Commit b52a5596 authored by intrigeri's avatar intrigeri

Bundle our custom prefs into the Tor Browser's omni.ja (refs: #15023)

Shipping them in user.js has a few downsides:

 - They override whatever is in prefs.js so basically prefs in user.js are
   locked:  any modification done in about:config will be reverted next time Tor
   Browser starts, which can be a PITA when developing Tails.

 - In about:config, all these prefs are listed as modified by the user,
   which feels wrong.

 - It makes it harder for derivatives to implement things properly.
parent cbeee47a
......@@ -216,6 +216,9 @@ apply_prefs_hacks() {
perl -pi -E \
's/^(pref\("browser.uiCustomization.state",.*\\"loop-button\\")/$1,\\"stop-reload-button\\"/' \
defaults/preferences/000-tor-browser.js
# Append our custom prefs
cat /usr/share/tails/tor-browser-prefs.js \
>> defaults/preferences/000-tor-browser.js
touch --date="@${tbb_timestamp}" defaults/preferences/000-tor-browser.js
rm "${tbb_install}/browser/omni.ja"
7z a -mtc=off -tzip "${tbb_install}/browser/omni.ja" *
......
// As suggested in TBB's start-tor-browser script for system-wide Tor
// instances
user_pref("network.security.ports.banned", "631,6136,4444,4445,6668,7656,7657,7658,7659,7660,8998,9040,9050,9062,9150,9051");
user_pref("extensions.torbutton.launch_warning", false);
pref("network.security.ports.banned", "631,6136,4444,4445,6668,7656,7657,7658,7659,7660,8998,9040,9050,9062,9150,9051");
pref("extensions.torbutton.launch_warning", false);
// Tails-specific configuration below
// Since the slider notification will be shown everytime at each Tails
// boot, which is bad (nagging) UX, we disable it.
user_pref("extensions.torbutton.show_slider_notification", false);
pref("extensions.torbutton.show_slider_notification", false);
// Disable the Tor Browser's automatic update checking
user_pref("app.update.enabled", false);
pref("app.update.enabled", false);
// Suppress prompt and always spoof useragent as English
user_pref("extensions.torbutton.spoof_english", true);
user_pref("extensions.torbutton.prompted_language", true);
pref("extensions.torbutton.spoof_english", true);
pref("extensions.torbutton.prompted_language", true);
// Tails-specific Torbutton preferences
user_pref("extensions.torbutton.lastUpdateCheck", "9999999999.999");
user_pref("extensions.torbutton.test_enabled", false); // Tails-specific
user_pref("extensions.torbutton.control_port", 9051);
pref("extensions.torbutton.lastUpdateCheck", "9999999999.999");
pref("extensions.torbutton.test_enabled", false); // Tails-specific
pref("extensions.torbutton.control_port", 9051);
// These must be set to the same value to prevent Torbutton from
// flashing its upgrade notification.
user_pref("extensions.torbutton.lastBrowserVersion", "Tails");
user_pref("torbrowser.version", "Tails");
pref("extensions.torbutton.lastBrowserVersion", "Tails");
pref("torbrowser.version", "Tails");
// Other Tails-specific NoScript preferences
user_pref("noscript.untrusted", "google-analytics.com");
pref("noscript.untrusted", "google-analytics.com");
// Other non-Torbutton, Tails-specific prefs
user_pref("browser.download.dir", "/home/amnesia/Tor Browser");
user_pref("dom.input.fallbackUploadDir", "/home/amnesia/Tor Browser");
user_pref("print.print_to_filename", "/home/amnesia/Tor Browser/output.pdf");
user_pref("browser.download.folderList", 2);
user_pref("browser.download.manager.closeWhenDone", true);
user_pref("extensions.update.enabled", false);
user_pref("layout.spellcheckDefault", 0);
user_pref("network.dns.disableIPv6", true);
user_pref("security.warn_submit_insecure", true);
pref("browser.download.dir", "/home/amnesia/Tor Browser");
pref("dom.input.fallbackUploadDir", "/home/amnesia/Tor Browser");
pref("print.print_to_filename", "/home/amnesia/Tor Browser/output.pdf");
pref("browser.download.folderList", 2);
pref("browser.download.manager.closeWhenDone", true);
pref("extensions.update.enabled", false);
pref("layout.spellcheckDefault", 0);
pref("network.dns.disableIPv6", true);
pref("security.warn_submit_insecure", true);
// Without setting this, the Download Management page will not update
// the progress being made.
user_pref("browser.download.panel.shown", true);
pref("browser.download.panel.shown", true);
// Given our AppArmor sandboxing, Tor Browser will not be allowed to
// open external applications, so let's not offer the option to the user,
// and instead only propose them to save downloaded files.
user_pref("browser.download.forbid_open_with", true);
pref("browser.download.forbid_open_with", true);
......@@ -991,6 +991,7 @@ We only modify this Tor Browser installation slightly:
The default profile is split from the binaries and application data:
- [[!tails_gitweb_dir config/chroot_local-includes/etc/tor-browser]]
- [[!tails_gitweb config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]
As for extensions we have the following differences:
......@@ -1032,7 +1033,7 @@ the Internet:
The remaining configuration differences can be found in:
- [[!tails_gitweb_dir config/chroot_local-includes/etc/tor-browser/user.js]]
- [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]
- [[!tails_gitweb config/chroot_local-hooks/14-generate-tor-browser-profile]]
- [[!tails_gitweb config/chroot_local-hooks/15-symlink-places.sqlite]]
......
......@@ -161,7 +161,7 @@ So, in a nutshell we give Tor Browser access to:
* `~/Tor Browser/`, which is amnesiac, as everything else in Tails by
default; this is set to be the default download directory
([[!tails_gitweb config/chroot_local-includes/etc/tor-browser/profile/user.js]]);
([[!tails_gitweb config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]);
* `~/Persistent/Tor Browser/`, that is persistent, and only created
when `~/Persistent/` is itself persistent and read-write.
......
......@@ -79,7 +79,7 @@ in [[!tails_gitweb config/chroot_local-includes/etc/tor/torrc]]:
Applications are configured to use the right SOCKS port:
- [[!tails_gitweb config/chroot_local-includes/etc/tor-browser/profile/user.js]]
- [[!tails_gitweb config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]
- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/htpdate.service]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-security-check]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/thunderbird]]
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment