]>
git.lizzy.rs Git - torbrowser-launcher.git/log
Micah Lee [Fri, 23 Mar 2018 21:50:12 +0000 (14:50 -0700)]
Center the window
Micah Lee [Fri, 23 Mar 2018 21:43:08 +0000 (14:43 -0700)]
Must retain a reference to the QMainWindow, or Qt never shows it
Micah Lee [Fri, 23 Mar 2018 20:45:33 +0000 (13:45 -0700)]
Only try refreshing the keyring when necessary
Micah Lee [Fri, 23 Mar 2018 20:40:44 +0000 (13:40 -0700)]
Allow ctrl-c to work again (see https://stackoverflow.com/questions/
5160577 /ctrl-c-doesnt-work-with-pyqt)
Micah Lee [Fri, 23 Mar 2018 20:36:37 +0000 (13:36 -0700)]
Fix flake8 style issues
Micah Lee [Fri, 23 Mar 2018 20:20:06 +0000 (13:20 -0700)]
Update build scripts and dependencies
Micah Lee [Fri, 23 Mar 2018 20:13:52 +0000 (13:13 -0700)]
Fix style on setup.py
Micah Lee [Fri, 23 Mar 2018 20:00:10 +0000 (13:00 -0700)]
Fix ampersand
Micah Lee [Fri, 23 Mar 2018 19:56:32 +0000 (12:56 -0700)]
Give more intelligence errors if connection error while using socks proxy
Micah Lee [Fri, 23 Mar 2018 19:49:52 +0000 (12:49 -0700)]
Make downloading over Tor work
Micah Lee [Fri, 23 Mar 2018 19:40:19 +0000 (12:40 -0700)]
Fix issue with settings checkboxes not working correctly
Micah Lee [Fri, 23 Mar 2018 03:52:54 +0000 (20:52 -0700)]
Check for SSL error when downloading
Micah Lee [Fri, 23 Mar 2018 03:33:55 +0000 (20:33 -0700)]
Extract tarball in a separate thread
Micah Lee [Fri, 23 Mar 2018 03:23:21 +0000 (20:23 -0700)]
Verify signature in a separate thread
Micah Lee [Fri, 23 Mar 2018 02:46:41 +0000 (19:46 -0700)]
Start making basic download error handling work again, and remove old twisted code
Micah Lee [Thu, 22 Mar 2018 22:18:46 +0000 (15:18 -0700)]
Fix buttons, and actually delete download path on exit
Micah Lee [Thu, 22 Mar 2018 22:10:37 +0000 (15:10 -0700)]
Download in a separate thread, using requests
Micah Lee [Thu, 22 Mar 2018 21:35:25 +0000 (14:35 -0700)]
Replace twisted with requests. Downloads work, but does not handle errors or update the GUI
Micah Lee [Thu, 22 Mar 2018 21:21:23 +0000 (14:21 -0700)]
Refactor Launcher to use Qt5, removing all of gtk2 (does not execute yet still because of twisted issues)
Micah Lee [Thu, 22 Mar 2018 18:22:22 +0000 (11:22 -0700)]
Add icons to settings buttons
Micah Lee [Thu, 22 Mar 2018 18:00:22 +0000 (11:00 -0700)]
Removed modem sound :(
Micah Lee [Mon, 19 Mar 2018 16:29:12 +0000 (09:29 -0700)]
Port Settings from gtk2 to Qt5, and also switch from python2 to python3
Micah Lee [Mon, 19 Mar 2018 08:37:04 +0000 (01:37 -0700)]
Add @intrigeri as code owner for AppArmor profiles
Micah Lee [Tue, 27 Feb 2018 05:22:42 +0000 (21:22 -0800)]
Add github code ownders
Micah Lee [Sun, 28 Jan 2018 19:19:20 +0000 (11:19 -0800)]
Update AppArmor comments
Micah Lee [Sun, 28 Jan 2018 18:33:29 +0000 (10:33 -0800)]
Updated changelog once more
Micah Lee [Sun, 28 Jan 2018 18:29:29 +0000 (10:29 -0800)]
Add blank local override AppArmor files
Micah Lee [Sun, 28 Jan 2018 17:35:24 +0000 (09:35 -0800)]
Remove nonexistent usr.bin.torbrowser-launcher AppArmor profile from setup.py
Micah Lee [Sun, 28 Jan 2018 17:12:09 +0000 (09:12 -0800)]
Merge branch 'apparmor-vs-Linux-4.14' of https://github.com/intrigeri/torbrowser-launcher into apparmor
Micah Lee [Sun, 28 Jan 2018 17:10:51 +0000 (09:10 -0800)]
Merge branch 'silence-tor-browser-apparmor-logs' of https://github.com/intrigeri/torbrowser-launcher into apparmor
Micah Lee [Sun, 28 Jan 2018 17:10:28 +0000 (09:10 -0800)]
Merge branch 'apparmor-Data-Tor' of https://github.com/intrigeri/torbrowser-launcher into apparmor
Micah Lee [Sun, 28 Jan 2018 17:09:38 +0000 (09:09 -0800)]
Merge branch 'intrigeri-apparmor-e10s' into apparmor
Micah Lee [Sun, 28 Jan 2018 17:09:29 +0000 (09:09 -0800)]
Merge branch 'apparmor-e10s' of https://github.com/intrigeri/torbrowser-launcher into intrigeri-apparmor-e10s
Micah Lee [Sun, 28 Jan 2018 17:05:03 +0000 (09:05 -0800)]
Updated changelog and version bump to 0.2.9
Micah Lee [Sun, 28 Jan 2018 16:57:26 +0000 (08:57 -0800)]
Update default mirror to https://dist.torproject.org/
Micah Lee [Sun, 28 Jan 2018 16:44:29 +0000 (08:44 -0800)]
Merge branch 'rogers0-PR/appstream_metadata'
Micah Lee [Sun, 28 Jan 2018 16:44:19 +0000 (08:44 -0800)]
Merge branch 'PR/appstream_metadata' of https://github.com/rogers0/torbrowser-launcher into rogers0-PR/appstream_metadata
Micah Lee [Sun, 28 Jan 2018 16:42:50 +0000 (08:42 -0800)]
Merge branch 'creideiki-298-remove-newlines-from-prints'
Micah Lee [Sun, 28 Jan 2018 16:42:21 +0000 (08:42 -0800)]
Merge branch '298-remove-newlines-from-prints' of https://github.com/creideiki/torbrowser-launcher into creideiki-298-remove-newlines-from-prints
Micah Lee [Sun, 28 Jan 2018 16:39:47 +0000 (08:39 -0800)]
Updated mirror list again, from mirrors at https://www.torproject.org/getinvolved/mirrors.html.en on 2018-01-28
Micah Lee [Sun, 28 Jan 2018 16:32:19 +0000 (08:32 -0800)]
Merge branch 'PR/fix_mirror' of https://github.com/rogers0/torbrowser-launcher into rogers0-PR/fix_mirror
Micah Lee [Sun, 28 Jan 2018 16:26:21 +0000 (08:26 -0800)]
Merge branch 'feature-relative-import' of https://github.com/sedrubal/torbrowser-launcher into sedrubal-feature-relative-import
Micah Lee [Sun, 28 Jan 2018 16:24:55 +0000 (08:24 -0800)]
Merge branch 'feature-print-function' of https://github.com/sedrubal/torbrowser-launcher into sedrubal-feature-print-function
Micah Lee [Sat, 27 Jan 2018 23:41:36 +0000 (15:41 -0800)]
Merge branch 'sedrubal-feature-use-octal-numbers'
Micah Lee [Sat, 27 Jan 2018 21:54:28 +0000 (13:54 -0800)]
Merge branch 'feature-use-octal-numbers' of https://github.com/sedrubal/torbrowser-launcher into sedrubal-feature-use-octal-numbers
Micah Lee [Sat, 27 Jan 2018 21:53:38 +0000 (13:53 -0800)]
Merge branch 'cyphar-force-python2'
Micah Lee [Sat, 27 Jan 2018 21:46:35 +0000 (13:46 -0800)]
Merge branch 'force-python2' of https://github.com/cyphar/torbrowser-launcher into cyphar-force-python2
Micah Lee [Sat, 27 Jan 2018 21:42:46 +0000 (13:42 -0800)]
Merge branch 'kraai-version-number'
Matt Kraai [Thu, 25 Jan 2018 02:44:44 +0000 (18:44 -0800)]
Read the version number from ChangeLog.txt
Fixes #306
Roger Shimizu [Sun, 24 Dec 2017 14:18:09 +0000 (23:18 +0900)]
Update AppStream metadata
Upgrade to the new spec of AppStream metadata:
- https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html
And rename to share/metainfo/torbrowser.appdata.xml
Karl-Johan Karlsson [Sat, 16 Dec 2017 11:52:00 +0000 (12:52 +0100)]
Split print calls on newlines
If torbrowser-launcher cannot write to stdout, e.g. because it was
started in the background and the controlling terminal has been closed
or because it was started from a desktop environment launcher whose
stdout has been closed, it crashes after updating the GnuPG key.
This is due to print() crashing the program if stdout isn't writeable
and the string to print contains a newline.
To work around the problem, split the strings containing newlines into
several calls to print().
See also the upstream bug at https://bugs.python.org/issue32345
Closes #298
intrigeri [Thu, 26 Oct 2017 11:16:58 +0000 (11:16 +0000)]
AppArmor: drop the usr.bin.torbrowser-launcher profile.
It's been broken since years and shipped in complain mode since 26 months.
It's now obvious that nobody cares enough about this profile to maintain it,
so let's drop it to avoid polluting system logs with tons of AppArmor messages:
with Linux 4.14, starting Tor Browser once triggers 27k+ such messages.
intrigeri [Thu, 26 Oct 2017 11:12:52 +0000 (11:12 +0000)]
AppArmor: grant access to mostly innocuous stuff Firefox tries to read.
I did not check in details why it needs that nowadays but this does not
increase the attack surface significantly, so let's allow it and don't
take the risk of breaking security critical stuff by denying it blindly.
If someone does the research and shows that it's safe to deny such access,
then we can do so.
intrigeri [Thu, 26 Oct 2017 11:12:05 +0000 (11:12 +0000)]
AppArmor: add rules needed with new mediation support added in Linux 4.14.
intrigeri [Sun, 24 Sep 2017 05:33:35 +0000 (05:33 +0000)]
AppArmor: allow the tor process to modify its data directory.
It's unclear to me why this is not needed _all the time_, but it does make sense
that at least in some circumstances, it needs to do that, e.g. to create
that directory.
Originally reported by Chris Lamb <lamby@debian.org> on
https://bugs.debian.org/876484.
Roger Shimizu [Sun, 24 Sep 2017 02:55:15 +0000 (11:55 +0900)]
Update mirror list
Except the official site, there're only 3 working mirror in current
mirror list. So it's really necessary to update the list now.
Got the latest list from:
- https://www.torproject.org/getinvolved/mirrors.html.en
And only keeps https links for security sake.
anonym [Fri, 22 Sep 2017 15:27:12 +0000 (17:27 +0200)]
Silence the AppArmor logs a bit more.
Tor Browser will always check for these directories and fail,
meanwhile needlessly spamming the journal with audit log entries.
intrigeri [Sat, 9 Sep 2017 17:28:02 +0000 (17:28 +0000)]
AppArmor: support sysvinit systems.
With systemd (at least on current Debian sid), /run/shm is a symlink to
/dev/shm, so "owner /dev/shm/org.chromium.* rw," is enough. With sysvinit,
apparently things are set up differently (perhaps the symlinks are in the
opposite direction?) so Firefox tries to access /run/shm/org.chromium.*,
which was rejected.
Let's support both!
Thanks to gregor herrmann <gregoa@debian.org> for the bug report:
https://bugs.debian.org/874383
Note that this problem happens with pristine 0.2.8 profiles,
without the changes brought by my apparmor-e10s branch.
intrigeri [Fri, 8 Sep 2017 07:12:30 +0000 (07:12 +0000)]
AppArmor: grant plugin-container read-write access on the fontconfig cache.
Apparently it needs that to use & manage the cache.
intrigeri [Fri, 23 Jun 2017 09:57:54 +0000 (09:57 +0000)]
AppArmor: improve comment about allowing sound.
intrigeri [Fri, 23 Jun 2017 09:46:33 +0000 (09:46 +0000)]
AppArmor: merge lines to ease maintenance.
intrigeri [Fri, 23 Jun 2017 09:12:48 +0000 (09:12 +0000)]
AppArmor: grant plugin-container write access to its temporary directory.
Otherwise e.g. printing to a PDF file fails.
intrigeri [Fri, 23 Jun 2017 08:30:30 +0000 (08:30 +0000)]
AppArmor: move to plugin-container, and extend, the commented-out lines that help making sound work.
Apparently these permissions are now needed by plugin-container, not by the
master firefox process.
intrigeri [Fri, 23 Jun 2017 08:06:51 +0000 (08:06 +0000)]
AppArmor: grant plugin-container write access to the Downloads directory.
Otherwise at least printing to a PDF file in that directory fails.
intrigeri [Fri, 23 Jun 2017 07:25:42 +0000 (07:25 +0000)]
AppArmor: add missing library loading permissions.
Otherwise at least printing is broken.
intrigeri [Fri, 23 Jun 2017 07:11:41 +0000 (07:11 +0000)]
Merge remote-tracking branch 'upstream-repo/master' into apparmor-e10s
Micah Lee [Wed, 21 Jun 2017 22:40:20 +0000 (15:40 -0700)]
Version bump to 0.2.8, and updated changelog
Micah Lee [Wed, 21 Jun 2017 00:45:11 +0000 (17:45 -0700)]
Merge branch 'dephekt-issue-271'
Micah Lee [Wed, 21 Jun 2017 00:02:45 +0000 (17:02 -0700)]
Merge branch 'issue-271' of https://github.com/dephekt/torbrowser-launcher into dephekt-issue-271
Micah Lee [Tue, 20 Jun 2017 22:36:13 +0000 (15:36 -0700)]
Merge branch 'intrigeri-apparmor-tb-7'
Micah Lee [Tue, 20 Jun 2017 22:36:03 +0000 (15:36 -0700)]
Merge branch 'apparmor-tb-7' of https://github.com/intrigeri/torbrowser-launcher into intrigeri-apparmor-tb-7
Micah Lee [Tue, 20 Jun 2017 22:32:45 +0000 (15:32 -0700)]
Merge branch 'boklm-update_version_check_url'
Micah Lee [Tue, 20 Jun 2017 22:24:52 +0000 (15:24 -0700)]
Merge branch 'update_version_check_url' of https://github.com/boklm/torbrowser-launcher into boklm-update_version_check_url
Micah Lee [Tue, 20 Jun 2017 22:23:24 +0000 (15:23 -0700)]
Fix crash that happens if gpgme is not installed
intrigeri [Sat, 17 Jun 2017 09:49:55 +0000 (09:49 +0000)]
AppArmor (refactoring): extract often used paths into variables.
intrigeri [Sat, 17 Jun 2017 09:39:09 +0000 (09:39 +0000)]
AppArmor: add missing "owner" prefix, for consistency.
Nicolas Vigier [Fri, 16 Jun 2017 23:24:04 +0000 (01:24 +0200)]
Update version_check_url
The Tor Browser update manifests have been moved from
dist.torproject.org to aus1.torproject.org:
https://trac.torproject.org/projects/tor/ticket/19481
The update_2 part of the URL has been changed to update_3:
https://trac.torproject.org/projects/tor/ticket/19316
intrigeri [Fri, 16 Jun 2017 17:48:34 +0000 (17:48 +0000)]
setup.py: install the new torbrowser.Browser.plugin-container profile.
intrigeri [Fri, 16 Jun 2017 17:45:07 +0000 (17:45 +0000)]
AppArmor: give plugin-container read-only access to the Tor Browser components it needs, and to user extensions.
intrigeri [Fri, 16 Jun 2017 17:33:33 +0000 (17:33 +0000)]
AppArmor: remove lots of permissions the plugin-container process doesn't need.
intrigeri [Fri, 16 Jun 2017 17:13:59 +0000 (17:13 +0000)]
AppArmor: remove useless "Last modified" lines that don't convey any information.
intrigeri [Fri, 16 Jun 2017 17:13:31 +0000 (17:13 +0000)]
AppArmor: allow plugin-container to read/map/execute itself.
intrigeri [Fri, 16 Jun 2017 16:13:03 +0000 (16:13 +0000)]
AppArmor: fully transition to plugin-container's own confinement when starting it, i.e. don't inherit Firefox' confinement.
We will later remove credentials plugin-container doesn't need, in order to
confine it more strictly. Such effort would be worthless if we kept inheriting
the permissions we grant the parent Firefox process.
intrigeri [Fri, 16 Jun 2017 16:09:11 +0000 (16:09 +0000)]
AppArmor: create a new profile for Firefox' content rendering processes (plugin-container).
This profile was copied as-is from torbrowser.Browser.firefox, and I updated the
name of the profile and the corresponding local include only.
intrigeri [Fri, 16 Jun 2017 15:59:22 +0000 (15:59 +0000)]
AppArmor: allow access to /sys/devices/system/node/node[0-9]*/meminfo.
abstractions/base allows access to /proc/meminfo already, so this doesn't leak
much more information. I can't be sure by looking at the code, but I would
not be surprised if Firefox needed more info about available memory
to manage it pool of content rendering processes, when e10s is enabled.
intrigeri [Fri, 16 Jun 2017 15:51:16 +0000 (15:51 +0000)]
AppArmor: allow access to /proc/PID/status.
This is consistent with how we handle similar files so far.
intrigeri [Fri, 16 Jun 2017 15:44:47 +0000 (15:44 +0000)]
AppArmor: use the @{pid} tunable instead of hard-coding our own pattern.
intrigeri [Fri, 16 Jun 2017 15:34:55 +0000 (15:34 +0000)]
AppArmor: silence denial logs about permissions we don't need.
As of Tor Browser 7.0.1:
* /dev/dri/: we block access to the DRI nodes, so listing
them would be useless
* net/route: seems risky as it can leak information about IPs used on the LAN;
Tor Browser seems to works perfectly without such access, so let's not
grant it to be on the safe side
* CPU maximum frequency:only used to optimize VP8/VP9 encoding
* CPU cache size: seems unused
intrigeri [Fri, 16 Jun 2017 15:19:52 +0000 (15:19 +0000)]
AppArmor: add permissions needed for multiprocess Firefox (e10s).
Dan Snider [Sun, 23 Apr 2017 23:41:24 +0000 (18:41 -0500)]
Parse output of refresh_keys and display nicer output.
Dan Snider [Sat, 22 Apr 2017 15:17:33 +0000 (10:17 -0500)]
Use HKPS for GPG key refresh, add sks-keyservers' CA cert.
Dan Snider [Fri, 21 Apr 2017 22:01:49 +0000 (17:01 -0500)]
Only refresh the keyring, don't try to get new keys.
Dan Snider [Thu, 13 Apr 2017 22:35:01 +0000 (17:35 -0500)]
common.py: Always call refresh_keyring prior to importing keys.
Dan Snider [Thu, 13 Apr 2017 22:24:42 +0000 (17:24 -0500)]
launcher.py: Add method calls to common.refresh_keyring on signature verify failures.
Dan Snider [Sat, 8 Apr 2017 19:05:51 +0000 (14:05 -0500)]
common.py: Add initial stuff for refresh_keyring method to Common class.
Micah Lee [Fri, 7 Apr 2017 23:40:00 +0000 (16:40 -0700)]
Merge branch 'dephekt-issue-267'
Micah Lee [Fri, 7 Apr 2017 23:39:41 +0000 (16:39 -0700)]
Update build instructions to make python-gpg optional
Micah Lee [Fri, 7 Apr 2017 19:31:44 +0000 (12:31 -0700)]
Merge branch 'femmetasm-patch-1'
femmetasm [Tue, 4 Apr 2017 20:42:30 +0000 (20:42 +0000)]
Fix gnome-shell icon issue
Dan Snider [Wed, 22 Mar 2017 16:57:10 +0000 (11:57 -0500)]
Add logic to shell out for verify/import if gpgme lib not present