- tbb-commits - lists.torproject.org

[tor-browser-bundle/master] Bug 18127: install debian-archive-keyring on Ubuntu
by gk＠torproject.org 29 Mar '16

29 Mar '16

commit 1bc9c54d1eb82b3da499d49fe9c54e0675b0001b Author: Nicolas Vigier <boklm(a)torproject.org> Date: Tue Mar 1 12:39:33 2016 +0100 Bug 18127: install debian-archive-keyring on Ubuntu The Debian keyring is required by debootstrap when generating a Debian chroot. --- gitian/check-prerequisites.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitian/check-prerequisites.sh b/gitian/check-prerequisites.sh index a5f8393..6b88a90 100755 --- a/gitian/check-prerequisites.sh +++ b/gitian/check-prerequisites.sh @@ -17,7 +17,7 @@ then VERSION=`cat /etc/issue | grep -Eo '[0-9]{2}' | head -1` if [ "$VERSION" -ge "14" ]; then - dpkg -s ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null + dpkg -s ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion debian-archive-keyring torsocks tor 2>/dev/null >/dev/null if [ $? -ne 0 ]; then @@ -25,7 +25,7 @@ then echo echo "Please run:" echo " sudo apt-get install torsocks tor" - echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion" + echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion debian-archive-keyring" exit 1 fi else

1 0

[tor-browser-bundle/hardened-builds] Preparing hardened nightly builds
by gk＠torproject.org 22 Mar '16

22 Mar '16

commit eba255bf0c2a9ba5949499afc395e4cc919b5592 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Mar 22 11:03:52 2016 +0000 Preparing hardened nightly builds --- gitian/versions.nightly | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitian/versions.nightly b/gitian/versions.nightly index dd8989e..43c3c9a 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -1,6 +1,6 @@ TORBROWSER_VERSION_TYPE=nightly -TORBROWSER_VERSION=tbb-nightly -TORBROWSER_BUILDDIR=tbb-nightly +TORBROWSER_VERSION=tbb-nightly-hardened +TORBROWSER_BUILDDIR=tbb-nightly-hardened TORBROWSER_SYMLINK_VERSION=0 BUNDLE_LOCALES="ar ru zh-CN" BUNDLE_LOCALES_LINUX="ja"

1 0

[tor-browser-bundle/master] Bug 13252: OS X nightly builds should use the new layout
by gk＠torproject.org 20 Mar '16

20 Mar '16

commit 03680a64d899a2f86c710ea764c2d2aac796539a Author: Georg Koppen <gk(a)torproject.org> Date: Sun Mar 20 20:26:31 2016 +0000 Bug 13252: OS X nightly builds should use the new layout --- gitian/versions.nightly | 3 +++ 1 file changed, 3 insertions(+) diff --git a/gitian/versions.nightly b/gitian/versions.nightly index f3d0937..ae38daf 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -8,6 +8,9 @@ BUNDLE_LOCALES_WIN32="ja" BUNDLE_LOCALES_MAC="ja-JP-mac" BUILD_PT_BUNDLES=1 +# DATA_OUTSIDE_APP_DIR is only implemented for Mac OS. +DATA_OUTSIDE_APP_DIR=1 + # If you remove MULTI_LINGUAL=1, be sure to use a version of Tor Launcher # that does not include the language prompt. MULTI_LINGUAL=1

1 0

[tor-browser-bundle/master] Bug 13252: Use the special meek tag (nighlies)
by gk＠torproject.org 19 Mar '16

19 Mar '16

commit 3a5626618641ff45e3431700fe74932644a4e98b Author: Georg Koppen <gk(a)torproject.org> Date: Sat Mar 19 20:24:45 2016 +0000 Bug 13252: Use the special meek tag (nighlies) We need to use a special meek tag to test the changes needed for signing the OS X builds the OS X way. dcf created it for this purpose. --- gitian/versions.nightly | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 1ce29a0..f3d0937 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -34,7 +34,7 @@ FTEPROXY_TAG=master LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 GOPTLIB_TAG=master -MEEK_TAG=master +MEEK_TAG=0.22-18371-2 #master FAKETIME_TAG=70aa6b394d9341522dffe8a5a5cf5929e82cc6b9 # unsigned v0.9.6 GOED25519_TAG=c4161f4c7483313562781c61b9a20aba73daf9de GOSIPHASH_TAG=42ba037e748c9062a75e0924705c43b893edefcd

1 0

[tor-browser/tor-browser-38.7.1esr-6.0-1] Bug 13252 - Do not store data in the app bundle
by gk＠torproject.org 19 Mar '16

19 Mar '16

commit a9354c824b2435054c3d8d853606a2c7f8622f0b Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Fri Mar 18 14:20:02 2016 -0400 Bug 13252 - Do not store data in the app bundle Add an --enable-tor-browser-data-outside-app-dir configure option. When this is enabled, all user data is stored in a directory named TorBrowser-Data which is located next to the application directory. The first time an updated browser is opened, migrate the existing browser profile, Tor data directory contents, and UpdateInfo to the TorBrowser-Data directory. If migration of the browser profile fails, an error alert is displayed and the browser is started using a new profile. Display an informative error messages if the TorBrowser-Data directory cannot be created due to an "access denied" or a "read only volume" error. Add support for installing "override" preferences within the user's browser profile. All .js files in distribution/preferences (on Mac OS, Contents/Resources/distribution/preferences) will be copied to the preferences directory within the user's browser profile when the profile is created and each time Tor Browser is updated. This mechanism will be used to install the extension-overrides.js file into the profile. On Mac OS, add support for the --invisible command line option which is used by the meek-http-helper to avoid showing an icon for the helper browser on the dock. --- .mozconfig-mac | 1 + configure.in | 11 + .../mozapps/profile/profileSelection.properties | 1 + toolkit/mozapps/extensions/AddonManager.jsm | 29 ++ .../mozapps/extensions/internal/XPIProvider.jsm | 59 ++++ toolkit/xre/nsAppRunner.cpp | 303 ++++++++++++++++++++- toolkit/xre/nsXREDirProvider.cpp | 10 + xpcom/io/nsAppFileLocationProvider.cpp | 14 + 8 files changed, 417 insertions(+), 11 deletions(-) diff --git a/.mozconfig-mac b/.mozconfig-mac index 8ae44da..dc77c3b 100644 --- a/.mozconfig-mac +++ b/.mozconfig-mac @@ -23,6 +23,7 @@ ac_add_options --disable-debug ac_add_options --with-macos-private-frameworks="$CROSS_PRIVATE_FRAMEWORKS" +ac_add_options --enable-tor-browser-data-outside-app-dir ac_add_options --enable-tor-browser-update ac_add_options --enable-update-packaging ac_add_options --enable-signmar diff --git a/configure.in b/configure.in index 132c72e..45dee7c 100644 --- a/configure.in +++ b/configure.in @@ -6518,9 +6518,20 @@ if test -n "$TOR_BROWSER_UPDATE"; then AC_DEFINE(TOR_BROWSER_UPDATE) fi +MOZ_ARG_ENABLE_BOOL(tor-browser-data-outside-app-dir, +[ --enable-tor-browser-data-outside-app-dir + Enable Tor Browser data outside of app directory], + TOR_BROWSER_DATA_OUTSIDE_APP_DIR=1, + TOR_BROWSER_DATA_OUTSIDE_APP_DIR= ) + +if test -n "$TOR_BROWSER_DATA_OUTSIDE_APP_DIR"; then + AC_DEFINE(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) +fi + AC_DEFINE_UNQUOTED(TOR_BROWSER_VERSION,"$TOR_BROWSER_VERSION") AC_SUBST(TOR_BROWSER_VERSION) AC_SUBST(TOR_BROWSER_UPDATE) +AC_SUBST(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) dnl ======================================================== dnl build the tests by default diff --git a/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties b/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties index 3cf48ff..f5cb77a 100644 --- a/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties +++ b/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties @@ -17,6 +17,7 @@ profileProblemTitle=%S Profile Problem profileReadOnly=You cannot run %S from a read-only file system. Please copy %S to another location before trying to use it. profileReadOnlyMac=You cannot run %S from a read-only file system. Please copy %S to your Desktop or Applications folder before trying to use it. profileAccessDenied=%S does not have permission to access the profile. Please adjust your file system permissions and try again. +profileMigrationFailed=Migration of your existing %S profile failed.\nNew settings will be used. # Profile manager # LOCALIZATION NOTE (profileTooltip): First %S is the profile name, second %S is the path to the profile folder. profileTooltip=Profile: '%S' - Path: '%S' diff --git a/toolkit/mozapps/extensions/AddonManager.jsm b/toolkit/mozapps/extensions/AddonManager.jsm index ed07718..52eebf2 100644 --- a/toolkit/mozapps/extensions/AddonManager.jsm +++ b/toolkit/mozapps/extensions/AddonManager.jsm @@ -42,6 +42,11 @@ const PREF_MATCH_OS_LOCALE = "intl.locale.matchOS"; const PREF_SELECTED_LOCALE = "general.useragent.locale"; const UNKNOWN_XPCOM_ABI = "unknownABI"; +#ifdef TOR_BROWSER_VERSION +#expand const TOR_BROWSER_VERSION = __TOR_BROWSER_VERSION__; +const PREF_EM_LAST_TORBROWSER_VERSION = "extensions.lastTorBrowserVersion"; +#endif + const UPDATE_REQUEST_VERSION = 2; const CATEGORY_UPDATE_PARAMS = "extension-update-params"; @@ -866,6 +871,30 @@ var AddonManagerInternal = { this.validateBlocklist(); } +#ifdef TOR_BROWSER_VERSION + // To ensure that extension override prefs are reinstalled into the + // user's profile after each update, set appChanged = true if the + // Mozilla app version has not changed but the Tor Browser version + // has changed. + let tbChanged = undefined; + try { + tbChanged = TOR_BROWSER_VERSION != + Services.prefs.getCharPref(PREF_EM_LAST_TORBROWSER_VERSION); + } + catch (e) { } + if (tbChanged !== false) { + // Because PREF_EM_LAST_TORBROWSER_VERSION was not present in older + // versions of Tor Browser, an app change is indicated when tbChanged + // is undefined or true. + if (appChanged === false) { + appChanged = true; + } + + Services.prefs.setCharPref(PREF_EM_LAST_TORBROWSER_VERSION, + TOR_BROWSER_VERSION); + } +#endif + #ifndef MOZ_COMPATIBILITY_NIGHTLY PREF_EM_CHECK_COMPATIBILITY = PREF_EM_CHECK_COMPATIBILITY_BASE + "." + Services.appinfo.version.replace(BRANCH_REGEXP, "$1"); diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm index e43668f..0da7a93 100644 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm @@ -99,6 +99,7 @@ const URI_EXTENSION_STRINGS = "chrome://mozapps/locale/extensions/exte const STRING_TYPE_NAME = "type.%ID%.name"; const DIR_EXTENSIONS = "extensions"; +const DIR_PREFERENCES = "preferences"; const DIR_STAGE = "staged"; const DIR_XPI_STAGE = "staged-xpis"; const DIR_TRASH = "trash"; @@ -2820,6 +2821,58 @@ this.XPIProvider = { }, /** + * Installs any preference files located in the preferences directory of the + * application's distribution specific directory into the profile. + * + * @return true if any preference files were installed + */ + installDistributionPreferences: function XPI_installDistributionPreferences() { + let distroDir; + try { + distroDir = FileUtils.getDir(KEY_APP_DISTRIBUTION, [DIR_PREFERENCES]); + } + catch (e) { + return false; + } + + if (!distroDir.exists() || !distroDir.isDirectory()) + return false; + + let changed = false; + let prefOverrideDir = Services.dirsvc.get("PrefDOverride", Ci.nsIFile); + + let entries = distroDir.directoryEntries + .QueryInterface(Ci.nsIDirectoryEnumerator); + let entry; + while ((entry = entries.nextFile)) { + let fileName = entry.leafName; + if (!entry.isFile() || + fileName.substring(fileName.length - 3).toLowerCase() != ".js") { + logger.debug("Ignoring distribution preference that isn't a JS file: " + + entry.path); + continue; + } + + try { + if (!prefOverrideDir.exists()) { + prefOverrideDir.create(Ci.nsIFile.DIRECTORY_TYPE, + FileUtils.PERMS_DIRECTORY); + } + + entry.copyTo(prefOverrideDir, null); + changed = true; + } catch (e) { + logger.debug("Unable to copy " + entry.path + " to " + + prefOverrideDir.path); + } + } + + entries.close(); + + return changed; + }, + + /** * Compares the add-ons that are currently installed to those that were * known to be installed when the application last ran and applies any * changes found to the database. Also sends "startupcache-invalidate" signal to @@ -3549,6 +3602,12 @@ this.XPIProvider = { if (updated) { updateReasons.push("installDistributionAddons"); } + + // Also copy distribution preferences to the user's profile. + updated = this.installDistributionPreferences(); + if (updated) { + updateReasons.push("installDistributionPreferences"); + } } // Telemetry probe added around getInstallState() to check perf diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp index 0ffb495..4eb084b 100644 --- a/toolkit/xre/nsAppRunner.cpp +++ b/toolkit/xre/nsAppRunner.cpp @@ -1864,11 +1864,30 @@ GetOverrideStringBundle(nsIStringBundleService* aSBS, nsIStringBundle* *aResult) *aResult = nullptr; - // Build Torbutton file URI string by starting from the profiles directory. nsXREDirProvider* dirProvider = nsXREDirProvider::GetSingleton(); if (!dirProvider) return; +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + // Build Torbutton file URI by starting from the distribution directory. + bool persistent = false; // ignored + nsCOMPtr<nsIFile> distribDir; + nsresult rv = dirProvider->GetFile(XRE_APP_DISTRIBUTION_DIR, &persistent, + getter_AddRefs(distribDir)); + if (NS_FAILED(rv)) + return; + + // Create file URI, extract as string, and append Torbutton xpi relative path. + nsCOMPtr<nsIURI> uri; + nsAutoCString uriString; + if (NS_FAILED(NS_NewFileURI(getter_AddRefs(uri), distribDir)) || + NS_FAILED(uri->GetSpec(uriString))) { + return; + } + + uriString.Append("extensions/torbutton(a)torproject.org.xpi"); +#else + // Build Torbutton file URI string by starting from the profiles directory. bool persistent = false; // ignored nsCOMPtr<nsIFile> profilesDir; nsresult rv = dirProvider->GetFile(NS_APP_USER_PROFILES_ROOT_DIR, &persistent, @@ -1885,6 +1904,7 @@ GetOverrideStringBundle(nsIStringBundleService* aSBS, nsIStringBundle* *aResult) } uriString.Append("profile.default/extensions/torbutton(a)torproject.org.xpi"); +#endif nsCString userAgentLocale; if (!NS_SUCCEEDED(Preferences::GetCString("general.useragent.locale", @@ -1934,6 +1954,9 @@ enum ProfileStatus { PROFILE_STATUS_READ_ONLY, PROFILE_STATUS_IS_LOCKED, PROFILE_STATUS_OTHER_ERROR +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + , PROFILE_STATUS_MIGRATION_FAILED +#endif }; static const char kProfileProperties[] = @@ -1973,6 +1996,8 @@ private: } // anonymous namespace +// If aUnlocker is NULL, it is also OK for the following arguments to be NULL: +// aProfileDir, aProfileLocalDir, aResult. static ReturnAbortOnError ProfileErrorDialog(nsIFile* aProfileDir, nsIFile* aProfileLocalDir, ProfileStatus aStatus, nsIProfileUnlocker* aUnlocker, @@ -1984,7 +2009,8 @@ ProfileErrorDialog(nsIFile* aProfileDir, nsIFile* aProfileLocalDir, rv = xpcom.Initialize(); NS_ENSURE_SUCCESS(rv, rv); - mozilla::Telemetry::WriteFailedProfileLock(aProfileDir); + if (aProfileDir) + mozilla::Telemetry::WriteFailedProfileLock(aProfileDir); rv = xpcom.SetWindowCreator(aNative); NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE); @@ -2015,21 +2041,27 @@ ProfileErrorDialog(nsIFile* aProfileDir, nsIFile* aProfileLocalDir, static const char16_t kReadOnly[] = MOZ_UTF16("profileReadOnlyMac"); #endif static const char16_t kAccessDenied[] = MOZ_UTF16("profileAccessDenied"); +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + static const char16_t kMigrationFailed[] = MOZ_UTF16("profileMigrationFailed"); +#endif const char16_t* errorKey = aUnlocker ? kRestartUnlocker : kRestartNoUnlocker; + const char16_t* titleKey = MOZ_UTF16("profileProblemTitle"); if (PROFILE_STATUS_READ_ONLY == aStatus) errorKey = kReadOnly; +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + else if (PROFILE_STATUS_MIGRATION_FAILED == aStatus) + errorKey = kMigrationFailed; +#endif else if (PROFILE_STATUS_ACCESS_DENIED == aStatus) errorKey = kAccessDenied; + else + titleKey = MOZ_UTF16("restartTitle"); + GetFormattedString(overrideSB, sb, errorKey, params, 2, getter_Copies(killMessage)); - const char16_t* titleKey = ((PROFILE_STATUS_READ_ONLY == aStatus) || - (PROFILE_STATUS_ACCESS_DENIED == aStatus)) - ? MOZ_UTF16("profileProblemTitle") - : MOZ_UTF16("restartTitle"); - nsXPIDLString killTitle; GetFormattedString(overrideSB, sb, titleKey, params, 1, getter_Copies(killTitle)); @@ -2073,7 +2105,8 @@ ProfileErrorDialog(nsIFile* aProfileDir, nsIFile* aProfileLocalDir, } } else { #ifdef MOZ_WIDGET_ANDROID - if (mozilla::widget::GeckoAppShell::UnlockProfile()) { + if (aProfileDir && aProfileLocalDir && aResult && + mozilla::widget::GeckoAppShell::UnlockProfile()) { return NS_LockProfilePath(aProfileDir, aProfileLocalDir, nullptr, aResult); } @@ -2360,6 +2393,215 @@ static ProfileStatus CheckProfileWriteAccess(nsIToolkitProfile* aProfile) return CheckProfileWriteAccess(profileDir); } +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR +// Obtain an nsIFile for the app root directory, e.g., TorBrowser.app on +// Mac OS and the directory that contains Browser/ on Linux and Windows. +static nsresult GetAppRootDir(nsIFile *aAppDir, nsIFile **aAppRootDir) +{ + NS_ENSURE_ARG_POINTER(aAppDir); + +#ifdef XP_MACOSX + nsCOMPtr<nsIFile> tmpDir; + nsresult rv = aAppDir->GetParent(getter_AddRefs(tmpDir)); + NS_ENSURE_SUCCESS(rv, rv); + return tmpDir->GetParent(aAppRootDir); +#else + return aAppDir->Clone(aAppRootDir); +#endif +} + +static ProfileStatus CheckTorBrowserDataWriteAccess(nsIFile *aAppDir) +{ + // Check whether we can write to the directory that will contain + // TorBrowser-Data, i.e., the directory that is above the application + // root directory. + nsCOMPtr<nsIFile> appRootDir; + nsresult rv = GetAppRootDir(aAppDir, getter_AddRefs(appRootDir)); + NS_ENSURE_SUCCESS(rv, PROFILE_STATUS_OTHER_ERROR); + nsCOMPtr<nsIFile> tbDataDirParent; + rv = appRootDir->GetParent(getter_AddRefs(tbDataDirParent)); + NS_ENSURE_SUCCESS(rv, PROFILE_STATUS_OTHER_ERROR); + return CheckProfileWriteAccess(tbDataDirParent); +} + +// Move the directory defined by combining aSrcParentDir and aSrcRelativePath +// to the location defined by combining aDestParentDir and aDestRelativePath. +// If the source directory does not exist, no changes are made and NS_OK is +// returned. +// If the destination directory exists, its contents are removed after the +// source directory has been moved (if the move fails for some reason, the +// original contents of the destination directory are restored). +static nsresult +migrateOneTorBrowserDataDir(nsIFile *aSrcParentDir, + const nsACString &aSrcRelativePath, + nsIFile *aDestParentDir, + const nsACString &aDestRelativePath) +{ + NS_ENSURE_ARG_POINTER(aSrcParentDir); + NS_ENSURE_ARG_POINTER(aDestParentDir); + + nsCOMPtr<nsIFile> srcDir; + nsresult rv = aSrcParentDir->Clone(getter_AddRefs(srcDir)); + NS_ENSURE_SUCCESS(rv, rv); + if (!aSrcRelativePath.IsEmpty()) { + rv = srcDir->AppendRelativeNativePath(aSrcRelativePath); + NS_ENSURE_SUCCESS(rv, rv); + } + + bool srcDirExists = false; + srcDir->Exists(&srcDirExists); + if (!srcDirExists) + return NS_OK; // Old data does not exist; skip migration. + + nsCOMPtr<nsIFile> destDir; + rv = aDestParentDir->Clone(getter_AddRefs(destDir)); + NS_ENSURE_SUCCESS(rv, rv); + if (!aDestRelativePath.IsEmpty()) { + rv = destDir->AppendRelativeNativePath(aDestRelativePath); + NS_ENSURE_SUCCESS(rv, rv); + } + + nsCOMPtr<nsIFile> destParentDir; + rv = destDir->GetParent(getter_AddRefs(destParentDir)); + NS_ENSURE_SUCCESS(rv, rv); + + nsAutoString destLeafName; + rv = destDir->GetLeafName(destLeafName); + NS_ENSURE_SUCCESS(rv, rv); + + bool destDirExists = false; + destDir->Exists(&destDirExists); + nsCOMPtr<nsIFile> tmpDir; + if (destDirExists) { + // The destination directory exists. When we are migrating an old + // Tor Browser profile, we expect this to be the case because we first + // allow the standard Mozilla startup code to create a new profile as + // usual, and then later (here) we set aside that profile directory and + // replace it with the old Tor Browser profile that we need to migrate. + // For now, move the Mozilla profile directory aside and set tmpDir to + // point to its new, temporary location in case migration fails and we + // need to restore the profile that was created by the Mozilla code. + nsAutoString tmpName(NS_LITERAL_STRING("tmp")); + rv = destDir->RenameTo(nullptr, tmpName); + NS_ENSURE_SUCCESS(rv, rv); + nsCOMPtr<nsIFile> dir; + rv = destParentDir->Clone(getter_AddRefs(dir)); + NS_ENSURE_SUCCESS(rv, rv); + rv = dir->Append(tmpName); + NS_ENSURE_SUCCESS(rv, rv); + tmpDir = dir; + } + + // Move the old directory to the new location using MoveTo() so that + // timestamps are preserved (MoveTo() is atomic as long as the source and + // destination are on the same volume). + rv = srcDir->MoveTo(destParentDir, destLeafName); + if (NS_FAILED(rv)) { + // The move failed. Restore the directory that we were trying to replace. + if (tmpDir) + tmpDir->RenameTo(nullptr, destLeafName); + return rv; + } + + // Success. If we set aside a directory earlier by renaming it, remove it. + if (tmpDir) + tmpDir->Remove(true); + + return NS_OK; +} + +static nsresult +deleteFile(nsIFile *aParentDir, const nsACString &aRelativePath) +{ + NS_ENSURE_ARG_POINTER(aParentDir); + + nsCOMPtr<nsIFile> file; + nsresult rv = aParentDir->Clone(getter_AddRefs(file)); + NS_ENSURE_SUCCESS(rv, rv); + if (!aRelativePath.IsEmpty()) { + rv = file->AppendRelativeNativePath(aRelativePath); + NS_ENSURE_SUCCESS(rv, rv); + } + + return file->Remove(false); +} + +// When this function is called, aProfile is a brand new profile and +// aAppDir is the directory that contains the firefox executable. +// Our strategy is to check if an old "in application" profile exists at +// <AppRootDir>/TorBrowser/Data/Browser/profile.default. If so, we set +// aside the new profile directory and replace it with the old one. +// We use a similar approach for the Tor data and UpdateInfo directories. +static nsresult +migrateInAppTorBrowserProfile(nsIToolkitProfile *aProfile, nsIFile *aAppDir) +{ + NS_ENSURE_ARG_POINTER(aProfile); + NS_ENSURE_ARG_POINTER(aAppDir); + + nsCOMPtr<nsIFile> appRootDir; + nsresult rv = GetAppRootDir(aAppDir, getter_AddRefs(appRootDir)); + NS_ENSURE_SUCCESS(rv, rv); + + // Create an nsIFile for the old <AppRootDir>/TorBrowser directory. + nsCOMPtr<nsIFile> oldTorBrowserDir; + rv = appRootDir->Clone(getter_AddRefs(oldTorBrowserDir)); + NS_ENSURE_SUCCESS(rv, rv); + rv = oldTorBrowserDir->AppendRelativeNativePath( + NS_LITERAL_CSTRING("TorBrowser")); + NS_ENSURE_SUCCESS(rv, rv); + + // Create an nsIFile for the TorBrowser-Data directory (next to the app). + nsCOMPtr<nsIFile> newTBDataDir; + rv = appRootDir->GetParent(getter_AddRefs(newTBDataDir)); + NS_ENSURE_SUCCESS(rv, rv); + rv = newTBDataDir->AppendRelativeNativePath( + NS_LITERAL_CSTRING("TorBrowser-Data")); + NS_ENSURE_SUCCESS(rv, rv); + + // Try to migrate the browser profile. If this fails, we return an error + // code and we do not try to migrate any other data. + nsCOMPtr<nsIFile> newProfileDir; + rv = aProfile->GetRootDir(getter_AddRefs(newProfileDir)); + NS_ENSURE_SUCCESS(rv, rv); + nsAutoCString path(NS_LITERAL_CSTRING("Data" XPCOM_FILE_PATH_SEPARATOR + "Browser" XPCOM_FILE_PATH_SEPARATOR "profile.default")); + rv = migrateOneTorBrowserDataDir(oldTorBrowserDir, path, + newProfileDir, NS_LITERAL_CSTRING("")); + NS_ENSURE_SUCCESS(rv, rv); // Return immediately upon failure. + + // Try to migrate the Tor data directory but do not return upon failure. + nsAutoCString torDataDirPath(NS_LITERAL_CSTRING("Data" + XPCOM_FILE_PATH_SEPARATOR "Tor")); + rv = migrateOneTorBrowserDataDir(oldTorBrowserDir, torDataDirPath, + newTBDataDir, NS_LITERAL_CSTRING("Tor")); + if (NS_SUCCEEDED(rv)) { + // Make a "best effort" attempt to remove the Tor data files that should + // no longer be stored in the Tor user data directory (they have been + // relocated to a read-only Tor directory, e.g., + // TorBrowser.app/Contents/Resources/TorBrowser/Tor. + deleteFile(newTBDataDir, + NS_LITERAL_CSTRING("Tor" XPCOM_FILE_PATH_SEPARATOR "geoip")); + deleteFile(newTBDataDir, + NS_LITERAL_CSTRING("Tor" XPCOM_FILE_PATH_SEPARATOR "geoip6")); + deleteFile(newTBDataDir, + NS_LITERAL_CSTRING("Tor" XPCOM_FILE_PATH_SEPARATOR "torrc-defaults")); + } + + // Try to migrate the UpdateInfo directory. + nsAutoCString updateInfoPath(NS_LITERAL_CSTRING("UpdateInfo")); + nsresult rv2 = migrateOneTorBrowserDataDir(oldTorBrowserDir, updateInfoPath, + newTBDataDir, updateInfoPath); + + // If all pieces of the migration succeeded, remove the old TorBrowser + // directory. + if (NS_SUCCEEDED(rv) && NS_SUCCEEDED(rv2)) { + oldTorBrowserDir->Remove(true); + } + + return NS_OK; +} +#endif + static bool gDoMigration = false; static bool gDoProfileReset = false; @@ -2372,7 +2614,8 @@ static bool gDoProfileReset = false; // 5) if there are *no* profiles, set up profile-migration // 6) display the profile-manager UI static nsresult -SelectProfile(nsIProfileLock* *aResult, nsIToolkitProfileService* aProfileSvc, nsINativeAppSupport* aNative, +SelectProfile(nsIProfileLock* *aResult, nsIToolkitProfileService* aProfileSvc, + nsIFile *aAppDir, nsINativeAppSupport* aNative, bool* aStartOffline, nsACString* aProfileName) { StartupTimeline::Record(StartupTimeline::SELECT_PROFILE); @@ -2653,6 +2896,20 @@ SelectProfile(nsIProfileLock* *aResult, nsIToolkitProfileService* aProfileSvc, n aProfileSvc->SetDefaultProfile(profile); #endif aProfileSvc->Flush(); +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + // Handle migration from an older version of Tor Browser in which the + // user data was stored inside the application directory. + rv = migrateInAppTorBrowserProfile(profile, aAppDir); + if (!NS_SUCCEEDED(rv)) { + // Display an error alert and continue startup. Since XPCOM was + // initialized in a limited way inside ProfileErrorDialog() and + // because it cannot be reinitialized, use LaunchChild() to start + // the browser. + ProfileErrorDialog(profile, PROFILE_STATUS_MIGRATION_FAILED, nullptr, + aNative, aResult); + return LaunchChild(aNative); + } +#endif rv = profile->Lock(nullptr, aResult); if (NS_SUCCEEDED(rv)) { if (aProfileName) @@ -3255,6 +3512,14 @@ XREMain::XRE_mainInit(bool* aExitFlag) NS_BREAK(); #endif +#if defined(XP_MACOSX) && defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) + bool hideDockIcon = (CheckArg("invisible") == ARG_FOUND); + if (hideDockIcon) { + ProcessSerialNumber psn = { 0, kCurrentProcess }; + TransformProcessType(&psn, kProcessTransformToBackgroundApplication); + } +#endif + #ifdef USE_GLX_TEST // bug 639842 - it's very important to fire this process BEFORE we set up // error handling. indeed, this process is expected to be crashy, and we @@ -4042,6 +4307,22 @@ XREMain::XRE_mainStartup(bool* aExitFlag) #endif rv = NS_NewToolkitProfileService(getter_AddRefs(mProfileSvc)); +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + if (NS_FAILED(rv)) { + // NS_NewToolkitProfileService() returns a generic NS_ERROR_FAILURE error + // if creation of the TorBrowser-Data directory fails due to access denied + // or because of a read-only disk volume. Do an extra check here to detect + // these errors so we can display an informative error message. + ProfileStatus status = CheckTorBrowserDataWriteAccess(exeDir); + if ((PROFILE_STATUS_ACCESS_DENIED == status) || + (PROFILE_STATUS_READ_ONLY == status)) { + ProfileErrorDialog(nullptr, nullptr, status, nullptr, mNativeApp, + nullptr); + return 1; + } + } +#endif + if (rv == NS_ERROR_FILE_ACCESS_DENIED) { PR_fprintf(PR_STDERR, "Error: Access was denied while trying to open files in " \ "your profile directory.\n"); @@ -4052,8 +4333,8 @@ XREMain::XRE_mainStartup(bool* aExitFlag) return 1; } - rv = SelectProfile(getter_AddRefs(mProfileLock), mProfileSvc, mNativeApp, &mStartOffline, - &mProfileName); + rv = SelectProfile(getter_AddRefs(mProfileLock), mProfileSvc, exeDir, + mNativeApp, &mStartOffline, &mProfileName); if (rv == NS_ERROR_LAUNCHED_CHILD_PROCESS || rv == NS_ERROR_ABORT) { *aExitFlag = true; diff --git a/toolkit/xre/nsXREDirProvider.cpp b/toolkit/xre/nsXREDirProvider.cpp index 1dce593..ab652a4 100644 --- a/toolkit/xre/nsXREDirProvider.cpp +++ b/toolkit/xre/nsXREDirProvider.cpp @@ -1222,11 +1222,21 @@ nsXREDirProvider::GetUserDataDirectoryHome(nsIFile** aFile, bool aLocal) NS_ENSURE_ARG_POINTER(aFile); nsCOMPtr<nsIFile> localDir; +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + nsCOMPtr<nsIFile> appRootDir; + nsresult rv = GetAppRootDir(getter_AddRefs(appRootDir)); + NS_ENSURE_SUCCESS(rv, rv); + rv = appRootDir->GetParent(getter_AddRefs(localDir)); + NS_ENSURE_SUCCESS(rv, rv); + rv = localDir->AppendRelativeNativePath(NS_LITERAL_CSTRING("TorBrowser-Data" + XPCOM_FILE_PATH_SEPARATOR "Browser")); +#else nsresult rv = GetAppRootDir(getter_AddRefs(localDir)); NS_ENSURE_SUCCESS(rv, rv); rv = localDir->AppendRelativeNativePath(NS_LITERAL_CSTRING("TorBrowser" XPCOM_FILE_PATH_SEPARATOR "Data" XPCOM_FILE_PATH_SEPARATOR "Browser")); +#endif NS_ENSURE_SUCCESS(rv, rv); if (aLocal) { diff --git a/xpcom/io/nsAppFileLocationProvider.cpp b/xpcom/io/nsAppFileLocationProvider.cpp index f93e7f4..4948dbe 100644 --- a/xpcom/io/nsAppFileLocationProvider.cpp +++ b/xpcom/io/nsAppFileLocationProvider.cpp @@ -280,8 +280,13 @@ nsAppFileLocationProvider::CloneMozBinDirectory(nsIFile** aLocalFile) //---------------------------------------------------------------------------------------- // GetProductDirectory - Gets the directory which contains the application data folder // +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR +// UNIX and WIN : <App Folder>/../TorBrowser-Data/Browser +// Mac : <App Folder>/../../../TorBrowser-Data/Browser +#else // UNIX and WIN : <App Folder>/TorBrowser/Data/Browser // Mac : <App Folder>/../../TorBrowser/Data/Browser +#endif //---------------------------------------------------------------------------------------- NS_METHOD nsAppFileLocationProvider::GetProductDirectory(nsIFile** aLocalFile, @@ -298,7 +303,11 @@ nsAppFileLocationProvider::GetProductDirectory(nsIFile** aLocalFile, rv = CloneMozBinDirectory(getter_AddRefs(localDir)); NS_ENSURE_SUCCESS(rv, rv); +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + int levelsToRemove = 2; // In FF21+, bin dir points to browser subdirectory. +#else int levelsToRemove = 1; // In FF21+, bin dir points to browser subdirectory. +#endif #if defined(XP_MACOSX) levelsToRemove += 2; #endif @@ -324,9 +333,14 @@ nsAppFileLocationProvider::GetProductDirectory(nsIFile** aLocalFile, return NS_ERROR_FAILURE; } +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + rv = localDir->AppendRelativeNativePath(NS_LITERAL_CSTRING("TorBrowser-Data" + XPCOM_FILE_PATH_SEPARATOR "Browser")); +#else rv = localDir->AppendRelativeNativePath(NS_LITERAL_CSTRING("TorBrowser" XPCOM_FILE_PATH_SEPARATOR "Data" XPCOM_FILE_PATH_SEPARATOR "Browser")); +#endif NS_ENSURE_SUCCESS(rv, rv); if (aLocal) {

1 0

[tor-browser/tor-browser-38.7.1esr-6.0-1] fixup! Bug 16940: After update, load local change notes.
by gk＠torproject.org 19 Mar '16

19 Mar '16

commit c1b7d7e2f51f89ab19018e99fe62f8654d3cecb8 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Mon Feb 29 14:47:01 2016 -0500 fixup! Bug 16940: After update, load local change notes. When built with --enable-tor-browser-data-outside-app-dir, account for the new Mac OS directory structure (see bug #13252). --- browser/base/content/content.js | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/browser/base/content/content.js b/browser/base/content/content.js index d1afdb9..a56d7ff 100644 --- a/browser/base/content/content.js +++ b/browser/base/content/content.js @@ -597,15 +597,30 @@ let AboutTBUpdateListener = { // Read and return the text from the beginning of the changelog file that is // located at TorBrowser/Docs/ChangeLog.txt. + // On Mac OS, when building with --enable-tor-browser-data-outside-app-dir + // to support Gatekeeper signing, the file is located in + // TorBrowser.app/Contents/Resources/TorBrowser/Docs/. + // // When electrolysis is enabled we will need to adopt an architecture that is // more similar to the one that is used for about:home (see AboutHomeListener // in this file and browser/modules/AboutHome.jsm). getChangeLogText: function() { try { +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + // "XREExeF".parent is the directory that contains firefox, i.e., + // Browser/ or, on Mac OS, TorBrowser.app/Contents/MacOS/. + let f = Services.dirsvc.get("XREExeF", Ci.nsIFile).parent; +#ifdef XP_MACOSX + f = f.parent; + f.append("Resources"); +#endif + f.append("TorBrowser"); +#else // "DefProfRt" is .../TorBrowser/Data/Browser let f = Cc["@mozilla.org/file/directory_service;1"] .getService(Ci.nsIProperties).get("DefProfRt", Ci.nsIFile); f = f.parent.parent; // Remove "Data/Browser" +#endif f.append("Docs"); f.append("ChangeLog.txt");

1 0

[tor-browser/tor-browser-38.7.1esr-6.0-1] fixup! Bug #4234: Use the Firefox Update Process for Tor Browser.
by gk＠torproject.org 19 Mar '16

19 Mar '16

commit 38e31a62d48dd8ea8bee02673b7050338fc1c22a Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Mon Feb 29 16:55:06 2016 -0500 fixup! Bug #4234: Use the Firefox Update Process for Tor Browser. When built with --enable-tor-browser-data-outside-app-dir, account for the new Mac OS directory structure (see bug #13252). Many of the updater changes we made earlier are no longer needed. Also, fix a JS warning inside toolkit/mozapps/update/nsUpdateService.js and improve startup time logging of update status. --- config/createprecomplete.py | 4 ++ toolkit/mozapps/update/nsUpdateService.js | 3 +- toolkit/mozapps/update/updater/updater.cpp | 18 ++++-- toolkit/xre/nsUpdateDriver.cpp | 36 +++++++++++- toolkit/xre/nsXREDirProvider.cpp | 14 +++++ tools/update-packaging/common.sh | 4 ++ tools/update-packaging/make_full_update.sh | 21 +++++-- tools/update-packaging/make_incremental_update.sh | 71 ++++++++++++++--------- 8 files changed, 128 insertions(+), 43 deletions(-) diff --git a/config/createprecomplete.py b/config/createprecomplete.py index 48cba96..be571be 100644 --- a/config/createprecomplete.py +++ b/config/createprecomplete.py @@ -10,6 +10,10 @@ import sys import os +# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms, +# we should remove all lines in this file that contain: +# TorBrowser/Data + def get_build_entries(root_path): """ Iterates through the root_path, creating a list for each file and directory. Excludes any file paths ending with channel-prefs.js. diff --git a/toolkit/mozapps/update/nsUpdateService.js b/toolkit/mozapps/update/nsUpdateService.js index e720ae4..2d443a7 100644 --- a/toolkit/mozapps/update/nsUpdateService.js +++ b/toolkit/mozapps/update/nsUpdateService.js @@ -1025,7 +1025,7 @@ function getUpdatesDirInApplyToDir() { #endif dir.append(UPDATED_DIR); #ifdef XP_MACOSX -#ifdef TOR_BROWSER_UPDATE +#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) dir.append("TorBrowser"); dir.append("UpdateInfo"); #else @@ -4051,6 +4051,7 @@ Downloader.prototype = { createInstance(Ci.nsIFileInputStream); fileStream.init(destination, FileUtils.MODE_RDONLY, FileUtils.PERMS_FILE, 0); + let digest; try { var hash = Cc["@mozilla.org/security/hash;1"]. createInstance(Ci.nsICryptoHash); diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp index 31a5dac..e089a2a 100644 --- a/toolkit/mozapps/update/updater/updater.cpp +++ b/toolkit/mozapps/update/updater/updater.cpp @@ -2281,7 +2281,7 @@ static int CopyInstallDirToDestDir() { // These files should not be copied over to the updated app -#ifdef TOR_BROWSER_UPDATE +#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) #ifdef XP_WIN #define SKIPLIST_COUNT 6 #else @@ -2297,7 +2297,7 @@ CopyInstallDirToDestDir() #endif #endif copy_recursive_skiplist<SKIPLIST_COUNT> skiplist; -#ifdef TOR_BROWSER_UPDATE +#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) #ifdef XP_MACOSX skiplist.append(0, gInstallDirPath, NS_T("Updated.app")); skiplist.append(1, gInstallDirPath, NS_T("TorBrowser/UpdateInfo/updates/0")); @@ -2312,7 +2312,7 @@ CopyInstallDirToDestDir() #endif #endif -#ifdef TOR_BROWSER_UPDATE +#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) #ifdef XP_WIN skiplist.append(SKIPLIST_COUNT - 3, gInstallDirPath, NS_T("TorBrowser/Data/Browser/profile.default/parent.lock")); @@ -2454,7 +2454,7 @@ ProcessReplaceRequest() // On OS X, we we need to remove the staging directory after its Contents // directory has been moved. NS_tchar updatedAppDir[MAXPATHLEN]; -#ifdef TOR_BROWSER_UPDATE +#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) NS_tsnprintf(updatedAppDir, sizeof(updatedAppDir)/sizeof(updatedAppDir[0]), NS_T("%s/Updated.app"), gInstallDirPath); // For Tor Browser on OS X, we also need to copy everything else that is inside Updated.app. @@ -3229,6 +3229,15 @@ int NS_main(int argc, NS_tchar **argv) if (!useService && !noServiceFallback && updateLockFileHandle == INVALID_HANDLE_VALUE) { #ifdef TOR_BROWSER_UPDATE +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + // Because the TorBrowser-Data directory that contains the user's + // profile is a sibling of the Tor Browser installation directory, + // the user probably has permission to apply updates. Therefore, to + // avoid potential security issues such as CVE-2015-0833, do not + // attempt to elevate privileges. Instead, write a "failed" message + // to the update status file (this function will return immediately + // after the CloseHandle(elevatedFileHandle) call below). +#else // Because the user profile is contained within the Tor Browser // installation directory, the user almost certainly has permission to // apply updates. Therefore, to avoid potential security issues such @@ -3236,6 +3245,7 @@ int NS_main(int argc, NS_tchar **argv) // write a "failed" message to the update status file (this function // will return immediately after the CloseHandle(elevatedFileHandle) // call below). +#endif WriteStatusFile(WRITE_ERROR_ACCESS_DENIED); #else SHELLEXECUTEINFO sinfo; diff --git a/toolkit/xre/nsUpdateDriver.cpp b/toolkit/xre/nsUpdateDriver.cpp index 085f439..9f61652 100644 --- a/toolkit/xre/nsUpdateDriver.cpp +++ b/toolkit/xre/nsUpdateDriver.cpp @@ -267,6 +267,33 @@ typedef enum { eAppliedService } UpdateStatus; +#ifdef DEBUG +static const char * +UpdateStatusToString(UpdateStatus aStatus) +{ + const char *rv = "unknown"; + switch (aStatus) { + case eNoUpdateAction: + rv = "NoUpdateAction"; + break; + case ePendingUpdate: + rv = "PendingUpdate"; + break; + case ePendingService: + rv = "PendingService"; + break; + case eAppliedUpdate: + rv = "AppliedUpdate"; + break; + case eAppliedService: + rv = "AppliedService"; + break; + } + + return rv; +} +#endif + /** * Returns a value indicating what needs to be done in order to handle an update. * @@ -345,6 +372,7 @@ IsOlderVersion(nsIFile *versionFile, const char *appVersion) return false; } +#ifndef TOR_BROWSER_DATA_OUTSIDE_APP_DIR #if defined(TOR_BROWSER_UPDATE) && defined(XP_MACOSX) static nsresult GetUpdateDirFromAppDir(nsIFile *aAppDir, nsIFile* *aResult) @@ -369,6 +397,7 @@ GetUpdateDirFromAppDir(nsIFile *aAppDir, nsIFile* *aResult) return NS_OK; } #endif +#endif #if defined(XP_WIN) && defined(MOZ_METRO) static bool @@ -605,7 +634,7 @@ SwitchToUpdatedApp(nsIFile *greDir, nsIFile *updateDir, nsAutoCString applyToDir; nsCOMPtr<nsIFile> updatedDir; #ifdef XP_MACOSX -#ifdef TOR_BROWSER_UPDATE +#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) rv = GetUpdateDirFromAppDir(appDir, getter_AddRefs(updatedDir)); if (NS_FAILED(rv)) { #else @@ -899,7 +928,7 @@ ApplyUpdate(nsIFile *greDir, nsIFile *updateDir, nsIFile *statusFile, applyToDir.Assign(installDirPath); } else { #ifdef XP_MACOSX -#ifdef TOR_BROWSER_UPDATE +#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) rv = GetUpdateDirFromAppDir(appDir, getter_AddRefs(updatedDir)); if (NS_FAILED(rv)) { #else @@ -1160,7 +1189,8 @@ ProcessUpdates(nsIFile *greDir, nsIFile *appDir, nsIFile *updRootDir, nsCOMPtr<nsIFile> statusFile; UpdateStatus status = GetUpdateStatus(updatesDir, statusFile); #ifdef DEBUG - printf("ProcessUpdates status: %d\n", status); + printf("ProcessUpdates status: %s (%d)\n", + UpdateStatusToString(status), status); updatesDir->GetNativePath(path); printf("ProcessUpdates updatesDir: %s\n", path.get()); #endif diff --git a/toolkit/xre/nsXREDirProvider.cpp b/toolkit/xre/nsXREDirProvider.cpp index ab652a4..675039e 100644 --- a/toolkit/xre/nsXREDirProvider.cpp +++ b/toolkit/xre/nsXREDirProvider.cpp @@ -1033,6 +1033,19 @@ nsXREDirProvider::GetUpdateRootDir(nsIFile* *aResult) #ifdef XP_MACOSX #ifdef TOR_BROWSER_UPDATE +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + // For Tor Browser, we cannot store update history, etc. under the user's + // home directory. Instead, we place it under + // Tor Browser.app/../TorBrowser-Data/UpdateInfo/ + nsCOMPtr<nsIFile> appRootDir; + rv = GetAppRootDir(getter_AddRefs(appRootDir)); + NS_ENSURE_SUCCESS(rv, rv); + nsCOMPtr<nsIFile> localDir; + rv = appRootDir->GetParent(getter_AddRefs(localDir)); + NS_ENSURE_SUCCESS(rv, rv); + rv = localDir->AppendRelativeNativePath(NS_LITERAL_CSTRING("TorBrowser-Data" + XPCOM_FILE_PATH_SEPARATOR "UpdateInfo")); +#else // For Tor Browser, we cannot store update history, etc. under the user's home directory. // Instead, we place it under Tor Browser.app/TorBrowser/UpdateInfo/ nsCOMPtr<nsIFile> localDir; @@ -1041,6 +1054,7 @@ nsXREDirProvider::GetUpdateRootDir(nsIFile* *aResult) rv = localDir->AppendNative(NS_LITERAL_CSTRING("TorBrowser")); NS_ENSURE_SUCCESS(rv, rv); rv = localDir->AppendNative(NS_LITERAL_CSTRING("UpdateInfo")); +#endif NS_ENSURE_SUCCESS(rv, rv); #else nsCOMPtr<nsIFile> appRootDirFile; diff --git a/tools/update-packaging/common.sh b/tools/update-packaging/common.sh index 6733679..5af9e27 100755 --- a/tools/update-packaging/common.sh +++ b/tools/update-packaging/common.sh @@ -8,6 +8,10 @@ # Author: Darin Fisher # +# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms, +# we should remove all lines in this file that contain: +# TorBrowser/Data + # ----------------------------------------------------------------------------- QUIET=0 diff --git a/tools/update-packaging/make_full_update.sh b/tools/update-packaging/make_full_update.sh index 3578ae4..f0bd7f6 100755 --- a/tools/update-packaging/make_full_update.sh +++ b/tools/update-packaging/make_full_update.sh @@ -10,12 +10,6 @@ . $(dirname "$0")/common.sh -# TODO: it would be better to pass this as a command line option. -# Make sure we delete the pre 5.1.0 HTTPS Everywhere as well in case it -# exists. The extension ID got changed with the version bump to 5.1.0. -ext_path='TorBrowser/Data/Browser/profile.default/extensions' -directories_to_remove="$ext_path/https-everywhere(a)eff.org $ext_path/https-everywhere-eff(a)eff.org" - # ----------------------------------------------------------------------------- print_usage() { @@ -77,6 +71,18 @@ fi list_files files list_symlinks symlinks symlink_targets +# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms, +# we should remove the following lines: +# Make sure we delete the pre 5.1.0 HTTPS Everywhere as well in case it +# exists. The extension ID got changed with the version bump to 5.1.0. +ext_path='TorBrowser/Data/Browser/profile.default/extensions' +if [ -d "$ext_dir" ]; then + directories_to_remove="$ext_path/https-everywhere(a)eff.org $ext_path/https-everywhere-eff(a)eff.org" +else + directories_to_remove="" +fi +# END TOR_BROWSER_DATA_OUTSIDE_APP_DIR removal + popd # Add the type of update to the beginning of the update manifests. @@ -88,6 +94,8 @@ notice " type complete" echo "type \"complete\"" >> "$updatemanifestv2" echo "type \"complete\"" >> "$updatemanifestv3" +# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms, +# we should remove the following lines: # If removal of any old, existing directories is desired, emit the appropriate # rmrfdir commands. notice "" @@ -100,6 +108,7 @@ for dir_to_remove in $directories_to_remove; do echo "rmrfdir \"$dir_to_remove\"" >> "$updatemanifestv2" echo "rmrfdir \"$dir_to_remove\"" >> "$updatemanifestv3" done +# END TOR_BROWSER_DATA_OUTSIDE_APP_DIR removal notice "" notice "Adding file add instructions to update manifests" diff --git a/tools/update-packaging/make_incremental_update.sh b/tools/update-packaging/make_incremental_update.sh index c803809..15af172 100755 --- a/tools/update-packaging/make_incremental_update.sh +++ b/tools/update-packaging/make_incremental_update.sh @@ -63,6 +63,8 @@ check_for_forced_update() { return 0; fi +# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms, +# we should remove the following lines: # If the file in the skip list ends with /*, do a prefix match. # This allows TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff(a)eff.org/* # to be used to force all HTTPS Everywhere files to be updated. @@ -74,6 +76,7 @@ check_for_forced_update() { return 0; fi fi +# END TOR_BROWSER_DATA_OUTSIDE_APP_DIR removal done ## 'false'... because this is bash. Oh yay! return 1; @@ -84,6 +87,8 @@ if [ $# = 0 ]; then exit 1 fi +# Firefox uses requested_forced_updates='Contents/MacOS/firefox' due to +# 770996 but in Tor Browser we do not need that fix. requested_forced_updates="" directories_to_remove="" @@ -120,40 +125,45 @@ updatemanifestv2="$workdir/updatev2.manifest" updatemanifestv3="$workdir/updatev3.manifest" archivefiles="updatev2.manifest updatev3.manifest" +# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms, +# we should remove the following lines: # If the NoScript or HTTPS Everywhere extensions have changed between # releases, add them to the "force updates" list. ext_path='TorBrowser/Data/Browser/profile.default/extensions' -https_everywhere='https-everywhere-eff(a)eff.org' -noscript='{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi' - -# NoScript is a packed extension, so we simply compare the old and the new -# .xpi files. -noscript_path="$ext_path/$noscript" -diff -a "$olddir/$noscript_path" "$newdir/$noscript_path" > /dev/null -rc=$? -if [ $rc -gt 1 ]; then - notice "Unexpected exit $rc from $noscript_path diff command" - exit 2 -elif [ $rc -eq 1 ]; then - requested_forced_updates="$requested_forced_updates $noscript_path" -fi +if [ -d "$newdir/$ext_path" ]; then + https_everywhere='https-everywhere-eff(a)eff.org' + noscript='{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi' + + # NoScript is a packed extension, so we simply compare the old and the new + # .xpi files. + noscript_path="$ext_path/$noscript" + diff -a "$olddir/$noscript_path" "$newdir/$noscript_path" > /dev/null + rc=$? + if [ $rc -gt 1 ]; then + notice "Unexpected exit $rc from $noscript_path diff command" + exit 2 + elif [ $rc -eq 1 ]; then + requested_forced_updates="$requested_forced_updates $noscript_path" + fi -# HTTPS Everywhere is an unpacked extension, so we need to determine if any of -# the unpacked files have changed. Since that is messy, we simply compare the -# old extension's install.rdf file to the new one. -https_everywhere_install_rdf="$ext_path/$https_everywhere/install.rdf" -diff "$olddir/$https_everywhere_install_rdf" \ - "$newdir/$https_everywhere_install_rdf" > /dev/null -rc=$? -if [ $rc -gt 1 -a -e "$olddir/$https_everywhere_install_rdf" ]; then - notice "Unexpected exit $rc from $https_everywhere_install_rdf diff command" - exit 2 -elif [ $rc -ge 1 ]; then - requested_forced_updates="$requested_forced_updates $ext_path/$https_everywhere/*" - # Make sure we delete the pre 5.1.0 HTTPS Everywhere as well in case it - # exists. The extension ID got changed with the version bump to 5.1.0. - directories_to_remove="$directories_to_remove $ext_path/https-everywhere(a)eff.org $ext_path/$https_everywhere" + # HTTPS Everywhere is an unpacked extension, so we need to determine if any of + # the unpacked files have changed. Since that is messy, we simply compare the + # old extension's install.rdf file to the new one. + https_everywhere_install_rdf="$ext_path/$https_everywhere/install.rdf" + diff "$olddir/$https_everywhere_install_rdf" \ + "$newdir/$https_everywhere_install_rdf" > /dev/null + rc=$? + if [ $rc -gt 1 -a -e "$olddir/$https_everywhere_install_rdf" ]; then + notice "Unexpected exit $rc from $https_everywhere_install_rdf diff command" + exit 2 + elif [ $rc -ge 1 ]; then + requested_forced_updates="$requested_forced_updates $ext_path/$https_everywhere/*" + # Make sure we delete the pre 5.1.0 HTTPS Everywhere as well in case it + # exists. The extension ID got changed with the version bump to 5.1.0. + directories_to_remove="$directories_to_remove $ext_path/https-everywhere(a)eff.org $ext_path/$https_everywhere" + fi fi +# END TOR_BROWSER_DATA_OUTSIDE_APP_DIR removal mkdir -p "$workdir" @@ -196,6 +206,8 @@ notice " type partial" echo "type \"partial\"" >> "$updatemanifestv2" echo "type \"partial\"" >> "$updatemanifestv3" +# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms, +# we should remove the following lines: # If removal of any old, existing directories is desired, emit the appropriate # rmrfdir commands. notice "" @@ -208,6 +220,7 @@ for dir_to_remove in $directories_to_remove; do echo "rmrfdir \"$dir_to_remove\"" >> "$updatemanifestv2" echo "rmrfdir \"$dir_to_remove\"" >> "$updatemanifestv3" done +# END TOR_BROWSER_DATA_OUTSIDE_APP_DIR removal notice "" notice "Adding file patch and add instructions to update manifests"

1 0

[tor-browser-bundle/master] Bug 13252: Do not store data in the app bundle
by gk＠torproject.org 19 Mar '16

19 Mar '16

commit de8b74299c2235cfe42d04df15b621b8807903e2 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Fri Mar 18 13:05:52 2016 -0400 Bug 13252: Do not store data in the app bundle On Mac OS, set DATA_OUTSIDE_APP_DIR=1 for alpha builds. When this option is enabled, the package layout is altered to be compatible with Apple's Gatekeeper code signing. All user data will be created in a TorBrowser-Data directory which sits next to the app bundle and all code (and only code) is placed under Contents/MacOS. Currently, FTE is not included when DATA_OUTSIDE_APP_DIR=1 because FTE needs to be repackaged to separate the Python scripts from the compiled libraries (see bug 18495). --- Bundle-Data/mac-tor.sh | 4 + gitian/descriptors/mac/gitian-bundle.yml | 100 ++++++++++++++------- .../mac/gitian-pluggable-transports.yml | 57 ++++++++---- gitian/descriptors/mac/gitian-tor.yml | 23 +++-- gitian/mkbundle-mac.sh | 40 +++++++-- gitian/versions.alpha | 3 + 6 files changed, 163 insertions(+), 64 deletions(-) diff --git a/Bundle-Data/mac-tor.sh b/Bundle-Data/mac-tor.sh index 03d6f9d..78b3348 100755 --- a/Bundle-Data/mac-tor.sh +++ b/Bundle-Data/mac-tor.sh @@ -8,4 +8,8 @@ export DYLD_LIBRARY_PATH=.:$DYLD_LIBRARY_PATH # otherwise set to "/" when an application bundle is started from Finder. # https://trac.torproject.org/projects/tor/ticket/10030 cd "$(dirname "$0")" +if [ ! -f tor.real -a -d ../../../MacOS/Tor ]; then + # On newer releases of Tor Browser, tor.real is in Contents/MacOS/Tor/. + cd ../../../MacOS/Tor +fi exec ./tor.real "$@" diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index 0199cca..aa6a09d 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -69,6 +69,22 @@ script: | export TORBROWSER_APP="TorBrowser" export TORBROWSER_NAME="TorBrowserBundle" + if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then + DOCSPATH=Contents/Resources/TorBrowser/Docs + EXTSPATH=Contents/Resources/distribution/extensions + TORBINPATH=Contents/MacOS/Tor + TORCONFIGPATH=Contents/Resources/TorBrowser/Tor + EXTOVERRIDESPATH=Contents/Resources/distribution/preferences//extension-overrides.js + MEEKPROFILEPATH=Contents/Resources/TorBrowser/Tor/PluggableTransports/template-profile.meek-http-helper + else + DOCSPATH=TorBrowser/Docs + EXTSPATH=TorBrowser/Data/Browser/profile.default/extensions + TORBINPATH=TorBrowser/Tor + TORCONFIGPATH=TorBrowser/Data/Tor + EXTOVERRIDESPATH=TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js + MEEKPROFILEPATH=TorBrowser/Data/Browser/profile.meek-http-helper + fi + # Building libfaketime. cd faketime make @@ -83,10 +99,9 @@ script: | MARTOOLS=~/build/mar-tools # mkdir -p $OUTDIR/ - mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff(a)eff.org - mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions - mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/Caches - mkdir -p $TORBROWSER_NAME.app/TorBrowser/Docs/sources + mkdir -p $TORBROWSER_NAME.app/$EXTSPATH/https-everywhere-eff(a)eff.org + mkdir -p $TORBROWSER_NAME.app/$MEEKPROFILEPATH/extensions + mkdir -p $TORBROWSER_NAME.app/$DOCSPATH/sources mkdir -p $TORBROWSER_NAME.app/Contents/MacOS mkdir -p dmg # @@ -97,7 +112,7 @@ script: | mkdir pkg/tmp cd pkg/tmp unzip ../*.xpi - ~/build/dzip.sh ../../../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher(a)torproject.org.xpi . + ~/build/dzip.sh ../../../$TORBROWSER_NAME.app/$EXTSPATH/tor-launcher(a)torproject.org.xpi . cd ../../../ # cd torbutton @@ -107,7 +122,7 @@ script: | mkdir pkg/tmp cd pkg/tmp unzip ../*.xpi - ~/build/dzip.sh ../../../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/torbutton(a)torproject.org.xpi . + ~/build/dzip.sh ../../../$TORBROWSER_NAME.app/$EXTSPATH/torbutton(a)torproject.org.xpi . cd ../../../ # cd https-everywhere @@ -120,11 +135,11 @@ script: | ./makexpi.sh # Since 5.0.2 a .xpi for AMO is built, too. We don't need it. rm ./pkg/*-amo.xpi - cp pkg/*.xpi ../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org.xpi + cp pkg/*.xpi ../$TORBROWSER_NAME.app/$EXTSPATH/https-everywhere(a)eff.org.xpi cd .. # - cp *.xpi ./$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/ - cd $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/ + cp *.xpi ./$TORBROWSER_NAME.app/$EXTSPATH/ + cd $TORBROWSER_NAME.app/$EXTSPATH/ mv noscript(a)noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi cd https-everywhere-eff(a)eff.org unzip ../https-everywhere(a)eff.org.xpi @@ -132,7 +147,7 @@ script: | cd ~/build/ # cd meek/firefox - ~/build/dzip.sh ../../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions/meek-http-helper(a)bamsoftware.com.xpi . + ~/build/dzip.sh ../../$TORBROWSER_NAME.app/$MEEKPROFILEPATH/extensions/meek-http-helper(a)bamsoftware.com.xpi . cd ~/build/ # # Install fonts. @@ -154,23 +169,30 @@ script: | fi cd $TORBROWSER_NAME.app unzip ~/build/mac-skeleton.zip - cd TorBrowser + if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then + mv bookmarks.html ~/build + fi + cd $DOCSPATH/.. unzip ~/build/tbb-docs.zip + cd - if [ $BUILD_PT_BUNDLES ]; then - cat ~/build/torrc-defaults-appendix-mac >> Data/Tor/torrc-defaults - cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js - cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js + cat ~/build/torrc-defaults-appendix-mac >> $TORCONFIGPATH/torrc-defaults + cat ~/build/bridge_prefs.js >> $EXTOVERRIDESPATH + cat ~/build/meek-http-helper-user.js >> $MEEKPROFILEPATH/user.js fi # Install a "tor" shim that sets the working directory. See #10030. - mv Tor/tor Tor/tor.real - cp ~/build/mac-tor.sh Tor/tor - cd .. + mv $TORBINPATH/tor $TORBINPATH/tor.real + if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then + cp ~/build/mac-tor.sh $TORCONFIGPATH/tor + else + cp ~/build/mac-tor.sh $TORBINPATH/tor + fi unzip ~/build/tor-browser-mac$GBUILD_BITS-gbuilt.zip cd .. # # Copy reproducibility info - cp versions $TORBROWSER_NAME.app/TorBrowser/Docs/sources/ - cp bundle.inputs $TORBROWSER_NAME.app/TorBrowser/Docs/sources/ + cp versions $TORBROWSER_NAME.app/$DOCSPATH/sources/ + cp bundle.inputs $TORBROWSER_NAME.app/$DOCSPATH/sources/ # # Set up DMG skeleton cd libdmg-hfsplus @@ -186,20 +208,33 @@ script: | pushd $TORBROWSER_NAME.app/Contents/Resources/browser/ unzip omni.ja defaults/preferences/000-tor-browser.js cp defaults/preferences/000-tor-browser.js ~/build/ + if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then + # Embed our default bookmarks. + mkdir -p defaults/profile/ + cp -p ~/build/bookmarks.html defaults/profile/ + zip -Xm omni.ja defaults/profile/bookmarks.html + fi # Set the locale of the bundle. echo "pref(\"general.useragent.locale\", \"en-US\");" >> defaults/preferences/000-tor-browser.js zip -Xm omni.ja defaults/preferences/000-tor-browser.js rm -rf defaults popd - # Install a headless copy of TorBrowser.app, with a modified Info.plist so - # that it runs without a dock icon. See #11429. - pushd $TORBROWSER_NAME.app/TorBrowser/Tor/PluggableTransports - mkdir -p TorBrowser.app.meek-http-helper/Contents - (cd TorBrowser.app.meek-http-helper/Contents && ln -s ../../../../../Contents/* .) - rm -f TorBrowser.app.meek-http-helper/Contents/Info.plist - ~/build/background-plist.py ../../../Contents/Info.plist > TorBrowser.app.meek-http-helper/Contents/Info.plist - unzip ~/build/TorBrowser.app.meek-http-helper.zip - popd + if [ "z$DATA_OUTSIDE_APP_DIR" != "z1" ]; then + # Install a headless copy of TorBrowser.app, with a modified Info.plist so + # that it runs without a dock icon. See #11429. + # When DATA_OUTSIDE_APP_DIR is set, this approach is not used because it + # is incompatible with Apple's Gatekeeper signing process. Instead, + # firefox has been modified to accept an --invisible command line option + # that causes it to hide the dock icon when running as the meek http + # helper browser (meek-client-torbrowser invokes firefox with --invisible). + pushd $TORBROWSER_NAME.app/TorBrowser/Tor/PluggableTransports + mkdir -p TorBrowser.app.meek-http-helper/Contents + (cd TorBrowser.app.meek-http-helper/Contents && ln -s ../../../../../Contents/* .) + rm -f TorBrowser.app.meek-http-helper/Contents/Info.plist + ~/build/background-plist.py ../../../Contents/Info.plist > TorBrowser.app.meek-http-helper/Contents/Info.plist + unzip ~/build/TorBrowser.app.meek-http-helper.zip + popd + fi unzip mac-langpacks.zip MAC_LOCALES="$BUNDLE_LOCALES $BUNDLE_LOCALES_MAC" @@ -212,7 +247,7 @@ script: | for LANG in $MAC_LOCALES do xpi=$LANG.xpi - cp $xpi ~/build/$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/langpack-$LANG(a)firefox.mozilla.org.xpi + cp $xpi ~/build/$TORBROWSER_NAME.app/$EXTSPATH/langpack-$LANG(a)firefox.mozilla.org.xpi done popd @@ -223,10 +258,7 @@ script: | zip -Xm omni.ja update.locale popd fi - # - # XXX: We need to insert these placeholders because otherwise mkisofs won't - # include these otherwise empty dirs: - touch ~/build/$TORBROWSER_NAME.app/TorBrowser/Data/Browser/Caches/placeholder.txt + # Recreate precomplete file (needs to be accurate for full MAR updates). pushd ~/build/$TORBROWSER_NAME.app/Contents/Resources/ rm -f precomplete @@ -249,7 +281,7 @@ script: | xpi=mac-langpacks/$LANG.xpi DEST=$TORBROWSER_APP cp -a ${TORBROWSER_NAME}_plain.app ~/build/dmg/$DEST.app - cp $xpi ~/build/dmg/$DEST.app/TorBrowser/Data/Browser/profile.default/extensions/langpack-$LANG(a)firefox.mozilla.org.xpi + cp $xpi ~/build/dmg/$DEST.app/$EXTSPATH/langpack-$LANG(a)firefox.mozilla.org.xpi pushd ~/build/dmg/$DEST.app/Contents/Resources/browser/ mkdir -p defaults/preferences diff --git a/gitian/descriptors/mac/gitian-pluggable-transports.yml b/gitian/descriptors/mac/gitian-pluggable-transports.yml index fd62919..5a578ba 100644 --- a/gitian/descriptors/mac/gitian-pluggable-transports.yml +++ b/gitian/descriptors/mac/gitian-pluggable-transports.yml @@ -39,6 +39,7 @@ remotes: - "url": "https://git.torproject.org/pluggable-transports/obfs4.git" "dir": "obfs4" files: +- "versions" - "pycrypto.tar.gz" - "argparse.tar.gz" - "pyyaml.tar.gz" @@ -53,8 +54,20 @@ files: - "openssl-mac64-utils.zip" script: | INSTDIR="$HOME/install" - TBDIR="$INSTDIR/TorBrowserBundle.app/TorBrowser" - PTDIR="$TBDIR/Tor/PluggableTransports" + source versions + TBDIR="$INSTDIR/TorBrowserBundle.app" + if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then + PTDIR="$TBDIR/Contents/MacOS/Tor/PluggableTransports" + DOCSDIR="$TBDIR/Contents/Resources/TorBrowser/Docs" + TORBINDIR="$TBDIR/Contents/MacOS/Tor" + # TODO: Fix packaging of fte so it can be included. See bug 18495. + INCLUDE_FTE=0 + else + PTDIR="$TBDIR/TorBrowser/Tor/PluggableTransports" + DOCSDIR="$TBDIR/TorBrowser/Docs" + TORBINDIR="$TBDIR/TorBrowser/Tor" + INCLUDE_FTE=1 + fi export LIBRARY_PATH="$INSTDIR/lib" export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 export FAKETIME=$REFERENCE_DATETIME @@ -68,10 +81,15 @@ script: | sudo dpkg -i *.deb tar xaf multiarch-darwin*tar.xz export PATH="$PATH:$HOME/build/apple-osx/bin/" - unzip -d $INSTDIR gmp-mac64-utils.zip - unzip -d $INSTDIR openssl-mac64-utils.zip - # FTE only needs libgmp.10.dylib and no libgmpxx anymore. - cp $INSTDIR/gmp/lib/libgmp.10.dylib $TBDIR/Tor/ + if [ "z$INCLUDE_FTE" = "z1" ]; then + unzip -d $INSTDIR gmp-mac64-utils.zip + unzip -d $INSTDIR openssl-mac64-utils.zip + # FTE only needs libgmp.10.dylib and no libgmpxx anymore. + cp $INSTDIR/gmp/lib/libgmp.10.dylib $TORBINDIR/ + FTE_EXTRA_CFLAGS=" -I$INSTDIR/gmp/include -L$INSTDIR/gmp/lib" + else + FTE_EXTRA_CFLAGS="" + fi # export AR=$HOME/build/apple-osx/bin/i686-apple-darwin11-ar @@ -80,8 +98,8 @@ script: | # http://bugs.python.org/issue9437 export LDSHARED="$CC -pthread -shared" # XXX Clean up these flags? - export CFLAGS="-m64 -I/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/include/ -I/usr/lib/gcc/i686-apple-darwin10/4.2.1/include/ -I. -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5 -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/i686-apple-darwin10/4.2.1 -I$INSTDIR/gmp/include -L$INSTDIR/gmp/lib" - export CXXFLAGS="-m64 -I/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/include/ -I/usr/lib/gcc/i686-apple-darwin10/4.2.1/include/ -I. -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5 -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/i686-apple-darwin10/4.2.1 -I$INSTDIR/gmp/include -L$INSTDIR/gmp/lib" + export CFLAGS="-m64 -I/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/include/ -I/usr/lib/gcc/i686-apple-darwin10/4.2.1/include/ -I. -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5 -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/i686-apple-darwin10/4.2.1$FTE_EXTRA_CFLAGS" + export CXXFLAGS="-m64 -I/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/include/ -I/usr/lib/gcc/i686-apple-darwin10/4.2.1/include/ -I. -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5 -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/i686-apple-darwin10/4.2.1$FTE_EXTRA_CFLAGS" export LDFLAGS="-L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5" # Building go @@ -100,6 +118,8 @@ script: | cd ../.. export PATH="$PATH:$PWD/go/bin" + if [ "z$INCLUDE_FTE" = "z1" ]; then + # Building pyptlib cd pyptlib find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" @@ -179,8 +199,8 @@ script: | python setup.py build --build-lib build cp -a build/obfsproxy $PTDIR/ cp -a bin/obfsproxy $PTDIR/obfsproxy.bin - mkdir -p $TBDIR/Docs/Obfsproxy - cp -a {LICENSE,README} $TBDIR/Docs/Obfsproxy + mkdir -p $DOCSDIR/Obfsproxy + cp -a {LICENSE,README} $DOCSDIR/Obfsproxy # XXX: Workaround for bug 11190 sed 's/python2/python/' -i $PTDIR/obfsproxy.bin cd .. @@ -190,9 +210,9 @@ script: | find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" CFLAGS="-L$INSTDIR/Tor -I$INSTDIR/gmp/include $CFLAGS" CXXFLAGS="-L$INSTDIR/Tor -I$INSTDIR/gmp/include $CXXFLAGS" make cp -ra fte $PTDIR/ - mkdir -p $TBDIR/Docs/libfte - cp -a {LICENSE,README.md} $TBDIR/Docs/libfte - cp -an thirdparty/re2/LICENSE $TBDIR/Docs/libfte/LICENSE.re2 + mkdir -p $DOCSDIR/libfte + cp -a {LICENSE,README.md} $DOCSDIR/libfte + cp -an thirdparty/re2/LICENSE $DOCSDIR/libfte/LICENSE.re2 cd .. # Building fteproxy @@ -200,10 +220,13 @@ script: | find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" cp -a bin/fteproxy $PTDIR/fteproxy.bin cp -ra fteproxy $PTDIR/ - mkdir -p $TBDIR/Docs/fteproxy - cp -a {COPYING,README.md} $TBDIR/Docs/fteproxy + mkdir -p $DOCSDIR/fteproxy + cp -a {COPYING,README.md} $DOCSDIR/fteproxy cd .. + fi + # end of 'INCLUDE_FTE' section + # Building goptlib cd goptlib find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" @@ -225,8 +248,8 @@ script: | go build -ldflags '-s' cp -a meek-client-torbrowser $PTDIR cd .. - mkdir -p $TBDIR/Docs/meek - cp -a README doc/*.1 $TBDIR/Docs/meek + mkdir -p $DOCSDIR/meek + cp -a README doc/*.1 $DOCSDIR/meek cd .. # Building go ed25519 diff --git a/gitian/descriptors/mac/gitian-tor.yml b/gitian/descriptors/mac/gitian-tor.yml index a6824c0..bbcf8c3 100644 --- a/gitian/descriptors/mac/gitian-tor.yml +++ b/gitian/descriptors/mac/gitian-tor.yml @@ -22,8 +22,15 @@ files: - "libevent-mac64-utils.zip" script: | INSTDIR="$HOME/install" - TBDIR="$INSTDIR/TorBrowserBundle.app/TorBrowser" source versions + TBDIR="$INSTDIR/TorBrowserBundle.app" + if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then + TORBINDIR="$TBDIR/Contents/MacOS/Tor" + TORCONFIGDIR="$TBDIR/Contents/Resources/TorBrowser/Tor" + else + TORBINDIR="$TBDIR/TorBrowser/Tor" + TORCONFIGDIR="$TBDIR/TorBrowser/Data/Tor" + fi export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 export FAKETIME=$REFERENCE_DATETIME export TZ=UTC @@ -31,8 +38,8 @@ script: | umask 0022 # mkdir -p $INSTDIR/bin/ - mkdir -p $TBDIR/Tor/ - mkdir -p $TBDIR/Data/Tor/ + mkdir -p $TORBINDIR/ + mkdir -p $TORCONFIGDIR/ mkdir -p $OUTDIR/ # sudo dpkg -i *.deb @@ -40,7 +47,7 @@ script: | export PATH="$PATH:$HOME/build/apple-osx/bin/" unzip -d $INSTDIR openssl-mac64-utils.zip unzip -d $INSTDIR libevent-mac64-utils.zip - cp $INSTDIR/libevent/lib/libevent-*.dylib $TBDIR/Tor/ + cp $INSTDIR/libevent/lib/libevent-*.dylib $TORBINDIR/ LIBEVENT_FILE=`basename $INSTDIR/libevent/lib/libevent-*.dylib` # Building tor @@ -57,10 +64,10 @@ script: | make $MAKEOPTS make install cd $INSTDIR - cp bin/tor $TBDIR/Tor/ - cp share/tor/geoip $TBDIR/Data/Tor/ - cp share/tor/geoip6 $TBDIR/Data/Tor/ - cd $TBDIR/Tor/ + cp bin/tor $TORBINDIR/ + cp share/tor/geoip $TORCONFIGDIR/ + cp share/tor/geoip6 $TORCONFIGDIR/ + cd $TORBINDIR/ i686-apple-darwin11-install_name_tool -change $INSTDIR/libevent/lib/$LIBEVENT_FILE @executable_path/$LIBEVENT_FILE tor # Grabbing the result diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh index 39dac5f..682e02f 100755 --- a/gitian/mkbundle-mac.sh +++ b/gitian/mkbundle-mac.sh @@ -55,15 +55,45 @@ rm -f $GITIAN_DIR/inputs/tbb-docs.zip $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/tbb-docs.zip ./Docs/ rm -f $GITIAN_DIR/inputs/TorBrowser.app.meek-http-helper.zip (cd PTConfigs/mac && $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/TorBrowser.app.meek-http-helper.zip TorBrowser.app.meek-http-helper) -cp PTConfigs/mac/torrc-defaults-appendix $GITIAN_DIR/inputs/torrc-defaults-appendix-mac -cp PTConfigs/bridge_prefs.js $GITIAN_DIR/inputs/ +if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then +# FTE is temporarily disabled due to bug 18495. + grep -v 'fteproxy' PTConfigs/mac/torrc-defaults-appendix > $GITIAN_DIR/inputs/torrc-defaults-appendix-mac + grep -v 'default_bridge\.fte' PTConfigs/bridge_prefs.js > $GITIAN_DIR/inputs/bridge_prefs.js +else + cp PTConfigs/mac/torrc-defaults-appendix $GITIAN_DIR/inputs/torrc-defaults-appendix-mac + cp PTConfigs/bridge_prefs.js $GITIAN_DIR/inputs/ +fi cp PTConfigs/meek-http-helper-user.js $GITIAN_DIR/inputs/ cp mac-tor.sh $GITIAN_DIR/inputs/ -cd mac rm -f $GITIAN_DIR/inputs/mac-skeleton.zip -$WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/mac-skeleton.zip . -cd ../mac-desktop.dmg +if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then + # The Bundle-Data is designed for embedded data, so we need to modify + # the structure when we want the data to be outside the app directory. + # We also create an override.ini file to disable the profile migrator. + SKELETON_TMP=$GITIAN_DIR/inputs/mac-skeleton-tmp + SKELETON_TMP_RESOURCES=$SKELETON_TMP/Contents/Resources + rm -rf $SKELETON_TMP + mkdir -p $SKELETON_TMP_RESOURCES/browser + echo "[XRE]" > $SKELETON_TMP_RESOURCES/browser/override.ini + echo "EnableProfileMigrator=0" >> $SKELETON_TMP_RESOURCES/browser/override.ini + mkdir -p $SKELETON_TMP_RESOURCES/distribution/preferences + cp -p mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js $SKELETON_TMP_RESOURCES/distribution/preferences + mkdir -p $SKELETON_TMP_RESOURCES/TorBrowser/Tor + cp -p mac/TorBrowser/Data/Tor/torrc-defaults $SKELETON_TMP_RESOURCES/TorBrowser/Tor/ + # Place a copy of the bookmarks.html file at the top. It will be moved into + # browser/omni.ja by code inside descriptors/mac/gitian-bundle.yml + cp -p mac/TorBrowser/Data/Browser/profile.default/bookmarks.html $SKELETON_TMP + cd $SKELETON_TMP + $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/mac-skeleton.zip . + cd - +else + cd mac + $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/mac-skeleton.zip . + cd - +fi + +cd mac-desktop.dmg rm -f $GITIAN_DIR/inputs/dmg-desktop.tar.xz $WRAPPER_DIR/build-helpers/dtar.sh $GITIAN_DIR/inputs/dmg-desktop.tar.xz . cd ../mac-applications.dmg diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 4c6f016..06584b4 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -5,6 +5,9 @@ BUNDLE_LOCALES_WIN32="ja" BUNDLE_LOCALES_MAC="ja-JP-mac" BUILD_PT_BUNDLES=1 +# DATA_OUTSIDE_APP_DIR is only implemented for Mac OS. +DATA_OUTSIDE_APP_DIR=1 + VERIFY_TAGS=1 FIREFOX_VERSION=38.7.1esr

1 0

[tor-browser-bundle/master] Bug 18455: modify Tor Browser packaging to avoid language prompt.
by gk＠torproject.org 19 Mar '16

19 Mar '16

commit fef35058f76c5605fd631ff86f65adfa9bb78be7 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Fri Mar 18 15:03:55 2016 -0400 Bug 18455: modify Tor Browser packaging to avoid language prompt. When not building a multi-lingual bundle, disable Tor Launcher's language prompt by appending these two preference values to the extension-overrides.js file: intl.locale.matchOS = false extensions.torlauncher.prompt_for_locale = false --- gitian/descriptors/linux/gitian-bundle.yml | 8 +++++++- gitian/descriptors/mac/gitian-bundle.yml | 5 +++++ gitian/descriptors/windows/gitian-bundle.yml | 8 +++++++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml index 28e94b4..28bd006 100644 --- a/gitian/descriptors/linux/gitian-bundle.yml +++ b/gitian/descriptors/linux/gitian-bundle.yml @@ -159,12 +159,18 @@ script: | unzip ~/build/tor-linux$GBUILD_BITS-gbuilt.zip unzip ~/build/linux-skeleton.zip unzip ~/build/tbb-docs.zip + EXTOVERRIDESPATH=Data/Browser/profile.default/preferences/extension-overrides.js if [ $BUILD_PT_BUNDLES ]; then unzip ~/build/pluggable-transports-linux$GBUILD_BITS-gbuilt.zip cat ~/build/torrc-defaults-appendix-linux >> Data/Tor/torrc-defaults - cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js + cat ~/build/bridge_prefs.js >> $EXTOVERRIDESPATH cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js fi + # If not building a multi-lingual package, suppress the language prompt. + if [ "z$MULTI_LINGUAL" != "z1" ]; then + echo 'pref("extensions.torlauncher.prompt_for_locale", false);' >> $EXTOVERRIDESPATH + echo 'pref("intl.locale.matchOS", false);' >> $EXTOVERRIDESPATH + fi chmod 700 Data/Browser chmod 700 Data/Tor cd ../../.. diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index aa6a09d..a7ef7bc 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -180,6 +180,11 @@ script: | cat ~/build/bridge_prefs.js >> $EXTOVERRIDESPATH cat ~/build/meek-http-helper-user.js >> $MEEKPROFILEPATH/user.js fi + # If not building a multi-lingual package, suppress the language prompt. + if [ "z$MULTI_LINGUAL" != "z1" ]; then + echo 'pref("extensions.torlauncher.prompt_for_locale", false);' >> $EXTOVERRIDESPATH + echo 'pref("intl.locale.matchOS", false);' >> $EXTOVERRIDESPATH + fi # Install a "tor" shim that sets the working directory. See #10030. mv $TORBINPATH/tor $TORBINPATH/tor.real if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml index 51565bf..5a165a7 100644 --- a/gitian/descriptors/windows/gitian-bundle.yml +++ b/gitian/descriptors/windows/gitian-bundle.yml @@ -140,12 +140,18 @@ script: | unzip ~/build/tor-win32-gbuilt.zip unzip ~/build/windows-skeleton.zip unzip ~/build/tbb-docs.zip + EXTOVERRIDESPATH=Data/Browser/profile.default/preferences/extension-overrides.js if [ $BUILD_PT_BUNDLES ]; then unzip ~/build/pluggable-transports-win32-gbuilt.zip cat ~/build/torrc-defaults-appendix-windows >> Data/Tor/torrc-defaults - cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js + cat ~/build/bridge_prefs.js >> $EXTOVERRIDESPATH cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js fi + # If not building a multi-lingual package, suppress the language prompt. + if [ "z$MULTI_LINGUAL" != "z1" ]; then + echo 'pref("extensions.torlauncher.prompt_for_locale", false);' >> $EXTOVERRIDESPATH + echo 'pref("intl.locale.matchOS", false);' >> $EXTOVERRIDESPATH + fi cd ../../.. # # Copy reproducibility info

1 0

[tor-launcher/master] Bug 13252 - Do not store data in the app bundle
by gk＠torproject.org 19 Mar '16

19 Mar '16

commit 64d3139e72587372223d0795ca715991d7423adb Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Mon Mar 14 11:15:43 2016 -0400 Bug 13252 - Do not store data in the app bundle Add support for a "side-by-side" directory structure where the writable data is stored in the TorBrowser-Data/ directory next to the application directory. --- src/chrome/locale/en/torlauncher.properties | 6 +- src/components/tl-process.js | 232 +++++++++++++++++++++------- src/defaults/preferences/prefs.js | 9 +- 3 files changed, 184 insertions(+), 63 deletions(-) diff --git a/src/chrome/locale/en/torlauncher.properties b/src/chrome/locale/en/torlauncher.properties index 02be756..0ef4437 100644 --- a/src/chrome/locale/en/torlauncher.properties +++ b/src/chrome/locale/en/torlauncher.properties @@ -1,4 +1,4 @@ -### Copyright (c) 2014, The Tor Project, Inc. +### Copyright (c) 2016, The Tor Project, Inc. ### See LICENSE for licensing information. torlauncher.error_title=Tor Launcher @@ -13,8 +13,8 @@ torlauncher.tor_bootstrap_failed_details=%1$S failed (%2$S). torlauncher.unable_to_start_tor=Unable to start Tor.\n\n%S torlauncher.tor_missing=The Tor executable is missing. -torlauncher.torrc_missing=The torrc file is missing. -torlauncher.datadir_missing=The Tor data directory does not exist. +torlauncher.torrc_missing=The torrc file is missing and could not be created. +torlauncher.datadir_missing=The Tor data directory does not exist and could not be created. torlauncher.password_hash_missing=Failed to get hashed password. torlauncher.failed_to_get_settings=Unable to retrieve Tor settings.\n\n%S diff --git a/src/components/tl-process.js b/src/components/tl-process.js index bb327dc..ccbee12 100644 --- a/src/components/tl-process.js +++ b/src/components/tl-process.js @@ -1,4 +1,4 @@ -// Copyright (c) 2015, The Tor Project, Inc. +// Copyright (c) 2016, The Tor Project, Inc. // See LICENSE for licensing information. // // vim: set sw=2 sts=2 ts=8 et syntax=javascript: @@ -16,6 +16,8 @@ XPCOMUtils.defineLazyModuleGetter(this, "TorLauncherUtil", "resource://torlauncher/modules/tl-util.jsm"); XPCOMUtils.defineLazyModuleGetter(this, "TorLauncherLogger", "resource://torlauncher/modules/tl-logger.jsm"); +XPCOMUtils.defineLazyModuleGetter(this, "FileUtils", + "resource://gre/modules/FileUtils.jsm"); function TorProcessService() { @@ -287,7 +289,11 @@ TorProcessService.prototype = mProtocolSvc: null, mTorProcess: null, // nsIProcess mTorProcessStartTime: null, // JS Date.now() - mTorFileBaseDir: null, // nsIFile (cached) + // mIsUserDataOutsideOfAppDir is true when TorBrowser-Data is used. + // (cached; access via this._isUserDataOutsideOfAppDir) + mIsUserDataOutsideOfAppDir: undefined, + mAppDir: null, // nsIFile (cached; access via this._appDir) + mDataDir: null, // nsIFile (cached; access via this._dataDir) mControlConnTimer: null, mControlConnDelayMS: 0, mQuitSoon: false, // Quit was requested by the user; do so soon. @@ -305,10 +311,13 @@ TorProcessService.prototype = // Ideally, we would cd to the Firefox application directory before // starting tor (but we don't know how to do that). Instead, we // rely on the TBB launcher to start Firefox from the right place. - var exeFile = this._getTorFile("tor"); - var torrcFile = this._getTorFile("torrc"); - var torrcDefaultsFile = this._getTorFile("torrc-defaults"); - var dataDir = this._getTorFile("tordatadir"); + + // Get the Tor data directory first so it is created before we try to + // construct paths to files that will be inside it. + var dataDir = this._getTorFile("tordatadir", true); + var exeFile = this._getTorFile("tor", false); + var torrcFile = this._getTorFile("torrc", true); + var torrcDefaultsFile = this._getTorFile("torrc-defaults", false); var hashedPassword = this.mProtocolSvc.TorGetPassword(true); var detailsKey; @@ -331,11 +340,13 @@ TorProcessService.prototype = return; } - var geoipFile = dataDir.clone(); - geoipFile.append("geoip"); - var geoip6File = dataDir.clone(); - geoip6File.append("geoip6"); + // The geoip and geoip6 files are in the same directory as torrc-defaults. + var geoipFile = torrcDefaultsFile.clone(); + geoipFile.leafName = "geoip"; + + var geoip6File = torrcDefaultsFile.clone(); + geoip6File.leafName = "geoip6"; var args = []; if (torrcDefaultsFile) @@ -663,25 +674,65 @@ TorProcessService.prototype = }, // Returns an nsIFile. - // If file doesn't exist, null is returned. - _getTorFile: function(aTorFileType) + // If aCreate is true and the file doesn't exist, it is created. + _getTorFile: function(aTorFileType, aCreate) { if (!aTorFileType) return null; - var isRelativePath = true; - var prefName = "extensions.torlauncher." + aTorFileType + "_path"; - var path = TorLauncherUtil.getCharPref(prefName); + let isRelativePath = true; + let isUserData = (aTorFileType != "tor") && + (aTorFileType != "torrc-defaults"); + let prefName = "extensions.torlauncher." + aTorFileType + "_path"; + let path = TorLauncherUtil.getCharPref(prefName); if (path) { - var re = (TorLauncherUtil.isWindows) ? /^[A-Za-z]:\\/ : /^\//; + let re = (TorLauncherUtil.isWindows) ? /^[A-Za-z]:\\/ : /^\//; isRelativePath = !re.test(path); } else { // Get default path. - if (TorLauncherUtil.isWindows) + if (this._isUserDataOutsideOfAppDir) { + // This block is used for the TorBrowser-Data/ case. + if (TorLauncherUtil.isWindows) + { + if ("tor" == aTorFileType) + path = "TorBrowser\\Tor\\tor.exe"; + else if ("torrc-defaults" == aTorFileType) + path = "TorBrowser\\Tor\\torrc-defaults"; + else if ("torrc" == aTorFileType) + path = "Tor\\torrc"; + else if ("tordatadir" == aTorFileType) + path = "Tor"; + } + else if (TorLauncherUtil.isMac) + { + if ("tor" == aTorFileType) + path = "Contents/Resources/TorBrowser/Tor/tor"; + else if ("torrc-defaults" == aTorFileType) + path = "Contents/Resources/TorBrowser/Tor/torrc-defaults"; + else if ("torrc" == aTorFileType) + path = "Tor/torrc"; + else if ("tordatadir" == aTorFileType) + path = "Tor"; + } + else // Linux and others. + { + if ("tor" == aTorFileType) + path = "TorBrowser/Tor/tor"; + else if ("torrc-defaults" == aTorFileType) + path = "TorBrowser/Tor/torrc-defaults"; + else if ("torrc" == aTorFileType) + path = "Tor/torrc"; + else if ("tordatadir" == aTorFileType) + path = "Tor"; + } + } + else if (TorLauncherUtil.isWindows) + { + // This block is used for the non-TorBrowser-Data/ case. if ("tor" == aTorFileType) path = "Tor\\tor.exe"; else if ("torrc-defaults" == aTorFileType) @@ -693,6 +744,7 @@ TorProcessService.prototype = } else // Linux, Mac OS and others. { + // This block is also used for the non-TorBrowser-Data/ case. if ("tor" == aTorFileType) path = "Tor/tor"; else if ("torrc-defaults" == aTorFileType) @@ -700,7 +752,7 @@ TorProcessService.prototype = else if ("torrc" == aTorFileType) path = "Data/Tor/torrc"; else if ("tordatadir" == aTorFileType) - path = "Data/Tor/"; + path = "Data/Tor"; } } @@ -709,51 +761,20 @@ TorProcessService.prototype = try { - var f; + let f; if (isRelativePath) { - // Turn into an absolute path. - if (!this.mTorFileBaseDir) + // Turn 'path' into an absolute path. + if (this._isUserDataOutsideOfAppDir) { - var topDir; - var appInfo = Cc["@mozilla.org/xre/app-info;1"] - .getService(Ci.nsIXULAppInfo); - if (appInfo.ID == this.kThunderbirdID || appInfo.ID == this.kInstantbirdID) - { - topDir = Cc["@mozilla.org/file/directory_service;1"] - .getService(Ci.nsIProperties).get("CurProcD", Ci.nsIFile); - topDir.append("extensions"); - topDir.append(this.kTorLauncherExtPath); - } - else - { - // For Firefox, paths are relative to the top of the TBB install. - var tbbBrowserDepth = 0; // Windows and Linux - if (TorLauncherUtil.isAppVersionAtLeast("21.0")) - { - // In FF21+, CurProcD is the "browser" directory that is next to - // the firefox binary, e.g., <TorFileBaseDir>/Browser/browser - ++tbbBrowserDepth; - } - if (TorLauncherUtil.isMac) - tbbBrowserDepth += 2; - - topDir = Cc["@mozilla.org/file/directory_service;1"] - .getService(Ci.nsIProperties).get("CurProcD", Ci.nsIFile); - while (tbbBrowserDepth > 0) - { - var didRemove = (topDir.leafName != "."); - topDir = topDir.parent; - if (didRemove) - tbbBrowserDepth--; - } - } - - topDir.append("TorBrowser"); - this.mTorFileBaseDir = topDir; + let baseDir = isUserData ? this._dataDir : this._appDir; + f = baseDir.clone(); + } + else + { + f = this._appDir.clone(); + f.append("TorBrowser"); } - - f = this.mTorFileBaseDir.clone(); f.appendRelativePath(path); } else @@ -762,6 +783,22 @@ TorProcessService.prototype = f.initWithPath(path); } + if (!f.exists() && aCreate) + { + try + { + if ("tordatadir" == aTorFileType) + f.create(f.DIRECTORY_TYPE, FileUtils.PERMS_DIRECTORY); + else + f.create(f.NORMAL_FILE_TYPE, FileUtils.PERMS_FILE); + } + catch (e) + { + TorLauncherLogger.safelog(4, "unable to create " + f.path + ": ", e); + return null; + } + } + if (f.exists()) { try { f.normalize(); } catch(e) {} @@ -780,6 +817,83 @@ TorProcessService.prototype = return null; // File not found or error (logged above). }, // _getTorFile() + get _isUserDataOutsideOfAppDir() + { + if (this.mIsUserDataOutsideOfAppDir == undefined) + { + // Determine if we are using a "side-by-side" data model by checking + // for the existence of the TorBrowser-Data/ directory. + try + { + let f = this._appDir.parent; + f.append("TorBrowser-Data"); + this.mIsUserDataOutsideOfAppDir = f.exists() && f.isDirectory(); + } + catch (e) + { + this.mIsUserDataOutsideOfAppDir = false; + } + } + + return this.mIsUserDataOutsideOfAppDir; + }, // get _isUserDataOutsideOfAppDir + + // Returns an nsIFile that points to the application directory. + // May throw. + get _appDir() + { + if (!this.mAppDir) + { + let topDir = Cc["@mozilla.org/file/directory_service;1"] + .getService(Ci.nsIProperties).get("CurProcD", Ci.nsIFile); + let appInfo = Cc["@mozilla.org/xre/app-info;1"] + .getService(Ci.nsIXULAppInfo); + if ((appInfo.ID == this.kThunderbirdID) || + (appInfo.ID == this.kInstantbirdID)) + { + // For TorBirdy and Tor Messenger the Tor Launcher extension + // directory is returned. + topDir.append("extensions"); + topDir.append(this.kTorLauncherExtPath); + } + else // Tor Browser + { + // On Linux and Windows, we want to return the Browser/ directory. + // Because topDir ("CurProcD") points to Browser/browser on those + // platforms, we need to go up one level. + // On Mac OS, we want to return the TorBrowser.app/ directory. + // Because topDir points to Contents/Resources/browser on Mac OS, + // we need to go up 3 levels. + let tbbBrowserDepth = (TorLauncherUtil.isMac) ? 3 : 1; + while (tbbBrowserDepth > 0) + { + let didRemove = (topDir.leafName != "."); + topDir = topDir.parent; + if (didRemove) + tbbBrowserDepth--; + } + } + + this.mAppDir = topDir; + } + + return this.mAppDir; + }, // get _appDir + + // Returns an nsIFile that points to the TorBrowser-Data/ directory. + // May throw. + get _dataDir() + { + if (!this.mDataDir) + { + let f = this._appDir.parent.clone(); + f.append("TorBrowser-Data"); + this.mDataDir = f; + } + + return this.mDataDir; + }, // get _dataDir + _getpid: function() { // Use nsIXULRuntime.processID if it is available. diff --git a/src/defaults/preferences/prefs.js b/src/defaults/preferences/prefs.js index 3057f6a..2c0a95e 100644 --- a/src/defaults/preferences/prefs.js +++ b/src/defaults/preferences/prefs.js @@ -12,8 +12,15 @@ pref("extensions.torlauncher.control_port", 9151); pref("extensions.torlauncher.start_tor", true); pref("extensions.torlauncher.prompt_at_startup", true); -// All path prefs. are relative to the firefox executable's directory +// The tor_path is relative to the application directory. On Linux and +// Windows this is the Browser/ directory that contains the firefox +// executables, and on Mac OS it is the TorBrowser.app directory. pref("extensions.torlauncher.tor_path", ""); + +// The torrc_path and tordatadir_path are relative to the data directory, +// which is TorBrowser-Data/ if it exists as a sibling of the application +// directory. If TorBrowser-Data/ does not exist, these paths are relative +// to the TorBrowser/ directory within the application directory. pref("extensions.torlauncher.torrc_path", ""); pref("extensions.torlauncher.tordatadir_path", "");

1 0