Commit 39302606 authored by Tails developers's avatar Tails developers
Browse files

Refactor most stuff into functions.

parent d3317001
......@@ -49,25 +49,69 @@ warning () {
zenity --warning --title "" --text "${text}"
}
# First make sure the user really wants this
DIALOG_TEXT="<b>Do you really want to launch the Unsafe Browser?</b>
verify_start () {
# Make sure the user really wants to start the browser
local dialog_msg="<b>Do you really want to launch the Unsafe Browser?</b>
Any activity within the Unsafe Browser will <i>not</i> be anonymous. This may be necessary if you have to login or register in order to activate your Internet connection."
if ! zenity --question --title "" --text "${DIALOG_TEXT}"; then
exit 0
fi
if ! zenity --question --title "" --text "${dialog_msg}"; then
exit 0
fi
}
# Set $TOR_WORKING to non-emtpy iff Tor is working right now. We need to
# know whether we must restart Tor later (a captive portal may have
# prevented Tor from bootstrapping, and a restart is the fastest way to
# get wheels turning)
# FIXME: how to determine this reliably? this approach doesn't work
# if $TOR_DIR is persistent
# FIXME: the approach is stolen from is_tor_working() in the 20-time
# NM hook -- we should move things like this to a shell script library
if [ -e "${TOR_DESCRIPTORS}" ]; then
TOR_WORKING="yes"
fi
setup_chroot () {
# Setup a chroot on an aufs "fork" of the filesystem.
# FIXME: When LXC matures to the point where it becomes a viable option
# for creating isolated jails, the chroot can be used as its rootfs.
mkdir -p ${ROFS} ${COW} ${CHROOT} && \
mount -t squashfs -o loop ${SQUASH} ${ROFS} && \
mount -t tmpfs tmpfs ${COW} && \
mount -t aufs -o noatime,noxino,dirs=${COW}=rw:${ROFS}=rr+wh aufs ${CHROOT} && \
mount -t proc proc ${CHROOT}/proc && \
mount --bind /dev ${CHROOT}/dev || error "Failed to setup chroot"
}
configure_chroot () {
# Set the chroot's DNS servers to those obtained through DHCP
rm -f ${CHROOT}/etc/resolv.conf
for NS in ${DHCP4_DOMAIN_NAME_SERVERS}; do
echo "nameserver ${NS}" >> ${CHROOT}/etc/resolv.conf
done
chmod a+r ${CHROOT}/etc/resolv.conf
# Disable problematic Iceweasel addons and proxying in the chroot
chroot ${CHROOT} apt-get remove --yes ${OFFENDING_ADDONS} &>/dev/null
sed -i '/^pref("network.proxy.type",/d' \
${CHROOT}/etc/iceweasel/pref/iceweasel.js
echo 'pref("network.proxy.type", 0);' >> \
${CHROOT}/etc/iceweasel/pref/iceweasel.js
}
start_browser_in_chroot () {
# Start Iceweasel in the chroot
sudo -u ${SUDO_USER} xhost +SI:localuser:${CLEARNET_USER} &>/dev/null
chroot ${CHROOT} sudo -u ${CLEARNET_USER} iceweasel -DISPLAY=:0.0
sudo -u ${SUDO_USER} xhost -SI:localuser:${CLEARNET_USER} &>/dev/null
}
tor_is_working() {
# FIXME: the approach is stolen from is_tor_working() in the 20-time
# NM hook -- we should move things like this to a shell script library
# FIXME: how to determine this reliably? this approach doesn't work
# if $TOR_DIR is persistent.
[ -e $TOR_DESCRIPTORS ]
}
maybe_restart_tor () {
# Restart Tor if it's not working (a captive portal may have prevented
# Tor from bootstrapping, and a restart is the fastest way to get
# wheels turning)
if ! tor_is_working; then
service tor restart &>/dev/null
until nc -z localhost 9051 &>/dev/null; do sleep 1; done
/etc/NetworkManager/dispatcher.d/60-vidalia.sh clearnet up &>/dev/null
fi
}
# Get the DNS servers that was obtained through DHCP from NetworkManager,
# if any...
......@@ -83,45 +127,12 @@ if [ -z "${DHCP4_DOMAIN_NAME_SERVERS}" ]; then
error "No DNS server was obtained through DHCP."
fi
verify_start
trap cleanup SIGINT
# Setup a chroot on an aufs "fork" of the filesystem.
# FIXME: When LXC matures to the point where it becomes a viable option
# for creating isolated jails, the chroot can be used as its rootfs.
mkdir -p ${ROFS} ${COW} ${CHROOT} && \
mount -t squashfs -o loop ${SQUASH} ${ROFS} && \
mount -t tmpfs tmpfs ${COW} && \
mount -t aufs -o noatime,noxino,dirs=${COW}=rw:${ROFS}=rr+wh aufs ${CHROOT} && \
mount -t proc proc ${CHROOT}/proc && \
mount --bind /dev ${CHROOT}/dev || error "Failed to setup chroot"
# Set the chroot's DNS servers to those obtained through DHCP
rm -f ${CHROOT}/etc/resolv.conf
for NS in ${DHCP4_DOMAIN_NAME_SERVERS}; do
echo "nameserver ${NS}" >> ${CHROOT}/etc/resolv.conf
done
chmod a+r ${CHROOT}/etc/resolv.conf
# Disable problematic Iceweasel addons and proxying in the chroot
chroot ${CHROOT} apt-get remove --yes ${OFFENDING_ADDONS} &>/dev/null
sed -i '/^pref("network.proxy.type",/d' \
${CHROOT}/etc/iceweasel/pref/iceweasel.js
echo 'pref("network.proxy.type", 0);' >> \
${CHROOT}/etc/iceweasel/pref/iceweasel.js
# Start Iceweasel in the chroot
sudo -u ${SUDO_USER} xhost +SI:localuser:${CLEARNET_USER} &>/dev/null
chroot ${CHROOT} sudo -u ${CLEARNET_USER} iceweasel -DISPLAY=:0.0
sudo -u ${SUDO_USER} xhost -SI:localuser:${CLEARNET_USER} &>/dev/null
setup_chroot
configure_chroot
start_browser_in_chroot
cleanup
# Restart Tor if it wasn't working when the Unsafe Browser was started
if [ -z "${TOR_WORKING}" ] ; then
service tor restart &>/dev/null
until nc -z localhost 9051 &>/dev/null; do sleep 1; done
/etc/NetworkManager/dispatcher.d/60-vidalia.sh clearnet up &>/dev/null
fi
maybe_restart_tor
exit 0
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment