Commit f5e39edf authored by anonym's avatar anonym
Browse files

Merge remote-tracking branch 'origin/testing' into feature/8548-tor-browser-5.0

parents f7538ff8 78e68491
......@@ -21,12 +21,6 @@ Set_defaults
# Seems like we'll have work to do
Echo_message 'including syslinux in the ISO filesystem'
### Functions
syslinux_deb_version_in_chroot () {
chroot chroot dpkg-query -W -f='${Version}\n' syslinux
}
### Variables
LINUX_BINARY_UTILS_DIR='binary/utils/linux'
WIN32_BINARY_UTILS_DIR='binary/utils/win32'
......@@ -34,31 +28,16 @@ BINARY_MBR_DIR='binary/utils/mbr'
CHROOT_SYSLINUX_BIN='chroot/usr/bin/syslinux'
CHROOT_SYSLINUX_MBR='chroot/usr/lib/SYSLINUX/gptmbr.bin'
CHROOT_TEMP_APT_SOURCES='chroot/etc/apt/sources.list.d/tmp-deb-src.list'
SYSLINUX_DEB_VERSION_IN_CHROOT=$(syslinux_deb_version_in_chroot)
### Functions
syslinux_deb_version_in_chroot () {
chroot chroot dpkg-query -W -f='${Version}\n' syslinux
}
### Main
mkdir -p "$LINUX_BINARY_UTILS_DIR" "$WIN32_BINARY_UTILS_DIR" "$BINARY_MBR_DIR"
# Copy 32-bit syslinux binary
cp "$CHROOT_SYSLINUX_BIN" "$LINUX_BINARY_UTILS_DIR/"
# Copy 64-bit syslinux binary
(
olddir=$(pwd)
workdir=$(mktemp -d)
cd "$workdir"
chroot="$olddir/chroot"
Chroot "$chroot" \
apt-get --yes download \
syslinux:amd64="$SYSLINUX_DEB_VERSION_IN_CHROOT"
dpkg-deb --extract "$chroot"/syslinux_*.deb .
rm "$chroot"/syslinux_*.deb
cp ./usr/bin/syslinux "$olddir/$LINUX_BINARY_UTILS_DIR/syslinux-amd64"
cd "$olddir"
rm -r "$workdir"
)
# Copy syslinux MBR
cp "$CHROOT_SYSLINUX_MBR" "$BINARY_MBR_DIR/mbr.bin"
cat chroot/etc/apt/sources.list chroot/etc/apt/sources.list.d/*.list \
......@@ -68,7 +47,7 @@ cat chroot/etc/apt/sources.list chroot/etc/apt/sources.list.d/*.list \
> "$CHROOT_TEMP_APT_SOURCES"
Chroot chroot apt-get --yes update
Chroot chroot apt-get --yes install dpkg-dev
Chroot chroot apt-get source syslinux="$SYSLINUX_DEB_VERSION_IN_CHROOT"
Chroot chroot apt-get source syslinux="$(syslinux_deb_version_in_chroot)"
cp chroot/syslinux-*/bios/win32/syslinux.exe "$WIN32_BINARY_UTILS_DIR/"
rm -r chroot/syslinux*
rm "$CHROOT_TEMP_APT_SOURCES"
......
#! /bin/sh
# Some of this file was adapted from the Debian Installer's
# build/util/efi-image, which is:
#
# Copyright (C) 2010, 2011 Canonical Ltd.
# Author: Colin Watson <cjwatson@ubuntu.com>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the Free
# Software Foundation; either version 2, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
set -e
set -x
platform="i386-efi"
outdir="binary/EFI/BOOT/grub/$platform"
efi_name="ia32"
grub_cpmodules () {
if [ -z "$1" ] || [ -z "$2" ]; then
echo "usage: $0 OUTPUT-DIRECTORY GRUB-PLATFORM"
return 1
fi
outdir="$1"
platform="$2"
# Copy over GRUB modules, except for those already built in.
cp -a "chroot/usr/lib/grub/$platform"/*.lst "$outdir/"
for x in "chroot/usr/lib/grub/$platform"/*.mod; do
# Some of these exclusions are based on knowledge of module
# dependencies.
case $(basename "$x" .mod) in
configfile|search|search_fs_file|search_fs_uuid|search_label|tar|part_gpt|linux|gzio)
# included in boot image
;;
affs|afs|afs_be|befs|befs_be|minix|nilfs2|sfs|zfs|zfsinfo)
# unnecessary filesystem modules
;;
example_functional_test|functional_test|hello)
# other cruft
;;
*)
cp -a "$x" "$outdir/"
;;
esac
done
}
# Including common functions
. "${LB_BASE:-/usr/share/live/build}"/scripts/build.sh
# Setting static variables
DESCRIPTION="$(Echo 'including GRUB EFI for ia32 in the ISO filesystem')"
HELP=""
USAGE="${PROGRAM}"
# Reading configuration files
Read_conffiles config/all config/bootstrap config/common config/binary
Set_defaults
# Safeguards
[ "${LB_ARCHITECTURE}" = "i386" ] || exit 0
# Seems like we'll have work to do
Echo_message 'including GRUB EFI for ia32 in the ISO filesystem'
# Build the core image
Chroot chroot grub-mkimage -O "$platform" \
-o "/tmp/boot$efi_name.efi" -p "/efi/boot/grub" \
search configfile normal tar fat part_gpt linux \
gzio
mv "chroot/tmp/boot$efi_name.efi" "binary/EFI/BOOT/boot$efi_name.efi"
mkdir -p "$outdir"
grub_cpmodules "$outdir" "$platform"
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
set linux_gfx_mode=
export linux_gfx_mode
load_video
insmod syslinuxcfg
insmod cpuid
echo "Loading syslinux configuration..."
syslinux_configfile /efi/boot/syslinux.cfg
......@@ -138,6 +138,10 @@ Package: libcryptsetup4
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: libestr0
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: libotr5
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
......@@ -238,6 +242,10 @@ Package: python-electrum
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: rsyslog
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: scdaemon
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
......
#! /bin/sh
set -e
echo "Configuring dpkg architectures"
dpkg --add-architecture amd64
......@@ -17,13 +17,15 @@ echo "Localize each supported browser locale"
. /etc/amnesia/environment
TBB_DEFAULT_SEARCHPLUGINS_DIR="${TBB_INSTALL}/browser/searchplugins"
TBB_LOCALIZED_SEACHPLUGINS_DIR="${TBB_INSTALL}/distribution/searchplugins/locale/"
TBB_LOCALIZED_SEARCHPLUGINS_DIR="${TBB_INSTALL}/distribution/searchplugins/locale/"
BROWSER_LOCALIZATION_DIR="/usr/share/tails/browser-localization"
DESCRIPTIONS_FILE="${BROWSER_LOCALIZATION_DIR}/descriptions"
BRANDING_TEMPLATE_FILE="${BROWSER_LOCALIZATION_DIR}/amnesia.properties-template"
BRANDING_DIR="/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/"
NO_SPELLCHECKER_LOCALES="ko nl pl tr zh"
apt-get install imagemagick
# Sanity check that each supported Tor Browser locale has a
# description for how to localize it further.
BROKEN_LOCALES=""
......@@ -59,7 +61,7 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
# locale format, since Firefox isn't very consistent in it.
NORMAL_LOCALE="$(echo "${MOZILLA_LOCALE}" | tr - _)"
LANG_CODE="$(language_code_from_locale "${NORMAL_LOCALE}")"
TARGET_SEARCHPLUGINS_DIR="${TBB_LOCALIZED_SEACHPLUGINS_DIR}/${MOZILLA_LOCALE}"
TARGET_SEARCHPLUGINS_DIR="${TBB_LOCALIZED_SEARCHPLUGINS_DIR}/${MOZILLA_LOCALE}"
mkdir -p "${TARGET_SEARCHPLUGINS_DIR}"
if [ -z "${STARTPAGE_LANG_UI}" ]; then
......@@ -77,6 +79,30 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
"${BROWSER_LOCALIZATION_DIR}/disconnect.xml-template" > \
"${DISCONNECT_PLUGIN}"
