summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2016-02-11 14:19:38 +0000
committerintrigeri <intrigeri@boum.org>2016-02-11 14:19:38 +0000
commit525d469b5b286ba43844fb8d69f7dc4150e36cb1 (patch)
tree9d45ed5c2df78fd413f30fdb17c95af35d1820ef
parentd2f6fe03253eb90ce2326ee2d25ffc000082daf9 (diff)
parentf8b7ba35fe3a844c1cdd7104246aec9f30e14929 (diff)
Merge remote-tracking branch 'origin/bugfix/9896-abstract-chroot-browser-configs' into devel
Fix-committed: #9896
-rw-r--r--config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh10
-rw-r--r--config/chroot_local-includes/usr/share/tails/chroot-browsers/common/prefs.js (renamed from config/chroot_local-includes/usr/share/tails/unsafe-browser/prefs.js)32
-rw-r--r--config/chroot_local-includes/usr/share/tails/chroot-browsers/common/userChrome.css (renamed from config/chroot_local-includes/usr/share/tails/unsafe-browser/userChrome.css)18
-rw-r--r--config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/prefs.js (renamed from config/chroot_local-includes/usr/share/tails/i2p-browser/prefs.js)14
-rw-r--r--config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/theme.js (renamed from config/chroot_local-includes/usr/share/tails/i2p-browser/theme.js)0
-rw-r--r--config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/userChrome.css (renamed from config/chroot_local-includes/usr/share/tails/i2p-browser/userChrome.css)48
-rw-r--r--config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js18
-rw-r--r--config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/theme.js (renamed from config/chroot_local-includes/usr/share/tails/unsafe-browser/theme.js)0
-rw-r--r--config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/userChrome.css1
-rw-r--r--features/step_definitions/unsafe_browser.rb4
-rw-r--r--wiki/src/contribute/design/I2P_Browser.mdwn2
-rw-r--r--wiki/src/contribute/design/Unsafe_Browser.mdwn2
12 files changed, 52 insertions, 97 deletions
diff --git a/config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh b/config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh
index a9eb872..3d3a515 100644
--- a/config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh
@@ -132,8 +132,10 @@ configure_chroot_browser_profile () {
# Set preferences
local browser_prefs="${browser_profile}/preferences/prefs.js"
+ local chroot_browser_config="/usr/share/tails/chroot-browsers"
mkdir -p "$(dirname "${browser_prefs}")"
- cp "/usr/share/tails/${browser_name}/prefs.js" "${browser_prefs}"
+ cat "${chroot_browser_config}/common/prefs.js" \
+ "${chroot_browser_config}/${browser_name}/prefs.js" > "${browser_prefs}"
# Set browser home page to something that explains what's going on
if [ -n "${home_page}" ]; then
@@ -145,12 +147,14 @@ configure_chroot_browser_profile () {
rm "${chroot}/${TBB_PROFILE}/bookmarks.html"
# Set an appropriate theme
- cat "/usr/share/tails/${browser_name}/theme.js" >> "${browser_prefs}"
+ cat "${chroot_browser_config}/${browser_name}/theme.js" >> "${browser_prefs}"
# Customize the GUI.
local browser_chrome="${browser_profile}/chrome/userChrome.css"
mkdir -p "$(dirname "${browser_chrome}")"
- cat "/usr/share/tails/${browser_name}/userChrome.css" >> "${browser_chrome}"
+ cat "${chroot_browser_config}/common/userChrome.css" \
+ "${chroot_browser_config}/${browser_name}/userChrome.css" >> \
+ "${browser_chrome}"
set_chroot_browser_permissions "${chroot}" "${browser_name}" "${browser_user}"
}
diff --git a/config/chroot_local-includes/usr/share/tails/unsafe-browser/prefs.js b/config/chroot_local-includes/usr/share/tails/chroot-browsers/common/prefs.js
index 364812d..606e9d5 100644
--- a/config/chroot_local-includes/usr/share/tails/unsafe-browser/prefs.js
+++ b/config/chroot_local-includes/usr/share/tails/chroot-browsers/common/prefs.js
@@ -1,38 +1,20 @@
-// Disable proxying in the chroot
-pref("network.proxy.type", 0);
-pref("network.proxy.socks_remote_dns", false);
-
// Disable update checking
pref("app.update.enabled", false);
pref("extensions.update.enabled", false);
-/* Prevent File -> Print or CTRL+P from causing the browser to hang
- for several minutes while trying to communicate with CUPS, since
- access to port 631 isn't allowed through. */
-pref("print.postscript.cups.enabled", false);
-// Hide "Get Addons" in Add-ons manager
-pref("extensions.getAddons.showPane", false);
-
-/* Google seems like the least suspicious choice of default search
- engine for the Unsafe Browser's in-the-clear traffic. */
-user_pref("browser.search.defaultenginename", "Google");
-user_pref("browser.search.selectedEngine", "Google");
-
// Disable fetching of the new tab page's Tiles links/ads. Ads are
// generally unwanted, and also the fetching is a "phone home" type of
// feature that generates traffic at least the first time the browser
-// is started.
+// is started. It won't work in e.g. the I2P Browser, too.
pref("browser.newtabpage.directory.source", "");
pref("browser.newtabpage.directory.ping", "");
// ... and disable the explanation shown the first time
pref("browser.newtabpage.introShown", true);
-// Don't use geographically specific search prefs, like
-// browser.search.*.US for US locales. Our generated amnesia branding
-// add-on localizes search-engines in an incompatible but equivalent
-// way.
-pref("browser.search.geoSpecificDefaults", false);
+/* Prevent File -> Print or CTRL+P from causing the browser to hang
+ for several minutes while trying to communicate with CUPS, since
+ access to port 631 isn't allowed through. */
+pref("print.postscript.cups.enabled", false);
-// Without setting this, the Download Management page will not update
-// the progress being made.
-pref("browser.download.panel.shown", true);
+// Hide "Get Addons" in Add-ons manager
+pref("extensions.getAddons.showPane", false);
diff --git a/config/chroot_local-includes/usr/share/tails/unsafe-browser/userChrome.css b/config/chroot_local-includes/usr/share/tails/chroot-browsers/common/userChrome.css
index 2b0c041..02176ab 100644
--- a/config/chroot_local-includes/usr/share/tails/unsafe-browser/userChrome.css
+++ b/config/chroot_local-includes/usr/share/tails/chroot-browsers/common/userChrome.css
@@ -1,10 +1,7 @@
-/* Required, do not remove */
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
-/* Hide Firefox Sync options. Sync hasn't been audited by the
- Tor Browser developers yet (Tor bug #10368), and it doesn't seem to
- work any way (Tor bug #13279). Weak passwords would be a pretty
- serious issue too. */
+/* Hide Firefox Sync options. It will not work with the I2P Browser
+ and will only promote unsupported use cases for the Unsafe Browser. */
#BrowserPreferences radio[pane="paneSync"],
#sync-button,
#sync-menu-button,
@@ -18,20 +15,23 @@
Tools -> Add-ons link to the Add-ons manager. We do not want to
encourage installing such things as it's not part of the supported
use-cases and may have privacy issues. Also they will not persist a
- restart, which is just confusing. */
+ restart, which is just confusing. In the I2P Browser, many of these
+ features will not work any way. */
#menu_openApps,
#menu_openAddons, /* traditional menu */
#add-ons-button, /* new style Firefox menu */
#wrapper-add-ons-button, /* Customize toolbar */
/* Hide the "Share this page" button in the Tool bar, which encourages
- the use of social (= tracking) networks. Note that this one likely
- will be removed upstream in the final Tor Browser 5.0 release. */
+ the use of social (= tracking) networks. These will not work in the
+ I2P browser any way. */
#social-share-button,
-/* Hide TorBrowser Health Report and its configuration option */
+/* Hide the Health Report and its configuration option. It's just a
+ blank page, for some reason. */
#appmenu_healthReport,
#dataChoicesTab,
#healthReport
+/* Do the actual hiding. */
{display: none !important}
diff --git a/config/chroot_local-includes/usr/share/tails/i2p-browser/prefs.js b/config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/prefs.js
index 8b080d2..3db72d1 100644
--- a/config/chroot_local-includes/usr/share/tails/i2p-browser/prefs.js
+++ b/config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/prefs.js
@@ -7,21 +7,9 @@ pref("network.proxy.http_port", 4444);
pref("network.proxy.no_proxies_on", "127.0.0.1");
pref("network.proxy.ssl", "127.0.0.1");
pref("network.proxy.ssl_port", 4444);
+
// Disable searching from the URL bar
pref("keyword.enabled", false);
-// Hide "Get Addons" in Add-ons manager
-pref("extensions.getAddons.showPane", false);
-/* Prevent File -> Print or CTRL+P from causing the browser to hang
- for several minutes while trying to communicate with CUPS, since
- access to port 631 isn't allowed through. */
-pref("print.postscript.cups.enabled", false);
-
-// Disable fetching of the new tab page's Tiles links/ads. It will not
-// work in the I2P Browser.
