master
Andy 4 years ago
parent cb8de888f7
commit eb3b349421
Signed by: arno
GPG Key ID: 9076D5E6B31AE99C
  1. 60
      Dockerfile
  2. 11
      EXTRA.md
  3. 2
      LICENSE
  4. 7
      docker-compose.yml
  5. 15
      launch
  6. 1
      sha512sum.txt

@ -1,48 +1,26 @@
FROM ubuntu:bionic
MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
FROM alpine:latest
# https://dist.torproject.org/torbrowser/8.0.4/tor-browser-linux64-8.0.4_en-US.tar.xz
RUN wget -O tor.tar.xz https://files.nixaid.com/tor-browser-linux64-8.0.4_en-US.tar.xz && \
wget -O tor.tar.xz.asc https://www.torproject.org/dist/torbrowser/8.0.4/tor-browser-linux64-8.0.4_en-US.tar.xz.asc
COPY sha512sum.txt .
RUN apk add --update gnupg && \
sha512sum -c sha512sum.txt && \
gpg --keyserver keyserver.ubuntu.com --recv-keys "EF6E286DDA85EA2A4BA7DE684E2C6E8793298290" && \
gpg --verify tor.tar.xz.asc && \
unxz tor.tar.xz
# To avoid problems with Dialog and curses wizards
ENV DEBIAN_FRONTEND noninteractive
FROM ubuntu:bionic
# Keep the image updated and install the dependencies
RUN apt-get update && \
apt-get -y upgrade && \
apt-get -y dist-upgrade && \
apt-get -fy install && \
apt-get -y install xz-utils libdbus-glib-1-2 libgtk-3-0 libxt6 \
libgl1-mesa-glx pulseaudio attr gpg && \
DEBIAN_FRONTEND=noninteractive apt-get -y install gosu libdbus-1-3 libx11-xcb1 libx11-6 libxext6 libxrender1 libxt6 libatk1.0-0 libcairo-gobject2 libcairo2 libssl1.0.0 libdbus-glib-1-2 libevent-2.1-6 libfontconfig1 libfreetype6 libgtk-3-0 libgtk2.0-0 libgdk-pixbuf2.0-0 libglib2.0-0 libglib2.0-0 libglib2.0-0 libglib2.0-0 libgtk-3-0 libgtk2.0-0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libssl1.0.0 libxcb-shm0 libxcb1 && \
rm -rf /var/lib/apt/lists
# bzip2 libgtk-3-0 libasound2 libpango1.0-0 libv4l-0 libgl1-mesa-glx x264
# Workaround: pulseaudio client library likes to remove /dev/shm/pulse-shm-*
# files created by the host, causing sound to stop working.
# To fix this, we either want to disable the shm or mount /dev/shm
# in read-only mode when starting the container.
RUN echo "enable-shm = no" >> /etc/pulse/client.conf
ENV USER user
ENV UID 1000
ENV GROUPS video,audio
ENV HOME /home/$USER
RUN useradd -u $UID -m -d $HOME -s /usr/sbin/nologin -G $GROUPS $USER
ENV TORVER 8.0.3
ENV TORKEY "EF6E286DDA85EA2A4BA7DE684E2C6E8793298290"
ADD https://www.torproject.org/dist/torbrowser/${TORVER}/tor-browser-linux64-${TORVER}_en-US.tar.xz /tmp/tor.tar.xz
ADD https://www.torproject.org/dist/torbrowser/${TORVER}/tor-browser-linux64-${TORVER}_en-US.tar.xz.asc /tmp/tor.tar.xz.asc
RUN cd /tmp && \
gpg --keyserver keyserver.ubuntu.com --recv-keys $TORKEY && \
gpg --verify tor.tar.xz.asc && \
tar xf tor.tar.xz -C $HOME && \
rm -f tor.tar.xz && \
chown -Rh $USER:$USER $HOME
WORKDIR $HOME
VOLUME [ "/tmp", "$HOME/tor-browser" ]
COPY --from=0 tor.tar .
RUN mkdir -p /home/user && \
tar -xf tor.tar -C /home/user && \
rm -vf tor.tar && \
chown -Rh 1000:1000 -- /home/user
COPY ./launch /launch
ENTRYPOINT [ "/bin/bash", "/launch" ]
ENTRYPOINT [ "/bin/sh", "/launch" ]
LABEL maintainer="Andrey Arapov <andrey.arapov@nixaid.com>"

@ -0,0 +1,11 @@
## Extra
Mostly notes for myself.
```
find /opt/ -xdev -type f -execdir sh -c "LD_LIBRARY_PATH=/opt/tor-browser_en-US/Browser/ ldd '{}' | grep 'not found'" \; | awk '{print $1}' | sort | uniq | tr '\n' ',' ; echo
dpkg -S /usr/lib/x86_64-linux-gnu/{libX11-xcb.so.1,libX11.so.6} | cut -f1 -d: | xargs
lsof -Pn -p $(pidof XYZ) 2>/dev/null | grep -w REG | awk '{print $8}' | xargs dpkg -S 2>/dev/null | cut -f1 -d: | sort | uniq | xargs
```

@ -1,4 +1,4 @@
Copyright (c) 2016, Andrey Arapov
Copyright (c) 2016-2018, Andrey Arapov
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above

@ -1,8 +1,9 @@
version: '2'
version: '3.7'
services:
tor:
image: andrey01/tor:8.0.3
init: true
build: .
network_mode: bridge
volumes:
- /tmp/.X11-unix:/tmp/.X11-unix:ro
@ -13,8 +14,6 @@ services:
- PULSE_SERVER=unix:$XDG_RUNTIME_DIR/pulse/native
cap_add:
- IPC_LOCK # lock memory to prevent sensitive values from being swapped to disk.
# Turns off anonymous page swapping
mem_swappiness: 0
shm_size: 4G
ports:
- 127.0.0.1:9150:9150/tcp

@ -5,15 +5,6 @@ set -x
#
exec 2>&1
#
# Befriend with grsecurity patched Linux kernel
#
if [ -r /proc/sys/kernel/grsecurity/tpe_gid ]; then
groupadd -r -g $(cat /proc/sys/kernel/grsecurity/tpe_gid) grsec-tpe
usermod -aG grsec-tpe $USER
setfattr -n user.pax.flags -v "rm" \
$HOME/tor-browser/Browser/firefox \
$HOME/tor-browser/Browser/TorBrowser/Tor/tor
fi
su -s /bin/sh -p $USER -c "cd ./tor-browser_en-US/Browser && ./start-tor-browser"
id user >/dev/null 2>&1 || useradd -s /usr/sbin/nologin -d /home/user -u ${UID:-1000} -G audio,video user
gosu user namei -lx /home/user/tor-browser_en-US/Browser/start-tor-browser || chown -Rh user:user -- /home/user/tor-browser_en-US
gosu user /home/user/tor-browser_en-US/Browser/start-tor-browser $@

@ -0,0 +1 @@
c72c712de1358f2ef10caed4d95256e6b60fa6a84b88ff8e516fc99a6c09bc99d523e27bea6f2364c23290e15ad74109efeb4382c17b62f913c6596c8853430f tor.tar.xz
Loading…
Cancel
Save