Page MenuHomePhabricator

/etc/xdg/autostart/ NotShowIn necessary?
Closed, InvalidPublic

Description

https://github.com/nrgaway/qubes-whonix/blob/51ec5194008e71bcfdd9b8e82aa9f76dc2077dc3/debian/qubes-whonix.postinst#L195

# Modify desktop files not to show in Qubes
for item in = /etc/xdg/autostart/pulseaudio-kde.desktop \
/etc/xdg/autostart/gateway_first_run_notice.desktop \
/etc/xdg/autostart/spice-vdagent.desktop \
/etc/xdg/autostart/whonixsetup.desktop \
/etc/xdg/autostart/whonix-setup-wizard.desktop ; do
showIn "${item}" 'NotShowIn=QUBES;'
done

What's the good for? Does it actually make a difference? As far I know, elements in /etc/xdg/autostart are not shown in start menu anyhow. The NotShowIn would be without effect there.

I advice to not modify these files that way, otherwise users run into an interactive dpkg conflict resolution dialog on upgrade of the qubes-whonix package.

Event Timeline

Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: Qubes, Whonix.

Yes its required. It will prevent items from starting in Qubes that we do not want started. The may not show, but they will start if in the autostart directory. This is a Qubes function https://github.com/nrgaway/gui-agent-linux/commit/3287ae87cf00b61d0e9ba8a8f5ca301f9123b3b7#diff-d8b9296a2c6a78a087ed04f21ceadf8aR61

Configuration files should not create Debian conflicts and should prompt the user to use maintainers version or keep existing. Overdidden files are actually not touched; a copy of them is moved into the /usr/share/qubes/xdg/autostart which is given priority over /etc/xdg.

I use this to prevent whonix setup from starting, since I manually start it; otherwise it starts too early in Qubes and you get problems like errors popping up ot it can block for upto a minute.

Its also used for pulseaudio so system apps are not started and only qubes are.

Configuration files should not create Debian conflicts and should prompt the user to use maintainers version or keep existing.

That's what I mean by interactive dpkg conflict resolution dialog. And I find that really non-ideal. Creates lots of concerned noise in the forums.

I use this to prevent whonix setup from starting, since I manually start it; otherwise it starts too early in Qubes and you get problems like errors popping up ot it can block for upto a minute.

Issue introduced by Qubes or Whonix? Does Qubes or Whonix have a ticket for that? I think that is something worth fixing in a way that won't need that kinds of overrides.

Its a Whonix issue at this point; mostly related to systemd I would think. Once you have proper systemd scripts I can easily over-ride them properly. I had to get creative to get the VM to boot reliablably and was one of the reasons tor and swdate is disabled until right before I manually enable them and run the setup-wizard.

As for the xdg/autostart files, the original files located in that directory are not modified at all. The stay in the original state. A copy of it, say whonix-setup-wizard is copied to /usr/share/qubes/xdg/autostart and that files is patches with the 'NotShownIn=Qubes' and since the path to the qubes-xdg directory is before the /etc/xdg/autostart path, the original file will never be processed as I implemented in that code snippet above.

Once you have proper systemd scripts I can easily over-ride them properly.

Why would they need to be overwritten? Can we solve this in Whonix as well?

I am not too sure. Currently all the startup logic is handled in https://github.com/nrgaway/qubes-whonix/blob/9.6-1/usr/lib/qubes-whonix/qubes-whonixsetup.

It is separated into 3 sections, gateway, workstation and template. Currently as stated above I handle the starting of whonix-setup-wizard, tor and sdwdate due to some race conditions as described earlier which should be solved when systemd unit files are created.

I also execute whonix-setup-wizard as follows:
XDG_CURRENT_DESKTOP=gnome sudo /usr/bin/whonix-setup-wizard setup -style gtk+

Adding a gtk+ style so it does not look so ugly on bootup. A common issue among all distros is having styles set for root users. I would like this issue solved across the board so all the Whonix programs started as root are using a preferred style (maybe create another issue for this).

The other thing the qubes-whonixsetup script does is prevent setup from running in a template; since the template does not have complete Internet access (only for apt-get via proxy) AND replacing IP addresses would not work correctly. It also blocks all access, even to updates if the netvm is not set to a whonix-gateway proxy (therefore only allowing updates via tor).

nrgaway claimed this task.

I hope in most cases the hiding/deactivation of these files could be prevented by using cleaner solutions. For some, that might not be possible (maybe not for pulseaudio-kde.desktop, we'll see).

For all files to be hidden I highly recommend using config-package-dev's (available from Debian repo) hide operation. Messing around with files owned by other packages is hard and leads to many issues when updated. That's why there is an abstraction to handle all these cases. Here is a super simple example package, that hides a single file:
https://github.com/Whonix/knetattach-hide

I think the root causes should be fixed in a later version. Feel free to reopen and assign this to a later tag/version.