[tor-commits] [Git][tpo/applications/tor-browser][base-browser-102.7.0esr-12.5-1] squash! Base Browser's .mozconfigs.

Pier Angelo Vendrame pushed to branch base-browser-102.7.0esr-12.5-1 at The Tor Project / Applications / Tor Browser

Commits:

5ad37bff

by Pier Angelo Vendrame at 2023-01-20T16:41:46+01:00

squash! Base Browser's .mozconfigs.

Bug 17858: Cannot create incremental MARs for hardened builds.
Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff
(which is part of mar-tools and is not distributed to end-users) with
ASan.

Bug 21849: Don't allow SSL key logging.

Bug 25741 - TBA: Disable features at compile-time

Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION

Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds

This fixes a problem where some preferences had the wrong default value.
Also see bug 27472 where we made a similar fix for Android.

Bug 29859: Disable HLS support for now

Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING

Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT

Bug 33734: Set MOZ_NORMANDY to False

Bug 33851: Omit Parental Controls.

Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files

Bug 41584: Move some configuration options to base-browser level

Changes:

browser/moz.configure

@@ -5,11 +5,13 @@
  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
  imply_option("MOZ_PLACES", True)
 -imply_option("MOZ_SERVICES_HEALTHREPORT", True)
 +# tor-browser#32493
 +imply_option("MOZ_SERVICES_HEALTHREPORT", False)
  imply_option("MOZ_SERVICES_SYNC", True)
  imply_option("MOZ_DEDICATED_PROFILES", True)
  imply_option("MOZ_BLOCK_PROFILE_DOWNGRADE", True)
 -imply_option("MOZ_NORMANDY", True)
 +# tor-browser#33734
 +imply_option("MOZ_NORMANDY", False)
  with only_when(target_is_linux & compile_environment):
      option(env="MOZ_NO_PIE_COMPAT", help="Enable non-PIE wrapper")

mobile/android/basebrowser.configure

 +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
 +# vim: set filetype=python:
 +# This Source Code Form is subject to the terms of the Mozilla Public
 +# License, v. 2.0. If a copy of the MPL was not distributed with this
 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
++
 +# Set Base Browser default config
 +# See tor-browser#25741 and tor-browser#41584.
++
 +imply_option("MOZ_ANDROID_EXCLUDE_FONTS", False)
++
 +# Disable uploading crash reports and dump files to an external server
 +# This is still configured in old-configure. Uncomment when this moves
 +# to the python config
 +# imply_option("MOZ_CRASHREPORTER", False)
++
 +# Disable uploading information about the browser configuration and
 +# performance to an external server. See tor-browser#32493.
 +imply_option("MOZ_SERVICES_HEALTHREPORT", False)
++
 +# Disable creating telemetry and data reports that are uploaded to an
 +# external server
 +# These aren't actually configure options. These are disabled in
 +# confvars.sh, but they look like configure options so we'll document
 +# them here, as well.
 +# XXX: no confvars.sh here
 +# imply_option("MOZ_TELEMETRY_REPORTING", False)
 +# imply_option("MOZ_DATA_REPORTING", False)
++
 +# tor-browser#24796: This controls some permissions in GeckoView's
 +# AndroidManifest.xml
 +imply_option("MOZ_ANDROID_NETWORK_STATE", False)
 +imply_option("MOZ_ANDROID_LOCATION", False)

mobile/android/confvars.sh

@@ -15,3 +15,9 @@ MOZ_OFFICIAL_BRANDING_DIRECTORY=mobile/android/branding/official
  MOZ_RAW=1
  MOZ_APP_ID={aa3c5121-dab2-40e2-81ca-7ea25febc110}
++
 +# Disable telemetry at compile-time
 +unset MOZ_TELEMETRY_REPORTING
++
 +# Disable data reporting at compile-time
 +unset MOZ_DATA_REPORTING

mobile/android/moz.configure

@@ -10,10 +10,11 @@ project_flag(
      default=True,
+ )
 +# tor-browser#29859
  project_flag(
      "MOZ_ANDROID_HLS_SUPPORT",
      help="Enable HLS (HTTP Live Streaming) support (currently using the ExoPlayer library)",
 -    default=True,
 +    default=False,
+ )
  option(
@@ -58,7 +59,10 @@ option(
  set_config("MOZ_ANDROID_GECKOVIEW_LITE", True, when="--enable-geckoview-lite")
  imply_option("MOZ_NORMANDY", False)
 -imply_option("MOZ_SERVICES_HEALTHREPORT", True)
 +# Comment this so we can imply |False| in basebrowser.configure
 +# The Build system doesn't allow multiple imply_option()
 +# calls with the same key.
 +# imply_option("MOZ_SERVICES_HEALTHREPORT", True)
  imply_option("MOZ_ANDROID_HISTORY", True)
  imply_option("--enable-small-chunk-size", True)
@@ -77,6 +81,8 @@ def check_target(target):
+         )
 +include("basebrowser.configure")
++
  include("../../toolkit/moz.configure")
  include("../../build/moz.configure/android-sdk.configure")
  include("../../build/moz.configure/java.configure")

security/moz.build

@@ -85,7 +85,8 @@ gyp_vars["nss_dist_obj_dir"] = "$PRODUCT_DIR/dist/bin"
  gyp_vars["disable_tests"] = 1
  gyp_vars["disable_dbm"] = 1
  gyp_vars["disable_libpkix"] = 1
 -gyp_vars["enable_sslkeylogfile"] = 1
 +# tor-browser#18885, tor-browser#21849
 +gyp_vars["enable_sslkeylogfile"] = 0
  # pkg-config won't reliably find zlib on our builders, so just force it.
  # System zlib is only used for modutil and signtool unless
  # SSL zlib is enabled, which we are disabling immediately below this.

security/nss/lib/ssl/Makefile

@@ -41,7 +41,8 @@ endif
  # Enable key logging by default in debug builds, but not opt builds.
  # Logging still needs to be enabled at runtime through env vars.
 -NSS_ALLOW_SSLKEYLOGFILE ?= $(if $(BUILD_OPT),0,1)
 +# tor-browser#18885, tor-browser#21849
 +NSS_ALLOW_SSLKEYLOGFILE ?= 0
  ifeq (1,$(NSS_ALLOW_SSLKEYLOGFILE))
  DEFINES += -DNSS_ALLOW_SSLKEYLOGFILE=1
  endif