From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex Vong Subject: Re: Tor Browser Date: Mon, 08 Aug 2016 16:03:33 +0800 Message-ID: <87twevbsbu.fsf@gmail.com> References: <20160623104107.GA2505@shadowwalker> <20160623132347.GA9193@shadowwalker> <87a8ia7pq4.fsf@gnu.org> <20160624134357.GA30727@shadowwalker> <87por637vi.fsf_-_@gnu.org> <20160624174913.GA19633@shadowwalker> <87r3bkmfja.fsf@gnu.org> <87bn2kxirt.fsf@we.make.ritual.n0.is> <87mvm355r3.fsf@gnu.org> <87fuqjmj7z.fsf@we.make.ritual.n0.is> <87shuisfst.fsf@gmail.com> <87mvkqxi7x.fsf@we.make.ritual.n0.is> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:51906) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bWfXN-0004ib-4Q for guix-devel@gnu.org; Mon, 08 Aug 2016 04:03:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bWfXI-0004cz-0n for guix-devel@gnu.org; Mon, 08 Aug 2016 04:03:52 -0400 Received: from mail-pa0-x229.google.com ([2607:f8b0:400e:c03::229]:35222) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bWfXH-0004cH-LC for guix-devel@gnu.org; Mon, 08 Aug 2016 04:03:47 -0400 Received: by mail-pa0-x229.google.com with SMTP id iw10so111586940pac.2 for ; Mon, 08 Aug 2016 01:03:44 -0700 (PDT) In-Reply-To: <87mvkqxi7x.fsf@we.make.ritual.n0.is> (ng0@we.make.ritual.n0.is's message of "Sat, 06 Aug 2016 11:14:10 +0000") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: ng0 Cc: guix-devel@gnu.org Hello, ng0 writes: > Hi, > > in the following reply I assume that you did not read all of the > original thread[0]. If I am wrong, correct me. > You are right, I didn't read the whole thread. > Alex Vong writes: > >> ng0 writes: >> >>> Ludovic Court=C3=A8s writes: >>> >>>> ng0@we.make.ritual.n0.is skribis: >>>> >>>>> Ludovic Court=C3=A8s writes: >>>> >>>> [...] >>>> >>>>>> I suppose TB contains a script that does all that, right? Would it = work >>>>>> to simply run it? If it invokes wget/curl, then this needs to be >>>>>> replaced, but the rest should be fine. >>>>> >>>>> It's not that easy I'm afraid. >>>>> Currently they use a gitian build, as described in this README[0], >>>>> which the person maintaining the torbrowser ebuild for Gentoo out >>>>> of portage replicates and follows in parts. >>>>> It can't be followed completely, as `builders/tor-browser-bundle' >>>>> requires a checkout of gitian of the torproject.org >>>>> >>>>> So we have to look at what they do and recreate this build >>>>> procedure, there's no individual Makefile, the releases are >>>>> created in VMs. >>>>> >>>>> Dependencies are kept up to date here[1]. >>>>> >>>>> This[2] is the script connecting/using gitian for gnu-linux releases. >>>>> >>>>> The Makefile just runs the corresponding scripts. >>>> >>>> Gitian is about building binaries. There must be some script somewhere >>>> to apply the relevant patches to the source first, before one builds i= t, >>>> no? >>>> >>>>>> It=E2=80=99s unfortunate that there=E2=80=99s no ready-to-build TB t= arball, that would >>>>>> simplify things for us. >>>>> >>>>> Yes.. But I think icecat suffers from the same problem, only that >>>>> icecat tarballs/binaries are built using a bash script applying >>>>> all that's needed to the firefox sources again. >>>> >>>> IceCat publishes source tarballs that, AIUI, are produced essentially = by >>>> running a script that patches Firefox=E2=80=99s code base (same approa= ch for >>>> Linux-libre.) >>>> >>>> Thanks, >>>> Ludo=E2=80=99. >>> >>> There are the .mar files, which I suppose are the built source of >>> torbrowser, but I can't tell for sure since i can't find an upstream for >>> mar-tools. I guess it is Mozilla, but where is it available? >>> >>> https://dist.torproject.org/torbrowser/6.0.3/ >> >> Hi, I am a tor browser and torsocks user (since a few months ago). Last >> time I tried building tor browser from source (and failed), gitian will >> have to download some non-free xcode stuff to build for the os x >> platform. Is it possible to only build for gnu/linux without building >> for windows and os x? Will the resulting binary still be byte-to-byte >> identical with the tor project official build? > > Was this a build with a guix package? Can you share the code if it is? > I was trying to reproduce the official build. I didn't write any guix recipe. >> Also, it seems tor browser needs virtualenv and virtualbox to >> build. Last time I checked virtualbox, it was on the contrib area of >> debian since it requires a non-free[1] compiler to build the bios[2]. >> I hope we can find way around these issues since tor browser is IMHO an >> essential tool nowadays. > > You might want to re-read the full thread this message is part of. I > already wrote that with the builds I use for torbrowser in Gentoo, that > at least virtualbox is not needed and Ludovic said that the gitian build > is not what we should be looking into. It is mostly poncho's work on > Gentoo, but the overlay I contribute to mirrors their work. There we > don't use gitian but a combination of torbrowser source + firefox source > and distro specific patches. > I see. So poncho and you have already done the hard work :) > > We could also address tor with this when we succeed, as they have an > interest in NixOS or they are looking into it, specifically hydra for > builds: https://trac.torproject.org/projects/tor/ticket/12520 > >> Finally, I agree that icecat could switch to tor browser as its upstream. > > Maybe you want to help me out with writing the email / post to > torproject: > https://lists.gnu.org/archive/html/guix-devel/2016-08/msg00326.html > > On second note, maybe this is message should be addressed to both > torproject and icecat developer(s). What do you think? I have no fixed > plan in mind for this. > Hmm, maybe I will give my (rough) idea here. In my opinion, icecat has 2 important features, librejs (gpl3+) and the lack of non-free addons suggestion. For librejs, TBB already have noscripts, although they serve different purposes (librejs intends to block non-free js only), I doubt devs would want to include 2 js blocker addons. But I think html5 everyhere will be a good addon for TBB since most html5 player requires js. Currently, enabling noscript breaks most video-playing sites. For the lack of non-free addons suggestion, TBB recommends not to install addon, but the addon page is still there, which suggest non-free addons. I don't really know what should we do here. Perhaps we could turn off the suggestion by default and warned user about the existence of non-free addons? We could also provide a replacement page (like icecat). For other addons, I think https everywhere is already in TBB and spyblock looks like haven't been update for long time, so they don't need to be add to TBB. Finally, do you know what is the current state of the firefox trademark issue? Some say it is fixed. (Debian switched back to firefox next release) What is your idea? > [0]: > https://lists.gnu.org/archive/cgi-bin/namazu.cgi?query=3Dtorbrowser&submi= t=3DSearch&idxname=3Dguix-devel >> >> [1]: https://en.wikipedia.org/wiki/Sybase_Open_Watcom_Public_License >> [2]: https://wiki.debian.org/VirtualBox Cheers, Alex