logo

  Qubes   Bash

Published: 2020-11-04   Last modified: 2020-11-21

Problem

From Thunderbird 78 onwards, Qubes addon for Thunderbird doesn’t work due to changes in the API.

Now to move an attachment to another VM one needs to save it in the Thunderbird VM, to open console, to type qvm-move, or, more securely, qvm-copy and then to shred the file.

There are some solutions proposed in the corresponding Qubes Issue thread, but no one replicates the original mechanism.

Solution

Summary

The idea is simple:

  1. make a designated folder the attachments will be saved into,

  2. have a process watching that folder for new files,

  3. whenever a file (or files) lands in the folder, the watchdog launches qvm-copy, then shreds the file(s).

In such a workflow, all the user needs to do is to click "save" in Thunderbird, then to choose to which VM to send the file(s).

Implementation

  1. Prepare the folders:

    1
    ~$ mkdir ~/tb-attachments/ ~/.cache/tb-attachments

    (The second folder is needed to move an attachment file into before shredding, otherwise the watchdog will be triggered by shred-produced temporary files, see the script below).

  2. Configure Thunderbird to save attachments to the designated folder: Edit → Preferences → General → Save files to.

  3. Make a script file with the following content:

    tb-move-attachment.sh
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
    #!/bin/bash

f="$1"

dir='/home/user/tb-attachments/'
tmpdir='/home/user/.cache/tb-attachments/'

[ -f "$dir$f" ] || exit

qvm-copy "$dir$f"

if [ $? -ne 0 ]; then
    DISPLAY=:0 /usr/bin/notify-send -i error "TB attachments watchdog: qvm-copy FAILED"
else
    mv "$dir$f" "$tmpdir$f"
    shred -uz "$tmpdir$f"
fi

    put it in some place like /usr/local/bin/ and make it executable by

    1
    ~$ chmod u+x /usr/local/bin/tb-move-attachment.sh

  4. Finally, prepare the watchdog which will run the script whenever an attachment is saved. The watchdog is based on inoticoming which is a simple interface to Linux kernel inotify API. It has no dependencies and easily installed by sudo apt install inoticoming. Add the following line to /rw/config/rc.local:

    1
    /usr/bin/inoticoming /home/user/tb-attachments/ su user -c '/usr/local/bin/tb-move-attachment.sh "{}"' \;

    You need to make the rc.local file executable too if you haven’t done that before.

  5. That’s all, reboot the VM and save some attachment to see if it works.

Tags

Posts

2024

April

2022

March
February

2020

November