[tor-commits] [torbirdy/master] Update Enigmail keyserver settings
sukhbir at torproject.org
sukhbir at torproject.org
Sun Apr 1 14:37:27 UTC 2018
commit 819842ba97d1c2358ced5c648b527162995b35e2
Author: Sukhbir Singh <sukhbir at torproject.org>
Date: Sun Apr 1 10:25:20 2018 -0400
Update Enigmail keyserver settings
Assume that a user has dirmngr running and configured with `use-tor' in
dirmngr.conf and set the relevant keyserver settings (similar to what
Tails has been doing); otherwise the keyserver lookup will fail-safe.
This should work for the daemon and Tor Browser since as per
gnupg/dirmngr/dns-stuff.c, it tries both 9050 and 9150. This is probably
better than the older setting because a) it actually works now, b) it
will still fail-safe in case Tor is not running.
---
chrome/content/preferences.js | 8 ++------
components/torbirdy.js | 4 ++--
2 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/chrome/content/preferences.js b/chrome/content/preferences.js
index 8acd6ba..2980857 100644
--- a/chrome/content/preferences.js
+++ b/chrome/content/preferences.js
@@ -42,14 +42,10 @@ if (!org.torbirdy.prefs) org.torbirdy.prefs = new function() {
opts += "--throw-keyids ";
}
if (! pub.prefs.getBoolPref("extensions.torbirdy.gpg_already_torified")) {
- var proxy = "socks5h://127.0.0.1:9150";
if (anonService === "jondo") {
- proxy = "http://127.0.0.1:4001";
+ let proxy = "http://127.0.0.1:4001";
+ opts += "--keyserver-options=no-try-dns-srv,http-proxy=" + proxy + " ";
}
- if (anonService === "custom") {
- proxy = "socks5h://" + pub.prefs.getCharPref("network.proxy.socks") + ":" + pub.prefs.getIntPref("network.proxy.socks_port");
- }
- opts += "--keyserver-options=no-try-dns-srv,http-proxy=" + proxy + " ";
}
return opts +
diff --git a/components/torbirdy.js b/components/torbirdy.js
index e8d2cd2..6c2be57 100644
--- a/components/torbirdy.js
+++ b/components/torbirdy.js
@@ -274,8 +274,8 @@ var TorBirdyPrefs = {
"--no-comments " +
// We want to force UTF-8 everywhere
"--display-charset utf-8 " +
- // We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell
- "--keyserver-options http-proxy=socks5h://127.0.0.1:9150 ",
+ // Set additional keyserver options
+ "--keyserver-options no-auto-key-retrieve ",
// The default key server should be a hidden service; use the Tor OnionBalance hidden service pool (https://sks-keyservers.net/overview-of-pools.php#pool_tor)
"extensions.enigmail.keyserver": "hkp://jirk5u4osbsr34t5.onion",
More information about the tor-commits
mailing list