1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
|
{ stdenv
, fetchurl
, makeDesktopItem
# Common run-time dependencies
, zlib
# libxul run-time dependencies
, atk
, cairo
, dbus
, dbus-glib
, fontconfig
, freetype
, gdk-pixbuf
, glib
, gtk3
, libxcb
, libX11
, libXext
, libXrender
, libXt
, pango
, audioSupport ? mediaSupport
, pulseaudioSupport ? false
, libpulseaudio
, apulse
# Media support (implies audio support)
, mediaSupport ? false
, ffmpeg
, gmp
# Pluggable transport dependencies
, python27
# Wrapper runtime
, coreutils
, glibcLocales
, gnome3
, runtimeShell
, shared-mime-info
, gsettings-desktop-schemas
# Hardening
, graphene-hardened-malloc
, useHardenedMalloc ? graphene-hardened-malloc != null && builtins.elem stdenv.system graphene-hardened-malloc.meta.platforms
# Whether to disable multiprocess support to work around crashing tabs
# TODO: fix the underlying problem instead of this terrible work-around
, disableContentSandbox ? true
# Extra preferences
, extraPrefs ? ""
# For meta
, tor-browser-bundle
}:
with stdenv.lib;
let
libPath = makeLibraryPath libPkgs;
libPkgs = [
atk
cairo
dbus
dbus-glib
fontconfig
freetype
gdk-pixbuf
glib
gtk3
libxcb
libX11
libXext
libXrender
libXt
pango
stdenv.cc.cc
stdenv.cc.libc
zlib
]
++ optionals pulseaudioSupport [ libpulseaudio ]
++ optionals mediaSupport [
ffmpeg
];
# Library search path for the fte transport
fteLibPath = makeLibraryPath [ stdenv.cc.cc gmp ];
# Upstream source
version = "9.0.2";
lang = "en-US";
srcs = {
x86_64-linux = fetchurl {
url = "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux64-${version}_${lang}.tar.xz";
sha256 = "1xdnqphsj7wzwyv927jwd3fi36srx0minydwl5jg5yyd3m3if9hb";
};
i686-linux = fetchurl {
url = "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux32-${version}_${lang}.tar.xz";
sha256 = "1qk9fg5dvyyvbngsqla00by8a974mpvq9pnm2djif54lr2nfivwf";
};
};
in
stdenv.mkDerivation rec {
pname = "tor-browser-bundle-bin";
inherit version;
src = srcs.${stdenv.hostPlatform.system} or (throw "unsupported system: ${stdenv.hostPlatform.system}");
preferLocalBuild = true;
allowSubstitutes = false;
desktopItem = makeDesktopItem {
name = "torbrowser";
exec = "tor-browser";
icon = "torbrowser";
desktopName = "Tor Browser";
genericName = "Web Browser";
comment = meta.description;
categories = "Network;WebBrowser;Security;";
};
buildCommand = ''
# For convenience ...
TBB_IN_STORE=$out/share/tor-browser
interp=$(< $NIX_CC/nix-support/dynamic-linker)
# Unpack & enter
mkdir -p "$TBB_IN_STORE"
tar xf "${src}" -C "$TBB_IN_STORE" --strip-components=2
pushd "$TBB_IN_STORE"
# Set ELF interpreter
for exe in firefox.real TorBrowser/Tor/tor ; do
echo "Setting ELF interpreter on $exe ..." >&2
patchelf --set-interpreter "$interp" "$exe"
done
# firefox is a wrapper that checks for a more recent libstdc++ & appends it to the ld path
mv firefox.real firefox
# The final libPath. Note, we could split this into firefoxLibPath
# and torLibPath for accuracy, but this is more convenient ...
libPath=${libPath}:$TBB_IN_STORE:$TBB_IN_STORE/TorBrowser/Tor
# apulse uses a non-standard library path. For now special-case it.
${optionalString (audioSupport && !pulseaudioSupport) ''
libPath=${apulse}/lib/apulse:$libPath
''}
# Fixup paths to pluggable transports.
sed -i TorBrowser/Data/Tor/torrc-defaults \
-e "s,./TorBrowser,$TBB_IN_STORE/TorBrowser,g"
# Fixup obfs transport. Work around patchelf failing to set
# interpreter for pre-compiled Go binaries by invoking the interpreter
# directly.
sed -i TorBrowser/Data/Tor/torrc-defaults \
-e "s|\(ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit\) exec|\1 exec $interp|"
# Similarly fixup snowflake
sed -i TorBrowser/Data/Tor/torrc-defaults \
-e "s|\(ClientTransportPlugin snowflake\) exec|\1 exec $interp|"
# Prepare for autoconfig.
#
# See https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment
cat >defaults/pref/autoconfig.js <<EOF
//
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
EOF
# Hard-coded Firefox preferences.
cat >mozilla.cfg <<EOF
// First line must be a comment
// Always update via Nixpkgs
lockPref("app.update.auto", false);
lockPref("app.update.enabled", false);
lockPref("extensions.update.autoUpdateDefault", false);
lockPref("extensions.update.enabled", false);
lockPref("extensions.torbutton.versioncheck_enabled", false);
// User should never change these. Locking prevents these
// values from being written to prefs.js, avoiding Store
// path capture.
lockPref("extensions.torlauncher.torrc-defaults_path", "$TBB_IN_STORE/TorBrowser/Data/Tor/torrc-defaults");
lockPref("extensions.torlauncher.tor_path", "$TBB_IN_STORE/TorBrowser/Tor/tor");
// Reset pref that captures store paths.
clearPref("extensions.xpiState");
// Stop obnoxious first-run redirection.
lockPref("noscript.firstRunRedirection", false);
// Insist on using IPC for communicating with Tor
//
// Defaults to creating \$TBB_HOME/TorBrowser/Data/Tor/{socks,control}.socket
lockPref("extensions.torlauncher.control_port_use_ipc", true);
lockPref("extensions.torlauncher.socks_port_use_ipc", true);
// Optionally disable multiprocess support. We always set this to ensure that
// toggling the pref takes effect.
lockPref("browser.tabs.remote.autostart.2", ${if disableContentSandbox then "false" else "true"});
// Allow sandbox access to sound devices if using ALSA directly
${if (audioSupport && !pulseaudioSupport) then ''
pref("security.sandbox.content.write_path_whitelist", "/dev/snd/");
'' else ''
clearPref("security.sandbox.content.write_path_whitelist");
''}
${optionalString (extraPrefs != "") ''
${extraPrefs}
''}
EOF
# Hard-code path to TBB fonts; see also FONTCONFIG_FILE in
# the wrapper below.
FONTCONFIG_FILE=$TBB_IN_STORE/TorBrowser/Data/fontconfig/fonts.conf
sed -i "$FONTCONFIG_FILE" \
-e "s,<dir>fonts</dir>,<dir>$TBB_IN_STORE/fonts</dir>,"
# Preload extensions by moving into the runtime instead of storing under the
# user's profile directory.
mkdir -p "$TBB_IN_STORE/browser/extensions"
mv "$TBB_IN_STORE/TorBrowser/Data/Browser/profile.default/extensions/"* \
"$TBB_IN_STORE/browser/extensions"
# Hard-code paths to geoip data files. TBB resolves the geoip files
# relative to torrc-defaults_path but if we do not hard-code them
# here, these paths end up being written to the torrc in the user's
# state dir.
cat >>TorBrowser/Data/Tor/torrc-defaults <<EOF
GeoIPFile $TBB_IN_STORE/TorBrowser/Data/Tor/geoip
GeoIPv6File $TBB_IN_STORE/TorBrowser/Data/Tor/geoip6
EOF
WRAPPER_LD_PRELOAD=${optionalString useHardenedMalloc
"${graphene-hardened-malloc}/lib/libhardened_malloc.so"}
WRAPPER_XDG_DATA_DIRS=${concatMapStringsSep ":" (x: "${x}/share") [
gnome3.adwaita-icon-theme
shared-mime-info
]}
WRAPPER_XDG_DATA_DIRS+=":"${concatMapStringsSep ":" (x: "${x}/share/gsettings-schemas/${x.name}") [
glib
gsettings-desktop-schemas
gtk3
]};
# Generate wrapper
mkdir -p $out/bin
cat > "$out/bin/tor-browser" << EOF
#! ${runtimeShell}
set -o errexit -o nounset
PATH=${makeBinPath [ coreutils ]}
export LC_ALL=C
export LOCALE_ARCHIVE=${glibcLocales}/lib/locale/locale-archive
# Enter local state directory.
REAL_HOME=\$HOME
TBB_HOME=\''${TBB_HOME:-''${XDG_DATA_HOME:-\$REAL_HOME/.local/share}/tor-browser}
HOME=\$TBB_HOME
mkdir -p "\$HOME"
cd "\$HOME"
# Initialize empty TBB local state directory hierarchy. We
# intentionally mirror the layout that TBB would see if executed from
# the unpacked bundle dir.
mkdir -p "\$HOME/TorBrowser" "\$HOME/TorBrowser/Data"
# Initialize the Tor data directory.
mkdir -p "\$HOME/TorBrowser/Data/Tor"
# TBB will fail if ownership is too permissive
chmod 0700 "\$HOME/TorBrowser/Data/Tor"
# Initialize the browser profile state. Note that the only data
# copied from the Store payload is the initial bookmark file, which is
# never updated once created. All other files under user's profile
# dir are generated by TBB.
mkdir -p "\$HOME/TorBrowser/Data/Browser/profile.default"
cp -u --no-preserve=mode,owner "$TBB_IN_STORE/TorBrowser/Data/Browser/profile.default/bookmarks.html" \
"\$HOME/TorBrowser/Data/Browser/profile.default/bookmarks.html"
# Clear out some files that tend to capture store references but are
# easily generated by firefox at startup.
rm -f "\$HOME/TorBrowser/Data/Browser/profile.default"/{addonStartup.json.lz4,compatibility.ini,extensions.ini,extensions.json}
rm -f "\$HOME/TorBrowser/Data/Browser/profile.default"/startupCache/*
# XDG
: "\''${XDG_RUNTIME_DIR:=/run/user/\$(id -u)}"
: "\''${XDG_CONFIG_HOME:=\$REAL_HOME/.config}"
${optionalString pulseaudioSupport ''
# Figure out some envvars for pulseaudio
: "\''${PULSE_SERVER:=\$XDG_RUNTIME_DIR/pulse/native}"
: "\''${PULSE_COOKIE:=\$XDG_CONFIG_HOME/pulse/cookie}"
''}
# Font cache files capture store paths; clear them out on the off
# chance that TBB would continue using old font files.
rm -rf "\$HOME/.cache/fontconfig"
# Lift-off
#
# XAUTHORITY and DISPLAY are required for TBB to work at all.
#
# DBUS_SESSION_BUS_ADDRESS is inherited to avoid auto-launch; to
# prevent that, set it to an empty/invalid value prior to running
# tor-browser.
#
# PULSE_SERVER is necessary for audio playback.
#
# Setting FONTCONFIG_FILE is required to make fontconfig read the TBB
# fonts.conf; upstream uses FONTCONFIG_PATH, but FC_DEBUG=1024
# indicates the system fonts.conf being used instead.
#
# XDG_DATA_DIRS is set to prevent searching system dirs (looking for .desktop & icons)
exec env -i \
LD_PRELOAD=$WRAPPER_LD_PRELOAD \
\
TZ=":" \
TZDIR="\''${TZDIR:-}" \
LOCALE_ARCHIVE="\$LOCALE_ARCHIVE" \
\
TMPDIR="\''${TMPDIR:-/tmp}" \
HOME="\$HOME" \
XAUTHORITY="\''${XAUTHORITY:-\$HOME/.Xauthority}" \
DISPLAY="\$DISPLAY" \
DBUS_SESSION_BUS_ADDRESS="\''${DBUS_SESSION_BUS_ADDRESS:-unix:path=\$XDG_RUNTIME_DIR/bus}" \\
\
XDG_DATA_HOME="\$HOME/.local/share" \
XDG_DATA_DIRS="$WRAPPER_XDG_DATA_DIRS" \
\
PULSE_SERVER="\''${PULSE_SERVER:-}" \
PULSE_COOKIE="\''${PULSE_COOKIE:-}" \
\
APULSE_PLAYBACK_DEVICE="\''${APULSE_PLAYBACK_DEVICE:-plug:dmix}" \
\
TOR_SKIP_LAUNCH="\''${TOR_SKIP_LAUNCH:-}" \
TOR_CONTROL_PORT="\''${TOR_CONTROL_PORT:-}" \
TOR_SOCKS_PORT="\''${TOR_SOCKS_PORT:-}" \
\
FONTCONFIG_FILE="$FONTCONFIG_FILE" \
\
LD_LIBRARY_PATH="$libPath" \
\
"$TBB_IN_STORE/firefox" \
--class "Tor Browser" \
-no-remote \
-profile "\$HOME/TorBrowser/Data/Browser/profile.default" \
"\''${@}"
EOF
chmod +x $out/bin/tor-browser
# Easier access to docs
mkdir -p $out/share/doc
ln -s $TBB_IN_STORE/TorBrowser/Docs $out/share/doc/tor-browser
# Install .desktop item
mkdir -p $out/share/applications
cp $desktopItem/share/applications"/"* $out/share/applications
sed -i $out/share/applications/torbrowser.desktop \
-e "s,Exec=.*,Exec=$out/bin/tor-browser," \
-e "s,Icon=.*,Icon=tor-browser,"
for i in 16 32 48 64 128; do
mkdir -p $out/share/icons/hicolor/''${i}x''${i}/apps/
ln -s $out/share/tor-browser/browser/chrome/icons/default/default$i.png $out/share/icons/hicolor/''${i}x''${i}/apps/tor-browser.png
done
# Check installed apps
echo "Checking bundled Tor ..."
LD_LIBRARY_PATH=$libPath $TBB_IN_STORE/TorBrowser/Tor/tor --version >/dev/null
echo "Checking tor-browser wrapper ..."
DISPLAY="" XAUTHORITY="" DBUS_SESSION_BUS_ADDRESS="" TBB_HOME=$(mktemp -d) \
$out/bin/tor-browser --version >/dev/null
'';
meta = with stdenv.lib; {
description = "Tor Browser Bundle built by torproject.org";
longDescription = tor-browser-bundle.meta.longDescription;
homepage = "https://www.torproject.org/";
platforms = attrNames srcs;
maintainers = with maintainers; [ offline matejc doublec thoughtpolice joachifm hax404 cap ];
hydraPlatforms = [];
# MPL2.0+, GPL+, &c. While it's not entirely clear whether
# the compound is "libre" in a strict sense (some components place certain
# restrictions on redistribution), it's free enough for our purposes.
license = licenses.free;
};
}
|