Merge pull request #6712 from freedomofpress/gnome-shell-extension

Add a GNOME Shell Extension in Tails

.gitignore

@@ -94,8 +94,8 @@ coverage.xml
 .hypothesis/
 .mypy_cache/
 
-# Translations
-*.mo
+# Translations compiled during packaging:
+securedrop/translations/**/*.mo
 
 # Flask stuff:
 instance/

install_files/ansible-base/roles/tails-config/defaults/main.yml

@@ -24,6 +24,10 @@ tails_config_desktop_icon_directories:
   - "{{ tails_config_amnesia_home }}/.local/share/applications"
   - "{{ tails_config_live_dotfiles }}/.local/share/applications"
 
+# Destination directories for storing the SecureDrop GNOME Shell extension
+tails_config_extension_directories:
+  - "{{ tails_config_live_dotfiles }}/.local/share/gnome-shell/extensions/[email protected]/"
+
 # Path for storing site-specific ATHS info for connecting to Journalist Interface.
 tails_config_torrc_additions: "{{ tails_config_securedrop_dotfiles }}/torrc_additions"
 

install_files/ansible-base/roles/tails-config/files/securedrop@securedrop.freedom.press/metadata.json

@@ -0,0 +1,12 @@
+{
+  "name": "SecureDrop",
+  "description": "SecureDrop Utility Menu",
+  "uuid": "[email protected]",
+  "shell-version": [
+    "3.38",
+    "40",
+    "41",
+    "42",
+    "43"
+  ]
+}

install_files/ansible-base/roles/tails-config/files/securedrop@securedrop.freedom.press/stylesheet.css

@@ -0,0 +1 @@
+/* Add your custom extension styling here */

install_files/ansible-base/roles/tails-config/files/securedrop_init.py

@@ -128,6 +128,9 @@
 if is_tails:
     subprocess.call(["gnome-shell-extension-tool", "-r", "desktop-icons@csoriano"], env=env)
 
+# enable the GNOME Shell Extension
+subprocess.call(["gnome-extensions", "enable", "[email protected]"], env=env)
+
 # reacquire uid0 and notify the user
 os.setresuid(0, 0, -1)
 os.setresgid(0, 0, -1)

