unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
From: Wojtek Kosior via <help-guix@gnu.org>
To: Gottfried <gottfried@posteo.de>
Cc: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>, help-guix@gnu.org
Subject: Re: tor
Date: Mon, 7 Nov 2022 21:14:30 +0100	[thread overview]
Message-ID: <20221107211430.4145e9bc@koszkonutek-tmp.pl.eu.org> (raw)
In-Reply-To: <1f999794-32e4-718a-2e6b-1395e1d116aa@posteo.de>

[-- Attachment #1: Type: text/plain, Size: 15098 bytes --]

> Will this be also at some stage a Guix package or everybody has to 
> install it as a script?

I understand Denis' intention is to ultimately make *the script* into a
Guix package. But it is possible to have the script look like an
application and appear in user's applications menu. So in the end
launching the Tor Browser through it wouldn't be noticeably different
from running a normal browser.

> -------------------------------------------------------------------
> I did only 2 scripts in my life.
> So I need help to do this one.
> 
> I did:
> 
> 1. made a:
> "tor-browser.sh"
> through:
> "touch tor-browser.sh"
> 
> 2. I opened it with:
> "nano tor-browser.sh"
> 
> 3. I made the first line:
> "#!/bin/bash"
> 
> 4. to make it executable:
> "chmod +x tor-browser.sh
> 
> 
> 5. I put it into:
> ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/
> (this is what I understood)

If you want to use the script Denis attached in his email, you don't
need to add the `#/bin/bash` shebang line - there's already a
`#/bin/sh` line in what Denis made.

Also, you don't need to put this script in the Tor Browser's
directory. Perhaps a more suitable place would be `~/.local/bin` (a
matter of convention).

> 6.
> bash can't find it, after making it:
> where is my mistake?

Shells like Bash use a special environment variable called `PATH` to
determine what directories to search for the scripts/binaries user is
trying to run. If the script's containing directory (in this case
`~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/`) is
not listed in that variable, Bash is not going to look there when it
searches for your script.

You can check current contents of the `PATH` variable by entering

    echo "$PATH"

You can add the Tor Browser directory to `PATH` for the duration of
your current shell session by entering something like

    export PATH="$HOME"/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/:"$PATH"

If you instead choose to place the script inside `~/.local/bin`, that
directory is (probably) going to be included in the `PATH` by default
(by the means of your default, auto-created shell initialization
scripts).

> 7. after doing
> 
> guix shell \
> 	--share=/srv/data/Downloads/ \
> 	--expose=/run/user/$(id -u)/ \
> 	--expose=/tmp/.X11-unix \
> 	--expose=/tmp/.X1-lock \
> 	--container \
> 	--emulate-fhs \
> 	--network \
> 	bash coreutils dbus-glib file grep gcc:lib gtk+@3 libxt sed -- \
> 		bash -l -c "export DISPLAY=${DISPLAY}; ./start-tor-browser"
> 
> it downloaded 94 MB.
> ------------------------------------------------------------------------
> [...]
> 
> guix shell: mistake: statfs: /srv/data/Downloads/: file or directory not 
> found.
> ----------------------------------------------------------------------
> Where are my mistakes?

Denis explained this issue pretty thoroughly in the comment in his
script. Let me quote that

> # I have my Download folder somewhere else. Right now it's at
> # /srv/data/Downloads on another partition. And I want tor-browser to
> # use that folder for storing Downloads.
> # For that to work we need to give the tor-browser write access to
> # /srv/data/Downloads/. Other methods were tried but didn't work:
> # - mounting /srv/data/Downloads/ to Downloads resulted in the
> #   tor-browser failing to start.
> # - Using --exporse=/srv/data/Downloads/=${HOME}/.../Browser/Downloads
> #   did not work either because Download was unaccessible. Replacing
> #   --expose by share in the command above didn't change anything.
> # So I ended up using --share=/srv/data/Downloads/. That requires the
> # user to do the symlink manually though.

This means the `--share=/srv/data/Downloads/` line in Denis' script is
only appropriate if you want to store the downloads under
`/srv/data/Downloads` as he does. Otherwise it is not needed - the Tor
Browser directory (together with its `Downloads` subdir) will be shared
to the container automatically because it is seen by Guix as the
current directory (because Denis' script cd's there first).

Alternatively, you could tell Guix not to share current directory and
to just share `Downloads/`. You'd use the following extra lines

    --no-cwd \
    --share="$HOME"/.local/share/torbrowser/tbb/i686/tor-browser_en-US/Browser/ \


Although this is not related, I believe the
`export DISPLAY=${DISPLAY};` trick in the script can be replaced with
the `--preserve` option of `guix shell`. At this very moment I realized
I can also improve some code of mine this way :o

> Kind regards
> 
> Gottfried

Best,
Wojtek

-- (sig_start)
website: https://koszko.org/koszko.html
PGP: https://koszko.org/key.gpg
fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A

Meet Kraków saints!           #50: blessed Wincenty Kadłubek
Poznaj świętych krakowskich!  #50: błogosławiony Wincenty Kadłubek
https://pl.wikipedia.org/wiki/Wincenty_Kadłubek
-- (sig_end)


On Mon,  7 Nov 2022 19:24:14 +0000
Gottfried <gottfried@posteo.de> wrote:

> Hi Denis,
> 
> thanks for your work.
> 
> Will this be also at some stage a Guix package or everybody has to 
> install it as a script?
> -------------------------------------------------------------------
> I did only 2 scripts in my life.
> So I need help to do this one.
> 
> I did:
> 
> 1. made a:
> "tor-browser.sh"
> through:
> "touch tor-browser.sh"
> 
> 2. I opened it with:
> "nano tor-browser.sh"
> 
> 3. I made the first line:
> "#!/bin/bash"
> 
> 4. to make it executable:
> "chmod +x tor-browser.sh
> 
> 
> 5. I put it into:
> ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/
> (this is what I understood)
> 
> 6.
> bash can't find it, after making it:
> where is my mistake?
> 
> 7. after doing
> 
> guix shell \
> 	--share=/srv/data/Downloads/ \
> 	--expose=/run/user/$(id -u)/ \
> 	--expose=/tmp/.X11-unix \
> 	--expose=/tmp/.X1-lock \
> 	--container \
> 	--emulate-fhs \
> 	--network \
> 	bash coreutils dbus-glib file grep gcc:lib gtk+@3 libxt sed -- \
> 		bash -l -c "export DISPLAY=${DISPLAY}; ./start-tor-browser"
> 
> it downloaded 94 MB.
> ------------------------------------------------------------------------
> gfp@Tuxedo ~$ guix shell \
>          --share=/srv/data/Downloads/ \
>          --expose=/run/user/$(id -u)/ \
>          --expose=/tmp/.X11-unix \
>          --expose=/tmp/.X1-lock \
>          --container \
>          --emulate-fhs \
>          --network \
>          bash coreutils dbus-glib file grep gcc:lib gtk+@3 libxt sed -- \
>                  bash -l -c "export DISPLAY=${DISPLAY}; ./start-tor-browser"
> substitute: Liste der Substitute von „https://ci.guix.gnu.org“ wird 
> aktualisiert … 100.0%
> substitute: Liste der Substitute von „https://bordeaux.guix.gnu.org“ 
> wird aktualisiert …  substitute: Liste der Substitute von 
> „https://bordeaux.guix.gnu.org“ wird aktualisiert …  substitute: Liste 
> der Substitute von „https://bordeaux.guix.gnu.org“ wird aktualisiert … 
> substitute: Liste der Substitute von „https://bordeaux.guix.gnu.org“ 
> wird aktualisiert …  substitute: Liste der Substitute von 
> „https://bordeaux.guix.gnu.org“ wird aktualisiert …  substitute: Liste 
> der Substitute von „https://bordeaux.guix.gnu.org“ wird aktualisiert … 
> substitute: Liste der Substitute von „https://bordeaux.guix.gnu.org“ 
> wird aktualisiert …  substitute: Liste der Substitute von 
> „https://bordeaux.guix.gnu.org“ wird aktualisiert …  substitute: Liste 
> der Substitute von „https://bordeaux.guix.gnu.org“ wird aktualisiert … 
> substitute: Liste der Substitute von „https://bordeaux.guix.gnu.org“ 
> wird aktualisiert …  substitute: Liste der Substitute von 
> „https://bordeaux.guix.gnu.org“ wird aktualisiert …  substitute: Liste 
> der Substitute von „https://bordeaux.guix.gnu.org“ wird aktualisiert … 
> substitute: Liste der Substitute von „https://bordeaux.guix.gnu.org“ 
> wird aktualisiert …  substitute: Liste der Substitute von 
> „https://bordeaux.guix.gnu.org“ wird aktualisiert …  substitute: Liste 
> der Substitute von „https://bordeaux.guix.gnu.org“ wird aktualisiert … 
> substitute: Liste der Substitute von „https://bordeaux.guix.gnu.org“ 
> wird aktualisiert …  substitute: Liste der Substitute von 
> „https://bordeaux.guix.gnu.org“ wird aktualisiert … 100.0%
> 85,6 MB werden heruntergeladen
>   gtk%2B-3.24.30-doc  3.0MiB                     809KiB/s 00:04 
> [##################] 100.0%
>   glibc-for-fhs-2.33-debug  19.8MiB              1.2MiB/s 00:16 
> [##################] 100.0%
>   librsvg-2.50.7  2.6MiB                         1.0MiB/s 00:03 
> [##################] 100.0%
>   librsvg-2.50.7-doc  47KiB                      564KiB/s 00:00 
> [##################] 100.0%
>   librsvg-2.50.7-debug  15.9MiB                  1.5MiB/s 00:10 
> [##################] 100.0%
>   libxt-1.2.1-doc  320KiB                        655KiB/s 00:00 
> [##################] 100.0%
>   mozjs-91.13.0  14.5MiB                        1008KiB/s 00:15 
> [##################] 100.0%
>   polkit-121  185KiB                             771KiB/s 00:00 
> [##################] 100.0%
>   colord-minimal-1.4.5  712KiB                   708KiB/s 00:01 
> [##################] 100.0%
>   gtk%2B-3.24.30  7.8MiB                         885KiB/s 00:09 
> [##################] 100.0%
>   gtk%2B-3.24.30-bin  783KiB                     956KiB/s 00:01 
> [##################] 100.0%
>   gtk%2B-3.24.30-debug  11.3MiB                  1.5MiB/s 00:08 
> [##################] 100.0%
> substitute: Liste der Substitute von „https://ci.guix.gnu.org“ wird 
> aktualisiert … 100.0%
> substitute: Liste der Substitute von „https://bordeaux.guix.gnu.org“ 
> wird aktualisiert …  substitute: Liste der Substitute von 
> „https://bordeaux.guix.gnu.org“ wird aktualisiert … 100.0%
> Folgende Ableitung wird erstellt:
>    /gnu/store/vg7dkn3j5rmf9x7a4fg7an2ps90phv4i-profile.drv
> 
> 8,3 MB werden heruntergeladen
>   bash-5.1.8-doc  301KiB                         915KiB/s 00:00 
> [##################] 100.0%
>   bash-5.1.8-include  70KiB                      459KiB/s 00:00 
> [##################] 100.0%
>   file-5.41  349KiB                              645KiB/s 00:01 
> [##################] 100.0%
>   gcc-12.2.0-lib  5.6MiB                         961KiB/s 00:06 
> [##################] 100.0%
>   linux-libre-headers-5.10.35  1.1MiB            728KiB/s 00:02 
> [##################] 100.0%
> 7 Veredelungen für cups-filters-1.28.9 werden angewandt …
> 4 Veredelungen für harfbuzz-2.8.2 werden angewandt …
> 3 Veredelungen für cups-2.3.3op2 werden angewandt …
> 8 Veredelungen für librsvg-2.50.7 werden angewandt …
> 8 Veredelungen für librsvg-2.50.7 werden angewandt …
> 2 Veredelungen für libxt-1.2.1 werden angewandt …
> 4 Veredelungen für polkit-121 werden angewandt …
> 2 Veredelungen für python-3.9.9 werden angewandt …
> 8 Veredelungen für colord-minimal-1.4.5 werden angewandt …
> 2 Veredelungen für glib-2.70.2 werden angewandt …
> 19 Veredelungen für gtk+-3.24.30 werden angewandt …
> 3 Veredelungen für mesa-21.3.8 werden angewandt …
> Zertifikatsbündel der Zertifikatsautoritäten wird erstellt …
> Liste der Emacs-Unterverzeichnisse wird erzeugt …
> Schriftartenverzeichnis wird erstellt …
> Zwischenspeicher für GdkPixbuf-Lader wird erzeugt …
> Zwischenspeicher für GLib-Schemata wird erzeugt …
> Zwischenspeicher für GTK-Symbolthemen wird erzeugt …
> Dateien im Zwischenspeicher für GTK-Eingabemethoden werden erstellt …
> Verzeichnis von Info-Handbüchern wird erstellt …
> Zwischenspeicher für XDG-Desktop-Dateien wird erzeugt …
> XDG-Mime-Datenbank wird erstellt …
> Profil mit 10 Paketen wird erstellt …
> guix shell: Fehler: statfs: /srv/data/Downloads/: Datei oder Verzeichnis 
> nicht gefunden
> 
> guix shell: mistake: statfs: /srv/data/Downloads/: file or directory not 
> found.
> ----------------------------------------------------------------------
> Where are my mistakes?
> thanks
> 
> Kind regards
> 
> Gottfried
> 
> 
> 
> Am 05.11.22 um 01:29 schrieb Denis 'GNUtoo' Carikli:
> > Hi again,
> > 
> > I had some data loss so I wasn't able to reply to this thread before.
> > 
> > I managed to make the tor-browser work in Guix proper, and I've
> > attached the script I used for that. It's hardcoded for i686 though so
> > it needs to be modified for x86_64.
> > 
> > Even if that works, there is a problematic issue: the tor-browser has a
> > potential freedom issue: on one hand it very strongly advises people
> > not to install any addons, on the other hand in "tools->Addons and
> > themes->Plugins", there is the following message:  
> >> Get extensions and themes on addons.mozilla.org  
> > 
> > And the issue is that that repository also contains nonfree addons.
> > 
> > If that address can get removed or changed, we could have something
> > where we could be sure that it is FSDG compliant, so we could probably
> > ship scripts like guix-tor-browser-installer for instance.
> > 
> > I've tried to find where that string is set in the binaries in the hope
> > of being able to make a dead simple sed script that would fix the
> > potential FSDG issue at least at installation time, but it didn't
> > find much:  
> >> $ tar xf tor-browser-linux64-11.5.4_en-US.tar.xz
> >> $ grep addons.mozilla.org -r tor-browser_en-US
> >> tor-browser_en-US/Browser/TorBrowser/Docs/ChangeLog.txt:   * Bug
> >> 10464: Remove addons.mozilla.org from NoScript whitelist grep:
> >> tor-browser_en-US/Browser/libxul.so: binary file matches  
> >   
> >> $ strings tor-browser_en-US/Browser/libxul.so | \
> >> grep addons.mozilla.org
> >> addons.mozilla.org
> >> $http://addons.mozilla.org/ca/crl.pem0
> >> signingca1.addons.mozilla.org1!0
> >> $http://addons.mozilla.org/ca/crl.pem0N  
> > 
> > The issue is that this domain is also used for addons updates, so we
> > can't simply remove it blindly. We need to only remove that string in
> > "tools->Addons and themes->Plugins".
> > 
> > The advantage of patching binaries is that we don't need to rebuild it,
> > so we really have the tiniest amount of change possible to make it FSDG
> > compliant (and we can hope that it doesn't change the tor-browser
> > fingerprint).
> > 
> > As far as I understand it should also also be OK to use binaries like
> > that as long as we're also able to rebuild it in an FSDG distribution
> > somehow.
> > 
> > Though here the path forward is probably to dig into upstream bug
> > reports and see what upstream thinks about making the tor-browser FSDG
> > compliant and/or removing the information of where to find addons.
> > 
> > Denis.  
> 
> 
> 



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

  reply	other threads:[~2022-11-07 20:15 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-28 10:52 tor Gottfried
2022-08-28 12:09 ` tor Csepp
2022-08-29 14:19   ` tor Gottfried
2022-08-30 10:54     ` tor Csepp
2022-08-30 18:32       ` tor Gottfried
2022-08-31 16:23         ` tor Denis 'GNUtoo' Carikli
2022-09-01 13:59           ` tor Denis 'GNUtoo' Carikli
2022-09-02 18:31             ` tor Gottfried
2022-09-21  9:52               ` tor Gottfried
2022-09-22 11:52                 ` tor Chris Keschnat via
2022-09-01 14:27         ` tor Denis 'GNUtoo' Carikli
2022-09-01 17:35           ` tor Gottfried
2022-09-01 23:35             ` tor Denis 'GNUtoo' Carikli
2022-11-05  0:29           ` tor Denis 'GNUtoo' Carikli
2022-11-07 19:24             ` tor Gottfried
2022-11-07 20:14               ` Wojtek Kosior via [this message]
2022-11-07 23:19                 ` tor Denis 'GNUtoo' Carikli
  -- strict thread matches above, loose matches on Subject: below --
2022-09-23 16:36 tor Gottfried
2020-09-17 12:32 Tor Rasa Gulla via
2020-09-17 13:15 ` Tor Julien Lepiller
2020-09-17 13:18   ` Tor Rasa Gulla

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221107211430.4145e9bc@koszkonutek-tmp.pl.eu.org \
    --to=help-guix@gnu.org \
    --cc=GNUtoo@cyberdimension.org \
    --cc=gottfried@posteo.de \
    --cc=koszko@koszko.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).