Replace sdw-login.py and xdg autostart .desktop file with systemd use…

…r unit.
freedomofpress · Jun 17, 2024 · 7c8e768 · 7c8e768
1 parent 5b4d10a
commit 7c8e768
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 59 deletions.
diff --git a/files/[email protected] b/files/[email protected]
@@ -0,0 +1,24 @@
+# SDW Updater systemd autostart unit: run sdw-updater (updater or login)
+# For more information about the graphical-session.target, see
+# https://manpages.debian.org/testing/systemd/systemd.special.7.en.html#Special_Passive_User_Units
+# and https://github.com/systemd/systemd/commit/c92fcc4f4375b0.
+# Additional troubleshooting may be required in some advanced cases (eg for i3 users,
+# see see https://github.com/i3/i3/issues/5186).
+# Note that the name of this unit follows a specific format, allowing for
+# compatibility with systemd's `xdg-desktop-autostart.target`.
+
+[Unit]
+Description=Start SecureDrop sdw-updater Login/Updater
+PartOf=graphical-session.target
+After=graphical-session.target
+
+[Service]
+Type=exec
+ExitType=cgroup
+ExecStart=:/usr/bin/sdw-updater
+Restart=no
+# https://www.freedesktop.org/software/systemd/man/latest/systemd.slice.html
+Slice=app.slice
+# xdg-autostart-condition OnlyShowIn="XFCE" NotShowIn=""
+# https://www.freedesktop.org/software/systemd/man/latest/systemd-xdg-autostart-generator.html
+ExecCondition=/usr/lib/systemd/systemd-xdg-autostart-condition "XFCE" ""
diff --git a/files/sdw-login.py b/files/sdw-login.py
diff --git a/rpm-build/SPECS/securedrop-workstation-dom0-config.spec b/rpm-build/SPECS/securedrop-workstation-dom0-config.spec
@@ -90,7 +90,6 @@ install -m 644 files/securedrop-128x128.png %{buildroot}/%{_datadir}/icons/hicol
 install -m 644 files/securedrop-scalable.svg %{buildroot}/%{_datadir}/icons/hicolor/scalable/apps/securedrop.svg
 install -m 755 files/sdw-updater.py %{buildroot}/%{_bindir}/sdw-updater
 install -m 755 files/sdw-notify.py %{buildroot}/%{_bindir}/sdw-notify
-install -m 755 files/sdw-login.py %{buildroot}/%{_bindir}/sdw-login
 install -m 644 files/sdw-notify.service %{buildroot}/%{_userunitdir}/
 install -m 644 files/sdw-notify.timer %{buildroot}/%{_userunitdir}/
 install -m 644 files/securedrop-logind-override-disable.service %{buildroot}/%{_unitdir}/
@@ -106,6 +105,8 @@ install -m 755 -d %{buildroot}/etc/systemd/logind.conf.d/
 install -m 644 files/10-securedrop-logind_override.conf %{buildroot}/etc/systemd/logind.conf.d/
 install -m 644 files/securedrop-user-xfce-settings.service %{buildroot}/%{_userunitdir}/
 install -m 644 files/securedrop-user-xfce-icon-size.service %{buildroot}/%{_userunitdir}/
+install -m 644 files/[email protected] %{buildroot}/%{_userunitdir}/
+
 
 %files
 %attr(755, root, root) %{_datadir}/%{name}/scripts/clean-salt
@@ -115,7 +116,6 @@ install -m 644 files/securedrop-user-xfce-icon-size.service %{buildroot}/%{_user
 %attr(755, root, root) %{_bindir}/sdw-admin
 %{_datadir}/%{name}/config.json.example
 /srv/salt/securedrop_salt/*
-%attr(755, root, root) %{_bindir}/sdw-login
 %attr(755, root, root) %{_bindir}/sdw-notify
 %attr(755, root, root) %{_bindir}/sdw-updater
 %attr(644, root, root) %{_datadir}/applications/press.freedom.SecureDropUpdater.desktop
@@ -130,6 +130,7 @@ install -m 644 files/securedrop-user-xfce-icon-size.service %{buildroot}/%{_user
 %{_userunitdir}/sdw-notify.timer
 %{_userunitdir}/securedrop-user-xfce-settings.service
 %{_userunitdir}/securedrop-user-xfce-icon-size.service
+%{_userunitdir}/[email protected]
 %{_unitdir}/securedrop-logind-override-disable.service
 
 %attr(664, root, root) /etc/qubes/policy.d/31-securedrop-workstation.policy
@@ -164,6 +165,9 @@ systemctl enable securedrop-logind-override-disable.service
 systemctl --global enable securedrop-user-xfce-icon-size.service ||:
 systemctl --global enable securedrop-user-xfce-settings.service ||:
 
+# Invoke login/updater on boot
+systemctl --global enable [email protected] ||:
+
 %preun
 # If we're uninstalling (vs upgrading)
 if [ $1 -eq 0 ]; then

diff --git a/securedrop_salt/dom0-xfce-desktop-file.j2 b/securedrop_salt/dom0-xfce-desktop-file.j2
diff --git a/securedrop_salt/sd-dom0-files.sls b/securedrop_salt/sd-dom0-files.sls
@@ -55,29 +55,6 @@ dom0-install-debian-minimal-template:
 
 {% set gui_user = salt['cmd.shell']('groupmems -l -g qubes') %}
 
-dom0-login-autostart-directory:
- file.directory:
- - name: /home/{{ gui_user }}/.config/autostart
- - user: {{ gui_user }}
- - group: {{ gui_user }}
- - mode: 700
- - makedirs: True
-
-dom0-login-autostart-desktop-file:
- file.managed:
- - name: /home/{{ gui_user }}/.config/autostart/press.freedom.SecureDropUpdater.desktop
- - source: "salt://securedrop_salt/dom0-xfce-desktop-file.j2"
- - template: jinja
- - context:
- desktop_name: SDWLogin
- desktop_comment: Updates SecureDrop Workstation DispVMs at login
- desktop_exec: /usr/bin/sdw-login
- - user: {{ gui_user }}
- - group: {{ gui_user }}
- - mode: 664
- - require:
- - file: dom0-login-autostart-directory
-
 dom0-securedrop-launcher-desktop-shortcut:
  file.managed:
  - name: /home/{{ gui_user }}/Desktop/press.freedom.SecureDropUpdater.desktop