---
## workaround for: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/2009825
## also see: https://forum.snapcraft.io/t/thunderbird-snap-and-external-gnupg-for-smart-cards/39553/1

# manual config changes:
## go to: Edit -> Settings -> (scroll to the end) -> Config Editor...
##   mail.openpgp.allow_external_gnupg = true
##   mail.openpgp.alternative_gpg_path = /home/equinox/gpg-wrapper-snap.sh

- name: connect gpg-keys slot of thunderbird snap
  command: snap connect thunderbird:gpg-keys :gpg-keys
  changed_when: false

## TODOM make home-dir configurable or find location for wrapper that is usable for all users...
- name: generate gpg-wrapper to workaround HOME variable issue
  copy:
    content: |
      #!/bin/sh
      export HOME="$SNAP_REAL_HOME"
      exec $SNAP/usr/bin/gpg "$@"
    dest: /home/equinox/gpg-wrapper-snap.sh
    mode: 0755

- name: create apparmor abstraction for gnupg2
  copy:
    content: |
      # vim:syntax=apparmor
      # gnupg2 sub-process running permissions

        abi <abi/4.0>,

        # user configurations
        owner @{HOME}/.gnupg/* r,
        owner @{HOME}/.gnupg/random_seed rk,
        owner @{HOME}/.gnupg/tofu.db rwk,
        owner /{,var/}run/user/[0-9]*/gnupg/* rw,

        # Include additions to the abstraction
        include if exists <abstractions/gnupg2.d>
    dest: /etc/apparmor.d/abstractions/gnupg2
  notify: replace apparmor profile snap.thunderbird.thunderbird

- name: patch thunderbird apparmor profile
  lineinfile:
    line: "  #include <abstractions/gnupg2>"
    state: present
    insertafter: "  #include <abstractions/openssl>"
    path: /var/lib/snapd/apparmor/profiles/snap.thunderbird.thunderbird
  notify: replace apparmor profile snap.thunderbird.thunderbird