Commit 0159a230 authored by segfault's avatar segfault

Greeter: Move settings files to /var/lib/gdm3/settings (refs: #17136)

To make it easier to persist all of these settings.
parent ef8dc7b5
......@@ -7,9 +7,9 @@
# =====
#
# * /etc/live/config.d/username.conf : $LIVE_USERNAME
# * /var/lib/gdm3/tails.locale : $TAILS_LOCALE_NAME, $TAILS_XKBMODEL,
# * /var/lib/gdm3/settings/tails.locale : $TAILS_LOCALE_NAME, $TAILS_XKBMODEL,
# $TAILS_XKBLAYOUT, $TAILS_XKBVARIANT, $TAILS_XKBOPTIONS, $CODESET
# * /var/lib/gdm3/tails.password : $TAILS_USER_PASSWORD
# * /var/lib/gdm3/settings/tails.password : $TAILS_USER_PASSWORD
# For whatever reason, /usr/sbin (needed by at least chpasswd)
# is not in our PATH
......@@ -76,7 +76,7 @@ log "tails-unblock-network has exited (status=$?)."
### Localization
# Import locale name
. /var/lib/gdm3/tails.locale || log_n_exit "Locale file not found."
. /var/lib/gdm3/settings/tails.locale || log_n_exit "Locale file not found."
if [ -z "${TAILS_LOCALE_NAME}" ] ; then
log_n_exit "Locale variable not found."
fi
......@@ -112,12 +112,12 @@ EOF
### Password
# Import password for superuser access
if [ -e /var/lib/gdm3/tails.password ] ; then
. /var/lib/gdm3/tails.password
if [ -e /var/lib/gdm3/settings/tails.password ] ; then
. /var/lib/gdm3/settings/tails.password
fi
# Remove password file
rm --interactive=never -f /var/lib/gdm3/tails.password
rm --interactive=never -f /var/lib/gdm3/settings/tails.password
# Check if password is actually set
if [ -z "${TAILS_USER_PASSWORD}" ] ; then
......
......@@ -5,7 +5,7 @@ Documentation=https://tails.boum.org/contribute/design/MAC_address/
[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/var/lib/gdm3/tails.network
EnvironmentFile=/var/lib/gdm3/settings/tails.network
# It's important we "export" the settings from tails.macspoof before
# unblocking the network; doing so will make the user-set MAC spoofing
......@@ -14,8 +14,8 @@ EnvironmentFile=/var/lib/gdm3/tails.network
ExecStartPre=/bin/sh -c \
'for setting in macspoof network; do \
/usr/bin/install -m 0640 -o root -g root \
"/var/lib/gdm3/tails.$setting" \
"/var/lib/live/config/tails.$setting" ; \
"/var/lib/gdm3/settings/tails.$setting" \
"/var/lib/live/config/tails.$setting" ; \
done'
ExecStartPre=/bin/sync
ExecStartPre=/bin/sh -c \
......
......@@ -32,17 +32,20 @@ supported_locales_path = os.path.join(data_path, 'supported_locales')
# System locales directory
system_locale_dir = '/usr/share/locale/'
# Directory where the Greeter settings are stored
settings_dir = '/var/lib/gdm3/settings'
# File where session locale settings are stored
locale_output_path = '/var/lib/gdm3/tails.locale'
locale_setting_path = os.path.join(settings_dir, 'tails.locale')
# File where the session sudo password is stored
admin_password_output_path = '/var/lib/gdm3/tails.password'
# World-readable file where Tails persistence status is stored
persistence_state_file = '/var/lib/live/config/tails.persistence'
admin_password_path = os.path.join(settings_dir, 'tails.password')
# File where the network setting is stored
network_setting = '/var/lib/gdm3/tails.network'
network_setting_path = os.path.join(settings_dir, 'tails.network')
# File where the MAC address spoofing setting is stored
macspoof_setting = '/var/lib/gdm3/tails.macspoof'
macspoof_setting_path = os.path.join(settings_dir, 'tails.macspoof')
# World-readable file where Tails persistence status is stored
persistence_state_file = '/var/lib/live/config/tails.persistence'
......@@ -20,7 +20,9 @@
import gi
import logging
import os
from tailsgreeter.config import settings_dir
from tailsgreeter.gdmclient import GdmClient
from tailsgreeter.settings import localization
from tailsgreeter.settings.admin import AdminSetting
......@@ -60,6 +62,9 @@ class GreeterApplication(object):
"/org/gnome/SessionManager",
"org.gnome.SessionManager")
# Create the settings directory
os.makedirs(settings_dir, mode=0o700, exist_ok=True)
# Load models
self.gdmclient = GdmClient(session_opened_cb=self.close_app)
......
