From 89b231f068137489887cb28ddbf2afc06205e1b0 Mon Sep 17 00:00:00 2001 From: Sergey Cherevko Date: Mon, 18 Mar 2024 16:33:39 +0300 Subject: [PATCH] De-branded for MSVSphere 8.9 --- SOURCES/0001-Overt-telemetry-disabling.patch | 116 +++++++++++++++++++ SOURCES/distribution.ini | 10 +- SOURCES/firefox-redhat-default-prefs.js | 4 +- SOURCES/firefox.appdata.xml.in | 9 ++ SOURCES/firefox.desktop | 4 + SOURCES/policies.json | 9 ++ SOURCES/rootca_ssl_rsa2022.cer | 33 ++++++ SOURCES/use_yandex_search_as_default.py | 44 +++++++ SPECS/firefox.spec | 31 ++++- 9 files changed, 252 insertions(+), 8 deletions(-) create mode 100644 SOURCES/0001-Overt-telemetry-disabling.patch create mode 100644 SOURCES/policies.json create mode 100644 SOURCES/rootca_ssl_rsa2022.cer create mode 100644 SOURCES/use_yandex_search_as_default.py diff --git a/SOURCES/0001-Overt-telemetry-disabling.patch b/SOURCES/0001-Overt-telemetry-disabling.patch new file mode 100644 index 0000000..0cd967f --- /dev/null +++ b/SOURCES/0001-Overt-telemetry-disabling.patch @@ -0,0 +1,116 @@ +From 1277732f202321f959509691d7fef315aaaba6aa Mon Sep 17 00:00:00 2001 +From: Sergey Cherevko +Date: Thu, 14 Dec 2023 18:09:14 +0300 +Subject: [PATCH] Overt telemetry disabling + +--- + modules/libpref/init/all.js | 38 ++++++++++++++++++++++++++----------- + 1 file changed, 27 insertions(+), 11 deletions(-) + +diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js +index c7c6f0ca82..69ca3653d4 100644 +--- a/modules/libpref/init/all.js ++++ b/modules/libpref/init/all.js +@@ -256,7 +256,7 @@ pref("media.decoder-doctor.decode-warnings-allowed", ""); + // Whether we report partial failures. + pref("media.decoder-doctor.verbose", false); + // URL to report decode issues +-pref("media.decoder-doctor.new-issue-endpoint", "https://webcompat.com/issues/new"); ++pref("media.decoder-doctor.new-issue-endpoint", ""); + + pref("media.videocontrols.picture-in-picture.enabled", false); + pref("media.videocontrols.picture-in-picture.display-text-tracks.enabled", true); +@@ -639,26 +639,40 @@ pref("toolkit.sqlitejsm.loglevel", "Error"); + pref("toolkit.tabbox.switchByScrolling", false); + + // Telemetry settings. ++// MSVSphere disable telemetry and geolocation by default ++pref("toolkit.telemetry.updatePing.enabled", false); ++pref("browser.newtabpage.activity-stream.feeds.telemetry", false); ++pref("browser.newtabpage.activity-stream.telemetry", false); ++pref("browser.ping-centre.telemetry", false); ++pref("toolkit.telemetry.bhrPing.enabled", false); ++pref("toolkit.telemetry.enabled", false); ++pref("toolkit.telemetry.firstShutdownPing.enabled", false); ++pref("toolkit.telemetry.hybridContent.enabled", false); ++pref("toolkit.telemetry.newProfilePing.enabled", false); ++pref("toolkit.telemetry.reportingpolicy.firstRun", false); ++pref("toolkit.telemetry.shutdownPingSender.enabled", false); ++pref("toolkit.telemetry.archive.enabled", false); ++pref("devtools.onboarding.telemetry.logged", false); + // Server to submit telemetry pings to. +-pref("toolkit.telemetry.server", "https://incoming.telemetry.mozilla.org"); ++pref("toolkit.telemetry.server", ""); + // Telemetry server owner. Please change if you set toolkit.telemetry.server to a different server +-pref("toolkit.telemetry.server_owner", "Mozilla"); ++pref("toolkit.telemetry.server_owner", "MSVSphere"); + // Determines whether full SQL strings are returned when they might contain sensitive info + // i.e. dynamically constructed SQL strings or SQL executed by addons against addon DBs + pref("toolkit.telemetry.debugSlowSql", false); + // Whether to use the unified telemetry behavior, requires a restart. +-pref("toolkit.telemetry.unified", true); ++pref("toolkit.telemetry.unified", false); + + // DAP related preferences + pref("toolkit.telemetry.dap_enabled", false); + // Verification tasks + pref("toolkit.telemetry.dap_task1_enabled", false); + // Leader endpoint for the DAP protocol +-pref("toolkit.telemetry.dap_leader", "https://dap-02.api.divviup.org"); ++pref("toolkit.telemetry.dap_leader", ""); + // Not used for anything. Just additional information. + pref("toolkit.telemetry.dap_leader_owner", "ISRG"); + // Second DAP server. Only two are currently