From 6d1f1e43d6651212e4b9da4cae927b674652f101 Mon Sep 17 00:00:00 2001
From: woodser <woodser@protonmail.com>
Date: Mon, 9 Sep 2024 07:34:39 -0400
Subject: [PATCH] update installation process for tails

Co-authored-by: anonymous
---
 scripts/install_tails/README.md             |  26 ++-
 scripts/install_tails/assets/exec.sh        |  62 ++++++
 scripts/install_tails/assets/haveno.desktop |   9 +
 scripts/install_tails/assets/haveno.yml     |  56 +++++
 scripts/install_tails/assets/icon.png       | Bin 0 -> 4126 bytes
 scripts/install_tails/assets/install.sh     |  79 +++++++
 scripts/install_tails/haveno-install.sh     | 219 +++++++++++++-------
 7 files changed, 370 insertions(+), 81 deletions(-)
 create mode 100644 scripts/install_tails/assets/exec.sh
 create mode 100644 scripts/install_tails/assets/haveno.desktop
 create mode 100644 scripts/install_tails/assets/haveno.yml
 create mode 100644 scripts/install_tails/assets/icon.png
 create mode 100644 scripts/install_tails/assets/install.sh

diff --git a/scripts/install_tails/README.md b/scripts/install_tails/README.md
index ac1d102d..dad27990 100644
--- a/scripts/install_tails/README.md
+++ b/scripts/install_tails/README.md
@@ -1,11 +1,19 @@
-# Steps to use (This has serious security concerns to tails threat model only run when you need to access haveno)
+# Install Haveno on Tails
 
-## 1. Enable persistent storage and admin password before starting tails
+Install Haveno on Tails by following these steps:
 
-## 2. Get your haveno deb file in persistent storage (amd64 version for tails)
-
-## 3. Edit the path to the haveno deb file if necessary then run ```sudo ./haveno-install.sh```
-## 4. As amnesia run ```source ~/.bashrc``` 
-## 5. Start haveno using ```haveno-tails```
-
-## You will need to run this script after each reset, but your data will be saved persistently in /home/amnesia/Persistence/Haveno
+1. Enable persistent storage dotfiles and admin password before starting tails.
+2. Download [haveno-install.sh](haveno-install.sh).
+3. Execute installation script:
+    
+    ```
+    bash haveno-install.sh "<REPLACE_WITH_BINARY_ZIP_URL>" "<REPLACE_WITH_PGP_FINGERPRINT>"
+    ```
+    
+    For example:
+  
+    ```
+    bash haveno-install.sh "https://github.com/havenoexample/haveno-example/releases/download/v1.0.11/haveno_amd64_deb-latest.zip" "FAA2 4D87 8B8D 36C9 0120 A897 CA02 DAC1 2DAE 2D0F"
+    ```
+    
+4. Upon successful execution of the script (no errors), the Haveno release will be installed to persistent storage and can be launched via the desktop shortcut in the 'Other' section of the start menu.
diff --git a/scripts/install_tails/assets/exec.sh b/scripts/install_tails/assets/exec.sh
new file mode 100644
index 00000000..ad0610a6
--- /dev/null
+++ b/scripts/install_tails/assets/exec.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+
+
+# This script serves as the execution entry point for the Haveno application from a desktop menu icon,
+# specifically tailored for use in the Tails OS. It is intended to be linked as the 'Exec' command
+# in a .desktop file, enabling users to start Haveno directly from the desktop interface.
+#
+# FUNCTIONAL OVERVIEW:
+# - Automatic installation and configuration of Haveno if not already set up.
+# - Linking Haveno data directories to persistent storage to preserve user data across sessions.
+#
+# NOTE:
+# This script assumes that Haveno's related utility scripts and files are correctly placed and accessible
+# in the specified directories.
+
+
+# Function to print messages in blue
+echo_blue() {
+  if [ -t 1 ]; then
+    # If File descriptor 1 (stdout) is open and refers to a terminal
+    echo -e "\033[1;34m$1\033[0m"
+  else
+    # If stdout is not a terminal, send a desktop notification
+    notify-send -i "/home/amnesia/Persistent/haveno/App/utils/icon.png" "Starting Haveno" "$1"
+  fi
+}
+
+
+# Function to print error messages in red
+echo_red() {
+  if [ -t 1 ]; then
+    # If File descriptor 1 (stdout) is open and refers to a terminal
+    echo -e "\033[0;31m$1\033[0m"
+  else
+    # If stdout is not a terminal, send a desktop notification
+    notify-send -u critical -i "error" "Staring Haveno" "$1\nExiting..."
+  fi
+}
+
+
+# Define file locations
+persistence_dir="/home/amnesia/Persistent"
+data_dir="${persistence_dir}/haveno/Data"
+
+
+# Create data dir
+mkdir -p "${data_dir}"
+
+
+# Check if Haveno is already installed and configured
+if [ ! -f "/opt/haveno/bin/Haveno" ] || [ ! -f "/etc/onion-grater.d/haveno.yml" ]; then
+  echo_blue "Installing Haveno and configuring system..."
+  pkexec "${persistence_dir}/haveno/App/utils/install.sh"
+  # Redirect user data to Tails Persistent Storage
+  ln -s "${data_dir}" /home/amnesia/.local/share/Haveno
+else
+  echo_blue "Haveno is already installed and configured."
+fi
+
+
+echo_blue "Starting Haveno..."
+/opt/haveno/bin/Haveno --torControlPort 951 --torControlCookieFile=/var/run/tor/control.authcookie --torControlUseSafeCookieAuth --userDataDir=${data_dir} --useTorForXmr=on --socks5ProxyXmrAddress=127.0.0.1:9050
diff --git a/scripts/install_tails/assets/haveno.desktop b/scripts/install_tails/assets/haveno.desktop
new file mode 100644
index 00000000..0160cfd7
--- /dev/null
+++ b/scripts/install_tails/assets/haveno.desktop
@@ -0,0 +1,9 @@
+[Desktop Entry]
+Name=Haveno
+Comment=A decentralized monero exchange network.
+Exec=/home/amnesia/Persistent/haveno/App/utils/exec.sh
+Icon=/home/amnesia/Persistent/haveno/App/utils/icon.png
+Terminal=false
+Type=Application
+Categories=Other
+MimeType=
diff --git a/scripts/install_tails/assets/haveno.yml b/scripts/install_tails/assets/haveno.yml
new file mode 100644
index 00000000..029327c7
--- /dev/null
+++ b/scripts/install_tails/assets/haveno.yml
@@ -0,0 +1,56 @@
+---
+- apparmor-profiles:
+    - '/opt/haveno/bin/Haveno'
+  users:
+    - 'amnesia'
+  commands:
+    AUTHCHALLENGE:
+      - 'SAFECOOKIE .*'
+    SETEVENTS:
+      - 'CIRC ORCONN INFO NOTICE WARN ERR HS_DESC HS_DESC_CONTENT'
+    GETINFO:
+      - pattern: 'status/bootstrap-phase'
+        response:
+          - pattern: '250-status/bootstrap-phase=*'
+            replacement: '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"'
+      - 'net/listeners/socks'
+    ADD_ONION:
+      - pattern:     'NEW:(\S+) Port=9999,(\S+)'
+        replacement: 'NEW:{} Port=9999,{client-address}:{}'
+      - pattern:     '(\S+):(\S+) Port=9999,(\S+)'
+        replacement: '{}:{} Port=9999,{client-address}:{}'
+    DEL_ONION:
+      - '.+'
+    HSFETCH:
+      - '.+'
+  events:
+    CIRC:
+      suppress: true
+    ORCONN:
+      suppress: true
+    INFO:
+      suppress: true
+    NOTICE:
+      suppress: true
+    WARN:
+      suppress: true
+    ERR:
+      suppress: true
+    HS_DESC:
+      response:
+        - pattern:     '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
+          replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
+        - pattern:     '650 HS_DESC UPLOAD (\S+) (\S+) .*'
+          replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
+        - pattern:     '650 HS_DESC UPLOADED (\S+) (\S+) .+'
+          replacement: '650 HS_DESC UPLOADED {} {} redacted'
+        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH'
+          replacement: '650 HS_DESC REQUESTED {} NO_AUTH'
+        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH \S+ \S+'
+          replacement: '650 HS_DESC REQUESTED {} NO_AUTH redacted redacted'
+        - pattern:     '650 HS_DESC RECEIVED (\S+) NO_AUTH \S+ \S+'
+          replacement: '650 HS_DESC RECEIVED {} NO_AUTH redacted redacted'
+        - pattern:     '.*'
+          replacement: ''
+    HS_DESC_CONTENT:
+      suppress: true
\ No newline at end of file
diff --git a/scripts/install_tails/assets/icon.png b/scripts/install_tails/assets/icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..4a50f0dd75e1bccf8dab441d20f84b58984004c0
GIT binary patch
literal 4126
zcmV+(5aI8MP)<h;3K|Lk000e1NJLTq004jh004jp1^@s6!#-il000l=Nkl<Zc-rin
zdrTZf9LL93G``{=KBCcBBc`_O4A6tNJhTTKyE9m-M)^bA)TSD1Y@+;8U-6lyF>TdE
zOiMJ@w9y*%pT<P}OA~D(j|$iaHVth7h0p>mWoD1#QMmg#bIm2R+`--69qb<aNxnIb
zC3C}lXLi2x+g;@1;^N}sl7S4DYj<&qt4)f(5EOR~v79{QlDV8)v-lQnV4rE=?SkPJ
zL2*b5rsx~wk~#ENd2SR2p`4PB1jVgVK`EF)7YB9iKIGzj)ahJMd|C<;)F;Tr*$76~
z3yK3$U_s{46S=n`7v}-qMK^G&eW{F0Mx5a{kc+br6}b<Y6dzRvra-;GvaUx-00><r
zjHOxX6}hArlaVSxv5<mP$z<9_%lU)mE)o>~CIy1wK0&qbIKwZh0fAf+!_V^W5L8<?
z$jH4Y3WAcC1;vw6kYbtsO8jWzvmS326#HYg%kY2lb>C3slKYWM^e>U?*dq-5u2j>M
zty{l*|E!<kRq8lr+Jl_o9qL#b72vv7f#N{TZcgzZ3FM5nL6&tZazUt1CpU3}JjD(C
zm7w^n6xc|krmn3<F@X2c)q;^4i@T0rpt|}Rw9pY$+bt*t8*7|1^7ORqLCIoytUk%M
zcd0>y7ATRxG%f`;*Q81DhRCcBhdPRfQ`B~YspE&yLPSvVwFAtLC@A%gpxU9dEHwsx
z9lYLa(L%v*<YY$@ysJwxDL%ptvJ5Q*IK>BC)1&I5x?&kFMrA6zQp=BAj<u7_wdFAO
z!ycIIY=_Y32*CIl1iL$7{Kx&^e}46x_C;+K1<fu%nTVkHSG$=%x@%k5@R&?Yz}Wse
z5RA-aza|7Fwd&F~$`po->{7d#Ken$H;${4&@8_eBCo<-aB|&kcoy;HJ@*F@Y2#GNA
z;cN5JS3hT@3^^H-k~Mal{gZ7ikSM`3-LozQ14b@%S9qY^w;Ya@t%R1+BKXT&EL8-}
z^5^4aE1*jrA2bqLQhr8GMHNugHpgzE4?-cZ!tkrlT-H{<o&z1ed^jeJZIVX+x$2R)
zRPQZ;6Xna}9S9d3TR9XAueICk54^V-tTOu9Ryc3uz-eE;n%&CGq;yCQnlt*cS^Ml~
z*-Mer0FUQ7LGdZO4S<myZ-Q0&_S8w^N|bpiREb(PW<F~f<OSq3IK`XnSab=zy$P&x
zYUg%kS{hUWy?WkE{oae5gt}MHq`1eHrPt~bfXPX)LhJf<%CNMk(OaTIWb}SB?Idy%
zCeya0%CI4Wgu~WZJx{*os`p8^Innq#B#OViT^W^DwU!nFkKX5yUnh4WCotg6zFAP*
zpNv6VO0A1WN()tDo|d5hmcKvgD^LT&Qv3dwo(xw2<0cq{wwhPe=cijLV8+M+_;KU}
z1SKCNW4>Aon-fUbDvfve3RF5zI1DOd<Dsi=_nep?8Q|xl{4bnpJCWTnt30<`y<3+{
z$pT7JLF#a6VR$g~8F|2G_^b=YrGeJ-Rt<~~^g}Ergn;&KTUGmWDOE&@*6(^`cQ_*-
zTQ$F}d_~G<l3G)bmaSB6D}@J0v$y!Ntz3id3#a?@2M<D^qXPn6oiNx?4;{6iLepbR
z{mpzR+OA+sg==J20u_1pSbaR}pR%y|uBNEPTR1%j=voo7D<;LCTQFapvR%VtsAqbC
zXm8}nqkysGZrhZIxlSIiaHFS6@#<9VnjJIX7EjMI41cS(go5G@spG;R6wNoPQx;~w
z+RnK~&!T^$mx;v{8S22iJ%;Aji57X9ClPg4coO;|R3JONaRdC%&e^;+5rkp<Kk;s}
zX;PbL^G$5(l328U<jd5yX;DNEwp46u(|FJpR4kSDQolWjpqA1@1(6nM6@?03ii#hg
z7jKo=V=k}zEChrK*?D(24m1l7gpllJW`3D@=bdMUqrZc>RZYv`2t5x)X))MJ3&EJK
z`9O^30&Th;``hS|Uxl>S`zr6_Gx(1F-IYW;z3c7O?w=Rd+xCRfa$`B!X!5HJCsEC}
zx@!+!U_|{`BNqbT^TarDuNN05>6)j5E;S#av8JRYdRmw!=7q9|lpRaXBK5nW4GU*$
zVmJS-x^{Dnp5I0O{pJBcV=)?88UWxm;H1DmVT+sHZl7h&*uNGH)B%WuIK6<lROd5W
z;sflWW&9v4>YzY%03spbUf`F?PO)#Gx0b@_`Jt7U?p+_B*v<ez$eC~ffJ&QjN5G=4
zUpd50`MwdH_pfSt=u>IFII|4^V8jBv^AGqJ_P1*{TIc+LpMu^0%W#-(cn|6oJ~vhe
zV9RnbPhYG!l8qP=TJ2j3Md+&MFe=*?0EXRZI_JvJfUd0mdc>WU902pZ00MWjM$fOz
zhZ}a%B2jat()bnufCfL)n4@l`htdswl-&7m<s5lB={!#7-I-bez?%{9_aELhWA-@B
zeJ~=}*9IK5E8!4b_jaI?Ed$`z$SkGwMi<iwXBQQkQqlo{BwC3(1jL<1Gm-yCO=Rcz
ze`n8rRIsH0Ob^{ggR<1=$kQkwkOu&$VkH+AhHx_gtZ5><mVJ?DFYZc81pw5ibjbz)
z{F1D8z)^U$Kj6Wj<7ZNj_@x5?LJT1j01#~C;zM!FvBSg+K$&6!04r9te?KZ#S^)Z8
z$K(NkKP4=iI;L(@RR)>f{;C1sy_SU301Uda(gE;3>KAQ`Z|3s<s*+*=fDIj03p3?C
zAS(cvK_C#63;-xdC9wmkmdyJ8d<*~(vHn*8ZVu0y0wAw+OB4k1;{cq@Y6<`x;LMu=
zc&ZlUeoNdo0G^D_AOXY%V4yK8D*#wsW#$0*>i}gNQozXmZE@^anF+k$PEpR$!^s2S
z`LY6l;gy*K;2S`H2rmH}^!+ae_tNF&qqYEmdkncU!WqH-#;mLWz)_6=o0$XPr-NS!
z0)VYfLMwm|d~twaIRMZprPFZZXBzTU_|x9ihtySu@t2?=`hX~?h(3sFE$_Ma?z)K^
z&djUc4_yW2SgSE+R7&{Af*94%>6(=mvb7P}n%mkUs9=3l2GxcuD*A#^*;?7>($wos
zoi+2_`5id}x3PQAbKdv7$Lsrphy69t^Zd?vKc46L{iN3d=<#Ld%b=gk*n_TZcqIy%
zFoqk3V*(H+fA*R2_To~$%Ou0*1xxrF4VyR>`***|cdu@>VwV|h_dm^BvxxTkjrc#O
z3j9pf1jr~aV<!DECK{Mhbv*hN&F}@Fw1laLN&?_!HRE%K{H%l_kU+gt0(=)O&;$@j
z089)GX1Dgg!$bo@1%zXuCV(IU;7Ywedo6^c!j(lJZB7t<&;)Q#05sG%7Q#ry0=2?j
zy_`3L1aWPt2|y<R%D;Gylt$bS#k+jPjWNO?s3riB0N6yQ;z6?O$yinBGSM5s9>P9A
z6M#T~uS$`8*J^94nMk0j<aik{8N9!wNE5&T0r0#A1jypSk5Tkg&~{>5xF&!D0^kZ=
zl-?rd14R;Gy&0VN70?98k^l$95dboC4>3`IhaUA8=`D+B0%S>mk8do(&R>{2nMg^P
zgo|GWTKS$5U~lIhzP+~jcsz6O2HsrrRMydQ_mg~E?fPjy13yzX0qlZLN|5^qT*-v_
z|GAWcg*2S9@$d&icVt}=#1zqk;bkhTf!I5Va3p(zi9-L)bIudMNYn^a5CF{~W@2ly
zNPZ2-qP`sLekm9gekFX8BrJVTfW`*T1tRK0%TL=Jviycs_M0z*0MynmQb56#i3Us#
z1rWg23q*y>bA^yK;ibGbumb&pR>GH=Z~UF+zjek6y9+oM2yg@{u1qwbJtK$!_V6fl
zeYHf)DWcoW5)d=mWl6(6E8IHO>K`o71Q0U^h&X~efGmB$wd7=HZX(qLI9WNI5}Ra7
z#I2M>0DK9+dQE_-N+9()j$@8PrZ+&TL~|z;LEx)5s|f%h2zoInu!YG4iVMW#5=P2q
z9RY9+O!Y)U{5KR2UnSid&X$Rl7^sKOHUi+wXHWc)0^SW?2}QppnE-eTW)lH$_iy+8
zDR}!S?O{`u!4b({fm|m5^pmmVi75L%$Gk?W(zx2(bnKHv033sIk^uPBe;c)2&O|+{
ziQ)3_wM+$|Pd^+pnq(ad54Jq&D+0XR*v_fwZ*8#W`YGX0k6~V&ch+z$_>!!zz;BN?
z`GNrJBGs05anA-iA;;Ptmhp@x(#g<uOa%^C1kb@3lFWTTUuz?$;=RUpA<5rda0~2W
z@cH&30fIXjpkV#K0Irs@PXj}(4V;Sa&1CH;O!CHv^Q1RKmSQ>?+672F!jA-)NXLV7
z7y%+0Lk@Ui``)&eQ-Ne5X<fxP@eWgov?+3X#>7Lb7|LZ`#U*yqeM<n$|0}eLH*SR)
zfouYdwmssS0Cs#-T+ClDit-m0CivFEO5RaW#kZQo*io3^uP!R*?@v#<-wE(PoZFa6
zVDpiV8(&K#03MoK0uaLg1i;3d`2n~Z#wEmTA;6)QW<L;MawKUOOd9Bh5~HFCFj99L
z|Fg4$_ilUMaeT3ArEmiD-&f7YcW$8s{uWWa{x35>Vki-sM=+KkjFu@0dt^&>Ob*5J
zLd>riNL+J17%KEKsC=H<<lECa@t|@7K)Idy9ViyT#*`o~Npu~PAHC%f<;h2+l7abb
zrXU>)E;fJZ-wA&x!FP}lg!U}O@fw?H7>NchwykE}1Zw5o3cdoL5u7{aeg1<{rW$mu
z;ov%4UU)QIDoB!*(4HkP#(DL^v)N3>a4b*>KU?|`Nf7>do)O?@8S6g%==TB31q@UK
zE{FfH%Z5?efdN*(Bp=ajm3(srm{&KKgpDo-NC-g?Xi^wZWlJTDHN26X!F&(88Fh-_
zMFjCgIh(#IIadAFdj-_9O{RZCITd^=ct7yTlpL#m>%9hcxA3)b+$|If3)>Vz#OiP?
ztlxTtz}Q(Gjyn!XfU~;W<DNZ;sVe$X3FDsJd+X_<)IU0up(9JuVg~;gb;rG<7`IO^
z$-jtcoKR3o1YU7kFZjXoDK2vG=BrCS&h=JJUqfg?2{(7}D#}O%EE|8t!YUH~tL5UQ
zksaW8Wj?q+C>z9{vIUsAvug<W*IFtLmCwgf((~OttX%p^^3G)%&M+FAdnxqq$q7&w
z|C%v~{)nOE+$))eyAd?JL4?tC+0lu+49rQ6B=au8yo6P>(U605MWD(qC@GFfR5-C$
zVH)0Iuq^KiXyL0%KJF?4cQFmM?dUK@GL!KlcGeyy|L=4>RKzs=1*l@C;zqSqWlR{K
zOWG?O#Cp#(l!NYcN{_wi==B#e4Fc3`78eOhd>Yramgc_3%mE53gbO6ZKW22HB#X5k
z0vJqVW&*Nl*}UP?5}u!bCez3bn6-rX=@Oo*F!FT?Hiv<A8#{MY7U6!5>YGluhK7cQ
chQ>4;17Cm-Ej(Fvng9R*07*qoM6N<$f;I!fCjbBd

literal 0
HcmV?d00001

diff --git a/scripts/install_tails/assets/install.sh b/scripts/install_tails/assets/install.sh
new file mode 100644
index 00000000..d49782ac
--- /dev/null
+++ b/scripts/install_tails/assets/install.sh
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+
+# This script automates the installation and configuration of Haveno on a Tails OS system,
+#
+# FUNCTIONAL OVERVIEW:
+# - Verification of the Haveno installer's presence.
+# - Installation of the Haveno application with dpkg.
+# - Removal of automatically created desktop icons to clean up after installation.
+# - Deployment of Tor configuration for Haveno.
+# - Restart of the onion-grater service to apply new configurations.
+#
+# The script requires administrative privileges to perform system modifications.
+
+
+# Function to print messages in blue
+echo_blue() {
+  if [ -t 1 ]; then
+    # If File descriptor 1 (stdout) is open and refers to a terminal
+    echo -e "\033[1;34m$1\033[0m"
+  else
+    # If stdout is not a terminal, send a desktop notification
+    notify-send -i "/home/amnesia/Persistent/haveno/App/utils/icon.png" "Starting Haveno" "$1"
+  fi
+}
+
+
+# Function to print error messages in red
+echo_red() {
+  if [ -t 1 ]; then
+    # If File descriptor 1 (stdout) is open and refers to a terminal
+    echo -e "\033[0;31m$1\033[0m"
+  else
+    # If stdout is not a terminal, send a desktop notification
+    notify-send -u critical -i "error" "Staring Haveno" "$1\nExiting..."
+  fi
+}
+
+
+# Define file locations
+persistence_dir="/home/amnesia/Persistent"
+app_dir="${persistence_dir}/haveno/App"
+install_dir="${persistence_dir}/haveno/Install"
+haveno_installer="${install_dir}/haveno.deb"
+haveno_config_file="${app_dir}/utils/haveno.yml"
+
+
+# Check if the Haveno installer exists
+if [ ! -f "${haveno_installer}" ]; then
+  echo_red "Haveno installer not found at ${haveno_installer}."
+  exit 1
+fi
+
+
+# Install Haveno
+echo_blue "Installing Haveno..."
+dpkg -i "${haveno_installer}" || { echo_red "Failed to install Haveno."; exit 1; }
+
+
+# Remove installed desktop menu icon
+rm -f /usr/share/applications/haveno-Haveno.desktop
+
+
+# Change access rights for Tor control cookie
+echo_blue "Changing access rights for Tor control cookie..."
+chmod o+r /var/run/tor/control.authcookie || { echo_red "Failed to change access rights for Tor control cookie."; exit 1; }
+
+
+# Copy haveno.yml configuration file
+echo_blue "Copying Tor onion-grater configuration to /etc/onion-grater.d/..."
+cp "${haveno_config_file}" /etc/onion-grater.d/haveno.yml || { echo_red "Failed to copy haveno.yml."; exit 1; }
+
+
+# Restart onion-grater service
+echo_blue "Restarting onion-grater service..."
+systemctl restart onion-grater.service || { echo_red "Failed to restart onion-grater service."; exit 1; }
+
+
+echo_blue "Haveno installation and configuration complete."
diff --git a/scripts/install_tails/haveno-install.sh b/scripts/install_tails/haveno-install.sh
index 534baa91..3f332cf2 100644
--- a/scripts/install_tails/haveno-install.sh
+++ b/scripts/install_tails/haveno-install.sh
@@ -1,77 +1,152 @@
 #!/bin/bash
 
-#############################################################################
-# Written by BrandyJson, with heavy inspiration from bisq.wiki tails script #
-#############################################################################
-echo "Installing dpkg from persistent, (1.07-1, if this is out of date change the deb path in the script or manually install after running"
-dpkg -i "/home/amnesia/Persistent/haveno_1.0.7-1_amd64.deb"
-echo -e "Allowing amnesia to read tor control port cookie, only run this script when you actually want to use haveno\n\n!!! not secure !!!\n"
-chmod o+r /var/run/tor/control.authcookie
-echo "Updating apparmor-profile"
-echo "---
-- apparmor-profiles:
-    - '/opt/haveno/bin/Haveno'
-  users:
-    - 'amnesia'
-  commands:
-    AUTHCHALLENGE:
-      - 'SAFECOOKIE .*'
-    SETEVENTS:
-      - 'CIRC ORCONN INFO NOTICE WARN ERR HS_DESC HS_DESC_CONTENT'
-    GETINFO:
-      - pattern: 'status/bootstrap-phase'
-        response:
-          - pattern: '250-status/bootstrap-phase=*'
-            replacement: '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"'
-      - 'net/listeners/socks'
-    ADD_ONION:
-      - pattern:     'NEW:(\S+) Port=9999,(\S+)'
-        replacement: 'NEW:{} Port=9999,{client-address}:{}'
-      - pattern:     '(\S+):(\S+) Port=9999,(\S+)'
-        replacement: '{}:{} Port=9999,{client-address}:{}'
-    DEL_ONION:
-      - '.+'
-    HSFETCH:
-      - '.+'
-  events:
-    CIRC:
-      suppress: true
-    ORCONN:
-      suppress: true
-    INFO:
-      suppress: true
-    NOTICE:
-      suppress: true
-    WARN:
-      suppress: true
-    ERR:
-      suppress: true
-    HS_DESC:
-      response:
-        - pattern:     '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
-          replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
-        - pattern:     '650 HS_DESC UPLOAD (\S+) (\S+) .*'
-          replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
-        - pattern:     '650 HS_DESC UPLOADED (\S+) (\S+) .+'
-          replacement: '650 HS_DESC UPLOADED {} {} redacted'
-        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH'
-          replacement: '650 HS_DESC REQUESTED {} NO_AUTH'
-        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH \S+ \S+'
-          replacement: '650 HS_DESC REQUESTED {} NO_AUTH redacted redacted'
-        - pattern:     '650 HS_DESC RECEIVED (\S+) NO_AUTH \S+ \S+'
-          replacement: '650 HS_DESC RECEIVED {} NO_AUTH redacted redacted'
-        - pattern:     '.*'
-          replacement: ''
-    HS_DESC_CONTENT:
-      suppress: true" > /etc/onion-grater.d/haveno.yml
-echo "Adding rule to iptables to allow for monero-wallet-rpc to work"
-iptables -I OUTPUT 2 -p tcp -d 127.0.0.1 -m tcp --dport 18081 -m owner --uid-owner 1855 -j ACCEPT
-echo "Updating torsocks to allow for inbound connection"
-sed -i 's/#AllowInbound/AllowInbound/g' /etc/tor/torsocks.conf 
 
-echo "Restarting onion-grater service"
+# This script facilitates the setup and installation of the Haveno application on Tails OS.
+#
+# FUNCTIONAL OVERVIEW:
+# - Creating necessary persistent directories and copying utility files.
+# - Downloading Haveno binary, signature file, and GPG key for verification.
+# - Importing and verifying the GPG key to ensure the authenticity of the download.
+# - Setting up desktop icons in both local and persistent directories.
 
-systemctl restart onion-grater.service
 
-echo "alias haveno-tails='torsocks /opt/haveno/bin/Haveno --torControlPort 951 --torControlCookieFile=/var/run/tor/control.authcookie --torControlUseSafeCookieAuth --useTorForXmr=ON --userDataDir=/home/amnesia/Persistent/'" >> /home/amnesia/.bashrc
-echo -e "Everything is set up just run\n\nsource ~/.bashrc\n\nThen you can start haveno using haveno-tails"
\ No newline at end of file
+# Function to print messages in blue
+echo_blue() {
+  echo -e "\033[1;34m$1\033[0m"
+}
+
+
+# Function to print error messages in red
+echo_red() {
+  echo -e "\033[0;31m$1\033[0m"
+}
+
+
+# Define version and file locations
+user_url=$1
+base_url=$(printf ${user_url} | awk -F'/' -v OFS='/' '{$NF=""}1')
+expected_fingerprint=$2
+binary_filename=$(awk -F'/' '{ print $NF }' <<< "$user_url")
+package_filename="haveno.deb"
+signature_filename="${binary_filename}.sig"
+key_filename="$(printf "$expected_fingerprint" | tr -d ' ' | sed -E 's/.*(................)/\1/' )".asc
+assets_dir="/tmp/assets"
+persistence_dir="/home/amnesia/Persistent"
+app_dir="${persistence_dir}/haveno/App"
+data_dir="${persistence_dir}/haveno/Data"
+install_dir="${persistence_dir}/haveno/Install"
+dotfiles_dir="/live/persistence/TailsData_unlocked/dotfiles"
+persistent_desktop_dir="$dotfiles_dir/.local/share/applications"
+local_desktop_dir="/home/amnesia/.local/share/applications"
+
+
+# Install dependencies
+echo_blue "Installing dependencies ..."
+sudo apt update && sudo apt install -y curl unzip
+
+
+# Remove stale resources
+rm -rf "${assets_dir}"
+
+
+# Create temp location for downloads
+echo_blue "Creating temporary directory for Haveno resources ..."
+mkdir "${assets_dir}" || { echo_red "Failed to create directory ${assets_dir}"; exit 1; }
+
+
+# Download resources
+echo_blue "Downloading resources for Haveno on Tails ..."
+curl --retry 10 --retry-delay 5 -fsSLo /tmp/assets/exec.sh https://github.com/haveno-dex/haveno/raw/master/scripts/install_tails/assets/exec.sh || { echo_red "Failed to download resource (exec.sh)."; exit 1; }
+curl --retry 10 --retry-delay 5 -fsSLo /tmp/assets/install.sh https://github.com/haveno-dex/haveno/raw/master/scripts/install_tails/assets/install.sh || { echo_red "Failed to download resource (install.sh)."; exit 1; }
+curl --retry 10 --retry-delay 5 -fsSLo /tmp/assets/haveno.desktop https://github.com/haveno-dex/haveno/raw/master/scripts/install_tails/assets/haveno.desktop || { echo_red "Failed to resource (haveno.desktop)."; exit 1; }
+curl --retry 10 --retry-delay 5 -fsSLo /tmp/assets/icon.png https://raw.githubusercontent.com/haveno-dex/haveno/master/scripts/install_tails/assets/icon.png || { echo_red "Failed to download resource (icon.png)."; exit 1; }
+curl --retry 10 --retry-delay 5 -fsSLo /tmp/assets/haveno.yml https://github.com/haveno-dex/haveno/raw/master/scripts/install_tails/assets/haveno.yml || { echo_red "Failed to download resource (haveno.yml)."; exit 1; }
+
+
+# Create persistent directory
+echo_blue "Creating persistent directory for Haveno ..."
+mkdir -p "${app_dir}" || { echo_red "Failed to create directory ${app_dir}"; exit 1; }
+
+
+# Copy utility files to persistent storage and make scripts executable
+echo_blue "Copying haveno utility files to persistent storage ..."
+rsync -av "${assets_dir}/" "${app_dir}/utils/" || { echo_red "Failed to rsync files to ${app_dir}/utils/"; exit 1; }
+find "${app_dir}/utils/" -type f -name "*.sh" -exec chmod +x {} \; || { echo_red "Failed to make scripts executable"; exit 1; }
+
+
+echo_blue "Creating desktop menu icon ..."
+# Create desktop directories
+mkdir -p "${local_desktop_dir}"
+mkdir -p "${persistent_desktop_dir}"
+
+
+# Copy .desktop file to persistent directory
+cp "${assets_dir}/haveno.desktop" "${persistent_desktop_dir}"  || { echo_red "Failed to copy .desktop file to persistent directory $persistent_desktop_dir"; exit 1; }
+
+
+# Create a symbolic link to it in the local .desktop directory, if it doesn't exist
+if [ ! -L "${local_desktop_dir}/haveno.desktop" ]; then
+    ln -s "${persistent_desktop_dir}/haveno.desktop" "${local_desktop_dir}/haveno.desktop" || { echo_red "Failed to create symbolic link for .desktop file"; exit 1; }
+fi
+
+
+# Download Haveno binary
+echo_blue "Downloading Haveno from URL provided ..."
+curl --retry 10 --retry-delay 5 -L -o "${binary_filename}" "${user_url}" || { echo_red "Failed to download Haveno binary."; exit 1; }
+
+
+# Download Haveno signature file
+echo_blue "Downloading Haveno signature ..."
+curl --retry 10 --retry-delay 5 -L -o "${signature_filename}" "${base_url}""${signature_filename}" || { echo_red "Failed to download Haveno signature."; exit 1; }
+
+
+# Download the GPG key
+echo_blue "Downloading signing GPG key ..."
+curl --retry 10 --retry-delay 5 -L -o "${key_filename}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x$(echo "$expected_fingerprint" | tr -d ' ')" || { echo_red "Failed to download GPG key."; exit 1; }
+
+
+# Import the GPG key
+echo_blue "Importing the GPG key ..."
+gpg --import "${key_filename}" || { echo_red "Failed to import GPG key."; exit 1; }
+
+
+# Extract imported fingerprints
+imported_fingerprints=$(gpg --with-colons --fingerprint | grep -A 1 'pub' | grep 'fpr' | cut -d: -f10 | tr -d '\n')
+
+
+# Remove spaces from the expected fingerprint for comparison
+formatted_expected_fingerprint=$(echo "${expected_fingerprint}" | tr -d ' ')
+
+
+# Check if the expected fingerprint is in the list of imported fingerprints
+if [[ ! "${imported_fingerprints}" =~ "${formatted_expected_fingerprint}" ]]; then
+  echo_red "The imported GPG key fingerprint does not match the expected fingerprint."
+  exit 1
+fi
+
+
+# Verify the downloaded binary with the signature
+echo_blue "Verifying the signature of the downloaded file ..."
+OUTPUT=$(gpg --digest-algo SHA256 --verify "${signature_filename}" "${binary_filename}" 2>&1)
+
+if ! echo "$OUTPUT" | grep -q "Good signature from"; then
+    echo_red "Verification failed: $OUTPUT"
+    exit 1;
+    else unzip "${binary_filename}" && mv haveno*.deb "${package_filename}"
+fi
+
+echo_blue "Haveno binaries have been successfully verified."
+
+
+# Move the binary and its signature to the persistent directory
+mkdir -p "${install_dir}"
+
+
+# Delete old Haveno binaries
+#rm -f "${install_dir}/"*.deb*
+mv "${binary_filename}" "${package_filename}" "${key_filename}" "${signature_filename}" "${install_dir}"
+echo_blue "Files moved to persistent directory ${install_dir}"
+
+
+# Completed confirmation
+echo_blue "Haveno installation setup completed successfully."