install_files/ansible-base/roles/tails-config/tasks/install_shell_extension.yml

@@ -0,0 +1,123 @@
+---
+- name: Check for v3 Source Interface file
+  stat:
+    path: app-sourcev3-ths
+  register: v3_source_file
+
+- name: Check for v3 Journalist Interface file
+  stat:
+    path: app-journalist.auth_private
+  register: v3_journalist_file
+
+- name: Check for site specific file
+  stat:
+    path: group_vars/all/site-specific
+  register: site_specific_file
+
+- name: Look up v3 Source Interface URL.
+  command: grep -Po '.{56}\.onion' app-sourcev3-ths
+  changed_when: false
+  register: sourcev3_interface_lookup_result
+  when: v3_source_file.stat.exists == true
+
+- name: Look up v3 Journalist Interface URL.
+  command: awk -F ':' '{print $1 ".onion"}' app-journalist.auth_private
+  changed_when: false
+  register: journalistv3_interface_lookup_result
+  when: v3_source_file.stat.exists == true
+
+- name: Look up app server hostname
+  command: "awk -v FS='app_hostname: ' 'NF>1{print $2}' group_vars/all/site-specific"
+  changed_when: false
+  register: app_server_lookup_result
+  when: site_specific_file.stat.exists == true
+
+- name: Look up mon server hostname
+  command: "awk -v FS='monitor_hostname: ' 'NF>1{print $2}' /home/amnesia/Persistent/securedrop/install_files/ansible-base/group_vars/all/site-specific"
+  changed_when: false
+  register: mon_server_lookup_result
+  when: site_specific_file.stat.exists == true
+
+- name: Create the SecureDrop GNOME Shell Extension directories
+  file:
+    state: directory
+    path: "{{ item }}"
+  with_items: "{{ tails_config_extension_directories }}"
+
+- name: Set normal user ownership on subset of directories.
+  become: yes
+  file:
+    state: directory
+    path: "{{ item }}"
+    owner: amnesia
+    group: amnesia
+  # Only set normal user ownership for files in ~amnesia.
+  when: item.startswith(tails_config_amnesia_home)
+  with_items: "{{ tails_config_extension_directories }}"
+
+- name: Copy the extension metadata to the extension directory in Persistent Storage
+  become: yes
+  copy:
+    src: [email protected]/metadata.json
+    dest: "{{ tails_config_live_dotfiles }}/.local/share/gnome-shell/extensions/[email protected]/"
+    owner: amnesia
+    group: amnesia
+
+- name: Copy the extension CSS to the extension directory in Persistent Storage
+  become: yes
+  copy:
+    src: [email protected]/stylesheet.css
+    dest: "{{ tails_config_live_dotfiles }}/.local/share/gnome-shell/extensions/[email protected]/"
+    owner: amnesia
+    group: amnesia
+
+- name: Copy the symbolic icon used for the shell extension in Persistent Storage
+  become: yes
+  copy:
+    src: securedrop-symbolic.png
+    dest: "{{ tails_config_live_dotfiles }}/.local/share/gnome-shell/extensions/[email protected]/icons/"
+    owner: amnesia
+    group: amnesia
+
+- name: Set the right variable for source
+  set_fact:
+    source_iface: "{{ sourcev3_interface_lookup_result }}"
+
+- name: Set the right variable for journalist
+  set_fact:
+    journalist_iface: "{{ journalistv3_interface_lookup_result }}"
+
+- name: Set the right variable for app server hostname
+  set_fact:
+    app_hostname: "{{ app_server_lookup_result }}"
+
+- name: Set the right variable for app server hostname
+  set_fact:
+    mon_hostname: "{{ mon_server_lookup_result }}"
+
+- name: Assemble interface information for extension
+  set_fact:
+    _securedrop_extension_info:
+      - src: extension.js.in
+        filename: extension.js
+        source_interface_address: "{{ source_iface.stdout }}"
+        journalist_interface_address: "{{ journalist_iface.stdout }}"
+        app_hostname: "{{ app_hostname.stdout }}"
+        mon_hostname: "{{ mon_hostname.stdout }}"
+
+- name: Create SecureDrop extension
+  become: yes
+  template:
+    src: "{{ item.0.src }}"
+    dest: "{{ item.1 }}/{{ item.0.filename }}"
+    owner: amnesia
+    group: amnesia
+    mode: "0700"
+  with_nested:
+    - "{{ _securedrop_extension_info }}"
+    - "{{ tails_config_extension_directories }}"
+
+- name: Add extension translations in Persistent Storage
+  synchronize:
+    src: roles/tails-config/templates/locale/
+    dest: "{{ tails_config_live_dotfiles }}/.local/share/gnome-shell/extensions/[email protected]/locale/"

install_files/ansible-base/roles/tails-config/tasks/main.yml

@@ -8,6 +8,8 @@
 
 - include: create_desktop_shortcuts.yml
 
+- include: install_shell_extension.yml
+
 - include: configure_network_hook.yml
 
 - name: Check that we are on an admin workstation

install_files/ansible-base/roles/tails-config/templates/ar.po

@@ -19,6 +19,27 @@ msgstr ""
 "&& n%100<=10 ? 3 : n%100>=11 ? 4 : 5;\n"
 "X-Generator: Weblate 2.20\n"
 
+msgid "Launch Source Interface"
+msgstr ""
+
+msgid "Launch Journalist Interface"
+msgstr ""
+
+msgid "Check for SecureDrop Updates"
+msgstr ""
+
+msgid "SSH into the App Server"
+msgstr ""
+
+msgid "SSH into the Monitor Server"
+msgstr ""
+
+msgid "Open KeePassXC Password Vault"
+msgstr ""
+
+msgid "Open File Browser"
+msgstr ""
+
 #: desktop-journalist-icon.j2.in:10
 msgid "SecureDrop Journalist Interface"
 msgstr "واجهة SecureDrop للصحفيين"

install_files/ansible-base/roles/tails-config/templates/ca.po

@@ -18,6 +18,27 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
 "X-Generator: Weblate 3.4\n"
 
+msgid "Launch Source Interface"
+msgstr ""
+
+msgid "Launch Journalist Interface"
+msgstr ""
+
+msgid "Check for SecureDrop Updates"
+msgstr ""
+
+msgid "SSH into the App Server"
+msgstr ""
+
+msgid "SSH into the Monitor Server"
+msgstr ""
+
+msgid "Open KeePassXC Password Vault"
+msgstr ""
+
+msgid "Open File Browser"
+msgstr ""
+
 #: desktop-journalist-icon.j2.in:10
 msgid "SecureDrop Journalist Interface"
 msgstr "Interfície de periodista del SecureDrop"

install_files/ansible-base/roles/tails-config/templates/cs.po

@@ -18,6 +18,27 @@ msgstr ""
 "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
 "X-Generator: Weblate 3.7.1\n"
 
+msgid "Launch Source Interface"
+msgstr ""
+
+msgid "Launch Journalist Interface"
+msgstr ""
+
+msgid "Check for SecureDrop Updates"
+msgstr ""
+
+msgid "SSH into the App Server"
+msgstr ""
+
+msgid "SSH into the Monitor Server"
+msgstr ""
+
+msgid "Open KeePassXC Password Vault"
+msgstr ""
+
+msgid "Open File Browser"
+msgstr ""
+
 #: desktop-journalist-icon.j2.in:10
 msgid "SecureDrop Journalist Interface"
 msgstr "SecureDrop rozhraní novináře"

install_files/ansible-base/roles/tails-config/templates/de_DE.po

@@ -18,6 +18,27 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
 "X-Generator: Weblate 2.17.1\n"
 
+msgid "Launch Source Interface"
+msgstr ""
+
+msgid "Launch Journalist Interface"
+msgstr ""
+
+msgid "Check for SecureDrop Updates"
+msgstr ""
+
+msgid "SSH into the App Server"
+msgstr ""
+
+msgid "SSH into the Monitor Server"
+msgstr ""
+
+msgid "Open KeePassXC Password Vault"
+msgstr ""
+
+msgid "Open File Browser"
+msgstr ""
+
 #: desktop-journalist-icon.j2.in:10
 msgid "SecureDrop Journalist Interface"
 msgstr "Journalistenschnittstelle für SecureDrop"

install_files/ansible-base/roles/tails-config/templates/desktop.pot

@@ -13,9 +13,30 @@ msgstr ""
 "Language-Team: LANGUAGE <[email protected]>\n"
 "Language: \n"
 "MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
+msgid "Launch Source Interface"
+msgstr ""
+
+msgid "Launch Journalist Interface"
+msgstr ""
+
+msgid "Check for SecureDrop Updates"
+msgstr ""
+
+msgid "SSH into the App Server"
+msgstr ""
+
+msgid "SSH into the Monitor Server"
+msgstr ""
+
+msgid "Open KeePassXC Password Vault"
+msgstr ""
+
+msgid "Open File Browser"
+msgstr ""
+
 #: desktop-journalist-icon.j2.in:10
 msgid "SecureDrop Journalist Interface"
 msgstr ""

install_files/ansible-base/roles/tails-config/templates/el.po

@@ -18,6 +18,27 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
 "X-Generator: Weblate 2.20\n"
 
+msgid "Launch Source Interface"
+msgstr ""
+
+msgid "Launch Journalist Interface"
+msgstr ""
+
+msgid "Check for SecureDrop Updates"
+msgstr ""
+
+msgid "SSH into the App Server"
+msgstr ""
+
+msgid "SSH into the Monitor Server"
+msgstr ""
+
+msgid "Open KeePassXC Password Vault"
+msgstr ""
+
+msgid "Open File Browser"
+msgstr ""
+
 #: desktop-journalist-icon.j2.in:10
 msgid "SecureDrop Journalist Interface"
 msgstr "Διεπαφή δημοσιογράφου του SecureDrop"

install_files/ansible-base/roles/tails-config/templates/es_ES.po

@@ -18,6 +18,27 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
 "X-Generator: Weblate 2.20\n"
 
+msgid "Launch Source Interface"
+msgstr ""
+
+msgid "Launch Journalist Interface"
+msgstr ""
+
+msgid "Check for SecureDrop Updates"
+msgstr ""
+
+msgid "SSH into the App Server"
+msgstr ""
+
+msgid "SSH into the Monitor Server"
+msgstr ""
+
+msgid "Open KeePassXC Password Vault"
+msgstr ""
+
+msgid "Open File Browser"
+msgstr ""
+
 #: desktop-journalist-icon.j2.in:10
 msgid "SecureDrop Journalist Interface"
 msgstr "Interfaz de periodista de SecureDrop"