summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2024-08-13 21:33:17 +0200
committerChristian Pointner <equinox@spreadspace.org>2024-08-13 21:33:17 +0200
commit0a150dc49993d41c8db182843387357aa571e8d7 (patch)
treef2e9d9bc4ff64362d7596910323ceab7292e29b2
parentupdate prom-server to 2.53.2 (diff)
add hacky workaround for thunnderbird snap with external gpg...
-rw-r--r--chaos-at-home/ch-equinox-t450s.yml1
-rw-r--r--chaos-at-home/ch-equinox-ws.yml1
-rw-r--r--roles/ws/thunderbird-gpg-hack/handlers/main.yml3
-rw-r--r--roles/ws/thunderbird-gpg-hack/tasks/main.yml49
4 files changed, 54 insertions, 0 deletions
diff --git a/chaos-at-home/ch-equinox-t450s.yml b/chaos-at-home/ch-equinox-t450s.yml
index e4f57287..ea1aca7f 100644
--- a/chaos-at-home/ch-equinox-t450s.yml
+++ b/chaos-at-home/ch-equinox-t450s.yml
@@ -33,6 +33,7 @@
- role: network/wireguard/base
- role: ws/minet
- role: ws/flatpak
+ - role: ws/thunderbird-gpg-hack
post_tasks:
- name: make sure tlp is started and enabled
systemd:
diff --git a/chaos-at-home/ch-equinox-ws.yml b/chaos-at-home/ch-equinox-ws.yml
index b2dd76db..c3010e44 100644
--- a/chaos-at-home/ch-equinox-ws.yml
+++ b/chaos-at-home/ch-equinox-ws.yml
@@ -33,6 +33,7 @@
- role: ws/base
- role: core/users
- role: ws/flatpak
+ - role: ws/thunderbird-gpg-hack
post_tasks:
- name: disable caps-lock
lineinfile:
diff --git a/roles/ws/thunderbird-gpg-hack/handlers/main.yml b/roles/ws/thunderbird-gpg-hack/handlers/main.yml
new file mode 100644
index 00000000..d4967d21
--- /dev/null
+++ b/roles/ws/thunderbird-gpg-hack/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: replace apparmor profile snap.thunderbird.thunderbird
+ command: apparmor_parser -v -C -r /var/lib/snapd/apparmor/profiles/snap.thunderbird.thunderbird
diff --git a/roles/ws/thunderbird-gpg-hack/tasks/main.yml b/roles/ws/thunderbird-gpg-hack/tasks/main.yml
new file mode 100644
index 00000000..8a6037e8
--- /dev/null
+++ b/roles/ws/thunderbird-gpg-hack/tasks/main.yml
@@ -0,0 +1,49 @@
+---
+## workaround for: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/2009825
+## also see: https://forum.snapcraft.io/t/thunderbird-snap-and-external-gnupg-for-smart-cards/39553/1
+
+# manual config changes:
+## go to: Edit -> Settings -> (scroll to the end) -> Config Editor...
+## mail.openpgp.allow_external_gnupg = true
+## mail.openpgp.alternative_gpg_path = /home/equinox/gpg-wrapper-snap.sh
+
+- name: connect gpg-keys slot of thunderbird snap
+ command: snap connect thunderbird:gpg-keys :gpg-keys
+ changed_when: false
+
+## TODOM make home-dir configurable or find location for wrapper that is usable for all users...
+- name: generate gpg-wrapper to workaround HOME variable issue
+ copy:
+ content: |
+ #!/bin/sh
+ export HOME="$SNAP_REAL_HOME"
+ exec $SNAP/usr/bin/gpg "$@"
+ dest: /home/equinox/gpg-wrapper-snap.sh
+ mode: 0755
+
+- name: create apparmor abstraction for gnupg2
+ copy:
+ content: |
+ # vim:syntax=apparmor
+ # gnupg2 sub-process running permissions
+
+ abi <abi/4.0>,
+
+ # user configurations
+ owner @{HOME}/.gnupg/* r,
+ owner @{HOME}/.gnupg/random_seed rk,
+ owner @{HOME}/.gnupg/tofu.db rwk,
+ owner /{,var/}run/user/[0-9]*/gnupg/* rw,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/gnupg2.d>
+ dest: /etc/apparmor.d/abstractions/gnupg2
+ notify: replace apparmor profile snap.thunderbird.thunderbird
+
+- name: patch thunderbird apparmor profile
+ lineinfile:
+ line: " #include <abstractions/gnupg2>"
+ state: present
+ insertafter: " #include <abstractions/openssl>"
+ path: /var/lib/snapd/apparmor/profiles/snap.thunderbird.thunderbird
+ notify: replace apparmor profile snap.thunderbird.thunderbird