Defender II - updated for encrypted devices (originated by nodevel)

Rating: 
5
Your rating: None Average: 5 (18 votes)

This is the enhanced but mainly original application Defender by nodevel , see (old, deprecated!): https://openrepos.net/content/nodevel/defender and its repository https://github.com/nodevel/harbour-defender

 

It was updated for devices with encrypted /home volume, on which it caused boot problems (of course it can also be used on unencrypted devices). And taken care of the new 'defaultuser'.

No more, no less (okay, here and there a bit more now ;)...

 

New forked repo (github) can now be found here: https://github.com/peterleinchen/harbour-defender

And for discussions (FSO ) see here: https://forum.sailfishos.org/t/defender-app-update-harbour-defender-my-v...

 

Application versions: 
AttachmentSizeDate
File harbour-defender-0.4.1-1.armv7hl.rpm83.88 KB23/11/2020 - 02:10
File harbour-defender-0.4.2-1.armv7hl.rpm84.19 KB02/12/2020 - 22:12
File harbour-defender-0.4.3-1.armv7hl.rpm84.29 KB24/02/2021 - 09:54
File harbour-defender-0.5.1-1.armv7hl.rpm85.02 KB25/02/2021 - 10:14
File harbour-defender-0.5.2-1.armv7hl.rpm85.03 KB01/03/2021 - 11:03
File harbour-defender-0.5.3-1.armv7hl.rpm85.32 KB16/03/2021 - 22:17
File harbour-defender-0.5.4-1.armv7hl.rpm85.82 KB25/03/2021 - 22:24
File harbour-defender-0.5.5-1.armv7hl.rpm85.85 KB27/03/2021 - 04:27
File harbour-defender-0.5.5-1.i486.rpm85.77 KB27/03/2021 - 10:29
File harbour-defender-0.5.5-1.aarch64.rpm79.53 KB15/05/2021 - 22:04
File harbour-defender-0.5.6-1.armv7hl.rpm86.38 KB06/06/2021 - 12:28
File harbour-defender-0.5.6-1.i486.rpm86.29 KB06/06/2021 - 12:28
File harbour-defender-0.5.6-1.aarch64.rpm79.8 KB06/06/2021 - 12:28
File harbour-defender-0.5.7-1.armv7hl.rpm88.5 KB12/11/2021 - 01:55
File harbour-defender-0.5.7-1.i486.rpm82.26 KB17/11/2021 - 19:12
File harbour-defender-0.5.7-1.aarch64.rpm82.23 KB17/11/2021 - 19:12
Changelog: 
Warning:
in case you are going to encrypt your device manually (only possible for some devices (Xs and XA2s) when having flashed SFOS <=3.2.1.20), please make sure you uninstall defender before the encryption/reboot and install again afterwards!
Information:
(deprecated as of SFOS 4.1.0.xx, fixed by Jolla),
note to myself --> remove on next OS release...
in case you upgraded from SFOS 3 to SFOS 4 having Defender already installed you might need to re-install (or uninstall and install again) to make sure you have the SFOS4 hack working to let the browser make use of the changed hosts file.

 

v0.5.7

- fixed handling of exception on resolvings hosts url (leading to 'update loop')

- added functionality (and pulley menu) to show an error log, in case it exists

- added creation of special lxc extra_config file to get the (native file system) /system/etc/hosts file bound into the Android (aliendalvik container) file system

- added funtionality (and pulley menu) to restart Android Support (needed to get the updates written to native hosts file read anew into the aliendalvik container)

- added new sources from oisd.nl (thanks to @dry1)

i486 and aarch64 build brought to you by courtesy of @orangecat

 

v0.5.6

- fixed the annoyance that sporadically the hosts file was reset to default values (caused by a cyclic update without internet connectivity, e.g. flight mode)

- added new Adware repositories of  GoodbyeAds (thanks to @orangecat), be aware that mixing repositories of bigger size may take looong time (even hours) so keep it running...

 

v0.5.5

- corrected version number and URL in spec file

- added support for i486 (Jolla tablet)

- provision of aarch64 (courtesy of @orangecat / FSO)

 

v0.5.4

- added version info into DocsPage

- added removal of 'update trigger' file on uninstallation

- added pulley menu for removal of 'update trigger' file
  (still a reboot or uninstall/install or `devel-su systemctl restart harbour-defender`might be needed)

 

v0.5.3

- fix the update loop, e.g. for community ports (where /system is mounted RO); import UnableToWriteHost exception and catch that situation on trying to write updated hosts file(s),

- added some small error logging writing to user space file /home/$USER/.config/harbour-defender

- fix rebuild_hosts to create a new blank default hosts file and save it correctly; NOT reading/copying the default /etc/hosts entries,

 

v0.5.2

- fix regarding the Disable (all) lists at once pulley menu, now the Disable functionality works and disables all lists

(small typo only which looks like was there from the early beginning ;)

 

v0.5.1

- take care of changes in SFOS4

- fix reading cookies.sqlite from new file location

- hack for sailjailed browser not taking changed hosts file into account (nsswitch.conf problem)

- more secure method at install time to have systemd not bootloop [ one scenario could still cause it: if you have defender installed on a non-encrypted device, (you upgrade this and) encrypt it, defender will have old systemd WantedBy references and cause your device to bootloop. Resolution: uninstall before encrypting and reinstall ]

 

v0.4.3

removed not anymore working lists from configuration

 

 v0.4.2

fixing the start issue of path unit which caused the infinite update loop

 

v0.4.1

take over from nodevel and fixing the boot loop on encrypted devices

as well as taking care of new default user name 'defaultuser' or old 'nemo'

 

Comments

delocoyo's picture

Awesome. Thanks for your work!!

delocoyo's picture

Hej. Defender is not working properly since upgrade to 4. When opening browser and get some cookies, opening afterwards defender it hasnt recognize any cookie at all. I dont use any adblock. Anyway, before in 3 , that was not meaning anything, cause defender could find out the cookies

peterleinchen's picture

Yes, known issue since yesterday night :)

https://forum.sailfishos.org/t/defender-app-update-harbour-defender-my-v...

 

Thanks for reporting. Will try to get out something this week(-end)...

peterleinchen's picture

All -clear again (v0.4.3 is good since around Feb, 24th 0800).

 

 

WARNING for all who downloaded v0.4.3 until now (around 20):

I had an error in copying a file and this version will definitely bootloop on encrypted devices!

So please do NOT reboot, but re-install or uninstall and install defender.

Should be fixed now, but cannot test as my test device needs resetting (time!).

 

Sorry.

 

For experienced:

you may use recovery shell and edit sailfish-root::

/etc/systemd/system/harbour-defender.pathand have a look at the [Install] section and copy the right command as WantedBy instruction.

Furthermore remove the following: /etc/systemd/system/default.target.wants/harbour-defender.path

 

 

apozaf's picture

Broken on 4.0

peterleinchen's picture

@apozaf

Could you please elaborate on your statement?

 

https://forum.sailfishos.org/t/defender-app-update-harbour-defender-my-v...

peterleinchen's picture

D*#n :( (it was just fixed)

firejail?

If anyone has an idea, step up...

peterleinchen's picture

@apozaf et al

Could you check in /etc/firejail or ~/.config/firejail for a profile (maybe default or sailfish-browser) for an entry like --hosts-file=...

Maybe a new simple hosts file is used?

(I do not have 4.0 yet)

Maximilian1st's picture

Is this helpful?

ls /etc/firejail/*rows*

/etc/firejail/abrowser.profile                   /etc/firejail/tor-browser-en.profile             /etc/firejail/tor-browser-tr.profile             /etc/firejail/tor-browser_id.profile
/etc/firejail/brave-browser-beta.profile         /etc/firejail/tor-browser-es-es.profile          /etc/firejail/tor-browser-vi.profile             /etc/firejail/tor-browser_is.profile
/etc/firejail/brave-browser-dev.profile          /etc/firejail/tor-browser-es.profile             /etc/firejail/tor-browser-zh-cn.profile          /etc/firejail/tor-browser_it.profile
/etc/firejail/brave-browser-nightly.profile      /etc/firejail/tor-browser-fa.profile             /etc/firejail/tor-browser-zh-tw.profile          /etc/firejail/tor-browser_ja.profile
/etc/firejail/brave-browser-stable.profile       /etc/firejail/tor-browser-fr.profile             /etc/firejail/tor-browser.profile                /etc/firejail/tor-browser_ka.profile
/etc/firejail/brave-browser.profile              /etc/firejail/tor-browser-ga-ie.profile          /etc/firejail/tor-browser_ar.profile             /etc/firejail/tor-browser_ko.profile
/etc/firejail/chromium-browser.profile           /etc/firejail/tor-browser-he.profile             /etc/firejail/tor-browser_ca.profile             /etc/firejail/tor-browser_nb.profile
/etc/firejail/iridium-browser.profile            /etc/firejail/tor-browser-hu.profile             /etc/firejail/tor-browser_cs.profile             /etc/firejail/tor-browser_nl.profile
/etc/firejail/otter-browser.profile              /etc/firejail/tor-browser-id.profile             /etc/firejail/tor-browser_da.profile             /etc/firejail/tor-browser_pl.profile
/etc/firejail/qutebrowser.profile                /etc/firejail/tor-browser-is.profile             /etc/firejail/tor-browser_de.profile             /etc/firejail/tor-browser_pt-BR.profile
/etc/firejail/sqlitebrowser.profile              /etc/firejail/tor-browser-it.profile             /etc/firejail/tor-browser_el.profile             /etc/firejail/tor-browser_ru.profile
/etc/firejail/start-tor-browser.desktop.profile  /etc/firejail/tor-browser-ja.profile             /etc/firejail/tor-browser_en-US.profile          /etc/firejail/tor-browser_sv-SE.profile
/etc/firejail/start-tor-browser.profile          /etc/firejail/tor-browser-ka.profile             /etc/firejail/tor-browser_en.profile             /etc/firejail/tor-browser_tr.profile
/etc/firejail/tor-browser-ar.profile             /etc/firejail/tor-browser-ko.profile             /etc/firejail/tor-browser_es-ES.profile          /etc/firejail/tor-browser_vi.profile
/etc/firejail/tor-browser-ca.profile             /etc/firejail/tor-browser-nb.profile             /etc/firejail/tor-browser_es.profile             /etc/firejail/tor-browser_zh-CN.profile
/etc/firejail/tor-browser-cs.profile             /etc/firejail/tor-browser-nl.profile             /etc/firejail/tor-browser_fa.profile             /etc/firejail/tor-browser_zh-TW.profile
/etc/firejail/tor-browser-da.profile             /etc/firejail/tor-browser-pl.profile             /etc/firejail/tor-browser_fr.profile             /etc/firejail/torbrowser-launcher.profile
/etc/firejail/tor-browser-de.profile             /etc/firejail/tor-browser-pt-br.profile          /etc/firejail/tor-browser_ga-IE.profile          /etc/firejail/tvbrowser.profile
/etc/firejail/tor-browser-el.profile             /etc/firejail/tor-browser-ru.profile             /etc/firejail/tor-browser_he.profile             /etc/firejail/uzbl-browser.profile
/etc/firejail/tor-browser-en-us.profile          /etc/firejail/tor-browser-sv-se.profile          /etc/firejail/tor-browser_hu.profile             /etc/firejail/yandex-browser.profile

 

more /etc/firejail/default.profile
# Firejail profile for default
# This file is overwritten after every install/update
# Persistent local customizations
include default.local
# Persistent global definitions
include globals.local

# generic gui profile
# depending on your usage, you can enable some of the commands below:

include disable-common.inc
# include disable-devel.inc
# include disable-exec.inc
# include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
# include disable-write-mnt.inc
# include disable-xdg.inc

# include whitelist-common.inc
# include whitelist-usr-share-common.inc
# include whitelist-runuser-common.inc
# include whitelist-var-common.inc

# apparmor
caps.drop all
# ipc-namespace
# machine-id
# net none
netfilter
# no3d
# nodvd
# nogroups
nonewprivs
noroot
# nosound
# notv
# nou2f
# novideo
protocol unix,inet,inet6
seccomp
# shell none
# tracelog

# disable-mnt
# private
# private-bin program
# private-cache
# private-dev
# see /usr/share/doc/firejail/profile.template for more common private-etc paths.
# private-etc alternatives,fonts,machine-id
# private-lib
# private-opt none
# private-tmp

# dbus-user none
# dbus-system none

# memory-deny-write-execute
# read-only ${HOME}

 

peterleinchen's picture

Not really, I am afraid. ;) But definitely thank you anyway.

 

Could you show content of internet.profile, please? (if on 4.0.1.48)

private-etc should contain nsswitch.conf

If not Jolla may not have noticed. You may add it and test?

pvcn's picture

Thank you so much! Now, the native Browser is usable again ☺

dirksche's picture

Thanks a lot for your work

trial's picture

Installation on Xperia X still not possible. Any suggestions?

peterleinchen's picture

No, not really. Without any info?

Maybe this repo not enabled and still having nodevel's enabled?

And there were/are no installation problems known...

peterleinchen's picture

Maybe see here in case of package cache refresh necessary or some conflicts of defender (e.g. adhosts) still installed.

lxmx's picture

Thank you!!

apozaf's picture

This is famtastic news! Thx a lot dear dev.

Pages