mirror of
https://github.com/jessfraz/dockerfiles.git
synced 2024-11-27 12:23:35 +01:00
Merge pull request #98 from koep/tor-5.a.4-hardened
add tor-browser hardened
This commit is contained in:
commit
a6a10b92f3
52
tor-browser/hardened/Dockerfile
Normal file
52
tor-browser/hardened/Dockerfile
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
# Run tor browser in a container
|
||||||
|
#
|
||||||
|
# docker run -v /tmp/.X11-unix:/tmp/.X11-unix \
|
||||||
|
# -v /dev/snd:/dev/snd \
|
||||||
|
# -e DISPLAY=unix$DISPLAY \
|
||||||
|
# tor-browser
|
||||||
|
#
|
||||||
|
FROM debian:jessie
|
||||||
|
MAINTAINER Christian Koep <christian.koep@fom-net.de>
|
||||||
|
|
||||||
|
RUN apt-get update && apt-get install -y \
|
||||||
|
ca-certificates \
|
||||||
|
curl \
|
||||||
|
libasound2 \
|
||||||
|
libdbus-glib-1-2 \
|
||||||
|
libgtk2.0-0 \
|
||||||
|
libxrender1 \
|
||||||
|
libxt6 \
|
||||||
|
xz-utils \
|
||||||
|
--no-install-recommends \
|
||||||
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
ENV HOME /home/user
|
||||||
|
RUN useradd --create-home --home-dir $HOME user \
|
||||||
|
&& chown -R user:user $HOME
|
||||||
|
|
||||||
|
ENV LANG C.UTF-8
|
||||||
|
|
||||||
|
ENV TOR_VERSION 5.5a4-hardened
|
||||||
|
ENV TOR_FINGERPRINT 0x4E2C6E8793298290
|
||||||
|
|
||||||
|
# download tor and check signature
|
||||||
|
RUN cd /tmp \
|
||||||
|
&& curl -sSOL "https://dist.torproject.org/torbrowser/${TOR_VERSION}/tor-browser-linux64-${TOR_VERSION}_ALL.tar.xz" \
|
||||||
|
&& curl -sSOL "https://dist.torproject.org/torbrowser/${TOR_VERSION}/tor-browser-linux64-${TOR_VERSION}_ALL.tar.xz.asc" \
|
||||||
|
&& mkdir ~/.gnupg \
|
||||||
|
&& gpg --keyserver x-hkp://keys.gnupg.net --recv-keys ${TOR_FINGERPRINT} \
|
||||||
|
&& gpg --fingerprint ${TOR_FINGERPRINT} | grep "Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290" \
|
||||||
|
&& gpg --verify tor-browser-linux64-${TOR_VERSION}_ALL.tar.xz.asc \
|
||||||
|
&& tar -vxJ --strip-components 1 -C /usr/local/bin -f tor-browser-linux64-${TOR_VERSION}_ALL.tar.xz \
|
||||||
|
&& rm -rf tor-browser* \
|
||||||
|
&& rm -rf ~/.gnupg
|
||||||
|
|
||||||
|
|
||||||
|
# good fonts
|
||||||
|
COPY local.conf /etc/fonts/local.conf
|
||||||
|
|
||||||
|
WORKDIR $HOME
|
||||||
|
USER user
|
||||||
|
|
||||||
|
ENTRYPOINT ["/bin/bash"]
|
||||||
|
CMD [ "/usr/local/bin/Browser/start-tor-browser" ]
|
29
tor-browser/hardened/local.conf
Normal file
29
tor-browser/hardened/local.conf
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version='1.0'?>
|
||||||
|
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
|
||||||
|
<fontconfig>
|
||||||
|
<match target="font">
|
||||||
|
<edit mode="assign" name="rgba">
|
||||||
|
<const>rgb</const>
|
||||||
|
</edit>
|
||||||
|
</match>
|
||||||
|
<match target="font">
|
||||||
|
<edit mode="assign" name="hinting">
|
||||||
|
<bool>true</bool>
|
||||||
|
</edit>
|
||||||
|
</match>
|
||||||
|
<match target="font">
|
||||||
|
<edit mode="assign" name="hintstyle">
|
||||||
|
<const>hintslight</const>
|
||||||
|
</edit>
|
||||||
|
</match>
|
||||||
|
<match target="font">
|
||||||
|
<edit mode="assign" name="antialias">
|
||||||
|
<bool>true</bool>
|
||||||
|
</edit>
|
||||||
|
</match>
|
||||||
|
<match target="font">
|
||||||
|
<edit mode="assign" name="lcdfilter">
|
||||||
|
<const>lcddefault</const>
|
||||||
|
</edit>
|
||||||
|
</match>
|
||||||
|
</fontconfig>
|
Loading…
Reference in New Issue
Block a user