summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2018-07-03 12:42:05 +0000
committerintrigeri <intrigeri@boum.org>2018-07-03 15:54:00 +0000
commitb52a55962e0077c485e21a5afc5e7762fd035617 (patch)
tree2818369b5cdbfae1b11351083c03d011a867a145
parentcbeee47aa601b916bd0cdb51a66f0e29f155d401 (diff)
Bundle our custom prefs into the Tor Browser's omni.ja (refs: #15023)
Shipping them in user.js has a few downsides: - They override whatever is in prefs.js so basically prefs in user.js are locked: any modification done in about:config will be reverted next time Tor Browser starts, which can be a PITA when developing Tails. - In about:config, all these prefs are listed as modified by the user, which feels wrong. - It makes it harder for derivatives to implement things properly.
-rwxr-xr-xconfig/chroot_local-hooks/10-tbb3
-rw-r--r--config/chroot_local-includes/etc/tor-browser/profile/user.js50
-rw-r--r--config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js50
-rw-r--r--wiki/src/contribute/design.mdwn3
-rw-r--r--wiki/src/contribute/design/application_isolation.mdwn2
-rw-r--r--wiki/src/contribute/design/stream_isolation.mdwn2
6 files changed, 57 insertions, 53 deletions
diff --git a/config/chroot_local-hooks/10-tbb b/config/chroot_local-hooks/10-tbb
index fcc2ef5..df2f926 100755
--- a/config/chroot_local-hooks/10-tbb
+++ b/config/chroot_local-hooks/10-tbb
@@ -216,6 +216,9 @@ apply_prefs_hacks() {
perl -pi -E \
's/^(pref\("browser.uiCustomization.state",.*\\"loop-button\\")/$1,\\"stop-reload-button\\"/' \
defaults/preferences/000-tor-browser.js
+ # Append our custom prefs
+ cat /usr/share/tails/tor-browser-prefs.js \
+ >> defaults/preferences/000-tor-browser.js
touch --date="@${tbb_timestamp}" defaults/preferences/000-tor-browser.js
rm "${tbb_install}/browser/omni.ja"
7z a -mtc=off -tzip "${tbb_install}/browser/omni.ja" *
diff --git a/config/chroot_local-includes/etc/tor-browser/profile/user.js b/config/chroot_local-includes/etc/tor-browser/profile/user.js
deleted file mode 100644
index 2b6d9db..0000000
--- a/config/chroot_local-includes/etc/tor-browser/profile/user.js
+++ /dev/null
@@ -1,50 +0,0 @@
-// As suggested in TBB's start-tor-browser script for system-wide Tor
-// instances
-user_pref("network.security.ports.banned", "631,6136,4444,4445,6668,7656,7657,7658,7659,7660,8998,9040,9050,9062,9150,9051");
-user_pref("extensions.torbutton.launch_warning", false);
-
-// Tails-specific configuration below
-
-// Since the slider notification will be shown everytime at each Tails
-// boot, which is bad (nagging) UX, we disable it.
-user_pref("extensions.torbutton.show_slider_notification", false);
-
-// Disable the Tor Browser's automatic update checking
-user_pref("app.update.enabled", false);
-
-// Suppress prompt and always spoof useragent as English
-user_pref("extensions.torbutton.spoof_english", true);
-user_pref("extensions.torbutton.prompted_language", true);
-
-// Tails-specific Torbutton preferences
-user_pref("extensions.torbutton.lastUpdateCheck", "9999999999.999");
-user_pref("extensions.torbutton.test_enabled", false); // Tails-specific
-user_pref("extensions.torbutton.control_port", 9051);
-
-// These must be set to the same value to prevent Torbutton from
-// flashing its upgrade notification.
-user_pref("extensions.torbutton.lastBrowserVersion", "Tails");
-user_pref("torbrowser.version", "Tails");
-
-// Other Tails-specific NoScript preferences
-user_pref("noscript.untrusted", "google-analytics.com");
-
-// Other non-Torbutton, Tails-specific prefs
-user_pref("browser.download.dir", "/home/amnesia/Tor Browser");
-user_pref("dom.input.fallbackUploadDir", "/home/amnesia/Tor Browser");
-user_pref("print.print_to_filename", "/home/amnesia/Tor Browser/output.pdf");
-user_pref("browser.download.folderList", 2);
-user_pref("browser.download.manager.closeWhenDone", true);
-user_pref("extensions.update.enabled", false);
-user_pref("layout.spellcheckDefault", 0);
-user_pref("network.dns.disableIPv6", true);
-user_pref("security.warn_submit_insecure", true);
-
-// Without setting this, the Download Management page will not update
-// the progress being made.
-user_pref("browser.download.panel.shown", true);
-
-// Given our AppArmor sandboxing, Tor Browser will not be allowed to
-// open external applications, so let's not offer the option to the user,
-// and instead only propose them to save downloaded files.
-user_pref("browser.download.forbid_open_with", true);
diff --git a/config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js b/config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js
new file mode 100644
index 0000000..96a305f
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js
@@ -0,0 +1,50 @@
+// As suggested in TBB's start-tor-browser script for system-wide Tor
+// instances
+pref("network.security.ports.banned", "631,6136,4444,4445,6668,7656,7657,7658,7659,7660,8998,9040,9050,9062,9150,9051");
+pref("extensions.torbutton.launch_warning", false);
+
+// Tails-specific configuration below
+
+// Since the slider notification will be shown everytime at each Tails
+// boot, which is bad (nagging) UX, we disable it.
+pref("extensions.torbutton.show_slider_notification", false);
+
+// Disable the Tor Browser's automatic update checking
+pref("app.update.enabled", false);
+
+// Suppress prompt and always spoof useragent as English
+pref("extensions.torbutton.spoof_english", true);
+pref("extensions.torbutton.prompted_language", true);
+
+// Tails-specific Torbutton preferences
+pref("extensions.torbutton.lastUpdateCheck", "9999999999.999");
+pref("extensions.torbutton.test_enabled", false); // Tails-specific
+pref("extensions.torbutton.control_port", 9051);
+
+// These must be set to the same value to prevent Torbutton from
+// flashing its upgrade notification.
+pref("extensions.torbutton.lastBrowserVersion", "Tails");
+pref("torbrowser.version", "Tails");
+
+// Other Tails-specific NoScript preferences
+pref("noscript.untrusted", "google-analytics.com");
+
+// Other non-Torbutton, Tails-specific prefs
+pref("browser.download.dir", "/home/amnesia/Tor Browser");
+pref("dom.input.fallbackUploadDir", "/home/amnesia/Tor Browser");
+pref("print.print_to_filename", "/home/amnesia/Tor Browser/output.pdf");
+pref("browser.download.folderList", 2);
+pref("browser.download.manager.closeWhenDone", true);
+pref("extensions.update.enabled", false);
+pref("layout.spellcheckDefault", 0);
+pref("network.dns.disableIPv6", true);
+pref("security.warn_submit_insecure", true);
+
+// Without setting this, the Download Management page will not update
+// the progress being made.
+pref("browser.download.panel.shown", true);
+
+// Given our AppArmor sandboxing, Tor Browser will not be allowed to
+// open external applications, so let's not offer the option to the user,
+// and instead only propose them to save downloaded files.
+pref("browser.download.forbid_open_with", true);
diff --git a/wiki/src/contribute/design.mdwn b/wiki/src/contribute/design.mdwn
index 06ed451..3e4b4f7 100644
--- a/wiki/src/contribute/design.mdwn
+++ b/wiki/src/contribute/design.mdwn
@@ -991,6 +991,7 @@ We only modify this Tor Browser installation slightly:
The default profile is split from the binaries and application data:
- [[!tails_gitweb_dir config/chroot_local-includes/etc/tor-browser]]
+- [[!tails_gitweb config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]
As for extensions we have the following differences:
@@ -1032,7 +1033,7 @@ the Internet:
The remaining configuration differences can be found in:
-- [[!tails_gitweb_dir config/chroot_local-includes/etc/tor-browser/user.js]]
+- [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]
- [[!tails_gitweb config/chroot_local-hooks/14-generate-tor-browser-profile]]
- [[!tails_gitweb config/chroot_local-hooks/15-symlink-places.sqlite]]
diff --git a/wiki/src/contribute/design/application_isolation.mdwn b/wiki/src/contribute/design/application_isolation.mdwn
index 3f71872..dc4b8d4 100644
--- a/wiki/src/contribute/design/application_isolation.mdwn
+++ b/wiki/src/contribute/design/application_isolation.mdwn
@@ -161,7 +161,7 @@ So, in a nutshell we give Tor Browser access to:
* `~/Tor Browser/`, which is amnesiac, as everything else in Tails by
default; this is set to be the default download directory
- ([[!tails_gitweb config/chroot_local-includes/etc/tor-browser/profile/user.js]]);
+ ([[!tails_gitweb config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]);
* `~/Persistent/Tor Browser/`, that is persistent, and only created
when `~/Persistent/` is itself persistent and read-write.
diff --git a/wiki/src/contribute/design/stream_isolation.mdwn b/wiki/src/contribute/design/stream_isolation.mdwn
index 53895ce..50b0764 100644
--- a/wiki/src/contribute/design/stream_isolation.mdwn
+++ b/wiki/src/contribute/design/stream_isolation.mdwn
@@ -79,7 +79,7 @@ in [[!tails_gitweb config/chroot_local-includes/etc/tor/torrc]]:
Applications are configured to use the right SOCKS port:
-- [[!tails_gitweb config/chroot_local-includes/etc/tor-browser/profile/user.js]]
+- [[!tails_gitweb config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]
- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/htpdate.service]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-security-check]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/thunderbird]]