summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-hooks
diff options
context:
space:
mode:
Diffstat (limited to 'config/chroot_local-hooks')
-rwxr-xr-xconfig/chroot_local-hooks/06-adduser_onioncircuits13
-rwxr-xr-xconfig/chroot_local-hooks/06-adduser_tor-controlport-filter13
-rwxr-xr-xconfig/chroot_local-hooks/10-tbb39
-rw-r--r--config/chroot_local-hooks/11-localize_browser50
-rwxr-xr-xconfig/chroot_local-hooks/12-generate-ublock-origin-filter22
-rw-r--r--config/chroot_local-hooks/12-tor-browser-ddg-fixup20
-rwxr-xr-xconfig/chroot_local-hooks/18-fake-torbrowser-launcher22
-rwxr-xr-xconfig/chroot_local-hooks/23-fake-gnome-backgrounds28
-rwxr-xr-xconfig/chroot_local-hooks/50-dkms9
-rwxr-xr-xconfig/chroot_local-hooks/59-libdvd-pkg28
-rwxr-xr-xconfig/chroot_local-hooks/98-remove_unwanted_files6
11 files changed, 109 insertions, 141 deletions
diff --git a/config/chroot_local-hooks/06-adduser_onioncircuits b/config/chroot_local-hooks/06-adduser_onioncircuits
deleted file mode 100755
index 2a84709..0000000
--- a/config/chroot_local-hooks/06-adduser_onioncircuits
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Create the onioncircuits user.
-#
-# We run onioncircuits under this user,
-# which belongs to the debian-tor group.
-
-echo "Creating the onioncircuits user"
-
-adduser --system --quiet --group onioncircuits
-adduser onioncircuits debian-tor
diff --git a/config/chroot_local-hooks/06-adduser_tor-controlport-filter b/config/chroot_local-hooks/06-adduser_tor-controlport-filter
deleted file mode 100755
index 8a54b32..0000000
--- a/config/chroot_local-hooks/06-adduser_tor-controlport-filter
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Create the tor-controlport-filter user.
-#
-# We run tor-controlport-filter under this user,
-# which belongs to the debian-tor group.
-
-echo "Creating the tor-controlport-filter user"
-
-adduser --system --quiet --group --no-create-home tor-controlport-filter
-adduser tor-controlport-filter debian-tor
diff --git a/config/chroot_local-hooks/10-tbb b/config/chroot_local-hooks/10-tbb
index 89d1a95..aaf6fc2 100755
--- a/config/chroot_local-hooks/10-tbb
+++ b/config/chroot_local-hooks/10-tbb
@@ -13,6 +13,8 @@ echo "Install the Tor Browser"
# a new browser profile we can simply copy the profile directory
# without duplicating all extensions.
. /usr/local/lib/tails-shell-library/tor-browser.sh
+# Import install_fake_package
+. /usr/local/lib/tails-shell-library/build.sh
download_and_verify_files() {
local base_url bundles destination apt_proxy
@@ -130,42 +132,13 @@ get_firefox_version() {
sed -n 's/^Version=\(.*\)$/\1/p' "${appini}"
}
-# Create and install a fake iceweasel package so we can install our
-# desired Debian-packaged Iceweasel addons
-install_fake_iceweasel_pkg() {
- local fake_version tmp
- fake_version="${1}"
- tmp="$(mktemp -d)"
- apt-get install --yes equivs
- cat > "${tmp}"/iceweasel.control << EOF
-Section: web
-Priority: optional
-Homepage: https://tails.boum.org/
-Standards-Version: 3.6.2
-
-Package: iceweasel
-Version: ${fake_version}
-Maintainer: Tails developers <amnesia@boum.org>
-Architecture: all
-Description: (Fake) Iceweasel
- Make it possible to install Debian's Iceweasel addons without having to
- install a real Iceweasel.
-EOF
- (
- cd "${tmp}"
- equivs-build "${tmp}"/iceweasel.control
- dpkg -i "${tmp}"/iceweasel_"${fake_version}"_all.deb
- )
- rm -R "${tmp}"
-}
-
install_debian_extensions() {
local destination
destination="${1}"
shift
apt-get install --yes "${@}"
- ln -s /usr/share/xul-ext/adblock-plus/ \
- "${destination}"/'{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}'
+ ln -s /usr/share/xul-ext/ublock-origin/ \
+ "${destination}"/'uBlock0@raymondhill.net'
}
create_default_profile() {
@@ -197,7 +170,7 @@ TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}")"
# The Debian Iceweasel extensions we want to install and make
# available in the Tor Browser.
-DEBIAN_EXT_PKGS="xul-ext-adblock-plus"
+DEBIAN_EXT_PKGS="xul-ext-ublock-origin"
TMP="$(mktemp -d)"
download_and_verify_files "${TBB_TARBALLS_BASE_URL}" "${TBB_TARBALLS}" "${TMP}"
@@ -218,7 +191,7 @@ rmdir "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions
# Iceweasel equivs package to satisfy the dependencies.
FIREFOX_VERSION=$(get_firefox_version "${TBB_INSTALL}"/application.ini)
FAKE_ICEWEASEL_VERSION=${FIREFOX_VERSION}+fake1
-install_fake_iceweasel_pkg "${FAKE_ICEWEASEL_VERSION}"
+install_fake_package iceweasel "${FAKE_ICEWEASEL_VERSION}" web
install_debian_extensions "${TBB_EXT}" ${DEBIAN_EXT_PKGS}
mkdir -p "${TBB_PROFILE}"
diff --git a/config/chroot_local-hooks/11-localize_browser b/config/chroot_local-hooks/11-localize_browser
index f4e296b..3597fef 100644
--- a/config/chroot_local-hooks/11-localize_browser
+++ b/config/chroot_local-hooks/11-localize_browser
@@ -4,7 +4,8 @@ set -e
echo "Localize each supported browser locale"
-# Import the TBB_INSTALL variable and supported_tor_browser_locales()
+# Import the TBB_INSTALL and TBB_EXT variables and
+# supported_tor_browser_locales()
. /usr/local/lib/tails-shell-library/tor-browser.sh
# Import set_simple_config_key()
@@ -58,7 +59,11 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
# Mozilla's xx-YY fromat. Over all, the greatest difficulty in
# this whole script is really to know when to use the correct
# locale format, since Firefox isn't very consistent in it.
- NORMAL_LOCALE="$(echo "${MOZILLA_LOCALE}" | tr - _)"
+ if echo "${MOZILLA_LOCALE}" | grep -q '-'; then
+ NORMAL_LOCALE="$(echo "${MOZILLA_LOCALE}" | tr - _)"
+ else
+ NORMAL_LOCALE="${MOZILLA_LOCALE}_${LOCATION}"
+ fi
LANG_CODE="$(language_code_from_locale "${NORMAL_LOCALE}")"
TARGET_SEARCHPLUGINS_DIR="${TBB_LOCALIZED_SEARCHPLUGINS_DIR}/${MOZILLA_LOCALE}"
mkdir -p "${TARGET_SEARCHPLUGINS_DIR}"
@@ -72,11 +77,16 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
"${BROWSER_LOCALIZATION_DIR}/startpage.xml-template" > \
"${TARGET_SEARCHPLUGINS_DIR}/startpage-${MOZILLA_LOCALE}.xml"
- DISCONNECT_PLUGIN="${TARGET_SEARCHPLUGINS_DIR}/disconnect-${MOZILLA_LOCALE}.xml"
+ DDG_PLUGIN="${TARGET_SEARCHPLUGINS_DIR}/ddg-${MOZILLA_LOCALE}.xml"
+ DDG_LANG_UI="${NORMAL_LOCALE}"
+ if [ "${DDG_LANG_UI}" = "vi_VN" ]; then
+ # DDG uses a non-standard locale for Vietnamese
+ DDG_LANG_UI="vi_VI"
+ fi
sed -e "s/\${LOCALIZED_LANG}/${LOCALIZED_LANG}/" \
- -e "s/\${LOCATION}/${LOCATION}/" \
- "${BROWSER_LOCALIZATION_DIR}/disconnect.xml-template" > \
- "${DISCONNECT_PLUGIN}"
+ -e "s/\${LANG_UI}/${DDG_LANG_UI}/" \
+ "${BROWSER_LOCALIZATION_DIR}/ddg.xml-template" > \
+ "${DDG_PLUGIN}"
# We generate a Wikipedia plugin with localized icons since we
# want to provide both English and the locale's plugin, and
@@ -95,6 +105,7 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
base64 "${LOCALIZED_WIKIPEDIA_ICON_PATH}" | tr -d "\n" > \
"${WIKIPEDIA_SEARCH_ICON_BASE64_PATH}"
sed -e "s/\${LANG_CODE}/${LANG_CODE}/" \
+ -e "s/\${LOCALIZED_LANG}/${LOCALIZED_LANG}/" \
-e "/\${BASE64_PNG_16x16}/ r ${WIKIPEDIA_SEARCH_ICON_BASE64_PATH}" \
-e "/\${BASE64_PNG_16x16}/d" \
"${BROWSER_LOCALIZATION_DIR}/wikipedia.xml-template" > \
@@ -111,16 +122,16 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
cp "${BRANDING_TEMPLATE_FILE}" "${TARGET_BRANDING_FILE}"
for KEY in browser.search.defaultenginename \
browser.search.selectedEngine; do
- PLUGIN="Disconnect.me - ${LOCALIZED_LANG}"
- if ! grep -q "<ShortName>${PLUGIN}</ShortName>" "${DISCONNECT_PLUGIN}"; then
- echo "Trying to make search plugin '${PLUGIN}' the default for ${TARGET_LOCALE} but it unexpectedly wasn't the one we generated earlier" >&2
+ PLUGIN="DuckDuckGo - ${LOCALIZED_LANG}"
+ if ! grep -q "<ShortName>${PLUGIN}</ShortName>" "${DDG_PLUGIN}"; then
+ echo "Trying to make search plugin '${PLUGIN}' the default for ${MOZILLA_LOCALE} but it unexpectedly wasn't the one we generated earlier" >&2
exit 1
fi
set_simple_config_key "${TARGET_BRANDING_FILE}" "${KEY}" "${PLUGIN}"
done
TBB_DICTIONARIES_DIR="${TBB_INSTALL}/dictionaries"
unset SPELLCHECKER_LOCALE
- for LOCALE in "${LANG_CODE}_${LOCATION}" "${LANG_CODE}"; do
+ for LOCALE in "${NORMAL_LOCALE}" "${LANG_CODE}"; do
if [ -e "${TBB_DICTIONARIES_DIR}/${LOCALE}.dic" ]; then
SPELLCHECKER_LOCALE="${LOCALE}"
fi
@@ -148,11 +159,23 @@ done < "${DESCRIPTIONS_FILE}"
rm -r "${BROWSER_LOCALIZATION_DIR}"
# Remove unwanted browser search plugins bundled in the Tor Browser.
+# Note for posterity: the searchplugins/list.txt file must not be
+# removed! It must list the filename (excl. .xml) of each plugin
+# present, otherwise they won't work. It's not a problem to list
+# nonexisting ones, so as long as we delete plugins we do not have to
+# alter it.
7z d -tzip "${TBB_INSTALL}/browser/omni.ja" \
- 'chrome/en-US/locale/browser/searchplugins/disconnect*.xml' \
+ 'chrome/en-US/locale/browser/searchplugins/ddg*.xml' \
'chrome/en-US/locale/browser/searchplugins/startpage*.xml' \
'chrome/en-US/locale/browser/searchplugins/wikipedia*.xml' \
'chrome/en-US/locale/browser/searchplugins/yahoo*.xml'
+for pack in "${TBB_EXT}"/langpack-*.xpi; do
+ 7z d -tzip "${pack}" \
+ 'browser/chrome/*/locale/browser/searchplugins/ddg*.xml' \
+ 'browser/chrome/*/locale/browser/searchplugins/startpage*.xml' \
+ 'browser/chrome/*/locale/browser/searchplugins/wikipedia*.xml' \
+ 'browser/chrome/*/locale/browser/searchplugins/yahoo*.xml'
+done
# We want our localized English Wikipedia plugin to be available in
# all locales.
@@ -168,8 +191,9 @@ rm -r "${BROWSER_LOCALIZATION_DIR}"
done
)
-# All generated files must be world-readable.
+# All generated and modified files must remain world-readable.
chmod -R a+rX "${TBB_LOCALIZED_SEARCHPLUGINS_DIR}" \
- "${BRANDING_DIR}"
+ "${BRANDING_DIR}" \
+ "${TBB_EXT}"
apt-get --yes purge imagemagick
diff --git a/config/chroot_local-hooks/12-generate-ublock-origin-filter b/config/chroot_local-hooks/12-generate-ublock-origin-filter
new file mode 100755
index 0000000..bfb85a1
--- /dev/null
+++ b/config/chroot_local-hooks/12-generate-ublock-origin-filter
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+set -e
+
+echo "Converting uBlock database dump into sqlite blob"
+
+apt-get install --yes sqlite3
+
+DUMP="/usr/share/tails/ublock-origin/ublock0.dump"
+DATABASE="/etc/tor-browser/profile/extension-data/ublock0.sqlite"
+
+mkdir -p "$(dirname "${DATABASE}")"
+
+# The sed expression simply means: remove all CRLF ("\r\n"). The use
+# of labels is simply to make this able to remove multiple CRLF to
+# create a single (long) line. In the end, this restores the
+# diff-friendly dump to the original sqlite dump.
+sed ':a;N;$!ba;s_\r\n__g' "${DUMP}" | sqlite3 "${DATABASE}"
+
+echo "Created uBlock sqlite blob successfully"
+
+apt-get purge --yes sqlite3
diff --git a/config/chroot_local-hooks/12-tor-browser-ddg-fixup b/config/chroot_local-hooks/12-tor-browser-ddg-fixup
deleted file mode 100644
index 4b6c422..0000000
--- a/config/chroot_local-hooks/12-tor-browser-ddg-fixup
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/sh
-
-# This hook backports the only relevant fix introduced in -build7,
-# which later was released as Tor Browser 6.0.6.
-
-set -e
-
-echo "Add DDG search plugin fixup to Tor Browser 6.0.6-build6"
-
-# Import the TBB_INSTALL variable and supported_tor_browser_locales()
-. /usr/local/lib/tails-shell-library/tor-browser.sh
-
-OMNI="${TBB_INSTALL}/browser/omni.ja"
-TMP="$(mktemp -d)"
-DDG="chrome/en-US/locale/browser/searchplugins/ddg.xml"
-7z x -o"${TMP}" "${OMNI}" "${DDG}"
-sed -i 's@<Url type="text/html" method="POST" template="https://duckduckgo.com/">@<Url type="text/html" method="POST" template="https://duckduckgo.com/html">@' "${TMP}/${DDG}"
-( cd "${TMP}" ; 7z u -tzip "${OMNI}" . )
-chmod a+r "${OMNI}"
-rm -r "${TMP}"
diff --git a/config/chroot_local-hooks/18-fake-torbrowser-launcher b/config/chroot_local-hooks/18-fake-torbrowser-launcher
new file mode 100755
index 0000000..67a5784
--- /dev/null
+++ b/config/chroot_local-hooks/18-fake-torbrowser-launcher
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# Rationale: onionshare depends on torbrowser-launcher, which we don't
+# want (since we install Tor Browser in a different way), so it is
+# installed by now. Let's replace it with a fake package.
+
+# Note: this hook must run before the (currently named)
+# 19-install-tor-browser-AppArmor-profile hook since the real
+# torbrowser-launcher package installs a profile for tor-browser with
+# the same name, and this hook will remove it.
+
+set -e
+set -u
+
+echo "Install a fake torbrowser-launcher package"
+
+# Import install_fake_package
+. /usr/local/lib/tails-shell-library/build.sh
+
+REAL_PKG_VERSION="$(dpkg-query -W -f='${Version}\n' torbrowser-launcher)"
+FAKE_PKG_VERSION="${REAL_PKG_VERSION}+tails.fake1"
+install_fake_package torbrowser-launcher "${FAKE_PKG_VERSION}" gnome
diff --git a/config/chroot_local-hooks/23-fake-gnome-backgrounds b/config/chroot_local-hooks/23-fake-gnome-backgrounds
index be606e1..cfd7eb2 100755
--- a/config/chroot_local-hooks/23-fake-gnome-backgrounds
+++ b/config/chroot_local-hooks/23-fake-gnome-backgrounds
@@ -5,31 +5,9 @@ set -u
echo "Install a fake gnome-backgrounds package"
-tmp="$(mktemp -d)"
-
-apt-get install --yes equivs
+# Import install_fake_package
+. /usr/local/lib/tails-shell-library/build.sh
REAL_PKG_VERSION=$(dpkg-query -W -f='${Version}\n' gnome-backgrounds)
FAKE_PKG_VERSION=${REAL_PKG_VERSION}+tails.fake1
-
-cat > "${tmp}"/gnome-backgrounds.control << EOF
-Section: gnome
-Priority: optional
-Homepage: https://tails.boum.org/
-Standards-Version: 3.9.6
-
-Package: gnome-backgrounds
-Version: ${FAKE_PKG_VERSION}
-Maintainer: Tails developers <amnesia@boum.org>
-Architecture: all
-Description: (Fake) gnome-backgrounds
- Make it possible to install gnome-shell without having to
- install a real gnome-backgrounds package.
-EOF
-
-(
- cd "${tmp}"
- equivs-build "${tmp}"/gnome-backgrounds.control
- dpkg -i "${tmp}"/gnome-backgrounds_"${FAKE_PKG_VERSION}"_all.deb
-)
-rm -R "${tmp}"
+install_fake_package gnome-backgrounds "${FAKE_PKG_VERSION}" gnome
diff --git a/config/chroot_local-hooks/50-dkms b/config/chroot_local-hooks/50-dkms
index 1f7b783..bbf243f 100755
--- a/config/chroot_local-hooks/50-dkms
+++ b/config/chroot_local-hooks/50-dkms
@@ -25,6 +25,15 @@ apt-get install --yes \
"linux-headers-${KERNEL_VERSION}-686" \
virtualbox-guest-dkms
+MODULES_VERSION="$(dpkg-query -W -f='${Version}\n' virtualbox-guest-dkms \
+ | sed -E 's,-.*,,')"
+dkms build \
+ -a i386 -k "${KERNEL_VERSION}-686" \
+ -m virtualbox-guest -v "$MODULES_VERSION"
+dkms install \
+ -a i386 -k "${KERNEL_VERSION}-686" \
+ -m virtualbox-guest -v "$MODULES_VERSION"
+
# clean the build directory
rm -r /var/lib/dkms/virtualbox-guest/
diff --git a/config/chroot_local-hooks/59-libdvd-pkg b/config/chroot_local-hooks/59-libdvd-pkg
index 2c032b1..1b70dd0 100755
--- a/config/chroot_local-hooks/59-libdvd-pkg
+++ b/config/chroot_local-hooks/59-libdvd-pkg
@@ -4,6 +4,9 @@ set -u
echo "Installing libdvd-pkg"
+# Import install_fake_package
+. /usr/local/lib/tails-shell-library/build.sh
+
apt-get --yes install libdvd-pkg
dpkg-reconfigure libdvd-pkg
@@ -12,31 +15,8 @@ dpkg-reconfigure libdvd-pkg
# libdvd-pkg. libdvd-pkg however depends on build-essential, which is
# explicitly removed. So instead we build/install a fake libdvd-pkg
# without the build-essential dependency to satisfy libdvdcss2.
-tmp="$(mktemp -d)"
-apt-get install --yes equivs
-
LIBDVD_PKG_VERSION="$(dpkg-query -s libdvd-pkg | grep Version | cut -d ' ' -f2)+fake1"
-
-cat > "${tmp}/libdvd-pkg-${LIBDVD_PKG_VERSION}.control" << EOF
-Section: multimedia
-Priority: optional
-Homepage: https://tails.boum.org/
-Standards-Version: 3.6.2
-
-Package: libdvd-pkg
-Version: ${LIBDVD_PKG_VERSION}
-Maintainer: Tails developers <amnesia@boum.org>
-Architecture: all
-Description: (Fake) libdvd-pkg package
- Provide placeholder to keep libdvdcss2 happy.
-EOF
-
-(
- cd "${tmp}"
- equivs-build "libdvd-pkg-${LIBDVD_PKG_VERSION}.control"
- dpkg -i "libdvd-pkg_${LIBDVD_PKG_VERSION}_all.deb"
-)
-rm -r "${tmp}" /usr/src/libdvd-pkg
+install_fake_package libdvd-pkg "${LIBDVD_PKG_VERSION}" multimedia
# Verify installed packages:
for x in libdvd-pkg
diff --git a/config/chroot_local-hooks/98-remove_unwanted_files b/config/chroot_local-hooks/98-remove_unwanted_files
index 43433fb..637ac28 100755
--- a/config/chroot_local-hooks/98-remove_unwanted_files
+++ b/config/chroot_local-hooks/98-remove_unwanted_files
@@ -18,6 +18,9 @@ rm $POTFILES_DOT_IN
# (by the 10-tbb hook)
rm /usr/share/tails/tbb-*.txt
+# This shell library is only used during build
+rm /usr/local/lib/tails-shell-library/build.sh
+
# Prevent races between MAC spoofing and interface naming
rm /lib/udev/rules.d/75-persistent-net-generator.rules
@@ -35,3 +38,6 @@ update-ca-certificates
# debugging (and slightly make things easier for malware, perhaps) and
# otherwise just occupy disk space.
rm -f /boot/*.map /boot/*.map-*
+
+# Remove text dump of uBlock settings file
+rm -rf /usr/share/tails/ublock-origin/