nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-24 07:53:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #260871 from felschr/tor-browser-wrapper

Browse Source 
tor-browser: use system install & simplify wrapper
This commit is contained in:
Mario Rodas 2023-12-16 18:48:27 -05:00 committed by GitHub
commit 13b9604210
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 33 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

219
pkgs/applications/networking/browsers/tor-browser/default.nix
View File

@ -1,8 +1,12 @@
{ lib, stdenv { lib
, stdenv
, fetchurl , fetchurl
, makeDesktopItem , makeDesktopItem
, copyDesktopItems
, makeWrapper
, writeText , writeText
, autoPatchelfHook , autoPatchelfHook
, wrapGAppsHook
, callPackage , callPackage
, atk , atk
@ -33,6 +37,9 @@
, libdrm , libdrm
, libGL , libGL
, mediaSupport ? true
, ffmpeg
, audioSupport ? mediaSupport , audioSupport ? mediaSupport
, pipewireSupport ? audioSupport , pipewireSupport ? audioSupport
@ -46,18 +53,6 @@
, libvaSupport ? mediaSupport , libvaSupport ? mediaSupport
, libva , libva
# Media support (implies audio support)
, mediaSupport ? true
, ffmpeg
# Wrapper runtime
, coreutils
, glibcLocales
, gnome
, runtimeShell
, shared-mime-info
, gsettings-desktop-schemas
# Hardening # Hardening
, graphene-hardened-malloc , graphene-hardened-malloc
# Whether to use graphene-hardened-malloc # Whether to use graphene-hardened-malloc
@ -149,7 +144,7 @@ stdenv.mkDerivation rec {
src = sources.${stdenv.hostPlatform.system} or (throw "unsupported system: ${stdenv.hostPlatform.system}"); src = sources.${stdenv.hostPlatform.system} or (throw "unsupported system: ${stdenv.hostPlatform.system}");
nativeBuildInputs = [ autoPatchelfHook ]; nativeBuildInputs = [ autoPatchelfHook copyDesktopItems makeWrapper wrapGAppsHook ];
buildInputs = [ buildInputs = [
gtk3 gtk3
alsa-lib alsa-lib
@ -160,15 +155,15 @@ stdenv.mkDerivation rec {
preferLocalBuild = true; preferLocalBuild = true;
allowSubstitutes = false; allowSubstitutes = false;
desktopItem = makeDesktopItem { desktopItems = [(makeDesktopItem {
name = "torbrowser"; name = "torbrowser";
exec = "tor-browser"; exec = "tor-browser %U";
icon = "torbrowser"; icon = "tor-browser";
desktopName = "Tor Browser"; desktopName = "Tor Browser";
genericName = "Web Browser"; genericName = "Web Browser";
comment = meta.description; comment = meta.description;
categories = [ "Network" "WebBrowser" "Security" ]; categories = [ "Network" "WebBrowser" "Security" ];
}; })];
buildPhase = '' buildPhase = ''
runHook preBuild runHook preBuild
@ -191,6 +186,9 @@ stdenv.mkDerivation rec {
# firefox is a wrapper that checks for a more recent libstdc++ & appends it to the ld path # firefox is a wrapper that checks for a more recent libstdc++ & appends it to the ld path
mv firefox.real firefox mv firefox.real firefox
# store state at `~/.tor browser` instead of relative to executable
touch "$TBB_IN_STORE/system-install"
# The final libPath. Note, we could split this into firefoxLibPath # The final libPath. Note, we could split this into firefoxLibPath
# and torLibPath for accuracy, but this is more convenient ... # and torLibPath for accuracy, but this is more convenient ...
libPath=${libPath}:$TBB_IN_STORE:$TBB_IN_STORE/TorBrowser/Tor libPath=${libPath}:$TBB_IN_STORE:$TBB_IN_STORE/TorBrowser/Tor
@ -214,7 +212,6 @@ stdenv.mkDerivation rec {
sed -i TorBrowser/Data/Tor/torrc-defaults \ sed -i TorBrowser/Data/Tor/torrc-defaults \
-e "s|\(ClientTransportPlugin snowflake\) exec|\1 exec $interp|" -e "s|\(ClientTransportPlugin snowflake\) exec|\1 exec $interp|"
# Prepare for autoconfig. # Prepare for autoconfig.
# #
# See https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment # See https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment
@ -228,12 +225,11 @@ stdenv.mkDerivation rec {
cat >mozilla.cfg <<EOF cat >mozilla.cfg <<EOF
// First line must be a comment // First line must be a comment
// Always update via Nixpkgs // Reset pref that captures store paths.
lockPref("app.update.auto", false); clearPref("extensions.xpiState");
lockPref("app.update.enabled", false);
lockPref("extensions.update.autoUpdateDefault", false); // Stop obnoxious first-run redirection.
lockPref("extensions.update.enabled", false); lockPref("noscript.firstRunRedirection", false);
lockPref("extensions.torbutton.versioncheck_enabled", false);
// User should never change these. Locking prevents these // User should never change these. Locking prevents these
// values from being written to prefs.js, avoiding Store // values from being written to prefs.js, avoiding Store
@ -241,12 +237,6 @@ stdenv.mkDerivation rec {
lockPref("extensions.torlauncher.torrc-defaults_path", "$TBB_IN_STORE/TorBrowser/Data/Tor/torrc-defaults"); lockPref("extensions.torlauncher.torrc-defaults_path", "$TBB_IN_STORE/TorBrowser/Data/Tor/torrc-defaults");
lockPref("extensions.torlauncher.tor_path", "$TBB_IN_STORE/TorBrowser/Tor/tor"); lockPref("extensions.torlauncher.tor_path", "$TBB_IN_STORE/TorBrowser/Tor/tor");
// Reset pref that captures store paths.
clearPref("extensions.xpiState");
// Stop obnoxious first-run redirection.
lockPref("noscript.firstRunRedirection", false);
// Insist on using IPC for communicating with Tor // Insist on using IPC for communicating with Tor
// //
// Defaults to creating \$XDG_RUNTIME_DIR/Tor/{socks,control}.socket // Defaults to creating \$XDG_RUNTIME_DIR/Tor/{socks,control}.socket
@ -269,18 +259,12 @@ stdenv.mkDerivation rec {
''} ''}
EOF EOF
# Hard-code path to TBB fonts; see also FONTCONFIG_FILE in # FONTCONFIG_FILE is required to make fontconfig read the TBB
# the wrapper below. # fonts.conf; upstream uses FONTCONFIG_PATH, but FC_DEBUG=1024
# indicates the system fonts.conf being used instead.
FONTCONFIG_FILE=$TBB_IN_STORE/fontconfig/fonts.conf FONTCONFIG_FILE=$TBB_IN_STORE/fontconfig/fonts.conf
sed -i "$FONTCONFIG_FILE" \ sed -i "$FONTCONFIG_FILE" \
-e "s,<dir>fonts</dir>,<dir>$TBB_IN_STORE/fonts</dir>," -e "s,<dir>fonts</dir>,<dir>$TBB_IN_STORE/fonts</dir>,"
# Preload extensions by moving into the runtime instead of storing under the
# user's profile directory.
# See https://support.mozilla.org/en-US/kb/deploying-firefox-with-extensions
mkdir -p "$TBB_IN_STORE/distribution/extensions"
mv "$TBB_IN_STORE/TorBrowser/Data/Browser/profile.default/extensions/"* \
"$TBB_IN_STORE/distribution/extensions"
# Hard-code paths to geoip data files. TBB resolves the geoip files # Hard-code paths to geoip data files. TBB resolves the geoip files
# relative to torrc-defaults_path but if we do not hard-code them # relative to torrc-defaults_path but if we do not hard-code them
@ -291,156 +275,20 @@ stdenv.mkDerivation rec {
GeoIPv6File $TBB_IN_STORE/TorBrowser/Data/Tor/geoip6 GeoIPv6File $TBB_IN_STORE/TorBrowser/Data/Tor/geoip6
EOF EOF
WRAPPER_LD_PRELOAD=${lib.optionalString (useHardenedMalloc == true)
"${graphene-hardened-malloc}/lib/libhardened_malloc.so"}
WRAPPER_XDG_DATA_DIRS=${lib.concatMapStringsSep ":" (x: "${x}/share") [
gnome.adwaita-icon-theme
shared-mime-info
]}
WRAPPER_XDG_DATA_DIRS+=":"${lib.concatMapStringsSep ":" (x: "${x}/share/gsettings-schemas/${x.name}") [
glib
gsettings-desktop-schemas
gtk3
]};
# Generate wrapper
mkdir -p $out/bin mkdir -p $out/bin
cat > "$out/bin/tor-browser" << EOF
#! ${runtimeShell}
set -o errexit -o nounset
PATH=${lib.makeBinPath [ coreutils ]} makeWrapper "$TBB_IN_STORE/firefox" "$out/bin/tor-browser" \
export LC_ALL=C --prefix LD_PRELOAD : "${lib.optionalString (useHardenedMalloc == true)
export LOCALE_ARCHIVE=${glibcLocales}/lib/locale/locale-archive "${graphene-hardened-malloc}/lib/libhardened_malloc.so"}" \
--prefix LD_LIBRARY_PATH : "$libPath" \
# Enter local state directory. --set FONTCONFIG_FILE "$FONTCONFIG_FILE" \
REAL_HOME=\''${HOME%/} --set-default MOZ_ENABLE_WAYLAND 1
TBB_HOME=\''${TBB_HOME:-''${XDG_DATA_HOME:-\$REAL_HOME/.local/share}/tor-browser}
HOME=\$TBB_HOME
mkdir -p "\$HOME"
cd "\$HOME"
# Initialize empty TBB local state directory hierarchy. We
# intentionally mirror the layout that TBB would see if executed from
# the unpacked bundle dir.
mkdir -p "\$HOME/TorBrowser" "\$HOME/TorBrowser/Data"
# Initialize the Tor data directory.
mkdir -p "\$HOME/TorBrowser/Data/Tor"
# TBB will fail if ownership is too permissive
chmod 0700 "\$HOME/TorBrowser/Data/Tor"
# Initialize the browser profile state.
# All files under user's profile dir are generated by TBB.
mkdir -p "\$HOME/TorBrowser/Data/Browser/profile.default"
# Clear some files if the last known store path is different from the new one
: "\''${KNOWN_STORE_PATH:=\$HOME/known-store-path}"
if ! [ "\$KNOWN_STORE_PATH" -ef $out ]; then
echo "Cleanup files with outdated store references"
ln -Tsf $out "\$KNOWN_STORE_PATH"
# Clear out some files that tend to capture store references but are
# easily generated by firefox at startup.
rm -f "\$HOME/TorBrowser/Data/Browser/profile.default"/{addonStartup.json.lz4,compatibility.ini,extensions.ini,extensions.json}
rm -f "\$HOME/TorBrowser/Data/Browser/profile.default"/startupCache/*
fi
# XDG
: "\''${XDG_RUNTIME_DIR:=/run/user/\$(id -u)}"
: "\''${XDG_CONFIG_HOME:=\$REAL_HOME/.config}"
${lib.optionalString pulseaudioSupport ''
# Figure out some envvars for pulseaudio
: "\''${PULSE_SERVER:=\$XDG_RUNTIME_DIR/pulse/native}"
: "\''${PULSE_COOKIE:=\$XDG_CONFIG_HOME/pulse/cookie}"
''}
# Font cache files capture store paths; clear them out on the off
# chance that TBB would continue using old font files.
rm -rf "\$HOME/.cache/fontconfig"
# Manually specify data paths (by default TB attempts to create these in the store)
{
echo "user_pref(\"extensions.torlauncher.toronionauthdir_path\", \"\$HOME/TorBrowser/Data/Tor/onion-auth\");"
echo "user_pref(\"extensions.torlauncher.torrc_path\", \"\$HOME/TorBrowser/Data/Tor/torrc\");"
echo "user_pref(\"extensions.torlauncher.tordatadir_path\", \"\$HOME/TorBrowser/Data/Tor\");"
} >> "\$HOME/TorBrowser/Data/Browser/profile.default/prefs.js"
# Lift-off
#
# XAUTHORITY and DISPLAY are required for TBB to work at all.
#
# DBUS_SESSION_BUS_ADDRESS is inherited to avoid auto-launch; to
# prevent that, set it to an empty/invalid value prior to running
# tor-browser.
#
# PULSE_SERVER is necessary for audio playback.
#
# Setting FONTCONFIG_FILE is required to make fontconfig read the TBB
# fonts.conf; upstream uses FONTCONFIG_PATH, but FC_DEBUG=1024
# indicates the system fonts.conf being used instead.
#
# XDG_DATA_DIRS is set to prevent searching system dirs (looking for .desktop & icons)
exec env -i \
LD_PRELOAD=$WRAPPER_LD_PRELOAD \
\
TZ=":" \
TZDIR="\''${TZDIR:-}" \
LOCALE_ARCHIVE="\$LOCALE_ARCHIVE" \
\
TMPDIR="\''${TMPDIR:-/tmp}" \
HOME="\$HOME" \
XAUTHORITY="\''${XAUTHORITY:-\$HOME/.Xauthority}" \
DISPLAY="\''${DISPLAY:-}" \
DBUS_SESSION_BUS_ADDRESS="\''${DBUS_SESSION_BUS_ADDRESS:-unix:path=\$XDG_RUNTIME_DIR/bus}" \\
\
XDG_DATA_HOME="\$HOME/.local/share" \
XDG_DATA_DIRS="$WRAPPER_XDG_DATA_DIRS" \
\
PULSE_SERVER="\''${PULSE_SERVER:-}" \
PULSE_COOKIE="\''${PULSE_COOKIE:-}" \
\
MOZ_ENABLE_WAYLAND="\''${MOZ_ENABLE_WAYLAND:-}" \
WAYLAND_DISPLAY="\''${WAYLAND_DISPLAY:-}" \
XDG_RUNTIME_DIR="\''${XDG_RUNTIME_DIR:-}" \
XCURSOR_PATH="\''${XCURSOR_PATH:-}" \
\
APULSE_PLAYBACK_DEVICE="\''${APULSE_PLAYBACK_DEVICE:-plug:dmix}" \
\
TOR_SKIP_LAUNCH="\''${TOR_SKIP_LAUNCH:-}" \
TOR_CONTROL_HOST="\''${TOR_CONTROL_HOST:-}" \
TOR_CONTROL_PORT="\''${TOR_CONTROL_PORT:-}" \
TOR_CONTROL_COOKIE_AUTH_FILE="\''${TOR_CONTROL_COOKIE_AUTH_FILE:-}" \
TOR_CONTROL_PASSWD="\''${TOR_CONTROL_PASSWD:-}" \
TOR_SOCKS_HOST="\''${TOR_SOCKS_HOST:-}" \
TOR_SOCKS_PORT="\''${TOR_SOCKS_PORT:-}" \
\
FONTCONFIG_FILE="$FONTCONFIG_FILE" \
\
LD_LIBRARY_PATH="$libPath" \
\
"$TBB_IN_STORE/firefox" \
--class "Tor Browser" \
-no-remote \
-profile "\$HOME/TorBrowser/Data/Browser/profile.default" \
"\''${@}"
EOF
chmod +x $out/bin/tor-browser
# Easier access to docs # Easier access to docs
mkdir -p $out/share/doc mkdir -p $out/share/doc
ln -s $TBB_IN_STORE/TorBrowser/Docs $out/share/doc/tor-browser ln -s $TBB_IN_STORE/TorBrowser/Docs $out/share/doc/tor-browser
# Install .desktop item # Install icons
mkdir -p $out/share/applications
cp $desktopItem/share/applications"/"* $out/share/applications
sed -i $out/share/applications/torbrowser.desktop \
-e "s,Exec=.*,Exec=$out/bin/tor-browser," \
-e "s,Icon=.*,Icon=tor-browser,"
for i in 16 32 48 64 128; do for i in 16 32 48 64 128; do
mkdir -p $out/share/icons/hicolor/''${i}x''${i}/apps/ mkdir -p $out/share/icons/hicolor/''${i}x''${i}/apps/
ln -s $out/share/tor-browser/browser/chrome/icons/default/default$i.png $out/share/icons/hicolor/''${i}x''${i}/apps/tor-browser.png ln -s $out/share/tor-browser/browser/chrome/icons/default/default$i.png $out/share/icons/hicolor/''${i}x''${i}/apps/tor-browser.png
@ -451,8 +299,7 @@ stdenv.mkDerivation rec {
LD_LIBRARY_PATH=$libPath $TBB_IN_STORE/TorBrowser/Tor/tor --version >/dev/null LD_LIBRARY_PATH=$libPath $TBB_IN_STORE/TorBrowser/Tor/tor --version >/dev/null
echo "Checking tor-browser wrapper ..." echo "Checking tor-browser wrapper ..."
TBB_HOME=$(mktemp -d) \ $out/bin/tor-browser --version >/dev/null
$out/bin/tor-browser --version >/dev/null
runHook postBuild runHook postBuild
''; '';