[bug#71782,v5,3/4] gnu: torbrowser: Update to 13.5.3 [security fixes].

Fixes CVEs 2024-6600, 2024-6601, 2024-6602, 2024-6603, 2024-6604,
2024-7519, 2024-7521, 2024-7522, 2024-7524, 2024-7525, 2024-7526,
2024-7527, 2024-7529, 2024-7531, 2024-8381, 2024-8382, 2024-8383 and
2024-8384.

See the Mozilla Foundation Security advisories
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/>,
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/> and
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/>
for details.

* gnu/packages/tor-browsers.scm (%torbrowser-build-date): Update to
20240903073000.
(%torbrowser-version): Update to 13.5.3.
(%torbrowser-firefox-version): Update to 115.15.0esr-13.5-1-build3.
(%torbrowser-locales): Change it to be a plain list of supported locales.
(firefox-locales): New variable.
(torbrowser-translation-base): Update to
daed2afc487d1b20efc17feb153156524c6f714b.
(torbrowser-translation-specific): Update to
6374e3b09c0894b8452fa1ba0b99c807722fc805.
(lld-as-ld-wrapper-16): New variable.
(make-torbrowser)[native-inputs]: Add lld-as-ld-wrapper-16. Use
llvm-16 and clang-16.
  [inputs]: Add firefox-locales.
  [arguments] <#:phases>:  Remove add-bridges.
    setenv, copy-firefox-locales: Update MOZ_CHROME_MULTILOCALE to the
     new %torbrowser-locales format.
    copy-basebrowser-locales, copy-torbrowser-locales: Likewise and adjust
     fluent file path.
    deploy-fonts: Adjust regex expression.
    autoconfig: Remove file-picker configuration workaround. See #71181.

Change-Id: Idf182607798d9111c30db63fe926b7f8cb3ce300
---
 gnu/packages/tor-browsers.scm | 141 +++++++++++++++-------------------
 1 file changed, 60 insertions(+), 81 deletions(-)

Hi André,

This all looks good to me.  I built and ran both browsers and they 
seem to be working how I’d expect.

My only question is around the locale handling -- (gnu packages 
gnuzilla) has a setup for these which I was able to reuse for 
LibreWolf.  Is that possible for mullvad and torbrowser?  It would 
be nice to have a unified way of handling this, instead of each 
browser implementing its own strategy.

That work can follow the merge of this patch series, but I think 
it’s worth discussing.

Thanks,

  — Ian

André Batista <nandre@riseup.net> writes:

> Fixes CVEs 2024-6600, 2024-6601, 2024-6602, 2024-6603, 
> 2024-6604,
> 2024-7519, 2024-7521, 2024-7522, 2024-7524, 2024-7525, 
> 2024-7526,
> 2024-7527, 2024-7529, 2024-7531, 2024-8381, 2024-8382, 2024-8383 
> and
> 2024-8384.
>
> See the Mozilla Foundation Security advisories
> <https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/>,
> <https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/> 
> and
> <https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/>
> for details.
>
> * gnu/packages/tor-browsers.scm (%torbrowser-build-date): Update 
> to
> 20240903073000.
> (%torbrowser-version): Update to 13.5.3.
> (%torbrowser-firefox-version): Update to 
> 115.15.0esr-13.5-1-build3.
> (%torbrowser-locales): Change it to be a plain list of supported 
> locales.
> (firefox-locales): New variable.
> (torbrowser-translation-base): Update to
> daed2afc487d1b20efc17feb153156524c6f714b.
> (torbrowser-translation-specific): Update to
> 6374e3b09c0894b8452fa1ba0b99c807722fc805.
> (lld-as-ld-wrapper-16): New variable.
> (make-torbrowser)[native-inputs]: Add lld-as-ld-wrapper-16. Use
> llvm-16 and clang-16.
>   [inputs]: Add firefox-locales.
>   [arguments] <#:phases>:  Remove add-bridges.
>     setenv, copy-firefox-locales: Update MOZ_CHROME_MULTILOCALE 
>     to the
>      new %torbrowser-locales format.
>     copy-basebrowser-locales, copy-torbrowser-locales: Likewise 
>     and adjust
>      fluent file path.
>     deploy-fonts: Adjust regex expression.
>     autoconfig: Remove file-picker configuration workaround. See 
>     #71181.
>
> Change-Id: Idf182607798d9111c30db63fe926b7f8cb3ce300
> ---
>  gnu/packages/tor-browsers.scm | 141 
>  +++++++++++++++-------------------
>  1 file changed, 60 insertions(+), 81 deletions(-)
>
> diff --git a/gnu/packages/tor-browsers.scm 
> b/gnu/packages/tor-browsers.scm
> index ba6bbaa873..180dae6317 100644
> --- a/gnu/packages/tor-browsers.scm
> +++ b/gnu/packages/tor-browsers.scm
> @@ -21,7 +21,7 @@
>  ;;; Copyright © 2021 Baptiste Strazzul <bstrazzull@hotmail.fr>
>  ;;; Copyright © 2022 SeerLite <seerlite@disroot.org>
>  ;;; Copyright © 2024 Aleksandr Vityazev <avityazew@gmail.com>
> -;;; Copyright © 2020, 2021 André Batista <nandre@riseup.net>
> +;;; Copyright © 2020, 2021, 2024 André Batista 
> <nandre@riseup.net>
>  ;;;
>  ;;; This file is part of GNU Guix.
>  ;;;
> @@ -104,63 +104,48 @@ (define-syntax-rule (mozilla-locales 
> (hash-string changeset locale) ...)
>    #~(list (cons #$locale #$(mozilla-locale locale changeset 
>    hash-string))
>            ...))
>  
> -;; See tor-browser-build/rbm.conf for the list.
> -;; See browser/locales/l10n-changesets.json for the changeset.
> -;; See update-mozilla-locales in gnuzilla.scm to automate 
> updating changeset.
> -(define %torbrowser-locales
> -  (mozilla-locales
> -   ;;                      sha256 
> changeset    locale
> - 
> ;;---------------------------------------------------------------------------
> -   ("1218mldjxybhgzdi0myzkwjr2fgnysl71pl847kr7wyn1j8wk3a5" 
> "c25d00080479" "ar")
> -   ("11c96jhfzd3h46qhblhvn2acsn895ykynarai8r5pf0655nfjs0j" 
> "2de60e3d6d0c" "ca")
> -   ("0yhycgb3s3kydbzy6f2q7f7g2lp975spr092prf9xp8ha62ghby7" 
> "609edd15f9a9" "cs")
> -   ("1kzx94n36c5vv954j7w65djvb37c178zazy25b35l71q2rvhmlhj" 
> "2197a99c9a08" "da")
> -   ("13h7hk11bbd0yq8gqdv7ndbizkgwlm3ybz225l3x2b5cnyjxyg14" 
> "b7a533e5edc9" "de")
> -   ("13ay27vdrqfv2ysyi7c2jmz50lps7rff9rmnws1z7jkj0a5chwrn" 
> "20baf15379d8" "el")
> -   ("0mdr5b6pqxjmg9c8064x3hpf53h6w9j8ghl32655sx9jh4v3ykza" 
> "beff1baac7c5" "es-ES")
> -   ("1pnyg09j6r15w8m62lwj89x6rz4br877z60p8s1hlrb9hj2s3vdx" 
> "ebe0b60b0b36" "fa")
> -   ("067r505626cvlrsalnndf2ykz3nnkiy0b8yaxzf1rracpzmp0hni" 
> "d5ae6a933d71" "fi")
> -   ("0026zzjv2bqc8sg06yvyd0mhny6mwwvhpvzjrhv2fi5v4wkxapdj" 
> "496c2eb73b82" "fr")
> -   ("1dxcp26y8siap4k54zsw7mqa7k0l4f1505rdf4hnnxrzf9a643g5" 
> "2fcccb5b19b3" "ga-IE")
> -   ("14v6xnlyj65hzaz2rmzxcl4skjgm48426jgr9mwkwiqis587lp4a" 
> "c53cea027f8f" "he")
> -   ("04fdw2gzb64fb51bvs0bwsidzlvkdahmcy76vdg3gfcxslnlpi3y" 
> "5a76dd3b5d5c" "hu")
> -   ("0bpyxpclfy74bcsjrs1ajh2am4zv6j6j9q4gc4vz8pgvzy9354zp" 
> "6e6de17dcac4" "id")
> -   ("131ph8n235kr6nj1pszk0m00nh6kl360r4qvx4hjm8s22mw0k8qd" 
> "536265635dfe" "is")
> -   ("03fbp4vgkwyimfmbm4n8blx1m16yhms2wm8j4wlx2h3cpxp5r71k" 
> "91951e37e2b8" "it")
> -   ("0ncm531d7ih7phcn9d83zwq0dfphvmzg3gmhqmrrkkbydi1g3pbb" 
> "895dcf8bb524" "ja")
> -   ("1x3110v730ak522zfm8j3r3v1x5lq3ig82kcgyxkc49xywajy0ni" 
> "d0819a64fc40" "ka")
> -   ("14rc9mr4ngxdzwpjagzhz47jazgp1a6vwb0vbwj31yxv9iwkrgzi" 
> "6ef881aff44b" "ko")
> -   ("1gl85z550amhbaxp39zdj6yyvashj9xd4ampfhm9jdpbf6n5j2l8" 
> "afcbc29a15e5" "lt")
> -   ("1hz5g3iprfkbd88ncppyksbhlws73lhs75nf62hangw8l73wdn69" 
> "84f3d6c7e2da" "mk")
> -   ("14aq37ngnav5m2kcb4wavxwhp28ad4jzdkzc7i64h0qvvxq5n3hf" 
> "c9ec27a5db3d" "ms")
> -   ("0h7dlnawm5mbcx4qdlz5c7n4axz2dpa677v13ljdgm2b5w76msmq" 
> "5c1480ccc040" "my")
> -   ("1b12azc1n8j1i2l20v66r74q79zqjvc5sf9pd8rmj3xd0fkxzdp2" 
> "fc1896a0a24d" "nb-NO")
> -   ("1fh4dhlb6hynlpb2997gssv9v8zk5b7qrw0sclggczb5pcpjk6wc" 
> "7e6da4f01bdb" "nl")
> -   ("1w8x3jjrd28f6g6ywwxldizpiipfkr63dzqd74kjpg24s2lqzp80" 
> "e86a451a9cb5" "pl")
> -   ("1v3v4n82sn7a4h2d9n653fmgc31mikacf59lvdj6gbwvzpjb5yfa" 
> "94c3dbb67a5d" "pt-BR")
> -   ("061a4z0lffgks3wlr6yh5z7x9arcn804mjwvffcmibs106vzamyq" 
> "470b13b5805b" "ro")
> -   ("1fxgh7nfxpg2zknvfff8igq9q1vm5n4q033v7lm2c0xn3dbl8m28" 
> "402b2ecbf04d" "ru")
> -   ("1i119g6dnhzxmpaz5r2jr9yzm1v24v2q6m3z6bfz2yihj0w7m133" 
> "f637484e72b6" "sq")
> -   ("1nllh3ax323sxwhj7xvwvbfnh4179332pcmpfyybw1vaid3nr39k" 
> "bb2d5d96d69e" "sv-SE")
> -   ("136m68fd0641k3qqmsw6zp016cvvd0sipsyv6rx2b9nli56agz57" 
> "0e6c56bf2ac9" "th")
> -   ("0q8p8bwq8an65yfdwzm4dhl6km68r83bv5i17kay2gak8msxxhsb" 
> "91e611ae3f19" "tr")
> -   ("1f2g7rnxpr2gjzngfsv19g11vk9zqpyrv01pz07mw2z3ffbkxf0j" 
> "99d5ffa0b81e" "uk")
> -   ("1rizwsfgr7vxm31bin3i7bwhcqa67wcylak3xa387dvgf1y9057i" 
> "5fd44724e22d" "vi")
> -   ("02ifa94jfii5f166rwdvv8si3bazm4bcf4qhi59c8f1hxbavb52h" 
> "081aeb1aa308" "zh-CN")
> -   ("0qx9sh56pqc2x5qrh386cp1fi1gidhcmxxpvqkg9nh2jbizahznr" 
> "9015a180602e" "zh-TW")))
> -
>  ;; We copy the official build id, which is defined at
>  ;; tor-browser-build/rbm.conf (browser_release_date).
> -(define %torbrowser-build-date "20240510190000")
> +(define %torbrowser-build-date "20240903073000")
>  
>  ;; To find the last version, look at 
>  https://www.torproject.org/download/.
> -(define %torbrowser-version "13.0.16")
> +(define %torbrowser-version "13.5.3")
>  
>  ;; To find the last Firefox version, browse
>  ;; 
>  https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
>  ;; There should be only one archive that starts with
>  ;; "src-firefox-tor-browser-".
> -(define %torbrowser-firefox-version 
> "115.12.0esr-13.0-1-build1")
> +(define %torbrowser-firefox-version 
> "115.15.0esr-13.5-1-build3")
> +
> +;; See tor-browser-build/rbm.conf for the list.
> +(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" 
> "es-ES" "fa" "fi" "fr"
> +                                  "ga-IE" "he" "hu" "id" "is" 
> "it" "ja" "ka" "ko" "lt"
> +                                  "mk" "ms" "my" "nb-NO" "nl" 
> "pl" "pt-BR" "ro" "ru"
> +                                  "sq" "sv-SE" "th" "tr" "uk" 
> "vi" "zh-CN" "zh-TW"))
> +
> +;; See browser/locales/l10n-changesets.json for the commit.
> +(define firefox-locales
> +  (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f")
> +        (revision "0"))
> +    (package
> +      (name "firefox-locales")
> +      (version (git-version "0.0.0" revision commit))
> +      (source
> +        (origin
> +          (method git-fetch)
> +          (uri (git-reference
> +                (url 
> "https://github.com/mozilla-l10n/firefox-l10n")
> +                (commit commit)))
> +          (file-name (git-file-name name version))
> +          (sha256
> +           (base32
> + 
> "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1"))))
> +      (build-system copy-build-system)
> +      (home-page 
> "https://github.com/mozilla-l10n/firefox-l10n")
> +      (synopsis "Firefox Locales")
> +      (description "This package contains localized messages 
> for all
> +Firefox locales.")
> +      (license license:mpl2.0))))
>  
>  ;; See tor-browser-build/projects/translation/config.
>  (define torbrowser-translation-base
> @@ -168,11 +153,11 @@ (define torbrowser-translation-base
>      (method git-fetch)
>      (uri (git-reference
>            (url 
>            "https://gitlab.torproject.org/tpo/translation.git")
> -          (commit "f28525699864f4e3d764c354130bd898ce5b20aa")))
> +          (commit "daed2afc487d1b20efc17feb153156524c6f714b")))
>      (file-name "translation-base-browser")
>      (sha256
>       (base32
> - 
> "1vf6nl7fdmlmg2gskf3w1xlsgcm0pxi54z2daz5nwr6q9gyi0lkf"))))
> + 
> "0psmmgw9dnjwdhjbqkd69q5q7sdwyjcwagh93ffrjk0v7ybc79dq"))))
>  
>  ;; See tor-browser-build/projects/translation/config.
>  (define torbrowser-translation-specific
> @@ -180,11 +165,11 @@ (define torbrowser-translation-specific
>      (method git-fetch)
>      (uri (git-reference
>            (url 
>            "https://gitlab.torproject.org/tpo/translation.git")
> -          (commit "b5d79336411e5a59c4861341ef9aa7353e0bcad9")))
> +          (commit "6374e3b09c0894b8452fa1ba0b99c807722fc805")))
>      (file-name "translation-tor-browser")
>      (sha256
>       (base32
> - 
> "0ahz69pxhgik7ynmdkbnx7v5l2v392i6dswjz057g4hwnd7d34fb"))))
> + 
> "1wd9iwcj2h70bp017pcdhgfiw2bs8zi68kljmpnk69pssd6cn8l3"))))
>  
>  (define torbrowser-assets
>    ;; This is a prebuilt Torbrowser from which we take the 
>    assets we need.
> @@ -200,7 +185,7 @@ (define torbrowser-assets
>           version "/tor-browser-linux-x86_64-" version 
>           ".tar.xz"))
>         (sha256
>          (base32
> - 
> "1kffam66bsaahzx212hw9lb03jwfr24hivzg067iyzilsldpc9c1"))))
> + 
> "0laz6yrm310iidddnas2w1s5wad183n9axjkgrf5cm5paj615343"))))
>      (arguments
>       (list
>        #:install-plan
> @@ -215,6 +200,10 @@ (define torbrowser-assets
>  Browser.")
>      (license license:silofl1.1)))
>  
> +;;; A LLD wrapper that can be used as a (near) drop-in 
> replacement to GNU ld.
> +(define lld-as-ld-wrapper-16
> +  (make-lld-wrapper lld-16 #:lld-as-ld? #t))
> +
>  (define* (make-torbrowser #:key
>                            moz-app-name
>                            moz-app-remotingname
> @@ -238,10 +227,11 @@ (define* (make-torbrowser #:key
>           ".tar.xz"))
>         (sha256
>          (base32
> - 
> "1b70zyjyai6kk4y1kkl8jvrs56gg7z31kkad6bmdpd8jw4n71grx"))))
> + 
> "13b9ni6anv279drhbb5m95nnmgslrp6frsm0y4028nfqiprs7vj5"))))
>      (build-system mozilla-build-system)
>      (inputs
>       (list 
>       go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
> +           firefox-locales
>             tor-client
>             alsa-lib
>             bash-minimal                 ;for wrap-program
> @@ -293,8 +283,9 @@ (define* (make-torbrowser #:key
>        rust
>        `(,rust "cargo")
>        rust-cbindgen
> -      llvm-15
> -      clang-15
> +      lld-as-ld-wrapper-16  ; for cargo rustc
> +      llvm-16
> +      clang-16
>        perl
>        node-lts
>        python-wrapper
> @@ -541,7 +532,7 @@ (define (runpaths-of-input label)
>                (setenv "MOZBUILD_STATE_PATH"
>                        (in-vicinity (getcwd) ".mozbuild"))
>                (setenv "MOZ_CHROME_MULTILOCALE"
> -                      (string-join (map car #$locales)))
> +                      (string-join (list #$@locales)))
>                ;; Make build reproducible.
>                (setenv "MOZ_BUILD_DATE" #$build-date)))
>            (add-before 'configure 'mozconfig
> @@ -555,14 +546,14 @@ (define (runpaths-of-input label)
>            ;; See tor-browser-build/projects/firefox/build.
>            (add-before 'configure 'copy-firefox-locales
>              (lambda _
> -              (let ((l10ncentral ".mozbuild/l10n-central"))
> +              (let ((l10ncentral ".mozbuild/l10n-central")
> +                    (ff-locales #$(this-package-input 
> "firefox-locales")))
>                  (mkdir-p l10ncentral)
>                  (for-each
>                   (lambda (lang)
> -                   (copy-recursively (cdr lang)
> -                                     (in-vicinity l10ncentral
> -                                                  (car lang))))
> -                 #$locales))))
> +                   (copy-recursively (string-append ff-locales 
> "/" lang)
> +                                     (in-vicinity l10ncentral 
> lang)))
> +                 (list #$@locales)))))
>            (add-after 'copy-firefox-locales 
>            'copy-basebrowser-locales
>              (lambda _
>                (let ((l10ncentral ".mozbuild/l10n-central"))
> @@ -577,7 +568,7 @@ (define (runpaths-of-input label)
>                       #f (string-join
>                           '("mv"
>                             "translation-base-browser/~a/base-browser.ftl"
> -                           "~a/~a/browser/browser/"))
> +                           "~a/~a/toolkit/toolkit/global/"))
>                       lang l10ncentral lang))
>                     (system
>                      (format
> @@ -586,7 +577,7 @@ (define (runpaths-of-input label)
>                             "translation-base-browser/~a/*"
>                             "~a/~a/browser/chrome/browser/"))
>                       lang l10ncentral lang)))
> -                 (map car #$locales)))))
> +                 (list #$@locales)))))
>            (add-after 'copy-basebrowser-locales 
>            'copy-torbrowser-locales
>              (lambda _
>                (let ((l10ncentral ".mozbuild/l10n-central"))
> @@ -601,7 +592,7 @@ (define (runpaths-of-input label)
>                       #f (string-join
>                           '("mv"
>                             "translation-tor-browser/~a/tor-browser.ftl"
> -                           "~a/~a/browser/browser/"))
> +                           "~a/~a/toolkit/toolkit/global/"))
>                       lang l10ncentral lang))
>                     (system
>                      (format
> @@ -623,7 +614,7 @@ (define (runpaths-of-input label)
>                       (format port "  locale/~a/ 
>                       (chrome/locale/~a/*)~%"
>                               lang lang)
>                       (close port)))
> -                 (map car #$locales)))))
> +                 (list #$@locales)))))
>            (replace 'configure
>              (lambda _
>                (invoke "./mach" "configure")))
> @@ -632,14 +623,6 @@ (define (runpaths-of-input label)
>                (substitute*
>                    "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
>                  (("addons.mozilla.org") "gnuzilla.gnu.org"))))
> -          (add-before 'build 'add-bridges ;see deploy.sh
> -            (lambda _
> -              (let ((port (open-file
> - 
> "browser/app/profile/000-tor-browser.js" "a")))
> -                (display
> -                 "#include 
> ../../../tools/torbrowser/bridges.js" port)
> -                (newline port)
> -                (close port))))
>            (replace 'build
>              (lambda* (#:key (make-flags '()) (parallel-build? 
>              #t)
>                        #:allow-other-keys)
> @@ -739,7 +722,7 @@ (define (runpaths-of-input label)
>                  (copy-recursively (in-vicinity #$assets 
>                  "fontconfig")
>                                    (in-vicinity lib 
>                                    "fontconfig"))
>                  (substitute* (in-vicinity lib 
>                  "fontconfig/fonts.conf")
> -                  (("<dir>fonts</dir>")
> +                  (("<dir prefix=\"cwd\">fonts</dir>")
>                     (format #f "<dir>~a</dir>" (in-vicinity lib 
>                     "fonts"))))
>                  (delete-file-recursively (in-vicinity lib 
>                  "fonts"))
>                  (copy-recursively (in-vicinity #$assets 
>                  "fonts")
> @@ -805,11 +788,7 @@ (define (runpaths-of-input label)
>                              "https://gnuzilla.gnu.org/mozzarella")
>                      (format #t "pref(~s, ~s);~%"
>                              "lightweightThemes.getMoreURL"
> - 
> "https://gnuzilla.gnu.org/mozzarella")
> -                    ;; FIXME: 
> https://github.com/NixOS/nixpkgs/issues/307095
> -                    (format #t "pref(~s, ~a);~%"
> - 
> "widget.use-xdg-desktop-portal.file-picker"
> -                            "1"))))))
> + 
> "https://gnuzilla.gnu.org/mozzarella"))))))
>            (add-after 'autoconfig 'autoconfig-tor
>              (lambda* (#:key inputs #:allow-other-keys)
>                (let ((lib (in-vicinity #$output 
>                "lib/torbrowser"))

Hi Ian,

sex 06 set 2024 às 08:05:28 (1725620728), ian@retrospec.tv enviou:
> 
> This all looks good to me.  I built and ran both browsers and they seem to
> be working how I’d expect.

Great, thanks!

> My only question is around the locale handling -- (gnu packages gnuzilla)
> has a setup for these which I was able to reuse for LibreWolf.  Is that
> possible for mullvad and torbrowser?  It would be nice to have a unified way
> of handling this, instead of each browser implementing its own strategy.
> 

I'm not sure I understand why you think this to be desirable, could you
elaborate?

I'm also not sure if this is possible (without incuring in glitches) and
in my opinion this is not desirable for both torbrowser and mullvad
because:

I. Both these browsers have modified pristine firefox in a number of
non-trivial ways. Eg.: if you go to about:preferences you will see that
there are various user settings which are specific to this browsers or
even when you first launch torbrowser the connection settings page is
unknown to firefox. I believe that's the reason why these browsers do
not support 'all-mozilla-locales', but just a subset which has been
worked upon by the torproject.

II. In order to avoid guix users having a different fingerprint, we try
to be as close as possible to what upstream does. I'm not sure if locale
version could be somehow infered from the network, but I guess using the
same version is the safest bet;

III. Currently on guix master, these browsers are using code copied from
gnuzilla.scm, but with a subset of locales and different changesets
that are based on torproject settings. However, torproject has moved
from mercurial to the unified github firefox locales[1] which has
immensily simplified the work required to update the changesets (now
actually commits) and all locales supported on those browsers now have
only one commit, instead of various changesets on single locale repos;

IV. Moreover, I believe mozilla itself is on the way of deprecating
mercurial l10n-central in favor of firefox-locales git repo, since
this is where all work has been happening[2], while l10n-central has
stopped at 2024-07-10[2]. So probably in a not so distant future
gnuzilla will have to move on to that as well.

So I stand by the changes proposed on this patch series, at least as
things stand.

Thanks!

1. https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/55ad6ca216c086fb297af456ed0606ab88c1acdc
2. https://github.com/mozilla-l10n/firefox-l10n
3. https://hg.mozilla.org/l10n-central/

Hi André,

André Batista <nandre@riseup.net> writes:

> Hi Ian,
>
> sex 06 set 2024 às 08:05:28 (1725620728), ian@retrospec.tv 
> enviou:
>> 
>> This all looks good to me.  I built and ran both browsers and 
>> they seem to
>> be working how I’d expect.
>
> Great, thanks!
>
>> My only question is around the locale handling -- (gnu packages 
>> gnuzilla)
>> has a setup for these which I was able to reuse for LibreWolf. 
>> Is that
>> possible for mullvad and torbrowser?  It would be nice to have 
>> a unified way
>> of handling this, instead of each browser implementing its own 
>> strategy.
>> 
>
> I'm not sure I understand why you think this to be desirable, 
> could you
> elaborate?
>

There’s a lot of duplication between the Firefox-derived browsers 
in Guix, and I think it would be good to reduce it where it makes 
sense.  Because the locales are a separate package used as an 
input, this seems like a part of them which could be handled in a 
uniform way, to the benefit of all (assuming they use the same 
locale data).


> I'm also not sure if this is possible (without incuring in 
> glitches) and
> in my opinion this is not desirable for both torbrowser and 
> mullvad
> because:
>
> I. Both these browsers have modified pristine firefox in a 
> number of
> non-trivial ways. Eg.: if you go to about:preferences you will 
> see that
> there are various user settings which are specific to this 
> browsers or
> even when you first launch torbrowser the connection settings 
> page is
> unknown to firefox. I believe that's the reason why these 
> browsers do
> not support 'all-mozilla-locales', but just a subset which has 
> been
> worked upon by the torproject.
>

I see, now that I read the patch more closely, it looks like the 
upstream locale data wasn’t being used, despite reusing the 
`mozilla-locale' code from Gnuzilla.

> II. In order to avoid guix users having a different fingerprint, 
> we try
> to be as close as possible to what upstream does. I'm not sure 
> if locale
> version could be somehow infered from the network, but I guess 
> using the
> same version is the safest bet;
>
> III. Currently on guix master, these browsers are using code 
> copied from
> gnuzilla.scm, but with a subset of locales and different 
> changesets
> that are based on torproject settings. However, torproject has 
> moved
> from mercurial to the unified github firefox locales[1] which 
> has
> immensily simplified the work required to update the changesets 
> (now
> actually commits) and all locales supported on those browsers 
> now have
> only one commit, instead of various changesets on single locale 
> repos;
>

This makes sense to me with the additonal context.


> IV. Moreover, I believe mozilla itself is on the way of 
> deprecating
> mercurial l10n-central in favor of firefox-locales git repo, 
> since
> this is where all work has been happening[2], while l10n-central 
> has
> stopped at 2024-07-10[2]. So probably in a not so distant future
> gnuzilla will have to move on to that as well.
>

I wasn’t aware of this, but that’s great news, as it’ll make 
reproducible builds much easier.  Thank you for letting me know.


> So I stand by the changes proposed on this patch series, at 
> least as
> things stand.
>

Makes sense.  I’m still in favor of merging them.  Thank you for 
taking the time to explain.

Thanks,

  — Ian

Hello,

Ian Eure <ian@retrospec.tv> skribis:

> This all looks good to me.  I built and ran both browsers and they
> seem to be working how I’d expect.

Based on your feedback I applied v5 of this patch series.  Thanks to the
two of you!

BTW, one of you might want to consider applying for commit rights to
speed up the process of applying patches in your scope.  Mark H Weaver
does have commit rights but he tends to pay less attention to email.

Thanks,
Ludo’.