| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream marked org.mozilla.Thunderbird end-of-life. Flathub split it
into two replacement IDs:
org.mozilla.thunderbird monthly release channel (new default)
org.mozilla.thunderbird_esr ESR / long-term-support channel
Move to the lowercase monthly-release flatpak, which is what Mozilla
now recommends for regular desktop users and gets features at the same
cadence as Firefox.
Renamed references in:
* meta/flatpak.txt - the package list the user installs from
* meta/base.txt - comment in the mail-bits section
* dot_config/sway/config - window-match app_id rule for marking
* dot_config/mimeapps.list - mailto/ics/webcal handler .desktop names
* run_onchange_after_deploy-thunderbird.sh.tmpl - profile path under
~/.var/app/<id>/.thunderbird/
* run_onchange_after_deploy-tb-eer.sh.tmpl - flatpak override target
and sandbox path for External Editor Revived bridge
* run_onchange_after_deploy-pteid-pkcs11.sh.tmpl - Mozilla-family
flatpak NSS DB registration list
* README.md - doc snippets and xdg-mime example
On-host migration:
flatpak install -y flathub org.mozilla.thunderbird
# Preserve accounts, OpenPGP keys, calendars, EER bridge wrapper:
mv ~/.var/app/org.mozilla.Thunderbird ~/.var/app/org.mozilla.thunderbird
flatpak uninstall -y org.mozilla.Thunderbird
chezmoi apply -v
update-desktop-database ~/.local/share/applications 2>/dev/null || true
Verify mail handler:
xdg-mime query default x-scheme-handler/mailto
# -> org.mozilla.thunderbird.desktop
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Both apps support digital signatures via NSS — Okular through Poppler,
LibreOffice natively. Extend the pteid bridge to also register
libpteidpkcs11.so in their per-flatpak ~/.pki/nssdb (single shared DB,
unlike Mozilla's per-profile model).
Refactored the script around two helpers (apply_override, register_in_profile)
and two app tables (MOZILLA_APPS for per-profile, SHARED_NSS_APPS for
single-DB). register_in_profile auto-creates the NSS DB with certutil -N
if missing, since neither Okular nor LibreOffice initialise it on first run.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move Thunderbird from native pacman to org.mozilla.Thunderbird flatpak,
mirroring the LibreWolf migration. Bubblewrap isolates the mail client from
the rest of $HOME (ssh keys, password store, gpg sockets); intra-process
isolation regression is real but minor (same tradeoff as the browser).
Three cross-sandbox glue points handled in repo:
- run_onchange_after_deploy-thunderbird.sh.tmpl: profile path moves from
~/.thunderbird to ~/.var/app/org.mozilla.Thunderbird/.thunderbird
- run_onchange_after_deploy-pteid-pkcs11.sh.tmpl: refactored to iterate
over (LibreWolf, Thunderbird) instead of hard-coding LibreWolf, so
cartão de cidadão signing/encryption works for S/MIME in TB
- run_onchange_after_deploy-tb-eer.sh.tmpl (new): bridges
external-editor-revived's native messaging host into the sandbox via
a flatpak-spawn --host wrapper + relocated manifest
Other surfaces (Bridge, Radicale, libsecret, mako, OpenPGP) are covered
by Flathub default permissions.
Manual one-shot migration on host (after pulling + just sync): close TB,
copy ~/.thunderbird/. into ~/.var/app/org.mozilla.Thunderbird/.thunderbird/,
chezmoi apply -v, then xdg-mime default org.mozilla.Thunderbird.desktop
x-scheme-handler/mailto. Once verified working, archive the old profile
via mv ~/.thunderbird ~/.thunderbird.pre-flatpak.bak.
|
|
|
Cartão de cidadão web authentication needs the libpteidpkcs11.so module
loaded into LibreWolf's NSS database. With both apps now sandboxed in
separate flatpaks, neither can see the other by default.
Add a chezmoi onchange script that, when both flatpaks are installed:
- Resolves the pt.gov.autenticacao install dir + .so path on the host
- Grants LibreWolf flatpak read-only filesystem access to that dir,
--socket=pcsc, and an LD_LIBRARY_PATH so the bundled deps (libxerces,
libcjose, etc.) resolve at dlopen time
- Registers the module in each LibreWolf NSS profile via modutil, with
the path rewritten to /run/host/... as seen from inside the sandbox
- Skips silently when LibreWolf is running (modutil would corrupt the DB)
Hash gate includes the pt.gov.autenticacao line from meta/flatpak.txt so
the override + registration auto-refresh on bundle bumps. Idempotent.
Also explicit pcsc-lite + ccid in meta/extra.txt — they were transitive
deps of the removed autenticacao-gov-pt-bin AUR package; pcscd.socket
in systemd-units/system/base.txt would otherwise fail to activate.
|
sommerfeld