Merge remote-tracking branch 'origin/bugfix/9896-abstract-chroot-browser-configs' into devel

Fix-committed: #9896

Merge remote-tracking branch 'origin/bugfix/9896-abstract-chroot-browser-configs' into devel
Fix-committed: #9896
525d469b · intrigeri · d2f6fe03 · f8b7ba35 · 525d469b · 525d469b
Commit 525d469b authored Feb 11, 2016 by intrigeri
12 changed files
--- a/config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh
@@ -132,8 +132,10 @@ configure_chroot_browser_profile () {

    # Set preferences
    local browser_prefs="${browser_profile}/preferences/prefs.js"
+    local chroot_browser_config="/usr/share/tails/chroot-browsers"
    mkdir -p "$(dirname "${browser_prefs}")"
-    cp "/usr/share/tails/${browser_name}/prefs.js" "${browser_prefs}"
+    cat "${chroot_browser_config}/common/prefs.js" \
+        "${chroot_browser_config}/${browser_name}/prefs.js" > "${browser_prefs}"

    # Set browser home page to something that explains what's going on
    if [ -n "${home_page}" ]; then
@@ -145,12 +147,14 @@ configure_chroot_browser_profile () {
    rm "${chroot}/${TBB_PROFILE}/bookmarks.html"

    # Set an appropriate theme
-    cat "/usr/share/tails/${browser_name}/theme.js" >> "${browser_prefs}"
+    cat "${chroot_browser_config}/${browser_name}/theme.js" >> "${browser_prefs}"

    # Customize the GUI.
    local browser_chrome="${browser_profile}/chrome/userChrome.css"
    mkdir -p "$(dirname "${browser_chrome}")"
-    cat "/usr/share/tails/${browser_name}/userChrome.css" >> "${browser_chrome}"
+    cat "${chroot_browser_config}/common/userChrome.css" \
+        "${chroot_browser_config}/${browser_name}/userChrome.css" >> \
+            "${browser_chrome}"

    set_chroot_browser_permissions "${chroot}" "${browser_name}" "${browser_user}"
 }

--- a/config/chroot_local-includes/usr/share/tails/unsafe-browser/prefs.js
+++ b/config/chroot_local-includes/usr/share/tails/unsafe-browser/prefs.js
-// Disable proxying in the chroot
-pref("network.proxy.type", 0);
-pref("network.proxy.socks_remote_dns", false);
-
 // Disable update checking
 pref("app.update.enabled", false);
 pref("extensions.update.enabled", false);

-/* Prevent File -> Print or CTRL+P from causing the browser to hang
-   for several minutes while trying to communicate with CUPS, since
-   access to port 631 isn't allowed through. */
-pref("print.postscript.cups.enabled", false);
-// Hide "Get Addons" in Add-ons manager
-pref("extensions.getAddons.showPane", false);
-
-/* Google seems like the least suspicious choice of default search
-   engine for the Unsafe Browser's in-the-clear traffic. */
-user_pref("browser.search.defaultenginename", "Google");
-user_pref("browser.search.selectedEngine", "Google");
-
 // Disable fetching of the new tab page's Tiles links/ads. Ads are
 // generally unwanted, and also the fetching is a "phone home" type of
 // feature that generates traffic at least the first time the browser
-// is started.
+// is started. It won't work in e.g. the I2P Browser, too.
 pref("browser.newtabpage.directory.source", "");
 pref("browser.newtabpage.directory.ping", "");
 // ... and disable the explanation shown the first time
 pref("browser.newtabpage.introShown", true);

-// Don't use geographically specific search prefs, like
-// browser.search.*.US for US locales. Our generated amnesia branding
-// add-on localizes search-engines in an incompatible but equivalent
-// way.
-pref("browser.search.geoSpecificDefaults", false);
+/* Prevent File -> Print or CTRL+P from causing the browser to hang
+   for several minutes while trying to communicate with CUPS, since
+   access to port 631 isn't allowed through. */
+pref("print.postscript.cups.enabled", false);

-// Without setting this, the Download Management page will not update
-// the progress being made.
-pref("browser.download.panel.shown", true);
+// Hide "Get Addons" in Add-ons manager
+pref("extensions.getAddons.showPane", false);
--- a/config/chroot_local-includes/usr/share/tails/unsafe-browser/userChrome.css
+++ b/config/chroot_local-includes/usr/share/tails/unsafe-browser/userChrome.css
-/* Required, do not remove */
 @namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");

-/* Hide Firefox Sync options. Sync hasn't been audited by the
-   Tor Browser developers yet (Tor bug #10368), and it doesn't seem to
-   work any way (Tor bug #13279). Weak passwords would be a pretty
-   serious issue too. */
+/* Hide Firefox Sync options. It will not work with the I2P Browser
+   and will only promote unsupported use cases for the Unsafe Browser. */
 #BrowserPreferences radio[pane="paneSync"],
 #sync-button,
 #sync-menu-button,
@@ -18,20 +15,23 @@
   Tools -> Add-ons link to the Add-ons manager. We do not want to
   encourage installing such things as it's not part of the supported
   use-cases and may have privacy issues. Also they will not persist a
-   restart, which is just confusing. */
+   restart, which is just confusing. In the I2P Browser, many of these
+   features will not work any way. */
 #menu_openApps,
 #menu_openAddons,          /* traditional menu */
 #add-ons-button,           /* new style Firefox menu */
 #wrapper-add-ons-button,   /* Customize toolbar */

 /* Hide the "Share this page" button in the Tool bar, which encourages
-   the use of social (= tracking) networks. Note that this one likely
-   will be removed upstream in the final Tor Browser 5.0 release. */
+   the use of social (= tracking) networks. These will not work in the
+   I2P browser any way.  */
 #social-share-button,

-/* Hide TorBrowser Health Report and its configuration option */
+/* Hide the Health Report and its configuration option. It's just a
+   blank page, for some reason. */
 #appmenu_healthReport,
 #dataChoicesTab,
 #healthReport

+/* Do the actual hiding. */
 {display: none !important}
--- a/config/chroot_local-includes/usr/share/tails/i2p-browser/prefs.js
+++ b/config/chroot_local-includes/usr/share/tails/i2p-browser/prefs.js
@@ -7,21 +7,9 @@ pref("network.proxy.http_port", 4444);
 pref("network.proxy.no_proxies_on", "127.0.0.1");
 pref("network.proxy.ssl", "127.0.0.1");
 pref("network.proxy.ssl_port", 4444);
+
 // Disable searching from the URL bar
 pref("keyword.enabled", false);
-// Hide "Get Addons" in Add-ons manager
-pref("extensions.getAddons.showPane", false);
-/* Prevent File -> Print or CTRL+P from causing the browser to hang
-   for several minutes while trying to communicate with CUPS, since
-   access to port 631 isn't allowed through. */
-pref("print.postscript.cups.enabled", false);
-
-// Disable fetching of the new tab page's Tiles links/ads. It will not
-// work in the I2P Browser.
-pref("browser.newtabpage.directory.source", "");
-pref("browser.newtabpage.directory.ping", "");
-// ... and disable the explanation shown the first time
-pref("browser.newtabpage.introShown", true);

 // Without setting this, the Download Management page will not update
 // the progress being made.

--- a/config/chroot_local-includes/usr/share/tails/i2p-browser/theme.js
+++ b/config/chroot_local-includes/usr/share/tails/i2p-browser/theme.js
--- a/config/chroot_local-includes/usr/share/tails/i2p-browser/userChrome.css
+++ b/config/chroot_local-includes/usr/share/tails/i2p-browser/userChrome.css
-/* Required, do not remove */
 @namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");

 /* Hide access to the bookmarks to try to prevent "data loss" due to users
@@ -24,17 +23,6 @@
 #wrapper-history-button,
 #wrapper-bookmarks-button,

-/* Hide the Tools -> Apps link to the Firefox Marketplace, and
-   Tools -> Add-ons link to the Add-ons manager. We do not want to
-   encourage installing such things as it's not part of the supported
-   use-cases and may have privacy issues. Also they will not persist a
-   restart, which is just confusing. In the I2P Browser, many of these
-   features will not work any way. */
-#menu_openApps,
-#menu_openAddons,          /* traditional menu */
-#add-ons-button,           /* new style Firefox menu */
-#wrapper-add-ons-button,   /* Customize toolbar */
-
 /* Hide the sidebar menu (underneath View) since the default sidebars consist
 * of history and bookmarks.  Also disable the bookmark toolbar.
 */
@@ -66,27 +54,6 @@ menuitem[command="Browser:SendLink"],
 [command="cmd_print"],
 */

-/* Hide the sync functionality which won't work with I2P */
-#BrowserPreferences radio[pane="paneSync"],
-#sync-button,
-#sync-menu-button,
-#sync-setup,
-#sync-setup-appmenu,
-#sync-status-button,
-#sync-syncnowitem-appmenu,
-#wrapper-sync-button,
-
-/* Hide the "Share this page" button in the Tool bar, which encourages
-   the use of social (= tracking) networks. These will not work in the
-   I2P browser any way. Note that this one likely will be removed
-   upstream in the final Tor Browser 5.0 release. */
-#social-share-button,
-
-/* Hide the "Keyboard shortcuts" and "Tour" options from
-from the Help menu */
-#menu_keyboardShortcuts,
-#menu_openTour,
-
 /* Without I2P search engines defined, the search bar is useless.
 *  Since there are no I2P search engines added to Tails (yet),
 *  let's hide it and the Update Pane in Firefox's Preferences.
@@ -94,9 +61,9 @@ from the Help menu */
 #search-container,
 #updateTab,

-/* Hide options in the Help menu that lead to disallowed resources on the
- * Internet.
- */
+/* Hide options that lead to resources inaccessible over I2P */
+#menu_keyboardShortcuts,
+#menu_openTour,
 #appmenu_feedbackPage,
 #appmenu_gettingStarted,
 #appmenu_openHelp,
@@ -107,12 +74,7 @@ from the Help menu */

 /* Hide the TorButton button from the toolbar */
 #torbutton-button,
-#wrapper-torbutton-button,
-
-/* Hide TorBrowser Health Report and its configuration option */
-#appmenu_healthReport,
-#dataChoicesTab,
-#healthReport
+#wrapper-torbutton-button

-/* Now the actual hiding */
+/* Do the actual hiding. */
 {display: none !important}
--- a/config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js
+++ b/config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js
+// Disable proxying in the chroot
+pref("network.proxy.type", 0);
+pref("network.proxy.socks_remote_dns", false);
+
+/* Google seems like the least suspicious choice of default search
+   engine for the Unsafe Browser's in-the-clear traffic. */
+user_pref("browser.search.defaultenginename", "Google");
+user_pref("browser.search.selectedEngine", "Google");
+
+// Don't use geographically specific search prefs, like
+// browser.search.*.US for US locales. Our generated amnesia branding
+// add-on localizes search-engines in an incompatible but equivalent
+// way.
+pref("browser.search.geoSpecificDefaults", false);
+
+// Without setting this, the Download Management page will not update
+// the progress being made.
+pref("browser.download.panel.shown", true);
--- a/config/chroot_local-includes/usr/share/tails/unsafe-browser/theme.js
+++ b/config/chroot_local-includes/usr/share/tails/unsafe-browser/theme.js
--- a/config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/userChrome.css
+++ b/config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/userChrome.css
+@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
--- a/features/step_definitions/unsafe_browser.rb
+++ b/features/step_definitions/unsafe_browser.rb
@@ -166,14 +166,14 @@ Then /^the Unsafe Browser complains that no DNS server is configured$/ do
 end

 Then /^I configure the Unsafe Browser to check for updates more frequently$/ do
-  prefs = '/usr/share/tails/unsafe-browser/prefs.js'
+  prefs = '/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js'
  $vm.file_append(prefs, 'pref("app.update.idletime", 1);')
  $vm.file_append(prefs, 'pref("app.update.promptWaitTime", 1);')
  $vm.file_append(prefs, 'pref("app.update.interval", 5);')
 end

 But /^checking for updates is disabled in the Unsafe Browser's configuration$/ do
-  prefs = '/usr/share/tails/unsafe-browser/prefs.js'
+  prefs = '/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js'
  assert($vm.file_content(prefs).include?('pref("app.update.enabled", false)'))
 end


--- a/wiki/src/contribute/design/I2P_Browser.mdwn
+++ b/wiki/src/contribute/design/I2P_Browser.mdwn
@@ -55,4 +55,4 @@ Code
 * [[!tails_gitweb config/chroot_local-includes/usr/local/lib/tails-shell-library/i2p.sh]]
 * [[!tails_gitweb config/chroot_local-includes/usr/share/applications/i2p.desktop.in]]
 * [[!tails_gitweb config/chroot_local-includes/lib/live/config/2080-install-i2p]]
-* [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/i2p-browser]]
+* [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/chroot-browsers/]]
--- a/wiki/src/contribute/design/Unsafe_Browser.mdwn
+++ b/wiki/src/contribute/design/Unsafe_Browser.mdwn
@@ -83,4 +83,4 @@ Code
 * [[!tails_gitweb config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh]]
 * [[!tails_gitweb config/chroot_local-includes/usr/share/applications/unsafe-browser.desktop.in]]
 * [[!tails_gitweb config/chroot_local-includes/etc/sudoers.d/zzz_unsafe-browser]]
-* [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/unsafe-browser]]
+* [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/chroot-browsers/]]