10-tbb 7.04 KB
Newer Older
1
2
3
4
5
6
#!/bin/sh

set -eu

echo "Install the Tor Browser"

7
8
9
10
11
12
13
# Import the TBB_INSTALL, TBB_PROFILE and TBB_EXT variables, which
# contains the paths we will split TBB's actual browser (binaries
# etc), user data and extension into. While this differs from how the
# TBB organizes the files, the end result will be the same, and it's
# practical since when creating a new browser profile we can simply
# copy the profile directory without duplicating all extensions.
. /usr/local/lib/tails-shell-library/tor-browser.sh
14
mkdir -p "${TBB_PROFILE}" "${TBB_EXT}"
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

download_and_verify_files() {
    local base_url bundles destination apt_proxy
    base_url="${1}"
    bundles="${2}"
    destination="${3}"

    # Use the builder's caching APT proxy, if any
    apt_proxy="$(apt-config --format '%v' dump Acquire::http::Proxy)"
    if [ -n "${apt_proxy}" ]; then
        export HTTP_PROXY="${apt_proxy}"
        export http_proxy="${apt_proxy}"
        export HTTPS_PROXY="${apt_proxy}"
        export https_proxy="${apt_proxy}"
    fi

    echo "${bundles}" | while read expected_sha256 tarball; do
        (
            cd "${destination}"
            echo "Fetching ${base_url}/${tarball} ..."
            curl --remote-name "${base_url}/${tarball}"
        )
        actual_sha256="$(sha256sum "${destination}/${tarball}" | cut -d' ' -f1)"
        if [ "${actual_sha256}" != "${expected_sha256}" ]; then
            echo "SHA256 mismatch for ${tarball}" >&2
            exit 1
        fi
    done
}

45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
install_tor_browser() {
    local bundle destination tmp prep
    bundle="${1}"
    destination="${2}"

    tmp="$(mktemp -d)"
    tar -xf "${bundle}" -C "${tmp}" tor-browser_en-US
    prep="${tmp}"/tor-browser_en-US

    # Enable our myspell/hunspell dictionaries. TBB only provides the
    # one for en-US, but Debian's seems more comprehensive, so we'll
    # only use Debian's dictionaries.
    rm -f "${prep}"/Browser/dictionaries/*
    for f in /usr/share/hunspell/*.aff /usr/share/hunspell/*.dic; do
        name="$(basename "${f}")"
        ln -s "${f}" "${prep}"/Browser/dictionaries/"${name}"
    done

    # We don't want tor-launcher to be part of the regular browser
    # profile. Moreover, for the stand-alone tor-launcher we use, we
    # need our patched version. So, the version shipped in the TB
    # really is not useful for us.
    rm "${prep}/Browser/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi"

    # Remove TBB's torbutton since the "Tor test" will fail and about:tor
    # will report an error. We'll install our own Torbutton later, which
    # has the extensions.torbutton.test_enabled boolean pref as a workaround.
    rm "${prep}/Browser/TorBrowser/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi"

    mv "${prep}/Browser" "${destination}"/Browser

    # The Tor Browser will fail, complaining about an incomplete profile,
    # unless there's a readable Browser/TorBrowser/Data/Browser/Caches
    # in the directory where the firefox executable is located.
    mkdir -p "${destination}"/Browser/TorBrowser/Data/Browser/Caches

    rm -r "${tmp}"
}

Tails developers's avatar
Tails developers committed
84
# Get the below with `grep "tor-browser-linux32-.*\.tar.xz" sha256sums.txt`
85
BUNDLES="$(cat <<EOF
86
87
88
89
473780a5145859a8d516e76cb27be25b0baf16007ba50cd8ba78a536bc806fc5  tor-browser-linux32-tbb-nightly_ar.tar.xz
3e3d6fd1ea47067fc00625b8cd62d23079ef71dc91734bfb823542c26ce192cf  tor-browser-linux32-tbb-nightly_en-US.tar.xz
df4745725e7b3fe99c218166ffbe38eef8e9d636c42b72c8a2b8229fc3bdd83b  tor-browser-linux32-tbb-nightly_ru.tar.xz
b624b1f9a16e4ff4cffb3478f63249ed73ae902732b64fca0f183ad73ed1b5ac  tor-browser-linux32-tbb-nightly_zh-CN.tar.xz
90
91
92
93
EOF
)"

MAIN_BUNDLE="$(echo "${BUNDLES}" | grep -o "tor-browser-linux32-.*_en-US.tar.xz")"
94
#VERSION="$(echo "${MAIN_BUNDLE}" | sed 's/tor-browser-linux32-\(.*\)_en-US.tar.xz/\1/')"
95
VERSION=tbb-nightly-2014-10-07
96
97
98
# Note that we cannot use https here since apt-cacher-ng (used by vagrant)
# gets confused and throws a 403. It doesn't matter, though, since we verify
# the checksums of each file downloaded.
99
#TBB_DIST_URL="http://archive.torproject.org/tor-package-archive/torbrowser/${VERSION}"
Tails developers's avatar
Tails developers committed
100
#TBB_DIST_URL="http://www.torproject.org/dist/torbrowser/${VERSION}/"
Tails developers's avatar
Tails developers committed
101
#TBB_DIST_URL="http://people.torproject.org/~mikeperry/builds/${VERSION}/"
102
103
#TBB_DIST_URL="http://people.torproject.org/~gk/testbuilds/${VERSION}"
TBB_DIST_URL="http://people.torproject.org/~linus/builds/${VERSION}"
104
105

TMP="$(mktemp -d)"
106
download_and_verify_files "${TBB_DIST_URL}" "${BUNDLES}" "${TMP}"
107

108
install_tor_browser "${TMP}/${MAIN_BUNDLE}" "${TBB_INSTALL}"
109

110
# Only extract the localization addon from the other TBBs, which
111
112
113
114
115
116
117
# we'll put in a global extensions directory that we'll symlink to so
# we don't have to deal with wasteful copies.
for tarball in "${TMP}"/tor-browser-*.tar.xz; do
    locale="$(echo "${tarball}" | sed "s@^.*/tor-browser-.*_\(.*\)\.tar\.xz@\1@")"
    if [ "${locale}" = en-US ]; then
        continue
    fi
Tails developers's avatar
Tails developers committed
118
    xpi="tor-browser_${locale}/Browser/TorBrowser/Data/Browser/profile.default/extensions/langpack-${locale}@firefox.mozilla.org.xpi"
119
120
    (
        cd "${TMP}"
121
        tar -xf "${tarball}" "${xpi}"
122
123
124
125
126
        mv "${xpi}" "${TBB_EXT}"
    )
done

# Let's put all the bundled extensions in the global extensions directory
Tails developers's avatar
Tails developers committed
127
128
mv "${TBB_INSTALL}"/Browser/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}"
rmdir "${TBB_INSTALL}"/Browser/TorBrowser/Data/Browser/profile.default/extensions
129
130
131
132
133

# Create and install a fake iceweasel package so we can install our
# desired Debian-packaged Iceweasel addons
apt-get install --yes equivs
FAKE_ICEWEASEL_VERSION=$(sed -n 's/^Version=\(.*\)$/\1/p' "${TBB_INSTALL}"/Browser/application.ini)+fake1
134
cat > "${TMP}"/iceweasel.control << EOF
135
136
137
138
139
140
141
142
143
144
145
146
147
148
Section: web
Priority: optional
Homepage: https://tails.boum.org/
Standards-Version: 3.6.2

Package: iceweasel
Version: ${FAKE_ICEWEASEL_VERSION}
Maintainer: Tails developers <amnesia@boum.org>
Architecture: all
Description: (Fake) Iceweasel
 Make it possible to install Debian's Iceweasel addons without having to
 install a real Iceweasel.
EOF
(
149
150
151
    cd "${TMP}"
    equivs-build "${TMP}"/iceweasel.control
    dpkg -i "${TMP}"/iceweasel_"${FAKE_ICEWEASEL_VERSION}"_all.deb
152
153
)

Kill Your TV's avatar
Kill Your TV committed
154
apt-get install --yes xul-ext-adblock-plus xul-ext-torbutton
155
156
157
158

ln -s /usr/share/xul-ext/adblock-plus/ "${TBB_EXT}"/'{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}'
ln -s /usr/share/xul-ext/torbutton/ "${TBB_EXT}"/torbutton@torproject.org

159
160
161
rsync -a --exclude bookmarks.html --exclude extensions \
    "${TBB_INSTALL}"/Browser/TorBrowser/Data/Browser/profile.default/ \
    "${TBB_PROFILE}"/
Tails developers's avatar
Tails developers committed
162
163
164
165

# Remove TBB's default bridges
sed -i '/extensions\.torlauncher\.default_bridge\./d' "${TBB_PROFILE}"/preferences/extension-overrides.js

166
167
168
169
170
mkdir -p "${TBB_PROFILE}"/extensions
for ext in "${TBB_EXT}"/*; do
    ln -s "${ext}" "${TBB_PROFILE}"/extensions/
done

171
172
chown -R root:root "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
chmod -R a+rX "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
173

Tails developers's avatar
Tails developers committed
174
rm -r "${TMP}"
175
176
177

update-alternatives --install /usr/bin/x-www-browser x-www-browser /usr/local/bin/tor-browser 99
update-alternatives --install /usr/bin/gnome-www-browser gnome-www-browser /usr/local/bin/tor-browser 99