Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix .desktop icons for tails 3.3 #2620

Merged
merged 1 commit into from
Nov 27, 2017
Merged

Fix .desktop icons for tails 3.3 #2620

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 27 additions & 1 deletion install_files/ansible-base/roles/tails-config/files/securedrop_init.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
#!/usr/bin/python

import grp
import os
import pwd
import sys
import subprocess

Expand All @@ -13,6 +15,8 @@
path_torrc_additions = '/home/amnesia/Persistent/.securedrop/torrc_additions'
path_torrc_backup = '/etc/tor/torrc.bak'
path_torrc = '/etc/tor/torrc'
path_desktop = '/home/amnesia/Desktop/'
path_persistent_desktop = '/lib/live/mount/persistence/TailsData_unlocked/dotfiles/Desktop/'

# load torrc_additions
if os.path.isfile(path_torrc_additions):
Expand Down Expand Up @@ -48,7 +52,29 @@
'/org/gnome/nautilus/preferences/automatic-decompression',
'false'])

# notify the user
# Set journalist.desktop and source.desktop links as trusted with Nautilus (see
# https://github.com/freedomofpress/securedrop/issues/2586)
# set euid and env variables to amnesia user
amnesia_gid = grp.getgrnam('amnesia').gr_gid
amnesia_uid = pwd.getpwnam('amnesia').pw_uid
os.setresgid(amnesia_gid, amnesia_gid, -1)
os.setresuid(amnesia_uid, amnesia_uid, -1)
env = os.environ.copy()
env['XDG_RUNTIME_DIR'] = '/run/user/{}'.format(amnesia_uid)
env['XDG_DATA_DIR'] = '/usr/share/gnome:/usr/local/share/:/usr/share/'
env['HOME'] = '/home/amnesia'
env['LOGNAME'] = 'amnesia'
env['DBUS_SESSION_BUS_ADDRESS'] = 'unix:path=/run/user/{}/bus'.format(amnesia_uid)

# remove existing shortcut, recreate symlink and change metadata attribute to trust .desktop
for shortcut in ['source.desktop', 'journalist.desktop']:
subprocess.call(['rm', path_desktop + shortcut], env=env)
subprocess.call(['ln', '-s', path_persistent_desktop + shortcut, path_desktop + shortcut], env=env)
subprocess.call(['gio', 'set', path_desktop + shortcut, 'metadata::trusted', 'yes'], env=env)

# reacquire uid0 and notify the user
os.setresuid(0,0,-1)
os.setresgid(0,0,-1)
subprocess.call(['tails-notify-user',
'SecureDrop successfully auto-configured!',
'You can now access the Journalist Interface.\nIf you are an admin, you can now SSH to the servers.'])