10-tbb 8.72 KB
Newer Older
1
2
3
4
5
6
#!/bin/sh

set -eu

echo "Install the Tor Browser"

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Import the TBB_INSTALL, TBB_PROFILE and TBB_EXT variables, which
# contains the paths we will split TBB's actual browser (binaries
# etc), user data and extension into. While this differs from how the
# TBB organizes the files, the end result will be the same, and it's
# practical since when creating a new browser profile we can simply
# copy the profile directory without duplicating all extensions.
. /usr/local/lib/tails-shell-library/tor-browser.sh

download_and_verify_files() {
    local base_url bundles destination apt_proxy
    base_url="${1}"
    bundles="${2}"
    destination="${3}"

    # Use the builder's caching APT proxy, if any
    apt_proxy="$(apt-config --format '%v' dump Acquire::http::Proxy)"
    if [ -n "${apt_proxy}" ]; then
        export HTTP_PROXY="${apt_proxy}"
        export http_proxy="${apt_proxy}"
        export HTTPS_PROXY="${apt_proxy}"
        export https_proxy="${apt_proxy}"
    fi

    echo "${bundles}" | while read expected_sha256 tarball; do
        (
            cd "${destination}"
            echo "Fetching ${base_url}/${tarball} ..."
            curl --remote-name "${base_url}/${tarball}"
        )
        actual_sha256="$(sha256sum "${destination}/${tarball}" | cut -d' ' -f1)"
        if [ "${actual_sha256}" != "${expected_sha256}" ]; then
            echo "SHA256 mismatch for ${tarball}" >&2
            exit 1
        fi
    done
}

44
install_tor_browser() {
45
    local bundle destination tmp prep torbutton_xpi_path
46
47
48
49
50
    bundle="${1}"
    destination="${2}"

    tmp="$(mktemp -d)"
    tar -xf "${bundle}" -C "${tmp}" tor-browser_en-US
51
    prep="${tmp}"/tor-browser_en-US/Browser
52
53
54
55

    # Enable our myspell/hunspell dictionaries. TBB only provides the
    # one for en-US, but Debian's seems more comprehensive, so we'll
    # only use Debian's dictionaries.
56
    rm -f "${prep}"/dictionaries/*
57
    for f in /usr/share/hunspell/*.aff /usr/share/hunspell/*.dic; do
Tails developers's avatar
Tails developers committed
58
        ln -s "${f}" "${prep}"/dictionaries/
59
60
    done

61
62
63
64
65
66
    # The libstdc++6 package in Wheezy is too old, so we need the
    # bundled one.
    cp "${prep}"/TorBrowser/Tor/libstdc++.so.6 "${prep}"

    # We don't need the Tor binary, the shared libraries Tor needs
    # (but Firefox doesn't) and documentation shipped in the TBB.
67
68
    rm -r "${prep}"/TorBrowser/Tor "${prep}"/TorBrowser/Docs

69
70
71
72
    # We don't want tor-launcher to be part of the regular browser
    # profile. Moreover, for the stand-alone tor-launcher we use, we
    # need our patched version. So, the version shipped in the TB
    # really is not useful for us.
73
    rm "${prep}/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi"
74
75
76
77

    # Remove TBB's torbutton since the "Tor test" will fail and about:tor
    # will report an error. We'll install our own Torbutton later, which
    # has the extensions.torbutton.test_enabled boolean pref as a workaround.
78
79
80
81
82
83
84
85
    torbutton_xpi_path="${prep}/TorBrowser/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi"
    TORBUTTON_BUNDLED_VERSION="$(7z e -so ${torbutton_xpi_path} install.rdf | \
        sed -n 's,^        <em:version>\([0-9\.]\+\)</em:version>,\1,p')"
    if [ -z "${TORBUTTON_BUNDLED_VERSION}" ]; then
        echo "Couldn't extract Torbutton's bundled version" >&2
        exit 1
    fi
    rm "${torbutton_xpi_path}"
86
87

    # The Tor Browser will fail, complaining about an incomplete profile,
88
    # unless there's a readable TorBrowser/Data/Browser/Caches
89
    # in the directory where the firefox executable is located.
90
91
92
    mkdir -p "${prep}"/TorBrowser/Data/Browser/Caches

    mv "${prep}" "${destination}"
93
94
95
96

    rm -r "${tmp}"
}

97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
install_langpacks_from_bundles() {
    local bundles_dir destination
    bundles_dir="${1}"
    destination="${2}"

    for tarball in "${bundles_dir}"/tor-browser-*.tar.xz; do
        locale="$(echo "${tarball}" | sed "s@^.*/tor-browser-.*_\(.*\)\.tar\.xz@\1@")"
        if [ "${locale}" = en-US ]; then
            continue
        fi
        xpi="tor-browser_${locale}/Browser/TorBrowser/Data/Browser/profile.default/extensions/langpack-${locale}@firefox.mozilla.org.xpi"
        (
            cd "${bundles_dir}"
            tar -xf "${tarball}" "${xpi}"
            mv "${xpi}" "${destination}"
        )
    done
}

116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
get_firefox_version() {
    # The application.ini file
    local appini
    appini="${1}"
    sed -n 's/^Version=\(.*\)$/\1/p' "${appini}"
}

# Create and install a fake iceweasel package so we can install our
# desired Debian-packaged Iceweasel addons
install_fake_iceweasel_pkg() {
    local fake_version tmp
    fake_version="${1}"
    tmp="$(mktemp -d)"
    apt-get install --yes equivs
    cat > "${tmp}"/iceweasel.control << EOF
Section: web
Priority: optional
Homepage: https://tails.boum.org/
Standards-Version: 3.6.2

Package: iceweasel
Version: ${fake_version}
Maintainer: Tails developers <amnesia@boum.org>
Architecture: all
Description: (Fake) Iceweasel
 Make it possible to install Debian's Iceweasel addons without having to
 install a real Iceweasel.
EOF
    (
        cd "${tmp}"
        equivs-build "${tmp}"/iceweasel.control
        dpkg -i "${tmp}"/iceweasel_"${fake_version}"_all.deb
    )
    rm -R "${tmp}"
}

install_debian_extensions() {
153
154
    local destination
    destination="${1}"
155
    shift
156
    apt-get install --yes "${@}"
157
158
159
160
161
162
    ln -s /usr/share/xul-ext/adblock-plus/ \
          "${destination}"/'{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}'
    ln -s /usr/share/xul-ext/torbutton/ \
          "${destination}"/torbutton@torproject.org
}

163
create_default_profile() {
164
165
166
    local tbb_profile extensions_dir destination
    tbb_profile="${1}"
    tbb_extensions_dir="${2}"
167
168
169
    destination="${3}"

    rsync -a --exclude bookmarks.html --exclude extensions \
170
          "${tbb_profile}"/ "${destination}"/
171
172
173
174
175

    # Remove TBB's default bridges
    sed -i '/extensions\.torlauncher\.default_bridge\./d' "${destination}"/preferences/extension-overrides.js

    mkdir -p "${destination}"/extensions
176
    for ext in "${tbb_extensions_dir}"/*; do
177
178
179
180
        ln -s "${ext}" "${destination}"/extensions/
    done
}

Tails developers's avatar
Tails developers committed
181
TBB_SHA256SUMS_FILE=/usr/share/tails/tbb-sha256sums.txt
Tails developers's avatar
Tails developers committed
182
TBB_TARBALLS="$(grep "\<tor-browser-linux32-.*\.tar.xz$" "${TBB_SHA256SUMS_FILE}")"
183

Tails developers's avatar
Tails developers committed
184
185
# We'll use the en-US bundle as our basis; only langpacks will be
# installed from the other bundles.
Tails developers's avatar
Tails developers committed
186
MAIN_TARBALL="$(echo "${TBB_TARBALLS}" | grep -o "tor-browser-linux32-.*_en-US.tar.xz")"
187
VERSION="$(echo "${MAIN_TARBALL}" | sed 's/tor-browser-linux32-\(.*\)_en-US.tar.xz/\1/')"
Tails developers's avatar
Tails developers committed
188
TBB_DIST_URL_FILE=/usr/share/tails/tbb-dist-url.txt
Tails developers's avatar
Tails developers committed
189
TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}")/${VERSION}"
190

191
192
# The Debian Iceweasel extensions we want to install and make
# available in the Tor Browser.
Tails developers's avatar
Tails developers committed
193
DEBIAN_EXT_PKGS="xul-ext-adblock-plus xul-ext-torbutton"
194

195
TMP="$(mktemp -d)"
Tails developers's avatar
Tails developers committed
196
download_and_verify_files "${TBB_TARBALLS_BASE_URL}" "${TBB_TARBALLS}" "${TMP}"
197

Tails developers's avatar
Tails developers committed
198
install_tor_browser "${TMP}/${MAIN_TARBALL}" "${TBB_INSTALL}"
199

200
201
mkdir -p "${TBB_EXT}"
install_langpacks_from_bundles "${TMP}" "${TBB_EXT}"
202

203
204
rm -r "${TMP}"

Tails developers's avatar
Tails developers committed
205
# Let's put all the extensions from TBB in the global extensions
206
# directory...
207
208
mv "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}"
rmdir "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions
209

210
211
# ... and then install a few Iceweasel extension by using a fake
# Iceweasel equivs package to satisfy the dependencies.
212
FIREFOX_VERSION=$(get_firefox_version "${TBB_INSTALL}"/application.ini)
213
214
FAKE_ICEWEASEL_VERSION=${FIREFOX_VERSION}+fake1
install_fake_iceweasel_pkg "${FAKE_ICEWEASEL_VERSION}"
215
install_debian_extensions "${TBB_EXT}" ${DEBIAN_EXT_PKGS}
216

217
218
219
220
221
222
223
224
225
# Make sure that we have installed a Torbutton based on the same
# version as the one bundled with the Tor Browser
TORBUTTON_VERSION="$(dpkg -s xul-ext-torbutton | \
    sed -n 's/^Version: \(.*\)-[0-9]\+$/\1/p')"
if [ "${TORBUTTON_VERSION}" != "${TORBUTTON_BUNDLED_VERSION}" ]; then
    echo "We have installed a Torbutton based on version '${TORBUTTON_VERSION}' but the version bundled with the Tor Browser is version '${TORBUTTON_BUNDLED_VERSION}'" >&2
    exit 1
fi

226
mkdir -p "${TBB_PROFILE}"
227
create_default_profile "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default "${TBB_EXT}" "${TBB_PROFILE}"
228

229
230
231
232
# Create a copy of the Firefox binary, for use e.g. by Tor Launcher.
# It won't be subject to AppArmor confinement.
cp -a "${TBB_INSTALL}/firefox" "${TBB_INSTALL}/firefox-unconfined"

233
234
chown -R root:root "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
chmod -R a+rX "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
235

Tails developers's avatar
Tails developers committed
236
# Make the Tor Browser into the system's default web browser
237
238
update-alternatives --install /usr/bin/x-www-browser x-www-browser /usr/local/bin/tor-browser 99
update-alternatives --install /usr/bin/gnome-www-browser gnome-www-browser /usr/local/bin/tor-browser 99
239
sed -i 's/\<iceweasel\.desktop\>/tor-browser.desktop/' /etc/gnome/defaults.list