How can the logging to $SSLKEYLOGFILE be re-enabled again in Palemoon.
This is where the patch below lives:
Code: Select all
# ls -lRa /etc/portage/patches/www-client/palemoon-27.2.0-r1/
/etc/portage/patches/www-client/palemoon-27.2.0-r1/:
total 12
drwxr-xr-x 2 portage portage 4096 2017-03-08 22:33 .
drwxr-xr-x 7 portage portage 4096 2017-03-08 22:32 ..
-rw-r--r-- 1 portage portage 1133 2017-03-08 22:31 allow-sslkeylogfile.patch
#
# cat allow-sslkeylogfile.patch
Code: Select all
From ab620b30019aed0f04635c057ab9b9a2cb3ef2cf Mon Sep 17 00:00:00 2001
From: Miroslav Rovis <miro.rovis@croatiafidelis.hr>
Date: Wed, 8 Mar 2017 22:29:58 +0100
Subject: [PATCH] patched
---
security/nss/lib/ssl/Makefile | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/security/nss/lib/ssl/Makefile b/security/nss/lib/ssl/Makefile
index 24fccc5..bdea353 100644
--- a/security/nss/lib/ssl/Makefile
+++ b/security/nss/lib/ssl/Makefile
@@ -40,11 +40,12 @@ endif
endif
# Enable key logging by default in debug builds, but not opt builds.
+# ( by commenting it out, it will be enabled in opt builds too )
# Logging still needs to be enabled at runtime through env vars.
-NSS_ALLOW_SSLKEYLOGFILE ?= $(if $(BUILD_OPT),0,1)
-ifeq (1,$(NSS_ALLOW_SSLKEYLOGFILE))
-DEFINES += -DNSS_ALLOW_SSLKEYLOGFILE=1
-endif
+#NSS_ALLOW_SSLKEYLOGFILE ?= $(if $(BUILD_OPT),0,1)
+#ifeq (1,$(NSS_ALLOW_SSLKEYLOGFILE))
+#DEFINES += -DNSS_ALLOW_SSLKEYLOGFILE=1
+#endif
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
--
2.12.0
I tried, that user patch (probably typical of Gentoo only, not other Linuces, or?) [that user patch] gets applied when expected (at "source prepare" time --see the ebuild below), and the Makefile, exactly as expected, does look like this:
Code: Select all
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
######################################################################
#
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include config.mk
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
CSRCS += win32err.c
DEFINES += -DIN_LIBSSL
else
ifeq ($(OS_TARGET),OS2)
CSRCS += os2_err.c
else
CSRCS += unix_err.c
endif
endif
# Enable key logging by default in debug builds, but not opt builds.
# ( by commenting it out, it will be enabled in opt builds too )
# Logging still needs to be enabled at runtime through env vars.
#NSS_ALLOW_SSLKEYLOGFILE ?= $(if $(BUILD_OPT),0,1)
#ifeq (1,$(NSS_ALLOW_SSLKEYLOGFILE))
#DEFINES += -DNSS_ALLOW_SSLKEYLOGFILE=1
#endif
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
export:: private_export
What is missing to get the recording of SSL keys back?
(
I have to use Firefox, where a similar patch that I applied --about which I reported in
Tracking protection and NSS SSL secrets logging (two security questions)?
viewtopic.php?f=26&t=12544
where fine the Gentoo bug with m patch that works for Firefox, and that I'm using in this Firefox that I'm browsing with right now -- did the trick. I'd like to go back to using Palemoon again, but no way would I be happy if the network SSL conversations don't open for my, no way...
)
This ebuild is copy-and-modify the latest ebuild from https://github.com/deuiore/palemoon-overlay . Modified in such way as I tried to explain in:
https://github.com/deuiore/palemoon-overlay/pull/34
Here's the ebuild, that otherwise gets me a fully functional Palemoon (where find "eapply_user" to see where the above patch is applied):
Code: Select all
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI=6
REQUIRED_BUILDSPACE='7G'
# For mozlinguas:
MOZ_LANGS=( cs de es-AR es-ES es-MX fr hu it ja ko pl ru zh-CN )
MOZ_LANGPACK_PREFIX="langpacks/27.x/"
MOZ_FTP_URI="http://relmirror.palemoon.org"
inherit palemoon-1-r1 mozlinguas git-r3 eutils flag-o-matic pax-utils
KEYWORDS="~x86 ~amd64"
DESCRIPTION="Pale Moon Web Browser"
HOMEPAGE="https://www.palemoon.org/"
SLOT="0"
LICENSE="MPL-2.0 GPL-2 LGPL-2.1"
IUSE="+official-branding -system-libs +optimize shared-js jemalloc -valgrind
dbus -necko-wifi +gtk2 -gtk3 +ffmpeg -gstreamer -webrtc
alsa pulseaudio"
EGIT_REPO_URI="http://localhost/cgi-bin/cgit.cgi/Pale-Moon.git"
GIT_TAG="${PV}a1"
DEPEND="
>=sys-devel/autoconf-2.13:2.1
dev-lang/python:2.7
>=dev-lang/perl-5.6
dev-lang/yasm"
RDEPEND="
x11-libs/libXt
app-arch/zip
media-libs/freetype
media-libs/fontconfig
system-libs? (
dev-libs/libevent
media-libs/libjpeg-turbo
sys-libs/zlib
app-arch/bzip2
media-libs/libwebp
media-libs/libpng[apng]
app-text/hunspell
>=media-libs/libvpx-1.4.0
>=dev-db/sqlite-3.13.0[secure-delete]
x11-libs/cairo
x11-libs/pixman
)
optimize? ( sys-libs/glibc )
valgrind? ( dev-util/valgrind )
shared-js? ( virtual/libffi )
dbus? (
>=sys-apps/dbus-0.60
>=dev-libs/dbus-glib-0.60
)
gtk2? ( >=x11-libs/gtk+-2.18.0:2 )
gtk3? ( >=x11-libs/gtk+-3.4.0:3 )
ffmpeg? (
virtual/ffmpeg[x264]
)
gstreamer? (
media-libs/gstreamer:1.0
media-libs/gst-plugins-base:1.0
)
alsa? ( media-libs/alsa-lib )
pulseaudio? ( media-sound/pulseaudio )
necko-wifi? ( net-wireless/wireless-tools )"
REQUIRED_USE="
jemalloc? ( !valgrind )
^^ ( gtk2 gtk3 )
^^ ( alsa pulseaudio )
necko-wifi? ( dbus )"
src_unpack() {
git-r3_fetch ${EGIT_REPO_URI} refs/heads/master
git-r3_checkout
# Unpack language packs:
cd "${WORKDIR}"
mozlinguas_src_unpack
}
src_prepare() {
# Ensure that our plugins dir is enabled by default:
sed -i -e "s:/usr/lib/mozilla/plugins:/usr/lib/nsbrowser/plugins:" \
"${S}/xpcom/io/nsAppFileLocationProvider.cpp" \
|| die "sed failed to replace plugin path for 32bit!"
sed -i -e "s:/usr/lib64/mozilla/plugins:/usr/lib64/nsbrowser/plugins:" \
"${S}/xpcom/io/nsAppFileLocationProvider.cpp" \
|| die "sed failed to replace plugin path for 64bit!"
# Allow users to apply any additional patches without modifing the ebuild:
eapply_user
}
src_configure() {
# Basic configuration:
mozconfig_init
mozconfig_disable updater
if use system-libs; then
mozconfig_with system-libevent system-jpeg system-zlib system-bz2 \
system-webp system-png system-libvpx
mozconfig_enable system-hunspell system-sqlite system-cairo \
system-pixman
fi
if use optimize; then
O=$(get-flag '-O*')
mozconfig_enable optimize=\"$O\"
filter-flags '-O*'
else
mozconfig_disable optimize
fi
if use shared-js; then
mozconfig_enable shared-js
fi
if use jemalloc; then
mozconfig_enable jemalloc jemalloc-lib
fi
if use valgrind; then
mozconfig_enable valgrind
else
mozconfig_disable valgrind
fi
if ! use dbus; then
mozconfig_disable dbus
fi
if ! use necko-wifi; then
mozconfig_disable necko-wifi
fi
if use ffmpeg; then
mozconfig_enable ffmpeg
else
mozconfig_disable ffmpeg
fi
if use gstreamer; then
mozconfig_enable gstreamer
else
mozconfig_disable gstreamer
fi
if use webrtc; then
mozconfig_enable webrtc
else
mozconfig_disable webrtc
fi
if use alsa; then
mozconfig_enable alsa
fi
if ! use pulseaudio; then
mozconfig_disable pulseaudio
fi
if use official-branding; then
official-branding_warning
mozconfig_enable official-branding
fi
if use gtk2; then
mozconfig_enable default-toolkit=\"cairo-gtk2\"
fi
if use gtk3; then
mozconfig_enable default-toolkit=\"cairo-gtk3\"
fi
# Mainly to prevent system's NSS/NSPR from taking precedence over
# the built-in ones:
append-ldflags -Wl,-rpath="$EPREFIX/usr/$(get_libdir)/palemoon"
export MOZBUILD_STATE_PATH="${WORKDIR}/mach_state"
mozconfig_var PYTHON $(which python2)
mozconfig_var AUTOCONF $(which autoconf-2.13)
mozconfig_var MOZ_MAKE_FLAGS "${MAKEOPTS}"
# Disable mach notifications, which also cause sandbox access violations:
export MOZ_NOSPAM=1
python2 mach # Run it once to create the state directory.
python2 mach configure || die
}
src_compile() {
python2 mach build || die
}
src_install() {
# obj_dir changes depending on arch, compiler, etc:
local obj_dir="$(echo */config.log)"
obj_dir="${obj_dir%/*}"
# Disable MPROTECT for startup cache creation:
pax-mark m "${obj_dir}"/dist/bin/xpcshell
load_default_prefs
set_pref "spellchecker.dictionary_path" "${EPREFIX}/usr/share/myspell"
# Gotta create the package, unpack it and manually install the files
# from there not to miss anything (e.g. the statusbar extension):
einfo "Creating the package..."
python2 mach package || die
local extracted_dir="${T}/package"
mkdir -p "${extracted_dir}"
cd "${extracted_dir}"
einfo "Extracting the package..."
tar xjpf "${S}/${obj_dir}/dist/${P}a1.linux-${CTARGET_default%%-*}.tar.bz2"
einfo "Installing the package..."
local dest_libdir="/usr/$(get_libdir)"
mkdir -p "${D}/${dest_libdir}"
cp -rL "${PN}" "${D}/${dest_libdir}"
dosym "${dest_libdir}/${PN}/${PN}" "/usr/bin/${PN}"
einfo "Done installing the package."
# Until JIT-less builds are supported,
# also disable MPROTECT on the main executable:
pax-mark m "${D}/${dest_libdir}/${PN}/"{palemoon,palemoon-bin,plugin-container}
# Install language packs:
MOZILLA_FIVE_HOME="${dest_libdir}/${PN}/browser"
mozlinguas_src_install
# Install icons and .desktop for menu entry:
cp -rL "${S}/${obj_dir}/dist/branding" "${extracted_dir}/"
local size sizes icon_path icon name
sizes="16 32 48"
icon_path="${extracted_dir}/branding"
icon="${PN}"
name="Pale Moon"
for size in ${sizes}; do
insinto "/usr/share/icons/hicolor/${size}x${size}/apps"
newins "${icon_path}/default${size}.png" "${icon}.png"
done
# The 128x128 icon has a different name:
insinto "/usr/share/icons/hicolor/128x128/apps"
newins "${icon_path}/mozicon128.png" "${icon}.png"
# Install a 48x48 icon into /usr/share/pixmaps for legacy DEs:
newicon "${icon_path}/default48.png" "${icon}.png"
newmenu "${FILESDIR}/icon/${PN}.desktop" "${PN}.desktop"
sed -i -e "s:@NAME@:${name}:" -e "s:@ICON@:${icon}:" \
"${ED}/usr/share/applications/${PN}.desktop" || die
}
Regards!