summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-includes/usr/local/sbin/unsafe-browser
diff options
context:
space:
mode:
Diffstat (limited to 'config/chroot_local-includes/usr/local/sbin/unsafe-browser')
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/unsafe-browser122
1 files changed, 77 insertions, 45 deletions
diff --git a/config/chroot_local-includes/usr/local/sbin/unsafe-browser b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
index 27b3882..5188c0b 100755
--- a/config/chroot_local-includes/usr/local/sbin/unsafe-browser
+++ b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
@@ -18,6 +18,11 @@ CLEARNET_USER=clearnet
# Import tor_is_working()
. /usr/local/lib/tails-shell-library/tor.sh
+# Import the TBB_INSTALL, TBB_EXT and TBB_PROFILE variables, and
+# exec_firefox(), configure_xulrunner_app_locale() and
+# guess_best_tor_browser_locale()
+. /usr/local/lib/tails-shell-library/tor-browser.sh
+
WARNING_PAGE='/usr/share/doc/tails/website/misc/unsafe_browser_warning'
LANG_CODE="$(echo ${LANG} | head -c 2)"
if [ -r "${WARNING_PAGE}.${LANG_CODE}.html" ]; then
@@ -106,29 +111,23 @@ setup_chroot () {
set_chroot_browser_name () {
NAME="${1}"
- LONG=$(echo ${LANG} | grep -o "^[a-zA-Z_]*")
- SHORT=${LONG%%_*}
- EXT_DIR=${CHROOT}/usr/lib/iceweasel/browser/extensions
+ LOCALE="${2}"
+ EXT_DIR=${CHROOT}/"${TBB_EXT}"
BRANDING=branding/brand.dtd
- if [ -e "${EXT_DIR}/langpack-${LONG}@iceweasel.mozilla.org.xpi" ]; then
- PACK="${EXT_DIR}/langpack-${LONG}@iceweasel.mozilla.org.xpi"
- TOP=browser/chrome
- REST=${LONG}/locale
- elif [ -e "${EXT_DIR}/langpack-${SHORT}@iceweasel.mozilla.org.xpi" ]; then
- PACK="${EXT_DIR}/langpack-${SHORT}@iceweasel.mozilla.org.xpi"
+ if [ "${LOCALE}" != en-US ]; then
+ PACK="${EXT_DIR}/langpack-${LOCALE}@firefox.mozilla.org.xpi"
TOP=browser/chrome
- REST=${SHORT}/locale
+ REST=${LOCALE}/locale
else
- PACK=${CHROOT}/usr/share/iceweasel/browser/chrome/en-US.jar
- TOP=locale
- REST=
+ PACK="${CHROOT}/${TBB_INSTALL}/browser/omni.ja"
+ TOP=chrome
+ REST=en-US/locale
fi
-
TMP=$(mktemp -d)
# Non-zero exit code due to non-standard ZIP archive.
# The following steps will fail soon if the extraction failed anyway.
unzip -d "${TMP}" "${PACK}" || true
- sed -i "s/Iceweasel/${NAME}/" "${TMP}"/"${TOP}"/"${REST}"/"${BRANDING}"
+ sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${NAME}\">/" "${TMP}/${TOP}/${REST}/${BRANDING}"
rm "${PACK}"
(cd $TMP ; 7z a -tzip "${PACK}" .)
chmod a+r "${PACK}"
@@ -145,58 +144,91 @@ configure_chroot () {
done
chmod a+r ${CHROOT}/etc/resolv.conf
- # Remove all Iceweasel addons: some adds proxying, which we don't
+ # Remove all addons: some adds proxying, which we don't
# want; some may change the fingerprint compared to a standard
- # Iceweasel install. Note: We cannot use apt-get since we don't ship its
+ # Firefox install. Note: We cannot use apt-get since we don't ship its
# lists (#6531). Too bad, APT supports globbing, while dkpg does not.
dpkg -l 'xul-ext-*' | /bin/grep '^ii' | awk '{print $2}' | \
xargs chroot ${CHROOT} dpkg --remove
- # Create a fresh Iceweasel profile for the clearnet user
- cp -a ${CHROOT}/etc/skel/.mozilla/ ${CHROOT}/home/clearnet/
- chown -R clearnet:clearnet ${CHROOT}/home/clearnet/.mozilla/
- CLEARNET_PROFILE=${CHROOT}/home/clearnet/.mozilla/firefox/default
+ # Create a fresh browser profile for the clearnet user
+ CLEARNET_PROFILE="${CHROOT}"/home/clearnet/.tor-browser/profile.default
+
+ CLEARNET_EXT="${CLEARNET_PROFILE}"/extensions
+ mkdir -p "${CLEARNET_EXT}"
+ cp -Pr "${TBB_PROFILE}"/extensions/langpack-*.xpi "${CLEARNET_EXT}"
+
+ CLEARNET_PREFS="${CLEARNET_PROFILE}"/preferences/prefs.js
+ mkdir -p "$(dirname "${CLEARNET_PREFS}")"
+
+ # Localization
+ BEST_LOCALE="$(guess_best_tor_browser_locale)"
+ configure_xulrunner_app_locale "${CLEARNET_PROFILE}" "${BEST_LOCALE}"
# Disable proxying in the chroot
- sed -r -i '/^(user_|)pref\("network\.proxy\..*",/d' \
- ${CLEARNET_PROFILE}/*.js
- echo 'user_pref("network.proxy.type", 0);' >> \
- ${CLEARNET_PROFILE}/user.js
- echo 'user_pref("network.proxy.socks_remote_dns", false);' >> \
- ${CLEARNET_PROFILE}/user.js
- rm -rf ${CLEARNET_PROFILE}/extensions
-
- # Set a scary theme (except if we're using Windows camouflage)
- if [ -z "${CAMOUFLAGE}" ]; then
- cat >> ${CLEARNET_PROFILE}/user.js <<EOF
-user_pref("lightweightThemes.isThemeSelected", true);
-user_pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"Unsafe Browser\",\"headerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"textcolor\":\"#FFFFFF\",\"accentcolor\":\"#CC0000\",\"updateDate\":0,\"installDate\":0}]");
-EOF
- else
- # The camouflage activation script requires a dbus server for
- # properly configuring GNOME, so we start one in the chroot
- chroot ${CHROOT} sudo -H -u clearnet sh -c 'eval `dbus-launch --auto-syntax`; tails-activate-win8-theme' || :
- fi
+ echo 'pref("network.proxy.type", 0);' >> "${CLEARNET_PREFS}"
+ echo 'pref("network.proxy.socks_remote_dns", false);' >> "${CLEARNET_PREFS}"
+
+ # Prevent File -> Print or CTRL+P from causing the browser to hang
+ # for several minutes while trying to communicate with CUPS, since
+ # access to port 631 isn't allowed through.
+ echo 'pref("print.postscript.cups.enabled", false);' >> "${CLEARNET_PREFS}"
+ # Hide "Get Addons" in Add-ons manager
+ echo 'user_pref("extensions.getAddons.showPane", false);' >> "${CLEARNET_PREFS}"
# Set the name (e.g. window title) of the browser
- set_chroot_browser_name "`gettext \"Unsafe Browser\"`"
+ set_chroot_browser_name "`gettext \"Unsafe Browser\"`" "${BEST_LOCALE}"
# Set start page to something that explains what's going on
echo 'user_pref("browser.startup.homepage", "'${START_PAGE}'");' >> \
- ${CLEARNET_PROFILE}/user.js
+ "${CLEARNET_PREFS}"
+ BROWSER_CHROME="${CLEARNET_PROFILE}/chrome/userChrome.css"
+ mkdir -p "$(dirname "${BROWSER_CHROME}")"
+ cat > ${BROWSER_CHROME} << EOF
+/* Required, do not remove */
+@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
+
+/* Hide TorBrowser Health Report and its configuration option */
+#appmenu_healthReport,
+#dataChoicesTab,
+#healthReport
+
+{display: none !important}
+EOF
# Remove all bookmarks
- rm -f ${CHROOT}/etc/iceweasel/profile/bookmarks.html
+ rm -f ${CHROOT}/"${TBB_PROFILE}"/bookmarks.html
rm -f ${CLEARNET_PROFILE}/bookmarks.html
rm -f ${CLEARNET_PROFILE}/places.sqlite
+
+ chown -R clearnet:clearnet ${CHROOT}/home/clearnet/.tor-browser
+
+ # Set a scary theme (except if we're using Windows
+ # camouflage). Note that the tails-activate-win8-theme script that
+ # we may run below requires that the browser profile is writable
+ # by the user running the script (i.e. clearnet).
+ if [ -z "${CAMOUFLAGE}" ]; then
+ cat >> "${CLEARNET_PREFS}" <<EOF
+pref("lightweightThemes.isThemeSelected", true);
+pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"Unsafe Browser\",\"headerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"textcolor\":\"#FFFFFF\",\"accentcolor\":\"#CC0000\",\"updateDate\":0,\"installDate\":0}]");
+EOF
+ else
+ # The camouflage activation script requires a dbus server for
+ # properly configuring GNOME, so we start one in the chroot
+ chroot ${CHROOT} sudo -H -u clearnet sh -c 'eval `dbus-launch --auto-syntax`; tails-activate-win8-theme' || :
+ fi
+
}
run_browser_in_chroot () {
- # Start Iceweasel in the chroot
+ # Start the browser in the chroot
echo "* Starting Unsafe Browser"
sudo -u ${SUDO_USER} xhost +SI:localuser:${CLEARNET_USER} 2>/dev/null
- chroot ${CHROOT} sudo -u ${CLEARNET_USER} /usr/bin/iceweasel -DISPLAY=:0.0
+ chroot ${CHROOT} sudo -u ${CLEARNET_USER} /bin/sh -c \
+ '. /usr/local/lib/tails-shell-library/tor-browser.sh && \
+ exec_firefox -DISPLAY=:0.0 \
+ -profile /home/clearnet/.tor-browser/profile.default'
sudo -u ${SUDO_USER} xhost -SI:localuser:${CLEARNET_USER} 2>/dev/null
}