supported. +-pref("toolkit.telemetry.dap_helper", "https://helper1.dap.cloudflareresearch.com/v02"); ++pref("toolkit.telemetry.dap_helper", ""); + pref("toolkit.telemetry.dap_helper_owner", "Cloudflare"); + pref("toolkit.telemetry.dap.logLevel", "Warn"); + +@@ -702,7 +716,7 @@ pref("toolkit.dump.emit", false); + // This pref configures the base URL for the profiler.firefox.com instance to + // use. This is useful so that a developer can change it while working on + // profiler.firefox.com, or in tests. This isn't exposed directly to the user. +-pref("devtools.performance.recording.ui-base-url", "https://profiler.firefox.com"); ++pref("devtools.performance.recording.ui-base-url", ""); + // When gathering profiles from child processes, this is the longest time (in + // seconds) allowed between two responses. 0 = Use internal default. + pref("devtools.performance.recording.child.timeout_s", 0); +@@ -3249,6 +3263,8 @@ pref("network.psl.onUpdate_notify", false); + + // All the Geolocation preferences are here. + // ++// MSVSphere Geo location sends location data ++pref("geo.enabled", false); + #ifndef EARLY_BETA_OR_EARLIER + pref("geo.provider.network.url", "https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%"); + #else +@@ -3871,22 +3887,22 @@ pref("toolkit.aboutProcesses.profileDuration", 5); + pref("toolkit.legacyUserProfileCustomizations.stylesheets", false); + + #ifdef MOZ_DATA_REPORTING +- pref("datareporting.policy.dataSubmissionEnabled", true); ++ pref("datareporting.policy.dataSubmissionEnabled", false); + pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "0"); + pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 0); + pref("datareporting.policy.dataSubmissionPolicyBypassNotification", false); + pref("datareporting.policy.currentPolicyVersion", 2); + pref("datareporting.policy.minimumPolicyVersion", 1); + pref("datareporting.policy.minimumPolicyVersion.channel-beta", 2); +- pref("datareporting.policy.firstRunURL", "https://www.mozilla.org/privacy/firefox/"); ++ pref("datareporting.policy.firstRunURL", ""); + #endif + + #ifdef MOZ_SERVICES_HEALTHREPORT + #if !defined(ANDROID) +- pref("datareporting.healthreport.infoURL", "https://www.mozilla.org/legal/privacy/firefox.html#health-report"); ++ pref("datareporting.healthreport.infoURL", ""); + + // Health Report is enabled by default on all channels. +- pref("datareporting.healthreport.uploadEnabled", true); ++ pref("datareporting.healthreport.uploadEnabled", false); + #endif + #endif + +-- +2.39.3 + diff --git a/SOURCES/distribution.ini b/SOURCES/distribution.ini index 11f1f96..cd0c0ba 100644 --- a/SOURCES/distribution.ini +++ b/SOURCES/distribution.ini @@ -1,9 +1,9 @@ [Global] -id=fedora +id=MSVSphere version=1.0 -about=Mozilla Firefox for Fedora +about=Mozilla Firefox for MSVSphere [Preferences] -app.distributor=fedora -app.distributor.channel=fedora -app.partner.fedora=fedora +app.distributor=msvsphere +app.distributor.channel=msvsphere +app.partner.fedora=msvsphere diff --git a/SOURCES/firefox-redhat-default-prefs.js b/SOURCES/firefox-redhat-default-prefs.js index f130247..8ff7f25 100644 --- a/SOURCES/firefox-redhat-default-prefs.js +++ b/SOURCES/firefox-redhat-default-prefs.js @@ -14,8 +14,8 @@ pref("browser.shell.checkDefaultBrowser", false); pref("network.manage-offline-status", true); pref("extensions.shownSelectionUI", true); pref("ui.SpellCheckerUnderlineStyle", 1); -pref("startup.homepage_override_url", "https://www.redhat.com"); -pref("startup.homepage_welcome_url", "https://www.redhat.com"); +pref("startup.homepage_override_url", "https://msvsphere-os.ru"); +pref("startup.homepage_welcome_url", "https://msvsphere-os.ru"); pref("browser.startup.homepage", "data:text/plain,browser.startup.homepage=file:///%PREFIX%/share/doc/HTML/index.html"); pref("media.gmp-gmpopenh264.autoupdate",true); pref("media.gmp-gmpopenh264.enabled",false); diff --git a/SOURCES/firefox.appdata.xml.in b/SOURCES/firefox.appdata.xml.in index bfa9afc..1949065 100644 --- a/SOURCES/firefox.appdata.xml.in +++ b/SOURCES/firefox.appdata.xml.in @@ -4,7 +4,9 @@ firefox.desktop CC0-1.0 Firefox + Веб-браузер Firefox Web Browser + Веб-браузер Navegador web Webový prohlížeč Navegador web @@ -32,6 +34,13 @@ function will include possible matches from your browsing history, bookmarked sites and open tabs.

+

+ Объединяя все виды потрясающих возможностей, мы делаем просмотр более удобным для вас. + Быстро переходите на свои любимые сайты – даже если вы не помните URL-адреса. + Введите термин в адресную строку (также известную как Awesome Bar), и функция + автозаполнения будет включать возможные совпадения из вашей истории просмотров, + сайтов из закладок и открытых вкладок. +

https://www.mozilla.org stransky@redhat.com diff --git a/SOURCES/firefox.desktop b/SOURCES/firefox.desktop index a152ed4..9f3aa76 100644 --- a/SOURCES/firefox.desktop +++ b/SOURCES/firefox.desktop @@ -1,6 +1,7 @@ [Desktop Entry] Version=1.0 Name=Firefox +Name[ru]=Веб-браузер Firefox GenericName=Web Browser GenericName[ca]=Navegador web GenericName[cs]=Webový prohlížeč @@ -20,6 +21,7 @@ GenericName[pl]=Przeglądarka WWW GenericName[pt]=Navegador Web GenericName[pt_BR]=Navegador Web GenericName[sk]=Internetový prehliadač +GenericName[ru]=Веб браузер GenericName[sv]=Webbläsare Comment=Browse the Web Comment[ca]=Navegueu per el web @@ -41,6 +43,7 @@ Comment[pl]=Przeglądanie stron WWW Comment[pt]=Navegue na Internet Comment[pt_BR]=Navegue na Internet Comment[sk]=Prehliadanie internetu +Comment[ru]=Просматривайте веб-страницы Comment[sv]=Surfa på webben Exec=firefox %u Icon=firefox @@ -272,4 +275,5 @@ Exec=firefox --private-window %u Name=Open the Profile Manager Name[cs]=Správa profilů Name[de]=Profilverwaltung öffnen +Name[ru]=Откройте диспетчер профилей Exec=firefox --ProfileManager diff --git a/SOURCES/policies.json b/SOURCES/policies.json new file mode 100644 index 0000000..a601772 --- /dev/null +++ b/SOURCES/policies.json @@ -0,0 +1,9 @@ +{ + "policies": { + "Certificates": { + "ImportEnterpriseRoots": true, + "Install": ["rootca_ssl_rsa2022.cer", + "/usr/lib64/firefox/defaults/rootca_ssl_rsa2022.cer"] + } + } +} diff --git a/SOURCES/rootca_ssl_rsa2022.cer b/SOURCES/rootca_ssl_rsa2022.cer new file mode 100644 index 0000000..253d971 --- /dev/null +++ b/SOURCES/rootca_ssl_rsa2022.cer @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFwjCCA6qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCUlUx +PzA9BgNVBAoMNlRoZSBNaW5pc3RyeSBvZiBEaWdpdGFsIERldmVsb3BtZW50IGFu +ZCBDb21tdW5pY2F0aW9uczEgMB4GA1UEAwwXUnVzc2lhbiBUcnVzdGVkIFJvb3Qg +Q0EwHhcNMjIwMzAxMjEwNDE1WhcNMzIwMjI3MjEwNDE1WjBwMQswCQYDVQQGEwJS +VTE/MD0GA1UECgw2VGhlIE1pbmlzdHJ5IG9mIERpZ2l0YWwgRGV2ZWxvcG1lbnQg +YW5kIENvbW11bmljYXRpb25zMSAwHgYDVQQDDBdSdXNzaWFuIFRydXN0ZWQgUm9v +dCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMfFOZ8pUAL3+r2n +qqE0Zp52selXsKGFYoG0GM5bwz1bSFtCt+AZQMhkWQheI3poZAToYJu69pHLKS6Q +XBiwBC1cvzYmUYKMYZC7jE5YhEU2bSL0mX7NaMxMDmH2/NwuOVRj8OImVa5s1F4U +zn4Kv3PFlDBjjSjXKVY9kmjUBsXQrIHeaqmUIsPIlNWUnimXS0I0abExqkbdrXbX +YwCOXhOO2pDUx3ckmJlCMUGacUTnylyQW2VsJIyIGA8V0xzdaeUXg0VZ6ZmNUr5Y +Ber/EAOLPb8NYpsAhJe2mXjMB/J9HNsoFMBFJ0lLOT/+dQvjbdRZoOT8eqJpWnVD +U+QL/qEZnz57N88OWM3rabJkRNdU/Z7x5SFIM9FrqtN8xewsiBWBI0K6XFuOBOTD +4V08o4TzJ8+Ccq5XlCUW2L48pZNCYuBDfBh7FxkB7qDgGDiaftEkZZfApRg2E+M9 +G8wkNKTPLDc4wH0FDTijhgxR3Y4PiS1HL2Zhw7bD3CbslmEGgfnnZojNkJtcLeBH +BLa52/dSwNU4WWLubaYSiAmA9IUMX1/RpfpxOxd4Ykmhz97oFbUaDJFipIggx5sX +ePAlkTdWnv+RWBxlJwMQ25oEHmRguNYf4Zr/Rxr9cS93Y+mdXIZaBEE0KS2iLRqa +OiWBki9IMQU4phqPOBAaG7A+eP8PAgMBAAGjZjBkMB0GA1UdDgQWBBTh0YHlzlpf +BKrS6badZrHF+qwshzAfBgNVHSMEGDAWgBTh0YHlzlpfBKrS6badZrHF+qwshzAS +BgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF +AAOCAgEAALIY1wkilt/urfEVM5vKzr6utOeDWCUczmWX/RX4ljpRdgF+5fAIS4vH +tmXkqpSCOVeWUrJV9QvZn6L227ZwuE15cWi8DCDal3Ue90WgAJJZMfTshN4OI8cq +W9E4EG9wglbEtMnObHlms8F3CHmrw3k6KmUkWGoa+/ENmcVl68u/cMRl1JbW2bM+ +/3A+SAg2c6iPDlehczKx2oa95QW0SkPPWGuNA/CE8CpyANIhu9XFrj3RQ3EqeRcS +AQQod1RNuHpfETLU/A2gMmvn/w/sx7TB3W5BPs6rprOA37tutPq9u6FTZOcG1Oqj +C/B7yTqgI7rbyvox7DEXoX7rIiEqyNNUguTk/u3SZ4VXE2kmxdmSh3TQvybfbnXV +4JbCZVaqiZraqc7oZMnRoWrXRG3ztbnbes/9qhRGI7PqXqeKJBztxRTEVj8ONs1d +WN5szTwaPIvhkhO3CO5ErU2rVdUr89wKpNXbBODFKRtgxUT70YpmJ46VVaqdAhOZ +D9EUUn4YaeLaS8AjSF/h7UkjOibNc4qVDiPP+rkehFWM66PVnP1Msh93tc+taIfC +EYVMxjh8zNbFuoc7fzvvrFILLe7ifvEIUqSVIC/AzplM/Jxw7buXFeGP1qVCBEHq +391d/9RAfaZ12zkwFsl+IKwE/OZxW8AHa9i1p4GO0YSNuczzEm4= +-----END CERTIFICATE----- diff --git a/SOURCES/use_yandex_search_as_default.py b/SOURCES/use_yandex_search_as_default.py new file mode 100644 index 0000000..f456af3 --- /dev/null +++ b/SOURCES/use_yandex_search_as_default.py @@ -0,0 +1,44 @@ +import json +import sys +import datetime + +YANDEX_SECTION = json.loads(''' + { + "appliesTo": [ + { + "default": "yes", + "included": { + "everywhere": true + } + } + ], + "id": "a0e7f96a-14e0-4d56-9f54-e0c7e49fd306", + "last_modified": 1679065511545, + "schema": 1639069022290, + "webExtension": { + "id": "yandex@search.mozilla.org" + } + } +''') + +search_config = None +with open(sys.argv[1]) as f: + search_config = json.load(f) + +inserted = False +for engine in search_config["data"]: + if engine["webExtension"]["id"] == "yandex@search.mozilla.org": + inserted = True + engine = YANDEX_SECTION + else: + for applies in engine["appliesTo"]: + if "default" in applies and applies["default"] == "yes": + applies["default"] = "no" + +if not inserted: + search_config["data"] = [YANDEX_SECTION] + search_config["data"] + +search_config["timestamp"] = int( datetime.datetime.now().timestamp() ) * 1000 + +with open(sys.argv[1], 'w') as f: + json.dump(search_config, f, indent=2) diff --git a/SPECS/firefox.spec b/SPECS/firefox.spec index 9bf1443..97d564d 100644 --- a/SPECS/firefox.spec +++ b/SPECS/firefox.spec @@ -132,7 +132,7 @@ end} Summary: Mozilla Firefox Web browser Name: firefox Version: 115.3.1 -Release: 1%{?dist} +Release: 1%{?dist}.inferit URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ @@ -185,6 +185,14 @@ Source402: nspr-4.35.0-1.el8_1.src.rpm Source403: nss-3.90.0-3.el8_1.src.rpm Source404: nss-3.90.0-3.el9_0.src.rpm +# MSVSphere added Russian Trusted Root CA +Source500: rootca_ssl_rsa2022.cer +Source501: policies.json +# apply script from ROSA to set Yandex provides +# as default search provider for Firefox +# https://abf.rosalinux.ru/import/firefox/raw/rosa2023.1/use_yandex_search_as_default.py +Source502: use_yandex_search_as_default.py + # ---- RHEL specific patches --- # -- Downstream only -- Patch01: build-disable-elfhack.patch @@ -228,6 +236,8 @@ Patch155: rhbz-1354671.patch # GENDIFF_DIFF_ARGS=-U0 gendiff firefox-xxxx .firefox-tests-xpcshell # GENDIFF_DIFF_ARGS=-U0 gendiff firefox-xxxx .firefox-tests-reftest Patch201: firefox-tests-xpcshell-freeze.patch +# MSVSphere +Patch10000: 0001-Overt-telemetry-disabling.patch # BUILD REQURES/REQUIRES %if %{?system_nss} && !0%{?bundle_nss} @@ -1034,6 +1044,11 @@ echo "--------------------------------------------" # ---- Test patches ---- %patch -P201 -p1 -b .firefox-tests-xpcshell-freeze +# set Yandex search provider by default +python3 %{SOURCE502} services/settings/dumps/main/search-config.json + +%patch10000 -p1 -b .0001-Overt-telemetry-disabling + %{__rm} -f .mozconfig %{__cp} %{SOURCE10} .mozconfig %{__cp} %{SOURCE24} mozilla-api-key @@ -1560,6 +1575,11 @@ sed -i -e 's|%PREFIX%|%{_prefix}|' %{buildroot}%{mozappdir}/defaults/preferences # System config dir %{__mkdir_p} %{buildroot}/%{_sysconfdir}/%{name}/pref +# MSVSphere added Russian Trusted Root CA +%{__mkdir_p} %{buildroot}/%{_sysconfdir}/%{name}/policies +%{__cp} %{SOURCE500} %{buildroot}%{mozappdir}/defaults +%{__cp} %{SOURCE501} %{buildroot}/%{_sysconfdir}/%{name}/policies + # System extensions %global firefox_app_id \{ec8030f7-c20a-464f-9b0e-13a3a9e97384\} %{__mkdir_p} %{buildroot}%{_datadir}/mozilla/extensions/%{firefox_app_id} @@ -1654,6 +1674,7 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %doc %{_mandir}/man1/* %dir %{_sysconfdir}/%{name} %dir %{_sysconfdir}/%{name}/* +%{_sysconfdir}/%{name}/policies %dir %{_datadir}/mozilla/extensions/* %dir %{_libdir}/mozilla/extensions/* %{_datadir}/applications/%{name}.desktop @@ -1662,6 +1683,7 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %dir %{mozappdir} %license %{mozappdir}/LICENSE %{mozappdir}/browser/chrome +%{mozappdir}/defaults/*.cer %{mozappdir}/defaults/preferences/* %{mozappdir}/browser/defaults/preferences %{mozappdir}/browser/features/*.xpi @@ -1717,6 +1739,13 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #--------------------------------------------------------------------- %changelog +* Mon Mar 18 2024 Sergey Cherevko - 115.3.1-1.inferit +- Added Russian Trusted Root CA +- Set Yandex as default search provider (Arkady L. Shane ) +- Added Russian description and summary for ArcMenu and gnome-software +- Disable telemetry and geolocation by default +- Rebuilt for MSVSphere 8.9 + * Fri Sep 29 2023 Eike Rathke - 115.3.1-1 - Update to 115.3.1