Mon Nov 19 19:53:09 UTC 2007

Author: anonym
Date: 2007-11-19 14:53:08 -0500 (Mon, 19 Nov 2007)
New Revision: 12542

Added:
   incognito/branches/torbutton/portage.overlay/x11-plugins/torbutton/
   incognito/branches/torbutton/portage.overlay/x11-plugins/torbutton/Manifest
   incognito/branches/torbutton/portage.overlay/x11-plugins/torbutton/files/
   incognito/branches/torbutton/portage.overlay/x11-plugins/torbutton/files/digest-torbutton-1.1.9.1
   incognito/branches/torbutton/portage.overlay/x11-plugins/torbutton/torbutton-1.1.9.1.ebuild
   incognito/branches/torbutton/root_overlay/etc/NetworkManager/
   incognito/branches/torbutton/root_overlay/etc/NetworkManager/dispatcher.d/
   incognito/branches/torbutton/root_overlay/etc/NetworkManager/dispatcher.d/01-update-bypass-dns.sh
   incognito/branches/torbutton/root_overlay/etc/NetworkManager/dispatcher.d/99-make-resolv-conf.sh
   incognito/branches/torbutton/root_overlay/etc/conf.d/tor-bypass-proxy
   incognito/branches/torbutton/root_overlay/etc/dhcp/dhclient-enter-hooks
   incognito/branches/torbutton/root_overlay/etc/dhcp/dhclient-exit-hooks
   incognito/branches/torbutton/root_overlay/etc/dhcpcd.sh
   incognito/branches/torbutton/root_overlay/etc/init.d/tor-bypass-proxy
   incognito/branches/torbutton/root_overlay/etc/tor-bypass-proxy.cfg
   incognito/branches/torbutton/root_overlay/usr/sbin/update-bypass-dns.sh
Modified:
   incognito/branches/torbutton/ChangeLog
   incognito/branches/torbutton/TODO
   incognito/branches/torbutton/arch/x86/livecd-stage1-tiny.spec
   incognito/branches/torbutton/arch/x86/livecd-stage1.spec
   incognito/branches/torbutton/arch/x86/livecd-stage2-tiny.spec
   incognito/branches/torbutton/arch/x86/livecd-stage2.spec
   incognito/branches/torbutton/fsscript.sh
   incognito/branches/torbutton/portage.config/package.keywords
   incognito/branches/torbutton/portage.overlay/x11-plugins/cookiesafe/Manifest
   incognito/branches/torbutton/portage.overlay/x11-plugins/cookiesafe/cookiesafe-2.0.6.ebuild
   incognito/branches/torbutton/portage.overlay/x11-plugins/cookiesafe/files/digest-cookiesafe-2.0.6
   incognito/branches/torbutton/portage.overlay/x11-plugins/noscript/Manifest
   incognito/branches/torbutton/portage.overlay/x11-plugins/noscript/files/digest-noscript-1.1.7.2
   incognito/branches/torbutton/portage.overlay/x11-plugins/noscript/noscript-1.1.7.2.ebuild
   incognito/branches/torbutton/root_overlay/etc/dhcp/dhclient.conf
   incognito/branches/torbutton/root_overlay/usr/share/incognito/readme.html
   incognito/branches/torbutton/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default User/prefs.js
   incognito/branches/torbutton/root_overlay/var/lib/iptables/rules-save
Log:
Initial implementation of this branch. Seems to work quite well, but needs more testing and polishing (see TODO).


Modified: incognito/branches/torbutton/ChangeLog
===================================================================

--- incognito/branches/torbutton/ChangeLog	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/ChangeLog	2007-11-19 19:53:08 UTC (rev 12542)
@@ -1,3 +1,6 @@
+	- Added Torbutton Firefox extension. Firefox is configured to use Tor when Torbutton is enabled and the Tor bypass proxy when disabled. 
+	- Added a SOCKS proxy (called the "Tor bypass proxy") which bypasses the otherwise all-encompassing iptables/netfilter Torification of Internet traffic.
+	- Removed NoScript and CookieSafe Firefox extensions.
 	- Fixed a bug where macchanger gave two or more interfaces the same MAC ending.
 	- Fixed USB copying script so that it works while running from USB.
 	- Fixed KDED Media Manager (i.e. automounting through KDE).

Modified: incognito/branches/torbutton/TODO
===================================================================
--- incognito/branches/torbutton/TODO	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/TODO	2007-11-19 19:53:08 UTC (rev 12542)
@@ -44,24 +44,12 @@
 
 - Consider using grsec ?
 
-- Add torbutton, disabling tor enable/disable in toolbar and status bar
-torbutton is more user friendly and less annoying than NoScript+CookieCuller so if it provides a reasonable amount of protection for tor (which it should since that's its design goal) it should replace the other two extensions when it becomes more stable.
-Also, if we setup a new http(s) proxy that is excluded from the netfiler tor forwarding, torbutton could be used to have firefox access the network directly, which can be necessary when ISP require logins (see below).
-
 - Update Incognito branded images
 livecd-stage2.sh has some branding support so you can change the name. There are a few images that still have Incognito. ImageMagick scripting looks like a possible way to do this.
 
 - Change gensplash theme to use a modified livecd-2007.0 variant
 Because I think it looks nicer. All the "Gentoo" branding needs to be removed due to trademark restrictions.
 
-- Handle ISP login requirement
-Public networks may require a login before allowing access to the outside. Generally this is done by a transparent proxy that redirects to the login screen whenever an http request is made. A solution to this may be to add the class C network to the iptables exclusion list so the redirect won't run through Tor. The user will need to access something on the local net first though since the redirect won't happen when running through Tor. Other suggestions are welcome.
-(see entry for torbutton for a possible solution)
-
-- Allow Tor to be bypassed
-Sometimes a direct connection to the Internet is desired. We need a way to bypass the iptables filter. Possibly another proxy process that does not go through Tor. There should be a clear indicator that we are not anonymous.
-(see entry for torbutton for a possible solution)
-
 - Move to kernel 2.6.22
 Note that as of 2007-08-24 some of the wireless NIC drivers will not compile with 2.6.22.
 
@@ -78,3 +66,10 @@
 - Never create persistent home option on USB
 Make it possible to to permanently decline creating a persistent home partition during boot from USB (otherwise this will constantly be halting the boot process).
 This easily implemented by a "lock" file, i.e. NO_PERSISTANT on the USB root, created by external-config-setup when the users choses to never have a persistent home. external-config-setup will check for the existence of that file before prompting the user. Also, there should be a readily available script which resets this available on the KDE desktop and in the fluxbox menu.
+
+- Always enable torbutton on firefox start
+We don't want users disabling torbutton and shutting doen firefox get a surprise on next firefox start up
+
+- Add annoying popups whenever entering a site with torbutton disabled
+See Torbutton feature request: http://bugs.noreply.org/flyspray/index.php?do=details&id=530
+Other options?

Modified: incognito/branches/torbutton/arch/x86/livecd-stage1-tiny.spec
===================================================================
--- incognito/branches/torbutton/arch/x86/livecd-stage1-tiny.spec	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/arch/x86/livecd-stage1-tiny.spec	2007-11-19 19:53:08 UTC (rev 12542)
@@ -104,8 +104,7 @@
 	sys-fs/dosfstools
 	sys-power/acpid
 	www-client/mozilla-firefox-bin
-	x11-plugins/noscript
-	x11-plugins/cookiesafe
+	x11-plugins/torbutton
 	x11-plugins/adblock_plus
 	x11-plugins/refcontrol
 	net-irc/xchat

Modified: incognito/branches/torbutton/arch/x86/livecd-stage1.spec
===================================================================
--- incognito/branches/torbutton/arch/x86/livecd-stage1.spec	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/arch/x86/livecd-stage1.spec	2007-11-19 19:53:08 UTC (rev 12542)
@@ -117,9 +117,8 @@
 	sys-power/acpid
 	www-client/links
 	www-client/mozilla-firefox-bin
-	x11-plugins/noscript
+	x11-plugins/torbutton
 	x11-plugins/firefox-quick-locale-switcher
-	x11-plugins/cookiesafe
 	x11-plugins/firegpg
 	x11-plugins/adblock_plus
 	x11-plugins/refcontrol

Modified: incognito/branches/torbutton/arch/x86/livecd-stage2-tiny.spec
===================================================================
--- incognito/branches/torbutton/arch/x86/livecd-stage2-tiny.spec	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/arch/x86/livecd-stage2-tiny.spec	2007-11-19 19:53:08 UTC (rev 12542)
@@ -34,6 +34,7 @@
 	external-config-setup|boot
 	macchanger|default
 	hidden-service|default
+	tor-bypass-proxy|default
 
 # See livecd-stage2.spec for why unionfs is buggy
 #livecd/bootargs: unionfs
@@ -316,6 +317,10 @@
 	/usr/qt/3/bin
 	/usr/qt/3/include
 	/boot
+# NOTE: if tiny ever changes to use dhclient or NetworkManager we probably
+# want to keep these directories...
+	/etc/dhcp
+	/etc/NetworkManager
 
 livecd/rm:
 #	/boot/System*

Modified: incognito/branches/torbutton/arch/x86/livecd-stage2.spec
===================================================================
--- incognito/branches/torbutton/arch/x86/livecd-stage2.spec	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/arch/x86/livecd-stage2.spec	2007-11-19 19:53:08 UTC (rev 12542)
@@ -39,6 +39,7 @@
 	gpm|boot
 	NetworkManager|default
 	hidden-service|default
+	tor-bypass-proxy|default
 
 # unionfs (genkernel 2.4.7) causes problems such as:
 #   1. creating /etc/sysconfig/keyboard in /etc/init.d/external-config-setup
@@ -497,5 +498,4 @@
 	/usr/bin/linguist
 	/usr/bin/assistant
 	/usr/bin/designer
-
-
+	/etc/dhcpcd.sh

Modified: incognito/branches/torbutton/fsscript.sh
===================================================================
--- incognito/branches/torbutton/fsscript.sh	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/fsscript.sh	2007-11-19 19:53:08 UTC (rev 12542)
@@ -60,6 +60,32 @@
 	"${THUNDERBIRD_HOME}"/defaults/pref/all-thunderbird.js \
 	"${THUNDERBIRD_HOME}"/defaults/pref/all-l10n.js
 
+# Add the the torbypass user (who has direct access to the network and thus
+# bypasses Tor)
+useradd -c "This user bypasses Tor" -K UID_MIN=100 -K UID_MAX=500 \
+	-K PASS_MAX_DAYS=-1 -d /dev/null -s /sbin/nologin torbypass
+
+# Dynamically configure some stuff for the bypass proxy to make sure
+# file paths is consistent. if such changes take place, update this info.
+UPDATE_BYPASS_DNS="/usr/sbin/update-bypass-dns.sh"
+BYPASS_PROXY_INIT="tor-bypass-proxy"
+BYPASS_PROXY_CFG="/etc/tor-bypass-proxy.cfg"
+BYPASS_PROXY_PIDFILE="/var/run/tor-bypass-proxy.pid"
+BYPASS_UID="$( id -u torbypass )"
+DHCPCD_HOOK="/etc/dhcpcd.sh"
+DHCLIENT_HOOK="/etc/dhcp/dhclient-exit-hooks"
+NETWORKMANAGER_HOOK="/etc/NetworkManager/dispatcher.d/01-update-bypass-dns.sh"
+sed -i "s|##setuid.*|setuid ${BYPASS_UID}|" ${BYPASS_PROXY_CFG}
+sed -i "s|##pidfile.*|pidfile ${BYPASS_PROXY_PIDFILE}|" ${BYPASS_PROXY_CFG}
+sed -i "s|##monitor.*|monitor ${BYPASS_PROXY_CFG}|" ${BYPASS_PROXY_CFG}
+sed -i "s|##PROXY_CFG.*|PROXY_CFG=\"${BYPASS_PROXY_CFG}\"|" /etc/conf.d/${BYPASS_PROXY_INIT}
+sed -i "s|##PIDFILE.*|PIDFILE=\"${BYPASS_PROXY_PIDFILE}\"|" /etc/conf.d/${BYPASS_PROXY_INIT}
+sed -i "s|##PROXY_CFG.*|PROXY_CFG=\"${BYPASS_PROXY_CFG}\"|" ${UPDATE_BYPASS_DNS}
+sed -i "s|##PROXY_SCRIPT.*|PROXY_SCRIPT=\"/etc/init.d/${BYPASS_PROXY_INIT}\"|" ${UPDATE_BYPASS_DNS}
+sed -i "s|##UPDATE_BYPASS_DNS.*|UPDATE_BYPASS_DNS=\"${UPDATE_BYPASS_DNS}\"|" ${DHCPCD_HOOK}
+sed -i "s|##UPDATE_BYPASS_DNS.*|UPDATE_BYPASS_DNS=\"${UPDATE_BYPASS_DNS}\"|" ${DHCLIENT_HOOK}
+sed -i "s|##UPDATE_BYPASS_DNS.*|UPDATE_BYPASS_DNS=\"${UPDATE_BYPASS_DNS}\"|" ${NETWORKMANAGER_HOOK}
+
 # Group membership
 for GRP in uucp dialout tor gentoo ipw3945d cdrw floppy plugdev; do
 	groupmems -a gentoo -g ${GRP} 2>/dev/null || sed -i "s/^${GRP}:.*:\$/\0gentoo/" /etc/group

Modified: incognito/branches/torbutton/portage.config/package.keywords
===================================================================
--- incognito/branches/torbutton/portage.config/package.keywords	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/portage.config/package.keywords	2007-11-19 19:53:08 UTC (rev 12542)
@@ -38,11 +38,10 @@
 www-client/mozilla-firefox-bin ~*
 mail-client/mozilla-thunderbird-bin ~*
 x11-plugins/enigmail-bin ~*
-x11-plugins/noscript ~*
 x11-plugins/firefox-quick-locale-switcher ~*
 x11-plugins/chatzilla ~*
-x11-plugins/cookiesafe ~*
 x11-plugins/firegpg ~*
+x11-plugins/torbutton ~*
 mail-mta/mixminion ~*
 mail-mta/mixminion-smtp ~*
 net-im/kopete-otr ~*

Modified: incognito/branches/torbutton/portage.overlay/x11-plugins/cookiesafe/Manifest
===================================================================
--- incognito/branches/torbutton/portage.overlay/x11-plugins/cookiesafe/Manifest	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/portage.overlay/x11-plugins/cookiesafe/Manifest	2007-11-19 19:53:08 UTC (rev 12542)
@@ -1,8 +0,0 @@
-DIST cookiesafe-2.0.6-fx+fl+mz+ns+zm.xpi 196491 RMD160 96fabf29379fab9e1dce5211427f1530f2c05af1 SHA1 8b637b48dca66995d46cb80fb414775c23fc2378 SHA256 42bec2e93d99927c7c093ed5693ede4e3b1dc80af767acb5f7df8d853f342d9a
-EBUILD cookiesafe-2.0.6.ebuild 925 RMD160 458502d3f05780d43f89d3ff7da6ecc05e85b850 SHA1 55b51033ea145c9be8481c21debf29296631239e SHA256 67519d94e8c49251f1298bc5e0dcf1c71bf349fddb155475640210b99796cc2d
-MD5 b5a6f14a1a7154c5ec0b6a3ee850ed86 cookiesafe-2.0.6.ebuild 925
-RMD160 458502d3f05780d43f89d3ff7da6ecc05e85b850 cookiesafe-2.0.6.ebuild 925
-SHA256 67519d94e8c49251f1298bc5e0dcf1c71bf349fddb155475640210b99796cc2d cookiesafe-2.0.6.ebuild 925
-MD5 6336e6d794bd657c0ace9b95978591e8 files/digest-cookiesafe-2.0.6 286
-RMD160 388978bb42b69dc845db83bfe0fcee7c594070fb files/digest-cookiesafe-2.0.6 286
-SHA256 6b3f649f9b5cd3c9526ec3ebacfd6ba13126e707cccd429612250c0b4d21153f files/digest-cookiesafe-2.0.6 286

Modified: incognito/branches/torbutton/portage.overlay/x11-plugins/cookiesafe/cookiesafe-2.0.6.ebuild
===================================================================
--- incognito/branches/torbutton/portage.overlay/x11-plugins/cookiesafe/cookiesafe-2.0.6.ebuild	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/portage.overlay/x11-plugins/cookiesafe/cookiesafe-2.0.6.ebuild	2007-11-19 19:53:08 UTC (rev 12542)
@@ -1,36 +0,0 @@
-# Distributed under the terms of the GNU General Public License v2
-
-inherit mozextension multilib
-
-DESCRIPTION="Firefox plugin to control cookie permissions"
-HOMEPAGE="http://addons.mozilla.org/en-US/firefox/addon/2497"
-SRC_URI="https://addons.mozilla.org/en-US/firefox/downloads/file/9302/${P}-fx+fl+mz+ns+zm.xpi"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
-IUSE=""
-
-RDEPEND="|| (
-  >=www-client/mozilla-firefox-bin-1.5.0.7
-  >=www-client/mozilla-firefox-1.5.0.7
-)"
-
-DEPEND="${RDEPEND}"
-
-S=${WORKDIR}
-
-src_unpack() {
-	xpi_unpack "${P}-fx+fl+mz+ns+zm.xpi"
-}
-
-src_install() {
-	declare MOZILLA_FIVE_HOME
-	if has_version '>=www-client/mozilla-firefox-1.5.0.7'; then
-		MOZILLA_FIVE_HOME="/usr/$(get_libdir)/mozilla-firefox"
-	elif has_version '>=www-client/mozilla-firefox-bin-1.5.0.7'; then
-		MOZILLA_FIVE_HOME="/opt/firefox"
-	fi
-
-	xpi_install "${S}"/"${P}-fx+fl+mz+ns+zm"
-}

Modified: incognito/branches/torbutton/portage.overlay/x11-plugins/cookiesafe/files/digest-cookiesafe-2.0.6
===================================================================
--- incognito/branches/torbutton/portage.overlay/x11-plugins/cookiesafe/files/digest-cookiesafe-2.0.6	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/portage.overlay/x11-plugins/cookiesafe/files/digest-cookiesafe-2.0.6	2007-11-19 19:53:08 UTC (rev 12542)
@@ -1,3 +0,0 @@
-MD5 66c88ec2a56ee9ca502f4fa48b4b0ed8 cookiesafe-2.0.6-fx+fl+mz+ns+zm.xpi 196491
-RMD160 96fabf29379fab9e1dce5211427f1530f2c05af1 cookiesafe-2.0.6-fx+fl+mz+ns+zm.xpi 196491
-SHA256 42bec2e93d99927c7c093ed5693ede4e3b1dc80af767acb5f7df8d853f342d9a cookiesafe-2.0.6-fx+fl+mz+ns+zm.xpi 196491

Modified: incognito/branches/torbutton/portage.overlay/x11-plugins/noscript/Manifest
===================================================================
--- incognito/branches/torbutton/portage.overlay/x11-plugins/noscript/Manifest	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/portage.overlay/x11-plugins/noscript/Manifest	2007-11-19 19:53:08 UTC (rev 12542)
@@ -1,8 +0,0 @@
-DIST noscript-1.1.7.2.xpi 227188 RMD160 3f324133e2ddb9886cfa09fc92ee3d5978353565 SHA1 18a4586e842ed623d135991bcc61c26ddc15d98f SHA256 bfdfa7e0059fb5772431c500a574e37d01d47f41224be941325b601fb8552d79
-EBUILD noscript-1.1.7.2.ebuild 1013 RMD160 b5c51e938ea806b2bbe18ae0a115aa39d6aa6688 SHA1 397da375e8715d92496c64a60c9f9a2a07ef30ad SHA256 db4c9ff4ca8980f161e28bc2ffffd166fcea8f462f3eb71227031610d8bd91ba
-MD5 e1ffc097e2219296590826e7f28486d5 noscript-1.1.7.2.ebuild 1013
-RMD160 b5c51e938ea806b2bbe18ae0a115aa39d6aa6688 noscript-1.1.7.2.ebuild 1013
-SHA256 db4c9ff4ca8980f161e28bc2ffffd166fcea8f462f3eb71227031610d8bd91ba noscript-1.1.7.2.ebuild 1013
-MD5 615da961ae5fa9efd563f83174be0a9b files/digest-noscript-1.1.7.2 241
-RMD160 c6064d35f217fbb2baadd4e0c7c8fa0bbddc3132 files/digest-noscript-1.1.7.2 241
-SHA256 1d675b9b6ce75ff01c792ab398645bccfc4ba944084ba45c2f60dd70353e640d files/digest-noscript-1.1.7.2 241

Modified: incognito/branches/torbutton/portage.overlay/x11-plugins/noscript/files/digest-noscript-1.1.7.2
===================================================================
--- incognito/branches/torbutton/portage.overlay/x11-plugins/noscript/files/digest-noscript-1.1.7.2	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/portage.overlay/x11-plugins/noscript/files/digest-noscript-1.1.7.2	2007-11-19 19:53:08 UTC (rev 12542)
@@ -1,3 +0,0 @@
-MD5 48b9df0761ddd00282d737b456940dfb noscript-1.1.7.2.xpi 227188
-RMD160 3f324133e2ddb9886cfa09fc92ee3d5978353565 noscript-1.1.7.2.xpi 227188
-SHA256 bfdfa7e0059fb5772431c500a574e37d01d47f41224be941325b601fb8552d79 noscript-1.1.7.2.xpi 227188

Modified: incognito/branches/torbutton/portage.overlay/x11-plugins/noscript/noscript-1.1.7.2.ebuild
===================================================================
--- incognito/branches/torbutton/portage.overlay/x11-plugins/noscript/noscript-1.1.7.2.ebuild	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/portage.overlay/x11-plugins/noscript/noscript-1.1.7.2.ebuild	2007-11-19 19:53:08 UTC (rev 12542)
@@ -1,38 +0,0 @@
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/x11-plugins/noscript/noscript-1.1.5.ebuild,v 1.1 2007/06/28 16:42:26 armin76 Exp $
-
-inherit mozextension multilib
-
-DESCRIPTION="Firefox plugin to disable javascript"
-HOMEPAGE="http://noscript.net/"
-SRC_URI="http://software.informaction.com/data/releases/${P}.xpi"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
-IUSE=""
-
-RDEPEND="|| (
-	>=www-client/mozilla-firefox-bin-1.5.0.7
-	>=www-client/mozilla-firefox-1.5.0.7
-)"
-DEPEND="${RDEPEND}"
-
-S=${WORKDIR}
-
-src_unpack() {
-	xpi_unpack "${P}".xpi
-}
-
-src_install() {
-	declare MOZILLA_FIVE_HOME
-	if has_version '>=www-client/mozilla-firefox-1.5.0.7'; then
-		MOZILLA_FIVE_HOME="/usr/$(get_libdir)/mozilla-firefox"
-		xpi_install "${S}"/"${P}"
-	fi
-	if has_version '>=www-client/mozilla-firefox-bin-1.5.0.7'; then
-		MOZILLA_FIVE_HOME="/opt/firefox"
-		xpi_install "${S}"/"${P}"
-	fi
-}

Added: incognito/branches/torbutton/portage.overlay/x11-plugins/torbutton/Manifest
===================================================================
--- incognito/branches/torbutton/portage.overlay/x11-plugins/torbutton/Manifest	                        (rev 0)
+++ incognito/branches/torbutton/portage.overlay/x11-plugins/torbutton/Manifest	2007-11-19 19:53:08 UTC (rev 12542)
@@ -0,0 +1,8 @@
+DIST torbutton-1.1.9.1-alpha.xpi 119492 RMD160 0e4701365141552bb11674a5c6c91de52a598fc4 SHA1 f8e3b51bd81ad48625fa9602a978b1f0216422c4 SHA256 e555cd45b7251afa679dd0d5a0b41d658b4bd2791c85e0d7095631df919504cb
+EBUILD torbutton-1.1.9.1.ebuild 904 RMD160 efccac1de68a9eb64a723f6db264fb51bd810515 SHA1 cb06564480d289d35c3aaecbc0c855fabe13d506 SHA256 5a5c3d6f473106eddb6ca268aac5e511a15eb662f428576038a49caaf86268c7
+MD5 41a256c6d1561c0881699acbb4fdb4ab torbutton-1.1.9.1.ebuild 904
+RMD160 efccac1de68a9eb64a723f6db264fb51bd810515 torbutton-1.1.9.1.ebuild 904
+SHA256 5a5c3d6f473106eddb6ca268aac5e511a15eb662f428576038a49caaf86268c7 torbutton-1.1.9.1.ebuild 904
+MD5 316cc8f1865defb65ea426979730ffb7 files/digest-torbutton-1.1.9.1 262
+RMD160 d4456de5aad561d8c0bcea7139a0aeb589e4be5f files/digest-torbutton-1.1.9.1 262
+SHA256 303303e191d49443d405a7e55ea8e7b783fa64d6c4b67603ac0691a97a7ce104 files/digest-torbutton-1.1.9.1 262

Added: incognito/branches/torbutton/portage.overlay/x11-plugins/torbutton/files/digest-torbutton-1.1.9.1
===================================================================
--- incognito/branches/torbutton/portage.overlay/x11-plugins/torbutton/files/digest-torbutton-1.1.9.1	                        (rev 0)
+++ incognito/branches/torbutton/portage.overlay/x11-plugins/torbutton/files/digest-torbutton-1.1.9.1	2007-11-19 19:53:08 UTC (rev 12542)
@@ -0,0 +1,3 @@
+MD5 3fe66a63ada4e3ffc429197f0b5fdd55 torbutton-1.1.9.1-alpha.xpi 119492
+RMD160 0e4701365141552bb11674a5c6c91de52a598fc4 torbutton-1.1.9.1-alpha.xpi 119492
+SHA256 e555cd45b7251afa679dd0d5a0b41d658b4bd2791c85e0d7095631df919504cb torbutton-1.1.9.1-alpha.xpi 119492

Added: incognito/branches/torbutton/portage.overlay/x11-plugins/torbutton/torbutton-1.1.9.1.ebuild
===================================================================
--- incognito/branches/torbutton/portage.overlay/x11-plugins/torbutton/torbutton-1.1.9.1.ebuild	                        (rev 0)
+++ incognito/branches/torbutton/portage.overlay/x11-plugins/torbutton/torbutton-1.1.9.1.ebuild	2007-11-19 19:53:08 UTC (rev 12542)
@@ -0,0 +1,37 @@
+# Distributed under the terms of the GNU General Public License v2
+
+inherit mozextension multilib
+
+DESCRIPTION="Firefox plugin to control Tor"
+HOMEPAGE="https://torbutton.torproject.org/dev/"
+SRC_URI="https://torbutton.torproject.org/dev/releases/${P}-alpha.xpi"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE=""
+
+RDEPEND="|| (
+	>=www-client/mozilla-firefox-bin-1.5.0.7
+	>=www-client/mozilla-firefox-1.5.0.7
+)"
+DEPEND="${RDEPEND}"
+
+S=${WORKDIR}
+
+src_unpack() {
+	xpi_unpack ${P}-alpha.xpi
+	mv ${S}/${P}-alpha ${S}/${P}
+}
+
+src_install() {
+	declare MOZILLA_FIVE_HOME
+	if has_version '>=www-client/mozilla-firefox-1.5.0.7'; then
+		MOZILLA_FIVE_HOME="/usr/$(get_libdir)/mozilla-firefox"
+		xpi_install "${S}"/"${P}"
+	fi
+	if has_version '>=www-client/mozilla-firefox-bin-1.5.0.7'; then
+		MOZILLA_FIVE_HOME="/opt/firefox"
+		xpi_install "${S}"/"${P}"
+	fi
+}

Added: incognito/branches/torbutton/root_overlay/etc/NetworkManager/dispatcher.d/01-update-bypass-dns.sh
===================================================================
--- incognito/branches/torbutton/root_overlay/etc/NetworkManager/dispatcher.d/01-update-bypass-dns.sh	                        (rev 0)
+++ incognito/branches/torbutton/root_overlay/etc/NetworkManager/dispatcher.d/01-update-bypass-dns.sh	2007-11-19 19:53:08 UTC (rev 12542)
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# This script updates the name servers in the Tor bypass proxy whenever
+# NetworkManager changes status of an interface
+
+# The following variable is generated dynamically by fsscript at build time
+##UPDATE_BYPASS_DNS
+
+IF="$1"
+IF_STATUS="$2"
+
+if [[ -x ${UPDATE_BYPASS_DNS} ]]; then
+	${UPDATE_BYPASS_DNS} "dhclient" ${IF} ${IF_STATUS}
+else
+	exit 1
+fi
+                
\ No newline at end of file

Added: incognito/branches/torbutton/root_overlay/etc/NetworkManager/dispatcher.d/99-make-resolv-conf.sh
===================================================================
--- incognito/branches/torbutton/root_overlay/etc/NetworkManager/dispatcher.d/99-make-resolv-conf.sh	                        (rev 0)
+++ incognito/branches/torbutton/root_overlay/etc/NetworkManager/dispatcher.d/99-make-resolv-conf.sh	2007-11-19 19:53:08 UTC (rev 12542)
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# The system wide name server should always be localhost
+echo "nameserver 127.0.0.1" > /etc/resolv.conf

Added: incognito/branches/torbutton/root_overlay/etc/conf.d/tor-bypass-proxy
===================================================================
--- incognito/branches/torbutton/root_overlay/etc/conf.d/tor-bypass-proxy	                        (rev 0)
+++ incognito/branches/torbutton/root_overlay/etc/conf.d/tor-bypass-proxy	2007-11-19 19:53:08 UTC (rev 12542)
@@ -0,0 +1,5 @@
+PROXY_EXEC="/usr/bin/3proxy"
+
+# the following two should be set dynamically by fsscript.sh at build time
+##PROXY_CFG
+##PIDFILE

Added: incognito/branches/torbutton/root_overlay/etc/dhcp/dhclient-enter-hooks
===================================================================
--- incognito/branches/torbutton/root_overlay/etc/dhcp/dhclient-enter-hooks	                        (rev 0)
+++ incognito/branches/torbutton/root_overlay/etc/dhcp/dhclient-enter-hooks	2007-11-19 19:53:08 UTC (rev 12542)
@@ -0,0 +1,11 @@
+# Since NetworkManager uses some hard to follow voodoo to configure 
+# resolv.conf, this hook is here more out of completeness should the
+# user ever invoke dhclient some other way
+
+# Prevent /sbin/dhclient-script from writing to resolv.conf by simply
+# redefining it to do no such thing. Of course, there is a parameter which
+# can be passed for that, but then no name servers will be recorded in the
+# lease files, which we need for the Tor bypass proxy
+make_resolv_conf() {
+	make_ntp_conf
+}

Added: incognito/branches/torbutton/root_overlay/etc/dhcp/dhclient-exit-hooks
===================================================================
--- incognito/branches/torbutton/root_overlay/etc/dhcp/dhclient-exit-hooks	                        (rev 0)
+++ incognito/branches/torbutton/root_overlay/etc/dhcp/dhclient-exit-hooks	2007-11-19 19:53:08 UTC (rev 12542)
@@ -0,0 +1,32 @@
+# In here, we try to determine the interface and its new status and update
+# the Tor bypass proxy's name servers accordingly
+
+# The following variable is generated dynamically by fsscript at build time
+##UPDATE_BYPASS_DNS
+
+IF=$interface
+
+# FIXME: the following is pure voodoo
+if [ x$reason = xEXPIRE ] || [ x$reason = xFAIL ] || [ x$reason = xRELEASE ] \
+   || [ x$reason = xSTOP ] || [ x$reason = xPREINIT ]; then
+	IF_STATUS="down"
+elif [ x$reason = xTIMEOUT ]; then
+	if [ $exit_status -eq 0 ]; then
+		IF_STATUS="up"
+	else
+		IF_STATUS="down
+	fi"
+elif [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \
+     [ x$reason = xREBIND ] || [ x$reason = xREBOOT ]; then
+	IF_STATUS="up"
+else
+	IF_STATUS=""
+fi	
+
+if [[ ! -z ${IF_STATUS} ]]; then 
+	[[ -x ${UPDATE_BYPASS_DNS} ]]; then
+        	${UPDATE_BYPASS_DNS} "dhcpcd" ${IF} ${IF_STATUS}
+	else
+        	exit_status=1
+	fi
+fi

Modified: incognito/branches/torbutton/root_overlay/etc/dhcp/dhclient.conf
===================================================================
--- incognito/branches/torbutton/root_overlay/etc/dhcp/dhclient.conf	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/root_overlay/etc/dhcp/dhclient.conf	2007-11-19 19:53:08 UTC (rev 12542)
@@ -1,3 +1,9 @@
 default domain-name-servers 127.0.0.1;
-supersede domain-name-servers 127.0.0.1;
 
+# We would like to have the following setting, as we don't want dhclient
+# to update resolv.conf, but with it no name servers are recorded in the
+# .lease files, which is needed by /usr/sbin/update-bypass-dns.sh.
+# Instead, the behaviour of dhclient is redefined so it never writes to
+# resolv.conf (see /etc/dhcp/dhclient-enter-hooks).
+#supersede domain-name-servers 127.0.0.1;
+

Added: incognito/branches/torbutton/root_overlay/etc/dhcpcd.sh
===================================================================
--- incognito/branches/torbutton/root_overlay/etc/dhcpcd.sh	                        (rev 0)
+++ incognito/branches/torbutton/root_overlay/etc/dhcpcd.sh	2007-11-19 19:53:08 UTC (rev 12542)
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# This script updates the name servers in the Tor bypass proxy whenever
+# dhcpcd changes the status of an interface
+
+# The following variable is generated dynamically by fsscript at build time
+##UPDATE_BYPASS_DNS
+
+DHCP_INFO_FILE_PREFIX="/var/lib/dhcpcd/dhcpcd-"
+DHCP_INFO_FILE_SUFFIX=".info"
+                
+IF=$( echo "$1" | sed "s@${DHCP_INFO_FILE_PREFIX}\|${DHCP_INFO_FILE_SUFFIX}@@g" )
+
+if [[ $2 == "new" ]] || [[ $2 == "up" ]]; then
+	IF_STATUS="up"
+elif [[ $2 == "down" ]]; then
+	IF_STATUS="down"
+else
+	exit 1
+fi
+
+if [[ -x ${UPDATE_BYPASS_DNS} ]]; then
+	${UPDATE_BYPASS_DNS} "dhcpcd" ${IF} ${IF_STATUS}
+else
+	exit 1
+fi

Added: incognito/branches/torbutton/root_overlay/etc/init.d/tor-bypass-proxy
===================================================================
--- incognito/branches/torbutton/root_overlay/etc/init.d/tor-bypass-proxy	                        (rev 0)
+++ incognito/branches/torbutton/root_overlay/etc/init.d/tor-bypass-proxy	2007-11-19 19:53:08 UTC (rev 12542)
@@ -0,0 +1,38 @@
+#!/sbin/runscript
+
+opts="reload"
+
+depend() {
+        need net
+}
+
+reload() {
+	ebegin "Reloading Tor bypass proxy configuration"
+
+	# FIXME: this should work but has 3proxy complain over ownership
+	# issues of the pid file. 
+	#kill -SIGUSR1 $( cat ${PIDFILE} ) > /dev/null
+
+	# temporary fix: restart instead
+	stop > /dev/null
+	start > /dev/null
+	
+	eend $?
+}
+
+start() {
+        ebegin "Starting Tor bypass proxy"
+
+	start-stop-daemon --start --quiet --exec ${PROXY_EXEC} \
+	-- ${PROXY_CFG}
+
+        eend $?
+}
+
+stop() {
+        ebegin "Stopping Tor bypass proxy"
+
+	start-stop-daemon --stop --quiet --signal 9 --exec ${PROXY_EXEC}
+
+        eend $?
+}

Added: incognito/branches/torbutton/root_overlay/etc/tor-bypass-proxy.cfg
===================================================================
--- incognito/branches/torbutton/root_overlay/etc/tor-bypass-proxy.cfg	                        (rev 0)
+++ incognito/branches/torbutton/root_overlay/etc/tor-bypass-proxy.cfg	2007-11-19 19:53:08 UTC (rev 12542)
@@ -0,0 +1,18 @@
+daemon
+log /dev/null M
+
+# the following three should be set dynamically by fsscript.sh at build time
+##pidfile
+##monitor
+##setuid
+
+auth iponly
+
+# consideration: should we allow everything or just HTTP/HTTPs?
+allow *
+
+socks -i127.0.0.1 -p1234
+
+# from here on the configuration is generated dynamically and might change
+# from time to time -- edit at your own risk!
+

Added: incognito/branches/torbutton/root_overlay/usr/sbin/update-bypass-dns.sh
===================================================================
--- incognito/branches/torbutton/root_overlay/usr/sbin/update-bypass-dns.sh	                        (rev 0)
+++ incognito/branches/torbutton/root_overlay/usr/sbin/update-bypass-dns.sh	2007-11-19 19:53:08 UTC (rev 12542)
@@ -0,0 +1,107 @@
+#!/bin/bash
+
+# This script adds/updates or removes the name servers obtained through DHCP
+# for a certain interface from the Tor bypass proxy configuration and restarts
+# the proxy. This should be called whenever an interface using DHCP changes
+# status for example by /etc/dhcp/dhclient-exit-hooks, /etc/dhcpcd.sh or some
+# script in /etc/NetworkManager/dispatcher.d
+#
+# Three parameters are needed:
+# $1: The DHCP client used, currently supports "dhcpcd" and "dhclient".
+# $2: The interface, e.g. "eth1".
+# $3: The new status, currently support "up" (adds/updates name servers in the
+# proxy configuration) and "down" (removes name servers).
+
+# The following two are generated dynamically by fsscript.sh at build time
+##PROXY_CFG
+##PROXY_SCRIPT
+
+SCRIPT_NAME=$( basename $0 )
+DHCP_CLIENT="$1"
+CURRENT_IF="$2"
+CURRENT_IF_STATUS="$3"
+
+# check parameters and that necessary files are readable and/or writable
+if [[ ${DHCP_CLIENT} == "dhclient" ]]; then
+	DHCP_INFO_FILE_PREFIX="/var/lib/dhclient/dhclient-"
+	DHCP_INFO_FILE_SUFFIX=".leases"
+	DNS_PATTERN="option domain-name-servers .*;"
+elif [[ ${DHCP_CLIENT} == "dhcpcd" ]]; then
+	DHCP_INFO_FILE_PREFIX="/var/lib/dhcpcd/dhcpcd-"
+	DHCP_INFO_FILE_SUFFIX=".info"
+	DNS_PATTERN="DNSSERVERS='.*'"
+else
+	echo "error: incorrect DHCP client specified"
+	exit 1
+fi
+
+DHCP_INFO_FILE="${DHCP_INFO_FILE_PREFIX}${CURRENT_IF}${DHCP_INFO_FILE_SUFFIX}"
+if [[ ! -r ${DHCP_INFO_FILE} ]]; then
+	echo -e "error: interface DHCP lease/info file not readable or doesn't exist \n(should be: ${DHCP_INFO_FILE})"
+	exit 1
+fi
+                
+if	[[ ${CURRENT_IF_STATUS} != "up" ]] && \
+	[[ ${CURRENT_IF_STATUS} != "down" ]]; then
+	echo "error: incorrect interface status specified"
+	exit 1
+fi
+
+if [[ ! -r ${PROXY_CFG} ]] || [[ ! -w ${PROXY_CFG} ]]; then
+	echo "error: proxy cfg not readable/writable"
+        exit 1
+fi
+
+# try to lock proxy configuration to avoid race conditions
+RETRIES=0
+LOCK_FILE="/var/lock/${SCRIPT_NAME}"
+while [[ -e ${LOCK_FILE} ]]; do
+	if [[ ${RETRIES} -ge 3 ]]; then
+		echo "error: proxy configuration has been locked far too long"
+		exit 1
+	fi
+	
+	sleep 1
+	RETRIES=$[${RETRIES}+1]
+done
+
+# be pedantic and actually use HDB UUCP lock file format
+printf "%010b\n" $$ > ${LOCK_FILE} 		 
+
+# these markers form sections wherein name servers for the specified interface
+# are stored in the proxy configuration. this is mostly for easy removal.
+START_MARKER="## start marker ${CURRENT_IF} ##"
+STOP_MARKER="## stop marker ${CURRENT_IF} ##"
+
+# we want to remove previous name servers for the current interface in any
+# case, i.e. both when status is "up" and "down"
+sed -i "/${START_MARKER}/,/${STOP_MARKER}/d" ${PROXY_CFG}
+
+# if interface status is up, add name servers, if down do nothing (the name
+# servers has already been removed above)
+if 	[[ ${CURRENT_IF_STATUS} == "up" ]]; then
+	# grep well-formed IP addresses of name servers obtained through DHCP
+	# by the current interface
+	DNSSERVERS="$( cat ${DHCP_INFO_FILE} | grep "${DNS_PATTERN}" | \
+	grep -o "\(\([0-9]\)\{1,3\}\.\([0-9]\)\{1,3\}\.\([0-9]\)\{1,3\}\.\([0-9]\)\{1,3\} \?\)\+" )"
+
+	# the following hack removes duplicate name server entries for the
+	# current interface (there still can be duplicates between different
+	# interfaces, not sure if that's a problem)
+	DNSSERVERS="$( echo "${DNSSERVERS}" | sed 's/ /\n/g' | \
+		 awk 'x[$0]++ == 0' )"
+
+	# add them to config, use markers to specify which interface they
+	# belong to
+	echo "${START_MARKER}" >> ${PROXY_CFG}
+	for SERVER in ${DNSSERVERS}; do
+		echo "nserver ${SERVER}" >> ${PROXY_CFG}
+	done 
+	echo "${STOP_MARKER}" >> ${PROXY_CFG}
+fi
+
+# remove lock
+rm -f ${LOCK_FILE} > /dev/null
+
+# reload the proxy configuration so the changes take effect
+${PROXY_SCRIPT} reload > /dev/null

Modified: incognito/branches/torbutton/root_overlay/usr/share/incognito/readme.html
===================================================================
--- incognito/branches/torbutton/root_overlay/usr/share/incognito/readme.html	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/root_overlay/usr/share/incognito/readme.html	2007-11-19 19:53:08 UTC (rev 12542)
@@ -139,12 +139,9 @@
 <dt><a href="<!-- #homepage(www-client/mozilla-firefox-bin) -->">Firefox</a> <!-- #version(www-client/mozilla-firefox-bin) --></dt>
 <dd><!-- #description(www-client/mozilla-firefox-bin) --></dd>
 
-<dt><a href="<!-- #homepage(x11-plugins/noscript) -->">noscript</a> <!-- #version(x11-plugins/noscript) --></dt>
-<dd><!-- #description(x11-plugins/noscript) --></dd>
+<dt><a href="<!-- #homepage(x11-plugins/torbutton) -->">Torbutton</a> <!-- #version(x11-plugins/torbutton) --></dt>
+<dd><!-- #description(x11-plugins/torbutton) --></dd>
 
-<dt><a href="<!-- #homepage(x11-plugins/cookiesafe) -->">CookieSafe</a> <!-- #version(x11-plugins/cookiesafe) --></dt>
-<dd><!-- #description(x11-plugins/cookiesafe) --></dd>
-
 <dt><a href="<!-- #homepage(net-irc/xchat) -->">XChat</a> <!-- #version(net-irc/xchat) --></dt>
 <dd><!-- #description(net-irc/xchat) --></dd>
 
@@ -324,6 +321,7 @@
 <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/thunderbird-config">/var/lib/thunderbird-config</a> (copied to /home/gentoo/.thunderbird during build)</li>
 </ul>
 
+<a name="dns">
 <h3>DNS</h3>
 <p>
 DNS leaks are controlled by using a local caching server. Two software packages are used to effect this. dns-proxy-tor listens for DNS requests and forwards to Tor for the resolution. pdnsd is used to provide caching.  pdnsd is the server configured in /etc/resolv.conf, listening on localhost. It is configured to forward to dns-proxy-tor for the actual resoluton. There is a security concerns that some application could attempt to do its own DNS resolution without consulting /etc/resolv.conf. UDP packets are blocked to prevent leaks. Another solution may be to use the Linux network filter to forward to the local DNS server.
@@ -373,7 +371,7 @@
 
 <h3>Mozilla Firefox</h3>
 <p>
-HTTP and SOCKS proxies are configured. SOCKS is configured to perform name resolution through the proxy. I started Firefox without a config, exited, and then copied the configuration directory to the CD build root. The NoScript extension has been installed.
+HTTP and SOCKS proxies are configured. SOCKS is configured to perform name resolution through the proxy. I started Firefox without a config, exited, and then copied the configuration directory to the CD build root. The Torbutton extension is installed for easy switching between direct network access (see: <a href="#bypass">Tor Bypass Proxy</a>) and Tor usage.
 </p>
 
 <ul>
@@ -419,7 +417,24 @@
 <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/iptables/rules-save">/var/lib/iptables/rules-save</a> (loaded by the standard Gentoo /etc/init.d/iptables service)</li>
 </ul>
 
+<a name="bypass">
+<h3>Tor Bypass Proxy</h3>
+<p>
+Unfortunately we sometimes need direct access to the network, for example when the ISP requires a login for Internet access. For these occasions there is a SOCKS proxy available that bypasses Tor and have a direct network connection. This proxy does not use the system wide name servers settings in resolv.conf (i.e. the <a href="#dns">local dns solution</a>) but the name servers obtained through DHCP. There is a fair amount of scripting which tries to do this for all combinations of dhcpcd, dhclient and NetworkManager. Torbutton is configured to easily switch between direct network access and Tor. Currently this is very dangerous as users might forget to re-enable Torbutton after and ISP login (or similar), but hopefully we will get an option to enable annoying popups when entering new sites while haveing Torbutton disabled (see: <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/TODO">TODO</a>).
+</p>
 
+<ul>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/tor-bypass-proxy.cfg">/etc/tor-bypass-proxy.cfg</a></li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/iptables/rules-save">/var/lib/iptables/rules-save</a> (notice rules for the "torbypass" user)</li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/sbin/update-bypass-dns.sh">/usr/sbin/update-bypass-dns.sh</a></li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/dhcpcd.sh">/etc/dhcpcd.sh</a></li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/dhcp/dhclient.conf">/etc/dhcp/dhclient.conf</a></li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/dhcp/dhclient-enter-hooks">/etc/dhcpdhclient-enter-hooks/</a></li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/dhcp/dhclient-exit-hooks">/etc/dhcp/dhclient-exit-hooks</a></li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/NetworkManager/dispatcher.d/01-update-bypass-dns.sh">/etc/NetworkManager/dispatcher.d/01-update-bypass-dns.sh</a></li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/NetworkManager/dispatcher.d/99-make-resolv-conf.sh">/etc/NetworkManager/dispatcher.d/99-make-resolv-conf.sh</a></li>
+</ul>
+
 <h3>Host system RAM</h3>
 <p>
 When shutting down the system RAM is securely wiped. RAM can actually be read after the machine shuts off with the right equipment. The software doing this is smem, part of the <a href="http://www.thc.org/">secure-delete</a> package. This process can take a while. If you are booting from a CD it should eject. If you are booting from a USB drive you can remove the drive. /etc/init.d/halt.sh has been modified to call smem. The best thing to do when leaving a computer is to properly shutdown and wait until you see the message that the memory is being cleared. For the tiny CD right click on the desktop and select "Exit". For the full CD do the same for fluxbox, for KDE click the logout button and turn off the computer.

Modified: incognito/branches/torbutton/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default User/prefs.js
===================================================================
--- incognito/branches/torbutton/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default User/prefs.js	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default User/prefs.js	2007-11-19 19:53:08 UTC (rev 12542)
@@ -24,24 +24,6 @@
 user_pref("extensions.lastAppVersion", "2.0.0.9");
 user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.9");
 
-/* NoScript: prevent update page, notifications and auto-refresh */
-user_pref("noscript.temp", "");
-user_pref("noscript.version", "1.1.7.2");
-user_pref("noscript.notify", false);
-user_pref("noscript.autoReload", false);
-
-/* NoScript: no default white list, block all plugins */
-user_pref("capability.policy.maonoscript.javascript.enabled", "allAccess");
-user_pref("capability.policy.maonoscript.sites", "about:blank about:config about:credits about:neterror about:plugins chrome: resource:");
-user_pref("noscript.filterXExceptions", "");
-user_pref("noscript.forbidBookmarklets", true);
-user_pref("noscript.forbidFlash", true);
-user_pref("noscript.forbidPlugins", true);
-
-/* CookieSafe: reject all cookies per default, clear cookies on shutdown */
-user_pref("network.cookie.cookieBehavior", 2);
-user_pref("cookiesafe.clearCookies", true);
-
 /* AdBlock Plus */
 user_pref("extensions.adblockplus.checkedadblockinstalled", true);
 user_pref("extensions.adblockplus.checkedtoolbar", true);
@@ -57,6 +39,43 @@
 user_pref("extensions.firegpg.gpg_version", "0.4.4");
 user_pref("extensions.firegpg.no_updates", true);
 
+/* Torbutton: proxy settings when enabled. */
+user_pref("extensions.torbutton.settings_method", "custom");
+user_pref("extensions.torbutton.custom.http_port", 3128);
+user_pref("extensions.torbutton.custom.http_proxy", "127.0.0.1");
+user_pref("extensions.torbutton.custom.https_port", 3128);
+user_pref("extensions.torbutton.custom.https_proxy", "127.0.0.1");
+user_pref("extensions.torbutton.custom.socks_host", "127.0.0.1");
+user_pref("extensions.torbutton.custom.socks_port", 9050);
+user_pref("extensions.torbutton.http_port", 3128);
+user_pref("extensions.torbutton.http_proxy", "127.0.0.1");
+user_pref("extensions.torbutton.https_port", 3128);
+user_pref("extensions.torbutton.https_proxy", "127.0.0.1");
+user_pref("extensions.torbutton.socks_host", "127.0.0.1");
+user_pref("extensions.torbutton.socks_port", 9050);
+
+/* Torbutton: proxy settings when disabled. */
+user_pref("extensions.torbutton.saved.share_proxy_settings", false);
+user_pref("extensions.torbutton.saved.socks_host", "127.0.0.1");
+user_pref("extensions.torbutton.saved.socks_port", 1234);
+user_pref("extensions.torbutton.saved.socks_remote_dns", true);
+user_pref("extensions.torbutton.saved.socks_version", 5);
+user_pref("extensions.torbutton.saved.type", 1);
+
+/* Torbutton: set state to enabled initially. */
+user_pref("extensions.torbutton.tor_enabled", true);
+
+/* Firefox: set proxies to "enable Torbutton" initially. */
+user_pref("network.proxy.type", 1);
+user_pref("network.proxy.http", "127.0.0.1");
+user_pref("network.proxy.http_port", 3128);
+user_pref("network.proxy.ssl", "127.0.0.1");
+user_pref("network.proxy.ssl_port", 3128);
+user_pref("network.proxy.socks", "127.0.0.1");
+user_pref("network.proxy.socks_port", 9050);
+user_pref("network.proxy.socks_version", 5);
+user_pref("network.proxy.socks_remote_dns", true);
+
 /* Firefox: disable extension updates. */
 user_pref("extensions.update.enabled", false);
 user_pref("extensions.update.notifyUser", false);
@@ -68,14 +87,3 @@
 user_pref("network.http.pipelining", true);
 user_pref("network.http.pipelining.maxrequests", 8);
 user_pref("network.http.proxy.pipelining", true);
-
-/* Firefox: HTTP/SOCKS proxies. */
-user_pref("network.proxy.http", "127.0.0.1");
-user_pref("network.proxy.http_port", 3128);
-user_pref("network.proxy.socks", "127.0.0.1");
-user_pref("network.proxy.socks_port", 9050);
-user_pref("network.proxy.socks_remote_dns", true);
-user_pref("network.proxy.ssl", "127.0.0.1");
-user_pref("network.proxy.ssl_port", 3128);
-user_pref("network.proxy.type", 1);
-

Modified: incognito/branches/torbutton/root_overlay/var/lib/iptables/rules-save
===================================================================
--- incognito/branches/torbutton/root_overlay/var/lib/iptables/rules-save	2007-11-19 19:15:21 UTC (rev 12541)
+++ incognito/branches/torbutton/root_overlay/var/lib/iptables/rules-save	2007-11-19 19:53:08 UTC (rev 12542)
@@ -16,6 +16,10 @@
 # Tor is allowed to do anything it wants to
 [587:35220] -A OUTPUT -m owner --uid-owner tor -j ACCEPT 
 
+# We also have a socks proxy (3proxy) that can to anything it wants to
+# which effectively makes it possible to bypass tor 
+[587:35220] -A OUTPUT -m owner --uid-owner torbypass -j ACCEPT 
+
 # Reject remaining TCP traffic, which should have been redirected to Tor (see below)
 [0:0] -A OUTPUT -p tcp -j REJECT --reject-with icmp-port-unreachable 
 
@@ -31,9 +35,10 @@
 :POSTROUTING ACCEPT [13134711:761547407]
 :OUTPUT ACCEPT [13096834:759280116]
 
-# Tor and polipo are allowed to do anything they want to
+# Tor, polipo and torbypass (3proxy) are allowed to do anything they want to
 [787:47220] -A OUTPUT -m owner --uid-owner tor -j RETURN 
 [787:47220] -A OUTPUT -m owner --uid-owner polipo -j RETURN 
+[787:47220] -A OUTPUT -m owner --uid-owner torbypass -j RETURN 
 
 # Local networks should not go through Tor
 [0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j RETURN 

