diff options
Diffstat (limited to 'roles/ws/thunderbird-gpg-hack/tasks/main.yml')
-rw-r--r-- | roles/ws/thunderbird-gpg-hack/tasks/main.yml | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/roles/ws/thunderbird-gpg-hack/tasks/main.yml b/roles/ws/thunderbird-gpg-hack/tasks/main.yml new file mode 100644 index 00000000..8a6037e8 --- /dev/null +++ b/roles/ws/thunderbird-gpg-hack/tasks/main.yml @@ -0,0 +1,49 @@ +--- +## workaround for: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/2009825 +## also see: https://forum.snapcraft.io/t/thunderbird-snap-and-external-gnupg-for-smart-cards/39553/1 + +# manual config changes: +## go to: Edit -> Settings -> (scroll to the end) -> Config Editor... +## mail.openpgp.allow_external_gnupg = true +## mail.openpgp.alternative_gpg_path = /home/equinox/gpg-wrapper-snap.sh + +- name: connect gpg-keys slot of thunderbird snap + command: snap connect thunderbird:gpg-keys :gpg-keys + changed_when: false + +## TODOM make home-dir configurable or find location for wrapper that is usable for all users... +- name: generate gpg-wrapper to workaround HOME variable issue + copy: + content: | + #!/bin/sh + export HOME="$SNAP_REAL_HOME" + exec $SNAP/usr/bin/gpg "$@" + dest: /home/equinox/gpg-wrapper-snap.sh + mode: 0755 + +- name: create apparmor abstraction for gnupg2 + copy: + content: | + # vim:syntax=apparmor + # gnupg2 sub-process running permissions + + abi <abi/4.0>, + + # user configurations + owner @{HOME}/.gnupg/* r, + owner @{HOME}/.gnupg/random_seed rk, + owner @{HOME}/.gnupg/tofu.db rwk, + owner /{,var/}run/user/[0-9]*/gnupg/* rw, + + # Include additions to the abstraction + include if exists <abstractions/gnupg2.d> + dest: /etc/apparmor.d/abstractions/gnupg2 + notify: replace apparmor profile snap.thunderbird.thunderbird + +- name: patch thunderbird apparmor profile + lineinfile: + line: " #include <abstractions/gnupg2>" + state: present + insertafter: " #include <abstractions/openssl>" + path: /var/lib/snapd/apparmor/profiles/snap.thunderbird.thunderbird + notify: replace apparmor profile snap.thunderbird.thunderbird |