Hi!
I think the best list to discuss Tor Browser build problems is the tbb-dev@lists.torproject.org list, so I'm anwsering there.
On Fri, 15 Nov 2019, Thomas Klausner wrote:
Hi!
I wanted to build firefox-tor-browser-68.2.0esr-9.0-1-build2 (torbrowser 9.0.1) on NetBSD from the source tarball, but I stumbled over a couple problems.
The first one, .mozconfig contains --disable-eme but configure doesn't like it:
mozbuild.configure.options.InvalidOptionError: --disable-eme is not available in this configuration
Is this a NetBSD-specific issue or more general?
In our linux, windows, macOS .mozconfigs we have the line:
ac_add_options --disable-eme
But I don't remember seeing this error, so it looks NetBSD-specific.
The second one:
--- begin --- The error occurred while processing the following file:
/scratch/security/tor-browser/work/firefox-tor-browser-68.2.0esr-9.0-1-build2/browser/extensions/moz.build
The underlying problem is we referenced a path that does not exist. That path is:
/scratch/security/tor-browser/work/firefox-tor-browser-68.2.0esr-9.0-1-build2/browser/extensions/tor-launcher/moz.build
Either create the file if it needs to exist or do not reference it. --- end ---
The directory browser/extensions/tor-launcher does not exist in the tarball, which looks like a problem with the tarball to me.
This is a change from this ticket: https://trac.torproject.org/projects/tor/ticket/28044
So you can either download tor-launcher, and extract it under browser/extensions, renaming the tor-launcher-$version directory to tor-launcher: https://dist.torproject.org/torbrowser/9.0.1/src-tor-launcher-0.2.20.2.tar.x... https://dist.torproject.org/torbrowser/9.0.1/src-tor-launcher-0.2.20.2.tar.x...
Or you can build without tor-launcher by adding "ac_add_options --disable-tor-launcher" to the .mozconfig.
Nicolas
On Mon, Dec 02, 2019 at 03:43:37PM +0100, Nicolas Vigier wrote:
Hi!
I think the best list to discuss Tor Browser build problems is the tbb-dev@lists.torproject.org list, so I'm anwsering there.
On Fri, 15 Nov 2019, Thomas Klausner wrote:
Hi!
I wanted to build firefox-tor-browser-68.2.0esr-9.0-1-build2 (torbrowser 9.0.1) on NetBSD from the source tarball, but I stumbled over a couple problems.
The first one, .mozconfig contains --disable-eme but configure doesn't like it:
mozbuild.configure.options.InvalidOptionError: --disable-eme is not available in this configuration
Is this a NetBSD-specific issue or more general?
In our linux, windows, macOS .mozconfigs we have the line:
ac_add_options --disable-eme
But I don't remember seeing this error, so it looks NetBSD-specific.
So where are the valid flags per OS defined?
The second one:
--- begin --- The error occurred while processing the following file:
/scratch/security/tor-browser/work/firefox-tor-browser-68.2.0esr-9.0-1-build2/browser/extensions/moz.build
The underlying problem is we referenced a path that does not exist. That path is:
/scratch/security/tor-browser/work/firefox-tor-browser-68.2.0esr-9.0-1-build2/browser/extensions/tor-launcher/moz.build
Either create the file if it needs to exist or do not reference it. --- end ---
The directory browser/extensions/tor-launcher does not exist in the tarball, which looks like a problem with the tarball to me.
This is a change from this ticket: https://trac.torproject.org/projects/tor/ticket/28044
So you can either download tor-launcher, and extract it under browser/extensions, renaming the tor-launcher-$version directory to tor-launcher: https://dist.torproject.org/torbrowser/9.0.1/src-tor-launcher-0.2.20.2.tar.x... https://dist.torproject.org/torbrowser/9.0.1/src-tor-launcher-0.2.20.2.tar.x...
Or you can build without tor-launcher by adding "ac_add_options --disable-tor-launcher" to the .mozconfig.
What do you recommend? I'm unclear on what tor-launcher does.
Thanks, Thomas
On Mon, 02 Dec 2019, Thomas Klausner wrote:
This is a change from this ticket: https://trac.torproject.org/projects/tor/ticket/28044
So you can either download tor-launcher, and extract it under browser/extensions, renaming the tor-launcher-$version directory to tor-launcher: https://dist.torproject.org/torbrowser/9.0.1/src-tor-launcher-0.2.20.2.tar.x... https://dist.torproject.org/torbrowser/9.0.1/src-tor-launcher-0.2.20.2.tar.x...
Or you can build without tor-launcher by adding "ac_add_options --disable-tor-launcher" to the .mozconfig.
What do you recommend? I'm unclear on what tor-launcher does.
tor-launcher is the part that is responsible for configuring and launching the tor daemon that is included with Tor Browser.
So I think it depends how you plan to use the browser. If you plan to use it with a system tor daemon (not started by the browser), then building without tor-launcher might be an option. However I don't know if that really works, or if we have things depending on tor-launcher being there. An other option would be to include tor-launcher but disable it by setting the TOR_SKIP_LAUNCH environment variable to 1.
On Mon, Dec 02, 2019 at 06:44:25PM +0100, Nicolas Vigier wrote:
On Mon, 02 Dec 2019, Thomas Klausner wrote:
This is a change from this ticket: https://trac.torproject.org/projects/tor/ticket/28044
So you can either download tor-launcher, and extract it under browser/extensions, renaming the tor-launcher-$version directory to tor-launcher: https://dist.torproject.org/torbrowser/9.0.1/src-tor-launcher-0.2.20.2.tar.x... https://dist.torproject.org/torbrowser/9.0.1/src-tor-launcher-0.2.20.2.tar.x...
Or you can build without tor-launcher by adding "ac_add_options --disable-tor-launcher" to the .mozconfig.
What do you recommend? I'm unclear on what tor-launcher does.
tor-launcher is the part that is responsible for configuring and launching the tor daemon that is included with Tor Browser.
So I think it depends how you plan to use the browser. If you plan to use it with a system tor daemon (not started by the browser), then building without tor-launcher might be an option. However I don't know if that really works, or if we have things depending on tor-launcher being there. An other option would be to include tor-launcher but disable it by setting the TOR_SKIP_LAUNCH environment variable to 1.
I tried enabling it (by moving it in the correct location, with tor-browser 9.0.6 and tor-launcher-0.2.20.5) but when I start such a tor-browser, I see:
=== Window 1 === Tor Launcher
Unable to start Tor.
The Tor executable is missing.
(OK)
== Window 2 ====
Wait for Tor to start...
For assistance, visit support.torproject.org/#connectingtotor
(Quit)
and then it hangs.
tor is in $PATH, and I have tor already running on that machine, both on 9050 and 9150.
tor-launcher doesn't seem helpful in my use case (packaging for pkgsrc):
1. it doesn't find tor even though it's in $PATH 2. it doesn't notice a running tor
Is this something for which I should open bug reports?
I guess I'll disable it for the package.
One other thing: When I start tor-browser with TOR_SKIP_LAUNCH=1, I see
"Something Went Wrong!" Tor is not working in this browser.
but when I enter an .onion address, it works fine. What's up with that?
Cheers, Thomas
On 3/13/20 12:47 PM, Thomas Klausner wrote:
I tried enabling it (by moving it in the correct location, with tor-browser 9.0.6 and tor-launcher-0.2.20.5) but when I start such a tor-browser, I see:
=== Window 1 === Tor Launcher
Unable to start Tor.
The Tor executable is missing.
(OK)
== Window 2 ====
Wait for Tor to start...
For assistance, visit support.torproject.org/#connectingtotor
(Quit)
and then it hangs.
tor is in $PATH, and I have tor already running on that machine, both on 9050 and 9150.
tor-launcher doesn't seem helpful in my use case (packaging for pkgsrc):
- it doesn't find tor even though it's in $PATH
- it doesn't notice a running tor
Is this something for which I should open bug reports?
I guess I'll disable it for the package.
Tor Launcher is intended to be used when Tor Browser will start and control the tor daemon, although it should be possible to have it skip the "start" task and just handle the "control" task (see below). Omitting Tor Launcher should be okay too.
One other thing: When I start tor-browser with TOR_SKIP_LAUNCH=1, I see
"Something Went Wrong!" Tor is not working in this browser.
but when I enter an .onion address, it works fine. What's up with that?
There is code inside the Torbutton portion of the browser that (unless otherwise configured) does a local check to see if the browser is configured with a SOCKS port that matches the tor configuration. There are things you can do to have it skip that check and/or to have it perform a remote check instead; see: https://gitweb.torproject.org/torbutton.git/tree/chrome/content/torbutton.js...
For example, you can set the TOR_SKIP_CONTROLPORTTEST environment variable.
If you want to keep Tor Launcher as part of the package, you may want to try using TOR_SKIP_LAUNCH combined with cookie authentication for the Tor control port. Even if you decide to omit Tor Launcher, there is some functionality provided by the Torbutton portion of the browser that requires access to the control port, e.g., new identity. This means that giving the browser access to the tor control port might be a good thing.
To use cookie authentication with Tor Launcher and/or Torbutton, set the TOR_CONTROL_COOKIE_AUTH_FILE environment variable to point to the cookie auth file that is created by your system tor. There are security considerations to think about though; for more information, see the CookieAuthentication section within the tor manual. Also, it has been a while since I tried to make this work, so if you cannot get things working please open tickets, ask here, or ask on IRC.
Thank you for your work on this and for persevering. The bottom line is that you can probably get Tor Browser and its components to do what you want, but the default behavior and the scenarios that we (Tor Browser developers) develop for are aimed at providing a self-contained bundle that includes tor. Packaging for a setup that uses a system tor is something we would like to improve upon but not something we have found much time to work on.
Nicolas Vigier:
On Fri, 15 Nov 2019, Thomas Klausner wrote:
I wanted to build firefox-tor-browser-68.2.0esr-9.0-1-build2 (torbrowser 9.0.1) on NetBSD from the source tarball, but I stumbled over a couple problems.
The first one, .mozconfig contains --disable-eme but configure doesn't like it:
mozbuild.configure.options.InvalidOptionError: --disable-eme is not available in this configuration
Is this a NetBSD-specific issue or more general?
In our linux, windows, macOS .mozconfigs we have the line:
ac_add_options --disable-eme
But I don't remember seeing this error, so it looks NetBSD-specific.
I'm pretty sure I've seen it in my WIP port of Tor Browser to Linux on ARM. Firefox ESR68 has a regression compared to ESR60, where it throws an error if you pass --disable-eme on a platform that doesn't support EME. Presumably NetBSD doesn't support EME just like Linux on ARM doesn't, so you hit that bug just like I did.
(Filing a bug for this was on my to-do list, but I hadn't gotten to it yet.)
Cheers,
On 2019-12-02 17:01, Jeremy Rand wrote:
Nicolas Vigier:
On Fri, 15 Nov 2019, Thomas Klausner wrote:
I wanted to build firefox-tor-browser-68.2.0esr-9.0-1-build2 (torbrowser 9.0.1) on NetBSD from the source tarball, but I stumbled over a couple problems.
The first one, .mozconfig contains --disable-eme but configure doesn't like it:
mozbuild.configure.options.InvalidOptionError: --disable-eme is not available in this configuration
Is this a NetBSD-specific issue or more general?
In our linux, windows, macOS .mozconfigs we have the line:
ac_add_options --disable-eme
But I don't remember seeing this error, so it looks NetBSD-specific.
I'm pretty sure I've seen it in my WIP port of Tor Browser to Linux on ARM. Firefox ESR68 has a regression compared to ESR60, where it throws an error if you pass --disable-eme on a platform that doesn't support EME. Presumably NetBSD doesn't support EME just like Linux on ARM doesn't, so you hit that bug just like I did.
I'm not sure I would consider this a regression. In the configuration file you are explicitly saying you want to disable EME, but the platform does not support EME - so how do you disable something that can not possibly be enabled? I completely agree the error message can be more helpful and clearer about why it is "not available".
We explored this error on Android, as well. The ticket has more details: https://trac.torproject.org/projects/tor/ticket/31880