Package: torbrowser-launcher Version: 0.3.2-7 Severity: wishlist Tags: patch
Dear Maintainers, it would be great if U2F devices (like a yubikey) would be usable by default with torbrowser. I created an upstream merge request to allow these devices in the apparmor profile a couple of months ago and it was was merged [0] (thanks to intrigeri!), but there was no new torbrowser release since then. Would it be possible to include the patch in the debian package? That would allow using salsa with U2F tokens (and any other Gitlab instance that might come up ;)) cheers, Birger [0] https://github.com/micahflee/torbrowser-launcher/pull/434 -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (800, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages torbrowser-launcher depends on: ii ca-certificates 20190110 ii libdbus-glib-1-2 0.110-5 ii python3 3.8.2-2 ii python3-gpg 1.13.1-7 ii python3-pyqt5 5.14.1+dfsg-3 ii python3-requests 2.23.0+dfsg-2 ii python3-socks 1.6.8+dfsg-1 Versions of packages torbrowser-launcher recommends: ii tor 0.4.2.7-1 Versions of packages torbrowser-launcher suggests: ii apparmor 2.13.4-1 -- Configuration Files: /etc/apparmor.d/local/torbrowser.Browser.firefox changed [not included] -- no debconf information
>From 3052e6579dd489923bca95a82308e5f4b6399e68 Mon Sep 17 00:00:00 2001 From: Birger Schacht <bir...@rantanplan.org> Date: Sat, 4 Apr 2020 18:18:50 +0200 Subject: [PATCH] Add AppArmor patch to allow U2F devices --- .../0016-AppArmor-allow-u2f-devices.patch | 28 +++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 29 insertions(+) create mode 100644 debian/patches/0016-AppArmor-allow-u2f-devices.patch diff --git a/debian/patches/0016-AppArmor-allow-u2f-devices.patch b/debian/patches/0016-AppArmor-allow-u2f-devices.patch new file mode 100644 index 0000000..bc6130f --- /dev/null +++ b/debian/patches/0016-AppArmor-allow-u2f-devices.patch @@ -0,0 +1,28 @@ +From: Birger Schacht <bir...@rantanplan.org> +Date: Wed, 23 Oct 2019 19:47:55 +0200 +Subject: [PATCH] Allow torbrowser to access u2f devices + +(cherry picked from 704e5ca3b46ac1bcf7931875fc7d33ad13910e10) +--- + apparmor/torbrowser.Browser.firefox | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox +index 42516b6..c067375 100644 +--- a/apparmor/torbrowser.Browser.firefox ++++ b/apparmor/torbrowser.Browser.firefox +@@ -133,5 +133,14 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { + /etc/xfce4/defaults.list r, + /usr/share/xfce4/applications/ r, + ++ # u2f (tested with Yubikey 4) ++ /sys/class/ r, ++ /sys/bus/ r, ++ /sys/class/hidraw/ r, ++ /run/udev/data/c24{7,9}:* r, ++ /dev/hidraw* rw, ++ # Yubikey NEO also needs this: ++ /sys/devices/**/hidraw/hidraw*/uevent r, ++ + #include <local/torbrowser.Browser.firefox> + } diff --git a/debian/patches/series b/debian/patches/series index c1ae347..0eb4798 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -13,3 +13,4 @@ 0013-AppArmor-Pass-the-environment-to-Firefox-content-pro.patch 0014-AppArmor-allow-running-the-Firefox-updater-from-its-.patch 0015-Update-setup.py.patch +0016-AppArmor-allow-u2f-devices.patch -- 2.26.0