From 9150d21b2dee156589a9a30c60e6e1face09b0ef Mon Sep 17 00:00:00 2001 From: Saptak S Date: Sun, 9 Apr 2023 22:43:51 +0530 Subject: [PATCH] Rewrites the get-tor code to always get the latest version of tor We first get the version of tor browser and url for the platform from downloads.json. Then we get the sha256sum from the checksums provided by tor in their distribution release to compare with the file downloaded. --- desktop/scripts/get-tor.py | 98 ++++++++++++++++++++------------------ 1 file changed, 51 insertions(+), 47 deletions(-) diff --git a/desktop/scripts/get-tor.py b/desktop/scripts/get-tor.py index b7f031ac..99ecd87c 100644 --- a/desktop/scripts/get-tor.py +++ b/desktop/scripts/get-tor.py @@ -9,29 +9,10 @@ import subprocess import requests import click -torbrowser_version = "12.0" -expected_win32_sha256 = ( - "a9cc0f0af2ce8ca0d7a27d65c7efa37f6419cfc793fa80371e7db73d44b4cc02" +torbrowser_version_url = ( + "https://aus1.torproject.org/torbrowser/update_3/release/downloads.json" ) -expected_win64_sha256 = ( - "f496cc0219c8b73f1f100124d6514bad55f503ff76202747f23620a6677e83c2" -) -expected_macos_sha256 = ( - "11c8360187356e6c0837612a320f1a117303fc449602c9fd73f4faf9f9bbcfc9" -) -expected_linux64_sha256 = ( - "850ce601d815bac63e4f5937646d2b497173be28b27b30a7526ebb946a459874" -) - -win32_filename = f"torbrowser-install-{torbrowser_version}_ALL.exe" -win32_url = f"https://dist.torproject.org/torbrowser/{torbrowser_version}/{win32_filename}" -win64_filename = f"torbrowser-install-win64-{torbrowser_version}_ALL.exe" -win64_url = f"https://dist.torproject.org/torbrowser/{torbrowser_version}/{win64_filename}" -macos_filename = f"TorBrowser-{torbrowser_version}-macos_ALL.dmg" -macos_url = f"https://dist.torproject.org/torbrowser/{torbrowser_version}/{macos_filename}" -linux64_filename = f"tor-browser-linux64-{torbrowser_version}_ALL.tar.xz" -linux64_url = f"https://dist.torproject.org/torbrowser/{torbrowser_version}/{linux64_filename}" - +torbrowser_root_url = "https://dist.torproject.org/torbrowser" # Common paths root_path = os.path.dirname( @@ -40,24 +21,40 @@ root_path = os.path.dirname( working_path = os.path.join(root_path, "build", "tor") -def get_tor_windows(platform): - if platform == "win32": - win_url = win32_url - win_filename = win32_filename - expected_win_sha256 = expected_win32_sha256 - bin_filenames = [ - "tor.exe" - ] - elif platform == "win64": - win_url = win64_url - win_filename = win64_filename - expected_win_sha256 = expected_win64_sha256 - bin_filenames = [ - "tor.exe" - ] - else: - click.echo("invalid platform") - return +def get_expected_platform_sha256(platform_filename, torbrowser_version): + r = requests.get( + f"{torbrowser_root_url}/{torbrowser_version}/sha256sums-signed-build.txt" + ) + for checksum_item in r.content.decode().split("\n"): + [checksum, filename] = checksum_item.split() + if filename == platform_filename: + return checksum + + return None + + +def get_latest_tor_version_urls(platform): + r = requests.get(torbrowser_version_url) + if r.status_code != 200 or platform not in r.json()["downloads"]: + print("Tor browser version url not working") + sys.exit(-1) + + torbrowser_version = r.json()["version"] + platform_url = r.json()["downloads"][platform]["ALL"]["binary"] + platform_filename = platform_url.split("/")[-1] + expected_platform_sha256 = get_expected_platform_sha256( + platform_filename, torbrowser_version + ) + + if not expected_platform_sha256: + print(f"Expected sha256sum for {platform} not found") + sys.exit(-1) + + return platform_url, platform_filename, expected_platform_sha256 + + +def get_tor_windows(win_url, win_filename, expected_win_sha256): + bin_filenames = ["tor.exe"] # Build paths win_path = os.path.join(working_path, win_filename) @@ -81,7 +78,7 @@ def get_tor_windows(platform): # Compare the hash if win_sha256 != expected_win_sha256: print("ERROR! The sha256 doesn't match:") - print("expected: {}".format(expected_win32_sha256)) + print("expected: {}".format(expected_win_sha256)) print(" actual: {}".format(win_sha256)) sys.exit(-1) @@ -126,7 +123,7 @@ def get_tor_windows(platform): update_tor_bridges() -def get_tor_macos(): +def get_tor_macos(macos_url, macos_filename, expected_macos_sha256): # Build paths dmg_tor_path = os.path.join( "/Volumes", "Tor Browser", "Tor Browser.app", "Contents" @@ -186,7 +183,7 @@ def get_tor_macos(): update_tor_bridges() -def get_tor_linux64(): +def get_tor_linux64(linux64_url, linux64_filename, expected_linux64_sha256): # Build paths tarball_path = os.path.join(working_path, linux64_filename) dist_path = os.path.join(root_path, "onionshare", "resources", "tor") @@ -321,14 +318,21 @@ def main(platform): click.echo(f"platform must be one of: {valid_platforms}") return + global platform_url, platform_filename, expected_platform_sha256 + ( + platform_url, + platform_filename, + expected_platform_sha256, + ) = get_latest_tor_version_urls(platform) + if platform == "win32": - get_tor_windows(platform) + get_tor_windows(platform_url, platform_filename, expected_platform_sha256) elif platform == "win64": - get_tor_windows(platform) + get_tor_windows(platform_url, platform_filename, expected_platform_sha256) elif platform == "macos": - get_tor_macos() + get_tor_macos(platform_url, platform_filename, expected_platform_sha256) elif platform == "linux64": - get_tor_linux64() + get_tor_linux64(platform_url, platform_filename, expected_platform_sha256) else: click.echo("invalid platform")