Hi!
I've updated the very outdated tor-browser package in pkgsrc (on NetBSD). I used the patches we have for firefox-60esr and one additional one (see later in this mail).
I have a couple of questions.
There are no tarballs. Please provide some! :)
I used the git tag 'tor-browser-60.5.1esr-8.5-1-build2' but I'm not sure to which tor-browser version that corresponds. "8.5"? What is the "-1"? What is the "-build2"? What version should I call that? Is there a different tag I should have used instead?
tor-browser defaults to using socks port 9150, but tor defaults to port 9050. Why is that so? Is there an intended way (configure flag?) to change the tor-browser default?
I've inherited the attached patch from the previous version of the package. It changes the default directory to one in the user's home, which makes more sense to me on a Unix system where the program is installed in a public path. Would this patch be acceptable for inclusion, or what do you suggest?
I've tested the package by browsing random webpages, some onion sites and check.torproject.org. Is there anything else I can do test that the tor-browser package is functional and doesn't leak stuff it shouldn't?
Thanks for any feedback! Thomas
Hi!
On Thu, 14 Mar 2019, Thomas Klausner wrote:
Hi!
I've updated the very outdated tor-browser package in pkgsrc (on NetBSD). I used the patches we have for firefox-60esr and one additional one (see later in this mail).
Thanks for working on this!
I have a couple of questions.
There are no tarballs. Please provide some! :)
The next Tor Browser alpha release (which will be released next week) will include source tarballs for firefox, torbutton and tor-launcher: https://trac.torproject.org/projects/tor/ticket/25876
For the stable release, this should be included in the first 8.5 stable release (currently planned for early April).
I used the git tag 'tor-browser-60.5.1esr-8.5-1-build2' but I'm not sure to which tor-browser version that corresponds. "8.5"? What is the "-1"? What is the "-build2"? What version should I call that? Is there a different tag I should have used instead?
To find the tag that we are using, you can clone tor-browser-build.git, checkout the tag for the current version, and look at git_hash in projects/firefox/config: https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/f...
So for tbb-8.0.7-build3, the tor-browser.git tag is tor-browser-60.6.0esr-8.0-2-build1.
tor-browser defaults to using socks port 9150, but tor defaults to port 9050. Why is that so? Is there an intended way (configure flag?) to change the tor-browser default?
Tor Browser includes its own tor daemon. It is using a different port so it does not conflict with the one that might be installed on the system.
It is possible to change the ports used with the TOR_SOCKS_PORT and TOR_CONTROL_PORT environment variables: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#Usingan...
It is also possible to change the pref network.proxy.socks_port in tor-browser.git/browser/app/profile/000-tor-browser.js, and extensions.torlauncher.control_port in tor-launcher.git/src/defaults/preferences/prefs.js.
I've inherited the attached patch from the previous version of the package. It changes the default directory to one in the user's home, which makes more sense to me on a Unix system where the program is installed in a public path. Would this patch be acceptable for inclusion, or what do you suggest?
I opened a ticket about this: https://trac.torproject.org/projects/tor/ticket/29790
I've tested the package by browsing random webpages, some onion sites and check.torproject.org. Is there anything else I can do test that the tor-browser package is functional and doesn't leak stuff it shouldn't?
You could go to https://fpcentral.tbb.torproject.org/fp and check that you get the same results on Linux and NetBSD.
You can also check in about:config that the prefs from browser/app/profile/000-tor-browser.js are correctly set.
Nicolas
Hi Nicolas!
Thanks for the reply!
On Fri, Mar 15, 2019 at 12:40:29PM +0100, Nicolas Vigier wrote:
On Thu, 14 Mar 2019, Thomas Klausner wrote:
There are no tarballs. Please provide some! :)
The next Tor Browser alpha release (which will be released next week) will include source tarballs for firefox, torbutton and tor-launcher: https://trac.torproject.org/projects/tor/ticket/25876
For the stable release, this should be included in the first 8.5 stable release (currently planned for early April).
I saw that these exist now. Great! Thank you! I've switched the pkgsrc package to use them.
I'm not sure if I should package torbutton or tor-launcher.
Is torbutton included in the src-firefox-tor-browser-60.7.0esr-8.5-1-build1.tar.xz? If not, how should this be packaged exactly? (I.e. installed in a particular subdirectory of tor-browser?)
What is tor-launcher, is that torbrowser-launcher? Does that make sense on platforms where binary tor packages are not provided by the tor project?
tor-browser defaults to using socks port 9150, but tor defaults to port 9050. Why is that so? Is there an intended way (configure flag?) to change the tor-browser default?
Tor Browser includes its own tor daemon. It is using a different port so it does not conflict with the one that might be installed on the system.
It is possible to change the ports used with the TOR_SOCKS_PORT and TOR_CONTROL_PORT environment variables: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#Usingan...
It is also possible to change the pref network.proxy.socks_port in tor-browser.git/browser/app/profile/000-tor-browser.js, and extensions.torlauncher.control_port in tor-launcher.git/src/defaults/preferences/prefs.js.
tor daemon is not included in the pkgsrc package for tor-browser, it's a separate package that is installed automatically whenever tor-browser is installed (but with tor's defaults, i.e. 9050). What would you suggest is the preferred solution here, patching the two javascript files so that the standard tor daemon is used? I want to make running tor-browser as easy as possible by default.
I've inherited the attached patch from the previous version of the package. It changes the default directory to one in the user's home, which makes more sense to me on a Unix system where the program is installed in a public path. Would this patch be acceptable for inclusion, or what do you suggest?
I opened a ticket about this: https://trac.torproject.org/projects/tor/ticket/29790
Thanks. This looks like an internal discussion has started about it but fizzled out; I hope it gets resolved at some point.
Cheers, Thomas
tor-packagers@lists.torproject.org
-
Nicolas Vigier -
Thomas Klausner