tor-browser-bundle: approximate upstream bundle & purity control

author: Joachim Fasting <joachifm@fastmail.fm> 2017-09-26 20:34:18 +0200
committer: Joachim Fasting <joachifm@fastmail.fm> 2017-09-26 23:17:10 +0200
commit: f05d50f36c879400a679498eb9677f8653a892e3 (patch)
tree: 8d2735b08fcf5464a621fca61b098cacdc7c225c /pkgs
parent: 93b9109b460b4ba18a6977fb1aa5e886f697513d (diff)
download: nixlib-f05d50f36c879400a679498eb9677f8653a892e3.tar
nixlib-f05d50f36c879400a679498eb9677f8653a892e3.tar.gz
nixlib-f05d50f36c879400a679498eb9677f8653a892e3.tar.bz2
nixlib-f05d50f36c879400a679498eb9677f8653a892e3.tar.lz
nixlib-f05d50f36c879400a679498eb9677f8653a892e3.tar.xz
nixlib-f05d50f36c879400a679498eb9677f8653a892e3.tar.zst
nixlib-f05d50f36c879400a679498eb9677f8653a892e3.zip
1 files changed, 92 insertions, 5 deletions
diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix b/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix
index 00c2656bc710..73c5dc6b3ee4 100644
--- a/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix
+++ b/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix
@@ -7,6 +7,10 @@
 , tor
 , tor-browser-unwrapped
 
+# Wrapper runtime
+, coreutils
+, hicolor_icon_theme
+, shared_mime_info
 # Extensions, common
 , unzip
 , zip
@@ -217,8 +221,6 @@ stdenv.mkDerivation rec {
     clearPref("extensions.bootstrappedAddons");
 
     // Insist on using IPC for communicating with Tor
-    //
-    // Defaults to $XDG_RUNTIME_DIR/Tor/{socks,control}.socket
     lockPref("extensions.torlauncher.control_port_use_ipc", true);
     lockPref("extensions.torlauncher.socks_port_use_ipc", true);
 
@@ -243,18 +245,103 @@ stdenv.mkDerivation rec {
       >> defaults/pref/extension-overrides.js
 
     # Generate a suitable wrapper
+    wrapper_PATH=${lib.makeBinPath [ coreutils ]}
+    wrapper_XDG_DATA_DIRS=${lib.concatMapStringsSep ":" (x: "${x}/share") [
+      hicolor_icon_theme
+      shared_mime_info
+    ]}
+
     mkdir -p $out/bin
     cat >$out/bin/tor-browser <<EOF
-    #! ${stdenv.shell} -e
+    #! ${stdenv.shell} -eu
+
+    PATH=$wrapper_PATH
 
-    THE_HOME=\$HOME
+    readonly THE_HOME=\$HOME
     TBB_HOME=\''${TBB_HOME:-\''${XDG_DATA_HOME:-$HOME/.local/share}/tor-browser}
+    if [[ \''${TBB_HOME:0:1} != / ]] ; then
+      TBB_HOME=\$PWD/\$TBB_HOME
+    fi
+    readonly TBB_HOME
+
+    # Basic sanity check: never want to vomit directly onto user's homedir
+    if [[ "\$TBB_HOME" = "\$THE_HOME" ]] ; then
+      echo 'TBB_HOME=\$HOME; refusing to run' >&2
+      exit 1
+    fi
+
     mkdir -p "\$TBB_HOME"
 
     HOME=\$TBB_HOME
     cd "\$HOME"
 
-    exec $self/firefox -no-remote about:tor
+    # Re-init XDG basedir envvars
+    XDG_CACHE_HOME=\$HOME/.cache
+    XDG_CONFIG_HOME=\$HOME/.config
+    XDG_DATA_HOME=\$HOME/.local/share
+
+    # Initialize empty TBB runtime state directory hierarchy.  Mirror the
+    # layout used by the official TBB, to avoid the hassle of working
+    # against the assumptions made by tor-launcher & co.
+    mkdir -p "\$HOME/TorBrowser" "\$HOME/TorBrowser/Data"
+
+    # Initialize the Tor data directory.
+    mkdir -p "\$HOME/TorBrowser/Data/Tor"
+
+    # TBB fails if ownership is too permissive
+    chmod 0700 "\$HOME/TorBrowser/Data/Tor"
+
+    # Initialize the browser profile state.  Expect TBB to generate all data.
+    mkdir -p "\$HOME/TorBrowser/Data/Browser/profile.default"
+
+    # Files that capture store paths; re-generated by firefox at startup
+    rm -rf "\$HOME/TorBrowser/Data/Browser/profile.default"/{compatibility.ini,extensions.ini,extensions.json,startupCache}
+
+    # Clear out fontconfig caches
+    rm -f "\$HOME/.cache/fontconfig/"*.cache-*
+
+    # Lift-off!
+    #
+    # TZ is set to avoid stat()ing /etc/localtime over and over ...
+    #
+    # DBUS_SESSION_BUS_ADDRESS is inherited to avoid auto-launching a new
+    # dbus instance; to prevent using the session bus, set the envvar to
+    # an empty/invalid value prior to running tor-browser.
+    #
+    # FONTCONFIG_FILE is required to make fontconfig read the TBB
+    # fonts.conf; upstream uses FONTCONFIG_PATH, but FC_DEBUG=1024
+    # indicates the system fonts.conf being used instead.
+    #
+    # HOME, TMPDIR, XDG_*_HOME are set as a form of soft confinement;
+    # ideally, tor-browser should not write to any path outside TBB_HOME
+    # and should run even under strict confinement to TBB_HOME.
+    #
+    # XDG_DATA_DIRS is set to prevent searching system directories for
+    # mime and icon data.
+    #
+    # Parameters lacking a default value below are *required* (enforced by
+    # -o nounset).
+    exec env -i \
+      TZ=":" \
+      \
+      DISPLAY="\$DISPLAY" \
+      XAUTHORITY="\$XAUTHORITY" \
+      DBUS_SESSION_BUS_ADDRESS="\$DBUS_SESSION_BUS_ADDRESS" \
+      \
+      HOME="\$HOME" \
+      TMPDIR="\$XDG_CACHE_HOME/tmp" \
+      XDG_CONFIG_HOME="\$XDG_CONFIG_HOME" \
+      XDG_DATA_HOME="\$XDG_DATA_HOME" \
+      XDG_CACHE_HOME="\$XDG_CACHE_HOME" \
+      \
+      XDG_DATA_DIRS="$wrapper_XDG_DATA_DIRS" \
+      \
+      FONTCONFIG_FILE="$TBDATA_IN_STORE/fonts.conf" \
+      \
+      $self/firefox \
+        -no-remote \
+        -profile "\$HOME/TorBrowser/Data/Browser/profile.default" \
+        "\$@"
     EOF
     chmod +x $out/bin/tor-browser
   '';
author	Joachim Fasting <joachifm@fastmail.fm>	2017-09-26 20:34:18 +0200
committer	Joachim Fasting <joachifm@fastmail.fm>	2017-09-26 23:17:10 +0200
commit	f05d50f36c879400a679498eb9677f8653a892e3 (patch)
tree	8d2735b08fcf5464a621fca61b098cacdc7c225c /pkgs
parent	93b9109b460b4ba18a6977fb1aa5e886f697513d (diff)
download	nixlib-f05d50f36c879400a679498eb9677f8653a892e3.tar nixlib-f05d50f36c879400a679498eb9677f8653a892e3.tar.gz nixlib-f05d50f36c879400a679498eb9677f8653a892e3.tar.bz2 nixlib-f05d50f36c879400a679498eb9677f8653a892e3.tar.lz nixlib-f05d50f36c879400a679498eb9677f8653a892e3.tar.xz nixlib-f05d50f36c879400a679498eb9677f8653a892e3.tar.zst nixlib-f05d50f36c879400a679498eb9677f8653a892e3.zip