From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id oDW3GKVGHF80RgAA0tVLHw (envelope-from ) for ; Sat, 25 Jul 2020 14:50:13 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id 8EtaFKVGHF9uVwAAbx9fmQ (envelope-from ) for ; Sat, 25 Jul 2020 14:50:13 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9DD109402A2 for ; Sat, 25 Jul 2020 14:50:11 +0000 (UTC) Received: from localhost ([::1]:59664 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jzLV4-0000Js-1W for larch@yhetil.org; Sat, 25 Jul 2020 10:50:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37634) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jzLUw-0000Jc-HJ for guix-patches@gnu.org; Sat, 25 Jul 2020 10:50:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:39226) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jzLUw-0005ot-8E for guix-patches@gnu.org; Sat, 25 Jul 2020 10:50:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jzLUw-0002qp-6k for guix-patches@gnu.org; Sat, 25 Jul 2020 10:50:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42380] [PATCH] gnu: Add torbrowser-unbundle. Resent-From: =?UTF-8?Q?Andr=C3=A9?= Batista Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 25 Jul 2020 14:50:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42380 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 42380@debbugs.gnu.org Received: via spool by 42380-submit@debbugs.gnu.org id=B42380.159568859610944 (code B ref 42380); Sat, 25 Jul 2020 14:50:02 +0000 Received: (at 42380) by debbugs.gnu.org; 25 Jul 2020 14:49:56 +0000 Received: from localhost ([127.0.0.1]:50772 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jzLUi-0002qK-US for submit@debbugs.gnu.org; Sat, 25 Jul 2020 10:49:56 -0400 Received: from mx1.riseup.net ([198.252.153.129]:44236) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jzLUe-0002q9-02 for 42380@debbugs.gnu.org; Sat, 25 Jul 2020 10:49:47 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4BDTVt5fZSzFcs7 for <42380@debbugs.gnu.org>; Sat, 25 Jul 2020 07:49:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1595688583; bh=BLNc05rgNO6/9EWutmHa06Jr/8CfxQTK8A0cMhRAipc=; h=Date:From:To:Subject:References:In-Reply-To:From; b=BgMR5poix1bpQz5oRg1vYgpRh4zH2AL0WpLVZB310s4Hfxpgt9XFCEavGJlTU/BoM upIVp1CQolTZ8+LmuOWPMo5zK8mZte+2XzKvv7NxtF2yyLKfWgzW46l25orNpAqmMK C2XYnA/cxgAh/i5D4LD6fQV/tcpvfp/UUeN+SAPs= X-Riseup-User-ID: EA7EC06F054AAE5417A7C6AB8FDDF1B9B825D11F72736471FD180893E247E506 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 4BDTVq4jpczJnmY for <42380@debbugs.gnu.org>; Sat, 25 Jul 2020 07:49:39 -0700 (PDT) Date: Sat, 25 Jul 2020 11:49:30 -0300 From: =?UTF-8?Q?Andr=C3=A9?= Batista Message-ID: <20200725144930.GA13751@andel> References: <20200715211547.GA17146@andel> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0ntfKIWw70PvrIHh" Content-Disposition: inline In-Reply-To: <20200715211547.GA17146@andel> X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=riseup.net header.s=squak header.b=BgMR5poi; dmarc=fail reason="SPF not aligned (relaxed)" header.from=riseup.net (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -1.51 X-TUID: 8hZWPxfUfoJq --0ntfKIWw70PvrIHh Content-Type: multipart/mixed; boundary="+HP7ph2BbKc20aGI" Content-Disposition: inline --+HP7ph2BbKc20aGI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello Guix, The patch bellow adds TorBrowser, Obfs4 and related libraries. No more warnings, it should behave as expected. User files are stored under '~/.local/share/torbrowser'. Just two notes:=20 - some of the libraries do not have a named font and just claim BDS-Style. I've written bsd-2 for those and left a note. I'm no sure if there is need for a more appropriate description. - https-everywhere does not show rules on the browser, but the rules are there on the store path. There is no default address for autoupdating rules. And one important question: tor and obfs4 are inputs to torbrowser which are symlinked in the install phase. Do they need to be propagated so as to not be garbage collected? Happy Hacking! --+HP7ph2BbKc20aGI Content-Type: text/plain; charset=utf-8 Content-Disposition: inline; filename="0001-gnu-Add-torbrowser-unbundle.patch" Content-Transfer-Encoding: quoted-printable =46rom d9b11fdfa62919fc5ebfd73c55a9dbbbc12596a0 Mon Sep 17 00:00:00 2001 =46rom: =3D?UTF-8?q?Andr=3DC3=3DA9=3D20Batista?=3D Date: Sat, 25 Jul 2020 06:11:36 -0300 Subject: [PATCH] gnu: Add torbrowser-unbundle To: guix-patches@gnu.org * gnu/packages/tor.scm (obfs4, torbrowser-unbundle): New variables. * gnu/packages/golang.scm (go-torproject-org-ptlib, go-github-com-agl-ed25519, go-github-com-dchest-siphash, go-github-com-dchest-uniuri, go-github-com-dsnet-compress, go-schwanenlied-me-yawning-bsaes, go-gitlab-com-yawning-utls): New variable= s. * gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch: New file. * gnu/packages/patches/torbrowser-start-tor-browser.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. --- gnu/local.mk | 3 + gnu/packages/golang.scm | 188 +++++ ...torbrowser-start-tor-browser.desktop.patch | 22 + .../torbrowser-start-tor-browser.patch | 184 +++++ gnu/packages/tor.scm | 752 +++++++++++++++++- 5 files changed, 1145 insertions(+), 4 deletions(-) create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.deskt= op.patch create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.patch diff --git a/gnu/local.mk b/gnu/local.mk index f2a7b6b984..7bff822c43 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -36,6 +36,7 @@ # Copyright =C2=A9 2020 Jan Wielkiewicz # Copyright =C2=A9 2020 Brice Waegeneire # Copyright =C2=A9 2020 Tanguy Le Carrour +# Copyright =C2=A9 2020 Andr=C3=A9 Batista # # This file is part of GNU Guix. # @@ -1587,6 +1588,8 @@ dist_patch_DATA =3D \ %D%/packages/patches/tipp10-fix-compiling.patch \ %D%/packages/patches/tipp10-remove-license-code.patch \ %D%/packages/patches/tk-find-library.patch \ + %D%/packages/patches/torbrowser-start-tor-browser.patch \ + %D%/packages/patches/torbrowser-start-tor-browser.desktop.patch \ %D%/packages/patches/ttf2eot-cstddef.patch \ %D%/packages/patches/ttfautohint-source-date-epoch.patch \ %D%/packages/patches/tomb-fix-errors-on-open.patch \ diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 2c31632db6..772b1e29f2 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -18,6 +18,7 @@ ;;; Copyright =C2=A9 2019, 2020 Arun Isaac ;;; Copyright =C2=A9 2020 Jack Hill ;;; Copyright =C2=A9 2020 Jakub K=C4=85dzio=C5=82ka +;;; Copyright =C2=A9 2020 Andr=C3=A9 Batista ;;; ;;; This file is part of GNU Guix. ;;; @@ -4263,3 +4264,190 @@ used by other processes.") Porter2 stemmer}. It is written completely using finite state machines to= do suffix comparison, rather than the string-based or tree-based approaches.") (license license:asl2.0)))) + +(define-public go-torproject-org-ptlib + (package + (name "go-torproject-org-ptlib") + (version "1.1.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://git.torproject.org/pluggable-transports/goptlib.g= it") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1lh938194hvkf8pqgnxwf6hvjv9rv0j3kasi07r2ckrj8sxzk4jc")))) + (build-system go-build-system) + (arguments + '(#:import-path "git.torproject.org/pluggable-transports/goptlib.git")) + (home-page "https://git.torproject.org/pluggable-transports/goptlib.git= ") + (synopsis "Go library for Tor pluggable transports") + (description "Library for writing Tor pluggable transports in Go.") + (license license:cc0))) + + +(define-public go-github-com-agl-ed25519 + (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de") + (revision "0")) + (package + (name "go-github-com-agl-ed25519") + (version (git-version "0.0.0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/agl/ed25519") + (commit commit))) + (file-name (string-append name "-" version "-checkout")) + (sha256 + (base32 + "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/agl/ed25519" + #:phases + (modify-phases %standard-phases + (add-before 'reset-gzip-timestamps 'make-files-writable + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (for-each (lambda (file) (chmod file #o644)) + (find-files out "\\.gz")) + #t)))))) + (home-page "https://github.com/agl/ed25519") + (synopsis "Go library for ed25519") + (description "This library is used in the implementation of obfs4.") + (license license:bsd-2))));; Repo does not contain license anymore. + ;; Only refered on file as BSD-Style. + +(define-public go-github-com-dchest-siphash + (let ((commit "34f201214d993633bb24f418ba11736ab8b55aa7") + (revision "0")) + (package + (name "go-github-com-dchest-siphash") + (version (git-version "0.0.0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/dchest/siphash") + (commit commit))) + (file-name (string-append name "-" version "-checkout")) + (sha256 + (base32 + "08s076y7vmjqnq7jz0762hkm896r6r31v8b31a3gy0n8rfa01k8k")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/dchest/siphash")) + (home-page "https://github.com/dchest/siphash") + (synopsis "Go library for siphash") + (description "Go implementation of SipHash-2-4, a fast short-input PRF +created by Jean-Philippe Aumasson and Daniel J. Bernstein.") + (license license:cc0)))) + +(define-public go-github-com-dchest-uniuri + (let ((commit "8902c56451e9b58ff940bbe5fec35d5f9c04584a") + (revision "0")) + (package + (name "go-github-com-dchest-uniuri") + (version (git-version "0.0.0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/dchest/uniuri") + (commit commit))) + (file-name (string-append name "-" version "-checkout")) + (sha256 + (base32 + "1x5bsbm1nlphsv96zd0rbclfaa1swpz5bp14x7s5dbxp0awk2gd4")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/dchest/uniuri")) + (home-page "https://github.com/dchest/uniuri") + (synopsis "Go library for random URIs") + (description "Package uniuri generates random strings good for use in +URIs to identify unique objects.") + (license license:cc0)))) + +(define-public go-github-com-dsnet-compress + (let ((commit "cc9eb1d7ad760af14e8f918698f745e80377af4f") + (revision "0")) + (package + (name "go-github-com-dsnet-compress") + (version (git-version "0.0.0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/dsnet/compress") + (commit commit))) + (file-name (string-append name "-" version "-checkout")) + (sha256 + (base32 + "159liclywmyb6zx88ga5gn42hfl4cpk1660zss87fkx31hdq9fgx")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/dsnet/compress")) + (home-page "https://github.com/dsnet/compress") + (synopsis "Go library for extended compression") + (description "This is a collection of compression related libraries. +The goal of this project is to provide pure Go implementations for popular +compression algorithms bey ond what the Go standard library provides.") + (license license:bsd-2))));; Unnamed. Go license? + +(define-public go-schwanenlied-me-yawning-bsaes + (let ((commit "26d1add596b6d800bdeeb3bc3b2c7b316c056b6d") + (revision "0")) + (package + (name "go-schwanenlied-me-yawning-bsaes") + (version (git-version "0.0.0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://git.schwanenlied.me/yawning/bsaes.git") + (commit commit))) + (file-name (string-append name "-" version "-checkout")) + (sha256 + (base32 + "0h4dsyw54n9rcwprqy93wv2v1gcvlq1vfqdp1g7wxdkq457rhvys")))) + (build-system go-build-system) + (arguments + '(#:import-path "git.schwanenlied.me/yawning/bsaes.git")) + (home-page "https://git.schwanenlied.me/yawning/bsaes.git") + (synopsis "Go AES library") + (description "Portable pure-Go constant time AES implementation based= on +the excellent code from [BearSSL](https://bearssl.org/). On AMD64 systems +with AES-NI and a sufficiently recent Go runtime, it will transparently ca= ll +crypto/aes when NewCipher is invoked.") + (license license:bsd-2))));; Also unnamed. + +(define-public go-gitlab-com-yawning-utls + (package + (name "go-gitlab-com-yawning-utls") + (version "0.0.10-1") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://gitlab.com/yawning/utls.git") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "15c46s56r45n22rmq9spnczydnkqrnxff28h5mpnk5yvcqif3lgb")))) + (build-system go-build-system) + (arguments + '(#:tests? #f ;; Tries to connect and fails. + #:import-path "gitlab.com/yawning/utls.git")) + (propagated-inputs + `(("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsae= s) + ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress) + ("go-golang-org-x-crypto" ,go-golang-org-x-crypto))) + (home-page "https://gitlab.com/yawning/utls.git") + (synopsis "Go library for UTLS") + (description "UTLS fork for the specific purpose of improving obfs4prox= y's +meek_lite transport.") + (license license:gpl3+))) diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patc= h b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch new file mode 100644 index 0000000000..e65348b7f5 --- /dev/null +++ b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch @@ -0,0 +1,22 @@ +Change TorBrowser desktop file in order for it to be agnostic to the +path when invoked. + +--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/projects/tor-browser/RelativeL= ink/start-tor-browser.desktop.orig 2020-07-05 18:47:40.689484877 -0300 ++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/projects/tor-browser/RelativeL= ink/start-tor-browser.desktop 2020-07-24 14:36:37.720579884 -0300 +@@ -1,4 +1,4 @@ +-#!/usr/bin/env ./Browser/execdesktop ++#!/usr/bin/env bash + # + # This file is a self-modifying .desktop file that can be run from the sh= ell. + # It preserves arguments and environment for the start-tor-browser script. +@@ -28,7 +28,7 @@ + GenericName=3DWeb Browser + Comment=3DTor Browser is +1 for privacy and =E2=88=921 for mass surveilla= nce + Categories=3DNetwork;WebBrowser;Security; +-Exec=3Dsh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ = ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/sta= rt-tor-browser --detach)' dummy %k +-X-TorBrowser-ExecShell=3D./Browser/start-tor-browser --detach +-Icon=3Dweb-browser ++Exec=3Dbash -c start-tor-browser ++X-TorBrowser-ExecShell=3Dstart-tor-browser --detach ++Icon=3Dtorbrowser + StartupWMClass=3DTor Browser diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.patch b/gnu/= packages/patches/torbrowser-start-tor-browser.patch new file mode 100644 index 0000000000..e3e29e61ed --- /dev/null +++ b/gnu/packages/patches/torbrowser-start-tor-browser.patch @@ -0,0 +1,184 @@ +Change TorBrowser startup script in order for it to setup needed files +outside guix store. Remove tests which are not needed on guix system. + +--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/projects/tor-browser/RelativeL= ink/start-tor-browser.orig 2020-07-05 18:47:40.685485004 -0300 ++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/projects/tor-browser/RelativeL= ink/start-tor-browser 2020-07-23 18:13:32.426282743 -0300 +@@ -5,6 +5,16 @@ + # + # Copyright 2017 The Tor Project. See LICENSE for licensing information. +=20 ++TBB_HOME=3D"${HOME}/.local/share/torbrowser" ++TBB_LOGFILE=3D"${TBB_HOME}/torbrowser.log" ++TBB_DATA=3D"${TBB_HOME}/Data" ++TBB_PROFILE=3D"${TBB_DATA}/Browser/profile.default" ++TBB_STORE_PATH=3D$(dirname $(realpath "$0")) ++TBB_STORE_DATA=3D"${TBB_STORE_PATH}/TorBrowser/Data" ++TORRC=3D"${TBB_DATA}/Tor/torrc-defaults" ++#TORRC_BRIDGE=3D"${TORRC}-appendix" ++PT_PREFS=3D"${TBB_DATA}/Browser/bridge-prefs-js-appendix" ++ + complain_dialog_title=3D"Tor Browser" +=20 + # First, make sure DISPLAY is set. If it isn't, we're hosed; scream +@@ -134,8 +144,8 @@ + ;; + -l | --log) + if [ -z "$2" -o "${2:0:1}" =3D=3D "-" ]; then +- printf "Logging Tor Browser debug information to tor-browser= =2Elog\n" +- logfile=3D"../tor-browser.log" ++ printf "Logging Tor Browser debug information to torbrowser.= log\n" ++ logfile=3D"${TBB_LOGFILE}" + elif [ "${2:0:1}" =3D=3D "/" -o "${2:0:1}" =3D=3D "~" ]; then + printf "Logging Tor Browser debug information to %s\n" "$2" + logfile=3D"$2" +@@ -187,41 +197,23 @@ + export XAUTHORITY + fi +=20 +-# If this script is being run through a symlink, we need to know where +-# in the filesystem the script itself is, not where the symlink is. +-myname=3D"$0" +-if [ -L "$myname" ]; then +- # XXX readlink is not POSIX, but is present in GNU coreutils +- # and on FreeBSD. Unfortunately, the -f option (which follows +- # a whole chain of symlinks until it reaches a non-symlink +- # path name) is a GNUism, so we have to have a fallback for +- # FreeBSD. Fortunately, FreeBSD has realpath instead; +- # unfortunately, that's also non-POSIX and is not present in +- # GNU coreutils. +- # +- # If this launcher were a C program, we could just use the +- # realpath function, which *is* POSIX. Too bad POSIX didn't +- # make that function accessible to shell scripts. +- +- # If realpath is available, use it; it Does The Right Thing. +- possibly_my_real_name=3D"`realpath "$myname" 2>/dev/null`" +- if [ "$?" -eq 0 ]; then +- myname=3D"$possibly_my_real_name" +- else +- # realpath is not available; hopefully readlink -f works. +- myname=3D"`readlink -f "$myname" 2>/dev/null`" +- if [ "$?" -ne 0 ]; then +- # Ugh. +- complain "start-tor-browser cannot be run using a symlink on this oper= ating system." +- fi +- fi ++# Try to be agnostic to where we're being started from, check if files ar= e on its ++# default paths and chdir to TBB_HOME ++if [ -e "${TORRC}" ]; then ++ cd "${TBB_HOME}" ++else ++ mkdir -p "${TBB_HOME}" ++ cp -R "${TBB_STORE_DATA}" "${TBB_HOME}" ++ chmod -R 700 "${TBB_HOME}" ++ mkdir -p "${TBB_PROFILE}" ++ echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TO= RRC}\");"\ ++ > "${TBB_PROFILE}/user.js" ++ grep -v 'default_bridge\.snowflake' "${PT_PREFS}" >> "${TBB_PROFILE}/u= ser.js" ++ echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit e= xec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\ ++ >> "${TORRC}" ++ cd "${TBB_HOME}" + fi +=20 +-# Try to be agnostic to where we're being started from, chdir to where +-# the script is. +-mydir=3D"`dirname "$myname"`" +-test -d "$mydir" && cd "$mydir" +- + # If ${PWD} results in a zero length string, we can try something else... + if [ ! "${PWD}" ]; then + # "hacking around some braindamage" +@@ -236,16 +228,9 @@ + ln -nsf ~/.config/ibus/bus .config/ibus + fi +=20 +-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from = the +-# canonical version if it was changed by the updater. +-cp start-tor-browser.desktop ../ +-sed -i -e "s,^Name=3D.*,Name=3DTor Browser,g" ../start-tor-browser.desktop +-sed -i -e "s,^Icon=3D.*,Icon=3D$PWD/browser/chrome/icons/default/default1= 28.png,g" ../start-tor-browser.desktop +-sed -i -e "s,^Exec=3D.*,Exec=3Dsh -c '\"$PWD/start-tor-browser\" --detach= || ([ ! -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Brow= ser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop +- + if [ "$register_desktop_app" -eq 1 ]; then + mkdir -p "$HOME/.local/share/applications/" +- cp ../start-tor-browser.desktop "$HOME/.local/share/applications/" ++ cp "${TBB_STORE_PATH}/start-tor-browser.desktop" "$HOME/.local/share/app= lications/" + update-desktop-database "$HOME/.local/share/applications/" + printf "Tor Browser has been registered as a desktop app for this user i= n ~/.local/share/applications/\n" + exit 0 +@@ -265,21 +250,6 @@ + HOME=3D"${PWD}" + export HOME +=20 +-SYSARCHITECTURE=3D$(getconf LONG_BIT) +-TORARCHITECTURE=3D$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit= :]]*\)') +- +-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then +- complain "Wrong architecture? 32-bit vs. 64-bit." +- exit 1 +-fi +- +-[% IF c("var/asan") -%] +-# We need to disable LSan which is enabled by default now. Otherwise we'l= l get +-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59 +-ASAN_OPTIONS=3D"detect_leaks=3D0" +-export ASAN_OPTIONS +-[% END -%] +- + function setControlPortPasswd() { + local ctrlPasswd=3D$1 +=20 +@@ -342,13 +312,15 @@ + # your password in the following line where the word =E2=80=9Csecret=E2= =80=9D is: + setControlPortPasswd ${TOR_CONTROL_PASSWD:=3D'"secret"'} +=20 +-# Set up custom bundled fonts. See fonts-conf(5). +-export FONTCONFIG_PATH=3D"${HOME}/TorBrowser/Data/fontconfig" +-export FONTCONFIG_FILE=3D"fonts.conf" +- + # Avoid overwriting user's dconf values. Fixes #27903. + export GSETTINGS_BACKEND=3Dmemory +=20 ++# Set up custom bundled fonts. See fonts-conf(5). ++export FONTCONFIG_FILE=3D"${HOME}/Data/fontconfig/fonts.conf" ++ ++sed -i "${FONTCONFIG_FILE}"\ ++ -e "s,fonts,${TBB_STORE_PATH}/fonts," ++ + cd "${HOME}" +=20 + # We pass all additional command-line arguments we get to Firefox. +@@ -357,23 +329,23 @@ +=20 + if [ "$show_usage" -eq 1 ]; then + # Display Firefox help, then our help +- TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ./firefox --class "Tor Bro= wser" \ +- -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/nu= ll ++ TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox = --class "Tor Browser" \ ++ -profile Data/Browser/profile.default --help 2>/dev/null + tbb_usage + elif [ "$detach" -eq 1 ] ; then +- TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ./firefox --class "Tor Bro= wser" \ +- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfil= e" 2>&1 "$logfile" 2>&1 &1 &1 "$logfi= le" 2>&1 "$logfile" 2>&1 derivation guile system))) + (gexp->derivation (or name "computed-origin") + (force gexp-promise) + #:graft? #f ;nothing to graft + #:system system + #:guile-for-build guile))) + +;; Fonts for TorBrowser. Avoid downloading 4Gb+ git repo on +;; https://github.com/googlei18n/noto-fonts.git to use just a handful. +;; Use the fonts on TorBrowser package. +(define torbrowser-fonts + (package + (name "torbrowser-fonts") + (version "9.5.1") + (source (origin + (method url-fetch) + (uri (string-append "https://dist.torproject.org/torbrowser/" + version "/tor-browser-linux64-" + version "_en-US.tar.xz")) + (sha256 + (base32 + "18xv8pv2j55f78n4d7cz24zwhqlcxkpq8nbanl754k2k0s1w34dd")))) + (build-system trivial-build-system) + (native-inputs + `(("tar" ,tar) + ("xz" ,xz))) + (arguments + `(#:modules ((guix build utils)) + #:builder (begin + (use-modules (guix build utils)) + (let ((src (assoc-ref %build-inputs "source")) + (src-dir "tor-browser_en-US/Browser/fonts") + (install-dir (string-append %output "/fonts")) + (tar (assoc-ref %build-inputs "tar")) + (xz (assoc-ref %build-inputs "xz"))) + + (mkdir-p install-dir) + (format #t "Untaring torbrowser ball ...~%") + (invoke (string-append tar "/bin/tar") "-xf" src + "-C" install-dir "--strip-components=3D3" + (string-append "--use-compress-program=3D" xz = "/bin/xz") + src-dir) + #t)))) + (home-page "https://github.com/googlei18n/noto-fonts") + (synopsis "TorBrowser bundled fonts") + (description "Free fonts bundled with TorBrowser. Includes a subset of= Noto, +Arimo, Cousine, Tinos and STIX fonts.") + (license license:silofl1.1))) + +(define %torbrowser-version "68.10.0esr-9.5-1") +(define %torbrowser-build-id "20200709000000") ;must be of the form YYYYMM= DDhhmmss + +;; (Un)fortunatly TorBrowser has it's own reproducible build system - RBM = - which +;; automates the build process for them and compiles TorBrowser from a ran= ge of +;; repositories and produces a range of tarballs for different architectur= es and +;; locales. So we need to cherry-pick what is needed for guix and produce = our own +;; tarball. See https://gitweb.torproject.org/builders/tor-browser-build.g= it/projects/\ +;; {tor-browser,firefox}/{build,config} for the rationale applied here. Se= e also +;; the Hacking on TorBrowser document for a high level introduction at +;; https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking). +;; +;; TODO: Import langpacks. +(define torbrowser-source + (let* ((torbrowser-commit "75c2bb720d4ceb76231e8ecc3455754bf05ba19b") + (torbrowser-version %torbrowser-version) + (upstream-torbrowser-source + (origin + (method git-fetch) + (uri (git-reference + (url "https://git.torproject.org/tor-browser.git") + (commit torbrowser-commit))) + (file-name (git-file-name "tor-browser" torbrowser-version)) + (sha256 + (base32 + "19sk46k2bqa72il46pdl534nk2g3fi6l7m7kbglddccxv19ck0k4")))) + + (torbrowser-build-commit "e94ba3a7677f7051a14b2304427ec8393a450fd= c") + (torbrowser-build-version "9.5") + (upstream-torbrowser-build-source + (origin + (method git-fetch) + (uri (git-reference + (url "https://git.torproject.org/builders/tor-browser-bu= ild.git") + (commit torbrowser-build-commit))) + (file-name (git-file-name "tor-browser-build" + torbrowser-build-version)) + (sha256 + (base32 + "1jgkrsckcjgr1lgcwahzdrcasmpghs2ppz6w80fya89pa5d6r0gv")))) + + (torbutton-commit "ebe2bedab44e38f18c7968bd327d99eef7660f34") + (torbutton-version "9.5") + (upstream-torbutton-source + (origin + (method git-fetch) + (uri (git-reference + (url "https://git.torproject.org/torbutton.git") + (commit torbutton-commit))) + (file-name (git-file-name "torbutton" torbutton-version)) + (sha256 + (base32 + "03xdyszab1a8j98xv6440v4lq58jkfqgmhxc2a62qz8q085d2x83")))) + + (tor-launcher-commit "b4838d339a84c5ebebd91a0ba6b22d44ecda97b1") + (tor-launcher-version "0.2.21") + (upstream-tor-launcher-source + (origin + (method git-fetch) + (uri (git-reference + (url "https://git.torproject.org/tor-launcher.git") + (commit tor-launcher-commit))) + (file-name (git-file-name "tor-launcher" tor-launcher-version)) + (sha256 + (base32 + "0xxwyw1j6dkm2a24kg1564k701p5ikfzs1f9n0gflvlzz9427haf")))) + + (https-everywhere-version "2020.5.20") + (upstream-https-everywhere-source + (origin + (method url-fetch) + (uri (string-append "https://github.com/EFForg/https-everywher= e/archive/" + https-everywhere-version ".tar.gz")) + (sha256 + (base32 + "027lga3z0a4d7s95id861das7g0k29p7pqh9xd77jm87f7w4l763")))) + + (noscript-xpi-version "11.0.34") + (upstream-noscript-xpi + (origin + (method url-fetch) + (uri (string-append "https://secure.informaction.com/download/= releases/noscript-" + noscript-xpi-version ".xpi")) + (sha256 + (base32 + "0y45925ms2bk9d42zbgwcdb2sif8kqlbaflkz15q08gi7vgki6km"))))) + + ;; Now we bundle the grabbed sources. + (origin + (method computed-origin-method) + (file-name (string-append "torbrowser-" %torbrowser-version ".tar.xz= ")) + (sha256 #f) + (uri + (delay + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (let ((torbrowser-dir (string-append "torbrowser-" + #$torbrowser-version)) + (torbutton-dir "toolkit/torproject/torbutton") + (tor-launcher-dir "browser/extensions/tor-launcher") + (tbb-scripts-dir "tbb-scripts") + (https-everywhere "https-everywhere.tar.gz") + (noscript-xpi "noscript.xpi")) + + (set-path-environment-variable + "PATH" '("bin") + (list #+(canonical-package bash) + #+(canonical-package xz) + #+(canonical-package tar))) + + (format #t "Copying torbrowser source to writable path ...= ~%") + (force-output) + (copy-recursively #+upstream-torbrowser-source + torbrowser-dir + #:log (%make-void-port "w")) + + (with-directory-excursion torbrowser-dir + (format #t "Copying torbutton source to torbrowser...~%") + (force-output) + (make-file-writable torbutton-dir) + (copy-recursively #+upstream-torbutton-source + torbutton-dir + #:log (%make-void-port "w")) + + (format #t "Copying tor-launcher source to torbrowser...= ~%") + (force-output) + (copy-recursively #+upstream-tor-launcher-source + tor-launcher-dir + #:log (%make-void-port "w")) + + (format #t "Copying tor-browser-build source to torbrows= er...~%") + (force-output) + (mkdir tbb-scripts-dir) + (copy-recursively #+upstream-torbrowser-build-source + tbb-scripts-dir + #:log (%make-void-port "w")) + + (format #t "Copying https-everywhere source to torbrowse= r...~%") + (force-output) + (copy-file #+upstream-https-everywhere-source + https-everywhere) + + (format #t "Copying noscript xpi to torbrowser...~%") + (force-output) + (copy-file #+upstream-noscript-xpi + "noscript.xpi")) + + (invoke "tar" "cvfa" #$output + ;; Avoid non-determinism in the archive. + "--mtime=3D@315619200" ; 1980-01-02 UTC + "--owner=3Droot:0" + "--group=3Droot:0" + "--sort=3Dname" + torbrowser-dir) + #t)))))))) + +(define-public torbrowser-unbundle + (package + (name "torbrowser-unbundle") + (version %torbrowser-version) + (source torbrowser-source) + (build-system gnu-build-system) + (inputs + `(("alsa-lib" ,alsa-lib) + ("bzip2" ,bzip2) + ("cups" ,cups) + ("dbus-glib" ,dbus-glib) + ("ffmpeg" ,ffmpeg) + ("freetype" ,freetype) + ("gdk-pixbuf" ,gdk-pixbuf) + ("glib" ,glib) + ("gtk+" ,gtk+) + ("gtk+-2" ,gtk+-2) + ("graphite2" ,graphite2) + ("harfbuzz" ,harfbuzz) + ("icu4c" ,icu4c) + ("libcanberra" ,libcanberra) + ("libgnome" ,libgnome) + ("libjpeg-turbo" ,libjpeg-turbo) + ("libogg" ,libogg) + ;; ("libtheora" ,libtheora) ; wants theora-1.2, not yet released + ("libvorbis" ,libvorbis) + ("libxft" ,libxft) + ("libevent" ,libevent) + ("libxinerama" ,libxinerama) + ("libxscrnsaver" ,libxscrnsaver) + ("libxcomposite" ,libxcomposite) + ("libxt" ,libxt) + ("libffi" ,libffi) + ("libvpx" ,libvpx) + ("mesa" ,mesa) + ("mit-krb5" ,mit-krb5) + ;; See + ;; and related comments in the 'remove-bundled-libraries' phase. + ;; UNBUNDLE-ME! ("nspr" ,nspr) + ;; UNBUNDLE-ME! ("nss" ,nss) + ("obfs4" ,obfs4) + ("pango" ,pango) + ("pixman" ,pixman) + ("pulseaudio" ,pulseaudio) + ("shared-mime-info" ,shared-mime-info) + ("sqlite" ,sqlite) + ("startup-notification" ,startup-notification) + ("tor" ,tor-client) + ("unzip" ,unzip) + ("zip" ,zip) + ("zlib" ,zlib))) + (native-inputs + `(("autoconf" ,autoconf-2.13) + ("cargo" ,rust "cargo") + ("clang" ,clang) + ("libxml2" ,libxml2) ; for https-e + ("libxslt" ,libxslt) ; for https-e + ("llvm" ,llvm) + ("openssl" ,openssl) ; For hash+sig on https-everywhere + ("patch" ,(canonical-package patch)) + ("torbrowser-start-tor-browser.patch" + ,(search-patch "torbrowser-start-tor-browser.patch")) + ("torbrowser-start-tor-browser.desktop.patch" + ,(search-patch "torbrowser-start-tor-browser.desktop.patch")) + ("perl" ,perl) + ("pkg-config" ,pkg-config) + ("python" ,python) + ("python2" ,python-2.7) + ("python2-pysqlite" ,python2-pysqlite) + ("nasm" ,nasm) ; XXX FIXME: only needed on x86_64 and i686 + ("node" ,node) + ("rsync" ,rsync) ; for https-e build + ("rust" ,rust) + ("rust-cbindgen" ,rust-cbindgen) + ("tar" ,tar) ; for untaring extensions + ("torbrowser-fonts" ,torbrowser-fonts) + ("util-linux" ,util-linux) ; for getopt on https-everywhere build + ("which" ,which) + ("xxd" ,xxd) ; for https-everywhere build + ("yasm" ,yasm))) + (arguments + `(#:tests? #f ; Some tests are autodone by mach on build fas= e. + + ;; XXX: There are RUNPATH issues such as + ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.s= o, + ;; which is not in its RUNPATH, but they appear to be harmless in + ;; practice somehow. See . + #:validate-runpath? #f + + #:imported-modules ,%cargo-utils-modules ;for `generate-all-checksu= ms' + + #:modules ((ice-9 ftw) + (ice-9 rdelim) + (ice-9 regex) + (ice-9 match) + (srfi srfi-34) + (srfi srfi-35) + (rnrs bytevectors) + (rnrs io ports) + (guix elf) + (guix build gremlin) + (guix build utils) + (sxml simple) + ,@%gnu-build-system-modules) + + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'unpack-extensions + (lambda* (#:key inputs native-inputs #:allow-other-keys) + (let ((https-everywhere-archive "https-everywhere.tar.gz") + (https-everywhere-srcdir "https-everywhere-src") + (bash (which "bash"))) + (setenv "SHELL" bash) + (mkdir https-everywhere-srcdir) + (invoke "tar" "xf" https-everywhere-archive + "--strip-components=3D1" "-C" https-everywhere-srcd= ir)) + #t)) + + (add-after 'unpack-extensions 'apply-guix-specific-patches + (lambda* (#:key inputs native-inputs #:allow-other-keys) + (let ((patch (string-append (assoc-ref (or native-inputs inpu= ts) + "patch") + "/bin/patch"))) + (for-each (match-lambda + ((label . file) + (when (and (string-prefix? "torbrowser-" label) + (string-suffix? ".patch" label)) + (format #t "applying '~a'...~%" file) + (invoke patch "--force" "--no-backup-if-mism= atch" + "-p1" "--input" file)))) + (or native-inputs inputs))) + #t)) + + ;; On mach build system this is done on configure. + (delete 'bootstrap) + + (add-after 'patch-source-shebangs 'patch-cargo-checksums + (lambda _ + (use-modules (guix build cargo-utils)) + (let ((null-hash "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649= b934ca495991b7852b855")) + (substitute* '("Cargo.lock" "gfx/wr/Cargo.lock") + (("(\"checksum .* =3D )\".*\"" all name) + (string-append name "\"" null-hash "\""))) + (generate-all-checksums "third_party/rust")) + #t)) + + (add-after 'build 'neutralize-store-references + (lambda _ + ;; Mangle the store references to compilers & other build too= ls in + ;; about:buildconfig, reducing TorBrowser's closure significa= nt. + ;; The resulting files are saved in lib/firefox/omni.ja + (substitute* "objdir/dist/bin/chrome/toolkit/content/global/b= uildconfig.html" + (((format #f "(~a/)([0-9a-df-np-sv-z]{32})" + (regexp-quote (%store-directory))) _ s= tore hash) + (string-append store + (string-take hash 8) + "" + (string-drop hash 8)))) + #t)) + + (replace 'configure + (lambda* (#:key inputs outputs configure-flags #:allow-other-ke= ys) + (let* ((out (assoc-ref outputs "out")) + (bash (which "bash")) + (flags `(,(string-append "--prefix=3D" out) + ,@configure-flags))) + + (setenv "SHELL" bash) + (setenv "AUTOCONF" (string-append + (assoc-ref %build-inputs "autoconf") + "/bin/autoconf")) + (setenv "CONFIG_SHELL" bash) + (setenv "PYTHON" (string-append + (assoc-ref inputs "python2") + "/bin/python")) + (setenv "MOZ_BUILD_DATE" ,%torbrowser-build-id) ; avoid tim= estamp. + (setenv "LDFLAGS" (string-append + "-Wl,-rpath=3D" + (assoc-ref outputs "out") + "/lib/firefox")) + + (substitute* ".mozconfig" + ;; Arch independent builddir. + (("(mk_add_options MOZ_OBJDIR=3D@TOPSRCDIR@/obj).*" _ m) + (string-append m "dir\n")) + (("ac_add_options --disable-tor-launcher") "") + ;; We won't be building incrementals. + (("ac_add_options --enable-signmar") "") + (("ac_add_options --enable-verify-mar") "") + (("ac_add_options --with-tor-browser-version=3Ddev-build") + (string-append "ac_add_options --with-tor-browser-versio= n=3Dorg.gnu\n" + "ac_add_options --with-unsigned-addon-sco= pes=3Dapp\n" + "ac_add_options --enable-pulseaudio\n" + "ac_add_options --disable-debug-symbols\n" + "ac_add_options --disable-updater\n" + "ac_add_options --disable-gconf\n" + ;; Other syslibs that can be unbundled? (= nss, nspr) + "ac_add_options --enable-system-pixman\n" + "ac_add_options --enable-system-ffi\n" + "ac_add_options --with-system-bz2\n" + "ac_add_options --with-system-icu\n" + "ac_add_options --with-system-jpeg\n" + "ac_add_options --with-system-libevent\n" + "ac_add_options --with-system-zlib\n" + ;; Without these clang is not found. + "ac_add_options --with-clang-path=3D" + (assoc-ref %build-inputs "clang") "/bin/= clang\n" + "ac_add_options --with-libclang-path=3D" + (assoc-ref %build-inputs "clang") "/lib\= n"))) + + (substitute* "browser/app/profile/000-tor-browser.js" + ;; TorBrowser updates are disabled on mozconfig, but let'= s make sure. + (("(pref\\(\"extensions.torbutton.versioncheck_enabled\")= =2E*" _ m) + (string-append m ",false);\n"))) + + (substitute* "browser/extensions/tor-launcher/src/defaults/= preferences/torlauncher-prefs.js" + ;; Not multilingual. See tor-browser/build:141. Currently= disabled on + ;; tor-launcher, but let's make sure while missing langpa= cks. + (("(pref\\(\"extensions.torlauncher.prompt_for_locale\").= *" _ m) + (string-append m ", false);\n"))) + + ;; For user data outside the guix store. + (substitute* "xpcom/io/TorFileUtils.cpp" + (("ANDROID") "GNUGUIX")) + (substitute* "old-configure.in" + (("(AC_SUBST\\(TOR_BROWSER_DISABLE_TOR_LAUNCHER\\))" _ m) + (string-append m "\n AC_DEFINE(GNUGUIX)\n"))) + + (format #t "Invoking mach configure ...~%") + (invoke "./mach" "configure")) + #t)) + + (add-after 'configure 'build-extensions + (lambda* (#:key inputs native-inputs #:allow-other-keys) + (let ((bash (which "bash"))) + (setenv "SHELL" bash) + ;; Python3.6 is hardcoded on these scripts. Using v3.8 appe= ars to + ;; be harmless. + (with-directory-excursion "https-everywhere-src" + (substitute* '("install-dev-dependencies.sh" + "make.sh" + "hooks/precommit" + "test/firefox.sh" + "test/manual.sh" + "test/script.py" + "test/validations.sh" + "utils/create_zip.py" + "utils/merge-rulesets.py" + "utils/setversion.py" + "utils/zipfile_deterministic.py") + (("python3.6") "python3")) + + ;; Failing to generate the xpi, but copy-dir appears to b= e enough. + ;; Failing on missing 'wasm'? Not generating rulesets. + (invoke "./make.sh"))) + #t)) + + (replace 'build + (lambda _ (invoke "./mach" "build"))) + + ;; TorBrowser just do a stage-package here and copy files to its = places. + (replace 'install + (lambda* (#:key inputs native-inputs outputs + #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (applications (string-append out "/share/applications"= )) + (builddir "objdir/dist/firefox") + (bindir (string-append out "/bin")) + (libdir (string-append out "/lib/firefox")) + (extdir (string-append libdir "/browser/extensions")) + (tordir (string-append libdir "/TorBrowser/Tor")) + (ptdir (string-append tordir "/PluggableTransports")) + (tbbscripts-dir "tbb-scripts/projects/tor-browser") + (ptconfigsdir (string-append + tbbscripts-dir + "/Bundle-Data/PTConfigs")) + (torbrowser-fonts (or (assoc-ref native-inputs + "torbrowser-fonts") + (assoc-ref inputs + "torbrowser-fonts"))) + (obfs4bin (string-append + (assoc-ref inputs "obfs4") + "/bin/obfs4proxy")) + (torbin (string-append + (assoc-ref inputs "tor") + "/bin/tor")) + (tbb-start-script (string-append + tbbscripts-dir + "/RelativeLink/start-tor-browser")) + (tbb-desktop (string-append + tbbscripts-dir + "/RelativeLink/start-tor-browser.desktop= ")) + (tbbdocs-in (string-append tbbscripts-dir + "/Bundle-Data/Docs")) + (tbbdocs-out (string-append libdir + "/TorBrowser/Docs")) + (tordata-in (string-append + tbbscripts-dir + "/Bundle-Data/linux/Data")) + (tordata-out (string-append libdir + "/TorBrowser/Data")) + (noscript-id "{73a6fe31-595d-460b-a920-fcc0f8843232}") + (httpse-id "https-everywhere-eff@eff.org")) + ;; Stage-package + (format #t "Staging package ...~%") + (invoke "./mach" "build" "stage-package") + ;; Now we start moving files to its default paths. + (format #t "Deleting spurious files ...~%") + ;; TorBrowser doesn't use those. + ;; See: tor-browser-build.git/projects/firefox/build:167 + (with-directory-excursion + builddir + (for-each (lambda (file) + (if (file-exists? file) + (delete-file file) + (display (string-append "Warning: file " + file " not found! Skipping...\n= ")))) + '("firefox-bin" "libfreeblpriv3.chk" "libnssdbm3= =2Echk" + "libsoftokn3.chk" "fonts/TwemojiMozilla.ttf"))) + (rmdir (string-append builddir "/fonts")) + + (format #t "Creating install dirs ...~%") + (mkdir-p libdir) + (mkdir bindir) + (mkdir-p applications) + (mkdir-p tordir) + (mkdir-p ptdir) + (mkdir-p tordata-out) + (mkdir-p tbbdocs-out) + (mkdir-p extdir) + (format #t "Copying files to install dirs ...~%") + (copy-recursively builddir (string-append libdir "/") + #:log (%make-void-port "w")) + (copy-file tbb-start-script + (string-append libdir "/start-tor-browser")) + (chmod (string-append libdir "/start-tor-browser") #o555) + (copy-file tbb-desktop + (string-append libdir + "/start-tor-browser.desktop")) + (chmod (string-append libdir + "/start-tor-browser.desktop") #o555) + (install-file tbb-desktop applications) + (with-directory-excursion + (string-append libdir "/browser/chrome/icons/default") + (for-each + (lambda (file) + (let* ((size (string-filter char-numeric? file)) + (icons (string-append out "/share/icons/hicolor/" + size "x" size "/apps"))) + (mkdir-p icons) + (copy-file file (string-append icons "/torbrowser.png= ")))) + '("default16.png" "default32.png" "default48.png" "defaul= t64.png" + "default128.png"))) + + (format #t "Linking start-tor-browser script ...~%") + (symlink (string-append libdir "/start-tor-browser") + (string-append bindir "/start-tor-browser")) + (format #t "Copying fonts to install dirs ...~%") + (copy-recursively torbrowser-fonts + (string-append libdir "/") + #:log (%make-void-port "w")) + (format #t "Linking store tor binary ...~%") + (symlink torbin (string-append tordir + "/tor")) + (format #t "Linking store obfs4 binary ...~%") + (symlink obfs4bin (string-append ptdir + "/obfs4proxy")) + (format #t "Copying Bundle-Data to default path ...~%") + (with-directory-excursion + tordata-in + (for-each (lambda (file) + (copy-recursively file + (string-append + tordata-out "/" file) + #:log (%make-void-port "w"))) + '("Browser" "fontconfig" "Tor"))) + (copy-file (string-append ptconfigsdir + "/linux/torrc-defaults-appendix") + (string-append tordata-out + "/Tor/torrc-defaults-appendix")) + (copy-file (string-append ptconfigsdir + "/bridge_prefs.js") + (string-append tordata-out + "/Browser/bridge-prefs-js-appendi= x")) + + (format #t "Copying licenses and changelog to default path = =2E..~%") + (copy-recursively tbbdocs-in + (string-append tbbdocs-out "/") + #:log (%make-void-port "w")) + + (format #t "Copying noscript ...~%") + (copy-file "noscript.xpi" (string-append + extdir "/" noscript-id ".xpi")) + (format #t "Copying https-everywhere ...~%") + (if (file-exists? + "https-everywhere-src/pkg/https-everywhere-2020.5.20~p= re-eff.xpi") + (copy-file + "https-everywhere-src/pkg/https-everywhere-2020.5.20~p= re-eff.xpi" + (string-append extdir "/" httpse-id ".xpi")) + (copy-recursively "https-everywhere-src/pkg/xpi-eff" + (string-append extdir "/" httpse-id) + #:log (%make-void-port "w")))) + #t))))) + (home-page "https://www.torproject.org") + (synopsis "Anonymous browser derived from Mozilla Firefox") + (description + "TorBrowser is the Tor Project version of Firefox browser. It is the= only +recommended way to anonymously browse the web that is supported by the pro= ject. +It modifies Firefox in order to avoid many know application level attacks = on +the privacy of Tor users. + +WARNING: This is not the official TorBrowser and is currently on testing. = Use +at your own risk and please report back on guix channels if you find any +issues.") + (license license:mpl2.0))) ;and others, see toolkit/content/license.ht= ml --=20 2.27.0 --+HP7ph2BbKc20aGI-- --0ntfKIWw70PvrIHh Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl8cRncFgwPCZwAACgkQ YrJ+WmBEwoKlKxAApUb+A/3pMUkIJfga9lIQOXWyQynDHL9UtYF0j4WkPADdUL9y XcfF3nTT9pLMevsWu7BcL6tpnctPbd5DcOUUIzSxcxBiVP7L6bKF4f4rmrJsYm7/ RVYGbWofaJF1rMyafqWkIAYYCxoCayLy8eEnnY1Rav6Jpz/FGP98M5QpyQiRujG1 DEUaMhgSkxBSacC8Mcm/+1n25BLeAHUwoAV3DhD14Et9jmzG1ZarWTWGC9ZZiGvQ 2G9xzdfkn018HXRuZSSYoFmsdtoiM14s/naWm1xSNLiBIn0kwqzQEwFVvLUvA2we 0PZx2G04M7GdZ9cf5jWhikZ7HTOaBW1gu/muXgt1e5HVEJgYeFWbSOCSkf1eWWld 5s9VJTmnh4kQBf/ekjD31NMpUrHxrfRD8AD+L4IxadJNWnGYKTUXQg8AzIWsuyb6 2qnK3+0FmrVjTJtOizvtuzJ+aqpao9uG3Vu99UJadcv1V68A3l4yYSTly+hqzBjd yNg1fHsZFucYdLPNKAru3ncaCICj/gr3jWG9/0wMiqHjKbGKj4bCQIv+LEy0sHgt l0jXxOZdy/jI1DEtT4/NGF2EottF0c9DcgqQaNKXFdOu4phYpeGwZDPmjYQPoMKM CSY5pQyWwXnve0MrcQtkQoKSynI3Le+h6iqK4gTtyHmH2LuohZtBzfRvHQw= =W84x -----END PGP SIGNATURE----- --0ntfKIWw70PvrIHh--