summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-hooks
diff options
context:
space:
mode:
Diffstat (limited to 'config/chroot_local-hooks')
-rwxr-xr-xconfig/chroot_local-hooks/00-install-tailslib3
-rwxr-xr-xconfig/chroot_local-hooks/04-change-gids-and-uids54
-rwxr-xr-xconfig/chroot_local-hooks/10-tbb122
-rwxr-xr-xconfig/chroot_local-hooks/11-check-thunderbird-addons20
-rwxr-xr-xconfig/chroot_local-hooks/11-localize_browser116
-rwxr-xr-xconfig/chroot_local-hooks/12-generate-ublock-origin-filter23
-rwxr-xr-xconfig/chroot_local-hooks/12-kernel-modules-build-environment2
-rwxr-xr-xconfig/chroot_local-hooks/13-aufs2
-rwxr-xr-xconfig/chroot_local-hooks/50-dkms7
-rwxr-xr-xconfig/chroot_local-hooks/52-update-rc.d1
-rwxr-xr-xconfig/chroot_local-hooks/54-menu2
-rwxr-xr-xconfig/chroot_local-hooks/55-update-mime-database8
-rwxr-xr-xconfig/chroot_local-hooks/98-remove_unwanted_files5
-rwxr-xr-xconfig/chroot_local-hooks/98-remove_unwanted_packages7
-rw-r--r--config/chroot_local-hooks/99-zz-install-ASP-DPKG-hooks7
-rwxr-xr-xconfig/chroot_local-hooks/99-zzz_check_uids_and_gids21
16 files changed, 189 insertions, 211 deletions
diff --git a/config/chroot_local-hooks/00-install-tailslib b/config/chroot_local-hooks/00-install-tailslib
index 735c408..9943ed7 100755
--- a/config/chroot_local-hooks/00-install-tailslib
+++ b/config/chroot_local-hooks/00-install-tailslib
@@ -5,7 +5,8 @@ set -u
echo "Installing the tailslib python library"
-# Import ensure_hook_dependency_is_installed() and strip_nondeterminism_wrapper()
+# Import ensure_hook_dependency_is_installed() and
+# strip_nondeterminism_wrapper()
. /usr/local/lib/tails-shell-library/build.sh
ensure_hook_dependency_is_installed python3-setuptools
diff --git a/config/chroot_local-hooks/04-change-gids-and-uids b/config/chroot_local-hooks/04-change-gids-and-uids
index 65cb83a..fae9f2e 100755
--- a/config/chroot_local-hooks/04-change-gids-and-uids
+++ b/config/chroot_local-hooks/04-change-gids-and-uids
@@ -6,14 +6,46 @@ set -e
echo "Change GIDs and UIDs"
-TPS_GROUP_STEALER=$(getent group 122 | awk -F ':' '{print $1}')
-if [ -n "$TPS_GROUP_STEALER" ]; then
- groupmod --gid 150 "$TPS_GROUP_STEALER"
- find / -wholename /proc -prune -o \( \! -type l -a -gid 122 -exec chgrp 150 '{}' \; \)
-fi
-
-TPS_USER_STEALER=$(getent passwd 115 | awk -F ':' '{print $1}')
-if [ -n "$TPS_USER_STEALER" ]; then
- usermod --uid 150 "$TPS_USER_STEALER"
- find / -wholename /proc -prune -o \( \! -type l -a -uid 115 -exec chown 150 '{}' \; \)
-fi
+Change_uid () {
+ NAME="$1"
+ NEW="$2"
+ OLD="$(getent passwd "$NAME" | awk -F ':' '{print $3}')"
+
+ if [ -n "$OLD" ]; then
+ echo "Changing UID for $NAME ($OLD -> $NEW)"
+ usermod --uid "$NEW" "$NAME"
+ find / -wholename /proc -prune -o \( \! -type l -a -uid "$OLD" -exec chown "$NEW" '{}' \; \)
+ fi
+}
+
+Change_gid () {
+ NAME="$1"
+ NEW="$2"
+ OLD="$(getent group "$NAME" | awk -F ':' '{print $3}')"
+
+ if [ -n "$OLD" ]; then
+ echo "Changing GID for $NAME ($OLD -> $NEW)"
+ groupmod --gid "$NEW" "$NAME"
+ find / -wholename /proc -prune -o \( \! -type l -a -gid "$OLD" -exec chgrp "$NEW" '{}' \; \)
+ fi
+}
+
+
+Change_uid tails-persistent-setup 150
+Change_gid tails-persistent-setup 150
+
+### Ensure GIDs are stable accross releases
+# ... otherwise, things such as tor@service are broken
+# after applying an automatic upgrade (#15695, #15424, #13426, #15407)
+
+# Temporarily give these groups a GID that's out of the way, to avoid collisions
+Change_gid vboxsf 1120
+Change_gid monkeysphere 1130
+Change_gid debian-tor 1140
+Change_gid lpadmin 1150
+
+# Finally, give these groups the desired GID
+Change_gid vboxsf 112
+Change_gid monkeysphere 113
+Change_gid debian-tor 114
+Change_gid lpadmin 115
diff --git a/config/chroot_local-hooks/10-tbb b/config/chroot_local-hooks/10-tbb
index 7153251..f959cc0 100755
--- a/config/chroot_local-hooks/10-tbb
+++ b/config/chroot_local-hooks/10-tbb
@@ -71,8 +71,12 @@ install_tor_browser() {
done
# Let's use the libstdc++ that the Tor Browser is intended to be used with,
- # instead of the system one.
- cp "${prep}"/TorBrowser/Tor/libstdc++.so.6 "${prep}"
+ # instead of the system one, whenever ours is too old.
+ # For details see projects/firefox/abicheck.cc in
+ # https://git.torproject.org/builders/tor-browser-build.git
+ # Tor Browser 8.0a10 requires GLIBCXX_3.4.22, which Stretch has
+ # so disable this for now.
+ # cp "${prep}"/TorBrowser/Tor/libstdc++.so.6 "${prep}"
# We don't need the Tor binary, the shared libraries Tor needs
# (but Firefox doesn't) and documentation shipped in the TBB.
@@ -118,17 +122,14 @@ EOF
# TBB works around the lack of code signing for its extensions by
# hacking in exceptions. We do the same!
apply_extension_code_signing_hacks () {
- local destination tmp tbb_timestamp
- destination="${1}"
-
- # For consistency we'll set timestamps of files we modify to the
- # same one used by the Tor Browser instead of SOURCE_DATE_EPOCH.
- tbb_timestamp="$(date --date='2000-01-01 00:00:00' +%s)"
+ local tbb_install tbb_timestamp
+ tbb_install="${1}"
+ tbb_timestamp="${2}"
tmp="$(mktemp -d)"
(
cd "${tmp}"
- 7z x -tzip "${TBB_INSTALL}/omni.ja"
+ 7z x -tzip "${tbb_install}/omni.ja"
patch -p1 <<EOF
diff -Naur a/chrome/toolkit/content/mozapps/extensions/extensions.js b/chrome/toolkit/content/mozapps/extensions/extensions.js
--- a/chrome/toolkit/content/mozapps/extensions/extensions.js 2000-01-01 00:00:00.000000000 +0000
@@ -167,14 +168,14 @@ diff -Naur a/modules/addons/XPIProvider.jsm b/modules/addons/XPIProvider.jsm
EOF
touch --date="@${tbb_timestamp}" modules/addons/XPIProvider.jsm \
chrome/toolkit/content/mozapps/extensions/extensions.js
- rm "${TBB_INSTALL}/omni.ja"
- 7z a -mtc=off -tzip "${TBB_INSTALL}/omni.ja" *
+ rm "${tbb_install}/omni.ja"
+ 7z a -mtc=off -tzip "${tbb_install}/omni.ja" *
)
rm -r "${tmp}"
tmp="$(mktemp -d)"
(
cd "${tmp}"
- 7z x -tzip "${TBB_INSTALL}/browser/omni.ja"
+ 7z x -tzip "${tbb_install}/browser/omni.ja"
patch -p1 <<EOF
diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js
--- a/components/nsBrowserGlue.js 2000-01-01 00:00:00.000000000 +0000
@@ -191,44 +192,47 @@ diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js
}
EOF
touch --date="@${tbb_timestamp}" components/nsBrowserGlue.js
- rm "${TBB_INSTALL}/browser/omni.ja"
- 7z a -mtc=off -tzip "${TBB_INSTALL}/browser/omni.ja" *
+ rm "${tbb_install}/browser/omni.ja"
+ 7z a -mtc=off -tzip "${tbb_install}/browser/omni.ja" *
)
rm -r "${tmp}"
- for archive in "${TBB_INSTALL}/omni.ja" "${TBB_INSTALL}/browser/omni.ja"; do
- strip_nondeterminism_wrapper --type zip --timestamp "${tbb_timestamp}" \
- "${archive}" 2>/dev/null
- done
}
-# Modern Firefox doesn't apply browser.search.defaultenginename on
-# start, and the other ways to get it to work (e.g. pre-generating
-# search.json.mozlz4) seems rather complex. Instead, let's just make
-# browser.search.defaultenginename work again by employing some
-# Enterprise features to run arbitrary JavaScript with access to the
-# Firefox internals. For the details of this feature, see:
-# https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment
-apply_default_searchengine_hacks () {
- local destination
- destination="${1}"
-
- cat > "${destination}/defaults/pref/autoconfig.js" <<EOF
-// This file must start with a comment
-pref("general.config.filename", "mozilla.cfg");
-pref("general.config.obscure_value", 0);
-EOF
+apply_prefs_hacks() {
+ local tbb_install tmp tbb_timestamp
+ tbb_install="${1}"
+ tbb_timestamp="${2}"
- cat > "${destination}/mozilla.cfg" <<EOF
-// This file must start with a comment
-var searchService = Components.classes["@mozilla.org/browser/search-service;1"].getService(Components.interfaces.nsIBrowserSearchService);
-var engineName = getPref("browser.search.defaultenginename");
-if (engineName) {
- var engine = searchService.getEngineByName(engineName);
- if (engine) {
- searchService.currentEngine = engine;
- }
+ tmp="$(mktemp -d)"
+ (
+ cd "${tmp}"
+ 7z x -tzip "${tbb_install}/browser/omni.ja"
+ # Remove TBB's Tor Launcher settings since we don't enable it in
+ # our Tor Browser.
+ sed -i '/extensions\.torlauncher\./d' defaults/preferences/000-tor-browser.js
+ # Display the Stop/Reload button: our test suite currently depends on it
+ perl -pi -E \
+ 's/^(pref\("browser.uiCustomization.state",.*\\"loop-button\\")/$1,\\"stop-reload-button\\"/' \
+ defaults/preferences/000-tor-browser.js
+ # Append our custom prefs
+ cat /usr/share/tails/tor-browser-prefs.js \
+ >> defaults/preferences/000-tor-browser.js
+ touch --date="@${tbb_timestamp}" defaults/preferences/000-tor-browser.js
+ rm "${tbb_install}/browser/omni.ja"
+ 7z a -mtc=off -tzip "${tbb_install}/browser/omni.ja" *
+ )
+ rm -r "${tmp}"
}
-EOF
+
+strip_nondeterminism () {
+ local tbb_install tbb_timestamp
+ tbb_install="${1}"
+ tbb_timestamp="${2}"
+
+ for archive in "${tbb_install}/omni.ja" "${tbb_install}/browser/omni.ja"; do
+ strip_nondeterminism_wrapper --type zip --timestamp "${tbb_timestamp}" \
+ "${archive}" 2>/dev/null
+ done
}
install_langpacks_from_bundles() {
@@ -262,8 +266,9 @@ install_debian_extensions() {
destination="${1}"
shift
apt-get install --yes "${@}"
- ln -s /usr/share/xul-ext/ublock-origin/ \
+ ln -s /usr/share/webext/ublock-origin/ \
"${destination}"/'uBlock0@raymondhill.net'
+ patch -p1 < /usr/share/tails/uBlock-disable-autoUpdate.diff
}
create_default_profile() {
@@ -275,16 +280,16 @@ create_default_profile() {
rsync -a --exclude bookmarks.html --exclude extensions \
"${tbb_profile}"/ "${destination}"/
- # Remove TBB's Tor Launcher settings since we don't enable it in
- # our Tor Browser.
- sed -i '/extensions\.torlauncher\./d' "${destination}"/preferences/extension-overrides.js
-
mkdir -p "${destination}"/extensions
for ext in "${tbb_extensions_dir}"/*; do
ln -s "${ext}" "${destination}"/extensions/
done
}
+# For consistency we'll set timestamps of files we modify to the
+# same one used by the Tor Browser instead of SOURCE_DATE_EPOCH.
+TBB_TIMESTAMP="$(date --date='2000-01-01 00:00:00' +%s)"
+
TBB_SHA256SUMS_FILE=/usr/share/tails/tbb-sha256sums.txt
TBB_TARBALLS="$(grep "\<tor-browser-linux64-.*\.tar.xz$" "${TBB_SHA256SUMS_FILE}")"
@@ -301,16 +306,17 @@ fi
TBB_DIST_URL_FILE=/usr/share/tails/tbb-dist-url.txt
TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}")"
-# The Debian Iceweasel extensions we want to install and make
+# The Firefox extensions we want to install from Debian and make
# available in the Tor Browser.
-DEBIAN_EXT_PKGS="xul-ext-ublock-origin"
+DEBIAN_EXT_PKGS="webext-ublock-origin"
TMP="$(mktemp -d)"
download_and_verify_files "${TBB_TARBALLS_BASE_URL}" "${TBB_TARBALLS}" "${TMP}"
install_tor_browser "${TMP}/${MAIN_TARBALL}" "${TBB_INSTALL}"
-apply_extension_code_signing_hacks "${TBB_INSTALL}"
-apply_default_searchengine_hacks "${TBB_INSTALL}"
+apply_extension_code_signing_hacks "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
+apply_prefs_hacks "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
+strip_nondeterminism "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
mkdir -p "${TBB_EXT}"
if [ "${NIGHTLY_BUILD}" != yes ]; then
@@ -324,11 +330,11 @@ rm -r "${TMP}"
mv "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions/* "${TBB_EXT}"
rmdir "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default/extensions
-# ... and then install a few Iceweasel extension by using a fake
-# Iceweasel equivs package to satisfy the dependencies.
+# ... and then install a few Firefox extension by using a fake
+# firefox equivs package to satisfy the dependencies.
FIREFOX_VERSION=$(get_firefox_version "${TBB_INSTALL}"/application.ini)
-FAKE_ICEWEASEL_VERSION=${FIREFOX_VERSION}+fake1
-install_fake_package iceweasel "${FAKE_ICEWEASEL_VERSION}" web
+FAKE_FIREFOX_VERSION=${FIREFOX_VERSION}+fake1
+install_fake_package firefox "${FAKE_FIREFOX_VERSION}" web
install_debian_extensions "${TBB_EXT}" ${DEBIAN_EXT_PKGS}
mkdir -p "${TBB_PROFILE}"
@@ -336,7 +342,7 @@ create_default_profile "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default
# Create a copy of the Firefox binary, for use e.g. by Tor Launcher.
# It won't be subject to AppArmor confinement.
-cp -a "${TBB_INSTALL}/firefox" "${TBB_INSTALL}/firefox-unconfined"
+cp -a "${TBB_INSTALL}/firefox.real" "${TBB_INSTALL}/firefox-unconfined"
chown -R root:root "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
chmod -R a+rX "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
diff --git a/config/chroot_local-hooks/11-check-thunderbird-addons b/config/chroot_local-hooks/11-check-thunderbird-addons
new file mode 100755
index 0000000..e4612de
--- /dev/null
+++ b/config/chroot_local-hooks/11-check-thunderbird-addons
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+set -u
+
+echo "Checking for Thunderbird language packages"
+
+SUFFIX="@thunderbird.mozilla.org.xpi"
+LANG_PACK_COUNT=$(find /usr/share/thunderbird/extensions/ -name "langpack-*${SUFFIX}" | wc -l)
+
+if [ "$LANG_PACK_COUNT" = "0" ]; then
+ cat >&2 <<EOF
+E: No language packages matching the ${SUFFIX} suffix.
+ It is likely that tails-shell-library/thunderbird.sh needs an update
+EOF
+ exit 1
+else
+ echo "I: ${LANG_PACK_COUNT} language packages found" >&2
+fi
+
diff --git a/config/chroot_local-hooks/11-localize_browser b/config/chroot_local-hooks/11-localize_browser
index 14110ee..34d65a2 100755
--- a/config/chroot_local-hooks/11-localize_browser
+++ b/config/chroot_local-hooks/11-localize_browser
@@ -19,11 +19,10 @@ echo "Localize each supported browser locale"
ensure_hook_dependency_is_installed p7zip imagemagick
-TBB_LOCALIZED_SEARCHPLUGINS_DIR="${TBB_INSTALL}/distribution/searchplugins/locale/"
BROWSER_LOCALIZATION_DIR="/usr/share/tails/browser-localization"
DESCRIPTIONS_FILE="${BROWSER_LOCALIZATION_DIR}/descriptions"
LOCALE_PROFILES_DIR="/etc/tor-browser/locale-profiles/"
-NO_SPELLCHECKER_LOCALES="ja ko nl pl tr zh"
+NO_SPELLCHECKER_LOCALES="ca ga id is ja nb tr zh"
# Sanity check that each supported Tor Browser locale has a
# description for how to localize it further.
@@ -34,21 +33,20 @@ for LOCALE in $(supported_tor_browser_locales); do
fi
done
if [ -n "${BROKEN_LOCALES}" ]; then
- echo "The following supported browser locales lack search plugin descriptions in ${DESCRIPTIONS_FILE}:${BROKEN_LOCALES}" >&2
+ echo "The following supported browser locales lack descriptions in ${DESCRIPTIONS_FILE}:${BROKEN_LOCALES}" >&2
exit 1
fi
# This very long while-loop is fed the DESCRIPTIONS_FILE (IO
# redirection at the bottom), which describes how we will localize
# each supported Tor Browser locale. The format is:
-# MOZILLA_LOCALE:LOCATION:LOCALIZED_LANG:STARTPAGE_LANG:STARTPAGE_LANG_UI
+# MOZILLA_LOCALE:LOCATION
# Note that we're forced to pick some representative location for the
# language-only locales, like Egypt (EG) for Arabic (ar).
-while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE_LANG_UI; do
- if [ -z "${MOZILLA_LOCALE}" ] || [ -z "${LOCATION}" ] || \
- [ -z "${LOCALIZED_LANG}" ] || [ -z "${STARTPAGE_LANG}" ]; then
+while IFS=: read MOZILLA_LOCALE LOCATION; do
+ if [ -z "${MOZILLA_LOCALE}" ] || [ -z "${LOCATION}" ]; then
echo "Something is wrong with ${DESCRIPTIONS_FILE}" >&2
- echo "Description: ${MOZILLA_LOCALE}:${LOCATION}:${LOCALIZED_LANG}:${STARTPAGE_LANG}:${STARTPAGE_LANG_UI}" >&2
+ echo "Description: ${MOZILLA_LOCALE}:${LOCATION}" >&2
exit 1
fi
@@ -64,67 +62,11 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
NORMAL_LOCALE="${MOZILLA_LOCALE}_${LOCATION}"
fi
LANG_CODE="$(language_code_from_locale "${NORMAL_LOCALE}")"
- TARGET_SEARCHPLUGINS_DIR="${TBB_LOCALIZED_SEARCHPLUGINS_DIR}/${MOZILLA_LOCALE}"
- mkdir -p "${TARGET_SEARCHPLUGINS_DIR}"
-
- if [ -z "${STARTPAGE_LANG_UI}" ]; then
- STARTPAGE_LANG_UI=english
- fi
- sed -e "s/\${LOCALIZED_LANG}/${LOCALIZED_LANG}/" \
- -e "s/\${LANG}/${STARTPAGE_LANG}/" \
- -e "s/\${LANG_UI}/${STARTPAGE_LANG}/" \
- "${BROWSER_LOCALIZATION_DIR}/startpage.xml-template" > \
- "${TARGET_SEARCHPLUGINS_DIR}/startpage-${MOZILLA_LOCALE}.xml"
-
- DDG_PLUGIN="${TARGET_SEARCHPLUGINS_DIR}/ddg-${MOZILLA_LOCALE}.xml"
- DDG_LANG_UI="${NORMAL_LOCALE}"
- if [ "${DDG_LANG_UI}" = "vi_VN" ]; then
- # DDG uses a non-standard locale for Vietnamese
- DDG_LANG_UI="vi_VI"
- fi
- sed -e "s/\${LOCALIZED_LANG}/${LOCALIZED_LANG}/" \
- -e "s/\${LANG_UI}/${DDG_LANG_UI}/" \
- "${BROWSER_LOCALIZATION_DIR}/ddg.xml-template" > \
- "${DDG_PLUGIN}"
-
- # We generate a Wikipedia plugin with localized icons since we
- # want to provide both English and the locale's plugin, and
- # Firefox' new search bar only shows icons; the description (which
- # is localized) is only shown in a pop-up nowdays, so it's easy to
- # mix them up.
- CAPITALIZED_LANG_CODE="$(echo "${LANG_CODE}" | tr 'a-z' 'A-Z')"
- LOCALIZED_WIKIPEDIA_ICON_PATH="/tmp/wikipedia-icon-${LANG_CODE}.png"
- WIKIPEDIA_SEARCH_ICON_BASE64_PATH="${LOCALIZED_WIKIPEDIA_ICON_PATH}.base64"
- WIKIPEDIA_ICON_TEMPLATE="${BROWSER_LOCALIZATION_DIR}/Wikipedia-icon.png"
- convert "${WIKIPEDIA_ICON_TEMPLATE}" \
- -gravity SouthEast -pointsize 130 -font Liberation-Sans-Bold \
- -fill black -annotate 0 "${CAPITALIZED_LANG_CODE}" \
- +set date:create +set date:modify -define png:exclude-chunk=time \
- -resize 16x16 "${LOCALIZED_WIKIPEDIA_ICON_PATH}"
- base64 "${LOCALIZED_WIKIPEDIA_ICON_PATH}" | tr -d "\n" > \
- "${WIKIPEDIA_SEARCH_ICON_BASE64_PATH}"
- sed -e "s/\${LANG_CODE}/${LANG_CODE}/" \
- -e "s/\${LOCALIZED_LANG}/${LOCALIZED_LANG}/" \
- -e "/\${BASE64_PNG_16x16}/ r ${WIKIPEDIA_SEARCH_ICON_BASE64_PATH}" \
- -e "/\${BASE64_PNG_16x16}/d" \
- "${BROWSER_LOCALIZATION_DIR}/wikipedia.xml-template" > \
- "${TARGET_SEARCHPLUGINS_DIR}/wikipedia-${MOZILLA_LOCALE}.xml"
- rm "${LOCALIZED_WIKIPEDIA_ICON_PATH}" \
- "${WIKIPEDIA_SEARCH_ICON_BASE64_PATH}"
