Hello, aerc team!
Fedora 34 seems to be missing dante-utils package. Trying to display
html messages fails with the following:
/usr/share/aerc/filters/html: line 5: exec: socksify: not found
Any advice please?
Best regards,
Yuri
On Mon 1 Nov, 2021 at 11:53 PDT, Yuri Kochnev wrote:
> Trying to display html messages fails with the following:> /usr/share/aerc/filters/html: line 5: exec: socksify: not found
Socksify is a nice tool to prevent unwanted internet loads from HTML emails, but it's certainly not _required_.
You can copy /usr/share/aerc/filters/html to, say ~/.config/aerc/filters/html, remove socksify and SOCKS_SERVER from it (e.g. run w3m directly), and then tell aerc to use that filter instead (aerc.conf#filters).
---
Seán C McCord
ulexus@gmail.com
PGP/GPG: https://keys.openpgp.org/vks/v1/by-fingerprint/D9C871CCDEBD2C7A23D83041798DDA5251824DEA
Yuri Kochnev, Nov 01, 2021 at 19:53:
> Fedora 34 seems to be missing dante-utils package. Trying to display
> html messages fails with the following:
> /usr/share/aerc/filters/html: line 5: exec: socksify: not found
> Any advice please?
Hi Yuri,
The socksify command is not a hard requirement. You could add a Fedora
patch to remove it from the filter script.
diff --git a/filters/html b/filters/html
index db7808ac1cb4..99453715db6b 100755
--- a/filters/html+++ b/filters/html
@@ -1,8 +1,7 @@
#!/bin/sh
-# aerc filter which runs w3m using socksify (from the dante package) to prevent-# any phoning home by rendered emails+# aerc filter which runs w3mexport SOCKS_SERVER="127.0.0.1:1"
-exec socksify w3m \+exec w3m \ -T text/html \
-cols $(tput cols) \
-dump \
--
Robin
Hi,
I stumbled upon this as well. I understand it's not required and one
could avoid it, but wouldn't that be a security risk? I.e. wouldn't it
allow malicious HTML e-mails "call home"?
What would be alternative solution?
I don't know enough about networking; all I can think of for now is
running w3m in podman with networking disabled, but that's probably an
overkill..
Thanks,
aL.
--
Alois Mahdal <netvor@vornet.cz>
IRC (netvor at LiberaChat): #shellfu, #starapekarna
WWW: https://netvor.info/
> I don't know enough about networking; all I can think of for now is> running w3m in podman with networking disabled, but that's probably an> overkill..
For those crazy enough to want to try this, here's how I did it:
w3m.Dockerfile:
FROM alpine
RUN apk add w3m
Then run:
IMG_ID=$(podman build -f w3m.Dockerfile .)
podman tag "$IMG_ID" w3m
The filter script is then:
#!/usr/bin/sh
# aerc filter which runs w3m in container with network disabled
exec podman run --network none -i --rm w3m:latest w3m \
-T text/html \
-cols "$(tput cols)" \
-dump \
-o display_image=false \
-o display_link_number=true
but as I said, this is crazy overkill -- there's a noticeable lag
when opening the e-mail part.
Thanks,
aL.
PS: Sadly, for many multi-part messages, rendering html via
w3m gives better results than the text/plain provided by
sender.
--
Alois Mahdal <netvor@vornet.cz>
IRC (netvor at LiberaChat): #shellfu, #starapekarna
WWW: https://netvor.info/
Hi Alois,
Alois Mahdal, Jan 09, 2022 at 22:53:
> I stumbled upon this as well. I understand it's not required and one> could avoid it, but wouldn't that be a security risk? I.e. wouldn't it> allow malicious HTML e-mails "call home"?
Not more than with graphic email clients that directly render HTML.
> What would be alternative solution?
For the record, I am using this instead of w3m:
[filters]
text/html=html2text --wrap-list-items --no-automatic-links --unicode-snob --reference-links --ignore-images --ignore-tables --mark-code
Source: https://github.com/Alir3z4/html2text
This is not a complete HTML engine and it is guaranteed not to perform
any network operations.
Maybe I should update the default html filter provided as an example and
remove any w3m+socksify voodoo. I would personally prefer not to add any
external dependency by default however. I'll have to think some more
about that.
> I don't know enough about networking; all I can think of for now is> running w3m in podman with networking disabled, but that's probably an> overkill..
Probably :D
Hi Robin,
On Mon Jan 10, 2022 at 9:50 AM CET, Robin Jarry wrote:
> Hi Alois,>> Alois Mahdal, Jan 09, 2022 at 22:53:> > I stumbled upon this as well. I understand it's not required and one> > could avoid it, but wouldn't that be a security risk? I.e. wouldn't it> > allow malicious HTML e-mails "call home"?>> Not more than with graphic email clients that directly render HTML.
Don't know about that.
For all I know, any other e-mail clients could be doing the same thing,
ie. calling (bundled) w3m or similar, just taking care of the
sanitization *somehow*... (This is where I inevitably sound naiive.)
I would love for aerc to do the best possible thing here, so that I can
recommend it as, among other things, the true "de-html-crapifier" it
deserves to be.
> > What would be alternative solution?>> For the record, I am using this instead of w3m:>> [filters]> text/html=html2text --wrap-list-items --no-automatic-links> --unicode-snob --reference-links --ignore-images --ignore-tables> --mark-code>> Source: https://github.com/Alir3z4/html2text>> This is not a complete HTML engine and it is guaranteed not to perform> any network operations.
Thanks, I will check this out.
I will be keeping eye on this and maybe send patch if I stumble upon
a trick like that.
> Maybe I should update the default html filter provided as an example and> remove any w3m+socksify voodoo. I would personally prefer not to add any> external dependency by default however. I'll have to think some more> about that.
I'll see how html2text does. So far I really like w3m.
You don't need to add the dependency, It's ok to just mention it in
the config doc. (At least on Fedora, w3m is not a dependency on aerc
and that's perfectly fine.)
> > I don't know enough about networking; all I can think of for now is> > running w3m in podman with networking disabled, but that's probably an> > overkill..>> Probably :D
Yeah, I replaced a voodoo with a bigger voodoo :D
aL.