Add support for purple-telegram (telepathy-haze)

Bug #1708375 reported by Khurshid Alam on 2017-08-03
This bug affects 1 person
Affects Status Importance Assigned to Milestone
telepathy-mission-control-5 (Ubuntu)

Bug Description

When using purple telegram through telepathy-haze, it requires following permissions:

    # for purple telegram
    /etc/telegram-purple/server.tglpub r,
    /usr/lib/purple-2*/ r,
    /usr/lib/purple-2/*.so mr,
    /usr/share/locale/*/LC_MESSAGES/*.mo r,
    /usr/share/pixmaps/pidgin/protocols/{16,32,48}/*.png r,
    @{HOME}/.purple/telegram-purple/** rw,
    @{HOME}/.telegram-purple/** rw,

under /usr/lib/telepathy/telepathy-* section. See issue for more details.

I have attached the necessary patch

Khurshid Alam (khurshid-alam) wrote :
bewied (benwiederhake-github) wrote :

I did some work on telegram-purple.

- I don't understand the line `/usr/lib/purple-2*/`. Is the asterisk misplaced, or does telepathy-haze truly create directories with unpredictable names in `/usr/lib/`?
- Heads up: `/etc/telegram-purple/server.tglpub` can be removed once we release 1.4.0. (But doesn't hurt either.)
- telegram-purple is supposed to detect telepathy, and avoid the path `@{HOME}/.purple/telegram-purple/`. Was it really necessary? Please open a bug report and tell us what's in the directory. Was it just "to make sure"? Oh well, doesn't hurt, but shouldn't be necessary either.

Khurshid Alam (khurshid-alam) wrote :

> - I don't understand the line `/usr/lib/purple-2*/`.

You are right. Telegram-purple only creates /usr/lib/purple-2/, so asterix can be removed. In fact I think we don't need "/usr/lib/purple-2*/ r", as "/usr/lib/purple-2/*.so mr", will do the job.

> telegram-purple is supposed to detect telepathy, and avoid the path `@{HOME}/.purple/telegram-purple/`. Was it really necessary?

It should but it doesn't at the moment.

And yes, it is necessary with 1.3.x. The plugin stores data after authentication in either @{HOME}/.purple/telegram-purple/ or @{HOME}/.telegram-purple/ depending on plugin version number. So telepathy-haze would require read/write access to that folder, otherwise apparmor give access-denied and users have to re-authenticate each time after opening the client (empathy).

I will update the patch. Thanks.

Khurshid Alam (khurshid-alam) wrote :


Changed in telepathy-mission-control-5 (Ubuntu):
status: New → Confirmed

The attachment "telepathy-purple.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

Khurshid Alam (khurshid-alam) wrote :

Patch updated

Khurshid Alam (khurshid-alam) wrote :

I have updated the patch. Is there anything else needed for this?

tags: added: bionic
removed: artful
tags: added: cosmic
removed: bionic
Sebastien Bacher (seb128) wrote :

Subscribing the security team to get their input since that changes the apparmor profile

Khurshid Alam (khurshid-alam) wrote :

Updated the patch as quilt patch

Jamie Strandboge (jdstrand) wrote :

I recommend changing these to be:

    # for purple telegram
    /etc/telegram-purple/server.tglpub r,
    /usr/lib/purple-2/*.so mr,
    /usr/share/locale/*/LC_MESSAGES/*.mo r,
    /usr/share/pixmaps/pidgin/protocols/{16,32,48}/*.png r,
    owner @{HOME}/.telegram-purple/ rw,
    owner @{HOME}/{,.purple/}telegram-purple/** rw,

Khurshid Alam (khurshid-alam) wrote :

I have updated the patch with required changes. Thanks.

Simon Quigley (tsimonq2) wrote :

Please add DEP-3 headers here, and preferably reattach as a debdiff with a changelog entry.

Thank you!

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers