diff options
| author | Florian Klink <flokli@flokli.de> | 2020-01-10 18:08:28 +0100 |
|---|---|---|
| committer | Florian Klink <flokli@flokli.de> | 2020-01-10 18:34:22 +0100 |
| commit | 1efaa03d95ec5c8080c0e5bff91c41e4b3acf0a0 (patch) | |
| tree | 2314fdb5fe70471fce33d650d834a93607671d67 /pkgs/applications/networking | |
| parent | b333f39de7e04e1029cd0fc61d9044751e3b1885 (diff) | |
| download | nixpkgs-1efaa03d95ec5c8080c0e5bff91c41e4b3acf0a0.tar nixpkgs-1efaa03d95ec5c8080c0e5bff91c41e4b3acf0a0.tar.gz nixpkgs-1efaa03d95ec5c8080c0e5bff91c41e4b3acf0a0.tar.bz2 nixpkgs-1efaa03d95ec5c8080c0e5bff91c41e4b3acf0a0.tar.lz nixpkgs-1efaa03d95ec5c8080c0e5bff91c41e4b3acf0a0.tar.xz nixpkgs-1efaa03d95ec5c8080c0e5bff91c41e4b3acf0a0.tar.zst nixpkgs-1efaa03d95ec5c8080c0e5bff91c41e4b3acf0a0.zip | |
firefoxPackages.tor-browser*, tor-browser-bundle: remove
These are all based on firefox versions with known vulnerabilities exploited in the wild. We seriously shouldn't ship this in nixpkgs, especially not for sensitive applications as the Tor Browser. `tor-browser-bundle` is just a wrapper around `firefoxPackages.tor-browser`, so let's remove it too. `tor-browser-bundle-bin` is the much safer bet, which is individually downloaded from `dist.torproject.org` and just `patchelf`-ed locally to work on NixOS. Co-Authored-By: Alyssa Ross <hi@alyssa.is> Co-Authored-By: Andreas Rammhold <andreas@rammhold.de> Co-Authored-By: Graham Christensen <graham@grahamc.com>
Diffstat (limited to 'pkgs/applications/networking')
3 files changed, 12 insertions, 438 deletions
diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 7903a345e1f..61cc6e936d2 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -196,94 +196,8 @@ in { meta.knownVulnerabilities = [ "Support ended in August 2018." ]; }; -}) // (let - - tbcommon = args: common (args // { - pname = "tor-browser"; - isTorBrowserLike = true; - - unpackPhase = '' - # fetchFromGitHub produces ro sources, root dir gets a name that - # is too long for shebangs. fixing - cp -a $src tor-browser - chmod -R +w tor-browser - cd tor-browser - - # set times for xpi archives - find . -exec touch -d'2010-01-01 00:00' {} \; - ''; - - meta = (args.meta or {}) // { - description = "A web browser built from TorBrowser source tree"; - longDescription = '' - This is a version of TorBrowser with bundle-related patches - reverted. - - I.e. it's a variant of Firefox with less fingerprinting and - some isolation features you can't get with any extensions. - - Or, alternatively, a variant of TorBrowser that works like any - other UNIX program and doesn't expect you to run it from a - bundle. - - It will use your default Firefox profile if you're not careful - even! Be careful! - - It will clash with firefox binary if you install both. But it - should not be a problem because you should run browsers in - separate users/VMs anyway. - - Create new profile by starting it as - - $ firefox -ProfileManager - - and then configure it to use your tor instance. - - Or just use `tor-browser-bundle` package that packs this - `tor-browser` back into a sanely-built bundle. - ''; - homepage = "https://www.torproject.org/projects/torbrowser.html"; - platforms = lib.platforms.unix; - license = with lib.licenses; [ mpl20 bsd3 ]; - }; - }); - -in rec { - - tor-browser-7-5 = (tbcommon { - ffversion = "52.9.0esr"; - tbversion = "7.5.6"; - - # FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb - src = fetchFromGitHub { - owner = "SLNOS"; - repo = "tor-browser"; - # branch "tor-browser-52.9.0esr-7.5-2-slnos" - rev = "95bb92d552876a1f4260edf68fda5faa3eb36ad8"; - sha256 = "1ykn3yg4s36g2cpzxbz7s995c33ij8kgyvghx38z4i8siaqxdddy"; - }; - }).override { - gtk3Support = false; - }; - - tor-browser-8-5 = tbcommon rec { - ffversion = "60.9.0esr"; - tbversion = "8.5.6"; - - # FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb - src = fetchFromGitHub { - owner = "SLNOS"; - repo = "tor-browser"; - # branch "tor-browser-60.9.0esr-8.5-2-slnos" - rev = "0489ae3158cd8c0e16c2e78b94083d8cbf0209dc"; - sha256 = "0y5s7d8pg8ak990dp8d801j9823igaibfhv9hsa79nib5yllifzs"; - }; - - patches = [ - missing-documentation-patch - ]; - }; - - tor-browser = tor-browser-8-5; + tor-browser-7-5 = throw "firefoxPackages.tor-browser-7-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; + tor-browser-8-5 = throw "firefoxPackages.tor-browser-8-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; + tor-browser = throw "firefoxPackages.tor-browser was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; }) diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix b/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix index 1027bf7c71d..d219ad2a02d 100644 --- a/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix +++ b/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix @@ -54,9 +54,6 @@ # Extra preferences , extraPrefs ? "" - -# For meta -, tor-browser-bundle }: with stdenv.lib; @@ -394,7 +391,15 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "Tor Browser Bundle built by torproject.org"; - longDescription = tor-browser-bundle.meta.longDescription; + longDescription = '' + Tor Browser Bundle is a bundle of the Tor daemon, Tor Browser (heavily patched version of + Firefox), several essential extensions for Tor Browser, and some tools that glue those + together with a convenient UI. + + `tor-browser-bundle-bin` package is the official version built by torproject.org patched with + `patchelf` to work under nix and with bundled scripts adapted to the read-only nature of + the `/nix/store`. + ''; homepage = "https://www.torproject.org/"; platforms = attrNames srcs; maintainers = with maintainers; [ offline matejc doublec thoughtpolice joachifm hax404 cap ]; diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix b/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix deleted file mode 100644 index 7ff099853e2..00000000000 --- a/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix +++ /dev/null @@ -1,345 +0,0 @@ -{ stdenv -, fetchgit -, fetchurl -, symlinkJoin - -, tor -, tor-browser-unwrapped - -# Wrapper runtime -, coreutils -, hicolor-icon-theme -, shared-mime-info -, noto-fonts -, noto-fonts-emoji - -# Audio support -, audioSupport ? mediaSupport -, apulse - -# Media support (implies audio support) -, mediaSupport ? false -, ffmpeg - -# Extensions, common -, zip - -# HTTPS Everywhere -, git -, libxml2 # xmllint -, python27 -, python27Packages -, rsync - -# Pluggable transports -, obfs4 - -# Customization -, extraPrefs ? "" -, extraExtensions ? [ ] -}: - -with stdenv.lib; - -let - tor-browser-build_src = fetchgit { - url = "https://git.torproject.org/builders/tor-browser-build.git"; - rev = "refs/tags/tbb-7.5a5-build5"; - sha256 = "0j37mqldj33fnzghxifvy6v8vdwkcz0i4z81prww64md5s8qcsa9"; - }; - - firefoxExtensions = import ./extensions.nix { - inherit stdenv fetchurl fetchgit zip - git libxml2 python27 python27Packages rsync; - }; - - bundledExtensions = with firefoxExtensions; [ - https-everywhere - noscript - torbutton - tor-launcher - ] ++ extraExtensions; - - fontsEnv = symlinkJoin { - name = "tor-browser-fonts"; - paths = [ noto-fonts noto-fonts-emoji ]; - }; - - fontsDir = "${fontsEnv}/share/fonts"; - - mediaLibPath = makeLibraryPath [ - ffmpeg - ]; -in -stdenv.mkDerivation { - pname = "tor-browser-bundle"; - version = tor-browser-unwrapped.version; - - buildInputs = [ tor-browser-unwrapped tor ]; - - dontUnpack = true; - - buildPhase = ":"; - - # The following creates a customized firefox distribution. For - # simplicity, we copy the entire base firefox runtime, to work around - # firefox's annoying insistence on resolving the installation directory - # relative to the real firefox executable. A little tacky and - # inefficient but it works. - installPhase = '' - TBBUILD=${tor-browser-build_src}/projects/tor-browser - TBDATA_PATH=TorBrowser-Data - - self=$out/lib/tor-browser - mkdir -p $self && cd $self - - TBDATA_IN_STORE=$self/$TBDATA_PATH - - cp -dR ${tor-browser-unwrapped}/lib"/"*"/"* . - chmod -R +w . - - # Prepare for autoconfig - cat >defaults/pref/autoconfig.js <<EOF - pref("general.config.filename", "mozilla.cfg"); - pref("general.config.obscure_value", 0); - EOF - - # Hardcoded configuration - cat >mozilla.cfg <<EOF - // First line must be a comment - - // Always update via Nixpkgs - lockPref("app.update.auto", false); - lockPref("app.update.enabled", false); - lockPref("extensions.update.autoUpdateDefault", false); - lockPref("extensions.update.enabled", false); - lockPref("extensions.torbutton.updateNeeded", false); - lockPref("extensions.torbutton.versioncheck_enabled", false); - - // Where to find the Nixpkgs tor executable & config - lockPref("extensions.torlauncher.tor_path", "${tor}/bin/tor"); - lockPref("extensions.torlauncher.torrc-defaults_path", "$TBDATA_IN_STORE/torrc-defaults"); - - // Captures store paths - clearPref("extensions.xpiState"); - clearPref("extensions.bootstrappedAddons"); - - // Insist on using IPC for communicating with Tor - lockPref("extensions.torlauncher.control_port_use_ipc", true); - lockPref("extensions.torlauncher.socks_port_use_ipc", true); - - // Allow sandbox access to sound devices if using ALSA directly - ${if audioSupport then '' - pref("security.sandbox.content.write_path_whitelist", "/dev/snd/"); - '' else '' - clearPref("security.sandbox.content.write_path_whitelist"); - ''} - - // User customization - ${extraPrefs} - EOF - - # Preload extensions - find ${toString bundledExtensions} -name '*.xpi' -exec ln -s -t browser/extensions '{}' '+' - - # Copy bundle data - bundlePlatform=linux - bundleData=$TBBUILD/Bundle-Data - - mkdir -p $TBDATA_PATH - cat \ - $bundleData/$bundlePlatform/Data/Tor/torrc-defaults \ - >> $TBDATA_PATH/torrc-defaults - cat \ - $bundleData/$bundlePlatform/Data/Browser/profile.default/preferences/extension-overrides.js \ - $bundleData/PTConfigs/bridge_prefs.js \ - >> defaults/pref/extension-overrides.js - - # Configure geoip - # - # tor-launcher insists on resolving geoip data relative to torrc-defaults - # (and passes them directly on the tor command-line). - # - # Write the paths into torrc-defaults anyway, otherwise they'll be - # captured in the runtime torrc. - ln -s -t $TBDATA_PATH ${tor.geoip}/share/tor/geoip{,6} - cat >>$TBDATA_PATH/torrc-defaults <<EOF - GeoIPFile $TBDATA_IN_STORE/geoip - GeoIPv6File $TBDATA_IN_STORE/geoip6 - EOF - - # Configure pluggable transports - substituteInPlace $TBDATA_PATH/torrc-defaults \ - --replace "./TorBrowser/Tor/PluggableTransports/obfs4proxy" \ - "${obfs4}/bin/obfs4proxy" - - # Hard-code path to TBB fonts; xref: FONTCONFIG_FILE in the wrapper below - sed $bundleData/$bundlePlatform/Data/fontconfig/fonts.conf \ - -e "s,<dir>fonts</dir>,<dir>${fontsDir}</dir>," \ - > $TBDATA_PATH/fonts.conf - - # Generate a suitable wrapper - wrapper_PATH=${makeBinPath [ coreutils ]} - wrapper_XDG_DATA_DIRS=${concatMapStringsSep ":" (x: "${x}/share") [ - hicolor-icon-theme - shared-mime-info - ]} - - ${optionalString audioSupport '' - # apulse uses a non-standard library path ... - wrapper_LD_LIBRARY_PATH=${apulse}/lib/apulse''${wrapper_LD_LIBRARY_PATH:+:$wrapper_LD_LIBRARY_PATH} - ''} - - ${optionalString mediaSupport '' - wrapper_LD_LIBRARY_PATH=${mediaLibPath}''${wrapper_LD_LIBRARY_PATH:+:$wrapper_LD_LIBRARY_PATH} - ''} - - mkdir -p $out/bin - cat >$out/bin/tor-browser <<EOF - #! ${stdenv.shell} -eu - - umask 077 - - PATH=$wrapper_PATH - - readonly THE_HOME=\$HOME - TBB_HOME=\''${TBB_HOME:-\''${XDG_DATA_HOME:-\$HOME/.local/share}/tor-browser} - if [[ \''${TBB_HOME:0:1} != / ]] ; then - TBB_HOME=\$PWD/\$TBB_HOME - fi - readonly TBB_HOME - - # Basic sanity check: never want to vomit directly onto user's homedir - if [[ "\$TBB_HOME" = "\$THE_HOME" ]] ; then - echo 'TBB_HOME=\$HOME; refusing to run' >&2 - exit 1 - fi - - mkdir -p "\$TBB_HOME" - - HOME=\$TBB_HOME - cd "\$HOME" - - # Re-init XDG basedir envvars - XDG_CACHE_HOME=\$HOME/.cache - XDG_CONFIG_HOME=\$HOME/.config - XDG_DATA_HOME=\$HOME/.local/share - - # Initialize empty TBB runtime state directory hierarchy. Mirror the - # layout used by the official TBB, to avoid the hassle of working - # against the assumptions made by tor-launcher & co. - mkdir -p "\$HOME/TorBrowser" "\$HOME/TorBrowser/Data" - - # Initialize the Tor data directory. - mkdir -p "\$HOME/TorBrowser/Data/Tor" - - # TBB fails if ownership is too permissive - chmod 0700 "\$HOME/TorBrowser/Data/Tor" - - # Initialize the browser profile state. Expect TBB to generate all data. - mkdir -p "\$HOME/TorBrowser/Data/Browser/profile.default" - - # Files that capture store paths; re-generated by firefox at startup - rm -rf "\$HOME/TorBrowser/Data/Browser/profile.default"/{compatibility.ini,extensions.ini,extensions.json,startupCache} - - # Clear out fontconfig caches - rm -f "\$HOME/.cache/fontconfig/"*.cache-* - - # Lift-off! - # - # TZ is set to avoid stat()ing /etc/localtime over and over ... - # - # DBUS_SESSION_BUS_ADDRESS is inherited to avoid auto-launching a new - # dbus instance; to prevent using the session bus, set the envvar to - # an empty/invalid value prior to running tor-browser. - # - # FONTCONFIG_FILE is required to make fontconfig read the TBB - # fonts.conf; upstream uses FONTCONFIG_PATH, but FC_DEBUG=1024 - # indicates the system fonts.conf being used instead. - # - # HOME, TMPDIR, XDG_*_HOME are set as a form of soft confinement; - # ideally, tor-browser should not write to any path outside TBB_HOME - # and should run even under strict confinement to TBB_HOME. - # - # XDG_DATA_DIRS is set to prevent searching system directories for - # mime and icon data. - # - # PULSE_{SERVER,COOKIE} is necessary for audio playback w/pulseaudio - # - # APULSE_PLAYBACK_DEVICE is for audio playback w/o pulseaudio (no capture yet) - # - # TOR_* is for using an external tor instance - # - # Parameters lacking a default value below are *required* (enforced by - # -o nounset). - exec env -i \ - LD_LIBRARY_PATH=$wrapper_LD_LIBRARY_PATH \ - \ - TZ=":" \ - \ - DISPLAY="\$DISPLAY" \ - XAUTHORITY="\''${XAUTHORITY:-}" \ - DBUS_SESSION_BUS_ADDRESS="\$DBUS_SESSION_BUS_ADDRESS" \ - \ - HOME="\$HOME" \ - TMPDIR="\$XDG_CACHE_HOME/tmp" \ - XDG_CONFIG_HOME="\$XDG_CONFIG_HOME" \ - XDG_DATA_HOME="\$XDG_DATA_HOME" \ - XDG_CACHE_HOME="\$XDG_CACHE_HOME" \ - XDG_RUNTIME_DIR="\$HOME/run" \ - \ - XDG_DATA_DIRS="$wrapper_XDG_DATA_DIRS" \ - \ - FONTCONFIG_FILE="$TBDATA_IN_STORE/fonts.conf" \ - \ - APULSE_PLAYBACK_DEVICE="\''${APULSE_PLAYBACK_DEVICE:-plug:dmix}" \ - \ - TOR_SKIP_LAUNCH="\''${TOR_SKIP_LAUNCH:-}" \ - TOR_CONTROL_PORT="\''${TOR_CONTROL_PORT:-}" \ - TOR_SOCKS_PORT="\''${TOR_SOCKS_PORT:-}" \ - \ - $self/firefox \ - -no-remote \ - -profile "\$HOME/TorBrowser/Data/Browser/profile.default" \ - "\$@" - EOF - chmod +x $out/bin/tor-browser - - echo "Syntax checking wrapper ..." - bash -n $out/bin/tor-browser - - echo "Checking wrapper ..." - DISPLAY="" XAUTHORITY="" DBUS_SESSION_BUS_ADDRESS="" TBB_HOME=$(mktemp -d) \ - $out/bin/tor-browser -version >/dev/null - ''; - - passthru.execdir = "/bin"; - meta = with stdenv.lib; { - description = "An unofficial version of the Tor Browser Bundle, built from source"; - longDescription = '' - Tor Browser Bundle is a bundle of the Tor daemon, Tor Browser (heavily patched version of - Firefox), several essential extensions for Tor Browser, and some tools that glue those - together with a convenient UI. - - `tor-browser-bundle-bin` package is the official version built by torproject.org patched with - `patchelf` to work under nix and with bundled scripts adapted to the read-only nature of - the `/nix/store`. - - `tor-browser-bundle` package is the version built completely from source. It reuses the `tor` - package for the tor daemon, `firefoxPackages.tor-browser` package for the tor-browser, and - builds all the extensions from source. - - Note that `tor-browser-bundle` package is not only built from source, but also bundles Tor - Browser differently from the official `tor-browser-bundle-bin` implementation. The official - Tor Browser is not a normal UNIX program and is heavily patched for its use in the Tor Browser - Bundle (which `tor-browser-bundle-bin` package then has to work around for the read-only - /nix/store). Meanwhile, `firefoxPackages.tor-browser` reverts all those patches, allowing - `firefoxPackages.tor-browser` to be used independently of the bundle, and then implements what - `tor-browser-bundle` needs for the bundling using a much simpler patch. See the - longDescription and expression of the `firefoxPackages.tor-browser` package for more info. - ''; - inherit (tor-browser-unwrapped.meta) homepage platforms license; - hydraPlatforms = [ ]; - maintainers = with maintainers; [ joachifm ]; - }; -} |