summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile
blob: ae39247fdf359d9d4deb1af09cd608fc4bc79484 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/bin/sh

set -e

echo "Installing AppArmor profile for Tor Browser"

PATCH='/usr/share/tails/torbrowser-AppArmor-profile.patch'
PROFILE='/etc/apparmor.d/torbrowser'

### Functions

toggle_src_APT_sources() {
   MODE="$1"
   TEMP_APT_SOURCES='/etc/apt/sources.list.d/tmp-deb-src.list'

   case "$MODE" in
      on)
         cat /etc/apt/sources.list /etc/apt/sources.list.d/*.list \
            | grep --extended-regexp --line-regexp --invert-match \
                 'deb\s+file:/root/local-packages\s+\./' \
            | grep --extended-regexp --invert-match \
                 '^deb\s+http://tagged\.snapshots\.deb\.tails\.boum.org/[^/]+/torproject/' \
            | grep --extended-regexp --invert-match \
                 '^deb\s+http://time-based\.snapshots\.deb\.tails\.boum.org/torproject/' \
            | sed --regexp-extended -e 's,^deb(\s+),deb-src\1,' \
            > "$TEMP_APT_SOURCES"
         ;;
      off)
         rm "$TEMP_APT_SOURCES"
         ;;
   esac

   apt-get --yes update
}

install_torbrowser_AppArmor_profile() {
   tmpdir="$(mktemp -d)"
   (
      cd "$tmpdir"
      apt-get source torbrowser-launcher/stretch
      install -m 0644 \
              torbrowser-launcher-*/apparmor/torbrowser.Browser.firefox \
              "$PROFILE"
   )
   rm -r "$tmpdir"
}

### Main

toggle_src_APT_sources on
install_torbrowser_AppArmor_profile
toggle_src_APT_sources off
patch --forward --batch "$PROFILE" < "$PATCH"
rm "$PATCH"