Change to Chromium

charles8191 · Nov 27, 2024 · a11d9a9 · a11d9a9
1 parent 37cc7e8
commit a11d9a9
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 3 deletions.
diff --git a/Containerfile b/Containerfile
@@ -5,6 +5,8 @@ ADD net-privacy.conf /usr/lib/NetworkManager/conf.d/30-net-privacy.conf
 ADD chrony.conf /etc/chrony.conf
 ADD chrony.conf /usr/etc/chrony.conf
 ADD tunables.conf /usr/lib/sysctl.d/tunables.conf
+ADD browser.json /etc/chromium/policies/managed/browser.json
+ADD browser.json /usr/etc/chromium/policies/managed/browser.json
 RUN \
 set -x && \
 # hardened_malloc
@@ -22,10 +24,10 @@ sed -i 's,centos,netherite,g' /usr/lib/os-release && \
 sed -i 's,ID_LIKE="rhel fedora",ID_LIKE="rhel centos fedora",g' /usr/lib/os-release && \
 sed -i 's,issues.redhat.com,github.com/charles8191/netherite/issues,g' /usr/lib/os-release && \
 sed -i 's,REDHAT_SUPPORT_PRODUCT,JUNK_REDHAT_SUPPORT_PRODUCT,g' /usr/lib/os-release && \
-# Cromite
+# Chromium
 dnf install epel-release -y && \
 dnf config-manager --set-enabled crb && \
-dnf swap -y --nogpgcheck firefox https://github.com/charles8191/cromite/releases/download/continuous/output.rpm && \
+dnf swap -y firefox chromium && \
 # firewalld (breaks the kickstart if not present)
 dnf install firewalld -y && \
 # SCAP

diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@ Netherite is a secure & private operating system based on [Calcite](https://gith
 
 - [hardened_malloc](https://github.com/GrapheneOS/hardened_malloc) using [weekly binaries](https://github.com/charles8191/hardened_malloc)
 - Some remediations from ANSSI-BP-028 Minimal
-- [Cromite](https://www.cromite.org/) swapped instead of Firefox
+- Replace Firefox with Chromium, and some policies to make it more secure/private
 - Custom chrony config (time.grapheneos.org)
 - Custom kernel tunables
 - Modified `os-release` file

diff --git a/browser.json b/browser.json
@@ -0,0 +1,17 @@
+{
+	"DefaultSearchProviderName": "DuckDuckGo",
+	"DefaultSearchProviderKeyword": "duckduckgo.com",
+	"DefaultSearchProviderURL": "https://duckduckgo.com/?q={searchTerms}",
+	"DefaultSearchProviderSuggestURL": "https://ac.duckduckgo.com/ac/?q={searchTerms}&type=list",
+	"DefaultSearchProviderIconURL": "https://duckduckgo.com/favicon.ico",
+	"ExtensionInstallForcelist": ["ddkjiahejlhfcafbddmgiahcphecmpfh;https://clients2.google.com/service/update2/crx"],
+	"PasswordManagerEnabled": false,
+	"PasswordLeakDetectionEnabled": false,
+	"SafeBrowsingEnabled": false,
+	"NewTabPageLocation": "about:blank",
+	"DnsOverHttpsMode": "secure",
+	"DnsOverHttpsTemplates": "https://dns.quad9.net/dns-query",
+	"DefaultJavaScriptJitSetting": 2,
+	"HomepageIsNewTabPage": true,
+    "SyncDisabled": true
+}