From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:1008:1e59::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id AAcMJJlCeGW3MgAAkFu2QA (envelope-from ) for ; Tue, 12 Dec 2023 12:23:05 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id UKpNIZlCeGUdbAEA62LTzQ (envelope-from ) for ; Tue, 12 Dec 2023 12:23:05 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lassieur.org header.s=fm3 header.b=mXSRdyNL; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm1 header.b=m71ROmf7; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1702380185; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=5J+/UyMqOfR0Qu7oPoX1bWmedeFS5Ep0yYZNhfnExNU=; b=Ydi1JI5Y81cubQEdxOdMiUMBdd32h0rjkAP0EnSQBAy5E6Vva9VkXBf7LtjTnJOAl5UdLe hrS1hu2l0yq8H+pVo2JDHbphf1Tzudr+rYvjAR1wx4DDQ80fIxJv4k+kULOJE97l0F5E58 pEa6Ye7uO1Y+B5NIWoHMFeM6pW8gKAmjVFPDEKoxsWBGCM3w9dIHQDXpXNcyWv6l0pOHHW P6tASofsiUVSQTs17wrEc3pwvUlt5qttM5ptilBduH9hL+tXSZXyKqgeQrFwxhFAWjMWqv SAwJrCnVF2YZlDaAxV8EadE/SH/KZH9UvVDwoSFp0Mu2kvN0FHWOFA2dD0ZR3g== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1702380185; a=rsa-sha256; cv=none; b=Uz0kH2uWkluG0b66ia7Hw7N1kqHk/9yGzqCrmMlTpBFV/B339ZdPmqbyx0Rm21NouoCmCH hUjKbaFBkqUB0dDU7lDWGHn5K6Io6v/IGoZSZ8kqJ9RyvZ6FDSrwkgrm94gNzrBjBdqJBR TgCZ1jDEIZvOstkk1vY4l8qBz4yEP4RF/QOj3PVtCP96D5zUe3nkQc7k8GgCgU448Sj6HO BxaVqOV/6iGUadpcUfHevS2lEaRvCPByc3Vi5lAUL+HvB0KOYc1RUVB9X2zI6LI1i6acSO 8r4muwVNjCj9TMHw7Rg6WoITFsYYmKx6gZRXhCG0SSTFmHeAhypERXlrfUNcjA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lassieur.org header.s=fm3 header.b=mXSRdyNL; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm1 header.b=m71ROmf7; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8AD0A1434E for ; Tue, 12 Dec 2023 12:23:04 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rD0qf-0003z0-Jf; Tue, 12 Dec 2023 06:22:49 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rD0qd-0003yh-25 for guix-patches@gnu.org; Tue, 12 Dec 2023 06:22:47 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rD0qc-0007rP-Q5 for guix-patches@gnu.org; Tue, 12 Dec 2023 06:22:46 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rD0qs-0006fS-31 for guix-patches@gnu.org; Tue, 12 Dec 2023 06:23:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#42380] [PATCH] gnu: Add torbrowser. References: <20200715211547.GA17146@andel> In-Reply-To: <20200715211547.GA17146@andel> Resent-From: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 12 Dec 2023 11:23:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42380 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 42380@debbugs.gnu.org Cc: Xinglu Chen , =?UTF-8?Q?Andr=C3=A9?= Batista , Raghav Gururajan , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Maxime Devos , Efraim Flashner , =?UTF-8?Q?Cl=C3=A9ment?= Lassieur , Leo Famulari Received: via spool by 42380-submit@debbugs.gnu.org id=B42380.170238012125521 (code B ref 42380); Tue, 12 Dec 2023 11:23:02 +0000 Received: (at 42380) by debbugs.gnu.org; 12 Dec 2023 11:22:01 +0000 Received: from localhost ([127.0.0.1]:55372 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rD0ps-0006dN-IY for submit@debbugs.gnu.org; Tue, 12 Dec 2023 06:22:01 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:49559) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rD0pq-0006d5-LD for 42380@debbugs.gnu.org; Tue, 12 Dec 2023 06:22:00 -0500 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 0DD215C02E8; Tue, 12 Dec 2023 06:21:38 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Tue, 12 Dec 2023 06:21:38 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lassieur.org; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm3; t=1702380098; x=1702466498; bh=5J +/UyMqOfR0Qu7oPoX1bWmedeFS5Ep0yYZNhfnExNU=; b=mXSRdyNLrjuQ33VjsC uTvLlzP6mg/X9h09WChd+kaQTNRSd6aNEW4D48Tyn639XXRsE9eBFVm2O3a5FziX sgIplFFKOi2w+rbOVB02ImKOq3ZQSKb7TJIFjXX6V7lV3zPwF8UutENtfYeHp8Xr QUKAOuK7drJCx/TbM7i1klzYwR23XRTitsWVQi/bsfa04ZezWTrCE7NeV46EnioV 3HJWEZCUUdw+fQhItk70TWIoL7z2T8R/0a8lXoaW4Yv3EYLSKP9fOzsoHmaUsl21 8HTUv5GuV8nH5fvjEOJ3le/k1Rmq9nYtQ6Tn2cmNi7bbCDtGm5MJGCjpJUZmMTb6 If3w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1702380098; x=1702466498; bh=5J+/UyMqOfR0Q u7oPoX1bWmedeFS5Ep0yYZNhfnExNU=; b=m71ROmf7PfmOZDJGxXdAvi0oL37AA dLFcGPS0Ia0nJKCy1pt9yOs+/UlzftwbPIFdTx5ivCjwzGQo80HjfDrpxLTQ1Sgs YtIjxAeDOh0rkeOX603kxYJbVCfyg+AQ7rRJrN9SD5ja5Xqb+ox7iAV+1AJYgbB3 8Nujq9VN4wvX8QIntv+F0BYEBcc67mb6AzNb4CCckZjOsVJWGMnPGH5isy/EpfCa +Mcj2e0u9f80UfTQIxvG2ywakP1DfkkA+7VSPiLwBGu3WdmjAJIKVMfxiPX2xGF6 iZbR97wHLdr8MOWMf7ZJYqTLanhglIBEwF8slrVL8HQm4g9w4Db/soBAQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudelgedgvdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvvefufffkofggtgfgsehtkeertdertdejnecuhfhrohhmpeevlhormhgv nhhtucfnrghsshhivghurhcuoegtlhgvmhgvnhhtsehlrghsshhivghurhdrohhrgheqne cuggftrfgrthhtvghrnhephfdtjeegtdduhfekffdvleetfefhkeetkefhtdejvddtffek ueelffetleelgfeknecuffhomhgrihhnpehmohiiihhllhgrrdhorhhgpdhnohhstghrih hpthdrnhgvthdpthhorhhprhhojhgvtghtrdhorhhgpdhgnhhurdhorhhgpdgtohhnthgv nhhtrdhrvggrugdpghgvthgrugguohhnshdrshgvrghrtghhpdhgvghtrgguughonhhsrd hlihhnkhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhm pegtlhgvmhgvnhhtsehlrghsshhivghurhdrohhrgh X-ME-Proxy: Feedback-ID: i4c21472a:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 12 Dec 2023 06:21:34 -0500 (EST) From: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur Date: Tue, 12 Dec 2023 12:21:18 +0100 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -4.28 X-Spam-Score: -4.28 X-Migadu-Queue-Id: 8AD0A1434E X-Migadu-Scanner: mx12.migadu.com X-TUID: +Tnnz7MCujmg * gnu/packages/tor.scm (torbrowser): New variable. (torbrowser-assets): New variable. * gnu/packages/browser-extensions.scm (noscript): New variable. (noscript/icecat): New variable. Change-Id: I73dc53905e4a028108bb34aae07e44256cf16c85 --- Hi, this is a package for Tor Browser. I initially wanted to base my work on André's but I believe pretty much everything is new now. André's work helped nonetheless, so thank you André. A few notes: - HTTPS-everywhere extension is now built-in. - There is a package for Noscript. - Bridge support (lyrebird) will come later (patches are being polished and are for the testing branch) - I took inspiration from OpenBSD's package (they build it too) and from Nix (they use the bundle). - Some work could be done to improve icecat-minimal inheritance (icons, sandbox, wrap-program) but it's not trivial. - The name is "torbrowser" because it's obvious that we don't bundle anything in Guix, that's how other distros do and it's simpler. - It should be FSDG compatible (no DRM, no link to addons.mozilla.org). Comments are welcome! Clément gnu/packages/browser-extensions.scm | 26 +++ gnu/packages/gnupg.scm | 3 +- gnu/packages/tor.scm | 280 ++++++++++++++++++++++++++++ 3 files changed, 307 insertions(+), 2 deletions(-) diff --git a/gnu/packages/browser-extensions.scm b/gnu/packages/browser-extensions.scm index 21c519eda31c..9efa94b77396 100644 --- a/gnu/packages/browser-extensions.scm +++ b/gnu/packages/browser-extensions.scm @@ -21,6 +21,7 @@ (define-module (gnu packages browser-extensions) #:use-module (guix gexp) #:use-module (guix packages) + #:use-module (guix download) #:use-module (guix git-download) #:use-module (guix build-system copy) #:use-module (guix build-system gnu) @@ -221,3 +222,28 @@ (define passff (define-public passff/icecat (make-icecat-extension passff)) + +(define noscript + (package + (name "noscript") + (version "11.4.28") + (source (origin + (method url-fetch/zipbomb) + (uri (string-append + "https://noscript.net/download/releases/noscript-" version + ".xpi")) + (sha256 + (base32 + "051wawi0yjyramp743yjawqaz59g3m2gcivm24b44ibd4arpdl2l")))) + (build-system copy-build-system) + (properties '((addon-id . "{73a6fe31-595d-460b-a920-fcc0f8843232}"))) + (arguments + `(#:install-plan '(("." ,(assq-ref properties 'addon-id))))) + (home-page "https://noscript.net") + (synopsis "Software providing extra protection for various browsers.") + (description "The NoScript Security Suite is a software providing extra +protection for web browsers.") + (license license:gpl3+))) + +(define-public noscript/icecat + (make-icecat-extension noscript)) diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index a5b8587a141c..bec74b3f3f49 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -70,7 +70,6 @@ (define-module (gnu packages gnupg) #:use-module (gnu packages swig) #:use-module (gnu packages texinfo) #:use-module (gnu packages tls) - #:use-module (gnu packages tor) #:use-module (gnu packages web) #:use-module (gnu packages xorg) #:use-module (gnu packages xdisorg) @@ -1124,7 +1123,7 @@ (define-public parcimonie perl-try-tiny perl-type-tiny perl-types-path-tiny - torsocks)) + (@ (gnu packages tor) torsocks))) ;avoid dependency loop (native-inputs (list perl-file-which perl-gnupg-interface diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm index 71f32b3f4331..31e9945f5d39 100644 --- a/gnu/packages/tor.scm +++ b/gnu/packages/tor.scm @@ -36,11 +36,15 @@ (define-module (gnu packages tor) #:use-module (guix utils) #:use-module (guix download) #:use-module (guix git-download) + #:use-module (guix build-system copy) #:use-module (guix build-system gnu) + #:use-module (guix build-system mozilla) #:use-module (guix build-system python) #:use-module (guix build-system pyproject) #:use-module (gnu packages) #:use-module (gnu packages base) + #:use-module (gnu packages bash) + #:use-module (gnu packages browser-extensions) #:use-module (gnu packages libevent) #:use-module (gnu packages linux) #:use-module (gnu packages check) @@ -48,6 +52,7 @@ (define-module (gnu packages tor) #:use-module (gnu packages pcre) #:use-module (gnu packages freedesktop) #:use-module (gnu packages glib) + #:use-module (gnu packages gnuzilla) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) #:use-module (gnu packages python-check) @@ -483,3 +488,278 @@ (define-public tractor the onion proxy and sets up proxy in user session, so you don't have to mess up with TOR on your system anymore.") (license license:gpl3+))) + +(define torbrowser-assets + ;; This is a prebuilt Torbrowser from which we take the assets we need. + (package + (name "torbrowser-assets") + ;; To find the last version, look at https://www.torproject.org/download/. + (version "13.0.6") + (source + (origin + (method url-fetch) + (uri + (string-append + "https://archive.torproject.org/tor-package-archive/torbrowser/" + version "/tor-browser-linux-x86_64-" version ".tar.xz")) + (sha256 + (base32 + "0d72jgcp9rbpfjivsh6vg6bgbppkhrlficwk4jz0f8h69cj8ygzd")))) + (arguments + (list + #:install-plan + ''(("Browser" "." #:include-regexp + ("^\\./TorBrowser/Data/Tor/torrc-defaults" + "^\\./fonts/" + "^\\./fontconfig/fonts.conf"))))) + (build-system copy-build-system) + (home-page "https://www.torproject.org") + (synopsis "Tor Browser assets") + (description "This package contains fonts and configuration files for Tor +Browser.") + (license license:silofl1.1))) + +(define-public torbrowser + (package + (inherit icecat-minimal) + (name "torbrowser") + ;; To find the last version, browse + ;; https://archive.torproject.org/tor-package-archive/torbrowser/ + ;; ( is the version of the `torbrowser-assets` package). There + ;; should be only one archive that starts with "src-firefox-tor-browser-". + (version "115.5.0esr-13.0-1-build4") + (source + (origin + (method url-fetch) + (uri + (string-append + "https://archive.torproject.org/tor-package-archive/torbrowser/" + (package-version torbrowser-assets) + "/src-firefox-tor-browser-" version ".tar.xz")) + (sha256 + (base32 + "0p0qsfc2l2bicqjr1kxciiij5qz7n8xqyvyn8f13fvk0wyg94c6v")))) + (build-system mozilla-build-system) + (arguments + (substitute-keyword-arguments (package-arguments icecat-minimal) + ((#:configure-flags flags '()) + #~(cons* + "--without-relative-data-dir" ;store is read-only + "--disable-base-browser-update" + "--enable-update-channel=release" + "--with-branding=browser/branding/tb-release" + (string-append "--prefix=" #$output) + (string-append "--with-base-browser-version=" + #$(package-version + (this-package-input "torbrowser-assets"))) + #$flags)) + ((#:phases phases) + #~(modify-phases #$phases + (add-before 'configure 'setenv + (lambda _ + (setenv "CONFIG_SHELL" (which "bash")) + ;; Install location is prefix/lib/$MOZ_APP_NAME. Also + ;; $MOZ_APP_NAME is the executable name. Default is + ;; "firefox". + (setenv "MOZ_APP_NAME" "torbrowser") + ;; Profile location (relative to "~/."). Default is + ;; lower($MOZ_APP_VENDOR/$MOZ_APP_BASENAME), which is: + ;; ~/.tor project/firefox. + (setenv "MOZ_APP_PROFILE" "torbrowser/browser") + ;; WM_CLASS (default is "$MOZ_APP_NAME-$MOZ_UPDATE_CHANNEL"). + (setenv "MOZ_APP_REMOTINGNAME" "Tor Browser") + ;; Persistent state directory for the build system (default is + ;; $HOME/.mozbuild). + (setenv "MOZBUILD_STATE_PATH" + (in-vicinity (getcwd) ".mozbuild")))) + (add-before 'configure 'mozconfig + (lambda* (#:key configure-flags #:allow-other-keys) + (with-output-to-file "mozconfig" + (lambda () + (format #t ". $topsrcdir/mozconfig-linux-x86_64~%") + (for-each (lambda (flag) + (format #t "ac_add_options ~a~%" flag)) + configure-flags))))) + (replace 'configure + (lambda _ + (invoke "make" "-C" "tools/torbrowser" "config"))) + (add-before 'build 'fix-addons-placeholder + (lambda _ + (substitute* + "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl" + (("addons.mozilla.org") "gnuzilla.gnu.org")))) + (replace 'build + (lambda _ + (invoke "make" "-C" "tools/torbrowser" "build"))) + (add-after 'install 'deploy-assets + (lambda _ + (let ((assets #$(this-package-input "torbrowser-assets")) + (lib (in-vicinity #$output "lib/torbrowser")) + (tor #$(this-package-input "tor"))) + ;; TorBrowser/Data/Tor/torrc-defaults + (copy-recursively (in-vicinity assets "TorBrowser") + (in-vicinity lib "TorBrowser")) + ;; The geoip and geoip6 files are in the same directory as + ;; torrc-defaults. (See TorProcess.sys.mjs.) + (mkdir-p (in-vicinity lib "TorBrowser/Data/Tor")) + (copy-file (in-vicinity tor "share/tor/geoip") + (in-vicinity lib "TorBrowser/Data/Tor/geoip")) + (copy-file (in-vicinity tor "share/tor/geoip6") + (in-vicinity lib "TorBrowser/Data/Tor/geoip6")) + ;; Fonts + (copy-recursively (in-vicinity assets "fontconfig") + (in-vicinity lib "fontconfig")) + (substitute* (in-vicinity lib "fontconfig/fonts.conf") + (("fonts") + (format #f "~a" (in-vicinity lib "fonts")))) + (delete-file-recursively (in-vicinity lib "fonts")) + (copy-recursively (in-vicinity assets "fonts") + (in-vicinity lib "fonts"))))) + (replace 'build-sandbox-whitelist + (lambda* (#:key inputs #:allow-other-keys) + (define (runpath-of lib) + (call-with-input-file lib + (compose elf-dynamic-info-runpath + elf-dynamic-info + parse-elf + get-bytevector-all))) + (define (runpaths-of-input label) + (let* ((dir (string-append (assoc-ref inputs label) "/lib")) + (libs (find-files dir "\\.so$"))) + (append-map runpath-of libs))) + ;; Populate the sandbox read-path whitelist as needed by ffmpeg. + (let* ((whitelist + (map (cut string-append <> "/") + (delete-duplicates + `(,(string-append (assoc-ref inputs "shared-mime-info") + "/share/mime") + ,@(append-map runpaths-of-input + '("mesa" "ffmpeg")))))) + (whitelist-string (string-join whitelist ","))) + (with-output-to-file "whitelist.txt" + (lambda () + (display whitelist-string)))))) + (add-after 'install 'autoconfig + (lambda* (#:key inputs #:allow-other-keys) + (let ((lib (in-vicinity #$output "lib/torbrowser")) + (config-file "tor-browser.cfg")) + (with-output-to-file (in-vicinity + lib "defaults/pref/autoconfig.js") + (lambda () + (format #t "// first line must be a comment~%") + (format #t "pref(~s, ~s);~%" + "general.config.filename" config-file) + (format #t "pref(~s, ~a);~%" + "general.config.obscure_value" "0"))) + (with-output-to-file (in-vicinity lib config-file) + (lambda () + (format #t "// first line must be a comment~%") + ;; Locking prevents these values being written to + ;; prefs.js, avoiding Store path capture. + (format #t "lockPref(~s, ~s);~%" + "extensions.torlauncher.torrc-defaults_path" + (in-vicinity + lib "TorBrowser/Data/Tor/torrc-defaults")) + (format #t "lockPref(~s, ~s);~%" + "extensions.torlauncher.tor_path" + (search-input-file inputs "bin/tor")) + ;; Required for Guix packaged extensions + ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8 + ;; Default is 5. + (format #t "pref(~s, ~a);~%" + "extensions.enabledScopes" "13") + (format #t "pref(~s, ~s);~%" + "security.sandbox.content.read_path_whitelist" + (call-with-input-file "whitelist.txt" + get-string-all)) + ;; Add-ons pannel (see settings.js in Icecat source). + (format #t "pref(~s, ~s);~%" + "extensions.getAddons.search.browseURL" + "https://gnuzilla.gnu.org/mozzarella") + (format #t "pref(~s, ~s);~%" + "extensions.getAddons.get.url" + "https://gnuzilla.gnu.org/mozzarella") + (format #t "pref(~s, ~s);~%" + "extensions.getAddons.link.url" + "https://gnuzilla.gnu.org/mozzarella") + (format #t "pref(~s, ~s);~%" + "extensions.getAddons.discovery.api_url" + "https://gnuzilla.gnu.org/mozzarella") + (format #t "pref(~s, ~s);~%" + "extensions.getAddons.langpacks.url" + "https://gnuzilla.gnu.org/mozzarella") + (format #t "pref(~s, ~s);~%" + "lightweightThemes.getMoreURL" + "https://gnuzilla.gnu.org/mozzarella")))))) + (replace 'wrap-program + (lambda* (#:key inputs #:allow-other-keys) + (let* ((gtk #$(this-package-input "gtk+")) + (gtk-share (string-append gtk "/share")) + (fonts.conf (in-vicinity + #$output + "lib/torbrowser/fontconfig/fonts.conf")) + (ld-libs '#$(cons + (file-append + (this-package-input "libcanberra") + "/lib/gtk-3.0/modules") + (map + (lambda (label) + (file-append + (this-package-input label) "/lib")) + '("libpng-apng" + "libxscrnsaver" + "mesa" + "pciutils" + "mit-krb5" + "eudev" + "pulseaudio" + "libnotify"))))) + (wrap-program + (in-vicinity #$output "lib/torbrowser/torbrowser") + `("XDG_DATA_DIRS" prefix (,gtk-share)) + `("LD_LIBRARY_PATH" prefix ,ld-libs) + `("FONTCONFIG_FILE" prefix (,fonts.conf)))))) + (replace 'install-desktop-entry + (lambda _ + (let ((apps (in-vicinity #$output "share/applications"))) + (mkdir-p apps) + (make-desktop-entry-file + (in-vicinity apps "torbrowser.desktop") + #:name "Tor Browser" + #:exec + (format #f "~a %u" (in-vicinity #$output "bin/torbrowser")) + #:comment + "Tor Browser is +1 for privacy and -1 for mass surveillance" + #:categories '("Network" "WebBrowser" "Security") + #:startup-w-m-class "Tor Browser" + #:icon "tor-browser")))) + (replace 'install-icons + (lambda* (#:key inputs #:allow-other-keys) + (for-each + (lambda (size) + (let ((oldpath (string-append + "browser/branding/tb-release/default" + size ".png")) + (newpath (string-append #$output + "/share/icons/hicolor/" + size "x" size "/apps"))) + (mkdir-p newpath) + (copy-file oldpath + (in-vicinity newpath "tor-browser.png")))) + '("16" "22" "24" "32" "48" "64" "128" "256")))))))) + (inputs + (modify-inputs (package-inputs icecat-minimal) + (append bash-minimal + tor + torbrowser-assets))) + (propagated-inputs + (list noscript/icecat)) + (home-page "https://www.torproject.org") + (synopsis "Anonymous browser derived from Mozilla Firefox") + (description + "Tor Browser is the Tor Project version of Firefox browser. It is the +only recommended way to anonymously browse the web that is supported by the +project. It modifies Firefox in order to avoid many know application level +attacks on the privacy of Tor users.") + (license license:mpl2.0))) ;And others, see + ;toolkit/content/license.html base-commit: bb3ab24a296ffa5273b2e82a02ed057e90c095f3 -- 2.41.0