Commit 2dc70752 authored by Tails developers's avatar Tails developers
Browse files

Merge tag '0.10.2' into feature/backported_xorg

tagging version 0.10.2
parents 17f0508e 79f898d3
......@@ -23,7 +23,6 @@
/config/chroot_local-includes/usr/share/amnesia/build/variables
/config/chroot_local-includes/usr/share/doc/Changelog
/config/chroot_local-includes/usr/share/doc/amnesia/Changelog
/config/chroot_local-includes/usr/share/doc/amnesia/amnesia.asc
/config/chroot_local-includes/usr/share/doc/tails/website
/.lock
/.stage
......
......@@ -22,13 +22,11 @@ fi
rm -f config/chroot_local-includes/etc/amnesia/environment
rm -f config/chroot_local-includes/etc/amnesia/version
rm -f config/chroot_local-includes/usr/share/doc/amnesia/Changelog
rm -f config/chroot_local-includes/usr/share/doc/amnesia/amnesia.asc
for list in config/chroot_local-packageslists/*.list ; do
if [ "$list" != 'config/chroot_local-packageslists/tails-common.list' ]; then
rm -f "$list"
fi
done
rm -f config/chroot_local-includes/home/amnesia/.gnome2/nautilus-scripts/*
# files copied or created in the build stage
rm -f config/chroot_local-includes/usr/share/amnesia/build/variables
......
......@@ -75,9 +75,6 @@ echo "live-build: `dpkg-query -W -f='${Version}\n' live-build`" \
# changelog
cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog
# GnuPG key
cp wiki/src/amnesia.asc config/chroot_local-includes/usr/share/doc/amnesia/
# create readahead-list from squashfs.sort
if [ -e config/binary_rootfs/squashfs.sort ]; then
mkdir -p config/chroot_local-includes/usr/share/amnesia
......
......@@ -172,4 +172,4 @@ AMNESIA_DEV_EMAIL="amnesia@boum.org"
AMNESIA_DEV_KEYID="BE2CD9C1"
# Supported languages (displayed in this order by the syslinux menu)
AMNESIA_SUPPORTED_LANGUAGES="ar zh de en fr it pt es"
AMNESIA_SUPPORTED_LANGUAGES="ar zh en fa fr de it pt ru es vi"
......@@ -57,6 +57,11 @@ if [ -z "${ORIG_APPEND}" ]; then
exit 16
fi
# Make sure all languages are visible in the menu
NUM_LANGUAGES="$(echo ${AMNESIA_SUPPORTED_LANGUAGES} | wc -w)"
echo "menu vshift $[24-${NUM_LANGUAGES}]" >> "${SYSLINUX_LIVE_CFG}"
echo "menu rows ${NUM_LANGUAGES}" >> "${SYSLINUX_LIVE_CFG}"
# Add menu entries
for LANG_CODE in ${AMNESIA_SUPPORTED_LANGUAGES}; do
......@@ -77,6 +82,10 @@ for LANG_CODE in ${AMNESIA_SUPPORTED_LANGUAGES}; do
LANG_NAME='^Spanish'
LANG_APPEND='locales=es keyboard-layouts=es'
;;
fa)
LANG_NAME='Fa^rsi'
LANG_APPEND='locales=fa_IR.UTF-8 keyboard-layouts=us,ir'
;;
fr)
LANG_NAME='^French'
LANG_APPEND='locales=fr_FR.UTF-8 keyboard-layouts=fr'
......@@ -90,9 +99,13 @@ for LANG_CODE in ${AMNESIA_SUPPORTED_LANGUAGES}; do
LANG_APPEND='locales=pt keyboard-layouts=pt'
;;
ru)
LANG_NAME='^Russian'
LANG_NAME='R^ussian'
LANG_APPEND='locales=ru keyboard-layouts=us,ru'
;;
vi)
LANG_NAME='^Vietnamese'
LANG_APPEND='locales=vi_VN.UTF-8 keyboard-layouts=vn'
;;
zh)
LANG_NAME='^Chinese'
LANG_APPEND='locales=zh_CN.UTF-8'
......
This diff is collapsed.
