2014-09-03 18:24:28 +00:00
|
|
|
"""
|
|
|
|
Tor Browser Launcher
|
|
|
|
https://github.com/micahflee/torbrowser-launcher/
|
|
|
|
|
2017-01-27 04:25:49 +00:00
|
|
|
Copyright (c) 2013-2017 Micah Lee <micah@micahflee.com>
|
2014-09-03 18:24:28 +00:00
|
|
|
|
|
|
|
Permission is hereby granted, free of charge, to any person
|
|
|
|
obtaining a copy of this software and associated documentation
|
|
|
|
files (the "Software"), to deal in the Software without
|
|
|
|
restriction, including without limitation the rights to use,
|
|
|
|
copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
copies of the Software, and to permit persons to whom the
|
|
|
|
Software is furnished to do so, subject to the following
|
|
|
|
conditions:
|
|
|
|
|
|
|
|
The above copyright notice and this permission notice shall be
|
|
|
|
included in all copies or substantial portions of the Software.
|
|
|
|
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
|
|
|
|
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
|
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
|
|
|
|
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
|
|
|
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
|
|
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
|
|
|
OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
"""
|
|
|
|
|
2017-03-22 12:52:45 +00:00
|
|
|
import os
|
|
|
|
import sys
|
|
|
|
import platform
|
|
|
|
import subprocess
|
|
|
|
import locale
|
|
|
|
import pickle
|
|
|
|
import json
|
|
|
|
import re
|
2018-03-23 20:36:37 +00:00
|
|
|
import gettext
|
|
|
|
import gpg
|
2014-09-03 18:24:28 +00:00
|
|
|
|
|
|
|
SHARE = os.getenv('TBL_SHARE', sys.prefix+'/share/torbrowser-launcher')
|
|
|
|
|
2016-12-03 16:17:08 +00:00
|
|
|
gettext.install('torbrowser-launcher')
|
2014-09-03 18:24:28 +00:00
|
|
|
|
2017-03-22 16:57:10 +00:00
|
|
|
# We're looking for output which:
|
|
|
|
#
|
|
|
|
# 1. The first portion must be `[GNUPG:] IMPORT_OK`
|
|
|
|
# 2. The second must be an integer between [0, 15], inclusive
|
|
|
|
# 3. The third must be an uppercased hex-encoded 160-bit fingerprint
|
|
|
|
gnupg_import_ok_pattern = re.compile(
|
2018-03-22 18:22:22 +00:00
|
|
|
b"(\[GNUPG\:\]) (IMPORT_OK) ([0-9]|[1]?[0-5]) ([A-F0-9]{40})")
|
2017-03-22 16:57:10 +00:00
|
|
|
|
|
|
|
|
2018-03-19 16:29:12 +00:00
|
|
|
class Common(object):
|
2014-09-03 18:24:28 +00:00
|
|
|
def __init__(self, tbl_version):
|
|
|
|
self.tbl_version = tbl_version
|
|
|
|
|
|
|
|
# initialize the app
|
2018-01-28 16:57:26 +00:00
|
|
|
self.default_mirror = 'https://dist.torproject.org/'
|
2014-09-03 18:24:28 +00:00
|
|
|
self.discover_arch_lang()
|
|
|
|
self.build_paths()
|
|
|
|
for d in self.paths['dirs']:
|
|
|
|
self.mkdir(self.paths['dirs'][d])
|
|
|
|
self.load_mirrors()
|
|
|
|
self.load_settings()
|
|
|
|
self.mkdir(self.paths['download_dir'])
|
|
|
|
self.mkdir(self.paths['tbb']['dir'])
|
|
|
|
self.init_gnupg()
|
|
|
|
|
|
|
|
# discover the architecture and language
|
|
|
|
def discover_arch_lang(self):
|
|
|
|
# figure out the architecture
|
|
|
|
self.architecture = 'x86_64' if '64' in platform.architecture()[0] else 'i686'
|
|
|
|
|
|
|
|
# figure out the language
|
|
|
|
available_languages = ['en-US', 'ar', 'de', 'es-ES', 'fa', 'fr', 'it', 'ko', 'nl', 'pl', 'pt-PT', 'ru', 'vi', 'zh-CN']
|
2016-03-01 12:14:15 +00:00
|
|
|
default_locale = locale.getlocale(locale.LC_MESSAGES)[0]
|
2014-09-03 18:24:28 +00:00
|
|
|
if default_locale is None:
|
|
|
|
self.language = 'en-US'
|
|
|
|
else:
|
|
|
|
self.language = default_locale.replace('_', '-')
|
|
|
|
if self.language not in available_languages:
|
|
|
|
self.language = self.language.split('-')[0]
|
|
|
|
if self.language not in available_languages:
|
|
|
|
for l in available_languages:
|
|
|
|
if l[0:2] == self.language:
|
|
|
|
self.language = l
|
|
|
|
# if language isn't available, default to english
|
|
|
|
if self.language not in available_languages:
|
|
|
|
self.language = 'en-US'
|
|
|
|
|
|
|
|
# build all relevant paths
|
|
|
|
def build_paths(self, tbb_version=None):
|
|
|
|
homedir = os.getenv('HOME')
|
|
|
|
if not homedir:
|
|
|
|
homedir = '/tmp/.torbrowser-'+os.getenv('USER')
|
|
|
|
if not os.path.exists(homedir):
|
|
|
|
try:
|
2016-11-09 01:57:52 +00:00
|
|
|
os.mkdir(homedir, 0o700)
|
2014-09-03 18:24:28 +00:00
|
|
|
except:
|
|
|
|
self.set_gui('error', _("Error creating {0}").format(homedir), [], False)
|
|
|
|
if not os.access(homedir, os.W_OK):
|
|
|
|
self.set_gui('error', _("{0} is not writable").format(homedir), [], False)
|
|
|
|
|
|
|
|
tbb_config = '{0}/.config/torbrowser'.format(homedir)
|
|
|
|
tbb_cache = '{0}/.cache/torbrowser'.format(homedir)
|
|
|
|
tbb_local = '{0}/.local/share/torbrowser'.format(homedir)
|
|
|
|
old_tbb_data = '{0}/.torbrowser'.format(homedir)
|
|
|
|
|
|
|
|
if tbb_version:
|
|
|
|
# tarball filename
|
|
|
|
if self.architecture == 'x86_64':
|
|
|
|
arch = 'linux64'
|
|
|
|
else:
|
|
|
|
arch = 'linux32'
|
2016-07-08 21:37:31 +00:00
|
|
|
|
|
|
|
if hasattr(self, 'settings') and self.settings['force_en-US']:
|
|
|
|
language = 'en-US'
|
|
|
|
else:
|
|
|
|
language = self.language
|
2018-03-23 20:36:37 +00:00
|
|
|
tarball_filename = 'tor-browser-' + arch + '-' + tbb_version + '_' + language + '.tar.xz'
|
2014-09-03 18:24:28 +00:00
|
|
|
|
|
|
|
# tarball
|
2018-03-23 20:36:37 +00:00
|
|
|
self.paths['tarball_url'] = '{0}torbrowser/' + tbb_version + '/' + tarball_filename
|
|
|
|
self.paths['tarball_file'] = tbb_cache + '/download/' + tarball_filename
|
2014-09-03 18:24:28 +00:00
|
|
|
self.paths['tarball_filename'] = tarball_filename
|
|
|
|
|
|
|
|
# sig
|
2018-03-23 20:36:37 +00:00
|
|
|
self.paths['sig_url'] = '{0}torbrowser/' + tbb_version + '/' + tarball_filename + '.asc'
|
|
|
|
self.paths['sig_file'] = tbb_cache + '/download/' + tarball_filename + '.asc'
|
|
|
|
self.paths['sig_filename'] = tarball_filename + '.asc'
|
2014-09-03 18:24:28 +00:00
|
|
|
else:
|
|
|
|
self.paths = {
|
|
|
|
'dirs': {
|
|
|
|
'config': tbb_config,
|
|
|
|
'cache': tbb_cache,
|
|
|
|
'local': tbb_local,
|
|
|
|
},
|
|
|
|
'old_data_dir': old_tbb_data,
|
2014-10-01 00:38:13 +00:00
|
|
|
'tbl_bin': sys.argv[0],
|
2016-03-04 14:15:44 +00:00
|
|
|
'icon_file': os.path.join(os.path.dirname(SHARE), 'pixmaps/torbrowser.png'),
|
2014-09-03 18:24:28 +00:00
|
|
|
'torproject_pem': os.path.join(SHARE, 'torproject.pem'),
|
2017-04-22 15:17:33 +00:00
|
|
|
'keyserver_ca': os.path.join(SHARE, 'sks-keyservers.netCA.pem'),
|
2016-07-08 23:33:57 +00:00
|
|
|
'signing_keys': {
|
|
|
|
'tor_browser_developers': os.path.join(SHARE, 'tor-browser-developers.asc')
|
|
|
|
},
|
2014-09-03 18:24:28 +00:00
|
|
|
'mirrors_txt': [os.path.join(SHARE, 'mirrors.txt'),
|
2018-03-23 20:36:37 +00:00
|
|
|
tbb_config + '/mirrors.txt'],
|
|
|
|
'download_dir': tbb_cache + '/download',
|
|
|
|
'gnupg_homedir': tbb_local + '/gnupg_homedir',
|
|
|
|
'settings_file': tbb_config + '/settings.json',
|
|
|
|
'settings_file_pickle': tbb_config + '/settings',
|
2017-06-16 23:24:04 +00:00
|
|
|
'version_check_url': 'https://aus1.torproject.org/torbrowser/update_3/release/Linux_x86_64-gcc3/x/en-US',
|
2018-03-23 20:36:37 +00:00
|
|
|
'version_check_file': tbb_cache + '/download/release.xml',
|
2014-09-03 18:24:28 +00:00
|
|
|
'tbb': {
|
2018-03-23 20:36:37 +00:00
|
|
|
'changelog': tbb_local + '/tbb/' + self.architecture + '/tor-browser_' +
|
|
|
|
self.language + '/Browser/TorBrowser/Docs/ChangeLog.txt',
|
|
|
|
'dir': tbb_local + '/tbb/' + self.architecture,
|
|
|
|
'dir_tbb': tbb_local + '/tbb/' + self.architecture + '/tor-browser_' + self.language,
|
|
|
|
'start': tbb_local + '/tbb/' + self.architecture + '/tor-browser_' +
|
|
|
|
self.language + '/start-tor-browser.desktop'
|
2014-09-03 18:24:28 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
Check that GnuPG key import was successful.
Rather than checking the GnuPG process exit code, a more robust way to
handle determining whether or not a GnuPG process behaved as was
intended is to check GnuPG's status-fd output. [0]
In the case of key import, the particular status-fd flag we're looking
for is `IMPORT_OK` followed by a "reason", then the expected
fingerprint. [1] Because the "reason"s are integers which may be ORed,
and we are never expecting private keys to be within the file, we can
assume the reason to be `[0, 15]` inclusive.
While it's not strictly necessary to hardcode Erinn's key fingerprint
within the code because the keyfiles are safely distributed along with
the source code, doing so adds a simple defense-in-depth mechanism for
the unlikely case that a user's torbrowser-launcher package/source
download was compromised. As such, and because it was a trivial
addition which will also assist with checking that a signature was made
by the key with the expected fingerprint [2], I've gone ahead and added
a `common.fingerprints` dictionary whose keys match the names of the
`common.paths` keyfile for their respective key (i.e. the fingerprint
for `common.paths['erinn_key']` is stored at
`common.fingerprints['erinn_key']`) in order to facilitate extensibility
in the event that torbrowser-launcher should add new keyfiles in the
future. This may be removed, if undesirable.
* ADD `common.gnupg_import_ok_pattern`, a compiled regex for
determining if a key import was successful.
* ADD new class attribute, `common.Common.fingerprints` for storing
fingerprints.
* ADD new method, `common.Common.import_key_and_check_status()`, which
imports a GnuPG key, and then checks that the key was successfully
imported.
* CHANGE `common.Common.import_keys()` method to make adding
new/additional keys easier.
* FIXES https://github.com/micahflee/torbrowser-launcher/issues/137
[0]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l323
[1]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l713
[2]: https://github.com/micahflee/torbrowser-launcher/issues/147
2014-10-27 21:16:51 +00:00
|
|
|
# Add the expected fingerprint for imported keys:
|
2016-07-08 23:33:57 +00:00
|
|
|
self.fingerprints = {
|
|
|
|
'tor_browser_developers': 'EF6E286DDA85EA2A4BA7DE684E2C6E8793298290'
|
|
|
|
}
|
Check that GnuPG key import was successful.
Rather than checking the GnuPG process exit code, a more robust way to
handle determining whether or not a GnuPG process behaved as was
intended is to check GnuPG's status-fd output. [0]
In the case of key import, the particular status-fd flag we're looking
for is `IMPORT_OK` followed by a "reason", then the expected
fingerprint. [1] Because the "reason"s are integers which may be ORed,
and we are never expecting private keys to be within the file, we can
assume the reason to be `[0, 15]` inclusive.
While it's not strictly necessary to hardcode Erinn's key fingerprint
within the code because the keyfiles are safely distributed along with
the source code, doing so adds a simple defense-in-depth mechanism for
the unlikely case that a user's torbrowser-launcher package/source
download was compromised. As such, and because it was a trivial
addition which will also assist with checking that a signature was made
by the key with the expected fingerprint [2], I've gone ahead and added
a `common.fingerprints` dictionary whose keys match the names of the
`common.paths` keyfile for their respective key (i.e. the fingerprint
for `common.paths['erinn_key']` is stored at
`common.fingerprints['erinn_key']`) in order to facilitate extensibility
in the event that torbrowser-launcher should add new keyfiles in the
future. This may be removed, if undesirable.
* ADD `common.gnupg_import_ok_pattern`, a compiled regex for
determining if a key import was successful.
* ADD new class attribute, `common.Common.fingerprints` for storing
fingerprints.
* ADD new method, `common.Common.import_key_and_check_status()`, which
imports a GnuPG key, and then checks that the key was successfully
imported.
* CHANGE `common.Common.import_keys()` method to make adding
new/additional keys easier.
* FIXES https://github.com/micahflee/torbrowser-launcher/issues/137
[0]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l323
[1]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l713
[2]: https://github.com/micahflee/torbrowser-launcher/issues/147
2014-10-27 21:16:51 +00:00
|
|
|
|
2014-09-03 18:24:28 +00:00
|
|
|
# create a directory
|
|
|
|
@staticmethod
|
|
|
|
def mkdir(path):
|
|
|
|
try:
|
|
|
|
if not os.path.exists(path):
|
2016-11-09 01:57:52 +00:00
|
|
|
os.makedirs(path, 0o700)
|
2014-09-03 18:24:28 +00:00
|
|
|
return True
|
|
|
|
except:
|
2016-11-09 01:54:37 +00:00
|
|
|
print(_("Cannot create directory {0}").format(path))
|
2014-09-03 18:24:28 +00:00
|
|
|
return False
|
|
|
|
if not os.access(path, os.W_OK):
|
2016-11-09 01:54:37 +00:00
|
|
|
print(_("{0} is not writable").format(path))
|
2014-09-03 18:24:28 +00:00
|
|
|
return False
|
|
|
|
return True
|
|
|
|
|
|
|
|
# if gnupg_homedir isn't set up, set it up
|
|
|
|
def init_gnupg(self):
|
|
|
|
if not os.path.exists(self.paths['gnupg_homedir']):
|
2016-11-09 01:54:37 +00:00
|
|
|
print(_('Creating GnuPG homedir'), self.paths['gnupg_homedir'])
|
2014-09-03 18:24:28 +00:00
|
|
|
self.mkdir(self.paths['gnupg_homedir'])
|
|
|
|
self.import_keys()
|
|
|
|
|
2017-04-08 19:05:51 +00:00
|
|
|
def refresh_keyring(self, fingerprint=None):
|
2017-04-23 23:41:24 +00:00
|
|
|
if fingerprint is not None:
|
|
|
|
print('Refreshing local keyring... Missing key: ' + fingerprint)
|
|
|
|
else:
|
|
|
|
print('Refreshing local keyring...')
|
|
|
|
|
2018-03-23 22:42:11 +00:00
|
|
|
p = subprocess.Popen(['/usr/bin/gpg2', '--status-fd', '2',
|
2017-04-21 22:01:49 +00:00
|
|
|
'--homedir', self.paths['gnupg_homedir'],
|
2017-04-22 15:17:33 +00:00
|
|
|
'--keyserver', 'hkps://hkps.pool.sks-keyservers.net',
|
|
|
|
'--keyserver-options', 'ca-cert-file=' + self.paths['keyserver_ca']
|
|
|
|
+ ',include-revoked,no-honor-keyserver-url,no-honor-pka-record',
|
2017-04-21 22:01:49 +00:00
|
|
|
'--refresh-keys'], stderr=subprocess.PIPE)
|
2017-04-22 15:17:33 +00:00
|
|
|
p.wait()
|
2017-04-08 19:05:51 +00:00
|
|
|
|
2017-04-23 23:41:24 +00:00
|
|
|
for output in p.stderr.readlines():
|
|
|
|
match = gnupg_import_ok_pattern.match(output)
|
|
|
|
if match and match.group(2) == 'IMPORT_OK':
|
|
|
|
fingerprint = str(match.group(4))
|
|
|
|
if match.group(3) == '0':
|
2017-12-16 11:52:00 +00:00
|
|
|
print('Keyring refreshed successfully...')
|
|
|
|
print(' No key updates for key: ' + fingerprint)
|
2017-04-23 23:41:24 +00:00
|
|
|
elif match.group(3) == '4':
|
2017-12-16 11:52:00 +00:00
|
|
|
print('Keyring refreshed successfully...')
|
|
|
|
print(' New signatures for key: ' + fingerprint)
|
2017-04-23 23:41:24 +00:00
|
|
|
else:
|
|
|
|
print('Keyring refreshed successfully...')
|
2017-04-08 19:05:51 +00:00
|
|
|
|
Check that GnuPG key import was successful.
Rather than checking the GnuPG process exit code, a more robust way to
handle determining whether or not a GnuPG process behaved as was
intended is to check GnuPG's status-fd output. [0]
In the case of key import, the particular status-fd flag we're looking
for is `IMPORT_OK` followed by a "reason", then the expected
fingerprint. [1] Because the "reason"s are integers which may be ORed,
and we are never expecting private keys to be within the file, we can
assume the reason to be `[0, 15]` inclusive.
While it's not strictly necessary to hardcode Erinn's key fingerprint
within the code because the keyfiles are safely distributed along with
the source code, doing so adds a simple defense-in-depth mechanism for
the unlikely case that a user's torbrowser-launcher package/source
download was compromised. As such, and because it was a trivial
addition which will also assist with checking that a signature was made
by the key with the expected fingerprint [2], I've gone ahead and added
a `common.fingerprints` dictionary whose keys match the names of the
`common.paths` keyfile for their respective key (i.e. the fingerprint
for `common.paths['erinn_key']` is stored at
`common.fingerprints['erinn_key']`) in order to facilitate extensibility
in the event that torbrowser-launcher should add new keyfiles in the
future. This may be removed, if undesirable.
* ADD `common.gnupg_import_ok_pattern`, a compiled regex for
determining if a key import was successful.
* ADD new class attribute, `common.Common.fingerprints` for storing
fingerprints.
* ADD new method, `common.Common.import_key_and_check_status()`, which
imports a GnuPG key, and then checks that the key was successfully
imported.
* CHANGE `common.Common.import_keys()` method to make adding
new/additional keys easier.
* FIXES https://github.com/micahflee/torbrowser-launcher/issues/137
[0]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l323
[1]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l713
[2]: https://github.com/micahflee/torbrowser-launcher/issues/147
2014-10-27 21:16:51 +00:00
|
|
|
def import_key_and_check_status(self, key):
|
|
|
|
"""Import a GnuPG key and check that the operation was successful.
|
|
|
|
:param str key: A string specifying the key's filepath from
|
2017-03-03 14:01:52 +00:00
|
|
|
``Common.paths``
|
Check that GnuPG key import was successful.
Rather than checking the GnuPG process exit code, a more robust way to
handle determining whether or not a GnuPG process behaved as was
intended is to check GnuPG's status-fd output. [0]
In the case of key import, the particular status-fd flag we're looking
for is `IMPORT_OK` followed by a "reason", then the expected
fingerprint. [1] Because the "reason"s are integers which may be ORed,
and we are never expecting private keys to be within the file, we can
assume the reason to be `[0, 15]` inclusive.
While it's not strictly necessary to hardcode Erinn's key fingerprint
within the code because the keyfiles are safely distributed along with
the source code, doing so adds a simple defense-in-depth mechanism for
the unlikely case that a user's torbrowser-launcher package/source
download was compromised. As such, and because it was a trivial
addition which will also assist with checking that a signature was made
by the key with the expected fingerprint [2], I've gone ahead and added
a `common.fingerprints` dictionary whose keys match the names of the
`common.paths` keyfile for their respective key (i.e. the fingerprint
for `common.paths['erinn_key']` is stored at
`common.fingerprints['erinn_key']`) in order to facilitate extensibility
in the event that torbrowser-launcher should add new keyfiles in the
future. This may be removed, if undesirable.
* ADD `common.gnupg_import_ok_pattern`, a compiled regex for
determining if a key import was successful.
* ADD new class attribute, `common.Common.fingerprints` for storing
fingerprints.
* ADD new method, `common.Common.import_key_and_check_status()`, which
imports a GnuPG key, and then checks that the key was successfully
imported.
* CHANGE `common.Common.import_keys()` method to make adding
new/additional keys easier.
* FIXES https://github.com/micahflee/torbrowser-launcher/issues/137
[0]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l323
[1]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l713
[2]: https://github.com/micahflee/torbrowser-launcher/issues/147
2014-10-27 21:16:51 +00:00
|
|
|
:rtype: bool
|
|
|
|
:returns: ``True`` if the key is now within the keyring (or was
|
|
|
|
previously and hasn't changed). ``False`` otherwise.
|
|
|
|
"""
|
2018-03-23 20:36:37 +00:00
|
|
|
with gpg.Context() as c:
|
|
|
|
c.set_engine_info(gpg.constants.protocol.OpenPGP, home_dir=self.paths['gnupg_homedir'])
|
|
|
|
|
|
|
|
impkey = self.paths['signing_keys'][key]
|
|
|
|
try:
|
|
|
|
c.op_import(gpg.Data(file=impkey))
|
|
|
|
except:
|
|
|
|
return False
|
|
|
|
else:
|
|
|
|
result = c.op_import_result()
|
|
|
|
if result and self.fingerprints[key] in result.imports[0].fpr:
|
|
|
|
return True
|
2017-03-22 16:57:10 +00:00
|
|
|
else:
|
2018-03-23 20:36:37 +00:00
|
|
|
return False
|
Check that GnuPG key import was successful.
Rather than checking the GnuPG process exit code, a more robust way to
handle determining whether or not a GnuPG process behaved as was
intended is to check GnuPG's status-fd output. [0]
In the case of key import, the particular status-fd flag we're looking
for is `IMPORT_OK` followed by a "reason", then the expected
fingerprint. [1] Because the "reason"s are integers which may be ORed,
and we are never expecting private keys to be within the file, we can
assume the reason to be `[0, 15]` inclusive.
While it's not strictly necessary to hardcode Erinn's key fingerprint
within the code because the keyfiles are safely distributed along with
the source code, doing so adds a simple defense-in-depth mechanism for
the unlikely case that a user's torbrowser-launcher package/source
download was compromised. As such, and because it was a trivial
addition which will also assist with checking that a signature was made
by the key with the expected fingerprint [2], I've gone ahead and added
a `common.fingerprints` dictionary whose keys match the names of the
`common.paths` keyfile for their respective key (i.e. the fingerprint
for `common.paths['erinn_key']` is stored at
`common.fingerprints['erinn_key']`) in order to facilitate extensibility
in the event that torbrowser-launcher should add new keyfiles in the
future. This may be removed, if undesirable.
* ADD `common.gnupg_import_ok_pattern`, a compiled regex for
determining if a key import was successful.
* ADD new class attribute, `common.Common.fingerprints` for storing
fingerprints.
* ADD new method, `common.Common.import_key_and_check_status()`, which
imports a GnuPG key, and then checks that the key was successfully
imported.
* CHANGE `common.Common.import_keys()` method to make adding
new/additional keys easier.
* FIXES https://github.com/micahflee/torbrowser-launcher/issues/137
[0]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l323
[1]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l713
[2]: https://github.com/micahflee/torbrowser-launcher/issues/147
2014-10-27 21:16:51 +00:00
|
|
|
|
2014-09-03 18:24:28 +00:00
|
|
|
# import gpg keys
|
|
|
|
def import_keys(self):
|
Check that GnuPG key import was successful.
Rather than checking the GnuPG process exit code, a more robust way to
handle determining whether or not a GnuPG process behaved as was
intended is to check GnuPG's status-fd output. [0]
In the case of key import, the particular status-fd flag we're looking
for is `IMPORT_OK` followed by a "reason", then the expected
fingerprint. [1] Because the "reason"s are integers which may be ORed,
and we are never expecting private keys to be within the file, we can
assume the reason to be `[0, 15]` inclusive.
While it's not strictly necessary to hardcode Erinn's key fingerprint
within the code because the keyfiles are safely distributed along with
the source code, doing so adds a simple defense-in-depth mechanism for
the unlikely case that a user's torbrowser-launcher package/source
download was compromised. As such, and because it was a trivial
addition which will also assist with checking that a signature was made
by the key with the expected fingerprint [2], I've gone ahead and added
a `common.fingerprints` dictionary whose keys match the names of the
`common.paths` keyfile for their respective key (i.e. the fingerprint
for `common.paths['erinn_key']` is stored at
`common.fingerprints['erinn_key']`) in order to facilitate extensibility
in the event that torbrowser-launcher should add new keyfiles in the
future. This may be removed, if undesirable.
* ADD `common.gnupg_import_ok_pattern`, a compiled regex for
determining if a key import was successful.
* ADD new class attribute, `common.Common.fingerprints` for storing
fingerprints.
* ADD new method, `common.Common.import_key_and_check_status()`, which
imports a GnuPG key, and then checks that the key was successfully
imported.
* CHANGE `common.Common.import_keys()` method to make adding
new/additional keys easier.
* FIXES https://github.com/micahflee/torbrowser-launcher/issues/137
[0]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l323
[1]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l713
[2]: https://github.com/micahflee/torbrowser-launcher/issues/147
2014-10-27 21:16:51 +00:00
|
|
|
"""Import all GnuPG keys.
|
|
|
|
:rtype: bool
|
|
|
|
:returns: ``True`` if all keys were successfully imported; ``False``
|
|
|
|
otherwise.
|
|
|
|
"""
|
2018-03-23 20:36:37 +00:00
|
|
|
keys = ['tor_browser_developers', ]
|
Check that GnuPG key import was successful.
Rather than checking the GnuPG process exit code, a more robust way to
handle determining whether or not a GnuPG process behaved as was
intended is to check GnuPG's status-fd output. [0]
In the case of key import, the particular status-fd flag we're looking
for is `IMPORT_OK` followed by a "reason", then the expected
fingerprint. [1] Because the "reason"s are integers which may be ORed,
and we are never expecting private keys to be within the file, we can
assume the reason to be `[0, 15]` inclusive.
While it's not strictly necessary to hardcode Erinn's key fingerprint
within the code because the keyfiles are safely distributed along with
the source code, doing so adds a simple defense-in-depth mechanism for
the unlikely case that a user's torbrowser-launcher package/source
download was compromised. As such, and because it was a trivial
addition which will also assist with checking that a signature was made
by the key with the expected fingerprint [2], I've gone ahead and added
a `common.fingerprints` dictionary whose keys match the names of the
`common.paths` keyfile for their respective key (i.e. the fingerprint
for `common.paths['erinn_key']` is stored at
`common.fingerprints['erinn_key']`) in order to facilitate extensibility
in the event that torbrowser-launcher should add new keyfiles in the
future. This may be removed, if undesirable.
* ADD `common.gnupg_import_ok_pattern`, a compiled regex for
determining if a key import was successful.
* ADD new class attribute, `common.Common.fingerprints` for storing
fingerprints.
* ADD new method, `common.Common.import_key_and_check_status()`, which
imports a GnuPG key, and then checks that the key was successfully
imported.
* CHANGE `common.Common.import_keys()` method to make adding
new/additional keys easier.
* FIXES https://github.com/micahflee/torbrowser-launcher/issues/137
[0]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l323
[1]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l713
[2]: https://github.com/micahflee/torbrowser-launcher/issues/147
2014-10-27 21:16:51 +00:00
|
|
|
all_imports_succeeded = True
|
|
|
|
|
|
|
|
for key in keys:
|
|
|
|
imported = self.import_key_and_check_status(key)
|
|
|
|
if not imported:
|
2016-11-09 01:54:37 +00:00
|
|
|
print(_('Could not import key with fingerprint: %s.'
|
|
|
|
% self.fingerprints[key]))
|
Check that GnuPG key import was successful.
Rather than checking the GnuPG process exit code, a more robust way to
handle determining whether or not a GnuPG process behaved as was
intended is to check GnuPG's status-fd output. [0]
In the case of key import, the particular status-fd flag we're looking
for is `IMPORT_OK` followed by a "reason", then the expected
fingerprint. [1] Because the "reason"s are integers which may be ORed,
and we are never expecting private keys to be within the file, we can
assume the reason to be `[0, 15]` inclusive.
While it's not strictly necessary to hardcode Erinn's key fingerprint
within the code because the keyfiles are safely distributed along with
the source code, doing so adds a simple defense-in-depth mechanism for
the unlikely case that a user's torbrowser-launcher package/source
download was compromised. As such, and because it was a trivial
addition which will also assist with checking that a signature was made
by the key with the expected fingerprint [2], I've gone ahead and added
a `common.fingerprints` dictionary whose keys match the names of the
`common.paths` keyfile for their respective key (i.e. the fingerprint
for `common.paths['erinn_key']` is stored at
`common.fingerprints['erinn_key']`) in order to facilitate extensibility
in the event that torbrowser-launcher should add new keyfiles in the
future. This may be removed, if undesirable.
* ADD `common.gnupg_import_ok_pattern`, a compiled regex for
determining if a key import was successful.
* ADD new class attribute, `common.Common.fingerprints` for storing
fingerprints.
* ADD new method, `common.Common.import_key_and_check_status()`, which
imports a GnuPG key, and then checks that the key was successfully
imported.
* CHANGE `common.Common.import_keys()` method to make adding
new/additional keys easier.
* FIXES https://github.com/micahflee/torbrowser-launcher/issues/137
[0]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l323
[1]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l713
[2]: https://github.com/micahflee/torbrowser-launcher/issues/147
2014-10-27 21:16:51 +00:00
|
|
|
all_imports_succeeded = False
|
|
|
|
|
2016-07-08 23:44:40 +00:00
|
|
|
if not all_imports_succeeded:
|
2016-11-09 01:54:37 +00:00
|
|
|
print(_('Not all keys were imported successfully!'))
|
Check that GnuPG key import was successful.
Rather than checking the GnuPG process exit code, a more robust way to
handle determining whether or not a GnuPG process behaved as was
intended is to check GnuPG's status-fd output. [0]
In the case of key import, the particular status-fd flag we're looking
for is `IMPORT_OK` followed by a "reason", then the expected
fingerprint. [1] Because the "reason"s are integers which may be ORed,
and we are never expecting private keys to be within the file, we can
assume the reason to be `[0, 15]` inclusive.
While it's not strictly necessary to hardcode Erinn's key fingerprint
within the code because the keyfiles are safely distributed along with
the source code, doing so adds a simple defense-in-depth mechanism for
the unlikely case that a user's torbrowser-launcher package/source
download was compromised. As such, and because it was a trivial
addition which will also assist with checking that a signature was made
by the key with the expected fingerprint [2], I've gone ahead and added
a `common.fingerprints` dictionary whose keys match the names of the
`common.paths` keyfile for their respective key (i.e. the fingerprint
for `common.paths['erinn_key']` is stored at
`common.fingerprints['erinn_key']`) in order to facilitate extensibility
in the event that torbrowser-launcher should add new keyfiles in the
future. This may be removed, if undesirable.
* ADD `common.gnupg_import_ok_pattern`, a compiled regex for
determining if a key import was successful.
* ADD new class attribute, `common.Common.fingerprints` for storing
fingerprints.
* ADD new method, `common.Common.import_key_and_check_status()`, which
imports a GnuPG key, and then checks that the key was successfully
imported.
* CHANGE `common.Common.import_keys()` method to make adding
new/additional keys easier.
* FIXES https://github.com/micahflee/torbrowser-launcher/issues/137
[0]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l323
[1]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;hb=HEAD#l713
[2]: https://github.com/micahflee/torbrowser-launcher/issues/147
2014-10-27 21:16:51 +00:00
|
|
|
|
|
|
|
return all_imports_succeeded
|
2014-09-03 18:24:28 +00:00
|
|
|
|
|
|
|
# load mirrors
|
|
|
|
def load_mirrors(self):
|
|
|
|
self.mirrors = []
|
|
|
|
for srcfile in self.paths['mirrors_txt']:
|
2015-01-08 01:46:52 +00:00
|
|
|
if not os.path.exists(srcfile):
|
2014-09-03 18:24:28 +00:00
|
|
|
continue
|
|
|
|
for mirror in open(srcfile, 'r').readlines():
|
|
|
|
if mirror.strip() not in self.mirrors:
|
|
|
|
self.mirrors.append(mirror.strip())
|
|
|
|
|
|
|
|
# load settings
|
|
|
|
def load_settings(self):
|
|
|
|
default_settings = {
|
|
|
|
'tbl_version': self.tbl_version,
|
2015-11-09 03:44:18 +00:00
|
|
|
'installed': False,
|
|
|
|
'download_over_tor': False,
|
2018-03-23 19:49:52 +00:00
|
|
|
'tor_socks_address': '127.0.0.1:9050',
|
2016-07-08 21:27:45 +00:00
|
|
|
'mirror': self.default_mirror,
|
|
|
|
'force_en-US': False,
|
2014-09-03 18:24:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if os.path.isfile(self.paths['settings_file']):
|
2015-11-06 02:13:57 +00:00
|
|
|
settings = json.load(open(self.paths['settings_file']))
|
2014-09-03 18:24:28 +00:00
|
|
|
resave = False
|
|
|
|
|
2015-11-09 03:44:18 +00:00
|
|
|
# detect installed
|
|
|
|
settings['installed'] = os.path.isfile(self.paths['tbb']['start'])
|
|
|
|
|
2014-09-03 18:24:28 +00:00
|
|
|
# make sure settings file is up-to-date
|
|
|
|
for setting in default_settings:
|
|
|
|
if setting not in settings:
|
|
|
|
settings[setting] = default_settings[setting]
|
|
|
|
resave = True
|
|
|
|
|
2018-03-23 19:49:52 +00:00
|
|
|
# make sure tor_socks_address doesn't start with 'tcp:'
|
|
|
|
if settings['tor_socks_address'].startswith('tcp:'):
|
|
|
|
settings['tor_socks_address'] = settings['tor_socks_address'][4:]
|
|
|
|
resave = True
|
|
|
|
|
2014-09-03 18:24:28 +00:00
|
|
|
# make sure the version is current
|
|
|
|
if settings['tbl_version'] != self.tbl_version:
|
|
|
|
settings['tbl_version'] = self.tbl_version
|
|
|
|
resave = True
|
|
|
|
|
|
|
|
self.settings = settings
|
|
|
|
if resave:
|
|
|
|
self.save_settings()
|
|
|
|
|
2015-11-06 02:13:57 +00:00
|
|
|
# if settings file is still using old pickle format, convert to json
|
|
|
|
elif os.path.isfile(self.paths['settings_file_pickle']):
|
|
|
|
self.settings = pickle.load(open(self.paths['settings_file_pickle']))
|
|
|
|
self.save_settings()
|
|
|
|
os.remove(self.paths['settings_file_pickle'])
|
|
|
|
self.load_settings()
|
|
|
|
|
2014-09-03 18:24:28 +00:00
|
|
|
else:
|
|
|
|
self.settings = default_settings
|
|
|
|
self.save_settings()
|
|
|
|
|
|
|
|
# save settings
|
|
|
|
def save_settings(self):
|
2015-11-06 02:13:57 +00:00
|
|
|
json.dump(self.settings, open(self.paths['settings_file'], 'w'))
|
2014-09-03 18:24:28 +00:00
|
|
|
return True
|