Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
tails
tails
Commits
28cf4852
Commit
28cf4852
authored
Mar 19, 2017
by
intrigeri
Browse files
Merge remote-tracking branch 'origin/feature/12263-remove-i2p' into feature/stretch (refs:
#12263
).
parents
07e9cf89
676ae125
Changes
114
Hide whitespace changes
Inline
Side-by-side
.gitignore
View file @
28cf4852
...
...
@@ -46,7 +46,6 @@
/config/chroot_local-includes/usr/share/applications/tails-reboot.desktop
/config/chroot_local-includes/usr/share/applications/unsafe-browser.desktop
/config/chroot_local-includes/usr/share/applications/tails-shutdown.desktop
/config/chroot_local-includes/usr/share/applications/i2p-browser.desktop
/config/chroot_local-includes/usr/share/applications/tor-browser.desktop
/config/chroot_local-includes/usr/share/applications/tails-about.desktop
/config/chroot_local-includes/usr/share/desktop-directories/Tails.directory
...
...
config/binary_rootfs/squashfs.sort
View file @
28cf4852
...
...
@@ -460,8 +460,6 @@ usr/bin/expr 32082
usr/bin/bc 32081
lib/live/config/2060-create-upgrader-run-directory 32079
usr/bin/install 32078
lib/live/config/2080-install-i2p 32077
usr/local/lib/tails-shell-library/i2p.sh 32076
usr/local/lib/tails-shell-library/common.sh 32075
usr/local/lib/tails-shell-library/localization.sh 32074
lib/live/config/7000-debug 32073
...
...
@@ -2839,7 +2837,6 @@ usr/share/applications/mimeinfo.cache 29205
usr/share/gnome/applications/vim.desktop 29204
usr/share/gnome/applications/nm-connection-editor.desktop 29203
usr/share/gnome/applications/gnome-power-statistics.desktop 29202
usr/share/gnome/applications/openjdk-7-policytool.desktop 29201
usr/share/gnome/applications/orca.desktop 29200
usr/share/applications/gnome-bluetooth-panel.desktop 29199
usr/lib/libreoffice/share/xdg/xsltfilter.desktop 29198
...
...
@@ -3122,7 +3119,6 @@ etc/xdg/menus/applications-merged/Tails.menu 28920
usr/share/applications/gnome-power-statistics.desktop 28919
usr/share/applications/nm-connection-editor.desktop 28918
usr/lib/i386-linux-gnu/tracker-1.0/libtracker-data.so.0.0.0 28917
usr/share/applications/openjdk-7-policytool.desktop 28916
usr/share/applications/orca.desktop 28915
usr/share/applications/vim.desktop 28914
usr/share/desktop-directories/ActionGames.directory 28913
...
...
@@ -4097,7 +4093,6 @@ usr/lib/i386-linux-gnu/libopencv_contrib.so.2.4.9 27944
usr/share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt 27943
usr/lib/i386-linux-gnu/libopencv_core.so.2.4.9 27942
usr/lib/i386-linux-gnu/libopencv_highgui.so.2.4.9 27941
etc/NetworkManager/dispatcher.d/30-i2p.sh 27940
etc/NetworkManager/dispatcher.d/60-tor-ready.sh 27939
usr/local/sbin/tor-has-bootstrapped 27938
usr/bin/gettext 27937
...
...
config/chroot_local-hooks/06-adduser_i2pbrowser
deleted
100755 → 0
View file @
07e9cf89
#!/bin/sh
set
-e
# Create the i2pbrowser user.
#
# We run i2p-browser under this user
echo
"Creating the i2pbrowser user"
adduser
--system
--quiet
--group
i2pbrowser
config/chroot_local-hooks/16-i2p_config
deleted
100755 → 0
View file @
07e9cf89
#!/bin/sh
set
-e
echo
"Configuring I2P"
I2P
=
"/usr/share/i2p"
I2PROUTER
=
"/usr/bin/i2prouter"
WRAPPER
=
"/etc/i2p/wrapper.config"
# This must be set in order for the i2p init script to work
sed
-i
's/^RUN_DAEMON=.*$/RUN_DAEMON="true"/'
/etc/default/i2p
# Remove the "i2prouter" script, its man page, and its apparmor profile
# since these are not used by Tails:
rm
/etc/apparmor.d/usr.bin.i2prouter /usr/share/man/man1/i2prouter.1.gz
# Install custom i2prouter stub scripts
for
script
in
${
I2PROUTER
}
${
I2PROUTER
}
-nowrapper
;
do
echo
"Removing
$script
"
dpkg-divert
--rename
--add
"
${
script
}
"
cat
>
"
$script
"
<<
EOF
#!/bin/sh
echo "This script is not used by Tails."
echo "See https://tails.boum.org/doc/anonymous_internet/i2p/ for more information."
exit 0
EOF
chmod
755
"
$script
"
done
# Remove the outproxy from the tunnel on port 4444
# This will remove the following lines:
# tunnel.0.proxyList=false.i2p
# tunnel.0.option.i2ptunnel.httpclient.SSLOutproxies=false.i2p
# The SSLOutproxies option was first set in I2P 0.9.15
sed
-i
'/^.*tunnel\.0\.\(proxyList\|option\.i2ptunnel\.httpclient\.SSLOutproxies\)/d'
"
$I2P
/i2ptunnel.config"
# Disable the https outproxy (port 4445)
sed
-i
's|^.*\(tunnel\.6\.startOnLoad\).*|\1=false|'
"
$I2P
/i2ptunnel.config"
# Don't serve the router console on IPv6
sed
-i
's|^clientApp\.0\.args=7657\s\+::1,127\.0\.0\.1|clientApp.0.args=7657 127.0.0.1|'
"
$I2P
/clients.config"
# Disable IPv6 in the wrapper
sed
-i
's|^.*\(wrapper\.java\.additional\.5=-Djava\.net\.preferIPv4Stack=\).*|\1true|'
"
$WRAPPER
"
sed
-i
's|^.*\(wrapper\.java\.additional\.6=-Djava\.net\.preferIPv6Addresses=\).*|\1false|'
"
$WRAPPER
"
# Tails specific router configs:
# * i2cp: allows java clients to communicate with I2P outside of the JVM. Disabled.
# * IPv6: Disabled
# * HiddenMode: Enabled
# * In-I2P Network Updates: Disabled
# * Inbound connections: Disabled (setting is "i2cp.ntcp.autoip")
# * Disable I2P plugins
# * Disable NTP
cat
>
"
$I2P
/router.config"
<<
EOF
# NOTE: This I2P config file must use UTF-8 encoding
i2cp.disableInterface=true
i2np.ntcp.ipv6=false
i2np.ntcp.autoip=false
i2np.udp.ipv6=false
router.isHidden=true
router.updateDisabled=true
router.enablePlugins=false
time.disabled=true
EOF
cat
>
"
$I2P
/susimail.config"
<<
EOF
susimail.pop3.leave.on.server=true
EOF
# enforce apparmor
echo
Setting the I2P apparmor profile to enforce mode
sed
-i
-re
's|flags=\(complain\)||'
/etc/apparmor.d/system_i2p
config/chroot_local-hooks/52-update-rc.d
View file @
28cf4852
...
...
@@ -22,7 +22,6 @@ systemctl enable tor-controlport-filter.service
systemctl
--
global
enable
tails
-
add
-
GNOME
-
bookmarks
.
service
systemctl
--
global
enable
tails
-
configure
-
keyboard
.
service
systemctl
--
global
enable
tails
-
create
-
tor
-
browser
-
directories
.
service
systemctl
--
global
enable
tails
-
i2p
-
removal
-
notify
-
user
.
service
systemctl
--
global
enable
tails
-
security
-
check
.
service
systemctl
--
global
enable
tails
-
upgrade
-
frontend
.
service
systemctl
--
global
enable
tails
-
virt
-
notify
-
user
.
service
...
...
@@ -46,9 +45,6 @@ systemctl disable tor.service
systemctl
disable
NetworkManager
.
service
systemctl
disable
NetworkManager
-
wait
-
online
.
service
#
We
don
'
t
run
these
services
by
default
systemctl
disable
i2p
.
service
#
Don
'
t
hide
tails
-
kexec
'
s
shutdown
messages
with
an
empty
splash
screen
for
suffix
in
halt
kexec
poweroff
reboot
shutdown
;
do
systemctl
mask
"plymouth-${suffix}.service"
...
