10-tbb 7.71 KB
Newer Older
1
2
3
4
5
6
#!/bin/sh

set -eu

echo "Install the Tor Browser"

Tails developers's avatar
Tails developers committed
7
# Get the below with `grep "tor-browser-linux32-.*\.tar.xz" sha256sums.txt`
8
BUNDLES="$(cat <<EOF
Tails developers's avatar
Tails developers committed
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
fe920b32b105a9c356af44f2f64652cdda9144b26b9c9d49e48b9a73d03a9b05  tor-browser-linux32-4.0-alpha-3_ar.tar.xz
594212333fccbf5a069f9656f09f683cba7ade0807042b0d3acd5f53b417705d  tor-browser-linux32-4.0-alpha-3_de.tar.xz
06100939b3260b4beafc20090e291e007229fc1a0858e8316844087d37bfc10f  tor-browser-linux32-4.0-alpha-3_en-US.tar.xz
65d4649d17a509232984a0f422bec52b70788d347212b6df34333575cd565951  tor-browser-linux32-4.0-alpha-3_es-ES.tar.xz
a8d38e3e7277d4964b0df85698b2465cd051298b25d2efe792eddd630676ed3a  tor-browser-linux32-4.0-alpha-3_fa.tar.xz
e627d5234da400f6d25042ace6fa596e9ff651ce1568f7c4a208cfe78914f265  tor-browser-linux32-4.0-alpha-3_fr.tar.xz
c06af5211c7ec2f0d5faa27f09759617a60d16d4ad21b212bedc7ac7f6bd8891  tor-browser-linux32-4.0-alpha-3_it.tar.xz
dbb8238785bc3fd69657b74148dbede7a6f478c5490d6d9de7220d3b83fe1c6d  tor-browser-linux32-4.0-alpha-3_ko.tar.xz
76f703e78874bbbb40e6f57989aa6b52c9681bee3c414f425f9c3957aa006811  tor-browser-linux32-4.0-alpha-3_nl.tar.xz
7b88b20d413666109fe24b66de9702387ca2584725501880ce86af1a256829c6  tor-browser-linux32-4.0-alpha-3_pl.tar.xz
c06c0149976ab98d11c8a551749fbd2c18db0790cf0918c75a628d4987c0f6eb  tor-browser-linux32-4.0-alpha-3_pt-PT.tar.xz
37d1d4cb066fada40d594589df4047ea2b2f36041a89ed919d74ef5fa7cc81a3  tor-browser-linux32-4.0-alpha-3_ru.tar.xz
7ba4cdff727cae576a18e6268b68155f77cc85e975d65dce9fac4071b1355970  tor-browser-linux32-4.0-alpha-3_tr.tar.xz
1ac091e600853a02f2012fc939cb0c635cc674b5321d89e8af981c324775dfe7  tor-browser-linux32-4.0-alpha-3_vi.tar.xz
d16fc17581bf4741f76268b57e7bd3cd249ee97328b8b508366cef85fbc1ee01  tor-browser-linux32-4.0-alpha-3_zh-CN.tar.xz
24
25
26
27
28
29
30
31
EOF
)"

MAIN_BUNDLE="$(echo "${BUNDLES}" | grep -o "tor-browser-linux32-.*_en-US.tar.xz")"
VERSION="$(echo "${MAIN_BUNDLE}" | sed 's/tor-browser-linux32-\(.*\)_en-US.tar.xz/\1/')"
# Note that we cannot use https here since apt-cacher-ng (used by vagrant)
# gets confused and throws a 403. It doesn't matter, though, since we verify
# the checksums of each file downloaded.
Tails developers's avatar
Tails developers committed
32
TBB_DIST_URL="http://archive.torproject.org/tor-package-archive/torbrowser/${VERSION}"
Tails developers's avatar
Tails developers committed
33
#TBB_DIST_URL="http://www.torproject.org/dist/torbrowser/${VERSION}/"
Tails developers's avatar
Tails developers committed
34
#TBB_DIST_URL="http://people.torproject.org/~mikeperry/builds/${VERSION}/"
35

36
37
38
39
40
41
42
# Import the TBB_INSTALL, TBB_PROFILE and TBB_EXT variables, which
# contains the paths we will split TBB's actual browser (binaries
# etc), user data and extension into. While this differs from how the
# TBB organizes the files, the end result will be the same, and it's
# practical since when creating a new browser profile we can simply
# copy the profile directory without duplicating all extensions.
. /usr/local/lib/tails-shell-library/tor-browser.sh
43
44
45
mkdir -p "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"

# Use the builder's caching APT proxy, if any
46
47
APT_PROXY="$(apt-config --format '%v' dump Acquire::http::Proxy)"
if [ -n "${APT_PROXY}" ]; then
48
49
50
51
52
53
54
55
56
57
58
59
    export HTTP_PROXY="${APT_PROXY}"
    export http_proxy="${APT_PROXY}"
    export HTTPS_PROXY="${APT_PROXY}"
    export https_proxy="${APT_PROXY}"
fi

TMP="$(mktemp -d)"

echo "${BUNDLES}" | while read expected_sha256 tarball; do
    (
        cd "${TMP}"
        echo "Fetching ${TBB_DIST_URL}/${tarball} ..."
Tails developers's avatar
Tails developers committed
60
        curl --remote-name "${TBB_DIST_URL}/${tarball}"
61
62
63
64
65
66
67
68
    )
    actual_sha256="$(sha256sum "${TMP}/${tarball}" | cut -d' ' -f1)"
    if [ "${actual_sha256}" != "${expected_sha256}" ]; then
        echo "SHA256 mismatch for ${tarball}" >&2
        exit 1
    fi
done

