Commit 5e05b46c authored by sajolida's avatar sajolida
Browse files

Merge remote-tracking branch 'origin/feature/14481-TCRYPT-support-beta' into...

Merge remote-tracking branch 'origin/feature/14481-TCRYPT-support-beta' into feature/14481-TCRYPT-support-beta
parents 1ca6d3b8 c76d1b4a
...@@ -23,11 +23,11 @@ ...@@ -23,11 +23,11 @@
/config/source /config/source
/config/chroot_local-includes/etc/amnesia/environment /config/chroot_local-includes/etc/amnesia/environment
/config/chroot_local-includes/etc/amnesia/version /config/chroot_local-includes/etc/amnesia/version
/config/chroot_local-includes/usr/share/amnesia/readahead-list
/config/chroot_local-includes/usr/share/amnesia/build/variables
/config/chroot_local-includes/usr/share/doc/Changelog /config/chroot_local-includes/usr/share/doc/Changelog
/config/chroot_local-includes/usr/share/doc/amnesia/Changelog /config/chroot_local-includes/usr/share/doc/amnesia/Changelog
/config/chroot_local-includes/usr/share/doc/tails/website /config/chroot_local-includes/usr/share/doc/tails/website
/config/chroot_local-includes/usr/share/tails/build/variables
/config/chroot_local-includes/usr/share/tails/readahead-list
/.lock /.lock
/.stage /.stage
/source /source
...@@ -42,17 +42,17 @@ ...@@ -42,17 +42,17 @@
/config/chroot_local-includes/etc/skel/Desktop/tails-documentation.desktop /config/chroot_local-includes/etc/skel/Desktop/tails-documentation.desktop
/config/chroot_local-includes/etc/skel/Desktop/Report_an_error.desktop /config/chroot_local-includes/etc/skel/Desktop/Report_an_error.desktop
/config/chroot_local-includes/etc/skel/Desktop/Tails_documentation.desktop /config/chroot_local-includes/etc/skel/Desktop/Tails_documentation.desktop
/config/chroot_local-includes/usr/local/share/mime/packages/veracrypt-mounter.xml /config/chroot_local-includes/usr/local/share/mime/packages/unlock-veracrypt-volumes.xml
/config/chroot_local-includes/usr/share/applications/tails-documentation.desktop /config/chroot_local-includes/usr/share/applications/tails-documentation.desktop
/config/chroot_local-includes/usr/share/applications/tails-reboot.desktop /config/chroot_local-includes/usr/share/applications/tails-reboot.desktop
/config/chroot_local-includes/usr/share/applications/unsafe-browser.desktop /config/chroot_local-includes/usr/share/applications/unsafe-browser.desktop
/config/chroot_local-includes/usr/share/applications/tails-shutdown.desktop /config/chroot_local-includes/usr/share/applications/tails-shutdown.desktop
/config/chroot_local-includes/usr/share/applications/tor-browser.desktop /config/chroot_local-includes/usr/share/applications/tor-browser.desktop
/config/chroot_local-includes/usr/share/applications/tails-about.desktop /config/chroot_local-includes/usr/share/applications/tails-about.desktop
/config/chroot_local-includes/usr/share/applications/veracrypt-mounter.desktop /config/chroot_local-includes/usr/share/applications/unlock-veracrypt-volumes.desktop
/config/chroot_local-includes/usr/share/desktop-directories/Tails.directory /config/chroot_local-includes/usr/share/desktop-directories/Tails.directory
/config/chroot_local-includes/usr/share/polkit-1/actions/org.boum.tails.root-terminal.policy /config/chroot_local-includes/usr/share/polkit-1/actions/org.boum.tails.root-terminal.policy
/config/chroot_local-includes/usr/share/veracrypt-mounter/ui/*.ui /config/chroot_local-includes/usr/share/unlock-veracrypt-volumes/ui/*.ui
/tmp/ /tmp/
# The test suite's local configuration files # The test suite's local configuration files
......
...@@ -50,15 +50,15 @@ rm -rf cache/stages_rootfs ...@@ -50,15 +50,15 @@ rm -rf cache/stages_rootfs
# save variables that are needed by chroot_local-hooks # save variables that are needed by chroot_local-hooks
echo "KERNEL_VERSION=${KERNEL_VERSION}" \ echo "KERNEL_VERSION=${KERNEL_VERSION}" \
>> config/chroot_local-includes/usr/share/amnesia/build/variables >> config/chroot_local-includes/usr/share/tails/build/variables
echo "KERNEL_SOURCE_VERSION=${KERNEL_SOURCE_VERSION}" \ echo "KERNEL_SOURCE_VERSION=${KERNEL_SOURCE_VERSION}" \
>> config/chroot_local-includes/usr/share/amnesia/build/variables >> config/chroot_local-includes/usr/share/tails/build/variables
echo "LB_DISTRIBUTION=${LB_DISTRIBUTION}" >> config/chroot_local-includes/usr/share/amnesia/build/variables echo "LB_DISTRIBUTION=${LB_DISTRIBUTION}" >> config/chroot_local-includes/usr/share/tails/build/variables
echo "POTFILES_DOT_IN='$( echo "POTFILES_DOT_IN='$(
/bin/grep -E --no-filename '[^ #]*\.in$' po/POTFILES.in \ /bin/grep -E --no-filename '[^ #]*\.in$' po/POTFILES.in \
| sed -e 's,^config/chroot_local-includes,,' | tr "\n" ' ' | sed -e 's,^config/chroot_local-includes,,' | tr "\n" ' '
)'" \ )'" \
>> config/chroot_local-includes/usr/share/amnesia/build/variables >> config/chroot_local-includes/usr/share/tails/build/variables
# fix permissions on some source files that will be copied as is to the chroot. # fix permissions on some source files that will be copied as is to the chroot.
# they may be wrong, e.g. if the Git repository was cloned with a strict umask. # they may be wrong, e.g. if the Git repository was cloned with a strict umask.
...@@ -111,7 +111,7 @@ DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --keyring=$DEBOOTSTRAP_GNUPG_KEYRING" ...@@ -111,7 +111,7 @@ DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --keyring=$DEBOOTSTRAP_GNUPG_KEYRING"
export DEBOOTSTRAP_OPTIONS export DEBOOTSTRAP_OPTIONS
: ${MKSQUASHFS_OPTIONS:='-comp xz -Xbcj x86 -b 1024K -Xdict-size 1024K -no-exports'} : ${MKSQUASHFS_OPTIONS:='-comp xz -Xbcj x86 -b 1024K -Xdict-size 1024K -no-exports'}
MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -wildcards -ef chroot/usr/share/amnesia/build/mksquashfs-excludes" MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -wildcards -ef chroot/usr/share/tails/build/mksquashfs-excludes"
export MKSQUASHFS_OPTIONS export MKSQUASHFS_OPTIONS
# build the doc wiki # build the doc wiki
......
...@@ -33,7 +33,7 @@ for list in config/chroot_local-packageslists/*.list ; do ...@@ -33,7 +33,7 @@ for list in config/chroot_local-packageslists/*.list ; do
done done
# files copied or created in the build stage # files copied or created in the build stage
rm -f config/chroot_local-includes/usr/share/amnesia/build/variables rm -f config/chroot_local-includes/usr/share/tails/build/variables
# static wiki # static wiki
rm -rf config/chroot_local-includes/usr/share/doc/tails/website wiki/src/.ikiwiki rm -rf config/chroot_local-includes/usr/share/doc/tails/website wiki/src/.ikiwiki
......
...@@ -184,11 +184,11 @@ cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog ...@@ -184,11 +184,11 @@ cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog
# create readahead-list from squashfs.sort # create readahead-list from squashfs.sort
if [ -e config/binary_rootfs/squashfs.sort ]; then if [ -e config/binary_rootfs/squashfs.sort ]; then
mkdir -p config/chroot_local-includes/usr/share/amnesia mkdir -p config/chroot_local-includes/usr/share/tails
sort -k2 -n -r config/binary_rootfs/squashfs.sort | \ sort -k2 -n -r config/binary_rootfs/squashfs.sort | \
cut -d' ' -f1 | \ cut -d' ' -f1 | \
grep --invert-match --extended-regexp "$READAHEAD_EXCLUDE_PATTERN" \ grep --invert-match --extended-regexp "$READAHEAD_EXCLUDE_PATTERN" \
> config/chroot_local-includes/usr/share/amnesia/readahead-list > config/chroot_local-includes/usr/share/tails/readahead-list
fi fi
# custom APT sources # custom APT sources
......
#!/bin/sh
set -e
set -u
display_help_and_exit () {
echo "Usage: $(basename "$0") INPUT_FILE" >&2
}
[ $# -eq 1 ] || display_help_and_exit
INPUT_FILE="$1"
[ -f "$INPUT_FILE" ] || exit 2
# For posterity: the general idea is to introduce \r\n as a token
# where we have made a line break to make the dump more diff-friendly
# (and, hence, Git-friendly). The most complex expression is the one
# done with perl, where we employ negative lookahead. What it means,
# is: replace single occurrences of | except when followed by \\n.
echo '.dump' \
| sqlite3 "$INPUT_FILE" | \
grep -v "cached_asset_content://cache://compiled-" | \
awk '!/^INSERT/; /^INSERT/ {print $0 | "sort -n"}' | \
sed 's_\\n_\\n\r\n_g' | \
sed 's_,_,\r\n_g' | \
perl -p -e 's/([^|])\|((?!\||\\n).)/\1\|\r\n\2/g' | \
sed "/^INSERT INTO \"settings\" VALUES('\(remoteBlacklists\|cached_asset_entries\)'/"'s_,_,\r\n_g'
...@@ -26,7 +26,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose" ...@@ -26,7 +26,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20" REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
# Kernel version # Kernel version
KERNEL_VERSION='4.16.0-2' KERNEL_VERSION='4.17.0-2'
KERNEL_SOURCE_VERSION=$( KERNEL_SOURCE_VERSION=$(
echo "$KERNEL_VERSION" \ echo "$KERNEL_VERSION" \
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms' | perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
......
...@@ -19,7 +19,7 @@ usr/lib/locale/aa_DJ.utf8/LC_COLLATE 32750 ...@@ -19,7 +19,7 @@ usr/lib/locale/aa_DJ.utf8/LC_COLLATE 32750
usr/lib/locale/en_US.utf8/LC_TIME 32749 usr/lib/locale/en_US.utf8/LC_TIME 32749
usr/lib/locale/aa_ET/LC_NUMERIC 32748 usr/lib/locale/aa_ET/LC_NUMERIC 32748
usr/lib/locale/aa_DJ.utf8/LC_CTYPE 32747 usr/lib/locale/aa_DJ.utf8/LC_CTYPE 32747
usr/share/amnesia/readahead-list 32746 usr/share/tails/readahead-list 32746
bin/kmod 32745 bin/kmod 32745
bin/touch 32744 bin/touch 32744
lib/modprobe.d/aliases.conf 32742 lib/modprobe.d/aliases.conf 32742
...@@ -480,7 +480,7 @@ usr/lib/python3.5/__pycache__/random.cpython-35.pyc 32088 ...@@ -480,7 +480,7 @@ usr/lib/python3.5/__pycache__/random.cpython-35.pyc 32088
lib/live/mount/overlay/usr/lib/python3.5/__pycache__/hashlib.cpython-35.pyc 32087 lib/live/mount/overlay/usr/lib/python3.5/__pycache__/hashlib.cpython-35.pyc 32087
usr/lib/python3.5/__pycache__/hashlib.cpython-35.pyc 32086 usr/lib/python3.5/__pycache__/hashlib.cpython-35.pyc 32086
usr/lib/python3.5/lib-dynload/_hashlib.cpython-35m-x86_64-linux-gnu.so 32085 usr/lib/python3.5/lib-dynload/_hashlib.cpython-35m-x86_64-linux-gnu.so 32085
usr/share/amnesia/firstnames.txt 32084 usr/share/tails/firstnames.txt 32084
usr/bin/od 32083 usr/bin/od 32083
usr/bin/expr 32082 usr/bin/expr 32082
usr/bin/bc 32081 usr/bin/bc 32081
......
...@@ -49,6 +49,31 @@ Package: thunderbird* calendar-google-provider ...@@ -49,6 +49,31 @@ Package: thunderbird* calendar-google-provider
Pin: origin deb.tails.boum.org Pin: origin deb.tails.boum.org
Pin-Priority: 999 Pin-Priority: 999
Explanation: src:libdrm
Package: libdrm*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:libclc
Package: libclc*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:libglvnd
Package: libglvnd* libegl1 libgles2 libgl1 libglx0 libopengl0
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:llvm-toolchain-5.0
Package: clang* libclang* libfuzzer-* python-clang-* libllvm* llvm-* lld-* liblld-* lldb-* liblldb-* python-lldb-*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:mesa
Package: lib*-mesa* libgbm* libosmesa* libxatracker* mesa*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Package: obfs4proxy Package: obfs4proxy
Pin: release o=TorProject,n=obfs4proxy Pin: release o=TorProject,n=obfs4proxy
Pin-Priority: 990 Pin-Priority: 990
...@@ -67,8 +92,21 @@ Package: tails-installer ...@@ -67,8 +92,21 @@ Package: tails-installer
Pin: origin deb.tails.boum.org Pin: origin deb.tails.boum.org
Pin-Priority: 999 Pin-Priority: 999
Package: tor tor-geoipdb
Pin: release o=TorProject,n=tor-nightly-0.3.4.x-stretch
Pin-Priority: 999
Package: virtualbox* Package: virtualbox*
Pin: origin deb.tails.boum.org Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:vulkan
Package: vulcan* libvulkan*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Package: wayland-protocols
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999 Pin-Priority: 999
Explanation: src:xorg-server Explanation: src:xorg-server
...@@ -76,8 +114,8 @@ Package: xserver-xorg-core xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-x ...@@ -76,8 +114,8 @@ Package: xserver-xorg-core xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-x
Pin: release o=Debian,n=stretch Pin: release o=Debian,n=stretch
Pin-Priority: 999 Pin-Priority: 999
Package: xul-ext-ublock-origin Package: webext-ublock-origin
Pin: origin deb.tails.boum.org Pin: release o=Debian,n=sid
Pin-Priority: 999 Pin-Priority: 999
Package: pdf-redact-tools Package: pdf-redact-tools
......
...@@ -6,14 +6,46 @@ set -e ...@@ -6,14 +6,46 @@ set -e
echo "Change GIDs and UIDs" echo "Change GIDs and UIDs"
TPS_GROUP_STEALER=$(getent group 122 | awk -F ':' '{print $1}') Change_uid () {
if [ -n "$TPS_GROUP_STEALER" ]; then NAME="$1"
groupmod --gid 150 "$TPS_GROUP_STEALER" NEW="$2"
find / -wholename /proc -prune -o \( \! -type l -a -gid 122 -exec chgrp 150 '{}' \; \) OLD="$(getent passwd "$NAME" | awk -F ':' '{print $3}')"
fi
if [ -n "$OLD" ]; then
TPS_USER_STEALER=$(getent passwd 115 | awk -F ':' '{print $1}') echo "Changing UID for $NAME ($OLD -> $NEW)"
if [ -n "$TPS_USER_STEALER" ]; then usermod --uid "$NEW" "$NAME"
usermod --uid 150 "$TPS_USER_STEALER" find / -wholename /proc -prune -o \( \! -type l -a -uid "$OLD" -exec chown "$NEW" '{}' \; \)
find / -wholename /proc -prune -o \( \! -type l -a -uid 115 -exec chown 150 '{}' \; \) fi
fi }
Change_gid () {
NAME="$1"
NEW="$2"
OLD="$(getent group "$NAME" | awk -F ':' '{print $3}')"
if [ -n "$OLD" ]; then
echo "Changing GID for $NAME ($OLD -> $NEW)"
groupmod --gid "$NEW" "$NAME"
find / -wholename /proc -prune -o \( \! -type l -a -gid "$OLD" -exec chgrp "$NEW" '{}' \; \)
fi
}
Change_uid tails-persistent-setup 150
Change_gid tails-persistent-setup 150
### Ensure GIDs are stable accross releases
# ... otherwise, things such as tor@service are broken
# after applying an automatic upgrade (#15695, #15424, #13426, #15407)
# Temporarily give these groups a GID that's out of the way, to avoid collisions
Change_gid vboxsf 1120
Change_gid monkeysphere 1130
Change_gid debian-tor 1140
Change_gid lpadmin 1150
# Finally, give these groups the desired GID
Change_gid vboxsf 112
Change_gid monkeysphere 113
Change_gid debian-tor 114
Change_gid lpadmin 115
...@@ -118,17 +118,14 @@ EOF ...@@ -118,17 +118,14 @@ EOF
# TBB works around the lack of code signing for its extensions by # TBB works around the lack of code signing for its extensions by
# hacking in exceptions. We do the same! # hacking in exceptions. We do the same!
apply_extension_code_signing_hacks () { apply_extension_code_signing_hacks () {
local destination tmp tbb_timestamp local tbb_install tbb_timestamp
destination="${1}" tbb_install="${1}"
tbb_timestamp="${2}"
# For consistency we'll set timestamps of files we modify to the
# same one used by the Tor Browser instead of SOURCE_DATE_EPOCH.
tbb_timestamp="$(date --date='2000-01-01 00:00:00' +%s)"
tmp="$(mktemp -d)" tmp="$(mktemp -d)"
( (
cd "${tmp}" cd "${tmp}"
7z x -tzip "${TBB_INSTALL}/omni.ja" 7z x -tzip "${tbb_install}/omni.ja"
patch -p1 <<EOF patch -p1 <<EOF
diff -Naur a/chrome/toolkit/content/mozapps/extensions/extensions.js b/chrome/toolkit/content/mozapps/extensions/extensions.js diff -Naur a/chrome/toolkit/content/mozapps/extensions/extensions.js b/chrome/toolkit/content/mozapps/extensions/extensions.js
--- a/chrome/toolkit/content/mozapps/extensions/extensions.js 2000-01-01 00:00:00.000000000 +0000 --- a/chrome/toolkit/content/mozapps/extensions/extensions.js 2000-01-01 00:00:00.000000000 +0000
...@@ -167,14 +164,14 @@ diff -Naur a/modules/addons/XPIProvider.jsm b/modules/addons/XPIProvider.jsm ...@@ -167,14 +164,14 @@ diff -Naur a/modules/addons/XPIProvider.jsm b/modules/addons/XPIProvider.jsm
EOF EOF
touch --date="@${tbb_timestamp}" modules/addons/XPIProvider.jsm \ touch --date="@${tbb_timestamp}" modules/addons/XPIProvider.jsm \
chrome/toolkit/content/mozapps/extensions/extensions.js chrome/toolkit/content/mozapps/extensions/extensions.js
rm "${TBB_INSTALL}/omni.ja" rm "${tbb_install}/omni.ja"
7z a -mtc=off -tzip "${TBB_INSTALL}/omni.ja" * 7z a -mtc=off -tzip "${tbb_install}/omni.ja" *
) )
rm -r "${tmp}" rm -r "${tmp}"
tmp="$(mktemp -d)" tmp="$(mktemp -d)"
( (
cd "${tmp}" cd "${tmp}"
7z x -tzip "${TBB_INSTALL}/browser/omni.ja" 7z x -tzip "${tbb_install}/browser/omni.ja"
patch -p1 <<EOF patch -p1 <<EOF
diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js
--- a/components/nsBrowserGlue.js 2000-01-01 00:00:00.000000000 +0000 --- a/components/nsBrowserGlue.js 2000-01-01 00:00:00.000000000 +0000
...@@ -191,44 +188,47 @@ diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js ...@@ -191,44 +188,47 @@ diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js
} }
EOF EOF
touch --date="@${tbb_timestamp}" components/nsBrowserGlue.js touch --date="@${tbb_timestamp}" components/nsBrowserGlue.js
rm "${TBB_INSTALL}/browser/omni.ja" rm "${tbb_install}/browser/omni.ja"
7z a -mtc=off -tzip "${TBB_INSTALL}/browser/omni.ja" * 7z a -mtc=off -tzip "${tbb_install}/browser/omni.ja" *
) )
rm -r "${tmp}" rm -r "${tmp}"
for archive in "${TBB_INSTALL}/omni.ja" "${TBB_INSTALL}/browser/omni.ja"; do
strip_nondeterminism_wrapper --type zip --timestamp "${tbb_timestamp}" \
"${archive}" 2>/dev/null
done
} }
# Modern Firefox doesn't apply browser.search.defaultenginename on apply_prefs_hacks() {
# start, and the other ways to get it to work (e.g. pre-generating local tbb_install tmp tbb_timestamp
# search.json.mozlz4) seems rather complex. Instead, let's just make tbb_install="${1}"
# browser.search.defaultenginename work again by employing some tbb_timestamp="${2}"
# Enterprise features to run arbitrary JavaScript with access to the
# Firefox internals. For the details of this feature, see:
# https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment
apply_default_searchengine_hacks () {
local destination
destination="${1}"
cat > "${destination}/defaults/pref/autoconfig.js" <<EOF
// This file must start with a comment
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
EOF
cat > "${destination}/mozilla.cfg" <<EOF tmp="$(mktemp -d)"
// This file must start with a comment (
var searchService = Components.classes["@mozilla.org/browser/search-service;1"].getService(Components.interfaces.nsIBrowserSearchService); cd "${tmp}"
var engineName = getPref("browser.search.defaultenginename"); 7z x -tzip "${tbb_install}/browser/omni.ja"
if (engineName) { # Remove TBB's Tor Launcher settings since we don't enable it in
var engine = searchService.getEngineByName(engineName); # our Tor Browser.
if (engine) { sed -i '/extensions\.torlauncher\./d' defaults/preferences/000-tor-browser.js
searchService.currentEngine = engine; # Display the Stop/Reload button: our test suite currently depends on it
} perl -pi -E \
's/^(pref\("browser.uiCustomization.state",.*\\"loop-button\\")/$1,\\"stop-reload-button\\"/' \
defaults/preferences/000-tor-browser.js
# Append our custom prefs
cat /usr/share/tails/tor-browser-prefs.js \
>> defaults/preferences/000-tor-browser.js
touch --date="@${tbb_timestamp}" defaults/preferences/000-tor-browser.js
rm "${tbb_install}/browser/omni.ja"
7z a -mtc=off -tzip "${tbb_install}/browser/omni.ja" *
)
rm -r "${tmp}"
} }
EOF
strip_nondeterminism () {
local tbb_install tbb_timestamp
tbb_install="${1}"
tbb_timestamp="${2}"
for archive in "${tbb_install}/omni.ja" "${tbb_install}/browser/omni.ja"; do
strip_nondeterminism_wrapper --type zip --timestamp "${tbb_timestamp}" \
"${archive}" 2>/dev/null
done
} }
install_langpacks_from_bundles() { install_langpacks_from_bundles() {
...@@ -262,8 +262,9 @@ install_debian_extensions() { ...@@ -262,8 +262,9 @@ install_debian_extensions() {
destination="${1}" destination="${1}"
shift shift
apt-get install --yes "${@}" apt-get install --yes "${@}"
ln -s /usr/share/xul-ext/ublock-origin/ \ ln -s /usr/share/webext/ublock-origin/ \
"${destination}"/'uBlock0@raymondhill.net' "${destination}"/'uBlock0@raymondhill.net'
patch -p1 < /usr/share/tails/uBlock-disable-autoUpdate.diff
} }
create_default_profile() { create_default_profile() {
...@@ -275,16 +276,16 @@ create_default_profile() { ...@@ -275,16 +276,16 @@ create_default_profile() {
rsync -a --exclude bookmarks.html --exclude extensions \ rsync -a --exclude bookmarks.html --exclude extensions \
"${tbb_profile}"/ "${destination}"/ "${tbb_profile}"/ "${destination}"/
# Remove TBB's Tor Launcher settings since we don't enable it in
# our Tor Browser.
sed -i '/extensions\.torlauncher\./d' "${destination}"/preferences/extension-overrides.js
mkdir -p "${destination}"/extensions mkdir -p "${destination}"/extensions
for ext in "${tbb_extensions_dir}"/*; do for ext in "${tbb_extensions_dir}"/*; do
ln -s "${ext}" "${destination}"/extensions/ ln -s "${ext}" "${destination}"/extensions/
done done
} }
# For consistency we'll set timestamps of files we modify to the
# same one used by the Tor Browser instead of SOURCE_DATE_EPOCH.
TBB_TIMESTAMP="$(date --date='2000-01-01 00:00:00' +%s)"
TBB_SHA256SUMS_FILE=/usr/share/tails/tbb-sha256sums.txt TBB_SHA256SUMS_FILE=/usr/share/tails/tbb-sha256sums.txt
TBB_TARBALLS="$(grep "\<tor-browser-linux64-.*\.tar.xz$" "${TBB_SHA256SUMS_FILE}")" TBB_TARBALLS="$(grep "\<tor-browser-linux64-.*\.tar.xz$" "${TBB_SHA256SUMS_FILE}")"
...@@ -301,16 +302,17 @@ fi ...@@ -301,16 +302,17 @@ fi
TBB_DIST_URL_FILE=/usr/share/tails/tbb-dist-url.txt TBB_DIST_URL_FILE=/usr/share/tails/tbb-dist-url.txt
TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}")" TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}")"
# The Debian Iceweasel extensions we want to install and make # The Firefox extensions we want to install from Debian and make
# available in the Tor Browser. # available in the Tor Browser.
DEBIAN_EXT_PKGS="xul-ext-ublock-origin" DEBIAN_EXT_PKGS="webext-ublock-origin"
TMP="$(mktemp -d)" TMP="$(mktemp -d)"
download_and_verify_files "${TBB_TARBALLS_BASE_URL}" "${TBB_TARBALLS}" "${TMP}" download_and_verify_files "${TBB_TARBALLS_BASE_URL}" "${TBB_TARBALLS}" "${TMP}"
install_tor_browser "${TMP}/${MAIN_TARBALL}" "${TBB_INSTALL}" install_tor_browser "${TMP}/${MAIN_TARBALL}" "${TBB_INSTALL}"
apply_extension_code_signing_hacks "${TBB_INSTALL}" apply_extension_code_signing_hacks "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
apply_default_searchengine_hacks "${TBB_INSTALL}" apply_prefs_hacks "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
strip_nondeterminism "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
mkdir -p "${TBB_EXT}" mkdir -p "${TBB_EXT}"
if [ "${NIGHTLY_BUILD}" != yes ]; then if [ "${NIGHTLY_BUILD}" != yes ]; then
...@@ -324,11 +326,11 @@ rm -r "${TMP}" ...@@ -324,11 +326,11 @@ rm -r "${TMP}"
mv "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}" mv "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}"
rmdir "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions rmdir "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions
# ... and then install a few Iceweasel extension by using a fake # ... and then install a few Firefox extension by using a fake
# Iceweasel equivs package to satisfy the dependencies. # firefox equivs package to satisfy the dependencies.
FIREFOX_VERSION=$(get_firefox_version "${TBB_INSTALL}"/application.ini) FIREFOX_VERSION=$(get_firefox_version "${TBB_INSTALL}"/application.ini)
FAKE_ICEWEASEL_VERSION=${FIREFOX_VERSION}+fake1 FAKE_FIREFOX_VERSION=${FIREFOX_VERSION}+fake1
install_fake_package iceweasel "${FAKE_ICEWEASEL_VERSION}" web install_fake_package firefox "${FAKE_FIREFOX_VERSION}" web
install_debian_extensions "${TBB_EXT}" ${DEBIAN_EXT_PKGS} install_debian_extensions "${TBB_EXT}" ${DEBIAN_EXT_PKGS}
mkdir -p "${TBB_PROFILE}" mkdir -p "${TBB_PROFILE}"
......
...@@ -19,11 +19,10 @@ echo "Localize each supported browser locale" ...@@ -19,11 +19,10 @@ echo "Localize each supported browser locale"
ensure_hook_dependency_is_installed p7zip imagemagick ensure_hook_dependency_is_installed p7zip imagemagick
TBB_LOCALIZED_SEARCHPLUGINS_DIR="${TBB_INSTALL}/distribution/searchplugins/locale/"
BROWSER_LOCALIZATION_DIR="/usr/share/tails/browser-localization" BROWSER_LOCALIZATION_DIR="/usr/share/tails/browser-localization"
DESCRIPTIONS_FILE="${BROWSER_LOCALIZATION_DIR}/descriptions" DESCRIPTIONS_FILE="${BROWSER_LOCALIZATION_DIR}/descriptions"
LOCALE_PROFILES_DIR="/etc/tor-browser/locale-profiles/" LOCALE_PROFILES_DIR="/etc/tor-browser/locale-profiles/"
NO_SPELLCHECKER_LOCALES="ja ko nl pl tr zh" NO_SPELLCHECKER_LOCALES="ja tr zh"
# Sanity check that each supported Tor Browser locale has a # Sanity check that each supported Tor Browser locale has a
# description for how to localize it further. # description for how to localize it further.
...@@ -34,21 +33,21 @@ for LOCALE in $(supported_tor_browser_locales); do ...@@ -34,21 +33,21 @@ for LOCALE in $(supported_tor_browser_locales); do
fi fi
done done
if [ -n "${BROKEN_LOCALES}" ]; then if [ -n "${BROKEN_LOCALES}" ]; then
echo "The following supported browser locales lack search plugin descriptions in ${DESCRIPTIONS_FILE}:${BROKEN_LOCALES}" >&2 echo "The following supported browser locales lack descriptions in ${DESCRIPTIONS_FILE}:${BROKEN_LOCALES}" >&2
exit 1 exit 1
fi fi
# This very long while-loop is fed the DESCRIPTIONS_FILE (IO # This very long while-loop is fed the DESCRIPTIONS_FILE (IO
# redirection at the bottom), which describes how we will localize # redirection at the bottom), which describes how we will localize
# each supported Tor Browser locale. The format is: # each supported Tor Browser locale. The format is:
# MOZILLA_LOCALE:LOCATION:LOCALIZED_LANG:STARTPAGE_LANG:STARTPAGE_LANG_UI # MOZILLA_LOCALE:LOCATION:LOCALIZED_LANG
# Note that we're forced to pick some representative location for the # Note that we're forced to pick some representative location for the
# language-only locales, like Egypt (EG) for Arabic (ar). # language-only locales, like Egypt (EG) for Arabic (ar).
while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE_LANG_UI; do while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG; do
if [ -z "${MOZILLA_LOCALE}" ] || [ -z "${LOCATION}" ] || \ if [ -z "${MOZILLA_LOCALE}" ] || [