Commit a76ed56c authored by Tails developers's avatar Tails developers

Refactor chroot browser configuration steps.

parent 62285af8
#!/bin/sh
# Import the TBB_EXT variable.
# Import the TBB_INSTALL, TBB_PROFILE and TBB_EXT variables, and
# configure_xulrunner_app_locale().
. /usr/local/lib/tails-shell-library/tor-browser.sh
# Import windows_camouflage_is_enabled()
. /usr/local/lib/tails-shell-library/tails-greeter.sh
# Break down the chroot and kill all of its processes
try_cleanup_browser_chroot () {
local chroot="${1}"
......@@ -64,6 +68,14 @@ setup_browser_chroot () {
chmod -t ${cow}
}
set_chroot_browser_locale () {
local chroot="${1}"
local browser_user="${2}"
local locale="${3}"
local browser_profile="${chroot}/home/${browser_user}/.tor-browser/profile.default"
configure_xulrunner_app_locale "${browser_profile}" "${locale}"
}
set_chroot_browser_name () {
local chroot="${1}"
local name="${2}"
......@@ -117,3 +129,74 @@ set_chroot_torbutton_browser_name () {
fi
sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${name}\">/" "${torbutton_locale_dir}/brand.dtd"
}
# Set the chroot's DNS servers (IPv4 only)
configure_chroot_dns_servers () {
local chroot="${1}" ; shift
local ip4_nameservers="${@}"
rm -f ${chroot}/etc/resolv.conf
for ns in ${ip4_nameservers}; do
echo "nameserver ${ns}" >> ${chroot}/etc/resolv.conf
done
chmod a+r ${chroot}/etc/resolv.conf
}
set_chroot_browser_permissions () {
local chroot="${1}"
local browser_user="${2}"
local browser_conf="${chroot}/home/${browser_user}/.tor-browser"
chown -R ${browser_user}:${browser_user} "${browser_conf}"
}
configure_chroot_browser () {
local chroot="${1}" ; shift
local browser_name="${1}" ; shift
local browser_user="${1}" ; shift
local startpage="${1}" ; shift
# Now $@ is a list of extensions to enable
# Prevent sudo from complaining about failing to resolve the 'amnesia' host
echo "127.0.0.1 localhost amnesia" > ${chroot}/etc/hosts
# Create a fresh browser profile for the clearnet user
local browser_conf="${chroot}/home/${browser_user}/.tor-browser"
local browser_profile="${browser_conf}/profile.default"
local browser_ext="${browser_profile}"/extensions
mkdir -p "${browser_profile}" "${browser_ext}"
# Select extensions to enable
cp --no-dereference "${@}" "${browser_ext}"
# Set preferences
local browser_prefs="${browser_profile}"/preferences/prefs.js
mkdir -p "$(dirname "${browser_prefs}")"
cp /usr/share/tails/"${browser_name}"/prefs.js "${browser_prefs}"
# Set start page to something that explains what's going on
echo 'user_pref("browser.startup.homepage", "'${startpage}'");' >> \
"${browser_prefs}"
# Customize the GUI
local browser_chrome="${browser_profile}/chrome/userChrome.css"
mkdir -p "$(dirname "${browser_chrome}")"
cp /usr/share/tails/"${browser_name}"/userChrome.css ${browser_chrome}
# Remove all bookmarks
rm -f ${chroot}/"${TBB_PROFILE}"/bookmarks.html
rm -f ${browser_profile}/bookmarks.html
rm -f ${browser_profile}/places.sqlite
# Set an appropriate theme, except if we're using Windows
# camouflage.
if ! windows_camouflage_is_enabled; then
cat /usr/share/tails/"${browser_name}"/theme.js >> "${browser_prefs}"
else
# The tails-activate-win8-theme script requires that the
# browser profile is writable by the user running the script.
set_chroot_browser_permissions ${chroot} ${browser_user}
# The camouflage activation script requires a dbus server for
# properly configuring GNOME, so we start one in the chroot
chroot ${chroot} sudo -H -u ${browser_user} sh -c 'eval `dbus-launch --auto-syntax`; tails-activate-win8-theme' || :
fi
}
......@@ -17,13 +17,11 @@ export TEXTDOMAIN
CONF_DIR=/var/lib/i2p-browser
COW=${CONF_DIR}/cow
CHROOT=${CONF_DIR}/chroot
BROWSER_NAME=i2p-browser
BROWSER_USER=i2pbrowser
TBB_PREFS="/etc/tor-browser/profile/preferences"
START_PAGE="http://127.0.0.1:7657"
# Import the TBB_INSTALL, TBB_EXT and TBB_PROFILE variables, and
# exec_firefox(), configure_xulrunner_app_locale() and
# guess_best_tor_browser_locale()
# Import the TBB_EXT variable, and guess_best_tor_browser_locale().
. /usr/local/lib/tails-shell-library/tor-browser.sh
# Import windows_camouflage_is_enabled()
......@@ -33,7 +31,7 @@ START_PAGE="http://127.0.0.1:7657"
NOSCRIPT_EXT_XPI="${TBB_EXT}/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi"
TORBUTTON_EXT_DIR="${TBB_EXT}/torbutton@torproject.org"
NAME="`gettext \"I2P Browser\"`"
HUMAN_READABLE_NAME="`gettext \"I2P Browser\"`"
cleanup () {
try_cleanup_browser_chroot ${CHROOT} ${COW} ${BROWSER_USER}
......@@ -70,68 +68,19 @@ show_start_notification () {
tails-notify-user "${title}" "${body}" 10000
}
configure_chroot () {
# Prevent sudo from complaining about failing to resolve the 'amnesia' host
echo "127.0.0.1 localhost amnesia" > ${CHROOT}/etc/hosts
# Create a fresh Tor Browser profile for the i2pbrowser user
BROWSER_CONF="${CHROOT}/home/${BROWSER_USER}/.tor-browser"
BROWSER_PROFILE="${BROWSER_CONF}/profile.default"
BROWSER_EXT="${BROWSER_PROFILE}/extensions"
mkdir -p "${BROWSER_EXT}"
ln -s "${NOSCRIPT_EXT_XPI}" "${BROWSER_EXT}"
ln -s "${TORBUTTON_EXT_DIR}" "${BROWSER_EXT}"
for LANGPACK in $(ls ${TBB_PROFILE}/extensions/langpack-*.xpi); do
ln -s "${LANGPACK}" "${BROWSER_EXT}"
done
BROWSER_PREF_DIR="${BROWSER_PROFILE}/preferences"
BROWSER_PREFS="${BROWSER_PREF_DIR}/prefs.js"
mkdir -p "${BROWSER_PREF_DIR}"
copy_extra_tbb_prefs () {
local chroot="${1}"
local browser_user="${2}"
local tbb_prefs="/etc/tor-browser/profile/preferences"
local browser_prefs_dir="${chroot}/home/${browser_user}/.tor-browser"/profile.default/preferences
mkdir -p "${browser_prefs_dir}"
# Selectively copy the TBB prefs we want
sed '/\(security\|update\|download\|spell\|noscript\|torbrowser\|torbutton\)/!d' $TBB_PREFS/0000tails.js > \
${BROWSER_PREF_DIR}/0000tails.js
sed '/\(capability\|noscript\|torbutton\)/!d' ${TBB_PREFS}/extension-overrides.js > \
${BROWSER_PREF_DIR}/extension-overrides.js
# Localization
BEST_LOCALE="$(guess_best_tor_browser_locale)"
configure_xulrunner_app_locale "${BROWSER_PROFILE}" "${BEST_LOCALE}"
# Set the name (e.g. window title) of the browser
set_chroot_torbutton_browser_name "${CHROOT}" "${NAME}" "${BEST_LOCALE}"
# Set start page to the router console
echo 'user_pref("browser.startup.homepage", "'${START_PAGE}'");' >> \
${BROWSER_PREFS}
# add the I2P proxy to all protocols
cp /usr/share/tails/i2p-browser/prefs.js "${BROWSER_PREF_DIR}"
# Hide options in the I2P Browser.
# It would be good to implement the ability to persist the browser profile in the
# future. At that point, the Bookmark functionality could be restored.
BROWSER_CHROME="${BROWSER_PROFILE}/chrome/userChrome.css"
mkdir -p "$(dirname "${BROWSER_CHROME}")"
cp /usr/share/tails/i2p-browser/userChrome.css ${BROWSER_CHROME}
# Remove all bookmarks
rm -f "${CHROOT}/${TBB_PROFILE}/bookmarks.html"
rm -f ${BROWSER_PROFILE}/bookmarks.html
rm -f ${BROWSER_PROFILE}/places.sqlite
chown -R ${BROWSER_USER}:${BROWSER_USER} "${BROWSER_CONF}"
# Change the theme when not using Windows camouflage
if ! windows_camouflage_is_enabled; then
cat /usr/share/tails/i2p-browser/theme.js >> "${BROWSER_PREFS}"
else
# The camouflage activation script requires a dbus server for
# properly configuring GNOME, so we start one in the chroot
chroot ${CHROOT} sudo -H -u ${BROWSER_USER} sh -c 'eval `dbus-launch --auto-syntax`; tails-activate-win8-theme' || :
fi
sed '/\(security\|update\|download\|spell\|noscript\|torbrowser\|torbutton\)/!d' "${tbb_prefs}"/0000tails.js > \
"${browser_prefs_dir}"/0000tails.js
sed '/\(capability\|noscript\|torbutton\)/!d' "${tbb_prefs}"/extension-overrides.js > \
"${browser_prefs_dir}"/extension-overrides.js
chown -R ${browser_user}:${browser_user} "${browser_prefs_dir}"
}
show_shutdown_notification () {
......@@ -150,11 +99,22 @@ if ! i2p_router_console_is_ready; then
verify_start
fi
show_start_notification
echo "* Setting up chroot"
setup_browser_chroot ${CHROOT} ${COW} || \
error "`gettext \"Failed to setup chroot.\"`"
echo "* Configuring chroot"
configure_chroot
configure_chroot_dns_servers "${CHROOT}" "127.0.0.1"
configure_chroot_browser "${CHROOT}" "${BROWSER_NAME}" "${BROWSER_USER}" \
"${START_PAGE}" "${CHROOT}/${TBB_EXT}"/langpack-*.xpi \
"${NOSCRIPT_EXT_XPI}" "${TORBUTTON_EXT_DIR}"
copy_extra_tbb_prefs "${CHROOT}" "${BROWSER_USER}"
BEST_LOCALE="$(guess_best_tor_browser_locale)"
set_chroot_browser_locale "${CHROOT}" "${BROWSER_USER}" "${BEST_LOCALE}"
set_chroot_torbutton_browser_name "${CHROOT}" "${HUMAN_READABLE_NAME}" "${BEST_LOCALE}"
set_chroot_browser_permissions "${CHROOT}" "${BROWSER_USER}"
echo "* Starting I2P Browser"
run_chroot_browser ${CHROOT} ${BROWSER_USER} ${SUDO_USER}
show_shutdown_notification
......
......@@ -12,17 +12,13 @@ export TEXTDOMAIN
CONF_DIR=/var/lib/unsafe-browser
COW=${CONF_DIR}/cow
CHROOT=${CONF_DIR}/chroot
BROWSER_NAME=unsafe-browser
BROWSER_USER=clearnet
# Import tor_is_working()
. /usr/local/lib/tails-shell-library/tor.sh
# Import the TBB_INSTALL, TBB_EXT and TBB_PROFILE variables, and
# exec_firefox(), configure_xulrunner_app_locale() and
# guess_best_tor_browser_locale()
. /usr/local/lib/tails-shell-library/tor-browser.sh
# Import windows_camouflage_is_enabled()
# Import the TBB_EXT variable, and guess_best_tor_browser_locale().
. /usr/local/lib/tails-shell-library/tor-browser.sh
. /usr/local/lib/tails-shell-library/chroot-browser.sh
......@@ -70,63 +66,6 @@ show_start_notification () {
tails-notify-user "${title}" "${body}" 10000
}
configure_chroot () {
# Prevent sudo from complaining about failing to resolve the 'amnesia' host
echo "127.0.0.1 localhost amnesia" > ${CHROOT}/etc/hosts
# Set the chroot's DNS servers to those obtained through DHCP
rm -f ${CHROOT}/etc/resolv.conf
for NS in ${IP4_NAMESERVERS}; do
echo "nameserver ${NS}" >> ${CHROOT}/etc/resolv.conf
done
chmod a+r ${CHROOT}/etc/resolv.conf
# Create a fresh browser profile for the clearnet user
BROWSER_CONF="${CHROOT}/home/${BROWSER_USER}/.tor-browser"
BROWSER_PROFILE="${BROWSER_CONF}/profile.default"
BROWSER_EXT="${BROWSER_PROFILE}"/extensions
mkdir -p "${BROWSER_EXT}"
cp -Pr "${TBB_PROFILE}"/extensions/langpack-*.xpi "${BROWSER_EXT}"
BROWSER_PREFS="${BROWSER_PROFILE}"/preferences/prefs.js
mkdir -p "$(dirname "${BROWSER_PREFS}")"
cp /usr/share/tails/unsafe-browser/prefs.js "${BROWSER_PREFS}"
# Localization
BEST_LOCALE="$(guess_best_tor_browser_locale)"
configure_xulrunner_app_locale "${BROWSER_PROFILE}" "${BEST_LOCALE}"
# Set the name (e.g. window title) of the browser
set_chroot_browser_name ${CHROOT} "`gettext \"Unsafe Browser\"`" "${BEST_LOCALE}"
# Set start page to something that explains what's going on
echo 'user_pref("browser.startup.homepage", "'${START_PAGE}'");' >> \
"${BROWSER_PREFS}"
BROWSER_CHROME="${BROWSER_PROFILE}/chrome/userChrome.css"
mkdir -p "$(dirname "${BROWSER_CHROME}")"
cp /usr/share/tails/unsafe-browser/userChrome.css ${BROWSER_CHROME}
# Remove all bookmarks
rm -f ${CHROOT}/"${TBB_PROFILE}"/bookmarks.html
rm -f ${BROWSER_PROFILE}/bookmarks.html
rm -f ${BROWSER_PROFILE}/places.sqlite
chown -R ${BROWSER_USER}:${BROWSER_USER} "${BROWSER_CONF}"
# Set a scary theme (except if we're using Windows
# camouflage). Note that the tails-activate-win8-theme script that
# we may run below requires that the browser profile is writable
# by the user running the script (i.e. clearnet).
if ! windows_camouflage_is_enabled; then
cat /usr/share/tails/unsafe-browser/theme.js >> "${BROWSER_PREFS}"
else
# The camouflage activation script requires a dbus server for
# properly configuring GNOME, so we start one in the chroot
chroot ${CHROOT} sudo -H -u ${BROWSER_USER} sh -c 'eval `dbus-launch --auto-syntax`; tails-activate-win8-theme' || :
fi
}
show_shutdown_notification () {
local title="`gettext \"Shutting down the Unsafe Browser...\"`"
local body="`gettext \"This may take a while, and you may not restart the Unsafe Browser until it is properly shut down.\"`"
......@@ -167,11 +106,20 @@ fi
verify_start
show_start_notification
echo "* Setting up chroot"
setup_browser_chroot ${CHROOT} ${COW} || \
error "`gettext \"Failed to setup chroot.\"`"
echo "* Configuring chroot"
configure_chroot
configure_chroot_dns_servers "${CHROOT}" "${IP4_NAMESERVERS}"
configure_chroot_browser "${CHROOT}" "${BROWSER_NAME}" "${BROWSER_USER}" \
"${START_PAGE}" "${CHROOT}/${TBB_EXT}"/langpack-*.xpi
BEST_LOCALE="$(guess_best_tor_browser_locale)"
set_chroot_browser_locale "${CHROOT}" "${BROWSER_USER}" "${BEST_LOCALE}"
set_chroot_browser_name ${CHROOT} "`gettext \"Unsafe Browser\"`" "${BEST_LOCALE}"
set_chroot_browser_permissions "${CHROOT}" "${BROWSER_USER}"
echo "* Starting Unsafe Browser"
run_chroot_browser ${CHROOT} ${BROWSER_USER} ${SUDO_USER}
show_shutdown_notification
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment