[WIP] gnu: Add torbrowser-unbundle.

  • Open
  • quality assurance status badge
Details
7 participants
  • Efraim Flashner
  • Leo Famulari
  • Ludovic Courtès
  • Maxime Devos
  • André Batista
  • Xinglu Chen
  • Raghav Gururajan
Owner
unassigned
Submitted by
André Batista
Severity
normal
A
A
André Batista wrote on 15 Jul 2020 23:15
(address . guix-patches@gnu.org)
20200715211547.GA17146@andel
Hello Guix!

The patch bellow adds a torbrowser-unbundle variable, but it needs a
bit of working before merging into master. I've inserted many
comments on the code regarding issues which need attention and
questions that remained. I've decided to send this early notice so I
can ask some questions and get criticism before I go too deep on the
wrong direction.

As the name implies it does not bundle tor and to use it, you need
to have a properly configured system instance. You also need to
configure a ControlPort and a HashedControlPassword if you want to
be able to get new identities while browsing and if you don't want
to keep seeing a warning on startup page. It will create/change
permissions on ${HOME}/Data and use the native Downloads dir. It does
not have bundled fonts, so you will be fingerprintable on levels
bellow safest. It does not have support for obfs4 bridges yet.

There is no startup script for now, you are advised to invoke it with
'--class "Tor Browser"'.

Now for the questions:
- Should it keep unbundled? If so, should we try to unbundle the
https-everywhere and noscript extensions?
- Is it acceptable to use to use the noscript .xpi, instead of
building? Upstream just grabs it from addons.mozilla. There does
not appear to be blobs and the GPL full text is inside it.
- Should we try change the app name at build time or is it enough to
adapt the name of the startup script (which is not the for now, but
is certainly needed)?
- Any other things that I've been blind to?

If you don't have time to review the code, but has processing
power available, build it with rounds=2 or try to cross compile
for i686 and comment back.

Thanks,
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl8PcgAFgwPCZwAACgkQ
YrJ+WmBEwoKG+Q//WNP/2bs87azCZfyCmRUPB5mgI5jq6QbTaj+MxBpVtb7laL1Y
D/7SadHs79qF63ZwQWzOFbOjDdMVX/h+ZVydoFjIcoK5Idiu3erjyTAFklnMInTE
eWY3buWfaPp0/isxlHfNBk7Xzum7mYSAUD4B/L+uCrSGrtTvy1PLHvdwB6SwSvao
WB9oKhs0WGQo6pgYXjtE9JhU8MB7HoJfYICYE6dFKUC5EoHGxQl1BOmOeZY7Y8oc
0zVdNJ7SeCD7xvvR6wNbiKAfEo3tp4Np+yp2HI6HGnTFhmIcUI9iDoDo4RzNzC8O
7t1noPh9r9s7f1FGdsI01UnBPO5pzEJ1m3RYNmSEhQpQ3ZYCC3b69hxObjNRIatM
lQFRpnZ6iH7ixKS6I4RCAtScyekmpVwr7R4K3j36kIFRct9vrUd/CP5/I4tvHTi9
JmZcyfko/MNMEeg0s+4mVrAftfGWrCCpV6p/uZhknZpSLbin7TFcnww6eMOrliQS
056s/yIq4uOSDVjDNVwJvqUKa63XXLijetpL6dSbOc5BLd7g004v55lQBz/NEfnG
6HK+vyZMQ5iaJpw+KbkpZ20ORrOFL/+3PLX1x8O2CV1UBiwmPFteyhvFBpuAHljf
fVoNDm20tom+CJpWD7sqkwZqyAPTPSjz0FdhRzdXRhO1sMcuUcIBd3QcpYw=
=kzRK
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 25 Jul 2020 16:49
Re: [bug#42380] [PATCH] gnu: Add torbrowser-unbundle.
(address . 42380@debbugs.gnu.org)
20200725144930.GA13751@andel
Hello Guix,

The patch bellow adds TorBrowser, Obfs4 and related libraries. No
more warnings, it should behave as expected. User files are
stored under '~/.local/share/torbrowser'.

Just two notes:
- some of the libraries do not have a named font and just claim
BDS-Style. I've written bsd-2 for those and left a note. I'm
no sure if there is need for a more appropriate description.
- https-everywhere does not show rules on the browser, but the
rules are there on the store path. There is no default address
for autoupdating rules.

And one important question: tor and obfs4 are inputs to torbrowser
which are symlinked in the install phase. Do they need to be
propagated so as to not be garbage collected?

Happy Hacking!
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl8cRncFgwPCZwAACgkQ
YrJ+WmBEwoKlKxAApUb+A/3pMUkIJfga9lIQOXWyQynDHL9UtYF0j4WkPADdUL9y
XcfF3nTT9pLMevsWu7BcL6tpnctPbd5DcOUUIzSxcxBiVP7L6bKF4f4rmrJsYm7/
RVYGbWofaJF1rMyafqWkIAYYCxoCayLy8eEnnY1Rav6Jpz/FGP98M5QpyQiRujG1
DEUaMhgSkxBSacC8Mcm/+1n25BLeAHUwoAV3DhD14Et9jmzG1ZarWTWGC9ZZiGvQ
2G9xzdfkn018HXRuZSSYoFmsdtoiM14s/naWm1xSNLiBIn0kwqzQEwFVvLUvA2we
0PZx2G04M7GdZ9cf5jWhikZ7HTOaBW1gu/muXgt1e5HVEJgYeFWbSOCSkf1eWWld
5s9VJTmnh4kQBf/ekjD31NMpUrHxrfRD8AD+L4IxadJNWnGYKTUXQg8AzIWsuyb6
2qnK3+0FmrVjTJtOizvtuzJ+aqpao9uG3Vu99UJadcv1V68A3l4yYSTly+hqzBjd
yNg1fHsZFucYdLPNKAru3ncaCICj/gr3jWG9/0wMiqHjKbGKj4bCQIv+LEy0sHgt
l0jXxOZdy/jI1DEtT4/NGF2EottF0c9DcgqQaNKXFdOu4phYpeGwZDPmjYQPoMKM
CSY5pQyWwXnve0MrcQtkQoKSynI3Le+h6iqK4gTtyHmH2LuohZtBzfRvHQw=
=W84x
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 3 Aug 2020 14:55
(address . 42380@debbugs.gnu.org)
20200803125556.GA18868@andel
Hello Guix,

This patch upgrades Tor Browser to version 9.5.3. I've also took this
opportunity to rework the code in order to improve readability, make
code review and maintainance easier and lower build time.

Main changes:
- No longer relies on computed-origin-method
- Private package definitions
- Chopped down install phase
- New phases
- More detailed go library package descriptions
- Reviewed license definitions

Cheers,
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl8oCVkFgwPCZwAACgkQ
YrJ+WmBEwoJPOA//WR7G44J1GWSuQtoSo7tB6LuMkwKJ+9LqsnAp3uY64j8KdX/L
6fVGCQPoy7lzdGhU8ZBJOaC+icYilu3/c10WG7xdputtgkWJCyM8kyQzXSimTc7j
bIO9UtgmzYZYuMv7ro9T+LzysevpkSkhupwKqzDVsp4QzQftUq4h4lk+LzITc4KE
blcjJyog8M3rteCV4JR3Pgs1pdMp9NVkzPFprwQXGtvyxTmlEUVXxcZS24OCYzRk
A+NQASaJO44bsmC299QvLuaCaki0BuhV/i/HTupLCwbeimz+4yvtBImaT53Vkqb9
Bu92IqYKFROpz03xCPCnyySbDR3n+ZloXQyamGwpdfjxPPV8+xlYoAhv2y16d4bM
308/IzBXrTk5+tfhR7Guk28g4hTYb23WtmqqqFf6Tebxj4MTvb7aXbWlNxWPp887
S4e1mkxfGVnnUBBE5wKDjygs1vA+Vs8xXxeQcA/JHTkH8KcVAoGgp6jRJyg7rKxI
3TaPodRFZFrou+whLtIskCg0Ndlfowx0qsRi8nkKCs03uOaWlsHrSMY1m7vCejrK
VnK3r7Pp2HDuTV7pl56TsA1XNS3pUreGMq7hMAxTA8hktVM6IvK898rgb8ZriCMl
qcYp4k8SdtYd8o5VE4LkD2VSl1AUcwALMvBNKdVhcaCaH+mwtppFzfYYbEQ=
=FjJZ
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 7 Sep 2020 16:13
(name . André Batista)(address . nandre@riseup.net)(address . 42380@debbugs.gnu.org)
87blihhdz6.fsf@gnu.org
Hello,

André Batista <nandre@riseup.net> skribis:

Toggle quote (12 lines)
> This patch upgrades Tor Browser to version 9.5.3. I've also took this
> opportunity to rework the code in order to improve readability, make
> code review and maintainance easier and lower build time.
>
> Main changes:
> - No longer relies on computed-origin-method
> - Private package definitions
> - Chopped down install phase
> - New phases
> - More detailed go library package descriptions
> - Reviewed license definitions

Woow, thanks for working on this! The end result is functional, right?
Any important missing items?

Toggle quote (15 lines)
> From 2075c6a93a6b1918305323b369318425e05fc4f5 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
> Date: Mon, 3 Aug 2020 09:29:55 -0300
> Subject: [PATCH] gnu: Add torbrowser-unbundle
> To: guix-patches@gnu.org
>
> * gnu/packages/tor.scm (obfs4, torbrowser-unbundle): New variables.
> * gnu/packages/golang.scm (go-torproject-org-ptlib,
> go-github-com-agl-ed25519, go-github-com-dchest-siphash,
> go-github-com-dchest-uniuri, go-github-com-dsnet-compress,
> go-schwanenlied-me-yawning-bsaes, go-gitlab-com-yawning-utls): New variables.
> * gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch: New file.
> * gnu/packages/patches/torbrowser-start-tor-browser.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Adjust accordingly.

For the final submission, we’d need one patch per new package, as is
customary. That will have the advantage of allowing review to proceed
one bit at a time. :-)

Regarding Tor Browser itself, can you think of ways to factorize code
with IceCat?

Thanks,
Ludo’.
A
A
André Batista wrote on 9 Sep 2020 04:24
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 42380@debbugs.gnu.org)
20200909022429.GA24930@andel
Hello,

seg 07 set 2020 às 16:13:17 (1599505997), ludo@gnu.org enviou:
Toggle quote (5 lines)
> Hello,
>
> Woow, thanks for working on this! The end result is functional, right?
> Any important missing items?

Just a small token of my appreciation for your years of work on
guix. I'm glad to be able to give something back to this community.

I've been using this package for the last month or so and did not
hit any bugs so, though I'm not a heavy web user, I think it's fair
to say the result is functional.

On the down side, the https-everywhere extension is broken as is
since it's missing lib-wasm. I've built but did not send here a
version which just copies lib-wasm to its proper place before
building the extension and this version works without further
issues.

The reason I did not send it to this list is that lib-wasm source
provides a precompiled prepackaged file[1] which is then used on
https-everywhere build script and it's source code is not actualy
compiled[2]. As I understand it, the Tor Project just relies on
this precompiled binary on its build procedure and the same seems
to be true for IceCat[3][4].

In order to have everything compiled from source, I've had to
define a lot of rust libs which were required for building
wasm-pack and then to have a rustc with wasm32-unknown-unknown
target enabled and compatible with wasm-pack (apparently newer
versions changed compiler strings and wasm-pack errors out when
trying to parse). For over two weeks I've been trying without
success and always thinking that the next build would succeed.

Long story short, maybe there's just one more issue pending when
compiling lib-wasm. When wasm-pack is invoked, everything
compiles but I'm getting the following error:

note: lld: error: /gnu/store/kwdsf42z7ib6fr5vggqi9nc4jpi1znxy-rust-1.38.0/lib/rustlib/wasm32-unknown-unknown/lib/libstd-373ca16e620a2f9a.rlib: archive has no index; run ranlib to add one

for a few rust libs. Without lld, it complains about a missing
rust-lld binary. Also, this appears to be the rust standard
nowadays[5].

If I'm not terribly wrong, this issue[6] seems to suggest an
approach for emscripten which could solve this issue without
removing the 'strip' phase which was the work around suggested
by some on the same thread.

Another issue that is pending is that libwasm depends on rust
multi-default-trait-impl crate. This crate defines lgpl2.1+ on
its Cargo.toml file, but the sources does not contain neither a
copy of the license. So I'm unsure if this is enough to make it
free software. So I'm planning on sending some mails to both the
maintainer and FSF to see if this needs improvement.

Toggle quote (4 lines)
> For the final submission, we’d need one patch per new package, as is
> customary. That will have the advantage of allowing review to proceed
> one bit at a time. :-)

For sure. I'll give it a few more tries and cleanup the mess
here before sending this patch series. If I don't succeed, I'm
planning on sending it anyway so at least the libs can be
added and maybe someone can spot what I'm missing. But maybe
it's wise to hold Tor Browser itself since there has been an
announcement of some large percentage of exit relays messing
with Tor traffic[7].

Toggle quote (3 lines)
> Regarding Tor Browser itself, can you think of ways to factorize code
> with IceCat?

L
L
Ludovic Courtès wrote on 9 Sep 2020 09:20
(name . André Batista)(address . nandre@riseup.net)
878sdjo1qv.fsf@gnu.org
Hi André,

André Batista <nandre@riseup.net> skribis:

Toggle quote (3 lines)
> Just a small token of my appreciation for your years of work on
> guix. I'm glad to be able to give something back to this community.

Thank you.

Toggle quote (17 lines)
> I've been using this package for the last month or so and did not
> hit any bugs so, though I'm not a heavy web user, I think it's fair
> to say the result is functional.
>
> On the down side, the https-everywhere extension is broken as is
> since it's missing lib-wasm. I've built but did not send here a
> version which just copies lib-wasm to its proper place before
> building the extension and this version works without further
> issues.
>
> The reason I did not send it to this list is that lib-wasm source
> provides a precompiled prepackaged file[1] which is then used on
> https-everywhere build script and it's source code is not actualy
> compiled[2]. As I understand it, the Tor Project just relies on
> this precompiled binary on its build procedure and the same seems
> to be true for IceCat[3][4].

Oh, glad that you were able to identify that issue, which presumably had
been overlooked so far.

Toggle quote (18 lines)
> In order to have everything compiled from source, I've had to
> define a lot of rust libs which were required for building
> wasm-pack and then to have a rustc with wasm32-unknown-unknown
> target enabled and compatible with wasm-pack (apparently newer
> versions changed compiler strings and wasm-pack errors out when
> trying to parse). For over two weeks I've been trying without
> success and always thinking that the next build would succeed.
>
> Long story short, maybe there's just one more issue pending when
> compiling lib-wasm. When wasm-pack is invoked, everything
> compiles but I'm getting the following error:
>
> note: lld: error: /gnu/store/kwdsf42z7ib6fr5vggqi9nc4jpi1znxy-rust-1.38.0/lib/rustlib/wasm32-unknown-unknown/lib/libstd-373ca16e620a2f9a.rlib: archive has no index; run ranlib to add one
>
> for a few rust libs. Without lld, it complains about a missing
> rust-lld binary. Also, this appears to be the rust standard
> nowadays[5].

Ah. I’m Cc’ing Efraim, who’s been very much into Rust packaging for
some time; does that ring a bell, Efraim?

Toggle quote (12 lines)
> If I'm not terribly wrong, this issue[6] seems to suggest an
> approach for emscripten which could solve this issue without
> removing the 'strip' phase which was the work around suggested
> by some on the same thread.
>
> Another issue that is pending is that libwasm depends on rust
> multi-default-trait-impl crate. This crate defines lgpl2.1+ on
> its Cargo.toml file, but the sources does not contain neither a
> copy of the license. So I'm unsure if this is enough to make it
> free software. So I'm planning on sending some mails to both the
> maintainer and FSF to see if this needs improvement.

Great.

Toggle quote (12 lines)
>> For the final submission, we’d need one patch per new package, as is
>> customary. That will have the advantage of allowing review to proceed
>> one bit at a time. :-)
>
> For sure. I'll give it a few more tries and cleanup the mess
> here before sending this patch series. If I don't succeed, I'm
> planning on sending it anyway so at least the libs can be
> added and maybe someone can spot what I'm missing. But maybe
> it's wise to hold Tor Browser itself since there has been an
> announcement of some large percentage of exit relays messing
> with Tor traffic[7].

I don’t think Guix users will radically increase traffic over Tor, so I
think we can keep going. :-)

Toggle quote (9 lines)
>> Regarding Tor Browser itself, can you think of ways to factorize code
>> with IceCat?
>
> Other than sharing the https-everywhere definition, I was
> thinking maybe we could take a diff of Tor Browser and Firefox
> and avoid downloading firefox source twice when building both
> browsers. But I need to take a more careful look. I'll give
> this question some thought.

OK. I was expecting at least things like some of the build phases and
most/all of the inputs to be the same, but I haven’t checked.

Thanks again for all the work!

Ludo’.
E
E
Efraim Flashner wrote on 9 Sep 2020 12:59
(name . Ludovic Courtès)(address . ludo@gnu.org)
20200909105944.GQ1643@E5400
On Wed, Sep 09, 2020 at 09:20:08AM +0200, Ludovic Courtès wrote:
Toggle quote (51 lines)
> Hi André,
>
> André Batista <nandre@riseup.net> skribis:
>
> > Just a small token of my appreciation for your years of work on
> > guix. I'm glad to be able to give something back to this community.
>
> Thank you.
>
> > I've been using this package for the last month or so and did not
> > hit any bugs so, though I'm not a heavy web user, I think it's fair
> > to say the result is functional.
> >
> > On the down side, the https-everywhere extension is broken as is
> > since it's missing lib-wasm. I've built but did not send here a
> > version which just copies lib-wasm to its proper place before
> > building the extension and this version works without further
> > issues.
> >
> > The reason I did not send it to this list is that lib-wasm source
> > provides a precompiled prepackaged file[1] which is then used on
> > https-everywhere build script and it's source code is not actualy
> > compiled[2]. As I understand it, the Tor Project just relies on
> > this precompiled binary on its build procedure and the same seems
> > to be true for IceCat[3][4].
>
> Oh, glad that you were able to identify that issue, which presumably had
> been overlooked so far.
>
> > In order to have everything compiled from source, I've had to
> > define a lot of rust libs which were required for building
> > wasm-pack and then to have a rustc with wasm32-unknown-unknown
> > target enabled and compatible with wasm-pack (apparently newer
> > versions changed compiler strings and wasm-pack errors out when
> > trying to parse). For over two weeks I've been trying without
> > success and always thinking that the next build would succeed.
> >
> > Long story short, maybe there's just one more issue pending when
> > compiling lib-wasm. When wasm-pack is invoked, everything
> > compiles but I'm getting the following error:
> >
> > note: lld: error: /gnu/store/kwdsf42z7ib6fr5vggqi9nc4jpi1znxy-rust-1.38.0/lib/rustlib/wasm32-unknown-unknown/lib/libstd-373ca16e620a2f9a.rlib: archive has no index; run ranlib to add one
> >
> > for a few rust libs. Without lld, it complains about a missing
> > rust-lld binary. Also, this appears to be the rust standard
> > nowadays[5].
>
> Ah. I’m Cc’ing Efraim, who’s been very much into Rust packaging for
> some time; does that ring a bell, Efraim?
>

It's not something that I've come across before. My first guess would be
to check the linking flags against the ones icecat/firefox uses and see
if anything changed. Or if it needs a different version of rust.

Toggle quote (45 lines)
> > If I'm not terribly wrong, this issue[6] seems to suggest an
> > approach for emscripten which could solve this issue without
> > removing the 'strip' phase which was the work around suggested
> > by some on the same thread.
> >
> > Another issue that is pending is that libwasm depends on rust
> > multi-default-trait-impl crate. This crate defines lgpl2.1+ on
> > its Cargo.toml file, but the sources does not contain neither a
> > copy of the license. So I'm unsure if this is enough to make it
> > free software. So I'm planning on sending some mails to both the
> > maintainer and FSF to see if this needs improvement.
>
> Great.
>
> >> For the final submission, we’d need one patch per new package, as is
> >> customary. That will have the advantage of allowing review to proceed
> >> one bit at a time. :-)
> >
> > For sure. I'll give it a few more tries and cleanup the mess
> > here before sending this patch series. If I don't succeed, I'm
> > planning on sending it anyway so at least the libs can be
> > added and maybe someone can spot what I'm missing. But maybe
> > it's wise to hold Tor Browser itself since there has been an
> > announcement of some large percentage of exit relays messing
> > with Tor traffic[7].
>
> I don’t think Guix users will radically increase traffic over Tor, so I
> think we can keep going. :-)
>
> >> Regarding Tor Browser itself, can you think of ways to factorize code
> >> with IceCat?
> >
> > Other than sharing the https-everywhere definition, I was
> > thinking maybe we could take a diff of Tor Browser and Firefox
> > and avoid downloading firefox source twice when building both
> > browsers. But I need to take a more careful look. I'll give
> > this question some thought.
>
> OK. I was expecting at least things like some of the build phases and
> most/all of the inputs to be the same, but I haven’t checked.
>
> Thanks again for all the work!
>
> Ludo’.

--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl9YtZ0ACgkQQarn3Mo9
g1G3TA/+MJXs7F3y2i5+YOi5WuWsCcpyRm1adlAYlexTjvEFm7zC5JkghHjSx8aN
6Sl6hV7K1KlV2qxT7veVsm0/+AC9XYMYqCtNpD3qbOX3H+0mo7qquZJAk9OS8axo
BRgzH3AZZB3siOX/UNaJQzh/FF7MiTSMTrkhU+4lzPlGlpYiN3dcEbmUJuuNrdTp
Nx7c4TStSyh8QU2OY9nA37LY2KbPgs1Wy3QmCApGNS/rI5wZ7SlnQW6OA3ASSqaj
jFDU1M3vSj7WQ+GtwhRIb5MEKRzfKj3szTqgBVG45c0yZZxKzc1kPZyOxX4z0nlH
xwjtJgJWfTpC+/Ubz0KHJX5R8QsCUfLgu0u1XF/MzN24XnfwN3fOxVFg8IYysS93
j3GFxgSOsj9jFf1GmJ94CsvpdRLrw4M0NId/vuNhUhMjch/YRmq826LpXNMdJ664
OLr1tgRrfAfGcaAooA46A1U+gQoSWcRKn8/Rb4MTzbfsWtrkwWabLDR61iFpWzhR
JBz2gdV+VgifpsGFkkFfotLM0ivs4kTDzkMslPufVGnXNF7fJtmaJs3dYysgSH1A
rYR1kxh8bzujLm+qznLwWF+uEpTphDZ0aNrZDRz5n1gXPxzsF4lS6Gb3SfU1ydFF
zqavljCCAH50Z3pS6yNBwYoR9zQPiAEHpEjMgY00VKGfwWhx4yg=
=om71
-----END PGP SIGNATURE-----


R
R
Raghav Gururajan wrote on 12 Sep 2020 15:35
Wow!
(address . 42380@debbugs.gnu.org)
ecc4d8c1-92c7-7a81-9c92-2d87f001ddfc@disroot.org
Hello Guix!

Thank you all for the hard work. This is a high-time package.

Any idea on when it can be merged to master?, at-least a minimally
viable package?

Regards,
RG.
Attachment: signature.asc
A
A
André Batista wrote on 15 Sep 2020 16:21
Re: [bug#42380] [PATCH 0/9] gnu: Add torbrowser-unbundle.
(name . Ludovic Courtès)(address . ludo@gnu.org)
20200915142128.GA12025@andel
Hi Ludo,

qua 09 set 2020 às 09:20:08 (1599654008), ludo@gnu.org enviou:
Toggle quote (15 lines)
> Hi André,
>
> André Batista <nandre@riseup.net> skribis:
>
> > For sure. I'll give it a few more tries and cleanup the mess
> > here before sending this patch series. If I don't succeed, I'm
> > planning on sending it anyway so at least the libs can be
> > added and maybe someone can spot what I'm missing. But maybe
> > it's wise to hold Tor Browser itself since there has been an
> > announcement of some large percentage of exit relays messing
> > with Tor traffic[7].
>
> I don’t think Guix users will radically increase traffic over Tor, so I
> think we can keep going. :-)

Just to be sure: it's not so much about Guix users increasing the load
on Tor Network as of Guix users not having the benefits of this
extension and being prey to sslstriping.

Since you're giving a green light and I've encountered further
deterrence down the trail, I'll be sending this patch series which
also updates Tor Browser to the latest version. I've left comments
on code where I see room for improvement, in case someones wants to
help. For now, I'm trying to solve this issue and I think I'll
start a new thread for tracking it in order to avoid clutter here
as https-everywhere requires a good many new rust libs.

Toggle quote (12 lines)
> >> Regarding Tor Browser itself, can you think of ways to factorize code
> >> with IceCat?
> >
> > Other than sharing the https-everywhere definition, I was
> > thinking maybe we could take a diff of Tor Browser and Firefox
> > and avoid downloading firefox source twice when building both
> > browsers. But I need to take a more careful look. I'll give
> > this question some thought.
>
> OK. I was expecting at least things like some of the build phases and
> most/all of the inputs to be the same, but I haven’t checked.

Indeed they both share many inputs and phases. I've actually started
this definition from the IceCat one. I'll think on how to merge
them back. Probably some inheritance is in need.

Toggle quote (2 lines)
> Thanks again for all the work!

:)

---

This patch series adds Tor Browser version 9.5.4 to Guix.
Unsurprisignly, building it with '--rounds=2' seems to imply that
it is deterministic.
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9gzeUFgwPCZwAACgkQ
YrJ+WmBEwoJQNxAAm4HsW2cN4Kt4XjM6WT1erGkwIMpegxHpPCFnIXL7RqFtXj2S
DatADHACcO8sAv8oZCHX34OspezA+jlR8Snlw5RrEIOK2OVZtIHTyQilAmmw2maq
qtTKtElF6eccLLj+Vlt/T/3rzNU4dlgPNBpTykDAvt7bgxfoLkxrZh1lici2zyp+
7H2RsTA8NFMdrAZALwau65gbngGV4YqWUcuPR+xEcMooLXU2WAqJDxvP+wtiwN+K
4m/qACY0hzaqfh8rQdSCCQ/LTmU21rjbjMBFen8d4ogoKKWRjP3jIjs9nfS/RkRz
EDpv1NUql58RQkyhMrC8IOg9pCgtmjgthTwVj2dAibrb2xZDJVDPCkNCqXwssLoO
nzahqCQpB1UBQO77vFYpDkvol9mKSQImD/OgmjrARGbS4c/lQqCRXFBbiyQ3AFty
pLkMzBEGWmBqMdMGRBmHxrNnCT6l1PDCRLGt0HrsKA1PbQDqJ+Xku/ZEURVrj/R7
8/Wfr7bgAlEOb2f4/3JvaGgvAm8o5Jdors0qV/m/7V2UgGiYq1ZmpoW34ZOWRQNF
gK0S+3gL49qSc4qpTpd00/hBAbuPXqdfhEAgO4ZU4hdZ6x54D+1eXBOdDRgzo16r
8xWiKT1pDJp7D0pb1iAY+2f81EcvSbXirSU4pYHA0wBgZlWYKagb4dY6y4c=
=yek4
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:01
Re: [bug#42380] [PATCH 1/9] gnu: Add go-torproject-org-ptlib
(address . 42380@debbugs.gnu.org)
20200915150114.GA13296@andel
From f92795d45035e0423c69a5f6264e35f466840778 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:03:28 -0300
Subject: [PATCH] gnu: Add go-torproject-org-ptlib.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-torproject-org-ptlib): New variable.
---
gnu/packages/golang.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)

Toggle diff (34 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 8723592b51..0bcb01fd2f 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5656,3 +5656,27 @@ Included are the following:
except that it adds convenience functions that use the fmt package to format
error messages.")
(license license:bsd-3)))
+
+(define-public go-torproject-org-ptlib
+ (package
+ (name "go-torproject-org-ptlib")
+ (version "1.1.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/pluggable-transports/goptlib.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1lh938194hvkf8pqgnxwf6hvjv9rv0j3kasi07r2ckrj8sxzk4jc"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "git.torproject.org/pluggable-transports/goptlib.git"))
+ (home-page "https://git.torproject.org/pluggable-transports/goptlib.git")
+ (synopsis "Go library for Tor Pluggable Transports")
+ (description "Library for writing Tor Pluggable Transports in Go. Pluggable
+Transports are a means of connecting to the Tor Network from places where it
+is censored.")
+ (license license:cc0)))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g1yoFgwPCZwAACgkQ
YrJ+WmBEwoJLgw//UpgdAgtcx9zZgf6Da2/oRwIimWEAJxWtD0VY9gb7Q8HZGcu1
3uZvxr2JB9VTwE4pNmUyrWsyT+o9HuKShFbWZRorab0k8puOkmsKUKRoqdz9VPmn
1uF/LNUXRlIs4+rAAqWLeN7408UW+13JuLpl9yj5CaIFXqqATzoEm8SVQ9IbFhHd
HEanggiW+/82LKK+tnVgq4bGC/4HBlpjTfTmC+IjVuKMV+wACUggfYX/yD9eE7hK
hzKxhe+WRfjUrmCebJcmhC8yPtHW6HZfuF2rxMa7zqi867nKKc5BdfYCo6KXfMGD
KZlgcSW7oYLuB/FHRehCk+vTyPOIsXkIj1Vg8v5ozCxEx4q01WL9DYosNbrGrtXJ
n1BCsJZAt7DyApmbJr0Z7jr5Qu+NAt+FH3LpG6g+53q/E91U9qs/10qlxWHFIiHE
1UELtNZ8iTvti5Mz8tdvt7pn8aGc0EWt4aD3ZK2FNVXJP/ykmtXnA2sMcFL/8Ow/
M8LNJLhkrMHJGMIBL4WhL1PBfZtodzFgiEvjmz7RWdRw7alwIT4a9KgTwUKHIYHK
vSmID+RGCZtCmQVGyi+3VyKumAvhX+9P+8CY1vheMYXQV3Hb0JWXFuCGsyg9dW/o
YjvuD0nO48j3iCy2HdIyFMHNlndxTjgskerDQpxqI6+n4LdXlxxzF9n6veI=
=/UY9
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:04
Re: [bug#42380] [PATCH 2/9] gnu: Add go-github-com-agl-ed25519
(address . 42380@debbugs.gnu.org)
20200915150421.GB13296@andel
From a9a38cf97812f18e1f39b9009d040f16af501efe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:15:31 -0300
Subject: [PATCH] gnu: Add go-github-com-agl-ed25519.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-agl-ed25519): New variable.
---
gnu/packages/golang.scm | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)

Toggle diff (48 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 0bcb01fd2f..8eab872814 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5680,3 +5680,41 @@ error messages.")
Transports are a means of connecting to the Tor Network from places where it
is censored.")
(license license:cc0)))
+
+(define-public go-github-com-agl-ed25519
+ (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")
+ (revision "0"))
+ (package
+ (name "go-github-com-agl-ed25519")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/agl/ed25519")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/agl/ed25519"
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'reset-gzip-timestamps 'make-files-writable
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (for-each (lambda (file) (chmod file #o644))
+ (find-files out "\\.gz"))
+ #t))))))
+ (home-page "https://github.com/agl/ed25519")
+ (synopsis "Go library for ed25519 public-key signatures")
+ (description "This library is a Go implementation of ed25519 public-key
+signature system which was designed to be faster than previous digital signature
+systems without sacrificing security. It is currently used in the
+implementation of obfs4 and should be not be used on newer projects since it
+is unmaintained. Newer software should use x-crypto instead.")
+ ;; License file is referred but it is missing. Probably because the
+ ;; author decided to discontinue the project.
+ (license (license:non-copyleft "file://ed25519.go")))))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g1/UFgwPCZwAACgkQ
YrJ+WmBEwoJ6SBAApmWNIpeSmO7S62UaBpDG+UIsgGMFIjQ48BEmb/1fjkNMMobw
ZK+nMIWOeWYMXerIY0vbhIStzErhu4QyrDaTemP19SKsOefaKdBA5zBQ/0H75Bce
1MqncokLB2byZTv7gpBKG0uN66tVJ1WRF9TVBneJK+GL4SXonSEYhv2IPbqx1Q7u
7Pym+pCD4oQFq78hIAfH8XDerlaYsFau69ivEWx77J12pa9NP0IDoDai44Xg/7vY
Ajc/+cF9G7QciTlWf0d8SYrj9NVHsBTxibd751yIlfrhc14hArdzCdlVx0u6Xe4Z
EhGIQYOXhlz4W4YWszicc7XNsUJgCk/FCcWPEOHSspfQCNxKv7j3O5xwYUOUjH6w
9W5qMwgxSYJXkF9ChIavMslhfZieIPLH6OFfIJEp9PLcnbPCoffko6Om7nqwwJwV
7KOgb8xGmITE0Up2ncrd4WlWAqeSvutLQ6mXb4rivEtCdopYiQIUh5hjnTwAOOJ9
egehbFVCn0Dk5zCqmn2z6zdnuakfDd93tYTRiiybTyV8dGWTb7cPYiH8e50zldHb
scxa+Vrj8G/Ol3iHCOdfu9rbf2zbcKoQiJga6HGHCc1vg3kbLxk6Vof2v0ZAW5ir
4ep8EZuHe6ogHaSEkT5IEwF7I232vyhgfeW/J678YVxti03QvaKSdMWSdOA=
=Zyh/
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:06
Re: [bug#42380] [PATCH 0/9] gnu: Add go-github-com-dchest-siphash.
(address . 42380@debbugs.gnu.org)
20200915150607.GC13296@andel
From b1d59160bf4c444784f68b5b35d20c48cb1eb601 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:18:41 -0300
Subject: [PATCH] gnu: Add go-github-com-dchest-siphash.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-dchest-siphash): New variable.
---
gnu/packages/golang.scm | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)

Toggle diff (37 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 8eab872814..471ed31965 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5718,3 +5718,30 @@ is unmaintained. Newer software should use x-crypto instead.")
;; License file is referred but it is missing. Probably because the
;; author decided to discontinue the project.
(license (license:non-copyleft "file://ed25519.go")))))
+
+(define-public go-github-com-dchest-siphash
+ (let ((commit "34f201214d993633bb24f418ba11736ab8b55aa7")
+ (revision "0"))
+ (package
+ (name "go-github-com-dchest-siphash")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dchest/siphash")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "08s076y7vmjqnq7jz0762hkm896r6r31v8b31a3gy0n8rfa01k8k"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dchest/siphash"))
+ (home-page "https://github.com/dchest/siphash")
+ (synopsis "Go library for siphash")
+ (description "Go implementation of SipHash-2-4, a fast short-input
+Pseudo Random Function which is suitable for usage in message authentication
+codes and was based on the design created by Jean-Philippe Aumasson and Daniel
+J. Bernstein. ")
+ (license license:cc0))))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2F4FgwPCZwAACgkQ
YrJ+WmBEwoLEHQ//eim1QrKY4aNxskV89L25DRzFz5eDMQSlP3NQJCo7UxpN8fbx
6J6Sjus1WKIZlNDkuAXqMlgP0+H0ZHaUK9NQNITPGuwppgtnhnChQXgyu8bbtQjq
fWRvRweZdhciQG2XcLGHQhLN0RF/V4samaJx9sS8w1hZ77LB4S4R+Fq2wJr49qDI
SBNrS7RYqtROgYEoYEiTiz4MJMahPQFJtNkvqzo2TsZ3AZNDdCeMeUnF36tl/2yg
szGv926oNHgUlVL4HDwNn/ZgOao6iAzKr5BZkqXLSbDvINK+5EpW/pDyXce54+Dq
JCEMUXLOSAwB8kpvpDoo37O5coRONmsW1qDJZNhqgj+SHRzflfwhXlk857skDXIb
Mri+rLXj0U0ihteGxQIneW9s9aZo/oPz4AKVJupjaGOc19FPVirrA5a+BnAhtfL3
Zu3770xU5NWRxqbvcQV7sJnrWDe+mdbe1fvFVIkoUTC9sJLwOw3+5lHPjePGP5KY
2pQY+TliCNUkwzLvMRyzXlAnH3HKNEDC2o92eF9NYwr9tuHsNLzYITANQnPFItN2
1ZVUJYZ8xD40HsQPDPSBKNkhKitpQnBiiff+ruwq1WmqzFOL6NQXWwwbwDOp2Svz
OuLLbvkPlguQR2IphQ30EK3o5BlPIAT++MwZP0BsYbQQ8vntDglayG9dFzA=
=g79z
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:08
Re: [bug#42380] [PATCH 4/9] gnu: Add go-github-com-dchest-uniuri
(address . 42380@debbugs.gnu.org)
20200915150832.GD13296@andel
From 46b0c175ce9c440c469c4456960adab9503c2bfa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:27:56 -0300
Subject: [PATCH] gnu: Add go-github-com-dchest-uniuri.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-dchest-uniuri): New variable.
---
gnu/packages/golang.scm | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)

Toggle diff (35 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 471ed31965..da9a531665 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5745,3 +5745,28 @@ Pseudo Random Function which is suitable for usage in message authentication
codes and was based on the design created by Jean-Philippe Aumasson and Daniel
J. Bernstein. ")
(license license:cc0))))
+
+(define-public go-github-com-dchest-uniuri
+ (let ((commit "8902c56451e9b58ff940bbe5fec35d5f9c04584a")
+ (revision "0"))
+ (package
+ (name "go-github-com-dchest-uniuri")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dchest/uniuri")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "1x5bsbm1nlphsv96zd0rbclfaa1swpz5bp14x7s5dbxp0awk2gd4"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dchest/uniuri"))
+ (home-page "https://github.com/dchest/uniuri")
+ (synopsis "Go library for random URIs")
+ (description "Package uniuri generates random strings good for use in
+Universal Resource Identifiers to uniquely identify objects.")
+ (license license:cc0))))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2O8FgwPCZwAACgkQ
YrJ+WmBEwoJEIg//YOP5rAeag2yGs8Iv6twzYrbkjTs8WKP7KZz0KT2IQP6FTlr4
v58AlDG96Y30pUaB6rsyhqZxEgpI4MSRYB1Ldk/YHMlnqz1PIegDZ/DqDuUxzFhe
tL3XwcgiIssnCboVmflDV0NS+3ezTfeH167jYu0ARN0iN3Qa5jgFCVPh6Y+fX1i6
BR+85bmZpECy/hZH67vR9VSBKZTkyrCOahCj/TyBFIOVs5OLJRbhLhYsnIXYeG/s
G76K5z0W0e9yjf5S3QOy4xgHhfxZHh2TE7I1coIGvu+kP6Ji15VCtp7XBHf5TKqU
tOj2i4oXjIEux4Ioic9rllgADTyqXURG7uk9XrqEBKIMbjOvoLyrjsUsaxKC71AW
6ZNPczqBz91DeiYrk2ass+xZh/utq9jtQTND0BhixBfwv7ztutviPLXiqQl8QDZi
gbjp1GDZWOUpb7Aq/9o9H0oLjvPgOW0dyH4EJja1mM5m4hrBD/VngJUI1eUU1vJY
kWPoCHXKPCYw8JMNEd9VboMa7XercTMrtt0ame6Yv6HWVLXVP5WOzVxKpSXsV3td
tt2lWQEyv5H+QukRmyE+PNJaC22vQvpNrQTSeL6YXttG6/XbL5wQH9T1S89Vlzue
HXoi+MA0ejHhOJR9NaRXNyqUv95pEuXvn0MPPx8taIZJdTjd7iShdo/FDjo=
=Fh5j
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:10
Re: [bug#42380] [PATCH 5/9] gnu: Add go-github-com-dsnet-compress
(address . 42380@debbugs.gnu.org)
20200915151036.GE13296@andel
From e539f026c99a4983713a60928b2be10d70dd3a91 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:31:36 -0300
Subject: [PATCH] gnu: Add go-github-com-dsnet-compress.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-dsnet-compress): New variable.
---
gnu/packages/golang.scm | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)

Toggle diff (36 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index da9a531665..06c9faa286 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5770,3 +5770,29 @@ J. Bernstein. ")
(description "Package uniuri generates random strings good for use in
Universal Resource Identifiers to uniquely identify objects.")
(license license:cc0))))
+
+(define-public go-github-com-dsnet-compress
+ (let ((commit "cc9eb1d7ad760af14e8f918698f745e80377af4f")
+ (revision "0"))
+ (package
+ (name "go-github-com-dsnet-compress")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dsnet/compress")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "159liclywmyb6zx88ga5gn42hfl4cpk1660zss87fkx31hdq9fgx"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dsnet/compress"))
+ (home-page "https://github.com/dsnet/compress")
+ (synopsis "Go library for extended compression")
+ (description "This is a collection of compression related libraries.
+The goal of this project is to provide pure Go implementations for popular
+compression algorithms bey ond what the Go standard library provides.")
+ (license (license:non-copyleft "file://LICENSE.md")))))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2WsFgwPCZwAACgkQ
YrJ+WmBEwoIoHg/+IcEBtjdaIrX9zGHF82rUHYMS3iYx0gm/+LnJJT1KyhPy13gl
ur8HvufPUHT+Bdp9dhmOQRxR7spGzMlwuKeXy9BWOAMYbSkEauBvorDihRZ5NIXV
oGQ1I+FPx0tZTDdkX4LS0V9FfQBdRtG7HnOFUWG04WMPuGrkxygTvjHYFC49+IWS
lvxmSnmUWKMzSbz4slm57WN7nT7qWLG/HoKlG4MiSDE71CKjNohRF8Ga2mG+bXmY
MGmqmuUocnM2k10je3jeNBi3Sc5uDN/wOV2CcQm9hvxHenSjl2qeV7gSJPZihgB3
1wo25rbrC/8Ay8s/685AEWvZyX5BOtzGKV105zxHBq1aTh6QQJGTg2CGYwHW1Ils
gHirARjDYTO38fy4IuEQsEAYtBVYyy3o/7k6g+ZPDM1Sx5t0MXippuBM10Htod7l
Oy1Xe+YFi2tONFTQn36Da4PV2EVA95/AzgbWZ2eimQyCYG08vQxjF1/dnkGwUPmB
CDLy+t6c5ey4jlrDOMwxmWqeOhnpQh2Gyy8kPqGYK70UcZJ7nlbtYUFwyI+ZyXN4
MPaEpptdMyuJjpMADm+Lupa9myMy/R5OHE4TIZD0Svecu6ufJvaxp5mvsqCWHmhw
74DN/UwfyxinzIiR0jqDW5y+FEtPgrfttym8EHtmOX08ccttUWJ0Bg09+TI=
=STG9
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:12
Re: [bug#42380] [PATCH 6/9] gnu: Add go-schwanenlied-me-yawning-bsaes
(address . 42380@debbugs.gnu.org)
20200915151216.GF13296@andel
From e88f0e94b84bd51ddf742577d60a5bcb19eff72b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:33:55 -0300
Subject: [PATCH] gnu: Add go-schwanenlied-me-yawning-bsaes.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-schwanenlied-me-yawning-bsaes): New variable.
---
gnu/packages/golang.scm | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)

Toggle diff (39 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 06c9faa286..7c68f36c2a 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5796,3 +5796,32 @@ Universal Resource Identifiers to uniquely identify objects.")
The goal of this project is to provide pure Go implementations for popular
compression algorithms bey ond what the Go standard library provides.")
(license (license:non-copyleft "file://LICENSE.md")))))
+
+(define-public go-schwanenlied-me-yawning-bsaes
+ (let ((commit "26d1add596b6d800bdeeb3bc3b2c7b316c056b6d")
+ (revision "0"))
+ (package
+ (name "go-schwanenlied-me-yawning-bsaes")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.schwanenlied.me/yawning/bsaes.git")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "0h4dsyw54n9rcwprqy93wv2v1gcvlq1vfqdp1g7wxdkq457rhvys"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "git.schwanenlied.me/yawning/bsaes.git"))
+ (home-page "https://git.schwanenlied.me/yawning/bsaes.git")
+ (synopsis "Go AES library")
+ (description "Portable pure-Go constant time Advanced Encryption
+Standard (AES) for eletronic data encryption. This implementation if
+based on code from [BearSSL](https://bearssl.org/). On AMD64 systems
+with hardware support for AES New Instructions (AES-NI) and a
+sufficiently recent Go runtime, it will transparently call crypto/aes
+when NewCipher is invoked.")
+ (license (license:non-copyleft "file://LICENSE.txt")))))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2dAFgwPCZwAACgkQ
YrJ+WmBEwoImxg/9GGJZjs/ZaaCYiSqJLoxwGob9la70qIYwRoxgxaGh/yGao4oa
RyM3n0C5TdcP59TdyeK5S5fHKSjQkoaFKeG38RZX7Rzeg7YVRZkQ8ROTDj2B7qSA
l4NWDom0dwijyFaQ/pgzCxr0+ctT0B8kwq45ZZOh4QvOGKJn55zGQxpRC9WOy2Wc
fsTQCgPncatcotHX5F9lrrTw1rjUMyi0ENt5fDGU0cBnSSOB39fCmpDrqYCR+21B
RPa4gafVAnAEP/otAWMDHY5ybM7HTqTmTO9kiELsvmFxTC1IUdP4MiRPiCw8KGxP
YmSE6MW0vdEibFydtVJsVcIjFVZw2MRa7950RLkXneZrsR7FHsNaHMgWCHbl2Yu0
vfmbhgCmu74VDBpSQ2D4fNqrc0CWnohe4YZb30m1jJ2pG3Nn9SbgfoT6TljMcXrc
NnNZSwaIQIf9wsjTwfbo6QmmQCg2C2Fv1+dQJKMZNgomBJaB5ZO6i/OjkncpAPEG
oMzl5whJgGwuNDEWUz3ZMFS+qRRigoap0k6KnWnTMAJajlp17nBvb1fiVngtuq/6
QVP2YYIkeZAzt/khx2AXeH8CAUjR9FGYaVzEYmHnAsiuAxbmGIG1eU2QXl2w1HwE
SyJXODwLVYhPhbLeK+3/C1Ld2h/fBeOOcEnHq75eUF3RPH9lG0DVSErAmYc=
=bbe1
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:14
Re: [bug#42380] [PATCH 7/9] gnu: Add go-gitlab-com-yawning-utls
(address . 42380@debbugs.gnu.org)
20200915151411.GG13296@andel
From 4f31263215dffb94e47a4c9e7256e095fb68c1e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:47:38 -0300
Subject: [PATCH] gnu: Add go-gitlab-com-yawning-utls.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-gitlab-com-yawning-utls): New variable.
---
gnu/packages/golang.scm | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)

Toggle diff (49 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 7c68f36c2a..55975d3e30 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -19,6 +19,7 @@
;;; Copyright © 2020 Jack Hill <jackhill@jackhill.us>
;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
;;; Copyright © 2020 Nicolas Goaziou <mail@nicolasgoaziou.com>
+;;; Copyright © 2020 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -5825,3 +5826,34 @@ with hardware support for AES New Instructions (AES-NI) and a
sufficiently recent Go runtime, it will transparently call crypto/aes
when NewCipher is invoked.")
(license (license:non-copyleft "file://LICENSE.txt")))))
+
+(define-public go-gitlab-com-yawning-utls
+ (package
+ (name "go-gitlab-com-yawning-utls")
+ (version "0.0.10-1")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://gitlab.com/yawning/utls.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "15c46s56r45n22rmq9spnczydnkqrnxff28h5mpnk5yvcqif3lgb"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:tests? #f ;; Tries to connect and fails.
+ #:import-path "gitlab.com/yawning/utls.git"))
+ (propagated-inputs
+ `(("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+ ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+ ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)))
+ (home-page "https://gitlab.com/yawning/utls.git")
+ (synopsis "Go library for uTLS")
+ (description "This library is a fork of the main Transport Layer Security
+protocol in Go (crypto/tls) which provides ClientHello fingerprinting resistance,
+low level access to handshakes and fake session tickets among other features.
+This fork was made for the specific purpose of improving obfs4proxy's meek_lite
+transport protocol.")
+ (license license:gpl3+)))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2kIFgwPCZwAACgkQ
YrJ+WmBEwoJL9hAAhXX+DfZ0JbFWDMi5FM+zQNJkeA4PcC+jrdjRR2qDhNovBk6D
wb1y2Bx/uExkW4Byz2501klRlinXrXBoLqq3fv39e8EYc4AK3xDEmxGrvO65WwwO
1GvsDqwCgrl+kCuVADYA3NMWCvirCBYVE8tx37Psc8eLKXTzvTm2asoNiUhwtnQU
R+SyIamP/Xma/SlSAdmrLoBxFfZ8FEh/aj9FLA+GNeLLgdDk+wlbVvgZXAX0tz9B
jy9zN2IO/Ey06tL3ZGzPjMDlgI2YGaKkTMDkm0IGdtfosoOqveb3/yauPWJXeffW
l04p7wwKLhd/X/sEQltD8UZzDzl7cfoLwcx1DYiC0gRQNzLFzU6gDTW3PUdn/jz8
PnNOT6Ry7h5+jJNrwxBcbuNoJv15Q5x3ZXqkm2G1sACd86H8Mnu5/R4BcyBeM8i0
C/uEWSKT0fO3OFgWOEbjpz0ZC0Xqpx7DPI6kkNIKex9X84AdTqLgz0C9fPZneab3
vTob3ZQuV83zi5Z8V/lapC0CND4Os53dSXJaaBSsSwWspu0isspegxM6pswEXH3D
hNWvsooZipfJbnjge5EW7hOmBQxsS9BgqbM3GTmbwc+FgP31HIQ2MRtycJ1mPGVZ
6UtUbtGt5ie+9c63Qn7JI4TG3oz1pzAquQOBhJdMj/6LUyu4Ns82YDiFal8=
=dWJA
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:15
Re: [bug#42380] [PATCH 8/9] gnu: obfs4
(address . 42380@debbugs.gnu.org)
20200915151525.GH13296@andel
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2o0FgwPCZwAACgkQ
YrJ+WmBEwoKlYg//Ya7faXpZVZgsJOLcEvw3OixhW1y0gnw26LBz/I8UWa2usAwN
hyo77cu6Cf7UhgHuk525LH5djJ6JCgHK3SHKbWXlHGo3otFnq9iqbZuXlZWWquRi
DQ0PWtvx2p1VxX7X2hERTeLix9Qjs4oR66WIbmNdgD5EsnYwcIowq65ZXRlBcc0B
svF1SnO6DEXyC7reuORK2Y5K7I3m9i9wqgPTIaXFr98nJd7LMrwUYHNiS8J/cdJU
qm0N0CpOiR8dntFD8laxrt3bnTGJqSdGP8yiRH7+K19w3WbPq2u3a0VXrsCkxcgl
5tKdSfbsKI2EA86pv0CeTMrkVfiRaflExFbYFQ1lL46eMIha34DTGVPNZ9bffZvQ
wbZatYBt12wK6Lx1MH4/4sSkAa0kv9Y6n9TiI/idp85xsEIrzF7BeWxQR35bjaez
UsGbCSG56pv6NZ1xU0dtPw482s/CLsTLF1p6gQdUfWlamES5udlD71kREtcjQVQg
8SLGTp/QcKUZCbN5El3RWQyVET0cJP6yZZjFuH6u67SzgYGtZqrZh4ThTozNU4BP
xzTDnZKOwe17kt2kUiJOEsJg+PlPJfBma6HiUpnhKUqeGNiAEmC2rhMO7ouDGJ1j
b37J7lHXGAf3Q12uAk4Rzo6H/y+6Y1UPhGYptexcQkmN+cPcZXbaf+PDfFY=
=O46u
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:16
Re: [bug#42380] [PATCH 9/9] gnu: Add torbrowser-unbundle
(name . Ludovic Courtès)(address . ludo@gnu.org)
20200915151614.GI13296@andel
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2r0FgwPCZwAACgkQ
YrJ+WmBEwoKGGw/9HRnrHlU+lbO14mMyBmsIrredmncbnRjEN7remBa6S18rpd+E
7BQhDFd/r4/xy8t/5nbwn92vb/IXfAaXfFiN5tB4OwE7rbjUwMz1ArlcrH+RmE4L
qO8gH4MQqZvhm/ka0ISwnXRr077Jaz6eYQdh0vnffogoWuLLz8nzlCAr4R1Gvz2P
v5DtGBlFqmpBGIC7Y4os3Ro9MI0aqsNdOcrtIm9NICALDOoo3O+Ik+0FeqrgcZFB
gNC266E1oHY7UX4WIZV/dogBtYE8CXPsnDst+VHurtaxr0ExAkexAdcFKodHtQsN
SwmTw5GgEAc+B3GXgqgSmfGFeXJjXmLxbtb5dkn/Vgl0n/9b+6B5AZpC26BYEcQ9
8Y/4ru64iT5jYlKveXCYe1gK0fvyQad8AOllmiGm6lq2anS2T02JMAgQ3xUXAvXw
sqI0UADlW5OMLjwKrGAVIFb9MVXlfWEXzWwQ69gWH3So5kFFlHcWaaWkdAiE3hB5
5Jsdz8jfiWXWg2Pc7r2lEqsFDiRnO0Q1/U7WWuQg2tVpDkmSFZuSPs0GICBGjX/0
kW8lQehJhVJlYIEHss5bh8rR4Glc6svJt1notxcqM9mNHARPr6A9pbyFSctM0fgf
fCObXFma6f6ZKj/TerhYSSYVLvfqdvNEG/t2ulxwzDyQBuRlP9rptIJ6ej4=
=gmmN
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:23
Re: [bug#42380] Wow!
(name . Raghav Gururajan)(address . raghavgururajan@disroot.org)(address . 42380@debbugs.gnu.org)
20200915152332.GJ13296@andel
Hello Raghav,

sáb 12 set 2020 às 09:35:17 (1599914117), raghavgururajan@disroot.org enviou:
Toggle quote (3 lines)
>
> Thank you all for the hard work. This is a high-time package.

Thank you as well. :)

Toggle quote (3 lines)
> Any idea on when it can be merged to master?, at-least a minimally
> viable package?

As of now, I think it's a viable package, but there's still room
for improvement on its definition. If you also care that this
package is available on Guix, I guess the easiest and most
important thing to do right now is to apply the patch series
that I've sent, try it out and report back on your experience.

Happy hacking!
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g3HMFgwPCZwAACgkQ
YrJ+WmBEwoLTiBAAkEE12XTXYe15W4Z/u116sVByrHkXFhKQA8FNwnBxF3tnUlJk
xXXH6O3u6EQlkwSDbktqSSzpf0U27U7+/fGgLVS2OIG4FYlkxOw1cIM0ehkmcG5X
KgYoFHuibz059PZh+BYSr+Yu7gz+Hf7XwrySkgcBQlIo8OCI06t0VSuZMFZDoDre
k3nc/Up4idMZVmht/U/VLQ2ExANmYTb+IdM41WbdCZH3novMtch/0T1yciy4vDNl
3cYc/pAdVSILDPZVUl3ZsixcBKfRSGTuBs6k/GfmT41RFcm6t4Pc4sQW5jsPNToj
Rs1QCHIdlw148E/B7emsgulbNBCOG6dKeI6TTXukXC5351PsjiTt8puzZKXClR4k
GALFJJvo4U/EAG172F6wpkm8+BBUWLR1BzwNKjNWxAJA4zh2LRprenU/Gfq15i0H
Ooh2k4L5E/Zh6Cgi6InGdK2b21DTGGi0deszXO2zq+Zc9Fmm78ETNPodfSZhNdDe
+h+4YQLosAgjcjnRKUDQLCMbAXJOMkesIHRTQWz/iabC/UKUIIPhTDs676Ta2PSs
15nM1bmS0yQP893J32kiFeAVwo2xTcLeKCILlMP0tHrHEzArw1Y/lFNkUvLAyn2+
8m6sWlBX8UAhLwm/oSW//3BfmX/vhe0RFhs6M9JxRuoZTDn6Emm39ErVCHo=
=qajb
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 16 Sep 2020 00:50
Re: [bug#42380] [PATCH 2v2/9] gnu: Add go-github-com-agl-ed25519
(address . 42380@debbugs.gnu.org)
20200915225004.GA19089@andel
There was an indentation error which is fixed on this version.
From eee248ad09b5c90522be5cb3cb3f40d8ad73ec20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Tue, 15 Sep 2020 19:35:56 -0300
Subject: [PATCH] gnu: Add go-github-com-agl-ed25519.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-agl-ed25519): New variable.
---
gnu/packages/golang.scm | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)

Toggle diff (48 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 0bcb01fd2f..877295de72 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5680,3 +5680,41 @@ error messages.")
Transports are a means of connecting to the Tor Network from places where it
is censored.")
(license license:cc0)))
+
+(define-public go-github-com-agl-ed25519
+ (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")
+ (revision "0"))
+ (package
+ (name "go-github-com-agl-ed25519")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/agl/ed25519")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/agl/ed25519"
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'reset-gzip-timestamps 'make-files-writable
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (for-each (lambda (file) (chmod file #o644))
+ (find-files out "\\.gz"))
+ #t))))))
+ (home-page "https://github.com/agl/ed25519")
+ (synopsis "Go library for ed25519 public-key signatures")
+ (description "This library is a Go implementation of ed25519 public-key
+signature system which was designed to be faster than previous digital signature
+systems without sacrificing security. It is currently used in the
+implementation of obfs4 and should be not be used on newer projects since it
+is unmaintained. Newer software should use x-crypto instead.")
+ ;; License file is referred but it is missing. Probably because the
+ ;; author decided to discontinue the project.
+ (license (license:non-copyleft "file://ed25519.go")))))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9hRRoFgwPCZwAACgkQ
YrJ+WmBEwoKMQw/+PKcY+cngB+hTyWXVAEW/3knNzriJczAY7UOnYqgHtjo0qukI
luWS21qF5ECB0kxCb5j5A3a+UxCq9rbJ7Skid2BTliKVXP3PSAlWjLHpf79ZuBJx
MOHQRN9QE3I3vymYwrEaASs/IA75V//3FK+xjTyrxffq6GrWXBsgPdZoTpIrWkb2
r6ZnkMTBSkmWiAdfsu/5f/XzcPo8AGccSAofostcUPsMgVJKNXDjcFL4D7syMZRw
0AUb+hmx66O4mDwVRELzRUNoz81F/NDIuMobOMiAKG/HT9ggWdZJUjPzjduvaD13
27Ehj+MNGL/4hGUF+/8QD6pxUCrJF/83VfR4qmNoITdlXeI7RhbFB8OmbWwf7X9R
G/Y/QlF6Imi9GIgvc3e/IZ1uGVji4bwo9dI6aNFV5ephzASVfAcI3XyicUedBCvG
UYmwOsLbAv5XQIJrW5hlLoS2Xj7+vAmYu6IuoppF/C2YT/63mVX6k0+dUjee/x4Z
+D46QK5kV33LjTeI4M1Zl63RekIY3ZDqBboz5OxAyzNhbtYRWEhJjLxbAwwSjjk0
fkPqmIgik7feQyZV41IslxSXgDJ/5eWgKOIBM06vCcmrDqROPFhT36o1lz7N+Xe4
uxzL5yWHBwGb73d+5c9o3mnt8EQDpoJWlCpbShAoaSlpMGDEpoodAJVmYFc=
=Z7ih
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 16 Sep 2020 00:53
Re: [bug#42380] [PATCH 3/9] gnu: Add go-github-com-dchest-siphash
(address . 42380@debbugs.gnu.org)
20200915225339.GB19089@andel
Just in case, the 'zero' on the subject was a mistake.

My apologies for the noise.
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9hRfIFgwPCZwAACgkQ
YrJ+WmBEwoJnRQ/+OpiRMFQNliCt2aO0tm8ebPH4OOvaN/ZUHi9ELhPHy+8KbQ4h
e3gHIO4bjXBg2P8aFOr2ZkM/fQqVNV8Elq5jBQOKw0qXMbb5wbnmN1X43B5ictrM
m+HTXULPuSMkgaOD9YvHN/0v/kP3giHQ3ECZI6No3e/2NyzVg7LOrYPSLNGHE0kX
b4NGaGSv7LbxXXea/OjjBWu9FG8v7AXSki5I8HU0FLBrp0UjfPK1KTCuRI0rrFf8
K3FVFrepfN17QT2G8eEAR2Xrk4Kv6QrOAHQtQBMY9kl4G5eduTVHxVBKBmF5l5Zu
DIIYVgeO4cKQ20zhgVSyY3dJ/I2hlfCkihDT0I/DbzW1huGoSTYTaxP5RzUs8CG0
/dlMv8cm27VRtcT/rBfZTmBbnzT4UtrPZAA8mKkxysHh2gFSi+33Zp1GPnU507Co
feWKE1q1npjfiUXCaJqfKD8O8KIyEU3F3h5GArG3pROdjCxKXJP9sJNXp5v/oMgG
9PJZwIRSquCWlvs6Xrt9CDWgMpDDzdE2cBJyY/FfuF9X4X4Q+j2jNfcDTD/N7Tu8
IcGdhn64ElXqEN9IsERCmLJYLsi6Ox/nSXtTt//34+dxH3P9ueKzkRVBBWG3ZpGo
uUDhSUZBWJWvWqKw+EPzglD1GCMV5Cu1cYXx+5xXKPSOBUZinnQHSpsT2ys=
=r7NT
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 25 Sep 2020 01:18
Re: [bug#42380] [PATCHv2 9/9] gnu: Add torbrowser-unbundle
(address . 42380@debbugs.gnu.org)
20200924231814.GA29727@andel
Hi,

This patch updates Tor Browser to version 10.0. I've done some
minor testing and everything seems to working. One thing that
will need attention in the future is the cleaning of the profile
dir, as the upgrade process does not touch it and so older configs
and extensions remain on user profile.

Main changes from the previous version are:
- added a new phase to merge pluggable transports preferences
into default tor-browser preferences before configuring the build
instead of applying them on user preferences at runtime.
- https-everywhere is now a builtin extension and requires further
steps to be available at the right place.
- defined %tbb-build in order to further differentiate
tor-browser and tor-browser-build version tags.
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9tKTQFgwPCZwAACgkQ
YrJ+WmBEwoLTcBAAoXcLdICQ4EJtxUSV2UeEaajxtBzGwjBLe1mwVDqELkilsQUW
akCa6Ix7+G2yWKioSHreJFaEjNGg9uyI1LjUTfH/3WXy6YUm5VyRe5JH+BTYKOPK
10B2ACQJceH4xfvLypWmgCijrNGwgH1yXxlAr15ivZ+wi4o3yza5i/13B8kLEIqP
KT9OEE507e0S954LREf5X7wam5x5YbiIfR3tQKBmQ4jEMAOfo4hWZ2H1ioXQaGlc
9ol1dtfAz1BQ6nVGG3qxEINsB/u+os1tikwHioOrMecpmv26ecHX1f6T5oXHwpGV
WEfYAT4fM2+kjRqlIogjmpmomDN/PRUZkNSbmL1P6o4rDGA+6yf5S68Nf+4D3uQ5
PXJGvHodtn4GNXU3OKzi12DOCGAJ6DLoVKphnpys4mMQ5XZI792Tuc9yG1pxRZHp
y+TtKod57sZJAWX8zENod72HcNaj4tO6M+0xDNfTJ9EXxQmNy82EWiw2yy1Y2z3t
ZpciG6XStVlVtJe9fy/Rfq0BTc6q5dwOAKM2dSB8bpuPNYXaDkShZwRQQsfoRXRs
Q09ZjnAWoy9aFfrpBsT87JhfumYf84dxGSKNfV8mb3G0C/ITE08gjFcRMvWcJjeC
tWpTYH8qvJiM0HN01/+0yeEF1/sDnKBHM6TVCk/f38++7a+rWo1VYX1k4f0=
=9051
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 7 Oct 2020 17:51
Re: [bug#42380] [PATCHv3 9/9] gnu: Add torbrowser-unbundle.
(address . 42380@debbugs.gnu.org)
20201007155154.GA5226@andel
Hello Guix,

This new version of the patch addresses the following:
- inherits definition from icecat[1];
- use source tarballs for tor-browser and tor-launcher[2];
- does not define torbutton anymore (it is bundled with tor-browser);
- unbundles some system libs (nss, nspr, zlib, libevent and icu)

1. There are four phases which are almost exact copies from icecat.
I've tried to use let, define and package-properties to remove the
hardcoded strings which are in the way of inheritance, but I've had
no success. The phases are: 'install-icons,
'apply-guix-specific-patches, 'neutralise-store-references and
'wrap-program. Maybe someone here can shed a light.

2. Those tarballs and also the one used for fonts are not kept for
long on dist.torproject.org. Usually they are removed when there is
a new browser version. So this will be a problem for time-machine.
On the other hand, the git repos for fonts and torbrowser source
are huge, so I'm unsure which would be preferable.
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl995BgFgwPCZwAACgkQ
YrJ+WmBEwoIPjg/+MTXmNKaGr7v6ic5Srea6X7irui9QqX/cNA6M6d4CoO0uCfFf
/9oMoVBGTpCSXVo4YtX2Imrha3WR+aXw1qoA6bZzsnncTbbL0IKlMVStrFJIRcaT
jDogvlVqoES31d0wWWSnCf3V8iZ+u9HkOVCxbNtt6KFR1defU57/TrkEaVDksdwZ
2EMNRZIRl7yWTF2MCuJf9QqwwalJBHmEB9G/72xgitCT68CEus24EIaBQcBAfyYV
eR9JsTTEAsHHznN+oq1OXKIAqApYXOPaDJ6qb+OnpIl9I3BmriujczKmXQjqk43F
RBqBCEwEiyNOSarLYz6WDb3xVw+VCm9sum+YC4J43xRcK1LVO+EePDbRc4XbM7gR
llVgNSZ8fpM9lQ9EYZITFUe+Rvp6h+zC4y0TahRFbuk3QQxX+SSS7N7xQGFjaZ7r
ubLyp7+7cijQHf87hp65Cf6SxgLQJDJ5Zj1vASMf51omzSLZ1/LEhdM0tfnzUiXN
YIF7gVjRph3IfJf8+nZGeyIY/iaoNTzOeEys3LB7d+kyYqBsu9Bas28/SScOkylz
Bx2JraGnaU9CJRWwYmtpGThp/3vkjAfU8yqFwGs4P8fZRmVIJSlto5/2MPADIZfE
Vf9GmCjZU36t5hRPAazGYoWHWSVWIn0mAKWSqRVlDxVpJXfxvTouFPymRQE=
=ZV9i
-----END PGP SIGNATURE-----


X
X
Xinglu Chen wrote on 25 May 2021 17:05
Re: [bug#42380] Wow!
(address . 42380@debbugs.gnu.org)
87zgwic0qc.fsf@yoctocell.xyz
What’s the status of these patches? I would love to see Tor Browser in
Guix!
-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEAVhh4yyK5+SEykIzrPUJmaL7XHkFAmCtEksVHHB1YmxpY0B5
b2N0b2NlbGwueHl6AAoJEKz1CZmi+1x5M2EQALpc+Ot1lSCgCFl9I2Xi8PbhDER+
LKhLz4j1F2cKCiTirQDLeL4Kj5nNrZepAG/xmPhp4tBqW3yEKpB88ZGBVkw9R+01
88AKk9mmv8/ntYJxyJcSFQpr6ykiYpU0OpHGsO8eWafWeJUputou/yxJgI9j5mZ+
qNmqQLmwWPmsPILf5v9eZGws0lxKlWZW+0xJ0ncqlRXdjZQ9ItLIluQClVvxEdxO
VRzposL1dTGpAes4EoWHH26wvMkIeuIXcgY5e+jV73BlS93iamOUxHgK3f0GJYI8
RtxHot36f2ZfmbQfCu0V3CGVropnZXAS2pvEjFsxkgbscDgq5wTUlgZjw0a5BmA3
fJdHbuwWNrC/0LNrYR0PXM7pSkgqH4RJeQgSRbiC7SaNSSJssR0OtaIHfJQAuO3B
igeKy6wyYKvv7jta+cgqWvTcS3zlaTNa9hBWl6aUaJ5NujwI3zyVrXf1tn7vm5Ay
ZmOeUiaKSiNZ0NJxnfMlzpl/AZYlbQZhGNSevLiMPytpqnPIdXIV7q+7HE3FzugA
j7HZ4sR0sRQPdpDlqAQOpGjIzBfwH6+Na2YQESnFsJ4pKKNskSCUk8fkTin+y+sk
9pIRL+TwItaByR2P7iBC1ZcFy5QAihJuHIisxxlD0HB496MLGcZNCCXzpxR12tBz
LlHilrTkIVwoo0zE
=Haxm
-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 25 May 2021 21:12
(name . Xinglu Chen)(address . public@yoctocell.xyz)
YK1MClOxWNySPXCM@jasmine.lan
On Tue, May 25, 2021 at 05:05:47PM +0200, Xinglu Chen wrote:
Toggle quote (3 lines)
> What’s the status of these patches? I would love to see Tor Browser in
> Guix!

Does this package build the Tor browser from source? Or is it just a
launcher, like the Debian package?

My understanding is that the Tor people discourage anyone else from
distributing builds of the Tor browser.

If it builds from source, we should probably call it something besides
"Tor browser", since it will be different from the official Tor browser
due to the unbundling and other changes.

Also, if it builds from source, it will be easy to identify users of
this package as being Guix users and since the Guix userbase is
relatively small, it will be much easier than usual to positively
identify the person using the package.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmCtTAoACgkQJkb6MLrK
fwhm9w/9ExpGL0cHdCwAAAgHxF80ID1W+CSAquENFHuwgBp5h8wZ34G9B4vd8q5j
GDR5/fHJSZgftRiRgAH5yXxqg/tm0xzrFqGn4pFDyv24yybBd76YvlAoN5j/i1Hd
dRIY9oAkTHjF6XmT+wWciVNOEG/ScTstmtkaJvhzML4L5wfFJlm+naJ2DTOT+PnH
RLMO/civaHXpKXYC9EzRCrTTJpYRJEftLyKUY6OMYBVv0pChU4ZkL/jqzXahx140
TUtyJJt5Fw97LlsCbEkgutb29ouoc8XFxsoha0uzsTZ3fR66WhOHPduYcuHUk05B
AnSAAMj17FCtD2c/cd+DK9QEHeRHxtM2tz7HU+NzS7MRPjCdzacYS9bxi9MpLJle
4xL8xZZ2d2XxT/W0GNCjyVx/Co0QyWnFzWyYMxcwmBl4lA4kAOdbV0Q5iApg6QnZ
OvHp2C42Y7T4H37DBBSYxDMsY4fNwoBnOMZJVOu7kSHJ5E/koBOSTwGzdiwOwLdX
E7wrbuLWNWsUAMb5sZIrrwYluWeaU3uHHpv7YCNBEy4nvAJ9fIoIbi8zS7IeESeE
gxNIYyU0Ma5eOoOXD/8vxPKviAmc//n+sIxcAsdt7vL0Ss9EjzRcOvY+g8WD/5He
Vk4NjBwzJyZMyr/rQva0v7FkBSK33XGo9k8IYMIdCHN6OwwT++o=
=pZWh
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 25 May 2021 23:24
(name . Leo Famulari)(address . leo@famulari.name)
87tumqwlqm.fsf@gnu.org
Hi,

Leo Famulari <leo@famulari.name> skribis:

Toggle quote (7 lines)
> On Tue, May 25, 2021 at 05:05:47PM +0200, Xinglu Chen wrote:
>> What’s the status of these patches? I would love to see Tor Browser in
>> Guix!
>
> Does this package build the Tor browser from source? Or is it just a
> launcher, like the Debian package?

It builds from source.

And sorry for dropping the ball, André! If anyone’s willing to give it
a try and report back, or to comment on the patch, that’d be great.

Toggle quote (12 lines)
> My understanding is that the Tor people discourage anyone else from
> distributing builds of the Tor browser.
>
> If it builds from source, we should probably call it something besides
> "Tor browser", since it will be different from the official Tor browser
> due to the unbundling and other changes.
>
> Also, if it builds from source, it will be easy to identify users of
> this package as being Guix users and since the Guix userbase is
> relatively small, it will be much easier than usual to positively
> identify the person using the package.

Good points. I think we could ask the Tor Browser folks (we met with a
couple of them at Reproducible Builds Summits in the past and I’m
confident we’d understand each other :-)).

Thanks,
Ludo’.
A
A
André Batista wrote on 28 May 2021 03:45
(name . Ludovic Courtès)(address . ludo@gnu.org)
YLBLT5y08LIuYQba@andel
Hi,

ter 25 mai 2021 às 23:24:01 (1621995841), ludo@gnu.org enviou:
Toggle quote (7 lines)
> Leo Famulari <leo@famulari.name> skribis:
>
> > Does this package build the Tor browser from source? Or is it just a
> > launcher, like the Debian package?
>
> It builds from source.

Apart from noscript which Tor Browser itself does not build from source
and https-everywhere which at the time I thought I'd be able to build
from source but I got stuck on rust dependency nightmare and had to
delay. Unfortunately, this issue still remains to be solved.

Toggle quote (3 lines)
> And sorry for dropping the ball, André! If anyone’s willing to give it
> a try and report back, or to comment on the patch, that’d be great.

No problem, Ludo, it was lacking feedback and I know it's somewhat a
big and delicate piece of software to be merging without it.

