[quote=“Patrick, post:1, topic:1193”]prerequisite knowledge:
Should tb-updater refuse to work in TemplateVM for better security?[/quote]
No. I disagree with the notion that this would be any more secure than updating within each VM individually. The TemplateVM is ultimately responsible for the security of each VM that shares it’s rootfs (and inherits its /home). As it is already the epicenter of trust, installing Tor Browser to it’s /home in no way increases our risk. If somehow the updating process of Tor Browser can infect/fool/etc. the TemplateVM, it can do the same to all VMs individually. We can’t treat TB as sacred when we can be just as fucked by a malicious curl package.
If anything, this will increase security because the user will only have to focus on one install. As you state “the intelligence of the user is utilized as a sanity check,” (in regards to DoS, rollbacks, and indefinite freeze attacks) and when I have to do the same monotonous task 10 times over I’m less likely to take as much care in the process.
But, if you disagree with me, why not have it both ways? Allow the user to choose whether to install it to the TemplateVM rootfs or not.
In a TemplateVM, should tb-updater explain all this?
Yes, whatever all this ends up being.
In a TemplateVM, should tb-updater store Tor Browser in ~/.tb as is?
Sounds like a fine choice to me. Don’t see why this really matters. Just document it or have the GUI dialog inform the user.
In a TemplateVM, should tb-updater store Tor Browser somewhere in /var/... so it propagates to TemplateBasedVMs? Users would still have to manually make use of this. Copy from /var/... to /home.
/var/ is for files written to during system operation (e.g., cache, log, and lock files). /opt/ would be a more canonical (not the company, it’s a word too–just putting that out there because you’re German, even though your English is great) choice.
revenant’s suggestion to load TB into ~/.tb/ is not a bad idea, but the command should use an if statement that only moves your old TB aside (maybe to ~/.tb-old/) if the one in root is a newer version. I export my bookmarks to HTML and then import them in the new TB after upgrade and I don’t want to do this after every VM restart. Further, I have my security slider set to different levels in different VMs and would not like to have to remember to reset it each time I restart a VM.
Actually, what would be best for myself is to set the security slider to high in the TemplateVM after each upgrade, that way I don’t accidentally use Javascript in a high-security VM after upgrade. I’m not suggesting you automate this process though.
On the other hand, what would be nice to automate, if at all possible, is the export of bookmarks from the old browser and into the new browser. This could involve a single user-set switch in the rc.local script, on a per-VM basis, that is off by default. I only keep bookmarks in some of my Workstation VMs, so this would be best. This last suggestion of course is just an extra nicety I don’t expect you to write, and I might try my hand at myself, once the script called by rc.local has been figured out.