# Our Tor Browser wrapper script will make use of the following
# per-locale profiles to set localized defaults for various prefs.
mkdir -p "${LOCALE_PROFILES_DIR}"
LOCALE_PROFILE_FILE="${LOCALE_PROFILES_DIR}/${MOZILLA_LOCALE}.js"
- for KEY in browser.search.defaultenginename \
- browser.search.selectedEngine; do
- PLUGIN="DuckDuckGo - ${LOCALIZED_LANG}"
- if ! grep -q "<ShortName>${PLUGIN}</ShortName>" "${DDG_PLUGIN}"; then
- echo "Trying to make search plugin '${PLUGIN}' the default for ${MOZILLA_LOCALE} but it unexpectedly wasn't the one we generated earlier" >&2
- exit 1
- fi
- set_mozilla_pref "${LOCALE_PROFILE_FILE}" "${KEY}" "\"${PLUGIN}\""
- done
TBB_DICTIONARIES_DIR="${TBB_INSTALL}/dictionaries"
unset SPELLCHECKER_LOCALE
for LOCALE in "${NORMAL_LOCALE}" "${LANG_CODE}"; do
@@ -142,7 +84,8 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
fi
set_mozilla_pref "${LOCALE_PROFILE_FILE}" \
"spellchecker.dictionary" \
- "\"${SPELLCHECKER_LOCALE}\""
+ "\"${SPELLCHECKER_LOCALE}\"" \
+ "user_pref"
HOMEPAGE="https://tails.boum.org/home/"
if echo "${TAILS_WIKI_SUPPORTED_LANGUAGES}" | grep -qw "${LANG_CODE}"; then
HOMEPAGE="${HOMEPAGE}index.${LANG_CODE}.html"
@@ -154,47 +97,6 @@ done < "${DESCRIPTIONS_FILE}"
# This directory is not needed after build time.
rm -r "${BROWSER_LOCALIZATION_DIR}"
-# Remove unwanted browser search plugins bundled in the Tor Browser.
-# Note for posterity: the searchplugins/list.txt file must not be
-# removed! It must list the filename (excl. .xml) of each plugin
-# present, otherwise they won't work. It's not a problem to list
-# nonexisting ones, so as long as we delete plugins we do not have to
-# alter it.
-7z d -mtc=off -tzip "${TBB_INSTALL}/browser/omni.ja" \
- 'chrome/en-US/locale/browser/searchplugins/ddg*.xml' \
- 'chrome/en-US/locale/browser/searchplugins/startpage*.xml' \
- 'chrome/en-US/locale/browser/searchplugins/wikipedia*.xml' \
- 'chrome/en-US/locale/browser/searchplugins/yahoo*.xml'
-# For consistency, fixup the internal timestamps of these archives with
-# the same ones used by the Tor Browser instead of SOURCE_DATE_EPOCH.
-tbb_timestamp="$(date --date='2000-01-01 00:00:00' +%s)"
-strip_nondeterminism_wrapper --type zip --timestamp "${tbb_timestamp}" \
- "${TBB_INSTALL}/browser/omni.ja" 2>/dev/null
-for pack in "${TBB_EXT}"/langpack-*.xpi; do
- 7z d -mtc=off -tzip "${pack}" \
- 'browser/chrome/*/locale/browser/searchplugins/ddg*.xml' \
- 'browser/chrome/*/locale/browser/searchplugins/startpage*.xml' \
- 'browser/chrome/*/locale/browser/searchplugins/wikipedia*.xml' \
- 'browser/chrome/*/locale/browser/searchplugins/yahoo*.xml'
- strip_nondeterminism_wrapper --type zip --timestamp "${tbb_timestamp}" \
- "${pack}" 2>/dev/null
-done
-
-# We want our localized English Wikipedia plugin to be available in
-# all locales.
-(
- cd "${TBB_LOCALIZED_SEARCHPLUGINS_DIR}"
- for dir in *; do
- if [ -d "${dir}" ] && [ "${dir}" != en-US ]; then
- (
- cd "${dir}"
- cp -a ../en-US/wikipedia-en-US.xml .
- )
- fi
- done
-)
-
# All generated and modified files must remain world-readable.
-chmod -R a+rX "${TBB_LOCALIZED_SEARCHPLUGINS_DIR}" \
- "${LOCALE_PROFILES_DIR}" \
+chmod -R a+rX "${LOCALE_PROFILES_DIR}" \
"${TBB_EXT}"
diff --git a/config/chroot_local-hooks/12-generate-ublock-origin-filter b/config/chroot_local-hooks/12-generate-ublock-origin-filter
deleted file mode 100755
index 72faba4..0000000
--- a/config/chroot_local-hooks/12-generate-ublock-origin-filter
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Converting uBlock database dump into sqlite blob"
-
-# Import ensure_hook_dependency_is_installed()
-. /usr/local/lib/tails-shell-library/build.sh
-
-ensure_hook_dependency_is_installed sqlite3
-
-DUMP="/usr/share/tails/ublock-origin/ublock0.dump"
-DATABASE="/etc/tor-browser/profile/extension-data/ublock0.sqlite"
-
-mkdir -p "$(dirname "${DATABASE}")"
-
-# The sed expression simply means: remove all CRLF ("\r\n"). The use
-# of labels is simply to make this able to remove multiple CRLF to
-# create a single (long) line. In the end, this restores the
-# diff-friendly dump to the original sqlite dump.
-sed ':a;N;$!ba;s_\r\n__g' "${DUMP}" | sqlite3 "${DATABASE}"
-
-echo "Created uBlock sqlite blob successfully"
diff --git a/config/chroot_local-hooks/12-kernel-modules-build-environment b/config/chroot_local-hooks/12-kernel-modules-build-environment
index 62d4c73..954dd70 100755
--- a/config/chroot_local-hooks/12-kernel-modules-build-environment
+++ b/config/chroot_local-hooks/12-kernel-modules-build-environment
@@ -6,7 +6,7 @@ set -x
echo "Setting up a build environment for kernel modules"
-. /usr/share/amnesia/build/variables
+. /usr/share/tails/build/variables
# Import ensure_hook_dependency_is_installed() and
# install_fake_package()
diff --git a/config/chroot_local-hooks/13-aufs b/config/chroot_local-hooks/13-aufs
index 0193249..442fcd5 100755
--- a/config/chroot_local-hooks/13-aufs
+++ b/config/chroot_local-hooks/13-aufs
@@ -5,7 +5,7 @@ set -u
echo "Building the aufs module"
-. /usr/share/amnesia/build/variables
+. /usr/share/tails/build/variables
# Import ensure_hook_dependency_is_installed()
. /usr/local/lib/tails-shell-library/build.sh
diff --git a/config/chroot_local-hooks/50-dkms b/config/chroot_local-hooks/50-dkms
index 7b91e22..513a092 100755
--- a/config/chroot_local-hooks/50-dkms
+++ b/config/chroot_local-hooks/50-dkms
@@ -6,7 +6,7 @@ set -x
echo "Building VirtualBox guest modules"
-. /usr/share/amnesia/build/variables
+. /usr/share/tails/build/variables
# Import ensure_hook_dependency_is_installed()
# and install_fake_package()
@@ -28,8 +28,9 @@ done
# which does not match our kernel version, the modules won't be built
# and then we should abort the build.
for module in vboxguest vboxsf vboxvideo ; do
- for modules_dir in /lib/modules/*/updates ; do
- if [ ! -f "${modules_dir}/${module}.ko" ]; then
+ for modules_dir in /lib/modules/* ; do
+ found=$(find "$modules_dir" -name "${module}.ko" | wc -l)
+ if [ "$found" = 0 ]; then
echo "Can not find ${module} module in '${modules_dir}" >&2
exit 1
fi
diff --git a/config/chroot_local-hooks/52-update-rc.d b/config/chroot_local-hooks/52-update-rc.d
index 0013566..02aeb60 100755
--- a/config/chroot_local-hooks/52-update-rc.d
+++ b/config/chroot_local-hooks/52-update-rc.d
@@ -10,6 +10,7 @@ systemctl enable memlockd.service
# Enable our own systemd unit files
systemctl enable initramfs-shutdown.service
systemctl enable onion-grater.service
+systemctl enable tails-synchronize-data-to-new-persistent-volume-on-shutdown.service
systemctl enable tails-autotest-broken-Xorg.service
systemctl enable tails-autotest-remote-shell.service
systemctl enable tails-set-wireless-devices-state.service
diff --git a/config/chroot_local-hooks/54-menu b/config/chroot_local-hooks/54-menu
index 7c5247e..3ba19a0 100755
--- a/config/chroot_local-hooks/54-menu
+++ b/config/chroot_local-hooks/54-menu
@@ -9,7 +9,7 @@ echo "Registering and tweaking menus"
ensure_hook_dependency_is_installed xdg-utils
-for app in tails-installer tails-persistence-delete tails-persistence-setup tails-about tails-documentation; do
+for app in tails-installer tails-persistence-delete tails-persistence-setup tails-about tails-documentation org.boum.tails.additional-software-config ; do
xdg-desktop-menu install --novendor \
/usr/share/desktop-directories/Tails.directory \
"/usr/share/applications/${app}.desktop"
diff --git a/config/chroot_local-hooks/55-update-mime-database b/config/chroot_local-hooks/55-update-mime-database
new file mode 100755
index 0000000..e816451
--- /dev/null
+++ b/config/chroot_local-hooks/55-update-mime-database
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -e
+set -u
+
+echo "Updating the shared MIME-Info database cache with our custom file associations"
+
+update-mime-database /usr/local/share/mime
diff --git a/config/chroot_local-hooks/98-remove_unwanted_files b/config/chroot_local-hooks/98-remove_unwanted_files
index d7ea10f..43189ce 100755
--- a/config/chroot_local-hooks/98-remove_unwanted_files
+++ b/config/chroot_local-hooks/98-remove_unwanted_files
@@ -5,7 +5,7 @@ set -e
echo "Removing unwanted files"
# Get POTFILES_DOT_IN
-. /usr/share/amnesia/build/variables
+. /usr/share/tails/build/variables
find /usr/share/doc -type f -name changelog.gz -delete
find /usr/share/doc -type f -name changelog.Debian.gz -delete
@@ -32,6 +32,3 @@ update-ca-certificates
# debugging (and slightly make things easier for malware, perhaps) and
# otherwise just occupy disk space.
rm -f /boot/*.map /boot/*.map-*
-
-# Remove text dump of uBlock settings file
-rm -rf /usr/share/tails/ublock-origin/
diff --git a/config/chroot_local-hooks/98-remove_unwanted_packages b/config/chroot_local-hooks/98-remove_unwanted_packages
index 13e2a0e..6f9628e 100755
--- a/config/chroot_local-hooks/98-remove_unwanted_packages
+++ b/config/chroot_local-hooks/98-remove_unwanted_packages
@@ -46,7 +46,6 @@ apt-get --yes purge \
### Deinstall some other unwanted packages.
apt-get --yes purge \
'^aptitude*' \
- '^geoclue*' \
krb5-locales \
libdvdcss2-dbgsym \
live-build \
@@ -56,5 +55,11 @@ apt-get --yes purge \
tasksel-data \
tcpd
+### Deinstall some other unwanted packages whose regexp might not be match
+### anything when building with partial, tagged APT snapshots.
+if [ $(dpkg --get-selections | grep -c -E '^geoclue') -gt 0 ]; then
+ apt-get --yes purge '^geoclue*'
+fi
+
### Deinstall dependencies of the just removed packages.
apt-get --yes --purge autoremove
diff --git a/config/chroot_local-hooks/99-zz-install-ASP-DPKG-hooks b/config/chroot_local-hooks/99-zz-install-ASP-DPKG-hooks
new file mode 100644
index 0000000..91a4519
--- /dev/null
+++ b/config/chroot_local-hooks/99-zz-install-ASP-DPKG-hooks
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+set -u
+
+mv /etc/apt/apt.conf.d/80tails-additional-software.disabled \
+ /etc/apt/apt.conf.d/80tails-additional-software
diff --git a/config/chroot_local-hooks/99-zzz_check_uids_and_gids b/config/chroot_local-hooks/99-zzz_check_uids_and_gids
new file mode 100755
index 0000000..785b080
--- /dev/null
+++ b/config/chroot_local-hooks/99-zzz_check_uids_and_gids
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+echo "Checking UIDs and GIDs stability"
+
+if ! cmp "/usr/share/tails/build/passwd" "/etc/passwd" \
+ || ! cmp "/usr/share/tails/build/group" "/etc/group" ; then
+ echo "/etc/passwd and/or /etc/group differs from expected:" >&2
+ for file in passwd group; do
+ diff -Naur "/usr/share/tails/build/${file}" "/etc/${file}" >&2 || :
+ echo >&2
+ echo "Content of '/etc/${file}':" >&2
+ cat "/etc/${file}" >&2
+ echo >&2
+ done
+ echo "If these changes are innocuous, update these files in" \
+ "config/chroot_local-includes/usr/share/tails/build/." >&2
+ echo "See #15407 and #13426 for more context." >&2
+ exit 1
+fi