From 082cb90f1ec0fab0e920144e929f12d05dc47cec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luis=20Guzm=C3=A1n?= <ark@switnet.org>
Date: Tue, 6 Dec 2022 14:03:54 +0000
Subject: [PATCH] gnome-online-accounts: avoid promote questionable online
 services via dconf

---
 helpers/make-gnome-online-accounts | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/helpers/make-gnome-online-accounts b/helpers/make-gnome-online-accounts
index fbafc323..ccd390d2 100644
--- a/helpers/make-gnome-online-accounts
+++ b/helpers/make-gnome-online-accounts
@@ -17,7 +17,7 @@
 #    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 #
 
-VERSION=1
+VERSION=2
 
 . ./config
 
@@ -34,6 +34,34 @@ sed '/0002-livepatch-auth.patch/d' -i debian/patches/series
 sed '/--enable-ubuntu-sso/d' -i debian/rules
 sed 's/--enable-foursquare \\/--enable-foursquare/' -i debian/rules
 
+
+## Avoid promote questionable online services via dconf,
+## still available for users who enable them.
+#https://help.gnome.org/admin/system-admin-guide/stable/lockdown-online-accounts.html.en
+cat << EO-GOA > debian/gnome-online-accounts.postinst
+#!/bin/sh
+# Customize services via dconf
+mkdir -p /etc/dconf/db/local.d/ /etc/dconf/db/local.db/locks
+
+cat << EOF > /etc/dconf/profile/user
+user-db:user
+system-db:local
+EOF
+
+cat << EOF > /etc/dconf/db/local.d/00-goa
+[org/gnome/online-accounts]
+whitelisted-providers= ['kerberos', 'owncloud', 'imap_smtp']
+
+EOF
+
+cat << EOF > /etc/dconf/db/local.db/locks/goa
+# Lock the list of providers that are allowed to be loaded
+/org/gnome/online-accounts/whitelisted-providers
+EOF
+
+dconf update
+EO-GOA
+
 changelog "Remove Snap build dependency"
 
 compile
-- 
GitLab