Re: tor - Denis 'GNUtoo' Carikli

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
To: Gottfried <gottfried@posteo.de>
Cc: Csepp <raingloom@riseup.net>, help-guix@gnu.org
Subject: Re: tor
Date: Sat, 5 Nov 2022 01:29:42 +0100	[thread overview]
Message-ID: <20221105012942.2be20962@primary_laptop> (raw)
In-Reply-To: <20220901162735.785a14c9@primary_laptop>

[-- Attachment #1.1: Type: text/plain, Size: 2375 bytes --]

Hi again,

I had some data loss so I wasn't able to reply to this thread before.

I managed to make the tor-browser work in Guix proper, and I've
attached the script I used for that. It's hardcoded for i686 though so
it needs to be modified for x86_64.

Even if that works, there is a problematic issue: the tor-browser has a
potential freedom issue: on one hand it very strongly advises people
not to install any addons, on the other hand in "tools->Addons and
themes->Plugins", there is the following message:
> Get extensions and themes on addons.mozilla.org

And the issue is that that repository also contains nonfree addons.

If that address can get removed or changed, we could have something
where we could be sure that it is FSDG compliant, so we could probably
ship scripts like guix-tor-browser-installer for instance.

I've tried to find where that string is set in the binaries in the hope
of being able to make a dead simple sed script that would fix the
potential FSDG issue at least at installation time, but it didn't
find much:
> $ tar xf tor-browser-linux64-11.5.4_en-US.tar.xz
> $ grep addons.mozilla.org -r tor-browser_en-US
> tor-browser_en-US/Browser/TorBrowser/Docs/ChangeLog.txt:   * Bug
> 10464: Remove addons.mozilla.org from NoScript whitelist grep:
> tor-browser_en-US/Browser/libxul.so: binary file matches

> $ strings tor-browser_en-US/Browser/libxul.so | \
> grep addons.mozilla.org
> addons.mozilla.org
> $http://addons.mozilla.org/ca/crl.pem0
> signingca1.addons.mozilla.org1!0
> $http://addons.mozilla.org/ca/crl.pem0N

The issue is that this domain is also used for addons updates, so we
can't simply remove it blindly. We need to only remove that string in
"tools->Addons and themes->Plugins".

The advantage of patching binaries is that we don't need to rebuild it,
so we really have the tiniest amount of change possible to make it FSDG
compliant (and we can hope that it doesn't change the tor-browser
fingerprint).

As far as I understand it should also also be OK to use binaries like
that as long as we're also able to rebuild it in an FSDG distribution
somehow.

Though here the path forward is probably to dig into upstream bug
reports and see what upstream thinks about making the tor-browser FSDG
compliant and/or removing the information of where to find addons.

Denis.

[-- Attachment #1.2: tor-browser --]
[-- Type: application/octet-stream, Size: 1819 bytes --]

#!/bin/sh
# Copyright (C) 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

set -e

cd ~/.local/share/torbrowser/tbb/i686/tor-browser_en-US/Browser/

# I have my Download folder somewhere else. Right now it's at
# /srv/data/Downloads on another partition. And I want tor-browser to
# use that folder for storing Downloads.
# For that to work we need to give the tor-browser write access to
# /srv/data/Downloads/. Other methods were tried but didn't work:
# - mounting /srv/data/Downloads/ to Downloads resulted in the
#   tor-browser failing to start.
# - Using --exporse=/srv/data/Downloads/=${HOME}/.../Browser/Downloads
#   did not work either because Download was unaccessible. Replacing
#   --expose by share in the command above didn't change anything.
# So I ended up using --share=/srv/data/Downloads/. That requires the
# user to do the symlink manually though.
guix shell \
	--share=/srv/data/Downloads/ \
	--expose=/run/user/$(id -u)/ \
	--expose=/tmp/.X11-unix \
	--expose=/tmp/.X1-lock \
	--container \
	--emulate-fhs \
	--network \
	bash coreutils dbus-glib file grep gcc:lib gtk+@3 libxt sed -- \
		bash -l -c "export DISPLAY=${DISPLAY}; ./start-tor-browser"

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

next prev parent reply	other threads:[~2022-11-05  0:32 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-28 10:52 tor Gottfried
2022-08-28 12:09 ` tor Csepp
2022-08-29 14:19   ` tor Gottfried
2022-08-30 10:54     ` tor Csepp
2022-08-30 18:32       ` tor Gottfried
2022-08-31 16:23         ` tor Denis 'GNUtoo' Carikli
2022-09-01 13:59           ` tor Denis 'GNUtoo' Carikli
2022-09-02 18:31             ` tor Gottfried
2022-09-21  9:52               ` tor Gottfried
2022-09-22 11:52                 ` tor Chris Keschnat via
2022-09-01 14:27         ` tor Denis 'GNUtoo' Carikli
2022-09-01 17:35           ` tor Gottfried
2022-09-01 23:35             ` tor Denis 'GNUtoo' Carikli
2022-11-05  0:29           ` Denis 'GNUtoo' Carikli [this message]
2022-11-07 19:24             ` tor Gottfried
2022-11-07 20:14               ` tor Wojtek Kosior via
2022-11-07 23:19                 ` tor Denis 'GNUtoo' Carikli
  -- strict thread matches above, loose matches on Subject: below --
2022-09-23 16:36 tor Gottfried
2020-09-17 12:32 Tor Rasa Gulla via
2020-09-17 13:15 ` Tor Julien Lepiller
2020-09-17 13:18   ` Tor Rasa Gulla

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221105012942.2be20962@primary_laptop \
    --to=gnutoo@cyberdimension.org \
    --cc=gottfried@posteo.de \
    --cc=help-guix@gnu.org \
    --cc=raingloom@riseup.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.