tor-browser/Dockerfile

FROM debian

ENV TOR_VERSION=8.5a1
# Via https://dist.torproject.org/torbrowser/$TOR_VERSION/sha256sums-signed-build.txt
ENV SHA256_CHECKSUM=8aa4a98924217df1dfda7a69d31ebb14a9dc96398459da2ce54eb436a8eb7d88
ENV LANG=C.UTF-8
ENV RELEASE_FILE=tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz
ENV RELEASE_KEY=0x4E2C6E8793298290
ENV RELEASE_URL=https://dist.torproject.org/torbrowser/${TOR_VERSION}/${RELEASE_FILE}
ENV PATH=$PATH:/usr/local/bin/Browser

RUN apt-get update && \
    apt-get install -y \
      ca-certificates \
      curl \
      file \
      gpg \
      libx11-xcb1 \
      libasound2 \
      libdbus-glib-1-2 \
      libgtk-3-0 \
      libxrender1 \
      libxt6 \
      xz-utils && \
    rm -rf /var/lib/apt/lists/* && \
    useradd --create-home --home-dir /home/user user && \
    chown -R user:user /home/user

WORKDIR /usr/local/bin
# TODO(hkjn): Stop having gpg import key command separate layer, if we
# can figure out why it's flaky and commonly gives "keys: key
# 4E2C6E8793298290 can't be retrieved, gpg: no valid OpenPGP data
# found."
RUN gpg --keyserver pool.sks-keyservers.net --recv-keys ${RELEASE_KEY}

RUN curl --fail -O -sSL ${RELEASE_URL} && \
    curl --fail -O -sSL ${RELEASE_URL}.asc && \
    gpg --verify ${RELEASE_FILE}.asc && \
    echo "$SHA256_CHECKSUM $RELEASE_FILE" > sha256sums.txt && \
    sha256sum -c sha256sums.txt && \
    tar --strip-components=1 -vxJf ${RELEASE_FILE} && \
    rm -v ${RELEASE_FILE}* sha256sums.txt && \
    mkdir -p /usr/local/bin/Browser/Downloads && \
    chown -R user:user /usr/local/bin

WORKDIR /usr/local/bin/Browser/Downloads
USER user

COPY ["start", "/usr/local/bin/"]
ENTRYPOINT ["start"]
CMD [""]
Drop TODO that is TODONE 2016-02-27 18:19:26 +00:00			`FROM debian`
Initial commit. 2016-02-27 17:56:39 +00:00
Bump version to 8.5a1 2018-09-23 15:52:31 +00:00			`ENV TOR_VERSION=8.5a1`
Upgrade to 7.5a4 2017-09-03 07:23:37 +00:00			`# Via https://dist.torproject.org/torbrowser/$TOR_VERSION/sha256sums-signed-build.txt`
Bump version to 8.5a1 2018-09-23 15:52:31 +00:00			`ENV SHA256_CHECKSUM=8aa4a98924217df1dfda7a69d31ebb14a9dc96398459da2ce54eb436a8eb7d88`
Revert to separate ENV commands Seems previous KEY=VAL entries are not evaluated further down the ENV line, so RELEASE_URL turned into https://dist.torproject.org/torbrowser// in the previous state.. 2017-01-26 06:50:55 +00:00			`ENV LANG=C.UTF-8`
Switch to 7.0a3 This reverts commit a6e6d049f30f67398dd81569f99d6c43a82c8a58. 2017-05-19 19:14:29 +00:00			`ENV RELEASE_FILE=tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz`
Revert to separate ENV commands Seems previous KEY=VAL entries are not evaluated further down the ENV line, so RELEASE_URL turned into https://dist.torproject.org/torbrowser// in the previous state.. 2017-01-26 06:50:55 +00:00			`ENV RELEASE_KEY=0x4E2C6E8793298290`
			`ENV RELEASE_URL=https://dist.torproject.org/torbrowser/${TOR_VERSION}/${RELEASE_FILE}`
			`ENV PATH=$PATH:/usr/local/bin/Browser`
Initial commit. 2016-02-27 17:56:39 +00:00
			`RUN apt-get update && \`
			`apt-get install -y \`
			`ca-certificates \`
			`curl \`
Add missing dependencies, fix ownership issue and add --debug 2017-05-19 19:14:04 +00:00			`file \`
Add gpg dependency 2017-06-30 16:52:14 +00:00			`gpg \`
Add missing dependencies, fix ownership issue and add --debug 2017-05-19 19:14:04 +00:00			`libx11-xcb1 \`
Initial commit. 2016-02-27 17:56:39 +00:00			`libasound2 \`
			`libdbus-glib-1-2 \`
Fix libgtk-3-0 package name 2018-09-23 15:49:04 +00:00			`libgtk-3-0 \`
Initial commit. 2016-02-27 17:56:39 +00:00			`libxrender1 \`
			`libxt6 \`
			`xz-utils && \`
Remove HOME environment variable 2017-01-26 05:54:25 +00:00			`rm -rf /var/lib/apt/lists/* && \`
			`useradd --create-home --home-dir /home/user user && \`
			`chown -R user:user /home/user`
Leave a comment trail for our unfortunate decisions 2016-05-11 20:55:12 +00:00
Restore WORKDIR 2017-01-27 04:51:22 +00:00			`WORKDIR /usr/local/bin`
Leave a comment trail for our unfortunate decisions 2016-05-11 20:55:12 +00:00			`# TODO(hkjn): Stop having gpg import key command separate layer, if we`
			`# can figure out why it's flaky and commonly gives "keys: key`
			`# 4E2C6E8793298290 can't be retrieved, gpg: no valid OpenPGP data`
			`# found."`
Switch to pool.sks-keyservers.net since pgp.mit.edu does not seem to know about the key 2018-04-09 10:10:31 +00:00			`RUN gpg --keyserver pool.sks-keyservers.net --recv-keys ${RELEASE_KEY}`

Make gpg fetch command separate layer again This seems flaky, commonly gives "keys: key 4E2C6E8793298290 can't be retrieved, gpg: no valid OpenPGP data found." Not sure what's up, but keeping a separate layer cached makes it more probably that this flakiness will still build. 2016-05-11 20:52:26 +00:00			`RUN curl --fail -O -sSL ${RELEASE_URL} && \`
Initial commit. 2016-02-27 17:56:39 +00:00			`curl --fail -O -sSL ${RELEASE_URL}.asc && \`
			`gpg --verify ${RELEASE_FILE}.asc && \`
Revert "Dig hole deeper: checksums fail, why?" This reverts commit 070903ecbc09d5df4969436c670f9ab23c8a35c8. 2016-05-11 21:06:44 +00:00			`echo "$SHA256_CHECKSUM $RELEASE_FILE" > sha256sums.txt && \`
Inline SHA256_CHECKSUM instead of using file 2016-05-11 20:08:36 +00:00			`sha256sum -c sha256sums.txt && \`
Initial commit. 2016-02-27 17:56:39 +00:00			`tar --strip-components=1 -vxJf ${RELEASE_FILE} && \`
Inline SHA256_CHECKSUM instead of using file 2016-05-11 20:08:36 +00:00			`rm -v ${RELEASE_FILE}* sha256sums.txt && \`
Create all parents of Download dir too 2017-01-26 18:37:03 +00:00			`mkdir -p /usr/local/bin/Browser/Downloads && \`
Add missing dependencies, fix ownership issue and add --debug 2017-05-19 19:14:04 +00:00			`chown -R user:user /usr/local/bin`
Initial commit. 2016-02-27 17:56:39 +00:00
			`WORKDIR /usr/local/bin/Browser/Downloads`
			`USER user`

Add ENTRYPOINT script with support for custom torrc 2017-01-26 19:20:37 +00:00			`COPY ["start", "/usr/local/bin/"]`
			`ENTRYPOINT ["start"]`
Use start-tor-browser as ENTRYPOINT Any extra commands given at 'docker run' time should be passed to the script, and onward to the firefox binary: [...] ./firefox --class "Tor Browser" -profile TorBrowser/Data/Browser/profile.default "${@}" 2017-01-26 05:52:43 +00:00			`CMD [""]`