blob: 8a6037e87264646cb619e526ee0587ccc325f19a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
---
## workaround for: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/2009825
## also see: https://forum.snapcraft.io/t/thunderbird-snap-and-external-gnupg-for-smart-cards/39553/1
# manual config changes:
## go to: Edit -> Settings -> (scroll to the end) -> Config Editor...
## mail.openpgp.allow_external_gnupg = true
## mail.openpgp.alternative_gpg_path = /home/equinox/gpg-wrapper-snap.sh
- name: connect gpg-keys slot of thunderbird snap
command: snap connect thunderbird:gpg-keys :gpg-keys
changed_when: false
## TODOM make home-dir configurable or find location for wrapper that is usable for all users...
- name: generate gpg-wrapper to workaround HOME variable issue
copy:
content: |
#!/bin/sh
export HOME="$SNAP_REAL_HOME"
exec $SNAP/usr/bin/gpg "$@"
dest: /home/equinox/gpg-wrapper-snap.sh
mode: 0755
- name: create apparmor abstraction for gnupg2
copy:
content: |
# vim:syntax=apparmor
# gnupg2 sub-process running permissions
abi <abi/4.0>,
# user configurations
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
owner @{HOME}/.gnupg/tofu.db rwk,
owner /{,var/}run/user/[0-9]*/gnupg/* rw,
# Include additions to the abstraction
include if exists <abstractions/gnupg2.d>
dest: /etc/apparmor.d/abstractions/gnupg2
notify: replace apparmor profile snap.thunderbird.thunderbird
- name: patch thunderbird apparmor profile
lineinfile:
line: " #include <abstractions/gnupg2>"
state: present
insertafter: " #include <abstractions/openssl>"
path: /var/lib/snapd/apparmor/profiles/snap.thunderbird.thunderbird
notify: replace apparmor profile snap.thunderbird.thunderbird
|
