tor-browser-bundle-bin: rewrite using fhs-user-env approach #103156
Conversation
|
Hi and thanks for working on this! I think maybe it would be safer to just issue an error and exit if there is a previous TBB in a users' $HOME rather than nuking it. Although Tor Browser is very much about resetting to a clean state frequently, there are valid use cases for storing some long-term data in the profile, like bookmarks. Users with stored bookmarks might want to export them first. |
xaverdh
force-pushed
the
tor-browser-fhs-user-env
branch
from
cd04eda
to
e57f970
Compare
^^ I implemented this approach, does seem safer. One issue currently is that it crashes with something glib / gtk related when opening / saving a file. |
xaverdh
force-pushed
the
tor-browser-fhs-user-env
branch
from
e57f970
to
9c4822d
Compare
|
Ok, the crashes were related to |
|
This seems antithetical to reproducibility. Before this change, the binary that runs is the one specified in configuration & verified by hash. After this change, the binary that runs is whatever the auto-update server last sent, & will change from run to run. This describes a |
|
I support naming the this package differently, but I recommend keeping In general few distributions package Tor Browser itself; some package torbrowser-launcher instead, which does a similar job as this package - initially downloading tbb. I would name this package |
|
Well this could also be extended to not use the built in auto-update mechanism and instead do updates in the start script if applicable. But if #103570 fixes the issue I will close this anyway. Might still be useful to pick up in the future tough, when mozilla decides to further "lock down" the browser, and remove the remaining methods of sideloading extensions. |
|
Hm, what if we had both options available to the users? Can we have this package as well, perhaps under I imagine there might be some people who would like to have a mutable Tor Browser installation (i.e. as close to the original Tor Browser). One use case is being able to update immediately via Tor Browser itself. |
Agreed. With #103570 merged, I will close this pr and open a new one for a mutable variant of the tor browser bundle. |
If I can be useful, yes, although my knowledge of the internals of firefox's profiles is near zero. But I can do simple updates I guess. |
Motivation for this change
Fix #83096
This amounts to a complete change of how we package the tor browser bundle. Instead of keeping it in the store, and fixing things after the fact, it creates an
fhs-user-env, copies the upstream runtime into the local data path and runs it inside that environment.This has some implications:
nuke the old tor-browser data (except for the top level Downloads folder – if present)error out if an old profile is detected and delegate migration to the user. Suggestions on handling this more gracefully are appreciated here.Most importantly I would like to get some feedback from some of the current maintainers, if this approach seems sane. I also added myself as maintainer of this package, in case we agree that its the right way to proceed.
cc @offline @matejc @doublec @thoughtpolice @joachifm @hax404 @cap @KarlJoad
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)