Micah Lee · intrigeri · intrigeri · intrigeri · intrigeri · intrigeri
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
+# All code
+* @micahflee
+
+# AppArmor profiles
+/apparmor/ @intrigeri
--- a/BUILD.md
+++ b/BUILD.md
@@ -12,25 +12,19 @@ Then install dependencies, build a package, and install:
 ### Debian, Ubuntu, Linux Mint, etc.

 ```sh
-sudo apt-get install build-essential dh-python python-all python-stdeb python-gtk2 python-twisted python-lzma python-txsocksx gnupg fakeroot xz-utils tor
-# If you're running an OS that has python-gpg like Ubuntu 17.04+ or Debian 9+, install that too
-sudo apt install python-gpg
+sudo apt install build-essential dh-python python3-all python3-stdeb python3-pyqt5 python3-gpg python3-requests python3-socks gnupg2 tor
 ./build_deb.sh
 sudo dpkg -i deb_dist/torbrowser-launcher_*.deb
 ```

-Optionally you can install `python-pygame` if you want to play a modem sound while Tor Browser is launching.
-
 ### Red Hat, Fedora, CentOS, etc.

 ```sh
-sudo dnf install python-psutil python-twisted gnupg fakeroot rpm-build python-txsocksx tor pygtk2 python2-gpg
+sudo dnf install rpm-build python3-qt5 python3-gpg python3-requests python3-pysocks gnupg2 tor
 ./build_rpm.sh
 sudo yum install dist/torbrowser-launcher-*.rpm
 ```

-Optionally you can install `pygame` if you want to play a modem sound while Tor Browser is launching.
-
 ### Run without installing

 Install the dependencies: sadly, not all of them are available in virtualenv, so you will need to install (some of) them system-wide.

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
 # Tor Browser Launcher Changelog

+## 0.3.1
+
+* Ship with latest version of the Tor Browser Developers OpenPGP public key
+* Fix bug where TBL window stays open after Tor Browser is launched
+
+## 0.3.0
+
+* Switched from python2 to python3
+* Switched from gtk2 to Qt5
+* Switched from twisted to requests/socks
+* Use QThreads for async
+* Removed modem sound
+* Only refresh gpg keyring on verification error, instead of every time
+* Updated AppArmor profiles
+* Updated available languages, and fixed locale detection bug
+* Fixed false signature verification error related to twisted
+
 ## 0.2.9

 * Fixed crash issue related to Tor Browser 7.5 changing how the currently installed version number is stored

--- a/apparmor/local/torbrowser.Browser.firefox
+++ b/apparmor/local/torbrowser.Browser.firefox
-# Site-specific additions and overrides for torbrowser.Browser.firefox.
-# For more details, please see /etc/apparmor.d/local/README. 
--- a/apparmor/local/torbrowser.Browser.plugin-container
+++ b/apparmor/local/torbrowser.Browser.plugin-container
-# Site-specific additions and overrides for torbrowser.Browser.firefox.
-# For more details, please see /etc/apparmor.d/local/README.
--- a/apparmor/local/torbrowser.Tor.tor
+++ b/apparmor/local/torbrowser.Tor.tor
-# Site-specific additions and overrides for torbrowser.Browser.firefox.
-# For more details, please see /etc/apparmor.d/local/README.
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
 #include <tunables/global>
 #include <tunables/torbrowser>

-/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox {
+@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
+
+profile torbrowser_firefox @{torbrowser_firefox_executable} {
  #include <abstractions/gnome>

  # Uncomment the following lines if you want to give the Tor Browser read-write
@@ -13,7 +15,8 @@
  network netlink raw,
  network tcp,

-  ptrace (trace) peer=@{profile_name},
+  ptrace (trace) peer=torbrowser_plugin_container,
+  signal (send) set=("term") peer=torbrowser_plugin_container,

  deny /etc/host.conf r,
  deny /etc/hosts r,
@@ -46,10 +49,11 @@
  owner @{torbrowser_home_dir}.bak/ rwk,
  owner @{torbrowser_home_dir}.bak/** rwk,
  owner @{torbrowser_home_dir}/*.so mr,
+  owner @{torbrowser_home_dir}/.cache/fontconfig/ rwk,
+  owner @{torbrowser_home_dir}/.cache/fontconfig/** rwkl,
  owner @{torbrowser_home_dir}/components/*.so mr,
  owner @{torbrowser_home_dir}/browser/components/*.so mr,
  owner @{torbrowser_home_dir}/firefox rix,
-  owner @{torbrowser_home_dir}/plugin-container px -> torbrowser_plugin_container,
  owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/updater ix,
  owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/0/MozUpdater/bgupdate/updater ix,
  owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profiles.ini r,
@@ -59,10 +63,14 @@
  owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,
  owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,

+  # Web Content processes
+  owner @{torbrowser_firefox_executable} px -> torbrowser_plugin_container,
+
  /etc/mailcap r,
  /etc/mime.types r,

  /usr/share/ r,
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
  /usr/share/mime/ r,
  /usr/share/themes/ r,
  /usr/share/applications/** rk,
@@ -103,6 +111,10 @@
  deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
  deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,

+  # Silence denial logs about PulseAudio
+  deny /etc/pulse/client.conf r,
+  deny /usr/bin/pulseaudio x,
+
  # KDE 4
  owner @{HOME}/.kde/share/config/* r,


--- a/apparmor/torbrowser.Browser.plugin-container
+++ b/apparmor/torbrowser.Browser.plugin-container
 #include <tunables/global>
 #include <tunables/torbrowser>

+@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
+
 profile torbrowser_plugin_container {
  #include <abstractions/gnome>

-  # Uncomment the following lines if you don'want the Tor Browser
+  # Uncomment the following lines if you want Tor Browser
  # to have direct access to your sound hardware. You will also
-  # need to remove the "deny" word in the machine-id lines further
-  # bellow.
+  # need to remove, further bellow:
+  #  - the "deny" word in the machine-id lines
+  #  - the rules that deny reading /etc/pulse/client.conf
+  #    and executing /usr/bin/pulseaudio
  # #include <abstractions/audio>
  # /etc/asound.conf r,
-  # owner @{PROC}/@{pid}/fd/ r,
  # owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/mozilla-temp-* rw,

+  signal (receive) set=("term") peer=torbrowser_firefox,
+
  deny /etc/host.conf r,
  deny /etc/hosts r,
  deny /etc/nsswitch.conf r,
@@ -24,6 +29,13 @@ profile torbrowser_plugin_container {
  deny /etc/machine-id r,
  deny /var/lib/dbus/machine-id r,

+  /etc/mime.types r,
+  /usr/share/applications/gnome-mimeapps.list r,
+
+  /dev/shm/ r,
+
+  owner @{PROC}/@{pid}/environ r,
+  owner @{PROC}/@{pid}/fd/ r,
  owner @{PROC}/@{pid}/mountinfo r,
  owner @{PROC}/@{pid}/stat r,
  owner @{PROC}/@{pid}/status r,
@@ -40,11 +52,12 @@ profile torbrowser_plugin_container {
  owner @{torbrowser_home_dir}/browser/components/*.so mr,
  owner @{torbrowser_home_dir}/defaults/pref/     r,
  owner @{torbrowser_home_dir}/defaults/pref/*.js r,
+  owner @{torbrowser_home_dir}/dependentlibs.list r,
  owner @{torbrowser_home_dir}/fonts/   r,
  owner @{torbrowser_home_dir}/fonts/** r,
  owner @{torbrowser_home_dir}/omni.ja r,
-  owner @{torbrowser_home_dir}/plugin-container ixmr,
  owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
+  owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
  owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw,
  owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
  owner @{torbrowser_home_dir}/TorBrowser/Tor/ r,
@@ -53,6 +66,8 @@ profile torbrowser_plugin_container {
  owner @{torbrowser_home_dir}/Downloads/ rwk,
  owner @{torbrowser_home_dir}/Downloads/** rwk,

+  owner @{torbrowser_firefox_executable} ixmr -> torbrowser_plugin_container,
+
  /sys/devices/system/cpu/ r,
  /sys/devices/system/cpu/present r,
  /sys/devices/system/node/ r,
@@ -78,5 +93,9 @@ profile torbrowser_plugin_container {
  deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
  deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,

+  # Silence denial logs about PulseAudio
+  deny /etc/pulse/client.conf r,
+  deny /usr/bin/pulseaudio x,
+
  #include <local/torbrowser.Browser.plugin-container>
 }
--- a/apparmor/torbrowser.Tor.tor
+++ b/apparmor/torbrowser.Tor.tor
 #include <tunables/global>
+#include <tunables/torbrowser>

-/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor {
+@{torbrowser_tor_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor
+
+profile torbrowser_tor @{torbrowser_tor_executable} {
  #include <abstractions/base>

  network netlink raw,
@@ -11,18 +14,23 @@
  /etc/nsswitch.conf r,
  /etc/passwd r,
  /etc/resolv.conf r,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor mr,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/ rw,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/* rw,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/lock rwk,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/Tor,Lib}/*.so mr,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/Tor,Lib}/*.so.* mr,
+  owner @{torbrowser_home_dir}/TorBrowser/Tor/tor mr,
+  owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/ rw,
+  owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/** rw,
+  owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/lock rwk,
+  owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,
+  owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
+
+  # Support some of the included pluggable transports
+  owner @{torbrowser_home_dir}/TorBrowser/Tor/PluggableTransports/** rix,
+  @{PROC}/sys/net/core/somaxconn r,

  # Silence file_inherit logs
-  deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{browser/,}omni.ja r,
-  deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/.parentlock rw,
-  deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/extensions/*.xpi r,
-  deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/startupCache/* r,
+  deny @{torbrowser_home_dir}/{browser/,}omni.ja r,
+  deny @{torbrowser_home_dir}/{browser/,}features/*.xpi r,
+  deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/.parentlock rw,
+  deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
+  deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,

  @{PROC}/sys/kernel/random/uuid r,
  /sys/devices/system/cpu/ r,

--- a/build_deb.sh
+++ b/build_deb.sh
@@ -3,10 +3,10 @@
 VERSION=`cat share/torbrowser-launcher/version`

 # clean up from last build
-rm -r deb_dist
+rm -r build deb_dist

 # build binary package
-python setup.py --command-packages=stdeb.command bdist_deb
+python3 setup.py --command-packages=stdeb.command bdist_deb

 # install it
 echo ""

--- a/build_rpm.sh
+++ b/build_rpm.sh
@@ -6,7 +6,7 @@ VERSION=`cat share/torbrowser-launcher/version`
 rm -r build dist

 # build binary package
-python setup.py bdist_rpm --requires="python-twisted, gnupg, fakeroot, pygtk2, python2-gpg"
+python3 setup.py bdist_rpm --requires="python3-qt5, python3-gpg, python3-requests, python3-pysocks, gnupg2"

 # install it
 echo ""

--- a/debian/changelog
+++ b/debian/changelog
+torbrowser-launcher (0.3.1-1) unstable; urgency=low
+
+  * Upload to unstable.
+
+ -- Roger Shimizu <rosh@debian.org>  Thu, 01 Nov 2018 00:46:54 +0900
+
+torbrowser-launcher (0.3.1-1~exp1) experimental; urgency=medium
+
+  * New upstream release 0.3.1
+    - Ship with latest version of the Tor Browser Developers
+      OpenPGP public key
+    - Fix bug where TBL window stays open after Tor Browser
+      is launched
+  * debian/patches:
+    - Remove 0004 patch which is already merged upstream.
+
+ -- Roger Shimizu <rosh@debian.org>  Sun, 28 Oct 2018 02:27:31 +0900
+
+torbrowser-launcher (0.3.0-1~exp2) experimental; urgency=medium
+
+  * debian/copyright:
+    - Add comment section to explain why this is contrib package,
+      which comforts lintian.
+  * debian/patches:
+    - Cherry-pick upstream patch to update Tor Browser Developers
+      public key.
+
+ -- Roger Shimizu <rosh@debian.org>  Sun, 30 Sep 2018 10:20:22 +0900
+
+torbrowser-launcher (0.3.0-1~exp1) experimental; urgency=medium
+
+  * New upstream release 0.3.0
+    - Switched from python2 to python3
+    - Switched from gtk2 to Qt5
+    - Switched from twisted to requests/socks
+    - Use QThreads for async
+    - Removed modem sound
+    - Only refresh gpg keyring on verification error, instead of every time
+    - Updated AppArmor profiles
+    - Updated available languages, and fixed locale detection bug
+    - Fixed false signature verification error related to twisted
+  * debian/patches:
+    - Refresh patches.
+    - Remove upstreamed patches.
+  * debian/control:
+    - Remove XS-Python-Version and XB-Python-Version, since lintian says
+      it's not necessary.
+
+ -- Roger Shimizu <rosh@debian.org>  Wed, 19 Sep 2018 23:06:56 +0900
+
+torbrowser-launcher (0.3.0~dev-1~exp4) experimental; urgency=medium
+
+  * debian/patches:
+    - Refresh patches.
+    - Cherry-pick 5 upstream patches to fix appamor profile for
+      Tor Browser 8.0
+  * debian/control:
+    - Rename tag X-Python-Version to XS-Python-Version.
+    - Add XB-Python-Version tag for binary package.
+  * debian/torbrowser-launcher.maintscript:
+    - rm_conffile appamor profile /etc/apparmor.d/local/*, which was
+      removed since 0.2.9-2. Thanks to gregor herrmann for the fix.
+
+ -- Roger Shimizu <rosh@debian.org>  Tue, 18 Sep 2018 22:42:28 +0900
+
+torbrowser-launcher (0.3.0~dev-1~exp3) experimental; urgency=medium
+
+  * Merge debian/sid branch to incorporate latest changes.
+  * debian/control:
+    - Amend Vcs-* a bit to specify debian/sid branch as default.
+
+ -- Roger Shimizu <rosh@debian.org>  Mon, 25 Jun 2018 02:21:12 +0900
+
+torbrowser-launcher (0.3.0~dev-1~exp2) experimental; urgency=medium
+
+  * debian/rules:
+    - Skip the test since it fails under python 3.6
+
+ -- Roger Shimizu <rosh@debian.org>  Wed, 28 Mar 2018 21:45:45 +0900
+
+torbrowser-launcher (0.3.0~dev-1~exp1) experimental; urgency=medium
+
+  * New upstream release 0.3.0.dev in develop branch
+    - Switch from python2 to python3
+    - Switch from gtk2 to Qt5 (Closes: #885489)
+    - Switch from twisted to requests/socks
+    - Use QThreads for async, and now download, verify, and extract
+      in separate threads too
+    - Remove modem sound
+    - Stopped refreshing the gpg keyring each time, and instead only
+      refresh it when you hit a verification error (and then try
+      verifying again before actually displaying the error)
+    - On verification error, it saves a copy of the tarball and sig
+      that failed to verify
+    - Improved python style with flake8
+  * debian/patches:
+    - Refresh patches.
+    - Add patch 0017 and 0018 to fix the extra dialog issue.
+  * debian/control:
+    - Update Build-Depends list to python3 series.
+    - Update Depends list to match current python3 implementation.
+    - Move debian/source.lintian-overrides
+      to debian/source/lintian-overrides to comfort lintian.
+  * debian/rules:
+    - Use pybuild as buildsystem to avoid pyversions command error.
+
+ -- Roger Shimizu <rosh@debian.org>  Wed, 28 Mar 2018 20:15:00 +0900
+
 torbrowser-launcher (0.2.9-6) unstable; urgency=high

  * debian/control:

--- a/debian/control
+++ b/debian/control
@@ -9,27 +9,23 @@ Build-Depends:
 dh-python,
 help2man,
 lsb-release,
- python-all (>= 2.7.3-4)
+ python3-all
 Standards-Version: 3.9.8
 Homepage: https://micahflee.com/torbrowser-launcher/
 Vcs-Git: https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher.git
-Vcs-Browser: https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/tree/debian/sid
+Vcs-Browser: https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher

 Package: torbrowser-launcher
 Architecture: i386 amd64
 Depends:
 ${misc:Depends},
- ${python:Depends},
+ ${python3:Depends},
 ca-certificates,
- gnupg,
 libdbus-glib-1-2,
- python-gtk2,
- python-lzma,
- python-parsley (>= 1.2),
- python-psutil,
- python-twisted,
- python-txsocksx (>= 1.13.0.1)
-XB-Python-Version: ${python:Versions}
+ python3-pyqt5,
+ python3-gpg,
+ python3-requests,
+ python3-socks
 Recommends: tor
 Suggests: apparmor, python-pygame
 Description: helps download and run the Tor Browser Bundle

--- a/debian/patches/0016-Remove-apparmor-local-path-from-setup.py.patch
+++ b/debian/patches/0016-Remove-apparmor-local-path-from-setup.py.patch
@@ -8,10 +8,10 @@ apparmor local files were just removed, so change setup.py accordingly.
 1 file changed, 4 deletions(-)

 diff --git a/setup.py b/setup.py
-index 991adbb..3185054 100644
+index 37452ba..cf098c1 100644
 --- a/setup.py
 +++ b/setup.py
-@@ -76,10 +76,6 @@ if distro != 'Ubuntu':
+@@ -83,10 +83,6 @@ if distro != 'Ubuntu':
                 'apparmor/torbrowser.Browser.firefox',
                 'apparmor/torbrowser.Browser.plugin-container',
                 'apparmor/torbrowser.Tor.tor']),

--- a/debian/patches/0001-Update-AppArmor-comments.patch
+++ b/debian/patches/0001-Update-AppArmor-comments.patch
-From: Micah Lee <micah@micahflee.com>
-Date: Sun, 28 Jan 2018 11:19:20 -0800
-Subject: Update AppArmor comments
-
---
- apparmor/local/torbrowser.Browser.plugin-container | 2 +-
- apparmor/local/torbrowser.Tor.tor                  | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/apparmor/local/torbrowser.Browser.plugin-container b/apparmor/local/torbrowser.Browser.plugin-container
-index da8acb0..39c9217 100644
--- a/apparmor/local/torbrowser.Browser.plugin-container
-+++ b/apparmor/local/torbrowser.Browser.plugin-container
-@@ -1,2 +1,2 @@
-# Site-specific additions and overrides for torbrowser.Browser.firefox.
-+# Site-specific additions and overrides for torbrowser.Browser.plugin-container.
- # For more details, please see /etc/apparmor.d/local/README.
-diff --git a/apparmor/local/torbrowser.Tor.tor b/apparmor/local/torbrowser.Tor.tor
-index da8acb0..8ba4033 100644
--- a/apparmor/local/torbrowser.Tor.tor
-+++ b/apparmor/local/torbrowser.Tor.tor
-@@ -1,2 +1,2 @@
-# Site-specific additions and overrides for torbrowser.Browser.firefox.
-+# Site-specific additions and overrides for torbrowser.Tor.tor.
- # For more details, please see /etc/apparmor.d/local/README.
--- a/debian/patches/0002-Drop-spurious-trailing-whitespace.patch
+++ b/debian/patches/0002-Drop-spurious-trailing-whitespace.patch
-From: intrigeri <intrigeri@boum.org>
-Date: Sun, 28 Jan 2018 18:51:40 +0000
-Subject: Drop spurious trailing whitespace.
-
---
- apparmor/local/torbrowser.Browser.firefox | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/apparmor/local/torbrowser.Browser.firefox b/apparmor/local/torbrowser.Browser.firefox
-index 2bbf71e..da8acb0 100644
--- a/apparmor/local/torbrowser.Browser.firefox
-+++ b/apparmor/local/torbrowser.Browser.firefox
-@@ -1,2 +1,2 @@
- # Site-specific additions and overrides for torbrowser.Browser.firefox.
-# For more details, please see /etc/apparmor.d/local/README. 
-+# For more details, please see /etc/apparmor.d/local/README.
--- a/debian/patches/0002-show-gui-only-if-tbb-not-installed.patch
+++ b/debian/patches/0002-show-gui-only-if-tbb-not-installed.patch
+From: troubadoour <trobador@riseup.net>
+Date: Tue, 27 Mar 2018 18:19:26 -0400
+Subject: show gui only if tbb not installed
+
+---
+ torbrowser_launcher/__init__.py | 29 ++++++++++++++++-------------
+ 1 file changed, 16 insertions(+), 13 deletions(-)
+
+diff --git a/torbrowser_launcher/__init__.py b/torbrowser_launcher/__init__.py
+index ce542a4..f8b66da 100644
+--- a/torbrowser_launcher/__init__.py
+++ b/torbrowser_launcher/__init__.py
+@@ -37,6 +37,8 @@ from .common import Common, SHARE
+ from .settings import Settings
+ from .launcher import Launcher
+ 
+# Allow ctrl-c to work
+signal.signal(signal.SIGINT, signal.SIG_DFL)
+ 
+ class Application(QtWidgets.QApplication):
+     """
+@@ -76,23 +78,24 @@ def main():
+     if settings:
+         # Settings mode
+         gui = Settings(common, app)
+        gui.show()
+        sys.exit(app.exec_())
+
+     else:
+         # Launcher mode
+         gui = Launcher(common, app, url_list)
+ 
+-    # Center the window
+-    desktop = app.desktop()
+-    window_size = gui.size()
+-    gui.move(
+-        (desktop.width() - window_size.width()) / 2,
+-        (desktop.height() - window_size.height()) / 2
+-    )
+-    gui.show()
+-
+-    # Allow ctrl-c to work
+-    signal.signal(signal.SIGINT, signal.SIG_DFL)
+-
+-    sys.exit(app.exec_())
+        # Show gui only if not installed
+        common = common
+        if not common.settings['installed']:
+            desktop = app.desktop()
+            window_size = gui.size()
+            gui.move(
+                (desktop.width() - window_size.width()) / 2,
+                (desktop.height() - window_size.height()) / 2
+            )
+            gui.show()
+            sys.exit(app.exec_())
+ 
+ 
+ if __name__ == "__main__":
--- a/debian/patches/0003-AppArmor-allow-plugin-container-to-read-file-app-ass.patch
+++ b/debian/patches/0003-AppArmor-allow-plugin-container-to-read-file-app-ass.patch
-From: intrigeri <intrigeri@boum.org>
-Date: Mon, 29 Jan 2018 06:34:14 +0000
-Subject: AppArmor: allow plugin-container to read file/app association
- information.
-
-We already allow the main browser profile to do that but with e10s
-plugin-container now needs it as well.
---
- apparmor/torbrowser.Browser.plugin-container | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
-index ee30fd4..eb28cc0 100644
--- a/apparmor/torbrowser.Browser.plugin-container
-+++ b/apparmor/torbrowser.Browser.plugin-container
-@@ -24,6 +24,9 @@ profile torbrowser_plugin_container {
-   deny /etc/machine-id r,
-   deny /var/lib/dbus/machine-id r,
- 
-+  /etc/mime.types r,
-+  /usr/share/applications/gnome-mimeapps.list r,
-+
-   owner @{PROC}/@{pid}/mountinfo r,
-   owner @{PROC}/@{pid}/stat r,
-   owner @{PROC}/@{pid}/status r,
--- a/debian/patches/0003-remove-double-common-assignment.patch
+++ b/debian/patches/0003-remove-double-common-assignment.patch
+From: troubadoour <trobador@riseup.net>
+Date: Wed, 28 Mar 2018 03:52:42 -0400
+Subject: remove double 'common' assignment
+
+---
+ torbrowser_launcher/__init__.py | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/torbrowser_launcher/__init__.py b/torbrowser_launcher/__init__.py
+index f8b66da..72f7937 100644
+--- a/torbrowser_launcher/__init__.py
+++ b/torbrowser_launcher/__init__.py
+@@ -85,8 +85,7 @@ def main():
+         # Launcher mode
+         gui = Launcher(common, app, url_list)
+ 
+-        # Show gui only if not installed
+-        common = common
+        # Show gui only if tbb not installed
+         if not common.settings['installed']:
+             desktop = app.desktop()
+             window_size = gui.size()
--- a/debian/patches/0004-AppArmor-allow-Firefox-to-ptrace-plugin-container-an.patch
+++ b/debian/patches/0004-AppArmor-allow-Firefox-to-ptrace-plugin-container-an.patch
-From: intrigeri <intrigeri@boum.org>
-Date: Mon, 29 Jan 2018 06:36:55 +0000
-Subject: AppArmor: allow Firefox to ptrace plugin-container and to send it
- term signals.
-
-With e10s Firefox does not need to ptrace itself anymore but instead it needs
-to ptrace and kill its child plugin-container processes.
---
- apparmor/torbrowser.Browser.firefox | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
-index 05f4d16..2069d6f 100644
--- a/apparmor/torbrowser.Browser.firefox
-+++ b/apparmor/torbrowser.Browser.firefox
-@@ -13,7 +13,8 @@
-   network netlink raw,
-   network tcp,
- 
-  ptrace (trace) peer=@{profile_name},
-+  ptrace (trace) peer=torbrowser_plugin_container,
-+  signal (send) set=("term") peer=torbrowser_plugin_container,
- 
-   deny /etc/host.conf r,
-   deny /etc/hosts r,