Commit 525d469b authored by intrigeri's avatar intrigeri

Merge remote-tracking branch 'origin/bugfix/9896-abstract-chroot-browser-configs' into devel

Fix-committed: #9896
parents d2f6fe03 f8b7ba35
......@@ -132,8 +132,10 @@ configure_chroot_browser_profile () {
# Set preferences
local browser_prefs="${browser_profile}/preferences/prefs.js"
local chroot_browser_config="/usr/share/tails/chroot-browsers"
mkdir -p "$(dirname "${browser_prefs}")"
cp "/usr/share/tails/${browser_name}/prefs.js" "${browser_prefs}"
cat "${chroot_browser_config}/common/prefs.js" \
"${chroot_browser_config}/${browser_name}/prefs.js" > "${browser_prefs}"
# Set browser home page to something that explains what's going on
if [ -n "${home_page}" ]; then
......@@ -145,12 +147,14 @@ configure_chroot_browser_profile () {
rm "${chroot}/${TBB_PROFILE}/bookmarks.html"
# Set an appropriate theme
cat "/usr/share/tails/${browser_name}/theme.js" >> "${browser_prefs}"
cat "${chroot_browser_config}/${browser_name}/theme.js" >> "${browser_prefs}"
# Customize the GUI.
local browser_chrome="${browser_profile}/chrome/userChrome.css"
mkdir -p "$(dirname "${browser_chrome}")"
cat "/usr/share/tails/${browser_name}/userChrome.css" >> "${browser_chrome}"
cat "${chroot_browser_config}/common/userChrome.css" \
"${chroot_browser_config}/${browser_name}/userChrome.css" >> \
"${browser_chrome}"
set_chroot_browser_permissions "${chroot}" "${browser_name}" "${browser_user}"
}
......
// Disable proxying in the chroot
pref("network.proxy.type", 0);
pref("network.proxy.socks_remote_dns", false);
// Disable update checking
pref("app.update.enabled", false);
pref("extensions.update.enabled", false);
/* Prevent File -> Print or CTRL+P from causing the browser to hang
for several minutes while trying to communicate with CUPS, since
access to port 631 isn't allowed through. */
pref("print.postscript.cups.enabled", false);
// Hide "Get Addons" in Add-ons manager
pref("extensions.getAddons.showPane", false);
/* Google seems like the least suspicious choice of default search
engine for the Unsafe Browser's in-the-clear traffic. */
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
// Disable fetching of the new tab page's Tiles links/ads. Ads are
// generally unwanted, and also the fetching is a "phone home" type of
// feature that generates traffic at least the first time the browser
// is started.
// is started. It won't work in e.g. the I2P Browser, too.
pref("browser.newtabpage.directory.source", "");
pref("browser.newtabpage.directory.ping", "");
// ... and disable the explanation shown the first time
pref("browser.newtabpage.introShown", true);
// Don't use geographically specific search prefs, like
// browser.search.*.US for US locales. Our generated amnesia branding
// add-on localizes search-engines in an incompatible but equivalent
// way.
pref("browser.search.geoSpecificDefaults", false);
/* Prevent File -> Print or CTRL+P from causing the browser to hang
for several minutes while trying to communicate with CUPS, since
access to port 631 isn't allowed through. */
pref("print.postscript.cups.enabled", false);
// Without setting this, the Download Management page will not update
// the progress being made.
pref("browser.download.panel.shown", true);
// Hide "Get Addons" in Add-ons manager
pref("extensions.getAddons.showPane", false);
/* Required, do not remove */
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
/* Hide Firefox Sync options. Sync hasn't been audited by the
Tor Browser developers yet (Tor bug #10368), and it doesn't seem to
work any way (Tor bug #13279). Weak passwords would be a pretty
serious issue too. */
/* Hide Firefox Sync options. It will not work with the I2P Browser
and will only promote unsupported use cases for the Unsafe Browser. */
#BrowserPreferences radio[pane="paneSync"],
#sync-button,
#sync-menu-button,
......@@ -18,20 +15,23 @@
Tools -> Add-ons link to the Add-ons manager. We do not want to
encourage installing such things as it's not part of the supported
use-cases and may have privacy issues. Also they will not persist a
restart, which is just confusing. */
restart, which is just confusing. In the I2P Browser, many of these
features will not work any way. */
#menu_openApps,
#menu_openAddons, /* traditional menu */
#add-ons-button, /* new style Firefox menu */
#wrapper-add-ons-button, /* Customize toolbar */
/* Hide the "Share this page" button in the Tool bar, which encourages
the use of social (= tracking) networks. Note that this one likely
will be removed upstream in the final Tor Browser 5.0 release. */
the use of social (= tracking) networks. These will not work in the
I2P browser any way. */
#social-share-button,
/* Hide TorBrowser Health Report and its configuration option */
/* Hide the Health Report and its configuration option. It's just a
blank page, for some reason. */
#appmenu_healthReport,
#dataChoicesTab,
#healthReport
/* Do the actual hiding. */
{display: none !important}
......@@ -7,21 +7,9 @@ pref("network.proxy.http_port", 4444);
pref("network.proxy.no_proxies_on", "127.0.0.1");
pref("network.proxy.ssl", "127.0.0.1");
pref("network.proxy.ssl_port", 4444);
// Disable searching from the URL bar
pref("keyword.enabled", false);
// Hide "Get Addons" in Add-ons manager
pref("extensions.getAddons.showPane", false);
/* Prevent File -> Print or CTRL+P from causing the browser to hang
for several minutes while trying to communicate with CUPS, since
access to port 631 isn't allowed through. */
pref("print.postscript.cups.enabled", false);
// Disable fetching of the new tab page's Tiles links/ads. It will not
// work in the I2P Browser.
pref("browser.newtabpage.directory.source", "");
pref("browser.newtabpage.directory.ping", "");
// ... and disable the explanation shown the first time
pref("browser.newtabpage.introShown", true);
// Without setting this, the Download Management page will not update
// the progress being made.
......
/* Required, do not remove */
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
/* Hide access to the bookmarks to try to prevent "data loss" due to users
......@@ -24,17 +23,6 @@
#wrapper-history-button,
#wrapper-bookmarks-button,
/* Hide the Tools -> Apps link to the Firefox Marketplace, and
Tools -> Add-ons link to the Add-ons manager. We do not want to
encourage installing such things as it's not part of the supported
use-cases and may have privacy issues. Also they will not persist a
restart, which is just confusing. In the I2P Browser, many of these
features will not work any way. */
#menu_openApps,
#menu_openAddons, /* traditional menu */
#add-ons-button, /* new style Firefox menu */
#wrapper-add-ons-button, /* Customize toolbar */
/* Hide the sidebar menu (underneath View) since the default sidebars consist
* of history and bookmarks. Also disable the bookmark toolbar.
*/
......@@ -66,27 +54,6 @@ menuitem[command="Browser:SendLink"],
[command="cmd_print"],
*/
/* Hide the sync functionality which won't work with I2P */
#BrowserPreferences radio[pane="paneSync"],
#sync-button,
#sync-menu-button,
#sync-setup,
#sync-setup-appmenu,
#sync-status-button,
#sync-syncnowitem-appmenu,
#wrapper-sync-button,
/* Hide the "Share this page" button in the Tool bar, which encourages
the use of social (= tracking) networks. These will not work in the
I2P browser any way. Note that this one likely will be removed
upstream in the final Tor Browser 5.0 release. */
#social-share-button,
/* Hide the "Keyboard shortcuts" and "Tour" options from
from the Help menu */
#menu_keyboardShortcuts,
#menu_openTour,
/* Without I2P search engines defined, the search bar is useless.
* Since there are no I2P search engines added to Tails (yet),
* let's hide it and the Update Pane in Firefox's Preferences.
......@@ -94,9 +61,9 @@ from the Help menu */
#search-container,
#updateTab,
/* Hide options in the Help menu that lead to disallowed resources on the
* Internet.
*/
/* Hide options that lead to resources inaccessible over I2P */
#menu_keyboardShortcuts,
#menu_openTour,
#appmenu_feedbackPage,
#appmenu_gettingStarted,
#appmenu_openHelp,
......@@ -107,12 +74,7 @@ from the Help menu */
/* Hide the TorButton button from the toolbar */
#torbutton-button,
#wrapper-torbutton-button,
/* Hide TorBrowser Health Report and its configuration option */
#appmenu_healthReport,
#dataChoicesTab,
#healthReport
#wrapper-torbutton-button
/* Now the actual hiding */
/* Do the actual hiding. */
{display: none !important}
// Disable proxying in the chroot
pref("network.proxy.type", 0);
pref("network.proxy.socks_remote_dns", false);
/* Google seems like the least suspicious choice of default search
engine for the Unsafe Browser's in-the-clear traffic. */
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
// Don't use geographically specific search prefs, like
// browser.search.*.US for US locales. Our generated amnesia branding
// add-on localizes search-engines in an incompatible but equivalent
// way.
pref("browser.search.geoSpecificDefaults", false);
// Without setting this, the Download Management page will not update
// the progress being made.
pref("browser.download.panel.shown", true);
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
......@@ -166,14 +166,14 @@ Then /^the Unsafe Browser complains that no DNS server is configured$/ do
end
Then /^I configure the Unsafe Browser to check for updates more frequently$/ do
prefs = '/usr/share/tails/unsafe-browser/prefs.js'
prefs = '/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js'
$vm.file_append(prefs, 'pref("app.update.idletime", 1);')
$vm.file_append(prefs, 'pref("app.update.promptWaitTime", 1);')
$vm.file_append(prefs, 'pref("app.update.interval", 5);')
end
But /^checking for updates is disabled in the Unsafe Browser's configuration$/ do
prefs = '/usr/share/tails/unsafe-browser/prefs.js'
prefs = '/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js'
assert($vm.file_content(prefs).include?('pref("app.update.enabled", false)'))
end
......
......@@ -55,4 +55,4 @@ Code
* [[!tails_gitweb config/chroot_local-includes/usr/local/lib/tails-shell-library/i2p.sh]]
* [[!tails_gitweb config/chroot_local-includes/usr/share/applications/i2p.desktop.in]]
* [[!tails_gitweb config/chroot_local-includes/lib/live/config/2080-install-i2p]]
* [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/i2p-browser]]
* [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/chroot-browsers/]]
......@@ -83,4 +83,4 @@ Code
* [[!tails_gitweb config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh]]
* [[!tails_gitweb config/chroot_local-includes/usr/share/applications/unsafe-browser.desktop.in]]
* [[!tails_gitweb config/chroot_local-includes/etc/sudoers.d/zzz_unsafe-browser]]
* [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/unsafe-browser]]
* [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/chroot-browsers/]]
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment