Commit e082e31d authored by Tails developers's avatar Tails developers
Browse files

Merge remote-tracking branch 'origin/testing' into feature/tor-browser-bundle

Conflicts:
	wiki/src/doc/anonymous_internet/i2p.mdwn
parents 894b0b24 3463a71b
......@@ -41,7 +41,11 @@
/config/chroot_local-includes/usr/share/applications/tails-reboot.desktop
/config/chroot_local-includes/usr/share/applications/unsafe-browser.desktop
/config/chroot_local-includes/usr/share/applications/tails-shutdown.desktop
/config/chroot_local-includes/usr/share/applications/i2p.desktop
/config/chroot_local-includes/usr/share/applications/i2p-browser.desktop
/config/chroot_local-includes/usr/share/applications/tor-browser.desktop
/config/chroot_local-includes/usr/share/applications/tails-about.desktop
/config/chroot_local-includes/usr/share/desktop-directories/Tails.directory
/tmp/
# Files generated during the test suite
/features/misc_files/video.mp4
......@@ -210,10 +210,6 @@ Package: ttdnsd
Pin: release o=TorProject,a=unstable
Pin-Priority: 999
Package: xul-ext-foxyproxy-standard
Pin: release o=Debian,a=experimental
Pin-Priority: 999
Package: xul-ext-https-everywhere
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......@@ -240,6 +236,10 @@ Package: *
Pin: release o=Debian,n=wheezy-updates
Pin-Priority: 990
Package: *
Pin: release o=Debian,n=wheezy-proposed-updates
Pin-Priority: 990
Package: *
Pin: release o=Debian,n=wheezy
Pin-Priority: 990
......
#!/bin/sh
set -e
# Create the i2pbrowser user.
#
# We run i2p-browser under this user
echo "Creating the i2pbrowser user"
adduser --system --quiet --group i2pbrowser
......@@ -4,27 +4,6 @@ set -eu
echo "Install the Tor Browser"
# Get the below with `grep "tor-browser-linux32-.*\.tar.xz" sha256sums.txt`
BUNDLES="$(cat <<EOF
473780a5145859a8d516e76cb27be25b0baf16007ba50cd8ba78a536bc806fc5 tor-browser-linux32-tbb-nightly_ar.tar.xz
3e3d6fd1ea47067fc00625b8cd62d23079ef71dc91734bfb823542c26ce192cf tor-browser-linux32-tbb-nightly_en-US.tar.xz
df4745725e7b3fe99c218166ffbe38eef8e9d636c42b72c8a2b8229fc3bdd83b tor-browser-linux32-tbb-nightly_ru.tar.xz
b624b1f9a16e4ff4cffb3478f63249ed73ae902732b64fca0f183ad73ed1b5ac tor-browser-linux32-tbb-nightly_zh-CN.tar.xz
EOF
)"
MAIN_BUNDLE="$(echo "${BUNDLES}" | grep -o "tor-browser-linux32-.*_en-US.tar.xz")"
#VERSION="$(echo "${MAIN_BUNDLE}" | sed 's/tor-browser-linux32-\(.*\)_en-US.tar.xz/\1/')"
VERSION=tbb-nightly-2014-10-07
# Note that we cannot use https here since apt-cacher-ng (used by vagrant)
# gets confused and throws a 403. It doesn't matter, though, since we verify
# the checksums of each file downloaded.
#TBB_DIST_URL="http://archive.torproject.org/tor-package-archive/torbrowser/${VERSION}"
#TBB_DIST_URL="http://www.torproject.org/dist/torbrowser/${VERSION}/"
#TBB_DIST_URL="http://people.torproject.org/~mikeperry/builds/${VERSION}/"
#TBB_DIST_URL="http://people.torproject.org/~gk/testbuilds/${VERSION}"
TBB_DIST_URL="http://people.torproject.org/~linus/builds/${VERSION}"
# Import the TBB_INSTALL, TBB_PROFILE and TBB_EXT variables, which
# contains the paths we will split TBB's actual browser (binaries
# etc), user data and extension into. While this differs from how the
......@@ -32,130 +11,212 @@ TBB_DIST_URL="http://people.torproject.org/~linus/builds/${VERSION}"
