Commit 395d3c55 authored by Mike Perry's avatar Mike Perry Committed by Matthew Finkel
Browse files

TB3: Tor Browser's official .mozconfigs.

Also:
Bug #9829.1: new .mozconfig file for the new cross-compiler and ESR24
Changes needed to build Mac in 64bit
Bug 10715: Enable Webgl for mingw-w64 again.
Disable ICU when cross-compiling; clean-up.
Bug 15773: Enable ICU on OS X
Bug 15990: Don't build the sandbox with mingw-w64
Bug 12761: Switch to ESR 38 for OS X
Updating .mozconfig-asan
Bug 12516: Compile hardenend Tor Browser with -fwrapv
Bug 18331: Switch to Mozilla's toolchain for building Tor Browser for OS X
Bug 17858: Cannot create incremental MARs for hardened builds.
Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff
(which is part of mar-tools and is not distributed to end-users) with
ASan.
Bug 13419: Add back ICU for Windows
Bug 21239: Use GTK2 for ESR52 Linux builds
Bug 23025: Add hardening flags for macOS
Bug 24478: Enable debug assertions and tests in our ASan builds
--enable-proxy-bypass-protection
Bug 27597: ASan build option in tor-browser-build is broken

Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds

This fixes a problem where some preferences had the wrong default value.
Also see bug 27472 where we made a similar fix for Android.

Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING

Bug 31450: Set proper BINDGEN_CFLAGS for ASan builds

Add an --enable-tor-browser-data-outside-app-dir configure option

Add --with-tor-browser-version configure option

Bug 21849: Don't allow SSL key logging.

Bug 31457: disable per-installation profiles

The dedicated profiles (per-installation) feature does not interact
well with our bundled profiles on Linux and Windows, and it also causes
multiple profiles to be created on macOS under TorBrowser-Data.

Bug 31935: Disable profile downgrade protection.

Since Tor Browser does not support more than one profile, disable
the prompt and associated code that offers to create one when a
version downgrade situation is detected.

Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT

Bug 25741 - TBA: Disable features at compile-time

MOZ_NATIVE_DEVICES for casting and the media player
MOZ_TELEMETRY_REPORTING for telemetry
MOZ_DATA_REPORTING for all data reporting preferences (crashreport, telemetry, geo)

Bug 25741 - TBA: Add default configure options in dedicated file

Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION

Bug 29859: Disable HLS support for now

Add --disable-tor-launcher build option

Add --enable-tor-browser-update build option

Bug 33734: Set MOZ_NORMANDY to False

Bug 33851: Omit Parental Controls.

Bug 40061: Omit the Windows default browser agent from the build

Bug 40107: Adapt .mozconfig-asan for ESR 78

Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files
parent 897d081a
. $topsrcdir/browser/config/mozconfig
# This mozconfig file is not used in official Tor Browser builds.
# It is only intended to be used when doing incremental Linux builds
# during development. The platform-specific mozconfig configuration
# files used in official Tor Browser releases can be found in the
# tor-browser-build repo:
# https://gitweb.torproject.org/builders/tor-browser-build.git/
# under:
# tor-browser-build/projects/firefox/mozconfig-$OS-$ARCH
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@
mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
export MOZILLA_OFFICIAL=1
ac_add_options --enable-optimize
ac_add_options --enable-rust-simd
ac_add_options --enable-official-branding
# Let's support GTK3 for ESR60
ac_add_options --enable-default-toolkit=cairo-gtk3
ac_add_options --disable-strip
ac_add_options --disable-install-strip
ac_add_options --disable-tests
ac_add_options --disable-debug
ac_add_options --disable-crashreporter
ac_add_options --disable-webrtc
ac_add_options --disable-parental-controls
# Let's make sure no preference is enabling either Adobe's or Google's CDM.
ac_add_options --disable-eme
ac_add_options --enable-proxy-bypass-protection
# Disable telemetry
ac_add_options MOZ_TELEMETRY_REPORTING=
ac_add_options --disable-tor-launcher
ac_add_options --with-tor-browser-version=dev-build
ac_add_options --disable-tor-browser-update
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-arm-linux-androideabi
mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
export MOZILLA_OFFICIAL=1
ac_add_options --enable-optimize
ac_add_options --enable-rust-simd
ac_add_options --enable-official-branding
# Android
ac_add_options --enable-application=mobile/android
ac_add_options --target=arm-linux-androideabi
ac_add_options --with-android-ndk="$NDK_BASE" #Enter the android ndk location(ndk r17b)
ac_add_options --with-android-sdk="$SDK_BASE" #Enter the android sdk location
ac_add_options --with-branding=mobile/android/branding/alpha
# Use Mozilla's Clang blobs
CC="$HOME/.mozbuild/clang/bin/clang"
CXX="$HOME/.mozbuild/clang/bin/clang++"
#enable ccache to set amount of cache assigned for build.
ac_add_options --with-ccache
ac_add_options --enable-strip
ac_add_options --disable-tests
ac_add_options --disable-debug
ac_add_options --disable-rust-debug
ac_add_options --disable-updater
ac_add_options --disable-crashreporter
ac_add_options --disable-webrtc
ac_add_options --disable-parental-controls
ac_add_options --enable-proxy-bypass-protection
# Disable telemetry
ac_add_options MOZ_TELEMETRY_REPORTING=
. $topsrcdir/browser/config/mozconfig
export CFLAGS="-fsanitize=address -Dxmalloc=myxmalloc"
export CXXFLAGS="-fsanitize=address -Dxmalloc=myxmalloc"
# We need to add -ldl explicitely due to bug 1213698
export LDFLAGS="-fsanitize=address -ldl"
# Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff
# (which is part of mar-tools and is not distributed to end-users) with
# ASan. See bug 17858.
export HOST_CFLAGS=""
export HOST_CXXFLAGS=""
export HOST_LDFLAGS="-ldl"
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@
mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
export MOZILLA_OFFICIAL=1
export BINDGEN_CFLAGS='--gcc-toolchain=/var/tmp/dist/gcc'
ac_add_options --enable-address-sanitizer
ac_add_options --disable-jemalloc
ac_add_options --disable-elf-hack
ac_add_options --with-clang-path=/var/tmp/dist/clang/bin/clang
ac_add_options --enable-optimize
ac_add_options --enable-rust-simd
ac_add_options --enable-official-branding
# Let's support GTK3 for ESR60
ac_add_options --enable-default-toolkit=cairo-gtk3
ac_add_options --enable-tor-browser-update
ac_add_options --disable-strip
ac_add_options --disable-install-strip
ac_add_options --disable-tests
ac_add_options --disable-debug
ac_add_options --disable-crashreporter
ac_add_options --disable-webrtc
ac_add_options --disable-parental-controls
ac_add_options --disable-eme
ac_add_options --enable-proxy-bypass-protection
# Disable telemetry
ac_add_options MOZ_TELEMETRY_REPORTING=
# ld needs libLTO.so from llvm
mk_add_options "export LD_LIBRARY_PATH=$topsrcdir/clang/lib"
CROSS_CCTOOLS_PATH=$topsrcdir/cctools
CROSS_SYSROOT=$topsrcdir/MacOSX10.7.sdk
CROSS_PRIVATE_FRAMEWORKS=$CROSS_SYSROOT/System/Library/PrivateFrameworks
HARDENING_FLAGS="-Werror=format -Werror=format-security -fstack-protector-strong -D_FORTIFY_SOURCE=2"
FLAGS="-target x86_64-apple-darwin10 -mlinker-version=136 -B $CROSS_CCTOOLS_PATH/bin -isysroot $CROSS_SYSROOT $HARDENING_FLAGS"
export CC="$topsrcdir/clang/bin/clang $FLAGS"
export CXX="$topsrcdir/clang/bin/clang++ $FLAGS"
export CPP="$topsrcdir/clang/bin/clang $FLAGS -E"
export LLVMCONFIG=$topsrcdir/clang/bin/llvm-config
export LDFLAGS="-Wl,-syslibroot,$CROSS_SYSROOT -Wl,-dead_strip -Wl,-pie"
export TOOLCHAIN_PREFIX=$CROSS_CCTOOLS_PATH/bin/x86_64-apple-darwin10-
#TODO: bug 1184202 - would be nice if these could be detected with TOOLCHAIN_PREFIX automatically
export AR=${TOOLCHAIN_PREFIX}ar
export RANLIB=${TOOLCHAIN_PREFIX}ranlib
export STRIP=${TOOLCHAIN_PREFIX}strip
export OTOOL=${TOOLCHAIN_PREFIX}otool
export DSYMUTIL=$topsrcdir/clang/bin/llvm-dsymutil
export HOST_CC="$topsrcdir/clang/bin/clang"
export HOST_CXX="$topsrcdir/clang/bin/clang++"
export HOST_CPP="$topsrcdir/clang/bin/clang -E"
export HOST_CFLAGS="-g"
export HOST_CXXFLAGS="-g"
export HOST_LDFLAGS="-g"
ac_add_options --target=x86_64-apple-darwin
ac_add_options --with-macos-private-frameworks=$CROSS_PRIVATE_FRAMEWORKS
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-macos
mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
export MOZILLA_OFFICIAL=1
ac_add_options --enable-application=browser
ac_add_options --enable-strip
ac_add_options --enable-official-branding
ac_add_options --enable-optimize
ac_add_options --enable-rust-simd
ac_add_options --disable-debug
ac_add_options --enable-tor-browser-data-outside-app-dir
ac_add_options --enable-tor-browser-update
ac_add_options --disable-crashreporter
ac_add_options --disable-webrtc
ac_add_options --disable-parental-controls
ac_add_options --disable-tests
# Let's make sure no preference is enabling either Adobe's or Google's CDM.
ac_add_options --disable-eme
ac_add_options --enable-proxy-bypass-protection
# Disable telemetry
ac_add_options MOZ_TELEMETRY_REPORTING=
CROSS_COMPILE=1
ac_add_options --enable-application=browser
ac_add_options --target=i686-w64-mingw32
ac_add_options --with-toolchain-prefix=i686-w64-mingw32-
ac_add_options --enable-default-toolkit=cairo-windows
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-mingw
mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
export MOZILLA_OFFICIAL=1
ac_add_options --disable-debug
ac_add_options --enable-optimize
ac_add_options --enable-rust-simd
ac_add_options --enable-strip
ac_add_options --enable-official-branding
ac_add_options --enable-tor-browser-update
ac_add_options --disable-bits-download
# Let's make sure no preference is enabling either Adobe's or Google's CDM.
ac_add_options --disable-eme
ac_add_options --disable-crashreporter
ac_add_options --disable-maintenance-service
ac_add_options --disable-webrtc
ac_add_options --disable-parental-controls
ac_add_options --disable-tests
ac_add_options --enable-proxy-bypass-protection
# Disable telemetry
ac_add_options MOZ_TELEMETRY_REPORTING=
ac_add_options --disable-default-browser-agent
......@@ -71,4 +71,7 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('windows', 'gtk', 'cocoa'):
if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('windows', 'gtk'):
DEFINES['MENUBAR_CAN_AUTOHIDE'] = 1
if CONFIG['TOR_BROWSER_UPDATE']:
DEFINES['TOR_BROWSER_UPDATE'] = 1
JAR_MANIFESTS += ['jar.mn']
......@@ -82,6 +82,14 @@ endif
endif
endif
ifdef TOR_BROWSER_DISABLE_TOR_LAUNCHER
DEFINES += -DTOR_BROWSER_DISABLE_TOR_LAUNCHER
endif
ifdef TOR_BROWSER_UPDATE
DEFINES += -DTOR_BROWSER_UPDATE
endif
ifneq (,$(filter WINNT Darwin Android,$(OS_TARGET)))
DEFINES += -DMOZ_SHARED_MOZGLUE=1
endif
......
......@@ -5,11 +5,11 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
imply_option('MOZ_PLACES', True)
imply_option('MOZ_SERVICES_HEALTHREPORT', True)
imply_option('MOZ_SERVICES_HEALTHREPORT', False)
imply_option('MOZ_SERVICES_SYNC', True)
imply_option('MOZ_DEDICATED_PROFILES', True)
imply_option('MOZ_BLOCK_PROFILE_DOWNGRADE', True)
imply_option('MOZ_NORMANDY', True)
imply_option('MOZ_DEDICATED_PROFILES', False)
imply_option('MOZ_BLOCK_PROFILE_DOWNGRADE', False)
imply_option('MOZ_NORMANDY', False)
with only_when(target_is_linux & compile_environment):
option(env='MOZ_NO_PIE_COMPAT',
......
......@@ -248,6 +248,12 @@ def old_configure_options(*options):
'--with-user-appdir',
'--x-includes',
'--x-libraries',
# Tor additions.
'--with-tor-browser-version',
'--enable-tor-browser-update',
'--enable-tor-browser-data-outside-app-dir',
'--enable-tor-launcher',
)
def prepare_configure_options(host, target, all_options, *options):
# old-configure only supports the options listed in @old_configure_options
......
......@@ -30,9 +30,18 @@ MOZ_ANDROID_BROWSER_INTENT_CLASS=org.mozilla.gecko.BrowserApp
MOZ_NO_SMART_CARDS=1
# Adds MIME-type support for raw video
MOZ_RAW=1
# use custom widget for html:select
MOZ_USE_NATIVE_POPUP_WINDOWS=1
MOZ_APP_ID={aa3c5121-dab2-40e2-81ca-7ea25febc110}
### Tor Browser for Android ###
# Disable telemetry at compile-time
unset MOZ_TELEMETRY_REPORTING
# Disable data reporting at compile-time
unset MOZ_DATA_REPORTING
......@@ -92,6 +92,7 @@ android {
buildConfigField 'String', "MOZ_APP_DISPLAYNAME", "\"${mozconfig.substs.MOZ_APP_DISPLAYNAME}\"";
buildConfigField 'String', "MOZ_APP_UA_NAME", "\"${mozconfig.substs.MOZ_APP_UA_NAME}\"";
buildConfigField 'String', "MOZ_UPDATE_CHANNEL", "\"${mozconfig.substs.MOZ_UPDATE_CHANNEL}\"";
buildConfigField 'String', "TOR_BROWSER_VERSION", "\"${mozconfig.substs.TOR_BROWSER_VERSION}\"";
// MOZILLA_VERSION is oddly quoted from autoconf, but we don't have to handle it specially in Gradle.
buildConfigField 'String', "MOZILLA_VERSION", "\"${mozconfig.substs.MOZILLA_VERSION}\"";
......
......@@ -10,7 +10,7 @@ project_flag('MOZ_ANDROID_EXCLUDE_FONTS',
project_flag('MOZ_ANDROID_HLS_SUPPORT',
help='Enable HLS (HTTP Live Streaming) support (currently using the ExoPlayer library)',
default=True)
default=False)
option(env='FENNEC_NIGHTLY',
help='Enable experimental code for Fennec Nightly users. NOTE: This is *not* equivalent '
......@@ -26,9 +26,12 @@ def fennec_nightly(nightly):
return bool(nightly)
imply_option('MOZ_NORMANDY', False)
imply_option('MOZ_SERVICES_HEALTHREPORT', True)
imply_option('MOZ_ANDROID_HISTORY', True)
imply_option('--enable-small-chunk-size', True)
# Comment this so we can imply |False| in torbrowser.configure
# The Build system doesn't allow multiple imply_option()
# calls with the same key.
#imply_option('MOZ_SERVICES_HEALTHREPORT', True)
@depends(target)
def check_target(target):
......@@ -39,6 +42,8 @@ def check_target(target):
'Build_Instructions/Simple_Firefox_for_Android_build '
'for more information about the necessary options.')
include('torbrowser.configure')
include('../../toolkit/moz.configure')
include('../../build/moz.configure/android-sdk.configure')
include('../../build/moz.configure/java.configure')
......@@ -50,3 +55,11 @@ option(env='MOZ_ANDROID_FAT_AAR_ARCHITECTURES',
help='Comma-separated list of Android CPU architectures like "armeabi-v7a,arm64-v8a,x86,x86_64"')
set_config('MOZ_ANDROID_FAT_AAR_ARCHITECTURES', depends('MOZ_ANDROID_FAT_AAR_ARCHITECTURES')(lambda x: x))
project_flag('MOZ_ANDROID_NETWORK_STATE',
help='Include permission for accessing WiFi/network state on Android',
default=False)
project_flag('MOZ_ANDROID_LOCATION',
help='Include permission for accessing fine and course-grain Location on Android',
default=False)
# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
# vim: set filetype=python:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# Set Tor Browser default config
imply_option('MOZ_ANDROID_EXCLUDE_FONTS', False)
# Disable uploading crash reports and dump files to an external server
# This is still configured in old-configure. Uncomment when this moves
# to the python config
#imply_option('MOZ_CRASHREPORTER', False)
# Disable uploading information about the browser configuration and
# performance to an external server
imply_option('MOZ_SERVICES_HEALTHREPORT', False)
# Disable creating telemetry and data reports that are uploaded to an
# external server
# These aren't actually configure options. These are disabled in
# confvars.sh, but they look like configure options so we'll document
# them here, as well.
#XXX: no confvars.sh here
#imply_option('MOZ_TELEMETRY_REPORTING', False)
#imply_option('MOZ_DATA_REPORTING', False)
imply_option('MOZ_ANDROID_NETWORK_STATE', False);
imply_option('MOZ_ANDROID_LOCATION', False);
......@@ -1966,6 +1966,55 @@ if test -n "$MOZ_UPDATER"; then
AC_DEFINE(MOZ_UPDATER)
fi
dnl ========================================================
dnl Tor additions
dnl ========================================================
MOZ_ARG_WITH_STRING(tor-browser-version,
[ --with-tor-browser-version=VERSION
Set Tor Browser version, e.g., 7.0a1],
TOR_BROWSER_VERSION="$withval")
if test -z "$TOR_BROWSER_VERSION"; then
AC_MSG_ERROR([--with-tor-browser-version is required for Tor Browser.])
fi
MOZ_ARG_ENABLE_BOOL(tor-browser-update,
[ --enable-tor-browser-update
Enable Tor Browser update],
TOR_BROWSER_UPDATE=1,
TOR_BROWSER_UPDATE= )
if test -n "$TOR_BROWSER_UPDATE"; then
AC_DEFINE(TOR_BROWSER_UPDATE)
fi
MOZ_ARG_ENABLE_BOOL(tor-browser-data-outside-app-dir,
[ --enable-tor-browser-data-outside-app-dir
Enable Tor Browser data outside of app directory],
TOR_BROWSER_DATA_OUTSIDE_APP_DIR=1,
TOR_BROWSER_DATA_OUTSIDE_APP_DIR= )
if test -n "$TOR_BROWSER_DATA_OUTSIDE_APP_DIR"; then
AC_DEFINE(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
fi
AC_DEFINE_UNQUOTED(TOR_BROWSER_VERSION,$TOR_BROWSER_VERSION)
AC_DEFINE_UNQUOTED(TOR_BROWSER_VERSION_QUOTED,"$TOR_BROWSER_VERSION")
AC_SUBST(TOR_BROWSER_UPDATE)
AC_SUBST(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
MOZ_ARG_DISABLE_BOOL(tor-launcher,
[ --disable-tor-launcher
Do not include Tor Launcher],
TOR_BROWSER_DISABLE_TOR_LAUNCHER=1,
TOR_BROWSER_DISABLE_TOR_LAUNCHER=)
if test -n "$TOR_BROWSER_DISABLE_TOR_LAUNCHER"; then
AC_DEFINE(TOR_BROWSER_DISABLE_TOR_LAUNCHER)
fi
AC_SUBST(TOR_BROWSER_DISABLE_TOR_LAUNCHER)
dnl ========================================================
dnl parental controls (for Windows Vista)
dnl ========================================================
......
......@@ -85,7 +85,7 @@ gyp_vars['nss_dist_obj_dir'] = '$PRODUCT_DIR/dist/bin'
gyp_vars['disable_tests'] = 1
gyp_vars['disable_dbm'] = 1
gyp_vars['disable_libpkix'] = 1
gyp_vars['enable_sslkeylogfile'] = 1
gyp_vars['enable_sslkeylogfile'] = 0
# pkg-config won't reliably find zlib on our builders, so just force it.
# System zlib is only used for modutil and signtool unless
# SSL zlib is enabled, which we are disabling immediately below this.
......
......@@ -41,7 +41,7 @@ endif
# Enable key logging by default in debug builds, but not opt builds.
# Logging still needs to be enabled at runtime through env vars.
NSS_ALLOW_SSLKEYLOGFILE ?= $(if $(BUILD_OPT),0,1)
NSS_ALLOW_SSLKEYLOGFILE ?= 0
ifeq (1,$(NSS_ALLOW_SSLKEYLOGFILE))
DEFINES += -DNSS_ALLOW_SSLKEYLOGFILE=1
endif
......
......@@ -341,6 +341,8 @@ this.AppConstants = Object.freeze({
MOZ_WIDGET_TOOLKIT: "@MOZ_WIDGET_TOOLKIT@",
ANDROID_PACKAGE_NAME: "@ANDROID_PACKAGE_NAME@",
TOR_BROWSER_VERSION: "@TOR_BROWSER_VERSION@",
DEBUG_JS_MODULES: "@DEBUG_JS_MODULES@",
MOZ_BING_API_CLIENTID: "@MOZ_BING_API_CLIENTID@",
......@@ -418,4 +420,11 @@ this.AppConstants = Object.freeze({
#else
false,
#endif
TOR_BROWSER_UPDATE:
#ifdef TOR_BROWSER_UPDATE
true,
#else
false,
#endif
});
......@@ -296,6 +296,9 @@ for var in ('MOZ_ALLOW_ADDON_SIDELOAD',
if CONFIG[var]:
DEFINES[var] = True
if CONFIG['TOR_BROWSER_UPDATE']:
DEFINES['TOR_BROWSER_UPDATE'] = 1
JAR_MANIFESTS += ['jar.mn']
DEFINES['TOPOBJDIR'] = TOPOBJDIR
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment