From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id GBjbNWqMD2NoKQEAbAwnHQ (envelope-from ) for ; Wed, 31 Aug 2022 18:29:30 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id sFLbNWqMD2N70wAAauVa8A (envelope-from ) for ; Wed, 31 Aug 2022 18:29:30 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6A1C2A9EE for ; Wed, 31 Aug 2022 18:29:30 +0200 (CEST) Received: from localhost ([::1]:54090 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oTQan-0002DE-HL for larch@yhetil.org; Wed, 31 Aug 2022 12:29:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43672) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oTQVt-0004v2-Cv for help-guix@gnu.org; Wed, 31 Aug 2022 12:24:25 -0400 Received: from cyberdimension.org ([80.67.179.20]:58120 helo=gnutoo.cyberdimension.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1oTQVr-0000zs-4h for help-guix@gnu.org; Wed, 31 Aug 2022 12:24:25 -0400 Received: from gnutoo.cyberdimension.org (localhost [127.0.0.1]) by cyberdimension.org (OpenSMTPD) with ESMTP id 27587b69; Wed, 31 Aug 2022 16:19:00 +0000 (UTC) Received: from primary_laptop (localhost [::1]) by gnutoo.cyberdimension.org (OpenSMTPD) with ESMTP id d89cff5d; Wed, 31 Aug 2022 16:19:00 +0000 (UTC) Date: Wed, 31 Aug 2022 18:23:54 +0200 From: Denis 'GNUtoo' Carikli To: Gottfried Cc: Csepp , help-guix@gnu.org Subject: Re: tor Message-ID: <20220831182354.4a1db154@primary_laptop> In-Reply-To: <92a94bf3-12a8-8743-e338-7906835c9697@posteo.de> References: <5f9b2c8a-ee45-451e-da86-c6944a7a910a@posteo.de> <87a67or2g7.fsf@riseup.net> <09e45c31-cce5-da97-dbc0-23975f742279@posteo.de> <87h71u9ez1.fsf@riseup.net> <92a94bf3-12a8-8743-e338-7906835c9697@posteo.de> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.30; i686-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/mM_hnKVGl3f9ZCRYx+e_oaS"; protocol="application/pgp-signature"; micalg=pgp-sha256 Received-SPF: pass client-ip=80.67.179.20; envelope-from=GNUtoo@cyberdimension.org; helo=gnutoo.cyberdimension.org X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1661963370; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=P8BHndK5vPnomMS9lyyPu5OW4H42edWPb+yVCHrNi/w=; b=o76aXo/wwXTw6kbroJQrQACkGW5ktAgfyze6InmO82CTmMKm/0YEGySBDPRzDkBEGkG5so wMgrM3yzDcCIy/ZBtc7CSw8TkZ3Nx7XTZqSgTp/Fz8BOJOQNh+jnUl6ZL4tF76QEEN6uRc 6zCB0mpo7OdJhu/2au4NpFVgb4sNebqmVu94EGW3GvIxGh89FGh41f9DxgnQQ5KAsYAbRn MLSogvCZWf9886ymtSE6pDucPV+v7xveSwM1Gwy7GaiGWdNgGqPGgOhpYoe3JBgwh1Ctm3 aK+8XzeFnFb/opPCcHCD9SCnopL5WAukenA8zpdOrtKrjXi5Tn465cYoyS3jbw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1661963370; a=rsa-sha256; cv=none; b=MCeVzFOZmUQmCWLIWUyADg5YzbVTDPbRgPf0G91K+UxeFT8vEIVseU02KS8un2juAU9ddL PBgsFnOJ37joxUK1le4zxjuq6ne6bfloRIEknpQNCkD0WmW0AmptUaUdT+p+s+JX+EVJsv 6AyIXrBQ+JkE6or9cLf82wtQKFF1lrk95gcdL5Prmg7sO1XLgGCEN6JLQgzbGqbR8LoPgh fFCR1f+8esiOGS5isVEzSp92TTNBzdQtXcrKdcHYd0lruodrXgVErFFkobr5UECxryRG34 EJZ5Rdrjv/0dZSLTekjq+Ujg8dCfshA9jGblMtEGyDlu4PWhJnV4cUB7lrcraw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -1.78 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 6A1C2A9EE X-Spam-Score: -1.78 X-Migadu-Scanner: scn0.migadu.com X-TUID: IgV6eYDcsHtp --Sig_/mM_hnKVGl3f9ZCRYx+e_oaS Content-Type: multipart/mixed; boundary="MP_/JQLAXVcZ7.MmiRyZI1n07kB" --MP_/JQLAXVcZ7.MmiRyZI1n07kB Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tue, 30 Aug 2022 18:32:26 +0000 Gottfried wrote: > It is too difficult for me to use chroots in Guix System > because I don't know how to set it up. For chrooting I use the scripts I attached.=20 So far both scripts works for graphical applications. I've no idea if sound works or not though.=20 One limitation of the scripts is that I had to use the same username and/or uid/gid inside and outside of the chroot. Otherwise the graphical applications don't run. As for creating the rootfs to chroot in, we need better support for it in Guix, especially to add more FSDG compliant distributions. So far PureOS "amber" is probably the only FSDG compliant option there is. After installing debootstrap, the following command should create an extremely basic rootfs in the /path/to/rootfs/directory directory: > sudo debootstrap amber /path/to/rootfs/directory \ > https://repo.puri.sm/pureos You then need to do some low level configuration manually (like explained in 'man debootstrap'). The Debian installation manual has more information on that[1] and since PureOS is based on Debian, most of the information can be reused.=20 The security isn't ideal since we lack a pureos keyring but it uses https so it should be good enough. As for adding Trisquel and other PureOS versions to debootstrap, I've sent a patch to debootstrap upstream[2] but nobody looked at it, so I've no idea how to get that unblocked. As for other distributions like Parabola, I managed to make a pacstrap package for Guix[3], but it didn't work: it could install a rootfs but running the post install scripts failed, probably due to it not having the right PATH value. So far I didn't find enough time to fix that issue though. So for now your only option within Guix is through debootstrap. Another option for creating a rootfs would be to boot a distribution installer (like the Parabola command line USB installer) and actually run pacstrap there, and then once back into Guix, chroot inside with (a modified version) of the scripts I provided. And as for running the tor-browser binaries directly on Guix, I've tried that approach by installing the libraries required by the tor-browser in Guix like libgcc and so on, and it found some of these libraries, but not other despite having installed them, so that didn't work. As for the tor-browser, there is also an issue with it: in about:addons, it points users to addons.mozilla.org which contains nonfree addons. This is what prevents us from adding the tor-browser-installer/launcher to (other than Guix) FSDG compliant distributions. So once you created the chroot you'll also need to download, verify the download with gpg, and unpack it manually. References: ----------- [1]https://www.debian.org/releases/stable/amd64/apds03.en.html [2]https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/60 [3]https://framagit.org/GNUtoo/guix/-/commits/archlinux/ Denis. --MP_/JQLAXVcZ7.MmiRyZI1n07kB Content-Type: application/x-shellscript Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=parabola32-chroot.sh IyEvYmluL3NoCgojIENvcHlyaWdodCAoQykgMjAyMSBEZW5pcyAnR05VdG9vJyBDYXJpa2xpIDxH TlV0b29AY3liZXJkaW1lbnNpb24ub3JnPgojCiMgVGhpcyBwcm9ncmFtIGlzIGZyZWUgc29mdHdh cmU6IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0IGFuZC9vciBtb2RpZnkKIyBpdCB1bmRlciB0aGUg dGVybXMgb2YgdGhlIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIGFzIHB1Ymxpc2hlZCBieQoj IHRoZSBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIGVpdGhlciB2ZXJzaW9uIDMgb2YgdGhlIExp Y2Vuc2UsIG9yCiMgKGF0IHlvdXIgb3B0aW9uKSBhbnkgbGF0ZXIgdmVyc2lvbi4KIwojIFRoaXMg cHJvZ3JhbSBpcyBkaXN0cmlidXRlZCBpbiB0aGUgaG9wZSB0aGF0IGl0IHdpbGwgYmUgdXNlZnVs LAojIGJ1dCBXSVRIT1VUIEFOWSBXQVJSQU5UWTsgd2l0aG91dCBldmVuIHRoZSBpbXBsaWVkIHdh cnJhbnR5IG9mCiMgTUVSQ0hBTlRBQklMSVRZIG9yIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUiBQ VVJQT1NFLiAgU2VlIHRoZQojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIGZvciBtb3JlIGRl dGFpbHMuCiMKIyBZb3Ugc2hvdWxkIGhhdmUgcmVjZWl2ZWQgYSBjb3B5IG9mIHRoZSBHTlUgR2Vu ZXJhbCBQdWJsaWMgTGljZW5zZQojIGFsb25nIHdpdGggdGhpcyBwcm9ncmFtLiAgSWYgbm90LCBz ZWUgPGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvPi4KCgp1c2FnZSgpCnsKCWVjaG8gIlVz YWdlOiAkMCIKCWV4aXQgMQp9CgppZiBbICQjIC1lcSAxIF0gOyB0aGVuCgl1c2FnZQpmaQoKcm9v dD0iL3Nydi9kaXN0cm9zL3BhcmFib2xhMzIiCnVzZXJuYW1lPWdudXRvbwoKZm9yIGQgaW4gZGV2 IGRldi9wdHMgZGV2L3NobSBldGMvbWFjaGluZS1pZCBwcm9jIHN5cyB0bXAvLlgxMS11bml4IDsg ZG8KICAgIHN1ZG8gbW91bnQgfCBncmVwICIgb24gJHtyb290fS8kZCIgPiAvZGV2L251bGwgfHwg c3VkbyBtb3VudCAtbyBiaW5kIC8kZCAke3Jvb3R9LyRkCmRvbmUKCmlmIFsgLWYgJHtYQVVUSE9S SVRZfSBdIDsgdGhlbgogICAgc3VkbyBtb3VudCB8IGdyZXAgIiBvbiAke3Jvb3R9LyR7WEFVVEhP UklUWX0iID4gL2Rldi9udWxsIHx8IFwKCSAgICBzdWRvIG1vdW50IC1vIGJpbmQgJHtYQVVUSE9S SVRZfSAke3Jvb3R9LyR7WEFVVEhPUklUWX0KZmkKCnN1ZG8gY2hyb290ICIke3Jvb3R9IiAvYmlu L2Jhc2ggLS1sb2dpbiAtYyBcCgkic3VkbyBYQVVUSE9SSVRZPSR7WEFVVEhPUklUWX0gRElTUExB WT0ke0RJU1BMQVl9IFdBWUxBTkRfRElTUExBWT0ke1dBWUxBTkRfRElTUExBWX0gLWkgLXUgJHt1 c2VybmFtZX07Igo= --MP_/JQLAXVcZ7.MmiRyZI1n07kB Content-Type: application/x-shellscript Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=trisquel9-chroot.sh IyEvYmluL3NoCgojIENvcHlyaWdodCAoQykgMjAyMSBEZW5pcyAnR05VdG9vJyBDYXJpa2xpIDxH TlV0b29AY3liZXJkaW1lbnNpb24ub3JnPgojCiMgVGhpcyBwcm9ncmFtIGlzIGZyZWUgc29mdHdh cmU6IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0IGFuZC9vciBtb2RpZnkKIyBpdCB1bmRlciB0aGUg dGVybXMgb2YgdGhlIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIGFzIHB1Ymxpc2hlZCBieQoj IHRoZSBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIGVpdGhlciB2ZXJzaW9uIDMgb2YgdGhlIExp Y2Vuc2UsIG9yCiMgKGF0IHlvdXIgb3B0aW9uKSBhbnkgbGF0ZXIgdmVyc2lvbi4KIwojIFRoaXMg cHJvZ3JhbSBpcyBkaXN0cmlidXRlZCBpbiB0aGUgaG9wZSB0aGF0IGl0IHdpbGwgYmUgdXNlZnVs LAojIGJ1dCBXSVRIT1VUIEFOWSBXQVJSQU5UWTsgd2l0aG91dCBldmVuIHRoZSBpbXBsaWVkIHdh cnJhbnR5IG9mCiMgTUVSQ0hBTlRBQklMSVRZIG9yIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUiBQ VVJQT1NFLiAgU2VlIHRoZQojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIGZvciBtb3JlIGRl dGFpbHMuCiMKIyBZb3Ugc2hvdWxkIGhhdmUgcmVjZWl2ZWQgYSBjb3B5IG9mIHRoZSBHTlUgR2Vu ZXJhbCBQdWJsaWMgTGljZW5zZQojIGFsb25nIHdpdGggdGhpcyBwcm9ncmFtLiAgSWYgbm90LCBz ZWUgPGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvPi4KCgp1c2FnZSgpCnsKCWVjaG8gIlVz YWdlOiAkMCIKCWV4aXQgMQp9CgppZiBbICQjIC1lcSAxIF0gOyB0aGVuCgl1c2FnZQpmaQoKcm9v dD0iL3Nydi9kaXN0cm9zL3RyaXNxdWVsOS1pNjg2Igp1c2VybmFtZT1nbnV0b28KCmZvciBkIGlu IGRldiBkZXYvcHRzIGRldi9zaG0gZXRjL21hY2hpbmUtaWQgcHJvYyBzeXMgdG1wLy5YMTEtdW5p eCA7IGRvCiAgICBzdWRvIG1vdW50IHwgZ3JlcCAiIG9uICR7cm9vdH0vJGQiID4gL2Rldi9udWxs IHx8IHN1ZG8gbW91bnQgLW8gYmluZCAvJGQgJHtyb290fS8kZApkb25lCgppZiBbIC1mICR7WEFV VEhPUklUWX0gXSA7IHRoZW4KICAgIHN1ZG8gbW91bnQgfCBncmVwICIgb24gJHtyb290fS8ke1hB VVRIT1JJVFl9IiA+IC9kZXYvbnVsbCB8fCBcCgkgICAgc3VkbyBtb3VudCAtbyBiaW5kICR7WEFV VEhPUklUWX0gJHtyb290fS8ke1hBVVRIT1JJVFl9CmZpCgpzdWRvIGNocm9vdCAiJHtyb290fSIg L2Jpbi9iYXNoIC0tbG9naW4gLWMgXAoJIi91c3IvYmluL3N1ZG8gWEFVVEhPUklUWT0ke1hBVVRI T1JJVFl9IERJU1BMQVk9JHtESVNQTEFZfSBXQVlMQU5EX0RJU1BMQVk9JHtXQVlMQU5EX0RJU1BM QVl9IC1pIC11ICR7dXNlcm5hbWV9OyIK --MP_/JQLAXVcZ7.MmiRyZI1n07kB-- --Sig_/mM_hnKVGl3f9ZCRYx+e_oaS Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEeC+d2+Nrp/PU3kkGX138wUF34mMFAmMPixoACgkQX138wUF3 4mOvnBAArOx8aOh3EUwa+ffcZhZED1ZNwWi4/z2Nopj3ba5yQq+9ViG41okH36aW c7pA3mfjlDbThkkKIpRVaV3LD9iv0ZYLroB30jO/E9UYwayd73vCEagfQkVvhMgx UceAP/Thp5iigN6wzbcPSXCbYivjBTrIupOOUvcjwV2/d9nX405YTNMkyokZq2/M 5VfM6VaOXNtYhvUH0hSKSOZubB+119aCjfB8oox8hbkAG3Dir81l9UA7V3HaODdJ XQUi4F5d1IGTVm4qGqeJEcg84rYEOPqIKr5fCgXrpOLC6+njb++WkV8HklJIk7C7 GJwvwyI45g+jp2YoxecgNsnRAC9a5Zd9+UengdXvatmAhwl8CQwxyO8SKBAnM5P4 sM4vhNsoZ9CdKmY6a201lHfxa/rSCom83fmNzZKYIL+205dbk0uKer34lwZjKIAr TQWqMIfyxLzFLuL1obHewfH+723O08a67hqwXW892GwY4VsAEfhUk+8Q9DrnNcsD mHjY2wXXxPKh7wht07HzZ6B+5HqUBu/3Kay/r+JT8gq5NLpK6zCmtwXEJ/wANKIm 3Xrdvd03c8EKjnv1g9jNDtP+T11UI1RUkSHDYV9LEAE61Zs+l/ZyrO4g5kDxBDTM q0sGByBhYccrmLWD5+RNqxaP3AdT5dPO7dtzUJtCRV8uXG5AKns= =qWsS -----END PGP SIGNATURE----- --Sig_/mM_hnKVGl3f9ZCRYx+e_oaS--