[WIP] gnu: Add torbrowser-unbundle.

  • Done
  • quality assurance status badge
Details
9 participants
  • Clément Lassieur
  • Efraim Flashner
  • Leo Famulari
  • Ludovic Courtès
  • Maxime Devos
  • André Batista
  • Anonymousemail
  • Xinglu Chen
  • Raghav Gururajan
Owner
unassigned
Submitted by
André Batista
Severity
normal
A
A
André Batista wrote on 15 Jul 2020 23:15
(address . guix-patches@gnu.org)
20200715211547.GA17146@andel
Hello Guix!

The patch bellow adds a torbrowser-unbundle variable, but it needs a
bit of working before merging into master. I've inserted many
comments on the code regarding issues which need attention and
questions that remained. I've decided to send this early notice so I
can ask some questions and get criticism before I go too deep on the
wrong direction.

As the name implies it does not bundle tor and to use it, you need
to have a properly configured system instance. You also need to
configure a ControlPort and a HashedControlPassword if you want to
be able to get new identities while browsing and if you don't want
to keep seeing a warning on startup page. It will create/change
permissions on ${HOME}/Data and use the native Downloads dir. It does
not have bundled fonts, so you will be fingerprintable on levels
bellow safest. It does not have support for obfs4 bridges yet.

There is no startup script for now, you are advised to invoke it with
'--class "Tor Browser"'.

Now for the questions:
- Should it keep unbundled? If so, should we try to unbundle the
https-everywhere and noscript extensions?
- Is it acceptable to use to use the noscript .xpi, instead of
building? Upstream just grabs it from addons.mozilla. There does
not appear to be blobs and the GPL full text is inside it.
- Should we try change the app name at build time or is it enough to
adapt the name of the startup script (which is not the for now, but
is certainly needed)?
- Any other things that I've been blind to?

If you don't have time to review the code, but has processing
power available, build it with rounds=2 or try to cross compile
for i686 and comment back.

Thanks,
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl8PcgAFgwPCZwAACgkQ
YrJ+WmBEwoKG+Q//WNP/2bs87azCZfyCmRUPB5mgI5jq6QbTaj+MxBpVtb7laL1Y
D/7SadHs79qF63ZwQWzOFbOjDdMVX/h+ZVydoFjIcoK5Idiu3erjyTAFklnMInTE
eWY3buWfaPp0/isxlHfNBk7Xzum7mYSAUD4B/L+uCrSGrtTvy1PLHvdwB6SwSvao
WB9oKhs0WGQo6pgYXjtE9JhU8MB7HoJfYICYE6dFKUC5EoHGxQl1BOmOeZY7Y8oc
0zVdNJ7SeCD7xvvR6wNbiKAfEo3tp4Np+yp2HI6HGnTFhmIcUI9iDoDo4RzNzC8O
7t1noPh9r9s7f1FGdsI01UnBPO5pzEJ1m3RYNmSEhQpQ3ZYCC3b69hxObjNRIatM
lQFRpnZ6iH7ixKS6I4RCAtScyekmpVwr7R4K3j36kIFRct9vrUd/CP5/I4tvHTi9
JmZcyfko/MNMEeg0s+4mVrAftfGWrCCpV6p/uZhknZpSLbin7TFcnww6eMOrliQS
056s/yIq4uOSDVjDNVwJvqUKa63XXLijetpL6dSbOc5BLd7g004v55lQBz/NEfnG
6HK+vyZMQ5iaJpw+KbkpZ20ORrOFL/+3PLX1x8O2CV1UBiwmPFteyhvFBpuAHljf
fVoNDm20tom+CJpWD7sqkwZqyAPTPSjz0FdhRzdXRhO1sMcuUcIBd3QcpYw=
=kzRK
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 25 Jul 2020 16:49
Re: [bug#42380] [PATCH] gnu: Add torbrowser-unbundle.
(address . 42380@debbugs.gnu.org)
20200725144930.GA13751@andel
Hello Guix,

The patch bellow adds TorBrowser, Obfs4 and related libraries. No
more warnings, it should behave as expected. User files are
stored under '~/.local/share/torbrowser'.

Just two notes:
- some of the libraries do not have a named font and just claim
BDS-Style. I've written bsd-2 for those and left a note. I'm
no sure if there is need for a more appropriate description.
- https-everywhere does not show rules on the browser, but the
rules are there on the store path. There is no default address
for autoupdating rules.

And one important question: tor and obfs4 are inputs to torbrowser
which are symlinked in the install phase. Do they need to be
propagated so as to not be garbage collected?

Happy Hacking!
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl8cRncFgwPCZwAACgkQ
YrJ+WmBEwoKlKxAApUb+A/3pMUkIJfga9lIQOXWyQynDHL9UtYF0j4WkPADdUL9y
XcfF3nTT9pLMevsWu7BcL6tpnctPbd5DcOUUIzSxcxBiVP7L6bKF4f4rmrJsYm7/
RVYGbWofaJF1rMyafqWkIAYYCxoCayLy8eEnnY1Rav6Jpz/FGP98M5QpyQiRujG1
DEUaMhgSkxBSacC8Mcm/+1n25BLeAHUwoAV3DhD14Et9jmzG1ZarWTWGC9ZZiGvQ
2G9xzdfkn018HXRuZSSYoFmsdtoiM14s/naWm1xSNLiBIn0kwqzQEwFVvLUvA2we
0PZx2G04M7GdZ9cf5jWhikZ7HTOaBW1gu/muXgt1e5HVEJgYeFWbSOCSkf1eWWld
5s9VJTmnh4kQBf/ekjD31NMpUrHxrfRD8AD+L4IxadJNWnGYKTUXQg8AzIWsuyb6
2qnK3+0FmrVjTJtOizvtuzJ+aqpao9uG3Vu99UJadcv1V68A3l4yYSTly+hqzBjd
yNg1fHsZFucYdLPNKAru3ncaCICj/gr3jWG9/0wMiqHjKbGKj4bCQIv+LEy0sHgt
l0jXxOZdy/jI1DEtT4/NGF2EottF0c9DcgqQaNKXFdOu4phYpeGwZDPmjYQPoMKM
CSY5pQyWwXnve0MrcQtkQoKSynI3Le+h6iqK4gTtyHmH2LuohZtBzfRvHQw=
=W84x
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 3 Aug 2020 14:55
(address . 42380@debbugs.gnu.org)
20200803125556.GA18868@andel
Hello Guix,

This patch upgrades Tor Browser to version 9.5.3. I've also took this
opportunity to rework the code in order to improve readability, make
code review and maintainance easier and lower build time.

Main changes:
- No longer relies on computed-origin-method
- Private package definitions
- Chopped down install phase
- New phases
- More detailed go library package descriptions
- Reviewed license definitions

Cheers,
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl8oCVkFgwPCZwAACgkQ
YrJ+WmBEwoJPOA//WR7G44J1GWSuQtoSo7tB6LuMkwKJ+9LqsnAp3uY64j8KdX/L
6fVGCQPoy7lzdGhU8ZBJOaC+icYilu3/c10WG7xdputtgkWJCyM8kyQzXSimTc7j
bIO9UtgmzYZYuMv7ro9T+LzysevpkSkhupwKqzDVsp4QzQftUq4h4lk+LzITc4KE
blcjJyog8M3rteCV4JR3Pgs1pdMp9NVkzPFprwQXGtvyxTmlEUVXxcZS24OCYzRk
A+NQASaJO44bsmC299QvLuaCaki0BuhV/i/HTupLCwbeimz+4yvtBImaT53Vkqb9
Bu92IqYKFROpz03xCPCnyySbDR3n+ZloXQyamGwpdfjxPPV8+xlYoAhv2y16d4bM
308/IzBXrTk5+tfhR7Guk28g4hTYb23WtmqqqFf6Tebxj4MTvb7aXbWlNxWPp887
S4e1mkxfGVnnUBBE5wKDjygs1vA+Vs8xXxeQcA/JHTkH8KcVAoGgp6jRJyg7rKxI
3TaPodRFZFrou+whLtIskCg0Ndlfowx0qsRi8nkKCs03uOaWlsHrSMY1m7vCejrK
VnK3r7Pp2HDuTV7pl56TsA1XNS3pUreGMq7hMAxTA8hktVM6IvK898rgb8ZriCMl
qcYp4k8SdtYd8o5VE4LkD2VSl1AUcwALMvBNKdVhcaCaH+mwtppFzfYYbEQ=
=FjJZ
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 7 Sep 2020 16:13
(name . André Batista)(address . nandre@riseup.net)(address . 42380@debbugs.gnu.org)
87blihhdz6.fsf@gnu.org
Hello,

André Batista <nandre@riseup.net> skribis:

Toggle quote (12 lines)
> This patch upgrades Tor Browser to version 9.5.3. I've also took this
> opportunity to rework the code in order to improve readability, make
> code review and maintainance easier and lower build time.
>
> Main changes:
> - No longer relies on computed-origin-method
> - Private package definitions
> - Chopped down install phase
> - New phases
> - More detailed go library package descriptions
> - Reviewed license definitions

Woow, thanks for working on this! The end result is functional, right?
Any important missing items?

Toggle quote (15 lines)
> From 2075c6a93a6b1918305323b369318425e05fc4f5 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
> Date: Mon, 3 Aug 2020 09:29:55 -0300
> Subject: [PATCH] gnu: Add torbrowser-unbundle
> To: guix-patches@gnu.org
>
> * gnu/packages/tor.scm (obfs4, torbrowser-unbundle): New variables.
> * gnu/packages/golang.scm (go-torproject-org-ptlib,
> go-github-com-agl-ed25519, go-github-com-dchest-siphash,
> go-github-com-dchest-uniuri, go-github-com-dsnet-compress,
> go-schwanenlied-me-yawning-bsaes, go-gitlab-com-yawning-utls): New variables.
> * gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch: New file.
> * gnu/packages/patches/torbrowser-start-tor-browser.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Adjust accordingly.

For the final submission, we’d need one patch per new package, as is
customary. That will have the advantage of allowing review to proceed
one bit at a time. :-)

Regarding Tor Browser itself, can you think of ways to factorize code
with IceCat?

Thanks,
Ludo’.
A
A
André Batista wrote on 9 Sep 2020 04:24
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 42380@debbugs.gnu.org)
20200909022429.GA24930@andel
Hello,

seg 07 set 2020 às 16:13:17 (1599505997), ludo@gnu.org enviou:
Toggle quote (5 lines)
> Hello,
>
> Woow, thanks for working on this! The end result is functional, right?
> Any important missing items?

Just a small token of my appreciation for your years of work on
guix. I'm glad to be able to give something back to this community.

I've been using this package for the last month or so and did not
hit any bugs so, though I'm not a heavy web user, I think it's fair
to say the result is functional.

On the down side, the https-everywhere extension is broken as is
since it's missing lib-wasm. I've built but did not send here a
version which just copies lib-wasm to its proper place before
building the extension and this version works without further
issues.

The reason I did not send it to this list is that lib-wasm source
provides a precompiled prepackaged file[1] which is then used on
https-everywhere build script and it's source code is not actualy
compiled[2]. As I understand it, the Tor Project just relies on
this precompiled binary on its build procedure and the same seems
to be true for IceCat[3][4].

In order to have everything compiled from source, I've had to
define a lot of rust libs which were required for building
wasm-pack and then to have a rustc with wasm32-unknown-unknown
target enabled and compatible with wasm-pack (apparently newer
versions changed compiler strings and wasm-pack errors out when
trying to parse). For over two weeks I've been trying without
success and always thinking that the next build would succeed.

Long story short, maybe there's just one more issue pending when
compiling lib-wasm. When wasm-pack is invoked, everything
compiles but I'm getting the following error:

note: lld: error: /gnu/store/kwdsf42z7ib6fr5vggqi9nc4jpi1znxy-rust-1.38.0/lib/rustlib/wasm32-unknown-unknown/lib/libstd-373ca16e620a2f9a.rlib: archive has no index; run ranlib to add one

for a few rust libs. Without lld, it complains about a missing
rust-lld binary. Also, this appears to be the rust standard
nowadays[5].

If I'm not terribly wrong, this issue[6] seems to suggest an
approach for emscripten which could solve this issue without
removing the 'strip' phase which was the work around suggested
by some on the same thread.

Another issue that is pending is that libwasm depends on rust
multi-default-trait-impl crate. This crate defines lgpl2.1+ on
its Cargo.toml file, but the sources does not contain neither a
copy of the license. So I'm unsure if this is enough to make it
free software. So I'm planning on sending some mails to both the
maintainer and FSF to see if this needs improvement.

Toggle quote (4 lines)
> For the final submission, we’d need one patch per new package, as is
> customary. That will have the advantage of allowing review to proceed
> one bit at a time. :-)

For sure. I'll give it a few more tries and cleanup the mess
here before sending this patch series. If I don't succeed, I'm
planning on sending it anyway so at least the libs can be
added and maybe someone can spot what I'm missing. But maybe
it's wise to hold Tor Browser itself since there has been an
announcement of some large percentage of exit relays messing
with Tor traffic[7].

Toggle quote (3 lines)
> Regarding Tor Browser itself, can you think of ways to factorize code
> with IceCat?

L
L
Ludovic Courtès wrote on 9 Sep 2020 09:20
(name . André Batista)(address . nandre@riseup.net)
878sdjo1qv.fsf@gnu.org
Hi André,

André Batista <nandre@riseup.net> skribis:

Toggle quote (3 lines)
> Just a small token of my appreciation for your years of work on
> guix. I'm glad to be able to give something back to this community.

Thank you.

Toggle quote (17 lines)
> I've been using this package for the last month or so and did not
> hit any bugs so, though I'm not a heavy web user, I think it's fair
> to say the result is functional.
>
> On the down side, the https-everywhere extension is broken as is
> since it's missing lib-wasm. I've built but did not send here a
> version which just copies lib-wasm to its proper place before
> building the extension and this version works without further
> issues.
>
> The reason I did not send it to this list is that lib-wasm source
> provides a precompiled prepackaged file[1] which is then used on
> https-everywhere build script and it's source code is not actualy
> compiled[2]. As I understand it, the Tor Project just relies on
> this precompiled binary on its build procedure and the same seems
> to be true for IceCat[3][4].

Oh, glad that you were able to identify that issue, which presumably had
been overlooked so far.

Toggle quote (18 lines)
> In order to have everything compiled from source, I've had to
> define a lot of rust libs which were required for building
> wasm-pack and then to have a rustc with wasm32-unknown-unknown
> target enabled and compatible with wasm-pack (apparently newer
> versions changed compiler strings and wasm-pack errors out when
> trying to parse). For over two weeks I've been trying without
> success and always thinking that the next build would succeed.
>
> Long story short, maybe there's just one more issue pending when
> compiling lib-wasm. When wasm-pack is invoked, everything
> compiles but I'm getting the following error:
>
> note: lld: error: /gnu/store/kwdsf42z7ib6fr5vggqi9nc4jpi1znxy-rust-1.38.0/lib/rustlib/wasm32-unknown-unknown/lib/libstd-373ca16e620a2f9a.rlib: archive has no index; run ranlib to add one
>
> for a few rust libs. Without lld, it complains about a missing
> rust-lld binary. Also, this appears to be the rust standard
> nowadays[5].

Ah. I’m Cc’ing Efraim, who’s been very much into Rust packaging for
some time; does that ring a bell, Efraim?

Toggle quote (12 lines)
> If I'm not terribly wrong, this issue[6] seems to suggest an
> approach for emscripten which could solve this issue without
> removing the 'strip' phase which was the work around suggested
> by some on the same thread.
>
> Another issue that is pending is that libwasm depends on rust
> multi-default-trait-impl crate. This crate defines lgpl2.1+ on
> its Cargo.toml file, but the sources does not contain neither a
> copy of the license. So I'm unsure if this is enough to make it
> free software. So I'm planning on sending some mails to both the
> maintainer and FSF to see if this needs improvement.

Great.

Toggle quote (12 lines)
>> For the final submission, we’d need one patch per new package, as is
>> customary. That will have the advantage of allowing review to proceed
>> one bit at a time. :-)
>
> For sure. I'll give it a few more tries and cleanup the mess
> here before sending this patch series. If I don't succeed, I'm
> planning on sending it anyway so at least the libs can be
> added and maybe someone can spot what I'm missing. But maybe
> it's wise to hold Tor Browser itself since there has been an
> announcement of some large percentage of exit relays messing
> with Tor traffic[7].

I don’t think Guix users will radically increase traffic over Tor, so I
think we can keep going. :-)

Toggle quote (9 lines)
>> Regarding Tor Browser itself, can you think of ways to factorize code
>> with IceCat?
>
> Other than sharing the https-everywhere definition, I was
> thinking maybe we could take a diff of Tor Browser and Firefox
> and avoid downloading firefox source twice when building both
> browsers. But I need to take a more careful look. I'll give
> this question some thought.

OK. I was expecting at least things like some of the build phases and
most/all of the inputs to be the same, but I haven’t checked.

Thanks again for all the work!

Ludo’.
E
E
Efraim Flashner wrote on 9 Sep 2020 12:59
(name . Ludovic Courtès)(address . ludo@gnu.org)
20200909105944.GQ1643@E5400
On Wed, Sep 09, 2020 at 09:20:08AM +0200, Ludovic Courtès wrote:
Toggle quote (51 lines)
> Hi André,
>
> André Batista <nandre@riseup.net> skribis:
>
> > Just a small token of my appreciation for your years of work on
> > guix. I'm glad to be able to give something back to this community.
>
> Thank you.
>
> > I've been using this package for the last month or so and did not
> > hit any bugs so, though I'm not a heavy web user, I think it's fair
> > to say the result is functional.
> >
> > On the down side, the https-everywhere extension is broken as is
> > since it's missing lib-wasm. I've built but did not send here a
> > version which just copies lib-wasm to its proper place before
> > building the extension and this version works without further
> > issues.
> >
> > The reason I did not send it to this list is that lib-wasm source
> > provides a precompiled prepackaged file[1] which is then used on
> > https-everywhere build script and it's source code is not actualy
> > compiled[2]. As I understand it, the Tor Project just relies on
> > this precompiled binary on its build procedure and the same seems
> > to be true for IceCat[3][4].
>
> Oh, glad that you were able to identify that issue, which presumably had
> been overlooked so far.
>
> > In order to have everything compiled from source, I've had to
> > define a lot of rust libs which were required for building
> > wasm-pack and then to have a rustc with wasm32-unknown-unknown
> > target enabled and compatible with wasm-pack (apparently newer
> > versions changed compiler strings and wasm-pack errors out when
> > trying to parse). For over two weeks I've been trying without
> > success and always thinking that the next build would succeed.
> >
> > Long story short, maybe there's just one more issue pending when
> > compiling lib-wasm. When wasm-pack is invoked, everything
> > compiles but I'm getting the following error:
> >
> > note: lld: error: /gnu/store/kwdsf42z7ib6fr5vggqi9nc4jpi1znxy-rust-1.38.0/lib/rustlib/wasm32-unknown-unknown/lib/libstd-373ca16e620a2f9a.rlib: archive has no index; run ranlib to add one
> >
> > for a few rust libs. Without lld, it complains about a missing
> > rust-lld binary. Also, this appears to be the rust standard
> > nowadays[5].
>
> Ah. I’m Cc’ing Efraim, who’s been very much into Rust packaging for
> some time; does that ring a bell, Efraim?
>

It's not something that I've come across before. My first guess would be
to check the linking flags against the ones icecat/firefox uses and see
if anything changed. Or if it needs a different version of rust.

Toggle quote (45 lines)
> > If I'm not terribly wrong, this issue[6] seems to suggest an
> > approach for emscripten which could solve this issue without
> > removing the 'strip' phase which was the work around suggested
> > by some on the same thread.
> >
> > Another issue that is pending is that libwasm depends on rust
> > multi-default-trait-impl crate. This crate defines lgpl2.1+ on
> > its Cargo.toml file, but the sources does not contain neither a
> > copy of the license. So I'm unsure if this is enough to make it
> > free software. So I'm planning on sending some mails to both the
> > maintainer and FSF to see if this needs improvement.
>
> Great.
>
> >> For the final submission, we’d need one patch per new package, as is
> >> customary. That will have the advantage of allowing review to proceed
> >> one bit at a time. :-)
> >
> > For sure. I'll give it a few more tries and cleanup the mess
> > here before sending this patch series. If I don't succeed, I'm
> > planning on sending it anyway so at least the libs can be
> > added and maybe someone can spot what I'm missing. But maybe
> > it's wise to hold Tor Browser itself since there has been an
> > announcement of some large percentage of exit relays messing
> > with Tor traffic[7].
>
> I don’t think Guix users will radically increase traffic over Tor, so I
> think we can keep going. :-)
>
> >> Regarding Tor Browser itself, can you think of ways to factorize code
> >> with IceCat?
> >
> > Other than sharing the https-everywhere definition, I was
> > thinking maybe we could take a diff of Tor Browser and Firefox
> > and avoid downloading firefox source twice when building both
> > browsers. But I need to take a more careful look. I'll give
> > this question some thought.
>
> OK. I was expecting at least things like some of the build phases and
> most/all of the inputs to be the same, but I haven’t checked.
>
> Thanks again for all the work!
>
> Ludo’.

--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl9YtZ0ACgkQQarn3Mo9
g1G3TA/+MJXs7F3y2i5+YOi5WuWsCcpyRm1adlAYlexTjvEFm7zC5JkghHjSx8aN
6Sl6hV7K1KlV2qxT7veVsm0/+AC9XYMYqCtNpD3qbOX3H+0mo7qquZJAk9OS8axo
BRgzH3AZZB3siOX/UNaJQzh/FF7MiTSMTrkhU+4lzPlGlpYiN3dcEbmUJuuNrdTp
Nx7c4TStSyh8QU2OY9nA37LY2KbPgs1Wy3QmCApGNS/rI5wZ7SlnQW6OA3ASSqaj
jFDU1M3vSj7WQ+GtwhRIb5MEKRzfKj3szTqgBVG45c0yZZxKzc1kPZyOxX4z0nlH
xwjtJgJWfTpC+/Ubz0KHJX5R8QsCUfLgu0u1XF/MzN24XnfwN3fOxVFg8IYysS93
j3GFxgSOsj9jFf1GmJ94CsvpdRLrw4M0NId/vuNhUhMjch/YRmq826LpXNMdJ664
OLr1tgRrfAfGcaAooA46A1U+gQoSWcRKn8/Rb4MTzbfsWtrkwWabLDR61iFpWzhR
JBz2gdV+VgifpsGFkkFfotLM0ivs4kTDzkMslPufVGnXNF7fJtmaJs3dYysgSH1A
rYR1kxh8bzujLm+qznLwWF+uEpTphDZ0aNrZDRz5n1gXPxzsF4lS6Gb3SfU1ydFF
zqavljCCAH50Z3pS6yNBwYoR9zQPiAEHpEjMgY00VKGfwWhx4yg=
=om71
-----END PGP SIGNATURE-----


R
R
Raghav Gururajan wrote on 12 Sep 2020 15:35
Wow!
(address . 42380@debbugs.gnu.org)
ecc4d8c1-92c7-7a81-9c92-2d87f001ddfc@disroot.org
Hello Guix!

Thank you all for the hard work. This is a high-time package.

Any idea on when it can be merged to master?, at-least a minimally
viable package?

Regards,
RG.
Attachment: signature.asc
A
A
André Batista wrote on 15 Sep 2020 16:21
Re: [bug#42380] [PATCH 0/9] gnu: Add torbrowser-unbundle.
(name . Ludovic Courtès)(address . ludo@gnu.org)
20200915142128.GA12025@andel
Hi Ludo,

qua 09 set 2020 às 09:20:08 (1599654008), ludo@gnu.org enviou:
Toggle quote (15 lines)
> Hi André,
>
> André Batista <nandre@riseup.net> skribis:
>
> > For sure. I'll give it a few more tries and cleanup the mess
> > here before sending this patch series. If I don't succeed, I'm
> > planning on sending it anyway so at least the libs can be
> > added and maybe someone can spot what I'm missing. But maybe
> > it's wise to hold Tor Browser itself since there has been an
> > announcement of some large percentage of exit relays messing
> > with Tor traffic[7].
>
> I don’t think Guix users will radically increase traffic over Tor, so I
> think we can keep going. :-)

Just to be sure: it's not so much about Guix users increasing the load
on Tor Network as of Guix users not having the benefits of this
extension and being prey to sslstriping.

Since you're giving a green light and I've encountered further
deterrence down the trail, I'll be sending this patch series which
also updates Tor Browser to the latest version. I've left comments
on code where I see room for improvement, in case someones wants to
help. For now, I'm trying to solve this issue and I think I'll
start a new thread for tracking it in order to avoid clutter here
as https-everywhere requires a good many new rust libs.

Toggle quote (12 lines)
> >> Regarding Tor Browser itself, can you think of ways to factorize code
> >> with IceCat?
> >
> > Other than sharing the https-everywhere definition, I was
> > thinking maybe we could take a diff of Tor Browser and Firefox
> > and avoid downloading firefox source twice when building both
> > browsers. But I need to take a more careful look. I'll give
> > this question some thought.
>
> OK. I was expecting at least things like some of the build phases and
> most/all of the inputs to be the same, but I haven’t checked.

Indeed they both share many inputs and phases. I've actually started
this definition from the IceCat one. I'll think on how to merge
them back. Probably some inheritance is in need.

Toggle quote (2 lines)
> Thanks again for all the work!

:)

---

This patch series adds Tor Browser version 9.5.4 to Guix.
Unsurprisignly, building it with '--rounds=2' seems to imply that
it is deterministic.
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9gzeUFgwPCZwAACgkQ
YrJ+WmBEwoJQNxAAm4HsW2cN4Kt4XjM6WT1erGkwIMpegxHpPCFnIXL7RqFtXj2S
DatADHACcO8sAv8oZCHX34OspezA+jlR8Snlw5RrEIOK2OVZtIHTyQilAmmw2maq
qtTKtElF6eccLLj+Vlt/T/3rzNU4dlgPNBpTykDAvt7bgxfoLkxrZh1lici2zyp+
7H2RsTA8NFMdrAZALwau65gbngGV4YqWUcuPR+xEcMooLXU2WAqJDxvP+wtiwN+K
4m/qACY0hzaqfh8rQdSCCQ/LTmU21rjbjMBFen8d4ogoKKWRjP3jIjs9nfS/RkRz
EDpv1NUql58RQkyhMrC8IOg9pCgtmjgthTwVj2dAibrb2xZDJVDPCkNCqXwssLoO
nzahqCQpB1UBQO77vFYpDkvol9mKSQImD/OgmjrARGbS4c/lQqCRXFBbiyQ3AFty
pLkMzBEGWmBqMdMGRBmHxrNnCT6l1PDCRLGt0HrsKA1PbQDqJ+Xku/ZEURVrj/R7
8/Wfr7bgAlEOb2f4/3JvaGgvAm8o5Jdors0qV/m/7V2UgGiYq1ZmpoW34ZOWRQNF
gK0S+3gL49qSc4qpTpd00/hBAbuPXqdfhEAgO4ZU4hdZ6x54D+1eXBOdDRgzo16r
8xWiKT1pDJp7D0pb1iAY+2f81EcvSbXirSU4pYHA0wBgZlWYKagb4dY6y4c=
=yek4
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:01
Re: [bug#42380] [PATCH 1/9] gnu: Add go-torproject-org-ptlib
(address . 42380@debbugs.gnu.org)
20200915150114.GA13296@andel

From f92795d45035e0423c69a5f6264e35f466840778 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:03:28 -0300
Subject: [PATCH] gnu: Add go-torproject-org-ptlib.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-torproject-org-ptlib): New variable.
---
gnu/packages/golang.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)

Toggle diff (34 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 8723592b51..0bcb01fd2f 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5656,3 +5656,27 @@ Included are the following:
except that it adds convenience functions that use the fmt package to format
error messages.")
(license license:bsd-3)))
+
+(define-public go-torproject-org-ptlib
+ (package
+ (name "go-torproject-org-ptlib")
+ (version "1.1.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/pluggable-transports/goptlib.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1lh938194hvkf8pqgnxwf6hvjv9rv0j3kasi07r2ckrj8sxzk4jc"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "git.torproject.org/pluggable-transports/goptlib.git"))
+ (home-page "https://git.torproject.org/pluggable-transports/goptlib.git")
+ (synopsis "Go library for Tor Pluggable Transports")
+ (description "Library for writing Tor Pluggable Transports in Go. Pluggable
+Transports are a means of connecting to the Tor Network from places where it
+is censored.")
+ (license license:cc0)))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g1yoFgwPCZwAACgkQ
YrJ+WmBEwoJLgw//UpgdAgtcx9zZgf6Da2/oRwIimWEAJxWtD0VY9gb7Q8HZGcu1
3uZvxr2JB9VTwE4pNmUyrWsyT+o9HuKShFbWZRorab0k8puOkmsKUKRoqdz9VPmn
1uF/LNUXRlIs4+rAAqWLeN7408UW+13JuLpl9yj5CaIFXqqATzoEm8SVQ9IbFhHd
HEanggiW+/82LKK+tnVgq4bGC/4HBlpjTfTmC+IjVuKMV+wACUggfYX/yD9eE7hK
hzKxhe+WRfjUrmCebJcmhC8yPtHW6HZfuF2rxMa7zqi867nKKc5BdfYCo6KXfMGD
KZlgcSW7oYLuB/FHRehCk+vTyPOIsXkIj1Vg8v5ozCxEx4q01WL9DYosNbrGrtXJ
n1BCsJZAt7DyApmbJr0Z7jr5Qu+NAt+FH3LpG6g+53q/E91U9qs/10qlxWHFIiHE
1UELtNZ8iTvti5Mz8tdvt7pn8aGc0EWt4aD3ZK2FNVXJP/ykmtXnA2sMcFL/8Ow/
M8LNJLhkrMHJGMIBL4WhL1PBfZtodzFgiEvjmz7RWdRw7alwIT4a9KgTwUKHIYHK
vSmID+RGCZtCmQVGyi+3VyKumAvhX+9P+8CY1vheMYXQV3Hb0JWXFuCGsyg9dW/o
YjvuD0nO48j3iCy2HdIyFMHNlndxTjgskerDQpxqI6+n4LdXlxxzF9n6veI=
=/UY9
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:04
Re: [bug#42380] [PATCH 2/9] gnu: Add go-github-com-agl-ed25519
(address . 42380@debbugs.gnu.org)
20200915150421.GB13296@andel

From a9a38cf97812f18e1f39b9009d040f16af501efe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:15:31 -0300
Subject: [PATCH] gnu: Add go-github-com-agl-ed25519.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-agl-ed25519): New variable.
---
gnu/packages/golang.scm | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)

Toggle diff (48 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 0bcb01fd2f..8eab872814 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5680,3 +5680,41 @@ error messages.")
Transports are a means of connecting to the Tor Network from places where it
is censored.")
(license license:cc0)))
+
+(define-public go-github-com-agl-ed25519
+ (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")
+ (revision "0"))
+ (package
+ (name "go-github-com-agl-ed25519")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/agl/ed25519")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/agl/ed25519"
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'reset-gzip-timestamps 'make-files-writable
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (for-each (lambda (file) (chmod file #o644))
+ (find-files out "\\.gz"))
+ #t))))))
+ (home-page "https://github.com/agl/ed25519")
+ (synopsis "Go library for ed25519 public-key signatures")
+ (description "This library is a Go implementation of ed25519 public-key
+signature system which was designed to be faster than previous digital signature
+systems without sacrificing security. It is currently used in the
+implementation of obfs4 and should be not be used on newer projects since it
+is unmaintained. Newer software should use x-crypto instead.")
+ ;; License file is referred but it is missing. Probably because the
+ ;; author decided to discontinue the project.
+ (license (license:non-copyleft "file://ed25519.go")))))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g1/UFgwPCZwAACgkQ
YrJ+WmBEwoJ6SBAApmWNIpeSmO7S62UaBpDG+UIsgGMFIjQ48BEmb/1fjkNMMobw
ZK+nMIWOeWYMXerIY0vbhIStzErhu4QyrDaTemP19SKsOefaKdBA5zBQ/0H75Bce
1MqncokLB2byZTv7gpBKG0uN66tVJ1WRF9TVBneJK+GL4SXonSEYhv2IPbqx1Q7u
7Pym+pCD4oQFq78hIAfH8XDerlaYsFau69ivEWx77J12pa9NP0IDoDai44Xg/7vY
Ajc/+cF9G7QciTlWf0d8SYrj9NVHsBTxibd751yIlfrhc14hArdzCdlVx0u6Xe4Z
EhGIQYOXhlz4W4YWszicc7XNsUJgCk/FCcWPEOHSspfQCNxKv7j3O5xwYUOUjH6w
9W5qMwgxSYJXkF9ChIavMslhfZieIPLH6OFfIJEp9PLcnbPCoffko6Om7nqwwJwV
7KOgb8xGmITE0Up2ncrd4WlWAqeSvutLQ6mXb4rivEtCdopYiQIUh5hjnTwAOOJ9
egehbFVCn0Dk5zCqmn2z6zdnuakfDd93tYTRiiybTyV8dGWTb7cPYiH8e50zldHb
scxa+Vrj8G/Ol3iHCOdfu9rbf2zbcKoQiJga6HGHCc1vg3kbLxk6Vof2v0ZAW5ir
4ep8EZuHe6ogHaSEkT5IEwF7I232vyhgfeW/J678YVxti03QvaKSdMWSdOA=
=Zyh/
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:06
Re: [bug#42380] [PATCH 0/9] gnu: Add go-github-com-dchest-siphash.
(address . 42380@debbugs.gnu.org)
20200915150607.GC13296@andel

From b1d59160bf4c444784f68b5b35d20c48cb1eb601 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:18:41 -0300
Subject: [PATCH] gnu: Add go-github-com-dchest-siphash.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-dchest-siphash): New variable.
---
gnu/packages/golang.scm | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)

Toggle diff (37 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 8eab872814..471ed31965 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5718,3 +5718,30 @@ is unmaintained. Newer software should use x-crypto instead.")
;; License file is referred but it is missing. Probably because the
;; author decided to discontinue the project.
(license (license:non-copyleft "file://ed25519.go")))))
+
+(define-public go-github-com-dchest-siphash
+ (let ((commit "34f201214d993633bb24f418ba11736ab8b55aa7")
+ (revision "0"))
+ (package
+ (name "go-github-com-dchest-siphash")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dchest/siphash")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "08s076y7vmjqnq7jz0762hkm896r6r31v8b31a3gy0n8rfa01k8k"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dchest/siphash"))
+ (home-page "https://github.com/dchest/siphash")
+ (synopsis "Go library for siphash")
+ (description "Go implementation of SipHash-2-4, a fast short-input
+Pseudo Random Function which is suitable for usage in message authentication
+codes and was based on the design created by Jean-Philippe Aumasson and Daniel
+J. Bernstein. ")
+ (license license:cc0))))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2F4FgwPCZwAACgkQ
YrJ+WmBEwoLEHQ//eim1QrKY4aNxskV89L25DRzFz5eDMQSlP3NQJCo7UxpN8fbx
6J6Sjus1WKIZlNDkuAXqMlgP0+H0ZHaUK9NQNITPGuwppgtnhnChQXgyu8bbtQjq
fWRvRweZdhciQG2XcLGHQhLN0RF/V4samaJx9sS8w1hZ77LB4S4R+Fq2wJr49qDI
SBNrS7RYqtROgYEoYEiTiz4MJMahPQFJtNkvqzo2TsZ3AZNDdCeMeUnF36tl/2yg
szGv926oNHgUlVL4HDwNn/ZgOao6iAzKr5BZkqXLSbDvINK+5EpW/pDyXce54+Dq
JCEMUXLOSAwB8kpvpDoo37O5coRONmsW1qDJZNhqgj+SHRzflfwhXlk857skDXIb
Mri+rLXj0U0ihteGxQIneW9s9aZo/oPz4AKVJupjaGOc19FPVirrA5a+BnAhtfL3
Zu3770xU5NWRxqbvcQV7sJnrWDe+mdbe1fvFVIkoUTC9sJLwOw3+5lHPjePGP5KY
2pQY+TliCNUkwzLvMRyzXlAnH3HKNEDC2o92eF9NYwr9tuHsNLzYITANQnPFItN2
1ZVUJYZ8xD40HsQPDPSBKNkhKitpQnBiiff+ruwq1WmqzFOL6NQXWwwbwDOp2Svz
OuLLbvkPlguQR2IphQ30EK3o5BlPIAT++MwZP0BsYbQQ8vntDglayG9dFzA=
=g79z
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:08
Re: [bug#42380] [PATCH 4/9] gnu: Add go-github-com-dchest-uniuri
(address . 42380@debbugs.gnu.org)
20200915150832.GD13296@andel

From 46b0c175ce9c440c469c4456960adab9503c2bfa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:27:56 -0300
Subject: [PATCH] gnu: Add go-github-com-dchest-uniuri.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-dchest-uniuri): New variable.
---
gnu/packages/golang.scm | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)

Toggle diff (35 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 471ed31965..da9a531665 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5745,3 +5745,28 @@ Pseudo Random Function which is suitable for usage in message authentication
codes and was based on the design created by Jean-Philippe Aumasson and Daniel
J. Bernstein. ")
(license license:cc0))))
+
+(define-public go-github-com-dchest-uniuri
+ (let ((commit "8902c56451e9b58ff940bbe5fec35d5f9c04584a")
+ (revision "0"))
+ (package
+ (name "go-github-com-dchest-uniuri")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dchest/uniuri")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "1x5bsbm1nlphsv96zd0rbclfaa1swpz5bp14x7s5dbxp0awk2gd4"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dchest/uniuri"))
+ (home-page "https://github.com/dchest/uniuri")
+ (synopsis "Go library for random URIs")
+ (description "Package uniuri generates random strings good for use in
+Universal Resource Identifiers to uniquely identify objects.")
+ (license license:cc0))))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2O8FgwPCZwAACgkQ
YrJ+WmBEwoJEIg//YOP5rAeag2yGs8Iv6twzYrbkjTs8WKP7KZz0KT2IQP6FTlr4
v58AlDG96Y30pUaB6rsyhqZxEgpI4MSRYB1Ldk/YHMlnqz1PIegDZ/DqDuUxzFhe
tL3XwcgiIssnCboVmflDV0NS+3ezTfeH167jYu0ARN0iN3Qa5jgFCVPh6Y+fX1i6
BR+85bmZpECy/hZH67vR9VSBKZTkyrCOahCj/TyBFIOVs5OLJRbhLhYsnIXYeG/s
G76K5z0W0e9yjf5S3QOy4xgHhfxZHh2TE7I1coIGvu+kP6Ji15VCtp7XBHf5TKqU
tOj2i4oXjIEux4Ioic9rllgADTyqXURG7uk9XrqEBKIMbjOvoLyrjsUsaxKC71AW
6ZNPczqBz91DeiYrk2ass+xZh/utq9jtQTND0BhixBfwv7ztutviPLXiqQl8QDZi
gbjp1GDZWOUpb7Aq/9o9H0oLjvPgOW0dyH4EJja1mM5m4hrBD/VngJUI1eUU1vJY
kWPoCHXKPCYw8JMNEd9VboMa7XercTMrtt0ame6Yv6HWVLXVP5WOzVxKpSXsV3td
tt2lWQEyv5H+QukRmyE+PNJaC22vQvpNrQTSeL6YXttG6/XbL5wQH9T1S89Vlzue
HXoi+MA0ejHhOJR9NaRXNyqUv95pEuXvn0MPPx8taIZJdTjd7iShdo/FDjo=
=Fh5j
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:10
Re: [bug#42380] [PATCH 5/9] gnu: Add go-github-com-dsnet-compress
(address . 42380@debbugs.gnu.org)
20200915151036.GE13296@andel

From e539f026c99a4983713a60928b2be10d70dd3a91 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:31:36 -0300
Subject: [PATCH] gnu: Add go-github-com-dsnet-compress.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-dsnet-compress): New variable.
---
gnu/packages/golang.scm | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)

Toggle diff (36 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index da9a531665..06c9faa286 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5770,3 +5770,29 @@ J. Bernstein. ")
(description "Package uniuri generates random strings good for use in
Universal Resource Identifiers to uniquely identify objects.")
(license license:cc0))))
+
+(define-public go-github-com-dsnet-compress
+ (let ((commit "cc9eb1d7ad760af14e8f918698f745e80377af4f")
+ (revision "0"))
+ (package
+ (name "go-github-com-dsnet-compress")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dsnet/compress")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "159liclywmyb6zx88ga5gn42hfl4cpk1660zss87fkx31hdq9fgx"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dsnet/compress"))
+ (home-page "https://github.com/dsnet/compress")
+ (synopsis "Go library for extended compression")
+ (description "This is a collection of compression related libraries.
+The goal of this project is to provide pure Go implementations for popular
+compression algorithms bey ond what the Go standard library provides.")
+ (license (license:non-copyleft "file://LICENSE.md")))))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2WsFgwPCZwAACgkQ
YrJ+WmBEwoIoHg/+IcEBtjdaIrX9zGHF82rUHYMS3iYx0gm/+LnJJT1KyhPy13gl
ur8HvufPUHT+Bdp9dhmOQRxR7spGzMlwuKeXy9BWOAMYbSkEauBvorDihRZ5NIXV
oGQ1I+FPx0tZTDdkX4LS0V9FfQBdRtG7HnOFUWG04WMPuGrkxygTvjHYFC49+IWS
lvxmSnmUWKMzSbz4slm57WN7nT7qWLG/HoKlG4MiSDE71CKjNohRF8Ga2mG+bXmY
MGmqmuUocnM2k10je3jeNBi3Sc5uDN/wOV2CcQm9hvxHenSjl2qeV7gSJPZihgB3
1wo25rbrC/8Ay8s/685AEWvZyX5BOtzGKV105zxHBq1aTh6QQJGTg2CGYwHW1Ils
gHirARjDYTO38fy4IuEQsEAYtBVYyy3o/7k6g+ZPDM1Sx5t0MXippuBM10Htod7l
Oy1Xe+YFi2tONFTQn36Da4PV2EVA95/AzgbWZ2eimQyCYG08vQxjF1/dnkGwUPmB
CDLy+t6c5ey4jlrDOMwxmWqeOhnpQh2Gyy8kPqGYK70UcZJ7nlbtYUFwyI+ZyXN4
MPaEpptdMyuJjpMADm+Lupa9myMy/R5OHE4TIZD0Svecu6ufJvaxp5mvsqCWHmhw
74DN/UwfyxinzIiR0jqDW5y+FEtPgrfttym8EHtmOX08ccttUWJ0Bg09+TI=
=STG9
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:12
Re: [bug#42380] [PATCH 6/9] gnu: Add go-schwanenlied-me-yawning-bsaes
(address . 42380@debbugs.gnu.org)
20200915151216.GF13296@andel

From e88f0e94b84bd51ddf742577d60a5bcb19eff72b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:33:55 -0300
Subject: [PATCH] gnu: Add go-schwanenlied-me-yawning-bsaes.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-schwanenlied-me-yawning-bsaes): New variable.
---
gnu/packages/golang.scm | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)

Toggle diff (39 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 06c9faa286..7c68f36c2a 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5796,3 +5796,32 @@ Universal Resource Identifiers to uniquely identify objects.")
The goal of this project is to provide pure Go implementations for popular
compression algorithms bey ond what the Go standard library provides.")
(license (license:non-copyleft "file://LICENSE.md")))))
+
+(define-public go-schwanenlied-me-yawning-bsaes
+ (let ((commit "26d1add596b6d800bdeeb3bc3b2c7b316c056b6d")
+ (revision "0"))
+ (package
+ (name "go-schwanenlied-me-yawning-bsaes")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.schwanenlied.me/yawning/bsaes.git")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "0h4dsyw54n9rcwprqy93wv2v1gcvlq1vfqdp1g7wxdkq457rhvys"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "git.schwanenlied.me/yawning/bsaes.git"))
+ (home-page "https://git.schwanenlied.me/yawning/bsaes.git")
+ (synopsis "Go AES library")
+ (description "Portable pure-Go constant time Advanced Encryption
+Standard (AES) for eletronic data encryption. This implementation if
+based on code from [BearSSL](https://bearssl.org/). On AMD64 systems
+with hardware support for AES New Instructions (AES-NI) and a
+sufficiently recent Go runtime, it will transparently call crypto/aes
+when NewCipher is invoked.")
+ (license (license:non-copyleft "file://LICENSE.txt")))))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2dAFgwPCZwAACgkQ
YrJ+WmBEwoImxg/9GGJZjs/ZaaCYiSqJLoxwGob9la70qIYwRoxgxaGh/yGao4oa
RyM3n0C5TdcP59TdyeK5S5fHKSjQkoaFKeG38RZX7Rzeg7YVRZkQ8ROTDj2B7qSA
l4NWDom0dwijyFaQ/pgzCxr0+ctT0B8kwq45ZZOh4QvOGKJn55zGQxpRC9WOy2Wc
fsTQCgPncatcotHX5F9lrrTw1rjUMyi0ENt5fDGU0cBnSSOB39fCmpDrqYCR+21B
RPa4gafVAnAEP/otAWMDHY5ybM7HTqTmTO9kiELsvmFxTC1IUdP4MiRPiCw8KGxP
YmSE6MW0vdEibFydtVJsVcIjFVZw2MRa7950RLkXneZrsR7FHsNaHMgWCHbl2Yu0
vfmbhgCmu74VDBpSQ2D4fNqrc0CWnohe4YZb30m1jJ2pG3Nn9SbgfoT6TljMcXrc
NnNZSwaIQIf9wsjTwfbo6QmmQCg2C2Fv1+dQJKMZNgomBJaB5ZO6i/OjkncpAPEG
oMzl5whJgGwuNDEWUz3ZMFS+qRRigoap0k6KnWnTMAJajlp17nBvb1fiVngtuq/6
QVP2YYIkeZAzt/khx2AXeH8CAUjR9FGYaVzEYmHnAsiuAxbmGIG1eU2QXl2w1HwE
SyJXODwLVYhPhbLeK+3/C1Ld2h/fBeOOcEnHq75eUF3RPH9lG0DVSErAmYc=
=bbe1
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:14
Re: [bug#42380] [PATCH 7/9] gnu: Add go-gitlab-com-yawning-utls
(address . 42380@debbugs.gnu.org)
20200915151411.GG13296@andel

From 4f31263215dffb94e47a4c9e7256e095fb68c1e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:47:38 -0300
Subject: [PATCH] gnu: Add go-gitlab-com-yawning-utls.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-gitlab-com-yawning-utls): New variable.
---
gnu/packages/golang.scm | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)

Toggle diff (49 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 7c68f36c2a..55975d3e30 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -19,6 +19,7 @@
;;; Copyright © 2020 Jack Hill <jackhill@jackhill.us>
;;; Copyright © 2020 Jakub K?dzio?ka <kuba@kadziolka.net>
;;; Copyright © 2020 Nicolas Goaziou <mail@nicolasgoaziou.com>
+;;; Copyright © 2020 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -5825,3 +5826,34 @@ with hardware support for AES New Instructions (AES-NI) and a
sufficiently recent Go runtime, it will transparently call crypto/aes
when NewCipher is invoked.")
(license (license:non-copyleft "file://LICENSE.txt")))))
+
+(define-public go-gitlab-com-yawning-utls
+ (package
+ (name "go-gitlab-com-yawning-utls")
+ (version "0.0.10-1")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://gitlab.com/yawning/utls.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "15c46s56r45n22rmq9spnczydnkqrnxff28h5mpnk5yvcqif3lgb"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:tests? #f ;; Tries to connect and fails.
+ #:import-path "gitlab.com/yawning/utls.git"))
+ (propagated-inputs
+ `(("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+ ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+ ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)))
+ (home-page "https://gitlab.com/yawning/utls.git")
+ (synopsis "Go library for uTLS")
+ (description "This library is a fork of the main Transport Layer Security
+protocol in Go (crypto/tls) which provides ClientHello fingerprinting resistance,
+low level access to handshakes and fake session tickets among other features.
+This fork was made for the specific purpose of improving obfs4proxy's meek_lite
+transport protocol.")
+ (license license:gpl3+)))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2kIFgwPCZwAACgkQ
YrJ+WmBEwoJL9hAAhXX+DfZ0JbFWDMi5FM+zQNJkeA4PcC+jrdjRR2qDhNovBk6D
wb1y2Bx/uExkW4Byz2501klRlinXrXBoLqq3fv39e8EYc4AK3xDEmxGrvO65WwwO
1GvsDqwCgrl+kCuVADYA3NMWCvirCBYVE8tx37Psc8eLKXTzvTm2asoNiUhwtnQU
R+SyIamP/Xma/SlSAdmrLoBxFfZ8FEh/aj9FLA+GNeLLgdDk+wlbVvgZXAX0tz9B
jy9zN2IO/Ey06tL3ZGzPjMDlgI2YGaKkTMDkm0IGdtfosoOqveb3/yauPWJXeffW
l04p7wwKLhd/X/sEQltD8UZzDzl7cfoLwcx1DYiC0gRQNzLFzU6gDTW3PUdn/jz8
PnNOT6Ry7h5+jJNrwxBcbuNoJv15Q5x3ZXqkm2G1sACd86H8Mnu5/R4BcyBeM8i0
C/uEWSKT0fO3OFgWOEbjpz0ZC0Xqpx7DPI6kkNIKex9X84AdTqLgz0C9fPZneab3
vTob3ZQuV83zi5Z8V/lapC0CND4Os53dSXJaaBSsSwWspu0isspegxM6pswEXH3D
hNWvsooZipfJbnjge5EW7hOmBQxsS9BgqbM3GTmbwc+FgP31HIQ2MRtycJ1mPGVZ
6UtUbtGt5ie+9c63Qn7JI4TG3oz1pzAquQOBhJdMj/6LUyu4Ns82YDiFal8=
=dWJA
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:15
Re: [bug#42380] [PATCH 8/9] gnu: obfs4
(address . 42380@debbugs.gnu.org)
20200915151525.GH13296@andel

-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2o0FgwPCZwAACgkQ
YrJ+WmBEwoKlYg//Ya7faXpZVZgsJOLcEvw3OixhW1y0gnw26LBz/I8UWa2usAwN
hyo77cu6Cf7UhgHuk525LH5djJ6JCgHK3SHKbWXlHGo3otFnq9iqbZuXlZWWquRi
DQ0PWtvx2p1VxX7X2hERTeLix9Qjs4oR66WIbmNdgD5EsnYwcIowq65ZXRlBcc0B
svF1SnO6DEXyC7reuORK2Y5K7I3m9i9wqgPTIaXFr98nJd7LMrwUYHNiS8J/cdJU
qm0N0CpOiR8dntFD8laxrt3bnTGJqSdGP8yiRH7+K19w3WbPq2u3a0VXrsCkxcgl
5tKdSfbsKI2EA86pv0CeTMrkVfiRaflExFbYFQ1lL46eMIha34DTGVPNZ9bffZvQ
wbZatYBt12wK6Lx1MH4/4sSkAa0kv9Y6n9TiI/idp85xsEIrzF7BeWxQR35bjaez
UsGbCSG56pv6NZ1xU0dtPw482s/CLsTLF1p6gQdUfWlamES5udlD71kREtcjQVQg
8SLGTp/QcKUZCbN5El3RWQyVET0cJP6yZZjFuH6u67SzgYGtZqrZh4ThTozNU4BP
xzTDnZKOwe17kt2kUiJOEsJg+PlPJfBma6HiUpnhKUqeGNiAEmC2rhMO7ouDGJ1j
b37J7lHXGAf3Q12uAk4Rzo6H/y+6Y1UPhGYptexcQkmN+cPcZXbaf+PDfFY=
=O46u
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:16
Re: [bug#42380] [PATCH 9/9] gnu: Add torbrowser-unbundle
(name . Ludovic Courtès)(address . ludo@gnu.org)
20200915151614.GI13296@andel

-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2r0FgwPCZwAACgkQ
YrJ+WmBEwoKGGw/9HRnrHlU+lbO14mMyBmsIrredmncbnRjEN7remBa6S18rpd+E
7BQhDFd/r4/xy8t/5nbwn92vb/IXfAaXfFiN5tB4OwE7rbjUwMz1ArlcrH+RmE4L
qO8gH4MQqZvhm/ka0ISwnXRr077Jaz6eYQdh0vnffogoWuLLz8nzlCAr4R1Gvz2P
v5DtGBlFqmpBGIC7Y4os3Ro9MI0aqsNdOcrtIm9NICALDOoo3O+Ik+0FeqrgcZFB
gNC266E1oHY7UX4WIZV/dogBtYE8CXPsnDst+VHurtaxr0ExAkexAdcFKodHtQsN
SwmTw5GgEAc+B3GXgqgSmfGFeXJjXmLxbtb5dkn/Vgl0n/9b+6B5AZpC26BYEcQ9
8Y/4ru64iT5jYlKveXCYe1gK0fvyQad8AOllmiGm6lq2anS2T02JMAgQ3xUXAvXw
sqI0UADlW5OMLjwKrGAVIFb9MVXlfWEXzWwQ69gWH3So5kFFlHcWaaWkdAiE3hB5
5Jsdz8jfiWXWg2Pc7r2lEqsFDiRnO0Q1/U7WWuQg2tVpDkmSFZuSPs0GICBGjX/0
kW8lQehJhVJlYIEHss5bh8rR4Glc6svJt1notxcqM9mNHARPr6A9pbyFSctM0fgf
fCObXFma6f6ZKj/TerhYSSYVLvfqdvNEG/t2ulxwzDyQBuRlP9rptIJ6ej4=
=gmmN
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:23
Re: [bug#42380] Wow!
(name . Raghav Gururajan)(address . raghavgururajan@disroot.org)(address . 42380@debbugs.gnu.org)
20200915152332.GJ13296@andel
Hello Raghav,

sáb 12 set 2020 às 09:35:17 (1599914117), raghavgururajan@disroot.org enviou:
Toggle quote (3 lines)
>
> Thank you all for the hard work. This is a high-time package.

Thank you as well. :)

Toggle quote (3 lines)
> Any idea on when it can be merged to master?, at-least a minimally
> viable package?

As of now, I think it's a viable package, but there's still room
for improvement on its definition. If you also care that this
package is available on Guix, I guess the easiest and most
important thing to do right now is to apply the patch series
that I've sent, try it out and report back on your experience.

Happy hacking!
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g3HMFgwPCZwAACgkQ
YrJ+WmBEwoLTiBAAkEE12XTXYe15W4Z/u116sVByrHkXFhKQA8FNwnBxF3tnUlJk
xXXH6O3u6EQlkwSDbktqSSzpf0U27U7+/fGgLVS2OIG4FYlkxOw1cIM0ehkmcG5X
KgYoFHuibz059PZh+BYSr+Yu7gz+Hf7XwrySkgcBQlIo8OCI06t0VSuZMFZDoDre
k3nc/Up4idMZVmht/U/VLQ2ExANmYTb+IdM41WbdCZH3novMtch/0T1yciy4vDNl
3cYc/pAdVSILDPZVUl3ZsixcBKfRSGTuBs6k/GfmT41RFcm6t4Pc4sQW5jsPNToj
Rs1QCHIdlw148E/B7emsgulbNBCOG6dKeI6TTXukXC5351PsjiTt8puzZKXClR4k
GALFJJvo4U/EAG172F6wpkm8+BBUWLR1BzwNKjNWxAJA4zh2LRprenU/Gfq15i0H
Ooh2k4L5E/Zh6Cgi6InGdK2b21DTGGi0deszXO2zq+Zc9Fmm78ETNPodfSZhNdDe
+h+4YQLosAgjcjnRKUDQLCMbAXJOMkesIHRTQWz/iabC/UKUIIPhTDs676Ta2PSs
15nM1bmS0yQP893J32kiFeAVwo2xTcLeKCILlMP0tHrHEzArw1Y/lFNkUvLAyn2+
8m6sWlBX8UAhLwm/oSW//3BfmX/vhe0RFhs6M9JxRuoZTDn6Emm39ErVCHo=
=qajb
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 16 Sep 2020 00:50
Re: [bug#42380] [PATCH 2v2/9] gnu: Add go-github-com-agl-ed25519
(address . 42380@debbugs.gnu.org)
20200915225004.GA19089@andel
There was an indentation error which is fixed on this version.
From eee248ad09b5c90522be5cb3cb3f40d8ad73ec20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Tue, 15 Sep 2020 19:35:56 -0300
Subject: [PATCH] gnu: Add go-github-com-agl-ed25519.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-agl-ed25519): New variable.
---
gnu/packages/golang.scm | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)

Toggle diff (48 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 0bcb01fd2f..877295de72 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5680,3 +5680,41 @@ error messages.")
Transports are a means of connecting to the Tor Network from places where it
is censored.")
(license license:cc0)))
+
+(define-public go-github-com-agl-ed25519
+ (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")
+ (revision "0"))
+ (package
+ (name "go-github-com-agl-ed25519")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/agl/ed25519")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/agl/ed25519"
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'reset-gzip-timestamps 'make-files-writable
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (for-each (lambda (file) (chmod file #o644))
+ (find-files out "\\.gz"))
+ #t))))))
+ (home-page "https://github.com/agl/ed25519")
+ (synopsis "Go library for ed25519 public-key signatures")
+ (description "This library is a Go implementation of ed25519 public-key
+signature system which was designed to be faster than previous digital signature
+systems without sacrificing security. It is currently used in the
+implementation of obfs4 and should be not be used on newer projects since it
+is unmaintained. Newer software should use x-crypto instead.")
+ ;; License file is referred but it is missing. Probably because the
+ ;; author decided to discontinue the project.
+ (license (license:non-copyleft "file://ed25519.go")))))
--
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9hRRoFgwPCZwAACgkQ
YrJ+WmBEwoKMQw/+PKcY+cngB+hTyWXVAEW/3knNzriJczAY7UOnYqgHtjo0qukI
luWS21qF5ECB0kxCb5j5A3a+UxCq9rbJ7Skid2BTliKVXP3PSAlWjLHpf79ZuBJx
MOHQRN9QE3I3vymYwrEaASs/IA75V//3FK+xjTyrxffq6GrWXBsgPdZoTpIrWkb2
r6ZnkMTBSkmWiAdfsu/5f/XzcPo8AGccSAofostcUPsMgVJKNXDjcFL4D7syMZRw
0AUb+hmx66O4mDwVRELzRUNoz81F/NDIuMobOMiAKG/HT9ggWdZJUjPzjduvaD13
27Ehj+MNGL/4hGUF+/8QD6pxUCrJF/83VfR4qmNoITdlXeI7RhbFB8OmbWwf7X9R
G/Y/QlF6Imi9GIgvc3e/IZ1uGVji4bwo9dI6aNFV5ephzASVfAcI3XyicUedBCvG
UYmwOsLbAv5XQIJrW5hlLoS2Xj7+vAmYu6IuoppF/C2YT/63mVX6k0+dUjee/x4Z
+D46QK5kV33LjTeI4M1Zl63RekIY3ZDqBboz5OxAyzNhbtYRWEhJjLxbAwwSjjk0
fkPqmIgik7feQyZV41IslxSXgDJ/5eWgKOIBM06vCcmrDqROPFhT36o1lz7N+Xe4
uxzL5yWHBwGb73d+5c9o3mnt8EQDpoJWlCpbShAoaSlpMGDEpoodAJVmYFc=
=Z7ih
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 16 Sep 2020 00:53
Re: [bug#42380] [PATCH 3/9] gnu: Add go-github-com-dchest-siphash
(address . 42380@debbugs.gnu.org)
20200915225339.GB19089@andel
Just in case, the 'zero' on the subject was a mistake.

My apologies for the noise.
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9hRfIFgwPCZwAACgkQ
YrJ+WmBEwoJnRQ/+OpiRMFQNliCt2aO0tm8ebPH4OOvaN/ZUHi9ELhPHy+8KbQ4h
e3gHIO4bjXBg2P8aFOr2ZkM/fQqVNV8Elq5jBQOKw0qXMbb5wbnmN1X43B5ictrM
m+HTXULPuSMkgaOD9YvHN/0v/kP3giHQ3ECZI6No3e/2NyzVg7LOrYPSLNGHE0kX
b4NGaGSv7LbxXXea/OjjBWu9FG8v7AXSki5I8HU0FLBrp0UjfPK1KTCuRI0rrFf8
K3FVFrepfN17QT2G8eEAR2Xrk4Kv6QrOAHQtQBMY9kl4G5eduTVHxVBKBmF5l5Zu
DIIYVgeO4cKQ20zhgVSyY3dJ/I2hlfCkihDT0I/DbzW1huGoSTYTaxP5RzUs8CG0
/dlMv8cm27VRtcT/rBfZTmBbnzT4UtrPZAA8mKkxysHh2gFSi+33Zp1GPnU507Co
feWKE1q1npjfiUXCaJqfKD8O8KIyEU3F3h5GArG3pROdjCxKXJP9sJNXp5v/oMgG
9PJZwIRSquCWlvs6Xrt9CDWgMpDDzdE2cBJyY/FfuF9X4X4Q+j2jNfcDTD/N7Tu8
IcGdhn64ElXqEN9IsERCmLJYLsi6Ox/nSXtTt//34+dxH3P9ueKzkRVBBWG3ZpGo
uUDhSUZBWJWvWqKw+EPzglD1GCMV5Cu1cYXx+5xXKPSOBUZinnQHSpsT2ys=
=r7NT
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 25 Sep 2020 01:18
Re: [bug#42380] [PATCHv2 9/9] gnu: Add torbrowser-unbundle
(address . 42380@debbugs.gnu.org)
20200924231814.GA29727@andel
Hi,

This patch updates Tor Browser to version 10.0. I've done some
minor testing and everything seems to working. One thing that
will need attention in the future is the cleaning of the profile
dir, as the upgrade process does not touch it and so older configs
and extensions remain on user profile.

Main changes from the previous version are:
- added a new phase to merge pluggable transports preferences
into default tor-browser preferences before configuring the build
instead of applying them on user preferences at runtime.
- https-everywhere is now a builtin extension and requires further
steps to be available at the right place.
- defined %tbb-build in order to further differentiate
tor-browser and tor-browser-build version tags.
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9tKTQFgwPCZwAACgkQ
YrJ+WmBEwoLTcBAAoXcLdICQ4EJtxUSV2UeEaajxtBzGwjBLe1mwVDqELkilsQUW
akCa6Ix7+G2yWKioSHreJFaEjNGg9uyI1LjUTfH/3WXy6YUm5VyRe5JH+BTYKOPK
10B2ACQJceH4xfvLypWmgCijrNGwgH1yXxlAr15ivZ+wi4o3yza5i/13B8kLEIqP
KT9OEE507e0S954LREf5X7wam5x5YbiIfR3tQKBmQ4jEMAOfo4hWZ2H1ioXQaGlc
9ol1dtfAz1BQ6nVGG3qxEINsB/u+os1tikwHioOrMecpmv26ecHX1f6T5oXHwpGV
WEfYAT4fM2+kjRqlIogjmpmomDN/PRUZkNSbmL1P6o4rDGA+6yf5S68Nf+4D3uQ5
PXJGvHodtn4GNXU3OKzi12DOCGAJ6DLoVKphnpys4mMQ5XZI792Tuc9yG1pxRZHp
y+TtKod57sZJAWX8zENod72HcNaj4tO6M+0xDNfTJ9EXxQmNy82EWiw2yy1Y2z3t
ZpciG6XStVlVtJe9fy/Rfq0BTc6q5dwOAKM2dSB8bpuPNYXaDkShZwRQQsfoRXRs
Q09ZjnAWoy9aFfrpBsT87JhfumYf84dxGSKNfV8mb3G0C/ITE08gjFcRMvWcJjeC
tWpTYH8qvJiM0HN01/+0yeEF1/sDnKBHM6TVCk/f38++7a+rWo1VYX1k4f0=
=9051
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 7 Oct 2020 17:51
Re: [bug#42380] [PATCHv3 9/9] gnu: Add torbrowser-unbundle.
(address . 42380@debbugs.gnu.org)
20201007155154.GA5226@andel
Hello Guix,

This new version of the patch addresses the following:
- inherits definition from icecat[1];
- use source tarballs for tor-browser and tor-launcher[2];
- does not define torbutton anymore (it is bundled with tor-browser);
- unbundles some system libs (nss, nspr, zlib, libevent and icu)

1. There are four phases which are almost exact copies from icecat.
I've tried to use let, define and package-properties to remove the
hardcoded strings which are in the way of inheritance, but I've had
no success. The phases are: 'install-icons,
'apply-guix-specific-patches, 'neutralise-store-references and
'wrap-program. Maybe someone here can shed a light.

2. Those tarballs and also the one used for fonts are not kept for
long on dist.torproject.org. Usually they are removed when there is
a new browser version. So this will be a problem for time-machine.
On the other hand, the git repos for fonts and torbrowser source
are huge, so I'm unsure which would be preferable.
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl995BgFgwPCZwAACgkQ
YrJ+WmBEwoIPjg/+MTXmNKaGr7v6ic5Srea6X7irui9QqX/cNA6M6d4CoO0uCfFf
/9oMoVBGTpCSXVo4YtX2Imrha3WR+aXw1qoA6bZzsnncTbbL0IKlMVStrFJIRcaT
jDogvlVqoES31d0wWWSnCf3V8iZ+u9HkOVCxbNtt6KFR1defU57/TrkEaVDksdwZ
2EMNRZIRl7yWTF2MCuJf9QqwwalJBHmEB9G/72xgitCT68CEus24EIaBQcBAfyYV
eR9JsTTEAsHHznN+oq1OXKIAqApYXOPaDJ6qb+OnpIl9I3BmriujczKmXQjqk43F
RBqBCEwEiyNOSarLYz6WDb3xVw+VCm9sum+YC4J43xRcK1LVO+EePDbRc4XbM7gR
llVgNSZ8fpM9lQ9EYZITFUe+Rvp6h+zC4y0TahRFbuk3QQxX+SSS7N7xQGFjaZ7r
ubLyp7+7cijQHf87hp65Cf6SxgLQJDJ5Zj1vASMf51omzSLZ1/LEhdM0tfnzUiXN
YIF7gVjRph3IfJf8+nZGeyIY/iaoNTzOeEys3LB7d+kyYqBsu9Bas28/SScOkylz
Bx2JraGnaU9CJRWwYmtpGThp/3vkjAfU8yqFwGs4P8fZRmVIJSlto5/2MPADIZfE
Vf9GmCjZU36t5hRPAazGYoWHWSVWIn0mAKWSqRVlDxVpJXfxvTouFPymRQE=
=ZV9i
-----END PGP SIGNATURE-----


X
X
Xinglu Chen wrote on 25 May 2021 17:05
Re: [bug#42380] Wow!
(address . 42380@debbugs.gnu.org)
87zgwic0qc.fsf@yoctocell.xyz
What’s the status of these patches? I would love to see Tor Browser in
Guix!
-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEAVhh4yyK5+SEykIzrPUJmaL7XHkFAmCtEksVHHB1YmxpY0B5
b2N0b2NlbGwueHl6AAoJEKz1CZmi+1x5M2EQALpc+Ot1lSCgCFl9I2Xi8PbhDER+
LKhLz4j1F2cKCiTirQDLeL4Kj5nNrZepAG/xmPhp4tBqW3yEKpB88ZGBVkw9R+01
88AKk9mmv8/ntYJxyJcSFQpr6ykiYpU0OpHGsO8eWafWeJUputou/yxJgI9j5mZ+
qNmqQLmwWPmsPILf5v9eZGws0lxKlWZW+0xJ0ncqlRXdjZQ9ItLIluQClVvxEdxO
VRzposL1dTGpAes4EoWHH26wvMkIeuIXcgY5e+jV73BlS93iamOUxHgK3f0GJYI8
RtxHot36f2ZfmbQfCu0V3CGVropnZXAS2pvEjFsxkgbscDgq5wTUlgZjw0a5BmA3
fJdHbuwWNrC/0LNrYR0PXM7pSkgqH4RJeQgSRbiC7SaNSSJssR0OtaIHfJQAuO3B
igeKy6wyYKvv7jta+cgqWvTcS3zlaTNa9hBWl6aUaJ5NujwI3zyVrXf1tn7vm5Ay
ZmOeUiaKSiNZ0NJxnfMlzpl/AZYlbQZhGNSevLiMPytpqnPIdXIV7q+7HE3FzugA
j7HZ4sR0sRQPdpDlqAQOpGjIzBfwH6+Na2YQESnFsJ4pKKNskSCUk8fkTin+y+sk
9pIRL+TwItaByR2P7iBC1ZcFy5QAihJuHIisxxlD0HB496MLGcZNCCXzpxR12tBz
LlHilrTkIVwoo0zE
=Haxm
-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 25 May 2021 21:12
(name . Xinglu Chen)(address . public@yoctocell.xyz)
YK1MClOxWNySPXCM@jasmine.lan
On Tue, May 25, 2021 at 05:05:47PM +0200, Xinglu Chen wrote:
Toggle quote (3 lines)
> What’s the status of these patches? I would love to see Tor Browser in
> Guix!

Does this package build the Tor browser from source? Or is it just a
launcher, like the Debian package?

My understanding is that the Tor people discourage anyone else from
distributing builds of the Tor browser.

If it builds from source, we should probably call it something besides
"Tor browser", since it will be different from the official Tor browser
due to the unbundling and other changes.

Also, if it builds from source, it will be easy to identify users of
this package as being Guix users and since the Guix userbase is
relatively small, it will be much easier than usual to positively
identify the person using the package.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmCtTAoACgkQJkb6MLrK
fwhm9w/9ExpGL0cHdCwAAAgHxF80ID1W+CSAquENFHuwgBp5h8wZ34G9B4vd8q5j
GDR5/fHJSZgftRiRgAH5yXxqg/tm0xzrFqGn4pFDyv24yybBd76YvlAoN5j/i1Hd
dRIY9oAkTHjF6XmT+wWciVNOEG/ScTstmtkaJvhzML4L5wfFJlm+naJ2DTOT+PnH
RLMO/civaHXpKXYC9EzRCrTTJpYRJEftLyKUY6OMYBVv0pChU4ZkL/jqzXahx140
TUtyJJt5Fw97LlsCbEkgutb29ouoc8XFxsoha0uzsTZ3fR66WhOHPduYcuHUk05B
AnSAAMj17FCtD2c/cd+DK9QEHeRHxtM2tz7HU+NzS7MRPjCdzacYS9bxi9MpLJle
4xL8xZZ2d2XxT/W0GNCjyVx/Co0QyWnFzWyYMxcwmBl4lA4kAOdbV0Q5iApg6QnZ
OvHp2C42Y7T4H37DBBSYxDMsY4fNwoBnOMZJVOu7kSHJ5E/koBOSTwGzdiwOwLdX
E7wrbuLWNWsUAMb5sZIrrwYluWeaU3uHHpv7YCNBEy4nvAJ9fIoIbi8zS7IeESeE
gxNIYyU0Ma5eOoOXD/8vxPKviAmc//n+sIxcAsdt7vL0Ss9EjzRcOvY+g8WD/5He
Vk4NjBwzJyZMyr/rQva0v7FkBSK33XGo9k8IYMIdCHN6OwwT++o=
=pZWh
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 25 May 2021 23:24
(name . Leo Famulari)(address . leo@famulari.name)
87tumqwlqm.fsf@gnu.org
Hi,

Leo Famulari <leo@famulari.name> skribis:

Toggle quote (7 lines)
> On Tue, May 25, 2021 at 05:05:47PM +0200, Xinglu Chen wrote:
>> What’s the status of these patches? I would love to see Tor Browser in
>> Guix!
>
> Does this package build the Tor browser from source? Or is it just a
> launcher, like the Debian package?

It builds from source.

And sorry for dropping the ball, André! If anyone’s willing to give it
a try and report back, or to comment on the patch, that’d be great.

Toggle quote (12 lines)
> My understanding is that the Tor people discourage anyone else from
> distributing builds of the Tor browser.
>
> If it builds from source, we should probably call it something besides
> "Tor browser", since it will be different from the official Tor browser
> due to the unbundling and other changes.
>
> Also, if it builds from source, it will be easy to identify users of
> this package as being Guix users and since the Guix userbase is
> relatively small, it will be much easier than usual to positively
> identify the person using the package.

Good points. I think we could ask the Tor Browser folks (we met with a
couple of them at Reproducible Builds Summits in the past and I’m
confident we’d understand each other :-)).

Thanks,
Ludo’.
A
A
André Batista wrote on 28 May 2021 03:45
(name . Ludovic Courtès)(address . ludo@gnu.org)
YLBLT5y08LIuYQba@andel
Hi,

ter 25 mai 2021 às 23:24:01 (1621995841), ludo@gnu.org enviou:
Toggle quote (7 lines)
> Leo Famulari <leo@famulari.name> skribis:
>
> > Does this package build the Tor browser from source? Or is it just a
> > launcher, like the Debian package?
>
> It builds from source.

Apart from noscript which Tor Browser itself does not build from source
and https-everywhere which at the time I thought I'd be able to build
from source but I got stuck on rust dependency nightmare and had to
delay. Unfortunately, this issue still remains to be solved.

Toggle quote (3 lines)
> And sorry for dropping the ball, André! If anyone’s willing to give it
> a try and report back, or to comment on the patch, that’d be great.

No problem, Ludo, it was lacking feedback and I know it's somewhat a
big and delicate piece of software to be merging without it.

Toggle quote (3 lines)
> > My understanding is that the Tor people discourage anyone else from
> > distributing builds of the Tor browser.

That's also my understanding, however I do think that building from
source is: 1. the very core of software freedom, despite the relevance
other concerns such as diminishing anonymity set; 2. one of the main
strenghts and what Guix strives for.

Toggle quote (4 lines)
> > If it builds from source, we should probably call it something besides
> > "Tor browser", since it will be different from the official Tor browser
> > due to the unbundling and other changes.

I've initially called the package definition "torbrowser-unbundle" and
also inserted a warning that it was _not_ official Tor Browser, but I
did not try to patch sources to rename the browser as it appears after
installed. I can both agree to another name that makes it clearly
appart from the official browser by Tor Project ("nottorbrowser?",
"onionbrowser?") and to work on a patching sources to remove the user
visible name and logo, if it's deemed necessary. (That may take a while
however).

Toggle quote (5 lines)
> > Also, if it builds from source, it will be easy to identify users of
> > this package as being Guix users and since the Guix userbase is
> > relatively small, it will be much easier than usual to positively
> > identify the person using the package.

I've tested it with panopticlick.eff.org and it's user identifying bits
remain the same as the official Tor Browser. That said, panopticlick
is certainly not a silver bullet and you have grounds to be concerned.
If someone were to need/want the very best assurances on anonymity set,
I'd advise not to risk it and go with the larger crowd.

On the other hand, until not long ago and maybe currently still, guix
users were using IceCat with tor and that's a much more telling tale.

Toggle quote (4 lines)
> Good points. I think we could ask the Tor Browser folks (we met with a
> couple of them at Reproducible Builds Summits in the past and I’m
> confident we’d understand each other :-)).

That would be great :)

In the mean time, I'll take this as an invitation to send a new patch
version with the latest Tor Browser stable. I've made some minor
improvements such as using tarballs from archive.torproject.org instead
of {git|dist}.torproject.org.

Since they are planning a new stable release in the next few days, I'll
take the time to work on a reproducibility issue that have arised with
the new zip routine to package extensions inside omni.ja which affected
the timestamps, at least the way I did it.

Cheers,
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 0/9] gnu: Add torbrowser-unbundle.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
cover.1622687706.git.nandre@riseup.net
*** Updated patch series to add torbrowser-unbundle current stable ***

The first 8 patches are identical to the previous versions, except
they've been updated to reflect line number changes on current guix.

Tor Browser is now built mainly from tarballs, except for
tor-browser-builder which needs a git repo. torbutton is not defined
anymore since it's already bundled.

The browser is fully working, but there are still two issues I'd like
to solve: 1. build extensions from source; 2. make it deterministic
again. I've left comments on code if anyone cares to try and solve
them before I get the time to give it another go.

Cheers,

André Batista (9):
gnu: Add go-torproject-org-ptlib.
gnu: Add go-github-com-agl-ed25519.
gnu: Add go-github-com-dchest-siphash.
gnu: Add go-github-com-dchest-uniuri.
gnu: Add go-github-com-dsnet-compress.
gnu: Add go-schwanenlied-me-yawning-bsaes.
gnu: Add go-gitlab-com-yawning-utls.
gnu: Add obfs4.
gnu: Add torbrowser-unbundle.

gnu/local.mk | 3 +
gnu/packages/golang.scm | 201 +++++
.../patches/torbrowser-start-desktop.patch | 22 +
.../patches/torbrowser-start-script.patch | 181 +++++
gnu/packages/tor.scm | 755 +++++++++++++++++-
5 files changed, 1159 insertions(+), 3 deletions(-)
create mode 100644 gnu/packages/patches/torbrowser-start-desktop.patch
create mode 100644 gnu/packages/patches/torbrowser-start-script.patch

--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 1/9] gnu: Add go-torproject-org-ptlib.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
e45bafa36d125947224ceed1dffc6e8f8e0e8438.1622687706.git.nandre@riseup.net
* gnu/packages/golang.scm (go-torproject-org-ptlib): New variable.

Toggle diff (42 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 8c3c81ceda..940f38af76 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -25,6 +25,7 @@
;;; Copyright © 2020 Martin Becze <mjbecze@riseup.net>
;;; Copyright © 2021 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
+;;; Copyright © 2021 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -7033,3 +7034,27 @@ simplifications, and enforces style rules.")
"This package provides a library for fast, structured, leveled logging in
Go.")
(license license:expat)))
+
+(define-public go-torproject-org-ptlib
+ (package
+ (name "go-torproject-org-ptlib")
+ (version "1.1.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/pluggable-transports/goptlib.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1lh938194hvkf8pqgnxwf6hvjv9rv0j3kasi07r2ckrj8sxzk4jc"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "git.torproject.org/pluggable-transports/goptlib.git"))
+ (home-page "https://git.torproject.org/pluggable-transports/goptlib.git")
+ (synopsis "Go library for Tor Pluggable Transports")
+ (description "Library for writing Tor Pluggable Transports in Go. Pluggable
+Transports are a means of connecting to the Tor Network from places where it
+is censored.")
+ (license license:cc0)))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 2/9] gnu: Add go-github-com-agl-ed25519.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
99af7879a93ec3f94030b3e3cb266949f67d824b.1622687706.git.nandre@riseup.net
* gnu/packages/golang.scm (go-github-com-agl-ed25519): New variable.

Toggle diff (48 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 940f38af76..2569d450b2 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -7058,3 +7058,41 @@ Go.")
Transports are a means of connecting to the Tor Network from places where it
is censored.")
(license license:cc0)))
+
+(define-public go-github-com-agl-ed25519
+ (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")
+ (revision "0"))
+ (package
+ (name "go-github-com-agl-ed25519")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/agl/ed25519")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/agl/ed25519"
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'reset-gzip-timestamps 'make-files-writable
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (for-each (lambda (file) (chmod file #o644))
+ (find-files out "\\.gz"))
+ #t))))))
+ (home-page "https://github.com/agl/ed25519")
+ (synopsis "Go library for ed25519 public-key signatures")
+ (description "This library is a Go implementation of ed25519 public-key
+signature system which was designed to be faster than previous digital signature
+systems without sacrificing security. It is currently used in the
+implementation of obfs4 and should be not be used on newer projects since it
+is unmaintained. Newer software should use x-crypto instead.")
+ ;; License file is referred but it is missing. Probably because the
+ ;; author decided to discontinue the project.
+ (license (license:non-copyleft "file://ed25519.go")))))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 3/9] gnu: Add go-github-com-dchest-siphash.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
61cb1458a6f5a8f42637e08b0d76837b65aeb57b.1622687706.git.nandre@riseup.net
* gnu/packages/golang.scm (go-github-com-dchest-siphash): New variable.

Toggle diff (37 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 2569d450b2..037163766d 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -7096,3 +7096,30 @@ is unmaintained. Newer software should use x-crypto instead.")
;; License file is referred but it is missing. Probably because the
;; author decided to discontinue the project.
(license (license:non-copyleft "file://ed25519.go")))))
+
+(define-public go-github-com-dchest-siphash
+ (let ((commit "34f201214d993633bb24f418ba11736ab8b55aa7")
+ (revision "0"))
+ (package
+ (name "go-github-com-dchest-siphash")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dchest/siphash")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "08s076y7vmjqnq7jz0762hkm896r6r31v8b31a3gy0n8rfa01k8k"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dchest/siphash"))
+ (home-page "https://github.com/dchest/siphash")
+ (synopsis "Go library for siphash")
+ (description "Go implementation of SipHash-2-4, a fast short-input
+Pseudo Random Function which is suitable for usage in message authentication
+codes and was based on the design created by Jean-Philippe Aumasson and Daniel
+J. Bernstein. ")
+ (license license:cc0))))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 4/9] gnu: Add go-github-com-dchest-uniuri.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
b2cc6770b58badbe54a7f476bf87b9ba2058bc42.1622687706.git.nandre@riseup.net
* gnu/packages/golang.scm (go-github-com-dchest-uniuri): New variable.

Toggle diff (35 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 037163766d..08b5b6ba9b 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -7123,3 +7123,28 @@ Pseudo Random Function which is suitable for usage in message authentication
codes and was based on the design created by Jean-Philippe Aumasson and Daniel
J. Bernstein. ")
(license license:cc0))))
+
+(define-public go-github-com-dchest-uniuri
+ (let ((commit "8902c56451e9b58ff940bbe5fec35d5f9c04584a")
+ (revision "0"))
+ (package
+ (name "go-github-com-dchest-uniuri")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dchest/uniuri")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "1x5bsbm1nlphsv96zd0rbclfaa1swpz5bp14x7s5dbxp0awk2gd4"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dchest/uniuri"))
+ (home-page "https://github.com/dchest/uniuri")
+ (synopsis "Go library for random URIs")
+ (description "Package uniuri generates random strings good for use in
+Universal Resource Identifiers to uniquely identify objects.")
+ (license license:cc0))))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 5/9] gnu: Add go-github-com-dsnet-compress.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
e6be05ea33f1acae969c44a8426e7953735e57ae.1622687706.git.nandre@riseup.net
* gnu/packages/golang.scm (go-github-com-dsnet-compress): New variable.

Toggle diff (36 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 08b5b6ba9b..f554a8305e 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -7148,3 +7148,29 @@ J. Bernstein. ")
(description "Package uniuri generates random strings good for use in
Universal Resource Identifiers to uniquely identify objects.")
(license license:cc0))))
+
+(define-public go-github-com-dsnet-compress
+ (let ((commit "cc9eb1d7ad760af14e8f918698f745e80377af4f")
+ (revision "0"))
+ (package
+ (name "go-github-com-dsnet-compress")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/dsnet/compress")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "159liclywmyb6zx88ga5gn42hfl4cpk1660zss87fkx31hdq9fgx"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/dsnet/compress"))
+ (home-page "https://github.com/dsnet/compress")
+ (synopsis "Go library for extended compression")
+ (description "This is a collection of compression related libraries.
+The goal of this project is to provide pure Go implementations for popular
+compression algorithms bey ond what the Go standard library provides.")
+ (license (license:non-copyleft "file://LICENSE.md")))))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 6/9] gnu: Add go-schwanenlied-me-yawning-bsaes.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
b572a429973f81504bf35aa905d046bf6aa13dc5.1622687706.git.nandre@riseup.net
* gnu/packages/golang.scm (go-schwanenlied-me-yawning-bsaes): New variable.

Toggle diff (39 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index f554a8305e..6cf7ffc90c 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -7174,3 +7174,32 @@ Universal Resource Identifiers to uniquely identify objects.")
The goal of this project is to provide pure Go implementations for popular
compression algorithms bey ond what the Go standard library provides.")
(license (license:non-copyleft "file://LICENSE.md")))))
+
+(define-public go-schwanenlied-me-yawning-bsaes
+ (let ((commit "26d1add596b6d800bdeeb3bc3b2c7b316c056b6d")
+ (revision "0"))
+ (package
+ (name "go-schwanenlied-me-yawning-bsaes")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.schwanenlied.me/yawning/bsaes.git")
+ (commit commit)))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "0h4dsyw54n9rcwprqy93wv2v1gcvlq1vfqdp1g7wxdkq457rhvys"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "git.schwanenlied.me/yawning/bsaes.git"))
+ (home-page "https://git.schwanenlied.me/yawning/bsaes.git")
+ (synopsis "Go AES library")
+ (description "Portable pure-Go constant time Advanced Encryption
+Standard (AES) for eletronic data encryption. This implementation if
+based on code from [BearSSL](https://bearssl.org/). On AMD64 systems
+with hardware support for AES New Instructions (AES-NI) and a
+sufficiently recent Go runtime, it will transparently call crypto/aes
+when NewCipher is invoked.")
+ (license (license:non-copyleft "file://LICENSE.txt")))))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 7/9] gnu: Add go-gitlab-com-yawning-utls.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
0b503bc2bfa00635409e47182aa575ebc4448c3d.1622687706.git.nandre@riseup.net
* gnu/packages/golang.scm (go-gitlab-com-yawning-utls): New variable.

Toggle diff (41 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 6cf7ffc90c..b4e8c1f338 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -7203,3 +7203,34 @@ with hardware support for AES New Instructions (AES-NI) and a
sufficiently recent Go runtime, it will transparently call crypto/aes
when NewCipher is invoked.")
(license (license:non-copyleft "file://LICENSE.txt")))))
+
+(define-public go-gitlab-com-yawning-utls
+ (package
+ (name "go-gitlab-com-yawning-utls")
+ (version "0.0.10-1")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://gitlab.com/yawning/utls.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "15c46s56r45n22rmq9spnczydnkqrnxff28h5mpnk5yvcqif3lgb"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:tests? #f ;; Tries to connect and fails.
+ #:import-path "gitlab.com/yawning/utls.git"))
+ (propagated-inputs
+ `(("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+ ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+ ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)))
+ (home-page "https://gitlab.com/yawning/utls.git")
+ (synopsis "Go library for uTLS")
+ (description "This library is a fork of the main Transport Layer Security
+protocol in Go (crypto/tls) which provides ClientHello fingerprinting resistance,
+low level access to handshakes and fake session tickets among other features.
+This fork was made for the specific purpose of improving obfs4proxy's meek_lite
+transport protocol.")
+ (license license:gpl3+)))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 8/9] gnu: Add obfs4.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
66abc6eeaeab68a209c54740678b64f1d96ecd87.1622687706.git.nandre@riseup.net
* gnu/packages/tor.scm (obfs4): New variable.
* Alphabetically order module imports.

Toggle diff (110 lines)
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index bd11dd3a75..52d78cba79 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -9,7 +9,7 @@
;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com>
;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
-;;; Copyright © 2020 André Batista <nandre@riseup.net>
+;;; Copyright © 2020, 2021 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -33,13 +33,16 @@
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system go)
#:use-module (guix build-system python)
#:use-module (gnu packages)
+ #:use-module (gnu packages autotools)
#:use-module (gnu packages base)
- #:use-module (gnu packages libevent)
- #:use-module (gnu packages linux)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
+ #:use-module (gnu packages golang)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages linux)
#:use-module (gnu packages pcre)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
@@ -423,3 +426,75 @@ statistics and status reports on:
Potential client and exit connections are scrubbed of sensitive information.")
(license license:gpl3+)))
+
+(define-public obfs4
+ (package
+ (name "obfs4")
+ (version "0.0.11")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/pluggable-transports/obfs4.git")
+ (commit (string-append "obfs4proxy-" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1y2kjwrk64l1h8b87m4iqsanib5rn68gzkdri1vd132qrlypycjn"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "git.torproject.org/pluggable-transports/obfs4.git"
+ #:tests? #f ;; No test files
+ #:phases
+ (modify-phases %standard-phases
+ (replace 'build
+ (lambda* (#:key outputs configure-flags #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (copy-recursively
+ "src/git.torproject.org/pluggable-transports/obfs4.git"
+ "src/gitlab.com/yawning/obfs4.git"
+ #:log (%make-void-port "w"))
+ (with-directory-excursion
+ "src/git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy"
+ (invoke "go" "build" "-ldflags" "-s"))
+ #t)))
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (src "src/git.torproject.org/pluggable-transports/obfs4.git")
+ (bin (string-append out "/bin"))
+ (share (string-append out "/share"))
+ (doc (string-append share "/doc"))
+ (man (string-append share "/man/man1")))
+ (mkdir-p man)
+ (mkdir bin)
+ (mkdir doc)
+ (with-directory-excursion
+ (string-append src "/obfs4proxy")
+ (copy-file "obfs4proxy"
+ (string-append bin "/obfs4proxy")))
+ (with-directory-excursion
+ (string-append src "/doc")
+ (copy-file "obfs4proxy.1"
+ (string-append man "/obfs4proxy.1"))
+ (copy-file "obfs4-spec.txt"
+ (string-append doc "/obfs4-spec.txt")))
+ #t))))))
+ (propagated-inputs
+ `(("go-torproject-org-ptlib" ,go-torproject-org-ptlib)
+ ("go-github-com-agl-ed25519" ,go-github-com-agl-ed25519)
+ ("go-github-com-dchest-siphash" ,go-github-com-dchest-siphash)
+ ("go-github-com-dchest-uniuri" ,go-github-com-dchest-uniuri)
+ ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+ ("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+ ("go-gitlab-com-yawning-utls" ,go-gitlab-com-yawning-utls)
+ ("go-golang-org-x-net" ,go-golang-org-x-net)
+ ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)
+ ("go-golang-org-x-text" ,go-golang-org-x-text)))
+ (home-page "https://git.torproject.org/pluggable-transports/obfs4.git")
+ (synopsis "Obfs4 implements an obfuscation protocol")
+ (description "This is a look-like nothing obfuscation protocol that
+incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.
+The obfs naming was chosen primarily because it was shorter, in terms of
+protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")
+ (license license:gpl3+)))
--
2.31.1
A
A
André Batista wrote on 3 Jun 2021 05:17
[PATCH v4 9/9] gnu: Add torbrowser-unbundle.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
88c9104dbc255f94f73b0dae2dad41ae23cc3448.1622687706.git.nandre@riseup.net
* gnu/packages/tor.scm (torbrowser-unbundle): New variable.
* gnu/packages/patches/torbrowser-start-desktop.patch: New file.
* gnu/packages/patches/torbrowser-start-script.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.

create mode 100644 gnu/packages/patches/torbrowser-start-desktop.patch
create mode 100644 gnu/packages/patches/torbrowser-start-script.patch

Toggle diff (444 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index a5820b5827..c5fdb8fc16 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -42,6 +42,7 @@
# Copyright © 2021 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
# Copyright © 2021 Philip McGrath <philip@philipmcgrath.com>
# Copyright © 2021 Arun Isaac <arunisaac@systemreboot.net>
+# Copyright © 2021 André Batista <nandre@riseup.net>
#
# This file is part of GNU Guix.
#
@@ -1739,6 +1740,8 @@ dist_patch_DATA = \
%D%/packages/patches/tipp10-qt5.patch \
%D%/packages/patches/tk-find-library.patch \
%D%/packages/patches/tla2tools-build-xml.patch \
+ %D%/packages/patches/torbrowser-start-desktop.patch \
+ %D%/packages/patches/torbrowser-start-script.patch \
%D%/packages/patches/transcode-ffmpeg.patch \
%D%/packages/patches/transmission-honor-localedir.patch \
%D%/packages/patches/ttf2eot-cstddef.patch \
diff --git a/gnu/packages/patches/torbrowser-start-desktop.patch b/gnu/packages/patches/torbrowser-start-desktop.patch
new file mode 100644
index 0000000000..6832ed363b
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-desktop.patch
@@ -0,0 +1,22 @@
+Change TorBrowser desktop file in order for it to be agnostic to the
+path when invoked.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop.orig 2020-07-05 18:47:40.689484877 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop 2020-07-24 14:36:37.720579884 -0300
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env ./Browser/execdesktop
++#!/usr/bin/env bash
+ #
+ # This file is a self-modifying .desktop file that can be run from the shell.
+ # It preserves arguments and environment for the start-tor-browser script.
+@@ -28,7 +28,7 @@
+ GenericName=Web Browser
+ Comment=Tor Browser is +1 for privacy and −1 for mass surveillance
+ Categories=Network;WebBrowser;Security;
+-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k
+-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
+-Icon=web-browser
++Exec=sh -c start-tor-browser
++X-TorBrowser-ExecShell=start-tor-browser --detach
++Icon=torbrowser
+ StartupWMClass=Tor Browser
diff --git a/gnu/packages/patches/torbrowser-start-script.patch b/gnu/packages/patches/torbrowser-start-script.patch
new file mode 100644
index 0000000000..b8c8d9a26a
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-script.patch
@@ -0,0 +1,181 @@
+Change TorBrowser startup script in order for it to setup needed files
+outside guix store. Remove tests which are not needed on guix system.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.orig 2020-07-05 18:47:40.685485004 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser 2020-07-23 18:13:32.426282743 -0300
+@@ -5,6 +5,14 @@
+ #
+ # Copyright 2017 The Tor Project. See LICENSE for licensing information.
+
++TBB_HOME="${HOME}/.local/share/torbrowser"
++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"
++TBB_DATA="${TBB_HOME}/Data"
++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"
++TBB_STORE_PATH=$(dirname $(realpath "$0"))
++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"
++TORRC="${TBB_DATA}/Tor/torrc-defaults"
++
+ complain_dialog_title="Tor Browser"
+
+ # First, make sure DISPLAY is set. If it isn't, we're hosed; scream
+@@ -134,8 +142,8 @@
+ ;;
+ -l | --log)
+ if [ -z "$2" -o "${2:0:1}" == "-" ]; then
+- printf "Logging Tor Browser debug information to tor-browser.log\n"
+- logfile="../tor-browser.log"
++ printf "Logging Tor Browser debug information to torbrowser.log\n"
++ logfile="${TBB_LOGFILE}"
+ elif [ "${2:0:1}" == "/" -o "${2:0:1}" == "~" ]; then
+ printf "Logging Tor Browser debug information to %s\n" "$2"
+ logfile="$2"
+@@ -187,41 +195,22 @@
+ export XAUTHORITY
+ fi
+
+-# If this script is being run through a symlink, we need to know where
+-# in the filesystem the script itself is, not where the symlink is.
+-myname="$0"
+-if [ -L "$myname" ]; then
+- # XXX readlink is not POSIX, but is present in GNU coreutils
+- # and on FreeBSD. Unfortunately, the -f option (which follows
+- # a whole chain of symlinks until it reaches a non-symlink
+- # path name) is a GNUism, so we have to have a fallback for
+- # FreeBSD. Fortunately, FreeBSD has realpath instead;
+- # unfortunately, that's also non-POSIX and is not present in
+- # GNU coreutils.
+- #
+- # If this launcher were a C program, we could just use the
+- # realpath function, which *is* POSIX. Too bad POSIX didn't
+- # make that function accessible to shell scripts.
+-
+- # If realpath is available, use it; it Does The Right Thing.
+- possibly_my_real_name="`realpath "$myname" 2>/dev/null`"
+- if [ "$?" -eq 0 ]; then
+- myname="$possibly_my_real_name"
+- else
+- # realpath is not available; hopefully readlink -f works.
+- myname="`readlink -f "$myname" 2>/dev/null`"
+- if [ "$?" -ne 0 ]; then
+- # Ugh.
+- complain "start-tor-browser cannot be run using a symlink on this operating system."
+- fi
+- fi
++# Try to be agnostic to where we're being started from, check if files are on its
++# default paths and chdir to TBB_HOME
++if [ -e "${TORRC}" ]; then
++ cd "${TBB_HOME}"
++else
++ mkdir -p "${TBB_HOME}"
++ cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
++ chmod -R 700 "${TBB_HOME}"
++ mkdir -p "${TBB_PROFILE}"
++ echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\
++ > "${TBB_PROFILE}/user.js"
++ echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
++ >> "${TORRC}"
++ cd "${TBB_HOME}"
+ fi
+
+-# Try to be agnostic to where we're being started from, chdir to where
+-# the script is.
+-mydir="`dirname "$myname"`"
+-test -d "$mydir" && cd "$mydir"
+-
+ # If ${PWD} results in a zero length string, we can try something else...
+ if [ ! "${PWD}" ]; then
+ # "hacking around some braindamage"
+@@ -236,16 +225,9 @@
+ ln -nsf ~/.config/ibus/bus .config/ibus
+ fi
+
+-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from the
+-# canonical version if it was changed by the updater.
+-cp start-tor-browser.desktop ../
+-sed -i -e "s,^Name=.*,Name=Tor Browser,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Icon=.*,Icon=$PWD/browser/chrome/icons/default/default128.png,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Exec=.*,Exec=sh -c '\"$PWD/start-tor-browser\" --detach || ([ ! -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Browser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop
+-
+ if [ "$register_desktop_app" -eq 1 ]; then
+ mkdir -p "$HOME/.local/share/applications/"
+- cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
++ cp "${TBB_STORE_PATH}/start-tor-browser.desktop" "$HOME/.local/share/applications/"
+ update-desktop-database "$HOME/.local/share/applications/"
+ printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"
+ exit 0
+@@ -265,21 +247,6 @@
+ HOME="${PWD}"
+ export HOME
+
+-SYSARCHITECTURE=$(getconf LONG_BIT)
+-TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
+-
+-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
+- complain "Wrong architecture? 32-bit vs. 64-bit."
+- exit 1
+-fi
+-
+-[% IF c("var/asan") -%]
+-# We need to disable LSan which is enabled by default now. Otherwise we'll get
+-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59
+-ASAN_OPTIONS="detect_leaks=0"
+-export ASAN_OPTIONS
+-[% END -%]
+-
+ function setControlPortPasswd() {
+ local ctrlPasswd=$1
+
+@@ -342,13 +309,15 @@
+ # your password in the following line where the word “secret” is:
+ setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'}
+
+-# Set up custom bundled fonts. See fonts-conf(5).
+-export FONTCONFIG_PATH="${HOME}/TorBrowser/Data/fontconfig"
+-export FONTCONFIG_FILE="fonts.conf"
+-
+ # Avoid overwriting user's dconf values. Fixes #27903.
+ export GSETTINGS_BACKEND=memory
+
++# Set up custom bundled fonts. See fonts-conf(5).
++export FONTCONFIG_FILE="${HOME}/Data/fontconfig/fonts.conf"
++
++sed -i "${FONTCONFIG_FILE}"\
++ -e "s,<dir>fonts</dir>,<dir>${TBB_STORE_PATH}/fonts</dir>,"
++
+ cd "${HOME}"
+
+ # We pass all additional command-line arguments we get to Firefox.
+@@ -357,23 +326,23 @@
+
+ if [ "$show_usage" -eq 1 ]; then
+ # Display Firefox help, then our help
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default --help 2>/dev/null
+ tbb_usage
+ elif [ "$detach" -eq 1 ] ; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
+ disown "$!"
+ elif [ "$log_output" -eq 1 -a "$show_output" -eq 1 ]; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
+ tee "$logfile"
+ elif [ "$show_output" -eq 1 ]; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" < /dev/null
+ else
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
+ fi
+
+ exit $?
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 52d78cba79..bfb1ac1841 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -498,3 +498,677 @@ incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.
The obfs naming was chosen primarily because it was shorter, in terms of
protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")
(license license:gpl3+)))
+
+;; torbrowser and tor-browser-builder build versions are not always in sync
+(define %torbrowser-version "78.11.0esr-10.0-1")
+(define %tbb-build-version "10.0.17")
+(define %torbrowser-build "build1")
+(define %tbb-build "build1")
+(define %torbrowser-build-id "20210602000000");must be of the form YYYYMMDDhhmmss
+
+;; Fonts for Tor Browser. Avoid downloading 4Gb+ git repo on
+;; https://github.com/googlei18n/noto-fonts.git to use just a handful.
+;; Use the fonts on Tor Browser release tarball.
+(define torbrowser-fonts
+ (package
+ (name "torbrowser-fonts")
+ (version %tbb-build-version)
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://archive.torproject.org/tor-package-archive/torbrowser/"
+ version "/tor-browser-linux64-"
+ version "_en-US.tar.xz"))
+ (sha256
+ (base32
+ "13x38n1cvqmxjz0jf2fda8lx2k25szzmg7gvv08z3q5na7109m2m"))))
+ (build-system trivial-build-system)
+ (native-inputs
+ `(("tar" ,tar)
+ ("xz" ,xz)))
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (let ((src (assoc-ref %build-inputs "source"))
+ (src-dir "tor-browser_en-US/Browser/fonts")
+ (fonts (string-append %output "/share/fonts"))
+ (tar (assoc-ref %build-inputs "tar"))
+ (xz (assoc-ref %build-inputs "xz")))
+ (mkdir-p fonts)
+ (format #t "Untaring torbrowser ball ...~%")
+ (invoke (string-append tar "/bin/tar") "-xf" src
+ "-C" fonts "--strip-components=3"
+ (string-append "--use-compress-program=" xz "/bin/xz")
+ src-dir)
+ #t))))
+ (home-page "https://github.com/googlei18n/noto-fonts")
+ (synopsis "Tor Browser bundled fonts")
+ (description "Free fonts bundled with Tor Browser. Includes a subset of Noto,
+Arimo, Cousine, Tinos and STIX fonts.")
+ (license license:silofl1.1)))
+
+(define tor-browser-build
+ (let ((commit (string-append "tbb-desktop-" %tbb-build-version
+ "-" %tbb-build)))
+ (package
+ (name "tor-browser-build")
+ (version %tbb-build-version)
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/builders/tor-browser-build.git")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1qwgghy79wx0w1yz132yyaln4g42s72133n6gbdf07rkf5n44izc"))))
+ (build-system trivial-build-system)
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (format #t "Copying build scripts ...~%")
+ (copy-recursively (string-append
+ (assoc-ref %build-inputs "source")
+ "/projects/tor-browser")
+ %output
+ #:log (%make-void-port "w")))))
+ (home-page "https://www.torproject.org")
+ (synopsis "Tor Browser build scripts")
+ (description "Tor Browser runtime scripts.")
+ (license (license:non-copyleft "file://LICENSE")))))
+
+(define tor-launcher
+ (package
+ (name "tor-launcher")
+ (version "0.2.28")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://archive.torproject.org/tor-package-archive/torbrowser/"
+ %tbb-build-version "/src-" name "-"
+ version ".tar.xz"))
+ (sha256
+ (base32
+ "0mbd1q46d8nqisn6n79sp6m29332ymb2pf13xzgq1ml7rfcy6jjy"))))
+ (build-system trivial-build-system)
+ (native-inputs
+ `(("tar" ,tar)
+ ("xz" ,xz)))
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (format #t "Extracting source ...~%")
+ (let ((src (assoc-ref %build-inputs "source"))
+ (tar (assoc-ref %build-inputs "tar"))
+ (xz (assoc-ref %build-inputs "xz")))
+ (mkdir-p %output)
+ (format #t "Extracting source ...~%")
+ (invoke (string-append tar "/bin/tar") "-xf" src
+ "-C" %output "--strip-components=1"
+ (string-append "--use-compress-program=" xz "/bin/xz"))))))
+ (home-page "https://www.torproject.org")
+ (synopsis "Tor Browser built-in controler extension")
+ (description "Browser extension that starts the tor process (which
+connects the browser and other applications to the Tor Network), and
+which helps people configure and use @code{tor}. The first window that
+you see when you start Tor Browser is displayed by this extension.")
+ (license (license:non-copyleft "file://src/LICENSE"))))
+
+(define https-everywhere-lib-wasm
+ (let ((commit "45b1622f1240659aca4762fa336aad1322d6d50f"))
+ (package
+ (name "https-everywhere-lib-wasm")
+ (version "2021.4.15")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/EFForg/https-everywhere-lib-wasm")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1lq62rzypdzmnnzvfns3ccvv1g7p7g9s8jx788zzigr3gnmkpffx"))))
+ (build-system trivial-build-system)
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (format #t "Copying source ...~%")
+ (copy-recursively (assoc-ref %build-inputs "source")
+ %output
+ #:log (%make-void-port "w")))))
+ (home-page "https://github.com/EFForg/https-everywhere-lib-wasm")
+ (synopsis "Browser extension for protection against known attacks")
+ (description "Browser extension that protects users from a range of
+known attacks on web browsing activity such as Cross-site scripting, clickjack and
+makes possible for the users to block or choose on a per site basis which remote
+javascript to run while browsing the web.")
+ (license license:gpl2+))))
+
+;; Both https-everywhere and noscript are rellying on some precompiled code for now.
+;; Also read on the work on chromium extensions on gnu/build/chromium-extensions.scm
+;; to see if can be adapted.
+(define-public https-everywhere
+ (package
+ (name "https-everywhere")
+ (version "2021.4.15")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/EFForg/" name "/archive/"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1bknx8l8gxmpwb13pvn6pdbavknci8q0jhygdaz50ilc1xld89i3"))))
+ (build-system trivial-build-system)
+ (native-inputs
+ `(("bash" ,bash)
+ ("coreutils" ,coreutils)
+ ("findutils" ,findutils)
+ ("git" ,git)
+ ("grep" ,grep)
+ ("gzip" ,gzip)
+ ("https-everywhere-lib-wasm"
+ ,https-everywhere-lib-wasm)
+ ("libxml2" ,libxml2)
+ ("libxslt" ,libxslt)
+ ("openssl" ,openssl)
+ ("python" ,python)
+ ("rsync" ,rsync)
+ ("sed" ,sed)
+ ("tar" ,tar)
+ ("util-linux" ,util-linux) ; for getopt
+ ("xxd" ,xxd)
+ ("which" ,which)
+ ("zip" ,zip)))
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (let ((src (assoc-ref %build-inputs "source"))
+ (httpse-libwasm (assoc-ref %build-inputs
+ "https-everywhere-lib-wasm"))
+ (bash (assoc-ref %build-inputs "bash"))
+ (coreutils (assoc-ref %build-inputs "coreutils"))
+ (python (assoc-ref %build-inputs "python"))
+ (openssl (assoc-ref %build-inputs
This message was truncated. Download the full message here.
A
A
André Batista wrote on 3 Jun 2021 06:10
[PATCH v5 9/9] gnu: Add torbrowser-unbundle.
(address . 42380@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
347e91d0ce7f96882f70a081b208c388153cd6b8.1622693271.git.nandre@riseup.net
* gnu/packages/tor.scm (torbrowser-unbundle): New variable.
* gnu/packages/patches/torbrowser-start-desktop.patch: New file.
* gnu/packages/patches/torbrowser-start-script.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.

create mode 100644 gnu/packages/patches/torbrowser-start-desktop.patch
create mode 100644 gnu/packages/patches/torbrowser-start-script.patch

Toggle diff (455 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index a5820b5827..c5fdb8fc16 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -42,6 +42,7 @@
# Copyright © 2021 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
# Copyright © 2021 Philip McGrath <philip@philipmcgrath.com>
# Copyright © 2021 Arun Isaac <arunisaac@systemreboot.net>
+# Copyright © 2021 André Batista <nandre@riseup.net>
#
# This file is part of GNU Guix.
#
@@ -1739,6 +1740,8 @@ dist_patch_DATA = \
%D%/packages/patches/tipp10-qt5.patch \
%D%/packages/patches/tk-find-library.patch \
%D%/packages/patches/tla2tools-build-xml.patch \
+ %D%/packages/patches/torbrowser-start-desktop.patch \
+ %D%/packages/patches/torbrowser-start-script.patch \
%D%/packages/patches/transcode-ffmpeg.patch \
%D%/packages/patches/transmission-honor-localedir.patch \
%D%/packages/patches/ttf2eot-cstddef.patch \
diff --git a/gnu/packages/patches/torbrowser-start-desktop.patch b/gnu/packages/patches/torbrowser-start-desktop.patch
new file mode 100644
index 0000000000..6832ed363b
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-desktop.patch
@@ -0,0 +1,22 @@
+Change TorBrowser desktop file in order for it to be agnostic to the
+path when invoked.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop.orig 2020-07-05 18:47:40.689484877 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop 2020-07-24 14:36:37.720579884 -0300
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env ./Browser/execdesktop
++#!/usr/bin/env bash
+ #
+ # This file is a self-modifying .desktop file that can be run from the shell.
+ # It preserves arguments and environment for the start-tor-browser script.
+@@ -28,7 +28,7 @@
+ GenericName=Web Browser
+ Comment=Tor Browser is +1 for privacy and −1 for mass surveillance
+ Categories=Network;WebBrowser;Security;
+-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k
+-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
+-Icon=web-browser
++Exec=sh -c start-tor-browser
++X-TorBrowser-ExecShell=start-tor-browser --detach
++Icon=torbrowser
+ StartupWMClass=Tor Browser
diff --git a/gnu/packages/patches/torbrowser-start-script.patch b/gnu/packages/patches/torbrowser-start-script.patch
new file mode 100644
index 0000000000..b8c8d9a26a
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-script.patch
@@ -0,0 +1,181 @@
+Change TorBrowser startup script in order for it to setup needed files
+outside guix store. Remove tests which are not needed on guix system.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.orig 2020-07-05 18:47:40.685485004 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser 2020-07-23 18:13:32.426282743 -0300
+@@ -5,6 +5,14 @@
+ #
+ # Copyright 2017 The Tor Project. See LICENSE for licensing information.
+
++TBB_HOME="${HOME}/.local/share/torbrowser"
++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"
++TBB_DATA="${TBB_HOME}/Data"
++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"
++TBB_STORE_PATH=$(dirname $(realpath "$0"))
++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"
++TORRC="${TBB_DATA}/Tor/torrc-defaults"
++
+ complain_dialog_title="Tor Browser"
+
+ # First, make sure DISPLAY is set. If it isn't, we're hosed; scream
+@@ -134,8 +142,8 @@
+ ;;
+ -l | --log)
+ if [ -z "$2" -o "${2:0:1}" == "-" ]; then
+- printf "Logging Tor Browser debug information to tor-browser.log\n"
+- logfile="../tor-browser.log"
++ printf "Logging Tor Browser debug information to torbrowser.log\n"
++ logfile="${TBB_LOGFILE}"
+ elif [ "${2:0:1}" == "/" -o "${2:0:1}" == "~" ]; then
+ printf "Logging Tor Browser debug information to %s\n" "$2"
+ logfile="$2"
+@@ -187,41 +195,22 @@
+ export XAUTHORITY
+ fi
+
+-# If this script is being run through a symlink, we need to know where
+-# in the filesystem the script itself is, not where the symlink is.
+-myname="$0"
+-if [ -L "$myname" ]; then
+- # XXX readlink is not POSIX, but is present in GNU coreutils
+- # and on FreeBSD. Unfortunately, the -f option (which follows
+- # a whole chain of symlinks until it reaches a non-symlink
+- # path name) is a GNUism, so we have to have a fallback for
+- # FreeBSD. Fortunately, FreeBSD has realpath instead;
+- # unfortunately, that's also non-POSIX and is not present in
+- # GNU coreutils.
+- #
+- # If this launcher were a C program, we could just use the
+- # realpath function, which *is* POSIX. Too bad POSIX didn't
+- # make that function accessible to shell scripts.
+-
+- # If realpath is available, use it; it Does The Right Thing.
+- possibly_my_real_name="`realpath "$myname" 2>/dev/null`"
+- if [ "$?" -eq 0 ]; then
+- myname="$possibly_my_real_name"
+- else
+- # realpath is not available; hopefully readlink -f works.
+- myname="`readlink -f "$myname" 2>/dev/null`"
+- if [ "$?" -ne 0 ]; then
+- # Ugh.
+- complain "start-tor-browser cannot be run using a symlink on this operating system."
+- fi
+- fi
++# Try to be agnostic to where we're being started from, check if files are on its
++# default paths and chdir to TBB_HOME
++if [ -e "${TORRC}" ]; then
++ cd "${TBB_HOME}"
++else
++ mkdir -p "${TBB_HOME}"
++ cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
++ chmod -R 700 "${TBB_HOME}"
++ mkdir -p "${TBB_PROFILE}"
++ echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\
++ > "${TBB_PROFILE}/user.js"
++ echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
++ >> "${TORRC}"
++ cd "${TBB_HOME}"
+ fi
+
+-# Try to be agnostic to where we're being started from, chdir to where
+-# the script is.
+-mydir="`dirname "$myname"`"
+-test -d "$mydir" && cd "$mydir"
+-
+ # If ${PWD} results in a zero length string, we can try something else...
+ if [ ! "${PWD}" ]; then
+ # "hacking around some braindamage"
+@@ -236,16 +225,9 @@
+ ln -nsf ~/.config/ibus/bus .config/ibus
+ fi
+
+-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from the
+-# canonical version if it was changed by the updater.
+-cp start-tor-browser.desktop ../
+-sed -i -e "s,^Name=.*,Name=Tor Browser,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Icon=.*,Icon=$PWD/browser/chrome/icons/default/default128.png,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Exec=.*,Exec=sh -c '\"$PWD/start-tor-browser\" --detach || ([ ! -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Browser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop
+-
+ if [ "$register_desktop_app" -eq 1 ]; then
+ mkdir -p "$HOME/.local/share/applications/"
+- cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
++ cp "${TBB_STORE_PATH}/start-tor-browser.desktop" "$HOME/.local/share/applications/"
+ update-desktop-database "$HOME/.local/share/applications/"
+ printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"
+ exit 0
+@@ -265,21 +247,6 @@
+ HOME="${PWD}"
+ export HOME
+
+-SYSARCHITECTURE=$(getconf LONG_BIT)
+-TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
+-
+-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
+- complain "Wrong architecture? 32-bit vs. 64-bit."
+- exit 1
+-fi
+-
+-[% IF c("var/asan") -%]
+-# We need to disable LSan which is enabled by default now. Otherwise we'll get
+-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59
+-ASAN_OPTIONS="detect_leaks=0"
+-export ASAN_OPTIONS
+-[% END -%]
+-
+ function setControlPortPasswd() {
+ local ctrlPasswd=$1
+
+@@ -342,13 +309,15 @@
+ # your password in the following line where the word “secret” is:
+ setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'}
+
+-# Set up custom bundled fonts. See fonts-conf(5).
+-export FONTCONFIG_PATH="${HOME}/TorBrowser/Data/fontconfig"
+-export FONTCONFIG_FILE="fonts.conf"
+-
+ # Avoid overwriting user's dconf values. Fixes #27903.
+ export GSETTINGS_BACKEND=memory
+
++# Set up custom bundled fonts. See fonts-conf(5).
++export FONTCONFIG_FILE="${HOME}/Data/fontconfig/fonts.conf"
++
++sed -i "${FONTCONFIG_FILE}"\
++ -e "s,<dir>fonts</dir>,<dir>${TBB_STORE_PATH}/fonts</dir>,"
++
+ cd "${HOME}"
+
+ # We pass all additional command-line arguments we get to Firefox.
+@@ -357,23 +326,23 @@
+
+ if [ "$show_usage" -eq 1 ]; then
+ # Display Firefox help, then our help
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default --help 2>/dev/null
+ tbb_usage
+ elif [ "$detach" -eq 1 ] ; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
+ disown "$!"
+ elif [ "$log_output" -eq 1 -a "$show_output" -eq 1 ]; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
+ tee "$logfile"
+ elif [ "$show_output" -eq 1 ]; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" < /dev/null
+ else
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
+ fi
+
+ exit $?
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 52d78cba79..d5832b19df 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -28,31 +28,71 @@
(define-module (gnu packages tor)
#:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix gexp)
+ #:use-module (guix monads)
#:use-module (guix packages)
#:use-module (guix utils)
+ #:use-module (guix store)
#:use-module (guix download)
#:use-module (guix git-download)
- #:use-module (guix build-system gnu)
+ #:use-module (guix build-system cargo)
#:use-module (guix build-system go)
+ #:use-module (guix build-system gnu)
#:use-module (guix build-system python)
+ #:use-module (guix build-system trivial)
#:use-module (gnu packages)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages audio)
#:use-module (gnu packages autotools)
#:use-module (gnu packages base)
+ #:use-module (gnu packages bash)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages databases)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
#:use-module (gnu packages golang)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages gnuzilla)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages libcanberra)
#:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages nss)
#:use-module (gnu packages pcre)
+ #:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
#:use-module (gnu packages python-crypto)
#:use-module (gnu packages python-web)
#:use-module (gnu packages python-xyz)
#:use-module (gnu packages qt)
- #:use-module (gnu packages autotools)
+ #:use-module (gnu packages readline)
+ #:use-module (gnu packages rsync) ; for httpse
+ #:use-module (gnu packages rust)
+ #:use-module (gnu packages rust-apps)
+ #:use-module (gnu packages sqlite)
#:use-module (gnu packages tls)
- #:use-module (gnu packages w3m))
+ #:use-module (gnu packages version-control)
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages vim) ; for xxd
+ #:use-module (gnu packages w3m)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xiph)
+ #:use-module (gnu packages xorg)
+ #:use-module (gnu packages xml) ; for httpse
+ #:use-module (ice-9 match)
+ #:use-module ((srfi srfi-1) #:hide (zip)))
(define-public tor
(package
@@ -498,3 +538,677 @@ incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.
The obfs naming was chosen primarily because it was shorter, in terms of
protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")
(license license:gpl3+)))
+
+;; torbrowser and tor-browser-builder build versions are not always in sync
+(define %torbrowser-version "78.11.0esr-10.0-1")
+(define %tbb-build-version "10.0.17")
+(define %torbrowser-build "build1")
+(define %tbb-build "build1")
+(define %torbrowser-build-id "20210602000000");must be of the form YYYYMMDDhhmmss
+
+;; Fonts for Tor Browser. Avoid downloading 4Gb+ git repo on
+;; https://github.com/googlei18n/noto-fonts.git to use just a handful.
+;; Use the fonts on Tor Browser release tarball.
+(define torbrowser-fonts
+ (package
+ (name "torbrowser-fonts")
+ (version %tbb-build-version)
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://archive.torproject.org/tor-package-archive/torbrowser/"
+ version "/tor-browser-linux64-"
+ version "_en-US.tar.xz"))
+ (sha256
+ (base32
+ "13x38n1cvqmxjz0jf2fda8lx2k25szzmg7gvv08z3q5na7109m2m"))))
+ (build-system trivial-build-system)
+ (native-inputs
+ `(("tar" ,tar)
+ ("xz" ,xz)))
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (let ((src (assoc-ref %build-inputs "source"))
+ (src-dir "tor-browser_en-US/Browser/fonts")
+ (fonts (string-append %output "/share/fonts"))
+ (tar (assoc-ref %build-inputs "tar"))
+ (xz (assoc-ref %build-inputs "xz")))
+ (mkdir-p fonts)
+ (format #t "Untaring torbrowser ball ...~%")
+ (invoke (string-append tar "/bin/tar") "-xf" src
+ "-C" fonts "--strip-components=3"
+ (string-append "--use-compress-program=" xz "/bin/xz")
+ src-dir)
+ #t))))
+ (home-page "https://github.com/googlei18n/noto-fonts")
+ (synopsis "Tor Browser bundled fonts")
+ (description "Free fonts bundled with Tor Browser. Includes a subset of Noto,
+Arimo, Cousine, Tinos and STIX fonts.")
+ (license license:silofl1.1)))
+
+(define tor-browser-build
+ (let ((commit (string-append "tbb-desktop-" %tbb-build-version
+ "-" %tbb-build)))
+ (package
+ (name "tor-browser-build")
+ (version %tbb-build-version)
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.torproject.org/builders/tor-browser-build.git")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1qwgghy79wx0w1yz132yyaln4g42s72133n6gbdf07rkf5n44izc"))))
+ (build-system trivial-build-system)
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (format #t "Copying build scripts ...~%")
+ (copy-recursively (string-append
+ (assoc-ref %build-inputs "source")
+ "/projects/tor-browser")
+ %output
+ #:log (%make-void-port "w")))))
+ (home-page "https://www.torproject.org")
+ (synopsis "Tor Browser build scripts")
+ (description "Tor Browser runtime scripts.")
+ (license (license:non-copyleft "file://LICENSE")))))
+
+(define tor-launcher
+ (package
+ (name "tor-launcher")
+ (version "0.2.28")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://archive.torproject.org/tor-package-archive/torbrowser/"
+ %tbb-build-version "/src-" name "-"
+ version ".tar.xz"))
+ (sha256
+ (base32
+ "0mbd1q46d8nqisn6n79sp6m29332ymb2pf13xzgq1ml7rfcy6jjy"))))
+ (build-system trivial-build-system)
+ (native-inputs
+ `(("tar" ,tar)
+ ("xz" ,xz)))
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (format #t "Extracting source ...~%")
+ (let ((src (assoc-ref %build-inputs "source"))
+ (tar (assoc-ref %build-inputs "tar"))
+ (xz (assoc-ref %build-inputs "xz")))
+ (mkdir-p %output)
+ (format #t "Extracting source ...~%")
+ (invoke (string-append tar "/bin/tar") "-xf" src
+ "-C" %output "--strip-components=1"
+ (string-append "--use-compress-program=" xz "/bin/xz"))))))
+ (home-page "https://www.torproject.org")
+ (synopsis "Tor Browser built-in controler extension")
+ (description "Browser extension that starts the tor process (which
+connects the browser and other applications to the Tor Network), and
+which helps people configure and use @code{tor}. The first window that
+you see when you start Tor Browser is displayed by this extension.")
+ (license (license:non-copyleft "file://src/LICENSE"))))
+
+(define https-everywhere-lib-wasm
+ (let ((commit "45b1622f1240659aca4762fa336aad1322d6d50f"))
+ (package
+ (name "https-everywhere-lib-wasm")
+ (version "2021.4.15")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/EFForg/https-everywhere-lib-wasm")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1lq62rzypdzmnnzvfns3ccvv1g7p7g9s8jx788zzigr3gnmkpffx"))))
+ (build-system trivial
This message was truncated. Download the full message here.
L
L
Ludovic Courtès wrote on 3 Jun 2021 22:43
Re: [bug#42380] Wow!
(name . André Batista)(address . nandre@riseup.net)
874keeu1aw.fsf@gnu.org
Hi,

André Batista <nandre@riseup.net> skribis:

Toggle quote (5 lines)
> Apart from noscript which Tor Browser itself does not build from source
> and https-everywhere which at the time I thought I'd be able to build
> from source but I got stuck on rust dependency nightmare and had to
> delay. Unfortunately, this issue still remains to be solved.

OK, not too bad.

Toggle quote (8 lines)
>> > My understanding is that the Tor people discourage anyone else from
>> > distributing builds of the Tor browser.
>
> That's also my understanding, however I do think that building from
> source is: 1. the very core of software freedom, despite the relevance
> other concerns such as diminishing anonymity set; 2. one of the main
> strenghts and what Guix strives for.

+1

Toggle quote (10 lines)
> In the mean time, I'll take this as an invitation to send a new patch
> version with the latest Tor Browser stable. I've made some minor
> improvements such as using tarballs from archive.torproject.org instead
> of {git|dist}.torproject.org.
>
> Since they are planning a new stable release in the next few days, I'll
> take the time to work on a reproducibility issue that have arised with
> the new zip routine to package extensions inside omni.ja which affected
> the timestamps, at least the way I did it.

Exciting, thank you!

Ludo’.
M
M
Maxime Devos wrote on 3 Jun 2021 23:07
Re: [bug#42380] [PATCH v5 9/9] gnu: Add torbrowser-unbundle.
a3611bc9dfe53af64c944de2a522b5d7bca2066c.camel@telenet.be
Some comments, maybe the have already been addressed previously:

Toggle quote (24 lines)
> +++ b/gnu/packages/patches/torbrowser-start-desktop.patch
> @@ -0,0 +1,22 @@
> +Change TorBrowser desktop file in order for it to be agnostic to the
> +path when invoked.
> +
> +--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop.orig 2020-07-05 18:47:40.689484877 -0300
> ++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop 2020-07-24 14:36:37.720579884 -0300
> +@@ -1,4 +1,4 @@
> +-#!/usr/bin/env ./Browser/execdesktop
> ++#!/usr/bin/env bash
> + #
> + # This file is a self-modifying .desktop file that can be run from the shell.
> + # It preserves arguments and environment for the start-tor-browser script.
> +@@ -28,7 +28,7 @@
> + GenericName=Web Browser
> + Comment=Tor Browser is +1 for privacy and −1 for mass surveillance
> + Categories=Network;WebBrowser;Security;
> +-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k
> +-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
> +-Icon=web-browser
> ++Exec=sh -c start-tor-browser
> ++X-TorBrowser-ExecShell=start-tor-browser --detach
> ++Icon=torbrowser

What's the reason for switching the icon from web-browser to torbrowser?
Also, the guixy way would be to simply replace "$(dirname "$*")/STUFF"
by /gnu/store/[...]/MORE-STUF/STUFF.

Otherwise, you're assuming "sh" is in the profile. It would also
be possible to replace "sh" with (string-append (assoc-ref inputs "bash") "/bin/sh")
I guess.

Toggle quote (35 lines)
> + StartupWMClass=Tor Browser
> diff --git a/gnu/packages/patches/torbrowser-start-script.patch b/gnu/packages/patches/torbrowser-start-script.patch
> new file mode 100644
> index 0000000000..b8c8d9a26a
> --- /dev/null
> +++ b/gnu/packages/patches/torbrowser-start-script.patch
> @@ -0,0 +1,181 @@
> +Change TorBrowser startup script in order for it to setup needed files
> +outside guix store. Remove tests which are not needed on guix system.
> +
> +--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.orig 2020-07-05 18:47:40.685485004 -0300
> ++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser 2020-07-23 18:13:32.426282743 -0300
> +@@ -5,6 +5,14 @@
> + #
> + # Copyright 2017 The Tor Project. See LICENSE for licensing information.
> +
> ++TBB_HOME="${HOME}/.local/share/torbrowser"
> ++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"
> ++TBB_DATA="${TBB_HOME}/Data"
> ++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"
> ++TBB_STORE_PATH=$(dirname $(realpath "$0"))
> ++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"
> ++TORRC="${TBB_DATA}/Tor/torrc-defaults"
> ++
> + complain_dialog_title="Tor Browser"
> +
> + # First, make sure DISPLAY is set. If it isn't, we're hosed; scream
> +@@ -134,8 +142,8 @@
> + ;;
> + -l | --log)
> + if [ -z "$2" -o "${2:0:1}" == "-" ]; then
> +- printf "Logging Tor Browser debug information to tor-browser.log\n"
> +- logfile="../tor-browser.log"
> ++ printf "Logging Tor Browser debug information to torbrowser.log\n"

Why rename tor-browser.log to torbrowser.log?

Toggle quote (17 lines)
> + [...]
> ++# Try to be agnostic to where we're being started from, check if files are on its
> ++# default paths and chdir to TBB_HOME
> ++if [ -e "${TORRC}" ]; then
> ++ cd "${TBB_HOME}"
> ++else
> ++ mkdir -p "${TBB_HOME}"
> ++ cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
> ++ chmod -R 700 "${TBB_HOME}"
> ++ mkdir -p "${TBB_PROFILE}"
> ++ echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\
> ++ > "${TBB_PROFILE}/user.js"
> ++ echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
> ++ >> "${TORRC}"
> ++ cd "${TBB_HOME}"
> + fi

"mkdir" and "cp" are from coreutils, which are not guaranteed to be in
the profile. I'd suggest:

(1) (preferred) use substitute* in a build phase to replace
'mkdir' and 'cp' & co with the absolute store path
(2) or add coreutils to propagated-inputs

Likewise for sed.

Toggle quote (10 lines)
> [...]
>
> + if [ "$register_desktop_app" -eq 1 ]; then
> + mkdir -p "$HOME/.local/share/applications/"
> +- cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
> ++ cp "${TBB_STORE_PATH}/start-tor-browser.desktop" "$HOME/.local/share/applications/"
> + update-desktop-database "$HOME/.local/share/applications/"
> + printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"
> + exit 0

Is this required on Guix and would it work well on Guix? Copying .desktop files around
seems counter to ‘Guix suppots transactional upgrades and roll-backs, [...]. [...]
reproducible operating systems’ and not very functional. Shouldn't
"guix install torbrowser-unbundle" be sufficient?

noscript seems an useful extension for IceCat as well.
Maybe move it to gnuzilla.scm? Maybe move https-everywhere
there as well? (Separate issue: https-everywhere seems to
be bundled in IceCat ...)

Toggle quote (25 lines)
> +(define https-everywhere-lib-wasm
> + (let ((commit "45b1622f1240659aca4762fa336aad1322d6d50f"))
> + (package
> + (name "https-everywhere-lib-wasm")
> + (version "2021.4.15")
> + (source
> + (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "https://github.com/EFForg/https-everywhere-lib-wasm")
> + (commit commit)))
> + (file-name (git-file-name name version))
> + (sha256
> + (base32
> + "1lq62rzypdzmnnzvfns3ccvv1g7p7g9s8jx788zzigr3gnmkpffx"))))
> + (build-system trivial-build-system)
> + (arguments
> + `(#:modules ((guix build utils))
> + #:builder (begin
> + (use-modules (guix build utils))
> + (format #t "Copying source ...~%")
> + (copy-recursively (assoc-ref %build-inputs "source")
> + %output
> + #:log (%make-void-port "w")))))

Why are you copying the source code to somewhere else?
This doesn't seem to accomplish anything. I would suggest
something like:

;; Source code of ‘HTTPS Everywhere WASM Library’,
;; licensed as license:lgpl2.1+, used in 'https-everywhere'
;; as an input.
(define https-everywhere-lib-wasm/source-code
(origin (method git-fetch) [...]))

Note that you can use 'origin' objects in 'inputs' and 'native-inputs'.


Toggle quote (8 lines)
> + (synopsis "Browser extension for protection against known attacks")
> + (description "Browser extension that protects users from a range of
> +known attacks on web browsing activity such as Cross-site scripting, clickjack and
> +makes possible for the users to block or choose on a per site basis which remote
> +javascript to run while browsing the web.")
> + (license license:gpl2+))))

The license file seems to tell something different: LGPL2.1+ instead of GPL2+:


Toggle quote (5 lines)
> [...]
> + (native-inputs
> + `(("https-everywhere" ,https-everywhere)
> + ("noscript" ,noscript)

noscript and https-everywhere seem more like 'inputs' than
'native-inputs' to me, but IIUC they are source-code only
and not compiled, so it doesn't really matter here I guess.

Toggle quote (22 lines)
> [...]
> + (add-after 'unpack 'make-bundle
> + (lambda* (#:key inputs native-inputs #:allow-other-keys)
> + (let ((tor-launcher (assoc-ref inputs "tor-launcher"))
> + (tor-launcher-dir "browser/extensions/tor-launcher")
> + (tbb (assoc-ref inputs "tor-browser-build"))
> + (tbb-scripts-dir "tbb-scripts"))
> +
> + (format #t "Copying tor-launcher ...~%")
> + (copy-recursively tor-launcher tor-launcher-dir
> + #:log (%make-void-port "w"))
> + (format #t "Copying tor-browser-build ...~%")
> + (mkdir tbb-scripts-dir)
> + (copy-recursively tbb tbb-scripts-dir
> + #:log (%make-void-port "w"))
> + (make-file-writable "browser/app/profile/000-tor-browser.js")
> + (make-file-writable (string-append tbb-scripts-dir
> + "/RelativeLink/start-tor-browser"))
> + (make-file-writable (string-append tbb-scripts-dir
> + "/RelativeLink/start-tor-browser.desktop")))
> + #t))

Returning #t at the end of a phase is not required anymore.
The warning will disappear when core-updates is merged.

Toggle quote (11 lines)
> + (replace 'configure
> + (lambda* (#:key inputs outputs configure-flags #:allow-other-keys)
> + (let* ((out (assoc-ref outputs "out"))
> + (bash (which "bash"))
> + (flags `(,(string-append "--prefix=" out)
> + ,@configure-flags)))
> + (setenv "SHELL" bash)
> + (setenv "AUTOCONF" (string-append
> + (assoc-ref %build-inputs "autoconf")
> + "/bin/autoconf"))

In build phases, use 'inputs' or 'native-inputs' instead of %build-inputs.
It's more explicit, maybe there are other reasons as well. (Here it should
be native-inputs I guess).


Toggle quote (4 lines)
> + (setenv "CONFIG_SHELL" bash)
> + (setenv "PYTHON" (string-append (assoc-ref inputs "python-2")
> + "/bin/python"))

This most likely should be (assoc-ref (or native-inputs inputs) "python-2")
instead of (assoc-ref inputs "python-2").

Toggle quote (1 lines)
> + (setenv "CC" "gcc") ; needed when Stylo is enabled
This most likely should be ,(cc-for-target) instead of "gcc".

(The native-inputs/inputs and "gcc" / (cc-for-target) distinction is important
when cross-compiling (though not all dependencies are cross-compilable currently,
so it's a bit moot for now.))

Toggle quote (2 lines)
> + (add-after 'install-extensions 'link-binaries
> + (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
You're not using 'native-inputs' in this build phase so you can remove it
from the arguments list.

Toggle quote (4 lines)
> + [...]
> + (add-after 'link-binaries 'copy-bundle-data
> + (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)

Likewise.

Toggle quote (10 lines)
> + (description
> + "Tor Browser is the Tor Project version of Firefox browser. It is the only
> +recommended way to anonymously browse the web that is supported by the project.
> +It modifies Firefox in order to avoid many know application level attacks on
> +the privacy of Tor users.
> +
> +WARNING: This is not the official Tor Browser and is currently on testing. Use
> +at your own risk and please report back on guix channels if you find any
> +issues.")

This seems unnecessarily scary. All packages in guix are ‘at your own risk’
and every new package is ‘in testing’ for a while, whatever that means.
What about

"Warning: this is not the official built of Tor Browser from upstream.
As such, the Guix version of Tor Browser may have small differences
that might allow a malicious actor to identify you as a Guix user."

?

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYLlEjBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7nbTAQCtfS2GBwWMN4bYziz4BboEExdi
p1c7n9tKrB6ItD5PLQEA7rNLntMttQ86O/TfEw+p/Lm8ebbvYWmT7UJMeq6Ivg0=
=3uc4
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 3 Jun 2021 23:07
ebd358912aa03bc2194e3f1b26bccf24a781f6b5.camel@telenet.be
Some comments, maybe the have already been addressed previously:

Toggle quote (24 lines)
> +++ b/gnu/packages/patches/torbrowser-start-desktop.patch
> @@ -0,0 +1,22 @@
> +Change TorBrowser desktop file in order for it to be agnostic to the
> +path when invoked.
> +
> +--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop.orig 2020-07-05 18:47:40.689484877 -0300
> ++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop 2020-07-24 14:36:37.720579884 -0300
> +@@ -1,4 +1,4 @@
> +-#!/usr/bin/env ./Browser/execdesktop
> ++#!/usr/bin/env bash
> + #
> + # This file is a self-modifying .desktop file that can be run from the shell.
> + # It preserves arguments and environment for the start-tor-browser script.
> +@@ -28,7 +28,7 @@
> + GenericName=Web Browser
> + Comment=Tor Browser is +1 for privacy and −1 for mass surveillance
> + Categories=Network;WebBrowser;Security;
> +-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k
> +-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
> +-Icon=web-browser
> ++Exec=sh -c start-tor-browser
> ++X-TorBrowser-ExecShell=start-tor-browser --detach
> ++Icon=torbrowser

What's the reason for switching the icon from web-browser to torbrowser?
Also, the guixy way would be to simply replace "$(dirname "$*")/STUFF"
by /gnu/store/[...]/MORE-STUF/STUFF.

Otherwise, you're assuming "sh" is in the profile. It would also
be possible to replace "sh" with (string-append (assoc-ref inputs "bash") "/bin/sh")
I guess.

Toggle quote (35 lines)
> + StartupWMClass=Tor Browser
> diff --git a/gnu/packages/patches/torbrowser-start-script.patch b/gnu/packages/patches/torbrowser-start-script.patch
> new file mode 100644
> index 0000000000..b8c8d9a26a
> --- /dev/null
> +++ b/gnu/packages/patches/torbrowser-start-script.patch
> @@ -0,0 +1,181 @@
> +Change TorBrowser startup script in order for it to setup needed files
> +outside guix store. Remove tests which are not needed on guix system.
> +
> +--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.orig 2020-07-05 18:47:40.685485004 -0300
> ++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser 2020-07-23 18:13:32.426282743 -0300
> +@@ -5,6 +5,14 @@
> + #
> + # Copyright 2017 The Tor Project. See LICENSE for licensing information.
> +
> ++TBB_HOME="${HOME}/.local/share/torbrowser"
> ++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"
> ++TBB_DATA="${TBB_HOME}/Data"
> ++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"
> ++TBB_STORE_PATH=$(dirname $(realpath "$0"))
> ++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"
> ++TORRC="${TBB_DATA}/Tor/torrc-defaults"
> ++
> + complain_dialog_title="Tor Browser"
> +
> + # First, make sure DISPLAY is set. If it isn't, we're hosed; scream
> +@@ -134,8 +142,8 @@
> + ;;
> + -l | --log)
> + if [ -z "$2" -o "${2:0:1}" == "-" ]; then
> +- printf "Logging Tor Browser debug information to tor-browser.log\n"
> +- logfile="../tor-browser.log"
> ++ printf "Logging Tor Browser debug information to torbrowser.log\n"

Why rename tor-browser.log to torbrowser.log?

Toggle quote (17 lines)
> + [...]
> ++# Try to be agnostic to where we're being started from, check if files are on its
> ++# default paths and chdir to TBB_HOME
> ++if [ -e "${TORRC}" ]; then
> ++ cd "${TBB_HOME}"
> ++else
> ++ mkdir -p "${TBB_HOME}"
> ++ cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
> ++ chmod -R 700 "${TBB_HOME}"
> ++ mkdir -p "${TBB_PROFILE}"
> ++ echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\
> ++ > "${TBB_PROFILE}/user.js"
> ++ echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
> ++ >> "${TORRC}"
> ++ cd "${TBB_HOME}"
> + fi

"mkdir" and "cp" are from coreutils, which are not guaranteed to be in
the profile. I'd suggest:

(1) (preferred) use substitute* in a build phase to replace
'mkdir' and 'cp' & co with the absolute store path
(2) or add coreutils to propagated-inputs

Likewise for sed.

Toggle quote (10 lines)
> [...]
>
> + if [ "$register_desktop_app" -eq 1 ]; then
> + mkdir -p "$HOME/.local/share/applications/"
> +- cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
> ++ cp "${TBB_STORE_PATH}/start-tor-browser.desktop" "$HOME/.local/share/applications/"
> + update-desktop-database "$HOME/.local/share/applications/"
> + printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"
> + exit 0

Is this required on Guix and would it work well on Guix? Copying .desktop files around
seems counter to ‘Guix suppots transactional upgrades and roll-backs, [...]. [...]
reproducible operating systems’ and not very functional. Shouldn't
"guix install torbrowser-unbundle" be sufficient?

noscript seems an useful extension for IceCat as well.
Maybe move it to gnuzilla.scm? Maybe move https-everywhere
there as well? (Separate issue: https-everywhere seems to
be bundled in IceCat ...)

Toggle quote (25 lines)
> +(define https-everywhere-lib-wasm
> + (let ((commit "45b1622f1240659aca4762fa336aad1322d6d50f"))
> + (package
> + (name "https-everywhere-lib-wasm")
> + (version "2021.4.15")
> + (source
> + (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "https://github.com/EFForg/https-everywhere-lib-wasm")
> + (commit commit)))
> + (file-name (git-file-name name version))
> + (sha256
> + (base32
> + "1lq62rzypdzmnnzvfns3ccvv1g7p7g9s8jx788zzigr3gnmkpffx"))))
> + (build-system trivial-build-system)
> + (arguments
> + `(#:modules ((guix build utils))
> + #:builder (begin
> + (use-modules (guix build utils))
> + (format #t "Copying source ...~%")
> + (copy-recursively (assoc-ref %build-inputs "source")
> + %output
> + #:log (%make-void-port "w")))))

Why are you copying the source code to somewhere else?
This doesn't seem to accomplish anything. I would suggest
something like:

;; Source code of ‘HTTPS Everywhere WASM Library’,
;; licensed as license:lgpl2.1+, used in 'https-everywhere'
;; as an input.
(define https-everywhere-lib-wasm/source-code
(origin (method git-fetch) [...]))

Note that you can use 'origin' objects in 'inputs' and 'native-inputs'.


Toggle quote (8 lines)
> + (synopsis "Browser extension for protection against known attacks")
> + (description "Browser extension that protects users from a range of
> +known attacks on web browsing activity such as Cross-site scripting, clickjack and
> +makes possible for the users to block or choose on a per site basis which remote
> +javascript to run while browsing the web.")
> + (license license:gpl2+))))

The license file seems to tell something different: LGPL2.1+ instead of GPL2+:


Toggle quote (5 lines)
> [...]
> + (native-inputs
> + `(("https-everywhere" ,https-everywhere)
> + ("noscript" ,noscript)

noscript and https-everywhere seem more like 'inputs' than
'native-inputs' to me, but IIUC they are source-code only
and not compiled, so it doesn't really matter here I guess.

Toggle quote (22 lines)
> [...]
> + (add-after 'unpack 'make-bundle
> + (lambda* (#:key inputs native-inputs #:allow-other-keys)
> + (let ((tor-launcher (assoc-ref inputs "tor-launcher"))
> + (tor-launcher-dir "browser/extensions/tor-launcher")
> + (tbb (assoc-ref inputs "tor-browser-build"))
> + (tbb-scripts-dir "tbb-scripts"))
> +
> + (format #t "Copying tor-launcher ...~%")
> + (copy-recursively tor-launcher tor-launcher-dir
> + #:log (%make-void-port "w"))
> + (format #t "Copying tor-browser-build ...~%")
> + (mkdir tbb-scripts-dir)
> + (copy-recursively tbb tbb-scripts-dir
> + #:log (%make-void-port "w"))
> + (make-file-writable "browser/app/profile/000-tor-browser.js")
> + (make-file-writable (string-append tbb-scripts-dir
> + "/RelativeLink/start-tor-browser"))
> + (make-file-writable (string-append tbb-scripts-dir
> + "/RelativeLink/start-tor-browser.desktop")))
> + #t))

Returning #t at the end of a phase is not required anymore.
The warning will disappear when core-updates is merged.

Toggle quote (11 lines)
> + (replace 'configure
> + (lambda* (#:key inputs outputs configure-flags #:allow-other-keys)
> + (let* ((out (assoc-ref outputs "out"))
> + (bash (which "bash"))
> + (flags `(,(string-append "--prefix=" out)
> + ,@configure-flags)))
> + (setenv "SHELL" bash)
> + (setenv "AUTOCONF" (string-append
> + (assoc-ref %build-inputs "autoconf")
> + "/bin/autoconf"))

In build phases, use 'inputs' or 'native-inputs' instead of %build-inputs.
It's more explicit, maybe there are other reasons as well. (Here it should
be native-inputs I guess).


Toggle quote (4 lines)
> + (setenv "CONFIG_SHELL" bash)
> + (setenv "PYTHON" (string-append (assoc-ref inputs "python-2")
> + "/bin/python"))

This most likely should be (assoc-ref (or native-inputs inputs) "python-2")
instead of (assoc-ref inputs "python-2").

Toggle quote (1 lines)
> + (setenv "CC" "gcc") ; needed when Stylo is enabled
This most likely should be ,(cc-for-target) instead of "gcc".

(The native-inputs/inputs and "gcc" / (cc-for-target) distinction is important
when cross-compiling (though not all dependencies are cross-compilable currently,
so it's a bit moot for now.))

Toggle quote (2 lines)
> + (add-after 'install-extensions 'link-binaries
> + (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
You're not using 'native-inputs' in this build phase so you can remove it
from the arguments list.

Toggle quote (4 lines)
> + [...]
> + (add-after 'link-binaries 'copy-bundle-data
> + (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)

Likewise.

Toggle quote (10 lines)
> + (description
> + "Tor Browser is the Tor Project version of Firefox browser. It is the only
> +recommended way to anonymously browse the web that is supported by the project.
> +It modifies Firefox in order to avoid many know application level attacks on
> +the privacy of Tor users.
> +
> +WARNING: This is not the official Tor Browser and is currently on testing. Use
> +at your own risk and please report back on guix channels if you find any
> +issues.")

This seems unnecessarily scary. All packages in guix are ‘at your own risk’
and every new package is ‘in testing’ for a while, whatever that means.
What about

"Warning: this is not the official built of Tor Browser from upstream.
As such, the Guix version of Tor Browser may have small differences
that might allow a malicious actor to identify you as a Guix user."

?

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYLlEjRccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7rahAP95zsFdn7ynYLFREsPlHz5Ek7X9
gbKPWsJJu3LI4gs/pwEAjG14OWE9tujVF69MJrFTW1uPdoMY8Zxuj3s4bYEUPA4=
=hvTf
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 10 Jul 2021 05:10
(name . Maxime Devos)(address . maximedevos@telenet.be)(address . 42380@debbugs.gnu.org)
YOkPlxiRiQT9iQY9@andel
Attachment: file
-----BEGIN PGP SIGNATURE-----

iQG5BAABCgAjFiEEXo3OJhMk/jL9rLM1Nj97Uq5OMvYFAmDpD5MFgwPCZwAACgkQ
Nj97Uq5OMvbDUQv+OtXE8vKwy10OUDXJIy0swIytBqOELyfN57EGE4+RtEZslnzT
VUoPgtjZ8CydSSZTG18K9fkPDRarzya7PrDoLG22s4QjQe0Uk8hk8X/GSn0PAgi1
go9tZV3nSrZA8bpmq20JxzQ9lVNw6kpWwhkogz5djJR8qXppB+sY9R3ZxKQI9VTX
hakSIWb1dtK4qZoBVD9QRK00/96VxioqQ9ZigHNFMlne9A1efyrUTmNfjpZ7aN4j
rpbjZ3NqBXy81ZN+K1rVAvC3kZkW+zY+icpwRFJLRXX8YjagKjTLUbZle1dXmD8X
m1hbt60fSAEtakzQbZQTrTT7d52cNDb78W10UfU/+d9UZZcmiU3YSxnZitRZouFG
WeBMwKejbfmICtpTAGZ78bPQPO10PnWKxeE5KCo67BefjRefQG39Y+7sp8o0fdmb
m5p88Oa/wwy44IvNU5IhC07BcbP20dNOlne5VXXyexV1p9N5N9T47si9uKd95KJ+
Oics4T/Zxs3zRUro
=Dg+w
-----END PGP SIGNATURE-----


C
C
Clément Lassieur wrote on 12 Dec 2023 12:21
[PATCH] gnu: Add torbrowser.
(address . 42380@debbugs.gnu.org)
d6e5198dc66c76fdf454241d1074c1c649a9cc46.1702378364.git.clement@lassieur.org
* gnu/packages/tor.scm (torbrowser): New variable.
(torbrowser-assets): New variable.
* gnu/packages/browser-extensions.scm (noscript): New variable.
(noscript/icecat): New variable.

Change-Id: I73dc53905e4a028108bb34aae07e44256cf16c85
---

Hi, this is a package for Tor Browser. I initially wanted to base my work on
André's but I believe pretty much everything is new now. André's work helped
nonetheless, so thank you André.

A few notes:
- HTTPS-everywhere extension is now built-in.
- There is a package for Noscript.
- Bridge support (lyrebird) will come later (patches are being polished and
are for the testing branch)
- I took inspiration from OpenBSD's package (they build it too) and from
Nix (they use the bundle).
- Some work could be done to improve icecat-minimal inheritance (icons,
sandbox, wrap-program) but it's not trivial.
- The name is "torbrowser" because it's obvious that we don't bundle anything
in Guix, that's how other distros do and it's simpler.
- It should be FSDG compatible (no DRM, no link to addons.mozilla.org).

Comments are welcome!

Clément

gnu/packages/browser-extensions.scm | 26 +++
gnu/packages/gnupg.scm | 3 +-
gnu/packages/tor.scm | 280 ++++++++++++++++++++++++++++
3 files changed, 307 insertions(+), 2 deletions(-)

Toggle diff (373 lines)
diff --git a/gnu/packages/browser-extensions.scm b/gnu/packages/browser-extensions.scm
index 21c519eda31c..9efa94b77396 100644
--- a/gnu/packages/browser-extensions.scm
+++ b/gnu/packages/browser-extensions.scm
@@ -21,6 +21,7 @@
(define-module (gnu packages browser-extensions)
#:use-module (guix gexp)
#:use-module (guix packages)
+ #:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system copy)
#:use-module (guix build-system gnu)
@@ -221,3 +222,28 @@ (define passff
(define-public passff/icecat
(make-icecat-extension passff))
+
+(define noscript
+ (package
+ (name "noscript")
+ (version "11.4.28")
+ (source (origin
+ (method url-fetch/zipbomb)
+ (uri (string-append
+ "https://noscript.net/download/releases/noscript-" version
+ ".xpi"))
+ (sha256
+ (base32
+ "051wawi0yjyramp743yjawqaz59g3m2gcivm24b44ibd4arpdl2l"))))
+ (build-system copy-build-system)
+ (properties '((addon-id . "{73a6fe31-595d-460b-a920-fcc0f8843232}")))
+ (arguments
+ `(#:install-plan '(("." ,(assq-ref properties 'addon-id)))))
+ (home-page "https://noscript.net")
+ (synopsis "Software providing extra protection for various browsers.")
+ (description "The NoScript Security Suite is a software providing extra
+protection for web browsers.")
+ (license license:gpl3+)))
+
+(define-public noscript/icecat
+ (make-icecat-extension noscript))
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index a5b8587a141c..bec74b3f3f49 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -70,7 +70,6 @@ (define-module (gnu packages gnupg)
#:use-module (gnu packages swig)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages tls)
- #:use-module (gnu packages tor)
#:use-module (gnu packages web)
#:use-module (gnu packages xorg)
#:use-module (gnu packages xdisorg)
@@ -1124,7 +1123,7 @@ (define-public parcimonie
perl-try-tiny
perl-type-tiny
perl-types-path-tiny
- torsocks))
+ (@ (gnu packages tor) torsocks))) ;avoid dependency loop
(native-inputs
(list perl-file-which
perl-gnupg-interface
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 71f32b3f4331..31e9945f5d39 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -36,11 +36,15 @@ (define-module (gnu packages tor)
#:use-module (guix utils)
#:use-module (guix download)
#:use-module (guix git-download)
+ #:use-module (guix build-system copy)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system mozilla)
#:use-module (guix build-system python)
#:use-module (guix build-system pyproject)
#:use-module (gnu packages)
#:use-module (gnu packages base)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages browser-extensions)
#:use-module (gnu packages libevent)
#:use-module (gnu packages linux)
#:use-module (gnu packages check)
@@ -48,6 +52,7 @@ (define-module (gnu packages tor)
#:use-module (gnu packages pcre)
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages glib)
+ #:use-module (gnu packages gnuzilla)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages python-check)
@@ -483,3 +488,278 @@ (define-public tractor
the onion proxy and sets up proxy in user session, so you don't have to mess
up with TOR on your system anymore.")
(license license:gpl3+)))
+
+(define torbrowser-assets
+ ;; This is a prebuilt Torbrowser from which we take the assets we need.
+ (package
+ (name "torbrowser-assets")
+ ;; To find the last version, look at https://www.torproject.org/download/.
+ (version "13.0.6")
+ (source
+ (origin
+ (method url-fetch)
+ (uri
+ (string-append
+ "https://archive.torproject.org/tor-package-archive/torbrowser/"
+ version "/tor-browser-linux-x86_64-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0d72jgcp9rbpfjivsh6vg6bgbppkhrlficwk4jz0f8h69cj8ygzd"))))
+ (arguments
+ (list
+ #:install-plan
+ ''(("Browser" "." #:include-regexp
+ ("^\\./TorBrowser/Data/Tor/torrc-defaults"
+ "^\\./fonts/"
+ "^\\./fontconfig/fonts.conf")))))
+ (build-system copy-build-system)
+ (home-page "https://www.torproject.org")
+ (synopsis "Tor Browser assets")
+ (description "This package contains fonts and configuration files for Tor
+Browser.")
+ (license license:silofl1.1)))
+
+(define-public torbrowser
+ (package
+ (inherit icecat-minimal)
+ (name "torbrowser")
+ ;; To find the last version, browse
+ ;; https://archive.torproject.org/tor-package-archive/torbrowser/<version>
+ ;; (<version> is the version of the `torbrowser-assets` package). There
+ ;; should be only one archive that starts with "src-firefox-tor-browser-".
+ (version "115.5.0esr-13.0-1-build4")
+ (source
+ (origin
+ (method url-fetch)
+ (uri
+ (string-append
+ "https://archive.torproject.org/tor-package-archive/torbrowser/"
+ (package-version torbrowser-assets)
+ "/src-firefox-tor-browser-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0p0qsfc2l2bicqjr1kxciiij5qz7n8xqyvyn8f13fvk0wyg94c6v"))))
+ (build-system mozilla-build-system)
+ (arguments
+ (substitute-keyword-arguments (package-arguments icecat-minimal)
+ ((#:configure-flags flags '())
+ #~(cons*
+ "--without-relative-data-dir" ;store is read-only
+ "--disable-base-browser-update"
+ "--enable-update-channel=release"
+ "--with-branding=browser/branding/tb-release"
+ (string-append "--prefix=" #$output)
+ (string-append "--with-base-browser-version="
+ #$(package-version
+ (this-package-input "torbrowser-assets")))
+ #$flags))
+ ((#:phases phases)
+ #~(modify-phases #$phases
+ (add-before 'configure 'setenv
+ (lambda _
+ (setenv "CONFIG_SHELL" (which "bash"))
+ ;; Install location is prefix/lib/$MOZ_APP_NAME. Also
+ ;; $MOZ_APP_NAME is the executable name. Default is
+ ;; "firefox".
+ (setenv "MOZ_APP_NAME" "torbrowser")
+ ;; Profile location (relative to "~/."). Default is
+ ;; lower($MOZ_APP_VENDOR/$MOZ_APP_BASENAME), which is:
+ ;; ~/.tor project/firefox.
+ (setenv "MOZ_APP_PROFILE" "torbrowser/browser")
+ ;; WM_CLASS (default is "$MOZ_APP_NAME-$MOZ_UPDATE_CHANNEL").
+ (setenv "MOZ_APP_REMOTINGNAME" "Tor Browser")
+ ;; Persistent state directory for the build system (default is
+ ;; $HOME/.mozbuild).
+ (setenv "MOZBUILD_STATE_PATH"
+ (in-vicinity (getcwd) ".mozbuild"))))
+ (add-before 'configure 'mozconfig
+ (lambda* (#:key configure-flags #:allow-other-keys)
+ (with-output-to-file "mozconfig"
+ (lambda ()
+ (format #t ". $topsrcdir/mozconfig-linux-x86_64~%")
+ (for-each (lambda (flag)
+ (format #t "ac_add_options ~a~%" flag))
+ configure-flags)))))
+ (replace 'configure
+ (lambda _
+ (invoke "make" "-C" "tools/torbrowser" "config")))
+ (add-before 'build 'fix-addons-placeholder
+ (lambda _
+ (substitute*
+ "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
+ (("addons.mozilla.org") "gnuzilla.gnu.org"))))
+ (replace 'build
+ (lambda _
+ (invoke "make" "-C" "tools/torbrowser" "build")))
+ (add-after 'install 'deploy-assets
+ (lambda _
+ (let ((assets #$(this-package-input "torbrowser-assets"))
+ (lib (in-vicinity #$output "lib/torbrowser"))
+ (tor #$(this-package-input "tor")))
+ ;; TorBrowser/Data/Tor/torrc-defaults
+ (copy-recursively (in-vicinity assets "TorBrowser")
+ (in-vicinity lib "TorBrowser"))
+ ;; The geoip and geoip6 files are in the same directory as
+ ;; torrc-defaults. (See TorProcess.sys.mjs.)
+ (mkdir-p (in-vicinity lib "TorBrowser/Data/Tor"))
+ (copy-file (in-vicinity tor "share/tor/geoip")
+ (in-vicinity lib "TorBrowser/Data/Tor/geoip"))
+ (copy-file (in-vicinity tor "share/tor/geoip6")
+ (in-vicinity lib "TorBrowser/Data/Tor/geoip6"))
+ ;; Fonts
+ (copy-recursively (in-vicinity assets "fontconfig")
+ (in-vicinity lib "fontconfig"))
+ (substitute* (in-vicinity lib "fontconfig/fonts.conf")
+ (("<dir>fonts</dir>")
+ (format #f "<dir>~a</dir>" (in-vicinity lib "fonts"))))
+ (delete-file-recursively (in-vicinity lib "fonts"))
+ (copy-recursively (in-vicinity assets "fonts")
+ (in-vicinity lib "fonts")))))
+ (replace 'build-sandbox-whitelist
+ (lambda* (#:key inputs #:allow-other-keys)
+ (define (runpath-of lib)
+ (call-with-input-file lib
+ (compose elf-dynamic-info-runpath
+ elf-dynamic-info
+ parse-elf
+ get-bytevector-all)))
+ (define (runpaths-of-input label)
+ (let* ((dir (string-append (assoc-ref inputs label) "/lib"))
+ (libs (find-files dir "\\.so$")))
+ (append-map runpath-of libs)))
+ ;; Populate the sandbox read-path whitelist as needed by ffmpeg.
+ (let* ((whitelist
+ (map (cut string-append <> "/")
+ (delete-duplicates
+ `(,(string-append (assoc-ref inputs "shared-mime-info")
+ "/share/mime")
+ ,@(append-map runpaths-of-input
+ '("mesa" "ffmpeg"))))))
+ (whitelist-string (string-join whitelist ",")))
+ (with-output-to-file "whitelist.txt"
+ (lambda ()
+ (display whitelist-string))))))
+ (add-after 'install 'autoconfig
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((lib (in-vicinity #$output "lib/torbrowser"))
+ (config-file "tor-browser.cfg"))
+ (with-output-to-file (in-vicinity
+ lib "defaults/pref/autoconfig.js")
+ (lambda ()
+ (format #t "// first line must be a comment~%")
+ (format #t "pref(~s, ~s);~%"
+ "general.config.filename" config-file)
+ (format #t "pref(~s, ~a);~%"
+ "general.config.obscure_value" "0")))
+ (with-output-to-file (in-vicinity lib config-file)
+ (lambda ()
+ (format #t "// first line must be a comment~%")
+ ;; Locking prevents these values being written to
+ ;; prefs.js, avoiding Store path capture.
+ (format #t "lockPref(~s, ~s);~%"
+ "extensions.torlauncher.torrc-defaults_path"
+ (in-vicinity
+ lib "TorBrowser/Data/Tor/torrc-defaults"))
+ (format #t "lockPref(~s, ~s);~%"
+ "extensions.torlauncher.tor_path"
+ (search-input-file inputs "bin/tor"))
+ ;; Required for Guix packaged extensions
+ ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8
+ ;; Default is 5.
+ (format #t "pref(~s, ~a);~%"
+ "extensions.enabledScopes" "13")
+ (format #t "pref(~s, ~s);~%"
+ "security.sandbox.content.read_path_whitelist"
+ (call-with-input-file "whitelist.txt"
+ get-string-all))
+ ;; Add-ons pannel (see settings.js in Icecat source).
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.search.browseURL"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.get.url"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.link.url"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.discovery.api_url"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.langpacks.url"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "lightweightThemes.getMoreURL"
+ "https://gnuzilla.gnu.org/mozzarella"))))))
+ (replace 'wrap-program
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((gtk #$(this-package-input "gtk+"))
+ (gtk-share (string-append gtk "/share"))
+ (fonts.conf (in-vicinity
+ #$output
+ "lib/torbrowser/fontconfig/fonts.conf"))
+ (ld-libs '#$(cons
+ (file-append
+ (this-package-input "libcanberra")
+ "/lib/gtk-3.0/modules")
+ (map
+ (lambda (label)
+ (file-append
+ (this-package-input label) "/lib"))
+ '("libpng-apng"
+ "libxscrnsaver"
+ "mesa"
+ "pciutils"
+ "mit-krb5"
+ "eudev"
+ "pulseaudio"
+ "libnotify")))))
+ (wrap-program
+ (in-vicinity #$output "lib/torbrowser/torbrowser")
+ `("XDG_DATA_DIRS" prefix (,gtk-share))
+ `("LD_LIBRARY_PATH" prefix ,ld-libs)
+ `("FONTCONFIG_FILE" prefix (,fonts.conf))))))
+ (replace 'install-desktop-entry
+ (lambda _
+ (let ((apps (in-vicinity #$output "share/applications")))
+ (mkdir-p apps)
+ (make-desktop-entry-file
+ (in-vicinity apps "torbrowser.desktop")
+ #:name "Tor Browser"
+ #:exec
+ (format #f "~a %u" (in-vicinity #$output "bin/torbrowser"))
+ #:comment
+ "Tor Browser is +1 for privacy and -1 for mass surveillance"
+ #:categories '("Network" "WebBrowser" "Security")
+ #:startup-w-m-class "Tor Browser"
+ #:icon "tor-browser"))))
+ (replace 'install-icons
+ (lambda* (#:key inputs #:allow-other-keys)
+ (for-each
+ (lambda (size)
+ (let ((oldpath (string-append
+ "browser/branding/tb-release/default"
+ size ".png"))
+ (newpath (string-append #$output
+ "/share/icons/hicolor/"
+ size "x" size "/apps")))
+ (mkdir-p newpath)
+ (copy-file oldpath
+ (in-vicinity newpath "tor-browser.png"))))
+ '("16" "22" "24" "32" "48" "64" "128" "256"))))))))
+ (inputs
+ (modify-inputs (package-inputs icecat-minimal)
+ (append bash-minimal
+ tor
+ torbrowser-assets)))
+ (propagated-inputs
+ (list noscript/icecat))
+ (home-page "https://www.torproject.org")
+ (synopsis "Anonymous browser derived from Mozilla Firefox")
+ (description
+ "Tor Browser is the Tor Project version of Firefox browser. It is the
+only recommended way to anonymously browse the web that is supported by the
+project. It modifies Firefox in order to avoid many know application level
+attacks on the privacy of Tor users.")
+ (license license:mpl2.0))) ;And others, see
+ ;toolkit/content/license.html

base-commit: bb3ab24a296ffa5273b2e82a02ed057e90c095f3
--
2.41.0
A
A
André Batista wrote on 14 Dec 2023 22:54
(name . Clément Lassieur)(address . clement@lassieur.org)
ZXt5Guwgz2JOQBcG@andel
Attachment: file
A
A
André Batista wrote on 15 Dec 2023 18:04
Re: [bug#42380] [PATCH] gnu: Add torbrowser.
(name . Clément Lassieur)(address . clement@lassieur.org)
ZXyHD6LvFgGaYmt0@andel
Hi Cl�ment,

qui 14 dez 2023 �s 18:54:48 (1702590888), nandre@riseup.net enviou:
Toggle quote (12 lines)
>
> First and foremost:
>
> The noscript addon seems to be missing from the browser. If one goes
> to the 'about:addons' tab, it is neither listed nor manageable there.
> This makes the security slider almost useless and also implies that
> as things stand we would lead guixen to run potentialy harmful and
> nonfree javascript code unknowingly and without a warning.
>
> You can check that on https://coveryourtracks.eff.org for the
> difference between this browser fingerprint and the upstream one.

Please, disregard what I've said above: noscript is indeed listed on the
addons tab, manageable there and the browser security slider is also
working as expected.

I had just built and run from the store, without installing to a profile
so guix was rightfully not picking up any info on noscript. When properly
installed, it is picked up just fine.

Please accept my appologies for improperly reviewing it, I should've
known that the bug was between the chair and the keyboard.
A
A
André Batista wrote on 16 Dec 2023 04:49
(name . Clément Lassieur)(address . clement@lassieur.org)
ZX0eNBDWk0tptqYi@andel
Hi again!

qui 14 dez 2023 �s 18:54:48 (1702590888), nandre@riseup.net enviou:
Toggle quote (6 lines)
>
> Other than that, the current recipe is not deterministic. This is
> probably due to the 'BuildID' which is a timestamp.
>
> See: (#$output)/lib/torbrowser/platform.ini

This was it. I've just set MOZ_BUILD_DATE environment variable to a
fixed timestamp (yyyymmddhhmmss) and now the build successfully checks.

It's not much, but it's honest computer work! :)

Now the question is: do we just set a fixed timestamp and forget it until
the sun burns out or do we change it each and everytime when updating the
browser so as to mimick the upstream one?

Even though it is a bit of a hassle, I'd vote for mimicking upstream.

Toggle quote (14 lines)
> > + ((#:phases phases)
> > + #~(modify-phases #$phases
> > + (add-before 'configure 'setenv
> > + (lambda _
> > + (setenv "CONFIG_SHELL" (which "bash"))
> > + ;; Install location is prefix/lib/$MOZ_APP_NAME. Also
> > + ;; $MOZ_APP_NAME is the executable name. Default is
> > + ;; "firefox".
> > + (setenv "MOZ_APP_NAME" "torbrowser")
> > + ;; Profile location (relative to "~/."). Default is
> > + ;; lower($MOZ_APP_VENDOR/$MOZ_APP_BASENAME), which is:
> > + ;; ~/.tor project/firefox.
> > + (setenv "MOZ_APP_PROFILE" "torbrowser/browser")
> > + ;; WM_CLASS (default is "$MOZ_APP_NAME-$MOZ_UPDATE_CHANNEL").
C
C
Clément Lassieur wrote on 19 Dec 2023 19:19
(name . André Batista)(address . nandre@riseup.net)(address . 42380@debbugs.gnu.org)
878r5q9hsb.fsf@lassieur.org
Hi André!

On Thu, Dec 14 2023, André Batista wrote:

Toggle quote (9 lines)
> The noscript addon seems to be missing from the browser. If one goes
> to the 'about:addons' tab, it is neither listed nor manageable there.
> This makes the security slider almost useless and also implies that
> as things stand we would lead guixen to run potentialy harmful and
> nonfree javascript code unknowingly and without a warning.
>
> You can check that on https://coveryourtracks.eff.org for the
> difference between this browser fingerprint and the upstream one.

[in an other mail]
Toggle quote (11 lines)
> Please, disregard what I've said above: noscript is indeed listed on the
> addons tab, manageable there and the browser security slider is also
> working as expected.
>
> I had just built and run from the store, without installing to a profile
> so guix was rightfully not picking up any info on noscript. When properly
> installed, it is picked up just fine.
>
> Please accept my appologies for improperly reviewing it, I should've
> known that the bug was between the chair and the keyboard.

Well you've done the greatest review I've ever seen so no need to
apologize :) Indeed NoScript is a propagated input, so it needs to be
installed. You can also test it like this:

guix shell --emulate-fhs --no-offload --no-cwd --preserve=DISPLAY
--container --network torbrowser -- torbrowser

Or if you want to add ublock-origin:

guix shell --emulate-fhs --no-offload --no-cwd --preserve=DISPLAY
--container --network torbrowser ublock-origin-icecat -- torbrowser

(Note that you'll need either to allow ublock0 to run in private windows
or to not be in a private window.)

My tests with https://coveryourtracks.eff.orggive exactly the same
results (between 8 and 9 depending on window size) as the official Tor
Browser.

Toggle quote (3 lines)
> Other than that, the current recipe is not deterministic. This is
> probably due to the 'BuildID' which is a timestamp.

Indeed I had forgotten about this. And Icecat does it well.

Toggle quote (10 lines)
> See: (#$output)/lib/torbrowser/platform.ini
>
> Moreover, both upstream torbrowser and guix' icecat build an
> internationalized browser with several locales and the browser as is
> offers users on startup to change or set the browser locale even though
> we did not provide any other than en-US.
>
> I don't think the current en-US only is a show stopper, but let's make
> a note on internationalizing it later.

Yes, but I believe we can add the internationalization as an extension,
it would be nicer than doing what Icecat does: torbrowser-minimal and
torbrowser with internationalization. When we do this we should
probably fix Icecat as well. This is, in my opinion, for another patch.

Toggle quote (6 lines)
>> A few notes:
>> - HTTPS-everywhere extension is now built-in.
>
> In my understading, the extension got removed as the feature it provided
> is now part of firefox itself.

Exactly.

Toggle quote (9 lines)
>> - The name is "torbrowser" because it's obvious that we don't bundle anything
>> in Guix, that's how other distros do and it's simpler.
>
> What { is || is not } obvious is highly subjective. Maybe to most people
> it is obvious that the distro version of some software is not the
> upstream one. On the other hand, maybe it's not obvious to many that,
> with regards to TorBrowser's goals, this is a significative difference
> as it potentialy implies a reduced anonymity set.

I agree that potentially there could be a reduced anonymity, but I've
not seen any footprint difference yet and when we see it I'm hopeful
we'll be able to fix it.

Toggle quote (8 lines)
> 'torbrowser-unbundle' was a pun on the original torbrowser name ("Tor
> Browser Bundle") and it was intended as some kind of warning to users
> that the guix package cannot live up to a vital upstream goal, namely
> that all users are using an identical browser in order to avoid, best
> as possible, any leak which could be used to fingerprint/deanonymize
> users. It was also kind of an homage to upstream directives if you
> will.

Are there directives about it? I haven't been able to find them. Also
OpenBSD names it "torbrowser" and they build it from source too.

Toggle quote (7 lines)
> However, even if some guix users may be unaware, this is an improvement
> to the current situation where people use icecat with tor which
> undeniably means a reduced anonymity set. Also, the hint may have been
> too weak to convey the intended warning. So I won't strongly oppose
> naming it simply 'torbrowser' if I'm the only one who sees a point on
> doing otherwise.

The main benefit of naming it "torbrowser" is, I believe, simplicity,
and the fact that it eases adoption. People will know it's Tor Browser
and not some variant.

The only real difference with upstream is the fact that we don't store
the profile where the executable is (because our store is read-only). I
believe this feature is for users who have Torbrowser on a USB dongle
that can be removed and then the system is still clean. But that's not
really a use-case for us anyway.

Toggle quote (9 lines)
>> +(define-public noscript/icecat
>> + (make-icecat-extension noscript))
>
> As I understand it, we are not building noscript from source, but getting
> a previously built which has minified JS. I never got to build it from
> source and also don't think this makes it uncommitable (agains FSDG), but
> maybe we could have a note to re-work this definition later in order to
> have it built from source (the guix way!).

Does it have minified JS though? I had a look at several files but
could not find any that is minified. If it does have minified JS, I
agree we should fix it. I actually tried to build it from source but
there are a ton of missing Node dependencies. :/

Toggle quote (16 lines)
>> +(define-public torbrowser
>> + (package
>> + (inherit icecat-minimal)
>> + (name "torbrowser")
>> + ;; To find the last version, browse
>> + ;; https://archive.torproject.org/tor-package-archive/torbrowser/<version>
>> + ;; (<version> is the version of the `torbrowser-assets` package). There
>> + ;; should be only one archive that starts with "src-firefox-tor-browser-".
>> + (version "115.5.0esr-13.0-1-build4")
>
> Is there any reason why you chose to use the 'src' version, instead of
> the TorBrowser release version (aka torbroser-assets one). At first I
> think it would be better if our version were the same as upstream as
> it would be clearer to both users and maintainers which version guix
> is offering without installing it.

I just wanted the source URL to only depend on the version, and not
anything else. That makes it easier to maintain, and it reminds people
what it really is: a Firefox.

Toggle quote (17 lines)
> Besides, are you sure this src version number is guaranteed to be
> progressive towards higher numbers?
>
> Decomposing it:
>
> Firefox version | tb build ver | tb build attempt
> 115.5.0esr | 13.0-1 | build4
>
> FF version: always increases, but not necessarily in the same step as
> torbrowser releases;
>
> tb build version: usually remains the same throughout a major torbrowser
> release series;
>
> tb build attempt: varies with the release process and sometimes it
> decreases.

base-browser-115.1.0esr-13.0-1-build1 Tagging build1 for 115.1esr-based alpha
base-browser-115.1.0esr-13.0-1-build2 Tagging build2 for 115.1esr-based alpha
base-browser-115.2.0esr-13.0-1-build1 Tagging build1 for 115.2.0esr-based Base Browser alpha
base-browser-115.2.1esr-13.0-1-build1 Tagging build1 for 115.2.1esr-based Base Browser alpha
base-browser-115.3.0esr-13.0-1-build1 Tagging build1 for 115.3.0esr-based alpha
base-browser-115.3.1esr-13.0-1-build1 Tagging build1 for 115.3.1esr-based stable
base-browser-115.4.0esr-13.0-1-build1 Tagging build1 for 115.4.0esr-based stable
base-browser-115.4.0esr-13.0-1-build2 Tagging build2 for 115.4.0esr-based stable
base-browser-115.4.0esr-13.5-1-build1 Tagging build1 for 115.4.0esr-based alpha
base-browser-91.12.0esr-12.0-1-build1 Tagging build1 for 91.12esr-based alpha

Here are some refs I've found in the git repo. We can see that for the
same "tb build version" (13.0-1) there are several base browser
versions: 115.1.0, 115.2.0, 115.2.1, etc. build1 goes to build2 only
when both "base version" and "tb build version" don't change.

In this example we can see a 13.5-1, which means alpha, which we never
want. So version string being monotonically increasing doesn't really
help: guix package --upgrade won't work anyway.

I think the version should describe fully what we are packaging, and in
this example, we can see that 13.0.1 isn't enough. I might be wrong
though, what do you think?

Toggle quote (23 lines)
>> + (source
>> + (origin
>> + (method url-fetch)
>> + (uri
>> + (string-append
>> + "https://archive.torproject.org/tor-package-archive/torbrowser/"
>> + (package-version torbrowser-assets)
>> + "/src-firefox-tor-browser-" version ".tar.xz"))
>> + (sha256
>> + (base32
>> + "0p0qsfc2l2bicqjr1kxciiij5qz7n8xqyvyn8f13fvk0wyg94c6v"))))
>> + (build-system mozilla-build-system)
>> + (arguments
>> + (substitute-keyword-arguments (package-arguments icecat-minimal)
>> + ((#:configure-flags flags '())
>> + #~(cons*
>> + "--without-relative-data-dir" ;store is read-only
>
> Shouldn't we also set '--with-user-appdir=.torbrowser' ?
>
> There is a comment on 'src/browser/config/mozconfigs/tor-browser' that
> says we need to set this flag when the relative data dir is unset.

They say it indeed, but they don't use it in the code^^.

set_define("MOZ_USER_DIR", user_appdir)

[...]

#define DEFAULT_PRODUCT_DIR nsLiteralCString(MOZ_USER_DIR)

[...]

#if !defined(TOR_BROWSER)
rv = localDir->AppendRelativeNativePath(DEFAULT_PRODUCT_DIR);
if (NS_FAILED(rv)) {
return rv;
}
#endif

But you are right, I'll add it anyway, we never know, they might change
the code later.

Toggle quote (6 lines)
>> + "--disable-base-browser-update"
>> + "--enable-update-channel=release"
>
> Does this mean that users get notified when there is a new torbrowser
> release upstream? Shouldn't this flag be removed?

No, there is a channel anyway, we just change it from "default" to
"release". Otherwise this code gets executed:

@depends("--enable-update-channel")
def tor_browser_nightly_build(channel):
if channel and channel[0] in ["default", "nightly"]:
return True

And we get warnings of instability because it thinks it's a nightly
while it's not. I'll add a comment!

Toggle quote (7 lines)
>> + ;; WM_CLASS (default is "$MOZ_APP_NAME-$MOZ_UPDATE_CHANNEL").
>
> This comment was unclear for me at first, probably due to my own
> ignorance. To the benefit of others, this is in line with instructions
> on 'src/browser/config/mozconfigs/tor-browser' as a hint to window
> managers on GNU/Linux.

Yeah it's just a way for windows (e.g. in Gnome) to know to which
left-bar button they are associated.

Toggle quote (14 lines)
>> + (format #t "// first line must be a comment~%")
>> + ;; Locking prevents these values being written to
>> + ;; prefs.js, avoiding Store path capture.
>> + (format #t "lockPref(~s, ~s);~%"
>> + "extensions.torlauncher.torrc-defaults_path"
>> + (in-vicinity
>> + lib "TorBrowser/Data/Tor/torrc-defaults"))
>> + (format #t "lockPref(~s, ~s);~%"
>> + "extensions.torlauncher.tor_path"
>> + (search-input-file inputs "bin/tor"))
>
> This has the undesired side-effect of making impossible to run TorBrowser
> with a shepherd tor instance. Is it really needed?

I don't think so, I'll change it.

Toggle quote (4 lines)
> Besides the inefficiency of running two tor processes, using a single one
> has the benefit of making eventual onion service auth keys available both
> on the browser and to other user software on the same location.

Yeah I agree.

Toggle quote (13 lines)
>> + (replace 'install-desktop-entry
>> + (lambda _
>> + (let ((apps (in-vicinity #$output "share/applications")))
>> + (mkdir-p apps)
>> + (make-desktop-entry-file
>> + (in-vicinity apps "torbrowser.desktop")
>> + #:name "Tor Browser"
>> + #:exec
>> + (format #f "~a %u" (in-vicinity #$output "bin/torbrowser"))
>
> Why do away with the 'start-tor-browser.sh'? Part of the logic there is
> redundant or not necessary on a system install, but not everything.

The file is 384 lines long, and most of it is not compatible with having
a read-only store. Patching it would require a huge patch for almost 0
gain, we would be better off with a small wrapper if really there are
things we need to wrap. But are there things we need from this file? I
haven't found any.

Toggle quote (8 lines)
>> + (inputs
>> + (modify-inputs (package-inputs icecat-minimal)
>> + (append bash-minimal
>> + tor
>
> Why not tor-client instead? I don't see a legitimate use case of running
> relays on the torbrowser.

Indeed!

Toggle quote (7 lines)
> Also, shouldn't this be a propagated input so as to not be garbage
> collected?
>
>> + torbrowser-assets)))
>> + (propagated-inputs
>> + (list noscript/icecat))

I don't think being propagated would change anything regarding to
garbage collection. Normal inputs are protected as well. But your
point is good, I need to test that everything goes well when tor is
upgraded and the previous one garbage collected. I believe worst case
scenario is we need to use "lockPref ... tor_path" instead of "pref
... tor_path" to prevent the store paths to go into the profile.

Toggle quote (2 lines)
> Thanks for your work on guix and cheers!

I'll send an updated patch soon, and I'll test garbage collecting tor.

Also, I'm working on packaging Mullvad Browser too, which is almost the
same work as Tor Browser, so we'll have 2 browsers for the same price!
It's more-or-less a Tor Browser without the Tor network, that encourages
the use of a VPN. (And WebRTC is enabled in Mullvadbrowser while it's
not yet enabled in Tor Browser).

Thank you again for this great review André :)

Clément
C
C
Clément Lassieur wrote on 21 Dec 2023 14:56
[PATCH v2] gnu: Add torbrowser.
(name . Clément Lassieur)(address . clement@lassieur.org)
45b7d4b41bbd918cc15c4a10fe5c30a40b792947.1703164756.git.clement@lassieur.org
* gnu/packages/tor.scm (torbrowser): New variable.
(torbrowser-assets): New variable.
* gnu/packages/browser-extensions.scm (noscript): New variable.
(noscript/icecat): New variable.

Change-Id: I73dc53905e4a028108bb34aae07e44256cf16c85
---
gnu/packages/browser-extensions.scm | 26 +++
gnu/packages/gnupg.scm | 3 +-
gnu/packages/tor.scm | 285 ++++++++++++++++++++++++++++
3 files changed, 312 insertions(+), 2 deletions(-)

Toggle diff (379 lines)
diff --git a/gnu/packages/browser-extensions.scm b/gnu/packages/browser-extensions.scm
index 2251011f849a..178bcaae6c90 100644
--- a/gnu/packages/browser-extensions.scm
+++ b/gnu/packages/browser-extensions.scm
@@ -21,6 +21,7 @@
(define-module (gnu packages browser-extensions)
#:use-module (guix gexp)
#:use-module (guix packages)
+ #:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system copy)
#:use-module (guix build-system gnu)
@@ -221,3 +222,28 @@ (define passff
(define-public passff/icecat
(make-icecat-extension passff))
+
+(define noscript
+ (package
+ (name "noscript")
+ (version "11.4.28")
+ (source (origin
+ (method url-fetch/zipbomb)
+ (uri (string-append
+ "https://noscript.net/download/releases/noscript-" version
+ ".xpi"))
+ (sha256
+ (base32
+ "051wawi0yjyramp743yjawqaz59g3m2gcivm24b44ibd4arpdl2l"))))
+ (build-system copy-build-system)
+ (properties '((addon-id . "{73a6fe31-595d-460b-a920-fcc0f8843232}")))
+ (arguments
+ `(#:install-plan '(("." ,(assq-ref properties 'addon-id)))))
+ (home-page "https://noscript.net")
+ (synopsis "Software providing extra protection for various browsers.")
+ (description "The NoScript Security Suite is a software providing extra
+protection for web browsers.")
+ (license license:gpl3+)))
+
+(define-public noscript/icecat
+ (make-icecat-extension noscript))
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index a5b8587a141c..bec74b3f3f49 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -70,7 +70,6 @@ (define-module (gnu packages gnupg)
#:use-module (gnu packages swig)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages tls)
- #:use-module (gnu packages tor)
#:use-module (gnu packages web)
#:use-module (gnu packages xorg)
#:use-module (gnu packages xdisorg)
@@ -1124,7 +1123,7 @@ (define-public parcimonie
perl-try-tiny
perl-type-tiny
perl-types-path-tiny
- torsocks))
+ (@ (gnu packages tor) torsocks))) ;avoid dependency loop
(native-inputs
(list perl-file-which
perl-gnupg-interface
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 71f32b3f4331..f5efcd25ef25 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -36,11 +36,15 @@ (define-module (gnu packages tor)
#:use-module (guix utils)
#:use-module (guix download)
#:use-module (guix git-download)
+ #:use-module (guix build-system copy)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system mozilla)
#:use-module (guix build-system python)
#:use-module (guix build-system pyproject)
#:use-module (gnu packages)
#:use-module (gnu packages base)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages browser-extensions)
#:use-module (gnu packages libevent)
#:use-module (gnu packages linux)
#:use-module (gnu packages check)
@@ -48,6 +52,7 @@ (define-module (gnu packages tor)
#:use-module (gnu packages pcre)
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages glib)
+ #:use-module (gnu packages gnuzilla)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages python-check)
@@ -483,3 +488,283 @@ (define-public tractor
the onion proxy and sets up proxy in user session, so you don't have to mess
up with TOR on your system anymore.")
(license license:gpl3+)))
+
+(define torbrowser-assets
+ ;; This is a prebuilt Torbrowser from which we take the assets we need.
+ (package
+ (name "torbrowser-assets")
+ ;; To find the last version, look at https://www.torproject.org/download/.
+ (version "13.0.6")
+ (source
+ (origin
+ (method url-fetch)
+ (uri
+ (string-append
+ "https://archive.torproject.org/tor-package-archive/torbrowser/"
+ version "/tor-browser-linux-x86_64-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0d72jgcp9rbpfjivsh6vg6bgbppkhrlficwk4jz0f8h69cj8ygzd"))))
+ (arguments
+ (list
+ #:install-plan
+ ''(("Browser" "." #:include-regexp
+ ("^\\./TorBrowser/Data/Tor/torrc-defaults"
+ "^\\./fonts/"
+ "^\\./fontconfig/fonts.conf")))))
+ (build-system copy-build-system)
+ (home-page "https://www.torproject.org")
+ (synopsis "Tor Browser assets")
+ (description "This package contains fonts and configuration files for Tor
+Browser.")
+ (license license:silofl1.1)))
+
+;; Must be of the form YYYYMMDDhhmmss as in `date +%Y%m%d%H%M%S`.
+(define %moz-build-date "20231219173144")
+
+(define-public torbrowser
+ (package
+ (inherit icecat-minimal)
+ (name "torbrowser")
+ ;; To find the last version, browse
+ ;; https://archive.torproject.org/tor-package-archive/torbrowser/<version>
+ ;; (<version> is the version of the `torbrowser-assets` package). There
+ ;; should be only one archive that starts with "src-firefox-tor-browser-".
+ (version "115.5.0esr-13.0-1-build4")
+ (source
+ (origin
+ (method url-fetch)
+ (uri
+ (string-append
+ "https://archive.torproject.org/tor-package-archive/torbrowser/"
+ (package-version torbrowser-assets)
+ "/src-firefox-tor-browser-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0p0qsfc2l2bicqjr1kxciiij5qz7n8xqyvyn8f13fvk0wyg94c6v"))))
+ (build-system mozilla-build-system)
+ (arguments
+ (substitute-keyword-arguments (package-arguments icecat-minimal)
+ ((#:configure-flags flags '())
+ #~(cons*
+ "--without-relative-data-dir" ;store is read-only
+ "--disable-base-browser-update"
+ ;; Default is "default", which is the same as "nightly".
+ "--enable-update-channel=release"
+ "--with-user-appdir=.torbrowser"
+ "--with-branding=browser/branding/tb-release"
+ (string-append "--prefix=" #$output)
+ (string-append "--with-base-browser-version="
+ #$(package-version
+ (this-package-input "torbrowser-assets")))
+ #$flags))
+ ((#:phases phases)
+ #~(modify-phases #$phases
+ (add-before 'configure 'setenv
+ (lambda _
+ (setenv "CONFIG_SHELL" (which "bash"))
+ ;; Install location is prefix/lib/$MOZ_APP_NAME. Also
+ ;; $MOZ_APP_NAME is the executable name. Default is
+ ;; "firefox".
+ (setenv "MOZ_APP_NAME" "torbrowser")
+ ;; Profile location (relative to "~/."). Default is
+ ;; lower($MOZ_APP_VENDOR/$MOZ_APP_BASENAME), which is:
+ ;; ~/.tor project/firefox.
+ (setenv "MOZ_APP_PROFILE" "torbrowser/browser")
+ ;; WM_CLASS (default is "$MOZ_APP_NAME-$MOZ_UPDATE_CHANNEL").
+ (setenv "MOZ_APP_REMOTINGNAME" "Tor Browser")
+ ;; Persistent state directory for the build system (default is
+ ;; $HOME/.mozbuild).
+ (setenv "MOZBUILD_STATE_PATH"
+ (in-vicinity (getcwd) ".mozbuild"))
+ ;; Make build reproducible.
+ (setenv "MOZ_BUILD_DATE" #$%moz-build-date)))
+ (add-before 'configure 'mozconfig
+ (lambda* (#:key configure-flags #:allow-other-keys)
+ (with-output-to-file "mozconfig"
+ (lambda ()
+ (format #t ". $topsrcdir/mozconfig-linux-x86_64~%")
+ (for-each (lambda (flag)
+ (format #t "ac_add_options ~a~%" flag))
+ configure-flags)))))
+ (replace 'configure
+ (lambda _
+ (invoke "make" "-C" "tools/torbrowser" "config")))
+ (add-before 'build 'fix-addons-placeholder
+ (lambda _
+ (substitute*
+ "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
+ (("addons.mozilla.org") "gnuzilla.gnu.org"))))
+ (replace 'build
+ (lambda _
+ (invoke "make" "-C" "tools/torbrowser" "build")))
+ (add-after 'install 'deploy-assets
+ (lambda _
+ (let ((assets #$(this-package-input "torbrowser-assets"))
+ (lib (in-vicinity #$output "lib/torbrowser"))
+ (tor #$(this-package-input "tor-client")))
+ ;; TorBrowser/Data/Tor/torrc-defaults
+ (copy-recursively (in-vicinity assets "TorBrowser")
+ (in-vicinity lib "TorBrowser"))
+ ;; The geoip and geoip6 files are in the same directory as
+ ;; torrc-defaults. (See TorProcess.sys.mjs.)
+ (mkdir-p (in-vicinity lib "TorBrowser/Data/Tor"))
+ (copy-file (in-vicinity tor "share/tor/geoip")
+ (in-vicinity lib "TorBrowser/Data/Tor/geoip"))
+ (copy-file (in-vicinity tor "share/tor/geoip6")
+ (in-vicinity lib "TorBrowser/Data/Tor/geoip6"))
+ ;; Fonts
+ (copy-recursively (in-vicinity assets "fontconfig")
+ (in-vicinity lib "fontconfig"))
+ (substitute* (in-vicinity lib "fontconfig/fonts.conf")
+ (("<dir>fonts</dir>")
+ (format #f "<dir>~a</dir>" (in-vicinity lib "fonts"))))
+ (delete-file-recursively (in-vicinity lib "fonts"))
+ (copy-recursively (in-vicinity assets "fonts")
+ (in-vicinity lib "fonts")))))
+ (replace 'build-sandbox-whitelist
+ (lambda* (#:key inputs #:allow-other-keys)
+ (define (runpath-of lib)
+ (call-with-input-file lib
+ (compose elf-dynamic-info-runpath
+ elf-dynamic-info
+ parse-elf
+ get-bytevector-all)))
+ (define (runpaths-of-input label)
+ (let* ((dir (string-append (assoc-ref inputs label) "/lib"))
+ (libs (find-files dir "\\.so$")))
+ (append-map runpath-of libs)))
+ ;; Populate the sandbox read-path whitelist as needed by ffmpeg.
+ (let* ((whitelist
+ (map (cut string-append <> "/")
+ (delete-duplicates
+ `(,(string-append (assoc-ref inputs "shared-mime-info")
+ "/share/mime")
+ ,@(append-map runpaths-of-input
+ '("mesa" "ffmpeg"))))))
+ (whitelist-string (string-join whitelist ",")))
+ (with-output-to-file "whitelist.txt"
+ (lambda ()
+ (display whitelist-string))))))
+ (add-after 'install 'autoconfig
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((lib (in-vicinity #$output "lib/torbrowser"))
+ (config-file "tor-browser.cfg"))
+ (with-output-to-file (in-vicinity
+ lib "defaults/pref/autoconfig.js")
+ (lambda ()
+ (format #t "// first line must be a comment~%")
+ (format #t "pref(~s, ~s);~%"
+ "general.config.filename" config-file)
+ (format #t "pref(~s, ~a);~%"
+ "general.config.obscure_value" "0")))
+ (with-output-to-file (in-vicinity lib config-file)
+ (lambda ()
+ (format #t "// first line must be a comment~%")
+ (format #t "pref(~s, ~s);~%"
+ "extensions.torlauncher.torrc-defaults_path"
+ (in-vicinity
+ lib "TorBrowser/Data/Tor/torrc-defaults"))
+ (format #t "pref(~s, ~s);~%"
+ "extensions.torlauncher.tor_path"
+ (search-input-file inputs "bin/tor"))
+ ;; Required for Guix packaged extensions
+ ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8
+ ;; Default is 5.
+ (format #t "pref(~s, ~a);~%"
+ "extensions.enabledScopes" "13")
+ (format #t "pref(~s, ~s);~%"
+ "security.sandbox.content.read_path_whitelist"
+ (call-with-input-file "whitelist.txt"
+ get-string-all))
+ ;; Add-ons pannel (see settings.js in Icecat source).
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.search.browseURL"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.get.url"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.link.url"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.discovery.api_url"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "extensions.getAddons.langpacks.url"
+ "https://gnuzilla.gnu.org/mozzarella")
+ (format #t "pref(~s, ~s);~%"
+ "lightweightThemes.getMoreURL"
+ "https://gnuzilla.gnu.org/mozzarella"))))))
+ (replace 'wrap-program
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((gtk #$(this-package-input "gtk+"))
+ (gtk-share (string-append gtk "/share"))
+ (fonts.conf (in-vicinity
+ #$output
+ "lib/torbrowser/fontconfig/fonts.conf"))
+ (ld-libs '#$(cons
+ (file-append
+ (this-package-input "libcanberra")
+ "/lib/gtk-3.0/modules")
+ (map
+ (lambda (label)
+ (file-append
+ (this-package-input label) "/lib"))
+ '("libpng-apng"
+ "libxscrnsaver"
+ "mesa"
+ "pciutils"
+ "mit-krb5"
+ "eudev"
+ "pulseaudio"
+ "libnotify")))))
+ (wrap-program
+ (in-vicinity #$output "lib/torbrowser/torbrowser")
+ `("XDG_DATA_DIRS" prefix (,gtk-share))
+ `("LD_LIBRARY_PATH" prefix ,ld-libs)
+ `("FONTCONFIG_FILE" prefix (,fonts.conf))))))
+ (replace 'install-desktop-entry
+ (lambda _
+ (let ((apps (in-vicinity #$output "share/applications")))
+ (mkdir-p apps)
+ (make-desktop-entry-file
+ (in-vicinity apps "torbrowser.desktop")
+ #:name "Tor Browser"
+ #:exec
+ (format #f "~a %u" (in-vicinity #$output "bin/torbrowser"))
+ #:comment
+ "Tor Browser is +1 for privacy and -1 for mass surveillance"
+ #:categories '("Network" "WebBrowser" "Security")
+ #:startup-w-m-class "Tor Browser"
+ #:icon "tor-browser"))))
+ (replace 'install-icons
+ (lambda* (#:key inputs #:allow-other-keys)
+ (for-each
+ (lambda (size)
+ (let ((oldpath (string-append
+ "browser/branding/tb-release/default"
+ size ".png"))
+ (newpath (string-append #$output
+ "/share/icons/hicolor/"
+ size "x" size "/apps")))
+ (mkdir-p newpath)
+ (copy-file oldpath
+ (in-vicinity newpath "tor-browser.png"))))
+ '("16" "22" "24" "32" "48" "64" "128" "256"))))))))
+ (inputs
+ (modify-inputs (package-inputs icecat-minimal)
+ (append bash-minimal
+ tor-client
+ torbrowser-assets)))
+ (propagated-inputs
+ (list noscript/icecat))
+ (home-page "https://www.torproject.org")
+ (synopsis "Anonymous browser derived from Mozilla Firefox")
+ (description
+ "Tor Browser is the Tor Project version of Firefox browser. It is the
+only recommended way to anonymously browse the web that is supported by the
+project. It modifies Firefox in order to avoid many know application level
+attacks on the privacy of Tor users.")
+ (license license:mpl2.0))) ;And others, see
+ ;toolkit/content/license.html

base-commit: bb3ab24a296ffa5273b2e82a02ed057e90c095f3
prerequisite-patch-id: 51e2c2aaf5262d0d9001b0b5c37836060291f55d
--
2.41.0
C
C
Clément Lassieur wrote on 21 Dec 2023 16:05
Re: bug#42380: [WIP] gnu: Add torbrowser-unbundle.
(name . André Batista)(address . nandre@riseup.net)(address . 42380@debbugs.gnu.org)
8734vvoat3.fsf_-_@lassieur.org
On Tue, Dec 19 2023, Clément Lassieur wrote:

Toggle quote (2 lines)
> I'll send an updated patch soon, and I'll test garbage collecting tor.

So I sent an updated patch, and I can confirm that references to
non-existing tor binaries don't cause any issue, those references are
updated upon starting Tor Browser.

Cheers,
Clément
A
A
André Batista wrote on 22 Dec 2023 15:54
(name . Clément Lassieur)(address . clement@lassieur.org)(address . 42380@debbugs.gnu.org)
ZYWjMqM5z8XJVcAU@andel
qui 21 dez 2023 �s 16:05:44 (1703185544), clement@lassieur.org enviou:
Toggle quote (8 lines)
> On Tue, Dec 19 2023, Cl�ment Lassieur wrote:
>
> > I'll send an updated patch soon, and I'll test garbage collecting tor.
>
> So I sent an updated patch, and I can confirm that references to
> non-existing tor binaries don't cause any issue, those references are
> updated upon starting Tor Browser.

Will you do the honors, then?

Didn't have the time to test it yet, but I suppose we are beyond testing
phase? I, for one, will be merging this to my local channel.

Thanks and do tell me if you need any more input, I'll reply to you
after my next guix pull.
C
C
Clément Lassieur wrote on 25 Dec 2023 16:28
(name . André Batista)(address . nandre@riseup.net)(address . 42380@debbugs.gnu.org)
87h6k6l2tb.fsf_-_@lassieur.org
On Fri, Dec 22 2023, André Batista wrote:

Toggle quote (11 lines)
> qui 21 dez 2023 às 16:05:44 (1703185544), clement@lassieur.org enviou:
>> On Tue, Dec 19 2023, Clément Lassieur wrote:
>>
>> > I'll send an updated patch soon, and I'll test garbage collecting tor.
>>
>> So I sent an updated patch, and I can confirm that references to
>> non-existing tor binaries don't cause any issue, those references are
>> updated upon starting Tor Browser.
>
> Will you do the honors, then?

Sure! I thought it would make sense to add a mention like:

Co-authored-by: André Batista <nandre@riseup.net>

given all the work you've done which was useful to me. Does it sound
good to you?

Toggle quote (5 lines)
> Didn't have the time to test it yet, but I suppose we are beyond testing
> phase? I, for one, will be merging this to my local channel.
>
> Thanks and do tell me if you need any more input, I'll reply to you
> after my next guix pull.
A
A
André Batista wrote on 27 Dec 2023 11:03
(name . Clément Lassieur)(address . clement@lassieur.org)(address . 42380@debbugs.gnu.org)
ZYv2hVWTAX3VzM_j@andel
seg 25 dez 2023 �s 16:28:00 (1703532480), clement@lassieur.org enviou:
Toggle quote (20 lines)
> On Fri, Dec 22 2023, Andr� Batista wrote:
>
> > qui 21 dez 2023 �s 16:05:44 (1703185544), clement@lassieur.org enviou:
> >> On Tue, Dec 19 2023, Cl�ment Lassieur wrote:
> >>
> >> > I'll send an updated patch soon, and I'll test garbage collecting tor.
> >>
> >> So I sent an updated patch, and I can confirm that references to
> >> non-existing tor binaries don't cause any issue, those references are
> >> updated upon starting Tor Browser.
> >
> > Will you do the honors, then?
>
> Sure! I thought it would make sense to add a mention like:
>
> Co-authored-by: Andr� Batista <nandre@riseup.net>
>
> given all the work you've done which was useful to me. Does it sound
> good to you?

That would be lovely, thank you!

I've included it to my local channel and did some minimal testing and
everything seem to be working as expected.

The only thing of note was that I couldn't find here the
prerequisite-patch-id that you've mentioned on the version 2. It built
and ran just fine over 5bd80ccd6, even though it did not apply cleanly.

Cheers!
C
C
Clément Lassieur wrote on 27 Dec 2023 12:18
(name . André Batista)(address . nandre@riseup.net)(address . 42380-done@debbugs.gnu.org)
875y0jrj11.fsf_-_@lassieur.org
On Wed, Dec 27 2023, André Batista wrote:

Toggle quote (30 lines)
> seg 25 dez 2023 às 16:28:00 (1703532480), clement@lassieur.org enviou:
>> On Fri, Dec 22 2023, André Batista wrote:
>>
>> > qui 21 dez 2023 às 16:05:44 (1703185544), clement@lassieur.org enviou:
>> >> On Tue, Dec 19 2023, Clément Lassieur wrote:
>> >>
>> >> > I'll send an updated patch soon, and I'll test garbage collecting tor.
>> >>
>> >> So I sent an updated patch, and I can confirm that references to
>> >> non-existing tor binaries don't cause any issue, those references are
>> >> updated upon starting Tor Browser.
>> >
>> > Will you do the honors, then?
>>
>> Sure! I thought it would make sense to add a mention like:
>>
>> Co-authored-by: André Batista <nandre@riseup.net>
>>
>> given all the work you've done which was useful to me. Does it sound
>> good to you?
>
> That would be lovely, thank you!
>
> I've included it to my local channel and did some minimal testing and
> everything seem to be working as expected.
>
> The only thing of note was that I couldn't find here the
> prerequisite-patch-id that you've mentioned on the version 2. It built
> and ran just fine over 5bd80ccd6, even though it did not apply cleanly.

This was probably a local unrelated commit.

Pushed! Thanks for testing :)

Clément
Closed
A
A
Anonymousemail wrote on 27 Dec 2023 22:22
[WIP] gnu: Add torbrowser-unbundle.
(address . 42380@debbugs.gnu.org)
0e940152b4451b265b7f3786ff9cf348@anonymousemail.me
Hi Clément

Thank you for the good hard work. I did some preliminary testing and WebGL seems to be enabled while in the original version it is disabled by default.

Also, some minor differences could be spotted via https://fingerprintjs.github.io/fingerprintjs/in the "Duration" fields, although I can not pinpoint what is the trigger.
Thanks,
Andreas
Attachment: file
C
C
Clément Lassieur wrote on 28 Dec 2023 17:03
(name . Anonymousemail)(address . noreply@anonymousemail.me)(address . 42380@debbugs.gnu.org)
87frzm71s2.fsf_-_@lassieur.org
Hello!

On Wed, Dec 27 2023, Anonymousemail wrote:

Toggle quote (4 lines)
> Hi Clément Thank you for the good hard work. I did some preliminary
> testing and WebGL seems to be enabled while in the original version it
> is disabled by default.

I just tested on the official version and I can confirm WebGL was
enabled. I tested with this site: https://get.webgl.org/,and I saw it
in about:support too.

Toggle quote (4 lines)
> Also, some minor differences could be spotted via
> https://fingerprintjs.github.io/fingerprintjs/ in the "Duration"
> fields, although I can not pinpoint what is the trigger.

Indeed, I'll have a look at it. Thanks for telling me!

Clément
C
C
Clément Lassieur wrote on 30 Dec 2023 01:34
(name . Anonymousemail)(address . noreply@anonymousemail.me)(address . 42380@debbugs.gnu.org)
878r5cfs02.fsf_-_@lassieur.org
Toggle quote (4 lines)
> Hi Clément Thank you for the good hard work. I did some preliminary testing and WebGL seems to be enabled while in the original version it is
> disabled by default. Also, some minor differences could be spotted via https://fingerprintjs.github.io/fingerprintjs/ in the "Duration" fields,
> although I can not pinpoint what is the trigger. Thanks, Andreas

Hi,

I don't think the Duration field matters, it changes all the time
anyway. It's probably the time it took to get a reply.

What matters on this site is probably the "Visitor identifier" and I get
the same on both "guix packaged torbrowser" and "official torbrowser".

Cheers,
Clément
?