Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
tails
tails
Commits
5a543e13
Commit
5a543e13
authored
Sep 12, 2020
by
sajolida
Browse files
Prototype verification on page instead of in extension
parent
51e46a81
Changes
3
Hide whitespace changes
Inline
Side-by-side
wiki/src/install/inc/js/download.js
View file @
5a543e13
document
.
addEventListener
(
"
DOMContentLoaded
"
,
function
()
{
window
.
addEventListener
(
"
message
"
,
receiveMessage
);
function
receiveMessage
(
event
)
{
if
(
event
.
source
!==
window
||
event
.
origin
!==
"
https://tails.boum.org
"
||
!
event
.
data
)
{
return
;
}
if
(
event
.
data
.
action
===
"
verifying
"
)
{
showVerifyingDownload
(
event
.
data
.
fileName
);
}
else
if
(
event
.
data
.
action
===
"
verification-failed
"
)
{
showVerificationResult
(
"
failed
"
);
}
else
if
(
event
.
data
.
action
===
"
verification-failed-again
"
)
{
showVerificationResult
(
"
failed-again
"
);
}
else
if
(
event
.
data
.
action
===
"
verification-success
"
)
{
showVerificationResult
(
"
successful
"
);
}
else
if
(
event
.
data
.
action
===
"
progress
"
)
{
showVerificationProgress
(
event
.
data
.
percentage
);
}
else
if
(
event
.
data
.
action
===
"
extension-installed
"
)
{
if
(
document
.
documentElement
.
dataset
.
extension
===
"
up-to-date
"
)
{
showVerifyDownload
();
}
else
if
(
document
.
documentElement
.
dataset
.
extension
===
"
outdated
"
)
{
showUpdateExtension
();
}
}
}
// Display floating-toggleable-links to prevent people without JS to
// either always see the toggles or have broken toggle links.
function
showFloatingToggleableLinks
()
{
...
...
@@ -196,19 +165,8 @@ document.addEventListener("DOMContentLoaded", function() {
hide
(
document
.
getElementById
(
"
verification-successful
"
));
hide
(
document
.
getElementById
(
"
verification-failed
"
));
hide
(
document
.
getElementById
(
"
verification-failed-again
"
));
toggleContinueLink
(
"
direct
"
,
"
skip-verification-direct
"
);
}
function
showUpdateExtension
()
{
hide
(
document
.
getElementById
(
"
verification
"
));
hide
(
document
.
getElementById
(
"
install-extension
"
));
show
(
document
.
getElementById
(
"
update-extension
"
));
}
function
showVerifyDownload
()
{
hide
(
document
.
getElementById
(
"
install-extension
"
));
hide
(
document
.
getElementById
(
"
update-extension
"
));
show
(
document
.
getElementById
(
"
verification
"
));
toggleContinueLink
(
"
direct
"
,
"
skip-verification-direct
"
);
}
function
showVerifyingDownload
(
filename
)
{
...
...
@@ -227,7 +185,7 @@ document.addEventListener("DOMContentLoaded", function() {
function
showVerificationResult
(
result
)
{
toggleDirectBitTorrent
(
"
direct
"
);
show
VerifyDownload
(
);
show
(
document
.
getElementById
(
"
verification
"
)
);
hide
(
document
.
getElementById
(
"
verify-download-wrapper
"
));
resetVerificationResult
();
hitCounter
(
result
);
...
...
@@ -280,10 +238,10 @@ document.addEventListener("DOMContentLoaded", function() {
opaque
(
document
.
getElementById
(
"
continue-link-bittorrent
"
));
// Display "Verify with your browser" when image is clicked
document
.
getElementById
(
"
download-img
"
).
onclick
=
function
(
e
)
{
displayVerification
Extension
(
e
,
this
);
}
document
.
getElementById
(
"
download-iso
"
).
onclick
=
function
(
e
)
{
displayVerification
Extension
(
e
,
this
);
}
document
.
getElementById
(
"
download-img
"
).
onclick
=
function
(
e
)
{
displayVerification
(
e
,
this
);
}
document
.
getElementById
(
"
download-iso
"
).
onclick
=
function
(
e
)
{
displayVerification
(
e
,
this
);
}
function
displayVerification
Extension
(
e
,
elm
)
{
function
displayVerification
(
e
,
elm
)
{
try
{
e
.
preventDefault
();
hitCounter
(
"
download-image
"
);
...
...
@@ -335,10 +293,17 @@ document.addEventListener("DOMContentLoaded", function() {
}
}
// Right-after installing on Chrome, display the "Verify Tails..."
if
(
window
.
location
.
hash
===
"
#chrome-installation
"
)
{
toggleDirectBitTorrent
(
"
direct
"
);
showVerifyDownload
();
// Trigger verification when file is chosen
document
.
getElementById
(
"
verify-download
"
).
onchange
=
function
(
e
)
{
verifyFile
(
e
,
this
);
}
function
verifyFile
(
e
,
elm
)
{
file
=
elm
.
files
[
0
]
// XXX: Cannot open file
showVerifyingDownload
(
file
.
name
);
showVerificationProgress
(
50
);
setTimeout
(
function
(){
showVerificationResult
(
"
failed
"
);
},
2500
);
setTimeout
(
function
(){
showVerificationResult
(
"
failed-again
"
);
},
5000
);
setTimeout
(
function
(){
showVerificationResult
(
"
successful
"
);
},
7500
);
}
// To debug the display of the different states:
...
...
wiki/src/install/inc/steps/download.inline.html
View file @
5a543e13
<div
id=
"activate-tails-verification"
></div>
<!-- Needed to activate the verification extension -->
<div
id=
"extension-version"
>
2.4
</div>
<!-- Minimum version of the extension -->
<div
id=
"tails-version"
>
[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]
</div>
<h1
class=
"usb upgrade dvd vm"
>
Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]
</h1>
...
...
@@ -58,27 +56,17 @@ were solved, and known issues that have already been identified.</p>
<li>
Get hacked while using Tails if your download is modified on the fly by an attacker on the network.
<br/>
<a
href=
"https://en.wikipedia.org/wiki/DigiNotar"
>
This is possible for strong adversaries.
</a></li>
</ul>
<p>
[[How does the
extens
ion work?|contribute/design/verification_extension]]
</p>
<p>
[[How does the
verificat
ion work?|contribute/design/verification_extension]]
</p>
"""]]
</div>
<p>
Our browser extension makes it quick and easy.
</p>
</div>
<div
id=
"install-extension"
class=
"indent"
>
<a
href=
"https://addons.mozilla.org/firefox/downloads/latest/tails-verification/addon-tails-verification-latest.xpi"
class=
"install-extension-btn supported-browser firefox btn btn-primary inline-block"
>
Install
<u>
Tails Verification
</u>
extension
</a>
<a
href=
"https://chrome.google.com/webstore/detail/tails-verification/gaghffbplpialpoeclgjkkbknblfajdl"
class=
"install-extension-btn supported-browser chrome btn btn-primary inline-block"
target=
"_blank"
>
Install
<u>
Tails Verification
</u>
extension
</a>
<div
id=
"verification"
class=
"indent block"
>
<div
class=
"no-js"
>
<p>
You seem to have JavaScript disabled. To use our browser
extension, please allow all this page:
</p>
<p>
You seem to have JavaScript disabled. To use the
verification in the browser,
please allow all this page:
</p>
[[!img screenshots/allow_js.png link="no"]]
</div>
</div>
<div
id=
"update-extension"
class=
"indent block"
>
<p>
Your extension is an older version.
</p>
<a
href=
"https://addons.mozilla.org/firefox/downloads/latest/tails-verification/addon-tails-verification-latest.xpi"
class=
"install-extension-btn firefox btn btn-primary inline-block"
>
Update extension
</a>
<a
href=
"https://chrome.google.com/webstore/detail/tails-verification/gaghffbplpialpoeclgjkkbknblfajdl"
class=
"install-extension-btn chrome btn btn-primary inline-block"
target=
"_blank"
>
Update extension
</a>
</div>
<div
id=
"verification"
class=
"indent block"
>
<p
id=
"extension-installed"
class=
"block"
><u>
Tails Verification
</u>
extension installed!
</p>
<label
id=
"verify-download-wrapper"
class=
"btn btn-primary inline-block"
>
Verify Tails
<span
class=
"remove-extra-space"
>
[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]
</span>
…
<input
id=
"verify-download"
type=
"file"
/>
...
...
@@ -109,7 +97,7 @@ were solved, and known issues that have already been identified.</p>
<p>
Downloading again is usually enough to fix this
problem.
</p>
<p>
[[How does the
extens
ion work?|contribute/design/verification_extension]]
</p>
<p>
[[How does the
verificat
ion work?|contribute/design/verification_extension]]
</p>
"""]]
</div>
<p
class=
"usb upgrade download-only-img"
><a
href=
"[[!inline pages="
inc
/
stable_amd64_img_url
"
raw=
"yes"
sort=
"age"
]]"
id=
"download-img-again"
class=
"use-mirror-pool-on-retry"
>
Please try to download again
…
</a></p>
...
...
@@ -123,7 +111,7 @@ were solved, and known issues that have already been identified.</p>
[[!toggle id="why-failed-again" text="X"]]
<p>
The verification might have failed again because of:
</p>
<ul>
<li>
A software problem in our verification
extension
</li>
<li>
A software problem in our verification
code
</li>
<li>
A malicious download from our download mirrors
</li>
<li>
A network attack in your country or local network
</li>
</ul>
...
...
@@ -227,10 +215,9 @@ were solved, and known issues that have already been identified.</p>
<li>
Get hacked while using Tails if your download is modified on the fly by an attacker on the network.
<br/>
<a
href=
"https://en.wikipedia.org/wiki/DigiNotar"
>
This is possible for strong adversaries.
</a></li>
</ul>
<p>
[[How does the
extens
ion work?|contribute/design/verification_extension]]
</p>
<p>
[[How does the
verificat
ion work?|contribute/design/verification_extension]]
</p>
"""]]
</div>
<p>
Our browser extension for Firefox, Chrome, and Tor Browser makes this quick and easy.
</p>
</div>
<p>
Copy and paste this link in Firefox, Chrome, or Tor Browser:
</p>
<p
class=
"windows"
><code>
https://tails.boum.org/install/win/usb-download/
</code></p>
...
...
@@ -345,7 +332,7 @@ were solved, and known issues that have already been identified.</p>
<h2>
Verify using OpenPGP (optional)
</h2>
<p>
If you know OpenPGP, you can also verify your download using an
OpenPGP signature instead of, or in addition to, our
browser extension
or
OpenPGP signature instead of, or in addition to, our
verification in the browser
or
BitTorrent.
</p>
<p>
Download the
...
...
@@ -575,12 +562,12 @@ individuals.</p>
[[!toggleable id="web-of-trust" text="""
<span
class=
"hide"
>
[[!toggle id="web-of-trust" text=""]]
</span>
<p>
The verification techniques that we present (
browser extension
,
<p>
The verification techniques that we present (
verification in the browser
,
BitTorrent, or OpenPGP verification) all rely on some
information being securely downloaded using HTTPS from our website:
</p>
<ul>
<li>
The
<em>
checksum
</em>
for the
Firefox extension
</li>
<li>
The
<em>
checksum
</em>
for the
verification in the browser
</li>
<li>
The
<em>
Torrent file
</em>
for BitTorrent
</li>
<li>
The
<em>
Tails signing key
</em>
for OpenPGP verification
</li>
</ul>
...
...
wiki/src/install/inc/stylesheets/download.css
View file @
5a543e13
...
...
@@ -15,7 +15,6 @@ h1 {
}
#skip-verification-direct
,
#verification
,
#update-extension
,
#verifying-download
,
#verification-successful
,
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment