commit 819842ba97d1c2358ced5c648b527162995b35e2 Author: Sukhbir Singh sukhbir@torproject.org Date: Sun Apr 1 10:25:20 2018 -0400
Update Enigmail keyserver settings
Assume that a user has dirmngr running and configured with `use-tor' in dirmngr.conf and set the relevant keyserver settings (similar to what Tails has been doing); otherwise the keyserver lookup will fail-safe. This should work for the daemon and Tor Browser since as per gnupg/dirmngr/dns-stuff.c, it tries both 9050 and 9150. This is probably better than the older setting because a) it actually works now, b) it will still fail-safe in case Tor is not running. --- chrome/content/preferences.js | 8 ++------ components/torbirdy.js | 4 ++-- 2 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/chrome/content/preferences.js b/chrome/content/preferences.js index 8acd6ba..2980857 100644 --- a/chrome/content/preferences.js +++ b/chrome/content/preferences.js @@ -42,14 +42,10 @@ if (!org.torbirdy.prefs) org.torbirdy.prefs = new function() { opts += "--throw-keyids "; } if (! pub.prefs.getBoolPref("extensions.torbirdy.gpg_already_torified")) { - var proxy = "socks5h://127.0.0.1:9150"; if (anonService === "jondo") { - proxy = "http://127.0.0.1:4001"; + let proxy = "http://127.0.0.1:4001"; + opts += "--keyserver-options=no-try-dns-srv,http-proxy=" + proxy + " "; } - if (anonService === "custom") { - proxy = "socks5h://" + pub.prefs.getCharPref("network.proxy.socks") + ":" + pub.prefs.getIntPref("network.proxy.socks_port"); - } - opts += "--keyserver-options=no-try-dns-srv,http-proxy=" + proxy + " "; }
return opts + diff --git a/components/torbirdy.js b/components/torbirdy.js index e8d2cd2..6c2be57 100644 --- a/components/torbirdy.js +++ b/components/torbirdy.js @@ -274,8 +274,8 @@ var TorBirdyPrefs = { "--no-comments " + // We want to force UTF-8 everywhere "--display-charset utf-8 " + - // We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell - "--keyserver-options http-proxy=socks5h://127.0.0.1:9150 ", + // Set additional keyserver options + "--keyserver-options no-auto-key-retrieve ",
// The default key server should be a hidden service; use the Tor OnionBalance hidden service pool (https://sks-keyservers.net/overview-of-pools.php#pool_tor) "extensions.enigmail.keyserver": "hkp://jirk5u4osbsr34t5.onion",
tor-commits@lists.torproject.org