Michael Altfield's gravatar

Ephemeral Firefox with Extensions (2/3)

I recently posted about how to create a sandboxed firefox profile to compartmentalize (and shred) your firefox browsing history in an Ephemeral Firefox session. But so far I've only covered how to create a simple vanilla firefox profile. What if you want your Ephemeral Firefox to include a few basic extensions?

This post will cover how to add extensions to your Ephemeral Firefox profile.

icon of ephemeral firefox with icons of popular extensions below it

Prereqs

Before proceeding, you must first execute the following prerequsites, which are detailed in my first post on setting up an Ephemeral Firefox.

sudo apt-get -y install firejail secure-delete
sudo firecfg --clean

Create Skeleton Directory

Because we build the Ephemeral Firefox profile directory on-the-fly, we need to build a base skeleton directory with the extensions we want and a few configuration files.

The commands below will create the skeleton directory, download a few basic extensions, rename them as needed for installation, and change the config to allow for automatic installation of extensions.

SKEL_PATH="$HOME/.mozilla/firefox/ephemeralFirefoxSkel"

# create skeleton directory for extensions, if necessary
[ ! -d "${SKEL_PATH}/extensions" ] && mkdir -p "${SKEL_PATH}/extensions"

# the name of the extensions found in this list must match the unique "slug" id
# of the extension as found in the URL. For example:
#   * https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/
extensions="https-everywhere ublock-origin cookie-autodelete privacy-badger17 chameleon-ext decentraleyes"

# for every extension, download it and rename it. For more info, see:
#   * https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Distribution_options/Sideloading_add-ons
cd "${SKEL_PATH}/extensions"
for slug in $extensions; do

   # download the file
   downloadFileName="addon-${slug}-latest.xpi"
   wget "https://addons.mozilla.org/firefox/downloads/latest/${slug}/${downloadFileName}"

   # rename the file; the required new name is found in the manifest.json file
   unzip -o "${downloadFileName}" manifest.json
   newFileName="`cat manifest.json | python -c "import sys, json; print json.load(sys.stdin)['applications']['gecko']['id']"`.xpi"
   rm manifest.json
   mv "${downloadFileName}" "${newFileName}"

done

# allow extensions to be installed without human confirmation for faster startup
cat > "${SKEL_PATH}/user.js" <<'EOF'
user_pref("extensions.autoDisableScopes", 0);
EOF

Create Ephemeral Firefox Script

Copy the following script into '$HOME/bin/ephemeralFirefox.sh', make it executable, and make sure '$HOME/bin' is in your $PATH

[ ! -d $HOME/bin/ ] && mkdir $HOME/bin
cat > $HOME/bin/ephemeralFirefox.sh <<'EOF'
#!/bin/bash
################################################################################
# Author:  Michael Altfield <michael@michaelaltfield.net>
# Created: 2019-03-03
# Updated: 2019-03-06
# Version: 0.2
# Purpose: Start an Ephemeral Firefox session with basic extensions
################################################################################

############
# SETTINGS #
############

TMP_PATH="$HOME/tmp/ephemeralFirefox"
SKEL_PATH="$HOME/.mozilla/firefox/ephemeralFirefoxSkel"

###############################
# CLEANUP OLD ORPHAN TMP DATA #
###############################

# loop through all the Ephemeral Firefox temp dirs
for tmpDir in $(find "${TMP_PATH}" -mindepth 1 -maxdepth 1 -type d); do
	# is this temp dir for an Ephemeral Firefox that's still running? Or is it no longer needed?
	if [[ -z `firejail --list | grep "${tmpDir}"` ]]; then
		# this temp dir is no longer needed; delete it
		echo "INFO: shredding data from old Ephemeral Firefox temp dir = ${tmpDir}"
		srm -rfll "${tmpDir}"
	fi
done

###################
# CREATE TEMP DIR #
###################

# first create a temp dir in our (hopefully encrypted) $HOME dir, if first run
[ ! -d "${TMP_PATH}" ] && mkdir -p "${TMP_PATH}"

# create temp dir for ephemeral session
tmpDir=`/bin/mktemp -p "$TMP_PATH" -d`
tmpProfileDir="${tmpDir}/firefoxProfile"
mkdir -p "${tmpProfileDir}"

echo "INFO: created Ephemeral Firefox temp profile dir = ${tmpProfileDir}"

###########################
# START EPHEMERAL FIREFOX #
###########################

# what should the homepage be?
url="${1}"
if [[ -z ${url} ]]; then
	url="https://start.duckduckgo.com"
fi

# prepare extensions
cp -r "${SKEL_PATH}/extensions" "${tmpProfileDir}/extensions"
cp -r "${SKEL_PATH}/browser-extension-data" ${tmpProfileDir}/
cp "${SKEL_PATH}/user.js" "${tmpProfileDir}/"
cp "${SKEL_PATH}/extensions.json" "${tmpProfileDir}/"

# try disabling 'seccomp' if you encounter issues
#firejail --ignore=seccomp --whitelist="${tmpProfileDir}" firefox -no-remote -new-instance -profile "${tmpProfileDir}" "${url}"

firejail --whitelist="${tmpProfileDir}" firefox -no-remote -new-instance -profile "${tmpProfileDir}" "${url}"

###########
# CLEANUP #
###########

# fast (secure enough) wipe of tmp dir 
srm -vrfll "${tmpDir}"

# clean exit
exit 0
EOF
chmod +x $HOME/bin/ephemeralFirefox.sh
PATH=$PATH:$HOME/bin

First Run Bootstrap

At this point you should be able to run `ephemeralFirefox.sh` in your shell, and it you'll get a Ephemeral Firefox session with all your extensions installed. But [a] your extensions won't be configured and [b] firefox will probably annoyingly start with a tab for each of the plugins' latest release notes.

We can clean this up a bit by copying a few items from the first run's temporary profile directory and permanently storing it to the skeleton directory created above like so:

First, delete any orphaned temp profile dirs that may be lingering around. Then kick-off the first-run Ephemeral Firefox.

srm -vrfll $HOME/tmp/ephemeralFirefox/*
ephemeralFirefox.sh
...

Then, in another terminal, copy the following items from the first-run Ephemeral Firefox's profile dir into the skeleton dir:

cp -r $HOME/tmp/ephemeralFirefox/tmp.*/firefoxProfile/browser-extension-data $HOME/.mozilla/firefox/ephemeralFirefoxSkel/
cp $HOME/tmp/ephemeralFirefox/tmp.*/firefoxProfile/extensions.json $HOME/.mozilla/firefox/ephemeralFirefoxSkel/

Now close the first-run Epheremal Firefox, and start a new one

user@host:~$ ephemeralFirefox.sh
...

Congratulations! Your Ephemeral Firefox session will now start with your basic extensions and user.js config.

Further Reading

This articles is part 2 of a 3-part series on Ephemeral Firefox. The other parts can be found here:

Related Posts

2 comments to Ephemeral Firefox with Extensions (2/3)

  • Max Lambda

    > TMP_PATH="$HOME/tmp/ephemeralFirefox"

    I tried to change this directory to /dev/shm and it doesn't work 🙁 , I receive this error.

    Child process initialized in 70.95 ms
    libGL error: MESA-LOADER: failed to retrieve device information
    libGL error: MESA-LOADER: failed to open amdgpu (search paths /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri)
    libGL error: failed to load driver: amdgpu
    libGL error: failed to open drm device: No such file or directory
    libGL error: failed to load driver: radeonsi
    ExceptionHandler::GenerateDump cloned child 27
    ExceptionHandler::SendContinueSignalToChild sent continue signal to child
    ExceptionHandler::WaitForContinueSignal waiting for continue signal...
    Gtk-Message: 20:30:10.157: GtkDialog mapped without a transient parent. This is discouraged.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>