From 8f9bc4e95273638654a1ecff4f6101b5db833ee4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Lassieur?= Date: Wed, 17 Jan 2024 12:56:03 +0100 Subject: [PATCH] gnu: torbrowser: Stop inheriting Icecat. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/local.mk (GNU_SYSTEM_MODULES): Add packages/tor-browsers.scm. * gnu/packages/gnupg.scm: Remove fix for dependency loop (fixed because we use a new file). * gnu/packages/tor-browsers.scm (mozilla-locale, mozilla-locales, %torbrowser-locales, %moz-build-date, %torbrowser-version, %torbrowser-firefox-version, translation-base-browser, translation-tor-browser, torbrowser-assets, torbrowser): New variables. (make-torbrowser): New procedure, which is a merge of ‘make-torbrowser’ (from tor.scm) with ‘icecat-minimal’ (from gnuzilla.scm). * gnu/packages/tor.scm (%moz-build-date, %torbrowser-version, %torbrowser-firefox-version, %torbrowser-locales, translation-base-browser, translation-tor-browser, torbrowser-assets, torbrowser): Remove variables. Change-Id: I5fcf73e53fe4481a18e13cdeb3515c3dc4430090 --- gnu/local.mk | 3 +- gnu/packages/gnupg.scm | 3 +- gnu/packages/tor-browsers.scm | 840 ++++++++++++++++++++++++++++++++++ gnu/packages/tor.scm | 462 ------------------- 4 files changed, 844 insertions(+), 464 deletions(-) create mode 100644 gnu/packages/tor-browsers.scm diff --git a/gnu/local.mk b/gnu/local.mk index 0d6e47ceae..fbdb285695 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -13,7 +13,7 @@ # Copyright © 2016-2023 Efraim Flashner # Copyright © 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Jan (janneke) Nieuwenhuizen # Copyright © 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice -# Copyright © 2017, 2018, 2023 Clément Lassieur +# Copyright © 2017, 2018, 2023, 2024 Clément Lassieur # Copyright © 2017, 2020 Mathieu Othacehe # Copyright © 2017, 2018, 2019 Gábor Boskovits # Copyright © 2018 Amirouche Boubekki @@ -633,6 +633,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/tls.scm \ %D%/packages/tmux.scm \ %D%/packages/toolkits.scm \ + %D%/packages/tor-browsers.scm \ %D%/packages/tor.scm \ %D%/packages/tree-sitter.scm \ %D%/packages/tv.scm \ diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index a6ba57d7f3..171eea6600 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -71,6 +71,7 @@ #:use-module (gnu packages swig) #:use-module (gnu packages texinfo) #:use-module (gnu packages tls) + #:use-module (gnu packages tor) #:use-module (gnu packages web) #:use-module (gnu packages xorg) #:use-module (gnu packages xdisorg) @@ -1129,7 +1130,7 @@ files, to verify signatures, and to manage the private and public keys.") perl-try-tiny perl-type-tiny perl-types-path-tiny - (@ (gnu packages tor) torsocks))) ;avoid dependency loop + torsocks)) (native-inputs (list perl-file-which perl-gnupg-interface diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm new file mode 100644 index 0000000000..fbae549224 --- /dev/null +++ b/gnu/packages/tor-browsers.scm @@ -0,0 +1,840 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2013, 2015 Andreas Enge +;;; Copyright © 2013-2022 Ludovic Courtès +;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Mark H Weaver +;;; Copyright © 2015 Sou Bunnbu +;;; Copyright © 2016, 2017, 2018, 2019, 2021 Efraim Flashner +;;; Copyright © 2016 Alex Griffin +;;; Copyright © 2017, 2023, 2024 Clément Lassieur +;;; Copyright © 2017, 2018 Nikita +;;; Copyright © 2017, 2018, 2020 Tobias Geerinckx-Rice +;;; Copyright © 2018, 2020 Ricardo Wurmus +;;; Copyright © 2019 Ivan Petkov +;;; Copyright © 2020 Oleg Pykhalov +;;; Copyright © 2020 Jakub Kądziołka +;;; Copyright © 2019, 2020 Adrian Malacoda +;;; Copyright © 2020-2023 Jonathan Brielmaier +;;; Copyright © 2020, 2022 Marius Bakke +;;; Copyright © 2021 Brice Waegeneire +;;; Copyright © 2021 Maxime Devos +;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer +;;; Copyright © 2021 Baptiste Strazzul +;;; Copyright © 2022 SeerLite +;;; Copyright © 2024 Aleksandr Vityazev +;;; Copyright © 2020, 2021 André Batista +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages tor-browsers) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (gnu packages assembly) + #:use-module (gnu packages base) + #:use-module (gnu packages browser-extensions) + #:use-module (gnu packages compression) + #:use-module (gnu packages cups) + #:use-module (gnu packages fontutils) + #:use-module (gnu packages gl) + #:use-module (gnu packages glib) + #:use-module (gnu packages gnome) + #:use-module (gnu packages golang) + #:use-module (gnu packages gtk) + #:use-module (gnu packages hunspell) + #:use-module (gnu packages image) + #:use-module (gnu packages kerberos) + #:use-module (gnu packages libcanberra) + #:use-module (gnu packages libevent) + #:use-module (gnu packages libffi) + #:use-module (gnu packages linux) + #:use-module (gnu packages llvm) + #:use-module (gnu packages m4) + #:use-module (gnu packages node) + #:use-module (gnu packages nss) + #:use-module (gnu packages pciutils) + #:use-module (gnu packages perl) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages pulseaudio) + #:use-module (gnu packages python) + #:use-module (gnu packages rust) + #:use-module (gnu packages rust-apps) + #:use-module (gnu packages sqlite) + #:use-module (gnu packages tor) + #:use-module (gnu packages video) + #:use-module (gnu packages xdisorg) + #:use-module (gnu packages xorg) + #:use-module (gnu packages) + #:use-module (guix build-system cargo) + #:use-module (guix build-system copy) + #:use-module (guix build-system gnu) + #:use-module (guix build-system mozilla) + #:use-module (guix download) + #:use-module (guix gexp) + #:use-module (guix git-download) + #:use-module (guix hg-download) + #:use-module (guix packages) + #:use-module (ice-9 regex) + #:use-module (guix utils)) + +(define (mozilla-locale locale changeset hash-string) + (origin + (method hg-fetch) + (uri (hg-reference + (url (string-append "https://hg.mozilla.org/l10n-central/" + locale)) + (changeset changeset))) + (file-name (string-append "mozilla-locale-" locale)) + (sha256 (base32 hash-string)))) + +(define-syntax-rule (mozilla-locales (hash-string changeset locale) ...) + #~(list (cons #$locale #$(mozilla-locale locale changeset hash-string)) + ...)) + +;; See tor-browser-build/rbm.conf for the list. +;; See browser/locales/l10n-changesets.json for the changeset. +;; See update-mozilla-locales in gnuzilla.scm to automate updating changeset. +(define %torbrowser-locales + (mozilla-locales + ;; sha256 changeset locale + ;;--------------------------------------------------------------------------- + ("14wnjv13alaj04pd8i8ysillbr3ic2jqa867rbj5ncz8h4hxxfxc" "4c7e24ef78bd" "ar") + ("0mcc15n3p7yk4zdbr3na2fm7wq2184mbcrkk3cvppkl6p4k8654d" "24d50653ab5c" "ca") + ("0ray22hdb3nrv2yi5z98cvbmpk9kpsv96a8wzad5dr4sxy44ii0d" "0d96b6b04bfb" "cs") + ("0is7qbykv2pj0z9ll9r35vwjp0x29vmfr10yjl3s0amfaqzjqpqc" "0a0b774407cc" "da") + ("0yq7m4v7d7ayg90m66j73mflrnp709qw9n7skhpsl9h1wbhrd7q7" "633986260777" "de") + ("19g2ha32syq6rjcyl4ypmy7sc9w7xkvrpkic5lfc2yja6ll9116p" "e2f2d1541e38" "el") + ("018qi9zn24kzfcidsj9lbqfg5n97r295yr8fs953nyfdbim9jsfv" "accf5e4506c0" "es-ES") + ("11prhmh2cp95dpv6z0k479mb11zbfm541bvigs3gnkh3nazjvc8q" "37aa71d77cb6" "fa") + ("1lv9l98q88ixb0ph970yzphahgzbl97x0w069bkxa54kblkv1ch1" "dc40a4fd5d0e" "fi") + ("0wx4k7mwhvpv5w0wa4y5pca2q3jac62jv804nxqnfwh1bvi90wv0" "415c1f0e84bd" "fr") + ("17j68a6rbaphfcq38mgz6s1076fyy92fk0ldw8igql6gd85qjlaa" "d271f275cf48" "ga-IE") + ("0b7qdayljb4ryyqgalvi626lzg238gyn03m3a2f7afs9zi6px526" "46f8d7c031a6" "he") + ("14xbrzvc09fcp7qzllb65nis27hkg9pg5615y29xzwiz4g090my1" "086ac0260d6b" "hu") + ("0q5s4iz02xgmbw6nnpg6xg4pwz7n55nvxb9mj8vqdakq3faybbd5" "f03a6b3069a5" "id") + ("1lwklx3nkm56420xc3kbg892jm2b6202sjw33nvv766sm9hbvcap" "5c4b61165e1d" "is") + ("1n7l5idw9399n8ih1r1d6m8vzpzhwmnxmr9i7jvygkdc8d6adp1k" "07d5e1ff5f9b" "it") + ("1w6nw9cd92p1ndy82wwlq9xizyq3i8rq0nj7118gbxbx368mk2kj" "e6f9db9ce3e6" "ja") + ("1js99gbyc1dj33xc425wb08s1aw3bfznaacrqhw3l42yw1g1ghy4" "a15eb9feea2c" "ka") + ("116a8s0k2yvijy7qf0xpqm5w66gdzs32jhc06364sdar5v34lyhh" "805b85981696" "ko") + ("1yrjrhmmd0b810kxryja1j1md3rr2zpn1j9cbg05dgp5s8i89psk" "943a26276832" "lt") + ("08zccz7gflzpr20y0hvhmdsiz6ncags39kh83cay5ivchyib5qbi" "fbef80de5499" "mk") + ("100k4ibpwys9i4ghi5xvmgwr9api67ngav2hvb613rj6hdfd57f7" "20ec0915ec35" "ms") + ("0kk3cjlpghbi7j3ndb2s0c7g838fzd2mpzg01bp0cra8lzd0n2ac" "4ab6f0d05aa6" "my") + ("1i3r2ici95mazw07m2mrf192fc6bfa3x6j3c2pcc1zg7z9srihgh" "561b0cd86ec1" "nb-NO") + ("1c0m8jhn52h1dif5bswrdwrlzppgga01y61wlii4aaaw15imd6yd" "2a55df0cc389" "nl") + ("1gssvg306b80drp7kvc35kvcxwldb5sga0bapaxhv362irq1nya8" "a64a7dab01c4" "pl") + ("1dzh13x85a7src8szbrq5pjmrbak4isln9xdwjk7a1yq4g9h7jgs" "33bf2a9f4c49" "pt-BR") + ("0jx9y7fv44wxqapmcgr924wgb1l5cm95bgpmnhnjchp1zpmyfdl5" "a367feeadd33" "ro") + ("09x2jirf04kgc118a70z0xrb3msbm7vr4f41ig4xrwf2s5b816r3" "528b76d6aaca" "ru") + ("02y898f0ncjwka474r9lw361b0kywx1w56hj09i7im4j5jrsjnh1" "fa28d9d79cd3" "sq") + ("1cyimbd42aaq2amyhdbbx26jwsns77lsfl8g9a70bsjlpwzwzryg" "cc8e8962e59c" "sv-SE") + ("03mqrvcal7i172gf9239q9fnynfp5kg9b3r1w8gr9iz7rkr22gw5" "d361502c559e" "th") + ("12srgqkqwaidcwbz0y7zr59165f7aq5k5s3b81ql7ixdbwia91pm" "f6173aca4762" "tr") + ("1d91gfx5p6wyb455syw0b57wxl1sd4b4kcdvfk92pb050rqaqfgv" "c5ad4d4f70eb" "uk") + ("1dj8q2jw60a184f018jyldl51rfmvz1cndz3kbw0cc5l5sli7hwr" "0e75c226763d" "vi") + ("1dl2dpif4wwrlpx7zkz5qf8kk4vhxyf63016xcfpbhxizqqwc1ki" "df2d025ed631" "zh-CN") + ("1c63ngff9lsc1x3pi6lnkyxw19gdc65yc67p7alzvrka3cv292ia" "11f8d68148a4" "zh-TW"))) + +;; We copy the official build id, which can be found there: +;; https://aus1.torproject.org/torbrowser/update_3/release/. +(define %moz-build-date "20240115174022") + +;; To find the last version, look at https://www.torproject.org/download/. +(define %torbrowser-version "13.0.9") + +;; To find the last Firefox version, browse +;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version> +;; There should be only one archive that starts with +;; "src-firefox-tor-browser-". +(define %torbrowser-firefox-version "115.7.0esr-13.0-1-build1") + +;; See tor-browser-build/projects/translation/config. +(define translation-base-browser + (origin + (method git-fetch) + (uri (git-reference + (url "https://gitlab.torproject.org/tpo/translation.git") + (commit "cbd9b6c415ec2edb99237ef67ccd4f033a7b9c2a"))) + (file-name "translation-base-browser") + (sha256 + (base32 + "103dj1zzc68gxzjxwcpc4sbc6qca4zg8kkhdivzpq37ma07sp9sf")))) + +;; See tor-browser-build/projects/translation/config. +(define translation-tor-browser + (origin + (method git-fetch) + (uri (git-reference + (url "https://gitlab.torproject.org/tpo/translation.git") + (commit "767ab5111f065b82151275775af5ecf7a529ef48"))) + (file-name "translation-tor-browser") + (sha256 + (base32 + "034s0ivbama497xq0904q8p6d7n2f2aa2vn2jcs9g4bvmhgwicw4")))) + +(define torbrowser-assets + ;; This is a prebuilt Torbrowser from which we take the assets we need. + (package + (name "torbrowser-assets") + (version %torbrowser-version) + (source + (origin + (method url-fetch) + (uri + (string-append + "https://archive.torproject.org/tor-package-archive/torbrowser/" + version "/tor-browser-linux-x86_64-" version ".tar.xz")) + (sha256 + (base32 + "0j143r24xzmq38nd5z1xqsa9zp35lws9rvlj6hb9xn3dnl67gh59")))) + (arguments + (list + #:install-plan + ''(("Browser" "." #:include-regexp + ("^\\./TorBrowser/Data/Tor/torrc-defaults" + "^\\./fonts/" + "^\\./fontconfig/fonts.conf"))))) + (build-system copy-build-system) + (home-page "https://www.torproject.org") + (synopsis "Tor Browser assets") + (description "This package contains fonts and configuration files for Tor +Browser.") + (license license:silofl1.1))) + +(define* (make-torbrowser #:key + moz-app-name + moz-app-remotingname + branding-directory + assets + locales + base-browser-version) + (package + (name "torbrowser") + (version %torbrowser-version) + (source + (origin + (method url-fetch) + (uri + (string-append + "https://archive.torproject.org/tor-package-archive/torbrowser/" + version "/src-firefox-tor-browser-" %torbrowser-firefox-version + ".tar.xz")) + (sha256 + (base32 + "0h05js9j1drzw5q98nlphsmvlp1k2a71z5jd06xk6pz29w6322pw")))) + (build-system mozilla-build-system) + (inputs + (list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird + tor-client + alsa-lib + bzip2 + cups + dbus-glib + gdk-pixbuf + glib + gtk+ + ;; UNBUNDLE-ME! graphite2 + cairo + pango + freetype + ;; UNBUNDLE-ME! harfbuzz + libcanberra + libgnome + libjpeg-turbo + libpng-apng + ;; UNBUNDLE-ME! libogg + ;; UNBUNDLE-ME! libtheora ; wants theora-1.2, not yet released + ;; UNBUNDLE-ME! libvorbis + libxft + libevent + libxinerama + libxscrnsaver + libxcomposite + libxt + libffi + ;; Support for FFmpeg 6 was only added in version 112 (see: + ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1819374). + ffmpeg-5 + libvpx + (force (@@ (gnu packages gnuzilla) icu4c-73-promise)) + pixman + pulseaudio + mesa + pciutils + mit-krb5 + hunspell + libnotify + nspr + ;; UNBUNDLE-ME! nss (pending upgrade of 'nss' to 3.90 or later) + shared-mime-info + sqlite + eudev + unzip + zip + zlib)) + (native-inputs + (list + rust + `(,rust "cargo") + rust-cbindgen-0.24 + llvm-15 + clang-15 + perl + node-lts + python-wrapper + yasm + nasm ; XXX FIXME: only needed on x86_64 and i686 + pkg-config + m4 + which)) + (arguments + (list + #:tests? #f ;not worth the cost + + ;; Some dynamic lib was determined at runtime, so rpath check may fail. + #:validate-runpath? #f + + #:configure-flags + #~(list + "--without-relative-data-dir" ;store is read-only + "--disable-base-browser-update" + ;; Default is "default", which is the same as "nightly". + "--enable-update-channel=release" + ;; This is useless right now but it might be used in the future. + ;; (See nsAppFileLocationProvider.cpp.) + (string-append "--with-user-appdir=." #$moz-app-name) + (string-append "--with-branding=" #$branding-directory) + (string-append "--prefix=" #$output) + (string-append "--with-base-browser-version=" + #$base-browser-version) + + "--enable-application=browser" + "--with-distribution-id=org.gnu" + "--enable-geckodriver" + ;; Do not require addons in the global app or system directories to + ;; be signed by Mozilla. + "--with-unsigned-addon-scopes=app,system" + "--allow-addon-sideload" + + "--enable-pulseaudio" + + "--disable-tests" + "--disable-updater" + "--disable-crashreporter" + ;; The --disable-eme option is not available on aarch64. + #$(if (target-aarch64?) "" "--disable-eme") + + ;; Building with debugging symbols takes ~5GiB, so disable it. + "--disable-debug" + "--disable-debug-symbols" + + "--enable-rust-simd" + "--enable-release" + "--enable-optimize" + "--enable-strip" + "--disable-elf-hack" + + ;; Clang is needed to build Stylo, Mozilla's new CSS engine. We must + ;; specify the clang paths manually, because otherwise the Mozilla + ;; build system looks in the directories returned by llvm-config + ;; --bindir and llvm-config --libdir, which return paths in the llvm + ;; package where clang is not found. + (string-append "--with-clang-path=" + (search-input-file %build-inputs "bin/clang")) + (string-append "--with-libclang-path=" + (dirname (search-input-file %build-inputs + "lib/libclang.so"))) + + ;; Hack to work around missing "unofficial" branding in icecat. + "--enable-official-branding" + + ;; TODO: Add support for wasm sandboxed libraries. + "--without-wasm-sandboxed-libraries" + + ;; Avoid bundled libraries. + "--with-system-jpeg" ;must be libjpeg-turbo + "--with-system-png" ;must be libpng-apng + "--with-system-zlib" + ;; UNBUNDLE-ME! "--with-system-bz2" + ;; UNBUNDLE-ME! "--with-system-libevent" + ;; UNBUNDLE-ME! "--with-system-ogg" + ;; UNBUNDLE-ME! "--with-system-vorbis" + ;; UNBUNDLE-ME! "--with-system-theora" ; wants theora-1.2, not yet released + ;; UNBUNDLE-ME! "--with-system-libvpx" + "--with-system-icu" + "--with-system-nspr" + ;; UNBUNDLE-ME! "--with-system-nss" ; pending upgrade of 'nss' to 3.90 + + ;; UNBUNDLE-ME! "--with-system-harfbuzz" + ;; UNBUNDLE-ME! "--with-system-graphite2" + "--enable-system-pixman" + "--enable-system-ffi" + ;; UNBUNDLE-ME! "--enable-system-sqlite" + ) + + #:imported-modules %cargo-utils-modules ;for `generate-all-checksums' + + #:modules `((ice-9 ftw) + (ice-9 match) + (srfi srfi-1) + (srfi srfi-26) + (rnrs bytevectors) + (rnrs io ports) + (guix elf) + (guix build gremlin) + ,@%gnu-build-system-modules) + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'apply-guix-specific-patches + (lambda _ + (for-each + (lambda (file) (invoke "patch" "--force" "-p1" "-i" file)) + '(#$(local-file + (search-patch "icecat-compare-paths.patch")) + #$(local-file + (search-patch "icecat-use-system-wide-dir.patch")))))) + (add-after 'apply-guix-specific-patches 'remove-bundled-libraries + (lambda _ + ;; Remove bundled libraries that we don't use, since they may + ;; contain unpatched security flaws, they waste disk space and + ;; memory, and may cause confusion. + (for-each (lambda (file) + (format #t "deleting '~a'...~%" file) + (delete-file-recursively file)) + '( ;; FIXME: Removing the bundled icu breaks configure. + ;; * The bundled icu headers are used in some places. + ;; * The version number is taken from the bundled copy. + ;;"intl/icu" + ;; + ;; FIXME: A script from the bundled nspr is used. + ;;"nsprpub" + ;; + ;; FIXME: Some of the bundled NSS sources are used + ;; to build third_party/prio. + ;;"security/nss" + ;; + ;; TODO: Use more system media libraries. See: + ;; + ;; * libtheora: esr60 wants v1.2, not yet released. + ;; * soundtouch: avoiding the bundled library would + ;; result in some loss of functionality. There's + ;; also an issue with exception handling + ;; configuration. It seems that this is needed in + ;; some moz.build: + ;; DEFINES['ST_NO_EXCEPTION_HANDLING'] = 1 + ;; * libopus + ;; * speex + ;; + "modules/freetype2" + ;; "media/libjpeg" ; needed for now, because media/libjpeg/moz.build is referenced from config/external/moz.build + ;; UNBUNDLE-ME! "modules/zlib" + ;; UNBUNDLE-ME! "ipc/chromium/src/third_party/libevent" + ;; UNBUNDLE-ME! "media/libvpx" + ;; UNBUNDLE-ME! "media/libogg" + ;; UNBUNDLE-ME! "media/libvorbis" + ;; UNBUNDLE-ME! "media/libtheora" ; wants theora-1.2, not yet released + ;; UNBUNDLE-ME! "media/libtremor" + ;; UNBUNDLE-ME! "gfx/harfbuzz" + ;; UNBUNDLE-ME! "gfx/graphite2" + "js/src/ctypes/libffi" + ;; UNBUNDLE-ME! "db/sqlite3" + )))) + (add-after 'remove-bundled-libraries 'fix-ffmpeg-runtime-linker + (lambda* (#:key inputs #:allow-other-keys) + ;; Arrange to load libavcodec.so by its absolute file name. + (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" + (("libavcodec\\.so") + (search-input-file inputs "lib/libavcodec.so"))))) + (add-after 'fix-ffmpeg-runtime-linker 'build-sandbox-whitelist + (lambda* (#:key inputs #:allow-other-keys) + (define (runpath-of lib) + (call-with-input-file lib + (compose elf-dynamic-info-runpath + elf-dynamic-info + parse-elf + get-bytevector-all))) + (define (runpaths-of-input label) + (let* ((dir (string-append (assoc-ref inputs label) "/lib")) + (libs (find-files dir "\\.so$"))) + (append-map runpath-of libs))) + ;; Populate the sandbox read-path whitelist as needed by ffmpeg. + (let* ((whitelist + (map (cut string-append <> "/") + (delete-duplicates + `(,(string-append (assoc-ref inputs "shared-mime-info") + "/share/mime") + ,@(append-map runpaths-of-input + '("mesa" "ffmpeg")))))) + (whitelist-string (string-join whitelist ","))) + (with-output-to-file "whitelist.txt" + (lambda () + (display whitelist-string)))))) + (add-after 'patch-source-shebangs 'patch-cargo-checksums + (lambda _ + (use-modules (guix build cargo-utils)) + (let ((null-hash "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")) + (for-each (lambda (file) + (format #t "patching checksums in ~a~%" file) + (substitute* file + (("^checksum = \".*\"") + (string-append "checksum = \"" null-hash "\"")))) + (find-files "." "Cargo.lock$")) + (for-each generate-all-checksums + '("services" + "js" + "third_party/rust" + "dom/media" + "dom/webauthn" + "toolkit" + "gfx" + "storage" + "modules" + "xpcom/rust" + "media" + "mozglue/static/rust" + "netwerk" + "remote" + "intl" + "servo" + "security/manager/ssl" + "build"))))) + (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag + (lambda _ + ;; Remove --frozen flag from cargo invokation, otherwise it'll + ;; complain that it's not able to change Cargo.lock. + ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 + (substitute* "build/RunCbindgen.py" + (("\"--frozen\",") "")))) + (delete 'bootstrap) + (add-before 'configure 'setenv + (lambda _ + (setenv "CONFIG_SHELL" (which "bash")) + ;; Install location is prefix/lib/$MOZ_APP_NAME. Also + ;; $MOZ_APP_NAME is the executable name. Default is + ;; "firefox". + (setenv "MOZ_APP_NAME" #$moz-app-name) + ;; Profile location (relative to "~/."). Default is + ;; lower($MOZ_APP_VENDOR/$MOZ_APP_BASENAME), which is: + ;; ~/.tor project/firefox. + (setenv "MOZ_APP_PROFILE" #$(in-vicinity + moz-app-name "browser")) + ;; WM_CLASS (default is "$MOZ_APP_NAME-$MOZ_UPDATE_CHANNEL"). + (setenv "MOZ_APP_REMOTINGNAME" #$moz-app-remotingname) + ;; Persistent state directory for the build system (default is + ;; $HOME/.mozbuild). + (setenv "MOZBUILD_STATE_PATH" + (in-vicinity (getcwd) ".mozbuild")) + (setenv "MOZ_CHROME_MULTILOCALE" + (string-join (map car #$locales))) + ;; Make build reproducible. + (setenv "MOZ_BUILD_DATE" #$%moz-build-date))) + (add-before 'configure 'mozconfig + (lambda* (#:key configure-flags #:allow-other-keys) + (with-output-to-file "mozconfig" + (lambda () + (format #t ". $topsrcdir/mozconfig-linux-x86_64~%") + (for-each (lambda (flag) + (format #t "ac_add_options ~a~%" flag)) + configure-flags))))) + ;; See tor-browser-build/projects/firefox/build. + (add-before 'configure 'copy-firefox-locales + (lambda _ + (let ((l10ncentral ".mozbuild/l10n-central")) + (mkdir-p l10ncentral) + (for-each + (lambda (lang) + (copy-recursively (cdr lang) + (in-vicinity l10ncentral + (car lang)))) + #$locales)))) + (add-after 'copy-firefox-locales 'copy-basebrowser-locales + (lambda _ + (let ((l10ncentral ".mozbuild/l10n-central")) + ;; Temporary copy so that we can use ‘mv’ to mimic + ;; tor-browser-build/projects/firefox/build. + (copy-recursively #$translation-base-browser + "translation-base-browser") + (for-each + (lambda (lang) + (system + (format + #f (string-join + '("mv" + "translation-base-browser/~a/base-browser.ftl" + "~a/~a/browser/browser/")) + lang l10ncentral lang)) + (system + (format + #f (string-join + '("mv" + "translation-base-browser/~a/*" + "~a/~a/browser/chrome/browser/")) + lang l10ncentral lang))) + (map car #$locales))))) + (add-after 'copy-basebrowser-locales 'copy-torbrowser-locales + (lambda _ + (let ((l10ncentral ".mozbuild/l10n-central")) + ;; Temporary copy so that we can use ‘mv’ to mimic + ;; tor-browser-build/projects/firefox/build. + (copy-recursively #$translation-tor-browser + "translation-tor-browser") + (for-each + (lambda (lang) + (system + (format + #f (string-join + '("mv" + "translation-tor-browser/~a/tor-browser.ftl" + "~a/~a/browser/browser/")) + lang l10ncentral lang)) + (system + (format + #f (string-join + '("mv" + "translation-tor-browser/~a/cryptoSafetyPrompt.properties" + "~a/~a/browser/chrome/browser/")) + lang l10ncentral lang)) + (system + (format + #f (string-join + '("mv" + "translation-tor-browser/~a" + "toolkit/torbutton/chrome/locale/")) + lang)) + (let ((port (open-file "toolkit/torbutton/jar.mn" "a"))) + (format port "% locale torbutton ~a %locale/~a/~%" + lang lang) + (format port " locale/~a/ (chrome/locale/~a/*)~%" + lang lang) + (close port))) + (map car #$locales))))) + (replace 'configure + (lambda _ + (invoke "./mach" "configure"))) + (add-before 'build 'fix-addons-placeholder + (lambda _ + (substitute* + "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl" + (("addons.mozilla.org") "gnuzilla.gnu.org")))) + (add-before 'build 'add-bridges ;see deploy.sh + (lambda _ + (let ((port (open-file + "browser/app/profile/000-tor-browser.js" "a"))) + (display + "#include ../../../tools/torbrowser/bridges.js" port) + (newline port) + (close port)))) + (replace 'build + (lambda* (#:key (make-flags '()) (parallel-build? #t) + #:allow-other-keys) + (apply invoke "./mach" "build" + ;; mach will use a wide parallel build if possible by + ;; default, so reign it in if requested. + `(,(string-append + "-j" (number->string (if parallel-build? + (parallel-job-count) + 1))) + ,@make-flags)))) + ;; See tor-browser-build/projects/firefox/build. + (add-after 'build 'build-locales + (lambda _ + (system (string-join '("./mach package-multi-locale --locales" + "en-US $MOZ_CHROME_MULTILOCALE"))))) + (add-after 'build-locales 'neutralise-store-references + (lambda _ + ;; Mangle the store references to compilers & other build tools in + ;; about:buildconfig, reducing IceCat's closure by 1 GiB on x86-64. + (let* ((obj-dir (match (scandir "." (cut string-prefix? "obj-" <>)) + ((dir) dir))) + (file (string-append + obj-dir + "/dist/bin/chrome/toolkit/content/global/buildconfig.html"))) + (substitute* file + (("[0-9a-df-np-sv-z]{32}" hash) + (string-append (string-take hash 8) + "" + (string-drop hash 8))))))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (invoke "./mach" "install") + ;; The geckodriver binary is not installed by the above, for some + ;; reason. Use 'find-files' to avoid having to deal with the + ;; system/architecture-specific file name. + (install-file (first (find-files "." "geckodriver")) + (string-append #$output "/bin")))) + (add-after 'install 'wrap-program + (lambda* (#:key inputs #:allow-other-keys) + (let* ((gtk #$(this-package-input "gtk+")) + (gtk-share (string-append gtk "/share")) + (fonts.conf (format #f "~a/lib/~a/fontconfig/fonts.conf" + #$output #$moz-app-name)) + (ld-libs '#$(cons + (file-append + (this-package-input "libcanberra") + "/lib/gtk-3.0/modules") + (map (lambda (label) + (file-append (this-package-input label) "/lib")) + '("libpng-apng" + "libxscrnsaver" + "mesa" + "pciutils" + "mit-krb5" + "eudev" + "pulseaudio" + ;; For the integration of native notifications + ;; (same reason as icedove) + "libnotify"))))) + (wrap-program (format #f "~a/lib/~a/~a" + #$output #$moz-app-name #$moz-app-name) + `("XDG_DATA_DIRS" prefix (,gtk-share)) + ;; The following line is commented out because the icecat + ;; package on guix has been observed to be unstable when + ;; using wayland, and the bundled extensions stop working. + ;; `("MOZ_ENABLE_WAYLAND" = ("1")) + `("LD_LIBRARY_PATH" prefix ,ld-libs) + `("FONTCONFIG_FILE" prefix (,fonts.conf)))))) + (add-after 'wrap-program 'install-desktop-entry + (lambda _ + (let ((apps (in-vicinity #$output "share/applications"))) + (mkdir-p apps) + (make-desktop-entry-file + (string-append apps "/" #$moz-app-name ".desktop") + #:name #$moz-app-remotingname + #:exec (format #f "~a/bin/~a %u" #$output #$moz-app-name) + #:categories '("Network" "WebBrowser" "Security") + #:startup-w-m-class #$moz-app-remotingname + #:icon #$moz-app-name)))) + (add-after 'install-desktop-entry 'install-icons + (lambda* (#:key inputs #:allow-other-keys) + (for-each + (lambda (size) + (let ((oldpath (string-append + #$branding-directory "/default" size ".png")) + (newpath (string-append + #$output "/share/icons/hicolor/" size "x" + size "/apps/" #$moz-app-name ".png"))) + (mkdir-p (dirname newpath)) + (copy-file oldpath newpath))) + '("16" "22" "24" "32" "48" "64" "128" "256")))) + (add-after 'install 'deploy-fonts + (lambda* (#:key inputs #:allow-other-keys) + (let ((lib (string-append #$output "/lib/" #$moz-app-name))) + ;; Fonts + (copy-recursively (in-vicinity #$assets "fontconfig") + (in-vicinity lib "fontconfig")) + (substitute* (in-vicinity lib "fontconfig/fonts.conf") + (("fonts") + (format #f "~a" (in-vicinity lib "fonts")))) + (delete-file-recursively (in-vicinity lib "fonts")) + (copy-recursively (in-vicinity #$assets "fonts") + (in-vicinity lib "fonts"))))) + (add-after 'deploy-fonts 'deploy-tor-assets + (lambda* (#:key inputs #:allow-other-keys) + (let ((lib (in-vicinity #$output "lib/torbrowser")) + (tor #$(this-package-input "tor-client"))) + ;; TorBrowser/Data/Tor/torrc-defaults + (copy-recursively (in-vicinity #$assets "TorBrowser") + (in-vicinity lib "TorBrowser")) + (substitute* + (in-vicinity lib "TorBrowser/Data/Tor/torrc-defaults") + (("exec ./TorBrowser/Tor/PluggableTransports/lyrebird") + (string-append + "exec " (search-input-file inputs "bin/lyrebird")))) + ;; The geoip and geoip6 files are in the same directory as + ;; torrc-defaults. (See TorProcess.sys.mjs.) + (mkdir-p (in-vicinity lib "TorBrowser/Data/Tor")) + (copy-file (in-vicinity tor "share/tor/geoip6") + (in-vicinity lib "TorBrowser/Data/Tor/geoip6")) + (copy-file (in-vicinity tor "share/tor/geoip") + (in-vicinity lib "TorBrowser/Data/Tor/geoip"))))) + (add-after 'install 'autoconfig + (lambda* (#:key inputs #:allow-other-keys) + (let ((lib (string-append #$output "/lib/" #$moz-app-name)) + (config-file (string-append #$moz-app-name ".cfg"))) + (with-output-to-file (in-vicinity + lib "defaults/pref/autoconfig.js") + (lambda () + (format #t "// first line must be a comment~%") + (format #t "pref(~s, ~s);~%" + "general.config.filename" config-file) + (format #t "pref(~s, ~a);~%" + "general.config.obscure_value" "0"))) + (with-output-to-file (in-vicinity lib config-file) + (lambda () + (format #t "// first line must be a comment~%") + ;; Required for Guix packaged extensions + ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8 + ;; Default is 5. + (format #t "pref(~s, ~a);~%" + "extensions.enabledScopes" "13") + (format #t "pref(~s, ~s);~%" + "security.sandbox.content.read_path_whitelist" + (call-with-input-file "whitelist.txt" + get-string-all)) + ;; Add-ons pannel (see settings.js in Icecat source). + (format #t "pref(~s, ~s);~%" + "extensions.getAddons.search.browseURL" + "https://gnuzilla.gnu.org/mozzarella") + (format #t "pref(~s, ~s);~%" + "extensions.getAddons.get.url" + "https://gnuzilla.gnu.org/mozzarella") + (format #t "pref(~s, ~s);~%" + "extensions.getAddons.link.url" + "https://gnuzilla.gnu.org/mozzarella") + (format #t "pref(~s, ~s);~%" + "extensions.getAddons.discovery.api_url" + "https://gnuzilla.gnu.org/mozzarella") + (format #t "pref(~s, ~s);~%" + "extensions.getAddons.langpacks.url" + "https://gnuzilla.gnu.org/mozzarella") + (format #t "pref(~s, ~s);~%" + "lightweightThemes.getMoreURL" + "https://gnuzilla.gnu.org/mozzarella")))))) + (add-after 'autoconfig 'autoconfig-tor + (lambda* (#:key inputs #:allow-other-keys) + (let ((lib (in-vicinity #$output "lib/torbrowser")) + (config-file (string-append #$moz-app-name ".cfg"))) + (let ((port (open-file (in-vicinity lib config-file) "a"))) + (format port "pref(~s, ~s);~%" + "extensions.torlauncher.torrc-defaults_path" + (in-vicinity + lib "TorBrowser/Data/Tor/torrc-defaults")) + (format port "pref(~s, ~s);~%" + "extensions.torlauncher.tor_path" + (search-input-file inputs "bin/tor")) + (close port)))))))) + (propagated-inputs + (list noscript/icecat)) + (native-search-paths + (list (search-path-specification + (variable "ICECAT_SYSTEM_DIR") + (separator #f) ;single entry + (files '("lib/icecat"))))) + (home-page "https://www.torproject.org") + (synopsis "Anonymous browser derived from Mozilla Firefox") + (description + "Tor Browser is the Tor Project version of Firefox browser. It is the +only recommended way to anonymously browse the web that is supported by the +project. It modifies Firefox in order to avoid many know application level +attacks on the privacy of Tor users.") + (license license:mpl2.0))) ;And others, see + ;toolkit/content/license.html + +(define-public torbrowser + (make-torbrowser #:moz-app-name "torbrowser" + #:moz-app-remotingname "Tor Browser" + #:branding-directory "browser/branding/tb-release" + #:assets torbrowser-assets + #:locales %torbrowser-locales + #:base-browser-version %torbrowser-version)) diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm index 8cbf8f5f8c..4b356b6cc1 100644 --- a/gnu/packages/tor.scm +++ b/gnu/packages/tor.scm @@ -13,7 +13,6 @@ ;;; Copyright © 2021-2023 Danial Behzadi ;;; Copyright © 2022 Maxim Cournoyer ;;; Copyright © 2022 Jim Newsome -;;; Copyright © 2023, 2024 Clément Lassieur ;;; ;;; This file is part of GNU Guix. ;;; @@ -37,16 +36,11 @@ #:use-module (guix utils) #:use-module (guix download) #:use-module (guix git-download) - #:use-module (guix hg-download) - #:use-module (guix build-system copy) #:use-module (guix build-system gnu) - #:use-module (guix build-system mozilla) #:use-module (guix build-system python) #:use-module (guix build-system pyproject) #:use-module (gnu packages) #:use-module (gnu packages base) - #:use-module (gnu packages bash) - #:use-module (gnu packages browser-extensions) #:use-module (gnu packages libevent) #:use-module (gnu packages linux) #:use-module (gnu packages check) @@ -54,8 +48,6 @@ #:use-module (gnu packages pcre) #:use-module (gnu packages freedesktop) #:use-module (gnu packages glib) - #:use-module (gnu packages golang) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) #:use-module (gnu packages python-check) @@ -491,457 +483,3 @@ Potential client and exit connections are scrubbed of sensitive information.") the onion proxy and sets up proxy in user session, so you don't have to mess up with TOR on your system anymore.") (license license:gpl3+))) - -(define (mozilla-locale locale changeset hash-string) - (origin - (method hg-fetch) - (uri (hg-reference - (url (string-append "https://hg.mozilla.org/l10n-central/" - locale)) - (changeset changeset))) - (file-name (string-append "mozilla-locale-" locale)) - (sha256 (base32 hash-string)))) - -(define-syntax-rule (mozilla-locales (hash-string changeset locale) ...) - #~(list (cons #$locale #$(mozilla-locale locale changeset hash-string)) - ...)) - -;; See tor-browser-build/rbm.conf for the list. -;; See browser/locales/l10n-changesets.json for the changeset. -;; See update-mozilla-locales in gnuzilla.scm to automate updating changeset. -(define %torbrowser-locales - (mozilla-locales - ;; sha256 changeset locale - ;;--------------------------------------------------------------------------- - ("14wnjv13alaj04pd8i8ysillbr3ic2jqa867rbj5ncz8h4hxxfxc" "4c7e24ef78bd" "ar") - ("0mcc15n3p7yk4zdbr3na2fm7wq2184mbcrkk3cvppkl6p4k8654d" "24d50653ab5c" "ca") - ("0ray22hdb3nrv2yi5z98cvbmpk9kpsv96a8wzad5dr4sxy44ii0d" "0d96b6b04bfb" "cs") - ("0is7qbykv2pj0z9ll9r35vwjp0x29vmfr10yjl3s0amfaqzjqpqc" "0a0b774407cc" "da") - ("0yq7m4v7d7ayg90m66j73mflrnp709qw9n7skhpsl9h1wbhrd7q7" "633986260777" "de") - ("19g2ha32syq6rjcyl4ypmy7sc9w7xkvrpkic5lfc2yja6ll9116p" "e2f2d1541e38" "el") - ("018qi9zn24kzfcidsj9lbqfg5n97r295yr8fs953nyfdbim9jsfv" "accf5e4506c0" "es-ES") - ("11prhmh2cp95dpv6z0k479mb11zbfm541bvigs3gnkh3nazjvc8q" "37aa71d77cb6" "fa") - ("1lv9l98q88ixb0ph970yzphahgzbl97x0w069bkxa54kblkv1ch1" "dc40a4fd5d0e" "fi") - ("0wx4k7mwhvpv5w0wa4y5pca2q3jac62jv804nxqnfwh1bvi90wv0" "415c1f0e84bd" "fr") - ("17j68a6rbaphfcq38mgz6s1076fyy92fk0ldw8igql6gd85qjlaa" "d271f275cf48" "ga-IE") - ("0b7qdayljb4ryyqgalvi626lzg238gyn03m3a2f7afs9zi6px526" "46f8d7c031a6" "he") - ("14xbrzvc09fcp7qzllb65nis27hkg9pg5615y29xzwiz4g090my1" "086ac0260d6b" "hu") - ("0q5s4iz02xgmbw6nnpg6xg4pwz7n55nvxb9mj8vqdakq3faybbd5" "f03a6b3069a5" "id") - ("1lwklx3nkm56420xc3kbg892jm2b6202sjw33nvv766sm9hbvcap" "5c4b61165e1d" "is") - ("1n7l5idw9399n8ih1r1d6m8vzpzhwmnxmr9i7jvygkdc8d6adp1k" "07d5e1ff5f9b" "it") - ("1w6nw9cd92p1ndy82wwlq9xizyq3i8rq0nj7118gbxbx368mk2kj" "e6f9db9ce3e6" "ja") - ("1js99gbyc1dj33xc425wb08s1aw3bfznaacrqhw3l42yw1g1ghy4" "a15eb9feea2c" "ka") - ("116a8s0k2yvijy7qf0xpqm5w66gdzs32jhc06364sdar5v34lyhh" "805b85981696" "ko") - ("1yrjrhmmd0b810kxryja1j1md3rr2zpn1j9cbg05dgp5s8i89psk" "943a26276832" "lt") - ("08zccz7gflzpr20y0hvhmdsiz6ncags39kh83cay5ivchyib5qbi" "fbef80de5499" "mk") - ("100k4ibpwys9i4ghi5xvmgwr9api67ngav2hvb613rj6hdfd57f7" "20ec0915ec35" "ms") - ("0kk3cjlpghbi7j3ndb2s0c7g838fzd2mpzg01bp0cra8lzd0n2ac" "4ab6f0d05aa6" "my") - ("1i3r2ici95mazw07m2mrf192fc6bfa3x6j3c2pcc1zg7z9srihgh" "561b0cd86ec1" "nb-NO") - ("1c0m8jhn52h1dif5bswrdwrlzppgga01y61wlii4aaaw15imd6yd" "2a55df0cc389" "nl") - ("1gssvg306b80drp7kvc35kvcxwldb5sga0bapaxhv362irq1nya8" "a64a7dab01c4" "pl") - ("1dzh13x85a7src8szbrq5pjmrbak4isln9xdwjk7a1yq4g9h7jgs" "33bf2a9f4c49" "pt-BR") - ("0jx9y7fv44wxqapmcgr924wgb1l5cm95bgpmnhnjchp1zpmyfdl5" "a367feeadd33" "ro") - ("09x2jirf04kgc118a70z0xrb3msbm7vr4f41ig4xrwf2s5b816r3" "528b76d6aaca" "ru") - ("02y898f0ncjwka474r9lw361b0kywx1w56hj09i7im4j5jrsjnh1" "fa28d9d79cd3" "sq") - ("1cyimbd42aaq2amyhdbbx26jwsns77lsfl8g9a70bsjlpwzwzryg" "cc8e8962e59c" "sv-SE") - ("03mqrvcal7i172gf9239q9fnynfp5kg9b3r1w8gr9iz7rkr22gw5" "d361502c559e" "th") - ("12srgqkqwaidcwbz0y7zr59165f7aq5k5s3b81ql7ixdbwia91pm" "f6173aca4762" "tr") - ("1d91gfx5p6wyb455syw0b57wxl1sd4b4kcdvfk92pb050rqaqfgv" "c5ad4d4f70eb" "uk") - ("1dj8q2jw60a184f018jyldl51rfmvz1cndz3kbw0cc5l5sli7hwr" "0e75c226763d" "vi") - ("1dl2dpif4wwrlpx7zkz5qf8kk4vhxyf63016xcfpbhxizqqwc1ki" "df2d025ed631" "zh-CN") - ("1c63ngff9lsc1x3pi6lnkyxw19gdc65yc67p7alzvrka3cv292ia" "11f8d68148a4" "zh-TW"))) - -;; We copy the official build id, which can be found there: -;; https://aus1.torproject.org/torbrowser/update_3/release/. -(define %moz-build-date "20240115174022") - -;; To find the last version, look at https://www.torproject.org/download/. -(define %torbrowser-version "13.0.9") - -;; To find the last Firefox version, browse -;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version> -;; There should be only one archive that starts with -;; "src-firefox-tor-browser-". -(define %torbrowser-firefox-version "115.7.0esr-13.0-1-build1") - -;; See tor-browser-build/projects/translation/config. -(define translation-base-browser - (origin - (method git-fetch) - (uri (git-reference - (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "cbd9b6c415ec2edb99237ef67ccd4f033a7b9c2a"))) - (file-name "translation-base-browser") - (sha256 - (base32 - "103dj1zzc68gxzjxwcpc4sbc6qca4zg8kkhdivzpq37ma07sp9sf")))) - -;; See tor-browser-build/projects/translation/config. -(define translation-tor-browser - (origin - (method git-fetch) - (uri (git-reference - (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "767ab5111f065b82151275775af5ecf7a529ef48"))) - (file-name "translation-tor-browser") - (sha256 - (base32 - "034s0ivbama497xq0904q8p6d7n2f2aa2vn2jcs9g4bvmhgwicw4")))) - -(define torbrowser-assets - ;; This is a prebuilt Torbrowser from which we take the assets we need. - (package - (name "torbrowser-assets") - (version %torbrowser-version) - (source - (origin - (method url-fetch) - (uri - (string-append - "https://archive.torproject.org/tor-package-archive/torbrowser/" - version "/tor-browser-linux-x86_64-" version ".tar.xz")) - (sha256 - (base32 - "0j143r24xzmq38nd5z1xqsa9zp35lws9rvlj6hb9xn3dnl67gh59")))) - (arguments - (list - #:install-plan - ''(("Browser" "." #:include-regexp - ("^\\./TorBrowser/Data/Tor/torrc-defaults" - "^\\./fonts/" - "^\\./fontconfig/fonts.conf"))))) - (build-system copy-build-system) - (home-page "https://www.torproject.org") - (synopsis "Tor Browser assets") - (description "This package contains fonts and configuration files for Tor -Browser.") - (license license:silofl1.1))) - -(define-public torbrowser - (package - (inherit icecat-minimal) - (name "torbrowser") - (version %torbrowser-version) - (source - (origin - (method url-fetch) - (uri - (string-append - "https://archive.torproject.org/tor-package-archive/torbrowser/" - version "/src-firefox-tor-browser-" %torbrowser-firefox-version - ".tar.xz")) - (sha256 - (base32 - "0h05js9j1drzw5q98nlphsmvlp1k2a71z5jd06xk6pz29w6322pw")))) - (build-system mozilla-build-system) - (arguments - (substitute-keyword-arguments (package-arguments icecat-minimal) - ((#:configure-flags flags '()) - #~(cons* - "--without-relative-data-dir" ;store is read-only - "--disable-base-browser-update" - ;; Default is "default", which is the same as "nightly". - "--enable-update-channel=release" - "--with-user-appdir=.torbrowser" - "--with-branding=browser/branding/tb-release" - (string-append "--prefix=" #$output) - (string-append "--with-base-browser-version=" #$version) - #$flags)) - ((#:phases phases) - #~(modify-phases #$phases - (add-before 'configure 'setenv - (lambda _ - (setenv "CONFIG_SHELL" (which "bash")) - ;; Install location is prefix/lib/$MOZ_APP_NAME. Also - ;; $MOZ_APP_NAME is the executable name. Default is - ;; "firefox". - (setenv "MOZ_APP_NAME" "torbrowser") - ;; Profile location (relative to "~/."). Default is - ;; lower($MOZ_APP_VENDOR/$MOZ_APP_BASENAME), which is: - ;; ~/.tor project/firefox. - (setenv "MOZ_APP_PROFILE" "torbrowser/browser") - ;; WM_CLASS (default is "$MOZ_APP_NAME-$MOZ_UPDATE_CHANNEL"). - (setenv "MOZ_APP_REMOTINGNAME" "Tor Browser") - ;; Persistent state directory for the build system (default is - ;; $HOME/.mozbuild). - (setenv "MOZBUILD_STATE_PATH" - (in-vicinity (getcwd) ".mozbuild")) - (setenv "MOZ_CHROME_MULTILOCALE" - (string-join (map car #$%torbrowser-locales))) - ;; Make build reproducible. - (setenv "MOZ_BUILD_DATE" #$%moz-build-date))) - (add-before 'configure 'mozconfig - (lambda* (#:key configure-flags #:allow-other-keys) - (with-output-to-file "mozconfig" - (lambda () - (format #t ". $topsrcdir/mozconfig-linux-x86_64~%") - (for-each (lambda (flag) - (format #t "ac_add_options ~a~%" flag)) - configure-flags))))) - (replace 'configure - (lambda _ - (invoke "./mach" "configure"))) - ;; See tor-browser-build/projects/firefox/build. - (add-before 'configure 'copy-firefox-locales - (lambda _ - (let ((l10ncentral ".mozbuild/l10n-central")) - (mkdir-p l10ncentral) - (for-each - (lambda (lang) - (copy-recursively (cdr lang) - (in-vicinity l10ncentral (car lang)))) - #$%torbrowser-locales)))) - (add-after 'copy-firefox-locales 'copy-basebrowser-locales - (lambda _ - (let ((l10ncentral ".mozbuild/l10n-central")) - ;; Temporary copy so that we can use ‘mv’ to mimic - ;; tor-browser-build/projects/firefox/build. - (copy-recursively #$translation-base-browser - "translation-base-browser") - (for-each - (lambda (lang) - (system - (format - #f (string-join - '("mv" - "translation-base-browser/~a/base-browser.ftl" - "~a/~a/browser/browser/")) - lang l10ncentral lang)) - (system - (format - #f (string-join - '("mv" - "translation-base-browser/~a/*" - "~a/~a/browser/chrome/browser/")) - lang l10ncentral lang))) - (map car #$%torbrowser-locales))))) - (add-after 'copy-basebrowser-locales 'copy-torbrowser-locales - (lambda _ - (let ((l10ncentral ".mozbuild/l10n-central")) - ;; Temporary copy so that we can use ‘mv’ to mimic - ;; tor-browser-build/projects/firefox/build. - (copy-recursively #$translation-tor-browser - "translation-tor-browser") - (for-each - (lambda (lang) - (system - (format - #f (string-join - '("mv" - "translation-tor-browser/~a/tor-browser.ftl" - "~a/~a/browser/browser/")) - lang l10ncentral lang)) - (system - (format - #f (string-join - '("mv" - "translation-tor-browser/~a/cryptoSafetyPrompt.properties" - "~a/~a/browser/chrome/browser/")) - lang l10ncentral lang)) - (system - (format - #f (string-join - '("mv" - "translation-tor-browser/~a" - "toolkit/torbutton/chrome/locale/")) - lang)) - (let ((port (open-file "toolkit/torbutton/jar.mn" "a"))) - (format port "% locale torbutton ~a %locale/~a/~%" - lang lang) - (format port " locale/~a/ (chrome/locale/~a/*)~%" - lang lang) - (close port))) - (map car #$%torbrowser-locales))))) - (add-before 'build 'fix-addons-placeholder - (lambda _ - (substitute* - "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl" - (("addons.mozilla.org") "gnuzilla.gnu.org")))) - (add-before 'build 'add-bridges ;see deploy.sh - (lambda _ - (let ((port (open-file - "browser/app/profile/000-tor-browser.js" "a"))) - (display - "#include ../../../tools/torbrowser/bridges.js" port) - (newline port) - (close port)))) - ;; See tor-browser-build/projects/firefox/build. - (add-after 'build 'build-locales - (lambda _ - (system (string-join '("./mach package-multi-locale --locales" - "en-US $MOZ_CHROME_MULTILOCALE"))))) - (add-after 'install 'deploy-assets - (lambda* (#:key inputs #:allow-other-keys) - (let ((lib (in-vicinity #$output "lib/torbrowser")) - (tor #$(this-package-input "tor-client"))) - ;; TorBrowser/Data/Tor/torrc-defaults - (copy-recursively (in-vicinity - #$torbrowser-assets "TorBrowser") - (in-vicinity lib "TorBrowser")) - (substitute* - (in-vicinity lib "TorBrowser/Data/Tor/torrc-defaults") - (("exec ./TorBrowser/Tor/PluggableTransports/lyrebird") - (string-append - "exec " (search-input-file inputs "bin/lyrebird")))) - ;; The geoip and geoip6 files are in the same directory as - ;; torrc-defaults. (See TorProcess.sys.mjs.) - (mkdir-p (in-vicinity lib "TorBrowser/Data/Tor")) - (copy-file (in-vicinity tor "share/tor/geoip") - (in-vicinity lib "TorBrowser/Data/Tor/geoip")) - (copy-file (in-vicinity tor "share/tor/geoip6") - (in-vicinity lib "TorBrowser/Data/Tor/geoip6")) - ;; Fonts - (copy-recursively (in-vicinity - #$torbrowser-assets "fontconfig") - (in-vicinity lib "fontconfig")) - (substitute* (in-vicinity lib "fontconfig/fonts.conf") - (("fonts") - (format #f "~a" (in-vicinity lib "fonts")))) - (delete-file-recursively (in-vicinity lib "fonts")) - (copy-recursively (in-vicinity #$torbrowser-assets "fonts") - (in-vicinity lib "fonts"))))) - (replace 'build-sandbox-whitelist - (lambda* (#:key inputs #:allow-other-keys) - (define (runpath-of lib) - (call-with-input-file lib - (compose elf-dynamic-info-runpath - elf-dynamic-info - parse-elf - get-bytevector-all))) - (define (runpaths-of-input label) - (let* ((dir (string-append (assoc-ref inputs label) "/lib")) - (libs (find-files dir "\\.so$"))) - (append-map runpath-of libs))) - ;; Populate the sandbox read-path whitelist as needed by ffmpeg. - (let* ((whitelist - (map (cut string-append <> "/") - (delete-duplicates - `(,(string-append (assoc-ref inputs "shared-mime-info") - "/share/mime") - ,@(append-map runpaths-of-input - '("mesa" "ffmpeg")))))) - (whitelist-string (string-join whitelist ","))) - (with-output-to-file "whitelist.txt" - (lambda () - (display whitelist-string)))))) - (add-after 'install 'autoconfig - (lambda* (#:key inputs #:allow-other-keys) - (let ((lib (in-vicinity #$output "lib/torbrowser")) - (config-file "tor-browser.cfg")) - (with-output-to-file (in-vicinity - lib "defaults/pref/autoconfig.js") - (lambda () - (format #t "// first line must be a comment~%") - (format #t "pref(~s, ~s);~%" - "general.config.filename" config-file) - (format #t "pref(~s, ~a);~%" - "general.config.obscure_value" "0"))) - (with-output-to-file (in-vicinity lib config-file) - (lambda () - (format #t "// first line must be a comment~%") - (format #t "pref(~s, ~s);~%" - "extensions.torlauncher.torrc-defaults_path" - (in-vicinity - lib "TorBrowser/Data/Tor/torrc-defaults")) - (format #t "pref(~s, ~s);~%" - "extensions.torlauncher.tor_path" - (search-input-file inputs "bin/tor")) - ;; Required for Guix packaged extensions - ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8 - ;; Default is 5. - (format #t "pref(~s, ~a);~%" - "extensions.enabledScopes" "13") - (format #t "pref(~s, ~s);~%" - "security.sandbox.content.read_path_whitelist" - (call-with-input-file "whitelist.txt" - get-string-all)) - ;; Add-ons pannel (see settings.js in Icecat source). - (format #t "pref(~s, ~s);~%" - "extensions.getAddons.search.browseURL" - "https://gnuzilla.gnu.org/mozzarella") - (format #t "pref(~s, ~s);~%" - "extensions.getAddons.get.url" - "https://gnuzilla.gnu.org/mozzarella") - (format #t "pref(~s, ~s);~%" - "extensions.getAddons.link.url" - "https://gnuzilla.gnu.org/mozzarella") - (format #t "pref(~s, ~s);~%" - "extensions.getAddons.discovery.api_url" - "https://gnuzilla.gnu.org/mozzarella") - (format #t "pref(~s, ~s);~%" - "extensions.getAddons.langpacks.url" - "https://gnuzilla.gnu.org/mozzarella") - (format #t "pref(~s, ~s);~%" - "lightweightThemes.getMoreURL" - "https://gnuzilla.gnu.org/mozzarella")))))) - (replace 'wrap-program - (lambda* (#:key inputs #:allow-other-keys) - (let* ((gtk #$(this-package-input "gtk+")) - (gtk-share (string-append gtk "/share")) - (fonts.conf (in-vicinity - #$output - "lib/torbrowser/fontconfig/fonts.conf")) - (ld-libs '#$(cons - (file-append - (this-package-input "libcanberra") - "/lib/gtk-3.0/modules") - (map - (lambda (label) - (file-append - (this-package-input label) "/lib")) - '("libpng-apng" - "libxscrnsaver" - "mesa" - "pciutils" - "mit-krb5" - "eudev" - "pulseaudio" - "libnotify"))))) - (wrap-program - (in-vicinity #$output "lib/torbrowser/torbrowser") - `("XDG_DATA_DIRS" prefix (,gtk-share)) - `("LD_LIBRARY_PATH" prefix ,ld-libs) - `("FONTCONFIG_FILE" prefix (,fonts.conf)))))) - (replace 'install-desktop-entry - (lambda _ - (let ((apps (in-vicinity #$output "share/applications"))) - (mkdir-p apps) - (make-desktop-entry-file - (in-vicinity apps "torbrowser.desktop") - #:name "Tor Browser" - #:exec - (format #f "~a %u" (in-vicinity #$output "bin/torbrowser")) - #:comment - "Tor Browser is +1 for privacy and -1 for mass surveillance" - #:categories '("Network" "WebBrowser" "Security") - #:startup-w-m-class "Tor Browser" - #:icon "tor-browser")))) - (replace 'install-icons - (lambda* (#:key inputs #:allow-other-keys) - (for-each - (lambda (size) - (let ((oldpath (string-append - "browser/branding/tb-release/default" - size ".png")) - (newpath (string-append #$output - "/share/icons/hicolor/" - size "x" size "/apps"))) - (mkdir-p newpath) - (copy-file oldpath - (in-vicinity newpath "tor-browser.png")))) - '("16" "22" "24" "32" "48" "64" "128" "256")))))))) - (inputs - (modify-inputs (package-inputs icecat-minimal) - (append go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird - tor-client))) - (propagated-inputs - (list noscript/icecat)) - (home-page "https://www.torproject.org") - (synopsis "Anonymous browser derived from Mozilla Firefox") - (description - "Tor Browser is the Tor Project version of Firefox browser. It is the -only recommended way to anonymously browse the web that is supported by the -project. It modifies Firefox in order to avoid many know application level -attacks on the privacy of Tor users.") - (license license:mpl2.0))) ;And others, see - ;toolkit/content/license.html