Your message dated Sun, 12 Apr 2020 08:59:11 +0000
with message-id <[email protected]>
and subject line Bug#955821: fixed in torbrowser-launcher 0.3.2-8
has caused the Debian Bug report #955821,
regarding torbrowser-launcher: include upstream patch to allow access to u2f
tokens
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
955821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955821
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: torbrowser-launcher
Version: 0.3.2-7
Severity: wishlist
Tags: patch
Dear Maintainers,
it would be great if U2F devices (like a yubikey) would be usable by
default with torbrowser. I created an upstream merge request to allow
these devices in the apparmor profile a couple of months ago and it was
was merged [0] (thanks to intrigeri!), but there was no new torbrowser
release since then.
Would it be possible to include the patch in the debian package? That
would allow using salsa with U2F tokens (and any other Gitlab instance
that might come up ;))
cheers,
Birger
[0] https://github.com/micahflee/torbrowser-launcher/pull/434
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (800, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages torbrowser-launcher depends on:
ii ca-certificates 20190110
ii libdbus-glib-1-2 0.110-5
ii python3 3.8.2-2
ii python3-gpg 1.13.1-7
ii python3-pyqt5 5.14.1+dfsg-3
ii python3-requests 2.23.0+dfsg-2
ii python3-socks 1.6.8+dfsg-1
Versions of packages torbrowser-launcher recommends:
ii tor 0.4.2.7-1
Versions of packages torbrowser-launcher suggests:
ii apparmor 2.13.4-1
-- Configuration Files:
/etc/apparmor.d/local/torbrowser.Browser.firefox changed [not included]
-- no debconf information
>From 3052e6579dd489923bca95a82308e5f4b6399e68 Mon Sep 17 00:00:00 2001
From: Birger Schacht <[email protected]>
Date: Sat, 4 Apr 2020 18:18:50 +0200
Subject: [PATCH] Add AppArmor patch to allow U2F devices
---
.../0016-AppArmor-allow-u2f-devices.patch | 28 +++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 29 insertions(+)
create mode 100644 debian/patches/0016-AppArmor-allow-u2f-devices.patch
diff --git a/debian/patches/0016-AppArmor-allow-u2f-devices.patch
b/debian/patches/0016-AppArmor-allow-u2f-devices.patch
new file mode 100644
index 0000000..bc6130f
--- /dev/null
+++ b/debian/patches/0016-AppArmor-allow-u2f-devices.patch
@@ -0,0 +1,28 @@
+From: Birger Schacht <[email protected]>
+Date: Wed, 23 Oct 2019 19:47:55 +0200
+Subject: [PATCH] Allow torbrowser to access u2f devices
+
+(cherry picked from 704e5ca3b46ac1bcf7931875fc7d33ad13910e10)
+---
+ apparmor/torbrowser.Browser.firefox | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/apparmor/torbrowser.Browser.firefox
b/apparmor/torbrowser.Browser.firefox
+index 42516b6..c067375 100644
+--- a/apparmor/torbrowser.Browser.firefox
++++ b/apparmor/torbrowser.Browser.firefox
+@@ -133,5 +133,14 @@ profile torbrowser_firefox
@{torbrowser_firefox_executable} {
+ /etc/xfce4/defaults.list r,
+ /usr/share/xfce4/applications/ r,
+
++ # u2f (tested with Yubikey 4)
++ /sys/class/ r,
++ /sys/bus/ r,
++ /sys/class/hidraw/ r,
++ /run/udev/data/c24{7,9}:* r,
++ /dev/hidraw* rw,
++ # Yubikey NEO also needs this:
++ /sys/devices/**/hidraw/hidraw*/uevent r,
++
+ #include <local/torbrowser.Browser.firefox>
+ }
diff --git a/debian/patches/series b/debian/patches/series
index c1ae347..0eb4798 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,4 @@
0013-AppArmor-Pass-the-environment-to-Firefox-content-pro.patch
0014-AppArmor-allow-running-the-Firefox-updater-from-its-.patch
0015-Update-setup.py.patch
+0016-AppArmor-allow-u2f-devices.patch
--
2.26.0
--- End Message ---
--- Begin Message ---
Source: torbrowser-launcher
Source-Version: 0.3.2-8
Done: Roger Shimizu <[email protected]>
We believe that the bug you reported is fixed in the latest version of
torbrowser-launcher, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roger Shimizu <[email protected]> (supplier of updated torbrowser-launcher
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 12 Apr 2020 16:30:34 +0900
Source: torbrowser-launcher
Architecture: source
Version: 0.3.2-8
Distribution: unstable
Urgency: medium
Maintainer: Debian Privacy Tools Maintainers
<[email protected]>
Changed-By: Roger Shimizu <[email protected]>
Closes: 955821
Changes:
torbrowser-launcher (0.3.2-8) unstable; urgency=medium
.
* debian/rules:
- Revert the workaround for skipping test on i386.
* debian/patches:
- Backport patch from upstream.
+ [704e5ca] Allow torbrowser to access u2f devices
(Closes: #955821)
* debian/NEWS: rename from NEWS.Debian
Checksums-Sha1:
db6ed2d4a97aacc91fcd3bdf3b49714e4aab37fa 2259 torbrowser-launcher_0.3.2-8.dsc
ff9a01502271d2389cf448fb3cc4818c855c7140 22264
torbrowser-launcher_0.3.2-8.debian.tar.xz
deac9dba18c67c66660ac6b6a145f2ca2f567fd6 12589
torbrowser-launcher_0.3.2-8_source.buildinfo
Checksums-Sha256:
5c9fded470550d2c54fb26cebbc23601d02e77d020bf876859be7f183ef95919 2259
torbrowser-launcher_0.3.2-8.dsc
dd8d9453e6ff5c681b2c0b71b8200391a147c5b3a0a9c1c5a8fcde0432f305cb 22264
torbrowser-launcher_0.3.2-8.debian.tar.xz
225953e5515eb19de06fb44f4a4fa17e5a62a0b6688cd02310fdb22340a914db 12589
torbrowser-launcher_0.3.2-8_source.buildinfo
Files:
15163ebf6b9d4a2a73891bf0b902ac96 2259 contrib/web optional
torbrowser-launcher_0.3.2-8.dsc
730cdddd008deafaaaa0aec4d8bd4e96 22264 contrib/web optional
torbrowser-launcher_0.3.2-8.debian.tar.xz
1aeecdc4a4559069aeb8b2ad5d14fde7 12589 contrib/web optional
torbrowser-launcher_0.3.2-8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCgAuFiEECjKtvoA5m+cWOFnspHhrDacDNKgFAl6Sw60QHHJvc2hAZGVi
aWFuLm9yZwAKCRCkeGsNpwM0qD+nD/sEIRBYPwfnZf5TgDfr6pUuqDGJCdFgl0np
2fO5Vu27cm7neOV3tanWSaDsdRlIqupWmLZ+soRRpprvGEN7DVhJmqdb2zJv0KPw
J4xnAHwSQue+Gw9QRbyW8/pExGxmJj0bzGiWgSmAtVFEhxA9t93f/+4UDPQWTgKo
44QdGnBznK8rEs8czZajEuhGYdCL58qzMeEhiiWSnicD8Rhkv5wjLemFlpqq2hgu
XYTzVenQVaO3OUe3+PK82TvwLMgfksRVnaWhKEXx/Mak/+hJOjDdjh3Xz/GzilVw
3N94k4Zg4pNsOHAs/Ep5dNuBKpT7ne2i5xMz2SUHvKeQ4ydDhKLKJZFWFqg0/MWc
wy3uLVKlTIrmyVaM0X6vrHb/HqEAm+/junVRxtOAQiaxFbOvJbpDq2putipiE0ya
6K640v0tuckJ7iuOqRqUKA67djMScv2eao1vxTVq6VhFeftJ66j7Jwa/ZCfdeVuK
JIvE+Ek33GEzgqHGDObGS0fNrIh/b55XERMhPHXRedhWi1c2J2sHE+GYwkRqn5+L
2ct3KIQ+7mQfF7QpYAUCeS62rg6buEYet+00GOBdrQM2miQdvcMFUPs4uE7CcGQL
ItmF2gYIQ813o195VG8Z/DCC5j9JGAh0PYpom8+PgB4eU1CIWrDVEe5rIzVy5L6W
hgtABDUkVA==
=3Vq8
-----END PGP SIGNATURE-----
--- End Message ---