From 7d6c3b8d3d91d67534598e2df543c6b8b82910e8 Mon Sep 17 00:00:00 2001 From: Kunal Mehta Date: Tue, 12 Dec 2023 18:49:08 -0500 Subject: [PATCH] Add and refactor Debianization This copies in all the packaging files from securedrop-builder plus the keyring and workstation-config components and refactors them to use a single source package for the build, like securedrop server. Building all workstation Debian packages now has one entrypoint, `./scripts/build-debs.sh` (a make target could be added in the future); all packages use the same version. As part of the migration, dh-virtualenv was replaced with `./debian/setup-venv.sh` that invokes virtualenv and sed directly to implement the same functionality. Package building is now done by GitHub Actions in a singular job, having this build and push nightlies will be done in a future commit. --- .circleci/config.yml | 201 +----------- .github/workflows/build.yml | 62 ++++ debian/changelog | 187 +++++++++++ debian/control | 53 ++++ debian/copyright | 7 + debian/rules | 25 ++ debian/securedrop-client.install | 7 + debian/securedrop-client.postinst | 44 +++ debian/securedrop-export.install | 3 + debian/securedrop-export.links | 1 + debian/securedrop-export.postinst | 51 +++ debian/securedrop-export.postrm | 40 +++ debian/securedrop-keyring.install | 1 + debian/securedrop-keyring.postinst | 39 +++ debian/securedrop-keyring.preinst | 34 ++ debian/securedrop-log.install | 4 + debian/securedrop-log.links | 3 + debian/securedrop-proxy.install | 1 + debian/securedrop-proxy.links | 1 + debian/securedrop-workstation-config.install | 6 + debian/securedrop-workstation-config.postinst | 49 +++ debian/setup-venv.sh | 20 ++ debian/source/format | 1 + debian/source/options | 4 + keyring/securedrop-keyring.gpg | Bin 0 -> 3540 bytes scripts/build-debs-real.sh | 28 ++ scripts/build-debs.sh | 42 +++ scripts/fixup-changelog.sh | 14 + workstation-config/mailcap.default | 7 + workstation-config/mimeapps.list.sd-app | 297 +++++++++++++++++ .../mimeapps.list.sd-devices-dvm | 298 ++++++++++++++++++ workstation-config/mimeapps.list.sd-viewer | 32 ++ workstation-config/open-in-dvm.desktop | 10 + workstation-config/paxctld.conf | 117 +++++++ 34 files changed, 1489 insertions(+), 200 deletions(-) create mode 100644 .github/workflows/build.yml create mode 100644 debian/changelog create mode 100644 debian/control create mode 100644 debian/copyright create mode 100755 debian/rules create mode 100644 debian/securedrop-client.install create mode 100644 debian/securedrop-client.postinst create mode 100644 debian/securedrop-export.install create mode 100644 debian/securedrop-export.links create mode 100644 debian/securedrop-export.postinst create mode 100644 debian/securedrop-export.postrm create mode 100644 debian/securedrop-keyring.install create mode 100644 debian/securedrop-keyring.postinst create mode 100644 debian/securedrop-keyring.preinst create mode 100644 debian/securedrop-log.install create mode 100644 debian/securedrop-log.links create mode 100644 debian/securedrop-proxy.install create mode 100644 debian/securedrop-proxy.links create mode 100644 debian/securedrop-workstation-config.install create mode 100644 debian/securedrop-workstation-config.postinst create mode 100644 debian/setup-venv.sh create mode 100644 debian/source/format create mode 100644 debian/source/options create mode 100644 keyring/securedrop-keyring.gpg create mode 100755 scripts/build-debs-real.sh create mode 100755 scripts/build-debs.sh create mode 100755 scripts/fixup-changelog.sh create mode 100644 workstation-config/mailcap.default create mode 100644 workstation-config/mimeapps.list.sd-app create mode 100644 workstation-config/mimeapps.list.sd-devices-dvm create mode 100644 workstation-config/mimeapps.list.sd-viewer create mode 100644 workstation-config/open-in-dvm.desktop create mode 100644 workstation-config/paxctld.conf diff --git a/.circleci/config.yml b/.circleci/config.yml index b9f6468d46..9b4a28a690 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -37,13 +37,6 @@ common-steps: echo "en_US UTF-8" >> /etc/locale.gen locale-gen - - &client_install_build_dependencies - run: - name: Install build dependencies - command: | - set -e - apt update && apt install -y git make sudo - - &client_run_unit_tests run: name: Install requirements and run unit tests @@ -106,41 +99,6 @@ common-steps: set -e make -C client safety - - &client_install_packaging_dependencies - run: - name: Install Debian packaging dependencies and download Python wheels - command: | - set -x - mkdir ~/packaging && cd ~/packaging - # local builds may not have an ssh url, so || true - git config --global --unset url.ssh://git@github.com.insteadof || true - git clone https://github.com/freedomofpress/securedrop-builder.git - cd securedrop-builder - apt-get update && apt-get install -y sudo make - make install-deps - source .venv/bin/activate - PKG_DIR=~/project/client make requirements - - - &client_check_packaging_requirements - run: - name: Ensure that the same Python requirements are used for packaging and production. - command: | - cd ~/project/client - # Fail if unstaged changes exist that are not comments (after `make requirements` in the previous run step). - git diff --ignore-matching-lines=# --exit-code - - - &client_build_debian_package - run: - name: Build debian package - command: | - cd ~/project/client - ./update_version.sh 1000.0 # Dummy version number, doesn't matter what we put here - cd ~/packaging/securedrop-builder - export PKG_VERSION=1000.0 - export PKG_PATH=~/project/client - source .venv/bin/activate - make securedrop-client - - &export_install_poetry run: name: Install Poetry @@ -167,12 +125,6 @@ common-steps: cd export poetry install --no-ansi - - &export_install_build_dependencies - run: - name: Install build dependencies - command: | - apt update && apt install -y git make sudo - - &export_run_unit_tests run: name: Install requirements and run unit tests @@ -199,38 +151,6 @@ common-steps: command: | make -C export safety - - &export_install_packaging_dependencies - run: - name: Install Debian packaging dependencies and download Python wheels - command: | - set -x - mkdir ~/packaging && cd ~/packaging - # local builds may not have an ssh url, so || true - git config --global --unset url.ssh://git@github.com.insteadof || true - git clone https://github.com/freedomofpress/securedrop-builder.git - cd securedrop-builder - make install-deps - source .venv/bin/activate - PKG_DIR=~/project/export make requirements - - - &export_check_packaging_requirements - run: - name: Ensure that the same Python requirements are used for packaging and production. - command: | - cd ~/project/export - # Fail if unstaged changes exist (after `make requirements` in the previous run step). - git diff --ignore-matching-lines=# --exit-code - - - &export_build_debian_package - run: - name: Build debian package - command: | - cd ~/packaging/securedrop-builder - export PKG_VERSION=1000.0 - export PKG_PATH=~/project/export - source .venv/bin/activate - make securedrop-export - - &log_install_poetry run: name: Install Poetry @@ -263,37 +183,6 @@ common-steps: command: | make -C log check - - &log_install_packaging_dependencies - run: - name: Install Debian packaging dependencies and download wheels - command: | - apt-get update && apt-get install -y git git-lfs make sudo - mkdir ~/packaging && cd ~/packaging - git clone https://github.com/freedomofpress/securedrop-builder.git - cd securedrop-builder - make install-deps - source .venv/bin/activate - PKG_DIR=~/project/log make requirements - - - &log_verify_requirements - run: - name: Ensure that build-requirements.txt and requirements.txt are in sync. - command: | - cd ~/project/log - # Return 1 if unstaged changes exist (after `make requirements` in the - # previous run step), else return 0. - git diff --quiet - - - &log_build_debian_package - run: - name: Build debian package - command: | - cd ~/packaging/securedrop-builder - export PKG_VERSION=1000.0 - export PKG_PATH=~/project/log - source .venv/bin/activate - make securedrop-log - - &proxy_install_poetry run: name: Install Poetry @@ -320,13 +209,6 @@ common-steps: cd proxy poetry install --no-ansi - - &proxy_install_build_dependencies - run: - name: Install build dependencies - command: | - set -e - apt-get update && apt-get install --yes git make sudo - - &proxy_run_unit_tests run: name: Install requirements and run unit tests @@ -359,60 +241,15 @@ common-steps: poetry update safety make safety - - &proxy_install_packaging_dependencies - run: - name: Install Debian packaging dependencies and download Python wheels - command: | - set -x - mkdir ~/packaging && cd ~/packaging - # local builds may not have an ssh url, so || true - git config --global --unset url.ssh://git@github.com.insteadof || true - git clone https://github.com/freedomofpress/securedrop-builder.git - cd securedrop-builder - apt-get update && apt-get install -y sudo make - make install-deps - source .venv/bin/activate - PKG_DIR=~/project/proxy make requirements - - - &proxy_verify_requirements - run: - name: Ensure that build-requirements.txt and requirements.txt are in sync. - command: | - cd ~/project/proxy - # Return 1 if unstaged changes exist (after `make requirements` in the - # previous run step), else return 0. - git diff --quiet - - - &proxy_build_debian_package - run: - name: Build debian package - command: | - cd ~/packaging/securedrop-builder - export PKG_VERSION=1000.0 - export PKG_PATH=~/project/proxy - source .venv/bin/activate - make securedrop-proxy - - version: 2.1 jobs: - client_build: + client_unit-test: parameters: ¶meters image: type: string docker: &docker - image: debian:<< parameters.image >> - steps: - - *client_install_build_dependencies - - checkout - - *client_install_packaging_dependencies - - *client_check_packaging_requirements - - *client_build_debian_package - - client_unit-test: - parameters: *parameters - docker: *docker steps: - *client_install_poetry - checkout @@ -478,16 +315,6 @@ jobs: - *client_check_source_strings - *client_check_mo_repro - export_build: - parameters: *parameters - docker: *docker - steps: - - *export_install_build_dependencies - - checkout - - *export_install_packaging_dependencies - - *export_check_packaging_requirements - - *export_build_debian_package - export_unit-test: parameters: *parameters docker: *docker @@ -535,25 +362,6 @@ jobs: - *log_install_testing_dependencies - *log_run_tests - log_build-bullseye: - docker: - - image: debian:bullseye - steps: - - checkout - - *log_install_packaging_dependencies - - *log_verify_requirements - - *log_build_debian_package - - proxy_build: - parameters: *parameters - docker: *docker - steps: - - checkout - - *proxy_install_build_dependencies - - *proxy_install_packaging_dependencies - - *proxy_verify_requirements - - *proxy_build_debian_package - proxy_unit-test: parameters: *parameters docker: *docker @@ -614,8 +422,6 @@ workflows: matrix: *matrix - client_check-internationalization: matrix: *matrix - - client_build: - matrix: *matrix securedrop_export_ci: jobs: &export_jobs @@ -627,13 +433,10 @@ workflows: matrix: *matrix - export_check-python-security: matrix: *matrix - - export_build: - matrix: *matrix securedrop_log_ci: jobs: - log_test-bullseye - - log_build-bullseye securedrop_proxy_ci: jobs: &proxy_jobs @@ -645,8 +448,6 @@ workflows: matrix: *matrix - proxy_check-python-security: matrix: *matrix - - proxy_build: - matrix: *matrix client_nightly: triggers: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000000..7a13fb7ea7 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,62 @@ +name: Package builds +on: [push, pull_request] + +defaults: + run: + shell: bash + +jobs: + verify-builder-sync: + strategy: + matrix: + debian_version: + - bullseye + - bookworm + runs-on: ubuntu-latest + container: debian:${{ matrix.debian_version }} + steps: + - run: | + apt-get update && apt-get install --yes git git-lfs sudo make + - uses: actions/checkout@v4 + - uses: actions/checkout@v4 + with: + repository: "freedomofpress/securedrop-builder" + path: "securedrop-builder" + lfs: true + - name: Install dependencies + run: | + cd securedrop-builder + make install-deps + - name: Check differences + run: | + source ./securedrop-builder/.venv/bin/activate + PKG_DIR=../client make -C securedrop-builder requirements + PKG_DIR=../export make -C securedrop-builder requirements + PKG_DIR=../log make -C securedrop-builder requirements + PKG_DIR=../proxy make -C securedrop-builder requirements + git config --global --add safe.directory "$GITHUB_WORKSPACE" + git diff --ignore-matching-lines=# --exit-code + + + build-debs: + strategy: + matrix: + debian_version: + - bullseye + - bookworm + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/checkout@v4 + with: + repository: "freedomofpress/securedrop-builder" + path: "securedrop-builder" + lfs: true + - name: Build packages + run: | + DEBIAN_VERSION=${{ matrix.debian_version }} BUILDER=securedrop-builder ./scripts/build-debs.sh + - uses: actions/upload-artifact@v4 + with: + name: build-${{ matrix.debian_version }} + path: build + if-no-files-found: error diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000000..a68a1e883f --- /dev/null +++ b/debian/changelog @@ -0,0 +1,187 @@ +securedrop-client (0.9.0) unstable; urgency=medium + + * see changelog.md + + -- SecureDrop Team Thu, 16 Mar 2023 16:29:03 -0400 + +securedrop-client (0.8.1+bullseye) unstable; urgency=medium + + * See changelog.md + + -- SecureDrop Team Thu, 15 Sep 2022 08:37:55 +1000 + +securedrop-client (0.8.0+buster) unstable; urgency=medium + + * See changelog.md + + -- SecureDrop Team Wed, 06 Jul 2022 14:06:23 +1000 + +securedrop-client (0.7.0+buster) unstable; urgency=medium + + * See changelog.md + + -- SecureDrop Team Wed, 20 Apr 2022 10:41:31 -0400 + +securedrop-client (0.6.0+buster) unstable; urgency=medium + + * See changelog.md + + -- SecureDrop Team Tue, 15 Feb 2022 10:45:20 -0800 + +securedrop-client (0.5.1+buster) unstable; urgency=medium + + * See changelog.md + + -- SecureDrop Team Thu, 02 Dec 2021 16:41:49 -0800 + +securedrop-client (0.5.0+buster) unstable; urgency=medium + + * See changelog.md + + -- SecureDrop Team Wed, 01 Dec 2021 12:09:27 -0800 + +securedrop-client (0.4.1+buster) unstable; urgency=medium + + * See changelog.md + + -- SecureDrop Team Wed, 17 Mar 2021 11:20:12 -0700 + +securedrop-client (0.4.0+buster) unstable; urgency=medium + + * See changelog.md + + -- SecureDrop Team Thu, 10 Dec 2020 14:36:06 -0800 + +securedrop-client (0.3.0+buster) unstable; urgency=medium + + * See changelog.md + + -- SecureDrop Team Thu, 05 Nov 2020 11:40:46 -0500 + +securedrop-client (0.2.1+buster) unstable; urgency=medium + + * See changelog.md + + -- SecureDrop Team Thu, 16 Jul 2020 11:56:07 -0400 + +securedrop-client (0.2.0+buster) unstable; urgency=medium + + * See changelog.md + + -- SecureDrop Team Fri, 29 May 2020 17:19:31 -0400 + +securedrop-client (0.1.6+buster) unstable; urgency=medium + + * See changelog.md + + -- SecureDrop Team Tue, 31 Mar 2020 10:45:27 -0400 + +securedrop-client (0.1.5+buster) unstable; urgency=medium + + * See changelog.md + + -- SecureDrop Team Mon, 30 Mar 2020 14:11:21 -0400 + +securedrop-client (0.1.4+buster) unstable; urgency=medium + + * See changelog.md + + -- SecureDrop Team Thu, 26 Mar 2020 11:45:01 -0400 + +securedrop-client (0.1.3+buster) unstable; urgency=medium + + * See changelog.md + + -- mickael e. Wed, 18 Mar 2020 12:32:35 -0400 + +securedrop-client (0.1.2+buster) unstable; urgency=medium + + * See changelog.md + + -- redshiftzero Tue, 10 Mar 2020 13:12:54 -0400 + +securedrop-client (0.1.1+buster) unstable; urgency=medium + + * See changelog.md + + -- redshiftzero Tue, 03 Mar 2020 11:39:03 -0500 + +securedrop-client (0.1.0+buster) unstable; urgency=medium + + * See changelog.md + + -- redshiftzero Fri, 21 Feb 2020 13:34:42 -0500 + +securedrop-client (0.0.13+buster) unstable; urgency=medium + + * remove user refresh and replace with sync icon (#732) + * build-requirements: update for production beta (#730) + * No sync on ui operations (#721) + * Use SecureQLabel for message previews (#720) + * Show DD MMM format for source title (#719) + * Add new metadata queue. (#715) + * Improve performance of storage.get_remote_data (#709) + * app/queue: prioritize user-triggered state changes (#708) + * Fix HTML entities being escaped in speech bubbles. (#703) + * Activity indicator for file download / decryption. (#702) + * Rename VMs (#701) + + -- SecureDrop Team Fri, 17 Jan 2020 18:20:20 -0800 + +securedrop-client (0.0.12+buster) unstable; urgency=medium + + * Use revised VM names (securedrop-workstation #285) + * Delete sources using the general queue (#402) + * Add a preview snippet for sources (#135) + * Add a show/hide password feature on the login screen (#659) + * Disable sync icon during active sync (#388) + * Add keyboard shortcuts for sending replies (#606) + * Add hover states for UI elements (#591) + + -- SecureDrop Team Fri, 17 Jan 2020 18:20:20 -0800 + +securedrop-client (0.0.11+buster) unstable; urgency=medium + + * Add apparmor profile (#673) + * Add failure message for replies (#664) + * Move metadata sync to api queue (#640) + * Add print integration (#631) + * Populate source list immediately upon login (#626) + + -- SecureDrop Team Thu, 19 Dec 2019 12:20:20 -0500 + +securedrop-client (0.0.10+buster) unstable; urgency=medium + + * Add Python 3.7/buster support (#568, #609) + * Add export to USB support (#611, #547, #562, #563, #564) + * Retry failed replies (#530) + * Pause queue on auth errors, connection failures, and timeouts (#531) + * Add pending reply status, persist replies in the database (#578) + * Set realistic timeouts, scale file/message download timeouts using file size (#515, #567) + * Update qrexec keyword prefix characters (#537) + * Reply box no longer accepts rich text input (#580) + * Format reply box placeholder text (#597) + * Redesign FileWidget (#535) + * Style conversation header (#543) + * Login form submits if user presses Enter or Return (#615) + * Enable changeable log levels (#603) + * Remove borders around source list, send icon, and reply box (#505) + * Move star and date in source widget (#506) + * Polish source widget (#522) + * Polish offline UI (#586) + * Add branding image to left pane and polish styling (#520) + * Add empty conversation view (#510) + * Update fonts weights and colors (#502) + * Bugfix: handle missing files during export and open (#566) + * Bugfix: do not escape quotes in SecureQLabel (#516) + * Bugfix: skip round trip to user endpoint during logic (#605, #621, #623) + * Bugfix: fix bug of sources disappearing from source list (#620) + * Bugfix: fix db warnings upon source deletion (#581) + * Add more detailed developer documentation (#508) + * Add documentation for updating dependencies (#536) + * Ensure build/dev requirements files stay in sync (#602) + * Parallelize test suite (#569) + * Ignore third-party deprecation warnings (#576) + * Add bandit to check target (#548) + + -- redshiftzero Wed, 20 Nov 2019 09:20:22 -0500 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000000..95fb5003ee --- /dev/null +++ b/debian/control @@ -0,0 +1,53 @@ +Source: securedrop-client +Section: unknown +Priority: optional +Maintainer: SecureDrop Team +Build-Depends: debhelper-compat (= 11), python3-virtualenv +Standards-Version: 3.9.8 +Homepage: https://github.com/freedomofpress/securedrop-client +X-Python3-Version: >= 3.5 + +Package: securedrop-client +Architecture: all +Depends: ${python3:Depends},${misc:Depends}, python3-pyqt5, python3-pyqt5.qtsvg, apparmor-utils +Description: securedrop client for qubes workstation + +Package: securedrop-export +Architecture: all +Depends: ${python3:Depends}, ${misc:Depends}, cryptsetup, cups, printer-driver-brlaser, printer-driver-hpcups, system-config-printer, xpp, libcups2-dev, python3-dev, libtool-bin, unoconv, gnome-disk-utility +Description: Submission export scripts for SecureDrop Workstation + This package provides scripts used by the SecureDrop Qubes Workstation to + export submissions from the client to external storage, via the sd-export + Qube. + +Package: securedrop-keyring +Architecture: all +Depends: gnupg +Description: Provides an apt keyring for SecureDrop-related packages, so the master signing key used for SecureDrop packages can be updated via apt. + +Package: securedrop-log +Architecture: all +Depends: python3-distutils, ${misc:Depends}, ${python3:Depends} +Description: Python module and qrexec service to store logs for SecureDrop Workstation + This package provides Python module and qrexec service files to create a logging VM in + SecureDrop Workstation project in Qubes. + +Package: securedrop-proxy +Architecture: all +Depends: ${python3:Depends}, ${misc:Depends}, libyaml-0-2 +Description: This is securedrop Qubes proxy service + This package provides the network proxy on Qubes to talk to the SecureDrop server. + +Package: securedrop-workstation-config +Architecture: all +Depends: nautilus, gvfs-bin, securedrop-keyring +Description: This is the SecureDrop workstation template configuration package. + This package provides dependencies and configuration for the Qubes SecureDrop workstation VM Templates. + +Package: securedrop-workstation-viewer +Architecture: all +Depends: securedrop-workstation-config,securedrop-workstation-grsec,apparmor-profiles,apparmor-profiles-extra,apparmor-utils,audacious,eog,evince,file-roller,gedit,totem +Description: This is the SecureDrop workstation SecureDrop Viewer Disposable VM template configuration package. This package provides dependencies and configuration for the Qubes SecureDrop workstation sd-viewer Template VM. +Provides: securedrop-workstation-svs-disp +Conflicts: securedrop-workstation-svs-disp +Replaces: securedrop-workstation-svs-disp diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000000..bbdb6d9854 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,7 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: securedrop-client +Source: https://github.com/freedomofpress/securedrop-client + +Files: * +Copyright: 2020 Freedom of the Press Foundation +License: AGPL-3.0+ diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000000..88d2cead3b --- /dev/null +++ b/debian/rules @@ -0,0 +1,25 @@ +#!/usr/bin/make -f + +%: + dh $@ + +override_dh_auto_install: + bash ./debian/setup-venv.sh client + bash ./debian/setup-venv.sh export + bash ./debian/setup-venv.sh log + bash ./debian/setup-venv.sh proxy + dh_auto_install + +override_dh_strip_nondeterminism: + find ./debian/ -type f -name '*.pyc' -delete + find ./debian/ -type f -name 'pip-selfcheck.json' -delete + find ./debian/ -type f -name 'direct_url.json' -delete + find ./debian/ -type f -name 'RECORD' -delete + dh_strip_nondeterminism $@ + +# Override debhelper's auto-generated files in `/etc/` +# to force an exact replacement of the files we are modifying +# there (specifically, `/etc/apt/trusted.gpg.d/securedrop-keyring.gpg`). +override_dh_installdeb: + dh_installdeb + cat /dev/null > ${CURDIR}/debian/securedrop-keyring/DEBIAN/conffiles diff --git a/debian/securedrop-client.install b/debian/securedrop-client.install new file mode 100644 index 0000000000..93db676691 --- /dev/null +++ b/debian/securedrop-client.install @@ -0,0 +1,7 @@ +client/files/alembic.ini usr/share/securedrop-client/ +client/alembic usr/share/securedrop-client/ +client/files/sd-app-qubes-gpg-domain.sh etc/profile.d/ +client/files/securedrop-client usr/bin/ +client/files/securedrop-client.desktop usr/share/applications/ +client/files/press.freedom.SecureDropClient.desktop usr/share/applications/ +client/files/usr.bin.securedrop-client /etc/apparmor.d/ diff --git a/debian/securedrop-client.postinst b/debian/securedrop-client.postinst new file mode 100644 index 0000000000..f04f9bc892 --- /dev/null +++ b/debian/securedrop-client.postinst @@ -0,0 +1,44 @@ +#!/bin/sh +# postinst script for securedrop-client +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + + update-desktop-database /usr/share/applications + aa-enforce /usr/bin/securedrop-client + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + update-desktop-database /usr/share/applications + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/securedrop-export.install b/debian/securedrop-export.install new file mode 100644 index 0000000000..0d356bcf26 --- /dev/null +++ b/debian/securedrop-export.install @@ -0,0 +1,3 @@ +export/files/application-x-sd-export.xml usr/share/mime/packages +export/files/send-to-usb.desktop usr/share/applications +export/files/sd-logo.png usr/share/securedrop/icons diff --git a/debian/securedrop-export.links b/debian/securedrop-export.links new file mode 100644 index 0000000000..38aae3b7cb --- /dev/null +++ b/debian/securedrop-export.links @@ -0,0 +1 @@ +opt/venvs/securedrop-export/bin/send-to-usb usr/bin/send-to-usb diff --git a/debian/securedrop-export.postinst b/debian/securedrop-export.postinst new file mode 100644 index 0000000000..243a9a2d12 --- /dev/null +++ b/debian/securedrop-export.postinst @@ -0,0 +1,51 @@ +#!/bin/sh +# postinst script for securedrop-export +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +NOTIFICATION_SERVICE_PATH='/usr/share/dbus-1/services/org.freedesktop.mate.Notifications.service' + +case "$1" in + configure) + + update-desktop-database /usr/share/applications + update-mime-database /usr/share/mime + # Disable notifictions service, since the printer configuration + # is not required and will not persist + if [ -e ${NOTIFICATION_SERVICE_PATH} ]; then + mv "${NOTIFICATION_SERVICE_PATH}" "${NOTIFICATION_SERVICE_PATH}.disabled" + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + update-desktop-database /usr/share/applications + update-mime-database /usr/share/mime + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/securedrop-export.postrm b/debian/securedrop-export.postrm new file mode 100644 index 0000000000..0753737d16 --- /dev/null +++ b/debian/securedrop-export.postrm @@ -0,0 +1,40 @@ +#!