summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsajolida <sajolida@pimienta.org>2015-11-10 21:13:20 +0000
committersajolida <sajolida@pimienta.org>2015-11-10 21:13:20 +0000
commitda55f022a2014485487cbc31efb19e1a95faa58e (patch)
tree5f5b8e9808e3a27698018a6fdb21ce7c97c89443
parent8092d01fb70bcde14a314dc8bdcff8f56e6b5069 (diff)
Remove more patches (#10508)
-rwxr-xr-xconfig/chroot_local-hooks/16-i2p_config72
-rwxr-xr-xconfig/chroot_local-hooks/19-install-tor-browser-AppArmor-profile50
-rwxr-xr-xconfig/chroot_local-hooks/44-remove-unused-AppArmor-profiles24
-rw-r--r--config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch144
-rw-r--r--config/chroot_local-patches/cupsd-IPv4_only.patch11
5 files changed, 0 insertions, 301 deletions
diff --git a/config/chroot_local-hooks/16-i2p_config b/config/chroot_local-hooks/16-i2p_config
deleted file mode 100755
index cfa1328..0000000
--- a/config/chroot_local-hooks/16-i2p_config
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Configuring I2P"
-
-I2P="/usr/share/i2p"
-I2PROUTER="/usr/bin/i2prouter"
-WRAPPER="/etc/i2p/wrapper.config"
-
-# This must be set in order for the i2p init script to work
-sed -i 's/^RUN_DAEMON=.*$/RUN_DAEMON="true"/' /etc/default/i2p
-
-# Remove the "i2prouter" script, its man page, and its apparmor profile
-# since these are not used by Tails:
-rm /etc/apparmor.d/usr.bin.i2prouter /usr/share/man/man1/i2prouter.1.gz
-
-# Install custom i2prouter stub scripts
-for script in ${I2PROUTER} ${I2PROUTER}-nowrapper; do
- echo "Removing $script"
- dpkg-divert --rename --add "${script}"
- cat > "$script" << EOF
-#!/bin/sh
-echo "This script is not used by Tails."
-echo "See https://tails.boum.org/doc/anonymous_internet/i2p/ for more information."
-exit 0
-EOF
- chmod 755 "$script"
-done
-
-# Remove the outproxy from the tunnel on port 4444
-# This will remove the following lines:
-# tunnel.0.proxyList=false.i2p
-# tunnel.0.option.i2ptunnel.httpclient.SSLOutproxies=false.i2p
-# The SSLOutproxies option was first set in I2P 0.9.15
-sed -i '/^.*tunnel\.0\.\(proxyList\|option\.i2ptunnel\.httpclient\.SSLOutproxies\)/d' "$I2P/i2ptunnel.config"
-
-# Disable the https outproxy (port 4445)
-sed -i 's|^.*\(tunnel\.6\.startOnLoad\).*|\1=false|' "$I2P/i2ptunnel.config"
-
-# Don't serve the router console on IPv6
-sed -i 's|^clientApp\.0\.args=7657\s\+::1,127\.0\.0\.1|clientApp.0.args=7657 127.0.0.1|' "$I2P/clients.config"
-
-# Disable IPv6 in the wrapper
-sed -i 's|^.*\(wrapper\.java\.additional\.5=-Djava\.net\.preferIPv4Stack=\).*|\1true|' "$WRAPPER"
-sed -i 's|^.*\(wrapper\.java\.additional\.6=-Djava\.net\.preferIPv6Addresses=\).*|\1false|' "$WRAPPER"
-
-# Tails specific router configs:
-# * i2cp: allows java clients to communicate with I2P outside of the JVM. Disabled.
-# * IPv6: Disabled
-# * HiddenMode: Enabled
-# * In-I2P Network Updates: Disabled
-# * Inbound connections: Disabled (setting is "i2cp.ntcp.autoip")
-# * Disable I2P plugins
-cat > "$I2P/router.config" << EOF
-# NOTE: This I2P config file must use UTF-8 encoding
-i2cp.disableInterface=true
-i2np.ntcp.ipv6=false
-i2np.ntcp.autoip=false
-i2np.udp.ipv6=false
-router.isHidden=true
-router.updateDisabled=true
-router.enablePlugins=false
-EOF
-
-cat > "$I2P/susimail.config" << EOF
-susimail.pop3.leave.on.server=true
-EOF
-
-# enforce apparmor
-echo Setting the I2P apparmor profile to enforce mode
-sed -i -re 's|flags=\(complain\)||' /etc/apparmor.d/system_i2p
diff --git a/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile b/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile
deleted file mode 100755
index 4472f2f..0000000
--- a/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Installing AppArmor profile for Tor Browser"
-
-PATCH='/usr/share/tails/torbrowser-AppArmor-profile.patch'
-PROFILE='/etc/apparmor.d/torbrowser'
-
-### Functions
-
-toggle_src_APT_sources() {
- MODE="$1"
- TEMP_APT_SOURCES='/etc/apt/sources.list.d/tmp-deb-src.list'
-
- case "$MODE" in
- on)
- cat /etc/apt/sources.list /etc/apt/sources.list.d/*.list \
- | grep --extended-regexp --line-regexp --invert-match \
- 'deb\s+file:/root/local-packages\s+\./' \
- | sed --regexp-extended -e 's,^deb(\s+),deb-src\1,' \
- > "$TEMP_APT_SOURCES"
- ;;
- off)
- rm "$TEMP_APT_SOURCES"
- ;;
- esac
-
- apt-get --yes update
-}
-
-install_torbrowser_AppArmor_profile() {
- tmpdir="$(mktemp -d)"
- (
- cd "$tmpdir"
- apt-get source torbrowser-launcher/testing
- install -m 0644 \
- torbrowser-launcher-*/apparmor/torbrowser.Browser.firefox \
- "$PROFILE"
- )
- rm -r "$tmpdir"
-}
-
-### Main
-
-toggle_src_APT_sources on
-install_torbrowser_AppArmor_profile
-toggle_src_APT_sources off
-patch --forward --batch "$PROFILE" < "$PATCH"
-rm "$PATCH"
diff --git a/config/chroot_local-hooks/44-remove-unused-AppArmor-profiles b/config/chroot_local-hooks/44-remove-unused-AppArmor-profiles
deleted file mode 100755
index dd7688e..0000000
--- a/config/chroot_local-hooks/44-remove-unused-AppArmor-profiles
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Deleting unused AppArmor profiles"
-
-(
- cd /etc/apparmor.d
- rm \
- apache2.d/phpsysinfo \
- sbin.klogd \
- sbin.syslogd \
- sbin.syslog-ng \
- usr.bin.chromium-browser \
- usr.lib.dovecot.* \
- usr.sbin.dnsmasq \
- usr.sbin.dovecot \
- usr.sbin.identd \
- usr.sbin.mdnsd \
- usr.sbin.nmbd \
- usr.sbin.ntpd \
- usr.sbin.nscd \
- usr.sbin.smb*
-)
diff --git a/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch b/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch
deleted file mode 100644
index 1734b85..0000000
--- a/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
-index 7e68a08..2f40271 100644
---- a/apparmor/torbrowser.Browser.firefox
-+++ b/apparmor/torbrowser.Browser.firefox
-@@ -1,13 +1,15 @@
- # Last modified
- #include <tunables/global>
-
--/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox {
-+/usr/local/lib/tor-browser/firefox {
- #include <abstractions/gnome>
-+ #include <abstractions/gstreamer>
-+ #include <abstractions/ibus>
-
- # Uncomment the following line if you don't want the Tor Browser
- # to have direct access to your sound hardware. Note that this is not
- # enough to have working sound support in Tor Browser.
-- # #include <abstractions/audio>
-+ #include <abstractions/audio>
-
- # Uncomment the following lines if you want to give the Tor Browser read-write
- # access to most of your personal files.
-@@ -17,41 +19,52 @@
- #dbus,
- network tcp,
-
-+ /etc/asound.conf r,
- deny /etc/host.conf r,
-- deny /etc/hosts r,
-- deny /etc/nsswitch.conf r,
-+ /etc/hosts r,
-+ /etc/nsswitch.conf r,
- deny /etc/resolv.conf r,
-- deny /etc/passwd r,
-- deny /etc/group r,
-+ /etc/passwd r,
-+ /etc/group r,
- deny /etc/mailcap r,
-+ deny @{HOME}/.local/share/gvfs-metadata/home r,
-+ deny /run/resolvconf/resolv.conf r,
-
-- deny /etc/machine-id r,
-- deny /var/lib/dbus/machine-id r,
-+ /etc/machine-id r,
-+ /var/lib/dbus/machine-id r,
-
- @{PROC}/[0-9]*/mountinfo r,
- @{PROC}/[0-9]*/stat r,
- @{PROC}/[0-9]*/task/*/stat r,
- @{PROC}/sys/kernel/random/uuid r,
-
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/ r,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/* r,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/.** rwk,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/.** rwk,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/ r,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** r,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/*.so mr,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/components/*.so mr,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/browser/components/*.so mr,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox rix,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profiles.ini r,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/ r,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/** rwk,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor Px,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/*.so{,.[0-9]*} mr,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}Desktop/ rw,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}Desktop/** rwk,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}Downloads/ rw,
-- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}Downloads/** rwk,
-+ /usr/local/lib/tor-browser/ r,
-+ /usr/local/lib/tor-browser/** r,
-+ /usr/local/lib/tor-browser/*.so{,.6} mr,
-+ /usr/local/lib/tor-browser/**/*.so mr,
-+ /usr/local/lib/tor-browser/browser/* r,
-+ /usr/local/lib/tor-browser/TorBrowser/Data/Browser/profiles.ini r,
-+
-+ owner "@{HOME}/Tor Browser/" rw,
-+ owner "@{HOME}/Tor Browser/**" rwk,
-+ owner "@{HOME}/Persistent/Tor Browser/" rw,
-+ owner "@{HOME}/Persistent/Tor Browser/**" rwk,
-+ owner "/live/persistence/TailsData_unlocked/Persistent/Tor Browser/" rw,
-+ owner "/live/persistence/TailsData_unlocked/Persistent/Tor Browser/**" rwk,
-+ owner @{HOME}/.mozilla/firefox/bookmarks/places.sqlite rwk,
-+ owner /live/persistence/TailsData_unlocked/bookmarks/places.sqlite rwk,
-+ owner @{HOME}/.tor-browser/profile.default/ r,
-+ owner @{HOME}/.tor-browser/profile.default/** rwk,
-+
-+ /etc/xul-ext/ r,
-+ /etc/xul-ext/** r,
-+ /usr/local/share/tor-browser-extensions/ r,
-+ /usr/local/share/tor-browser-extensions/** rk,
-+ /usr/share/xul-ext/ r,
-+ /usr/share/xul-ext/** r,
-+
-+ /usr/share/doc/tails/website/ r,
-+ /usr/share/doc/tails/website/** r,
-
- /etc/mailcap r,
- /etc/mime.types r,
-@@ -74,6 +87,31 @@
- /sys/devices/pci[0-9]*/**/uevent r,
- owner /{dev,run}/shm/shmfd-* rw,
-
-+ /usr/lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner Cix -> gst_plugin_scanner,
-+ owner @{HOME}/.gstreamer*/ rw,
-+ owner @{HOME}/.gstreamer*/** rw,
-+ owner @{PROC}/[0-9]*/fd/ r,
-+
-+ deny /usr/bin/pulseaudio x,
-+
-+ /usr/local/lib/tor-browser/firefox Pix,
-+ /usr/bin/seahorse-tool Ux,
-+
-+ # Grant access to assistive technologies
-+ # (otherwise, Firefox crashes when Orca is enabled:
-+ # https://labs.riseup.net/code/issues/9261)
-+ owner @{HOME}/.cache/at-spi2-*/ rw,
-+ owner @{HOME}/.cache/at-spi2-*/socket rw,
-+
-+ # Spell checking (the "enchant" abstraction includes these rules
-+ # too, but it allows way more stuff than what we need)
-+ /usr/share/hunspell/ r,
-+ /usr/share/hunspell/* r,
-+
-+ # Deny access to the list of recently used files. This overrides the
-+ # access to it that's granted by the freedesktop.org abstraction.
-+ deny @{HOME}/.local/share/recently-used.xbel* rw,
-+
- # KDE 4
- owner @{HOME}/.kde/share/config/* r,
-
-@@ -81,5 +119,10 @@
- /etc/xfce4/defaults.list r,
- /usr/share/xfce4/applications/ r,
-
-- #include <local/torbrowser.Browser.firefox>
-+ # Deny access to global tmp directories, that's granted by the user-tmp
-+ # abstraction, which is sourced by the gnome abstraction, that we include.
-+ deny owner /var/tmp/** rwklx,
-+ deny /var/tmp/ rwklx,
-+ deny owner /tmp/** rwklx,
-+ deny /tmp/ rwklx,
- }
diff --git a/config/chroot_local-patches/cupsd-IPv4_only.patch b/config/chroot_local-patches/cupsd-IPv4_only.patch
deleted file mode 100644
index 548f295..0000000
--- a/config/chroot_local-patches/cupsd-IPv4_only.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- chroot.orig/etc/cups/cupsd.conf 2012-05-13 11:48:30.860005431 +0000
-+++ chroot/etc/cups/cupsd.conf 2012-05-13 11:48:38.600005570 +0000
-@@ -17,7 +17,7 @@
-
-
- # Only listen for connections from the local machine.
--Listen localhost:631
-+Listen 127.0.0.1:631
- Listen /var/run/cups/cups.sock
-
- # Show shared printers on the local network.