diff options
author | Wojtek Kosior <koszko@koszko.org> | 2021-09-06 16:45:36 +0200 |
---|---|---|
committer | Wojtek Kosior <koszko@koszko.org> | 2021-09-06 16:45:36 +0200 |
commit | ed08ef1a6df1713a0e00ccd656f4bb4ed44647a4 (patch) | |
tree | 46c363aedbac6f93af972caafb17ec94fcbfb011 | |
parent | 51d43685c667567516cfbda8dfeb75e98c00619f (diff) | |
download | browser-extension-ed08ef1a6df1713a0e00ccd656f4bb4ed44647a4.tar.gz browser-extension-ed08ef1a6df1713a0e00ccd656f4bb4ed44647a4.zip |
generate Chromium unique key automatically in `build.sh'
-rwxr-xr-x | build.sh | 25 | ||||
-rw-r--r-- | common/signing.js | 16 | ||||
-rw-r--r-- | manifest.json | 4 |
3 files changed, 23 insertions, 22 deletions
@@ -200,19 +200,20 @@ main() { GECKO_APPLICATIONS='' if [ "$BROWSER" = "chromium" ]; then + CHROMIUM_KEY="$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)" + echo "chromium key is" $CHROMIUM_KEY + CHROMIUM_KEY="chromium-key-dummy-file-$CHROMIUM_KEY" + CHROMIUM_KEY=$(echo $CHROMIUM_KEY | tr / -); + touch $BUILDDIR/$CHROMIUM_KEY + CHROMIUM_KEY="\n\ -\n\ - // WARNING!!!\n\ - // EACH USER SHOULD REPLACE \"key\" WITH A UNIQUE VALUE!!!\n\ - // OTHERWISE, SECURITY CAN BE TRIVIALLY COMPROMISED!\n\ - //\n\ - // A unique key can be generated with:\n\ - // $ ssh-keygen -f /path/to/new/key.pem -t rsa -b 1024\n\ - //\n\ - // Only relevant to users of chrome-based browsers.\n\ - // Users of Firefox forks are safe.\n\ -\n\ - \"key\": \"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAlwAAAAdzc2gtcnNhAAAAAwEAAQAAAIEA+0GT5WNmRRo8e5tL9+BmNtY6aBPwLIgbPnLShYBMSR40iYwLTsccrkwBXb3bs1o4p6q5WJugI8Lsia+GXZc/XHGFkq7D1aWiTxlJLs8z0JC2TQ2/yatYmBMchogYGeeUfP7aI7JJZwpATts+VhIvgga/4FYj+DijMIEpwdckqFEAAAII4Dh7HOA4exwAAAAHc3NoLXJzYQAAAIEA+0GT5WNmRRo8e5tL9+BmNtY6aBPwLIgbPnLShYBMSR40iYwLTsccrkwBXb3bs1o4p6q5WJugI8Lsia+GXZc/XHGFkq7D1aWiTxlJLs8z0JC2TQ2/yatYmBMchogYGeeUfP7aI7JJZwpATts+VhIvgga/4FYj+DijMIEpwdckqFEAAAADAQABAAAAgEHB5/MhEKMFOs8e1cMJ97ZiWubiUPlWpcqyQmauLUj1nspg3JTBh8AWJEVkaxuFgU5gYCHQmRjC6yUdywyziOEkFA4r/WpX4WmbIe+GQHRHhitLN0dgF8N6/fVNOoa5StTdfZqyl23pVXyepoDNjrJFKyupqPMmpwfH5lGr9RwBAAAAQG76HflB/5j8P2YgIYX6dQT4Ei0SqiIjNVy7jFJUQDKSJg/PYkedE02JZJBJPcMYxEJUxXtMgq+upamNILfkmY0AAABBAP4v0O5dqjy16xDDFzb4DPNAcw5Za9KJaXKVkUuKXMNZOKTR0RC/upjNTmttY980RKdIx5zA25dO8cx563bSDIsAAABBAP0MaOpBiai/eRmLqhlthHODa+Mur6W3uc9PyhWhgDBjLNMR/doaYeyfVKxtIiN3a+HkN++G+vbokRweQv++bhMAAAANdXJ6QGxvY2FsaG9zdAECAwQFBg==\"," + // WARNING!!!\n\ + // EACH USER SHOULD REPLACE DUMMY FILE's VALUE WITH A UNIQUE ONE!!!\n\ + // OTHERWISE, SECURITY CAN BE TRIVIALLY COMPROMISED!\n\ + // Only relevant to users of chrome-based browsers.\n\ + // Users of Firefox forks are safe.\n\ + \"$CHROMIUM_KEY\"\ +" else GECKO_APPLICATIONS="\n\ \"applications\": {\n\ diff --git a/common/signing.js b/common/signing.js index 2171714..1904bcd 100644 --- a/common/signing.js +++ b/common/signing.js @@ -10,7 +10,7 @@ * IMPORTS_START * IMPORT sha256 * IMPORT browser - * IMPORT is_chrome + * IMPORT is_mozilla * IMPORTS_END */ @@ -30,18 +30,18 @@ * * The secret shared between execution contexts has to be available * synchronously. Under Mozilla, this is the extension's per-session id. Under - * Chromium, this is the key that resides in the manifest. - * - * An idea to (under Chromium) instead store the secret in a file fetched - * synchronously using XMLHttpRequest is being considered. + * Chromium, this is a dummy web-accessible-resource name that resides in the + * manifest and is supposed to be constructed by each user using a unique value + * (this is done automatically by `build.sh'). */ function get_secret() { - if (is_chrome) - return browser.runtime.getManifest().key.substring(0, 50); - else + if (is_mozilla) return browser.runtime.getURL("dummy"); + + return chrome.runtime.getManifest().web_accessible_resources + .map(r => /^chromium-key-dummy-file-(.*)/.exec(r)).filter(r => r)[0][1]; } function extract_signed(signature, signed_data) diff --git a/manifest.json b/manifest.json index bd963fe..ce2577e 100644 --- a/manifest.json +++ b/manifest.json @@ -4,7 +4,7 @@ "manifest_version": 2, "name": "Hachette", "short_name": "Hachette", - "version": "0.0.1",_CHROMIUM_KEY_ + "version": "0.0.1", "author": "various", "description": "Control your \"Web\" browsing.",_GECKO_APPLICATIONS_ "icons":{ @@ -42,7 +42,7 @@ "page": "html/options.html", "open_in_tab": true }, - "web_accessible_resources": [ + "web_accessible_resources": [_CHROMIUM_KEY_ ], "background": { "persistent": true, |