search

secureblue / hardened-chromium

A hardened chromium for desktop Linux inspired by Vanadium.
GNU General Public License v2.0
22 stars 5 forks source link

Fix extension verification patches #4

Closed RKNF404 closed 2 months ago

RKNF404 commented 2 months ago

For the patch set-default-extension-content-verification-enforce-strict.patch, the way it is currently done it will only apply if the commandline parameter is passed with no arguments or an unrecognized one. It would be better to replace the final return value in that same function from std::max(experiment_value, cmdline_value) with VerifyInfo::Mode::ENFORCE_STRICT. Similarly, for set-default-extension-install-verification-enforce-strict.patch, it overrides the default return value in the GetCommandLineStatus() function which will work but can be ignored if the commandline parameter is used with another value. Replacing the final return for the GetStatus() function instead would be better since it will always return VerifyStatus::ENFORCE_STRICT if you replace std::max(GetExperimentStatus(), GetCommandLineStatus()) with it.

qoijjj commented 2 months ago

Thanks for reviewing these even though it's all experimental

I agree with you and will make the changes

qoijjj commented 2 months ago

@RKNF404 On second look, I'll keep the install verifier as-is. If users still want to configure the flag, they should be able to. The goal here is to change the default behavior with no flag provided. I'll make the change for content verifier though.

qoijjj commented 2 months ago

https://github.com/qoijjj/chromium-copr-experimental/blob/master/patches/set-default-extension-content-verification-enforce-strict.patch