extern/workspaces-images
1
0
Fork 0
mirror of https://github.com/kasmtech/workspaces-images.git synced 2025-06-20 17:47:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/KASM-7197-silence_firefox_security_nag_develop' into 'develop'

Browse Source 
Resolve KASM-7197 "Bugfix/ silence firefox security nag develop"

Closes KASM-7197

See merge request kasm-technologies/internal/workspaces-images!272
This commit is contained in:
Richard Koliser 2025-05-05 18:34:53 +00:00
commit 062a0bff63
2 changed files with 33 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/alpine/install/firefox/install_firefox.sh
View File

@ -20,6 +20,14 @@ done
# Creating a default profile # Creating a default profile
firefox -headless -CreateProfile "kasm $HOME/.mozilla/firefox/kasm" firefox -headless -CreateProfile "kasm $HOME/.mozilla/firefox/kasm"
# For alpine 3.20 and later, firefox version shows a security nag. Silence it..
if [ "$(printf '%s\n' 3.20 $(cat /etc/alpine-release) | sort -V | head -n 1)" = "3.20" ]; then
echo 'user_pref("security.sandbox.warn_unprivileged_namespaces", false);' > $HOME/.mozilla/firefox/kasm/user.js
chown 1000:1000 $HOME/.mozilla/firefox/kasm/user.js
fi
# Generate a certdb to be detected on squid start # Generate a certdb to be detected on squid start
HOME=/root firefox --headless & HOME=/root firefox --headless &
mkdir -p /root/.mozilla mkdir -p /root/.mozilla

27
src/ubuntu/install/firefox/install_firefox.sh
View File

@ -176,6 +176,10 @@ else
firefox -headless -CreateProfile "kasm $HOME/.mozilla/firefox/kasm" firefox -headless -CreateProfile "kasm $HOME/.mozilla/firefox/kasm"
fi fi
# Silence Firefox security nag "Some of Firefox's features may offer less protection on your current operating system".
echo 'user_pref("security.sandbox.warn_unprivileged_namespaces", false);' > $HOME/.mozilla/firefox/kasm/user.js
chown 1000:1000 $HOME/.mozilla/firefox/kasm/user.js
if [[ "${DISTRO}" == @(oracle8|rockylinux9|rockylinux8|oracle9|rhel9|almalinux9|almalinux8|opensuse|fedora39|fedora40) ]]; then if [[ "${DISTRO}" == @(oracle8|rockylinux9|rockylinux8|oracle9|rhel9|almalinux9|almalinux8|opensuse|fedora39|fedora40) ]]; then
set_desktop_icon set_desktop_icon
fi fi
@ -183,8 +187,27 @@ fi
# Starting with version 67, Firefox creates a unique profile mapping per installation which is hash generated # Starting with version 67, Firefox creates a unique profile mapping per installation which is hash generated
# based off the installation path. Because that path will be static for our deployments we can assume the hash # based off the installation path. Because that path will be static for our deployments we can assume the hash
# and thus assign our profile to the default for the installation # and thus assign our profile to the default for the installation
if grep -q "ID=kali" /etc/os-release; then
if [[ "${DISTRO}" != @(oracle8|rockylinux9|rockylinux8|oracle9|rhel9|almalinux9|almalinux8|opensuse|fedora39|fedora40) ]]; then cat >>$HOME/.mozilla/firefox/profiles.ini <<EOL
[Install3B6073811A6ABF12]
Default=kasm
Locked=1
EOL
elif grep -q "ID=debian" /etc/os-release || grep -q "ID=parrot" /etc/os-release; then
if [ "${ARCH}" != "amd64" ]; then
cat >>$HOME/.mozilla/firefox/profiles.ini <<EOL
[Install3B6073811A6ABF12]
Default=kasm
Locked=1
EOL
else
cat >>$HOME/.mozilla/firefox/profiles.ini <<EOL
[Install4F96D1932A9F858E]
Default=kasm
Locked=1
EOL
fi
elif [[ "${DISTRO}" != @(oracle8|rockylinux9|rockylinux8|oracle9|rhel9|almalinux9|almalinux8|opensuse|fedora39|fedora40) ]]; then
cat >>$HOME/.mozilla/firefox/profiles.ini <<EOL cat >>$HOME/.mozilla/firefox/profiles.ini <<EOL
[Install4F96D1932A9F858E] [Install4F96D1932A9F858E]
Default=kasm Default=kasm