summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-patches
diff options
context:
space:
mode:
authorkytv <killyoutv@i2pmail.org>2015-07-27 08:07:24 +0000
committerkytv <killyoutv@i2pmail.org>2015-10-03 01:45:44 +0000
commit0a2ba4b22e20f8f620701de3b7a04e052cef9eaa (patch)
treeb17b515779b8138cf3071c474a5e3d59f29bf781 /config/chroot_local-patches
parent5656f86da352ba216e29d67cd3af1a9ad8991796 (diff)
Override Torbirdy defaults to match Tails' expectations
We want stream isolation so that is set here. Additionally we want to use the standard SKS keyserver pool like the command-line gnupg client and Seahorse use in Tails. Note that enigmail does *not* support using hkps. Note also that we patch the source to due to the following as noted in `components/torbirdy.js`: // Default preference values for TorBirdy. // These preferences values will be "enforced": even if the user decides to // change the preferences listed below, they will be reset to the TorBirdy // default when Thunderbird restarts. The reason we are doing this is because // these preferences, if changed, can introduce leaks and therefore should be // not changed by the user. Even if the user does change them, we reset them to // the secure default when Thunderbird starts.
Diffstat (limited to 'config/chroot_local-patches')
-rw-r--r--config/chroot_local-patches/torbirdy-adjust-defaults.diff71
1 files changed, 71 insertions, 0 deletions
diff --git a/config/chroot_local-patches/torbirdy-adjust-defaults.diff b/config/chroot_local-patches/torbirdy-adjust-defaults.diff
new file mode 100644
index 0000000..8144f17
--- /dev/null
+++ b/config/chroot_local-patches/torbirdy-adjust-defaults.diff
@@ -0,0 +1,71 @@
+--- /usr/share/xul-ext/torbirdy/chrome/content/preferences.js.orig 2015-07-27 07:34:13.195987276 +0000
++++ /usr/share/xul-ext/torbirdy/chrome/content/preferences.js 2015-07-27 07:44:12.579975436 +0000
+@@ -7,7 +7,7 @@
+ pub.prefBranch = "extensions.torbirdy.";
+ pub.customBranch = "extensions.torbirdy.custom.";
+
+- pub.torKeyserver = "hkp://qdigse2yzvuglcix.onion";
++ pub.torKeyserver = "hkp://pool.sks-keyservers.net";
+ pub.jondoKeyserver = "hkp://pool.sks-keyservers.net";
+
+ pub.prefs = Components.classes["@mozilla.org/preferences-service;1"]
+@@ -25,7 +25,7 @@
+
+ pub.setDefaultPrefs = function() {
+ pub.prefs.setCharPref("network.proxy.socks", "127.0.0.1");
+- pub.prefs.setIntPref("network.proxy.socks_port", 9050);
++ pub.prefs.setIntPref("network.proxy.socks_port", 9061);
+ pub.prefs.clearUserPref("network.proxy.http");
+ pub.prefs.clearUserPref("network.proxy.http_port");
+ pub.prefs.clearUserPref("network.proxy.ssl");
+@@ -43,7 +43,7 @@
+ "--no-comments " +
+ "--throw-keyids " +
+ "--display-charset utf-8 " +
+- "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8118";
++ "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=socks5h://127.0.0.1:9050";
+ }
+ if (anonService === "jondo") {
+ return "--no-emit-version " +
+@@ -58,7 +58,7 @@
+ return "--no-emit-version " +
+ "--no-comments " +
+ "--display-charset utf-8 " +
+- "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8118";
++ "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=socks5h://127.0.0.1:9050";
+ }
+ if (anonService === "jondo") {
+ return "--no-emit-version " +
+@@ -494,7 +494,7 @@
+ // Tor.
+ if (anonService === 0) {
+ pub.socksHost.value = '127.0.0.1';
+- pub.socksPort.value = '9050';
++ pub.socksPort.value = '9061';
+ }
+
+ // JonDo/Whonix.
+--- ./usr/share/xul-ext/torbirdy/components/torbirdy.js.orig 2015-07-27 07:56:54.811960380 +0000
++++ ./usr/share/xul-ext/torbirdy/components/torbirdy.js 2015-07-27 08:00:26.895956191 +0000
+@@ -43,7 +43,7 @@
+
+ // Configure Thunderbird to use the SOCKS5 proxy.
+ "network.proxy.socks": "127.0.0.1",
+- "network.proxy.socks_port": 9050,
++ "network.proxy.socks_port": 9061,
+ "network.proxy.socks_version": 5,
+
+ // Set DNS proxying through SOCKS5.
+@@ -215,10 +215,10 @@
+ // We want to force UTF-8 everywhere
+ "--display-charset utf-8 " +
+ // We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell
+- "--keyserver-options http-proxy=http://127.0.0.1:8118 ",
++ "--keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 ",
+
+ // The default key server should be a hidden service and this is the only known one (it's part of the normal SKS network)
+- "extensions.enigmail.keyserver": "hkp://qdigse2yzvuglcix.onion",
++ "extensions.enigmail.keyserver": "hkp://pool.sks-keyservers.net",
+
+ // Force GnuPG to use SHA512.
+ "extensions.enigmail.mimeHashAlgorithm": 5,