...
config/chroot_local-hooks/97-remove_i2p
deleted
100755 → 0
View file @
07e9cf89
#!/bin/sh
set
-u
set
-e
# Everything moved by this hook script will be reversed in the event that
# the string "i2p" is entered at a boot prompt
DEST
=
"/usr/share/tails/i2p-disabled"
[
-d
"/usr/share/i2p"
]
||
return
0
mkdir
"
$DEST
"
mv
-f
/usr/share/i2p
"
$DEST
"
mv
-f
/usr/sbin/wrapper
"
$DEST
"
mv
-f
/usr/share/applications/i2p-browser.desktop
"
$DEST
"
config/chroot_local-includes/etc/NetworkManager/dispatcher.d/30-i2p.sh
deleted
100755 → 0
View file @
07e9cf89
#!/bin/sh
# I2P isn't started automatically at system boot.
# Instead, it is started with this hook script.
# Import i2p_is_enabled().
.
/usr/local/lib/tails-shell-library/i2p.sh
# Don't even try to run this script if I2P is not enabled.
i2p_is_enabled
||
exit
0
# don't run if interface is 'lo'
if
[
-z
"
$1
"
]
||
[
"
$1
"
=
"lo"
]
;
then
exit
0
fi
if
[
"
$2
"
=
"up"
]
;
then
/usr/local/sbin/tails-i2p start &
fi
config/chroot_local-includes/etc/ferm/ferm.conf
View file @
28cf4852
...
...
@@ -3,11 +3,6 @@
# Configuration file for ferm(1).
#
# I2P rules that grant access to the "i2psvc" user (those with $use_i2p) will
# only be enabled if the string "i2p" is entered at the boot prompt.
# Deny or reject rules affecting "i2psvc" will always be set.
def
$
use_i2p
= `
test
-
d
/
usr
/
share
/
i2p
&&
echo
1
||
echo
0
`;
# When ferm starts initially during early boot, the "amnesia" user does not
# exist yet, so we have to use its UID (#7018).
def
$
amnesia_uid
=
1000
;
...
...
@@ -74,42 +69,12 @@ domain ip {
mod
owner
uid
-
owner
$
amnesia_uid
ACCEPT
;
}
# Whitelist access to Tor's DNSPort so I2P can resolve hostnames when bootstrapping
daddr
127
.
0
.
0
.
1
proto
udp
dport
5353
{
@
if
$
use_i2p
mod
owner
uid
-
owner
i2psvc
ACCEPT
;
}
# White-list access to the accessibility daemon
daddr
127
.
0
.
0
.
1
proto
tcp
syn
dport
4101
{
mod
owner
uid
-
owner
$
amnesia_uid
ACCEPT
;
mod
owner
uid
-
owner
Debian
-
gdm
ACCEPT
;
}
# White-list access to I2P services for the amnesia user (IRC, SAM, POP3, SMTP, and Monotone)
# For more information, see https://tails/boum.org/contribute/design/I2P and https://geti2p.net/ports
daddr
127
.
0
.
0
.
1
proto
tcp
syn
mod
multiport
destination
-
ports
(
6668
7656
7659
7660
8998
) {
@
if
$
use_i2p
mod
owner
uid
-
owner
$
amnesia_uid
ACCEPT
;
}
# Whitelist access to I2P services for the i2psvc user,
# otherwise mail and eepsite hosting won't work. The mail ports (7659 and 7660) are
# accessed by the webmail app
daddr
127
.
0
.
0
.
1
proto
tcp
syn
mod
multiport
destination
-
ports
(
7658
7659
7660
) {
@
if
$
use_i2p
mod
owner
uid
-
owner
i2psvc
ACCEPT
;
}
# Whitelist access to the i2pbrowser user
daddr
127
.
0
.
0
.
1
proto
tcp
syn
mod
multiport
destination
-
ports
(
4444
7657
7658
) {
@
if
$
use_i2p
mod
owner
uid
-
owner
i2pbrowser
ACCEPT
;
}
# White-list access to the java wrapper's (used by I2P) control ports
# (see: http://wrapper.tanukisoftware.com/doc/english/prop-port.html)
# If, for example, port 31000 is in use, it'll try the next one in sequence.
daddr
127
.
0
.
0
.
1
proto
tcp
sport
(
31000
31001
31002
)
dport
(
32000
32001
32002
) {
@
if
$
use_i2p
mod
owner
uid
-
owner
i2psvc
ACCEPT
;
}
# White-list access to CUPS
daddr
127
.
0
.
0
.
1
proto
tcp
syn
dport
631
{
mod
owner
uid
-
owner
$
amnesia_uid
ACCEPT
;
...
...
@@ -136,14 +101,13 @@ domain ip {
}
# Local network connections should not go through Tor but DNS shall be
# rejected.
I2P is explicitly blocked from communicating with the LAN.
#
(Note that we exclude the VirtualAddrNetwork used for
.onion:s here.)
# rejected.
(Note that we exclude the VirtualAddrNetwork used for
# .onion:s here.)
daddr
(
10
.
0
.
0
.
0
/
8
172
.
16
.
0
.
0
/
12
192
.
168
.
0
.
0
/
16
) @
subchain
"lan"
{
proto
tcp
dport
domain
REJECT
;
proto
udp
dport
domain
REJECT
;
proto
tcp
dport
netbios
-
ns
REJECT
;
proto
udp
dport
netbios
-
ns
REJECT
;
mod
owner
uid
-
owner
i2psvc
REJECT
;
ACCEPT
;
}
...
...
@@ -152,11 +116,6 @@ domain ip {
proto
tcp
syn
mod
state
state
(
NEW
)
ACCEPT
;
}
# i2p is allowed to do anything it wants to on the internet.
outerface
!
lo
mod
owner
uid
-
owner
i2psvc
{
@
if
$
use_i2p
proto
(
tcp
udp
)
ACCEPT
;
}
# Everything else is logged and dropped.
LOG
log
-
prefix
"Dropped outbound packet: "
log
-
level
debug
log
-
uid
;
REJECT
reject
-
with
icmp
-
port
-
unreachable
;
...
...
config/chroot_local-includes/etc/skel/.purple/blist.xml
View file @
28cf4852
<?xml version='1.0' encoding='UTF-8' ?>
<purple
version=
'1.0'
>
<blist>
<group
name=
'Discussions'
>
<setting
name=
'collapsed'
type=
'bool'
>
0
</setting>
<chat
proto=
'prpl-irc'
account=
'XXX_NICK_XXX@127.0.0.1'
>
<component
name=
'channel'
>
#i2p
</component>
</chat>
</group>
</blist>
<privacy>
<account
proto=
'prpl-irc'
name=
'XXX_NICK_XXX@irc.oftc.net'
mode=
'1'
/>
<account
proto=
'prpl-irc'
name=
'XXX_NICK_XXX@127.0.0.1'
mode=
'1'
/>
</privacy>
</purple>
config/chroot_local-includes/lib/live/config/2080-install-i2p
deleted
100755 → 0
View file @
07e9cf89
#!/bin/sh
# This script reverses everything done by config/chroot_local-hooks/97_remove_i2p
# when the string "i2p" is added to the boot prompt.
# Import i2p_is_enabled().
.
/usr/local/lib/tails-shell-library/i2p.sh
SRC
=
"/usr/share/tails/i2p-disabled"
Install_I2P
(){
mv
"
$SRC
/wrapper"
/usr/sbin/wrapper
mv
"
$SRC
/i2p-browser.desktop"
/usr/share/applications
mv
"
$SRC
/i2p"
/usr/share
rmdir
"
$SRC
"
}
Add_Sudo_Config
(){
echo
"amnesia ALL = NOPASSWD: /usr/local/sbin/i2p-browser"
>
/etc/sudoers.d/zzz_i2pbrowser
chown
root:root /etc/sudoers.d/zzz_i2pbrowser
chmod
0440 /etc/sudoers.d/zzz_i2pbrowser
}
if
i2p_is_enabled
&&
[
-d
"
$SRC
"
]
;
then
Install_I2P
Add_Sudo_Config
fi
config/chroot_local-includes/lib/systemd/system/i2p.service.d/AppArmor.conf
deleted
100644 → 0
View file @
07e9cf89
[
Service
]
