[tor-packagers] torbrowser package on NetBSD

Nicolas Vigier boklm at mars-attacks.org
Fri Mar 15 11:40:29 UTC 2019


Hi!

On Thu, 14 Mar 2019, Thomas Klausner wrote:

> Hi!
> 
> I've updated the very outdated tor-browser package in pkgsrc (on
> NetBSD). I used the patches we have for firefox-60esr and one
> additional one (see later in this mail).

Thanks for working on this!

> 
> I have a couple of questions.
> 
> There are no tarballs. Please provide some! :)

The next Tor Browser alpha release (which will be released next week)
will include source tarballs for firefox, torbutton and tor-launcher:
https://trac.torproject.org/projects/tor/ticket/25876

For the stable release, this should be included in the first 8.5 stable
release (currently planned for early April).

> 
> I used the git tag 'tor-browser-60.5.1esr-8.5-1-build2' but I'm not
> sure to which tor-browser version that corresponds. "8.5"? What is the
> "-1"? What is the "-build2"? What version should I call that? Is there
> a different tag I should have used instead?

To find the tag that we are using, you can clone tor-browser-build.git,
checkout the tag for the current version, and look at git_hash in
projects/firefox/config:
https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/firefox/config?h=tbb-8.0.7-build3

So for tbb-8.0.7-build3, the tor-browser.git tag is
tor-browser-60.6.0esr-8.0-2-build1.

> tor-browser defaults to using socks port 9150, but tor defaults to
> port 9050. Why is that so? Is there an intended way (configure flag?)
> to change the tor-browser default?

Tor Browser includes its own tor daemon. It is using a different port
so it does not conflict with the one that might be installed on the
system.

It is possible to change the ports used with the TOR_SOCKS_PORT and
TOR_CONTROL_PORT environment variables:
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#UsinganExistingTorProcess

It is also possible to change the pref network.proxy.socks_port in
tor-browser.git/browser/app/profile/000-tor-browser.js, and
extensions.torlauncher.control_port in
tor-launcher.git/src/defaults/preferences/prefs.js.

> I've inherited the attached patch from the previous version of the
> package. It changes the default directory to one in the user's home,
> which makes more sense to me on a Unix system where the program is
> installed in a public path. Would this patch be acceptable for
> inclusion, or what do you suggest?

I opened a ticket about this:
https://trac.torproject.org/projects/tor/ticket/29790

> 
> I've tested the package by browsing random webpages, some onion sites
> and check.torproject.org. Is there anything else I can do test that
> the tor-browser package is functional and doesn't leak stuff it
> shouldn't?

You could go to https://fpcentral.tbb.torproject.org/fp and check that
you get the same results on Linux and NetBSD.

You can also check in about:config that the prefs from
browser/app/profile/000-tor-browser.js are correctly set.

Nicolas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-packagers/attachments/20190315/5485f33a/attachment.sig>


More information about the tor-packagers mailing list