My linux config and rc files https://git.sommerfeld.dev/dotfiles/atom/run_onchange_after_deploy-tb-eer.sh.tmpl?h=master 2026-05-29T10:18:16Z 2026-05-29T10:18:16Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-29T10:18:16Z urn:sha1:be3c6fda881bc11d5123d6b3a09ce9d250199b32 The AUR `external-editor-revived` PKGBUILD declares a hard `thunderbird` dependency, which blocks removing the unused system Thunderbird binary alongside the org.mozilla.thunderbird flatpak (and pacman's `AssumeInstalled` is a CLI flag, not a pacman.conf directive, so the previous workaround was nonfunctional). Nixpkgs' `external-editor-revived` is just `rustPlatform.buildRustPackage` plus a relocatable native-messaging manifest — zero mailer dep — so the host gets it from nix instead. * nix/host.nix: add `external-editor-revived` to `home.packages`. Kept out of `common.nix` so the remote-dev VM (which has no Thunderbird) doesn't carry the build closure. * run_onchange_after_deploy-tb-eer.sh.tmpl: search `~/.nix-profile/{bin,lib/mozilla/native-messaging-hosts}` first and fall through to the legacy pacman paths. The chezmoi manifest-hash probe now checks the nix path too, so the hook re-runs cleanly when nix bumps the EER version. * meta/base.txt: drop the `external-editor-revived` AUR entry and rewrite the comment to point at the nix declaration. * etc/pacman.conf: revert the bogus `AssumeInstalled` directive (CLI-only, not pacman.conf). On-host migration: home-manager switch --flake ~/dotfiles/nix#host # picks up EER sudo pacman -Rns external-editor-revived thunderbird mpv chezmoi apply -v # re-runs tb-eer hook 2026-05-29T10:18:15Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-29T10:18:15Z urn:sha1:d1536ec455abc28a2bde34281d4b33cdad398436 Upstream marked org.mozilla.Thunderbird end-of-life. Flathub split it into two replacement IDs: org.mozilla.thunderbird monthly release channel (new default) org.mozilla.thunderbird_esr ESR / long-term-support channel Move to the lowercase monthly-release flatpak, which is what Mozilla now recommends for regular desktop users and gets features at the same cadence as Firefox. Renamed references in: * meta/flatpak.txt - the package list the user installs from * meta/base.txt - comment in the mail-bits section * dot_config/sway/config - window-match app_id rule for marking * dot_config/mimeapps.list - mailto/ics/webcal handler .desktop names * run_onchange_after_deploy-thunderbird.sh.tmpl - profile path under ~/.var/app/<id>/.thunderbird/ * run_onchange_after_deploy-tb-eer.sh.tmpl - flatpak override target and sandbox path for External Editor Revived bridge * run_onchange_after_deploy-pteid-pkcs11.sh.tmpl - Mozilla-family flatpak NSS DB registration list * README.md - doc snippets and xdg-mime example On-host migration: flatpak install -y flathub org.mozilla.thunderbird # Preserve accounts, OpenPGP keys, calendars, EER bridge wrapper: mv ~/.var/app/org.mozilla.Thunderbird ~/.var/app/org.mozilla.thunderbird flatpak uninstall -y org.mozilla.Thunderbird chezmoi apply -v update-desktop-database ~/.local/share/applications 2>/dev/null || true Verify mail handler: xdg-mime query default x-scheme-handler/mailto # -> org.mozilla.thunderbird.desktop 2026-05-13T12:43:25Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-13T12:43:25Z urn:sha1:79d68fcc03c1639c1f13343b4b7d5f9f06274295 Move Thunderbird from native pacman to org.mozilla.Thunderbird flatpak, mirroring the LibreWolf migration. Bubblewrap isolates the mail client from the rest of $HOME (ssh keys, password store, gpg sockets); intra-process isolation regression is real but minor (same tradeoff as the browser). Three cross-sandbox glue points handled in repo: - run_onchange_after_deploy-thunderbird.sh.tmpl: profile path moves from ~/.thunderbird to ~/.var/app/org.mozilla.Thunderbird/.thunderbird - run_onchange_after_deploy-pteid-pkcs11.sh.tmpl: refactored to iterate over (LibreWolf, Thunderbird) instead of hard-coding LibreWolf, so cartão de cidadão signing/encryption works for S/MIME in TB - run_onchange_after_deploy-tb-eer.sh.tmpl (new): bridges external-editor-revived's native messaging host into the sandbox via a flatpak-spawn --host wrapper + relocated manifest Other surfaces (Bridge, Radicale, libsecret, mako, OpenPGP) are covered by Flathub default permissions. Manual one-shot migration on host (after pulling + just sync): close TB, copy ~/.thunderbird/. into ~/.var/app/org.mozilla.Thunderbird/.thunderbird/, chezmoi apply -v, then xdg-mime default org.mozilla.Thunderbird.desktop x-scheme-handler/mailto. Once verified working, archive the old profile via mv ~/.thunderbird ~/.thunderbird.pre-flatpak.bak.