{"id":21534426,"url":"https://github.com/equk/torjail","last_synced_at":"2025-09-26T12:53:30.535Z","repository":{"id":38903024,"uuid":"49582351","full_name":"equk/torjail","owner":"equk","description":":lock: download, verify \u0026 run torbrowser in a sandbox","archived":false,"fork":false,"pushed_at":"2024-01-04T13:20:01.000Z","size":200,"stargazers_count":18,"open_issues_count":0,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-10T01:50:30.303Z","etag":null,"topics":["dwm","firejail","linux","sandbox","seccomp","seccomp-bpf-policies","tor","torbrowser","xephyr"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/equk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-01-13T15:25:33.000Z","updated_at":"2024-10-13T15:53:34.000Z","dependencies_parsed_at":"2024-11-24T04:00:09.669Z","dependency_job_id":null,"html_url":"https://github.com/equk/torjail","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/equk/torjail","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/equk%2Ftorjail","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/equk%2Ftorjail/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/equk%2Ftorjail/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/equk%2Ftorjail/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/equk","download_url":"https://codeload.github.com/equk/torjail/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/equk%2Ftorjail/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277081049,"owners_count":25757340,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-26T02:00:09.010Z","response_time":78,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dwm","firejail","linux","sandbox","seccomp","seccomp-bpf-policies","tor","torbrowser","xephyr"],"created_at":"2024-11-24T03:10:45.378Z","updated_at":"2025-09-26T12:53:30.507Z","avatar_url":"https://github.com/equk.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![License](http://img.shields.io/:license-mit-blue.svg?style=flat)](http://badges.mit-license.org)\n\n# torjail\n\nSandbox torbrowser using firejail, Xephyr \u0026 dwm\n\nThis script downloads \u0026 sets up torbrowser in a private directory.\n\nIt then runs torbrowser in a sandbox using firejail, Xephyr and dwm\n\n    firejail   https://firejail.wordpress.com/\n    xephyr     https://wiki.freedesktop.org/www/Software/Xephyr/\n    dwm        http://dwm.suckless.org/\n    torbrowser https://www.torproject.org/projects/torbrowser.html.en\n\nThe default directory for install is ~/.torjail\n\nYou can install the script wherever you want providing you keep the associated files.\n\nuse `-x` to disable Xephyr + dwm\n\n**License:** MIT\n\n## why?\n\nA few references to why you should use a sandbox \u0026 xephyr\n\ntorproject:\n\n    Wait, Firefox uses X11, isn't security basically hopeless?\n\n    If you want to attempt to mitigate this, the best options are:\n\n    Use a nested X11 implementation like Xephyr or Xpra.\n\nmozilla:\n\n    The one exception to the network policy, for now,\n    is the X11 protocol which is used to display graphics and receive keyboard/mouse input.\n\n## screenshot\n\n![](https://raw.githubusercontent.com/equk/torjail/master/screenshot.png)\n\n## variables\n\n    TORJAIL_BASE=\"${HOME}/.torjail\"\n    TORJAIL_RES=\"800x600\"\n    TORJAIL_DISPLAY=\":6\"\n\nMost useful variable is probably resolution \u0026 possibly display (depending on how many other xephyr sessions you run)\n\n## features\n\n- [x] downloads torbrowser from torproject.org\n- [x] sets up a working env in tmpfs\n- [x] runs tor in a sandbox\n- [x] runs in /tmp/ so any changes are not saved\n- [x] runs in its own xephyr dwm session\n- [x] has sha256 verification\n- [x] works on 32bit \u0026 64bit linux\n- [x] stores everything in ~/.torjail\n- [x] version checking \u0026 updating\n- [x] gpg verification of downloads\n\n## removal\n\nRemove this script \u0026 ~/.torjail\n\n## script running\n\n    ./torbrowser.sh\n    [ OK ] starting torbrowser script\n    [ OK ] torbrowser version 5.0.6 found\n    [ ERROR ] Unable to find torjail home\n    [ ERROR ] Would you like to download \u0026 setup torbrowser [y/n]\n    y\n    [ OK ] setting up torjail\n    [ OK ] creating torjail base folder at ~/.torjail\n    gpg: error reading key: No public key\n    [ OK ] Downloading PGP Public Key...\n    gpg: key 93298290: public key \"Tor Browser Developers (signing key) \u003ctorbrowser@torproject.org\u003e\" imported\n    gpg: no ultimately trusted keys found\n    gpg: Total number processed: 1\n    gpg:               imported: 1\n    pub   rsa4096/93298290 2014-12-15 [expires: 2020-08-24]\n          Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290\n    uid         [ unknown] Tor Browser Developers (signing key) \u003ctorbrowser@torproject.org\u003e\n    sub   rsa4096/F65C2036 2014-12-15 [expires: 2017-08-25]\n    sub   rsa4096/D40814E0 2014-12-15 [expires: 2017-08-25]\n\n    [ OK ] downloading checksums - sha256sums.txt\n    ######################################################################## 100.0%\n    [ OK ] downloading GPG asc - tor-browser-linux64-5.0.6_en-US.tar.xz.asc\n    ######################################################################## 100.0%\n    [ OK ] verifying files\n    tor-browser-linux64-5.0.6_en-US.tar.xz: OK\n    [ OK ] verifying gpg key\n    gpg: Signature made Thu 17 Dec 2015 20:57:01 GMT using RSA key ID D40814E0\n    gpg: Good signature from \"Tor Browser Developers (signing key) \u003ctorbrowser@torproject.org\u003e\" [unknown]\n    gpg: WARNING: This key is not certified with a trusted signature!\n    gpg:          There is no indication that the signature belongs to the owner.\n    Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290\n         Subkey fingerprint: BA1E E421 BBB4 5263 180E  1FC7 2E1A C68E D408 14E0\n    [ OK ] extracting torbrowser bundle\n    [ WARN ] dwm does not exist in priv-home\n    [ WARN ] copying dwm from /usr/bin/dwm\n    [ OK ] starting session\n\non update\n\n    [ OK ] starting torbrowser script\n    [ OK ] torbrowser version 7.5.6 found\n    [ WARN ] torbrowser requires updating\n    [ WARN ] current ver: 7.5.6\n    [ WARN ] updating to: 8.0\n    [ OK ] creating torjail base folder at ~/.torjail\n\n## notes\n\nOnce you download torbrowser bundle the file is kept in ~/.torjail for future use so you don't have to\nkeep re-downloading the bundle. It also always checks the sha256sum of the file before extraction.\n\n\u003cdetails\u003e\u003csummary\u003eMozilla References\u003c/summary\u003e\n\n[Security/Sandbox - Mozilla Wiki](https://wiki.mozilla.org/Security/Sandbox)\n\n[Garf's blog: Linux sandboxing improvements in Firefox 60](https://www.morbo.org/2018/05/linux-sandboxing-improvements-in_10.html)\u003c/details\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fequk%2Ftorjail","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fequk%2Ftorjail","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fequk%2Ftorjail/lists"}