Skip to content
This repository has been archived by the owner on Oct 9, 2023. It is now read-only.

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@KOLANICH
KOLANICH committed Oct 8, 2023
0 parents commit b9ad3cd
Show file tree
Hide file tree
Showing 23 changed files with 593 additions and 0 deletions.
1 change: 1 addition & 0 deletions .ci/aptPackagesToInstall.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
libzip4
1 change: 1 addition & 0 deletions .ci/pythonPackagesToInstallFromGit.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
https://github.com/KOLANICH-libs/libzip.py
12 changes: 12 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
root = true

[*]
charset = utf-8
indent_style = tab
indent_size = 4
insert_final_newline = true
end_of_line = lf

[*.{yml,yaml}]
indent_style = space
indent_size = 2
1 change: 1 addition & 0 deletions .github/.templateMarker
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
KOLANICH/python_project_boilerplate.py
8 changes: 8 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
version: 2
updates:
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "daily"
allow:
- dependency-type: "all"
15 changes: 15 additions & 0 deletions .github/workflows/CI.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: CI
on:
push:
branches: [master]
pull_request:
branches: [master]

jobs:
build:
runs-on: ubuntu-22.04
steps:
- name: typical python workflow
uses: KOLANICH-GHActions/typical-python-workflow@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
13 changes: 13 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
__pycache__
*.pyc
*.pyo
/*.egg-info
*.srctrlbm
*.srctrldb
build
dist
.eggs
monkeytype.sqlite3
/.ipynb_checkpoints
omni.ja
/omni
51 changes: 51 additions & 0 deletions .gitlab-ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
image: registry.gitlab.com/kolanich-subgroups/docker-images/fixed_python:latest

variables:
DOCKER_DRIVER: overlay2
SAST_ANALYZER_IMAGE_TAG: latest
SAST_DISABLE_DIND: "true"
SAST_CONFIDENCE_LEVEL: 5
CODECLIMATE_VERSION: latest

include:
- template: SAST.gitlab-ci.yml
- template: Code-Quality.gitlab-ci.yml
- template: License-Management.gitlab-ci.yml

build:
tags:
- shared
- linux
stage: build
variables:
GIT_DEPTH: "1"
PYTHONUSERBASE: ${CI_PROJECT_DIR}/python_user_packages

before_script:
- export PATH="$PATH:$PYTHONUSERBASE/bin" # don't move into `variables`
- apt-get update
# todo:
#- apt-get -y install
#- pip3 install --upgrade
#- python3 ./fix_python_modules_paths.py

script:
- python3 -m build -nw bdist_wheel
- mv ./dist/*.whl ./dist/firefucks-0.CI-py3-none-any.whl
- pip3 install --upgrade ./dist/*.whl
- coverage run --source=firefucks -m --branch pytest --junitxml=./rspec.xml ./tests/test.py
- coverage report -m
- coverage xml

coverage: "/^TOTAL(?:\\s+\\d+){4}\\s+(\\d+%).+/"

cache:
paths:
- $PYTHONUSERBASE

artifacts:
paths:
- dist
reports:
junit: ./rspec.xml
cobertura: ./coverage.xml
1 change: 1 addition & 0 deletions Code_Of_Conduct.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
No codes of conduct!
4 changes: 4 additions & 0 deletions MANIFEST.in
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
include UNLICENSE
include *.md
include tests
include .editorconfig
106 changes: 106 additions & 0 deletions ReadMe.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
firefucks.py [![Unlicensed work](https://raw.githubusercontent.com/unlicense/unlicense.org/master/static/favicon.png)](https://unlicense.org/)
============
~~[wheel (GitLab)](https://gitlab.com/KOLANICH-tools/firefucks.py/-/jobs/artifacts/master/raw/dist/firefucks-0.CI-py3-none-any.whl?job=build)~~
[wheel (GHA via `nightly.link`)](https://nightly.link/KOLANICH-tools/firefucks.py/workflows/CI/master/firefucks-0.CI-py3-none-any.whl)
~~![GitLab Build Status](https://gitlab.com/KOLANICH-tools/firefucks.py/badges/master/pipeline.svg)~~
~~![GitLab Coverage](https://gitlab.com/KOLANICH-tools/firefucks.py/badges/master/coverage.svg)~~
[![GitHub Actions](https://github.com/KOLANICH-tools/firefucks.py/workflows/CI/badge.svg)](https://github.com/KOLANICH-tools/firefucks.py/actions/)
[![Libraries.io Status](https://img.shields.io/librariesio/github/KOLANICH-tools/firefucks.py.svg)](https://libraries.io/github/KOLANICH-tools/firefucks.py)
[![Code style: antiflash](https://img.shields.io/badge/code%20style-antiflash-FFF.svg)](https://codeberg.org/KOLANICH-tools/antiflash.py)

This is a tool for patching Firefox Web Browser into allowing unsigned addons.

Can be used as an apt hook.

Mozilla, requiring extensions signing and signing in and getting 2FA for AMO is not nice. 🖕🔥

This tool has been created as a response to
* will of Mozilla to disallow unsigned extensions in regular builds of Firefox;
* will of Mozilla to disallow WebExtensions Experiments in regular builds of Firefox;
* will of Mozilla to require authentication on AMO in order to sign extensions;
* unwillingness of devs of some distros to provide "Developer Edition" builds of Firefox.

ToDo: Currently libzip is used for updating files witin the archive. It doesn't allow rewriting files in archives without creating a copy of the archive. [It is considered contradicting `libzip` goals according to its authors.](https://github.com/nih-at/libzip/issues/304) We need a lib allowing to do that.

## Installation
0. Learn how to install python packages from git.
1. Install manually the latest versions of the dependencies mentioned in the `Dependencies` section of this ReadMe.
2. Install this tool.

## How to use
1. Copy the original `omni.ja` to the current dir
```bash
cp /usr/lib/firefox/omni.ja ./omni.ja.bak
cp ./omni.ja.bak ./omni.ja
```
2. Modify it with `firefucks` tool
```bash
firefucks ./omni.ja
```
3. Copy it back
```bash
sudo fakeroot cp ./omni.ja /usr/lib/firefox/omni.ja
```
4. **IMPORTANT, without this the changes will have no effect!** (ToDo: figure out what is the internal mechanism invalidating the caches, and maybe the way to patch the data within caches without needing root). Clean the startup caches:
```bash
rm -rf ~/.cache/mozilla/firefox/*/startupCache
```

## Check that it has worked
1. Open `Tools -> Browser Tools -> Browser Console`.
2. Paste there content of [`snippet.js`](./snippet.js) and execute it. It will print an object with the current values of the variables.
3. Compare them against the [`preset.json` file](./firefucks/preset.json) shipped as a part of this tool.


## Principle of operation

Some critical browser-related code written in JS and some resources are stored in `omni.ja` files, which are zip archives. The location of these files is following:

```bash
dpkg -L firefox | grep omni.ja
```

```
/usr/lib/firefox/browser/omni.ja
/usr/lib/firefox/omni.ja
```

The latter of them (`/usr/lib/firefox/omni.ja`) contains:
* Module `modules/AppConstants.jsm`, which contains some constants used to distinguish between flavours of Firefox;
* Module `modules/addons/AddonSettings.jsm`, which contains some code, using the constants from `AppConstants` as input. Module `modules/addons/AddonConstants.jsm` [no longer exists](https://hg.mozilla.org/mozilla-central/rev/2766cd8808dd2d1d66bc4e9e9e313bbc60b9a197) because of this one.
* `jsloader/resource/gre` is no longer present.


Some of them are documented by the links:
* https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html
* https://firefox-source-docs.mozilla.org/toolkit/crashreporter/crashreporter/index.html
* https://wiki.mozilla.org/Platform/Channel-specific_build_defines

We are particulary interested in the following properties:
* [`MOZ_REQUIRE_SIGNING`](https://searchfox.org/mozilla-central/search?q=symbol:AppConstants%23MOZ_REQUIRE_SIGNING), which is used to override the value `xpinstall.signatures.required`.
* [`MOZ_DEV_EDITION`](https://searchfox.org/mozilla-central/search?q=symbol%3AAppConstants%23MOZ_DEV_EDITION), which is used to restrict access to some advanced features.
* [`MOZ_TELEMETRY_REPORTING`](https://searchfox.org/mozilla-central/search?q=symbol:AppConstants%23MOZ_TELEMETRY_REPORTING) - used as an additional mean to disable telemetry.
* [`MOZ_CRASHREPORTER`](https://searchfox.org/mozilla-central/search?q=symbol:AppConstants%23MOZ_CRASHREPORTER) - disables crash reporting.
* [`MOZ_DATA_REPORTING`](https://searchfox.org/mozilla-central/search?q=symbol:AppConstants%23MOZ_DATA_REPORTING) - [disables initialization of data reporting system and disables recommendations](https://searchfox.org/mozilla-central/source/browser/components/preferences/privacy.js),

Don't touch:
* `MOZILLA_OFFICIAL` ([var](https://searchfox.org/mozilla-central/search?q=symbol%3AAppConstants%23MOZILLA_OFFICIAL), [macro](https://searchfox.org/mozilla-central/search?q=symbol:M_4924396bb8356f31)) - controls lots of different things. If you change it, your Firefox will fail to start.
* `MOZ_WEBEXT_WEBIDL_ENABLED` ([var](https://searchfox.org/mozilla-central/search?q=symbol:%23MOZ_WEBEXT_WEBIDL_ENABLED), [macro](https://searchfox.org/mozilla-central/search?q=symbol:M_MOZ_WEBEXT_WEBIDL_ENABLED)) - [requires compile-time changes in C++ part](https://searchfox.org/mozilla-central/source/toolkit/components/extensions/webidl-api/ExtensionBrowser.cpp#67).

## Thanks

This tool stands on the shoulders of giants.

### Dependencies

* https://github.com/Kronuz/esprima-python - for JS parsing
* https://github.com/ksons/jscodegen.py - for serializing JS back
* https://github.com/nih-at/libzip + [its python bindings](https://github.com/KOLANICH-libs/libzip.py) - for replacing files in zip archives. **ToDo: replace with a lib doing in-place**

### Sources of information

* https://old.reddit.com/r/ReverseEngineering/comments/51bxuv/modifying_release_builds_of_firefox_to_allow/d7arltj/
* https://github.com/zotero/zotero-standalone-build/blob/11e7c456732397d6b95b4b3a622990e50224b439/fetch_xulrunner.sh#L83-L90
* https://github.com/SebastianSimon/firefox-omni-tweaks
* https://github.com/xiaoxiaoflood/firefox-scripts/blob/master/installation-folder/config.js

24 changes: 24 additions & 0 deletions UNLICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
This is free and unencumbered software released into the public domain.

Anyone is free to copy, modify, publish, use, compile, sell, or
distribute this software, either in source code form or as a compiled
binary, for any purpose, commercial or non-commercial, and by any
means.

In jurisdictions that recognize copyright laws, the author or authors
of this software dedicate any and all copyright interest in the
software to the public domain. We make this dedication for the benefit
of the public at large and to the detriment of our heirs and
successors. We intend this dedication to be an overt act of
relinquishment in perpetuity of all present and future rights to this
software under copyright law.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.

For more information, please refer to <https://unlicense.org/>
Loading

0 comments on commit b9ad3cd

Please sign in to comment.