Tor Browser Launcher
https://github.com/micahflee/torbrowser-launcher/
-Copyright (c) 2013-2014 Micah Lee <micah@micahflee.com>
+Copyright (c) 2013-2017 Micah Lee <micah@micahflee.com>
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation
OTHER DEALINGS IN THE SOFTWARE.
"""
-import os, sys, platform, subprocess, locale, pickle, json, psutil, re
+from __future__ import print_function
+
+import os
+import sys
+import platform
+import subprocess
+import locale
+import pickle
+import json
+import re
+
+try:
+ import gpg
+ gpgme_support = True
+except ImportError:
+ gpgme_support = False
import pygtk
pygtk.require('2.0')
SHARE = os.getenv('TBL_SHARE', sys.prefix+'/share/torbrowser-launcher')
import gettext
-gettext.install('torbrowser-launcher', os.path.join(SHARE, 'locale'))
+gettext.install('torbrowser-launcher')
from twisted.internet import gtk2reactor
gtk2reactor.install()
-
# We're looking for output which:
#
-# 1. The first portion must be `[GNUPG:] IMPORT_OK`
-# 2. The second must be an integer between [0, 15], inclusive
-# 3. The third must be an uppercased hex-encoded 160-bit fingerprint
+# 1. The first portion must be `[GNUPG:] IMPORT_OK`
+# 2. The second must be an integer between [0, 15], inclusive
+# 3. The third must be an uppercased hex-encoded 160-bit fingerprint
gnupg_import_ok_pattern = re.compile(
"(\[GNUPG\:\]) (IMPORT_OK) ([0-9]|[1]?[0-5]) ([A-F0-9]{40})")
self.tbl_version = tbl_version
# initialize the app
- self.default_mirror = 'https://www.torproject.org/dist/'
+ self.default_mirror = 'https://dist.torproject.org/'
self.discover_arch_lang()
self.build_paths()
for d in self.paths['dirs']:
homedir = '/tmp/.torbrowser-'+os.getenv('USER')
if not os.path.exists(homedir):
try:
- os.mkdir(homedir, 0700)
+ os.mkdir(homedir, 0o700)
except:
self.set_gui('error', _("Error creating {0}").format(homedir), [], False)
if not os.access(homedir, os.W_OK):
'tbl_bin': sys.argv[0],
'icon_file': os.path.join(os.path.dirname(SHARE), 'pixmaps/torbrowser.png'),
'torproject_pem': os.path.join(SHARE, 'torproject.pem'),
+ 'keyserver_ca': os.path.join(SHARE, 'sks-keyservers.netCA.pem'),
'signing_keys': {
'tor_browser_developers': os.path.join(SHARE, 'tor-browser-developers.asc')
},
'gnupg_homedir': tbb_local+'/gnupg_homedir',
'settings_file': tbb_config+'/settings.json',
'settings_file_pickle': tbb_config+'/settings',
- 'version_check_url': 'https://dist.torproject.org/torbrowser/update_2/release/Linux_x86_64-gcc3/x/en-US',
+ 'version_check_url': 'https://aus1.torproject.org/torbrowser/update_3/release/Linux_x86_64-gcc3/x/en-US',
'version_check_file': tbb_cache+'/download/release.xml',
'tbb': {
+ 'changelog': tbb_local+'/tbb/'+self.architecture+'/tor-browser_'+self.language+'/Browser/TorBrowser/Docs/ChangeLog.txt',
'dir': tbb_local+'/tbb/'+self.architecture,
'dir_tbb': tbb_local+'/tbb/'+self.architecture+'/tor-browser_'+self.language,
'start': tbb_local+'/tbb/'+self.architecture+'/tor-browser_'+self.language+'/start-tor-browser.desktop',
- 'versions': tbb_local+'/tbb/'+self.architecture+'/tor-browser_'+self.language+'/Browser/TorBrowser/Docs/sources/versions',
},
}
def mkdir(path):
try:
if not os.path.exists(path):
- os.makedirs(path, 0700)
+ os.makedirs(path, 0o700)
return True
except:
- print _("Cannot create directory {0}").format(path)
+ print(_("Cannot create directory {0}").format(path))
return False
if not os.access(path, os.W_OK):
- print _("{0} is not writable").format(path)
+ print(_("{0} is not writable").format(path))
return False
return True
# if gnupg_homedir isn't set up, set it up
def init_gnupg(self):
if not os.path.exists(self.paths['gnupg_homedir']):
- print _('Creating GnuPG homedir'), self.paths['gnupg_homedir']
+ print(_('Creating GnuPG homedir'), self.paths['gnupg_homedir'])
self.mkdir(self.paths['gnupg_homedir'])
self.import_keys()
+ def refresh_keyring(self, fingerprint=None):
+ if fingerprint is not None:
+ print('Refreshing local keyring... Missing key: ' + fingerprint)
+ else:
+ print('Refreshing local keyring...')
+
+ p = subprocess.Popen(['/usr/bin/gpg', '--status-fd', '2',
+ '--homedir', self.paths['gnupg_homedir'],
+ '--keyserver', 'hkps://hkps.pool.sks-keyservers.net',
+ '--keyserver-options', 'ca-cert-file=' + self.paths['keyserver_ca']
+ + ',include-revoked,no-honor-keyserver-url,no-honor-pka-record',
+ '--refresh-keys'], stderr=subprocess.PIPE)
+ p.wait()
+
+ for output in p.stderr.readlines():
+ match = gnupg_import_ok_pattern.match(output)
+ if match and match.group(2) == 'IMPORT_OK':
+ fingerprint = str(match.group(4))
+ if match.group(3) == '0':
+ print('Keyring refreshed successfully...')
+ print(' No key updates for key: ' + fingerprint)
+ elif match.group(3) == '4':
+ print('Keyring refreshed successfully...')
+ print(' New signatures for key: ' + fingerprint)
+ else:
+ print('Keyring refreshed successfully...')
+
def import_key_and_check_status(self, key):
"""Import a GnuPG key and check that the operation was successful.
-
:param str key: A string specifying the key's filepath from
- ``Common.paths``, as well as its fingerprint in
- ``Common.fingerprints``.
+ ``Common.paths``
:rtype: bool
:returns: ``True`` if the key is now within the keyring (or was
previously and hasn't changed). ``False`` otherwise.
"""
- success = False
+ if gpgme_support:
+ with gpg.Context() as c:
+ c.set_engine_info(gpg.constants.protocol.OpenPGP, home_dir=self.paths['gnupg_homedir'])
- p = subprocess.Popen(['/usr/bin/gpg', '--status-fd', '2',
- '--homedir', self.paths['gnupg_homedir'],
- '--import', self.paths['signing_keys'][key]],
- stderr=subprocess.PIPE)
- p.wait()
+ impkey = self.paths['signing_keys'][key]
+ try:
+ c.op_import(gpg.Data(file=impkey))
+ except:
+ return False
+ else:
+ result = c.op_import_result()
+ if result and self.fingerprints[key] in result.imports[0].fpr:
+ return True
+ else:
+ return False
+ else:
+ success = False
- for output in p.stderr.readlines():
- match = gnupg_import_ok_pattern.match(output)
- if match:
- # The output must match everything in the
- # ``gnupg_import_ok_pattern``, as well as the expected fingerprint:
- if match.group().find(self.fingerprints[key]) >= 0:
- success = True
- break
+ p = subprocess.Popen(['/usr/bin/gpg', '--status-fd', '2',
+ '--homedir', self.paths['gnupg_homedir'],
+ '--import', self.paths['signing_keys'][key]],
+ stderr=subprocess.PIPE)
+ p.wait()
- return success
+ for output in p.stderr.readlines():
+ match = gnupg_import_ok_pattern.match(output)
+ if match:
+ if match.group().find(self.fingerprints[key]) >= 0:
+ success = True
+ break
+
+ return success
# import gpg keys
def import_keys(self):
"""Import all GnuPG keys.
-
:rtype: bool
:returns: ``True`` if all keys were successfully imported; ``False``
otherwise.
keys = ['tor_browser_developers',]
all_imports_succeeded = True
- print _('Importing keys')
for key in keys:
imported = self.import_key_and_check_status(key)
if not imported:
- print _('Could not import key with fingerprint: %s.'
- % self.fingerprints[key])
+ print(_('Could not import key with fingerprint: %s.'
+ % self.fingerprints[key]))
all_imports_succeeded = False
- if all_imports_succeeded:
- print _('Successfully imported all keys.')
- else:
- print _('Not all keys were imported successfully!')
+ if not all_imports_succeeded:
+ print(_('Not all keys were imported successfully!'))
+ self.refresh_keyring()
return all_imports_succeeded
# load mirrors