From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp0 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id 0KuiGFHbYF+gVwAA0tVLHw
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 15 Sep 2020 15:18:41 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0 with LMTPS
	id SDz/ElHbYF90fQAA1q6Kng
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 15 Sep 2020 15:18:41 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 9BE759402C8
	for <larch@yhetil.org>; Tue, 15 Sep 2020 15:18:40 +0000 (UTC)
Received: from localhost ([::1]:50132 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1kICj9-0002Am-JV
	for larch@yhetil.org; Tue, 15 Sep 2020 11:18:39 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:43192)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1kICiY-00028H-Q5
 for guix-patches@gnu.org; Tue, 15 Sep 2020 11:18:11 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:48662)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1kICiY-0001cn-Gs
 for guix-patches@gnu.org; Tue, 15 Sep 2020 11:18:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1kICiY-0000xN-DM
 for guix-patches@gnu.org; Tue, 15 Sep 2020 11:18:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#42380] [PATCH 9/9] gnu: Add torbrowser-unbundle
Resent-From: =?UTF-8?Q?Andr=C3=A9?= Batista <nandre@riseup.net>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 15 Sep 2020 15:18:02 +0000
Resent-Message-ID: <handler.42380.B42380.16001830332283@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 42380
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: 
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: Efraim Flashner <efraim@flashner.co.il>, 42380@debbugs.gnu.org
Received: via spool by 42380-submit@debbugs.gnu.org id=B42380.16001830332283
 (code B ref 42380); Tue, 15 Sep 2020 15:18:02 +0000
Received: (at 42380) by debbugs.gnu.org; 15 Sep 2020 15:17:13 +0000
Received: from localhost ([127.0.0.1]:60208 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1kIChb-0000UL-WF
 for submit@debbugs.gnu.org; Tue, 15 Sep 2020 11:17:13 -0400
Received: from mx1.riseup.net ([198.252.153.129]:42644)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <nandre@riseup.net>) id 1kIChW-0000Oq-92
 for 42380@debbugs.gnu.org; Tue, 15 Sep 2020 11:17:01 -0400
Received: from capuchin.riseup.net (capuchin-pn.riseup.net [10.0.1.176])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id 4BrRfK1rTCzFpRv;
 Tue, 15 Sep 2020 08:16:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1600183017; bh=sp0bWO+xui+6kVc5rZn74KIgjhErs5zxZ6OROAyVi3E=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
 b=n4C40RyauaAX4FO7zQGKfM020g3R+K7yfVAA8OU1j7gVJr30MGkiVc786HYsKnKCf
 lIy4ygsXaGGWnq0WkYX0UOkJi0qg6eJu/qA/A7PPyMrxFVk9fqoL1Jm/Qgxs0WLshs
 piYCpsPFd1bUwDJaiNYWMxR1WO05fKa1Wse4u+rY=
X-Riseup-User-ID: 4669BCADC750F1F8EAEE308571374531C7EB33E2F01D70FB956B0033BC874049
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by capuchin.riseup.net (Postfix) with ESMTPSA id 4BrRfG1zTDz8ty7;
 Tue, 15 Sep 2020 08:16:54 -0700 (PDT)
Date: Tue, 15 Sep 2020 12:16:14 -0300
From: =?UTF-8?Q?Andr=C3=A9?= Batista <nandre@riseup.net>
Message-ID: <20200915151614.GI13296@andel>
References: <20200715211547.GA17146@andel> <20200725144930.GA13751@andel>
 <20200803125556.GA18868@andel> <87blihhdz6.fsf@gnu.org>
 <20200909022429.GA24930@andel> <878sdjo1qv.fsf@gnu.org>
 <20200915142128.GA12025@andel>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="gV1yUYniiDLxW66s"
Content-Disposition: inline
In-Reply-To: <20200915142128.GA12025@andel>
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-Spam-Score: -1.0 (-)
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
X-Scanner: scn0
Authentication-Results: aspmx1.migadu.com;
	dkim=fail (rsa verify failed) header.d=riseup.net header.s=squak header.b=n4C40Rya;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=riseup.net (policy=none);
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Spam-Score: -1.51
X-TUID: JZy6659IfEGU


--gV1yUYniiDLxW66s
Content-Type: multipart/mixed; boundary="BouVgDkIlpb7X6Bk"
Content-Disposition: inline


--BouVgDkIlpb7X6Bk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


--BouVgDkIlpb7X6Bk
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline;
	filename="0001-gnu-Add-torbrowser-unbundle.patch"
Content-Transfer-Encoding: quoted-printable

=46rom 84070de582d33d47f2684bdee69b1e0b478c2352 Mon Sep 17 00:00:00 2001
=46rom: =3D?UTF-8?q?Andr=3DC3=3DA9=3D20Batista?=3D <nandre@riseup.net>
Date: Mon, 14 Sep 2020 22:39:59 -0300
Subject: [PATCH] gnu: Add torbrowser-unbundle
To: 42380@debbugs.gnu.org

* gnu/packages/tor.scm (torbrowser-unbundle): New variable.
* gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch: New file.
* gnu/packages/patches/torbrowser-start-tor-browser.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
---
 gnu/local.mk                                  |   3 +
 ...torbrowser-start-tor-browser.desktop.patch |  22 +
 .../torbrowser-start-tor-browser.patch        | 226 +++++
 gnu/packages/tor.scm                          | 830 +++++++++++++++++-
 4 files changed, 1080 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.deskt=
op.patch
 create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 1baa8405c5..1715068b6c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -37,6 +37,7 @@
 # Copyright =C2=A9 2020 Brice Waegeneire <brice@waegenei.re>
 # Copyright =C2=A9 2020 Tanguy Le Carrour <tanguy@bioneland.org>
 # Copyright =C2=A9 2020 Martin Becze <mjbecze@riseup.net>
+# Copyright =C2=A9 2020 Andr=C3=A9 Batista <nandre@riseup.net>
 #
 # This file is part of GNU Guix.
 #
@@ -1615,6 +1616,8 @@ dist_patch_DATA =3D						\
   %D%/packages/patches/tipp10-fix-compiling.patch		\
   %D%/packages/patches/tipp10-remove-license-code.patch		\
   %D%/packages/patches/tk-find-library.patch			\
+  %D%/packages/patches/torbrowser-start-tor-browser.desktop.patch       \
+  %D%/packages/patches/torbrowser-start-tor-browser.patch       \
   %D%/packages/patches/transcode-ffmpeg.patch	\
   %D%/packages/patches/ttf2eot-cstddef.patch			\
   %D%/packages/patches/tomb-fix-errors-on-open.patch		\
diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patc=
h b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
new file mode 100644
index 0000000000..336115b33a
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
@@ -0,0 +1,22 @@
+Change TorBrowser desktop file in order for it to be agnostic to the
+path when invoked.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser=
=2Edesktop.orign	2020-07-05 18:47:40.689484877 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser=
=2Edesktop	2020-07-25 02:54:44.603431160 -0300
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env ./Browser/execdesktop
++#!/usr/bin/env bash
+ #
+ # This file is a self-modifying .desktop file that can be run from the sh=
ell.
+ # It preserves arguments and environment for the start-tor-browser script.
+@@ -28,7 +28,7 @@
+ GenericName=3DWeb Browser
+ Comment=3DTor Browser is +1 for privacy and =E2=88=921 for mass surveilla=
nce
+ Categories=3DNetwork;WebBrowser;Security;
+-Exec=3Dsh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ =
! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/sta=
rt-tor-browser --detach)' dummy %k
+-X-TorBrowser-ExecShell=3D./Browser/start-tor-browser --detach
+-Icon=3Dweb-browser
++Exec=3Dbash -c start-tor-browser
++X-TorBrowser-ExecShell=3Dstart-tor-browser --detach
++Icon=3Dtorbrowser
+ StartupWMClass=3DTor Browser
diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.patch b/gnu/=
packages/patches/torbrowser-start-tor-browser.patch
new file mode 100644
index 0000000000..c563f94003
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-tor-browser.patch
@@ -0,0 +1,226 @@
+Change TorBrowser startup script in order for it to setup needed files
+outside guix store. Remove tests which are not needed on guix system.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser=
=2Eorig	2020-07-05 18:47:40.685485004 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser=
	2020-08-01 20:22:08.901737325 -0300
+@@ -5,6 +5,15 @@
+ #
+ # Copyright 2017 The Tor Project.  See LICENSE for licensing information.
+=20
++TBB_HOME=3D"${HOME}/.local/share/torbrowser"
++TBB_LOGFILE=3D"${TBB_HOME}/torbrowser.log"
++TBB_DATA=3D"${TBB_HOME}/Data"
++TBB_PROFILE=3D"${TBB_DATA}/Browser/profile.default"
++TBB_STORE_PATH=3D$(dirname $(realpath "$0"))
++TBB_STORE_DATA=3D"${TBB_STORE_PATH}/TorBrowser/Data"
++TORRC=3D"${TBB_DATA}/Tor/torrc-defaults"
++PT_PREFS=3D"${TBB_DATA}/Browser/bridge-prefs-js-appendix"
++
+ complain_dialog_title=3D"Tor Browser"
+=20
+ # First, make sure DISPLAY is set.  If it isn't, we're hosed; scream
+@@ -106,14 +115,11 @@
+     printf "  --verbose         Display Tor and Firefox output in the ter=
minal\n"
+     printf "  --log [file]      Record Tor and Firefox output in file (de=
fault: tor-browser.log)\n"
+     printf "  --detach          Detach from terminal and run Tor Browser =
in the background.\n"
+-    printf "  --register-app    Register Tor Browser as a desktop app for=
 this user\n"
+-    printf "  --unregister-app  Unregister Tor Browser as a desktop app f=
or this user\n"
+ }
+ log_output=3D0
+ show_output=3D0
+ detach=3D0
+ show_usage=3D0
+-register_desktop_app=3D0
+ logfile=3D/dev/null
+ while :
+ do
+@@ -134,8 +140,8 @@
+           ;;
+       -l | --log)
+           if [ -z "$2" -o "${2:0:1}" =3D=3D "-" ]; then
+-             printf "Logging Tor Browser debug information to tor-browser=
=2Elog\n"
+-             logfile=3D"../tor-browser.log"
++             printf "Logging Tor Browser debug information to torbrowser.=
log\n"
++             logfile=3D"${TBB_LOGFILE}"
+           elif [ "${2:0:1}" =3D=3D "/" -o "${2:0:1}" =3D=3D "~" ]; then
+              printf "Logging Tor Browser debug information to %s\n" "$2"
+              logfile=3D"$2"
+@@ -148,16 +154,6 @@
+           log_output=3D1
+           shift
+           ;;
+-      --register-app)
+-          register_desktop_app=3D1
+-          show_output=3D1
+-          shift
+-          ;;
+-      --unregister-app)
+-          register_desktop_app=3D-1
+-          show_output=3D1
+-          shift
+-          ;;
+       *) # No more options
+           break
+           ;;
+@@ -187,41 +183,23 @@
+ 	export XAUTHORITY
+ fi
+=20
+-# If this script is being run through a symlink, we need to know where
+-# in the filesystem the script itself is, not where the symlink is.
+-myname=3D"$0"
+-if [ -L "$myname" ]; then
+-	# XXX readlink is not POSIX, but is present in GNU coreutils
+-	# and on FreeBSD.  Unfortunately, the -f option (which follows
+-	# a whole chain of symlinks until it reaches a non-symlink
+-	# path name) is a GNUism, so we have to have a fallback for
+-	# FreeBSD.  Fortunately, FreeBSD has realpath instead;
+-	# unfortunately, that's also non-POSIX and is not present in
+-	# GNU coreutils.
+-	#
+-	# If this launcher were a C program, we could just use the
+-	# realpath function, which *is* POSIX.  Too bad POSIX didn't
+-	# make that function accessible to shell scripts.
+-
+-	# If realpath is available, use it; it Does The Right Thing.
+-	possibly_my_real_name=3D"`realpath "$myname" 2>/dev/null`"
+-	if [ "$?" -eq 0 ]; then
+-		myname=3D"$possibly_my_real_name"
+-	else
+-		# realpath is not available; hopefully readlink -f works.
+-		myname=3D"`readlink -f "$myname" 2>/dev/null`"
+-		if [ "$?" -ne 0 ]; then
+-			# Ugh.
+-			complain "start-tor-browser cannot be run using a symlink on this oper=
ating system."
+-		fi
+-	fi
++# Try to be agnostic to where we're being started from, check if files ar=
e on its
++# default paths and chdir to TBB_HOME
++if [ -e "${TORRC}" ]; then
++   cd "${TBB_HOME}"
++else
++   mkdir -p "${TBB_HOME}"
++   cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
++   chmod -R 700 "${TBB_HOME}"
++   mkdir -p "${TBB_PROFILE}"
++   echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TO=
RRC}\");"\
++     > "${TBB_PROFILE}/user.js"
++   grep -v 'default_bridge\.snowflake' "${PT_PREFS}" >> "${TBB_PROFILE}/u=
ser.js"
++   echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit e=
xec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
++     >> "${TORRC}"
++   cd "${TBB_HOME}"
+ fi
+=20
+-# Try to be agnostic to where we're being started from, chdir to where
+-# the script is.
+-mydir=3D"`dirname "$myname"`"
+-test -d "$mydir" && cd "$mydir"
+-
+ # If ${PWD} results in a zero length string, we can try something else...
+ if [ ! "${PWD}" ]; then
+ 	# "hacking around some braindamage"
+@@ -236,50 +214,9 @@
+   ln -nsf ~/.config/ibus/bus .config/ibus
+ fi
+=20
+-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from =
the
+-# canonical version if it was changed by the updater.
