-diff --git a/components/viaduct/src/backend/ffi.rs b/components/viaduct/src/backend/ffi.rs

-index cca6bc68f..5d11eb026 100644

---- a/components/viaduct/src/backend/ffi.rs

-+++ b/components/viaduct/src/backend/ffi.rs

-@@ -37,6 +37,8 @@ macro_rules! backend_error {

- pub struct FfiBackend;

- impl Backend for FfiBackend {

-     fn send(&self, request: crate::Request) -> Result<crate::Response, Error> {

-+        return Err(backend_error!("Viaduct is disabled in Tor Browser."));

-+

-         use ffi_support::IntoFfi;

-         use prost::Message;

-         super::note_backend("FFI (trusted)");

-diff --git a/build-scripts/component-common.gradle b/build-scripts/component-common.gradle

-index a126341b0..3b3579290 100644

---- a/build-scripts/component-common.gradle

-+++ b/build-scripts/component-common.gradle

-@@ -111,16 +111,30 @@ ext.configureUniFFIBindgen = { crateName ->

-                     commandLine "${mozconfig.topobjdir}/dist/host/bin/embedded-uniffi-bindgen", 'generate', '--library', libraryPath, "--crate", crateName, '--language', 'kotlin', '--out-dir', uniffiOutDir.get(), '--no-format'

-                 }

-             } else {

--                def libraryPath = megazordNative.asFileTree.matching {

--                    include "${nativeRustTarget}/libmegazord.*"

--                }.singleFile

--

--                if (libraryPath == null) {

--                    throw new GradleException("libmegazord dynamic library path not found")

--                }

--                exec {

--                    workingDir project.rootDir

--                    commandLine '/usr/bin/env', 'cargo', 'uniffi-bindgen', 'generate', '--library', libraryPath, "--crate", crateName, '--language', 'kotlin', '--out-dir', uniffiOutDir.get(), '--no-format'

-+                if (crateName.toString().contains("places")) {

-+                     def libraryPath = megazordNative.asFileTree.matching {

-+                        include "${nativeRustTarget}/libmegazord.*"

-+                    }.singleFile

-+

-+                    if (libraryPath == null) {

-+                        throw new GradleException("libmegazord dynamic library path not found")

-+                    }

-+                    exec {

-+                        workingDir project.rootDir

-+                        commandLine '/usr/bin/env', 'cargo', 'uniffi-bindgen', 'generate', '--library', libraryPath, "--crate", crateName, '--language', 'kotlin', '--out-dir', uniffiOutDir.get(), '--no-format'

-+                    }

-+                } else {

-+                    def libraryPath = "${project.rootDir}/megazords/full/target/debug/libmegazord.so"

-+                    exec {

-+                        workingDir project.rootDir

-+                        def command = ["${rootProject.projectDir}/uniffi-rs/uniffi-bindgen", 'generate', '--library', libraryPath, "--crate", crateName, '--language', 'kotlin', '--out-dir', uniffiOutDir.get(), '--no-format']

-+                        println "Executing command: ${command.join(' ')}"

-+                        commandLine command

-+

-+                        // Print both stdout and stderr to Gradle's console

-+                        standardOutput = System.out

-+                        errorOutput = System.err

-+                    }

-                 }

-             }

-         }

-diff --git a/components/fxa-client/android/src/main/java/mozilla/appservices/fxaclient/Config.kt b/components/fxa-client/android/src/main/java/mozilla/appservices/fxaclient/Config.kt

-index 78c16dd0a..d2615fa74 100644

---- a/components/fxa-client/android/src/main/java/mozilla/appservices/fxaclient/Config.kt

-+++ b/components/fxa-client/android/src/main/java/mozilla/appservices/fxaclient/Config.kt

-@@ -13,4 +13,5 @@ fun FxaServer.contentUrl() = when (this) {

-     is FxaServer.China -> "https://accounts.firefox.com.cn"

-     is FxaServer.LocalDev -> "http://127.0.0.1:3030"

-     is FxaServer.Custom -> this.url

-+    is FxaServer.__NOOP -> ""

- }

-diff --git a/components/nimbus/android/src/main/java/org/mozilla/experiments/nimbus/Nimbus.kt b/components/nimbus/android/src/main/java/org/mozilla/experiments/nimbus/Nimbus.kt

-index 376ef90d9..d80eea50f 100644

---- a/components/nimbus/android/src/main/java/org/mozilla/experiments/nimbus/Nimbus.kt

-+++ b/components/nimbus/android/src/main/java/org/mozilla/experiments/nimbus/Nimbus.kt

-@@ -535,6 +535,8 @@ open class Nimbus(

-                         ),

-                     )

-                 }

-+

-+                EnrollmentChangeEventType.__NOOP -> {}

-             }

-         }

-     }

-diff --git a/megazords/full/Cargo.toml b/megazords/full/Cargo.toml

-index c5e9eea19..ce899aac1 100644

---- a/megazords/full/Cargo.toml

-+++ b/megazords/full/Cargo.toml

-@@ -9,24 +9,24 @@ license = "MPL-2.0"

- crate-type = ["cdylib"]

-

- [dependencies]

--fxa-client = { path = "../../components/fxa-client" }

--logins = { path = "../../components/logins" }

--tabs = { path = "../../components/tabs/" }

--sync_manager = { path = "../../components/sync_manager/" }

-+# fxa-client = { path = "../../components/fxa-client" }

-+# logins = { path = "../../components/logins" }

-+# tabs = { path = "../../components/tabs/" }

-+# sync_manager = { path = "../../components/sync_manager/" }

- # TODO: Uncomment this code when webext-storage component is integrated in android

- # webext-storage = { path = "../../components/webext-storage/" }

- places = { path = "../../components/places" }

--push = { path = "../../components/push" }

--remote_settings = { path = "../../components/remote_settings" }

--rust-log-forwarder = { path = "../../components/support/rust-log-forwarder" }

--viaduct = { path = "../../components/viaduct" }

--nimbus-sdk = { path = "../../components/nimbus" }

--autofill = { path = "../../components/autofill" }

--crashtest = { path = "../../components/crashtest" }

--error-support = { path = "../../components/support/error" }

--suggest = { path = "../../components/suggest" }

--search = { path = "../../components/search" }

--tracing-support = { path = "../../components/support/tracing" }

-+# push = { path = "../../components/push" }

-+# remote_settings = { path = "../../components/remote_settings" }

-+# rust-log-forwarder = { path = "../../components/support/rust-log-forwarder" }

-+# viaduct = { path = "../../components/viaduct" }

-+# nimbus-sdk = { path = "../../components/nimbus" }

-+# autofill = { path = "../../components/autofill" }

-+# crashtest = { path = "../../components/crashtest" }

-+# error-support = { path = "../../components/support/error" }

-+# suggest = { path = "../../components/suggest" }

-+# search = { path = "../../components/search" }

-+# tracing-support = { path = "../../components/support/tracing" }

-

- lazy_static = "1.4"

- init_rust_components = { path = "../../components/init_rust_components" }

-diff --git a/megazords/full/src/lib.rs b/megazords/full/src/lib.rs

-index 4b6ba4499..e4fde58ae 100644

---- a/megazords/full/src/lib.rs

-+++ b/megazords/full/src/lib.rs

-@@ -8,24 +8,24 @@

- use std::ffi::CString;

- use std::os::raw::c_char;

-

--pub use autofill;

--pub use crashtest;

--pub use error_support;

--pub use fxa_client;

--pub use init_rust_components;

--pub use logins;

--pub use merino;

--pub use nimbus;

-+// pub use autofill;

-+// pub use crashtest;

-+// pub use error_support;

-+// pub use fxa_client;

-+// pub use init_rust_components;

-+// pub use logins;

-+// pub use merino;

-+// pub use nimbus;

- pub use places;

--pub use push;

--pub use remote_settings;

--pub use rust_log_forwarder;

--pub use search;

--pub use suggest;

--pub use sync_manager;

--pub use tabs;

--pub use tracing_support;

--pub use viaduct;

-+// pub use push;

-+// pub use remote_settings;

-+// pub use rust_log_forwarder;

-+// pub use search;

-+// pub use suggest;

-+// pub use sync_manager;

-+// pub use tabs;

-+// pub use tracing_support;

-+// pub use viaduct;

- // TODO: Uncomment this code when webext-storage component is integrated in android

- // pub use webext_storage;

-

-diff --git a/libs/build-all.sh b/libs/build-all.sh

-index 650c1299..6c4e5404 100755

---- a/libs/build-all.sh

-+++ b/libs/build-all.sh

-@@ -128,6 +128,15 @@ echo $'\

-      fi

- ' | patch "${NSS_SRC_PATH}/nspr/configure"

- 

-+rm -f python

-+ln -s /usr/bin/python3 python

-+export PATH=$(pwd):$PATH

-+patch_13028=$(realpath bug_13028.patch)

-+pushd $NSS_SRC_PATH

-+# Apply our proxy bypass defense-in-depth here as well to be on the safe side.

-+patch -p2 < $patch_13028

-+popd

-+

- if [[ "${PLATFORM}" == "ios" ]]

- then

-   ./build-all-ios.sh "${SQLCIPHER_SRC_PATH}" "${NSS_SRC_PATH}"

-From 2f0888c348561249d3083555db33c5619840dbfa Mon Sep 17 00:00:00 2001

-From: Mike Perry <mikeperry-git@torproject.org>

-Date: Mon, 29 Sep 2014 14:30:19 -0700

-Subject: [PATCH] Bug 13028: Prevent potential proxy bypass cases.

-

-It looks like these cases should only be invoked in the NSS command line

-tools, and not the browser, but I decided to patch them anyway because there

-literally is a maze of network function pointers being passed around, and it's

-very hard to tell if some random code might not pass in the proper proxied

-versions of the networking code here by accident.

-

-diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c

-index cea8456606bf..86fa971cfbef 100644

---- a/security/nss/lib/certhigh/ocsp.c

-+++ b/security/nss/lib/certhigh/ocsp.c

-@@ -2932,6 +2932,14 @@ ocsp_ConnectToHost(const char *host, PRUint16 port)

-     PRNetAddr addr;

-     char *netdbbuf = NULL;

- 

-+    // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but

-+    // we want to ensure nothing can ever hit this code in production.

-+#if 1

-+    printf("Tor Browser BUG: Attempted OSCP direct connect to %s, port %u\n", host,

-+            port);

-+    goto loser;

-+#endif

-+

-     sock = PR_NewTCPSocket();

-     if (sock == NULL)

-         goto loser;

-diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c

-index e8698376b5be..85791d84a932 100644

---- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c

-+++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c

-@@ -1334,6 +1334,13 @@ pkix_pl_Socket_Create(

-                     plContext),

-                     PKIX_COULDNOTCREATESOCKETOBJECT);

- 

-+        // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but

-+        // we want to ensure nothing can ever hit this code in production.

-+#if 1

-+        printf("Tor Browser BUG: Attempted pkix direct socket connect\n");

-+        PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);

-+#endif

-+

-         socket->isServer = isServer;

-         socket->timeout = timeout;

-         socket->clientSock = NULL;

-@@ -1433,6 +1440,13 @@ pkix_pl_Socket_CreateByName(

- 

-         localCopyName = PL_strdup(serverName);

- 

-+        // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but

-+        // we want to ensure nothing can ever hit this code in production.

