Revision ed08ef1a
Added by koszko almost 2 years ago
| build.sh | ||
|---|---|---|
| 200 | 200 |
GECKO_APPLICATIONS='' |
| 201 | 201 |
|
| 202 | 202 |
if [ "$BROWSER" = "chromium" ]; then |
| 203 |
CHROMIUM_KEY="$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)" |
|
| 204 |
echo "chromium key is" $CHROMIUM_KEY |
|
| 205 |
CHROMIUM_KEY="chromium-key-dummy-file-$CHROMIUM_KEY" |
|
| 206 |
CHROMIUM_KEY=$(echo $CHROMIUM_KEY | tr / -); |
|
| 207 |
touch $BUILDDIR/$CHROMIUM_KEY |
|
| 208 |
|
|
| 203 | 209 |
CHROMIUM_KEY="\n\ |
| 204 |
\n\ |
|
| 205 |
// WARNING!!!\n\ |
|
| 206 |
// EACH USER SHOULD REPLACE \"key\" WITH A UNIQUE VALUE!!!\n\ |
|
| 207 |
// OTHERWISE, SECURITY CAN BE TRIVIALLY COMPROMISED!\n\ |
|
| 208 |
//\n\ |
|
| 209 |
// A unique key can be generated with:\n\ |
|
| 210 |
// $ ssh-keygen -f /path/to/new/key.pem -t rsa -b 1024\n\ |
|
| 211 |
//\n\ |
|
| 212 |
// Only relevant to users of chrome-based browsers.\n\ |
|
| 213 |
// Users of Firefox forks are safe.\n\ |
|
| 214 |
\n\ |
|
| 215 |
\"key\": \"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAlwAAAAdzc2gtcnNhAAAAAwEAAQAAAIEA+0GT5WNmRRo8e5tL9+BmNtY6aBPwLIgbPnLShYBMSR40iYwLTsccrkwBXb3bs1o4p6q5WJugI8Lsia+GXZc/XHGFkq7D1aWiTxlJLs8z0JC2TQ2/yatYmBMchogYGeeUfP7aI7JJZwpATts+VhIvgga/4FYj+DijMIEpwdckqFEAAAII4Dh7HOA4exwAAAAHc3NoLXJzYQAAAIEA+0GT5WNmRRo8e5tL9+BmNtY6aBPwLIgbPnLShYBMSR40iYwLTsccrkwBXb3bs1o4p6q5WJugI8Lsia+GXZc/XHGFkq7D1aWiTxlJLs8z0JC2TQ2/yatYmBMchogYGeeUfP7aI7JJZwpATts+VhIvgga/4FYj+DijMIEpwdckqFEAAAADAQABAAAAgEHB5/MhEKMFOs8e1cMJ97ZiWubiUPlWpcqyQmauLUj1nspg3JTBh8AWJEVkaxuFgU5gYCHQmRjC6yUdywyziOEkFA4r/WpX4WmbIe+GQHRHhitLN0dgF8N6/fVNOoa5StTdfZqyl23pVXyepoDNjrJFKyupqPMmpwfH5lGr9RwBAAAAQG76HflB/5j8P2YgIYX6dQT4Ei0SqiIjNVy7jFJUQDKSJg/PYkedE02JZJBJPcMYxEJUxXtMgq+upamNILfkmY0AAABBAP4v0O5dqjy16xDDFzb4DPNAcw5Za9KJaXKVkUuKXMNZOKTR0RC/upjNTmttY980RKdIx5zA25dO8cx563bSDIsAAABBAP0MaOpBiai/eRmLqhlthHODa+Mur6W3uc9PyhWhgDBjLNMR/doaYeyfVKxtIiN3a+HkN++G+vbokRweQv++bhMAAAANdXJ6QGxvY2FsaG9zdAECAwQFBg==\"," |
|
| 210 |
// WARNING!!!\n\ |
|
| 211 |
// EACH USER SHOULD REPLACE DUMMY FILE's VALUE WITH A UNIQUE ONE!!!\n\ |
|
| 212 |
// OTHERWISE, SECURITY CAN BE TRIVIALLY COMPROMISED!\n\ |
|
| 213 |
// Only relevant to users of chrome-based browsers.\n\ |
|
| 214 |
// Users of Firefox forks are safe.\n\ |
|
| 215 |
\"$CHROMIUM_KEY\"\ |
|
| 216 |
" |
|
| 216 | 217 |
else |
| 217 | 218 |
GECKO_APPLICATIONS="\n\ |
| 218 | 219 |
\"applications\": {\n\
|
| common/signing.js | ||
|---|---|---|
| 10 | 10 |
* IMPORTS_START |
| 11 | 11 |
* IMPORT sha256 |
| 12 | 12 |
* IMPORT browser |
| 13 |
* IMPORT is_chrome
|
|
| 13 |
* IMPORT is_mozilla
|
|
| 14 | 14 |
* IMPORTS_END |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| ... | ... | |
| 30 | 30 |
* |
| 31 | 31 |
* The secret shared between execution contexts has to be available |
| 32 | 32 |
* synchronously. Under Mozilla, this is the extension's per-session id. Under |
| 33 |
* Chromium, this is the key that resides in the manifest. |
|
| 34 |
* |
|
| 35 |
* An idea to (under Chromium) instead store the secret in a file fetched |
|
| 36 |
* synchronously using XMLHttpRequest is being considered. |
|
| 33 |
* Chromium, this is a dummy web-accessible-resource name that resides in the |
|
| 34 |
* manifest and is supposed to be constructed by each user using a unique value |
|
| 35 |
* (this is done automatically by `build.sh'). |
|
| 37 | 36 |
*/ |
| 38 | 37 |
|
| 39 | 38 |
function get_secret() |
| 40 | 39 |
{
|
| 41 |
if (is_chrome) |
|
| 42 |
return browser.runtime.getManifest().key.substring(0, 50); |
|
| 43 |
else |
|
| 40 |
if (is_mozilla) |
|
| 44 | 41 |
return browser.runtime.getURL("dummy");
|
| 42 |
|
|
| 43 |
return chrome.runtime.getManifest().web_accessible_resources |
|
| 44 |
.map(r => /^chromium-key-dummy-file-(.*)/.exec(r)).filter(r => r)[0][1]; |
|
| 45 | 45 |
} |
| 46 | 46 |
|
| 47 | 47 |
function extract_signed(signature, signed_data) |
| manifest.json | ||
|---|---|---|
| 4 | 4 |
"manifest_version": 2, |
| 5 | 5 |
"name": "Hachette", |
| 6 | 6 |
"short_name": "Hachette", |
| 7 |
"version": "0.0.1",_CHROMIUM_KEY_
|
|
| 7 |
"version": "0.0.1", |
|
| 8 | 8 |
"author": "various", |
| 9 | 9 |
"description": "Control your \"Web\" browsing.",_GECKO_APPLICATIONS_ |
| 10 | 10 |
"icons":{
|
| ... | ... | |
| 42 | 42 |
"page": "html/options.html", |
| 43 | 43 |
"open_in_tab": true |
| 44 | 44 |
}, |
| 45 |
"web_accessible_resources": [ |
|
| 45 |
"web_accessible_resources": [_CHROMIUM_KEY_
|
|
| 46 | 46 |
], |
| 47 | 47 |
"background": {
|
| 48 | 48 |
"persistent": true, |
Also available in: Unified diff
generate Chromium unique key automatically in `build.sh'