+-cp start-tor-browser.desktop ../
+-sed -i -e "s,^Name=3D.*,Name=3DTor Browser,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Icon=3D.*,Icon=3D$PWD/browser/chrome/icons/default/default1=
28.png,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Exec=3D.*,Exec=3Dsh -c '\"$PWD/start-tor-browser\" --detach=
 || ([ !  -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Brow=
ser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop
+-
+-if [ "$register_desktop_app" -eq 1 ]; then
+-	mkdir -p "$HOME/.local/share/applications/"
+-	cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
+-	update-desktop-database "$HOME/.local/share/applications/"
+-	printf "Tor Browser has been registered as a desktop app for this user i=
n ~/.local/share/applications/\n"
+-	exit 0
+-fi
+-
+-if [ "$register_desktop_app" -eq -1 ]; then
+-	if [ -e "$HOME/.local/share/applications/start-tor-browser.desktop" ]; t=
hen
+-		rm -f "$HOME/.local/share/applications/start-tor-browser.desktop"
+-		update-desktop-database "$HOME/.local/share/applications/"
+-		printf "Tor Browser has been removed as a user desktop app (from ~/.loc=
al/share/applications/)\n"
+-	else
+-		printf "Tor Browser does not appear to be a desktop app (not present in=
 ~/.local/share/applications/)\n"
+-	fi
+-	exit 0
+-fi
+-
+ HOME=3D"${PWD}"
+ export HOME
+=20
+-SYSARCHITECTURE=3D$(getconf LONG_BIT)
+-TORARCHITECTURE=3D$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit=
:]]*\)')
+-
+-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
+-   complain "Wrong architecture? 32-bit vs. 64-bit."
+-   exit 1
+-fi
+-
+-[% IF c("var/asan") -%]
+-# We need to disable LSan which is enabled by default now. Otherwise we'l=
l get
+-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59
+-ASAN_OPTIONS=3D"detect_leaks=3D0"
+-export ASAN_OPTIONS
+-[% END -%]
+-
+ function setControlPortPasswd() {
+     local ctrlPasswd=3D$1
+=20
+@@ -342,13 +279,15 @@
+ # your password in the following line where the word =E2=80=9Csecret=E2=
=80=9D is:
+ setControlPortPasswd ${TOR_CONTROL_PASSWD:=3D'"secret"'}
+=20
+-# Set up custom bundled fonts. See fonts-conf(5).
+-export FONTCONFIG_PATH=3D"${HOME}/TorBrowser/Data/fontconfig"
+-export FONTCONFIG_FILE=3D"fonts.conf"
+-
+ # Avoid overwriting user's dconf values. Fixes #27903.
+ export GSETTINGS_BACKEND=3Dmemory
+=20
++# Set up custom bundled fonts. See fonts-conf(5).
++export FONTCONFIG_FILE=3D"${HOME}/Data/fontconfig/fonts.conf"
++
++sed -i "${FONTCONFIG_FILE}"\
++    -e "s,<dir>fonts</dir>,<dir>${TBB_STORE_PATH}/fonts</dir>,"
++
+ cd "${HOME}"
+=20
+ # We pass all additional command-line arguments we get to Firefox.
+@@ -357,23 +296,23 @@
+=20
+ if [ "$show_usage" -eq 1 ]; then
+     # Display Firefox help, then our help
+-    TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ./firefox --class "Tor Bro=
wser" \
+-        -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/nu=
ll
++    TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox =
--class "Tor Browser" \
++        -profile Data/Browser/profile.default --help 2>/dev/null
+     tbb_usage
+ elif [ "$detach" -eq 1 ] ; then
+-    TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ./firefox --class "Tor Bro=
wser" \
+-       -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfil=
e" 2>&1 </dev/null &
++    TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox =
--class "Tor Browser" \
++       -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </d=
ev/null &
+     disown "$!"
+ elif [ "$log_output" -eq 1 -a "$show_output" -eq 1 ]; then
+-    TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ./firefox --class "Tor Bro=
wser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" 2>&1 </de=
v/null | \
++    TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox =
--class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
+         tee "$logfile"
+ elif [ "$show_output" -eq 1 ]; then
+-    TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ./firefox --class "Tor Bro=
wser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/nu=
ll
++    TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox =
--class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" < /dev/null
+ else
+-    TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ./firefox --class "Tor Bro=
wser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfi=
le" 2>&1 </dev/null
++    TOR_CONTROL_PASSWD=3D${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox =
--class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </=
dev/null
+ fi
+=20
+ exit $?
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index dd362d3af8..bc7a3486f8 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -32,26 +32,63 @@
   #:use-module (guix utils)
   #:use-module (guix download)
   #:use-module (guix git-download)
+  #:use-module (guix build-system cargo)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system go)
   #:use-module (guix build-system python)
+  #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages audio)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
   #:use-module (gnu packages golang)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages libcanberra)
   #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages llvm)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages nss)
   #:use-module (gnu packages pcre)
+  #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-crypto)
   #:use-module (gnu packages python-web)
   #:use-module (gnu packages python-xyz)
   #:use-module (gnu packages qt)
+  #:use-module (gnu packages readline)
+  #:use-module (gnu packages rsync) ; for httpse
+  #:use-module (gnu packages rust)
+  #:use-module (gnu packages rust-apps)
+  #:use-module (gnu packages sqlite)
   #:use-module (gnu packages tls)
-  #:use-module (gnu packages w3m))
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages vim) ; for xxd
+  #:use-module (gnu packages w3m)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xorg)
+  #:use-module (gnu packages xml) ; for httpse
+  #:use-module (ice-9 match)
+  #:use-module ((srfi srfi-1) #:hide (zip)))
=20
 (define-public tor
   (package
@@ -398,3 +435,794 @@ incorporates ideas and concepts from Philipp Winter's=
 ScrambleSuit protocol.
 The obfs naming was chosen primarily because it was shorter, in terms of
 protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")
    (license license:gpl3+)))
+
+;; Upstream does not seem to keep tor-browser and tor-browser-build versio=
ns
+;; in sync
+(define %torbrowser-version "68.12.0esr-9.5-1")
+(define %torbrowser-build-version "9.5.4")
+(define %torbrowser-build "build1")
+(define %torbrowser-build-id "20200729000000");must be of the form YYYYMMD=
Dhhmmss
+
+;; Fonts for Tor Browser. Avoid downloading 4Gb+ git repo on
+;; https://github.com/googlei18n/noto-fonts.git to use just a handful.
+;; Use the fonts on Tor Browser release tarball.
+(define torbrowser-fonts
+  (package
+   (name "torbrowser-fonts")
+   ; Tor Browser fonts did not change since last release and were not avai=
lable
+   ; when this version was built, the previous version were kept.
+   ;(version %torbrowser-build-version)
+   (version "9.5.3")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://dist.torproject.org/torbrowser/"
+                         version "/tor-browser-linux64-"
+                         version "_en-US.tar.xz"))
+     (sha256
+      (base32
+       "1kqvr0sag94xdkq85k426qq1hz2b52m315yz51w6hvc87d8332b4"))))
+   (build-system trivial-build-system)
+   (native-inputs
+    `(("tar" ,tar)
+      ("xz" ,xz)))
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (let ((src (assoc-ref %build-inputs "source"))
+                        (src-dir "tor-browser_en-US/Browser/fonts")
+                        (fonts (string-append %output "/share/fonts"))
+                        (tar (assoc-ref %build-inputs "tar"))
+                        (xz (assoc-ref %build-inputs "xz")))
+                    (mkdir-p fonts)
+                    (format #t "Untaring torbrowser ball ...~%")
+                    (invoke (string-append tar "/bin/tar") "-xf" src
+                            "-C" fonts "--strip-components=3D3"
+                            (string-append "--use-compress-program=3D" xz =
"/bin/xz")
+                            src-dir)
+                    #t))))
+   (home-page "https://github.com/googlei18n/noto-fonts")
+   (synopsis "Tor Browser bundled fonts")
+   (description "Free fonts bundled with Tor Browser.  Includes a subset o=
f Noto,
+Arimo, Cousine, Tinos and STIX fonts.")
+   (license license:silofl1.1)))
+
+(define tor-browser-build
+  (let ((commit (string-append "tbb-" %torbrowser-build-version
+                               "-" %torbrowser-build)))
+    (package
+     (name "tor-browser-build")
+     (version %torbrowser-build-version)
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://git.torproject.org/builders/tor-browser-build.g=
it")
+             (commit commit)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "0mq9ml8p0l2nnwjgr6dqn00pzk7h5zpi3hhr093hq99bapxs3wcs"))))
+     (build-system trivial-build-system)
+     (arguments
+      `(#:modules ((guix build utils))
+        #:builder (begin
+                    (use-modules (guix build utils))
+                    (format #t "Copying build scripts ...~%")
+                    (copy-recursively (string-append
+                                       (assoc-ref %build-inputs "source")
+                                       "/projects/tor-browser")
+                                      %output
+                                      #:log (%make-void-port "w")))))
+     (home-page "https://www.torproject.org")
+     (synopsis "Tor Browser Builder scripts")
+     (description "Tor Browser build and runtime scripts.")
+     (license (license:non-copyleft "file://LICENSE")))))
+
+(define torbutton
+  (let ((commit "ebe2bedab44e38f18c7968bd327d99eef7660f34"))
+    (package
+     (name "torbutton")
+     (version %torbrowser-build-version)
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://git.torproject.org/torbutton.git")
+             (commit commit)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "03xdyszab1a8j98xv6440v4lq58jkfqgmhxc2a62qz8q085d2x83"))))
+     (build-system trivial-build-system)
+     (arguments
+      `(#:modules ((guix build utils))
+        #:builder (begin
+                    (use-modules (guix build utils))
+                    (format #t "Copying source ...~%")
+                    (copy-recursively (assoc-ref %build-inputs "source")
+                                      %output
+                                      #:log (%make-void-port "w")))))
+     (home-page "https://www.torproject.org")
+     (synopsis "Tor Browser built-in extension")
+     (description "Browser extension needed to build and run Tor Browser.")
+     (license (license:non-copyleft "file://LICENSE")))))
+
+(define tor-launcher
+  (package
+   (name "tor-launcher")
+   (version "0.2.21.8")
+   (source
+    (origin
+     (method git-fetch)
+     (uri (git-reference
+           (url "https://git.torproject.org/tor-launcher.git")
+           (commit version)))
+     (file-name (git-file-name name version))
+     (sha256
+      (base32
+       "1mm1z7gv9dv6ymbr3vsg0lsnhnn84zrb6qsa164hmaxcfrwfhz5d"))))
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (format #t "Copying source ...~%")
+                  (copy-recursively (assoc-ref %build-inputs "source")
+                                    %output
+                                    #:log (%make-void-port "w")))))
+   (home-page "https://www.torproject.org")
+   (synopsis "Tor Browser built-in controler extension")
+   (description "Browser extension that starts the tor process (which
+connects the browser and other applications to the Tor Network), and
+which helps people configure and use @code{tor}. The first window that
+you see when you start Tor Browser is displayed by this extension.")
+   (license (license:non-copyleft "file://src/LICENSE"))))
+
+;; This package is actually a cargo crate, so it should be moved to
+;; crates-io.scm and made public once the cross building to wasm32 is
+;; successful.
+(define https-everywhere-lib-wasm
+  (let ((commit "af199004083ce200f285735f68a5a57c47eed0e6"))
+  (package
+   (name "https-everywhere-lib-wasm")
+   (version "2020.08.13")
+   (source
+    (origin
+     (method git-fetch)
+      (uri (git-reference
+            (url "https://github.com/EFForg/https-everywhere-lib-wasm")
+            (commit commit)))
+      (file-name (git-file-name name version))
+      (sha256
+       (base32
+        "14xv637hf9kzdyr2w0cvx0g5if9nrzflf29p1spdl228yqlv9d5r"))))
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (format #t "Copying source ...~%")
+                  (copy-recursively (assoc-ref %build-inputs "source")
+                                    %output
+                                    #:log (%make-void-port "w")))))
+   (home-page "https://github.com/EFForg/https-everywhere-lib-wasm")
+   (synopsis "Rust library for https-everywhere browser extension")
+   (description "Rust library for https-everywhere browser
+extension.")
+   (license license:gpl2+))))
+
+;; This should probably go elsewhere on the file system and made
+;; public in order to be shared between Tor Browser and IceCat once
+;; lib-wasm gets fixed.
+(define https-everywhere
+  (package
+   (name "https-everywhere")
+   (version "2020.8.13")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://github.com/EFForg/" name
+                         "/archive/" version ".tar.gz"))
+     (sha256
+      (base32
+       "0xb8q7izlyq80zzvj2j7wqp3srxxmi0wgwrb47lc5w38r7yzqjjd"))))
+   (build-system trivial-build-system)
+   (native-inputs
+    `(("bash" ,bash)
+      ("coreutils" ,coreutils)
+      ("findutils" ,findutils)
+      ("git" ,git)
+      ("grep" ,grep)
+      ("gzip" ,gzip)
+      ("https-everywhere-lib-wasm"
+       ,https-everywhere-lib-wasm)
+      ("libxml2" ,libxml2)
+      ("libxslt" ,libxslt)
+      ("openssl" ,openssl)
+      ("python" ,python)
+      ("rsync" ,rsync)
+      ("sed" ,sed)
+      ("tar" ,tar)
+      ("util-linux" ,util-linux) ; for getopt
+      ("which" ,which)
+      ("xxd" ,xxd)
+      ("zip" ,zip)))
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (let ((src (assoc-ref %build-inputs "source"))
+                        (httpse-libwasm (assoc-ref %build-inputs
+                                                   "https-everywhere-lib-w=
asm"))
+                        (bash (assoc-ref %build-inputs "bash"))
+                        (coreutils (assoc-ref %build-inputs "coreutils"))
+                        (findutils (assoc-ref %build-inputs "findutils"))
+                        ;; Might be worth patching make.sh and remove this.
+                        (git (assoc-ref %build-inputs "git"))
+                        (grep (assoc-ref %build-inputs "grep"))
+                        (gzip (assoc-ref %build-inputs "gzip"))
+                        (libxml2 (assoc-ref %build-inputs "libxml2"))
+                        (libxslt (assoc-ref %build-inputs "libxslt"))
+                        (openssl (assoc-ref %build-inputs "openssl"))
+                        (python (assoc-ref %build-inputs "python"))
+                        ;; Possibly not needed and used to update rules at
+                        ;; build time.
+                        (rsync (assoc-ref %build-inputs "rsync"))
+                        (sed (assoc-ref %build-inputs "sed"))
+                        (tar (assoc-ref %build-inputs "tar"))
+                        (util-linux (assoc-ref %build-inputs "util-linux"))
+                        (which (assoc-ref %build-inputs "which"))
+                        (xxd (assoc-ref %build-inputs "xxd"))
+                        (zip (assoc-ref %build-inputs "zip")))
+                    (setenv "SHELL" (string-append bash "/bin/bash"))
+                    (set-path-environment-variable
+                     "PATH" '("bin")
+                     (list bash sed findutils which git python tar openssl=
 rsync
+                           libxml2 libxslt util-linux grep xxd gzip zip co=
reutils))
+                    (set-path-environment-variable
+                     "LIBRARY_PATH" '("lib")
+                     (list bash sed findutils which git python tar openssl=
 rsync
+                           libxml2 libxslt util-linux grep xxd gzip zip co=
reutils))
+                    (format #t "Untaring source tarball ...~%")
+                    (invoke "tar" "-xf" src "--strip-components=3D1")
+                    ;; Python3.6 is hardcoded on these scripts. Using v3.8=
 appears
+                    ;; to be harmless.
+                    (substitute*
+                     '("install-dev-dependencies.sh"
+                       "make.sh"
+                       "hooks/precommit"
+                       "test/firefox.sh"
+                       "test/manual.sh"
+                       "test/rules/src/https_everywhere_checker/check_rule=
s.py"
+                       "test/script.py"
+                       "test/validations.sh"
+                       "test/validations/filename/run.py"
+                       "test/validations/relaxng/run.py"
+                       "test/validations/securecookie/run.py"
+                       "test/validations/special/run.py"
+                       "utils/create_zip.py"
+                       "utils/chromium-translations.py"
+                       "utils/create-platform-certs/split_combined_cert_fi=
le.py"
+                       "utils/mk-client-whitelist/dbconnect.py"
+                       "utils/mk-client-whitelist/run.py"
+                       "utils/merge-rulesets.py"
+                       "utils/setversion.py"
+                       "utils/zipfile_deterministic.py")
+                     (("python3.6") "python3"))
+                    (make-file-writable "lib-wasm")
+                    (copy-recursively httpse-libwasm
+                                      "lib-wasm"
+                                      #:log (%make-void-port "w"))
+                    ;; Remove precompiled binaries from source. This breaks
+                    ;; http-everywhere at runtime, but building is success=
ful.
+                    ;; Once lib-wasm is successfuly cross-compiled to wasm,
+                    ;; remove this.
+                    (with-directory-excursion "lib-wasm/pkg"
+                      (for-each (lambda (file)
+                        (if (file-exists? file)
+                            (delete-file file)
+                            (display (string-append
+                             "Warning: file " file
+                             " not found! Skipping...\n"))))
+                        '("https_everywhere_lib_wasm.js"
+                          "https_everywhere_lib_wasm_bg.wasm")))
+                    (for-each patch-shebang
+                              (find-files "."
+                                          (lambda (file stat)
+                                            ;; Filter out symlinks.
+                                            (eq? 'regular (stat:type stat)=
))
+                                          #:stat lstat))
+                    ;; Failing to generate the xpi, but copy-dir appears t=
o be
+                    ;; enough.
+                    (invoke "./make.sh")
+                    (copy-recursively "pkg/xpi-eff" %output
+                                      #:log (%make-void-port "w"))
+                    #t))))
+   (home-page "https://www.eff.org/https-everywhere")
+   (synopsis "Browser extension for automatic HTTPS usage")
+   (description "Browser extension that automatically makes the browser to
+use HTTPS instead of plain HTTP when the remote destination makes it
+available to users.")
+   (license license:gpl2+)))
+
+;; Currently there seems to be no binaries on this package, but in
+;; order to avoid the possibility of one getting silently added,
+;; this needs reworking to make it build from source.
+(define noscript
+  (package
+   (name "noscript")
+   (version "11.0.38")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://secure.informaction.com/download/release=
s/"
+                         name "-" version ".xpi"))
+     (sha256
+      (base32
+       "0f77dh1qj02ayrxiz98px0kl0dlza65fpjzq56nsmhrxmmyrby4c"))))
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (format #t "Copying source ...~%")
+                  (copy-file (assoc-ref %build-inputs "source")
+                             %output))))
+   (home-page "https://noscript.net")
+   (synopsis "Browser extension for protection against known attacks")
+   (description "Browser extension that protects users from a range of
+known attacks on web browsing activity such as Cross-site scripting, click=
jack
+and makes possible for the users to block or choose on a per site basis wh=
ich
+remote javascript to run while browsing the web.")
+   (license license:gpl2+)))
+
+;; (Un)fortunatly Tor Browser has it's own reproducible build system - RBM=
 -
+;; which automates the build process for them and compiles Tor Browser fro=
m a
+;; range of repositories and produces a range of tarballs for different
+;; architectures and locales. So we need to cherry-pick what is needed for
+;; guix and produce our own tarball. See
+;; https://gitweb.torproject.org/builders/tor-browser-build.git/projects/\
+;; {tor-browser,firefox}/{build,config} for the rationale applied here. See
+;; also the Hacking on Tor Browser document for a high level introduction =
at
+;; https://trac.torproject.org/projects/tor/wiki/doc/Tor Browser/Hacking.
+;;
+;; TODO: Import langpacks.
+(define-public torbrowser-unbundle
+  (let ((commit (string-append "tor-browser-" %torbrowser-version
+                               "-" %torbrowser-build)))
+    (package
+     (name "torbrowser-unbundle")
+     (version %torbrowser-build-version)
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://git.torproject.org/tor-browser.git")
+             (commit commit)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "02pxbhv64l575p2s2i365v53qyqynn272f64b6gqfrcvhn920g09"))))
+     (build-system gnu-build-system)
+     (inputs
+      `(("alsa-lib" ,alsa-lib)
+        ("bzip2" ,bzip2)
+        ("cups" ,cups)
+        ("dbus-glib" ,dbus-glib)
+        ("ffmpeg" ,ffmpeg)
+        ("freetype" ,freetype)
+        ("gdk-pixbuf" ,gdk-pixbuf)
+        ("glib" ,glib)
+        ("gtk+" ,gtk+)
+        ("gtk+-2" ,gtk+-2)
+        ("graphite2" ,graphite2)
+        ("harfbuzz" ,harfbuzz)
+        ("icu4c" ,icu4c)
+        ("libcanberra" ,libcanberra)
+        ("libgnome" ,libgnome)
+        ("libjpeg-turbo" ,libjpeg-turbo)
+        ("libogg" ,libogg)
+        ;; ("libtheora" ,libtheora) ; wants theora-1.2, not yet released
+        ("libvorbis" ,libvorbis)
+        ("libxft" ,libxft)
+        ("libevent" ,libevent)
+        ("libxinerama" ,libxinerama)
+        ("libxscrnsaver" ,libxscrnsaver)
+        ("libxcomposite" ,libxcomposite)
+        ("libxt" ,libxt)
+        ("libffi" ,libffi)
+        ("libvpx" ,libvpx)
+        ("mesa" ,mesa)
+        ("mit-krb5" ,mit-krb5)
+        ;; See <https://bugs.gnu.org/32833>
+        ;;   and related comments in the 'remove-bundled-libraries' phase.
+        ;; UNBUNDLE-ME! ("nspr" ,nspr)
+        ;; UNBUNDLE-ME! ("nss" ,nss)
+        ("obfs4" ,obfs4)
+        ("pango" ,pango)
+        ("pixman" ,pixman)
+        ("pulseaudio" ,pulseaudio)
+        ("shared-mime-info" ,shared-mime-info)
+        ("sqlite" ,sqlite)
+        ("startup-notification" ,startup-notification)
+        ("tor" ,tor-client)
+        ("unzip" ,unzip)
+        ("zip" ,zip)
+        ("zlib" ,zlib)))
+     (native-inputs
+      `(("autoconf" ,autoconf-2.13)
+        ("bash" ,bash)
+        ("cargo" ,rust "cargo")
+        ("clang" ,clang)
+        ("https-everywhere" ,https-everywhere)
+        ("llvm" ,llvm)
+        ("patch" ,(canonical-package patch))
+        ("torbrowser-start-tor-browser.patch"
+         ,(search-patch "torbrowser-start-tor-browser.patch"))
+        ("torbrowser-start-tor-browser.desktop.patch"
+         ,(search-patch "torbrowser-start-tor-browser.desktop.patch"))
+        ("perl" ,perl)
+        ("pkg-config" ,pkg-config)
+        ("python" ,python)
+        ("python2" ,python-2.7)
+        ("python2-pysqlite" ,python2-pysqlite)
+        ("nasm" ,nasm)  ; XXX FIXME: only needed on x86_64 and i686
+        ("node" ,node)
+        ("noscript" ,noscript)
+        ("rust" ,rust)
+        ("rust-cbindgen" ,rust-cbindgen)
+        ("tor-browser-build" ,tor-browser-build)
+        ("torbrowser-fonts" ,torbrowser-fonts)
+        ("tor-launcher" ,tor-launcher)
+        ("torbutton" ,torbutton)
+        ("which" ,which)
+        ("yasm" ,yasm)))
+     (arguments
+      `(#:tests? #f ; Some tests are autodone by mach on build fase.
+
+        ;; XXX: There are RUNPATH issues such as
+        ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.=
so,
+        ;; which is not in its RUNPATH, but they appear to be harmless in
+        ;; practice somehow.  See <http://hydra.gnu.org/build/378133>.
+        #:validate-runpath? #f
+        #:imported-modules ,%cargo-utils-modules ;for `generate-all-checks=
ums'
+        ;; This modules where copied from IceCat package definition and so=
me
+        ;; of them are probably not needed anymore. TODO: verify if/which
+        ;; are still needed.
+        #:modules ((ice-9 ftw)
+                   (ice-9 rdelim)
+                   (ice-9 regex)
+                   (ice-9 match)
+                   (srfi srfi-34)
+                   (srfi srfi-35)
+                   (rnrs bytevectors)
+                   (rnrs io ports)
+                   (guix elf)
+                   (guix build gremlin)
+                   (guix build utils)
+                   (sxml simple)
+                   ,@%gnu-build-system-modules)
+        #:phases
+        (modify-phases %standard-phases
+          (add-after 'unpack 'make-bundle
+            (lambda* (#:key inputs native-inputs #:allow-other-keys)
+              (let ((torbutton (assoc-ref inputs "torbutton"))
+                    (torbutton-dir "toolkit/torproject/torbutton")
+                    (tor-launcher (assoc-ref inputs "tor-launcher"))
+                    (tor-launcher-dir "browser/extensions/tor-launcher")
+                    (tbb (assoc-ref inputs "tor-browser-build"))
+                    (tbb-scripts-dir "tbb-scripts"))
+                (format #t "Copying torbutton source to default path ...~%=
")
+                (make-file-writable torbutton-dir)
+                (copy-recursively torbutton torbutton-dir
+                                  #:log (%make-void-port "w"))
+                (format #t "Copying tor-launcher ...~%")
+                (copy-recursively tor-launcher tor-launcher-dir
+                                  #:log (%make-void-port "w"))
+                (format #t "Copying tor-browser-build ...~%")
+                (mkdir tbb-scripts-dir)
+                (copy-recursively tbb tbb-scripts-dir
+                                  #:log (%make-void-port "w"))
+                (make-file-writable (string-append
+                                     tbb-scripts-dir
+                                     "/RelativeLink/start-tor-browser"))
+                (make-file-writable (string-append
+                                     tbb-scripts-dir
+                                     "/RelativeLink/start-tor-browser.desk=
top")))
+              #t))
+
+          (add-after 'make-bundle 'apply-guix-specific-patches
+            (lambda* (#:key inputs native-inputs #:allow-other-keys)
+              (let ((patch (string-append (assoc-ref (or native-inputs inp=
uts)
+                                                     "patch")
+                                          "/bin/patch")))
+                (for-each (match-lambda
+                  ((label . file)
+                     (when (and (string-prefix? "torbrowser-" label)
+                       (string-suffix? ".patch" label))
+                       (format #t "applying '~a'...~%" file)
+                       (invoke patch "--force" "--no-backup-if-mismatch"
+                                     "-p1" "--input" file))))
+                  (or native-inputs inputs)))
+              #t))
+
+          ;; On mach build system this is done on configure.
+          (delete 'bootstrap)
+
+          (add-after 'patch-source-shebangs 'patch-cargo-checksums
+            (lambda _
+              (use-modules (guix build cargo-utils))
+              (let ((null-hash
+                     "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495=
991b7852b855"))
+                (substitute* '("Cargo.lock" "gfx/wr/Cargo.lock")
+                  (("(\"checksum .* =3D )\".*\"" all name)
+                   (string-append name "\"" null-hash "\"")))
+                (generate-all-checksums "third_party/rust"))
+              #t))
+
+          (add-after 'build 'neutralize-store-references
+            (lambda _
+              ;; Mangle the store references to compilers & other build to=
ols in
+              ;; about:buildconfig, reducing Tor Browser's closure signifi=
cant.
+              ;; The resulting files are saved in lib/firefox/omni.ja
+              (substitute*
+               "objdir/dist/bin/chrome/toolkit/content/global/buildconfig.=
html"
+               (((format #f "(~a/)([0-9a-df-np-sv-z]{32})"
+                         (regexp-quote (%store-directory))) _ store hash)
+                (string-append store
+                               (string-take hash 8)
+                               "<!-- Guix: not a runtime dependency -->"
+                               (string-drop hash 8))))
+              #t))
+
+          (replace 'configure
+            (lambda* (#:key inputs outputs configure-flags #:allow-other-k=
eys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (bash (which "bash"))
+                     (flags `(,(string-append "--prefix=3D" out)
+                                              ,@configure-flags)))
+                (setenv "SHELL" bash)
+                (setenv "AUTOCONF" (string-append
+                                    (assoc-ref %build-inputs "autoconf")
+                                               "/bin/autoconf"))
+                (setenv "CONFIG_SHELL" bash)
+                (setenv "PYTHON" (string-append
+                                  (assoc-ref inputs "python2")
+                                  "/bin/python"))
+                (setenv "MOZ_BUILD_DATE"
+                        ,%torbrowser-build-id) ; avoid timestamp.
+                (setenv "LDFLAGS" (string-append
+                                   "-Wl,-rpath=3D"
+                                   (assoc-ref outputs "out")
+                                   "/lib/firefox"))
+                ;; This needs reworking to use the mozconfig available on
+                ;; tor-browser-builder repo which is the one Tor Project
+                ;; actually uses and which warranted some of the changes
+                ;; below.
+                (substitute* ".mozconfig"
+                  ;; Arch independent builddir.
+                  (("(mk_add_options MOZ_OBJDIR=3D@TOPSRCDIR@/obj).*" _ m)
+                   (string-append m "dir\n"))
+                  (("ac_add_options --disable-tor-launcher") "")
+                  ;; We won't be building incrementals.
+                  (("ac_add_options --enable-signmar") "")
+                  (("ac_add_options --enable-verify-mar") "")
+                  (("ac_add_options --with-tor-browser-version=3Ddev-build=
")
+                   (string-append
+                    "ac_add_options --with-tor-browser-version=3Dorg.gnu\n"
+                    "ac_add_options --with-unsigned-addon-scopes=3Dapp\n"
+                    "ac_add_options --enable-pulseaudio\n"
+                    "ac_add_options --disable-debug-symbols\n"
+                    "ac_add_options --disable-updater\n"
+                    "ac_add_options --disable-gconf\n"
+                    ;; Other syslibs that can be unbundled? (nss, nspr)
+                    "ac_add_options --enable-system-pixman\n"
+                    "ac_add_options --enable-system-ffi\n"
+                    "ac_add_options --with-system-bz2\n"
+                    "ac_add_options --with-system-icu\n"
+                    "ac_add_options --with-system-jpeg\n"
+                    "ac_add_options --with-system-libevent\n"
+                    "ac_add_options --with-system-zlib\n"
+                    ;; Without these clang is not found.
+                    "ac_add_options --with-clang-path=3D"
+                    (assoc-ref %build-inputs "clang") "/bin/clang\n"
+                    "ac_add_options --with-libclang-path=3D"
+                    (assoc-ref %build-inputs "clang") "/lib\n")))
+
+                (substitute* "browser/app/profile/000-tor-browser.js"
+                  ;; Tor Browser updates are disabled on mozconfig, but le=
t's be sure.
+                  (("(pref\\(\"extensions.torbutton.versioncheck_enabled\"=
).*" _ m)
+                   (string-append m ",false);\n")))
+
+                (substitute*
+                 "browser/extensions/tor-launcher/src/defaults/preferences=
/torlauncher-prefs.js"
+                  ;; Not multilingual. See tor-browser/build:141. Currentl=
y disabled on
+                  ;; tor-launcher, but let's make sure while missing langp=
acks.
+                 (("(pref\\(\"extensions.torlauncher.prompt_for_locale\").=
*" _ m)
+                  (string-append m ", false);\n")))
+
+                ;; For user data outside the guix store.
+                (substitute* "xpcom/io/TorFileUtils.cpp"
+                  (("ANDROID") "GNUGUIX"))
+                   (substitute* "old-configure.in"
+                  (("(AC_SUBST\\(TOR_BROWSER_DISABLE_TOR_LAUNCHER\\))" _ m)
+                   (string-append m "\n AC_DEFINE(GNUGUIX)\n")))
+
+                (format #t "Invoking mach configure ...~%")
+                (invoke "./mach" "configure"))
+              #t))
+
+          (replace 'build
+            (lambda _ (invoke "./mach" "build")
+              #t))
+
+          ;; Tor Browser just do a stage-package here and copy files to it=
s places.
+          (replace 'install
+            (lambda* (#:key inputs native-inputs outputs
+                      configure-flags #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (applications (string-append out "/share/applications=
"))
+                     (build "objdir/dist/firefox")
+                     (bin (string-append out "/bin"))
+                     (lib (string-append out "/lib/firefox"))
+                     (start-script
+                      "tbb-scripts/RelativeLink/start-tor-browser")
+                     (desktop-file
+                      "tbb-scripts/RelativeLink/start-tor-browser.desktop"=
))
+                (invoke "./mach" "build" "stage-package")
+                ;; Tor Browser doesn't use those.
+                ;; See: tor-browser-build.git/projects/firefox/build:167
+                (format #t "Deleting spurious files ...~%")
+                (with-directory-excursion build
+                  (for-each (lambda (file)
+                              (if (file-exists? file)
+                                  (delete-file file)
+                                  (display (string-append
+                                            "Warning: file " file
+                                            " not found! Skipping...\n"))))
+                            '("firefox-bin" "libfreeblpriv3.chk" "libnssdb=
m3.chk"
+                              "libsoftokn3.chk" "fonts/TwemojiMozilla.ttf"=
)))
+                (rmdir (string-append build "/fonts"))
+                (format #t "Creating install dirs ...~%")
+                (mkdir-p applications)
+                (mkdir-p lib)
+                (mkdir bin)
+                (format #t "Copying files to install dirs ...~%")
+                (copy-recursively build (string-append lib "/")
+                                  #:log (%make-void-port "w"))
+                (copy-file start-script
+                           (string-append lib "/start-tor-browser"))
+                (copy-file desktop-file
+                           (string-append lib "/start-tor-browser.desktop"=
))
+                (chmod (string-append lib "/start-tor-browser") #o555)
+                (chmod (string-append lib "/start-tor-browser.desktop") #o=
555)
+                (format #t "Linking start-tor-browser script ...~%")
+                (symlink (string-append lib "/start-tor-browser")
+                         (string-append bin "/start-tor-browser"))
+                (format #t "Installing desktop file ...~%")
+                (install-file desktop-file applications))
+              #t))
+
+          (add-after 'install 'install-icons
+            (lambda* (#:key outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (icons-src (string-append
+                                 out "/lib/firefox/browser/chrome/icons/de=
fault")))
+                (with-directory-excursion
+                 icons-src
+                 (for-each
+                   (lambda (file)
+                     (let* ((size (string-filter char-numeric? file))
+                            (icons (string-append out "/share/icons/hicolo=
r/"
+                                                  size "x" size "/apps")))
+                       (mkdir-p icons)
+                       (copy-file file (string-append icons "/torbrowser.p=
ng"))))
+                   '("default16.png" "default32.png" "default48.png" "defa=
ult64.png"
+                     "default128.png"))))
+              #t))
+
+          (add-after 'install-icons 'install-fonts
+            (lambda* (#:key inputs native-inputs outputs #:allow-other-key=
s)
+              (let* ((out (assoc-ref outputs "out"))
+                     (lib (string-append out "/lib/firefox/"))
+                     (fonts  (string-append (or (assoc-ref native-inputs
+                                                           "torbrowser-fon=
ts")
+                                                (assoc-ref inputs
+                                                           "torbrowser-fon=
ts"))
+                                            "/share")))
+                (copy-recursively fonts lib
+                                  #:log (%make-void-port "w"))
+                (symlink (string-append lib "/fonts")
+                         (string-append out "/share/fonts")))
+              #t))
+
+          (add-after 'install-fonts 'install-extensions
+            (lambda* (#:key inputs native-inputs outputs #:allow-other-key=
s)
+              (let* ((out (assoc-ref outputs "out"))
+                     (ext (string-append out "/lib/firefox/browser/extensi=
ons"))
+                     (noscript-id "{73a6fe31-595d-460b-a920-fcc0f8843232}")
+                     (httpse-id "https-everywhere-eff@eff.org")
+                     (noscript (assoc-ref inputs "noscript"))
+                     (httpse (assoc-ref inputs "https-everywhere")))
+                (mkdir-p ext)
+                (copy-file noscript (string-append
+                                     ext "/" noscript-id ".xpi"))
+                (copy-recursively httpse
+                                  (string-append ext "/" httpse-id)
+                                  #:log (%make-void-port "w"))
+                (chmod (string-append ext "/" noscript-id ".xpi") #o555))
+              #t))
+
+          (add-after 'install-extensions 'link-binaries
+            (lambda* (#:key inputs native-inputs outputs #:allow-other-key=
s)
+              (let* ((out (assoc-ref outputs "out"))
+                     (tordir (string-append out "/lib/firefox/TorBrowser/T=
or"))
+                     (ptdir (string-append tordir "/PluggableTransports"))
+                     (obfs4 (string-append (assoc-ref inputs "obfs4")
+                                           "/bin/obfs4proxy"))
+                     (tor (string-append (assoc-ref inputs "tor")
+                                         "/bin/tor")))
+                (mkdir-p ptdir)
+                (symlink tor (string-append tordir "/tor"))
+                (symlink obfs4 (string-append ptdir "/obfs4proxy")))
+              #t))
+
+          (add-after 'link-binaries 'copy-bundle-data
+            (lambda* (#:key inputs native-inputs outputs #:allow-other-key=
s)
+              (let* ((out (assoc-ref outputs "out"))
+                     (lib (string-append out "/lib/firefox"))
+                     (tbb "tbb-scripts")
+                     (ptconf (string-append tbb "/Bundle-Data/PTConfigs"))
+                     (docs (string-append lib "/TorBrowser/Docs"))
+                     (data (string-append lib "/TorBrowser/Data")))
+                (mkdir-p data)
+                (mkdir docs)
+                (with-directory-excursion
+                 (string-append tbb "/Bundle-Data/linux/Data")
+                 (for-each (lambda (file)
+                             (copy-recursively file
+                                               (string-append data "/" fil=
e)
+                                               #:log (%make-void-port "w")=
))
+                           '("Browser" "fontconfig" "Tor")))
+                (copy-file (string-append ptconf "/linux/torrc-defaults-ap=
pendix")
+                           (string-append data "/Tor/torrc-defaults-append=
ix"))
+                (copy-file (string-append ptconf "/bridge_prefs.js")
+                           (string-append
+                            data "/Browser/bridge-prefs-js-appendix"))
+                (copy-recursively (string-append tbb "/Bundle-Data/Docs")
+                                  (string-append docs "/")
+                                  #:log (%make-void-port "w")))
+              #t))
+
+          ;; This fixes the file chooser crash that happens with GTK 3
+          (add-after 'copy-bundle-data 'wrap-program
+            (lambda* (#:key inputs outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (lib (string-append out "/lib/firefox"))
+                     (gtk (assoc-ref inputs "gtk+"))
+                     (gtk-share (string-append gtk "/share"))
+                     (mesa (assoc-ref inputs "mesa"))
+                     (mesa-lib (string-append mesa "/lib"))
+                     (pulseaudio (assoc-ref inputs "pulseaudio"))
+                     (pulseaudio-lib (string-append pulseaudio "/lib"))
+                     (libxscrnsaver (assoc-ref inputs "libxscrnsaver"))
+                     (libxscrnsaver-lib (string-append libxscrnsaver "/lib=
")))
+                (wrap-program (car (find-files lib "^firefox$"))
+                  `("XDG_DATA_DIRS" prefix (,gtk-share))
+                  `("LD_LIBRARY_PATH" prefix (,pulseaudio-lib ,mesa-lib
+                                              ,libxscrnsaver-lib))))
+              #t)))))
+     (home-page "https://www.torproject.org")
+     (synopsis "Anonymous browser derived from Mozilla Firefox")
+     (description
+      "Tor Browser is the Tor Project version of Firefox browser.  It is
+the only recommended way to anonymously browse the web that is supported by
+the project.  It modifies Firefox in order to avoid many know application
+level attacks on the privacy of Tor users.
+
+WARNING: This is not the official Tor Browser and is currently on testing.
+Https-everywhere browser extension is currently not working so use it at
+your own risk and please report back on guix channels if you find any
+issues.")
+     (license license:mpl2.0)))) ;and others, see toolkit/content/license.=
html
--=20
2.27.0


--BouVgDkIlpb7X6Bk--

--gV1yUYniiDLxW66s
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2r0FgwPCZwAACgkQ
YrJ+WmBEwoKGGw/9HRnrHlU+lbO14mMyBmsIrredmncbnRjEN7remBa6S18rpd+E
7BQhDFd/r4/xy8t/5nbwn92vb/IXfAaXfFiN5tB4OwE7rbjUwMz1ArlcrH+RmE4L
qO8gH4MQqZvhm/ka0ISwnXRr077Jaz6eYQdh0vnffogoWuLLz8nzlCAr4R1Gvz2P
v5DtGBlFqmpBGIC7Y4os3Ro9MI0aqsNdOcrtIm9NICALDOoo3O+Ik+0FeqrgcZFB
gNC266E1oHY7UX4WIZV/dogBtYE8CXPsnDst+VHurtaxr0ExAkexAdcFKodHtQsN
SwmTw5GgEAc+B3GXgqgSmfGFeXJjXmLxbtb5dkn/Vgl0n/9b+6B5AZpC26BYEcQ9
8Y/4ru64iT5jYlKveXCYe1gK0fvyQad8AOllmiGm6lq2anS2T02JMAgQ3xUXAvXw
sqI0UADlW5OMLjwKrGAVIFb9MVXlfWEXzWwQ69gWH3So5kFFlHcWaaWkdAiE3hB5
5Jsdz8jfiWXWg2Pc7r2lEqsFDiRnO0Q1/U7WWuQg2tVpDkmSFZuSPs0GICBGjX/0
kW8lQehJhVJlYIEHss5bh8rR4Glc6svJt1notxcqM9mNHARPr6A9pbyFSctM0fgf
fCObXFma6f6ZKj/TerhYSSYVLvfqdvNEG/t2ulxwzDyQBuRlP9rptIJ6ej4=
=gmmN
-----END PGP SIGNATURE-----

--gV1yUYniiDLxW66s--