[WIP] gnu: Add torbrowser-unbundle.

OpenSubmitted by André Batista.
Details
7 participants
  • Efraim Flashner
  • Leo Famulari
  • Ludovic Courtès
  • Maxime Devos
  • André Batista
  • Xinglu Chen
  • Raghav Gururajan
Owner
unassigned
Severity
normal
A
A
André Batista wrote on 15 Jul 2020 23:15
(address . guix-patches@gnu.org)
20200715211547.GA17146@andel
Hello Guix!

The patch bellow adds a torbrowser-unbundle variable, but it needs a
bit of working before merging into master. I've inserted many
comments on the code regarding issues which need attention and
questions that remained. I've decided to send this early notice so I
can ask some questions and get criticism before I go too deep on the
wrong direction.

As the name implies it does not bundle tor and to use it, you need
to have a properly configured system instance. You also need to
configure a ControlPort and a HashedControlPassword if you want to
be able to get new identities while browsing and if you don't want
to keep seeing a warning on startup page. It will create/change
permissions on ${HOME}/Data and use the native Downloads dir. It does
not have bundled fonts, so you will be fingerprintable on levels
bellow safest. It does not have support for obfs4 bridges yet.

There is no startup script for now, you are advised to invoke it with
'--class "Tor Browser"'.

Now for the questions:
- Should it keep unbundled? If so, should we try to unbundle the
https-everywhere and noscript extensions?
- Is it acceptable to use to use the noscript .xpi, instead of
building? Upstream just grabs it from addons.mozilla. There does
not appear to be blobs and the GPL full text is inside it.
- Should we try change the app name at build time or is it enough to
adapt the name of the startup script (which is not the for now, but
is certainly needed)?
- Any other things that I've been blind to?

If you don't have time to review the code, but has processing
power available, build it with rounds=2 or try to cross compile
for i686 and comment back.

Thanks,
From 2a9d31c9422de3d7486da6c2ef3e15c3496c7e69 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Wed, 15 Jul 2020 17:24:04 -0300
Subject: [PATCH] gnu: Add torbrowser-unbundle.
To: guix-patches@gnu.org

* gnu/packages/tor.scm (torbrowser-unbundle): New variable.
---
gnu/packages/tor.scm | 634 ++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 633 insertions(+), 1 deletion(-)

Toggle diff (651 lines)
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index c852c54a5b..528a528403 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -49,7 +49,49 @@
   #:use-module (gnu packages qt)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages tls)
-  #:use-module (gnu packages w3m))
+  #:use-module (gnu packages w3m)
+  ;; New flags start here. Verify if they are all needed.
+  #:use-module ((srfi srfi-1) #:hide (zip))
+  #:use-module (ice-9 match)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix gexp)
+  #:use-module (guix store)
+  #:use-module (guix monads)
+  #:use-module (guix build-system cargo)
+  #:use-module (guix build-system trivial)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages audio)
+  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages bash)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages libcanberra)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages libreoffice)  ;for hunspell
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages xorg)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages rust)
+  #:use-module (gnu packages rust-apps)
+  #:use-module (gnu packages llvm)
+  #:use-module (gnu packages nss)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages readline)
+  #:use-module (gnu packages vim) ; for xxd
+  #:use-module (gnu packages sqlite))
 
 (define-public tor
   (package
@@ -324,3 +366,593 @@ statistics and status reports on:
 
 Potential client and exit connections are scrubbed of sensitive information.")
     (license license:gpl3+)))
+
+;; Imported from gnuzilla.scm, make it public there?
+(define* (computed-origin-method gexp-promise hash-algo hash
+                                 #:optional (name "source")
+                                 #:key (system (%current-system))
+                                 (guile (default-guile)))
+  "Return a derivation that executes the G-expression that results
+from forcing GEXP-PROMISE."
+  (mlet %store-monad ((guile (package->derivation guile system)))
+    (gexp->derivation (or name "computed-origin")
+                      (force gexp-promise)
+                      #:graft? #f       ;nothing to graft
+                      #:system system
+                      #:guile-for-build guile)))
+
+(define %torbrowser-version "68.10.0esr-9.5-1")
+(define %torbrowser-build-id "20200709000000") ;must be of the form YYYYMMDDhhmmss
+
+;; (Un)fortunatly TorBrowser has it's own reproducible build system - RBM - which
+;; automates the build process for them and compiles TorBrowser from a range of
+;; repositories and produces a range of tarballs for different architectures and
+;; locales. So we need to nit-pick what is needed for guix and produce our own
+;; tarball. See https://gitweb.torproject.org/builders/tor-browser-build.git/projects/\
+;; {tor-browser,firefox}/{build,config} for the rationale applied here. When built from its
+;; unpatched repo, the 'mozconfig' is different and it errors out on missing
+;; torbutton source code. If we patch 'toolkit/moz.build', it compiles successfuly
+;; but the browser does not run and even if it ran, it would be missing most of
+;; its funcionality. See also the Hacking on TorBrowser document for a high level
+;; introduction (https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking).
+;;
+;; WARNING: For now it still lacks the bundled fonts, obfs4 bridge and locales.
+;; If used on level below safest, the browser accessible fonts are fingerprintable.
+;; On safest, it doesn't seem to be distinguishable from upstream bundle according
+;; to https://panopticlick.eff.org. To access some features, users need to
+;; configure the ControlPort and HashedControlPassword in system torrc and set
+;; TOR_CONTROL_PASSWD accordingly before launching the Browser (ControlPort defaults to
+;; 9051). Without this, the browser will work (try https://check.torproject.org) but
+;; user is presented with a startup page that tells something is wrong.
+(define torbrowser-source
+  (let* ((torbrowser-commit "75c2bb720d4ceb76231e8ecc3455754bf05ba19b")
+         (torbrowser-version %torbrowser-version)
+         (upstream-torbrowser-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference
+                  (url "https://git.torproject.org/tor-browser.git")
+                  (commit torbrowser-commit)))
+            (file-name (git-file-name "tor-browser" torbrowser-version))
+            ;; Substitute for hash syntax.
+            (sha256
+             (base32
+              "19sk46k2bqa72il46pdl534nk2g3fi6l7m7kbglddccxv19ck0k4"))))
+
+         ;; Not used yet, mainly useful for references and for a patched start-tor-browser
+         ;; script in the near future.
+         (torbrowser-build-commit "e94ba3a7677f7051a14b2304427ec8393a450fdc")
+         (torbrowser-build-version "9.5")
+         (upstream-torbrowser-build-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference
+                  (url "https://git.torproject.org/builders/tor-browser-build.git")
+                  (commit torbrowser-build-commit)))
+            (file-name (git-file-name "tor-browser-build" torbrowser-build-version))
+            ;; Substitute for hash syntax.
+            (sha256
+             (base32
+              "1jgkrsckcjgr1lgcwahzdrcasmpghs2ppz6w80fya89pa5d6r0gv"))))
+
+         (torbutton-commit "ebe2bedab44e38f18c7968bd327d99eef7660f34")
+         (torbutton-version "9.5")
+         (upstream-torbutton-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference
+                  (url "https://git.torproject.org/torbutton.git")
+                  (commit torbutton-commit)))
+            (file-name (git-file-name "torbutton" torbutton-version))
+            ;; Substitute for hash syntax.
+            (sha256
+             (base32
+              "03xdyszab1a8j98xv6440v4lq58jkfqgmhxc2a62qz8q085d2x83"))))
+
+         (tor-launcher-commit "b4838d339a84c5ebebd91a0ba6b22d44ecda97b1")
+         (tor-launcher-version "0.2.21")
+         (upstream-tor-launcher-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference
+                  (url "https://git.torproject.org/tor-launcher.git")
+                  (commit tor-launcher-commit)))
+            (file-name (git-file-name "tor-launcher" tor-launcher-version))
+            ;; Substitute for hash syntax.
+            (sha256
+             (base32
+              "0xxwyw1j6dkm2a24kg1564k701p5ikfzs1f9n0gflvlzz9427haf"))))
+
+         ;; TorBrowser uses its own git repo but it appears to be unpatched from upstream
+         ;; and it does no provide a tarball, so let's try upstream for now.
+         (https-everywhere-version "2020.5.20")
+         (upstream-https-everywhere-source
+          (origin
+            (method url-fetch)
+            (uri (string-append "https://github.com/EFForg/https-everywhere/archive/"
+                                https-everywhere-version ".tar.gz"))
+            ;; Substitute for hash syntax.
+            (sha256
+             (base32
+              "027lga3z0a4d7s95id861das7g0k29p7pqh9xd77jm87f7w4l763"))))
+
+         ;; TorBrowser 9.5.1 actualy uses v11.0.32, but let's get latest release.
+         ;; TorProject uses the .xpi instead of compiling the source code.
+         (noscript-xpi-version "11.0.34")
+         (upstream-noscript-xpi
+          (origin
+            (method url-fetch)
+            (uri (string-append "https://secure.informaction.com/download/releases/noscript-"
+                                noscript-xpi-version ".xpi"))
+            (sha256
+             (base32
+              "0y45925ms2bk9d42zbgwcdb2sif8kqlbaflkz15q08gi7vgki6km"))))
+
+         ;; Not used for now. It uses curl to update TLDs at build time which will make
+         ;; the build unreproducible. Also it uses LWM::Simple module which is not available
+         ;; on guix. Moreover, it complains about perl not having regexp capabilities. Patch
+         ;; build script, translate it to guile or just use the .xpi as upstream does?
+         (noscript-version "11.0.34")
+         (upstream-noscript-source
+          (origin
+            (method url-fetch)
+            (uri (string-append "https://github.com/hackademix/noscript/archive/"
+                                noscript-version ".tar.gz"))
+            ;; Substitute for hash syntax.
+            (sha256
+             (base32
+              "1amhdwc62cnp1i7vx4zyqd7iyj52rcr5ks9a39viczpqgfgk7hfy")))))
+
+    ;; Now we bundle the grabbed sources.
+    (origin
+      (method computed-origin-method)
+      (file-name (string-append "torbrowser-" %torbrowser-version ".tar.xz"))
+      (sha256 #f)
+      (uri
+       (delay
+         (with-imported-modules '((guix build utils))
+          #~(begin
+              (use-modules (guix build utils))
+              (let ((torbrowser-dir (string-append "torbrowser-" #$torbrowser-version))
+                    (torbutton-dir "toolkit/torproject/torbutton")
+                    (tor-launcher-dir "browser/extensions/tor-launcher")
+                           (tbb-scripts-dir "tbb-scripts")
+                    (https-everywhere "https-everywhere.tar.gz")
+                    (noscript "noscript.tar.gz")
+                    (noscript-xpi "noscript.xpi"))
+
+                (set-path-environment-variable
+                 "PATH" '("bin")
+                 (list #+(canonical-package bash)
+                       #+(canonical-package xz)
+                       #+(canonical-package tar)))
+
+                (format #t "Copying torbrowser source to writable path ...~%")
+                (force-output)
+                (copy-recursively #+upstream-torbrowser-source
+                                  torbrowser-dir
+                                  #:log (%make-void-port "w"))
+
+                (with-directory-excursion torbrowser-dir
+                  (format #t "Setting torbutton to writable...~%")
+                  (force-output)
+                  (make-file-writable torbutton-dir)
+
+                  (format #t "Copying torbutton source to torbrowser...~%")
+                  (force-output)
+                  (copy-recursively #+upstream-torbutton-source
+                                    torbutton-dir
+                                    #:log (%make-void-port "w"))
+
+                  (format #t "Copying tor-launcher source to torbrowser...~%")
+                  (force-output)
+                  (copy-recursively #+upstream-tor-launcher-source
+                                    tor-launcher-dir
+                                    #:log (%make-void-port "w"))
+
+                  (format #t "Copying tor-browser-build source to torbrowser...~%")
+                  (force-output)
+                  (mkdir tbb-scripts-dir)
+                  (copy-recursively #+upstream-torbrowser-build-source
+                                    tbb-scripts-dir
+                                    #:log (%make-void-port "w"))
+
+                  (format #t "Copying https-everywhere source to torbrowser...~%")
+                  (force-output)
+                  (copy-file #+upstream-https-everywhere-source
+                             https-everywhere)
+
+                  (format #t "Copying noscript source to torbrowser...~%")
+                  (force-output)
+                  (copy-file #+upstream-noscript-source
+                             noscript)
+
+                  (format #t "Copying noscript xpi to torbrowser...~%")
+                  (force-output)
+                  (copy-file #+upstream-noscript-xpi
+                             "noscript.xpi"))
+
+                (invoke "tar" "cvfa" #$output
+                        ;; Avoid non-determinism in the archive. For now just copy icecat timestamp.
+                        "--mtime=@315619200" ; 1980-01-02 UTC
+                        "--owner=root:0"
+                        "--group=root:0"
+                        "--sort=name"
+                        torbrowser-dir)
+                #t))))))))
+
+(define-public torbrowser-unbundle
+  (package
+    (name "torbrowser-unbundle")
+    (version %torbrowser-version)
+    (source torbrowser-source)
+    (build-system gnu-build-system)
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("bzip2" ,bzip2)
+       ("cups" ,cups)
+       ("dbus-glib" ,dbus-glib)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+" ,gtk+)
+       ("gtk+-2" ,gtk+-2)
+       ("graphite2" ,graphite2)
+       ("pango" ,pango)
+       ("freetype" ,freetype)
+       ("harfbuzz" ,harfbuzz)
+       ("libcanberra" ,libcanberra)
+       ("libgnome" ,libgnome)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("libogg" ,libogg)
+       ;; ("libtheora" ,libtheora) ; wants theora-1.2, not yet released
+       ("libvorbis" ,libvorbis)
+       ("libxft" ,libxft)
+       ("libevent" ,libevent)
+       ("libxinerama" ,libxinerama)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libxcomposite" ,libxcomposite)
+       ("libxt" ,libxt)
+       ("libffi" ,libffi)
+       ("ffmpeg" ,ffmpeg)
+       ("libvpx" ,libvpx)
+       ("icu4c" ,icu4c)
+       ("pixman" ,pixman)
+       ("pulseaudio" ,pulseaudio)
+       ("mesa" ,mesa)
+       ("mit-krb5" ,mit-krb5)
+       ;; See <https://bugs.gnu.org/32833>
+       ;;   and related comments in the 'remove-bundled-libraries' phase.
+       ;; UNBUNDLE-ME! ("nspr" ,nspr)
+       ;; UNBUNDLE-ME! ("nss" ,nss)
+       ("shared-mime-info" ,shared-mime-info)
+       ("sqlite" ,sqlite)
+       ("startup-notification" ,startup-notification)
+       ("unzip" ,unzip)
+       ("zip" ,zip)
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("patch" ,(canonical-package patch))
+       ("rust" ,rust)
+       ("cargo" ,rust "cargo")
+       ("rust-cbindgen" ,rust-cbindgen)
+       ("llvm" ,llvm)
+       ("clang" ,clang)
+       ("perl" ,perl)
+       ("node" ,node)
+       ("openssl" ,openssl) ; Required for building https-everywhere
+       ("tar" ,tar) ; for untaring extensions
+       ("util-linux" ,util-linux) ; for getopt on https-everywhere build
+       ("xxd" ,xxd) ; for https-everywhere build
+       ("python" ,python)
+       ("python2" ,python-2.7)
+       ("python2-pysqlite" ,python2-pysqlite)
+       ("yasm" ,yasm)
+       ("nasm" ,nasm)  ; XXX FIXME: only needed on x86_64 and i686
+       ("pkg-config" ,pkg-config)
+       ("autoconf" ,autoconf-2.13)
+       ("which" ,which)))
+    (arguments
+     `(#:tests? #f          ; Some tests are autodone by mach on build fase.
+
+       ;; XXX: There are RUNPATH issues such as
+       ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so,
+       ;; which is not in its RUNPATH, but they appear to be harmless in
+       ;; practice somehow.  See <http://hydra.gnu.org/build/378133>.
+       ;;
+       ;; Is this needed?
+       #:validate-runpath? #f
+
+       #:imported-modules ,%cargo-utils-modules ;for `generate-all-checksums'
+
+       ;; Verify which modules are actually needed.
+       #:modules ((ice-9 ftw)
+                  (ice-9 rdelim)
+                  (ice-9 regex)
+                  (ice-9 match)
+                  (srfi srfi-34)
+                  (srfi srfi-35)
+                  (rnrs bytevectors)
+                  (rnrs io ports)
+                  (guix elf)
+                  (guix build gremlin)
+                  (guix build utils)
+                  (sxml simple)
+                  ,@%gnu-build-system-modules)
+
+       #:phases
+       (modify-phases %standard-phases
+          (add-after 'unpack 'unpack-extensions
+            (lambda* (#:key inputs native-inputs #:allow-other-keys)
+              (let ((https-everywhere-archive "https-everywhere.tar.gz")
+                    (https-everywhere-srcdir "https-everywhere-src")
+                    (noscript-archive "noscript.tar.gz")
+                    (noscript-srcdir "noscript-src")
+                    (bash (which "bash")))
+
+                (setenv "SHELL" bash)
+
+                (mkdir https-everywhere-srcdir)
+                (mkdir noscript-srcdir)
+                (invoke "tar" "xf" https-everywhere-archive "--strip-components=1"
+                        "-C" https-everywhere-srcdir)
+                (invoke "tar" "xf" noscript-archive "--strip-components=1"
+                        "-C" noscript-srcdir))))
+
+         ;; Not used yet. For start-tor-browser patch and possibly others.
+         (add-after 'unpack-extensions 'apply-guix-specific-patches
+           (lambda* (#:key inputs native-inputs #:allow-other-keys)
+             (let ((patch (string-append (assoc-ref (or native-inputs inputs)
+                                                    "patch")
+                                         "/bin/patch")))
+               (for-each (match-lambda
+                           ((label . file)
+                            (when (and (string-prefix? "torbrowser-" label)
+                                       (string-suffix? ".patch" label))
+                              (format #t "applying '~a'...~%" file)
+                              (invoke patch "--force" "--no-backup-if-mismatch"
+                                      "-p1" "--input" file))))
+                         (or native-inputs inputs)))
+             #t))
+
+         ;; On mach build system this is done on configure.
+         (delete 'bootstrap)
+
+         (add-after 'patch-source-shebangs 'patch-cargo-checksums
+           (lambda _
+             (use-modules (guix build cargo-utils))
+             (let ((null-hash "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"))
+               (substitute* '("Cargo.lock" "gfx/wr/Cargo.lock")
+                 (("(\"checksum .* = )\".*\"" all name)
+                  (string-append name "\"" null-hash "\"")))
+               (generate-all-checksums "third_party/rust"))
+             #t))
+
+         (add-after 'build 'neutralize-store-references
+           (lambda _
+             ;; Mangle the store references to compilers & other build tools in
+             ;; about:buildconfig, reducing TorBrowser's closure significant.
+             ;; The resulting files are saved in lib/firefox/omni.ja
+             (substitute* "objdir/dist/bin/chrome/toolkit/content/global/buildconfig.html"
+                          (((format #f "(~a/)([0-9a-df-np-sv-z]{32})"
+                                    (regexp-quote (%store-directory))) _ store hash)
+                           (string-append store
+                                          (string-take hash 8)
+                                          "<!-- Guix: not a runtime dependency -->"
+                                          (string-drop hash 8))))
+             #t))
+
+         (replace 'configure
+           (lambda* (#:key inputs outputs configure-flags #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bash (which "bash"))
+                    ;; Is this needed?
+                    (flags `(,(string-append "--prefix=" out)
+                             ,@configure-flags)))
+
+               (setenv "SHELL" bash)
+               (setenv "AUTOCONF" (string-append
+                                   (assoc-ref %build-inputs "autoconf")
+                                   "/bin/autoconf"))
+               (setenv "CONFIG_SHELL" bash)
+               (setenv "PYTHON" (string-append
+                                 (assoc-ref inputs "python2")
+                                 "/bin/python"))
+               (setenv "MOZ_BUILD_DATE" ,%torbrowser-build-id) ; avoid timestamp.
+               (setenv "LDFLAGS" (string-append
+                                  "-Wl,-rpath="
+                                  (assoc-ref outputs "out")
+                                  "/lib/firefox"))
+
+               ;; Maybe remove --disable-strip since tor-builder strips on another step
+               ;; See tor-browser-build.git/projects/firefox/build:231.
+               ;; Add flag for changing app name to torbrowser or use this name for the start script?
+               (substitute* ".mozconfig"
+                            ;; Arch independent builddir.
+                            (("(mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj).*" _ m)
+                             (string-append m "dir\n"))
+                            (("ac_add_options --disable-tor-launcher") "")
+                            ;; We won't be building incrementals.
+                            (("ac_add_options --enable-signmar") "")
+                            (("ac_add_options --enable-verify-mar") "")
+                            (("ac_add_options --with-tor-browser-version=dev-build")
+                             (string-append "ac_add_options --with-tor-browser-version=org.gnu\n"
+                                            "ac_add_options --with-unsigned-addon-scopes=app\n"
+                                            "ac_add_options --enable-pulseaudio\n"
+                                            "ac_add_options --disable-debug-symbols\n"
+                                            "ac_add_options --disable-updater\n"
+                                            "ac_add_options --disable-gconf\n"
+                                            ;; Other syslibs that can be unbundled? (nss, nspr)
+                                            "ac_add_options --enable-system-pixman\n"
+                                            "ac_add_options --enable-system-ffi\n"
+                                            "ac_add_options --with-system-bz2\n"
+                                            "ac_add_options --with-system-icu\n"
+                                            "ac_add_options --with-system-jpeg\n"
+                                            "ac_add_options --with-system-libevent\n"
+                                            "ac_add_options --with-system-zlib\n"
+                                            ;; Without these clang is not found.
+                                            "ac_add_options --with-clang-path="
+                                            (assoc-ref %build-inputs "clang") "/bin/clang\n"
+                                            "ac_add_options --with-libclang-path="
+                                            (assoc-ref %build-inputs "clang") "/lib\n")))
+
+               ;; See tor-browser-build.git/projects/tor-browser/RelativeLink/start-tor-browser:307 on running
+               ;; with system tor instance.
+               (substitute* "browser/app/profile/000-tor-browser.js"
+                            (("(pref\\(\"network.proxy.socks_port\").*" _ m)
+                             (string-append m ", 9050);\n"))
+                            (("(pref\\(\"extensions.torbutton.loglevel\").*" _ m)
+                             (string-append m ",2);\n"))
+                            (("(pref\\(\"extensions.torbutton.logmethod\").*" _ m)
+                             (string-append m ",0);\n"))
+                            (("(pref\\(\"extensions.torbutton.inserted_button\").*" _ m)
+                             (string-append m ",true);\n"))
+                            (("(pref\\(\"extensions.torbutton.launch_warning\").*" _ m)
+                             (string-append m ",false);\n"))
+                            ;; TorBrowser updates are disabled on mozconfig, but let's make sure.
+                            (("(pref\\(\"extensions.torbutton.versioncheck_enabled\").*" _ m)
+                                (string-append m ",false);\n")))
+
+               (substitute* "browser/extensions/tor-launcher/src/defaults/preferences/torlauncher-prefs.js"
+                            (("(pref\\(\"extensions.torlauncher.start_tor\").*" _ m)
+                             (string-append m ", false);\n"))
+                            (("(pref\\(\"extensions.torlauncher.prompt_at_startup\").*" _ m)
+                             (string-append m ", false);\n"))
+                            ;; Investigate this one: "extensions.torlauncher.only_configure_tor"
+                            ;; on 'tl-util.jsm', would it be a nice addition?
+                            (("(pref\\(\"extensions.torlauncher.should_remove_meek_helper_profiles\").*" _ m)
+                             (string-append m ", false);\n"))
+                            (("(pref\\(\"extensions.torlauncher.loglevel\").*" _ m)
+                             (string-append m ", 2);\n"))
+                            (("(pref\\(\"extensions.torlauncher.logmethod\").*" _ m)
+                             (string-append m ", 0);\n"))
+                            (("(pref\\(\"extensions.torlauncher.control_port\").*" _ m)
+                             (string-append m ", 9051);\n")))
+
+               ;; For user data outside the guix store. Dirty hack. Maybe worth a patch upstream to create a
+               ;; configure flag for guix. It will create/modify permissions on 'Data' dir on $HOME. It also
+               ;; means that TorBrowser will share the Downloads dir on home and not keep its own.
+               ;; Work on start-tor-browser script to set a TorBrowser own home.
+               (substitute* "xpcom/io/TorFileUtils.cpp"
+                            (("ANDROID") "GNUGUIX"))
+               (substitute* "old-configure.in"
+                            (("(AC_SUBST\\(TOR_BROWSER_DISABLE_TOR_LAUNCHER\\))" _ m)
+                             (string-append m "\n AC_DEFINE(GNUGUIX)\n")))
+
+               ;; TODO: change prefs to block autoupdate app and extensions.
+
+               (newline)
+               (format #t "Invoking mach configure ...~%")
+               (force-output)
+               (invoke "./mach" "configure"))))
+
+         ;; Building noscript from source is failing for now. So its sources remain unused.
+         (add-after 'configure 'build-extensions
+           (lambda* (#:key inputs native-inputs #:allow-other-keys)
+             (let* ((bash (which "bash")))
+
+               (setenv "SHELL" bash)
+
+               ;; Python3.6 is hardcoded on these scripts. Using v3.8 appears to be harmless.
+               (with-directory-excursion "https-everywhere-src"
+                                         (substitute* '("install-dev-dependencies.sh"
+                                                        "make.sh"
+                                                        "hooks/precommit"
+                                                        "test/firefox.sh"
+                                                        "test/manual.sh"
+                                                        "test/script.py"
+                                                        "test/validations.sh"
+                                                        "utils/create_zip.py"
+                                                        "utils/merge-rulesets.py"
+                                                        "utils/setversion.py"
+                                                        "utils/zipfile_deterministic.py")
+                                                      (("python3.6") "python3"))
+
+                                         ;; Failing to generate the xpi, but copy-dir appears to be enough.
+                                         ;; Failing on missing 'wasm'?
+                                         (invoke "./make.sh")))))
+
+         (replace 'build
+                  (lambda _ (invoke "./mach" "build")))
+
+         ;; TorBrowser just do a stage-package here and copy files to its places.
+         (replace 'install
+           (lambda* (#:key inputs outputs configure-flags #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (builddir "objdir/dist/firefox")
+                    (libdir (string-append out "/lib/firefox"))
+                    (bindir (string-append out "/bin"))
+                    (noscript-id "{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi")
+                    (extdir (string-append libdir "/browser/extensions")))
+
+               ;; (display "string\n") should be enough here, chage this.
+               (format #t "Staging package ...~%")
+               (force-output)
+               (invoke "./mach" "build" "stage-package")
+               (format #t "Deleting spurious files ...~%")
+               (force-output)
+               ;; TorBrowser doesn't use those. See: tor-browser-build.git/projects/firefox/build:167
+               (for-each delete-file `(,(string-append builddir "/firefox-bin")
+                                       ,(string-append builddir "/libfreeblpriv3.chk")
+                                       ,(string-append builddir "/libnssdbm3.chk")
+                                       ,(string-append builddir "/libsoftokn3.chk")))
+
+               (format #t "Creating install dirs ...~%")
+               (force-output)
+               (mkdir-p libdir)
+               (mkdir bindir)
+
+               (format #t "Copying files to install dirs ...~%")
+               (force-output)
+               (copy-recursively builddir (string-append libdir "/")
+                                 #:log (%make-void-port "w"))
+
+               (format #t "Linking binary ...~%")
+               (force-output)
+               (symlink (string-append libdir "/firefox")
+                        (string-append bindir "/firefox"))
+
+               (format #t "Copying extensions to default path ...~%")
+               (force-output)
+               (mkdir-p extdir)
+               (format #t "Copying noscript ...~%")
+               (force-output)
+               (copy-file "noscript.xpi" (string-append extdir "/" noscript-id))
+               (format #t "Copying https-everywhere ...~%")
+               (force-output)
+               (if (file-exists? "https-everywhere-src/pkg/https-everywhere-2020.5.20~pre-eff.xpi")
+                   (copy-file "https-everywhere-src/pkg/https-everywhere-2020.5.20~pre-eff.xpi"
+                              (string-append extdir "/https-everywhere-eff@eff.org.xpi"))
+                   (copy-recursively "https-everywhere-src/pkg/xpi-eff"
+                                     (string-append extdir "/https-everywhere-eff@eff.org")))
+                                     #:log (%make-void-port "w")))))))
+
+         ;; Thunderbird doesn't provide any .desktop file, but TorBrowser does, however it's staged not installed, let's see.
+         ;;
+         ;; Is this needed? Try to play webmedia!
+         ;;(add-after 'install 'wrap-program
+         ;; (lambda* (#:key inputs outputs #:allow-other-keys)
+         ;;    (let* ((out (assoc-ref outputs "out"))
+         ;;           (lib (string-append out "/lib"))
+         ;;           (gtk (assoc-ref inputs "gtk+"))
+         ;;           (gtk-share (string-append gtk "/share"))
+         ;;           (pulseaudio (assoc-ref inputs "pulseaudio"))
+         ;;           (pulseaudio-lib (string-append pulseaudio "/lib")))
+         ;;      (wrap-program (car (find-files lib "^firefox$"))
+         ;;        `("XDG_DATA_DIRS" prefix (,gtk-share))
+         ;;        `("LD_LIBRARY_PATH" prefix (,pulseaudio-lib)))
+         ;;      #t))))))
+    (home-page "https://www.torproject.org")
+    (synopsis "Anonymous browser derived from Mozilla Firefox")
+    (description
+     "TorBrowser is the Tor Project version of the Firefox browser.  It is
+the only recommended way to anonymously browse the web that is supported by
+the project.  It modifies firefox in order to avoid many know application level
+attacks on the privacy of Tor users.
+
+WARNING: This is not the official TorBrowser and is currently on testing.
+If you have issues using it, do not bother Tor Developers, as it is not the
+official bundle provided by the Tor Project.  Use at your own risk and please
+report back on guix channels.  This version does not bundle @code{tor}, you need
+to configure it as a system service and set ControlPort and HashedControlPassword
+to access some features.")
+    (license license:mpl2.0)))     ;and others, see toolkit/content/license.html
-- 
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl8PcgAFgwPCZwAACgkQ
YrJ+WmBEwoKG+Q//WNP/2bs87azCZfyCmRUPB5mgI5jq6QbTaj+MxBpVtb7laL1Y
D/7SadHs79qF63ZwQWzOFbOjDdMVX/h+ZVydoFjIcoK5Idiu3erjyTAFklnMInTE
eWY3buWfaPp0/isxlHfNBk7Xzum7mYSAUD4B/L+uCrSGrtTvy1PLHvdwB6SwSvao
WB9oKhs0WGQo6pgYXjtE9JhU8MB7HoJfYICYE6dFKUC5EoHGxQl1BOmOeZY7Y8oc
0zVdNJ7SeCD7xvvR6wNbiKAfEo3tp4Np+yp2HI6HGnTFhmIcUI9iDoDo4RzNzC8O
7t1noPh9r9s7f1FGdsI01UnBPO5pzEJ1m3RYNmSEhQpQ3ZYCC3b69hxObjNRIatM
lQFRpnZ6iH7ixKS6I4RCAtScyekmpVwr7R4K3j36kIFRct9vrUd/CP5/I4tvHTi9
JmZcyfko/MNMEeg0s+4mVrAftfGWrCCpV6p/uZhknZpSLbin7TFcnww6eMOrliQS
056s/yIq4uOSDVjDNVwJvqUKa63XXLijetpL6dSbOc5BLd7g004v55lQBz/NEfnG
6HK+vyZMQ5iaJpw+KbkpZ20ORrOFL/+3PLX1x8O2CV1UBiwmPFteyhvFBpuAHljf
fVoNDm20tom+CJpWD7sqkwZqyAPTPSjz0FdhRzdXRhO1sMcuUcIBd3QcpYw=
=kzRK
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 25 Jul 2020 16:49
Re: [bug#42380] [PATCH] gnu: Add torbrowser-unbundle.
(address . 42380@debbugs.gnu.org)
20200725144930.GA13751@andel
Hello Guix,

The patch bellow adds TorBrowser, Obfs4 and related libraries. No
more warnings, it should behave as expected. User files are
stored under '~/.local/share/torbrowser'.

Just two notes:
- some of the libraries do not have a named font and just claim
BDS-Style. I've written bsd-2 for those and left a note. I'm
no sure if there is need for a more appropriate description.
- https-everywhere does not show rules on the browser, but the
rules are there on the store path. There is no default address
for autoupdating rules.

And one important question: tor and obfs4 are inputs to torbrowser
which are symlinked in the install phase. Do they need to be
propagated so as to not be garbage collected?

Happy Hacking!
From d9b11fdfa62919fc5ebfd73c55a9dbbbc12596a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Sat, 25 Jul 2020 06:11:36 -0300
Subject: [PATCH] gnu: Add torbrowser-unbundle
To: guix-patches@gnu.org

* gnu/packages/tor.scm (obfs4, torbrowser-unbundle): New variables.
* gnu/packages/golang.scm (go-torproject-org-ptlib,
go-github-com-agl-ed25519, go-github-com-dchest-siphash,
go-github-com-dchest-uniuri, go-github-com-dsnet-compress,
go-schwanenlied-me-yawning-bsaes, go-gitlab-com-yawning-utls): New variables.
* gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch: New file.
* gnu/packages/patches/torbrowser-start-tor-browser.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
---
gnu/local.mk | 3 +
gnu/packages/golang.scm | 188 +++++
...torbrowser-start-tor-browser.desktop.patch | 22 +
.../torbrowser-start-tor-browser.patch | 184 +++++
gnu/packages/tor.scm | 752 +++++++++++++++++-
5 files changed, 1145 insertions(+), 4 deletions(-)
create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.patch

Toggle diff (1229 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index f2a7b6b984..7bff822c43 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -36,6 +36,7 @@
 # Copyright © 2020 Jan Wielkiewicz <tona_kosmicznego_smiecia@interia.pl>
 # Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
 # Copyright © 2020 Tanguy Le Carrour <tanguy@bioneland.org>
+# Copyright © 2020 André Batista <nandre@riseup.net>
 #
 # This file is part of GNU Guix.
 #
@@ -1587,6 +1588,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/tipp10-fix-compiling.patch		\
   %D%/packages/patches/tipp10-remove-license-code.patch		\
   %D%/packages/patches/tk-find-library.patch			\
+  %D%/packages/patches/torbrowser-start-tor-browser.patch       \
+  %D%/packages/patches/torbrowser-start-tor-browser.desktop.patch \
   %D%/packages/patches/ttf2eot-cstddef.patch			\
   %D%/packages/patches/ttfautohint-source-date-epoch.patch	\
   %D%/packages/patches/tomb-fix-errors-on-open.patch		\
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 2c31632db6..772b1e29f2 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -18,6 +18,7 @@
 ;;; Copyright © 2019, 2020 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2020 Jack Hill <jackhill@jackhill.us>
 ;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
+;;; Copyright © 2020 André Batista <nandre@riseup.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -4263,3 +4264,190 @@ used by other processes.")
 Porter2 stemmer}.  It is written completely using finite state machines to do
 suffix comparison, rather than the string-based or tree-based approaches.")
       (license license:asl2.0))))
+
+(define-public go-torproject-org-ptlib
+  (package
+   (name "go-torproject-org-ptlib")
+   (version "1.1.0")
+   (source
+    (origin
+     (method git-fetch)
+     (uri (git-reference
+           (url "https://git.torproject.org/pluggable-transports/goptlib.git")
+           (commit (string-append "v" version))))
+     (file-name (git-file-name name version))
+     (sha256
+      (base32
+       "1lh938194hvkf8pqgnxwf6hvjv9rv0j3kasi07r2ckrj8sxzk4jc"))))
+   (build-system go-build-system)
+   (arguments
+    '(#:import-path "git.torproject.org/pluggable-transports/goptlib.git"))
+   (home-page "https://git.torproject.org/pluggable-transports/goptlib.git")
+   (synopsis "Go library for Tor pluggable transports")
+   (description "Library for writing Tor pluggable transports in Go.")
+   (license license:cc0)))
+
+
+(define-public go-github-com-agl-ed25519
+  (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")
+        (revision "0"))
+    (package
+     (name "go-github-com-agl-ed25519")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/agl/ed25519")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "github.com/agl/ed25519"
+        #:phases
+        (modify-phases %standard-phases
+          (add-before 'reset-gzip-timestamps 'make-files-writable
+            (lambda* (#:key outputs #:allow-other-keys)
+              (let ((out (assoc-ref outputs "out")))
+                   (for-each (lambda (file) (chmod file #o644))
+                     (find-files out "\\.gz"))
+             #t))))))
+     (home-page "https://github.com/agl/ed25519")
+     (synopsis "Go library for ed25519")
+     (description "This library is used in the implementation of obfs4.")
+     (license license:bsd-2))));; Repo does not contain license anymore.
+                               ;; Only refered on file as BSD-Style.
+
+(define-public go-github-com-dchest-siphash
+  (let ((commit "34f201214d993633bb24f418ba11736ab8b55aa7")
+        (revision "0"))
+    (package
+     (name "go-github-com-dchest-siphash")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/dchest/siphash")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "08s076y7vmjqnq7jz0762hkm896r6r31v8b31a3gy0n8rfa01k8k"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "github.com/dchest/siphash"))
+     (home-page "https://github.com/dchest/siphash")
+     (synopsis "Go library for siphash")
+     (description "Go implementation of SipHash-2-4, a fast short-input PRF
+created by Jean-Philippe Aumasson and Daniel J. Bernstein.")
+     (license license:cc0))))
+
+(define-public go-github-com-dchest-uniuri
+  (let ((commit "8902c56451e9b58ff940bbe5fec35d5f9c04584a")
+        (revision "0"))
+    (package
+     (name "go-github-com-dchest-uniuri")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/dchest/uniuri")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "1x5bsbm1nlphsv96zd0rbclfaa1swpz5bp14x7s5dbxp0awk2gd4"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "github.com/dchest/uniuri"))
+     (home-page "https://github.com/dchest/uniuri")
+     (synopsis "Go library for random URIs")
+     (description "Package uniuri generates random strings good for use in
+URIs to identify unique objects.")
+     (license license:cc0))))
+
+(define-public go-github-com-dsnet-compress
+  (let ((commit "cc9eb1d7ad760af14e8f918698f745e80377af4f")
+        (revision "0"))
+    (package
+     (name "go-github-com-dsnet-compress")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/dsnet/compress")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "159liclywmyb6zx88ga5gn42hfl4cpk1660zss87fkx31hdq9fgx"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "github.com/dsnet/compress"))
+     (home-page "https://github.com/dsnet/compress")
+     (synopsis "Go library for extended compression")
+     (description "This is a collection of compression related libraries.
+The goal of this project is to provide pure Go implementations for popular
+compression algorithms bey ond what the Go standard library provides.")
+     (license license:bsd-2))));; Unnamed. Go license?
+
+(define-public go-schwanenlied-me-yawning-bsaes
+  (let ((commit "26d1add596b6d800bdeeb3bc3b2c7b316c056b6d")
+        (revision "0"))
+    (package
+     (name "go-schwanenlied-me-yawning-bsaes")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://git.schwanenlied.me/yawning/bsaes.git")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "0h4dsyw54n9rcwprqy93wv2v1gcvlq1vfqdp1g7wxdkq457rhvys"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "git.schwanenlied.me/yawning/bsaes.git"))
+     (home-page "https://git.schwanenlied.me/yawning/bsaes.git")
+     (synopsis "Go AES library")
+     (description "Portable pure-Go constant time AES implementation based on
+the excellent code from [BearSSL](https://bearssl.org/).  On AMD64 systems
+with AES-NI and a sufficiently recent Go runtime, it will transparently call
+crypto/aes when NewCipher is invoked.")
+     (license license:bsd-2))));; Also unnamed.
+
+(define-public go-gitlab-com-yawning-utls
+  (package
+   (name "go-gitlab-com-yawning-utls")
+   (version "0.0.10-1")
+   (source
+    (origin
+     (method git-fetch)
+     (uri (git-reference
+           (url "https://gitlab.com/yawning/utls.git")
+           (commit (string-append "v" version))))
+     (file-name (git-file-name name version))
+     (sha256
+      (base32
+       "15c46s56r45n22rmq9spnczydnkqrnxff28h5mpnk5yvcqif3lgb"))))
+   (build-system go-build-system)
+   (arguments
+    '(#:tests? #f ;; Tries to connect and fails.
+      #:import-path "gitlab.com/yawning/utls.git"))
+   (propagated-inputs
+    `(("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+      ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+      ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)))
+   (home-page "https://gitlab.com/yawning/utls.git")
+   (synopsis "Go library for UTLS")
+   (description "UTLS fork for the specific purpose of improving obfs4proxy's
+meek_lite transport.")
+   (license license:gpl3+)))
diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
new file mode 100644
index 0000000000..e65348b7f5
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
@@ -0,0 +1,22 @@
+Change TorBrowser desktop file in order for it to be agnostic to the
+path when invoked.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/projects/tor-browser/RelativeLink/start-tor-browser.desktop.orig    2020-07-05 18:47:40.689484877 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/projects/tor-browser/RelativeLink/start-tor-browser.desktop 2020-07-24 14:36:37.720579884 -0300
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env ./Browser/execdesktop
++#!/usr/bin/env bash
+ #
+ # This file is a self-modifying .desktop file that can be run from the shell.
+ # It preserves arguments and environment for the start-tor-browser script.
+@@ -28,7 +28,7 @@
+ GenericName=Web Browser
+ Comment=Tor Browser is +1 for privacy and −1 for mass surveillance
+ Categories=Network;WebBrowser;Security;
+-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k
+-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
+-Icon=web-browser
++Exec=bash -c start-tor-browser
++X-TorBrowser-ExecShell=start-tor-browser --detach
++Icon=torbrowser
+ StartupWMClass=Tor Browser
diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.patch b/gnu/packages/patches/torbrowser-start-tor-browser.patch
new file mode 100644
index 0000000000..e3e29e61ed
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-tor-browser.patch
@@ -0,0 +1,184 @@
+Change TorBrowser startup script in order for it to setup needed files
+outside guix store. Remove tests which are not needed on guix system.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/projects/tor-browser/RelativeLink/start-tor-browser.orig    2020-07-05 18:47:40.685485004 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/projects/tor-browser/RelativeLink/start-tor-browser 2020-07-23 18:13:32.426282743 -0300
+@@ -5,6 +5,16 @@
+ #
+ # Copyright 2017 The Tor Project.  See LICENSE for licensing information.
+ 
++TBB_HOME="${HOME}/.local/share/torbrowser"
++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"
++TBB_DATA="${TBB_HOME}/Data"
++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"
++TBB_STORE_PATH=$(dirname $(realpath "$0"))
++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"
++TORRC="${TBB_DATA}/Tor/torrc-defaults"
++#TORRC_BRIDGE="${TORRC}-appendix"
++PT_PREFS="${TBB_DATA}/Browser/bridge-prefs-js-appendix"
++
+ complain_dialog_title="Tor Browser"
+ 
+ # First, make sure DISPLAY is set.  If it isn't, we're hosed; scream
+@@ -134,8 +144,8 @@
+           ;;
+       -l | --log)
+           if [ -z "$2" -o "${2:0:1}" == "-" ]; then
+-             printf "Logging Tor Browser debug information to tor-browser.log\n"
+-             logfile="../tor-browser.log"
++             printf "Logging Tor Browser debug information to torbrowser.log\n"
++             logfile="${TBB_LOGFILE}"
+           elif [ "${2:0:1}" == "/" -o "${2:0:1}" == "~" ]; then
+              printf "Logging Tor Browser debug information to %s\n" "$2"
+              logfile="$2"
+@@ -187,41 +197,23 @@
+ 	export XAUTHORITY
+ fi
+ 
+-# If this script is being run through a symlink, we need to know where
+-# in the filesystem the script itself is, not where the symlink is.
+-myname="$0"
+-if [ -L "$myname" ]; then
+-	# XXX readlink is not POSIX, but is present in GNU coreutils
+-	# and on FreeBSD.  Unfortunately, the -f option (which follows
+-	# a whole chain of symlinks until it reaches a non-symlink
+-	# path name) is a GNUism, so we have to have a fallback for
+-	# FreeBSD.  Fortunately, FreeBSD has realpath instead;
+-	# unfortunately, that's also non-POSIX and is not present in
+-	# GNU coreutils.
+-	#
+-	# If this launcher were a C program, we could just use the
+-	# realpath function, which *is* POSIX.  Too bad POSIX didn't
+-	# make that function accessible to shell scripts.
+-
+-	# If realpath is available, use it; it Does The Right Thing.
+-	possibly_my_real_name="`realpath "$myname" 2>/dev/null`"
+-	if [ "$?" -eq 0 ]; then
+-		myname="$possibly_my_real_name"
+-	else
+-		# realpath is not available; hopefully readlink -f works.
+-		myname="`readlink -f "$myname" 2>/dev/null`"
+-		if [ "$?" -ne 0 ]; then
+-			# Ugh.
+-			complain "start-tor-browser cannot be run using a symlink on this operating system."
+-		fi
+-	fi
++# Try to be agnostic to where we're being started from, check if files are on its
++# default paths and chdir to TBB_HOME
++if [ -e "${TORRC}" ]; then
++   cd "${TBB_HOME}"
++else
++   mkdir -p "${TBB_HOME}"
++   cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
++   chmod -R 700 "${TBB_HOME}"
++   mkdir -p "${TBB_PROFILE}"
++   echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\
++     > "${TBB_PROFILE}/user.js"
++   grep -v 'default_bridge\.snowflake' "${PT_PREFS}" >> "${TBB_PROFILE}/user.js"
++   echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
++     >> "${TORRC}"
++   cd "${TBB_HOME}"
+ fi
+ 
+-# Try to be agnostic to where we're being started from, chdir to where
+-# the script is.
+-mydir="`dirname "$myname"`"
+-test -d "$mydir" && cd "$mydir"
+-
+ # If ${PWD} results in a zero length string, we can try something else...
+ if [ ! "${PWD}" ]; then
+ 	# "hacking around some braindamage"
+@@ -236,16 +228,9 @@
+   ln -nsf ~/.config/ibus/bus .config/ibus
+ fi
+ 
+-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from the
+-# canonical version if it was changed by the updater.
+-cp start-tor-browser.desktop ../
+-sed -i -e "s,^Name=.*,Name=Tor Browser,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Icon=.*,Icon=$PWD/browser/chrome/icons/default/default128.png,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Exec=.*,Exec=sh -c '\"$PWD/start-tor-browser\" --detach || ([ !  -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Browser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop
+-
+ if [ "$register_desktop_app" -eq 1 ]; then
+ 	mkdir -p "$HOME/.local/share/applications/"
+-	cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
++	cp "${TBB_STORE_PATH}/start-tor-browser.desktop" "$HOME/.local/share/applications/"
+ 	update-desktop-database "$HOME/.local/share/applications/"
+ 	printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"
+ 	exit 0
+@@ -265,21 +250,6 @@
+ HOME="${PWD}"
+ export HOME
+ 
+-SYSARCHITECTURE=$(getconf LONG_BIT)
+-TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
+-
+-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
+-   complain "Wrong architecture? 32-bit vs. 64-bit."
+-   exit 1
+-fi
+-
+-[% IF c("var/asan") -%]
+-# We need to disable LSan which is enabled by default now. Otherwise we'll get
+-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59
+-ASAN_OPTIONS="detect_leaks=0"
+-export ASAN_OPTIONS
+-[% END -%]
+-
+ function setControlPortPasswd() {
+     local ctrlPasswd=$1
+ 
+@@ -342,13 +312,15 @@
+ # your password in the following line where the word “secret” is:
+ setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'}
+ 
+-# Set up custom bundled fonts. See fonts-conf(5).
+-export FONTCONFIG_PATH="${HOME}/TorBrowser/Data/fontconfig"
+-export FONTCONFIG_FILE="fonts.conf"
+-
+ # Avoid overwriting user's dconf values. Fixes #27903.
+ export GSETTINGS_BACKEND=memory
+ 
++# Set up custom bundled fonts. See fonts-conf(5).
++export FONTCONFIG_FILE="${HOME}/Data/fontconfig/fonts.conf"
++
++sed -i "${FONTCONFIG_FILE}"\
++    -e "s,<dir>fonts</dir>,<dir>${TBB_STORE_PATH}/fonts</dir>,"
++
+ cd "${HOME}"
+ 
+ # We pass all additional command-line arguments we get to Firefox.
+@@ -357,23 +329,23 @@
+ 
+ if [ "$show_usage" -eq 1 ]; then
+     # Display Firefox help, then our help
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/null
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default --help 2>/dev/null
+     tbb_usage
+ elif [ "$detach" -eq 1 ] ; then
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-       -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++       -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
+     disown "$!"
+ elif [ "$log_output" -eq 1 -a "$show_output" -eq 1 ]; then
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
+         tee "$logfile"
+ elif [ "$show_output" -eq 1 ]; then
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" < /dev/null
+ else
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
+ fi
+ 
+ exit $?
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index c852c54a5b..4fe3f69ef3 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -28,28 +28,69 @@
 
 (define-module (gnu packages tor)
   #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix gexp)
+  #:use-module (guix monads)
   #:use-module (guix packages)
   #:use-module (guix utils)
+  #:use-module (guix store)
   #:use-module (guix download)
   #:use-module (guix git-download)
+  #:use-module (guix build-system cargo)
+  #:use-module (guix build-system go)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
+  #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages audio)
+  #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
-  #:use-module (gnu packages libevent)
-  #:use-module (gnu packages linux)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages golang)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages libcanberra)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages llvm)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages nss)
   #:use-module (gnu packages pcre)
+  #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-crypto)
   #:use-module (gnu packages python-web)
   #:use-module (gnu packages python-xyz)
   #:use-module (gnu packages qt)
-  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages readline)
+  #:use-module (gnu packages rsync) ; for httpse
+  #:use-module (gnu packages rust)
+  #:use-module (gnu packages rust-apps)
+  #:use-module (gnu packages sqlite)
   #:use-module (gnu packages tls)
-  #:use-module (gnu packages w3m))
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages vim) ; for xxd
+  #:use-module (gnu packages w3m)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xorg)
+  #:use-module (gnu packages xml) ; for httpse
+  #:use-module (ice-9 match)
+  #:use-module ((srfi srfi-1) #:hide (zip)))
 
 (define-public tor
   (package
@@ -324,3 +365,706 @@ statistics and status reports on:
 
 Potential client and exit connections are scrubbed of sensitive information.")
     (license license:gpl3+)))
+
+(define-public obfs4
+  (package
+   (name "obfs4")
+   (version "0.0.11")
+   (source
+    (origin
+     (method git-fetch)
+     (uri (git-reference
+           (url "https://git.torproject.org/pluggable-transports/obfs4.git")
+           (commit (string-append "obfs4proxy-" version))))
+     (file-name (git-file-name name version))
+     (sha256
+      (base32
+       "1y2kjwrk64l1h8b87m4iqsanib5rn68gzkdri1vd132qrlypycjn"))))
+   (build-system go-build-system)
+   (arguments
+    '(#:import-path "git.torproject.org/pluggable-transports/obfs4.git"
+      #:tests? #f ;; No test files
+      #:phases
+      (modify-phases %standard-phases
+        (replace 'build
+          (lambda* (#:key outputs configure-flags #:allow-other-keys)
+            (let ((out (assoc-ref outputs "out")))
+              (copy-recursively
+               "src/git.torproject.org/pluggable-transports/obfs4.git"
+               "src/gitlab.com/yawning/obfs4.git"
+               #:log (%make-void-port "w"))
+              (with-directory-excursion
+               "src/git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy"
+               (invoke "go" "build" "-ldflags" "-s"))
+            #t)))
+        (replace 'install
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let* ((out (assoc-ref outputs "out"))
+                   (srcdir
+                    "src/git.torproject.org/pluggable-transports/obfs4.git")
+                   (bindir (string-append out "/bin"))
+                   (sharedir (string-append out "/share/"))
+                   (docdir (string-append sharedir "/doc"))
+                   (mandir (string-append out "/man/man1")))
+              (mkdir-p mandir)
+              (mkdir-p bindir)
+              (mkdir-p docdir)
+              (with-directory-excursion
+               (string-append srcdir "/obfs4proxy")
+               (copy-file "obfs4proxy"
+                          (string-append bindir "/obfs4proxy")))
+              (with-directory-excursion
+               (string-append srcdir "/doc")
+               (copy-file "obfs4proxy.1"
+                          (string-append mandir "/obfs4proxy.1"))
+               (copy-file "obfs4-spec.txt"
+                          (string-append docdir "/obfs4-spec.txt")))
+            #t))))))
+   (propagated-inputs
+    `(("go-torproject-org-ptlib" ,go-torproject-org-ptlib)
+      ;; Currently uses this, but the readme on github is pointing
+      ;; users to start relying on x/crypto/ed25519 instead.
+      ("go-github-com-agl-ed25519" ,go-github-com-agl-ed25519)
+      ("go-github-com-dchest-siphash" ,go-github-com-dchest-siphash)
+      ("go-github-com-dchest-uniuri" ,go-github-com-dchest-uniuri)
+      ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+      ("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+      ("go-gitlab-com-yawning-utls" ,go-gitlab-com-yawning-utls)
+      ("go-golang-org-x-net" ,go-golang-org-x-net)
+      ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)
+      ("go-golang-org-x-text" ,go-golang-org-x-text)))
+   (home-page "https://git.torproject.org/pluggable-transports/obfs4.git")
+   (synopsis "Obfs4 implements an obfuscation protocol")
+   (description "This is a look-like nothing obfuscation protocol that
+incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.
+The obfs naming was chosen primarily because it was shorter, in terms of
+protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")
+   (license license:gpl3+)))
+
+(define* (computed-origin-method gexp-promise hash-algo hash
+                                 #:optional (name "source")
+                                 #:key (system (%current-system))
+                                 (guile (default-guile)))
+  "Return a derivation that executes the G-expression that results
+from forcing GEXP-PROMISE."
+  (mlet %store-monad ((guile (package->derivation guile system)))
+    (gexp->derivation (or name "computed-origin")
+                      (force gexp-promise)
+                      #:graft? #f       ;nothing to graft
+                      #:system system
+                      #:guile-for-build guile)))
+
+;; Fonts for TorBrowser. Avoid downloading 4Gb+ git repo on
+;; https://github.com/googlei18n/noto-fonts.git to use just a handful.
+;; Use the fonts on TorBrowser package.
+(define torbrowser-fonts
+  (package
+   (name "torbrowser-fonts")
+   (version "9.5.1")
+   (source (origin
+            (method url-fetch)
+            (uri (string-append "https://dist.torproject.org/torbrowser/"
+                                version "/tor-browser-linux64-"
+                                version "_en-US.tar.xz"))
+            (sha256
+             (base32
+              "18xv8pv2j55f78n4d7cz24zwhqlcxkpq8nbanl754k2k0s1w34dd"))))
+   (build-system trivial-build-system)
+   (native-inputs
+    `(("tar" ,tar)
+      ("xz" ,xz)))
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (let ((src (assoc-ref %build-inputs "source"))
+                        (src-dir "tor-browser_en-US/Browser/fonts")
+                        (install-dir (string-append %output "/fonts"))
+                        (tar (assoc-ref %build-inputs "tar"))
+                        (xz (assoc-ref %build-inputs "xz")))
+
+                    (mkdir-p install-dir)
+                    (format #t "Untaring torbrowser ball ...~%")
+                    (invoke (string-append tar "/bin/tar") "-xf" src
+                            "-C" install-dir "--strip-components=3"
+                            (string-append "--use-compress-program=" xz "/bin/xz")
+                            src-dir)
+                    #t))))
+   (home-page "https://github.com/googlei18n/noto-fonts")
+   (synopsis "TorBrowser bundled fonts")
+   (description "Free fonts bundled with TorBrowser.  Includes a subset of Noto,
+Arimo, Cousine, Tinos and STIX fonts.")
+   (license license:silofl1.1)))
+
+(define %torbrowser-version "68.10.0esr-9.5-1")
+(define %torbrowser-build-id "20200709000000") ;must be of the form YYYYMMDDhhmmss
+
+;; (Un)fortunatly TorBrowser has it's own reproducible build system - RBM - which
+;; automates the build process for them and compiles TorBrowser from a range of
+;; repositories and produces a range of tarballs for different architectures and
+;; locales. So we need to cherry-pick what is needed for guix and produce our own
+;; tarball. See https://gitweb.torproject.org/builders/tor-browser-build.git/projects/\
+;; {tor-browser,firefox}/{build,config} for the rationale applied here. See also
+;; the Hacking on TorBrowser document for a high level introduction at
+;; https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking).
+;;
+;; TODO: Import langpacks.
+(define torbrowser-source
+  (let* ((torbrowser-commit "75c2bb720d4ceb76231e8ecc3455754bf05ba19b")
+         (torbrowser-version %torbrowser-version)
+         (upstream-torbrowser-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference
+                  (url "https://git.torproject.org/tor-browser.git")
+                  (commit torbrowser-commit)))
+            (file-name (git-file-name "tor-browser" torbrowser-version))
+            (sha256
+             (base32
+              "19sk46k2bqa72il46pdl534nk2g3fi6l7m7kbglddccxv19ck0k4"))))
+
+         (torbrowser-build-commit "e94ba3a7677f7051a14b2304427ec8393a450fdc")
+         (torbrowser-build-version "9.5")
+         (upstream-torbrowser-build-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference
+                  (url "https://git.torproject.org/builders/tor-browser-build.git")
+                  (commit torbrowser-build-commit)))
+            (file-name (git-file-name "tor-browser-build"
+                                      torbrowser-build-version))
+            (sha256
+             (base32
+              "1jgkrsckcjgr1lgcwahzdrcasmpghs2ppz6w80fya89pa5d6r0gv"))))
+
+         (torbutton-commit "ebe2bedab44e38f18c7968bd327d99eef7660f34")
+         (torbutton-version "9.5")
+         (upstream-torbutton-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference
+                  (url "https://git.torproject.org/torbutton.git")
+                  (commit torbutton-commit)))
+            (file-name (git-file-name "torbutton" torbutton-version))
+            (sha256
+             (base32
+              "03xdyszab1a8j98xv6440v4lq58jkfqgmhxc2a62qz8q085d2x83"))))
+
+         (tor-launcher-commit "b4838d339a84c5ebebd91a0ba6b22d44ecda97b1")
+         (tor-launcher-version "0.2.21")
+         (upstream-tor-launcher-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference
+                  (url "https://git.torproject.org/tor-launcher.git")
+                  (commit tor-launcher-commit)))
+            (file-name (git-file-name "tor-launcher" tor-launcher-version))
+            (sha256
+             (base32
+              "0xxwyw1j6dkm2a24kg1564k701p5ikfzs1f9n0gflvlzz9427haf"))))
+
+         (https-everywhere-version "2020.5.20")
+         (upstream-https-everywhere-source
+          (origin
+            (method url-fetch)
+            (uri (string-append "https://github.com/EFForg/https-everywhere/archive/"
+                                https-everywhere-version ".tar.gz"))
+            (sha256
+             (base32
+              "027lga3z0a4d7s95id861das7g0k29p7pqh9xd77jm87f7w4l763"))))
+
+         (noscript-xpi-version "11.0.34")
+         (upstream-noscript-xpi
+          (origin
+            (method url-fetch)
+            (uri (string-append "https://secure.informaction.com/download/releases/noscript-"
+                                noscript-xpi-version ".xpi"))
+            (sha256
+             (base32
+              "0y45925ms2bk9d42zbgwcdb2sif8kqlbaflkz15q08gi7vgki6km")))))
+
+    ;; Now we bundle the grabbed sources.
+    (origin
+      (method computed-origin-method)
+      (file-name (string-append "torbrowser-" %torbrowser-version ".tar.xz"))
+      (sha256 #f)
+      (uri
+       (delay
+         (with-imported-modules '((guix build utils))
+          #~(begin
+              (use-modules (guix build utils))
+              (let ((torbrowser-dir (string-append "torbrowser-"
+                                                   #$torbrowser-version))
+                    (torbutton-dir "toolkit/torproject/torbutton")
+                    (tor-launcher-dir "browser/extensions/tor-launcher")
+                    (tbb-scripts-dir "tbb-scripts")
+                    (https-everywhere "https-everywhere.tar.gz")
+                    (noscript-xpi "noscript.xpi"))
+
+                (set-path-environment-variable
+                 "PATH" '("bin")
+                 (list #+(canonical-package bash)
+                       #+(canonical-package xz)
+                       #+(canonical-package tar)))
+
+                (format #t "Copying torbrowser source to writable path ...~%")
+                (force-output)
+                (copy-recursively #+upstream-torbrowser-source
+                                  torbrowser-dir
+                                  #:log (%make-void-port "w"))
+
+                (with-directory-excursion torbrowser-dir
+                  (format #t "Copying torbutton source to torbrowser...~%")
+                  (force-output)
+                  (make-file-writable torbutton-dir)
+                  (copy-recursively #+upstream-torbutton-source
+                                    torbutton-dir
+                                    #:log (%make-void-port "w"))
+
+                  (format #t "Copying tor-launcher source to torbrowser...~%")
+                  (force-output)
+                  (copy-recursively #+upstream-tor-launcher-source
+                                    tor-launcher-dir
+                                    #:log (%make-void-port "w"))
+
+                  (format #t "Copying tor-browser-build source to torbrowser...~%")
+                  (force-output)
+                  (mkdir tbb-scripts-dir)
+                  (copy-recursively #+upstream-torbrowser-build-source
+                                    tbb-scripts-dir
+                                    #:log (%make-void-port "w"))
+
+                  (format #t "Copying https-everywhere source to torbrowser...~%")
+                  (force-output)
+                  (copy-file #+upstream-https-everywhere-source
+                             https-everywhere)
+
+                  (format #t "Copying noscript xpi to torbrowser...~%")
+                  (force-output)
+                  (copy-file #+upstream-noscript-xpi
+                             "noscript.xpi"))
+
+                (invoke "tar" "cvfa" #$output
+                        ;; Avoid non-determinism in the archive.
+                        "--mtime=@315619200" ; 1980-01-02 UTC
+                        "--owner=root:0"
+                        "--group=root:0"
+                        "--sort=name"
+                        torbrowser-dir)
+              #t))))))))
+
+(define-public torbrowser-unbundle
+  (package
+    (name "torbrowser-unbundle")
+    (version %torbrowser-version)
+    (source torbrowser-source)
+    (build-system gnu-build-system)
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("bzip2" ,bzip2)
+       ("cups" ,cups)
+       ("dbus-glib" ,dbus-glib)
+       ("ffmpeg" ,ffmpeg)
+       ("freetype" ,freetype)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+" ,gtk+)
+       ("gtk+-2" ,gtk+-2)
+       ("graphite2" ,graphite2)
+       ("harfbuzz" ,harfbuzz)
+       ("icu4c" ,icu4c)
+       ("libcanberra" ,libcanberra)
+       ("libgnome" ,libgnome)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("libogg" ,libogg)
+       ;; ("libtheora" ,libtheora) ; wants theora-1.2, not yet released
+       ("libvorbis" ,libvorbis)
+       ("libxft" ,libxft)
+       ("libevent" ,libevent)
+       ("libxinerama" ,libxinerama)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libxcomposite" ,libxcomposite)
+       ("libxt" ,libxt)
+       ("libffi" ,libffi)
+       ("libvpx" ,libvpx)
+       ("mesa" ,mesa)
+       ("mit-krb5" ,mit-krb5)
+       ;; See <https://bugs.gnu.org/32833>
+       ;;   and related comments in the 'remove-bundled-libraries' phase.
+       ;; UNBUNDLE-ME! ("nspr" ,nspr)
+       ;; UNBUNDLE-ME! ("nss" ,nss)
+       ("obfs4" ,obfs4)
+       ("pango" ,pango)
+       ("pixman" ,pixman)
+       ("pulseaudio" ,pulseaudio)
+       ("shared-mime-info" ,shared-mime-info)
+       ("sqlite" ,sqlite)
+       ("startup-notification" ,startup-notification)
+       ("tor" ,tor-client)
+       ("unzip" ,unzip)
+       ("zip" ,zip)
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("autoconf" ,autoconf-2.13)
+       ("cargo" ,rust "cargo")
+       ("clang" ,clang)
+       ("libxml2" ,libxml2) ; for https-e
+       ("libxslt" ,libxslt) ; for https-e
+       ("llvm" ,llvm)
+       ("openssl" ,openssl) ; For hash+sig on https-everywhere
+       ("patch" ,(canonical-package patch))
+       ("torbrowser-start-tor-browser.patch"
+        ,(search-patch "torbrowser-start-tor-browser.patch"))
+       ("torbrowser-start-tor-browser.desktop.patch"
+        ,(search-patch "torbrowser-start-tor-browser.desktop.patch"))
+       ("perl" ,perl)
+       ("pkg-config" ,pkg-config)
+       ("python" ,python)
+       ("python2" ,python-2.7)
+       ("python2-pysqlite" ,python2-pysqlite)
+       ("nasm" ,nasm)  ; XXX FIXME: only needed on x86_64 and i686
+       ("node" ,node)
+       ("rsync" ,rsync) ; for https-e build
+       ("rust" ,rust)
+       ("rust-cbindgen" ,rust-cbindgen)
+       ("tar" ,tar) ; for untaring extensions
+       ("torbrowser-fonts" ,torbrowser-fonts)
+       ("util-linux" ,util-linux) ; for getopt on https-everywhere build
+       ("which" ,which)
+       ("xxd" ,xxd) ; for https-everywhere build
+       ("yasm" ,yasm)))
+    (arguments
+     `(#:tests? #f          ; Some tests are autodone by mach on build fase.
+
+       ;; XXX: There are RUNPATH issues such as
+       ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so,
+       ;; which is not in its RUNPATH, but they appear to be harmless in
+       ;; practice somehow.  See <http://hydra.gnu.org/build/378133>.
+       #:validate-runpath? #f
+
+       #:imported-modules ,%cargo-utils-modules ;for `generate-all-checksums'
+
+       #:modules ((ice-9 ftw)
+                  (ice-9 rdelim)
+                  (ice-9 regex)
+                  (ice-9 match)
+                  (srfi srfi-34)
+                  (srfi srfi-35)
+                  (rnrs bytevectors)
+                  (rnrs io ports)
+                  (guix elf)
+                  (guix build gremlin)
+                  (guix build utils)
+                  (sxml simple)
+                  ,@%gnu-build-system-modules)
+
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'unpack-extensions
+           (lambda* (#:key inputs native-inputs #:allow-other-keys)
+             (let ((https-everywhere-archive "https-everywhere.tar.gz")
+                   (https-everywhere-srcdir "https-everywhere-src")
+                   (bash (which "bash")))
+               (setenv "SHELL" bash)
+               (mkdir https-everywhere-srcdir)
+               (invoke "tar" "xf" https-everywhere-archive
+                       "--strip-components=1" "-C" https-everywhere-srcdir))
+             #t))
+
+         (add-after 'unpack-extensions 'apply-guix-specific-patches
+           (lambda* (#:key inputs native-inputs #:allow-other-keys)
+             (let ((patch (string-append (assoc-ref (or native-inputs inputs)
+                                                    "patch")
+                                         "/bin/patch")))
+               (for-each (match-lambda
+                           ((label . file)
+                            (when (and (string-prefix? "torbrowser-" label)
+                                       (string-suffix? ".patch" label))
+                              (format #t "applying '~a'...~%" file)
+                              (invoke patch "--force" "--no-backup-if-mismatch"
+                                      "-p1" "--input" file))))
+                         (or native-inputs inputs)))
+             #t))
+
+         ;; On mach build system this is done on configure.
+         (delete 'bootstrap)
+
+         (add-after 'patch-source-shebangs 'patch-cargo-checksums
+           (lambda _
+             (use-modules (guix build cargo-utils))
+             (let ((null-hash "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"))
+               (substitute* '("Cargo.lock" "gfx/wr/Cargo.lock")
+                 (("(\"checksum .* = )\".*\"" all name)
+                  (string-append name "\"" null-hash "\"")))
+               (generate-all-checksums "third_party/rust"))
+             #t))
+
+         (add-after 'build 'neutralize-store-references
+           (lambda _
+             ;; Mangle the store references to compilers & other build tools in
+             ;; about:buildconfig, reducing TorBrowser's closure significant.
+             ;; The resulting files are saved in lib/firefox/omni.ja
+             (substitute* "objdir/dist/bin/chrome/toolkit/content/global/buildconfig.html"
+                          (((format #f "(~a/)([0-9a-df-np-sv-z]{32})"
+                                    (regexp-quote (%store-directory))) _ store hash)
+                           (string-append store
+                                          (string-take hash 8)
+                                          "<!-- Guix: not a runtime dependency -->"
+                                          (string-drop hash 8))))
+             #t))
+
+         (replace 'configure
+           (lambda* (#:key inputs outputs configure-flags #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bash (which "bash"))
+                    (flags `(,(string-append "--prefix=" out)
+                             ,@configure-flags)))
+
+               (setenv "SHELL" bash)
+               (setenv "AUTOCONF" (string-append
+                                   (assoc-ref %build-inputs "autoconf")
+                                   "/bin/autoconf"))
+               (setenv "CONFIG_SHELL" bash)
+               (setenv "PYTHON" (string-append
+                                 (assoc-ref inputs "python2")
+                                 "/bin/python"))
+               (setenv "MOZ_BUILD_DATE" ,%torbrowser-build-id) ; avoid timestamp.
+               (setenv "LDFLAGS" (string-append
+                                  "-Wl,-rpath="
+                                  (assoc-ref outputs "out")
+                                  "/lib/firefox"))
+
+               (substitute* ".mozconfig"
+                 ;; Arch independent builddir.
+                 (("(mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj).*" _ m)
+                  (string-append m "dir\n"))
+                 (("ac_add_options --disable-tor-launcher") "")
+                 ;; We won't be building incrementals.
+                 (("ac_add_options --enable-signmar") "")
+                 (("ac_add_options --enable-verify-mar") "")
+                 (("ac_add_options --with-tor-browser-version=dev-build")
+                  (string-append "ac_add_options --with-tor-browser-version=org.gnu\n"
+                                 "ac_add_options --with-unsigned-addon-scopes=app\n"
+                                 "ac_add_options --enable-pulseaudio\n"
+                                 "ac_add_options --disable-debug-symbols\n"
+                                 "ac_add_options --disable-updater\n"
+                                 "ac_add_options --disable-gconf\n"
+                                 ;; Other syslibs that can be unbundled? (nss, nspr)
+                                 "ac_add_options --enable-system-pixman\n"
+                                 "ac_add_options --enable-system-ffi\n"
+                                 "ac_add_options --with-system-bz2\n"
+                                 "ac_add_options --with-system-icu\n"
+                                 "ac_add_options --with-system-jpeg\n"
+                                 "ac_add_options --with-system-libevent\n"
+                                 "ac_add_options --with-system-zlib\n"
+                                 ;; Without these clang is not found.
+                                 "ac_add_options --with-clang-path="
+                                  (assoc-ref %build-inputs "clang") "/bin/clang\n"
+                                 "ac_add_options --with-libclang-path="
+                                  (assoc-ref %build-inputs "clang") "/lib\n")))
+
+               (substitute* "browser/app/profile/000-tor-browser.js"
+                 ;; TorBrowser updates are disabled on mozconfig, but let's make sure.
+                 (("(pref\\(\"extensions.torbutton.versioncheck_enabled\").*" _ m)
+                  (string-append m ",false);\n")))
+
+               (substitute* "browser/extensions/tor-launcher/src/defaults/preferences/torlauncher-prefs.js"
+                 ;; Not multilingual. See tor-browser/build:141. Currently disabled on
+                 ;; tor-launcher, but let's make sure while missing langpacks.
+                 (("(pref\\(\"extensions.torlauncher.prompt_for_locale\").*" _ m)
+                  (string-append m ", false);\n")))
+
+               ;; For user data outside the guix store.
+               (substitute* "xpcom/io/TorFileUtils.cpp"
+                 (("ANDROID") "GNUGUIX"))
+               (substitute* "old-configure.in"
+                 (("(AC_SUBST\\(TOR_BROWSER_DISABLE_TOR_LAUNCHER\\))" _ m)
+                  (string-append m "\n AC_DEFINE(GNUGUIX)\n")))
+
+               (format #t "Invoking mach configure ...~%")
+               (invoke "./mach" "configure"))
+             #t))
+
+         (add-after 'configure 'build-extensions
+           (lambda* (#:key inputs native-inputs #:allow-other-keys)
+             (let ((bash (which "bash")))
+               (setenv "SHELL" bash)
+               ;; Python3.6 is hardcoded on these scripts. Using v3.8 appears to
+               ;; be harmless.
+               (with-directory-excursion "https-everywhere-src"
+                 (substitute* '("install-dev-dependencies.sh"
+                                "make.sh"
+                                "hooks/precommit"
+                                "test/firefox.sh"
+                                "test/manual.sh"
+                                "test/script.py"
+                                "test/validations.sh"
+                                "utils/create_zip.py"
+                                "utils/merge-rulesets.py"
+                                "utils/setversion.py"
+                                "utils/zipfile_deterministic.py")
+                   (("python3.6") "python3"))
+
+                 ;; Failing to generate the xpi, but copy-dir appears to be enough.
+                 ;; Failing on missing 'wasm'? Not generating rulesets.
+                 (invoke "./make.sh")))
+             #t))
+
+         (replace 'build
+                  (lambda _ (invoke "./mach" "build")))
+
+         ;; TorBrowser just do a stage-package here and copy files to its places.
+         (replace 'install
+           (lambda* (#:key inputs native-inputs outputs
+                     #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (applications (string-append out "/share/applications"))
+                    (builddir "objdir/dist/firefox")
+                    (bindir (string-append out "/bin"))
+                    (libdir (string-append out "/lib/firefox"))
+                    (extdir (string-append libdir "/browser/extensions"))
+                    (tordir (string-append libdir "/TorBrowser/Tor"))
+                    (ptdir (string-append tordir "/PluggableTransports"))
+                    (tbbscripts-dir "tbb-scripts/projects/tor-browser")
+                    (ptconfigsdir (string-append
+                                   tbbscripts-dir
+                                   "/Bundle-Data/PTConfigs"))
+                    (torbrowser-fonts (or (assoc-ref native-inputs
+                                                     "torbrowser-fonts")
+                                          (assoc-ref inputs
+                                                     "torbrowser-fonts")))
+                    (obfs4bin (string-append
+                               (assoc-ref inputs "obfs4")
+                               "/bin/obfs4proxy"))
+                    (torbin (string-append
+                             (assoc-ref inputs "tor")
+                             "/bin/tor"))
+                    (tbb-start-script (string-append
+                                       tbbscripts-dir
+                                       "/RelativeLink/start-tor-browser"))
+                    (tbb-desktop (string-append
+                                  tbbscripts-dir
+                                  "/RelativeLink/start-tor-browser.desktop"))
+                    (tbbdocs-in (string-append tbbscripts-dir
+                                               "/Bundle-Data/Docs"))
+                    (tbbdocs-out (string-append libdir
+                                                "/TorBrowser/Docs"))
+                    (tordata-in (string-append
+                                 tbbscripts-dir
+                                 "/Bundle-Data/linux/Data"))
+                    (tordata-out (string-append libdir
+                                                "/TorBrowser/Data"))
+                    (noscript-id "{73a6fe31-595d-460b-a920-fcc0f8843232}")
+                    (httpse-id "https-everywhere-eff@eff.org"))
+               ;; Stage-package
+               (format #t "Staging package ...~%")
+               (invoke "./mach" "build" "stage-package")
+               ;; Now we start moving files to its default paths.
+               (format #t "Deleting spurious files ...~%")
+               ;; TorBrowser doesn't use those.
+               ;; See: tor-browser-build.git/projects/firefox/build:167
+               (with-directory-excursion
+                builddir
+                (for-each (lambda (file)
+                            (if (file-exists? file)
+                                (delete-file file)
+                                (display (string-append "Warning: file "
+                                           file " not found! Skipping...\n"))))
+                          '("firefox-bin" "libfreeblpriv3.chk" "libnssdbm3.chk"
+                            "libsoftokn3.chk" "fonts/TwemojiMozilla.ttf")))
+               (rmdir (string-append builddir "/fonts"))
+
+               (format #t "Creating install dirs ...~%")
+               (mkdir-p libdir)
+               (mkdir bindir)
+               (mkdir-p applications)
+               (mkdir-p tordir)
+               (mkdir-p ptdir)
+               (mkdir-p tordata-out)
+               (mkdir-p tbbdocs-out)
+               (mkdir-p extdir)
+               (format #t "Copying files to install dirs ...~%")
+               (copy-recursively builddir (string-append libdir "/")
+                                 #:log (%make-void-port "w"))
+               (copy-file tbb-start-script
+                          (string-append libdir "/start-tor-browser"))
+               (chmod (string-append libdir "/start-tor-browser") #o555)
+               (copy-file tbb-desktop
+                          (string-append libdir
+                                         "/start-tor-browser.desktop"))
+               (chmod (string-append libdir
+                                     "/start-tor-browser.desktop") #o555)
+               (install-file tbb-desktop applications)
+               (with-directory-excursion
+                (string-append libdir "/browser/chrome/icons/default")
+                (for-each
+                 (lambda (file)
+                   (let* ((size (string-filter char-numeric? file))
+                          (icons (string-append out "/share/icons/hicolor/"
+                                                size "x" size "/apps")))
+                     (mkdir-p icons)
+                     (copy-file file (string-append icons "/torbrowser.png"))))
+                 '("default16.png" "default32.png" "default48.png" "default64.png"
+                   "default128.png")))
+
+               (format #t "Linking start-tor-browser script ...~%")
+               (symlink (string-append libdir "/start-tor-browser")
+                        (string-append bindir "/start-tor-browser"))
+               (format #t "Copying fonts to install dirs ...~%")
+               (copy-recursively torbrowser-fonts
+                                 (string-append libdir "/")
+                                 #:log (%make-void-port "w"))
+               (format #t "Linking store tor binary ...~%")
+               (symlink torbin (string-append tordir
+                                              "/tor"))
+               (format #t "Linking store obfs4 binary ...~%")
+               (symlink obfs4bin (string-append ptdir
+                                                "/obfs4proxy"))
+               (format #t "Copying Bundle-Data to default path ...~%")
+               (with-directory-excursion
+                tordata-in
+                (for-each (lambda (file)
+                            (copy-recursively file
+                                              (string-append
+                                               tordata-out "/" file)
+                                              #:log (%make-void-port "w")))
+                          '("Browser" "fontconfig" "Tor")))
+               (copy-file (string-append ptconfigsdir
+                                         "/linux/torrc-defaults-appendix")
+                          (string-append tordata-out
+                                         "/Tor/torrc-defaults-appendix"))
+               (copy-file (string-append ptconfigsdir
+                                         "/bridge_prefs.js")
+                          (string-append tordata-out
+                                         "/Browser/bridge-prefs-js-appendix"))
+
+               (format #t "Copying licenses and changelog to default path ...~%")
+               (copy-recursively tbbdocs-in
+                                 (string-append tbbdocs-out "/")
+                                 #:log (%make-void-port "w"))
+
+               (format #t "Copying noscript ...~%")
+               (copy-file "noscript.xpi" (string-append
+                                          extdir "/" noscript-id ".xpi"))
+               (format #t "Copying https-everywhere ...~%")
+               (if (file-exists?
+                    "https-everywhere-src/pkg/https-everywhere-2020.5.20~pre-eff.xpi")
+                   (copy-file
+                    "https-everywhere-src/pkg/https-everywhere-2020.5.20~pre-eff.xpi"
+                    (string-append extdir "/" httpse-id ".xpi"))
+                   (copy-recursively "https-everywhere-src/pkg/xpi-eff"
+                                     (string-append extdir "/" httpse-id)
+                                     #:log (%make-void-port "w"))))
+             #t)))))
+    (home-page "https://www.torproject.org")
+    (synopsis "Anonymous browser derived from Mozilla Firefox")
+    (description
+     "TorBrowser is the Tor Project version of Firefox browser.  It is the only
+recommended way to anonymously browse the web that is supported by the project.
+It modifies Firefox in order to avoid many know application level attacks on
+the privacy of Tor users.
+
+WARNING: This is not the official TorBrowser and is currently on testing.  Use
+at your own risk and please report back on guix channels if you find any
+issues.")
+    (license license:mpl2.0))) ;and others, see toolkit/content/license.html
-- 
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl8cRncFgwPCZwAACgkQ
YrJ+WmBEwoKlKxAApUb+A/3pMUkIJfga9lIQOXWyQynDHL9UtYF0j4WkPADdUL9y
XcfF3nTT9pLMevsWu7BcL6tpnctPbd5DcOUUIzSxcxBiVP7L6bKF4f4rmrJsYm7/
RVYGbWofaJF1rMyafqWkIAYYCxoCayLy8eEnnY1Rav6Jpz/FGP98M5QpyQiRujG1
DEUaMhgSkxBSacC8Mcm/+1n25BLeAHUwoAV3DhD14Et9jmzG1ZarWTWGC9ZZiGvQ
2G9xzdfkn018HXRuZSSYoFmsdtoiM14s/naWm1xSNLiBIn0kwqzQEwFVvLUvA2we
0PZx2G04M7GdZ9cf5jWhikZ7HTOaBW1gu/muXgt1e5HVEJgYeFWbSOCSkf1eWWld
5s9VJTmnh4kQBf/ekjD31NMpUrHxrfRD8AD+L4IxadJNWnGYKTUXQg8AzIWsuyb6
2qnK3+0FmrVjTJtOizvtuzJ+aqpao9uG3Vu99UJadcv1V68A3l4yYSTly+hqzBjd
yNg1fHsZFucYdLPNKAru3ncaCICj/gr3jWG9/0wMiqHjKbGKj4bCQIv+LEy0sHgt
l0jXxOZdy/jI1DEtT4/NGF2EottF0c9DcgqQaNKXFdOu4phYpeGwZDPmjYQPoMKM
CSY5pQyWwXnve0MrcQtkQoKSynI3Le+h6iqK4gTtyHmH2LuohZtBzfRvHQw=
=W84x
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 3 Aug 2020 14:55
(address . 42380@debbugs.gnu.org)
20200803125556.GA18868@andel
Hello Guix,

This patch upgrades Tor Browser to version 9.5.3. I've also took this
opportunity to rework the code in order to improve readability, make
code review and maintainance easier and lower build time.

Main changes:
- No longer relies on computed-origin-method
- Private package definitions
- Chopped down install phase
- New phases
- More detailed go library package descriptions
- Reviewed license definitions

Cheers,
From 2075c6a93a6b1918305323b369318425e05fc4f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 3 Aug 2020 09:29:55 -0300
Subject: [PATCH] gnu: Add torbrowser-unbundle
To: guix-patches@gnu.org

* gnu/packages/tor.scm (obfs4, torbrowser-unbundle): New variables.
* gnu/packages/golang.scm (go-torproject-org-ptlib,
go-github-com-agl-ed25519, go-github-com-dchest-siphash,
go-github-com-dchest-uniuri, go-github-com-dsnet-compress,
go-schwanenlied-me-yawning-bsaes, go-gitlab-com-yawning-utls): New variables.
* gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch: New file.
* gnu/packages/patches/torbrowser-start-tor-browser.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
---
gnu/local.mk | 3 +
gnu/packages/golang.scm | 201 +++++
...torbrowser-start-tor-browser.desktop.patch | 22 +
.../torbrowser-start-tor-browser.patch | 226 +++++
gnu/packages/tor.scm | 824 +++++++++++++++++-
5 files changed, 1272 insertions(+), 4 deletions(-)
create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.patch

Toggle diff (1356 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index f1a6c6a0d0..ccdcdc8e6a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -36,6 +36,7 @@
 # Copyright © 2020 Jan Wielkiewicz <tona_kosmicznego_smiecia@interia.pl>
 # Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
 # Copyright © 2020 Tanguy Le Carrour <tanguy@bioneland.org>
+# Copyright © 2020 André Batista <nandre@riseup.net>
 #
 # This file is part of GNU Guix.
 #
@@ -1587,6 +1588,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/tipp10-fix-compiling.patch		\
   %D%/packages/patches/tipp10-remove-license-code.patch		\
   %D%/packages/patches/tk-find-library.patch			\
+  %D%/packages/patches/torbrowser-start-tor-browser.patch       \
+  %D%/packages/patches/torbrowser-start-tor-browser.desktop.patch \
   %D%/packages/patches/ttf2eot-cstddef.patch			\
   %D%/packages/patches/ttfautohint-source-date-epoch.patch	\
   %D%/packages/patches/tomb-fix-errors-on-open.patch		\
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 2c31632db6..63b090fbd8 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -18,6 +18,7 @@
 ;;; Copyright © 2019, 2020 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2020 Jack Hill <jackhill@jackhill.us>
 ;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
+;;; Copyright © 2020 André Batista <nandre@riseup.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -4263,3 +4264,203 @@ used by other processes.")
 Porter2 stemmer}.  It is written completely using finite state machines to do
 suffix comparison, rather than the string-based or tree-based approaches.")
       (license license:asl2.0))))
+
+(define-public go-torproject-org-ptlib
+  (package
+   (name "go-torproject-org-ptlib")
+   (version "1.1.0")
+   (source
+    (origin
+     (method git-fetch)
+     (uri (git-reference
+           (url "https://git.torproject.org/pluggable-transports/goptlib.git")
+           (commit (string-append "v" version))))
+     (file-name (git-file-name name version))
+     (sha256
+      (base32
+       "1lh938194hvkf8pqgnxwf6hvjv9rv0j3kasi07r2ckrj8sxzk4jc"))))
+   (build-system go-build-system)
+   (arguments
+    '(#:import-path "git.torproject.org/pluggable-transports/goptlib.git"))
+   (home-page "https://git.torproject.org/pluggable-transports/goptlib.git")
+   (synopsis "Go library for Tor Pluggable Transports")
+   (description "Library for writing Tor Pluggable Transports in Go.  Pluggable
+Transports are a means of connecting to the Tor Network from places where it
+is censored.")
+   (license license:cc0)))
+
+(define-public go-github-com-agl-ed25519
+  (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")
+        (revision "0"))
+    (package
+     (name "go-github-com-agl-ed25519")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/agl/ed25519")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "github.com/agl/ed25519"
+        #:phases
+        (modify-phases %standard-phases
+          (add-before 'reset-gzip-timestamps 'make-files-writable
+            (lambda* (#:key outputs #:allow-other-keys)
+              (let ((out (assoc-ref outputs "out")))
+                   (for-each (lambda (file) (chmod file #o644))
+                     (find-files out "\\.gz"))
+             #t))))))
+     (home-page "https://github.com/agl/ed25519")
+     (synopsis "Go library for ed25519 public-key signatures")
+     (description "This library is a Go implementation of ed25519 public-key
+signature system which was designed to be faster than previous digital signature
+systems without sacrificing security.  It is currently used in the
+implementation of obfs4 and should be not be used on newer projects since it
+is unmaintained.  Newer software should use x-crypto instead.")
+     ;; License file is referred but it is missing. Probably because the
+     ;; author decided to discontinue the project.
+     (license (license:non-copyleft "file://ed25519.go")))))
+
+(define-public go-github-com-dchest-siphash
+  (let ((commit "34f201214d993633bb24f418ba11736ab8b55aa7")
+        (revision "0"))
+    (package
+     (name "go-github-com-dchest-siphash")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/dchest/siphash")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "08s076y7vmjqnq7jz0762hkm896r6r31v8b31a3gy0n8rfa01k8k"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "github.com/dchest/siphash"))
+     (home-page "https://github.com/dchest/siphash")
+     (synopsis "Go library for siphash")
+     (description "Go implementation of SipHash-2-4, a fast short-input
+Pseudo Random Function which is suitable for usage in message authentication
+codes and was based on the design created by Jean-Philippe Aumasson and Daniel
+J. Bernstein. ")
+     (license license:cc0))))
+
+(define-public go-github-com-dchest-uniuri
+  (let ((commit "8902c56451e9b58ff940bbe5fec35d5f9c04584a")
+        (revision "0"))
+    (package
+     (name "go-github-com-dchest-uniuri")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/dchest/uniuri")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "1x5bsbm1nlphsv96zd0rbclfaa1swpz5bp14x7s5dbxp0awk2gd4"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "github.com/dchest/uniuri"))
+     (home-page "https://github.com/dchest/uniuri")
+     (synopsis "Go library for random URIs")
+     (description "Package uniuri generates random strings good for use in
+Universal Resource Identifiers to uniquely identify objects.")
+     (license license:cc0))))
+
+(define-public go-github-com-dsnet-compress
+  (let ((commit "cc9eb1d7ad760af14e8f918698f745e80377af4f")
+        (revision "0"))
+    (package
+     (name "go-github-com-dsnet-compress")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/dsnet/compress")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "159liclywmyb6zx88ga5gn42hfl4cpk1660zss87fkx31hdq9fgx"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "github.com/dsnet/compress"))
+     (home-page "https://github.com/dsnet/compress")
+     (synopsis "Go library for extended compression")
+     (description "This is a collection of compression related libraries.
+The goal of this project is to provide pure Go implementations for popular
+compression algorithms bey ond what the Go standard library provides.")
+     (license (license:non-copyleft "file://LICENSE.md")))))
+
+(define-public go-schwanenlied-me-yawning-bsaes
+  (let ((commit "26d1add596b6d800bdeeb3bc3b2c7b316c056b6d")
+        (revision "0"))
+    (package
+     (name "go-schwanenlied-me-yawning-bsaes")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://git.schwanenlied.me/yawning/bsaes.git")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "0h4dsyw54n9rcwprqy93wv2v1gcvlq1vfqdp1g7wxdkq457rhvys"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "git.schwanenlied.me/yawning/bsaes.git"))
+     (home-page "https://git.schwanenlied.me/yawning/bsaes.git")
+     (synopsis "Go AES library")
+     (description "Portable pure-Go constant time Advanced Encryption
+Standard (AES) for eletronic data encryption.  This implementation if
+based on code from [BearSSL](https://bearssl.org/).  On AMD64 systems
+with hardware support for AES New Instructions (AES-NI) and a
+sufficiently recent Go runtime, it will transparently call crypto/aes
+when NewCipher is invoked.")
+     (license (license:non-copyleft "file://LICENSE.txt")))))
+
+(define-public go-gitlab-com-yawning-utls
+  (package
+   (name "go-gitlab-com-yawning-utls")
+   (version "0.0.10-1")
+   (source
+    (origin
+     (method git-fetch)
+     (uri (git-reference
+           (url "https://gitlab.com/yawning/utls.git")
+           (commit (string-append "v" version))))
+     (file-name (git-file-name name version))
+     (sha256
+      (base32
+       "15c46s56r45n22rmq9spnczydnkqrnxff28h5mpnk5yvcqif3lgb"))))
+   (build-system go-build-system)
+   (arguments
+    '(#:tests? #f ;; Tries to connect and fails.
+      #:import-path "gitlab.com/yawning/utls.git"))
+   (propagated-inputs
+    `(("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+      ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+      ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)))
+   (home-page "https://gitlab.com/yawning/utls.git")
+   (synopsis "Go library for uTLS")
+   (description "This library is a fork of the main Transport Layer Security
+protocol in Go (crypto/tls) which provides ClientHello fingerprinting resistance,
+low level access to handshakes and fake session tickets among other features.
+This fork was made for the specific purpose of improving obfs4proxy's meek_lite
+transport protocol.")
+   (license license:gpl3+)))
diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
new file mode 100644
index 0000000000..336115b33a
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
@@ -0,0 +1,22 @@
+Change TorBrowser desktop file in order for it to be agnostic to the
+path when invoked.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop.orign	2020-07-05 18:47:40.689484877 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop	2020-07-25 02:54:44.603431160 -0300
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env ./Browser/execdesktop
++#!/usr/bin/env bash
+ #
+ # This file is a self-modifying .desktop file that can be run from the shell.
+ # It preserves arguments and environment for the start-tor-browser script.
+@@ -28,7 +28,7 @@
+ GenericName=Web Browser
+ Comment=Tor Browser is +1 for privacy and −1 for mass surveillance
+ Categories=Network;WebBrowser;Security;
+-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k
+-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
+-Icon=web-browser
++Exec=bash -c start-tor-browser
++X-TorBrowser-ExecShell=start-tor-browser --detach
++Icon=torbrowser
+ StartupWMClass=Tor Browser
diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.patch b/gnu/packages/patches/torbrowser-start-tor-browser.patch
new file mode 100644
index 0000000000..c563f94003
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-tor-browser.patch
@@ -0,0 +1,226 @@
+Change TorBrowser startup script in order for it to setup needed files
+outside guix store. Remove tests which are not needed on guix system.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.orig	2020-07-05 18:47:40.685485004 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser	2020-08-01 20:22:08.901737325 -0300
+@@ -5,6 +5,15 @@
+ #
+ # Copyright 2017 The Tor Project.  See LICENSE for licensing information.
+ 
++TBB_HOME="${HOME}/.local/share/torbrowser"
++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"
++TBB_DATA="${TBB_HOME}/Data"
++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"
++TBB_STORE_PATH=$(dirname $(realpath "$0"))
++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"
++TORRC="${TBB_DATA}/Tor/torrc-defaults"
++PT_PREFS="${TBB_DATA}/Browser/bridge-prefs-js-appendix"
++
+ complain_dialog_title="Tor Browser"
+ 
+ # First, make sure DISPLAY is set.  If it isn't, we're hosed; scream
+@@ -106,14 +115,11 @@
+     printf "  --verbose         Display Tor and Firefox output in the terminal\n"
+     printf "  --log [file]      Record Tor and Firefox output in file (default: tor-browser.log)\n"
+     printf "  --detach          Detach from terminal and run Tor Browser in the background.\n"
+-    printf "  --register-app    Register Tor Browser as a desktop app for this user\n"
+-    printf "  --unregister-app  Unregister Tor Browser as a desktop app for this user\n"
+ }
+ log_output=0
+ show_output=0
+ detach=0
+ show_usage=0
+-register_desktop_app=0
+ logfile=/dev/null
+ while :
+ do
+@@ -134,8 +140,8 @@
+           ;;
+       -l | --log)
+           if [ -z "$2" -o "${2:0:1}" == "-" ]; then
+-             printf "Logging Tor Browser debug information to tor-browser.log\n"
+-             logfile="../tor-browser.log"
++             printf "Logging Tor Browser debug information to torbrowser.log\n"
++             logfile="${TBB_LOGFILE}"
+           elif [ "${2:0:1}" == "/" -o "${2:0:1}" == "~" ]; then
+              printf "Logging Tor Browser debug information to %s\n" "$2"
+              logfile="$2"
+@@ -148,16 +154,6 @@
+           log_output=1
+           shift
+           ;;
+-      --register-app)
+-          register_desktop_app=1
+-          show_output=1
+-          shift
+-          ;;
+-      --unregister-app)
+-          register_desktop_app=-1
+-          show_output=1
+-          shift
+-          ;;
+       *) # No more options
+           break
+           ;;
+@@ -187,41 +183,23 @@
+ 	export XAUTHORITY
+ fi
+ 
+-# If this script is being run through a symlink, we need to know where
+-# in the filesystem the script itself is, not where the symlink is.
+-myname="$0"
+-if [ -L "$myname" ]; then
+-	# XXX readlink is not POSIX, but is present in GNU coreutils
+-	# and on FreeBSD.  Unfortunately, the -f option (which follows
+-	# a whole chain of symlinks until it reaches a non-symlink
+-	# path name) is a GNUism, so we have to have a fallback for
+-	# FreeBSD.  Fortunately, FreeBSD has realpath instead;
+-	# unfortunately, that's also non-POSIX and is not present in
+-	# GNU coreutils.
+-	#
+-	# If this launcher were a C program, we could just use the
+-	# realpath function, which *is* POSIX.  Too bad POSIX didn't
+-	# make that function accessible to shell scripts.
+-
+-	# If realpath is available, use it; it Does The Right Thing.
+-	possibly_my_real_name="`realpath "$myname" 2>/dev/null`"
+-	if [ "$?" -eq 0 ]; then
+-		myname="$possibly_my_real_name"
+-	else
+-		# realpath is not available; hopefully readlink -f works.
+-		myname="`readlink -f "$myname" 2>/dev/null`"
+-		if [ "$?" -ne 0 ]; then
+-			# Ugh.
+-			complain "start-tor-browser cannot be run using a symlink on this operating system."
+-		fi
+-	fi
++# Try to be agnostic to where we're being started from, check if files are on its
++# default paths and chdir to TBB_HOME
++if [ -e "${TORRC}" ]; then
++   cd "${TBB_HOME}"
++else
++   mkdir -p "${TBB_HOME}"
++   cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
++   chmod -R 700 "${TBB_HOME}"
++   mkdir -p "${TBB_PROFILE}"
++   echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\
++     > "${TBB_PROFILE}/user.js"
++   grep -v 'default_bridge\.snowflake' "${PT_PREFS}" >> "${TBB_PROFILE}/user.js"
++   echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
++     >> "${TORRC}"
++   cd "${TBB_HOME}"
+ fi
+ 
+-# Try to be agnostic to where we're being started from, chdir to where
+-# the script is.
+-mydir="`dirname "$myname"`"
+-test -d "$mydir" && cd "$mydir"
+-
+ # If ${PWD} results in a zero length string, we can try something else...
+ if [ ! "${PWD}" ]; then
+ 	# "hacking around some braindamage"
+@@ -236,50 +214,9 @@
+   ln -nsf ~/.config/ibus/bus .config/ibus
+ fi
+ 
+-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from the
+-# canonical version if it was changed by the updater.
+-cp start-tor-browser.desktop ../
+-sed -i -e "s,^Name=.*,Name=Tor Browser,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Icon=.*,Icon=$PWD/browser/chrome/icons/default/default128.png,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Exec=.*,Exec=sh -c '\"$PWD/start-tor-browser\" --detach || ([ !  -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Browser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop
+-
+-if [ "$register_desktop_app" -eq 1 ]; then
+-	mkdir -p "$HOME/.local/share/applications/"
+-	cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
+-	update-desktop-database "$HOME/.local/share/applications/"
+-	printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"
+-	exit 0
+-fi
+-
+-if [ "$register_desktop_app" -eq -1 ]; then
+-	if [ -e "$HOME/.local/share/applications/start-tor-browser.desktop" ]; then
+-		rm -f "$HOME/.local/share/applications/start-tor-browser.desktop"
+-		update-desktop-database "$HOME/.local/share/applications/"
+-		printf "Tor Browser has been removed as a user desktop app (from ~/.local/share/applications/)\n"
+-	else
+-		printf "Tor Browser does not appear to be a desktop app (not present in ~/.local/share/applications/)\n"
+-	fi
+-	exit 0
+-fi
+-
+ HOME="${PWD}"
+ export HOME
+ 
+-SYSARCHITECTURE=$(getconf LONG_BIT)
+-TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
+-
+-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
+-   complain "Wrong architecture? 32-bit vs. 64-bit."
+-   exit 1
+-fi
+-
+-[% IF c("var/asan") -%]
+-# We need to disable LSan which is enabled by default now. Otherwise we'll get
+-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59
+-ASAN_OPTIONS="detect_leaks=0"
+-export ASAN_OPTIONS
+-[% END -%]
+-
+ function setControlPortPasswd() {
+     local ctrlPasswd=$1
+ 
+@@ -342,13 +279,15 @@
+ # your password in the following line where the word “secret” is:
+ setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'}
+ 
+-# Set up custom bundled fonts. See fonts-conf(5).
+-export FONTCONFIG_PATH="${HOME}/TorBrowser/Data/fontconfig"
+-export FONTCONFIG_FILE="fonts.conf"
+-
+ # Avoid overwriting user's dconf values. Fixes #27903.
+ export GSETTINGS_BACKEND=memory
+ 
++# Set up custom bundled fonts. See fonts-conf(5).
++export FONTCONFIG_FILE="${HOME}/Data/fontconfig/fonts.conf"
++
++sed -i "${FONTCONFIG_FILE}"\
++    -e "s,<dir>fonts</dir>,<dir>${TBB_STORE_PATH}/fonts</dir>,"
++
+ cd "${HOME}"
+ 
+ # We pass all additional command-line arguments we get to Firefox.
+@@ -357,23 +296,23 @@
+ 
+ if [ "$show_usage" -eq 1 ]; then
+     # Display Firefox help, then our help
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/null
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default --help 2>/dev/null
+     tbb_usage
+ elif [ "$detach" -eq 1 ] ; then
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-       -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++       -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
+     disown "$!"
+ elif [ "$log_output" -eq 1 -a "$show_output" -eq 1 ]; then
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
+         tee "$logfile"
+ elif [ "$show_output" -eq 1 ]; then
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" < /dev/null
+ else
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
+ fi
+ 
+ exit $?
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index c852c54a5b..d3a0933ae4 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -28,28 +28,69 @@
 
 (define-module (gnu packages tor)
   #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix gexp)
+  #:use-module (guix monads)
   #:use-module (guix packages)
   #:use-module (guix utils)
+  #:use-module (guix store)
   #:use-module (guix download)
   #:use-module (guix git-download)
+  #:use-module (guix build-system cargo)
+  #:use-module (guix build-system go)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
+  #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages audio)
+  #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
-  #:use-module (gnu packages libevent)
-  #:use-module (gnu packages linux)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages golang)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages libcanberra)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages llvm)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages nss)
   #:use-module (gnu packages pcre)
+  #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-crypto)
   #:use-module (gnu packages python-web)
   #:use-module (gnu packages python-xyz)
   #:use-module (gnu packages qt)
-  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages readline)
+  #:use-module (gnu packages rsync) ; for httpse
+  #:use-module (gnu packages rust)
+  #:use-module (gnu packages rust-apps)
+  #:use-module (gnu packages sqlite)
   #:use-module (gnu packages tls)
-  #:use-module (gnu packages w3m))
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages vim) ; for xxd
+  #:use-module (gnu packages w3m)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xorg)
+  #:use-module (gnu packages xml) ; for httpse
+  #:use-module (ice-9 match)
+  #:use-module ((srfi srfi-1) #:hide (zip)))
 
 (define-public tor
   (package
@@ -324,3 +365,778 @@ statistics and status reports on:
 
 Potential client and exit connections are scrubbed of sensitive information.")
     (license license:gpl3+)))
+
+(define-public obfs4
+  (package
+   (name "obfs4")
+   (version "0.0.11")
+   (source
+    (origin
+     (method git-fetch)
+     (uri (git-reference
+           (url "https://git.torproject.org/pluggable-transports/obfs4.git")
+           (commit (string-append "obfs4proxy-" version))))
+     (file-name (git-file-name name version))
+     (sha256
+      (base32
+       "1y2kjwrk64l1h8b87m4iqsanib5rn68gzkdri1vd132qrlypycjn"))))
+   (build-system go-build-system)
+   (arguments
+    '(#:import-path "git.torproject.org/pluggable-transports/obfs4.git"
+      #:tests? #f ;; No test files
+      #:phases
+      (modify-phases %standard-phases
+        (replace 'build
+          (lambda* (#:key outputs configure-flags #:allow-other-keys)
+            (let ((out (assoc-ref outputs "out")))
+              (copy-recursively
+               "src/git.torproject.org/pluggable-transports/obfs4.git"
+               "src/gitlab.com/yawning/obfs4.git"
+               #:log (%make-void-port "w"))
+              (with-directory-excursion
+               "src/git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy"
+               (invoke "go" "build" "-ldflags" "-s"))
+            #t)))
+        (replace 'install
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let* ((out (assoc-ref outputs "out"))
+                   (src "src/git.torproject.org/pluggable-transports/obfs4.git")
+                   (bin (string-append out "/bin"))
+                   (share (string-append out "/share"))
+                   (doc (string-append share "/doc"))
+                   (man (string-append share "/man/man1")))
+              (mkdir-p man)
+              (mkdir bin)
+              (mkdir doc)
+              (with-directory-excursion
+               (string-append src "/obfs4proxy")
+               (copy-file "obfs4proxy"
+                          (string-append bin "/obfs4proxy")))
+              (with-directory-excursion
+               (string-append src "/doc")
+               (copy-file "obfs4proxy.1"
+                          (string-append man "/obfs4proxy.1"))
+               (copy-file "obfs4-spec.txt"
+                          (string-append doc "/obfs4-spec.txt")))
+            #t))))))
+   (propagated-inputs
+    `(("go-torproject-org-ptlib" ,go-torproject-org-ptlib)
+      ;; Currently uses this, but the readme on github is pointing
+      ;; users to start relying on x/crypto/ed25519 instead.
+      ("go-github-com-agl-ed25519" ,go-github-com-agl-ed25519)
+      ("go-github-com-dchest-siphash" ,go-github-com-dchest-siphash)
+      ("go-github-com-dchest-uniuri" ,go-github-com-dchest-uniuri)
+      ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+      ("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+      ("go-gitlab-com-yawning-utls" ,go-gitlab-com-yawning-utls)
+      ("go-golang-org-x-net" ,go-golang-org-x-net)
+      ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)
+      ("go-golang-org-x-text" ,go-golang-org-x-text)))
+   (home-page "https://git.torproject.org/pluggable-transports/obfs4.git")
+   (synopsis "Obfs4 implements an obfuscation protocol")
+   (description "This is a look-like nothing obfuscation protocol that
+incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.
+The obfs naming was chosen primarily because it was shorter, in terms of
+protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")
+   (license license:gpl3+)))
+
+;; Upstream does not seem to keep tor-browser and tor-browser-build versions
+;; in sync
+(define %torbrowser-version "68.11.0esr-9.5-1")
+(define %torbrowser-build-version "9.5.3")
+(define %torbrowser-build "build1")
+(define %torbrowser-build-id "20200729000000");must be of the form YYYYMMDDhhmmss
+
+;; Fonts for Tor Browser. Avoid downloading 4Gb+ git repo on
+;; https://github.com/googlei18n/noto-fonts.git to use just a handful.
+;; Use the fonts on Tor Browser release tarball.
+(define torbrowser-fonts
+  (package
+   (name "torbrowser-fonts")
+   (version %torbrowser-build-version)
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://dist.torproject.org/torbrowser/"
+                         version "/tor-browser-linux64-"
+                         version "_en-US.tar.xz"))
+     (sha256
+      (base32
+       "1kqvr0sag94xdkq85k426qq1hz2b52m315yz51w6hvc87d8332b4"))))
+   (build-system trivial-build-system)
+   (native-inputs
+    `(("tar" ,tar)
+      ("xz" ,xz)))
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (let ((src (assoc-ref %build-inputs "source"))
+                        (src-dir "tor-browser_en-US/Browser/fonts")
+                        (fonts (string-append %output "/share/fonts"))
+                        (tar (assoc-ref %build-inputs "tar"))
+                        (xz (assoc-ref %build-inputs "xz")))
+                    (mkdir-p fonts)
+                    (format #t "Untaring torbrowser ball ...~%")
+                    (invoke (string-append tar "/bin/tar") "-xf" src
+                            "-C" fonts "--strip-components=3"
+                            (string-append "--use-compress-program=" xz "/bin/xz")
+                            src-dir)
+                    #t))))
+   (home-page "https://github.com/googlei18n/noto-fonts")
+   (synopsis "Tor Browser bundled fonts")
+   (description "Free fonts bundled with Tor Browser.  Includes a subset of Noto,
+Arimo, Cousine, Tinos and STIX fonts.")
+   (license license:silofl1.1)))
+
+(define tor-browser-build
+  (let ((commit (string-append "tbb-" %torbrowser-build-version
+                               "-" %torbrowser-build)))
+    (package
+     (name "tor-browser-build")
+     (version %torbrowser-build-version)
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://git.torproject.org/builders/tor-browser-build.git")
+             (commit commit)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "1p291zqkvgsz9kk21s2p9v1bha3aam7z646v73dr06qmhdfhvgag"))))
+     (build-system trivial-build-system)
+     (arguments
+      `(#:modules ((guix build utils))
+        #:builder (begin
+                    (use-modules (guix build utils))
+                    (format #t "Copying build scripts ...~%")
+                    (copy-recursively (string-append
+                                       (assoc-ref %build-inputs "source")
+                                       "/projects/tor-browser")
+                                      %output
+                                      #:log (%make-void-port "w")))))
+     (home-page "https://www.torproject.org")
+     (synopsis "Tor Browser build scripts")
+     (description "Tor Browser runtime scripts.")
+     (license (license:non-copyleft "file://LICENSE")))))
+
+(define torbutton
+  (let ((commit "ebe2bedab44e38f18c7968bd327d99eef7660f34"))
+    (package
+     (name "torbutton")
+     (version %torbrowser-build-version)
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://git.torproject.org/torbutton.git")
+             (commit commit)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "03xdyszab1a8j98xv6440v4lq58jkfqgmhxc2a62qz8q085d2x83"))))
+     (build-system trivial-build-system)
+     (arguments
+      `(#:modules ((guix build utils))
+        #:builder (begin
+                    (use-modules (guix build utils))
+                    (format #t "Copying source ...~%")
+                    (copy-recursively (assoc-ref %build-inputs "source")
+                                      %output
+                                      #:log (%make-void-port "w")))))
+     (home-page "https://www.torproject.org")
+     (synopsis "Tor Browser built-in extension")
+     (description "Browser extension needed to build and run Tor Browser.")
+     (license (license:non-copyleft "file://LICENSE")))))
+
+(define tor-launcher
+  (package
+   (name "tor-launcher")
+   (version "0.2.21.8")
+   (source
+    (origin
+     (method git-fetch)
+     (uri (git-reference
+           (url "https://git.torproject.org/tor-launcher.git")
+           (commit version)))
+     (file-name (git-file-name name version))
+     (sha256
+      (base32
+       "1mm1z7gv9dv6ymbr3vsg0lsnhnn84zrb6qsa164hmaxcfrwfhz5d"))))
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (format #t "Copying source ...~%")
+                  (copy-recursively (assoc-ref %build-inputs "source")
+                                    %output
+                                    #:log (%make-void-port "w")))))
+   (home-page "https://www.torproject.org")
+   (synopsis "Tor Browser built-in controler extension")
+   (description "Browser extension that starts the tor process (which
+connects the browser and other applications to the Tor Network), and
+which helps people configure and use @code{tor}. The first window that
+you see when you start Tor Browser is displayed by this extension.")
+   (license (license:non-copyleft "file://src/LICENSE"))))
+
+(define https-everywhere
+  (package
+   (name "https-everywhere")
+   (version "2020.5.20")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://github.com/EFForg/https-everywhere/archive/"
+                         version ".tar.gz"))
+     (sha256
+      (base32
+       "027lga3z0a4d7s95id861das7g0k29p7pqh9xd77jm87f7w4l763"))))
+   (build-system trivial-build-system)
+   (native-inputs
+    `(("bash" ,bash)
+      ("coreutils" ,coreutils)
+      ("gzip" ,gzip)
+      ("libxml2" ,libxml2)
+      ("libxslt" ,libxslt)
+      ("openssl" ,openssl)
+      ("python" ,python)
+      ("rsync" ,rsync)
+      ("tar" ,tar)
+      ("util-linux" ,util-linux) ; for getopt
+      ("xxd" ,xxd)
+      ("zip" ,zip)))
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (let ((src (assoc-ref %build-inputs "source"))
+                        (bash (assoc-ref %build-inputs "bash"))
+                        (coreutils (assoc-ref %build-inputs "coreutils"))
+                        (python (assoc-ref %build-inputs "python"))
+                        (openssl (assoc-ref %build-inputs "openssl"))
+                        (rsync (assoc-ref %build-inputs "rsync"))
+                        (libxml2 (assoc-ref %build-inputs "libxml2"))
+                        (libxslt (assoc-ref %build-inputs "libxslt"))
+                        (util-linux (assoc-ref %build-inputs "util-linux"))
+                        (xxd (assoc-ref %build-inputs "xxd"))
+                        (zip (assoc-ref %build-inputs "zip"))
+                        (tar (assoc-ref %build-inputs "tar"))
+                        (gzip (assoc-ref %build-inputs "gzip")))
+                    (setenv "SHELL" (string-append bash "/bin/bash"))
+                    (set-path-environment-variable
+                     "PATH" '("bin")
+                     (list bash python tar openssl rsync libxml2 libxslt
+                           util-linux xxd gzip zip coreutils))
+                    (set-path-environment-variable
+                     "LIBRARY_PATH" '("lib")
+                     (list bash python tar openssl rsync libxml2 libxslt
+                           util-linux xxd gzip zip coreutils))
+                    (format #t "Untaring source tarball ...~%")
+                    (invoke "tar" "-xf" src "--strip-components=1")
+                    ;; Python3.6 is hardcoded on these scripts. Using v3.8 appears to
+                    ;; be harmless.
+                    (substitute* '("install-dev-dependencies.sh"
+                                   "make.sh"
+                                   "hooks/precommit"
+                                   "test/firefox.sh"
+                                   "test/manual.sh"
+                                   "test/rules/src/https_everywhere_checker/check_rules.py"
+                                   "test/script.py"
+                                   "test/validations.sh"
+                                   "test/validations/filename/run.py"
+                                   "test/validations/relaxng/run.py"
+                                   "test/validations/securecookie/run.py"
+                                   "test/validations/special/run.py"
+                                   "utils/create_zip.py"
+                                   "utils/chromium-translations.py"
+                                   "utils/create-platform-certs/split_combined_cert_file.py"
+                                   "utils/mk-client-whitelist/dbconnect.py"
+                                   "utils/mk-client-whitelist/run.py"
+                                   "utils/merge-rulesets.py"
+                                   "utils/setversion.py"
+                                   "utils/zipfile_deterministic.py")
+                      (("python3.6") "python3"))
+                    (for-each patch-shebang
+                              (find-files "."
+                                          (lambda (file stat)
+                                            ;; Filter out symlinks.
+                                            (eq? 'regular (stat:type stat)))
+                                          #:stat lstat))
+                    ;; Failing to generate the xpi, but copy-dir appears to be enough.
+                    ;; Failing on missing 'wasm'? Not generating rulesets.
+                    (invoke "./make.sh")
+                    (copy-recursively "pkg/xpi-eff" %output
+                                      #:log (%make-void-port "w"))
+                    #t))))
+   (home-page "https://www.eff.org/https-everywhere")
+   (synopsis "Browser extension for automatic HTTPS usage")
+   (description "Browser extension that automatically makes the browser to use
+HTTPS instead of plain HTTP when the remote destination makes it available to users.")
+   (license license:gpl2+)))
+
+(define noscript
+  (package
+   (name "noscript")
+   (version "11.0.34")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://secure.informaction.com/download/releases/noscript-"
+                         version ".xpi"))
+     (sha256
+      (base32
+       "0y45925ms2bk9d42zbgwcdb2sif8kqlbaflkz15q08gi7vgki6km"))))
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (format #t "Copying source ...~%")
+                  (copy-file (assoc-ref %build-inputs "source")
+                                    %output))))
+   (home-page "https://noscript.net")
+   (synopsis "Browser extension for protection against known attacks")
+   (description "Browser extension that protects users from a range of
+known attacks on web browsing activity such as Cross-site scripting, clickjack and
+makes possible for the users to block or choose on a per site basis which remote
+javascript to run while browsing the web.")
+   (license license:gpl2+)))
+
+;; (Un)fortunatly Tor Browser has it's own reproducible build system - RBM - which
+;; automates the build process for them and compiles Tor Browser from a range of
+;; repositories and produces a range of tarballs for different architectures and
+;; locales. So we need to cherry-pick what is needed for guix and produce our own
+;; tarball. See https://gitweb.torproject.org/builders/tor-browser-build.git/projects/\
+;; {tor-browser,firefox}/{build,config} for the rationale applied here. See also
+;; the Hacking on Tor Browser document for a high level introduction at
+;; https://trac.torproject.org/projects/tor/wiki/doc/Tor Browser/Hacking).
+;;
+;; TODO: Import langpacks.
+(define-public torbrowser-unbundle
+  (let ((commit (string-append "tor-browser-" %torbrowser-version
+                               "-" %torbrowser-build)))
+    (package
+     (name "torbrowser-unbundle")
+     (version %torbrowser-build-version)
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://git.torproject.org/tor-browser.git")
+             (commit commit)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "12qq0mpqf0q2v3grz4kydngvddc4k0k12hqg8fg6h2fwyqivamrr"))))
+     (build-system gnu-build-system)
+     (inputs
+      `(("alsa-lib" ,alsa-lib)
+        ("bzip2" ,bzip2)
+        ("cups" ,cups)
+        ("dbus-glib" ,dbus-glib)
+        ("ffmpeg" ,ffmpeg)
+        ("freetype" ,freetype)
+        ("gdk-pixbuf" ,gdk-pixbuf)
+        ("glib" ,glib)
+        ("gtk+" ,gtk+)
+        ("gtk+-2" ,gtk+-2)
+        ("graphite2" ,graphite2)
+        ("harfbuzz" ,harfbuzz)
+        ("icu4c" ,icu4c)
+        ("libcanberra" ,libcanberra)
+        ("libgnome" ,libgnome)
+        ("libjpeg-turbo" ,libjpeg-turbo)
+        ("libogg" ,libogg)
+        ;; ("libtheora" ,libtheora) ; wants theora-1.2, not yet released
+        ("libvorbis" ,libvorbis)
+        ("libxft" ,libxft)
+        ("libevent" ,libevent)
+        ("libxinerama" ,libxinerama)
+        ("libxscrnsaver" ,libxscrnsaver)
+        ("libxcomposite" ,libxcomposite)
+        ("libxt" ,libxt)
+        ("libffi" ,libffi)
+        ("libvpx" ,libvpx)
+        ("mesa" ,mesa)
+        ("mit-krb5" ,mit-krb5)
+        ;; See <https://bugs.gnu.org/32833>
+        ;;   and related comments in the 'remove-bundled-libraries' phase.
+        ;; UNBUNDLE-ME! ("nspr" ,nspr)
+        ;; UNBUNDLE-ME! ("nss" ,nss)
+        ("obfs4" ,obfs4)
+        ("pango" ,pango)
+        ("pixman" ,pixman)
+        ("pulseaudio" ,pulseaudio)
+        ("shared-mime-info" ,shared-mime-info)
+        ("sqlite" ,sqlite)
+        ("startup-notification" ,startup-notification)
+        ("tor" ,tor-client)
+        ("unzip" ,unzip)
+        ("zip" ,zip)
+        ("zlib" ,zlib)))
+     (native-inputs
+      `(("autoconf" ,autoconf-2.13)
+        ("bash" ,bash)
+        ("cargo" ,rust "cargo")
+        ("clang" ,clang)
+        ("https-everywhere" ,https-everywhere)
+        ("llvm" ,llvm)
+        ("patch" ,(canonical-package patch))
+        ("torbrowser-start-tor-browser.patch"
+         ,(search-patch "torbrowser-start-tor-browser.patch"))
+        ("torbrowser-start-tor-browser.desktop.patch"
+         ,(search-patch "torbrowser-start-tor-browser.desktop.patch"))
+        ("perl" ,perl)
+        ("pkg-config" ,pkg-config)
+        ("python" ,python)
+        ("python2" ,python-2.7)
+        ("python2-pysqlite" ,python2-pysqlite)
+        ("nasm" ,nasm)  ; XXX FIXME: only needed on x86_64 and i686
+        ("node" ,node)
+        ("noscript" ,noscript)
+        ("rust" ,rust)
+        ("rust-cbindgen" ,rust-cbindgen)
+        ("tor-browser-build" ,tor-browser-build)
+        ("torbrowser-fonts" ,torbrowser-fonts)
+        ("tor-launcher" ,tor-launcher)
+        ("torbutton" ,torbutton)
+        ("which" ,which)
+        ("yasm" ,yasm)))
+     (arguments
+      `(#:tests? #f ; Some tests are autodone by mach on build fase.
+
+        ;; XXX: There are RUNPATH issues such as
+        ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so,
+        ;; which is not in its RUNPATH, but they appear to be harmless in
+        ;; practice somehow.  See <http://hydra.gnu.org/build/378133>.
+        #:validate-runpath? #f
+
+        #:imported-modules ,%cargo-utils-modules ;for `generate-all-checksums'
+
+        #:modules ((ice-9 ftw)
+                   (ice-9 rdelim)
+                   (ice-9 regex)
+                   (ice-9 match)
+                   (srfi srfi-34)
+                   (srfi srfi-35)
+                   (rnrs bytevectors)
+                   (rnrs io ports)
+                   (guix elf)
+                   (guix build gremlin)
+                   (guix build utils)
+                   (sxml simple)
+                   ,@%gnu-build-system-modules)
+
+        #:phases
+        (modify-phases %standard-phases
+          (add-after 'unpack 'make-bundle
+            (lambda* (#:key inputs native-inputs #:allow-other-keys)
+              (let ((torbutton (assoc-ref inputs "torbutton"))
+                    (torbutton-dir "toolkit/torproject/torbutton")
+                    (tor-launcher (assoc-ref inputs "tor-launcher"))
+                    (tor-launcher-dir "browser/extensions/tor-launcher")
+                    (tbb (assoc-ref inputs "tor-browser-build"))
+                    (tbb-scripts-dir "tbb-scripts"))
+                (format #t "Copying torbutton source to default path ...~%")
+                (make-file-writable torbutton-dir)
+                (copy-recursively torbutton torbutton-dir
+                                  #:log (%make-void-port "w"))
+                (format #t "Copying tor-launcher ...~%")
+                (copy-recursively tor-launcher tor-launcher-dir
+                                  #:log (%make-void-port "w"))
+                (format #t "Copying tor-browser-build ...~%")
+                (mkdir tbb-scripts-dir)
+                (copy-recursively tbb tbb-scripts-dir
+                                  #:log (%make-void-port "w"))
+                (make-file-writable (string-append
+                                     tbb-scripts-dir
+                                     "/RelativeLink/start-tor-browser"))
+                (make-file-writable (string-append
+                                     tbb-scripts-dir
+                                     "/RelativeLink/start-tor-browser.desktop")))
+              #t))
+
+          (add-after 'make-bundle 'apply-guix-specific-patches
+            (lambda* (#:key inputs native-inputs #:allow-other-keys)
+              (let ((patch (string-append (assoc-ref (or native-inputs inputs)
+                                                     "patch")
+                                          "/bin/patch")))
+                (for-each (match-lambda
+                  ((label . file)
+                     (when (and (string-prefix? "torbrowser-" label)
+                       (string-suffix? ".patch" label))
+                       (format #t "applying '~a'...~%" file)
+                       (invoke patch "--force" "--no-backup-if-mismatch"
+                                     "-p1" "--input" file))))
+                  (or native-inputs inputs)))
+              #t))
+
+          ;; On mach build system this is done on configure.
+          (delete 'bootstrap)
+
+          (add-after 'patch-source-shebangs 'patch-cargo-checksums
+            (lambda _
+              (use-modules (guix build cargo-utils))
+              (let ((null-hash "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"))
+                (substitute* '("Cargo.lock" "gfx/wr/Cargo.lock")
+                  (("(\"checksum .* = )\".*\"" all name)
+                   (string-append name "\"" null-hash "\"")))
+                (generate-all-checksums "third_party/rust"))
+              #t))
+
+          (add-after 'build 'neutralize-store-references
+            (lambda _
+              ;; Mangle the store references to compilers & other build tools in
+              ;; about:buildconfig, reducing Tor Browser's closure significant.
+              ;; The resulting files are saved in lib/firefox/omni.ja
+              (substitute* "objdir/dist/bin/chrome/toolkit/content/global/buildconfig.html"
+                (((format #f "(~a/)([0-9a-df-np-sv-z]{32})"
+                          (regexp-quote (%store-directory))) _ store hash)
+                 (string-append store
+                                (string-take hash 8)
+                                "<!-- Guix: not a runtime dependency -->"
+                                (string-drop hash 8))))
+              #t))
+
+          (replace 'configure
+            (lambda* (#:key inputs outputs configure-flags #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (bash (which "bash"))
+                     (flags `(,(string-append "--prefix=" out)
+                                              ,@configure-flags)))
+                (setenv "SHELL" bash)
+                (setenv "AUTOCONF" (string-append
+                                    (assoc-ref %build-inputs "autoconf")
+                                               "/bin/autoconf"))
+                (setenv "CONFIG_SHELL" bash)
+                (setenv "PYTHON" (string-append
+                                  (assoc-ref inputs "python2")
+                                  "/bin/python"))
+                (setenv "MOZ_BUILD_DATE" ,%torbrowser-build-id) ; avoid timestamp.
+                (setenv "LDFLAGS" (string-append
+                                   "-Wl,-rpath="
+                                   (assoc-ref outputs "out")
+                                   "/lib/firefox"))
+                (substitute* ".mozconfig"
+                  ;; Arch independent builddir.
+                  (("(mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj).*" _ m)
+                   (string-append m "dir\n"))
+                  (("ac_add_options --disable-tor-launcher") "")
+                  ;; We won't be building incrementals.
+                  (("ac_add_options --enable-signmar") "")
+                  (("ac_add_options --enable-verify-mar") "")
+                  (("ac_add_options --with-tor-browser-version=dev-build")
+                   (string-append "ac_add_options --with-tor-browser-version=org.gnu\n"
+                                  "ac_add_options --with-unsigned-addon-scopes=app\n"
+                                  "ac_add_options --enable-pulseaudio\n"
+                                  "ac_add_options --disable-debug-symbols\n"
+                                  "ac_add_options --disable-updater\n"
+                                  "ac_add_options --disable-gconf\n"
+                                  ;; Other syslibs that can be unbundled? (nss, nspr)
+                                  "ac_add_options --enable-system-pixman\n"
+                                  "ac_add_options --enable-system-ffi\n"
+                                  "ac_add_options --with-system-bz2\n"
+                                  "ac_add_options --with-system-icu\n"
+                                  "ac_add_options --with-system-jpeg\n"
+                                  "ac_add_options --with-system-libevent\n"
+                                  "ac_add_options --with-system-zlib\n"
+                                  ;; Without these clang is not found.
+                                  "ac_add_options --with-clang-path="
+                                   (assoc-ref %build-inputs "clang") "/bin/clang\n"
+                                  "ac_add_options --with-libclang-path="
+                                   (assoc-ref %build-inputs "clang") "/lib\n")))
+
+                (substitute* "browser/app/profile/000-tor-browser.js"
+                  ;; Tor Browser updates are disabled on mozconfig, but let's make sure.
+                  (("(pref\\(\"extensions.torbutton.versioncheck_enabled\").*" _ m)
+                   (string-append m ",false);\n")))
+
+                (substitute*
+                 "browser/extensions/tor-launcher/src/defaults/preferences/torlauncher-prefs.js"
+                  ;; Not multilingual. See tor-browser/build:141. Currently disabled on
+                  ;; tor-launcher, but let's make sure while missing langpacks.
+                 (("(pref\\(\"extensions.torlauncher.prompt_for_locale\").*" _ m)
+                  (string-append m ", false);\n")))
+
+                ;; For user data outside the guix store.
+                (substitute* "xpcom/io/TorFileUtils.cpp"
+                  (("ANDROID") "GNUGUIX"))
+                   (substitute* "old-configure.in"
+                  (("(AC_SUBST\\(TOR_BROWSER_DISABLE_TOR_LAUNCHER\\))" _ m)
+                   (string-append m "\n AC_DEFINE(GNUGUIX)\n")))
+
+                (format #t "Invoking mach configure ...~%")
+                (invoke "./mach" "configure"))
+              #t))
+
+          (replace 'build
+            (lambda _ (invoke "./mach" "build")
+              #t))
+
+          ;; Tor Browser just do a stage-package here and copy files to its places.
+          (replace 'install
+            (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (applications (string-append out "/share/applications"))
+                     (build "objdir/dist/firefox")
+                     (bin (string-append out "/bin"))
+                     (lib (string-append out "/lib/firefox"))
+                     (start-script
+                      "tbb-scripts/RelativeLink/start-tor-browser")
+                     (desktop-file
+                      "tbb-scripts/RelativeLink/start-tor-browser.desktop"))
+                (invoke "./mach" "build" "stage-package")
+                ;; Tor Browser doesn't use those.
+                ;; See: tor-browser-build.git/projects/firefox/build:167
+                (format #t "Deleting spurious files ...~%")
+                (with-directory-excursion build
+                  (for-each (lambda (file)
+                              (if (file-exists? file)
+                                  (delete-file file)
+                                  (display (string-append
+                                            "Warning: file " file
+                                            " not found! Skipping...\n"))))
+                            '("firefox-bin" "libfreeblpriv3.chk" "libnssdbm3.chk"
+                              "libsoftokn3.chk" "fonts/TwemojiMozilla.ttf")))
+                (rmdir (string-append build "/fonts"))
+                (format #t "Creating install dirs ...~%")
+                (mkdir-p applications)
+                (mkdir-p lib)
+                (mkdir bin)
+                (format #t "Copying files to install dirs ...~%")
+                (copy-recursively build (string-append lib "/")
+                                  #:log (%make-void-port "w"))
+                (copy-file start-script
+                           (string-append lib "/start-tor-browser"))
+                (copy-file desktop-file
+                           (string-append lib "/start-tor-browser.desktop"))
+                (chmod (string-append lib "/start-tor-browser") #o555)
+                (chmod (string-append lib "/start-tor-browser.desktop") #o555)
+                (format #t "Linking start-tor-browser script ...~%")
+                (symlink (string-append lib "/start-tor-browser")
+                         (string-append bin "/start-tor-browser"))
+                (format #t "Installing desktop file ...~%")
+                (install-file desktop-file applications))
+              #t))
+
+          (add-after 'install 'install-icons
+            (lambda* (#:key outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (icons-src (string-append
+                                 out "/lib/firefox/browser/chrome/icons/default")))
+                (with-directory-excursion
+                 icons-src
+                 (for-each
+                   (lambda (file)
+                     (let* ((size (string-filter char-numeric? file))
+                            (icons (string-append out "/share/icons/hicolor/"
+                                                  size "x" size "/apps")))
+                       (mkdir-p icons)
+                       (copy-file file (string-append icons "/torbrowser.png"))))
+                   '("default16.png" "default32.png" "default48.png" "default64.png"
+                     "default128.png"))))
+              #t))
+
+          (add-after 'install-icons 'install-fonts
+            (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (lib (string-append out "/lib/firefox/"))
+                     (fonts  (string-append (or (assoc-ref native-inputs
+                                                           "torbrowser-fonts")
+                                                (assoc-ref inputs
+                                                           "torbrowser-fonts"))
+                                            "/share")))
+                (copy-recursively fonts lib
+                                  #:log (%make-void-port "w"))
+                (symlink (string-append lib "/fonts")
+                         (string-append out "/share/fonts")))
+              #t))
+
+          (add-after 'install-fonts 'install-extensions
+            (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (ext (string-append out "/lib/firefox/browser/extensions"))
+                     (noscript-id "{73a6fe31-595d-460b-a920-fcc0f8843232}")
+                     (httpse-id "https-everywhere-eff@eff.org")
+                     (noscript (assoc-ref inputs "noscript"))
+                     (httpse (assoc-ref inputs "https-everywhere")))
+                (mkdir-p ext)
+                (copy-file noscript (string-append
+                                     ext "/" noscript-id ".xpi"))
+                (copy-recursively httpse
+                                  (string-append ext "/" httpse-id)
+                                  #:log (%make-void-port "w"))
+                (chmod (string-append ext "/" noscript-id ".xpi") #o555))
+              #t))
+
+          (add-after 'install-extensions 'link-binaries
+            (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (tordir (string-append out "/lib/firefox/TorBrowser/Tor"))
+                     (ptdir (string-append tordir "/PluggableTransports"))
+                     (obfs4 (string-append (assoc-ref inputs "obfs4")
+                                              "/bin/obfs4proxy"))
+                     (tor (string-append (assoc-ref inputs "tor")
+                                            "/bin/tor")))
+                (mkdir-p ptdir)
+                (symlink tor (string-append tordir "/tor"))
+                (symlink obfs4 (string-append ptdir "/obfs4proxy")))
+              #t))
+
+          (add-after 'link-binaries 'copy-bundle-data
+            (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (lib (string-append out "/lib/firefox"))
+                     (tbb "tbb-scripts")
+                     (ptconf (string-append tbb "/Bundle-Data/PTConfigs"))
+                     (docs (string-append lib "/TorBrowser/Docs"))
+                     (data (string-append lib "/TorBrowser/Data")))
+                (mkdir-p data)
+                (mkdir docs)
+                (with-directory-excursion
+                 (string-append tbb "/Bundle-Data/linux/Data")
+                 (for-each (lambda (file)
+                             (copy-recursively file
+                                               (string-append data "/" file)
+                                               #:log (%make-void-port "w")))
+                           '("Browser" "fontconfig" "Tor")))
+                (copy-file (string-append ptconf "/linux/torrc-defaults-appendix")
+                           (string-append data "/Tor/torrc-defaults-appendix"))
+                (copy-file (string-append ptconf "/bridge_prefs.js")
+                           (string-append
+                            data "/Browser/bridge-prefs-js-appendix"))
+                (copy-recursively (string-append tbb "/Bundle-Data/Docs")
+                                  (string-append docs "/")
+                                  #:log (%make-void-port "w")))
+              #t))
+
+          ;; This fixes the file chooser crash that happens with GTK 3
+          (add-after 'copy-bundle-data 'wrap-program
+            (lambda* (#:key inputs outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (lib (string-append out "/lib/firefox"))
+                     (gtk (assoc-ref inputs "gtk+"))
+                     (gtk-share (string-append gtk "/share"))
+                     (mesa (assoc-ref inputs "mesa"))
+                     (mesa-lib (string-append mesa "/lib"))
+                     (pulseaudio (assoc-ref inputs "pulseaudio"))
+                     (pulseaudio-lib (string-append pulseaudio "/lib"))
+                     (libxscrnsaver (assoc-ref inputs "libxscrnsaver"))
+                     (libxscrnsaver-lib (string-append libxscrnsaver "/lib")))
+                (wrap-program (car (find-files lib "^firefox$"))
+                  `("XDG_DATA_DIRS" prefix (,gtk-share))
+                  `("LD_LIBRARY_PATH" prefix (,pulseaudio-lib ,mesa-lib ,libxscrnsaver-lib))))
+              #t)))))
+     (home-page "https://www.torproject.org")
+     (synopsis "Anonymous browser derived from Mozilla Firefox")
+     (description
+      "Tor Browser is the Tor Project version of Firefox browser.  It is the only
+recommended way to anonymously browse the web that is supported by the project.
+It modifies Firefox in order to avoid many know application level attacks on
+the privacy of Tor users.
+
+WARNING: This is not the official Tor Browser and is currently on testing.  Use
+at your own risk and please report back on guix channels if you find any
+issues.")
+     (license license:mpl2.0)))) ;and others, see toolkit/content/license.html
-- 
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl8oCVkFgwPCZwAACgkQ
YrJ+WmBEwoJPOA//WR7G44J1GWSuQtoSo7tB6LuMkwKJ+9LqsnAp3uY64j8KdX/L
6fVGCQPoy7lzdGhU8ZBJOaC+icYilu3/c10WG7xdputtgkWJCyM8kyQzXSimTc7j
bIO9UtgmzYZYuMv7ro9T+LzysevpkSkhupwKqzDVsp4QzQftUq4h4lk+LzITc4KE
blcjJyog8M3rteCV4JR3Pgs1pdMp9NVkzPFprwQXGtvyxTmlEUVXxcZS24OCYzRk
A+NQASaJO44bsmC299QvLuaCaki0BuhV/i/HTupLCwbeimz+4yvtBImaT53Vkqb9
Bu92IqYKFROpz03xCPCnyySbDR3n+ZloXQyamGwpdfjxPPV8+xlYoAhv2y16d4bM
308/IzBXrTk5+tfhR7Guk28g4hTYb23WtmqqqFf6Tebxj4MTvb7aXbWlNxWPp887
S4e1mkxfGVnnUBBE5wKDjygs1vA+Vs8xXxeQcA/JHTkH8KcVAoGgp6jRJyg7rKxI
3TaPodRFZFrou+whLtIskCg0Ndlfowx0qsRi8nkKCs03uOaWlsHrSMY1m7vCejrK
VnK3r7Pp2HDuTV7pl56TsA1XNS3pUreGMq7hMAxTA8hktVM6IvK898rgb8ZriCMl
qcYp4k8SdtYd8o5VE4LkD2VSl1AUcwALMvBNKdVhcaCaH+mwtppFzfYYbEQ=
=FjJZ
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 7 Sep 2020 16:13
(name . André Batista)(address . nandre@riseup.net)(address . 42380@debbugs.gnu.org)
87blihhdz6.fsf@gnu.org
Hello,

André Batista <nandre@riseup.net> skribis:

Toggle quote (12 lines)
> This patch upgrades Tor Browser to version 9.5.3. I've also took this
> opportunity to rework the code in order to improve readability, make
> code review and maintainance easier and lower build time.
>
> Main changes:
> - No longer relies on computed-origin-method
> - Private package definitions
> - Chopped down install phase
> - New phases
> - More detailed go library package descriptions
> - Reviewed license definitions

Woow, thanks for working on this! The end result is functional, right?
Any important missing items?

Toggle quote (15 lines)
> From 2075c6a93a6b1918305323b369318425e05fc4f5 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
> Date: Mon, 3 Aug 2020 09:29:55 -0300
> Subject: [PATCH] gnu: Add torbrowser-unbundle
> To: guix-patches@gnu.org
>
> * gnu/packages/tor.scm (obfs4, torbrowser-unbundle): New variables.
> * gnu/packages/golang.scm (go-torproject-org-ptlib,
> go-github-com-agl-ed25519, go-github-com-dchest-siphash,
> go-github-com-dchest-uniuri, go-github-com-dsnet-compress,
> go-schwanenlied-me-yawning-bsaes, go-gitlab-com-yawning-utls): New variables.
> * gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch: New file.
> * gnu/packages/patches/torbrowser-start-tor-browser.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Adjust accordingly.

For the final submission, we’d need one patch per new package, as is
customary. That will have the advantage of allowing review to proceed
one bit at a time. :-)

Regarding Tor Browser itself, can you think of ways to factorize code
with IceCat?

Thanks,
Ludo’.
A
A
André Batista wrote on 9 Sep 2020 04:24
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 42380@debbugs.gnu.org)
20200909022429.GA24930@andel
Hello,

seg 07 set 2020 às 16:13:17 (1599505997), ludo@gnu.org enviou:
Toggle quote (5 lines)
> Hello,
>
> Woow, thanks for working on this! The end result is functional, right?
> Any important missing items?

Just a small token of my appreciation for your years of work on
guix. I'm glad to be able to give something back to this community.

I've been using this package for the last month or so and did not
hit any bugs so, though I'm not a heavy web user, I think it's fair
to say the result is functional.

On the down side, the https-everywhere extension is broken as is
since it's missing lib-wasm. I've built but did not send here a
version which just copies lib-wasm to its proper place before
building the extension and this version works without further
issues.

The reason I did not send it to this list is that lib-wasm source
provides a precompiled prepackaged file[1] which is then used on
https-everywhere build script and it's source code is not actualy
compiled[2]. As I understand it, the Tor Project just relies on
this precompiled binary on its build procedure and the same seems
to be true for IceCat[3][4].

In order to have everything compiled from source, I've had to
define a lot of rust libs which were required for building
wasm-pack and then to have a rustc with wasm32-unknown-unknown
target enabled and compatible with wasm-pack (apparently newer
versions changed compiler strings and wasm-pack errors out when
trying to parse). For over two weeks I've been trying without
success and always thinking that the next build would succeed.

Long story short, maybe there's just one more issue pending when
compiling lib-wasm. When wasm-pack is invoked, everything
compiles but I'm getting the following error:

note: lld: error: /gnu/store/kwdsf42z7ib6fr5vggqi9nc4jpi1znxy-rust-1.38.0/lib/rustlib/wasm32-unknown-unknown/lib/libstd-373ca16e620a2f9a.rlib: archive has no index; run ranlib to add one

for a few rust libs. Without lld, it complains about a missing
rust-lld binary. Also, this appears to be the rust standard
nowadays[5].

If I'm not terribly wrong, this issue[6] seems to suggest an
approach for emscripten which could solve this issue without
removing the 'strip' phase which was the work around suggested
by some on the same thread.

Another issue that is pending is that libwasm depends on rust
multi-default-trait-impl crate. This crate defines lgpl2.1+ on
its Cargo.toml file, but the sources does not contain neither a
copy of the license. So I'm unsure if this is enough to make it
free software. So I'm planning on sending some mails to both the
maintainer and FSF to see if this needs improvement.

Toggle quote (4 lines)
> For the final submission, we’d need one patch per new package, as is
> customary. That will have the advantage of allowing review to proceed
> one bit at a time. :-)

For sure. I'll give it a few more tries and cleanup the mess
here before sending this patch series. If I don't succeed, I'm
planning on sending it anyway so at least the libs can be
added and maybe someone can spot what I'm missing. But maybe
it's wise to hold Tor Browser itself since there has been an
announcement of some large percentage of exit relays messing
with Tor traffic[7].

Toggle quote (3 lines)
> Regarding Tor Browser itself, can you think of ways to factorize code
> with IceCat?

L
L
Ludovic Courtès wrote on 9 Sep 2020 09:20
(name . André Batista)(address . nandre@riseup.net)
878sdjo1qv.fsf@gnu.org
Hi André,

André Batista <nandre@riseup.net> skribis:

Toggle quote (3 lines)
> Just a small token of my appreciation for your years of work on
> guix. I'm glad to be able to give something back to this community.

Thank you.

Toggle quote (17 lines)
> I've been using this package for the last month or so and did not
> hit any bugs so, though I'm not a heavy web user, I think it's fair
> to say the result is functional.
>
> On the down side, the https-everywhere extension is broken as is
> since it's missing lib-wasm. I've built but did not send here a
> version which just copies lib-wasm to its proper place before
> building the extension and this version works without further
> issues.
>
> The reason I did not send it to this list is that lib-wasm source
> provides a precompiled prepackaged file[1] which is then used on
> https-everywhere build script and it's source code is not actualy
> compiled[2]. As I understand it, the Tor Project just relies on
> this precompiled binary on its build procedure and the same seems
> to be true for IceCat[3][4].

Oh, glad that you were able to identify that issue, which presumably had
been overlooked so far.

Toggle quote (18 lines)
> In order to have everything compiled from source, I've had to
> define a lot of rust libs which were required for building
> wasm-pack and then to have a rustc with wasm32-unknown-unknown
> target enabled and compatible with wasm-pack (apparently newer
> versions changed compiler strings and wasm-pack errors out when
> trying to parse). For over two weeks I've been trying without
> success and always thinking that the next build would succeed.
>
> Long story short, maybe there's just one more issue pending when
> compiling lib-wasm. When wasm-pack is invoked, everything
> compiles but I'm getting the following error:
>
> note: lld: error: /gnu/store/kwdsf42z7ib6fr5vggqi9nc4jpi1znxy-rust-1.38.0/lib/rustlib/wasm32-unknown-unknown/lib/libstd-373ca16e620a2f9a.rlib: archive has no index; run ranlib to add one
>
> for a few rust libs. Without lld, it complains about a missing
> rust-lld binary. Also, this appears to be the rust standard
> nowadays[5].

Ah. I’m Cc’ing Efraim, who’s been very much into Rust packaging for
some time; does that ring a bell, Efraim?

Toggle quote (12 lines)
> If I'm not terribly wrong, this issue[6] seems to suggest an
> approach for emscripten which could solve this issue without
> removing the 'strip' phase which was the work around suggested
> by some on the same thread.
>
> Another issue that is pending is that libwasm depends on rust
> multi-default-trait-impl crate. This crate defines lgpl2.1+ on
> its Cargo.toml file, but the sources does not contain neither a
> copy of the license. So I'm unsure if this is enough to make it
> free software. So I'm planning on sending some mails to both the
> maintainer and FSF to see if this needs improvement.

Great.

Toggle quote (12 lines)
>> For the final submission, we’d need one patch per new package, as is
>> customary. That will have the advantage of allowing review to proceed
>> one bit at a time. :-)
>
> For sure. I'll give it a few more tries and cleanup the mess
> here before sending this patch series. If I don't succeed, I'm
> planning on sending it anyway so at least the libs can be
> added and maybe someone can spot what I'm missing. But maybe
> it's wise to hold Tor Browser itself since there has been an
> announcement of some large percentage of exit relays messing
> with Tor traffic[7].

I don’t think Guix users will radically increase traffic over Tor, so I
think we can keep going. :-)

Toggle quote (9 lines)
>> Regarding Tor Browser itself, can you think of ways to factorize code
>> with IceCat?
>
> Other than sharing the https-everywhere definition, I was
> thinking maybe we could take a diff of Tor Browser and Firefox
> and avoid downloading firefox source twice when building both
> browsers. But I need to take a more careful look. I'll give
> this question some thought.

OK. I was expecting at least things like some of the build phases and
most/all of the inputs to be the same, but I haven’t checked.

Thanks again for all the work!

Ludo’.
E
E
Efraim Flashner wrote on 9 Sep 2020 12:59
(name . Ludovic Courtès)(address . ludo@gnu.org)
20200909105944.GQ1643@E5400
On Wed, Sep 09, 2020 at 09:20:08AM +0200, Ludovic Courtès wrote:
Toggle quote (51 lines)
> Hi André,
>
> André Batista <nandre@riseup.net> skribis:
>
> > Just a small token of my appreciation for your years of work on
> > guix. I'm glad to be able to give something back to this community.
>
> Thank you.
>
> > I've been using this package for the last month or so and did not
> > hit any bugs so, though I'm not a heavy web user, I think it's fair
> > to say the result is functional.
> >
> > On the down side, the https-everywhere extension is broken as is
> > since it's missing lib-wasm. I've built but did not send here a
> > version which just copies lib-wasm to its proper place before
> > building the extension and this version works without further
> > issues.
> >
> > The reason I did not send it to this list is that lib-wasm source
> > provides a precompiled prepackaged file[1] which is then used on
> > https-everywhere build script and it's source code is not actualy
> > compiled[2]. As I understand it, the Tor Project just relies on
> > this precompiled binary on its build procedure and the same seems
> > to be true for IceCat[3][4].
>
> Oh, glad that you were able to identify that issue, which presumably had
> been overlooked so far.
>
> > In order to have everything compiled from source, I've had to
> > define a lot of rust libs which were required for building
> > wasm-pack and then to have a rustc with wasm32-unknown-unknown
> > target enabled and compatible with wasm-pack (apparently newer
> > versions changed compiler strings and wasm-pack errors out when
> > trying to parse). For over two weeks I've been trying without
> > success and always thinking that the next build would succeed.
> >
> > Long story short, maybe there's just one more issue pending when
> > compiling lib-wasm. When wasm-pack is invoked, everything
> > compiles but I'm getting the following error:
> >
> > note: lld: error: /gnu/store/kwdsf42z7ib6fr5vggqi9nc4jpi1znxy-rust-1.38.0/lib/rustlib/wasm32-unknown-unknown/lib/libstd-373ca16e620a2f9a.rlib: archive has no index; run ranlib to add one
> >
> > for a few rust libs. Without lld, it complains about a missing
> > rust-lld binary. Also, this appears to be the rust standard
> > nowadays[5].
>
> Ah. I’m Cc’ing Efraim, who’s been very much into Rust packaging for
> some time; does that ring a bell, Efraim?
>

It's not something that I've come across before. My first guess would be
to check the linking flags against the ones icecat/firefox uses and see
if anything changed. Or if it needs a different version of rust.

Toggle quote (45 lines)
> > If I'm not terribly wrong, this issue[6] seems to suggest an
> > approach for emscripten which could solve this issue without
> > removing the 'strip' phase which was the work around suggested
> > by some on the same thread.
> >
> > Another issue that is pending is that libwasm depends on rust
> > multi-default-trait-impl crate. This crate defines lgpl2.1+ on
> > its Cargo.toml file, but the sources does not contain neither a
> > copy of the license. So I'm unsure if this is enough to make it
> > free software. So I'm planning on sending some mails to both the
> > maintainer and FSF to see if this needs improvement.
>
> Great.
>
> >> For the final submission, we’d need one patch per new package, as is
> >> customary. That will have the advantage of allowing review to proceed
> >> one bit at a time. :-)
> >
> > For sure. I'll give it a few more tries and cleanup the mess
> > here before sending this patch series. If I don't succeed, I'm
> > planning on sending it anyway so at least the libs can be
> > added and maybe someone can spot what I'm missing. But maybe
> > it's wise to hold Tor Browser itself since there has been an
> > announcement of some large percentage of exit relays messing
> > with Tor traffic[7].
>
> I don’t think Guix users will radically increase traffic over Tor, so I
> think we can keep going. :-)
>
> >> Regarding Tor Browser itself, can you think of ways to factorize code
> >> with IceCat?
> >
> > Other than sharing the https-everywhere definition, I was
> > thinking maybe we could take a diff of Tor Browser and Firefox
> > and avoid downloading firefox source twice when building both
> > browsers. But I need to take a more careful look. I'll give
> > this question some thought.
>
> OK. I was expecting at least things like some of the build phases and
> most/all of the inputs to be the same, but I haven’t checked.
>
> Thanks again for all the work!
>
> Ludo’.

--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl9YtZ0ACgkQQarn3Mo9
g1G3TA/+MJXs7F3y2i5+YOi5WuWsCcpyRm1adlAYlexTjvEFm7zC5JkghHjSx8aN
6Sl6hV7K1KlV2qxT7veVsm0/+AC9XYMYqCtNpD3qbOX3H+0mo7qquZJAk9OS8axo
BRgzH3AZZB3siOX/UNaJQzh/FF7MiTSMTrkhU+4lzPlGlpYiN3dcEbmUJuuNrdTp
Nx7c4TStSyh8QU2OY9nA37LY2KbPgs1Wy3QmCApGNS/rI5wZ7SlnQW6OA3ASSqaj
jFDU1M3vSj7WQ+GtwhRIb5MEKRzfKj3szTqgBVG45c0yZZxKzc1kPZyOxX4z0nlH
xwjtJgJWfTpC+/Ubz0KHJX5R8QsCUfLgu0u1XF/MzN24XnfwN3fOxVFg8IYysS93
j3GFxgSOsj9jFf1GmJ94CsvpdRLrw4M0NId/vuNhUhMjch/YRmq826LpXNMdJ664
OLr1tgRrfAfGcaAooA46A1U+gQoSWcRKn8/Rb4MTzbfsWtrkwWabLDR61iFpWzhR
JBz2gdV+VgifpsGFkkFfotLM0ivs4kTDzkMslPufVGnXNF7fJtmaJs3dYysgSH1A
rYR1kxh8bzujLm+qznLwWF+uEpTphDZ0aNrZDRz5n1gXPxzsF4lS6Gb3SfU1ydFF
zqavljCCAH50Z3pS6yNBwYoR9zQPiAEHpEjMgY00VKGfwWhx4yg=
=om71
-----END PGP SIGNATURE-----


R
R
Raghav Gururajan wrote on 12 Sep 2020 15:35
Wow!
(address . 42380@debbugs.gnu.org)
ecc4d8c1-92c7-7a81-9c92-2d87f001ddfc@disroot.org
Hello Guix!

Thank you all for the hard work. This is a high-time package.

Any idea on when it can be merged to master?, at-least a minimally
viable package?

Regards,
RG.
Attachment: signature.asc
A
A
André Batista wrote on 15 Sep 2020 16:21
Re: [bug#42380] [PATCH 0/9] gnu: Add torbrowser-unbundle.
(name . Ludovic Courtès)(address . ludo@gnu.org)
20200915142128.GA12025@andel
Hi Ludo,

qua 09 set 2020 às 09:20:08 (1599654008), ludo@gnu.org enviou:
Toggle quote (15 lines)
> Hi André,
>
> André Batista <nandre@riseup.net> skribis:
>
> > For sure. I'll give it a few more tries and cleanup the mess
> > here before sending this patch series. If I don't succeed, I'm
> > planning on sending it anyway so at least the libs can be
> > added and maybe someone can spot what I'm missing. But maybe
> > it's wise to hold Tor Browser itself since there has been an
> > announcement of some large percentage of exit relays messing
> > with Tor traffic[7].
>
> I don’t think Guix users will radically increase traffic over Tor, so I
> think we can keep going. :-)

Just to be sure: it's not so much about Guix users increasing the load
on Tor Network as of Guix users not having the benefits of this
extension and being prey to sslstriping.

Since you're giving a green light and I've encountered further
deterrence down the trail, I'll be sending this patch series which
also updates Tor Browser to the latest version. I've left comments
on code where I see room for improvement, in case someones wants to
help. For now, I'm trying to solve this issue and I think I'll
start a new thread for tracking it in order to avoid clutter here
as https-everywhere requires a good many new rust libs.

Toggle quote (12 lines)
> >> Regarding Tor Browser itself, can you think of ways to factorize code
> >> with IceCat?
> >
> > Other than sharing the https-everywhere definition, I was
> > thinking maybe we could take a diff of Tor Browser and Firefox
> > and avoid downloading firefox source twice when building both
> > browsers. But I need to take a more careful look. I'll give
> > this question some thought.
>
> OK. I was expecting at least things like some of the build phases and
> most/all of the inputs to be the same, but I haven’t checked.

Indeed they both share many inputs and phases. I've actually started
this definition from the IceCat one. I'll think on how to merge
them back. Probably some inheritance is in need.

Toggle quote (2 lines)
> Thanks again for all the work!

:)

---

This patch series adds Tor Browser version 9.5.4 to Guix.
Unsurprisignly, building it with '--rounds=2' seems to imply that
it is deterministic.
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9gzeUFgwPCZwAACgkQ
YrJ+WmBEwoJQNxAAm4HsW2cN4Kt4XjM6WT1erGkwIMpegxHpPCFnIXL7RqFtXj2S
DatADHACcO8sAv8oZCHX34OspezA+jlR8Snlw5RrEIOK2OVZtIHTyQilAmmw2maq
qtTKtElF6eccLLj+Vlt/T/3rzNU4dlgPNBpTykDAvt7bgxfoLkxrZh1lici2zyp+
7H2RsTA8NFMdrAZALwau65gbngGV4YqWUcuPR+xEcMooLXU2WAqJDxvP+wtiwN+K
4m/qACY0hzaqfh8rQdSCCQ/LTmU21rjbjMBFen8d4ogoKKWRjP3jIjs9nfS/RkRz
EDpv1NUql58RQkyhMrC8IOg9pCgtmjgthTwVj2dAibrb2xZDJVDPCkNCqXwssLoO
nzahqCQpB1UBQO77vFYpDkvol9mKSQImD/OgmjrARGbS4c/lQqCRXFBbiyQ3AFty
pLkMzBEGWmBqMdMGRBmHxrNnCT6l1PDCRLGt0HrsKA1PbQDqJ+Xku/ZEURVrj/R7
8/Wfr7bgAlEOb2f4/3JvaGgvAm8o5Jdors0qV/m/7V2UgGiYq1ZmpoW34ZOWRQNF
gK0S+3gL49qSc4qpTpd00/hBAbuPXqdfhEAgO4ZU4hdZ6x54D+1eXBOdDRgzo16r
8xWiKT1pDJp7D0pb1iAY+2f81EcvSbXirSU4pYHA0wBgZlWYKagb4dY6y4c=
=yek4
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:01
Re: [bug#42380] [PATCH 1/9] gnu: Add go-torproject-org-ptlib
(address . 42380@debbugs.gnu.org)
20200915150114.GA13296@andel
From f92795d45035e0423c69a5f6264e35f466840778 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:03:28 -0300
Subject: [PATCH] gnu: Add go-torproject-org-ptlib.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-torproject-org-ptlib): New variable.
---
gnu/packages/golang.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)

Toggle diff (34 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 8723592b51..0bcb01fd2f 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5656,3 +5656,27 @@ Included are the following:
 except that it adds convenience functions that use the fmt package to format
 error messages.")
     (license license:bsd-3)))
+
+(define-public go-torproject-org-ptlib
+  (package
+   (name "go-torproject-org-ptlib")
+   (version "1.1.0")
+   (source
+    (origin
+     (method git-fetch)
+     (uri (git-reference
+           (url "https://git.torproject.org/pluggable-transports/goptlib.git")
+           (commit (string-append "v" version))))
+     (file-name (git-file-name name version))
+     (sha256
+      (base32
+       "1lh938194hvkf8pqgnxwf6hvjv9rv0j3kasi07r2ckrj8sxzk4jc"))))
+   (build-system go-build-system)
+   (arguments
+    '(#:import-path "git.torproject.org/pluggable-transports/goptlib.git"))
+   (home-page "https://git.torproject.org/pluggable-transports/goptlib.git")
+   (synopsis "Go library for Tor Pluggable Transports")
+   (description "Library for writing Tor Pluggable Transports in Go.  Pluggable
+Transports are a means of connecting to the Tor Network from places where it
+is censored.")
+   (license license:cc0)))
-- 
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g1yoFgwPCZwAACgkQ
YrJ+WmBEwoJLgw//UpgdAgtcx9zZgf6Da2/oRwIimWEAJxWtD0VY9gb7Q8HZGcu1
3uZvxr2JB9VTwE4pNmUyrWsyT+o9HuKShFbWZRorab0k8puOkmsKUKRoqdz9VPmn
1uF/LNUXRlIs4+rAAqWLeN7408UW+13JuLpl9yj5CaIFXqqATzoEm8SVQ9IbFhHd
HEanggiW+/82LKK+tnVgq4bGC/4HBlpjTfTmC+IjVuKMV+wACUggfYX/yD9eE7hK
hzKxhe+WRfjUrmCebJcmhC8yPtHW6HZfuF2rxMa7zqi867nKKc5BdfYCo6KXfMGD
KZlgcSW7oYLuB/FHRehCk+vTyPOIsXkIj1Vg8v5ozCxEx4q01WL9DYosNbrGrtXJ
n1BCsJZAt7DyApmbJr0Z7jr5Qu+NAt+FH3LpG6g+53q/E91U9qs/10qlxWHFIiHE
1UELtNZ8iTvti5Mz8tdvt7pn8aGc0EWt4aD3ZK2FNVXJP/ykmtXnA2sMcFL/8Ow/
M8LNJLhkrMHJGMIBL4WhL1PBfZtodzFgiEvjmz7RWdRw7alwIT4a9KgTwUKHIYHK
vSmID+RGCZtCmQVGyi+3VyKumAvhX+9P+8CY1vheMYXQV3Hb0JWXFuCGsyg9dW/o
YjvuD0nO48j3iCy2HdIyFMHNlndxTjgskerDQpxqI6+n4LdXlxxzF9n6veI=
=/UY9
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:04
Re: [bug#42380] [PATCH 2/9] gnu: Add go-github-com-agl-ed25519
(address . 42380@debbugs.gnu.org)
20200915150421.GB13296@andel
From a9a38cf97812f18e1f39b9009d040f16af501efe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:15:31 -0300
Subject: [PATCH] gnu: Add go-github-com-agl-ed25519.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-agl-ed25519): New variable.
---
gnu/packages/golang.scm | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)

Toggle diff (48 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 0bcb01fd2f..8eab872814 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5680,3 +5680,41 @@ error messages.")
 Transports are a means of connecting to the Tor Network from places where it
 is censored.")
    (license license:cc0)))
+
+(define-public go-github-com-agl-ed25519
+  (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")
+        (revision "0"))
+    (package
+     (name "go-github-com-agl-ed25519")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/agl/ed25519")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "github.com/agl/ed25519"
+        #:phases
+        (modify-phases %standard-phases
+          (add-before 'reset-gzip-timestamps 'make-files-writable
+            (lambda* (#:key outputs #:allow-other-keys)
+              (let ((out (assoc-ref outputs "out")))
+                   (for-each (lambda (file) (chmod file #o644))
+                     (find-files out "\\.gz"))
+             #t))))))
+     (home-page "https://github.com/agl/ed25519")
+     (synopsis "Go library for ed25519 public-key signatures")
+     (description "This library is a Go implementation of ed25519 public-key
+signature system which was designed to be faster than previous digital signature
+systems without sacrificing security.  It is currently used in the
+implementation of obfs4 and should be not be used on newer projects since it
+is unmaintained.  Newer software should use x-crypto instead.")
+     ;; License file is referred but it is missing. Probably because the
+     ;; author decided to discontinue the project.
+     (license (license:non-copyleft "file://ed25519.go")))))
-- 
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g1/UFgwPCZwAACgkQ
YrJ+WmBEwoJ6SBAApmWNIpeSmO7S62UaBpDG+UIsgGMFIjQ48BEmb/1fjkNMMobw
ZK+nMIWOeWYMXerIY0vbhIStzErhu4QyrDaTemP19SKsOefaKdBA5zBQ/0H75Bce
1MqncokLB2byZTv7gpBKG0uN66tVJ1WRF9TVBneJK+GL4SXonSEYhv2IPbqx1Q7u
7Pym+pCD4oQFq78hIAfH8XDerlaYsFau69ivEWx77J12pa9NP0IDoDai44Xg/7vY
Ajc/+cF9G7QciTlWf0d8SYrj9NVHsBTxibd751yIlfrhc14hArdzCdlVx0u6Xe4Z
EhGIQYOXhlz4W4YWszicc7XNsUJgCk/FCcWPEOHSspfQCNxKv7j3O5xwYUOUjH6w
9W5qMwgxSYJXkF9ChIavMslhfZieIPLH6OFfIJEp9PLcnbPCoffko6Om7nqwwJwV
7KOgb8xGmITE0Up2ncrd4WlWAqeSvutLQ6mXb4rivEtCdopYiQIUh5hjnTwAOOJ9
egehbFVCn0Dk5zCqmn2z6zdnuakfDd93tYTRiiybTyV8dGWTb7cPYiH8e50zldHb
scxa+Vrj8G/Ol3iHCOdfu9rbf2zbcKoQiJga6HGHCc1vg3kbLxk6Vof2v0ZAW5ir
4ep8EZuHe6ogHaSEkT5IEwF7I232vyhgfeW/J678YVxti03QvaKSdMWSdOA=
=Zyh/
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:06
Re: [bug#42380] [PATCH 0/9] gnu: Add go-github-com-dchest-siphash.
(address . 42380@debbugs.gnu.org)
20200915150607.GC13296@andel
From b1d59160bf4c444784f68b5b35d20c48cb1eb601 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:18:41 -0300
Subject: [PATCH] gnu: Add go-github-com-dchest-siphash.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-dchest-siphash): New variable.
---
gnu/packages/golang.scm | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)

Toggle diff (37 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 8eab872814..471ed31965 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5718,3 +5718,30 @@ is unmaintained.  Newer software should use x-crypto instead.")
      ;; License file is referred but it is missing. Probably because the
      ;; author decided to discontinue the project.
      (license (license:non-copyleft "file://ed25519.go")))))
+
+(define-public go-github-com-dchest-siphash
+  (let ((commit "34f201214d993633bb24f418ba11736ab8b55aa7")
+        (revision "0"))
+    (package
+     (name "go-github-com-dchest-siphash")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/dchest/siphash")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "08s076y7vmjqnq7jz0762hkm896r6r31v8b31a3gy0n8rfa01k8k"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "github.com/dchest/siphash"))
+     (home-page "https://github.com/dchest/siphash")
+     (synopsis "Go library for siphash")
+     (description "Go implementation of SipHash-2-4, a fast short-input
+Pseudo Random Function which is suitable for usage in message authentication
+codes and was based on the design created by Jean-Philippe Aumasson and Daniel
+J. Bernstein. ")
+     (license license:cc0))))
-- 
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2F4FgwPCZwAACgkQ
YrJ+WmBEwoLEHQ//eim1QrKY4aNxskV89L25DRzFz5eDMQSlP3NQJCo7UxpN8fbx
6J6Sjus1WKIZlNDkuAXqMlgP0+H0ZHaUK9NQNITPGuwppgtnhnChQXgyu8bbtQjq
fWRvRweZdhciQG2XcLGHQhLN0RF/V4samaJx9sS8w1hZ77LB4S4R+Fq2wJr49qDI
SBNrS7RYqtROgYEoYEiTiz4MJMahPQFJtNkvqzo2TsZ3AZNDdCeMeUnF36tl/2yg
szGv926oNHgUlVL4HDwNn/ZgOao6iAzKr5BZkqXLSbDvINK+5EpW/pDyXce54+Dq
JCEMUXLOSAwB8kpvpDoo37O5coRONmsW1qDJZNhqgj+SHRzflfwhXlk857skDXIb
Mri+rLXj0U0ihteGxQIneW9s9aZo/oPz4AKVJupjaGOc19FPVirrA5a+BnAhtfL3
Zu3770xU5NWRxqbvcQV7sJnrWDe+mdbe1fvFVIkoUTC9sJLwOw3+5lHPjePGP5KY
2pQY+TliCNUkwzLvMRyzXlAnH3HKNEDC2o92eF9NYwr9tuHsNLzYITANQnPFItN2
1ZVUJYZ8xD40HsQPDPSBKNkhKitpQnBiiff+ruwq1WmqzFOL6NQXWwwbwDOp2Svz
OuLLbvkPlguQR2IphQ30EK3o5BlPIAT++MwZP0BsYbQQ8vntDglayG9dFzA=
=g79z
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:08
Re: [bug#42380] [PATCH 4/9] gnu: Add go-github-com-dchest-uniuri
(address . 42380@debbugs.gnu.org)
20200915150832.GD13296@andel
From 46b0c175ce9c440c469c4456960adab9503c2bfa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:27:56 -0300
Subject: [PATCH] gnu: Add go-github-com-dchest-uniuri.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-dchest-uniuri): New variable.
---
gnu/packages/golang.scm | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)

Toggle diff (35 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 471ed31965..da9a531665 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5745,3 +5745,28 @@ Pseudo Random Function which is suitable for usage in message authentication
 codes and was based on the design created by Jean-Philippe Aumasson and Daniel
 J. Bernstein. ")
      (license license:cc0))))
+
+(define-public go-github-com-dchest-uniuri
+  (let ((commit "8902c56451e9b58ff940bbe5fec35d5f9c04584a")
+        (revision "0"))
+    (package
+     (name "go-github-com-dchest-uniuri")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/dchest/uniuri")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "1x5bsbm1nlphsv96zd0rbclfaa1swpz5bp14x7s5dbxp0awk2gd4"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "github.com/dchest/uniuri"))
+     (home-page "https://github.com/dchest/uniuri")
+     (synopsis "Go library for random URIs")
+     (description "Package uniuri generates random strings good for use in
+Universal Resource Identifiers to uniquely identify objects.")
+     (license license:cc0))))
-- 
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2O8FgwPCZwAACgkQ
YrJ+WmBEwoJEIg//YOP5rAeag2yGs8Iv6twzYrbkjTs8WKP7KZz0KT2IQP6FTlr4
v58AlDG96Y30pUaB6rsyhqZxEgpI4MSRYB1Ldk/YHMlnqz1PIegDZ/DqDuUxzFhe
tL3XwcgiIssnCboVmflDV0NS+3ezTfeH167jYu0ARN0iN3Qa5jgFCVPh6Y+fX1i6
BR+85bmZpECy/hZH67vR9VSBKZTkyrCOahCj/TyBFIOVs5OLJRbhLhYsnIXYeG/s
G76K5z0W0e9yjf5S3QOy4xgHhfxZHh2TE7I1coIGvu+kP6Ji15VCtp7XBHf5TKqU
tOj2i4oXjIEux4Ioic9rllgADTyqXURG7uk9XrqEBKIMbjOvoLyrjsUsaxKC71AW
6ZNPczqBz91DeiYrk2ass+xZh/utq9jtQTND0BhixBfwv7ztutviPLXiqQl8QDZi
gbjp1GDZWOUpb7Aq/9o9H0oLjvPgOW0dyH4EJja1mM5m4hrBD/VngJUI1eUU1vJY
kWPoCHXKPCYw8JMNEd9VboMa7XercTMrtt0ame6Yv6HWVLXVP5WOzVxKpSXsV3td
tt2lWQEyv5H+QukRmyE+PNJaC22vQvpNrQTSeL6YXttG6/XbL5wQH9T1S89Vlzue
HXoi+MA0ejHhOJR9NaRXNyqUv95pEuXvn0MPPx8taIZJdTjd7iShdo/FDjo=
=Fh5j
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:10
Re: [bug#42380] [PATCH 5/9] gnu: Add go-github-com-dsnet-compress
(address . 42380@debbugs.gnu.org)
20200915151036.GE13296@andel
From e539f026c99a4983713a60928b2be10d70dd3a91 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:31:36 -0300
Subject: [PATCH] gnu: Add go-github-com-dsnet-compress.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-dsnet-compress): New variable.
---
gnu/packages/golang.scm | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)

Toggle diff (36 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index da9a531665..06c9faa286 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5770,3 +5770,29 @@ J. Bernstein. ")
      (description "Package uniuri generates random strings good for use in
 Universal Resource Identifiers to uniquely identify objects.")
      (license license:cc0))))
+
+(define-public go-github-com-dsnet-compress
+  (let ((commit "cc9eb1d7ad760af14e8f918698f745e80377af4f")
+        (revision "0"))
+    (package
+     (name "go-github-com-dsnet-compress")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/dsnet/compress")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "159liclywmyb6zx88ga5gn42hfl4cpk1660zss87fkx31hdq9fgx"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "github.com/dsnet/compress"))
+     (home-page "https://github.com/dsnet/compress")
+     (synopsis "Go library for extended compression")
+     (description "This is a collection of compression related libraries.
+The goal of this project is to provide pure Go implementations for popular
+compression algorithms bey ond what the Go standard library provides.")
+     (license (license:non-copyleft "file://LICENSE.md")))))
-- 
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2WsFgwPCZwAACgkQ
YrJ+WmBEwoIoHg/+IcEBtjdaIrX9zGHF82rUHYMS3iYx0gm/+LnJJT1KyhPy13gl
ur8HvufPUHT+Bdp9dhmOQRxR7spGzMlwuKeXy9BWOAMYbSkEauBvorDihRZ5NIXV
oGQ1I+FPx0tZTDdkX4LS0V9FfQBdRtG7HnOFUWG04WMPuGrkxygTvjHYFC49+IWS
lvxmSnmUWKMzSbz4slm57WN7nT7qWLG/HoKlG4MiSDE71CKjNohRF8Ga2mG+bXmY
MGmqmuUocnM2k10je3jeNBi3Sc5uDN/wOV2CcQm9hvxHenSjl2qeV7gSJPZihgB3
1wo25rbrC/8Ay8s/685AEWvZyX5BOtzGKV105zxHBq1aTh6QQJGTg2CGYwHW1Ils
gHirARjDYTO38fy4IuEQsEAYtBVYyy3o/7k6g+ZPDM1Sx5t0MXippuBM10Htod7l
Oy1Xe+YFi2tONFTQn36Da4PV2EVA95/AzgbWZ2eimQyCYG08vQxjF1/dnkGwUPmB
CDLy+t6c5ey4jlrDOMwxmWqeOhnpQh2Gyy8kPqGYK70UcZJ7nlbtYUFwyI+ZyXN4
MPaEpptdMyuJjpMADm+Lupa9myMy/R5OHE4TIZD0Svecu6ufJvaxp5mvsqCWHmhw
74DN/UwfyxinzIiR0jqDW5y+FEtPgrfttym8EHtmOX08ccttUWJ0Bg09+TI=
=STG9
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:12
Re: [bug#42380] [PATCH 6/9] gnu: Add go-schwanenlied-me-yawning-bsaes
(address . 42380@debbugs.gnu.org)
20200915151216.GF13296@andel
From e88f0e94b84bd51ddf742577d60a5bcb19eff72b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:33:55 -0300
Subject: [PATCH] gnu: Add go-schwanenlied-me-yawning-bsaes.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-schwanenlied-me-yawning-bsaes): New variable.
---
gnu/packages/golang.scm | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)

Toggle diff (39 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 06c9faa286..7c68f36c2a 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5796,3 +5796,32 @@ Universal Resource Identifiers to uniquely identify objects.")
 The goal of this project is to provide pure Go implementations for popular
 compression algorithms bey ond what the Go standard library provides.")
      (license (license:non-copyleft "file://LICENSE.md")))))
+
+(define-public go-schwanenlied-me-yawning-bsaes
+  (let ((commit "26d1add596b6d800bdeeb3bc3b2c7b316c056b6d")
+        (revision "0"))
+    (package
+     (name "go-schwanenlied-me-yawning-bsaes")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://git.schwanenlied.me/yawning/bsaes.git")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "0h4dsyw54n9rcwprqy93wv2v1gcvlq1vfqdp1g7wxdkq457rhvys"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "git.schwanenlied.me/yawning/bsaes.git"))
+     (home-page "https://git.schwanenlied.me/yawning/bsaes.git")
+     (synopsis "Go AES library")
+     (description "Portable pure-Go constant time Advanced Encryption
+Standard (AES) for eletronic data encryption.  This implementation if
+based on code from [BearSSL](https://bearssl.org/).  On AMD64 systems
+with hardware support for AES New Instructions (AES-NI) and a
+sufficiently recent Go runtime, it will transparently call crypto/aes
+when NewCipher is invoked.")
+     (license (license:non-copyleft "file://LICENSE.txt")))))
-- 
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2dAFgwPCZwAACgkQ
YrJ+WmBEwoImxg/9GGJZjs/ZaaCYiSqJLoxwGob9la70qIYwRoxgxaGh/yGao4oa
RyM3n0C5TdcP59TdyeK5S5fHKSjQkoaFKeG38RZX7Rzeg7YVRZkQ8ROTDj2B7qSA
l4NWDom0dwijyFaQ/pgzCxr0+ctT0B8kwq45ZZOh4QvOGKJn55zGQxpRC9WOy2Wc
fsTQCgPncatcotHX5F9lrrTw1rjUMyi0ENt5fDGU0cBnSSOB39fCmpDrqYCR+21B
RPa4gafVAnAEP/otAWMDHY5ybM7HTqTmTO9kiELsvmFxTC1IUdP4MiRPiCw8KGxP
YmSE6MW0vdEibFydtVJsVcIjFVZw2MRa7950RLkXneZrsR7FHsNaHMgWCHbl2Yu0
vfmbhgCmu74VDBpSQ2D4fNqrc0CWnohe4YZb30m1jJ2pG3Nn9SbgfoT6TljMcXrc
NnNZSwaIQIf9wsjTwfbo6QmmQCg2C2Fv1+dQJKMZNgomBJaB5ZO6i/OjkncpAPEG
oMzl5whJgGwuNDEWUz3ZMFS+qRRigoap0k6KnWnTMAJajlp17nBvb1fiVngtuq/6
QVP2YYIkeZAzt/khx2AXeH8CAUjR9FGYaVzEYmHnAsiuAxbmGIG1eU2QXl2w1HwE
SyJXODwLVYhPhbLeK+3/C1Ld2h/fBeOOcEnHq75eUF3RPH9lG0DVSErAmYc=
=bbe1
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:14
Re: [bug#42380] [PATCH 7/9] gnu: Add go-gitlab-com-yawning-utls
(address . 42380@debbugs.gnu.org)
20200915151411.GG13296@andel
From 4f31263215dffb94e47a4c9e7256e095fb68c1e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 18:47:38 -0300
Subject: [PATCH] gnu: Add go-gitlab-com-yawning-utls.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-gitlab-com-yawning-utls): New variable.
---
gnu/packages/golang.scm | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)

Toggle diff (49 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 7c68f36c2a..55975d3e30 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -19,6 +19,7 @@
 ;;; Copyright © 2020 Jack Hill <jackhill@jackhill.us>
 ;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
 ;;; Copyright © 2020 Nicolas Goaziou <mail@nicolasgoaziou.com>
+;;; Copyright © 2020 André Batista <nandre@riseup.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -5825,3 +5826,34 @@ with hardware support for AES New Instructions (AES-NI) and a
 sufficiently recent Go runtime, it will transparently call crypto/aes
 when NewCipher is invoked.")
      (license (license:non-copyleft "file://LICENSE.txt")))))
+
+(define-public go-gitlab-com-yawning-utls
+  (package
+   (name "go-gitlab-com-yawning-utls")
+   (version "0.0.10-1")
+   (source
+    (origin
+     (method git-fetch)
+     (uri (git-reference
+           (url "https://gitlab.com/yawning/utls.git")
+           (commit (string-append "v" version))))
+     (file-name (git-file-name name version))
+     (sha256
+      (base32
+       "15c46s56r45n22rmq9spnczydnkqrnxff28h5mpnk5yvcqif3lgb"))))
+   (build-system go-build-system)
+   (arguments
+    '(#:tests? #f ;; Tries to connect and fails.
+      #:import-path "gitlab.com/yawning/utls.git"))
+   (propagated-inputs
+    `(("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+      ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+      ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)))
+   (home-page "https://gitlab.com/yawning/utls.git")
+   (synopsis "Go library for uTLS")
+   (description "This library is a fork of the main Transport Layer Security
+protocol in Go (crypto/tls) which provides ClientHello fingerprinting resistance,
+low level access to handshakes and fake session tickets among other features.
+This fork was made for the specific purpose of improving obfs4proxy's meek_lite
+transport protocol.")
+   (license license:gpl3+)))
-- 
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2kIFgwPCZwAACgkQ
YrJ+WmBEwoJL9hAAhXX+DfZ0JbFWDMi5FM+zQNJkeA4PcC+jrdjRR2qDhNovBk6D
wb1y2Bx/uExkW4Byz2501klRlinXrXBoLqq3fv39e8EYc4AK3xDEmxGrvO65WwwO
1GvsDqwCgrl+kCuVADYA3NMWCvirCBYVE8tx37Psc8eLKXTzvTm2asoNiUhwtnQU
R+SyIamP/Xma/SlSAdmrLoBxFfZ8FEh/aj9FLA+GNeLLgdDk+wlbVvgZXAX0tz9B
jy9zN2IO/Ey06tL3ZGzPjMDlgI2YGaKkTMDkm0IGdtfosoOqveb3/yauPWJXeffW
l04p7wwKLhd/X/sEQltD8UZzDzl7cfoLwcx1DYiC0gRQNzLFzU6gDTW3PUdn/jz8
PnNOT6Ry7h5+jJNrwxBcbuNoJv15Q5x3ZXqkm2G1sACd86H8Mnu5/R4BcyBeM8i0
C/uEWSKT0fO3OFgWOEbjpz0ZC0Xqpx7DPI6kkNIKex9X84AdTqLgz0C9fPZneab3
vTob3ZQuV83zi5Z8V/lapC0CND4Os53dSXJaaBSsSwWspu0isspegxM6pswEXH3D
hNWvsooZipfJbnjge5EW7hOmBQxsS9BgqbM3GTmbwc+FgP31HIQ2MRtycJ1mPGVZ
6UtUbtGt5ie+9c63Qn7JI4TG3oz1pzAquQOBhJdMj/6LUyu4Ns82YDiFal8=
=dWJA
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:15
Re: [bug#42380] [PATCH 8/9] gnu: obfs4
(address . 42380@debbugs.gnu.org)
20200915151525.GH13296@andel
From 6e228ba965d65963456f3232cb8bd7fcc25bf822 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 19:05:45 -0300
Subject: [PATCH] gnu: Add obfs4.
To: 42380@debbugs.gnu.org

* gnu/packages/tor.scm (obfs4): New variable.
* Alphabetically order module imports.
---
gnu/packages/tor.scm | 80 ++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 77 insertions(+), 3 deletions(-)

Toggle diff (109 lines)
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index c852c54a5b..dd362d3af8 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -33,13 +33,16 @@
   #:use-module (guix download)
   #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system go)
   #:use-module (guix build-system python)
   #:use-module (gnu packages)
+  #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
-  #:use-module (gnu packages libevent)
-  #:use-module (gnu packages linux)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages golang)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages linux)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
@@ -47,7 +50,6 @@
   #:use-module (gnu packages python-web)
   #:use-module (gnu packages python-xyz)
   #:use-module (gnu packages qt)
-  #:use-module (gnu packages autotools)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages w3m))
 
@@ -324,3 +326,75 @@ statistics and status reports on:
 
 Potential client and exit connections are scrubbed of sensitive information.")
     (license license:gpl3+)))
+
+(define-public obfs4
+  (package
+   (name "obfs4")
+   (version "0.0.11")
+   (source
+    (origin
+     (method git-fetch)
+     (uri (git-reference
+           (url "https://git.torproject.org/pluggable-transports/obfs4.git")
+           (commit (string-append "obfs4proxy-" version))))
+     (file-name (git-file-name name version))
+     (sha256
+      (base32
+       "1y2kjwrk64l1h8b87m4iqsanib5rn68gzkdri1vd132qrlypycjn"))))
+   (build-system go-build-system)
+   (arguments
+    '(#:import-path "git.torproject.org/pluggable-transports/obfs4.git"
+      #:tests? #f ;; No test files
+      #:phases
+      (modify-phases %standard-phases
+        (replace 'build
+          (lambda* (#:key outputs configure-flags #:allow-other-keys)
+            (let ((out (assoc-ref outputs "out")))
+              (copy-recursively
+               "src/git.torproject.org/pluggable-transports/obfs4.git"
+               "src/gitlab.com/yawning/obfs4.git"
+               #:log (%make-void-port "w"))
+              (with-directory-excursion
+               "src/git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy"
+               (invoke "go" "build" "-ldflags" "-s"))
+            #t)))
+        (replace 'install
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let* ((out (assoc-ref outputs "out"))
+                   (src "src/git.torproject.org/pluggable-transports/obfs4.git")
+                   (bin (string-append out "/bin"))
+                   (share (string-append out "/share"))
+                   (doc (string-append share "/doc"))
+                   (man (string-append share "/man/man1")))
+              (mkdir-p man)
+              (mkdir bin)
+              (mkdir doc)
+              (with-directory-excursion
+               (string-append src "/obfs4proxy")
+               (copy-file "obfs4proxy"
+                          (string-append bin "/obfs4proxy")))
+              (with-directory-excursion
+               (string-append src "/doc")
+               (copy-file "obfs4proxy.1"
+                          (string-append man "/obfs4proxy.1"))
+               (copy-file "obfs4-spec.txt"
+                          (string-append doc "/obfs4-spec.txt")))
+            #t))))))
+   (propagated-inputs
+    `(("go-torproject-org-ptlib" ,go-torproject-org-ptlib)
+      ("go-github-com-agl-ed25519" ,go-github-com-agl-ed25519)
+      ("go-github-com-dchest-siphash" ,go-github-com-dchest-siphash)
+      ("go-github-com-dchest-uniuri" ,go-github-com-dchest-uniuri)
+      ("go-github-com-dsnet-compress" ,go-github-com-dsnet-compress)
+      ("go-schwanenlied-me-yawning-bsaes" ,go-schwanenlied-me-yawning-bsaes)
+      ("go-gitlab-com-yawning-utls" ,go-gitlab-com-yawning-utls)
+      ("go-golang-org-x-net" ,go-golang-org-x-net)
+      ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)
+      ("go-golang-org-x-text" ,go-golang-org-x-text)))
+   (home-page "https://git.torproject.org/pluggable-transports/obfs4.git")
+   (synopsis "Obfs4 implements an obfuscation protocol")
+   (description "This is a look-like nothing obfuscation protocol that
+incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.
+The obfs naming was chosen primarily because it was shorter, in terms of
+protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")
+   (license license:gpl3+)))
-- 
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2o0FgwPCZwAACgkQ
YrJ+WmBEwoKlYg//Ya7faXpZVZgsJOLcEvw3OixhW1y0gnw26LBz/I8UWa2usAwN
hyo77cu6Cf7UhgHuk525LH5djJ6JCgHK3SHKbWXlHGo3otFnq9iqbZuXlZWWquRi
DQ0PWtvx2p1VxX7X2hERTeLix9Qjs4oR66WIbmNdgD5EsnYwcIowq65ZXRlBcc0B
svF1SnO6DEXyC7reuORK2Y5K7I3m9i9wqgPTIaXFr98nJd7LMrwUYHNiS8J/cdJU
qm0N0CpOiR8dntFD8laxrt3bnTGJqSdGP8yiRH7+K19w3WbPq2u3a0VXrsCkxcgl
5tKdSfbsKI2EA86pv0CeTMrkVfiRaflExFbYFQ1lL46eMIha34DTGVPNZ9bffZvQ
wbZatYBt12wK6Lx1MH4/4sSkAa0kv9Y6n9TiI/idp85xsEIrzF7BeWxQR35bjaez
UsGbCSG56pv6NZ1xU0dtPw482s/CLsTLF1p6gQdUfWlamES5udlD71kREtcjQVQg
8SLGTp/QcKUZCbN5El3RWQyVET0cJP6yZZjFuH6u67SzgYGtZqrZh4ThTozNU4BP
xzTDnZKOwe17kt2kUiJOEsJg+PlPJfBma6HiUpnhKUqeGNiAEmC2rhMO7ouDGJ1j
b37J7lHXGAf3Q12uAk4Rzo6H/y+6Y1UPhGYptexcQkmN+cPcZXbaf+PDfFY=
=O46u
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:16
Re: [bug#42380] [PATCH 9/9] gnu: Add torbrowser-unbundle
(name . Ludovic Courtès)(address . ludo@gnu.org)
20200915151614.GI13296@andel
From 84070de582d33d47f2684bdee69b1e0b478c2352 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Mon, 14 Sep 2020 22:39:59 -0300
Subject: [PATCH] gnu: Add torbrowser-unbundle
To: 42380@debbugs.gnu.org

* gnu/packages/tor.scm (torbrowser-unbundle): New variable.
* gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch: New file.
* gnu/packages/patches/torbrowser-start-tor-browser.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
---
gnu/local.mk | 3 +
...torbrowser-start-tor-browser.desktop.patch | 22 +
.../torbrowser-start-tor-browser.patch | 226 +++++
gnu/packages/tor.scm | 830 +++++++++++++++++-
4 files changed, 1080 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.patch

Toggle diff (1147 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 1baa8405c5..1715068b6c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -37,6 +37,7 @@
 # Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
 # Copyright © 2020 Tanguy Le Carrour <tanguy@bioneland.org>
 # Copyright © 2020 Martin Becze <mjbecze@riseup.net>
+# Copyright © 2020 André Batista <nandre@riseup.net>
 #
 # This file is part of GNU Guix.
 #
@@ -1615,6 +1616,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/tipp10-fix-compiling.patch		\
   %D%/packages/patches/tipp10-remove-license-code.patch		\
   %D%/packages/patches/tk-find-library.patch			\
+  %D%/packages/patches/torbrowser-start-tor-browser.desktop.patch       \
+  %D%/packages/patches/torbrowser-start-tor-browser.patch       \
   %D%/packages/patches/transcode-ffmpeg.patch	\
   %D%/packages/patches/ttf2eot-cstddef.patch			\
   %D%/packages/patches/tomb-fix-errors-on-open.patch		\
diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
new file mode 100644
index 0000000000..336115b33a
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
@@ -0,0 +1,22 @@
+Change TorBrowser desktop file in order for it to be agnostic to the
+path when invoked.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop.orign	2020-07-05 18:47:40.689484877 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop	2020-07-25 02:54:44.603431160 -0300
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env ./Browser/execdesktop
++#!/usr/bin/env bash
+ #
+ # This file is a self-modifying .desktop file that can be run from the shell.
+ # It preserves arguments and environment for the start-tor-browser script.
+@@ -28,7 +28,7 @@
+ GenericName=Web Browser
+ Comment=Tor Browser is +1 for privacy and −1 for mass surveillance
+ Categories=Network;WebBrowser;Security;
+-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k
+-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
+-Icon=web-browser
++Exec=bash -c start-tor-browser
++X-TorBrowser-ExecShell=start-tor-browser --detach
++Icon=torbrowser
+ StartupWMClass=Tor Browser
diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.patch b/gnu/packages/patches/torbrowser-start-tor-browser.patch
new file mode 100644
index 0000000000..c563f94003
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-tor-browser.patch
@@ -0,0 +1,226 @@
+Change TorBrowser startup script in order for it to setup needed files
+outside guix store. Remove tests which are not needed on guix system.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.orig	2020-07-05 18:47:40.685485004 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser	2020-08-01 20:22:08.901737325 -0300
+@@ -5,6 +5,15 @@
+ #
+ # Copyright 2017 The Tor Project.  See LICENSE for licensing information.
+ 
++TBB_HOME="${HOME}/.local/share/torbrowser"
++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"
++TBB_DATA="${TBB_HOME}/Data"
++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"
++TBB_STORE_PATH=$(dirname $(realpath "$0"))
++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"
++TORRC="${TBB_DATA}/Tor/torrc-defaults"
++PT_PREFS="${TBB_DATA}/Browser/bridge-prefs-js-appendix"
++
+ complain_dialog_title="Tor Browser"
+ 
+ # First, make sure DISPLAY is set.  If it isn't, we're hosed; scream
+@@ -106,14 +115,11 @@
+     printf "  --verbose         Display Tor and Firefox output in the terminal\n"
+     printf "  --log [file]      Record Tor and Firefox output in file (default: tor-browser.log)\n"
+     printf "  --detach          Detach from terminal and run Tor Browser in the background.\n"
+-    printf "  --register-app    Register Tor Browser as a desktop app for this user\n"
+-    printf "  --unregister-app  Unregister Tor Browser as a desktop app for this user\n"
+ }
+ log_output=0
+ show_output=0
+ detach=0
+ show_usage=0
+-register_desktop_app=0
+ logfile=/dev/null
+ while :
+ do
+@@ -134,8 +140,8 @@
+           ;;
+       -l | --log)
+           if [ -z "$2" -o "${2:0:1}" == "-" ]; then
+-             printf "Logging Tor Browser debug information to tor-browser.log\n"
+-             logfile="../tor-browser.log"
++             printf "Logging Tor Browser debug information to torbrowser.log\n"
++             logfile="${TBB_LOGFILE}"
+           elif [ "${2:0:1}" == "/" -o "${2:0:1}" == "~" ]; then
+              printf "Logging Tor Browser debug information to %s\n" "$2"
+              logfile="$2"
+@@ -148,16 +154,6 @@
+           log_output=1
+           shift
+           ;;
+-      --register-app)
+-          register_desktop_app=1
+-          show_output=1
+-          shift
+-          ;;
+-      --unregister-app)
+-          register_desktop_app=-1
+-          show_output=1
+-          shift
+-          ;;
+       *) # No more options
+           break
+           ;;
+@@ -187,41 +183,23 @@
+ 	export XAUTHORITY
+ fi
+ 
+-# If this script is being run through a symlink, we need to know where
+-# in the filesystem the script itself is, not where the symlink is.
+-myname="$0"
+-if [ -L "$myname" ]; then
+-	# XXX readlink is not POSIX, but is present in GNU coreutils
+-	# and on FreeBSD.  Unfortunately, the -f option (which follows
+-	# a whole chain of symlinks until it reaches a non-symlink
+-	# path name) is a GNUism, so we have to have a fallback for
+-	# FreeBSD.  Fortunately, FreeBSD has realpath instead;
+-	# unfortunately, that's also non-POSIX and is not present in
+-	# GNU coreutils.
+-	#
+-	# If this launcher were a C program, we could just use the
+-	# realpath function, which *is* POSIX.  Too bad POSIX didn't
+-	# make that function accessible to shell scripts.
+-
+-	# If realpath is available, use it; it Does The Right Thing.
+-	possibly_my_real_name="`realpath "$myname" 2>/dev/null`"
+-	if [ "$?" -eq 0 ]; then
+-		myname="$possibly_my_real_name"
+-	else
+-		# realpath is not available; hopefully readlink -f works.
+-		myname="`readlink -f "$myname" 2>/dev/null`"
+-		if [ "$?" -ne 0 ]; then
+-			# Ugh.
+-			complain "start-tor-browser cannot be run using a symlink on this operating system."
+-		fi
+-	fi
++# Try to be agnostic to where we're being started from, check if files are on its
++# default paths and chdir to TBB_HOME
++if [ -e "${TORRC}" ]; then
++   cd "${TBB_HOME}"
++else
++   mkdir -p "${TBB_HOME}"
++   cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
++   chmod -R 700 "${TBB_HOME}"
++   mkdir -p "${TBB_PROFILE}"
++   echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\
++     > "${TBB_PROFILE}/user.js"
++   grep -v 'default_bridge\.snowflake' "${PT_PREFS}" >> "${TBB_PROFILE}/user.js"
++   echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
++     >> "${TORRC}"
++   cd "${TBB_HOME}"
+ fi
+ 
+-# Try to be agnostic to where we're being started from, chdir to where
+-# the script is.
+-mydir="`dirname "$myname"`"
+-test -d "$mydir" && cd "$mydir"
+-
+ # If ${PWD} results in a zero length string, we can try something else...
+ if [ ! "${PWD}" ]; then
+ 	# "hacking around some braindamage"
+@@ -236,50 +214,9 @@
+   ln -nsf ~/.config/ibus/bus .config/ibus
+ fi
+ 
+-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from the
+-# canonical version if it was changed by the updater.
+-cp start-tor-browser.desktop ../
+-sed -i -e "s,^Name=.*,Name=Tor Browser,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Icon=.*,Icon=$PWD/browser/chrome/icons/default/default128.png,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Exec=.*,Exec=sh -c '\"$PWD/start-tor-browser\" --detach || ([ !  -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Browser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop
+-
+-if [ "$register_desktop_app" -eq 1 ]; then
+-	mkdir -p "$HOME/.local/share/applications/"
+-	cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
+-	update-desktop-database "$HOME/.local/share/applications/"
+-	printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"
+-	exit 0
+-fi
+-
+-if [ "$register_desktop_app" -eq -1 ]; then
+-	if [ -e "$HOME/.local/share/applications/start-tor-browser.desktop" ]; then
+-		rm -f "$HOME/.local/share/applications/start-tor-browser.desktop"
+-		update-desktop-database "$HOME/.local/share/applications/"
+-		printf "Tor Browser has been removed as a user desktop app (from ~/.local/share/applications/)\n"
+-	else
+-		printf "Tor Browser does not appear to be a desktop app (not present in ~/.local/share/applications/)\n"
+-	fi
+-	exit 0
+-fi
+-
+ HOME="${PWD}"
+ export HOME
+ 
+-SYSARCHITECTURE=$(getconf LONG_BIT)
+-TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
+-
+-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
+-   complain "Wrong architecture? 32-bit vs. 64-bit."
+-   exit 1
+-fi
+-
+-[% IF c("var/asan") -%]
+-# We need to disable LSan which is enabled by default now. Otherwise we'll get
+-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59
+-ASAN_OPTIONS="detect_leaks=0"
+-export ASAN_OPTIONS
+-[% END -%]
+-
+ function setControlPortPasswd() {
+     local ctrlPasswd=$1
+ 
+@@ -342,13 +279,15 @@
+ # your password in the following line where the word “secret” is:
+ setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'}
+ 
+-# Set up custom bundled fonts. See fonts-conf(5).
+-export FONTCONFIG_PATH="${HOME}/TorBrowser/Data/fontconfig"
+-export FONTCONFIG_FILE="fonts.conf"
+-
+ # Avoid overwriting user's dconf values. Fixes #27903.
+ export GSETTINGS_BACKEND=memory
+ 
++# Set up custom bundled fonts. See fonts-conf(5).
++export FONTCONFIG_FILE="${HOME}/Data/fontconfig/fonts.conf"
++
++sed -i "${FONTCONFIG_FILE}"\
++    -e "s,<dir>fonts</dir>,<dir>${TBB_STORE_PATH}/fonts</dir>,"
++
+ cd "${HOME}"
+ 
+ # We pass all additional command-line arguments we get to Firefox.
+@@ -357,23 +296,23 @@
+ 
+ if [ "$show_usage" -eq 1 ]; then
+     # Display Firefox help, then our help
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/null
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default --help 2>/dev/null
+     tbb_usage
+ elif [ "$detach" -eq 1 ] ; then
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-       -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++       -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
+     disown "$!"
+ elif [ "$log_output" -eq 1 -a "$show_output" -eq 1 ]; then
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
+         tee "$logfile"
+ elif [ "$show_output" -eq 1 ]; then
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" < /dev/null
+ else
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
+ fi
+ 
+ exit $?
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index dd362d3af8..bc7a3486f8 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -32,26 +32,63 @@
   #:use-module (guix utils)
   #:use-module (guix download)
   #:use-module (guix git-download)
+  #:use-module (guix build-system cargo)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system go)
   #:use-module (guix build-system python)
+  #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages audio)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
   #:use-module (gnu packages golang)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages libcanberra)
   #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages llvm)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages nss)
   #:use-module (gnu packages pcre)
+  #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-crypto)
   #:use-module (gnu packages python-web)
   #:use-module (gnu packages python-xyz)
   #:use-module (gnu packages qt)
+  #:use-module (gnu packages readline)
+  #:use-module (gnu packages rsync) ; for httpse
+  #:use-module (gnu packages rust)
+  #:use-module (gnu packages rust-apps)
+  #:use-module (gnu packages sqlite)
   #:use-module (gnu packages tls)
-  #:use-module (gnu packages w3m))
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages vim) ; for xxd
+  #:use-module (gnu packages w3m)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xorg)
+  #:use-module (gnu packages xml) ; for httpse
+  #:use-module (ice-9 match)
+  #:use-module ((srfi srfi-1) #:hide (zip)))
 
 (define-public tor
   (package
@@ -398,3 +435,794 @@ incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.
 The obfs naming was chosen primarily because it was shorter, in terms of
 protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")
    (license license:gpl3+)))
+
+;; Upstream does not seem to keep tor-browser and tor-browser-build versions
+;; in sync
+(define %torbrowser-version "68.12.0esr-9.5-1")
+(define %torbrowser-build-version "9.5.4")
+(define %torbrowser-build "build1")
+(define %torbrowser-build-id "20200729000000");must be of the form YYYYMMDDhhmmss
+
+;; Fonts for Tor Browser. Avoid downloading 4Gb+ git repo on
+;; https://github.com/googlei18n/noto-fonts.git to use just a handful.
+;; Use the fonts on Tor Browser release tarball.
+(define torbrowser-fonts
+  (package
+   (name "torbrowser-fonts")
+   ; Tor Browser fonts did not change since last release and were not available
+   ; when this version was built, the previous version were kept.
+   ;(version %torbrowser-build-version)
+   (version "9.5.3")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://dist.torproject.org/torbrowser/"
+                         version "/tor-browser-linux64-"
+                         version "_en-US.tar.xz"))
+     (sha256
+      (base32
+       "1kqvr0sag94xdkq85k426qq1hz2b52m315yz51w6hvc87d8332b4"))))
+   (build-system trivial-build-system)
+   (native-inputs
+    `(("tar" ,tar)
+      ("xz" ,xz)))
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (let ((src (assoc-ref %build-inputs "source"))
+                        (src-dir "tor-browser_en-US/Browser/fonts")
+                        (fonts (string-append %output "/share/fonts"))
+                        (tar (assoc-ref %build-inputs "tar"))
+                        (xz (assoc-ref %build-inputs "xz")))
+                    (mkdir-p fonts)
+                    (format #t "Untaring torbrowser ball ...~%")
+                    (invoke (string-append tar "/bin/tar") "-xf" src
+                            "-C" fonts "--strip-components=3"
+                            (string-append "--use-compress-program=" xz "/bin/xz")
+                            src-dir)
+                    #t))))
+   (home-page "https://github.com/googlei18n/noto-fonts")
+   (synopsis "Tor Browser bundled fonts")
+   (description "Free fonts bundled with Tor Browser.  Includes a subset of Noto,
+Arimo, Cousine, Tinos and STIX fonts.")
+   (license license:silofl1.1)))
+
+(define tor-browser-build
+  (let ((commit (string-append "tbb-" %torbrowser-build-version
+                               "-" %torbrowser-build)))
+    (package
+     (name "tor-browser-build")
+     (version %torbrowser-build-version)
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://git.torproject.org/builders/tor-browser-build.git")
+             (commit commit)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "0mq9ml8p0l2nnwjgr6dqn00pzk7h5zpi3hhr093hq99bapxs3wcs"))))
+     (build-system trivial-build-system)
+     (arguments
+      `(#:modules ((guix build utils))
+        #:builder (begin
+                    (use-modules (guix build utils))
+                    (format #t "Copying build scripts ...~%")
+                    (copy-recursively (string-append
+                                       (assoc-ref %build-inputs "source")
+                                       "/projects/tor-browser")
+                                      %output
+                                      #:log (%make-void-port "w")))))
+     (home-page "https://www.torproject.org")
+     (synopsis "Tor Browser Builder scripts")
+     (description "Tor Browser build and runtime scripts.")
+     (license (license:non-copyleft "file://LICENSE")))))
+
+(define torbutton
+  (let ((commit "ebe2bedab44e38f18c7968bd327d99eef7660f34"))
+    (package
+     (name "torbutton")
+     (version %torbrowser-build-version)
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://git.torproject.org/torbutton.git")
+             (commit commit)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "03xdyszab1a8j98xv6440v4lq58jkfqgmhxc2a62qz8q085d2x83"))))
+     (build-system trivial-build-system)
+     (arguments
+      `(#:modules ((guix build utils))
+        #:builder (begin
+                    (use-modules (guix build utils))
+                    (format #t "Copying source ...~%")
+                    (copy-recursively (assoc-ref %build-inputs "source")
+                                      %output
+                                      #:log (%make-void-port "w")))))
+     (home-page "https://www.torproject.org")
+     (synopsis "Tor Browser built-in extension")
+     (description "Browser extension needed to build and run Tor Browser.")
+     (license (license:non-copyleft "file://LICENSE")))))
+
+(define tor-launcher
+  (package
+   (name "tor-launcher")
+   (version "0.2.21.8")
+   (source
+    (origin
+     (method git-fetch)
+     (uri (git-reference
+           (url "https://git.torproject.org/tor-launcher.git")
+           (commit version)))
+     (file-name (git-file-name name version))
+     (sha256
+      (base32
+       "1mm1z7gv9dv6ymbr3vsg0lsnhnn84zrb6qsa164hmaxcfrwfhz5d"))))
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (format #t "Copying source ...~%")
+                  (copy-recursively (assoc-ref %build-inputs "source")
+                                    %output
+                                    #:log (%make-void-port "w")))))
+   (home-page "https://www.torproject.org")
+   (synopsis "Tor Browser built-in controler extension")
+   (description "Browser extension that starts the tor process (which
+connects the browser and other applications to the Tor Network), and
+which helps people configure and use @code{tor}. The first window that
+you see when you start Tor Browser is displayed by this extension.")
+   (license (license:non-copyleft "file://src/LICENSE"))))
+
+;; This package is actually a cargo crate, so it should be moved to
+;; crates-io.scm and made public once the cross building to wasm32 is
+;; successful.
+(define https-everywhere-lib-wasm
+  (let ((commit "af199004083ce200f285735f68a5a57c47eed0e6"))
+  (package
+   (name "https-everywhere-lib-wasm")
+   (version "2020.08.13")
+   (source
+    (origin
+     (method git-fetch)
+      (uri (git-reference
+            (url "https://github.com/EFForg/https-everywhere-lib-wasm")
+            (commit commit)))
+      (file-name (git-file-name name version))
+      (sha256
+       (base32
+        "14xv637hf9kzdyr2w0cvx0g5if9nrzflf29p1spdl228yqlv9d5r"))))
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (format #t "Copying source ...~%")
+                  (copy-recursively (assoc-ref %build-inputs "source")
+                                    %output
+                                    #:log (%make-void-port "w")))))
+   (home-page "https://github.com/EFForg/https-everywhere-lib-wasm")
+   (synopsis "Rust library for https-everywhere browser extension")
+   (description "Rust library for https-everywhere browser
+extension.")
+   (license license:gpl2+))))
+
+;; This should probably go elsewhere on the file system and made
+;; public in order to be shared between Tor Browser and IceCat once
+;; lib-wasm gets fixed.
+(define https-everywhere
+  (package
+   (name "https-everywhere")
+   (version "2020.8.13")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://github.com/EFForg/" name
+                         "/archive/" version ".tar.gz"))
+     (sha256
+      (base32
+       "0xb8q7izlyq80zzvj2j7wqp3srxxmi0wgwrb47lc5w38r7yzqjjd"))))
+   (build-system trivial-build-system)
+   (native-inputs
+    `(("bash" ,bash)
+      ("coreutils" ,coreutils)
+      ("findutils" ,findutils)
+      ("git" ,git)
+      ("grep" ,grep)
+      ("gzip" ,gzip)
+      ("https-everywhere-lib-wasm"
+       ,https-everywhere-lib-wasm)
+      ("libxml2" ,libxml2)
+      ("libxslt" ,libxslt)
+      ("openssl" ,openssl)
+      ("python" ,python)
+      ("rsync" ,rsync)
+      ("sed" ,sed)
+      ("tar" ,tar)
+      ("util-linux" ,util-linux) ; for getopt
+      ("which" ,which)
+      ("xxd" ,xxd)
+      ("zip" ,zip)))
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (let ((src (assoc-ref %build-inputs "source"))
+                        (httpse-libwasm (assoc-ref %build-inputs
+                                                   "https-everywhere-lib-wasm"))
+                        (bash (assoc-ref %build-inputs "bash"))
+                        (coreutils (assoc-ref %build-inputs "coreutils"))
+                        (findutils (assoc-ref %build-inputs "findutils"))
+                        ;; Might be worth patching make.sh and remove this.
+                        (git (assoc-ref %build-inputs "git"))
+                        (grep (assoc-ref %build-inputs "grep"))
+                        (gzip (assoc-ref %build-inputs "gzip"))
+                        (libxml2 (assoc-ref %build-inputs "libxml2"))
+                        (libxslt (assoc-ref %build-inputs "libxslt"))
+                        (openssl (assoc-ref %build-inputs "openssl"))
+                        (python (assoc-ref %build-inputs "python"))
+                        ;; Possibly not needed and used to update rules at
+                        ;; build time.
+                        (rsync (assoc-ref %build-inputs "rsync"))
+                        (sed (assoc-ref %build-inputs "sed"))
+                        (tar (assoc-ref %build-inputs "tar"))
+                        (util-linux (assoc-ref %build-inputs "util-linux"))
+                        (which (assoc-ref %build-inputs "which"))
+                        (xxd (assoc-ref %build-inputs "xxd"))
+                        (zip (assoc-ref %build-inputs "zip")))
+                    (setenv "SHELL" (string-append bash "/bin/bash"))
+                    (set-path-environment-variable
+                     "PATH" '("bin")
+                     (list bash sed findutils which git python tar openssl rsync
+                           libxml2 libxslt util-linux grep xxd gzip zip coreutils))
+                    (set-path-environment-variable
+                     "LIBRARY_PATH" '("lib")
+                     (list bash sed findutils which git python tar openssl rsync
+                           libxml2 libxslt util-linux grep xxd gzip zip coreutils))
+                    (format #t "Untaring source tarball ...~%")
+                    (invoke "tar" "-xf" src "--strip-components=1")
+                    ;; Python3.6 is hardcoded on these scripts. Using v3.8 appears
+                    ;; to be harmless.
+                    (substitute*
+                     '("install-dev-dependencies.sh"
+                       "make.sh"
+                       "hooks/precommit"
+                       "test/firefox.sh"
+                       "test/manual.sh"
+                       "test/rules/src/https_everywhere_checker/check_rules.py"
+                       "test/script.py"
+                       "test/validations.sh"
+                       "test/validations/filename/run.py"
+                       "test/validations/relaxng/run.py"
+                       "test/validations/securecookie/run.py"
+                       "test/validations/special/run.py"
+                       "utils/create_zip.py"
+                       "utils/chromium-translations.py"
+                       "utils/create-platform-certs/split_combined_cert_file.py"
+                       "utils/mk-client-whitelist/dbconnect.py"
+                       "utils/mk-client-whitelist/run.py"
+                       "utils/merge-rulesets.py"
+                       "utils/setversion.py"
+                       "utils/zipfile_deterministic.py")
+                     (("python3.6") "python3"))
+                    (make-file-writable "lib-wasm")
+                    (copy-recursively httpse-libwasm
+                                      "lib-wasm"
+                                      #:log (%make-void-port "w"))
+                    ;; Remove precompiled binaries from source. This breaks
+                    ;; http-everywhere at runtime, but building is successful.
+                    ;; Once lib-wasm is successfuly cross-compiled to wasm,
+                    ;; remove this.
+                    (with-directory-excursion "lib-wasm/pkg"
+                      (for-each (lambda (file)
+                        (if (file-exists? file)
+                            (delete-file file)
+                            (display (string-append
+                             "Warning: file " file
+                             " not found! Skipping...\n"))))
+                        '("https_everywhere_lib_wasm.js"
+                          "https_everywhere_lib_wasm_bg.wasm")))
+                    (for-each patch-shebang
+                              (find-files "."
+                                          (lambda (file stat)
+                                            ;; Filter out symlinks.
+                                            (eq? 'regular (stat:type stat)))
+                                          #:stat lstat))
+                    ;; Failing to generate the xpi, but copy-dir appears to be
+                    ;; enough.
+                    (invoke "./make.sh")
+                    (copy-recursively "pkg/xpi-eff" %output
+                                      #:log (%make-void-port "w"))
+                    #t))))
+   (home-page "https://www.eff.org/https-everywhere")
+   (synopsis "Browser extension for automatic HTTPS usage")
+   (description "Browser extension that automatically makes the browser to
+use HTTPS instead of plain HTTP when the remote destination makes it
+available to users.")
+   (license license:gpl2+)))
+
+;; Currently there seems to be no binaries on this package, but in
+;; order to avoid the possibility of one getting silently added,
+;; this needs reworking to make it build from source.
+(define noscript
+  (package
+   (name "noscript")
+   (version "11.0.38")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://secure.informaction.com/download/releases/"
+                         name "-" version ".xpi"))
+     (sha256
+      (base32
+       "0f77dh1qj02ayrxiz98px0kl0dlza65fpjzq56nsmhrxmmyrby4c"))))
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (format #t "Copying source ...~%")
+                  (copy-file (assoc-ref %build-inputs "source")
+                             %output))))
+   (home-page "https://noscript.net")
+   (synopsis "Browser extension for protection against known attacks")
+   (description "Browser extension that protects users from a range of
+known attacks on web browsing activity such as Cross-site scripting, clickjack
+and makes possible for the users to block or choose on a per site basis which
+remote javascript to run while browsing the web.")
+   (license license:gpl2+)))
+
+;; (Un)fortunatly Tor Browser has it's own reproducible build system - RBM -
+;; which automates the build process for them and compiles Tor Browser from a
+;; range of repositories and produces a range of tarballs for different
+;; architectures and locales. So we need to cherry-pick what is needed for
+;; guix and produce our own tarball. See
+;; https://gitweb.torproject.org/builders/tor-browser-build.git/projects/\
+;; {tor-browser,firefox}/{build,config} for the rationale applied here. See
+;; also the Hacking on Tor Browser document for a high level introduction at
+;; https://trac.torproject.org/projects/tor/wiki/doc/Tor Browser/Hacking.
+;;
+;; TODO: Import langpacks.
+(define-public torbrowser-unbundle
+  (let ((commit (string-append "tor-browser-" %torbrowser-version
+                               "-" %torbrowser-build)))
+    (package
+     (name "torbrowser-unbundle")
+     (version %torbrowser-build-version)
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://git.torproject.org/tor-browser.git")
+             (commit commit)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "02pxbhv64l575p2s2i365v53qyqynn272f64b6gqfrcvhn920g09"))))
+     (build-system gnu-build-system)
+     (inputs
+      `(("alsa-lib" ,alsa-lib)
+        ("bzip2" ,bzip2)
+        ("cups" ,cups)
+        ("dbus-glib" ,dbus-glib)
+        ("ffmpeg" ,ffmpeg)
+        ("freetype" ,freetype)
+        ("gdk-pixbuf" ,gdk-pixbuf)
+        ("glib" ,glib)
+        ("gtk+" ,gtk+)
+        ("gtk+-2" ,gtk+-2)
+        ("graphite2" ,graphite2)
+        ("harfbuzz" ,harfbuzz)
+        ("icu4c" ,icu4c)
+        ("libcanberra" ,libcanberra)
+        ("libgnome" ,libgnome)
+        ("libjpeg-turbo" ,libjpeg-turbo)
+        ("libogg" ,libogg)
+        ;; ("libtheora" ,libtheora) ; wants theora-1.2, not yet released
+        ("libvorbis" ,libvorbis)
+        ("libxft" ,libxft)
+        ("libevent" ,libevent)
+        ("libxinerama" ,libxinerama)
+        ("libxscrnsaver" ,libxscrnsaver)
+        ("libxcomposite" ,libxcomposite)
+        ("libxt" ,libxt)
+        ("libffi" ,libffi)
+        ("libvpx" ,libvpx)
+        ("mesa" ,mesa)
+        ("mit-krb5" ,mit-krb5)
+        ;; See <https://bugs.gnu.org/32833>
+        ;;   and related comments in the 'remove-bundled-libraries' phase.
+        ;; UNBUNDLE-ME! ("nspr" ,nspr)
+        ;; UNBUNDLE-ME! ("nss" ,nss)
+        ("obfs4" ,obfs4)
+        ("pango" ,pango)
+        ("pixman" ,pixman)
+        ("pulseaudio" ,pulseaudio)
+        ("shared-mime-info" ,shared-mime-info)
+        ("sqlite" ,sqlite)
+        ("startup-notification" ,startup-notification)
+        ("tor" ,tor-client)
+        ("unzip" ,unzip)
+        ("zip" ,zip)
+        ("zlib" ,zlib)))
+     (native-inputs
+      `(("autoconf" ,autoconf-2.13)
+        ("bash" ,bash)
+        ("cargo" ,rust "cargo")
+        ("clang" ,clang)
+        ("https-everywhere" ,https-everywhere)
+        ("llvm" ,llvm)
+        ("patch" ,(canonical-package patch))
+        ("torbrowser-start-tor-browser.patch"
+         ,(search-patch "torbrowser-start-tor-browser.patch"))
+        ("torbrowser-start-tor-browser.desktop.patch"
+         ,(search-patch "torbrowser-start-tor-browser.desktop.patch"))
+        ("perl" ,perl)
+        ("pkg-config" ,pkg-config)
+        ("python" ,python)
+        ("python2" ,python-2.7)
+        ("python2-pysqlite" ,python2-pysqlite)
+        ("nasm" ,nasm)  ; XXX FIXME: only needed on x86_64 and i686
+        ("node" ,node)
+        ("noscript" ,noscript)
+        ("rust" ,rust)
+        ("rust-cbindgen" ,rust-cbindgen)
+        ("tor-browser-build" ,tor-browser-build)
+        ("torbrowser-fonts" ,torbrowser-fonts)
+        ("tor-launcher" ,tor-launcher)
+        ("torbutton" ,torbutton)
+        ("which" ,which)
+        ("yasm" ,yasm)))
+     (arguments
+      `(#:tests? #f ; Some tests are autodone by mach on build fase.
+
+        ;; XXX: There are RUNPATH issues such as
+        ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so,
+        ;; which is not in its RUNPATH, but they appear to be harmless in
+        ;; practice somehow.  See <http://hydra.gnu.org/build/378133>.
+        #:validate-runpath? #f
+        #:imported-modules ,%cargo-utils-modules ;for `generate-all-checksums'
+        ;; This modules where copied from IceCat package definition and some
+        ;; of them are probably not needed anymore. TODO: verify if/which
+        ;; are still needed.
+        #:modules ((ice-9 ftw)
+                   (ice-9 rdelim)
+                   (ice-9 regex)
+                   (ice-9 match)
+                   (srfi srfi-34)
+                   (srfi srfi-35)
+                   (rnrs bytevectors)
+                   (rnrs io ports)
+                   (guix elf)
+                   (guix build gremlin)
+                   (guix build utils)
+                   (sxml simple)
+                   ,@%gnu-build-system-modules)
+        #:phases
+        (modify-phases %standard-phases
+          (add-after 'unpack 'make-bundle
+            (lambda* (#:key inputs native-inputs #:allow-other-keys)
+              (let ((torbutton (assoc-ref inputs "torbutton"))
+                    (torbutton-dir "toolkit/torproject/torbutton")
+                    (tor-launcher (assoc-ref inputs "tor-launcher"))
+                    (tor-launcher-dir "browser/extensions/tor-launcher")
+                    (tbb (assoc-ref inputs "tor-browser-build"))
+                    (tbb-scripts-dir "tbb-scripts"))
+                (format #t "Copying torbutton source to default path ...~%")
+                (make-file-writable torbutton-dir)
+                (copy-recursively torbutton torbutton-dir
+                                  #:log (%make-void-port "w"))
+                (format #t "Copying tor-launcher ...~%")
+                (copy-recursively tor-launcher tor-launcher-dir
+                                  #:log (%make-void-port "w"))
+                (format #t "Copying tor-browser-build ...~%")
+                (mkdir tbb-scripts-dir)
+                (copy-recursively tbb tbb-scripts-dir
+                                  #:log (%make-void-port "w"))
+                (make-file-writable (string-append
+                                     tbb-scripts-dir
+                                     "/RelativeLink/start-tor-browser"))
+                (make-file-writable (string-append
+                                     tbb-scripts-dir
+                                     "/RelativeLink/start-tor-browser.desktop")))
+              #t))
+
+          (add-after 'make-bundle 'apply-guix-specific-patches
+            (lambda* (#:key inputs native-inputs #:allow-other-keys)
+              (let ((patch (string-append (assoc-ref (or native-inputs inputs)
+                                                     "patch")
+                                          "/bin/patch")))
+                (for-each (match-lambda
+                  ((label . file)
+                     (when (and (string-prefix? "torbrowser-" label)
+                       (string-suffix? ".patch" label))
+                       (format #t "applying '~a'...~%" file)
+                       (invoke patch "--force" "--no-backup-if-mismatch"
+                                     "-p1" "--input" file))))
+                  (or native-inputs inputs)))
+              #t))
+
+          ;; On mach build system this is done on configure.
+          (delete 'bootstrap)
+
+          (add-after 'patch-source-shebangs 'patch-cargo-checksums
+            (lambda _
+              (use-modules (guix build cargo-utils))
+              (let ((null-hash
+                     "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"))
+                (substitute* '("Cargo.lock" "gfx/wr/Cargo.lock")
+                  (("(\"checksum .* = )\".*\"" all name)
+                   (string-append name "\"" null-hash "\"")))
+                (generate-all-checksums "third_party/rust"))
+              #t))
+
+          (add-after 'build 'neutralize-store-references
+            (lambda _
+              ;; Mangle the store references to compilers & other build tools in
+              ;; about:buildconfig, reducing Tor Browser's closure significant.
+              ;; The resulting files are saved in lib/firefox/omni.ja
+              (substitute*
+               "objdir/dist/bin/chrome/toolkit/content/global/buildconfig.html"
+               (((format #f "(~a/)([0-9a-df-np-sv-z]{32})"
+                         (regexp-quote (%store-directory))) _ store hash)
+                (string-append store
+                               (string-take hash 8)
+                               "<!-- Guix: not a runtime dependency -->"
+                               (string-drop hash 8))))
+              #t))
+
+          (replace 'configure
+            (lambda* (#:key inputs outputs configure-flags #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (bash (which "bash"))
+                     (flags `(,(string-append "--prefix=" out)
+                                              ,@configure-flags)))
+                (setenv "SHELL" bash)
+                (setenv "AUTOCONF" (string-append
+                                    (assoc-ref %build-inputs "autoconf")
+                                               "/bin/autoconf"))
+                (setenv "CONFIG_SHELL" bash)
+                (setenv "PYTHON" (string-append
+                                  (assoc-ref inputs "python2")
+                                  "/bin/python"))
+                (setenv "MOZ_BUILD_DATE"
+                        ,%torbrowser-build-id) ; avoid timestamp.
+                (setenv "LDFLAGS" (string-append
+                                   "-Wl,-rpath="
+                                   (assoc-ref outputs "out")
+                                   "/lib/firefox"))
+                ;; This needs reworking to use the mozconfig available on
+                ;; tor-browser-builder repo which is the one Tor Project
+                ;; actually uses and which warranted some of the changes
+                ;; below.
+                (substitute* ".mozconfig"
+                  ;; Arch independent builddir.
+                  (("(mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj).*" _ m)
+                   (string-append m "dir\n"))
+                  (("ac_add_options --disable-tor-launcher") "")
+                  ;; We won't be building incrementals.
+                  (("ac_add_options --enable-signmar") "")
+                  (("ac_add_options --enable-verify-mar") "")
+                  (("ac_add_options --with-tor-browser-version=dev-build")
+                   (string-append
+                    "ac_add_options --with-tor-browser-version=org.gnu\n"
+                    "ac_add_options --with-unsigned-addon-scopes=app\n"
+                    "ac_add_options --enable-pulseaudio\n"
+                    "ac_add_options --disable-debug-symbols\n"
+                    "ac_add_options --disable-updater\n"
+                    "ac_add_options --disable-gconf\n"
+                    ;; Other syslibs that can be unbundled? (nss, nspr)
+                    "ac_add_options --enable-system-pixman\n"
+                    "ac_add_options --enable-system-ffi\n"
+                    "ac_add_options --with-system-bz2\n"
+                    "ac_add_options --with-system-icu\n"
+                    "ac_add_options --with-system-jpeg\n"
+                    "ac_add_options --with-system-libevent\n"
+                    "ac_add_options --with-system-zlib\n"
+                    ;; Without these clang is not found.
+                    "ac_add_options --with-clang-path="
+                    (assoc-ref %build-inputs "clang") "/bin/clang\n"
+                    "ac_add_options --with-libclang-path="
+                    (assoc-ref %build-inputs "clang") "/lib\n")))
+
+                (substitute* "browser/app/profile/000-tor-browser.js"
+                  ;; Tor Browser updates are disabled on mozconfig, but let's be sure.
+                  (("(pref\\(\"extensions.torbutton.versioncheck_enabled\").*" _ m)
+                   (string-append m ",false);\n")))
+
+                (substitute*
+                 "browser/extensions/tor-launcher/src/defaults/preferences/torlauncher-prefs.js"
+                  ;; Not multilingual. See tor-browser/build:141. Currently disabled on
+                  ;; tor-launcher, but let's make sure while missing langpacks.
+                 (("(pref\\(\"extensions.torlauncher.prompt_for_locale\").*" _ m)
+                  (string-append m ", false);\n")))
+
+                ;; For user data outside the guix store.
+                (substitute* "xpcom/io/TorFileUtils.cpp"
+                  (("ANDROID") "GNUGUIX"))
+                   (substitute* "old-configure.in"
+                  (("(AC_SUBST\\(TOR_BROWSER_DISABLE_TOR_LAUNCHER\\))" _ m)
+                   (string-append m "\n AC_DEFINE(GNUGUIX)\n")))
+
+                (format #t "Invoking mach configure ...~%")
+                (invoke "./mach" "configure"))
+              #t))
+
+          (replace 'build
+            (lambda _ (invoke "./mach" "build")
+              #t))
+
+          ;; Tor Browser just do a stage-package here and copy files to its places.
+          (replace 'install
+            (lambda* (#:key inputs native-inputs outputs
+                      configure-flags #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (applications (string-append out "/share/applications"))
+                     (build "objdir/dist/firefox")
+                     (bin (string-append out "/bin"))
+                     (lib (string-append out "/lib/firefox"))
+                     (start-script
+                      "tbb-scripts/RelativeLink/start-tor-browser")
+                     (desktop-file
+                      "tbb-scripts/RelativeLink/start-tor-browser.desktop"))
+                (invoke "./mach" "build" "stage-package")
+                ;; Tor Browser doesn't use those.
+                ;; See: tor-browser-build.git/projects/firefox/build:167
+                (format #t "Deleting spurious files ...~%")
+                (with-directory-excursion build
+                  (for-each (lambda (file)
+                              (if (file-exists? file)
+                                  (delete-file file)
+                                  (display (string-append
+                                            "Warning: file " file
+                                            " not found! Skipping...\n"))))
+                            '("firefox-bin" "libfreeblpriv3.chk" "libnssdbm3.chk"
+                              "libsoftokn3.chk" "fonts/TwemojiMozilla.ttf")))
+                (rmdir (string-append build "/fonts"))
+                (format #t "Creating install dirs ...~%")
+                (mkdir-p applications)
+                (mkdir-p lib)
+                (mkdir bin)
+                (format #t "Copying files to install dirs ...~%")
+                (copy-recursively build (string-append lib "/")
+                                  #:log (%make-void-port "w"))
+                (copy-file start-script
+                           (string-append lib "/start-tor-browser"))
+                (copy-file desktop-file
+                           (string-append lib "/start-tor-browser.desktop"))
+                (chmod (string-append lib "/start-tor-browser") #o555)
+                (chmod (string-append lib "/start-tor-browser.desktop") #o555)
+                (format #t "Linking start-tor-browser script ...~%")
+                (symlink (string-append lib "/start-tor-browser")
+                         (string-append bin "/start-tor-browser"))
+                (format #t "Installing desktop file ...~%")
+                (install-file desktop-file applications))
+              #t))
+
+          (add-after 'install 'install-icons
+            (lambda* (#:key outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (icons-src (string-append
+                                 out "/lib/firefox/browser/chrome/icons/default")))
+                (with-directory-excursion
+                 icons-src
+                 (for-each
+                   (lambda (file)
+                     (let* ((size (string-filter char-numeric? file))
+                            (icons (string-append out "/share/icons/hicolor/"
+                                                  size "x" size "/apps")))
+                       (mkdir-p icons)
+                       (copy-file file (string-append icons "/torbrowser.png"))))
+                   '("default16.png" "default32.png" "default48.png" "default64.png"
+                     "default128.png"))))
+              #t))
+
+          (add-after 'install-icons 'install-fonts
+            (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (lib (string-append out "/lib/firefox/"))
+                     (fonts  (string-append (or (assoc-ref native-inputs
+                                                           "torbrowser-fonts")
+                                                (assoc-ref inputs
+                                                           "torbrowser-fonts"))
+                                            "/share")))
+                (copy-recursively fonts lib
+                                  #:log (%make-void-port "w"))
+                (symlink (string-append lib "/fonts")
+                         (string-append out "/share/fonts")))
+              #t))
+
+          (add-after 'install-fonts 'install-extensions
+            (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (ext (string-append out "/lib/firefox/browser/extensions"))
+                     (noscript-id "{73a6fe31-595d-460b-a920-fcc0f8843232}")
+                     (httpse-id "https-everywhere-eff@eff.org")
+                     (noscript (assoc-ref inputs "noscript"))
+                     (httpse (assoc-ref inputs "https-everywhere")))
+                (mkdir-p ext)
+                (copy-file noscript (string-append
+                                     ext "/" noscript-id ".xpi"))
+                (copy-recursively httpse
+                                  (string-append ext "/" httpse-id)
+                                  #:log (%make-void-port "w"))
+                (chmod (string-append ext "/" noscript-id ".xpi") #o555))
+              #t))
+
+          (add-after 'install-extensions 'link-binaries
+            (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (tordir (string-append out "/lib/firefox/TorBrowser/Tor"))
+                     (ptdir (string-append tordir "/PluggableTransports"))
+                     (obfs4 (string-append (assoc-ref inputs "obfs4")
+                                           "/bin/obfs4proxy"))
+                     (tor (string-append (assoc-ref inputs "tor")
+                                         "/bin/tor")))
+                (mkdir-p ptdir)
+                (symlink tor (string-append tordir "/tor"))
+                (symlink obfs4 (string-append ptdir "/obfs4proxy")))
+              #t))
+
+          (add-after 'link-binaries 'copy-bundle-data
+            (lambda* (#:key inputs native-inputs outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (lib (string-append out "/lib/firefox"))
+                     (tbb "tbb-scripts")
+                     (ptconf (string-append tbb "/Bundle-Data/PTConfigs"))
+                     (docs (string-append lib "/TorBrowser/Docs"))
+                     (data (string-append lib "/TorBrowser/Data")))
+                (mkdir-p data)
+                (mkdir docs)
+                (with-directory-excursion
+                 (string-append tbb "/Bundle-Data/linux/Data")
+                 (for-each (lambda (file)
+                             (copy-recursively file
+                                               (string-append data "/" file)
+                                               #:log (%make-void-port "w")))
+                           '("Browser" "fontconfig" "Tor")))
+                (copy-file (string-append ptconf "/linux/torrc-defaults-appendix")
+                           (string-append data "/Tor/torrc-defaults-appendix"))
+                (copy-file (string-append ptconf "/bridge_prefs.js")
+                           (string-append
+                            data "/Browser/bridge-prefs-js-appendix"))
+                (copy-recursively (string-append tbb "/Bundle-Data/Docs")
+                                  (string-append docs "/")
+                                  #:log (%make-void-port "w")))
+              #t))
+
+          ;; This fixes the file chooser crash that happens with GTK 3
+          (add-after 'copy-bundle-data 'wrap-program
+            (lambda* (#:key inputs outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (lib (string-append out "/lib/firefox"))
+                     (gtk (assoc-ref inputs "gtk+"))
+                     (gtk-share (string-append gtk "/share"))
+                     (mesa (assoc-ref inputs "mesa"))
+                     (mesa-lib (string-append mesa "/lib"))
+                     (pulseaudio (assoc-ref inputs "pulseaudio"))
+                     (pulseaudio-lib (string-append pulseaudio "/lib"))
+                     (libxscrnsaver (assoc-ref inputs "libxscrnsaver"))
+                     (libxscrnsaver-lib (string-append libxscrnsaver "/lib")))
+                (wrap-program (car (find-files lib "^firefox$"))
+                  `("XDG_DATA_DIRS" prefix (,gtk-share))
+                  `("LD_LIBRARY_PATH" prefix (,pulseaudio-lib ,mesa-lib
+                                              ,libxscrnsaver-lib))))
+              #t)))))
+     (home-page "https://www.torproject.org")
+     (synopsis "Anonymous browser derived from Mozilla Firefox")
+     (description
+      "Tor Browser is the Tor Project version of Firefox browser.  It is
+the only recommended way to anonymously browse the web that is supported by
+the project.  It modifies Firefox in order to avoid many know application
+level attacks on the privacy of Tor users.
+
+WARNING: This is not the official Tor Browser and is currently on testing.
+Https-everywhere browser extension is currently not working so use it at
+your own risk and please report back on guix channels if you find any
+issues.")
+     (license license:mpl2.0)))) ;and others, see toolkit/content/license.html
-- 
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g2r0FgwPCZwAACgkQ
YrJ+WmBEwoKGGw/9HRnrHlU+lbO14mMyBmsIrredmncbnRjEN7remBa6S18rpd+E
7BQhDFd/r4/xy8t/5nbwn92vb/IXfAaXfFiN5tB4OwE7rbjUwMz1ArlcrH+RmE4L
qO8gH4MQqZvhm/ka0ISwnXRr077Jaz6eYQdh0vnffogoWuLLz8nzlCAr4R1Gvz2P
v5DtGBlFqmpBGIC7Y4os3Ro9MI0aqsNdOcrtIm9NICALDOoo3O+Ik+0FeqrgcZFB
gNC266E1oHY7UX4WIZV/dogBtYE8CXPsnDst+VHurtaxr0ExAkexAdcFKodHtQsN
SwmTw5GgEAc+B3GXgqgSmfGFeXJjXmLxbtb5dkn/Vgl0n/9b+6B5AZpC26BYEcQ9
8Y/4ru64iT5jYlKveXCYe1gK0fvyQad8AOllmiGm6lq2anS2T02JMAgQ3xUXAvXw
sqI0UADlW5OMLjwKrGAVIFb9MVXlfWEXzWwQ69gWH3So5kFFlHcWaaWkdAiE3hB5
5Jsdz8jfiWXWg2Pc7r2lEqsFDiRnO0Q1/U7WWuQg2tVpDkmSFZuSPs0GICBGjX/0
kW8lQehJhVJlYIEHss5bh8rR4Glc6svJt1notxcqM9mNHARPr6A9pbyFSctM0fgf
fCObXFma6f6ZKj/TerhYSSYVLvfqdvNEG/t2ulxwzDyQBuRlP9rptIJ6ej4=
=gmmN
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 15 Sep 2020 17:23
Re: [bug#42380] Wow!
(name . Raghav Gururajan)(address . raghavgururajan@disroot.org)(address . 42380@debbugs.gnu.org)
20200915152332.GJ13296@andel
Hello Raghav,

sáb 12 set 2020 às 09:35:17 (1599914117), raghavgururajan@disroot.org enviou:
Toggle quote (3 lines)
>
> Thank you all for the hard work. This is a high-time package.

Thank you as well. :)

Toggle quote (3 lines)
> Any idea on when it can be merged to master?, at-least a minimally
> viable package?

As of now, I think it's a viable package, but there's still room
for improvement on its definition. If you also care that this
package is available on Guix, I guess the easiest and most
important thing to do right now is to apply the patch series
that I've sent, try it out and report back on your experience.

Happy hacking!
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9g3HMFgwPCZwAACgkQ
YrJ+WmBEwoLTiBAAkEE12XTXYe15W4Z/u116sVByrHkXFhKQA8FNwnBxF3tnUlJk
xXXH6O3u6EQlkwSDbktqSSzpf0U27U7+/fGgLVS2OIG4FYlkxOw1cIM0ehkmcG5X
KgYoFHuibz059PZh+BYSr+Yu7gz+Hf7XwrySkgcBQlIo8OCI06t0VSuZMFZDoDre
k3nc/Up4idMZVmht/U/VLQ2ExANmYTb+IdM41WbdCZH3novMtch/0T1yciy4vDNl
3cYc/pAdVSILDPZVUl3ZsixcBKfRSGTuBs6k/GfmT41RFcm6t4Pc4sQW5jsPNToj
Rs1QCHIdlw148E/B7emsgulbNBCOG6dKeI6TTXukXC5351PsjiTt8puzZKXClR4k
GALFJJvo4U/EAG172F6wpkm8+BBUWLR1BzwNKjNWxAJA4zh2LRprenU/Gfq15i0H
Ooh2k4L5E/Zh6Cgi6InGdK2b21DTGGi0deszXO2zq+Zc9Fmm78ETNPodfSZhNdDe
+h+4YQLosAgjcjnRKUDQLCMbAXJOMkesIHRTQWz/iabC/UKUIIPhTDs676Ta2PSs
15nM1bmS0yQP893J32kiFeAVwo2xTcLeKCILlMP0tHrHEzArw1Y/lFNkUvLAyn2+
8m6sWlBX8UAhLwm/oSW//3BfmX/vhe0RFhs6M9JxRuoZTDn6Emm39ErVCHo=
=qajb
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 16 Sep 2020 00:50
Re: [bug#42380] [PATCH 2v2/9] gnu: Add go-github-com-agl-ed25519
(address . 42380@debbugs.gnu.org)
20200915225004.GA19089@andel
There was an indentation error which is fixed on this version.
From eee248ad09b5c90522be5cb3cb3f40d8ad73ec20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Tue, 15 Sep 2020 19:35:56 -0300
Subject: [PATCH] gnu: Add go-github-com-agl-ed25519.
To: 42380@debbugs.gnu.org

* gnu/packages/golang.scm (go-github-com-agl-ed25519): New variable.
---
gnu/packages/golang.scm | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)

Toggle diff (48 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 0bcb01fd2f..877295de72 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5680,3 +5680,41 @@ error messages.")
 Transports are a means of connecting to the Tor Network from places where it
 is censored.")
    (license license:cc0)))
+
+(define-public go-github-com-agl-ed25519
+  (let ((commit "c4161f4c7483313562781c61b9a20aba73daf9de")
+        (revision "0"))
+    (package
+     (name "go-github-com-agl-ed25519")
+     (version (git-version "0.0.0" revision commit))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/agl/ed25519")
+             (commit commit)))
+       (file-name (string-append name "-" version "-checkout"))
+       (sha256
+        (base32
+         "1wjlbzi0w63rmlzgk3amw274wsl0zhcn4yx2lraffbkhqappahxc"))))
+     (build-system go-build-system)
+     (arguments
+      '(#:import-path "github.com/agl/ed25519"
+        #:phases
+        (modify-phases %standard-phases
+          (add-before 'reset-gzip-timestamps 'make-files-writable
+            (lambda* (#:key outputs #:allow-other-keys)
+              (let ((out (assoc-ref outputs "out")))
+                (for-each (lambda (file) (chmod file #o644))
+                  (find-files out "\\.gz"))
+              #t))))))
+     (home-page "https://github.com/agl/ed25519")
+     (synopsis "Go library for ed25519 public-key signatures")
+     (description "This library is a Go implementation of ed25519 public-key
+signature system which was designed to be faster than previous digital signature
+systems without sacrificing security.  It is currently used in the
+implementation of obfs4 and should be not be used on newer projects since it
+is unmaintained.  Newer software should use x-crypto instead.")
+     ;; License file is referred but it is missing. Probably because the
+     ;; author decided to discontinue the project.
+     (license (license:non-copyleft "file://ed25519.go")))))
-- 
2.27.0
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9hRRoFgwPCZwAACgkQ
YrJ+WmBEwoKMQw/+PKcY+cngB+hTyWXVAEW/3knNzriJczAY7UOnYqgHtjo0qukI
luWS21qF5ECB0kxCb5j5A3a+UxCq9rbJ7Skid2BTliKVXP3PSAlWjLHpf79ZuBJx
MOHQRN9QE3I3vymYwrEaASs/IA75V//3FK+xjTyrxffq6GrWXBsgPdZoTpIrWkb2
r6ZnkMTBSkmWiAdfsu/5f/XzcPo8AGccSAofostcUPsMgVJKNXDjcFL4D7syMZRw
0AUb+hmx66O4mDwVRELzRUNoz81F/NDIuMobOMiAKG/HT9ggWdZJUjPzjduvaD13
27Ehj+MNGL/4hGUF+/8QD6pxUCrJF/83VfR4qmNoITdlXeI7RhbFB8OmbWwf7X9R
G/Y/QlF6Imi9GIgvc3e/IZ1uGVji4bwo9dI6aNFV5ephzASVfAcI3XyicUedBCvG
UYmwOsLbAv5XQIJrW5hlLoS2Xj7+vAmYu6IuoppF/C2YT/63mVX6k0+dUjee/x4Z
+D46QK5kV33LjTeI4M1Zl63RekIY3ZDqBboz5OxAyzNhbtYRWEhJjLxbAwwSjjk0
fkPqmIgik7feQyZV41IslxSXgDJ/5eWgKOIBM06vCcmrDqROPFhT36o1lz7N+Xe4
uxzL5yWHBwGb73d+5c9o3mnt8EQDpoJWlCpbShAoaSlpMGDEpoodAJVmYFc=
=Z7ih
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 16 Sep 2020 00:53
Re: [bug#42380] [PATCH 3/9] gnu: Add go-github-com-dchest-siphash
(address . 42380@debbugs.gnu.org)
20200915225339.GB19089@andel
Just in case, the 'zero' on the subject was a mistake.

My apologies for the noise.
-----BEGIN PGP SIGNATURE-----

iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl9hRfIFgwPCZwAACgkQ
YrJ+WmBEwoJnRQ/+OpiRMFQNliCt2aO0tm8ebPH4OOvaN/ZUHi9ELhPHy+8KbQ4h
e3gHIO4bjXBg2P8aFOr2ZkM/fQqVNV8Elq5jBQOKw0qXMbb5wbnmN1X43B5ictrM
m+HTXULPuSMkgaOD9YvHN/0v/kP3giHQ3ECZI6No3e/2NyzVg7LOrYPSLNGHE0kX
b4NGaGSv7LbxXXea/OjjBWu9FG8v7AXSki5I8HU0FLBrp0UjfPK1KTCuRI0rrFf8
K3FVFrepfN17QT2G8eEAR2Xrk4Kv6QrOAHQtQBMY9kl4G5eduTVHxVBKBmF5l5Zu
DIIYVgeO4cKQ20zhgVSyY3dJ/I2hlfCkihDT0I/DbzW1huGoSTYTaxP5RzUs8CG0
/dlMv8cm27VRtcT/rBfZTmBbnzT4UtrPZAA8mKkxysHh2gFSi+33Zp1GPnU507Co
feWKE1q1npjfiUXCaJqfKD8O8KIyEU3F3h5GArG3pROdjCxKXJP9sJNXp5v/oMgG
9PJZwIRSquCWlvs6Xrt9CDWgMpDDzdE2cBJyY/FfuF9X4X4Q+j2jNfcDTD/N7Tu8
IcGdhn64ElXqEN9IsERCmLJYLsi6Ox/nSXtTt//34+dxH3P9ueKzkRVBBWG3ZpGo
uUDhSUZBWJWvWqKw+EPzglD1GCMV5Cu1cYXx+5xXKPSOBUZinnQHSpsT2ys=
=r7NT
-----END PGP SIGNATURE-----


A
A
André Batista wrote on 25 Sep 2020 01:18
Re: [bug#42380] [PATCHv2 9/9] gnu: Add torbrowser-unbundle
(address . 42380@debbugs.gnu.org)
20200924231814.GA29727@andel
Hi,

This patch updates Tor Browser to version 10.0. I've done some
minor testing and everything seems to working. One thing that
will need attention in the future is the cleaning of the profile
dir, as the upgrade process does not touch it and so older configs
and extensions remain on user profile.

Main changes from the previous version are:
- added a new phase to merge pluggable transports preferences
into default tor-browser preferences before configuring the build
instead of applying them on user preferences at runtime.
- https-everywhere is now a builtin extension and requires further
steps to be available at the right place.
- defined %tbb-build in order to further differentiate
tor-browser and tor-browser-build version tags.
From f0e529147d7481c48395c741022e5ef8b3bc1c9b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Thu, 24 Sep 2020 19:59:26 -0300
Subject: [PATCH] gnu: Add torbrowser-unbundle
To: 42380@debbugs.gnu.org

* gnu/packages/tor.scm (torbrowser-unbundle): New variable.
* gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch: New file.
* gnu/packages/patches/torbrowser-start-tor-browser.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
---
gnu/local.mk | 3 +
...torbrowser-start-tor-browser.desktop.patch | 22 +
.../torbrowser-start-tor-browser.patch | 183 ++++
gnu/packages/tor.scm | 866 +++++++++++++++++-
4 files changed, 1073 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
create mode 100644 gnu/packages/patches/torbrowser-start-tor-browser.patch

Toggle diff (1140 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index f3b5b17e84..9331af8ce6 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -37,6 +37,7 @@
 # Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
 # Copyright © 2020 Tanguy Le Carrour <tanguy@bioneland.org>
 # Copyright © 2020 Martin Becze <mjbecze@riseup.net>
+# Copyright © 2020 André Batista <nandre@riseup.net>
 #
 # This file is part of GNU Guix.
 #
@@ -1623,6 +1624,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/tipp10-fix-compiling.patch		\
   %D%/packages/patches/tipp10-remove-license-code.patch		\
   %D%/packages/patches/tk-find-library.patch			\
+  %D%/packages/patches/torbrowser-start-tor-browser.desktop.patch       \
+  %D%/packages/patches/torbrowser-start-tor-browser.patch       \
   %D%/packages/patches/transcode-ffmpeg.patch	\
   %D%/packages/patches/ttf2eot-cstddef.patch			\
   %D%/packages/patches/tomb-fix-errors-on-open.patch		\
diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
new file mode 100644
index 0000000000..336115b33a
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-tor-browser.desktop.patch
@@ -0,0 +1,22 @@
+Change TorBrowser desktop file in order for it to be agnostic to the
+path when invoked.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop.orign	2020-07-05 18:47:40.689484877 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.desktop	2020-07-25 02:54:44.603431160 -0300
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env ./Browser/execdesktop
++#!/usr/bin/env bash
+ #
+ # This file is a self-modifying .desktop file that can be run from the shell.
+ # It preserves arguments and environment for the start-tor-browser script.
+@@ -28,7 +28,7 @@
+ GenericName=Web Browser
+ Comment=Tor Browser is +1 for privacy and −1 for mass surveillance
+ Categories=Network;WebBrowser;Security;
+-Exec=sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k
+-X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
+-Icon=web-browser
++Exec=bash -c start-tor-browser
++X-TorBrowser-ExecShell=start-tor-browser --detach
++Icon=torbrowser
+ StartupWMClass=Tor Browser
diff --git a/gnu/packages/patches/torbrowser-start-tor-browser.patch b/gnu/packages/patches/torbrowser-start-tor-browser.patch
new file mode 100644
index 0000000000..a8403b09fa
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-start-tor-browser.patch
@@ -0,0 +1,183 @@
+Change TorBrowser startup script in order for it to setup needed files
+outside guix store. Remove tests which are not needed on guix system.
+
+--- torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser.orig 2020-07-05 18:47:40.685485004 -0300
++++ torbrowser-68.10.0esr-9.5-1/tbb-scripts/RelativeLink/start-tor-browser      2020-08-01 20:22:08.901737325 -0300
+@@ -5,6 +5,15 @@
+ #
+ # Copyright 2017 The Tor Project.  See LICENSE for licensing information.
+ 
++TBB_HOME="${HOME}/.local/share/torbrowser"
++TBB_LOGFILE="${TBB_HOME}/torbrowser.log"
++TBB_DATA="${TBB_HOME}/Data"
++TBB_PROFILE="${TBB_DATA}/Browser/profile.default"
++TBB_STORE_PATH=$(dirname $(realpath "$0"))
++TBB_STORE_DATA="${TBB_STORE_PATH}/TorBrowser/Data"
++TORRC="${TBB_DATA}/Tor/torrc-defaults"
++##PT_PREFS="${TBB_DATA}/Browser/bridge-prefs-js-appendix"
++
+ complain_dialog_title="Tor Browser"
+ 
+ # First, make sure DISPLAY is set.  If it isn't, we're hosed; scream
+@@ -134,8 +143,8 @@
+           ;;
+       -l | --log)
+           if [ -z "$2" -o "${2:0:1}" == "-" ]; then
+-             printf "Logging Tor Browser debug information to tor-browser.log\n"
+-             logfile="../tor-browser.log"
++             printf "Logging Tor Browser debug information to torbrowser.log\n"
++             logfile="${TBB_LOGFILE}"
+           elif [ "${2:0:1}" == "/" -o "${2:0:1}" == "~" ]; then
+              printf "Logging Tor Browser debug information to %s\n" "$2"
+              logfile="$2"
+@@ -187,41 +196,23 @@
+ 	export XAUTHORITY
+ fi
+ 
+-# If this script is being run through a symlink, we need to know where
+-# in the filesystem the script itself is, not where the symlink is.
+-myname="$0"
+-if [ -L "$myname" ]; then
+-	# XXX readlink is not POSIX, but is present in GNU coreutils
+-	# and on FreeBSD.  Unfortunately, the -f option (which follows
+-	# a whole chain of symlinks until it reaches a non-symlink
+-	# path name) is a GNUism, so we have to have a fallback for
+-	# FreeBSD.  Fortunately, FreeBSD has realpath instead;
+-	# unfortunately, that's also non-POSIX and is not present in
+-	# GNU coreutils.
+-	#
+-	# If this launcher were a C program, we could just use the
+-	# realpath function, which *is* POSIX.  Too bad POSIX didn't
+-	# make that function accessible to shell scripts.
+-
+-	# If realpath is available, use it; it Does The Right Thing.
+-	possibly_my_real_name="`realpath "$myname" 2>/dev/null`"
+-	if [ "$?" -eq 0 ]; then
+-		myname="$possibly_my_real_name"
+-	else
+-		# realpath is not available; hopefully readlink -f works.
+-		myname="`readlink -f "$myname" 2>/dev/null`"
+-		if [ "$?" -ne 0 ]; then
+-			# Ugh.
+-			complain "start-tor-browser cannot be run using a symlink on this operating system."
+-		fi
+-	fi
++# Try to be agnostic to where we're being started from, check if files are on its
++# default paths and chdir to TBB_HOME
++if [ -e "${TORRC}" ]; then
++   cd "${TBB_HOME}"
++else
++   mkdir -p "${TBB_HOME}"
++   cp -R "${TBB_STORE_DATA}" "${TBB_HOME}"
++   chmod -R 700 "${TBB_HOME}"
++   mkdir -p "${TBB_PROFILE}"
++   echo "user_pref(\"extensions.torlauncher.torrc-defaults_path\", \"${TORRC}\");"\
++     > "${TBB_PROFILE}/user.js"
++##   grep -v 'default_bridge\.snowflake' "${PT_PREFS}" >> "${TBB_PROFILE}/user.js"
++   echo "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${TBB_STORE_PATH}/TorBrowser/Tor/PluggableTransports/obfs4proxy"\
++     >> "${TORRC}"
++   cd "${TBB_HOME}"
+ fi
+ 
+-# Try to be agnostic to where we're being started from, chdir to where
+-# the script is.
+-mydir="`dirname "$myname"`"
+-test -d "$mydir" && cd "$mydir"
+-
+ # If ${PWD} results in a zero length string, we can try something else...
+ if [ ! "${PWD}" ]; then
+ 	# "hacking around some braindamage"
+@@ -236,16 +227,9 @@
+   ln -nsf ~/.config/ibus/bus .config/ibus
+ fi
+ 
+-# Fix up .desktop Icon and Exec Paths, and update the .desktop file from the
+-# canonical version if it was changed by the updater.
+-cp start-tor-browser.desktop ../
+-sed -i -e "s,^Name=.*,Name=Tor Browser,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Icon=.*,Icon=$PWD/browser/chrome/icons/default/default128.png,g" ../start-tor-browser.desktop
+-sed -i -e "s,^Exec=.*,Exec=sh -c '\"$PWD/start-tor-browser\" --detach || ([ !  -x \"$PWD/start-tor-browser\" ] \&\& \"\$(dirname \"\$*\")\"/Browser/start-tor-browser --detach)' dummy %k,g" ../start-tor-browser.desktop
+-
+ if [ "$register_desktop_app" -eq 1 ]; then
+ 	mkdir -p "$HOME/.local/share/applications/"
+-	cp ../start-tor-browser.desktop "$HOME/.local/share/applications/"
++	cp "${TBB_STORE_PATH}/start-tor-browser.desktop" "$HOME/.local/share/applications/"
+ 	update-desktop-database "$HOME/.local/share/applications/"
+ 	printf "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/\n"
+ 	exit 0
+@@ -265,21 +249,6 @@
+ HOME="${PWD}"
+ export HOME
+ 
+-SYSARCHITECTURE=$(getconf LONG_BIT)
+-TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
+-
+-if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
+-   complain "Wrong architecture? 32-bit vs. 64-bit."
+-   exit 1
+-fi
+-
+-[% IF c("var/asan") -%]
+-# We need to disable LSan which is enabled by default now. Otherwise we'll get
+-# a crash during shutdown: https://bugs.torproject.org/10599#comment:59
+-ASAN_OPTIONS="detect_leaks=0"
+-export ASAN_OPTIONS
+-[% END -%]
+-
+ function setControlPortPasswd() {
+     local ctrlPasswd=$1
+ 
+@@ -342,13 +311,15 @@
+ # your password in the following line where the word “secret” is:
+ setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'}
+ 
+-# Set up custom bundled fonts. See fonts-conf(5).
+-export FONTCONFIG_PATH="${HOME}/TorBrowser/Data/fontconfig"
+-export FONTCONFIG_FILE="fonts.conf"
+-
+ # Avoid overwriting user's dconf values. Fixes #27903.
+ export GSETTINGS_BACKEND=memory
+ 
++# Set up custom bundled fonts. See fonts-conf(5).
++export FONTCONFIG_FILE="${HOME}/Data/fontconfig/fonts.conf"
++
++sed -i "${FONTCONFIG_FILE}"\
++    -e "s,<dir>fonts</dir>,<dir>${TBB_STORE_PATH}/fonts</dir>,"
++
+ cd "${HOME}"
+ 
+ # We pass all additional command-line arguments we get to Firefox.
+@@ -357,23 +328,23 @@
+ 
+ if [ "$show_usage" -eq 1 ]; then
+     # Display Firefox help, then our help
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default --help 2>/dev/null
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default --help 2>/dev/null
+     tbb_usage
+ elif [ "$detach" -eq 1 ] ; then
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-       -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++       -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null &
+     disown "$!"
+ elif [ "$log_output" -eq 1 -a "$show_output" -eq 1 ]; then
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" 2>&1 </dev/null | \
+         tee "$logfile"
+ elif [ "$show_output" -eq 1 ]; then
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" < /dev/null
+ else
+-    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
+-        -profile TorBrowser/Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
++    TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${TBB_STORE_PATH}/firefox --class "Tor Browser" \
++        -profile Data/Browser/profile.default "${@}" > "$logfile" 2>&1 </dev/null
+ fi
+ 
+ exit $?
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index b1e417f29c..13ee611385 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -32,26 +32,63 @@
   #:use-module (guix utils)
   #:use-module (guix download)
   #:use-module (guix git-download)
+  #:use-module (guix build-system cargo)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system go)
   #:use-module (guix build-system python)
+  #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages audio)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
   #:use-module (gnu packages golang)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages libcanberra)
   #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages llvm)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages nss)
   #:use-module (gnu packages pcre)
+  #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-crypto)
   #:use-module (gnu packages python-web)
   #:use-module (gnu packages python-xyz)
   #:use-module (gnu packages qt)
+  #:use-module (gnu packages readline)
+  #:use-module (gnu packages rsync) ; for httpse
+  #:use-module (gnu packages rust)
+  #:use-module (gnu packages rust-apps)
+  #:use-module (gnu packages sqlite)
   #:use-module (gnu packages tls)
-  #:use-module (gnu packages w3m))
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages vim) ; for xxd
+  #:use-module (gnu packages w3m)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xorg)
+  #:use-module (gnu packages xml) ; for httpse
+  #:use-module (ice-9 match)
+  #:use-module ((srfi srfi-1) #:hide (zip)))
 
 (define-public tor
   (package
@@ -398,3 +435,830 @@ incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.
 The obfs naming was chosen primarily because it was shorter, in terms of
 protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.")
    (license license:gpl3+)))
+
+;; Upstream does not seem to keep tor-browser and tor-browser-build versions
+;; in sync
+(define %torbrowser-version "78.3.0esr-10.0-2")
+(define %torbrowser-build-version "10.0")
+(define %torbrowser-build "build2")
+(define %tbb-build "build3")
+(define %torbrowser-build-id "20200820000000");must be of the form YYYYMMDDhhmmss
+
+;; Fonts for Tor Browser. Avoid downloading 4Gb+ git repo on
+;; https://github.com/googlei18n/noto-fonts.git to use just a handful.
+;; Use the fonts on Tor Browser release tarball.
+(define torbrowser-fonts
+  (package
+   (name "torbrowser-fonts")
+   ; Tor Browser fonts did not change since last release and were not available
+   ; when this version was built, the previous version were kept.
+   ; (version %torbrowser-build-version)
+   (version "9.5.3")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://dist.torproject.org/torbrowser/"
+                         version "/tor-browser-linux64-"
+                         version "_en-US.tar.xz"))
+     (sha256
+      (base32
+       "1kqvr0sag94xdkq85k426qq1hz2b52m315yz51w6hvc87d8332b4"))))
+   (build-system trivial-build-system)
+   (native-inputs
+    `(("tar" ,tar)
+      ("xz" ,xz)))
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (let ((src (assoc-ref %build-inputs "sour