# We generate a Wikipedia plugin with localized icons since we
# want to provide both English and the locale's plugin, and
# Firefox' new search bar only shows icons; the description (which
# is localized) is only shown in a pop-up nowdays, so it's easy to
# mix them up.
CAPITALIZED_LANG_CODE="$(echo "${LANG_CODE}" | tr 'a-z' 'A-Z')"
LOCALIZED_WIKIPEDIA_ICON_PATH="/tmp/wikipedia-icon-${LANG_CODE}.png"
WIKIPEDIA_SEARCH_ICON_BASE64_PATH="#{LOCALIZED_WIKIPEDIA_ICON_PATH}.base64"
WIKIPEDIA_ICON_TEMPLATE="${BROWSER_LOCALIZATION_DIR}/Wikipedia-icon.png"
convert "${WIKIPEDIA_ICON_TEMPLATE}" \
-gravity SouthEast -pointsize 130 -font Liberation-Sans-Bold \
-fill black -annotate 0 "${CAPITALIZED_LANG_CODE}" \
+set date:create +set date:modify -define png:exclude-chunk=time \
-resize 16x16 "${LOCALIZED_WIKIPEDIA_ICON_PATH}"
base64 "${LOCALIZED_WIKIPEDIA_ICON_PATH}" | tr -d "\n" > \
"${WIKIPEDIA_SEARCH_ICON_BASE64_PATH}"
sed -e "s/\${LANG_CODE}/${LANG_CODE}/" \
-e "/\${BASE64_PNG_16x16}/ r ${WIKIPEDIA_SEARCH_ICON_BASE64_PATH}" \
-e "/\${BASE64_PNG_16x16}/d" \
"${BROWSER_LOCALIZATION_DIR}/wikipedia.xml-template" > \
"${TARGET_SEARCHPLUGINS_DIR}/wikipedia-${MOZILLA_LOCALE}.xml"
rm "${LOCALIZED_WIKIPEDIA_ICON_PATH}" \
"${WIKIPEDIA_SEARCH_ICON_BASE64_PATH}"
# We use the branding@amnesia.org extension to set some per-locale
# default prefs that set the appropriate localization options.
TARGET_BRANDING_DIR="${BRANDING_DIR}/chrome/locale/${MOZILLA_LOCALE}"
......@@ -134,7 +160,8 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
rm -f "${DEB_PATH_TO_SEARCHPLUGINS}"/amazon*.xml \
"${DEB_PATH_TO_SEARCHPLUGINS}"/bing*.xml \
"${DEB_PATH_TO_SEARCHPLUGINS}"/eBay*.xml \
"${DEB_PATH_TO_SEARCHPLUGINS}"/yahoo*.xml
"${DEB_PATH_TO_SEARCHPLUGINS}"/yahoo*.xml \
"${DEB_PATH_TO_SEARCHPLUGINS}"/wikipedia*.xml
cp "${DEB_PATH_TO_SEARCHPLUGINS}"/* "${TARGET_SEARCHPLUGINS_DIR}"
cd /
rm -r "${TMP}"
......@@ -144,11 +171,21 @@ done < "${DESCRIPTIONS_FILE}"
# This directory is not needed after build time.
rm -r "${BROWSER_LOCALIZATION_DIR}"
# All generated files must be world-readable.
chmod -R a+rX "${TBB_LOCALIZED_SEACHPLUGINS_DIR}" "${BRANDING_DIR}"
# Remove unwanted browser search plugins bundled in the Tor Browser.
rm "${TBB_DEFAULT_SEARCHPLUGINS_DIR}"/yahoo*.xml
# We generate localized versions of the following:
rm "${TBB_DEFAULT_SEARCHPLUGINS_DIR}"/disconnect*.xml
rm "${TBB_DEFAULT_SEARCHPLUGINS_DIR}"/startpage*.xml
rm "${TBB_DEFAULT_SEARCHPLUGINS_DIR}"/wikipedia*.xml
# We want our localized English Wikipedia plugin to be available in
# all locales.
mv "${TBB_LOCALIZED_SEARCHPLUGINS_DIR}/en-US/wikipedia-en-US.xml" \
"${TBB_DEFAULT_SEARCHPLUGINS_DIR}/"
# All generated files must be world-readable.
chmod -R a+rX "${TBB_LOCALIZED_SEARCHPLUGINS_DIR}" \
"${TBB_DEFAULT_SEARCHPLUGINS_DIR}" \
"${BRANDING_DIR}"
apt-get --yes purge imagemagick
#!/bin/sh
set -e
echo "Deleting unused AppArmor profiles"
(
cd /etc/apparmor.d
rm \
apache2.d/phpsysinfo \
sbin.klogd \
sbin.syslogd \
sbin.syslog-ng \
usr.bin.chromium-browser \
usr.lib.dovecot.* \
usr.sbin.dnsmasq \
usr.sbin.dovecot \
usr.sbin.identd \
usr.sbin.mdnsd \
usr.sbin.nmbd \
usr.sbin.ntpd \
usr.sbin.nscd \
usr.sbin.smb*
)
<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">
<ShortName>Wikipedia (${LANG_CODE})</ShortName>
<LongName>Wikipedia (${LANG_CODE})</LongName>
<Description>Wikipedia (${LANG_CODE})</Description>
<Url type="text/html" method="GET" template="http://${LANG_CODE}.wikipedia.org/" resultdomain="wikipedia.org" rel="searchform">
<Param name="search" value="{searchTerms}"/>
<Param name="sourceid" value="Mozilla-search"/>
</Url>
<Image height="16" width="16">data:image/png;base64,
${BASE64_PNG_16x16}
</Image>
</OpenSearchDescription>
......@@ -66,6 +66,7 @@ gksu
aircrack-ng
apparmor
apparmor-profiles
apparmor-profiles-extra
audacity
barry-util
......@@ -124,6 +125,7 @@ gobby-0.5
## breaks lb because of desktop-base.postinst (see Debian bug #467620)
#if ARCHITECTURE i386 amd64
# grub
grub-efi-ia32
#endif
gstreamer0.10-ffmpeg
gstreamer0.10-plugins-base
......@@ -218,7 +220,6 @@ syslinux-efi
# ships isohybrid in syslinux 6.x packaging
syslinux-utils
system-config-printer
systemd
synaptic
torsocks
totem-plugins
......
--- a/etc/apparmor.d/tunables/home 2012-07-17 17:30:16.000000000 +0000
+++ b/etc/apparmor.d/tunables/home 2014-09-17 05:23:26.383556000 +0000
@@ -18,7 +18,7 @@
# @{HOMEDIRS} is a space-separated list of where user home directories
# are stored, for programs that must enumerate all home directories on a
# system.
-@{HOMEDIRS}=/home/
+@{HOMEDIRS}=/home/ /lib/live/mount/overlay/home/
# Also, include files in tunables/home.d for site-specific adjustments to
# @{HOMEDIRS}.
--- a/etc/apparmor.d/usr.bin.pidgin 2014-10-30 17:47:51.945948920 +0100
+++ b/etc/apparmor.d/usr.bin.pidgin 2014-10-30 17:48:29.273511368 +0100
--- a/etc/apparmor.d/usr.bin.pidgin 2015-06-04 12:37:02.453412928 +0000
+++ b/etc/apparmor.d/usr.bin.pidgin 2015-06-04 12:37:40.309205204 +0000
@@ -11,7 +11,7 @@
#include <abstractions/enchant>
#include <abstractions/gnome>
#include <abstractions/ibus>
- #include <abstractions/launchpad-integration>
+ # #include <abstractions/launchpad-integration>
#include <abstractions/nameservice>
#include <abstractions/private-files-strict>
#include <abstractions/ssl_certs>
@@ -46,6 +46,7 @@
/usr/bin/gvfs-open rmix,
/usr/bin/pidgin r,
......@@ -8,3 +17,4 @@
/usr/share/gnome/applications/ r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
--- a/etc/apparmor.d/system_tor 2014-09-12 15:44:48.000000000 +0000
+++ b//etc/apparmor.d/system_tor 2014-09-17 04:41:35.591556000 +0000
@@ -4,8 +4,12 @@
--- a/etc/apparmor.d/system_tor 2015-06-04 12:28:12.243020484 +0000
+++ b/etc/apparmor.d/system_tor 2015-06-04 12:29:32.580249731 +0000
@@ -4,6 +4,9 @@
profile system_tor {
#include <abstractions/tor>
+ owner /etc/tor/torrc w,
+ owner /etc/tor/torrc.* w,
+ /lib/live/mount/overlay/etc/tor/* wl,
+ link /etc/tor/.wh.torrc -> /.wh..wh.aufs,
+ /etc/tor/* w,
+
- owner /var/lib/tor/** rwk,
- owner /var/log/tor/* w,
+ owner /{,lib/live/mount/overlay/}var/lib/tor/** rwk,
+ owner /{,lib/live/mount/overlay/}var/log/tor/* w,
owner /var/lib/tor/** rwk,
owner /var/log/tor/* w,
/{,var/}run/tor/control w,
/{,var/}run/tor/tor.pid w,
--- a/etc/apparmor.d/abstractions/user-tmp 2012-07-17 17:30:16.000000000 +0000
+++ b/etc/apparmor.d/abstractions/user-tmp 2014-09-17 05:39:57.871556000 +0000
@@ -14,7 +14,7 @@
owner @{HOME}/tmp/ rw,
# global tmp directories
- owner /var/tmp/** rwkl,
- /var/tmp/ rw,
- owner /tmp/** rwkl,
- /tmp/ rw,
+ owner /{,lib/live/mount/overlay/}var/tmp/** rwkl,
+ /{,lib/live/mount/overlay/}var/tmp/ rw,
+ owner /{,lib/live/mount/overlay/}tmp/** rwkl,
+ /{,lib/live/mount/overlay/}tmp/ rw,
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment