Re-organise runtime flags

I don't like doing this too often, as it's quite
disruptive. But overall we have reduced the number
of flag files by five, and made things simpler.

The no-ipv6-probe and cypher-suit-blacklist files
are merged into a new network file. Several other
network-related flags have been moved from other
files to this one, as well as a new disable-quic
flag.

The following runtime flag files have been merged
into miscellaneous :-

disable-setuid-sandbox
load-extensions
ng-shape-cache

Flags to disable autoplay features, set disk cache
options and disable breakpad are also added to
the miscellaneous file.

The anti-phishing and anti-tracking files have
been merged into a new anti-phish-track file.

A new ui-enable-shared-image-cache-for-gpu flag
(disabled by default) is added to the gpu file.

Author: berkley4

debian/etc/chromium.d/anti-tracking renamed to debian/etc/chromium.d/anti-phish-track

@@ -1,5 +1,8 @@
-# Uncomment to enable anti-tracking mitigations
-# Note: this could potentially make you stand out even more from the crowd.
+### Note: you could potentially 'stand out from the crowd'
+###       by enabling some of these options
+
+# Convert Internationalized Domain Names to punycode (anti-phishing)
+#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --force-punycode-hostnames"
 
 # Disable pinging
 export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-pings"
@@ -10,10 +13,6 @@ export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --no-pings"
 # Disable automatic search engine scraping from webpages
 export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-search-engine-collection"
 
-# Disables GREASE for TLS (seems safe enough to set by default)
-# See https://github.com/ungoogled-software/ungoogled-chromium/issues/783 for more details
-export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-tls-grease"
-
 # Disable frequently-visited sites in the new tab page
 #export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-top-sites"
 
@@ -25,16 +24,6 @@ export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-tls-grease"
 #export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --fingerprinting-canvas-measuretext-noise"
 #export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --fingerprinting-client-rects-noise"
 
-# Limit referrer headers (choices: MinimalReferrers, NoCrossOriginReferrers, NoReferrers)
-#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --enable-features=MinimalReferrers"
-
-# WebRTC IP privacy
-# The builtin default (via an UC patch) is disable_non_proxied_udp)
-# Choices: default, default_public_and_private_interfaces,
-#          default_public_interface_only or disable_non_proxied_udp
-#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --webrtc-ip-handling-policy=disable_non_proxied_udp"
-
-
 # Disable OpenGL ES 3 APIs (prevents gpu info leakage; will also disable WebGL2)
 #export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-es3-apis"
 

debian/etc/chromium.d/anti-phishing

@@ -26,5 +26,8 @@ export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --enable-zero-copy"
 #export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --num-raster-threads=2"
 
 
+# Enables shared GPUImageDecodeCache for UI if gpu rasterization is enabled
+#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --ui-enable-shared-image-cache-for-gpu"
+
 # This might help with eg google streetview on very old GPUs
 #export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-accelerated-2d-canvas"

debian/etc/chromium.d/cypher-suit-blacklist

@@ -1,14 +1,27 @@
-# Valid values are 6 and 15
-#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --max-connections-per-host=15"
+# Disable setuid sandbox (should be used for debugging purposes onlu)
+#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-setuid-sandbox"
 
 # Don't display any warnings about not being the default browser
 export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --no-default-browser-check"
 
+# Disable breakpad (related to crash reporting)
+export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-breakpad"
+
 # Do not hide any extensions in the about:extensions dialog
 export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --show-component-extension-options"
 
+# Comment to disable NGShapeCache
+export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --enable-features=LayoutNGShapeCache"
+
+# Disable Autoplay features
+#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-features=PreloadMediaEngagementData,AutoplayIgnoreWebAudio,MediaEngagementBypassAutoplayPolicies"
+
+# Disk cache options (the cache size is in bytes)
+#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disk-cache-dir=/tmp/example"
+#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disk-cache-size=0"
+
 # For those on slow machines
 #export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --enable-low-end-device-mode"
 
-# Disable the builtin media router
-export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --media-router=0"
+# Uncomment to load all of the extensions installed to /usr/share/chromium/extensions
+#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --load-extension=$(ls -dm /usr/share/chromium/extensions/* 2>/dev/null | tr -d '\n')"

debian/etc/chromium.d/disable-setuid-sandbox

@@ -0,0 +1,26 @@
+# Disables GREASE for TLS (See UC issue #783 for more info)
+export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-tls-grease"
+
+# Valid values are 6 and 15
+#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --max-connections-per-host=15"
+
+# Disable probing for ipv6
+#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --enable-features=SetIpv6ProbeFalse"
+
+# Disable quic (https://sec-consult.com/blog/detail/better-dont-be-too-quick/)
+#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-quic"
+
+# Limit referrer headers (choices: MinimalReferrers, NoCrossOriginReferrers, NoReferrers)
+#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --enable-features=MinimalReferrers"
+
+# Disable weak cyphers (could break some websites)
+#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --cipher-suite-blacklist=0x000a,0x009c,0x009d,0x002f,0x0035"
+
+# WebRTC IP privacy
+#  - The builtin UC default ip handling policy is disable_non_proxied_udp
+#  - Choices: default, default_public_and_private_interfaces,
+#             default_public_interface_only or disable_non_proxied_udp
+#export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --webrtc-ip-handling-policy=default_public_interface_only"
+
+# Disable the builtin media router
+export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --media-router=0"