Skip to content
Commits on Source (19)
# Tor Browser Launcher Changelog
## 0.3.2
* Switch to keys.openpgp.org when refreshing signing key, because SKS keyservers are broken
* Use new Tor Browser logo
## 0.3.1
* Ship with latest version of the Tor Browser Developers OpenPGP public key
......
# Tor Browser Launcher
_**Are you getting an error?** Sometimes updates in Tor Browser itself will break Tor Browser Launcher. There's a good chance that the problem you're experiencing has already been fixed in the [newest version](https://github.com/micahflee/torbrowser-launcher/releases), but Linux distributions can be slow to provide up-to-date packages. In this case, you can install from the PPA (instructions below), or [build from source](/BUILD.md)._
Tor Browser Launcher is intended to make Tor Browser easier to install and use for GNU/Linux users. You install ```torbrowser-launcher``` from your distribution's package manager and it handles everything else:
* Downloads and installs the most recent version of Tor Browser in your language and for your computer's architecture, or launches Tor Browser if it's already installed (Tor Browser will automatically update itself)
......@@ -14,12 +16,11 @@ You might want to check out the [security design doc](/security_design.md).
![Tor Browser Launcher screenshot](/screenshot.png)
# Installing in Ubuntu
# Installing from the PPA
If you want to always have the latest version of the `torbrowser-launcher` package before your distribution gets it, you can use my PPA:
```sh
sudo add-apt-repository ppa:micahflee/ppa
sudo apt-get update
sudo apt-get install torbrowser-launcher
sudo apt install torbrowser-launcher
```
......@@ -4,6 +4,7 @@
@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
profile torbrowser_firefox @{torbrowser_firefox_executable} {
#include <abstractions/audio>
#include <abstractions/gnome>
# Uncomment the following lines if you want to give the Tor Browser read-write
......@@ -11,12 +12,15 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
# #include <abstractions/user-download>
# @{HOME}/ r,
# Audio support
/{,usr/}bin/pulseaudio Pixr,
#dbus,
network netlink raw,
network tcp,
ptrace (trace) peer=torbrowser_plugin_container,
signal (send) set=("term") peer=torbrowser_plugin_container,
ptrace (trace) peer=@{profile_name},
signal (receive, send) set=("term") peer=@{profile_name},
deny /etc/host.conf r,
deny /etc/hosts r,
......@@ -26,12 +30,13 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny /etc/group r,
deny /etc/mailcap r,
deny /etc/machine-id r,
deny /var/lib/dbus/machine-id r,
/etc/machine-id r,
/var/lib/dbus/machine-id r,
/dev/ r,
/dev/shm/ r,
owner @{PROC}/@{pid}/environ r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
......@@ -51,20 +56,24 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
owner @{torbrowser_home_dir}/*.so mr,
owner @{torbrowser_home_dir}/.cache/fontconfig/ rwk,
owner @{torbrowser_home_dir}/.cache/fontconfig/** rwkl,
owner @{torbrowser_home_dir}/components/*.so mr,
owner @{torbrowser_home_dir}/browser/components/*.so mr,
owner @{torbrowser_home_dir}/browser/** r,
owner @{torbrowser_home_dir}/{,browser/}components/*.so mr,
owner @{torbrowser_home_dir}/Downloads/ rwk,
owner @{torbrowser_home_dir}/Downloads/** rwk,
owner @{torbrowser_home_dir}/firefox rix,
owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/updater ix,
owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/0/MozUpdater/bgupdate/updater ix,
owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/* rw,
owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/{,MozUpdater/bgupdate/}updater ix,
owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/.parentwritetest rw,
owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profiles.ini r,
owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/ r,
owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/{,**} rwk,
owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
owner @{torbrowser_home_dir}/TorBrowser/Tor/tor px,
owner @{torbrowser_home_dir}/TorBrowser/Tor/ r,
owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,
owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
# Web Content processes
owner @{torbrowser_firefox_executable} px -> torbrowser_plugin_container,
# parent Firefox process when restarting after upgrade, Web Content processes
owner @{torbrowser_firefox_executable} ixmr -> torbrowser_firefox,
/etc/mailcap r,
/etc/mime.types r,
......@@ -110,6 +119,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
deny /run/user/[0-9]*/dconf/user rw,
# Silence denial logs about PulseAudio
deny /etc/pulse/client.conf r,
......
#include <tunables/global>
#include <tunables/torbrowser>
@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
profile torbrowser_plugin_container {
#include <abstractions/gnome>
# Uncomment the following lines if you want Tor Browser
# to have direct access to your sound hardware. You will also
# need to remove, further bellow:
# - the "deny" word in the machine-id lines
# - the rules that deny reading /etc/pulse/client.conf
# and executing /usr/bin/pulseaudio
# #include <abstractions/audio>
# /etc/asound.conf r,
# owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/mozilla-temp-* rw,
signal (receive) set=("term") peer=torbrowser_firefox,
deny /etc/host.conf r,
deny /etc/hosts r,
deny /etc/nsswitch.conf r,
deny /etc/resolv.conf r,
deny /etc/passwd r,
deny /etc/group r,
deny /etc/mailcap r,
deny /etc/machine-id r,
deny /var/lib/dbus/machine-id r,
/etc/mime.types r,
/usr/share/applications/gnome-mimeapps.list r,
/dev/shm/ r,
owner @{PROC}/@{pid}/environ r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
owner @{PROC}/@{pid}/status r,
owner @{PROC}/@{pid}/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
owner @{torbrowser_home_dir}/*.dat r,
owner @{torbrowser_home_dir}/*.manifest r,
owner @{torbrowser_home_dir}/*.so mr,
owner @{torbrowser_home_dir}/.cache/fontconfig/ rw,
owner @{torbrowser_home_dir}/.cache/fontconfig/** rw,
owner @{torbrowser_home_dir}/browser/** r,
owner @{torbrowser_home_dir}/components/*.so mr,
owner @{torbrowser_home_dir}/browser/components/*.so mr,
owner @{torbrowser_home_dir}/defaults/pref/ r,
owner @{torbrowser_home_dir}/defaults/pref/*.js r,
owner @{torbrowser_home_dir}/dependentlibs.list r,
owner @{torbrowser_home_dir}/fonts/ r,
owner @{torbrowser_home_dir}/fonts/** r,
owner @{torbrowser_home_dir}/omni.ja r,
owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw,
owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
owner @{torbrowser_home_dir}/TorBrowser/Tor/ r,
owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,
owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
owner @{torbrowser_home_dir}/Downloads/ rwk,
owner @{torbrowser_home_dir}/Downloads/** rwk,
owner @{torbrowser_firefox_executable} ixmr -> torbrowser_plugin_container,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/present r,
/sys/devices/system/node/ r,
/sys/devices/system/node/node[0-9]*/meminfo r,
deny /sys/devices/virtual/block/*/uevent r,
# Should use abstractions/gstreamer instead once merged upstream
/etc/udev/udev.conf r,
/run/udev/data/+pci:* r,
/sys/devices/pci[0-9]*/**/uevent r,
owner /{dev,run}/shm/shmfd-* rw,
# Required for multiprocess Firefox (aka Electrolysis, i.e. e10s)
owner /{dev,run}/shm/org.chromium.* rw,
# Deny access to DRM nodes, that's granted by the X abstraction, which is
# sourced by the gnome abstraction, that we include.
deny /dev/dri/** rwklx,
# Silence denial logs about permissions we don't need
deny /dev/dri/ rwklx,
deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
# Silence denial logs about PulseAudio
deny /etc/pulse/client.conf r,
deny /usr/bin/pulseaudio x,
#include <local/torbrowser.Browser.plugin-container>
}
torbrowser-launcher (0.3.2-1~bpo10+1) buster-backports; urgency=medium
* Rebuild for buster-backports.
-- Roger Shimizu <rosh@debian.org> Wed, 14 Aug 2019 01:35:25 +0900
torbrowser-launcher (0.3.2-1) unstable; urgency=medium
* New upstream release 0.3.2
- Switch to keys.openpgp.org when refreshing signing key, because
SKS keyservers are broken.
- Use new Tor Browser logo.
* debian/patches:
- Remove upstreamed patches.
- Refresh patches.
-- Roger Shimizu <rosh@debian.org> Wed, 07 Aug 2019 01:40:22 +0900
torbrowser-launcher (0.3.1-2~bpo9+2) stretch-backports-sloppy; urgency=medium
* Rebuild for stretch-backports-sloppy.
-- Roger Shimizu <rosh@debian.org> Sat, 27 Jul 2019 23:21:27 -0300
torbrowser-launcher (0.3.1-2~bpo10+1) buster-backports; urgency=medium
* Rebuild for buster-backports.
......
From: Roger Shimizu <rosh@debian.org>
Date: Sun, 18 Mar 2018 23:12:26 +0900
Subject: Remove apparmor local path from setup.py
apparmor local files were just removed, so change setup.py accordingly.
---
setup.py | 4 ----
1 file changed, 4 deletions(-)
diff --git a/setup.py b/setup.py
index 37452ba..cf098c1 100644
--- a/setup.py
+++ b/setup.py
@@ -83,10 +83,6 @@ if distro != 'Ubuntu':
'apparmor/torbrowser.Browser.firefox',
'apparmor/torbrowser.Browser.plugin-container',
'apparmor/torbrowser.Tor.tor']),
- ('/etc/apparmor.d/local/', [
- 'apparmor/local/torbrowser.Browser.firefox',
- 'apparmor/local/torbrowser.Browser.plugin-container',
- 'apparmor/local/torbrowser.Tor.tor']),
('/etc/apparmor.d/tunables/', ['apparmor/tunables/torbrowser'])
]
......@@ -8,12 +8,12 @@ Subject: Update Hungarian translation
2 files changed, 25 insertions(+), 13 deletions(-)
diff --git a/README.md b/README.md
index 9ca9f3a..c71ef13 100644
index df3d365..be37a35 100644
--- a/README.md
+++ b/README.md
@@ -23,3 +23,11 @@ sudo add-apt-repository ppa:micahflee/ppa
sudo apt-get update
sudo apt-get install torbrowser-launcher
@@ -24,3 +24,11 @@ If you want to always have the latest version of the `torbrowser-launcher` packa
sudo add-apt-repository ppa:micahflee/ppa
sudo apt install torbrowser-launcher
```
+# Installing in blackPanther OS
+
......
......@@ -14,10 +14,10 @@ Subject: Remove mention of modem sound in docs and translation po files
8 files changed, 42 deletions(-)
diff --git a/README.md b/README.md
index c71ef13..0245b86 100644
index be37a35..96cb581 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,6 @@ Tor Browser Launcher is intended to make Tor Browser easier to install and use f
@@ -8,7 +8,6 @@ Tor Browser Launcher is intended to make Tor Browser easier to install and use f
* Verifies Tor Browser's [signature](https://www.torproject.org/docs/verifying-signatures.html.en) for you, to ensure the version you downloaded was cryptographically signed by Tor developers and was not tampered with
* Adds "Tor Browser" and "Tor Browser Launcher Settings" application launcher to your desktop environment's menu
* Includes AppArmor profiles to make a Tor Browser compromise not as bad
......
......@@ -8,7 +8,7 @@ This reverts commit b828bdfafe60bb9bcf93ec660ad5c07ff7fdbdf5.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/torbrowser_launcher/common.py b/torbrowser_launcher/common.py
index 4e3a30a..9740e1d 100644
index 25bb984..1d619b1 100644
--- a/torbrowser_launcher/common.py
+++ b/torbrowser_launcher/common.py
@@ -73,7 +73,7 @@ class Common(object):
......
From: intrigeri <intrigeri@boum.org>
Date: Tue, 25 Sep 2018 07:23:18 +0000
Subject: AppArmor: allow Web Content processes to check the update status.
Otherwise restarting after updating Tor Browser is broken.
(cherry picked from commit 1b2e6aae02eeb2a651e8911c0cec3f6e7dcc1a77)
---
apparmor/torbrowser.Browser.plugin-container | 1 +
1 file changed, 1 insertion(+)
diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
index 7ec8a00..a70f4ac 100644
--- a/apparmor/torbrowser.Browser.plugin-container
+++ b/apparmor/torbrowser.Browser.plugin-container
@@ -57,6 +57,7 @@ profile torbrowser_plugin_container {
owner @{torbrowser_home_dir}/fonts/** r,
owner @{torbrowser_home_dir}/omni.ja r,
owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
+ owner @{torbrowser_home_dir}/TorBrowser/UpdateInfo/updates/[0-9]*/update.{status,version} r,
owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw,
owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
From: intrigeri <intrigeri@boum.org>
Date: Sat, 6 Oct 2018 05:49:58 +0000
Subject: AppArmor: allow Web Content processes to read profile.ini and the
updates' "updater" file.
Otherwise restarting after updating Tor Browser is broken.
(cherry picked from commit 3cd8aeb0f843d2530382a61a263489aea066b15a)
---
apparmor/torbrowser.Browser.plugin-container | 2 ++
1 file changed, 2 insertions(+)
diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
index a70f4ac..fdf5fda 100644
--- a/apparmor/torbrowser.Browser.plugin-container
+++ b/apparmor/torbrowser.Browser.plugin-container
@@ -57,7 +57,9 @@ profile torbrowser_plugin_container {
owner @{torbrowser_home_dir}/fonts/** r,
owner @{torbrowser_home_dir}/omni.ja r,
owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profiles.ini r,
owner @{torbrowser_home_dir}/TorBrowser/UpdateInfo/updates/[0-9]*/update.{status,version} r,
+ owner @{torbrowser_home_dir}/TorBrowser/UpdateInfo/updates/[0-9]/updater rw,
owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw,
owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
0001-Remove-apparmor-local-path-from-setup.py.patch
0002-show-gui-only-if-tbb-not-installed.patch
0003-remove-double-common-assignment.patch
0004-Update-Hungarian-translation.patch
0005-Create-da.po.patch
0006-Fix-two-spelling-errors.patch
0007-Add-Swedish-translation.patch
0008-Remove-mention-of-modem-sound-in-docs-and-translatio.patch
0009-AppArmor-allow-Web-Content-processes-to-check-the-up.patch
0010-AppArmor-allow-Web-Content-processes-to-read-profile.patch
0011-Revert-Properly-detect-the-system-s-locale.patch
0001-show-gui-only-if-tbb-not-installed.patch
0002-remove-double-common-assignment.patch
0003-Update-Hungarian-translation.patch
0004-Create-da.po.patch
0005-Fix-two-spelling-errors.patch
0006-Add-Swedish-translation.patch
0007-Remove-mention-of-modem-sound-in-docs-and-translatio.patch
0008-Revert-Properly-detect-the-system-s-locale.patch
screenshot.png

152 KiB | W: | H:

screenshot.png

172 KiB | W: | H:

screenshot.png
screenshot.png
screenshot.png
screenshot.png
  • 2-up
  • Swipe
  • Onion skin
......@@ -81,11 +81,9 @@ if distro != 'Ubuntu':
datafiles += [
('/etc/apparmor.d/', [
'apparmor/torbrowser.Browser.firefox',
'apparmor/torbrowser.Browser.plugin-container',
'apparmor/torbrowser.Tor.tor']),
('/etc/apparmor.d/local/', [
'apparmor/local/torbrowser.Browser.firefox',
'apparmor/local/torbrowser.Browser.plugin-container',
'apparmor/local/torbrowser.Tor.tor']),
('/etc/apparmor.d/tunables/', ['apparmor/tunables/torbrowser'])
]
......