CHANGELOG.md

 # Tor Browser Launcher Changelog
 
+## 0.3.2
+
+* Switch to keys.openpgp.org when refreshing signing key, because SKS keyservers are broken
+* Use new Tor Browser logo
+
 ## 0.3.1
 
 * Ship with latest version of the Tor Browser Developers OpenPGP public key

README.md

 # Tor Browser Launcher
 
+_**Are you getting an error?** Sometimes updates in Tor Browser itself will break Tor Browser Launcher. There's a good chance that the problem you're experiencing has already been fixed in the [newest version](https://github.com/micahflee/torbrowser-launcher/releases), but Linux distributions can be slow to provide up-to-date packages. In this case, you can install from the PPA (instructions below), or [build from source](/BUILD.md)._
+
 Tor Browser Launcher is intended to make Tor Browser easier to install and use for GNU/Linux users. You install ```torbrowser-launcher``` from your distribution's package manager and it handles everything else:
 
 * Downloads and installs the most recent version of Tor Browser in your language and for your computer's architecture, or launches Tor Browser if it's already installed (Tor Browser will automatically update itself)
@@ -14,12 +16,11 @@ You might want to check out the [security design doc](/security_design.md).
 
 ![Tor Browser Launcher screenshot](/screenshot.png)
 
-# Installing in Ubuntu
+# Installing from the PPA
 
 If you want to always have the latest version of the `torbrowser-launcher` package before your distribution gets it, you can use my PPA:
 
 ```sh
 sudo add-apt-repository ppa:micahflee/ppa
-sudo apt-get update
-sudo apt-get install torbrowser-launcher
+sudo apt install torbrowser-launcher
 ```

apparmor/torbrowser.Browser.firefox

@@ -4,6 +4,7 @@
 @{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
 
 profile torbrowser_firefox @{torbrowser_firefox_executable} {
+  #include <abstractions/audio>
   #include <abstractions/gnome>
 
   # Uncomment the following lines if you want to give the Tor Browser read-write
@@ -11,12 +12,15 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
   # #include <abstractions/user-download>
   # @{HOME}/ r,
 
+  # Audio support
+  /{,usr/}bin/pulseaudio Pixr,
+
   #dbus,
   network netlink raw,
   network tcp,
 
-  ptrace (trace) peer=torbrowser_plugin_container,
-  signal (send) set=("term") peer=torbrowser_plugin_container,
+  ptrace (trace) peer=@{profile_name},
+  signal (receive, send) set=("term") peer=@{profile_name},
 
   deny /etc/host.conf r,
   deny /etc/hosts r,
@@ -26,12 +30,13 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
   deny /etc/group r,
   deny /etc/mailcap r,
 
-  deny /etc/machine-id r,
-  deny /var/lib/dbus/machine-id r,
+  /etc/machine-id r,
+  /var/lib/dbus/machine-id r,
 
   /dev/ r,
   /dev/shm/ r,
 
+  owner @{PROC}/@{pid}/environ r,
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/stat r,
@@ -51,20 +56,24 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
   owner @{torbrowser_home_dir}/*.so mr,
   owner @{torbrowser_home_dir}/.cache/fontconfig/ rwk,
   owner @{torbrowser_home_dir}/.cache/fontconfig/** rwkl,
-  owner @{torbrowser_home_dir}/components/*.so mr,
-  owner @{torbrowser_home_dir}/browser/components/*.so mr,
+  owner @{torbrowser_home_dir}/browser/** r,
+  owner @{torbrowser_home_dir}/{,browser/}components/*.so mr,
+  owner @{torbrowser_home_dir}/Downloads/ rwk,
+  owner @{torbrowser_home_dir}/Downloads/** rwk,
   owner @{torbrowser_home_dir}/firefox rix,
-  owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/updater ix,
-  owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/0/MozUpdater/bgupdate/updater ix,
+  owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/* rw,
+  owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/{,MozUpdater/bgupdate/}updater ix,
+  owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/.parentwritetest rw,
   owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profiles.ini r,
-  owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/ r,
+  owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/{,**} rwk,
+  owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
   owner @{torbrowser_home_dir}/TorBrowser/Tor/tor px,
   owner @{torbrowser_home_dir}/TorBrowser/Tor/ r,
   owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,
   owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
 
-  # Web Content processes
-  owner @{torbrowser_firefox_executable} px -> torbrowser_plugin_container,
+  # parent Firefox process when restarting after upgrade, Web Content processes
+  owner @{torbrowser_firefox_executable} ixmr -> torbrowser_firefox,
 
   /etc/mailcap r,
   /etc/mime.types r,
@@ -110,6 +119,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
   deny @{PROC}/@{pid}/net/route r,
   deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
   deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
+  deny /run/user/[0-9]*/dconf/user rw,
 
   # Silence denial logs about PulseAudio
   deny /etc/pulse/client.conf r,

apparmor/torbrowser.Browser.plugin-container

-#include <tunables/global>
-#include <tunables/torbrowser>
-
-@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
-
-profile torbrowser_plugin_container {
-  #include <abstractions/gnome>
-
-  # Uncomment the following lines if you want Tor Browser
-  # to have direct access to your sound hardware. You will also
-  # need to remove, further bellow:
-  #  - the "deny" word in the machine-id lines
-  #  - the rules that deny reading /etc/pulse/client.conf
-  #    and executing /usr/bin/pulseaudio
-  # #include <abstractions/audio>
-  # /etc/asound.conf r,
-  # owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/mozilla-temp-* rw,
-
-  signal (receive) set=("term") peer=torbrowser_firefox,
-
-  deny /etc/host.conf r,
-  deny /etc/hosts r,
-  deny /etc/nsswitch.conf r,
-  deny /etc/resolv.conf r,
-  deny /etc/passwd r,
-  deny /etc/group r,
-  deny /etc/mailcap r,
-
-  deny /etc/machine-id r,
-  deny /var/lib/dbus/machine-id r,
-
-  /etc/mime.types r,
-  /usr/share/applications/gnome-mimeapps.list r,
-
-  /dev/shm/ r,
-
-  owner @{PROC}/@{pid}/environ r,
-  owner @{PROC}/@{pid}/fd/ r,
-  owner @{PROC}/@{pid}/mountinfo r,
-  owner @{PROC}/@{pid}/stat r,
-  owner @{PROC}/@{pid}/status r,
-  owner @{PROC}/@{pid}/task/*/stat r,
-  @{PROC}/sys/kernel/random/uuid r,
-
-  owner @{torbrowser_home_dir}/*.dat r,
-  owner @{torbrowser_home_dir}/*.manifest r,
-  owner @{torbrowser_home_dir}/*.so mr,
-  owner @{torbrowser_home_dir}/.cache/fontconfig/   rw,
-  owner @{torbrowser_home_dir}/.cache/fontconfig/** rw,
-  owner @{torbrowser_home_dir}/browser/** r,
-  owner @{torbrowser_home_dir}/components/*.so mr,
-  owner @{torbrowser_home_dir}/browser/components/*.so mr,
-  owner @{torbrowser_home_dir}/defaults/pref/     r,
-  owner @{torbrowser_home_dir}/defaults/pref/*.js r,
-  owner @{torbrowser_home_dir}/dependentlibs.list r,
-  owner @{torbrowser_home_dir}/fonts/   r,
-  owner @{torbrowser_home_dir}/fonts/** r,
-  owner @{torbrowser_home_dir}/omni.ja r,
-  owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
-  owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
-  owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw,
-  owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
-  owner @{torbrowser_home_dir}/TorBrowser/Tor/ r,
-  owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,
-  owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
-  owner @{torbrowser_home_dir}/Downloads/ rwk,
-  owner @{torbrowser_home_dir}/Downloads/** rwk,
-
-  owner @{torbrowser_firefox_executable} ixmr -> torbrowser_plugin_container,
-
-  /sys/devices/system/cpu/ r,
-  /sys/devices/system/cpu/present r,
-  /sys/devices/system/node/ r,
-  /sys/devices/system/node/node[0-9]*/meminfo r,
-  deny /sys/devices/virtual/block/*/uevent r,
-
-  # Should use abstractions/gstreamer instead once merged upstream
-  /etc/udev/udev.conf r,
-  /run/udev/data/+pci:* r,
-  /sys/devices/pci[0-9]*/**/uevent r,
-  owner /{dev,run}/shm/shmfd-* rw,
-
-  # Required for multiprocess Firefox (aka Electrolysis, i.e. e10s)
-  owner /{dev,run}/shm/org.chromium.* rw,
-
-  # Deny access to DRM nodes, that's granted by the X abstraction, which is
-  # sourced by the gnome abstraction, that we include.
-  deny /dev/dri/** rwklx,
-
-  # Silence denial logs about permissions we don't need
-  deny /dev/dri/   rwklx,
-  deny @{PROC}/@{pid}/net/route r,
-  deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
-  deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
-
-  # Silence denial logs about PulseAudio
-  deny /etc/pulse/client.conf r,
-  deny /usr/bin/pulseaudio x,
-
-  #include <local/torbrowser.Browser.plugin-container>
-}

debian/changelog

+torbrowser-launcher (0.3.2-1~bpo10+1) buster-backports; urgency=medium
+
+  * Rebuild for buster-backports.
+
+ -- Roger Shimizu <rosh@debian.org>  Wed, 14 Aug 2019 01:35:25 +0900
+
+torbrowser-launcher (0.3.2-1) unstable; urgency=medium
+
+  * New upstream release 0.3.2
+    - Switch to keys.openpgp.org when refreshing signing key, because
+      SKS keyservers are broken.
+    - Use new Tor Browser logo.
+  * debian/patches:
+    - Remove upstreamed patches.
+    - Refresh patches.
+
+ -- Roger Shimizu <rosh@debian.org>  Wed, 07 Aug 2019 01:40:22 +0900
+
+torbrowser-launcher (0.3.1-2~bpo9+2) stretch-backports-sloppy; urgency=medium
+
+  * Rebuild for stretch-backports-sloppy.
+
+ -- Roger Shimizu <rosh@debian.org>  Sat, 27 Jul 2019 23:21:27 -0300
+
 torbrowser-launcher (0.3.1-2~bpo10+1) buster-backports; urgency=medium
 
   * Rebuild for buster-backports.

debian/patches/0001-Remove-apparmor-local-path-from-setup.py.patch

-From: Roger Shimizu <rosh@debian.org>
-Date: Sun, 18 Mar 2018 23:12:26 +0900
-Subject: Remove apparmor local path from setup.py
-
-apparmor local files were just removed, so change setup.py accordingly.
----
- setup.py | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/setup.py b/setup.py
-index 37452ba..cf098c1 100644
---- a/setup.py
-+++ b/setup.py
-@@ -83,10 +83,6 @@ if distro != 'Ubuntu':
-                 'apparmor/torbrowser.Browser.firefox',
-                 'apparmor/torbrowser.Browser.plugin-container',
-                 'apparmor/torbrowser.Tor.tor']),
--            ('/etc/apparmor.d/local/', [
--                'apparmor/local/torbrowser.Browser.firefox',
--                'apparmor/local/torbrowser.Browser.plugin-container',
--                'apparmor/local/torbrowser.Tor.tor']),
-             ('/etc/apparmor.d/tunables/', ['apparmor/tunables/torbrowser'])
-         ]
- 

debian/patches/0004-Update-Hungarian-translation.patch → debian/patches/0003-Update-Hungarian-translation.patch

@@ -8,12 +8,12 @@ Subject: Update Hungarian translation
  2 files changed, 25 insertions(+), 13 deletions(-)
 
 diff --git a/README.md b/README.md
-index 9ca9f3a..c71ef13 100644
+index df3d365..be37a35 100644
 --- a/README.md
 +++ b/README.md
-@@ -23,3 +23,11 @@ sudo add-apt-repository ppa:micahflee/ppa
- sudo apt-get update
- sudo apt-get install torbrowser-launcher
+@@ -24,3 +24,11 @@ If you want to always have the latest version of the `torbrowser-launcher` packa
+ sudo add-apt-repository ppa:micahflee/ppa
+ sudo apt install torbrowser-launcher
  ```
 +# Installing in blackPanther OS
 +

debian/patches/0008-Remove-mention-of-modem-sound-in-docs-and-translatio.patch → debian/patches/0007-Remove-mention-of-modem-sound-in-docs-and-translatio.patch

@@ -14,10 +14,10 @@ Subject: Remove mention of modem sound in docs and translation po files
  8 files changed, 42 deletions(-)
 
 diff --git a/README.md b/README.md
-index c71ef13..0245b86 100644
+index be37a35..96cb581 100644
 --- a/README.md
 +++ b/README.md
-@@ -6,7 +6,6 @@ Tor Browser Launcher is intended to make Tor Browser easier to install and use f
+@@ -8,7 +8,6 @@ Tor Browser Launcher is intended to make Tor Browser easier to install and use f
  * Verifies Tor Browser's [signature](https://www.torproject.org/docs/verifying-signatures.html.en) for you, to ensure the version you downloaded was cryptographically signed by Tor developers and was not tampered with
  * Adds "Tor Browser" and "Tor Browser Launcher Settings" application launcher to your desktop environment's menu
  * Includes AppArmor profiles to make a Tor Browser compromise not as bad

debian/patches/0011-Revert-Properly-detect-the-system-s-locale.patch → debian/patches/0008-Revert-Properly-detect-the-system-s-locale.patch

@@ -8,7 +8,7 @@ This reverts commit b828bdfafe60bb9bcf93ec660ad5c07ff7fdbdf5.
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/torbrowser_launcher/common.py b/torbrowser_launcher/common.py
-index 4e3a30a..9740e1d 100644
+index 25bb984..1d619b1 100644
 --- a/torbrowser_launcher/common.py
 +++ b/torbrowser_launcher/common.py
 @@ -73,7 +73,7 @@ class Common(object):

debian/patches/0009-AppArmor-allow-Web-Content-processes-to-check-the-up.patch

-From: intrigeri <intrigeri@boum.org>
-Date: Tue, 25 Sep 2018 07:23:18 +0000
-Subject: AppArmor: allow Web Content processes to check the update status.
-
-Otherwise restarting after updating Tor Browser is broken.
-
-(cherry picked from commit 1b2e6aae02eeb2a651e8911c0cec3f6e7dcc1a77)
----
- apparmor/torbrowser.Browser.plugin-container | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
-index 7ec8a00..a70f4ac 100644
---- a/apparmor/torbrowser.Browser.plugin-container
-+++ b/apparmor/torbrowser.Browser.plugin-container
-@@ -57,6 +57,7 @@ profile torbrowser_plugin_container {
-   owner @{torbrowser_home_dir}/fonts/** r,
-   owner @{torbrowser_home_dir}/omni.ja r,
-   owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
-+  owner @{torbrowser_home_dir}/TorBrowser/UpdateInfo/updates/[0-9]*/update.{status,version} r,
-   owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
-   owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw,
-   owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,

debian/patches/0010-AppArmor-allow-Web-Content-processes-to-read-profile.patch

-From: intrigeri <intrigeri@boum.org>
-Date: Sat, 6 Oct 2018 05:49:58 +0000
-Subject: AppArmor: allow Web Content processes to read profile.ini and the
- updates' "updater" file.
-
-Otherwise restarting after updating Tor Browser is broken.
-
-(cherry picked from commit 3cd8aeb0f843d2530382a61a263489aea066b15a)
----
- apparmor/torbrowser.Browser.plugin-container | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
-index a70f4ac..fdf5fda 100644
---- a/apparmor/torbrowser.Browser.plugin-container
-+++ b/apparmor/torbrowser.Browser.plugin-container
-@@ -57,7 +57,9 @@ profile torbrowser_plugin_container {
-   owner @{torbrowser_home_dir}/fonts/** r,
-   owner @{torbrowser_home_dir}/omni.ja r,
-   owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
-+  owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profiles.ini r,
-   owner @{torbrowser_home_dir}/TorBrowser/UpdateInfo/updates/[0-9]*/update.{status,version} r,
-+  owner @{torbrowser_home_dir}/TorBrowser/UpdateInfo/updates/[0-9]/updater rw,
-   owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
-   owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw,
-   owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,

debian/patches/series

-0001-Remove-apparmor-local-path-from-setup.py.patch
-0002-show-gui-only-if-tbb-not-installed.patch
-0003-remove-double-common-assignment.patch
-0004-Update-Hungarian-translation.patch
-0005-Create-da.po.patch
-0006-Fix-two-spelling-errors.patch
-0007-Add-Swedish-translation.patch
-0008-Remove-mention-of-modem-sound-in-docs-and-translatio.patch
-0009-AppArmor-allow-Web-Content-processes-to-check-the-up.patch
-0010-AppArmor-allow-Web-Content-processes-to-read-profile.patch
-0011-Revert-Properly-detect-the-system-s-locale.patch
+0001-show-gui-only-if-tbb-not-installed.patch
+0002-remove-double-common-assignment.patch
+0003-Update-Hungarian-translation.patch
+0004-Create-da.po.patch
+0005-Fix-two-spelling-errors.patch
+0006-Add-Swedish-translation.patch
+0007-Remove-mention-of-modem-sound-in-docs-and-translatio.patch
+0008-Revert-Properly-detect-the-system-s-locale.patch

setup.py

@@ -81,11 +81,9 @@ if distro != 'Ubuntu':
         datafiles += [
             ('/etc/apparmor.d/', [
                 'apparmor/torbrowser.Browser.firefox',
-                'apparmor/torbrowser.Browser.plugin-container',
                 'apparmor/torbrowser.Tor.tor']),
             ('/etc/apparmor.d/local/', [
                 'apparmor/local/torbrowser.Browser.firefox',
-                'apparmor/local/torbrowser.Browser.plugin-container',
                 'apparmor/local/torbrowser.Tor.tor']),
             ('/etc/apparmor.d/tunables/', ['apparmor/tunables/torbrowser'])
         ]