[tor-commits] [Git][tpo/applications/tor-browser][base-browser-102.7.0esr-12.5-1] squash! Base Browser's .mozconfigs.

Pier Angelo Vendrame (@pierov) git at gitlab.torproject.org
Fri Jan 20 16:45:38 UTC 2023 


Pier Angelo Vendrame pushed to branch base-browser-102.7.0esr-12.5-1 at The Tor Project / Applications / Tor Browser


Commits:
5ad37bff by Pier Angelo Vendrame at 2023-01-20T16:41:46+01:00
squash! Base Browser's .mozconfigs.

Bug 17858: Cannot create incremental MARs for hardened builds.
Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff
(which is part of mar-tools and is not distributed to end-users) with
ASan.

Bug 21849: Don't allow SSL key logging.

Bug 25741 - TBA: Disable features at compile-time

Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION

Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds

This fixes a problem where some preferences had the wrong default value.
Also see bug 27472 where we made a similar fix for Android.

Bug 29859: Disable HLS support for now

Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING

Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT

Bug 33734: Set MOZ_NORMANDY to False

Bug 33851: Omit Parental Controls.

Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files

Bug 41584: Move some configuration options to base-browser level

- - - - -


6 changed files:

- browser/moz.configure
- + mobile/android/basebrowser.configure
- mobile/android/confvars.sh
- mobile/android/moz.configure
- security/moz.build
- security/nss/lib/ssl/Makefile


Changes:

=====================================
browser/moz.configure
=====================================
@@ -5,11 +5,13 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 imply_option("MOZ_PLACES", True)
-imply_option("MOZ_SERVICES_HEALTHREPORT", True)
+# tor-browser#32493
+imply_option("MOZ_SERVICES_HEALTHREPORT", False)
 imply_option("MOZ_SERVICES_SYNC", True)
 imply_option("MOZ_DEDICATED_PROFILES", True)
 imply_option("MOZ_BLOCK_PROFILE_DOWNGRADE", True)
-imply_option("MOZ_NORMANDY", True)
+# tor-browser#33734
+imply_option("MOZ_NORMANDY", False)
 
 with only_when(target_is_linux & compile_environment):
     option(env="MOZ_NO_PIE_COMPAT", help="Enable non-PIE wrapper")


=====================================
mobile/android/basebrowser.configure
=====================================
@@ -0,0 +1,33 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Set Base Browser default config
+# See tor-browser#25741 and tor-browser#41584.
+
+imply_option("MOZ_ANDROID_EXCLUDE_FONTS", False)
+
+# Disable uploading crash reports and dump files to an external server
+# This is still configured in old-configure. Uncomment when this moves
+# to the python config
+# imply_option("MOZ_CRASHREPORTER", False)
+
+# Disable uploading information about the browser configuration and
+# performance to an external server. See tor-browser#32493.
+imply_option("MOZ_SERVICES_HEALTHREPORT", False)
+
+# Disable creating telemetry and data reports that are uploaded to an
+# external server
+# These aren't actually configure options. These are disabled in
+# confvars.sh, but they look like configure options so we'll document
+# them here, as well.
+# XXX: no confvars.sh here
+# imply_option("MOZ_TELEMETRY_REPORTING", False)
+# imply_option("MOZ_DATA_REPORTING", False)
+
+# tor-browser#24796: This controls some permissions in GeckoView's
+# AndroidManifest.xml
+imply_option("MOZ_ANDROID_NETWORK_STATE", False)
+imply_option("MOZ_ANDROID_LOCATION", False)


=====================================
mobile/android/confvars.sh
=====================================
@@ -15,3 +15,9 @@ MOZ_OFFICIAL_BRANDING_DIRECTORY=mobile/android/branding/official
 MOZ_RAW=1
 
 MOZ_APP_ID={aa3c5121-dab2-40e2-81ca-7ea25febc110}
+
+# Disable telemetry at compile-time
+unset MOZ_TELEMETRY_REPORTING
+
+# Disable data reporting at compile-time
+unset MOZ_DATA_REPORTING


=====================================
mobile/android/moz.configure
=====================================
@@ -10,10 +10,11 @@ project_flag(
     default=True,
 )
 
+# tor-browser#29859
 project_flag(
     "MOZ_ANDROID_HLS_SUPPORT",
     help="Enable HLS (HTTP Live Streaming) support (currently using the ExoPlayer library)",
-    default=True,
+    default=False,
 )
 
 option(
@@ -58,7 +59,10 @@ option(
 set_config("MOZ_ANDROID_GECKOVIEW_LITE", True, when="--enable-geckoview-lite")
 
 imply_option("MOZ_NORMANDY", False)
-imply_option("MOZ_SERVICES_HEALTHREPORT", True)
+# Comment this so we can imply |False| in basebrowser.configure
+# The Build system doesn't allow multiple imply_option()
+# calls with the same key.
+# imply_option("MOZ_SERVICES_HEALTHREPORT", True)
 imply_option("MOZ_ANDROID_HISTORY", True)
 imply_option("--enable-small-chunk-size", True)
 
@@ -77,6 +81,8 @@ def check_target(target):
         )
 
 
+include("basebrowser.configure")
+
 include("../../toolkit/moz.configure")
 include("../../build/moz.configure/android-sdk.configure")
 include("../../build/moz.configure/java.configure")


=====================================
security/moz.build
=====================================
@@ -85,7 +85,8 @@ gyp_vars["nss_dist_obj_dir"] = "$PRODUCT_DIR/dist/bin"
 gyp_vars["disable_tests"] = 1
 gyp_vars["disable_dbm"] = 1
 gyp_vars["disable_libpkix"] = 1
-gyp_vars["enable_sslkeylogfile"] = 1
+# tor-browser#18885, tor-browser#21849
+gyp_vars["enable_sslkeylogfile"] = 0
 # pkg-config won't reliably find zlib on our builders, so just force it.
 # System zlib is only used for modutil and signtool unless
 # SSL zlib is enabled, which we are disabling immediately below this.


=====================================
security/nss/lib/ssl/Makefile
=====================================
@@ -41,7 +41,8 @@ endif
 
 # Enable key logging by default in debug builds, but not opt builds.
 # Logging still needs to be enabled at runtime through env vars.
-NSS_ALLOW_SSLKEYLOGFILE ?= $(if $(BUILD_OPT),0,1)
+# tor-browser#18885, tor-browser#21849
+NSS_ALLOW_SSLKEYLOGFILE ?= 0
 ifeq (1,$(NSS_ALLOW_SSLKEYLOGFILE))
 DEFINES += -DNSS_ALLOW_SSLKEYLOGFILE=1
 endif



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5ad37bff3b1e09bec52d0770f326d4ff93b8f456

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5ad37bff3b1e09bec52d0770f326d4ff93b8f456
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20230120/255e630a/attachment-0001.htm>

More information about the tor-commits mailing list