From: Wojtek Kosior via <help-guix@gnu.org>
To: Gottfried <gottfried@posteo.de>
Cc: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>, help-guix@gnu.org
Subject: Re: tor
Date: Mon, 7 Nov 2022 21:14:30 +0100 [thread overview]
Message-ID: <20221107211430.4145e9bc@koszkonutek-tmp.pl.eu.org> (raw)
In-Reply-To: <1f999794-32e4-718a-2e6b-1395e1d116aa@posteo.de>
[-- Attachment #1: Type: text/plain, Size: 15098 bytes --]
> Will this be also at some stage a Guix package or everybody has to
> install it as a script?
I understand Denis' intention is to ultimately make *the script* into a
Guix package. But it is possible to have the script look like an
application and appear in user's applications menu. So in the end
launching the Tor Browser through it wouldn't be noticeably different
from running a normal browser.
> -------------------------------------------------------------------
> I did only 2 scripts in my life.
> So I need help to do this one.
>
> I did:
>
> 1. made a:
> "tor-browser.sh"
> through:
> "touch tor-browser.sh"
>
> 2. I opened it with:
> "nano tor-browser.sh"
>
> 3. I made the first line:
> "#!/bin/bash"
>
> 4. to make it executable:
> "chmod +x tor-browser.sh
>
>
> 5. I put it into:
> ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/
> (this is what I understood)
If you want to use the script Denis attached in his email, you don't
need to add the `#/bin/bash` shebang line - there's already a
`#/bin/sh` line in what Denis made.
Also, you don't need to put this script in the Tor Browser's
directory. Perhaps a more suitable place would be `~/.local/bin` (a
matter of convention).
> 6.
> bash can't find it, after making it:
> where is my mistake?
Shells like Bash use a special environment variable called `PATH` to
determine what directories to search for the scripts/binaries user is
trying to run. If the script's containing directory (in this case
`~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/`) is
not listed in that variable, Bash is not going to look there when it
searches for your script.
You can check current contents of the `PATH` variable by entering
echo "$PATH"
You can add the Tor Browser directory to `PATH` for the duration of
your current shell session by entering something like
export PATH="$HOME"/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/:"$PATH"
If you instead choose to place the script inside `~/.local/bin`, that
directory is (probably) going to be included in the `PATH` by default
(by the means of your default, auto-created shell initialization
scripts).
> 7. after doing
>
> guix shell \
> --share=/srv/data/Downloads/ \
> --expose=/run/user/$(id -u)/ \
> --expose=/tmp/.X11-unix \
> --expose=/tmp/.X1-lock \
> --container \
> --emulate-fhs \
> --network \
> bash coreutils dbus-glib file grep gcc:lib gtk+@3 libxt sed -- \
> bash -l -c "export DISPLAY=${DISPLAY}; ./start-tor-browser"
>
> it downloaded 94 MB.
> ------------------------------------------------------------------------
> [...]
>
> guix shell: mistake: statfs: /srv/data/Downloads/: file or directory not
> found.
> ----------------------------------------------------------------------
> Where are my mistakes?
Denis explained this issue pretty thoroughly in the comment in his
script. Let me quote that
> # I have my Download folder somewhere else. Right now it's at
> # /srv/data/Downloads on another partition. And I want tor-browser to
> # use that folder for storing Downloads.
> # For that to work we need to give the tor-browser write access to
> # /srv/data/Downloads/. Other methods were tried but didn't work:
> # - mounting /srv/data/Downloads/ to Downloads resulted in the
> # tor-browser failing to start.
> # - Using --exporse=/srv/data/Downloads/=${HOME}/.../Browser/Downloads
> # did not work either because Download was unaccessible. Replacing
> # --expose by share in the command above didn't change anything.
> # So I ended up using --share=/srv/data/Downloads/. That requires the
> # user to do the symlink manually though.
This means the `--share=/srv/data/Downloads/` line in Denis' script is
only appropriate if you want to store the downloads under
`/srv/data/Downloads` as he does. Otherwise it is not needed - the Tor
Browser directory (together with its `Downloads` subdir) will be shared
to the container automatically because it is seen by Guix as the
current directory (because Denis' script cd's there first).
Alternatively, you could tell Guix not to share current directory and
to just share `Downloads/`. You'd use the following extra lines
--no-cwd \
--share="$HOME"/.local/share/torbrowser/tbb/i686/tor-browser_en-US/Browser/ \
Although this is not related, I believe the
`export DISPLAY=${DISPLAY};` trick in the script can be replaced with
the `--preserve` option of `guix shell`. At this very moment I realized
I can also improve some code of mine this way :o
> Kind regards
>
> Gottfried
Best,
Wojtek
-- (sig_start)
website: https://koszko.org/koszko.html
PGP: https://koszko.org/key.gpg
fingerprint: E972 7060 E3C5 637C 8A4F 4B42 4BC5 221C 5A79 FD1A
Meet Kraków saints! #50: blessed Wincenty Kadłubek
Poznaj świętych krakowskich! #50: błogosławiony Wincenty Kadłubek
https://pl.wikipedia.org/wiki/Wincenty_Kadłubek
-- (sig_end)
On Mon, 7 Nov 2022 19:24:14 +0000
Gottfried <gottfried@posteo.de> wrote:
> Hi Denis,
>
> thanks for your work.
>
> Will this be also at some stage a Guix package or everybody has to
> install it as a script?
> -------------------------------------------------------------------
> I did only 2 scripts in my life.
> So I need help to do this one.
>
> I did:
>
> 1. made a:
> "tor-browser.sh"
> through:
> "touch tor-browser.sh"
>
> 2. I opened it with:
> "nano tor-browser.sh"
>
> 3. I made the first line:
> "#!/bin/bash"
>
> 4. to make it executable:
> "chmod +x tor-browser.sh
>
>
> 5. I put it into:
> ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/
> (this is what I understood)
>
> 6.
> bash can't find it, after making it:
> where is my mistake?
>
> 7. after doing
>
> guix shell \
> --share=/srv/data/Downloads/ \
> --expose=/run/user/$(id -u)/ \
> --expose=/tmp/.X11-unix \
> --expose=/tmp/.X1-lock \
> --container \
> --emulate-fhs \
> --network \
> bash coreutils dbus-glib file grep gcc:lib gtk+@3 libxt sed -- \
> bash -l -c "export DISPLAY=${DISPLAY}; ./start-tor-browser"
>
> it downloaded 94 MB.
> ------------------------------------------------------------------------
> gfp@Tuxedo ~$ guix shell \
> --share=/srv/data/Downloads/ \
> --expose=/run/user/$(id -u)/ \
> --expose=/tmp/.X11-unix \
> --expose=/tmp/.X1-lock \
> --container \
> --emulate-fhs \
> --network \
> bash coreutils dbus-glib file grep gcc:lib gtk+@3 libxt sed -- \
> bash -l -c "export DISPLAY=${DISPLAY}; ./start-tor-browser"
> substitute: Liste der Substitute von „https://ci.guix.gnu.org“ wird
> aktualisiert … 100.0%
> substitute: Liste der Substitute von „https://bordeaux.guix.gnu.org“
> wird aktualisiert … substitute: Liste der Substitute von
> „https://bordeaux.guix.gnu.org“ wird aktualisiert … substitute: Liste
> der Substitute von „https://bordeaux.guix.gnu.org“ wird aktualisiert …
> substitute: Liste der Substitute von „https://bordeaux.guix.gnu.org“
> wird aktualisiert … substitute: Liste der Substitute von
> „https://bordeaux.guix.gnu.org“ wird aktualisiert … substitute: Liste
> der Substitute von „https://bordeaux.guix.gnu.org“ wird aktualisiert …
> substitute: Liste der Substitute von „https://bordeaux.guix.gnu.org“
> wird aktualisiert … substitute: Liste der Substitute von
> „https://bordeaux.guix.gnu.org“ wird aktualisiert … substitute: Liste
> der Substitute von „https://bordeaux.guix.gnu.org“ wird aktualisiert …
> substitute: Liste der Substitute von „https://bordeaux.guix.gnu.org“
> wird aktualisiert … substitute: Liste der Substitute von
> „https://bordeaux.guix.gnu.org“ wird aktualisiert … substitute: Liste
> der Substitute von „https://bordeaux.guix.gnu.org“ wird aktualisiert …
> substitute: Liste der Substitute von „https://bordeaux.guix.gnu.org“
> wird aktualisiert … substitute: Liste der Substitute von
> „https://bordeaux.guix.gnu.org“ wird aktualisiert … substitute: Liste
> der Substitute von „https://bordeaux.guix.gnu.org“ wird aktualisiert …
> substitute: Liste der Substitute von „https://bordeaux.guix.gnu.org“
> wird aktualisiert … substitute: Liste der Substitute von
> „https://bordeaux.guix.gnu.org“ wird aktualisiert … 100.0%
> 85,6 MB werden heruntergeladen
> gtk%2B-3.24.30-doc 3.0MiB 809KiB/s 00:04
> [##################] 100.0%
> glibc-for-fhs-2.33-debug 19.8MiB 1.2MiB/s 00:16
> [##################] 100.0%
> librsvg-2.50.7 2.6MiB 1.0MiB/s 00:03
> [##################] 100.0%
> librsvg-2.50.7-doc 47KiB 564KiB/s 00:00
> [##################] 100.0%
> librsvg-2.50.7-debug 15.9MiB 1.5MiB/s 00:10
> [##################] 100.0%
> libxt-1.2.1-doc 320KiB 655KiB/s 00:00
> [##################] 100.0%
> mozjs-91.13.0 14.5MiB 1008KiB/s 00:15
> [##################] 100.0%
> polkit-121 185KiB 771KiB/s 00:00
> [##################] 100.0%
> colord-minimal-1.4.5 712KiB 708KiB/s 00:01
> [##################] 100.0%
> gtk%2B-3.24.30 7.8MiB 885KiB/s 00:09
> [##################] 100.0%
> gtk%2B-3.24.30-bin 783KiB 956KiB/s 00:01
> [##################] 100.0%
> gtk%2B-3.24.30-debug 11.3MiB 1.5MiB/s 00:08
> [##################] 100.0%
> substitute: Liste der Substitute von „https://ci.guix.gnu.org“ wird
> aktualisiert … 100.0%
> substitute: Liste der Substitute von „https://bordeaux.guix.gnu.org“
> wird aktualisiert … substitute: Liste der Substitute von
> „https://bordeaux.guix.gnu.org“ wird aktualisiert … 100.0%
> Folgende Ableitung wird erstellt:
> /gnu/store/vg7dkn3j5rmf9x7a4fg7an2ps90phv4i-profile.drv
>
> 8,3 MB werden heruntergeladen
> bash-5.1.8-doc 301KiB 915KiB/s 00:00
> [##################] 100.0%
> bash-5.1.8-include 70KiB 459KiB/s 00:00
> [##################] 100.0%
> file-5.41 349KiB 645KiB/s 00:01
> [##################] 100.0%
> gcc-12.2.0-lib 5.6MiB 961KiB/s 00:06
> [##################] 100.0%
> linux-libre-headers-5.10.35 1.1MiB 728KiB/s 00:02
> [##################] 100.0%
> 7 Veredelungen für cups-filters-1.28.9 werden angewandt …
> 4 Veredelungen für harfbuzz-2.8.2 werden angewandt …
> 3 Veredelungen für cups-2.3.3op2 werden angewandt …
> 8 Veredelungen für librsvg-2.50.7 werden angewandt …
> 8 Veredelungen für librsvg-2.50.7 werden angewandt …
> 2 Veredelungen für libxt-1.2.1 werden angewandt …
> 4 Veredelungen für polkit-121 werden angewandt …
> 2 Veredelungen für python-3.9.9 werden angewandt …
> 8 Veredelungen für colord-minimal-1.4.5 werden angewandt …
> 2 Veredelungen für glib-2.70.2 werden angewandt …
> 19 Veredelungen für gtk+-3.24.30 werden angewandt …
> 3 Veredelungen für mesa-21.3.8 werden angewandt …
> Zertifikatsbündel der Zertifikatsautoritäten wird erstellt …
> Liste der Emacs-Unterverzeichnisse wird erzeugt …
> Schriftartenverzeichnis wird erstellt …
> Zwischenspeicher für GdkPixbuf-Lader wird erzeugt …
> Zwischenspeicher für GLib-Schemata wird erzeugt …
> Zwischenspeicher für GTK-Symbolthemen wird erzeugt …
> Dateien im Zwischenspeicher für GTK-Eingabemethoden werden erstellt …
> Verzeichnis von Info-Handbüchern wird erstellt …
> Zwischenspeicher für XDG-Desktop-Dateien wird erzeugt …
> XDG-Mime-Datenbank wird erstellt …
> Profil mit 10 Paketen wird erstellt …
> guix shell: Fehler: statfs: /srv/data/Downloads/: Datei oder Verzeichnis
> nicht gefunden
>
> guix shell: mistake: statfs: /srv/data/Downloads/: file or directory not
> found.
> ----------------------------------------------------------------------
> Where are my mistakes?
> thanks
>
> Kind regards
>
> Gottfried
>
>
>
> Am 05.11.22 um 01:29 schrieb Denis 'GNUtoo' Carikli:
> > Hi again,
> >
> > I had some data loss so I wasn't able to reply to this thread before.
> >
> > I managed to make the tor-browser work in Guix proper, and I've
> > attached the script I used for that. It's hardcoded for i686 though so
> > it needs to be modified for x86_64.
> >
> > Even if that works, there is a problematic issue: the tor-browser has a
> > potential freedom issue: on one hand it very strongly advises people
> > not to install any addons, on the other hand in "tools->Addons and
> > themes->Plugins", there is the following message:
> >> Get extensions and themes on addons.mozilla.org
> >
> > And the issue is that that repository also contains nonfree addons.
> >
> > If that address can get removed or changed, we could have something
> > where we could be sure that it is FSDG compliant, so we could probably
> > ship scripts like guix-tor-browser-installer for instance.
> >
> > I've tried to find where that string is set in the binaries in the hope
> > of being able to make a dead simple sed script that would fix the
> > potential FSDG issue at least at installation time, but it didn't
> > find much:
> >> $ tar xf tor-browser-linux64-11.5.4_en-US.tar.xz
> >> $ grep addons.mozilla.org -r tor-browser_en-US
> >> tor-browser_en-US/Browser/TorBrowser/Docs/ChangeLog.txt: * Bug
> >> 10464: Remove addons.mozilla.org from NoScript whitelist grep:
> >> tor-browser_en-US/Browser/libxul.so: binary file matches
> >
> >> $ strings tor-browser_en-US/Browser/libxul.so | \
> >> grep addons.mozilla.org
> >> addons.mozilla.org
> >> $http://addons.mozilla.org/ca/crl.pem0
> >> signingca1.addons.mozilla.org1!0
> >> $http://addons.mozilla.org/ca/crl.pem0N
> >
> > The issue is that this domain is also used for addons updates, so we
> > can't simply remove it blindly. We need to only remove that string in
> > "tools->Addons and themes->Plugins".
> >
> > The advantage of patching binaries is that we don't need to rebuild it,
> > so we really have the tiniest amount of change possible to make it FSDG
> > compliant (and we can hope that it doesn't change the tor-browser
> > fingerprint).
> >
> > As far as I understand it should also also be OK to use binaries like
> > that as long as we're also able to rebuild it in an FSDG distribution
> > somehow.
> >
> > Though here the path forward is probably to dig into upstream bug
> > reports and see what upstream thinks about making the tor-browser FSDG
> > compliant and/or removing the information of where to find addons.
> >
> > Denis.
>
>
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
next prev parent reply other threads:[~2022-11-07 20:15 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-28 10:52 tor Gottfried
2022-08-28 12:09 ` tor Csepp
2022-08-29 14:19 ` tor Gottfried
2022-08-30 10:54 ` tor Csepp
2022-08-30 18:32 ` tor Gottfried
2022-08-31 16:23 ` tor Denis 'GNUtoo' Carikli
2022-09-01 13:59 ` tor Denis 'GNUtoo' Carikli
2022-09-02 18:31 ` tor Gottfried
2022-09-21 9:52 ` tor Gottfried
2022-09-22 11:52 ` tor Chris Keschnat via
2022-09-01 14:27 ` tor Denis 'GNUtoo' Carikli
2022-09-01 17:35 ` tor Gottfried
2022-09-01 23:35 ` tor Denis 'GNUtoo' Carikli
2022-11-05 0:29 ` tor Denis 'GNUtoo' Carikli
2022-11-07 19:24 ` tor Gottfried
2022-11-07 20:14 ` Wojtek Kosior via [this message]
2022-11-07 23:19 ` tor Denis 'GNUtoo' Carikli
-- strict thread matches above, loose matches on Subject: below --
2022-09-23 16:36 tor Gottfried
2020-09-17 12:32 Tor Rasa Gulla via
2020-09-17 13:15 ` Tor Julien Lepiller
2020-09-17 13:18 ` Tor Rasa Gulla
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221107211430.4145e9bc@koszkonutek-tmp.pl.eu.org \
--to=help-guix@gnu.org \
--cc=GNUtoo@cyberdimension.org \
--cc=gottfried@posteo.de \
--cc=koszko@koszko.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).