Commit 2ca433cb authored by intrigeri's avatar intrigeri
Browse files

Merge branch 'feature/15023-tor-browser-8' into devel (Fix-committed: #15023)

parents 9eb2a189 4327564d
#!/bin/sh
set -e
set -u
display_help_and_exit () {
echo "Usage: $(basename "$0") INPUT_FILE" >&2
}
[ $# -eq 1 ] || display_help_and_exit
INPUT_FILE="$1"
[ -f "$INPUT_FILE" ] || exit 2
# For posterity: the general idea is to introduce \r\n as a token
# where we have made a line break to make the dump more diff-friendly
# (and, hence, Git-friendly). The most complex expression is the one
# done with perl, where we employ negative lookahead. What it means,
# is: replace single occurrences of | except when followed by \\n.
echo '.dump' \
| sqlite3 "$INPUT_FILE" | \
grep -v "cached_asset_content://cache://compiled-" | \
awk '!/^INSERT/; /^INSERT/ {print $0 | "sort -n"}' | \
sed 's_\\n_\\n\r\n_g' | \
sed 's_,_,\r\n_g' | \
perl -p -e 's/([^|])\|((?!\||\\n).)/\1\|\r\n\2/g' | \
sed "/^INSERT INTO \"settings\" VALUES('\(remoteBlacklists\|cached_asset_entries\)'/"'s_,_,\r\n_g'
......@@ -76,8 +76,8 @@ Package: xserver-xorg-core xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-x
Pin: release o=Debian,n=stretch
Pin-Priority: 999
Package: xul-ext-ublock-origin
Pin: origin deb.tails.boum.org
Package: webext-ublock-origin
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: pdf-redact-tools
......
......@@ -118,17 +118,14 @@ EOF
# TBB works around the lack of code signing for its extensions by
# hacking in exceptions. We do the same!
apply_extension_code_signing_hacks () {
local destination tmp tbb_timestamp
destination="${1}"
# For consistency we'll set timestamps of files we modify to the
# same one used by the Tor Browser instead of SOURCE_DATE_EPOCH.
tbb_timestamp="$(date --date='2000-01-01 00:00:00' +%s)"
local tbb_install tbb_timestamp
tbb_install="${1}"
tbb_timestamp="${2}"
tmp="$(mktemp -d)"
(
cd "${tmp}"
7z x -tzip "${TBB_INSTALL}/omni.ja"
7z x -tzip "${tbb_install}/omni.ja"
patch -p1 <<EOF
diff -Naur a/chrome/toolkit/content/mozapps/extensions/extensions.js b/chrome/toolkit/content/mozapps/extensions/extensions.js
--- a/chrome/toolkit/content/mozapps/extensions/extensions.js 2000-01-01 00:00:00.000000000 +0000
......@@ -167,14 +164,14 @@ diff -Naur a/modules/addons/XPIProvider.jsm b/modules/addons/XPIProvider.jsm
EOF
touch --date="@${tbb_timestamp}" modules/addons/XPIProvider.jsm \
chrome/toolkit/content/mozapps/extensions/extensions.js
rm "${TBB_INSTALL}/omni.ja"
7z a -mtc=off -tzip "${TBB_INSTALL}/omni.ja" *
rm "${tbb_install}/omni.ja"
7z a -mtc=off -tzip "${tbb_install}/omni.ja" *
)
rm -r "${tmp}"
tmp="$(mktemp -d)"
(
cd "${tmp}"
7z x -tzip "${TBB_INSTALL}/browser/omni.ja"
7z x -tzip "${tbb_install}/browser/omni.ja"
patch -p1 <<EOF
diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js
--- a/components/nsBrowserGlue.js 2000-01-01 00:00:00.000000000 +0000
......@@ -191,44 +188,47 @@ diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js
}
EOF
touch --date="@${tbb_timestamp}" components/nsBrowserGlue.js
rm "${TBB_INSTALL}/browser/omni.ja"
7z a -mtc=off -tzip "${TBB_INSTALL}/browser/omni.ja" *
rm "${tbb_install}/browser/omni.ja"
7z a -mtc=off -tzip "${tbb_install}/browser/omni.ja" *
)
rm -r "${tmp}"
for archive in "${TBB_INSTALL}/omni.ja" "${TBB_INSTALL}/browser/omni.ja"; do
strip_nondeterminism_wrapper --type zip --timestamp "${tbb_timestamp}" \
"${archive}" 2>/dev/null
done
}
# Modern Firefox doesn't apply browser.search.defaultenginename on
# start, and the other ways to get it to work (e.g. pre-generating
# search.json.mozlz4) seems rather complex. Instead, let's just make
# browser.search.defaultenginename work again by employing some
# Enterprise features to run arbitrary JavaScript with access to the
# Firefox internals. For the details of this feature, see:
# https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment
apply_default_searchengine_hacks () {
local destination
destination="${1}"
cat > "${destination}/defaults/pref/autoconfig.js" <<EOF
// This file must start with a comment
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
EOF
apply_prefs_hacks() {
local tbb_install tmp tbb_timestamp
tbb_install="${1}"
tbb_timestamp="${2}"
cat > "${destination}/mozilla.cfg" <<EOF
// This file must start with a comment
var searchService = Components.classes["@mozilla.org/browser/search-service;1"].getService(Components.interfaces.nsIBrowserSearchService);
var engineName = getPref("browser.search.defaultenginename");
if (engineName) {
var engine = searchService.getEngineByName(engineName);
if (engine) {
searchService.currentEngine = engine;
}
tmp="$(mktemp -d)"
(
cd "${tmp}"
7z x -tzip "${tbb_install}/browser/omni.ja"
# Remove TBB's Tor Launcher settings since we don't enable it in
# our Tor Browser.
sed -i '/extensions\.torlauncher\./d' defaults/preferences/000-tor-browser.js
# Display the Stop/Reload button: our test suite currently depends on it
perl -pi -E \
's/^(pref\("browser.uiCustomization.state",.*\\"loop-button\\")/$1,\\"stop-reload-button\\"/' \
defaults/preferences/000-tor-browser.js
# Append our custom prefs
cat /usr/share/tails/tor-browser-prefs.js \
>> defaults/preferences/000-tor-browser.js
touch --date="@${tbb_timestamp}" defaults/preferences/000-tor-browser.js
rm "${tbb_install}/browser/omni.ja"
7z a -mtc=off -tzip "${tbb_install}/browser/omni.ja" *
)
rm -r "${tmp}"
}
EOF
strip_nondeterminism () {
local tbb_install tbb_timestamp
tbb_install="${1}"
tbb_timestamp="${2}"
for archive in "${tbb_install}/omni.ja" "${tbb_install}/browser/omni.ja"; do
strip_nondeterminism_wrapper --type zip --timestamp "${tbb_timestamp}" \
"${archive}" 2>/dev/null
done
}
install_langpacks_from_bundles() {
......@@ -262,8 +262,9 @@ install_debian_extensions() {
destination="${1}"
shift
apt-get install --yes "${@}"
ln -s /usr/share/xul-ext/ublock-origin/ \
ln -s /usr/share/webext/ublock-origin/ \
"${destination}"/'uBlock0@raymondhill.net'
patch -p1 < /usr/share/tails/uBlock-disable-autoUpdate.diff
}
create_default_profile() {
......@@ -275,16 +276,16 @@ create_default_profile() {
rsync -a --exclude bookmarks.html --exclude extensions \
"${tbb_profile}"/ "${destination}"/
# Remove TBB's Tor Launcher settings since we don't enable it in
# our Tor Browser.
sed -i '/extensions\.torlauncher\./d' "${destination}"/preferences/extension-overrides.js
mkdir -p "${destination}"/extensions
for ext in "${tbb_extensions_dir}"/*; do
ln -s "${ext}" "${destination}"/extensions/
done
}
# For consistency we'll set timestamps of files we modify to the
# same one used by the Tor Browser instead of SOURCE_DATE_EPOCH.
TBB_TIMESTAMP="$(date --date='2000-01-01 00:00:00' +%s)"
TBB_SHA256SUMS_FILE=/usr/share/tails/tbb-sha256sums.txt
TBB_TARBALLS="$(grep "\<tor-browser-linux64-.*\.tar.xz$" "${TBB_SHA256SUMS_FILE}")"
......@@ -301,16 +302,17 @@ fi
TBB_DIST_URL_FILE=/usr/share/tails/tbb-dist-url.txt
TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}")"
# The Debian Iceweasel extensions we want to install and make
# The Firefox extensions we want to install from Debian and make
# available in the Tor Browser.
DEBIAN_EXT_PKGS="xul-ext-ublock-origin"
DEBIAN_EXT_PKGS="webext-ublock-origin"
TMP="$(mktemp -d)"
download_and_verify_files "${TBB_TARBALLS_BASE_URL}" "${TBB_TARBALLS}" "${TMP}"
install_tor_browser "${TMP}/${MAIN_TARBALL}" "${TBB_INSTALL}"
apply_extension_code_signing_hacks "${TBB_INSTALL}"
apply_default_searchengine_hacks "${TBB_INSTALL}"
apply_extension_code_signing_hacks "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
apply_prefs_hacks "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
strip_nondeterminism "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
mkdir -p "${TBB_EXT}"
if [ "${NIGHTLY_BUILD}" != yes ]; then
......@@ -324,11 +326,11 @@ rm -r "${TMP}"
mv "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}"
rmdir "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions
# ... and then install a few Iceweasel extension by using a fake
# Iceweasel equivs package to satisfy the dependencies.
# ... and then install a few Firefox extension by using a fake
# firefox equivs package to satisfy the dependencies.
FIREFOX_VERSION=$(get_firefox_version "${TBB_INSTALL}"/application.ini)
FAKE_ICEWEASEL_VERSION=${FIREFOX_VERSION}+fake1
install_fake_package iceweasel "${FAKE_ICEWEASEL_VERSION}" web
FAKE_FIREFOX_VERSION=${FIREFOX_VERSION}+fake1
install_fake_package firefox "${FAKE_FIREFOX_VERSION}" web
install_debian_extensions "${TBB_EXT}" ${DEBIAN_EXT_PKGS}
mkdir -p "${TBB_PROFILE}"
......
......@@ -19,11 +19,10 @@ echo "Localize each supported browser locale"
ensure_hook_dependency_is_installed p7zip imagemagick
TBB_LOCALIZED_SEARCHPLUGINS_DIR="${TBB_INSTALL}/distribution/searchplugins/locale/"
BROWSER_LOCALIZATION_DIR="/usr/share/tails/browser-localization"
DESCRIPTIONS_FILE="${BROWSER_LOCALIZATION_DIR}/descriptions"
LOCALE_PROFILES_DIR="/etc/tor-browser/locale-profiles/"
NO_SPELLCHECKER_LOCALES="ja ko nl pl tr zh"
NO_SPELLCHECKER_LOCALES="ja tr zh"
# Sanity check that each supported Tor Browser locale has a
# description for how to localize it further.
......@@ -34,21 +33,21 @@ for LOCALE in $(supported_tor_browser_locales); do
fi
done
if [ -n "${BROKEN_LOCALES}" ]; then
echo "The following supported browser locales lack search plugin descriptions in ${DESCRIPTIONS_FILE}:${BROKEN_LOCALES}" >&2
echo "The following supported browser locales lack descriptions in ${DESCRIPTIONS_FILE}:${BROKEN_LOCALES}" >&2
exit 1
fi
# This very long while-loop is fed the DESCRIPTIONS_FILE (IO
# redirection at the bottom), which describes how we will localize
# each supported Tor Browser locale. The format is:
# MOZILLA_LOCALE:LOCATION:LOCALIZED_LANG:STARTPAGE_LANG:STARTPAGE_LANG_UI
# MOZILLA_LOCALE:LOCATION:LOCALIZED_LANG
# Note that we're forced to pick some representative location for the
# language-only locales, like Egypt (EG) for Arabic (ar).
while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE_LANG_UI; do
while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG; do
if [ -z "${MOZILLA_LOCALE}" ] || [ -z "${LOCATION}" ] || \
[ -z "${LOCALIZED_LANG}" ] || [ -z "${STARTPAGE_LANG}" ]; then
[ -z "${LOCALIZED_LANG}" ]; then
echo "Something is wrong with ${DESCRIPTIONS_FILE}" >&2
echo "Description: ${MOZILLA_LOCALE}:${LOCATION}:${LOCALIZED_LANG}:${STARTPAGE_LANG}:${STARTPAGE_LANG_UI}" >&2
echo "Description: ${MOZILLA_LOCALE}:${LOCATION}:${LOCALIZED_LANG}" >&2
exit 1
fi
......@@ -64,67 +63,11 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
NORMAL_LOCALE="${MOZILLA_LOCALE}_${LOCATION}"
fi
LANG_CODE="$(language_code_from_locale "${NORMAL_LOCALE}")"
TARGET_SEARCHPLUGINS_DIR="${TBB_LOCALIZED_SEARCHPLUGINS_DIR}/${MOZILLA_LOCALE}"
mkdir -p "${TARGET_SEARCHPLUGINS_DIR}"
if [ -z "${STARTPAGE_LANG_UI}" ]; then
STARTPAGE_LANG_UI=english
fi
sed -e "s/\${LOCALIZED_LANG}/${LOCALIZED_LANG}/" \
-e "s/\${LANG}/${STARTPAGE_LANG}/" \
-e "s/\${LANG_UI}/${STARTPAGE_LANG}/" \
"${BROWSER_LOCALIZATION_DIR}/startpage.xml-template" > \
"${TARGET_SEARCHPLUGINS_DIR}/startpage-${MOZILLA_LOCALE}.xml"
DDG_PLUGIN="${TARGET_SEARCHPLUGINS_DIR}/ddg-${MOZILLA_LOCALE}.xml"
DDG_LANG_UI="${NORMAL_LOCALE}"
if [ "${DDG_LANG_UI}" = "vi_VN" ]; then
# DDG uses a non-standard locale for Vietnamese
DDG_LANG_UI="vi_VI"
fi
sed -e "s/\${LOCALIZED_LANG}/${LOCALIZED_LANG}/" \
-e "s/\${LANG_UI}/${DDG_LANG_UI}/" \
"${BROWSER_LOCALIZATION_DIR}/ddg.xml-template" > \
"${DDG_PLUGIN}"
# We generate a Wikipedia plugin with localized icons since we
# want to provide both English and the locale's plugin, and
# Firefox' new search bar only shows icons; the description (which
# is localized) is only shown in a pop-up nowdays, so it's easy to
# mix them up.
CAPITALIZED_LANG_CODE="$(echo "${LANG_CODE}" | tr 'a-z' 'A-Z')"
LOCALIZED_WIKIPEDIA_ICON_PATH="/tmp/wikipedia-icon-${LANG_CODE}.png"
WIKIPEDIA_SEARCH_ICON_BASE64_PATH="${LOCALIZED_WIKIPEDIA_ICON_PATH}.base64"
WIKIPEDIA_ICON_TEMPLATE="${BROWSER_LOCALIZATION_DIR}/Wikipedia-icon.png"
convert "${WIKIPEDIA_ICON_TEMPLATE}" \
-gravity SouthEast -pointsize 130 -font Liberation-Sans-Bold \
-fill black -annotate 0 "${CAPITALIZED_LANG_CODE}" \
+set date:create +set date:modify -define png:exclude-chunk=time \
-resize 16x16 "${LOCALIZED_WIKIPEDIA_ICON_PATH}"
base64 "${LOCALIZED_WIKIPEDIA_ICON_PATH}" | tr -d "\n" > \
"${WIKIPEDIA_SEARCH_ICON_BASE64_PATH}"
sed -e "s/\${LANG_CODE}/${LANG_CODE}/" \
-e "s/\${LOCALIZED_LANG}/${LOCALIZED_LANG}/" \
-e "/\${BASE64_PNG_16x16}/ r ${WIKIPEDIA_SEARCH_ICON_BASE64_PATH}" \
-e "/\${BASE64_PNG_16x16}/d" \
"${BROWSER_LOCALIZATION_DIR}/wikipedia.xml-template" > \
"${TARGET_SEARCHPLUGINS_DIR}/wikipedia-${MOZILLA_LOCALE}.xml"
rm "${LOCALIZED_WIKIPEDIA_ICON_PATH}" \
"${WIKIPEDIA_SEARCH_ICON_BASE64_PATH}"
