebListModel::setTransactionEnvironment(QApt::Transaction* transaction) {
#ifdef ENABLE_QAPT_SETENV
    static const QString realUser = []() {
        QProcessEnvironment env = QProcessEnvironment::systemEnvironment();
        QString user = env.value("SUDO_USER");
        return user.isEmpty() ? env.value("USER") : user;
    }();
    
    QVariantMap envMap;
    envMap.insert("SUDO_USER", realUser);
    transaction->setEnvVariable(envMap);
#endif
}

(2) 使用lambda表达式和static变量来缓存环境变量值，避免重复获取

(3) 增加错误处理：

if (!transaction) {
    qCWarning(appLog) << "Invalid transaction pointer";
    return;
}

6. 其他建议：

• 在deepin-deb-installer.desktop中添加新的MIME类型时，建议添加相应的注释说明
• CMakeLists.txt中的条件编译注释可以更详细一些，说明具体的版本依赖关系

这些改进将使代码更加健壮、可维护，并提高代码复用性。

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: LiHua000, lzwind

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[LiHua000]

/merge

[deepin-bot]

This pr cannot be merged! (status: unstable)

[LiHua000]

/merge