From 2ab751d7e5e96e9a5f0d1e15ba46756afcfb0b3b Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 13 Nov 2024 10:10:05 +0100
Subject: [kiosk-chromium/kiosk-firefox] Minor tweaks, reorder browser fallback

---
 .../pam/hooks/session-open.d/10-chromium-urlfilter |   8 +-
 .../opt/openslx/scripts/kiosk-launch.d/00-chromium | 163 ---------------------
 .../opt/openslx/scripts/kiosk-launch.d/10-chromium | 163 +++++++++++++++++++++
 .../data/etc/X11/Xreset.d/clear-firefox-policies   |   7 +
 .../hooks/session-open.d/10-firefox-kiosk-policies |   1 +
 .../openslx/scripts/kiosk-launch.d/00-slxbrowser   |  41 ------
 .../openslx/scripts/kiosk-launch.d/50-slxbrowser   |  41 ++++++
 7 files changed, 215 insertions(+), 209 deletions(-)
 delete mode 100644 core/modules/kiosk-chromium/data/opt/openslx/scripts/kiosk-launch.d/00-chromium
 create mode 100644 core/modules/kiosk-chromium/data/opt/openslx/scripts/kiosk-launch.d/10-chromium
 create mode 100644 core/modules/kiosk-firefox/data/etc/X11/Xreset.d/clear-firefox-policies
 delete mode 100644 core/modules/kiosk-slxbrowser/data/opt/openslx/scripts/kiosk-launch.d/00-slxbrowser
 create mode 100644 core/modules/kiosk-slxbrowser/data/opt/openslx/scripts/kiosk-launch.d/50-slxbrowser

diff --git a/core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/10-chromium-urlfilter b/core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/10-chromium-urlfilter
index 1287fff0..181bcd2a 100644
--- a/core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/10-chromium-urlfilter
+++ b/core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/10-chromium-urlfilter
@@ -2,7 +2,8 @@
 #^ SOURCED, actually running in ash
 
 # Protip: Comment out while editing, but DO NOT FORGET TO RE-ENABLE
-bash <<"EOF"
+[ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" ] && [ "$PAM_TTY" = ":0" ] \
+	&& bash <<"EOF"
 format_urls() {
 	local url scheme host path chost arr
 	readarray -t -d ' ' arr < <( printf "%s" "$@" )
@@ -81,10 +82,7 @@ main() {
 	ln -nfs "$url_policy_file" "/etc/chromium/policies/managed/url-filter.json"
 }
 
-if [ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" ] && [ "$PAM_TTY" = ":0" ]; then
-	# autologin of some sort
-	main
-fi
+main
 EOF
 true
 
diff --git a/core/modules/kiosk-chromium/data/opt/openslx/scripts/kiosk-launch.d/00-chromium b/core/modules/kiosk-chromium/data/opt/openslx/scripts/kiosk-launch.d/00-chromium
deleted file mode 100644
index f165cfe1..00000000
--- a/core/modules/kiosk-chromium/data/opt/openslx/scripts/kiosk-launch.d/00-chromium
+++ /dev/null
@@ -1,163 +0,0 @@
-#!/bin/bash -- sourced
-# prepares and run chromium as kiosk browser
-
-command -v chromium \
-	|| command -v chromium-browser \
-	|| return 0
-
-# clear state of previous sessions
-if [ "$(whoami)" = "demo" ]; then
-	rm -rf -- "$HOME/.config/chromium"
-	mkdir -p "$HOME/.config/chromium/Default"
-fi
-
-cert_to_nssdb /etc/ssl/certs/ "${HOME}/.pki/nssdb" &
-nss_pid=$!
-
-# Helper to decode URL-encoded strings
-# e.g. urldecode http%3A%2F%2Ffoobar.com -> http://foobar.com
-urldecode() {
-	: "${*//+/ }"; echo -e "${_//%/\\x}"
-}
-
-# Helper to json'ize bookmarks given as arguments in the form:
-#    <name>,<url>  ->  e.g. Google,https://www.google.com
-json_bookmarks() {
-	local cur=0
-	local name url
-	while [ $# -ne 0 ]; do
-		name="$( urldecode "${1%%,*}" )"
-		url="$( urldecode "${1#*,}" )"
-		jq --null-input --join-output --compact-output --arg id "$(( cur++ ))" --arg name "$name" --arg url "$url" \
-			'{"id": $id, "type": "url", "name": $name, "url": $url}'
-		shift
-		[ $# -ne 0 ] && printf ","
-	done
-}
-
-. /opt/openslx/bin/slx-tools
-
-# Pass SLX_BROWSER_BOOKMARKS without quotes for splitting into arguments
-cat > "$HOME/.config/chromium/Default/Bookmarks" <<EOF
-{
-	"roots": {
-		"bookmark_bar": {
-		"children": [ $(json_bookmarks $SLX_BROWSER_BOOKMARKS) ],
-			"id": "1",
-			"name": "Lesezeichenleiste",
-			"type": "folder"
-		},
-		"other": {
-			"children": [  ],
-			"id": "2",
-			"name": "Weitere Lesezeichen",
-			"type": "folder"
-		},
-		"synced": {
-			"children": [  ],
-			"id": "3",
-			"name": "Mobile Lesezeichen",
-			"type": "folder"
-		}
-	},
-	"version": 1
-}
-EOF
-
-# default chromium arguments
-chromium_args=("--noerrdialogs" "--disable-translate" "--disable-new-avatar-menu" "--disable-infobars" "--test-type" "--fast" "--fast-start")
-
-# simulate a future build date to remove those update notification
-chromium_args+=("--simulate-outdated-no-au=\"Tue, 31 Dec 2099 23:59:59 GMT\"")
-
-# default to maximized on startup
-chromium_args+=("--start-maximized")
-
-if ! is_on "$SLX_BROWSER_INTERACTIVE"; then
-	if is_on "${SLX_AUTOLOGIN%OFF}"; then
-		# Autologin active, go full fullscreen
-		chromium_args+=("--kiosk")
-	fi
-fi
-
-if [ -n "$SLX_BROWSER_ZOOM" ]; then
-	v="${SLX_BROWSER_ZOOM}"
-	while [ "${#v}" -lt 3 ]; do
-		v="0$v"
-	done
-	chromium_args+=( "--force-device-scale-factor=${v:0:-2}.${v:${#v}-2}" )
-fi
-
-if [ -n "$SLX_BROWSER_RELOAD_SECS" ] && [ "$SLX_BROWSER_RELOAD_SECS" -gt 0 ]; then
-	(
-	# Wake up to force refresh
-	idle-daemon --send 'get :0' &> /dev/null
-	wid=
-	while [ -z "$wid" ]; do
-		sleep 1
-		[ -z "$wid" ] && wid="$( xdotool search --onlyvisible --class chromium-browser )"
-		[ -z "$wid" ] && wid="$( xdotool search --onlyvisible --class chromium )"
-		[ -z "$wid" ] && wid="$( xdotool search --onlyvisible --class browser )"
-	done
-	readonly wid
-	wpid="$( xprop -id "$wid" | awk '$1 == "_NET_WM_PID(CARDINAL)" {print $3}' )"
-	if [ -z "$wpid" ]; then
-		# logs to ~/.xsession-errors
-		echo "Failed to get the pid of chromium-browser via xprop..."
-		exit 1
-	fi
-	readonly wpid
-	activity=init
-	last="$(idle-daemon --send 'get :0' | grep -oP '(?<=idleSeconds=)[0-9]+')"
-	sleep 1
-	while true; do
-		if [ ! -d "/proc/$wpid" ]; then
-			echo "Process with PID $wpid stopped, exiting auto-reload loop."
-			exit 0
-		fi
-		current_idle="$(idle-daemon --send 'get :0' | grep -oP '(?<=idleSeconds=)[0-9]+')"
-		if (( current_idle >= SLX_BROWSER_RELOAD_SECS )); then
-			if [ "$activity" = "yes" ] && [ -n "$SLX_BROWSER_INTERACTIVE" ]; then
-				# activity was seen, interactive browser (UI) -> kill session
-				killall chromium-browser chromium
-				loginctl terminate-user demo
-				exit 0
-			else
-				xdotool windowactivate "$wid"
-				xdotool key Alt+Home
-				last="$current_idle"
-				sleep "$(( SLX_BROWSER_RELOAD_SECS - 10 ))"
-				# Wake up to force refresh
-				idle-daemon --send 'get :0' &> /dev/null
-				sleep 10
-				activity=init
-				continue
-			fi
-		elif [ "$activity" = "init" ]; then
-			activity=no
-		elif [ -n "$last" ] && (( last > current_idle )); then
-			activity=yes
-		fi
-		last="$current_idle"
-		num="$(( SLX_BROWSER_RELOAD_SECS - ( current_idle + 5 ) ))"
-		(( num < 1 )) && num=1
-		sleep "$num"
-	done
-	) &
-fi
-
-if is_on "$SLX_BROWSER_INSECURE"; then
-	chromium_args+=( "--allow-running-insecure-content" "--ignore-certificate-errors" )
-fi
-if is_on "$SLX_BROWSER_HWVIDEO"; then
-	chromium_args+=( "--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,VaapiVideoDecodeLinuxGL" )
-fi
-
-# Wait until cert store is fully populated
-wait $nss_pid
-
-chromium_args+=( "$SLX_BROWSER_URL" )
-
-# finally exec to chromium
-exec chromium "${chromium_args[@]}"
-exec chromium-browser "${chromium_args[@]}"
diff --git a/core/modules/kiosk-chromium/data/opt/openslx/scripts/kiosk-launch.d/10-chromium b/core/modules/kiosk-chromium/data/opt/openslx/scripts/kiosk-launch.d/10-chromium
new file mode 100644
index 00000000..f165cfe1
--- /dev/null
+++ b/core/modules/kiosk-chromium/data/opt/openslx/scripts/kiosk-launch.d/10-chromium
@@ -0,0 +1,163 @@
+#!/bin/bash -- sourced
+# prepares and run chromium as kiosk browser
+
+command -v chromium \
+	|| command -v chromium-browser \
+	|| return 0
+
+# clear state of previous sessions
+if [ "$(whoami)" = "demo" ]; then
+	rm -rf -- "$HOME/.config/chromium"
+	mkdir -p "$HOME/.config/chromium/Default"
+fi
+
+cert_to_nssdb /etc/ssl/certs/ "${HOME}/.pki/nssdb" &
+nss_pid=$!
+
+# Helper to decode URL-encoded strings
+# e.g. urldecode http%3A%2F%2Ffoobar.com -> http://foobar.com
+urldecode() {
+	: "${*//+/ }"; echo -e "${_//%/\\x}"
+}
+
+# Helper to json'ize bookmarks given as arguments in the form:
+#    <name>,<url>  ->  e.g. Google,https://www.google.com
+json_bookmarks() {
+	local cur=0
+	local name url
+	while [ $# -ne 0 ]; do
+		name="$( urldecode "${1%%,*}" )"
+		url="$( urldecode "${1#*,}" )"
+		jq --null-input --join-output --compact-output --arg id "$(( cur++ ))" --arg name "$name" --arg url "$url" \
+			'{"id": $id, "type": "url", "name": $name, "url": $url}'
+		shift
+		[ $# -ne 0 ] && printf ","
+	done
+}
+
+. /opt/openslx/bin/slx-tools
+
+# Pass SLX_BROWSER_BOOKMARKS without quotes for splitting into arguments
+cat > "$HOME/.config/chromium/Default/Bookmarks" <<EOF
+{
+	"roots": {
+		"bookmark_bar": {
+		"children": [ $(json_bookmarks $SLX_BROWSER_BOOKMARKS) ],
+			"id": "1",
+			"name": "Lesezeichenleiste",
+			"type": "folder"
+		},
+		"other": {
+			"children": [  ],
+			"id": "2",
+			"name": "Weitere Lesezeichen",
+			"type": "folder"
+		},
+		"synced": {
+			"children": [  ],
+			"id": "3",
+			"name": "Mobile Lesezeichen",
+			"type": "folder"
+		}
+	},
+	"version": 1
+}
+EOF
+
+# default chromium arguments
+chromium_args=("--noerrdialogs" "--disable-translate" "--disable-new-avatar-menu" "--disable-infobars" "--test-type" "--fast" "--fast-start")
+
+# simulate a future build date to remove those update notification
+chromium_args+=("--simulate-outdated-no-au=\"Tue, 31 Dec 2099 23:59:59 GMT\"")
+
+# default to maximized on startup
+chromium_args+=("--start-maximized")
+
+if ! is_on "$SLX_BROWSER_INTERACTIVE"; then
+	if is_on "${SLX_AUTOLOGIN%OFF}"; then
+		# Autologin active, go full fullscreen
+		chromium_args+=("--kiosk")
+	fi
+fi
+
+if [ -n "$SLX_BROWSER_ZOOM" ]; then
+	v="${SLX_BROWSER_ZOOM}"
+	while [ "${#v}" -lt 3 ]; do
+		v="0$v"
+	done
+	chromium_args+=( "--force-device-scale-factor=${v:0:-2}.${v:${#v}-2}" )
+fi
+
+if [ -n "$SLX_BROWSER_RELOAD_SECS" ] && [ "$SLX_BROWSER_RELOAD_SECS" -gt 0 ]; then
+	(
+	# Wake up to force refresh
+	idle-daemon --send 'get :0' &> /dev/null
+	wid=
+	while [ -z "$wid" ]; do
+		sleep 1
+		[ -z "$wid" ] && wid="$( xdotool search --onlyvisible --class chromium-browser )"
+		[ -z "$wid" ] && wid="$( xdotool search --onlyvisible --class chromium )"
+		[ -z "$wid" ] && wid="$( xdotool search --onlyvisible --class browser )"
+	done
+	readonly wid
+	wpid="$( xprop -id "$wid" | awk '$1 == "_NET_WM_PID(CARDINAL)" {print $3}' )"
+	if [ -z "$wpid" ]; then
+		# logs to ~/.xsession-errors
+		echo "Failed to get the pid of chromium-browser via xprop..."
+		exit 1
+	fi
+	readonly wpid
+	activity=init
+	last="$(idle-daemon --send 'get :0' | grep -oP '(?<=idleSeconds=)[0-9]+')"
+	sleep 1
+	while true; do
+		if [ ! -d "/proc/$wpid" ]; then
+			echo "Process with PID $wpid stopped, exiting auto-reload loop."
+			exit 0
+		fi
+		current_idle="$(idle-daemon --send 'get :0' | grep -oP '(?<=idleSeconds=)[0-9]+')"
+		if (( current_idle >= SLX_BROWSER_RELOAD_SECS )); then
+			if [ "$activity" = "yes" ] && [ -n "$SLX_BROWSER_INTERACTIVE" ]; then
+				# activity was seen, interactive browser (UI) -> kill session
+				killall chromium-browser chromium
+				loginctl terminate-user demo
+				exit 0
+			else
+				xdotool windowactivate "$wid"
+				xdotool key Alt+Home
+				last="$current_idle"
+				sleep "$(( SLX_BROWSER_RELOAD_SECS - 10 ))"
+				# Wake up to force refresh
+				idle-daemon --send 'get :0' &> /dev/null
+				sleep 10
+				activity=init
+				continue
+			fi
+		elif [ "$activity" = "init" ]; then
+			activity=no
+		elif [ -n "$last" ] && (( last > current_idle )); then
+			activity=yes
+		fi
+		last="$current_idle"
+		num="$(( SLX_BROWSER_RELOAD_SECS - ( current_idle + 5 ) ))"
+		(( num < 1 )) && num=1
+		sleep "$num"
+	done
+	) &
+fi
+
+if is_on "$SLX_BROWSER_INSECURE"; then
+	chromium_args+=( "--allow-running-insecure-content" "--ignore-certificate-errors" )
+fi
+if is_on "$SLX_BROWSER_HWVIDEO"; then
+	chromium_args+=( "--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,VaapiVideoDecodeLinuxGL" )
+fi
+
+# Wait until cert store is fully populated
+wait $nss_pid
+
+chromium_args+=( "$SLX_BROWSER_URL" )
+
+# finally exec to chromium
+exec chromium "${chromium_args[@]}"
+exec chromium-browser "${chromium_args[@]}"
diff --git a/core/modules/kiosk-firefox/data/etc/X11/Xreset.d/clear-firefox-policies b/core/modules/kiosk-firefox/data/etc/X11/Xreset.d/clear-firefox-policies
new file mode 100644
index 00000000..3beaacf5
--- /dev/null
+++ b/core/modules/kiosk-firefox/data/etc/X11/Xreset.d/clear-firefox-policies
@@ -0,0 +1,7 @@
+#!/bin/ash
+# ^ sourced
+
+for dir in /etc/firefox/policies /etc/firefox-esr/policies; do
+	[ -s "$dir/policies.default.json" ] || continue
+	mv -f "$dir/policies.default.json" "$dir/policies.json"
+done
diff --git a/core/modules/kiosk-firefox/data/opt/openslx/pam/hooks/session-open.d/10-firefox-kiosk-policies b/core/modules/kiosk-firefox/data/opt/openslx/pam/hooks/session-open.d/10-firefox-kiosk-policies
index 0e09764c..9f87dcf1 100644
--- a/core/modules/kiosk-firefox/data/opt/openslx/pam/hooks/session-open.d/10-firefox-kiosk-policies
+++ b/core/modules/kiosk-firefox/data/opt/openslx/pam/hooks/session-open.d/10-firefox-kiosk-policies
@@ -83,6 +83,7 @@ add_urls() {
 . /opt/openslx/config
 . /opt/openslx/bin/slx-tools
 
+mv -n "/etc/firefox/policies/policies.json" "/etc/firefox/policies/policies.default.json"
 cp "/etc/firefox/policies/policies.kiosk.json" "/etc/firefox/policies/policies.json"
 
 bookmarks="$( json_bookmarks $SLX_BROWSER_BOOKMARKS )"
diff --git a/core/modules/kiosk-slxbrowser/data/opt/openslx/scripts/kiosk-launch.d/00-slxbrowser b/core/modules/kiosk-slxbrowser/data/opt/openslx/scripts/kiosk-launch.d/00-slxbrowser
deleted file mode 100644
index ea9d2e4c..00000000
--- a/core/modules/kiosk-slxbrowser/data/opt/openslx/scripts/kiosk-launch.d/00-slxbrowser
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/bash
-# ^ sourced!
-
-command -v slxbrowser || return 0
-
-OPTS=()
-
-# Ignore SSL errors
-[ -n "$SLX_BROWSER_INSECURE" ] && [ "$SLX_BROWSER_INSECURE" -gt 0 ] && OPTS+=("--insecure")
-# On inactivity, reload every X seconds
-[ -n "$SLX_BROWSER_RELOAD_SECS" ] && [ "$SLX_BROWSER_RELOAD_SECS" -gt 0 ] && OPTS+=("--reload-interval" "$SLX_BROWSER_RELOAD_SECS")
-
-if [ -n "$SLX_BROWSER_BLACKLIST" ]; then
-	# Turn into file with one entry per line
-	bl="$( mktemp )"
-	sed -r 's/\s+/\n/g' <<<"$SLX_BROWSER_BLACKLIST" > "$bl"
-	OPTS+=("--blacklist" "$bl")
-	# Async, clean up file after slxbrowser read it
-	( sleep 4; rm -f -- "$bl" ) &
-fi
-if [ -n "$SLX_BROWSER_WHITELIST" ]; then
-	wl="$( mktemp )"
-	sed -r 's/\s+/\n/g' <<<"$SLX_BROWSER_WHITELIST" > "$wl"
-	OPTS+=("--whitelist" "$wl")
-	( sleep 4; rm -f -- "$wl" ) &
-fi
-
-if [ -z "${SLX_AUTOLOGIN%OFF}" ]; then
-	OPTS+=("--maximized")
-else
-	OPTS+=("--fullscreen")
-fi
-
-if [ -n "$SLX_BROWSER_ZOOM" ]; then
-	OPTS+=( "--zoom" "$SLX_BROWSER_ZOOM" )
-fi
-
-# HACK: give whatever enough time to whatever it does properly
-sleep 1
-
-exec slxbrowser "${OPTS[@]}" "$SLX_BROWSER_URL"
diff --git a/core/modules/kiosk-slxbrowser/data/opt/openslx/scripts/kiosk-launch.d/50-slxbrowser b/core/modules/kiosk-slxbrowser/data/opt/openslx/scripts/kiosk-launch.d/50-slxbrowser
new file mode 100644
index 00000000..ea9d2e4c
--- /dev/null
+++ b/core/modules/kiosk-slxbrowser/data/opt/openslx/scripts/kiosk-launch.d/50-slxbrowser
@@ -0,0 +1,41 @@
+#!/bin/bash
+# ^ sourced!
+
+command -v slxbrowser || return 0
+
+OPTS=()
+
+# Ignore SSL errors
+[ -n "$SLX_BROWSER_INSECURE" ] && [ "$SLX_BROWSER_INSECURE" -gt 0 ] && OPTS+=("--insecure")
+# On inactivity, reload every X seconds
+[ -n "$SLX_BROWSER_RELOAD_SECS" ] && [ "$SLX_BROWSER_RELOAD_SECS" -gt 0 ] && OPTS+=("--reload-interval" "$SLX_BROWSER_RELOAD_SECS")
+
+if [ -n "$SLX_BROWSER_BLACKLIST" ]; then
+	# Turn into file with one entry per line
+	bl="$( mktemp )"
+	sed -r 's/\s+/\n/g' <<<"$SLX_BROWSER_BLACKLIST" > "$bl"
+	OPTS+=("--blacklist" "$bl")
+	# Async, clean up file after slxbrowser read it
+	( sleep 4; rm -f -- "$bl" ) &
+fi
+if [ -n "$SLX_BROWSER_WHITELIST" ]; then
+	wl="$( mktemp )"
+	sed -r 's/\s+/\n/g' <<<"$SLX_BROWSER_WHITELIST" > "$wl"
+	OPTS+=("--whitelist" "$wl")
+	( sleep 4; rm -f -- "$wl" ) &
+fi
+
+if [ -z "${SLX_AUTOLOGIN%OFF}" ]; then
+	OPTS+=("--maximized")
+else
+	OPTS+=("--fullscreen")
+fi
+
+if [ -n "$SLX_BROWSER_ZOOM" ]; then
+	OPTS+=( "--zoom" "$SLX_BROWSER_ZOOM" )
+fi
+
+# HACK: give whatever enough time to whatever it does properly
+sleep 1
+
+exec slxbrowser "${OPTS[@]}" "$SLX_BROWSER_URL"
-- 
cgit v1.2.3-55-g7522