From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 0KuiGFHbYF+gVwAA0tVLHw (envelope-from ) for ; Tue, 15 Sep 2020 15:18:41 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id SDz/ElHbYF90fQAA1q6Kng (envelope-from ) for ; Tue, 15 Sep 2020 15:18:41 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9BE759402C8 for ; Tue, 15 Sep 2020 15:18:40 +0000 (UTC) Received: from localhost ([::1]:50132 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kICj9-0002Am-JV for larch@yhetil.org; Tue, 15 Sep 2020 11:18:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43192) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kICiY-00028H-Q5 for guix-patches@gnu.org; Tue, 15 Sep 2020 11:18:11 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:48662) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kICiY-0001cn-Gs for guix-patches@gnu.org; Tue, 15 Sep 2020 11:18:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kICiY-0000xN-DM for guix-patches@gnu.org; Tue, 15 Sep 2020 11:18:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42380] [PATCH 9/9] gnu: Add torbrowser-unbundle Resent-From: =?UTF-8?Q?Andr=C3=A9?= Batista Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 15 Sep 2020 15:18:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42380 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: Efraim Flashner , 42380@debbugs.gnu.org Received: via spool by 42380-submit@debbugs.gnu.org id=B42380.16001830332283 (code B ref 42380); Tue, 15 Sep 2020 15:18:02 +0000 Received: (at 42380) by debbugs.gnu.org; 15 Sep 2020 15:17:13 +0000 Received: from localhost ([127.0.0.1]:60208 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kIChb-0000UL-WF for submit@debbugs.gnu.org; Tue, 15 Sep 2020 11:17:13 -0400 Received: from mx1.riseup.net ([198.252.153.129]:42644) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kIChW-0000Oq-92 for 42380@debbugs.gnu.org; Tue, 15 Sep 2020 11:17:01 -0400 Received: from capuchin.riseup.net (capuchin-pn.riseup.net [10.0.1.176]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4BrRfK1rTCzFpRv; Tue, 15 Sep 2020 08:16:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1600183017; bh=sp0bWO+xui+6kVc5rZn74KIgjhErs5zxZ6OROAyVi3E=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=n4C40RyauaAX4FO7zQGKfM020g3R+K7yfVAA8OU1j7gVJr30MGkiVc786HYsKnKCf lIy4ygsXaGGWnq0WkYX0UOkJi0qg6eJu/qA/A7PPyMrxFVk9fqoL1Jm/Qgxs0WLshs piYCpsPFd1bUwDJaiNYWMxR1WO05fKa1Wse4u+rY= X-Riseup-User-ID: 4669BCADC750F1F8EAEE308571374531C7EB33E2F01D70FB956B0033BC874049 Received: from [127.0.0.1] (localhost [127.0.0.1]) by capuchin.riseup.net (Postfix) with ESMTPSA id 4BrRfG1zTDz8ty7; Tue, 15 Sep 2020 08:16:54 -0700 (PDT) Date: Tue, 15 Sep 2020 12:16:14 -0300 From: =?UTF-8?Q?Andr=C3=A9?= Batista Message-ID: <20200915151614.GI13296@andel> References: <20200715211547.GA17146@andel> <20200725144930.GA13751@andel> <20200803125556.GA18868@andel> <87blihhdz6.fsf@gnu.org> <20200909022429.GA24930@andel> <878sdjo1qv.fsf@gnu.org> <20200915142128.GA12025@andel> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="gV1yUYniiDLxW66s" Content-Disposition: inline In-Reply-To: <20200915142128.GA12025@andel> X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=riseup.net header.s=squak header.b=n4C40Rya; dmarc=fail reason="SPF not aligned (relaxed)" header.from=riseup.net (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -1.51 X-TUID: JZy6659IfEGU --gV1yUYniiDLxW66s Content-Type: multipart/mixed; boundary="BouVgDkIlpb7X6Bk" Content-Disposition: inline --BouVgDkIlpb7X6Bk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline --BouVgDkIlpb7X6Bk Content-Type: text/plain; charset=utf-8 Content-Disposition: inline; filename="0001-gnu-Add-torbrowser-unbundle.patch" Content-Transfer-Encoding: quoted-printable =46rom 84070de582d33d47f2684bdee69b1e0b478c2352 Mon Sep 17 00:00:00 2001 =46rom: =3D?UTF-8?q?Andr=3DC3=3DA9=3D20Batista?=3D Date: Mon, 14 Sep 2020 22:39:59 -0300 Subject: [PATCH] gnu: Add torbrowser-unbundle To: 42380@debbugs.gnu.org * gnu/packages/tor.scm (torbrowser-unbundle): New variable. * gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch: New file. * gnu/packages/patches/torbrowser-start-tor-browser.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. --- gnu/local.mk | 3 + ...torbrowser-start-tor-browser.desktop.patch | 22 + .../torbrowser-start-tor-browser.patch | 226 +++++ gnu/packages/tor.scm | 830 +++++++++++++++++- 4 files changed, 1080 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.deskt= op.patch create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.patch diff --git a/gnu/local.mk b/gnu/local.mk index 1baa8405c5..1715068b6c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -37,6 +37,7 @@ # Copyright =C2=A9 2020 Brice Waegeneire # Copyright =C2=A9 2020 Tanguy Le Carrour # Copyright =C2=A9 2020 Martin Becze +# Copyright =C2=A9 2020 Andr=C3=A9 Batista # # This file is part of GNU Guix. # @@ -1615,6 +1616,8 @@ dist_patch_DATA =3D \ %D%/packages/patches/tipp10-fix-compiling.patch \ %D%/packages/patches/tipp10-remove-license-code.patch \ %D%/packages/patches/tk-find-library.patch \ + %D%/packages/patches/torbrowser-start-tor-browser.desktop.patch \ + %D%/packages/patches/torbrowser-start-tor-browser.patch \ %D%/packages/patches/transcode-ffmpeg.patch \ %D%/packages/patches/ttf2eot-cstddef.patch \ %D%/packages/patches/tomb-fix-errors-on-open.patch \ diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patc= h b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch new file mode 100644 index 0000000000..336115b33a --- /dev/null +++ b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch @@ -0,0 +1,22 @@ +Change TorBrowser desktop file in order for it to be agnostic to the +path when invoked. + +--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser= =2Edesktop.orign 2020-07-05 18:47:40.689484877 -0300 ++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser= =2Edesktop 2020-07-25 02:54:44.603431160 -0300 +@@ -1,4 +1,4 @@ +-#!/usr/bin/env ./Browser/execdesktop ++#!/usr/bin/env bash + # + # This file is a self-modifying .desktop file that can be run from the sh= ell. + # It preserves arguments and environment for the start-tor-browser script. +@@ -28,7 +28,7 @@ + GenericName=3DWeb Browser + Comment=3DTor Browser is +1 for privacy and =E2=88=921 for mass surveilla= nce + Categories=3DNetwork;WebBrowser;Security; +-Exec=3Dsh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ = ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/sta= rt-tor-browser --detach)' dummy %k +-X-TorBrowser-ExecShell=3D./Browser/start-tor-browser --detach +-Icon=3Dweb-browser ++Exec=3Dbash -c start-tor-browser ++X-TorBrowser-ExecShell=3Dstart-tor-browser --detach ++Icon=3Dtorbrowser + StartupWMClass=3DTor Browser diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.patch b/gnu/= packages/patches/torbrowser-start-tor-browser.patch new file mode 100644 index 0000000000..c563f94003 --- /dev/null +++ b/gnu/packages/patches/torbrowser-start-tor-browser.patch @@ -0,0 +1,226 @@ +Change TorBrowser startup script in order for it to setup needed files +outside guix store. Remove tests which are not needed on guix system. + +--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser= =2Eorig 2020-07-05 18:47:40.685485004 -0300 ++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser= 2020-08-01 20:22:08.901737325 -0300 +@@ -5,6 +5,15 @@ + # + # Copyright 2017 The Tor Project. See LICENSE for licensing information. +=20 ++TBB_HOME=3D"${HOME}/.local/share/torbrowser" ++TBB_LOGFILE=3D"${TBB_HOME}/torbrowser.log" ++TBB_DATA=3D"${TBB_HOME}/Data" ++TBB_PROFILE=3D"${TBB_DATA}/Browser/profile.default" ++TBB_STORE_PATH=3D$(dirname $(realpath "$0")) ++TBB_STORE_DATA=3D"${TBB_STORE_PATH}/TorBrowser/Data" ++TORRC=3D"${TBB_DATA}/Tor/torrc-defaults" ++PT_PREFS=3D"${TBB_DATA}/Browser/bridge-prefs-js-appendix" ++ + complain_dialog_title=3D"Tor Browser" +=20 + # First, make sure DISPLAY is set. If it isn't, we're hosed; scream +@@ -106,14 +115,11 @@ + printf " --verbose Display Tor and Firefox output in the ter= minal\n" + printf " --log [file] Record Tor and Firefox output in file (de= fault: tor-browser.log)\n" + printf " --detach Detach from terminal and run Tor Browser = in the background.\n" +- printf " --register-app Register Tor Browser as a desktop app for= this user\n" +- printf " --unregister-app Unregister Tor Browser as a desktop app f= or this user\n" + } + log_output=3D0 + show_output=3D0 + detach=3D0 + show_usage=3D0 +-register_desktop_app=3D0 + logfile=3D/dev/null + while : + do +@@ -134,8 +140,8 @@ + ;; + -l | --log) + if [ -z "$2" -o "${2:0:1}" =3D=3D "-" ]; then +- printf "Logging Tor Browser debug information to tor-browser= =2Elog\n" +- logfile=3D"../tor-browser.log" ++ printf "Logging Tor Browser debug information to torbrowser.= log\n" ++ logfile=3D"${TBB_LOGFILE}" + elif [ "${2:0:1}" =3D=3D "/" -o "${2:0:1}" =3D=3D "~" ]; then + printf "Logging Tor Browser debug information to %s\n" "$2" + logfile=3D"$2" +@@ -148,16 +154,6 @@ + log_output=3D1 + shift + ;; +- --register-app) +- register_desktop_app=3D1 +- show_output=3D1 +- shift +- ;; +- --unregister-app) +- register_desktop_app=3D-1 +- show_output=3D1 +- shift +- ;; + *) # No more options + break + ;; +@@ -187,41 +183,23 @@ + export XAUTHORITY + fi +=20 +-# If this script is being run through a symlink, we need to know where +-# in the filesystem the script itself is, not where the symlink is. +-myname=3D"$0" +-if [ -L "$myname" ]; then +- # XXX readlink is not POSIX, but is present in GNU coreutils +- # and on FreeBSD. Unfortunately, the -f option (which follows +- # a whole chain of symlinks until it reaches a non-symlink +- # path name) is a GNUism, so we have to have a fallback for +- # FreeBSD. Fortunately, FreeBSD has realpath instead; +- # unfortunately, that's also non-POSIX and is not present in +- # GNU coreutils. +- # +- # If this launcher were a C program, we could just use the +- # realpath function, which *is* POSIX. Too bad POSIX didn't +- # make that function accessible to shell scripts. +- +- # If realpath is available, use it; it Does The Right Thing. +- possibly_my_real_name=3D"`realpath "$myname" 2>/dev/null`" +- if [ "$?" -eq 0 ]; then +- myname=3D"$possibly_my_real_name" +- else +- # realpath is not available; hopefully readlink -f works. +- myname=3D"`readlink -f "$myname" 2>/dev/null`" +- if [ "$?" -ne 0 ]; then +- # Ugh. +- complain "start-tor-browser cannot be run using a symlink on this oper= ating system." +- fi +- fi ++# Try to be agnostic to where we're being started from, check if files ar= e on its ++# default paths and chdir to TBB_HOME ++if [ -e "${TORRC}" ]; then ++ cd "${TBB_HOME}" ++else ++ mkdir -p "${TBB_HOME}" ++ cp -R "${TBB_STORE_DATA}" "${TBB_HOME}" ++ chmod -R 700 "${TBB_HOME}" ++ mkdir -p "${TBB_PROFILE}" ++ echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TO= RRC}\");"\ ++ > "${TBB_PROFILE}/user.js" ++ grep -v 'default_bridge\.snowflake' "${PT_PREFS}" >> "${TBB_PROFILE}/u= ser.js" ++ echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit e= xec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\ ++ >> "${TORRC}" ++ cd "${TBB_HOME}" + fi +=20 +-# Try to be agnostic to where we're being started from, chdir to where +-# the script is. +-mydir=3D"`dirname "$myname"`" +-test -d "$mydir" && cd "$mydir" +- + # If ${PWD} results in a zero length string, we can try something else... + if [ ! "${PWD}" ]; then + # "hacking around some braindamage" +@@ -236,50 +214,9 @@ + ln -nsf ~/.config/ibus/bus .config/ibus + fi +=20 +-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from = the +-# canonical version if it was changed by the updater. +-cp start-tor-browser.desktop ../ +-sed -i -e "s,^Name=3D.*,Name=3DTor Browser,g" ../start-tor-browser.desktop +-sed -i -e "s,^Icon=3D.*,Icon=3D$PWD/browser/chrome/icons/default/default1= 28.png,g" ../start-tor-browser.desktop +-sed -i -e "s,^Exec=3D.*,Exec=3Dsh -c '\"$PWD/start-tor-browser\" --detach= || ([ ! -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Brow= ser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop +- +-if [ "$register_desktop_app" -eq 1 ]; then +- mkdir -p "$HOME/.local/share/applications/" +- cp ../start-tor-browser.desktop "$HOME/.local/share/applications/" +- update-desktop-database "$HOME/.local/share/applications/" +- printf "Tor Browser has been registered as a desktop app for this user i= n ~/.local/share/applications/\n" +- exit 0 +-fi +- +-if [ "$register_desktop_app" -eq -1 ]; then +- if [ -e "$HOME/.local/share/applications/start-tor-browser.desktop" ]; t= hen +- rm -f "$HOME/.local/share/applications/start-tor-browser.desktop" +- update-desktop-database "$HOME/.local/share/applications/" +- printf "Tor Browser has been removed as a user desktop app (from ~/.loc= al/share/applications/)\n" +- else +- printf "Tor Browser does not appear to be a desktop app (not present in= ~/.local/share/applications/)\n" +- fi +- exit 0 +-fi +- + HOME=3D"${PWD}" + export HOME +=20 +-SYSARCHITECTURE=3D$(getconf LONG_BIT) +-TORARCHITECTURE=3D$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit= :]]*\)') +- +-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then +- complain "Wrong architecture? 32-bit vs. 64-bit." +- exit 1 +-fi +- +-[% IF c("var/asan") -%] +-# We need to disable LSan which is enabled by default now. Otherwise we'l= l get +-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59 +-ASAN_OPTIONS=3D"detect_leaks=3D0" +-export ASAN_OPTIONS +-[% END -%] +- + function setControlPortPasswd() { + local ctrlPasswd=3D$1 +=20 +@@ -342,13 +279,15 @@ + # your password in the following line where the word =E2=80=9Csecret=E2= =80=9D is: + setControlPortPasswd ${TOR_CONTROL_PASSWD:=3D'"secret"'} +=20 +-# Set up custom bundled fonts. See fonts-conf(5). +-export FONTCONFIG_PATH=3D"${HOME}/TorBrowser/Data/fontconfig" +-export FONTCONFIG_FILE=3D"fonts.conf" +- + # Avoid overwriting user's dconf values. Fixes #27903. + export GSETTINGS_BACKEND=3Dmemory +=20 ++# Set up custom bundled fonts. See fonts-conf(5). ++export FONTCONFIG_FILE=3D"${HOME}/Data/fontconfig/fonts.conf" ++ ++sed -i "${FONTCONFIG_FILE}"\ ++ -e "s,fonts,${TBB_STORE_PATH}/fonts," ++ + cd "${HOME}" +=20 + # We pass all additional command-line arguments we get to Firefox. +@@ -357,23 +296,23 @@ +=20 + if [ "$show_usage" -eq 1 ]; then + # Display Firefox help, then our help +- TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ./firefox --class "Tor Bro= wser" \ +- -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/nu= ll ++ TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox = --class "Tor Browser" \ ++ -profile Data/Browser/profile.default --help 2>/dev/null + tbb_usage + elif [ "$detach" -eq 1 ] ; then +- TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ./firefox --class "Tor Bro= wser" \ +- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfil= e" 2>&1 "$logfile" 2>&1 &1 &1 "$logfi= le" 2>&1 "$logfile" 2>&1 + ;; and related comments in the 'remove-bundled-libraries' phase. + ;; UNBUNDLE-ME! ("nspr" ,nspr) + ;; UNBUNDLE-ME! ("nss" ,nss) + ("obfs4" ,obfs4) + ("pango" ,pango) + ("pixman" ,pixman) + ("pulseaudio" ,pulseaudio) + ("shared-mime-info" ,shared-mime-info) + ("sqlite" ,sqlite) + ("startup-notification" ,startup-notification) + ("tor" ,tor-client) + ("unzip" ,unzip) + ("zip" ,zip) + ("zlib" ,zlib))) + (native-inputs + `(("autoconf" ,autoconf-2.13) + ("bash" ,bash) + ("cargo" ,rust "cargo") + ("clang" ,clang) + ("https-everywhere" ,https-everywhere) + ("llvm" ,llvm) + ("patch" ,(canonical-package patch)) + ("torbrowser-start-tor-browser.patch" + ,(search-patch "torbrowser-start-tor-browser.patch")) + ("torbrowser-start-tor-browser.desktop.patch" + ,(search-patch "torbrowser-start-tor-browser.desktop.patch")) + ("perl" ,perl) + ("pkg-config" ,pkg-config) + ("python" ,python) + ("python2" ,python-2.7) + ("python2-pysqlite" ,python2-pysqlite) + ("nasm" ,nasm) ; XXX FIXME: only needed on x86_64 and i686 + ("node" ,node) + ("noscript" ,noscript) + ("rust" ,rust) + ("rust-cbindgen" ,rust-cbindgen) + ("tor-browser-build" ,tor-browser-build) + ("torbrowser-fonts" ,torbrowser-fonts) + ("tor-launcher" ,tor-launcher) + ("torbutton" ,torbutton) + ("which" ,which) + ("yasm" ,yasm))) + (arguments + `(#:tests? #f ; Some tests are autodone by mach on build fase. + + ;; XXX: There are RUNPATH issues such as + ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.= so, + ;; which is not in its RUNPATH, but they appear to be harmless in + ;; practice somehow. See . + #:validate-runpath? #f + #:imported-modules ,%cargo-utils-modules ;for `generate-all-checks= ums' + ;; This modules where copied from IceCat package definition and so= me + ;; of them are probably not needed anymore. TODO: verify if/which + ;; are still needed. + #:modules ((ice-9 ftw) + (ice-9 rdelim) + (ice-9 regex) + (ice-9 match) + (srfi srfi-34) + (srfi srfi-35) + (rnrs bytevectors) + (rnrs io ports) + (guix elf) + (guix build gremlin) + (guix build utils) + (sxml simple) + ,@%gnu-build-system-modules) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'make-bundle + (lambda* (#:key inputs native-inputs #:allow-other-keys) + (let ((torbutton (assoc-ref inputs "torbutton")) + (torbutton-dir "toolkit/torproject/torbutton") + (tor-launcher (assoc-ref inputs "tor-launcher")) + (tor-launcher-dir "browser/extensions/tor-launcher") + (tbb (assoc-ref inputs "tor-browser-build")) + (tbb-scripts-dir "tbb-scripts")) + (format #t "Copying torbutton source to default path ...~%= ") + (make-file-writable torbutton-dir) + (copy-recursively torbutton torbutton-dir + #:log (%make-void-port "w")) + (format #t "Copying tor-launcher ...~%") + (copy-recursively tor-launcher tor-launcher-dir + #:log (%make-void-port "w")) + (format #t "Copying tor-browser-build ...~%") + (mkdir tbb-scripts-dir) + (copy-recursively tbb tbb-scripts-dir + #:log (%make-void-port "w")) + (make-file-writable (string-append + tbb-scripts-dir + "/RelativeLink/start-tor-browser")) + (make-file-writable (string-append + tbb-scripts-dir + "/RelativeLink/start-tor-browser.desk= top"))) + #t)) + + (add-after 'make-bundle 'apply-guix-specific-patches + (lambda* (#:key inputs native-inputs #:allow-other-keys) + (let ((patch (string-append (assoc-ref (or native-inputs inp= uts) + "patch") + "/bin/patch"))) + (for-each (match-lambda + ((label . file) + (when (and (string-prefix? "torbrowser-" label) + (string-suffix? ".patch" label)) + (format #t "applying '~a'...~%" file) + (invoke patch "--force" "--no-backup-if-mismatch" + "-p1" "--input" file)))) + (or native-inputs inputs))) + #t)) + + ;; On mach build system this is done on configure. + (delete 'bootstrap) + + (add-after 'patch-source-shebangs 'patch-cargo-checksums + (lambda _ + (use-modules (guix build cargo-utils)) + (let ((null-hash + "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495= 991b7852b855")) + (substitute* '("Cargo.lock" "gfx/wr/Cargo.lock") + (("(\"checksum .* =3D )\".*\"" all name) + (string-append name "\"" null-hash "\""))) + (generate-all-checksums "third_party/rust")) + #t)) + + (add-after 'build 'neutralize-store-references + (lambda _ + ;; Mangle the store references to compilers & other build to= ols in + ;; about:buildconfig, reducing Tor Browser's closure signifi= cant. + ;; The resulting files are saved in lib/firefox/omni.ja + (substitute* + "objdir/dist/bin/chrome/toolkit/content/global/buildconfig.= html" + (((format #f "(~a/)([0-9a-df-np-sv-z]{32})" + (regexp-quote (%store-directory))) _ store hash) + (string-append store + (string-take hash 8) + "" + (string-drop hash 8)))) + #t)) + + (replace 'configure + (lambda* (#:key inputs outputs configure-flags #:allow-other-k= eys) + (let* ((out (assoc-ref outputs "out")) + (bash (which "bash")) + (flags `(,(string-append "--prefix=3D" out) + ,@configure-flags))) + (setenv "SHELL" bash) + (setenv "AUTOCONF" (string-append + (assoc-ref %build-inputs "autoconf") + "/bin/autoconf")) + (setenv "CONFIG_SHELL" bash) + (setenv "PYTHON" (string-append + (assoc-ref inputs "python2") + "/bin/python")) + (setenv "MOZ_BUILD_DATE" + ,%torbrowser-build-id) ; avoid timestamp. + (setenv "LDFLAGS" (string-append + "-Wl,-rpath=3D" + (assoc-ref outputs "out") + "/lib/firefox")) + ;; This needs reworking to use the mozconfig available on + ;; tor-browser-builder repo which is the one Tor Project + ;; actually uses and which warranted some of the changes + ;; below. + (substitute* ".mozconfig" + ;; Arch independent builddir. + (("(mk_add_options MOZ_OBJDIR=3D@TOPSRCDIR@/obj).*" _ m) + (string-append m "dir\n")) + (("ac_add_options --disable-tor-launcher") "") + ;; We won't be building incrementals. + (("ac_add_options --enable-signmar") "") + (("ac_add_options --enable-verify-mar") "") + (("ac_add_options --with-tor-browser-version=3Ddev-build= ") + (string-append + "ac_add_options --with-tor-browser-version=3Dorg.gnu\n" + "ac_add_options --with-unsigned-addon-scopes=3Dapp\n" + "ac_add_options --enable-pulseaudio\n" + "ac_add_options --disable-debug-symbols\n" + "ac_add_options --disable-updater\n" + "ac_add_options --disable-gconf\n" + ;; Other syslibs that can be unbundled? (nss, nspr) + "ac_add_options --enable-system-pixman\n" + "ac_add_options --enable-system-ffi\n" + "ac_add_options --with-system-bz2\n" + "ac_add_options --with-system-icu\n" + "ac_add_options --with-system-jpeg\n" + "ac_add_options --with-system-libevent\n" + "ac_add_options --with-system-zlib\n" + ;; Without these clang is not found. + "ac_add_options --with-clang-path=3D" + (assoc-ref %build-inputs "clang") "/bin/clang\n" + "ac_add_options --with-libclang-path=3D" + (assoc-ref %build-inputs "clang") "/lib\n"))) + + (substitute* "browser/app/profile/000-tor-browser.js" + ;; Tor Browser updates are disabled on mozconfig, but le= t's be sure. + (("(pref\\(\"extensions.torbutton.versioncheck_enabled\"= ).*" _ m) + (string-append m ",false);\n"))) + + (substitute* + "browser/extensions/tor-launcher/src/defaults/preferences= /torlauncher-prefs.js" + ;; Not multilingual. See tor-browser/build:141. Currentl= y disabled on + ;; tor-launcher, but let's make sure while missing langp= acks. + (("(pref\\(\"extensions.torlauncher.prompt_for_locale\").= *" _ m) + (string-append m ", false);\n"))) + + ;; For user data outside the guix store. + (substitute* "xpcom/io/TorFileUtils.cpp" + (("ANDROID") "GNUGUIX")) + (substitute* "old-configure.in" + (("(AC_SUBST\\(TOR_BROWSER_DISABLE_TOR_LAUNCHER\\))" _ m) + (string-append m "\n AC_DEFINE(GNUGUIX)\n"))) + + (format #t "Invoking mach configure ...~%") + (invoke "./mach" "configure")) + #t)) + + (replace 'build + (lambda _ (invoke "./mach" "build") + #t)) + + ;; Tor Browser just do a stage-package here and copy files to it= s places. + (replace 'install + (lambda* (#:key inputs native-inputs outputs + configure-flags #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (applications (string-append out "/share/applications= ")) + (build "objdir/dist/firefox") + (bin (string-append out "/bin")) + (lib (string-append out "/lib/firefox")) + (start-script + "tbb-scripts/RelativeLink/start-tor-browser") + (desktop-file + "tbb-scripts/RelativeLink/start-tor-browser.desktop"= )) + (invoke "./mach" "build" "stage-package") + ;; Tor Browser doesn't use those. + ;; See: tor-browser-build.git/projects/firefox/build:167 + (format #t "Deleting spurious files ...~%") + (with-directory-excursion build + (for-each (lambda (file) + (if (file-exists? file) + (delete-file file) + (display (string-append + "Warning: file " file + " not found! Skipping...\n")))) + '("firefox-bin" "libfreeblpriv3.chk" "libnssdb= m3.chk" + "libsoftokn3.chk" "fonts/TwemojiMozilla.ttf"= ))) + (rmdir (string-append build "/fonts")) + (format #t "Creating install dirs ...~%") + (mkdir-p applications) + (mkdir-p lib) + (mkdir bin) + (format #t "Copying files to install dirs ...~%") + (copy-recursively build (string-append lib "/") + #:log (%make-void-port "w")) + (copy-file start-script + (string-append lib "/start-tor-browser")) + (copy-file desktop-file + (string-append lib "/start-tor-browser.desktop"= )) + (chmod (string-append lib "/start-tor-browser") #o555) + (chmod (string-append lib "/start-tor-browser.desktop") #o= 555) + (format #t "Linking start-tor-browser script ...~%") + (symlink (string-append lib "/start-tor-browser") + (string-append bin "/start-tor-browser")) + (format #t "Installing desktop file ...~%") + (install-file desktop-file applications)) + #t)) + + (add-after 'install 'install-icons + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (icons-src (string-append + out "/lib/firefox/browser/chrome/icons/de= fault"))) + (with-directory-excursion + icons-src + (for-each + (lambda (file) + (let* ((size (string-filter char-numeric? file)) + (icons (string-append out "/share/icons/hicolo= r/" + size "x" size "/apps"))) + (mkdir-p icons) + (copy-file file (string-append icons "/torbrowser.p= ng")))) + '("default16.png" "default32.png" "default48.png" "defa= ult64.png" + "default128.png")))) + #t)) + + (add-after 'install-icons 'install-fonts + (lambda* (#:key inputs native-inputs outputs #:allow-other-key= s) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib/firefox/")) + (fonts (string-append (or (assoc-ref native-inputs + "torbrowser-fon= ts") + (assoc-ref inputs + "torbrowser-fon= ts")) + "/share"))) + (copy-recursively fonts lib + #:log (%make-void-port "w")) + (symlink (string-append lib "/fonts") + (string-append out "/share/fonts"))) + #t)) + + (add-after 'install-fonts 'install-extensions + (lambda* (#:key inputs native-inputs outputs #:allow-other-key= s) + (let* ((out (assoc-ref outputs "out")) + (ext (string-append out "/lib/firefox/browser/extensi= ons")) + (noscript-id "{73a6fe31-595d-460b-a920-fcc0f8843232}") + (httpse-id "https-everywhere-eff@eff.org") + (noscript (assoc-ref inputs "noscript")) + (httpse (assoc-ref inputs "https-everywhere"))) + (mkdir-p ext) + (copy-file noscript (string-append + ext "/" noscript-id ".xpi")) + (copy-recursively httpse + (string-append ext "/" httpse-id) + #:log (%make-void-port "w")) + (chmod (string-append ext "/" noscript-id ".xpi") #o555)) + #t)) + + (add-after 'install-extensions 'link-binaries + (lambda* (#:key inputs native-inputs outputs #:allow-other-key= s) + (let* ((out (assoc-ref outputs "out")) + (tordir (string-append out "/lib/firefox/TorBrowser/T= or")) + (ptdir (string-append tordir "/PluggableTransports")) + (obfs4 (string-append (assoc-ref inputs "obfs4") + "/bin/obfs4proxy")) + (tor (string-append (assoc-ref inputs "tor") + "/bin/tor"))) + (mkdir-p ptdir) + (symlink tor (string-append tordir "/tor")) + (symlink obfs4 (string-append ptdir "/obfs4proxy"))) + #t)) + + (add-after 'link-binaries 'copy-bundle-data + (lambda* (#:key inputs native-inputs outputs #:allow-other-key= s) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib/firefox")) + (tbb "tbb-scripts") + (ptconf (string-append tbb "/Bundle-Data/PTConfigs")) + (docs (string-append lib "/TorBrowser/Docs")) + (data (string-append lib "/TorBrowser/Data"))) + (mkdir-p data) + (mkdir docs) + (with-directory-excursion + (string-append tbb "/Bundle-Data/linux/Data") + (for-each (lambda (file) + (copy-recursively file + (string-append data "/" fil= e) + #:log (%make-void-port "w")= )) + '("Browser" "fontconfig" "Tor"))) + (copy-file (string-append ptconf "/linux/torrc-defaults-ap= pendix") + (string-append data "/Tor/torrc-defaults-append= ix")) + (copy-file (string-append ptconf "/bridge_prefs.js") + (string-append + data "/Browser/bridge-prefs-js-appendix")) + (copy-recursively (string-append tbb "/Bundle-Data/Docs") + (string-append docs "/") + #:log (%make-void-port "w"))) + #t)) + + ;; This fixes the file chooser crash that happens with GTK 3 + (add-after 'copy-bundle-data 'wrap-program + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib/firefox")) + (gtk (assoc-ref inputs "gtk+")) + (gtk-share (string-append gtk "/share")) + (mesa (assoc-ref inputs "mesa")) + (mesa-lib (string-append mesa "/lib")) + (pulseaudio (assoc-ref inputs "pulseaudio")) + (pulseaudio-lib (string-append pulseaudio "/lib")) + (libxscrnsaver (assoc-ref inputs "libxscrnsaver")) + (libxscrnsaver-lib (string-append libxscrnsaver "/lib= "))) + (wrap-program (car (find-files lib "^firefox$")) + `("XDG_DATA_DIRS" prefix (,gtk-share)) + `("LD_LIBRARY_PATH" prefix (,pulseaudio-lib ,mesa-lib + ,libxscrnsaver-lib)))) + #t))))) + (home-page "https://www.torproject.org") + (synopsis "Anonymous browser derived from Mozilla Firefox") + (description + "Tor Browser is the Tor Project version of Firefox browser. It is +the only recommended way to anonymously browse the web that is supported by +the project. It modifies Firefox in order to avoid many know application +level attacks on the privacy of Tor users. + +WARNING: This is not the official Tor Browser and is currently on testing. +Https-everywhere browser extension is currently not working so use it at +your own risk and please report back on guix channels if you find any +issues.") + (license license:mpl2.0)))) ;and others, see toolkit/content/license.= html --=20 2.27.0 --BouVgDkIlpb7X6Bk-- --gV1yUYniiDLxW66s Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2r0FgwPCZwAACgkQ YrJ+WmBEwoKGGw/9HRnrHlU+lbO14mMyBmsIrredmncbnRjEN7remBa6S18rpd+E 7BQhDFd/r4/xy8t/5nbwn92vb/IXfAaXfFiN5tB4OwE7rbjUwMz1ArlcrH+RmE4L qO8gH4MQqZvhm/ka0ISwnXRr077Jaz6eYQdh0vnffogoWuLLz8nzlCAr4R1Gvz2P v5DtGBlFqmpBGIC7Y4os3Ro9MI0aqsNdOcrtIm9NICALDOoo3O+Ik+0FeqrgcZFB gNC266E1oHY7UX4WIZV/dogBtYE8CXPsnDst+VHurtaxr0ExAkexAdcFKodHtQsN SwmTw5GgEAc+B3GXgqgSmfGFeXJjXmLxbtb5dkn/Vgl0n/9b+6B5AZpC26BYEcQ9 8Y/4ru64iT5jYlKveXCYe1gK0fvyQad8AOllmiGm6lq2anS2T02JMAgQ3xUXAvXw sqI0UADlW5OMLjwKrGAVIFb9MVXlfWEXzWwQ69gWH3So5kFFlHcWaaWkdAiE3hB5 5Jsdz8jfiWXWg2Pc7r2lEqsFDiRnO0Q1/U7WWuQg2tVpDkmSFZuSPs0GICBGjX/0 kW8lQehJhVJlYIEHss5bh8rR4Glc6svJt1notxcqM9mNHARPr6A9pbyFSctM0fgf fCObXFma6f6ZKj/TerhYSSYVLvfqdvNEG/t2ulxwzDyQBuRlP9rptIJ6ej4= =gmmN -----END PGP SIGNATURE----- --gV1yUYniiDLxW66s--