Tor Browser: out of the box support for some Pluggable Transports

Provide default bridges for the meek-azure, obfs4 and snowflake Pluggable Transports and put the necessary bits in torrc-defaults so those Pluggable Transports work out of the box. Prodded by discussion on ports@ started by unix@disroot.org. With help and feedback from richard and PieroV from Tor. Earlier version tested by Yifei Zhan. OK sthen@
2023-01-16 18:19:19 +00:00 · 2023-01-16 18:19:19 +00:00 · 267aee9591
commit 267aee9591
parent 827c8e1c39
5 changed files with 25 additions and 25 deletions
--- a/meta/tor-browser/Makefile
+++ b/meta/tor-browser/Makefile
@ -4,6 +4,7 @@ MAINTAINER=	Caspar Schutijser <caspar@schutijser.com>

 PKGNAME=	tor-browser-12.0.1
 ONLY_FOR_ARCHS =	amd64
+REVISION=	0

 RUN_DEPENDS=	www/tor-browser/browser>=12.0.1 \
 		www/tor-browser/noscript>=11.4.13 \
--- a/meta/tor-browser/pkg/README
+++ b/meta/tor-browser/pkg/README
@ -33,11 +33,9 @@ editing your torrc yourself.  Make sure Tor Browser is not running
 before doing so if you use this method; if Tor Browser is running it
 might overwrite your torrc.

-NOTE: The OpenBSD Tor Browser ports do not yet include Pluggable
-Transports (PT).  This means that not all features are yet available,
-such as using obfsproxy to get to Tor.  A future update will include
-ports for PT components.  Pluggable Transports have a web page
-worth reading:
+NOTE: on OpenBSD, the only Pluggable Transports that are available
+for now are meek-azure, obfs4 and snowflake.  Pluggable Transports have
+a web page worth reading:
  https://2019.www.torproject.org/docs/pluggable-transports.html.en

 For more information about Tor Browser and the Tor anonymity network
--- a/www/tor-browser/browser/Makefile
+++ b/www/tor-browser/browser/Makefile
@ -13,10 +13,12 @@ PATCHORIG =		.pat.orig

 PKGNAME =		${TB_PREFIX}-browser-${TB_VERSION:S/a/alpha/}
 DISTNAME =		src-firefox-tor-browser-102.6.0esr-12.0-1-build2
+REVISION =		0

 FIX_EXTRACT_PERMISSIONS	= Yes
 DISTFILES +=		${DISTNAME}.tar.xz \
-			tor-browser-linux64-${TB_VERSION}_ALL.tar.xz
+			tor-browser-linux64-${TB_VERSION}_ALL.tar.xz \
+			tor-expert-bundle-${TB_VERSION}-linux-x86_64.tar.gz

 SO_VERSION =		8.0
 MOZILLA_LIBS =		xul clearkey lgpllibs mozavcodec mozavutil mozgtk
@ -74,7 +76,9 @@ MAKE_ENV +=		BUILD_OPT=1 \
 			NSS_ENABLE_ECC=1 \
 			XCFLAGS="-I${LOCALBASE}/include ${CFLAGS}"

-RUN_DEPENDS +=		net/tor>=0.4.7.12
+RUN_DEPENDS +=		net/obfs4proxy>=0.0.14 \
+			net/snowflake_proxy>=2.4.1 \
+			net/tor>=0.4.7.12

 CONFIGURE_ARGS +=	--enable-release #1386371
 CONFIGURE_ARGS +=	--enable-sandbox
@ -103,7 +107,16 @@ post-patch:
 	# Not using a patch for this; patch context would contain UTF-8
 	sed -i 's/#ifdef XP_LINUX/#if defined(XP_LINUX) || defined(XP_OPENBSD)/' \
 	    ${WRKSRC}/browser/app/profile/000-tor-browser.js
-	ln -s ${WRKSRC}/mozconfig-linux-x86_64 ${WRKSRC}/.mozconfig
+	ln -fs ${WRKSRC}/mozconfig-linux-x86_64 ${WRKSRC}/.mozconfig
+
+	# add default bridges for Pluggable Transports that we support
+.for pt in meek-azure obfs4 snowflake
+	I=1; \
+	cat ${WRKDIR}/tor/pluggable_transports/bridges_list.${pt}.txt | while read -r line ; do \
+		echo "pref(\"extensions.torlauncher.default_bridge.${pt}.$$I\", \"$$line\");" >>${WRKSRC}/browser/app/profile/000-tor-browser.js; \
+		I=$$((I + 1)); \
+	done
+.endfor

 	${SUBST_CMD} ${WRKSRC}/xpcom/build/BinaryPath.h

--- a/www/tor-browser/browser/distinfo
+++ b/www/tor-browser/browser/distinfo
@ -1,4 +1,6 @@
 SHA256 (mozilla/src-firefox-tor-browser-102.6.0esr-12.0-1-build2.tar.xz) = 3hcAm81t5G57LV94qFSck/s8T02gkVmf+/tns5KobWA=
 SHA256 (mozilla/tor-browser-linux64-12.0.1_ALL.tar.xz) = kaHfdedtSaIGe1N6jSlUrz6QDBEfxoBbe3/M91A2ds8=
+SHA256 (mozilla/tor-expert-bundle-12.0.1-linux-x86_64.tar.gz) = no+4BZ+Jq6uVnIYHIYd5AeRw8litNkml+s+Enkf0u98=
 SIZE (mozilla/src-firefox-tor-browser-102.6.0esr-12.0-1-build2.tar.xz) = 512895940
 SIZE (mozilla/tor-browser-linux64-12.0.1_ALL.tar.xz) = 105644596
+SIZE (mozilla/tor-expert-bundle-12.0.1-linux-x86_64.tar.gz) = 17667213
--- a/www/tor-browser/browser/files/torrc-defaults
+++ b/www/tor-browser/browser/files/torrc-defaults
@ -12,22 +12,8 @@ CookieAuthentication 1
 GeoIPFile ${LOCALBASE}/share/tor/geoip
 GeoIPv6File ${LOCALBASE}/share/tor/geoip6

-##
-## N.B. PT not yet done on OpenBSD: 2015-07-21
-##
-
-## fteproxy configuration
-#ClientTransportPlugin fte exec fteproxy --managed
-
 ## obfs4proxy configuration
-#ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec obfs4proxy
+ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec /usr/local/bin/obfs4proxy

-## flash proxy configuration
-#
-# Change the second number here (9000) to the number of a port that can
-# receive connections from the Internet (the port for which you
-# configured port forwarding).
-#ClientTransportPlugin flashproxy exec flashproxy-client --register :0 :9000
-
-## meek configuration
-#ClientTransportPlugin meek exec meek-client-torbrowser -- meek-client
+## snowflake configuration
+ClientTransportPlugin snowflake exec /usr/local/bin/snowflake_client