[tor-bugs] #31978 [Applications/Tor Browser]: Support use of policies.json
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 8 10:19:26 UTC 2019
#31978: Support use of policies.json
--------------------------------------+-----------------------------------
Reporter: segfault | Owner: tbb-team
Type: defect | Status: needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Comment (by gk):
Replying to [comment:2 segfault]:
> > Wouldn't that mean you need to back out the patch for #30575, too?
>
> Yes, indeed.
>
> > I would not be very happy to do that and would object doing that for
all platforms.
>
> I understand.
>
> > If we don't find a better solution we could think about supporting
policies.json for Linux only. I wonder, though, whether one could fix your
original problems without hacking around them with policies.json.
> >
> > So, what are your issues? Do you know what is causing them?
>
> We were able to find workarounds for most of the issues now. Two issues
which we couldn't solve yet are:
>
> * "Tor Browser 9 sometimes won't load new URLs" [1].
> * "JavaScript sometimes blocked on Tor Browser first start" [2].
So, the second one is not new with Tor Browser 9, if I see that correctly,
right? The first one, hrm. I believe I have seen that once or twice weeks
ago with early Tor Browser nightly versions but I never encountered it
again. So, maybe that one has been a different/fixed issue.
Can you run tests with customized Tor Browser versions, like disabling
some extensions etc.? If so, I'd suggest doing that and seeing whether the
Jenkins results get better. Have you tried running the Tor Browser as we
ship it in your test setup to see whether that test fails with our stuff
randomly as well? It could be that your customizations make this (more)
problematic.
> To be honest, I'm not sure how policies.json would help us with those.
The customizations which policies.json would make simpler for us are:
>
> * Enable a custom theme for our Unsafe Browser (which is also a
customized Tor Browser) [3]. The current workaround requires us to ship a
`addonStartup.json.lz4` file, which Firefox/Tor Browser usually generated
when it's started.
> * Disabling the update check [4].
>
> We're worried that our workarounds to keep the customizations working
are using methods that are unsupported by Mozilla (for example patching
and repacking `tor-browser/browser/omni.ja`, and shipping
`addonStartup.json.lz4`), require more and more hacks, and may be the root
cause for more and more weird behavior ([1] and [2] for example). Using
policies.json would allow us to drop some of these hacks, especially the
`addonStartup.json.lz4` file and some preferences we set in `omni.ja`.
Fair enough. I think we would be amenable to accept a patch just for the
Tails case if that helps you. I have no idea right now how that would look
like, though, given that the current way of doing things prevents real
proxy bypass scenarios. So, we need to be careful here.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31978#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list