Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
tails
tails
Commits
ed69f655
Commit
ed69f655
authored
Aug 19, 2018
by
Ulrike Uhlig
Browse files
Merge branch 'feature/14594-asp-gui' of webmasters.boum.org:wiki into feature/14594-asp-gui
parents
46c59d71
57a4453c
Changes
1000
Expand all
Hide whitespace changes
Inline
Side-by-side
Too many changes to show.
To preserve performance only
20 of 1000+
files are displayed.
Plain diff
Email patch
.gitignore
View file @
ed69f655
...
...
@@ -23,11 +23,11 @@
/config/source
/config/chroot_local-includes/etc/amnesia/environment
/config/chroot_local-includes/etc/amnesia/version
/config/chroot_local-includes/usr/share/amnesia/readahead-list
/config/chroot_local-includes/usr/share/amnesia/build/variables
/config/chroot_local-includes/usr/share/doc/Changelog
/config/chroot_local-includes/usr/share/doc/amnesia/Changelog
/config/chroot_local-includes/usr/share/doc/tails/website
/config/chroot_local-includes/usr/share/tails/build/variables
/config/chroot_local-includes/usr/share/tails/readahead-list
/.lock
/.stage
/source
...
...
Rakefile
View file @
ed69f655
...
...
@@ -647,7 +647,7 @@ namespace :basebox do
boxes
.
sort!
{
|
a
,
b
|
basebox_date
(
a
)
<=>
basebox_date
(
b
)
}
boxes
.
pop
boxes
.
each
do
|
box
|
if
basebox_date
(
box
)
<
Date
.
today
-
365.0
/
3
.0
if
basebox_date
(
box
)
<
Date
.
today
-
365.0
/
2
.0
clean_up_basebox
(
box
)
end
end
...
...
auto/build
View file @
ed69f655
...
...
@@ -50,15 +50,15 @@ rm -rf cache/stages_rootfs
# save variables that are needed by chroot_local-hooks
echo
"KERNEL_VERSION=${KERNEL_VERSION}"
\
>>
config
/
chroot_local
-
includes
/
usr
/
share
/
amnesia
/
build
/
variables
>>
config
/
chroot_local
-
includes
/
usr
/
share
/
tails
/
build
/
variables
echo
"KERNEL_SOURCE_VERSION=${KERNEL_SOURCE_VERSION}"
\
>>
config
/
chroot_local
-
includes
/
usr
/
share
/
amnesia
/
build
/
variables
echo
"LB_DISTRIBUTION=${LB_DISTRIBUTION}"
>>
config
/
chroot_local
-
includes
/
usr
/
share
/
amnesia
/
build
/
variables
>>
config
/
chroot_local
-
includes
/
usr
/
share
/
tails
/
build
/
variables
echo
"LB_DISTRIBUTION=${LB_DISTRIBUTION}"
>>
config
/
chroot_local
-
includes
/
usr
/
share
/
tails
/
build
/
variables
echo
"POTFILES_DOT_IN='$(
/bin/grep -E --no-filename '[^ #]*\.in$' po/POTFILES.in
\
| sed -e 's,^config/chroot_local-includes,,' | tr "
\
n
" ' '
)'"
\
>>
config
/
chroot_local
-
includes
/
usr
/
share
/
amnesia
/
build
/
variables
>>
config
/
chroot_local
-
includes
/
usr
/
share
/
tails
/
build
/
variables
# fix permissions on some source files that will be copied as is to the chroot.
# they may be wrong, e.g. if the Git repository was cloned with a strict umask.
...
...
@@ -111,7 +111,7 @@ DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --keyring=$DEBOOTSTRAP_GNUPG_KEYRING"
export
DEBOOTSTRAP_OPTIONS
:
$
{
MKSQUASHFS_OPTIONS
:
=
'-comp xz -Xbcj x86 -b 1024K -Xdict-size 1024K -no-exports'
}
MKSQUASHFS_OPTIONS
=
"${MKSQUASHFS_OPTIONS} -wildcards -ef chroot/usr/share/
amnesia
/build/mksquashfs-excludes"
MKSQUASHFS_OPTIONS
=
"${MKSQUASHFS_OPTIONS} -wildcards -ef chroot/usr/share/
tails
/build/mksquashfs-excludes"
export
MKSQUASHFS_OPTIONS
# build the doc wiki
...
...
auto/clean
View file @
ed69f655
...
...
@@ -33,7 +33,7 @@ for list in config/chroot_local-packageslists/*.list ; do
done
# files copied or created in the build stage
rm
-f
config/chroot_local-includes/usr/share/
amnesia
/build/variables
rm
-f
config/chroot_local-includes/usr/share/
tails
/build/variables
# static wiki
rm
-rf
config/chroot_local-includes/usr/share/doc/tails/website wiki/src/.ikiwiki
...
...
auto/config
View file @
ed69f655
...
...
@@ -184,11 +184,11 @@ cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog
# create readahead-list from squashfs.sort
if
[
-e
config/binary_rootfs/squashfs.sort
]
;
then
mkdir
-p
config/chroot_local-includes/usr/share/
amnesia
mkdir
-p
config/chroot_local-includes/usr/share/
tails
sort
-k2
-n
-r
config/binary_rootfs/squashfs.sort |
\
cut
-d
' '
-f1
|
\
grep
--invert-match
--extended-regexp
"
$READAHEAD_EXCLUDE_PATTERN
"
\
>
config/chroot_local-includes/usr/share/
amnesia
/readahead-list
>
config/chroot_local-includes/usr/share/
tails
/readahead-list
fi
# custom APT sources
...
...
build-website
View file @
ed69f655
...
...
@@ -25,13 +25,4 @@ if ! "${git_dir}/bin/sanity-check-website" ; then
fi
fi
# If I knew Ikiwiki better I'd probably figure out how to just make it
# keep the misc/*.html files as-is instead of this hack.
fixup_14962_workaround
()
{
mkdir
-p
config/chroot_local-includes/usr/share/doc/tails/website/misc
rm
-f
config/chroot_local-includes/usr/share/doc/tails/website/misc/
*
cp
wiki/src/misc/
*
.html
\
config/chroot_local-includes/usr/share/doc/tails/website/misc
}
ikiwiki
-setup
ikiwiki.setup
-refresh
"
$@
"
&&
fixup_14962_workaround
ikiwiki
-setup
ikiwiki.setup
-refresh
"
$@
"
config/
chroot_local-includes/usr/share/amnesia/build/.placehold
er
→
config/
APT_overlays.d/bugfix-15116-newer-nouveau-xorg-driv
er
View file @
ed69f655
File moved
config/APT_overlays.d/bugfix-15590-14849-14720-14810-installer-fixes-for-3.9
0 → 100644
View file @
ed69f655
config/APT_overlays.d/bugfix-15621-virtualbox
0 → 100644
View file @
ed69f655
config/APT_overlays.d/bugfix-7904-15590-14849-14720-14810-installer-fixes-for-3.9
0 → 100644
View file @
ed69f655
config/APT_overlays.d/feature-15472-torbrowser-apparmor-updates
0 → 100644
View file @
ed69f655
config/amnesia
View file @
ed69f655
...
...
@@ -26,7 +26,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION
=
"6.03~pre20"
# Kernel version
KERNEL_VERSION
=
'4.1
5
.0-
3
'
KERNEL_VERSION
=
'4.1
7
.0-
2
'
KERNEL_SOURCE_VERSION
=
$(
echo
"
$KERNEL_VERSION
"
\
| perl
-p
-E
's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
...
...
config/binary_rootfs/squashfs.sort
View file @
ed69f655
This diff is collapsed.
Click to expand it.
config/chroot_apt/preferences
View file @
ed69f655
...
...
@@ -53,6 +53,31 @@ Package: thunderbird* calendar-google-provider
Pin: origin deb.tails.boum.org
Pin-Priority: 999
Explanation: src:libdrm
Package: libdrm*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:libclc
Package: libclc*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:libglvnd
Package: libglvnd* libegl1 libgles2 libgl1 libglx0 libopengl0
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:llvm-toolchain-5.0
Package: clang* libclang* libfuzzer-* python-clang-* libllvm* llvm-* lld-* liblld-* lldb-* liblldb-* python-lldb-*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:mesa
Package: lib*-mesa* libgbm* libosmesa* libxatracker* mesa*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Package: obfs4proxy
Pin: release o=TorProject,n=obfs4proxy
Pin-Priority: 990
...
...
@@ -63,10 +88,6 @@ Package: systemd systemd-sysv systemd-container systemd-journal-remote systemd-c
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Package: onionshare
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: openpgp-applet
Pin: release o=Debian,n=sid
Pin-Priority: 999
...
...
@@ -75,8 +96,21 @@ Package: tails-installer
Pin: origin deb.tails.boum.org
Pin-Priority: 999
Package: tor tor-geoipdb
Pin: release o=TorProject,n=tor-nightly-0.3.4.x-stretch
Pin-Priority: 999
Package: virtualbox*
Pin: release o=Debian,n=sid
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:vulkan
Package: vulcan* libvulkan*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Package: wayland-protocols
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:xorg-server
...
...
@@ -84,7 +118,7 @@ Package: xserver-xorg-core xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-x
Pin: release o=Debian,n=stretch
Pin-Priority: 999
Package:
xul-
ext-ublock-origin
Package:
web
ext-ublock-origin
Pin: release o=Debian,n=sid
Pin-Priority: 999
...
...
config/chroot_local-hooks/00-install-tailslib
View file @
ed69f655
...
...
@@ -17,10 +17,6 @@ ensure_hook_dependency_is_installed python3-setuptools
python3 setup.py
install
package_glob_pattern
=
"/usr/local/lib/python3.*/dist-packages/Tailslib*.egg"
if
[
!
-f
${
package_glob_pattern
}
]
;
then
echo
"Cannot find Tailslib Python package
\"
${
package_glob_pattern
}
\"
"
>
&2
exit
1
fi
strip_nondeterminism_wrapper
--type
zip
"
$(
realpath
${
package_glob_pattern
}
)
"
2>/dev/null
strip_nondeterminism_wrapper
--type
zip
${
package_glob_pattern
}
)
rm
-rf
/tmp/pythonlib
config/chroot_local-hooks/01-check-for-dot-orig-files
View file @
ed69f655
...
...
@@ -19,7 +19,7 @@ rm -f ${DOT_ORIG_WHITELIST_DELETE}
DOT_ORIG_FILES
=
$(
find /
-type
f
-name
*
.orig
||
:
)
if
[
"
$DOT_ORIG_FILES
"
!=
"
$DOT_ORIG_WHITELIST_KEEP
"
]
;
then
echo
"Some patches are fuzzy and leave .orig files around:"
>
&2
echo
"
E:
Some patches are fuzzy and leave .orig files around:"
>
&2
echo
"
$DOT_ORIG_FILES
"
>
&2
exit
1
fi
config/chroot_local-hooks/04-change-gids-and-uids
View file @
ed69f655
...
...
@@ -6,14 +6,46 @@ set -e
echo
"Change GIDs and UIDs"
TPS_GROUP_STEALER
=
$(
getent group 122 |
awk
-F
':'
'{print $1}'
)
if
[
-n
"
$TPS_GROUP_STEALER
"
]
;
then
groupmod
--gid
150
"
$TPS_GROUP_STEALER
"
find /
-wholename
/proc
-prune
-o
\(
\!
-type
l
-a
-gid
122
-exec
chgrp
150
'{}'
\;
\)
fi
TPS_USER_STEALER
=
$(
getent passwd 115 |
awk
-F
':'
'{print $1}'
)
if
[
-n
"
$TPS_USER_STEALER
"
]
;
then
usermod
--uid
150
"
$TPS_USER_STEALER
"
find /
-wholename
/proc
-prune
-o
\(
\!
-type
l
-a
-uid
115
-exec
chown
150
'{}'
\;
\)
fi
Change_uid
()
{
NAME
=
"
$1
"
NEW
=
"
$2
"
OLD
=
"
$(
getent passwd
"
$NAME
"
|
awk
-F
':'
'{print $3}'
)
"
if
[
-n
"
$OLD
"
]
;
then
echo
"Changing UID for
$NAME
(
$OLD
->
$NEW
)"
usermod
--uid
"
$NEW
"
"
$NAME
"
find /
-wholename
/proc
-prune
-o
\(
\!
-type
l
-a
-uid
"
$OLD
"
-exec
chown
"
$NEW
"
'{}'
\;
\)
fi
}
Change_gid
()
{
NAME
=
"
$1
"
NEW
=
"
$2
"
OLD
=
"
$(
getent group
"
$NAME
"
|
awk
-F
':'
'{print $3}'
)
"
if
[
-n
"
$OLD
"
]
;
then
echo
"Changing GID for
$NAME
(
$OLD
->
$NEW
)"
groupmod
--gid
"
$NEW
"
"
$NAME
"
find /
-wholename
/proc
-prune
-o
\(
\!
-type
l
-a
-gid
"
$OLD
"
-exec
chgrp
"
$NEW
"
'{}'
\;
\)
fi
}
Change_uid tails-persistent-setup 150
Change_gid tails-persistent-setup 150
### Ensure GIDs are stable accross releases
# ... otherwise, things such as tor@service are broken
# after applying an automatic upgrade (#15695, #15424, #13426, #15407)
# Temporarily give these groups a GID that's out of the way, to avoid collisions
Change_gid vboxsf 1120
Change_gid monkeysphere 1130
Change_gid debian-tor 1140
Change_gid lpadmin 1150
# Finally, give these groups the desired GID
Change_gid vboxsf 112
Change_gid monkeysphere 113
Change_gid debian-tor 114
Change_gid lpadmin 115
config/chroot_local-hooks/09-torsocks-apps
View file @
ed69f655
...
...
@@ -5,7 +5,8 @@ set -e
echo
"Wrapping some applications with torsocks"
APPS
=
"gobby-0.5 net.sourceforge.liferea openpgp-applet seahorse"
DBUS_SERVICES
=
"net.sourceforge.liferea org.gnome.seahorse.Application org.fedoraproject.Config.Printing"
DBUS_SERVICES
=
"org.gnome.seahorse.Application org.fedoraproject.Config.Printing"
WRAPPED_DBUS_SERVICES
=
"net.sourceforge.liferea"
for
app
in
$APPS
;
do
sed
-i
''
--regexp-extended
's,^Exec=(.*),Exec=torsocks \1,'
\
...
...
@@ -17,6 +18,12 @@ for dbus_service in $DBUS_SERVICES; do
"/usr/share/dbus-1/services/
${
dbus_service
}
.service"
done
# Wrapped by both torsocks and a binary in /usr/local
for
dbus_service
in
$WRAPPED_DBUS_SERVICES
;
do
sed
-i
''
--regexp-extended
's,^Exec=/usr/(.*),Exec=/usr/bin/torsocks /usr/local/\1,'
\
"/usr/share/dbus-1/services/
${
dbus_service
}
.service"
done
# Redirect to existing wrapper
sed
-i
''
--regexp-extended
's,^Exec=pidgin$,Exec=/usr/local/bin/pidgin,'
\
"/usr/share/applications/pidgin.desktop"
...
...
config/chroot_local-hooks/10-tbb
View file @
ed69f655
...
...
@@ -118,17 +118,14 @@ EOF
#
TBB works around the lack of code signing for its extensions by
#
hacking in exceptions. We do the same!
apply_extension_code_signing_hacks () {
local destination tmp tbb_timestamp
destination="${1}"
# For consistency we'll set timestamps of files we modify to the
# same one used by the Tor Browser instead of SOURCE_DATE_EPOCH.
tbb_timestamp="$(date --date='2000-01-01 00:00:00' +%s)"
local tbb_install tbb_timestamp
tbb_install="${1}"
tbb_timestamp="${2}"
tmp="$(mktemp -d)"
(
cd "${tmp}"
7z x -tzip "${
TBB_INSTALL
}/omni.ja"
7z x -tzip "${
tbb_install
}/omni.ja"
patch -p1 <<EOF
diff -Naur a/chrome/toolkit/content/mozapps/extensions/extensions.js b/chrome/toolkit/content/mozapps/extensions/extensions.js
--- a/chrome/toolkit/content/mozapps/extensions/extensions.js 2000-01-01 00:00:00.000000000 +0000
...
...
@@ -167,14 +164,14 @@ diff -Naur a/modules/addons/XPIProvider.jsm b/modules/addons/XPIProvider.jsm
EOF
touch --date="@${tbb_timestamp}" modules/addons/XPIProvider.jsm \
chrome/toolkit/content/mozapps/extensions/extensions.js
rm "${
TBB_INSTALL
}/omni.ja"
7z a -mtc=off -tzip "${
TBB_INSTALL
}/omni.ja" *
rm "${
tbb_install
}/omni.ja"
7z a -mtc=off -tzip "${
tbb_install
}/omni.ja" *
)
rm -r "${tmp}"
tmp="$(mktemp -d)"
(
cd "${tmp}"
7z x -tzip "${
TBB_INSTALL
}/browser/omni.ja"
7z x -tzip "${
tbb_install
}/browser/omni.ja"
patch -p1 <<EOF
diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js
--- a/components/nsBrowserGlue.js 2000-01-01 00:00:00.000000000 +0000
...
...
@@ -191,44 +188,47 @@ diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js
}
EOF
touch --date="@${tbb_timestamp}" components/nsBrowserGlue.js
rm "${
TBB_INSTALL
}/browser/omni.ja"
7z a -mtc=off -tzip "${
TBB_INSTALL
}/browser/omni.ja" *
rm "${
tbb_install
}/browser/omni.ja"
7z a -mtc=off -tzip "${
tbb_install
}/browser/omni.ja" *
)
rm -r "${tmp}"
for archive in "${TBB_INSTALL}/omni.ja" "${TBB_INSTALL}/browser/omni.ja"; do
strip_nondeterminism_wrapper --type zip --timestamp "${tbb_timestamp}" \
"${archive}" 2>/dev/null
done
}
#
Modern Firefox doesn't apply browser.search.defaultenginename on
#
start, and the other ways to get it to work (e.g. pre-generating
#
search.json.mozlz4) seems rather complex. Instead, let's just make
#
browser.search.defaultenginename work again by employing some
#
Enterprise features to run arbitrary JavaScript with access to the
#
Firefox internals. For the details of this feature, see:
#
https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment
apply_default_searchengine_hacks () {
local destination
destination="${1}"
cat > "${destination}/defaults/pref/autoconfig.js" <<EOF
//
This file must start with a comment
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
EOF
apply_prefs_hacks() {
local tbb_install tmp tbb_timestamp
tbb_install="${1}"
tbb_timestamp="${2}"
cat > "${destination}/mozilla.cfg" <<EOF
//
This file must start with a comment
var searchService = Components.classes["@mozilla.org/browser/search-service;1"].getService(Components.interfaces.nsIBrowserSearchService);
var engineName = getPref("browser.search.defaultenginename");
if (engineName) {
var engine = searchService.getEngineByName(engineName);
if (engine) {
searchService.currentEngine = engine;
}
tmp="$(mktemp -d)"
(
cd "${tmp}"
7z x -tzip "${tbb_install}/browser/omni.ja"
# Remove TBB's Tor Launcher settings since we don't enable it in
# our Tor Browser.
sed -i '/extensions\.torlauncher\./d' defaults/preferences/000-tor-browser.js
# Display the Stop/Reload button: our test suite currently depends on it
perl -pi -E \
's/^(pref\("browser.uiCustomization.state",.*\\"loop-button\\")/$1,\\"stop-reload-button\\"/' \
defaults/preferences/000-tor-browser.js
# Append our custom prefs
cat /usr/share/tails/tor-browser-prefs.js \
>> defaults/preferences/000-tor-browser.js
touch --date="@${tbb_timestamp}" defaults/preferences/000-tor-browser.js
rm "${tbb_install}/browser/omni.ja"
7z a -mtc=off -tzip "${tbb_install}/browser/omni.ja" *
)
rm -r "${tmp}"
}
EOF
strip_nondeterminism () {
local tbb_install tbb_timestamp
tbb_install="${1}"
tbb_timestamp="${2}"
for archive in "${tbb_install}/omni.ja" "${tbb_install}/browser/omni.ja"; do
strip_nondeterminism_wrapper --type zip --timestamp "${tbb_timestamp}" \
"${archive}" 2>/dev/null
done
}
install_langpacks_from_bundles() {
...
...
@@ -262,8 +262,9 @@ install_debian_extensions() {
destination="${1}"
shift
apt-get install --yes "${@}"
ln -s /usr/share/
xul-
ext/ublock-origin/ \
ln -s /usr/share/
web
ext/ublock-origin/ \
"${destination}"/'uBlock0@raymondhill.net'
patch -p1 < /usr/share/tails/uBlock-disable-autoUpdate.diff
}
create_default_profile() {
...
...
@@ -275,16 +276,16 @@ create_default_profile() {
rsync -a --exclude bookmarks.html --exclude extensions \
"${tbb_profile}"/ "${destination}"/
# Remove TBB's Tor Launcher settings since we don't enable it in
# our Tor Browser.
sed -i '/extensions\.torlauncher\./d' "${destination}"/preferences/extension-overrides.js
mkdir -p "${destination}"/extensions
for ext in "${tbb_extensions_dir}"/*; do
ln -s "${ext}" "${destination}"/extensions/
done
}
#
For consistency we'll set timestamps of files we modify to the
#
same one used by the Tor Browser instead of SOURCE_DATE_EPOCH.
TBB_TIMESTAMP="$(date --date='2000-01-01 00:00:00' +%s)"
TBB_SHA256SUMS_FILE=/usr/share/tails/tbb-sha256sums.txt
TBB_TARBALLS="$(grep "\<tor-browser-linux64-.*\.tar.xz$" "${TBB_SHA256SUMS_FILE}")"
...
...
