tor-browser-bundle: minor refactorings

author: Joachim Fasting <joachifm@fastmail.fm> 2017-09-28 02:37:13 +0200
committer: Joachim Fasting <joachifm@fastmail.fm> 2017-09-28 15:40:18 +0200
commit: 387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8 (patch)
tree: b64918d7deac5553fe369d389349ff9a5c906c78
parent: 3ec05d6237a9c6303bc83ba7712eaeebb2c21766 (diff)
download: nixlib-387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8.tar
nixlib-387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8.tar.gz
nixlib-387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8.tar.bz2
nixlib-387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8.tar.lz
nixlib-387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8.tar.xz
nixlib-387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8.tar.zst
nixlib-387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8.zip
2 files changed, 28 insertions, 34 deletions
diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix b/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix
index 6b582c756a3b..0e9610247c8c 100644
--- a/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix
+++ b/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix
@@ -1,7 +1,6 @@
 { stdenv
-, lib
-, fetchurl
 , fetchgit
+, fetchurl
 , symlinkJoin
 
 , tor
@@ -42,6 +41,8 @@
 , extraExtensions ? [ ]
 }:
 
+with stdenv.lib;
+
 let
   tor-browser-build_src = fetchgit {
     url = "https://git.torproject.org/builders/tor-browser-build.git";
@@ -54,15 +55,12 @@ let
       git libxml2 python27 python27Packages rsync;
   };
 
-  extensionsEnv = symlinkJoin {
-    name = "tor-browser-extensions";
-    paths = with firefoxExtensions; [
-      https-everywhere
-      noscript
-      torbutton
-      tor-launcher
-    ] ++ extraExtensions;
-  };
+  bundledExtensions = with firefoxExtensions; [
+    https-everywhere
+    noscript
+    torbutton
+    tor-launcher
+  ] ++ extraExtensions;
 
   fontsEnv = symlinkJoin {
     name = "tor-browser-fonts";
@@ -71,7 +69,7 @@ let
 
   fontsDir = "${fontsEnv}/share/fonts";
 
-  gstPluginsPath = lib.concatMapStringsSep ":" (x:
+  gstPluginsPath = concatMapStringsSep ":" (x:
     "${x}/lib/gstreamer-0.10") [
       gstreamer
       gst-plugins-base
@@ -79,7 +77,7 @@ let
       gst-ffmpeg
     ];
 
-  gstLibPath = lib.makeLibraryPath [
+  gstLibPath = makeLibraryPath [
     gstreamer
     gst-plugins-base
     gmp
@@ -96,6 +94,11 @@ stdenv.mkDerivation rec {
 
   buildPhase = ":";
 
+  # The following creates a customized firefox distribution.  For
+  # simplicity, we copy the entire base firefox runtime, to work around
+  # firefox's annoying insistence on resolving the installation directory
+  # relative to the real firefox executable.  A little tacky and
+  # inefficient but it works.
   installPhase = ''
     TBBUILD=${tor-browser-build_src}/projects/tor-browser
     TBDATA_PATH=TorBrowser-Data
@@ -123,6 +126,7 @@ stdenv.mkDerivation rec {
     lockPref("app.update.enabled", false);
     lockPref("extensions.update.autoUpdateDefault", false);
     lockPref("extensions.update.enabled", false);
+    lockPref("extensions.torbutton.updateNeeded", false);
     lockPref("extensions.torbutton.versioncheck_enabled", false);
 
     // Where to find the Nixpkgs tor executable & config
@@ -149,8 +153,7 @@ stdenv.mkDerivation rec {
     EOF
 
     # Preload extensions
-    # XXX: the fact that ln -s env browser/extensions fails, symlinkJoin seems a little redundant ...
-    ln -s -t browser/extensions ${extensionsEnv}"/"*
+    find ${toString bundledExtensions} -name '*.xpi' -exec ln -s -t browser/extensions '{}' '+'
 
     # Copy bundle data
     bundlePlatform=linux
@@ -170,18 +173,18 @@ stdenv.mkDerivation rec {
         > $TBDATA_PATH/fonts.conf
 
     # Generate a suitable wrapper
-    wrapper_PATH=${lib.makeBinPath [ coreutils ]}
-    wrapper_XDG_DATA_DIRS=${lib.concatMapStringsSep ":" (x: "${x}/share") [
+    wrapper_PATH=${makeBinPath [ coreutils ]}
+    wrapper_XDG_DATA_DIRS=${concatMapStringsSep ":" (x: "${x}/share") [
       hicolor_icon_theme
       shared_mime_info
     ]}
 
-    ${lib.optionalString audioSupport ''
+    ${optionalString audioSupport ''
       # apulse uses a non-standard library path ...
       wrapper_LD_LIBRARY_PATH=${apulse}/lib/apulse''${wrapper_LD_LIBRARY_PATH:+:$wrapper_LD_LIBRARY_PATH}
     ''}
 
-    ${lib.optionalString mediaSupport ''
+    ${optionalString mediaSupport ''
       wrapper_LD_LIBRARY_PATH=${gstLibPath}''${wrapper_LD_LIBRARY_PATH:+:$wrapper_LD_LIBRARY_PATH}
     ''}
 
@@ -189,10 +192,12 @@ stdenv.mkDerivation rec {
     cat >$out/bin/tor-browser <<EOF
     #! ${stdenv.shell} -eu
 
+    umask 077
+
     PATH=$wrapper_PATH
 
     readonly THE_HOME=\$HOME
-    TBB_HOME=\''${TBB_HOME:-\''${XDG_DATA_HOME:-$HOME/.local/share}/tor-browser}
+    TBB_HOME=\''${TBB_HOME:-\''${XDG_DATA_HOME:-\$HOME/.local/share}/tor-browser}
     if [[ \''${TBB_HOME:0:1} != / ]] ; then
       TBB_HOME=\$PWD/\$TBB_HOME
     fi
@@ -287,7 +292,7 @@ stdenv.mkDerivation rec {
       \
       APULSE_PLAYBACK_DEVICE="\''${APULSE_PLAYBACK_DEVICE:-plug:dmix}" \
       \
-      GST_PLUGIN_SYSTEM_PATH="${lib.optionalString mediaSupport gstPluginsPath}" \
+      GST_PLUGIN_SYSTEM_PATH="${optionalString mediaSupport gstPluginsPath}" \
       GST_REGISTRY="/dev/null" \
       GST_REGISTRY_UPDATE="no" \
       \
@@ -306,7 +311,7 @@ stdenv.mkDerivation rec {
     bash -n $out/bin/tor-browser
 
     echo "Checking wrapper ..."
-    DISPLAY="" XAUTHORITY="" DBUS_SESSION_BUS_ADDRESS="" TBB_HOME=$TMPDIR/tbb \
+    DISPLAY="" XAUTHORITY="" DBUS_SESSION_BUS_ADDRESS="" TBB_HOME=$(mktemp -d) \
     $out/bin/tor-browser -version >/dev/null
   '';
 
diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle/extensions.nix b/pkgs/applications/networking/browsers/tor-browser-bundle/extensions.nix
index 4adf99365ba3..88ec2ad95093 100644
--- a/pkgs/applications/networking/browsers/tor-browser-bundle/extensions.nix
+++ b/pkgs/applications/networking/browsers/tor-browser-bundle/extensions.nix
@@ -24,6 +24,7 @@
       url = "https://git.torproject.org/https-everywhere.git";
       rev = "refs/tags/${version}";
       sha256 = "0z9madihh4b4z4blvfmh6w1hsv8afyi0x7b243nciq9r4w55xgfa";
+      fetchSubmodules = true;
     };
 
     nativeBuildInputs = [
@@ -35,10 +36,6 @@
       zip
     ];
 
-    unpackPhase = ''
-      cp -dR --no-preserve=mode "$src" src && cd src
-    '';
-
     buildPhase = ''
       $shell ./makexpi.sh ${version} --no-recurse
     '';
@@ -80,10 +77,6 @@
 
     nativeBuildInputs = [ zip ];
 
-    unpackPhase = ''
-      cp -dR --no-preserve=mode "$src" src && cd src
-    '';
-
     buildPhase = ''
       $shell ./makexpi.sh
     '';
@@ -107,10 +100,6 @@
 
     nativeBuildInputs = [ zip ];
 
-    unpackPhase = ''
-      cp -dR --no-preserve=mode "$src" src && cd src
-    '';
-
     buildPhase = ''
       make package
     '';
author	Joachim Fasting <joachifm@fastmail.fm>	2017-09-28 02:37:13 +0200
committer	Joachim Fasting <joachifm@fastmail.fm>	2017-09-28 15:40:18 +0200
commit	387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8 (patch)
tree	b64918d7deac5553fe369d389349ff9a5c906c78
parent	3ec05d6237a9c6303bc83ba7712eaeebb2c21766 (diff)
download	nixlib-387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8.tar nixlib-387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8.tar.gz nixlib-387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8.tar.bz2 nixlib-387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8.tar.lz nixlib-387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8.tar.xz nixlib-387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8.tar.zst nixlib-387f1c75f5bd0d1982e89cb0b5eec6b740fedbe8.zip