Page MenuHomePhabricator

Install Icedove (Thunderbird) + TorBirdy + Enigmail
Closed, ResolvedPublic

Details

Impact
Needs Triage

Event Timeline

JasonJAyalaP raised the priority of this task from to Normal.
JasonJAyalaP updated the task description. (Show Details)
JasonJAyalaP added a subscriber: JasonJAyalaP.

Ticket addition: include enigmail package from Debian repos with IceDove.

Patrick renamed this task from Install Icedove (Thunderbird) + TorBirdy to Install Icedove (Thunderbird) + TorBirdy + Enigmail.May 23 2015, 2:23 AM
Patrick updated the task description. (Show Details)
Patrick set Impact to Needs Triage.

sudo apt-get install icedove xul-ext-torbirdy enigmail requires 92.4 MB of additional disk space. Still worth it?

Email is a basic activity that we should provide a secure answer for. However I can see how a growing image size isn't good for Whonix infrastructure.

How about introducing install scripts that fetch packages optionally and configure them as needed? Its like tbb-launcher except the distribution and verification is all handled by apt. Icedove doesn't need configuration of safe defaults but electrum would. Uninstalling would be manual and not covered by scripts .

That way we can give people secure defaults while not bloating up the image to cover every use case under the sun.

How we present these scripts is another thing:

Will they be icons that run the script like tbb? Not a solution because desktop clutter.

How about a folder on the desktop with the install scripts inside and a way to run them be double clicking - no terminal needed? The script names would be straightforward for example this one is called "Email" and so on.

For example let's say electrum creates a folder under the user's home directory for its settings (like xchat). Can whonix ship with an artificially created folder containing the wrapper script or will it be overwritten when the user installs the program?

If its the latter, the install script will need to move the wrapper script into the program's directory from another location, after the install is done.

install scripts:
Probably not. apt-get automation is very difficult due to issues introduced at a higher levels. More info:
https://www.whonix.org/wiki/Dev/Automatic_Updates

electrum:
https://phabricator.whonix.org/T215#3208

FAI is a flexible framework for unattended Debian installs but can be used for much more including automatic package installs. Its a decade old and robust, used for massive Debian deployments. Each feature can be used alone.

The idea here is to tell FAI the packages we want and it handles apt completely. Seems to get around the problems of talking to apt directly. What do you think?

https://wiki.debian.org/FAI

http://fai-project.org/fai-guide/_anchor_id_config_xreflabel_config_installation_details.html#packageconfig

It's a different category of tool. More like in the category as grml-debootstrap. A handy tool for sysadmins. Not so much for distributions. Not for install scripts after the system has already been installed.

I'm happy with the documentation. You can close this if you want.

I am not happy with documentation yet.

If you read the help for Convenient Encryption (help button next to this button), it sounds pretty insecure. I am not opposed to anyone using gpg like this in a causal not so caring way, but it's not something to encourage in a security guide. Also 'confirm before sending', 'Always' should stay recommended for serious usage.

Also, we're not jessie based yet (therefore install from Debian repository unfortunately not yet possible), Whonix 11 stable not out yet.

Also 'confirm before sending', 'Always' should stay recommended for serious usage.

I don't see this option in Enigmail the menus have changed since the instructions were made and so I thought this obsolete option became Convenient Encryption.

Also, we're not jessie based yet (therefore install from Debian repository unfortunately not yet possible), Whonix 11 stable not out yet.

Please change them to Jessie instructions whenever you release stable.

In T113#5304, @HulaHoop wrote:

Also 'confirm before sending', 'Always' should stay recommended for serious usage.

I don't see this option in Enigmail the menus have changed since the instructions were made and so I thought this obsolete option became Convenient Encryption.

See this screenshot:
{F79}

These settings should do.

Patrick raised the priority of this task from Normal to High.Jun 21 2015, 2:43 PM

If you decided to integrate Icedove in Whonix can you please set it to open links in messages from Tor Browser?

You mean

  1. open icedove
  2. see some link
  3. click the link
  4. opens the link in Tor Browser

?

We're already doing this.

Implemented by:
https://github.com/Whonix/tb-default-browser

There is just a related apparmor question:
https://www.whonix.org/forum/index.php/topic,97.msg8765.html#msg8765

You mean

open icedove
see some link
click the link
opens the link in Tor Browser

Yeah.

Good stuff, thanks

Patrick claimed this task.

Install Icedove (Thunderbird) + TorBirdy + Enigmail, added icedove, enigmail and xul-ext-torbirdy to anon-workstation-packages-recommended - https://phabricator.whonix.org/T113:
https://github.com/Whonix/anon-meta-packages/commit/33c41008270345b8f780e0a4afaf35afde8ec56d