diff options
Diffstat (limited to 'share')
-rwxr-xr-x | share/trashman/brave-browser/unix/linux/debian/install | 2 | ||||
-rwxr-xr-x | share/trashman/docker/unix/linux/debian/install | 2 | ||||
-rwxr-xr-x | share/trashman/php7/unix/linux/debian/install | 2 | ||||
-rwxr-xr-x | share/trashman/signal-desktop/unix/linux/debian/install | 2 | ||||
-rwxr-xr-x | share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables | 14 | ||||
-rw-r--r-- | share/trashman/tor-transproxy/unix/linux/debian/files/tbb/user.js | 2 | ||||
-rwxr-xr-x | share/trashman/tor-transproxy/unix/linux/debian/install | 26 | ||||
-rw-r--r-- | share/trashman/tor/unix/linux/debian/files/usr/share/keyrings/deb.torproject.org-keyring.gpg (renamed from share/trashman/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg) | bin | 37730 -> 38678 bytes | |||
-rwxr-xr-x | share/trashman/tor/unix/linux/debian/install | 30 |
9 files changed, 51 insertions, 29 deletions
diff --git a/share/trashman/brave-browser/unix/linux/debian/install b/share/trashman/brave-browser/unix/linux/debian/install index c9fc290..2b9d2f9 100755 --- a/share/trashman/brave-browser/unix/linux/debian/install +++ b/share/trashman/brave-browser/unix/linux/debian/install @@ -6,7 +6,7 @@ # Parameters SHARE="$1" LIB="$2" -REQUIREMENTS="curl apt-transport-https" +REQUIREMENTS="curl" # Include basic functions . $LIB/trashman/functions || exit 1 diff --git a/share/trashman/docker/unix/linux/debian/install b/share/trashman/docker/unix/linux/debian/install index c82e136..94242a4 100755 --- a/share/trashman/docker/unix/linux/debian/install +++ b/share/trashman/docker/unix/linux/debian/install @@ -16,7 +16,7 @@ ARCH="`trashman_debian_arch`" RELEASE="`trashman_distro_release`" # Install requirements -apt-get update && trashman_apt_install curl apt-transport-https +apt-get update && trashman_apt_install curl # Install pubkey #trashman_install_apt_key $SHARE/docker/unix/linux/$DISTRO/pubkey.gpg docker.gpg diff --git a/share/trashman/php7/unix/linux/debian/install b/share/trashman/php7/unix/linux/debian/install index 489d38c..7d4168a 100755 --- a/share/trashman/php7/unix/linux/debian/install +++ b/share/trashman/php7/unix/linux/debian/install @@ -11,7 +11,7 @@ VERSION="7.3" . $SHARE/trashman/functions || exit 1 # Requirements -trashman_require wget lsb-release apt-transport-https ca-certificates +trashman_require wget lsb-release ca-certificates # Install #wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg diff --git a/share/trashman/signal-desktop/unix/linux/debian/install b/share/trashman/signal-desktop/unix/linux/debian/install index aa291f6..29744e9 100755 --- a/share/trashman/signal-desktop/unix/linux/debian/install +++ b/share/trashman/signal-desktop/unix/linux/debian/install @@ -11,7 +11,7 @@ SHARE="$1" . $SHARE/trashman/debian || exit 1 # Install requirements -trashman_apt_install curl apt-transport-https +trashman_apt_install curl # Setup Signal repository #curl -s https://updates.signal.org/desktop/apt/keys.asc | apt-key add - diff --git a/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables b/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables index 2cc227b..e007337 100755 --- a/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables +++ b/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables @@ -26,16 +26,16 @@ $IPTABLES -F OUTPUT || exit $IPTABLES -t nat -F || exit # Transproxy rules for Tor -$IPTABLES -t nat -A OUTPUT ! -d 127.0.0.1 -m owner ! --uid-owner $TOR_UID -p tcp -j REDIRECT --to-ports 9040 || exit +$IPTABLES -t nat -A OUTPUT ! -d 127.0.0.1 -m owner ! --uid-owner $TOR_UID -p tcp -j REDIRECT --to-ports 9040 || exit $IPTABLES -t nat -A OUTPUT -p udp -m owner ! --uid-owner $TOR_UID -m udp --dport 53 -j REDIRECT --to-ports 5353 || exit # Allow Tor, _apt, root and the network user -$IPTABLES -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT || exit -$IPTABLES -A OUTPUT -m owner --uid-owner $NETWORK_USER_ID -j ACCEPT || exit -$IPTABLES -A OUTPUT -m owner --uid-owner root -j ACCEPT || exit -$IPTABLES -A OUTPUT -m owner --uid-owner _apt -j ACCEPT || exit -$IPTABLES -A INPUT -j LOG --log-prefix "OUTPUT DROPPED: " --log-uid || exit -$IPTABLES -A OUTPUT -j DROP || exit +$IPTABLES -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT || exit +$IPTABLES -A OUTPUT -m owner --uid-owner $NETWORK_USER_ID -j ACCEPT || exit +$IPTABLES -A OUTPUT -m owner --uid-owner root -j ACCEPT || exit +$IPTABLES -A OUTPUT -m owner --uid-owner _apt -j ACCEPT || exit +$IPTABLES -A INPUT -j LOG --log-prefix "OUTPUT DROPPED: " --log-uid || exit +$IPTABLES -A OUTPUT ! -d 127.0.0.1 -j DROP || exit # Allow SSH $IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT || exit diff --git a/share/trashman/tor-transproxy/unix/linux/debian/files/tbb/user.js b/share/trashman/tor-transproxy/unix/linux/debian/files/tbb/user.js index f8d9c0d..027e908 100644 --- a/share/trashman/tor-transproxy/unix/linux/debian/files/tbb/user.js +++ b/share/trashman/tor-transproxy/unix/linux/debian/files/tbb/user.js @@ -1,7 +1,7 @@ // Preferences for system-installed Tor Browser // Needs either // -// * Setting TOR_CONTROL_PASSWORD at ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser +// * Setting TOR_CONTROL_PASSWORD at $TOR_BROWSER_PATH/start-tor-browser // * Passing TOR_CONTROL_PASSWORD to start-tor-browser via the command line // // See https://trac.torproject.org/projects/tor/wiki/TorBrowserBundleSAQ diff --git a/share/trashman/tor-transproxy/unix/linux/debian/install b/share/trashman/tor-transproxy/unix/linux/debian/install index 9508091..0a4b377 100755 --- a/share/trashman/tor-transproxy/unix/linux/debian/install +++ b/share/trashman/tor-transproxy/unix/linux/debian/install @@ -6,6 +6,9 @@ # Parameters SHARE="$1" +# Additional parameters +ARCH="`uname -m`" + # Include basic functions . $SHARE/trashman/functions || exit 1 . $SHARE/trashman/debian || exit 1 @@ -25,11 +28,11 @@ echo "nameserver 127.0.0.1" | tee /etc/resolv.conf > /dev/null # Ensure only the local DNS resolver is used (Tor) # Some systems need this additional configuration so the DNS returned by the # DHCP server is NOT used -#cat <<EOF | sudo tee /etc/network/interfaces.d/ens3 > /dev/null -#allow-hotplug ens3 -#iface ens3 inet dhcp -# post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf -#EOF +cat <<EOF | sudo tee /etc/network/interfaces.d/ens3 > /dev/null +allow-hotplug ens3 +iface ens3 inet dhcp + post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf +EOF # Tor config cp $SHARE/tor-transproxy/unix/linux/debian/files/etc/tor/torrc /etc/tor/torrc @@ -38,11 +41,18 @@ service tor restart # Tor Browser config to use the system-installed tor daemon # Use this to configure your regular user account # See https://trac.torproject.org/projects/tor/wiki/TorBrowserBundleSAQ -#if [ -e "$HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser" ]; then +# +# Tor Browser path depends on wheter it's installed using hoarder or using +# torbrowser-launcher from https://github.com/micahflee/torbrowser-launcher +# (also at https://tracker.debian.org/torbrowser-launcher). +# +#TOR_BROWSER_PATH="$HOME/.local/share/torbrowser/tbb/$ARCH/tor-browser_en-US/Browser" +#TOR_BROWSER_PATH="$HOME/.local/share/tor-browser/$ARCH/latest/Browser" +#if [ -e "$TOR_BROWSER_PATH" ]; then # # Force about:config preferences -# cp $SHARE/tor-transproxy/unix/linux/debian/files/tbb/user.js $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default/user.js +# cp $SHARE/tor-transproxy/unix/linux/debian/files/tbb/user.js $TOR_BROWSER_PATH/TorBrowser/Data/Browser/profile.default/user.js # # # Hard code control port password into the start-tor-browser script # sed -i -e "s/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"secret\"'/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"\"'}/" \ -# $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser +# $TOR_BROWSER_PATH/start-tor-browser #fi diff --git a/share/trashman/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg b/share/trashman/tor/unix/linux/debian/files/usr/share/keyrings/deb.torproject.org-keyring.gpg Binary files differindex 7614b20..738ef5d 100644 --- a/share/trashman/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg +++ b/share/trashman/tor/unix/linux/debian/files/usr/share/keyrings/deb.torproject.org-keyring.gpg diff --git a/share/trashman/tor/unix/linux/debian/install b/share/trashman/tor/unix/linux/debian/install index 6676c8d..597551c 100755 --- a/share/trashman/tor/unix/linux/debian/install +++ b/share/trashman/tor/unix/linux/debian/install @@ -6,7 +6,8 @@ # Parameters SHARE="$1" LIB="$2" -REQUIREMENTS="apt-transport-https wget gnupg" +REQUIREMENTS="wget gnupg" +KEYRING="/usr/share/keyrings/deb.torproject.org-keyring.gpg" # Include basic functions . $LIB/trashman/functions || exit 1 @@ -19,16 +20,27 @@ trashman_apt_install $REQUIREMENTS DISTRIBUTION="`trashman_debian_major_version_name`" cat <<-EOF > /etc/apt/sources.list.d/tor.list - deb [signed-by=/etc/apt/trusted.gpg.d/torproject.org.gpg] https://deb.torproject.org/torproject.org $DISTRIBUTION main - deb-src [signed-by=/etc/apt/trusted.gpg.d/torproject.org.gpg] https://deb.torproject.org/torproject.org $DISTRIBUTION main +deb [signed-by=${KEYRING}] https://deb.torproject.org/torproject.org $DISTRIBUTION main +deb-src [signed-by=${KEYRING}] https://deb.torproject.org/torproject.org $DISTRIBUTION main EOF -# Remove key from old location +# Remove key from old locations rm -f /usr/share/keyrings/tor-archive-keyring.gpg - -#wget -O- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null -cp $SHARE/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg /etc/apt/trusted.gpg.d/ - -apt update && apt install -y tor deb.torproject.org-keyring +rm -f /etc/apt/trusted.gpg.d/torproject.org.gpg + +# Install keyring only if it does not already exists +# Details at https://support.torproject.org/apt/tor-deb-repo/ +#wget -O- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | \ +# gpg --dearmor | tee /usr/share/keyrings/deb.torproject.org-keyring.gpg > /dev/null +if [ ! -e "${KEYRING}" ]; then + cp $SHARE/tor/unix/linux/debian/files/${KEYRING} ${KEYRING} +fi + +# Now that we have the config and the keyring, leave it to be managed by +# deb.torproject.org-keyring package. +# +# Do an upgrade first to make sure we have the latest keyring package +# installed if that's not the first time this script is running. +apt update && apt upgrade -y && apt install -y tor deb.torproject.org-keyring #rm -rf /var/lib/apt/lists/* |