ZenBrowserMirrors/zen-desktop
1
0
Fork 1
mirror of https://github.com/zen-browser/desktop.git synced 2025-07-08 00:10:00 +02:00
Code Releases Wiki Activity

feat: security: Enable google safebrowsing and populate the API keys, b=no-bug, c=workflows, common, configs

Browse source
This commit is contained in:
Mr. M 2025-06-09 19:11:09 +02:00
parent 35245078c9
commit d786c6927f
No known key found for this signature in database
GPG key ID: 6292C4C8F8652B18
4 changed files with 33 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
.github/workflows/linux-release-build.yml vendored
View file

@ -121,6 +121,11 @@ jobs:
./mach --no-interactive bootstrap --application-choice browser ./mach --no-interactive bootstrap --application-choice browser
cd .. cd ..
- name: Insert API Keys
run: |
mkdir -p ~/.zen-keys
echo "${{ secrets.ZEN_SAFEBROWSING_API_KEY }}" > ~/.zen-keys/safebrowsing.dat
- name: Build - name: Build
env: env:
SURFER_COMPAT: ${{ matrix.arch }} SURFER_COMPAT: ${{ matrix.arch }}
@ -141,6 +146,10 @@ jobs:
export SURFER_PLATFORM="linux" export SURFER_PLATFORM="linux"
export ZEN_RELEASE=1 export ZEN_RELEASE=1
npm run package npm run package
- name: Remove API Keys
run: |
rm -rf ~/.zen-keys
- name: Rename artifacts - name: Rename artifacts
run: | run: |

9
.github/workflows/macos-release-build.yml vendored
View file

@ -132,6 +132,11 @@ jobs:
- name: Build language packs - name: Build language packs
run: sh scripts/download-language-packs.sh run: sh scripts/download-language-packs.sh
- name: Insert API Keys
run: |
mkdir -p ~/.zen-keys
echo "${{ secrets.ZEN_SAFEBROWSING_API_KEY }}" > ~/.zen-keys/safebrowsing.dat
- name: Build Zen - name: Build Zen
env: env:
SURFER_COMPAT: ${{ matrix.arch }} SURFER_COMPAT: ${{ matrix.arch }}
@ -152,6 +157,10 @@ jobs:
export ZEN_RELEASE=1 export ZEN_RELEASE=1
npm run package npm run package
- name: Remove API Keys
run: |
rm -rf ~/.zen-keys
- name: Rename artifacts - name: Rename artifacts
run: | run: |
echo "Tarballing DMG" echo "Tarballing DMG"

10
.github/workflows/windows-release-build.yml vendored
View file

@ -226,6 +226,11 @@ jobs:
chmod +x ~/artifact/en-US.log chmod +x ~/artifact/en-US.log
chmod +x ~/artifact/merged.profdata chmod +x ~/artifact/merged.profdata
- name: Insert API Keys
run: |
mkdir -p ~/.zen-keys
echo "${{ secrets.ZEN_SAFEBROWSING_API_KEY }}" > ~/.zen-keys/safebrowsing.dat
- name: Build - name: Build
if: ${{ !(inputs.generate-gpo && matrix.arch == 'aarch64') }} if: ${{ !(inputs.generate-gpo && matrix.arch == 'aarch64') }}
env: env:
@ -259,6 +264,11 @@ jobs:
ls ./dist ls ./dist
ls . ls .
- name: Remove API Keys
run: |
rm -rf ~/.zen-keys
- name: Move package for PGO upload - name: Move package for PGO upload
if: ${{ inputs.generate-gpo && matrix.arch == 'x86_64' }} if: ${{ inputs.generate-gpo && matrix.arch == 'x86_64' }}
run: | run: |

8
configs/common/mozconfig
View file

@ -32,6 +32,11 @@ if ! test "$SCCACHE_GHA_ENABLED" = "false"; then
fi fi
fi fi
# add safe browsing key if it exists on a file
if test -f "$HOME/.zen-keys/safebrowsing.dat"; then
ac_add_options --with-google-safebrowsing-api-keyfile="$HOME/.zen-keys/safebrowsing.dat"
fi
if test "$ZEN_RELEASE"; then if test "$ZEN_RELEASE"; then
# TODO: Make this successful in builds # TODO: Make this successful in builds
@ -96,10 +101,7 @@ fi
ac_add_options --enable-unverified-updates ac_add_options --enable-unverified-updates
ac_add_options --enable-raw
ac_add_options --enable-webrtc
ac_add_options --enable-jxl ac_add_options --enable-jxl
ac_add_options --enable-av1
ac_add_options --with-unsigned-addon-scopes=app,system ac_add_options --with-unsigned-addon-scopes=app,system