Commit 76e23249 authored by Mike Perry's avatar Mike Perry Committed by Matthew Finkel
Browse files

TB3: Tor Browser's official .mozconfigs.

Also:
Bug #9829.1: new .mozconfig file for the new cross-compiler and ESR24
Changes needed to build Mac in 64bit
Bug 10715: Enable Webgl for mingw-w64 again.
Disable ICU when cross-compiling; clean-up.
Bug 15773: Enable ICU on OS X
Bug 15990: Don't build the sandbox with mingw-w64
Bug 12761: Switch to ESR 38 for OS X
Updating .mozconfig-asan
Bug 12516: Compile hardenend Tor Browser with -fwrapv
Bug 18331: Switch to Mozilla's toolchain for building Tor Browser for OS X
Bug 17858: Cannot create incremental MARs for hardened builds.
Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff
(which is part of mar-tools and is not distributed to end-users) with
ASan.
Bug 13419: Add back ICU for Windows
Bug 21239: Use GTK2 for ESR52 Linux builds
Bug 23025: Add hardening flags for macOS
Bug 24478: Enable debug assertions and tests in our ASan builds
--enable-proxy-bypass-protection
Bug 27597: ASan build option in tor-browser-build is broken

Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds

This fixes a problem where some preferences had the wrong default value.
Also see bug 27472 where we made a similar fix for Android.

Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING

Bug 31450: Set proper BINDGEN_CFLAGS for ASan builds

Add an --enable-tor-browser-data-outside-app-dir configure option

Add --with-tor-browser-version configure option

Bug 21849: Don't allow SSL key logging.

Bug 31457: disable per-installation profiles

The dedicated profiles (per-installation) feature does not interact
well with our bundled profiles on Linux and Windows, and it also causes
multiple profiles to be created on macOS under TorBrowser-Data.

Bug 31935: Disable profile downgrade protection.

Since Tor Browser does not support more than one profile, disable
the prompt and associated code that offers to create one when a
version downgrade situation is detected.

Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT

Bug 25741 - TBA: Disable features at compile-time

MOZ_NATIVE_DEVICES for casting and the media player
MOZ_TELEMETRY_REPORTING for telemetry
MOZ_DATA_REPORTING for all data reporting preferences (crashreport, telemetry, geo)

Bug 25741 - TBA: Add default configure options in dedicated file

Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION

Bug 29859: Disable HLS support for now

Add --disable-tor-launcher build option

Add --enable-tor-browser-update build option

Bug 33734: Set MOZ_NORMANDY to False

Bug 33851: Omit Parental Controls.

Bug 40061: Omit the Windows default browser agent from the build

Bug 40211: Lower required build-tools version to 29.0.2

Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files
parent 4068febf
. $topsrcdir/browser/config/mozconfig
# This mozconfig file is not used in official Tor Browser builds.
# It is only intended to be used when doing incremental Linux builds
# during development. The platform-specific mozconfig configuration
# files used in official Tor Browser releases can be found in the
# tor-browser-build repo:
# https://gitweb.torproject.org/builders/tor-browser-build.git/
# under:
# tor-browser-build/projects/firefox/mozconfig-$OS-$ARCH
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@
mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
export MOZILLA_OFFICIAL=1
ac_add_options --enable-optimize
ac_add_options --enable-rust-simd
ac_add_options --enable-official-branding
# Let's support GTK3 for ESR60
ac_add_options --enable-default-toolkit=cairo-gtk3
ac_add_options --disable-strip
ac_add_options --disable-install-strip
ac_add_options --disable-tests
ac_add_options --disable-debug
ac_add_options --disable-crashreporter
ac_add_options --disable-webrtc
ac_add_options --disable-parental-controls
# Let's make sure no preference is enabling either Adobe's or Google's CDM.
ac_add_options --disable-eme
ac_add_options --enable-proxy-bypass-protection
# Disable telemetry
ac_add_options MOZ_TELEMETRY_REPORTING=
ac_add_options --disable-tor-launcher
ac_add_options --with-tor-browser-version=dev-build
ac_add_options --disable-tor-browser-update
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-arm-linux-androideabi
mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
export MOZILLA_OFFICIAL=1
ac_add_options --enable-optimize
ac_add_options --enable-rust-simd
ac_add_options --enable-official-branding
# Android
ac_add_options --enable-application=mobile/android
ac_add_options --target=arm-linux-androideabi
ac_add_options --with-android-ndk="$NDK_BASE" #Enter the android ndk location(ndk r17b)
ac_add_options --with-android-sdk="$SDK_BASE" #Enter the android sdk location
ac_add_options --with-branding=mobile/android/branding/alpha
# Use Mozilla's Clang blobs
CC="$HOME/.mozbuild/clang/bin/clang"
CXX="$HOME/.mozbuild/clang/bin/clang++"
#enable ccache to set amount of cache assigned for build.
ac_add_options --with-ccache
ac_add_options --enable-strip
ac_add_options --disable-tests
ac_add_options --disable-debug
ac_add_options --disable-rust-debug
ac_add_options --disable-updater
ac_add_options --disable-crashreporter
ac_add_options --disable-webrtc
ac_add_options --disable-parental-controls
ac_add_options --enable-proxy-bypass-protection
# Disable telemetry
ac_add_options MOZ_TELEMETRY_REPORTING=
. $topsrcdir/browser/config/mozconfig
export CFLAGS="-fsanitize=address -Dxmalloc=myxmalloc"
export CXXFLAGS="-fsanitize=address -Dxmalloc=myxmalloc"
# We need to add -ldl explicitely due to bug 1213698
export LDFLAGS="-fsanitize=address -ldl"
# Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff
# (which is part of mar-tools and is not distributed to end-users) with
# ASan. See bug 17858.
export HOST_CFLAGS=""
export HOST_CXXFLAGS=""
export HOST_LDFLAGS="-ldl"
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@
mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
export MOZILLA_OFFICIAL=1
export BINDGEN_CFLAGS='--gcc-toolchain=/var/tmp/dist/gcc'
ac_add_options --enable-address-sanitizer
ac_add_options --disable-jemalloc
ac_add_options --disable-elf-hack
ac_add_options --enable-optimize
ac_add_options --enable-rust-simd
ac_add_options --enable-official-branding
# Let's support GTK3 for ESR60
ac_add_options --enable-default-toolkit=cairo-gtk3
ac_add_options --enable-tor-browser-update
ac_add_options --disable-strip
ac_add_options --disable-install-strip
ac_add_options --enable-tests
ac_add_options --enable-debug
ac_add_options --disable-crashreporter
ac_add_options --disable-webrtc
ac_add_options --disable-parental-controls
ac_add_options --disable-eme
ac_add_options --enable-proxy-bypass-protection
# Disable telemetry
ac_add_options MOZ_TELEMETRY_REPORTING=
# ld needs libLTO.so from llvm
mk_add_options "export LD_LIBRARY_PATH=$topsrcdir/clang/lib"
CROSS_CCTOOLS_PATH=$topsrcdir/cctools
CROSS_SYSROOT=$topsrcdir/MacOSX10.7.sdk
CROSS_PRIVATE_FRAMEWORKS=$CROSS_SYSROOT/System/Library/PrivateFrameworks
HARDENING_FLAGS="-Werror=format -Werror=format-security -fstack-protector-strong -D_FORTIFY_SOURCE=2"
FLAGS="-target x86_64-apple-darwin10 -mlinker-version=136 -B $CROSS_CCTOOLS_PATH/bin -isysroot $CROSS_SYSROOT $HARDENING_FLAGS"
export CC="$topsrcdir/clang/bin/clang $FLAGS"
export CXX="$topsrcdir/clang/bin/clang++ $FLAGS"
export CPP="$topsrcdir/clang/bin/clang $FLAGS -E"
export LLVMCONFIG=$topsrcdir/clang/bin/llvm-config
export LDFLAGS="-Wl,-syslibroot,$CROSS_SYSROOT -Wl,-dead_strip -Wl,-pie"
export TOOLCHAIN_PREFIX=$CROSS_CCTOOLS_PATH/bin/x86_64-apple-darwin10-
#TODO: bug 1184202 - would be nice if these could be detected with TOOLCHAIN_PREFIX automatically
export AR=${TOOLCHAIN_PREFIX}ar
export RANLIB=${TOOLCHAIN_PREFIX}ranlib
export STRIP=${TOOLCHAIN_PREFIX}strip
export OTOOL=${TOOLCHAIN_PREFIX}otool
export DSYMUTIL=$topsrcdir/clang/bin/llvm-dsymutil
export HOST_CC="$topsrcdir/clang/bin/clang"
export HOST_CXX="$topsrcdir/clang/bin/clang++"
export HOST_CPP="$topsrcdir/clang/bin/clang -E"
export HOST_CFLAGS="-g"
export HOST_CXXFLAGS="-g"
export HOST_LDFLAGS="-g"
ac_add_options --target=x86_64-apple-darwin
ac_add_options --with-macos-private-frameworks=$CROSS_PRIVATE_FRAMEWORKS
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-macos
mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
export MOZILLA_OFFICIAL=1
ac_add_options --enable-application=browser
ac_add_options --enable-strip
ac_add_options --enable-official-branding
ac_add_options --enable-optimize
ac_add_options --enable-rust-simd
ac_add_options --disable-debug
ac_add_options --enable-tor-browser-data-outside-app-dir
ac_add_options --enable-tor-browser-update
ac_add_options --disable-crashreporter
ac_add_options --disable-webrtc
ac_add_options --disable-parental-controls
ac_add_options --disable-tests
# Let's make sure no preference is enabling either Adobe's or Google's CDM.
ac_add_options --disable-eme
ac_add_options --enable-proxy-bypass-protection
# Disable telemetry
ac_add_options MOZ_TELEMETRY_REPORTING=
CROSS_COMPILE=1
ac_add_options --enable-application=browser
ac_add_options --target=i686-w64-mingw32
ac_add_options --with-toolchain-prefix=i686-w64-mingw32-
ac_add_options --enable-default-toolkit=cairo-windows
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-mingw
mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
export MOZILLA_OFFICIAL=1
ac_add_options --disable-debug
ac_add_options --enable-optimize
ac_add_options --enable-rust-simd
ac_add_options --enable-strip
ac_add_options --enable-official-branding
ac_add_options --enable-tor-browser-update
ac_add_options --disable-bits-download
# Let's make sure no preference is enabling either Adobe's or Google's CDM.
ac_add_options --disable-eme
ac_add_options --disable-crashreporter
ac_add_options --disable-maintenance-service
ac_add_options --disable-webrtc
ac_add_options --disable-parental-controls
ac_add_options --disable-tests
ac_add_options --enable-proxy-bypass-protection
# Disable telemetry
ac_add_options MOZ_TELEMETRY_REPORTING=
ac_add_options --disable-default-browser-agent
......@@ -78,6 +78,9 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] in ("windows", "gtk", "cocoa"):
if CONFIG["MOZ_WIDGET_TOOLKIT"] in ("windows", "gtk"):
DEFINES["MENUBAR_CAN_AUTOHIDE"] = 1
if CONFIG["TOR_BROWSER_UPDATE"]:
DEFINES["TOR_BROWSER_UPDATE"] = 1
JAR_MANIFESTS += ["jar.mn"]
GeneratedFile(
......
......@@ -82,6 +82,14 @@ endif
endif
endif
ifdef TOR_BROWSER_DISABLE_TOR_LAUNCHER
DEFINES += -DTOR_BROWSER_DISABLE_TOR_LAUNCHER
endif
ifdef TOR_BROWSER_UPDATE
DEFINES += -DTOR_BROWSER_UPDATE
endif
ifneq (,$(filter WINNT Darwin Android,$(OS_TARGET)))
DEFINES += -DMOZ_SHARED_MOZGLUE=1
endif
......
......@@ -5,11 +5,11 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
imply_option("MOZ_PLACES", True)
imply_option("MOZ_SERVICES_HEALTHREPORT", True)
imply_option("MOZ_SERVICES_HEALTHREPORT", False)
imply_option("MOZ_SERVICES_SYNC", True)
imply_option("MOZ_DEDICATED_PROFILES", True)
imply_option("MOZ_BLOCK_PROFILE_DOWNGRADE", True)
imply_option("MOZ_NORMANDY", True)
imply_option("MOZ_DEDICATED_PROFILES", False)
imply_option("MOZ_BLOCK_PROFILE_DOWNGRADE", False)
imply_option("MOZ_NORMANDY", False)
with only_when(target_is_linux & compile_environment):
option(env="MOZ_NO_PIE_COMPAT", help="Enable non-PIE wrapper")
......
......@@ -48,7 +48,7 @@ def android_sdk_root(value):
@dependable
def android_sdk_version():
return namespace(build_tools_version="29.0.3", target_sdk_version="29")
return namespace(build_tools_version="29.0.2", target_sdk_version="29")
@depends(android_sdk_root, android_sdk_version)
......
......@@ -119,6 +119,11 @@ def old_configure_options(*options):
"--with-user-appdir",
"--x-includes",
"--x-libraries",
# Tor additions.
"--with-tor-browser-version",
"--enable-tor-browser-update",
"--enable-tor-browser-data-outside-app-dir",
"--enable-tor-launcher",
)
def prepare_configure_options(host, target, all_options, *options):
# old-configure only supports the options listed in @old_configure_options
......
......@@ -29,6 +29,15 @@ MOZ_ANDROID_BROWSER_INTENT_CLASS=org.mozilla.gecko.BrowserApp
MOZ_NO_SMART_CARDS=1
# Adds MIME-type support for raw video
MOZ_RAW=1
MOZ_APP_ID={aa3c5121-dab2-40e2-81ca-7ea25febc110}
### Tor Browser for Android ###
# Disable telemetry at compile-time
unset MOZ_TELEMETRY_REPORTING
# Disable data reporting at compile-time
unset MOZ_DATA_REPORTING
......@@ -93,6 +93,7 @@ android {
buildConfigField 'String', "MOZ_APP_DISPLAYNAME", "\"${mozconfig.substs.MOZ_APP_DISPLAYNAME}\"";
buildConfigField 'String', "MOZ_APP_UA_NAME", "\"${mozconfig.substs.MOZ_APP_UA_NAME}\"";
buildConfigField 'String', "MOZ_UPDATE_CHANNEL", "\"${mozconfig.substs.MOZ_UPDATE_CHANNEL}\"";
buildConfigField 'String', "TOR_BROWSER_VERSION", "\"${mozconfig.substs.TOR_BROWSER_VERSION}\"";
// MOZILLA_VERSION is oddly quoted from autoconf, but we don't have to handle it specially in Gradle.
buildConfigField 'String', "MOZILLA_VERSION", "\"${mozconfig.substs.MOZILLA_VERSION}\"";
......
......@@ -13,7 +13,7 @@ project_flag(
project_flag(
"MOZ_ANDROID_HLS_SUPPORT",
help="Enable HLS (HTTP Live Streaming) support (currently using the ExoPlayer library)",
default=True,
default=False,
)
option(
......@@ -62,10 +62,14 @@ def fennec_nightly(nightly):
imply_option("MOZ_NORMANDY", False)
imply_option("MOZ_SERVICES_HEALTHREPORT", True)
imply_option("MOZ_ANDROID_HISTORY", True)
imply_option("--enable-small-chunk-size", True)
# Comment this so we can imply |False| in torbrowser.configure
# The Build system doesn't allow multiple imply_option()
# calls with the same key.
# imply_option("MOZ_SERVICES_HEALTHREPORT", True)
@depends(target)
def check_target(target):
......@@ -81,6 +85,8 @@ def check_target(target):
)
include("torbrowser.configure")
include("../../toolkit/moz.configure")
include("../../build/moz.configure/android-sdk.configure")
include("../../build/moz.configure/java.configure")
......@@ -98,3 +104,15 @@ set_config(
"MOZ_ANDROID_FAT_AAR_ARCHITECTURES",
depends("MOZ_ANDROID_FAT_AAR_ARCHITECTURES")(lambda x: x),
)
project_flag(
"MOZ_ANDROID_NETWORK_STATE",
help="Include permission for accessing WiFi/network state on Android",
default=False,
)
project_flag(
"MOZ_ANDROID_LOCATION",
help="Include permission for accessing fine and course-grain Location on Android",
default=False,
)
# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
# vim: set filetype=python:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# Set Tor Browser default config
imply_option("MOZ_ANDROID_EXCLUDE_FONTS", False)
# Disable uploading crash reports and dump files to an external server
# This is still configured in old-configure. Uncomment when this moves
# to the python config
# imply_option("MOZ_CRASHREPORTER", False)
# Disable uploading information about the browser configuration and
# performance to an external server
imply_option("MOZ_SERVICES_HEALTHREPORT", False)
# Disable creating telemetry and data reports that are uploaded to an
# external server
# These aren't actually configure options. These are disabled in
# confvars.sh, but they look like configure options so we'll document
# them here, as well.
# XXX: no confvars.sh here
# imply_option("MOZ_TELEMETRY_REPORTING", False)
# imply_option("MOZ_DATA_REPORTING", False)
imply_option("MOZ_ANDROID_NETWORK_STATE", False)
imply_option("MOZ_ANDROID_LOCATION", False)
......@@ -1892,6 +1892,55 @@ if test -n "$MOZ_UPDATER"; then
AC_DEFINE(MOZ_UPDATER)
fi
dnl ========================================================
dnl Tor additions
dnl ========================================================
MOZ_ARG_WITH_STRING(tor-browser-version,
[ --with-tor-browser-version=VERSION
Set Tor Browser version, e.g., 7.0a1],
TOR_BROWSER_VERSION="$withval")
if test -z "$TOR_BROWSER_VERSION"; then
AC_MSG_ERROR([--with-tor-browser-version is required for Tor Browser.])
fi
MOZ_ARG_ENABLE_BOOL(tor-browser-update,
[ --enable-tor-browser-update
Enable Tor Browser update],
TOR_BROWSER_UPDATE=1,
TOR_BROWSER_UPDATE= )
if test -n "$TOR_BROWSER_UPDATE"; then
AC_DEFINE(TOR_BROWSER_UPDATE)
fi
MOZ_ARG_ENABLE_BOOL(tor-browser-data-outside-app-dir,
[ --enable-tor-browser-data-outside-app-dir
Enable Tor Browser data outside of app directory],
TOR_BROWSER_DATA_OUTSIDE_APP_DIR=1,
TOR_BROWSER_DATA_OUTSIDE_APP_DIR= )
if test -n "$TOR_BROWSER_DATA_OUTSIDE_APP_DIR"; then
AC_DEFINE(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
fi
AC_DEFINE_UNQUOTED(TOR_BROWSER_VERSION,$TOR_BROWSER_VERSION)
AC_DEFINE_UNQUOTED(TOR_BROWSER_VERSION_QUOTED,"$TOR_BROWSER_VERSION")
AC_SUBST(TOR_BROWSER_UPDATE)
AC_SUBST(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
MOZ_ARG_DISABLE_BOOL(tor-launcher,
[ --disable-tor-launcher
Do not include Tor Launcher],
TOR_BROWSER_DISABLE_TOR_LAUNCHER=1,
TOR_BROWSER_DISABLE_TOR_LAUNCHER=)
if test -n "$TOR_BROWSER_DISABLE_TOR_LAUNCHER"; then
AC_DEFINE(TOR_BROWSER_DISABLE_TOR_LAUNCHER)
fi
AC_SUBST(TOR_BROWSER_DISABLE_TOR_LAUNCHER)
dnl ========================================================
dnl parental controls (for Windows Vista)
dnl ========================================================
......
......@@ -85,7 +85,7 @@ gyp_vars["nss_dist_obj_dir"] = "$PRODUCT_DIR/dist/bin"
gyp_vars["disable_tests"] = 1
gyp_vars["disable_dbm"] = 1
gyp_vars["disable_libpkix"] = 1
gyp_vars["enable_sslkeylogfile"] = 1
gyp_vars["enable_sslkeylogfile"] = 0
# pkg-config won't reliably find zlib on our builders, so just force it.
# System zlib is only used for modutil and signtool unless
# SSL zlib is enabled, which we are disabling immediately below this.
......
......@@ -41,7 +41,7 @@ endif
# Enable key logging by default in debug builds, but not opt builds.
# Logging still needs to be enabled at runtime through env vars.
NSS_ALLOW_SSLKEYLOGFILE ?= $(if $(BUILD_OPT),0,1)
NSS_ALLOW_SSLKEYLOGFILE ?= 0
ifeq (1,$(NSS_ALLOW_SSLKEYLOGFILE))
DEFINES += -DNSS_ALLOW_SSLKEYLOGFILE=1
endif
......
......@@ -342,6 +342,14 @@ this.AppConstants = Object.freeze({
MOZ_WIDGET_TOOLKIT: "@MOZ_WIDGET_TOOLKIT@",
ANDROID_PACKAGE_NAME: "@ANDROID_PACKAGE_NAME@",
TOR_BROWSER_VERSION: "@TOR_BROWSER_VERSION@",
TOR_BROWSER_DATA_OUTSIDE_APP_DIR:
#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR
true,
#else
false,
#endif
DEBUG_JS_MODULES: "@DEBUG_JS_MODULES@",
MOZ_BING_API_CLIENTID: "@MOZ_BING_API_CLIENTID@",
......@@ -426,4 +434,11 @@ this.AppConstants = Object.freeze({
#else
false,
#endif
TOR_BROWSER_UPDATE:
#ifdef TOR_BROWSER_UPDATE
true,
#else
false,
#endif
});
......@@ -305,6 +305,9 @@ for var in (
if CONFIG[var]:
DEFINES[var] = True
if CONFIG["TOR_BROWSER_UPDATE"]:
DEFINES["TOR_BROWSER_UPDATE"] = 1
JAR_MANIFESTS += ["jar.mn"]
DEFINES["TOPOBJDIR"] = TOPOBJDIR
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment