Handle mimetypes for sd-app, sd-viewer and sd-devices in private volume

[emkll]

Status

Ready for review

Description of Changes

Fixes #603

Testing

The changes to the securedrop-workstation-config do not adversely impact mime handling

• On the main branch of this repo
• Build securedrop-workstation-config package with changes from Provide mime and paxctld configuration for template consolidation securedrop-builder#190

PKG_VERSION=0.1.4 make securedrop-workstation-config

• Copy the built deb to sd-workstation folder in the clone of this repo/branch for testing

cp /home/user/debbuild/packaging/securedrop-workstation-config_0.1.4+buster_all.deb sd-workstation/

• Apply the following diff to ensure this version of the package is installed in all VMs:

diff --git a/dom0/fpf-apt-test-repo.sls b/dom0/fpf-apt-test-repo.sls
index 6299198..1ef3f75 100644
--- a/dom0/fpf-apt-test-repo.sls
+++ b/dom0/fpf-apt-test-repo.sls
@@ -42,3 +42,11 @@ install-securedrop-keyring-package:
       - securedrop-keyring
     - require:
       - pkgrepo: configure-apt-test-apt-repo
+
+test-updated-securedrop-config-package:
+   file.managed:
+     - name: /opt/securedrop-config.deb
+     - source: salt://sd/sd-workstation/securedrop-workstation-config_0.1.4+buster_all.deb
+     - mode: 644
+   cmd.run:
+     - name: apt install -y /opt/securedrop-config.deb

• make clone, make all, and make test
• make all completes successfully
• make test completes successfully

Using the changes introduced here, private volume mime handling

• On this branch 603-private-volumes-mimetypes
• Build securedrop-workstation-config package with changes from Provide mime and paxctld configuration for template consolidation securedrop-builder#190

PKG_VERSION=0.1.4 make securedrop-workstation-config

• Copy the built deb to sd-workstation folder in the clone of this repo/branch for testing

cp /home/user/debbuild/packaging/securedrop-workstation-config_0.1.4+buster_all.deb sd-workstation/

• Apply the following diff to ensure this version of the package is installed in all VMs:

diff --git a/dom0/fpf-apt-test-repo.sls b/dom0/fpf-apt-test-repo.sls
index 6299198..1ef3f75 100644
--- a/dom0/fpf-apt-test-repo.sls
+++ b/dom0/fpf-apt-test-repo.sls
@@ -42,3 +42,11 @@ install-securedrop-keyring-package:
       - securedrop-keyring
     - require:
       - pkgrepo: configure-apt-test-apt-repo
+
+test-updated-securedrop-config-package:
+   file.managed:
+     - name: /opt/securedrop-config.deb
+     - source: salt://sd/sd-workstation/securedrop-workstation-config_0.1.4+buster_all.deb
+     - mode: 644
+   cmd.run:
+     - name: apt install -y /opt/securedrop-config.deb

• make clone, make all, and make test
• make all completes successfully
• make test completes successfully
• manual test of mime precedence: in sd-app: cp /opt/sdw/mimeapps.list.sd-viewer /usr/share/applications/mimeapps.list: xdg-open a file should still open in a DispVM. rm ~/.local/share/applications/mimeapps.list should cause xdg-open to open files in sd-app. Recreating the symlink resolves.

Checklist

If you have made code changes

• Linter (make flake8) passes in the development environment (this box may
  be left unchecked, as flake8 also runs in CI)

If you have made changes to the provisioning logic

• All tests (make test) pass in dom0 of a Qubes install

• This PR adds/removes files, and includes required updates to the packaging
  logic in MANIFEST.in and rpm-build/SPECS/securedrop-workstation-dom0-config.spec

[sssoleileraaa]

Didn't get to this today but will run through the test plan in the morning.

[sssoleileraaa]

Right now make dev fails during the test plan from the section called: The changes to the securedrop-workstation-config do not adversely impact mime handling. Here are the errors:

ID: test-updated-securedrop-config-package
Function: file.managed
Name: apt install -y /opt/securedrop-config.deb
Result: False
Comment: Specified file apt install -y /opt/securedrop-config.deb is not an absolute path

ID: install-securedrop-log-package
Function: pkg.installed
Result: False
Comment: One or more requisite failed: fpf-apt-test-repo.test-updated-securedrop-config-package

Going to double check that I followed the test plan accurately and also look at logs in dom0, but maybe you'll see the issue already.

[sssoleileraaa]

Update: Looks like I had a typo (of course!) on the step to apply the diff in the comment. Will run through this again.

[sssoleileraaa]

LGTM - ran throuh the test plan successfully and files can still be opened from the client in a dispvm (sorry for the long delay - had to recreate my qubes workstation but now back in action!)