gnu: Add torbrowser.

* gnu/packages/tor.scm (torbrowser): New variable.
(torbrowser-assets): New variable.
* gnu/packages/browser-extensions.scm (noscript): New variable.
(noscript/icecat): New variable.

Co-authored-by: André Batista <nandre@riseup.net>
Change-Id: I73dc53905e4a028108bb34aae07e44256cf16c85
This commit is contained in:
Clément Lassieur 2023-11-12 02:23:54 +01:00
parent 5bd80ccd69
commit 756ba0429e
No known key found for this signature in database
GPG key ID: 89F96D4808F359C7
3 changed files with 309 additions and 2 deletions

View file

@ -21,6 +21,7 @@
(define-module (gnu packages browser-extensions)
#:use-module (guix gexp)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system copy)
#:use-module (guix build-system gnu)
@ -251,3 +252,28 @@ (define keepassxc-browser
(define-public keepassxc-browser/icecat
(make-icecat-extension keepassxc-browser))
(define noscript
(package
(name "noscript")
(version "11.4.29")
(source (origin
(method url-fetch/zipbomb)
(uri (string-append
"https://noscript.net/download/releases/noscript-" version
".xpi"))
(sha256
(base32
"1k94zvv2ypmhc29f5d2zrvigwh1xgi5kwm1kqfxarwjyn108if85"))))
(build-system copy-build-system)
(properties '((addon-id . "{73a6fe31-595d-460b-a920-fcc0f8843232}")))
(arguments
`(#:install-plan '(("." ,(assq-ref properties 'addon-id)))))
(home-page "https://noscript.net")
(synopsis "Software providing extra protection for various browsers.")
(description "The NoScript Security Suite is a software providing extra
protection for web browsers.")
(license license:gpl3+)))
(define-public noscript/icecat
(make-icecat-extension noscript))

View file

@ -70,7 +70,6 @@ (define-module (gnu packages gnupg)
#:use-module (gnu packages swig)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages tls)
#:use-module (gnu packages tor)
#:use-module (gnu packages web)
#:use-module (gnu packages xorg)
#:use-module (gnu packages xdisorg)
@ -1123,7 +1122,7 @@ (define-public parcimonie
perl-try-tiny
perl-type-tiny
perl-types-path-tiny
torsocks))
(@ (gnu packages tor) torsocks))) ;avoid dependency loop
(native-inputs
(list perl-file-which
perl-gnupg-interface

View file

@ -36,11 +36,15 @@ (define-module (gnu packages tor)
#:use-module (guix utils)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system copy)
#:use-module (guix build-system gnu)
#:use-module (guix build-system mozilla)
#:use-module (guix build-system python)
#:use-module (guix build-system pyproject)
#:use-module (gnu packages)
#:use-module (gnu packages base)
#:use-module (gnu packages bash)
#:use-module (gnu packages browser-extensions)
#:use-module (gnu packages libevent)
#:use-module (gnu packages linux)
#:use-module (gnu packages check)
@ -48,6 +52,7 @@ (define-module (gnu packages tor)
#:use-module (gnu packages pcre)
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages glib)
#:use-module (gnu packages gnuzilla)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages python-check)
@ -483,3 +488,280 @@ (define-public tractor
the onion proxy and sets up proxy in user session, so you don't have to mess
up with TOR on your system anymore.")
(license license:gpl3+)))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
(package
(name "torbrowser-assets")
;; To find the last version, look at https://www.torproject.org/download/.
(version "13.0.8")
(source
(origin
(method url-fetch)
(uri
(string-append
"https://archive.torproject.org/tor-package-archive/torbrowser/"
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
"0v67x3pa0mga970andlz58k2wz8b8x7aman8gkkahnd003h9qgvq"))))
(arguments
(list
#:install-plan
''(("Browser" "." #:include-regexp
("^\\./TorBrowser/Data/Tor/torrc-defaults"
"^\\./fonts/"
"^\\./fontconfig/fonts.conf")))))
(build-system copy-build-system)
(home-page "https://www.torproject.org")
(synopsis "Tor Browser assets")
(description "This package contains fonts and configuration files for Tor
Browser.")
(license license:silofl1.1)))
;; Must be of the form YYYYMMDDhhmmss as in `date +%Y%m%d%H%M%S`.
(define %moz-build-date "20231219173144")
(define-public torbrowser
(package
(inherit icecat-minimal)
(name "torbrowser")
;; To find the last version, browse
;; https://archive.torproject.org/tor-package-archive/torbrowser/<version>
;; (<version> is the version of the `torbrowser-assets` package). There
;; should be only one archive that starts with "src-firefox-tor-browser-".
(version "115.6.0esr-13.0-1-build2")
(source
(origin
(method url-fetch)
(uri
(string-append
"https://archive.torproject.org/tor-package-archive/torbrowser/"
(package-version torbrowser-assets)
"/src-firefox-tor-browser-" version ".tar.xz"))
(sha256
(base32
"1c0p8aya7sh7nmawngkyzx2r02mvl9nd53hx2bl0jwvsj1vxxhca"))))
(build-system mozilla-build-system)
(arguments
(substitute-keyword-arguments (package-arguments icecat-minimal)
((#:configure-flags flags '())
#~(cons*
"--without-relative-data-dir" ;store is read-only
"--disable-base-browser-update"
;; Default is "default", which is the same as "nightly".
"--enable-update-channel=release"
"--with-user-appdir=.torbrowser"
"--with-branding=browser/branding/tb-release"
(string-append "--prefix=" #$output)
(string-append "--with-base-browser-version="
#$(package-version
(this-package-input "torbrowser-assets")))
#$flags))
((#:phases phases)
#~(modify-phases #$phases
(add-before 'configure 'setenv
(lambda _
(setenv "CONFIG_SHELL" (which "bash"))
;; Install location is prefix/lib/$MOZ_APP_NAME. Also
;; $MOZ_APP_NAME is the executable name. Default is
;; "firefox".
(setenv "MOZ_APP_NAME" "torbrowser")
;; Profile location (relative to "~/."). Default is
;; lower($MOZ_APP_VENDOR/$MOZ_APP_BASENAME), which is:
;; ~/.tor project/firefox.
(setenv "MOZ_APP_PROFILE" "torbrowser/browser")
;; WM_CLASS (default is "$MOZ_APP_NAME-$MOZ_UPDATE_CHANNEL").
(setenv "MOZ_APP_REMOTINGNAME" "Tor Browser")
;; Persistent state directory for the build system (default is
;; $HOME/.mozbuild).
(setenv "MOZBUILD_STATE_PATH"
(in-vicinity (getcwd) ".mozbuild"))
;; Make build reproducible.
(setenv "MOZ_BUILD_DATE" #$%moz-build-date)))
(add-before 'configure 'mozconfig
(lambda* (#:key configure-flags #:allow-other-keys)
(with-output-to-file "mozconfig"
(lambda ()
(format #t ". $topsrcdir/mozconfig-linux-x86_64~%")
(for-each (lambda (flag)
(format #t "ac_add_options ~a~%" flag))
configure-flags)))))
(replace 'configure
(lambda _
(invoke "./mach" "configure")))
(add-before 'build 'fix-addons-placeholder
(lambda _
(substitute*
"toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
(("addons.mozilla.org") "gnuzilla.gnu.org"))))
(add-after 'install 'deploy-assets
(lambda _
(let ((assets #$(this-package-input "torbrowser-assets"))
(lib (in-vicinity #$output "lib/torbrowser"))
(tor #$(this-package-input "tor-client")))
;; TorBrowser/Data/Tor/torrc-defaults
(copy-recursively (in-vicinity assets "TorBrowser")
(in-vicinity lib "TorBrowser"))
;; The geoip and geoip6 files are in the same directory as
;; torrc-defaults. (See TorProcess.sys.mjs.)
(mkdir-p (in-vicinity lib "TorBrowser/Data/Tor"))
(copy-file (in-vicinity tor "share/tor/geoip")
(in-vicinity lib "TorBrowser/Data/Tor/geoip"))
(copy-file (in-vicinity tor "share/tor/geoip6")
(in-vicinity lib "TorBrowser/Data/Tor/geoip6"))
;; Fonts
(copy-recursively (in-vicinity assets "fontconfig")
(in-vicinity lib "fontconfig"))
(substitute* (in-vicinity lib "fontconfig/fonts.conf")
(("<dir>fonts</dir>")
(format #f "<dir>~a</dir>" (in-vicinity lib "fonts"))))
(delete-file-recursively (in-vicinity lib "fonts"))
(copy-recursively (in-vicinity assets "fonts")
(in-vicinity lib "fonts")))))
(replace 'build-sandbox-whitelist
(lambda* (#:key inputs #:allow-other-keys)
(define (runpath-of lib)
(call-with-input-file lib
(compose elf-dynamic-info-runpath
elf-dynamic-info
parse-elf
get-bytevector-all)))
(define (runpaths-of-input label)
(let* ((dir (string-append (assoc-ref inputs label) "/lib"))
(libs (find-files dir "\\.so$")))
(append-map runpath-of libs)))
;; Populate the sandbox read-path whitelist as needed by ffmpeg.
(let* ((whitelist
(map (cut string-append <> "/")
(delete-duplicates
`(,(string-append (assoc-ref inputs "shared-mime-info")
"/share/mime")
,@(append-map runpaths-of-input
'("mesa" "ffmpeg"))))))
(whitelist-string (string-join whitelist ",")))
(with-output-to-file "whitelist.txt"
(lambda ()
(display whitelist-string))))))
(add-after 'install 'autoconfig
(lambda* (#:key inputs #:allow-other-keys)
(let ((lib (in-vicinity #$output "lib/torbrowser"))
(config-file "tor-browser.cfg"))
(with-output-to-file (in-vicinity
lib "defaults/pref/autoconfig.js")
(lambda ()
(format #t "// first line must be a comment~%")
(format #t "pref(~s, ~s);~%"
"general.config.filename" config-file)
(format #t "pref(~s, ~a);~%"
"general.config.obscure_value" "0")))
(with-output-to-file (in-vicinity lib config-file)
(lambda ()
(format #t "// first line must be a comment~%")
(format #t "pref(~s, ~s);~%"
"extensions.torlauncher.torrc-defaults_path"
(in-vicinity
lib "TorBrowser/Data/Tor/torrc-defaults"))
(format #t "pref(~s, ~s);~%"
"extensions.torlauncher.tor_path"
(search-input-file inputs "bin/tor"))
;; Required for Guix packaged extensions
;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8
;; Default is 5.
(format #t "pref(~s, ~a);~%"
"extensions.enabledScopes" "13")
(format #t "pref(~s, ~s);~%"
"security.sandbox.content.read_path_whitelist"
(call-with-input-file "whitelist.txt"
get-string-all))
;; Add-ons pannel (see settings.js in Icecat source).
(format #t "pref(~s, ~s);~%"
"extensions.getAddons.search.browseURL"
"https://gnuzilla.gnu.org/mozzarella")
(format #t "pref(~s, ~s);~%"
"extensions.getAddons.get.url"
"https://gnuzilla.gnu.org/mozzarella")
(format #t "pref(~s, ~s);~%"
"extensions.getAddons.link.url"
"https://gnuzilla.gnu.org/mozzarella")
(format #t "pref(~s, ~s);~%"
"extensions.getAddons.discovery.api_url"
"https://gnuzilla.gnu.org/mozzarella")
(format #t "pref(~s, ~s);~%"
"extensions.getAddons.langpacks.url"
"https://gnuzilla.gnu.org/mozzarella")
(format #t "pref(~s, ~s);~%"
"lightweightThemes.getMoreURL"
"https://gnuzilla.gnu.org/mozzarella"))))))
(replace 'wrap-program
(lambda* (#:key inputs #:allow-other-keys)
(let* ((gtk #$(this-package-input "gtk+"))
(gtk-share (string-append gtk "/share"))
(fonts.conf (in-vicinity
#$output
"lib/torbrowser/fontconfig/fonts.conf"))
(ld-libs '#$(cons
(file-append
(this-package-input "libcanberra")
"/lib/gtk-3.0/modules")
(map
(lambda (label)
(file-append
(this-package-input label) "/lib"))
'("libpng-apng"
"libxscrnsaver"
"mesa"
"pciutils"
"mit-krb5"
"eudev"
"pulseaudio"
"libnotify")))))
(wrap-program
(in-vicinity #$output "lib/torbrowser/torbrowser")
`("XDG_DATA_DIRS" prefix (,gtk-share))
`("LD_LIBRARY_PATH" prefix ,ld-libs)
`("FONTCONFIG_FILE" prefix (,fonts.conf))))))
(replace 'install-desktop-entry
(lambda _
(let ((apps (in-vicinity #$output "share/applications")))
(mkdir-p apps)
(make-desktop-entry-file
(in-vicinity apps "torbrowser.desktop")
#:name "Tor Browser"
#:exec
(format #f "~a %u" (in-vicinity #$output "bin/torbrowser"))
#:comment
"Tor Browser is +1 for privacy and -1 for mass surveillance"
#:categories '("Network" "WebBrowser" "Security")
#:startup-w-m-class "Tor Browser"
#:icon "tor-browser"))))
(replace 'install-icons
(lambda* (#:key inputs #:allow-other-keys)
(for-each
(lambda (size)
(let ((oldpath (string-append
"browser/branding/tb-release/default"
size ".png"))
(newpath (string-append #$output
"/share/icons/hicolor/"
size "x" size "/apps")))
(mkdir-p newpath)
(copy-file oldpath
(in-vicinity newpath "tor-browser.png"))))
'("16" "22" "24" "32" "48" "64" "128" "256"))))))))
(inputs
(modify-inputs (package-inputs icecat-minimal)
(append bash-minimal
tor-client
torbrowser-assets)))
(propagated-inputs
(list noscript/icecat))
(home-page "https://www.torproject.org")
(synopsis "Anonymous browser derived from Mozilla Firefox")
(description
"Tor Browser is the Tor Project version of Firefox browser. It is the
only recommended way to anonymously browse the web that is supported by the
project. It modifies Firefox in order to avoid many know application level
attacks on the privacy of Tor users.")
(license license:mpl2.0))) ;And others, see
;toolkit/content/license.html