summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-patches
diff options
context:
space:
mode:
Diffstat (limited to 'config/chroot_local-patches')
-rw-r--r--config/chroot_local-patches/0001-Use-the-Tor-OnionBalance-hidden-service-pool-as-the-.patch38
-rw-r--r--config/chroot_local-patches/0002-Allow-specifying-that-Enigmail-keyserver-communicati.patch73
-rw-r--r--config/chroot_local-patches/apparmor-adjust-python-abstraction.diff11
-rw-r--r--config/chroot_local-patches/apparmor-adjust-thunderbird-profile.diff28
-rw-r--r--config/chroot_local-patches/apparmor-adjust-totem-profile.diff37
-rw-r--r--config/chroot_local-patches/apparmor-aliases.diff11
-rw-r--r--config/chroot_local-patches/greeter-15653-15656.diff40
-rw-r--r--config/chroot_local-patches/synaptic-update-at-startup.diff6
-rw-r--r--config/chroot_local-patches/torbirdy-enable-emailwizard.diff23
-rw-r--r--config/chroot_local-patches/torbirdy-enable-gpg_already_torified.diff27
10 files changed, 141 insertions, 153 deletions
diff --git a/config/chroot_local-patches/0001-Use-the-Tor-OnionBalance-hidden-service-pool-as-the-.patch b/config/chroot_local-patches/0001-Use-the-Tor-OnionBalance-hidden-service-pool-as-the-.patch
deleted file mode 100644
index 20fcb24..0000000
--- a/config/chroot_local-patches/0001-Use-the-Tor-OnionBalance-hidden-service-pool-as-the-.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From: intrigeri <intrigeri@boum.org>
-Date: Tue, 31 Jan 2017 15:54:01 +0000
-Subject: Use the Tor OnionBalance hidden service pool as the default
- keyserver.
-
----
- chrome/content/preferences.js | 2 +-
- components/torbirdy.js | 4 ++--
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/chrome/content/preferences.js b/chrome/content/preferences.js
-index 3f1b9a1..87f46aa 100644
---- a/usr/share/xul-ext/torbirdy/chrome/content/preferences.js
-+++ b/usr/share/xul-ext/torbirdy/chrome/content/preferences.js
-@@ -7,7 +7,7 @@ if (!org.torbirdy.prefs) org.torbirdy.prefs = new function() {
- pub.prefBranch = "extensions.torbirdy.";
- pub.customBranch = "extensions.torbirdy.custom.";
-
-- pub.torKeyserver = "hkp://qdigse2yzvuglcix.onion";
-+ pub.torKeyserver = "hkp://jirk5u4osbsr34t5.onion";
- pub.jondoKeyserver = "hkp://pool.sks-keyservers.net";
-
- pub.prefs = Components.classes["@mozilla.org/preferences-service;1"]
-diff --git a/components/torbirdy.js b/components/torbirdy.js
-index f9acf0b..01c1c7a 100644
---- a/usr/share/xul-ext/torbirdy/components/torbirdy.js
-+++ b/usr/share/xul-ext/torbirdy/components/torbirdy.js
-@@ -274,8 +274,8 @@ var TorBirdyPrefs = {
- // We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell
- "--keyserver-options http-proxy=socks5h://127.0.0.1:9050 ",
-
-- // The default key server should be a hidden service and this is the only known one (it's part of the normal SKS network)
-- "extensions.enigmail.keyserver": "hkp://qdigse2yzvuglcix.onion",
-+ // The default key server should be a hidden service; use the Tor OnionBalance hidden service pool (https://sks-keyservers.net/overview-of-pools.php#pool_tor)
-+ "extensions.enigmail.keyserver": "hkp://jirk5u4osbsr34t5.onion",
- // Force GnuPG to use SHA512.
- "extensions.enigmail.mimeHashAlgorithm": 5,
-
diff --git a/config/chroot_local-patches/0002-Allow-specifying-that-Enigmail-keyserver-communicati.patch b/config/chroot_local-patches/0002-Allow-specifying-that-Enigmail-keyserver-communicati.patch
index 0a19508..c00d0c8 100644
--- a/config/chroot_local-patches/0002-Allow-specifying-that-Enigmail-keyserver-communicati.patch
+++ b/config/chroot_local-patches/0002-Allow-specifying-that-Enigmail-keyserver-communicati.patch
@@ -32,66 +32,35 @@ Torbirdy's side.
chrome/content/overlay.js | 1 +
chrome/content/preferences.js | 13 ++++++++-----
defaults/preferences/prefs.js | 1 +
- 3 files changed, 10 insertions(+), 5 deletions(-)
-diff --git a/chrome/content/overlay.js b/chrome/content/overlay.js
-index 1f72c9d..f0c0304 100644
---- a/usr/share/xul-ext/torbirdy/chrome/content/overlay.js
-+++ b/usr/share/xul-ext/torbirdy/chrome/content/overlay.js
-@@ -40,6 +40,7 @@
- // Tor.
- if (type === 0) {
- myPanel.label = strbundle.getString("torbirdy.enabled.tor");
-+ org.torbirdy.prefs.setProxyTor();
- }
- // JonDo/Whonix.
- if (type === 1) {
-diff --git a/chrome/content/preferences.js b/chrome/content/preferences.js
-index 87f46aa..73ef18f 100644
+---
+
+Refreshed-by: Cyril Brulebois <cyril@debamax.com> on 2018-08-09 for Torbirdy 0.2.5
+
+Notes:
+ - chrome/content/overlay.js merged upstream.
+ - chrome/content/preferences.js partially merged upstream, including
+ differentiated handling of some options. Remaining diff: defaulting
+ to a socks5h://127.0.0.1:9050 proxy unless anonService is set to
+ “jondo”.
+ - defaults/preferences/prefs.js merged upstream.
+---
+ preferences.js | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
--- a/usr/share/xul-ext/torbirdy/chrome/content/preferences.js
+++ b/usr/share/xul-ext/torbirdy/chrome/content/preferences.js
-@@ -41,17 +41,19 @@ if (!org.torbirdy.prefs) org.torbirdy.prefs = new function() {
- if (pub.prefs.getBoolPref("extensions.torbirdy.enigmail.throwkeyid")) {
+@@ -42,10 +42,11 @@
opts += "--throw-keyids ";
}
-- var proxy = "socks5h://127.0.0.1:9050";
-- if (anonService === "jondo") {
-- proxy = "http://127.0.0.1:4001";
-+ if (! pub.prefs.getBoolPref("extensions.torbirdy.gpg_already_torified")) {
+ if (! pub.prefs.getBoolPref("extensions.torbirdy.gpg_already_torified")) {
+ var proxy = "socks5h://127.0.0.1:9050";
-+ if (anonService === "jondo") {
+ if (anonService === "jondo") {
+- let proxy = "http://127.0.0.1:4001";
+- opts += "--keyserver-options=no-try-dns-srv,http-proxy=" + proxy + " ";
+ proxy = "http://127.0.0.1:4001";
-+ }
+ }
+ opts += "--keyserver-options=no-try-dns-srv,http-proxy=" + proxy + " ";
}
return opts +
- "--no-emit-version " +
- "--no-comments " +
- "--display-charset utf-8 " +
-- "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=" +
-- proxy;
-+ "--keyserver-options no-auto-key-retrieve";
- };
-
- pub.updateKeyserver = function(anonService) {
-@@ -201,6 +203,7 @@ if (!org.torbirdy.prefs) org.torbirdy.prefs = new function() {
-
- pub.setPanelSettings(pub.strBundle.GetStringFromName("torbirdy.enabled.tor"), "green");
- pub.prefs.setIntPref(pub.prefBranch + 'proxy', 0);
-+ pub.setPreferences("extensions.enigmail.agentAdditionalParam", pub.setEnigmailPrefs("tor"));
- };
-
- pub.setProxyJonDo = function() {
-diff --git a/defaults/preferences/prefs.js b/defaults/preferences/prefs.js
-index 8b43562..ea316d3 100644
---- a/usr/share/xul-ext/torbirdy/defaults/preferences/prefs.js
-+++ b/usr/share/xul-ext/torbirdy/defaults/preferences/prefs.js
-@@ -5,6 +5,7 @@ pref("extensions.torbirdy.warn", true);
- pref("extensions.torbirdy.startup_folder", false);
- pref("extensions.torbirdy.enigmail.throwkeyid", false);
- pref("extensions.torbirdy.enigmail.confirmemail", false);
-+pref("extensions.torbirdy.gpg_already_torified", false);
- pref("extensions.torbirdy.timezone", true);
- pref("extensions.torbirdy.whonix_run", true);
- pref("extensions.torbirdy.info_run", false);
diff --git a/config/chroot_local-patches/apparmor-adjust-python-abstraction.diff b/config/chroot_local-patches/apparmor-adjust-python-abstraction.diff
new file mode 100644
index 0000000..4ab2186
--- /dev/null
+++ b/config/chroot_local-patches/apparmor-adjust-python-abstraction.diff
@@ -0,0 +1,11 @@
+--- a/etc/apparmor.d/abstractions/python
++++ b/etc/apparmor.d/abstractions/python
+@@ -17,7 +17,7 @@
+
+ /usr/local/lib{,32,64}/python{2.[4-7],3.[0-5]}/**.{pyc,so} mr,
+ /usr/local/lib{,32,64}/python{2.[4-7],3.[0-5]}/**.{egg,py,pth} r,
+- /usr/local/lib{,32,64}/python{2.[4-7],3.[0-5]}/{site,dist}-packages/ r,
++ /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-5]}/{site,dist}-packages/ r,
+ /usr/local/lib{,32,64}/python3.[0-5]/lib-dynload/*.so mr,
+
+ # Site-wide configuration
diff --git a/config/chroot_local-patches/apparmor-adjust-thunderbird-profile.diff b/config/chroot_local-patches/apparmor-adjust-thunderbird-profile.diff
index f52c780..30c4e06 100644
--- a/config/chroot_local-patches/apparmor-adjust-thunderbird-profile.diff
+++ b/config/chroot_local-patches/apparmor-adjust-thunderbird-profile.diff
@@ -1,14 +1,14 @@
---- a/etc/apparmor.d/usr.bin.thunderbird.orig 2018-01-09 20:30:54.000000000 +0000
-+++ b/etc/apparmor.d/usr.bin.thunderbird 2018-02-23 14:48:02.180000000 +0000
+--- a/etc/apparmor.d/usr.bin.thunderbird 2018-08-19 09:32:11.000000000 +0000
++++ b/etc/apparmor.d/usr.bin.thunderbird 2018-08-21 07:03:51.744244552 +0000
@@ -16,7 +16,6 @@
# TODO: finetune this for required accesses
#include <abstractions/dbus>
#include <abstractions/dbus-accessibility>
- #include <abstractions/dbus-session>
+ #include <abstractions/dconf>
#include <abstractions/gnome>
#include <abstractions/ibus>
- #include <abstractions/nameservice>
-@@ -24,29 +23,19 @@
+@@ -25,7 +24,6 @@
#include <abstractions/p11-kit>
#include <abstractions/private-files>
#include <abstractions/ssl_certs>
@@ -16,10 +16,12 @@
#include <abstractions/ubuntu-browsers.d/java>
#include <abstractions/ubuntu-helpers>
+@@ -46,23 +44,14 @@
+
# Allow opening attachments
# TODO: create and use abstractions for opening various file formats
- /{usr/local/,usr/,}bin/* Cx -> sanitized_helper,
-+ /{usr/local/,usr/,}bin/{[^g],g[^p],gp[^g]}* Cx -> sanitized_helper,
++ /{usr/local/,usr/,}bin/{[^gp],g[^p],p[^s],gp[^g]}* Cx -> sanitized_helper,
/usr/lib/libreoffice/program/soffice Cxr -> sanitized_helper,
- # For Xubuntu to launch the browser
@@ -39,15 +41,15 @@
owner @{HOME}/.{cache,config}/dconf/user rw,
owner @{HOME}/.cache/thumbnails/** r,
owner /run/user/[0-9]*/dconf/user rw,
-@@ -113,6 +102,7 @@
-
- # noisy
- /etc/dconf/profile/user r,
+@@ -135,6 +124,7 @@
+ deny /.suspended r,
+ deny /boot/initrd.img* r,
+ deny /boot/vmlinuz* r,
+ deny /etc/machine-id r,
- deny @{MOZ_LIBDIR}/** w,
- deny /usr/lib/thunderbird-addons/** w,
- deny /usr/lib/xulrunner-addons/** w,
-@@ -239,7 +229,6 @@
+ deny /var/cache/fontconfig/ w,
+
+ # noisy file dialog:
+@@ -254,7 +244,6 @@
/etc/lsb-release r,
/etc/ssl/openssl.cnf r,
/usr/lib/thunderbird/crashreporter ix,
diff --git a/config/chroot_local-patches/apparmor-adjust-totem-profile.diff b/config/chroot_local-patches/apparmor-adjust-totem-profile.diff
index c3bd4c4..acbda43 100644
--- a/config/chroot_local-patches/apparmor-adjust-totem-profile.diff
+++ b/config/chroot_local-patches/apparmor-adjust-totem-profile.diff
@@ -1,6 +1,6 @@
-diff -Naur a/etc/apparmor.d/abstractions/totem b/etc/apparmor.d/abstractions/totem
---- a/etc/apparmor.d/abstractions/totem 2016-07-29 08:50:17.000000000 +0000
-+++ b/etc/apparmor.d/abstractions/totem 2016-11-18 10:42:07.902658411 +0000
+diff -Naur etc/apparmor.d.orig/abstractions/totem etc/apparmor.d/abstractions/totem
+--- a/etc/apparmor.d/abstractions/totem 2017-01-06 09:00:08.000000000 +0000
++++ b/etc/apparmor.d/abstractions/totem 2018-08-29 06:30:15.364263734 +0000
@@ -30,13 +30,26 @@
/usr/lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner Cix -> gst_plugin_scanner,
@@ -31,9 +31,9 @@ diff -Naur a/etc/apparmor.d/abstractions/totem b/etc/apparmor.d/abstractions/tot
+ /run/udev/data/+usb* r,
/sys/devices/system/node/*/meminfo r,
-diff -Naur a/etc/apparmor.d/usr.bin.totem b/etc/apparmor.d/usr.bin.totem
---- a/etc/apparmor.d/usr.bin.totem 2016-07-29 08:50:17.000000000 +0000
-+++ b/etc/apparmor.d/usr.bin.totem 2016-11-18 10:42:07.902658411 +0000
+diff -Naur etc/apparmor.d.orig/usr.bin.totem etc/apparmor.d/usr.bin.totem
+--- a/etc/apparmor.d/usr.bin.totem 2017-01-06 09:00:08.000000000 +0000
++++ b/etc/apparmor.d/usr.bin.totem 2018-08-29 06:32:40.844600308 +0000
@@ -6,6 +6,7 @@
/usr/bin/totem {
#include <abstractions/audio>
@@ -59,9 +59,27 @@ diff -Naur a/etc/apparmor.d/usr.bin.totem b/etc/apparmor.d/usr.bin.totem
owner /{,var/}run/user/*/dconf/user w,
owner /{,var/}run/user/*/at-spi2-*/ rw,
-diff -Naur a/etc/apparmor.d/usr.bin.totem-previewers b/etc/apparmor.d/usr.bin.totem-previewers
---- a/etc/apparmor.d/usr.bin.totem-previewers 2016-07-29 08:50:17.000000000 +0000
-+++ b/etc/apparmor.d/usr.bin.totem-previewers 2016-11-18 10:43:59.736805950 +0000
+@@ -27,6 +30,17 @@
+
+ /sys/devices/pci[0-9]*/**/config r,
+
++ # Backported from the mesa abstraction, available in AppArmor >2.13
++ /dev/dri/ r, # libGLX_mesa.so calls drmGetDevice2()
++ owner @{HOME}/.cache/ w, # if user clears all caches
++ owner @{HOME}/.cache/mesa_shader_cache/ w,
++ owner @{HOME}/.cache/mesa_shader_cache/index rw,
++ owner @{HOME}/.cache/mesa_shader_cache/??/ w,
++ owner @{HOME}/.cache/mesa_shader_cache/??/* rwk,
++
++ # Backported from the dri-enumerate abstraction, available in AppArmor 2.13
++ /sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
++
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.bin.totem>
+ }
+diff -Naur etc/apparmor.d.orig/usr.bin.totem-previewers etc/apparmor.d/usr.bin.totem-previewers
+--- a/etc/apparmor.d/usr.bin.totem-previewers 2017-01-06 09:00:08.000000000 +0000
++++ b/etc/apparmor.d/usr.bin.totem-previewers 2018-08-29 06:30:15.364263734 +0000
@@ -6,16 +6,17 @@
/usr/bin/totem-video-thumbnailer {
#include <abstractions/totem>
@@ -93,3 +111,4 @@ diff -Naur a/etc/apparmor.d/usr.bin.totem-previewers b/etc/apparmor.d/usr.bin.to
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.totem-previewers>
+
diff --git a/config/chroot_local-patches/apparmor-aliases.diff b/config/chroot_local-patches/apparmor-aliases.diff
index 4ec08e7..eedf78c 100644
--- a/config/chroot_local-patches/apparmor-aliases.diff
+++ b/config/chroot_local-patches/apparmor-aliases.diff
@@ -9,7 +9,16 @@ diff -Naur etc/apparmor.d.orig/abstractions/base etc/apparmor.d/abstractions/bas
/etc/writable/localtime r,
/usr/share/locale-bundle/** r,
/usr/share/locale-langpack/** r,
-@@ -56,10 +57,12 @@
+@@ -48,6 +49,8 @@
+ # ld.so.cache and ld are used to load shared libraries; they are best
+ # available everywhere
+ /etc/ld.so.cache mr,
++ /etc/ld.so.conf r,
++ /etc/ld.so.conf.d/{,*.conf} r,
+ /etc/ld.so.preload r,
+ /{usr/,}lib{,32,64}/ld{,32,64}-*.so mr,
+ /{usr/,}lib/@{multiarch}/ld{,32,64}-*.so mr,
+@@ -56,10 +59,12 @@
/opt/*-linux-uclibc/lib/ld-uClibc*so* mr,
# we might as well allow everything to use common libraries
diff --git a/config/chroot_local-patches/greeter-15653-15656.diff b/config/chroot_local-patches/greeter-15653-15656.diff
deleted file mode 100644
index f28a3dc..0000000
--- a/config/chroot_local-patches/greeter-15653-15656.diff
+++ /dev/null
@@ -1,40 +0,0 @@
-diff --git a/usr/lib/python3/dist-packages/tailsgreeter/persistence.py b/usr/lib/python3/dist-packages/tailsgreeter/persistence.py
-index e1415fa..cabefd6 100644
---- a/usr/lib/python3/dist-packages/tailsgreeter/persistence.py
-+++ b/usr/lib/python3/dist-packages/tailsgreeter/persistence.py
-@@ -54,15 +54,17 @@ class PersistenceSettings(object):
- Returns: True if everything went fine, False if the user should try
- again."""
- logging.debug("Unlocking persistence")
-- try:
-- self.activate_container(
-- device=self.containers[0]['path'],
-- password=passphrase,
-- readonly=readonly)
-- self.is_unlocked = True
-- return True
-- except tailsgreeter.errors.WrongPassphraseError:
-- return False
-+ for container in self.containers:
-+ try:
-+ self.activate_container(
-+ device=container['path'],
-+ password=passphrase,
-+ readonly=readonly)
-+ self.is_unlocked = True
-+ return True
-+ except tailsgreeter.errors.WrongPassphraseError:
-+ pass
-+ return False
-
- def lock(self):
- logging.debug("Locking persistence")
-@@ -133,7 +135,7 @@ class PersistenceSettings(object):
- "/sbin/cryptsetup", "luksClose",
- self.cleartext_name
- ]
-- self.check_output_and_error(
-+ tailsgreeter.utils.check_output_and_error(
- args,
- exception=tailsgreeter.errors.LivePersistError,
- error_message=_("cryptsetup failed with return code "
diff --git a/config/chroot_local-patches/synaptic-update-at-startup.diff b/config/chroot_local-patches/synaptic-update-at-startup.diff
new file mode 100644
index 0000000..e267fee
--- /dev/null
+++ b/config/chroot_local-patches/synaptic-update-at-startup.diff
@@ -0,0 +1,6 @@
+--- orig/usr/bin/synaptic-pkexec 2018-03-04 15:30:21.660000000 +0000
++++ new/usr/bin/synaptic-pkexec 2018-03-04 15:32:03.576000000 +0000
+@@ -1,2 +1,2 @@
+ #!/bin/sh
+-pkexec "/usr/sbin/synaptic" "$@"
++pkexec "/usr/sbin/synaptic" "--update-at-startup" "$@"
diff --git a/config/chroot_local-patches/torbirdy-enable-emailwizard.diff b/config/chroot_local-patches/torbirdy-enable-emailwizard.diff
new file mode 100644
index 0000000..ac8b550
--- /dev/null
+++ b/config/chroot_local-patches/torbirdy-enable-emailwizard.diff
@@ -0,0 +1,23 @@
+From: Cyril Brulebois <cyril@debamax.com>
+Date: Tue, 14 Aug 2018 12:53:48 +0200
+Subject: Enable the email wizard in the system configuration
+
+There's:
+ /usr/share/xul-ext/torbirdy/defaults/preferences/000system.js → /etc/xul-ext/torbirdy.js
+
+which is read after:
+ /usr/share/xul-ext/torbirdy/defaults/preferences/prefs.js
+
+but setting extensions.torbirdy.emailwizard to true in the former
+doesn't seem sufficient, even though strace confirms it's being read.
+
+--- a/usr/share/xul-ext/torbirdy/defaults/preferences/prefs.js
++++ b/usr/share/xul-ext/torbirdy/defaults/preferences/prefs.js
+@@ -9,6 +9,6 @@
+ pref("extensions.torbirdy.timezone", true);
+ pref("extensions.torbirdy.whonix_run", true);
+ pref("extensions.torbirdy.info_run", false);
+-pref("extensions.torbirdy.emailwizard", false);
++pref("extensions.torbirdy.emailwizard", true);
+ pref("extensions.torbirdy.fetchall", false);
+ pref("extensions.torbirdy.defaultprotocol", 0); // 0 - POP3, 1 - IMAP
diff --git a/config/chroot_local-patches/torbirdy-enable-gpg_already_torified.diff b/config/chroot_local-patches/torbirdy-enable-gpg_already_torified.diff
new file mode 100644
index 0000000..d896958
--- /dev/null
+++ b/config/chroot_local-patches/torbirdy-enable-gpg_already_torified.diff
@@ -0,0 +1,27 @@
+From: Cyril Brulebois <cyril@debamax.com>
+Date: Tue, 14 Aug 2018 22:48:09 +0200
+Subject: Enable the gpg_already_torified setting in the system configuration
+
+There's:
+ /usr/share/xul-ext/torbirdy/defaults/preferences/000system.js → /etc/xul-ext/torbirdy.js
+
+which is read after:
+ /usr/share/xul-ext/torbirdy/defaults/preferences/prefs.js
+
+but setting extensions.torbirdy.gpg_already_torified to true in the former
+doesn't seem sufficient, even though strace confirms it's being read.
+
+Without this setting, fetching key from a keyserver doesn't work out of the
+box.
+
+--- a/usr/share/xul-ext/torbirdy/defaults/preferences/prefs.js
++++ b/usr/share/xul-ext/torbirdy/defaults/preferences/prefs.js
+@@ -5,7 +5,7 @@
+ pref("extensions.torbirdy.startup_folder", false);
+ pref("extensions.torbirdy.enigmail.throwkeyid", false);
+ pref("extensions.torbirdy.enigmail.confirmemail", false);
+-pref("extensions.torbirdy.gpg_already_torified", false);
++pref("extensions.torbirdy.gpg_already_torified", true);
+ pref("extensions.torbirdy.timezone", true);
+ pref("extensions.torbirdy.whonix_run", true);
+ pref("extensions.torbirdy.info_run", false);