diff options
Diffstat (limited to 'pkgs/applications')
-rw-r--r-- | pkgs/applications/networking/browsers/torbrowser/default.nix | 301 |
1 files changed, 301 insertions, 0 deletions
diff --git a/pkgs/applications/networking/browsers/torbrowser/default.nix b/pkgs/applications/networking/browsers/torbrowser/default.nix new file mode 100644 index 00000000000..da051c227d2 --- /dev/null +++ b/pkgs/applications/networking/browsers/torbrowser/default.nix @@ -0,0 +1,301 @@ +{ stdenv +, fetchurl +, makeDesktopItem + +# Common run-time dependencies +, zlib + +# libxul run-time dependencies +, alsaLib +, atk +, cairo +, dbus +, dbus_glib +, fontconfig +, freetype +, gdk_pixbuf +, glib +, gtk2 +, libX11 +, libXext +, libXrender +, libXt +, pango + +# Pulseaudio support +, pulseaudioSupport ? mediaSupport +, libpulseaudio + +# Media support (implies pulseaudio support) +, mediaSupport ? false +, gstreamer +, gst-plugins-base +, gst-plugins-good +, gst-ffmpeg +, gmp +, ffmpeg +}: + +with stdenv.lib; + +let + libPath = makeLibraryPath ([ + alsaLib + atk + cairo + dbus + dbus_glib + fontconfig + freetype + gdk_pixbuf + glib + gtk2 + libX11 + libXext + libXrender + libXt + pango + stdenv.cc.cc + zlib + ] + ++ optionals pulseaudioSupport [ libpulseaudio ] + ++ optionals mediaSupport [ + gstreamer + gst-plugins-base + gmp + ffmpeg + ]); + + gstPluginsPath = concatMapStringsSep ":" (x: + "${x}/lib/gstreamer-0.10") [ + gstreamer + gst-plugins-base + gst-plugins-good + gst-ffmpeg + ]; + + # Upstream source + version = "6.5.1"; + + lang = "en-US"; + + srcs = { + "x86_64-linux" = fetchurl { + url = "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux64-${version}_${lang}.tar.xz"; + sha256 = "1p2bgavvyzahqpjg9vp14c0s50rmha3v1hs1c8zvz6fj8fgrhn0i"; + }; + + "i686-linux" = fetchurl { + url = "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux32-${version}_${lang}.tar.xz"; + sha256 = "1zfghr01bhpn39wqaw7hyx7yap7xyla4m3mrgz2vi9a5qsyxmbcr"; + }; + }; +in + +stdenv.mkDerivation rec { + name = "tor-browser-${version}"; + inherit version; + + src = srcs."${stdenv.system}" or (throw "unsupported system: ${stdenv.system}"); + + preferLocalBuild = true; + + desktopItem = makeDesktopItem { + name = "torbrowser"; + exec = "tor-browser"; + icon = "torbrowser"; + desktopName = "Tor Browser"; + genericName = "Web Browser"; + comment = meta.description; + categories = "Network;WebBrowser;Security;"; + }; + + buildCommand = '' + # For convenience ... + TBB_IN_STORE=$out/share/tor-browser + interp=$(< $NIX_CC/nix-support/dynamic-linker) + + # Unpack & enter + mkdir -p "$TBB_IN_STORE" + tar xf "${src}" -C "$TBB_IN_STORE" --strip-components=2 + pushd "$TBB_IN_STORE" + + # Set ELF interpreter + for exe in firefox TorBrowser/Tor/tor ; do + patchelf --set-interpreter "$interp" "$exe" + done + + # The final libPath. Note, we could split this into firefoxLibPath + # and torLibPath for accuracy, but this is more convenient ... + libPath=${libPath}:$TBB_IN_STORE:$TBB_IN_STORE/TorBrowser/Tor + + # Prepare for autoconfig. + # + # See https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment + cat >defaults/pref/autoconfig.js <<EOF + // + pref("general.config.filename", "mozilla.cfg"); + pref("general.config.obscure_value", 0); + EOF + + # Hard-coded Firefox preferences. + cat >mozilla.cfg <<EOF + // First line must be a comment + + // Always update via Nix + lockPref("app.update.auto", false); + lockPref("app.update.enabled", false); + lockPref("extensions.update.autoUpdateDefault", false); + lockPref("extensions.update.enabled", false); + + // User should never change these. Locking prevents these + // values from being written to prefs.js, avoiding Store + // path capture. + lockPref("extensions.torlauncher.torrc-defaults_path", "$TBB_IN_STORE/TorBrowser/Data/Tor/torrc-defaults"); + lockPref("extensions.torlauncher.tor_path", "$TBB_IN_STORE/TorBrowser/Tor/tor"); + + // Reset pref that captures store paths. + clearPref("extensions.xpiState"); + + // Stop obnoxious first-run redirection. + lockPref("noscript.firstRunRedirection", false); + EOF + + # Hard-code path to TBB fonts; see also FONTCONFIG_FILE in + # the wrapper below. + FONTCONFIG_FILE=$TBB_IN_STORE/TorBrowser/Data/fontconfig/fonts.conf + sed -i "$FONTCONFIG_FILE" \ + -e "s,<dir>fonts</dir>,<dir>$TBB_IN_STORE/fonts</dir>," + + # Move default extension overrides into distribution dir, to avoid + # having to synchronize between local state and store. + mv TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js defaults/pref/torbrowser.js + + # Hard-code paths to geoip data files, to prevent them from being + # copied into the local state directory. + cat >>TorBrowser/Data/Tor/torrc-defaults <<EOF + GeoIPFile $TBB_IN_STORE/TorBrowser/Data/Tor/geoip + GeoIPv6File $TBB_IN_STORE/TorBrowser/Data/Tor/geoip6 + EOF + + # Generate wrapper + mkdir -p $out/bin + cat > "$out/bin/tor-browser" << EOF + #! ${stdenv.shell} + set -o errexit -o nounset + + # Enter local state directory. + REAL_HOME=\$HOME + TBB_HOME=\''${TBB_HOME:-''${XDG_DATA_HOME:-\$REAL_HOME/.local/share}/tor-browser} + HOME=\$TBB_HOME + + mkdir -p "\$HOME" + cd "\$HOME" + + # Initialize empty TBB local state directory hierarchy. We + # intentionally mirror the layout that TBB would see if executed from + # the unpacked bundle dir. + mkdir -p "\$HOME/TorBrowser" "\$HOME/TorBrowser/Data" + + # Initialize the Tor data directory. + mkdir -p "\$HOME/TorBrowser/Data/Tor" + + # Initialize the browser profile state. Note that the only data + # copied from the Store payload is the initial bookmark file, which is + # never updated once created. All other files under user's profile + # dir are generated by TBB. + mkdir -p "\$HOME/TorBrowser/Data/Browser/profile.default" + cp -u --no-preserve=mode,owner "$TBB_IN_STORE/TorBrowser/Data/Browser/profile.default/bookmarks.html" \ + "\$HOME/TorBrowser/Data/Browser/profile.default/bookmarks.html" + + # Clear out some files that tend to capture store references but are + # easily generated by firefox at startup. + rm -f "\$HOME/TorBrowser/Data/Browser/profile.default"/{compatibility.ini,extensions.ini,extensions.json} + + # Ensure that we're always using the up-to-date extensions. + ln -snf "$TBB_IN_STORE/TorBrowser/Data/Browser/profile.default/extensions" \ + "\$HOME/TorBrowser/Data/Browser/profile.default/extensions" + + ${optionalString pulseaudioSupport '' + # Figure out some envvars for pulseaudio + : "\''${XDG_RUNTIME_DIR:=/run/user/\$(id -u)}" + : "\''${XDG_CONFIG_HOME:=\$REAL_HOME/.config}" + : "\''${PULSE_SERVER:=\$XDG_RUNTIME_DIR/pulse/native}" + : "\''${PULSE_COOKIE:=\$XDG_CONFIG_HOME/pulse/cookie}" + ''} + + # Font cache files capture store paths; clear them out on the off + # chance that TBB would continue using old font files. + rm -rf "\$HOME/.cache/fontconfig" + + # Lift-off + # + # XAUTHORITY and DISPLAY are required for TBB to work at all. + # + # DBUS_SESSION_BUS_ADDRESS is inherited to avoid auto-launch; to + # prevent that, set it to an empty/invalid value prior to running + # tor-browser. + # + # PULSE_SERVER is necessary for audio playback. + # + # Setting FONTCONFIG_FILE is required to make fontconfig read the TBB + # fonts.conf; upstream uses FONTCONFIG_PATH, but FC_DEBUG=1024 + # indicates the system fonts.conf being used instead. + exec env -i \ + HOME="\$HOME" \ + XAUTHORITY="\$XAUTHORITY" \ + DISPLAY="\$DISPLAY" \ + DBUS_SESSION_BUS_ADDRESS="\$DBUS_SESSION_BUS_ADDRESS" \ + \ + PULSE_SERVER="\''${PULSE_SERVER:-}" \ + PULSE_COOKIE="\''${PULSE_COOKIE:-}" \ + \ + GST_PLUGIN_SYSTEM_PATH="${optionalString mediaSupport gstPluginsPath}" \ + GST_REGISTRY="/dev/null" \ + GST_REGISTRY_UPDATE="no" \ + \ + FONTCONFIG_FILE="$FONTCONFIG_FILE" \ + \ + LD_LIBRARY_PATH="$libPath" \ + \ + "$TBB_IN_STORE/firefox" \ + --class "Tor Browser" \ + -no-remote \ + -profile "\$HOME/TorBrowser/Data/Browser/profile.default" \ + "\''${@}" + EOF + chmod +x $out/bin/tor-browser + + # Easier access to docs + mkdir -p $out/share/doc + ln -s $TBB_IN_STORE/TorBrowser/Docs $out/share/doc/tor-browser + + # Install .desktop item + mkdir -p $out/share/applications + cp $desktopItem/share/applications"/"* $out/share/applications + + # Install icons + mkdir -p $out/share/pixmaps + cp browser/icons/mozicon128.png $out/share/pixmaps/torbrowser.png + + # Check installed apps + echo "Checking bundled Tor ..." + LD_LIBRARY_PATH=$libPath $TBB_IN_STORE/TorBrowser/Tor/tor --version >/dev/null + + echo "Checking tor-browser wrapper ..." + DISPLAY="" XAUTHORITY="" DBUS_SESSION_BUS_ADDRESS="" TBB_HOME=$(mktemp -d) \ + $out/bin/tor-browser --version >/dev/null + ''; + + meta = with stdenv.lib; { + description = "Tor Browser Bundle"; + homepage = https://www.torproject.org/; + platforms = attrNames srcs; + maintainers = with maintainers; [ offline matejc doublec thoughtpolice joachifm ]; + hydraPlatforms = []; + # MPL2.0+, GPL+, &c. While it's not entirely clear whether + # the compound is "libre" in a strict sense (some components place certain + # restrictions on redistribution), it's free enough for our purposes. + license = licenses.free; + }; +} |