# Our Tor Browser wrapper script will make use of the following
# per-locale profiles to set localized defaults for various prefs.
mkdir -p "${LOCALE_PROFILES_DIR}"
LOCALE_PROFILE_FILE="${LOCALE_PROFILES_DIR}/${MOZILLA_LOCALE}.js"
for KEY in browser.search.defaultenginename \
browser.search.selectedEngine; do
PLUGIN="DuckDuckGo - ${LOCALIZED_LANG}"
if ! grep -q "<ShortName>${PLUGIN}</ShortName>" "${DDG_PLUGIN}"; then
echo "Trying to make search plugin '${PLUGIN}' the default for ${MOZILLA_LOCALE} but it unexpectedly wasn't the one we generated earlier" >&2
exit 1
fi
set_mozilla_pref "${LOCALE_PROFILE_FILE}" "${KEY}" "\"${PLUGIN}\""
done
TBB_DICTIONARIES_DIR="${TBB_INSTALL}/dictionaries"
unset SPELLCHECKER_LOCALE
for LOCALE in "${NORMAL_LOCALE}" "${LANG_CODE}"; do
......@@ -142,7 +85,8 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
fi
set_mozilla_pref "${LOCALE_PROFILE_FILE}" \
"spellchecker.dictionary" \
"\"${SPELLCHECKER_LOCALE}\""
"\"${SPELLCHECKER_LOCALE}\"" \
"user_pref"
HOMEPAGE="https://tails.boum.org/home/"
if echo "${TAILS_WIKI_SUPPORTED_LANGUAGES}" | grep -qw "${LANG_CODE}"; then
HOMEPAGE="${HOMEPAGE}index.${LANG_CODE}.html"
......@@ -154,47 +98,6 @@ done < "${DESCRIPTIONS_FILE}"
# This directory is not needed after build time.
rm -r "${BROWSER_LOCALIZATION_DIR}"
# Remove unwanted browser search plugins bundled in the Tor Browser.
# Note for posterity: the searchplugins/list.txt file must not be
# removed! It must list the filename (excl. .xml) of each plugin
# present, otherwise they won't work. It's not a problem to list
# nonexisting ones, so as long as we delete plugins we do not have to
# alter it.
7z d -mtc=off -tzip "${TBB_INSTALL}/browser/omni.ja" \
'chrome/en-US/locale/browser/searchplugins/ddg*.xml' \
'chrome/en-US/locale/browser/searchplugins/startpage*.xml' \
'chrome/en-US/locale/browser/searchplugins/wikipedia*.xml' \
'chrome/en-US/locale/browser/searchplugins/yahoo*.xml'
# For consistency, fixup the internal timestamps of these archives with
# the same ones used by the Tor Browser instead of SOURCE_DATE_EPOCH.
tbb_timestamp="$(date --date='2000-01-01 00:00:00' +%s)"
strip_nondeterminism_wrapper --type zip --timestamp "${tbb_timestamp}" \
"${TBB_INSTALL}/browser/omni.ja" 2>/dev/null
for pack in "${TBB_EXT}"/langpack-*.xpi; do
7z d -mtc=off -tzip "${pack}" \
'browser/chrome/*/locale/browser/searchplugins/ddg*.xml' \
'browser/chrome/*/locale/browser/searchplugins/startpage*.xml' \
'browser/chrome/*/locale/browser/searchplugins/wikipedia*.xml' \
'browser/chrome/*/locale/browser/searchplugins/yahoo*.xml'
strip_nondeterminism_wrapper --type zip --timestamp "${tbb_timestamp}" \
"${pack}" 2>/dev/null
done
# We want our localized English Wikipedia plugin to be available in
# all locales.
(
cd "${TBB_LOCALIZED_SEARCHPLUGINS_DIR}"
for dir in *; do
if [ -d "${dir}" ] && [ "${dir}" != en-US ]; then
(
cd "${dir}"
cp -a ../en-US/wikipedia-en-US.xml .
)
fi
done
)
# All generated and modified files must remain world-readable.
chmod -R a+rX "${TBB_LOCALIZED_SEARCHPLUGINS_DIR}" \
"${LOCALE_PROFILES_DIR}" \
chmod -R a+rX "${LOCALE_PROFILES_DIR}" \
"${TBB_EXT}"
#!/bin/sh
set -e
echo "Converting uBlock database dump into sqlite blob"
# Import ensure_hook_dependency_is_installed()
. /usr/local/lib/tails-shell-library/build.sh
ensure_hook_dependency_is_installed sqlite3
DUMP="/usr/share/tails/ublock-origin/ublock0.dump"
DATABASE="/etc/tor-browser/profile/extension-data/ublock0.sqlite"
mkdir -p "$(dirname "${DATABASE}")"
# The sed expression simply means: remove all CRLF ("\r\n"). The use
# of labels is simply to make this able to remove multiple CRLF to
# create a single (long) line. In the end, this restores the
# diff-friendly dump to the original sqlite dump.
sed ':a;N;$!ba;s_\r\n__g' "${DUMP}" | sqlite3 "${DATABASE}"
echo "Created uBlock sqlite blob successfully"
......@@ -32,6 +32,3 @@ update-ca-certificates
# debugging (and slightly make things easier for malware, perhaps) and
# otherwise just occupy disk space.
rm -f /boot/*.map /boot/*.map-*
# Remove text dump of uBlock settings file
rm -rf /usr/share/tails/ublock-origin/
......@@ -8,6 +8,7 @@
- 'NEWNYM'
GETINFO:
- 'circuit-status'
- 'net/listeners/socks'
- 'ns/id/[a-fA-F0-9]+'
- 'ip-to-country/\d+\.\d+\.\d+\.\d+'
confs:
......
......@@ -6,3 +6,4 @@ Type=Application
Terminal=false
Exec=/usr/local/bin/tails-documentation support
Icon=/usr/share/pixmaps/whisperback.svg
StartupNotify=true
......@@ -6,3 +6,4 @@ Type=Application
Terminal=false
Exec=/usr/local/bin/tails-documentation doc
Icon=/usr/share/icons/gnome/48x48/categories/system-help.png
StartupNotify=true
......@@ -25,3 +25,14 @@
/* Hide HTTPS Everywhere button in the toolbar */
#https-everywhere-button { display: none; }
/* Hide the uBlock sidebar, that's opened on first launch
References:
- https://github.com/gorhill/uBlock/releases/tag/1.16.6
- https://github.com/uBlock-LLC/uBlock/issues/1764 */
vbox#sidebar-box[sidebarcommand="_UUID~ADDON_-sidebar-action"] {
display: none !important;
}
vbox#sidebar-box[sidebarcommand="ublock0_raymondhill_net-sidebar-action"] {
display: none !important;
}
// Prefs that *need* to be here because they are not honored
// if we set them via /usr/share/tails/tor-browser-prefs.js
user_pref("extensions.torbutton.launch_warning", false);
pref("extensions.torlauncher.transportproxy_path", "/usr/bin/obfs4proxy");
......@@ -57,6 +57,8 @@ start_browser() {
mkdir --mode=0700 -p "$TMPDIR"
export TMPDIR
configure_tor_browser_memory_usage "${PROFILE}"
# We need to set general.useragent.locale properly to get
# localized search plugins (and perhaps other things too). It is
# not enough to simply set intl.locale.matchOS to true.
......
