Base Browser's .mozconfigs.

Bug 17858: Cannot create incremental MARs for hardened builds. Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff (which is part of mar-tools and is not distributed to end-users) with ASan. Bug 21849: Don't allow SSL key logging. Bug 25741 - TBA: Disable features at compile-time Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds This fixes a problem where some preferences had the wrong default value. Also see bug 27472 where we made a similar fix for Android. Bug 29859: Disable HLS support for now Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT Bug 33734: Set MOZ_NORMANDY to False Bug 33851: Omit Parental Controls. Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files Bug 41584: Move some configuration options to base-browser level

Base Browser's .mozconfigs.
7630bc80 · Pier Angelo Vendrame · 93ac479d · 7630bc80 · 7630bc80 · 7630bc80
Commit 7630bc80 authored 2 years ago by Pier Angelo Vendrame
--- a/browser/config/mozconfigs/base-browser
+++ b/browser/config/mozconfigs/base-browser
+# Shared build settings and settings to enhance security and privacy.
+
+. $topsrcdir/browser/config/mozconfig
+
+if test -f "$topsrcdir/mozconfig-toolchain"; then
+    . $topsrcdir/mozconfig-toolchain
+fi
+
+mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@
+
+ac_add_options --enable-official-branding
+export MOZILLA_OFFICIAL=1
+
+ac_add_options --enable-optimize
+ac_add_options --enable-rust-simd
+
+ac_add_options --disable-unverified-updates
+
+ac_add_options --enable-bundled-fonts
+
+# See bug #41587
+ac_add_options --disable-updater
+
+ac_add_options --disable-tests
+ac_add_options --disable-debug
+
+ac_add_options --disable-crashreporter
+# Before removing, please notice that WebRTC does not work on mingw (Bug 1393901)
+ac_add_options --disable-webrtc
+ac_add_options --disable-parental-controls
+ac_add_options --enable-proxy-bypass-protection
+# See bugs #30575 and #32418: system policies are harmful either because they
+# could allow proxy bypass, and override a number of other preferences we set
+ac_add_options --disable-system-policies
+
+# See bug #41131
+ac_add_options --disable-backgroundtasks
+
+# Disable telemetry
+ac_add_options MOZ_TELEMETRY_REPORTING=
+
+# Disable the creation of a <something>.default that Firefox by default creates
+# for old version that could not use dedicated profiles. See tor-browser#41542.
+ac_add_options --disable-legacy-profile-creation
+
+if test -z "$WASI_SYSROOT"; then
+    ac_add_options --without-wasm-sandboxed-libraries
+fi
+
+# tor-browser#42337
+ac_add_options --enable-geckodriver
--- a/browser/config/mozconfigs/base-browser-android
+++ b/browser/config/mozconfigs/base-browser-android
+export MOZILLA_OFFICIAL=1
+
+ac_add_options --enable-optimize
+ac_add_options --enable-rust-simd
+ac_add_options --enable-official-branding
+
+ac_add_options --enable-application=mobile/android
+
+CC="clang"
+CXX="clang++"
+ac_add_options --enable-linker=lld
+ac_add_options --with-java-bin-path=$JAVA_HOME/bin
+ac_add_options --with-android-sdk=$ANDROID_HOME
+ac_add_options --with-android-ndk=$ANDROID_NDK_HOME
+ac_add_options --with-android-min-sdk=21
+ac_add_options --with-gradle=$GRADLE_HOME/bin/gradle
+
+ac_add_options --enable-strip
+ac_add_options --enable-install-strip
+ac_add_options --disable-tests
+ac_add_options --disable-debug
+ac_add_options --disable-rust-debug
+
+ac_add_options --disable-updater
+ac_add_options --disable-crashreporter
+ac_add_options --disable-webrtc
+ac_add_options --disable-parental-controls
+
+ac_add_options --enable-proxy-bypass-protection
+ac_add_options --disable-system-policies
+
+# Disable telemetry
+ac_add_options MOZ_TELEMETRY_REPORTING=
+
+if test -n "$LOCAL_DEV_BUILD"; then
+    # You must use the "default" bogus channel for dev builds
+    ac_add_options --enable-update-channel=default
+    ac_add_options --with-base-browser-version=dev-build
+    ac_add_options --disable-minify
+fi
+
+if test -z "$WASI_SYSROOT"; then
+    ac_add_options --without-wasm-sandboxed-libraries
+fi
--- a/browser/confvars.sh
+++ b/browser/confvars.sh
@@ -5,26 +5,6 @@

 MOZ_APP_VENDOR=Mozilla

-if test "$OS_ARCH" = "WINNT"; then
-  if ! test "$HAVE_64BIT_BUILD"; then
-    if test "$MOZ_UPDATE_CHANNEL" = "nightly" -o \
-            "$MOZ_UPDATE_CHANNEL" = "nightly-try" -o \
-            "$MOZ_UPDATE_CHANNEL" = "aurora" -o \
-            "$MOZ_UPDATE_CHANNEL" = "beta" -o \
-            "$MOZ_UPDATE_CHANNEL" = "release"; then
-      if ! test "$MOZ_DEBUG"; then
-        if ! test "$USE_STUB_INSTALLER"; then
-          # Expect USE_STUB_INSTALLER from taskcluster for downstream task consistency
-          echo "ERROR: STUB installer expected to be enabled but"
-          echo "ERROR: USE_STUB_INSTALLER is not specified in the environment"
-          exit 1
-        fi
-        MOZ_STUB_INSTALLER=1
-      fi
-    fi
-  fi
-fi
-
 BROWSER_CHROME_URL=chrome://browser/content/browser.xhtml

 # MOZ_APP_DISPLAYNAME will be set by branding/configure.sh
@@ -37,7 +17,8 @@ MOZ_BRANDING_DIRECTORY=browser/branding/unofficial
 MOZ_OFFICIAL_BRANDING_DIRECTORY=browser/branding/official
 MOZ_APP_ID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}

-MOZ_PROFILE_MIGRATOR=1
+# tor-browser#41577: Do not enable profile migration
+# MOZ_PROFILE_MIGRATOR=1

 # Include the DevTools client, not just the server (which is the default)
 MOZ_DEVTOOLS=all
--- a/browser/moz.configure
+++ b/browser/moz.configure
@@ -5,11 +5,13 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.

 imply_option("MOZ_PLACES", True)
-imply_option("MOZ_SERVICES_HEALTHREPORT", True)
+# tor-browser#32493
+imply_option("MOZ_SERVICES_HEALTHREPORT", False)
 imply_option("MOZ_SERVICES_SYNC", True)
 imply_option("MOZ_DEDICATED_PROFILES", True)
 imply_option("MOZ_BLOCK_PROFILE_DOWNGRADE", True)
-imply_option("MOZ_NORMANDY", True)
+# tor-browser#33734
+imply_option("MOZ_NORMANDY", False)

 with only_when(target_has_linux_kernel & compile_environment):
    option(env="MOZ_NO_PIE_COMPAT", help="Enable non-PIE wrapper")

--- a/mobile/android/basebrowser.configure
+++ b/mobile/android/basebrowser.configure
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Set Base Browser default config
+# See tor-browser#25741 and tor-browser#41584.
+
+imply_option("MOZ_ANDROID_EXCLUDE_FONTS", False)
+
+# Disable uploading crash reports and dump files to an external server
+# This is still configured in old-configure. Uncomment when this moves
+# to the python config
+# imply_option("MOZ_CRASHREPORTER", False)
+
+# Disable uploading information about the browser configuration and
+# performance to an external server. See tor-browser#32493.
+imply_option("MOZ_SERVICES_HEALTHREPORT", False)
+
+# Disable creating telemetry and data reports that are uploaded to an
+# external server
+# These aren't actually configure options. These are disabled in
+# confvars.sh, but they look like configure options so we'll document
+# them here, as well.
+# XXX: no confvars.sh here
+# imply_option("MOZ_TELEMETRY_REPORTING", False)
+# imply_option("MOZ_DATA_REPORTING", False)
+
+# tor-browser#24796: This controls some permissions in GeckoView's
+# AndroidManifest.xml
+imply_option("MOZ_ANDROID_NETWORK_STATE", False)
+imply_option("MOZ_ANDROID_LOCATION", False)
--- a/mobile/android/confvars.sh
+++ b/mobile/android/confvars.sh
@@ -15,3 +15,9 @@ MOZ_OFFICIAL_BRANDING_DIRECTORY=mobile/android/branding/official
 MOZ_RAW=1

 MOZ_APP_ID={aa3c5121-dab2-40e2-81ca-7ea25febc110}
+
+# Disable telemetry at compile-time
+unset MOZ_TELEMETRY_REPORTING
+
+# Disable data reporting at compile-time
+unset MOZ_DATA_REPORTING
--- a/mobile/android/moz.configure
+++ b/mobile/android/moz.configure
@@ -10,10 +10,11 @@ project_flag(
    default=True,
 )

+# tor-browser#29859
 project_flag(
    "MOZ_ANDROID_HLS_SUPPORT",
    help="Enable HLS (HTTP Live Streaming) support (currently using the ExoPlayer library)",
-    default=True,
+    default=False,
 )

 option(
@@ -58,7 +59,10 @@ option(
 set_config("MOZ_ANDROID_GECKOVIEW_LITE", True, when="--enable-geckoview-lite")

 imply_option("MOZ_NORMANDY", False)
-imply_option("MOZ_SERVICES_HEALTHREPORT", True)
+# Comment this so we can imply |False| in basebrowser.configure
+# The Build system doesn't allow multiple imply_option()
+# calls with the same key.
+# imply_option("MOZ_SERVICES_HEALTHREPORT", True)
 imply_option("MOZ_ANDROID_HISTORY", True)
 imply_option("--enable-small-chunk-size", True)

@@ -77,6 +81,8 @@ def check_target(target):
        )


+include("basebrowser.configure")
+
 include("../../toolkit/moz.configure")
 include("../../build/moz.configure/android-sdk.configure")
 include("../../build/moz.configure/java.configure")

--- a/moz.configure
+++ b/moz.configure
@@ -930,6 +930,37 @@ set_config("ZLIB_IN_MOZGLUE", zlib_in_mozglue)
 set_define("ZLIB_IN_MOZGLUE", zlib_in_mozglue)


+option(
+    "--with-base-browser-version",
+    nargs=1,
+    help="Set the Base Browser version, e.g., 7.0a1"
+)
+
+
+@depends("--with-base-browser-version")
+def base_browser_version(value):
+    if not value:
+        die(
+            "--with-base-browser-version is required for Base Browser and derived browsers."
+        )
+    return value[0]
+
+
+@depends("--with-base-browser-version")
+def base_browser_version_quoted(value):
+    if not value:
+        die(
+            "--with-base-browser-version is required for Base Browser and derived browsers."
+        )
+    if '"' in value or "\\" in value:
+        die("--with-base-browser-version cannot contain \" or \\.")
+    return '"{}"'.format(value[0])
+
+
+set_define("BASE_BROWSER_VERSION", base_browser_version)
+set_define("BASE_BROWSER_VERSION_QUOTED", base_browser_version_quoted)
+
+
 # Please do not add configure checks from here on.

 # Fallthrough to autoconf-based configure

--- a/mozconfig-android-aarch64
+++ b/mozconfig-android-aarch64
+. $topsrcdir/browser/config/mozconfigs/base-browser-android
+
+mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-aarch64-linux-android
+ac_add_options --target=aarch64-linux-android
--- a/mozconfig-android-all
+++ b/mozconfig-android-all
+export MOZILLA_OFFICIAL=1
+
+ac_add_options --enable-application=mobile/android
+ac_add_options --disable-compile-environment
+
+if test -n "$LOCAL_DEV_BUILD"; then
+    # You must use the "default" bogus channel for dev builds
+    ac_add_options --enable-update-channel=default
+    ac_add_options --without-wasm-sandboxed-libraries
+    ac_add_options --with-base-browser-version=dev-build
+    ac_add_options --disable-minify
+fi
+
+ac_add_options --with-tor-browser-version=dev-build
+
+ac_add_options --with-java-bin-path=$JAVA_HOME/bin
+ac_add_options --with-android-sdk=$ANDROID_HOME
+ac_add_options --with-gradle=$GRADLE_HOME/bin/gradle
--- a/mozconfig-android-armv7
+++ b/mozconfig-android-armv7
+. $topsrcdir/browser/config/mozconfigs/base-browser-android
+
+mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-arm-linux-androideabi
+ac_add_options --target=arm-linux-androideabi
--- a/mozconfig-android-x86
+++ b/mozconfig-android-x86
+. $topsrcdir/browser/config/mozconfigs/base-browser-android
+
+mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-i386-linux-android
+ac_add_options --target=i686-linux-android
--- a/mozconfig-android-x86_64
+++ b/mozconfig-android-x86_64
+. $topsrcdir/browser/config/mozconfigs/base-browser-android
+
+mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-x86_64-linux-android
+ac_add_options --target=x86_64-linux-android
--- a/mozconfig-linux-aarch64
+++ b/mozconfig-linux-aarch64
+. $topsrcdir/browser/config/mozconfigs/base-browser
+
+ac_add_options --target=aarch64-unknown-linux-gnu
+
+# Moz switched to lld for all Linux targets in Bug 1839739.
+ac_add_options --enable-linker=lld
+
+ac_add_options --disable-strip
+ac_add_options --disable-install-strip
+
+ac_add_options --enable-default-toolkit=cairo-gtk3
+
--- a/mozconfig-linux-arm
+++ b/mozconfig-linux-arm
+. $topsrcdir/browser/config/mozconfigs/base-browser
+
+ac_add_options --target=arm-linux-gnueabihf
+
+ac_add_options --enable-default-toolkit=cairo-gtk3
+
+# Bug 31448: ld.gold fails if we don't disable debug-symbols.
+# Also, we keep strip enabled.
+ac_add_options --disable-debug-symbols
+
+# From Arch Linux ARM for Firefox 102.0.1
+# https://github.com/archlinuxarm/PKGBUILDs/blob/6da804f4020487c112f59ea067e6644a309c4338/extra/firefox/PKGBUILD
+ac_add_options --disable-elf-hack
+ac_add_options --disable-av1
+ac_add_options --enable-optimize="-g0 -O2"
+# One of the following two lines (not sure which) prevents "read-only segment has dynamic relocations" linker error.
+export MOZ_DEBUG_FLAGS=" "
+export RUSTFLAGS="-Cdebuginfo=0"
--- a/mozconfig-linux-i686
+++ b/mozconfig-linux-i686
+. $topsrcdir/browser/config/mozconfigs/base-browser
+
+ac_add_options --target=i686-linux-gnu
+
+# Moz switched to lld for all Linux targets in Bug 1839739.
+# Also, gold used not to work with debug symbols (tor-browser#42146).
+ac_add_options --enable-linker=lld
+
+ac_add_options --disable-strip
+ac_add_options --disable-install-strip
+
+ac_add_options --enable-default-toolkit=cairo-gtk3
+
+# Let's make sure no preference is enabling either Adobe's or Google's CDM.
+ac_add_options --disable-eme
+
--- a/mozconfig-linux-x86_64
+++ b/mozconfig-linux-x86_64
+. $topsrcdir/browser/config/mozconfigs/base-browser
+
+# Moz switched to lld for all Linux targets in Bug 1839739.
+ac_add_options --enable-linker=lld
+
+ac_add_options --disable-strip
+ac_add_options --disable-install-strip
+
+ac_add_options --enable-default-toolkit=cairo-gtk3
+
+# Let's make sure no preference is enabling either Adobe's or Google's CDM.
+ac_add_options --disable-eme
+
--- a/mozconfig-linux-x86_64-asan
+++ b/mozconfig-linux-x86_64-asan
+. $topsrcdir/browser/config/mozconfigs/base-browser
+
+export CFLAGS="-fsanitize=address -Dxmalloc=myxmalloc"
+export CXXFLAGS="-fsanitize=address -Dxmalloc=myxmalloc"
+# We need to add -ldl explicitely due to bug 1213698
+export LDFLAGS="-fsanitize=address -ldl"
+
+# Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff
+# (which is part of mar-tools and is not distributed to end-users) with
+# ASan. See bug 17858.
+export HOST_CFLAGS=""
+export HOST_CXXFLAGS=""
+export HOST_LDFLAGS="-ldl"
+
+ac_add_options --enable-address-sanitizer
+ac_add_options --disable-jemalloc
+ac_add_options --disable-elf-hack
+
+ac_add_options --enable-default-toolkit=cairo-gtk3
+
+ac_add_options --disable-strip
+ac_add_options --disable-install-strip
+
+# Let's make sure no preference is enabling either Adobe's or Google's CDM.
+ac_add_options --disable-eme
+
--- a/mozconfig-linux-x86_64-dev
+++ b/mozconfig-linux-x86_64-dev
+. $topsrcdir/browser/config/mozconfigs/base-browser
+
+# This mozconfig file is not used in official builds.
+# It is only intended to be used when doing incremental Linux builds
+# during development.
+
+# Moz switched to lld for all Linux targets in Bug 1839739.
+ac_add_options --enable-linker=lld
+
+export MOZILLA_OFFICIAL=
+
+ac_add_options --enable-default-toolkit=cairo-gtk3
+
+ac_add_options --disable-strip
+ac_add_options --disable-install-strip
+
+ac_add_options --with-base-browser-version=dev-build
+
+# Let's make sure no preference is enabling either Adobe's or Google's CDM.
+ac_add_options --disable-eme
--- a/mozconfig-macos
+++ b/mozconfig-macos
+. $topsrcdir/browser/config/mozconfigs/base-browser
+
+ac_add_options --enable-strip
+
+# See bug #13379
+ac_add_options --enable-nss-mar
+
+# See bug #41131
+ac_add_options --disable-update-agent
+
+# Let's make sure no preference is enabling either Adobe's or Google's CDM.
+ac_add_options --disable-eme