Commit ed69f655 authored by Ulrike Uhlig's avatar Ulrike Uhlig
Browse files

Merge branch 'feature/14594-asp-gui' of webmasters.boum.org:wiki into feature/14594-asp-gui

parents 46c59d71 57a4453c

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.
...@@ -23,11 +23,11 @@ ...@@ -23,11 +23,11 @@
/config/source /config/source
/config/chroot_local-includes/etc/amnesia/environment /config/chroot_local-includes/etc/amnesia/environment
/config/chroot_local-includes/etc/amnesia/version /config/chroot_local-includes/etc/amnesia/version
/config/chroot_local-includes/usr/share/amnesia/readahead-list
/config/chroot_local-includes/usr/share/amnesia/build/variables
/config/chroot_local-includes/usr/share/doc/Changelog /config/chroot_local-includes/usr/share/doc/Changelog
/config/chroot_local-includes/usr/share/doc/amnesia/Changelog /config/chroot_local-includes/usr/share/doc/amnesia/Changelog
/config/chroot_local-includes/usr/share/doc/tails/website /config/chroot_local-includes/usr/share/doc/tails/website
/config/chroot_local-includes/usr/share/tails/build/variables
/config/chroot_local-includes/usr/share/tails/readahead-list
/.lock /.lock
/.stage /.stage
/source /source
......
...@@ -647,7 +647,7 @@ namespace :basebox do ...@@ -647,7 +647,7 @@ namespace :basebox do
boxes.sort! { |a, b| basebox_date(a) <=> basebox_date(b) } boxes.sort! { |a, b| basebox_date(a) <=> basebox_date(b) }
boxes.pop boxes.pop
boxes.each do |box| boxes.each do |box|
if basebox_date(box) < Date.today - 365.0/3.0 if basebox_date(box) < Date.today - 365.0/2.0
clean_up_basebox(box) clean_up_basebox(box)
end end
end end
......
...@@ -50,15 +50,15 @@ rm -rf cache/stages_rootfs ...@@ -50,15 +50,15 @@ rm -rf cache/stages_rootfs
# save variables that are needed by chroot_local-hooks # save variables that are needed by chroot_local-hooks
echo "KERNEL_VERSION=${KERNEL_VERSION}" \ echo "KERNEL_VERSION=${KERNEL_VERSION}" \
>> config/chroot_local-includes/usr/share/amnesia/build/variables >> config/chroot_local-includes/usr/share/tails/build/variables
echo "KERNEL_SOURCE_VERSION=${KERNEL_SOURCE_VERSION}" \ echo "KERNEL_SOURCE_VERSION=${KERNEL_SOURCE_VERSION}" \
>> config/chroot_local-includes/usr/share/amnesia/build/variables >> config/chroot_local-includes/usr/share/tails/build/variables
echo "LB_DISTRIBUTION=${LB_DISTRIBUTION}" >> config/chroot_local-includes/usr/share/amnesia/build/variables echo "LB_DISTRIBUTION=${LB_DISTRIBUTION}" >> config/chroot_local-includes/usr/share/tails/build/variables
echo "POTFILES_DOT_IN='$( echo "POTFILES_DOT_IN='$(
/bin/grep -E --no-filename '[^ #]*\.in$' po/POTFILES.in \ /bin/grep -E --no-filename '[^ #]*\.in$' po/POTFILES.in \
| sed -e 's,^config/chroot_local-includes,,' | tr "\n" ' ' | sed -e 's,^config/chroot_local-includes,,' | tr "\n" ' '
)'" \ )'" \
>> config/chroot_local-includes/usr/share/amnesia/build/variables >> config/chroot_local-includes/usr/share/tails/build/variables
# fix permissions on some source files that will be copied as is to the chroot. # fix permissions on some source files that will be copied as is to the chroot.
# they may be wrong, e.g. if the Git repository was cloned with a strict umask. # they may be wrong, e.g. if the Git repository was cloned with a strict umask.
...@@ -111,7 +111,7 @@ DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --keyring=$DEBOOTSTRAP_GNUPG_KEYRING" ...@@ -111,7 +111,7 @@ DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --keyring=$DEBOOTSTRAP_GNUPG_KEYRING"
export DEBOOTSTRAP_OPTIONS export DEBOOTSTRAP_OPTIONS
: ${MKSQUASHFS_OPTIONS:='-comp xz -Xbcj x86 -b 1024K -Xdict-size 1024K -no-exports'} : ${MKSQUASHFS_OPTIONS:='-comp xz -Xbcj x86 -b 1024K -Xdict-size 1024K -no-exports'}
MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -wildcards -ef chroot/usr/share/amnesia/build/mksquashfs-excludes" MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -wildcards -ef chroot/usr/share/tails/build/mksquashfs-excludes"
export MKSQUASHFS_OPTIONS export MKSQUASHFS_OPTIONS
# build the doc wiki # build the doc wiki
......
...@@ -33,7 +33,7 @@ for list in config/chroot_local-packageslists/*.list ; do ...@@ -33,7 +33,7 @@ for list in config/chroot_local-packageslists/*.list ; do
done done
# files copied or created in the build stage # files copied or created in the build stage
rm -f config/chroot_local-includes/usr/share/amnesia/build/variables rm -f config/chroot_local-includes/usr/share/tails/build/variables
# static wiki # static wiki
rm -rf config/chroot_local-includes/usr/share/doc/tails/website wiki/src/.ikiwiki rm -rf config/chroot_local-includes/usr/share/doc/tails/website wiki/src/.ikiwiki
......
...@@ -184,11 +184,11 @@ cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog ...@@ -184,11 +184,11 @@ cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog
# create readahead-list from squashfs.sort # create readahead-list from squashfs.sort
if [ -e config/binary_rootfs/squashfs.sort ]; then if [ -e config/binary_rootfs/squashfs.sort ]; then
mkdir -p config/chroot_local-includes/usr/share/amnesia mkdir -p config/chroot_local-includes/usr/share/tails
sort -k2 -n -r config/binary_rootfs/squashfs.sort | \ sort -k2 -n -r config/binary_rootfs/squashfs.sort | \
cut -d' ' -f1 | \ cut -d' ' -f1 | \
grep --invert-match --extended-regexp "$READAHEAD_EXCLUDE_PATTERN" \ grep --invert-match --extended-regexp "$READAHEAD_EXCLUDE_PATTERN" \
> config/chroot_local-includes/usr/share/amnesia/readahead-list > config/chroot_local-includes/usr/share/tails/readahead-list
fi fi
# custom APT sources # custom APT sources
......
...@@ -25,13 +25,4 @@ if ! "${git_dir}/bin/sanity-check-website" ; then ...@@ -25,13 +25,4 @@ if ! "${git_dir}/bin/sanity-check-website" ; then
fi fi
fi fi
# If I knew Ikiwiki better I'd probably figure out how to just make it ikiwiki -setup ikiwiki.setup -refresh "$@"
# keep the misc/*.html files as-is instead of this hack.
fixup_14962_workaround() {
mkdir -p config/chroot_local-includes/usr/share/doc/tails/website/misc
rm -f config/chroot_local-includes/usr/share/doc/tails/website/misc/*
cp wiki/src/misc/*.html \
config/chroot_local-includes/usr/share/doc/tails/website/misc
}
ikiwiki -setup ikiwiki.setup -refresh "$@" && fixup_14962_workaround
...@@ -26,7 +26,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose" ...@@ -26,7 +26,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20" REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
# Kernel version # Kernel version
KERNEL_VERSION='4.15.0-3' KERNEL_VERSION='4.17.0-2'
KERNEL_SOURCE_VERSION=$( KERNEL_SOURCE_VERSION=$(
echo "$KERNEL_VERSION" \ echo "$KERNEL_VERSION" \
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms' | perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
......
This diff is collapsed.
...@@ -53,6 +53,31 @@ Package: thunderbird* calendar-google-provider ...@@ -53,6 +53,31 @@ Package: thunderbird* calendar-google-provider
Pin: origin deb.tails.boum.org Pin: origin deb.tails.boum.org
Pin-Priority: 999 Pin-Priority: 999
Explanation: src:libdrm
Package: libdrm*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:libclc
Package: libclc*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:libglvnd
Package: libglvnd* libegl1 libgles2 libgl1 libglx0 libopengl0
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:llvm-toolchain-5.0
Package: clang* libclang* libfuzzer-* python-clang-* libllvm* llvm-* lld-* liblld-* lldb-* liblldb-* python-lldb-*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:mesa
Package: lib*-mesa* libgbm* libosmesa* libxatracker* mesa*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Package: obfs4proxy Package: obfs4proxy
Pin: release o=TorProject,n=obfs4proxy Pin: release o=TorProject,n=obfs4proxy
Pin-Priority: 990 Pin-Priority: 990
...@@ -63,10 +88,6 @@ Package: systemd systemd-sysv systemd-container systemd-journal-remote systemd-c ...@@ -63,10 +88,6 @@ Package: systemd systemd-sysv systemd-container systemd-journal-remote systemd-c
Pin: release o=Debian,n=stretch-backports Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999 Pin-Priority: 999
Package: onionshare
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: openpgp-applet Package: openpgp-applet
Pin: release o=Debian,n=sid Pin: release o=Debian,n=sid
Pin-Priority: 999 Pin-Priority: 999
...@@ -75,8 +96,21 @@ Package: tails-installer ...@@ -75,8 +96,21 @@ Package: tails-installer
Pin: origin deb.tails.boum.org Pin: origin deb.tails.boum.org
Pin-Priority: 999 Pin-Priority: 999
Package: tor tor-geoipdb
Pin: release o=TorProject,n=tor-nightly-0.3.4.x-stretch
Pin-Priority: 999
Package: virtualbox* Package: virtualbox*
Pin: release o=Debian,n=sid Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Explanation: src:vulkan
Package: vulcan* libvulkan*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Package: wayland-protocols
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999 Pin-Priority: 999
Explanation: src:xorg-server Explanation: src:xorg-server
...@@ -84,7 +118,7 @@ Package: xserver-xorg-core xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-x ...@@ -84,7 +118,7 @@ Package: xserver-xorg-core xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-x
Pin: release o=Debian,n=stretch Pin: release o=Debian,n=stretch
Pin-Priority: 999 Pin-Priority: 999
Package: xul-ext-ublock-origin Package: webext-ublock-origin
Pin: release o=Debian,n=sid Pin: release o=Debian,n=sid
Pin-Priority: 999 Pin-Priority: 999
......
...@@ -17,10 +17,6 @@ ensure_hook_dependency_is_installed python3-setuptools ...@@ -17,10 +17,6 @@ ensure_hook_dependency_is_installed python3-setuptools
python3 setup.py install python3 setup.py install
package_glob_pattern="/usr/local/lib/python3.*/dist-packages/Tailslib*.egg" package_glob_pattern="/usr/local/lib/python3.*/dist-packages/Tailslib*.egg"
if [ ! -f ${package_glob_pattern} ]; then strip_nondeterminism_wrapper --type zip ${package_glob_pattern}
echo "Cannot find Tailslib Python package \"${package_glob_pattern}\"" >&2
exit 1
fi
strip_nondeterminism_wrapper --type zip "$(realpath ${package_glob_pattern})" 2>/dev/null
) )
rm -rf /tmp/pythonlib rm -rf /tmp/pythonlib
...@@ -19,7 +19,7 @@ rm -f ${DOT_ORIG_WHITELIST_DELETE} ...@@ -19,7 +19,7 @@ rm -f ${DOT_ORIG_WHITELIST_DELETE}
DOT_ORIG_FILES=$(find / -type f -name *.orig || :) DOT_ORIG_FILES=$(find / -type f -name *.orig || :)
if [ "$DOT_ORIG_FILES" != "$DOT_ORIG_WHITELIST_KEEP" ]; then if [ "$DOT_ORIG_FILES" != "$DOT_ORIG_WHITELIST_KEEP" ]; then
echo "Some patches are fuzzy and leave .orig files around:" >&2 echo "E: Some patches are fuzzy and leave .orig files around:" >&2
echo "$DOT_ORIG_FILES" >&2 echo "$DOT_ORIG_FILES" >&2
exit 1 exit 1
fi fi
...@@ -6,14 +6,46 @@ set -e ...@@ -6,14 +6,46 @@ set -e
echo "Change GIDs and UIDs" echo "Change GIDs and UIDs"
TPS_GROUP_STEALER=$(getent group 122 | awk -F ':' '{print $1}') Change_uid () {
if [ -n "$TPS_GROUP_STEALER" ]; then NAME="$1"
groupmod --gid 150 "$TPS_GROUP_STEALER" NEW="$2"
find / -wholename /proc -prune -o \( \! -type l -a -gid 122 -exec chgrp 150 '{}' \; \) OLD="$(getent passwd "$NAME" | awk -F ':' '{print $3}')"
fi
if [ -n "$OLD" ]; then
TPS_USER_STEALER=$(getent passwd 115 | awk -F ':' '{print $1}') echo "Changing UID for $NAME ($OLD -> $NEW)"
if [ -n "$TPS_USER_STEALER" ]; then usermod --uid "$NEW" "$NAME"
usermod --uid 150 "$TPS_USER_STEALER" find / -wholename /proc -prune -o \( \! -type l -a -uid "$OLD" -exec chown "$NEW" '{}' \; \)
find / -wholename /proc -prune -o \( \! -type l -a -uid 115 -exec chown 150 '{}' \; \) fi
fi }
Change_gid () {
NAME="$1"
NEW="$2"
OLD="$(getent group "$NAME" | awk -F ':' '{print $3}')"
if [ -n "$OLD" ]; then
echo "Changing GID for $NAME ($OLD -> $NEW)"
groupmod --gid "$NEW" "$NAME"
find / -wholename /proc -prune -o \( \! -type l -a -gid "$OLD" -exec chgrp "$NEW" '{}' \; \)
fi
}
Change_uid tails-persistent-setup 150
Change_gid tails-persistent-setup 150
### Ensure GIDs are stable accross releases
# ... otherwise, things such as tor@service are broken
# after applying an automatic upgrade (#15695, #15424, #13426, #15407)
# Temporarily give these groups a GID that's out of the way, to avoid collisions
Change_gid vboxsf 1120
Change_gid monkeysphere 1130
Change_gid debian-tor 1140
Change_gid lpadmin 1150
# Finally, give these groups the desired GID
Change_gid vboxsf 112
Change_gid monkeysphere 113
Change_gid debian-tor 114
Change_gid lpadmin 115
...@@ -5,7 +5,8 @@ set -e ...@@ -5,7 +5,8 @@ set -e
echo "Wrapping some applications with torsocks" echo "Wrapping some applications with torsocks"
APPS="gobby-0.5 net.sourceforge.liferea openpgp-applet seahorse" APPS="gobby-0.5 net.sourceforge.liferea openpgp-applet seahorse"
DBUS_SERVICES="net.sourceforge.liferea org.gnome.seahorse.Application org.fedoraproject.Config.Printing" DBUS_SERVICES="org.gnome.seahorse.Application org.fedoraproject.Config.Printing"
WRAPPED_DBUS_SERVICES="net.sourceforge.liferea"
for app in $APPS; do for app in $APPS; do
sed -i'' --regexp-extended 's,^Exec=(.*),Exec=torsocks \1,' \ sed -i'' --regexp-extended 's,^Exec=(.*),Exec=torsocks \1,' \
...@@ -17,6 +18,12 @@ for dbus_service in $DBUS_SERVICES; do ...@@ -17,6 +18,12 @@ for dbus_service in $DBUS_SERVICES; do
"/usr/share/dbus-1/services/${dbus_service}.service" "/usr/share/dbus-1/services/${dbus_service}.service"
done done
# Wrapped by both torsocks and a binary in /usr/local
for dbus_service in $WRAPPED_DBUS_SERVICES; do
sed -i'' --regexp-extended 's,^Exec=/usr/(.*),Exec=/usr/bin/torsocks /usr/local/\1,' \
"/usr/share/dbus-1/services/${dbus_service}.service"
done
# Redirect to existing wrapper # Redirect to existing wrapper
sed -i'' --regexp-extended 's,^Exec=pidgin$,Exec=/usr/local/bin/pidgin,' \ sed -i'' --regexp-extended 's,^Exec=pidgin$,Exec=/usr/local/bin/pidgin,' \
"/usr/share/applications/pidgin.desktop" "/usr/share/applications/pidgin.desktop"
......
...@@ -118,17 +118,14 @@ EOF ...@@ -118,17 +118,14 @@ EOF
# TBB works around the lack of code signing for its extensions by # TBB works around the lack of code signing for its extensions by
# hacking in exceptions. We do the same! # hacking in exceptions. We do the same!
apply_extension_code_signing_hacks () { apply_extension_code_signing_hacks () {
local destination tmp tbb_timestamp local tbb_install tbb_timestamp
destination="${1}" tbb_install="${1}"
tbb_timestamp="${2}"
# For consistency we'll set timestamps of files we modify to the
# same one used by the Tor Browser instead of SOURCE_DATE_EPOCH.
tbb_timestamp="$(date --date='2000-01-01 00:00:00' +%s)"
tmp="$(mktemp -d)" tmp="$(mktemp -d)"
( (
cd "${tmp}" cd "${tmp}"
7z x -tzip "${TBB_INSTALL}/omni.ja" 7z x -tzip "${tbb_install}/omni.ja"
patch -p1 <<EOF patch -p1 <<EOF
diff -Naur a/chrome/toolkit/content/mozapps/extensions/extensions.js b/chrome/toolkit/content/mozapps/extensions/extensions.js diff -Naur a/chrome/toolkit/content/mozapps/extensions/extensions.js b/chrome/toolkit/content/mozapps/extensions/extensions.js
--- a/chrome/toolkit/content/mozapps/extensions/extensions.js 2000-01-01 00:00:00.000000000 +0000 --- a/chrome/toolkit/content/mozapps/extensions/extensions.js 2000-01-01 00:00:00.000000000 +0000
...@@ -167,14 +164,14 @@ diff -Naur a/modules/addons/XPIProvider.jsm b/modules/addons/XPIProvider.jsm ...@@ -167,14 +164,14 @@ diff -Naur a/modules/addons/XPIProvider.jsm b/modules/addons/XPIProvider.jsm
EOF EOF
touch --date="@${tbb_timestamp}" modules/addons/XPIProvider.jsm \ touch --date="@${tbb_timestamp}" modules/addons/XPIProvider.jsm \
chrome/toolkit/content/mozapps/extensions/extensions.js chrome/toolkit/content/mozapps/extensions/extensions.js
rm "${TBB_INSTALL}/omni.ja" rm "${tbb_install}/omni.ja"
7z a -mtc=off -tzip "${TBB_INSTALL}/omni.ja" * 7z a -mtc=off -tzip "${tbb_install}/omni.ja" *
) )
rm -r "${tmp}" rm -r "${tmp}"
tmp="$(mktemp -d)" tmp="$(mktemp -d)"
( (
cd "${tmp}" cd "${tmp}"
7z x -tzip "${TBB_INSTALL}/browser/omni.ja" 7z x -tzip "${tbb_install}/browser/omni.ja"
patch -p1 <<EOF patch -p1 <<EOF
diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js
--- a/components/nsBrowserGlue.js 2000-01-01 00:00:00.000000000 +0000 --- a/components/nsBrowserGlue.js 2000-01-01 00:00:00.000000000 +0000
...@@ -191,44 +188,47 @@ diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js ...@@ -191,44 +188,47 @@ diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js
} }
EOF EOF
touch --date="@${tbb_timestamp}" components/nsBrowserGlue.js touch --date="@${tbb_timestamp}" components/nsBrowserGlue.js
rm "${TBB_INSTALL}/browser/omni.ja" rm "${tbb_install}/browser/omni.ja"
7z a -mtc=off -tzip "${TBB_INSTALL}/browser/omni.ja" * 7z a -mtc=off -tzip "${tbb_install}/browser/omni.ja" *
) )
rm -r "${tmp}" rm -r "${tmp}"
for archive in "${TBB_INSTALL}/omni.ja" "${TBB_INSTALL}/browser/omni.ja"; do
strip_nondeterminism_wrapper --type zip --timestamp "${tbb_timestamp}" \
"${archive}" 2>/dev/null
done
} }
# Modern Firefox doesn't apply browser.search.defaultenginename on apply_prefs_hacks() {
# start, and the other ways to get it to work (e.g. pre-generating local tbb_install tmp tbb_timestamp
# search.json.mozlz4) seems rather complex. Instead, let's just make tbb_install="${1}"
# browser.search.defaultenginename work again by employing some tbb_timestamp="${2}"
# Enterprise features to run arbitrary JavaScript with access to the
# Firefox internals. For the details of this feature, see:
# https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment
apply_default_searchengine_hacks () {
local destination
destination="${1}"
cat > "${destination}/defaults/pref/autoconfig.js" <<EOF
// This file must start with a comment
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
EOF
cat > "${destination}/mozilla.cfg" <<EOF tmp="$(mktemp -d)"
// This file must start with a comment (
var searchService = Components.classes["@mozilla.org/browser/search-service;1"].getService(Components.interfaces.nsIBrowserSearchService); cd "${tmp}"
var engineName = getPref("browser.search.defaultenginename"); 7z x -tzip "${tbb_install}/browser/omni.ja"
if (engineName) { # Remove TBB's Tor Launcher settings since we don't enable it in
var engine = searchService.getEngineByName(engineName); # our Tor Browser.
if (engine) { sed -i '/extensions\.torlauncher\./d' defaults/preferences/000-tor-browser.js
searchService.currentEngine = engine; # Display the Stop/Reload button: our test suite currently depends on it
} perl -pi -E \
's/^(pref\("browser.uiCustomization.state",.*\\"loop-button\\")/$1,\\"stop-reload-button\\"/' \
defaults/preferences/000-tor-browser.js
# Append our custom prefs
cat /usr/share/tails/tor-browser-prefs.js \
>> defaults/preferences/000-tor-browser.js
touch --date="@${tbb_timestamp}" defaults/preferences/000-tor-browser.js
rm "${tbb_install}/browser/omni.ja"
7z a -mtc=off -tzip "${tbb_install}/browser/omni.ja" *
)
rm -r "${tmp}"
} }
EOF
strip_nondeterminism () {
local tbb_install tbb_timestamp
tbb_install="${1}"
tbb_timestamp="${2}"
for archive in "${tbb_install}/omni.ja" "${tbb_install}/browser/omni.ja"; do
strip_nondeterminism_wrapper --type zip --timestamp "${tbb_timestamp}" \
"${archive}" 2>/dev/null
done
} }
install_langpacks_from_bundles() { install_langpacks_from_bundles() {
...@@ -262,8 +262,9 @@ install_debian_extensions() { ...@@ -262,8 +262,9 @@ install_debian_extensions() {
destination="${1}" destination="${1}"
shift shift
apt-get install --yes "${@}" apt-get install --yes "${@}"
ln -s /usr/share/xul-ext/ublock-origin/ \ ln -s /usr/share/webext/ublock-origin/ \
"${destination}"/'uBlock0@raymondhill.net' "${destination}"/'uBlock0@raymondhill.net'
patch -p1 < /usr/share/tails/uBlock-disable-autoUpdate.diff
} }
create_default_profile() { create_default_profile() {
...@@ -275,16 +276,16 @@ create_default_profile() { ...@@ -275,16 +276,16 @@ create_default_profile() {
rsync -a --exclude bookmarks.html --exclude extensions \ rsync -a --exclude bookmarks.html --exclude extensions \
"${tbb_profile}"/ "${destination}"/ "${tbb_profile}"/ "${destination}"/
# Remove TBB's Tor Launcher settings since we don't enable it in
# our Tor Browser.
sed -i '/extensions\.torlauncher\./d' "${destination}"/preferences/extension-overrides.js
mkdir -p "${destination}"/extensions mkdir -p "${destination}"/extensions
for ext in "${tbb_extensions_dir}"/*; do for ext in "${tbb_extensions_dir}"/*; do
ln -s "${ext}" "${destination}"/extensions/ ln -s "${ext}" "${destination}"/extensions/
done done
} }
# For consistency we'll set timestamps of files we modify to the
# same one used by the Tor Browser instead of SOURCE_DATE_EPOCH.
TBB_TIMESTAMP="$(date --date='2000-01-01 00:00:00' +%s)"
TBB_SHA256SUMS_FILE=/usr/share/tails/tbb-sha256sums.txt TBB_SHA256SUMS_FILE=/usr/share/tails/tbb-sha256sums.txt
TBB_TARBALLS="$(grep "\<tor-browser-linux64-.*\.tar.xz$" "${TBB_SHA256SUMS_FILE}")" TBB_TARBALLS="$(grep "\<tor-browser-linux64-.*\.tar.xz$" "${TBB_SHA256SUMS_FILE}")"
...@@ -301,16 +302,17 @@ fi ...@@ -301,16 +302,17 @@ fi
TBB_DIST_URL_FILE=/usr/share/tails/tbb-dist-url.txt TBB_DIST_URL_FILE=/usr/share/tails/tbb-dist-url.txt
TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}")" TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}")"
# The Debian Iceweasel extensions we want to install and make # The Firefox extensions we want to install from Debian and make
# available in the Tor Browser. # available in the Tor Browser.
DEBIAN_EXT_PKGS="xul-ext-ublock-origin" DEBIAN_EXT_PKGS="webext-ublock-origin"
TMP="$(mktemp -d)" TMP="$(mktemp -d)"
download_and_verify_files "${TBB_TARBALLS_BASE_URL}" "${TBB_TARBALLS}" "${TMP}" download_and_verify_files "${TBB_TARBALLS_BASE_URL}" "${TBB_TARBALLS}" "${TMP}"
install_tor_browser "${TMP}/${MAIN_TARBALL}" "${TBB_INSTALL}" install_tor_browser "${TMP}/${MAIN_TARBALL}" "${TBB_INSTALL}"
apply_extension_code_signing_hacks "${TBB_INSTALL}" apply_extension_code_signing_hacks "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
apply_default_searchengine_hacks "${TBB_INSTALL}" apply_prefs_hacks "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
strip_nondeterminism "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
mkdir -p "${TBB_EXT}" mkdir -p "${TBB_EXT}"
if [ "${NIGHTLY_BUILD}" != yes ]; then if [ "${NIGHTLY_BUILD}" != yes ]; then
...@@ -324,11 +326,11 @@ rm -r "${TMP}" ...@@ -324,11 +326,11 @@ rm -r "${TMP}"
mv "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}" mv "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}"
rmdir "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions rmdir "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions
# ... and then install a few Iceweasel extension by using a fake # ... and then install a few Firefox extension by using a fake
# Iceweasel equivs package to satisfy the dependencies. # firefox equivs package to satisfy the dependencies.
FIREFOX_VERSION=$(get_firefox_version "${TBB_INSTALL}"/application.ini) FIREFOX_VERSION=$(get_firefox_version "${TBB_INSTALL}"/application.ini)
FAKE_ICEWEASEL_VERSION=${FIREFOX_VERSION}+fake1 FAKE_FIREFOX_VERSION=${FIREFOX_VERSION}+fake1
install_fake_package iceweasel "${FAKE_ICEWEASEL_VERSION}" web install_fake_package firefox "${FAKE_FIREFOX_VERSION}" web
install_debian_extensions "${TBB_EXT}" ${DEBIAN_EXT_PKGS} install_debian_extensions "${TBB_EXT}" ${DEBIAN_EXT_PKGS}
mkdir -p "${TBB_PROFILE}" mkdir -p "${TBB_PROFILE}"
......
...@@ -19,11 +19,10 @@ echo "Localize each supported browser locale" ...@@ -19,11 +19,10 @@ echo "Localize each supported browser locale"
ensure_hook_dependency_is_installed p7zip imagemagick ensure_hook_dependency_is_installed p7zip imagemagick