......@@ -3,6 +3,9 @@
set -e
set -u
# Import the TBB_PROFILE variable
. /usr/local/lib/tails-shell-library/tor-browser.sh
USER_PROFILE="${HOME}/.tor-browser"
if [ -e "${USER_PROFILE}" ]; then
......@@ -11,4 +14,4 @@ if [ -e "${USER_PROFILE}" ]; then
fi
mkdir -p "${USER_PROFILE}"
cp -a /etc/tor-browser/profile "${USER_PROFILE}"/profile.default
cp -a "${TBB_PROFILE}" "${USER_PROFILE}"/profile.default
......@@ -65,7 +65,8 @@ setup_chroot_for_browser () {
mount -t tmpfs tmpfs "${cow}" && \
mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs "${chroot}" && \
mount -t proc proc "${chroot}/proc" && \
mount --bind "/dev" "${chroot}/dev" || \
mount --bind "/dev" "${chroot}/dev" && \
mount -t tmpfs -o rw,nosuid,nodev tmpfs "${chroot}/dev/shm" || \
return 1
# Workaround for #6110
......@@ -125,9 +126,8 @@ configure_chroot_browser_profile () {
done
# Set preferences
local browser_prefs="${browser_profile}/preferences/prefs.js"
local browser_prefs="${browser_profile}/user.js"
local chroot_browser_config="/usr/share/tails/chroot-browsers"
mkdir -p "$(dirname "${browser_prefs}")"
cat "${chroot_browser_config}/common/prefs.js" \
"${chroot_browser_config}/${browser_name}/prefs.js" > "${browser_prefs}"
......@@ -137,9 +137,6 @@ configure_chroot_browser_profile () {
"${browser_prefs}"
fi
# Remove all bookmarks
rm "${chroot}/${TBB_PROFILE}/bookmarks.html"
# Set an appropriate theme
cat "${chroot_browser_config}/${browser_name}/theme.js" >> "${browser_prefs}"
......@@ -181,7 +178,7 @@ set_chroot_browser_name () {
# Surprisingly, the default locale is en, not en-US
torbutton_locale_dir="${chroot}/usr/share/xul-ext/torbutton/chrome/locale/en"
fi
sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${human_readable_name}\">/" "${torbutton_locale_dir}/brand.dtd"
sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\|Shorter\)Name.*$/<"'!'"ENTITY brand\1Name \"${human_readable_name}\">/" "${torbutton_locale_dir}/brand.dtd"
# Since Torbutton decides the name, we don't have to mess with
# with the browser's own branding, which will save time and
# memory.
......@@ -199,14 +196,47 @@ set_chroot_browser_name () {
rest="en-US/locale"
fi
local tmp="$(mktemp -d)"
local branding="${top}/${rest}/branding/brand.dtd"
7z x -o"${tmp}" "${pack}" "${branding}"
sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${human_readable_name}\">/" "${tmp}/${branding}"
local branding_dtd="${top}/${rest}/branding/brand.dtd"
local branding_properties="${top}/${rest}/branding/brand.properties"
7z x -o"${tmp}" "${pack}" "${branding_dtd}" "${branding_properties}"
sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\|Shorter\)Name.*$/<"'!'"ENTITY brand\1Name \"${human_readable_name}\">/" "${tmp}/${branding_dtd}"
perl -pi -E \
's/^(brand(?:Full|Short|Shorter)Name=).*$/$1'"${human_readable_name}/" \
"${tmp}/${branding_properties}"
(cd ${tmp} ; 7z u -tzip "${pack}" .)
chmod a+r "${pack}"
rm -Rf "${tmp}"
}
delete_chroot_browser_searchplugins() {
local chroot="${1}"
local locale="${2}"
local ext_dir="${chroot}/${TBB_EXT}"
if [ "${locale}" != "en-US" ]; then
pack="${ext_dir}/langpack-${locale}@firefox.mozilla.org.xpi"
top="browser/chrome"
rest="${locale}/locale"
else
pack="${chroot}/${TBB_INSTALL}/browser/omni.ja"
top="chrome"
rest="en-US/locale"
fi
local searchplugins_dir="${top}/${rest}/browser/searchplugins"
local searchplugins_list="${searchplugins_dir}/list.json"
local tmp="$(mktemp -d)"
(
cd "${tmp}"
7z x -tzip "${pack}" "${searchplugins_dir}"
ls "${searchplugins_dir}"/*.xml | xargs 7z d -tzip "${pack}"
echo '{"default": {"visibleDefaultEngines": []}, "experimental-hidden": {"visibleDefaultEngines": []}}' \
> "${searchplugins_list}"
7z u -tzip "${pack}" "${searchplugins_list}"
)
rm -r "${tmp}"
chmod a+r "${pack}"
}
configure_chroot_browser () {
local chroot="${1}" ; shift
local browser_user="${1}" ; shift
......@@ -223,6 +253,7 @@ configure_chroot_browser () {
"${best_locale}"
set_chroot_browser_name "${chroot}" "${human_readable_name}" \
"${browser_name}" "${browser_user}" "${best_locale}"
delete_chroot_browser_searchplugins "${chroot}" "${best_locale}"
set_chroot_browser_permissions "${chroot}" "${browser_name}" \
"${browser_user}"
}
......@@ -233,12 +264,14 @@ run_browser_in_chroot () {
local browser_name="${2}"
local chroot_user="${3}"
local local_user="${4}"