10-tbb 9.19 KB
Newer Older
1
2
3
4
5
6
#!/bin/sh

set -eu

echo "Install the Tor Browser"

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Import the TBB_INSTALL, TBB_PROFILE and TBB_EXT variables, which
# contains the paths we will split TBB's actual browser (binaries
# etc), user data and extension into. While this differs from how the
# TBB organizes the files, the end result will be the same, and it's
# practical since when creating a new browser profile we can simply
# copy the profile directory without duplicating all extensions.
. /usr/local/lib/tails-shell-library/tor-browser.sh

download_and_verify_files() {
    local base_url bundles destination apt_proxy
    base_url="${1}"
    bundles="${2}"
    destination="${3}"

    # Use the builder's caching APT proxy, if any
    apt_proxy="$(apt-config --format '%v' dump Acquire::http::Proxy)"
    if [ -n "${apt_proxy}" ]; then
        export HTTP_PROXY="${apt_proxy}"
        export http_proxy="${apt_proxy}"
        export HTTPS_PROXY="${apt_proxy}"
        export https_proxy="${apt_proxy}"
    fi

    echo "${bundles}" | while read expected_sha256 tarball; do
        (
            cd "${destination}"
            echo "Fetching ${base_url}/${tarball} ..."
            curl --remote-name "${base_url}/${tarball}"
        )
        actual_sha256="$(sha256sum "${destination}/${tarball}" | cut -d' ' -f1)"
        if [ "${actual_sha256}" != "${expected_sha256}" ]; then
            echo "SHA256 mismatch for ${tarball}" >&2
            exit 1
        fi
    done
}

44
45
46
47
48
49
50
install_tor_browser() {
    local bundle destination tmp prep
    bundle="${1}"
    destination="${2}"

    tmp="$(mktemp -d)"
    tar -xf "${bundle}" -C "${tmp}" tor-browser_en-US
51
    prep="${tmp}"/tor-browser_en-US/Browser
52
53
54
55

    # Enable our myspell/hunspell dictionaries. TBB only provides the
    # one for en-US, but Debian's seems more comprehensive, so we'll
    # only use Debian's dictionaries.
56
    rm -f "${prep}"/dictionaries/*
57
    for f in /usr/share/hunspell/*.aff /usr/share/hunspell/*.dic; do
Tails developers's avatar
Tails developers committed
58
        ln -s "${f}" "${prep}"/dictionaries/
59
60
    done

61
62
63
64
    # We don't need the Tor binary (and shared libraries) and
    # documentation shipped in the TBB.
    rm -r "${prep}"/TorBrowser/Tor "${prep}"/TorBrowser/Docs

65
66
67
68
    # We don't want tor-launcher to be part of the regular browser
    # profile. Moreover, for the stand-alone tor-launcher we use, we
    # need our patched version. So, the version shipped in the TB
    # really is not useful for us.
69
    rm "${prep}/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi"
70
71
72
73

    # Remove TBB's torbutton since the "Tor test" will fail and about:tor
    # will report an error. We'll install our own Torbutton later, which
    # has the extensions.torbutton.test_enabled boolean pref as a workaround.
74
    rm "${prep}/TorBrowser/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi"
75
76

    # The Tor Browser will fail, complaining about an incomplete profile,
77
    # unless there's a readable TorBrowser/Data/Browser/Caches
78
    # in the directory where the firefox executable is located.
79
80
81
    mkdir -p "${prep}"/TorBrowser/Data/Browser/Caches

    mv "${prep}" "${destination}"
82
83
84
85

    rm -r "${tmp}"
}

86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
install_langpacks_from_bundles() {
    local bundles_dir destination
    bundles_dir="${1}"
    destination="${2}"

    for tarball in "${bundles_dir}"/tor-browser-*.tar.xz; do
        locale="$(echo "${tarball}" | sed "s@^.*/tor-browser-.*_\(.*\)\.tar\.xz@\1@")"
        if [ "${locale}" = en-US ]; then
            continue
        fi
        xpi="tor-browser_${locale}/Browser/TorBrowser/Data/Browser/profile.default/extensions/langpack-${locale}@firefox.mozilla.org.xpi"
        (
            cd "${bundles_dir}"
            tar -xf "${tarball}" "${xpi}"
            mv "${xpi}" "${destination}"
        )
    done
}

105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
get_firefox_version() {
    # The application.ini file
    local appini
    appini="${1}"
    sed -n 's/^Version=\(.*\)$/\1/p' "${appini}"
}

# Create and install a fake iceweasel package so we can install our
# desired Debian-packaged Iceweasel addons
install_fake_iceweasel_pkg() {
    local fake_version tmp
    fake_version="${1}"
    tmp="$(mktemp -d)"
    apt-get install --yes equivs
    cat > "${tmp}"/iceweasel.control << EOF
Section: web
Priority: optional
Homepage: https://tails.boum.org/
Standards-Version: 3.6.2

Package: iceweasel
Version: ${fake_version}
Maintainer: Tails developers <amnesia@boum.org>
Architecture: all
Description: (Fake) Iceweasel
 Make it possible to install Debian's Iceweasel addons without having to
 install a real Iceweasel.
EOF
    (
        cd "${tmp}"
        equivs-build "${tmp}"/iceweasel.control
        dpkg -i "${tmp}"/iceweasel_"${fake_version}"_all.deb
    )
    rm -R "${tmp}"
}

install_debian_extensions() {
    local destination
    destination="${1}"
    apt-get install --yes xul-ext-adblock-plus xul-ext-torbutton
    ln -s /usr/share/xul-ext/adblock-plus/ \
          "${destination}"/'{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}'
    ln -s /usr/share/xul-ext/torbutton/ \
          "${destination}"/torbutton@torproject.org
}

151
create_default_profile() {
152
153
154
    local tbb_profile extensions_dir destination
    tbb_profile="${1}"
    tbb_extensions_dir="${2}"
155
156
157
    destination="${3}"

    rsync -a --exclude bookmarks.html --exclude extensions \
158
          "${tbb_profile}"/ "${destination}"/
159
160
161
162
163

    # Remove TBB's default bridges
    sed -i '/extensions\.torlauncher\.default_bridge\./d' "${destination}"/preferences/extension-overrides.js

    mkdir -p "${destination}"/extensions
164
    for ext in "${tbb_extensions_dir}"/*; do
165
166
167
168
        ln -s "${ext}" "${destination}"/extensions/
    done
}

Tails developers's avatar
Tails developers committed
169
# Get the below with `grep "tor-browser-linux32-.*\.tar.xz" sha256sums.txt`
170
BUNDLES="$(cat <<EOF
Tails developers's avatar
Tails developers committed
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
d43236d3a8b6d9ce17bdc490c5349da7726800113872835e20961609f6cfb0ca  tor-browser-linux32-4.0_ar.tar.xz
b1007109555d79fc0b959343bd204b9f19c22e11b42c760a8a4adc7ee0a5cc88  tor-browser-linux32-4.0_de.tar.xz
2511830a5eea5136e90dc14e309f036d5890d728a0ed3dbb557eeee4d733359c  tor-browser-linux32-4.0_en-US.tar.xz
7e48ab4d0360ace4e481fb145cf7e11da0fe43cf5518e1285d60390cd777e1aa  tor-browser-linux32-4.0_es-ES.tar.xz
560e81777b097a53918d861b5e3864bfcd6641e4be87044b1c9f227266ed9800  tor-browser-linux32-4.0_fa.tar.xz
c28fbad043b66a6fe5d76111232c6bce3a0334f6401c52f152d4941029ac27c5  tor-browser-linux32-4.0_fr.tar.xz
73906106a501a3e9be43d048cd4daaf8146ef9702272661fe40fdaa6378d8ec1  tor-browser-linux32-4.0_it.tar.xz
5497c51bc47d73f047f4b84ff163462134a52e0a3fb511f968df44f3aa65a187  tor-browser-linux32-4.0_ko.tar.xz
c11b8d3b5b8d2488e15c524e85993fbad2261b53a7a16aeee722a0fadeffe28c  tor-browser-linux32-4.0_nl.tar.xz
cad5625b18785a11ee49432e858e776a1b1f02d8c0eda9d2e79358fc1d7793a0  tor-browser-linux32-4.0_pl.tar.xz
29f51b4fb9d51ccab2668f2d84e88850e3458c41400369d4da45410af11b981e  tor-browser-linux32-4.0_pt-PT.tar.xz
4d23c36fce0f56d4316469ba33c2fa079e7cf2eea6e67c4c8a5b271b72e3ce6d  tor-browser-linux32-4.0_ru.tar.xz
463e38b98c93473142d79d65626cc53584c27e77ea799ad2d0702b25d5495093  tor-browser-linux32-4.0_tr.tar.xz
66a00595224dbf2fba1925bcb60e0fb7ae1a6915cb112d903e5f861b68d019f4  tor-browser-linux32-4.0_vi.tar.xz
720e680d42ea939ce2551dbd43559c6960097ae6de45de507da151403dfa5ac9  tor-browser-linux32-4.0_zh-CN.tar.xz
186
187
188
EOF
)"

Tails developers's avatar
Tails developers committed
189
190
# We'll use the en-US bundle as our basis; only langpacks will be
# installed from the other bundles.
191
MAIN_BUNDLE="$(echo "${BUNDLES}" | grep -o "tor-browser-linux32-.*_en-US.tar.xz")"
Tails developers's avatar
Tails developers committed
192
VERSION="$(echo "${MAIN_BUNDLE}" | sed 's/tor-browser-linux32-\(.*\)_en-US.tar.xz/\1/')"
193
194
195
# Note that we cannot use https here since apt-cacher-ng (used by vagrant)
# gets confused and throws a 403. It doesn't matter, though, since we verify
# the checksums of each file downloaded.
196
#TBB_DIST_URL="http://archive.torproject.org/tor-package-archive/torbrowser/${VERSION}"
Tails developers's avatar
Tails developers committed
197
#TBB_DIST_URL="http://www.torproject.org/dist/torbrowser/${VERSION}/"
Tails developers's avatar
Tails developers committed
198
TBB_DIST_URL="http://people.torproject.org/~mikeperry/builds/${VERSION}/"
199
#TBB_DIST_URL="http://people.torproject.org/~gk/testbuilds/${VERSION}"
Tails developers's avatar
Tails developers committed
200
#TBB_DIST_URL="http://people.torproject.org/~linus/builds/${VERSION}"
201
202

TMP="$(mktemp -d)"
203
download_and_verify_files "${TBB_DIST_URL}" "${BUNDLES}" "${TMP}"
204

205
install_tor_browser "${TMP}/${MAIN_BUNDLE}" "${TBB_INSTALL}"
206

207
208
mkdir -p "${TBB_EXT}"
install_langpacks_from_bundles "${TMP}" "${TBB_EXT}"
209

210
211
rm -r "${TMP}"

Tails developers's avatar
Tails developers committed
212
# Let's put all the extensions from TBB in the global extensions
213
# directory...
214
215
mv "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}"
rmdir "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions
216

217
218
# ... and then install a few Iceweasel extension by using a fake
# Iceweasel equivs package to satisfy the dependencies.
219
FIREFOX_VERSION=$(get_firefox_version "${TBB_INSTALL}"/application.ini)
220
221
222
FAKE_ICEWEASEL_VERSION=${FIREFOX_VERSION}+fake1
install_fake_iceweasel_pkg "${FAKE_ICEWEASEL_VERSION}"
install_debian_extensions "${TBB_EXT}"
223

224
mkdir -p "${TBB_PROFILE}"
225
create_default_profile "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default "${TBB_EXT}" "${TBB_PROFILE}"
226

227
228
chown -R root:root "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
chmod -R a+rX "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
229

Tails developers's avatar
Tails developers committed
230
# Make the Tor Browser into the system's default web browser
231
232
update-alternatives --install /usr/bin/x-www-browser x-www-browser /usr/local/bin/tor-browser 99
update-alternatives --install /usr/bin/gnome-www-browser gnome-www-browser /usr/local/bin/tor-browser 99