Defender II - updated for encrypted devices (originated by nodevel)

Your rating: None Average: 5 (13 votes)

This is the enhanced but mainly original application Defender by nodevel , see (old, deprecated!): and its repository


It was updated for devices with encrypted /home volume, on which it caused boot problems (of course it can also be used on unencrypted devices). And taken care of the new 'defaultuser'.

No more, no less (okay, here and there a bit more now ;)...


New forked repo (github) can now be found here:

And for discussions (FSO ) see here:


Application versions: 
File harbour-defender-0.4.1-1.armv7hl.rpm83.88 KB23/11/2020 - 02:10
File harbour-defender-0.4.2-1.armv7hl.rpm84.19 KB02/12/2020 - 22:12
File harbour-defender-0.4.3-1.armv7hl.rpm84.29 KB24/02/2021 - 09:54
File harbour-defender-0.5.1-1.armv7hl.rpm85.02 KB25/02/2021 - 10:14
File harbour-defender-0.5.2-1.armv7hl.rpm85.03 KB01/03/2021 - 11:03
File harbour-defender-0.5.3-1.armv7hl.rpm85.32 KB16/03/2021 - 22:17
File harbour-defender-0.5.4-1.armv7hl.rpm85.82 KB25/03/2021 - 22:24
File harbour-defender-0.5.5-1.armv7hl.rpm85.85 KB27/03/2021 - 04:27
File harbour-defender-0.5.5-1.i486.rpm85.77 KB27/03/2021 - 10:29
in case you are going to encrypt your device manually (only possible for some devices (Xs and XA2s) when having flashed SFOS <=, please make sure you uninstall defender before the encryption/reboot and install again afterwards!
in case you upgraded from SFOS 3 to SFOS 4 having Defender already installed you might need to re-install (or uninstall and install again) to make sure you have the SFOS4 hack working to let the browser make use of the changed hosts file.



- corrected version number and URL in spec file

- added support for i486 (Jolla tablet)



- added version info into DocsPage

- added removal of 'update trigger' file on uninstallation

- added pulley menu for removal of 'update trigger' file
  (still a reboot or uninstall/install or `devel-su systemctl restart harbour-defender`might be needed)



- fix the update loop, e.g. for community ports (where /system is mounted RO); import UnableToWriteHost exception and catch that situation on trying to write updated hosts file(s),

- added some small error logging writing to user space file /home/$USER/.config/harbour-defender

- fix rebuild_hosts to create a new blank default hosts file and save it correctly; NOT reading/copying the default /etc/hosts entries,



- fix regarding the Disable (all) lists at once pulley menu, now the Disable functionality works and disables all lists

(small typo only which looks like was there from the early beginning ;)



- take care of changes in SFOS4

- fix reading cookies.sqlite from new file location

- hack for sailjailed browser not taking changed hosts file into account (nsswitch.conf problem)

- more secure method at install time to have systemd not bootloop [ one scenario could still cause it: if you have defender installed on a non-encrypted device, (you upgrade this and) encrypt it, defender will have old systemd WantedBy references and cause your device to bootloop. Resolution: uninstall before encrypting and reinstall ]



removed not anymore working lists from configuration



fixing the start issue of path unit which caused the infinite update loop



take over from nodevel and fixing the boot loop on encrypted devices

as well as taking care of new default user name 'defaultuser' or old 'nemo'



ddobrev's picture

Your work is so outstanding that I'd like to make it even better. :) I have some bug reports for you, what's the best way to send them? You seem to have disabled issues at github.

peterleinchen's picture

Thanks. TBH I did not really think to take over maintainership, just wanted to get it working again (even I still use an unencrypted device).

I did not think about issues on github, standard forking was done.

Preferably you might report issues via a PR! ;)

But meanwhile you could use FSO for exchange.

mak_rev's picture

Hi, thank you for your work.
I have an issue with the sources. The sources don't get updated. The process never stops. Any one has noticed the same issue?

ferlanero's picture

Same here on a XA2 with an oficial SailfishOS 4.0.1 installed

peterleinchen's picture

Cannot reproduce with XA2 (3.2.1) nor with X nor Tablet (4.0.1).

If you select several sources the update (checking for duplicates) can take quite long. Maybe just give it enough time, could be up to 15 minutes or even longer..


Pldase check your user dir .config/harbour-update/ for any err.log file or start harbour-defender from console and look for any logging...

peterleinchen's picture

A 'bit' more info would be nice.



Using latest 0.5.3 version?

Device? SFOS version? Community port, free/paid license? Using Android?


What exactly are the steps you take?


rm ~/.config/harbour-defender/update

or see

from to

mak_rev's picture

I have a Xx with SFOS 4. 

It was 0.5.3. Now its 0.5.5

I just go on "update now"
Sources: Yoyos;; MVPS

I have removed rm ~/.config/harbour-defender/update. It didnt help

peterleinchen's picture

As said, I cannot reproduce this on XA2 (3.2.1), X (4.0.1), tablet (3.4.0).


Did you modify /etc/hosts manually and possibly screwed permissions?

ls -al /etc/hosts* /system/etc/hosts*

Should be for all: -rw-r--r-- 1 root root

as already was the case in the FSO thread.


Please check also for .config/harbour-defender/err.log or let me know some more details, console output...

ferlanero's picture

Could you packge an i486 version for the tablet, please? This program is so useful to navigate without interruptions! Thank you in advance.

peterleinchen's picture

And here we go (i486)...

ferlanero's picture

Thank you very much for adding the i486 support!!

peterleinchen's picture

Let's see...


As there are now also quite a few bug fixes involved I may think about supporting the tablet as well.

But meanwhile all tablet users are safe with using nodevel's original version.



damoleon's picture

hello, can I install 0.5.2 directly on sf ? when pressing "install" it says "problem with installing".



peterleinchen's picture

Yes, definitely.

Are you installing via Storeman? Tap fly-in banner and it will rwveal some more details.

Or via cli: devel-su pkcon install harbour-defender

damoleon's picture

I've downloaded the rpm from this same page :/


from terminal, if I run devel-su pkcon install harbour-defender, it says : "no packages were found"



peterleinchen's picture

Okay, this will not work.

Either use storeman (by osetr) and enable my repository.

Or download from here and use

devel-su pkcon install-local harbour-defender-0.5.2-1.armv7hl.rpm

damoleon's picture

Thanks ! I have the message though : fatal error : harbour-defender-0.5.2-1.armv7hl.rpm conflicts with sailfishos-hosts-adblock provided by sailfishos-hosts-adblock-0.4-1noarch

I probably tried a different adblocker previously a long time ago but cannot recall how to remove  it. Thanks for yourtime if you have a hint :)

Have a nice day

peterleinchen's picture

devel-su pkcon remove sailfishos-hosts-adblocker noadshosts

damoleon's picture

thanks you very much !! I managed to install it.

delocoyo's picture

Awesome. Thanks for your work!!

delocoyo's picture

Hej. Defender is not working properly since upgrade to 4. When opening browser and get some cookies, opening afterwards defender it hasnt recognize any cookie at all. I dont use any adblock. Anyway, before in 3 , that was not meaning anything, cause defender could find out the cookies

peterleinchen's picture

Yes, known issue since yesterday night :)


Thanks for reporting. Will try to get out something this week(-end)...

peterleinchen's picture

All -clear again (v0.4.3 is good since around Feb, 24th 0800).



WARNING for all who downloaded v0.4.3 until now (around 20):

I had an error in copying a file and this version will definitely bootloop on encrypted devices!

So please do NOT reboot, but re-install or uninstall and install defender.

Should be fixed now, but cannot test as my test device needs resetting (time!).




For experienced:

you may use recovery shell and edit sailfish-root::

/etc/systemd/system/harbour-defender.pathand have a look at the [Install] section and copy the right command as WantedBy instruction.

Furthermore remove the following: /etc/systemd/system/



apozaf's picture

Broken on 4.0

peterleinchen's picture


Could you please elaborate on your statement?

peterleinchen's picture

D*#n :( (it was just fixed)


If anyone has an idea, step up...

peterleinchen's picture

@apozaf et al

Could you check in /etc/firejail or ~/.config/firejail for a profile (maybe default or sailfish-browser) for an entry like --hosts-file=...

Maybe a new simple hosts file is used?

(I do not have 4.0 yet)

Maximilian1st's picture

Is this helpful?

ls /etc/firejail/*rows*

/etc/firejail/abrowser.profile                   /etc/firejail/tor-browser-en.profile             /etc/firejail/tor-browser-tr.profile             /etc/firejail/tor-browser_id.profile
/etc/firejail/brave-browser-beta.profile         /etc/firejail/tor-browser-es-es.profile          /etc/firejail/tor-browser-vi.profile             /etc/firejail/tor-browser_is.profile
/etc/firejail/brave-browser-dev.profile          /etc/firejail/tor-browser-es.profile             /etc/firejail/tor-browser-zh-cn.profile          /etc/firejail/tor-browser_it.profile
/etc/firejail/brave-browser-nightly.profile      /etc/firejail/tor-browser-fa.profile             /etc/firejail/tor-browser-zh-tw.profile          /etc/firejail/tor-browser_ja.profile
/etc/firejail/brave-browser-stable.profile       /etc/firejail/tor-browser-fr.profile             /etc/firejail/tor-browser.profile                /etc/firejail/tor-browser_ka.profile
/etc/firejail/brave-browser.profile              /etc/firejail/tor-browser-ga-ie.profile          /etc/firejail/tor-browser_ar.profile             /etc/firejail/tor-browser_ko.profile
/etc/firejail/chromium-browser.profile           /etc/firejail/tor-browser-he.profile             /etc/firejail/tor-browser_ca.profile             /etc/firejail/tor-browser_nb.profile
/etc/firejail/iridium-browser.profile            /etc/firejail/tor-browser-hu.profile             /etc/firejail/tor-browser_cs.profile             /etc/firejail/tor-browser_nl.profile
/etc/firejail/otter-browser.profile              /etc/firejail/tor-browser-id.profile             /etc/firejail/tor-browser_da.profile             /etc/firejail/tor-browser_pl.profile
/etc/firejail/qutebrowser.profile                /etc/firejail/tor-browser-is.profile             /etc/firejail/tor-browser_de.profile             /etc/firejail/tor-browser_pt-BR.profile
/etc/firejail/sqlitebrowser.profile              /etc/firejail/tor-browser-it.profile             /etc/firejail/tor-browser_el.profile             /etc/firejail/tor-browser_ru.profile
/etc/firejail/start-tor-browser.desktop.profile  /etc/firejail/tor-browser-ja.profile             /etc/firejail/tor-browser_en-US.profile          /etc/firejail/tor-browser_sv-SE.profile
/etc/firejail/start-tor-browser.profile          /etc/firejail/tor-browser-ka.profile             /etc/firejail/tor-browser_en.profile             /etc/firejail/tor-browser_tr.profile
/etc/firejail/tor-browser-ar.profile             /etc/firejail/tor-browser-ko.profile             /etc/firejail/tor-browser_es-ES.profile          /etc/firejail/tor-browser_vi.profile
/etc/firejail/tor-browser-ca.profile             /etc/firejail/tor-browser-nb.profile             /etc/firejail/tor-browser_es.profile             /etc/firejail/tor-browser_zh-CN.profile
/etc/firejail/tor-browser-cs.profile             /etc/firejail/tor-browser-nl.profile             /etc/firejail/tor-browser_fa.profile             /etc/firejail/tor-browser_zh-TW.profile
/etc/firejail/tor-browser-da.profile             /etc/firejail/tor-browser-pl.profile             /etc/firejail/tor-browser_fr.profile             /etc/firejail/torbrowser-launcher.profile
/etc/firejail/tor-browser-de.profile             /etc/firejail/tor-browser-pt-br.profile          /etc/firejail/tor-browser_ga-IE.profile          /etc/firejail/tvbrowser.profile
/etc/firejail/tor-browser-el.profile             /etc/firejail/tor-browser-ru.profile             /etc/firejail/tor-browser_he.profile             /etc/firejail/uzbl-browser.profile
/etc/firejail/tor-browser-en-us.profile          /etc/firejail/tor-browser-sv-se.profile          /etc/firejail/tor-browser_hu.profile             /etc/firejail/yandex-browser.profile


more /etc/firejail/default.profile
# Firejail profile for default
# This file is overwritten after every install/update
# Persistent local customizations
include default.local
# Persistent global definitions
include globals.local

# generic gui profile
# depending on your usage, you can enable some of the commands below:

# include
# include
# include
# include
# include

# include
# include
# include
# include

# apparmor
caps.drop all
# ipc-namespace
# machine-id
# net none
# no3d
# nodvd
# nogroups
# nosound
# notv
# nou2f
# novideo
protocol unix,inet,inet6
# shell none
# tracelog

# disable-mnt
# private
# private-bin program
# private-cache
# private-dev
# see /usr/share/doc/firejail/profile.template for more common private-etc paths.
# private-etc alternatives,fonts,machine-id
# private-lib
# private-opt none
# private-tmp

# dbus-user none
# dbus-system none

# memory-deny-write-execute
# read-only ${HOME}


peterleinchen's picture

Not really, I am afraid. ;) But definitely thank you anyway.


Could you show content of internet.profile, please? (if on

private-etc should contain nsswitch.conf

If not Jolla may not have noticed. You may add it and test?

pvcn's picture

Thank you so much! Now, the native Browser is usable again ☺