From: "Clément Lassieur" <clement@lassieur.org>
To: 42380@debbugs.gnu.org, "André Batista" <nandre@riseup.net>
Cc: "Clément Lassieur" <clement@lassieur.org>,
"Clément Lassieur" <clement@lassieur.org>,
"Jonathan Brielmaier" <jonathan.brielmaier@web.de>
Subject: [bug#42380] [PATCH v2] gnu: Add torbrowser.
Date: Thu, 21 Dec 2023 14:56:17 +0100 [thread overview]
Message-ID: <45b7d4b41bbd918cc15c4a10fe5c30a40b792947.1703164756.git.clement@lassieur.org> (raw)
In-Reply-To: <d6e5198dc66c76fdf454241d1074c1c649a9cc46.1702378364.git.clement@lassieur.org>
* gnu/packages/tor.scm (torbrowser): New variable.
(torbrowser-assets): New variable.
* gnu/packages/browser-extensions.scm (noscript): New variable.
(noscript/icecat): New variable.
Change-Id: I73dc53905e4a028108bb34aae07e44256cf16c85
---
gnu/packages/browser-extensions.scm | 26 +++
gnu/packages/gnupg.scm | 3 +-
gnu/packages/tor.scm | 285 ++++++++++++++++++++++++++++
3 files changed, 312 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/browser-extensions.scm b/gnu/packages/browser-extensions.scm
index 2251011f849a..178bcaae6c90 100644
--- a/gnu/packages/browser-extensions.scm
+++ b/gnu/packages/browser-extensions.scm
@@ -21,6 +21,7 @@
(define-module (gnu packages browser-extensions)
#:use-module (guix gexp)
#:use-module (guix packages)
+ #:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system copy)
#:use-module (guix build-system gnu)
@@ -221,3 +222,28 @@ (define passff
(define-public passff/icecat
(make-icecat-extension passff))
+
+(define noscript
+ (package
+ (name "noscript")
+ (version "11.4.28")
+ (source (origin
+ (method url-fetch/zipbomb)
+ (uri (string-append
+ "https://noscript.net/download/releases/noscript-" version
+ ".xpi"))
+ (sha256
+ (base32
+ "051wawi0yjyramp743yjawqaz59g3m2gcivm24b44ibd4arpdl2l"))))
+ (build-system copy-build-system)
+ (properties '((addon-id . "{73a6fe31-595d-460b-a920-fcc0f8843232}")))
+ (arguments
+ `(#:install-plan '(("." ,(assq-ref properties 'addon-id)))))
+ (home-page "https://noscript.net")
+ (synopsis "Software providing extra protection for various browsers.")
+ (description "The NoScript Security Suite is a software providing extra
+protection for web browsers.")
+ (license license:gpl3+)))
+
+(define-public noscript/icecat
+ (make-icecat-extension noscript))
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index a5b8587a141c..bec74b3f3f49 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -70,7 +70,6 @@ (define-module (gnu packages gnupg)
#:use-module (gnu packages swig)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages tls)
- #:use-module (gnu packages tor)
#:use-module (gnu packages web)
#:use-module (gnu packages xorg)
#:use-module (gnu packages xdisorg)
@@ -1124,7 +1123,7 @@ (define-public parcimonie
perl-try-tiny
perl-type-tiny
perl-types-path-tiny
- torsocks))
+ (@ (gnu packages tor) torsocks))) ;avoid dependency loop
(native-inputs
(list perl-file-which
perl-gnupg-interface
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 71f32b3f4331..f5efcd25ef25 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -36,11 +36,15 @@ (define-module (gnu packages tor)
#:use-module (guix utils)
#:use-module (guix download)
#:use-module (guix git-download)
+ #:use-module (guix build-system copy)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system mozilla)
#:use-module (guix build-system python)
#:use-module (guix build-system pyproject)
#:use-module (gnu packages)
#:use-module (gnu packages base)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages browser-extensions)
#:use-module (gnu packages libevent)
#:use-module (gnu packages linux)
#:use-module (gnu packages check)
@@ -48,6 +52,7 @@ (define-module (gnu packages tor)
#:use-module (gnu packages pcre)
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages glib)
+ #:use-module (gnu packages gnuzilla)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages python-check)
@@ -483,3 +488,283 @@ (define-public tractor
the onion proxy and sets up proxy in user session, so you don't have to mess
up with TOR on your system anymore.")
