Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix .desktop icons for tails 3.3 #2620

Merged
merged 1 commit into from
Nov 27, 2017
Merged

Fix .desktop icons for tails 3.3 #2620

merged 1 commit into from
Nov 27, 2017

Conversation

emkll
Copy link
Contributor

@emkll emkll commented Nov 27, 2017

Status

Ready for review

Description of Changes

Fixes #2586.

Changes proposed in this pull request:

source.desktop and journalist.desktop are now trusted once tor finishes bootstrapping and securedrop_init.py is called by Network manager.

Workaround for issues with Nautilus per @kushaldas comments in #2586.

Testing

Needs to be tested on both new install and existing installs (upgrades)

git checkout $branch
./securedrop-admin tailsconfig
  • .desktop icons should now have SecureDrop logo and should not require manually making them trusted.
  • This should persist across reboots

@emkll emkll force-pushed the tails_3.3_desktop_icons branch from 8e1a5f6 to 7c457c7 Compare November 27, 2017 17:59
@redshiftzero redshiftzero self-assigned this Nov 27, 2017
redshiftzero
redshiftzero suggested changes Nov 27, 2017
View reviewed changes
Copy link
Contributor

@redshiftzero redshiftzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works like a charm! 🎉 Couple of minor comments inline for maintainability.

install_files/ansible-base/roles/tails-config/files/securedrop_init.py Outdated
# Set journalist.desktop and source.desktop links as trusted with Nautilus (see
# https://github.com/freedomofpress/securedrop/issues/2586)
# set euid and env variables to amnesia user
os.setresgid(1000, 1000, -1)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In order to avoid magic numbers, can we do something like:

import pwd, grp

amnesia_gid = grp.getgrnam("amnesia").gr_gid
os.setresgid(amnesia_gid, amnesia_gid, -1)
amensia_uid = pwd.getpwnam("amnesia").pw_uid
os.setresuid(amensia_uid, amensia_uid, -1)

install_files/ansible-base/roles/tails-config/files/securedrop_init.py Outdated

# remove existing shortcut, recreate symlink and change metadata attribute to trust .desktop
for shortcut in ['source.desktop', 'journalist.desktop']:
subprocess.call(['rm', str(path_desktop + shortcut)], env=env)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the str() necessary here? Seems like path_desktop and shortcut are both strings and concatenating them will also produce a string

(This comment applies to the next two lines)

install_files/ansible-base/roles/tails-config/files/securedrop_init.py Outdated
os.setresgid(1000, 1000, -1)
os.setresuid(1000, 1000, -1)
env = os.environ.copy()
env['XDG_RUNTIME_DIR'] = '/run/user/1000'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And then we can use .format to demonstrate where the 1000 is coming from:

'/run/user/{}'.format(blah)

install_files/ansible-base/roles/tails-config/files/securedrop_init.py Outdated
env['XDG_DATA_DIR'] = '/usr/share/gnome:/usr/local/share/:/usr/share/'
env['HOME'] = '/home/amnesia'
env['LOGNAME'] = 'amnesia'
env['DBUS_SESSION_BUS_ADDRESS'] = 'unix:path=/run/user/1000/bus'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here

@emkll emkll force-pushed the tails_3.3_desktop_icons branch from 7c457c7 to 23f902a Compare November 27, 2017 20:58
@emkll
Modified init_securedrop.py script to change metadata on source and…
3db1dca 
… journalist interface .desktop shortcuts, `source.desktop` and `journalist.desktop`.
@emkll emkll force-pushed the tails_3.3_desktop_icons branch from 23f902a to 3db1dca Compare November 27, 2017 21:00
@emkll
Copy link
Contributor Author

emkll commented Nov 27, 2017

Thanks for the comments, @redshiftzero. They should now be addressed.

redshiftzero
redshiftzero approved these changes Nov 27, 2017
View reviewed changes
Copy link
Contributor

@redshiftzero redshiftzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look great - merging for inclusion in SecureDrop 0.5.

@redshiftzero
Copy link
Contributor

Staging failure:

    fatal: [app-staging]: FAILED! => {"failed": true, "msg": "The conditional check 'hostvars[groups.securedrop_monitor_server.0].ossec_agent_already_registered == false and iptables_rules_check_result.stat.exists == true' failed. The error was: error while evaluating conditional (hostvars[groups.securedrop_monitor_server.0].ossec_agent_already_registered == false and iptables_rules_check_result.stat.exists == true): 'dict object' has no attribute 'ossec_agent_already_registered'\n\nThe error appears to have been in '/root/sd/install_files/ansible-base/roles/ossec-agent/tasks/agent_config.yml': line 17, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Add firewall exemption for OSSEC agent registration.\n  ^ here\n"}

Restarting..

@redshiftzero redshiftzero removed their assignment Nov 27, 2017
@b-meson
Copy link
Contributor

b-meson commented Nov 27, 2017

Worked for me, thanks @emkll !

@emkll
Copy link
Contributor Author

emkll commented Nov 27, 2017
edited
Loading

Gitter chat just make me think about this: We will have to instruct admins to checkout/verify 0.5 and run securedrop-admin tailsconfig on all journalist/admin workstations, likely required for #2591 as well (when they update to Tails 3.3).

@conorsch
Copy link
Contributor

CI is passing. We've noted that we'll need to include instructions for rerun tails scripts during the release announcement. Merging.

@conorsch conorsch merged commit 3a6c652 into develop Nov 27, 2017
@redshiftzero redshiftzero mentioned this pull request Feb 15, 2018
Closed
@msheiny msheiny deleted the tails_3.3_desktop_icons branch April 10, 2018 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@redshiftzero redshiftzero redshiftzero approved these changes

@kushaldas kushaldas Awaiting requested review from kushaldas

@conorsch conorsch Awaiting requested review from conorsch

@msheiny msheiny Awaiting requested review from msheiny

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@emkll @redshiftzero @b-meson @conorsch