10-tbb 8.03 KB
Newer Older
1
2
3
4
5
6
#!/bin/sh

set -eu

echo "Install the Tor Browser"

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Import the TBB_INSTALL, TBB_PROFILE and TBB_EXT variables, which
# contains the paths we will split TBB's actual browser (binaries
# etc), user data and extension into. While this differs from how the
# TBB organizes the files, the end result will be the same, and it's
# practical since when creating a new browser profile we can simply
# copy the profile directory without duplicating all extensions.
. /usr/local/lib/tails-shell-library/tor-browser.sh

download_and_verify_files() {
    local base_url bundles destination apt_proxy
    base_url="${1}"
    bundles="${2}"
    destination="${3}"

    # Use the builder's caching APT proxy, if any
    apt_proxy="$(apt-config --format '%v' dump Acquire::http::Proxy)"
    if [ -n "${apt_proxy}" ]; then
        export HTTP_PROXY="${apt_proxy}"
        export http_proxy="${apt_proxy}"
        export HTTPS_PROXY="${apt_proxy}"
        export https_proxy="${apt_proxy}"
    fi

    echo "${bundles}" | while read expected_sha256 tarball; do
        (
            cd "${destination}"
            echo "Fetching ${base_url}/${tarball} ..."
            curl --remote-name "${base_url}/${tarball}"
        )
        actual_sha256="$(sha256sum "${destination}/${tarball}" | cut -d' ' -f1)"
        if [ "${actual_sha256}" != "${expected_sha256}" ]; then
            echo "SHA256 mismatch for ${tarball}" >&2
            exit 1
        fi
    done
}

44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
install_tor_browser() {
    local bundle destination tmp prep
    bundle="${1}"
    destination="${2}"

    tmp="$(mktemp -d)"
    tar -xf "${bundle}" -C "${tmp}" tor-browser_en-US
    prep="${tmp}"/tor-browser_en-US

    # Enable our myspell/hunspell dictionaries. TBB only provides the
    # one for en-US, but Debian's seems more comprehensive, so we'll
    # only use Debian's dictionaries.
    rm -f "${prep}"/Browser/dictionaries/*
    for f in /usr/share/hunspell/*.aff /usr/share/hunspell/*.dic; do
        name="$(basename "${f}")"
        ln -s "${f}" "${prep}"/Browser/dictionaries/"${name}"
    done

    # We don't want tor-launcher to be part of the regular browser
    # profile. Moreover, for the stand-alone tor-launcher we use, we
    # need our patched version. So, the version shipped in the TB
    # really is not useful for us.
    rm "${prep}/Browser/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi"

    # Remove TBB's torbutton since the "Tor test" will fail and about:tor
    # will report an error. We'll install our own Torbutton later, which
    # has the extensions.torbutton.test_enabled boolean pref as a workaround.
    rm "${prep}/Browser/TorBrowser/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi"

    mv "${prep}/Browser" "${destination}"/Browser

    # The Tor Browser will fail, complaining about an incomplete profile,
    # unless there's a readable Browser/TorBrowser/Data/Browser/Caches
    # in the directory where the firefox executable is located.
    mkdir -p "${destination}"/Browser/TorBrowser/Data/Browser/Caches

    rm -r "${tmp}"
}

83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
install_langpacks_from_bundles() {
    local bundles_dir destination
    bundles_dir="${1}"
    destination="${2}"

    for tarball in "${bundles_dir}"/tor-browser-*.tar.xz; do
        locale="$(echo "${tarball}" | sed "s@^.*/tor-browser-.*_\(.*\)\.tar\.xz@\1@")"
        if [ "${locale}" = en-US ]; then
            continue
        fi
        xpi="tor-browser_${locale}/Browser/TorBrowser/Data/Browser/profile.default/extensions/langpack-${locale}@firefox.mozilla.org.xpi"
        (
            cd "${bundles_dir}"
            tar -xf "${tarball}" "${xpi}"
            mv "${xpi}" "${destination}"
        )
    done
}

102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
get_firefox_version() {
    # The application.ini file
    local appini
    appini="${1}"
    sed -n 's/^Version=\(.*\)$/\1/p' "${appini}"
}

# Create and install a fake iceweasel package so we can install our
# desired Debian-packaged Iceweasel addons
install_fake_iceweasel_pkg() {
    local fake_version tmp
    fake_version="${1}"
    tmp="$(mktemp -d)"
    apt-get install --yes equivs
    cat > "${tmp}"/iceweasel.control << EOF
Section: web
Priority: optional
Homepage: https://tails.boum.org/
Standards-Version: 3.6.2

Package: iceweasel
Version: ${fake_version}
Maintainer: Tails developers <amnesia@boum.org>
Architecture: all
Description: (Fake) Iceweasel
 Make it possible to install Debian's Iceweasel addons without having to
 install a real Iceweasel.
EOF
    (
        cd "${tmp}"
        equivs-build "${tmp}"/iceweasel.control
        dpkg -i "${tmp}"/iceweasel_"${fake_version}"_all.deb
    )
    rm -R "${tmp}"
}

install_debian_extensions() {
    local destination
    destination="${1}"
    apt-get install --yes xul-ext-adblock-plus xul-ext-torbutton
    ln -s /usr/share/xul-ext/adblock-plus/ \
          "${destination}"/'{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}'
    ln -s /usr/share/xul-ext/torbutton/ \
          "${destination}"/torbutton@torproject.org
}

148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
create_default_profile() {
    local tbb_install extensions_dir destination
    tbb_install="${1}"
    extensions_dir="${2}"
    destination="${3}"

    rsync -a --exclude bookmarks.html --exclude extensions \
    "${tbb_install}"/Browser/TorBrowser/Data/Browser/profile.default/ \
    "${destination}"/

    # Remove TBB's default bridges
    sed -i '/extensions\.torlauncher\.default_bridge\./d' "${destination}"/preferences/extension-overrides.js

    mkdir -p "${destination}"/extensions
    for ext in "${extensions_dir}"/*; do
        ln -s "${ext}" "${destination}"/extensions/
    done
}

Tails developers's avatar
Tails developers committed
167
# Get the below with `grep "tor-browser-linux32-.*\.tar.xz" sha256sums.txt`
168
BUNDLES="$(cat <<EOF
169
170
171
172
473780a5145859a8d516e76cb27be25b0baf16007ba50cd8ba78a536bc806fc5  tor-browser-linux32-tbb-nightly_ar.tar.xz
3e3d6fd1ea47067fc00625b8cd62d23079ef71dc91734bfb823542c26ce192cf  tor-browser-linux32-tbb-nightly_en-US.tar.xz
df4745725e7b3fe99c218166ffbe38eef8e9d636c42b72c8a2b8229fc3bdd83b  tor-browser-linux32-tbb-nightly_ru.tar.xz
b624b1f9a16e4ff4cffb3478f63249ed73ae902732b64fca0f183ad73ed1b5ac  tor-browser-linux32-tbb-nightly_zh-CN.tar.xz
173
174
175
176
EOF
)"

MAIN_BUNDLE="$(echo "${BUNDLES}" | grep -o "tor-browser-linux32-.*_en-US.tar.xz")"
177
#VERSION="$(echo "${MAIN_BUNDLE}" | sed 's/tor-browser-linux32-\(.*\)_en-US.tar.xz/\1/')"
178
VERSION=tbb-nightly-2014-10-07
179
180
181
# Note that we cannot use https here since apt-cacher-ng (used by vagrant)
# gets confused and throws a 403. It doesn't matter, though, since we verify
# the checksums of each file downloaded.
182
#TBB_DIST_URL="http://archive.torproject.org/tor-package-archive/torbrowser/${VERSION}"
Tails developers's avatar
Tails developers committed
183
#TBB_DIST_URL="http://www.torproject.org/dist/torbrowser/${VERSION}/"
Tails developers's avatar
Tails developers committed
184
#TBB_DIST_URL="http://people.torproject.org/~mikeperry/builds/${VERSION}/"
185
186
#TBB_DIST_URL="http://people.torproject.org/~gk/testbuilds/${VERSION}"
TBB_DIST_URL="http://people.torproject.org/~linus/builds/${VERSION}"
187
188

TMP="$(mktemp -d)"
189
download_and_verify_files "${TBB_DIST_URL}" "${BUNDLES}" "${TMP}"
190

191
install_tor_browser "${TMP}/${MAIN_BUNDLE}" "${TBB_INSTALL}"
192

193
194
mkdir -p "${TBB_EXT}"
install_langpacks_from_bundles "${TMP}" "${TBB_EXT}"
195

196
197
rm -r "${TMP}"

198
199
# Let's put all the bundled extensions in the global extensions
# directory...
Tails developers's avatar
Tails developers committed
200
201
mv "${TBB_INSTALL}"/Browser/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}"
rmdir "${TBB_INSTALL}"/Browser/TorBrowser/Data/Browser/profile.default/extensions
202

203
204
205
206
207
208
# ... and then install a few Iceweasel extension by using a fake
# Iceweasel equivs package to satisfy the dependencies.
FIREFOX_VERSION=$(get_firefox_version "${TBB_INSTALL}"/Browser/application.ini)
FAKE_ICEWEASEL_VERSION=${FIREFOX_VERSION}+fake1
install_fake_iceweasel_pkg "${FAKE_ICEWEASEL_VERSION}"
install_debian_extensions "${TBB_EXT}"
209

210
211
mkdir -p "${TBB_PROFILE}"
create_default_profile "${TBB_INSTALL}"/Browser/TorBrowser/Data/Browser/profile.default "${TBB_EXT}" "${TBB_PROFILE}"
212

213
214
chown -R root:root "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
chmod -R a+rX "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
215

216
217
update-alternatives --install /usr/bin/x-www-browser x-www-browser /usr/local/bin/tor-browser 99
update-alternatives --install /usr/bin/gnome-www-browser gnome-www-browser /usr/local/bin/tor-browser 99