diff options
| author | Sukhbir Singh <sukhbir@torproject.org> | 2018-04-01 10:25:20 -0400 |
|---|---|---|
| committer | Sukhbir Singh <sukhbir@torproject.org> | 2018-04-01 10:25:20 -0400 |
| commit | 819842ba97d1c2358ced5c648b527162995b35e2 (patch) | |
| tree | 39a3b79451d9e453e50e344383c804d52687d1aa | |
| parent | c847e7c55d2da236124b107ccd6707f025490a05 (diff) | |
Update Enigmail keyserver settings
Assume that a user has dirmngr running and configured with `use-tor' in
dirmngr.conf and set the relevant keyserver settings (similar to what
Tails has been doing); otherwise the keyserver lookup will fail-safe.
This should work for the daemon and Tor Browser since as per
gnupg/dirmngr/dns-stuff.c, it tries both 9050 and 9150. This is probably
better than the older setting because a) it actually works now, b) it
will still fail-safe in case Tor is not running.
| -rw-r--r-- | chrome/content/preferences.js | 8 | ||||
| -rw-r--r-- | components/torbirdy.js | 4 |
2 files changed, 4 insertions, 8 deletions
diff --git a/chrome/content/preferences.js b/chrome/content/preferences.js index 8acd6ba..2980857 100644 --- a/chrome/content/preferences.js +++ b/chrome/content/preferences.js @@ -42,14 +42,10 @@ if (!org.torbirdy.prefs) org.torbirdy.prefs = new function() { opts += "--throw-keyids "; } if (! pub.prefs.getBoolPref("extensions.torbirdy.gpg_already_torified")) { - var proxy = "socks5h://127.0.0.1:9150"; if (anonService === "jondo") { - proxy = "http://127.0.0.1:4001"; + let proxy = "http://127.0.0.1:4001"; + opts += "--keyserver-options=no-try-dns-srv,http-proxy=" + proxy + " "; } - if (anonService === "custom") { - proxy = "socks5h://" + pub.prefs.getCharPref("network.proxy.socks") + ":" + pub.prefs.getIntPref("network.proxy.socks_port"); - } - opts += "--keyserver-options=no-try-dns-srv,http-proxy=" + proxy + " "; } return opts + diff --git a/components/torbirdy.js b/components/torbirdy.js index e8d2cd2..6c2be57 100644 --- a/components/torbirdy.js +++ b/components/torbirdy.js @@ -274,8 +274,8 @@ var TorBirdyPrefs = { "--no-comments " + // We want to force UTF-8 everywhere "--display-charset utf-8 " + - // We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell - "--keyserver-options http-proxy=socks5h://127.0.0.1:9150 ", + // Set additional keyserver options + "--keyserver-options no-auto-key-retrieve ", // The default key server should be a hidden service; use the Tor OnionBalance hidden service pool (https://sks-keyservers.net/overview-of-pools.php#pool_tor) "extensions.enigmail.keyserver": "hkp://jirk5u4osbsr34t5.onion", |