Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 378961ec6ab6
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 387f1c75f5bd
Choose a head ref
  • 2 commits
  • 2 files changed
  • 1 contributor

Commits on Sep 28, 2017

  1. tor-browser-bundle: feature parity with the binary bundle 

    This will be factored later (eventually both will be subsumed by a more
generic construct).

Don't bother with pulseaudio support, however.
    @joachifm
    joachifm committed Sep 28, 2017

    Verified

    This commit was signed with the committer’s verified signature.
    shlevy Shea Levy
    GPG key ID: 5C0BD6957D86FE27
    Verified
    Learn about vigilant mode
    Copy the full SHA
    3ec05d6 View commit details

  2. tor-browser-bundle: minor refactorings

    @joachifm
    joachifm committed Sep 28, 2017
    Copy the full SHA
    387f1c7 View commit details
Showing with 90 additions and 29 deletions.
  1. +89 −17 pkgs/applications/networking/browsers/tor-browser-bundle/default.nix
  2. +1 −12 pkgs/applications/networking/browsers/tor-browser-bundle/extensions.nix
106 changes: 89 additions & 17 deletions pkgs/applications/networking/browsers/tor-browser-bundle/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
{ stdenv
, lib
, fetchurl
, fetchgit
, fetchurl
, symlinkJoin

, tor
@@ -14,6 +13,19 @@
, noto-fonts
, noto-fonts-emoji

# Audio support
, audioSupport ? mediaSupport
, apulse

# Media support (implies audio support)
, mediaSupport ? false
, gstreamer
, gst-plugins-base
, gst-plugins-good
, gst-ffmpeg
, gmp
, ffmpeg

# Extensions, common
, zip

@@ -29,6 +41,8 @@
, extraExtensions ? [ ]
}:

with stdenv.lib;

let
tor-browser-build_src = fetchgit {
url = "https://git.torproject.org/builders/tor-browser-build.git";
@@ -41,22 +55,34 @@ let
git libxml2 python27 python27Packages rsync;
};

extensionsEnv = symlinkJoin {
name = "tor-browser-extensions";
paths = with firefoxExtensions; [
https-everywhere
noscript
torbutton
tor-launcher
] ++ extraExtensions;
};
bundledExtensions = with firefoxExtensions; [
https-everywhere
noscript
torbutton
tor-launcher
] ++ extraExtensions;

fontsEnv = symlinkJoin {
name = "tor-browser-fonts";
paths = [ noto-fonts noto-fonts-emoji ];
};

fontsDir = "${fontsEnv}/share/fonts";

gstPluginsPath = concatMapStringsSep ":" (x:
"${x}/lib/gstreamer-0.10") [
gstreamer
gst-plugins-base
gst-plugins-good
gst-ffmpeg
];

gstLibPath = makeLibraryPath [
gstreamer
gst-plugins-base
gmp
ffmpeg
];
in
stdenv.mkDerivation rec {
name = "tor-browser-bundle-${version}";
@@ -68,6 +94,11 @@ stdenv.mkDerivation rec {

buildPhase = ":";

# The following creates a customized firefox distribution. For
# simplicity, we copy the entire base firefox runtime, to work around
# firefox's annoying insistence on resolving the installation directory
# relative to the real firefox executable. A little tacky and
# inefficient but it works.
installPhase = ''
TBBUILD=${tor-browser-build_src}/projects/tor-browser
TBDATA_PATH=TorBrowser-Data
@@ -95,6 +126,7 @@ stdenv.mkDerivation rec {
lockPref("app.update.enabled", false);
lockPref("extensions.update.autoUpdateDefault", false);
lockPref("extensions.update.enabled", false);
lockPref("extensions.torbutton.updateNeeded", false);
lockPref("extensions.torbutton.versioncheck_enabled", false);
// Where to find the Nixpkgs tor executable & config
@@ -109,13 +141,19 @@ stdenv.mkDerivation rec {
lockPref("extensions.torlauncher.control_port_use_ipc", true);
lockPref("extensions.torlauncher.socks_port_use_ipc", true);
// Allow sandbox access to sound devices if using ALSA directly
${if audioSupport then ''
pref("security.sandbox.content.write_path_whitelist", "/dev/snd/");
'' else ''
clearPref("security.sandbox.content.write_path_whitelist");
''}
// User customization
${extraPrefs}
EOF
# Preload extensions
# XXX: the fact that ln -s env browser/extensions fails, symlinkJoin seems a little redundant ...
ln -s -t browser/extensions ${extensionsEnv}"/"*
find ${toString bundledExtensions} -name '*.xpi' -exec ln -s -t browser/extensions '{}' '+'
# Copy bundle data
bundlePlatform=linux
@@ -135,20 +173,31 @@ stdenv.mkDerivation rec {
> $TBDATA_PATH/fonts.conf
# Generate a suitable wrapper
wrapper_PATH=${lib.makeBinPath [ coreutils ]}
wrapper_XDG_DATA_DIRS=${lib.concatMapStringsSep ":" (x: "${x}/share") [
wrapper_PATH=${makeBinPath [ coreutils ]}
wrapper_XDG_DATA_DIRS=${concatMapStringsSep ":" (x: "${x}/share") [
hicolor_icon_theme
shared_mime_info
]}
${optionalString audioSupport ''
# apulse uses a non-standard library path ...
wrapper_LD_LIBRARY_PATH=${apulse}/lib/apulse''${wrapper_LD_LIBRARY_PATH:+:$wrapper_LD_LIBRARY_PATH}
''}
${optionalString mediaSupport ''
wrapper_LD_LIBRARY_PATH=${gstLibPath}''${wrapper_LD_LIBRARY_PATH:+:$wrapper_LD_LIBRARY_PATH}
''}
mkdir -p $out/bin
cat >$out/bin/tor-browser <<EOF
#! ${stdenv.shell} -eu
umask 077
PATH=$wrapper_PATH
readonly THE_HOME=\$HOME
TBB_HOME=\''${TBB_HOME:-\''${XDG_DATA_HOME:-$HOME/.local/share}/tor-browser}
TBB_HOME=\''${TBB_HOME:-\''${XDG_DATA_HOME:-\$HOME/.local/share}/tor-browser}
if [[ \''${TBB_HOME:0:1} != / ]] ; then
TBB_HOME=\$PWD/\$TBB_HOME
fi
@@ -209,9 +258,21 @@ stdenv.mkDerivation rec {
# XDG_DATA_DIRS is set to prevent searching system directories for
# mime and icon data.
#
# PULSE_{SERVER,COOKIE} is necessary for audio playback w/pulseaudio
#
# APULSE_PLAYBACK_DEVICE is for audio playback w/o pulseaudio (no capture yet)
#
# GST_PLUGIN_SYSTEM_PATH is for HD video playback
#
# GST_REGISTRY is set to devnull to minimize disk writes
#
# TOR_* is for using an external tor instance
#
# Parameters lacking a default value below are *required* (enforced by
# -o nounset).
exec env -i \
LD_LIBRARY_PATH=$wrapper_LD_LIBRARY_PATH \
\
TZ=":" \
\
DISPLAY="\$DISPLAY" \
@@ -223,11 +284,22 @@ stdenv.mkDerivation rec {
XDG_CONFIG_HOME="\$XDG_CONFIG_HOME" \
XDG_DATA_HOME="\$XDG_DATA_HOME" \
XDG_CACHE_HOME="\$XDG_CACHE_HOME" \
XDG_RUNTIME_DIR="\$HOME/run" \
\
XDG_DATA_DIRS="$wrapper_XDG_DATA_DIRS" \
\
FONTCONFIG_FILE="$TBDATA_IN_STORE/fonts.conf" \
\
APULSE_PLAYBACK_DEVICE="\''${APULSE_PLAYBACK_DEVICE:-plug:dmix}" \
\
GST_PLUGIN_SYSTEM_PATH="${optionalString mediaSupport gstPluginsPath}" \
GST_REGISTRY="/dev/null" \
GST_REGISTRY_UPDATE="no" \
\
TOR_SKIP_LAUNCH="\''${TOR_SKIP_LAUNCH:-}" \
TOR_CONTROL_PORT="\''${TOR_CONTROL_PORT:-}" \
TOR_SOCKS_PORT="\''${TOR_SOCKS_PORT:-}" \
\
$self/firefox \
-no-remote \
-profile "\$HOME/TorBrowser/Data/Browser/profile.default" \
@@ -239,7 +311,7 @@ stdenv.mkDerivation rec {
bash -n $out/bin/tor-browser
echo "Checking wrapper ..."
DISPLAY="" XAUTHORITY="" DBUS_SESSION_BUS_ADDRESS="" TBB_HOME=$TMPDIR/tbb \
DISPLAY="" XAUTHORITY="" DBUS_SESSION_BUS_ADDRESS="" TBB_HOME=$(mktemp -d) \
$out/bin/tor-browser -version >/dev/null
'';

13 changes: 1 addition & 12 deletions pkgs/applications/networking/browsers/tor-browser-bundle/extensions.nix
View file
Original file line number Diff line number Diff line change
@@ -24,6 +24,7 @@
url = "https://git.torproject.org/https-everywhere.git";
rev = "refs/tags/${version}";
sha256 = "0z9madihh4b4z4blvfmh6w1hsv8afyi0x7b243nciq9r4w55xgfa";
fetchSubmodules = true;
};

nativeBuildInputs = [
@@ -35,10 +36,6 @@
zip
];

unpackPhase = ''
cp -dR --no-preserve=mode "$src" src && cd src
'';

buildPhase = ''
$shell ./makexpi.sh ${version} --no-recurse
'';
@@ -80,10 +77,6 @@

nativeBuildInputs = [ zip ];

unpackPhase = ''
cp -dR --no-preserve=mode "$src" src && cd src
'';

buildPhase = ''
$shell ./makexpi.sh
'';
@@ -107,10 +100,6 @@

nativeBuildInputs = [ zip ];

unpackPhase = ''
cp -dR --no-preserve=mode "$src" src && cd src
'';

buildPhase = ''
make package
'';