/
torbrowser
executable file
·823 lines (717 loc) · 29.1 KB
/
torbrowser
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
#!/bin/bash
## Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
#set -x
#exec 1>/tmp/torbrowser.log
#exec 2>/tmp/torbrowser.log
set -e
set -o pipefail
set -o errtrace
if [ -f /usr/lib/helper-scripts/pre.bsh ]; then
source /usr/lib/helper-scripts/pre.bsh
fi
[ -n "$SCRIPTNAME" ] || SCRIPTNAME="$(basename "$BASH_SOURCE")"
[ -n "$IDENTIFIER" ] || IDENTIFIER="torbrowser"
[ -n "$ICON" ] || ICON="/usr/share/icons/anon-icon-pack/tbupdate.ico"
tb_error_handler() {
local exit_code="$?"
local MSG="\
###########################################################
## $SCRIPTNAME script bug.
## No panic. Nothing is broken. Just some rare condition
## has been hit. Try again later. There is likely a
## solution for this problem. Please see the Whonix News,
## Whonix User Help Forum and Whonix Documentation.
## https://www.whonix.org/wiki/$tb_wiki
## Please report this bug!
##
## BASH_COMMAND: $BASH_COMMAND
## exit_code: $exit_code
##
## tb_browser_folder: $tb_browser_folder
##
## tb_user_js_target_file: $tb_user_js_target_file
##
## output: $output
## output_opts: ${output_opts[@]}
## progressbaridx: $progressbaridx
##
## Experts only:
## bash -x $SCRIPTNAME
###########################################################\
"
MSG="$(/usr/lib/msgcollector/br_add "$MSG")"
if [ "$progressbaridx" = "" ]; then
true
else
$output ${output_opts[@]} --progressbaridx "$progressbaridx" --progressx "100"
fi
$output ${output_opts[@]} --messagex --typex "error" --titlex "$TITLE" --message "$MSG" --done
$output ${output_opts[@]} --messagecli --typecli "error" --titlecli "$TITLE" --message "$MSG" --done
exit 1
}
trap "tb_error_handler" ERR
root_check() {
if [ "$(id -u)" != "0" ]; then
#echo "$SCRIPTNAME running as user."
true
else
echo "Do not run $SCRIPTNAME as root!"
exit 1
fi
}
tb_preparation() {
who_ami="$(whoami)"
if command -v qubesdb-read &>/dev/null ; then
[ -n "$is_qubes" ] || is_qubes=true
## qubesdb-read fails inside chroot, therefore overwriting with '|| true'.
[ -n "$qubes_vm_name" ] || qubes_vm_name="$(qubesdb-read /name)" || true
[ -n "$qubes_vm_type" ] || qubes_vm_type="$(qubesdb-read /qubes-vm-type)" || true
[ -n "$qubes_vm_persistence" ] || qubes_vm_persistence="$(qubesdb-read /qubes-vm-persistence)" || true
else
[ -n "$is_qubes" ] || is_qubes=false
fi
if [ "$qubes_vm_type" = "TemplateVM" ]; then
if [ "$tb_user_home" = "" ]; then
tb_user_home="/var/cache/tb-binary"
fi
fi
[ -n "$tb_user_home" ] || tb_user_home=~
## example tb_user_home:
## /home/user
## When double clicking a file downloaded in Tor Browser download tab
## '~' would be set to '/home/user/.tb/tor-browser/Browser' which would lead
## to a false-positive "Tor Browser not installed" message.
if echo "$tb_user_home" | grep -q tor-browser ; then
tb_user_home="/home/$who_ami"
fi
[ -n "$tb_install_folder" ] || tb_install_folder="tb"
[ -n "$tb_install_folder_dot" ] || tb_install_folder_dot=".tb"
[ -n "$tb_browser_name" ] || tb_browser_name="tor-browser"
[ -n "$tb_settings_folder" ] || tb_settings_folder="torbrowser.d"
[ -n "$tb_title" ] || tb_title="Tor Browser"
[ -n "$tb_wiki" ] || tb_wiki="Tor_Browser"
[ -n "$tb_bin" ] || tb_bin="torbrowser"
[ -n "$tb_browser_runner" ] || tb_browser_runner="start-tor-browser"
[ -n "$IDENTIFIER" ] || IDENTIFIER="$tb_bin"
[ -n "$tb_home_folder" ] || tb_home_folder="$tb_user_home/$tb_install_folder_dot"
## example tb_home_folder:
## /home/user/.tb
[ -n "$tb_browser_folder" ] || tb_browser_folder="$tb_home_folder/$tb_browser_name"
## example tb_browser_folder:
## /home/user/.tb/tor-browser
[ -n "$tb_user_js_target_file" ] || tb_user_js_target_file="$tb_browser_folder/Browser/TorBrowser/Data/Browser/profile.default/user.js"
if [ "$display" = "" ]; then
if [ "$DISPLAY" = "" ]; then
display=":0"
else
display="$DISPLAY"
fi
fi
output="/usr/lib/msgcollector/msgcollector"
local my_tty
local my_tty_exit_code
my_tty_exit_code="0"
my_tty="$(tty)" || { my_tty_exit_code="$?" ; true; };
if [ ! "$my_tty_exit_code" = "0" ]; then
my_tty="none"
fi
## Just in case.
if [ "$my_tty" = "" ]; then
my_tty="none"
fi
who_ami="$(whoami)"
output_opt_1="--icon $ICON"
output_opt_2="--parentpid $$"
output_opt_3="--identifier ${IDENTIFIER}"
output_opt_4="--parenttty $my_tty"
output_opt_5="--whoami $who_ami"
output_opts=( "$output_opt_1" "$output_opt_2" "$output_opt_3" "$output_opt_4" "$output_opt_5")
TITLE="$tb_title Starter (by Whonix developers)"
## TODO
#$output ${output_opts[@]} --forget
}
tb_set_links() {
DOC_LINK="https://www.whonix.org/wiki/Documentation"
CONTRIBUTE_LINK="https://www.whonix.org/wiki/Contribute"
DONATE_LINK="https://www.whonix.org/wiki/Donate"
FORUM_LINK="https://forums.whonix.org"
MAILINGLIST_LINK="https://www.whonix.org/pipermail/whonix-devel/"
IMPORTANTBLOG_LINK="https://forums.whonix.org/tags/important-news"
FEATUREBLOG_LINK="https://forums.whonix.org/c/news"
if [ ! "$TB_CUSTOM_HOMEPAGE" = "" ]; then
## Prefer the custom homepage a user might have defined over
## everything else.
DEFAULT_LINK="$TB_CUSTOM_HOMEPAGE"
elif [ ! "$TB_CUSTOM_WRAPPER_HOMEPAGE" = "" ]; then
## Prefer the custom homepage a user might have defined over
## everything else.
DEFAULT_LINK="$TB_CUSTOM_WRAPPER_HOMEPAGE"
open_link_confirmation_maybe_skip=true
elif [ ! "$TOR_DEFAULT_HOMEPAGE" = "" ]; then
DEFAULT_LINK="$TOR_DEFAULT_HOMEPAGE"
open_link_confirmation_maybe_skip=true
elif [ -f "/usr/share/anon-ws-base-files/workstation" ]; then
## Running inside a Whonix-Workstation.
local whonix_homepage
whonix_homepage="/usr/share/homepage/whonix-welcome-page/whonix.html"
if [ -f "$whonix_homepage" ]; then
## Great, we have whonix-welcome-page installed, prefer that one.
DEFAULT_LINK="file://$whonix_homepage"
open_link_confirmation_maybe_skip=true
else
## whonix-welcome-page not installed, fall back to about:blank,
## because about:tor does not apply to Whonix (makes users confuse
## The Tor Project with Whonix).
DEFAULT_LINK="about:blank"
open_link_confirmation_maybe_skip=true
fi
elif [ -f "/usr/share/anon-gw-base-files/gateway" ]; then
## about:tor also does not apply here.
DEFAULT_LINK="about:blank"
open_link_confirmation_maybe_skip=true
else
## Running outside of Whonix.
true "Not modifying which link to open."
fi
}
tb_config_folder_parser() {
[ -n "$tb_settings_folder" ] || tb_settings_folder="torbrowser.d"
shopt -s nullglob
local i
for i in \
/etc/${tb_settings_folder}/*.conf \
/rw/config/${tb_settings_folder}/*.conf \
/usr/local/etc/${tb_settings_folder}/*.conf \
; do
bash -n "$i"
source "$i"
done
}
parse_cmd_options() {
## Thanks to:
## http://mywiki.wooledge.org/BashFAQ/035
while :
do
case $1 in
--doc)
LINK="$DOC_LINK"
shift
;;
--contribute)
LINK="$CONTRIBUTE_LINK"
shift
;;
--donate)
LINK="$DONATE_LINK"
shift
;;
--forum)
LINK="$FORUM_LINK"
shift
;;
--mailinglist)
LINK="$MAILINGLIST_LINK"
shift
;;
--importantblog)
LINK="$IMPORTANTBLOG_LINK"
shift
;;
--featureblog)
LINK="$FEATUREBLOG_LINK"
shift
;;
--nolink)
LINK="NOLINK"
shift
;;
--hardening)
tb_hardening="true"
shift
;;
--)
shift
break
;;
*)
break
;;
esac
done
## If there are input files (for example) that follow the options, they
## will remain in the "$@" positional parameters.
if [ "$LINK" = "NOLINK" ]; then
open_link_confirmation_skip="true"
unset LINK
unset TOR_DEFAULT_HOMEPAGE
return 0
fi
local other_args
other_args="$@"
if [ "$other_args" = "" ]; then
have_other_args="false"
if [ "$LINK" = "" ]; then
LINK="$DEFAULT_LINK"
if [ "$open_link_confirmation_maybe_skip" = "true" ]; then
open_link_confirmation_skip="true"
fi
fi
else
have_other_args="true"
fi
}
tb_templatevm_check() {
if [ "$is_qubes" = "false" ]; then
true "Not running in Qubes."
return 0
fi
if [ ! "$qubes_vm_type" = "TemplateVM" ]; then
true "Not running in TemplateVM."
return 0
fi
if [ "$tb_allow_start_in_templatevm" = "true" ]; then
true "tb_allow_start_in_templatevm is true."
return 0
fi
if [ "$have_other_args" = "false" ]; then
tb_qubes_wiki="Running_${tb_wiki}_in_Qubes_TemplateVM"
local MSG="<p>Do not run $tb_title in TemplateVM.<br></br>
<br></br>
More info: <a href=https://www.whonix.org/wiki/$tb_wiki#$tb_qubes_wiki>https://www.whonix.org/wiki/$tb_wiki#$tb_qubes_wiki</a></p>"
$output ${output_opts[@]} --messagex --typex "error" --titlex "$TITLE" --message "$MSG" --done
$output ${output_opts[@]} --messagecli --typecli "error" --titlecli "$TITLE" --message "$MSG" --done
exit 3
fi
}
tb_qubes_dvm_template() {
## Avoid running in Qubes DVM Template.
## https://phabricator.whonix.org/T726
if echo "$qubes_vm_name" | grep -q --invert-match "\-dvm" ; then
true "INFO: not running inside Qubes DVM Template, ok."
return 0
fi
local MSG="\
<p>Do not run $tb_title in Qubes DVM Template!<br></br>
<br></br>
More info: <a href=https://www.whonix.org/wiki/Tor_Browser/Advanced_Users#Running_Tor_Browser_in_Qubes_TemplateVM_or_DVM_Template>https://www.whonix.org/wiki/Tor_Browser/Advanced_Users#Running_Tor_Browser_in_Qubes_TemplateVM_or_DVM_Template</a></p>"
$output ${output_opts[@]} --messagex --titlex "$TITLE" --typex "error" --message "$MSG" --done
$output ${output_opts[@]} --messagecli --titlecli "$TITLE" --typecli "error" --message "$MSG" --done
exit 1
}
check_tb_updater_first_boot_done() {
if [ "$qubes_vm_type" = "TemplateVM" ]; then
true "$FUNCNAME: Not running in TemplateVM."
return 0
fi
## Waiting for tb-updater-first-boot.service is useful in Qubes to make sure
## permission fix is done for Qubes DispVMs.
local systemctl_output
local wait_counter
wait_counter="0"
while true ; do
if systemctl_output="$(systemctl --no-pager --no-block status tb-updater-first-boot.service 2>&1)" ; then
break
fi
wait_counter="$(( wait_counter + 1 ))"
sleep 1 &
wait "$!"
if [ "$wait_counter" -ge 20 ]; then
systemctl_output="$(/usr/lib/msgcollector/br_add "$systemctl_output")"
local MSG="<p>Failed to start $tb_title!<br></br>
<br></br>
Failed to run:<br></br>
<br></br><code>systemctl --no-pager --no-block status tb-updater-first-boot.service</code>.
<br></br>
<br></br>systemctl output:
<br></br>
<br></br><code>$systemctl_output</code>
<br></br>
<br></br>To see this for yourself, you could try: <blockquote>Start Menu -> System -> Xfce Terminal
<br></br>Then run:
<br></br><code>systemctl --no-pager --no-block status tb-updater-first-boot.service</code></blockquote></p>"
$output ${output_opts[@]} --messagex --typex "error" --titlex "$TITLE" --message "$MSG" --done
$output ${output_opts[@]} --messagecli --typecli "error" --titlecli "$TITLE" --message "$MSG" --done
exit 4
fi
done
}
tb_copy_from_root_to_user_maybe() {
if [ "$qubes_vm_persistence" = "none" ]; then
true "$FUNCNAME: Not copying from /var/cache/tb-binary to tb_user_home $tb_user_home in DispVM."
return 0
fi
local done_file
## example tb_home_folder:
## /home/user/.tb
done_file="$tb_home_folder/first-boot-home-population.done"
## example done_file:
## /home/user/.tb/first-boot-home-population.done
## example tb_user_home:
## /home/user
if [ ! -d "$tb_user_home" ]; then
return 0
fi
if [ ! -d /var/cache/tb-binary ]; then
return 0
fi
if [ -d "$tb_browser_folder" ]; then
return 0
fi
if [ -e "$done_file" ]; then
return 0
fi
if [ -d /var/cache/tb-binary/.cache ]; then
cp --verbose --recursive --no-clobber "/var/cache/tb-binary/.cache" "$tb_user_home/"
fi
## example tb_home_folder:
## /home/user/.tb
## example tb_browser_folder:
## /home/user/.tb/tor-browser
if [ "$tb_2ip" = "true" ]; then
if [ -d "/var/cache/tb-binary/.tb/tor-browser" ]; then
mkdir -p "$tb_home_folder"
## No / at the end.
## example simplified:
## cp /var/cache/tb-binary/.tb/tor-browser /home/user/.i2pb/i2p-browser
cp --verbose --recursive --no-clobber "/var/cache/tb-binary/.tb/tor-browser" "$tb_browser_folder"
touch "$done_file"
fi
else
if [ -d "/var/cache/tb-binary/$tb_install_folder_dot/$tb_browser_name" ]; then
mkdir -p "$tb_home_folder"
## No / at the end.
## example simplified:
## cp /var/cache/tb-binary/.tb/tor-browser /home/user/.tb/tor-browser
## cp /var/cache/tb-binary/.secbrowser/secbrowser /home/user/.secbrowser/secbrowser
cp --verbose --recursive --no-clobber "/var/cache/tb-binary/$tb_install_folder_dot/$tb_browser_name" "$tb_browser_folder"
touch "$done_file"
fi
fi
}
maybe_install_tor_browser() {
if [ -d "$tb_browser_folder" ]; then
return 0
fi
local MSG="<p>$tb_title is currently not installed.
<br></br>(Folder $tb_browser_folder does not exist.)</p>"
local question="Start $tb_title Downloader (by Whonix Developers)?"
local button="yesno"
local answer
answer="$(/usr/lib/msgcollector/generic_gui_message "error" "$TITLE" "$MSG" "$question" "$button")"
#answer="0"
#zenity --title="$TITLE" --question --text "$MSG" || { answer="$?" ; true; };
## zenity exit codes
## no 1
## yes 0
if [ "$answer" = "16384" ]; then ## button 'yes' pressed
local update_torbrowser_command_v_exit_code="0"
command -v update-torbrowser &>/dev/null || { update_torbrowser_command_v_exit_code="$?" ; true; };
if [ "$update_torbrowser_command_v_exit_code" = "0" ]; then
## update-torbrowser is available.
## || true, in case update-torbrowser fails for some reason (no
## internet connection).
update-torbrowser $tb_using_i2p --noaskstart || true
else
## update-torbrowser is not available.
MSG="<p>$tb_title Updater (by Whonix developers) is not installed.
update-torbrowser $tb_using_i2p is not available. Please install the tb-updater package.
<br></br>Run:
<blockquote>sudo apt-get install tb-updater</blockquote>
Then try again.</p>"
$output ${output_opts[@]} --messagex --typex "error" --titlex "$TITLE" --message "$MSG" --done
$output ${output_opts[@]} --messagecli --typecli "error" --titlecli "$TITLE" --message "$MSG" --done
fi
else ## button 'yes' not pressed
exit 0
fi
if [ ! -d "$tb_browser_folder" ]; then
## Still not installed.
exit 0
fi
}
tb_folder_change_directory() {
local change_directory_exit_code="0"
cd "$tb_browser_folder" || { change_directory_exit_code="$?" ; true; };
if [ ! "$change_directory_exit_code" = "0" ]; then
local MSG="<p>$tb_title permission issues?<br></br>
Failed to <code>cd \"$tb_browser_folder\"</code>.<br></br>
To fix this, you could try: <blockquote>Start Menu -> System -> Xfce Terminal<br></br>
<code>sudo chown --recursive \"$who_ami\":\"$who_ami\" \"$tb_browser_folder\"</code></blockquote></p>"
$output ${output_opts[@]} --messagex --typex "error" --titlex "$TITLE" --message "$MSG" --done
$output ${output_opts[@]} --messagecli --typecli "error" --titlecli "$TITLE" --message "$MSG" --done
exit 1
fi
}
tb_detect_starter_bin() {
if [ ! "$tb_starter_bin" = "" ]; then
return 0
fi
if [ -x "$tb_browser_folder/Browser/$tb_browser_runner" ]; then
## Alternative way to start Tor Browser.
## https://github.com/netblue30/firejail/issues/2863#issuecomment-513219822
## working:
## firejail /home/user/.tb/tor-browser/Browser/start-tor-browser
## not working:
## firejail /home/user/.tb/tor-browser/start-tor-browser.desktop
tb_starter_bin="$tb_browser_folder/Browser/$tb_browser_runner"
elif [ -x "$tb_browser_folder/$tb_browser_runner" ]; then
## Previously used filename no longer existing in current version of
## Tor Browser. Keeping it in case it $tb_browser_runner.desktop gets
## abolished and this one revived.
tb_starter_bin="$tb_browser_folder/$tb_browser_runner"
elif [ -x "$tb_browser_folder/$tb_browser_runner.desktop" ]; then
## Canonical way to start Tor Browser.
tb_starter_bin="$tb_browser_folder/$tb_browser_runner.desktop"
else
local MSG="Neither <code>$tb_browser_folder/Browser/$tb_browser_runner</code> nor\
<code>$tb_browser_folder/$tb_browser_runner</code> nor \
<code>$tb_browser_folder/$tb_browser_runner.desktop</code> is executable."
$output ${output_opts[@]} --messagex --typex "error" --titlex "$TITLE" --message "$MSG" --done
$output ${output_opts[@]} --messagecli --typecli "error" --titlecli "$TITLE" --message "$MSG" --done
exit 2
fi
}
tb_clearnet() {
## SecBrowser sets tb_clearnet="true".
## If the clearnet-marker file exists and if tb_clearnet is not set to
## "true" it means that this browser was previously started with
## tb_clearnet="true". Therefore refuse to start it without
## tb_clearnet="true" since a browser that was ever used over clearnet
## should never be used again over Tor to avoid linking the different
## identities.
if test -f "$tb_browser_folder/clearnet-marker" ; then
if [ ! "$tb_clearnet" = "true" ]; then
local MSG="Clearnet marker file exists and trying to start without SecBrowser. Aborted. A Tor Browser that was previously started with SecBrowser should not be started without SecBrowser."
