Commit 614c63ea authored by intrigeri's avatar intrigeri

Merge remote-tracking branch...

Merge remote-tracking branch 'origin/bugfix/7943-simplify-tor-launcher-profile-path-workaround' into devel

Fix-committed: #7943
parents 4d769db0 2fc6d139
......@@ -4,12 +4,13 @@ set -eu
echo "Install the Tor Browser"
# Import the TBB_INSTALL, TBB_PROFILE and TBB_EXT variables, which
# contains the paths we will split TBB's actual browser (binaries
# etc), user data and extension into. While this differs from how the
# TBB organizes the files, the end result will be the same, and it's
# practical since when creating a new browser profile we can simply
# copy the profile directory without duplicating all extensions.
# Import the TBB_INSTALL, TBB_PROFILE, TBB_EXT and
# TOR_LAUNCHER_INSTALL variables, which contains the paths we will
# split TBB's actual browser (binaries etc), user data and extension
# into. While this differs from how the TBB organizes the files, the
# end result will be the same, and it's practical since when creating
# a new browser profile we can simply copy the profile directory
# without duplicating all extensions.
. /usr/local/lib/tails-shell-library/tor-browser.sh
download_and_verify_files() {
......@@ -70,11 +71,11 @@ install_tor_browser() {
# profile but we want to keep it as a standalone application
# when Tails is started in "bridge mode".
torlauncher_xpi_path="${prep}/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi"
7z x -o'/usr/share/tor-launcher-standalone' "${torlauncher_xpi_path}"
7z x -o"${TOR_LAUNCHER_INSTALL}" "${torlauncher_xpi_path}"
torlauncher_version="$(sed -n \
's,^ <em:version>\([0-9\.]\+\)</em:version>,\1,p' \
'/usr/share/tor-launcher-standalone/install.rdf')"
cat > '/usr/share/tor-launcher-standalone/application.ini' << EOF
"${TOR_LAUNCHER_INSTALL}/install.rdf")"
cat > "${TOR_LAUNCHER_INSTALL}/application.ini" << EOF
[App]
Vendor=TorProject
Name=TorLauncher
......@@ -89,7 +90,7 @@ MaxVersion=*.*.*
[Shell]
Icon=icon.png
EOF
chmod -R a+rX '/usr/share/tor-launcher-standalone'
chmod -R a+rX "${TOR_LAUNCHER_INSTALL}"
rm "${torlauncher_xpi_path}"
# The Tor Browser will fail, complaining about an incomplete profile,
......
......@@ -86,7 +86,7 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
# mix them up.
CAPITALIZED_LANG_CODE="$(echo "${LANG_CODE}" | tr 'a-z' 'A-Z')"
LOCALIZED_WIKIPEDIA_ICON_PATH="/tmp/wikipedia-icon-${LANG_CODE}.png"
WIKIPEDIA_SEARCH_ICON_BASE64_PATH="#{LOCALIZED_WIKIPEDIA_ICON_PATH}.base64"
WIKIPEDIA_SEARCH_ICON_BASE64_PATH="${LOCALIZED_WIKIPEDIA_ICON_PATH}.base64"
WIKIPEDIA_ICON_TEMPLATE="${BROWSER_LOCALIZATION_DIR}/Wikipedia-icon.png"
convert "${WIKIPEDIA_ICON_TEMPLATE}" \
-gravity SouthEast -pointsize 130 -font Liberation-Sans-Bold \
......
......@@ -4,5 +4,8 @@ set -e
echo "Creating prefs override for Tor Launcher"
# Import the TOR_LAUNCHER_INSTALL variable.
. /usr/local/lib/tails-shell-library/tor-browser.sh
ln -s /etc/xul-ext/tor-launcher.js \
/usr/share/tor-launcher-standalone/defaults/preferences/000system.js
"${TOR_LAUNCHER_INSTALL}/defaults/preferences/000system.js"
SOCKS_SERVER=127.0.0.1:9050
SOCKS5_SERVER=127.0.0.1:9050
# Allow Torbutton access to the control port filter (for new identity).
# Setting a password is required, otherwise Torbutton attempts to
# read the authentication cookie file instead, which fails.
TOR_CONTROL_HOST='127.0.0.1'
TOR_CONTROL_PORT='9052'
TOR_CONTROL_PASSWD='passwd'
# Hide Torbutton's "Tor Network Settings..." context menu entry since
# it doesn't work in Tails, and we deal with those configurations
# strictly through Tor Launcher.
TOR_NO_DISPLAY_NETWORK_SETTINGS='yes'
# Port that the monkeysphere validation agent listens on
MSVA_PORT='6136'
Defaults!/usr/bin/tor-launcher always_set_home,env_keep+="TOR_CONFIGURE_ONLY TOR_CONTROL_PORT TOR_CONTROL_COOKIE_AUTH_FILE TOR_FORCE_NET_CONFIG TOR_HIDE_BROWSER_LOGO"
#!/bin/sh
set -e
# Import exec_firefox() and configure_best_tor_launcher_locale()
. /usr/local/lib/tails-shell-library/tor-browser.sh
# The Tor Browser hardcodes the default profile dir to ../.. from the
# folder storing the application.ini file supplied via -app. Sadly,
# -profile doesn't work together with -app. Therefore we copy the
# whole Tor Launcher application (just ~350 KB) into the user's home
# so we can get the profile directory in a sane place.
if [ ! -e "${HOME}"/.tor-launcher ]; then
mkdir -p "${HOME}"/.tor-launcher
cp -r /usr/share/tor-launcher-standalone "${HOME}"/.tor-launcher/tor-launcher-standalone
mkdir -p "${HOME}"/.tor-launcher/TorBrowser/Data/Browser/
cat << EOF > "${HOME}"/.tor-launcher/TorBrowser/Data/Browser/profiles.ini
[General]
StartWithLastProfile=1
[Profile0]
Name=default
IsRelative=1
Path=profile.default
EOF
mkdir -p "${HOME}"/.tor-launcher/TorBrowser/Data/Browser/profile.default/preferences
configure_best_tor_launcher_locale "${HOME}"/.tor-launcher/TorBrowser/Data/Browser/profile.default
fi
exec_unconfined_firefox -app "${HOME}"/.tor-launcher/tor-launcher-standalone/application.ini
......@@ -20,6 +20,18 @@ PROFILE="${HOME}/.tor-browser/profile.default"
# Import exec_firefox() and configure_best_tor_browser_locale()
. /usr/local/lib/tails-shell-library/tor-browser.sh
# Allow Torbutton access to the control port filter (for new identity).
# Setting a password is required, otherwise Torbutton attempts to
# read the authentication cookie file instead, which fails.
export TOR_CONTROL_HOST='127.0.0.1'
export TOR_CONTROL_PORT='9052'
export TOR_CONTROL_PASSWD='passwd'
# Hide Torbutton's "Tor Network Settings..." context menu entry since
# it doesn't work in Tails, and we deal with those configurations
# strictly through Tor Launcher.
export TOR_NO_DISPLAY_NETWORK_SETTINGS='yes'
ask_for_confirmation() {
# Skip dialog if user is already running Tor Browser:
if pgrep -u amnesia -f "${TBB_INSTALL}/firefox" ; then
......
#!/bin/sh
set -e
# Import the TOR_LAUNCHER_INSTALL variable, and exec_unconfined_firefox()
# and configure_best_tor_launcher_locale()
. /usr/local/lib/tails-shell-library/tor-browser.sh
unset TOR_CONTROL_PASSWD
unset TOR_FORCE_NET_CONFIG
export TOR_CONFIGURE_ONLY=1
export TOR_CONTROL_PORT=9051
export TOR_CONTROL_COOKIE_AUTH_FILE=/var/run/tor/control.authcookie
export TOR_HIDE_BROWSER_LOGO=1
if echo "$@" | grep -qw -- --force-net-config; then
export TOR_FORCE_NET_CONFIG=1
fi
PROFILE="${HOME}/.tor-launcher/profile.default"
if [ ! -d "${PROFILE}" ]; then
mkdir -p "${PROFILE}"
configure_best_tor_launcher_locale "${PROFILE}"
fi
exec_unconfined_firefox \
-app "${TOR_LAUNCHER_INSTALL}/application.ini" \
-profile "${PROFILE}"
......@@ -3,7 +3,8 @@
TBB_INSTALL=/usr/local/lib/tor-browser
TBB_PROFILE=/etc/tor-browser/profile
TBB_EXT=/usr/local/share/tor-browser-extensions
TOR_LAUNCHER_LOCALES_DIR=/usr/share/tor-launcher-standalone/chrome/locale
TOR_LAUNCHER_INSTALL=/usr/local/lib/tor-launcher-standalone
TOR_LAUNCHER_LOCALES_DIR="${TOR_LAUNCHER_INSTALL}/chrome/locale"
exec_firefox() {
LD_LIBRARY_PATH="${TBB_INSTALL}"
......
......@@ -5,28 +5,20 @@ set -e
# Import export_gnome_env().
. /usr/local/lib/tails-shell-library/gnome.sh
unset TOR_CONTROL_PASSWD
unset TOR_FORCE_NET_CONFIG
TOR_CONFIGURE_ONLY=1
TOR_CONTROL_PORT=9051
TOR_CONTROL_COOKIE_AUTH_FILE=/var/run/tor/control.authcookie
TOR_HIDE_BROWSER_LOGO=1
export TOR_CONFIGURE_ONLY
export TOR_CONTROL_PORT
export TOR_CONTROL_COOKIE_AUTH_FILE
export TOR_HIDE_BROWSER_LOGO
if echo "$@" | grep -qw -- --force-net-config; then
TOR_FORCE_NET_CONFIG=1
export TOR_FORCE_NET_CONFIG
fi
# Get LIVE_USERNAME
. /etc/live/config.d/username.conf
# Get LANG
. /etc/default/locale
# The Tor Browser hardcodes the default profile dir to inside
# ../TorBrowser/Data/Browser/ from the folder storing the
# application.ini file supplied via -app. We can use -profile to load
# it from a different place, but then the Caches directory
# must still exist and be accessible in the above folder.
mkdir -p /usr/local/lib/TorBrowser/Data/Browser/Caches
chmod -R a+rX /usr/local/lib/TorBrowser
until pgrep -u "${LIVE_USERNAME}" '^ibus-daemon' >/dev/null ; do
sleep 5
done
......@@ -34,11 +26,8 @@ done
export LANG
export_gnome_env
sudo -u ${LIVE_USERNAME} xhost +SI:localuser:tor-launcher
gksudo -u tor-launcher /usr/bin/tor-launcher
gksudo -u tor-launcher /usr/local/bin/tor-launcher -- "$@"
RET=${?}
sudo -u ${LIVE_USERNAME} xhost -SI:localuser:tor-launcher
# Save ~10 RAM (due to the tmpfs) by removing this unused file
rm -f /usr/Data/Browser/*.default/places.sqlite
exit ${RET}
......@@ -35,6 +35,7 @@ def xul_application_info(application)
'echo ${TBB_INSTALL}/firefox', :libs => 'tor-browser'
).stdout.chomp
address_bar_image = "BrowserAddressBar.png"
unused_tbb_libs = ['libnssdbm3.so']
case application
when "Tor Browser"
user = LIVE_USER
......@@ -53,10 +54,18 @@ def xul_application_info(application)
new_tab_button_image = "I2PBrowserNewTabButton.png"
when "Tor Launcher"
user = "tor-launcher"
cmd_regex = "#{binary} -app /home/#{user}/\.tor-launcher/tor-launcher-standalone/application\.ini"
# We do not enable AppArmor confinement for the Tor Launcher.
binary = "#{binary}-unconfined"
tor_launcher_install = $vm.execute_successfully(
'echo ${TOR_LAUNCHER_INSTALL}', :libs => 'tor-browser'
).stdout.chomp
cmd_regex = "#{binary}\s+-app #{tor_launcher_install}/application\.ini.*"
chroot = ""
new_tab_button_image = nil
address_bar_image = nil
# The standalone Tor Launcher uses fewer libs than the full
# browser.
unused_tbb_libs.concat(["libfreebl3.so", "libnssckbi.so", "libsoftokn3.so"])
else
raise "Invalid browser or XUL application: #{application}"
end
......@@ -66,6 +75,7 @@ def xul_application_info(application)
:chroot => chroot,
:new_tab_button_image => new_tab_button_image,
:address_bar_image => address_bar_image,
:unused_tbb_libs => unused_tbb_libs,
}
end
......@@ -108,8 +118,7 @@ Then /^the (.*) has no plugins installed$/ do |browser|
step "I see \"TorBrowserNoPlugins.png\" after at most 30 seconds"
end
def xul_app_shared_lib_check(pid, chroot)
expected_absent_tbb_libs = ['libnssdbm3.so']
def xul_app_shared_lib_check(pid, chroot, expected_absent_tbb_libs = [])
absent_tbb_libs = []
unwanted_native_libs = []
tbb_libs = $vm.execute_successfully("ls -1 #{chroot}${TBB_INSTALL}/*.so",
......@@ -141,7 +150,7 @@ Then /^the (.*) uses all expected TBB shared libraries$/ do |application|
info = xul_application_info(application)
pid = $vm.execute_successfully("pgrep --uid #{info[:user]} --full --exact '#{info[:cmd_regex]}'").stdout.chomp
assert(/\A\d+\z/.match(pid), "It seems like #{application} is not running")
xul_app_shared_lib_check(pid, info[:chroot])
xul_app_shared_lib_check(pid, info[:chroot], info[:unused_tbb_libs])
end
Then /^the (.*) chroot is torn down$/ do |browser|
......
......@@ -9,6 +9,7 @@ Feature: Using Tails with Tor pluggable transports
And I capture all network traffic
When the network is plugged
Then the Tor Launcher autostarts
And the Tor Launcher uses all expected TBB shared libraries
Scenario: Using bridges
When I configure some Bridge pluggable transports in Tor Launcher
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment