[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#42380] [PATCH] gnu: Add torbrowser.
|
From: |
Clément Lassieur |
|
Subject: |
[bug#42380] [PATCH] gnu: Add torbrowser. |
|
Date: |
Tue, 12 Dec 2023 12:21:18 +0100 |
* gnu/packages/tor.scm (torbrowser): New variable.
(torbrowser-assets): New variable.
* gnu/packages/browser-extensions.scm (noscript): New variable.
(noscript/icecat): New variable.
Change-Id: I73dc53905e4a028108bb34aae07e44256cf16c85
---
Hi, this is a package for Tor Browser. I initially wanted to base my work on
André's but I believe pretty much everything is new now. André's work helped
nonetheless, so thank you André.
A few notes:
- HTTPS-everywhere extension is now built-in.
- There is a package for Noscript.
- Bridge support (lyrebird) will come later (patches are being polished and
are for the testing branch)
- I took inspiration from OpenBSD's package (they build it too) and from
Nix (they use the bundle).
- Some work could be done to improve icecat-minimal inheritance (icons,
sandbox, wrap-program) but it's not trivial.
- The name is "torbrowser" because it's obvious that we don't bundle anything
in Guix, that's how other distros do and it's simpler.
- It should be FSDG compatible (no DRM, no link to addons.mozilla.org).
Comments are welcome!
Clément
gnu/packages/browser-extensions.scm | 26 +++
gnu/packages/gnupg.scm | 3 +-
gnu/packages/tor.scm | 280 ++++++++++++++++++++++++++++
3 files changed, 307 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/browser-extensions.scm
b/gnu/packages/browser-extensions.scm
index 21c519eda31c..9efa94b77396 100644
--- a/gnu/packages/browser-extensions.scm
+++ b/gnu/packages/browser-extensions.scm
@@ -21,6 +21,7 @@
(define-module (gnu packages browser-extensions)
#:use-module (guix gexp)
#:use-module (guix packages)
+ #:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system copy)
#:use-module (guix build-system gnu)
@@ -221,3 +222,28 @@ (define passff
(define-public passff/icecat
(make-icecat-extension passff))
+
+(define noscript
+ (package
+ (name "noscript")
+ (version "11.4.28")
+ (source (origin
+ (method url-fetch/zipbomb)
+ (uri (string-append
+ "https://noscript.net/download/releases/noscript-"; version
+ ".xpi"))
+ (sha256
+ (base32
+ "051wawi0yjyramp743yjawqaz59g3m2gcivm24b44ibd4arpdl2l"))))
+ (build-system copy-build-system)
+ (properties '((addon-id . "{73a6fe31-595d-460b-a920-fcc0f8843232}")))
+ (arguments
+ `(#:install-plan '(("." ,(assq-ref properties 'addon-id)))))
+ (home-page "https://noscript.net";)
+ (synopsis "Software providing extra protection for various browsers.")
+ (description "The NoScript Security Suite is a software providing extra
+protection for web browsers.")
+ (license license:gpl3+)))
+
+(define-public noscript/icecat
+ (make-icecat-extension noscript))
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index a5b8587a141c..bec74b3f3f49 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -70,7 +70,6 @@ (define-module (gnu packages gnupg)
#:use-module (gnu packages swig)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages tls)
- #:use-module (gnu packages tor)
#:use-module (gnu packages web)
#:use-module (gnu packages xorg)
#:use-module (gnu packages xdisorg)
@@ -1124,7 +1123,7 @@ (define-public parcimonie
perl-try-tiny
perl-type-tiny
perl-types-path-tiny
- torsocks))
+ (@ (gnu packages tor) torsocks))) ;avoid dependency loop
(native-inputs
(list perl-file-which
perl-gnupg-interface
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 71f32b3f4331..31e9945f5d39 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -36,11 +36,15 @@ (define-module (gnu packages tor)
#:use-module (guix utils)
#:use-module (guix download)
#:use-module (guix git-download)
+ #:use-module (guix build-system copy)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system mozilla)
#:use-module (guix build-system python)
#:use-module (guix build-system pyproject)
#:use-module (gnu packages)
#:use-module (gnu packages base)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages browser-extensions)
#:use-module (gnu packages libevent)
#:use-module (gnu packages linux)
#:use-module (gnu packages check)
@@ -48,6 +52,7 @@ (define-module (gnu packages tor)
#:use-module (gnu packages pcre)
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages glib)
+ #:use-module (gnu packages gnuzilla)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages python-check)
@@ -483,3 +488,278 @@ (define-public tractor
the onion proxy and sets up proxy in user session, so you don't have to mess
up with TOR on your system anymore.")
(license license:gpl3+)))
+
+(define torbrowser-assets
+ ;; This is a prebuilt Torbrowser from which we take the assets we need.
+ (package
+ (name "torbrowser-assets")
+ ;; To find the last version, look at https://www.torproject.org/download/.
+ (version "13.0.6")
+ (source
+ (origin
+ (method url-fetch)
+ (uri
+ (string-append
+ "https://archive.torproject.org/tor-package-archive/torbrowser/";
+ version "/tor-browser-linux-x86_64-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0d72jgcp9rbpfjivsh6vg6bgbppkhrlficwk4jz0f8h69cj8ygzd"))))
+ (arguments
+ (list
+ #:install-plan
+ ''(("Browser" "." #:include-regexp
+ ("^\\./TorBrowser/Data/Tor/torrc-defaults"
+ "^\\./fonts/"
+ "^\\./fontconfig/fonts.conf")))))
+ (build-system copy-build-system)
+ (home-page "https://www.torproject.org";)
+ (synopsis "Tor Browser assets")
+ (description "This package contains fonts and configuration files for Tor
+Browser.")
+ (license license:silofl1.1)))
+
+(define-public torbrowser
+ (package
+ (inherit icecat-minimal)
+ (name "torbrowser")
+ ;; To find the last version, browse
+ ;; https://archive.torproject.org/tor-package-archive/torbrowser/<version>
+ ;; (<version> is the version of the `torbrowser-assets` package). There
+ ;; should be only one archive that starts with "src-firefox-tor-browser-".
+ (version "115.5.0esr-13.0-1-build4")
+ (source
+ (origin
+ (method url-fetch)
+ (uri
+ (string-append
+ "https://archive.torproject.org/tor-package-archive/torbrowser/";
+ (package-version torbrowser-assets)
+ "/src-firefox-tor-browser-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0p0qsfc2l2bicqjr1kxciiij5qz7n8xqyvyn8f13fvk0wyg94c6v"))))
+ (build-system mozilla-build-system)
+ (arguments
+ (substitute-keyword-arguments (package-arguments icecat-minimal)
+ ((#:configure-flags flags '())
+ #~(cons*
+ "--without-relative-data-dir" ;store is read-only
+ "--disable-base-browser-update"
+ "--enable-update-channel=release"
+ "--with-branding=browser/branding/tb-release"
+ (string-append "--prefix=" #$output)
+ (string-append "--with-base-browser-version="
+ #$(package-version
+ (this-package-input "torbrowser-assets")))
+ #$flags))
+ ((#:phases phases)
+ #~(modify-phases #$phases
+ (add-before 'configure 'setenv
+ (lambda _
+ (setenv "CONFIG_SHELL" (which "bash"))
+ ;; Install location is prefix/lib/$MOZ_APP_NAME. Also
+ ;; $MOZ_APP_NAME is the executable name. Default is
+ ;; "firefox".
+ (setenv "MOZ_APP_NAME" "torbrowser")
+ ;; Profile location (relative to "~/."). Default is
+ ;; lower($MOZ_APP_VENDOR/$MOZ_APP_BASENAME), which is:
+ ;; ~/.tor project/firefox.
+ (setenv "MOZ_APP_PROFILE" "torbrowser/browser")
+ ;; WM_CLASS (default is "$MOZ_APP_NAME-$MOZ_UPDATE_CHANNEL").
+ (setenv "MOZ_APP_REMOTINGNAME" "Tor Browser")
+ ;; Persistent state directory for the build system (default is
+ ;; $HOME/.mozbuild).
+ (setenv "MOZBUILD_STATE_PATH"
+ (in-vicinity (getcwd) ".mozbuild"))))
+ (add-before 'configure 'mozconfig
+ (lambda* (#:key configure-flags #:allow-other-keys)
+ (with-output-to-file "mozconfig"
+ (lambda ()
+ (format #t ". $topsrcdir/mozconfig-linux-x86_64~%")
+ (for-each (lambda (flag)
+ (format #t "ac_add_options ~a~%" flag))
+ configure-flags)))))
+ (replace 'configure
+ (lambda _
+ (invoke "make" "-C" "tools/torbrowser" "config")))
+ (add-before 'build 'fix-addons-placeholder
+ (lambda _
+ (substitute*
+ "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
+ (("addons.mozilla.org") "gnuzilla.gnu.org"))))
+ (replace 'build
+ (lambda _
+ (invoke "make" "-C" "tools/torbrowser" "build")))
+ (add-after 'install 'deploy-assets
+ (lambda _
+ (let ((assets #$(this-package-input "torbrowser-assets"))
+ (lib (in-vicinity #$output "lib/torbrowser"))
+ (tor #$(this-package-input "tor")))
+ ;; TorBrowser/Data/Tor/torrc-defaults
+ (copy-recursively (in-vicinity assets "TorBrowser")
+ (in-vicinity lib "TorBrowser"))
+ ;; The geoip and geoip6 files are in the same directory as
+ ;; torrc-defaults. (See TorProcess.sys.mjs.)
+ (mkdir-p (in-vicinity lib "TorBrowser/Data/Tor"))
+ (copy-file (in-vicinity tor "share/tor/geoip")
+ (in-vicinity lib "TorBrowser/Data/Tor/geoip"))
+ (copy-file (in-vicinity tor "share/tor/geoip6")
+ (in-vicinity lib "TorBrowser/Data/Tor/geoip6"))
+ ;; Fonts
+ (copy-recursively (in-vicinity assets "fontconfig")
+ (in-vicinity lib "fontconfig"))
+ (substitute* (in-vicinity lib "fontconfig/fonts.conf")
+ (("<dir>fonts</dir>")
+ (format #f "<dir>~a</dir>" (in-vicinity lib "fonts"))))
+ (delete-file-recursively (in-vicinity lib "fonts"))
+ (copy-recursively (in-vicinity assets "fonts")
+ (in-vicinity lib "fonts")))))
+ (replace 'build-sandbox-whitelist
+ (lambda* (#:key inputs #:allow-other-keys)
+ (define (runpath-of lib)
+ (call-with-input-file lib
+ (compose elf-dynamic-info-runpath
+ elf-dynamic-info
+ parse-elf
+ get-bytevector-all)))
+ (define (runpaths-of-input label)
+ (let* ((dir (string-append (assoc-ref inputs label) "/lib"))
+ (libs (find-files dir "\\.so$")))
+ (append-map runpath-of libs)))
+ ;; Populate the sandbox read-path whitelist as needed by
ffmpeg.
+ (let* ((whitelist
+ (map (cut string-append <> "/")
+ (delete-duplicates
+ `(,(string-append (assoc-ref inputs
"shared-mime-info")
+ "/share/mime")
+ ,@(append-map runpaths-of-input
+ '("mesa" "ffmpeg"))))))
+ (whitelist-string (string-join whitelist ",")))
+ (with-output-to-file "whitelist.txt"
+ (lambda ()
+ (display whitelist-string))))))
+ (add-after 'install 'autoconfig
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((lib (in-vicinity #$output "lib/torbrowser"))
+ (config-file "tor-browser.cfg"))
+ (with-output-to-file (in-vicinity
+ lib "defaults/pref/autoconfig.js")
+ (lambda ()
+ (format #t "// first line must be a comment~%")
+ (format #t "pref(~s, ~s);~%"
+ "general.config.filename" config-file)
+ (format #t "pref(~s, ~a);~%"
+ "general.config.obscure_value" "0")))
+ (with-output-to-file (in-vicinity lib config-file)
+ (lambda ()
+ (format #t "// first line must be a comment~%")
+ ;; Locking prevents these values being written to
+ ;; prefs.js, avoiding Store path capture.
+ (format #t "lockPref(~s, ~s);~%"
+ "extensions.torlauncher.torrc-defaults_path"
+ (in-vicinity
+ lib "TorBrowser/Data/Tor/torrc-defaults"))
+ (format #t "lockPref(~s, ~s);~%"
+ "extensions.torlauncher.tor_path"
+ (search-input-file inputs "bin/tor"))
+ ;; Required for Guix packaged extensions
+ ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8
+ ;; Default is 5.
+ (format #t "pref(~s, ~a);~%"
+ "extensions.enabledScopes" "13")
+ (format #t "pref(~s, ~s);~%"
+ "security.sandbox.content.read_path_whitelist"
+ (call-with-input-file "whitelist.txt"
+ get-string-all))
+ ;; Add-ons pannel (see settings.js in Icecat source).
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.search.browseURL"
+ "https://gnuzilla.gnu.org/mozzarella";)
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.get.url"
+ "https://gnuzilla.gnu.org/mozzarella";)
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.link.url"
+ "https://gnuzilla.gnu.org/mozzarella";)
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.discovery.api_url"
+ "https://gnuzilla.gnu.org/mozzarella";)
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.langpacks.url"
+ "https://gnuzilla.gnu.org/mozzarella";)
+ (format #t "pref(~s, ~s);~%"
+ "lightweightThemes.getMoreURL"
+ "https://gnuzilla.gnu.org/mozzarella";))))))
+ (replace 'wrap-program
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((gtk #$(this-package-input "gtk+"))
+ (gtk-share (string-append gtk "/share"))
+ (fonts.conf (in-vicinity
+ #$output
+ "lib/torbrowser/fontconfig/fonts.conf"))
+ (ld-libs '#$(cons
+ (file-append
+ (this-package-input "libcanberra")
+ "/lib/gtk-3.0/modules")
+ (map
+ (lambda (label)
+ (file-append
+ (this-package-input label) "/lib"))
+ '("libpng-apng"
+ "libxscrnsaver"
+ "mesa"
+ "pciutils"
+ "mit-krb5"
+ "eudev"
+ "pulseaudio"
+ "libnotify")))))
+ (wrap-program
+ (in-vicinity #$output "lib/torbrowser/torbrowser")
+ `("XDG_DATA_DIRS" prefix (,gtk-share))
+ `("LD_LIBRARY_PATH" prefix ,ld-libs)
+ `("FONTCONFIG_FILE" prefix (,fonts.conf))))))
+ (replace 'install-desktop-entry
+ (lambda _
+ (let ((apps (in-vicinity #$output "share/applications")))
+ (mkdir-p apps)
+ (make-desktop-entry-file
+ (in-vicinity apps "torbrowser.desktop")
+ #:name "Tor Browser"
+ #:exec
+ (format #f "~a %u" (in-vicinity #$output "bin/torbrowser"))
+ #:comment
+ "Tor Browser is +1 for privacy and -1 for mass surveillance"
+ #:categories '("Network" "WebBrowser" "Security")
+ #:startup-w-m-class "Tor Browser"
+ #:icon "tor-browser"))))
+ (replace 'install-icons
+ (lambda* (#:key inputs #:allow-other-keys)
+ (for-each
+ (lambda (size)
+ (let ((oldpath (string-append
+ "browser/branding/tb-release/default"
+ size ".png"))
+ (newpath (string-append #$output
+ "/share/icons/hicolor/"
+ size "x" size "/apps")))
+ (mkdir-p newpath)
+ (copy-file oldpath
+ (in-vicinity newpath "tor-browser.png"))))
+ '("16" "22" "24" "32" "48" "64" "128" "256"))))))))
+ (inputs
+ (modify-inputs (package-inputs icecat-minimal)
+ (append bash-minimal
+ tor
+ torbrowser-assets)))
+ (propagated-inputs
+ (list noscript/icecat))
+ (home-page "https://www.torproject.org";)
+ (synopsis "Anonymous browser derived from Mozilla Firefox")
+ (description
+ "Tor Browser is the Tor Project version of Firefox browser. It is the
+only recommended way to anonymously browse the web that is supported by the
+project. It modifies Firefox in order to avoid many know application level
+attacks on the privacy of Tor users.")
+ (license license:mpl2.0))) ;And others, see
+ ;toolkit/content/license.html
base-commit: bb3ab24a296ffa5273b2e82a02ed057e90c095f3
--
2.41.0
- [bug#42380] [PATCH] gnu: Add torbrowser.,
Clément Lassieur <=
- [bug#42380] [PATCH] gnu: Add torbrowser., André Batista, 2023/12/14
- [bug#42380] [PATCH] gnu: Add torbrowser., André Batista, 2023/12/15
- [bug#42380] [PATCH] gnu: Add torbrowser., André Batista, 2023/12/15
- [bug#42380] [PATCH] gnu: Add torbrowser., Clément Lassieur, 2023/12/19
- [bug#42380] [WIP] gnu: Add torbrowser-unbundle., Clément Lassieur, 2023/12/21
- [bug#42380] [WIP] gnu: Add torbrowser-unbundle., André Batista, 2023/12/22
- [bug#42380] [WIP] gnu: Add torbrowser-unbundle., Clément Lassieur, 2023/12/25
- [bug#42380] [WIP] gnu: Add torbrowser-unbundle., André Batista, 2023/12/27
- bug#42380: [WIP] gnu: Add torbrowser-unbundle., Clément Lassieur, 2023/12/27
[bug#42380] [PATCH v2] gnu: Add torbrowser., Clément Lassieur, 2023/12/21