summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbertagaz <bertagaz@ptitcanardnoir.org>2016-08-07 18:43:02 +0200
committerbertagaz <bertagaz@ptitcanardnoir.org>2016-08-07 18:43:02 +0200
commit74f0d7d8c8480a2d3d6435aafabec59bc52c7fca (patch)
treedb5221325946d612431ac343568abd8ce17d1524
parentb6e73e0facf77b1000ef0cfe31fc86f79072b575 (diff)
parent76781166535d1cffc3601c95fb91361fd335d0a0 (diff)
Merge remote-tracking branch 'origin/devel' into feature/tor-bootstrap-failure-stats-for-10238feature/tor-bootstrap-failure-stats-for-10238
-rw-r--r--config/chroot_local-patches/apparmor-adjust-tor-profile.diff20
-rw-r--r--config/chroot_local-patches/torbirdy-0001-secure-autoconfig-compat.diff253
-rw-r--r--config/chroot_local-patches/torbirdy-0002-secure-autoconfig-POP-defaults.diff42
-rw-r--r--features/step_definitions/tor.rb18
-rw-r--r--features/support/config.rb14
-rw-r--r--features/tor_enforcement.feature4
-rw-r--r--wiki/src/contribute/design/Time_syncing.mdwn6
7 files changed, 9 insertions, 348 deletions
diff --git a/config/chroot_local-patches/apparmor-adjust-tor-profile.diff b/config/chroot_local-patches/apparmor-adjust-tor-profile.diff
index 64d3e1c..98aa7df 100644
--- a/config/chroot_local-patches/apparmor-adjust-tor-profile.diff
+++ b/config/chroot_local-patches/apparmor-adjust-tor-profile.diff
@@ -1,21 +1,13 @@
-XXX: renaming the profile should not be needed on Stretch anymore,
-since tor@default.service loads the profile correctly itself there
-(and actually, renaming the profile as this patch does may prevent
-the service from starting at all).
-
---- a/etc/apparmor.d/system_tor 2015-06-04 12:28:12.243020484 +0000
-+++ b/etc/apparmor.d/system_tor 2015-06-04 12:29:32.580249731 +0000
-@@ -1,9 +1,12 @@
- # vim:syntax=apparmor
- #include <tunables/global>
-
--profile system_tor flags=(attach_disconnected) {
-+/usr/bin/tor flags=(attach_disconnected) {
+--- a/etc/apparmor.d/system_tor 2016-06-01 21:34:23.000000000 +0000
++++ b/etc/apparmor.d/system_tor 2016-06-10 11:09:09.249017739 +0000
+@@ -4,6 +4,9 @@
+ profile system_tor flags=(attach_disconnected) {
#include <abstractions/tor>
+ link /etc/tor/.wh.torrc -> /.wh..wh.aufs,
+ /etc/tor/* w,
+
owner /var/lib/tor/** rwk,
+ owner /var/lib/tor/ r,
owner /var/log/tor/* w,
-
+
diff --git a/config/chroot_local-patches/torbirdy-0001-secure-autoconfig-compat.diff b/config/chroot_local-patches/torbirdy-0001-secure-autoconfig-compat.diff
deleted file mode 100644
index cf05803..0000000
--- a/config/chroot_local-patches/torbirdy-0001-secure-autoconfig-compat.diff
+++ /dev/null
@@ -1,253 +0,0 @@
---- /usr/share/xul-ext/torbirdy/chrome/content/emailwizard.js.orig
-+++ /usr/share/xul-ext/torbirdy/chrome/content/emailwizard.js
-@@ -1,28 +1,46 @@
-+Components.utils.import("resource://gre/modules/Preferences.jsm");
-+
- if (!org) var org = {};
- if (!org.torbirdy) org.torbirdy = {};
-
- if(!org.torbirdy.emailwizard) org.torbirdy.emailwizard = new function() {
- var pub = {};
-
-- var prefs = Cc["@mozilla.org/preferences-service;1"]
-- .getService(Ci.nsIPrefBranch);
--
-- // Check if we are running Tails. If yes, disable the manual account
-- // configuration wizard since Tails handles that on its own. See:
-- // https://tails.boum.org/todo/Return_of_Icedove__63__/#index6h2
-- // This is also disabled if "extensions.torbirdy.emailwizard" is true.
-- var disableWizard = false;
-- if (prefs.prefHasUserValue("vendor.name")) {
-- if (prefs.getCharPref("vendor.name") === "Tails") {
-- disableWizard = true;
-- }
-+ var disableAutoConfiguration = false;
-+ if (Preferences.get("extensions.torbirdy.emailwizard", false)) {
-+ disableAutoConfiguration = true;
- }
-- if (prefs.getBoolPref("extensions.torbirdy.emailwizard")) {
-- disableWizard = true;
-+
-+ fixupTorbirdySettingsOnNewAccount = function(account) {
-+ var idkey = account.defaultIdentity.key;
-+ var serverkey = account.incomingServer.key;
-+ var protocol = account.incomingServer.type;
-+
-+ var pref_spec = [
-+ ['mail.server.%serverkey%.check_new_mail', false],
-+ ['mail.server.%serverkey%.login_at_startup', false]
-+ ];
-+
-+ // Make sure that drafts are saved to Local Folders if it is an IMAP account.
-+ if (protocol === "imap") {
-+ pref_spec.push(['mail.identity.%idkey%.draft_folder',
-+ 'mailbox://nobody@Local%20Folders/Drafts']);
-+ }
-+
-+ // Do not automatically download new messages in POP accounts.
-+ if (protocol === "pop3") {
-+ pref_spec.push(['mail.server.%serverkey%.download_on_biff', false]);
-+ }
-+
-+ for each (var [pref_template, value] in pref_spec) {
-+ var pref = pref_template.replace("%idkey%", idkey);
-+ pref = pref.replace("%serverkey%", serverkey);
-+ Preferences.set(pref, value);
-+ }
- }
-
-- pub.disableAutoWizard = function() {
-- if (!disableWizard) {
-+ pub.adjustAutoWizard = function() {
-+ if (!disableAutoConfiguration) {
- var realname = document.getElementById("realname").value;
- var email = document.getElementById("email").value;
- var password = document.getElementById("password").value;
-@@ -63,10 +81,6 @@ if(!org.torbirdy.emailwizard) org.torbirdy.emailwizard = new function() {
- config.incoming.auth = 3;
- config.outgoing.auth = 3;
-
-- // Set default values to disable automatic email fetching.
-- config.incoming.loginAtStartup = false;
-- config.incoming.downloadOnBiff = false;
--
- // Default the outgoing SMTP port.
- config.outgoing.port = 465;
-
-@@ -75,31 +89,8 @@ if(!org.torbirdy.emailwizard) org.torbirdy.emailwizard = new function() {
- replaceVariables(config, realname, email, password);
- config.rememberPassword = rememberPassword && !!password;
-
-- var newAccount = createAccountInBackend(config);
--
-- // Set check_new_mail to false. We can't do this through the account setup, so let's do it here.
-- var checkNewMail = 'mail.server.%serverkey%.check_new_mail';
-- var serverkey = newAccount.incomingServer.key;
-- var checkNewMailPref = checkNewMail.replace("%serverkey%", serverkey);
-- prefs.setBoolPref(checkNewMailPref, false);
--
-- // Make sure that drafts are saved to Local Folders if it is an IMAP account.
-- if (protocol === "imap") {
-- var identity = newAccount.defaultIdentity;
-- identity.draftFolder = "mailbox://nobody@Local%20Folders/Drafts";
-- }
--
-- // Do not check for new messages at startup.
-- var loginAtStartup = 'mail.server.%serverkey%.login_at_startup';
-- var loginAtStartupPref = loginAtStartup.replace("%serverkey%", serverkey);
-- prefs.setBoolPref(loginAtStartupPref, false);
--
-- // Do not automatically download new messages.
-- if (protocol === "pop3") {
-- var downloadOnBiff = 'mail.server.%serverkey%.download_on_biff';
-- var downloadOnBiffPref = downloadOnBiff.replace("%serverkey%", serverkey);
-- prefs.setBoolPref(downloadOnBiffPref, false);
-- }
-+ var new_account = createAccountInBackend(config);
-+ fixupTorbirdySettingsOnNewAccount(new_account);
-
- // From comm-release/mailnews/base/prefs/content/accountcreation/emailWizard.js : onAdvancedSetup().
- var windowManager = Cc["@mozilla.org/appshell/window-mediator;1"]
-@@ -111,12 +102,23 @@ if(!org.torbirdy.emailwizard) org.torbirdy.emailwizard = new function() {
- } else {
- window.openDialog("chrome://messenger/content/AccountManager.xul",
- "AccountManager", "chrome,centerscreen,modal,titlebar",
-- { server: newAccount.incomingServer,
-+ { server: new_account.incomingServer,
- selectPage: "am-server.xul" });
- }
- window.close();
- }
- else {
-+ // From comm-release/mailnews/base/prefs/content/accountcreation/emailWizard.js : finish().
-+ // We need somewhere to hook in, so we can access the new
-+ // account object created through the autoconfig wizard, and
-+ // apply Torbirdy's settings on it.
-+ gEmailConfigWizard.finish = function() {
-+ gEmailWizardLogger.info("creating account in backend");
-+ var account = createAccountInBackend(this.getConcreteConfig());
-+ fixupTorbirdySettingsOnNewAccount(account);
-+ window.close();
-+ }
-+
- gEmailConfigWizard.onNext();
- }
- };
-@@ -125,25 +127,17 @@ if(!org.torbirdy.emailwizard) org.torbirdy.emailwizard = new function() {
- var keycode = event.keyCode;
- if (keycode == 13) {
- if (document.getElementById("next_button").disabled === false) {
-- if (!disableWizard) {
-- pub.disableAutoWizard();
-- }
-- else {
-- gEmailConfigWizard.onNext();
-- }
-+ pub.adjustAutoWizard();
- }
- }
- };
-
- pub.onLoad = function() {
-- if (disableWizard) {
-+ if (disableAutoConfiguration) {
- document.getElementById("torbirdy-protocol-box").collapsed = true;
-- document.getElementById("provisioner_button").disabled = false;
-- document.getElementById("provisioner_button").hidden = false;
-- } else {
-- document.getElementById("provisioner_button").disabled = true;
-- document.getElementById("provisioner_button").hidden = true;
- }
-+ document.getElementById("provisioner_button").disabled = true;
-+ document.getElementById("provisioner_button").hidden = true;
- };
-
- return pub;
---- /usr/share/xul-ext/torbirdy/chrome/content/emailwizard.xul.orig
-+++ /usr/share/xul-ext/torbirdy/chrome/content/emailwizard.xul
-@@ -9,7 +9,7 @@
- </stringbundleset>
-
- <button id="next_button"
-- oncommand="org.torbirdy.emailwizard.disableAutoWizard();" />
-+ oncommand="org.torbirdy.emailwizard.adjustAutoWizard();" />
-
- <vbox id="mastervbox" flex="1">
- <groupbox id="torbirdy-protocol-box" class="indent" insertafter="initialSettings">
---- /usr/share/xul-ext/torbirdy/chrome/content/preferences.js.orig
-+++ /usr/share/xul-ext/torbirdy/chrome/content/preferences.js
-@@ -37,36 +37,20 @@ if (!org.torbirdy.prefs) org.torbirdy.prefs = new function() {
- };
-
- pub.setEnigmailPrefs = function(anonService) {
-+ var opts = "";
- if (pub.prefs.getBoolPref("extensions.torbirdy.enigmail.throwkeyid")) {
-- if (anonService === "tor") {
-- return "--no-emit-version " +
-- "--no-comments " +
-- "--throw-keyids " +
-- "--display-charset utf-8 " +
-- "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8118";
-- }
-- if (anonService === "jondo") {
-- return "--no-emit-version " +
-- "--no-comments " +
-- "--throw-keyids " +
-- "--display-charset utf-8 " +
-- "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:4001";
-- }
-- }
-- else {
-- if (anonService === "tor") {
-- return "--no-emit-version " +
-- "--no-comments " +
-- "--display-charset utf-8 " +
-- "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8118";
-- }
-- if (anonService === "jondo") {
-- return "--no-emit-version " +
-- "--no-comments " +
-- "--display-charset utf-8 " +
-- "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:4001";
-- }
-+ opts += "--throw-keyids ";
- }
-+ var proxy = "socks5h://127.0.0.1:9050";
-+ if (anonService === "jondo") {
-+ proxy = "http://127.0.0.1:4001";
-+ }
-+ return opts +
-+ "--no-emit-version " +
-+ "--no-comments " +
-+ "--display-charset utf-8 " +
-+ "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=" +
-+ proxy;
- };
-
- pub.updateKeyserver = function(anonService) {
---- /usr/share/xul-ext/torbirdy/components/torbirdy.js.orig
-+++ /usr/share/xul-ext/torbirdy/components/torbirdy.js
-@@ -181,6 +181,14 @@ const TorBirdyPrefs = {
- "mail.inline_attachments": false,
- // Do not IDLE (disable push mail).
- "mail.server.default.use_idle": false,
-+ // Thunderbird's autoconfig wizard is designed to enable an initial
-+ // mail fetch (by setting login_at_start) for the first account it
-+ // creates (which will become the "default" account, see
-+ // msgMail3PaneWindow.js for details) which side-steps the settings
-+ // we apply in fixupTorbirdySettingsOnNewAccount(). Hence, fool
-+ // Thunderbird to think that this initial mail fetch has already
-+ // been done so we get the settings we want.
-+ "mail.startup.enabledMailCheckOnce": true,
-
- /*
- Browser
-@@ -215,7 +223,7 @@ const TorBirdyPrefs = {
- // We want to force UTF-8 everywhere
- "--display-charset utf-8 " +
- // We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell
-- "--keyserver-options http-proxy=http://127.0.0.1:8118 ",
-+ "--keyserver-options http-proxy=socks5h://127.0.0.1:9050 ",
-
- // The default key server should be a hidden service and this is the only known one (it's part of the normal SKS network)
- "extensions.enigmail.keyserver": "hkp://qdigse2yzvuglcix.onion",
diff --git a/config/chroot_local-patches/torbirdy-0002-secure-autoconfig-POP-defaults.diff b/config/chroot_local-patches/torbirdy-0002-secure-autoconfig-POP-defaults.diff
deleted file mode 100644
index 363979f..0000000
--- a/config/chroot_local-patches/torbirdy-0002-secure-autoconfig-POP-defaults.diff
+++ /dev/null
@@ -1,42 +0,0 @@
---- /usr/share/xul-ext/torbirdy/chrome/content/emailwizard.js.orig
-+++ /usr/share/xul-ext/torbirdy/chrome/content/emailwizard.js
-@@ -108,6 +108,39 @@ if(!org.torbirdy.emailwizard) org.torbirdy.emailwizard = new function() {
- window.close();
- }
- else {
-+ var prefer_pop = Preferences.get("extensions.torbirdy.defaultprotocol") != 1;
-+ // Both of these monkeypatches hook in only to change the
-+ // selection default (POP vs IMAP according to our pref) at
-+ // suitable times, i.e. when the page has been pre-filled and is
-+ // finally presented to user action.
-+ var result_imappop_hacks_run_once = false;
-+ var old_displayConfigResult = gEmailConfigWizard.displayConfigResult;
-+ gEmailConfigWizard.displayConfigResult = function(config) {
-+ old_displayConfigResult.call(this, config);
-+ var radiogroup = document.getElementById("result_imappop");
-+ if (radiogroup.hidden) return;
-+ // We can only run the monkeypatch code below once -- this
-+ // method is called every time we change selection, preventing
-+ // us from changing the selection away from POP.
-+ if (result_imappop_hacks_run_once) return;
-+ result_imappop_hacks_run_once = true;
-+ var imap_element = document.getElementById("result_select_imap");
-+ var pop_element = document.getElementById("result_select_pop3");
-+ if (prefer_pop && imap_element.selected && pop_element) {
-+ radiogroup.selectedItem = pop_element;
-+ gEmailConfigWizard.onResultIMAPOrPOP3();
-+ }
-+ }
-+ var old_fillManualEditFields = gEmailConfigWizard._fillManualEditFields;
-+ gEmailConfigWizard._fillManualEditFields = function(config) {
-+ old_fillManualEditFields.call(this, config);
-+ if (prefer_pop) {
-+ // In this itemlist, POP is located at index 1.
-+ document.getElementById("incoming_protocol").selectedIndex = 1;
-+ gEmailConfigWizard.onChangedProtocolIncoming();
-+ }
-+ }
-+
- // From comm-release/mailnews/base/prefs/content/accountcreation/emailWizard.js : finish().
- // We need somewhere to hook in, so we can access the new
- // account object created through the autoconfig wizard, and
diff --git a/features/step_definitions/tor.rb b/features/step_definitions/tor.rb
index babde27..ff78d81 100644
--- a/features/step_definitions/tor.rb
+++ b/features/step_definitions/tor.rb
@@ -394,21 +394,3 @@ When /^all Internet traffic has only flowed through the configured pluggable tra
@bridge_hosts.include?({ address: c.daddr, port: c.dport })
end
end
-
-Then /^the Tor binary is configured to use the expected Tor authorities$/ do
- tor_auths = Set.new
- tor_binary_orport_strings = $vm.execute_successfully(
- "strings /usr/bin/tor | grep -E 'orport=[0-9]+'").stdout.chomp.split("\n")
- tor_binary_orport_strings.each do |potential_auth_string|
- auth_regex = /^\S+ orport=\d+( bridge)?( no-v2)?( v3ident=[A-Z0-9]{40})? ([0-9\.]+):\d+( [A-Z0-9]{4}){10}$/
- m = auth_regex.match(potential_auth_string)
- if m
- auth_ipv4_addr = m[4]
- tor_auths << auth_ipv4_addr
- end
- end
- expected_tor_auths = Set.new(TOR_AUTHORITIES)
- assert_equal(expected_tor_auths, tor_auths,
- "The Tor binary does not have the expected Tor authorities " +
- "configured")
-end
diff --git a/features/support/config.rb b/features/support/config.rb
index ce3c048..89fa1ba 100644
--- a/features/support/config.rb
+++ b/features/support/config.rb
@@ -74,20 +74,6 @@ SERVICES_EXPECTED_ON_ALL_IFACES =
]
# OpenDNS
SOME_DNS_SERVER = "208.67.222.222"
-TOR_AUTHORITIES =
- # List grabbed from Tor's sources, src/or/config.c:~750.
- [
- "86.59.21.38",
- "128.31.0.39",
- "194.109.206.212",
- "82.94.251.203",
- "199.254.238.52",
- "131.188.40.189",
- "193.23.244.244",
- "208.83.223.34",
- "171.25.193.9",
- "154.35.175.225",
- ]
VM_XML_PATH = "#{Dir.pwd}/features/domains"
TAILS_SIGNING_KEY = cmd_helper(". #{Dir.pwd}/config/amnesia; echo ${AMNESIA_DEV_KEYID}").tr(' ', '').chomp
diff --git a/features/tor_enforcement.feature b/features/tor_enforcement.feature
index a958b14..fd4acef 100644
--- a/features/tor_enforcement.feature
+++ b/features/tor_enforcement.feature
@@ -5,10 +5,6 @@ Feature: The Tor enforcement is effective
And as a Tails developer
I want to ensure that the automated test suite detects firewall leaks reliably
- Scenario: Tails' Tor binary is configured to use the expected Tor authorities
- Given I have started Tails from DVD and logged in and the network is connected
- Then the Tor binary is configured to use the expected Tor authorities
-
Scenario: The firewall configuration is very restrictive
Given I have started Tails from DVD and logged in and the network is connected
Then the firewall's policy is to drop all IPv4 traffic
diff --git a/wiki/src/contribute/design/Time_syncing.mdwn b/wiki/src/contribute/design/Time_syncing.mdwn
index 4a9234b..1a9fbd9 100644
--- a/wiki/src/contribute/design/Time_syncing.mdwn
+++ b/wiki/src/contribute/design/Time_syncing.mdwn
@@ -90,10 +90,10 @@ Third, things are different depending on if you're using a bridge or
not.
If not using a bridge: Tails starts without a cached consensus, so its
-Tor client starts by connecting directly to a directory authority (and
-not to a directory mirror / entry guard), so feeding you an old
+Tor client starts by connecting directly to a fallback directory
+mirror, so feeding you an old
consensus requires the attacker either to break SSL, or to control the
-directory authority your Tor client connects to. Not good, but
+fallback directory mirror your Tor client connects to. Not good, but
probably a compromise we can make.
If using a bridge: your bridge can replay an old (one week old max.)