Commit eb88da59 authored by kytv's avatar kytv
Browse files

Merge branch 'devel' into bugfix/10185-fix_i2p_start_script_and_bootstrap_checking_function

parents 6a0170b8 53d10a23
#!/bin/sh
set -e
set -u
EXT="/usr/lib/icedove/extensions"
[ -d "$EXT" ] || exit 1
echo "Enabling Torbirdy and Enigmail in Icedove"
ln -s /usr/share/xul-ext/torbirdy "$EXT"/castironthunderbirdclub@torproject.org
ln -s /usr/lib/xul-ext/enigmail "$EXT"/\{847b3a00-7ab1-11d4-8f02-006008948af5\}
echo "Enabling the amnesia branding extension in Icedove"
ln -s /usr/local/share/tor-browser-extensions/branding@amnesia.boum.org "$EXT"
#!/bin/sh
set -e
# We don't want the real binary to be in $PATH:
# Also note that wget uses the executable name in some help/error messages,
# so wget-real/etc. should be avoided.
mkdir -p /usr/lib/wget
dpkg-divert --add --rename --divert /usr/lib/wget/wget /usr/bin/wget
# We don't want users or other applications using wget directly:
cat > /usr/bin/wget << 'EOF'
#!/bin/sh
unset http_proxy
unset HTTP_PROXY
unset https_proxy
unset HTTPS_PROXY
exec torsocks /usr/lib/wget/wget --passive-ftp "$@"
EOF
chmod 755 /usr/bin/wget
// This is the Debian specific preferences file for Mozilla Firefox
// You can make any change in here, it is the purpose of this file.
// You can, with this file and all files present in the
// /etc/thunderbird/pref directory, override any preference that is
// present in /usr/lib/thunderbird/defaults/pref directory.
// While your changes will be kept on upgrade if you modify files in
// /etc/thunderbird/pref, please note that they won't be kept if you
// do them in /usr/lib/thunderbird/defaults/pref.
pref("extensions.update.enabled", true);
// Use LANG environment variable to choose locale
pref("intl.locale.matchOS", true);
// Disable default mail checking (gnome).
pref("mail.shell.checkDefaultMail", false);
// if you are not using gnome
pref("network.protocol-handler.app.http", "x-www-browser");
pref("network.protocol-handler.app.https", "x-www-browser");
// Tell TorBirdy we're running Tails so that it adapts its behaviour.
//pref("vendor.name", "Tails");
// Disable mail indexing
pref("mailnews.database.global.indexer.enabled", false);
// Disable chat
pref("mail.chat.enabled", false);
// Disable system addons
pref("extensions.autoDisableScopes", 3);
pref("extensions.enabledScopes", 4);
// Only show the tab bar if there's more than one tab to display
pref("mail.tabs.autoHide", true);
// Try to disable "Would you like to help Icedove Mail/News by automatically reporting memory usage, performance, and responsiveness to Mozilla"
pref("toolkit.telemetry.prompted", 2);
pref("toolkit.telemetry.rejected", true);
pref("toolkit.telemetry.enabled", false);
/* Required, do not remove */
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
#torbirdy-jondo-selection,
#torbirdy-whonix-selection,
#torbirdy-tor-selection,
#torbirdy-tor-selection + menuseparator,
#torbirdy-anon-settings,
#torbirdy-anonservice,
/* Hide "Chat account" on Icedove's start-up page */
#CreateAccountChat
{ display: none; }
user_pref("extensions.enigmail.configuredVersion", "1.7.2");
......@@ -20,7 +20,7 @@ SocksPort 127.0.0.1:9061 IsolateDestAddr
## SocksPort for Tails-specific applications
SocksPort 127.0.0.1:9062 IsolateDestAddr IsolateDestPort
## SocksPort for the default web browser
SocksPort 127.0.0.1:9150
SocksPort 127.0.0.1:9150 IsolateSOCKSAuth KeepAliveIsolateSOCKSAuth
## Entry policies to allow/deny SOCKS requests based on IP address.
## First entry that matches wins. If no SocksPolicy is set, we accept
......
#!/bin/sh
set -e
set -u
PROFILE="${HOME}/.icedove/profile.default"
start_icedove() {
# Give Icedove its own temp directory, similar rationale to a1fd1f0f & #9558.
TMPDIR="${PROFILE}/tmp"
mkdir --mode=0700 -p "$TMPDIR"
export TMPDIR
if [ -z "$XAUTHORITY" ]; then
XAUTHORITY=~/.Xauthority
export XAUTHORITY
fi
unset SESSION_MANAGER
/usr/bin/icedove --class "Icedove" -profile "${PROFILE}" "${@}"
}
start_icedove "${@}"
#!/bin/sh
unset http_proxy
unset HTTP_PROXY
unset https_proxy
unset HTTPS_PROXY
exec torsocks /usr/bin/wget "$@"
#!/bin/sh
# Get monotonic time in seconds. See clock_gettime(2) for details.
# Note: we limit ourselves to seconds simply because floating point
# arithmetic is a PITA in the shell.
clock_gettime_monotonic() {
perl -w -MTime::HiRes=clock_gettime,CLOCK_MONOTONIC \
-E 'say clock_gettime(CLOCK_MONOTONIC)' | \
sed 's/\..*$//'
}
# Run `check_expr` until `timeout` seconds has passed, and sleep
# `delay` (optional, defaults to 1) seconds in between the calls.
# Note that execution isn't aborted exactly after `timeout`
......@@ -11,9 +20,9 @@ wait_until() {
timeout="${1}"
check_expr="${2}"
delay="${3:-1}"
timeout_at=$(expr $(date +%s) + ${timeout})
timeout_at=$(expr $(clock_gettime_monotonic) + ${timeout})
until eval "${check_expr}"; do
if [ "$(date +%s)" -ge "${timeout_at}" ]; then
if [ "$(clock_gettime_monotonic)" -ge "${timeout_at}" ]; then
return 1
fi
sleep ${delay}
......
......@@ -64,6 +64,36 @@ Options affecting the 'activate' action:
"
}
escape_dots() {
printf "%s\n" $1 | sed 's/\./\\./g'
}
migrate_persistence_preset()
{
local OLD_PRESET="${1}"
local OLD_PRESET_SOURCE="${2}"
local NEW_PRESET="${3}"
local NEW_PRESET_SOURCE="${4}"
local CONFIG="${5}"
if grep -E -qs --line-regex \
-e "$(escape_dots ${OLD_PRESET})\s+source=${OLD_PRESET_SOURCE}" \
"$CONFIG" \
&& ! grep -E -qs --line-regex \
-e "$(escape_dots ${NEW_PRESET})\s+source=${NEW_PRESET_SOURCE}" \
"$CONFIG"
then
warning "Need to make $NEW_PRESET persistent"
if [ "$PERSISTENCE_READONLY" = true ]
then
warning "Persistence configuration needs to be migrated, but read only was selected; please retry in read-write mode"
fi
echo "$NEW_PRESET source=$NEW_PRESET_SOURCE" \
>> "$CONFIG" \
|| error "Failed to make $NEW_PRESET: $?"
warning "Successfully made $NEW_PRESET persistent"
fi
}
warning ()
{
echo "warning: ${@}" >&2
......@@ -323,31 +353,19 @@ activate_volumes ()
fi
done
# Migrate Squeeze-era NetworkManager persistence setting to Wheezy.
for conf in $(ls /live/persistence/*_unlocked/persistence.conf || true)
do
if grep -E -qs --line-regex \
-e '/home/amnesia/\.gconf/system/networking/connections\s+source=nm-connections' \
"$conf" \
&& ! grep -E -qs --line-regex \
-e '/etc/NetworkManager/system-connections\s+source=nm-system-connections' \
# Migrate Squeeze-era NetworkManager persistence setting to Wheezy.
migrate_persistence_preset '/home/amnesia/.gconf/system/networking/connections' 'nm-connections' \
'/etc/NetworkManager/system-connections' 'nm-system-connections' "$conf"
# disable pre-Wheezy NM persistence setting
sed -r -i \
-e 's,^(/home/amnesia/\.gconf/system/networking/connections\s+source=nm-connections)$,#\1,' \
"$conf"
then
warning "Needs to make /etc/NetworkManager/system-connections persistent"
if [ "$PERSISTENCE_READONLY" = true ]
then
# XXX: don't really error-out, do we?
error "Persistence configuration needs to be migrated, but read only was selected; please retry in read-write mode"
fi
echo '/etc/NetworkManager/system-connections source=nm-system-connections' \
>> "$conf" \
|| error "Failed to make /etc/NetworkManager/system-connections persistent: $?"
warning "Successfully made /etc/NetworkManager/system-connections persistent"
# disable pre-Wheezy NM persistence setting
sed -r -i \
-e 's,^(/home/amnesia/\.gconf/system/networking/connections\s+source=nm-connections)$,#\1,' \
"$conf"
fi
# Migrate Claws-mail persistence setting to Icedove
migrate_persistence_preset '/home/amnesia/.claws-mail' 'claws-mail' \
'/home/amnesia/.icedove' 'icedove' "$conf"
done
# Fix permissions on persistent directories that were created
......
......@@ -2,7 +2,7 @@
set -e
# Import try_for()
# Import try_for() and clock_gettime_monotonic()
. /usr/local/lib/tails-shell-library/common.sh
# Import tor_bootstrap_progress()
......@@ -29,7 +29,7 @@ service tor restart
# options set by Vidalia will be lost since they weren't written to torrc.
bootstrap_progress=0
last_bootstrap_change=$(date +%s)
last_bootstrap_change=$(clock_gettime_monotonic)
maybe_restart_tor() {
local new_bootstrap_progress=$(tor_bootstrap_progress)
......@@ -38,14 +38,14 @@ maybe_restart_tor() {
return 0
elif [ $new_bootstrap_progress -gt $bootstrap_progress ]; then
bootstrap_progress=$new_bootstrap_progress
last_bootstrap_change=$(date +%s)
last_bootstrap_change=$(clock_gettime_monotonic)
return 1
elif [ $(expr $(date +%s) - $last_bootstrap_change) -ge 20 ]; then
elif [ $(expr $(clock_gettime_monotonic) - $last_bootstrap_change) -ge 20 ]; then
log "Tor seems to have stalled while bootstrapping. Restarting Tor."
clear_tor_log
service tor restart
bootstrap_progress=0
last_bootstrap_change=$(date +%s)
last_bootstrap_change=$(clock_gettime_monotonic)
return 1
else
return 1
......
......@@ -18,6 +18,15 @@
</Description>
</em:targetApplication>
<!-- Thunderbird -->
<em:targetApplication>
<Description>
<em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id>
<em:minVersion>24.0</em:minVersion>
<em:maxVersion>32.0</em:maxVersion>
</Description>
</em:targetApplication>
</Description>
</RDF>
......@@ -89,6 +89,7 @@ dosfstools
eatmydata
ekeyd
electrum
enigmail
eog
evince
exiv2
......@@ -139,6 +140,8 @@ haveged
hdparm
hledger
hopenpgp-tools
icedove
icedove-l10n-all
inkscape
ipheth-utils
iptables
......@@ -241,6 +244,7 @@ vidalia
vim-nox
virtualbox-guest-utils
wireless-tools
xul-ext-torbirdy
# needed for initramfs-tools' COMPRESS=xz
xz-utils
......
--- /usr/share/xul-ext/torbirdy/chrome/content/emailwizard.xul.orig 2015-09-28 00:28:45.164177872 +0000
+++ /usr/share/xul-ext/torbirdy/chrome/content/emailwizard.xul 2015-09-28 00:28:55.400376965 +0000
@@ -22,10 +22,10 @@
<menulist id="torbirdy-protocol">
<menupopup>
- <menuitem label="POP3"
- value="pop3" />
<menuitem label="IMAP"
value="imap" />
+ <menuitem label="POP3"
+ value="pop3" />
</menupopup>
</menulist>
--- /usr/share/xul-ext/torbirdy/chrome/content/preferences.js.orig 2015-07-27 07:34:13.195987276 +0000
+++ /usr/share/xul-ext/torbirdy/chrome/content/preferences.js 2015-07-27 07:44:12.579975436 +0000
@@ -7,7 +7,7 @@
pub.prefBranch = "extensions.torbirdy.";
pub.customBranch = "extensions.torbirdy.custom.";
- pub.torKeyserver = "hkp://qdigse2yzvuglcix.onion";
+ pub.torKeyserver = "hkp://pool.sks-keyservers.net";
pub.jondoKeyserver = "hkp://pool.sks-keyservers.net";
pub.prefs = Components.classes["@mozilla.org/preferences-service;1"]
@@ -25,7 +25,7 @@
pub.setDefaultPrefs = function() {
pub.prefs.setCharPref("network.proxy.socks", "127.0.0.1");
- pub.prefs.setIntPref("network.proxy.socks_port", 9050);
+ pub.prefs.setIntPref("network.proxy.socks_port", 9061);
pub.prefs.clearUserPref("network.proxy.http");
pub.prefs.clearUserPref("network.proxy.http_port");
pub.prefs.clearUserPref("network.proxy.ssl");
@@ -43,7 +43,7 @@
"--no-comments " +
"--throw-keyids " +
"--display-charset utf-8 " +
- "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8118";
+ "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=socks5h://127.0.0.1:9050";
}
if (anonService === "jondo") {
return "--no-emit-version " +
@@ -58,7 +58,7 @@
return "--no-emit-version " +
"--no-comments " +
"--display-charset utf-8 " +
- "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8118";
+ "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=socks5h://127.0.0.1:9050";
}
if (anonService === "jondo") {
return "--no-emit-version " +
@@ -494,7 +494,7 @@
// Tor.
if (anonService === 0) {
pub.socksHost.value = '127.0.0.1';
- pub.socksPort.value = '9050';
+ pub.socksPort.value = '9061';
}
// JonDo/Whonix.
--- ./usr/share/xul-ext/torbirdy/components/torbirdy.js.orig 2015-07-27 07:56:54.811960380 +0000
+++ ./usr/share/xul-ext/torbirdy/components/torbirdy.js 2015-07-27 08:00:26.895956191 +0000
@@ -43,7 +43,7 @@
// Configure Thunderbird to use the SOCKS5 proxy.
"network.proxy.socks": "127.0.0.1",
- "network.proxy.socks_port": 9050,
+ "network.proxy.socks_port": 9061,
"network.proxy.socks_version": 5,
// Set DNS proxying through SOCKS5.
@@ -215,10 +215,10 @@
// We want to force UTF-8 everywhere
"--display-charset utf-8 " +
// We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell
- "--keyserver-options http-proxy=http://127.0.0.1:8118 ",
+ "--keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 ",
// The default key server should be a hidden service and this is the only known one (it's part of the normal SKS network)
- "extensions.enigmail.keyserver": "hkp://qdigse2yzvuglcix.onion",
+ "extensions.enigmail.keyserver": "hkp://pool.sks-keyservers.net",
// Force GnuPG to use SHA512.
"extensions.enigmail.mimeHashAlgorithm": 5,
tails (1.7) UNRELEASED; urgency=medium
tails (1.7~rc1) unstable; urgency=medium
* Dummy entry for next major release.
* Major new features and changes
- Add a technology preview of the Icedove Email client (a
rebranded version of Mozilla Thunderbird), including OpenPGP
support via the Enigmail add-on, general security and anonymity
improvements via the Torbirdy add-on, and complete persitence
support (which will be enabled automatically if you already have
Claws Mail persistence enabled). Icedove will replace Claws Mail
as the supported email client in Tails in a future
release. (Closes: #6151, #9498, #10285)
- Upgrade Tor to 0.2.7.4-rc-1~d70.wheezy+1+tails1. Among the many
improvement of this new Tor major release, the new
KeepAliveIsolateSOCKSAuth option allows us to drop the
bug15482.patch patch (taken from the Tor Browse bundle) that
enabled similar (but inferiour) functionality for *all*
SocksPort:s -- now the same circuit is only kept alive for
extended periods for the SocksPort used by the Tor
Browser. (Closes: #10194, #10308)
- Add an option to Tails Greeter which disables networking
completely. This is useful when intending to use Tails for
offline work only. (Closes: #6811)
* Security fixes
- Fix CVE-2015-7665, which could lead to a network interface's IP
address being exposed through wget. (Closes: #10364)
-- intrigeri <intrigeri@debian.org> Sat, 22 Sep 2015 18:54:32 +0200
* Minor improvements
- Restart Tor if bootstrapping stalls for too long when not using
pluggable transports. (Closes: #9516)
- Install firmware-amd-graphics, and firmware-misc-nonfree instead
of firmware-ralink-nonfree, both from Debian Sid.
- Update the Tails signing key. (Closes: #10012)
* Test suite
- Add initial automated tests for Icedove. (Closes: #10332)
- Add automated tests of the MAC spoofing feature. (Closes: #6302)
- Drop the concept of "background snapshots" and introduce a general
system for generating snapshots that can be shared between
features. This removes all silly hacks we previously used to
"skip" steps, and greatly improves performance and reliability
of the whole test suite. (Closes: #6094, #8008)
- Flush to the log file in debug_log() so the debugging info can
be viewed in real time when monitoring the debug log
file. (Closes: #10323)
- Force UTF-8 locale in automated test suite. Ruby will default to
the system locale, and if it is non-UTF-8, some String-methods
will fail when operating on non-ASCII strings. (Closes: #10359)
- Escape regexp used to match nick in CTCP replies. Our Pidgin
nick's have a 10% chance to include a ^, which will break that
regexp. We need to escape all characters in the nick. (Closes:
#10219)
- Extract TBB languages from the Tails source code. This will
ensure that valid locales are tested. As an added bonus, the
code is greatly simplified. (Closes: #9897)
-- Tails developers <tails@boum.org> Mon, 26 Oct 2015 23:06:59 +0100
tails (1.6) unstable; urgency=medium
......
@product @check_tor_leaks
Feature: Icedove email client
As a Tails user
I may want to use an email client
Background:
Given I have started Tails from DVD and logged in and the network is connected
When I start "Icedove" via the GNOME "Internet" applications menu
And Icedove has started
And I have not configured an email account
Then I am prompted to setup an email account
Scenario: Icedove defaults to using IMAP
Then IMAP is the default protocol
Scenario: Adblock is not enabled within Icedove
Given I cancel setting up an email account
When I open Icedove's Add-ons Manager
And I click the extensions tab
Then I see that Adblock is not installed in Icedove
Scenario: Enigmail is configured to use the correct keyserver
Given I cancel setting up an email account
And I go into Enigmail's preferences
When I click Enigmail's keyserver tab
Then I see that Enigmail is configured to use the correct keyserver
When I click Enigmail's advanced tab
Then I see that Enigmail is configured to use the correct SOCKS proxy
Scenario: Torbirdy is configured to use Tor
Given I cancel setting up an email account
And I open Torbirdy's preferences
Then I see that Torbirdy is configured to use Tor
Scenario: Icedove will work over Tor
Given I cancel setting up an email account
And I open Torbirdy's preferences
When I test Torbirdy's proxy settings
Then Torbirdy's proxy test is successful
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment