diff --git a/.gitignore b/.gitignore index 056acc3..586bb29 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ /tor-browser /bootstrap.py /mozconfig +/dist /tmp.nsi /tmp-permissive.nsi /tmp-strict.nsi diff --git a/artifacts_all.sh b/artifacts_all.sh index 098e2aa..352ea92 100644 --- a/artifacts_all.sh +++ b/artifacts_all.sh @@ -20,45 +20,34 @@ cp -rv settings/* librewolf # rename the executable manually pushd librewolf ; mv -v firefox$exe librewolf$exe ; popd # clean garbage files -cd librewolf ; rm -rf maintenanceservice* pingsender* firefox.*.xml precomplete removed-files ; cd .. - -# windows: copy the windows icon +cd librewolf ; rm -rf maintenanceservice* pingsender* firefox.*.xml precomplete removed-files uninstall ; cd .. +# copy the windows icon cp -v common/source_files/browser/branding/librewolf/firefox.ico librewolf/librewolf.ico # create the final zip/exe artifacts -if [ -z $strict ]; then - rm -f librewolf-$pkgver.en-US.$ospkg.zip - zip -qr9 librewolf-$pkgver.en-US.$ospkg.zip librewolf - if [ $? -ne 0 ]; then exit 1; fi - - # now to try to make the installer - rm -f librewolf-$pkgver.en-US.win64-setup.exe tmp.nsi - sed "s/pkg_version/$pkgver/g" < artifacts_win.nsi > tmp.nsi - makensis-3.01.exe -V1 tmp.nsi - if [ $? -ne 0 ]; then exit 1; fi +if [ ! -z $permissive ]; then # patch to permissive config - if [ ! -z $permissive ]; then - pushd librewolf - echo "Applying permissive patches..." - cp -v ../settings/librewolf.cfg . && cp -v ../settings/distribution/policies.json distribution - patch -p1 -i ../patches/permissive/librewolf-config.patch - patch -p1 -i ../patches/permissive/librewolf-policies.patch - popd - - # create the final zip artifact - rm -f librewolf-$pkgver.en-US.$ospkg-permissive.zip - zip -qr9 librewolf-$pkgver.en-US.$ospkg-permissive.zip librewolf - if [ $? -ne 0 ]; then exit 1; fi - - # now to try to make the installer - rm -f librewolf-$pkgver.en-US.win64-permissive-setup.exe tmp-permissive.nsi - sed "s/win64-setup/win64-permissive-setup/g" < tmp.nsi > tmp-permissive.nsi - makensis-3.01.exe -V1 tmp-permissive.nsi - if [ $? -ne 0 ]; then exit 1; fi - fi + pushd librewolf + echo "Applying permissive patches..." + cp -v ../settings/librewolf.cfg . && cp -v ../settings/distribution/policies.json distribution + patch -p1 -i ../patches/permissive/librewolf-config.patch + patch -p1 -i ../patches/permissive/librewolf-policies.patch + popd -else + # create the final zip artifact + rm -f librewolf-$pkgver.en-US.$ospkg-permissive.zip + zip -qr9 librewolf-$pkgver.en-US.$ospkg-permissive.zip librewolf + if [ $? -ne 0 ]; then exit 1; fi + + # now to try to make the installer + rm -f librewolf-$pkgver.en-US.win64-permissive-setup.exe tmp.nsi tmp-permissive.nsi + sed "s/pkg_version/$pkgver/g" < artifacts_win.nsi > tmp.nsi + sed "s/win64-setup/win64-permissive-setup/g" < tmp.nsi > tmp-permissive.nsi + makensis-3.01.exe -V1 tmp-permissive.nsi + if [ $? -ne 0 ]; then exit 1; fi + +elif [ ! -z $strict ]; then # patch to strict config pushd librewolf @@ -74,12 +63,24 @@ else if [ $? -ne 0 ]; then exit 1; fi # now to try to make the installer - rm -f librewolf-$pkgver.en-US.win64-strict-setup.exe tmp-strict.nsi + rm -f librewolf-$pkgver.en-US.win64-strict-setup.exe tmp.nsi tmp-strict.nsi sed "s/pkg_version/$pkgver/g" < artifacts_win.nsi > tmp.nsi sed "s/win64-setup/win64-strict-setup/g" < tmp.nsi > tmp-strict.nsi makensis-3.01.exe -V1 tmp-strict.nsi if [ $? -ne 0 ]; then exit 1; fi +else + + rm -f librewolf-$pkgver.en-US.