Toggle quote (3 lines)
> > My understanding is that the Tor people discourage anyone else from
> > distributing builds of the Tor browser.

That's also my understanding, however I do think that building from
source is: 1. the very core of software freedom, despite the relevance
other concerns such as diminishing anonymity set; 2. one of the main
strenghts and what Guix strives for.

Toggle quote (4 lines)
> > If it builds from source, we should probably call it something besides
> > "Tor browser", since it will be different from the official Tor browser
> > due to the unbundling and other changes.

I've initially called the package definition "torbrowser-unbundle" and
also inserted a warning that it was _not_ official Tor Browser, but I
did not try to patch sources to rename the browser as it appears after
installed. I can both agree to another name that makes it clearly
appart from the official browser by Tor Project ("nottorbrowser?",
"onionbrowser?") and to work on a patching sources to remove the user
visible name and logo, if it's deemed necessary. (That may take a while
however).

Toggle quote (5 lines)
> > Also, if it builds from source, it will be easy to identify users of
> > this package as being Guix users and since the Guix userbase is
> > relatively small, it will be much easier than usual to positively
> > identify the person using the package.

I've tested it with panopticlick.eff.org and it's user identifying bits
remain the same as the official Tor Browser. That said, panopticlick
is certainly not a silver bullet and you have grounds to be concerned.
If someone were to need/want the very best assurances on anonymity set,
I'd advise not to risk it and go with the larger crowd.

On the other hand, until not long ago and maybe currently still, guix
users were using IceCat with tor and that's a much more telling tale.

Toggle quote (4 lines)
> Good points. I think we could ask the Tor Browser folks (we met with a
> couple of them at Reproducible Builds Summits in the past and I’m
> confident we’d understand each other :-)).

That would be great :)

In the mean time, I'll take this as an invitation to send a new patch
version with the latest Tor Browser stable. I've made some minor
improvements such as using tarballs from archive.torproject.org instead
of {git|dist}.torproject.org.

Since they are planning a new stable release in the next few days, I'll
take the time to work on a reproducibility issue that have arised with
the new zip routine to package extensions inside omni.ja which affected
the timestamps, at least the way I did it.

Cheers,
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 0/9] gnu: Add torbrowser-unbundle.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
cover.1622687706.git.nandre@riseup.net
*** Updated patch series to add torbrowser-unbundle current stable ***

The first 8 patches are identical to the previous versions, except
they've been updated to reflect line number changes on current guix.

Tor Browser is now built mainly from tarballs, except for
tor-browser-builder which needs a git repo. torbutton is not defined
anymore since it's already bundled.

The browser is fully working, but there are still two issues I'd like
to solve: 1. build extensions from source; 2. make it deterministic
again. I've left comments on code if anyone cares to try and solve
them before I get the time to give it another go.

Cheers,

André Batista (9):
gnu: Add go-torproject-org-ptlib.
gnu: Add go-github-com-agl-ed25519.
gnu: Add go-github-com-dchest-siphash.
gnu: Add go-github-com-dchest-uniuri.
gnu: Add go-github-com-dsnet-compress.
gnu: Add go-schwanenlied-me-yawning-bsaes.
gnu: Add go-gitlab-com-yawning-utls.
gnu: Add obfs4.
gnu: Add torbrowser-unbundle.

gnu/local.mk | 3 +
gnu/packages/golang.scm | 201 +++++
.../patches/torbrowser-start-desktop.patch | 22 +
.../patches/torbrowser-start-script.patch | 181 +++++
gnu/packages/tor.scm | 755 +++++++++++++++++-
5 files changed, 1159 insertions(+), 3 deletions(-)
create mode 100644 gnu/packages/patches/torbrowser-start-desktop.patch
create mode 100644 gnu/packages/patches/torbrowser-start-script.patch

--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 1/9] gnu: Add go-torproject-org-ptlib.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
e45bafa36d125947224ceed1dffc6e8f8e0e8438.1622687706.git.nandre@riseup.net
* gnu/packages/golang.scm (go-torproject-org-ptlib): New variable.

Toggle diff (42 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 8c3c81ceda..940f38af76 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -25,6 +25,7 @@
;;; Copyright © 2020 Martin Becze <mjbecze@riseup.net>
;;; Copyright © 2021 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
+;;; Copyright © 2021 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -7033,3 +7034,27 @@ simplifications, and enforces style rules.")
"This package provides a library for fast, structured, leveled logging in
Go.")
(license license:expat)))
+
+(define-public go-torproject-org-ptlib
+ (package
+ (name "go-torproject-org-ptlib")
+ (version "1.1.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/pluggable-transports/goptlib.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1lh938194hvkf8pqgnxwf6hvjv9rv0j3kasi07r2ckrj8sxzk4jc"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "git.torproject.org/pluggable-transports/goptlib.git"))
+ (home-page "https://git.torproject.org/pluggable-transports/goptlib.git")
+ (synopsis "Go library for Tor Pluggable Transports")
+ (description "Library for writing Tor Pluggable Transports in Go. Pluggable
+Transports are a means of connecting to the Tor Network from places where it
+is censored.")
+ (license license:cc0)))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 2/9] gnu: Add go-github-com-agl-ed25519.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
99af7879a93ec3f94030b3e3cb266949f67d824b.1622687706.git.nandre@riseup.net
* gnu/packages/golang.scm (go-github-com-agl-ed25519): New variable.

Toggle diff (48 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 940f38af76..2569d450b2 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -7058,3 +7058,41 @@ Go.")
Transports are a means of connecting to the Tor Network from places where it
is censored.")
(license license:cc0)))
+
+(define-public go-github-com-agl-ed25519
+ (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")
+ (revision "0"))
+ (package
+ (name "go-github-com-agl-ed25519")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/agl/ed25519")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/agl/ed25519"
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'reset-gzip-timestamps 'make-files-writable
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (for-each (lambda (file) (chmod file #o644))
+ (find-files out "\\.gz"))
+ #t))))))
+ (home-page "https://github.com/agl/ed25519")
+ (synopsis "Go library for ed25519 public-key signatures")
+ (description "This library is a Go implementation of ed25519 public-key
+signature system which was designed to be faster than previous digital signature
+systems without sacrificing security. It is currently used in the
+implementation of obfs4 and should be not be used on newer projects since it
+is unmaintained. Newer software should use x-crypto instead.")
+ ;; License file is referred but it is missing. Probably because the
+ ;; author decided to discontinue the project.
+ (license (license:non-copyleft "file://ed25519.go")))))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 3/9] gnu: Add go-github-com-dchest-siphash.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
61cb1458a6f5a8f42637e08b0d76837b65aeb57b.1622687706.git.nandre@riseup.net
* gnu/packages/golang.scm (go-github-com-dchest-siphash): New variable.

Toggle diff (37 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 2569d450b2..037163766d 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -7096,3 +7096,30 @@ is unmaintained. Newer software should use x-crypto instead.")
;; License file is referred but it is missing. Probably because the
;; author decided to discontinue the project.
(license (license:non-copyleft "file://ed25519.go")))))
+
+(define-public go-github-com-dchest-siphash
+ (let ((commit "34f201214d993633bb24f418ba11736ab8b55aa7")
+ (revision "0"))
+ (package
+ (name "go-github-com-dchest-siphash")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dchest/siphash")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "08s076y7vmjqnq7jz0762hkm896r6r31v8b31a3gy0n8rfa01k8k"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dchest/siphash"))
+ (home-page "https://github.com/dchest/siphash")
+ (synopsis "Go library for siphash")
+ (description "Go implementation of SipHash-2-4, a fast short-input
+Pseudo Random Function which is suitable for usage in message authentication
+codes and was based on the design created by Jean-Philippe Aumasson and Daniel
+J. Bernstein. ")
+ (license license:cc0))))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 4/9] gnu: Add go-github-com-dchest-uniuri.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
b2cc6770b58badbe54a7f476bf87b9ba2058bc42.1622687706.git.nandre@riseup.net
* gnu/packages/golang.scm (go-github-com-dchest-uniuri): New variable.

Toggle diff (35 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 037163766d..08b5b6ba9b 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -7123,3 +7123,28 @@ Pseudo Random Function which is suitable for usage in message authentication
codes and was based on the design created by Jean-Philippe Aumasson and Daniel
J. Bernstein. ")
(license license:cc0))))
+
+(define-public go-github-com-dchest-uniuri
+ (let ((commit "8902c56451e9b58ff940bbe5fec35d5f9c04584a")
+ (revision "0"))
+ (package
+ (name "go-github-com-dchest-uniuri")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dchest/uniuri")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "1x5bsbm1nlphsv96zd0rbclfaa1swpz5bp14x7s5dbxp0awk2gd4"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dchest/uniuri"))
+ (home-page "https://github.com/dchest/uniuri")
+ (synopsis "Go library for random URIs")
+ (description "Package uniuri generates random strings good for use in
+Universal Resource Identifiers to uniquely identify objects.")
+ (license license:cc0))))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 5/9] gnu: Add go-github-com-dsnet-compress.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
e6be05ea33f1acae969c44a8426e7953735e57ae.1622687706.git.nandre@riseup.net
* gnu/packages/golang.scm (go-github-com-dsnet-compress): New variable.

Toggle diff (36 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 08b5b6ba9b..f554a8305e 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -7148,3 +7148,29 @@ J. Bernstein. ")
(description "Package uniuri generates random strings good for use in
Universal Resource Identifiers to uniquely identify objects.")
(license license:cc0))))
+
+(define-public go-github-com-dsnet-compress
+ (let ((commit "cc9eb1d7ad760af14e8f918698f745e80377af4f")
+ (revision "0"))
+ (package
+ (name "go-github-com-dsnet-compress")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dsnet/compress")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "159liclywmyb6zx88ga5gn42hfl4cpk1660zss87fkx31hdq9fgx"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dsnet/compress"))
+ (home-page "https://github.com/dsnet/compress")
+ (synopsis "Go library for extended compression")
+ (description "This is a collection of compression related libraries.
+The goal of this project is to provide pure Go implementations for popular
+compression algorithms bey ond what the Go standard library provides.")
+ (license (license:non-copyleft "file://LICENSE.md")))))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 6/9] gnu: Add go-schwanenlied-me-yawning-bsaes.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
b572a429973f81504bf35aa905d046bf6aa13dc5.1622687706.git.nandre@riseup.net
* gnu/packages/golang.scm (go-schwanenlied-me-yawning-bsaes): New variable.

Toggle diff (39 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index f554a8305e..6cf7ffc90c 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -7174,3 +7174,32 @@ Universal Resource Identifiers to uniquely identify objects.")
The goal of this project is to provide pure Go implementations for popular
compression algorithms bey ond what the Go standard library provides.")
(license (license:non-copyleft "file://LICENSE.md")))))
+
+(define-public go-schwanenlied-me-yawning-bsaes
+ (let ((commit "26d1add596b6d800bdeeb3bc3b2c7b316c056b6d")
+ (revision "0"))
+ (package
+ (name "go-schwanenlied-me-yawning-bsaes")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.schwanenlied.me/yawning/bsaes.git")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "0h4dsyw54n9rcwprqy93wv2v1gcvlq1vfqdp1g7wxdkq457rhvys"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "git.schwanenlied.me/yawning/bsaes.git"))
+ (home-page "https://git.schwanenlied.me/yawning/bsaes.git")
+ (synopsis "Go AES library")
+ (description "Portable pure-Go constant time Advanced Encryption
+Standard (AES) for eletronic data encryption. This implementation if
+based on code from [BearSSL](https://bearssl.org/). On AMD64 systems
+with hardware support for AES New Instructions (AES-NI) and a
+sufficiently recent Go runtime, it will transparently call crypto/aes
+when NewCipher is invoked.")
+ (license (license:non-copyleft "file://LICENSE.txt")))))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 7/9] gnu: Add go-gitlab-com-yawning-utls.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
0b503bc2bfa00635409e47182aa575ebc4448c3d.1622687706.git.nandre@riseup.net
* gnu/packages/golang.scm (go-gitlab-com-yawning-utls): New variable.

Toggle diff (41 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 6cf7ffc90c..b4e8c1f338 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -7203,3 +7203,34 @@ with hardware support for AES New Instructions (AES-NI) and a
sufficiently recent Go runtime, it will transparently call crypto/aes
when NewCipher is invoked.")
(license (license:non-copyleft "file://LICENSE.txt")))))
+
+(define-public go-gitlab-com-yawning-utls
+ (package
+ (name "go-gitlab-com-yawning-utls")
+ (version "0.0.10-1")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://gitlab.com/yawning/utls.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "15c46s56r45n22rmq9spnczydnkqrnxff28h5mpnk5yvcqif3lgb"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:tests? #f ;; Tries to connect and fails.
+ #:import-path "gitlab.com/yawning/utls.git"))
+ (propagated-inputs
+ `(("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+ ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+ ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)))
+ (home-page "https://gitlab.com/yawning/utls.git")
+ (synopsis "Go library for uTLS")
+ (description "This library is a fork of the main Transport Layer Security
+protocol in Go (crypto/tls) which provides ClientHello fingerprinting resistance,
+low level access to handshakes and fake session tickets among other features.
+This fork was made for the specific purpose of improving obfs4proxy's meek_lite
+transport protocol.")
+ (license license:gpl3+)))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 8/9] gnu: Add obfs4.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
66abc6eeaeab68a209c54740678b64f1d96ecd87.1622687706.git.nandre@riseup.net
* gnu/packages/tor.scm (obfs4): New variable.
* Alphabetically order module imports.

Toggle diff (110 lines)
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index bd11dd3a75..52d78cba79 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -9,7 +9,7 @@
;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com>
;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
-;;; Copyright © 2020 André Batista <nandre@riseup.net>
+;;; Copyright © 2020, 2021 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -33,13 +33,16 @@
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system go)
#:use-module (guix build-system python)
#:use-module (gnu packages)
+ #:use-module (gnu packages autotools)
#:use-module (gnu packages base)
- #:use-module (gnu packages libevent)
- #:use-module (gnu packages linux)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
+ #:use-module (gnu packages golang)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages linux)
#:use-module (gnu packages pcre)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
@@ -423,3 +426,75 @@ statistics and status reports on:
Potential client and exit connections are scrubbed of sensitive information.")
(license license:gpl3+)))
+
+(define-public obfs4
+ (package
+ (name "obfs4")
+ (version "0.0.11")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/pluggable-transports/obfs4.git")
+ (commit (string-append "obfs4proxy-" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1y2kjwrk64l1h8b87m4iqsanib5rn68gzkdri1vd132qrlypycjn"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "git.torproject.org/pluggable-transports/obfs4.git"
+ #:tests? #f ;; No test files
+ #:phases
+ (modify-phases %standard-phases
+ (replace 'build
+ (lambda* (#:key outputs configure-flags #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (copy-recursively
+ "src/git.torproject.org/pluggable-transports/obfs4.git"
+ "src/gitlab.com/yawning/obfs4.git"
+ #:log (%make-void-port "w"))
+ (with-directory-excursion
+ "src/git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy"
+ (invoke "go" "build" "-ldflags" "-s"))
+ #t)))
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (src "src/git.torproject.org/pluggable-transports/obfs4.git")
+ (bin (string-append out "/bin"))
+ (share (string-append out "/share"))
+ (doc (string-append share "/doc"))
+ (man (string-append share "/man/man1")))
+ (mkdir-p man)
+ (mkdir bin)
+ (mkdir doc)
+ (with-directory-excursion
+ (string-append src "/obfs4proxy")
+ (copy-file "obfs4proxy"
+ (string-append bin "/obfs4proxy")))
+ (with-directory-excursion
+ (string-append src "/doc")
+ (copy-file "obfs4proxy.1"
+ (string-append man "/obfs4proxy.1"))
+ (copy-file "obfs4-spec.txt"
+ (string-append doc "/obfs4-spec.txt")))
+ #t))))))
+ (propagated-inputs
+ `(("go-torproject-org-ptlib" ,go-torproject-org-ptlib)
+ ("go-github-com-agl-ed25519" ,go-github-com-agl-ed25519)
+ ("go-github-com-dchest-siphash" ,go-github-com-dchest-siphash)
+ ("go-github-com-dchest-uniuri" ,go-github-com-dchest-uniuri)
+ ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+ ("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+ ("go-gitlab-com-yawning-utls" ,go-gitlab-com-yawning-utls)
+ ("go-golang-org-x-net" ,go-golang-org-x-net)
+ ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)
+ ("go-golang-org-x-text" ,go-golang-org-x-text)))
+ (home-page "https://git.torproject.org/pluggable-transports/obfs4.git")
+ (synopsis "Obfs4 implements an obfuscation protocol")
+ (description "This is a look-like nothing obfuscation protocol that
+incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.
+The obfs naming was chosen primarily because it was shorter, in terms of
+protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")
+ (license license:gpl3+)))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 9/9] gnu: Add torbrowser-unbundle.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
88c9104dbc255f94f73b0dae2dad41ae23cc3448.1622687706.git.nandre@riseup.net
* gnu/packages/tor.scm (torbrowser-unbundle): New variable.
* gnu/packages/patches/torbrowser-start-desktop.patch: New file.
* gnu/packages/patches/torbrowser-start-script.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.

create mode 100644 gnu/packages/patches/torbrowser-start-desktop.patch
create mode 100644 gnu/packages/patches/torbrowser-start-script.patch

Toggle diff (444 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index a5820b5827..c5fdb8fc16 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -42,6 +42,7 @@
# Copyright © 2021 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
# Copyright © 2021 Philip McGrath <philip@philipmcgrath.com>
# Copyright © 2021 Arun Isaac <arunisaac@systemreboot.net>
+# Copyright © 2021 André Batista <nandre@riseup.net>
#
# This file is part of GNU Guix.
#
@@ -1739,6 +1740,8 @@ dist_patch_DATA = \
%D%/packages/patches/tipp10-qt5.patch \
%D%/packages/patches/tk-find-library.patch \
%D%/packages/patches/tla2tools-build-xml.patch \
+ %D%/packages/patches/torbrowser-start-desktop.patch \
+ %D%/packages/patches/torbrowser-start-script.patch \
%D%/packages/patches/transcode-ffmpeg.patch \
%D%/packages/patches/transmission-honor-localedir.patch \
%D%/packages/patches/ttf2eot-cstddef.patch \
diff --git a/gnu/packages/patches/torbrowser-start-desktop.patch b/gnu/packages/patches/torbrowser-start-desktop.patch
new file mode 100644
index 0000000000..6832ed363b
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-desktop.patch
@@ -0,0 +1,22 @@
+Change TorBrowser desktop file in order for it to be agnostic to the
+path when invoked.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop.orig 2020-07-05 18:47:40.689484877 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop 2020-07-24 14:36:37.720579884 -0300
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env ./Browser/execdesktop
++#!/usr/bin/env bash
+ #
+ # This file is a self-modifying .desktop file that can be run from the shell.
+ # It preserves arguments and environment for the start-tor-browser script.
+@@ -28,7 +28,7 @@
+ GenericName=Web Browser
+ Comment=Tor Browser is +1 for privacy and −1 for mass surveillance
+ Categories=Network;WebBrowser;Security;
+-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k
+-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
+-Icon=web-browser
++Exec=sh -c start-tor-browser
++X-TorBrowser-ExecShell=start-tor-browser --detach
++Icon=torbrowser
+ StartupWMClass=Tor Browser
diff --git a/gnu/packages/patches/torbrowser-start-script.patch b/gnu/packages/patches/torbrowser-start-script.patch
new file mode 100644
index 0000000000..b8c8d9a26a
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-script.patch
@@ -0,0 +1,181 @@
+Change TorBrowser startup script in order for it to setup needed files
+outside guix store. Remove tests which are not needed on guix system.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.orig 2020-07-05 18:47:40.685485004 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser 2020-07-23 18:13:32.426282743 -0300
+@@ -5,6 +5,14 @@
+ #
+ # Copyright 2017 The Tor Project. See LICENSE for licensing information.
+
++TBB_HOME="${HOME}/.local/share/torbrowser"
++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"
++TBB_DATA="${TBB_HOME}/Data"
++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"
++TBB_STORE_PATH=$(dirname $(realpath "$0"))
++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"
++TORRC="${TBB_DATA}/Tor/torrc-defaults"
++
+ complain_dialog_title="Tor Browser"
+
+ # First, make sure DISPLAY is set. If it isn't, we're hosed; scream
+@@ -134,8 +142,8 @@
+ ;;
+ -l | --log)
+ if [ -z "$2" -o "${2:0:1}" == "-" ]; then
+- printf "Logging Tor Browser debug information to tor-browser.log\n"
+- logfile="../tor-browser.log"
++ printf "Logging Tor Browser debug information to torbrowser.log\n"
++ logfile="${TBB_LOGFILE}"
+ elif [ "${2:0:1}" == "/" -o "${2:0:1}" == "~" ]; then
+ printf "Logging Tor Browser debug information to %s\n" "$2"
+ logfile="$2"
+@@ -187,41 +195,22 @@
+ export XAUTHORITY
+ fi
+
+-# If this script is being run through a symlink, we need to know where
+-# in the filesystem the script itself is, not where the symlink is.
+-myname="$0"
+-if [ -L "$myname" ]; then
+- # XXX readlink is not POSIX, but is present in GNU coreutils
+- # and on FreeBSD. Unfortunately, the -f option (which follows
+- # a whole chain of symlinks until it reaches a non-symlink
+- # path name) is a GNUism, so we have to have a fallback for
+- # FreeBSD. Fortunately, FreeBSD has realpath instead;
+- # unfortunately, that's also non-POSIX and is not present in
+- # GNU coreutils.
+- #
+- # If this launcher were a C program, we could just use the
+- # realpath function, which *is* POSIX. Too bad POSIX didn't
+- # make that function accessible to shell scripts.
+-
+- # If realpath is available, use it; it Does The Right Thing.
+- possibly_my_real_name="`realpath "$myname" 2>/dev/null`"
+- if [ "$?" -eq 0 ]; then
+- myname="$possibly_my_real_name"
+- else
+- # realpath is not available; hopefully readlink -f works.
+- myname="`readlink -f "$myname" 2>/dev/null`"
+- if [ "$?" -ne 0 ]; then
+- # Ugh.
+- complain "start-tor-browser cannot be run using a symlink on this operating system."
+- fi
+- fi
++# Try to be agnostic to where we're being started from, check if files are on its
++# default paths and chdir to TBB_HOME
++if [ -e "${TORRC}" ]; then
++ cd "${TBB_HOME}"
++else
++ mkdir -p "${TBB_HOME}"
++ cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
++ chmod -R 700 "${TBB_HOME}"
++ mkdir -p "${TBB_PROFILE}"
++ echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\
++ > "${TBB_PROFILE}/user.js"
++ echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
++ >> "${TORRC}"
++ cd "${TBB_HOME}"
+ fi
+
+-# Try to be agnostic to where we're being started from, chdir to where
+-# the script is.
+-mydir="`dirname "$myname"`"
+-test -d "$mydir" && cd "$mydir"
+-
+ # If ${PWD} results in a zero length string, we can try something else...
+ if [ ! "${PWD}" ]; then
+ # "hacking around some braindamage"
+@@ -236,16 +225,9 @@
+ ln -nsf ~/.config/ibus/bus .config/ibus
+ fi
+
+-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from the
+-# canonical version if it was changed by the updater.
+-cp start-tor-browser.desktop ../
+-sed -i -e "s,^Name=.*,Name=Tor Browser,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Icon=.*,Icon=$PWD/browser/chrome/icons/default/default128.png,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Exec=.*,Exec=sh -c '\"$PWD/start-tor-browser\" --detach || ([ ! -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Browser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop
+-
+ if [ "$register_desktop_app" -eq 1 ]; then
+ mkdir -p "$HOME/.local/share/applications/"
+- cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
++ cp "${TBB_STORE_PATH}/start-tor-browser.desktop" "$HOME/.local/share/applications/"
+ update-desktop-database "$HOME/.local/share/applications/"
+ printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"
+ exit 0
+@@ -265,21 +247,6 @@
+ HOME="${PWD}"
+ export HOME
+
+-SYSARCHITECTURE=$(getconf LONG_BIT)
+-TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
+-
+-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
+- complain "Wrong architecture? 32-bit vs. 64-bit."
+- exit 1
+-fi
+-
+-[% IF c("var/asan") -%]
+-# We need to disable LSan which is enabled by default now. Otherwise we'll get
+-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59
+-ASAN_OPTIONS="detect_leaks=0"
+-export ASAN_OPTIONS
+-[% END -%]
+-
+ function setControlPortPasswd() {
+ local ctrlPasswd=$1
+
+@@ -342,13 +309,15 @@
+ # your password in the following line where the word “secret” is:
+ setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'}
+
+-# Set up custom bundled fonts. See fonts-conf(5).
+-export FONTCONFIG_PATH="${HOME}/TorBrowser/Data/fontconfig"
+-export FONTCONFIG_FILE="fonts.conf"
+-
+ # Avoid overwriting user's dconf values. Fixes #27903.
+ export GSETTINGS_BACKEND=memory
+
++# Set up custom bundled fonts. See fonts-conf(5).
++export FONTCONFIG_FILE="${HOME}/Data/fontconfig/fonts.conf"
++
++sed -i "${FONTCONFIG_FILE}"\
++ -e "s,<dir>fonts</dir>,<dir>${TBB_STORE_PATH}/fonts</dir>,"
++
+ cd "${HOME}"
+
+ # We pass all additional command-line arguments we get to Firefox.
+@@ -357,23 +326,23 @@
+
+ if [ "$show_usage" -eq 1 ]; then
+ # Display Firefox help, then our help
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default --help 2>/dev/null
+ tbb_usage
+ elif [ "$detach" -eq 1 ] ; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
+ disown "$!"
+ elif [ "$log_output" -eq 1 -a "$show_output" -eq 1 ]; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
+ tee "$logfile"
+ elif [ "$show_output" -eq 1 ]; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" < /dev/null
+ else
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
+ fi
+
+ exit $?
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 52d78cba79..bfb1ac1841 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -498,3 +498,677 @@ incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.
The obfs naming was chosen primarily because it was shorter, in terms of
protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")
(license license:gpl3+)))
+
+;; torbrowser and tor-browser-builder build versions are not always in sync
+(define %torbrowser-version "78.11.0esr-10.0-1")
+(define %tbb-build-version "10.0.17")
+(define %torbrowser-build "build1")
+(define %tbb-build "build1")
+(define %torbrowser-build-id "20210602000000");must be of the form YYYYMMDDhhmmss
+
+;; Fonts for Tor Browser. Avoid downloading 4Gb+ git repo on
+;; https://github.com/googlei18n/noto-fonts.git to use just a handful.
+;; Use the fonts on Tor Browser release tarball.
+(define torbrowser-fonts
+ (package
+ (name "torbrowser-fonts")
+ (version %tbb-build-version)
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://archive.torproject.org/tor-package-archive/torbrowser/"
+ version "/tor-browser-linux64-"
+ version "_en-US.tar.xz"))
+ (sha256
+ (base32
+ "13x38n1cvqmxjz0jf2fda8lx2k25szzmg7gvv08z3q5na7109m2m"))))
+ (build-system trivial-build-system)
+ (native-inputs
+ `(("tar" ,tar)
+ ("xz" ,xz)))
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (let ((src (assoc-ref %build-inputs "source"))
+ (src-dir "tor-browser_en-US/Browser/fonts")
+ (fonts (string-append %output "/share/fonts"))
+ (tar (assoc-ref %build-inputs "tar"))
+ (xz (assoc-ref %build-inputs "xz")))
+ (mkdir-p fonts)
+ (format #t "Untaring torbrowser ball ...~%")
+ (invoke (string-append tar "/bin/tar") "-xf" src
+ "-C" fonts "--strip-components=3"
+ (string-append "--use-compress-program=" xz "/bin/xz")
+ src-dir)
+ #t))))
+ (home-page "https://github.com/googlei18n/noto-fonts")
+ (synopsis "Tor Browser bundled fonts")
+ (description "Free fonts bundled with Tor Browser. Includes a subset of Noto,
+Arimo, Cousine, Tinos and STIX fonts.")
+ (license license:silofl1.1)))
+
+(define tor-browser-build
+ (let ((commit (string-append "tbb-desktop-" %tbb-build-version
+ "-" %tbb-build)))
+ (package
+ (name "tor-browser-build")
+ (version %tbb-build-version)
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/builders/tor-browser-build.git")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1qwgghy79wx0w1yz132yyaln4g42s72133n6gbdf07rkf5n44izc"))))
+ (build-system trivial-build-system)
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (format #t "Copying build scripts ...~%")
+ (copy-recursively (string-append
+ (assoc-ref %build-inputs "source")
+ "/projects/tor-browser")
+ %output
+ #:log (%make-void-port "w")))))
+ (home-page "https://www.torproject.org")
+ (synopsis "Tor Browser build scripts")
+ (description "Tor Browser runtime scripts.")
+ (license (license:non-copyleft "file://LICENSE")))))
+
+(define tor-launcher
+ (package
+ (name "tor-launcher")
+ (version "0.2.28")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://archive.torproject.org/tor-package-archive/torbrowser/"
+ %tbb-build-version "/src-" name "-"
+ version ".tar.xz"))
+ (sha256
+ (base32
+ "0mbd1q46d8nqisn6n79sp6m29332ymb2pf13xzgq1ml7rfcy6jjy"))))
+ (build-system trivial-build-system)
+ (native-inputs
+ `(("tar" ,tar)
+ ("xz" ,xz)))
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (format #t "Extracting source ...~%")
+ (let ((src (assoc-ref %build-inputs "source"))
+ (tar (assoc-ref %build-inputs "tar"))
+ (xz (assoc-ref %build-inputs "xz")))
+ (mkdir-p %output)
+ (format #t "Extracting source ...~%")
+ (invoke (string-append tar "/bin/tar") "-xf" src
+ "-C" %output "--strip-components=1"
+ (string-append "--use-compress-program=" xz "/bin/xz"))))))
+ (home-page "https://www.torproject.org")
+ (synopsis "Tor Browser built-in controler extension")
+ (description "Browser extension that starts the tor process (which
+connects the browser and other applications to the Tor Network), and
+which helps people configure and use @code{tor}. The first window that
+you see when you start Tor Browser is displayed by this extension.")
+ (license (license:non-copyleft "file://src/LICENSE"))))
+
+(define https-everywhere-lib-wasm
+ (let ((commit "45b1622f1240659aca4762fa336aad1322d6d50f"))
+ (package
+ (name "https-everywhere-lib-wasm")
+ (version "2021.4.15")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/EFForg/https-everywhere-lib-wasm")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1lq62rzypdzmnnzvfns3ccvv1g7p7g9s8jx788zzigr3gnmkpffx"))))
+ (build-system trivial-build-system)
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (format #t "Copying source ...~%")
+ (copy-recursively (assoc-ref %build-inputs "source")
+ %output
+ #:log (%make-void-port "w")))))
+ (home-page "https://github.com/EFForg/https-everywhere-lib-wasm")
+ (synopsis "Browser extension for protection against known attacks")
+ (description "Browser extension that protects users from a range of
+known attacks on web browsing activity such as Cross-site scripting, clickjack and
+makes possible for the users to block or choose on a per site basis which remote
+javascript to run while browsing the web.")
+ (license license:gpl2+))))
+
+;; Both https-everywhere and noscript are rellying on some precompiled code for now.
+;; Also read on the work on chromium extensions on gnu/build/chromium-extensions.scm
+;; to see if can be adapted.
+(define-public https-everywhere
+ (package
+ (name "https-everywhere")
+ (version "2021.4.15")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/EFForg/" name "/archive/"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1bknx8l8gxmpwb13pvn6pdbavknci8q0jhygdaz50ilc1xld89i3"))))
+ (build-system trivial-build-system)
+ (native-inputs
+ `(("bash" ,bash)
+ ("coreutils" ,coreutils)
+ ("findutils" ,findutils)
+ ("git" ,git)
+ ("grep" ,grep)
+ ("gzip" ,gzip)
+ ("https-everywhere-lib-wasm"
+ ,https-everywhere-lib-wasm)
+ ("libxml2" ,libxml2)
+ ("libxslt" ,libxslt)
+ ("openssl" ,openssl)
+ ("python" ,python)
+ ("rsync" ,rsync)
+ ("sed" ,sed)
+ ("tar" ,tar)
+ ("util-linux" ,util-linux) ; for getopt
+ ("xxd" ,xxd)
+ ("which" ,which)
+ ("zip" ,zip)))
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (let ((src (assoc-ref %build-inputs "source"))
+ (httpse-libwasm (assoc-ref %build-inputs
+ "https-everywhere-lib-wasm"))
+ (bash (assoc-ref %build-inputs "bash"))
+ (coreutils (assoc-ref %build-inputs "coreutils"))
+ (python (assoc-ref %build-inputs "python"))
+ (openssl (assoc-ref %build-inputs
This message was truncated. Download the full message here.
A
A
André Batista wrote on 3 Jun 2021 06:10
[PATCH v5 9/9] gnu: Add torbrowser-unbundle.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
347e91d0ce7f96882f70a081b208c388153cd6b8.1622693271.git.nandre@riseup.net
* gnu/packages/tor.scm (torbrowser-unbundle): New variable.
* gnu/packages/patches/torbrowser-start-desktop.patch: New file.
* gnu/packages/patches/torbrowser-start-script.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.

create mode 100644 gnu/packages/patches/torbrowser-start-desktop.patch
create mode 100644 gnu/packages/patches/torbrowser-start-script.patch

Toggle diff (455 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index a5820b5827..c5fdb8fc16 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -42,6 +42,7 @@
# Copyright © 2021 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
# Copyright © 2021 Philip McGrath <philip@philipmcgrath.com>
# Copyright © 2021 Arun Isaac <arunisaac@systemreboot.net>
+# Copyright © 2021 André Batista <nandre@riseup.net>
#
# This file is part of GNU Guix.
#
@@ -1739,6 +1740,8 @@ dist_patch_DATA = \
%D%/packages/patches/tipp10-qt5.patch \
%D%/packages/patches/tk-find-library.patch \
%D%/packages/patches/tla2tools-build-xml.patch \
+ %D%/packages/patches/torbrowser-start-desktop.patch \
+ %D%/packages/patches/torbrowser-start-script.patch \
%D%/packages/patches/transcode-ffmpeg.patch \
%D%/packages/patches/transmission-honor-localedir.patch \
%D%/packages/patches/ttf2eot-cstddef.patch \
diff --git a/gnu/packages/patches/torbrowser-start-desktop.patch b/gnu/packages/patches/torbrowser-start-desktop.patch
new file mode 100644
index 0000000000..6832ed363b
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-desktop.patch
@@ -0,0 +1,22 @@
+Change TorBrowser desktop file in order for it to be agnostic to the
+path when invoked.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop.orig 2020-07-05 18:47:40.689484877 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop 2020-07-24 14:36:37.720579884 -0300
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env ./Browser/execdesktop
++#!/usr/bin/env bash
+ #
+ # This file is a self-modifying .desktop file that can be run from the shell.
+ # It preserves arguments and environment for the start-tor-browser script.
+@@ -28,7 +28,7 @@
+ GenericName=Web Browser
+ Comment=Tor Browser is +1 for privacy and −1 for mass surveillance
+ Categories=Network;WebBrowser;Security;
+-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k
+-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
+-Icon=web-browser
++Exec=sh -c start-tor-browser
++X-TorBrowser-ExecShell=start-tor-browser --detach
++Icon=torbrowser
+ StartupWMClass=Tor Browser
diff --git a/gnu/packages/patches/torbrowser-start-script.patch b/gnu/packages/patches/torbrowser-start-script.patch
new file mode 100644
index 0000000000..b8c8d9a26a
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-script.patch
@@ -0,0 +1,181 @@
+Change TorBrowser startup script in order for it to setup needed files
+outside guix store. Remove tests which are not needed on guix system.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.orig 2020-07-05 18:47:40.685485004 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser 2020-07-23 18:13:32.426282743 -0300
+@@ -5,6 +5,14 @@
+ #
+ # Copyright 2017 The Tor Project. See LICENSE for licensing information.
+
++TBB_HOME="${HOME}/.local/share/torbrowser"
++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"
++TBB_DATA="${TBB_HOME}/Data"
++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"
++TBB_STORE_PATH=$(dirname $(realpath "$0"))
++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"
++TORRC="${TBB_DATA}/Tor/torrc-defaults"
++
+ complain_dialog_title="Tor Browser"
+
+ # First, make sure DISPLAY is set. If it isn't, we're hosed; scream
+@@ -134,8 +142,8 @@
+ ;;
+ -l | --log)
+ if [ -z "$2" -o "${2:0:1}" == "-" ]; then
+- printf "Logging Tor Browser debug information to tor-browser.log\n"
+- logfile="../tor-browser.log"
++ printf "Logging Tor Browser debug information to torbrowser.log\n"
++ logfile="${TBB_LOGFILE}"
+ elif [ "${2:0:1}" == "/" -o "${2:0:1}" == "~" ]; then
+ printf "Logging Tor Browser debug information to %s\n" "$2"
+ logfile="$2"
+@@ -187,41 +195,22 @@
+ export XAUTHORITY
+ fi
+
+-# If this script is being run through a symlink, we need to know where
+-# in the filesystem the script itself is, not where the symlink is.
+-myname="$0"
+-if [ -L "$myname" ]; then
+- # XXX readlink is not POSIX, but is present in GNU coreutils
+- # and on FreeBSD. Unfortunately, the -f option (which follows
+- # a whole chain of symlinks until it reaches a non-symlink
+- # path name) is a GNUism, so we have to have a fallback for
+- # FreeBSD. Fortunately, FreeBSD has realpath instead;
+- # unfortunately, that's also non-POSIX and is not present in
+- # GNU coreutils.
+- #
+- # If this launcher were a C program, we could just use the
+- # realpath function, which *is* POSIX. Too bad POSIX didn't
+- # make that function accessible to shell scripts.
+-
+- # If realpath is available, use it; it Does The Right Thing.
+- possibly_my_real_name="`realpath "$myname" 2>/dev/null`"
+- if [ "$?" -eq 0 ]; then
+- myname="$possibly_my_real_name"
+- else
+- # realpath is not available; hopefully readlink -f works.
+- myname="`readlink -f "$myname" 2>/dev/null`"
+- if [ "$?" -ne 0 ]; then
+- # Ugh.
+- complain "start-tor-browser cannot be run using a symlink on this operating system."
+- fi
+- fi
++# Try to be agnostic to where we're being started from, check if files are on its
++# default paths and chdir to TBB_HOME
++if [ -e "${TORRC}" ]; then
++ cd "${TBB_HOME}"
++else
++ mkdir -p "${TBB_HOME}"
++ cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
++ chmod -R 700 "${TBB_HOME}"
++ mkdir -p "${TBB_PROFILE}"
++ echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\
++ > "${TBB_PROFILE}/user.js"
++ echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
++ >> "${TORRC}"
++ cd "${TBB_HOME}"
+ fi
+
+-# Try to be agnostic to where we're being started from, chdir to where
+-# the script is.
+-mydir="`dirname "$myname"`"
+-test -d "$mydir" && cd "$mydir"
+-
+ # If ${PWD} results in a zero length string, we can try something else...
+ if [ ! "${PWD}" ]; then
+ # "hacking around some braindamage"
+@@ -236,16 +225,9 @@
+ ln -nsf ~/.config/ibus/bus .config/ibus
+ fi
+
+-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from the
+-# canonical version if it was changed by the updater.
+-cp start-tor-browser.desktop ../
+-sed -i -e "s,^Name=.*,Name=Tor Browser,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Icon=.*,Icon=$PWD/browser/chrome/icons/default/default128.png,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Exec=.*,Exec=sh -c '\"$PWD/start-tor-browser\" --detach || ([ ! -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Browser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop
+-
+ if [ "$register_desktop_app" -eq 1 ]; then
+ mkdir -p "$HOME/.local/share/applications/"
+- cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
++ cp "${TBB_STORE_PATH}/start-tor-browser.desktop" "$HOME/.local/share/applications/"
+ update-desktop-database "$HOME/.local/share/applications/"
+ printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"
+ exit 0
+@@ -265,21 +247,6 @@
+ HOME="${PWD}"
+ export HOME
+
+-SYSARCHITECTURE=$(getconf LONG_BIT)
+-TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
+-
+-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
+- complain "Wrong architecture? 32-bit vs. 64-bit."
+- exit 1
+-fi
+-
+-[% IF c("var/asan") -%]
+-# We need to disable LSan which is enabled by default now. Otherwise we'll get
+-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59
+-ASAN_OPTIONS="detect_leaks=0"
+-export ASAN_OPTIONS
+-[% END -%]
+-
+ function setControlPortPasswd() {
+ local ctrlPasswd=$1
+
+@@ -342,13 +309,15 @@
+ # your password in the following line where the word “secret” is:
+ setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'}
+
+-# Set up custom bundled fonts. See fonts-conf(5).
+-export FONTCONFIG_PATH="${HOME}/TorBrowser/Data/fontconfig"
+-export FONTCONFIG_FILE="fonts.conf"
+-
+ # Avoid overwriting user's dconf values. Fixes #27903.
+ export GSETTINGS_BACKEND=memory
+
++# Set up custom bundled fonts. See fonts-conf(5).
++export FONTCONFIG_FILE="${HOME}/Data/fontconfig/fonts.conf"
++
++sed -i "${FONTCONFIG_FILE}"\
++ -e "s,<dir>fonts</dir>,<dir>${TBB_STORE_PATH}/fonts</dir>,"
++
+ cd "${HOME}"
+
+ # We pass all additional command-line arguments we get to Firefox.
+@@ -357,23 +326,23 @@
+
+ if [ "$show_usage" -eq 1 ]; then
+ # Display Firefox help, then our help
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default --help 2>/dev/null
+ tbb_usage
+ elif [ "$detach" -eq 1 ] ; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
+ disown "$!"
+ elif [ "$log_output" -eq 1 -a "$show_output" -eq 1 ]; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
+ tee "$logfile"
+ elif [ "$show_output" -eq 1 ]; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" < /dev/null
+ else
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
+ fi
+
+ exit $?
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 52d78cba79..d5832b19df 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -28,31 +28,71 @@
(define-module (gnu packages tor)
#:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix gexp)
+ #:use-module (guix monads)
#:use-module (guix packages)
#:use-module (guix utils)
+ #:use-module (guix store)
#:use-module (guix download)
#:use-module (guix git-download)
- #:use-module (guix build-system gnu)
+ #:use-module (guix build-system cargo)
#:use-module (guix build-system go)
+ #:use-module (guix build-system gnu)
#:use-module (guix build-system python)
+ #:use-module (guix build-system trivial)
#:use-module (gnu packages)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages audio)
#:use-module (gnu packages autotools)
#:use-module (gnu packages base)
+ #:use-module (gnu packages bash)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages databases)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
#:use-module (gnu packages golang)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages gnuzilla)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages libcanberra)
#:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages nss)
#:use-module (gnu packages pcre)
+ #:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
#:use-module (gnu packages python-crypto)
#:use-module (gnu packages python-web)
#:use-module (gnu packages python-xyz)
#:use-module (gnu packages qt)
- #:use-module (gnu packages autotools)
+ #:use-module (gnu packages readline)
+ #:use-module (gnu packages rsync) ; for httpse
+ #:use-module (gnu packages rust)
+ #:use-module (gnu packages rust-apps)
+ #:use-module (gnu packages sqlite)
#:use-module (gnu packages tls)
- #:use-module (gnu packages w3m))
+ #:use-module (gnu packages version-control)
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages vim) ; for xxd
+ #:use-module (gnu packages w3m)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xiph)
+ #:use-module (gnu packages xorg)
+ #:use-module (gnu packages xml) ; for httpse
+ #:use-module (ice-9 match)
+ #:use-module ((srfi srfi-1) #:hide (zip)))
(define-public tor
(package
@@ -498,3 +538,677 @@ incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.
The obfs naming was chosen primarily because it was shorter, in terms of
protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")
(license license:gpl3+)))
+
+;; torbrowser and tor-browser-builder build versions are not always in sync
+(define %torbrowser-version "78.11.0esr-10.0-1")
+(define %tbb-build-version "10.0.17")
+(define %torbrowser-build "build1")
+(define %tbb-build "build1")
+(define %torbrowser-build-id "20210602000000");must be of the form YYYYMMDDhhmmss
+
+;; Fonts for Tor Browser. Avoid downloading 4Gb+ git repo on
+;; https://github.com/googlei18n/noto-fonts.git to use just a handful.
+;; Use the fonts on Tor Browser release tarball.
+(define torbrowser-fonts
+ (package
+ (name "torbrowser-fonts")
+ (version %tbb-build-version)
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://archive.torproject.org/tor-package-archive/torbrowser/"
+ version "/tor-browser-linux64-"
+ version "_en-US.tar.xz"))
+ (sha256
+ (base32
+ "13x38n1cvqmxjz0jf2fda8lx2k25szzmg7gvv08z3q5na7109m2m"))))
+ (build-system trivial-build-system)
+ (native-inputs
+ `(("tar" ,tar)
+ ("xz" ,xz)))
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (let ((src (assoc-ref %build-inputs "source"))
+ (src-dir "tor-browser_en-US/Browser/fonts")
+ (fonts (string-append %output "/share/fonts"))
+ (tar (assoc-ref %build-inputs "tar"))
+ (xz (assoc-ref %build-inputs "xz")))
+ (mkdir-p fonts)
+ (format #t "Untaring torbrowser ball ...~%")
+ (invoke (string-append tar "/bin/tar") "-xf" src
+ "-C" fonts "--strip-components=3"
+ (string-append "--use-compress-program=" xz "/bin/xz")
+ src-dir)
+ #t))))
+ (home-page "https://github.com/googlei18n/noto-fonts")
+ (synopsis "Tor Browser bundled fonts")
+ (description "Free fonts bundled with Tor Browser. Includes a subset of Noto,
+Arimo, Cousine, Tinos and STIX fonts.")
+ (license license:silofl1.1)))
+
+(define tor-browser-build
+ (let ((commit (string-append "tbb-desktop-" %tbb-build-version
+ "-" %tbb-build)))
+ (package
+ (name "tor-browser-build")
+ (version %tbb-build-version)
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/builders/tor-browser-build.git")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1qwgghy79wx0w1yz132yyaln4g42s72133n6gbdf07rkf5n44izc"))))
+ (build-system trivial-build-system)
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (format #t "Copying build scripts ...~%")
+ (copy-recursively (string-append
+ (assoc-ref %build-inputs "source")
+ "/projects/tor-browser")
+ %output
+ #:log (%make-void-port "w")))))
+ (home-page "https://www.torproject.org")
+ (synopsis "Tor Browser build scripts")
+ (description "Tor Browser runtime scripts.")
+ (license (license:non-copyleft "file://LICENSE")))))
+
+(define tor-launcher
+ (package
+ (name "tor-launcher")
+ (version "0.2.28")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://archive.torproject.org/tor-package-archive/torbrowser/"
+ %tbb-build-version "/src-" name "-"
+ version ".tar.xz"))
+ (sha256
+ (base32
+ "0mbd1q46d8nqisn6n79sp6m29332ymb2pf13xzgq1ml7rfcy6jjy"))))
+ (build-system trivial-build-system)
+ (native-inputs
+ `(("tar" ,tar)
+ ("xz" ,xz)))
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (format #t "Extracting source ...~%")
+ (let ((src (assoc-ref %build-inputs "source"))
+ (tar (assoc-ref %build-inputs "tar"))
+ (xz (assoc-ref %build-inputs "xz")))
+ (mkdir-p %output)
+ (format #t "Extracting source ...~%")
+ (invoke (string-append tar "/bin/tar") "-xf" src
+ "-C" %output "--strip-components=1"
+ (string-append "--use-compress-program=" xz "/bin/xz"))))))
+ (home-page "https://www.torproject.org")
+ (synopsis "Tor Browser built-in controler extension")
+ (description "Browser extension that starts the tor process (which
+connects the browser and other applications to the Tor Network), and
+which helps people configure and use @code{tor}. The first window that
+you see when you start Tor Browser is displayed by this extension.")
+ (license (license:non-copyleft "file://src/LICENSE"))))
+
+(define https-everywhere-lib-wasm
+ (let ((commit "45b1622f1240659aca4762fa336aad1322d6d50f"))
+ (package
+ (name "https-everywhere-lib-wasm")
+ (version "2021.4.15")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/EFForg/https-everywhere-lib-wasm")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1lq62rzypdzmnnzvfns3ccvv1g7p7g9s8jx788zzigr3gnmkpffx"))))
+ (build-system trivial
This message was truncated. Download the full message here.
L
L
Ludovic Courtès wrote on 3 Jun 2021 22:43
Re: [bug#42380] Wow!
(name . André Batista)(address . nandre@riseup.net)
874keeu1aw.fsf@gnu.org
Hi,

André Batista <nandre@riseup.net> skribis:

Toggle quote (5 lines)
> Apart from noscript which Tor Browser itself does not build from source
> and https-everywhere which at the time I thought I'd be able to build
> from source but I got stuck on rust dependency nightmare and had to
> delay. Unfortunately, this issue still remains to be solved.

OK, not too bad.

Toggle quote (8 lines)
>> > My understanding is that the Tor people discourage anyone else from
>> > distributing builds of the Tor browser.
>
> That's also my understanding, however I do think that building from
> source is: 1. the very core of software freedom, despite the relevance
> other concerns such as diminishing anonymity set; 2. one of the main
> strenghts and what Guix strives for.

+1

Toggle quote (10 lines)
> In the mean time, I'll take this as an invitation to send a new patch
> version with the latest Tor Browser stable. I've made some minor
> improvements such as using tarballs from archive.torproject.org instead
> of {git|dist}.torproject.org.
>
> Since they are planning a new stable release in the next few days, I'll
> take the time to work on a reproducibility issue that have arised with
> the new zip routine to package extensions inside omni.ja which affected
> the timestamps, at least the way I did it.

Exciting, thank you!

Ludo’.
M
M
Maxime Devos wrote on 3 Jun 2021 23:07
Re: [bug#42380] [PATCH v5 9/9] gnu: Add torbrowser-unbundle.
a3611bc9dfe53af64c944de2a522b5d7bca2066c.camel@telenet.be
Some comments, maybe the have already been addressed previously:

Toggle quote (24 lines)
> +++ b/gnu/packages/patches/torbrowser-start-desktop.patch
> @@ -0,0 +1,22 @@
> +Change TorBrowser desktop file in order for it to be agnostic to the
> +path when invoked.
> +
> +--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop.orig 2020-07-05 18:47:40.689484877 -0300
> ++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop 2020-07-24 14:36:37.720579884 -0300
> +@@ -1,4 +1,4 @@
> +-#!/usr/bin/env ./Browser/execdesktop
> ++#!/usr/bin/env bash
> + #
> + # This file is a self-modifying .desktop file that can be run from the shell.
> + # It preserves arguments and environment for the start-tor-browser script.
> +@@ -28,7 +28,7 @@
> + GenericName=Web Browser
> + Comment=Tor Browser is +1 for privacy and −1 for mass surveillance
> + Categories=Network;WebBrowser;Security;
> +-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k
> +-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
> +-Icon=web-browser
> ++Exec=sh -c start-tor-browser
> ++X-TorBrowser-ExecShell=start-tor-browser --detach
> ++Icon=torbrowser

What's the reason for switching the icon from web-browser to torbrowser?
Also, the guixy way would be to simply replace "$(dirname "$*")/STUFF"
by /gnu/store/[...]/MORE-STUF/STUFF.

Otherwise, you're assuming "sh" is in the profile. It would also
be possible to replace "sh" with (string-append (assoc-ref inputs "bash") "/bin/sh")
I guess.

Toggle quote (35 lines)
> + StartupWMClass=Tor Browser
> diff --git a/gnu/packages/patches/torbrowser-start-script.patch b/gnu/packages/patches/torbrowser-start-script.patch
> new file mode 100644
> index 0000000000..b8c8d9a26a
> --- /dev/null
> +++ b/gnu/packages/patches/torbrowser-start-script.patch
> @@ -0,0 +1,181 @@
> +Change TorBrowser startup script in order for it to setup needed files
> +outside guix store. Remove tests which are not needed on guix system.
> +
> +--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.orig 2020-07-05 18:47:40.685485004 -0300
> ++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser 2020-07-23 18:13:32.426282743 -0300
> +@@ -5,6 +5,14 @@
> + #
> + # Copyright 2017 The Tor Project. See LICENSE for licensing information.
> +
> ++TBB_HOME="${HOME}/.local/share/torbrowser"
> ++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"
> ++TBB_DATA="${TBB_HOME}/Data"
> ++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"
> ++TBB_STORE_PATH=$(dirname $(realpath "$0"))
> ++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"
> ++TORRC="${TBB_DATA}/Tor/torrc-defaults"
> ++
> + complain_dialog_title="Tor Browser"
> +
> + # First, make sure DISPLAY is set. If it isn't, we're hosed; scream
> +@@ -134,8 +142,8 @@
> + ;;
> + -l | --log)
> + if [ -z "$2" -o "${2:0:1}" == "-" ]; then
> +- printf "Logging Tor Browser debug information to tor-browser.log\n"
> +- logfile="../tor-browser.log"
> ++ printf "Logging Tor Browser debug information to torbrowser.log\n"

Why rename tor-browser.log to torbrowser.log?

Toggle quote (17 lines)
> + [...]
> ++# Try to be agnostic to where we're being started from, check if files are on its
> ++# default paths and chdir to TBB_HOME
> ++if [ -e "${TORRC}" ]; then
> ++ cd "${TBB_HOME}"
> ++else
> ++ mkdir -p "${TBB_HOME}"
> ++ cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
> ++ chmod -R 700 "${TBB_HOME}"
> ++ mkdir -p "${TBB_PROFILE}"
> ++ echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\
> ++ > "${TBB_PROFILE}/user.js"
> ++ echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
> ++ >> "${TORRC}"
> ++ cd "${TBB_HOME}"
> + fi

"mkdir" and "cp" are from coreutils, which are not guaranteed to be in
the profile. I'd suggest:

(1) (preferred) use substitute* in a build phase to replace
'mkdir' and 'cp' & co with the absolute store path
(2) or add coreutils to propagated-inputs

Likewise for sed.

Toggle quote (10 lines)
> [...]
>
> + if [ "$register_desktop_app" -eq 1 ]; then
> + mkdir -p "$HOME/.local/share/applications/"
> +- cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
> ++ cp "${TBB_STORE_PATH}/start-tor-browser.desktop" "$HOME/.local/share/applications/"
> + update-desktop-database "$HOME/.local/share/applications/"
> + printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"
> + exit 0

Is this required on Guix and would it work well on Guix? Copying .desktop files around
seems counter to ‘Guix suppots transactional upgrades and roll-backs, [...]. [...]
reproducible operating systems’ and not very functional. Shouldn't
"guix install torbrowser-unbundle" be sufficient?

noscript seems an useful extension for IceCat as well.
Maybe move it to gnuzilla.scm? Maybe move https-everywhere
there as well? (Separate issue: https-everywhere seems to
be bundled in IceCat ...)

Toggle quote (25 lines)
> +(define https-everywhere-lib-wasm
> + (let ((commit "45b1622f1240659aca4762fa336aad1322d6d50f"))
> + (package
> + (name "https-everywhere-lib-wasm")
> + (version "2021.4.15")
> + (source
> + (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "https://github.com/EFForg/https-everywhere-lib-wasm")
> + (commit commit)))
> + (file-name (git-file-name name version))
> + (sha256
> + (base32
> + "1lq62rzypdzmnnzvfns3ccvv1g7p7g9s8jx788zzigr3gnmkpffx"))))
> + (build-system trivial-build-system)
> + (arguments
> + `(#:modules ((guix build utils))
> + #:builder (begin
> + (use-modules (guix build utils))
> + (format #t "Copying source ...~%")
> + (copy-recursively (assoc-ref %build-inputs "source")
> + %output
> + #:log (%make-void-port "w")))))

Why are you copying the source code to somewhere else?
This doesn't seem to accomplish anything. I would suggest
something like:

;; Source code of ‘HTTPS Everywhere WASM Library’,
;; licensed as license:lgpl2.1+, used in 'https-everywhere'
;; as an input.
(define https-everywhere-lib-wasm/source-code
(origin (method git-fetch) [...]))

Note that you can use 'origin' objects in 'inputs' and 'native-inputs'.


Toggle quote (8 lines)
> + (synopsis "Browser extension for protection against known attacks")
> + (description "Browser extension that protects users from a range of
> +known attacks on web browsing activity such as Cross-site scripting, clickjack and
> +makes possible for the users to block or choose on a per site basis which remote
> +javascript to run while browsing the web.")
> + (license license:gpl2+))))

The license file seems to tell something different: LGPL2.1+ instead of GPL2+:


Toggle quote (5 lines)
> [...]
> + (native-inputs
> + `(("https-everywhere" ,https-everywhere)
> + ("noscript" ,noscript)

noscript and https-everywhere seem more like 'inputs' than
'native-inputs' to me, but IIUC they are source-code only
and not compiled, so it doesn't really matter here I guess.

Toggle quote (22 lines)
> [...]
> + (add-after 'unpack 'make-bundle
> + (lambda* (#:key inputs native-inputs #:allow-other-keys)
> + (let ((tor-launcher (assoc-ref inputs "tor-launcher"))
> + (tor-launcher-dir "browser/extensions/tor-launcher")
> + (tbb (assoc-ref inputs "tor-browser-build"))
> + (tbb-scripts-dir "tbb-scripts"))
> +
> + (format #t "Copying tor-launcher ...~%")
> + (copy-recursively tor-launcher tor-launcher-dir
> + #:log (%make-void-port "w"))
> + (format #t "Copying tor-browser-build ...~%")
> + (mkdir tbb-scripts-dir)
> + (copy-recursively tbb tbb-scripts-dir
> + #:log (%make-void-port "w"))
> + (make-file-writable "browser/app/profile/000-tor-browser.js")
> + (make-file-writable (string-append tbb-scripts-dir
> + "/RelativeLink/start-tor-browser"))
> + (make-file-writable (string-append tbb-scripts-dir
> + "/RelativeLink/start-tor-browser.desktop")))
> + #t))

Returning #t at the end of a phase is not required anymore.
The warning will disappear when core-updates is merged.

Toggle quote (11 lines)
> + (replace 'configure
> + (lambda* (#:key inputs outputs configure-flags #:allow-other-keys)
> + (let* ((out (assoc-ref outputs "out"))
> + (bash (which "bash"))
> + (flags `(,(string-append "--prefix=" out)
> + ,@configure-flags)))
> + (setenv "SHELL" bash)
> + (setenv "AUTOCONF" (string-append
> + (assoc-ref %build-inputs "autoconf")
> + "/bin/autoconf"))

In build phases, use 'inputs' or 'native-inputs' instead of %build-inputs.
It's more explicit, maybe there are other reasons as well. (Here it should
be native-inputs I guess).


Toggle quote (4 lines)
> + (setenv "CONFIG_SHELL" bash)
> + (setenv "PYTHON" (string-append (assoc-ref inputs "python-2")
> + "/bin/python"))

This most likely should be (assoc-ref (or native-inputs inputs) "python-2")
instead of (assoc-ref inputs "python-2").

Toggle quote (1 lines)
> + (setenv "CC" "gcc") ; needed when Stylo is enabled
This most likely should be ,(cc-for-target) instead of "gcc".

(The native-inputs/inputs and "gcc" / (cc-for-target) distinction is important
when cross-compiling (though not all dependencies are cross-compilable currently,
so it's a bit moot for now.))

Toggle quote (2 lines)
> + (add-after 'install-extensions 'link-binaries
> + (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
You're not using 'native-inputs' in this build phase so you can remove it
from the arguments list.

Toggle quote (4 lines)
> + [...]
> + (add-after 'link-binaries 'copy-bundle-data
> + (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)

Likewise.

Toggle quote (10 lines)
> + (description
> + "Tor Browser is the Tor Project version of Firefox browser. It is the only
> +recommended way to anonymously browse the web that is supported by the project.
> +It modifies Firefox in order to avoid many know application level attacks on
> +the privacy of Tor users.
> +
> +WARNING: This is not the official Tor Browser and is currently on testing. Use
> +at your own risk and please report back on guix channels if you find any
> +issues.")

This seems unnecessarily scary. All packages in guix are ‘at your own risk’
and every new package is ‘in testing’ for a while, whatever that means.
What about

"Warning: this is not the official built of Tor Browser from upstream.
As such, the Guix version of Tor Browser may have small differences
that might allow a malicious actor to identify you as a Guix user."

?

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYLlEjBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7nbTAQCtfS2GBwWMN4bYziz4BboEExdi
p1c7n9tKrB6ItD5PLQEA7rNLntMttQ86O/TfEw+p/Lm8ebbvYWmT7UJMeq6Ivg0=
=3uc4
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 3 Jun 2021 23:07
ebd358912aa03bc2194e3f1b26bccf24a781f6b5.camel@telenet.be
Some comments, maybe the have already been addressed previously:

Toggle quote (24 lines)
> +++ b/gnu/packages/patches/torbrowser-start-desktop.patch
> @@ -0,0 +1,22 @@
> +Change TorBrowser desktop file in order for it to be agnostic to the
> +path when invoked.
> +
> +--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop.orig 2020-07-05 18:47:40.689484877 -0300
> ++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop 2020-07-24 14:36:37.720579884 -0300
> +@@ -1,4 +1,4 @@
> +-#!/usr/bin/env ./Browser/execdesktop
> ++#!/usr/bin/env bash
> + #
> + # This file is a self-modifying .desktop file that can be run from the shell.
> + # It preserves arguments and environment for the start-tor-browser script.
> +@@ -28,7 +28,7 @@
> + GenericName=Web Browser
> + Comment=Tor Browser is +1 for privacy and −1 for mass surveillance
> + Categories=Network;WebBrowser;Security;
> +-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k
> +-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
> +-Icon=web-browser
> ++Exec=sh -c start-tor-browser
> ++X-TorBrowser-ExecShell=start-tor-browser --detach
> ++Icon=torbrowser

What's the reason for switching the icon from web-browser to torbrowser?
Also, the guixy way would be to simply replace "$(dirname "$*")/STUFF"
by /gnu/store/[...]/MORE-STUF/STUFF.

Otherwise, you're assuming "sh" is in the profile. It would also
be possible to replace "sh" with (string-append (assoc-ref inputs "bash") "/bin/sh")
I guess.

Toggle quote (35 lines)
> + StartupWMClass=Tor Browser
> diff --git a/gnu/packages/patches/torbrowser-start-script.patch b/gnu/packages/patches/torbrowser-start-script.patch
> new file mode 100644
> index 0000000000..b8c8d9a26a
> --- /dev/null
> +++ b/gnu/packages/patches/torbrowser-start-script.patch
> @@ -0,0 +1,181 @@
> +Change TorBrowser startup script in order for it to setup needed files
> +outside guix store. Remove tests which are not needed on guix system.
> +
> +--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.orig 2020-07-05 18:47:40.685485004 -0300
> ++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser 2020-07-23 18:13:32.426282743 -0300
> +@@ -5,6 +5,14 @@
> + #
> + # Copyright 2017 The Tor Project. See LICENSE for licensing information.
> +
> ++TBB_HOME="${HOME}/.local/share/torbrowser"
> ++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"
> ++TBB_DATA="${TBB_HOME}/Data"
> ++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"
> ++TBB_STORE_PATH=$(dirname $(realpath "$0"))
> ++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"
> ++TORRC="${TBB_DATA}/Tor/torrc-defaults"
> ++
> + complain_dialog_title="Tor Browser"
> +
> + # First, make sure DISPLAY is set. If it isn't, we're hosed; scream
> +@@ -134,8 +142,8 @@
> + ;;
> + -l | --log)
> + if [ -z "$2" -o "${2:0:1}" == "-" ]; then
> +- printf "Logging Tor Browser debug information to tor-browser.log\n"
> +- logfile="../tor-browser.log"
> ++ printf "Logging Tor Browser debug information to torbrowser.log\n"

Why rename tor-browser.log to torbrowser.log?

Toggle quote (17 lines)
> + [...]
> ++# Try to be agnostic to where we're being started from, check if files are on its
> ++# default paths and chdir to TBB_HOME
> ++if [ -e "${TORRC}" ]; then
> ++ cd "${TBB_HOME}"
> ++else
> ++ mkdir -p "${TBB_HOME}"
> ++ cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
> ++ chmod -R 700 "${TBB_HOME}"
> ++ mkdir -p "${TBB_PROFILE}"
> ++ echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\
> ++ > "${TBB_PROFILE}/user.js"
> ++ echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
> ++ >> "${TORRC}"
> ++ cd "${TBB_HOME}"
> + fi

"mkdir" and "cp" are from coreutils, which are not guaranteed to be in
the profile. I'd suggest:

(1) (preferred) use substitute* in a build phase to replace
'mkdir' and 'cp' & co with the absolute store path
(2) or add coreutils to propagated-inputs

Likewise for sed.

Toggle quote (10 lines)
> [...]
>
> + if [ "$register_desktop_app" -eq 1 ]; then
> + mkdir -p "$HOME/.local/share/applications/"
> +- cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
> ++ cp "${TBB_STORE_PATH}/start-tor-browser.desktop" "$HOME/.local/share/applications/"
> + update-desktop-database "$HOME/.local/share/applications/"
> + printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"
> + exit 0

Is this required on Guix and would it work well on Guix? Copying .desktop files around
seems counter to ‘Guix suppots transactional upgrades and roll-backs, [...]. [...]
reproducible operating systems’ and not very functional. Shouldn't
"guix install torbrowser-unbundle" be sufficient?

noscript seems an useful extension for IceCat as well.
Maybe move it to gnuzilla.scm? Maybe move https-everywhere
there as well? (Separate issue: https-everywhere seems to
be bundled in IceCat ...)

Toggle quote (25 lines)
> +(define https-everywhere-lib-wasm
> + (let ((commit "45b1622f1240659aca4762fa336aad1322d6d50f"))
> + (package
> + (name "https-everywhere-lib-wasm")
> + (version "2021.4.15")
> + (source
> + (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "https://github.com/EFForg/https-everywhere-lib-wasm")
> + (commit commit)))
> + (file-name (git-file-name name version))
> + (sha256
> + (base32
> + "1lq62rzypdzmnnzvfns3ccvv1g7p7g9s8jx788zzigr3gnmkpffx"))))
> + (build-system trivial-build-system)
> + (arguments
> + `(#:modules ((guix build utils))
> + #:builder (begin
> + (use-modules (guix build utils))
> + (format #t "Copying source ...~%")
> + (copy-recursively (assoc-ref %build-inputs "source")
> + %output
> + #:log (%make-void-port "w")))))

Why are you copying the source code to somewhere else?
This doesn't seem to accomplish anything. I would suggest
something like:

;; Source code of ‘HTTPS Everywhere WASM Library’,
;; licensed as license:lgpl2.1+, used in 'https-everywhere'
;; as an input.
(define https-everywhere-lib-wasm/source-code
(origin (method git-fetch) [...]))

Note that you can use 'origin' objects in 'inputs' and 'native-inputs'.


Toggle quote (8 lines)
> + (synopsis "Browser extension for protection against known attacks")
> + (description "Browser extension that protects users from a range of
> +known attacks on web browsing activity such as Cross-site scripting, clickjack and
> +makes possible for the users to block or choose on a per site basis which remote
> +javascript to run while browsing the web.")
> + (license license:gpl2+))))

The license file seems to tell something different: LGPL2.1+ instead of GPL2+:


Toggle quote (5 lines)
> [...]
> + (native-inputs
> + `(("https-everywhere" ,https-everywhere)
> + ("noscript" ,noscript)

noscript and https-everywhere seem more like 'inputs' than
'native-inputs' to me, but IIUC they are source-code only
and not compiled, so it doesn't really matter here I guess.

Toggle quote (22 lines)
> [...]
> + (add-after 'unpack 'make-bundle
> + (lambda* (#:key inputs native-inputs #:allow-other-keys)
> + (let ((tor-launcher (assoc-ref inputs "tor-launcher"))
> + (tor-launcher-dir "browser/extensions/tor-launcher")
> + (tbb (assoc-ref inputs "tor-browser-build"))
> + (tbb-scripts-dir "tbb-scripts"))
> +
> + (format #t "Copying tor-launcher ...~%")
> + (copy-recursively tor-launcher tor-launcher-dir
> + #:log (%make-void-port "w"))
> + (format #t "Copying tor-browser-build ...~%")
> + (mkdir tbb-scripts-dir)
> + (copy-recursively tbb tbb-scripts-dir
> + #:log (%make-void-port "w"))
> + (make-file-writable "browser/app/profile/000-tor-browser.js")
> + (make-file-writable (string-append tbb-scripts-dir
> + "/RelativeLink/start-tor-browser"))
> + (make-file-writable (string-append tbb-scripts-dir
> + "/RelativeLink/start-tor-browser.desktop")))
> + #t))

Returning #t at the end of a phase is not required anymore.
The warning will disappear when core-updates is merged.

Toggle quote (11 lines)
> + (replace 'configure
> + (lambda* (#:key inputs outputs configure-flags #:allow-other-keys)
> + (let* ((out (assoc-ref outputs "out"))
> + (bash (which "bash"))
> + (flags `(,(string-append "--prefix=" out)
> + ,@configure-flags)))
> + (setenv "SHELL" bash)
> + (setenv "AUTOCONF" (string-append
> + (assoc-ref %build-inputs "autoconf")
> + "/bin/autoconf"))

In build phases, use 'inputs' or 'native-inputs' instead of %build-inputs.
It's more explicit, maybe there are other reasons as well. (Here it should
be native-inputs I guess).


Toggle quote (4 lines)
> + (setenv "CONFIG_SHELL" bash)
> + (setenv "PYTHON" (string-append (assoc-ref inputs "python-2")
> + "/bin/python"))

This most likely should be (assoc-ref (or native-inputs inputs) "python-2")
instead of (assoc-ref inputs "python-2").

Toggle quote (1 lines)
> + (setenv "CC" "gcc") ; needed when Stylo is enabled
This most likely should be ,(cc-for-target) instead of "gcc".

(The native-inputs/inputs and "gcc" / (cc-for-target) distinction is important
when cross-compiling (though not all dependencies are cross-compilable currently,
so it's a bit moot for now.))

Toggle quote (2 lines)
> + (add-after 'install-extensions 'link-binaries
> + (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
You're not using 'native-inputs' in this build phase so you can remove it
from the arguments list.

Toggle quote (4 lines)
> + [...]
> + (add-after 'link-binaries 'copy-bundle-data
> + (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)

Likewise.

Toggle quote (10 lines)
> + (description
> + "Tor Browser is the Tor Project version of Firefox browser. It is the only
> +recommended way to anonymously browse the web that is supported by the project.
> +It modifies Firefox in order to avoid many know application level attacks on
> +the privacy of Tor users.
> +
> +WARNING: This is not the official Tor Browser and is currently on testing. Use
> +at your own risk and please report back on guix channels if you find any
> +issues.")

This seems unnecessarily scary. All packages in guix are ‘at your own risk’
and every new package is ‘in testing’ for a while, whatever that means.
What about

"Warning: this is not the official built of Tor Browser from upstream.
As such, the Guix version of Tor Browser may have small differences
that might allow a malicious actor to identify you as a Guix user."

?

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYLlEjRccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7rahAP95zsFdn7ynYLFREsPlHz5Ek7X9
gbKPWsJJu3LI4gs/pwEAjG14OWE9tujVF69MJrFTW1uPdoMY8Zxuj3s4bYEUPA4=
=hvTf
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 10 Jul 2021 05:10
(name . Maxime Devos)(address . maximedevos@telenet.be)(address . 42380@debbugs.gnu.org)
YOkPlxiRiQT9iQY9@andel
Attachment: file
-----BEGIN PGP SIGNATURE-----

iQG5BAABCgAjFiEEXo3OJhMk/jL9rLM1Nj97Uq5OMvYFAmDpD5MFgwPCZwAACgkQ
Nj97Uq5OMvbDUQv+OtXE8vKwy10OUDXJIy0swIytBqOELyfN57EGE4+RtEZslnzT
VUoPgtjZ8CydSSZTG18K9fkPDRarzya7PrDoLG22s4QjQe0Uk8hk8X/GSn0PAgi1
go9tZV3nSrZA8bpmq20JxzQ9lVNw6kpWwhkogz5djJR8qXppB+sY9R3ZxKQI9VTX
hakSIWb1dtK4qZoBVD9QRK00/96VxioqQ9ZigHNFMlne9A1efyrUTmNfjpZ7aN4j
rpbjZ3NqBXy81ZN+K1rVAvC3kZkW+zY+icpwRFJLRXX8YjagKjTLUbZle1dXmD8X
m1hbt60fSAEtakzQbZQTrTT7d52cNDb78W10UfU/+d9UZZcmiU3YSxnZitRZouFG
WeBMwKejbfmICtpTAGZ78bPQPO10PnWKxeE5KCo67BefjRefQG39Y+7sp8o0fdmb
m5p88Oa/wwy44IvNU5IhC07BcbP20dNOlne5VXXyexV1p9N5N9T47si9uKd95KJ+
Oics4T/Zxs3zRUro
=Dg+w
-----END PGP SIGNATURE-----


?