From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0@we.make.ritual.n0.is Subject: Re: Tor Browser Date: Thu, 30 Jun 2016 18:00:30 +0000 Message-ID: <87inwqtv41.fsf@we.make.ritual.n0.is> References: <20160623104107.GA2505@shadowwalker> <20160623132347.GA9193@shadowwalker> <87a8ia7pq4.fsf@gnu.org> <20160624134357.GA30727@shadowwalker> <87por637vi.fsf_-_@gnu.org> <20160624174913.GA19633@shadowwalker> <87r3bkmfja.fsf@gnu.org> <87bn2kxirt.fsf@we.make.ritual.n0.is> <87mvm355r3.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40528) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bIgGb-0007fy-C3 for guix-devel@gnu.org; Thu, 30 Jun 2016 14:00:47 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bIgGW-0001pI-HF for guix-devel@gnu.org; Thu, 30 Jun 2016 14:00:44 -0400 Received: from 93-95-228-168.1984.is ([93.95.228.168]:40569 helo=beleriand.n0.is) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bIgGV-0001pB-S5 for guix-devel@gnu.org; Thu, 30 Jun 2016 14:00:40 -0400 Received: by beleriand.n0.is (OpenSMTPD) with ESMTPSA id 7a58e79c TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO for ; Thu, 30 Jun 2016 18:00:34 +0000 (UTC) In-Reply-To: <87mvm355r3.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Thu, 30 Jun 2016 12:29:52 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org Ludovic Courtès writes: > ng0@we.make.ritual.n0.is skribis: > >> Ludovic Courtès writes: > > [...] > >>> I suppose TB contains a script that does all that, right? Would it >>> work >>> to simply run it? If it invokes wget/curl, then this needs to be >>> replaced, but the rest should be fine. >> >> It's not that easy I'm afraid. >> Currently they use a gitian build, as described in this README[0], >> which the person maintaining the torbrowser ebuild for Gentoo out >> of portage replicates and follows in parts. >> It can't be followed completely, as `builders/tor-browser-bundle' >> requires a checkout of gitian of the torproject.org >> >> So we have to look at what they do and recreate this build >> procedure, there's no individual Makefile, the releases are >> created in VMs. >> >> Dependencies are kept up to date here[1]. >> >> This[2] is the script connecting/using gitian for gnu-linux >> releases. >> >> The Makefile just runs the corresponding scripts. > > Gitian is about building binaries. There must be some script > somewhere > to apply the relevant patches to the source first, before one builds > it, > no? > >>> It’s unfortunate that there’s no ready-to-build TB tarball, that >>> would >>> simplify things for us. >> >> Yes.. But I think icecat suffers from the same problem, only that >> icecat tarballs/binaries are built using a bash script applying >> all that's needed to the firefox sources again. > > IceCat publishes source tarballs that, AIUI, are produced essentially > by > running a script that patches Firefox’s code base (same approach for > Linux-libre.) > > Thanks, > Ludo’. Whoever is interested in continuing this, the below approach is not the fine art and must be cut down in length, but it works. You only have to look at what's in torbrowser sources and adapt accordingly. Good luck and success. ;; apparently for whatever reason torproject does not provide ;; individual language files, they are one lang included in ;; named sources as $name-$OS-$version_$lang.tar.xz (define-public torbrowser (package (inherit icecat) (name "torbrowser") (version "6.0.2") (source (origin (method url-fetch) (uri (string-append "https://dist.torproject.org/" name "/" version "/tor-browser" "-linux64-" version "_en-US.tar.xz")) (sha256 (base32 "08zik2id1rkcl5cw4yscdgb8rdahx342j1fps576465sziy5z06x")))) ;; (modules '((guix build utils))) ;; (snippet ;; '(begin ;; ;; Remove bundled libraries that we don't use, since they may ;; ;; contain unpatched security flaws, they waste disk space and ;; ;; network bandwidth, and may cause confusion. ;; (for-each delete-file-recursively ;; '(;; FIXME: Removing the bundled icu breaks configure. ;; ;; * The bundled icu headers are used in some places. ;; ;; * The version number is taken from the bundled copy. ;; ;;"intl/icu" ;; ;; ;; ;; FIXME: A script from the bundled nspr is used. ;; ;;"nsprpub" ;; ;; ;; ;; TODO: Use system media libraries. Waiting for: ;; ;; ;; ;; * libogg ;; ;; * libtheora ;; ;; * libvorbis ;; ;; * libtremor (not yet in guix) ;; ;; * libopus ;; ;; * speex ;; ;; * soundtouch (not yet in guix) ;; ;; ;; ;; TODO: Use system harfbuzz. Waiting for: ;; ;; ;; ;; ;; ;; TODO: Use system graphite2. ;; ;; ;; ;;;"modules/freetype2" ;; ;;;"modules/zlib" ;; ;;;"modules/libbz2" ;; "ipc/chromium/src/third_party/libevent" ;; "media/libvpx" ;; "security/nss" ;; "gfx/cairo" ;; "js/src/ctypes/libffi" ;; "db/sqlite3")) ;; #t)))) (build-system gnu-build-system) (inputs `(("alsa-lib" ,alsa-lib) ("bzip2" ,bzip2) ("cairo" ,cairo) ("cups" ,cups) ("dbus-glib" ,dbus-glib) ("gdk-pixbuf" ,gdk-pixbuf) ("glib" ,glib) ("gstreamer" ,gstreamer) ("gst-plugins-base" ,gst-plugins-base) ("gtk+" ,gtk+-2) ("pango" ,pango) ("freetype" ,freetype) ("hunspell" ,hunspell) ("libcanberra" ,libcanberra) ("libgnome" ,libgnome) ("libxft" ,libxft) ("libevent" ,libevent) ("libxinerama" ,libxinerama) ("libxscrnsaver" ,libxscrnsaver) ("libxcomposite" ,libxcomposite) ("libxt" ,libxt) ("libffi" ,libffi) ("libvpx" ,libvpx) ("icu4c" ,icu4c) ("pixman" ,pixman) ("pulseaudio" ,pulseaudio) ("mesa" ,mesa) ("mit-krb5" ,mit-krb5) ("nspr" ,nspr) ("nss" ,nss) ("sqlite" ,sqlite) ("startup-notification" ,startup-notification) ("unzip" ,unzip) ("yasm" ,yasm) ("zip" ,zip) ("zlib" ,zlib))) (native-inputs `(("perl" ,perl) ("python" ,python-2) ; Python 3 not supported ("python2-pysqlite" ,python2-pysqlite) ("pkg-config" ,pkg-config))) (arguments `(#:tests? #f ; no check target #:out-of-source? #t ; must be built outside of the source directory ;; XXX: There are RUNPATH issues such as ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so, ;; which is not in its RUNPATH, but they appear to be harmless in ;; practice somehow. See . #:validate-runpath? #f #:configure-flags '("--enable-default-toolkit=cairo-gtk2" "--enable-pango" "--enable-gio" "--enable-svg" "--enable-canvas" "--enable-mathml" "--enable-startup-notification" "--enable-pulseaudio" "--enable-gstreamer=1.0" "--disable-gnomevfs" "--disable-gconf" "--disable-gnomeui" ;; Building with debugging symbols takes ~5GiB, so ;; disable it. "--disable-debug" "--disable-debug-symbols" ;; Avoid bundled libraries. ;; "--with-system-zlib" ;; "--with-system-bz2" ;; "--with-system-libevent" ;; "--with-system-libvpx" ;; "--with-system-icu" ;; "--with-system-nspr" ;; "--with-system-nss" ;; "--enable-system-pixman" ;; "--enable-system-cairo" ;; "--enable-system-ffi" ;; "--enable-system-hunspell" ;; "--enable-system-sqlite" ;; Fails with "--with-system-png won't work because ;; the system's libpng doesn't have APNG support". ;; According to ;; http://sourceforge.net/projects/libpng-apng/ , ;; "the Animated Portable Network Graphics (APNG) ;; is an unofficial extension of the Portable ;; Network Graphics (PNG) format"; ;; we probably do not wish to support it. ;; "--with-system-png" ;; Fails with "libjpeg-turbo JCS_EXTENSIONS ;; required". ;; According to ;; http://sourceforge.net/projects/libjpeg-turbo/ , ;; "libjpeg-turbo is a derivative of libjpeg that ;; uses MMX, SSE, SSE2, and NEON SIMD instructions ;; to accelerate baseline JPEG compression/ ;; decompression", so we had better not use it ;; "--with-system-jpeg" ) #:modules ((ice-9 ftw) (ice-9 rdelim) (ice-9 match) ,@%gnu-build-system-modules) #:phases (modify-phases %standard-phases (add-after 'unpack 'ensure-no-mtimes-pre-1980 (lambda _ ;; Without this, the 'source/test/addons/packed.xpi' and ;; 'source/test/addons/simple-prefs.xpi' targets fail while trying ;; to create zip archives. (let ((early-1980 315619200)) ; 1980-01-02 UTC (ftw "." (lambda (file stat flag) (unless (<= early-1980 (stat:mtime stat)) (utime file early-1980 early-1980)) #t)) #t))) (add-after 'unpack 'remove-h264parse-from-blacklist (lambda _ ;; Remove h264parse from gstreamer format helper blacklist. It ;; was put there to work around a bug in a pre-1.0 version of ;; gstreamer. See: ;; https://www.mozilla.org/en-US/security/advisories/mfsa2015-47/ (substitute* "dom/media/gstreamer/GStreamerFormatHelper.cpp" (("^ \"h264parse\",\n") "")) #t)) ;; (add-after ;; 'unpack 'arrange-to-link-libxul-with-libraries-it-might-dlopen ;; (lambda _ ;; ;; libxul.so dynamically opens libraries, so here we explicitly ;; ;; link them into libxul.so instead. ;; ;; ;; ;; TODO: It might be preferable to patch in absolute file names in ;; ;; calls to dlopen or PR_LoadLibrary, but that didn't seem to ;; ;; work. More investigation is needed. ;; (substitute* "toolkit/library/moz.build" ;; (("^# This needs to be last") ;; "OS_LIBS += [ ;; 'GL', 'gnome-2', 'canberra', 'Xss', 'cups', 'gssapi_krb5', ;; 'gstreamer-1.0', 'gstapp-1.0', 'gstvideo-1.0' ]\n\n")) ;; #t)) (replace 'configure ;; configure does not work followed by both "SHELL=..." and ;; "CONFIG_SHELL=..."; set environment variables instead (lambda* (#:key outputs configure-flags #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (bash (which "bash")) (abs-srcdir (getcwd)) (srcdir (string-append "../" (basename abs-srcdir))) (flags `(,(string-append "--prefix=" out) ,(string-append "--with-l10n-base=" abs-srcdir "/l10n") ,@configure-flags))) (setenv "SHELL" bash) (setenv "CONFIG_SHELL" bash) (mkdir "../build") (chdir "../build") (format #t "build directory: ~s~%" (getcwd)) (format #t "configure flags: ~s~%" flags) (zero? (apply system* bash (string-append srcdir "/configure") flags))))) (add-before 'configure 'install-desktop-entry (lambda* (#:key outputs #:allow-other-keys) ;; Install the '.desktop' file. (define (swallow-%%-directives input output) ;; Interpret '%%ifdef' directives found in the '.desktop' file. (let loop ((state 'top)) (match (read-line input 'concat) ((? eof-object?) #t) ((? string? line) (cond ((string-prefix? "%%ifdef" line) (loop 'ifdef)) ((string-prefix? "%%else" line) (loop 'else)) ((string-prefix? "%%endif" line) (loop 'top)) (else (case state ((top else) (display line output) (loop state)) (else (loop state))))))))) (let* ((out (assoc-ref outputs "out")) (applications (string-append out "/share/applications"))) (call-with-input-file "debian/icecat.desktop.in" (lambda (input) (call-with-output-file "debian/icecat.desktop" (lambda (output) (swallow-%%-directives input output))))) (substitute* "debian/icecat.desktop" (("@MOZ_DISPLAY_NAME@") "GNU IceCat") (("^Exec=@MOZ_APP_NAME@") (string-append "Exec=" out "/bin/icecat")) (("@MOZ_APP_NAME@") "icecat")) (install-file "debian/icecat.desktop" applications) #t)))))) (home-page "https://torproject.org") (synopsis "The Tor Browser") (description "Bla."))) -- ♥Ⓐ ng0 For non-prism friendly talk find me on psyced.org / loupsycedyglgamf.onion