nixpkgs/pkgs/applications/networking
Joachim Fasting ecd0e1a2c7
torbrowser: reduce risk of stale Nix store references
This patch restructures the expression and wrapper to minimize Nix store
references captured by the user's state directory.

The previous version would write lots of references to the Nix store into
the user's state directory, resulting in synchronization issues between
the Store and the local state directory.  At best, this would cause TBB to
stop working when the version used to instantiate the local state was
garbage collected; at worst, a user would continue to use the old version
even after an upgrade.

To solve the issue, hard-code as much as possible at the Store side and
minimize the amount of stuff being copied into the local state dir.
Currently, only a few files generated at firefox startup and fontconfig
cache files end up capturing store paths; these files are simply removed
upon every startup.  Otherwise, no capture should occur and the user
should always be using the TBB associated with the tor-browser wrapper
script.

To check for stale Store paths, do
   `grep -Ero '/nix/store/[^/]+' ~/.local/share/tor-browser`
This command should *never* return any other store path than the one
associated with the current tor-browser wrapper script, even after an
update (assuming you've run tor-browser at least once after updating).
Deviations from this general rule are considered bugs from now on.

Note that no attempt has been made to support pluggable transports; they
are still broken with this patch (to be fixed in a follow-up patch).

User visible changes:
- Wrapper retains only environment variables required for TBB to work
- pulseaudioSupport can be toggled independently of mediaSupport (the
  latter weakly implies the former).
- Store local state under $TBB_HOME.  Defaults to $XDG_DATA_HOME/tor-browser
- Stop obnoxious first-run stuff (NoScript redirect, in particular)
- Set desktop item GenericName to Web Browser

Some minor enhancements:
- Disable Hydra builds
- Specify system -> source mapping to make it easier to
  extend supported platforms.
2017-03-25 15:59:18 +01:00
..
bittorrentsync nixpkgs: bittorrentSync 2.3.7 -> 2.3.8 2016-07-16 01:20:15 -05:00
browsers torbrowser: reduce risk of stale Nix store references 2017-03-25 15:59:18 +01:00
c14 c14: init at 2016-09-09 2016-10-02 12:33:47 +02:00
cluster terraform: only run tests from 0.9.0 onwards 2017-03-23 15:01:57 +08:00
corebird missing dconf in buildInput 2017-03-08 21:39:59 +01:00
davmail treewide: explicitly specify gtk and related package versions 2016-09-12 18:26:06 +03:00
drive drive: 20151025 -> 0.3.8.1 2016-10-22 07:56:12 +00:00
droopy droopy: init at 20160830 (#22499) 2017-02-11 23:06:17 +01:00
dropbox dropbox: 20.4.19 -> 21.4.25 2017-03-10 14:22:02 +08:00
dropbox-cli Revert "dropbox-cli: minor refactoring to play nice with dropbox" 2016-04-12 23:46:00 +02:00
dyndns/cfdyndns cfdyndns: mark as broken 2016-12-29 09:57:22 +02:00
enhanced-ctorrent
errbot errbot: the text interface needs pytest at runtime 2016-09-18 23:55:09 +02:00
esniper esniper: 2.32.0 -> 2.33.0 2017-03-14 14:15:29 +01:00
feedreaders newsbeuter: darwin build working and enabled 2017-01-20 14:10:59 +13:00
flexget flexget: fix eval 2016-12-31 10:09:16 +01:00
ftp/filezilla filezilla: 3.24.0 -> 3.25.0 2017-03-13 22:18:03 +01:00
google-drive-ocamlfuse google-drive-ocamlfuse: 0.5.22 -> 0.6.17 2017-02-18 10:42:59 +00:00
gopher/gopher gopher: init at 3.0.11 (#21080) 2016-12-11 19:45:48 +01:00
ids bro: 2.4.1 -> 2.5 2016-11-18 23:20:58 +10:00
ike treewide: fix darwin builds by referring to stdenv's libc 2016-08-25 02:56:25 +02:00
instant-messengers oneteam: remove 2017-03-22 13:19:38 +01:00
insync insync: add a note about trial and costing money 2017-01-09 20:58:04 -05:00
ipfs ipfs: 0.4.5 -> 0.4.6 2017-03-02 01:24:39 +01:00
iptraf iptraf: disable fortify hardening 2016-08-04 07:48:23 +00:00
iptraf-ng Use general hardening flag toggle lists 2016-03-05 18:55:26 +01:00
irc shout: 0.51.1 -> 0.53.0 2017-03-18 16:05:56 -05:00
jmeter treewide: Add lots of meta.platforms 2016-08-02 21:42:43 +03:00
linssid linssid: move to qmakeHook 2016-04-20 18:55:46 +03:00
mailreaders neomutt: 20170128 -> 20170306 2017-03-11 16:26:37 +01:00
mpop mpop: 1.2.4 -> 1.2.6 2017-03-17 20:02:23 -05:00
msmtp msmtp: use netcat-gnu to unbreak darwin 2017-03-08 16:02:35 +08:00
mumble mumble: 1.2.17 -> 1.2.19 2017-02-24 17:57:41 +01:00
netperf Captialize meta.description of all packages 2016-06-20 13:55:52 +02:00
newsreaders liferea: add libnotify 2017-03-04 01:14:29 +03:00
nload nload: disable darwin build 2016-08-16 19:25:43 +00:00
nntp-proxy nntp-proxy: init at 2014-01-06 (0358e7a) 2016-02-11 16:24:48 +01:00
offrss
ostinato ostinato: refactor 2017-03-09 22:08:33 +02:00
owncloud-client owncloud-client: build with qt5 instead of qt4 2017-03-19 18:44:50 +01:00
p2p tribler: fixup revision 2017-03-23 12:55:57 +01:00
pjsip pjsip: 2.1 -> 2.5.5 2016-08-29 10:22:34 -06:00
pyload pyload: add send2trash as dep 2016-11-26 16:20:02 +01:00
remote citrix-receiver: add link to webpage with all versions and adjust to change in nix-prefetch-url 2017-03-18 02:18:28 +00:00
seafile-client treewide: Use makeBinPath 2016-08-23 01:18:10 +03:00
sipcmd sipcmd: refactoring 2016-05-28 15:25:31 +02:00
siproxd siproxd: 0.8.1 -> 0.8.2 2016-11-04 10:23:38 -04:00
sniffers wireshark: 2.2.4 -> 2.2.5 for multiple CVEs 2017-03-20 14:43:15 +01:00
sniproxy sniproxy: init at 0.4.0 2016-05-11 13:27:28 +08:00
spideroak spideroak: enable it to appear in the application menus 2017-02-07 11:09:25 -07:00
sync rclone: 1.35 -> 1.36 2017-03-19 11:56:59 -04:00
syncthing syncthing: 0.14.24 -> 0.14.25 2017-03-21 09:44:13 +08:00
syncthing012 buildGoPackage: deps.json -> deps.nix in NIXON 2016-09-16 00:04:55 +01:00
syncthing013 syncthing: 0.13.10 -> 0.14.0 (#17110) 2016-07-20 12:46:22 +02:00
tcpkali tcpkali: init at 0.9 2016-09-04 09:21:27 +00:00
umurmur umurmr: 0.2.16 -> 0.2.16a 2017-02-17 00:13:11 +01:00
vnstat Add version attribute where maintainers |= nckx 2016-01-25 17:35:21 +01:00
znc znc: 1.6.4 -> 1.6.5 2017-03-17 21:02:01 +01:00