From 0a150dc49993d41c8db182843387357aa571e8d7 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 13 Aug 2024 21:33:17 +0200
Subject: add hacky workaround for thunnderbird snap with external gpg...

---
 roles/ws/thunderbird-gpg-hack/handlers/main.yml |  3 ++
 roles/ws/thunderbird-gpg-hack/tasks/main.yml    | 49 +++++++++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 roles/ws/thunderbird-gpg-hack/handlers/main.yml
 create mode 100644 roles/ws/thunderbird-gpg-hack/tasks/main.yml

(limited to 'roles')

diff --git a/roles/ws/thunderbird-gpg-hack/handlers/main.yml b/roles/ws/thunderbird-gpg-hack/handlers/main.yml
new file mode 100644
index 00000000..d4967d21
--- /dev/null
+++ b/roles/ws/thunderbird-gpg-hack/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: replace apparmor profile snap.thunderbird.thunderbird
+  command: apparmor_parser -v -C -r /var/lib/snapd/apparmor/profiles/snap.thunderbird.thunderbird
diff --git a/roles/ws/thunderbird-gpg-hack/tasks/main.yml b/roles/ws/thunderbird-gpg-hack/tasks/main.yml
new file mode 100644
index 00000000..8a6037e8
--- /dev/null
+++ b/roles/ws/thunderbird-gpg-hack/tasks/main.yml
@@ -0,0 +1,49 @@
+---
+## workaround for: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/2009825
+## also see: https://forum.snapcraft.io/t/thunderbird-snap-and-external-gnupg-for-smart-cards/39553/1
+
+# manual config changes:
+## go to: Edit -> Settings -> (scroll to the end) -> Config Editor...
+##   mail.openpgp.allow_external_gnupg = true
+##   mail.openpgp.alternative_gpg_path = /home/equinox/gpg-wrapper-snap.sh
+
+- name: connect gpg-keys slot of thunderbird snap
+  command: snap connect thunderbird:gpg-keys :gpg-keys
+  changed_when: false
+
+## TODOM make home-dir configurable or find location for wrapper that is usable for all users...
+- name: generate gpg-wrapper to workaround HOME variable issue
+  copy:
+    content: |
+      #!/bin/sh
+      export HOME="$SNAP_REAL_HOME"
+      exec $SNAP/usr/bin/gpg "$@"
+    dest: /home/equinox/gpg-wrapper-snap.sh
+    mode: 0755
+
+- name: create apparmor abstraction for gnupg2
+  copy:
+    content: |
+      # vim:syntax=apparmor
+      # gnupg2 sub-process running permissions
+
+        abi <abi/4.0>,
+
+        # user configurations
+        owner @{HOME}/.gnupg/* r,
+        owner @{HOME}/.gnupg/random_seed rk,
+        owner @{HOME}/.gnupg/tofu.db rwk,
+        owner /{,var/}run/user/[0-9]*/gnupg/* rw,
+
+        # Include additions to the abstraction
+        include if exists <abstractions/gnupg2.d>
+    dest: /etc/apparmor.d/abstractions/gnupg2
+  notify: replace apparmor profile snap.thunderbird.thunderbird
+
+- name: patch thunderbird apparmor profile
+  lineinfile:
+    line: "  #include <abstractions/gnupg2>"
+    state: present
+    insertafter: "  #include <abstractions/openssl>"
+    path: /var/lib/snapd/apparmor/profiles/snap.thunderbird.thunderbird
+  notify: replace apparmor profile snap.thunderbird.thunderbird
-- 
cgit v1.2.3