# practical since when creating a new browser profile we can simply
# copy the profile directory without duplicating all extensions.
. /usr/local/lib/tails-shell-library/tor-browser.sh
mkdir -p "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
# Use the builder's caching APT proxy, if any
APT_PROXY="$(apt-config --format '%v' dump Acquire::http::Proxy)"
if [ -n "${APT_PROXY}" ]; then
export HTTP_PROXY="${APT_PROXY}"
export http_proxy="${APT_PROXY}"
export HTTPS_PROXY="${APT_PROXY}"
export https_proxy="${APT_PROXY}"
fi
TMP="$(mktemp -d)"
echo "${BUNDLES}" | while read expected_sha256 tarball; do
(
cd "${TMP}"
echo "Fetching ${TBB_DIST_URL}/${tarball} ..."
curl --remote-name "${TBB_DIST_URL}/${tarball}"
)
actual_sha256="$(sha256sum "${TMP}/${tarball}" | cut -d' ' -f1)"
if [ "${actual_sha256}" != "${expected_sha256}" ]; then
echo "SHA256 mismatch for ${tarball}" >&2
exit 1
fi
done
# We'll use the en-US bundle as our basis...
tar -xf "${TMP}/${MAIN_BUNDLE}" -C "${TMP}" tor-browser_en-US
TBB_PREP="${TMP}"/tor-browser_en-US
# ... only extracting the localization addon from the other ones, which
# we'll put in a global extensions directory that we'll symlink to so
# we don't have to deal with wasteful copies.
for tarball in "${TMP}"/tor-browser-*.tar.xz; do
locale="$(echo "${tarball}" | sed "s@^.*/tor-browser-.*_\(.*\)\.tar\.xz@\1@")"
if [ "${locale}" = en-US ]; then
continue
download_and_verify_files() {
local base_url bundles destination apt_proxy
base_url="${1}"
bundles="${2}"
destination="${3}"
# Use the builder's caching APT proxy, if any
apt_proxy="$(apt-config --format '%v' dump Acquire::http::Proxy)"
if [ -n "${apt_proxy}" ]; then
export HTTP_PROXY="${apt_proxy}"
export http_proxy="${apt_proxy}"
export HTTPS_PROXY="${apt_proxy}"
export https_proxy="${apt_proxy}"
fi
xpi="tor-browser_${locale}/Browser/TorBrowser/Data/Browser/profile.default/extensions/langpack-${locale}@firefox.mozilla.org.xpi"
(
cd "${TMP}"
tar -xf "${tarball}" "${xpi}"
mv "${xpi}" "${TBB_EXT}"
)
done
# Enable our myspell/hunspell dictionaries. TBB only provides the one
# for en-US, but Debian's seems more comprehensive, so we'll only use
# Debian's dictionaries.
rm -f "${TBB_PREP}"/Browser/dictionaries/*
for f in /usr/share/hunspell/*.aff /usr/share/hunspell/*.dic; do
name="$(basename "${f}")"
ln -s "${f}" "${TBB_PREP}"/Browser/dictionaries/"${name}"
done
# We don't want tor-launcher to be part of the regular browser
# profile. Moreover, for the stand-alone tor-launcher we use, we need
# our patched version. So, the version shipped in the TB really is not
# useful for us.
rm "${TBB_PREP}/Browser/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi"
# Remove TBB's torbutton since the "Tor test" will fail and about:tor
# will report an error. We'll install our own Torbutton later, which
# has the extensions.torbutton.test_enabled boolean pref as a workaround.
rm "${TBB_PREP}/Browser/TorBrowser/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi"
# See comment below why we need the Browser sub-dir
mv "${TBB_PREP}/Browser" "${TBB_INSTALL}"/Browser
# The Tor Browser will fail, complaining about an incomplete profile,
# unless there's a readable Browser/TorBrowser/Data/Browser/Caches
# in the directory where the firefox executable is located.
mkdir -p "${TBB_INSTALL}"/Browser/TorBrowser/Data/Browser/Caches
# Let's put all the bundled extensions in the global extensions directory
mv "${TBB_INSTALL}"/Browser/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}"
rmdir "${TBB_INSTALL}"/Browser/TorBrowser/Data/Browser/profile.default/extensions
echo "${bundles}" | while read expected_sha256 tarball; do
(
cd "${destination}"
echo "Fetching ${base_url}/${tarball} ..."
curl --remote-name "${base_url}/${tarball}"
)
actual_sha256="$(sha256sum "${destination}/${tarball}" | cut -d' ' -f1)"
if [ "${actual_sha256}" != "${expected_sha256}" ]; then
echo "SHA256 mismatch for ${tarball}" >&2
exit 1
fi
done
}
install_tor_browser() {
local bundle destination tmp prep
bundle="${1}"
destination="${2}"
tmp="$(mktemp -d)"
tar -xf "${bundle}" -C "${tmp}" tor-browser_en-US
prep="${tmp}"/tor-browser_en-US/Browser
# Enable our myspell/hunspell dictionaries. TBB only provides the
# one for en-US, but Debian's seems more comprehensive, so we'll
# only use Debian's dictionaries.
rm -f "${prep}"/dictionaries/*
for f in /usr/share/hunspell/*.aff /usr/share/hunspell/*.dic; do
ln -s "${f}" "${prep}"/dictionaries/
done
# We don't need the Tor binary (and shared libraries) and
# documentation shipped in the TBB.
rm -r "${prep}"/TorBrowser/Tor "${prep}"/TorBrowser/Docs
# We don't want tor-launcher to be part of the regular browser
# profile. Moreover, for the stand-alone tor-launcher we use, we
# need our patched version. So, the version shipped in the TB
# really is not useful for us.
rm "${prep}/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi"
# Remove TBB's torbutton since the "Tor test" will fail and about:tor
# will report an error. We'll install our own Torbutton later, which
# has the extensions.torbutton.test_enabled boolean pref as a workaround.
rm "${prep}/TorBrowser/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi"
# The Tor Browser will fail, complaining about an incomplete profile,
# unless there's a readable TorBrowser/Data/Browser/Caches
# in the directory where the firefox executable is located.
mkdir -p "${prep}"/TorBrowser/Data/Browser/Caches
mv "${prep}" "${destination}"
rm -r "${tmp}"
}
install_langpacks_from_bundles() {
local bundles_dir destination
bundles_dir="${1}"
destination="${2}"
for tarball in "${bundles_dir}"/tor-browser-*.tar.xz; do
locale="$(echo "${tarball}" | sed "s@^.*/tor-browser-.*_\(.*\)\.tar\.xz@\1@")"
if [ "${locale}" = en-US ]; then
continue
fi
xpi="tor-browser_${locale}/Browser/TorBrowser/Data/Browser/profile.default/extensions/langpack-${locale}@firefox.mozilla.org.xpi"
(
cd "${bundles_dir}"
tar -xf "${tarball}" "${xpi}"
mv "${xpi}" "${destination}"
)
done
}
get_firefox_version() {
# The application.ini file
local appini
appini="${1}"
sed -n 's/^Version=\(.*\)$/\1/p' "${appini}"
}
# Create and install a fake iceweasel package so we can install our
# desired Debian-packaged Iceweasel addons
apt-get install --yes equivs
FAKE_ICEWEASEL_VERSION=$(sed -n 's/^Version=\(.*\)$/\1/p' "${TBB_INSTALL}"/Browser/application.ini)+fake1
cat > "${TMP}"/iceweasel.control << EOF
install_fake_iceweasel_pkg() {
local fake_version tmp
fake_version="${1}"
tmp="$(mktemp -d)"
apt-get install --yes equivs
cat > "${tmp}"/iceweasel.control << EOF
Section: web
Priority: optional
Homepage: https://tails.boum.org/
Standards-Version: 3.6.2
Package: iceweasel
Version: ${FAKE_ICEWEASEL_VERSION}
Version: ${fake_version}
Maintainer: Tails developers <amnesia@boum.org>
Architecture: all
Description: (Fake) Iceweasel
Make it possible to install Debian's Iceweasel addons without having to
install a real Iceweasel.
EOF
(
cd "${TMP}"
equivs-build "${TMP}"/iceweasel.control
dpkg -i "${TMP}"/iceweasel_"${FAKE_ICEWEASEL_VERSION}"_all.deb
)
(
cd "${tmp}"
equivs-build "${tmp}"/iceweasel.control
dpkg -i "${tmp}"/iceweasel_"${fake_version}"_all.deb
)
rm -R "${tmp}"
}
install_debian_extensions() {
local destination
destination="${1}"
apt-get install --yes xul-ext-adblock-plus xul-ext-torbutton
ln -s /usr/share/xul-ext/adblock-plus/ \
"${destination}"/'{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}'
ln -s /usr/share/xul-ext/torbutton/ \
"${destination}"/torbutton@torproject.org
}
create_default_profile() {
local tbb_profile extensions_dir destination
tbb_profile="${1}"
tbb_extensions_dir="${2}"
destination="${3}"
rsync -a --exclude bookmarks.html --exclude extensions \
"${tbb_profile}"/ "${destination}"/
# Remove TBB's default bridges
sed -i '/extensions\.torlauncher\.default_bridge\./d' "${destination}"/preferences/extension-overrides.js
mkdir -p "${destination}"/extensions
for ext in "${tbb_extensions_dir}"/*; do
ln -s "${ext}" "${destination}"/extensions/
done
}
apt-get install --yes xul-ext-adblock-plus xul-ext-foxyproxy-standard xul-ext-torbutton
# Get the below with `grep "tor-browser-linux32-.*\.tar.xz" sha256sums.txt`
BUNDLES="$(cat <<EOF
473780a5145859a8d516e76cb27be25b0baf16007ba50cd8ba78a536bc806fc5 tor-browser-linux32-tbb-nightly_ar.tar.xz
3e3d6fd1ea47067fc00625b8cd62d23079ef71dc91734bfb823542c26ce192cf tor-browser-linux32-tbb-nightly_en-US.tar.xz
df4745725e7b3fe99c218166ffbe38eef8e9d636c42b72c8a2b8229fc3bdd83b tor-browser-linux32-tbb-nightly_ru.tar.xz
b624b1f9a16e4ff4cffb3478f63249ed73ae902732b64fca0f183ad73ed1b5ac tor-browser-linux32-tbb-nightly_zh-CN.tar.xz
EOF
)"
ln -s /usr/share/xul-ext/adblock-plus/ "${TBB_EXT}"/'{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}'
ln -s /usr/share/xul-ext/foxyproxy-standard/ "${TBB_EXT}"/foxyproxy@eric.h.jung
ln -s /usr/share/xul-ext/torbutton/ "${TBB_EXT}"/torbutton@torproject.org
# We'll use the en-US bundle as our basis; only langpacks will be
# installed from the other bundles.
MAIN_BUNDLE="$(echo "${BUNDLES}" | grep -o "tor-browser-linux32-.*_en-US.tar.xz")"
#VERSION="$(echo "${MAIN_BUNDLE}" | sed 's/tor-browser-linux32-\(.*\)_en-US.tar.xz/\1/')"
VERSION=tbb-nightly-2014-10-07
# Note that we cannot use https here since apt-cacher-ng (used by vagrant)
# gets confused and throws a 403. It doesn't matter, though, since we verify
# the checksums of each file downloaded.
#TBB_DIST_URL="http://archive.torproject.org/tor-package-archive/torbrowser/${VERSION}"
#TBB_DIST_URL="http://www.torproject.org/dist/torbrowser/${VERSION}/"
#TBB_DIST_URL="http://people.torproject.org/~mikeperry/builds/${VERSION}/"
#TBB_DIST_URL="http://people.torproject.org/~gk/testbuilds/${VERSION}"
TBB_DIST_URL="http://people.torproject.org/~linus/builds/${VERSION}"
TMP="$(mktemp -d)"
download_and_verify_files "${TBB_DIST_URL}" "${BUNDLES}" "${TMP}"
install_tor_browser "${TMP}/${MAIN_BUNDLE}" "${TBB_INSTALL}"
rsync -a --exclude bookmarks.html --exclude extensions \
"${TBB_INSTALL}"/Browser/TorBrowser/Data/Browser/profile.default/ \
"${TBB_PROFILE}"/
mkdir -p "${TBB_EXT}"
install_langpacks_from_bundles "${TMP}" "${TBB_EXT}"
rm -r "${TMP}"
# Remove TBB's default bridges
sed -i '/extensions\.torlauncher\.default_bridge\./d' "${TBB_PROFILE}"/preferences/extension-overrides.js
# Let's put all the extensions from TBB in the global extensions
# directory...
mv "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}"
rmdir "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions
mkdir -p "${TBB_PROFILE}"/extensions
for ext in "${TBB_EXT}"/*; do
ln -s "${ext}" "${TBB_PROFILE}"/extensions/
done
# ... and then install a few Iceweasel extension by using a fake
# Iceweasel equivs package to satisfy the dependencies.
FIREFOX_VERSION=$(get_firefox_version "${TBB_INSTALL}"/application.ini)
FAKE_ICEWEASEL_VERSION=${FIREFOX_VERSION}+fake1
install_fake_iceweasel_pkg "${FAKE_ICEWEASEL_VERSION}"
install_debian_extensions "${TBB_EXT}"
mkdir -p "${TBB_PROFILE}"
create_default_profile "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default "${TBB_EXT}" "${TBB_PROFILE}"
chown -R root:root "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
chmod -R a+rX "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
rm -r "${TMP}"
# Make the Tor Browser into the system's default web browser
update-alternatives --install /usr/bin/x-www-browser x-www-browser /usr/local/bin/tor-browser 99
update-alternatives --install /usr/bin/gnome-www-browser gnome-www-browser /usr/local/bin/tor-browser 99
......@@ -9,7 +9,7 @@ echo "Removing unwanted browser search plugins"
# Import the TBB_INSTALL variable
. /usr/local/lib/tails-shell-library/tor-browser.sh
PLUGIN_DIR="${TBB_INSTALL}"/Browser/browser/searchplugins
PLUGIN_DIR="${TBB_INSTALL}"/browser/searchplugins
rm "${PLUGIN_DIR}"/amazon*.xml
rm "${PLUGIN_DIR}"/bing*.xml
rm "${PLUGIN_DIR}"/eBay*.xml
......
......@@ -4,7 +4,10 @@ set -e
echo "Overriding TBB branding with our own"
# Import the TBB_PROFILE variable.
. /usr/local/lib/tails-shell-library/tor-browser.sh
install --owner root --group root --mode 0755 --directory /etc/xul-ext
install --owner root --group root --mode 0644 \
/etc/tor-browser/profile/extensions/branding@amnesia.boum.org/defaults/preferences/prefs.js \
"${TBB_PROFILE}"/extensions/branding@amnesia.boum.org/defaults/preferences/prefs.js \
/etc/xul-ext/torbutton.js
......@@ -27,9 +27,9 @@ for LANGUAGE in $(find /usr/share/amnesia/browser/searchplugins/locale -maxdepth
continue
fi
for LOCALE in $LOCALES; do
mkdir -p "${TBB_INSTALL}"/Browser/distribution/searchplugins/locale/$LOCALE
mkdir -p "${TBB_INSTALL}"/distribution/searchplugins/locale/$LOCALE
for SEARCHPLUGIN in $(find "/usr/share/amnesia/browser/searchplugins/locale/$LANGUAGE" -maxdepth 1 -type f); do
ln -s "$SEARCHPLUGIN" "${TBB_INSTALL}"/Browser/distribution/searchplugins/locale/$LOCALE
ln -s "$SEARCHPLUGIN" "${TBB_INSTALL}"/distribution/searchplugins/locale/$LOCALE
done
done
done
......@@ -13,4 +13,4 @@ DEST="/usr/share/tails/i2p-disabled"
mkdir "$DEST"
mv -f /usr/share/i2p "$DEST"
mv -f /usr/sbin/wrapper "$DEST"
mv -f /usr/share/applications/i2p.desktop "$DEST"
mv -f /usr/share/applications/i2p-browser.desktop "$DEST"
......@@ -26,6 +26,18 @@ service tor stop
# tordate/20-time.sh), so deleting it seems like a Good Thing(TM).
rm -f "${TOR_LOG}"
# The Tor syscall sandbox is not compatible with managed proxies.
# We could possibly detect whether the user has configured any such
# thing via Tor Launcher later (e.g. in 60-tor-ready-notification.sh),
# but then we would have to restart Tor again to enable the sandbox.
# Let's avoid doing that, and enable the Sandbox only if no special Tor
# configuration is needed. Too bad users who simply need to configure
# a HTTP proxy or allowed firewall ports won't get the sandboxing, but
# much better than nothing.
if [ "$(tails_netconf)" = "direct" ]; then
tor_set_in_torrc Sandbox 1
fi
# A SIGHUP should be enough but there's a bug in Tor. Details:
# * https://trac.torproject.org/projects/tor/ticket/1247
# * https://tails.boum.org/bugs/tor_vs_networkmanager/
......
......@@ -100,9 +100,17 @@ wait_for_tor_consensus() {
}
wait_for_working_tor() {
log "Waiting for Tor to be working (i.e. cached descriptors exist)..."
local waited=0
log "Waiting for Tor to be working..."
while ! tor_is_working; do
inotifywait -q -t ${INOTIFY_TIMEOUT} -e close_write -e moved_to ${TOR_DIR} || log "timeout"
if [ "$waited" -lt ${INOTIFY_TIMEOUT} ]; then
sleep 2
waited=$(($waited + 2))
else
log "Timed out waiting for Tor to be working"
return 1
fi
done
log "Tor is now working."
}
......
#!/bin/sh
# I2P isn't started automatically at system boot.
# Instead, it is started with this hook script.
# Don't even try to run this script if I2P is not enabled.
grep -qw "i2p" /proc/cmdline || exit 0
# don't run if interface is 'lo'
[ $1 = "lo" ] && exit 0
if [ $2 = "up" ]; then
/usr/local/sbin/tails-i2p start &
fi
......@@ -86,18 +86,24 @@ domain ip {
mod owner uid-owner amnesia ACCEPT;
}
# White-list access to I2P services for both the amnesia user (client) and i2psvc (server)
# White-list access to I2P services for the amnesia user (IRC, SAM, POP3, SMTP, and Monotone)
# For more information, see https://tails/boum.org/contribute/design/I2P and https://geti2p.net/ports
daddr 127.0.0.1 proto tcp syn mod multiport destination-ports (4444 4445 6668 7656 7657 7658 7659 7660 8998) {
daddr 127.0.0.1 proto tcp syn mod multiport destination-ports (6668 7656 7659 7660 8998) {
@if $use_i2p mod owner uid-owner amnesia ACCEPT;
}
# Whitelist access to I2P services for the i2psvc user,
# otherwise mail and eepsite hosting won't work.
# otherwise mail and eepsite hosting won't work. The mail ports (7659 and 7660) are
# accessed by the webmail app
daddr 127.0.0.1 proto tcp syn mod multiport destination-ports (7658 7659 7660) {
@if $use_i2p mod owner uid-owner i2psvc ACCEPT;
}
# Whitelist access to the i2pbrowser user
daddr 127.0.0.1 proto tcp syn mod multiport destination-ports (4444 7657 7658) {
@if $use_i2p mod owner uid-owner i2pbrowser ACCEPT;
}
# White-list access to the java wrapper's (used by I2P) control ports
# (see: http://wrapper.tanukisoftware.com/doc/english/prop-port.html)
# If, for example, port 31000 is in use, it'll try the next one in sequence.
......
-----BEGIN CERTIFICATE-----
MIIGtTCCBJ2gAwIBAgIDBUGbMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTA4MDUyNzE5NTQ1MVoXDTEwMDUyNzE5NTQ1MVowHDEa
MBgGA1UEAxMRaXJjLmluZHltZWRpYS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCrrFii8UQQ3lze7R4OollKPCKxM6wrwTj33wRpiR7whw4qb7u1
H/3lGCsBl25t94IWYgCEILyCdi2LMhXibqSV9/UFoNuBuXZV9kefUDpJ2uO4uKgH
NX5JxSM1pJoxNjS1MbrPZrRHqn7BS0zqRVpj63LH6xYH0bRixVpRxXIgFrPXelkQ
GFgjO64h0Vv4EptBqB7YbdNbiWwzo9JCNgRYpvD+oT5nvV49xK028eIUUodT+DHZ
sytW0GsYcf732MgoK8xajmzW3kFIgClDNwzKAgkTbX8MR0eBeiIh5L5OYF//HBPf
pEDQ+q4aSUiyXY572ZpxO9DuXH+817Lt6S45AgMBAAGjggKhMIICnTAMBgNVHRMB
Af8EAjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMCBggrBgEFBQcDAQYJYIZIAYb4QgQB
BgorBgEEAYI3CgMDMAsGA1UdDwQEAwIFoDAzBggrBgEFBQcBAQQnMCUwIwYIKwYB
BQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMIICEwYDVR0RBIICCjCCAgaC
EWlyYy5pbmR5bWVkaWEub3JnoB8GCCsGAQUFBwgFoBMMEWlyYy5pbmR5bWVkaWEu
b3JnghFpcmMuaW5keW1lZGlhLm9yZ6AfBggrBgEFBQcIBaATDBFpcmMuaW5keW1l
ZGlhLm9yZ4ISY2hhdC5pbmR5bWVkaWEub3JnoCAGCCsGAQUFBwgFoBQMEmNoYXQu
aW5keW1lZGlhLm9yZ4IVd2ViY2hhdC5pbmR5bWVkaWEub3JnoCMGCCsGAQUFBwgF
oBcMFXdlYmNoYXQuaW5keW1lZGlhLm9yZ4IRY2hlLmluZHltZWRpYS5vcmegHwYI
KwYBBQUHCAWgEwwRY2hlLmluZHltZWRpYS5vcmeCFGd1ZXJpbi5pbmR5bWVkaWEu
b3JnoCIGCCsGAQUFBwgFoBYMFGd1ZXJpbi5pbmR5bWVkaWEub3JnghV3d3cuaXJj
LmluZHltZWRpYS5vcmegIwYIKwYBBQUHCAWgFwwVd3d3LmlyYy5pbmR5bWVkaWEu
b3JnghZ3d3cuY2hhdC5pbmR5bWVkaWEub3JnoCQGCCsGAQUFBwgFoBgMFnd3dy5j
aGF0LmluZHltZWRpYS5vcmeCGXd3dy53ZWJjaGF0LmluZHltZWRpYS5vcmegJwYI
KwYBBQUHCAWgGwwZd3d3LndlYmNoYXQuaW5keW1lZGlhLm9yZzANBgkqhkiG9w0B
AQUFAAOCAgEAAkYXjiDyxvx5CDEGigPzMkJfVd4gYoXDaIznjWsQThl/092CwdE6
HlAdyw1YEAa67J2on3+6RwLayTwn4XSYVVHSNkWCJo2mZfQM0/0+ipcJguJYPs/c
lELW/So+j5nhwAxVr6oBFKqwBzxxxeiecJtGqRTvvKmER8Iqp6v92Mbg7cFhk7mj
NfE8ux/LQO8nspG/sFEy3DCjniUuPd9ck5xD8YFKlmcpUSYyfg34Ws/MFFT3YCo0
kasrSlUclaAVFin1dtspgVEGYTjeNBXo8Vt7J99OCGRjN8HE012GraJx6JLQAHi5
WfvwGagrMhJ4RYRWlMlpS6uXt5tDTj1IavuavsegfIXbS7fX490MWcHnqyRRD5Xp
1iE8dI0eDunx/1NqJ/1eyjLPAUrv89uG/DJGkuok80Df1DURk1zq6Pvgdlz4uL0W
skrPN9LX9HXnr9/qgXjiB0H2jHcXsDnjQt1pPeNiTlZlGKEdRRvXsryPkP9K9ZOc
ZyQ7nnAb6f9VAMqxnHrxsY4+yEDJomu6h1sqzADq5+pALX0dgorgArOCjgj+93pf
85+Nm+QadHq+Z36Z25q+3n/XlBduqipW4gMwAjknHj31bgQ6E0jUfVeO/FvaboXj
ZRvvE7ZiqcVaihAxc04Pn4g0QLLn2FndhubV9JqdjIwig01r235s3dI=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFXTCCA0WgAwIBAgICUTwwDQYJKoZIhvcNAQEFBQAwVDEUMBIGA1UEChMLQ0Fj
ZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzEcMBoGA1UE
AxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDAeFw0wODA1MTYwNjA2NTdaFw0xMDA1MTYw
NjA2NTdaMIGNMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UE
BxMHSGFtYnVyZzEhMB8GA1UEChMYQ2hhb3MgQ29tcHV0ZXIgQ2x1YiBlLlYuMRYw
FAYDVQQDEw1qYWJiZXIuY2NjLmRlMR8wHQYJKoZIhvcNAQkBFhB3ZWJtYXN0ZXJA
Y2NjLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqkCV2lF/H72
+SzOIgQiUV78ZII5UaUnU6rJwFtAMlAG0vCvy0fiE5YLuaxKIxa3oKL4Uccylkw/
gT5kBb42EuOalV/3ZGo6qdTXGJ8BoyPPDzwMS4m88kaScjRh6EzAdu0pWmn3sEFQ
7HNv854lOFcAMNbZgVoVF/yMrU5E3sxSpCTOanwcPYC6ZA2I7gmrFqoIIWdNY08c
nz95JM7i6RJvODE95BppqnTFMyBWfvXAtMtE8GF4UzkQ5j9duGgdaEXuJ6D13ZN9
7/8uQqO+vzzFc4PaYaRwNtjn055KgVCMz/2w2SoHV5og64ZEquRteufbkfTsRzu0
frsM0syIgQIDAQABo4H+MIH7MAwGA1UdEwEB/wQCMAAwNAYDVR0lBC0wKwYIKwYB
BQUHAwIGCCsGAQUFBwMBBglghkgBhvhCBAEGCisGAQQBgjcKAwMwCwYDVR0PBAQD
AgWgMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuY2Fj
ZXJ0Lm9yZy8wcwYDVR0RBGwwaoINamFiYmVyLmNjYy5kZYIVamFiYmVyZC5qYWJi
ZXIuY2NjLmRlghhjb25mZXJlbmNlLmphYmJlci5jY2MuZGWCFHB1YnN1Yi5qYWJi
ZXIuY2NjLmRlghJ2anVkLmphYmJlci5jY2MuZGUwDQYJKoZIhvcNAQEFBQADggIB
ACOu3A5LS7YnoDHXrl1RtJg6zS/xPYeQTCCjnqZVJmejLoV7Ai7aZryasAB3L5WJ
hAdwOZXbouM9rVZ7Cv6qociMws/OUoigq2qSg1CeL4he6vqXh3RWIANxcukM+vMv
Nhbm5qSqb29Oa2GXGcRBUlYPVaXZZYvZMpYZr+1EWuMCSdAPB+PF5KfBRx/wFji+
6fbpuQwLydn3pwWWdyety2hpMbQ1a8aNu22pr02hXIaIy+T32r1N2eI5xi9H0kD+
bmavV3ChaHvZMqcc9JKrzVWnz0ljx6sTZRCg1czFZ/EF1DA5qt0JCqJlOGdK2D4p
Bds095JsmBhwdimKJ87JnwnOxwhtoumAXd9abbgF/CgQ+/jz/KF5goBXoFI+WaP4
SHpIuCV7K/4/U6qdC+yZP+ZI9AupP4SNJh6jOpRWvVWYp7jsQo562sC4Q79i05le
qY3F2680GsKXy5E7iZipomXObhIObLhEL/fopLiVWZLzpvU9SLd1WKHvuetiEpLk
ArWqIHqbnPQpHigcFTccG0wEhw3YYc5k3MbdGcxt4C4xow4SWclaOVePOPQyviUj
PNbwE+nZKGSiMGeOqqmjKwB91nciLOPFSIQx7ZIcioDS+xiAppc5CnQ57GdUnIt1
ykbaWl3HKOr3tVVUjiZx9J41sCY7oW99lQt2su7UAc/r
-----END CERTIFICATE-----
......@@ -21,9 +21,4 @@
<DT><A HREF="https://www.torproject.org/">Tor Project</A>
<DT><A HREF="https://tor.stackexchange.com/">Tor Stack Exchange</A>
</DL><p>