10-tbb 8.12 KB
Newer Older
1
2
#!/bin/sh

3
4
set -e
set -u
5
6
7

echo "Install the Tor Browser"

8
9
10
11
12
13
14
# Import the TBB_INSTALL, TBB_PROFILE, TBB_EXT and
# TOR_LAUNCHER_INSTALL variables, which contains the paths we will
# split TBB's actual browser (binaries etc), user data and extension
# into. While this differs from how the TBB organizes the files, the
# end result will be the same, and it's practical since when creating
# a new browser profile we can simply copy the profile directory
# without duplicating all extensions.
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
. /usr/local/lib/tails-shell-library/tor-browser.sh

download_and_verify_files() {
    local base_url bundles destination apt_proxy
    base_url="${1}"
    bundles="${2}"
    destination="${3}"

    # Use the builder's caching APT proxy, if any
    apt_proxy="$(apt-config --format '%v' dump Acquire::http::Proxy)"
    if [ -n "${apt_proxy}" ]; then
        export HTTP_PROXY="${apt_proxy}"
        export http_proxy="${apt_proxy}"
        export HTTPS_PROXY="${apt_proxy}"
        export https_proxy="${apt_proxy}"
    fi

    echo "${bundles}" | while read expected_sha256 tarball; do
        (
            cd "${destination}"
            echo "Fetching ${base_url}/${tarball} ..."
            curl --remote-name "${base_url}/${tarball}"
        )
        actual_sha256="$(sha256sum "${destination}/${tarball}" | cut -d' ' -f1)"
        if [ "${actual_sha256}" != "${expected_sha256}" ]; then
            echo "SHA256 mismatch for ${tarball}" >&2
            exit 1
        fi
    done
}

46
install_tor_browser() {
47
    local bundle destination tmp prep torlauncher_xpi_path torlauncher_version
48
49
50
51
52
    bundle="${1}"
    destination="${2}"

    tmp="$(mktemp -d)"
    tar -xf "${bundle}" -C "${tmp}" tor-browser_en-US
53
    prep="${tmp}"/tor-browser_en-US/Browser
54
55
56
57

    # Enable our myspell/hunspell dictionaries. TBB only provides the
    # one for en-US, but Debian's seems more comprehensive, so we'll
    # only use Debian's dictionaries.
58
    rm -f "${prep}"/dictionaries/*
59
    for f in /usr/share/hunspell/*.aff /usr/share/hunspell/*.dic; do
Tails developers's avatar
Tails developers committed
60
        ln -s "${f}" "${prep}"/dictionaries/
61
62
    done

intrigeri's avatar
intrigeri committed
63
64
    # Let's use the libstdc++ that the Tor Browser is intended to be used with,
    # instead of the system one.
65
66
67
68
    cp "${prep}"/TorBrowser/Tor/libstdc++.so.6 "${prep}"

    # We don't need the Tor binary, the shared libraries Tor needs
    # (but Firefox doesn't) and documentation shipped in the TBB.
69
70
    rm -r "${prep}"/TorBrowser/Tor "${prep}"/TorBrowser/Docs

71
    # We don't want tor-launcher to be part of the regular browser
72
73
74
    # profile but we want to keep it as a standalone application
    # when Tails is started in "bridge mode".
    torlauncher_xpi_path="${prep}/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi"
75
    7z x -o"${TOR_LAUNCHER_INSTALL}" "${torlauncher_xpi_path}"
76
77
    torlauncher_version="$(sed -n \
        's,^        <em:version>\([0-9\.]\+\)</em:version>,\1,p' \
78
79
        "${TOR_LAUNCHER_INSTALL}/install.rdf")"
    cat > "${TOR_LAUNCHER_INSTALL}/application.ini" << EOF
80
81
82
83
84
85
86
87
88
89
90
91
92
93
[App]
Vendor=TorProject
Name=TorLauncher
Version=${torlauncher_version}
BuildID=$(date +%Y%m%d)
ID=tor-launcher@torproject.org

[Gecko]
MinVersion=$(get_firefox_version "${prep}/application.ini")
MaxVersion=*.*.*

[Shell]
Icon=icon.png
EOF
94
    chmod -R a+rX "${TOR_LAUNCHER_INSTALL}"
95
    rm "${torlauncher_xpi_path}"
96
97

    # The Tor Browser will fail, complaining about an incomplete profile,
98
    # unless there's a readable TorBrowser/Data/Browser/Caches
99
    # in the directory where the firefox executable is located.
100
101
102
    mkdir -p "${prep}"/TorBrowser/Data/Browser/Caches

    mv "${prep}" "${destination}"
103
104
105
106

    rm -r "${tmp}"
}

107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
install_langpacks_from_bundles() {
    local bundles_dir destination
    bundles_dir="${1}"
    destination="${2}"

    for tarball in "${bundles_dir}"/tor-browser-*.tar.xz; do
        locale="$(echo "${tarball}" | sed "s@^.*/tor-browser-.*_\(.*\)\.tar\.xz@\1@")"
        if [ "${locale}" = en-US ]; then
            continue
        fi
        xpi="tor-browser_${locale}/Browser/TorBrowser/Data/Browser/profile.default/extensions/langpack-${locale}@firefox.mozilla.org.xpi"
        (
            cd "${bundles_dir}"
            tar -xf "${tarball}" "${xpi}"
            mv "${xpi}" "${destination}"
        )
    done
}

126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
get_firefox_version() {
    # The application.ini file
    local appini
    appini="${1}"
    sed -n 's/^Version=\(.*\)$/\1/p' "${appini}"
}

# Create and install a fake iceweasel package so we can install our
# desired Debian-packaged Iceweasel addons
install_fake_iceweasel_pkg() {
    local fake_version tmp
    fake_version="${1}"
    tmp="$(mktemp -d)"
    apt-get install --yes equivs
    cat > "${tmp}"/iceweasel.control << EOF
Section: web
Priority: optional
Homepage: https://tails.boum.org/
Standards-Version: 3.6.2

Package: iceweasel
Version: ${fake_version}
Maintainer: Tails developers <amnesia@boum.org>
Architecture: all
Description: (Fake) Iceweasel
 Make it possible to install Debian's Iceweasel addons without having to
 install a real Iceweasel.
EOF
    (
        cd "${tmp}"
        equivs-build "${tmp}"/iceweasel.control
        dpkg -i "${tmp}"/iceweasel_"${fake_version}"_all.deb
    )
    rm -R "${tmp}"
}

install_debian_extensions() {
163
164
    local destination
    destination="${1}"
165
    shift
166
    apt-get install --yes "${@}"
167
168
169
170
    ln -s /usr/share/xul-ext/adblock-plus/ \
          "${destination}"/'{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}'
}

171
create_default_profile() {
172
173
174
    local tbb_profile extensions_dir destination
    tbb_profile="${1}"
    tbb_extensions_dir="${2}"
175
176
177
    destination="${3}"

    rsync -a --exclude bookmarks.html --exclude extensions \
178
          "${tbb_profile}"/ "${destination}"/
179
180
181
182
183

    # Remove TBB's default bridges
    sed -i '/extensions\.torlauncher\.default_bridge\./d' "${destination}"/preferences/extension-overrides.js

    mkdir -p "${destination}"/extensions
184
    for ext in "${tbb_extensions_dir}"/*; do
185
186
187
188
        ln -s "${ext}" "${destination}"/extensions/
    done
}

Tails developers's avatar
Tails developers committed
189
TBB_SHA256SUMS_FILE=/usr/share/tails/tbb-sha256sums.txt
Tails developers's avatar
Tails developers committed
190
TBB_TARBALLS="$(grep "\<tor-browser-linux32-.*\.tar.xz$" "${TBB_SHA256SUMS_FILE}")"
191

Tails developers's avatar
Tails developers committed
192
193
# We'll use the en-US bundle as our basis; only langpacks will be
# installed from the other bundles.
Tails developers's avatar
Tails developers committed
194
MAIN_TARBALL="$(echo "${TBB_TARBALLS}" | grep -o "tor-browser-linux32-.*_en-US.tar.xz")"
Tails developers's avatar
Tails developers committed
195
TBB_DIST_URL_FILE=/usr/share/tails/tbb-dist-url.txt
196
TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}")"
197

198
199
# The Debian Iceweasel extensions we want to install and make
# available in the Tor Browser.
200
DEBIAN_EXT_PKGS="xul-ext-adblock-plus"
201

202
TMP="$(mktemp -d)"
Tails developers's avatar
Tails developers committed
203
download_and_verify_files "${TBB_TARBALLS_BASE_URL}" "${TBB_TARBALLS}" "${TMP}"
204

Tails developers's avatar
Tails developers committed
205
install_tor_browser "${TMP}/${MAIN_TARBALL}" "${TBB_INSTALL}"
206

207
208
mkdir -p "${TBB_EXT}"
install_langpacks_from_bundles "${TMP}" "${TBB_EXT}"
209

210
211
rm -r "${TMP}"

Tails developers's avatar
Tails developers committed
212
# Let's put all the extensions from TBB in the global extensions
213
# directory...
214
215
mv "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}"
rmdir "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions
216

217
218
# ... and then install a few Iceweasel extension by using a fake
# Iceweasel equivs package to satisfy the dependencies.
219
FIREFOX_VERSION=$(get_firefox_version "${TBB_INSTALL}"/application.ini)
220
221
FAKE_ICEWEASEL_VERSION=${FIREFOX_VERSION}+fake1
install_fake_iceweasel_pkg "${FAKE_ICEWEASEL_VERSION}"
222
install_debian_extensions "${TBB_EXT}" ${DEBIAN_EXT_PKGS}
223

224
mkdir -p "${TBB_PROFILE}"
225
create_default_profile "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default "${TBB_EXT}" "${TBB_PROFILE}"
226

227
228
229
230
# Create a copy of the Firefox binary, for use e.g. by Tor Launcher.
# It won't be subject to AppArmor confinement.
cp -a "${TBB_INSTALL}/firefox" "${TBB_INSTALL}/firefox-unconfined"

231
232
chown -R root:root "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
chmod -R a+rX "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
233

Tails developers's avatar
Tails developers committed
234
# Make the Tor Browser into the system's default web browser
235
236
update-alternatives --install /usr/bin/x-www-browser x-www-browser /usr/local/bin/tor-browser 99
update-alternatives --install /usr/bin/gnome-www-browser gnome-www-browser /usr/local/bin/tor-browser 99
237
sed 's/\<firefox-esr\.desktop\>/tor-browser.desktop/' \
238
239
240
    /usr/share/applications/gnome-mimeapps.list \
    > /etc/xdg/gnome-mimeapps.list
chmod 644 /etc/xdg/gnome-mimeapps.list