summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-includes/usr/local
diff options
context:
space:
mode:
Diffstat (limited to 'config/chroot_local-includes/usr/local')
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/end-profile2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/generate-tor-browser-profile13
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/getTorBrowserUserAgent38
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/iceweasel29
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-activate-win8-theme17
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-delete-persistent-volume2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-documentation2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-persistence-setup2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-security-check2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-start-i2p133
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper6
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tor-browser78
-rw-r--r--config/chroot_local-includes/usr/local/lib/tails-shell-library/common.sh16
-rw-r--r--config/chroot_local-includes/usr/local/lib/tails-shell-library/i2p.sh29
-rw-r--r--config/chroot_local-includes/usr/local/lib/tails-shell-library/tor-browser.sh59
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/tails-shell-library/tor.sh5
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/i2p-browser378
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-debugging-info1
-rw-r--r--config/chroot_local-includes/usr/local/sbin/tails-i2p78
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-prepare-win8-theme8
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-tor-launcher2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped4
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/unsafe-browser122
-rw-r--r--config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/README.txt9
-rw-r--r--config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome.manifest9
-rw-r--r--config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/ar-EG/amnesia.properties4
-rw-r--r--config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/de-DE/amnesia.properties4
-rw-r--r--config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/en-US/amnesia.properties4
-rw-r--r--config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/es-ES/amnesia.properties4
-rw-r--r--config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/fr-FR/amnesia.properties4
-rw-r--r--config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/it-IT/amnesia.properties4
-rw-r--r--config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/pt-BR/amnesia.properties4
-rw-r--r--config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/pt-PT/amnesia.properties4
-rw-r--r--config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/zh-CN/amnesia.properties4
-rw-r--r--config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/defaults/preferences/prefs.js4
-rw-r--r--config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/install.rdf23
36 files changed, 850 insertions, 257 deletions
diff --git a/config/chroot_local-includes/usr/local/bin/end-profile b/config/chroot_local-includes/usr/local/bin/end-profile
index cba649a..de28c5e 100755
--- a/config/chroot_local-includes/usr/local/bin/end-profile
+++ b/config/chroot_local-includes/usr/local/bin/end-profile
@@ -4,7 +4,7 @@ set -e
test -e /boot-profile.pid || exit 0
-# Wait some time hoping Tor has bootstrapped and Iceweasel is started
+# Wait some time hoping Tor has bootstrapped and Tor Browser is started
sleep 180
sudo -n /usr/local/sbin/kill-boot-profile
diff --git a/config/chroot_local-includes/usr/local/bin/generate-tor-browser-profile b/config/chroot_local-includes/usr/local/bin/generate-tor-browser-profile
new file mode 100755
index 0000000..bdb0e0c
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/bin/generate-tor-browser-profile
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -eu
+
+USER_PROFILE="${HOME}/.tor-browser"
+
+if [ -e "${USER_PROFILE}" ]; then
+ echo "A tor-browser profile already exists at: ${USER_PROFILE}" >&2
+ exit 1
+fi
+
+mkdir -p "${USER_PROFILE}"
+cp -a /etc/tor-browser/profile "${USER_PROFILE}"/profile.default
diff --git a/config/chroot_local-includes/usr/local/bin/getTorBrowserUserAgent b/config/chroot_local-includes/usr/local/bin/getTorBrowserUserAgent
index b0218d7..1e4f2da 100755
--- a/config/chroot_local-includes/usr/local/bin/getTorBrowserUserAgent
+++ b/config/chroot_local-includes/usr/local/bin/getTorBrowserUserAgent
@@ -1,29 +1,17 @@
-#!/usr/bin/perl
+#!/bin/sh
-use warnings;
-use strict;
-use 5.10.0;
-use Fatal qw( open close );
+set -eu
-sub getTorBrowserUserAgent {
- my $file = shift;
+# Import the TBB_INSTALL variable
+. /usr/local/lib/tails-shell-library/tor-browser.sh
- my $ua;
- open (my $in, "<", $file);
- while (my $line = <$in>) {
- chomp $line;
- if (($ua) = ($line =~ m/^pref[(]"general[.]useragent[.]override", "(.*)"[)];$/)) {
- last;
- }
- }
- close $in;
- return $ua;
-}
+ua="$(unzip -q -p "${TBB_INSTALL}"/browser/omni.ja \
+ defaults/preferences/000-tor-browser.js | \
+ sed -n 's@^pref("general\.useragent\.override", "\(.*\)");$@\1@p')"
-my $ua = getTorBrowserUserAgent('/etc/iceweasel/pref/000-tor-browser.js');
-if (defined $ua && $ua) {
- say $ua;
-}
-else {
- die "Unparseable file."
-}
+if [ -z "${ua}" ]; then
+ echo "Got empty user agent string" >&2
+ exit 1
+fi
+
+echo "${ua}"
diff --git a/config/chroot_local-includes/usr/local/bin/iceweasel b/config/chroot_local-includes/usr/local/bin/iceweasel
deleted file mode 100755
index eeeb348..0000000
--- a/config/chroot_local-includes/usr/local/bin/iceweasel
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/sh
-
-# Do not "set -u", else importing gettext.sh dies
-# with "ZSH_VERSION: parameter not set".
-set -e
-
-. gettext.sh
-TEXTDOMAIN="tails"
-export TEXTDOMAIN
-
-ask_for_confirmation() {
- local dialog_title="`gettext \"Tor is not ready\"`"
- local dialog_text="`gettext \"Tor is not ready. Start Tor Browser anyway?\"`"
- local dialog_start="`gettext \"Start Tor Browser\"`"
- local dialog_cancel="`gettext \"Cancel\"`"
- # zenity can't set the default button to cancel, so we switch the
- # labels and interpret the return value as its negation.
- ! zenity --question \
- --title "$dialog_title" --text="$dialog_text" \
- --cancel-label "$dialog_start" --ok-label "$dialog_cancel"
-}
-
-tor_has_bootstrapped() {
- sudo -n -u debian-tor /usr/local/sbin/tor-has-bootstrapped
-}
-
-if tor_has_bootstrapped || ask_for_confirmation; then
- exec /usr/bin/iceweasel "$@" &
-fi
diff --git a/config/chroot_local-includes/usr/local/bin/tails-activate-win8-theme b/config/chroot_local-includes/usr/local/bin/tails-activate-win8-theme
index 1e85f64..416ed2a 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-activate-win8-theme
+++ b/config/chroot_local-includes/usr/local/bin/tails-activate-win8-theme
@@ -26,18 +26,19 @@ if [ -d "$HOME/.claws-mail" ]; then
fi
fi
-# Iceweasel
+# Tor Browser
# Copy the file containing toolbars configurations
-if [ -d "$HOME/.mozilla/firefox/default" ]; then
+BROWSER_PROFILE="${HOME}/.tor-browser/profile.default"
+if [ -d "${BROWSER_PROFILE}" ]; then
cp /usr/share/tails/firefox-localstore-win8.rdf \
- ${HOME}/.mozilla/firefox/default/localstore.rdf
+ "${BROWSER_PROFILE}"/localstore.rdf
# Setup a blue lightweight theme
- cat >> ${HOME}/.mozilla/firefox/default/user.js <<EOF
-user_pref("lightweightThemes.isThemeSelected", true);
-user_pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"Unsafe Browser\",\"headerURL\":\"file:///usr/share/pixmaps/blue_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/blue_dot.png\",\"textcolor\":\"#FFFFFF\",\"accentcolor\":\"#3399FF\",\"updateDate\":0,\"installDate\":0}]");
+ cat >> "${BROWSER_PROFILE}"/preferences/0000camouflage.js <<EOF
+pref("lightweightThemes.isThemeSelected", true);
+pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"Internet Explorer\",\"headerURL\":\"file:///usr/share/pixmaps/blue_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/blue_dot.png\",\"textcolor\":\"#FFFFFF\",\"accentcolor\":\"#3399FF\",\"updateDate\":0,\"installDate\":0}]");
EOF
# Tune chrome
- cat >> ${HOME}/.mozilla/firefox/default/chrome/userChrome.css <<EOF
+ cat >> "${BROWSER_PROFILE}"/chrome/userChrome.css <<EOF
/* Camouflage */
.tab-close-button { list-style-image: url("moz-icon://stock/gtk-close-grey?size=menu") !important; }
@@ -83,7 +84,7 @@ gsettings set org.gnome.desktop.background picture-options stretched
gsettings set org.gnome.desktop.wm.preferences num-workspaces 1
# Panel
-gsettings set org.gnome.gnome-panel.layout object-id-list "['menu-button', 'iceweasel-launcher', 'claws-launcher', 'pidgin-launcher', 'keepassx-launcher', 'gnome-terminal-launcher', 'window-list', 'notification-area', 'shutdown-helper', 'clock']"
+gsettings set org.gnome.gnome-panel.layout object-id-list "['menu-button', 'tor-browser-launcher', 'claws-launcher', 'pidgin-launcher', 'keepassx-launcher', 'gnome-terminal-launcher', 'window-list', 'notification-area', 'shutdown-helper', 'clock']"
gsettings set org.gnome.gnome-panel.layout toplevel-id-list "['bottom-panel']"
gsettings set org.gnome.desktop.lockdown disable-log-out true
diff --git a/config/chroot_local-includes/usr/local/bin/tails-delete-persistent-volume b/config/chroot_local-includes/usr/local/bin/tails-delete-persistent-volume
index 965bbb6..75b8944 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-delete-persistent-volume
+++ b/config/chroot_local-includes/usr/local/bin/tails-delete-persistent-volume
@@ -5,5 +5,5 @@ set -e
RUN_AS_USER=tails-persistence-setup
xhost +SI:localuser:"$RUN_AS_USER"
-gksudo -u "$RUN_AS_USER" "/usr/bin/tails-persistence-setup --step delete"
+sudo -u "$RUN_AS_USER" /usr/bin/tails-persistence-setup --step delete $@
xhost -SI:localuser:"$RUN_AS_USER"
diff --git a/config/chroot_local-includes/usr/local/bin/tails-documentation b/config/chroot_local-includes/usr/local/bin/tails-documentation
index 7ef191d..36932d0 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-documentation
+++ b/config/chroot_local-includes/usr/local/bin/tails-documentation
@@ -17,4 +17,4 @@ else
FILE="${PAGE}.html"
fi
-exec /usr/bin/iceweasel "file://${WIKI_ROOT}/${FILE}"
+exec /usr/local/bin/tor-browser "file://${WIKI_ROOT}/${FILE}"
diff --git a/config/chroot_local-includes/usr/local/bin/tails-persistence-setup b/config/chroot_local-includes/usr/local/bin/tails-persistence-setup
index 036edba..01f029a 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-persistence-setup
+++ b/config/chroot_local-includes/usr/local/bin/tails-persistence-setup
@@ -5,5 +5,5 @@ set -e
RUN_AS_USER=tails-persistence-setup
xhost +SI:localuser:"$RUN_AS_USER"
-gksudo -u "$RUN_AS_USER" /usr/bin/tails-persistence-setup
+sudo -u "$RUN_AS_USER" /usr/bin/tails-persistence-setup $@
xhost -SI:localuser:"$RUN_AS_USER"
diff --git a/config/chroot_local-includes/usr/local/bin/tails-security-check b/config/chroot_local-includes/usr/local/bin/tails-security-check
index 44ec314..6611623 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-security-check
+++ b/config/chroot_local-includes/usr/local/bin/tails-security-check
@@ -184,7 +184,7 @@ sub is_not_fixed {
my $entry = shift;
assert_isa($entry, 'XML::Atom::Entry');
- ! grep { 'security/fixed' } categories($entry);
+ ! grep { $_ eq 'security/fixed' } categories($entry);
}
=head2 unfixed_entries
diff --git a/config/chroot_local-includes/usr/local/bin/tails-start-i2p b/config/chroot_local-includes/usr/local/bin/tails-start-i2p
deleted file mode 100755
index 1e062de..0000000
--- a/config/chroot_local-includes/usr/local/bin/tails-start-i2p
+++ /dev/null
@@ -1,133 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-use warnings;
-
-#man{{{
-
-=head1 NAME
-
-tails-start-i2p
-
-=head1 VERSION
-
-Version X.XX
-
-=head1 AUTHOR
-
-Tails dev team <amnesia@boum.org>
-See https://tails.boum.org/.
-
-=cut
-
-#}}}
-
-use Desktop::Notify;
-use Locale::gettext;
-use POSIX;
-
-### initialization
-setlocale(LC_MESSAGES, "");
-textdomain("tails");
-
-### helper subs
-
-# TODO: get router port (default 7657) from /etc/i2p/clients.config
-sub get_router_port {
- return 7657;
-}
-
-# TODO: more perlish way to do below?
-# TODO: use netstat -p, check that a child of i2psvc runs the router console
-sub router_status {
- return !system("netstat -nl -A inet,inet6 | grep -qe \"\\(127\\.0\\.0\\.1\\|::1\\):" . get_router_port() . "\"");
-}
-
-sub open_router_console {
- system("/usr/bin/iceweasel http://127.0.0.1:" . get_router_port());
-}
-
-sub start_i2psvc {
- system("/usr/bin/gksu /etc/init.d/i2p start");
-}
-
-sub stop_i2psvc {
- system("/usr/bin/gksu /etc/init.d/i2p start");
-}
-
-### main
-
-my $notify = Desktop::Notify->new();
-
-my $summary = gettext("Starting I2P...");
-my $body = gettext("The I2P router console will be opened on start.");
-
-my $notification = $notify->create(summary => $summary,
- body => $body,
- timeout => 0);
-
-$notification->show();
-
-my $tordate_done_file = '/var/run/tordate/done';
-my $tordate_wait = 0;
-
-# There was a "fix" in i2p 0.8.8 for handling clock jumps and skews which seems
-# to be broken -- a jump during i2p bootstrap leads to i2p starting in a non-
-# working state, as does starting i2p when the clock is off too much. Hence, for
-# simplicity, we make i2p dependent on tordate. The real fix will be when
-# i2p gets its act together and handles these problems correctly.
-until (-e $tordate_done_file) {
- if ($tordate_wait > 60) {
- $notification->close();
- $summary = gettext("I2P failed to start");
- $body = gettext("Make sure that you have a working Internet " .
- "connection, then try to start I2P again.");
- $notification = $notify->create(summary => $summary,
- body => $body,
- timeout => 60000);
- $notification->show();
- exit 1;
- }
- sleep(1);
- $tordate_wait++;
-}
-
-my $htpdate_done_file = '/var/run/htpdate/done';
-my $htpdate_wait = 0;
-
-# We also need to wait for htpdate for same the reason as
-# above. However, tordate will set the clock so that it is correct
-# enough for I2P to work (it can operate with +/- 2 hours clock skew)
-# so we optimistically try to start I2P even if htpdate doesn't
-# finish.
-until (-e $htpdate_done_file || $htpdate_wait > 120) {
- sleep(1);
- $htpdate_wait++;
-}
-
-start_i2psvc();
-
-my $t = 0;
-my $timeout = 180;
-while ($t < $timeout && !router_status()) {
- $t++;
- sleep 1;
-}
-
-$notification->close();
-
-if (router_status()) {
- open_router_console();
- exit 0;
-} else {
- stop_i2psvc();
- $summary = gettext("I2P failed to start");
- $body = gettext("Something went wrong when I2P was starting. Look in " .
- "the logs in the following directory for " .
- "more information:") . "\n\t/var/log/i2p/";
- $notification = $notify->create(summary => $summary,
- body => $body,
- timeout => 60000);
- $notification->show();
- exit 1;
-}
diff --git a/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper b/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper
index c6176a2..1018bd0 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper
+++ b/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper
@@ -74,9 +74,5 @@ check_free_memory "$MIN_MEMFREE" "$MIN_TOTAL_MEMFREE"
cd /
xhost +SI:localuser:"$RUN_AS_USER"
-if [ $# -gt 0 ] ; then
- gksudo -u "$RUN_AS_USER" "/usr/bin/tails-upgrade-frontend $@"
-else
- gksudo -u "$RUN_AS_USER" /usr/bin/tails-upgrade-frontend
-fi
+sudo -u "$RUN_AS_USER" /usr/bin/tails-upgrade-frontend $@
xhost -SI:localuser:"$RUN_AS_USER"
diff --git a/config/chroot_local-includes/usr/local/bin/tor-browser b/config/chroot_local-includes/usr/local/bin/tor-browser
new file mode 100755
index 0000000..09b2b2a
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/bin/tor-browser
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+
+# Do not "set -u", else importing gettext.sh dies
+# with "ZSH_VERSION: parameter not set".
+set -e
+
+. gettext.sh
+TEXTDOMAIN="tails"
+export TEXTDOMAIN
+
+PROFILE="${HOME}/.tor-browser/profile.default"
+
+# Import exec_firefox() and configure_best_tor_browser_locale()
+. /usr/local/lib/tails-shell-library/tor-browser.sh
+
+ask_for_confirmation() {
+ local dialog_title="`gettext \"Tor is not ready\"`"
+ local dialog_text="`gettext \"Tor is not ready. Start Tor Browser anyway?\"`"
+ local dialog_start="`gettext \"Start Tor Browser\"`"
+ local dialog_cancel="`gettext \"Cancel\"`"
+ # zenity can't set the default button to cancel, so we switch the
+ # labels and interpret the return value as its negation.
+ ! zenity --question \
+ --title "$dialog_title" --text="$dialog_text" \
+ --cancel-label "$dialog_start" --ok-label "$dialog_cancel"
+}
+
+tor_has_bootstrapped() {
+ sudo -n -u debian-tor /usr/local/sbin/tor-has-bootstrapped
+}
+
+# Workaround bug #8036 by copying any localized search plugins into
+# the profile.
+enable_localized_searchplugins() {
+ local locale plugin
+ locale=$(cat "${PROFILE}"/preferences/0000locale.js | \
+ sed 's@^pref("general\.useragent\.locale", "\([^"]*\)");$@\1@')
+ if [ "${locale}" = en-US ] || [ -e "${PROFILE}"/searchplugins ]; then
+ return
+ fi
+ # Fallback to a similar locale if there is no exact match
+ plugin="$(ls -1 "${TBB_INSTALL}"/distribution/searchplugins/locale/ | grep -m1 "^${locale}\(-[A-Z]\+\)\?$" || true)"
+ if [ -n "${plugin}" ]; then
+ mkdir -p "${PROFILE}"/searchplugins
+ # The plugins do not load if they are symlinks
+ cp --dereference "${TBB_INSTALL}"/distribution/searchplugins/locale/"${plugin}"/* "${PROFILE}"/searchplugins
+ fi
+}
+
+start_browser() {
+ if [ ! -d "${PROFILE}" ]; then
+ /usr/local/bin/generate-tor-browser-profile
+ fi
+
+ configure_best_tor_browser_locale "${PROFILE}"
+
+ # Workaround bug #8036
+ enable_localized_searchplugins
+
+ if [ -z "$XAUTHORITY" ]; then
+ XAUTHORITY=~/.Xauthority
+ export XAUTHORITY
+ fi
+
+ unset SESSION_MANAGER
+
+ exec_firefox -allow-remote --class "Tor Browser" -profile "${PROFILE}" "${@}"
+}
+
+
+if tor_has_bootstrapped || ask_for_confirmation; then
+ # Torbutton 1.5.1+ uses those environment variables
+ export TOR_SOCKS_HOST='127.0.0.1'
+ export TOR_SOCKS_PORT='9150'
+
+ start_browser "${@}"
+fi
diff --git a/config/chroot_local-includes/usr/local/lib/tails-shell-library/common.sh b/config/chroot_local-includes/usr/local/lib/tails-shell-library/common.sh
new file mode 100644
index 0000000..f490a16
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/common.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+wait_until() {
+ local timeout check_expr delay timeout_at
+ timeout="${1}"
+ check_expr="${2}"
+ delay="${3:-1}"
+ timeout_at=$(expr $(date +%s) + ${timeout})
+ until eval "${check_expr}"; do
+ if [ "$(date +%s)" -ge "${timeout_at}" ]; then
+ return 1
+ fi
+ sleep ${delay}
+ done
+ return 0
+}
diff --git a/config/chroot_local-includes/usr/local/lib/tails-shell-library/i2p.sh b/config/chroot_local-includes/usr/local/lib/tails-shell-library/i2p.sh
new file mode 100644
index 0000000..62e9511
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/i2p.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+I2P_CONFIG="/var/lib/i2p/i2p-config"
+I2P_TUNNEL_CONFIG="${I2P_CONFIG}/i2ptunnel.config"
+
+i2p_eep_proxy_address() {
+ # We retrieve the host and port number from the I2P profile This
+ # shouldn't be anywhere other than 127.0.0.1:4444 but in case
+ # someone modifies the hook scripts or the default changes in I2P,
+ # this check should still work
+ local listen_host listen_port
+ listen_host=$(awk -F= '/^tunnel\.0\.interface/{print $2}' \
+ "${I2P_TUNNEL_CONFIG}")
+ listen_port=$(awk -F= '/^tunnel\.0\.listenPort/{print $2}' \
+ "${I2P_TUNNEL_CONFIG}")
+ echo ${listen_host}:${listen_port}
+}
+
+i2p_has_bootstrapped() {
+ netstat -4nlp | grep -qwF "$(i2p_eep_proxy_address)"
+}
+
+i2p_router_console_address() {
+ echo 127.0.0.1:7657
+}
+
+i2p_router_console_is_ready() {
+ netstat -4nlp | grep -qwF "$(i2p_router_console_address)"
+}
diff --git a/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor-browser.sh b/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor-browser.sh
new file mode 100644
index 0000000..93fe389
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor-browser.sh
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+TBB_INSTALL=/usr/local/lib/tor-browser
+TBB_PROFILE=/etc/tor-browser/profile
+TBB_EXT=/usr/local/share/tor-browser-extensions
+TOR_LAUNCHER_LOCALES_DIR=/usr/share/tor-launcher-standalone/chrome/locale
+
+exec_firefox() {
+ LD_LIBRARY_PATH="${TBB_INSTALL}"
+ export LD_LIBRARY_PATH
+ exec "${TBB_INSTALL}"/firefox "${@}"
+}
+
+guess_best_tor_browser_locale() {
+ local long_locale short_locale
+ long_locale="$(echo ${LANG} | sed -e 's/\..*$//' -e 's/_/-/')"
+ short_locale="$(echo ${long_locale} | cut -d"-" -f1)"
+ if [ -e "${TBB_EXT}/langpack-${long_locale}@firefox.mozilla.org.xpi" ]; then
+ echo ${long_locale}
+ elif ls -1 "${TBB_EXT}" | grep -q "^langpack-${short_locale}\(-[A-Z]\+\)\?@firefox.mozilla.org.xpi$"; then
+ # If we use locale xx-YY and there is no langpack for xx nor
+ # xx-YY but there is one for xx-ZZ, then Firefox is smart
+ # enough to use the xx-ZZ langpack if we set the locale to xx.
+ echo ${short_locale}
+ else
+ echo en-US
+ fi
+}
+
+guess_best_tor_launcher_locale() {
+ local long_locale short_locale
+ long_locale="$(echo ${LANG} | sed -e 's/\..*$//' -e 's/_/-/')"
+ short_locale="$(echo ${long_locale} | cut -d"-" -f1)"
+ if [ -e "${TOR_LAUNCHER_LOCALES_DIR}/${long_locale}" ]; then
+ echo ${long_locale}
+ elif ls -1 "${TOR_LAUNCHER_LOCALES_DIR}" | grep -q "^${short_locale}\(-[A-Z]\+\)\?$"; then
+ # See comment in guess_best_firefox_locale()
+ echo ${short_locale}
+ else
+ echo en-US
+ fi
+}
+
+configure_xulrunner_app_locale() {
+ local profile locale
+ profile="${1}"
+ locale="${2}"
+ mkdir -p "${profile}"/preferences
+ echo "pref(\"general.useragent.locale\", \"${locale}\");" > \
+ "${profile}"/preferences/0000locale.js
+}
+
+configure_best_tor_browser_locale() {
+ configure_xulrunner_app_locale "${1}" "$(guess_best_tor_browser_locale)"
+}
+
+configure_best_tor_launcher_locale() {
+ configure_xulrunner_app_locale "${1}" "$(guess_best_tor_launcher_locale)"
+}
diff --git a/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor.sh b/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor.sh
index c06ae7d..6139a45 100755
--- a/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor.sh
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor.sh
@@ -48,7 +48,10 @@ tor_bootstrap_progress() {
#}
tor_is_working() {
- [ -e $TOR_DESCRIPTORS ] || [ -e $NEW_TOR_DESCRIPTORS ]
+ [ -e $TOR_DESCRIPTORS ] || [ -e $NEW_TOR_DESCRIPTORS ] || return 1
+
+ TOR_BOOTSTRAP_PROGRESS=$(tor_bootstrap_progress)
+ [ -n "$TOR_BOOTSTRAP_PROGRESS" ] && [ "$TOR_BOOTSTRAP_PROGRESS" -eq 100 ]
}
tor_append_to_torrc () {
diff --git a/config/chroot_local-includes/usr/local/sbin/i2p-browser b/config/chroot_local-includes/usr/local/sbin/i2p-browser
new file mode 100755
index 0000000..9ec76b8
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/sbin/i2p-browser
@@ -0,0 +1,378 @@
+#!/bin/sh
+
+set -e
+
+# This isn't very useful without I2P...
+grep -qw "i2p" /proc/cmdline || exit 0
+
+CMD=$(basename ${0})
+LOCK=/var/lock/${CMD}
+
+. gettext.sh
+TEXTDOMAIN="tails"
+export TEXTDOMAIN
+
+. /usr/local/lib/tails-shell-library/i2p.sh
+
+ROFS=/lib/live/mount/rootfs/filesystem.squashfs
+CONF_DIR=/var/lib/i2p-browser
+COW=${CONF_DIR}/cow
+CHROOT=${CONF_DIR}/chroot
+BROWSER_USER=i2pbrowser
+TBB_PREFS="/etc/tor-browser/profile/preferences"
+START_PAGE="http://127.0.0.1:7657"
+
+# Import the TBB_INSTALL, TBB_EXT and TBB_PROFILE variables, and
+# exec_firefox(), configure_xulrunner_app_locale() and
+# guess_best_tor_browser_locale()
+. /usr/local/lib/tails-shell-library/tor-browser.sh
+
+NOSCRIPT="${TBB_EXT}/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi"
+TORBUTTON="${TBB_EXT}/torbutton@torproject.org"
+NAME="`gettext \"I2P Browser\"`"
+
+if [ -e /var/lib/gdm3/tails.camouflage ]; then
+ CAMOUFLAGE=yes
+fi
+
+cleanup () {
+ # Break down the chroot and kill all of its processes
+ local counter=0
+ local ret=0
+ while [ "${counter}" -le 10 ] && \
+ pgrep -u ${BROWSER_USER} 1>/dev/null 2>&1; do
+ pkill -u ${BROWSER_USER} 1>/dev/null 2>&1
+ ret=${?}
+ sleep 1
+ counter=$((${counter}+1))
+ done
+ [ ${ret} -eq 0 ] || pkill -9 -u ${BROWSER_USER} 1>/dev/null 2>&1
+ for mnt in ${CHROOT}/dev ${CHROOT}/proc ${CHROOT} ${COW}; do
+ counter=0
+ while [ "${counter}" -le 10 ] && mountpoint -q ${mnt} 2>/dev/null; do
+ umount ${mnt} 2>/dev/null
+ sleep 1
+ counter=$((${counter}+1))
+ done
+ done
+ rmdir ${COW} ${CHROOT} 2>/dev/null
+}
+
+error () {
+ local cli_text="${CMD}: `gettext \"error:\"` ${@}"
+ local dialog_text="<b><big>`gettext \"Error\"`</big></b>
+
+${@}"
+ echo "${cli_text}" >&2
+ sudo -u ${SUDO_USER} zenity --error --title "" --text "${dialog_text}"
+ exit 1
+}
+
+verify_start () {
+ # Make sure the user really wants to start the browser in case the router console isn't available
+ local dialog_msg="<b><big>`gettext \"Do you still want to launch I2P Browser?\"`</big></b>
+
+`gettext \"The I2P router console is not ready.\"`"
+ local launch="`gettext \"_Launch\"`"
+ local exit="`gettext \"_Exit\"`"
+ # Since zenity can't set the default button to cancel, we switch the
+ # labels and interpret the return value as its negation.
+ if sudo -u ${SUDO_USER} zenity --question --title "" --ok-label "${exit}" \
+ --cancel-label "${launch}" --text "${dialog_msg}"; then
+ exit 0
+ fi
+}
+
+show_start_notification () {
+ local title="`gettext \"Starting the I2P Browser...\"`"
+ local body="`gettext \"This may take a while, so please be patient.\"`"
+ tails-notify-user "${title}" "${body}" 10000
+}
+
+setup_chroot () {
+ # Setup a chroot on an aufs "fork" of the filesystem.
+ # FIXME: When LXC matures to the point where it becomes a viable option
+ # for creating isolated jails, the chroot can be used as its rootfs.
+ echo "* Setting up chroot"
+
+ trap cleanup INT
+ trap cleanup EXIT
+
+ mkdir -p ${COW} ${CHROOT} && \
+ mount -t tmpfs tmpfs ${COW} && \
+ mount -t aufs -o noatime,noxino,dirs=${COW}=rw:${ROFS}=rr+wh aufs ${CHROOT} && \
+ mount -t proc proc ${CHROOT}/proc && \
+ mount --bind /dev ${CHROOT}/dev || \
+ error "`gettext \"Failed to setup chroot.\"`"
+
+ # Workaround for todo/buggy_aufs_vs_unsafe-browser
+ chmod -t ${COW}
+}
+
+set_chroot_browser_name () {
+ NAME="${1}"
+ LOCALE="${2}"
+ EXT_DIR=${CHROOT}/"${TBB_EXT}"
+ BRANDING=branding/brand.dtd
+ if [ "${LOCALE}" != en-US ]; then
+ PACK="${EXT_DIR}/langpack-${LOCALE}@firefox.mozilla.org.xpi"
+ TOP=browser/chrome
+ REST=${LOCALE}/locale
+ else
+ PACK="${CHROOT}/${TBB_INSTALL}/browser/omni.ja"
+ TOP=chrome
+ REST=en-US/locale
+ fi
+ TMP=$(mktemp -d)
+ # Non-zero exit code due to non-standard ZIP archive.
+ # The following steps will fail soon if the extraction failed anyway.
+ unzip -d "${TMP}" "${PACK}" || true
+ sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${NAME}\">/" "${TMP}/${TOP}/${REST}/${BRANDING}"
+ rm "${PACK}"
+ (cd $TMP ; 7z a -tzip "${PACK}" .)
+ chmod a+r "${PACK}"
+ rm -Rf "${TMP}"
+}
+
+configure_chroot () {
+ echo "* Configuring chroot"
+
+ # Prevent sudo from complaining about failing to resolve the 'amnesia' host
+ echo "127.0.0.1 localhost amnesia" > ${CHROOT}/etc/hosts
+
+ # Keep the NoScript and TorButton addons
+ chroot ${CHROOT} dpkg -l 'xul-ext*' |grep -v 'noscript\|torbutton' \
+ | awk '/^ii/{print $2}' | xargs -r chroot ${CHROOT} dpkg --remove
+
+ # Create a fresh Tor Browser profile for the i2pbrowser user
+ BROWSER_PROFILE="${CHROOT}/home/${BROWSER_USER}/.tor-browser/profile.default"
+ BROWSER_EXT="${BROWSER_PROFILE}/extensions"
+ mkdir -p "${BROWSER_EXT}"
+ ln -s "${NOSCRIPT}" "${BROWSER_EXT}"
+ # TorButton forces the Browser name to Tor Browser. This hack is to undo that and set it to I2P Browser
+ # to try to prevent user confusion.
+ TMP=$(mktemp -d)
+ cp -a /usr/share/xul-ext/torbutton/ $TMP
+ for LANGPACK in $(ls ${TBB_PROFILE}/extensions/langpack-*.xpi); do
+ ln -s "${LANGPACK}" "${BROWSER_EXT}"
+ done
+ find $TMP/torbutton -name 'brand.dtd' -print0 | \
+ xargs -0 -r sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${NAME}\">/"
+ cd $TMP/torbutton && 7z a -tzip "${BROWSER_EXT}/torbutton@torproject.org.xpi" .
+ rm -r $TMP
+ BROWSER_PREF_DIR="${BROWSER_PROFILE}/preferences"
+ BROWSER_PREFS="${BROWSER_PREF_DIR}/prefs.js"
+ mkdir -p "${BROWSER_PREF_DIR}"
+
+ # Selectively copy the TBB prefs we want
+ sed '/\(security\|update\|download\|spell\|noscript\|torbrowser\|torbutton\)/!d' $TBB_PREFS/0000tails.js > \
+ ${BROWSER_PREF_DIR}/0000tails.js
+ sed '/\(capability\|noscript\|torbutton\)/!d' ${TBB_PREFS}/extension-overrides.js > \
+ ${BROWSER_PREF_DIR}/extension-overrides.js
+
+ # Localization
+ BEST_LOCALE="$(guess_best_tor_browser_locale)"
+ configure_xulrunner_app_locale "${BROWSER_PROFILE}" "${BEST_LOCALE}"
+
+ # Prevent File -> Print or CTRL+P from causing the browser to hang
+ # for several minutes while trying to communicate with CUPS, since
+ # access to port 631 isn't allowed through.
+ echo 'user_pref("print.postscript.cups.enabled", false);' >> \
+ ${BROWSER_PREFS}
+
+ # Set the name (e.g. window title) of the browser
+ set_chroot_browser_name "`gettext \"I2P Browser\"`" "${BEST_LOCALE}"
+
+ # Set start page to the router console
+ echo 'user_pref("browser.startup.homepage", "'${START_PAGE}'");' >> \
+ ${BROWSER_PREFS}
+
+
+ # Disable searching from the URL bar
+ echo 'user_pref("keyword.enabled", false);' >> \
+ ${BROWSER_PREFS}
+ # Hide "Get Addons" in Add-ons manager
+ echo 'user_pref("extensions.getAddons.showPane", false);' >> \
+ ${BROWSER_PREFS}
+ # add the I2P proxy to all protocols
+ cat > "${BROWSER_PREF_DIR}/i2p.js" << EOF
+user_pref("extensions.torbutton.http_port", 4444);
+user_pref("extensions.torbutton.http_proxy", "127.0.0.1");
+user_pref("extensions.torbutton.https_port", 4444);
+user_pref("extensions.torbutton.https_proxy", "127.0.0.1");
+user_pref("extensions.torbutton.custom.ftp_port", 4444);
+user_pref("extensions.torbutton.custom.ftp_proxy", "127.0.0.1");
+user_pref("extensions.torbutton.custom.http_port", 4444);
+user_pref("extensions.torbutton.custom.http_proxy", "127.0.0.1");
+user_pref("extensions.torbutton.custom.https_port", 4444);
+user_pref("extensions.torbutton.custom.https_proxy", "127.0.0.1");
+user_pref("extensions.torbutton.ftp_port", 4444);
+user_pref("extensions.torbutton.ftp_proxy", "127.0.0.1");
+user_pref("extensions.torbutton.gopher_port", 4444);
+user_pref("extensions.torbutton.gopher_proxy", "127.0.0.1");
+user_pref("extensions.torbutton.inserted_button", true);
+user_pref("extensions.torbutton.settings_method", "custom");
+user_pref("network.proxy.ftp", "127.0.0.1");
+user_pref("network.proxy.ftp_port", 4444);
+user_pref("network.proxy.http", "127.0.0.1");
+user_pref("network.proxy.http_port", 4444);
+user_pref("network.proxy.no_proxies_on", "127.0.0.1");
+user_pref("network.proxy.ssl", "127.0.0.1");
+user_pref("network.proxy.ssl_port", 4444);
+EOF
+ # Hide options in the I2P Browser.
+ # It would be good to implement the ability to persist the browser profile in the
+ # future. At that point, the Bookmark functionality could be restored.
+ BROWSER_CHROME="${BROWSER_PROFILE}/chrome/userChrome.css"
+ mkdir -p "$(dirname "${BROWSER_CHROME}")"
+ cat > ${BROWSER_CHROME} << EOF
+/* Required, do not remove */
+@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
+
+/* Hide access to the bookmarks to try to prevent "data loss" due to users
+ * adding bookmarks even though the profile is destroyed at browser close.
+ * Keyboard shortcuts still work, but this makes it harder to 'accidentally'
+ * lose bookmarks.
+ *
+ * Note that any of the selectors that start with 'app' apply to the menu that
+ * is used if the main menu is hidden. Any that start with 'wrapper' are
+ * buttons that are normally visible within the 'customize toolbar' option. The
+ * others are probably self-explanatory.
+ */
+
+/* Remove the History and Bookmarks menus and buttons */
+#appmenu_bookmarks,
+#appmenu_history,
+#bookmarks,
+#bookmarks-menu-button,
+#bookmarksMenu,
+#history,
+#history-menu,
+#history-menu-button,
+#wrapper-history-button,
+#wrapper-bookmarks-button,
+
+/* Hide the sidebar menu (underneath View) since the default sidebars consist
+ * of history and bookmarks. Also disable the bookmark toolbar.
+ */
+#toggle_PersonalToolbar,
+#viewSidebarMenuMenu,
+
+/* Remove the "Star button" and "History Dropdown arrow" from the URL bar
+ * since neither history nor bookmarks are saved.
+ */
+#star-button,
+[anonid="historydropmarker"],
+
+/* Remove bookmark options from the context menus */
+#context-bookmarkframe,
+#context-bookmarklink,
+#context-bookmarkpage,
+
+/* Hide the option for emailing links since it's doomed to failure
+ * without a configured email client.
+ */
+menuitem[command="Browser:SendLink"],
+
+/* Hide Print options */
+/*
+#menu_printSetup,
+#menu_printPreview,
+#menu_print,
+#menu_print + menuseparator,
+[command="cmd_print"],
+*/
+
+/* Hide the sync functionality which won't work with I2P */
+#BrowserPreferences radio[pane="paneSync"],
+#sync-button,
+#sync-menu-button,
+#sync-setup,
+#sync-setup-appmenu,
+#sync-status-button,
+#sync-syncnowitem-appmenu,
+#wrapper-sync-button,
+
+/* Without I2P search engines defined, the search bar is useless.
+ * Since there are no I2P search engines added to Tails (yet),
+ * let's hide it and the Update Pane in Firefox's Preferences.
+ */
+#search-container,
+#updateTab,
+
+/* Hide options in the Help menu that lead to disallowed resources on the
+ * Internet.
+ */
+#appmenu_feedbackPage,
+#appmenu_gettingStarted,
+#appmenu_openHelp,
+#feedbackPage,
+#gettingStarted,
+#menu_HelpPopup_reportPhishingtoolmenu,
+#menu_openHelp,
+
+/* Hide TorBrowser Health Report and its configuration option */
+#appmenu_healthReport,
+#dataChoicesTab,
+#healthReport
+
+/* Now the actual hiding */
+{display: none !important}
+EOF
+ rm -rf ${BROWSER_EXT}/branding@amnesia.boum.org
+
+ # Remove all bookmarks
+ rm -f "${CHROOT}/${TBB_PROFILE}/bookmarks.html"
+ rm -f ${BROWSER_PROFILE}/bookmarks.html
+ rm -f ${BROWSER_PROFILE}/places.sqlite
+
+ chown -R ${BROWSER_USER}:${BROWSER_USER} "${CHROOT}/home/${BROWSER_USER}/.tor-browser"
+
+ # Change the theme when not using Windows camouflage
+ if [ -z "${CAMOUFLAGE}" ]; then
+ cat >> ${BROWSER_PREFS} <<EOF
+user_pref("lightweightThemes.isThemeSelected", true);
+user_pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"I2P Browser\",\"headerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"textcolor\":\"#FFFFFF\",\"accentcolor\":\"#66ABEB\",\"updateDate\":0,\"installDate\":0}]");
+EOF
+ else
+ # The camouflage activation script requires a dbus server for
+ # properly configuring GNOME, so we start one in the chroot
+ chroot ${CHROOT} sudo -H -u ${BROWSER_USER} sh -c 'eval `dbus-launch --auto-syntax`; tails-activate-win8-theme' || :
+ fi
+
+}
+
+run_browser_in_chroot () {
+ # Start Iceweasel in the chroot
+ echo "* Starting I2P Browser"
+
+ sudo -u ${SUDO_USER} xhost +SI:localuser:${BROWSER_USER} 2>/dev/null
+ chroot ${CHROOT} sudo -u ${BROWSER_USER} /bin/sh -c \
+ ". /usr/local/lib/tails-shell-library/tor-browser.sh && \
+ exec_firefox -DISPLAY=:0.0 \
+ -profile /home/${BROWSER_USER}/.tor-browser/profile.default"
+ sudo -u ${SUDO_USER} xhost -SI:localuser:${BROWSER_USER} 2>/dev/null
+}
+
+show_shutdown_notification () {
+ local title="`gettext \"Shutting down the I2P Browser...\"`"
+ local body="`gettext \"This may take a while, and you may not restart the I2P Browser until it is properly shut down.\"`"
+ tails-notify-user "${title}" "${body}" 10000
+}
+
+# Prevent multiple instances of the script.
+exec 9>${LOCK}
+if ! flock -x -n 9; then
+ error "`gettext \"Another I2P Browser is currently running, or being cleaned up. Please retry in a while.\"`"
+fi
+
+if ! i2p_router_console_is_ready; then
+ verify_start
+fi
+show_start_notification
+setup_chroot
+configure_chroot
+run_browser_in_chroot
+show_shutdown_notification
+
+exit 0
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-debugging-info b/config/chroot_local-includes/usr/local/sbin/tails-debugging-info
index a3ea360..396862f 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-debugging-info
+++ b/config/chroot_local-includes/usr/local/sbin/tails-debugging-info
@@ -34,3 +34,4 @@ debug_file "/var/log/live/boot.log"
debug_file "/var/log/live/config.log"
debug_file "/var/lib/gdm3/tails.persistence"
debug_file "/var/lib/live/config/tails.physical_security"
+debug_file "/live/persistence/TailsData_unlocked/persistence.conf"
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-i2p b/config/chroot_local-includes/usr/local/sbin/tails-i2p
new file mode 100644
index 0000000..a70739c
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/sbin/tails-i2p
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+set -e
+
+# Get LANG
+. /etc/default/locale
+export LANG
+
+# Initialize gettext support
+. gettext.sh
+TEXTDOMAIN="tails"
+export TEXTDOMAIN
+
+# Must be set after gettext initialization
+set -u
+
+# Import wait_until()
+. /usr/local/lib/tails-shell-library/common.sh
+# Import i2p_has_bootstrapped() and i2p_router_console_is_ready()
+. /usr/local/lib/tails-shell-library/i2p.sh
+
+I2P_STARTUP_TIMEOUT=60
+# We'll give up once 6 minutes have passed. Even with ridiculously
+# subpar network conditions I've not seen bootstrapping take longer
+# than this.
+I2P_BOOTSTRAP_TIMEOUT=360
+
+startup_failure() {
+ /usr/local/sbin/tails-notify-user \
+ "`gettext \"I2P failed to start\"`" \
+ "`gettext \"Something went wrong when I2P was starting. Check the logs in /var/log/i2p for more information.\"`"
+ service i2p stop # clean up, just in case
+ exit 1
+}
+
+wait_until_i2p_router_console_is_ready() {
+ wait_until ${I2P_STARTUP_TIMEOUT} i2p_router_console_is_ready
+}
+
+notify_router_console_success() {
+ /usr/local/sbin/tails-notify-user \
+ "`gettext \"I2P's router console is ready\"`" \
+ "`gettext \"You can now access I2P's router console on http://127.0.0.1:7657.\"`"
+}
+
+bootstrap_failure() {
+ /usr/local/sbin/tails-notify-user \
+ "`gettext \"I2P is not ready\"`" \
+ "`gettext \"Eepsite tunnel not built within six minutes. Check the router console at http://127.0.0.1:7657/logs or the logs in /var/log/i2p for more information. Reconnect to the network to try again.\"`"
+ exit 1
+}
+
+wait_until_i2p_has_bootstrapped() {
+ wait_until ${I2P_BOOTSTRAP_TIMEOUT} i2p_has_bootstrapped
+}
+
+notify_bootstrap_success() {
+ /usr/local/sbin/tails-notify-user \
+ "`gettext \"I2P is ready\"`" \
+ "`gettext \"You can now access services on I2P.\"`"
+}
+
+case "${1}" in
+ start|restart)
+ service i2p restart
+ wait_until_i2p_router_console_is_ready || startup_failure
+ notify_router_console_success
+ wait_until_i2p_has_bootstrapped || bootstrap_failure
+ notify_bootstrap_success
+ ;;
+ stop)
+ exec service i2p stop
+ ;;
+ *)
+ echo "invalid argument '${1}'" >&2
+ exit 1
+ ;;
+esac
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-prepare-win8-theme b/config/chroot_local-includes/usr/local/sbin/tails-prepare-win8-theme
index 4713acb..0dff63b 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-prepare-win8-theme
+++ b/config/chroot_local-includes/usr/local/sbin/tails-prepare-win8-theme
@@ -4,6 +4,9 @@
# be run as the desktop user. It consists mainly of ugly workarounds. Running this
# script will change the system until next reboot.
+# Import the TBB_INSTALL variable
+. /usr/local/lib/tails-shell-library/tor-browser.sh
+
# Activate the camouflage for the next session
install -m 0644 \
/usr/share/applications/tails-activate-win8-theme.desktop \
@@ -16,8 +19,9 @@ for icon in /usr/share/icons/hicolor/*/apps/pidgin.png; do
ln -s "/usr/share/icons/Windows8/apps/pidgin.png" "$icon"
done
-# Set iceweasel application icon
-for icon in /usr/share/iceweasel/browser/chrome/icons/default/*; do
+# Set Tor Browser application icon
+for icon in "${TBB_INSTALL}"/browser/chrome/icons/default/*.png \
+ "${TBB_INSTALL}"/browser/icons/*.png; do
rm "$icon"
ln -s "/usr/share/icons/Windows8/apps/iceweasel.png" "$icon"
done
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-tor-launcher b/config/chroot_local-includes/usr/local/sbin/tails-tor-launcher
index 5cda089..24b50af 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-tor-launcher
+++ b/config/chroot_local-includes/usr/local/sbin/tails-tor-launcher
@@ -35,6 +35,6 @@ RET=${?}
sudo -u ${LIVE_USERNAME} xhost -SI:localuser:tor-launcher
# Save ~10 RAM (due to the tmpfs) by removing this unused file
-rm -f /home/tor-launcher/.torproject/.torlauncher/*.default/places.sqlite
+rm -f /usr/Data/Browser/*.default/places.sqlite
exit ${RET}
diff --git a/config/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped b/config/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped
index 66cb0d3..db36b20 100755
--- a/config/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped
+++ b/config/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped
@@ -6,6 +6,4 @@
# Import tor_bootstrap_progress()
. /usr/local/lib/tails-shell-library/tor.sh
-TOR_BOOTSTRAP_PROGRESS=$(tor_bootstrap_progress)
-
-[ -n "$TOR_BOOTSTRAP_PROGRESS" ] && [ "$TOR_BOOTSTRAP_PROGRESS" -eq 100 ]
+tor_is_working
diff --git a/config/chroot_local-includes/usr/local/sbin/unsafe-browser b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
index 27b3882..5188c0b 100755
--- a/config/chroot_local-includes/usr/local/sbin/unsafe-browser
+++ b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
@@ -18,6 +18,11 @@ CLEARNET_USER=clearnet
# Import tor_is_working()
. /usr/local/lib/tails-shell-library/tor.sh
+# Import the TBB_INSTALL, TBB_EXT and TBB_PROFILE variables, and
+# exec_firefox(), configure_xulrunner_app_locale() and
+# guess_best_tor_browser_locale()
+. /usr/local/lib/tails-shell-library/tor-browser.sh
+
WARNING_PAGE='/usr/share/doc/tails/website/misc/unsafe_browser_warning'
LANG_CODE="$(echo ${LANG} | head -c 2)"
if [ -r "${WARNING_PAGE}.${LANG_CODE}.html" ]; then
@@ -106,29 +111,23 @@ setup_chroot () {
set_chroot_browser_name () {
NAME="${1}"
- LONG=$(echo ${LANG} | grep -o "^[a-zA-Z_]*")
- SHORT=${LONG%%_*}
- EXT_DIR=${CHROOT}/usr/lib/iceweasel/browser/extensions
+ LOCALE="${2}"
+ EXT_DIR=${CHROOT}/"${TBB_EXT}"
BRANDING=branding/brand.dtd
- if [ -e "${EXT_DIR}/langpack-${LONG}@iceweasel.mozilla.org.xpi" ]; then
- PACK="${EXT_DIR}/langpack-${LONG}@iceweasel.mozilla.org.xpi"
- TOP=browser/chrome
- REST=${LONG}/locale
- elif [ -e "${EXT_DIR}/langpack-${SHORT}@iceweasel.mozilla.org.xpi" ]; then
- PACK="${EXT_DIR}/langpack-${SHORT}@iceweasel.mozilla.org.xpi"
+ if [ "${LOCALE}" != en-US ]; then
+ PACK="${EXT_DIR}/langpack-${LOCALE}@firefox.mozilla.org.xpi"
TOP=browser/chrome
- REST=${SHORT}/locale
+ REST=${LOCALE}/locale
else
- PACK=${CHROOT}/usr/share/iceweasel/browser/chrome/en-US.jar
- TOP=locale
- REST=
+ PACK="${CHROOT}/${TBB_INSTALL}/browser/omni.ja"
+ TOP=chrome
+ REST=en-US/locale
fi
-
TMP=$(mktemp -d)
# Non-zero exit code due to non-standard ZIP archive.
# The following steps will fail soon if the extraction failed anyway.
unzip -d "${TMP}" "${PACK}" || true
- sed -i "s/Iceweasel/${NAME}/" "${TMP}"/"${TOP}"/"${REST}"/"${BRANDING}"
+ sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${NAME}\">/" "${TMP}/${TOP}/${REST}/${BRANDING}"
rm "${PACK}"
(cd $TMP ; 7z a -tzip "${PACK}" .)
chmod a+r "${PACK}"
@@ -145,58 +144,91 @@ configure_chroot () {
done
chmod a+r ${CHROOT}/etc/resolv.conf
- # Remove all Iceweasel addons: some adds proxying, which we don't
+ # Remove all addons: some adds proxying, which we don't
# want; some may change the fingerprint compared to a standard
- # Iceweasel install. Note: We cannot use apt-get since we don't ship its
+ # Firefox install. Note: We cannot use apt-get since we don't ship its
# lists (#6531). Too bad, APT supports globbing, while dkpg does not.
dpkg -l 'xul-ext-*' | /bin/grep '^ii' | awk '{print $2}' | \
xargs chroot ${CHROOT} dpkg --remove
- # Create a fresh Iceweasel profile for the clearnet user
- cp -a ${CHROOT}/etc/skel/.mozilla/ ${CHROOT}/home/clearnet/
- chown -R clearnet:clearnet ${CHROOT}/home/clearnet/.mozilla/
- CLEARNET_PROFILE=${CHROOT}/home/clearnet/.mozilla/firefox/default
+ # Create a fresh browser profile for the clearnet user
+ CLEARNET_PROFILE="${CHROOT}"/home/clearnet/.tor-browser/profile.default
+
+ CLEARNET_EXT="${CLEARNET_PROFILE}"/extensions
+ mkdir -p "${CLEARNET_EXT}"
+ cp -Pr "${TBB_PROFILE}"/extensions/langpack-*.xpi "${CLEARNET_EXT}"
+
+ CLEARNET_PREFS="${CLEARNET_PROFILE}"/preferences/prefs.js
+ mkdir -p "$(dirname "${CLEARNET_PREFS}")"
+
+ # Localization
+ BEST_LOCALE="$(guess_best_tor_browser_locale)"
+ configure_xulrunner_app_locale "${CLEARNET_PROFILE}" "${BEST_LOCALE}"
# Disable proxying in the chroot
- sed -r -i '/^(user_|)pref\("network\.proxy\..*",/d' \
- ${CLEARNET_PROFILE}/*.js
- echo 'user_pref("network.proxy.type", 0);' >> \
- ${CLEARNET_PROFILE}/user.js
- echo 'user_pref("network.proxy.socks_remote_dns", false);' >> \
- ${CLEARNET_PROFILE}/user.js
- rm -rf ${CLEARNET_PROFILE}/extensions
-
- # Set a scary theme (except if we're using Windows camouflage)
- if [ -z "${CAMOUFLAGE}" ]; then
- cat >> ${CLEARNET_PROFILE}/user.js <<EOF
-user_pref("lightweightThemes.isThemeSelected", true);
-user_pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"Unsafe Browser\",\"headerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"textcolor\":\"#FFFFFF\",\"accentcolor\":\"#CC0000\",\"updateDate\":0,\"installDate\":0}]");
-EOF
- else
- # The camouflage activation script requires a dbus server for
- # properly configuring GNOME, so we start one in the chroot
- chroot ${CHROOT} sudo -H -u clearnet sh -c 'eval `dbus-launch --auto-syntax`; tails-activate-win8-theme' || :
- fi
+ echo 'pref("network.proxy.type", 0);' >> "${CLEARNET_PREFS}"
+ echo 'pref("network.proxy.socks_remote_dns", false);' >> "${CLEARNET_PREFS}"
+
+ # Prevent File -> Print or CTRL+P from causing the browser to hang
+ # for several minutes while trying to communicate with CUPS, since
+ # access to port 631 isn't allowed through.
+ echo 'pref("print.postscript.cups.enabled", false);' >> "${CLEARNET_PREFS}"
+ # Hide "Get Addons" in Add-ons manager
+ echo 'user_pref("extensions.getAddons.showPane", false);' >> "${CLEARNET_PREFS}"
# Set the name (e.g. window title) of the browser
- set_chroot_browser_name "`gettext \"Unsafe Browser\"`"
+ set_chroot_browser_name "`gettext \"Unsafe Browser\"`" "${BEST_LOCALE}"
# Set start page to something that explains what's going on
echo 'user_pref("browser.startup.homepage", "'${START_PAGE}'");' >> \
- ${CLEARNET_PROFILE}/user.js
+ "${CLEARNET_PREFS}"
+ BROWSER_CHROME="${CLEARNET_PROFILE}/chrome/userChrome.css"
+ mkdir -p "$(dirname "${BROWSER_CHROME}")"
+ cat > ${BROWSER_CHROME} << EOF
+/* Required, do not remove */
+@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
+
+/* Hide TorBrowser Health Report and its configuration option */
+#appmenu_healthReport,
+#dataChoicesTab,
+#healthReport
+
+{display: none !important}
+EOF
# Remove all bookmarks
- rm -f ${CHROOT}/etc/iceweasel/profile/bookmarks.html
+ rm -f ${CHROOT}/"${TBB_PROFILE}"/bookmarks.html
rm -f ${CLEARNET_PROFILE}/bookmarks.html
rm -f ${CLEARNET_PROFILE}/places.sqlite
+
+ chown -R clearnet:clearnet ${CHROOT}/home/clearnet/.tor-browser
+
+ # Set a scary theme (except if we're using Windows
+ # camouflage). Note that the tails-activate-win8-theme script that
+ # we may run below requires that the browser profile is writable
+ # by the user running the script (i.e. clearnet).
+ if [ -z "${CAMOUFLAGE}" ]; then
+ cat >> "${CLEARNET_PREFS}" <<EOF
+pref("lightweightThemes.isThemeSelected", true);
+pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"Unsafe Browser\",\"headerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"textcolor\":\"#FFFFFF\",\"accentcolor\":\"#CC0000\",\"updateDate\":0,\"installDate\":0}]");
+EOF
+ else
+ # The camouflage activation script requires a dbus server for
+ # properly configuring GNOME, so we start one in the chroot
+ chroot ${CHROOT} sudo -H -u clearnet sh -c 'eval `dbus-launch --auto-syntax`; tails-activate-win8-theme' || :
+ fi
+
}
run_browser_in_chroot () {
- # Start Iceweasel in the chroot
+ # Start the browser in the chroot
echo "* Starting Unsafe Browser"
sudo -u ${SUDO_USER} xhost +SI:localuser:${CLEARNET_USER} 2>/dev/null
- chroot ${CHROOT} sudo -u ${CLEARNET_USER} /usr/bin/iceweasel -DISPLAY=:0.0
+ chroot ${CHROOT} sudo -u ${CLEARNET_USER} /bin/sh -c \
+ '. /usr/local/lib/tails-shell-library/tor-browser.sh && \
+ exec_firefox -DISPLAY=:0.0 \
+ -profile /home/clearnet/.tor-browser/profile.default'
sudo -u ${SUDO_USER} xhost -SI:localuser:${CLEARNET_USER} 2>/dev/null
}
diff --git a/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/README.txt b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/README.txt
new file mode 100644
index 0000000..9473369
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/README.txt
@@ -0,0 +1,9 @@
+add a new language
+==================
+
+To add a language, for example, it-IT,
+
+* copy chrome/locale/en-US to chrome/locale/it-IT
+* edit chrome/locale/it-IT/amnesia.properties
+* don't forget to add a line in chrome.manifest
+ (locale amnesiabranding it-IT chrome/locale/it-IT/)
diff --git a/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome.manifest b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome.manifest
new file mode 100644
index 0000000..353060a
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome.manifest
@@ -0,0 +1,9 @@
+locale amnesiabranding ar-EG chrome/locale/ar-EG/
+locale amnesiabranding de-DE chrome/locale/de-DE/
+locale amnesiabranding en-US chrome/locale/en-US/
+locale amnesiabranding es-ES chrome/locale/es-ES/
+locale amnesiabranding fr-FR chrome/locale/fr-FR/
+locale amnesiabranding it-IT chrome/locale/it-IT/
+locale amnesiabranding pt-BR chrome/locale/pt-BR/
+locale amnesiabranding pt-PT chrome/locale/pt-PT/
+locale amnesiabranding zh-CN chrome/locale/zh-CN/
diff --git a/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/ar-EG/amnesia.properties b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/ar-EG/amnesia.properties
new file mode 100644
index 0000000..fab9fcd
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/ar-EG/amnesia.properties
@@ -0,0 +1,4 @@
+browser.search.defaultenginename=Startpage
+browser.search.selectedEngine=Startpage
+browser.startup.homepage=https://tails.boum.org/news/
+spellchecker.dictionary=ar_EG
diff --git a/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/de-DE/amnesia.properties b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/de-DE/amnesia.properties
new file mode 100644
index 0000000..b855d5b
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/de-DE/amnesia.properties
@@ -0,0 +1,4 @@
+browser.search.defaultenginename=Startpage - Deutsch
+browser.search.selectedEngine=Startpage - Deutsch
+browser.startup.homepage=https://tails.boum.org/news/index.de.html
+spellchecker.dictionary=de_DE
diff --git a/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/en-US/amnesia.properties b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/en-US/amnesia.properties
new file mode 100644
index 0000000..02b4817
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/en-US/amnesia.properties
@@ -0,0 +1,4 @@
+browser.search.defaultenginename=Startpage
+browser.search.selectedEngine=Startpage
+browser.startup.homepage=https://tails.boum.org/news/
+spellchecker.dictionary=en_US
diff --git a/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/es-ES/amnesia.properties b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/es-ES/amnesia.properties
new file mode 100644
index 0000000..cb9c0d5
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/es-ES/amnesia.properties
@@ -0,0 +1,4 @@
+browser.search.defaultenginename=Startpage - Espanol
+browser.search.selectedEngine=Startpage - Espanol
+browser.startup.homepage=https://tails.boum.org/news/
+spellchecker.dictionary=es_ES
diff --git a/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/fr-FR/amnesia.properties b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/fr-FR/amnesia.properties
new file mode 100644
index 0000000..8c2b613
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/fr-FR/amnesia.properties
@@ -0,0 +1,4 @@
+browser.search.defaultenginename=Startpage - Francais
+browser.search.selectedEngine=Startpage - Francais
+browser.startup.homepage=https://tails.boum.org/news/index.fr.html
+spellchecker.dictionary=fr_FR
diff --git a/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/it-IT/amnesia.properties b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/it-IT/amnesia.properties
new file mode 100644
index 0000000..d9cb24e
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/it-IT/amnesia.properties
@@ -0,0 +1,4 @@
+browser.search.defaultenginename=Startpage - Italiano
+browser.search.selectedEngine=Startpage - Italiano
+browser.startup.homepage=https://tails.boum.org/news/
+spellchecker.dictionary=it_IT
diff --git a/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/pt-BR/amnesia.properties b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/pt-BR/amnesia.properties
new file mode 100644
index 0000000..57fbdeb
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/pt-BR/amnesia.properties
@@ -0,0 +1,4 @@
+browser.search.defaultenginename=Startpage - Portugues
+browser.search.selectedEngine=Startpage - Portugues
+browser.startup.homepage=https://tails.boum.org/news/index.pt.html
+spellchecker.dictionary=pt_BR
diff --git a/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/pt-PT/amnesia.properties b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/pt-PT/amnesia.properties
new file mode 100644
index 0000000..c9a6204
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/pt-PT/amnesia.properties
@@ -0,0 +1,4 @@
+browser.search.defaultenginename=Startpage - Portugues
+browser.search.selectedEngine=Startpage - Portugues
+browser.startup.homepage=https://tails.boum.org/news/index.pt.html
+spellchecker.dictionary=pt_PT
diff --git a/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/zh-CN/amnesia.properties b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/zh-CN/amnesia.properties
new file mode 100644
index 0000000..02b4817
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/chrome/locale/zh-CN/amnesia.properties
@@ -0,0 +1,4 @@
+browser.search.defaultenginename=Startpage
+browser.search.selectedEngine=Startpage
+browser.startup.homepage=https://tails.boum.org/news/
+spellchecker.dictionary=en_US
diff --git a/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/defaults/preferences/prefs.js b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/defaults/preferences/prefs.js
new file mode 100644
index 0000000..a2691ac
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/defaults/preferences/prefs.js
@@ -0,0 +1,4 @@
+pref("browser.search.defaultenginename", "chrome://amnesiabranding/locale/amnesia.properties");
+pref("browser.search.selectedEngine", "chrome://amnesiabranding/locale/amnesia.properties");
+pref("browser.startup.homepage", "chrome://amnesiabranding/locale/amnesia.properties");
+pref("spellchecker.dictionary", "chrome://amnesiabranding/locale/amnesia.properties");
diff --git a/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/install.rdf b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/install.rdf
new file mode 100644
index 0000000..f6384ef
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/install.rdf
@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#">
+
+ <Description about="urn:mozilla:install-manifest">
+
+ <em:id>branding@amnesia.boum.org</em:id>
+ <em:name>amnesia branding</em:name>
+ <em:version>0.2</em:version>
+
+ <em:creator>amnesia</em:creator>
+
+ <!-- Firefox -->
+ <em:targetApplication>
+ <Description>
+ <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
+ <em:minVersion>3.0</em:minVersion>
+ <em:maxVersion>10.0.999</em:maxVersion>
+ </Description>
+ </em:targetApplication>
+
+ </Description>
+
+</RDF>