(license license:gpl3+)))
+
+(define torbrowser-assets
+ ;; This is a prebuilt Torbrowser from which we take the assets we need.
+ (package
+ (name "torbrowser-assets")
+ ;; To find the last version, look at https://www.torproject.org/download/.
+ (version "13.0.6")
+ (source
+ (origin
+ (method url-fetch)
+ (uri
+ (string-append
+ "https://archive.torproject.org/tor-package-archive/torbrowser/"
+ version "/tor-browser-linux-x86_64-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0d72jgcp9rbpfjivsh6vg6bgbppkhrlficwk4jz0f8h69cj8ygzd"))))
+ (arguments
+ (list
+ #:install-plan
+ ''(("Browser" "." #:include-regexp
+ ("^\\./TorBrowser/Data/Tor/torrc-defaults"
+ "^\\./fonts/"
+ "^\\./fontconfig/fonts.conf")))))
+ (build-system copy-build-system)
+ (home-page "https://www.torproject.org")
+ (synopsis "Tor Browser assets")
+ (description "This package contains fonts and configuration files for Tor
+Browser.")
+ (license license:silofl1.1)))
+
+;; Must be of the form YYYYMMDDhhmmss as in `date +%Y%m%d%H%M%S`.
+(define %moz-build-date "20231219173144")
+
+(define-public torbrowser
+ (package
+ (inherit icecat-minimal)
+ (name "torbrowser")
+ ;; To find the last version, browse
+ ;; https://archive.torproject.org/tor-package-archive/torbrowser/<version>
+ ;; (<version> is the version of the `torbrowser-assets` package). There
+ ;; should be only one archive that starts with "src-firefox-tor-browser-".
+ (version "115.5.0esr-13.0-1-build4")
+ (source
+ (origin
+ (method url-fetch)
+ (uri
+ (string-append
+ "https://archive.torproject.org/tor-package-archive/torbrowser/"
+ (package-version torbrowser-assets)
+ "/src-firefox-tor-browser-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0p0qsfc2l2bicqjr1kxciiij5qz7n8xqyvyn8f13fvk0wyg94c6v"))))
+ (build-system mozilla-build-system)
+ (arguments
+ (substitute-keyword-arguments (package-arguments icecat-minimal)
+ ((#:configure-flags flags '())
+ #~(cons*
+ "--without-relative-data-dir" ;store is read-only
+ "--disable-base-browser-update"
+ ;; Default is "default", which is the same as "nightly".
+ "--enable-update-channel=release"
+ "--with-user-appdir=.torbrowser"
+ "--with-branding=browser/branding/tb-release"
+ (string-append "--prefix=" #$output)
+ (string-append "--with-base-browser-version="
+ #$(package-version
+ (this-package-input "torbrowser-assets")))
+ #$flags))
+ ((#:phases phases)
+ #~(modify-phases #$phases
+ (add-before 'configure 'setenv
+ (lambda _
+ (setenv "CONFIG_SHELL" (which "bash"))
+ ;; Install location is prefix/lib/$MOZ_APP_NAME. Also
+ ;; $MOZ_APP_NAME is the executable name. Default is
+ ;; "firefox".
+ (setenv "MOZ_APP_NAME" "torbrowser")
+ ;; Profile location (relative to "~/."). Default is
+ ;; lower($MOZ_APP_VENDOR/$MOZ_APP_BASENAME), which is:
+ ;; ~/.tor project/firefox.
+ (setenv "MOZ_APP_PROFILE" "torbrowser/browser")
+ ;; WM_CLASS (default is "$MOZ_APP_NAME-$MOZ_UPDATE_CHANNEL").
+ (setenv "MOZ_APP_REMOTINGNAME" "Tor Browser")
+ ;; Persistent state directory for the build system (default is
+ ;; $HOME/.mozbuild).
+ (setenv "MOZBUILD_STATE_PATH"
+ (in-vicinity (getcwd) ".mozbuild"))
+ ;; Make build reproducible.
+ (setenv "MOZ_BUILD_DATE" #$%moz-build-date)))
+ (add-before 'configure 'mozconfig
+ (lambda* (#:key configure-flags #:allow-other-keys)
+ (with-output-to-file "mozconfig"
+ (lambda ()
+ (format #t ". $topsrcdir/mozconfig-linux-x86_64~%")
+ (for-each (lambda (flag)
+ (format #t "ac_add_options ~a~%" flag))
+ configure-flags)))))
+ (replace 'configure
+ (lambda _
+ (invoke "make" "-C" "tools/torbrowser" "config")))
+ (add-before 'build 'fix-addons-placeholder
+ (lambda _
+ (substitute*
+ "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
+ (("addons.mozilla.org") "gnuzilla.gnu.org"))))
+ (replace 'build
+ (lambda _
+ (invoke "make" "-C" "tools/torbrowser" "build")))
+ (add-after 'install 'deploy-assets
+ (lambda _
+ (let ((assets #$(this-package-input "torbrowser-assets"))
+ (lib (in-vicinity #$output "lib/torbrowser"))
+ (tor #$(this-package-input "tor-client")))
+ ;; TorBrowser/Data/Tor/torrc-defaults
+ (copy-recursively (in-vicinity assets "TorBrowser")
+ (in-vicinity lib "TorBrowser"))
+ ;; The geoip and geoip6 files are in the same directory as
+ ;; torrc-defaults. (See TorProcess.sys.mjs.)
+ (mkdir-p (in-vicinity lib "TorBrowser/Data/Tor"))
+ (copy-file (in-vicinity tor "share/tor/geoip")
+ (in-vicinity lib "TorBrowser/Data/Tor/geoip"))
+ (copy-file (in-vicinity tor "share/tor/geoip6")
+ (in-vicinity lib "TorBrowser/Data/Tor/geoip6"))
+ ;; Fonts
+ (copy-recursively (in-vicinity assets "fontconfig")
+ (in-vicinity lib "fontconfig"))
+ (substitute* (in-vicinity lib "fontconfig/fonts.conf")
+ (("<dir>fonts</dir>")
+ (format #f "<dir>~a</dir>" (in-vicinity lib "fonts"))))
+ (delete-file-recursively (in-vicinity lib "fonts"))
+ (copy-recursively (in-vicinity assets "fonts")
+ (in-vicinity lib "fonts")))))
+ (replace 'build-sandbox-whitelist
+ (lambda* (#:key inputs #:allow-other-keys)
+ (define (runpath-of lib)
+ (call-with-input-file lib
+ (compose elf-dynamic-info-runpath
+ elf-dynamic-info
+ parse-elf
+ get-bytevector-all)))
+ (define (runpaths-of-input label)
+ (let* ((dir (string-append (assoc-ref inputs label) "/lib"))
+ (libs (find-files dir "\\.so$")))
+ (append-map runpath-of libs)))
+ ;; Populate the sandbox read-path whitelist as needed by ffmpeg.
+ (let* ((whitelist
+ (map (cut string-append <> "/")
+ (delete-duplicates
+ `(,(string-append (assoc-ref inputs "shared-mime-info")
+ "/share/mime")
+ ,@(append-map runpaths-of-input
+ '("mesa" "ffmpeg"))))))
+ (whitelist-string (string-join whitelist ",")))
+ (with-output-to-file "whitelist.txt"
+ (lambda ()
+ (display whitelist-string))))))
+ (add-after 'install 'autoconfig
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((lib (in-vicinity #$output "lib/torbrowser"))
+ (config-file "tor-browser.cfg"))
+ (with-output-to-file (in-vicinity
+ lib "defaults/pref/autoconfig.js")
+ (lambda ()
+ (format #t "// first line must be a comment~%")
+ (format #t "pref(~s, ~s);~%"
+ "general.config.filename" config-file)
+ (format #t "pref(~s, ~a);~%"
+ "general.config.obscure_value" "0")))
+ (with-output-to-file (in-vicinity lib config-file)
+ (lambda ()
+ (format #t "// first line must be a comment~%")
+ (format #t "pref(~s, ~s);~%"
+ "extensions.torlauncher.torrc-defaults_path"
+ (in-vicinity
+ lib "TorBrowser/Data/Tor/torrc-defaults"))
+ (format #t "pref(~s, ~s);~%"
+ "extensions.torlauncher.tor_path"
+ (search-input-file inputs "bin/tor"))
+ ;; Required for Guix packaged extensions
+ ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8
+ ;; Default is 5.
+ (format #t "pref(~s, ~a);~%"
+ "extensions.enabledScopes" "13")
+ (format #t "pref(~s, ~s);~%"
+ "security.sandbox.content.read_path_whitelist"
+ (call-with-input-file "whitelist.txt"
+ get-string-all))
+ ;; Add-ons pannel (see settings.js in Icecat source).
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.search.browseURL"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.get.url"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.link.url"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.discovery.api_url"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.langpacks.url"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "lightweightThemes.getMoreURL"
+ "https://gnuzilla.gnu.org/mozzarella"))))))
+ (replace 'wrap-program
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((gtk #$(this-package-input "gtk+"))
+ (gtk-share (string-append gtk "/share"))
+ (fonts.conf (in-vicinity
+ #$output
+ "lib/torbrowser/fontconfig/fonts.conf"))
+ (ld-libs '#$(cons
+ (file-append
+ (this-package-input "libcanberra")
+ "/lib/gtk-3.0/modules")
+ (map
+ (lambda (label)
+ (file-append
+ (this-package-input label) "/lib"))
+ '("libpng-apng"
+ "libxscrnsaver"
+ "mesa"
+ "pciutils"
+ "mit-krb5"
+ "eudev"
+ "pulseaudio"
+ "libnotify")))))
+ (wrap-program
+ (in-vicinity #$output "lib/torbrowser/torbrowser")
+ `("XDG_DATA_DIRS" prefix (,gtk-share))
+ `("LD_LIBRARY_PATH" prefix ,ld-libs)
+ `("FONTCONFIG_FILE" prefix (,fonts.conf))))))
+ (replace 'install-desktop-entry
+ (lambda _
+ (let ((apps (in-vicinity #$output "share/applications")))
+ (mkdir-p apps)
+ (make-desktop-entry-file
+ (in-vicinity apps "torbrowser.desktop")
+ #:name "Tor Browser"
+ #:exec
+ (format #f "~a %u" (in-vicinity #$output "bin/torbrowser"))
+ #:comment
+ "Tor Browser is +1 for privacy and -1 for mass surveillance"
+ #:categories '("Network" "WebBrowser" "Security")
+ #:startup-w-m-class "Tor Browser"
+ #:icon "tor-browser"))))
+ (replace 'install-icons
+ (lambda* (#:key inputs #:allow-other-keys)
+ (for-each
+ (lambda (size)
+ (let ((oldpath (string-append
+ "browser/branding/tb-release/default"
+ size ".png"))
+ (newpath (string-append #$output
+ "/share/icons/hicolor/"
+ size "x" size "/apps")))
+ (mkdir-p newpath)
+ (copy-file oldpath
+ (in-vicinity newpath "tor-browser.png"))))
+ '("16" "22" "24" "32" "48" "64" "128" "256"))))))))
+ (inputs
+ (modify-inputs (package-inputs icecat-minimal)
+ (append bash-minimal
+ tor-client
+ torbrowser-assets)))
+ (propagated-inputs
+ (list noscript/icecat))
+ (home-page "https://www.torproject.org")
+ (synopsis "Anonymous browser derived from Mozilla Firefox")
+ (description
+ "Tor Browser is the Tor Project version of Firefox browser. It is the
+only recommended way to anonymously browse the web that is supported by the
+project. It modifies Firefox in order to avoid many know application level
+attacks on the privacy of Tor users.")
+ (license license:mpl2.0))) ;And others, see
+ ;toolkit/content/license.html
base-commit: bb3ab24a296ffa5273b2e82a02ed057e90c095f3
prerequisite-patch-id: 51e2c2aaf5262d0d9001b0b5c37836060291f55d
--
2.41.0
next prev parent reply other threads:[~2023-12-21 13:58 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-15 21:15 [bug#42380] [WIP] gnu: Add torbrowser-unbundle André Batista
2020-07-25 14:49 ` [bug#42380] [PATCH] " André Batista
2020-08-03 12:55 ` André Batista
2020-09-07 14:13 ` Ludovic Courtès
2020-09-09 2:24 ` André Batista
2020-09-09 7:20 ` Ludovic Courtès
2020-09-09 10:59 ` Efraim Flashner
2020-09-15 14:21 ` [bug#42380] [PATCH 0/9] " André Batista
2020-09-15 15:01 ` [bug#42380] [PATCH 1/9] gnu: Add go-torproject-org-ptlib André Batista
2020-09-15 15:04 ` [bug#42380] [PATCH 2/9] gnu: Add go-github-com-agl-ed25519 André Batista
2020-09-15 22:50 ` [bug#42380] [PATCH 2v2/9] " André Batista
2020-09-15 15:06 ` [bug#42380] [PATCH 0/9] gnu: Add go-github-com-dchest-siphash André Batista
2020-09-15 22:53 ` [bug#42380] [PATCH 3/9] " André Batista
2020-09-15 15:08 ` [bug#42380] [PATCH 4/9] gnu: Add go-github-com-dchest-uniuri André Batista
2020-09-15 15:10 ` [bug#42380] [PATCH 5/9] gnu: Add go-github-com-dsnet-compress André Batista
2020-09-15 15:12 ` [bug#42380] [PATCH 6/9] gnu: Add go-schwanenlied-me-yawning-bsaes André Batista
2020-09-15 15:14 ` [bug#42380] [PATCH 7/9] gnu: Add go-gitlab-com-yawning-utls André Batista
2020-09-15 15:15 ` [bug#42380] [PATCH 8/9] gnu: obfs4 André Batista
2020-09-15 15:16 ` [bug#42380] [PATCH 9/9] gnu: Add torbrowser-unbundle André Batista
2020-09-24 23:18 ` [bug#42380] [PATCHv2 " André Batista
2020-10-07 15:51 ` [bug#42380] [PATCHv3 " André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 0/9] " André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 1/9] gnu: Add go-torproject-org-ptlib André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 2/9] gnu: Add go-github-com-agl-ed25519 André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 3/9] gnu: Add go-github-com-dchest-siphash André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 4/9] gnu: Add go-github-com-dchest-uniuri André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 5/9] gnu: Add go-github-com-dsnet-compress André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 6/9] gnu: Add go-schwanenlied-me-yawning-bsaes André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 7/9] gnu: Add go-gitlab-com-yawning-utls André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 8/9] gnu: Add obfs4 André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 9/9] gnu: Add torbrowser-unbundle André Batista
2021-06-03 4:10 ` [bug#42380] [PATCH v5 " André Batista
2021-06-03 21:07 ` Maxime Devos
2021-07-10 3:10 ` André Batista
2021-06-03 21:07 ` Maxime Devos
2020-09-12 13:35 ` [bug#42380] Wow! Raghav Gururajan
2020-09-15 15:23 ` André Batista
2021-05-25 15:05 ` Xinglu Chen
2021-05-25 19:12 ` Leo Famulari
2021-05-25 21:24 ` Ludovic Courtès
2021-05-28 1:45 ` André Batista
2021-06-03 20:43 ` Ludovic Courtès
2023-12-12 11:21 ` [bug#42380] [PATCH] gnu: Add torbrowser Clément Lassieur
2023-12-14 21:54 ` André Batista
2023-12-15 17:04 ` André Batista
2023-12-16 3:49 ` André Batista
2023-12-19 18:19 ` Clément Lassieur
2023-12-21 15:05 ` [bug#42380] [WIP] gnu: Add torbrowser-unbundle Clément Lassieur
2023-12-22 14:54 ` André Batista
2023-12-25 15:28 ` Clément Lassieur
2023-12-27 10:03 ` André Batista
2023-12-27 11:18 ` bug#42380: " Clément Lassieur
2023-12-21 13:56 ` Clément Lassieur [this message]
2023-12-27 21:22 ` [bug#42380] " Anonymousemail via Guix-patches via
2023-12-28 16:03 ` Clément Lassieur
2023-12-30 0:34 ` Clément Lassieur
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45b7d4b41bbd918cc15c4a10fe5c30a40b792947.1703164756.git.clement@lassieur.org \
--to=clement@lassieur.org \
--cc=42380@debbugs.gnu.org \
--cc=jonathan.brielmaier@web.de \
--cc=nandre@riseup.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).