Commit 688ec51c authored by kytv's avatar kytv
Browse files

Merge remote-tracking branch 'origin/devel' into devel

parents b3f1de39 18f48712
#!/bin/sh
set -e
set -u
EXT="/usr/lib/icedove/extensions"
[ -d "$EXT" ] || exit 1
echo "Enabling Torbirdy and Enigmail in Icedove"
ln -s /usr/share/xul-ext/torbirdy "$EXT"/castironthunderbirdclub@torproject.org
ln -s /usr/lib/xul-ext/enigmail "$EXT"/\{847b3a00-7ab1-11d4-8f02-006008948af5\}
echo "Enabling the amnesia branding extension in Icedove"
ln -s /usr/local/share/tor-browser-extensions/branding@amnesia.boum.org "$EXT"
#!/bin/sh
set -e
# We don't want the real binary to be in $PATH:
# Also note that wget uses the executable name in some help/error messages,
# so wget-real/etc. should be avoided.
mkdir -p /usr/lib/wget
dpkg-divert --add --rename --divert /usr/lib/wget/wget /usr/bin/wget
# We don't want users or other applications using wget directly:
cat > /usr/bin/wget << 'EOF'
#!/bin/sh
unset http_proxy
unset HTTP_PROXY
unset https_proxy
unset HTTPS_PROXY
exec torsocks /usr/lib/wget/wget --passive-ftp "$@"
EOF
chmod 755 /usr/bin/wget
// This is the Debian specific preferences file for Mozilla Firefox
// You can make any change in here, it is the purpose of this file.
// You can, with this file and all files present in the
// /etc/thunderbird/pref directory, override any preference that is
// present in /usr/lib/thunderbird/defaults/pref directory.
// While your changes will be kept on upgrade if you modify files in
// /etc/thunderbird/pref, please note that they won't be kept if you
// do them in /usr/lib/thunderbird/defaults/pref.
pref("extensions.update.enabled", true);
// Use LANG environment variable to choose locale
pref("intl.locale.matchOS", true);
// Disable default mail checking (gnome).
pref("mail.shell.checkDefaultMail", false);
// if you are not using gnome
pref("network.protocol-handler.app.http", "x-www-browser");
pref("network.protocol-handler.app.https", "x-www-browser");
// Tell TorBirdy we're running Tails so that it adapts its behaviour.
//pref("vendor.name", "Tails");
// Disable mail indexing
pref("mailnews.database.global.indexer.enabled", false);
// Disable chat
pref("mail.chat.enabled", false);
// Disable system addons
pref("extensions.autoDisableScopes", 3);
pref("extensions.enabledScopes", 4);
// Only show the tab bar if there's more than one tab to display
pref("mail.tabs.autoHide", true);
// Try to disable "Would you like to help Icedove Mail/News by automatically reporting memory usage, performance, and responsiveness to Mozilla"
pref("toolkit.telemetry.prompted", 2);
pref("toolkit.telemetry.rejected", true);
pref("toolkit.telemetry.enabled", false);
/* Required, do not remove */
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
#torbirdy-jondo-selection,
#torbirdy-whonix-selection,
#torbirdy-tor-selection,
#torbirdy-tor-selection + menuseparator,
#torbirdy-anon-settings,
#torbirdy-anonservice,
/* Hide "Chat account" on Icedove's start-up page */
#CreateAccountChat
{ display: none; }
user_pref("extensions.enigmail.configuredVersion", "1.7.2");
......@@ -20,7 +20,7 @@ SocksPort 127.0.0.1:9061 IsolateDestAddr
## SocksPort for Tails-specific applications
SocksPort 127.0.0.1:9062 IsolateDestAddr IsolateDestPort
## SocksPort for the default web browser
SocksPort 127.0.0.1:9150
SocksPort 127.0.0.1:9150 IsolateSOCKSAuth KeepAliveIsolateSOCKSAuth
## Entry policies to allow/deny SOCKS requests based on IP address.
## First entry that matches wins. If no SocksPolicy is set, we accept
......
#!/bin/sh
set -e
set -u
PROFILE="${HOME}/.icedove/profile.default"
start_icedove() {
# Give Icedove its own temp directory, similar rationale to a1fd1f0f & #9558.
TMPDIR="${PROFILE}/tmp"
mkdir --mode=0700 -p "$TMPDIR"
export TMPDIR
if [ -z "$XAUTHORITY" ]; then
XAUTHORITY=~/.Xauthority
export XAUTHORITY
fi
unset SESSION_MANAGER
/usr/bin/icedove --class "Icedove" -profile "${PROFILE}" "${@}"
}
start_icedove "${@}"
#!/bin/sh
unset http_proxy
unset HTTP_PROXY
unset https_proxy
unset HTTPS_PROXY
exec torsocks /usr/bin/wget "$@"
#!/bin/sh
# Get monotonic time in seconds. See clock_gettime(2) for details.
# Note: we limit ourselves to seconds simply because floating point
# arithmetic is a PITA in the shell.
clock_gettime_monotonic() {
perl -w -MTime::HiRes=clock_gettime,CLOCK_MONOTONIC \
-E 'say clock_gettime(CLOCK_MONOTONIC)' | \
sed 's/\..*$//'
}
# Run `check_expr` until `timeout` seconds has passed, and sleep
# `delay` (optional, defaults to 1) seconds in between the calls.
# Note that execution isn't aborted exactly after `timeout`
......@@ -11,9 +20,9 @@ wait_until() {
timeout="${1}"
check_expr="${2}"
delay="${3:-1}"
timeout_at=$(expr $(date +%s) + ${timeout})
timeout_at=$(expr $(clock_gettime_monotonic) + ${timeout})
until eval "${check_expr}"; do
if [ "$(date +%s)" -ge "${timeout_at}" ]; then
if [ "$(clock_gettime_monotonic)" -ge "${timeout_at}" ]; then
return 1
fi
sleep ${delay}
......
......@@ -64,6 +64,36 @@ Options affecting the 'activate' action:
"
}
escape_dots() {
printf "%s\n" $1 | sed 's/\./\\./g'
}
migrate_persistence_preset()
{
local OLD_PRESET="${1}"
local OLD_PRESET_SOURCE="${2}"
local NEW_PRESET="${3}"
local NEW_PRESET_SOURCE="${4}"
local CONFIG="${5}"
if grep -E -qs --line-regex \
-e "$(escape_dots ${OLD_PRESET})\s+source=${OLD_PRESET_SOURCE}" \
"$CONFIG" \
&& ! grep -E -qs --line-regex \
-e "$(escape_dots ${NEW_PRESET})\s+source=${NEW_PRESET_SOURCE}" \
"$CONFIG"
then
warning "Need to make $NEW_PRESET persistent"
if [ "$PERSISTENCE_READONLY" = true ]
then
warning "Persistence configuration needs to be migrated, but read only was selected; please retry in read-write mode"
fi
echo "$NEW_PRESET source=$NEW_PRESET_SOURCE" \
>> "$CONFIG" \
|| error "Failed to make $NEW_PRESET: $?"
warning "Successfully made $NEW_PRESET persistent"
fi
}
warning ()
{
echo "warning: ${@}" >&2
......@@ -323,31 +353,19 @@ activate_volumes ()
fi
done
# Migrate Squeeze-era NetworkManager persistence setting to Wheezy.
for conf in $(ls /live/persistence/*_unlocked/persistence.conf || true)
do
if grep -E -qs --line-regex \
-e '/home/amnesia/\.gconf/system/networking/connections\s+source=nm-connections' \
"$conf" \
&& ! grep -E -qs --line-regex \
-e '/etc/NetworkManager/system-connections\s+source=nm-system-connections' \
# Migrate Squeeze-era NetworkManager persistence setting to Wheezy.
migrate_persistence_preset '/home/amnesia/.gconf/system/networking/connections' 'nm-connections' \
'/etc/NetworkManager/system-connections' 'nm-system-connections' "$conf"
# disable pre-Wheezy NM persistence setting
sed -r -i \
-e 's,^(/home/amnesia/\.gconf/system/networking/connections\s+source=nm-connections)$,#\1,' \
"$conf"
then
warning "Needs to make /etc/NetworkManager/system-connections persistent"
if [ "$PERSISTENCE_READONLY" = true ]
then
# XXX: don't really error-out, do we?
error "Persistence configuration needs to be migrated, but read only was selected; please retry in read-write mode"
fi
echo '/etc/NetworkManager/system-connections source=nm-system-connections' \
>> "$conf" \
|| error "Failed to make /etc/NetworkManager/system-connections persistent: $?"
warning "Successfully made /etc/NetworkManager/system-connections persistent"
# disable pre-Wheezy NM persistence setting
sed -r -i \
-e 's,^(/home/amnesia/\.gconf/system/networking/connections\s+source=nm-connections)$,#\1,' \
"$conf"
fi
# Migrate Claws-mail persistence setting to Icedove
migrate_persistence_preset '/home/amnesia/.claws-mail' 'claws-mail' \
'/home/amnesia/.icedove' 'icedove' "$conf"
done
# Fix permissions on persistent directories that were created
......
......@@ -2,7 +2,7 @@
set -e
# Import try_for()
# Import try_for() and clock_gettime_monotonic()
. /usr/local/lib/tails-shell-library/common.sh
# Import tor_bootstrap_progress()
......@@ -29,7 +29,7 @@ service tor restart
# options set by Vidalia will be lost since they weren't written to torrc.
bootstrap_progress=0
last_bootstrap_change=$(date +%s)
last_bootstrap_change=$(clock_gettime_monotonic)
maybe_restart_tor() {
local new_bootstrap_progress=$(tor_bootstrap_progress)
......@@ -38,14 +38,14 @@ maybe_restart_tor() {
return 0
elif [ $new_bootstrap_progress -gt $bootstrap_progress ]; then
bootstrap_progress=$new_bootstrap_progress
last_bootstrap_change=$(date +%s)
last_bootstrap_change=$(clock_gettime_monotonic)
return 1
elif [ $(expr $(date +%s) - $last_bootstrap_change) -ge 20 ]; then
elif [ $(expr $(clock_gettime_monotonic) - $last_bootstrap_change) -ge 20 ]; then
log "Tor seems to have stalled while bootstrapping. Restarting Tor."
clear_tor_log
service tor restart
bootstrap_progress=0
last_bootstrap_change=$(date +%s)
last_bootstrap_change=$(clock_gettime_monotonic)
return 1
else
return 1
......
......@@ -18,6 +18,15 @@
</Description>
</em:targetApplication>
<!-- Thunderbird -->
<em:targetApplication>
<Description>
<em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id>
<em:minVersion>24.0</em:minVersion>
<em:maxVersion>32.0</em:maxVersion>
</Description>
</em:targetApplication>
</Description>
</RDF>
......@@ -89,6 +89,7 @@ dosfstools
eatmydata
ekeyd
electrum
enigmail
eog
evince
exiv2
......@@ -139,6 +140,8 @@ haveged
hdparm
hledger
hopenpgp-tools
icedove
icedove-l10n-all
inkscape
ipheth-utils
iptables
......@@ -241,6 +244,7 @@ vidalia
vim-nox
virtualbox-guest-utils
wireless-tools
xul-ext-torbirdy
# needed for initramfs-tools' COMPRESS=xz
xz-utils
......
--- /usr/share/xul-ext/torbirdy/chrome/content/emailwizard.xul.orig 2015-09-28 00:28:45.164177872 +0000
+++ /usr/share/xul-ext/torbirdy/chrome/content/emailwizard.xul 2015-09-28 00:28:55.400376965 +0000
@@ -22,10 +22,10 @@
<menulist id="torbirdy-protocol">
<menupopup>
- <menuitem label="POP3"
- value="pop3" />
<menuitem label="IMAP"
value="imap" />
+ <menuitem label="POP3"
+ value="pop3" />
</menupopup>
</menulist>
--- /usr/share/xul-ext/torbirdy/chrome/content/preferences.js.orig 2015-07-27 07:34:13.195987276 +0000
+++ /usr/share/xul-ext/torbirdy/chrome/content/preferences.js 2015-07-27 07:44:12.579975436 +0000
@@ -7,7 +7,7 @@
pub.prefBranch = "extensions.torbirdy.";
pub.customBranch = "extensions.torbirdy.custom.";
- pub.torKeyserver = "hkp://qdigse2yzvuglcix.onion";
+ pub.torKeyserver = "hkp://pool.sks-keyservers.net";
pub.jondoKeyserver = "hkp://pool.sks-keyservers.net";
pub.prefs = Components.classes["@mozilla.org/preferences-service;1"]
@@ -25,7 +25,7 @@
pub.setDefaultPrefs = function() {
pub.prefs.setCharPref("network.proxy.socks", "127.0.0.1");
- pub.prefs.setIntPref("network.proxy.socks_port", 9050);
+ pub.prefs.setIntPref("network.proxy.socks_port", 9061);
pub.prefs.clearUserPref("network.proxy.http");
pub.prefs.clearUserPref("network.proxy.http_port");
pub.prefs.clearUserPref("network.proxy.ssl");
@@ -43,7 +43,7 @@
"--no-comments " +
"--throw-keyids " +
"--display-charset utf-8 " +
- "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8118";
+ "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=socks5h://127.0.0.1:9050";
}
if (anonService === "jondo") {
return "--no-emit-version " +
@@ -58,7 +58,7 @@
return "--no-emit-version " +
"--no-comments " +
"--display-charset utf-8 " +
- "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8118";
+ "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=socks5h://127.0.0.1:9050";
}
if (anonService === "jondo") {
return "--no-emit-version " +
@@ -494,7 +494,7 @@
// Tor.
if (anonService === 0) {
pub.socksHost.value = '127.0.0.1';
- pub.socksPort.value = '9050';
+ pub.socksPort.value = '9061';
}
// JonDo/Whonix.
--- ./usr/share/xul-ext/torbirdy/components/torbirdy.js.orig 2015-07-27 07:56:54.811960380 +0000
+++ ./usr/share/xul-ext/torbirdy/components/torbirdy.js 2015-07-27 08:00:26.895956191 +0000
@@ -43,7 +43,7 @@
// Configure Thunderbird to use the SOCKS5 proxy.
"network.proxy.socks": "127.0.0.1",
- "network.proxy.socks_port": 9050,
+ "network.proxy.socks_port": 9061,
"network.proxy.socks_version": 5,
// Set DNS proxying through SOCKS5.
@@ -215,10 +215,10 @@
// We want to force UTF-8 everywhere
"--display-charset utf-8 " +
// We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell
- "--keyserver-options http-proxy=http://127.0.0.1:8118 ",
+ "--keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 ",
// The default key server should be a hidden service and this is the only known one (it's part of the normal SKS network)
- "extensions.enigmail.keyserver": "hkp://qdigse2yzvuglcix.onion",
+ "extensions.enigmail.keyserver": "hkp://pool.sks-keyservers.net",
// Force GnuPG to use SHA512.
"extensions.enigmail.mimeHashAlgorithm": 5,
@product @check_tor_leaks
Feature: Icedove email client
As a Tails user
I may want to use an email client
Background:
Given I have started Tails from DVD and logged in and the network is connected
When I start "Icedove" via the GNOME "Internet" applications menu
And Icedove has started
And I have not configured an email account
Then I am prompted to setup an email account
Scenario: Icedove defaults to using IMAP
Then IMAP is the default protocol
Scenario: Adblock is not enabled within Icedove
Given I cancel setting up an email account
When I open Icedove's Add-ons Manager
And I click the extensions tab
Then I see that Adblock is not installed in Icedove
Scenario: Enigmail is configured to use the correct keyserver
Given I cancel setting up an email account
And I go into Enigmail's preferences
When I click Enigmail's keyserver tab
Then I see that Enigmail is configured to use the correct keyserver
When I click Enigmail's advanced tab
Then I see that Enigmail is configured to use the correct SOCKS proxy
Scenario: Torbirdy is configured to use Tor
Given I cancel setting up an email account
And I open Torbirdy's preferences
Then I see that Torbirdy is configured to use Tor
Scenario: Icedove will work over Tor
Given I cancel setting up an email account
And I open Torbirdy's preferences
When I test Torbirdy's proxy settings
Then Torbirdy's proxy test is successful
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment