Commit aa90a19a authored by intrigeri's avatar intrigeri

Merge branch 'feature/16356-tor-browser-9.0+force-all-tests' into devel (refs: #16356)

parents 894d783d 62df015f
......@@ -46,7 +46,7 @@ download_and_verify_files() {
}
install_tor_browser() {
local bundle destination tmp prep torlauncher_xpi_path torlauncher_version
local bundle destination tmp prep
bundle="${1}"
destination="${2}"
......@@ -65,7 +65,7 @@ install_tor_browser() {
# Enable our myspell/hunspell dictionaries. TBB only provides the
# one for en-US, but Debian's seems more comprehensive, so we'll
# only use Debian's dictionaries.
rm -f "${prep}"/dictionaries/*
mkdir "${prep}"/dictionaries
for f in /usr/share/hunspell/*.aff /usr/share/hunspell/*.dic; do
ln -s "${f}" "${prep}"/dictionaries/
done
......@@ -74,56 +74,76 @@ install_tor_browser() {
# instead of the system one, whenever ours is too old.
# For details see projects/firefox/abicheck.cc in
# https://git.torproject.org/builders/tor-browser-build.git
# Tor Browser 8.0a10 requires GLIBCXX_3.4.22, which Buster has
# Tor Browser 9.0a7 requires GLIBCXX_3.4.25, which Buster has,
# so disable this for now.
# cp "${prep}"/TorBrowser/Tor/libstdc++.so.6 "${prep}"
# cp "${prep}"/TorBrowser/Tor/libstdc++/libstdc++.so.6 "${prep}"
# We don't need the Tor binary, the shared libraries Tor needs
# (but Firefox doesn't) and documentation shipped in the TBB.
rm -r "${prep}"/TorBrowser/Tor "${prep}"/TorBrowser/Docs
# We don't want tor-launcher to be part of the regular browser
# profile but we want to keep it as a standalone application
# when Tails is started in "bridge mode".
torlauncher_xpi_path="${prep}/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi"
7z x -o"${TOR_LAUNCHER_INSTALL}" "${torlauncher_xpi_path}"
torlauncher_version="$(sed -n \
's,^ <em:version>\([0-9\.]\+\)</em:version>,\1,p' \
"${TOR_LAUNCHER_INSTALL}/install.rdf")"
SOURCE_DATE_YYYYMMDD=$(date --utc --date="@$SOURCE_DATE_EPOCH" '+%Y%m%d')
cat > "${TOR_LAUNCHER_INSTALL}/application.ini" << EOF
# The Tor Browser will fail, complaining about an incomplete profile,
# unless there's a readable TorBrowser/Data/Browser/Caches
# in the directory where the firefox executable is located.
mkdir -p "${prep}"/TorBrowser/Data/Browser/Caches
# Otherwise the "General" section in the preferences is not displayed.
install -d -m 0755 "${prep}"/TorBrowser/UpdateInfo
mv "${prep}" "${destination}"
rm -r "${tmp}"
}
# Install Tor Launcher as a standalone XUL application.
install_tor_launcher() {
local tbb_install destination tmp
tbb_install="${1}"
destination="${2}"
tmp="$(mktemp -d)"
7z x -o"${tmp}" "${tbb_install}/browser/omni.ja"
mv "${tmp}/chrome/torlauncher/" "${destination}"
# Tor Launcher is a system add-on but can be converted to
# something that works as a XUL standalone application by just
# moving things around:
mkdir "${destination}/chrome"
for x in content locale skin; do
mv "${destination}/${x}" "${destination}/chrome/"
done
mkdir -p "${destination}"/defaults/preferences
cp "${tmp}/defaults/preferences/torlauncher-prefs.js" \
"${destination}/defaults/preferences/prefs.js"
# ... and then we extract only the Tor Launcher parts from the
# manifest, and adapt to how we moved files around above:
grep torlauncher "${tmp}/chrome//chrome.manifest" \
| sed --regexp-extended \
-e 's@^(content|locale|skin) (torlauncher.*) torlauncher/(.*)$@\1 \2 chrome/\3@' \
-e 's@^(component) (\S+) torlauncher/(.+)$@\1 \2 \3@' \
-e 's@^(resource torlauncher) .*$@\1 ./@' \
> "${destination}/chrome.manifest"
cp "${destination}/chrome/skin/default48.png" "${destination}/icon.png"
cat > "${destination}/application.ini" << EOF
[App]
Vendor=TorProject
Name=TorLauncher
Version=${torlauncher_version}
BuildID=${SOURCE_DATE_YYYYMMDD}
Version=$(get_firefox_version "${tbb_install}/application.ini")
BuildID=$(date --utc --date="@$SOURCE_DATE_EPOCH" '+%Y%m%d')
ID=tor-launcher@torproject.org
[Gecko]
MinVersion=$(get_firefox_version "${prep}/application.ini")
MinVersion=$(get_firefox_version "${tbb_install}/application.ini")
MaxVersion=*.*.*
[Shell]
Icon=icon.png
EOF
chmod -R a+rX "${TOR_LAUNCHER_INSTALL}"
rm "${torlauncher_xpi_path}"
# The Tor Browser will fail, complaining about an incomplete profile,
# unless there's a readable TorBrowser/Data/Browser/Caches
# in the directory where the firefox executable is located.
mkdir -p "${prep}"/TorBrowser/Data/Browser/Caches
# Otherwise the "General" section in the preferences is not displayed.
install -d -m 0755 "${prep}"/TorBrowser/UpdateInfo
mv "${prep}" "${destination}"
chmod -R a+rX "${destination}"
rm -r "${tmp}"
}
# TBB works around the lack of code signing for its extensions by
# hacking in exceptions. We do the same!
# Improving this is tracked on #12571.
apply_extension_code_signing_hacks () {
local tbb_install tbb_timestamp
tbb_install="${1}"
......@@ -134,43 +154,61 @@ apply_extension_code_signing_hacks () {
cd "${tmp}"
7z x -tzip "${tbb_install}/omni.ja"
patch -p1 <<EOF
diff -Naur a/chrome/toolkit/content/mozapps/extensions/extensions.js b/chrome/toolkit/content/mozapps/extensions/extensions.js
--- a/chrome/toolkit/content/mozapps/extensions/extensions.js 2000-01-01 00:00:00.000000000 +0000
+++ b/chrome/toolkit/content/mozapps/extensions/extensions.js 2000-01-01 00:00:00.000000000 +0000
@@ -282,7 +282,8 @@
// they aren't the correct type for signing.
if (aAddon.id == "torbutton@torproject.org" ||
aAddon.id == "tor-launcher@torproject.org" ||
- aAddon.id == "https-everywhere-eff@eff.org") {
+ aAddon.id == "https-everywhere-eff@eff.org" ||
+ aAddon.id == "uBlock0@raymondhill.net") {
return true;
}
return aAddon.isCorrectlySigned !== false;
diff -Naur a/modules/addons/XPIProvider.jsm b/modules/addons/XPIProvider.jsm
--- a/modules/addons/XPIProvider.jsm 2000-01-01 00:00:00.000000000 +0000
+++ b/modules/addons/XPIProvider.jsm 2000-01-01 00:00:00.000000000 +0000
@@ -749,7 +749,8 @@
if (aAddon.id == "torbutton@torproject.org" ||
aAddon.id == "tor-launcher@torproject.org" ||
aAddon.id == "https-everywhere-eff@eff.org" ||
- aAddon.id == "meek-http-helper@bamsoftware.com") {
+ aAddon.id == "meek-http-helper@bamsoftware.com" ||
+ aAddon.id == "uBlock0@raymondhill.net") {
diff -Naur a/chrome/toolkit/content/mozapps/extensions/aboutaddonsCommon.js b/chrome/toolkit/content/mozapps/extensions/aboutaddonsCommon.js
--- a/chrome/toolkit/content/mozapps/extensions/aboutaddonsCommon.js 2019-09-02 15:24:00.000000000 +0200
+++ b/chrome/toolkit/content/mozapps/extensions/aboutaddonsCommon.js 2019-09-08 20:42:24.198382292 +0200
@@ -195,6 +195,10 @@
if (addon.id == "https-everywhere-eff@eff.org") {
return true;
}
+ // Allow uBlock installed from Debian (Tails#12571)
+ if (addon.id == "uBlock0@raymondhill.net") {
+ return true;
+ }
return addon.isCorrectlySigned !== false;
}
diff -Naur a/modules/addons/XPIDatabase.jsm b/modules/addons/XPIDatabase.jsm
--- a/modules/addons/XPIDatabase.jsm 2019-09-02 15:24:00.000000000 +0200
+++ b/modules/addons/XPIDatabase.jsm 2019-09-08 20:40:29.469007744 +0200
@@ -2126,6 +2126,11 @@
return true;
}
@@ -3465,6 +3466,7 @@
addon.id != "tor-launcher@torproject.org" &&
addon.id != "https-everywhere-eff@eff.org" &&
addon.id != "meek-http-helper@bamsoftware.com" &&
+ addon.id != "uBlock0@raymondhill.net" &&
addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) {
logger.warn("Refusing to install staged add-on " + id + " with signed state " + addon.signedState);
seenFiles.push(stageDirEntry.leafName);
+ // Ensure that we allow uBlock installed from Debian (Tails#12571)
+ if (aAddon.id == "uBlock0@raymondhill.net") {
+ return true;
+ }
+
// Ensure that Tor Launcher is never enabled as an add-on. It will be
// removed inside getInstallState() soon.
if (aAddon.id == "tor-launcher@torproject.org")
@@ -2729,7 +2734,8 @@
}
unsigned =
- XPIDatabase.mustSign(aNewAddon.type) && !aNewAddon.isCorrectlySigned;
+ XPIDatabase.mustSign(aNewAddon.type) && !aNewAddon.isCorrectlySigned
+ && aNewAddon.id !== "uBlock0@raymondhill.net";
if (unsigned) {
throw Error(`Extension ${aNewAddon.id} is not correctly signed`);
}
diff -Naur a/modules/addons/XPIInstall.jsm b/modules/addons/XPIInstall.jsm
--- a/modules/addons/XPIInstall.jsm 2019-09-02 15:24:00.000000000 +0200
+++ b/modules/addons/XPIInstall.jsm 2019-09-08 20:41:07.345467589 +0200
@@ -3826,6 +3826,7 @@
if (
XPIDatabase.mustSign(addon.type) &&
addon.id !== "https-everywhere-eff@eff.org" &&
+ addon.id !== "uBlock0@raymondhill.net" &&
addon.signedState <= AddonManager.SIGNEDSTATE_MISSING
) {
throw new Error(
EOF
touch --date="@${tbb_timestamp}" modules/addons/XPIProvider.jsm \
chrome/toolkit/content/mozapps/extensions/extensions.js
touch --date="@${tbb_timestamp}" \
chrome/toolkit/content/mozapps/extensions/aboutaddonsCommon.js \
modules/addons/XPIDatabase.jsm \
modules/addons/XPIInstall.jsm
rm "${tbb_install}/omni.ja"
7z a -mtc=off -tzip "${tbb_install}/omni.ja" *
)
......@@ -180,21 +218,21 @@ EOF
cd "${tmp}"
7z x -tzip "${tbb_install}/browser/omni.ja"
patch -p1 <<EOF
diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js
--- a/components/nsBrowserGlue.js 2000-01-01 00:00:00.000000000 +0000
+++ b/components/nsBrowserGlue.js 2000-01-01 00:00:00.000000000 +0000
@@ -1137,7 +1137,8 @@
diff -Naur a/modules/BrowserGlue.jsm b/modules/BrowserGlue.jsm
--- a/modules/BrowserGlue.jsm 2019-09-02 15:24:00.000000000 +0200
+++ b/modules/BrowserGlue.jsm 2019-09-08 20:45:59.323681266 +0200
@@ -1926,7 +1926,8 @@
// disabled. Even if they lack Mozilla's blessing they are enabled
// nevertheless.
if ((addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) &&
!(addon.id == "torbutton@torproject.org" ||
addon.id == "tor-launcher@torproject.org" ||
- addon.id == "https-everywhere-eff@eff.org")) {
+ addon.id == "https-everywhere-eff@eff.org" ||
+ addon.id == "uBlock0@raymondhill.net")) {
- (addon.id !== "https-everywhere-eff@eff.org")) {
+ (addon.id !== "https-everywhere-eff@eff.org") &&
+ (addon.id !== "uBlock0@raymondhill.net")) {
this._notifyUnsignedAddonsDisabled();
break;
}
EOF
touch --date="@${tbb_timestamp}" components/nsBrowserGlue.js
touch --date="@${tbb_timestamp}" modules/BrowserGlue.jsm
rm "${tbb_install}/browser/omni.ja"
7z a -mtc=off -tzip "${tbb_install}/browser/omni.ja" *
)
......@@ -215,15 +253,9 @@ apply_prefs_hacks() {
sed -i '/extensions\.torlauncher\./d' defaults/preferences/000-tor-browser.js
# Display the Stop/Reload button: our test suite currently depends on it
perl -pi -E \
's/^(pref\("browser.uiCustomization.state",.*\\"loop-button\\")/$1,\\"stop-reload-button\\"/' \
's/^(pref\("browser\.uiCustomization\.state",.*\\"loop-button\\")/$1,\\"stop-reload-button\\"/' \
defaults/preferences/000-tor-browser.js
# Hide the security level button in the unsafe browser (#16735)
UNSAFE_BROWSER_PREFS=/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js
echo "\n// Hide the security level button" >> "${UNSAFE_BROWSER_PREFS}"
grep -E '^pref\("browser.uiCustomization.state"' defaults/preferences/000-tor-browser.js | \
perl -p -E 's/(.*)\\"security-level-button\\",/user_$1/' >> "${UNSAFE_BROWSER_PREFS}"
# Append our custom prefs
cat /usr/share/tails/tor-browser-prefs.js \
>> defaults/preferences/000-tor-browser.js
......@@ -327,6 +359,7 @@ install_tor_browser "${TMP}/${MAIN_TARBALL}" "${TBB_INSTALL}"
apply_extension_code_signing_hacks "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
apply_prefs_hacks "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
strip_nondeterminism "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
install_tor_launcher "${TBB_INSTALL}" "${TOR_LAUNCHER_INSTALL}"
mkdir -p "${TBB_EXT}"
if [ "${NIGHTLY_BUILD}" != yes ]; then
......
#!/bin/sh
set -e
set -u
echo "Prepare the Unsafe Browser"
# Import ensure_hook_dependency_is_installed()
. /usr/local/lib/tails-shell-library/build.sh
# Install python3-lz4 (required by jsonlz4)
ensure_hook_dependency_is_installed python3-lz4
# Compress the addonStartup.json with Mozilla's jsonlz4
INPUT="/usr/share/tails/chroot-browsers/unsafe-browser/addonStartup.json"
OUTPUT="${INPUT}.lz4"
/usr/local/bin/jsonlz4 -c < "${INPUT}" > "${OUTPUT}"
......@@ -32,3 +32,7 @@ update-ca-certificates
# debugging (and slightly make things easier for malware, perhaps) and
# otherwise just occupy disk space.
rm -f /boot/*.map /boot/*.map-*
# Files needed at build time for preparing the Unsafe Browser
rm /usr/local/bin/jsonlz4
rm /usr/share/tails/chroot-browsers/unsafe-browser/addonStartup.json
......@@ -25,14 +25,3 @@
/* Hide HTTPS Everywhere button in the toolbar */
#https-everywhere-button { display: none; }
/* Hide the uBlock sidebar, that's opened on first launch
References:
- https://github.com/gorhill/uBlock/releases/tag/1.16.6
- https://github.com/uBlock-LLC/uBlock/issues/1764 */
vbox#sidebar-box[sidebarcommand="_UUID~ADDON_-sidebar-action"] {
display: none !important;
}
vbox#sidebar-box[sidebarcommand="ublock0_raymondhill_net-sidebar-action"] {
display: none !important;
}
#!/usr/bin/env python3
# This script is based on https://unix.stackexchange.com/a/434882
# Original author: https://unix.stackexchange.com/users/61726/h%c3%a5kon-a-hjortland
import os
import sys
import lz4.block
usage = f"""Usage: {sys.argv[0]} [-c|-d] < infile > outfile
Compress or decompress Mozilla-flavor LZ4 files.
Examples:
{sys.argv[0]} -d < infile.json.lz4 > outfile.json
{sys.argv[0]} -c < infile.json > outfile.json.lz4"""
stdin = os.fdopen(sys.stdin.fileno(), 'rb')
stdout = os.fdopen(sys.stdout.fileno(), 'wb')
if sys.argv[1:] == ['-c']:
stdout.write(b'mozLz40\0' + lz4.block.compress(stdin.read()))
elif sys.argv[1:] == ['-d']:
assert stdin.read(8) == b'mozLz40\0'
stdout.write(lz4.block.decompress(stdin.read()))
else:
print(usage)
sys.exit(1)
......@@ -27,6 +27,9 @@ if [ ! -d "${PROFILE}" ]; then
configure_best_tor_launcher_locale "${PROFILE}"
fi
# Make sure Tor Launcher is not disabled.
export TOR_SKIP_LAUNCH=0
exec_unconfined_firefox \
-app "${TOR_LAUNCHER_INSTALL}/application.ini" \
-profile "${PROFILE}"
......@@ -566,7 +566,16 @@ class FilteredControlPortProxyHandler(socketserver.StreamRequestHandler):
))
def connect_to_real_control_port(self):
controller = stem.connection.connect(control_socket=global_args.control_socket_path)
controller = None
tries = 0
# If tor isn't running this would just loop endlessly as fast
# as possible, so let's rate limit it so it at least cannot
# become a performance issue.
while not controller:
if tries >= 3:
time.sleep(1)
controller = stem.connection.connect(control_socket=global_args.control_socket_path)
tries += 1
stem.connection.authenticate_cookie(controller, cookie_path=global_args.control_cookie_path)
return controller
......
......@@ -7,7 +7,7 @@ if [ "$(whoami)" != "root" ]; then
exit 1
fi
# Import the TBB_INSTALL, TBB_PROFILE and TBB_EXT variables, and
# Import the TBB_INSTALL and TBB_EXT variables, and
# configure_xulrunner_app_locale().
. /usr/local/lib/tails-shell-library/tor-browser.sh
......@@ -122,7 +122,11 @@ configure_chroot_browser_profile () {
local extension
while [ -n "${*:-}" ]; do
extension="${1}" ; shift
ln -s "${extension}" "${browser_ext}"
if [ "$(basename "${extension}")" = 'red-2.0-an+fx.xpi' ]; then
ln -s "${extension}" "${browser_ext}"/'{91a24c60-0f27-427c-b9a6-96b71f3984a9}.xpi'
else
ln -s "${extension}" "${browser_ext}"
fi
done
# Set preferences
......@@ -131,15 +135,16 @@ configure_chroot_browser_profile () {
cat "${chroot_browser_config}/common/prefs.js" \
"${chroot_browser_config}/${browser_name}/prefs.js" > "${browser_prefs}"
# Install addonStartup.json.lz4. This is required to enable the red theme.
cp "${chroot_browser_config}/${browser_name}/addonStartup.json.lz4" \
"${browser_profile}"
# Set browser home page to something that explains what's going on
if [ -n "${home_page:-}" ]; then
echo 'user_pref("browser.startup.homepage", "'"${home_page}"'");' >> \
"${browser_prefs}"
fi
# Set an appropriate theme
cat "${chroot_browser_config}/${browser_name}/theme.js" >> "${browser_prefs}"
# Customize the GUI.
local browser_chrome="${browser_profile}/chrome/userChrome.css"
mkdir -p "$(dirname "${browser_chrome}")"
......@@ -159,8 +164,6 @@ set_chroot_browser_locale () {
configure_xulrunner_app_locale "${browser_profile}" "${locale}"
}
# Must be called after configure_chroot_browser_profile(), since it
# depends on which extensions are installed in the profile.
set_chroot_browser_name () {
local chroot="${1}"
local human_readable_name="${2}"
......@@ -170,65 +173,36 @@ set_chroot_browser_name () {
local ext_dir="${chroot}/${TBB_EXT}"
local browser_profile_ext_dir="$(chroot_browser_profile_dir "${chroot}" "${browser_name}" "${browser_user}")/extensions"
# If Torbutton is installed in the browser profile, it will decide
# Torbutton is installed in the browser's omni.ja and it decides
# the browser name.
if [ -e "${browser_profile_ext_dir}/torbutton@torproject.org" ]; then
local torbutton_locale_dir="${ext_dir}/torbutton/chrome/locale/${locale}"
if [ ! -d "${torbutton_locale_dir}" ]; then
# Surprisingly, the default locale is en, not en-US
torbutton_locale_dir="${chroot}/usr/share/xul-ext/torbutton/chrome/locale/en"
fi
sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\|Shorter\)Name.*$/<"'!'"ENTITY brand\1Name \"${human_readable_name}\">/" "${torbutton_locale_dir}/brand.dtd"
# Since Torbutton decides the name, we don't have to mess with
# with the browser's own branding, which will save time and
# memory.
return
fi
local pack top rest
if [ "${locale}" != "en-US" ]; then
pack="${ext_dir}/langpack-${locale}@firefox.mozilla.org.xpi"
top="browser/chrome"
rest="${locale}/locale"
else
pack="${chroot}/${TBB_INSTALL}/browser/omni.ja"
top="chrome"
rest="en-US/locale"
fi
local pack="${chroot}/${TBB_INSTALL}/omni.ja"
local tmp="$(mktemp -d)"
local branding_dtd="${top}/${rest}/branding/brand.dtd"
local branding_properties="${top}/${rest}/branding/brand.properties"
7z x -o"${tmp}" "${pack}" "${branding_dtd}" "${branding_properties}"
sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\|Shorter\)Name.*$/<"'!'"ENTITY brand\1Name \"${human_readable_name}\">/" "${tmp}/${branding_dtd}"
perl -pi -E \
's/^(brand(?:Full|Short|Shorter)Name=).*$/$1'"${human_readable_name}/" \
"${tmp}/${branding_properties}"
(cd ${tmp} ; 7z u -tzip "${pack}" .)
(
cd "${tmp}"
7z x -o"${tmp}" "${pack}" chrome/torbutton/locale
local torbutton_locale_dir="chrome/torbutton/locale/${locale}"
if [ ! -d "${torbutton_locale_dir}" ]; then
torbutton_locale_dir="chrome/torbutton/locale/en-US"
fi
sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\|Shorter\)Name.*$/<"'!'"ENTITY brand\1Name \"${human_readable_name}\">/" "${torbutton_locale_dir}/brand.dtd"
7z u -tzip "${pack}" .
)
chmod a+r "${pack}"
rm -Rf "${tmp}"
}
delete_chroot_browser_searchplugins() {
local chroot="${1}"
local locale="${2}"
local ext_dir="${chroot}/${TBB_EXT}"
if [ "${locale}" != "en-US" ]; then
pack="${ext_dir}/langpack-${locale}@firefox.mozilla.org.xpi"
top="browser/chrome"
rest="${locale}/locale"
else
pack="${chroot}/${TBB_INSTALL}/browser/omni.ja"
top="chrome"
rest="en-US/locale"
fi
local searchplugins_dir="${top}/${rest}/browser/searchplugins"
pack="${chroot}/${TBB_INSTALL}/browser/omni.ja"
local searchplugins_dir="chrome/browser/search-extensions"
local searchplugins_list="${searchplugins_dir}/list.json"
local tmp="$(mktemp -d)"
(
cd "${tmp}"
7z x -tzip "${pack}" "${searchplugins_dir}"
ls "${searchplugins_dir}"/*.xml | xargs 7z d -tzip "${pack}"
ls -d "${searchplugins_dir}"/*/manifest.json | xargs 7z d -tzip "${pack}"
echo '{"default": {"visibleDefaultEngines": []}, "experimental-hidden": {"visibleDefaultEngines": []}}' \
> "${searchplugins_list}"
7z u -tzip "${pack}" "${searchplugins_list}"
......@@ -253,7 +227,7 @@ configure_chroot_browser () {
"${best_locale}"
set_chroot_browser_name "${chroot}" "${human_readable_name}" \
"${browser_name}" "${browser_user}" "${best_locale}"
delete_chroot_browser_searchplugins "${chroot}" "${best_locale}"
delete_chroot_browser_searchplugins "${chroot}"
set_chroot_browser_permissions "${chroot}" "${browser_name}" \
"${browser_user}"
}
......@@ -270,8 +244,8 @@ run_browser_in_chroot () {
sudo -u "${local_user}" xhost "+SI:localuser:${chroot_user}"
chroot "${chroot}" sudo -u "${chroot_user}" /bin/sh -c \
". /usr/local/lib/tails-shell-library/tor-browser.sh && \
exec_firefox -DISPLAY='${DISPLAY}' \
--class='${wm_class}' \
export TOR_TRANSPROXY=1 && \
exec_firefox --class='${wm_class}' \
-profile '${profile}'"
sudo -u "${local_user}" xhost "-SI:localuser:${chroot_user}"
}
......@@ -27,6 +27,13 @@ exec_firefox_helper() {
export FONTCONFIG_FILE="fonts.conf"
export GNOME_ACCESSIBILITY=1
# Since Tor Browser 9.0 it has become integrated into the browser,
# so let's make it the responsibility of callers to explicitly set
# this variable to 0 if they want to enable Tor Launcher.
if [ -z "${TOR_SKIP_LAUNCH:-}" ]; then
export TOR_SKIP_LAUNCH=1
fi
# The Tor Browser often assumes that the current directory is
# where the browser lives, e.g. for the fixed set of fonts set by
# fontconfig above.
......
......@@ -10,16 +10,13 @@ export TEXTDOMAIN
# Import tor_has_bootstrapped()
. /usr/local/lib/tails-shell-library/systemd.sh
# Import the TBB_EXT variable, and guess_best_tor_browser_locale().
# Import the TBB_EXT variable.
. /usr/local/lib/tails-shell-library/tor-browser.sh
# Import localized_tails_doc_page().
. /usr/local/lib/tails-shell-library/localization.sh
# Import try_cleanup_browser_chroot(), setup_browser_chroot(),
# configure_chroot_dns_servers(), configure_chroot_browser(),
# configure_chroot_browser(), set_chroot_browser_locale()
# set_chroot_browser_name(), set_chroot_browser_permissions()
# Import setup_chroot_for_browser(), configure_chroot_browser(),
# and run_browser_in_chroot().
. /usr/local/lib/tails-shell-library/chroot-browser.sh
......@@ -100,7 +97,9 @@ setup_chroot_for_browser "${CHROOT}" "${COW}" "${BROWSER_USER}" || \
echo "* Configuring chroot"
configure_chroot_browser "${CHROOT}" "${BROWSER_USER}" "${BROWSER_NAME}" \
"${HUMAN_READABLE_NAME}" "${HOME_PAGE}" "${TBB_EXT}"/langpack-*.xpi || \
"${HUMAN_READABLE_NAME}" "${HOME_PAGE}" \
"${TBB_EXT}"/langpack-*.xpi \
/usr/share/tails/chroot-browsers/unsafe-browser/extensions/*.xpi || \
error "`gettext \"Failed to configure browser.\"`"
# If /etc/resolv-over-clearnet.conf file is empty or doesn't exist, we
# have no clearnet DNS server.
......
......@@ -18,10 +18,12 @@ is:IS
it:IT
ja:JP
ko:KR
mk:MK
nb-NO:NO
nl:NL
pl:PL
pt-BR:BR
ro:RO
ru:RU
sv-SE:SE
tr:TR
......
......@@ -18,3 +18,6 @@ user_pref("print.postscript.cups.enabled", false);
// Hide "Get Addons" in Add-ons manager
user_pref("extensions.getAddons.showPane", false);
// Disable Pocket service integration
pref("extensions.pocket.enabled", false);
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
/* Hide features specific to Tor Browser. */
#appMenuNewIdentity,