Hi!
On Thu, 14 Mar 2019, Thomas Klausner wrote:
Hi!
I've updated the very outdated tor-browser package in pkgsrc (on NetBSD). I used the patches we have for firefox-60esr and one additional one (see later in this mail).
Thanks for working on this!
I have a couple of questions.
There are no tarballs. Please provide some! :)
The next Tor Browser alpha release (which will be released next week) will include source tarballs for firefox, torbutton and tor-launcher: https://trac.torproject.org/projects/tor/ticket/25876
For the stable release, this should be included in the first 8.5 stable release (currently planned for early April).
I used the git tag 'tor-browser-60.5.1esr-8.5-1-build2' but I'm not sure to which tor-browser version that corresponds. "8.5"? What is the "-1"? What is the "-build2"? What version should I call that? Is there a different tag I should have used instead?
To find the tag that we are using, you can clone tor-browser-build.git, checkout the tag for the current version, and look at git_hash in projects/firefox/config: https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/f...
So for tbb-8.0.7-build3, the tor-browser.git tag is tor-browser-60.6.0esr-8.0-2-build1.
tor-browser defaults to using socks port 9150, but tor defaults to port 9050. Why is that so? Is there an intended way (configure flag?) to change the tor-browser default?
Tor Browser includes its own tor daemon. It is using a different port so it does not conflict with the one that might be installed on the system.
It is possible to change the ports used with the TOR_SOCKS_PORT and TOR_CONTROL_PORT environment variables: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#Usingan...
It is also possible to change the pref network.proxy.socks_port in tor-browser.git/browser/app/profile/000-tor-browser.js, and extensions.torlauncher.control_port in tor-launcher.git/src/defaults/preferences/prefs.js.
I've inherited the attached patch from the previous version of the package. It changes the default directory to one in the user's home, which makes more sense to me on a Unix system where the program is installed in a public path. Would this patch be acceptable for inclusion, or what do you suggest?
I opened a ticket about this: https://trac.torproject.org/projects/tor/ticket/29790
I've tested the package by browsing random webpages, some onion sites and check.torproject.org. Is there anything else I can do test that the tor-browser package is functional and doesn't leak stuff it shouldn't?
You could go to https://fpcentral.tbb.torproject.org/fp and check that you get the same results on Linux and NetBSD.
You can also check in about:config that the prefs from browser/app/profile/000-tor-browser.js are correctly set.
Nicolas