From: "André Batista" <nandre@riseup.net>
To: 42380@debbugs.gnu.org
Subject: [bug#42380] [PATCH] gnu: Add torbrowser-unbundle.
Date: Sat, 25 Jul 2020 11:49:30 -0300 [thread overview]
Message-ID: <20200725144930.GA13751@andel> (raw)
In-Reply-To: <20200715211547.GA17146@andel>
[-- Attachment #1.1: Type: text/plain, Size: 753 bytes --]
Hello Guix,
The patch bellow adds TorBrowser, Obfs4 and related libraries. No
more warnings, it should behave as expected. User files are
stored under '~/.local/share/torbrowser'.
Just two notes:
- some of the libraries do not have a named font and just claim
BDS-Style. I've written bsd-2 for those and left a note. I'm
no sure if there is need for a more appropriate description.
- https-everywhere does not show rules on the browser, but the
rules are there on the store path. There is no default address
for autoupdating rules.
And one important question: tor and obfs4 are inputs to torbrowser
which are symlinked in the install phase. Do they need to be
propagated so as to not be garbage collected?
Happy Hacking!
[-- Attachment #1.2: 0001-gnu-Add-torbrowser-unbundle.patch --]
[-- Type: text/plain, Size: 58824 bytes --]
From d9b11fdfa62919fc5ebfd73c55a9dbbbc12596a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Sat, 25 Jul 2020 06:11:36 -0300
Subject: [PATCH] gnu: Add torbrowser-unbundle
To: guix-patches@gnu.org
* gnu/packages/tor.scm (obfs4, torbrowser-unbundle): New variables.
* gnu/packages/golang.scm (go-torproject-org-ptlib,
go-github-com-agl-ed25519, go-github-com-dchest-siphash,
go-github-com-dchest-uniuri, go-github-com-dsnet-compress,
go-schwanenlied-me-yawning-bsaes, go-gitlab-com-yawning-utls): New variables.
* gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch: New file.
* gnu/packages/patches/torbrowser-start-tor-browser.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
---
gnu/local.mk | 3 +
gnu/packages/golang.scm | 188 +++++
...torbrowser-start-tor-browser.desktop.patch | 22 +
.../torbrowser-start-tor-browser.patch | 184 +++++
gnu/packages/tor.scm | 752 +++++++++++++++++-
5 files changed, 1145 insertions(+), 4 deletions(-)
create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index f2a7b6b984..7bff822c43 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -36,6 +36,7 @@
# Copyright © 2020 Jan Wielkiewicz <tona_kosmicznego_smiecia@interia.pl>
# Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
# Copyright © 2020 Tanguy Le Carrour <tanguy@bioneland.org>
+# Copyright © 2020 André Batista <nandre@riseup.net>
#
# This file is part of GNU Guix.
#
@@ -1587,6 +1588,8 @@ dist_patch_DATA = \
%D%/packages/patches/tipp10-fix-compiling.patch \
%D%/packages/patches/tipp10-remove-license-code.patch \
%D%/packages/patches/tk-find-library.patch \
+ %D%/packages/patches/torbrowser-start-tor-browser.patch \
+ %D%/packages/patches/torbrowser-start-tor-browser.desktop.patch \
%D%/packages/patches/ttf2eot-cstddef.patch \
%D%/packages/patches/ttfautohint-source-date-epoch.patch \
%D%/packages/patches/tomb-fix-errors-on-open.patch \
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 2c31632db6..772b1e29f2 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -18,6 +18,7 @@
;;; Copyright © 2019, 2020 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2020 Jack Hill <jackhill@jackhill.us>
;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
+;;; Copyright © 2020 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -4263,3 +4264,190 @@ used by other processes.")
Porter2 stemmer}. It is written completely using finite state machines to do
suffix comparison, rather than the string-based or tree-based approaches.")
(license license:asl2.0))))
+
+(define-public go-torproject-org-ptlib
+ (package
+ (name "go-torproject-org-ptlib")
+ (version "1.1.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/pluggable-transports/goptlib.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1lh938194hvkf8pqgnxwf6hvjv9rv0j3kasi07r2ckrj8sxzk4jc"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "git.torproject.org/pluggable-transports/goptlib.git"))
+ (home-page "https://git.torproject.org/pluggable-transports/goptlib.git")
+ (synopsis "Go library for Tor pluggable transports")
+ (description "Library for writing Tor pluggable transports in Go.")
+ (license license:cc0)))
+
+
+(define-public go-github-com-agl-ed25519
+ (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")
+ (revision "0"))
+ (package
+ (name "go-github-com-agl-ed25519")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/agl/ed25519")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/agl/ed25519"
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'reset-gzip-timestamps 'make-files-writable
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (for-each (lambda (file) (chmod file #o644))
+ (find-files out "\\.gz"))
+ #t))))))
+ (home-page "https://github.com/agl/ed25519")
+ (synopsis "Go library for ed25519")
+ (description "This library is used in the implementation of obfs4.")
+ (license license:bsd-2))));; Repo does not contain license anymore.
+ ;; Only refered on file as BSD-Style.
+
+(define-public go-github-com-dchest-siphash
+ (let ((commit "34f201214d993633bb24f418ba11736ab8b55aa7")
+ (revision "0"))
+ (package
+ (name "go-github-com-dchest-siphash")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dchest/siphash")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "08s076y7vmjqnq7jz0762hkm896r6r31v8b31a3gy0n8rfa01k8k"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dchest/siphash"))
+ (home-page "https://github.com/dchest/siphash")
+ (synopsis "Go library for siphash")
+ (description "Go implementation of SipHash-2-4, a fast short-input PRF
+created by Jean-Philippe Aumasson and Daniel J. Bernstein.")
+ (license license:cc0))))
+
+(define-public go-github-com-dchest-uniuri
+ (let ((commit "8902c56451e9b58ff940bbe5fec35d5f9c04584a")
+ (revision "0"))
+ (package
+ (name "go-github-com-dchest-uniuri")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dchest/uniuri")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "1x5bsbm1nlphsv96zd0rbclfaa1swpz5bp14x7s5dbxp0awk2gd4"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dchest/uniuri"))
+ (home-page "https://github.com/dchest/uniuri")
+ (synopsis "Go library for random URIs")
+ (description "Package uniuri generates random strings good for use in
+URIs to identify unique objects.")
+ (license license:cc0))))
+
+(define-public go-github-com-dsnet-compress
+ (let ((commit "cc9eb1d7ad760af14e8f918698f745e80377af4f")
+ (revision "0"))
+ (package
+ (name "go-github-com-dsnet-compress")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dsnet/compress")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "159liclywmyb6zx88ga5gn42hfl4cpk1660zss87fkx31hdq9fgx"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dsnet/compress"))
+ (home-page "https://github.com/dsnet/compress")
+ (synopsis "Go library for extended compression")
+ (description "This is a collection of compression related libraries.
+The goal of this project is to provide pure Go implementations for popular
+compression algorithms bey ond what the Go standard library provides.")
+ (license license:bsd-2))));; Unnamed. Go license?
+
+(define-public go-schwanenlied-me-yawning-bsaes
+ (let ((commit "26d1add596b6d800bdeeb3bc3b2c7b316c056b6d")
+ (revision "0"))
+ (package
+ (name "go-schwanenlied-me-yawning-bsaes")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.schwanenlied.me/yawning/bsaes.git")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "0h4dsyw54n9rcwprqy93wv2v1gcvlq1vfqdp1g7wxdkq457rhvys"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "git.schwanenlied.me/yawning/bsaes.git"))
+ (home-page "https://git.schwanenlied.me/yawning/bsaes.git")
+ (synopsis "Go AES library")
+ (description "Portable pure-Go constant time AES implementation based on
+the excellent code from [BearSSL](https://bearssl.org/). On AMD64 systems
+with AES-NI and a sufficiently recent Go runtime, it will transparently call
+crypto/aes when NewCipher is invoked.")
+ (license license:bsd-2))));; Also unnamed.
+
+(define-public go-gitlab-com-yawning-utls
+ (package
+ (name "go-gitlab-com-yawning-utls")
+ (version "0.0.10-1")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://gitlab.com/yawning/utls.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "15c46s56r45n22rmq9spnczydnkqrnxff28h5mpnk5yvcqif3lgb"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:tests? #f ;; Tries to connect and fails.
+ #:import-path "gitlab.com/yawning/utls.git"))
+ (propagated-inputs
+ `(("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+ ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+ ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)))
+ (home-page "https://gitlab.com/yawning/utls.git")
+ (synopsis "Go library for UTLS")
+ (description "UTLS fork for the specific purpose of improving obfs4proxy's
+meek_lite transport.")
+ (license license:gpl3+)))
diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
new file mode 100644
index 0000000000..e65348b7f5
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
@@ -0,0 +1,22 @@
+Change TorBrowser desktop file in order for it to be agnostic to the
+path when invoked.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/projects/tor-browser/RelativeLink/start-tor-browser.desktop.orig 2020-07-05 18:47:40.689484877 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/projects/tor-browser/RelativeLink/start-tor-browser.desktop 2020-07-24 14:36:37.720579884 -0300
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env ./Browser/execdesktop
++#!/usr/bin/env bash
+ #
+ # This file is a self-modifying .desktop file that can be run from the shell.
+ # It preserves arguments and environment for the start-tor-browser script.
+@@ -28,7 +28,7 @@
+ GenericName=Web Browser
+ Comment=Tor Browser is +1 for privacy and −1 for mass surveillance
+ Categories=Network;WebBrowser;Security;
+-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k
+-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
+-Icon=web-browser
++Exec=bash -c start-tor-browser
++X-TorBrowser-ExecShell=start-tor-browser --detach
++Icon=torbrowser
+ StartupWMClass=Tor Browser
diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.patch b/gnu/packages/patches/torbrowser-start-tor-browser.patch
new file mode 100644
index 0000000000..e3e29e61ed
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-tor-browser.patch
@@ -0,0 +1,184 @@
+Change TorBrowser startup script in order for it to setup needed files
+outside guix store. Remove tests which are not needed on guix system.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/projects/tor-browser/RelativeLink/start-tor-browser.orig 2020-07-05 18:47:40.685485004 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/projects/tor-browser/RelativeLink/start-tor-browser 2020-07-23 18:13:32.426282743 -0300
+@@ -5,6 +5,16 @@
+ #
+ # Copyright 2017 The Tor Project. See LICENSE for licensing information.
+
++TBB_HOME="${HOME}/.local/share/torbrowser"
++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"
++TBB_DATA="${TBB_HOME}/Data"
++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"
++TBB_STORE_PATH=$(dirname $(realpath "$0"))
++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"
++TORRC="${TBB_DATA}/Tor/torrc-defaults"
++#TORRC_BRIDGE="${TORRC}-appendix"
++PT_PREFS="${TBB_DATA}/Browser/bridge-prefs-js-appendix"
++
+ complain_dialog_title="Tor Browser"
+
+ # First, make sure DISPLAY is set. If it isn't, we're hosed; scream
+@@ -134,8 +144,8 @@
+ ;;
+ -l | --log)
+ if [ -z "$2" -o "${2:0:1}" == "-" ]; then
+- printf "Logging Tor Browser debug information to tor-browser.log\n"
+- logfile="../tor-browser.log"
++ printf "Logging Tor Browser debug information to torbrowser.log\n"
++ logfile="${TBB_LOGFILE}"
+ elif [ "${2:0:1}" == "/" -o "${2:0:1}" == "~" ]; then
+ printf "Logging Tor Browser debug information to %s\n" "$2"
+ logfile="$2"
+@@ -187,41 +197,23 @@
+ export XAUTHORITY
+ fi
+
+-# If this script is being run through a symlink, we need to know where
+-# in the filesystem the script itself is, not where the symlink is.
+-myname="$0"
+-if [ -L "$myname" ]; then
+- # XXX readlink is not POSIX, but is present in GNU coreutils
+- # and on FreeBSD. Unfortunately, the -f option (which follows
+- # a whole chain of symlinks until it reaches a non-symlink
+- # path name) is a GNUism, so we have to have a fallback for
+- # FreeBSD. Fortunately, FreeBSD has realpath instead;
+- # unfortunately, that's also non-POSIX and is not present in
+- # GNU coreutils.
+- #
+- # If this launcher were a C program, we could just use the
+- # realpath function, which *is* POSIX. Too bad POSIX didn't
+- # make that function accessible to shell scripts.
+-
+- # If realpath is available, use it; it Does The Right Thing.
+- possibly_my_real_name="`realpath "$myname" 2>/dev/null`"
+- if [ "$?" -eq 0 ]; then
+- myname="$possibly_my_real_name"
+- else
+- # realpath is not available; hopefully readlink -f works.
+- myname="`readlink -f "$myname" 2>/dev/null`"
+- if [ "$?" -ne 0 ]; then
+- # Ugh.
+- complain "start-tor-browser cannot be run using a symlink on this operating system."
+- fi
+- fi
++# Try to be agnostic to where we're being started from, check if files are on its
++# default paths and chdir to TBB_HOME
++if [ -e "${TORRC}" ]; then
++ cd "${TBB_HOME}"
++else
++ mkdir -p "${TBB_HOME}"
++ cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
++ chmod -R 700 "${TBB_HOME}"
++ mkdir -p "${TBB_PROFILE}"
++ echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\
++ > "${TBB_PROFILE}/user.js"
++ grep -v 'default_bridge\.snowflake' "${PT_PREFS}" >> "${TBB_PROFILE}/user.js"
++ echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
++ >> "${TORRC}"
++ cd "${TBB_HOME}"
+ fi
+
+-# Try to be agnostic to where we're being started from, chdir to where
+-# the script is.
+-mydir="`dirname "$myname"`"
+-test -d "$mydir" && cd "$mydir"
+-
+ # If ${PWD} results in a zero length string, we can try something else...
+ if [ ! "${PWD}" ]; then
+ # "hacking around some braindamage"
+@@ -236,16 +228,9 @@
+ ln -nsf ~/.config/ibus/bus .config/ibus
+ fi
+
+-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from the
+-# canonical version if it was changed by the updater.
+-cp start-tor-browser.desktop ../
+-sed -i -e "s,^Name=.*,Name=Tor Browser,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Icon=.*,Icon=$PWD/browser/chrome/icons/default/default128.png,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Exec=.*,Exec=sh -c '\"$PWD/start-tor-browser\" --detach || ([ ! -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Browser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop
+-
+ if [ "$register_desktop_app" -eq 1 ]; then
+ mkdir -p "$HOME/.local/share/applications/"
+- cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
++ cp "${TBB_STORE_PATH}/start-tor-browser.desktop" "$HOME/.local/share/applications/"
+ update-desktop-database "$HOME/.local/share/applications/"
+ printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"
+ exit 0
+@@ -265,21 +250,6 @@
+ HOME="${PWD}"
+ export HOME
+
+-SYSARCHITECTURE=$(getconf LONG_BIT)
+-TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
+-
+-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
+- complain "Wrong architecture? 32-bit vs. 64-bit."
+- exit 1
+-fi
+-
+-[% IF c("var/asan") -%]
+-# We need to disable LSan which is enabled by default now. Otherwise we'll get
+-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59
+-ASAN_OPTIONS="detect_leaks=0"
+-export ASAN_OPTIONS
+-[% END -%]
+-
+ function setControlPortPasswd() {
+ local ctrlPasswd=$1
+
+@@ -342,13 +312,15 @@
+ # your password in the following line where the word “secret” is:
+ setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'}
+
+-# Set up custom bundled fonts. See fonts-conf(5).
+-export FONTCONFIG_PATH="${HOME}/TorBrowser/Data/fontconfig"
+-export FONTCONFIG_FILE="fonts.conf"
+-
+ # Avoid overwriting user's dconf values. Fixes #27903.
+ export GSETTINGS_BACKEND=memory
+
++# Set up custom bundled fonts. See fonts-conf(5).
++export FONTCONFIG_FILE="${HOME}/Data/fontconfig/fonts.conf"
++
++sed -i "${FONTCONFIG_FILE}"\
++ -e "s,<dir>fonts</dir>,<dir>${TBB_STORE_PATH}/fonts</dir>,"
++
+ cd "${HOME}"
+
+ # We pass all additional command-line arguments we get to Firefox.
+@@ -357,23 +329,23 @@
+
+ if [ "$show_usage" -eq 1 ]; then
+ # Display Firefox help, then our help
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default --help 2>/dev/null
+ tbb_usage
+ elif [ "$detach" -eq 1 ] ; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
+ disown "$!"
+ elif [ "$log_output" -eq 1 -a "$show_output" -eq 1 ]; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
+ tee "$logfile"
+ elif [ "$show_output" -eq 1 ]; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" < /dev/null
+ else
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
+ fi
+
+ exit $?
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index c852c54a5b..4fe3f69ef3 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -28,28 +28,69 @@
(define-module (gnu packages tor)
#:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix gexp)
+ #:use-module (guix monads)
#:use-module (guix packages)
#:use-module (guix utils)
+ #:use-module (guix store)
#:use-module (guix download)
#:use-module (guix git-download)
+ #:use-module (guix build-system cargo)
+ #:use-module (guix build-system go)
#:use-module (guix build-system gnu)
#:use-module (guix build-system python)
+ #:use-module (guix build-system trivial)
#:use-module (gnu packages)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages audio)
+ #:use-module (gnu packages autotools)
#:use-module (gnu packages base)
- #:use-module (gnu packages libevent)
- #:use-module (gnu packages linux)
+ #:use-module (gnu packages bash)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages databases)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages golang)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages libcanberra)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages nss)
#:use-module (gnu packages pcre)
+ #:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
#:use-module (gnu packages python-crypto)
#:use-module (gnu packages python-web)
#:use-module (gnu packages python-xyz)
#:use-module (gnu packages qt)
- #:use-module (gnu packages autotools)
+ #:use-module (gnu packages readline)
+ #:use-module (gnu packages rsync) ; for httpse
+ #:use-module (gnu packages rust)
+ #:use-module (gnu packages rust-apps)
+ #:use-module (gnu packages sqlite)
#:use-module (gnu packages tls)
- #:use-module (gnu packages w3m))
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages vim) ; for xxd
+ #:use-module (gnu packages w3m)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xiph)
+ #:use-module (gnu packages xorg)
+ #:use-module (gnu packages xml) ; for httpse
+ #:use-module (ice-9 match)
+ #:use-module ((srfi srfi-1) #:hide (zip)))
(define-public tor
(package
@@ -324,3 +365,706 @@ statistics and status reports on:
Potential client and exit connections are scrubbed of sensitive information.")
(license license:gpl3+)))
+
+(define-public obfs4
+ (package
+ (name "obfs4")
+ (version "0.0.11")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/pluggable-transports/obfs4.git")
+ (commit (string-append "obfs4proxy-" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1y2kjwrk64l1h8b87m4iqsanib5rn68gzkdri1vd132qrlypycjn"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "git.torproject.org/pluggable-transports/obfs4.git"
+ #:tests? #f ;; No test files
+ #:phases
+ (modify-phases %standard-phases
+ (replace 'build
+ (lambda* (#:key outputs configure-flags #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (copy-recursively
+ "src/git.torproject.org/pluggable-transports/obfs4.git"
+ "src/gitlab.com/yawning/obfs4.git"
+ #:log (%make-void-port "w"))
+ (with-directory-excursion
+ "src/git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy"
+ (invoke "go" "build" "-ldflags" "-s"))
+ #t)))
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (srcdir
+ "src/git.torproject.org/pluggable-transports/obfs4.git")
+ (bindir (string-append out "/bin"))
+ (sharedir (string-append out "/share/"))
+ (docdir (string-append sharedir "/doc"))
+ (mandir (string-append out "/man/man1")))
+ (mkdir-p mandir)
+ (mkdir-p bindir)
+ (mkdir-p docdir)
+ (with-directory-excursion
+ (string-append srcdir "/obfs4proxy")
+ (copy-file "obfs4proxy"
+ (string-append bindir "/obfs4proxy")))
+ (with-directory-excursion
+ (string-append srcdir "/doc")
+ (copy-file "obfs4proxy.1"
+ (string-append mandir "/obfs4proxy.1"))
+ (copy-file "obfs4-spec.txt"
+ (string-append docdir "/obfs4-spec.txt")))
+ #t))))))
+ (propagated-inputs
+ `(("go-torproject-org-ptlib" ,go-torproject-org-ptlib)
+ ;; Currently uses this, but the readme on github is pointing
+ ;; users to start relying on x/crypto/ed25519 instead.
+ ("go-github-com-agl-ed25519" ,go-github-com-agl-ed25519)
+ ("go-github-com-dchest-siphash" ,go-github-com-dchest-siphash)
+ ("go-github-com-dchest-uniuri" ,go-github-com-dchest-uniuri)
+ ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+ ("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+ ("go-gitlab-com-yawning-utls" ,go-gitlab-com-yawning-utls)
+ ("go-golang-org-x-net" ,go-golang-org-x-net)
+ ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)
+ ("go-golang-org-x-text" ,go-golang-org-x-text)))
+ (home-page "https://git.torproject.org/pluggable-transports/obfs4.git")
+ (synopsis "Obfs4 implements an obfuscation protocol")
+ (description "This is a look-like nothing obfuscation protocol that
+incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.
+The obfs naming was chosen primarily because it was shorter, in terms of
+protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")
+ (license license:gpl3+)))
+
+(define* (computed-origin-method gexp-promise hash-algo hash
+ #:optional (name "source")
+ #:key (system (%current-system))
+ (guile (default-guile)))
+ "Return a derivation that executes the G-expression that results
+from forcing GEXP-PROMISE."
+ (mlet %store-monad ((guile (package->derivation guile system)))
+ (gexp->derivation (or name "computed-origin")
+ (force gexp-promise)
+ #:graft? #f ;nothing to graft
+ #:system system
+ #:guile-for-build guile)))
+
+;; Fonts for TorBrowser. Avoid downloading 4Gb+ git repo on
+;; https://github.com/googlei18n/noto-fonts.git to use just a handful.
+;; Use the fonts on TorBrowser package.
+(define torbrowser-fonts
+ (package
+ (name "torbrowser-fonts")
+ (version "9.5.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://dist.torproject.org/torbrowser/"
+ version "/tor-browser-linux64-"
+ version "_en-US.tar.xz"))
+ (sha256
+ (base32
+ "18xv8pv2j55f78n4d7cz24zwhqlcxkpq8nbanl754k2k0s1w34dd"))))
+ (build-system trivial-build-system)
+ (native-inputs
+ `(("tar" ,tar)
+ ("xz" ,xz)))
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (let ((src (assoc-ref %build-inputs "source"))
+ (src-dir "tor-browser_en-US/Browser/fonts")
+ (install-dir (string-append %output "/fonts"))
+ (tar (assoc-ref %build-inputs "tar"))
+ (xz (assoc-ref %build-inputs "xz")))
+
+ (mkdir-p install-dir)
+ (format #t "Untaring torbrowser ball ...~%")
+ (invoke (string-append tar "/bin/tar") "-xf" src
+ "-C" install-dir "--strip-components=3"
+ (string-append "--use-compress-program=" xz "/bin/xz")
+ src-dir)
+ #t))))
+ (home-page "https://github.com/googlei18n/noto-fonts")
+ (synopsis "TorBrowser bundled fonts")
+ (description "Free fonts bundled with TorBrowser. Includes a subset of Noto,
+Arimo, Cousine, Tinos and STIX fonts.")
+ (license license:silofl1.1)))
+
+(define %torbrowser-version "68.10.0esr-9.5-1")
+(define %torbrowser-build-id "20200709000000") ;must be of the form YYYYMMDDhhmmss
+
+;; (Un)fortunatly TorBrowser has it's own reproducible build system - RBM - which
+;; automates the build process for them and compiles TorBrowser from a range of
+;; repositories and produces a range of tarballs for different architectures and
+;; locales. So we need to cherry-pick what is needed for guix and produce our own
+;; tarball. See https://gitweb.torproject.org/builders/tor-browser-build.git/projects/\
+;; {tor-browser,firefox}/{build,config} for the rationale applied here. See also
+;; the Hacking on TorBrowser document for a high level introduction at
+;; https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking).
+;;
+;; TODO: Import langpacks.
+(define torbrowser-source
+ (let* ((torbrowser-commit "75c2bb720d4ceb76231e8ecc3455754bf05ba19b")
+ (torbrowser-version %torbrowser-version)
+ (upstream-torbrowser-source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/tor-browser.git")
+ (commit torbrowser-commit)))
+ (file-name (git-file-name "tor-browser" torbrowser-version))
+ (sha256
+ (base32
+ "19sk46k2bqa72il46pdl534nk2g3fi6l7m7kbglddccxv19ck0k4"))))
+
+ (torbrowser-build-commit "e94ba3a7677f7051a14b2304427ec8393a450fdc")
+ (torbrowser-build-version "9.5")
+ (upstream-torbrowser-build-source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/builders/tor-browser-build.git")
+ (commit torbrowser-build-commit)))
+ (file-name (git-file-name "tor-browser-build"
+ torbrowser-build-version))
+ (sha256
+ (base32
+ "1jgkrsckcjgr1lgcwahzdrcasmpghs2ppz6w80fya89pa5d6r0gv"))))
+
+ (torbutton-commit "ebe2bedab44e38f18c7968bd327d99eef7660f34")
+ (torbutton-version "9.5")
+ (upstream-torbutton-source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/torbutton.git")
+ (commit torbutton-commit)))
+ (file-name (git-file-name "torbutton" torbutton-version))
+ (sha256
+ (base32
+ "03xdyszab1a8j98xv6440v4lq58jkfqgmhxc2a62qz8q085d2x83"))))
+
+ (tor-launcher-commit "b4838d339a84c5ebebd91a0ba6b22d44ecda97b1")
+ (tor-launcher-version "0.2.21")
+ (upstream-tor-launcher-source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/tor-launcher.git")
+ (commit tor-launcher-commit)))
+ (file-name (git-file-name "tor-launcher" tor-launcher-version))
+ (sha256
+ (base32
+ "0xxwyw1j6dkm2a24kg1564k701p5ikfzs1f9n0gflvlzz9427haf"))))
+
+ (https-everywhere-version "2020.5.20")
+ (upstream-https-everywhere-source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/EFForg/https-everywhere/archive/"
+ https-everywhere-version ".tar.gz"))
+ (sha256
+ (base32
+ "027lga3z0a4d7s95id861das7g0k29p7pqh9xd77jm87f7w4l763"))))
+
+ (noscript-xpi-version "11.0.34")
+ (upstream-noscript-xpi
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://secure.informaction.com/download/releases/noscript-"
+ noscript-xpi-version ".xpi"))
+ (sha256
+ (base32
+ "0y45925ms2bk9d42zbgwcdb2sif8kqlbaflkz15q08gi7vgki6km")))))
+
+ ;; Now we bundle the grabbed sources.
+ (origin
+ (method computed-origin-method)
+ (file-name (string-append "torbrowser-" %torbrowser-version ".tar.xz"))
+ (sha256 #f)
+ (uri
+ (delay
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (let ((torbrowser-dir (string-append "torbrowser-"
+ #$torbrowser-version))
+ (torbutton-dir "toolkit/torproject/torbutton")
+ (tor-launcher-dir "browser/extensions/tor-launcher")
+ (tbb-scripts-dir "tbb-scripts")
+ (https-everywhere "https-everywhere.tar.gz")
+ (noscript-xpi "noscript.xpi"))
+
+ (set-path-environment-variable
+ "PATH" '("bin")
+ (list #+(canonical-package bash)
+ #+(canonical-package xz)
+ #+(canonical-package tar)))
+
+ (format #t "Copying torbrowser source to writable path ...~%")
+ (force-output)
+ (copy-recursively #+upstream-torbrowser-source
+ torbrowser-dir
+ #:log (%make-void-port "w"))
+
+ (with-directory-excursion torbrowser-dir
+ (format #t "Copying torbutton source to torbrowser...~%")
+ (force-output)
+ (make-file-writable torbutton-dir)
+ (copy-recursively #+upstream-torbutton-source
+ torbutton-dir
+ #:log (%make-void-port "w"))
+
+ (format #t "Copying tor-launcher source to torbrowser...~%")
+ (force-output)
+ (copy-recursively #+upstream-tor-launcher-source
+ tor-launcher-dir
+ #:log (%make-void-port "w"))
+
+ (format #t "Copying tor-browser-build source to torbrowser...~%")
+ (force-output)
+ (mkdir tbb-scripts-dir)
+ (copy-recursively #+upstream-torbrowser-build-source
+ tbb-scripts-dir
+ #:log (%make-void-port "w"))
+
+ (format #t "Copying https-everywhere source to torbrowser...~%")
+ (force-output)
+ (copy-file #+upstream-https-everywhere-source
+ https-everywhere)
+
+ (format #t "Copying noscript xpi to torbrowser...~%")
+ (force-output)
+ (copy-file #+upstream-noscript-xpi
+ "noscript.xpi"))
+
+ (invoke "tar" "cvfa" #$output
+ ;; Avoid non-determinism in the archive.
+ "--mtime=@315619200" ; 1980-01-02 UTC
+ "--owner=root:0"
+ "--group=root:0"
+ "--sort=name"
+ torbrowser-dir)
+ #t))))))))
+
+(define-public torbrowser-unbundle
+ (package
+ (name "torbrowser-unbundle")
+ (version %torbrowser-version)
+ (source torbrowser-source)
+ (build-system gnu-build-system)
+ (inputs
+ `(("alsa-lib" ,alsa-lib)
+ ("bzip2" ,bzip2)
+ ("cups" ,cups)
+ ("dbus-glib" ,dbus-glib)
+ ("ffmpeg" ,ffmpeg)
+ ("freetype" ,freetype)
+ ("gdk-pixbuf" ,gdk-pixbuf)
+ ("glib" ,glib)
+ ("gtk+" ,gtk+)
+ ("gtk+-2" ,gtk+-2)
+ ("graphite2" ,graphite2)
+ ("harfbuzz" ,harfbuzz)
+ ("icu4c" ,icu4c)
+ ("libcanberra" ,libcanberra)
+ ("libgnome" ,libgnome)
+ ("libjpeg-turbo" ,libjpeg-turbo)
+ ("libogg" ,libogg)
+ ;; ("libtheora" ,libtheora) ; wants theora-1.2, not yet released
+ ("libvorbis" ,libvorbis)
+ ("libxft" ,libxft)
+ ("libevent" ,libevent)
+ ("libxinerama" ,libxinerama)
+ ("libxscrnsaver" ,libxscrnsaver)
+ ("libxcomposite" ,libxcomposite)
+ ("libxt" ,libxt)
+ ("libffi" ,libffi)
+ ("libvpx" ,libvpx)
+ ("mesa" ,mesa)
+ ("mit-krb5" ,mit-krb5)
+ ;; See <https://bugs.gnu.org/32833>
+ ;; and related comments in the 'remove-bundled-libraries' phase.
+ ;; UNBUNDLE-ME! ("nspr" ,nspr)
+ ;; UNBUNDLE-ME! ("nss" ,nss)
+ ("obfs4" ,obfs4)
+ ("pango" ,pango)
+ ("pixman" ,pixman)
+ ("pulseaudio" ,pulseaudio)
+ ("shared-mime-info" ,shared-mime-info)
+ ("sqlite" ,sqlite)
+ ("startup-notification" ,startup-notification)
+ ("tor" ,tor-client)
+ ("unzip" ,unzip)
+ ("zip" ,zip)
+ ("zlib" ,zlib)))
+ (native-inputs
+ `(("autoconf" ,autoconf-2.13)
+ ("cargo" ,rust "cargo")
+ ("clang" ,clang)
+ ("libxml2" ,libxml2) ; for https-e
+ ("libxslt" ,libxslt) ; for https-e
+ ("llvm" ,llvm)
+ ("openssl" ,openssl) ; For hash+sig on https-everywhere
+ ("patch" ,(canonical-package patch))
+ ("torbrowser-start-tor-browser.patch"
+ ,(search-patch "torbrowser-start-tor-browser.patch"))
+ ("torbrowser-start-tor-browser.desktop.patch"
+ ,(search-patch "torbrowser-start-tor-browser.desktop.patch"))
+ ("perl" ,perl)
+ ("pkg-config" ,pkg-config)
+ ("python" ,python)
+ ("python2" ,python-2.7)
+ ("python2-pysqlite" ,python2-pysqlite)
+ ("nasm" ,nasm) ; XXX FIXME: only needed on x86_64 and i686
+ ("node" ,node)
+ ("rsync" ,rsync) ; for https-e build
+ ("rust" ,rust)
+ ("rust-cbindgen" ,rust-cbindgen)
+ ("tar" ,tar) ; for untaring extensions
+ ("torbrowser-fonts" ,torbrowser-fonts)
+ ("util-linux" ,util-linux) ; for getopt on https-everywhere build
+ ("which" ,which)
+ ("xxd" ,xxd) ; for https-everywhere build
+ ("yasm" ,yasm)))
+ (arguments
+ `(#:tests? #f ; Some tests are autodone by mach on build fase.
+
+ ;; XXX: There are RUNPATH issues such as
+ ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so,
+ ;; which is not in its RUNPATH, but they appear to be harmless in
+ ;; practice somehow. See <http://hydra.gnu.org/build/378133>.
+ #:validate-runpath? #f
+
+ #:imported-modules ,%cargo-utils-modules ;for `generate-all-checksums'
+
+ #:modules ((ice-9 ftw)
+ (ice-9 rdelim)
+ (ice-9 regex)
+ (ice-9 match)
+ (srfi srfi-34)
+ (srfi srfi-35)
+ (rnrs bytevectors)
+ (rnrs io ports)
+ (guix elf)
+ (guix build gremlin)
+ (guix build utils)
+ (sxml simple)
+ ,@%gnu-build-system-modules)
+
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'unpack-extensions
+ (lambda* (#:key inputs native-inputs #:allow-other-keys)
+ (let ((https-everywhere-archive "https-everywhere.tar.gz")
+ (https-everywhere-srcdir "https-everywhere-src")
+ (bash (which "bash")))
+ (setenv "SHELL" bash)
+ (mkdir https-everywhere-srcdir)
+ (invoke "tar" "xf" https-everywhere-archive
+ "--strip-components=1" "-C" https-everywhere-srcdir))
+ #t))
+
+ (add-after 'unpack-extensions 'apply-guix-specific-patches
+ (lambda* (#:key inputs native-inputs #:allow-other-keys)
+ (let ((patch (string-append (assoc-ref (or native-inputs inputs)
+ "patch")
+ "/bin/patch")))
+ (for-each (match-lambda
+ ((label . file)
+ (when (and (string-prefix? "torbrowser-" label)
+ (string-suffix? ".patch" label))
+ (format #t "applying '~a'...~%" file)
+ (invoke patch "--force" "--no-backup-if-mismatch"
+ "-p1" "--input" file))))
+ (or native-inputs inputs)))
+ #t))
+
+ ;; On mach build system this is done on configure.
+ (delete 'bootstrap)
+
+ (add-after 'patch-source-shebangs 'patch-cargo-checksums
+ (lambda _
+ (use-modules (guix build cargo-utils))
+ (let ((null-hash "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"))
+ (substitute* '("Cargo.lock" "gfx/wr/Cargo.lock")
+ (("(\"checksum .* = )\".*\"" all name)
+ (string-append name "\"" null-hash "\"")))
+ (generate-all-checksums "third_party/rust"))
+ #t))
+
+ (add-after 'build 'neutralize-store-references
+ (lambda _
+ ;; Mangle the store references to compilers & other build tools in
+ ;; about:buildconfig, reducing TorBrowser's closure significant.
+ ;; The resulting files are saved in lib/firefox/omni.ja
+ (substitute* "objdir/dist/bin/chrome/toolkit/content/global/buildconfig.html"
+ (((format #f "(~a/)([0-9a-df-np-sv-z]{32})"
+ (regexp-quote (%store-directory))) _ store hash)
+ (string-append store
+ (string-take hash 8)
+ "<!-- Guix: not a runtime dependency -->"
+ (string-drop hash 8))))
+ #t))
+
+ (replace 'configure
+ (lambda* (#:key inputs outputs configure-flags #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (bash (which "bash"))
+ (flags `(,(string-append "--prefix=" out)
+ ,@configure-flags)))
+
+ (setenv "SHELL" bash)
+ (setenv "AUTOCONF" (string-append
+ (assoc-ref %build-inputs "autoconf")
+ "/bin/autoconf"))
+ (setenv "CONFIG_SHELL" bash)
+ (setenv "PYTHON" (string-append
+ (assoc-ref inputs "python2")
+ "/bin/python"))
+ (setenv "MOZ_BUILD_DATE" ,%torbrowser-build-id) ; avoid timestamp.
+ (setenv "LDFLAGS" (string-append
+ "-Wl,-rpath="
+ (assoc-ref outputs "out")
+ "/lib/firefox"))
+
+ (substitute* ".mozconfig"
+ ;; Arch independent builddir.
+ (("(mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj).*" _ m)
+ (string-append m "dir\n"))
+ (("ac_add_options --disable-tor-launcher") "")
+ ;; We won't be building incrementals.
+ (("ac_add_options --enable-signmar") "")
+ (("ac_add_options --enable-verify-mar") "")
+ (("ac_add_options --with-tor-browser-version=dev-build")
+ (string-append "ac_add_options --with-tor-browser-version=org.gnu\n"
+ "ac_add_options --with-unsigned-addon-scopes=app\n"
+ "ac_add_options --enable-pulseaudio\n"
+ "ac_add_options --disable-debug-symbols\n"
+ "ac_add_options --disable-updater\n"
+ "ac_add_options --disable-gconf\n"
+ ;; Other syslibs that can be unbundled? (nss, nspr)
+ "ac_add_options --enable-system-pixman\n"
+ "ac_add_options --enable-system-ffi\n"
+ "ac_add_options --with-system-bz2\n"
+ "ac_add_options --with-system-icu\n"
+ "ac_add_options --with-system-jpeg\n"
+ "ac_add_options --with-system-libevent\n"
+ "ac_add_options --with-system-zlib\n"
+ ;; Without these clang is not found.
+ "ac_add_options --with-clang-path="
+ (assoc-ref %build-inputs "clang") "/bin/clang\n"
+ "ac_add_options --with-libclang-path="
+ (assoc-ref %build-inputs "clang") "/lib\n")))
+
+ (substitute* "browser/app/profile/000-tor-browser.js"
+ ;; TorBrowser updates are disabled on mozconfig, but let's make sure.
+ (("(pref\\(\"extensions.torbutton.versioncheck_enabled\").*" _ m)
+ (string-append m ",false);\n")))
+
+ (substitute* "browser/extensions/tor-launcher/src/defaults/preferences/torlauncher-prefs.js"
+ ;; Not multilingual. See tor-browser/build:141. Currently disabled on
+ ;; tor-launcher, but let's make sure while missing langpacks.
+ (("(pref\\(\"extensions.torlauncher.prompt_for_locale\").*" _ m)
+ (string-append m ", false);\n")))
+
+ ;; For user data outside the guix store.
+ (substitute* "xpcom/io/TorFileUtils.cpp"
+ (("ANDROID") "GNUGUIX"))
+ (substitute* "old-configure.in"
+ (("(AC_SUBST\\(TOR_BROWSER_DISABLE_TOR_LAUNCHER\\))" _ m)
+ (string-append m "\n AC_DEFINE(GNUGUIX)\n")))
+
+ (format #t "Invoking mach configure ...~%")
+ (invoke "./mach" "configure"))
+ #t))
+
+ (add-after 'configure 'build-extensions
+ (lambda* (#:key inputs native-inputs #:allow-other-keys)
+ (let ((bash (which "bash")))
+ (setenv "SHELL" bash)
+ ;; Python3.6 is hardcoded on these scripts. Using v3.8 appears to
+ ;; be harmless.
+ (with-directory-excursion "https-everywhere-src"
+ (substitute* '("install-dev-dependencies.sh"
+ "make.sh"
+ "hooks/precommit"
+ "test/firefox.sh"
+ "test/manual.sh"
+ "test/script.py"
+ "test/validations.sh"
+ "utils/create_zip.py"
+ "utils/merge-rulesets.py"
+ "utils/setversion.py"
+ "utils/zipfile_deterministic.py")
+ (("python3.6") "python3"))
+
+ ;; Failing to generate the xpi, but copy-dir appears to be enough.
+ ;; Failing on missing 'wasm'? Not generating rulesets.
+ (invoke "./make.sh")))
+ #t))
+
+ (replace 'build
+ (lambda _ (invoke "./mach" "build")))
+
+ ;; TorBrowser just do a stage-package here and copy files to its places.
+ (replace 'install
+ (lambda* (#:key inputs native-inputs outputs
+ #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (applications (string-append out "/share/applications"))
+ (builddir "objdir/dist/firefox")
+ (bindir (string-append out "/bin"))
+ (libdir (string-append out "/lib/firefox"))
+ (extdir (string-append libdir "/browser/extensions"))
+ (tordir (string-append libdir "/TorBrowser/Tor"))
+ (ptdir (string-append tordir "/PluggableTransports"))
+ (tbbscripts-dir "tbb-scripts/projects/tor-browser")
+ (ptconfigsdir (string-append
+ tbbscripts-dir
+ "/Bundle-Data/PTConfigs"))
+ (torbrowser-fonts (or (assoc-ref native-inputs
+ "torbrowser-fonts")
+ (assoc-ref inputs
+ "torbrowser-fonts")))
+ (obfs4bin (string-append
+ (assoc-ref inputs "obfs4")
+ "/bin/obfs4proxy"))
+ (torbin (string-append
+ (assoc-ref inputs "tor")
+ "/bin/tor"))
+ (tbb-start-script (string-append
+ tbbscripts-dir
+ "/RelativeLink/start-tor-browser"))
+ (tbb-desktop (string-append
+ tbbscripts-dir
+ "/RelativeLink/start-tor-browser.desktop"))
+ (tbbdocs-in (string-append tbbscripts-dir
+ "/Bundle-Data/Docs"))
+ (tbbdocs-out (string-append libdir
+ "/TorBrowser/Docs"))
+ (tordata-in (string-append
+ tbbscripts-dir
+ "/Bundle-Data/linux/Data"))
+ (tordata-out (string-append libdir
+ "/TorBrowser/Data"))
+ (noscript-id "{73a6fe31-595d-460b-a920-fcc0f8843232}")
+ (httpse-id "https-everywhere-eff@eff.org"))
+ ;; Stage-package
+ (format #t "Staging package ...~%")
+ (invoke "./mach" "build" "stage-package")
+ ;; Now we start moving files to its default paths.
+ (format #t "Deleting spurious files ...~%")
+ ;; TorBrowser doesn't use those.
+ ;; See: tor-browser-build.git/projects/firefox/build:167
+ (with-directory-excursion
+ builddir
+ (for-each (lambda (file)
+ (if (file-exists? file)
+ (delete-file file)
+ (display (string-append "Warning: file "
+ file " not found! Skipping...\n"))))
+ '("firefox-bin" "libfreeblpriv3.chk" "libnssdbm3.chk"
+ "libsoftokn3.chk" "fonts/TwemojiMozilla.ttf")))
+ (rmdir (string-append builddir "/fonts"))
+
+ (format #t "Creating install dirs ...~%")
+ (mkdir-p libdir)
+ (mkdir bindir)
+ (mkdir-p applications)
+ (mkdir-p tordir)
+ (mkdir-p ptdir)
+ (mkdir-p tordata-out)
+ (mkdir-p tbbdocs-out)
+ (mkdir-p extdir)
+ (format #t "Copying files to install dirs ...~%")
+ (copy-recursively builddir (string-append libdir "/")
+ #:log (%make-void-port "w"))
+ (copy-file tbb-start-script
+ (string-append libdir "/start-tor-browser"))
+ (chmod (string-append libdir "/start-tor-browser") #o555)
+ (copy-file tbb-desktop
+ (string-append libdir
+ "/start-tor-browser.desktop"))
+ (chmod (string-append libdir
+ "/start-tor-browser.desktop") #o555)
+ (install-file tbb-desktop applications)
+ (with-directory-excursion
+ (string-append libdir "/browser/chrome/icons/default")
+ (for-each
+ (lambda (file)
+ (let* ((size (string-filter char-numeric? file))
+ (icons (string-append out "/share/icons/hicolor/"
+ size "x" size "/apps")))
+ (mkdir-p icons)
+ (copy-file file (string-append icons "/torbrowser.png"))))
+ '("default16.png" "default32.png" "default48.png" "default64.png"
+ "default128.png")))
+
+ (format #t "Linking start-tor-browser script ...~%")
+ (symlink (string-append libdir "/start-tor-browser")
+ (string-append bindir "/start-tor-browser"))
+ (format #t "Copying fonts to install dirs ...~%")
+ (copy-recursively torbrowser-fonts
+ (string-append libdir "/")
+ #:log (%make-void-port "w"))
+ (format #t "Linking store tor binary ...~%")
+ (symlink torbin (string-append tordir
+ "/tor"))
+ (format #t "Linking store obfs4 binary ...~%")
+ (symlink obfs4bin (string-append ptdir
+ "/obfs4proxy"))
+ (format #t "Copying Bundle-Data to default path ...~%")
+ (with-directory-excursion
+ tordata-in
+ (for-each (lambda (file)
+ (copy-recursively file
+ (string-append
+ tordata-out "/" file)
+ #:log (%make-void-port "w")))
+ '("Browser" "fontconfig" "Tor")))
+ (copy-file (string-append ptconfigsdir
+ "/linux/torrc-defaults-appendix")
+ (string-append tordata-out
+ "/Tor/torrc-defaults-appendix"))
+ (copy-file (string-append ptconfigsdir
+ "/bridge_prefs.js")
+ (string-append tordata-out
+ "/Browser/bridge-prefs-js-appendix"))
+
+ (format #t "Copying licenses and changelog to default path ...~%")
+ (copy-recursively tbbdocs-in
+ (string-append tbbdocs-out "/")
+ #:log (%make-void-port "w"))
+
+ (format #t "Copying noscript ...~%")
+ (copy-file "noscript.xpi" (string-append
+ extdir "/" noscript-id ".xpi"))
+ (format #t "Copying https-everywhere ...~%")
+ (if (file-exists?
+ "https-everywhere-src/pkg/https-everywhere-2020.5.20~pre-eff.xpi")
+ (copy-file
+ "https-everywhere-src/pkg/https-everywhere-2020.5.20~pre-eff.xpi"
+ (string-append extdir "/" httpse-id ".xpi"))
+ (copy-recursively "https-everywhere-src/pkg/xpi-eff"
+ (string-append extdir "/" httpse-id)
+ #:log (%make-void-port "w"))))
+ #t)))))
+ (home-page "https://www.torproject.org")
+ (synopsis "Anonymous browser derived from Mozilla Firefox")
+ (description
+ "TorBrowser is the Tor Project version of Firefox browser. It is the only
+recommended way to anonymously browse the web that is supported by the project.
+It modifies Firefox in order to avoid many know application level attacks on
+the privacy of Tor users.
+
+WARNING: This is not the official TorBrowser and is currently on testing. Use
+at your own risk and please report back on guix channels if you find any
+issues.")
+ (license license:mpl2.0))) ;and others, see toolkit/content/license.html
--
2.27.0
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 841 bytes --]
next prev parent reply other threads:[~2020-07-25 14:50 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-15 21:15 [bug#42380] [WIP] gnu: Add torbrowser-unbundle André Batista
2020-07-25 14:49 ` André Batista [this message]
2020-08-03 12:55 ` [bug#42380] [PATCH] " André Batista
2020-09-07 14:13 ` Ludovic Courtès
2020-09-09 2:24 ` André Batista
2020-09-09 7:20 ` Ludovic Courtès
2020-09-09 10:59 ` Efraim Flashner
2020-09-15 14:21 ` [bug#42380] [PATCH 0/9] " André Batista
2020-09-15 15:01 ` [bug#42380] [PATCH 1/9] gnu: Add go-torproject-org-ptlib André Batista
2020-09-15 15:04 ` [bug#42380] [PATCH 2/9] gnu: Add go-github-com-agl-ed25519 André Batista
2020-09-15 22:50 ` [bug#42380] [PATCH 2v2/9] " André Batista
2020-09-15 15:06 ` [bug#42380] [PATCH 0/9] gnu: Add go-github-com-dchest-siphash André Batista
2020-09-15 22:53 ` [bug#42380] [PATCH 3/9] " André Batista
2020-09-15 15:08 ` [bug#42380] [PATCH 4/9] gnu: Add go-github-com-dchest-uniuri André Batista
2020-09-15 15:10 ` [bug#42380] [PATCH 5/9] gnu: Add go-github-com-dsnet-compress André Batista
2020-09-15 15:12 ` [bug#42380] [PATCH 6/9] gnu: Add go-schwanenlied-me-yawning-bsaes André Batista
2020-09-15 15:14 ` [bug#42380] [PATCH 7/9] gnu: Add go-gitlab-com-yawning-utls André Batista
2020-09-15 15:15 ` [bug#42380] [PATCH 8/9] gnu: obfs4 André Batista
2020-09-15 15:16 ` [bug#42380] [PATCH 9/9] gnu: Add torbrowser-unbundle André Batista
2020-09-24 23:18 ` [bug#42380] [PATCHv2 " André Batista
2020-10-07 15:51 ` [bug#42380] [PATCHv3 " André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 0/9] " André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 1/9] gnu: Add go-torproject-org-ptlib André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 2/9] gnu: Add go-github-com-agl-ed25519 André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 3/9] gnu: Add go-github-com-dchest-siphash André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 4/9] gnu: Add go-github-com-dchest-uniuri André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 5/9] gnu: Add go-github-com-dsnet-compress André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 6/9] gnu: Add go-schwanenlied-me-yawning-bsaes André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 7/9] gnu: Add go-gitlab-com-yawning-utls André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 8/9] gnu: Add obfs4 André Batista
2021-06-03 3:17 ` [bug#42380] [PATCH v4 9/9] gnu: Add torbrowser-unbundle André Batista
2021-06-03 4:10 ` [bug#42380] [PATCH v5 " André Batista
2021-06-03 21:07 ` Maxime Devos
2021-07-10 3:10 ` André Batista
2021-06-03 21:07 ` Maxime Devos
2020-09-12 13:35 ` [bug#42380] Wow! Raghav Gururajan
2020-09-15 15:23 ` André Batista
2021-05-25 15:05 ` Xinglu Chen
2021-05-25 19:12 ` Leo Famulari
2021-05-25 21:24 ` Ludovic Courtès
2021-05-28 1:45 ` André Batista
2021-06-03 20:43 ` Ludovic Courtès
2023-12-12 11:21 ` [bug#42380] [PATCH] gnu: Add torbrowser Clément Lassieur
2023-12-14 21:54 ` André Batista
2023-12-15 17:04 ` André Batista
2023-12-16 3:49 ` André Batista
2023-12-19 18:19 ` Clément Lassieur
2023-12-21 15:05 ` [bug#42380] [WIP] gnu: Add torbrowser-unbundle Clément Lassieur
2023-12-22 14:54 ` André Batista
2023-12-25 15:28 ` Clément Lassieur
2023-12-27 10:03 ` André Batista
2023-12-27 11:18 ` bug#42380: " Clément Lassieur
2023-12-21 13:56 ` [bug#42380] [PATCH v2] gnu: Add torbrowser Clément Lassieur
2023-12-27 21:22 ` [bug#42380] [WIP] gnu: Add torbrowser-unbundle Anonymousemail via Guix-patches via
2023-12-28 16:03 ` Clément Lassieur
2023-12-30 0:34 ` Clément Lassieur
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200725144930.GA13751@andel \
--to=nandre@riseup.net \
--cc=42380@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.