......@@ -14,7 +14,7 @@ class AdminSetting(object):
self.password = None
def apply_to_upcoming_session(self):
setting_file = tailsgreeter.config.admin_password_output_path
setting_file = tailsgreeter.config.admin_password_path
if self.password:
with open(setting_file, 'w') as f:
......
......@@ -53,8 +53,8 @@ class LocalisationSettings(object):
self._usermanager_loaded_cb()
def apply_to_upcoming_session(self):
with open(tailsgreeter.config.locale_output_path, 'w') as f:
os.chmod(tailsgreeter.config.locale_output_path, 0o600)
with open(tailsgreeter.config.locale_setting_path, 'w') as f:
os.chmod(tailsgreeter.config.locale_setting_path, 0o600)
f.write('TAILS_LOCALE_NAME=%s\n' % self.language.get_value())
f.write('TAILS_FORMATS=%s\n' % self.formats.get_value())
......
......@@ -12,7 +12,7 @@ class MacSpoofSetting(object):
self.value = True
def apply_to_upcoming_session(self):
setting_file = tailsgreeter.config.macspoof_setting
setting_file = tailsgreeter.config.macspoof_setting_path
with open(setting_file, 'w') as f:
os.chmod(setting_file, 0o600)
f.write("TAILS_MACSPOOF_ENABLED=%s\n" % pipes.quote(str(self.value)).lower())
......
......@@ -16,7 +16,7 @@ class NetworkSetting(object):
self.value = self.NETCONF_DIRECT
def apply_to_upcoming_session(self):
setting_file = tailsgreeter.config.network_setting
setting_file = tailsgreeter.config.network_setting_path
with open(setting_file, 'w') as f:
os.chmod(setting_file, 0o600)
f.write("TAILS_NETCONF=%s\n" % pipes.quote(self.value))
......
......@@ -4,7 +4,7 @@ set -e
set -u
set -x
CONFIG_FILE=/var/lib/gdm3/tails.network
CONFIG_FILE=/var/lib/gdm3/settings/tails.network
NET_MODULES_BLACKLIST=/etc/modprobe.d/all-net-blacklist.conf
# Import the TAILS_NETCONF variable
......
......@@ -37,7 +37,7 @@ When talking about language support in greeter it is important to distinguish be
The available locales dynamically populated into list. Once language is chosen corresponding translation is applied to the widget (if available) but actual locale generation is handled by external script which is activated by GDM on logon.
N. B. TailsGreeter is executed under Debian-gdm user while locale generation requires root access which is available for PostLogin script. This makes very inconvenient usage of env. variables for parameter transfer. That's why parameters to PostLogin script are supplied via temporary files in /var/lib/gdm3/tails.*
N. B. TailsGreeter is executed under Debian-gdm user while locale generation requires root access which is available for PostLogin script. This makes very inconvenient usage of env. variables for parameter transfer. That's why parameters to PostLogin script are supplied via temporary files in /var/lib/gdm3/settings/tails.*
## Additional notes:
......
......@@ -269,7 +269,7 @@ the [[!tails_ticket 5496 desc="Welcome Screen"]] (aka. *tails-greeter*).
* runs `live-persist` to set up persistent data where it belong
* pass information to the user session (at least
`tails-persistence-setup` needs information) through shell variables
set in `/var/lib/gdm3/tails.persistence`
set in `/var/lib/gdm3/settings/tails.persistence`
backend / tails-greeter interface
---------------------------------
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment