Page MenuHomePhabricator

no longer write to home folder directly; use /etc/skel
Closed, ResolvedPublic

Description

rationale:

TODO:

  • no longer have packages (maintainer scripts) directly write to /home
  • use /etc/skel instead
  • copy files from /etc/skel to /home/user at first boot

Related, separate ticket:
ship Tor Browser tarballs in Qubes TemplateVMs in /var/cache/tb-binary and extract in AppVMs at boot time to user's home folder (T417)

Details

Impact
Normal

Event Timeline

Patrick created this task.Oct 17 2015, 6:45 PM
Patrick updated the task description. (Show Details)
Patrick raised the priority of this task from to Needs Triage.
Patrick set Impact to Normal.
Patrick added subscribers: Patrick, marmarek, nrgaway, HulaHoop.
no longer write to home folder directly; use /etc/skel;

https://phabricator.whonix.org/T419

proper error handling in xchat-reset

https://github.com/Whonix/xchat-improved-privacy/commit/aadea76e21b3804c053338bc9449b6c7962a91dd

Patrick updated the task description. (Show Details)Dec 3 2015, 11:43 PM
Patrick triaged this task as Normal priority.

chmod 700 /etc/skel/.gnupg in postinst to prevent gpg permission warning:
https://github.com/Whonix/anon-gpg-tweaks/commit/55b727974acf10ed76ed99c84fa560260d36e540

Patrick changed the task status from Open to Review.Dec 10 2015, 10:34 PM
populate /home/user from /etc/skel at first boot

https://phabricator.whonix.org/T419

https://github.com/Whonix/whonix-base-files/commit/4ee7f32ba8b7dcf87d9ae31d1ade8b00468520af

Patrick updated the task description. (Show Details)Dec 10 2015, 10:35 PM
fix / code simplification

https://phabricator.whonix.org/T419

https://github.com/Whonix/whonix-base-files/commit/9d7da269be22114737317051c5f4c6bce6ca4253

separate done file for Qubes TemplateVMs to make this work with the
current home folder population for Qubes DispVMs.
https://github.com/QubesOS/qubes-core-agent-linux/blob/f380c346cf9af3f058b8ece853d7d4a5ece28815/misc/dispvm-prerun.sh#L6-L12

https://phabricator.whonix.org/T419
https://phabricator.whonix.org/T463

https://github.com/Whonix/whonix-base-files/commit/9ade708ed7288a1fec4a662b2bf062a8ebffc15c

Patrick changed the task status from Review to Open.Apr 26 2016, 10:01 PM

There is a problem with the script which runs as root - https://github.com/Whonix/whonix-base-files/blob/master/usr/lib/anon-base-files/first-boot-skel - with the following commands.

sudo -u "$user_name" cp --verbose --no-clobber --archive --parents --recursive "$fso_basename" "$home_dir"
sudo -u "$user_name" cp --verbose --no-clobber --archive "$fso_basename" "$home_dir"
sudo -u "$user_name" cp --verbose --archive "$skel_folder/.bashrc.whonix" "$home_dir/.bashrc"

sudo -u user is problematic. It's useful to not have files within /home/user being owned by root. But when using sudo -u user we cannot read files from folder /etc/skel/.gnupg, since these are owned by root. This could be solved by using cp as root and the fixing ownership using chown. It's not great since in corner cases (power loss; race conditions) the execution could stop after cp ending up with files owned by root in users's home.

Patrick closed this task as Resolved.Apr 29 2016, 7:00 AM
Patrick claimed this task.