guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tor Browser


From: ng0
Subject: Re: Tor Browser
Date: Thu, 30 Jun 2016 18:00:30 +0000

Ludovic Courtès writes:

> address@hidden skribis:
>
>> Ludovic Courtès writes:
>
> [...]
>
>>> I suppose TB contains a script that does all that, right?  Would it
>>> work
>>> to simply run it?  If it invokes wget/curl, then this needs to be
>>> replaced, but the rest should be fine.
>>
>> It's not that easy I'm afraid.
>> Currently they use a gitian build, as described in this README[0],
>> which the person maintaining the torbrowser ebuild for Gentoo out
>> of portage replicates and follows in parts.
>> It can't be followed completely, as `builders/tor-browser-bundle'
>> requires a checkout of gitian of the torproject.org
>>
>> So we have to look at what they do and recreate this build
>> procedure, there's no individual Makefile, the releases are
>> created in VMs.
>>
>> Dependencies are kept up to date here[1].
>>
>> This[2] is the script connecting/using gitian for gnu-linux
>> releases.
>>
>> The Makefile just runs the corresponding scripts.
>
> Gitian is about building binaries.  There must be some script
> somewhere
> to apply the relevant patches to the source first, before one builds
> it,
> no?
>
>>> It’s unfortunate that there’s no ready-to-build TB tarball, that
>>> would
>>> simplify things for us.
>>
>> Yes.. But I think icecat suffers from the same problem, only that
>> icecat tarballs/binaries are built using a bash script applying
>> all that's needed to the firefox sources again.
>
> IceCat publishes source tarballs that, AIUI, are produced essentially
> by
> running a script that patches Firefox’s code base (same approach for
> Linux-libre.)
>
> Thanks,
> Ludo’.

Whoever is interested in continuing this, the below approach is
not the fine art and must be cut down in length, but it works.
You only have to look at what's in torbrowser sources and adapt
accordingly.

Good luck and success.


;; apparently for whatever reason torproject does not provide
;; individual language files, they are one lang included in
;; named sources as $name-$OS-$version_$lang.tar.xz
(define-public torbrowser
  (package
    (inherit icecat)
    (name "torbrowser")
    (version "6.0.2")
    (source
     (origin
       (method url-fetch)
       (uri (string-append "https://dist.torproject.org/";
                           name "/" version "/tor-browser"
                           "-linux64-" version "_en-US.tar.xz"))
       (sha256
        (base32
         "08zik2id1rkcl5cw4yscdgb8rdahx342j1fps576465sziy5z06x"))))
       ;; (modules '((guix build utils)))
       ;; (snippet
       ;;  '(begin
       ;;     ;; Remove bundled libraries that we don't use, since they may
       ;;     ;; contain unpatched security flaws, they waste disk space and
       ;;     ;; network bandwidth, and may cause confusion.
       ;;     (for-each delete-file-recursively
       ;;               '(;; FIXME: Removing the bundled icu breaks configure.
       ;;                 ;;   * The bundled icu headers are used in some 
places.
       ;;                 ;;   * The version number is taken from the bundled 
copy.
       ;;                 ;;"intl/icu"
       ;;                 ;;
       ;;                 ;; FIXME: A script from the bundled nspr is used.
       ;;                 ;;"nsprpub"
       ;;                 ;;
       ;;                 ;; TODO: Use system media libraries.  Waiting for:
       ;;                 ;; 
<https://bugzilla.mozilla.org/show_bug.cgi?id=517422>
       ;;                 ;;   * libogg
       ;;                 ;;   * libtheora
       ;;                 ;;   * libvorbis
       ;;                 ;;   * libtremor (not yet in guix)
       ;;                 ;;   * libopus
       ;;                 ;;   * speex
       ;;                 ;;   * soundtouch (not yet in guix)
       ;;                 ;;
       ;;                 ;; TODO: Use system harfbuzz.  Waiting for:
       ;;                 ;; 
<https://bugzilla.mozilla.org/show_bug.cgi?id=847568>
       ;;                 ;;
       ;;                 ;; TODO: Use system graphite2.
       ;;                 ;;
       ;;                 ;;;"modules/freetype2"
       ;;                 ;;;"modules/zlib"
       ;;                 ;;;"modules/libbz2"
       ;;                 "ipc/chromium/src/third_party/libevent"
       ;;                 "media/libvpx"
       ;;                 "security/nss"
       ;;                 "gfx/cairo"
       ;;                 "js/src/ctypes/libffi"
       ;;                 "db/sqlite3"))
       ;;     #t))))
    (build-system gnu-build-system)
    (inputs
     `(("alsa-lib" ,alsa-lib)
       ("bzip2" ,bzip2)
       ("cairo" ,cairo)
       ("cups" ,cups)
       ("dbus-glib" ,dbus-glib)
       ("gdk-pixbuf" ,gdk-pixbuf)
       ("glib" ,glib)
       ("gstreamer" ,gstreamer)
       ("gst-plugins-base" ,gst-plugins-base)
       ("gtk+" ,gtk+-2)
       ("pango" ,pango)
       ("freetype" ,freetype)
       ("hunspell" ,hunspell)
       ("libcanberra" ,libcanberra)
       ("libgnome" ,libgnome)
       ("libxft" ,libxft)
       ("libevent" ,libevent)
       ("libxinerama" ,libxinerama)
       ("libxscrnsaver" ,libxscrnsaver)
       ("libxcomposite" ,libxcomposite)
       ("libxt" ,libxt)
       ("libffi" ,libffi)
       ("libvpx" ,libvpx)
       ("icu4c" ,icu4c)
       ("pixman" ,pixman)
       ("pulseaudio" ,pulseaudio)
       ("mesa" ,mesa)
       ("mit-krb5" ,mit-krb5)
       ("nspr" ,nspr)
       ("nss" ,nss)
       ("sqlite" ,sqlite)
       ("startup-notification" ,startup-notification)
       ("unzip" ,unzip)
       ("yasm" ,yasm)
       ("zip" ,zip)
       ("zlib" ,zlib)))
    (native-inputs
     `(("perl" ,perl)
       ("python" ,python-2) ; Python 3 not supported
       ("python2-pysqlite" ,python2-pysqlite)
       ("pkg-config" ,pkg-config)))
    (arguments
     `(#:tests? #f          ; no check target
       #:out-of-source? #t  ; must be built outside of the source directory


       ;; XXX: There are RUNPATH issues such as
       ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so,
       ;; which is not in its RUNPATH, but they appear to be harmless in
       ;; practice somehow.  See <http://hydra.gnu.org/build/378133>.
       #:validate-runpath? #f

       #:configure-flags '("--enable-default-toolkit=cairo-gtk2"
                           "--enable-pango"
                           "--enable-gio"
                           "--enable-svg"
                           "--enable-canvas"
                           "--enable-mathml"
                           "--enable-startup-notification"
                           "--enable-pulseaudio"
                           "--enable-gstreamer=1.0"

                           "--disable-gnomevfs"
                           "--disable-gconf"
                           "--disable-gnomeui"

                           ;; Building with debugging symbols takes ~5GiB, so
                           ;; disable it.
                           "--disable-debug"
                           "--disable-debug-symbols"

                           ;; Avoid bundled libraries.
                           ;; "--with-system-zlib"
                           ;; "--with-system-bz2"
                           ;; "--with-system-libevent"
                           ;; "--with-system-libvpx"
                           ;; "--with-system-icu"
                           ;; "--with-system-nspr"
                           ;; "--with-system-nss"
                           ;; "--enable-system-pixman"
                           ;; "--enable-system-cairo"
                           ;; "--enable-system-ffi"
                           ;; "--enable-system-hunspell"
                           ;; "--enable-system-sqlite"

                           ;; Fails with "--with-system-png won't work because
                           ;; the system's libpng doesn't have APNG support".
                           ;; According to
                           ;; http://sourceforge.net/projects/libpng-apng/ ,
                           ;; "the Animated Portable Network Graphics (APNG)
                           ;; is an unofficial extension of the Portable
                           ;; Network Graphics (PNG) format";
                           ;; we probably do not wish to support it.
                           ;; "--with-system-png"

                           ;; Fails with "libjpeg-turbo JCS_EXTENSIONS
                           ;; required".
                           ;; According to
                           ;; http://sourceforge.net/projects/libjpeg-turbo/ ,
                           ;; "libjpeg-turbo is a derivative of libjpeg that
                           ;; uses MMX, SSE, SSE2, and NEON SIMD instructions
                           ;; to accelerate baseline JPEG compression/
                           ;; decompression", so we had better not use it
                           ;; "--with-system-jpeg"
                           )

       #:modules ((ice-9 ftw)
                  (ice-9 rdelim)
                  (ice-9 match)
                  ,@%gnu-build-system-modules)
       #:phases
       (modify-phases %standard-phases
         (add-after
             'unpack 'ensure-no-mtimes-pre-1980
           (lambda _
             ;; Without this, the 'source/test/addons/packed.xpi' and
             ;; 'source/test/addons/simple-prefs.xpi' targets fail while trying
             ;; to create zip archives.
             (let ((early-1980 315619200)) ; 1980-01-02 UTC
               (ftw "." (lambda (file stat flag)
                          (unless (<= early-1980 (stat:mtime stat))
                            (utime file early-1980 early-1980))
                          #t))
               #t)))
         (add-after
             'unpack 'remove-h264parse-from-blacklist
           (lambda _
             ;; Remove h264parse from gstreamer format helper blacklist.  It
             ;; was put there to work around a bug in a pre-1.0 version of
             ;; gstreamer.  See:
             ;; https://www.mozilla.org/en-US/security/advisories/mfsa2015-47/
             (substitute* "dom/media/gstreamer/GStreamerFormatHelper.cpp"
               (("^  \"h264parse\",\n") ""))
             #t))
         ;;      (add-after
         ;;       'unpack 'arrange-to-link-libxul-with-libraries-it-might-dlopen
         ;;       (lambda _
         ;;         ;; libxul.so dynamically opens libraries, so here we 
explicitly
         ;;         ;; link them into libxul.so instead.
         ;;         ;;
         ;;         ;; TODO: It might be preferable to patch in absolute file 
names in
         ;;         ;; calls to dlopen or PR_LoadLibrary, but that didn't seem 
to
         ;;         ;; work.  More investigation is needed.
         ;;         (substitute* "toolkit/library/moz.build"
         ;;           (("^# This needs to be last")
         ;;            "OS_LIBS += [
         ;; 'GL', 'gnome-2', 'canberra', 'Xss', 'cups', 'gssapi_krb5',
         ;; 'gstreamer-1.0', 'gstapp-1.0', 'gstvideo-1.0' ]\n\n"))
         ;;         #t))
         (replace
             'configure
           ;; configure does not work followed by both "SHELL=..." and
           ;; "CONFIG_SHELL=..."; set environment variables instead
           (lambda* (#:key outputs configure-flags #:allow-other-keys)
             (let* ((out (assoc-ref outputs "out"))
                    (bash (which "bash"))
                    (abs-srcdir (getcwd))
                    (srcdir (string-append "../" (basename abs-srcdir)))
                    (flags `(,(string-append "--prefix=" out)
                             ,(string-append "--with-l10n-base="
                                             abs-srcdir "/l10n")
                             ,@configure-flags)))
               (setenv "SHELL" bash)
               (setenv "CONFIG_SHELL" bash)
               (mkdir "../build")
               (chdir "../build")
               (format #t "build directory: ~s~%" (getcwd))
               (format #t "configure flags: ~s~%" flags)
               (zero? (apply system* bash
                             (string-append srcdir "/configure")
                             flags)))))
         (add-before 'configure 'install-desktop-entry
           (lambda* (#:key outputs #:allow-other-keys)
             ;; Install the '.desktop' file.
             (define (swallow-%%-directives input output)
               ;; Interpret '%%ifdef' directives found in the '.desktop' file.
               (let loop ((state 'top))
                 (match (read-line input 'concat)
                   ((? eof-object?)
                    #t)
                   ((? string? line)
                    (cond ((string-prefix? "%%ifdef" line)
                           (loop 'ifdef))
                          ((string-prefix? "%%else" line)
                           (loop 'else))
                          ((string-prefix? "%%endif" line)
                           (loop 'top))
                          (else
                           (case state
                             ((top else)
                              (display line output)
                              (loop state))
                             (else
                              (loop state)))))))))

             (let* ((out (assoc-ref outputs "out"))
                    (applications (string-append out "/share/applications")))
               (call-with-input-file "debian/icecat.desktop.in"
                 (lambda (input)
                   (call-with-output-file "debian/icecat.desktop"
                     (lambda (output)
                       (swallow-%%-directives input output)))))

               (substitute* "debian/icecat.desktop"
                 (("@MOZ_DISPLAY_NAME@")
                  "GNU IceCat")
                 (("address@hidden@")
                  (string-append "Exec=" out "/bin/icecat"))
                 (("@MOZ_APP_NAME@")
                  "icecat"))
               (install-file "debian/icecat.desktop" applications)
               #t))))))
    (home-page "https://torproject.org";)
    (synopsis "The Tor Browser")
    (description
     "Bla.")))


--
♥Ⓐ  ng0
For non-prism friendly talk find me on
psyced.org / loupsycedyglgamf.onion



reply via email to

[Prev in Thread] Current Thread [Next in Thread]