# XXX:Stretch: on Jessie, AppArmorProfile=system_i2p is a no-op, since
# AppArmor support was enabled in Debian's systemd 218-4 (#10925).
ExecStart
=
ExecStart
=/
usr
/
sbin
/
aa
-
exec
--
profile
=
system_i2p
-- /
usr
/
sbin
/
wrapper
"$I2P_ARGS"
config/chroot_local-includes/usr/lib/systemd/user/tails-i2p-removal-notify-user.service
deleted
100644 → 0
View file @
07e9cf89
[Unit]
Description
=
Warn the user that I2P will be removed
ConditionKernelCommandLine
=
i2p
[Service]
Type
=
oneshot
ExecStart
=
/usr/local/lib/tails-i2p-removal-notify-user
RemainAfterExit
=
yes
[Install]
WantedBy
=
desktop.target
config/chroot_local-includes/usr/local/lib/tails-i2p-removal-notify-user
deleted
100755 → 0
View file @
07e9cf89
#!/usr/bin/perl
use
strict
;
use
warnings
;
#man{{{
=head1 NAME
tails-i2p-removal-notify-user
=head1 VERSION
Version X.XX
=head1 AUTHOR
Tails dev team <amnesia@boum.org>
See https://tails.boum.org/.
=cut
#}}}
use
Desktop::
Notify
;
use
English
'
-no_match_vars
';
use
Locale::
gettext
;
use
Net::DBus::
Reactor
;
use
POSIX
;
### initialization
setlocale
(
LC_MESSAGES
,
"");
textdomain
("
tails
");
### callbacks
sub
action_cb
{
my
$reactor
=
shift
;
unless
(
fork
)
{
exec
(
'
/usr/local/bin/tails-documentation
',
'
doc/anonymous_internet/i2p
',
'
removal
',
);
}
$reactor
->
shutdown
;
}
### main
my
$reactor
=
Net::DBus::
Reactor
->
main
;
my
$notify
=
Desktop::
Notify
->
new
();
$notify
->
action_callback
(
sub
{
action_cb
(
$reactor
,
@
_
)
});
$notify
->
close_callback
(
sub
{
$reactor
->
shutdown
;
});
my
$summary
=
gettext
("
Warning: I2P will be removed in Tails 2.12
");
$notify
->
create
(
summary
=>
$summary
,
actions
=>
{
"
moreinfo_
$PID
"
=>
gettext
('
Learn more
'),
},
hints
=>
{
'
transient
'
=>
1
,
},
timeout
=>
0
)
->
show
();
$reactor
->
run
;
config/chroot_local-includes/usr/local/lib/tails-shell-library/i2p.sh
deleted
100644 → 0
View file @
07e9cf89
#!/bin/sh
# Import set_simple_config_key().
.
/usr/local/lib/tails-shell-library/common.sh
# Import language_code_from_locale().
.
/usr/local/lib/tails-shell-library/localization.sh
I2P_DEFAULT_CONFIG
=
"/usr/share/i2p"
I2P_CONFIG
=
"/var/lib/i2p/i2p-config"
I2P_TUNNEL_CONFIG
=
"
${
I2P_CONFIG
}
/i2ptunnel.config"
I2P_WRAPPER_LOG
=
"/var/log/i2p/wrapper.log"
i2p_is_enabled
()
{
grep
-qw
"i2p"
/proc/cmdline
}
i2p_eep_proxy_address
()
{
# We retrieve the host and port number from the I2P profile. This
# shouldn't be anywhere other than 127.0.0.1:4444 but in case
# someone modifies the hook scripts or the default changes in I2P,
# this check should still work.
local
listen_host listen_port
listen_host
=
$(
awk
-F
=
'/^tunnel\.0\.interface/{print $2}'
\
"
${
I2P_TUNNEL_CONFIG
}
"
)
listen_port
=
$(
awk
-F
=
'/^tunnel\.0\.listenPort/{print $2}'
\
"
${
I2P_TUNNEL_CONFIG
}
"
)
echo
${
listen_host
}
:
${
listen_port
}
}
i2p_reseed_started
()
{
grep
-q
'Reseed start$'
"
${
I2P_WRAPPER_LOG
}
"
}
i2p_reseed_failed
()
{
grep
-q
'Reseed failed, check network connection$'
"
${
I2P_WRAPPER_LOG
}
"
}
i2p_reseed_completed
()
{
grep
-q
"Reseed complete"
"
${
I2P_WRAPPER_LOG
}
"
}
i2p_reseed_status
()
{
if
i2p_reseed_completed
;
then
echo
success
elif
i2p_reseed_failed
;
then
echo
failure
elif
i2p_reseed_started
;
then
echo
running
fi
}
i2p_built_a_tunnel
()
{
ss
-nlp
|
grep
-qwF
"
$(
i2p_eep_proxy_address
)
"
}
i2p_router_console_address
()
{
echo
127.0.0.1:7657
}
i2p_router_console_is_ready
()
{
ss
-nlp
|
grep
-qwF
"
$(
i2p_router_console_address
)
"
}
set_best_i2p_router_console_lang
()
{
# We will use the detected language even if I2P doesn't support it; it
# will default to English in that case.
local
lang
=
"
$(
language_code_from_locale
"
${
LANG
}
"
)
"
# We first try to set it in an existing "live" config, even though
# the effect will only appear after a restart.
local
config
for
config
in
"
${
I2P_CONFIG
}
/router.config"
\
"
${
I2P_DEFAULT_CONFIG
}
/router.config"
;
do
if
[
-e
"
${
config
}
"
]
;
then
set_simple_config_key
"
${
config
}
"
"routerconsole.lang"
"
${
lang
}
"
return
0
fi
done
return
1
}
config/chroot_local-includes/usr/local/sbin/i2p-browser
deleted
100755 → 0
View file @
07e9cf89
#!/bin/sh
set
-e
set
-u
.
gettext.sh
TEXTDOMAIN
=
"tails"
export
TEXTDOMAIN
# Import the TBB_EXT variable, and guess_best_tor_browser_locale().
.
/usr/local/lib/tails-shell-library/tor-browser.sh
# Import try_cleanup_browser_chroot(), setup_browser_chroot(),
# configure_chroot_dns_servers(), configure_chroot_browser(),
# configure_chroot_browser(), set_chroot_browser_locale()
# set_chroot_torbutton_browser_name(), set_chroot_browser_permissions()
# and run_browser_in_chroot().
.
/usr/local/lib/tails-shell-library/chroot-browser.sh
# Import i2p_router_console_is_ready() and i2p_is_enabled().
.
/usr/local/lib/tails-shell-library/i2p.sh
error
()
{
local
cli_text
=
"
${
CMD
}
:
`
gettext
\"
error:
\"
`
${
@
}
"
local
dialog_text
=
"<b><big>
`
gettext
\"
Error
\"
`
</big></b>
${
@
}
"
echo
"
${
cli_text
}
"
>
&2
sudo
-u
"
${
SUDO_USER
}
"
zenity
--error
--title
""
--text
"
${
dialog_text
}
"
exit
1
}
verify_start
()
{
# Make sure the user really wants to start the browser in case the router console isn't available
local
dialog_msg
=
"<b><big>
`
gettext
\"
Do you still want to launch I2P Browser?
\"
`
</big></b>
`
gettext
\"
The I2P router console is not ready.
\"
`
"
local
launch
=
"
`
gettext
\"
_Launch
\"
`
"
local exit
=
"
`
gettext
\"
_Exit
\"
`
"
if
!
sudo
-u
"
${
SUDO_USER
}
"
\
zenity
--question
--title
""
--text
"
${
dialog_msg
}
"
--default-cancel
\
--cancel-label
"
${
exit
}
"
--ok-label
"
${
launch
}
"
;
then
exit
0
fi
}
show_start_notification
()
{
local
title
=
"
`
gettext
\"
Starting the I2P Browser...
\"
`
"
local
body
=
"
`
gettext
\"
This may take a
while
, so please be patient.
\"
`
"
tails-notify-user
"
${
title
}
"
"
${
body
}
"
10000
}
copy_extra_tbb_prefs
()
{
local chroot
=
"
${
1
}
"
local
browser_name
=
"
${
2
}
"
local
browser_user
=
"
${
3
}
"
local
tbb_prefs
=
"/etc/tor-browser/profile/preferences"
local
browser_prefs_dir
=
"
${
chroot
}
/home/
${
browser_user
}
/.
${
browser_name
}
/profile.default/preferences"
mkdir
-p
"
${
browser_prefs_dir
}
"
# Selectively copy the TBB prefs we want
sed
'/\(security\|update\|download\|spell\|noscript\|torbrowser\)/!d'
"
${
tbb_prefs
}
/0000tails.js"
>
\
"
${
browser_prefs_dir
}
/0000tails.js"
sed
'/\(capability\|noscript\)/!d'
"
${
tbb_prefs
}
/extension-overrides.js"
>
\
"
${
browser_prefs_dir
}
/extension-overrides.js"
chown
-R
"
${
browser_user
}
:
${
browser_user
}
"
"
${
browser_prefs_dir
}
"
}
show_shutdown_notification
()
{
local
title
=
"
`
gettext
\"
Shutting down the I2P Browser...
\"
`
"
local
body
=
"
`
gettext
\"
This may take a
while
, and you may not restart the I2P Browser
until
it is properly shut down.
\"
`
"
tails-notify-user
"
${
title
}
"
"
${
body
}
"
10000
}
# Main script:
# This isn't very useful without I2P...
i2p_is_enabled
||
exit
0
CMD
=
"
$(
basename
"
${
0
}
"
)
"
LOCK
=
"/var/lock/
${
CMD
}
"
CONF_DIR
=
"/var/lib/i2p-browser"
COW
=
"
${
CONF_DIR
}
/cow"
CHROOT
=
"
${
CONF_DIR
}
/chroot"
BROWSER_NAME
=
"i2p-browser"
BROWSER_USER
=
"i2pbrowser"
HOME_PAGE
=
"http://127.0.0.1:7657"
NOSCRIPT_EXT_XPI
=
"
${
TBB_EXT
}
/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi"
TORBUTTON_EXT_DIR
=
"
${
TBB_EXT
}
/torbutton@torproject.org"
HUMAN_READABLE_NAME
=
"
`
gettext
\"
I2P Browser
\"
`
"
IP4_NAMESERVERS
=
"0.0.0.0"
# Prevent multiple instances of the script.
exec
9>
"
${
LOCK
}
"
if
!
flock
-x
-n
9
;
then
error
"
`
gettext
\"
Another I2P Browser is currently running, or being cleaned up. Please retry
in
a
while
.
\"
`
"
fi
if
!
i2p_router_console_is_ready
;
then
verify_start
fi
show_start_notification
echo
"* Setting up chroot"
setup_chroot_for_browser
"
${
CHROOT
}
"
"
${
COW
}
"
"
${
BROWSER_USER
}
"
||
\
error
"
`
gettext
\"
Failed to setup chroot.
\"
`
"
echo
"* Configuring chroot"
configure_chroot_browser
"
${
CHROOT
}
"
"
${
BROWSER_USER
}
"
"
${
BROWSER_NAME
}
"
\
"
${
HUMAN_READABLE_NAME
}
"
"
${
HOME_PAGE
}
"
"
${
IP4_NAMESERVERS
}
"
\
"
${
TBB_EXT
}
"
/langpack-
*
.xpi
"
${
NOSCRIPT_EXT_XPI
}
"
"
${
TORBUTTON_EXT_DIR
}
"
&&
\
copy_extra_tbb_prefs
"
${
CHROOT
}
"
"
${
BROWSER_NAME
}
"
"
${
BROWSER_USER
}
"
||
\
error
"
`
gettext
\"
Failed to configure browser.
\"
`
"
echo
"* Starting I2P Browser"
run_browser_in_chroot
"
${
CHROOT
}
"
"
${
BROWSER_NAME
}
"
"
${
BROWSER_USER
}
"
\
"
${
SUDO_USER
}
"
||
\
error
"
`
gettext
\"
Failed to run browser.
\"
`
"
echo
"* Exiting the I2P Browser"