From d75c3dc6dc18fa1f00a64ae15977ebe9d5f3cd87 Mon Sep 17 00:00:00 2001 From: Christian Koep Date: Sat, 19 Dec 2015 21:43:29 +0100 Subject: [PATCH] add tor-browser hardened --- tor-browser/hardened/Dockerfile | 52 +++++++++++++++++++++++++++++++++ tor-browser/hardened/local.conf | 29 ++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 tor-browser/hardened/Dockerfile create mode 100644 tor-browser/hardened/local.conf diff --git a/tor-browser/hardened/Dockerfile b/tor-browser/hardened/Dockerfile new file mode 100644 index 0000000..be20fc7 --- /dev/null +++ b/tor-browser/hardened/Dockerfile @@ -0,0 +1,52 @@ +# Run tor browser in a container +# +# docker run -v /tmp/.X11-unix:/tmp/.X11-unix \ +# -v /dev/snd:/dev/snd \ +# -e DISPLAY=unix$DISPLAY \ +# tor-browser +# +FROM debian:jessie +MAINTAINER Christian Koep + +RUN apt-get update && apt-get install -y \ + ca-certificates \ + curl \ + libasound2 \ + libdbus-glib-1-2 \ + libgtk2.0-0 \ + libxrender1 \ + libxt6 \ + xz-utils \ + --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* + +ENV HOME /home/user +RUN useradd --create-home --home-dir $HOME user \ + && chown -R user:user $HOME + +ENV LANG C.UTF-8 + +ENV TOR_VERSION 5.5a4-hardened +ENV TOR_FINGERPRINT 0x4E2C6E8793298290 + +# download tor and check signature +RUN cd /tmp \ + && curl -sSOL "https://dist.torproject.org/torbrowser/${TOR_VERSION}/tor-browser-linux64-${TOR_VERSION}_ALL.tar.xz" \ + && curl -sSOL "https://dist.torproject.org/torbrowser/${TOR_VERSION}/tor-browser-linux64-${TOR_VERSION}_ALL.tar.xz.asc" \ + && mkdir ~/.gnupg \ + && gpg --keyserver x-hkp://keys.gnupg.net --recv-keys ${TOR_FINGERPRINT} \ + && gpg --fingerprint ${TOR_FINGERPRINT} | grep "Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290" \ + && gpg --verify tor-browser-linux64-${TOR_VERSION}_ALL.tar.xz.asc \ + && tar -vxJ --strip-components 1 -C /usr/local/bin -f tor-browser-linux64-${TOR_VERSION}_ALL.tar.xz \ + && rm -rf tor-browser* \ + && rm -rf ~/.gnupg + + +# good fonts +COPY local.conf /etc/fonts/local.conf + +WORKDIR $HOME +USER user + +ENTRYPOINT ["/bin/bash"] +CMD [ "/usr/local/bin/Browser/start-tor-browser" ] diff --git a/tor-browser/hardened/local.conf b/tor-browser/hardened/local.conf new file mode 100644 index 0000000..51dd0d3 --- /dev/null +++ b/tor-browser/hardened/local.conf @@ -0,0 +1,29 @@ + + + + + +rgb + + + + +true + + + + +hintslight + + + + +true + + + + +lcddefault + + +