Merge pull request #3592 from kushaldas/update_ansible_for_tbb

Update ansible and Dockerfile for tbb
freedomofpress · Jul 12, 2018 · badd904 · badd904
2 parents cbb0113 + 318d8bf
commit badd904
Show file tree

Hide file tree

Showing 4 changed files with 2,426 additions and 2 deletions.
diff --git a/install_files/ansible-base/roles/app-test/defaults/main.yml b/install_files/ansible-base/roles/app-test/defaults/main.yml
@@ -16,7 +16,7 @@ test_apt_dependencies:
 test_pip_requirements: "{{ securedrop_code }}/requirements/test-requirements.txt"
 
 # Specify TBB version to download and install
-tbb_release: 7.5
+tbb_release: 7.5.6
 tbb_locale: en-US
 tbb_arch: 64
 tbb_directory: "/home/{{ ansible_user|default(ansible_ssh_user|default(lookup('env', 'USER'))) }}/.local/tbb"

diff --git a/install_files/ansible-base/roles/app-test/tasks/install_tbb.yml b/install_files/ansible-base/roles/app-test/tasks/install_tbb.yml
@@ -56,3 +56,19 @@
     group: "{{ securedrop_user }}"
     mode: "0770"
 
+- name: Download geckodriver for compatibility with Tor
+  get_url:
+    dest: "/opt/geckodriver-v0.17.0-linux64.tar.gz"
+    url: https://github.com/mozilla/geckodriver/releases/download/v0.17.0/geckodriver-v0.17.0-linux64.tar.gz
+    sha256sum: 3154274c050d724eb2f4e8986a58ed37c0138b48304692bf7eeed827a5e82319
+  tags:
+    - apt
+
+- name: extract geckodriver
+  unarchive:
+    src: /opt/geckodriver-v0.17.0-linux64.tar.gz
+    dest: /bin/
+
+- name: install geckodriver
+  shell: |
+    chmod +x /bin/geckodriver
diff --git a/securedrop/Dockerfile b/securedrop/Dockerfile
@@ -9,7 +9,8 @@ RUN apt-get update && \
     apt-get install -y devscripts \
                        python-pip libpython2.7-dev libssl-dev secure-delete \
                        gnupg2 ruby redis-server firefox git xvfb haveged curl \
-                       gettext paxctl x11vnc enchant libffi-dev sqlite3
+                       gettext paxctl x11vnc enchant libffi-dev sqlite3 wget \
+                       libasound2 libdbus-glib-1-2 libgtk2.0-0 libfontconfig1 libxrender1
 
 RUN gem install sass -v 3.4.23
 
@@ -20,6 +21,27 @@ RUN curl -LO https://launchpad.net/~ubuntu-mozilla-security/+archive/ubuntu/ppa/
     dpkg -i firefox*deb && apt-get install -f && \
     paxctl -cm /usr/lib/firefox/firefox
 
+
+COPY ./tor_project_public.pub /opt/
+
+RUN gpg --import /opt/tor_project_public.pub && \
+    wget  https://www.torproject.org/dist/torbrowser/7.5.6/tor-browser-linux64-7.5.6_en-US.tar.xz && \
+    wget https://www.torproject.org/dist/torbrowser/7.5.6/tor-browser-linux64-7.5.6_en-US.tar.xz.asc && \
+    gpg --verify tor-browser-linux64-7.5.6_en-US.tar.xz.asc tor-browser-linux64-7.5.6_en-US.tar.xz
+
+RUN tar -xvJf tor-browser-linux64-7.5.6_en-US.tar.xz && \
+    mkdir -p /root/.local/tbb && mv tor-browser_en-US /root/.local/tbb &&\
+    paxctl -cm /root/.local/tbb/tor-browser_en-US/Browser/firefox && \
+    paxctl -cm /root/.local/tbb/tor-browser_en-US/Browser/plugin-container
+
+ENV GECKODRIVER_CHECKSUM=3154274c050d724eb2f4e8986a58ed37c0138b48304692bf7eeed827a5e82319
+RUN wget https://github.com/mozilla/geckodriver/releases/download/v0.17.0/geckodriver-v0.17.0-linux64.tar.gz && \
+    shasum -a 256 geckodriver*tar.gz && \
+    echo "${GECKODRIVER_CHECKSUM}  geckodriver-v0.17.0-linux64.tar.gz" | shasum -a 256 -c - && \
+    tar -zxvf geckodriver*tar.gz && chmod +x geckodriver && mv geckodriver /bin && \
+    paxctl -cm /bin/geckodriver
+
+
 #
 # This can be removed when upgrading to something more recent than trusty
 #