@@ -301,16 +302,17 @@ fi
TBB_DIST_URL_FILE=/usr/share/tails/tbb-dist-url.txt
TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}")"
# The
Debian Iceweasel
extensions we want to install and make
# The
Firefox
extensions we want to install
from Debian
and make
#
available in the Tor Browser.
DEBIAN_EXT_PKGS="
xul-
ext-ublock-origin"
DEBIAN_EXT_PKGS="
web
ext-ublock-origin"
TMP="$(mktemp -d)"
download_and_verify_files "${TBB_TARBALLS_BASE_URL}" "${TBB_TARBALLS}" "${TMP}"
install_tor_browser "${TMP}/${MAIN_TARBALL}" "${TBB_INSTALL}"
apply_extension_code_signing_hacks "${TBB_INSTALL}"
apply_default_searchengine_hacks "${TBB_INSTALL}"
apply_extension_code_signing_hacks "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
apply_prefs_hacks "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
strip_nondeterminism "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
mkdir -p "${TBB_EXT}"
if [ "${NIGHTLY_BUILD}" != yes ]; then
...
...
@@ -324,11 +326,11 @@ rm -r "${TMP}"
mv "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}"
rmdir "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions
# ... and then install a few
Iceweasel
extension by using a fake
#
Iceweasel
equivs package to satisfy the dependencies.
# ... and then install a few
Firefox
extension by using a fake
#
firefox
equivs package to satisfy the dependencies.
FIREFOX_VERSION=$(get_firefox_version "${TBB_INSTALL}"/application.ini)
FAKE_
ICEWEASEL
_VERSION=${FIREFOX_VERSION}+fake1
install_fake_package
iceweasel "${FAKE_ICEWEASEL
_VERSION}" web
FAKE_
FIREFOX
_VERSION=${FIREFOX_VERSION}+fake1
install_fake_package
firefox "${FAKE_FIREFOX
_VERSION}" web
install_debian_extensions "${TBB_EXT}" ${DEBIAN_EXT_PKGS}
mkdir -p "${TBB_PROFILE}"
...
...
config/chroot_local-hooks/11-localize_browser
View file @
ed69f655
...
...
@@ -19,11 +19,10 @@ echo "Localize each supported browser locale"
ensure_hook_dependency_is_installed p7zip imagemagick
TBB_LOCALIZED_SEARCHPLUGINS_DIR
=
"
${
TBB_INSTALL
}
/distribution/searchplugins/locale/"
BROWSER_LOCALIZATION_DIR
=
"/usr/share/tails/browser-localization"
DESCRIPTIONS_FILE
=
"
${
BROWSER_LOCALIZATION_DIR
}
/descriptions"
LOCALE_PROFILES_DIR
=
"/etc/tor-browser/locale-profiles/"
NO_SPELLCHECKER_LOCALES
=
"ja
ko nl pl
tr zh"
NO_SPELLCHECKER_LOCALES
=
"ja tr zh"
# Sanity check that each supported Tor Browser locale has a
# description for how to localize it further.
...
...
@@ -34,21 +33,21 @@ for LOCALE in $(supported_tor_browser_locales); do
fi
done
if
[
-n
"
${
BROKEN_LOCALES
}
"
]
;
then
echo
"The following supported browser locales lack
search plugin
descriptions in
${
DESCRIPTIONS_FILE
}
:
${
BROKEN_LOCALES
}
"
>
&2
echo
"The following supported browser locales lack descriptions in
${
DESCRIPTIONS_FILE
}
:
${
BROKEN_LOCALES
}
"
>
&2
exit
1
fi
# This very long while-loop is fed the DESCRIPTIONS_FILE (IO
# redirection at the bottom), which describes how we will localize
# each supported Tor Browser locale. The format is:
# MOZILLA_LOCALE:LOCATION:LOCALIZED_LANG
:STARTPAGE_LANG:STARTPAGE_LANG_UI
# MOZILLA_LOCALE:LOCATION:LOCALIZED_LANG
# Note that we're forced to pick some representative location for the
# language-only locales, like Egypt (EG) for Arabic (ar).
while
IFS
=
:
read
MOZILLA_LOCALE LOCATION LOCALIZED_LANG
STARTPAGE_LANG STARTPAGE_LANG_UI
;
do
while
IFS
=
:
read
MOZILLA_LOCALE LOCATION LOCALIZED_LANG
;
do
if
[
-z
"
${
MOZILLA_LOCALE
}
"
]
||
[
-z
"
${
LOCATION
}
"
]
||
\
[
-z
"
${
LOCALIZED_LANG
}
"
]
||
[
-z
"
${
STARTPAGE_LANG
}
"
]
;
then
[
-z
"
${
LOCALIZED_LANG
}
"
]
;
then
echo
"Something is wrong with
${
DESCRIPTIONS_FILE
}
"
>
&2
echo
"Description:
${
MOZILLA_LOCALE
}
:
${
LOCATION
}
:
${
LOCALIZED_LANG
}
:
${
STARTPAGE_LANG
}
:
${
STARTPAGE_LANG_UI
}
"
>
&2
echo
"Description:
${
MOZILLA_LOCALE
}
:
${
LOCATION
}
:
${
LOCALIZED_LANG
}
"
>
&2
exit
1
fi
...
...
@@ -64,67 +63,11 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
NORMAL_LOCALE
=
"
${
MOZILLA_LOCALE
}
_
${
LOCATION
}
"
fi
LANG_CODE
=
"
$(
language_code_from_locale
"
${
NORMAL_LOCALE
}
"
)
"
TARGET_SEARCHPLUGINS_DIR
=
"
${
TBB_LOCALIZED_SEARCHPLUGINS_DIR
}
/
${
MOZILLA_LOCALE
}
"
mkdir
-p
"
${
TARGET_SEARCHPLUGINS_DIR
}
"
if
[
-z
"
${
STARTPAGE_LANG_UI
}
"
]
;
then
STARTPAGE_LANG_UI
=
english
fi
sed
-e
"s/
\$
{LOCALIZED_LANG}/
${
LOCALIZED_LANG
}
/"
\
-e
"s/
\$
{LANG}/
${
STARTPAGE_LANG
}
/"
\
-e
"s/
\$
{LANG_UI}/
${
STARTPAGE_LANG
}
/"
\
"
${
BROWSER_LOCALIZATION_DIR
}
/startpage.xml-template"
>
\
"
${
TARGET_SEARCHPLUGINS_DIR
}
/startpage-
${
MOZILLA_LOCALE
}
.xml"
DDG_PLUGIN
=
"
${
TARGET_SEARCHPLUGINS_DIR
}
/ddg-
${
MOZILLA_LOCALE
}
.xml"
DDG_LANG_UI
=
"
${
NORMAL_LOCALE
}
"
if
[
"
${
DDG_LANG_UI
}
"
=
"vi_VN"
]
;
then
# DDG uses a non-standard locale for Vietnamese
DDG_LANG_UI
=
"vi_VI"
fi
sed
-e
"s/
\$
{LOCALIZED_LANG}/
${
LOCALIZED_LANG
}
/"
\
-e
"s/
\$
{LANG_UI}/
${
DDG_LANG_UI
}
/"
\
"
${
BROWSER_LOCALIZATION_DIR
}
/ddg.xml-template"
>
\
"
${
DDG_PLUGIN
}
"
# We generate a Wikipedia plugin with localized icons since we
# want to provide both English and the locale's plugin, and
# Firefox' new search bar only shows icons; the description (which
# is localized) is only shown in a pop-up nowdays, so it's easy to
# mix them up.
CAPITALIZED_LANG_CODE
=
"
$(
echo
"
${
LANG_CODE
}
"
|
tr
'a-z'
'A-Z'
)
"
LOCALIZED_WIKIPEDIA_ICON_PATH
=
"/tmp/wikipedia-icon-
${
LANG_CODE
}
.png"
WIKIPEDIA_SEARCH_ICON_BASE64_PATH
=
"
${
LOCALIZED_WIKIPEDIA_ICON_PATH
}
.base64"
WIKIPEDIA_ICON_TEMPLATE
=
"
${
BROWSER_LOCALIZATION_DIR
}
/Wikipedia-icon.png"
convert
"
${
WIKIPEDIA_ICON_TEMPLATE
}
"
\
-gravity
SouthEast
-pointsize
130
-font
Liberation-Sans-Bold
\
-fill
black
-annotate
0
"
${
CAPITALIZED_LANG_CODE
}
"
\
+set
date
:create +set
date
:modify
-define
png:exclude-chunk
=
time
\
-resize
16x16
"
${
LOCALIZED_WIKIPEDIA_ICON_PATH
}
"
base64
"
${
LOCALIZED_WIKIPEDIA_ICON_PATH
}
"
|
tr
-d
"
\n
"
>
\
"
${
WIKIPEDIA_SEARCH_ICON_BASE64_PATH
}
"
sed
-e
"s/
\$
{LANG_CODE}/
${
LANG_CODE
}
/"
\
-e
"s/
\$
{LOCALIZED_LANG}/
${
LOCALIZED_LANG
}
/"
\
-e
"/
\$
{BASE64_PNG_16x16}/ r
${
WIKIPEDIA_SEARCH_ICON_BASE64_PATH
}
"
\
-e
"/
\$
{BASE64_PNG_16x16}/d"
\
"
${
BROWSER_LOCALIZATION_DIR
}
/wikipedia.xml-template"
>
\
"
${
TARGET_SEARCHPLUGINS_DIR
}
/wikipedia-
${
MOZILLA_LOCALE
}
.xml"
rm
"
${
LOCALIZED_WIKIPEDIA_ICON_PATH
}
"
\
"
${
WIKIPEDIA_SEARCH_ICON_BASE64_PATH
}
"
