Open heywoodlh opened 7 months ago
Apparently Firefox allows you to manage policies with a plist file: Managing policies on macOS desktops
I tried this using the apparent plist file for Mullvad Browser and setting the DisableAppUpdate
bool to true with this command:
/usr/bin/defaults write $HOME/Library/Preferences/net.mullvad.mullvadbrowser.plist DisableAppUpdate -bool TRUE
However, it seems that Mullvad Browser ignores the plist. Is there a different location that Mullvad Browser looks for a plist?
@heywoodlh is there a way to detect the browser has been installed through NixOS?
Otherwise, we can try to find more information about the plist.
is there a way to detect the browser has been installed through NixOS?
In the Linux derivative, Nix injects some light branding into Mullvad Browser: https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/mu/mullvad-browser/package.nix#L109-L120
However, by nature, I don't think this would work for MacOS because the integrity of the original .app would be compromised -- and thus wouldn't be valid/considered secure per the original signature.
Alternatively, building the app from source for Nix would probably be more ideal and would bypass this problem altogether. The last time I looked, there were only instructions for building from source on Linux and I couldn't find any MacOS documentation.
EDIT: seems the Tor Browser publishes docs now including MacOS build instructions here: https://gitlab.torproject.org/tpo/applications/team/-/wikis/Development-Information/Tor-Browser/Building
Will try building Mullvad Browser from source on MacOS with Nix and report back!
You can build Mullvad Browser on macOS in the same way you'd build Firefox. I don't know if the difference in toolchain can be fingerprinted. In addition to that, you'll have to bundle a few fonts for additional language support (a fingerprinter might check for them).
I have been attempting to port Mullvad Browser for MacOS to nixpkgs for use with the Nix package manager on MacOS: https://github.com/NixOS/nixpkgs/pull/283874
However, I cannot package it with auto-updates enabled -- because I want Nix to manage the updates. Auto updates can be disabled within Firefox via
policies.json
as described in Firefox's documentation: https://support.mozilla.org/en-US/kb/deploying-firefox-customizations-macosI also tested what happens with installing an old release (13.0.7) with Nix and auto-updates completely broke the browser after the update completed.
After a lot of testing, I have found that on MacOS I can only deploy a custom
policies.json
in Mullvad Browser after the .app is installed on my system. If I modify it before it gets on my system i.e. with Nix, I have to remove the code signature like so:This gets the app to launch but basically breaks all of the functionality of the app (crashed tabs, unable to browse the web, etc.).
Is there any way we could see a signed release of Mullvad Browser on MacOS with auto updates disabled for use in Nix? Or, is there another way I could disable auto-updates without modifying the .app?
(I want to also port the Tor Browser for MacOS to nixpkgs, but suspect the exact same issue will be present -- so if this could also be addressed with Tor Browser that would be fantastic!)