/bin/sh +# postrm script for securedrop-export +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + update-desktop-database /usr/share/applications + update-mime-database /usr/share/mime + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/securedrop-keyring.install b/debian/securedrop-keyring.install new file mode 100644 index 0000000000..54915d7e78 --- /dev/null +++ b/debian/securedrop-keyring.install @@ -0,0 +1 @@ +keyring/securedrop-keyring.gpg etc/apt/trusted.gpg.d/ diff --git a/debian/securedrop-keyring.postinst b/debian/securedrop-keyring.postinst new file mode 100644 index 0000000000..94fc4dec4e --- /dev/null +++ b/debian/securedrop-keyring.postinst @@ -0,0 +1,39 @@ +#!/bin/sh +# postinst script for securedrop-keyring +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +case "$1" in + configure) + chown -R root:root /etc/apt/trusted.gpg.d/ + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/securedrop-keyring.preinst b/debian/securedrop-keyring.preinst new file mode 100644 index 0000000000..2e08480992 --- /dev/null +++ b/debian/securedrop-keyring.preinst @@ -0,0 +1,34 @@ +#!/bin/bash + +set -e + +# Solution adapted from DKG's work on `deb.torproject.org-keyring` and +# the securedrop core keyring package. +# +# The salt provisioning logic uses pkgrepo.managed, which writes the +# key to `/etc/apt/trusted.gpg`. It's cleaner to use the trusted.gpg.d +# subdirectory, since we can update that trivially in future versions +# of the keyring package. +# +# Therefore let's clean up prior versions of the key installed +# to the general apt keyring, to ensure we only have one signing key +# installed for authenticating securedrop-related packages. + +if [ -e /etc/apt/trusted.gpg ] && which gpg >/dev/null; then + ( + h="$(mktemp -d)" + trap "rm -rf '$h'" EXIT + + if gpg --homedir="$h" \ + --batch --no-tty --no-default-keyring --keyring /etc/apt/trusted.gpg \ + --list-key 0x2359E6538C0613E652955E6C188EDD3B7B22E6A3 > /dev/null 2>&1 ; then + gpg --homedir="$h" \ + --batch --no-tty --no-default-keyring --keyring /etc/apt/trusted.gpg \ + --no-auto-check-trustdb \ + --delete-key 0x2359E6538C0613E652955E6C188EDD3B7B22E6A3 || true + fi + ) +fi + +#DEBHELPER# + diff --git a/debian/securedrop-log.install b/debian/securedrop-log.install new file mode 100644 index 0000000000..79256901f1 --- /dev/null +++ b/debian/securedrop-log.install @@ -0,0 +1,4 @@ +log/securedrop.Log etc/qubes-rpc/ +log/sd-rsyslog usr/sbin/ +log/securedrop-log.service etc/systemd/system +log/sdlog.conf etc/rsyslog.d/ diff --git a/debian/securedrop-log.links b/debian/securedrop-log.links new file mode 100644 index 0000000000..e5480a6238 --- /dev/null +++ b/debian/securedrop-log.links @@ -0,0 +1,3 @@ +opt/venvs/securedrop-log/sbin/securedrop-log usr/sbin/securedrop-log +opt/venvs/securedrop-log/sbin/securedrop-log-saver usr/sbin/securedrop-log-saver +opt/venvs/securedrop-log/sbin/securedrop-redis-log usr/sbin/securedrop-redis-log diff --git a/debian/securedrop-proxy.install b/debian/securedrop-proxy.install new file mode 100644 index 0000000000..e598af1a1c --- /dev/null +++ b/debian/securedrop-proxy.install @@ -0,0 +1 @@ +proxy/qubes/securedrop.Proxy etc/qubes-rpc/ diff --git a/debian/securedrop-proxy.links b/debian/securedrop-proxy.links new file mode 100644 index 0000000000..abddf108f8 --- /dev/null +++ b/debian/securedrop-proxy.links @@ -0,0 +1 @@ +opt/venvs/securedrop-proxy/bin/sd-proxy usr/bin/sd-proxy diff --git a/debian/securedrop-workstation-config.install b/debian/securedrop-workstation-config.install new file mode 100644 index 0000000000..3c3bc7975d --- /dev/null +++ b/debian/securedrop-workstation-config.install @@ -0,0 +1,6 @@ +workstation-config/mailcap.default opt/sdw/ +workstation-config/mimeapps.list.sd-viewer opt/sdw/ +workstation-config/mimeapps.list.sd-app opt/sdw/ +workstation-config/mimeapps.list.sd-devices-dvm opt/sdw/ +workstation-config/open-in-dvm.desktop opt/sdw/ +workstation-config/paxctld.conf opt/sdw/ diff --git a/debian/securedrop-workstation-config.postinst b/debian/securedrop-workstation-config.postinst new file mode 100644 index 0000000000..2084a52ff0 --- /dev/null +++ b/debian/securedrop-workstation-config.postinst @@ -0,0 +1,49 @@ +#!/bin/sh +# postinst script for securedrop-workstation-config +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + # move pax flags and restart paxctld service + # copy and set default mimeapps handling + # except for whonix-based VMs + if [ ! -e "/etc/whonix_version" ]; then + cp /opt/sdw/paxctld.conf /etc/paxctld.conf + systemctl restart paxctld + cp /opt/sdw/open-in-dvm.desktop /usr/share/applications/ + cp /opt/sdw/mimeapps.list.sd-app /usr/share/applications/mimeapps.list + cp /opt/sdw/mimeapps.list.sd-app /opt/sdw/mimeapps.list.default + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/setup-venv.sh b/debian/setup-venv.sh new file mode 100644 index 0000000000..7b303de331 --- /dev/null +++ b/debian/setup-venv.sh @@ -0,0 +1,20 @@ +#!/bin/bash +set -euxo pipefail + +NAME=$1 +if [[ $NAME == "client" ]]; then + VENV_ARGS="--system-site-packages" +else + VENV_ARGS="" +fi +WHEELS_DIR="/builder/securedrop-${NAME}/wheels" +PIP_ARGS="--ignore-installed --no-index --find-links ${WHEELS_DIR} --no-deps --no-cache-dir --no-use-pep517" + +/usr/bin/python3 -m virtualenv $VENV_ARGS ./debian/securedrop-${NAME}/opt/venvs/securedrop-${NAME} +./debian/securedrop-${NAME}/opt/venvs/securedrop-${NAME}/bin/pip install $PIP_ARGS -r ${NAME}/build-requirements.txt +./debian/securedrop-${NAME}/opt/venvs/securedrop-${NAME}/bin/pip install $PIP_ARGS ./${NAME} + +# Adjust paths to reflect installed paths +find ./debian/securedrop-${NAME}/ -type f -exec sed -i "s#$(pwd)/debian/securedrop-${NAME}##" {} \; +# Cleanup wheels +rm -rf ./debian/securedrop-${NAME}/opt/venvs/securedrop-${NAME}/share/python-wheels diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000000..89ae9db8f8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/debian/source/options b/debian/source/options new file mode 100644 index 0000000000..5218c5aca7 --- /dev/null +++ b/debian/source/options @@ -0,0 +1,4 @@ +# speed is preferred over disk space +compression = "gzip" +# ignore the build/ directory, that contains our artifacts +tar-ignore = "build" diff --git a/keyring/securedrop-keyring.gpg b/keyring/securedrop-keyring.gpg new file mode 100644 index 0000000000000000000000000000000000000000..51b1fd78832ef0f7234446debb9b35c479e05219 GIT binary patch literal 3540 zcmbuAXEYlM|Hl&~E}^)pBKF>+M!D3eqDstAvv#Dah@grZwbhKRXtb!^nvD>OTD|tF zJzJ|)B7$r7xzBz6&w1{f|2fY&&+p~$d(QXO=X^hTRE#uEdG0kpW@Ati6y7nL2z%Fi?+e!D>jP`@?+B2k~V^T{p zEoR#5TeEe6+UuZsc223h2R)(i7j_JCqPP6M#okC55PiRmBYS@ex@{+|i`}XHTrL>D z>7o-m2(b^Gc(gJUR%lS`smM$9raz3xujsBMMjEkyU`W|=Nb^c4gklHBvaOe+;;swc z58wM{`kL)RvW_4b!@BI1Mw?yORMDSoc?PvCw&U7a=!*WymFTvpL00~$jiFk3CtKZr z?X`u7p35U$zF4R#yGdBlxIvlB_ZaPmdp9uBm`CmFn>c+@LG~|t2V9ItTH?BJx03rG z@g%#O%x}e?@V7B&t>5>YpZ^&N&!~G__H|M)k(VIDCGIddymKz7e;xNnLPnA zdVqhzl57HORHtAkEYKRcqQe(zmG}Bz3h6yT^)@|b7c|0S%rNTkvg$`AiBIfxgL~|yX4Fo@>B`>tYC)V;<0!nlD+?BDLz8ENzxZi zV?fWAv-)Dz>~7!>(s+@f!jJjiV2vYoSIg$;qHPUj=CA|+3lIRTWdHzBXcQ3e*EJd- zkgfq3qz=Xh&1a5$gmm^p@*zA>-X7j4K0{;>-%Y>2a<@NoY0STJX-{O3w7i`BbuD)c z66xmSC4jh^lo21EgY) zxW-Q-XtRMx0<&(IXE{8ArYx$32y7ICs9eHS+(2|R^cl(kdOGHR|G6xgep-9V$yI)p~QKsMEoXE zx2+|f(5@qSu1pqEQwLqrGd_~7ylpQrb;DynXWt3BOp%utEZNT<6|ZJ7Z0~)I^hqAq z2cL|*MF>IU?f(!;JI_2*w}KzvpKp}?Nb*64^$eUy!6WTuD?q+lS`oND^l*e1hl9A# z_iAdxr0@cYDz>4Oa?@05TaKC^!gQmSC+I0gqnt)-<71H8bkfmbMB(>IFGuSNh|ejo zIF5~W#{oa>nwt1dY_HpRt-*e(#8=rUrr3B@kn6_s5{|PR zTu%RYyw*0Dem-hKc#UuzCRK#sdrRZrXyh$iVBz&v>k4igft*xxLILC-3-0k+H&Ag$ zv-<&h?kdSTH(q*k7F9ow>QfqIj(9qM`xphoEkBO6HJBiHFBaVj5iwbFSDWN=V{tfT z`>u6ST-G}V_Em4lWu%@5X55YMyWFCL2z^+2#76W<^oP=kjgl@2w*GCMb2#6@NVEQ< zuv$mGXhp+rKPl2N%zxx4qxspL8Spn`U6yg(HyV8-oBiQYV5>%V>42YUtvc#nr1tKE zzK8sD$-8oSX7o6wKg8KgUexHoO@W5m8+h{L0k=*ko4qP%LAK`HwpN#g5Zyf=r9_aG zzWWzrh4Z^uH~)7cYW;y{oBckVMS)229JY5VQ@<*_)3&6(SwwP859%X-nBx&cmnwVT4E@Us9bx%$rG%0v zOh&avp#}!!brfTLTpOrh%YyKAT)BGr)K2ACWmIr>B(1A4a7yIsYhP#HgZoFwljtXe zz=F`STn2ZF{)Yh#W}(=Zu%S!Xgnojpq9L(J)kEU@c5}JYzJYKIKhai!^LB!>Il;dP z@ajyo-xXaG0_|8_LKo%<~ZCcEz9V(g~|enB1K-H=KTdxL>$$byGt9 zPrRuATt@)mKh~_=k%9*Uo`|dvr%Y$X#)>p3j>x1v)^Ro{56nanMIH$-A$oKz4C||<_@;W0P>WAH*jQc`{yzN%x=uhvCa}+|aQaX2j z>>@OIE7;x92la>qQ%Jr!z0G;-#Ixxqhq`Txv=xFoWvw*jk*}G;3!CggnyT%?uHQpM zQB9Ubk;BIgr}24P$XDM?J$ye-7AV!cm!6!Hah6P!gWkiN|IvZ~&+>@5TnY=6B|h)@ z%bE#PH))`M+DwFsli~ljRwQ5DKdlu<^Y>W^S7rKX_SJl1^NaJQ4JQarw-h=h*KKmP z$Yh!m?h>Cc;=N)OS}>RIG#Yv_Y-&4YUCWEK88BRAR)e5_3?bRI=O;`}1@Z(!c`a*H z28I+FSR^*4M`T13j2wDXeS)nQ#Y`P@_>C-JbAuluW8kB0ilM558uh>wQYIA+O5)TB zRmeep!*4SIableKTL^FjWJyI422;=sW2hTF@;oPyYxjDpCjv3&- zG^3onw6wh0y%{AeT$KP0IKB@_T|JsxQu(C2J^Q%*mpv_L(Cn|9ys{kuJY61lBEIcV zs8Fzzw>5RHre&5aFxQ40(526M5vot9Zng|-6$7uc3$3Kh@ZROt$c_TUtPJ(cxE4d_^EXKg zSOT^a@vNgV$@FoHiB}f-Rf%R9Xib)6O>jp8fn-QH0Zn(CQOeMxG&}8kY&v(VpJk!9_r{BVkfae|R`w_i=U3_a&8f za#}NMgw{+AdJRc@4va*0HDeufS*|k*k0C=B?N7d`KA%(oH+a)5nX4a`lY{so&{qlA-{gU9(1eKxdMRvb1c|TMR#Y zTW-_km?+h&J6(`o!}DO<@NrJrTA90T`5q&u{93_a^ /dev/null 2>&1; then + OCI_BIN="podman" + # Make sure host UID/GID are mapped into container, + # see podman-run(1) manual. + OCI_RUN_ARGUMENTS="${OCI_RUN_ARGUMENTS} --userns=keep-id" +else + OCI_BIN="docker" +fi +# Pass -it if we're a tty +if test -t 0; then + OCI_RUN_ARGUMENTS="${OCI_RUN_ARGUMENTS} -it" +fi + +# Look for the builder repo with our local wheels +export BUILDER=$(realpath "${BUILDER:-../securedrop-builder}") +if [[ ! -d $BUILDER ]]; then + echo "Cannot find securedrop-builder repository, please check it out \ +to ${BUILDER} or set the BUILDER variable" + exit 1 +fi + +export DEBIAN_VERSION="${DEBIAN_VERSION:-bullseye}" +export OCI_RUN_ARGUMENTS +export OCI_BIN + +$OCI_BIN pull debian:${DEBIAN_VERSION} + +$OCI_BIN run --rm $OCI_RUN_ARGUMENTS \ + -v "${BUILDER}:/builder:Z" \ + --entrypoint "/src/scripts/build-debs-real.sh" \ + debian:${DEBIAN_VERSION} diff --git a/scripts/fixup-changelog.sh b/scripts/fixup-changelog.sh new file mode 100755 index 0000000000..97d70b54b7 --- /dev/null +++ b/scripts/fixup-changelog.sh @@ -0,0 +1,14 @@ +#!/bin/bash +set -euxo pipefail +# Adjust d/changelog version to suffix the codename. +# This runs *inside* the container. + +source /etc/os-release +if [[ "$VERSION_CODENAME" == "" ]]; then + # PRETTY_NAME="Debian GNU/Linux bookworm/sid" + # Use awk to split on spaces and / + VERSION_CODENAME=$(echo $PRETTY_NAME | awk '{split($0, a, "[ /]"); print a[4]}') +fi + +version=$(dpkg-parsechangelog -S Version) +sed -i "0,/${version}/ s//${version}+${VERSION_CODENAME}/" debian/changelog diff --git a/workstation-config/mailcap.default b/workstation-config/mailcap.default new file mode 100644 index 0000000000..4c3bb89767 --- /dev/null +++ b/workstation-config/mailcap.default @@ -0,0 +1,7 @@ +# Mailcap acts as a fallback mechanism if MIME type lookup fails in tools like +# xdg-open. Because the Mailcap MIME type definitions do not match the +# ones used by the SecureDrop Workstation, we disable Mailcap for the default +# user using a wildcard rule. Lookup attempts are logged to /var/log/syslog +# and sd-log. + +*/*; logger "Mailcap is disabled." diff --git a/workstation-config/mimeapps.list.sd-app b/workstation-config/mimeapps.list.sd-app new file mode 100644 index 0000000000..6a23b86071 --- /dev/null +++ b/workstation-config/mimeapps.list.sd-app @@ -0,0 +1,297 @@ +[Default Applications] +application/x-dia-diagram=open-in-dvm.desktop; +text/x-vcard=open-in-dvm.desktop; +text/directory=open-in-dvm.desktop; +text/calendar=open-in-dvm.desktop; +application/x-cd-image=open-in-dvm.desktop; +application/x-desktop=open-in-dvm.desktop; +application/x-raw-disk-image=open-in-dvm.desktop; +application/x-raw-disk-image-xz-compressed=open-in-dvm.desktop; +image/x-compressed-xcf=open-in-dvm.desktop; +image/x-xcf=open-in-dvm.desktop; +image/x-psd=open-in-dvm.desktop; +image/x-fits=open-in-dvm.desktop; +image/bmp=open-in-dvm.desktop; +image/gif=open-in-dvm.desktop; +image/x-icb=open-in-dvm.desktop; +image/x-ico=open-in-dvm.desktop; +image/x-pcx=open-in-dvm.desktop; +image/x-portable-anymap=open-in-dvm.desktop; +image/x-portable-bitmap=open-in-dvm.desktop; +image/x-portable-graymap=open-in-dvm.desktop; +image/x-portable-pixmap=open-in-dvm.desktop; +image/x-xbitmap=open-in-dvm.desktop; +image/x-xpixmap=open-in-dvm.desktop; +image/svg+xml=open-in-dvm.desktop; +application/vnd.ms-word=open-in-dvm.desktop; +application/vnd.wordperfect=open-in-dvm.desktop; +application/vnd.sun.xml.writer=open-in-dvm.desktop; +application/vnd.sun.xml.writer.global=open-in-dvm.desktop; +application/vnd.sun.xml.writer.template=open-in-dvm.desktop; +application/vnd.stardivision.writer=open-in-dvm.desktop; +application/vnd.oasis.opendocument.text=open-in-dvm.desktop; +application/vnd.oasis.opendocument.text-template=open-in-dvm.desktop; +application/vnd.oasis.opendocument.text-web=open-in-dvm.desktop; +application/vnd.oasis.opendocument.text-master=open-in-dvm.desktop; +application/vnd.openxmlformats-officedocument.wordprocessingml.document=open-in-dvm.desktop; +application/vnd.openxmlformats-officedocument.wordprocessingml.template=open-in-dvm.desktop; +application/vnd.ms-excel=open-in-dvm.desktop; +application/vnd.stardivision.calc=open-in-dvm.desktop; +application/vnd.sun.xml.calc=open-in-dvm.desktop; +application/vnd.sun.xml.calc.template=open-in-dvm.desktop; +application/vnd.openxmlformats-officedocument.spreadsheetml.sheet=open-in-dvm.desktop; +application/vnd.openxmlformats-officedocument.spreadsheetml.template=open-in-dvm.desktop; +application/vnd.oasis.opendocument.spreadsheet=open-in-dvm.desktop; +application/vnd.oasis.opendocument.spreadsheet-template=open-in-dvm.desktop; +application/vnd.ms-powerpoint=open-in-dvm.desktop; +application/vnd.stardivision.impress=open-in-dvm.desktop; +application/vnd.sun.xml.impress=open-in-dvm.desktop; +application/vnd.sun.xml.impress.template=open-in-dvm.desktop; +application/vnd.oasis.opendocument.presentation=open-in-dvm.desktop; +application/vnd.oasis.opendocument.presentation-template=open-in-dvm.desktop; +application/vnd.openxmlformats-officedocument.presentationml.presentation=open-in-dvm.desktop; +application/vnd.openxmlformats-officedocument.presentationml.template=open-in-dvm.desktop; +application/vnd.stardivision.draw=open-in-dvm.desktop; +application/vnd.sun.xml.draw=open-in-dvm.desktop; +application/vnd.sun.xml.draw.template=open-in-dvm.desktop; +application/vnd.oasis.opendocument.graphics=open-in-dvm.desktop; +application/vnd.oasis.opendocument.graphics-template=open-in-dvm.desktop; +application/vnd.oasis.opendocument.formula=open-in-dvm.desktop; +application/vnd.sun.xml.math=open-in-dvm.desktop; +application/vnd.stardivision.math=open-in-dvm.desktop; +application/vnd.oasis.opendocument.database=open-in-dvm.desktop; +application/vnd.sun.xml.base=open-in-dvm.desktop; +application/pdf=open-in-dvm.desktop; +application/postscript=open-in-dvm.desktop; +application/x-qw=open-in-dvm.desktop; +application/x-gnucash=open-in-dvm.desktop; +application/vnd.lotus-1-2-3=open-in-dvm.desktop; +application/x-oleo=open-in-dvm.desktop; +application/x-gnumeric=open-in-dvm.desktop; +application/x-xbase=open-in-dvm.desktop; +application/x-abiword=open-in-dvm.desktop; +application/x-dvi=open-in-dvm.desktop; +application/x-catalog=open-in-dvm.desktop; +application/x-rpm=open-in-dvm.desktop; +text/csv=open-in-dvm.desktop; +text/plain=open-in-dvm.desktop; +text/html=open-in-dvm.desktop; +application/xhtml+xml=open-in-dvm.desktop; +inode/directory=open-in-dvm.desktop; +x-content/blank-cd=open-in-dvm.desktop; +x-content/blank-dvd=open-in-dvm.desktop; +x-content/blank-bd=open-in-dvm.desktop; +x-content/blank-hddvd=open-in-dvm.desktop; +x-content/video-dvd=open-in-dvm.desktop; +x-content/video-vcd=open-in-dvm.desktop; +x-content/video-svcd=open-in-dvm.desktop; +#x-content/video-bluray=open-in-dvm.desktop; +#x-content/video-hddvd=open-in-dvm.desktop; +x-content/audio-cdda=open-in-dvm.desktop; +x-content/audio-dvd=open-in-dvm.desktop; +x-content/audio-player=open-in-dvm.desktop; +x-content/image-dcf=open-in-dvm.desktop; +x-content/image-picturecd=open-in-dvm.desktop; +# URI scheme handlers +x-scheme-handler/mailto=open-in-dvm.desktop; +x-scheme-handler/http=open-in-dvm.desktop; +x-scheme-handler/https=open-in-dvm.desktop; +application/mxf=open-in-dvm.desktop; +application/ogg=open-in-dvm.desktop; +application/ram=open-in-dvm.desktop; +application/sdp=open-in-dvm.desktop; +application/smil=open-in-dvm.desktop; +application/smil+xml=open-in-dvm.desktop; +application/vnd.apple.mpegurl=open-in-dvm.desktop; +application/vnd.ms-wpl=open-in-dvm.desktop; +application/vnd.rn-realmedia=open-in-dvm.desktop; +application/x-extension-m4a=open-in-dvm.desktop; +application/x-extension-mp4=open-in-dvm.desktop; +application/x-flac=open-in-dvm.desktop; +application/x-flash-video=open-in-dvm.desktop; +application/x-matroska=open-in-dvm.desktop; +application/x-netshow-channel=open-in-dvm.desktop; +application/x-ogg=open-in-dvm.desktop; +application/x-quicktime-media-link=open-in-dvm.desktop; +application/x-quicktimeplayer=open-in-dvm.desktop; +application/x-shorten=open-in-dvm.desktop; +application/x-smil=open-in-dvm.desktop; +application/xspf+xml=open-in-dvm.desktop; +audio/3gpp=open-in-dvm.desktop; +audio/ac3=open-in-dvm.desktop; +audio/AMR=open-in-dvm.desktop; +audio/AMR-WB=open-in-dvm.desktop; +audio/basic=open-in-dvm.desktop; +audio/midi=open-in-dvm.desktop; +audio/mp2=open-in-dvm.desktop; +audio/mp4=open-in-dvm.desktop; +audio/mpeg=open-in-dvm.desktop; +audio/mpegurl=open-in-dvm.desktop; +audio/ogg=open-in-dvm.desktop; +audio/prs.sid=open-in-dvm.desktop; +audio/vnd.rn-realaudio=open-in-dvm.desktop; +audio/x-aiff=open-in-dvm.desktop; +audio/x-ape=open-in-dvm.desktop; +audio/x-flac=open-in-dvm.desktop; +audio/x-gsm=open-in-dvm.desktop; +audio/x-it=open-in-dvm.desktop; +audio/x-m4a=open-in-dvm.desktop; +audio/x-matroska=open-in-dvm.desktop; +audio/x-mod=open-in-dvm.desktop; +audio/x-mp3=open-in-dvm.desktop; +audio/x-mpeg=open-in-dvm.desktop; +audio/x-mpegurl=open-in-dvm.desktop; +audio/x-ms-asf=open-in-dvm.desktop; +audio/x-ms-asx=open-in-dvm.desktop; +audio/x-ms-wax=open-in-dvm.desktop; +audio/x-ms-wma=open-in-dvm.desktop; +audio/x-musepack=open-in-dvm.desktop; +audio/x-pn-aiff=open-in-dvm.desktop; +audio/x-pn-au=open-in-dvm.desktop; +audio/x-pn-realaudio=open-in-dvm.desktop; +audio/x-pn-realaudio-plugin=open-in-dvm.desktop; +audio/x-pn-wav=open-in-dvm.desktop; +audio/x-pn-windows-acm=open-in-dvm.desktop; +audio/x-realaudio=open-in-dvm.desktop; +audio/x-real-audio=open-in-dvm.desktop; +audio/x-s3m=open-in-dvm.desktop; +audio/x-sbc=open-in-dvm.desktop; +audio/x-scpls=open-in-dvm.desktop; +audio/x-speex=open-in-dvm.desktop; +audio/x-stm=open-in-dvm.desktop; +audio/x-tta=open-in-dvm.desktop; +audio/x-wav=open-in-dvm.desktop; +audio/x-wavpack=open-in-dvm.desktop; +audio/x-vorbis=open-in-dvm.desktop; +audio/x-vorbis+ogg=open-in-dvm.desktop; +audio/x-xm=open-in-dvm.desktop; +image/vnd.rn-realpix=open-in-dvm.desktop; +image/x-pict=open-in-dvm.desktop; +misc/ultravox=open-in-dvm.desktop; +text/google-video-pointer=open-in-dvm.desktop; +text/x-google-video-pointer=open-in-dvm.desktop; +video/3gp=open-in-dvm.desktop; +video/3gpp=open-in-dvm.desktop; +video/dv=open-in-dvm.desktop; +video/divx=open-in-dvm.desktop; +video/fli=open-in-dvm.desktop; +video/flv=open-in-dvm.desktop; +video/mp2t=open-in-dvm.desktop; +video/mp4=open-in-dvm.desktop; +video/mp4v-es=open-in-dvm.desktop; +video/mpeg=open-in-dvm.desktop; +video/msvideo=open-in-dvm.desktop; +video/ogg=open-in-dvm.desktop; +video/quicktime=open-in-dvm.desktop; +video/vivo=open-in-dvm.desktop; +video/vnd.divx=open-in-dvm.desktop; +video/vnd.mpegurl=open-in-dvm.desktop; +video/vnd.rn-realvideo=open-in-dvm.desktop; +video/vnd.vivo=open-in-dvm.desktop; +video/webm=open-in-dvm.desktop; +video/x-anim=open-in-dvm.desktop; +video/x-avi=open-in-dvm.desktop; +video/x-flc=open-in-dvm.desktop; +video/x-fli=open-in-dvm.desktop; +video/x-flic=open-in-dvm.desktop; +video/x-flv=open-in-dvm.desktop; +video/x-m4v=open-in-dvm.desktop; +video/x-matroska=open-in-dvm.desktop; +video/x-mpeg=open-in-dvm.desktop; +video/x-mpeg2=open-in-dvm.desktop; +video/x-ms-asf=open-in-dvm.desktop; +video/x-ms-asx=open-in-dvm.desktop; +video/x-msvideo=open-in-dvm.desktop; +video/x-ms-wm=open-in-dvm.desktop; +video/x-ms-wmv=open-in-dvm.desktop; +video/x-ms-wmx=open-in-dvm.desktop; +video/x-ms-wvx=open-in-dvm.desktop; +video/x-nsv=open-in-dvm.desktop; +video/x-ogm+ogg=open-in-dvm.desktop; +video/x-theora+ogg=open-in-dvm.desktop; +video/x-totem-stream=open-in-dvm.desktop; +x-content/video-dvd=open-in-dvm.desktop; +x-content/video-vcd=open-in-dvm.desktop; +x-content/video-svcd=open-in-dvm.desktop; +x-scheme-handler/pnm=open-in-dvm.desktop; +x-scheme-handler/mms=open-in-dvm.desktop; +x-scheme-handler/net=open-in-dvm.desktop; +x-scheme-handler/rtp=open-in-dvm.desktop; +x-scheme-handler/rtmp=open-in-dvm.desktop; +x-scheme-handler/rtsp=open-in-dvm.desktop; +x-scheme-handler/mmsh=open-in-dvm.desktop; +x-scheme-handler/uvox=open-in-dvm.desktop; +x-scheme-handler/icy=open-in-dvm.desktop; +x-scheme-handler/icyx=open-in-dvm.desktop; +application/x-7z-compressed=open-in-dvm.desktop; +application/x-7z-compressed-tar=open-in-dvm.desktop; +application/x-ace=open-in-dvm.desktop; +application/x-alz=open-in-dvm.desktop; +application/x-ar=open-in-dvm.desktop; +application/x-arj=open-in-dvm.desktop; +application/x-bzip=open-in-dvm.desktop; +application/x-bzip-compressed-tar=open-in-dvm.desktop; +application/x-bzip1=open-in-dvm.desktop; +application/x-bzip1-compressed-tar=open-in-dvm.desktop; +application/x-cabinet=open-in-dvm.desktop; +application/x-cbr=open-in-dvm.desktop; +application/x-cbz=open-in-dvm.desktop; +application/x-compress=open-in-dvm.desktop; +application/x-compressed-tar=open-in-dvm.desktop; +application/x-cpio=open-in-dvm.desktop; +application/x-deb=open-in-dvm.desktop; +application/x-ear=open-in-dvm.desktop; +application/x-ms-dos-executable=open-in-dvm.desktop; +application/x-gtar=open-in-dvm.desktop; +application/x-gzip=open-in-dvm.desktop; +application/x-gzpostscript=open-in-dvm.desktop; +application/x-java-archive=open-in-dvm.desktop; +application/x-lha=open-in-dvm.desktop; +application/x-lhz=open-in-dvm.desktop; +application/x-lrzip=open-in-dvm.desktop; +application/x-lrzip-compressed-tar=open-in-dvm.desktop; +application/x-lzip=open-in-dvm.desktop; +application/x-lzip-compressed-tar=open-in-dvm.desktop; +application/x-lzma=open-in-dvm.desktop; +application/x-lzma-compressed-tar=open-in-dvm.desktop; +application/x-lzop=open-in-dvm.desktop; +application/x-lzop-compressed-tar=open-in-dvm.desktop; +application/x-ms-wim=open-in-dvm.desktop; +application/x-rar=open-in-dvm.desktop; +application/x-rar-compressed=open-in-dvm.desktop; +application/x-rzip=open-in-dvm.desktop; +application/x-tar=open-in-dvm.desktop; +application/x-tarz=open-in-dvm.desktop; +application/x-stuffit=open-in-dvm.desktop; +application/x-war=open-in-dvm.desktop; +application/x-xz=open-in-dvm.desktop; +application/x-xz-compressed-tar=open-in-dvm.desktop; +application/x-zip=open-in-dvm.desktop; +application/x-zip-compressed=open-in-dvm.desktop; +application/x-zoo=open-in-dvm.desktop; +application/zip=open-in-dvm.desktop; +application/x-archive=open-in-dvm.desktop; +application/vnd.ms-cab-compressed=open-in-dvm.desktop; +application/x-source-rpm=open-in-dvm.desktop; +image/bmp=open-in-dvm.desktop; +image/gif=open-in-dvm.desktop; +image/jpeg=open-in-dvm.desktop; +image/jpg=open-in-dvm.desktop; +image/pjpeg=open-in-dvm.desktop; +image/png=open-in-dvm.desktop; +image/tiff=open-in-dvm.desktop; +image/x-bmp=open-in-dvm.desktop; +image/x-gray=open-in-dvm.desktop; +image/x-icb=open-in-dvm.desktop; +image/x-ico=open-in-dvm.desktop; +image/x-png=open-in-dvm.desktop; +image/x-portable-anymap=open-in-dvm.desktop; +image/x-portable-bitmap=open-in-dvm.desktop; +image/x-portable-graymap=open-in-dvm.desktop; +image/x-portable-pixmap=open-in-dvm.desktop; +image/x-xbitmap=open-in-dvm.desktop; +image/x-xpixmap=open-in-dvm.desktop; +image/x-pcx=open-in-dvm.desktop; +image/svg+xml=open-in-dvm.desktop; +image/svg+xml-compressed=open-in-dvm.desktop; +image/vnd.wap.wbmp=open-in-dvm.desktop; diff --git a/workstation-config/mimeapps.list.sd-devices-dvm b/workstation-config/mimeapps.list.sd-devices-dvm new file mode 100644 index 0000000000..886a600b0e --- /dev/null +++ b/workstation-config/mimeapps.list.sd-devices-dvm @@ -0,0 +1,298 @@ +[Default