From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id qHdnCievZWPu3wAAbAwnHQ (envelope-from ) for ; Sat, 05 Nov 2022 01:32:39 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id iGxHCievZWNbdwAAauVa8A (envelope-from ) for ; Sat, 05 Nov 2022 01:32:39 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B3D55F5B8 for ; Sat, 5 Nov 2022 01:32:38 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1or76T-0006Ld-Cc; Fri, 04 Nov 2022 20:32:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1or76F-0006FQ-Vw for help-guix@gnu.org; Fri, 04 Nov 2022 20:32:00 -0400 Received: from cyberdimension.org ([2001:910:1314:ffff::1] helo=gnutoo.cyberdimension.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1or769-0008NB-Dl for help-guix@gnu.org; Fri, 04 Nov 2022 20:31:50 -0400 Received: from gnutoo.cyberdimension.org (localhost [127.0.0.1]) by cyberdimension.org (OpenSMTPD) with ESMTP id 78f792ea; Sat, 5 Nov 2022 00:26:44 +0000 (UTC) Received: from primary_laptop (localhost [::1]) by gnutoo.cyberdimension.org (OpenSMTPD) with ESMTP id 32d08ed4; Sat, 5 Nov 2022 00:26:44 +0000 (UTC) Date: Sat, 5 Nov 2022 01:29:42 +0100 From: Denis 'GNUtoo' Carikli To: Gottfried Cc: Csepp , help-guix@gnu.org Subject: Re: tor Message-ID: <20221105012942.2be20962@primary_laptop> In-Reply-To: <20220901162735.785a14c9@primary_laptop> References: <5f9b2c8a-ee45-451e-da86-c6944a7a910a@posteo.de> <87a67or2g7.fsf@riseup.net> <09e45c31-cce5-da97-dbc0-23975f742279@posteo.de> <87h71u9ez1.fsf@riseup.net> <92a94bf3-12a8-8743-e338-7906835c9697@posteo.de> <20220901162735.785a14c9@primary_laptop> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.30; i686-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/=ZJUKT3DCmRfyhLNscLXki2"; protocol="application/pgp-signature"; micalg=pgp-sha256 Received-SPF: pass client-ip=2001:910:1314:ffff::1; envelope-from=GNUtoo@cyberdimension.org; helo=gnutoo.cyberdimension.org X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Help-Guix" Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1667608358; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=sEUgSeYG9Iaioz+6dgVd4uLUx5MbM5XHjKfnBHRZlIQ=; b=LpA9HRZvHolFDqL1RWnDtL1uq/rVGyrPByxO9Us+NDz5TvflbPN/ETbWS/2i80qrQ0gQsr ZMJd1UAl/l8FNgeNnnxjWEsC9bCARgtfq00nFAMRLMx5GGwNi/0zKQvRCZbHRF+NoXNfjK c+ZwXT94IEvdOH0DStLP3YDV6r8mxoqyLR4M2XotkrVcs9Cx+4ZpeNvoFFHrhK4Pk1kmJT RXF91DKwH1rkvcecqLxAB3r5wRyRifAxmmVWnwcaqczEKdM92l7JGFvvge0scfq+pSGnA8 4xYyAHMDOgNnLCYmo4IBkS7iME2aGfa2WD9lbI+990JcmDAAs9flvI+LjagGrw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1667608358; a=rsa-sha256; cv=none; b=nx0LrohZs0UADnXHtKDRYLE6Q1B3ViOXxomqKFW1Np4ladYTd3CCHOE3NEn3+LfXmF3kOO Cb4elZKMfsvkxAsKgtXAeiijlbzThgOFQPOrSKcTUTM9fwr/cSEr7rngwjVBKguJZO2T4h GSb3jyJPn0rMscJtCyMfgoCi14Ew9W0Zf4N0CzfH9oG+6TeDpG2Iwt8OYwUIUGjdwBJMtd yrKtIpfFlfe8vCpQCq5B7Admv43bBJauG8GoUOpjt+Uxim4Y7++Lmgx9XIryX+n34Q9u7Z Tbtx4YYhc5DCiXvE3YCFwiF51jh76Fuazp5Cn1qZMIldTC5PAIDCh9Sr8L/mUw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.90 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: B3D55F5B8 X-Spam-Score: -2.90 X-Migadu-Scanner: scn1.migadu.com X-TUID: A4tKd0LiifQ4 --Sig_/=ZJUKT3DCmRfyhLNscLXki2 Content-Type: multipart/mixed; boundary="MP_/GCZ+w9QSLcjbZHdpeIZ8xM1" --MP_/GCZ+w9QSLcjbZHdpeIZ8xM1 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi again, I had some data loss so I wasn't able to reply to this thread before. I managed to make the tor-browser work in Guix proper, and I've attached the script I used for that. It's hardcoded for i686 though so it needs to be modified for x86_64. Even if that works, there is a problematic issue: the tor-browser has a potential freedom issue: on one hand it very strongly advises people not to install any addons, on the other hand in "tools->Addons and themes->Plugins", there is the following message: > Get extensions and themes on addons.mozilla.org And the issue is that that repository also contains nonfree addons. If that address can get removed or changed, we could have something where we could be sure that it is FSDG compliant, so we could probably ship scripts like guix-tor-browser-installer for instance. I've tried to find where that string is set in the binaries in the hope of being able to make a dead simple sed script that would fix the potential FSDG issue at least at installation time, but it didn't find much: > $ tar xf tor-browser-linux64-11.5.4_en-US.tar.xz > $ grep addons.mozilla.org -r tor-browser_en-US > tor-browser_en-US/Browser/TorBrowser/Docs/ChangeLog.txt: * Bug > 10464: Remove addons.mozilla.org from NoScript whitelist grep: > tor-browser_en-US/Browser/libxul.so: binary file matches > $ strings tor-browser_en-US/Browser/libxul.so | \ > grep addons.mozilla.org > addons.mozilla.org > $http://addons.mozilla.org/ca/crl.pem0 > signingca1.addons.mozilla.org1!0 > $http://addons.mozilla.org/ca/crl.pem0N The issue is that this domain is also used for addons updates, so we can't simply remove it blindly. We need to only remove that string in "tools->Addons and themes->Plugins". The advantage of patching binaries is that we don't need to rebuild it, so we really have the tiniest amount of change possible to make it FSDG compliant (and we can hope that it doesn't change the tor-browser fingerprint). As far as I understand it should also also be OK to use binaries like that as long as we're also able to rebuild it in an FSDG distribution somehow. Though here the path forward is probably to dig into upstream bug reports and see what upstream thinks about making the tor-browser FSDG compliant and/or removing the information of where to find addons. Denis. --MP_/GCZ+w9QSLcjbZHdpeIZ8xM1 Content-Type: application/octet-stream; name=tor-browser Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=tor-browser IyEvYmluL3NoCiMgQ29weXJpZ2h0IChDKSAyMDIyIERlbmlzICdHTlV0b28nIENhcmlrbGkgPEdO VXRvb0BjeWJlcmRpbWVuc2lvbi5vcmc+CiMKIyBUaGlzIHByb2dyYW0gaXMgZnJlZSBzb2Z0d2Fy ZTogeW91IGNhbiByZWRpc3RyaWJ1dGUgaXQgYW5kL29yIG1vZGlmeQojIGl0IHVuZGVyIHRoZSB0 ZXJtcyBvZiB0aGUgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgYXMgcHVibGlzaGVkIGJ5CiMg dGhlIEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbiwgZWl0aGVyIHZlcnNpb24gMyBvZiB0aGUgTGlj ZW5zZSwgb3IKIyAoYXQgeW91ciBvcHRpb24pIGFueSBsYXRlciB2ZXJzaW9uLgojCiMgVGhpcyBw cm9ncmFtIGlzIGRpc3RyaWJ1dGVkIGluIHRoZSBob3BlIHRoYXQgaXQgd2lsbCBiZSB1c2VmdWws CiMgYnV0IFdJVEhPVVQgQU5ZIFdBUlJBTlRZOyB3aXRob3V0IGV2ZW4gdGhlIGltcGxpZWQgd2Fy cmFudHkgb2YKIyBNRVJDSEFOVEFCSUxJVFkgb3IgRklUTkVTUyBGT1IgQSBQQVJUSUNVTEFSIFBV UlBPU0UuICBTZWUgdGhlCiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgZm9yIG1vcmUgZGV0 YWlscy4KIwojIFlvdSBzaG91bGQgaGF2ZSByZWNlaXZlZCBhIGNvcHkgb2YgdGhlIEdOVSBHZW5l cmFsIFB1YmxpYyBMaWNlbnNlCiMgYWxvbmcgd2l0aCB0aGlzIHByb2dyYW0uICBJZiBub3QsIHNl ZSA8aHR0cHM6Ly93d3cuZ251Lm9yZy9saWNlbnNlcy8+LgoKc2V0IC1lCgpjZCB+Ly5sb2NhbC9z aGFyZS90b3Jicm93c2VyL3RiYi9pNjg2L3Rvci1icm93c2VyX2VuLVVTL0Jyb3dzZXIvCgojIEkg aGF2ZSBteSBEb3dubG9hZCBmb2xkZXIgc29tZXdoZXJlIGVsc2UuIFJpZ2h0IG5vdyBpdCdzIGF0 CiMgL3Nydi9kYXRhL0Rvd25sb2FkcyBvbiBhbm90aGVyIHBhcnRpdGlvbi4gQW5kIEkgd2FudCB0 b3ItYnJvd3NlciB0bwojIHVzZSB0aGF0IGZvbGRlciBmb3Igc3RvcmluZyBEb3dubG9hZHMuCiMg Rm9yIHRoYXQgdG8gd29yayB3ZSBuZWVkIHRvIGdpdmUgdGhlIHRvci1icm93c2VyIHdyaXRlIGFj Y2VzcyB0bwojIC9zcnYvZGF0YS9Eb3dubG9hZHMvLiBPdGhlciBtZXRob2RzIHdlcmUgdHJpZWQg YnV0IGRpZG4ndCB3b3JrOgojIC0gbW91bnRpbmcgL3Nydi9kYXRhL0Rvd25sb2Fkcy8gdG8gRG93 bmxvYWRzIHJlc3VsdGVkIGluIHRoZQojICAgdG9yLWJyb3dzZXIgZmFpbGluZyB0byBzdGFydC4K IyAtIFVzaW5nIC0tZXhwb3JzZT0vc3J2L2RhdGEvRG93bmxvYWRzLz0ke0hPTUV9Ly4uLi9Ccm93 c2VyL0Rvd25sb2FkcwojICAgZGlkIG5vdCB3b3JrIGVpdGhlciBiZWNhdXNlIERvd25sb2FkIHdh cyB1bmFjY2Vzc2libGUuIFJlcGxhY2luZwojICAgLS1leHBvc2UgYnkgc2hhcmUgaW4gdGhlIGNv bW1hbmQgYWJvdmUgZGlkbid0IGNoYW5nZSBhbnl0aGluZy4KIyBTbyBJIGVuZGVkIHVwIHVzaW5n IC0tc2hhcmU9L3Nydi9kYXRhL0Rvd25sb2Fkcy8uIFRoYXQgcmVxdWlyZXMgdGhlCiMgdXNlciB0 byBkbyB0aGUgc3ltbGluayBtYW51YWxseSB0aG91Z2guCmd1aXggc2hlbGwgXAoJLS1zaGFyZT0v c3J2L2RhdGEvRG93bmxvYWRzLyBcCgktLWV4cG9zZT0vcnVuL3VzZXIvJChpZCAtdSkvIFwKCS0t ZXhwb3NlPS90bXAvLlgxMS11bml4IFwKCS0tZXhwb3NlPS90bXAvLlgxLWxvY2sgXAoJLS1jb250 YWluZXIgXAoJLS1lbXVsYXRlLWZocyBcCgktLW5ldHdvcmsgXAoJYmFzaCBjb3JldXRpbHMgZGJ1 cy1nbGliIGZpbGUgZ3JlcCBnY2M6bGliIGd0aytAMyBsaWJ4dCBzZWQgLS0gXAoJCWJhc2ggLWwg LWMgImV4cG9ydCBESVNQTEFZPSR7RElTUExBWX07IC4vc3RhcnQtdG9yLWJyb3dzZXIiCg== --MP_/GCZ+w9QSLcjbZHdpeIZ8xM1-- --Sig_/=ZJUKT3DCmRfyhLNscLXki2 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEeC+d2+Nrp/PU3kkGX138wUF34mMFAmNlrnYACgkQX138wUF3 4mMczA//fC8tuAFVBplFy5Ig6U1OXq4F0CAr3A0zUx40b6X8U6Q2MsrGfNuY1Bth 3hHBadoOl2EJo7vLG1ccLbl/myhW+4k6jO9I9FTqWrn8RznOlPHjJfjIYnFrJVUu HjjlFbhhYQP6/H/gRIBIw6B3FHHaha5ZF8vB0OmUJzFRGp1Z1wm6Lezqx4Egfokq B1oAvWNKgSnBEun57JA2GvXMGxnztwvIjAzv+2vOJytQTpoi3kY3AsFyqlYd1jJl pfW4avq705LV+vZkEL+dveM+h8fk8vhpdzF7gDQ1oMBC9S8BsOFhdejMFToPkPf7 ozH1qRinyaFwCBOUK1qocQ+hlVpgW5Vgw3zZzSMsBebndQ9hZrhdcJ1OxW2nxEEO WjbILjtDFWg9Zg/P28QXIn5sMiPI3E6J+sxITRtaqBAb1cLbbrPaV1XskGHVfyku bkAfsiGrd5IlfqFJyMv+Ic8MMVhxu0wiDNKnGm7TAtXF2HbWao+SZqiDVnH/O3rl l2At6c8qdyriqXefP5x5xNjJ1pkiGL07yStk3g9l6F/KYyYD4EK5XuJQid38wt4o 4xVShDNWXTUCKxcUuqe+iJjwlNKAQ+qKxFa84xZVLBMrOLSSVaISd1qhonMO7Ig+ yQn7knHOoJTSS6TLvBH90StZ+h5WIWlHl5XXsQ4+3Mi+Fyex6UU= =AwLm -----END PGP SIGNATURE----- --Sig_/=ZJUKT3DCmRfyhLNscLXki2--