Toggle diff (1356 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index f1a6c6a0d0..ccdcdc8e6a 100644
# Copyright © 2020 Jan Wielkiewicz <tona_kosmicznego_smiecia@interia.pl>
# Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
# Copyright © 2020 Tanguy Le Carrour <tanguy@bioneland.org>
+# Copyright © 2020 André Batista <nandre@riseup.net>
# This file is part of GNU Guix.
@@ -1587,6 +1588,8 @@ dist_patch_DATA = \
%D%/packages/patches/tipp10-fix-compiling.patch \
%D%/packages/patches/tipp10-remove-license-code.patch \
%D%/packages/patches/tk-find-library.patch \
+ %D%/packages/patches/torbrowser-start-tor-browser.patch \
+ %D%/packages/patches/torbrowser-start-tor-browser.desktop.patch \
%D%/packages/patches/ttf2eot-cstddef.patch \
%D%/packages/patches/ttfautohint-source-date-epoch.patch \
%D%/packages/patches/tomb-fix-errors-on-open.patch \
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 2c31632db6..63b090fbd8 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
;;; Copyright © 2019, 2020 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2020 Jack Hill <jackhill@jackhill.us>
;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
+;;; Copyright © 2020 André Batista <nandre@riseup.net>
;;; This file is part of GNU Guix.
@@ -4263,3 +4264,203 @@ used by other processes.")
Porter2 stemmer}. It is written completely using finite state machines to do
suffix comparison, rather than the string-based or tree-based approaches.")
(license license:asl2.0))))
+(define-public go-torproject-org-ptlib
+ (name "go-torproject-org-ptlib")
+ (url "https://git.torproject.org/pluggable-transports/goptlib.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ "1lh938194hvkf8pqgnxwf6hvjv9rv0j3kasi07r2ckrj8sxzk4jc"))))
+ (build-system go-build-system)
+ '(#:import-path "git.torproject.org/pluggable-transports/goptlib.git"))
+ (home-page "https://git.torproject.org/pluggable-transports/goptlib.git")
+ (synopsis "Go library for Tor Pluggable Transports")
+ (description "Library for writing Tor Pluggable Transports in Go. Pluggable
+Transports are a means of connecting to the Tor Network from places where it
+ (license license:cc0)))
+(define-public go-github-com-agl-ed25519
+ (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")
+ (name "go-github-com-agl-ed25519")
+ (version (git-version "0.0.0" revision commit))
+ (url "https://github.com/agl/ed25519")
+ (file-name (string-append name "-" version "-checkout"))
+ "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))
+ (build-system go-build-system)
+ '(#:import-path "github.com/agl/ed25519"
+ (modify-phases %standard-phases
+ (add-before 'reset-gzip-timestamps 'make-files-writable
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (for-each (lambda (file) (chmod file #o644))
+ (find-files out "\\.gz"))
+ (home-page "https://github.com/agl/ed25519")
+ (synopsis "Go library for ed25519 public-key signatures")
+ (description "This library is a Go implementation of ed25519 public-key
+signature system which was designed to be faster than previous digital signature
+systems without sacrificing security. It is currently used in the
+implementation of obfs4 and should be not be used on newer projects since it
+is unmaintained. Newer software should use x-crypto instead.")
+ ;; License file is referred but it is missing. Probably because the
+ ;; author decided to discontinue the project.
+ (license (license:non-copyleft "file://ed25519.go")))))
+(define-public go-github-com-dchest-siphash
+ (let ((commit "34f201214d993633bb24f418ba11736ab8b55aa7")
+ (name "go-github-com-dchest-siphash")
+ (version (git-version "0.0.0" revision commit))
+ (url "https://github.com/dchest/siphash")
+ (file-name (string-append name "-" version "-checkout"))
+ "08s076y7vmjqnq7jz0762hkm896r6r31v8b31a3gy0n8rfa01k8k"))))
+ (build-system go-build-system)
+ '(#:import-path "github.com/dchest/siphash"))
+ (home-page "https://github.com/dchest/siphash")
+ (synopsis "Go library for siphash")
+ (description "Go implementation of SipHash-2-4, a fast short-input
+Pseudo Random Function which is suitable for usage in message authentication
+codes and was based on the design created by Jean-Philippe Aumasson and Daniel
+ (license license:cc0))))
+(define-public go-github-com-dchest-uniuri
+ (let ((commit "8902c56451e9b58ff940bbe5fec35d5f9c04584a")
+ (name "go-github-com-dchest-uniuri")
+ (version (git-version "0.0.0" revision commit))
+ (url "https://github.com/dchest/uniuri")
+ (file-name (string-append name "-" version "-checkout"))
+ "1x5bsbm1nlphsv96zd0rbclfaa1swpz5bp14x7s5dbxp0awk2gd4"))))
+ (build-system go-build-system)
+ '(#:import-path "github.com/dchest/uniuri"))
+ (home-page "https://github.com/dchest/uniuri")
+ (synopsis "Go library for random URIs")
+ (description "Package uniuri generates random strings good for use in
+Universal Resource Identifiers to uniquely identify objects.")
+ (license license:cc0))))
+(define-public go-github-com-dsnet-compress
+ (let ((commit "cc9eb1d7ad760af14e8f918698f745e80377af4f")
+ (name "go-github-com-dsnet-compress")
+ (version (git-version "0.0.0" revision commit))
+ (url "https://github.com/dsnet/compress")
+ (file-name (string-append name "-" version "-checkout"))
+ "159liclywmyb6zx88ga5gn42hfl4cpk1660zss87fkx31hdq9fgx"))))
+ (build-system go-build-system)
+ '(#:import-path "github.com/dsnet/compress"))
+ (home-page "https://github.com/dsnet/compress")
+ (synopsis "Go library for extended compression")
+ (description "This is a collection of compression related libraries.
+The goal of this project is to provide pure Go implementations for popular
+compression algorithms bey ond what the Go standard library provides.")
+ (license (license:non-copyleft "file://LICENSE.md")))))
+(define-public go-schwanenlied-me-yawning-bsaes
+ (let ((commit "26d1add596b6d800bdeeb3bc3b2c7b316c056b6d")
+ (name "go-schwanenlied-me-yawning-bsaes")
+ (version (git-version "0.0.0" revision commit))
+ (url "https://git.schwanenlied.me/yawning/bsaes.git")
+ (file-name (string-append name "-" version "-checkout"))
+ "0h4dsyw54n9rcwprqy93wv2v1gcvlq1vfqdp1g7wxdkq457rhvys"))))
+ (build-system go-build-system)
+ '(#:import-path "git.schwanenlied.me/yawning/bsaes.git"))
+ (home-page "https://git.schwanenlied.me/yawning/bsaes.git")
+ (synopsis "Go AES library")
+ (description "Portable pure-Go constant time Advanced Encryption
+Standard (AES) for eletronic data encryption. This implementation if
+based on code from [BearSSL](https://bearssl.org/). On AMD64 systems
+with hardware support for AES New Instructions (AES-NI) and a
+sufficiently recent Go runtime, it will transparently call crypto/aes
+when NewCipher is invoked.")
+ (license (license:non-copyleft "file://LICENSE.txt")))))
+(define-public go-gitlab-com-yawning-utls
+ (name "go-gitlab-com-yawning-utls")
+ (url "https://gitlab.com/yawning/utls.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ "15c46s56r45n22rmq9spnczydnkqrnxff28h5mpnk5yvcqif3lgb"))))
+ (build-system go-build-system)
+ '(#:tests? #f ;; Tries to connect and fails.
+ #:import-path "gitlab.com/yawning/utls.git"))
+ `(("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+ ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+ ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)))
+ (home-page "https://gitlab.com/yawning/utls.git")
+ (synopsis "Go library for uTLS")
+ (description "This library is a fork of the main Transport Layer Security
+protocol in Go (crypto/tls) which provides ClientHello fingerprinting resistance,
+low level access to handshakes and fake session tickets among other features.
+This fork was made for the specific purpose of improving obfs4proxy's meek_lite
+ (license license:gpl3+)))
diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
index 0000000000..336115b33a
+++ b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
+Change TorBrowser desktop file in order for it to be agnostic to the
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop.orign 2020-07-05 18:47:40.689484877 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop 2020-07-25 02:54:44.603431160 -0300
+-#!/usr/bin/env ./Browser/execdesktop
+ # This file is a self-modifying .desktop file that can be run from the shell.
+ # It preserves arguments and environment for the start-tor-browser script.
+ GenericName=Web Browser
+ Comment=Tor Browser is +1 for privacy and −1 for mass surveillance
+ Categories=Network;WebBrowser;Security;
+-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k
+-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
++Exec=bash -c start-tor-browser
++X-TorBrowser-ExecShell=start-tor-browser --detach
+ StartupWMClass=Tor Browser
diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.patch b/gnu/packages/patches/torbrowser-start-tor-browser.patch
index 0000000000..c563f94003
+++ b/gnu/packages/patches/torbrowser-start-tor-browser.patch
+Change TorBrowser startup script in order for it to setup needed files
+outside guix store. Remove tests which are not needed on guix system.
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.orig 2020-07-05 18:47:40.685485004 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser 2020-08-01 20:22:08.901737325 -0300
+ # Copyright 2017 The Tor Project. See LICENSE for licensing information.
++TBB_HOME="${HOME}/.local/share/torbrowser"
++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"
++TBB_DATA="${TBB_HOME}/Data"
++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"
++TBB_STORE_PATH=$(dirname $(realpath "$0"))
++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"
++TORRC="${TBB_DATA}/Tor/torrc-defaults"
++PT_PREFS="${TBB_DATA}/Browser/bridge-prefs-js-appendix"
+ complain_dialog_title="Tor Browser"
+ # First, make sure DISPLAY is set. If it isn't, we're hosed; scream
+ printf " --verbose Display Tor and Firefox output in the terminal\n"
+ printf " --log [file] Record Tor and Firefox output in file (default: tor-browser.log)\n"
+ printf " --detach Detach from terminal and run Tor Browser in the background.\n"
+- printf " --register-app Register Tor Browser as a desktop app for this user\n"
+- printf " --unregister-app Unregister Tor Browser as a desktop app for this user\n"
+ if [ -z "$2" -o "${2:0:1}" == "-" ]; then
+- printf "Logging Tor Browser debug information to tor-browser.log\n"
+- logfile="../tor-browser.log"
++ printf "Logging Tor Browser debug information to torbrowser.log\n"
++ logfile="${TBB_LOGFILE}"
+ elif [ "${2:0:1}" == "/" -o "${2:0:1}" == "~" ]; then
+ printf "Logging Tor Browser debug information to %s\n" "$2"
+- register_desktop_app=1
+- register_desktop_app=-1
+-# If this script is being run through a symlink, we need to know where
+-# in the filesystem the script itself is, not where the symlink is.
+-if [ -L "$myname" ]; then
+- # XXX readlink is not POSIX, but is present in GNU coreutils
+- # and on FreeBSD. Unfortunately, the -f option (which follows
+- # a whole chain of symlinks until it reaches a non-symlink
+- # path name) is a GNUism, so we have to have a fallback for
+- # FreeBSD. Fortunately, FreeBSD has realpath instead;
+- # unfortunately, that's also non-POSIX and is not present in
+- # If this launcher were a C program, we could just use the
+- # realpath function, which *is* POSIX. Too bad POSIX didn't
+- # make that function accessible to shell scripts.
+- # If realpath is available, use it; it Does The Right Thing.
+- possibly_my_real_name="`realpath "$myname" 2>/dev/null`"
+- if [ "$?" -eq 0 ]; then
+- myname="$possibly_my_real_name"
+- # realpath is not available; hopefully readlink -f works.
+- myname="`readlink -f "$myname" 2>/dev/null`"
+- if [ "$?" -ne 0 ]; then
+- complain "start-tor-browser cannot be run using a symlink on this operating system."
++# Try to be agnostic to where we're being started from, check if files are on its
++# default paths and chdir to TBB_HOME
++if [ -e "${TORRC}" ]; then
++ mkdir -p "${TBB_HOME}"
++ cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
++ chmod -R 700 "${TBB_HOME}"
++ mkdir -p "${TBB_PROFILE}"
++ echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\
++ > "${TBB_PROFILE}/user.js"
++ grep -v 'default_bridge\.snowflake' "${PT_PREFS}" >> "${TBB_PROFILE}/user.js"
++ echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
+-# Try to be agnostic to where we're being started from, chdir to where
+-mydir="`dirname "$myname"`"
+-test -d "$mydir" && cd "$mydir"
+ # If ${PWD} results in a zero length string, we can try something else...
+ if [ ! "${PWD}" ]; then
+ # "hacking around some braindamage"
+ ln -nsf ~/.config/ibus/bus .config/ibus
+-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from the
+-# canonical version if it was changed by the updater.
+-cp start-tor-browser.desktop ../
+-sed -i -e "s,^Name=.*,Name=Tor Browser,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Icon=.*,Icon=$PWD/browser/chrome/icons/default/default128.png,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Exec=.*,Exec=sh -c '\"$PWD/start-tor-browser\" --detach || ([ ! -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Browser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop
+-if [ "$register_desktop_app" -eq 1 ]; then
+- mkdir -p "$HOME/.local/share/applications/"
+- cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
+- update-desktop-database "$HOME/.local/share/applications/"
+- printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"
+-if [ "$register_desktop_app" -eq -1 ]; then
+- if [ -e "$HOME/.local/share/applications/start-tor-browser.desktop" ]; then
+- rm -f "$HOME/.local/share/applications/start-tor-browser.desktop"
+- update-desktop-database "$HOME/.local/share/applications/"
+- printf "Tor Browser has been removed as a user desktop app (from ~/.local/share/applications/)\n"
+- printf "Tor Browser does not appear to be a desktop app (not present in ~/.local/share/applications/)\n"
+-SYSARCHITECTURE=$(getconf LONG_BIT)
+-TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
+-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
+- complain "Wrong architecture? 32-bit vs. 64-bit."
+-[% IF c("var/asan") -%]
+-# We need to disable LSan which is enabled by default now. Otherwise we'll get
+-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59
+-ASAN_OPTIONS="detect_leaks=0"
+ function setControlPortPasswd() {
+ # your password in the following line where the word “secret” is:
+ setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'}
+-# Set up custom bundled fonts. See fonts-conf(5).
+-export FONTCONFIG_PATH="${HOME}/TorBrowser/Data/fontconfig"
+-export FONTCONFIG_FILE="fonts.conf"
+ # Avoid overwriting user's dconf values. Fixes #27903.
+ export GSETTINGS_BACKEND=memory
++# Set up custom bundled fonts. See fonts-conf(5).
++export FONTCONFIG_FILE="${HOME}/Data/fontconfig/fonts.conf"
++sed -i "${FONTCONFIG_FILE}"\
++ -e "s,<dir>fonts</dir>,<dir>${TBB_STORE_PATH}/fonts</dir>,"
+ # We pass all additional command-line arguments we get to Firefox.
+ if [ "$show_usage" -eq 1 ]; then
+ # Display Firefox help, then our help
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default --help 2>/dev/null
+ elif [ "$detach" -eq 1 ] ; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
+ elif [ "$log_output" -eq 1 -a "$show_output" -eq 1 ]; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
+ elif [ "$show_output" -eq 1 ]; then
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" < /dev/null
+- TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+- -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
++ TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++ -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index c852c54a5b..d3a0933ae4 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
(define-module (gnu packages tor)
#:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix gexp)
+ #:use-module (guix monads)
#:use-module (guix packages)
#:use-module (guix utils)
+ #:use-module (guix store)
#:use-module (guix download)
#:use-module (guix git-download)
+ #:use-module (guix build-system cargo)
+ #:use-module (guix build-system go)
#:use-module (guix build-system gnu)
#:use-module (guix build-system python)
+ #:use-module (guix build-system trivial)
#:use-module (gnu packages)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages audio)
+ #:use-module (gnu packages autotools)
#:use-module (gnu packages base)
- #:use-module (gnu packages libevent)
- #:use-module (gnu packages linux)
+ #:use-module (gnu packages bash)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages databases)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages golang)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages libcanberra)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages nss)
#:use-module (gnu packages pcre)
+ #:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
#:use-module (gnu packages python-crypto)
#:use-module (gnu packages python-web)
#:use-module (gnu packages python-xyz)
#:use-module (gnu packages qt)
- #:use-module (gnu packages autotools)
+ #:use-module (gnu packages readline)
+ #:use-module (gnu packages rsync) ; for httpse
+ #:use-module (gnu packages rust)
+ #:use-module (gnu packages rust-apps)
+ #:use-module (gnu packages sqlite)
#:use-module (gnu packages tls)
- #:use-module (gnu packages w3m))
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages vim) ; for xxd
+ #:use-module (gnu packages w3m)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xiph)
+ #:use-module (gnu packages xorg)
+ #:use-module (gnu packages xml) ; for httpse
+ #:use-module (ice-9 match)
+ #:use-module ((srfi srfi-1) #:hide (zip)))
@@ -324,3 +365,778 @@ statistics and status reports on:
Potential client and exit connections are scrubbed of sensitive information.")
(license license:gpl3+)))
+ (url "https://git.torproject.org/pluggable-transports/obfs4.git")
+ (commit (string-append "obfs4proxy-" version))))
+ (file-name (git-file-name name version))
+ "1y2kjwrk64l1h8b87m4iqsanib5rn68gzkdri1vd132qrlypycjn"))))
+ (build-system go-build-system)
+ '(#:import-path "git.torproject.org/pluggable-transports/obfs4.git"
+ #:tests? #f ;; No test files
+ (modify-phases %standard-phases
+ (lambda* (#:key outputs configure-flags #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ "src/git.torproject.org/pluggable-transports/obfs4.git"
+ "src/gitlab.com/yawning/obfs4.git"
+ #:log (%make-void-port "w"))
+ (with-directory-excursion
+ "src/git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy"
+ (invoke "go" "build" "-ldflags" "-s"))
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (src "src/git.torproject.org/pluggable-transports/obfs4.git")
+ (bin (string-append out "/bin"))
+ (share (string-append out "/share"))
+ (doc (string-append share "/doc"))
+ (man (string-append share "/man/man1")))
+ (with-directory-excursion
+ (string-append src "/obfs4proxy")
+ (copy-file "obfs4proxy"
+ (string-append bin "/obfs4proxy")))
+ (with-directory-excursion
+ (string-append src "/doc")
+ (copy-file "obfs4proxy.1"
+ (string-append man "/obfs4proxy.1"))
+ (copy-file "obfs4-spec.txt"
+ (string-append doc "/obfs4-spec.txt")))
+ `(("go-torproject-org-ptlib" ,go-torproject-org-ptlib)
+ ;; Currently uses this, but the readme on github is pointing
+ ;; users to start relying on x/crypto/ed25519 instead.
+ ("go-github-com-agl-ed25519" ,go-github-com-agl-ed25519)
+ ("go-github-com-dchest-siphash" ,go-github-com-dchest-siphash)
+ ("go-github-com-dchest-uniuri" ,go-github-com-dchest-uniuri)
+ ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+ ("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+ ("go-gitlab-com-yawning-utls" ,go-gitlab-com-yawning-utls)
+ ("go-golang-org-x-net" ,go-golang-org-x-net)
+ ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)
+ ("go-golang-org-x-text" ,go-golang-org-x-text)))
+ (home-page "https://git.torproject.org/pluggable-transports/obfs4.git")
+ (synopsis "Obfs4 implements an obfuscation protocol")
+ (description "This is a look-like nothing obfuscation protocol that
+incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.
+The obfs naming was chosen primarily because it was shorter, in terms of
+protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")
+ (license license:gpl3+)))
+;; Upstream does not seem to keep tor-browser and tor-browser-build versions
+(define %torbrowser-version "68.11.0esr-9.5-1")
+(define %torbrowser-build-version "9.5.3")
+(define %torbrowser-build "build1")
+(define %torbrowser-build-id "20200729000000");must be of the form YYYYMMDDhhmmss
+;; Fonts for Tor Browser. Avoid downloading 4Gb+ git repo on
+;; https://github.com/googlei18n/noto-fonts.git to use just a handful.
+;; Use the fonts on Tor Browser release tarball.
+(define torbrowser-fonts
+ (name "torbrowser-fonts")
+ (version %torbrowser-build-version)
+ (uri (string-append "https://dist.torproject.org/torbrowser/"
+ version "/tor-browser-linux64-"
+ version "_en-US.tar.xz"))
+ "1kqvr0sag94xdkq85k426qq1hz2b52m315yz51w6hvc87d8332b4"))))
+ (build-system trivial-build-system)
+ `(#:modules ((guix build utils))
+ (use-modules (guix build utils))
+ (let ((src (assoc-ref %build-inputs "source"))
+ (src-dir "tor-browser_en-US/Browser/fonts")
+ (fonts (string-append %output "/share/fonts"))
+ (tar (assoc-ref %build-inputs "tar"))
+ (xz (assoc-ref %build-inputs "xz")))
+ (format #t "Untaring torbrowser ball ...~%")
+ (invoke (string-append tar "/bin/tar") "-xf" src
+ "-C" fonts "--strip-components=3"
+ (string-append "--use-compress-program=" xz "/bin/xz")
+ (home-page "https://github.com/googlei18n/noto-fonts")
+ (synopsis "Tor Browser bundled fonts")
+ (description "Free fonts bundled with Tor Browser. Includes a subset of Noto,
+Arimo, Cousine, Tinos and STIX fonts.")
+ (license license:silofl1.1)))
+(define tor-browser-build
+ (let ((commit (string-append "tbb-" %torbrowser-build-version
+ "-" %torbrowser-build)))
+ (name "tor-browser-build")
+ (version %torbrowser-build-version)
+ (url "https://git.torproject.org/builders/tor-browser-build.git")
+ (file-name (git-file-name name version))
+ "1p291zqkvgsz9kk21s2p9v1bha3aam7z646v73dr06qmhdfhvgag"))))
+ (build-system trivial-build-system)
+ `(#:modules ((guix build utils))
+ (use-modules (guix build utils))
+ (format #t "Copying build scripts ...~%")
+ (copy-recursively (string-append
+ (assoc-ref %build-inputs "source")
+ "/projects/tor-browser")
+ #:log (%make-void-port "w")))))
+ (home-page "https://www.torproject.org")
+ (synopsis "Tor Browser build scripts")
+ (description "Tor Browser runtime scripts.")
+ (license (license:non-copyleft "file://LICENSE")))))
+ (let ((commit "ebe2bedab44e38f18c7968bd327d99eef7660f34"))
+ (version %torbrowser-build-version)
+ (url "https://git.torproject.org/torbutton.git")
+ (file-name (git-file-name name version))
+ "03xdyszab1a8j98xv6440v4lq58jkfqgmhxc2a62qz8q085d2x83"))))
+ (build-system trivial-build-system)
+ `(#:modules ((guix build utils))
+ (use-modules (guix build utils))
+ (format #t "Copying source ...~%")
+ (copy-recursively (assoc-ref %build-inputs "source")
+ #:log (%make-void-port "w")))))
+ (home-page "https://www.torproject.org")
+ (synopsis "Tor Browser built-in extension")
+ (description "Browser extension needed to build and run Tor Browser.")
+ (license (license:non-copyleft "file://LICENSE")))))
+ (url "https://git.torproject.org/tor-launcher.git")
+ (file-name (git-file-name name version))
+ "1mm1z7gv9dv6ymbr3vsg0lsnhnn84zrb6qsa164hmaxcfrwfhz5d"))))
+ (build-system trivial-build-system)
+ `(#:modules ((guix build utils))
+ (use-modules (guix build utils))
+ (format #t "Copying source ...~%")
+ (copy-recursively (assoc-ref %build-inputs "source")
+ #:log (%make-void-port "w")))))
+ (home-page "https://www.torproject.org")
+ (synopsis "Tor Browser built-in controler extension")
+ (description "Browser extension that starts the tor process (which
+connects the browser and other applications to the Tor Network), and
+which helps people configure and use @code{tor}. The first window that
+you see when you start Tor Browser is displayed by this extension.")
+ (license (license:non-copyleft "file://src/LICENSE"))))
+(define https-everywhere
+ (name "https-everywhere")
+ (uri (string-append "https://github.com/EFForg/https-everywhere/archive/"
+ "027lga3z0a4d7s95id861das7g0k29p7pqh9xd77jm87f7w4l763"))))
+ (build-system trivial-build-system)
+ ("coreutils" ,coreutils)
+ ("util-linux" ,util-linux) ; for getopt
+ `(#:modules ((guix build utils))
+ (use-modules (guix build utils))
+ (let ((src (assoc-ref %build-inputs "source"))
+ (bash (assoc-ref %build-inputs "bash"))
+ (coreutils (assoc-ref %build-inputs "coreutils"))
+ (python (assoc-ref %build-inputs "python"))
+ (openssl (assoc-ref %build-inputs "openssl"))
+ (rsync (assoc-ref %build-inputs "rsync"))
+ (libxml2 (assoc-ref %build-inputs "libxml2"))
+ (libxslt (assoc-ref %build-inputs "libxslt"))
+ (util-linux (assoc-ref %build-inputs "util-linux"))
+ (xxd (assoc-ref %build-inputs "xxd"))
+ (zip (assoc-ref %build-inputs "zip"))
+ (tar (assoc-ref %build-inputs "tar"))
+ (gzip (assoc-ref %build-inputs "gzip")))
+ (setenv "SHELL" (string-append bash "/bin/bash"))
+ (set-path-environment-variable
+ (list bash python tar openssl rsync libxml2 libxslt
+ util-linux xxd gzip zip coreutils))
+ (set-path-environment-variable
+ "LIBRARY_PATH" '("lib")
+ (list bash python tar openssl rsync libxml2 libxslt
+ util-linux xxd gzip zip coreutils))
+ (format #t "Untaring source tarball ...~%")
+ (invoke "tar" "-xf" src "--strip-components=1")
+ ;; Python3.6 is hardcoded on these scripts. Using v3.8 appears to
+ (substitute* '("install-dev-dependencies.sh"
+ "test/rules/src/https_everywhere_checker/check_rules.py"
+ "test/validations/filename/run.py"
+ "test/validations/relaxng/run.py"
+ "test/validations/securecookie/run.py"
+ "test/validations/special/run.py"
+ "utils/chromium-translations.py"
+ "utils/create-platform-certs/split_combined_cert_file.py"
+ "utils/mk-client-whitelist/dbconnect.py"
+ "utils/mk-client-whitelist/run.py"
+ "utils/merge-rulesets.py"
+ "utils/zipfile_deterministic.py")
+ (("python3.6") "python3"))
+ (for-each patch-shebang
+ ;; Filter out symlinks.
+ (eq? 'regular (stat:type stat)))
+ ;; Failing to generate the xpi, but copy-dir appears to be enough.
+ ;; Failing on missing 'wasm'? Not generating rulesets.
+ (copy-recursively "pkg/xpi-eff" %output
+ #:log (%make-void-port "w"))
+ (home-page "https://www.eff.org/https-everywhere")
+ (synopsis "Browser extension for automatic HTTPS usage")
+ (description "Browser extension that automatically makes the browser to use
+HTTPS instead of plain HTTP when the remote destination makes it available to users.")
+ (license license:gpl2+)))
+ (uri (string-append "https://secure.informaction.com/download/releases/noscript-"
+ "0y45925ms2bk9d42zbgwcdb2sif8kqlbaflkz15q08gi7vgki6km"))))
+ (build-system trivial-build-system)
+ `(#:modules ((guix build utils))
+ (format #t "Copying source ...~%")
+ (copy-file (assoc-ref %build-inputs "source")
+ (home-page "https://noscript.net")
+ (synopsis "Browser extension for protection against known attacks")
+ (description "Browser extension that protects users from a range of
+known attacks on web browsing activity such as Cross-site scripting, clickjack and
+makes possible for the users to block or choose on a per site basis which remote
+javascript to run while browsing the web.")
+ (license license:gpl2+)))
+;; (Un)fortunatly Tor Browser has it's own reproducible build system - RBM - which
+;; automates the build process for them and compiles Tor Browser from a range of
+;; repositories and produces a range of tarballs for different architectures and
+;; locales. So we need to cherry-pick what is needed for guix and produce our own
+;; tarball. See https://gitweb.torproject.org/builders/tor-browser-build.git/projects/\
+;; {tor-browser,firefox}/{build,config} for the rationale applied here. See also
+;; the Hacking on Tor Browser document for a high level introduction at
+;; https://trac.torproject.org/projects/tor/wiki/doc/Tor Browser/Hacking).
+;; TODO: Import langpacks.
+(define-public torbrowser-unbundle
+ (let ((commit (string-append "tor-browser-" %torbrowser-version
+ "-" %torbrowser-build)))
+ (name "torbrowser-unbundle")
+ (version %torbrowser-build-version)
+ (url "https://git.torproject.org/tor-browser.git")
+ (file-name (git-file-name name version))
+ "12qq0mpqf0q2v3grz4kydngvddc4k0k12hqg8fg6h2fwyqivamrr"))))
+ (build-system gnu-build-system)
+ `(("alsa-lib" ,alsa-lib)
+ ("dbus-glib" ,dbus-glib)
+ ("gdk-pixbuf" ,gdk-pixbuf)
+ ("graphite2" ,graphite2)
+ ("libcanberra" ,libcanberra)
+ ("libjpeg-turbo" ,libjpeg-turbo)
+ ;; ("libtheora" ,libtheora) ; wants theora-1.2, not yet released
+ ("libvorbis" ,libvorbis)
+ ("libxinerama" ,libxinerama)
+ ("libxscrnsaver" ,libxscrnsaver)
+ ("libxcomposite" ,libxcomposite)
+ ;; See <https://bugs.gnu.org/32833>
+ ;; and related comments in the 'remove-bundled-libraries' phase.
+ ;; UNBUNDLE-ME! ("nspr" ,nspr)
+ ;; UNBUNDLE-ME! ("nss" ,nss)
+ ("pulseaudio" ,pulseaudio)
+ ("shared-mime-info" ,shared-mime-info)
+ ("startup-notification" ,startup-notification)
+ `(("autoconf" ,autoconf-2.13)
+ ("cargo" ,rust "cargo")
+ ("https-everywhere" ,https-everywhere)
+ ("patch" ,(canonical-package patch))
+ ("torbrowser-start-tor-browser.patch"
+ ,(search-patch "torbrowser-start-tor-browser.patch"))
+ ("torbrowser-start-tor-browser.desktop.patch"
+ ,(search-patch "torbrowser-start-tor-browser.desktop.patch"))
+ ("pkg-config" ,pkg-config)
+ ("python2" ,python-2.7)
+ ("python2-pysqlite" ,python2-pysqlite)
+ ("nasm" ,nasm) ; XXX FIXME: only needed on x86_64 and i686
+ ("rust-cbindgen" ,rust-cbindgen)
+ ("tor-browser-build" ,tor-browser-build)
+ ("torbrowser-fonts" ,torbrowser-fonts)
+ ("tor-launcher" ,tor-launcher)
+ ("torbutton" ,torbutton)
+ `(#:tests? #f ; Some tests are autodone by mach on build fase.
+ ;; XXX: There are RUNPATH issues such as
+ ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so,
+ ;; which is not in its RUNPATH, but they appear to be harmless in
+ ;; practice somehow. See <http://hydra.gnu.org/build/378133>.
+ #:imported-modules ,%cargo-utils-modules ;for `generate-all-checksums'
+ ,@%gnu-build-system-modules)
+ (modify-phases %standard-phases
+ (add-after 'unpack 'make-bundle
+ (lambda* (#:key inputs native-inputs #:allow-other-keys)
+ (let ((torbutton (assoc-ref inputs "torbutton"))
+ (torbutton-dir "toolkit/torproject/torbutton")
+ (tor-launcher (assoc-ref inputs "tor-launcher"))
+ (tor-launcher-dir "browser/extensions/tor-launcher")
+ (tbb (assoc-ref inputs "tor-browser-build"))
+ (tbb-scripts-dir "tbb-scripts"))
+ (format #t "Copying torbutton source to default path ...~%")
+ (make-file-writable torbutton-dir)
+ (copy-recursively torbutton torbutton-dir
+ #:log (%make-void-port "w"))
+ (format #t "Copying tor-launcher ...~%")
+ (copy-recursively tor-launcher tor-launcher-dir
+ #:log (%make-void-port "w"))
+ (format #t "Copying tor-browser-build ...~%")
+ (mkdir tbb-scripts-dir)
+ (copy-recursively tbb tbb-scripts-dir
+ #:log (%make-void-port "w"))
+ (make-file-writable (string-append
+ "/RelativeLink/start-tor-browser"))
+ (make-file-writable (string-append
+ "/RelativeLink/start-tor-browser.desktop")))
+ (add-after 'make-bundle 'apply-guix-specific-patches
+ (lambda* (#:key inputs native-inputs #:allow-other-keys)
+ (let ((patch (string-append (assoc-ref (or native-inputs inputs)
+ (for-each (match-lambda
+ (when (and (string-prefix? "torbrowser-" label)
+ (string-suffix? ".patch" label))
+ (format #t "applying '~a'...~%" file)
+ (invoke patch "--force" "--no-backup-if-mismatch"
+ "-p1" "--input" file))))
+ (or native-inputs inputs)))
+ ;; On mach build system this is done on configure.
+ (add-after 'patch-source-shebangs 'patch-cargo-checksums
+ (use-modules (guix build cargo-utils))
+ (let ((null-hash "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"))
+ (substitute* '("Cargo.lock" "gfx/wr/Cargo.lock")
+ (("(\"checksum .* = )\".*\"" all name)
+ (string-append name "\"" null-hash "\"")))
+ (generate-all-checksums "third_party/rust"))
+ (add-after 'build 'neutralize-store-references
+ ;; Mangle the store references to compilers & other build tools in
+ ;; about:buildconfig, reducing Tor Browser's closure significant.
+ ;; The resulting files are saved in lib/firefox/omni.ja
+ (substitute* "objdir/dist/bin/chrome/toolkit/content/global/buildconfig.html"
+ (((format #f "(~a/)([0-9a-df-np-sv-z]{32})"
+ (regexp-quote (%store-directory))) _ store hash)
+ "<!-- Guix: not a runtime dependency -->"
+ (string-drop hash 8))))
+ (lambda* (#:key inputs outputs configure-flags #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (flags `(,(string-append "--prefix=" out)
+ (setenv "AUTOCONF" (string-append
+ (assoc-ref %build-inputs "autoconf")
+ (setenv "CONFIG_SHELL" bash)
+ (setenv "PYTHON" (string-append
+ (assoc-ref inputs "python2")
+ (setenv "MOZ_BUILD_DATE" ,%torbrowser-build-id) ; avoid timestamp.
+ (setenv "LDFLAGS" (string-append
+ (assoc-ref outputs "out")
+ (substitute* ".mozconfig"
+ ;; Arch independent builddir.
+ (("(mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj).*" _ m)
+ (string-append m "dir\n"))
+ (("ac_add_options --disable-tor-launcher") "")
+ ;; We won't be building incrementals.
+ (("ac_add_options --enable-signmar") "")
+ (("ac_add_options --enable-verify-mar") "")
+ (("ac_add_options --with-tor-browser-version=dev-build")
+ (string-append "ac_add_options --with-tor-browser-version=org.gnu\n"
+ "ac_add_options --with-unsigned-addon-scopes=app\n"
+ "ac_add_options --enable-pulseaudio\n"
+ "ac_add_options --disable-debug-symbols\n"
+ "ac_add_options --disable-updater\n"
+ "ac_add_options --disable-gconf\n"
+ ;; Other syslibs that can be unbundled? (nss, nspr)
+ "ac_add_options --enable-system-pixman\n"
+ "ac_add_options --enable-system-ffi\n"
+ "ac_add_options --with-system-bz2\n"
+ "ac_add_options --with-system-icu\n"
+ "ac_add_options --with-system-jpeg\n"
+ "ac_add_options --with-system-libevent\n"
+ "ac_add_options --with-system-zlib\n"
+ ;; Without these clang is not found.
+ "ac_add_options --with-clang-path="
+ (assoc-ref %build-inputs "clang") "/bin/clang\n"
+ "ac_add_options --with-libclang-path="
+ (assoc-ref %build-inputs "clang") "/lib\n")))
+ (substitute* "browser/app/profile/000-tor-browser.js"
+ ;; Tor Browser updates are disabled on mozconfig, but let's make sure.
+ (("(pref\\(\"extensions.torbutton.versioncheck_enabled\").*" _ m)
+ (string-append m ",false);\n")))
+ "browser/extensions/tor-launcher/src/defaults/preferences/torlauncher-prefs.js"
+ ;; Not multilingual. See tor-browser/build:141. Currently disabled on
+ ;; tor-launcher, but let's make sure while missing langpacks.
+ (("(pref\\(\"extensions.torlauncher.prompt_for_locale\").*" _ m)
+ (string-append m ", false);\n")))
+ ;; For user data outside the guix store.
+ (substitute* "xpcom/io/TorFileUtils.cpp"
+ (("ANDROID") "GNUGUIX"))
+ (substitute* "old-configure.in"
+ (("(AC_SUBST\\(TOR_BROWSER_DISABLE_TOR_LAUNCHER\\))" _ m)
+ (string-append m "\n AC_DEFINE(GNUGUIX)\n")))
+ (format #t "Invoking mach configure ...~%")
+ (invoke "./mach" "configure"))
+ (lambda _ (invoke "./mach" "build")
+ ;; Tor Browser just do a stage-package here and copy files to its places.
+ (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (applications (string-append out "/share/applications"))
+ (build "objdir/dist/firefox")
+ (bin (string-append out "/bin"))
+ (lib (string-append out "/lib/firefox"))
+ "tbb-scripts/RelativeLink/start-tor-browser")
+ "tbb-scripts/RelativeLink/start-tor-browser.desktop"))
+ (invoke "./mach" "build" "stage-package")
+ ;; Tor Browser doesn't use those.
+ ;; See: tor-browser-build.git/projects/firefox/build:167
+ (format #t "Deleting spurious files ...~%")
+ (with-directory-excursion build
+ (for-each (lambda (file)
+ (if (file-exists? file)
+ (display (string-append
+ " not found! Skipping...\n"))))
+ '("firefox-bin" "libfreeblpriv3.chk" "libnssdbm3.chk"
+ "libsoftokn3.chk" "fonts/TwemojiMozilla.ttf")))
+ (rmdir (string-append build "/fonts"))
+ (format #t "Creating install dirs ...~%")
+ (format #t "Copying files to install dirs ...~%")
+ (copy-recursively build (string-append lib "/")
+ #:log (%make-void-port "w"))
+ (copy-file start-script
+ (string-append lib "/start-tor-browser"))
+ (copy-file desktop-file
+ (string-append lib "/start-tor-browser.desktop"))
+ (chmod (string-append lib "/start-tor-browser") #o555)
+ (chmod (string-append lib "/start-tor-browser.desktop") #o555)
+ (format #t "Linking start-tor-browser script ...~%")
+ (symlink (string-append lib "/start-tor-browser")
+ (string-append bin "/start-tor-browser"))
+ (format #t "Installing desktop file ...~%")
+ (install-file desktop-file applications))
+ (add-after 'install 'install-icons
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (icons-src (string-append
+ out "/lib/firefox/browser/chrome/icons/default")))
+ (with-directory-excursion
+ (let* ((size (string-filter char-numeric? file))
+ (icons (string-append out "/share/icons/hicolor/"
+ size "x" size "/apps")))
+ (copy-file file (string-append icons "/torbrowser.png"))))
+ '("default16.png" "default32.png" "default48.png" "default64.png"
+ (add-after 'install-icons 'install-fonts
+ (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (lib (string-append out "/lib/firefox/"))
+ (fonts (string-append (or (assoc-ref native-inputs
+ (copy-recursively fonts lib
+ #:log (%make-void-port "w"))
+ (symlink (string-append lib "/fonts")
+ (string-append out "/share/fonts")))
+ (add-after 'install-fonts 'install-extensions
+ (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (ext (string-append out "/lib/firefox/browser/extensions"))
+ (noscript-id "{73a6fe31-595d-460b-a920-fcc0f8843232}")
+ (httpse-id "https-everywhere-eff@eff.org")
+ (noscript (assoc-ref inputs "noscript"))
+ (httpse (assoc-ref inputs "https-everywhere")))
+ (copy-file noscript (string-append
+ ext "/" noscript-id ".xpi"))
+ (copy-recursively httpse
+ (string-append ext "/" httpse-id)
+ #:log (%make-void-port "w"))
+ (chmod (string-append ext "/" noscript-id ".xpi") #o555))
+ (add-after 'install-extensions 'link-binaries
+ (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (tordir (string-append out "/lib/firefox/TorBrowser/Tor"))
+ (ptdir (string-append tordir "/PluggableTransports"))
+ (obfs4 (string-append (assoc-ref inputs "obfs4")
+ (tor (string-append (assoc-ref inputs "tor")
+ (symlink tor (string-append tordir "/tor"))
+ (symlink obfs4 (string-append ptdir "/obfs4proxy")))
+ (add-after 'link-binaries 'copy-bundle-data
+ (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (lib (string-append out "/lib/firefox"))
+ (ptconf (string-append tbb "/Bundle-Data/PTConfigs"))
+ (docs (string-append lib "/TorBrowser/Docs"))
+ (data (string-append lib "/TorBrowser/Data")))
+ (with-directory-excursion
+ (string-append tbb "/Bundle-Data/linux/Data")
+ (for-each (lambda (file)
+ (string-append data "/" file)
+ #:log (%make-void-port "w")))
+ '("Browser" "fontconfig" "Tor")))
+ (copy-file (string-append ptconf "/linux/torrc-defaults-appendix")
+ (string-append data "/Tor/torrc-defaults-appendix"))
+ (copy-file (string-append ptconf "/bridge_prefs.js")
+ data "/Browser/bridge-prefs-js-appendix"))
+ (copy-recursively (string-append tbb "/Bundle-Data/Docs")
+ (string-append docs "/")
+ #:log (%make-void-port "w")))
+ ;; This fixes the file chooser crash that happens with GTK 3
+ (add-after 'copy-bundle-data 'wrap-program
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (lib (string-append out "/lib/firefox"))
+ (gtk (assoc-ref inputs "gtk+"))
+ (gtk-share (string-append gtk "/share"))
+ (mesa (assoc-ref inputs "mesa"))
+ (mesa-lib (string-append mesa "/lib"))
+ (pulseaudio (assoc-ref inputs "pulseaudio"))
+ (pulseaudio-lib (string-append pulseaudio "/lib"))
+ (libxscrnsaver (assoc-ref inputs "libxscrnsaver"))
+ (libxscrnsaver-lib (string-append libxscrnsaver "/lib")))
+ (wrap-program (car (find-files lib "^firefox$"))
+ `("XDG_DATA_DIRS" prefix (,gtk-share))
+ `("LD_LIBRARY_PATH" prefix (,pulseaudio-lib ,mesa-lib ,libxscrnsaver-lib))))
+ (home-page "https://www.torproject.org")
+ (synopsis "Anonymous browser derived from Mozilla Firefox")
+ "Tor Browser is the Tor Project version of Firefox browser. It is the only
+recommended way to anonymously browse the web that is supported by the project.
+It modifies Firefox in order to avoid many know application level attacks on
+the privacy of Tor users.
+WARNING: This is not the official Tor Browser and is currently on testing. Use
+at your own risk and please report back on guix channels if you find any
+ (license license:mpl2.0)))) ;and others, see toolkit/content/license.html