[tor-dev] TBB Gentoo ebuild

Alessandro Di Federico ale at clearmind.me
Sun Aug 12 17:21:07 UTC 2012


Hi, I'm trying to put up an ebuild for the Tor Browser Bundle for
Gentoo. As you may know an ebuild is a script which automates the build
of a certain application. We already have something in Portage [2] (the
official ebuild repository) but it's in an experimental state and we
want to make sure that it's something useful and not harmful.

So I'd like to know your opinion about the idea as whole (is it a good
idea at all to build by yourself the TBB instead of using the official
one?) and what could be the main problems arising in such an operation.
So:

     1. Can you name a list of tools to fingerprint a browser so we can
        compare our ebuild with the official TBB?
     2. Which version should we use? We were planning to offer both the
        current official release (even if TBB for Linux is currently in
        beta) and something more recent, even if AFAIK this would be for
        testing purpose only and could weaken anonymity and
        untrackability.
     3. We plan to use the system version of the Tor client, in my
        understanding it should not be a problem to use a Tor client
        with a version different from the one officially released, but I
        could be wrong. We also plan to exclude vidalia (and the
        "0015-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch" patch).
     4. We have a different ebuild for the Firefox profile directory (so
        if it's not installed the HTTPS Everywhere plugin won't be
        installed), is this a good idea or would it be better to
        integrate them?
     5. Gentoo build system offers USE flags, which are options that
        allow to customize the way the package is built. These are the
        USE flag available for the standard Firefox ebuild in Gentoo,
        which is the base for our build of the TBB:
             1. alsa: Adds support for media-libs/alsa-lib (Advanced
                Linux Sound Architecture)
             2. bindist: Disable official Firefox branding (icons, name)
                which are not binary-redistributable according to
                upstream.
             3. custom-cflags: Build with user-specified CFLAGS
                (unsupported)
             4. custom-optimization: Fine-tune custom compiler
                optimizations, setting this is not recommended.
             5. dbus: Enable dbus support for anything that needs it
                (gpsd, gnomemeeting, etc)
             6. debug: Enable extra debug codepaths, like asserts and
                extra output. If you want to get meaningful backtraces
                see http://www.gentoo.org/proj/en/qa/backtraces.xml
             7. ipc: Use inter-process communication between tabs and
                plugins. Allows for greater stability in case of plugin
                crashes
             8. libnotify: Enable desktop notification support
             9. minimal:  Prevent sdk and headers from being installed
            10. pgo: Add support for profile-guided optimization using
                gcc-4.5, for faster binaries. This option will double
                the compile time.
            11. startup-notification: Enable application startup event
                feedback mechanism
            12. system-sqlite: Use the system-wide dev-db/sqlite
                installation with secure-delete enabled
            13. webm: Use system media-libs/libvpx for HTML5 WebM video
                support.
            14. wifi: Enable wireless network functions
        
        Looking at the TBB build script this the combination of USE
        flags to make as similar as possible to the official release
        (minus means the USE flag is disabled): -pgo -debug -bindist
        -custom-optimization -crashreporter webm ipc system-sqlite
        -wifi. I'm planning to remove the possibility to configure these
        use flags.
        Do you agree? For further details you can take a look at the
        ebuild [1], which should be understandable. Take a look also at
        the current ebuild for TBB [2].
        
Is there something else we should pay attention to in the build process
or in general?

Thanks in advance,
Alessandro Di Federico

[1] http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/www-client/firefox/firefox-10.0.6.ebuild?view=markup
    http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/eclass/mozconfig-3.eclass?view=markup
[2] http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/www-client/torbrowser/torbrowser-13.0-r1.ebuild?view=markup



More information about the tor-dev mailing list