Bundle our custom prefs into the Tor Browser's omni.ja (refs: #15023)

Shipping them in user.js has a few downsides: - They override whatever is in prefs.js so basically prefs in user.js are locked: any modification done in about:config will be reverted next time Tor Browser starts, which can be a PITA when developing Tails. - In about:config, all these prefs are listed as modified by the user, which feels wrong. - It makes it harder for derivatives to implement things properly.

Bundle our custom prefs into the Tor Browser's omni.ja (refs: #15023)
Shipping them in user.js has a few downsides: - They override whatever is in prefs.js so basically prefs in user.js are locked: any modification done in about:config will be reverted next time Tor Browser starts, which can be a PITA when developing Tails. - In about:config, all these prefs are listed as modified by the user, which feels wrong. - It makes it harder for derivatives to implement things properly.
b52a5596 · intrigeri · cbeee47a · b52a5596 · b52a5596 · b52a5596
Commit b52a5596 authored Jul 03, 2018 by intrigeri
5 changed files
--- a/config/chroot_local-hooks/10-tbb
+++ b/config/chroot_local-hooks/10-tbb
@@ -216,6 +216,9 @@ apply_prefs_hacks() {
 	perl -pi -E \
 	    's/^(pref\("browser.uiCustomization.state",.*\\"loop-button\\")/$1,\\"stop-reload-button\\"/' \
 	    defaults/preferences/000-tor-browser.js
+	# Append our custom prefs
+	cat /usr/share/tails/tor-browser-prefs.js \
+	    >> defaults/preferences/000-tor-browser.js
 	touch --date="@${tbb_timestamp}" defaults/preferences/000-tor-browser.js
        rm "${tbb_install}/browser/omni.ja"
        7z a -mtc=off -tzip "${tbb_install}/browser/omni.ja" *

--- a/config/chroot_local-includes/etc/tor-browser/profile/user.js
+++ b/config/chroot_local-includes/etc/tor-browser/profile/user.js
 // As suggested in TBB's start-tor-browser script for system-wide Tor
 // instances
-user_pref("network.security.ports.banned", "631,6136,4444,4445,6668,7656,7657,7658,7659,7660,8998,9040,9050,9062,9150,9051");
-user_pref("extensions.torbutton.launch_warning",  false);
+pref("network.security.ports.banned", "631,6136,4444,4445,6668,7656,7657,7658,7659,7660,8998,9040,9050,9062,9150,9051");
+pref("extensions.torbutton.launch_warning",  false);

 // Tails-specific configuration below

 // Since the slider notification will be shown everytime at each Tails
 // boot, which is bad (nagging) UX, we disable it.
-user_pref("extensions.torbutton.show_slider_notification", false);
+pref("extensions.torbutton.show_slider_notification", false);

 // Disable the Tor Browser's automatic update checking
-user_pref("app.update.enabled", false);
+pref("app.update.enabled", false);

 // Suppress prompt and always spoof useragent as English
-user_pref("extensions.torbutton.spoof_english", true);
-user_pref("extensions.torbutton.prompted_language", true);
+pref("extensions.torbutton.spoof_english", true);
+pref("extensions.torbutton.prompted_language", true);

 // Tails-specific Torbutton preferences
-user_pref("extensions.torbutton.lastUpdateCheck", "9999999999.999");
-user_pref("extensions.torbutton.test_enabled", false); // Tails-specific
-user_pref("extensions.torbutton.control_port", 9051);
+pref("extensions.torbutton.lastUpdateCheck", "9999999999.999");
+pref("extensions.torbutton.test_enabled", false); // Tails-specific
+pref("extensions.torbutton.control_port", 9051);

 // These must be set to the same value to prevent Torbutton from
 // flashing its upgrade notification.
-user_pref("extensions.torbutton.lastBrowserVersion", "Tails");
-user_pref("torbrowser.version", "Tails");
+pref("extensions.torbutton.lastBrowserVersion", "Tails");
+pref("torbrowser.version", "Tails");

 // Other Tails-specific NoScript preferences
-user_pref("noscript.untrusted", "google-analytics.com");
+pref("noscript.untrusted", "google-analytics.com");

 // Other non-Torbutton, Tails-specific prefs
-user_pref("browser.download.dir", "/home/amnesia/Tor Browser");
-user_pref("dom.input.fallbackUploadDir", "/home/amnesia/Tor Browser");
-user_pref("print.print_to_filename", "/home/amnesia/Tor Browser/output.pdf");
-user_pref("browser.download.folderList", 2);
-user_pref("browser.download.manager.closeWhenDone", true);
-user_pref("extensions.update.enabled", false);
-user_pref("layout.spellcheckDefault", 0);
-user_pref("network.dns.disableIPv6", true);
-user_pref("security.warn_submit_insecure", true);
+pref("browser.download.dir", "/home/amnesia/Tor Browser");
+pref("dom.input.fallbackUploadDir", "/home/amnesia/Tor Browser");
+pref("print.print_to_filename", "/home/amnesia/Tor Browser/output.pdf");
+pref("browser.download.folderList", 2);
+pref("browser.download.manager.closeWhenDone", true);
+pref("extensions.update.enabled", false);
+pref("layout.spellcheckDefault", 0);
+pref("network.dns.disableIPv6", true);
+pref("security.warn_submit_insecure", true);

 // Without setting this, the Download Management page will not update
 // the progress being made.
-user_pref("browser.download.panel.shown", true);
+pref("browser.download.panel.shown", true);

 // Given our AppArmor sandboxing, Tor Browser will not be allowed to
 // open external applications, so let's not offer the option to the user,
 // and instead only propose them to save downloaded files.
-user_pref("browser.download.forbid_open_with", true);
+pref("browser.download.forbid_open_with", true);
--- a/wiki/src/contribute/design.mdwn
+++ b/wiki/src/contribute/design.mdwn
@@ -991,6 +991,7 @@ We only modify this Tor Browser installation slightly:
 The default profile is split from the binaries and application data:

 - [[!tails_gitweb_dir config/chroot_local-includes/etc/tor-browser]]
+- [[!tails_gitweb config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]

 As for extensions we have the following differences:

@@ -1032,7 +1033,7 @@ the Internet:

 The remaining configuration differences can be found in:

- [[!tails_gitweb_dir config/chroot_local-includes/etc/tor-browser/user.js]]
+- [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]
 - [[!tails_gitweb config/chroot_local-hooks/14-generate-tor-browser-profile]]
 - [[!tails_gitweb config/chroot_local-hooks/15-symlink-places.sqlite]]


--- a/wiki/src/contribute/design/application_isolation.mdwn
+++ b/wiki/src/contribute/design/application_isolation.mdwn
@@ -161,7 +161,7 @@ So, in a nutshell we give Tor Browser access to:

 * `~/Tor Browser/`, which is amnesiac, as everything else in Tails by
  default; this is set to be the default download directory
-  ([[!tails_gitweb config/chroot_local-includes/etc/tor-browser/profile/user.js]]);
+  ([[!tails_gitweb config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]);
 * `~/Persistent/Tor Browser/`, that is persistent, and only created
  when `~/Persistent/` is itself persistent and read-write.


--- a/wiki/src/contribute/design/stream_isolation.mdwn
+++ b/wiki/src/contribute/design/stream_isolation.mdwn
@@ -79,7 +79,7 @@ in [[!tails_gitweb config/chroot_local-includes/etc/tor/torrc]]:

 Applications are configured to use the right SOCKS port:

- [[!tails_gitweb config/chroot_local-includes/etc/tor-browser/profile/user.js]]
+- [[!tails_gitweb config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]
 - [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/htpdate.service]]
 - [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-security-check]]
 - [[!tails_gitweb config/chroot_local-includes/usr/local/bin/thunderbird]]