19-install-tor-browser-AppArmor-profile 1.62 KB
Newer Older
1
2
3
4
#!/bin/sh

set -e

5
echo "Installing AppArmor profiles for Tor Browser"
6

anonym's avatar
anonym committed
7
# Import ensure_hook_dependency_is_installed()
8
9
. /usr/local/lib/tails-shell-library/build.sh

anonym's avatar
anonym committed
10
ensure_hook_dependency_is_installed patch
11

12
13
14
15
16
17
18
19
20
21
PATCH='/usr/share/tails/torbrowser-AppArmor-profile.patch'

### Functions

toggle_src_APT_sources() {
   MODE="$1"
   TEMP_APT_SOURCES='/etc/apt/sources.list.d/tmp-deb-src.list'

   case "$MODE" in
      on)
22
         cat /etc/apt/sources.list /etc/apt/sources.list.d/*.list \
23
            | grep --extended-regexp --invert-match \
24
                 'file:/root/local-packages' \
25
            | grep --extended-regexp --invert-match \
26
                 '^deb\s+http://tagged\.snapshots\.deb\.tails\.boum.org/[^/]+/torproject(/|\s)' \
27
28
            | grep --extended-regexp --invert-match \
                 '^deb\s+http://time-based\.snapshots\.deb\.tails\.boum.org/torproject/' \
intrigeri's avatar
intrigeri committed
29
30
            | sed --regexp-extended -e 's,^deb(\s+),deb-src\1,' \
            > "$TEMP_APT_SOURCES"
31
         ;;
32
      off)
33
34
         rm "$TEMP_APT_SOURCES"
         ;;
35
36
37
38
39
   esac

   apt-get --yes update
}

40
install_torbrowser_AppArmor_profiles() {
41
42
43
   tmpdir="$(mktemp -d)"
   (
      cd "$tmpdir"
44
      apt-get source torbrowser-launcher/sid
45
      install -m 0644 \
46
47
48
49
50
              torbrowser-launcher-*/apparmor/torbrowser.Browser.* \
              /etc/apparmor.d/
      install -m 0644 \
              torbrowser-launcher-*/apparmor/tunables/* \
              /etc/apparmor.d/tunables/
51
52
53
54
55
56
57
   )
   rm -r "$tmpdir"
}

### Main

toggle_src_APT_sources on
58
install_torbrowser_AppArmor_profiles
59
toggle_src_APT_sources off
60
(cd / && patch --forward --batch -p1 < "$PATCH")
61
rm "$PATCH"