-+#if 1

-+        printf("Tor Browser BUG: Attempted pkix direct connect to %s\n", serverName);

-+        PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);

-+#endif

-+

-         sepPtr = strchr(localCopyName, ':');

-         /* First strip off the portnum, if present, from the end of the name */

-         if (sepPtr) {

-@@ -1582,6 +1596,13 @@ pkix_pl_Socket_CreateByHostAndPort(

-         PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateByHostAndPort");

-         PKIX_NULLCHECK_THREE(hostname, pStatus, pSocket);

- 

-+        // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but

-+        // we want to ensure nothing can ever hit this code in production.

-+#if 1

-+        printf("Tor Browser BUG: Attempted pkix direct connect to %s, port %u\n", hostname,

-+                portnum);

-+        PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);

-+#endif

- 

-         prstatus = PR_GetHostByName(hostname, buf, sizeof(buf), &hostent);

- 

--- 

-2.27.0

-

-# We add a suffix to the version to make it super specific.

-# This is useful for developer builds, which seem to try to fetch

-# latest versions of dependencies sometimes.

-sed -i '$ s/$/-TORBROWSER/' version.txt

-

-ln -s $rootdir/bug_13028.patch

-patch -p2 < $rootdir/apply-bug-13028.diff

-patch -p2 < $rootdir/no-ndk-lookup.diff

-pushd megazords/full

-NSS_DIR=$(pwd)/../../libs/desktop/linux-x86-64/nss cargo build --target-dir=$(pwd)/target

-popd

-

-cp $rootdir/cargo-no-build.sh megazords/full/android/

-chmod +x megazords/full/android/cargo-no-build.sh

-patch -p1 < $rootdir/a-s-noop.diff

-

-pushd components/external/glean

-cp $rootdir/cargo-no-build.sh glean-core/android-native/

-cp $builddir/uniffi-rs/uniffi-bindgen glean-core/android-native/

-patch -p1 < $rootdir/glean-noop.diff

-popd

-

-  patch -p1 < $rootdir/local-repository.diff

-  patch -p1 < $rootdir/offline-nimbus-fml.diff

-  patch -p1 < $rootdir/41422-disable-viaduct.diff

-  gradle_flags="--offline --no-daemon"

-#!/bin/bash

-

-if [[ "$1" == "build" ]]; then

-    echo "cargo build is disabled."

-    exit 0

-else

-    command cargo "$@"

-fi

-git_hash: 8ee6cb6a23f96ff8e2161926441aea72d6f09249

-git_url: https://github.com/mozilla/application-services

-          sha256sum: 4cf0235b525b5ce1d8bcc40e9763a13fd0e79c773749b900b4d7420551cf5114

-      - filename: local-repository.diff

-      - filename: bug_13028.patch

-      - filename: apply-bug-13028.diff

-      - filename: no-ndk-lookup.diff

-      - filename: offline-nimbus-fml.diff

-      - filename: glean-noop.diff

-      - filename: a-s-noop.diff

-      - filename: cargo-no-build.sh

-      - filename: 41422-disable-viaduct.diff

-diff --git a/glean-core/android-native/build.gradle b/glean-core/android-native/build.gradle

-index 53716d523..d38af8320 100644

---- a/glean-core/android-native/build.gradle

-+++ b/glean-core/android-native/build.gradle

-@@ -48,6 +48,8 @@ android {

- }

-

- cargo {

-+    cargoCommand = "${rootDir}/glean-core/android-native/cargo-no-build.sh"

-+

-     // The directory of the Cargo.toml to build.

-     module = '../bundle-android'

-

-diff --git a/glean-core/android/build.gradle b/glean-core/android/build.gradle

-index 7748378b4..5af06b1c3 100644

---- a/glean-core/android/build.gradle

-+++ b/glean-core/android/build.gradle

-@@ -197,7 +197,7 @@ def generateUniffiBindings = tasks.register("generateUniffiBindings") {

-     doFirst {

-         exec {

-             workingDir project.rootDir

--            commandLine 'cargo', 'uniffi-bindgen', 'generate', '--no-format', "${project.projectDir}/${udlFilePath}", '--language', 'kotlin', '--out-dir', UNIFFI_OUT_DIR.get()

-+            commandLine '${rootDir}/glean-core/android-native/uniffi-bindgen', 'generate', '--no-format', "${project.projectDir}/${udlFilePath}", '--language', 'kotlin', '--out-dir', UNIFFI_OUT_DIR.get()

-         }

-     }

-     outputs.dir UNIFFI_OUT_DIR

-diff --git a/build.gradle b/build.gradle

-index bd516e58c..b30d552c9 100644

---- a/build.gradle

-+++ b/build.gradle

-@@ -14,6 +14,14 @@ buildscript {

-     }

-

-     repositories {

-+        maven {

-+            url "file:///var/tmp/dist/gradle-dependencies"

-+            metadataSources {

-+                gradleMetadata()

-+                mavenPom()

-+            }

-+        }

-+

-         mavenCentral()

-         google()

-         maven {

-@@ -59,6 +67,14 @@ plugins {

-

- allprojects {

-     repositories {

-+        maven {

-+            url "file:///var/tmp/dist/gradle-dependencies"

-+            metadataSources {

-+                gradleMetadata()

-+                mavenPom()

-+            }

-+        }

-+

-         google()

-         mavenCentral()

-         maven {

-diff --git a/settings.gradle b/settings.gradle

-index 4117bc0d3..f1b028dad 100644

---- a/settings.gradle

-+++ b/settings.gradle

-@@ -1,6 +1,19 @@

- /* This Source Code Form is subject to the terms of the Mozilla Public

-  * License, v. 2.0. If a copy of the MPL was not distributed with this

-  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

-+

-+pluginManagement {

-+    repositories {

-+        maven {

-+            url "file:///var/tmp/dist/gradle-dependencies"

-+            metadataSources {

-+                gradleMetadata()

-+                mavenPom()

-+            }

-+        }

-+    }

-+}

-+

- import org.yaml.snakeyaml.Yaml

-

- // We prefer `appServicesRootDir` over `rootDir` to help us on the path to the monorepo.

-@@ -23,6 +36,14 @@ buildscript {

-     if (!gradle.root.hasProperty("mozconfig")) {

-         // in app-services

-         repositories {

-+            maven {

-+                url "file:///var/tmp/dist/gradle-dependencies"

-+                metadataSources {

-+                    gradleMetadata()

-+                    mavenPom()

-+                }

-+            }

-+

-             mavenCentral()

-         }

-     } else {

-diff --git a/tools/nimbus-gradle-plugin/settings.gradle b/tools/nimbus-gradle-plugin/settings.gradle

-index 7d907f057..c0d213503 100644

---- a/tools/nimbus-gradle-plugin/settings.gradle

-+++ b/tools/nimbus-gradle-plugin/settings.gradle

-@@ -14,6 +14,14 @@ buildscript {

-     if (!gradle.root.hasProperty("mozconfig")) {

-         // in app-services

-         repositories {

-+            maven {

-+                url "file:///var/tmp/dist/gradle-dependencies"

-+                metadataSources {

-+                    gradleMetadata()

-+                    mavenPom()

-+                }

-+            }

-+

-             mavenCentral()

-         }

-     } else {

-diff --git a/libs/android_defaults.sh b/libs/android_defaults.sh

-index 2cfcc4206..9e3d3de97 100755

---- a/libs/android_defaults.sh

-+++ b/libs/android_defaults.sh

-@@ -1,11 +1,7 @@

- #!/usr/bin/env bash

- 

--# Find the NDK.

--pushd ..

--NDK_VERSION=$(./gradlew -q printNdkVersion | tail -1)

--export ANDROID_NDK_HOME="$ANDROID_HOME/ndk/$NDK_VERSION"

--export ANDROID_NDK_ROOT="$ANDROID_NDK_HOME"

--popd || exit

-+# Do not try to find the NDK, as it does not work offline.

-+# We already define the needed variables in our environment.

- 

- if [[ -z "${ANDROID_NDK_API_VERSION:-}" ]]; then

-     export ANDROID_NDK_API_VERSION=21

-diff --git a/tools/nimbus-gradle-plugin/src/main/groovy/org/mozilla/appservices/tooling/nimbus/NimbusAssembleToolsTask.groovy b/tools/nimbus-gradle-plugin/src/main/groovy/org/mozilla/appservices/tooling/nimbus/NimbusAssembleToolsTask.groovy

-index 67c9e66d0..6dd949c92 100644

---- a/tools/nimbus-gradle-plugin/src/main/groovy/org/mozilla/appservices/tooling/nimbus/NimbusAssembleToolsTask.groovy

-+++ b/tools/nimbus-gradle-plugin/src/main/groovy/org/mozilla/appservices/tooling/nimbus/NimbusAssembleToolsTask.groovy

-@@ -20,6 +20,11 @@ import org.gradle.api.tasks.Nested

- import org.gradle.api.tasks.OutputFile

- import org.gradle.api.tasks.TaskAction

- 

-+import java.nio.file.Files

-+import java.nio.file.Path

-+import java.nio.file.Paths

-+import java.nio.file.StandardCopyOption

-+

- import javax.inject.Inject

- 

- import groovy.transform.Immutable

-@@ -84,46 +89,17 @@ abstract class NimbusAssembleToolsTask extends DefaultTask {

- 

-     @TaskAction

-     void assembleTools() {

--        def sources = [fetchSpec, *fetchSpec.fallbackSources.get()].collect {

--            new Source(new URI(it.archive.get()), new URI(it.hash.get()))

--        }

--

--        def successfulSource = sources.find { it.trySaveArchiveTo(archiveFile.get().asFile) }

--        if (successfulSource == null) {

--            throw new GradleException("Couldn't fetch archive from any of: ${sources*.archiveURI.collect { "`$it`" }.join(', ')}")

--        }

--

--        // We get the checksum, although don't do anything with it yet;

--        // Checking it here would be able to detect if the zip file was tampered with

--        // in transit between here and the server.

--        // It won't detect compromise of the CI server.

--        try {

--            successfulSource.saveHashTo(hashFile.get().asFile)

--        } catch (IOException e) {

--            throw new GradleException("Couldn't fetch hash from `${successfulSource.hashURI}`", e)

--        }

--

--        def zipTree = archiveOperations.zipTree(archiveFile.get())

--        def visitedFilePaths = []

--        zipTree.matching {

--            include unzipSpec.includePatterns.get()

--        }.visit { FileVisitDetails details ->

--            if (!details.directory) {

--                if (visitedFilePaths.empty) {

--                    details.copyTo(fmlBinary.get().asFile)

--                    fmlBinary.get().asFile.setExecutable(true)

--                }

--                visitedFilePaths.add(details.relativePath)

-+        String nimbusFmlPath = System.getenv("NIMBUS_FML")

-+        Path source

-+        if (nimbusFmlPath == null) {

-+            nimbusFmlPath = System.getProperty("nimbusFml")

-+            if (nimbusFmlPath == null) {

-+                throw new GradleException("NIMBUS_FML and property nimbusFml are not defined.")

-             }

-         }

--

--        if (visitedFilePaths.empty) {

--            throw new GradleException("Couldn't find any files in archive matching unzip spec: (${unzipSpec.includePatterns.get().collect { "`$it`" }.join(' | ')})")

--        }

--

--        if (visitedFilePaths.size() > 1) {

--            throw new GradleException("Ambiguous unzip spec matched ${visitedFilePaths.size()} files in archive: ${visitedFilePaths.collect { "`$it`" }.join(', ')}")

--        }

-+        source = Paths.get(nimbusFmlPath)

-+        Path dest = fmlBinary.get().asFile.toPath()

-+        Files.copy(source, dest, StandardCopyOption.REPLACE_EXISTING)

-     }

- 

-     /**