summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoranonym <anonym@riseup.net>2015-07-17 01:36:12 +0200
committeranonym <anonym@riseup.net>2015-07-17 01:36:12 +0200
commit1411096873799f6690aad07ba8799f4c7ff9be2b (patch)
treee9cb514d2f5cc37e91620f59120309a3f53bc1ea
parentb3e908cc0ce93aaa4f6ef9761f0000deada94791 (diff)
parent5be4ca90036865f7fc3040c02dda558fb2779557 (diff)
Merge remote-tracking branch 'origin/devel' into test/wip-improved-snapshots
Conflicts: features/step_definitions/torified_misc.rb
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tor-browser4
-rw-r--r--config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch15
-rw-r--r--features/step_definitions/torified_misc.rb24
-rw-r--r--features/torified_browsing.feature3
4 files changed, 41 insertions, 5 deletions
diff --git a/config/chroot_local-includes/usr/local/bin/tor-browser b/config/chroot_local-includes/usr/local/bin/tor-browser
index 80200a3..a6751fd 100755
--- a/config/chroot_local-includes/usr/local/bin/tor-browser
+++ b/config/chroot_local-includes/usr/local/bin/tor-browser
@@ -59,6 +59,10 @@ start_browser() {
/usr/local/bin/generate-tor-browser-profile
fi
+ TMPDIR="${PROFILE}/tmp"
+ mkdir --mode=0700 -p "$TMPDIR"
+ export TMPDIR
+
configure_best_tor_browser_locale "${PROFILE}"
# Workaround bug #8036
diff --git a/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch b/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch
index 222e288..d1df77c 100644
--- a/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch
+++ b/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch
@@ -1,5 +1,5 @@
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
-index 7e68a08..c7db6da 100644
+index 7e68a08..2f40271 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -1,13 +1,15 @@
@@ -97,7 +97,7 @@ index 7e68a08..c7db6da 100644
/etc/mailcap r,
/etc/mime.types r,
-@@ -73,6 +87,31 @@
+@@ -73,10 +87,42 @@
/sys/devices/pci[0-9]*/**/uevent r,
owner /{dev,run}/shm/shmfd-* rw,
@@ -129,3 +129,14 @@ index 7e68a08..c7db6da 100644
# KDE 4
owner @{HOME}/.kde/share/config/* r,
+ # Xfce4
+ /etc/xfce4/defaults.list r,
+ /usr/share/xfce4/applications/ r,
++
++ # Deny access to global tmp directories, that's granted by the user-tmp
++ # abstraction, which is sourced by the gnome abstraction, that we include.
++ deny owner /var/tmp/** rwklx,
++ deny /var/tmp/ rwklx,
++ deny owner /tmp/** rwklx,
++ deny /tmp/ rwklx,
+ }
diff --git a/features/step_definitions/torified_misc.rb b/features/step_definitions/torified_misc.rb
index 407d851..fb72e1e 100644
--- a/features/step_definitions/torified_misc.rb
+++ b/features/step_definitions/torified_misc.rb
@@ -1,6 +1,9 @@
class WhoisLookupFailure < StandardError
end
+class WgetFailure < StandardError
+end
+
When /^I query the whois directory service for "([^"]+)"$/ do |domain|
@new_circuit_tries = 0
until @new_circuit_tries == $config["MAX_NEW_TOR_CIRCUIT_RETRIES"] do
@@ -27,9 +30,24 @@ end
When /^I wget "([^"]+)" to stdout(?:| with the '([^']+)' options)$/ do |url, options|
arguments = "-O - '#{url}'"
arguments = "#{options} #{arguments}" if options
- @vm_execute_res = $vm.execute(
- "wget #{arguments}",
- LIVE_USER)
+
+ @new_circuit_tries = 0
+ until @new_circuit_tries == $config["MAX_NEW_TOR_CIRCUIT_RETRIES"] do
+ begin
+ @vm_execute_res = $vm.execute("wget #{arguments}", LIVE_USER)
+ raise WgetFailure unless @vm_execute_res.success?
+ break
+ rescue WgetFailure
+ if @vm_execute_res.stderr['Timeout'] || @vm_execute_res.stderr['Unable to resolve']
+ force_new_tor_circuit
+ end
+ end
+ end
+ assert(@new_circuit_tries < $config["MAX_NEW_TOR_CIRCUIT_RETRIES"],
+ "Fetching from #{url} with options #{options} did not succeed after retrying #{@new_circuit_tries} times.\n" +
+ "The output contains:\n" +
+ "#{@vm_execute_res.stdout}\n" +
+ "#{@vm_execute_res.stderr}")
end
Then /^the (wget|whois) command is successful$/ do |command|
diff --git a/features/torified_browsing.feature b/features/torified_browsing.feature
index 40a723d..8745ae4 100644
--- a/features/torified_browsing.feature
+++ b/features/torified_browsing.feature
@@ -60,12 +60,15 @@ Feature: Browsing the web using the Tor Browser
Given Tails has booted from DVD and logged in and the network is connected
Given I copy "/usr/share/synaptic/html/index.html" to "/home/amnesia/Tor Browser/synaptic.html" as user "amnesia"
And I copy "/usr/share/synaptic/html/index.html" to "/home/amnesia/.gnupg/synaptic.html" as user "amnesia"
+ And I copy "/usr/share/synaptic/html/index.html" to "/tmp/synaptic.html" as user "amnesia"
And I start the Tor Browser
And the Tor Browser has started and loaded the startup page
When I open the address "file:///home/amnesia/Tor Browser/synaptic.html" in the Tor Browser
Then I see "TorBrowserSynapticManual.png" after at most 10 seconds
When I open the address "file:///home/amnesia/.gnupg/synaptic.html" in the Tor Browser
Then I see "TorBrowserUnableToOpen.png" after at most 10 seconds
+ When I open the address "file:///tmp/synaptic.html" in the Tor Browser
+ Then I see "TorBrowserUnableToOpen.png" after at most 10 seconds
Scenario: The "Tails documentation" link on the Desktop works
Given Tails has booted from DVD and logged in and the network is connected