summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2016-02-11 14:19:12 +0000
committerintrigeri <intrigeri@boum.org>2016-02-11 14:19:12 +0000
commit614c63ea14fa5d9ee939eec013f8448fbb187f37 (patch)
tree39dffc6fd168ed448e7b86872839a4fed6e52ea6
parent4d769db08c705ee79c7a772e93041a7e4439a458 (diff)
parent2fc6d139c647b12199a88de8ccf7b41915b7211e (diff)
Merge remote-tracking branch 'origin/bugfix/7943-simplify-tor-launcher-profile-path-workaround' into devel
Fix-committed: #7943
-rwxr-xr-xconfig/chroot_local-hooks/10-tbb21
-rw-r--r--config/chroot_local-hooks/11-localize_browser2
-rwxr-xr-xconfig/chroot_local-hooks/20-xul-ext_symlinks5
-rw-r--r--config/chroot_local-includes/etc/environment11
-rw-r--r--config/chroot_local-includes/etc/sudoers.d/zzz_tor-launcher1
-rwxr-xr-xconfig/chroot_local-includes/usr/bin/tor-launcher30
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tor-browser12
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tor-launcher27
-rw-r--r--config/chroot_local-includes/usr/local/lib/tails-shell-library/tor-browser.sh3
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-tor-launcher29
-rw-r--r--features/step_definitions/browser.rb17
-rw-r--r--features/tor_bridges.feature1
12 files changed, 80 insertions, 79 deletions
diff --git a/config/chroot_local-hooks/10-tbb b/config/chroot_local-hooks/10-tbb
index 9c4a008..ac47e06 100755
--- a/config/chroot_local-hooks/10-tbb
+++ b/config/chroot_local-hooks/10-tbb
@@ -4,12 +4,13 @@ set -eu
echo "Install the Tor Browser"
-# Import the TBB_INSTALL, TBB_PROFILE and TBB_EXT variables, which
-# contains the paths we will split TBB's actual browser (binaries
-# etc), user data and extension into. While this differs from how the
-# TBB organizes the files, the end result will be the same, and it's
-# practical since when creating a new browser profile we can simply
-# copy the profile directory without duplicating all extensions.
+# Import the TBB_INSTALL, TBB_PROFILE, TBB_EXT and
+# TOR_LAUNCHER_INSTALL variables, which contains the paths we will
+# split TBB's actual browser (binaries etc), user data and extension
+# into. While this differs from how the TBB organizes the files, the
+# end result will be the same, and it's practical since when creating
+# a new browser profile we can simply copy the profile directory
+# without duplicating all extensions.
. /usr/local/lib/tails-shell-library/tor-browser.sh
download_and_verify_files() {
@@ -70,11 +71,11 @@ install_tor_browser() {
# profile but we want to keep it as a standalone application
# when Tails is started in "bridge mode".
torlauncher_xpi_path="${prep}/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi"
- 7z x -o'/usr/share/tor-launcher-standalone' "${torlauncher_xpi_path}"
+ 7z x -o"${TOR_LAUNCHER_INSTALL}" "${torlauncher_xpi_path}"
torlauncher_version="$(sed -n \
's,^ <em:version>\([0-9\.]\+\)</em:version>,\1,p' \
- '/usr/share/tor-launcher-standalone/install.rdf')"
- cat > '/usr/share/tor-launcher-standalone/application.ini' << EOF
+ "${TOR_LAUNCHER_INSTALL}/install.rdf")"
+ cat > "${TOR_LAUNCHER_INSTALL}/application.ini" << EOF
[App]
Vendor=TorProject
Name=TorLauncher
@@ -89,7 +90,7 @@ MaxVersion=*.*.*
[Shell]
Icon=icon.png
EOF
- chmod -R a+rX '/usr/share/tor-launcher-standalone'
+ chmod -R a+rX "${TOR_LAUNCHER_INSTALL}"
rm "${torlauncher_xpi_path}"
# The Tor Browser will fail, complaining about an incomplete profile,
diff --git a/config/chroot_local-hooks/11-localize_browser b/config/chroot_local-hooks/11-localize_browser
index e4a1c30..9b3cf78 100644
--- a/config/chroot_local-hooks/11-localize_browser
+++ b/config/chroot_local-hooks/11-localize_browser
@@ -86,7 +86,7 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
# mix them up.
CAPITALIZED_LANG_CODE="$(echo "${LANG_CODE}" | tr 'a-z' 'A-Z')"
LOCALIZED_WIKIPEDIA_ICON_PATH="/tmp/wikipedia-icon-${LANG_CODE}.png"
- WIKIPEDIA_SEARCH_ICON_BASE64_PATH="#{LOCALIZED_WIKIPEDIA_ICON_PATH}.base64"
+ WIKIPEDIA_SEARCH_ICON_BASE64_PATH="${LOCALIZED_WIKIPEDIA_ICON_PATH}.base64"
WIKIPEDIA_ICON_TEMPLATE="${BROWSER_LOCALIZATION_DIR}/Wikipedia-icon.png"
convert "${WIKIPEDIA_ICON_TEMPLATE}" \
-gravity SouthEast -pointsize 130 -font Liberation-Sans-Bold \
diff --git a/config/chroot_local-hooks/20-xul-ext_symlinks b/config/chroot_local-hooks/20-xul-ext_symlinks
index 6428394..68a3de4 100755
--- a/config/chroot_local-hooks/20-xul-ext_symlinks
+++ b/config/chroot_local-hooks/20-xul-ext_symlinks
@@ -4,5 +4,8 @@ set -e
echo "Creating prefs override for Tor Launcher"
+# Import the TOR_LAUNCHER_INSTALL variable.
+. /usr/local/lib/tails-shell-library/tor-browser.sh
+
ln -s /etc/xul-ext/tor-launcher.js \
- /usr/share/tor-launcher-standalone/defaults/preferences/000system.js
+ "${TOR_LAUNCHER_INSTALL}/defaults/preferences/000system.js"
diff --git a/config/chroot_local-includes/etc/environment b/config/chroot_local-includes/etc/environment
index 2667880..8c99aff 100644
--- a/config/chroot_local-includes/etc/environment
+++ b/config/chroot_local-includes/etc/environment
@@ -1,16 +1,5 @@
SOCKS_SERVER=127.0.0.1:9050
SOCKS5_SERVER=127.0.0.1:9050
-# Allow Torbutton access to the control port filter (for new identity).
-# Setting a password is required, otherwise Torbutton attempts to
-# read the authentication cookie file instead, which fails.
-TOR_CONTROL_HOST='127.0.0.1'
-TOR_CONTROL_PORT='9052'
-TOR_CONTROL_PASSWD='passwd'
-# Hide Torbutton's "Tor Network Settings..." context menu entry since
-# it doesn't work in Tails, and we deal with those configurations
-# strictly through Tor Launcher.
-TOR_NO_DISPLAY_NETWORK_SETTINGS='yes'
-
# Port that the monkeysphere validation agent listens on
MSVA_PORT='6136'
diff --git a/config/chroot_local-includes/etc/sudoers.d/zzz_tor-launcher b/config/chroot_local-includes/etc/sudoers.d/zzz_tor-launcher
deleted file mode 100644
index 373602b..0000000
--- a/config/chroot_local-includes/etc/sudoers.d/zzz_tor-launcher
+++ /dev/null
@@ -1 +0,0 @@
-Defaults!/usr/bin/tor-launcher always_set_home,env_keep+="TOR_CONFIGURE_ONLY TOR_CONTROL_PORT TOR_CONTROL_COOKIE_AUTH_FILE TOR_FORCE_NET_CONFIG TOR_HIDE_BROWSER_LOGO"
diff --git a/config/chroot_local-includes/usr/bin/tor-launcher b/config/chroot_local-includes/usr/bin/tor-launcher
deleted file mode 100755
index 0e48ffd..0000000
--- a/config/chroot_local-includes/usr/bin/tor-launcher
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Import exec_firefox() and configure_best_tor_launcher_locale()
-. /usr/local/lib/tails-shell-library/tor-browser.sh
-
-# The Tor Browser hardcodes the default profile dir to ../.. from the
-# folder storing the application.ini file supplied via -app. Sadly,
-# -profile doesn't work together with -app. Therefore we copy the
-# whole Tor Launcher application (just ~350 KB) into the user's home
-# so we can get the profile directory in a sane place.
-if [ ! -e "${HOME}"/.tor-launcher ]; then
- mkdir -p "${HOME}"/.tor-launcher
- cp -r /usr/share/tor-launcher-standalone "${HOME}"/.tor-launcher/tor-launcher-standalone
- mkdir -p "${HOME}"/.tor-launcher/TorBrowser/Data/Browser/
- cat << EOF > "${HOME}"/.tor-launcher/TorBrowser/Data/Browser/profiles.ini
-[General]
-StartWithLastProfile=1
-
-[Profile0]
-Name=default
-IsRelative=1
-Path=profile.default
-EOF
- mkdir -p "${HOME}"/.tor-launcher/TorBrowser/Data/Browser/profile.default/preferences
- configure_best_tor_launcher_locale "${HOME}"/.tor-launcher/TorBrowser/Data/Browser/profile.default
-fi
-
-exec_unconfined_firefox -app "${HOME}"/.tor-launcher/tor-launcher-standalone/application.ini
diff --git a/config/chroot_local-includes/usr/local/bin/tor-browser b/config/chroot_local-includes/usr/local/bin/tor-browser
index 90c5739..cb38ccf 100755
--- a/config/chroot_local-includes/usr/local/bin/tor-browser
+++ b/config/chroot_local-includes/usr/local/bin/tor-browser
@@ -20,6 +20,18 @@ PROFILE="${HOME}/.tor-browser/profile.default"
# Import exec_firefox() and configure_best_tor_browser_locale()
. /usr/local/lib/tails-shell-library/tor-browser.sh
+# Allow Torbutton access to the control port filter (for new identity).
+# Setting a password is required, otherwise Torbutton attempts to
+# read the authentication cookie file instead, which fails.
+export TOR_CONTROL_HOST='127.0.0.1'
+export TOR_CONTROL_PORT='9052'
+export TOR_CONTROL_PASSWD='passwd'
+# Hide Torbutton's "Tor Network Settings..." context menu entry since
+# it doesn't work in Tails, and we deal with those configurations
+# strictly through Tor Launcher.
+export TOR_NO_DISPLAY_NETWORK_SETTINGS='yes'
+
+
ask_for_confirmation() {
# Skip dialog if user is already running Tor Browser:
if pgrep -u amnesia -f "${TBB_INSTALL}/firefox" ; then
diff --git a/config/chroot_local-includes/usr/local/bin/tor-launcher b/config/chroot_local-includes/usr/local/bin/tor-launcher
new file mode 100755
index 0000000..fb4a8a9
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/bin/tor-launcher
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -e
+
+# Import the TOR_LAUNCHER_INSTALL variable, and exec_unconfined_firefox()
+# and configure_best_tor_launcher_locale()
+. /usr/local/lib/tails-shell-library/tor-browser.sh
+
+unset TOR_CONTROL_PASSWD
+unset TOR_FORCE_NET_CONFIG
+export TOR_CONFIGURE_ONLY=1
+export TOR_CONTROL_PORT=9051
+export TOR_CONTROL_COOKIE_AUTH_FILE=/var/run/tor/control.authcookie
+export TOR_HIDE_BROWSER_LOGO=1
+if echo "$@" | grep -qw -- --force-net-config; then
+ export TOR_FORCE_NET_CONFIG=1
+fi
+
+PROFILE="${HOME}/.tor-launcher/profile.default"
+if [ ! -d "${PROFILE}" ]; then
+ mkdir -p "${PROFILE}"
+ configure_best_tor_launcher_locale "${PROFILE}"
+fi
+
+exec_unconfined_firefox \
+ -app "${TOR_LAUNCHER_INSTALL}/application.ini" \
+ -profile "${PROFILE}"
diff --git a/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor-browser.sh b/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor-browser.sh
index 709dc5c..a365bc7 100644
--- a/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor-browser.sh
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor-browser.sh
@@ -3,7 +3,8 @@
TBB_INSTALL=/usr/local/lib/tor-browser
TBB_PROFILE=/etc/tor-browser/profile
TBB_EXT=/usr/local/share/tor-browser-extensions
-TOR_LAUNCHER_LOCALES_DIR=/usr/share/tor-launcher-standalone/chrome/locale
+TOR_LAUNCHER_INSTALL=/usr/local/lib/tor-launcher-standalone
+TOR_LAUNCHER_LOCALES_DIR="${TOR_LAUNCHER_INSTALL}/chrome/locale"
exec_firefox() {
LD_LIBRARY_PATH="${TBB_INSTALL}"
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-tor-launcher b/config/chroot_local-includes/usr/local/sbin/tails-tor-launcher
index f8ffb7d..91c0104 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-tor-launcher
+++ b/config/chroot_local-includes/usr/local/sbin/tails-tor-launcher
@@ -5,28 +5,20 @@ set -e
# Import export_gnome_env().
. /usr/local/lib/tails-shell-library/gnome.sh
-unset TOR_CONTROL_PASSWD
-unset TOR_FORCE_NET_CONFIG
-TOR_CONFIGURE_ONLY=1
-TOR_CONTROL_PORT=9051
-TOR_CONTROL_COOKIE_AUTH_FILE=/var/run/tor/control.authcookie
-TOR_HIDE_BROWSER_LOGO=1
-export TOR_CONFIGURE_ONLY
-export TOR_CONTROL_PORT
-export TOR_CONTROL_COOKIE_AUTH_FILE
-export TOR_HIDE_BROWSER_LOGO
-
-if echo "$@" | grep -qw -- --force-net-config; then
- TOR_FORCE_NET_CONFIG=1
- export TOR_FORCE_NET_CONFIG
-fi
-
# Get LIVE_USERNAME
. /etc/live/config.d/username.conf
# Get LANG
. /etc/default/locale
+# The Tor Browser hardcodes the default profile dir to inside
+# ../TorBrowser/Data/Browser/ from the folder storing the
+# application.ini file supplied via -app. We can use -profile to load
+# it from a different place, but then the Caches directory
+# must still exist and be accessible in the above folder.
+mkdir -p /usr/local/lib/TorBrowser/Data/Browser/Caches
+chmod -R a+rX /usr/local/lib/TorBrowser
+
until pgrep -u "${LIVE_USERNAME}" '^ibus-daemon' >/dev/null ; do
sleep 5
done
@@ -34,11 +26,8 @@ done
export LANG
export_gnome_env
sudo -u ${LIVE_USERNAME} xhost +SI:localuser:tor-launcher
-gksudo -u tor-launcher /usr/bin/tor-launcher
+gksudo -u tor-launcher /usr/local/bin/tor-launcher -- "$@"
RET=${?}
sudo -u ${LIVE_USERNAME} xhost -SI:localuser:tor-launcher
-# Save ~10 RAM (due to the tmpfs) by removing this unused file
-rm -f /usr/Data/Browser/*.default/places.sqlite
-
exit ${RET}
diff --git a/features/step_definitions/browser.rb b/features/step_definitions/browser.rb
index 6b5aabf..84ef1d3 100644
--- a/features/step_definitions/browser.rb
+++ b/features/step_definitions/browser.rb
@@ -35,6 +35,7 @@ def xul_application_info(application)
'echo ${TBB_INSTALL}/firefox', :libs => 'tor-browser'
).stdout.chomp
address_bar_image = "BrowserAddressBar.png"
+ unused_tbb_libs = ['libnssdbm3.so']
case application
when "Tor Browser"
user = LIVE_USER
@@ -53,10 +54,18 @@ def xul_application_info(application)
new_tab_button_image = "I2PBrowserNewTabButton.png"
when "Tor Launcher"
user = "tor-launcher"
- cmd_regex = "#{binary} -app /home/#{user}/\.tor-launcher/tor-launcher-standalone/application\.ini"
+ # We do not enable AppArmor confinement for the Tor Launcher.
+ binary = "#{binary}-unconfined"
+ tor_launcher_install = $vm.execute_successfully(
+ 'echo ${TOR_LAUNCHER_INSTALL}', :libs => 'tor-browser'
+ ).stdout.chomp
+ cmd_regex = "#{binary}\s+-app #{tor_launcher_install}/application\.ini.*"
chroot = ""
new_tab_button_image = nil
address_bar_image = nil
+ # The standalone Tor Launcher uses fewer libs than the full
+ # browser.
+ unused_tbb_libs.concat(["libfreebl3.so", "libnssckbi.so", "libsoftokn3.so"])
else
raise "Invalid browser or XUL application: #{application}"
end
@@ -66,6 +75,7 @@ def xul_application_info(application)
:chroot => chroot,
:new_tab_button_image => new_tab_button_image,
:address_bar_image => address_bar_image,
+ :unused_tbb_libs => unused_tbb_libs,
}
end
@@ -108,8 +118,7 @@ Then /^the (.*) has no plugins installed$/ do |browser|
step "I see \"TorBrowserNoPlugins.png\" after at most 30 seconds"
end
-def xul_app_shared_lib_check(pid, chroot)
- expected_absent_tbb_libs = ['libnssdbm3.so']
+def xul_app_shared_lib_check(pid, chroot, expected_absent_tbb_libs = [])
absent_tbb_libs = []
unwanted_native_libs = []
tbb_libs = $vm.execute_successfully("ls -1 #{chroot}${TBB_INSTALL}/*.so",
@@ -141,7 +150,7 @@ Then /^the (.*) uses all expected TBB shared libraries$/ do |application|
info = xul_application_info(application)
pid = $vm.execute_successfully("pgrep --uid #{info[:user]} --full --exact '#{info[:cmd_regex]}'").stdout.chomp
assert(/\A\d+\z/.match(pid), "It seems like #{application} is not running")
- xul_app_shared_lib_check(pid, info[:chroot])
+ xul_app_shared_lib_check(pid, info[:chroot], info[:unused_tbb_libs])
end
Then /^the (.*) chroot is torn down$/ do |browser|
diff --git a/features/tor_bridges.feature b/features/tor_bridges.feature
index cab4e39..b5277ca 100644
--- a/features/tor_bridges.feature
+++ b/features/tor_bridges.feature
@@ -9,6 +9,7 @@ Feature: Using Tails with Tor pluggable transports
And I capture all network traffic
When the network is plugged
Then the Tor Launcher autostarts
+ And the Tor Launcher uses all expected TBB shared libraries
Scenario: Using bridges
When I configure some Bridge pluggable transports in Tor Launcher