$output ${output_opts[@]} --messagex --typex "error" --titlex "$TITLE" --message "$MSG" --done
$output ${output_opts[@]} --messagecli --typecli "error" --titlecli "$TITLE" --message "$MSG" --done
exit 2
return 0
fi
fi
if [ ! "$tb_clearnet" = "true" ]; then
## Since tb_clearnet is not set to true,
## do not proceed with the rest of this function, i.e.
## creating clearnet-marker or copying the SecBrowser user.js file.
return 0
fi
if ! test -f "$tb_browser_folder/clearnet-marker" ; then
touch "$tb_browser_folder/clearnet-marker"
fi
if diff /usr/share/secbrowser/user.js "$tb_user_js_target_file" &>/dev/null ; then
true "our version exists"
elif test -f "$tb_user_js_target_file" ; then
true "some version exists"
else
true "no version exists"
cp /usr/share/secbrowser/user.js "$tb_user_js_target_file"
fi
}
tb_i2p() {
## i2pbrowser sets tb_2ip="true".
## If the i2pmarker file exists and if tb_2ip is not set to
## "true" it means that this browser was previously started with
## tb_2ip="true". Therefore refuse to start it without
## tb_2ip="true" since a browser that was ever used with i2p
## should never be used again over Tor to avoid linking the different
## identities.
if test -f "$tb_browser_folder/i2pmarker" ; then
if [ ! "$tb_2ip" = "true" ]; then
local MSG="i2p marker file exists and trying to start without i2pbrowser. Aborted. A Tor Browser that was previously started as i2pbrowser should not be started without i2pbrowser."
$output ${output_opts[@]} --messagex --typex "error" --titlex "$TITLE" --message "$MSG" --done
$output ${output_opts[@]} --messagecli --typecli "error" --titlecli "$TITLE" --message "$MSG" --done
exit 2
return 0
fi
fi
if [ ! "$tb_2ip" = "true" ]; then
## Since tb_2ip is not set to true,
## do not proceed with the rest of this function, i.e.
## creating i2pmarker or making i2pbrowser modifications.
return 0
fi
if ! test -f "$tb_browser_folder/i2pmarker" ; then
touch "$tb_browser_folder/i2pmarker"
fi
cp -r --no-clobber /usr/share/tb-profile-i2p/profile.i2p \
"$tb_browser_folder/profile.i2p"
rm -rf "$tb_browser_folder/profile.i2p/extensions"
cp -r --no-clobber "$tb_browser_folder/Browser/TorBrowser/Data/Browser/profile.default/extensions" \
"$tb_browser_folder/profile.i2p/extensions"
if [ ! -L "$tb_browser_folder/Browser/TorBrowser/Data/Browser/profile.i2p" ]; then
ln -sf "$tb_browser_folder/profile.i2p" \
"$tb_browser_folder/Browser/TorBrowser/Data/Browser/profile.i2p"
fi
cp -f /usr/share/tb-profile-i2p/start-i2p-browser "$tb_browser_folder/Browser/start-i2p-browser"
}
tb_security_slider() {
if [ "$tb_clearnet" = "true" ]; then
## SecBrowser has its own user.js file which sets the
## security slider setting which gets copied in function
## tb_clearnet earlier.
return 0
fi
if [ "$tb_security_slider_safest" = "false" ]; then
true "tb_security_slider_safest is set to false, skipping, ok."
return 0
fi
if [ -f "$tb_browser_folder/slider-question-done" ]; then
return 0
fi
if diff /usr/share/torbrowser/security-slider-highest.js "$tb_user_js_target_file" &>/dev/null ; then
true "our version exists"
elif test -f "$tb_user_js_target_file" ; then
true "some version exists"
else
true "no version exists"
local MSG="<p>\
<b>First Start of $tb_title (AnonDist) - <a href=https://www.whonix.org/wiki/Tor_Browser#Security_vs_Usability_Trade-off>Security vs Usability Trade-off</a></b><br />
<br />
In the stock Tor Browser configuration, JavaScript is enabled by default for greater usability. The Tor Project provides a <a href=https://2019.www.torproject.org/docs/faq#TBBJavaScriptEnabled>rationale</a> for this decision.<br />
<br />
The producers of Tor Browser decided the <a href=https://www.whonix.org/wiki/Tor_Browser#Security_Slider>security slider</a> setting to be set to \"Standard\" by default. Quote <a href=https://tb-manual.torproject.org/security-settings>Tor Browser Manual</a>:
<blockquote>
You can further increase your security by choosing to disable certain web features that can be used to attack your security and anonymity. You can do this by increasing Tor Browser's Security Settings in the shield menu. Increasing Tor Browser's security level will stop some web pages from functioning properly, so you should weigh your security needs against the degree of usability you require.
</blockquote>
This popup question does not restrict your <a href=https://www.whonix.org/wiki/Why_Whonix_is_Freedom_Software>freedom</a> to change security slider settings at any time.<br />
<br />
Responsible for this popup question is <a href=https://github.com/Whonix/tb-starter>$tb_title</a> Starter by <a href=https://www.whonix.org>Whonix</a> d<a href=https://www.whonix.org/wiki/Team>evelopers</a>. It is an usability feature, which might break in future. Therefore the user is advised to verify that the security slider has the expected setting. <a href=https://www.whonix.org/wiki/Donate>Please donate!</a><br />
<br />
<u>Preseeding</u>:<br />
<br />
It is possible to avoid this popup question by preseeding the answer to it. For that create a file <code>/etc/${tb_settings_folder}/50_user.conf</code> with the follow contents, if you want to answer \"Yes\".
<blockquote><code>tb_security_slider_safest=true</code></blockquote>
Or if you want to answer \"No\".
<blockquote><code>tb_security_slider_safest=false</code></blockquote>
<u>Technical Details</u>:<br />
<br />
This script is: <code>$BASH_SOURCE</code><br /> Function: <code>$FUNCNAME</code>
<br />
All this would do is copying file <code>/usr/share/torbrowser/security-slider-highest.js</code> to <code>$tb_user_js_target_file</code>.
<blockquote><code>
cp /usr/share/torbrowser/security-slider-highest.js $tb_user_js_target_file
</code></blockquote></p>"
local question="<b>Set $tb_title Security Slider to Safest?</b>"
local button="yesno"
local answer
if [ "$tb_security_slider_safest" = "true" ]; then
answer="true"
else
answer="$(/usr/lib/msgcollector/generic_gui_message "question" "$TITLE" "$MSG" "$question" "$button")"
fi
## output '16384': button 'yes' pressed
if [ "$answer" = "16384" ] || [ "$answer" = "true" ]; then
cp /usr/share/torbrowser/security-slider-highest.js "$tb_user_js_target_file"
else
true "button 'yes' not pressed, not copying /usr/share/torbrowser/security-slider-highest.js to $tb_user_js_target_file"
fi
touch "$tb_browser_folder/slider-question-done"
fi
}
maybe_use_open_link_confirmation() {
## Environment variable OPEN_LINK_CONFIRMATION might be set to 'true' if
## we are run by open_link_confirmation.
if [ "$open_link_confirmation_skip" = "true" ]; then
return 0
fi
if ! test -x /usr/lib/open_link_confirmation ; then
return 0
fi
if [ "$OPEN_LINK_CONFIRMATION" = "true" ]; then
## We are run by open_link_confirmation.
## Not run open_link_confirmation again.
## Open browser.
return 0
fi
local temp
local tool_exit_code="0"
local tool
tool="/usr/lib/open_link_confirmation"
if [ "$LINK" = "" ]; then
temp="$tool $@"
$tool "$@" || { tool_exit_code="$?" ; true; };
else
temp="$tool $@"
$tool "$LINK" || { tool_exit_code="$?" ; true; };
fi
if [ ! "$tool_exit_code" = "0" ]; then
local MSG="<p>$tb_title $FUNCNAME error.
