summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xbuild.sh25
-rw-r--r--common/signing.js16
-rw-r--r--manifest.json4
3 files changed, 23 insertions, 22 deletions
diff --git a/build.sh b/build.sh
index 0659ed1..66f709c 100755
--- a/build.sh
+++ b/build.sh
@@ -200,19 +200,20 @@ main() {
GECKO_APPLICATIONS=''
if [ "$BROWSER" = "chromium" ]; then
+ CHROMIUM_KEY="$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)"
+ echo "chromium key is" $CHROMIUM_KEY
+ CHROMIUM_KEY="chromium-key-dummy-file-$CHROMIUM_KEY"
+ CHROMIUM_KEY=$(echo $CHROMIUM_KEY | tr / -);
+ touch $BUILDDIR/$CHROMIUM_KEY
+
CHROMIUM_KEY="\n\
-\n\
- // WARNING!!!\n\
- // EACH USER SHOULD REPLACE \"key\" WITH A UNIQUE VALUE!!!\n\
- // OTHERWISE, SECURITY CAN BE TRIVIALLY COMPROMISED!\n\
- //\n\
- // A unique key can be generated with:\n\
- // $ ssh-keygen -f /path/to/new/key.pem -t rsa -b 1024\n\
- //\n\
- // Only relevant to users of chrome-based browsers.\n\
- // Users of Firefox forks are safe.\n\
-\n\
- \"key\": \"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAlwAAAAdzc2gtcnNhAAAAAwEAAQAAAIEA+0GT5WNmRRo8e5tL9+BmNtY6aBPwLIgbPnLShYBMSR40iYwLTsccrkwBXb3bs1o4p6q5WJugI8Lsia+GXZc/XHGFkq7D1aWiTxlJLs8z0JC2TQ2/yatYmBMchogYGeeUfP7aI7JJZwpATts+VhIvgga/4FYj+DijMIEpwdckqFEAAAII4Dh7HOA4exwAAAAHc3NoLXJzYQAAAIEA+0GT5WNmRRo8e5tL9+BmNtY6aBPwLIgbPnLShYBMSR40iYwLTsccrkwBXb3bs1o4p6q5WJugI8Lsia+GXZc/XHGFkq7D1aWiTxlJLs8z0JC2TQ2/yatYmBMchogYGeeUfP7aI7JJZwpATts+VhIvgga/4FYj+DijMIEpwdckqFEAAAADAQABAAAAgEHB5/MhEKMFOs8e1cMJ97ZiWubiUPlWpcqyQmauLUj1nspg3JTBh8AWJEVkaxuFgU5gYCHQmRjC6yUdywyziOEkFA4r/WpX4WmbIe+GQHRHhitLN0dgF8N6/fVNOoa5StTdfZqyl23pVXyepoDNjrJFKyupqPMmpwfH5lGr9RwBAAAAQG76HflB/5j8P2YgIYX6dQT4Ei0SqiIjNVy7jFJUQDKSJg/PYkedE02JZJBJPcMYxEJUxXtMgq+upamNILfkmY0AAABBAP4v0O5dqjy16xDDFzb4DPNAcw5Za9KJaXKVkUuKXMNZOKTR0RC/upjNTmttY980RKdIx5zA25dO8cx563bSDIsAAABBAP0MaOpBiai/eRmLqhlthHODa+Mur6W3uc9PyhWhgDBjLNMR/doaYeyfVKxtIiN3a+HkN++G+vbokRweQv++bhMAAAANdXJ6QGxvY2FsaG9zdAECAwQFBg==\","
+ // WARNING!!!\n\
+ // EACH USER SHOULD REPLACE DUMMY FILE's VALUE WITH A UNIQUE ONE!!!\n\
+ // OTHERWISE, SECURITY CAN BE TRIVIALLY COMPROMISED!\n\
+ // Only relevant to users of chrome-based browsers.\n\
+ // Users of Firefox forks are safe.\n\
+ \"$CHROMIUM_KEY\"\
+"
else
GECKO_APPLICATIONS="\n\
\"applications\": {\n\
diff --git a/common/signing.js b/common/signing.js
index 2171714..1904bcd 100644
--- a/common/signing.js
+++ b/common/signing.js
@@ -10,7 +10,7 @@
* IMPORTS_START
* IMPORT sha256
* IMPORT browser
- * IMPORT is_chrome
+ * IMPORT is_mozilla
* IMPORTS_END
*/
@@ -30,18 +30,18 @@
*
* The secret shared between execution contexts has to be available
* synchronously. Under Mozilla, this is the extension's per-session id. Under
- * Chromium, this is the key that resides in the manifest.
- *
- * An idea to (under Chromium) instead store the secret in a file fetched
- * synchronously using XMLHttpRequest is being considered.
+ * Chromium, this is a dummy web-accessible-resource name that resides in the
+ * manifest and is supposed to be constructed by each user using a unique value
+ * (this is done automatically by `build.sh').
*/
function get_secret()
{
- if (is_chrome)
- return browser.runtime.getManifest().key.substring(0, 50);
- else
+ if (is_mozilla)
return browser.runtime.getURL("dummy");
+
+ return chrome.runtime.getManifest().web_accessible_resources
+ .map(r => /^chromium-key-dummy-file-(.*)/.exec(r)).filter(r => r)[0][1];
}
function extract_signed(signature, signed_data)
diff --git a/manifest.json b/manifest.json
index bd963fe..ce2577e 100644
--- a/manifest.json
+++ b/manifest.json
@@ -4,7 +4,7 @@
"manifest_version": 2,
"name": "Hachette",
"short_name": "Hachette",
- "version": "0.0.1",_CHROMIUM_KEY_
+ "version": "0.0.1",
"author": "various",
"description": "Control your \"Web\" browsing.",_GECKO_APPLICATIONS_
"icons":{
@@ -42,7 +42,7 @@
"page": "html/options.html",
"open_in_tab": true
},
- "web_accessible_resources": [
+ "web_accessible_resources": [_CHROMIUM_KEY_
],
"background": {
"persistent": true,