From 2a9d31c9422de3d7486da6c2ef3e15c3496c7e69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Batista?= Date: Wed, 15 Jul 2020 17:24:04 -0300 Subject: [PATCH] gnu: Add torbrowser-unbundle. To: guix-patches@gnu.org * gnu/packages/tor.scm (torbrowser-unbundle): New variable. --- gnu/packages/tor.scm | 634 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 633 insertions(+), 1 deletion(-) diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm index c852c54a5b..528a528403 100644 --- a/gnu/packages/tor.scm +++ b/gnu/packages/tor.scm @@ -49,7 +49,49 @@ #:use-module (gnu packages qt) #:use-module (gnu packages autotools) #:use-module (gnu packages tls) - #:use-module (gnu packages w3m)) + #:use-module (gnu packages w3m) + ;; New flags start here. Verify if they are all needed. + #:use-module ((srfi srfi-1) #:hide (zip)) + #:use-module (ice-9 match) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix gexp) + #:use-module (guix store) + #:use-module (guix monads) + #:use-module (guix build-system cargo) + #:use-module (guix build-system trivial) + #:use-module (gnu packages admin) + #:use-module (gnu packages audio) + #:use-module (gnu packages autotools) + #:use-module (gnu packages bash) + #:use-module (gnu packages databases) + #:use-module (gnu packages glib) + #:use-module (gnu packages gtk) + #:use-module (gnu packages gnome) + #:use-module (gnu packages libcanberra) + #:use-module (gnu packages cups) + #:use-module (gnu packages kerberos) + #:use-module (gnu packages perl) + #:use-module (gnu packages compression) + #:use-module (gnu packages fontutils) + #:use-module (gnu packages libreoffice) ;for hunspell + #:use-module (gnu packages image) + #:use-module (gnu packages libffi) + #:use-module (gnu packages pulseaudio) + #:use-module (gnu packages node) + #:use-module (gnu packages xorg) + #:use-module (gnu packages gl) + #:use-module (gnu packages assembly) + #:use-module (gnu packages rust) + #:use-module (gnu packages rust-apps) + #:use-module (gnu packages llvm) + #:use-module (gnu packages nss) + #:use-module (gnu packages icu4c) + #:use-module (gnu packages video) + #:use-module (gnu packages xiph) + #:use-module (gnu packages xdisorg) + #:use-module (gnu packages readline) + #:use-module (gnu packages vim) ; for xxd + #:use-module (gnu packages sqlite)) (define-public tor (package @@ -324,3 +366,593 @@ statistics and status reports on: Potential client and exit connections are scrubbed of sensitive information.") (license license:gpl3+))) + +;; Imported from gnuzilla.scm, make it public there? +(define* (computed-origin-method gexp-promise hash-algo hash + #:optional (name "source") + #:key (system (%current-system)) + (guile (default-guile))) + "Return a derivation that executes the G-expression that results +from forcing GEXP-PROMISE." + (mlet %store-monad ((guile (package->derivation guile system))) + (gexp->derivation (or name "computed-origin") + (force gexp-promise) + #:graft? #f ;nothing to graft + #:system system + #:guile-for-build guile))) + +(define %torbrowser-version "68.10.0esr-9.5-1") +(define %torbrowser-build-id "20200709000000") ;must be of the form YYYYMMDDhhmmss + +;; (Un)fortunatly TorBrowser has it's own reproducible build system - RBM - which +;; automates the build process for them and compiles TorBrowser from a range of +;; repositories and produces a range of tarballs for different architectures and +;; locales. So we need to nit-pick what is needed for guix and produce our own +;; tarball. See https://gitweb.torproject.org/builders/tor-browser-build.git/projects/\ +;; {tor-browser,firefox}/{build,config} for the rationale applied here. When built from its +;; unpatched repo, the 'mozconfig' is different and it errors out on missing +;; torbutton source code. If we patch 'toolkit/moz.build', it compiles successfuly +;; but the browser does not run and even if it ran, it would be missing most of +;; its funcionality. See also the Hacking on TorBrowser document for a high level +;; introduction (https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking). +;; +;; WARNING: For now it still lacks the bundled fonts, obfs4 bridge and locales. +;; If used on level below safest, the browser accessible fonts are fingerprintable. +;; On safest, it doesn't seem to be distinguishable from upstream bundle according +;; to https://panopticlick.eff.org. To access some features, users need to +;; configure the ControlPort and HashedControlPassword in system torrc and set +;; TOR_CONTROL_PASSWD accordingly before launching the Browser (ControlPort defaults to +;; 9051). Without this, the browser will work (try https://check.torproject.org) but +;; user is presented with a startup page that tells something is wrong. +(define torbrowser-source + (let* ((torbrowser-commit "75c2bb720d4ceb76231e8ecc3455754bf05ba19b") + (torbrowser-version %torbrowser-version) + (upstream-torbrowser-source + (origin + (method git-fetch) + (uri (git-reference + (url "https://git.torproject.org/tor-browser.git") + (commit torbrowser-commit))) + (file-name (git-file-name "tor-browser" torbrowser-version)) + ;; Substitute for hash syntax. + (sha256 + (base32 + "19sk46k2bqa72il46pdl534nk2g3fi6l7m7kbglddccxv19ck0k4")))) + + ;; Not used yet, mainly useful for references and for a patched start-tor-browser + ;; script in the near future. + (torbrowser-build-commit "e94ba3a7677f7051a14b2304427ec8393a450fdc") + (torbrowser-build-version "9.5") + (upstream-torbrowser-build-source + (origin + (method git-fetch) + (uri (git-reference + (url "https://git.torproject.org/builders/tor-browser-build.git") + (commit torbrowser-build-commit))) + (file-name (git-file-name "tor-browser-build" torbrowser-build-version)) + ;; Substitute for hash syntax. + (sha256 + (base32 + "1jgkrsckcjgr1lgcwahzdrcasmpghs2ppz6w80fya89pa5d6r0gv")))) + + (torbutton-commit "ebe2bedab44e38f18c7968bd327d99eef7660f34") + (torbutton-version "9.5") + (upstream-torbutton-source + (origin + (method git-fetch) + (uri (git-reference + (url "https://git.torproject.org/torbutton.git") + (commit torbutton-commit))) + (file-name (git-file-name "torbutton" torbutton-version)) + ;; Substitute for hash syntax. + (sha256 + (base32 + "03xdyszab1a8j98xv6440v4lq58jkfqgmhxc2a62qz8q085d2x83")))) + + (tor-launcher-commit "b4838d339a84c5ebebd91a0ba6b22d44ecda97b1") + (tor-launcher-version "0.2.21") + (upstream-tor-launcher-source + (origin + (method git-fetch) + (uri (git-reference + (url "https://git.torproject.org/tor-launcher.git") + (commit tor-launcher-commit))) + (file-name (git-file-name "tor-launcher" tor-launcher-version)) + ;; Substitute for hash syntax. + (sha256 + (base32 + "0xxwyw1j6dkm2a24kg1564k701p5ikfzs1f9n0gflvlzz9427haf")))) + + ;; TorBrowser uses its own git repo but it appears to be unpatched from upstream + ;; and it does no provide a tarball, so let's try upstream for now. + (https-everywhere-version "2020.5.20") + (upstream-https-everywhere-source + (origin + (method url-fetch) + (uri (string-append "https://github.com/EFForg/https-everywhere/archive/" + https-everywhere-version ".tar.gz")) + ;; Substitute for hash syntax. + (sha256 + (base32 + "027lga3z0a4d7s95id861das7g0k29p7pqh9xd77jm87f7w4l763")))) + + ;; TorBrowser 9.5.1 actualy uses v11.0.32, but let's get latest release. + ;; TorProject uses the .xpi instead of compiling the source code. + (noscript-xpi-version "11.0.34") + (upstream-noscript-xpi + (origin + (method url-fetch) + (uri (string-append "https://secure.informaction.com/download/releases/noscript-" + noscript-xpi-version ".xpi")) + (sha256 + (base32 + "0y45925ms2bk9d42zbgwcdb2sif8kqlbaflkz15q08gi7vgki6km")))) + + ;; Not used for now. It uses curl to update TLDs at build time which will make + ;; the build unreproducible. Also it uses LWM::Simple module which is not available + ;; on guix. Moreover, it complains about perl not having regexp capabilities. Patch + ;; build script, translate it to guile or just use the .xpi as upstream does? + (noscript-version "11.0.34") + (upstream-noscript-source + (origin + (method url-fetch) + (uri (string-append "https://github.com/hackademix/noscript/archive/" + noscript-version ".tar.gz")) + ;; Substitute for hash syntax. + (sha256 + (base32 + "1amhdwc62cnp1i7vx4zyqd7iyj52rcr5ks9a39viczpqgfgk7hfy"))))) + + ;; Now we bundle the grabbed sources. + (origin + (method computed-origin-method) + (file-name (string-append "torbrowser-" %torbrowser-version ".tar.xz")) + (sha256 #f) + (uri + (delay + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (let ((torbrowser-dir (string-append "torbrowser-" #$torbrowser-version)) + (torbutton-dir "toolkit/torproject/torbutton") + (tor-launcher-dir "browser/extensions/tor-launcher") + (tbb-scripts-dir "tbb-scripts") + (https-everywhere "https-everywhere.tar.gz") + (noscript "noscript.tar.gz") + (noscript-xpi "noscript.xpi")) + + (set-path-environment-variable + "PATH" '("bin") + (list #+(canonical-package bash) + #+(canonical-package xz) + #+(canonical-package tar))) + + (format #t "Copying torbrowser source to writable path ...~%") + (force-output) + (copy-recursively #+upstream-torbrowser-source + torbrowser-dir + #:log (%make-void-port "w")) + + (with-directory-excursion torbrowser-dir + (format #t "Setting torbutton to writable...~%") + (force-output) + (make-file-writable torbutton-dir) + + (format #t "Copying torbutton source to torbrowser...~%") + (force-output) + (copy-recursively #+upstream-torbutton-source + torbutton-dir + #:log (%make-void-port "w")) + + (format #t "Copying tor-launcher source to torbrowser...~%") + (force-output) + (copy-recursively #+upstream-tor-launcher-source + tor-launcher-dir + #:log (%make-void-port "w")) + + (format #t "Copying tor-browser-build source to torbrowser...~%") + (force-output) + (mkdir tbb-scripts-dir) + (copy-recursively #+upstream-torbrowser-build-source + tbb-scripts-dir + #:log (%make-void-port "w")) + + (format #t "Copying https-everywhere source to torbrowser...~%") + (force-output) + (copy-file #+upstream-https-everywhere-source + https-everywhere) + + (format #t "Copying noscript source to torbrowser...~%") + (force-output) + (copy-file #+upstream-noscript-source + noscript) + + (format #t "Copying noscript xpi to torbrowser...~%") + (force-output) + (copy-file #+upstream-noscript-xpi + "noscript.xpi")) + + (invoke "tar" "cvfa" #$output + ;; Avoid non-determinism in the archive. For now just copy icecat timestamp. + "--mtime=@315619200" ; 1980-01-02 UTC + "--owner=root:0" + "--group=root:0" + "--sort=name" + torbrowser-dir) + #t)))))))) + +(define-public torbrowser-unbundle + (package + (name "torbrowser-unbundle") + (version %torbrowser-version) + (source torbrowser-source) + (build-system gnu-build-system) + (inputs + `(("alsa-lib" ,alsa-lib) + ("bzip2" ,bzip2) + ("cups" ,cups) + ("dbus-glib" ,dbus-glib) + ("gdk-pixbuf" ,gdk-pixbuf) + ("glib" ,glib) + ("gtk+" ,gtk+) + ("gtk+-2" ,gtk+-2) + ("graphite2" ,graphite2) + ("pango" ,pango) + ("freetype" ,freetype) + ("harfbuzz" ,harfbuzz) + ("libcanberra" ,libcanberra) + ("libgnome" ,libgnome) + ("libjpeg-turbo" ,libjpeg-turbo) + ("libogg" ,libogg) + ;; ("libtheora" ,libtheora) ; wants theora-1.2, not yet released + ("libvorbis" ,libvorbis) + ("libxft" ,libxft) + ("libevent" ,libevent) + ("libxinerama" ,libxinerama) + ("libxscrnsaver" ,libxscrnsaver) + ("libxcomposite" ,libxcomposite) + ("libxt" ,libxt) + ("libffi" ,libffi) + ("ffmpeg" ,ffmpeg) + ("libvpx" ,libvpx) + ("icu4c" ,icu4c) + ("pixman" ,pixman) + ("pulseaudio" ,pulseaudio) + ("mesa" ,mesa) + ("mit-krb5" ,mit-krb5) + ;; See + ;; and related comments in the 'remove-bundled-libraries' phase. + ;; UNBUNDLE-ME! ("nspr" ,nspr) + ;; UNBUNDLE-ME! ("nss" ,nss) + ("shared-mime-info" ,shared-mime-info) + ("sqlite" ,sqlite) + ("startup-notification" ,startup-notification) + ("unzip" ,unzip) + ("zip" ,zip) + ("zlib" ,zlib))) + (native-inputs + `(("patch" ,(canonical-package patch)) + ("rust" ,rust) + ("cargo" ,rust "cargo") + ("rust-cbindgen" ,rust-cbindgen) + ("llvm" ,llvm) + ("clang" ,clang) + ("perl" ,perl) + ("node" ,node) + ("openssl" ,openssl) ; Required for building https-everywhere + ("tar" ,tar) ; for untaring extensions + ("util-linux" ,util-linux) ; for getopt on https-everywhere build + ("xxd" ,xxd) ; for https-everywhere build + ("python" ,python) + ("python2" ,python-2.7) + ("python2-pysqlite" ,python2-pysqlite) + ("yasm" ,yasm) + ("nasm" ,nasm) ; XXX FIXME: only needed on x86_64 and i686 + ("pkg-config" ,pkg-config) + ("autoconf" ,autoconf-2.13) + ("which" ,which))) + (arguments + `(#:tests? #f ; Some tests are autodone by mach on build fase. + + ;; XXX: There are RUNPATH issues such as + ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so, + ;; which is not in its RUNPATH, but they appear to be harmless in + ;; practice somehow. See . + ;; + ;; Is this needed? + #:validate-runpath? #f + + #:imported-modules ,%cargo-utils-modules ;for `generate-all-checksums' + + ;; Verify which modules are actually needed. + #:modules ((ice-9 ftw) + (ice-9 rdelim) + (ice-9 regex) + (ice-9 match) + (srfi srfi-34) + (srfi srfi-35) + (rnrs bytevectors) + (rnrs io ports) + (guix elf) + (guix build gremlin) + (guix build utils) + (sxml simple) + ,@%gnu-build-system-modules) + + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'unpack-extensions + (lambda* (#:key inputs native-inputs #:allow-other-keys) + (let ((https-everywhere-archive "https-everywhere.tar.gz") + (https-everywhere-srcdir "https-everywhere-src") + (noscript-archive "noscript.tar.gz") + (noscript-srcdir "noscript-src") + (bash (which "bash"))) + + (setenv "SHELL" bash) + + (mkdir https-everywhere-srcdir) + (mkdir noscript-srcdir) + (invoke "tar" "xf" https-everywhere-archive "--strip-components=1" + "-C" https-everywhere-srcdir) + (invoke "tar" "xf" noscript-archive "--strip-components=1" + "-C" noscript-srcdir)))) + + ;; Not used yet. For start-tor-browser patch and possibly others. + (add-after 'unpack-extensions 'apply-guix-specific-patches + (lambda* (#:key inputs native-inputs #:allow-other-keys) + (let ((patch (string-append (assoc-ref (or native-inputs inputs) + "patch") + "/bin/patch"))) + (for-each (match-lambda + ((label . file) + (when (and (string-prefix? "torbrowser-" label) + (string-suffix? ".patch" label)) + (format #t "applying '~a'...~%" file) + (invoke patch "--force" "--no-backup-if-mismatch" + "-p1" "--input" file)))) + (or native-inputs inputs))) + #t)) + + ;; On mach build system this is done on configure. + (delete 'bootstrap) + + (add-after 'patch-source-shebangs 'patch-cargo-checksums + (lambda _ + (use-modules (guix build cargo-utils)) + (let ((null-hash "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")) + (substitute* '("Cargo.lock" "gfx/wr/Cargo.lock") + (("(\"checksum .* = )\".*\"" all name) + (string-append name "\"" null-hash "\""))) + (generate-all-checksums "third_party/rust")) + #t)) + + (add-after 'build 'neutralize-store-references + (lambda _ + ;; Mangle the store references to compilers & other build tools in + ;; about:buildconfig, reducing TorBrowser's closure significant. + ;; The resulting files are saved in lib/firefox/omni.ja + (substitute* "objdir/dist/bin/chrome/toolkit/content/global/buildconfig.html" + (((format #f "(~a/)([0-9a-df-np-sv-z]{32})" + (regexp-quote (%store-directory))) _ store hash) + (string-append store + (string-take hash 8) + "" + (string-drop hash 8)))) + #t)) + + (replace 'configure + (lambda* (#:key inputs outputs configure-flags #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bash (which "bash")) + ;; Is this needed? + (flags `(,(string-append "--prefix=" out) + ,@configure-flags))) + + (setenv "SHELL" bash) + (setenv "AUTOCONF" (string-append + (assoc-ref %build-inputs "autoconf") + "/bin/autoconf")) + (setenv "CONFIG_SHELL" bash) + (setenv "PYTHON" (string-append + (assoc-ref inputs "python2") + "/bin/python")) + (setenv "MOZ_BUILD_DATE" ,%torbrowser-build-id) ; avoid timestamp. + (setenv "LDFLAGS" (string-append + "-Wl,-rpath=" + (assoc-ref outputs "out") + "/lib/firefox")) + + ;; Maybe remove --disable-strip since tor-builder strips on another step + ;; See tor-browser-build.git/projects/firefox/build:231. + ;; Add flag for changing app name to torbrowser or use this name for the start script? + (substitute* ".mozconfig" + ;; Arch independent builddir. + (("(mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj).*" _ m) + (string-append m "dir\n")) + (("ac_add_options --disable-tor-launcher") "") + ;; We won't be building incrementals. + (("ac_add_options --enable-signmar") "") + (("ac_add_options --enable-verify-mar") "") + (("ac_add_options --with-tor-browser-version=dev-build") + (string-append "ac_add_options --with-tor-browser-version=org.gnu\n" + "ac_add_options --with-unsigned-addon-scopes=app\n" + "ac_add_options --enable-pulseaudio\n" + "ac_add_options --disable-debug-symbols\n" + "ac_add_options --disable-updater\n" + "ac_add_options --disable-gconf\n" + ;; Other syslibs that can be unbundled? (nss, nspr) + "ac_add_options --enable-system-pixman\n" + "ac_add_options --enable-system-ffi\n" + "ac_add_options --with-system-bz2\n" + "ac_add_options --with-system-icu\n" + "ac_add_options --with-system-jpeg\n" + "ac_add_options --with-system-libevent\n" + "ac_add_options --with-system-zlib\n" + ;; Without these clang is not found. + "ac_add_options --with-clang-path=" + (assoc-ref %build-inputs "clang") "/bin/clang\n" + "ac_add_options --with-libclang-path=" + (assoc-ref %build-inputs "clang") "/lib\n"))) + + ;; See tor-browser-build.git/projects/tor-browser/RelativeLink/start-tor-browser:307 on running + ;; with system tor instance. + (substitute* "browser/app/profile/000-tor-browser.js" + (("(pref\\(\"network.proxy.socks_port\").*" _ m) + (string-append m ", 9050);\n")) + (("(pref\\(\"extensions.torbutton.loglevel\").*" _ m) + (string-append m ",2);\n")) + (("(pref\\(\"extensions.torbutton.logmethod\").*" _ m) + (string-append m ",0);\n")) + (("(pref\\(\"extensions.torbutton.inserted_button\").*" _ m) + (string-append m ",true);\n")) + (("(pref\\(\"extensions.torbutton.launch_warning\").*" _ m) + (string-append m ",false);\n")) + ;; TorBrowser updates are disabled on mozconfig, but let's make sure. + (("(pref\\(\"extensions.torbutton.versioncheck_enabled\").*" _ m) + (string-append m ",false);\n"))) + + (substitute* "browser/extensions/tor-launcher/src/defaults/preferences/torlauncher-prefs.js" + (("(pref\\(\"extensions.torlauncher.start_tor\").*" _ m) + (string-append m ", false);\n")) + (("(pref\\(\"extensions.torlauncher.prompt_at_startup\").*" _ m) + (string-append m ", false);\n")) + ;; Investigate this one: "extensions.torlauncher.only_configure_tor" + ;; on 'tl-util.jsm', would it be a nice addition? + (("(pref\\(\"extensions.torlauncher.should_remove_meek_helper_profiles\").*" _ m) + (string-append m ", false);\n")) + (("(pref\\(\"extensions.torlauncher.loglevel\").*" _ m) + (string-append m ", 2);\n")) + (("(pref\\(\"extensions.torlauncher.logmethod\").*" _ m) + (string-append m ", 0);\n")) + (("(pref\\(\"extensions.torlauncher.control_port\").*" _ m) + (string-append m ", 9051);\n"))) + + ;; For user data outside the guix store. Dirty hack. Maybe worth a patch upstream to create a + ;; configure flag for guix. It will create/modify permissions on 'Data' dir on $HOME. It also + ;; means that TorBrowser will share the Downloads dir on home and not keep its own. + ;; Work on start-tor-browser script to set a TorBrowser own home. + (substitute* "xpcom/io/TorFileUtils.cpp" + (("ANDROID") "GNUGUIX")) + (substitute* "old-configure.in" + (("(AC_SUBST\\(TOR_BROWSER_DISABLE_TOR_LAUNCHER\\))" _ m) + (string-append m "\n AC_DEFINE(GNUGUIX)\n"))) + + ;; TODO: change prefs to block autoupdate app and extensions. + + (newline) + (format #t "Invoking mach configure ...~%") + (force-output) + (invoke "./mach" "configure")))) + + ;; Building noscript from source is failing for now. So its sources remain unused. + (add-after 'configure 'build-extensions + (lambda* (#:key inputs native-inputs #:allow-other-keys) + (let* ((bash (which "bash"))) + + (setenv "SHELL" bash) + + ;; Python3.6 is hardcoded on these scripts. Using v3.8 appears to be harmless. + (with-directory-excursion "https-everywhere-src" + (substitute* '("install-dev-dependencies.sh" + "make.sh" + "hooks/precommit" + "test/firefox.sh" + "test/manual.sh" + "test/script.py" + "test/validations.sh" + "utils/create_zip.py" + "utils/merge-rulesets.py" + "utils/setversion.py" + "utils/zipfile_deterministic.py") + (("python3.6") "python3")) + + ;; Failing to generate the xpi, but copy-dir appears to be enough. + ;; Failing on missing 'wasm'? + (invoke "./make.sh"))))) + + (replace 'build + (lambda _ (invoke "./mach" "build"))) + + ;; TorBrowser just do a stage-package here and copy files to its places. + (replace 'install + (lambda* (#:key inputs outputs configure-flags #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (builddir "objdir/dist/firefox") + (libdir (string-append out "/lib/firefox")) + (bindir (string-append out "/bin")) + (noscript-id "{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi") + (extdir (string-append libdir "/browser/extensions"))) + + ;; (display "string\n") should be enough here, chage this. + (format #t "Staging package ...~%") + (force-output) + (invoke "./mach" "build" "stage-package") + (format #t "Deleting spurious files ...~%") + (force-output) + ;; TorBrowser doesn't use those. See: tor-browser-build.git/projects/firefox/build:167 + (for-each delete-file `(,(string-append builddir "/firefox-bin") + ,(string-append builddir "/libfreeblpriv3.chk") + ,(string-append builddir "/libnssdbm3.chk") + ,(string-append builddir "/libsoftokn3.chk"))) + + (format #t "Creating install dirs ...~%") + (force-output) + (mkdir-p libdir) + (mkdir bindir) + + (format #t "Copying files to install dirs ...~%") + (force-output) + (copy-recursively builddir (string-append libdir "/") + #:log (%make-void-port "w")) + + (format #t "Linking binary ...~%") + (force-output) + (symlink (string-append libdir "/firefox") + (string-append bindir "/firefox")) + + (format #t "Copying extensions to default path ...~%") + (force-output) + (mkdir-p extdir) + (format #t "Copying noscript ...~%") + (force-output) + (copy-file "noscript.xpi" (string-append extdir "/" noscript-id)) + (format #t "Copying https-everywhere ...~%") + (force-output) + (if (file-exists? "https-everywhere-src/pkg/https-everywhere-2020.5.20~pre-eff.xpi") + (copy-file "https-everywhere-src/pkg/https-everywhere-2020.5.20~pre-eff.xpi" + (string-append extdir "/https-everywhere-eff@eff.org.xpi")) + (copy-recursively "https-everywhere-src/pkg/xpi-eff" + (string-append extdir "/https-everywhere-eff@eff.org"))) + #:log (%make-void-port "w"))))))) + + ;; Thunderbird doesn't provide any .desktop file, but TorBrowser does, however it's staged not installed, let's see. + ;; + ;; Is this needed? Try to play webmedia! + ;;(add-after 'install 'wrap-program + ;; (lambda* (#:key inputs outputs #:allow-other-keys) + ;; (let* ((out (assoc-ref outputs "out")) + ;; (lib (string-append out "/lib")) + ;; (gtk (assoc-ref inputs "gtk+")) + ;; (gtk-share (string-append gtk "/share")) + ;; (pulseaudio (assoc-ref inputs "pulseaudio")) + ;; (pulseaudio-lib (string-append pulseaudio "/lib"))) + ;; (wrap-program (car (find-files lib "^firefox$")) + ;; `("XDG_DATA_DIRS" prefix (,gtk-share)) + ;; `("LD_LIBRARY_PATH" prefix (,pulseaudio-lib))) + ;; #t)))))) + (home-page "https://www.torproject.org") + (synopsis "Anonymous browser derived from Mozilla Firefox") + (description + "TorBrowser is the Tor Project version of the Firefox browser. It is +the only recommended way to anonymously browse the web that is supported by +the project. It modifies firefox in order to avoid many know application level +attacks on the privacy of Tor users. + +WARNING: This is not the official TorBrowser and is currently on testing. +If you have issues using it, do not bother Tor Developers, as it is not the +official bundle provided by the Tor Project. Use at your own risk and please +report back on guix channels. This version does not bundle @code{tor}, you need +to configure it as a system service and set ControlPort and HashedControlPassword +to access some features.") + (license license:mpl2.0))) ;and others, see toolkit/content/license.html -- 2.27.0