[WIP] gnu: Add torbrowser-unbundle.

+++ b/gnu/packages/golang.scm

+

+(define-public go-torproject-org-ptlib

+ (package

+ (name "go-torproject-org-ptlib")

+ (version "1.1.0")

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://git.torproject.org/pluggable-transports/goptlib.git")

+ (commit (string-append "v" version))))

+ (file-name (git-file-name name version))

+ (sha256

+ (base32

+ "1lh938194hvkf8pqgnxwf6hvjv9rv0j3kasi07r2ckrj8sxzk4jc"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:import-path "git.torproject.org/pluggable-transports/goptlib.git"))

+ (home-page "https://git.torproject.org/pluggable-transports/goptlib.git")

+ (synopsis "Go library for Tor Pluggable Transports")

+ (description "Library for writing Tor Pluggable Transports in Go. Pluggable

+Transports are a means of connecting to the Tor Network from places where it

+is censored.")

+ (license license:cc0)))

+++ b/gnu/packages/golang.scm

+

+(define-public go-github-com-agl-ed25519

+ (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")

+ (revision "0"))

+ (package

+ (name "go-github-com-agl-ed25519")

+ (version (git-version "0.0.0" revision commit))

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://github.com/agl/ed25519")

+ (commit commit)))

+ (file-name (string-append name "-" version "-checkout"))

+ (sha256

+ (base32

+ "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:import-path "github.com/agl/ed25519"

+ #:phases

+ (modify-phases %standard-phases

+ (add-before 'reset-gzip-timestamps 'make-files-writable

+ (lambda* (#:key outputs #:allow-other-keys)

+ (let ((out (assoc-ref outputs "out")))

+ (for-each (lambda (file) (chmod file #o644))

+ (find-files out "\\.gz"))

+ #t))))))

+ (home-page "https://github.com/agl/ed25519")

+ (synopsis "Go library for ed25519 public-key signatures")

+ (description "This library is a Go implementation of ed25519 public-key

+signature system which was designed to be faster than previous digital signature

+systems without sacrificing security. It is currently used in the

+implementation of obfs4 and should be not be used on newer projects since it

+is unmaintained. Newer software should use x-crypto instead.")

+ ;; License file is referred but it is missing. Probably because the

+ ;; author decided to discontinue the project.

+ (license (license:non-copyleft "file://ed25519.go")))))

+++ b/gnu/packages/golang.scm

+

+(define-public go-github-com-dchest-siphash

+ (let ((commit "34f201214d993633bb24f418ba11736ab8b55aa7")

+ (revision "0"))

+ (package

+ (name "go-github-com-dchest-siphash")

+ (version (git-version "0.0.0" revision commit))

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://github.com/dchest/siphash")

+ (commit commit)))

+ (file-name (string-append name "-" version "-checkout"))

+ (sha256

+ (base32

+ "08s076y7vmjqnq7jz0762hkm896r6r31v8b31a3gy0n8rfa01k8k"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:import-path "github.com/dchest/siphash"))

+ (home-page "https://github.com/dchest/siphash")

+ (synopsis "Go library for siphash")

+ (description "Go implementation of SipHash-2-4, a fast short-input

+Pseudo Random Function which is suitable for usage in message authentication

+codes and was based on the design created by Jean-Philippe Aumasson and Daniel

+J. Bernstein. ")

+ (license license:cc0))))

+++ b/gnu/packages/golang.scm

+

+(define-public go-github-com-dchest-uniuri

+ (let ((commit "8902c56451e9b58ff940bbe5fec35d5f9c04584a")

+ (revision "0"))

+ (package

+ (name "go-github-com-dchest-uniuri")

+ (version (git-version "0.0.0" revision commit))

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://github.com/dchest/uniuri")

+ (commit commit)))

+ (file-name (string-append name "-" version "-checkout"))

+ (sha256

+ (base32

+ "1x5bsbm1nlphsv96zd0rbclfaa1swpz5bp14x7s5dbxp0awk2gd4"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:import-path "github.com/dchest/uniuri"))

+ (home-page "https://github.com/dchest/uniuri")

+ (synopsis "Go library for random URIs")

+ (description "Package uniuri generates random strings good for use in

+Universal Resource Identifiers to uniquely identify objects.")

+ (license license:cc0))))

+++ b/gnu/packages/golang.scm

+

+(define-public go-github-com-dsnet-compress

+ (let ((commit "cc9eb1d7ad760af14e8f918698f745e80377af4f")

+ (revision "0"))

+ (package

+ (name "go-github-com-dsnet-compress")

+ (version (git-version "0.0.0" revision commit))

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://github.com/dsnet/compress")

+ (commit commit)))

+ (file-name (string-append name "-" version "-checkout"))

+ (sha256

+ (base32

+ "159liclywmyb6zx88ga5gn42hfl4cpk1660zss87fkx31hdq9fgx"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:import-path "github.com/dsnet/compress"))

+ (home-page "https://github.com/dsnet/compress")

+ (synopsis "Go library for extended compression")

+ (description "This is a collection of compression related libraries.

+The goal of this project is to provide pure Go implementations for popular

+compression algorithms bey ond what the Go standard library provides.")

+ (license (license:non-copyleft "file://LICENSE.md")))))

+++ b/gnu/packages/golang.scm

+

+(define-public go-schwanenlied-me-yawning-bsaes

+ (let ((commit "26d1add596b6d800bdeeb3bc3b2c7b316c056b6d")

+ (revision "0"))

+ (package

+ (name "go-schwanenlied-me-yawning-bsaes")

+ (version (git-version "0.0.0" revision commit))

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://git.schwanenlied.me/yawning/bsaes.git")

+ (commit commit)))

+ (file-name (string-append name "-" version "-checkout"))

+ (sha256

+ (base32

+ "0h4dsyw54n9rcwprqy93wv2v1gcvlq1vfqdp1g7wxdkq457rhvys"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:import-path "git.schwanenlied.me/yawning/bsaes.git"))

+ (home-page "https://git.schwanenlied.me/yawning/bsaes.git")

+ (synopsis "Go AES library")

+ (description "Portable pure-Go constant time Advanced Encryption

+Standard (AES) for eletronic data encryption. This implementation if

+based on code from [BearSSL](https://bearssl.org/). On AMD64 systems

+with hardware support for AES New Instructions (AES-NI) and a

+sufficiently recent Go runtime, it will transparently call crypto/aes

+when NewCipher is invoked.")

+ (license (license:non-copyleft "file://LICENSE.txt")))))

+++ b/gnu/packages/golang.scm

+;;; Copyright © 2020 André Batista <nandre@riseup.net>

+

+(define-public go-gitlab-com-yawning-utls

+ (package

+ (name "go-gitlab-com-yawning-utls")

+ (version "0.0.10-1")

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://gitlab.com/yawning/utls.git")

+ (commit (string-append "v" version))))

+ (file-name (git-file-name name version))

+ (sha256

+ (base32

+ "15c46s56r45n22rmq9spnczydnkqrnxff28h5mpnk5yvcqif3lgb"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:tests? #f ;; Tries to connect and fails.

+ #:import-path "gitlab.com/yawning/utls.git"))

+ (propagated-inputs

+ `(("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)

+ ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)

+ ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)))

+ (home-page "https://gitlab.com/yawning/utls.git")

+ (synopsis "Go library for uTLS")

+ (description "This library is a fork of the main Transport Layer Security

+protocol in Go (crypto/tls) which provides ClientHello fingerprinting resistance,

+low level access to handshakes and fake session tickets among other features.

+This fork was made for the specific purpose of improving obfs4proxy's meek_lite

+transport protocol.")

+ (license license:gpl3+)))

+++ b/gnu/packages/golang.scm

+

+(define-public go-github-com-agl-ed25519

+ (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")

+ (revision "0"))

+ (package

+ (name "go-github-com-agl-ed25519")

+ (version (git-version "0.0.0" revision commit))

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://github.com/agl/ed25519")

+ (commit commit)))

+ (file-name (string-append name "-" version "-checkout"))

+ (sha256

+ (base32

+ "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:import-path "github.com/agl/ed25519"

+ #:phases

+ (modify-phases %standard-phases

+ (add-before 'reset-gzip-timestamps 'make-files-writable

+ (lambda* (#:key outputs #:allow-other-keys)

+ (let ((out (assoc-ref outputs "out")))

+ (for-each (lambda (file) (chmod file #o644))

+ (find-files out "\\.gz"))

+ #t))))))

+ (home-page "https://github.com/agl/ed25519")

+ (synopsis "Go library for ed25519 public-key signatures")

+ (description "This library is a Go implementation of ed25519 public-key

+signature system which was designed to be faster than previous digital signature

+systems without sacrificing security. It is currently used in the

+implementation of obfs4 and should be not be used on newer projects since it

+is unmaintained. Newer software should use x-crypto instead.")

+ ;; License file is referred but it is missing. Probably because the

+ ;; author decided to discontinue the project.

+ (license (license:non-copyleft "file://ed25519.go")))))

+++ b/gnu/packages/golang.scm

+;;; Copyright © 2021 André Batista <nandre@riseup.net>

+

+(define-public go-torproject-org-ptlib

+ (package

+ (name "go-torproject-org-ptlib")

+ (version "1.1.0")

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://git.torproject.org/pluggable-transports/goptlib.git")

+ (commit (string-append "v" version))))

+ (file-name (git-file-name name version))

+ (sha256

+ (base32

+ "1lh938194hvkf8pqgnxwf6hvjv9rv0j3kasi07r2ckrj8sxzk4jc"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:import-path "git.torproject.org/pluggable-transports/goptlib.git"))

+ (home-page "https://git.torproject.org/pluggable-transports/goptlib.git")

+ (synopsis "Go library for Tor Pluggable Transports")

+ (description "Library for writing Tor Pluggable Transports in Go. Pluggable

+Transports are a means of connecting to the Tor Network from places where it

+is censored.")

+ (license license:cc0)))

+++ b/gnu/packages/golang.scm

+

+(define-public go-github-com-agl-ed25519

+ (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")

+ (revision "0"))

+ (package

+ (name "go-github-com-agl-ed25519")

+ (version (git-version "0.0.0" revision commit))

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://github.com/agl/ed25519")

+ (commit commit)))

+ (file-name (string-append name "-" version "-checkout"))

+ (sha256

+ (base32

+ "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:import-path "github.com/agl/ed25519"

+ #:phases

+ (modify-phases %standard-phases

+ (add-before 'reset-gzip-timestamps 'make-files-writable

+ (lambda* (#:key outputs #:allow-other-keys)

+ (let ((out (assoc-ref outputs "out")))

+ (for-each (lambda (file) (chmod file #o644))

+ (find-files out "\\.gz"))

+ #t))))))

+ (home-page "https://github.com/agl/ed25519")

+ (synopsis "Go library for ed25519 public-key signatures")

+ (description "This library is a Go implementation of ed25519 public-key

+signature system which was designed to be faster than previous digital signature

+systems without sacrificing security. It is currently used in the

+implementation of obfs4 and should be not be used on newer projects since it

+is unmaintained. Newer software should use x-crypto instead.")

+ ;; License file is referred but it is missing. Probably because the

+ ;; author decided to discontinue the project.

+ (license (license:non-copyleft "file://ed25519.go")))))

+++ b/gnu/packages/golang.scm

+

+(define-public go-github-com-dchest-siphash

+ (let ((commit "34f201214d993633bb24f418ba11736ab8b55aa7")

+ (revision "0"))

+ (package

+ (name "go-github-com-dchest-siphash")

+ (version (git-version "0.0.0" revision commit))

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://github.com/dchest/siphash")

+ (commit commit)))

+ (file-name (string-append name "-" version "-checkout"))

+ (sha256

+ (base32

+ "08s076y7vmjqnq7jz0762hkm896r6r31v8b31a3gy0n8rfa01k8k"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:import-path "github.com/dchest/siphash"))

+ (home-page "https://github.com/dchest/siphash")

+ (synopsis "Go library for siphash")

+ (description "Go implementation of SipHash-2-4, a fast short-input

+Pseudo Random Function which is suitable for usage in message authentication

+codes and was based on the design created by Jean-Philippe Aumasson and Daniel

+J. Bernstein. ")

+ (license license:cc0))))

+++ b/gnu/packages/golang.scm

+

+(define-public go-github-com-dchest-uniuri

+ (let ((commit "8902c56451e9b58ff940bbe5fec35d5f9c04584a")

+ (revision "0"))

+ (package

+ (name "go-github-com-dchest-uniuri")

+ (version (git-version "0.0.0" revision commit))

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://github.com/dchest/uniuri")

+ (commit commit)))

+ (file-name (string-append name "-" version "-checkout"))

+ (sha256

+ (base32

+ "1x5bsbm1nlphsv96zd0rbclfaa1swpz5bp14x7s5dbxp0awk2gd4"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:import-path "github.com/dchest/uniuri"))

+ (home-page "https://github.com/dchest/uniuri")

+ (synopsis "Go library for random URIs")

+ (description "Package uniuri generates random strings good for use in

+Universal Resource Identifiers to uniquely identify objects.")

+ (license license:cc0))))

+++ b/gnu/packages/golang.scm

+

+(define-public go-github-com-dsnet-compress

+ (let ((commit "cc9eb1d7ad760af14e8f918698f745e80377af4f")

+ (revision "0"))

+ (package

+ (name "go-github-com-dsnet-compress")

+ (version (git-version "0.0.0" revision commit))

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://github.com/dsnet/compress")

+ (commit commit)))

+ (file-name (string-append name "-" version "-checkout"))

+ (sha256

+ (base32

+ "159liclywmyb6zx88ga5gn42hfl4cpk1660zss87fkx31hdq9fgx"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:import-path "github.com/dsnet/compress"))

+ (home-page "https://github.com/dsnet/compress")

+ (synopsis "Go library for extended compression")

+ (description "This is a collection of compression related libraries.

+The goal of this project is to provide pure Go implementations for popular

+compression algorithms bey ond what the Go standard library provides.")

+ (license (license:non-copyleft "file://LICENSE.md")))))

+++ b/gnu/packages/golang.scm

+

+(define-public go-schwanenlied-me-yawning-bsaes

+ (let ((commit "26d1add596b6d800bdeeb3bc3b2c7b316c056b6d")

+ (revision "0"))

+ (package

+ (name "go-schwanenlied-me-yawning-bsaes")

+ (version (git-version "0.0.0" revision commit))

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://git.schwanenlied.me/yawning/bsaes.git")

+ (commit commit)))

+ (file-name (string-append name "-" version "-checkout"))

+ (sha256

+ (base32

+ "0h4dsyw54n9rcwprqy93wv2v1gcvlq1vfqdp1g7wxdkq457rhvys"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:import-path "git.schwanenlied.me/yawning/bsaes.git"))

+ (home-page "https://git.schwanenlied.me/yawning/bsaes.git")

+ (synopsis "Go AES library")

+ (description "Portable pure-Go constant time Advanced Encryption

+Standard (AES) for eletronic data encryption. This implementation if

+based on code from [BearSSL](https://bearssl.org/). On AMD64 systems

+with hardware support for AES New Instructions (AES-NI) and a

+sufficiently recent Go runtime, it will transparently call crypto/aes

+when NewCipher is invoked.")

+ (license (license:non-copyleft "file://LICENSE.txt")))))

+++ b/gnu/packages/golang.scm

+

+(define-public go-gitlab-com-yawning-utls

+ (package

+ (name "go-gitlab-com-yawning-utls")

+ (version "0.0.10-1")

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://gitlab.com/yawning/utls.git")

+ (commit (string-append "v" version))))

+ (file-name (git-file-name name version))

+ (sha256

+ (base32

+ "15c46s56r45n22rmq9spnczydnkqrnxff28h5mpnk5yvcqif3lgb"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:tests? #f ;; Tries to connect and fails.

+ #:import-path "gitlab.com/yawning/utls.git"))

+ (propagated-inputs

+ `(("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)

+ ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)

+ ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)))

+ (home-page "https://gitlab.com/yawning/utls.git")

+ (synopsis "Go library for uTLS")

+ (description "This library is a fork of the main Transport Layer Security

+protocol in Go (crypto/tls) which provides ClientHello fingerprinting resistance,

+low level access to handshakes and fake session tickets among other features.

+This fork was made for the specific purpose of improving obfs4proxy's meek_lite

+transport protocol.")

+ (license license:gpl3+)))

+++ b/gnu/packages/tor.scm

+;;; Copyright © 2020, 2021 André Batista <nandre@riseup.net>

+ #:use-module (guix build-system go)

+ #:use-module (gnu packages autotools)

+ #:use-module (gnu packages golang)

+ #:use-module (gnu packages libevent)

+ #:use-module (gnu packages linux)

+

+(define-public obfs4

+ (package

+ (name "obfs4")

+ (version "0.0.11")

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://git.torproject.org/pluggable-transports/obfs4.git")

+ (commit (string-append "obfs4proxy-" version))))

+ (file-name (git-file-name name version))

+ (sha256

+ (base32

+ "1y2kjwrk64l1h8b87m4iqsanib5rn68gzkdri1vd132qrlypycjn"))))

+ (build-system go-build-system)

+ (arguments

+ '(#:import-path "git.torproject.org/pluggable-transports/obfs4.git"

+ #:tests? #f ;; No test files

+ #:phases

+ (modify-phases %standard-phases

+ (replace 'build

+ (lambda* (#:key outputs configure-flags #:allow-other-keys)

+ (let ((out (assoc-ref outputs "out")))

+ (copy-recursively

+ "src/git.torproject.org/pluggable-transports/obfs4.git"

+ "src/gitlab.com/yawning/obfs4.git"

+ #:log (%make-void-port "w"))

+ (with-directory-excursion

+ "src/git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy"

+ (invoke "go" "build" "-ldflags" "-s"))

+ #t)))

+ (replace 'install

+ (lambda* (#:key outputs #:allow-other-keys)

+ (let* ((out (assoc-ref outputs "out"))

+ (src "src/git.torproject.org/pluggable-transports/obfs4.git")

+ (bin (string-append out "/bin"))

+ (share (string-append out "/share"))

+ (doc (string-append share "/doc"))

+ (man (string-append share "/man/man1")))

+ (mkdir-p man)

+ (mkdir bin)

+ (mkdir doc)

+ (with-directory-excursion

+ (string-append src "/obfs4proxy")

+ (copy-file "obfs4proxy"

+ (string-append bin "/obfs4proxy")))

+ (with-directory-excursion

+ (string-append src "/doc")

+ (copy-file "obfs4proxy.1"

+ (string-append man "/obfs4proxy.1"))

+ (copy-file "obfs4-spec.txt"

+ (string-append doc "/obfs4-spec.txt")))

+ #t))))))

+ (propagated-inputs

+ `(("go-torproject-org-ptlib" ,go-torproject-org-ptlib)

+ ("go-github-com-agl-ed25519" ,go-github-com-agl-ed25519)

+ ("go-github-com-dchest-siphash" ,go-github-com-dchest-siphash)

+ ("go-github-com-dchest-uniuri" ,go-github-com-dchest-uniuri)

+ ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)

+ ("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)

+ ("go-gitlab-com-yawning-utls" ,go-gitlab-com-yawning-utls)

+ ("go-golang-org-x-net" ,go-golang-org-x-net)

+ ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)

+ ("go-golang-org-x-text" ,go-golang-org-x-text)))

+ (home-page "https://git.torproject.org/pluggable-transports/obfs4.git")

+ (synopsis "Obfs4 implements an obfuscation protocol")

+ (description "This is a look-like nothing obfuscation protocol that

+incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.

+The obfs naming was chosen primarily because it was shorter, in terms of

+protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")

+ (license license:gpl3+)))

+++ b/gnu/local.mk

+# Copyright © 2021 André Batista <nandre@riseup.net>

+ %D%/packages/patches/torbrowser-start-desktop.patch \

+ %D%/packages/patches/torbrowser-start-script.patch \

+++ b/gnu/packages/patches/torbrowser-start-desktop.patch

+Change TorBrowser desktop file in order for it to be agnostic to the

+path when invoked.

+

+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop.orig 2020-07-05 18:47:40.689484877 -0300

++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop 2020-07-24 14:36:37.720579884 -0300

+@@ -1,4 +1,4 @@

+-#!/usr/bin/env ./Browser/execdesktop

++#!/usr/bin/env bash

+ #

+ # This file is a self-modifying .desktop file that can be run from the shell.

+ # It preserves arguments and environment for the start-tor-browser script.

+@@ -28,7 +28,7 @@

+ GenericName=Web Browser

+ Comment=Tor Browser is +1 for privacy and −1 for mass surveillance

+ Categories=Network;WebBrowser;Security;

+-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k

+-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach

+-Icon=web-browser

++Exec=sh -c start-tor-browser

++X-TorBrowser-ExecShell=start-tor-browser --detach

++Icon=torbrowser

+ StartupWMClass=Tor Browser

+++ b/gnu/packages/patches/torbrowser-start-script.patch

+Change TorBrowser startup script in order for it to setup needed files

+outside guix store. Remove tests which are not needed on guix system.

+

+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.orig 2020-07-05 18:47:40.685485004 -0300

++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser 2020-07-23 18:13:32.426282743 -0300

+@@ -5,6 +5,14 @@

+ #

+ # Copyright 2017 The Tor Project. See LICENSE for licensing information.

+

++TBB_HOME="${HOME}/.local/share/torbrowser"

++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"

++TBB_DATA="${TBB_HOME}/Data"

++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"

++TBB_STORE_PATH=$(dirname $(realpath "$0"))

++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"

++TORRC="${TBB_DATA}/Tor/torrc-defaults"

++

+ complain_dialog_title="Tor Browser"

+

+ # First, make sure DISPLAY is set. If it isn't, we're hosed; scream

+@@ -134,8 +142,8 @@

+ ;;

+ -l | --log)

+ if [ -z "$2" -o "${2:0:1}" == "-" ]; then

+- printf "Logging Tor Browser debug information to tor-browser.log\n"

+- logfile="../tor-browser.log"

++ printf "Logging Tor Browser debug information to torbrowser.log\n"

++ logfile="${TBB_LOGFILE}"

+ elif [ "${2:0:1}" == "/" -o "${2:0:1}" == "~" ]; then

+ printf "Logging Tor Browser debug information to %s\n" "$2"

+ logfile="$2"

+@@ -187,41 +195,22 @@

+ export XAUTHORITY

+ fi

+

+-# If this script is being run through a symlink, we need to know where

+-# in the filesystem the script itself is, not where the symlink is.

+-myname="$0"

+-if [ -L "$myname" ]; then

+- # XXX readlink is not POSIX, but is present in GNU coreutils

+- # and on FreeBSD. Unfortunately, the -f option (which follows

+- # a whole chain of symlinks until it reaches a non-symlink

+- # path name) is a GNUism, so we have to have a fallback for

+- # FreeBSD. Fortunately, FreeBSD has realpath instead;

+- # unfortunately, that's also non-POSIX and is not present in

+- # GNU coreutils.

+- #

+- # If this launcher were a C program, we could just use the

+- # realpath function, which *is* POSIX. Too bad POSIX didn't

+- # make that function accessible to shell scripts.

+-

+- # If realpath is available, use it; it Does The Right Thing.

+- possibly_my_real_name="`realpath "$myname" 2>/dev/null`"

+- if [ "$?" -eq 0 ]; then

+- myname="$possibly_my_real_name"

+- else

+- # realpath is not available; hopefully readlink -f works.

+- myname="`readlink -f "$myname" 2>/dev/null`"

+- if [ "$?" -ne 0 ]; then

+- # Ugh.

+- complain "start-tor-browser cannot be run using a symlink on this operating system."

+- fi

+- fi

++# Try to be agnostic to where we're being started from, check if files are on its

++# default paths and chdir to TBB_HOME

++if [ -e "${TORRC}" ]; then

++ cd "${TBB_HOME}"

++else

++ mkdir -p "${TBB_HOME}"

++ cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"

++ chmod -R 700 "${TBB_HOME}"

++ mkdir -p "${TBB_PROFILE}"

++ echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\

++ > "${TBB_PROFILE}/user.js"

++ echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\

++ >> "${TORRC}"

++ cd "${TBB_HOME}"

+ fi

+

+-# Try to be agnostic to where we're being started from, chdir to where

+-# the script is.

+-mydir="`dirname "$myname"`"

+-test -d "$mydir" && cd "$mydir"

+-

+ # If ${PWD} results in a zero length string, we can try something else...

+ if [ ! "${PWD}" ]; then

+ # "hacking around some braindamage"

+@@ -236,16 +225,9 @@

+ ln -nsf ~/.config/ibus/bus .config/ibus

+ fi

+

+-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from the

+-# canonical version if it was changed by the updater.

+-cp start-tor-browser.desktop ../

+-sed -i -e "s,^Name=.*,Name=Tor Browser,g" ../start-tor-browser.desktop

+-sed -i -e "s,^Icon=.*,Icon=$PWD/browser/chrome/icons/default/default128.png,g" ../start-tor-browser.desktop

+-sed -i -e "s,^Exec=.*,Exec=sh -c '\"$PWD/start-tor-browser\" --detach || ([ ! -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Browser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop

+-

+ if [ "$register_desktop_app" -eq 1 ]; then

+ mkdir -p "$HOME/.local/share/applications/"

+- cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"

++ cp "${TBB_STORE_PATH}/start-tor-browser.desktop" "$HOME/.local/share/applications/"

+ update-desktop-database "$HOME/.local/share/applications/"

+ printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"

+ exit 0

+@@ -265,21 +247,6 @@

+ HOME="${PWD}"

+ export HOME

+

+-SYSARCHITECTURE=$(getconf LONG_BIT)

+-TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')

+-

+-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then

+- complain "Wrong architecture? 32-bit vs. 64-bit."

+- exit 1

+-fi

+-

+-[% IF c("var/asan") -%]

+-# We need to disable LSan which is enabled by default now. Otherwise we'll get

+-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59

+-ASAN_OPTIONS="detect_leaks=0"

+-export ASAN_OPTIONS

+-[% END -%]

+-

+ function setControlPortPasswd() {

+ local ctrlPasswd=$1

+

+@@ -342,13 +309,15 @@

+ # your password in the following line where the word “secret” is:

+ setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'}

+

+-# Set up custom bundled fonts. See fonts-conf(5).

+-export FONTCONFIG_PATH="${HOME}/TorBrowser/Data/fontconfig"

+-export FONTCONFIG_FILE="fonts.conf"

+-

+ # Avoid overwriting user's dconf values. Fixes #27903.

+ export GSETTINGS_BACKEND=memory

+

++# Set up custom bundled fonts. See fonts-conf(5).

++export FONTCONFIG_FILE="${HOME}/Data/fontconfig/fonts.conf"

++

++sed -i "${FONTCONFIG_FILE}"\

++ -e "s,<dir>fonts</dir>,<dir>${TBB_STORE_PATH}/fonts</dir>,"

++

+ cd "${HOME}"

+

+ # We pass all additional command-line arguments we get to Firefox.

+@@ -357,23 +326,23 @@

+

+ if [ "$show_usage" -eq 1 ]; then

+ # Display Firefox help, then our help

+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \

+- -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/null

++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \

++ -profile Data/Browser/profile.default --help 2>/dev/null

+ tbb_usage

+ elif [ "$detach" -eq 1 ] ; then

+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \

+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &

++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \

++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &

+ disown "$!"

+ elif [ "$log_output" -eq 1 -a "$show_output" -eq 1 ]; then

+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \

+- -profile TorBrowser/Data/Browser/profile.default "${@}" 2>&1 </dev/null | \

++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \

++ -profile Data/Browser/profile.default "${@}" 2>&1 </dev/null | \

+ tee "$logfile"

+ elif [ "$show_output" -eq 1 ]; then

+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \

+- -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null

++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \

++ -profile Data/Browser/profile.default "${@}" < /dev/null

+ else

+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \

+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null

++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \

++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null

+ fi

+

+ exit $?

+++ b/gnu/packages/tor.scm

+

+;; torbrowser and tor-browser-builder build versions are not always in sync

+(define %torbrowser-version "78.11.0esr-10.0-1")

+(define %tbb-build-version "10.0.17")

+(define %torbrowser-build "build1")

+(define %tbb-build "build1")

+(define %torbrowser-build-id "20210602000000");must be of the form YYYYMMDDhhmmss

+

+;; Fonts for Tor Browser. Avoid downloading 4Gb+ git repo on

+;; https://github.com/googlei18n/noto-fonts.git to use just a handful.

+;; Use the fonts on Tor Browser release tarball.

+(define torbrowser-fonts

+ (package

+ (name "torbrowser-fonts")

+ (version %tbb-build-version)

+ (source

+ (origin

+ (method url-fetch)

+ (uri (string-append "https://archive.torproject.org/tor-package-archive/torbrowser/"

+ version "/tor-browser-linux64-"

+ version "_en-US.tar.xz"))

+ (sha256

+ (base32

+ "13x38n1cvqmxjz0jf2fda8lx2k25szzmg7gvv08z3q5na7109m2m"))))

+ (build-system trivial-build-system)

+ (native-inputs

+ `(("tar" ,tar)

+ ("xz" ,xz)))

+ (arguments

+ `(#:modules ((guix build utils))

+ #:builder (begin

+ (use-modules (guix build utils))

+ (let ((src (assoc-ref %build-inputs "source"))

+ (src-dir "tor-browser_en-US/Browser/fonts")

+ (fonts (string-append %output "/share/fonts"))

+ (tar (assoc-ref %build-inputs "tar"))

+ (xz (assoc-ref %build-inputs "xz")))

+ (mkdir-p fonts)

+ (format #t "Untaring torbrowser ball ...~%")

+ (invoke (string-append tar "/bin/tar") "-xf" src

+ "-C" fonts "--strip-components=3"

+ (string-append "--use-compress-program=" xz "/bin/xz")

+ src-dir)

+ #t))))

+ (home-page "https://github.com/googlei18n/noto-fonts")

+ (synopsis "Tor Browser bundled fonts")

+ (description "Free fonts bundled with Tor Browser. Includes a subset of Noto,

+Arimo, Cousine, Tinos and STIX fonts.")

+ (license license:silofl1.1)))

+

+(define tor-browser-build

+ (let ((commit (string-append "tbb-desktop-" %tbb-build-version

+ "-" %tbb-build)))

+ (package

+ (name "tor-browser-build")

+ (version %tbb-build-version)

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://git.torproject.org/builders/tor-browser-build.git")

+ (commit commit)))

+ (file-name (git-file-name name version))

+ (sha256

+ (base32

+ "1qwgghy79wx0w1yz132yyaln4g42s72133n6gbdf07rkf5n44izc"))))

+ (build-system trivial-build-system)

+ (arguments

+ `(#:modules ((guix build utils))

+ #:builder (begin

+ (use-modules (guix build utils))

+ (format #t "Copying build scripts ...~%")

+ (copy-recursively (string-append

+ (assoc-ref %build-inputs "source")

+ "/projects/tor-browser")

+ %output

+ #:log (%make-void-port "w")))))

+ (home-page "https://www.torproject.org")

+ (synopsis "Tor Browser build scripts")

+ (description "Tor Browser runtime scripts.")

+ (license (license:non-copyleft "file://LICENSE")))))

+

+(define tor-launcher

+ (package

+ (name "tor-launcher")

+ (version "0.2.28")

+ (source

+ (origin

+ (method url-fetch)

+ (uri (string-append "https://archive.torproject.org/tor-package-archive/torbrowser/"

+ %tbb-build-version "/src-" name "-"

+ version ".tar.xz"))

+ (sha256

+ (base32

+ "0mbd1q46d8nqisn6n79sp6m29332ymb2pf13xzgq1ml7rfcy6jjy"))))

+ (build-system trivial-build-system)

+ (native-inputs

+ `(("tar" ,tar)

+ ("xz" ,xz)))

+ (arguments

+ `(#:modules ((guix build utils))

+ #:builder (begin

+ (use-modules (guix build utils))

+ (format #t "Extracting source ...~%")

+ (let ((src (assoc-ref %build-inputs "source"))

+ (tar (assoc-ref %build-inputs "tar"))

+ (xz (assoc-ref %build-inputs "xz")))

+ (mkdir-p %output)

+ (format #t "Extracting source ...~%")

+ (invoke (string-append tar "/bin/tar") "-xf" src

+ "-C" %output "--strip-components=1"

+ (string-append "--use-compress-program=" xz "/bin/xz"))))))

+ (home-page "https://www.torproject.org")

+ (synopsis "Tor Browser built-in controler extension")

+ (description "Browser extension that starts the tor process (which

+connects the browser and other applications to the Tor Network), and

+which helps people configure and use @code{tor}. The first window that

+you see when you start Tor Browser is displayed by this extension.")

+ (license (license:non-copyleft "file://src/LICENSE"))))

+

+(define https-everywhere-lib-wasm

+ (let ((commit "45b1622f1240659aca4762fa336aad1322d6d50f"))

+ (package

+ (name "https-everywhere-lib-wasm")

+ (version "2021.4.15")

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://github.com/EFForg/https-everywhere-lib-wasm")

+ (commit commit)))

+ (file-name (git-file-name name version))

+ (sha256

+ (base32

+ "1lq62rzypdzmnnzvfns3ccvv1g7p7g9s8jx788zzigr3gnmkpffx"))))

+ (build-system trivial-build-system)

+ (arguments

+ `(#:modules ((guix build utils))

+ #:builder (begin

+ (use-modules (guix build utils))

+ (format #t "Copying source ...~%")

+ (copy-recursively (assoc-ref %build-inputs "source")

+ %output

+ #:log (%make-void-port "w")))))

+ (home-page "https://github.com/EFForg/https-everywhere-lib-wasm")

+ (synopsis "Browser extension for protection against known attacks")

+ (description "Browser extension that protects users from a range of

+known attacks on web browsing activity such as Cross-site scripting, clickjack and

+makes possible for the users to block or choose on a per site basis which remote

+javascript to run while browsing the web.")

+ (license license:gpl2+))))

+

+;; Both https-everywhere and noscript are rellying on some precompiled code for now.

+;; Also read on the work on chromium extensions on gnu/build/chromium-extensions.scm

+;; to see if can be adapted.

+(define-public https-everywhere

+ (package

+ (name "https-everywhere")

+ (version "2021.4.15")

+ (source

+ (origin

+ (method url-fetch)

+ (uri (string-append "https://github.com/EFForg/" name "/archive/"

+ version ".tar.gz"))

+ (file-name (string-append name "-" version ".tar.gz"))

+ (sha256

+ (base32

+ "1bknx8l8gxmpwb13pvn6pdbavknci8q0jhygdaz50ilc1xld89i3"))))

+ (build-system trivial-build-system)

+ (native-inputs

+ `(("bash" ,bash)

+ ("coreutils" ,coreutils)

+ ("findutils" ,findutils)

+ ("git" ,git)

+ ("grep" ,grep)

+ ("gzip" ,gzip)

+ ("https-everywhere-lib-wasm"

+ ,https-everywhere-lib-wasm)

+ ("libxml2" ,libxml2)

+ ("libxslt" ,libxslt)

+ ("openssl" ,openssl)

+ ("python" ,python)

+ ("rsync" ,rsync)

+ ("sed" ,sed)

+ ("tar" ,tar)

+ ("util-linux" ,util-linux) ; for getopt

+ ("xxd" ,xxd)

+ ("which" ,which)

+ ("zip" ,zip)))

+ (arguments

+ `(#:modules ((guix build utils))

+ #:builder (begin

+ (use-modules (guix build utils))

+ (let ((src (assoc-ref %build-inputs "source"))

+ (httpse-libwasm (assoc-ref %build-inputs

+ "https-everywhere-lib-wasm"))

+ (bash (assoc-ref %build-inputs "bash"))

+ (coreutils (assoc-ref %build-inputs "coreutils"))

+ (python (assoc-ref %build-inputs "python"))

+ (openssl (assoc-ref %build-inputs

+++ b/gnu/local.mk

+# Copyright © 2021 André Batista <nandre@riseup.net>

+ %D%/packages/patches/torbrowser-start-desktop.patch \

+ %D%/packages/patches/torbrowser-start-script.patch \

+++ b/gnu/packages/patches/torbrowser-start-desktop.patch

+Change TorBrowser desktop file in order for it to be agnostic to the

+path when invoked.

+

+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop.orig 2020-07-05 18:47:40.689484877 -0300

++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop 2020-07-24 14:36:37.720579884 -0300

+@@ -1,4 +1,4 @@

+-#!/usr/bin/env ./Browser/execdesktop

++#!/usr/bin/env bash

+ #

+ # This file is a self-modifying .desktop file that can be run from the shell.

+ # It preserves arguments and environment for the start-tor-browser script.

+@@ -28,7 +28,7 @@

+ GenericName=Web Browser

+ Comment=Tor Browser is +1 for privacy and −1 for mass surveillance

+ Categories=Network;WebBrowser;Security;

+-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k

+-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach

+-Icon=web-browser

++Exec=sh -c start-tor-browser

++X-TorBrowser-ExecShell=start-tor-browser --detach

++Icon=torbrowser

+ StartupWMClass=Tor Browser

+++ b/gnu/packages/patches/torbrowser-start-script.patch

+Change TorBrowser startup script in order for it to setup needed files

+outside guix store. Remove tests which are not needed on guix system.

+

+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.orig 2020-07-05 18:47:40.685485004 -0300

++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser 2020-07-23 18:13:32.426282743 -0300

+@@ -5,6 +5,14 @@

+ #

+ # Copyright 2017 The Tor Project. See LICENSE for licensing information.

+

++TBB_HOME="${HOME}/.local/share/torbrowser"

++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"

++TBB_DATA="${TBB_HOME}/Data"

++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"

++TBB_STORE_PATH=$(dirname $(realpath "$0"))

++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"

++TORRC="${TBB_DATA}/Tor/torrc-defaults"

++

+ complain_dialog_title="Tor Browser"

+

+ # First, make sure DISPLAY is set. If it isn't, we're hosed; scream

+@@ -134,8 +142,8 @@

+ ;;

+ -l | --log)

+ if [ -z "$2" -o "${2:0:1}" == "-" ]; then

+- printf "Logging Tor Browser debug information to tor-browser.log\n"

+- logfile="../tor-browser.log"

++ printf "Logging Tor Browser debug information to torbrowser.log\n"

++ logfile="${TBB_LOGFILE}"

+ elif [ "${2:0:1}" == "/" -o "${2:0:1}" == "~" ]; then

+ printf "Logging Tor Browser debug information to %s\n" "$2"

+ logfile="$2"

+@@ -187,41 +195,22 @@

+ export XAUTHORITY

+ fi

+

+-# If this script is being run through a symlink, we need to know where

+-# in the filesystem the script itself is, not where the symlink is.

+-myname="$0"

+-if [ -L "$myname" ]; then

+- # XXX readlink is not POSIX, but is present in GNU coreutils

+- # and on FreeBSD. Unfortunately, the -f option (which follows

+- # a whole chain of symlinks until it reaches a non-symlink

+- # path name) is a GNUism, so we have to have a fallback for

+- # FreeBSD. Fortunately, FreeBSD has realpath instead;

+- # unfortunately, that's also non-POSIX and is not present in

+- # GNU coreutils.

+- #

+- # If this launcher were a C program, we could just use the

+- # realpath function, which *is* POSIX. Too bad POSIX didn't

+- # make that function accessible to shell scripts.

+-

+- # If realpath is available, use it; it Does The Right Thing.

+- possibly_my_real_name="`realpath "$myname" 2>/dev/null`"

+- if [ "$?" -eq 0 ]; then

+- myname="$possibly_my_real_name"

+- else

+- # realpath is not available; hopefully readlink -f works.

+- myname="`readlink -f "$myname" 2>/dev/null`"

+- if [ "$?" -ne 0 ]; then

+- # Ugh.

+- complain "start-tor-browser cannot be run using a symlink on this operating system."

+- fi

+- fi

++# Try to be agnostic to where we're being started from, check if files are on its

++# default paths and chdir to TBB_HOME

++if [ -e "${TORRC}" ]; then

++ cd "${TBB_HOME}"

++else

++ mkdir -p "${TBB_HOME}"

++ cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"

++ chmod -R 700 "${TBB_HOME}"

++ mkdir -p "${TBB_PROFILE}"

++ echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\

++ > "${TBB_PROFILE}/user.js"

++ echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\

++ >> "${TORRC}"

++ cd "${TBB_HOME}"

+ fi

+

+-# Try to be agnostic to where we're being started from, chdir to where

+-# the script is.

+-mydir="`dirname "$myname"`"

+-test -d "$mydir" && cd "$mydir"

+-

+ # If ${PWD} results in a zero length string, we can try something else...

+ if [ ! "${PWD}" ]; then

+ # "hacking around some braindamage"

+@@ -236,16 +225,9 @@

+ ln -nsf ~/.config/ibus/bus .config/ibus

+ fi

+

+-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from the

+-# canonical version if it was changed by the updater.

+-cp start-tor-browser.desktop ../

+-sed -i -e "s,^Name=.*,Name=Tor Browser,g" ../start-tor-browser.desktop

+-sed -i -e "s,^Icon=.*,Icon=$PWD/browser/chrome/icons/default/default128.png,g" ../start-tor-browser.desktop

+-sed -i -e "s,^Exec=.*,Exec=sh -c '\"$PWD/start-tor-browser\" --detach || ([ ! -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Browser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop

+-

+ if [ "$register_desktop_app" -eq 1 ]; then

+ mkdir -p "$HOME/.local/share/applications/"

+- cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"

++ cp "${TBB_STORE_PATH}/start-tor-browser.desktop" "$HOME/.local/share/applications/"

+ update-desktop-database "$HOME/.local/share/applications/"

+ printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"

+ exit 0

+@@ -265,21 +247,6 @@

+ HOME="${PWD}"

+ export HOME

+

+-SYSARCHITECTURE=$(getconf LONG_BIT)

+-TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')

+-

+-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then

+- complain "Wrong architecture? 32-bit vs. 64-bit."

+- exit 1

+-fi

+-

+-[% IF c("var/asan") -%]

+-# We need to disable LSan which is enabled by default now. Otherwise we'll get

+-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59

+-ASAN_OPTIONS="detect_leaks=0"

+-export ASAN_OPTIONS

+-[% END -%]

+-

+ function setControlPortPasswd() {

+ local ctrlPasswd=$1

+

+@@ -342,13 +309,15 @@

+ # your password in the following line where the word “secret” is:

+ setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'}

+

+-# Set up custom bundled fonts. See fonts-conf(5).

+-export FONTCONFIG_PATH="${HOME}/TorBrowser/Data/fontconfig"

+-export FONTCONFIG_FILE="fonts.conf"

+-

+ # Avoid overwriting user's dconf values. Fixes #27903.

+ export GSETTINGS_BACKEND=memory

+

++# Set up custom bundled fonts. See fonts-conf(5).

++export FONTCONFIG_FILE="${HOME}/Data/fontconfig/fonts.conf"

++

++sed -i "${FONTCONFIG_FILE}"\

++ -e "s,<dir>fonts</dir>,<dir>${TBB_STORE_PATH}/fonts</dir>,"

++

+ cd "${HOME}"

+

+ # We pass all additional command-line arguments we get to Firefox.

+@@ -357,23 +326,23 @@

+

+ if [ "$show_usage" -eq 1 ]; then

+ # Display Firefox help, then our help

+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \

+- -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/null

++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \

++ -profile Data/Browser/profile.default --help 2>/dev/null

+ tbb_usage

+ elif [ "$detach" -eq 1 ] ; then

+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \

+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &

++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \

++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &

+ disown "$!"

+ elif [ "$log_output" -eq 1 -a "$show_output" -eq 1 ]; then

+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \

+- -profile TorBrowser/Data/Browser/profile.default "${@}" 2>&1 </dev/null | \

++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \

++ -profile Data/Browser/profile.default "${@}" 2>&1 </dev/null | \

+ tee "$logfile"

+ elif [ "$show_output" -eq 1 ]; then

+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \

+- -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null

++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \

++ -profile Data/Browser/profile.default "${@}" < /dev/null

+ else

+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \

+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null

++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \

++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null

+ fi

+

+ exit $?

+++ b/gnu/packages/tor.scm

+ #:use-module (guix gexp)

+ #:use-module (guix monads)

+ #:use-module (guix store)

+ #:use-module (guix build-system cargo)

+ #:use-module (guix build-system gnu)

+ #:use-module (guix build-system trivial)

+ #:use-module (gnu packages admin)

+ #:use-module (gnu packages assembly)

+ #:use-module (gnu packages audio)

+ #:use-module (gnu packages bash)

+ #:use-module (gnu packages cups)

+ #:use-module (gnu packages databases)

+ #:use-module (gnu packages fontutils)

+ #:use-module (gnu packages gl)

+ #:use-module (gnu packages glib)

+ #:use-module (gnu packages gnome)

+ #:use-module (gnu packages gtk)

+ #:use-module (gnu packages gnuzilla)

+ #:use-module (gnu packages icu4c)

+ #:use-module (gnu packages image)

+ #:use-module (gnu packages kerberos)

+ #:use-module (gnu packages libcanberra)

+ #:use-module (gnu packages libffi)

+ #:use-module (gnu packages llvm)

+ #:use-module (gnu packages node)

+ #:use-module (gnu packages nss)

+ #:use-module (gnu packages perl)

+ #:use-module (gnu packages pulseaudio)

+ #:use-module (gnu packages readline)

+ #:use-module (gnu packages rsync) ; for httpse

+ #:use-module (gnu packages rust)

+ #:use-module (gnu packages rust-apps)

+ #:use-module (gnu packages sqlite)

+ #:use-module (gnu packages version-control)

+ #:use-module (gnu packages video)

+ #:use-module (gnu packages vim) ; for xxd

+ #:use-module (gnu packages w3m)

+ #:use-module (gnu packages xdisorg)

+ #:use-module (gnu packages xiph)

+ #:use-module (gnu packages xorg)

+ #:use-module (gnu packages xml) ; for httpse

+ #:use-module (ice-9 match)

+ #:use-module ((srfi srfi-1) #:hide (zip)))

+

+;; torbrowser and tor-browser-builder build versions are not always in sync

+(define %torbrowser-version "78.11.0esr-10.0-1")

+(define %tbb-build-version "10.0.17")

+(define %torbrowser-build "build1")

+(define %tbb-build "build1")

+(define %torbrowser-build-id "20210602000000");must be of the form YYYYMMDDhhmmss

+

+;; Fonts for Tor Browser. Avoid downloading 4Gb+ git repo on

+;; https://github.com/googlei18n/noto-fonts.git to use just a handful.

+;; Use the fonts on Tor Browser release tarball.

+(define torbrowser-fonts

+ (package

+ (name "torbrowser-fonts")

+ (version %tbb-build-version)

+ (source

+ (origin

+ (method url-fetch)

+ (uri (string-append "https://archive.torproject.org/tor-package-archive/torbrowser/"

+ version "/tor-browser-linux64-"

+ version "_en-US.tar.xz"))

+ (sha256

+ (base32

+ "13x38n1cvqmxjz0jf2fda8lx2k25szzmg7gvv08z3q5na7109m2m"))))

+ (build-system trivial-build-system)

+ (native-inputs

+ `(("tar" ,tar)

+ ("xz" ,xz)))

+ (arguments

+ `(#:modules ((guix build utils))

+ #:builder (begin

+ (use-modules (guix build utils))

+ (let ((src (assoc-ref %build-inputs "source"))

+ (src-dir "tor-browser_en-US/Browser/fonts")

+ (fonts (string-append %output "/share/fonts"))

+ (tar (assoc-ref %build-inputs "tar"))

+ (xz (assoc-ref %build-inputs "xz")))

+ (mkdir-p fonts)

+ (format #t "Untaring torbrowser ball ...~%")

+ (invoke (string-append tar "/bin/tar") "-xf" src

+ "-C" fonts "--strip-components=3"

+ (string-append "--use-compress-program=" xz "/bin/xz")

+ src-dir)

+ #t))))

+ (home-page "https://github.com/googlei18n/noto-fonts")

+ (synopsis "Tor Browser bundled fonts")

+ (description "Free fonts bundled with Tor Browser. Includes a subset of Noto,

+Arimo, Cousine, Tinos and STIX fonts.")

+ (license license:silofl1.1)))

+

+(define tor-browser-build

+ (let ((commit (string-append "tbb-desktop-" %tbb-build-version

+ "-" %tbb-build)))

+ (package

+ (name "tor-browser-build")

+ (version %tbb-build-version)

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://git.torproject.org/builders/tor-browser-build.git")

+ (commit commit)))

+ (file-name (git-file-name name version))

+ (sha256

+ (base32

+ "1qwgghy79wx0w1yz132yyaln4g42s72133n6gbdf07rkf5n44izc"))))

+ (build-system trivial-build-system)

+ (arguments

+ `(#:modules ((guix build utils))

+ #:builder (begin

+ (use-modules (guix build utils))

+ (format #t "Copying build scripts ...~%")

+ (copy-recursively (string-append

+ (assoc-ref %build-inputs "source")

+ "/projects/tor-browser")

+ %output

+ #:log (%make-void-port "w")))))

+ (home-page "https://www.torproject.org")

+ (synopsis "Tor Browser build scripts")

+ (description "Tor Browser runtime scripts.")

+ (license (license:non-copyleft "file://LICENSE")))))

+

+(define tor-launcher

+ (package

+ (name "tor-launcher")

+ (version "0.2.28")

+ (source

+ (origin

+ (method url-fetch)

+ (uri (string-append "https://archive.torproject.org/tor-package-archive/torbrowser/"

+ %tbb-build-version "/src-" name "-"

+ version ".tar.xz"))

+ (sha256

+ (base32

+ "0mbd1q46d8nqisn6n79sp6m29332ymb2pf13xzgq1ml7rfcy6jjy"))))

+ (build-system trivial-build-system)

+ (native-inputs

+ `(("tar" ,tar)

+ ("xz" ,xz)))

+ (arguments

+ `(#:modules ((guix build utils))

+ #:builder (begin

+ (use-modules (guix build utils))

+ (format #t "Extracting source ...~%")

+ (let ((src (assoc-ref %build-inputs "source"))

+ (tar (assoc-ref %build-inputs "tar"))

+ (xz (assoc-ref %build-inputs "xz")))

+ (mkdir-p %output)

+ (format #t "Extracting source ...~%")

+ (invoke (string-append tar "/bin/tar") "-xf" src

+ "-C" %output "--strip-components=1"

+ (string-append "--use-compress-program=" xz "/bin/xz"))))))

+ (home-page "https://www.torproject.org")

+ (synopsis "Tor Browser built-in controler extension")

+ (description "Browser extension that starts the tor process (which

+connects the browser and other applications to the Tor Network), and

+which helps people configure and use @code{tor}. The first window that

+you see when you start Tor Browser is displayed by this extension.")

+ (license (license:non-copyleft "file://src/LICENSE"))))

+

+(define https-everywhere-lib-wasm

+ (let ((commit "45b1622f1240659aca4762fa336aad1322d6d50f"))

+ (package

+ (name "https-everywhere-lib-wasm")

+ (version "2021.4.15")

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://github.com/EFForg/https-everywhere-lib-wasm")

+ (commit commit)))

+ (file-name (git-file-name name version))

+ (sha256

+ (base32

+ "1lq62rzypdzmnnzvfns3ccvv1g7p7g9s8jx788zzigr3gnmkpffx"))))

+ (build-system trivial

+++ b/gnu/packages/browser-extensions.scm

+ #:use-module (guix download)

+

+(define noscript

+ (package

+ (name "noscript")

+ (version "11.4.28")

+ (source (origin

+ (method url-fetch/zipbomb)

+ (uri (string-append

+ "https://noscript.net/download/releases/noscript-" version

+ ".xpi"))

+ (sha256

+ (base32

+ "051wawi0yjyramp743yjawqaz59g3m2gcivm24b44ibd4arpdl2l"))))

+ (build-system copy-build-system)

+ (properties '((addon-id . "{73a6fe31-595d-460b-a920-fcc0f8843232}")))

+ (arguments

+ `(#:install-plan '(("." ,(assq-ref properties 'addon-id)))))

+ (home-page "https://noscript.net")

+ (synopsis "Software providing extra protection for various browsers.")

+ (description "The NoScript Security Suite is a software providing extra

+protection for web browsers.")

+ (license license:gpl3+)))

+

+(define-public noscript/icecat

+ (make-icecat-extension noscript))

+++ b/gnu/packages/gnupg.scm

+ (@ (gnu packages tor) torsocks))) ;avoid dependency loop

+++ b/gnu/packages/tor.scm

+ #:use-module (guix build-system copy)

+ #:use-module (guix build-system mozilla)

+ #:use-module (gnu packages bash)

+ #:use-module (gnu packages browser-extensions)

+ #:use-module (gnu packages gnuzilla)

+

+(define torbrowser-assets

+ ;; This is a prebuilt Torbrowser from which we take the assets we need.

+ (package

+ (name "torbrowser-assets")

+ ;; To find the last version, look at https://www.torproject.org/download/.

+ (version "13.0.6")

+ (source

+ (origin

+ (method url-fetch)

+ (uri

+ (string-append

+ "https://archive.torproject.org/tor-package-archive/torbrowser/"

+ version "/tor-browser-linux-x86_64-" version ".tar.xz"))

+ (sha256

+ (base32

+ "0d72jgcp9rbpfjivsh6vg6bgbppkhrlficwk4jz0f8h69cj8ygzd"))))

+ (arguments

+ (list

+ #:install-plan

+ ''(("Browser" "." #:include-regexp

+ ("^\\./TorBrowser/Data/Tor/torrc-defaults"

+ "^\\./fonts/"

+ "^\\./fontconfig/fonts.conf")))))

+ (build-system copy-build-system)

+ (home-page "https://www.torproject.org")

+ (synopsis "Tor Browser assets")

+ (description "This package contains fonts and configuration files for Tor

+Browser.")

+ (license license:silofl1.1)))

+

+(define-public torbrowser

+ (package

+ (inherit icecat-minimal)

+ (name "torbrowser")

+ ;; To find the last version, browse

+ ;; https://archive.torproject.org/tor-package-archive/torbrowser/<version>

+ ;; (<version> is the version of the `torbrowser-assets` package). There

+ ;; should be only one archive that starts with "src-firefox-tor-browser-".

+ (version "115.5.0esr-13.0-1-build4")

+ (source

+ (origin

+ (method url-fetch)

+ (uri

+ (string-append

+ "https://archive.torproject.org/tor-package-archive/torbrowser/"

+ (package-version torbrowser-assets)

+ "/src-firefox-tor-browser-" version ".tar.xz"))

+ (sha256

+ (base32

+ "0p0qsfc2l2bicqjr1kxciiij5qz7n8xqyvyn8f13fvk0wyg94c6v"))))

+ (build-system mozilla-build-system)

+ (arguments

+ (substitute-keyword-arguments (package-arguments icecat-minimal)

+ ((#:configure-flags flags '())

+ #~(cons*

+ "--without-relative-data-dir" ;store is read-only

+ "--disable-base-browser-update"

+ "--enable-update-channel=release"

+ "--with-branding=browser/branding/tb-release"

+ (string-append "--prefix=" #$output)

+ (string-append "--with-base-browser-version="

+ #$(package-version

+ (this-package-input "torbrowser-assets")))

+ #$flags))

+ ((#:phases phases)

+ #~(modify-phases #$phases

+ (add-before 'configure 'setenv

+ (lambda _

+ (setenv "CONFIG_SHELL" (which "bash"))

+ ;; Install location is prefix/lib/$MOZ_APP_NAME. Also

+ ;; $MOZ_APP_NAME is the executable name. Default is

+ ;; "firefox".

+ (setenv "MOZ_APP_NAME" "torbrowser")

+ ;; Profile location (relative to "~/."). Default is

+ ;; lower($MOZ_APP_VENDOR/$MOZ_APP_BASENAME), which is:

+ ;; ~/.tor project/firefox.

+ (setenv "MOZ_APP_PROFILE" "torbrowser/browser")

+ ;; WM_CLASS (default is "$MOZ_APP_NAME-$MOZ_UPDATE_CHANNEL").

+ (setenv "MOZ_APP_REMOTINGNAME" "Tor Browser")

+ ;; Persistent state directory for the build system (default is

+ ;; $HOME/.mozbuild).

+ (setenv "MOZBUILD_STATE_PATH"

+ (in-vicinity (getcwd) ".mozbuild"))))

+ (add-before 'configure 'mozconfig

+ (lambda* (#:key configure-flags #:allow-other-keys)

+ (with-output-to-file "mozconfig"

+ (lambda ()

+ (format #t ". $topsrcdir/mozconfig-linux-x86_64~%")

+ (for-each (lambda (flag)

+ (format #t "ac_add_options ~a~%" flag))

+ configure-flags)))))

+ (replace 'configure

+ (lambda _

+ (invoke "make" "-C" "tools/torbrowser" "config")))

+ (add-before 'build 'fix-addons-placeholder

+ (lambda _

+ (substitute*

+ "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"

+ (("addons.mozilla.org") "gnuzilla.gnu.org"))))

+ (replace 'build

+ (lambda _

+ (invoke "make" "-C" "tools/torbrowser" "build")))

+ (add-after 'install 'deploy-assets

+ (lambda _

+ (let ((assets #$(this-package-input "torbrowser-assets"))

+ (lib (in-vicinity #$output "lib/torbrowser"))

+ (tor #$(this-package-input "tor")))

+ ;; TorBrowser/Data/Tor/torrc-defaults

+ (copy-recursively (in-vicinity assets "TorBrowser")

+ (in-vicinity lib "TorBrowser"))

+ ;; The geoip and geoip6 files are in the same directory as

+ ;; torrc-defaults. (See TorProcess.sys.mjs.)

+ (mkdir-p (in-vicinity lib "TorBrowser/Data/Tor"))

+ (copy-file (in-vicinity tor "share/tor/geoip")

+ (in-vicinity lib "TorBrowser/Data/Tor/geoip"))

+ (copy-file (in-vicinity tor "share/tor/geoip6")

+ (in-vicinity lib "TorBrowser/Data/Tor/geoip6"))

+ ;; Fonts

+ (copy-recursively (in-vicinity assets "fontconfig")

+ (in-vicinity lib "fontconfig"))

+ (substitute* (in-vicinity lib "fontconfig/fonts.conf")

+ (("<dir>fonts</dir>")

+ (format #f "<dir>~a</dir>" (in-vicinity lib "fonts"))))

+ (delete-file-recursively (in-vicinity lib "fonts"))

+ (copy-recursively (in-vicinity assets "fonts")

+ (in-vicinity lib "fonts")))))

+ (replace 'build-sandbox-whitelist

+ (lambda* (#:key inputs #:allow-other-keys)

+ (define (runpath-of lib)

+ (call-with-input-file lib

+ (compose elf-dynamic-info-runpath

+ elf-dynamic-info

+ parse-elf

+ get-bytevector-all)))

+ (define (runpaths-of-input label)

+ (let* ((dir (string-append (assoc-ref inputs label) "/lib"))

+ (libs (find-files dir "\\.so$")))

+ (append-map runpath-of libs)))

+ ;; Populate the sandbox read-path whitelist as needed by ffmpeg.

+ (let* ((whitelist

+ (map (cut string-append <> "/")

+ (delete-duplicates

+ `(,(string-append (assoc-ref inputs "shared-mime-info")

+ "/share/mime")

+ ,@(append-map runpaths-of-input

+ '("mesa" "ffmpeg"))))))

+ (whitelist-string (string-join whitelist ",")))

+ (with-output-to-file "whitelist.txt"

+ (lambda ()

+ (display whitelist-string))))))

+ (add-after 'install 'autoconfig

+ (lambda* (#:key inputs #:allow-other-keys)

+ (let ((lib (in-vicinity #$output "lib/torbrowser"))

+ (config-file "tor-browser.cfg"))

+ (with-output-to-file (in-vicinity

+ lib "defaults/pref/autoconfig.js")

+ (lambda ()

+ (format #t "// first line must be a comment~%")

+ (format #t "pref(~s, ~s);~%"

+ "general.config.filename" config-file)

+ (format #t "pref(~s, ~a);~%"

+ "general.config.obscure_value" "0")))

+ (with-output-to-file (in-vicinity lib config-file)

+ (lambda ()

+ (format #t "// first line must be a comment~%")

+ ;; Locking prevents these values being written to

+ ;; prefs.js, avoiding Store path capture.

+ (format #t "lockPref(~s, ~s);~%"

+ "extensions.torlauncher.torrc-defaults_path"

+ (in-vicinity

+ lib "TorBrowser/Data/Tor/torrc-defaults"))

+ (format #t "lockPref(~s, ~s);~%"

+ "extensions.torlauncher.tor_path"

+ (search-input-file inputs "bin/tor"))

+ ;; Required for Guix packaged extensions

+ ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8

+ ;; Default is 5.

+ (format #t "pref(~s, ~a);~%"

+ "extensions.enabledScopes" "13")

+ (format #t "pref(~s, ~s);~%"

+ "security.sandbox.content.read_path_whitelist"

+ (call-with-input-file "whitelist.txt"

+ get-string-all))

+ ;; Add-ons pannel (see settings.js in Icecat source).

+ (format #t "pref(~s, ~s);~%"

+ "extensions.getAddons.search.browseURL"

+ "https://gnuzilla.gnu.org/mozzarella")

+ (format #t "pref(~s, ~s);~%"

+ "extensions.getAddons.get.url"

+ "https://gnuzilla.gnu.org/mozzarella")

+ (format #t "pref(~s, ~s);~%"

+ "extensions.getAddons.link.url"

+ "https://gnuzilla.gnu.org/mozzarella")

+ (format #t "pref(~s, ~s);~%"

+ "extensions.getAddons.discovery.api_url"

+ "https://gnuzilla.gnu.org/mozzarella")

+ (format #t "pref(~s, ~s);~%"

+ "extensions.getAddons.langpacks.url"

+ "https://gnuzilla.gnu.org/mozzarella")

+ (format #t "pref(~s, ~s);~%"

+ "lightweightThemes.getMoreURL"

+ "https://gnuzilla.gnu.org/mozzarella"))))))

+ (replace 'wrap-program

+ (lambda* (#:key inputs #:allow-other-keys)

+ (let* ((gtk #$(this-package-input "gtk+"))

+ (gtk-share (string-append gtk "/share"))

+ (fonts.conf (in-vicinity

+ #$output

+ "lib/torbrowser/fontconfig/fonts.conf"))

+ (ld-libs '#$(cons

+ (file-append

+ (this-package-input "libcanberra")

+ "/lib/gtk-3.0/modules")

+ (map

+ (lambda (label)

+ (file-append

+ (this-package-input label) "/lib"))

+ '("libpng-apng"

+ "libxscrnsaver"

+ "mesa"

+ "pciutils"

+ "mit-krb5"

+ "eudev"

+ "pulseaudio"

+ "libnotify")))))

+ (wrap-program

+ (in-vicinity #$output "lib/torbrowser/torbrowser")

+ `("XDG_DATA_DIRS" prefix (,gtk-share))

+ `("LD_LIBRARY_PATH" prefix ,ld-libs)

+ `("FONTCONFIG_FILE" prefix (,fonts.conf))))))

+ (replace 'install-desktop-entry

+ (lambda _

+ (let ((apps (in-vicinity #$output "share/applications")))

+ (mkdir-p apps)

+ (make-desktop-entry-file

+ (in-vicinity apps "torbrowser.desktop")

+ #:name "Tor Browser"

+ #:exec

+ (format #f "~a %u" (in-vicinity #$output "bin/torbrowser"))

+ #:comment

+ "Tor Browser is +1 for privacy and -1 for mass surveillance"

+ #:categories '("Network" "WebBrowser" "Security")

+ #:startup-w-m-class "Tor Browser"

+ #:icon "tor-browser"))))

+ (replace 'install-icons

+ (lambda* (#:key inputs #:allow-other-keys)

+ (for-each

+ (lambda (size)

+ (let ((oldpath (string-append

+ "browser/branding/tb-release/default"

+ size ".png"))

+ (newpath (string-append #$output

+ "/share/icons/hicolor/"

+ size "x" size "/apps")))

+ (mkdir-p newpath)

+ (copy-file oldpath

+ (in-vicinity newpath "tor-browser.png"))))

+ '("16" "22" "24" "32" "48" "64" "128" "256"))))))))

+ (inputs

+ (modify-inputs (package-inputs icecat-minimal)

+ (append bash-minimal

+ tor

+ torbrowser-assets)))

+ (propagated-inputs

+ (list noscript/icecat))

+ (home-page "https://www.torproject.org")

+ (synopsis "Anonymous browser derived from Mozilla Firefox")

+ (description

+ "Tor Browser is the Tor Project version of Firefox browser. It is the

+only recommended way to anonymously browse the web that is supported by the

+project. It modifies Firefox in order to avoid many know application level

+attacks on the privacy of Tor users.")

+ (license license:mpl2.0))) ;And others, see

+ ;toolkit/content/license.html

+++ b/gnu/packages/browser-extensions.scm

+ #:use-module (guix download)

+

+(define noscript

+ (package

+ (name "noscript")

+ (version "11.4.28")

+ (source (origin

+ (method url-fetch/zipbomb)

+ (uri (string-append

+ "https://noscript.net/download/releases/noscript-" version

+ ".xpi"))

+ (sha256

+ (base32

+ "051wawi0yjyramp743yjawqaz59g3m2gcivm24b44ibd4arpdl2l"))))

+ (build-system copy-build-system)

+ (properties '((addon-id . "{73a6fe31-595d-460b-a920-fcc0f8843232}")))

+ (arguments

+ `(#:install-plan '(("." ,(assq-ref properties 'addon-id)))))

+ (home-page "https://noscript.net")

+ (synopsis "Software providing extra protection for various browsers.")

+ (description "The NoScript Security Suite is a software providing extra

+protection for web browsers.")

+ (license license:gpl3+)))

+

+(define-public noscript/icecat

+ (make-icecat-extension noscript))

+++ b/gnu/packages/gnupg.scm

+ (@ (gnu packages tor) torsocks))) ;avoid dependency loop

+++ b/gnu/packages/tor.scm

+ #:use-module (guix build-system copy)

+ #:use-module (guix build-system mozilla)

+ #:use-module (gnu packages bash)

+ #:use-module (gnu packages browser-extensions)

+ #:use-module (gnu packages gnuzilla)

+

+(define torbrowser-assets

+ ;; This is a prebuilt Torbrowser from which we take the assets we need.

+ (package

+ (name "torbrowser-assets")

+ ;; To find the last version, look at https://www.torproject.org/download/.

+ (version "13.0.6")

+ (source

+ (origin

+ (method url-fetch)

+ (uri

+ (string-append

+ "https://archive.torproject.org/tor-package-archive/torbrowser/"

+ version "/tor-browser-linux-x86_64-" version ".tar.xz"))

+ (sha256

+ (base32

+ "0d72jgcp9rbpfjivsh6vg6bgbppkhrlficwk4jz0f8h69cj8ygzd"))))

+ (arguments

+ (list

+ #:install-plan

+ ''(("Browser" "." #:include-regexp

+ ("^\\./TorBrowser/Data/Tor/torrc-defaults"

+ "^\\./fonts/"

+ "^\\./fontconfig/fonts.conf")))))

+ (build-system copy-build-system)

+ (home-page "https://www.torproject.org")

+ (synopsis "Tor Browser assets")

+ (description "This package contains fonts and configuration files for Tor

+Browser.")

+ (license license:silofl1.1)))

+

+;; Must be of the form YYYYMMDDhhmmss as in `date +%Y%m%d%H%M%S`.

+(define %moz-build-date "20231219173144")

+

+(define-public torbrowser

+ (package

+ (inherit icecat-minimal)

+ (name "torbrowser")

+ ;; To find the last version, browse

+ ;; https://archive.torproject.org/tor-package-archive/torbrowser/<version>

+ ;; (<version> is the version of the `torbrowser-assets` package). There

+ ;; should be only one archive that starts with "src-firefox-tor-browser-".

+ (version "115.5.0esr-13.0-1-build4")

+ (source

+ (origin

+ (method url-fetch)

+ (uri

+ (string-append

+ "https://archive.torproject.org/tor-package-archive/torbrowser/"

+ (package-version torbrowser-assets)

+ "/src-firefox-tor-browser-" version ".tar.xz"))

+ (sha256

+ (base32

+ "0p0qsfc2l2bicqjr1kxciiij5qz7n8xqyvyn8f13fvk0wyg94c6v"))))

+ (build-system mozilla-build-system)

+ (arguments

+ (substitute-keyword-arguments (package-arguments icecat-minimal)

+ ((#:configure-flags flags '())

+ #~(cons*

+ "--without-relative-data-dir" ;store is read-only

+ "--disable-base-browser-update"

+ ;; Default is "default", which is the same as "nightly".

+ "--enable-update-channel=release"

+ "--with-user-appdir=.torbrowser"

+ "--with-branding=browser/branding/tb-release"

+ (string-append "--prefix=" #$output)

+ (string-append "--with-base-browser-version="

+ #$(package-version

+ (this-package-input "torbrowser-assets")))

+ #$flags))

+ ((#:phases phases)

+ #~(modify-phases #$phases

+ (add-before 'configure 'setenv

+ (lambda _

+ (setenv "CONFIG_SHELL" (which "bash"))

+ ;; Install location is prefix/lib/$MOZ_APP_NAME. Also

+ ;; $MOZ_APP_NAME is the executable name. Default is

+ ;; "firefox".

+ (setenv "MOZ_APP_NAME" "torbrowser")

+ ;; Profile location (relative to "~/."). Default is

+ ;; lower($MOZ_APP_VENDOR/$MOZ_APP_BASENAME), which is:

+ ;; ~/.tor project/firefox.

+ (setenv "MOZ_APP_PROFILE" "torbrowser/browser")

+ ;; WM_CLASS (default is "$MOZ_APP_NAME-$MOZ_UPDATE_CHANNEL").

+ (setenv "MOZ_APP_REMOTINGNAME" "Tor Browser")

+ ;; Persistent state directory for the build system (default is

+ ;; $HOME/.mozbuild).

+ (setenv "MOZBUILD_STATE_PATH"

+ (in-vicinity (getcwd) ".mozbuild"))

+ ;; Make build reproducible.

+ (setenv "MOZ_BUILD_DATE" #$%moz-build-date)))

+ (add-before 'configure 'mozconfig

+ (lambda* (#:key configure-flags #:allow-other-keys)

+ (with-output-to-file "mozconfig"

+ (lambda ()

+ (format #t ". $topsrcdir/mozconfig-linux-x86_64~%")

+ (for-each (lambda (flag)

+ (format #t "ac_add_options ~a~%" flag))

+ configure-flags)))))

+ (replace 'configure

+ (lambda _

+ (invoke "make" "-C" "tools/torbrowser" "config")))

+ (add-before 'build 'fix-addons-placeholder

+ (lambda _

+ (substitute*

+ "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"

+ (("addons.mozilla.org") "gnuzilla.gnu.org"))))

+ (replace 'build

+ (lambda _

+ (invoke "make" "-C" "tools/torbrowser" "build")))

+ (add-after 'install 'deploy-assets

+ (lambda _

+ (let ((assets #$(this-package-input "torbrowser-assets"))

+ (lib (in-vicinity #$output "lib/torbrowser"))

+ (tor #$(this-package-input "tor-client")))

+ ;; TorBrowser/Data/Tor/torrc-defaults

+ (copy-recursively (in-vicinity assets "TorBrowser")

+ (in-vicinity lib "TorBrowser"))

+ ;; The geoip and geoip6 files are in the same directory as

+ ;; torrc-defaults. (See TorProcess.sys.mjs.)

+ (mkdir-p (in-vicinity lib "TorBrowser/Data/Tor"))

+ (copy-file (in-vicinity tor "share/tor/geoip")

+ (in-vicinity lib "TorBrowser/Data/Tor/geoip"))

+ (copy-file (in-vicinity tor "share/tor/geoip6")

+ (in-vicinity lib "TorBrowser/Data/Tor/geoip6"))

+ ;; Fonts

+ (copy-recursively (in-vicinity assets "fontconfig")

+ (in-vicinity lib "fontconfig"))

+ (substitute* (in-vicinity lib "fontconfig/fonts.conf")

+ (("<dir>fonts</dir>")

+ (format #f "<dir>~a</dir>" (in-vicinity lib "fonts"))))

+ (delete-file-recursively (in-vicinity lib "fonts"))

+ (copy-recursively (in-vicinity assets "fonts")

+ (in-vicinity lib "fonts")))))

+ (replace 'build-sandbox-whitelist

+ (lambda* (#:key inputs #:allow-other-keys)

+ (define (runpath-of lib)

+ (call-with-input-file lib

+ (compose elf-dynamic-info-runpath

+ elf-dynamic-info

+ parse-elf

+ get-bytevector-all)))

+ (define (runpaths-of-input label)

+ (let* ((dir (string-append (assoc-ref inputs label) "/lib"))

+ (libs (find-files dir "\\.so$")))

+ (append-map runpath-of libs)))

+ ;; Populate the sandbox read-path whitelist as needed by ffmpeg.

+ (let* ((whitelist

+ (map (cut string-append <> "/")

+ (delete-duplicates

+ `(,(string-append (assoc-ref inputs "shared-mime-info")

+ "/share/mime")

+ ,@(append-map runpaths-of-input

+ '("mesa" "ffmpeg"))))))

+ (whitelist-string (string-join whitelist ",")))

+ (with-output-to-file "whitelist.txt"

+ (lambda ()

+ (display whitelist-string))))))

+ (add-after 'install 'autoconfig

+ (lambda* (#:key inputs #:allow-other-keys)

+ (let ((lib (in-vicinity #$output "lib/torbrowser"))

+ (config-file "tor-browser.cfg"))

+ (with-output-to-file (in-vicinity

+ lib "defaults/pref/autoconfig.js")

+ (lambda ()

+ (format #t "// first line must be a comment~%")

+ (format #t "pref(~s, ~s);~%"

+ "general.config.filename" config-file)

+ (format #t "pref(~s, ~a);~%"

+ "general.config.obscure_value" "0")))

+ (with-output-to-file (in-vicinity lib config-file)

+ (lambda ()

+ (format #t "// first line must be a comment~%")

+ (format #t "pref(~s, ~s);~%"

+ "extensions.torlauncher.torrc-defaults_path"

+ (in-vicinity

+ lib "TorBrowser/Data/Tor/torrc-defaults"))

+ (format #t "pref(~s, ~s);~%"

+ "extensions.torlauncher.tor_path"

+ (search-input-file inputs "bin/tor"))

+ ;; Required for Guix packaged extensions

+ ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8

+ ;; Default is 5.

+ (format #t "pref(~s, ~a);~%"

+ "extensions.enabledScopes" "13")

+ (format #t "pref(~s, ~s);~%"

+ "security.sandbox.content.read_path_whitelist"

+ (call-with-input-file "whitelist.txt"

+ get-string-all))

+ ;; Add-ons pannel (see settings.js in Icecat source).

+ (format #t "pref(~s, ~s);~%"

+ "extensions.getAddons.search.browseURL"

+ "https://gnuzilla.gnu.org/mozzarella")

+ (format #t "pref(~s, ~s);~%"

+ "extensions.getAddons.get.url"

+ "https://gnuzilla.gnu.org/mozzarella")

+ (format #t "pref(~s, ~s);~%"

+ "extensions.getAddons.link.url"

+ "https://gnuzilla.gnu.org/mozzarella")

+ (format #t "pref(~s, ~s);~%"

+ "extensions.getAddons.discovery.api_url"

+ "https://gnuzilla.gnu.org/mozzarella")

+ (format #t "pref(~s, ~s);~%"

+ "extensions.getAddons.langpacks.url"

+ "https://gnuzilla.gnu.org/mozzarella")

+ (format #t "pref(~s, ~s);~%"

+ "lightweightThemes.getMoreURL"

+ "https://gnuzilla.gnu.org/mozzarella"))))))

+ (replace 'wrap-program

+ (lambda* (#:key inputs #:allow-other-keys)

+ (let* ((gtk #$(this-package-input "gtk+"))

+ (gtk-share (string-append gtk "/share"))

+ (fonts.conf (in-vicinity

+ #$output

+ "lib/torbrowser/fontconfig/fonts.conf"))

+ (ld-libs '#$(cons

+ (file-append

+ (this-package-input "libcanberra")

+ "/lib/gtk-3.0/modules")

+ (map

+ (lambda (label)

+ (file-append

+ (this-package-input label) "/lib"))

+ '("libpng-apng"

+ "libxscrnsaver"

+ "mesa"

+ "pciutils"

+ "mit-krb5"

+ "eudev"

+ "pulseaudio"

+ "libnotify")))))

+ (wrap-program

+ (in-vicinity #$output "lib/torbrowser/torbrowser")

+ `("XDG_DATA_DIRS" prefix (,gtk-share))

+ `("LD_LIBRARY_PATH" prefix ,ld-libs)

+ `("FONTCONFIG_FILE" prefix (,fonts.conf))))))

+ (replace 'install-desktop-entry

+ (lambda _

+ (let ((apps (in-vicinity #$output "share/applications")))

+ (mkdir-p apps)

+ (make-desktop-entry-file

+ (in-vicinity apps "torbrowser.desktop")

+ #:name "Tor Browser"

+ #:exec

+ (format #f "~a %u" (in-vicinity #$output "bin/torbrowser"))

+ #:comment

+ "Tor Browser is +1 for privacy and -1 for mass surveillance"

+ #:categories '("Network" "WebBrowser" "Security")

+ #:startup-w-m-class "Tor Browser"

+ #:icon "tor-browser"))))

+ (replace 'install-icons

+ (lambda* (#:key inputs #:allow-other-keys)

+ (for-each

+ (lambda (size)

+ (let ((oldpath (string-append

+ "browser/branding/tb-release/default"

+ size ".png"))

+ (newpath (string-append #$output

+ "/share/icons/hicolor/"

+ size "x" size "/apps")))

+ (mkdir-p newpath)

+ (copy-file oldpath

+ (in-vicinity newpath "tor-browser.png"))))

+ '("16" "22" "24" "32" "48" "64" "128" "256"))))))))

+ (inputs

+ (modify-inputs (package-inputs icecat-minimal)

+ (append bash-minimal

+ tor-client

+ torbrowser-assets)))

+ (propagated-inputs

+ (list noscript/icecat))

+ (home-page "https://www.torproject.org")

+ (synopsis "Anonymous browser derived from Mozilla Firefox")

+ (description

+ "Tor Browser is the Tor Project version of Firefox browser. It is the

+only recommended way to anonymously browse the web that is supported by the

+project. It modifies Firefox in order to avoid many know application level

+attacks on the privacy of Tor users.")

+ (license license:mpl2.0))) ;And others, see

+ ;toolkit/content/license.html