1
0
Fork 0
mirror of https://github.com/nix-community/home-manager synced 2024-11-26 21:19:45 +01:00

firefox: improve search engine disclaimer generation

Using a fixed application name in the salt for the search engine name
hash can break with minor branding changes. For example, LibreWolf 127
used the application name "LibreWolf", but in version 128 it is
"Firefox".

The proper name can be found in about:support -> Application Basics.

Because it doesn't have to be related to the product name visible in
most of the browser (for example in the window title and help menus),
we shouldn't rely on cfg.name for that.

The application name can be read from lib/*/application.ini and we can
use that if the browser was installed via Home Manager. If not, we can
fall back to cfg.name.
This commit is contained in:
Kacper Koniuszy 2024-07-27 10:55:09 +02:00 committed by Robert Helgesson
parent 5056a1cf0c
commit aecd341dfe
No known key found for this signature in database
GPG key ID: 96E745BD17AA17ED
3 changed files with 23 additions and 3 deletions

View file

@ -553,6 +553,7 @@ in {
inherit (args) config; inherit (args) config;
inherit lib pkgs; inherit lib pkgs;
appName = cfg.name; appName = cfg.name;
package = cfg.finalPackage;
modulePath = modulePath ++ [ "profiles" name "search" ]; modulePath = modulePath ++ [ "profiles" name "search" ];
profilePath = config.path; profilePath = config.path;
}); });

View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, appName, modulePath, profilePath }: { config, lib, pkgs, appName, package, modulePath, profilePath }:
with lib; with lib;
@ -108,10 +108,10 @@ let
# a claim by Mozilla to remove this would be very anti-user, and # a claim by Mozilla to remove this would be very anti-user, and
# is unlikely to be an issue for our use case. # is unlikely to be an issue for our use case.
disclaimer = "By modifying this file, I agree that I am doing so " disclaimer = "By modifying this file, I agree that I am doing so "
+ "only within ${appName} itself, using official, user-driven search " + "only within @appName@ itself, using official, user-driven search "
+ "engine selection processes, and in a way which does not circumvent " + "engine selection processes, and in a way which does not circumvent "
+ "user consent. I acknowledge that any attempt to change this file " + "user consent. I acknowledge that any attempt to change this file "
+ "from outside of ${appName} is a malicious act, and will be responded " + "from outside of @appName@ is a malicious act, and will be responded "
+ "to accordingly."; + "to accordingly.";
salt = if config.default != null then salt = if config.default != null then
@ -124,11 +124,29 @@ let
else else
null; null;
appNameVariable = if package == null then
"appName=${lib.escapeShellArg appName}"
else ''
applicationIni="$(find ${lib.escapeShellArg package} -maxdepth 3 -path ${
lib.escapeShellArg package
}'/lib/*/application.ini' -print -quit)"
if test -n "$applicationIni"; then
appName="$(sed -n 's/^Name=\(.*\)$/\1/p' "$applicationIni" | head -n1)"
else
appName=${lib.escapeShellArg appName}
fi
'';
file = pkgs.runCommand "search.json.mozlz4" { file = pkgs.runCommand "search.json.mozlz4" {
nativeBuildInputs = with pkgs; [ mozlz4a openssl ]; nativeBuildInputs = with pkgs; [ mozlz4a openssl ];
json = builtins.toJSON settings; json = builtins.toJSON settings;
inherit salt privateSalt; inherit salt privateSalt;
} '' } ''
${appNameVariable}
salt=''${salt//@appName@/"$appName"}
privateSalt=''${privateSalt//@appName@/"$appName"}
if [[ -n $salt ]]; then if [[ -n $salt ]]; then
export hash=$(echo -n "$salt" | openssl dgst -sha256 -binary | base64) export hash=$(echo -n "$salt" | openssl dgst -sha256 -binary | base64)
export privateHash=$(echo -n "$privateSalt" | openssl dgst -sha256 -binary | base64) export privateHash=$(echo -n "$privateSalt" | openssl dgst -sha256 -binary | base64)

View file

@ -232,6 +232,7 @@ in {
inherit (args) config; inherit (args) config;
inherit lib pkgs; inherit lib pkgs;
appName = "Thunderbird"; appName = "Thunderbird";
package = cfg.package;
modulePath = modulePath =
[ "programs" "thunderbird" "profiles" name "search" ]; [ "programs" "thunderbird" "profiles" name "search" ];
profilePath = name; profilePath = name;