diff --git a/pkgs/applications/networking/browsers/torbrowser/default.nix b/pkgs/applications/networking/browsers/torbrowser/default.nix new file mode 100644 index 00000000000..da051c227d2 --- /dev/null +++ b/pkgs/applications/networking/browsers/torbrowser/default.nix @@ -0,0 +1,301 @@ +{ stdenv +, fetchurl +, makeDesktopItem + +# Common run-time dependencies +, zlib + +# libxul run-time dependencies +, alsaLib +, atk +, cairo +, dbus +, dbus_glib +, fontconfig +, freetype +, gdk_pixbuf +, glib +, gtk2 +, libX11 +, libXext +, libXrender +, libXt +, pango + +# Pulseaudio support +, pulseaudioSupport ? mediaSupport +, libpulseaudio + +# Media support (implies pulseaudio support) +, mediaSupport ? false +, gstreamer +, gst-plugins-base +, gst-plugins-good +, gst-ffmpeg +, gmp +, ffmpeg +}: + +with stdenv.lib; + +let + libPath = makeLibraryPath ([ + alsaLib + atk + cairo + dbus + dbus_glib + fontconfig + freetype + gdk_pixbuf + glib + gtk2 + libX11 + libXext + libXrender + libXt + pango + stdenv.cc.cc + zlib + ] + ++ optionals pulseaudioSupport [ libpulseaudio ] + ++ optionals mediaSupport [ + gstreamer + gst-plugins-base + gmp + ffmpeg + ]); + + gstPluginsPath = concatMapStringsSep ":" (x: + "${x}/lib/gstreamer-0.10") [ + gstreamer + gst-plugins-base + gst-plugins-good + gst-ffmpeg + ]; + + # Upstream source + version = "6.5.1"; + + lang = "en-US"; + + srcs = { + "x86_64-linux" = fetchurl { + url = "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux64-${version}_${lang}.tar.xz"; + sha256 = "1p2bgavvyzahqpjg9vp14c0s50rmha3v1hs1c8zvz6fj8fgrhn0i"; + }; + + "i686-linux" = fetchurl { + url = "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux32-${version}_${lang}.tar.xz"; + sha256 = "1zfghr01bhpn39wqaw7hyx7yap7xyla4m3mrgz2vi9a5qsyxmbcr"; + }; + }; +in + +stdenv.mkDerivation rec { + name = "tor-browser-${version}"; + inherit version; + + src = srcs."${stdenv.system}" or (throw "unsupported system: ${stdenv.system}"); + + preferLocalBuild = true; + + desktopItem = makeDesktopItem { + name = "torbrowser"; + exec = "tor-browser"; + icon = "torbrowser"; + desktopName = "Tor Browser"; + genericName = "Web Browser"; + comment = meta.description; + categories = "Network;WebBrowser;Security;"; + }; + + buildCommand = '' + # For convenience ... + TBB_IN_STORE=$out/share/tor-browser + interp=$(< $NIX_CC/nix-support/dynamic-linker) + + # Unpack & enter + mkdir -p "$TBB_IN_STORE" + tar xf "${src}" -C "$TBB_IN_STORE" --strip-components=2 + pushd "$TBB_IN_STORE" + + # Set ELF interpreter + for exe in firefox TorBrowser/Tor/tor ; do + patchelf --set-interpreter "$interp" "$exe" + done + + # The final libPath. Note, we could split this into firefoxLibPath + # and torLibPath for accuracy, but this is more convenient ... + libPath=${libPath}:$TBB_IN_STORE:$TBB_IN_STORE/TorBrowser/Tor + + # Prepare for autoconfig. + # + # See https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment + cat >defaults/pref/autoconfig.js <mozilla.cfg <fonts,$TBB_IN_STORE/fonts," + + # Move default extension overrides into distribution dir, to avoid + # having to synchronize between local state and store. + mv TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js defaults/pref/torbrowser.js + + # Hard-code paths to geoip data files, to prevent them from being + # copied into the local state directory. + cat >>TorBrowser/Data/Tor/torrc-defaults < "$out/bin/tor-browser" << EOF + #! ${stdenv.shell} + set -o errexit -o nounset + + # Enter local state directory. + REAL_HOME=\$HOME + TBB_HOME=\''${TBB_HOME:-''${XDG_DATA_HOME:-\$REAL_HOME/.local/share}/tor-browser} + HOME=\$TBB_HOME + + mkdir -p "\$HOME" + cd "\$HOME" + + # Initialize empty TBB local state directory hierarchy. We + # intentionally mirror the layout that TBB would see if executed from + # the unpacked bundle dir. + mkdir -p "\$HOME/TorBrowser" "\$HOME/TorBrowser/Data" + + # Initialize the Tor data directory. + mkdir -p "\$HOME/TorBrowser/Data/Tor" + + # Initialize the browser profile state. Note that the only data + # copied from the Store payload is the initial bookmark file, which is + # never updated once created. All other files under user's profile + # dir are generated by TBB. + mkdir -p "\$HOME/TorBrowser/Data/Browser/profile.default" + cp -u --no-preserve=mode,owner "$TBB_IN_STORE/TorBrowser/Data/Browser/profile.default/bookmarks.html" \ + "\$HOME/TorBrowser/Data/Browser/profile.default/bookmarks.html" + + # Clear out some files that tend to capture store references but are + # easily generated by firefox at startup. + rm -f "\$HOME/TorBrowser/Data/Browser/profile.default"/{compatibility.ini,extensions.ini,extensions.json} + + # Ensure that we're always using the up-to-date extensions. + ln -snf "$TBB_IN_STORE/TorBrowser/Data/Browser/profile.default/extensions" \ + "\$HOME/TorBrowser/Data/Browser/profile.default/extensions" + + ${optionalString pulseaudioSupport '' + # Figure out some envvars for pulseaudio + : "\''${XDG_RUNTIME_DIR:=/run/user/\$(id -u)}" + : "\''${XDG_CONFIG_HOME:=\$REAL_HOME/.config}" + : "\''${PULSE_SERVER:=\$XDG_RUNTIME_DIR/pulse/native}" + : "\''${PULSE_COOKIE:=\$XDG_CONFIG_HOME/pulse/cookie}" + ''} + + # Font cache files capture store paths; clear them out on the off + # chance that TBB would continue using old font files. + rm -rf "\$HOME/.cache/fontconfig" + + # Lift-off + # + # XAUTHORITY and DISPLAY are required for TBB to work at all. + # + # DBUS_SESSION_BUS_ADDRESS is inherited to avoid auto-launch; to + # prevent that, set it to an empty/invalid value prior to running + # tor-browser. + # + # PULSE_SERVER is necessary for audio playback. + # + # Setting FONTCONFIG_FILE is required to make fontconfig read the TBB + # fonts.conf; upstream uses FONTCONFIG_PATH, but FC_DEBUG=1024 + # indicates the system fonts.conf being used instead. + exec env -i \ + HOME="\$HOME" \ + XAUTHORITY="\$XAUTHORITY" \ + DISPLAY="\$DISPLAY" \ + DBUS_SESSION_BUS_ADDRESS="\$DBUS_SESSION_BUS_ADDRESS" \ + \ + PULSE_SERVER="\''${PULSE_SERVER:-}" \ + PULSE_COOKIE="\''${PULSE_COOKIE:-}" \ + \ + GST_PLUGIN_SYSTEM_PATH="${optionalString mediaSupport gstPluginsPath}" \ + GST_REGISTRY="/dev/null" \ + GST_REGISTRY_UPDATE="no" \ + \ + FONTCONFIG_FILE="$FONTCONFIG_FILE" \ + \ + LD_LIBRARY_PATH="$libPath" \ + \ + "$TBB_IN_STORE/firefox" \ + --class "Tor Browser" \ + -no-remote \ + -profile "\$HOME/TorBrowser/Data/Browser/profile.default" \ + "\''${@}" + EOF + chmod +x $out/bin/tor-browser + + # Easier access to docs + mkdir -p $out/share/doc + ln -s $TBB_IN_STORE/TorBrowser/Docs $out/share/doc/tor-browser + + # Install .desktop item + mkdir -p $out/share/applications + cp $desktopItem/share/applications"/"* $out/share/applications + + # Install icons + mkdir -p $out/share/pixmaps + cp browser/icons/mozicon128.png $out/share/pixmaps/torbrowser.png + + # Check installed apps + echo "Checking bundled Tor ..." + LD_LIBRARY_PATH=$libPath $TBB_IN_STORE/TorBrowser/Tor/tor --version >/dev/null + + echo "Checking tor-browser wrapper ..." + DISPLAY="" XAUTHORITY="" DBUS_SESSION_BUS_ADDRESS="" TBB_HOME=$(mktemp -d) \ + $out/bin/tor-browser --version >/dev/null + ''; + + meta = with stdenv.lib; { + description = "Tor Browser Bundle"; + homepage = https://www.torproject.org/; + platforms = attrNames srcs; + maintainers = with maintainers; [ offline matejc doublec thoughtpolice joachifm ]; + hydraPlatforms = []; + # MPL2.0+, GPL+, &c. While it's not entirely clear whether + # the compound is "libre" in a strict sense (some components place certain + # restrictions on redistribution), it's free enough for our purposes. + license = licenses.free; + }; +} diff --git a/pkgs/tools/security/tor/torbrowser.nix b/pkgs/tools/security/tor/torbrowser.nix deleted file mode 100644 index 80a92b4a932..00000000000 --- a/pkgs/tools/security/tor/torbrowser.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ stdenv, fetchurl, makeDesktopItem -, libXrender, libX11, libXext, libXt, alsaLib, dbus, dbus_glib, glib, gtk2 -, atk, pango, freetype, fontconfig, gdk_pixbuf, cairo, zlib -, gstreamer, gst-plugins-base, gst-plugins-good, gst-ffmpeg, gmp, ffmpeg -, libpulseaudio -, mediaSupport ? false -}: - -let - libPath = stdenv.lib.makeLibraryPath ([ - stdenv.cc.cc zlib glib alsaLib dbus dbus_glib gtk2 atk pango freetype - fontconfig gdk_pixbuf cairo libXrender libX11 libXext libXt - ] ++ stdenv.lib.optionals mediaSupport [ - gstreamer gst-plugins-base gmp ffmpeg - libpulseaudio - ]); - - # Ignored if !mediaSupport - gstPlugins = [ gstreamer gst-plugins-base gst-plugins-good gst-ffmpeg ]; - - gstPluginsPath = stdenv.lib.concatMapStringsSep ":" (x: - "${x}/lib/gstreamer-0.10") gstPlugins; -in - -stdenv.mkDerivation rec { - name = "tor-browser-${version}"; - version = "6.5.1"; - - src = fetchurl { - url = "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux${if stdenv.is64bit then "64" else "32"}-${version}_en-US.tar.xz"; - sha256 = if stdenv.is64bit then - "1p2bgavvyzahqpjg9vp14c0s50rmha3v1hs1c8zvz6fj8fgrhn0i" else - "1zfghr01bhpn39wqaw7hyx7yap7xyla4m3mrgz2vi9a5qsyxmbcr"; - }; - - preferLocalBuild = true; - - desktopItem = makeDesktopItem { - name = "torbrowser"; - exec = "tor-browser"; - icon = "torbrowser"; - desktopName = "Tor Browser"; - genericName = "Tor Browser"; - comment = meta.description; - categories = "Network;WebBrowser;Security;"; - }; - - patchPhase = '' - patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" Browser/firefox - patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" Browser/TorBrowser/Tor/tor - - sed -e "s,./TorBrowser,$out/share/tor-browser/Browser/TorBrowser,g" -i Browser/TorBrowser/Data/Tor/torrc-defaults - ''; - - doCheck = true; - checkPhase = '' - echo "Checking firefox..." - LD_LIBRARY_PATH=${libPath} Browser/firefox --help 1> /dev/null - echo "Checking tor..." - LD_LIBRARY_PATH=${libPath}:Browser/TorBrowser/Tor Browser/TorBrowser/Tor/tor --help 1> /dev/null - ''; - - installPhase = '' - mkdir -p $out/share/tor-browser - mkdir -p $out/bin - cp -R * $out/share/tor-browser - - cat > "$out/bin/tor-browser" << EOF - #! ${stdenv.shell} - unset SESSION_MANAGER - export HOME="\$HOME/.torbrowser4" - if [ ! -d \$HOME ]; then - mkdir -p \$HOME && cp -R $out/share/tor-browser/Browser/TorBrowser/Data \$HOME/ && chmod -R +w \$HOME - echo "pref(\"extensions.torlauncher.tordatadir_path\", \"\$HOME/Data/Tor/\");" >> \ - ~/Data/Browser/profile.default/preferences/extension-overrides.js - echo "pref(\"extensions.torlauncher.torrc-defaults_path\", \"\$HOME/Data/Tor/torrc-defaults\");" >> \ - ~/Data/Browser/profile.default/preferences/extension-overrides.js - echo "pref(\"extensions.torlauncher.tor_path\", \"$out/share/tor-browser/Browser/TorBrowser/Tor/tor\");" >> \ - ~/Data/Browser/profile.default/preferences/extension-overrides.js - fi - export FONTCONFIG_PATH=\$HOME/Data/fontconfig - export LD_LIBRARY_PATH=${libPath}:$out/share/tor-browser/Browser/TorBrowser/Tor - ${stdenv.lib.optionalString mediaSupport '' - export GST_PLUGIN_SYSTEM_PATH=${gstPluginsPath} - ''} - exec $out/share/tor-browser/Browser/firefox --class "Tor Browser" -no-remote -profile ~/Data/Browser/profile.default "\$@" - EOF - chmod +x $out/bin/tor-browser - - mkdir -p $out/share/applications - cp $desktopItem/share/applications"/"* $out/share/applications - - mkdir -p $out/share/pixmaps - cp Browser/browser/icons/mozicon128.png $out/share/pixmaps/torbrowser.png - ''; - - meta = with stdenv.lib; { - description = "Tor Browser Bundle"; - homepage = https://www.torproject.org/; - platforms = platforms.linux; - maintainers = with maintainers; [ offline matejc doublec thoughtpolice joachifm ]; - }; -} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 217137c210f..7970732ce3f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4189,7 +4189,7 @@ with pkgs; tor-arm = callPackage ../tools/security/tor/tor-arm.nix { }; - torbrowser = callPackage ../tools/security/tor/torbrowser.nix { }; + torbrowser = callPackage ../applications/networking/browsers/torbrowser { }; touchegg = callPackage ../tools/inputmethods/touchegg { };