diff mbox series

[bug#42380,WIP] gnu: Add torbrowser-unbundle.

Message ID 20200715211547.GA17146@andel
State New
Headers show
Series [bug#42380,WIP] gnu: Add torbrowser-unbundle. | expand

Checks

Context Check Description
cbaines/comparison success View comparision
cbaines/git branch success View Git branch
cbaines/applying patch fail View Laminar job

Commit Message

André Batista July 15, 2020, 9:15 p.m. UTC
Hello Guix!

The patch bellow adds a torbrowser-unbundle variable, but it needs a
bit of working before merging into master. I've inserted many
comments on the code regarding issues which need attention and
questions that remained. I've decided to send this early notice so I
can ask some questions and get criticism before I go too deep on the
wrong direction.

As the name implies it does not bundle tor and to use it, you need
to have a properly configured system instance. You also need to
configure a ControlPort and a HashedControlPassword if you want to
be able to get new identities while browsing and if you don't want
to keep seeing a warning on startup page. It will create/change
permissions on ${HOME}/Data and use the native Downloads dir. It does
not have bundled fonts, so you will be fingerprintable on levels
bellow safest. It does not have support for obfs4 bridges yet.

There is no startup script for now, you are advised to invoke it with
'--class "Tor Browser"'.

Now for the questions:
- Should it keep unbundled? If so, should we try to unbundle the
  https-everywhere and noscript extensions?
- Is it acceptable to use to use the noscript .xpi, instead of
  building? Upstream just grabs it from addons.mozilla. There does
  not appear to be blobs and the GPL full text is inside it.
- Should we try change the app name at build time or is it enough to
  adapt the name of the startup script (which is not the for now, but
  is certainly needed)?
- Any other things that I've been blind to?

If you don't have time to review the code, but has processing
power available, build it with rounds=2 or try to cross compile
for i686 and comment back.

Thanks,
From 2a9d31c9422de3d7486da6c2ef3e15c3496c7e69 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Wed, 15 Jul 2020 17:24:04 -0300
Subject: [PATCH] gnu: Add torbrowser-unbundle.
To: guix-patches@gnu.org

* gnu/packages/tor.scm (torbrowser-unbundle): New variable.
---
 gnu/packages/tor.scm | 634 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 633 insertions(+), 1 deletion(-)

Comments

Raghav Gururajan Sept. 12, 2020, 1:35 p.m. UTC | #1
Hello Guix!

Thank you all for the hard work. This is a high-time package.

Any idea on when it can be merged to master?, at-least a minimally
viable package?

Regards,
RG.
André Batista Sept. 15, 2020, 3:23 p.m. UTC | #2
Hello Raghav,

sáb 12 set 2020 às 09:35:17 (1599914117), raghavgururajan@disroot.org enviou:
> 
> Thank you all for the hard work. This is a high-time package.

Thank you as well. :)

> Any idea on when it can be merged to master?, at-least a minimally
> viable package?

As of now, I think it's a viable package, but there's still room
for improvement on its definition. If you also care that this
package is available on Guix, I guess the easiest and most
important thing to do right now is to apply the patch series
that I've sent, try it out and report back on your experience.

Happy hacking!
Xinglu Chen May 25, 2021, 3:05 p.m. UTC | #3
What’s the status of these patches?  I would love to see Tor Browser in
Guix!
Leo Famulari May 25, 2021, 7:12 p.m. UTC | #4
On Tue, May 25, 2021 at 05:05:47PM +0200, Xinglu Chen wrote:
> What’s the status of these patches?  I would love to see Tor Browser in
> Guix!

Does this package build the Tor browser from source? Or is it just a
launcher, like the Debian package?

My understanding is that the Tor people discourage anyone else from
distributing builds of the Tor browser.

If it builds from source, we should probably call it something besides
"Tor browser", since it will be different from the official Tor browser
due to the unbundling and other changes.

Also, if it builds from source, it will be easy to identify users of
this package as being Guix users and since the Guix userbase is
relatively small, it will be much easier than usual to positively
identify the person using the package.
Ludovic Courtès May 25, 2021, 9:24 p.m. UTC | #5
Hi,

Leo Famulari <leo@famulari.name> skribis:

> On Tue, May 25, 2021 at 05:05:47PM +0200, Xinglu Chen wrote:
>> What’s the status of these patches?  I would love to see Tor Browser in
>> Guix!
>
> Does this package build the Tor browser from source? Or is it just a
> launcher, like the Debian package?

It builds from source.

And sorry for dropping the ball, André!  If anyone’s willing to give it
a try and report back, or to comment on the patch, that’d be great.

> My understanding is that the Tor people discourage anyone else from
> distributing builds of the Tor browser.
>
> If it builds from source, we should probably call it something besides
> "Tor browser", since it will be different from the official Tor browser
> due to the unbundling and other changes.
>
> Also, if it builds from source, it will be easy to identify users of
> this package as being Guix users and since the Guix userbase is
> relatively small, it will be much easier than usual to positively
> identify the person using the package.

Good points.  I think we could ask the Tor Browser folks (we met with a
couple of them at Reproducible Builds Summits in the past and I’m
confident we’d understand each other :-)).

Thanks,
Ludo’.
André Batista May 28, 2021, 1:45 a.m. UTC | #6
Hi,

ter 25 mai 2021 às 23:24:01 (1621995841), ludo@gnu.org enviou:
> Leo Famulari <leo@famulari.name> skribis:
> 
> > Does this package build the Tor browser from source? Or is it just a
> > launcher, like the Debian package?
> 
> It builds from source.

Apart from noscript which Tor Browser itself does not build from source
and https-everywhere which at the time I thought I'd be able to build
from source but I got stuck on rust dependency nightmare and had to
delay. Unfortunately, this issue still remains to be solved.

> And sorry for dropping the ball, André!  If anyone’s willing to give it
> a try and report back, or to comment on the patch, that’d be great.

No problem, Ludo, it was lacking feedback and I know it's somewhat a
big and delicate piece of software to be merging without it.

> > My understanding is that the Tor people discourage anyone else from
> > distributing builds of the Tor browser.

That's also my understanding, however I do think that building from
source is: 1. the very core of software freedom, despite the relevance
other concerns such as diminishing anonymity set; 2. one of the main
strenghts and what Guix strives for.

> > If it builds from source, we should probably call it something besides
> > "Tor browser", since it will be different from the official Tor browser
> > due to the unbundling and other changes.

I've initially called the package definition "torbrowser-unbundle" and
also inserted a warning that it was _not_ official Tor Browser, but I
did not try to patch sources to rename the browser as it appears after
installed. I can both agree to another name that makes it clearly
appart from the official browser by Tor Project ("nottorbrowser?",
"onionbrowser?") and to work on a patching sources to remove the user
visible name and logo, if it's deemed necessary. (That may take a while
however).

> > Also, if it builds from source, it will be easy to identify users of
> > this package as being Guix users and since the Guix userbase is
> > relatively small, it will be much easier than usual to positively
> > identify the person using the package.

I've tested it with panopticlick.eff.org and it's user identifying bits
remain the same as the official Tor Browser. That said, panopticlick
is certainly not a silver bullet and you have grounds to be concerned.
If someone were to need/want the very best assurances on anonymity set,
I'd advise not to risk it and go with the larger crowd.

On the other hand, until not long ago and maybe currently still, guix
users were using IceCat with tor and that's a much more telling tale.

> Good points.  I think we could ask the Tor Browser folks (we met with a
> couple of them at Reproducible Builds Summits in the past and I’m
> confident we’d understand each other :-)).

That would be great :)

In the mean time, I'll take this as an invitation to send a new patch
version with the latest Tor Browser stable. I've made some minor
improvements such as using tarballs from archive.torproject.org instead
of {git|dist}.torproject.org.

Since they are planning a new stable release in the next few days, I'll
take the time to work on a reproducibility issue that have arised with
the new zip routine to package extensions inside omni.ja which affected
the timestamps, at least the way I did it.

Cheers,
Ludovic Courtès June 3, 2021, 8:43 p.m. UTC | #7
Hi,

André Batista <nandre@riseup.net> skribis:

> Apart from noscript which Tor Browser itself does not build from source
> and https-everywhere which at the time I thought I'd be able to build
> from source but I got stuck on rust dependency nightmare and had to
> delay. Unfortunately, this issue still remains to be solved.

OK, not too bad.

>> > My understanding is that the Tor people discourage anyone else from
>> > distributing builds of the Tor browser.
>
> That's also my understanding, however I do think that building from
> source is: 1. the very core of software freedom, despite the relevance
> other concerns such as diminishing anonymity set; 2. one of the main
> strenghts and what Guix strives for.

+1

> In the mean time, I'll take this as an invitation to send a new patch
> version with the latest Tor Browser stable. I've made some minor
> improvements such as using tarballs from archive.torproject.org instead
> of {git|dist}.torproject.org.
>
> Since they are planning a new stable release in the next few days, I'll
> take the time to work on a reproducibility issue that have arised with
> the new zip routine to package extensions inside omni.ja which affected
> the timestamps, at least the way I did it.

Exciting, thank you!

Ludo’.
Anonymousemail Dec. 27, 2023, 9:22 p.m. UTC | #8
Hi Clément

Thank you for the good hard work. I did some preliminary testing and WebGL seems to be enabled while in the original version it is disabled by default.

Also, some minor differences could be spotted via https://fingerprintjs.github.io/fingerprintjs/ in the "Duration" fields, although I can not pinpoint what is the trigger.
  Thanks,
  Andreas
Clément Lassieur Dec. 28, 2023, 4:03 p.m. UTC | #9
Hello!

On Wed, Dec 27 2023, Anonymousemail wrote:

> Hi Clément Thank you for the good hard work. I did some preliminary
> testing and WebGL seems to be enabled while in the original version it
> is disabled by default.

I just tested on the official version and I can confirm WebGL was
enabled.  I tested with this site: https://get.webgl.org/, and I saw it
in about:support too.

> Also, some minor differences could be spotted via
> https://fingerprintjs.github.io/fingerprintjs/ in the "Duration"
> fields, although I can not pinpoint what is the trigger.

Indeed, I'll have a look at it.  Thanks for telling me!

Clément
Clément Lassieur Dec. 30, 2023, 12:34 a.m. UTC | #10
> Hi Clément Thank you for the good hard work. I did some preliminary testing and WebGL seems to be enabled while in the original version it is
> disabled by default. Also, some minor differences could be spotted via https://fingerprintjs.github.io/fingerprintjs/ in the "Duration" fields,
> although I can not pinpoint what is the trigger. Thanks, Andreas 

Hi, 

I don't think the Duration field matters, it changes all the time
anyway.  It's probably the time it took to get a reply.

What matters on this site is probably the "Visitor identifier" and I get
the same on both "guix packaged torbrowser" and "official torbrowser".

Cheers,
Clément
diff mbox series

Patch

diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index c852c54a5b..528a528403 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -49,7 +49,49 @@ 
   #:use-module (gnu packages qt)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages tls)
-  #:use-module (gnu packages w3m))
+  #:use-module (gnu packages w3m)
+  ;; New flags start here. Verify if they are all needed.
+  #:use-module ((srfi srfi-1) #:hide (zip))
+  #:use-module (ice-9 match)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix gexp)
+  #:use-module (guix store)
+  #:use-module (guix monads)
+  #:use-module (guix build-system cargo)
+  #:use-module (guix build-system trivial)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages audio)
+  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages bash)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages libcanberra)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages libreoffice)  ;for hunspell
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages xorg)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages rust)
+  #:use-module (gnu packages rust-apps)
+  #:use-module (gnu packages llvm)
+  #:use-module (gnu packages nss)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages readline)
+  #:use-module (gnu packages vim) ; for xxd
+  #:use-module (gnu packages sqlite))
 
 (define-public tor
   (package
@@ -324,3 +366,593 @@  statistics and status reports on:
 