......@@ -14,6 +14,10 @@ Package: haveged
Pin: origin backports.debian.org
Pin-Priority: 999
Package: iceweasel
Pin: origin mozilla.debian.net
Pin-Priority: 999
Package: libgnupg-interface-perl
Pin: origin backports.debian.org
Pin-Priority: 999
......@@ -22,10 +26,22 @@ Package: libio-socket-ssl-perl
Pin: origin backports.debian.org
Pin-Priority: 999
Package: libnss3-1d
Pin: origin backports.debian.org
Pin-Priority: 999
Package: libpixman-1-0
Pin: origin backports.debian.org
Pin-Priority: 999
Package: libregexp-common-perl
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: libvpx0
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: macchanger
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......@@ -70,6 +86,10 @@ Package: firmware-iwlwifi
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: firmware-libertas
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: firmware-linux
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......@@ -98,6 +118,14 @@ Package: initramfs-tools
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: klibc-utils
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: libklibc
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-base
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......@@ -114,11 +142,11 @@ Package: linux-headers-2.6-486
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-headers-3.1.0-1-common
Package: linux-headers-3.2.0-1-common
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-headers-3.1.0-1-486
Package: linux-headers-3.2.0-1-486
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......@@ -130,11 +158,11 @@ Package: linux-image-2.6-486
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-image-3.1.0-1-486
Package: linux-image-3.2.0-1-486
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-kbuild-3.1
Package: linux-kbuild-3.2
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......@@ -142,14 +170,34 @@ Package: laptop-mode-tools
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: xul-ext-adblock-plus
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: xul-ext-cookie-monster
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: xul-ext-foxyproxy-standard
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: xul-ext-greasemonkey
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: xul-ext-https-everywhere
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: xul-ext-monkeysphere
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: xul-ext-noscript
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: xul-ext-torbutton
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......@@ -179,6 +227,10 @@ Package: *
Pin: release o=chroot_local-packages
Pin-Priority: 1001
Package: *
Pin: origin mozilla.debian.net
Pin-Priority: 991
Package: *
Pin: release o=Debian,n=squeeze
Pin-Priority: 900
......
#!/bin/sh
# Set the correct firegpg version in /etc/iceweasel/profile/user.js
echo "recording firegpg version"
PACKAGE_NAME='xul-ext-firegpg'
USER_PREFS_FILE=/etc/iceweasel/profile/user.js
[ -f "${USER_PREFS_FILE}" ] || exit 11
FIREGPG_VERSION="`dpkg-query -W -f='${Version}' ${PACKAGE_NAME} | awk -F "-" '{print $1}'`"
sed -i'' "s,FIREGPG_VERSION,${FIREGPG_VERSION}," "${USER_PREFS_FILE}"
......@@ -39,6 +39,7 @@ chmod 755 /bin/uname
# Also, at this time of the build, we've got a recent enough X.Org installed,
# so we can install the X11 tools eventually.
dpkg --install /usr/share/amnesia/packages/virtualbox*.deb
apt-get -f install --yes
# Revert to the real uname.
mv /bin/uname.$$ /bin/uname
......
......@@ -22,3 +22,10 @@ fi
# * https://trac.torproject.org/projects/tor/ticket/1247
# * https://tails.boum.org/bugs/tor_vs_networkmanager/
service tor restart
# In bridge mode Vidalia needs to start before tordate (20-time.sh)
# since we need bridges to be configured before any consensus or
# descriptors can be downloaded, which tordate depends on.
if grep -qw bridge /proc/cmdline; then
/etc/NetworkManager/dispatcher.d/60-vidalia.sh $@
fi
......@@ -15,11 +15,14 @@ TORDATE_DONE_FILE=${TORDATE_DIR}/done
TOR_DIR=/var/lib/tor
TOR_CONSENSUS=${TOR_DIR}/cached-consensus
TOR_UNVERIFIED_CONSENSUS=${TOR_DIR}/unverified-consensus
TOR_UNVERIFIED_CONSENSUS_HARDLINK=${TOR_UNVERIFIED_CONSENSUS}.bak
TOR_DESCRIPTORS=${TOR_DIR}/cached-descriptors
INOTIFY_TIMEOUT=60
DATE_RE='[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]'
VERSION_FILE=/etc/amnesia/version
# Get LIVE_USERNAME
. /etc/live/config.d/username
### Exit conditions
......@@ -49,39 +52,72 @@ log() {
logger -t time "$@"
}
notify_user() {
local summary="$1"
local body="$2"
if [ -n "$3" ]; then
timeout_args='--expire-time=$3'
fi
export DISPLAY=':0.0'
export XAUTHORITY="`echo /var/run/gdm3/auth-for-${LIVE_USERNAME}-*/database`"
exec /bin/su -c "notify-send ${timeout_args} \"${summary}\" \"${body}\"" "${LIVE_USERNAME}" &
}
tor_is_working() {
[ -e $TOR_DESCRIPTORS ]
}
has_consensus() {
grep -qs "^valid-until ${DATE_RE}"'$' ${TOR_CONSENSUS} \
${TOR_UNVERIFIED_CONSENSUS}
local files="${TOR_CONSENSUS} ${TOR_UNVERIFIED_CONSENSUS}"
if [ $# -ge 1 ]; then
files="$@"
fi
grep -qs "^valid-until ${DATE_RE}"'$' ${files}
}
has_only_unverified_consensus() {
has_consensus && [ ! -e ${TOR_CONSENSUS} ]
[ ! -e ${TOR_CONSENSUS} ] && has_consensus ${TOR_UNVERIFIED_CONSENSUS}
}
wait_for_tor_consensus() {
log "Waiting for the Tor consensus file to contain a valid time interval"
while :; do
if has_consensus; then
break;
fi
inotifywait -q -t ${INOTIFY_TIMEOUT} -e close_write -e moved_to --format %w%f ${TOR_DIR} || :
wait_for_tor_consensus_helper() {
tries=0
while ! has_consensus && [ $tries -lt 5 ]; do
inotifywait -q -t 30 -e close_write -e moved_to ${TOR_DIR} || log "timeout"
tries=$(expr $tries + 1)
done
# return some kind of success measurement
has_consensus
}
wait_for_working_tor() {
log "Waiting for Tor to be working (i.e. cached descriptors exist)"
while :; do
if tor_is_working; then
break;
fi
wait_for_tor_consensus() {
log "Waiting for a Tor consensus file to contain a valid time interval"
if ! has_consensus && ! wait_for_tor_consensus_helper; then
log "Unsuccessfully waited for Tor consensus, restarting Tor and retrying."
service tor restart
fi
if ! has_consensus && ! wait_for_tor_consensus_helper; then
log "Unsuccessfully retried waiting for Tor consensus, aborting."
fi
if has_consensus; then
log "A Tor consensus file now contains a valid time interval."
else
log "Waited for too long, let's stop waiting for Tor consensus."
# FIXME: gettext-ize
notify_user "Synchronizing the system's clock" \
"Could not fetch Tor consensus."
exit 2
fi
}
inotifywait -q -t ${INOTIFY_TIMEOUT} -e close_write -e moved_to --format %w%f ${TOR_DIR} || :
wait_for_working_tor() {
log "Waiting for Tor to be working (i.e. cached descriptors exist)..."
while ! tor_is_working; do
inotifywait -q -t ${INOTIFY_TIMEOUT} -e close_write -e moved_to ${TOR_DIR} || log "timeout"
done
log "Tor is now working."
}
date_points_are_sane() {
......@@ -113,14 +149,24 @@ restart_tor() {
}
maybe_set_time_from_tor_consensus() {
if [ ! -e ${TOR_CONSENSUS} ]; then
log "We do not have a Tor consensus so we cannot set the system time according to it."
return
local consensus=${TOR_CONSENSUS}
if has_only_unverified_consensus \
&& ln -f ${TOR_UNVERIFIED_CONSENSUS} ${TOR_UNVERIFIED_CONSENSUS_HARDLINK}; then
consensus=${TOR_UNVERIFIED_CONSENSUS_HARDLINK}
log "We do not have a Tor verified consensus, let's use the unverified one."
fi
log "Waiting for the chosen Tor consensus file to contain a valid time interval..."
while ! has_consensus ${consensus}; do
inotifywait -q -t ${INOTIFY_TIMEOUT} -e close_write -e moved_to ${TOR_DIR} || log "timeout"
done
log "The chosen Tor consensus now contains a valid time interval, let's use it."
# Get various date points in Tor's format, and do some sanity checks
vstart=$(sed -n "/^valid-after \(${DATE_RE}\)"'$/s//\1/p; t q; b n; :q q; :n' ${TOR_CONSENSUS})
vend=$(sed -n "/^valid-until \(${DATE_RE}\)"'$/s//\1/p; t q; b n; :q q; :n' ${TOR_CONSENSUS})
vstart=$(sed -n "/^valid-after \(${DATE_RE}\)"'$/s//\1/p; t q; b; :q q' ${consensus})
vend=$(sed -n "/^valid-until \(${DATE_RE}\)"'$/s//\1/p; t q; b; :q q' ${consensus})
vmid=$(date -ud "${vstart} -0130" +'%F %T')
log "Tor: valid-after=${vstart} | valid-until=${vend}"
......@@ -172,16 +218,13 @@ if tor_is_working; then
log "Tor has already opened a circuit"
else
wait_for_tor_consensus
# If Tor cannot verify the consensus this is probably because all
# authority certificates are "expired" due to a clock far off into
# the future.seen as invalid. In that case let's set the clock to
# the release date.
if is_clock_way_off && has_only_unverified_consensus; then
log "It seems the clock is so badly off that Tor couldn't verify the consensus. Setting system time to the release date, restarting Tor and fetching a new consensus..."
# It may be that all authority certificates look "expired" due to
# a clock far off into the future. In that case let's set the clock
# to the release date.
if is_clock_way_off; then
log "The clock looks very badly off. Setting system time to the release date, restarting Tor and fetching a new consensus..."
date --set="$(release_date)" > /dev/null
service tor stop
rm -f "${TOR_UNVERIFIED_CONSENSUS}"
service tor start
service tor reload
wait_for_tor_consensus
fi
maybe_set_time_from_tor_consensus
......
......@@ -18,8 +18,9 @@ fi
# - X-GNOME-AutoRestart does not exist in Lenny's Gnome
# - we do not start Vidalia automatically anymore and *this* is the time
# when it is supposed to start.
killall vidalia
sleep 2 # give lckdo a chance to release the lockfile
if killall vidalia 2> /dev/null; then
sleep 2 # give lckdo a chance to release the lockfile
fi
export DISPLAY=':0.0'
export XAUTHORITY="`echo /var/run/gdm3/auth-for-${LIVE_USERNAME}-*/database`"
exec /bin/su -c /usr/local/bin/vidalia-wrapper "${LIVE_USERNAME}" &
// Proxy through Polipo to torify outgoing APT HTTP connections.
// This setting must be overriden at build time by live-build's
// 00http-proxy configuration file. That's why this file is named
// in a way that makes it be sorted before 00http-proxy.
Acquire::http::Proxy "http://127.0.0.1:8118/";
HTP_POOL="www.torproject.org mail.riseup.net encrypted.google.com ssl.scroogle.org"
HTP_POOL_PAL="boum.org,chavez.indymedia.org,db.debian.org,epic.org,mail.riseup.net,sarava.org,squat.net,tachanka.org,www.1984.is,www.eff.org,www.immerda.ch,www.privacyinternational.org,www.torproject.org"
HTP_POOL_NEUTRAL="cve.mitre.org,en.wikipedia.org,lkml.org,thepiratebay.org,www.apache.org,www.centos.org,www.democracynow.org,www.duckduckgo.com,www.gnu.org,www.kernel.org,www.mozilla.org,www.stackexchange.com,www.startpage.com,www.xkcd.com"
HTP_POOL_FOE="encrypted.google.com,github.com,login.live.com,login.yahoo.com,secure.flickr.com,tumblr.com,twitter.com,www.adobe.com,www.gandi.net,www.myspace.com,www.paypal.com,www.rsa.com,www.sony.com"
HTTP_USER_AGENT="$(/usr/local/bin/getTorbuttonUserAgent)"
......@@ -7,3 +7,5 @@ SOCKS5_SERVER=127.0.0.1:9050
TOR_CONTROL_COOKIE_AUTH_FILE='/var/run/tor/control.authcookie'
TOR_CONTROL_HOST='127.0.0.1'
TOR_CONTROL_PORT='9051'
GIT_PROXY_COMMAND=/usr/local/bin/connect-socks
......@@ -44,24 +44,7 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# Local network connections should not go through Tor. Note that we
# exclude the VirtualAddrNetwork used for .onion:s here.
[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j RETURN
[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j RETURN
[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j RETURN
[0:0] -A OUTPUT -d 127.0.0.0/255.128.0.0 -j RETURN
[0:0] -A OUTPUT -d 127.128.0.0/255.192.0.0 -j RETURN
# Tor is allowed to do anything it wants to.
[0:0] -A OUTPUT -m owner --uid-owner debian-tor -j RETURN
# i2p is allowed to do anything it wants to.
[0:0] -A OUTPUT -m owner --uid-owner i2psvc -j RETURN
# .onion mapped addresses redirection to Tor.
[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j REDIRECT --to-ports 9040
# Redirect all remaining TCP traffic to Tor.
[0:0] -A OUTPUT ! -o lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
COMMIT
......@@ -43,16 +43,17 @@ pref("browser.send_pings", false);
pref("browser.sessionstore.enabled", false);
pref("browser.sessionstore.privacy_level", 2);
pref("browser.startup.homepage_override.mstone", "ignore");
pref("capability.policy.maonoscript.javascript.enabled", "allAccess");
pref("capability.policy.maonoscript.sites", "https://auk.riseup.net https://mail.riseup.net https://swift.riseup.net https://tern.riseup.net https://webmail.no-log.org about: about:blank about:certerror about:config about:credits about:neterror about:plugins about:privatebrowsing about:sessionrestore chrome: file:// https://webmail.boum.org resource:");
pref("dom.event.contextmenu.enabled", false);
pref("dom.storage.enabled", false);
pref("extensions.autoDisableScopes", 0);
pref("extensions.foxyproxy.last-version", "99999.99");
pref("extensions.shownSelectionUI", true);
pref("extensions.update.enabled", false);
pref("extensions.update.notifyUser", false);
pref("geo.enabled", false);
pref("geo.wifi.uri", "");
pref("layout.css.report_errors", false);
pref("network.cookie.cookieBehavior", 1);
pref("network.cookie.lifetimePolicy", 2);
pref("network.cookie.prefsMigrated", true);
pref("network.http.pipelining", true);
......@@ -70,38 +71,13 @@ pref("network.protocol-handler.warn-external.news", true);
pref("network.protocol-handler.warn-external.nntp", true);
pref("network.protocol-handler.warn-external.snews", true);
pref("network.proxy.failover_timeout", 0);
pref("network.proxy.http", "127.0.0.1");
pref("network.proxy.http_port", 8118);
pref("network.proxy.socks", "127.0.0.1");
pref("network.proxy.socks_port", 9050);
pref("network.proxy.socks_remote_dns", true);
pref("network.proxy.ssl", "127.0.0.1");
pref("network.proxy.ssl_port", 8118);
pref("network.proxy.type", 1);
pref("network.security.ports.banned", "8118,8123,9050,9051");
pref("layout.spellcheckDefault", 0);
pref("network.dns.disableIPv6", true);
pref("noscript.ABE.enabled", false);
pref("noscript.ABE.notify", false);
pref("noscript.httpsForced", "*twitter.com *facebook.com blog.torproject.org www.torproject.org docs.google.com addons.mozilla.org www.stumbleupon.com boum.org tails.boum.org mail.google.com mail.riseup.net webmail.no-log.org webmail.boum.org");
pref("noscript.httpsForcedExceptions", "");
pref("noscript.notify.hide", true);
pref("noscript.policynames", "");
pref("noscript.secureCookies", true);
pref("noscript.secureCookiesForced", "*torproject.org *github.com *facebook.com *twitter.com boum.org tails.boum.org mail.google.com mail.riseup.net webmail.no-log.org webmail.boum.org");
pref("noscript.showAddress", true);
pref("noscript.showAllowPage", false);
pref("noscript.showDistrust", false);
pref("noscript.showDomain", true);
pref("noscript.showGlobal", false);
pref("noscript.showPermanent", false);
pref("noscript.showRecentlyBlocked", false);
pref("noscript.showRevokeTemp", false);
pref("noscript.showTemp", false);
pref("noscript.showTempAllowPage", false);
pref("noscript.showTempToPerm", false);
pref("noscript.showUntrusted", false);
pref("noscript.untrusted", "google-analytics.com google.com file:// http://google-analytics.com http://google.com https://google-analytics.com https://google.com");
pref("pref.privacy.disable_button.cookie_exceptions", false);
pref("pref.privacy.disable_button.view_cookies", false);
pref("pref.privacy.disable_button.view_passwords", false);
......
......@@ -6,10 +6,6 @@
<TITLE>Bookmarks</TITLE>
<H1>Bookmarks</H1>
<DL><p>
<DT><H3 PERSONAL_TOOLBAR_FOLDER="true" ID="rdf:#$FvPhC3">Bookmarks Toolbar Folder</H3>
<DD>Add bookmarks to this folder to see them displayed on the Bookmarks Toolbar
<DL><p>
<DT><A HREF="https://tails.boum.org/">Tails</A>
<DT><h3>Webmail</h3>
<DL><p>
......@@ -27,6 +23,3 @@
<DT><A HREF="http://localhost:7657/index.jsp">I2P router console</A>
<DT><A HREF="http://www.i2p2.i2p/">I2P homepage</A>
</DL><p>
</DL><p>
</DL><p>
/* Required, do not remove */
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
/* Hide AdBlock-Plus button in the add-on bar */
#abp-toolbarbutton { display: none; }
/* Hide HTTPS Everywhere button in the toolbar */
#https-everywhere-button { display: none; }
/* Hide Greasemonkey button in the toolbar */
#greasemonkey-tbb { display: none; }
/* Hide Foxyproxy button in the toolbar */
#foxyproxy-toolbar-icon { display: none; }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment