summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xconfig/binary_local-hooks/40-include_syslinux_in_ISO_filesystem5
-rw-r--r--config/chroot_apt/preferences12
-rwxr-xr-xconfig/chroot_local-hooks/52-update-rc.d1
-rwxr-xr-xconfig/chroot_local-hooks/99-zzz_runtime_apt_configuration6
-rwxr-xr-xconfig/chroot_local-hooks/99-zzz_runtime_apt_proxy14
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh2
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh2
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/30-i2p.sh5
-rw-r--r--config/chroot_local-includes/etc/environment4
-rw-r--r--config/chroot_local-includes/etc/ferm/ferm.conf6
-rw-r--r--config/chroot_local-includes/etc/polipo/config165
-rw-r--r--config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js2
-rwxr-xr-xconfig/chroot_local-includes/lib/live/config/2080-install-i2p5
-rwxr-xr-xconfig/chroot_local-includes/usr/lib/apt/methods/tor+http8
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/totem2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/wget8
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/whois2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/apt-toggle-tor-http28
-rw-r--r--config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh259
-rw-r--r--config/chroot_local-includes/usr/local/lib/tails-shell-library/common.sh34
-rw-r--r--config/chroot_local-includes/usr/local/lib/tails-shell-library/i2p.sh32
-rw-r--r--config/chroot_local-includes/usr/local/lib/tails-shell-library/localization.sh26
-rw-r--r--config/chroot_local-includes/usr/local/lib/tails-shell-library/tails-greeter.sh (renamed from config/chroot_local-includes/usr/local/lib/tails-shell-library/tails_greeter.sh)4
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/do_not_ever_run_me6
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/i2p-browser400
-rw-r--r--config/chroot_local-includes/usr/local/sbin/tails-i2p14
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-spoof-mac2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/unsafe-browser282
-rw-r--r--config/chroot_local-includes/usr/share/tails/i2p-browser/prefs.js33
-rw-r--r--config/chroot_local-includes/usr/share/tails/i2p-browser/theme.js2
-rw-r--r--config/chroot_local-includes/usr/share/tails/i2p-browser/userChrome.css92
-rw-r--r--config/chroot_local-includes/usr/share/tails/unsafe-browser/prefs.js14
-rw-r--r--config/chroot_local-includes/usr/share/tails/unsafe-browser/theme.js2
-rw-r--r--config/chroot_local-includes/usr/share/tails/unsafe-browser/userChrome.css9
-rw-r--r--config/chroot_local-packageslists/tails-common.list1
-rw-r--r--config/chroot_local-patches/apparmor-adjust-totem-profile.diff12
-rw-r--r--config/chroot_local-patches/keep_polipo_on_shutdown.diff7
-rw-r--r--config/chroot_local-patches/torify_wgetrc.patch13
-rw-r--r--config/chroot_local-patches/torsocks_gobby-0.5.patch2
-rw-r--r--debian/changelog6
-rw-r--r--features/i2p.feature1
-rw-r--r--features/step_definitions/common_steps.rb6
-rw-r--r--features/step_definitions/unsafe_browser.rb7
-rw-r--r--features/unsafe_browser.feature6
-rw-r--r--wiki/src/contribute/calendar.mdwn6
-rw-r--r--wiki/src/contribute/design.mdwn26
-rw-r--r--wiki/src/contribute/design/I2P_Browser.mdwn2
-rw-r--r--wiki/src/contribute/design/Tor_enforcement.mdwn5
-rw-r--r--wiki/src/contribute/design/Tor_enforcement/Network_filter.mdwn2
-rw-r--r--wiki/src/contribute/design/Tor_enforcement/Proxy.mdwn10
-rw-r--r--wiki/src/contribute/design/Unsafe_Browser.mdwn1
-rw-r--r--wiki/src/contribute/design/application_isolation.mdwn1
-rw-r--r--wiki/src/contribute/release_process/liveusb-creator/topic_branch.mdwn10
-rw-r--r--wiki/src/contribute/release_process/test.mdwn48
-rw-r--r--wiki/src/inc/trace2
-rw-r--r--wiki/src/upgrade/v1/Tails/1.2.2/i386/alpha/upgrades.yml15
-rw-r--r--wiki/src/upgrade/v1/Tails/1.2.2/i386/alpha/upgrades.yml.pgp26
57 files changed, 824 insertions, 879 deletions
diff --git a/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem b/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
index 27a1cdd..8fc75e1 100755
--- a/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
+++ b/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
@@ -43,13 +43,12 @@ cp "$CHROOT_SYSLINUX_MBR" "$BINARY_MBR_DIR/mbr.bin"
cat chroot/etc/apt/sources.list chroot/etc/apt/sources.list.d/*.list \
| sed --regexp-extended -e 's,^deb(\s+),deb-src\1,' \
> "$CHROOT_TEMP_APT_SOURCES"
-mv chroot/etc/apt/apt.conf.d/{,.}0000runtime-proxy
+Chroot chroot /usr/local/lib/apt-toggle-tor-http off
Chroot chroot apt-get --yes update
Chroot chroot apt-get --yes install dpkg-dev
Chroot chroot apt-get source syslinux="$(syslinux_deb_version_in_chroot)"
cp chroot/syslinux-*/bios/win32/syslinux.exe "$WIN32_BINARY_UTILS_DIR/"
rm -r chroot/syslinux*
rm "$CHROOT_TEMP_APT_SOURCES"
-mv chroot/etc/apt/apt.conf.d/{.,}0000runtime-proxy
-Chroot chroot apt-get --yes update
+Chroot chroot /usr/local/lib/apt-toggle-tor-http on
Chroot chroot apt-get --yes purge dpkg-dev make # dpkg-dev depends on make
diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences
index 280ff89..9a9f2c6 100644
--- a/config/chroot_apt/preferences
+++ b/config/chroot_apt/preferences
@@ -198,6 +198,10 @@ Package: tor
Pin: release o=TorProject,n=wheezy
Pin-Priority: 999
+Package: torsocks
+Pin: release o=Debian Backports,n=wheezy-backports
+Pin-Priority: 999
+
Package: virtualbox-guest-dkms
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
@@ -218,14 +222,6 @@ Package: ttdnsd
Pin: release o=TorProject,a=unstable
Pin-Priority: 999
-Package: xul-ext-https-everywhere
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
-
-Package: xul-ext-noscript
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
Explanation: weirdness in chroot_apt install-binary
Package: *
Pin: release o=chroot_local-packages
diff --git a/config/chroot_local-hooks/52-update-rc.d b/config/chroot_local-hooks/52-update-rc.d
index d27f7cb..27f9148 100755
--- a/config/chroot_local-hooks/52-update-rc.d
+++ b/config/chroot_local-hooks/52-update-rc.d
@@ -24,7 +24,6 @@ laptop-mode
memlockd
network-manager
plymouth
-polipo
pulseaudio
resolvconf
saned
diff --git a/config/chroot_local-hooks/99-zzz_runtime_apt_configuration b/config/chroot_local-hooks/99-zzz_runtime_apt_configuration
new file mode 100755
index 0000000..1306566
--- /dev/null
+++ b/config/chroot_local-hooks/99-zzz_runtime_apt_configuration
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+set -eu
+
+echo "Configuring APT for runtime"
+/usr/local/lib/apt-toggle-tor-http on
diff --git a/config/chroot_local-hooks/99-zzz_runtime_apt_proxy b/config/chroot_local-hooks/99-zzz_runtime_apt_proxy
deleted file mode 100755
index 91f5b96..0000000
--- a/config/chroot_local-hooks/99-zzz_runtime_apt_proxy
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Configuring the runtime APT proxy"
-
-cat > /etc/apt/apt.conf.d/0000runtime-proxy <<EOF
-// Proxy through Polipo to torify outgoing APT HTTP connections.
-// This setting must be overriden at build time by live-build's
-// 00http-proxy configuration file.
-// That's why it is created in a chroot local hook.
-
-Acquire::http::Proxy "http://127.0.0.1:8118/";
-EOF
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh
index efcfcbe..434eb3e 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh
@@ -17,7 +17,7 @@ fi
. /usr/local/lib/tails-shell-library/tor.sh
# Import tails_netconf()
-. /usr/local/lib/tails-shell-library/tails_greeter.sh
+. /usr/local/lib/tails-shell-library/tails-greeter.sh
# It's safest that Tor is not running when messing with its logs.
service tor stop
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh
index bbafbfc..368e70d 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh
@@ -14,7 +14,7 @@
. /usr/local/lib/tails-shell-library/tor.sh
# Import tails_netconf()
-. /usr/local/lib/tails-shell-library/tails_greeter.sh
+. /usr/local/lib/tails-shell-library/tails-greeter.sh
### Init variables
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/30-i2p.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/30-i2p.sh
index 365623a..3a02fc4 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/30-i2p.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/30-i2p.sh
@@ -3,8 +3,11 @@
# I2P isn't started automatically at system boot.
# Instead, it is started with this hook script.
+# Import i2p_is_enabled().
+. /usr/local/lib/tails-shell-library/i2p.sh
+
# Don't even try to run this script if I2P is not enabled.
-grep -qw "i2p" /proc/cmdline || exit 0
+i2p_is_enabled || exit 0
# don't run if interface is 'lo'
[ $1 = "lo" ] && exit 0
diff --git a/config/chroot_local-includes/etc/environment b/config/chroot_local-includes/etc/environment
index 940df33..66a4502 100644
--- a/config/chroot_local-includes/etc/environment
+++ b/config/chroot_local-includes/etc/environment
@@ -1,7 +1,3 @@
-http_proxy=http://127.0.0.1:8118
-HTTP_PROXY=http://127.0.0.1:8118
-https_proxy=http://127.0.0.1:8118
-HTTPS_PROXY=http://127.0.0.1:8118
SOCKS_SERVER=127.0.0.1:9050
SOCKS5_SERVER=127.0.0.1:9050
diff --git a/config/chroot_local-includes/etc/ferm/ferm.conf b/config/chroot_local-includes/etc/ferm/ferm.conf
index 6a43313..bf65343 100644
--- a/config/chroot_local-includes/etc/ferm/ferm.conf
+++ b/config/chroot_local-includes/etc/ferm/ferm.conf
@@ -80,12 +80,6 @@ domain ip {
mod owner uid-owner amnesia ACCEPT;
}
- # White-list access to polipo
- daddr 127.0.0.1 proto tcp syn dport 8118 {
- mod owner uid-owner root ACCEPT;
- mod owner uid-owner amnesia ACCEPT;
- }
-
# White-list access to I2P services for the amnesia user (IRC, SAM, POP3, SMTP, and Monotone)
# For more information, see https://tails/boum.org/contribute/design/I2P and https://geti2p.net/ports
daddr 127.0.0.1 proto tcp syn mod multiport destination-ports (6668 7656 7659 7660 8998) {
diff --git a/config/chroot_local-includes/etc/polipo/config b/config/chroot_local-includes/etc/polipo/config
deleted file mode 100644
index 7211eb0..0000000
--- a/config/chroot_local-includes/etc/polipo/config
+++ /dev/null
@@ -1,165 +0,0 @@
-# Sample configuration file for Polipo. -*-sh-*-
-
-# You should not need to edit this configuration file; all configuration
-# variables have reasonable defaults.
-
-# This file only contains some of the configuration variables; see the
-# list given by ``polipo -v'' and the manual for more.
-
-
-### Basic configuration
-### *******************
-
-# Uncomment one of these if you want to allow remote clients to
-# connect:
-
-# proxyAddress = "::0" # both IPv4 and IPv6
-# proxyAddress = "0.0.0.0" # IPv4 only
-
-proxyAddress = "127.0.0.1"
-proxyPort = 8118
-
-# If you are enabling 'proxyAddress' above, then you want to enable the
-# 'allowedClients' variable to the address of your network, e.g.
-# allowedClients = 127.0.0.1, 192.168.42.0/24
-
-allowedClients = 127.0.0.1
-allowedPorts = 1-65535
-
-# Uncomment this if you want your Polipo to identify itself by
-# something else than the host name:
-
-proxyName = "localhost"
-
-# Uncomment this if there's only one user using this instance of Polipo:
-
-cacheIsShared = false
-
-# Uncomment this if you want to use a parent proxy:
-
-# parentProxy = "squid.example.org:3128"
-
-# Uncomment this if you want to use a parent SOCKS proxy:
-
-socksParentProxy = "127.0.0.1:9050"
-socksProxyType = socks5
-
-
-### Memory
-### ******
-
-# Uncomment this if you want Polipo to use a ridiculously small amount
-# of memory (a hundred C-64 worth or so):
-
-# chunkHighMark = 819200
-# objectHighMark = 128
-
-# Uncomment this if you've got plenty of memory:
-
-# chunkHighMark = 50331648
-# objectHighMark = 16384
-
-chunkHighMark = 67108864
-
-### On-disk data
-### ************
-
-# Uncomment this if you want to disable the on-disk cache:
-
-diskCacheRoot = ""
-
-# Uncomment this if you want to put the on-disk cache in a
-# non-standard location:
-
-# diskCacheRoot = "~/.polipo-cache/"
-
-# Uncomment this if you want to disable the local web server:
-
-localDocumentRoot = ""
-
-# Uncomment this if you want to enable the pages under /polipo/index?
-# and /polipo/servers?. This is a serious privacy leak if your proxy
-# is shared.
-
-# disableIndexing = false
-# disableServersList = false
-
-disableLocalInterface = true
-disableConfiguration = true
-
-### Domain Name System
-### ******************
-
-# Uncomment this if you want to contact IPv4 hosts only (and make DNS
-# queries somewhat faster):
-#
-# dnsQueryIPv6 = no
-
-# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for
-# double-stack hosts:
-#
-# dnsQueryIPv6 = reluctantly
-
-# Uncomment this to disable Polipo's DNS resolver and use the system's
-# default resolver instead. If you do that, Polipo will freeze during
-# every DNS query:
-
-dnsUseGethostbyname = yes
-
-
-### HTTP
-### ****
-
-# Uncomment this if you want to enable detection of proxy loops.
-# This will cause your hostname (or whatever you put into proxyName
-# above) to be included in every request:
-
-disableVia = true
-
-# Uncomment this if you want to slightly reduce the amount of
-# information that you leak about yourself:
-
-censoredHeaders = from,accept-language,x-pad,link
-censorReferer = maybe
-
-# Uncomment this if you're paranoid. This will break a lot of sites,
-# though:
-
-# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language
-# censorReferer = true
-
-# Uncomment this if you want to use Poor Man's Multiplexing; increase
-# the sizes if you're on a fast line. They should each amount to a few
-# seconds' worth of transfer; if pmmSize is small, you'll want
-# pmmFirstSize to be larger.
-
-# Note that PMM is somewhat unreliable.
-
-# pmmFirstSize = 16384
-# pmmSize = 8192
-
-# Uncomment this if your user-agent does something reasonable with
-# Warning headers (most don't):
-
-# relaxTransparency = maybe
-
-# Uncomment this if you never want to revalidate instances for which
-# data is available (this is not a good idea):
-
-# relaxTransparency = yes
-
-# Uncomment this if you have no network:
-
-# proxyOffline = yes
-
-# Uncomment this if you want to avoid revalidating instances with a
-# Vary header (this is not a good idea):
-
-# mindlesslyCacheVary = true
-
-# Suggestions from Incognito configuration
-maxConnectionAge = 5m
-maxConnectionRequests = 120
-serverMaxSlots = 8
-serverSlots = 2
-tunnelAllowedPorts = 1-65535
diff --git a/config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js b/config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js
index c4ac81e..2b64498 100644
--- a/config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js
+++ b/config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js
@@ -1,6 +1,6 @@
// As suggested in TBB's start-tor-browser script for system-wide Tor
// instances
-pref("extensions.torbutton.banned_ports", "631,6136,4444,4445,6668,7656,7657,7658,7659,7660,8998,8118,9040,9050,9061,9062,9150,9052");
+pref("extensions.torbutton.banned_ports", "631,6136,4444,4445,6668,7656,7657,7658,7659,7660,8998,9040,9050,9061,9062,9150,9052");
pref("extensions.torbutton.custom.socks_host", "127.0.0.1");
pref("extensions.torbutton.custom.socks_port", 9150);
pref("extensions.torbutton.launch_warning", false);
diff --git a/config/chroot_local-includes/lib/live/config/2080-install-i2p b/config/chroot_local-includes/lib/live/config/2080-install-i2p
index 768ed79..3052495 100755
--- a/config/chroot_local-includes/lib/live/config/2080-install-i2p
+++ b/config/chroot_local-includes/lib/live/config/2080-install-i2p
@@ -3,6 +3,9 @@
# This script reverses everything done by config/chroot_local-hooks/97_remove_i2p
# when the string "i2p" is added to the boot prompt.
+# Import i2p_is_enabled().
+. /usr/local/lib/tails-shell-library/i2p.sh
+
SRC="/usr/share/tails/i2p-disabled"
Install_I2P(){
@@ -18,7 +21,7 @@ Add_Sudo_Config(){
chmod 0440 /etc/sudoers.d/zzz_i2pbrowser
}
-if grep -qw "i2p" /proc/cmdline && [ -d "$SRC" ]; then
+if i2p_is_enabled && [ -d "$SRC" ]; then
Install_I2P
Add_Sudo_Config
fi
diff --git a/config/chroot_local-includes/usr/lib/apt/methods/tor+http b/config/chroot_local-includes/usr/lib/apt/methods/tor+http
new file mode 100755
index 0000000..b8fe6eb
--- /dev/null
+++ b/config/chroot_local-includes/usr/lib/apt/methods/tor+http
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+unset http_proxy
+unset HTTP_PROXY
+unset https_proxy
+unset HTTPS_PROXY
+
+exec torsocks /usr/lib/apt/methods/http "$@"
diff --git a/config/chroot_local-includes/usr/local/bin/totem b/config/chroot_local-includes/usr/local/bin/totem
new file mode 100755
index 0000000..99eda65
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/bin/totem
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec torsocks /usr/bin/totem $*
diff --git a/config/chroot_local-includes/usr/local/bin/wget b/config/chroot_local-includes/usr/local/bin/wget
new file mode 100755
index 0000000..95cae94
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/bin/wget
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+unset http_proxy
+unset HTTP_PROXY
+unset https_proxy
+unset HTTPS_PROXY
+
+exec torsocks /usr/bin/wget $*
diff --git a/config/chroot_local-includes/usr/local/bin/whois b/config/chroot_local-includes/usr/local/bin/whois
index f125f17..3be5e9f 100755
--- a/config/chroot_local-includes/usr/local/bin/whois
+++ b/config/chroot_local-includes/usr/local/bin/whois
@@ -1,2 +1,2 @@
#!/bin/sh
-exec torify /usr/bin/whois $*
+exec torsocks /usr/bin/whois $*
diff --git a/config/chroot_local-includes/usr/local/lib/apt-toggle-tor-http b/config/chroot_local-includes/usr/local/lib/apt-toggle-tor-http
new file mode 100755
index 0000000..2ca1685
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/lib/apt-toggle-tor-http
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -eu
+
+USAGE="Usage: $(basename $0) on|off"
+
+print_usage_and_exit () {
+ echo "$USAGE" >&2
+ exit 1
+}
+
+[ $# -eq 1 ] || print_usage_and_exit
+
+case "$1" in
+ on)
+ perl -p -i \
+ -E 's,\A ((?:\#)? \s* deb(?:-src)? \s+)http://,$1tor+http://,xms' \
+ /etc/apt/sources.list /etc/apt/sources.list.d/*.list
+ ;;
+ off)
+ perl -p -i \
+ -E 's,\A ((?:\#)? \s* deb(?:-src)? \s+)tor[+]http://,$1http://,xms' \
+ /etc/apt/sources.list /etc/apt/sources.list.d/*.list
+ ;;
+ *)
+ print_usage_and_exit
+ ;;
+esac
diff --git a/config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh b/config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh
new file mode 100644
index 0000000..1b889db
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh
@@ -0,0 +1,259 @@
+#!/bin/sh
+
+# This shell library is meant to be used with `set -e`.
+
+if [ "$(whoami)" != "root" ]; then
+ echo "This library is useless for non-root users. Exiting..." >&2
+ exit 1
+fi
+
+# Import the TBB_INSTALL, TBB_PROFILE and TBB_EXT variables, and
+# configure_xulrunner_app_locale().
+. /usr/local/lib/tails-shell-library/tor-browser.sh
+
+# Import windows_camouflage_is_enabled()
+. /usr/local/lib/tails-shell-library/tails-greeter.sh
+
+# Import try_for().
+. /usr/local/lib/tails-shell-library/common.sh
+
+# Break down the chroot and kill all of its processes
+try_cleanup_browser_chroot () {
+ local chroot="${1}"
+ local cow="${2}"
+ local user="${3}"
+ try_for 10 "pkill -u ${user} 1>/dev/null 2>&1" 0.1 || \
+ pkill -9 -u "${user}" || :
+ for mnt in "${chroot}/dev" "${chroot}/proc" "${chroot}" "${cow}"; do
+ try_for 10 "umount ${mnt} 2>/dev/null" 0.1
+ done
+ rmdir "${cow}" "${chroot}"
+}
+
+# Setup a chroot on a clean aufs "fork" of the root filesystem.
+setup_chroot_for_browser () {
+ local chroot="${1}"
+ local cow="${2}"
+ local user="${3}"
+
+ # FIXME: When LXC matures to the point where it becomes a viable option
+ # for creating isolated jails, the chroot can be used as its rootfs.
+
+ local cleanup_cmd="try_cleanup_browser_chroot \"${chroot}\" \"${cow}\" \"${user}\""
+ trap "${cleanup_cmd}" INT EXIT
+
+ local rootfs_dir
+ local rootfs_dirs_path="/lib/live/mount/rootfs"
+ local tails_module_path="/lib/live/mount/medium/live/Tails.module"
+ local aufs_dirs=
+
+ # We have to pay attention to the order we stack the filesystems;
+ # newest must be first, and remember that the .module file lists
+ # oldest first, newest last.
+ while read rootfs_dir; do
+ rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
+ mountpoint -q "${rootfs_dir}" && \
+ aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
+ done < "${tails_module_path}"
+ # But our copy-on-write dir must be at the very top.
+ aufs_dirs="${cow}=rw:${aufs_dirs}"
+
+ mkdir -p "${cow}" "${chroot}" && \
+ mount -t tmpfs tmpfs "${cow}" && \
+ mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs "${chroot}" && \
+ mount -t proc proc "${chroot}/proc" && \
+ mount --bind "/dev" "${chroot}/dev" || \
+ return 1
+
+ # Workaround for #6110
+ chmod -t "${cow}"
+}
+
+browser_conf_dir () {
+ local browser_name="${1}"
+ local browser_user="${2}"
+ echo "/home/${browser_user}/.${browser_name}"
+}
+
+browser_profile_dir () {
+ local conf_dir="$(browser_conf_dir "${@}")"
+ echo "${conf_dir}/profile.default"
+}
+
+chroot_browser_conf_dir () {
+ local chroot="${1}"; shift
+ echo "${chroot}/$(browser_conf_dir "${@}")"
+}
+
+chroot_browser_profile_dir () {
+ local conf_dir="$(chroot_browser_conf_dir "${@}")"
+ echo "${conf_dir}/profile.default"
+}
+
+# Set the chroot's DNS servers (IPv4 only)
+configure_chroot_dns_servers () {
+ local chroot="${1}" ; shift
+ local ip4_nameservers="${@}"
+
+ rm -f "${chroot}/etc/resolv.conf"
+ for ns in ${ip4_nameservers}; do
+ echo "nameserver ${ns}" >> "${chroot}/etc/resolv.conf"
+ done
+ chmod a+r "${chroot}/etc/resolv.conf"
+}
+
+set_chroot_browser_permissions () {
+ local chroot="${1}"
+ local browser_name="${2}"
+ local browser_user="${3}"
+ local browser_conf="$(chroot_browser_conf_dir "${chroot}" "${browser_name}" "${browser_user}")"
+ chown -R "${browser_user}:${browser_user}" "${browser_conf}"
+}
+
+configure_chroot_browser_profile () {
+ local chroot="${1}" ; shift
+ local browser_name="${1}" ; shift
+ local browser_user="${1}" ; shift
+ local home_page="${1}" ; shift
+ # Now $@ is a list of paths (that must be valid after chrooting)
+ # to extensions to enable.
+
+ # Prevent sudo from complaining about failing to resolve the 'amnesia' host
+ echo "127.0.0.1 localhost amnesia" > "${chroot}/etc/hosts"
+
+ # Create a fresh browser profile for the clearnet user
+ local browser_profile="$(chroot_browser_profile_dir "${chroot}" "${browser_name}" "${browser_user}")"
+ local browser_ext="${browser_profile}/extensions"
+ mkdir -p "${browser_profile}" "${browser_ext}"
+
+ # Select extensions to enable
+ local extension
+ while [ -n "${*}" ]; do
+ extension="${1}" ; shift
+ ln -s "${extension}" "${browser_ext}"
+ done
+
+ # Set preferences
+ local browser_prefs="${browser_profile}/preferences/prefs.js"
+ mkdir -p "$(dirname "${browser_prefs}")"
+ cp "/usr/share/tails/${browser_name}/prefs.js" "${browser_prefs}"
+
+ # Set browser home page to something that explains what's going on
+ if [ -n "${home_page}" ]; then
+ echo 'user_pref("browser.startup.homepage", "'"${home_page}"'");' >> \
+ "${browser_prefs}"
+ fi
+
+ # Customize the GUI
+ local browser_chrome="${browser_profile}/chrome/userChrome.css"
+ mkdir -p "$(dirname "${browser_chrome}")"
+ cp "/usr/share/tails/${browser_name}/userChrome.css" "${browser_chrome}"
+
+ # Remove all bookmarks
+ rm "${chroot}/${TBB_PROFILE}/bookmarks.html"
+
+ # Set an appropriate theme, except if we're using Windows
+ # camouflage.
+ if ! windows_camouflage_is_enabled; then
+ cat "/usr/share/tails/${browser_name}/theme.js" >> "${browser_prefs}"
+ else
+ # The tails-activate-win8-theme script requires that the
+ # browser profile is writable by the user running the script.
+ set_chroot_browser_permissions "${chroot}" "${browser_user}"
+ # The camouflage activation script requires a dbus server for
+ # properly configuring GNOME, so we start one in the chroot
+ chroot "${chroot}" sudo -H -u "${browser_user}" sh -c 'eval `dbus-launch --auto-syntax`; tails-activate-win8-theme' || :
+ fi
+}
+
+set_chroot_browser_locale () {
+ local chroot="${1}"
+ local browser_name="${2}"
+ local browser_user="${3}"
+ local locale="${4}"
+ local browser_profile="$(chroot_browser_profile_dir "${chroot}" "${browser_name}" "${browser_user}")"
+ configure_xulrunner_app_locale "${browser_profile}" "${locale}"
+}
+
+# Must be called after configure_chroot_browser_profile(), since it
+# depends on which extensions are installed in the profile.
+set_chroot_browser_name () {
+ local chroot="${1}"
+ local human_readable_name="${2}"
+ local browser_name="${3}"
+ local browser_user="${4}"
+ local locale="${5}"
+ local ext_dir="${chroot}/${TBB_EXT}"
+ local browser_profile_ext_dir="$(chroot_browser_profile_dir "${chroot}" "${browser_name}" "${browser_user}")/extensions"
+
+ # If Torbutton is installed in the browser profile, it will decide
+ # the browser name.
+ if [ -e "${browser_profile_ext_dir}/torbutton@torproject.org" ]; then
+ local torbutton_locale_dir="${ext_dir}/torbutton/chrome/locale/${locale}"
+ if [ ! -d "${torbutton_locale_dir}" ]; then
+ # Surprisingly, the default locale is en, not en-US
+ torbutton_locale_dir="${chroot}/usr/share/xul-ext/torbutton/chrome/locale/en"
+ fi
+ sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${human_readable_name}\">/" "${torbutton_locale_dir}/brand.dtd"
+ # Since Torbutton decides the name, we don't have to mess with
+ # with the browser's own branding, which will save time and
+ # memory.
+ return
+ fi
+
+ local pack top rest
+ if [ "${locale}" != "en-US" ]; then
+ pack="${ext_dir}/langpack-${locale}@firefox.mozilla.org.xpi"
+ top="browser/chrome"
+ rest="${locale}/locale"
+ else
+ pack="${chroot}/${TBB_INSTALL}/browser/omni.ja"
+ top="chrome"
+ rest="en-US/locale"
+ fi
+ local tmp="$(mktemp -d)"
+ local branding="${top}/${rest}/branding/brand.dtd"
+ 7z x -o"${tmp}" "${pack}" "${branding}"
+ sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${human_readable_name}\">/" "${tmp}/${branding}"
+ (cd ${tmp} ; 7z u -tzip "${pack}" .)
+ chmod a+r "${pack}"
+ rm -Rf "${tmp}"
+}
+
+configure_chroot_browser () {
+ local chroot="${1}" ; shift
+ local browser_user="${1}" ; shift
+ local browser_name="${1}" ; shift
+ local human_readable_name="${1}" ; shift
+ local home_page="${1}" ; shift
+ local dns_servers="${1}" ; shift
+ # Now $@ is a list of paths (that must be valid after chrooting)
+ # to extensions to enable.
+ local best_locale="$(guess_best_tor_browser_locale)"
+
+ configure_chroot_dns_servers "${chroot}" "${dns_servers}"
+ configure_chroot_browser_profile "${chroot}" "${browser_name}" \
+ "${browser_user}" "${home_page}" "${@}"
+ set_chroot_browser_locale "${chroot}" "${browser_name}" "${browser_user}" \
+ "${best_locale}"
+ set_chroot_browser_name "${chroot}" "${human_readable_name}" \
+ "${browser_name}" "${browser_user}" "${best_locale}"
+ set_chroot_browser_permissions "${chroot}" "${browser_name}" \
+ "${browser_user}"
+}
+
+# Start the browser in the chroot
+run_browser_in_chroot () {
+ local chroot="${1}"
+ local browser_name="${2}"
+ local chroot_user="${3}"
+ local local_user="${4}"
+ local profile="$(browser_profile_dir ${browser_name} ${chroot_user})"
+
+ sudo -u "${local_user}" xhost "+SI:localuser:${chroot_user}"
+ chroot "${chroot}" sudo -u "${chroot_user}" /bin/sh -c \
+ ". /usr/local/lib/tails-shell-library/tor-browser.sh && \
+ exec_firefox -DISPLAY=:0.0 \
+ -profile '${profile}'"
+ sudo -u "${local_user}" xhost "-SI:localuser:${chroot_user}"
+}
diff --git a/config/chroot_local-includes/usr/local/lib/tails-shell-library/common.sh b/config/chroot_local-includes/usr/local/lib/tails-shell-library/common.sh
index f490a16..dda1888 100644
--- a/config/chroot_local-includes/usr/local/lib/tails-shell-library/common.sh
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/common.sh
@@ -1,5 +1,11 @@
#!/bin/sh
+# Run `check_expr` until `timeout` seconds has passed, and sleep
+# `delay` (optional, defaults to 1) seconds in between the calls.
+# Note that execution isn't aborted exactly after `timeout`
+# seconds. In the worst case (the timeout happens right after we check
+# if the timeout has happened) we'll wait in total: `timeout` seconds +
+# `delay` seconds + the time needed for `check_expr`.
wait_until() {
local timeout check_expr delay timeout_at
timeout="${1}"
@@ -14,3 +20,31 @@ wait_until() {
done
return 0
}
+
+# Just an alias. The second argument (wait_until()'s check_expr) is
+# the "try code block". Just like in `wait_until()`, the timeout isn't
+# very accurate.
+try_for() {
+ wait_until "${@}"
+}
+
+# Sets the `value` of a `key` in a simple configuration `file`. With
+# "simple" you should think something like a the shell environment as
+# output by the `env` command. Hence this is only useful for
+# configuration files that have no structure (e.g. sections with
+# semantic meaning, like the namespace secions in .gitconfig), allow
+# only one assignment per line, and a fixed/static assignment operator
+# (`op`, which defaults to '=', but other examples would be " = " or
+# torrc's " "). If the key already exists its value is updated in
+# place, otherwise it's added at the end.
+set_simple_config_key() {
+ local key="${1}"
+ local value="${2}"
+ local file="${3}"
+ local op="${4:-=}"
+ if grep -q "^${key}${op}" "${file}"; then
+ sed -i -n "s/^${key}${op}.*$/${key}${op}${value}/p" "${file}"
+ else
+ echo "${key}${op}${value}" >> "${file}"
+ fi
+}
diff --git a/config/chroot_local-includes/usr/local/lib/tails-shell-library/i2p.sh b/config/chroot_local-includes/usr/local/lib/tails-shell-library/i2p.sh
index 62e9511..cb18478 100644
--- a/config/chroot_local-includes/usr/local/lib/tails-shell-library/i2p.sh
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/i2p.sh
@@ -1,13 +1,24 @@
#!/bin/sh
+# Import set_key().
+. /usr/local/lib/tails-shell-library/common.sh
+
+# Import language_code_from_locale().
+. /usr/local/lib/tails-shell-library/localization.sh
+
+I2P_DEFAULT_CONFIG="/usr/share/i2p"
I2P_CONFIG="/var/lib/i2p/i2p-config"
I2P_TUNNEL_CONFIG="${I2P_CONFIG}/i2ptunnel.config"
+i2p_is_enabled() {
+ grep -qw "i2p" /proc/cmdline
+}
+
i2p_eep_proxy_address() {
- # We retrieve the host and port number from the I2P profile This
+ # We retrieve the host and port number from the I2P profile. This
# shouldn't be anywhere other than 127.0.0.1:4444 but in case
# someone modifies the hook scripts or the default changes in I2P,
- # this check should still work
+ # this check should still work.
local listen_host listen_port
listen_host=$(awk -F= '/^tunnel\.0\.interface/{print $2}' \
"${I2P_TUNNEL_CONFIG}")
@@ -27,3 +38,20 @@ i2p_router_console_address() {
i2p_router_console_is_ready() {
netstat -4nlp | grep -qwF "$(i2p_router_console_address)"
}
+
+set_best_i2p_router_console_lang() {
+ # We will use the detected language even if I2P doesn't support it; it
+ # will default to English in that case.
+ local lang="$(language_code_from_locale "${LANG}")"
+ # We first try to set it in an existing "live" config, even though
+ # the effect will only appear after a restart.
+ local config
+ for config in "${I2P_CONFIG}/router.config" \
+ "${I2P_DEFAULT_CONFIG}/router.config"; do
+ if [ -e "${config}" ]; then
+ set_simple_config_key "routerconsole.lang" "${lang}" "${config}"
+ return 0
+ fi
+ done
+ return 1
+}
diff --git a/config/chroot_local-includes/usr/local/lib/tails-shell-library/localization.sh b/config/chroot_local-includes/usr/local/lib/tails-shell-library/localization.sh
new file mode 100644
index 0000000..df7dd7c
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/localization.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+# Extracts the language part of a given locale, e.g. "en_US.UTF-8"
+# yields "en". Often $LANG will be passed as the argument.
+language_code_from_locale () {
+ echo "${1}" | sed "s,\(_\|\.\).*$,,"
+}
+
+# Prints the path to the localized (according to the environment's
+# LANG) version of `page` in the local copy of Tails' website. `page`
+# should specify only the name of the page, not the language code (of
+# course!) or the ".html" extension. If a localized page doesn't exist
+# the default is the English version.
+localized_tails_doc_page () {
+ local page="${1}"
+ local lang_code="$(language_code_from_locale "${LANG}")"
+ local try_page
+ for locale in "${lang_code}" "en"; do
+ try_page="${page}.${locale}.html"
+ if [ -r "${try_page}" ]; then
+ echo "${try_page}"
+ return 0
+ fi
+ done
+ return 1
+}
diff --git a/config/chroot_local-includes/usr/local/lib/tails-shell-library/tails_greeter.sh b/config/chroot_local-includes/usr/local/lib/tails-shell-library/tails-greeter.sh
index 7ff6694..31e25d3 100644
--- a/config/chroot_local-includes/usr/local/lib/tails-shell-library/tails_greeter.sh
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/tails-greeter.sh
@@ -20,6 +20,10 @@ mac_spoof_is_enabled() {
[ "$(_get_tg_setting "${PHYSICAL_SECURITY_SETTINGS}" TAILS_MACSPOOF_ENABLED)" != false ]
}
+windows_camouflage_is_enabled() {
+ [ -e /var/lib/gdm3/tails.camouflage ]
+}
+
tails_netconf() {
_get_tg_setting "${PHYSICAL_SECURITY_SETTINGS}" TAILS_NETCONF
}
diff --git a/config/chroot_local-includes/usr/local/sbin/do_not_ever_run_me b/config/chroot_local-includes/usr/local/sbin/do_not_ever_run_me
index 9dc1751..60c2d16 100755
--- a/config/chroot_local-includes/usr/local/sbin/do_not_ever_run_me
+++ b/config/chroot_local-includes/usr/local/sbin/do_not_ever_run_me
@@ -37,9 +37,3 @@ $IP6T -F
$IP6T -P INPUT ACCEPT
$IP6T -P FORWARD ACCEPT
$IP6T -P OUTPUT ACCEPT
-
-echo "You might want to unset http_proxy and HTTP_PROXY environment variables as well:"
-echo " unset http_proxy"
-echo " unset https_proxy"
-echo " unset HTTP_PROXY"
-echo " unset HTTPS_PROXY"
diff --git a/config/chroot_local-includes/usr/local/sbin/i2p-browser b/config/chroot_local-includes/usr/local/sbin/i2p-browser
index 1ccbb04..5a494a0 100755
--- a/config/chroot_local-includes/usr/local/sbin/i2p-browser
+++ b/config/chroot_local-includes/usr/local/sbin/i2p-browser
@@ -2,60 +2,21 @@
set -e
-# This isn't very useful without I2P...
-grep -qw "i2p" /proc/cmdline || exit 0
-
-CMD=$(basename ${0})
-LOCK=/var/lock/${CMD}
-
-. gettext.sh
-TEXTDOMAIN="tails"
-export TEXTDOMAIN
-
-. /usr/local/lib/tails-shell-library/i2p.sh
-
-CONF_DIR=/var/lib/i2p-browser
-COW=${CONF_DIR}/cow
-CHROOT=${CONF_DIR}/chroot
-BROWSER_USER=i2pbrowser
-TBB_PREFS="/etc/tor-browser/profile/preferences"
-START_PAGE="http://127.0.0.1:7657"
-
-# Import the TBB_INSTALL, TBB_EXT and TBB_PROFILE variables, and
-# exec_firefox(), configure_xulrunner_app_locale() and
-# guess_best_tor_browser_locale()
+# Import the TBB_EXT variable, and guess_best_tor_browser_locale().
. /usr/local/lib/tails-shell-library/tor-browser.sh
-NOSCRIPT="${TBB_EXT}/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi"
-TORBUTTON="${TBB_EXT}/torbutton@torproject.org"
-NAME="`gettext \"I2P Browser\"`"
+# Import windows_camouflage_is_enabled()
+. /usr/local/lib/tails-shell-library/tor-browser.sh
-if [ -e /var/lib/gdm3/tails.camouflage ]; then
- CAMOUFLAGE=yes
-fi
+# Import try_cleanup_browser_chroot(), setup_browser_chroot(),
+# configure_chroot_dns_servers(), configure_chroot_browser(),
+# configure_chroot_browser(), set_chroot_browser_locale()
+# set_chroot_torbutton_browser_name(), set_chroot_browser_permissions()
+# and run_browser_in_chroot().
+. /usr/local/lib/tails-shell-library/chroot-browser.sh
-cleanup () {
- # Break down the chroot and kill all of its processes
- local counter=0
- local ret=0
- while [ "${counter}" -le 10 ] && \
- pgrep -u ${BROWSER_USER} 1>/dev/null 2>&1; do
- pkill -u ${BROWSER_USER} 1>/dev/null 2>&1
- ret=${?}
- sleep 1
- counter=$((${counter}+1))
- done
- [ ${ret} -eq 0 ] || pkill -9 -u ${BROWSER_USER} 1>/dev/null 2>&1
- for mnt in ${CHROOT}/dev ${CHROOT}/proc ${CHROOT} ${COW}; do
- counter=0
- while [ "${counter}" -le 10 ] && mountpoint -q ${mnt} 2>/dev/null; do
- umount ${mnt} 2>/dev/null
- sleep 1
- counter=$((${counter}+1))
- done
- done
- rmdir ${COW} ${CHROOT} 2>/dev/null
-}
+# Import i2p_router_console_is_ready() and i2p_is_enabled().
+. /usr/local/lib/tails-shell-library/i2p.sh
error () {
local cli_text="${CMD}: `gettext \"error:\"` ${@}"
@@ -63,7 +24,7 @@ error () {
${@}"
echo "${cli_text}" >&2
- sudo -u ${SUDO_USER} zenity --error --title "" --text "${dialog_text}"
+ sudo -u "${SUDO_USER}" zenity --error --title "" --text "${dialog_text}"
exit 1
}
@@ -76,7 +37,7 @@ verify_start () {
local exit="`gettext \"_Exit\"`"
# Since zenity can't set the default button to cancel, we switch the
# labels and interpret the return value as its negation.
- if sudo -u ${SUDO_USER} zenity --question --title "" --ok-label "${exit}" \
+ if sudo -u "${SUDO_USER}" zenity --question --title "" --ok-label "${exit}" \
--cancel-label "${launch}" --text "${dialog_msg}"; then
exit 0
fi
@@ -88,285 +49,20 @@ show_start_notification () {
tails-notify-user "${title}" "${body}" 10000
}
-setup_chroot () {
- # Setup a chroot on an aufs "fork" of the filesystem.
- # FIXME: When LXC matures to the point where it becomes a viable option
- # for creating isolated jails, the chroot can be used as its rootfs.
- echo "* Setting up chroot"
-
- trap cleanup INT
- trap cleanup EXIT
-
- local rootfs_dir
- local rootfs_dirs_path=/lib/live/mount/rootfs
- local tails_module_path=/lib/live/mount/medium/live/Tails.module
- local aufs_dirs=
-
- # We have to pay attention to the order we stack the filesystems;
- # newest must be first, and remember that the .module file lists
- # oldest first, newest last.
- while read rootfs_dir; do
- rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
- mountpoint -q "${rootfs_dir}" && \
- aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
- done < "${tails_module_path}"
- # But our copy-on-write dir must be at the very top.
- aufs_dirs="${COW}=rw:${aufs_dirs}"
-
- mkdir -p ${COW} ${CHROOT} && \
- mount -t tmpfs tmpfs ${COW} && \
- mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs ${CHROOT} && \
- mount -t proc proc ${CHROOT}/proc && \
- mount --bind /dev ${CHROOT}/dev || \
- error "`gettext \"Failed to setup chroot.\"`"
-
- # Workaround for todo/buggy_aufs_vs_unsafe-browser
- chmod -t ${COW}
-}
-
-set_chroot_browser_name () {
- NAME="${1}"
- LOCALE="${2}"
- EXT_DIR=${CHROOT}/"${TBB_EXT}"
- BRANDING=branding/brand.dtd
- if [ "${LOCALE}" != en-US ]; then
- PACK="${EXT_DIR}/langpack-${LOCALE}@firefox.mozilla.org.xpi"
- TOP=browser/chrome
- REST=${LOCALE}/locale
- else
- PACK="${CHROOT}/${TBB_INSTALL}/browser/omni.ja"
- TOP=chrome
- REST=en-US/locale
- fi
- TMP=$(mktemp -d)
- # Non-zero exit code due to non-standard ZIP archive.
- # The following steps will fail soon if the extraction failed anyway.
- unzip -d "${TMP}" "${PACK}" || true
- sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${NAME}\">/" "${TMP}/${TOP}/${REST}/${BRANDING}"
- rm "${PACK}"
- (cd $TMP ; 7z a -tzip "${PACK}" .)
- chmod a+r "${PACK}"
- rm -Rf "${TMP}"
-}
-
-configure_chroot () {
- echo "* Configuring chroot"
-
- # Prevent sudo from complaining about failing to resolve the 'amnesia' host
- echo "127.0.0.1 localhost amnesia" > ${CHROOT}/etc/hosts
-
- # Keep the NoScript and TorButton addons
- chroot ${CHROOT} dpkg -l 'xul-ext*' |grep -v 'noscript\|torbutton' \
- | awk '/^ii/{print $2}' | xargs -r chroot ${CHROOT} dpkg --remove
-
- # Create a fresh Tor Browser profile for the i2pbrowser user
- BROWSER_PROFILE="${CHROOT}/home/${BROWSER_USER}/.tor-browser/profile.default"
- BROWSER_EXT="${BROWSER_PROFILE}/extensions"
- mkdir -p "${BROWSER_EXT}"
- ln -s "${NOSCRIPT}" "${BROWSER_EXT}"
- # TorButton forces the Browser name to Tor Browser. This hack is to undo that and set it to I2P Browser
- # to try to prevent user confusion.
- TMP=$(mktemp -d)
- cp -a /usr/share/xul-ext/torbutton/ $TMP
- for LANGPACK in $(ls ${TBB_PROFILE}/extensions/langpack-*.xpi); do
- ln -s "${LANGPACK}" "${BROWSER_EXT}"
- done
- find $TMP/torbutton -name 'brand.dtd' -print0 | \
- xargs -0 -r sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${NAME}\">/"
- cd $TMP/torbutton && 7z a -tzip "${BROWSER_EXT}/torbutton@torproject.org.xpi" .
- rm -r $TMP
- BROWSER_PREF_DIR="${BROWSER_PROFILE}/preferences"
- BROWSER_PREFS="${BROWSER_PREF_DIR}/prefs.js"
- mkdir -p "${BROWSER_PREF_DIR}"
+copy_extra_tbb_prefs () {
+ local chroot="${1}"
+ local browser_name="${2}"
+ local browser_user="${3}"
+ local tbb_prefs="/etc/tor-browser/profile/preferences"
+ local browser_prefs_dir="${chroot}/home/${browser_user}/.${browser_name}/profile.default/preferences"
+ mkdir -p "${browser_prefs_dir}"
# Selectively copy the TBB prefs we want
- sed '/\(security\|update\|download\|spell\|noscript\|torbrowser\|torbutton\)/!d' $TBB_PREFS/0000tails.js > \
- ${BROWSER_PREF_DIR}/0000tails.js
- sed '/\(capability\|noscript\|torbutton\)/!d' ${TBB_PREFS}/extension-overrides.js > \
- ${BROWSER_PREF_DIR}/extension-overrides.js
-
- # Localization
- BEST_LOCALE="$(guess_best_tor_browser_locale)"
- configure_xulrunner_app_locale "${BROWSER_PROFILE}" "${BEST_LOCALE}"
-
- # Prevent File -> Print or CTRL+P from causing the browser to hang
- # for several minutes while trying to communicate with CUPS, since
- # access to port 631 isn't allowed through.
- echo 'user_pref("print.postscript.cups.enabled", false);' >> \
- ${BROWSER_PREFS}
-
- # Set the name (e.g. window title) of the browser
- set_chroot_browser_name "`gettext \"I2P Browser\"`" "${BEST_LOCALE}"
-
- # Set start page to the router console
- echo 'user_pref("browser.startup.homepage", "'${START_PAGE}'");' >> \
- ${BROWSER_PREFS}
-
-
- # Disable searching from the URL bar
- echo 'user_pref("keyword.enabled", false);' >> \
- ${BROWSER_PREFS}
- # Hide "Get Addons" in Add-ons manager
- echo 'user_pref("extensions.getAddons.showPane", false);' >> \
- ${BROWSER_PREFS}
- # add the I2P proxy to all protocols
- cat > "${BROWSER_PREF_DIR}/i2p.js" << EOF
-user_pref("extensions.torbutton.http_port", 4444);
-user_pref("extensions.torbutton.http_proxy", "127.0.0.1");
-user_pref("extensions.torbutton.https_port", 4444);
-user_pref("extensions.torbutton.https_proxy", "127.0.0.1");
-user_pref("extensions.torbutton.custom.ftp_port", 4444);
-user_pref("extensions.torbutton.custom.ftp_proxy", "127.0.0.1");
-user_pref("extensions.torbutton.custom.http_port", 4444);
-user_pref("extensions.torbutton.custom.http_proxy", "127.0.0.1");
-user_pref("extensions.torbutton.custom.https_port", 4444);
-user_pref("extensions.torbutton.custom.https_proxy", "127.0.0.1");
-user_pref("extensions.torbutton.ftp_port", 4444);
-user_pref("extensions.torbutton.ftp_proxy", "127.0.0.1");
-user_pref("extensions.torbutton.gopher_port", 4444);
-user_pref("extensions.torbutton.gopher_proxy", "127.0.0.1");
-user_pref("extensions.torbutton.inserted_button", true);
-user_pref("extensions.torbutton.settings_method", "custom");
-user_pref("network.proxy.ftp", "127.0.0.1");
-user_pref("network.proxy.ftp_port", 4444);
-user_pref("network.proxy.http", "127.0.0.1");
-user_pref("network.proxy.http_port", 4444);
-user_pref("network.proxy.no_proxies_on", "127.0.0.1");
-user_pref("network.proxy.ssl", "127.0.0.1");
-user_pref("network.proxy.ssl_port", 4444);
-EOF
- # Hide options in the I2P Browser.
- # It would be good to implement the ability to persist the browser profile in the
- # future. At that point, the Bookmark functionality could be restored.
- BROWSER_CHROME="${BROWSER_PROFILE}/chrome/userChrome.css"
- mkdir -p "$(dirname "${BROWSER_CHROME}")"
- cat > ${BROWSER_CHROME} << EOF
-/* Required, do not remove */
-@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
-
-/* Hide access to the bookmarks to try to prevent "data loss" due to users
- * adding bookmarks even though the profile is destroyed at browser close.
- * Keyboard shortcuts still work, but this makes it harder to 'accidentally'
- * lose bookmarks.
- *
- * Note that any of the selectors that start with 'app' apply to the menu that
- * is used if the main menu is hidden. Any that start with 'wrapper' are
- * buttons that are normally visible within the 'customize toolbar' option. The
- * others are probably self-explanatory.
- */
-
-/* Remove the History and Bookmarks menus and buttons */
-#appmenu_bookmarks,
-#appmenu_history,
-#bookmarks,
-#bookmarks-menu-button,
-#bookmarksMenu,
-#history,
-#history-menu,
-#history-menu-button,
-#wrapper-history-button,
-#wrapper-bookmarks-button,
-
-/* Hide the sidebar menu (underneath View) since the default sidebars consist
- * of history and bookmarks. Also disable the bookmark toolbar.
- */
-#toggle_PersonalToolbar,
-#viewSidebarMenuMenu,
-
-/* Remove the "Star button" and "History Dropdown arrow" from the URL bar
- * since neither history nor bookmarks are saved.
- */
-#star-button,
-[anonid="historydropmarker"],
-
-/* Remove bookmark options from the context menus */
-#context-bookmarkframe,
-#context-bookmarklink,
-#context-bookmarkpage,
-
-/* Hide the option for emailing links since it's doomed to failure
- * without a configured email client.
- */
-menuitem[command="Browser:SendLink"],
-
-/* Hide Print options */
-/*
-#menu_printSetup,
-#menu_printPreview,
-#menu_print,
-#menu_print + menuseparator,
-[command="cmd_print"],
-*/
-
-/* Hide the sync functionality which won't work with I2P */
-#BrowserPreferences radio[pane="paneSync"],
-#sync-button,
-#sync-menu-button,
-#sync-setup,
-#sync-setup-appmenu,
-#sync-status-button,
-#sync-syncnowitem-appmenu,
-#wrapper-sync-button,
-
-/* Without I2P search engines defined, the search bar is useless.
- * Since there are no I2P search engines added to Tails (yet),
- * let's hide it and the Update Pane in Firefox's Preferences.
- */
-#search-container,
-#updateTab,
-
-/* Hide options in the Help menu that lead to disallowed resources on the
- * Internet.
- */
-#appmenu_feedbackPage,
-#appmenu_gettingStarted,
-#appmenu_openHelp,
-#feedbackPage,
-#gettingStarted,
-#menu_HelpPopup_reportPhishingtoolmenu,
-#menu_openHelp,
-
-/* Hide TorBrowser Health Report and its configuration option */
-#appmenu_healthReport,
-#dataChoicesTab,
-#healthReport
-
-/* Now the actual hiding */
-{display: none !important}
-EOF
- rm -rf ${BROWSER_EXT}/branding@amnesia.boum.org
-
- # Remove all bookmarks
- rm -f "${CHROOT}/${TBB_PROFILE}/bookmarks.html"
- rm -f ${BROWSER_PROFILE}/bookmarks.html
- rm -f ${BROWSER_PROFILE}/places.sqlite
-
- chown -R ${BROWSER_USER}:${BROWSER_USER} "${CHROOT}/home/${BROWSER_USER}/.tor-browser"
-
- # Change the theme when not using Windows camouflage
- if [ -z "${CAMOUFLAGE}" ]; then
- cat >> ${BROWSER_PREFS} <<EOF
-user_pref("lightweightThemes.isThemeSelected", true);
-user_pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"I2P Browser\",\"headerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"textcolor\":\"#FFFFFF\",\"accentcolor\":\"#66ABEB\",\"updateDate\":0,\"installDate\":0}]");
-EOF
- else
- # The camouflage activation script requires a dbus server for
- # properly configuring GNOME, so we start one in the chroot
- chroot ${CHROOT} sudo -H -u ${BROWSER_USER} sh -c 'eval `dbus-launch --auto-syntax`; tails-activate-win8-theme' || :
- fi
-
-}
-
-run_browser_in_chroot () {
- # Start Iceweasel in the chroot
- echo "* Starting I2P Browser"
-
- sudo -u ${SUDO_USER} xhost +SI:localuser:${BROWSER_USER} 2>/dev/null
- chroot ${CHROOT} sudo -u ${BROWSER_USER} /bin/sh -c \
- ". /usr/local/lib/tails-shell-library/tor-browser.sh && \
- exec_firefox -DISPLAY=:0.0 \
- -profile /home/${BROWSER_USER}/.tor-browser/profile.default"
- sudo -u ${SUDO_USER} xhost -SI:localuser:${BROWSER_USER} 2>/dev/null
+ sed '/\(security\|update\|download\|spell\|noscript\|torbrowser\|torbutton\)/!d' "${tbb_prefs}/0000tails.js" > \
+ "${browser_prefs_dir}/0000tails.js"
+ sed '/\(capability\|noscript\|torbutton\)/!d' "${tbb_prefs}/extension-overrides.js" > \
+ "${browser_prefs_dir}/extension-overrides.js"
+ chown -R "${browser_user}:${browser_user}" "${browser_prefs_dir}"
}
show_shutdown_notification () {
@@ -375,8 +71,31 @@ show_shutdown_notification () {
tails-notify-user "${title}" "${body}" 10000
}
+# Main script:
+
+# This isn't very useful without I2P...
+i2p_is_enabled || exit 0
+
+CMD="$(basename "${0}")"
+LOCK="/var/lock/${CMD}"
+
+. gettext.sh
+TEXTDOMAIN="tails"
+export TEXTDOMAIN
+
+CONF_DIR="/var/lib/i2p-browser"
+COW="${CONF_DIR}/cow"
+CHROOT="${CONF_DIR}/chroot"
+BROWSER_NAME="i2p-browser"
+BROWSER_USER="i2pbrowser"
+HOME_PAGE="http://127.0.0.1:7657"
+NOSCRIPT_EXT_XPI="${TBB_EXT}/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi"
+TORBUTTON_EXT_DIR="${TBB_EXT}/torbutton@torproject.org"
+HUMAN_READABLE_NAME="`gettext \"I2P Browser\"`"
+IP4_NAMESERVERS="0.0.0.0"
+
# Prevent multiple instances of the script.
-exec 9>${LOCK}
+exec 9>"${LOCK}"
if ! flock -x -n 9; then
error "`gettext \"Another I2P Browser is currently running, or being cleaned up. Please retry in a while.\"`"
fi
@@ -385,9 +104,24 @@ if ! i2p_router_console_is_ready; then
verify_start
fi
show_start_notification
-setup_chroot
-configure_chroot
-run_browser_in_chroot
+
+echo "* Setting up chroot"
+setup_chroot_for_browser "${CHROOT}" "${COW}" "${BROWSER_USER}" || \
+ error "`gettext \"Failed to setup chroot.\"`"
+
+echo "* Configuring chroot"
+configure_chroot_browser "${CHROOT}" "${BROWSER_USER}" "${BROWSER_NAME}" \
+ "${HUMAN_READABLE_NAME}" "${HOME_PAGE}" "${IP4_NAMESERVERS}" \
+ "${TBB_EXT}"/langpack-*.xpi "${NOSCRIPT_EXT_XPI}" "${TORBUTTON_EXT_DIR}" && \
+ copy_extra_tbb_prefs "${CHROOT}" "${BROWSER_NAME}" "${BROWSER_USER}" || \
+ error "`gettext \"Failed to configure browser.\"`"
+
+echo "* Starting I2P Browser"
+run_browser_in_chroot "${CHROOT}" "${BROWSER_NAME}" "${BROWSER_USER}" \
+ "${SUDO_USER}" || \
+ error "`gettext \"Failed to run browser.\"`"
+
+echo "* Exiting the I2P Browser"
show_shutdown_notification
exit 0
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-i2p b/config/chroot_local-includes/usr/local/sbin/tails-i2p
index a70739c..0745220 100644
--- a/config/chroot_local-includes/usr/local/sbin/tails-i2p
+++ b/config/chroot_local-includes/usr/local/sbin/tails-i2p
@@ -16,7 +16,8 @@ set -u
# Import wait_until()
. /usr/local/lib/tails-shell-library/common.sh
-# Import i2p_has_bootstrapped() and i2p_router_console_is_ready()
+# Import i2p_has_bootstrapped(), i2p_router_console_is_ready() and
+# set_best_i2p_router_console_lang().
. /usr/local/lib/tails-shell-library/i2p.sh
I2P_STARTUP_TIMEOUT=60
@@ -62,7 +63,16 @@ notify_bootstrap_success() {
case "${1}" in
start|restart)
- service i2p restart
+ # Stop I2P before setting the router console language in case
+ # it pushes any updated options on quit.
+ if service i2p status; then
+ service i2p stop
+ fi
+ # Get LANG, since we may run this from an environment that
+ # doesn't have it set.
+ . /etc/default/locale
+ set_best_i2p_router_console_lang
+ service i2p start
wait_until_i2p_router_console_is_ready || startup_failure
notify_router_console_success
wait_until_i2p_has_bootstrapped || bootstrap_failure
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac b/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac
index 114a710..e09f010 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac
+++ b/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac
@@ -8,7 +8,7 @@ set -e
. /usr/local/lib/tails-shell-library/hardware.sh
. /usr/local/lib/tails-shell-library/log.sh
-. /usr/local/lib/tails-shell-library/tails_greeter.sh
+. /usr/local/lib/tails-shell-library/tails-greeter.sh
. /usr/bin/gettext.sh
TEXTDOMAIN="tails"
diff --git a/config/chroot_local-includes/usr/local/sbin/unsafe-browser b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
index d2177b2..1f049b1 100755
--- a/config/chroot_local-includes/usr/local/sbin/unsafe-browser
+++ b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
@@ -2,60 +2,21 @@
set -e
-CMD=$(basename ${0})
-LOCK=/var/lock/${CMD}
-
-. gettext.sh
-TEXTDOMAIN="tails"
-export TEXTDOMAIN
-
-CONF_DIR=/var/lib/unsafe-browser
-COW=${CONF_DIR}/cow
-CHROOT=${CONF_DIR}/chroot
-CLEARNET_USER=clearnet
-
# Import tor_is_working()
. /usr/local/lib/tails-shell-library/tor.sh
-# Import the TBB_INSTALL, TBB_EXT and TBB_PROFILE variables, and
-# exec_firefox(), configure_xulrunner_app_locale() and
-# guess_best_tor_browser_locale()
+# Import the TBB_EXT variable, and guess_best_tor_browser_locale().
. /usr/local/lib/tails-shell-library/tor-browser.sh
-WARNING_PAGE='/usr/share/doc/tails/website/misc/unsafe_browser_warning'
-LANG_CODE="$(echo ${LANG} | head -c 2)"
-if [ -r "${WARNING_PAGE}.${LANG_CODE}.html" ]; then
- START_PAGE="${WARNING_PAGE}.${LANG_CODE}.html"
-else
- START_PAGE="${WARNING_PAGE}.en.html"
-fi
+# Import localized_tails_doc_page().
+. /usr/local/lib/tails-shell-library/localization.sh
-if [ -e /var/lib/gdm3/tails.camouflage ]; then
- CAMOUFLAGE=yes
-fi
-
-cleanup () {
- # Break down the chroot and kill all of its processes
- local counter=0
- local ret=0
- while [ "${counter}" -le 10 ] && \
- pgrep -u ${CLEARNET_USER} 1>/dev/null 2>&1; do
- pkill -u ${CLEARNET_USER} 1>/dev/null 2>&1
- ret=${?}
- sleep 1
- counter=$((${counter}+1))
- done
- [ ${ret} -eq 0 ] || pkill -9 -u ${CLEARNET_USER} 1>/dev/null 2>&1
- for mnt in ${CHROOT}/dev ${CHROOT}/proc ${CHROOT} ${COW}; do
- counter=0
- while [ "${counter}" -le 10 ] && mountpoint -q ${mnt} 2>/dev/null; do
- umount ${mnt} 2>/dev/null
- sleep 1
- counter=$((${counter}+1))
- done
- done
- rmdir ${COW} ${CHROOT} 2>/dev/null
-}
+# Import try_cleanup_browser_chroot(), setup_browser_chroot(),
+# configure_chroot_dns_servers(), configure_chroot_browser(),
+# configure_chroot_browser(), set_chroot_browser_locale()
+# set_chroot_browser_name(), set_chroot_browser_permissions()
+# and run_browser_in_chroot().
+. /usr/local/lib/tails-shell-library/chroot-browser.sh
error () {
local cli_text="${CMD}: `gettext \"error:\"` ${@}"
@@ -63,7 +24,7 @@ error () {
${@}"
echo "${cli_text}" >&2
- sudo -u ${SUDO_USER} zenity --error --title "" --text "${dialog_text}"
+ sudo -u "${SUDO_USER}" zenity --error --title "" --text "${dialog_text}"
exit 1
}
@@ -76,7 +37,7 @@ verify_start () {
local exit="`gettext \"_Exit\"`"
# Since zenity can't set the default button to cancel, we switch the
# labels and interpret the return value as its negation.
- if sudo -u ${SUDO_USER} zenity --question --title "" --ok-label "${exit}" \
+ if sudo -u "${SUDO_USER}" zenity --question --title "" --ok-label "${exit}" \
--cancel-label "${launch}" --text "${dialog_msg}"; then
exit 0
fi
@@ -88,169 +49,6 @@ show_start_notification () {
tails-notify-user "${title}" "${body}" 10000
}
-setup_chroot () {
- # Setup a chroot on an aufs "fork" of the filesystem.
- # FIXME: When LXC matures to the point where it becomes a viable option
- # for creating isolated jails, the chroot can be used as its rootfs.
- echo "* Setting up chroot"
-
- trap cleanup INT
- trap cleanup EXIT
-
- local rootfs_dir
- local rootfs_dirs_path=/lib/live/mount/rootfs
- local tails_module_path=/lib/live/mount/medium/live/Tails.module
- local aufs_dirs=
-
- # We have to pay attention to the order we stack the filesystems;
- # newest must be first, and remember that the .module file lists
- # oldest first, newest last.
- while read rootfs_dir; do
- rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
- mountpoint -q "${rootfs_dir}" && \
- aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
- done < "${tails_module_path}"
- # But our copy-on-write dir must be at the very top.
- aufs_dirs="${COW}=rw:${aufs_dirs}"
-
- mkdir -p ${COW} ${CHROOT} && \
- mount -t tmpfs tmpfs ${COW} && \
- mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs ${CHROOT} && \
- mount -t proc proc ${CHROOT}/proc && \
- mount --bind /dev ${CHROOT}/dev || \
- error "`gettext \"Failed to setup chroot.\"`"
-
- # Workaround for todo/buggy_aufs_vs_unsafe-browser
- chmod -t ${COW}
-}
-
-set_chroot_browser_name () {
- NAME="${1}"
- LOCALE="${2}"
- EXT_DIR=${CHROOT}/"${TBB_EXT}"
- BRANDING=branding/brand.dtd
- if [ "${LOCALE}" != en-US ]; then
- PACK="${EXT_DIR}/langpack-${LOCALE}@firefox.mozilla.org.xpi"
- TOP=browser/chrome
- REST=${LOCALE}/locale
- else
- PACK="${CHROOT}/${TBB_INSTALL}/browser/omni.ja"
- TOP=chrome
- REST=en-US/locale
- fi
- TMP=$(mktemp -d)
- # Non-zero exit code due to non-standard ZIP archive.
- # The following steps will fail soon if the extraction failed anyway.
- unzip -d "${TMP}" "${PACK}" || true
- sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${NAME}\">/" "${TMP}/${TOP}/${REST}/${BRANDING}"
- rm "${PACK}"
- (cd $TMP ; 7z a -tzip "${PACK}" .)
- chmod a+r "${PACK}"
- rm -Rf "${TMP}"
-}
-
-configure_chroot () {
- echo "* Configuring chroot"
-
- # Set the chroot's DNS servers to those obtained through DHCP
- rm -f ${CHROOT}/etc/resolv.conf
- for NS in ${IP4_NAMESERVERS}; do
- echo "nameserver ${NS}" >> ${CHROOT}/etc/resolv.conf
- done
- chmod a+r ${CHROOT}/etc/resolv.conf
-
- # Remove all addons: some adds proxying, which we don't
- # want; some may change the fingerprint compared to a standard
- # Firefox install. Note: We cannot use apt-get since we don't ship its
- # lists (#6531). Too bad, APT supports globbing, while dkpg does not.
- dpkg -l 'xul-ext-*' | /bin/grep '^ii' | awk '{print $2}' | \
- xargs chroot ${CHROOT} dpkg --remove
-
- # Create a fresh browser profile for the clearnet user
- CLEARNET_PROFILE="${CHROOT}"/home/clearnet/.tor-browser/profile.default
-
- CLEARNET_EXT="${CLEARNET_PROFILE}"/extensions
- mkdir -p "${CLEARNET_EXT}"
- cp -Pr "${TBB_PROFILE}"/extensions/langpack-*.xpi "${CLEARNET_EXT}"
-
- CLEARNET_PREFS="${CLEARNET_PROFILE}"/preferences/prefs.js
- mkdir -p "$(dirname "${CLEARNET_PREFS}")"
-
- # Localization
- BEST_LOCALE="$(guess_best_tor_browser_locale)"
- configure_xulrunner_app_locale "${CLEARNET_PROFILE}" "${BEST_LOCALE}"
-
- # Disable proxying in the chroot
- echo 'pref("network.proxy.type", 0);' >> "${CLEARNET_PREFS}"
- echo 'pref("network.proxy.socks_remote_dns", false);' >> "${CLEARNET_PREFS}"
-
- # Disable update checking
- echo 'pref("app.update.enabled", false);' >> "${CLEARNET_PREFS}"
- echo 'pref("extensions.update.enabled", false);' >> "${CLEARNET_PREFS}"
-
- # Prevent File -> Print or CTRL+P from causing the browser to hang
- # for several minutes while trying to communicate with CUPS, since
- # access to port 631 isn't allowed through.
- echo 'pref("print.postscript.cups.enabled", false);' >> "${CLEARNET_PREFS}"
- # Hide "Get Addons" in Add-ons manager
- echo 'user_pref("extensions.getAddons.showPane", false);' >> "${CLEARNET_PREFS}"
-
- # Set the name (e.g. window title) of the browser
- set_chroot_browser_name "`gettext \"Unsafe Browser\"`" "${BEST_LOCALE}"
-
- # Set start page to something that explains what's going on
- echo 'user_pref("browser.startup.homepage", "'${START_PAGE}'");' >> \
- "${CLEARNET_PREFS}"
- BROWSER_CHROME="${CLEARNET_PROFILE}/chrome/userChrome.css"
- mkdir -p "$(dirname "${BROWSER_CHROME}")"
- cat > ${BROWSER_CHROME} << EOF
-/* Required, do not remove */
-@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
-
-/* Hide TorBrowser Health Report and its configuration option */
-#appmenu_healthReport,
-#dataChoicesTab,
-#healthReport
-
-{display: none !important}
-EOF
-
- # Remove all bookmarks
- rm -f ${CHROOT}/"${TBB_PROFILE}"/bookmarks.html
- rm -f ${CLEARNET_PROFILE}/bookmarks.html
- rm -f ${CLEARNET_PROFILE}/places.sqlite
-
- chown -R clearnet:clearnet ${CHROOT}/home/clearnet/.tor-browser
-
- # Set a scary theme (except if we're using Windows
- # camouflage). Note that the tails-activate-win8-theme script that
- # we may run below requires that the browser profile is writable
- # by the user running the script (i.e. clearnet).
- if [ -z "${CAMOUFLAGE}" ]; then
- cat >> "${CLEARNET_PREFS}" <<EOF
-pref("lightweightThemes.isThemeSelected", true);
-pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"Unsafe Browser\",\"headerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"textcolor\":\"#FFFFFF\",\"accentcolor\":\"#CC0000\",\"updateDate\":0,\"installDate\":0}]");
-EOF
- else
- # The camouflage activation script requires a dbus server for
- # properly configuring GNOME, so we start one in the chroot
- chroot ${CHROOT} sudo -H -u clearnet sh -c 'eval `dbus-launch --auto-syntax`; tails-activate-win8-theme' || :
- fi
-
-}
-
-run_browser_in_chroot () {
- # Start the browser in the chroot
- echo "* Starting Unsafe Browser"
-
- sudo -u ${SUDO_USER} xhost +SI:localuser:${CLEARNET_USER} 2>/dev/null
- chroot ${CHROOT} sudo -u ${CLEARNET_USER} /bin/sh -c \
- '. /usr/local/lib/tails-shell-library/tor-browser.sh && \
- exec_firefox -DISPLAY=:0.0 \
- -profile /home/clearnet/.tor-browser/profile.default'
- sudo -u ${SUDO_USER} xhost -SI:localuser:${CLEARNET_USER} 2>/dev/null
-}
-
show_shutdown_notification () {
local title="`gettext \"Shutting down the Unsafe Browser...\"`"
local body="`gettext \"This may take a while, and you may not restart the Unsafe Browser until it is properly shut down.\"`"
@@ -264,22 +62,50 @@ maybe_restart_tor () {
if ! tor_is_working; then
echo "* Restarting Tor"
restart-tor
- if ! service tor status >/dev/null; then
+ if ! service tor status; then
error "`gettext \"Failed to restart Tor.\"`"
fi
fi
}
+# Main script:
+
+CMD="$(basename "${0}")"
+LOCK="/var/lock/${CMD}"
+
+. gettext.sh
+TEXTDOMAIN="tails"
+export TEXTDOMAIN
+
+CONF_DIR="/var/lib/unsafe-browser"
+COW="${CONF_DIR}/cow"
+CHROOT="${CONF_DIR}/chroot"
+BROWSER_NAME="unsafe-browser"
+BROWSER_USER="clearnet"
+HUMAN_READABLE_NAME="`gettext \"Unsafe Browser\"`"
+NM_ENV_FILE="/var/lib/NetworkManager/env"
+WARNING_PAGE='/usr/share/doc/tails/website/misc/unsafe_browser_warning'
+HOME_PAGE="$(localized_tails_doc_page "${WARNING_PAGE}")"
+
# Prevent multiple instances of the script.
-exec 9>${LOCK}
+exec 9>"${LOCK}"
if ! flock -x -n 9; then
error "`gettext \"Another Unsafe Browser is currently running, or being cleaned up. Please retry in a while.\"`"
fi
# Get the DNS servers that was obtained from NetworkManager, if any...
-NM_ENV=/var/lib/NetworkManager/env
-if [ -r "${NM_ENV}" ]; then
- . ${NM_ENV}
+if [ -r "${NM_ENV_FILE}" ]; then
+ # We also check that the file we are gonna *source* doesn't
+ # contain any unexpected data, like (potentially malicious) shell
+ # script. Note that while the regex used for deciding IP addresses
+ # is far from perfect, it serves our purpose here.
+ IP4_REGEX='[0-9]{1,3}(\.[0-9]{1,3}){3}'
+ NAMESERVERS_REGEX="^IP4_NAMESERVERS=\"${IP4_REGEX}\"$"
+ if grep --extended-regexp -qv "${NAMESERVERS_REGEX}" "${NM_ENV_FILE}"; then
+ error "`gettext \"NetworkManager passed us garbage data when trying to deduce the clearnet DNS server.\"`"
+ fi
+ # Import the IP4_NAMESERVERS variable.
+ eval "$(grep --extended-regexp "${NAMESERVERS_REGEX}" "${NM_ENV_FILE}")"
fi
# ... otherwise fail.
# FIXME: Or would it make sense to fallback to Google's DNS or OpenDNS?
@@ -291,9 +117,23 @@ fi
verify_start
show_start_notification
-setup_chroot
-configure_chroot
-run_browser_in_chroot
+
+echo "* Setting up chroot"
+setup_chroot_for_browser "${CHROOT}" "${COW}" "${BROWSER_USER}" || \
+ error "`gettext \"Failed to setup chroot.\"`"
+
+echo "* Configuring chroot"
+configure_chroot_browser "${CHROOT}" "${BROWSER_USER}" "${BROWSER_NAME}" \
+ "${HUMAN_READABLE_NAME}" "${HOME_PAGE}" "${IP4_NAMESERVERS}" \
+ "${TBB_EXT}"/langpack-*.xpi || \
+ error "`gettext \"Failed to configure browser.\"`"
+
+echo "* Starting Unsafe Browser"
+run_browser_in_chroot "${CHROOT}" "${BROWSER_NAME}" "${BROWSER_USER}" \
+ "${SUDO_USER}" || \
+ error "`gettext \"Failed to run browser.\"`"
+
+echo "* Exiting the Unsafe Browser"
show_shutdown_notification
maybe_restart_tor
diff --git a/config/chroot_local-includes/usr/share/tails/i2p-browser/prefs.js b/config/chroot_local-includes/usr/share/tails/i2p-browser/prefs.js
new file mode 100644
index 0000000..6cd2379
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/tails/i2p-browser/prefs.js
@@ -0,0 +1,33 @@
+/* Disable proxy settings. We also set the other settings that
+ Torbutton requires to be happy, i.e. its icon is green. */
+pref("extensions.torbutton.http_port", 4444);
+pref("extensions.torbutton.http_proxy", "127.0.0.1");
+pref("extensions.torbutton.https_port", 4444);
+pref("extensions.torbutton.https_proxy", "127.0.0.1");
+pref("extensions.torbutton.custom.ftp_port", 4444);
+pref("extensions.torbutton.custom.ftp_proxy", "127.0.0.1");
+pref("extensions.torbutton.custom.http_port", 4444);
+pref("extensions.torbutton.custom.http_proxy", "127.0.0.1");
+pref("extensions.torbutton.custom.https_port", 4444);
+pref("extensions.torbutton.custom.https_proxy", "127.0.0.1");
+pref("extensions.torbutton.ftp_port", 4444);
+pref("extensions.torbutton.ftp_proxy", "127.0.0.1");
+pref("extensions.torbutton.gopher_port", 4444);
+pref("extensions.torbutton.gopher_proxy", "127.0.0.1");
+pref("extensions.torbutton.inserted_button", true);
+pref("extensions.torbutton.settings_method", "custom");
+pref("network.proxy.ftp", "127.0.0.1");
+pref("network.proxy.ftp_port", 4444);
+pref("network.proxy.http", "127.0.0.1");
+pref("network.proxy.http_port", 4444);
+pref("network.proxy.no_proxies_on", "127.0.0.1");
+pref("network.proxy.ssl", "127.0.0.1");
+pref("network.proxy.ssl_port", 4444);
+// Disable searching from the URL bar
+pref("keyword.enabled", false);
+// Hide "Get Addons" in Add-ons manager
+pref("extensions.getAddons.showPane", false);
+/* Prevent File -> Print or CTRL+P from causing the browser to hang
+ for several minutes while trying to communicate with CUPS, since
+ access to port 631 isn't allowed through. */
+pref("print.postscript.cups.enabled", false);
diff --git a/config/chroot_local-includes/usr/share/tails/i2p-browser/theme.js b/config/chroot_local-includes/usr/share/tails/i2p-browser/theme.js
new file mode 100644
index 0000000..3d79365
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/tails/i2p-browser/theme.js
@@ -0,0 +1,2 @@
+user_pref("lightweightThemes.isThemeSelected", true);
+user_pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"I2P Browser\",\"headerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"textcolor\":\"#FFFFFF\",\"accentcolor\":\"#66ABEB\",\"updateDate\":0,\"installDate\":0}]");
diff --git a/config/chroot_local-includes/usr/share/tails/i2p-browser/userChrome.css b/config/chroot_local-includes/usr/share/tails/i2p-browser/userChrome.css
new file mode 100644
index 0000000..43b715d
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/tails/i2p-browser/userChrome.css
@@ -0,0 +1,92 @@
+/* Required, do not remove */
+@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
+
+/* Hide access to the bookmarks to try to prevent "data loss" due to users
+ * adding bookmarks even though the profile is destroyed at browser close.
+ * Keyboard shortcuts still work, but this makes it harder to 'accidentally'
+ * lose bookmarks.
+ *
+ * Note that any of the selectors that start with 'app' apply to the menu that
+ * is used if the main menu is hidden. Any that start with 'wrapper' are
+ * buttons that are normally visible within the 'customize toolbar' option. The
+ * others are probably self-explanatory.
+ */
+
+/* Remove the History and Bookmarks menus and buttons */
+#appmenu_bookmarks,
+#appmenu_history,
+#bookmarks,
+#bookmarks-menu-button,
+#bookmarksMenu,
+#history,
+#history-menu,
+#history-menu-button,
+#wrapper-history-button,
+#wrapper-bookmarks-button,
+
+/* Hide the sidebar menu (underneath View) since the default sidebars consist
+ * of history and bookmarks. Also disable the bookmark toolbar.
+ */
+#toggle_PersonalToolbar,
+#viewSidebarMenuMenu,
+
+/* Remove the "Star button" and "History Dropdown arrow" from the URL bar
+ * since neither history nor bookmarks are saved.
+ */
+#star-button,
+[anonid="historydropmarker"],
+
+/* Remove bookmark options from the context menus */
+#context-bookmarkframe,
+#context-bookmarklink,
+#context-bookmarkpage,
+
+/* Hide the option for emailing links since it's doomed to failure
+ * without a configured email client.
+ */
+menuitem[command="Browser:SendLink"],
+
+/* Hide Print options */
+/*
+#menu_printSetup,
+#menu_printPreview,
+#menu_print,
+#menu_print + menuseparator,
+[command="cmd_print"],
+*/
+
+/* Hide the sync functionality which won't work with I2P */
+#BrowserPreferences radio[pane="paneSync"],
+#sync-button,
+#sync-menu-button,
+#sync-setup,
+#sync-setup-appmenu,
+#sync-status-button,
+#sync-syncnowitem-appmenu,
+#wrapper-sync-button,
+
+/* Without I2P search engines defined, the search bar is useless.
+ * Since there are no I2P search engines added to Tails (yet),
+ * let's hide it and the Update Pane in Firefox's Preferences.
+ */
+#search-container,
+#updateTab,
+
+/* Hide options in the Help menu that lead to disallowed resources on the
+ * Internet.
+ */
+#appmenu_feedbackPage,
+#appmenu_gettingStarted,
+#appmenu_openHelp,
+#feedbackPage,
+#gettingStarted,
+#menu_HelpPopup_reportPhishingtoolmenu,
+#menu_openHelp,
+
+/* Hide TorBrowser Health Report and its configuration option */
+#appmenu_healthReport,
+#dataChoicesTab,
+#healthReport
+
+/* Now the actual hiding */
+{display: none !important}
diff --git a/config/chroot_local-includes/usr/share/tails/unsafe-browser/prefs.js b/config/chroot_local-includes/usr/share/tails/unsafe-browser/prefs.js
new file mode 100644
index 0000000..b88df8f
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/tails/unsafe-browser/prefs.js
@@ -0,0 +1,14 @@
+// Disable proxying in the chroot
+pref("network.proxy.type", 0);
+pref("network.proxy.socks_remote_dns", false);
+
+// Disable update checking
+pref("app.update.enabled", false);
+pref("extensions.update.enabled", false);
+
+/* Prevent File -> Print or CTRL+P from causing the browser to hang
+ for several minutes while trying to communicate with CUPS, since
+ access to port 631 isn't allowed through. */
+pref("print.postscript.cups.enabled", false);
+// Hide "Get Addons" in Add-ons manager
+pref("extensions.getAddons.showPane", false);
diff --git a/config/chroot_local-includes/usr/share/tails/unsafe-browser/theme.js b/config/chroot_local-includes/usr/share/tails/unsafe-browser/theme.js
new file mode 100644
index 0000000..717c3b1
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/tails/unsafe-browser/theme.js
@@ -0,0 +1,2 @@
+pref("lightweightThemes.isThemeSelected", true);
+pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"Unsafe Browser\",\"headerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"textcolor\":\"#FFFFFF\",\"accentcolor\":\"#CC0000\",\"updateDate\":0,\"installDate\":0}]");
diff --git a/config/chroot_local-includes/usr/share/tails/unsafe-browser/userChrome.css b/config/chroot_local-includes/usr/share/tails/unsafe-browser/userChrome.css
new file mode 100644
index 0000000..d83bc87
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/tails/unsafe-browser/userChrome.css
@@ -0,0 +1,9 @@
+/* Required, do not remove */
+@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
+
+/* Hide TorBrowser Health Report and its configuration option */
+#appmenu_healthReport,
+#dataChoicesTab,
+#healthReport
+
+{display: none !important}
diff --git a/config/chroot_local-packageslists/tails-common.list b/config/chroot_local-packageslists/tails-common.list
index b660a4e..b174c4f 100644
--- a/config/chroot_local-packageslists/tails-common.list
+++ b/config/chroot_local-packageslists/tails-common.list
@@ -198,7 +198,6 @@ pinentry-gtk2
pitivi
plymouth
poedit
-polipo
ppp
pulseaudio
pwgen
diff --git a/config/chroot_local-patches/apparmor-adjust-totem-profile.diff b/config/chroot_local-patches/apparmor-adjust-totem-profile.diff
new file mode 100644
index 0000000..f50dc68
--- /dev/null
+++ b/config/chroot_local-patches/apparmor-adjust-totem-profile.diff
@@ -0,0 +1,12 @@
+--- a/etc/apparmor.d/usr.bin.totem 2014-09-16 11:17:44.000000000 +0000
++++ b/etc/apparmor.d/usr.bin.totem 2014-11-28 09:40:26.960000000 +0000
+@@ -8,6 +8,9 @@
+ #include <abstractions/python>
+ #include <abstractions/totem>
+
++ # We wrap Totem to run it with torsocks
++ /etc/tor/torsocks.conf r,
++
+ # Maybe in an abstraction?
+ /usr/include/**/pyconfig.h r,
+
diff --git a/config/chroot_local-patches/keep_polipo_on_shutdown.diff b/config/chroot_local-patches/keep_polipo_on_shutdown.diff
deleted file mode 100644
index d86f9fc..0000000
--- a/config/chroot_local-patches/keep_polipo_on_shutdown.diff
+++ /dev/null
@@ -1,7 +0,0 @@
-Tails specific: no need to stop properly on shutdown.
-
---- chroot.orig/etc/init.d/polipo 2012-09-24 10:05:13.173051981 +0200
-+++ chroot/etc/init.d/polipo 2012-09-24 10:47:23.717869294 +0200
-@@ -7,1 +7,1 @@
--# Default-Stop: 0 1 6
-+# Default-Stop:
diff --git a/config/chroot_local-patches/torify_wgetrc.patch b/config/chroot_local-patches/torify_wgetrc.patch
deleted file mode 100644
index a90dde7..0000000
--- a/config/chroot_local-patches/torify_wgetrc.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- chroot.orig/etc/wgetrc 2010-09-05 13:43:50.000000000 +0000
-+++ chroot/etc/wgetrc 2011-12-02 12:31:23.566907236 +0000
-@@ -76,8 +76,8 @@
-
- # You can set the default proxies for Wget to use for http, https, and ftp.
- # They will override the value in the environment.
--#https_proxy = http://proxy.yoyodyne.com:18023/
--#http_proxy = http://proxy.yoyodyne.com:18023/
-+https_proxy = http://127.0.0.1:8118/
-+http_proxy = http://127.0.0.1:8118/
- #ftp_proxy = http://proxy.yoyodyne.com:18023/
-
- # If you do not want to use proxy at all, set this to off.
diff --git a/config/chroot_local-patches/torsocks_gobby-0.5.patch b/config/chroot_local-patches/torsocks_gobby-0.5.patch
index 4146164..e801ec9 100644
--- a/config/chroot_local-patches/torsocks_gobby-0.5.patch
+++ b/config/chroot_local-patches/torsocks_gobby-0.5.patch
@@ -6,7 +6,7 @@ diff -Naur chroot.orig/usr/share/applications/gobby-0.5.desktop chroot/usr/share
Comment[fr]=Éditer des fichiers texte de manière collaborative
Comment[ja]=テキストを共同作業で編集する
-Exec=gobby-0.5
-+Exec=torify gobby-0.5
++Exec=torsocks gobby-0.5
Terminal=false
Type=Application
Icon=gobby-0.5
diff --git a/debian/changelog b/debian/changelog
index 4318b35..d3c526f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,8 @@
-tails (1.2.4) UNRELEASED; urgency=medium
+tails (1.3) UNRELEASED; urgency=medium
- * Dummy changelog entry for the next point release.
+ * Placeholder for next major release.
- -- Tails developers <amnesia@boum.org> Thu, 15 Jan 2015 05:33:09 +0100
+ -- Tails developers <tails@boum.org> Wed, 15 Oct 2014 20:47:37 +0200
tails (1.2.3) unstable; urgency=medium
diff --git a/features/i2p.feature b/features/i2p.feature
index 87a1820..810c630 100644
--- a/features/i2p.feature
+++ b/features/i2p.feature
@@ -31,3 +31,4 @@ Feature: I2P
And the I2P firewall rules are enabled
When I start the I2P Browser through the GNOME menu
Then I see "I2P_router_console.png" after at most 120 seconds
+ And the I2P Browser uses all expected TBB shared libraries
diff --git a/features/step_definitions/common_steps.rb b/features/step_definitions/common_steps.rb
index 19496bb..adc8614 100644
--- a/features/step_definitions/common_steps.rb
+++ b/features/step_definitions/common_steps.rb
@@ -587,8 +587,12 @@ Then /^(.*) uses all expected TBB shared libraries$/ do |application|
chroot = ""
when "the Unsafe Browser"
user = "clearnet"
- cmd_regex = "#{binary} .* -profile /home/#{user}/\.tor-browser/profile\.default"
+ cmd_regex = "#{binary} .* -profile /home/#{user}/\.unsafe-browser/profile\.default"
chroot = "/var/lib/unsafe-browser/chroot"
+ when "the I2P Browser"
+ user = "i2pbrowser"
+ cmd_regex = "#{binary} .* -profile /home/#{user}/\.i2p-browser/profile\.default"
+ chroot = "/var/lib/i2p-browser/chroot"
when "Tor Launcher"
user = "tor-launcher"
cmd_regex = "#{binary} -app /home/#{user}/\.tor-launcher/tor-launcher-standalone/application\.ini"
diff --git a/features/step_definitions/unsafe_browser.rb b/features/step_definitions/unsafe_browser.rb
index a359ad7..f223faf 100644
--- a/features/step_definitions/unsafe_browser.rb
+++ b/features/step_definitions/unsafe_browser.rb
@@ -88,18 +88,13 @@ Then /^I cannot configure the Unsafe Browser to use any local proxies$/ do
# @screen.waitVanish('UnsafeBrowserPreferences.png', 10)
sleep 0.5
- http_proxy = 'x' # Alt+x is the shortcut to select http proxy
socks_proxy = 'c' # Alt+c for socks proxy
no_proxy = 'y' # Alt+y for no proxy
- # Note: the loop below depends on that http_proxy is done after any
- # other proxy types since it will set "Use this proxy server for all
- # protocols", which will make the other proxy types unselectable.
proxies = [[socks_proxy, 9050],
[socks_proxy, 9061],
[socks_proxy, 9062],
[socks_proxy, 9150],
- [http_proxy, 8118],
[no_proxy, 0]]
proxies.each do |proxy|
@@ -119,8 +114,6 @@ Then /^I cannot configure the Unsafe Browser to use any local proxies$/ do
# Configure the proxy
@screen.type(proxy_type, Sikuli::KeyModifier.ALT) # Select correct proxy type
@screen.type("127.0.0.1" + Sikuli::Key.TAB + "#{proxy_port}") if proxy_type != no_proxy
- # For http proxy we set "Use this proxy server for all protocols"
- @screen.type("s", Sikuli::KeyModifier.ALT) if proxy_type == http_proxy
# Close settings
@screen.type(Sikuli::Key.ENTER)
diff --git a/features/unsafe_browser.feature b/features/unsafe_browser.feature
index 80d91af..84e8eca 100644
--- a/features/unsafe_browser.feature
+++ b/features/unsafe_browser.feature
@@ -31,12 +31,6 @@ Feature: Browsing the web using the Unsafe Browser
And I start the Unsafe Browser
Then I see a warning about another instance already running
- Scenario: The Unsafe Browser cannot be restarted before the previous instance has been cleaned up.
- When I successfully start the Unsafe Browser
- And I close the Unsafe Browser
- And I start the Unsafe Browser
- Then I see a warning about another instance already running
-
Scenario: Opening check.torproject.org in the Unsafe Browser shows the red onion and a warning message.
When I successfully start the Unsafe Browser
And I open the address "https://check.torproject.org" in the Unsafe Browser
diff --git a/wiki/src/contribute/calendar.mdwn b/wiki/src/contribute/calendar.mdwn
index 63cdff0..d154acb 100644
--- a/wiki/src/contribute/calendar.mdwn
+++ b/wiki/src/contribute/calendar.mdwn
@@ -1,11 +1,5 @@
[[!meta title="Calendar"]]
-* 2015-01-03: [[Monthly meeting|contribute/meetings]]
-
-* 2015-01-12: [[Low-hanging fruits session|contribute/low-hanging_fruit_sessions]]
-
-* 2015-01-14: Release 1.2.3. anonym is RM.
-
* 2015-02-03: [[Monthly meeting|contribute/meetings]]
* 2015-03-12: [[Low-hanging fruits session|contribute/low-hanging_fruit_sessions]]
diff --git a/wiki/src/contribute/design.mdwn b/wiki/src/contribute/design.mdwn
index 49ec01f..d78c615 100644
--- a/wiki/src/contribute/design.mdwn
+++ b/wiki/src/contribute/design.mdwn
@@ -672,7 +672,7 @@ Critical parts of the configuration are based on the ones from
well-known and trusted sources, namely Tails ancestor
[Incognito](http://www.browseanonymouslyanywhere.com/incognito/)
and the [Tor BrowserBundle](https://www.torproject.org/projects/torbrowser.html.en).
-This is for example the case for the firewall, polipo and Tor configurations.
+This is for example the case for the firewall and Tor configurations.
**NOTICE**: this distribution is provided as-is with no warranty of
fitness for a particular purpose, including total anonymity. Anonymity
@@ -712,8 +712,6 @@ extension).
that the Debian distribution does not provide or endorse Tails.
- [Tor](http://www.torproject.org/): anonymizing overlay network for
TCP. Our intention is to always use the latest stable version.
-- [polipo](http://www.pps.jussieu.fr/%7Ejch/software/polipo/):
- Caching web proxy.
- [Vidalia](https://www.torproject.org/projects/vidalia) is used
to control Tor's behavior.
@@ -1203,6 +1201,28 @@ Tails has some minimal [[contribute/design/application_isolation]] to
mitigate a bit the consequences of security issues in individual
applications being exploited by attackers.
+### 3.6.26 wget
+
+We wrap `wget` with `torsocks`, after unsetting the `http_proxy`
+environment variable and friends, so that it talks directly to the Tor
+SOCKS port.
+
+- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/wget]]
+
+### 3.6.27 APT
+
+During most of the ISO build process, APT uses the proxy configured
+through `live-build` (that is, usually a local `apt-cacher-ng`).
+
+However, at the end of the `chroot_local-hooks` stage, a hook does (a
+more elaborate version of) `s,http://,tor+http://` in APT sources.
+Then, APT will use the `tor+http` method, that is a simple torsocks
+wrapper for the good old `http` method.
+
+- [[!tails_gitweb config/chroot_local-hooks/99-zzz_runtime_apt_configuration]]
+- [[!tails_gitweb config/chroot_local-includes/usr/lib/apt/methods/tor+http]]
+- [[!tails_gitweb config/chroot_local-includes/usr/local/lib/apt-toggle-tor-http]]
+
## 3.7 Running Tails in virtual machines
### 3.7.1 Current support
diff --git a/wiki/src/contribute/design/I2P_Browser.mdwn b/wiki/src/contribute/design/I2P_Browser.mdwn
index 37e44ee..b2ad411 100644
--- a/wiki/src/contribute/design/I2P_Browser.mdwn
+++ b/wiki/src/contribute/design/I2P_Browser.mdwn
@@ -51,6 +51,8 @@ Code
----
* [[!tails_gitweb config/chroot_local-includes/usr/local/sbin/i2p-browser]]
+* [[!tails_gitweb config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh]]
+* [[!tails_gitweb config/chroot_local-includes/usr/local/lib/tails-shell-library/i2p.sh]]
* [[!tails_gitweb config/chroot_local-includes/usr/share/applications/i2p.desktop.in]]
* [[!tails_gitweb chroot_local-includes/lib/live/config/2080-install-i2p]
* [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-activate-win8-theme]]
diff --git a/wiki/src/contribute/design/Tor_enforcement.mdwn b/wiki/src/contribute/design/Tor_enforcement.mdwn
index 33bcab9..d13db74 100644
--- a/wiki/src/contribute/design/Tor_enforcement.mdwn
+++ b/wiki/src/contribute/design/Tor_enforcement.mdwn
@@ -10,11 +10,6 @@ DNS
[[!inline pages="contribute/design/Tor_enforcement/DNS" raw=yes]]
-HTTP Proxy
-==========
-
-[[!inline pages="contribute/design/Tor_enforcement/Proxy" raw=yes]]
-
Network filter
==============
diff --git a/wiki/src/contribute/design/Tor_enforcement/Network_filter.mdwn b/wiki/src/contribute/design/Tor_enforcement/Network_filter.mdwn
index 33c4226..3c067ad 100644
--- a/wiki/src/contribute/design/Tor_enforcement/Network_filter.mdwn
+++ b/wiki/src/contribute/design/Tor_enforcement/Network_filter.mdwn
@@ -1,6 +1,6 @@
One serious security issue is that we don't know what software will
attempt to contact the network and whether their proxy settings are
-set up to use the Tor SOCKS proxy or polipo HTTP(s) proxy correctly.
+set up to use the Tor SOCKS proxy correctly.
This is solved by blocking all outbound Internet traffic except Tor
(and I2P when enabled), and explicitly configure all applications to use either of
these.
diff --git a/wiki/src/contribute/design/Tor_enforcement/Proxy.mdwn b/wiki/src/contribute/design/Tor_enforcement/Proxy.mdwn
deleted file mode 100644
index 7389363..0000000
--- a/wiki/src/contribute/design/Tor_enforcement/Proxy.mdwn
+++ /dev/null
@@ -1,10 +0,0 @@
-Polipo provides with caching HTTP proxy functionality. It contacts the
-Tor software via SOCKS5 to make the real connections: [[!tails_gitweb
-config/chroot_local-includes/etc/polipo/config]].
-
-In case the firewall is buggy or not properly started, proxy settings
-are used as part of a defence in depth strategy:
-
-- The standard `http_proxy` and `HTTP_PROXY` environment variables are
- globally set in [[!tails_gitweb
- config/chroot_local-includes/etc/environment]] to point to Polipo.
diff --git a/wiki/src/contribute/design/Unsafe_Browser.mdwn b/wiki/src/contribute/design/Unsafe_Browser.mdwn
index 6eae7d6..412eded 100644
--- a/wiki/src/contribute/design/Unsafe_Browser.mdwn
+++ b/wiki/src/contribute/design/Unsafe_Browser.mdwn
@@ -83,6 +83,7 @@ Code
----
* [[!tails_gitweb config/chroot_local-includes/usr/local/sbin/unsafe-browser]]
+* [[!tails_gitweb config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh]]
* [[!tails_gitweb config/chroot_local-includes/usr/share/applications/unsafe-browser.desktop.in]]
* [[!tails_gitweb config/chroot_local-includes/etc/sudoers.d/zzz_unsafe-browser]]
* [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-activate-win8-theme]]
diff --git a/wiki/src/contribute/design/application_isolation.mdwn b/wiki/src/contribute/design/application_isolation.mdwn
index 1c9b5b7..c9050d3 100644
--- a/wiki/src/contribute/design/application_isolation.mdwn
+++ b/wiki/src/contribute/design/application_isolation.mdwn
@@ -59,6 +59,7 @@ that are actually seen by AppArmor in the context of Tails:
* [[!tails_gitweb config/chroot_local-patches/apparmor-adjust-home-tunable.diff]]
* [[!tails_gitweb config/chroot_local-patches/apparmor-adjust-tor-profile.diff]]
+* [[!tails_gitweb config/chroot_local-patches/apparmor-adjust-totem-profile.diff]]
* [[!tails_gitweb config/chroot_local-patches/apparmor-adjust-user-tmp-abstraction.diff]]
Below, we discuss various leads that might avoid the need for coming
diff --git a/wiki/src/contribute/release_process/liveusb-creator/topic_branch.mdwn b/wiki/src/contribute/release_process/liveusb-creator/topic_branch.mdwn
index 48b01bf..4a14ed2 100644
--- a/wiki/src/contribute/release_process/liveusb-creator/topic_branch.mdwn
+++ b/wiki/src/contribute/release_process/liveusb-creator/topic_branch.mdwn
@@ -5,11 +5,15 @@ follows:
1. `git checkout -b debian_$TOPIC debian`
2. `git merge feature/$TOPIC`
-3. Use `git-dch --auto --snapshot` too fill `debian/changelog`, and
- insert something like "+feature.$TOPIC" (with all special
+3. Use `git-dch --auto --snapshot --ignore-branch` too fill `debian/changelog`, and
+ insert something like "+feature.$TOPIC.1bugfix-6092-drop-racy-code" (with all special
characters changed to full stops, i.e. ".") between the version
last packaged in the "debian" branch, and the gbp snapshot number
(that looks like "~1.gbpNNNNNN"). In the end, if `$TOPIC =
7000-blah-bleh` it should look something like:
3.11.6+tails1-4+feature.7000.blah.bleh~1.gbp4a0c9c
-4. Then build with `git-buildpackage --git-ignore-branch`.
+4. Commit the changelog:
+
+ git commit debian/changelog
+
+5. Build with `git-buildpackage --git-ignore-branch`.
diff --git a/wiki/src/contribute/release_process/test.mdwn b/wiki/src/contribute/release_process/test.mdwn
index 9f3c93d..8ec2f22 100644
--- a/wiki/src/contribute/release_process/test.mdwn
+++ b/wiki/src/contribute/release_process/test.mdwn
@@ -118,11 +118,11 @@ tracked by tickets prefixed with `todo/test_suite:`.
* Check that Pidgin doesn't leak too much information when replying to
CTCP requests:
* Start Tails, launch Pidgin, and join #tails.
- * Also join #tails from the webchat of OFTC on <https://webchat.oftc.net/>
- using another nickname.
- * Try to send `/ctcp <Tails_account_nick> COMMAND` from the webchat to pidgin:
- - You should get no answer apart for the commands listed in [[!tails_ticket
- 5823]].
+ * Also join #tails from a client that supports CTCP commands
+ properly, e.g. Konversation.
+ * Try to send `/ctcp <Tails_account_nick> COMMAND` from the other client to Pidgin:
+ - You should get no answer apart for the PING and VERSION commands
+ ([[!tails_ticket 5823]]).
- List of `/ctcp` commands, see [this page](http://www.wikkedwire.com/irccommands):
- PING
- VERSION
@@ -140,12 +140,12 @@ tracked by tickets prefixed with `todo/test_suite:`.
* Check that the firewall-level Tor enforcement is effective:
- check output of `iptables -L -n -v`
- check output of `iptables -t nat -L -n -v`
- - try connecting to the Internet after unsetting `$http_proxy` and
- `$HTTP_PROXY` using a piece of software that does not obey the
+ - try connecting to the Internet after unsetting `$SOCKS_SERVER` and
+ `$SOCKS5_SERVER` using a piece of software that does not obey the
GNOME proxy settings, *and* is not explicitly torified in Tails:
- unset http_proxy ; unset HTTP_PROXY
- wget --no-proxy http://monip.org/
+ unset SOCKS_SERVER ; unset SOCKS5_SERVER
+ curl --noproxy '*' http://monip.org/
... should only give you "Connection refused" error message.
* Check that IPv6 traffic is blocked:
@@ -268,14 +268,6 @@ the appropriate tcpdump or tshark filters.
* Make sure other applications use the default system-wide
`SocksPort`:
- - Polipo — run:
-
- wget https://tails.boum.org/
-
- ... with the following command running in another terminal:
-
- sudo watch -n 0.1 'netstat -taupen | grep polipo'
-
- Gobby 0.5 — start Gobby 0.5 from the *Applications* menu and
connect to a server (for example `gobby.debian.org`), with the following command running in
another terminal:
@@ -494,12 +486,18 @@ Start I2P by appending `i2p` to the kernel command line.
* For upgrade paths that only propose a full upgrade: make sure the
user is told to do a manual upgrade.
- If the IUKs and update-description files have been published on the
- *alpha* channel already (see
- <https://archive.torproject.org/amnesia.boum.org/tails/alpha/>):
+ If:
+
+ * the update-description files have been published on the
+ *alpha* channel already (see <https://tails.boum.org/upgrade/v1/Tails/>)
+ * and the IUK has been published already (see
+ <https://archive.torproject.org/amnesia.boum.org/tails/alpha/>
+ and <https://archive.torproject.org/amnesia.boum.org/tails/stable/>):
- echo 'TAILS_CHANNEL="alpha"' | sudo tee --append /etc/os-release && \
- tails-upgrade-frontend-wrapper
+ then:
+
+ echo 'TAILS_CHANNEL="alpha"' | sudo tee --append /etc/os-release && \
+ tails-upgrade-frontend-wrapper
Else, use a local test setup:
@@ -568,9 +566,6 @@ Enable Windows camouflage via the Tails Greeter checkbox and:
# Documentation
-* Check that links to the online website (`Mirror:`) at the bottom of
- bundled static web pages (`/usr/share/doc/tails/website/`) are working. Else, it probably means the
- wiki was not built with a recent enough ikiwiki.
* Browse around in the documentation shipped in the image. Internal
links should be fine.
@@ -606,7 +601,8 @@ language. You *really* have to reboot between each language.
# Misc
* Check that Tails Greeter's "more options" screen displays properly
- on a display with 600 px height.
+ on a display with 600 px height, preferably in a language that's
+ more verbose than English (e.g. French).
* Check that all seems well during init (mostly that all services
start without errors), and that `/var/log/syslog` seems OK.
* MAT should be able to clean a PDF file, such as:
diff --git a/wiki/src/inc/trace b/wiki/src/inc/trace
index 2cf439b..b4603c3 100644
--- a/wiki/src/inc/trace
+++ b/wiki/src/inc/trace
@@ -1 +1 @@
-1417550857
+1421291220
diff --git a/wiki/src/upgrade/v1/Tails/1.2.2/i386/alpha/upgrades.yml b/wiki/src/upgrade/v1/Tails/1.2.2/i386/alpha/upgrades.yml
index 357e696..fdf652b 100644
--- a/wiki/src/upgrade/v1/Tails/1.2.2/i386/alpha/upgrades.yml
+++ b/wiki/src/upgrade/v1/Tails/1.2.2/i386/alpha/upgrades.yml
@@ -3,3 +3,18 @@ build-target: i386
channel: alpha
product-name: Tails
product-version: 1.2.2
+upgrades:
+- details-url: https://tails.boum.org/news/version_1.2.3/
+ type: major
+ upgrade-paths:
+ - target-files:
+ - sha256: d1ca34fc55762953d3e3baf8cb0b31228b1d1fcbbf178b31f4c7b15e6d9f1d0d
+ size: 951764992
+ url: http://dl.amnesia.boum.org/tails/stable/tails-i386-1.2.3/tails-i386-1.2.3.iso
+ type: full
+ - target-files:
+ - sha256: d4eaf95fe3bf46d8f849617913e839ce1de34ff9195ef9280219b15d6376ee5d
+ size: 173199360
+ url: http://dl.amnesia.boum.org/tails/stable/iuk/Tails_i386_1.2.2_to_1.2.3.iuk
+ type: incremental
+ version: 1.2.3
diff --git a/wiki/src/upgrade/v1/Tails/1.2.2/i386/alpha/upgrades.yml.pgp b/wiki/src/upgrade/v1/Tails/1.2.2/i386/alpha/upgrades.yml.pgp
index 81e75b1..92e61dd 100644
--- a/wiki/src/upgrade/v1/Tails/1.2.2/i386/alpha/upgrades.yml.pgp
+++ b/wiki/src/upgrade/v1/Tails/1.2.2/i386/alpha/upgrades.yml.pgp
@@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
-iQIcBAABCgAGBQJUfhj2AAoJEBICghy+LNnByOQP/jYh+IQ2AumupXn5OpBoyHFC
-Jk6idgHgYkH2m64qibRibHYWVO8HN5Sk8gEFaU10ZdVnEZBfpIyfnYDpylUj1zyl
-zM1cYOYIlXTc0+wfdFSE0lRugVi+X5wSLE5DH9xtLPhupe5HyqU50pT3313mlHwX
-eA7FSnte+xHMLfJnMrx/dVc2z41wmljN69RBxGt1iKS8HArGOiaaA6aWZyenlrzc
-PdyF1ch+QMRCMHbkDG01Sr2r1jGt0gqP1CN7Bsp4aSx/NCVpYmWhzHA+VZJELVsc
-IcWPs643KT0EDDkaJpn3SMc4F/k1ThenU87coQbv395HIkoFij/wAZ/2YTrPtZYI
-xqWvD7HhVJNHZgx5K2rNZQWozuyteF/FLatALLhCGsKQ3dQYKImX+DGOka9vry0z
-D2TyuohpgooMD0UwuW+DCcWBUuR8+ebpXX6VdofVhUliAX82giMM+aXRLCTY+gc+
-txBPmP5XZ39qrWXKBX+t9bbXbA9ELRkrInd4tSqOBX95NLVmduPtN5lFzQA+3XaK
-upUUh9vpOtrgNEUbrJaIPLT4RISvichNLvp6zBkxT3/t4XMtUXXYJ53cqrrGsZbN
-0TWJqHsKCl5ql9dozAr1LVJVP/i7i3ua9RJJkkCkz5EJj0RonirR709foLmkGMYr
-2ZcQLKrRfVp19pw/aU+1
-=bC3s
+iQIcBAABCgAGBQJUtvnoAAoJEBICghy+LNnBte0QAKUJCv43zQOGWF5hhRoG6chk
+eYV7JtGIUwq8HkgyP+muZpKwxlweeGmnI9QCgm+ltLaFrSioE5/mPC/T0SB59k8y
+bXbJfX4t6padj2KPgncvo2+5fcx5rS5Sp11/x16BBzqCkIgerXJzdmyXOeWR/HPp
+yw6VQcGMfOHT/KMmAzcXvxvWPF8uu9rg2kpkFSlBKbkhF3sMxsDKEdJ/GlX/gJVr
+FsjdI6Th4rW7bB198ZJrWUhQYS2QfZpcD9omzBB+bhJApKtciS7oaKonZIvmtGad
+LCw5v9n/KUGmWyKUckfa0MjsD8XesOAH3L/rAbDu4ZvaOsixzlLptRHcCbkoE3Ko
+EXq26aqzQuqqhAESqv6Toy8o83IsgsBirbwxY2aZNgkJAXTsiZyN/njSiICA1r1p
+ZxLDSnIDUgwFrzlIDg/4263GZmFz6WjLtnh08ntermSr9EZ7WVgohsHZD1CPkwmp
+u+b722h3r1cSYP8qx3NXYsmlpZ/IiYtyxf8TIv7tBT2svcd2jzLz9auhDr9t5nX+
+iZufXwn9+VynFoIdRaXbbkGOXUpSbwe9oDBDFHc9tHX9J9fv3rwqki81Ul4O/bOK
+XW+6tSlZAlMJBkXayJ14411SwN89g0HchcsSX9wVAKxKovo72yv/2ybJa16nWKGy
+kKtaDKwMvjsEIR3VpQ9x
+=wQ/W
-----END PGP SIGNATURE-----