Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tor-browser-bundle: init at 7.0.1 (from source)
The original browser bundle expects to run from a bundled directory, typically under user's home. This version creates a firefox distribution with preloaded extensions and settings that functions more like an ordinary firefox installation. The approach used here could be generalized to allow specification of custom firefox distributions. Eventually, the code will be factored so that the tbb is just an instance of that more general construct (firefox base + extensions + prefs). Currently, we use the latest upstream versions of extensions and so on. Eventually we want to track the upstream bundle more closely and ideally use the exact same inputs (firefox source, extension sources). To avoid mixing up profile data, all runtime state is stored under $XDG_DATA_HOME/tor-browser. Major TODO items - Pluggable transports - Upstream TBB version parity - Avoid fetchgit - Build NoScript from source (no upstream source repo, however, must rely on third-parties) - Improved notation for packaging extensions - Feature parity with the binary bundle (apulse and runtime purity, in particular)
- Loading branch information
Showing
2 changed files
with
214 additions
and
0 deletions.
There are no files selected for viewing
209 changes: 209 additions & 0 deletions
209
pkgs/applications/networking/browsers/tor-browser-bundle/default.nix
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,209 @@ | ||
| { stdenv | ||
| , lib | ||
| , fetchurl | ||
| , fetchgit | ||
|
|
||
| , tor | ||
| , tor-browser-unwrapped | ||
|
|
||
| # Extensions, common | ||
| , zip | ||
|
|
||
| # HTTPS Everywhere | ||
| , git | ||
| , libxml2 # xmllint | ||
| , python27 | ||
| , python27Packages | ||
| , rsync | ||
| }: | ||
|
|
||
| let | ||
| tor-browser-build_src = fetchgit { | ||
| url = "https://git.torproject.org/builders/tor-browser-build.git"; | ||
| rev = "refs/tags/tbb-7.5a5-build5"; | ||
| sha256 = "0j37mqldj33fnzghxifvy6v8vdwkcz0i4z81prww64md5s8qcsa9"; | ||
| }; | ||
|
|
||
| firefoxExtensions = { | ||
| https-everywhere = stdenv.mkDerivation rec { | ||
| name = "https-everywhere-${version}"; | ||
| version = "5.2.21"; | ||
|
|
||
| src = fetchgit { | ||
| url = "https://git.torproject.org/https-everywhere.git"; | ||
| rev = "refs/tags/${version}"; | ||
| sha256 = "0z9madihh4b4z4blvfmh6w1hsv8afyi0x7b243nciq9r4w55xgfa"; | ||
| }; | ||
|
|
||
| nativeBuildInputs = [ | ||
| git | ||
| libxml2 # xmllint | ||
| python27 | ||
| python27Packages.lxml | ||
| rsync | ||
| zip | ||
| ]; | ||
|
|
||
| buildCommand = '' | ||
| cp -dR --no-preserve=mode "$src" src | ||
| cd src | ||
| sed -i makexpi.sh -e '104d' # cp -a translations/* fails because the dir is empty ... | ||
| $shell ./makexpi.sh ${version} --no-recurse | ||
| install -m 444 -Dt $out pkg"/"*.xpi | ||
| ''; | ||
|
|
||
| meta = { | ||
| homepage = https://gitweb.torproject.org/https-everywhere.git/; | ||
| }; | ||
| }; | ||
|
|
||
| noscript = fetchurl { | ||
| url = https://secure.informaction.com/download/releases/noscript-5.0.10.xpi; | ||
| sha256 = "18k5karbaj5mhd9cyjbqgik6044bw88rjalkh6anjanxbn503j6g"; | ||
| }; | ||
|
|
||
| torbutton = stdenv.mkDerivation rec { | ||
| name = "torbutton-${version}"; | ||
| version = "1.9.8.1"; | ||
|
|
||
| src = fetchgit { | ||
| url = "https://git.torproject.org/torbutton.git"; | ||
| rev = "refs/tags/${version}"; | ||
| sha256 = "1amp0c9ky0a7fsa0bcbi6n6ginw7s2g3an4rj7kvc1lxmrcsm65l"; | ||
| }; | ||
|
|
||
| nativeBuildInputs = [ zip ]; | ||
|
|
||
| buildCommand = '' | ||
| cp -dR --no-preserve=mode "$src" src | ||
| cd src | ||
| $shell ./makexpi.sh | ||
| install -m 444 -Dt $out pkg"/"*.xpi | ||
| ''; | ||
| }; | ||
|
|
||
| tor-launcher = stdenv.mkDerivation rec { | ||
| name = "tor-launcher-${version}"; | ||
| version = "0.2.12.3"; | ||
|
|
||
| src = fetchgit { | ||
| url = "https://git.torproject.org/tor-launcher.git"; | ||
| rev = "refs/tags/${version}"; | ||
| sha256 = "0126x48pjiy2zm4l8jzhk70w24hviaz560ffp4lb9x0ar615bc9q"; | ||
| }; | ||
|
|
||
| nativeBuildInputs = [ zip ]; | ||
|
|
||
| buildCommand = '' | ||
| cp -dR --no-preserve=mode "$src" src | ||
| cd src | ||
| make package | ||
| install -m 444 -Dt $out pkg"/"*.xpi | ||
| ''; | ||
| }; | ||
| }; | ||
| in | ||
| stdenv.mkDerivation rec { | ||
| name = "tor-browser-bundle-${version}"; | ||
| version = tor-browser-unwrapped.version; | ||
|
|
||
| buildInputs = [ tor-browser-unwrapped tor ]; | ||
|
|
||
| unpackPhase = ":"; | ||
|
|
||
| buildPhase = ":"; | ||
|
|
||
| installPhase = '' | ||
| TBBUILD=${tor-browser-build_src}/projects/tor-browser | ||
| self=$out/lib/tor-browser | ||
| mkdir -p $self && cd $self | ||
| cp -dR ${tor-browser-unwrapped}/lib"/"*"/"* . | ||
| chmod -R +w . | ||
| # Prepare for autoconfig | ||
| cat >defaults/pref/autoconfig.js <<EOF | ||
| pref("general.config.filename", "mozilla.cfg"); | ||
| pref("general.config.obscure_value", 0); | ||
| EOF | ||
| # Hardcoded configuration | ||
| cat >mozilla.cfg <<EOF | ||
| // First line must be a comment | ||
| // Always update via Nixpkgs | ||
| lockPref("app.update.auto", false); | ||
| lockPref("app.update.enabled", false); | ||
| lockPref("extensions.update.autoUpdateDefault", false); | ||
| lockPref("extensions.update.enabled", false); | ||
| lockPref("extensions.torbutton.versioncheck_enabled", false); | ||
| // Where to find the Nixpkgs tor executable & config | ||
| lockPref("extensions.torlauncher.tor_path", "${tor}/bin/tor"); | ||
| lockPref("extensions.torlauncher.torrc-defaults_path", "$self/torrc-defaults"); | ||
| // Captures store paths | ||
| clearPref("extensions.xpiState"); | ||
| // Insist on using IPC for communicating with Tor | ||
| // | ||
| // Defaults to $XDG_RUNTIME_DIR/Tor/{socks,control}.socket | ||
| lockPref("extensions.torlauncher.control_port_use_ipc", true); | ||
| lockPref("extensions.torlauncher.socks_port_use_ipc", true); | ||
| EOF | ||
| # Preload extensions | ||
| install -m 444 -D \ | ||
| ${firefoxExtensions.tor-launcher}/tor-launcher-*.xpi \ | ||
| browser/extensions/tor-launcher@torproject.org.xpi | ||
| install -m 444 -D \ | ||
| ${firefoxExtensions.torbutton}/torbutton-*.xpi \ | ||
| browser/extensions/torbutton@torproject.org.xpi | ||
| install -m 444 -D \ | ||
| ${firefoxExtensions.https-everywhere}/https-everywhere-*-eff.xpi \ | ||
| browser/extensions/https-everywhere-eff@eff.org.xpi | ||
| install -m 444 -D \ | ||
| ${firefoxExtensions.noscript} \ | ||
| browser/extensions/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi | ||
| # Copy bundle data | ||
| cat \ | ||
| $TBBUILD/Bundle-Data/linux/Data/Tor/torrc-defaults \ | ||
| $TBBUILD/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix \ | ||
| >> torrc-defaults | ||
| cat \ | ||
| $TBBUILD/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js \ | ||
| $TBBUILD/Bundle-Data/PTConfigs/bridge_prefs.js >> defaults/pref/extension-overrides.js \ | ||
| >> defaults/pref/extension-overrides.js | ||
| # Generate a suitable wrapper | ||
| mkdir -p $out/bin | ||
| cat >$out/bin/tor-browser <<EOF | ||
| #! ${stdenv.shell} -e | ||
| THE_HOME=\$HOME | ||
| TBB_HOME=\''${TBB_HOME:-\''${XDG_DATA_HOME:-$HOME/.local/share}/tor-browser} | ||
| mkdir -p "\$TBB_HOME" | ||
| HOME=\$TBB_HOME | ||
| cd "\$HOME" | ||
| exec $self/firefox -no-remote about:tor | ||
| EOF | ||
| chmod +x $out/bin/tor-browser | ||
| ''; | ||
|
|
||
| meta = with stdenv.lib; { | ||
| description = "An unofficial version of the tor browser bundle, built from source"; | ||
| homepage = https://torproject.org/; | ||
| license = licenses.unfreeRedistributable; # TODO: check this | ||
| platforms = [ "x86_64-linux" ]; | ||
| hydraPlatforms = [ ]; | ||
| maintainers = with maintainers; [ joachifm ]; | ||
| }; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters