mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-25 14:48:25 +03:00
tor-browser-bundle: approximate upstream bundle & purity control
This commit is contained in:
parent
93b9109b46
commit
f05d50f36c
@ -7,6 +7,10 @@
|
|||||||
, tor
|
, tor
|
||||||
, tor-browser-unwrapped
|
, tor-browser-unwrapped
|
||||||
|
|
||||||
|
# Wrapper runtime
|
||||||
|
, coreutils
|
||||||
|
, hicolor_icon_theme
|
||||||
|
, shared_mime_info
|
||||||
# Extensions, common
|
# Extensions, common
|
||||||
, unzip
|
, unzip
|
||||||
, zip
|
, zip
|
||||||
@ -217,8 +221,6 @@ stdenv.mkDerivation rec {
|
|||||||
clearPref("extensions.bootstrappedAddons");
|
clearPref("extensions.bootstrappedAddons");
|
||||||
|
|
||||||
// Insist on using IPC for communicating with Tor
|
// Insist on using IPC for communicating with Tor
|
||||||
//
|
|
||||||
// Defaults to $XDG_RUNTIME_DIR/Tor/{socks,control}.socket
|
|
||||||
lockPref("extensions.torlauncher.control_port_use_ipc", true);
|
lockPref("extensions.torlauncher.control_port_use_ipc", true);
|
||||||
lockPref("extensions.torlauncher.socks_port_use_ipc", true);
|
lockPref("extensions.torlauncher.socks_port_use_ipc", true);
|
||||||
|
|
||||||
@ -243,18 +245,103 @@ stdenv.mkDerivation rec {
|
|||||||
>> defaults/pref/extension-overrides.js
|
>> defaults/pref/extension-overrides.js
|
||||||
|
|
||||||
# Generate a suitable wrapper
|
# Generate a suitable wrapper
|
||||||
|
wrapper_PATH=${lib.makeBinPath [ coreutils ]}
|
||||||
|
wrapper_XDG_DATA_DIRS=${lib.concatMapStringsSep ":" (x: "${x}/share") [
|
||||||
|
hicolor_icon_theme
|
||||||
|
shared_mime_info
|
||||||
|
]}
|
||||||
|
|
||||||
mkdir -p $out/bin
|
mkdir -p $out/bin
|
||||||
cat >$out/bin/tor-browser <<EOF
|
cat >$out/bin/tor-browser <<EOF
|
||||||
#! ${stdenv.shell} -e
|
#! ${stdenv.shell} -eu
|
||||||
|
|
||||||
THE_HOME=\$HOME
|
PATH=$wrapper_PATH
|
||||||
|
|
||||||
|
readonly THE_HOME=\$HOME
|
||||||
TBB_HOME=\''${TBB_HOME:-\''${XDG_DATA_HOME:-$HOME/.local/share}/tor-browser}
|
TBB_HOME=\''${TBB_HOME:-\''${XDG_DATA_HOME:-$HOME/.local/share}/tor-browser}
|
||||||
|
if [[ \''${TBB_HOME:0:1} != / ]] ; then
|
||||||
|
TBB_HOME=\$PWD/\$TBB_HOME
|
||||||
|
fi
|
||||||
|
readonly TBB_HOME
|
||||||
|
|
||||||
|
# Basic sanity check: never want to vomit directly onto user's homedir
|
||||||
|
if [[ "\$TBB_HOME" = "\$THE_HOME" ]] ; then
|
||||||
|
echo 'TBB_HOME=\$HOME; refusing to run' >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
mkdir -p "\$TBB_HOME"
|
mkdir -p "\$TBB_HOME"
|
||||||
|
|
||||||
HOME=\$TBB_HOME
|
HOME=\$TBB_HOME
|
||||||
cd "\$HOME"
|
cd "\$HOME"
|
||||||
|
|
||||||
exec $self/firefox -no-remote about:tor
|
# Re-init XDG basedir envvars
|
||||||
|
XDG_CACHE_HOME=\$HOME/.cache
|
||||||
|
XDG_CONFIG_HOME=\$HOME/.config
|
||||||
|
XDG_DATA_HOME=\$HOME/.local/share
|
||||||
|
|
||||||
|
# Initialize empty TBB runtime state directory hierarchy. Mirror the
|
||||||
|
# layout used by the official TBB, to avoid the hassle of working
|
||||||
|
# against the assumptions made by tor-launcher & co.
|
||||||
|
mkdir -p "\$HOME/TorBrowser" "\$HOME/TorBrowser/Data"
|
||||||
|
|
||||||
|
# Initialize the Tor data directory.
|
||||||
|
mkdir -p "\$HOME/TorBrowser/Data/Tor"
|
||||||
|
|
||||||
|
# TBB fails if ownership is too permissive
|
||||||
|
chmod 0700 "\$HOME/TorBrowser/Data/Tor"
|
||||||
|
|
||||||
|
# Initialize the browser profile state. Expect TBB to generate all data.
|
||||||
|
mkdir -p "\$HOME/TorBrowser/Data/Browser/profile.default"
|
||||||
|
|
||||||
|
# Files that capture store paths; re-generated by firefox at startup
|
||||||
|
rm -rf "\$HOME/TorBrowser/Data/Browser/profile.default"/{compatibility.ini,extensions.ini,extensions.json,startupCache}
|
||||||
|
|
||||||
|
# Clear out fontconfig caches
|
||||||
|
rm -f "\$HOME/.cache/fontconfig/"*.cache-*
|
||||||
|
|
||||||
|
# Lift-off!
|
||||||
|
#
|
||||||
|
# TZ is set to avoid stat()ing /etc/localtime over and over ...
|
||||||
|
#
|
||||||
|
# DBUS_SESSION_BUS_ADDRESS is inherited to avoid auto-launching a new
|
||||||
|
# dbus instance; to prevent using the session bus, set the envvar to
|
||||||
|
# an empty/invalid value prior to running tor-browser.
|
||||||
|
#
|
||||||
|
# FONTCONFIG_FILE is required to make fontconfig read the TBB
|
||||||
|
# fonts.conf; upstream uses FONTCONFIG_PATH, but FC_DEBUG=1024
|
||||||
|
# indicates the system fonts.conf being used instead.
|
||||||
|
#
|
||||||
|
# HOME, TMPDIR, XDG_*_HOME are set as a form of soft confinement;
|
||||||
|
# ideally, tor-browser should not write to any path outside TBB_HOME
|
||||||
|
# and should run even under strict confinement to TBB_HOME.
|
||||||
|
#
|
||||||
|
# XDG_DATA_DIRS is set to prevent searching system directories for
|
||||||
|
# mime and icon data.
|
||||||
|
#
|
||||||
|
# Parameters lacking a default value below are *required* (enforced by
|
||||||
|
# -o nounset).
|
||||||
|
exec env -i \
|
||||||
|
TZ=":" \
|
||||||
|
\
|
||||||
|
DISPLAY="\$DISPLAY" \
|
||||||
|
XAUTHORITY="\$XAUTHORITY" \
|
||||||
|
DBUS_SESSION_BUS_ADDRESS="\$DBUS_SESSION_BUS_ADDRESS" \
|
||||||
|
\
|
||||||
|
HOME="\$HOME" \
|
||||||
|
TMPDIR="\$XDG_CACHE_HOME/tmp" \
|
||||||
|
XDG_CONFIG_HOME="\$XDG_CONFIG_HOME" \
|
||||||
|
XDG_DATA_HOME="\$XDG_DATA_HOME" \
|
||||||
|
XDG_CACHE_HOME="\$XDG_CACHE_HOME" \
|
||||||
|
\
|
||||||
|
XDG_DATA_DIRS="$wrapper_XDG_DATA_DIRS" \
|
||||||
|
\
|
||||||
|
FONTCONFIG_FILE="$TBDATA_IN_STORE/fonts.conf" \
|
||||||
|
\
|
||||||
|
$self/firefox \
|
||||||
|
-no-remote \
|
||||||
|
-profile "\$HOME/TorBrowser/Data/Browser/profile.default" \
|
||||||
|
"\$@"
|
||||||
EOF
|
EOF
|
||||||
chmod +x $out/bin/tor-browser
|
chmod +x $out/bin/tor-browser
|
||||||
'';
|
'';
|
||||||
|
Loading…
Reference in New Issue
Block a user