$ospkg.zip + zip -qr9 librewolf-$pkgver.en-US.$ospkg.zip librewolf + if [ $? -ne 0 ]; then exit 1; fi + + # now to try to make the installer + rm -f librewolf-$pkgver.en-US.win64-setup.exe tmp.nsi + sed "s/pkg_version/$pkgver/g" < artifacts_win.nsi > tmp.nsi + makensis-3.01.exe -V1 tmp.nsi + if [ $? -ne 0 ]; then exit 1; fi + fi popd diff --git a/build.sh b/build.sh index 0e29447..16cb435 100755 --- a/build.sh +++ b/build.sh @@ -239,13 +239,17 @@ clean() { rm -f librewolf-$pkgver.en-US.win64-setup.exe rm -f librewolf-$pkgver.en-US.win64-permissive.zip rm -f librewolf-$pkgver.en-US.win64-permissive-setup.exe - rm -f tmp.nsi tmp-permissive.nsi + rm -f librewolf-$pkgver.en-US.win64-strict.zip + rm -f librewolf-$pkgver.en-US.win64-strict-setup.exe + rm -f tmp.nsi tmp-permissive.nsi tmp-strict.nsi # linux rm -f librewolf-$pkgver.en-US.deb.zip rm -f librewolf-$pkgver.en-US.deb-permissive.zip + rm -f librewolf-$pkgver.en-US.deb-strict.zip rm -f librewolf-$pkgver.en-US.rpm.zip rm -f librewolf-$pkgver.en-US.rpm-permissive.zip + rm -f librewolf-$pkgver.en-US.rpm-strict.zip echo "clean: done." } @@ -297,7 +301,7 @@ git_init() { } -# Permissive configuration options (win10 only at the moment) +# Permissive/strict configuration options (win10 only at the moment) perm_config_diff() { pushd settings > /dev/null @@ -340,7 +344,7 @@ strict_policies_diff() { } # -# Nightly builds +# Nightly builds, alternative builds. # init_mozilla_unified() { @@ -369,11 +373,6 @@ reset_mozilla_unified() { echo "reset_mozilla_unified: done." } -# strict -set_strict() { - strict=strict -} - # tor-browser.. (experimental) init_tor_browser() { git clone --no-checkout https://git.torproject.org/tor-browser.git @@ -404,22 +403,6 @@ reset_tor_browser() { - - - - - - - - -# -# process commandline arguments and do something -# - -done_something=0 - - - # cross-compile actions... # # linux_patches - the 'do_patches' for linux->win crosscompile. @@ -431,6 +414,16 @@ done_something=0 . ./linux_xcompile.sh + + + +# +# process commandline arguments and do something +# + +done_something=0 + + if [[ "$*" == *linux_patches* ]]; then linux_patches done_something=1 @@ -484,13 +477,17 @@ if [[ "$*" == *reset_tor_browser* ]]; then reset_tor_browser done_something=1 fi -if [[ "$*" == *set_strict* ]]; then - set_strict - done_something=1 + +# permissive & strict modes. +if [[ "$*" == *set_perm* ]]; then + permissive=permissive +fi +if [[ "$*" == *set_permissive* ]]; then + permissive=permissive +fi +if [[ "$*" == *set_strict* ]]; then + strict=strict fi - - - @@ -504,7 +501,6 @@ if [[ "$*" == *all* ]]; then extract do_patches build - permissive=permissive artifacts_win done_something=1 fi @@ -568,35 +564,17 @@ fi # creating the artifacts... -if [[ "$*" == *artifacts_perm* ]]; then - permissive=permissive +if [[ "$*" == *artifacts_win* ]]; then artifacts_win done_something=1 -else - if [[ "$*" == *artifacts_win* ]]; then - artifacts_win - done_something=1 - fi fi -if [[ "$*" == *artifacts_deb_perm* ]]; then - permissive=permissive +if [[ "$*" == *artifacts_deb* ]]; then artifacts_deb done_something=1 -else - if [[ "$*" == *artifacts_deb* ]]; then - artifacts_deb - done_something=1 - fi fi -if [[ "$*" == *artifacts_rpm_perm* ]]; then - permissive=permissive +if [[ "$*" == *artifacts_rpm* ]]; then artifacts_rpm done_something=1 -else - if [[ "$*" == *artifacts_rpm* ]]; then - artifacts_rpm - done_something=1 - fi fi # librewolf.cfg and policies.json differences @@ -613,15 +591,10 @@ if [[ "$*" == *strict_config_diff* ]]; then strict_config_diff done_something=1 fi -if [[ "$*" == *policies_diff* ]]; then +if [[ "$*" == *strict_policies_diff* ]]; then strict_policies_diff done_something=1 fi -if [[ "$*" == *mach_run_config* ]]; then - cp -r settings/* $(echo $srcdir/obj-*)/dist/bin - done_something=1 -fi - # by default, give help.. @@ -635,7 +608,11 @@ Use: ./build.sh clean | all | [other stuff...] build - the actual build. artifacts_win - apply .cfg, build the zip file and NSIS setup.exe installer. - artifacts_perm - package as above, but use the permissive config/policies. + +# Basic functionality: + + all - build all (fetch extract do_patches build artifacts_win) + clean - remove generated cruft. # Linux related functions: @@ -645,24 +622,29 @@ Use: ./build.sh clean | all | [other stuff...] deps_mac - install dependencies with brew. (experimental) artifacts_deb - apply .cfg, create a dist zip file (for debian10). - artifacts_deb_perm - include permissive build. artifacts_rpm - apply .cfg, create a dist zip file (for fedora33). - artifacts_rpm_perm - include permissive build. # Generic utility functionality: - all - build all, produce all artifacts including -permissive. - clean - remove generated cruft. - mach_env - create mach build environment. rustup - perform a rustup for this user. git_subs - update git submodules. - perm_config_diff - diff between my .cfg and dist .cfg file. (win10) - perm_policies_diff - diff between my policies and the dist policies. (win10) git_init - create .git folder in firefox-87.0 for creating patches. - mach_run_config - copy librewolf config/policies to enable 'mach run'. -There is also a strict_config_diff and strict_policies_diff for the strict version. +# Strict/permissive config: + + set_perm - produce permissive artifacts. + set_strict - produce strict mode build/artifacts + + perm_config_diff - diff between -release and -permissive config + perm_policies_diff - diff between -release and -permissive policies.json + strict_config_diff - diff between -release and -strict config + strict_policies_diff - diff between -release and -strict policies.json + +The *_diff commands are dangerous (change repo files), win10 specific, and +just for internal use. You can use './build set_perm all' to build permissve +and './build set_strict all' for -strict. This functionality exists because +we're constantly balancing settings between usability and security. # Cross-compile from linux: (experimental) @@ -691,7 +673,7 @@ Copy the zip file in your $HOME folder, then: cd librewolf ./register-librewolf -That should give an app icon. You can have it elsewhere and it will work. +That should give an app icon. You can unzip it elsewhere and it will work. # Examples: diff --git a/patches/permissive/librewolf-config.patch b/patches/permissive/librewolf-config.patch index 46b5a4e..9ef2f02 100644 --- a/patches/permissive/librewolf-config.patch +++ b/patches/permissive/librewolf-config.patch @@ -1,8 +1,26 @@ diff --git a/librewolf.cfg b/librewolf.cfg -index 1ad0cea..7aa8d33 100644 +index 1ad0cea..7515734 100644 --- a/librewolf.cfg +++ b/librewolf.cfg -@@ -389,7 +389,7 @@ defaultPref("extensions.ui.experiment.hidden", false); +@@ -264,11 +264,12 @@ defaultPref("media.gmp-manager.certs.1.commonName", ""); + // User Settings : WebRTC + // ---------------------- + +-defaultPref("media.navigator.enabled", false); +-defaultPref("media.navigator.video.enabled", false); +-defaultPref("media.getusermedia.browser.enabled", false); +-defaultPref("media.getusermedia.screensharing.enabled", false); +-defaultPref("media.getusermedia.audiocapture.enabled", false); ++// these 5 are needed to be true for webcam/camera ++defaultPref("media.navigator.enabled", true); ++defaultPref("media.navigator.video.enabled", true); ++defaultPref("media.getusermedia.browser.enabled", true); ++defaultPref("media.getusermedia.screensharing.enabled", true); ++defaultPref("media.getusermedia.audiocapture.enabled", true); + defaultPref("media.peerconnection.use_document_iceservers", false); + defaultPref("media.peerconnection.identity.enabled", false); + // 10000 per default +@@ -389,7 +390,7 @@ defaultPref("extensions.ui.experiment.hidden", false); lockPref("dom.indexedDB.enabled", true); //default true //lockPref("dom.indexedDB.logging.details", false); //default true //lockPref("dom.indexedDB.logging.enabled", false); //default true @@ -11,7 +29,7 @@ index 1ad0cea..7aa8d33 100644 //lockPref("network.http.spdy.enabled", false); //lockPref("network.http.spdy.enabled.deps", false); //lockPref("network.http.spdy.enabled.http2", false); -@@ -882,12 +882,12 @@ lockPref("extensions.getAddons.compatOverides.url", ""); +@@ -882,12 +883,12 @@ lockPref("extensions.getAddons.compatOverides.url", ""); // https://services.addons.mozilla.org/api/v3/addons/compat-override/?guid=%IDS%&lang=%LOCALE% // Pref : @@ -26,7 +44,7 @@ index 1ad0cea..7aa8d33 100644 // Default Value // https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% -@@ -897,12 +897,12 @@ defaultPref("extensions.getAddons.link.url", ""); +@@ -897,12 +898,12 @@ defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ // Pref : @@ -41,7 +59,7 @@ index 1ad0cea..7aa8d33 100644 // Default Value // https://addons.mozilla.org/%LOCALE%/firefox/themes/?src=firefox -@@ -932,7 +932,7 @@ lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); +@@ -932,7 +933,7 @@ lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // https://accounts.firefox.com/ // Pref : @@ -50,7 +68,7 @@ index 1ad0cea..7aa8d33 100644 // Default Value // https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= // %REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= -@@ -1804,7 +1804,7 @@ lockPref("datareporting.healthreport.uploadEnabled", false); +@@ -1804,7 +1805,7 @@ lockPref("datareporting.healthreport.uploadEnabled", false); lockPref("datareporting.policy.dataSubmissionEnabled", false); // Pref : Disable right-click menu manipulation via JavaScript (disabled) @@ -59,7 +77,7 @@ index 1ad0cea..7aa8d33 100644 // Pref : Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript // Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in -@@ -2773,3 +2773,10 @@ defaultPref("devtools.selfxss.count", 0); +@@ -2773,3 +2774,14 @@ defaultPref("devtools.selfxss.count", 0); // enable HTTPS only mode by default defaultPref("dom.security.https_only_mode", true); defaultPref("dom.security.https_only_mode_ever_enabled", true); @@ -70,3 +88,7 @@ index 1ad0cea..7aa8d33 100644 +defaultPref("privacy.clearOnShutdown.cookies", false); +defaultPref("privacy.clearOnShutdown.offlineApps", false); +defaultPref("network.cookie.lifetimePolicy", 2); ++ ++// attempting to allow webcam and microphone ++defaultPref("permissions.default.microphone",1); ++defaultPref("permissions.default.camera",1);