Support eml

[philmcmahon]

When a user attempts to open an eml file in securedrop workstation, could the behaviour be to open the file in gedit? Currently with eml files the viewer vm starts up then immediately crashes (related issue https://github.com/freedomofpress/securedrop-client/issues/2007)

[micahflee]

I'm looking into this one, as I can see how useful it would be.

We need to choose an email client, and although Thunderbird can be obnoxious, after a brief survey I think it might be the best bet. Here's what I considered:

• Geary is lightweight and pretty, but after testing it out I discovered that it doesn't support opening EML files, it just supports reading email from connected email services.
• Claws Mail could work. It's what Tails used years ago before switching to Thunderbird, but it's ugly and old, and I think people will have a better time with Thunderbird.
• Kmail (KDE's email client) is an option, but it requires loading the template with tons of KDE dependencies.
• Evolution (GNOME's email client) doesn't require too many crazy dependencies I don't think, but I couldn't get it running in an appvm based on sd-large-bookworm-template because of grsec, even after whitelisting /usr/bin/evolution, because of this error:

  2024-05-30T16:28:32.741159-07:00 fake-sd-viewer kernel: [ 2150.244406] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/bin/evolution[evolution:5108] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/bash[bash:4328] uid/euid:1000/1000 gid/egid:1000/1000

So I think Thunderbird is probably the way to go.

In order for Thunderbird to work, we need to add the following line to /etc/paxctld.conf:

/usr/lib/thunderbird/thunderbird-bin    m

Another thing to tackle is that when opening an EML file in thunderbird which hasn't been configured, it tries to run the "set up your existing email address" first run wizard. It would be good to put some sort of empty-ish Thunderbird profile on sd-viewer to prevent this from happening.