-pref("browser.newtabpage.directory.source", "");
-pref("browser.newtabpage.directory.ping", "");
-// ... and disable the explanation shown the first time
-pref("browser.newtabpage.introShown", true);
// Without setting this, the Download Management page will not update
// the progress being made.
diff --git a/config/chroot_local-includes/usr/share/tails/i2p-browser/theme.js b/config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/theme.js
index 3d79365..3d79365 100644
--- a/config/chroot_local-includes/usr/share/tails/i2p-browser/theme.js
+++ b/config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/theme.js
diff --git a/config/chroot_local-includes/usr/share/tails/i2p-browser/userChrome.css b/config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/userChrome.css
index 1fac475..e083af9 100644
--- a/config/chroot_local-includes/usr/share/tails/i2p-browser/userChrome.css
+++ b/config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/userChrome.css
@@ -1,4 +1,3 @@
-/* Required, do not remove */
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
/* Hide access to the bookmarks to try to prevent "data loss" due to users
@@ -24,17 +23,6 @@
#wrapper-history-button,
#wrapper-bookmarks-button,
-/* Hide the Tools -> Apps link to the Firefox Marketplace, and
- Tools -> Add-ons link to the Add-ons manager. We do not want to
- encourage installing such things as it's not part of the supported
- use-cases and may have privacy issues. Also they will not persist a
- restart, which is just confusing. In the I2P Browser, many of these
- features will not work any way. */
-#menu_openApps,
-#menu_openAddons, /* traditional menu */
-#add-ons-button, /* new style Firefox menu */
-#wrapper-add-ons-button, /* Customize toolbar */
-
/* Hide the sidebar menu (underneath View) since the default sidebars consist
* of history and bookmarks. Also disable the bookmark toolbar.
*/
@@ -66,27 +54,6 @@ menuitem[command="Browser:SendLink"],
[command="cmd_print"],
*/
-/* Hide the sync functionality which won't work with I2P */
-#BrowserPreferences radio[pane="paneSync"],
-#sync-button,
-#sync-menu-button,
-#sync-setup,
-#sync-setup-appmenu,
-#sync-status-button,
-#sync-syncnowitem-appmenu,
-#wrapper-sync-button,
-
-/* Hide the "Share this page" button in the Tool bar, which encourages
- the use of social (= tracking) networks. These will not work in the
- I2P browser any way. Note that this one likely will be removed
- upstream in the final Tor Browser 5.0 release. */
-#social-share-button,
-
-/* Hide the "Keyboard shortcuts" and "Tour" options from
-from the Help menu */
-#menu_keyboardShortcuts,
-#menu_openTour,
-
/* Without I2P search engines defined, the search bar is useless.
* Since there are no I2P search engines added to Tails (yet),
* let's hide it and the Update Pane in Firefox's Preferences.
@@ -94,9 +61,9 @@ from the Help menu */
#search-container,
#updateTab,
-/* Hide options in the Help menu that lead to disallowed resources on the
- * Internet.
- */
+/* Hide options that lead to resources inaccessible over I2P */
+#menu_keyboardShortcuts,
+#menu_openTour,
#appmenu_feedbackPage,
#appmenu_gettingStarted,
#appmenu_openHelp,
@@ -107,12 +74,7 @@ from the Help menu */
/* Hide the TorButton button from the toolbar */
#torbutton-button,
-#wrapper-torbutton-button,
-
-/* Hide TorBrowser Health Report and its configuration option */
-#appmenu_healthReport,
-#dataChoicesTab,
-#healthReport
+#wrapper-torbutton-button
-/* Now the actual hiding */
+/* Do the actual hiding. */
{display: none !important}
diff --git a/config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js b/config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js
new file mode 100644
index 0000000..8062867
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js
@@ -0,0 +1,18 @@
+// Disable proxying in the chroot
+pref("network.proxy.type", 0);
+pref("network.proxy.socks_remote_dns", false);
+
+/* Google seems like the least suspicious choice of default search
+ engine for the Unsafe Browser's in-the-clear traffic. */
+user_pref("browser.search.defaultenginename", "Google");
+user_pref("browser.search.selectedEngine", "Google");
+
+// Don't use geographically specific search prefs, like
+// browser.search.*.US for US locales. Our generated amnesia branding
+// add-on localizes search-engines in an incompatible but equivalent
+// way.
+pref("browser.search.geoSpecificDefaults", false);
+
+// Without setting this, the Download Management page will not update
+// the progress being made.
+pref("browser.download.panel.shown", true);
diff --git a/config/chroot_local-includes/usr/share/tails/unsafe-browser/theme.js b/config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/theme.js
index 717c3b1..717c3b1 100644
--- a/config/chroot_local-includes/usr/share/tails/unsafe-browser/theme.js
+++ b/config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/theme.js
diff --git a/config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/userChrome.css b/config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/userChrome.css
new file mode 100644
index 0000000..e4d1062
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/tails/chroot-browsers/unsafe-browser/userChrome.css
@@ -0,0 +1 @@
+@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
diff --git a/features/step_definitions/unsafe_browser.rb b/features/step_definitions/unsafe_browser.rb
index 12f1b81..447a100 100644
--- a/features/step_definitions/unsafe_browser.rb
+++ b/features/step_definitions/unsafe_browser.rb
@@ -166,14 +166,14 @@ Then /^the Unsafe Browser complains that no DNS server is configured$/ do
end
Then /^I configure the Unsafe Browser to check for updates more frequently$/ do
- prefs = '/usr/share/tails/unsafe-browser/prefs.js'
+ prefs = '/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js'
$vm.file_append(prefs, 'pref("app.update.idletime", 1);')
$vm.file_append(prefs, 'pref("app.update.promptWaitTime", 1);')
$vm.file_append(prefs, 'pref("app.update.interval", 5);')
end
But /^checking for updates is disabled in the Unsafe Browser's configuration$/ do
- prefs = '/usr/share/tails/unsafe-browser/prefs.js'
+ prefs = '/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js'
assert($vm.file_content(prefs).include?('pref("app.update.enabled", false)'))
end
diff --git a/wiki/src/contribute/design/I2P_Browser.mdwn b/wiki/src/contribute/design/I2P_Browser.mdwn
index 55db06f..033d743 100644
--- a/wiki/src/contribute/design/I2P_Browser.mdwn
+++ b/wiki/src/contribute/design/I2P_Browser.mdwn
@@ -55,4 +55,4 @@ Code
* [[!tails_gitweb config/chroot_local-includes/usr/local/lib/tails-shell-library/i2p.sh]]
* [[!tails_gitweb config/chroot_local-includes/usr/share/applications/i2p.desktop.in]]
* [[!tails_gitweb config/chroot_local-includes/lib/live/config/2080-install-i2p]]
-* [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/i2p-browser]]
+* [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/chroot-browsers/]]
diff --git a/wiki/src/contribute/design/Unsafe_Browser.mdwn b/wiki/src/contribute/design/Unsafe_Browser.mdwn
index e623da6..fc10305 100644
--- a/wiki/src/contribute/design/Unsafe_Browser.mdwn
+++ b/wiki/src/contribute/design/Unsafe_Browser.mdwn
@@ -83,4 +83,4 @@ Code
* [[!tails_gitweb config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh]]
* [[!tails_gitweb config/chroot_local-includes/usr/share/applications/unsafe-browser.desktop.in]]
* [[!tails_gitweb config/chroot_local-includes/etc/sudoers.d/zzz_unsafe-browser]]
-* [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/unsafe-browser]]
+* [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/chroot-browsers/]]