aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2020-01-23 16:33:56 -0300
committerSilvio Rhatto <rhatto@riseup.net>2020-01-23 16:33:56 -0300
commitc1eff16d2396bffc184a3a9b313cace731306215 (patch)
treef37357efa0b329424b6deac08b51c5f845aff008
parent480055af9dc335fb1b290b8ffb3a3548f879f3f5 (diff)
downloadkvmx-c1eff16d2396bffc184a3a9b313cace731306215.tar.gz
kvmx-c1eff16d2396bffc184a3a9b313cace731306215.tar.bz2
Feat: provision: tor-transproxy: Tor Browser support
-rw-r--r--share/provision/files/tor-transproxy/etc/tor/torrc4
-rw-r--r--share/provision/files/tor-transproxy/tbb/user.js20
-rwxr-xr-xshare/provision/tor-transproxy11
3 files changed, 35 insertions, 0 deletions
diff --git a/share/provision/files/tor-transproxy/etc/tor/torrc b/share/provision/files/tor-transproxy/etc/tor/torrc
index 9e17ea9..2b7369f 100644
--- a/share/provision/files/tor-transproxy/etc/tor/torrc
+++ b/share/provision/files/tor-transproxy/etc/tor/torrc
@@ -177,3 +177,7 @@ WarnPlaintextPorts 23,109
## but we have some code that reads Tor's logs and only supports plaintext
## log files at the moment, so let's keep logging to a file.
Log notice file /var/log/tor/log
+
+# WARNING: Hashed empty password, useful for a box with only a single user running Tor Browser
+# using the system-installed tor daemon and with sane firewall rules set.
+HashedControlPassword 16:756491A440833A1B609F2CCC095BFD2769A1634B4BEC4214BAA9E20629
diff --git a/share/provision/files/tor-transproxy/tbb/user.js b/share/provision/files/tor-transproxy/tbb/user.js
new file mode 100644
index 0000000..f8d9c0d
--- /dev/null
+++ b/share/provision/files/tor-transproxy/tbb/user.js
@@ -0,0 +1,20 @@
+// Preferences for system-installed Tor Browser
+// Needs either
+//
+// * Setting TOR_CONTROL_PASSWORD at ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser
+// * Passing TOR_CONTROL_PASSWORD to start-tor-browser via the command line
+//
+// See https://trac.torproject.org/projects/tor/wiki/TorBrowserBundleSAQ
+//
+user_pref("network.security.ports.banned", "9050,9052");
+user_pref("network.proxy.socks", "127.0.0.1");
+user_pref("network.proxy.socks_port", 9050);
+user_pref("extensions.torbutton.inserted_button", true);
+user_pref("extensions.torbutton.launch_warning", false);
+user_pref("extensions.torbutton.loglevel", 2);
+user_pref("extensions.torbutton.logmethod", 0);
+user_pref("extensions.torlauncher.control_port", 9052);
+user_pref("extensions.torlauncher.loglevel", 2);
+user_pref("extensions.torlauncher.logmethod", 0);
+user_pref("extensions.torlauncher.prompt_at_startup",false);
+user_pref("extensions.torlauncher.start_tor", false);
diff --git a/share/provision/tor-transproxy b/share/provision/tor-transproxy
index e80a382..58b496a 100755
--- a/share/provision/tor-transproxy
+++ b/share/provision/tor-transproxy
@@ -39,3 +39,14 @@ echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf > /dev/null
# Tor config
sudo cp $DIRNAME/files/tor-transproxy/etc/tor/torrc /etc/tor/torrc
sudo service tor restart
+
+# Tor Browser config to use the system-installed tor daemon
+# See https://trac.torproject.org/projects/tor/wiki/TorBrowserBundleSAQ
+if [ -e "$HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser" ]; then
+ # Force about:config preferences
+ sudo cp $DIRNAME/files/tor-transproxy/tbb/user.js $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default/user.js
+
+ # Hard code control port password into the start-tor-browser script
+ sed -i -e "s/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"secret\"'/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"\"'}/" \
+ $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser
+fi