diff --git a/PKGBUILD b/PKGBUILD index 33cdd8a..b525183 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -1,6 +1,6 @@ # Maintainer: Tad pkgname=brace -pkgver=20201221 +pkgver=20201225 pkgrel=1 pkgdesc="Increases privacy/security through various configs." arch=('any') diff --git a/README b/README index 0910ae7..9ae45ec 100644 --- a/README +++ b/README @@ -40,6 +40,5 @@ Contents Credits ------- userjs-arkenfox.js - @thorin-oakenpants+@earthlng+@claustromaniac - MIT - https://github.com/arkenfox/user.js -userjs-pyllyukko.js - @pyllyukko - MIT - https://github.com/pyllyukko/user.js firewalld IPv6 drop zone fix - Mark - - https://serverfault.com/a/775153 restic-backup.service - Link Dupont - - https://fedoramagazine.org/automate-backups-with-restic-and-systemd/ diff --git a/brace.spec b/brace.spec index a1c9ead..da1e0af 100644 --- a/brace.spec +++ b/brace.spec @@ -1,5 +1,5 @@ Name: brace -Version: 20201221 +Version: 20201225 Release: 1 Summary: Increases privacy/security through various configs. License: GPLv3+ @@ -10,7 +10,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root %description - Adds many helper scripts: brace-installer, brace-supplemental-changes - GNOME/Cinnamon/MATE: change default settings -- Firefox: change default settings, credit @arkenfox + @pyllyukko, license MIT +- Firefox: change default settings, credit @arkenfox, license MIT - Chromium: change default settings - NetworkManager: disable connectivity checking - Networkmanager: enable MAC address randomization diff --git a/brace/DEBIAN/control b/brace/DEBIAN/control index 47c8988..dad8512 100644 --- a/brace/DEBIAN/control +++ b/brace/DEBIAN/control @@ -1,5 +1,5 @@ Package: brace -Version: 20201221-1 +Version: 20201225-1 Section: custom Priority: optional Architecture: all diff --git a/brace/etc/dconf/db/local.d/00-brace-gnome b/brace/etc/dconf/db/local.d/00-brace-gnome index a6d84fc..449c2f9 100644 --- a/brace/etc/dconf/db/local.d/00-brace-gnome +++ b/brace/etc/dconf/db/local.d/00-brace-gnome @@ -40,8 +40,6 @@ show-full-name-in-top-bar=false send-software-usage-stats=false disable-camera=true disable-microphone=true -usb-protection=true -usb-protection-level='lockscreen' [org/gnome/desktop/remote-access] require-encryption=true diff --git a/brace/usr/lib/firefox/browser/defaults/preferences/userjs-pyllyukko.js b/brace/usr/lib/firefox/browser/defaults/preferences/userjs-pyllyukko.js deleted file mode 100644 index ad9016e..0000000 --- a/brace/usr/lib/firefox/browser/defaults/preferences/userjs-pyllyukko.js +++ /dev/null @@ -1,77 +0,0 @@ -// -/****************************************************************************** - * user.js * - * https://github.com/pyllyukko/user.js * - * license: MIT: https://github.com/pyllyukko/user.js/blob/master/LICENSE * - ******************************************************************************/ - -// PREF: Disable WebRTC getUserMedia, screen sharing, audio capture, video capture -// https://wiki.mozilla.org/Media/getUserMedia -// https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/ -// https://developer.mozilla.org/en-US/docs/Web/API/Navigator -pref("media.navigator.video.enabled", false); - -// PREF: Disable speech recognition -// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html -// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition -// https://wiki.mozilla.org/HTML5_Speech_API -pref("media.webspeech.recognition.enable", false); - -// PREF: Set File URI Origin Policy -// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 -pref("security.fileuri.strict_origin_policy", true); - -// PREF: Enable only whitelisted URL protocol handlers -// http://kb.mozillazine.org/Network.protocol-handler.external-default -// http://kb.mozillazine.org/Network.protocol-handler.warn-external-default -// http://kb.mozillazine.org/Network.protocol-handler.expose.%28protocol%29 -// https://news.ycombinator.com/item?id=13047883 -// https://bugzilla.mozilla.org/show_bug.cgi?id=167475 -// https://github.com/pyllyukko/user.js/pull/285#issuecomment-298124005 -// NOTICE: Disabling nonessential protocols breaks all interaction with custom protocols such as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/... clients when clicking on links with these protocols -// TODO: Add externally-handled protocols from Windows 8.1 and Windows 10 (currently contains protocols only from Linux and Windows 7) that might pose a similar threat (see e.g. https://news.ycombinator.com/item?id=13044991) -// TODO: Add externally-handled protocols from Mac OS X that might pose a similar threat (see e.g. https://news.ycombinator.com/item?id=13044991) -// If you want to enable a protocol, set network.protocol-handler.expose.(protocol) to true and network.protocol-handler.external.(protocol) to: -// * true, if the protocol should be handled by an external application -// * false, if the protocol should be handled internally by Firefox -pref("network.protocol-handler.warn-external-default", true); -pref("network.protocol-handler.external.http", false); -pref("network.protocol-handler.external.https", false); -pref("network.protocol-handler.external.javascript", false); -pref("network.protocol-handler.external.moz-extension", false); -pref("network.protocol-handler.external.ftp", false); -pref("network.protocol-handler.external.file", false); -pref("network.protocol-handler.external.about", false); -pref("network.protocol-handler.external.chrome", false); -pref("network.protocol-handler.external.blob", false); -pref("network.protocol-handler.external.data", false); -pref("network.protocol-handler.expose-all", false); -pref("network.protocol-handler.expose.http", true); -pref("network.protocol-handler.expose.https", true); -pref("network.protocol-handler.expose.javascript", true); -pref("network.protocol-handler.expose.moz-extension", true); -pref("network.protocol-handler.expose.ftp", true); -pref("network.protocol-handler.expose.file", true); -pref("network.protocol-handler.expose.about", true); -pref("network.protocol-handler.expose.chrome", true); -pref("network.protocol-handler.expose.blob", true); -pref("network.protocol-handler.expose.data", true); - -// PREF: Disable Shumway (Mozilla Flash renderer) -// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway -pref("shumway.disabled", true); - -// PREF: Reject .onion hostnames before passing the to DNS -// https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 -// RFC 7686 -pref("network.dns.blockDotOnion", true); - -// PREF: Enable Subresource Integrity -// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity -// https://wiki.mozilla.org/Security/Subresource_Integrity -pref("security.sri.enable", true); - -// PREF: Display a notification bar when websites offer data for offline use -// http://kb.mozillazine.org/Browser.offline-apps.notify -pref("browser.offline-apps.notify", true);