about summary refs log tree commit diff
path: root/nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin
diff options
context:
space:
mode:
authorAlyssa Ross <hi@alyssa.is>2020-01-11 23:37:02 +0000
committerAlyssa Ross <hi@alyssa.is>2020-01-11 23:41:30 +0000
commit6c557e3f1c28cf87e9fba232811d6875dd1399c1 (patch)
tree035a071d5d8980df6de0fa42e2ef8fc0cce7055e /nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin
parentda7500bc026e937ac7fce7b50f67a0e1765737a7 (diff)
parente4134747f5666bcab8680aff67fa3b63384f9a0f (diff)
downloadnixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar
nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.gz
nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.bz2
nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.lz
nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.xz
nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.zst
nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.zip
Merge commit 'e4134747f5666bcab8680aff67fa3b63384f9a0f'
Diffstat (limited to 'nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin')
-rw-r--r--nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix37


1 files changed, 24 insertions, 13 deletions
diff --git a/nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix b/nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix
index 563c0e751c84..1027bf7c71df 100644
--- a/nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix
+++ b/nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix
@@ -44,6 +44,10 @@
 , shared-mime-info
 , gsettings-desktop-schemas
 
+# Hardening
+, graphene-hardened-malloc
+, useHardenedMalloc ? graphene-hardened-malloc != null && builtins.elem stdenv.system graphene-hardened-malloc.meta.platforms
+
 # Whether to disable multiprocess support to work around crashing tabs
 # TODO: fix the underlying problem instead of this terrible work-around
 , disableContentSandbox ? true
@@ -89,19 +93,19 @@ let
   fteLibPath = makeLibraryPath [ stdenv.cc.cc gmp ];
 
   # Upstream source
-  version = "8.5.5";
+  version = "9.0.3";
 
   lang = "en-US";
 
   srcs = {
     x86_64-linux = fetchurl {
       url = "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux64-${version}_${lang}.tar.xz";
-      sha256 = "00r5k9bbfpv3s6shxqypl13psr1zz51xiyz3vmm4flhr2qa4ycsz";
+      sha256 = "0saipnmhjfqwrx0q8mn3zc9n0j5a754cfipdaizbcqwm9dwd70w9";
     };
 
     i686-linux = fetchurl {
-      url = "https://github.com/TheTorProject/gettorbrowser/releases/download/v${version}/tor-browser-linux32-${version}_${lang}.tar.xz";
-      sha256 = "1nxvw5kiggfr4n5an436ass84cvwjviaa894kfm72yf2ls149f29";
+      url = "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux32-${version}_${lang}.tar.xz";
+      sha256 = "19r6zm81p9fv9ldsck5wilcihvb5bifmd1cms6wdkldz8crnn9l6";
     };
   };
 in
@@ -161,15 +165,12 @@ stdenv.mkDerivation rec {
     # interpreter for pre-compiled Go binaries by invoking the interpreter
     # directly.
     sed -i TorBrowser/Data/Tor/torrc-defaults \
-        -e "s|\(ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit\) exec|\1 exec $interp|" \
+        -e "s|\(ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit\) exec|\1 exec $interp|"
 
-    # Fixup fte transport
-    #
-    # Note: the script adds its dirname to search path automatically
-    sed -i TorBrowser/Tor/PluggableTransports/fteproxy.bin \
-        -e "s,/usr/bin/env python,${python27.interpreter},"
+    # Similarly fixup snowflake
+    sed -i TorBrowser/Data/Tor/torrc-defaults \
+        -e "s|\(ClientTransportPlugin snowflake\) exec|\1 exec $interp|"
 
-    patchelf --set-rpath "${fteLibPath}" TorBrowser/Tor/PluggableTransports/fte/cDFA.so
 
     # Prepare for autoconfig.
     #
@@ -233,6 +234,7 @@ stdenv.mkDerivation rec {
 
     # Preload extensions by moving into the runtime instead of storing under the
     # user's profile directory.
+    mkdir -p "$TBB_IN_STORE/browser/extensions"
     mv "$TBB_IN_STORE/TorBrowser/Data/Browser/profile.default/extensions/"* \
       "$TBB_IN_STORE/browser/extensions"
 
@@ -245,6 +247,9 @@ stdenv.mkDerivation rec {
     GeoIPv6File $TBB_IN_STORE/TorBrowser/Data/Tor/geoip6
     EOF
 
+    WRAPPER_LD_PRELOAD=${optionalString useHardenedMalloc
+      "${graphene-hardened-malloc}/lib/libhardened_malloc.so"}
+
     WRAPPER_XDG_DATA_DIRS=${concatMapStringsSep ":" (x: "${x}/share") [
       gnome3.adwaita-icon-theme
       shared-mime-info
@@ -327,6 +332,8 @@ stdenv.mkDerivation rec {
     #
     # XDG_DATA_DIRS is set to prevent searching system dirs (looking for .desktop & icons)
     exec env -i \
+      LD_PRELOAD=$WRAPPER_LD_PRELOAD \
+      \
       TZ=":" \
       TZDIR="\''${TZDIR:-}" \
       LOCALE_ARCHIVE="\$LOCALE_ARCHIVE" \
@@ -370,7 +377,11 @@ stdenv.mkDerivation rec {
     cp $desktopItem/share/applications"/"* $out/share/applications
     sed -i $out/share/applications/torbrowser.desktop \
         -e "s,Exec=.*,Exec=$out/bin/tor-browser," \
-        -e "s,Icon=.*,Icon=web-browser,"
+        -e "s,Icon=.*,Icon=tor-browser,"
+    for i in 16 32 48 64 128; do
+      mkdir -p $out/share/icons/hicolor/''${i}x''${i}/apps/
+      ln -s $out/share/tor-browser/browser/chrome/icons/default/default$i.png $out/share/icons/hicolor/''${i}x''${i}/apps/tor-browser.png
+    done
 
     # Check installed apps
     echo "Checking bundled Tor ..."
@@ -386,7 +397,7 @@ stdenv.mkDerivation rec {
     longDescription = tor-browser-bundle.meta.longDescription;
     homepage = "https://www.torproject.org/";
     platforms = attrNames srcs;
-    maintainers = with maintainers; [ offline matejc doublec thoughtpolice joachifm ];
+    maintainers = with maintainers; [ offline matejc doublec thoughtpolice joachifm hax404 cap ];
     hydraPlatforms = [];
     # MPL2.0+, GPL+, &c.  While it's not entirely clear whether
     # the compound is "libre" in a strict sense (some components place certain

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-01 11:26:02 +0000