# Our Tor Browser wrapper script will make use of the following
# per-locale profiles to set localized defaults for various prefs.
mkdir
-p
"
${
LOCALE_PROFILES_DIR
}
"
LOCALE_PROFILE_FILE
=
"
${
LOCALE_PROFILES_DIR
}
/
${
MOZILLA_LOCALE
}
.js"
for
KEY
in
browser.search.defaultenginename
\
browser.search.selectedEngine
;
do
PLUGIN
=
"DuckDuckGo -
${
LOCALIZED_LANG
}
"
if
!
grep
-q
"<ShortName>
${
PLUGIN
}
</ShortName>"
"
${
DDG_PLUGIN
}
"
;
then
echo
"Trying to make search plugin '
${
PLUGIN
}
' the default for
${
MOZILLA_LOCALE
}
but it unexpectedly wasn't the one we generated earlier"
>
&2
exit
1
fi
set_mozilla_pref
"
${
LOCALE_PROFILE_FILE
}
"
"
${
KEY
}
"
"
\"
${
PLUGIN
}
\"
"
done
TBB_DICTIONARIES_DIR
=
"
${
TBB_INSTALL
}
/dictionaries"
unset
SPELLCHECKER_LOCALE
for
LOCALE
in
"
${
NORMAL_LOCALE
}
"
"
${
LANG_CODE
}
"
;
do
...
...
@@ -142,7 +85,8 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
fi
set_mozilla_pref
"
${
LOCALE_PROFILE_FILE
}
"
\
"spellchecker.dictionary"
\
"
\"
${
SPELLCHECKER_LOCALE
}
\"
"
"
\"
${
SPELLCHECKER_LOCALE
}
\"
"
\
"user_pref"
HOMEPAGE
=
"https://tails.boum.org/home/"
if
echo
"
${
TAILS_WIKI_SUPPORTED_LANGUAGES
}
"
|
grep
-qw
"
${
LANG_CODE
}
"
;
then
HOMEPAGE
=
"
${
HOMEPAGE
}
index.
${
LANG_CODE
}
.html"
...
...
@@ -154,47 +98,6 @@ done < "${DESCRIPTIONS_FILE}"
# This directory is not needed after build time.
rm
-r
"
${
BROWSER_LOCALIZATION_DIR
}
"
# Remove unwanted browser search plugins bundled in the Tor Browser.
# Note for posterity: the searchplugins/list.txt file must not be
# removed! It must list the filename (excl. .xml) of each plugin
# present, otherwise they won't work. It's not a problem to list
# nonexisting ones, so as long as we delete plugins we do not have to
# alter it.
7z d
-mtc
=
off
-tzip
"
${
TBB_INSTALL
}
/browser/omni.ja"
\
'chrome/en-US/locale/browser/searchplugins/ddg*.xml'
\
'chrome/en-US/locale/browser/searchplugins/startpage*.xml'
\
'chrome/en-US/locale/browser/searchplugins/wikipedia*.xml'
\
'chrome/en-US/locale/browser/searchplugins/yahoo*.xml'
# For consistency, fixup the internal timestamps of these archives with
# the same ones used by the Tor Browser instead of SOURCE_DATE_EPOCH.
tbb_timestamp
=
"
$(
date
--date
=
'2000-01-01 00:00:00'
+%s
)
"
strip_nondeterminism_wrapper
--type
zip
--timestamp
"
${
tbb_timestamp
}
"
\
"
${
TBB_INSTALL
}
/browser/omni.ja"
2>/dev/null
for
pack
in
"
${
TBB_EXT
}
"
/langpack-
*
.xpi
;
do