4 files changed, 46 insertions, 70 deletions

diff --git a/cli/onionshare_cli/resources/torrc_template-meek_lite_azure b/cli/onionshare_cli/resources/torrc_template-meek_lite_azure
index 73ad5042..91374975 100644
--- a/cli/onionshare_cli/resources/torrc_template-meek_lite_azure
+++ b/cli/onionshare_cli/resources/torrc_template-meek_lite_azure
@@ -1,2 +1,2 @@
 # Enable built-in meek-azure bridge
-Bridge meek_lite 192.0.2.2:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com
+Bridge meek_lite 192.0.2.18:80 BE776A53492E1E044A26F17306E1BC46A55A1625 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com
diff --git a/cli/onionshare_cli/resources/torrc_template-obfs4 b/cli/onionshare_cli/resources/torrc_template-obfs4
index c6091b87..dfde056a 100644
--- a/cli/onionshare_cli/resources/torrc_template-obfs4
+++ b/cli/onionshare_cli/resources/torrc_template-obfs4
@@ -6,10 +6,7 @@ Bridge obfs4 193.11.166.194:27020 86AC7B8D430DAC4117E9F42C9EAED18133863AAF cert=
 Bridge obfs4 193.11.166.194:27025 1AE2C08904527FEA90C4C4F8C1083EA59FBC6FAF cert=ItvYZzW5tn6v3G4UnQa6Qz04Npro6e81AP70YujmK/KXwDFPTs3aHXcHp4n8Vt6w/bv8cA iat-mode=0
 Bridge obfs4 209.148.46.65:443 74FAD13168806246602538555B5521A0383A1875 cert=ssH+9rP8dG2NLDN2XuFw63hIO/9MNNinLmxQDpVa+7kTOa9/m+tGWT1SmSYpQ9uTBGa6Hw iat-mode=0
 Bridge obfs4 37.218.245.14:38224 D9A82D2F9C2F65A18407B1D2B764F130847F8B5D cert=bjRaMrr1BRiAW8IE9U5z27fQaYgOhX1UCmOpg2pFpoMvo6ZgQMzLsaTzzQNTlm7hNcb+Sg iat-mode=0
-Bridge obfs4 38.229.1.78:80 C8CBDB2464FC9804A69531437BCF2BE31FDD2EE4 cert=Hmyfd2ev46gGY7NoVxA9ngrPF2zCZtzskRTzoWXbxNkzeVnGFPWmrTtILRyqCTjHR+s9dg iat-mode=1
-Bridge obfs4 38.229.33.83:80 0BAC39417268B96B9F514E7F63FA6FBA1A788955 cert=VwEFpk9F/UN9JED7XpG1XOjm/O8ZCXK80oPecgWnNDZDv5pdkhq1OpbAH0wNqOT6H6BmRQ iat-mode=1
 Bridge obfs4 45.145.95.6:27015 C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C cert=TD7PbUO0/0k6xYHMPW3vJxICfkMZNdkRrb63Zhl5j9dW3iRGiCx0A7mPhe5T2EDzQ35+Zw iat-mode=0
 Bridge obfs4 51.222.13.177:80 5EDAC3B810E12B01F6FD8050D2FD3E277B289A08 cert=2uplIpLQ0q9+0qMFrK5pkaYRDOe460LL9WHBvatgkuRr/SL31wBOEupaMMJ6koRE6Ld0ew iat-mode=0
 Bridge obfs4 85.31.186.26:443 91A6354697E6B02A386312F68D82CF86824D3606 cert=PBwr+S8JTVZo6MPdHnkTwXJPILWADLqfMGoVvhZClMq/Urndyd42BwX9YFJHZnBB3H0XCw iat-mode=0
 Bridge obfs4 85.31.186.98:443 011F2599C0E9B27EE74B353155E244813763C3E5 cert=ayq0XzCwhpdysn5o0EyDUbmSOx3X/oTEbzDMvczHOdBJKlvIdHHLJGkZARtT4dcBFArPPg iat-mode=0
-Bridge obfs4 [2a0c:4d80:42:702::1]:27015 C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C cert=TD7PbUO0/0k6xYHMPW3vJxICfkMZNdkRrb63Zhl5j9dW3iRGiCx0A7mPhe5T2EDzQ35+Zw iat-mode=0
diff --git a/cli/onionshare_cli/resources/torrc_template-snowflake b/cli/onionshare_cli/resources/torrc_template-snowflake
index 158342a7..dac16b9a 100644
--- a/cli/onionshare_cli/resources/torrc_template-snowflake
+++ b/cli/onionshare_cli/resources/torrc_template-snowflake
@@ -1,2 +1,2 @@
 # Enable built-in snowflake bridge
-Bridge snowflake 192.0.2.3:1 2B280B23E1107BB62ABFC40DDCC8824814F80A72
+Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
diff --git a/desktop/scripts/get-tor.py b/desktop/scripts/get-tor.py
index 88cb2fa5..dbda23d7 100644
--- a/desktop/scripts/get-tor.py
+++ b/desktop/scripts/get-tor.py
@@ -19,6 +19,9 @@ expected_win64_sha256 = (
 expected_macos_sha256 = (
     "b80d3dba83b343fab7a6c8fc08440b2751da1ac12f86fe593da8e74069e4d7f6"
 )
+expected_macos_aarch64_sha256 = (
+    "0ff0badfaab6ec797b80998c933205f5d1083828ff08bf190780c16ab71a76bf"
+)
 expected_linux64_sha256 = (
     "90cdce3854e9114ee7232aaa74672a2d9f3a40b6fa8ac33971f586ee3a3cf75a"
 )
@@ -29,6 +32,8 @@ win64_url = f"https://dist.torproject.org/torbrowser/{torbrowser_version}/torbro
 win64_filename = f"torbrowser-install-win64-{torbrowser_version}_en-US.exe"
 macos_url = f"https://dist.torproject.org/torbrowser/{torbrowser_version}/TorBrowser-{torbrowser_version}-osx64_en-US.dmg"
 macos_filename = f"TorBrowser-{torbrowser_version}-osx64_en-US.dmg"
+macos_aarch64_url = f"https://www.torproject.org/dist/torbrowser/12.0a4/TorBrowser-12.0a4-osx64_ALL.dmg"
+macos_aarch64_filename = f"TorBrowser-12.0a4-osx64_ALL.dmg"
 linux64_url = f"https://dist.torproject.org/torbrowser/{torbrowser_version}/tor-browser-linux64-{torbrowser_version}_en-US.tar.xz"
 linux64_filename = f"tor-browser-linux64-{torbrowser_version}_en-US.tar.xz"
 
@@ -205,90 +210,64 @@ def get_tor_macos_x86_64():
 
 
 def get_tor_macos_aarch64():
-    # Versions and shasums
-    torbin_version = "0.4.7.10"
-    libevent_version = "2.1.12"
-    expected_torbin_sha256 = "01abf45e673649f6c0fee07f1fcffcce82b2bdb5f5db0c15a9cdcfda6e5eb187"
-    expected_geoip_sha256 = "7e777efc194ea9788171636085b19875d19397d3249fbb88136534037a3dc38f"
-    expected_geoip6_sha256 = "f11bd1d7546cad00b6db0a1594f3ac1daf9f541004fd7efb5414e068693d6add"
-    expected_libevent_sha256 = "2de95fd8cf8849028f9146f04cbde8cc7399ba0191b65ab92825a9a5e691a464"
-
     # Build paths
+    dmg_tor_path = os.path.join(
+        "/Volumes", "Tor Browser", "Tor Browser.app", "Contents"
+    )
+    dmg_path = os.path.join(working_path, macos_aarch64_filename)
     dist_path = os.path.join(root_path, "onionshare", "resources", "tor")
+    if not os.path.exists(dist_path):
+        os.makedirs(dist_path, exist_ok=True)
 
-    # Make sure homebrew is installed and in path
-    brew_path = shutil.which("brew")
-    if brew_path is None:
-        print("brew not found in path. Homebrew must be installed")
-        sys.exit(-1)
-    brew_prefix = os.path.dirname(os.path.dirname(brew_path))
-
-    # Check that tor is installed, otherwise install it
-    tor_path = os.path.join(brew_prefix, "Cellar", "tor", torbin_version)
-    libevent_path = os.path.join(brew_prefix, "Cellar", "libevent", libevent_version)
-    torbin_path = os.path.join(tor_path, "bin", "tor")
-    if not os.path.exists(torbin_path):
-        print(f"Installing tor v{torbin_version}...")
-        if subprocess.call([os.path.join(brew_path), "install", "tor"]) != 0:
-            print(f"Could not install tor using homebrew")
-            sys.exit(-1)
-    
-    # Compute the hashes
-    torbin_data = open(torbin_path, "rb").read()
-    torbin_sha256 = hashlib.sha256(torbin_data).hexdigest()
-    geoip_data = open(
-        os.path.join(tor_path, "share", "tor", "geoip"),
-        "rb").read()
-    geoip_sha256 = hashlib.sha256(geoip_data).hexdigest()
-    geoip6_data = open(
-        os.path.join(tor_path, "share", "tor", "geoip6"),
-        "rb").read()
-    geoip6_sha256 = hashlib.sha256(geoip6_data).hexdigest()
-    libeventlib_path = os.path.join(libevent_path, "lib", "libevent-2.1.7.dylib")
-    libevent_data = open(libeventlib_path, "rb").read()
-    libevent_sha256 = hashlib.sha256(libevent_data).hexdigest()
-
-    # Compare the hashes
-    if torbin_sha256 != expected_torbin_sha256:
-        print("ERROR! The sha256 doesn't match (tor):")
-        print("expected: {}".format(expected_torbin_sha256))
-        print("  actual: {}".format(torbin_sha256))
-        sys.exit(-1)
-    if geoip_sha256 != expected_geoip_sha256:
-        print("ERROR! The sha256 doesn't match (geoip):")
-        print("expected: {}".format(expected_geoip_sha256))
-        print("  actual: {}".format(geoip_sha256))
-        sys.exit(-1)
-    if geoip6_sha256 != expected_geoip6_sha256:
-        print("ERROR! The sha256 doesn't match (geoip6):")
-        print("expected: {}".format(expected_geoip6_sha256))
-        print("  actual: {}".format(geoip6_sha256))
-        sys.exit(-1)
-    if libevent_sha256 != expected_libevent_sha256:
-        print("ERROR! The sha256 doesn't match (libevent):")
-        print("expected: {}".format(expected_libevent_sha256))
-        print("  actual: {}".format(libevent_sha256))
+    # Make sure the working folder exists
+    if not os.path.exists(working_path):
+        os.makedirs(working_path)
+
+    # Make sure the zip is downloaded
+    if not os.path.exists(dmg_path):
+        print("Downloading {}".format(macos_aarch64_url))
+        r = requests.get(macos_aarch64_url)
+        open(dmg_path, "wb").write(r.content)
+        dmg_sha256 = hashlib.sha256(r.content).hexdigest()
+    else:
+        dmg_data = open(dmg_path, "rb").read()
+        dmg_sha256 = hashlib.sha256(dmg_data).hexdigest()
+
+    # Compare the hash
+    if dmg_sha256 != expected_macos_aarch64_sha256:
+        print("ERROR! The sha256 doesn't match:")
+        print("expected: {}".format(expected_macos_aarch64_sha256))
+        print("  actual: {}".format(dmg_sha256))
         sys.exit(-1)
-    
+
+    # Mount the dmg, copy data to the working path
+    subprocess.call(["hdiutil", "attach", dmg_path])
+
     # Copy into dist
     shutil.copyfile(
-        os.path.join(tor_path, "share", "tor", "geoip"),
+        os.path.join(dmg_tor_path, "Resources", "TorBrowser", "Tor", "geoip"),
         os.path.join(dist_path, "geoip"),
     )
     shutil.copyfile(
-        os.path.join(tor_path, "share", "tor", "geoip6"),
+        os.path.join(dmg_tor_path, "Resources", "TorBrowser", "Tor", "geoip6"),
         os.path.join(dist_path, "geoip6"),
     )
     shutil.copyfile(
-        torbin_path,
+        os.path.join(dmg_tor_path, "MacOS", "Tor", "tor.real"),
         os.path.join(dist_path, "tor"),
     )
     os.chmod(os.path.join(dist_path, "tor"), 0o755)
     shutil.copyfile(
-        libeventlib_path,
+        os.path.join(dmg_tor_path, "MacOS", "Tor", "libevent-2.1.7.dylib"),
         os.path.join(dist_path, "libevent-2.1.7.dylib"),
     )
 
+    # Eject dmg
+    subprocess.call(["diskutil", "eject", "/Volumes/Tor Browser"])
+
+    # Fetch the built-in bridges
+    update_tor_bridges()
+
 
 def get_tor_linux64():
     # Build paths