69
# We'll use the en-US bundle as our basis...
70
tar -xf "${TMP}/${MAIN_BUNDLE}" -C "${TMP}" tor-browser_en-US
71
72
73
74
75
76
77
78
79
80
TBB_PREP="${TMP}"/tor-browser_en-US

# ... only extracting the localization addon from the other ones, which
# we'll put in a global extensions directory that we'll symlink to so
# we don't have to deal with wasteful copies.
for tarball in "${TMP}"/tor-browser-*.tar.xz; do
    locale="$(echo "${tarball}" | sed "s@^.*/tor-browser-.*_\(.*\)\.tar\.xz@\1@")"
    if [ "${locale}" = en-US ]; then
        continue
    fi
Tails developers's avatar
Tails developers committed
81
    xpi="tor-browser_${locale}/Browser/TorBrowser/Data/Browser/profile.default/extensions/langpack-${locale}@firefox.mozilla.org.xpi"
82
83
    (
        cd "${TMP}"
84
        tar -xf "${tarball}" "${xpi}"
85
86
87
88
        mv "${xpi}" "${TBB_EXT}"
    )
done

89
90
91
92
93
94
95
96
# Enable our myspell/hunspell dictionaries. TBB only provides the one
# for en-US, but Debian's seems more comprehensive, so we'll only use
# Debian's dictionaries.
rm -f "${TBB_PREP}"/Browser/dictionaries/*
for f in /usr/share/hunspell/*.aff /usr/share/hunspell/*.dic; do
    name="$(basename "${f}")"
    ln -s "${f}" "${TBB_PREP}"/Browser/dictionaries/"${name}"
done
Tails developers's avatar
Tails developers committed
97
98
99
100
101

# We don't want tor-launcher to be part of the regular browser
# profile. Moreover, for the stand-alone tor-launcher we use, we need
# our patched version. So, the version shipped in the TB really is not
# useful for us.
Tails developers's avatar
Tails developers committed
102
rm "${TBB_PREP}/Browser/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi"
103
104
105
106

# Remove TBB's torbutton since the "Tor test" will fail and about:tor
# will report an error. We'll install our own Torbutton later, which
# has the extensions.torbutton.test_enabled boolean pref as a workaround.
Tails developers's avatar
Tails developers committed
107
rm "${TBB_PREP}/Browser/TorBrowser/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi"
108
109
110
111
112

# See comment below why we need the Browser sub-dir
mv "${TBB_PREP}/Browser" "${TBB_INSTALL}"/Browser

# The Tor Browser will fail, complaining about an incomplete profile,
Tails developers's avatar
Tails developers committed
113
114
115
# unless there's a readable Browser/TorBrowser/Data/Browser/Caches
# in the directory where the firefox executable is located.
mkdir -p "${TBB_INSTALL}"/Browser/TorBrowser/Data/Browser/Caches
116
117

# Let's put all the bundled extensions in the global extensions directory
Tails developers's avatar
Tails developers committed
118
119
mv "${TBB_INSTALL}"/Browser/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}"
rmdir "${TBB_INSTALL}"/Browser/TorBrowser/Data/Browser/profile.default/extensions
120
121
122
123
124

# Create and install a fake iceweasel package so we can install our
# desired Debian-packaged Iceweasel addons
apt-get install --yes equivs
FAKE_ICEWEASEL_VERSION=$(sed -n 's/^Version=\(.*\)$/\1/p' "${TBB_INSTALL}"/Browser/application.ini)+fake1
125
cat > "${TMP}"/iceweasel.control << EOF
126
127
128
129
130
131
132
133
134
135
136
137
138
139
Section: web
Priority: optional
Homepage: https://tails.boum.org/
Standards-Version: 3.6.2

Package: iceweasel
Version: ${FAKE_ICEWEASEL_VERSION}
Maintainer: Tails developers <amnesia@boum.org>
Architecture: all
Description: (Fake) Iceweasel
 Make it possible to install Debian's Iceweasel addons without having to
 install a real Iceweasel.
EOF
(
140
141
142
    cd "${TMP}"
    equivs-build "${TMP}"/iceweasel.control
    dpkg -i "${TMP}"/iceweasel_"${FAKE_ICEWEASEL_VERSION}"_all.deb
143
144
145
146
147
148
149
150
)

apt-get install --yes xul-ext-adblock-plus xul-ext-foxyproxy-standard xul-ext-torbutton

ln -s /usr/share/xul-ext/adblock-plus/ "${TBB_EXT}"/'{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}'
ln -s /usr/share/xul-ext/foxyproxy-standard/ "${TBB_EXT}"/foxyproxy@eric.h.jung
ln -s /usr/share/xul-ext/torbutton/ "${TBB_EXT}"/torbutton@torproject.org

151
152
153
rsync -a --exclude bookmarks.html --exclude extensions \
    "${TBB_INSTALL}"/Browser/TorBrowser/Data/Browser/profile.default/ \
    "${TBB_PROFILE}"/
Tails developers's avatar
Tails developers committed
154
155
156
157

# Remove TBB's default bridges
sed -i '/extensions\.torlauncher\.default_bridge\./d' "${TBB_PROFILE}"/preferences/extension-overrides.js

158
159
160
161
162
mkdir -p "${TBB_PROFILE}"/extensions
for ext in "${TBB_EXT}"/*; do
    ln -s "${ext}" "${TBB_PROFILE}"/extensions/
done

163
164
chown -R root:root "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
chmod -R a+rX "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
165

Tails developers's avatar
Tails developers committed
166
rm -r "${TMP}"
167
168
169

update-alternatives --install /usr/bin/x-www-browser x-www-browser /usr/local/bin/tor-browser 99
update-alternatives --install /usr/bin/gnome-www-browser gnome-www-browser /usr/local/bin/tor-browser 99