summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2024-11-12 17:16:39 +0100
committerSimon Rettberg2024-11-12 17:16:39 +0100
commit799b2ac7c1241c4793fa33d6f7fad414eade845e (patch)
treee41b8af03c60ba6b61f9740046e5c44b3490b153
parentbwlp: Put kiosk-chromium in proper target (diff)
downloadmltk-799b2ac7c1241c4793fa33d6f7fad414eade845e.tar.gz
mltk-799b2ac7c1241c4793fa33d6f7fad414eade845e.tar.xz
mltk-799b2ac7c1241c4793fa33d6f7fad414eade845e.zip
[kiosk-firefox] Add new module
-rw-r--r--core/modules/kiosk-firefox/data/etc/firefox/policies/policies.kiosk.json77
-rw-r--r--core/modules/kiosk-firefox/data/opt/openslx/pam/hooks/session-open.d/10-firefox-kiosk-policies130
-rw-r--r--core/modules/kiosk-firefox/data/opt/openslx/scripts/kiosk-launch.d/00-firefox94
-rw-r--r--core/modules/kiosk-firefox/data/opt/openslx/scripts/systemd-setup_kiosk.d/00-preload-firefox17
-rw-r--r--core/modules/kiosk-firefox/module.build12
-rw-r--r--core/modules/kiosk-firefox/module.conf5
-rw-r--r--core/modules/kiosk-firefox/module.conf.debian8
-rw-r--r--core/modules/kiosk-firefox/module.conf.ubuntu9
l---------core/targets/bwlp/kiosk-firefox1
9 files changed, 353 insertions, 0 deletions
diff --git a/core/modules/kiosk-firefox/data/etc/firefox/policies/policies.kiosk.json b/core/modules/kiosk-firefox/data/etc/firefox/policies/policies.kiosk.json
new file mode 100644
index 00000000..b7baba17
--- /dev/null
+++ b/core/modules/kiosk-firefox/data/etc/firefox/policies/policies.kiosk.json
@@ -0,0 +1,77 @@
+{
+ "policies": {
+ "Bookmarks": [
+ ],
+ "NoDefaultBookmarks": true,
+ "ExtensionSettings": {
+ "uBlock0@raymondhill.net": {
+ "installation_mode": "force_installed",
+ "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
+ }
+ },
+ "FirefoxHome": {
+ "Search": true,
+ "TopSites": false,
+ "SponsoredTopSites": false,
+ "Highlights": false,
+ "Pocket": false,
+ "SponsoredPocket": false,
+ "Snippets": false,
+ "Locked": true
+ },
+ "FirefoxSuggest": {
+ "WebSuggestions": false,
+ "SponsoredSuggestions": false,
+ "ImproveSuggest": false,
+ "Locked": true
+ },
+ "Homepage": {
+ "URL": "about:blank",
+ "Locked": true,
+ "Additional": [],
+ "StartPage": "homepage-locked"
+ },
+ "AppAutoUpdate": false,
+ "AutofillAddressEnabled": false,
+ "AutofillCreditCardEnabled": false,
+ "DisableAppUpdate": true,
+ "DisableFirefoxAccounts": true,
+ "DisableFirefoxScreenshots": true,
+ "DisableFormHistory": true,
+ "DisableMasterPasswordCreation": true,
+ "DisablePocket": true,
+ "DisableProfileImport": true,
+ "DisableSetDesktopBackground": true,
+ "DisplayBookmarksToolbar": true,
+ "DontCheckDefaultBrowser": true,
+ "OfferToSaveLogins": false,
+ "OfferToSaveLoginsDefault": false,
+ "OverrideFirstRunPage": "",
+ "OverridePostUpdatePage": "",
+ "PasswordManagerEnabled": false,
+ "PrimaryPassword": false,
+ "PrintingEnabled": false,
+ "PromptForDownloadLocation": true,
+ "DisableTelemetry": true,
+ "SearchEngines": {
+ "Default": "DuckDuckGo",
+ "PreventInstalls": true
+ },
+ "TranslateEnabled": false,
+ "UserMessaging": {
+ "ExtensionRecommendations": false,
+ "FeatureRecommendations": false,
+ "UrlbarInterventions": false,
+ "SkipOnboarding": true
+ },
+ "WebsiteFilter": {
+ "Block": [],
+ "Exceptions": []
+ },
+ "Preferences": {
+ "media.webspeech.synth.enabled": {
+ "Value": false
+ }
+ }
+ }
+}
diff --git a/core/modules/kiosk-firefox/data/opt/openslx/pam/hooks/session-open.d/10-firefox-kiosk-policies b/core/modules/kiosk-firefox/data/opt/openslx/pam/hooks/session-open.d/10-firefox-kiosk-policies
new file mode 100644
index 00000000..0e09764c
--- /dev/null
+++ b/core/modules/kiosk-firefox/data/opt/openslx/pam/hooks/session-open.d/10-firefox-kiosk-policies
@@ -0,0 +1,130 @@
+#!/bin/bash
+#^ SOURCED, actually running in ash
+
+# Protip: Comment out while editing, but DO NOT FORGET TO RE-ENABLE
+[ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" ] && [ "$PAM_TTY" = ":0" ] \
+ && bash <<"EOF"
+# Helper to decode URL-encoded strings
+# e.g. urldecode http%3A%2F%2Ffoobar.com -> http://foobar.com
+urldecode() {
+ : "${*//+/ }"; echo -e "${_//%/\\x}"
+}
+
+# Helper to json'ize bookmarks given as arguments in the form:
+# <name>,<url> -> e.g. Google,https://www.google.com
+json_bookmarks() {
+ local name url
+ while [ $# -ne 0 ]; do
+ name="$( urldecode "${1%%,*}" )"
+ url="$( urldecode "${1#*,}" )"
+ jq --null-input --join-output --compact-output --arg name "$name" --arg url "$url" \
+ '{"Placement": "toolbar", "Title": $name, "URL": $url}'
+ shift
+ [ $# -ne 0 ] && printf ","
+ done
+}
+
+jqitmp=$( mktemp )
+jqi() {
+ < "/etc/firefox/policies/policies.json" jq "$@" > "$jqitmp"
+ cat "$jqitmp" > "/etc/firefox/policies/policies.json"
+}
+# setpref <name> <value> [number|boolean|string]
+setpref() {
+ if [ -n "$3" ]; then
+ local arg
+ if [ "$3" = "boolean" ] || [ "$3" = "number" ]; then
+ arg=argjson
+ else
+ arg=arg
+ fi
+ jqi --arg name "$1" "--$arg" value "$2" --arg type "$3" \
+ '.policies.Preferences[$name].Value = $value | .policies.Preferences[$name].Status = "user" | .policies.Preferences[$name].Type = $type'
+ else
+ jqi --arg name "$1" --arg value "$2" \
+ '.policies.Preferences[$name].Value = $value | .policies.Preferences[$name].Status = "user"'
+ fi
+}
+
+## add_urls <path> <url1> <url2> ... <urlN>
+add_urls() {
+ local url scheme host path chost arr key
+ key="$1"
+ shift
+ readarray -t -d ' ' arr < <( printf "%s" "$@" )
+ for url in "${arr[@]}"; do
+ # extract scheme and remove it from url if needed
+ scheme="${url%%://*}"
+ if [ "$scheme" != "$url" ]; then
+ url="${url#*://}"
+ if [ "$scheme" = 'http*' ]; then
+ # Special case: assume http* means http and https
+ scheme="http"
+ add_urls "https://$url"
+ elif [ "${scheme#*\*}" != "${scheme}" ]; then
+ # Contains a *, not supported, use any
+ scheme='*'
+ fi
+ else
+ scheme='*'
+ fi
+ # extract host
+ host="${url%%/*}"
+ [ -z "$host" ] && continue
+ if [[ "$url" = */* ]]; then
+ path="${url#*/}"
+ else
+ path="*"
+ fi
+ jqi --arg arg "${scheme}://${host}/${path}" "$key += [ \$arg ]"
+ done
+}
+
+. /opt/openslx/config
+. /opt/openslx/bin/slx-tools
+
+cp "/etc/firefox/policies/policies.kiosk.json" "/etc/firefox/policies/policies.json"
+
+bookmarks="$( json_bookmarks $SLX_BROWSER_BOOKMARKS )"
+if [ -z "$bookmarks" ]; then
+ jqi '.policies.DisplayBookmarksToolbar = "never"'
+else
+ jqi '.policies.DisplayBookmarksToolbar = "always"'
+ jqi --argjson bookmarks "[ $bookmarks ]" \
+ '.policies.Bookmarks = $bookmarks'
+fi
+
+if [ -n "${SLX_BROWSER_BLACKLIST}${SLX_BROWSER_WHITELIST}" ]; then
+ # If we only have a whitelist, implicitly block everything by default
+ re='^\s*$'
+ if [[ $SLX_BROWSER_BLACKLIST =~ $re ]]; then
+ SLX_BROWSER_BLACKLIST="*"
+ fi
+ add_urls '.policies.WebsiteFilter.Block' "$SLX_BROWSER_BLACKLIST"
+ add_urls '.policies.WebsiteFilter.Exceptions' "$SLX_BROWSER_WHITELIST"
+fi
+
+# Custom cert so satellite.bwlehrpool works with HTTPS
+for i in /etc/ssl/certs/ca-*.crt; do
+ [ -s "$i" ] || continue
+ jqi --arg file "$i" '.policies.Certificates.Install += [$file]'
+done
+
+if [ -n "$SLX_BROWSER_ZOOM" ] && (( SLX_BROWSER_ZOOM >= 25 && SLX_BROWSER_ZOOM <= 400 )); then
+ setpref "ui.textScaleFactor" "$SLX_BROWSER_ZOOM" number
+fi
+
+# TODO: Seems this feature doesn't exist in firefox
+# We could run a mitm proxy that re-encrypts everything and add its CA cert
+# to FF, but... ugh...
+#if is_on "$SLX_BROWSER_INSECURE"; then
+
+if is_on "$SLX_BROWSER_HWVIDEO"; then
+ setpref 'media.ffmpeg.vaapi.enabled' true boolean
+ setpref 'media.hardware-video-decoding.force-enabled' true boolean
+fi
+
+jqi --arg url "$SLX_BROWSER_URL" '.policies.Homepage.URL = $url'
+EOF
+true
+
diff --git a/core/modules/kiosk-firefox/data/opt/openslx/scripts/kiosk-launch.d/00-firefox b/core/modules/kiosk-firefox/data/opt/openslx/scripts/kiosk-launch.d/00-firefox
new file mode 100644
index 00000000..084667f8
--- /dev/null
+++ b/core/modules/kiosk-firefox/data/opt/openslx/scripts/kiosk-launch.d/00-firefox
@@ -0,0 +1,94 @@
+#!/bin/bash -- sourced
+# prepare and run firefox as kiosk browser
+
+command -v firefox \
+ || command -v firefox-esr \
+ || return 0
+
+# clear state of previous sessions
+if [ "$(whoami)" = "demo" ]; then
+ rm -rf -- "$HOME/".mozilla/firefox*
+fi
+
+. /opt/openslx/bin/slx-tools
+
+# default firefox arguments
+#firefox_args=( "-private" ) # breaks auto-installed uBlock
+firefox_args=( )
+
+done_url=
+if ! is_on "$SLX_BROWSER_INTERACTIVE"; then
+ if is_on "${SLX_AUTOLOGIN%OFF}"; then
+ # Autologin active, go full fullscreen
+ firefox_args+=( "--kiosk" "$SLX_BROWSER_URL" )
+ done_url=1
+ fi
+fi
+
+if [ -z "$done_url" ]; then
+ firefox_args+=( "-url" "$SLX_BROWSER_URL" )
+fi
+
+# Watchdog for reload/restart
+if [ -n "$SLX_BROWSER_RELOAD_SECS" ] && [ "$SLX_BROWSER_RELOAD_SECS" -gt 0 ]; then
+ (
+ # Wake up to force refresh
+ idle-daemon --send 'get :0' &> /dev/null
+ wid=
+ while [ -z "$wid" ]; do
+ sleep 1
+ [ -z "$wid" ] && wid="$( xdotool search --onlyvisible --class firefox )"
+ [ -z "$wid" ] && wid="$( xdotool search --onlyvisible --class firefox-esr )"
+ [ -z "$wid" ] && wid="$( xdotool search --onlyvisible --class Navigator )"
+ done
+ readonly wid
+ wpid="$( xprop -id "$wid" | awk '$1 == "_NET_WM_PID(CARDINAL)" {print $3}' )"
+ if [ -z "$wpid" ]; then
+ # logs to ~/.xsession-errors
+ echo "Failed to get the pid of firefox via xprop..."
+ exit 1
+ fi
+ readonly wpid
+ activity=init
+ last="$(idle-daemon --send 'get :0' | grep -oP '(?<=idleSeconds=)[0-9]+')"
+ sleep 1
+ while true; do
+ if [ ! -d "/proc/$wpid" ]; then
+ echo "Process with PID $wpid stopped, exiting auto-reload loop."
+ exit 0
+ fi
+ current_idle="$(idle-daemon --send 'get :0' | grep -oP '(?<=idleSeconds=)[0-9]+')"
+ if (( current_idle >= SLX_BROWSER_RELOAD_SECS )); then
+ if [ "$activity" = "yes" ] && [ -n "$SLX_BROWSER_INTERACTIVE" ]; then
+ # activity was seen, interactive browser (UI) -> kill session
+ killall firefox-esr firefox
+ loginctl terminate-user demo
+ exit 0
+ else
+ xdotool windowactivate "$wid"
+ xdotool key Esc # In case a context menu is open etc.
+ xdotool key Alt+Home # Go to home page
+ last="$current_idle"
+ sleep "$(( SLX_BROWSER_RELOAD_SECS - 10 ))"
+ # Wake up to force refresh
+ idle-daemon --send 'get :0' &> /dev/null
+ sleep 10
+ activity=init
+ continue
+ fi
+ elif [ "$activity" = "init" ]; then
+ activity=no
+ elif [ -n "$last" ] && (( last > current_idle )); then
+ activity=yes
+ fi
+ last="$current_idle"
+ num="$(( SLX_BROWSER_RELOAD_SECS - ( current_idle + 5 ) ))"
+ (( num < 1 )) && num=1
+ sleep "$num"
+ done
+ ) &
+fi
+
+# finally exec to firefox
+exec firefox "${firefox_args[@]}"
+exec firefox-esr "${firefox_args[@]}"
diff --git a/core/modules/kiosk-firefox/data/opt/openslx/scripts/systemd-setup_kiosk.d/00-preload-firefox b/core/modules/kiosk-firefox/data/opt/openslx/scripts/systemd-setup_kiosk.d/00-preload-firefox
new file mode 100644
index 00000000..2984dced
--- /dev/null
+++ b/core/modules/kiosk-firefox/data/opt/openslx/scripts/systemd-setup_kiosk.d/00-preload-firefox
@@ -0,0 +1,17 @@
+#!/bin/ash
+#
+# Simple "preload" by just reading the directory /usr/lib/chromium-browser
+# Tested the variation loading just the linked libraries, but it does
+# not bring the same startup acceleration than this trivial method...
+
+. /opt/openslx/config
+
+if [ "${SLX_BROWSER//firefox/}" != "$SLX_BROWSER" ]; then
+ for dir in /lib/firefox /usr/lib/firefox /lib/firefox-esr /usr/lib/firefox-esr; do
+ [ -d "$dir" ] || continue
+ for i in firefox firefox-esr libxul.so omni.ja; do
+ dd if=/usr/lib/chromium-browser/chromium-browser of=/dev/null bs=128k &> /dev/null &
+ done
+ break
+ done
+fi
diff --git a/core/modules/kiosk-firefox/module.build b/core/modules/kiosk-firefox/module.build
new file mode 100644
index 00000000..a5cbb6b6
--- /dev/null
+++ b/core/modules/kiosk-firefox/module.build
@@ -0,0 +1,12 @@
+#!/bin/bash
+fetch_source() {
+ :
+}
+
+build() {
+ :
+}
+
+post_copy() {
+ :
+}
diff --git a/core/modules/kiosk-firefox/module.conf b/core/modules/kiosk-firefox/module.conf
new file mode 100644
index 00000000..613d6d21
--- /dev/null
+++ b/core/modules/kiosk-firefox/module.conf
@@ -0,0 +1,5 @@
+#!/bin/bash
+REQUIRED_MODULES="kiosk-common"
+REQUIRED_BINARIES=""
+REQUIRED_LIBRARIES=""
+REQUIRED_DIRECTORIES=""
diff --git a/core/modules/kiosk-firefox/module.conf.debian b/core/modules/kiosk-firefox/module.conf.debian
new file mode 100644
index 00000000..443e3d22
--- /dev/null
+++ b/core/modules/kiosk-firefox/module.conf.debian
@@ -0,0 +1,8 @@
+#!/bin/bash
+REQUIRED_CONTENT_PACKAGES="
+ jq
+ xbindkeys
+"
+REQUIRED_BINARIES=""
+REQUIRED_LIBRARIES=""
+REQUIRED_DIRECTORIES=""
diff --git a/core/modules/kiosk-firefox/module.conf.ubuntu b/core/modules/kiosk-firefox/module.conf.ubuntu
new file mode 100644
index 00000000..afc64011
--- /dev/null
+++ b/core/modules/kiosk-firefox/module.conf.ubuntu
@@ -0,0 +1,9 @@
+#!/bin/bash
+REQUIRED_CONTENT_PACKAGES="
+ jq
+ xbindkeys
+"
+REQUIRED_INSTALLED_PACKAGES=""
+REQUIRED_BINARIES=""
+REQUIRED_LIBRARIES=""
+REQUIRED_DIRECTORIES=""
diff --git a/core/targets/bwlp/kiosk-firefox b/core/targets/bwlp/kiosk-firefox
new file mode 120000
index 00000000..0f05440c
--- /dev/null
+++ b/core/targets/bwlp/kiosk-firefox
@@ -0,0 +1 @@
+../../modules/kiosk-firefox \ No newline at end of file