Applications] +application/x-sd-export=send-to-usb.desktop; +application/x-dia-diagram=open-in-dvm.desktop; +text/x-vcard=open-in-dvm.desktop; +text/directory=open-in-dvm.desktop; +text/calendar=open-in-dvm.desktop; +application/x-cd-image=open-in-dvm.desktop; +application/x-desktop=open-in-dvm.desktop; +application/x-raw-disk-image=open-in-dvm.desktop; +application/x-raw-disk-image-xz-compressed=open-in-dvm.desktop; +image/x-compressed-xcf=open-in-dvm.desktop; +image/x-xcf=open-in-dvm.desktop; +image/x-psd=open-in-dvm.desktop; +image/x-fits=open-in-dvm.desktop; +image/bmp=open-in-dvm.desktop; +image/gif=open-in-dvm.desktop; +image/x-icb=open-in-dvm.desktop; +image/x-ico=open-in-dvm.desktop; +image/x-pcx=open-in-dvm.desktop; +image/x-portable-anymap=open-in-dvm.desktop; +image/x-portable-bitmap=open-in-dvm.desktop; +image/x-portable-graymap=open-in-dvm.desktop; +image/x-portable-pixmap=open-in-dvm.desktop; +image/x-xbitmap=open-in-dvm.desktop; +image/x-xpixmap=open-in-dvm.desktop; +image/svg+xml=open-in-dvm.desktop; +application/vnd.ms-word=open-in-dvm.desktop; +application/vnd.wordperfect=open-in-dvm.desktop; +application/vnd.sun.xml.writer=open-in-dvm.desktop; +application/vnd.sun.xml.writer.global=open-in-dvm.desktop; +application/vnd.sun.xml.writer.template=open-in-dvm.desktop; +application/vnd.stardivision.writer=open-in-dvm.desktop; +application/vnd.oasis.opendocument.text=open-in-dvm.desktop; +application/vnd.oasis.opendocument.text-template=open-in-dvm.desktop; +application/vnd.oasis.opendocument.text-web=open-in-dvm.desktop; +application/vnd.oasis.opendocument.text-master=open-in-dvm.desktop; +application/vnd.openxmlformats-officedocument.wordprocessingml.document=open-in-dvm.desktop; +application/vnd.openxmlformats-officedocument.wordprocessingml.template=open-in-dvm.desktop; +application/vnd.ms-excel=open-in-dvm.desktop; +application/vnd.stardivision.calc=open-in-dvm.desktop; +application/vnd.sun.xml.calc=open-in-dvm.desktop; +application/vnd.sun.xml.calc.template=open-in-dvm.desktop; +application/vnd.openxmlformats-officedocument.spreadsheetml.sheet=open-in-dvm.desktop; +application/vnd.openxmlformats-officedocument.spreadsheetml.template=open-in-dvm.desktop; +application/vnd.oasis.opendocument.spreadsheet=open-in-dvm.desktop; +application/vnd.oasis.opendocument.spreadsheet-template=open-in-dvm.desktop; +application/vnd.ms-powerpoint=open-in-dvm.desktop; +application/vnd.stardivision.impress=open-in-dvm.desktop; +application/vnd.sun.xml.impress=open-in-dvm.desktop; +application/vnd.sun.xml.impress.template=open-in-dvm.desktop; +application/vnd.oasis.opendocument.presentation=open-in-dvm.desktop; +application/vnd.oasis.opendocument.presentation-template=open-in-dvm.desktop; +application/vnd.openxmlformats-officedocument.presentationml.presentation=open-in-dvm.desktop; +application/vnd.openxmlformats-officedocument.presentationml.template=open-in-dvm.desktop; +application/vnd.stardivision.draw=open-in-dvm.desktop; +application/vnd.sun.xml.draw=open-in-dvm.desktop; +application/vnd.sun.xml.draw.template=open-in-dvm.desktop; +application/vnd.oasis.opendocument.graphics=open-in-dvm.desktop; +application/vnd.oasis.opendocument.graphics-template=open-in-dvm.desktop; +application/vnd.oasis.opendocument.formula=open-in-dvm.desktop; +application/vnd.sun.xml.math=open-in-dvm.desktop; +application/vnd.stardivision.math=open-in-dvm.desktop; +application/vnd.oasis.opendocument.database=open-in-dvm.desktop; +application/vnd.sun.xml.base=open-in-dvm.desktop; +application/pdf=open-in-dvm.desktop; +application/postscript=open-in-dvm.desktop; +application/x-qw=open-in-dvm.desktop; +application/x-gnucash=open-in-dvm.desktop; +application/vnd.lotus-1-2-3=open-in-dvm.desktop; +application/x-oleo=open-in-dvm.desktop; +application/x-gnumeric=open-in-dvm.desktop; +application/x-xbase=open-in-dvm.desktop; +application/x-abiword=open-in-dvm.desktop; +application/x-dvi=open-in-dvm.desktop; +application/x-catalog=open-in-dvm.desktop; +application/x-rpm=open-in-dvm.desktop; +text/csv=open-in-dvm.desktop; +text/plain=open-in-dvm.desktop; +text/html=open-in-dvm.desktop; +application/xhtml+xml=open-in-dvm.desktop; +inode/directory=open-in-dvm.desktop; +x-content/blank-cd=open-in-dvm.desktop; +x-content/blank-dvd=open-in-dvm.desktop; +x-content/blank-bd=open-in-dvm.desktop; +x-content/blank-hddvd=open-in-dvm.desktop; +x-content/video-dvd=open-in-dvm.desktop; +x-content/video-vcd=open-in-dvm.desktop; +x-content/video-svcd=open-in-dvm.desktop; +#x-content/video-bluray=open-in-dvm.desktop; +#x-content/video-hddvd=open-in-dvm.desktop; +x-content/audio-cdda=open-in-dvm.desktop; +x-content/audio-dvd=open-in-dvm.desktop; +x-content/audio-player=open-in-dvm.desktop; +x-content/image-dcf=open-in-dvm.desktop; +x-content/image-picturecd=open-in-dvm.desktop; +# URI scheme handlers +x-scheme-handler/mailto=open-in-dvm.desktop; +x-scheme-handler/http=open-in-dvm.desktop; +x-scheme-handler/https=open-in-dvm.desktop; +application/mxf=open-in-dvm.desktop; +application/ogg=open-in-dvm.desktop; +application/ram=open-in-dvm.desktop; +application/sdp=open-in-dvm.desktop; +application/smil=open-in-dvm.desktop; +application/smil+xml=open-in-dvm.desktop; +application/vnd.apple.mpegurl=open-in-dvm.desktop; +application/vnd.ms-wpl=open-in-dvm.desktop; +application/vnd.rn-realmedia=open-in-dvm.desktop; +application/x-extension-m4a=open-in-dvm.desktop; +application/x-extension-mp4=open-in-dvm.desktop; +application/x-flac=open-in-dvm.desktop; +application/x-flash-video=open-in-dvm.desktop; +application/x-matroska=open-in-dvm.desktop; +application/x-netshow-channel=open-in-dvm.desktop; +application/x-ogg=open-in-dvm.desktop; +application/x-quicktime-media-link=open-in-dvm.desktop; +application/x-quicktimeplayer=open-in-dvm.desktop; +application/x-shorten=open-in-dvm.desktop; +application/x-smil=open-in-dvm.desktop; +application/xspf+xml=open-in-dvm.desktop; +audio/3gpp=open-in-dvm.desktop; +audio/ac3=open-in-dvm.desktop; +audio/AMR=open-in-dvm.desktop; +audio/AMR-WB=open-in-dvm.desktop; +audio/basic=open-in-dvm.desktop; +audio/midi=open-in-dvm.desktop; +audio/mp2=open-in-dvm.desktop; +audio/mp4=open-in-dvm.desktop; +audio/mpeg=open-in-dvm.desktop; +audio/mpegurl=open-in-dvm.desktop; +audio/ogg=open-in-dvm.desktop; +audio/prs.sid=open-in-dvm.desktop; +audio/vnd.rn-realaudio=open-in-dvm.desktop; +audio/x-aiff=open-in-dvm.desktop; +audio/x-ape=open-in-dvm.desktop; +audio/x-flac=open-in-dvm.desktop; +audio/x-gsm=open-in-dvm.desktop; +audio/x-it=open-in-dvm.desktop; +audio/x-m4a=open-in-dvm.desktop; +audio/x-matroska=open-in-dvm.desktop; +audio/x-mod=open-in-dvm.desktop; +audio/x-mp3=open-in-dvm.desktop; +audio/x-mpeg=open-in-dvm.desktop; +audio/x-mpegurl=open-in-dvm.desktop; +audio/x-ms-asf=open-in-dvm.desktop; +audio/x-ms-asx=open-in-dvm.desktop; +audio/x-ms-wax=open-in-dvm.desktop; +audio/x-ms-wma=open-in-dvm.desktop; +audio/x-musepack=open-in-dvm.desktop; +audio/x-pn-aiff=open-in-dvm.desktop; +audio/x-pn-au=open-in-dvm.desktop; +audio/x-pn-realaudio=open-in-dvm.desktop; +audio/x-pn-realaudio-plugin=open-in-dvm.desktop; +audio/x-pn-wav=open-in-dvm.desktop; +audio/x-pn-windows-acm=open-in-dvm.desktop; +audio/x-realaudio=open-in-dvm.desktop; +audio/x-real-audio=open-in-dvm.desktop; +audio/x-s3m=open-in-dvm.desktop; +audio/x-sbc=open-in-dvm.desktop; +audio/x-scpls=open-in-dvm.desktop; +audio/x-speex=open-in-dvm.desktop; +audio/x-stm=open-in-dvm.desktop; +audio/x-tta=open-in-dvm.desktop; +audio/x-wav=open-in-dvm.desktop; +audio/x-wavpack=open-in-dvm.desktop; +audio/x-vorbis=open-in-dvm.desktop; +audio/x-vorbis+ogg=open-in-dvm.desktop; +audio/x-xm=open-in-dvm.desktop; +image/vnd.rn-realpix=open-in-dvm.desktop; +image/x-pict=open-in-dvm.desktop; +misc/ultravox=open-in-dvm.desktop; +text/google-video-pointer=open-in-dvm.desktop; +text/x-google-video-pointer=open-in-dvm.desktop; +video/3gp=open-in-dvm.desktop; +video/3gpp=open-in-dvm.desktop; +video/dv=open-in-dvm.desktop; +video/divx=open-in-dvm.desktop; +video/fli=open-in-dvm.desktop; +video/flv=open-in-dvm.desktop; +video/mp2t=open-in-dvm.desktop; +video/mp4=open-in-dvm.desktop; +video/mp4v-es=open-in-dvm.desktop; +video/mpeg=open-in-dvm.desktop; +video/msvideo=open-in-dvm.desktop; +video/ogg=open-in-dvm.desktop; +video/quicktime=open-in-dvm.desktop; +video/vivo=open-in-dvm.desktop; +video/vnd.divx=open-in-dvm.desktop; +video/vnd.mpegurl=open-in-dvm.desktop; +video/vnd.rn-realvideo=open-in-dvm.desktop; +video/vnd.vivo=open-in-dvm.desktop; +video/webm=open-in-dvm.desktop; +video/x-anim=open-in-dvm.desktop; +video/x-avi=open-in-dvm.desktop; +video/x-flc=open-in-dvm.desktop; +video/x-fli=open-in-dvm.desktop; +video/x-flic=open-in-dvm.desktop; +video/x-flv=open-in-dvm.desktop; +video/x-m4v=open-in-dvm.desktop; +video/x-matroska=open-in-dvm.desktop; +video/x-mpeg=open-in-dvm.desktop; +video/x-mpeg2=open-in-dvm.desktop; +video/x-ms-asf=open-in-dvm.desktop; +video/x-ms-asx=open-in-dvm.desktop; +video/x-msvideo=open-in-dvm.desktop; +video/x-ms-wm=open-in-dvm.desktop; +video/x-ms-wmv=open-in-dvm.desktop; +video/x-ms-wmx=open-in-dvm.desktop; +video/x-ms-wvx=open-in-dvm.desktop; +video/x-nsv=open-in-dvm.desktop; +video/x-ogm+ogg=open-in-dvm.desktop; +video/x-theora+ogg=open-in-dvm.desktop; +video/x-totem-stream=open-in-dvm.desktop; +x-content/video-dvd=open-in-dvm.desktop; +x-content/video-vcd=open-in-dvm.desktop; +x-content/video-svcd=open-in-dvm.desktop; +x-scheme-handler/pnm=open-in-dvm.desktop; +x-scheme-handler/mms=open-in-dvm.desktop; +x-scheme-handler/net=open-in-dvm.desktop; +x-scheme-handler/rtp=open-in-dvm.desktop; +x-scheme-handler/rtmp=open-in-dvm.desktop; +x-scheme-handler/rtsp=open-in-dvm.desktop; +x-scheme-handler/mmsh=open-in-dvm.desktop; +x-scheme-handler/uvox=open-in-dvm.desktop; +x-scheme-handler/icy=open-in-dvm.desktop; +x-scheme-handler/icyx=open-in-dvm.desktop; +application/x-7z-compressed=open-in-dvm.desktop; +application/x-7z-compressed-tar=open-in-dvm.desktop; +application/x-ace=open-in-dvm.desktop; +application/x-alz=open-in-dvm.desktop; +application/x-ar=open-in-dvm.desktop; +application/x-arj=open-in-dvm.desktop; +application/x-bzip=open-in-dvm.desktop; +application/x-bzip-compressed-tar=open-in-dvm.desktop; +application/x-bzip1=open-in-dvm.desktop; +application/x-bzip1-compressed-tar=open-in-dvm.desktop; +application/x-cabinet=open-in-dvm.desktop; +application/x-cbr=open-in-dvm.desktop; +application/x-cbz=open-in-dvm.desktop; +application/x-compress=open-in-dvm.desktop; +application/x-compressed-tar=open-in-dvm.desktop; +application/x-cpio=open-in-dvm.desktop; +application/x-deb=open-in-dvm.desktop; +application/x-ear=open-in-dvm.desktop; +application/x-ms-dos-executable=open-in-dvm.desktop; +application/x-gtar=open-in-dvm.desktop; +application/x-gzip=open-in-dvm.desktop; +application/x-gzpostscript=open-in-dvm.desktop; +application/x-java-archive=open-in-dvm.desktop; +application/x-lha=open-in-dvm.desktop; +application/x-lhz=open-in-dvm.desktop; +application/x-lrzip=open-in-dvm.desktop; +application/x-lrzip-compressed-tar=open-in-dvm.desktop; +application/x-lzip=open-in-dvm.desktop; +application/x-lzip-compressed-tar=open-in-dvm.desktop; +application/x-lzma=open-in-dvm.desktop; +application/x-lzma-compressed-tar=open-in-dvm.desktop; +application/x-lzop=open-in-dvm.desktop; +application/x-lzop-compressed-tar=open-in-dvm.desktop; +application/x-ms-wim=open-in-dvm.desktop; +application/x-rar=open-in-dvm.desktop; +application/x-rar-compressed=open-in-dvm.desktop; +application/x-rzip=open-in-dvm.desktop; +application/x-tar=open-in-dvm.desktop; +application/x-tarz=open-in-dvm.desktop; +application/x-stuffit=open-in-dvm.desktop; +application/x-war=open-in-dvm.desktop; +application/x-xz=open-in-dvm.desktop; +application/x-xz-compressed-tar=open-in-dvm.desktop; +application/x-zip=open-in-dvm.desktop; +application/x-zip-compressed=open-in-dvm.desktop; +application/x-zoo=open-in-dvm.desktop; +application/zip=open-in-dvm.desktop; +application/x-archive=open-in-dvm.desktop; +application/vnd.ms-cab-compressed=open-in-dvm.desktop; +application/x-source-rpm=open-in-dvm.desktop; +image/bmp=open-in-dvm.desktop; +image/gif=open-in-dvm.desktop; +image/jpeg=open-in-dvm.desktop; +image/jpg=open-in-dvm.desktop; +image/pjpeg=open-in-dvm.desktop; +image/png=open-in-dvm.desktop; +image/tiff=open-in-dvm.desktop; +image/x-bmp=open-in-dvm.desktop; +image/x-gray=open-in-dvm.desktop; +image/x-icb=open-in-dvm.desktop; +image/x-ico=open-in-dvm.desktop; +image/x-png=open-in-dvm.desktop; +image/x-portable-anymap=open-in-dvm.desktop; +image/x-portable-bitmap=open-in-dvm.desktop; +image/x-portable-graymap=open-in-dvm.desktop; +image/x-portable-pixmap=open-in-dvm.desktop; +image/x-xbitmap=open-in-dvm.desktop; +image/x-xpixmap=open-in-dvm.desktop; +image/x-pcx=open-in-dvm.desktop; +image/svg+xml=open-in-dvm.desktop; +image/svg+xml-compressed=open-in-dvm.desktop; +image/vnd.wap.wbmp=open-in-dvm.desktop; diff --git a/workstation-config/mimeapps.list.sd-viewer b/workstation-config/mimeapps.list.sd-viewer new file mode 100644 index 0000000000..00a680e68c --- /dev/null +++ b/workstation-config/mimeapps.list.sd-viewer @@ -0,0 +1,32 @@ +[Default Applications] +text/plain=org.gnome.gedit.desktop +text/csv=libreoffice-base.desktop +application/vnd.oasis.opendocument.text=libreoffice-base.desktop +application/vnd.oasis.opendocument.spreadsheet=libreoffice-base.desktop +application/vnd.oasis.opendocument.presentation=libreoffice-base.desktop +application/msword=libreoffice-base.desktop +application/vnd.ms-excel=libreoffice-base.desktop +application/vnd.ms-powerpoint=libreoffice-base.desktop +application/vnd.openxmlformats-officedocument.wordprocessingml.document=libreoffice-base.desktop +application/vnd.openxmlformats-officedocument.spreadsheetml.sheet=libreoffice-base.desktop +application/vnd.openxmlformats-officedocument.presentationml.presentation=libreoffice-base.desktop +application/pdf=org.gnome.Evince.desktop +application/x-desktop=org.gnome.gedit.desktop +audio/mp4=audacious.desktop +audio/mpeg=audacious.desktop +audio/x-vorbis+ogg=audacious.desktop +audio/x-wav=audacious.desktop +video/quicktime=org.gnome.Totem.desktop +video/x-theora+ogg=org.gnome.Totem.desktop +video/mp4=org.gnome.Totem.desktop +video/x-msvideo=org.gnome.Totem.desktop +video/x-ms-wmv=org.gnome.Totem.desktop +image/jpeg=org.gnome.eog.desktop +image/gif=org.gnome.eog.desktop +image/tiff=org.gnome.Evince.desktop +image/png=org.gnome.eog.desktop +image/svg+xml=org.gnome.eog.desktop +image/vnd.djvu=org.gnome.Evince.desktop +application/vnd.rar=org.gnome.FileRoller.desktop +application/zip=org.gnome.FileRoller.desktop +application/x-7z-compressed=org.gnome.FileRoller.desktop diff --git a/workstation-config/open-in-dvm.desktop b/workstation-config/open-in-dvm.desktop new file mode 100644 index 0000000000..a3aaad78e1 --- /dev/null +++ b/workstation-config/open-in-dvm.desktop @@ -0,0 +1,10 @@ +[Desktop Entry] +Type=Application +Version=1.0 +Name=Open in Disposable VM +Comment=Open file in a Disposable VM +TryExec=/usr/bin/qvm-open-in-vm +Exec=/usr/bin/qvm-open-in-vm --view-only @dispvm:sd-viewer %f +Icon=/usr/share/icons/Qubes/dispvm-gray.png +Terminal=false +Categories=Utility diff --git a/workstation-config/paxctld.conf b/workstation-config/paxctld.conf new file mode 100644 index 0000000000..b41b399ff8 --- /dev/null +++ b/workstation-config/paxctld.conf @@ -0,0 +1,117 @@ +# This file was provisioned via securedrop-workstation-svs-disp +# grub + +/usr/bin/grub-script-check E +/usr/bin/grub-bios-setup E +/usr/sbin/grub-mkdevicemap E +/usr/sbin/grub-probe E + +# qemu +/usr/bin/qemu-alpha m +/usr/bin/qemu-arm m +/usr/bin/qemu-armeb m +/usr/bin/qemu-cris m +/usr/bin/qemu-i386 m +/usr/bin/qemu-m68k m +/usr/bin/qemu-microblaze m +/usr/bin/qemu-microblazeel m +/usr/bin/qemu-mips m +/usr/bin/qemu-mips64 m +/usr/bin/qemu-mips64el m +/usr/bin/qemu-mipsel m +/usr/bin/qemu-mipsn32 m +/usr/bin/qemu-mipsn32el m +/usr/bin/qemu-or32 m +/usr/bin/qemu-ppc m +/usr/bin/qemu-ppc64 m +/usr/bin/qemu-ppc64abi32 m +/usr/bin/qemu-s390x m +/usr/bin/qemu-sh4 m +/usr/bin/qemu-sh4eb m +/usr/bin/qemu-sparc m +/usr/bin/qemu-sparc32plus m +/usr/bin/qemu-sparc64 m +/usr/bin/qemu-unicore32 m +/usr/bin/qemu-x86_64 m + +/usr/bin/qemu-system-aarch64 m +/usr/bin/qemu-system-alpha m +/usr/bin/qemu-system-arm m +/usr/bin/qemu-system-cris m +/usr/bin/qemu-system-i386 m +/usr/bin/qemu-system-lm32 m +/usr/bin/qemu-system-m68k m +/usr/bin/qemu-system-microblaze m +/usr/bin/qemu-system-microblazeel m +/usr/bin/qemu-system-mips m +/usr/bin/qemu-system-mips64 m +/usr/bin/qemu-system-mips64el m +/usr/bin/qemu-system-mipsel m +/usr/bin/qemu-system-moxie m +/usr/bin/qemu-system-or32 m +/usr/bin/qemu-system-ppc m +/usr/bin/qemu-system-ppc64 m +/usr/bin/qemu-system-ppcemb m +/usr/bin/qemu-system-s390x m +/usr/bin/qemu-system-sh4 m +/usr/bin/qemu-system-sh4eb m +/usr/bin/qemu-system-sparc m +/usr/bin/qemu-system-sparc64 m +/usr/bin/qemu-system-unicore32 m +/usr/bin/qemu-system-x86_64 m +/usr/bin/qemu-system-xtensa m +/usr/bin/qemu-system-xtensaeb m + +# skype +/usr/lib/skype/skype m +/usr/lib32/skype/skype m + +# steam +/usr/lib32/ld-linux.so.2 m + +# node +/usr/bin/node m + +# chrome +/opt/google/chrome/chrome-sandbox m +/opt/google/chrome/nacl_helper m +/opt/google/chrome/chrome m + +# chromium +/usr/lib/chromium-browser/chromium-browser m + +# firefox +/usr/lib/firefox/firefox m +/usr/lib/firefox/plugin-container m + +# webapp-container +/usr/bin/webapp-container m + +# oxide +/usr/lib/x86_64-linux-gnu/oxide-qt/oxide-renderer m + +# valgrind +/usr/bin/valgrind m + +# python +/usr/bin/python2.7 E +/usr/bin/python3.5 E + +# java +/usr/lib/jvm/java-6-sun-1.6.0.10/jre/bin/java m +/usr/lib/jvm/java-6-sun-1.6.0.10/jre/bin/javaws m +/usr/lib/jvm/java-6-openjdk/jre/bin/java m +/usr/lib/jvm/java-6-openjdk/jre/bin/java m +/usr/lib/jvm/java-8-openjdk/jre/bin/java m +/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java m +# openrc +/lib/rc/bin/lsb2rcconf E + +# libreoffice +# Ubuntu doesn't seem to carry this patch: +# https://bz.apache.org/ooo/show_bug.cgi?id=80816 +# libreoffice will still run fine without the below line, +# but it will report an RWX mprotect attempt +# /usr/lib/libreoffice/program/soffice.bin m + +/usr/bin/totem m