<br></br>
<br></br>Failed:
<br></br><code>$temp</code>
<br></br>tool_exit_code: <code>$tool_exit_code</code></p>"
$output ${output_opts[@]} --messagex --typex "error" --titlex "$TITLE" --message "$MSG" --done
$output ${output_opts[@]} --messagecli --typecli "error" --titlecli "$TITLE" --message "$MSG" --done
exit 1
fi
exit 0
}
tb_start_tor_browser_wrapper() {
if [ "$LINK" = "" ]; then
temp="$tool $@"
tb_start_tor_browser "$@" || { tool_exit_code="$?" ; true; };
else
temp="$tool $@"
tb_start_tor_browser "$LINK" || { tool_exit_code="$?" ; true; };
fi
}
tb_firejail_set_options() {
[ -n "$tb_firejail_bin" ] || tb_firejail_bin="firejail"
## https://github.com/netblue30/firejail/issues/2863
tb_firejailopts[${#tb_firejailopts[@]}]="--whitelist=$tb_browser_folder"
## /etc/resolv.conf is a symlink to /etc/resolv.conf.kicksecure in Kicksecure.
## https://github.com/netblue30/firejail/issues/2966
tb_firejailopts[${#tb_firejailopts[@]}]="--private-etc=resolv.conf.kicksecure"
tb_firejailopts[${#tb_firejailopts[@]}]="--profile=torbrowser-launcher"
## https://forums.whonix.org/t/automatically-firejailing-tor-browser/4767/21
#tb_firejailopts[${#tb_firejailopts[@]}]="--x11=xorg"
tb_firejailopts[${#tb_firejailopts[@]}]="--quiet"
}
tb_start_tor_browser() {
local temp
local tb_exit_code="0"
if [ "$tb_hardening" = "true" ]; then
temp="$tb_firejail_bin ${tb_firejailopts[@]} $tb_starter_bin_pre $tb_starter_bin --allow-remote $tb_starter_bin_post "$@""
$tb_firejail_bin ${tb_firejailopts[@]} $tb_starter_bin_pre $tb_starter_bin --allow-remote $tb_starter_bin_post "$@" || { tb_exit_code="$?" ; true; };
else
temp="$tb_starter_bin_pre $tb_starter_bin --allow-remote $tb_starter_bin_post "$@""
$tb_starter_bin_pre $tb_starter_bin --allow-remote $tb_starter_bin_post "$@" || { tb_exit_code="$?" ; true; };
fi
if [ ! "$tb_exit_code" = "0" ]; then
local MSG="<p>$tb_title ended with non-zero (error) exit code!<br></br>
<br></br>
$tb_title was started with:<br></br>
<br></br><code>$temp</code>.
<br></br>
<br></br>$tb_title exited with code: <code>$tb_exit_code</code>
<br></br>
<br></br>To see this for yourself, you could try: <blockquote>Start Menu -> System -> Xfce Terminal
<br></br>Then run:
<br></br><code>$SCRIPTNAME</code></blockquote></p>"
$output ${output_opts[@]} --messagex --typex "error" --titlex "$TITLE" --message "$MSG" --done
$output ${output_opts[@]} --messagecli --typecli "error" --titlecli "$TITLE" --message "$MSG" --done
exit "$tb_exit_code"
fi
}
main_function() {
## tb_error_handler
root_check "$@"
tb_preparation "$@"
tb_set_links "$@"
tb_config_folder_parser "$@"
parse_cmd_options "$@"
tb_templatevm_check "$@"
tb_qubes_dvm_template "$@"
check_tb_updater_first_boot_done "$@"
tb_copy_from_root_to_user_maybe "$@"
maybe_install_tor_browser "$@"
tb_folder_change_directory "$@"
tb_clearnet "$@"
tb_i2p "$@"
tb_detect_starter_bin "$@"
maybe_use_open_link_confirmation "$@"
tb_security_slider "$@"
tb_firejail_set_options "$@"
tb_start_tor_browser_wrapper "$@"
}
main_function "$@"