9 files changed, 51 insertions, 29 deletions

diff --git a/share/trashman/brave-browser/unix/linux/debian/install b/share/trashman/brave-browser/unix/linux/debian/install
index c9fc290..2b9d2f9 100755
--- a/share/trashman/brave-browser/unix/linux/debian/install
+++ b/share/trashman/brave-browser/unix/linux/debian/install
@@ -6,7 +6,7 @@
 # Parameters
 SHARE="$1"
 LIB="$2"
-REQUIREMENTS="curl apt-transport-https"
+REQUIREMENTS="curl"
 
 # Include basic functions
 . $LIB/trashman/functions || exit 1
diff --git a/share/trashman/docker/unix/linux/debian/install b/share/trashman/docker/unix/linux/debian/install
index c82e136..94242a4 100755
--- a/share/trashman/docker/unix/linux/debian/install
+++ b/share/trashman/docker/unix/linux/debian/install
@@ -16,7 +16,7 @@ ARCH="`trashman_debian_arch`"
 RELEASE="`trashman_distro_release`"
 
 # Install requirements
-apt-get update && trashman_apt_install curl apt-transport-https
+apt-get update && trashman_apt_install curl
 
 # Install pubkey
 #trashman_install_apt_key $SHARE/docker/unix/linux/$DISTRO/pubkey.gpg docker.gpg
diff --git a/share/trashman/php7/unix/linux/debian/install b/share/trashman/php7/unix/linux/debian/install
index 489d38c..7d4168a 100755
--- a/share/trashman/php7/unix/linux/debian/install
+++ b/share/trashman/php7/unix/linux/debian/install
@@ -11,7 +11,7 @@ VERSION="7.3"
 . $SHARE/trashman/functions || exit 1
 
 # Requirements
-trashman_require wget lsb-release apt-transport-https ca-certificates
+trashman_require wget lsb-release ca-certificates
 
 # Install
 #wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
diff --git a/share/trashman/signal-desktop/unix/linux/debian/install b/share/trashman/signal-desktop/unix/linux/debian/install
index aa291f6..29744e9 100755
--- a/share/trashman/signal-desktop/unix/linux/debian/install
+++ b/share/trashman/signal-desktop/unix/linux/debian/install
@@ -11,7 +11,7 @@ SHARE="$1"
 . $SHARE/trashman/debian    || exit 1
 
 # Install requirements
-trashman_apt_install curl apt-transport-https
+trashman_apt_install curl
 
 # Setup Signal repository
 #curl -s https://updates.signal.org/desktop/apt/keys.asc | apt-key add -
diff --git a/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables b/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables
index 2cc227b..e007337 100755
--- a/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables
+++ b/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables
@@ -26,16 +26,16 @@ $IPTABLES -F OUTPUT || exit
 $IPTABLES -t nat -F || exit
 
 # Transproxy rules for Tor
-$IPTABLES -t nat -A OUTPUT ! -d 127.0.0.1 -m owner ! --uid-owner $TOR_UID -p tcp -j REDIRECT --to-ports 9040    || exit
+$IPTABLES -t nat -A OUTPUT ! -d 127.0.0.1 -m owner ! --uid-owner $TOR_UID -p tcp    -j REDIRECT --to-ports 9040 || exit
 $IPTABLES -t nat -A OUTPUT -p udp -m owner ! --uid-owner $TOR_UID -m udp --dport 53 -j REDIRECT --to-ports 5353 || exit
 
 # Allow Tor, _apt, root and the network user
-$IPTABLES -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT         || exit
-$IPTABLES -A OUTPUT -m owner --uid-owner $NETWORK_USER_ID -j ACCEPT || exit
-$IPTABLES -A OUTPUT -m owner --uid-owner root -j ACCEPT             || exit
-$IPTABLES -A OUTPUT -m owner --uid-owner _apt -j ACCEPT             || exit
-$IPTABLES -A INPUT -j LOG --log-prefix "OUTPUT DROPPED: " --log-uid || exit
-$IPTABLES -A OUTPUT -j DROP                                         || exit
+$IPTABLES -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT          || exit
+$IPTABLES -A OUTPUT -m owner --uid-owner $NETWORK_USER_ID -j ACCEPT  || exit
+$IPTABLES -A OUTPUT -m owner --uid-owner root -j ACCEPT              || exit
+$IPTABLES -A OUTPUT -m owner --uid-owner _apt -j ACCEPT              || exit
+$IPTABLES -A INPUT  -j LOG --log-prefix "OUTPUT DROPPED: " --log-uid || exit
+$IPTABLES -A OUTPUT ! -d 127.0.0.1 -j DROP                           || exit
 
 # Allow SSH
 $IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT || exit
diff --git a/share/trashman/tor-transproxy/unix/linux/debian/files/tbb/user.js b/share/trashman/tor-transproxy/unix/linux/debian/files/tbb/user.js
index f8d9c0d..027e908 100644
--- a/share/trashman/tor-transproxy/unix/linux/debian/files/tbb/user.js
+++ b/share/trashman/tor-transproxy/unix/linux/debian/files/tbb/user.js
@@ -1,7 +1,7 @@
 // Preferences for system-installed Tor Browser
 // Needs either
 //
-//   * Setting TOR_CONTROL_PASSWORD at ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser
+//   * Setting TOR_CONTROL_PASSWORD at $TOR_BROWSER_PATH/start-tor-browser
 //   * Passing TOR_CONTROL_PASSWORD to start-tor-browser via the command line
 //
 // See https://trac.torproject.org/projects/tor/wiki/TorBrowserBundleSAQ
diff --git a/share/trashman/tor-transproxy/unix/linux/debian/install b/share/trashman/tor-transproxy/unix/linux/debian/install
index 9508091..0a4b377 100755
--- a/share/trashman/tor-transproxy/unix/linux/debian/install
+++ b/share/trashman/tor-transproxy/unix/linux/debian/install
@@ -6,6 +6,9 @@
 # Parameters
 SHARE="$1"
 
+# Additional parameters
+ARCH="`uname -m`"
+
 # Include basic functions
 . $SHARE/trashman/functions || exit 1
 . $SHARE/trashman/debian    || exit 1
@@ -25,11 +28,11 @@ echo "nameserver 127.0.0.1" | tee /etc/resolv.conf > /dev/null
 # Ensure only the local DNS resolver is used (Tor)
 # Some systems need this additional configuration so the DNS returned by the
 # DHCP server is NOT used
-#cat <<EOF | sudo tee /etc/network/interfaces.d/ens3 > /dev/null
-#allow-hotplug ens3
-#iface ens3 inet dhcp
-#  post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf
-#EOF
+cat <<EOF | sudo tee /etc/network/interfaces.d/ens3 > /dev/null
+allow-hotplug ens3
+iface ens3 inet dhcp
+  post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf
+EOF
 
 # Tor config
 cp $SHARE/tor-transproxy/unix/linux/debian/files/etc/tor/torrc /etc/tor/torrc
@@ -38,11 +41,18 @@ service tor restart
 # Tor Browser config to use the system-installed tor daemon
 # Use this to configure your regular user account
 # See https://trac.torproject.org/projects/tor/wiki/TorBrowserBundleSAQ
-#if [ -e "$HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser" ]; then
+#
+# Tor Browser path depends on wheter it's installed using hoarder or using
+# torbrowser-launcher from https://github.com/micahflee/torbrowser-launcher
+# (also at https://tracker.debian.org/torbrowser-launcher).
+#
+#TOR_BROWSER_PATH="$HOME/.local/share/torbrowser/tbb/$ARCH/tor-browser_en-US/Browser"
+#TOR_BROWSER_PATH="$HOME/.local/share/tor-browser/$ARCH/latest/Browser"
+#if [ -e "$TOR_BROWSER_PATH" ]; then
 #  # Force about:config preferences
-#  cp $SHARE/tor-transproxy/unix/linux/debian/files/tbb/user.js $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default/user.js
+#  cp $SHARE/tor-transproxy/unix/linux/debian/files/tbb/user.js $TOR_BROWSER_PATH/TorBrowser/Data/Browser/profile.default/user.js
 #
 #  # Hard code control port password into the start-tor-browser script
 #  sed -i -e "s/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"secret\"'/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"\"'}/" \
-#    $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser
+#    $TOR_BROWSER_PATH/start-tor-browser
 #fi
diff --git a/share/trashman/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg b/share/trashman/tor/unix/linux/debian/files/usr/share/keyrings/deb.torproject.org-keyring.gpg
index 7614b20..738ef5d 100644
--- a/share/trashman/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg
+++ b/share/trashman/tor/unix/linux/debian/files/usr/share/keyrings/deb.torproject.org-keyring.gpg
diff --git a/share/trashman/tor/unix/linux/debian/install b/share/trashman/tor/unix/linux/debian/install
index 6676c8d..597551c 100755
--- a/share/trashman/tor/unix/linux/debian/install
+++ b/share/trashman/tor/unix/linux/debian/install
@@ -6,7 +6,8 @@
 # Parameters
 SHARE="$1"
 LIB="$2"
-REQUIREMENTS="apt-transport-https wget gnupg"
+REQUIREMENTS="wget gnupg"
+KEYRING="/usr/share/keyrings/deb.torproject.org-keyring.gpg"
 
 # Include basic functions
 . $LIB/trashman/functions || exit 1
@@ -19,16 +20,27 @@ trashman_apt_install $REQUIREMENTS
 DISTRIBUTION="`trashman_debian_major_version_name`"
 
 cat <<-EOF > /etc/apt/sources.list.d/tor.list
-   deb     [signed-by=/etc/apt/trusted.gpg.d/torproject.org.gpg] https://deb.torproject.org/torproject.org $DISTRIBUTION main
-   deb-src [signed-by=/etc/apt/trusted.gpg.d/torproject.org.gpg] https://deb.torproject.org/torproject.org $DISTRIBUTION main
+deb     [signed-by=${KEYRING}] https://deb.torproject.org/torproject.org $DISTRIBUTION main
+deb-src [signed-by=${KEYRING}] https://deb.torproject.org/torproject.org $DISTRIBUTION main
 EOF
 
-# Remove key from old location
+# Remove key from old locations
 rm -f /usr/share/keyrings/tor-archive-keyring.gpg
-
-#wget -O- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
-cp $SHARE/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg /etc/apt/trusted.gpg.d/
-
-apt update && apt install -y tor deb.torproject.org-keyring
+rm -f /etc/apt/trusted.gpg.d/torproject.org.gpg
+
+# Install keyring only if it does not already exists
+# Details at https://support.torproject.org/apt/tor-deb-repo/
+#wget -O- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | \
+#  gpg --dearmor | tee /usr/share/keyrings/deb.torproject.org-keyring.gpg > /dev/null
+if [ ! -e "${KEYRING}" ]; then
+  cp $SHARE/tor/unix/linux/debian/files/${KEYRING} ${KEYRING}
+fi
+
+# Now that we have the config and the keyring, leave it to be managed by
+# deb.torproject.org-keyring package.
+#
+# Do an upgrade first to make sure we have the latest keyring package
+# installed if that's not the first time this script is running.
+apt update && apt upgrade -y && apt install -y tor deb.torproject.org-keyring
 
 #rm -rf /var/lib/apt/lists/*