diff options
author | Simon Rettberg | 2024-11-12 17:16:39 +0100 |
---|---|---|
committer | Simon Rettberg | 2024-11-12 17:16:39 +0100 |
commit | 799b2ac7c1241c4793fa33d6f7fad414eade845e (patch) | |
tree | e41b8af03c60ba6b61f9740046e5c44b3490b153 | |
parent | bwlp: Put kiosk-chromium in proper target (diff) | |
download | mltk-799b2ac7c1241c4793fa33d6f7fad414eade845e.tar.gz mltk-799b2ac7c1241c4793fa33d6f7fad414eade845e.tar.xz mltk-799b2ac7c1241c4793fa33d6f7fad414eade845e.zip |
[kiosk-firefox] Add new module
9 files changed, 353 insertions, 0 deletions
diff --git a/core/modules/kiosk-firefox/data/etc/firefox/policies/policies.kiosk.json b/core/modules/kiosk-firefox/data/etc/firefox/policies/policies.kiosk.json new file mode 100644 index 00000000..b7baba17 --- /dev/null +++ b/core/modules/kiosk-firefox/data/etc/firefox/policies/policies.kiosk.json @@ -0,0 +1,77 @@ +{ + "policies": { + "Bookmarks": [ + ], + "NoDefaultBookmarks": true, + "ExtensionSettings": { + "uBlock0@raymondhill.net": { + "installation_mode": "force_installed", + "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" + } + }, + "FirefoxHome": { + "Search": true, + "TopSites": false, + "SponsoredTopSites": false, + "Highlights": false, + "Pocket": false, + "SponsoredPocket": false, + "Snippets": false, + "Locked": true + }, + "FirefoxSuggest": { + "WebSuggestions": false, + "SponsoredSuggestions": false, + "ImproveSuggest": false, + "Locked": true + }, + "Homepage": { + "URL": "about:blank", + "Locked": true, + "Additional": [], + "StartPage": "homepage-locked" + }, + "AppAutoUpdate": false, + "AutofillAddressEnabled": false, + "AutofillCreditCardEnabled": false, + "DisableAppUpdate": true, + "DisableFirefoxAccounts": true, + "DisableFirefoxScreenshots": true, + "DisableFormHistory": true, + "DisableMasterPasswordCreation": true, + "DisablePocket": true, + "DisableProfileImport": true, + "DisableSetDesktopBackground": true, + "DisplayBookmarksToolbar": true, + "DontCheckDefaultBrowser": true, + "OfferToSaveLogins": false, + "OfferToSaveLoginsDefault": false, + "OverrideFirstRunPage": "", + "OverridePostUpdatePage": "", + "PasswordManagerEnabled": false, + "PrimaryPassword": false, + "PrintingEnabled": false, + "PromptForDownloadLocation": true, + "DisableTelemetry": true, + "SearchEngines": { + "Default": "DuckDuckGo", + "PreventInstalls": true + }, + "TranslateEnabled": false, + "UserMessaging": { + "ExtensionRecommendations": false, + "FeatureRecommendations": false, + "UrlbarInterventions": false, + "SkipOnboarding": true + }, + "WebsiteFilter": { + "Block": [], + "Exceptions": [] + }, + "Preferences": { + "media.webspeech.synth.enabled": { + "Value": false + } + } + } +} diff --git a/core/modules/kiosk-firefox/data/opt/openslx/pam/hooks/session-open.d/10-firefox-kiosk-policies b/core/modules/kiosk-firefox/data/opt/openslx/pam/hooks/session-open.d/10-firefox-kiosk-policies new file mode 100644 index 00000000..0e09764c --- /dev/null +++ b/core/modules/kiosk-firefox/data/opt/openslx/pam/hooks/session-open.d/10-firefox-kiosk-policies @@ -0,0 +1,130 @@ +#!/bin/bash +#^ SOURCED, actually running in ash + +# Protip: Comment out while editing, but DO NOT FORGET TO RE-ENABLE +[ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" ] && [ "$PAM_TTY" = ":0" ] \ + && bash <<"EOF" +# Helper to decode URL-encoded strings +# e.g. urldecode http%3A%2F%2Ffoobar.com -> http://foobar.com +urldecode() { + : "${*//+/ }"; echo -e "${_//%/\\x}" +} + +# Helper to json'ize bookmarks given as arguments in the form: +# <name>,<url> -> e.g. Google,https://www.google.com +json_bookmarks() { + local name url + while [ $# -ne 0 ]; do + name="$( urldecode "${1%%,*}" )" + url="$( urldecode "${1#*,}" )" + jq --null-input --join-output --compact-output --arg name "$name" --arg url "$url" \ + '{"Placement": "toolbar", "Title": $name, "URL": $url}' + shift + [ $# -ne 0 ] && printf "," + done +} + +jqitmp=$( mktemp ) +jqi() { + < "/etc/firefox/policies/policies.json" jq "$@" > "$jqitmp" + cat "$jqitmp" > "/etc/firefox/policies/policies.json" +} +# setpref <name> <value> [number|boolean|string] +setpref() { + if [ -n "$3" ]; then + local arg + if [ "$3" = "boolean" ] || [ "$3" = "number" ]; then + arg=argjson + else + arg=arg + fi + jqi --arg name "$1" "--$arg" value "$2" --arg type "$3" \ + '.policies.Preferences[$name].Value = $value | .policies.Preferences[$name].Status = "user" | .policies.Preferences[$name].Type = $type' + else + jqi --arg name "$1" --arg value "$2" \ + '.policies.Preferences[$name].Value = $value | .policies.Preferences[$name].Status = "user"' + fi +} + +## add_urls <path> <url1> <url2> ... <urlN> +add_urls() { + local url scheme host path chost arr key + key="$1" + shift + readarray -t -d ' ' arr < <( printf "%s" "$@" ) + for url in "${arr[@]}"; do + # extract scheme and remove it from url if needed + scheme="${url%%://*}" + if [ "$scheme" != "$url" ]; then + url="${url#*://}" + if [ "$scheme" = 'http*' ]; then + # Special case: assume http* means http and https + scheme="http" + add_urls "https://$url" + elif [ "${scheme#*\*}" != "${scheme}" ]; then + # Contains a *, not supported, use any + scheme='*' + fi + else + scheme='*' + fi + # extract host + host="${url%%/*}" + [ -z "$host" ] && continue + if [[ "$url" = */* ]]; then + path="${url#*/}" + else + path="*" + fi + jqi --arg arg "${scheme}://${host}/${path}" "$key += [ \$arg ]" + done +} + +. /opt/openslx/config +. /opt/openslx/bin/slx-tools + +cp "/etc/firefox/policies/policies.kiosk.json" "/etc/firefox/policies/policies.json" + +bookmarks="$( json_bookmarks $SLX_BROWSER_BOOKMARKS )" +if [ -z "$bookmarks" ]; then + jqi '.policies.DisplayBookmarksToolbar = "never"' +else + jqi '.policies.DisplayBookmarksToolbar = "always"' + jqi --argjson bookmarks "[ $bookmarks ]" \ + '.policies.Bookmarks = $bookmarks' +fi + +if [ -n "${SLX_BROWSER_BLACKLIST}${SLX_BROWSER_WHITELIST}" ]; then + # If we only have a whitelist, implicitly block everything by default + re='^\s*$' + if [[ $SLX_BROWSER_BLACKLIST =~ $re ]]; then + SLX_BROWSER_BLACKLIST="*" + fi + add_urls '.policies.WebsiteFilter.Block' "$SLX_BROWSER_BLACKLIST" + add_urls '.policies.WebsiteFilter.Exceptions' "$SLX_BROWSER_WHITELIST" +fi + +# Custom cert so satellite.bwlehrpool works with HTTPS +for i in /etc/ssl/certs/ca-*.crt; do + [ -s "$i" ] || continue + jqi --arg file "$i" '.policies.Certificates.Install += [$file]' +done + +if [ -n "$SLX_BROWSER_ZOOM" ] && (( SLX_BROWSER_ZOOM >= 25 && SLX_BROWSER_ZOOM <= 400 )); then + setpref "ui.textScaleFactor" "$SLX_BROWSER_ZOOM" number +fi + +# TODO: Seems this feature doesn't exist in firefox +# We could run a mitm proxy that re-encrypts everything and add its CA cert +# to FF, but... ugh... +#if is_on "$SLX_BROWSER_INSECURE"; then + +if is_on "$SLX_BROWSER_HWVIDEO"; then + setpref 'media.ffmpeg.vaapi.enabled' true boolean + setpref 'media.hardware-video-decoding.force-enabled' true boolean +fi + +jqi --arg url "$SLX_BROWSER_URL" '.policies.Homepage.URL = $url' +EOF +true + diff --git a/core/modules/kiosk-firefox/data/opt/openslx/scripts/kiosk-launch.d/00-firefox b/core/modules/kiosk-firefox/data/opt/openslx/scripts/kiosk-launch.d/00-firefox new file mode 100644 index 00000000..084667f8 --- /dev/null +++ b/core/modules/kiosk-firefox/data/opt/openslx/scripts/kiosk-launch.d/00-firefox @@ -0,0 +1,94 @@ +#!/bin/bash -- sourced +# prepare and run firefox as kiosk browser + +command -v firefox \ + || command -v firefox-esr \ + || return 0 + +# clear state of previous sessions +if [ "$(whoami)" = "demo" ]; then + rm -rf -- "$HOME/".mozilla/firefox* +fi + +. /opt/openslx/bin/slx-tools + +# default firefox arguments +#firefox_args=( "-private" ) # breaks auto-installed uBlock +firefox_args=( ) + +done_url= +if ! is_on "$SLX_BROWSER_INTERACTIVE"; then + if is_on "${SLX_AUTOLOGIN%OFF}"; then + # Autologin active, go full fullscreen + firefox_args+=( "--kiosk" "$SLX_BROWSER_URL" ) + done_url=1 + fi +fi + +if [ -z "$done_url" ]; then + firefox_args+=( "-url" "$SLX_BROWSER_URL" ) +fi + +# Watchdog for reload/restart +if [ -n "$SLX_BROWSER_RELOAD_SECS" ] && [ "$SLX_BROWSER_RELOAD_SECS" -gt 0 ]; then + ( + # Wake up to force refresh + idle-daemon --send 'get :0' &> /dev/null + wid= + while [ -z "$wid" ]; do + sleep 1 + [ -z "$wid" ] && wid="$( xdotool search --onlyvisible --class firefox )" + [ -z "$wid" ] && wid="$( xdotool search --onlyvisible --class firefox-esr )" + [ -z "$wid" ] && wid="$( xdotool search --onlyvisible --class Navigator )" + done + readonly wid + wpid="$( xprop -id "$wid" | awk '$1 == "_NET_WM_PID(CARDINAL)" {print $3}' )" + if [ -z "$wpid" ]; then + # logs to ~/.xsession-errors + echo "Failed to get the pid of firefox via xprop..." + exit 1 + fi + readonly wpid + activity=init + last="$(idle-daemon --send 'get :0' | grep -oP '(?<=idleSeconds=)[0-9]+')" + sleep 1 + while true; do + if [ ! -d "/proc/$wpid" ]; then + echo "Process with PID $wpid stopped, exiting auto-reload loop." + exit 0 + fi + current_idle="$(idle-daemon --send 'get :0' | grep -oP '(?<=idleSeconds=)[0-9]+')" + if (( current_idle >= SLX_BROWSER_RELOAD_SECS )); then + if [ "$activity" = "yes" ] && [ -n "$SLX_BROWSER_INTERACTIVE" ]; then + # activity was seen, interactive browser (UI) -> kill session + killall firefox-esr firefox + loginctl terminate-user demo + exit 0 + else + xdotool windowactivate "$wid" + xdotool key Esc # In case a context menu is open etc. + xdotool key Alt+Home # Go to home page + last="$current_idle" + sleep "$(( SLX_BROWSER_RELOAD_SECS - 10 ))" + # Wake up to force refresh + idle-daemon --send 'get :0' &> /dev/null + sleep 10 + activity=init + continue + fi + elif [ "$activity" = "init" ]; then + activity=no + elif [ -n "$last" ] && (( last > current_idle )); then + activity=yes + fi + last="$current_idle" + num="$(( SLX_BROWSER_RELOAD_SECS - ( current_idle + 5 ) ))" + (( num < 1 )) && num=1 + sleep "$num" + done + ) & +fi + +# finally exec to firefox +exec firefox "${firefox_args[@]}" +exec firefox-esr "${firefox_args[@]}" diff --git a/core/modules/kiosk-firefox/data/opt/openslx/scripts/systemd-setup_kiosk.d/00-preload-firefox b/core/modules/kiosk-firefox/data/opt/openslx/scripts/systemd-setup_kiosk.d/00-preload-firefox new file mode 100644 index 00000000..2984dced --- /dev/null +++ b/core/modules/kiosk-firefox/data/opt/openslx/scripts/systemd-setup_kiosk.d/00-preload-firefox @@ -0,0 +1,17 @@ +#!/bin/ash +# +# Simple "preload" by just reading the directory /usr/lib/chromium-browser +# Tested the variation loading just the linked libraries, but it does +# not bring the same startup acceleration than this trivial method... + +. /opt/openslx/config + +if [ "${SLX_BROWSER//firefox/}" != "$SLX_BROWSER" ]; then + for dir in /lib/firefox /usr/lib/firefox /lib/firefox-esr /usr/lib/firefox-esr; do + [ -d "$dir" ] || continue + for i in firefox firefox-esr libxul.so omni.ja; do + dd if=/usr/lib/chromium-browser/chromium-browser of=/dev/null bs=128k &> /dev/null & + done + break + done +fi diff --git a/core/modules/kiosk-firefox/module.build b/core/modules/kiosk-firefox/module.build new file mode 100644 index 00000000..a5cbb6b6 --- /dev/null +++ b/core/modules/kiosk-firefox/module.build @@ -0,0 +1,12 @@ +#!/bin/bash +fetch_source() { + : +} + +build() { + : +} + +post_copy() { + : +} diff --git a/core/modules/kiosk-firefox/module.conf b/core/modules/kiosk-firefox/module.conf new file mode 100644 index 00000000..613d6d21 --- /dev/null +++ b/core/modules/kiosk-firefox/module.conf @@ -0,0 +1,5 @@ +#!/bin/bash +REQUIRED_MODULES="kiosk-common" +REQUIRED_BINARIES="" +REQUIRED_LIBRARIES="" +REQUIRED_DIRECTORIES="" diff --git a/core/modules/kiosk-firefox/module.conf.debian b/core/modules/kiosk-firefox/module.conf.debian new file mode 100644 index 00000000..443e3d22 --- /dev/null +++ b/core/modules/kiosk-firefox/module.conf.debian @@ -0,0 +1,8 @@ +#!/bin/bash +REQUIRED_CONTENT_PACKAGES=" + jq + xbindkeys +" +REQUIRED_BINARIES="" +REQUIRED_LIBRARIES="" +REQUIRED_DIRECTORIES="" diff --git a/core/modules/kiosk-firefox/module.conf.ubuntu b/core/modules/kiosk-firefox/module.conf.ubuntu new file mode 100644 index 00000000..afc64011 --- /dev/null +++ b/core/modules/kiosk-firefox/module.conf.ubuntu @@ -0,0 +1,9 @@ +#!/bin/bash +REQUIRED_CONTENT_PACKAGES=" + jq + xbindkeys +" +REQUIRED_INSTALLED_PACKAGES="" +REQUIRED_BINARIES="" +REQUIRED_LIBRARIES="" +REQUIRED_DIRECTORIES="" diff --git a/core/targets/bwlp/kiosk-firefox b/core/targets/bwlp/kiosk-firefox new file mode 120000 index 00000000..0f05440c --- /dev/null +++ b/core/targets/bwlp/kiosk-firefox @@ -0,0 +1 @@ +../../modules/kiosk-firefox
\ No newline at end of file |