Commit c95c30b5 authored by anonym's avatar anonym

Keep clearnet DNS server configured /etc/resolv-over-clearnet.conf.

This is cleaner, and will help us on our path to #8775.

Refs: #8775
parent d54c1a9f
#!/bin/sh
# This file is needed by the Unsafe Browser.
# Run only when the interface is not "lo":
if [ -z "$1" ] || [ "$1" = "lo" ]; then
exit 0
fi
# Run whenever an interface gets "up", not otherwise:
if [ "$2" != "up" ]; then
exit 0
fi
RESOLV_CLEARNET_CONF=/etc/resolv-over-clearnet.conf
# We are truncating the file as opposed to deleting + recreating it
# for a reason: we mount-bind this file over /etc/resolv.conf for
# processes (via mount namespaces) that we want to give clearnet DNS
# resolving, and deleting + recreating it would mean that the
# bind-mount would remain outdated.
echo -n > "${RESOLV_CLEARNET_CONF}"
IP4_REGEX='[0-9]{1,3}(\.[0-9]{1,3}){3}'
for ns in ${IP4_NAMESERVERS}; do
if echo "${ns}" | grep --extended-regexp -q "^${IP4_REGEX}$"; then
echo "nameserver ${ns}" >> "${RESOLV_CLEARNET_CONF}"
fi
done
#!/bin/sh
# This information is needed by the Unsafe Browser.
# Run only when the interface is not "lo":
if [ -z "$1" ] || [ "$1" = "lo" ]; then
exit 0
fi
# Run whenever an interface gets "up", not otherwise:
if [ "$2" != "up" ]; then
exit 0
fi
echo "IP4_NAMESERVERS=\"${IP4_NAMESERVERS}\"" > /var/lib/NetworkManager/env
......@@ -87,18 +87,6 @@ chroot_browser_profile_dir () {
echo "${conf_dir}/profile.default"
}
# Set the chroot's DNS servers (IPv4 only)
configure_chroot_dns_servers () {
local chroot="${1}" ; shift
local ip4_nameservers="${@}"
rm -f "${chroot}/etc/resolv.conf"
for ns in ${ip4_nameservers}; do
echo "nameserver ${ns}" >> "${chroot}/etc/resolv.conf"
done
chmod a+r "${chroot}/etc/resolv.conf"
}
set_chroot_browser_permissions () {
local chroot="${1}"
local browser_name="${2}"
......@@ -219,12 +207,10 @@ configure_chroot_browser () {
local browser_name="${1}" ; shift
local human_readable_name="${1}" ; shift
local home_page="${1}" ; shift
local dns_servers="${1}" ; shift
# Now $@ is a list of paths (that must be valid after chrooting)
# to extensions to enable.
local best_locale="$(guess_best_tor_browser_locale)"
configure_chroot_dns_servers "${chroot}" "${dns_servers}"
configure_chroot_browser_profile "${chroot}" "${browser_name}" \
"${browser_user}" "${home_page}" "${@}"
set_chroot_browser_locale "${chroot}" "${browser_name}" "${browser_user}" \
......
......@@ -92,28 +92,6 @@ if ! flock -x -n 9; then
error "`gettext \"Another Unsafe Browser is currently running, or being cleaned up. Please retry in a while.\"`"
fi
# Get the DNS servers that was obtained from NetworkManager, if any...
if [ -r "${NM_ENV_FILE}" ]; then
# We also check that the file we are gonna *source* doesn't
# contain any unexpected data, like (potentially malicious) shell
# script. Note that while the regex used for deciding IP addresses
# is far from perfect, it serves our purpose here.
IP4_REGEX='[0-9]{1,3}(\.[0-9]{1,3}){3}'
NAMESERVERS_REGEX="^IP4_NAMESERVERS=\"(${IP4_REGEX}( ${IP4_REGEX})*)?\"$"
if grep --extended-regexp -qv "${NAMESERVERS_REGEX}" "${NM_ENV_FILE}"; then
error "`gettext \"NetworkManager passed us garbage data when trying to deduce the clearnet DNS server.\"`"
fi
# Import the IP4_NAMESERVERS variable.
eval "$(grep --extended-regexp "${NAMESERVERS_REGEX}" "${NM_ENV_FILE}")"
fi
# ... otherwise fail.
# FIXME: Or would it make sense to fallback to Google's DNS or OpenDNS?
# Some stupid captive portals may allow DNS to any host, but chances are
# that only the portal's DNS would forward to the login page.
if [ -z "${IP4_NAMESERVERS:-}" ]; then
error "`gettext \"No DNS server was obtained through DHCP or manually configured in NetworkManager.\"`"
fi
verify_start
show_start_notification
......@@ -123,9 +101,15 @@ setup_chroot_for_browser "${CHROOT}" "${COW}" "${BROWSER_USER}" || \
echo "* Configuring chroot"
configure_chroot_browser "${CHROOT}" "${BROWSER_USER}" "${BROWSER_NAME}" \
"${HUMAN_READABLE_NAME}" "${HOME_PAGE}" "${IP4_NAMESERVERS}" \
"${TBB_EXT}"/langpack-*.xpi || \
"${HUMAN_READABLE_NAME}" "${HOME_PAGE}" "${TBB_EXT}"/langpack-*.xpi || \
error "`gettext \"Failed to configure browser.\"`"
# If /etc/resolv-over-clearnet.conf file is empty or doesn't exist, we
# have no clearnet DNS server.
if [ "$(stat --format=%s /etc/resolv-over-clearnet.conf || echo 0)" -gt 0 ]; then
cp /etc/resolv-over-clearnet.conf "${CHROOT}"/etc/resolv.conf
else
error "`gettext \"No DNS server was obtained through DHCP or manually configured in NetworkManager.\"`"
fi
echo "* Starting Unsafe Browser"
run_browser_in_chroot "${CHROOT}" "${BROWSER_NAME}" "${BROWSER_USER}" \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment