[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Denis 'GNUtoo' Carikli
Sat, 5 Nov 2022 01:29:42 +0100
I had some data loss so I wasn't able to reply to this thread before.
I managed to make the tor-browser work in Guix proper, and I've
attached the script I used for that. It's hardcoded for i686 though so
it needs to be modified for x86_64.
Even if that works, there is a problematic issue: the tor-browser has a
potential freedom issue: on one hand it very strongly advises people
not to install any addons, on the other hand in "tools->Addons and
themes->Plugins", there is the following message:
> Get extensions and themes on addons.mozilla.org
And the issue is that that repository also contains nonfree addons.
If that address can get removed or changed, we could have something
where we could be sure that it is FSDG compliant, so we could probably
ship scripts like guix-tor-browser-installer for instance.
I've tried to find where that string is set in the binaries in the hope
of being able to make a dead simple sed script that would fix the
potential FSDG issue at least at installation time, but it didn't
> $ tar xf tor-browser-linux64-11.5.4_en-US.tar.xz
> $ grep addons.mozilla.org -r tor-browser_en-US
> tor-browser_en-US/Browser/TorBrowser/Docs/ChangeLog.txt: * Bug
> 10464: Remove addons.mozilla.org from NoScript whitelist grep:
> tor-browser_en-US/Browser/libxul.so: binary file matches
> $ strings tor-browser_en-US/Browser/libxul.so | \
> grep addons.mozilla.org
The issue is that this domain is also used for addons updates, so we
can't simply remove it blindly. We need to only remove that string in
"tools->Addons and themes->Plugins".
The advantage of patching binaries is that we don't need to rebuild it,
so we really have the tiniest amount of change possible to make it FSDG
compliant (and we can hope that it doesn't change the tor-browser
As far as I understand it should also also be OK to use binaries like
that as long as we're also able to rebuild it in an FSDG distribution
Though here the path forward is probably to dig into upstream bug
reports and see what upstream thinks about making the tor-browser FSDG
compliant and/or removing the information of where to find addons.
Description: Binary data
Description: OpenPGP digital signature
- Re: tor,
Denis 'GNUtoo' Carikli <=
- Re: tor, Gottfried, 2022/11/07
- Re: tor, Wojtek Kosior, 2022/11/07
- Re: tor, Denis 'GNUtoo' Carikli, 2022/11/07