 Potential client and exit connections are scrubbed of sensitive information.")
     (license license:gpl3+)))
+
+;; Imported from gnuzilla.scm, make it public there?
+(define* (computed-origin-method gexp-promise hash-algo hash
+                                 #:optional (name "source")
+                                 #:key (system (%current-system))
+                                 (guile (default-guile)))
+  "Return a derivation that executes the G-expression that results
+from forcing GEXP-PROMISE."
+  (mlet %store-monad ((guile (package->derivation guile system)))
+    (gexp->derivation (or name "computed-origin")
+                      (force gexp-promise)
+                      #:graft? #f       ;nothing to graft
+                      #:system system
+                      #:guile-for-build guile)))
+
+(define %torbrowser-version "68.10.0esr-9.5-1")
+(define %torbrowser-build-id "20200709000000") ;must be of the form YYYYMMDDhhmmss
+
+;; (Un)fortunatly TorBrowser has it's own reproducible build system - RBM - which
+;; automates the build process for them and compiles TorBrowser from a range of
+;; repositories and produces a range of tarballs for different architectures and
+;; locales. So we need to nit-pick what is needed for guix and produce our own
+;; tarball. See https://gitweb.torproject.org/builders/tor-browser-build.git/projects/\
+;; {tor-browser,firefox}/{build,config} for the rationale applied here. When built from its
+;; unpatched repo, the 'mozconfig' is different and it errors out on missing
+;; torbutton source code. If we patch 'toolkit/moz.build', it compiles successfuly
+;; but the browser does not run and even if it ran, it would be missing most of
+;; its funcionality. See also the Hacking on TorBrowser document for a high level
+;; introduction (https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking).
+;;
+;; WARNING: For now it still lacks the bundled fonts, obfs4 bridge and locales.
+;; If used on level below safest, the browser accessible fonts are fingerprintable.
+;; On safest, it doesn't seem to be distinguishable from upstream bundle according
+;; to https://panopticlick.eff.org. To access some features, users need to
+;; configure the ControlPort and HashedControlPassword in system torrc and set
+;; TOR_CONTROL_PASSWD accordingly before launching the Browser (ControlPort defaults to
+;; 9051). Without this, the browser will work (try https://check.torproject.org) but
+;; user is presented with a startup page that tells something is wrong.
+(define torbrowser-source
+  (let* ((torbrowser-commit "75c2bb720d4ceb76231e8ecc3455754bf05ba19b")
+         (torbrowser-version %torbrowser-version)
+         (upstream-torbrowser-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference
+                  (url "https://git.torproject.org/tor-browser.git")
+                  (commit torbrowser-commit)))
+            (file-name (git-file-name "tor-browser" torbrowser-version))
+            ;; Substitute for hash syntax.
+            (sha256
+             (base32
+              "19sk46k2bqa72il46pdl534nk2g3fi6l7m7kbglddccxv19ck0k4"))))
+
+         ;; Not used yet, mainly useful for references and for a patched start-tor-browser
+         ;; script in the near future.
+         (torbrowser-build-commit "e94ba3a7677f7051a14b2304427ec8393a450fdc")
+         (torbrowser-build-version "9.5")
+         (upstream-torbrowser-build-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference
+                  (url "https://git.torproject.org/builders/tor-browser-build.git")
+                  (commit torbrowser-build-commit)))
+            (file-name (git-file-name "tor-browser-build" torbrowser-build-version))
+            ;; Substitute for hash syntax.
+            (sha256
+             (base32
+              "1jgkrsckcjgr1lgcwahzdrcasmpghs2ppz6w80fya89pa5d6r0gv"))))
+
+         (torbutton-commit "ebe2bedab44e38f18c7968bd327d99eef7660f34")
+         (torbutton-version "9.5")
+         (upstream-torbutton-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference
+                  (url "https://git.torproject.org/torbutton.git")
+                  (commit torbutton-commit)))
+            (file-name (git-file-name "torbutton" torbutton-version))
+            ;; Substitute for hash syntax.
+            (sha256
+             (base32
+              "03xdyszab1a8j98xv6440v4lq58jkfqgmhxc2a62qz8q085d2x83"))))
+
+         (tor-launcher-commit "b4838d339a84c5ebebd91a0ba6b22d44ecda97b1")
+         (tor-launcher-version "0.2.21")
+         (upstream-tor-launcher-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference
+                  (url "https://git.torproject.org/tor-launcher.git")
+                  (commit tor-launcher-commit)))
+            (file-name (git-file-name "tor-launcher" tor-launcher-version))
+            ;; Substitute for hash syntax.
+            (sha256
+             (base32
+              "0xxwyw1j6dkm2a24kg1564k701p5ikfzs1f9n0gflvlzz9427haf"))))
+
+         ;; TorBrowser uses its own git repo but it appears to be unpatched from upstream
+         ;; and it does no provide a tarball, so let's try upstream for now.
+         (https-everywhere-version "2020.5.20")
+         (upstream-https-everywhere-source
+          (origin
+            (method url-fetch)
+            (uri (string-append "https://github.com/EFForg/https-everywhere/archive/"
+                                https-everywhere-version ".tar.gz"))
+            ;; Substitute for hash syntax.
+            (sha256
+             (base32
+              "027lga3z0a4d7s95id861das7g0k29p7pqh9xd77jm87f7w4l763"))))
+
+         ;; TorBrowser 9.5.1 actualy uses v11.0.32, but let's get latest release.
+         ;; TorProject uses the .xpi instead of compiling the source code.
+         (noscript-xpi-version "11.0.34")
+         (upstream-noscript-xpi
+          (origin
+            (method url-fetch)
+            (uri (string-append "https://secure.informaction.com/download/releases/noscript-"
+                                noscript-xpi-version ".xpi"))
+            (sha256
+             (base32
+              "0y45925ms2bk9d42zbgwcdb2sif8kqlbaflkz15q08gi7vgki6km"))))
+
+         ;; Not used for now. It uses curl to update TLDs at build time which will make
+         ;; the build unreproducible. Also it uses LWM::Simple module which is not available
+         ;; on guix. Moreover, it complains about perl not having regexp capabilities. Patch
+         ;; build script, translate it to guile or just use the .xpi as upstream does?
+         (noscript-version "11.0.34")
+         (upstream-noscript-source
+          (origin
+            (method url-fetch)
+            (uri (string-append "https://github.com/hackademix/noscript/archive/"
+                                noscript-version ".tar.gz"))
+            ;; Substitute for hash syntax.
+            (sha256
+             (base32
+              "1amhdwc62cnp1i7vx4zyqd7iyj52rcr5ks9a39viczpqgfgk7hfy")))))
+
+    ;; Now we bundle the grabbed sources.
+    (origin
+      (method computed-origin-method)
+      (file-name (string-append "torbrowser-" %torbrowser-version ".tar.xz"))
+      (sha256 #f)
+      (uri
+       (delay
+         (with-imported-modules '((guix build utils))
+          #~(begin
+              (use-modules (guix build utils))
+              (let ((torbrowser-dir (string-append "torbrowser-" #$torbrowser-version))
+                    (torbutton-dir "toolkit/torproject/torbutton")
+                    (tor-launcher-dir "browser/extensions/tor-launcher")
+                           (tbb-scripts-dir "tbb-scripts")
+                    (https-everywhere "https-everywhere.tar.gz")
+                    (noscript "noscript.tar.gz")
+                    (noscript-xpi "noscript.xpi"))
+
+                (set-path-environment-variable
+                 "PATH" '("bin")
+                 (list #+(canonical-package bash)
+                       #+(canonical-package xz)
+                       #+(canonical-package tar)))
+
+                (format #t "Copying torbrowser source to writable path ...~%")
+                (force-output)
+                (copy-recursively #+upstream-torbrowser-source
+                                  torbrowser-dir
+                                  #:log (%make-void-port "w"))
+
+                (with-directory-excursion torbrowser-dir
+                  (format #t "Setting torbutton to writable...~%")
+                  (force-output)
+                  (make-file-writable torbutton-dir)
+
+                  (format #t "Copying torbutton source to torbrowser...~%")
+                  (force-output)
+                  (copy-recursively #+upstream-torbutton-source
+                                    torbutton-dir
+                                    #:log (%make-void-port "w"))
+
+                  (format #t "Copying tor-launcher source to torbrowser...~%")
+                  (force-output)
+                  (copy-recursively #+upstream-tor-launcher-source
+                                    tor-launcher-dir
+                                    #:log (%make-void-port "w"))
+
+                  (format #t "Copying tor-browser-build source to torbrowser...~%")
+                  (force-output)
+                  (mkdir tbb-scripts-dir)
+                  (copy-recursively #+upstream-torbrowser-build-source
+                                    tbb-scripts-dir
+                                    #:log (%make-void-port "w"))
+
+                  (format #t "Copying https-everywhere source to torbrowser...~%")
+                  (force-output)
+                  (copy-file #+upstream-https-everywhere-source
+                             https-everywhere)
+
+                  (format #t "Copying noscript source to torbrowser...~%")
+                  (force-output)
+                  (copy-file #+upstream-noscript-source
+                             noscript)
+
+                  (format #t "Copying noscript xpi to torbrowser...~%")
+                  (force-output)
+                  (copy-file #+upstream-noscript-xpi
+                             "noscript.xpi"))
+
+                (invoke "tar" "cvfa" #$output
+                        ;; Avoid non-determinism in the archive. For now just copy icecat timestamp.
+                        "--mtime=@315619200" ; 1980-01-02 UTC
+                        "--owner=root:0"
+                        "--group=root:0"
+                        "--sort=name"
+                        torbrowser-dir)
+                #t))))))))
+
+(define-public torbrowser-unbundle
+  (package
+    (name "torbrowser-unbundle")
+    (version %torbrowser-version)
+    (source torbrowser-source)
+    (build-system gnu-build-system)
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("bzip2" ,bzip2)
+       ("cups" ,cups)
+       ("dbus-glib" ,dbus-glib)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+" ,gtk+)
+       ("gtk+-2" ,gtk+-2)
+       ("graphite2" ,graphite2)
+       ("pango" ,pango)
+       ("freetype" ,freetype)
+       ("harfbuzz" ,harfbuzz)
+       ("libcanberra" ,libcanberra)
+       ("libgnome" ,libgnome)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("libogg" ,libogg)
+       ;; ("libtheora" ,libtheora) ; wants theora-1.2, not yet released
+       ("libvorbis" ,libvorbis)
+       ("libxft" ,libxft)
+       ("libevent" ,libevent)
+       ("libxinerama" ,libxinerama)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libxcomposite" ,libxcomposite)
+       ("libxt" ,libxt)
+       ("libffi" ,libffi)
+       ("ffmpeg" ,ffmpeg)
+       ("libvpx" ,libvpx)
+       ("icu4c" ,icu4c)
+       ("pixman" ,pixman)
+       ("pulseaudio" ,pulseaudio)
+       ("mesa" ,mesa)
+       ("mit-krb5" ,mit-krb5)
+       ;; See <https://bugs.gnu.org/32833>
+       ;;   and related comments in the 'remove-bundled-libraries' phase.
+       ;; UNBUNDLE-ME! ("nspr" ,nspr)
+       ;; UNBUNDLE-ME! ("nss" ,nss)
+       ("shared-mime-info" ,shared-mime-info)
+       ("sqlite" ,sqlite)
+       ("startup-notification" ,startup-notification)
+       ("unzip" ,unzip)
+       ("zip" ,zip)
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("patch" ,(canonical-package patch))
+       ("rust" ,rust)
+       ("cargo" ,rust "cargo")
+       ("rust-cbindgen" ,rust-cbindgen)
+       ("llvm" ,llvm)
+       ("clang" ,clang)
+       ("perl" ,perl)
+       ("node" ,node)
+       ("openssl" ,openssl) ; Required for building https-everywhere
+       ("tar" ,tar) ; for untaring extensions
+       ("util-linux" ,util-linux) ; for getopt on https-everywhere build
+       ("xxd" ,xxd) ; for https-everywhere build
+       ("python" ,python)
+       ("python2" ,python-2.7)
+       ("python2-pysqlite" ,python2-pysqlite)
+       ("yasm" ,yasm)
+       ("nasm" ,nasm)  ; XXX FIXME: only needed on x86_64 and i686
+       ("pkg-config" ,pkg-config)
+       ("autoconf" ,autoconf-2.13)
+       ("which" ,which)))
+    (arguments
+     `(#:tests? #f          ; Some tests are autodone by mach on build fase.
+
+       ;; XXX: There are RUNPATH issues such as
+       ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so,
+       ;; which is not in its RUNPATH, but they appear to be harmless in
+       ;; practice somehow.  See <http://hydra.gnu.org/build/378133>.
+       ;;
+       ;; Is this needed?
+       #:validate-runpath? #f
+
+       #:imported-modules ,%cargo-utils-modules ;for `generate-all-checksums'
+
+       ;; Verify which modules are actually needed.
+       #:modules ((ice-9 ftw)
+                  (ice-9 rdelim)
+                  (ice-9 regex)
+                  (ice-9 match)
+                  (srfi srfi-34)
+                  (srfi srfi-35)
+                  (rnrs bytevectors)
+                  (rnrs io ports)
+                  (guix elf)
+                  (guix build gremlin)
+                  (guix build utils)
+                  (sxml simple)
+                  ,@%gnu-build-system-modules)
+
+       #:phases
+       (modify-phases %standard-phases
+          (add-after 'unpack 'unpack-extensions
+            (lambda* (#:key inputs native-inputs #:allow-other-keys)
+              (let ((https-everywhere-archive "https-everywhere.tar.gz")
+                    (https-everywhere-srcdir "https-everywhere-src")
+                    (noscript-archive "noscript.tar.gz")
+                    (noscript-srcdir "noscript-src")
+                    (bash (which "bash")))
+
+                (setenv "SHELL" bash)
+
+                (mkdir https-everywhere-srcdir)
+                (mkdir noscript-srcdir)
+                (invoke "tar" "xf" https-everywhere-archive "--strip-components=1"
+                        "-C" https-everywhere-srcdir)
+                (invoke "tar" "xf" noscript-archive "--strip-components=1"
+                        "-C" noscript-srcdir))))
+
+         ;; Not used yet. For start-tor-browser patch and possibly others.
+         (add-after 'unpack-extensions 'apply-guix-specific-patches
+           (lambda* (#:key inputs native-inputs #:allow-other-keys)
+             (let ((patch (string-append (assoc-ref (or native-inputs inputs)
+                                                    "patch")
+                                         "/bin/patch")))
+               (for-each (match-lambda
+                           ((label . file)
+                            (when (and (string-prefix? "torbrowser-" label)
+                                       (string-suffix? ".patch" label))
+                              (format #t "applying '~a'...~%" file)
+                              (invoke patch "--force" "--no-backup-if-mismatch"
+                                      "-p1" "--input" file))))
+                         (or native-inputs inputs)))
+             #t))
+
+         ;; On mach build system this is done on configure.
+         (delete 'bootstrap)
+
+         (add-after 'patch-source-shebangs 'patch-cargo-checksums
+           (lambda _
+             (use-modules (guix build cargo-utils))
+             (let ((null-hash "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"))
+               (substitute* '("Cargo.lock" "gfx/wr/Cargo.lock")
+                 (("(\"checksum .* = )\".*\"" all name)
+                  (string-append name "\"" null-hash "\"")))
+               (generate-all-checksums "third_party/rust"))
+             #t))
+
+         (add-after 'build 'neutralize-store-references
+           (lambda _
+             ;; Mangle the store references to compilers & other build tools in
+             ;; about:buildconfig, reducing TorBrowser's closure significant.
+             ;; The resulting files are saved in lib/firefox/omni.ja
+             (substitute* "objdir/dist/bin/chrome/toolkit/content/global/buildconfig.html"
+                          (((format #f "(~a/)([0-9a-df-np-sv-z]{32})"
+                                    (regexp-quote (%store-directory))) _ store hash)
+                           (string-append store
+                                          (string-take hash 8)
+                                          "<!-- Guix: not a runtime dependency -->"
+                                          (string-drop hash 8))))
+             #t))
+
+         (replace 'configure
+           (lambda* (#:key inputs outputs configure-flags #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bash (which "bash"))
+                    ;; Is this needed?
+                    (flags `(,(string-append "--prefix=" out)
+                             ,@configure-flags)))
+
+               (setenv "SHELL" bash)
+               (setenv "AUTOCONF" (string-append
+                                   (assoc-ref %build-inputs "autoconf")
+                                   "/bin/autoconf"))
+               (setenv "CONFIG_SHELL" bash)
+               (setenv "PYTHON" (string-append
+                                 (assoc-ref inputs "python2")
+                                 "/bin/python"))
+               (setenv "MOZ_BUILD_DATE" ,%torbrowser-build-id) ; avoid timestamp.
+               (setenv "LDFLAGS" (string-append
+                                  "-Wl,-rpath="
+                                  (assoc-ref outputs "out")
+                                  "/lib/firefox"))
+
+               ;; Maybe remove --disable-strip since tor-builder strips on another step
+               ;; See tor-browser-build.git/projects/firefox/build:231.
+               ;; Add flag for changing app name to torbrowser or use this name for the start script?
+               (substitute* ".mozconfig"
+                            ;; Arch independent builddir.
+                            (("(mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj).*" _ m)
+                             (string-append m "dir\n"))
+                            (("ac_add_options --disable-tor-launcher") "")
+                            ;; We won't be building incrementals.
+                            (("ac_add_options --enable-signmar") "")
+                            (("ac_add_options --enable-verify-mar") "")
+                            (("ac_add_options --with-tor-browser-version=dev-build")
+                             (string-append "ac_add_options --with-tor-browser-version=org.gnu\n"
+                                            "ac_add_options --with-unsigned-addon-scopes=app\n"
+                                            "ac_add_options --enable-pulseaudio\n"
+                                            "ac_add_options --disable-debug-symbols\n"
+                                            "ac_add_options --disable-updater\n"
+                                            "ac_add_options --disable-gconf\n"
+                                            ;; Other syslibs that can be unbundled? (nss, nspr)
+                                            "ac_add_options --enable-system-pixman\n"
+                                            "ac_add_options --enable-system-ffi\n"
+                                            "ac_add_options --with-system-bz2\n"
+                                            "ac_add_options --with-system-icu\n"
+                                            "ac_add_options --with-system-jpeg\n"
+                                            "ac_add_options --with-system-libevent\n"
+                                            "ac_add_options --with-system-zlib\n"
+                                            ;; Without these clang is not found.
+                                            "ac_add_options --with-clang-path="
+                                            (assoc-ref %build-inputs "clang") "/bin/clang\n"
+                                            "ac_add_options --with-libclang-path="
+                                            (assoc-ref %build-inputs "clang") "/lib\n")))
+
+               ;; See tor-browser-build.git/projects/tor-browser/RelativeLink/start-tor-browser:307 on running
+               ;; with system tor instance.
+               (substitute* "browser/app/profile/000-tor-browser.js"
+                            (("(pref\\(\"network.proxy.socks_port\").*" _ m)
+                             (string-append m ", 9050);\n"))
+                            (("(pref\\(\"extensions.torbutton.loglevel\").*" _ m)
+                             (string-append m ",2);\n"))
+                            (("(pref\\(\"extensions.torbutton.logmethod\").*" _ m)
+                             (string-append m ",0);\n"))
+                            (("(pref\\(\"extensions.torbutton.inserted_button\").*" _ m)
+                             (string-append m ",true);\n"))
+                            (("(pref\\(\"extensions.torbutton.launch_warning\").*" _ m)
+                             (string-append m ",false);\n"))
+                            ;; TorBrowser updates are disabled on mozconfig, but let's make sure.
+                            (("(pref\\(\"extensions.torbutton.versioncheck_enabled\").*" _ m)
+                                (string-append m ",false);\n")))
+
+               (substitute* "browser/extensions/tor-launcher/src/defaults/preferences/torlauncher-prefs.js"
+                            (("(pref\\(\"extensions.torlauncher.start_tor\").*" _ m)
+                             (string-append m ", false);\n"))
+                            (("(pref\\(\"extensions.torlauncher.prompt_at_startup\").*" _ m)
+                             (string-append m ", false);\n"))
+                            ;; Investigate this one: "extensions.torlauncher.only_configure_tor"
+                            ;; on 'tl-util.jsm', would it be a nice addition?
+                            (("(pref\\(\"extensions.torlauncher.should_remove_meek_helper_profiles\").*" _ m)
+                             (string-append m ", false);\n"))
+                            (("(pref\\(\"extensions.torlauncher.loglevel\").*" _ m)
+                             (string-append m ", 2);\n"))
+                            (("(pref\\(\"extensions.torlauncher.logmethod\").*" _ m)
+                             (string-append m ", 0);\n"))
+                            (("(pref\\(\"extensions.torlauncher.control_port\").*" _ m)
+                             (string-append m ", 9051);\n")))
+
+               ;; For user data outside the guix store. Dirty hack. Maybe worth a patch upstream to create a
+               ;; configure flag for guix. It will create/modify permissions on 'Data' dir on $HOME. It also
+               ;; means that TorBrowser will share the Downloads dir on home and not keep its own.
+               ;; Work on start-tor-browser script to set a TorBrowser own home.
+               (substitute* "xpcom/io/TorFileUtils.cpp"
+                            (("ANDROID") "GNUGUIX"))
+               (substitute* "old-configure.in"
+                            (("(AC_SUBST\\(TOR_BROWSER_DISABLE_TOR_LAUNCHER\\))" _ m)
+                             (string-append m "\n AC_DEFINE(GNUGUIX)\n")))
+
+               ;; TODO: change prefs to block autoupdate app and extensions.
+
+               (newline)
+               (format #t "Invoking mach configure ...~%")
+               (force-output)
+               (invoke "./mach" "configure"))))
+
+         ;; Building noscript from source is failing for now. So its sources remain unused.
+         (add-after 'configure 'build-extensions
+           (lambda* (#:key inputs native-inputs #:allow-other-keys)
+             (let* ((bash (which "bash")))
+
+               (setenv "SHELL" bash)
+
+               ;; Python3.6 is hardcoded on these scripts. Using v3.8 appears to be harmless.
+               (with-directory-excursion "https-everywhere-src"
+                                         (substitute* '("install-dev-dependencies.sh"
+                                                        "make.sh"
+                                                        "hooks/precommit"
+                                                        "test/firefox.sh"
+                                                        "test/manual.sh"
+                                                        "test/script.py"
+                                                        "test/validations.sh"
+                                                        "utils/create_zip.py"
+                                                        "utils/merge-rulesets.py"
+                                                        "utils/setversion.py"
+                                                        "utils/zipfile_deterministic.py")
+                                                      (("python3.6") "python3"))
+
+                                         ;; Failing to generate the xpi, but copy-dir appears to be enough.
+                                         ;; Failing on missing 'wasm'?
+                                         (invoke "./make.sh")))))
+
+         (replace 'build
+                  (lambda _ (invoke "./mach" "build")))
+
+         ;; TorBrowser just do a stage-package here and copy files to its places.
+         (replace 'install
+           (lambda* (#:key inputs outputs configure-flags #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (builddir "objdir/dist/firefox")
+                    (libdir (string-append out "/lib/firefox"))
+                    (bindir (string-append out "/bin"))
+                    (noscript-id "{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi")
+                    (extdir (string-append libdir "/browser/extensions")))
+
+               ;; (display "string\n") should be enough here, chage this.
+               (format #t "Staging package ...~%")
+               (force-output)
+               (invoke "./mach" "build" "stage-package")
+               (format #t "Deleting spurious files ...~%")
+               (force-output)
+               ;; TorBrowser doesn't use those. See: tor-browser-build.git/projects/firefox/build:167
+               (for-each delete-file `(,(string-append builddir "/firefox-bin")
+                                       ,(string-append builddir "/libfreeblpriv3.chk")
+                                       ,(string-append builddir "/libnssdbm3.chk")
+                                       ,(string-append builddir "/libsoftokn3.chk")))
+
+               (format #t "Creating install dirs ...~%")
+               (force-output)
+               (mkdir-p libdir)
+               (mkdir bindir)
+
+               (format #t "Copying files to install dirs ...~%")
+               (force-output)
+               (copy-recursively builddir (string-append libdir "/")
+                                 #:log (%make-void-port "w"))
+
+               (format #t "Linking binary ...~%")
+               (force-output)
+               (symlink (string-append libdir "/firefox")
+                        (string-append bindir "/firefox"))
+
+               (format #t "Copying extensions to default path ...~%")
+               (force-output)
+               (mkdir-p extdir)
+               (format #t "Copying noscript ...~%")
+               (force-output)
+               (copy-file "noscript.xpi" (string-append extdir "/" noscript-id))
+               (format #t "Copying https-everywhere ...~%")
+               (force-output)
+               (if (file-exists? "https-everywhere-src/pkg/https-everywhere-2020.5.20~pre-eff.xpi")
+                   (copy-file "https-everywhere-src/pkg/https-everywhere-2020.5.20~pre-eff.xpi"
+                              (string-append extdir "/https-everywhere-eff@eff.org.xpi"))
+                   (copy-recursively "https-everywhere-src/pkg/xpi-eff"
+                                     (string-append extdir "/https-everywhere-eff@eff.org")))
+                                     #:log (%make-void-port "w")))))))
+
+         ;; Thunderbird doesn't provide any .desktop file, but TorBrowser does, however it's staged not installed, let's see.
+         ;;
+         ;; Is this needed? Try to play webmedia!
+         ;;(add-after 'install 'wrap-program
+         ;; (lambda* (#:key inputs outputs #:allow-other-keys)
+         ;;    (let* ((out (assoc-ref outputs "out"))
+         ;;           (lib (string-append out "/lib"))
+         ;;           (gtk (assoc-ref inputs "gtk+"))
+         ;;           (gtk-share (string-append gtk "/share"))
+         ;;           (pulseaudio (assoc-ref inputs "pulseaudio"))
+         ;;           (pulseaudio-lib (string-append pulseaudio "/lib")))
+         ;;      (wrap-program (car (find-files lib "^firefox$"))
+         ;;        `("XDG_DATA_DIRS" prefix (,gtk-share))
+         ;;        `("LD_LIBRARY_PATH" prefix (,pulseaudio-lib)))
+         ;;      #t))))))
+    (home-page "https://www.torproject.org")
+    (synopsis "Anonymous browser derived from Mozilla Firefox")
+    (description
+     "TorBrowser is the Tor Project version of the Firefox browser.  It is
+the only recommended way to anonymously browse the web that is supported by
+the project.  It modifies firefox in order to avoid many know application level
+attacks on the privacy of Tor users.
+
+WARNING: This is not the official TorBrowser and is currently on testing.
+If you have issues using it, do not bother Tor Developers, as it is not the
+official bundle provided by the Tor Project.  Use at your own risk and please
+report back on guix channels.  This version does not bundle @code{tor}, you need
+to configure it as a system service and set ControlPort and HashedControlPassword
+to access some features.")
+    (license license:mpl2.0)))     ;and others, see toolkit/content/license.html