Defender app update (harbour-defender) - my very own ‘Sailfish Devember’

Applications
#21

You are welcome.
__ edit, regarding the ‘update loop’:
In case you have a few lists and StevenBlack list enabled, the update takes a long time, could be > 15 min. So be patient. __

And -as I guess I understood now how the configuration is propagated- we could exclude definitely not working lists.
__ done in v0.4.3 __

I cannot edit/wikify my first post, so we have to compile this info here (hopefully I can make this post to a wiki!?)

Not working lists:

Questionable (atm working again!):

  • StevenBlack hosts, unified (all)

Questionable (atm NOT working due to cert errror!):


And yes of course we could add other good lists. Just provide info about them like:

[stevenblack_unified]
Source = StevenBlack
hostsName = Unified hosts (adware + malware)
Info = https://github.com/StevenBlack/hosts/blob/master/readme.md
Url = https://raw.githubusercontent.com/StevenBlack/hosts/master
/hostsDescription = Composite hosts file of hosts files from a variety of sources like adaway.org, mvps.org, malwaredomainlist.com, someonewhocares.org, yoyo.org, and others
AltUrl = http://sbc.io/hosts/hosts
ZipUrl = https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts.zip
SourceEnabled = no

Oh, and as long as I can still edit this post here, I add the new link to the renamed openrepos page:
https://openrepos.net/content/peterleinchen/defender-ii-updated-encrypted-devices-originated-nodevel

6 Likes
Editing hosts & hosts.editable has no effect
#22

StevenBlack’s unified hosts file do work for me now again!
(after having reset and reconfigured my test device, for another scenario :wink: )

1 Like
#23

I tried this fork on my encrypted Xperia XA2 with Sailfish 4.0.1.48 and my device would not boot. I was able to fix it using ‘fastboot’ and the recovery image, but was wondering if anyone else has tried this with Sailfish 4?

#24

No problem here with an encrypted X.
Update to 4.0.1.48 went well with defender installed.

And survived some reboots and configuration changes (incl. uninstall/re-imstall).
Are you sure you took the defender app from my openrepps?
Did you change/installanything else?

I cannot confirm problems else one made by Jolla, see next post…

1 Like
Support for addons on the browser
For the love to privacy and security
#25

Hint for native sailfish browser user:

The hosts file is not taken into account by the sailjailed browser.You need to edit/etc/sailjail/permissions/Internet permissionsand add ‘,nsswitch.conf’ to the line starting with \private-etc’, until Jolla hopefully fixes this missing configuration…

2 Likes
#26

Yes, definitely used your fork directly from the OpenRepos website. I downloaded the RPM and installed it using the File Browser app. After rebooting and entering my PIN, the device just showed the spinning screen and never started the main UI.

#27

That would be strange as this sounds like the original (old/fixed) start issue.

And I would not claim it is working if I would not have tested. On an encrypted X. Updated to 4.0.1.48.

Also I do not see a difference between X and XA2 in this regard.

And also the possible difference in the admin user name (nemo/defaultuser) did not cause the boot loop.

Can someone else please confirm/deny this?

1 Like
#28

Hi Peterle. Sadly, regardless of what sources I have enabled, no cookies show up and no ads are blocked. I have added the line you mentioned in Internet.permission. Still no luck. X10 plus.

#29

The crazy thing it is still blocking ads in the browser in 4.0 on my Xperia 10. And you guy say it shouldn’t work without a patch. That’s weird. No I was wrong, the it doesn’t work with the new browser
@apozaf Are you sure you chose correct sources, Steven Black’s were not working for me again, maybe it is simply failing to synchronise them on your device?

#30

Hi Jacek, yes I have tried everything. Disabled StevenB, reinstall app, update, reboots… Maybe the host file has no write permission? At least cookies should show up. Did you update from 3 to 4 with defender installed?

#31

WARNING for all who downloaded v0.4.3 until now (around 20):I had an error in copying a file and this version will definitely bootloop on encrypted devices!So please do NOT reboot, but re-install or uninstall and install defender.Should be fixed now, but cannot test as my test device needs resetting (time!). Sorry.

For experienced:you may use recovery shell and edit sailfish-root::/etc/systemd/system/harbour-defender.pathand have a look at the [Install] section and copy the right command as WantedBy instruction.
Furthermore remove the following: /etc/systemd/system/default.target.wants/harbour-defender.path

https://openrepos.net/comment/36737#comment-36737


Okay, all-clear.
I found some time and did lots of testing.
The version 0.4.3 was only broken until around 0800 UTC. Then I replaced it with a fixed package having the same version number.
Sorry for any inconvenience that mght have occured.

2 Likes
#32

Above has nothing to do with apozaf’s problem.
Or even vansid’s which sounds still strange.
@vansid How did you update, install, in which order? Flashed image version and so on?

About the cookies not showing up:
this is again due to a changed location of browser files (see bookmark problem!) and I wanted to fix this in next release (before I noticed this dumb mistake in above post).

1 Like
#33

New version 0.5.1 will be released tomorrow.

Changelog

  • take care of changes in SFOS4
  • fix reading cookies.sqlite from new file location
  • hack for sailjailed browser not taking changed hosts file into account (nsswitch.conf problem)
  • more secure method at install time to have systemd not bootloop
    [ one scenario could still cause it: if you have defender installed on a non-encrypted device, (you upgrade this and) encrypt it, defender will have old systemd WantedBy references and cause your device to bootloop. Resolution: uninstall before encrypting and reinstall ]

Aaand released …

5 Likes
#34

@peterleinchen My XA2 was flashed to version 3.x, then OTA updated to Koli 4.0.1.45 then .48. After the upgrade, I installed your fork RPM.

I will try your new version when it’s released and post results here.

1 Like
#35

Again, this is strange!
I did more or less the same with the X.
Reset to 3.3 (auto encrypted on first boot), then OTA to 3.4 and 4.0.1.48.
Two times, with defender installed and installed only after being on 4.
And no issues.
Which 3 version you start from? >=3.3? Then it would be the same and I do not see any reason why it should bite you.
If it is <=3.2 then it might but I’d say only when upgrading with having defender installed (see changelog).

If you know how to handle recovery console you can get out of this situation (might it not happen again) with see above.

Version 0.5.1 is out of the house since this morning.
:slight_smile:

1 Like
#36

I installed 0.5.1 and it seems to work well on my encrypted XA2 with Koli 4.0.1.48. Ads are blocked on the native browser and I can reboot with no problems.

Thank you for your work on this!

1 Like
#37

Hi guys, worked great with fresh 4.0.xx on X10plus (a bit of uninstalling, installing, updating, rebooting…), but did not work on 3.4 X10. So I updated it to 4. Now it does not work, too. Maybe chmod 777 some files?

#38

Sounds like I did a good job? :wink:

.@apozaf

Could you elaborate on this?

To me this sounds more like some manual fiddling around?
So please provide some more info what you did, install which version, on which SFOS, in what sequence, which manual file fiddling etc

As I tested all that on a Jolla1/C, XA2 3.2 version (unencrypted), a X 3.3 / 3.4 / 4.0 (encrypted version). Gemini also confirmed.

But without knowing what does not work there is no chance to know if I may have missed some test case…

#39

Oh yes Peterleinchen, I did fiddle a lot :thinking:
My main phone is fiddled is so many ways, I would not know where to start :unamused:
I’d never blame you and will donate some bucks to you :wink: because you definately did a good job. Waiting for X10 II to reinstall from scratch

1 Like
#40

Just to signal a small bug in my case: by habbit, I always update all package before upgrading SFOS (in case some criticial bug that poses problems with the upgrade is fixed).

So in my case I had Harbour-defender 0.5.2 installed under SFOS 3.4.0 and only then upgraded to 4.0.1 Koli. The code you run to patch the Internet permissions is done at RPM installation time, so in my case it was already too late (was ran before, under 3.4.0. By the time 4.0.1 got installed there was no reason to retrigger the installation).

Suggestion:

  • could you add a quick check that would display a warning box under the GUI so people know to re-run the installation to trigger the edit ?
  • (That’s more for another dev-${MONTH}-er project:) maybe there is a way to provide the resolver of connman with a list of name so that it also serves them directly for any app that bypasses nsswitch/hosts (saddly I am not fluent at all in connman. I tend to use NetworkManager and dnsmasq everywhere).
  • warning to keep in mind for the next SFOS upgrade: as you did modify /etc/sailjail/permissions/Internet.permission, there a slight risk (depending on how jolla did setup their RPMs) that the upgrade doesn’t upgrade it directly, but instead creates Internet.permission.rpmnew counting on the user to overwrite the file. something to whatch out for.
2 Likes