[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#28004] Chromium
|
From: |
Marius Bakke |
|
Subject: |
[bug#28004] Chromium |
|
Date: |
Mon, 08 Jan 2018 22:56:26 +0100 |
|
User-agent: |
Notmuch/0.25.3 (https://notmuchmail.org) Emacs/25.3.1 (x86_64-pc-linux-gnu) |
ng0 <address@hidden> writes:
>> + (substitute* "chrome/common/chrome_paths.cc"
>> + (("/usr/share/chromium/extensions")
>> + ;; TODO: Add ~/.guix-profile.
>> + "/run/current-system/profile/share/chromium/extensions"))
>
> What's the idea behind this? Did you test it? Do you have any guix
> build-system
> using Chromium extensions as an example? So far this completely disables the
> installation of any plugins and addons.
The idea is to eventually be able to distribute extensions with Guix. I
added this path mostly to document it, but don't see how keeping the
default makes a difference. If you can place an extension in
/usr/share, you can also copy it to the system profile through your
config.scm, or symlink this location on a foreign distribution.
>> + (mkdir-p bin)
>> + ;; Add a thin wrapper to prevent the user from
>> inadvertently
>> + ;; installing non-free software through the Web Store.
>> + ;; TODO: Discover extensions from the profile and pass
>> + ;; something like "--disable-extensions-except=...".
>
> Same question here.
The Web Store has serious freedom issues, thus we can not enable it by
default. Enabling it *must* be a conscious choice by the end user.
The TODO here is inspired by Debians wrapper script, which enumerates
the location where apt places extensions, and gives that list to
"--disable-extensions-except".
> If you need help, there's at least 3 users of Chromium now. I'd like to read
> your ideas on how to solve the TODOs, aswell as: Do you have any unpushed
> progress? Maybe we can team collaborate on this huge browser.
I do maintain this patch, but unfortunately not in a public repository.
I've attached the latest iteration here (sorry for squashed).
New since the last time are some fixes from the "Inox patchset" that
resolves most of the privacy issues. Namely removing the "login
wizard", changing to sensible defaults, and forcing the "classic" New
Tab Page that does not load a search engine.
Also, all patches have been moved to remote origins.
Testing and feedback welcome!
Currently there are two "important" (blocking?) TODOs left:
* Move the 'delete-bundled-software' phase to a source snippet.
Repacking the ~500MiB compressed tarball is *really* expensive. It
should also aid the licensing situation.
* Delete the two default entries from the "most used" list on the New
Tab page. The first run will download thumbnails for these sites,
leaking data. One of them also leads to the disabled-by-default
store, promoting non-free software.
I'm optimistic that fixing the second item will make the browser not
leak *any* data at launch with the default configuration. Which leads
to a third item: writing a system test that verifies that launching
Chromium does indeed not initiate any network traffic.
Anyway, here is the latest patch:
0001-gnu-Add-chromium.patch
Description: Text Data
signature.asc
Description: PGP signature
- [bug#28004] Chromium, ng0, 2018/01/04
- [bug#28004] Chromium,
Marius Bakke <=
- [bug#28004] Chromium, ng0, 2018/01/08
- [bug#28004] Chromium, Marius Bakke, 2018/01/08
- [bug#28004] Chromium, Marius Bakke, 2018/01/11
- [bug#28004] Chromium, ng0, 2018/01/13
- [bug#28004] Chromium, ng0, 2018/01/13
- [bug#28004] Chromium, ng0, 2018/01/14
- [bug#28004] Chromium, Ludovic Courtès, 2018/01/16
- [bug#28004] Chromium, Marius Bakke, 2018/01/16
- [bug#28004] Chromium, Tobias Geerinckx-Rice, 2018/01/16
- [bug#28004] Chromium, Marius Bakke, 2018/01/16