chroot-browser.sh 9.18 KB
Newer Older
1 2
#!/bin/sh

3 4
# This shell library is meant to be used with `set -e`.

5 6 7 8 9
if [ "$(whoami)" != "root" ]; then
    echo "This library is useless for non-root users. Exiting..." >&2
    exit 1
fi

10 11
# Import the TBB_INSTALL, TBB_PROFILE and TBB_EXT variables, and
# configure_xulrunner_app_locale().
12 13
. /usr/local/lib/tails-shell-library/tor-browser.sh

14 15 16
# Import windows_camouflage_is_enabled()
. /usr/local/lib/tails-shell-library/tails-greeter.sh

Tails developers's avatar
Tails developers committed
17 18 19
# Import try_for().
. /usr/local/lib/tails-shell-library/common.sh

20 21 22 23 24
# Break down the chroot and kill all of its processes
try_cleanup_browser_chroot () {
    local chroot="${1}"
    local cow="${2}"
    local user="${3}"
25
    try_for 10 "pkill -u ${user} 1>/dev/null 2>&1" 0.1 || \
26
        pkill -9 -u "${user}" 1>/dev/null 2>&1 || :
27
    for mnt in "${chroot}"/dev "${chroot}"/proc "${chroot}" "${cow}"; do
28
        try_for 10 "umount ${mnt} 2>/dev/null" 0.1
29
    done
30
    rmdir "${cow}" "${chroot}" 2>/dev/null
31
}
32 33

# Setup a chroot on a clean aufs "fork" of the root filesystem.
34
setup_chroot_for_browser () {
35 36
    local chroot="${1}"
    local cow="${2}"
37 38
    local user="${3}"

39 40 41
    # FIXME: When LXC matures to the point where it becomes a viable option
    # for creating isolated jails, the chroot can be used as its rootfs.

42 43
    local cleanup_cmd="try_cleanup_browser_chroot \"${chroot}\" \"${cow}\" \"${user}\""
    trap "${cleanup_cmd}" INT EXIT
44 45

    local rootfs_dir
46 47
    local rootfs_dirs_path="/lib/live/mount/rootfs"
    local tails_module_path="/lib/live/mount/medium/live/Tails.module"
48 49 50 51 52 53 54 55 56 57 58 59 60
    local aufs_dirs=

    # We have to pay attention to the order we stack the filesystems;
    # newest must be first, and remember that the .module file lists
    # oldest first, newest last.
    while read rootfs_dir; do
        rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
        mountpoint -q "${rootfs_dir}" && \
        aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
    done < "${tails_module_path}"
    # But our copy-on-write dir must be at the very top.
    aufs_dirs="${cow}=rw:${aufs_dirs}"

61 62 63 64 65
    mkdir -p "${cow}" "${chroot}" && \
    mount -t tmpfs tmpfs "${cow}" && \
    mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs "${chroot}" && \
    mount -t proc proc "${chroot}"/proc && \
    mount --bind /dev "${chroot}"/dev || \
66
        return 1
67 68

    # Workaround for #6110
69
    chmod -t "${cow}"
70
}
71

72 73 74 75 76 77 78 79 80 81 82 83
chroot_browser_conf_dir () {
    local chroot="${1}"
    local browser_name="${2}"
    local browser_user="${3}"
    echo "${chroot}/home/${browser_user}/.${browser_name}"
}

chroot_browser_profile_dir () {
    local conf_dir="$(chroot_browser_conf_dir "${@}")"
    echo "${conf_dir}/profile.default"
}

84 85
set_chroot_browser_locale () {
    local chroot="${1}"
86 87 88
    local browser_name="${2}"
    local browser_user="${3}"
    local locale="${4}"
89
    local browser_profile="$(chroot_browser_profile_dir "${chroot}" "${browser_name}" "${browser_user}")"
90 91 92
    configure_xulrunner_app_locale "${browser_profile}" "${locale}"
}

93 94
# Must be called after configure_chroot_browser_profile(), since it
# depends on which extensions are installed in the profile.
95 96
set_chroot_browser_name () {
    local chroot="${1}"
97 98 99 100
    local human_readable_name="${2}"
    local browser_name="${3}"
    local browser_user="${4}"
    local locale="${5}"
101
    local ext_dir="${chroot}/${TBB_EXT}"
102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118
    local browser_profile_ext_dir="$(chroot_browser_profile_dir "${chroot}" "${browser_name}" "${browser_user}")/extensions"

    # If Torbutton is installed in the browser profile, it will decide
    # the browser name.
    if [ -e "${browser_profile_ext_dir}/torbutton@torproject.org" ]; then
        local torbutton_locale_dir="${ext_dir}/torbutton/chrome/locale/${locale}"
        if [ ! -d "${torbutton_locale_dir}" ]; then
            # Surprisingly, the default locale is en, not en-US
            torbutton_locale_dir="${chroot}"/usr/share/xul-ext/torbutton/chrome/locale/en
        fi
        sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${human_readable_name}\">/" "${torbutton_locale_dir}/brand.dtd"
        # Since Torbutton decides the name, we don't have to mess with
        # with the browser's own branding, which will save time and
        # memory.
        return
    fi

119
    local pack top rest
120
    if [ "${locale}" != "en-US" ]; then
121
        pack="${ext_dir}/langpack-${locale}@firefox.mozilla.org.xpi"
122 123
        top="browser/chrome"
        rest="${locale}/locale"
124 125
    else
        pack="${chroot}/${TBB_INSTALL}/browser/omni.ja"
126 127
        top="chrome"
        rest="en-US/locale"
128
    fi
129
    local tmp="$(mktemp -d)"
130
    local branding="${top}/${rest}/branding/brand.dtd"
131
    7z x -o"${tmp}" "${pack}" "${branding}"
132
    sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${human_readable_name}\">/" "${tmp}/${branding}"
133 134 135 136
    (cd ${tmp} ; 7z u -tzip "${pack}" .)
    chmod a+r "${pack}"
    rm -Rf "${tmp}"
}
137 138

# Start the browser in the chroot
139
run_browser_in_chroot () {
140
    local chroot="${1}"
141 142 143
    local browser_name="${2}"
    local chroot_user="${3}"
    local local_user="${4}"
144 145 146 147 148

    sudo -u ${local_user} xhost +SI:localuser:${chroot_user} 2>/dev/null
    chroot ${chroot} sudo -u ${chroot_user} /bin/sh -c \
        '. /usr/local/lib/tails-shell-library/tor-browser.sh && \
         exec_firefox -DISPLAY=:0.0 \
149
                      -profile '"/home/${chroot_user}/.${browser_name}/profile.default"
150 151
    sudo -u ${local_user} xhost -SI:localuser:${chroot_user} 2>/dev/null
}
152

153 154 155 156 157 158 159
# Set the chroot's DNS servers (IPv4 only)
configure_chroot_dns_servers () {
    local chroot="${1}" ; shift
    local ip4_nameservers="${@}"

    rm -f ${chroot}/etc/resolv.conf
    for ns in ${ip4_nameservers}; do
160
        echo "nameserver ${ns}" >> "${chroot}/etc/resolv.conf"
161 162 163 164 165 166
    done
    chmod a+r ${chroot}/etc/resolv.conf
}

set_chroot_browser_permissions () {
    local chroot="${1}"
167 168
    local browser_name="${2}"
    local browser_user="${3}"
169
    local browser_conf="$(chroot_browser_conf_dir "${chroot}" "${browser_name}" "${browser_user}")"
170
    chown -R "${browser_user}:${browser_user}" "${browser_conf}"
171 172
}

173
configure_chroot_browser_profile () {
174 175 176
    local chroot="${1}" ; shift
    local browser_name="${1}" ; shift
    local browser_user="${1}" ; shift
177
    local home_page="${1}" ; shift
178 179
    # Now $@ is a list of paths (that must be valid after chrooting)
    # to extensions to enable.
180 181

    # Prevent sudo from complaining about failing to resolve the 'amnesia' host
182
    echo "127.0.0.1 localhost amnesia" > "${chroot}/etc/hosts"
183 184

    # Create a fresh browser profile for the clearnet user
185 186
    local browser_conf="$(chroot_browser_conf_dir "${chroot}" "${browser_name}" "${browser_user}")"
    local browser_profile="$(chroot_browser_profile_dir "${chroot}" "${browser_name}" "${browser_user}")"
187
    local browser_ext="${browser_profile}/extensions"
188 189 190
    mkdir -p "${browser_profile}" "${browser_ext}"

    # Select extensions to enable
191 192 193 194 195
    local extension
    while [ -n "${*}" ]; do
        extension="${1}" ; shift
        ln -s "${extension}" "${browser_ext}"
    done
196 197

    # Set preferences
198
    local browser_prefs="${browser_profile}/preferences/prefs.js"
199
    mkdir -p "$(dirname "${browser_prefs}")"
200
    cp /usr/share/tails/"${browser_name}/prefs.js" "${browser_prefs}"
201

202 203 204
    # Set browser home page to something that explains what's going on
    if [ -n "${home_page}" ]; then
        echo 'user_pref("browser.startup.homepage", "'"${home_page}"'");' >> \
205 206
            "${browser_prefs}"
    fi
207 208 209 210

    # Customize the GUI
    local browser_chrome="${browser_profile}/chrome/userChrome.css"
    mkdir -p "$(dirname "${browser_chrome}")"
211
    cp /usr/share/tails/"${browser_name}"/userChrome.css "${browser_chrome}"
212 213

    # Remove all bookmarks
Tails developers's avatar
Tails developers committed
214
    rm "${chroot}/${TBB_PROFILE}/bookmarks.html"
215 216 217 218 219 220 221 222

    # Set an appropriate theme, except if we're using Windows
    # camouflage.
    if ! windows_camouflage_is_enabled; then
        cat /usr/share/tails/"${browser_name}"/theme.js >> "${browser_prefs}"
    else
        # The tails-activate-win8-theme script requires that the
        # browser profile is writable by the user running the script.
223
        set_chroot_browser_permissions "${chroot}" "${browser_user}"
224 225
        # The camouflage activation script requires a dbus server for
        # properly configuring GNOME, so we start one in the chroot
226
        chroot "${chroot}" sudo -H -u "${browser_user}" sh -c 'eval `dbus-launch --auto-syntax`; tails-activate-win8-theme' || :
227 228
    fi
}
229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250

configure_chroot_browser () {
    local chroot="${1}" ; shift
    local browser_user="${1}" ; shift
    local browser_name="${1}" ; shift
    local human_readable_name="${1}" ; shift
    local home_page="${1}" ; shift
    local dns_servers="${1}" ; shift
    # Now $@ is a list of paths (that must be valid after chrooting)
    # to extensions to enable.
    local best_locale="$(guess_best_tor_browser_locale)"

    configure_chroot_dns_servers "${chroot}" "${dns_servers}"
    configure_chroot_browser_profile "${chroot}" "${browser_name}" \
        "${browser_user}" "${home_page}" "${@}"
    set_chroot_browser_locale "${chroot}" "${browser_name}" "${browser_user}" \
        "${best_locale}"
    set_chroot_browser_name "${chroot}" "${human_readable_name}"  \
        "${browser_name}" "${browser_user}" "${best_locale}"
    set_chroot_browser_permissions "${chroot}" "${browser_name}" \
        "${browser_user}"
}