[tor-commits] [sandboxed-tor-browser/master] Bug #20791: Fetch install/update metadata from the `.onion`s.

yawning at torproject.org yawning at torproject.org
Mon Dec 19 21:03:16 UTC 2016 

commit 684132c821645328c9851f661e06ca695a27f73f
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Sat Dec 10 19:26:54 2016 +0000

    Bug #20791: Fetch install/update metadata from the `.onion`s.
    
    This only happens if a tor daemon is available, either via a system tor,
    or one that was launched.  The bulk downloads are still done over
    clearnet because it honors the URLs provided by said metadata.
---
 ChangeLog                                            |  1 +
 data/installer/urls.json                             | 10 ++++++++++
 .../internal/installer/metadata.go                   | 20 +++++++++++++++-----
 src/cmd/sandboxed-tor-browser/internal/ui/install.go | 16 ++++++++++------
 4 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 956608f..9128892 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,5 @@
 Changes in version 0.0.3 - UNRELEASED:
+ * Bug 20791: Fetch install/update metadata using onions.
  * Bug 20979: runtime/cgo: pthread_create failed: Resource temporarily
    unavailable.
  * Bug 20993: Handle the lock file better.
diff --git a/data/installer/urls.json b/data/installer/urls.json
index 596ad6e..079b59d 100644
--- a/data/installer/urls.json
+++ b/data/installer/urls.json
@@ -4,9 +4,19 @@
     "alpha": "https://aus1.torproject.org/torbrowser/update_2/alpha/downloads.json" ,
     "hardened": "https://aus1.torproject.org/torbrowser/update_2/hardened/downloads.json"
   },
+  "downloadsOnions": {
+    "release": "http://rqef5a5mebgq46y5.onion/torbrowser/update_2/release/downloads.json",
+    "alpha": "http://x3nelbld33llasqv.onion/torbrowser/update_2/alpha/downloads.json",
+    "hardened": "http://x3nelbld33llasqv.onion/torbrowser/update_2/hardened/downloads.json"
+  },
   "updateURLs": {
     "release": "https://dist.torproject.org/torbrowser/update_2/release",
     "alpha": "https://aus1.torproject.org/torbrowser/update_2/alpha",
     "hardened": "https://aus1.torproject.org/torbrowser/update_2/hardened"
+  },
+  "updateOnions": {
+    "release": "http://rqef5a5mebgq46y5.onion/torbrowser/update_2/release",
+    "alpha": "http://x3nelbld33llasqv.onion/torbrowser/update_2/alpha",
+    "hardened": "http://x3nelbld33llasqv.onion/torbrowser/update_2/hardened"
   }
 }
diff --git a/src/cmd/sandboxed-tor-browser/internal/installer/metadata.go b/src/cmd/sandboxed-tor-browser/internal/installer/metadata.go
index 4e63dc1..2778dbf 100644
--- a/src/cmd/sandboxed-tor-browser/internal/installer/metadata.go
+++ b/src/cmd/sandboxed-tor-browser/internal/installer/metadata.go
@@ -28,8 +28,10 @@ import (
 )
 
 type installURLs struct {
-	DownloadsURLs map[string]string
-	UpdateURLs    map[string]string
+	DownloadsURLs   map[string]string
+	DownloadsOnions map[string]string
+	UpdateURLs      map[string]string
+	UpdateOnions    map[string]string
 }
 
 var urls *installURLs
@@ -51,7 +53,10 @@ type DownloadsEntry struct {
 }
 
 // DownloadsURL returns the `downloads.json` URL for the configured channel.
-func DownloadsURL(cfg *config.Config) string {
+func DownloadsURL(cfg *config.Config, useOnion bool) string {
+	if useOnion {
+		return urls.DownloadsOnions[cfg.Channel]
+	}
 	return urls.DownloadsURLs[cfg.Channel]
 }
 
@@ -99,7 +104,12 @@ type Patch struct {
 }
 
 // UpdateURL returns the update check URL for the installed bundle.
-func UpdateURL(manif *config.Manifest) (string, error) {
+func UpdateURL(manif *config.Manifest, useOnion bool) (string, error) {
+	base := urls.UpdateURLs[manif.Channel]
+	if useOnion {
+		base = urls.UpdateOnions[manif.Channel]
+	}
+
 	arch := ""
 	switch manif.Architecture {
 	case "linux64":
@@ -109,7 +119,7 @@ func UpdateURL(manif *config.Manifest) (string, error) {
 	default:
 		return "", fmt.Errorf("unsupported architecture for update: %v", manif.Architecture)
 	}
-	return fmt.Sprintf("%s/%s/%s/%s", urls.UpdateURLs[manif.Channel], arch, manif.Version, manif.Locale), nil
+	return fmt.Sprintf("%s/%s/%s/%s", base, arch, manif.Version, manif.Locale), nil
 }
 
 // GetUpdateEntry parses the xml file and returns the UpdateEntry if any.
diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/install.go b/src/cmd/sandboxed-tor-browser/internal/ui/install.go
index 2ab7464..0c9e80e 100644
--- a/src/cmd/sandboxed-tor-browser/internal/ui/install.go
+++ b/src/cmd/sandboxed-tor-browser/internal/ui/install.go
@@ -79,13 +79,16 @@ func (c *Common) DoInstall(async *Async) {
 
 	var version string
 	var downloads *installer.DownloadsEntry
-	if url := installer.DownloadsURL(c.Cfg); url == "" {
+	if url := installer.DownloadsURL(c.Cfg, (c.tor != nil)); url == "" {
 		async.Err = fmt.Errorf("unable to find downloads URL")
 		return
-	} else if b := async.Grab(client, url, nil); async.Err != nil {
-		return
-	} else if version, downloads, async.Err = installer.GetDownloadsEntry(c.Cfg, b); async.Err != nil {
-		return
+	} else {
+		log.Printf("install: Metadata URL: %v", url)
+		if b := async.Grab(client, url, nil); async.Err != nil {
+			return
+		} else if version, downloads, async.Err = installer.GetDownloadsEntry(c.Cfg, b); async.Err != nil {
+			return
+		}
 	}
 	checkAt := time.Now().Unix()
 
@@ -183,8 +186,9 @@ func (c *Common) doUpdate(async *Async, dialFn dialFunc) {
 	client := newHPKPGrabClient(dialFn)
 
 	// Check the version, by downloading the XML file.
+	// XXX: Fall back to https over clearnet if the onion fails.
 	var update *installer.UpdateEntry
-	if url, err := installer.UpdateURL(c.Manif); err != nil {
+	if url, err := installer.UpdateURL(c.Manif, true); err != nil {
 		async.Err = err
 		return
 	} else {

More information about the tor-commits mailing list