Commit 0a2ba4b2 authored by kytv's avatar kytv
Browse files

Override Torbirdy defaults to match Tails' expectations

We want stream isolation so that is set here. Additionally we want to
use the standard SKS keyserver pool like the command-line gnupg client
and Seahorse use in Tails.

Note that enigmail does *not* support using hkps.

Note also that we patch the source to due to the following as noted in
`components/torbirdy.js`:

// Default preference values for TorBirdy.
// These preferences values will be "enforced": even if the user decides to
// change the preferences listed below, they will be reset to the TorBirdy
// default when Thunderbird restarts. The reason we are doing this is because
// these preferences, if changed, can introduce leaks and therefore should be
// not changed by the user. Even if the user does change them, we reset them to
// the secure default when Thunderbird starts.
parent 5656f86d
--- /usr/share/xul-ext/torbirdy/chrome/content/preferences.js.orig 2015-07-27 07:34:13.195987276 +0000
+++ /usr/share/xul-ext/torbirdy/chrome/content/preferences.js 2015-07-27 07:44:12.579975436 +0000
@@ -7,7 +7,7 @@
pub.prefBranch = "extensions.torbirdy.";
pub.customBranch = "extensions.torbirdy.custom.";
- pub.torKeyserver = "hkp://qdigse2yzvuglcix.onion";
+ pub.torKeyserver = "hkp://pool.sks-keyservers.net";
pub.jondoKeyserver = "hkp://pool.sks-keyservers.net";
pub.prefs = Components.classes["@mozilla.org/preferences-service;1"]
@@ -25,7 +25,7 @@
pub.setDefaultPrefs = function() {
pub.prefs.setCharPref("network.proxy.socks", "127.0.0.1");
- pub.prefs.setIntPref("network.proxy.socks_port", 9050);
+ pub.prefs.setIntPref("network.proxy.socks_port", 9061);
pub.prefs.clearUserPref("network.proxy.http");
pub.prefs.clearUserPref("network.proxy.http_port");
pub.prefs.clearUserPref("network.proxy.ssl");
@@ -43,7 +43,7 @@
"--no-comments " +
"--throw-keyids " +
"--display-charset utf-8 " +
- "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8118";
+ "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=socks5h://127.0.0.1:9050";
}
if (anonService === "jondo") {
return "--no-emit-version " +
@@ -58,7 +58,7 @@
return "--no-emit-version " +
"--no-comments " +
"--display-charset utf-8 " +
- "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8118";
+ "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=socks5h://127.0.0.1:9050";
}
if (anonService === "jondo") {
return "--no-emit-version " +
@@ -494,7 +494,7 @@
// Tor.
if (anonService === 0) {
pub.socksHost.value = '127.0.0.1';
- pub.socksPort.value = '9050';
+ pub.socksPort.value = '9061';
}
// JonDo/Whonix.
--- ./usr/share/xul-ext/torbirdy/components/torbirdy.js.orig 2015-07-27 07:56:54.811960380 +0000
+++ ./usr/share/xul-ext/torbirdy/components/torbirdy.js 2015-07-27 08:00:26.895956191 +0000
@@ -43,7 +43,7 @@
// Configure Thunderbird to use the SOCKS5 proxy.
"network.proxy.socks": "127.0.0.1",
- "network.proxy.socks_port": 9050,
+ "network.proxy.socks_port": 9061,
"network.proxy.socks_version": 5,
// Set DNS proxying through SOCKS5.
@@ -215,10 +215,10 @@
// We want to force UTF-8 everywhere
"--display-charset utf-8 " +
// We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell
- "--keyserver-options http-proxy=http://127.0.0.1:8118 ",
+ "--keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 ",
// The default key server should be a hidden service and this is the only known one (it's part of the normal SKS network)
- "extensions.enigmail.keyserver": "hkp://qdigse2yzvuglcix.onion",
+ "extensions.enigmail.keyserver": "hkp://pool.sks-keyservers.net",
// Force GnuPG to use SHA512.
"extensions.enigmail.mimeHashAlgorithm": 5,
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment