├── .gitignore ├── .gitlab-ci.yml ├── Readme.md ├── app-misc ├── mat2 │ ├── Manifest │ ├── mat2-0.13.5.ebuild │ └── metadata.xml └── metadata-cleaner │ ├── Manifest │ ├── metadata-cleaner-2.5.6.ebuild │ └── metadata.xml ├── metadata └── layout.conf ├── net-proxy └── snowflake │ ├── Manifest │ ├── files │ └── snowflake-proxy.service │ ├── metadata.xml │ └── snowflake-2.11.0.ebuild ├── profiles ├── package.use.mask └── repo_name ├── torbrowser-overlay.xml └── www-client ├── torbrowser-launcher ├── Manifest ├── metadata.xml └── torbrowser-launcher-0.3.7-r1.ebuild └── torbrowser ├── Manifest ├── files ├── 99torbrowser.example ├── torbrowser.desktop └── torrc.example ├── metadata.xml └── torbrowser-128.11.0_p14503.ebuild /.gitignore: -------------------------------------------------------------------------------- 1 | metadata/md5-cache/ 2 | metadata/pkg_desc_index 3 | scripts 4 | -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | image: $CI_REGISTRY/poncho/gentoo-qa-image:latest 2 | 3 | stages: 4 | - pkgcheck 5 | 6 | variables: 7 | GIT_DEPTH: 1 8 | 9 | pkgcheck: 10 | stage: pkgcheck 11 | script: 12 | - pkgcheck --version 13 | - pkgcheck scan --exit --profiles stable 14 | -------------------------------------------------------------------------------- /Readme.md: -------------------------------------------------------------------------------- 1 | # torbrowser-overlay [![gentoo qa-reports](https://img.shields.io/badge/gentoo-QA%20check-6E56AF.svg)](https://qa-reports.gentoo.org/output/repos/torbrowser.html) [![pipeline status](https://0xacab.org/Poncho/torbrowser-overlay/badges/master/pipeline.svg)](https://0xacab.org/Poncho/torbrowser-overlay/pipelines) 2 | 3 | To add the torbrowser overlay, run `eselect repository enable torbrowser`. 4 | 5 | Install either `www-client/torbrowser-launcher` or `www-client/torbrowser`. If unsure, choose `www-client/torbrowser-launcher`. 6 | 7 | ![Tor Browser Overview](https://blog.torproject.org/new-release-tor-browser-130/130-homepage.png) 8 | 9 | 10 | ## www-client/torbrowser-launcher 11 | 12 | [Homepage](https://gitlab.torproject.org/tpo/applications/torbrowser-launcher) 13 | 14 | Tor Browser Launcher is intended to make Tor Browser easier to install and use for GNU/Linux users. You install 'torbrowser-launcher' from your distribution's package manager and it handles everything else: 15 | 16 | * Downloads and installs the most recent version of Tor Browser in your language and for your computer's architecture, or launches Tor Browser if it's already installed (Tor Browser will automatically update itself) 17 | * Certificate pins to https://www.torproject.org, so it doesn't rely on certificate authorities 18 | * Verifies Tor Browser's [signature](https://www.torproject.org/docs/verifying-signatures.html.en) for you, to ensure the version you downloaded was cryptographically signed by Tor developers and was not tampered with 19 | * Adds "Tor Browser" and "Tor Browser Launcher Settings" application launcher to your desktop environment's menu 20 | * Optionally plays a modem sound when you open Tor Browser (because Tor is so slow) 21 | 22 | 23 | ## www-client/torbrowser 24 | 25 | [Git repository](https://gitlab.torproject.org/tpo/applications/tor-browser) 26 | 27 | This Tor Browser build is **not recommended by Tor upstream** but 28 | uses the same sources. Use this only if you know what you are doing! 29 | 30 | The profile folder is located at `~/.torproject/torbrowser/`. 31 | 32 | Torbrowser uses port `9150` to connect to Tor. You can change the port 33 | in `/etc/env.d/99torbrowser` to match your setup. See 34 | [99torbrowser.example](https://github.com/MeisterP/torbrowser-overlay/blob/master/www-client/torbrowser/files/99torbrowser.example) 35 | for possible settings. 36 | You can do this either with gentoo's `/etc/env.d` 37 | [mechanism](https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/EnvVar/en#Defining_variables_globally) 38 | or on the command line. 39 | 40 | 41 | ### Advanced functionality 42 | 43 | To get the advanced functionality (network information, new identity feature, password prompts for onion services), 44 | `www-client/torbrowser` needs to access a control port and the tor service needs to run with certain options enabled. 45 | 46 | ![Tor Onion Menu ](https://blog.torproject.org/new-release-tor-browser-125/125-circuit-display.png) 47 | 48 | * If you use `www-client/torbrowser`, you need to **adjust and export** the environment variables from 49 | [99torbrowser.example](https://github.com/MeisterP/torbrowser-overlay/blob/master/www-client/torbrowser/files/99torbrowser.example). 50 | You can do this either in `/etc/env.d/99torbrowser` with gentoo's `/etc/env.d` 51 | [mechanism](https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/EnvVar/en#Defining_variables_globally) 52 | or on the command line. 53 | 54 | * If you use `www-client/torbrowser-launcher`, make sure that the environment variables in `/etc/env.d/99torbrowser` 55 | are **unset** and that you **don't** have the system wide tor running on port `9150`. 56 | 57 | * For Onion Service Authentication to work, you need to enable `ExtendedErrors` for the tor servic. 58 | See [torrc.example ](https://github.com/MeisterP/torbrowser-overlay/blob/master/www-client/torbrowser/files/torrc.example). 59 | for possible settings. 60 | 61 | 62 | ## Tor Hidden Service 63 | 64 | A hidden service of this repository is available at [wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/poncho/torbrowser-overlay) 65 | 66 | ``` 67 | git -c http.proxy=socks5h://127.0.0.1:9050 clone http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/poncho/torbrowser-overlay.git 68 | cd torbrowser-overlay 69 | git config --add remote.origin.proxy "socks5h://127.0.0.1:9050" 70 | ``` 71 | -------------------------------------------------------------------------------- /app-misc/mat2/Manifest: -------------------------------------------------------------------------------- 1 | DIST mat2-0.13.5.tar.bz2 11193802 BLAKE2B 22f3f278b72ca94ebead7c2c0809c60a752bd8f5ceee7646942d844ee653f5c19f6396382c406370d58f13c66b766ef9968598a3ce957053bbca7c0289f8c8da SHA512 2ec4d9dff8378f88c85976a3525dc51f5e09d9ad95f644904f56f29629cb4160766a4b93aea8be393acbc9513dbfe9a50433bbe3133aa9685fe8fb5c524c2c16 2 | -------------------------------------------------------------------------------- /app-misc/mat2/mat2-0.13.5.ebuild: -------------------------------------------------------------------------------- 1 | # Copyright 2018-2025 Gentoo Authors 2 | # Distributed under the terms of the GNU General Public License v2 3 | 4 | EAPI=8 5 | 6 | PYTHON_COMPAT=( python3_{10..13} ) 7 | PYTHON_REQ_USE="xml(+)" 8 | DISTUTILS_USE_PEP517=setuptools 9 | 10 | inherit distutils-r1 optfeature 11 | 12 | DESCRIPTION="Metadata Anonymisation Toolkit" 13 | HOMEPAGE="https://0xacab.org/jvoisin/mat2" 14 | SRC_URI="https://0xacab.org/jvoisin/mat2/-/archive/${PV}/${P}.tar.bz2" 15 | 16 | LICENSE="LGPL-3" 17 | SLOT="0" 18 | KEYWORDS="~amd64" 19 | 20 | RDEPEND=" 21 | app-text/poppler[introspection,cairo] 22 | dev-libs/glib:2 23 | dev-python/pycairo:0[${PYTHON_USEDEP}] 24 | dev-python/pygobject:3[cairo,${PYTHON_USEDEP}] 25 | gnome-base/librsvg[introspection] 26 | media-libs/mutagen:0[${PYTHON_USEDEP}] 27 | x11-libs/gdk-pixbuf:2[introspection,jpeg,tiff] 28 | " 29 | BDEPEND=" 30 | test? ( 31 | media-libs/exiftool:* 32 | media-video/ffmpeg[lame,vorbis] 33 | x11-libs/gdk-pixbuf:2[introspection,jpeg,tiff] 34 | ) 35 | " 36 | 37 | DOCS=( doc {CHANGELOG,CONTRIBUTING,INSTALL,README}.md ) 38 | 39 | distutils_enable_tests unittest 40 | 41 | src_test() { 42 | # Double sandboxing is not possible 43 | if ! has usersandbox ${FEATURES}; then 44 | distutils-r1_src_test 45 | fi 46 | return 0 47 | } 48 | 49 | pkg_postinst() { 50 | optfeature "misc file format support" media-libs/exiftool 51 | optfeature "sandboxing" sys-apps/bubblewrap 52 | optfeature "video support" media-video/ffmpeg 53 | } 54 | -------------------------------------------------------------------------------- /app-misc/mat2/metadata.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | poncho@spahan.ch 6 | Poncho 7 | 8 | 9 | https://0xacab.org/jvoisin/mat2/-/issues 10 | https://0xacab.org/jvoisin/mat2/-/tags?format=atom 11 | 12 | 13 | -------------------------------------------------------------------------------- /app-misc/metadata-cleaner/Manifest: -------------------------------------------------------------------------------- 1 | DIST metadata-cleaner-v2.5.6.tar.bz2 2324457 BLAKE2B 919d892063ca756ed3471de9b8a8476beda86fdfcc79417308d45b0bc8397300749d9c176042494a6890858426e90382b1ee4691dc98c30d7df70a8904825542 SHA512 9b4445dba98e8f5b9c7e5e2237dac884a1a0e6a43d159dd80a7292c735a238ea93fa1c557b8971e49b86e0415a1db4bfeecc3e3c24af042107948bba73c0eed4 2 | -------------------------------------------------------------------------------- /app-misc/metadata-cleaner/metadata-cleaner-2.5.6.ebuild: -------------------------------------------------------------------------------- 1 | # Copyright 2021-2025 Gentoo Authors 2 | # Distributed under the terms of the GNU General Public License v2 3 | 4 | EAPI=8 5 | PYTHON_COMPAT=( python3_{10..13} ) 6 | 7 | inherit gnome2-utils meson python-single-r1 8 | 9 | DESCRIPTION="Python GTK application to view and clean metadata in files, using mat2." 10 | HOMEPAGE="https://metadatacleaner.romainvigier.fr https://gitlab.com/rmnvgr/metadata-cleaner" 11 | SRC_URI="https://gitlab.com/rmnvgr/metadata-cleaner/-/archive/v${PV}/metadata-cleaner-v${PV}.tar.bz2" 12 | 13 | LICENSE="GPL-3+ CC-BY-SA-4.0" 14 | SLOT="0" 15 | KEYWORDS="~amd64" 16 | REQUIRED_USE="${PYTHON_REQUIRED_USE}" 17 | 18 | DEPEND="${PYTHON_DEPS} 19 | dev-util/itstool 20 | gui-libs/gtk:4 21 | gui-libs/libadwaita 22 | $(python_gen_cond_dep ' 23 | dev-python/pygobject[${PYTHON_USEDEP}] 24 | app-misc/mat2[${PYTHON_USEDEP}] 25 | ')" 26 | 27 | RDEPEND="${DEPEND}" 28 | 29 | S=${WORKDIR}/metadata-cleaner-v${PV} 30 | 31 | src_configure() { 32 | python_setup 33 | meson_src_configure 34 | } 35 | 36 | src_install() { 37 | meson_src_install 38 | python_optimize 39 | } 40 | 41 | pkg_postinst() { 42 | gnome2_schemas_update 43 | xdg_desktop_database_update 44 | xdg_icon_cache_update 45 | } 46 | 47 | pkg_postrm() { 48 | gnome2_schemas_update 49 | xdg_desktop_database_update 50 | xdg_icon_cache_update 51 | } 52 | -------------------------------------------------------------------------------- /app-misc/metadata-cleaner/metadata.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | poncho@spahan.ch 6 | Poncho 7 | 8 | 9 | rmnvgr/metadata-cleaner 10 | 11 | 12 | -------------------------------------------------------------------------------- /metadata/layout.conf: -------------------------------------------------------------------------------- 1 | masters = gentoo 2 | sign-manifests = false 3 | thin-manifests = true 4 | -------------------------------------------------------------------------------- /net-proxy/snowflake/Manifest: -------------------------------------------------------------------------------- 1 | DIST snowflake-v2.11.0.tar.gz 24974351 BLAKE2B 9d9876cd98e2346dde99be2fe134057743a68e9b4cb1480fa477839386188acc8c9ba789f80360ea17bdb2c995c07f76bb6782e36610bcb09cb88424fd36dc8c SHA512 801a78845cbd65967f4995b98015ddf2b2518f280beb179da6cf233d51c3dc16d0384255771f8f4e768d1c21bc8924299b541299c28eea510dcb14cdc0cb7356 2 | -------------------------------------------------------------------------------- /net-proxy/snowflake/files/snowflake-proxy.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=WebRTC pluggable transport proxy for Tor 3 | Documentation=man:snowflake-proxy 4 | Documentation=https://snowflake.torproject.org/ 5 | After=network-online.target nss-lookup.target 6 | Wants=network-online.target 7 | 8 | [Service] 9 | ExecStart=/usr/bin/snowflake-proxy 10 | Restart=on-failure 11 | 12 | # Hardening 13 | DynamicUser=true 14 | NoNewPrivileges=true 15 | 16 | [Install] 17 | WantedBy=multi-user.target 18 | -------------------------------------------------------------------------------- /net-proxy/snowflake/metadata.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | poncho@spahan.ch 6 | Poncho 7 | 8 | 9 | -------------------------------------------------------------------------------- /net-proxy/snowflake/snowflake-2.11.0.ebuild: -------------------------------------------------------------------------------- 1 | # Copyright 2022-2025 Gentoo Authors 2 | # Distributed under the terms of the GNU General Public License v2 3 | 4 | EAPI=8 5 | 6 | inherit go-module systemd 7 | 8 | JOB_ID="898266" 9 | 10 | DESCRIPTION="WebRTC pluggable transport proxy for Tor" 11 | HOMEPAGE="https://snowflake.torproject.org/ \ 12 | https://community.torproject.org/relay/setup/snowflake/standalone/ \ 13 | https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake " 14 | SRC_URI="https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/jobs/${JOB_ID}/artifacts/raw/snowflake-v${PV}.tar.gz" 15 | 16 | S=${WORKDIR}/snowflake-v${PV} 17 | 18 | LICENSE="Apache-2.0 BSD BSD-2 CC0-1.0 MIT" 19 | SLOT="0" 20 | KEYWORDS="~amd64" 21 | 22 | BDEPEND=">=dev-lang/go-1.21" 23 | 24 | src_prepare() { 25 | COMPONENTS=( 26 | broker 27 | client 28 | probetest 29 | proxy 30 | server 31 | ) 32 | 33 | sed -i -e "s|./client|/usr/bin/snowflake-client|" \ 34 | client/{torrc,torrc.localhost} \ 35 | || die "sed failed to fix torrc example" 36 | 37 | default 38 | } 39 | 40 | src_compile() { 41 | local component 42 | for component in "${COMPONENTS[@]}"; do 43 | pushd ${component} || die 44 | einfo "Building ${component}" 45 | ego build 46 | popd || die 47 | done 48 | } 49 | 50 | src_test() { 51 | ego test ./... 52 | } 53 | 54 | src_install() { 55 | local component 56 | for component in "${COMPONENTS[@]}"; do 57 | newbin ${component}/${component} snowflake-${component} 58 | newdoc ${component}/README.md README_${component}.md 59 | done 60 | 61 | einstalldocs 62 | dodoc doc/*.txt doc/*.md 63 | doman doc/*.1 64 | 65 | systemd_dounit "${FILESDIR}"/snowflake-proxy.service 66 | } 67 | -------------------------------------------------------------------------------- /profiles/package.use.mask: -------------------------------------------------------------------------------- 1 | # Poncho (2024-10-24) 2 | # Disable Wayland by default in 14.0 3 | # https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43092 4 | >=www-client/torbrowser-128.3.0_p14000 wayland 5 | -------------------------------------------------------------------------------- /profiles/repo_name: -------------------------------------------------------------------------------- 1 | torbrowser 2 | -------------------------------------------------------------------------------- /torbrowser-overlay.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | torbrowser 6 | Torbrowser without vidalia or tor 7 | https://github.com/MeisterP/torbrowser-overlay 8 | 9 | poncho@spahan.ch 10 | Poncho 11 | 12 | git://github.com/MeisterP/torbrowser-overlay.git 13 | https://github.com/MeisterP/torbrowser-overlay/commits/master.atom 14 | 15 | 16 | -------------------------------------------------------------------------------- /www-client/torbrowser-launcher/Manifest: -------------------------------------------------------------------------------- 1 | DIST torbrowser-launcher-v0.3.7.tar.bz2 198748 BLAKE2B 3b4ad78cb423e7a15419231523c2705db09604cd5f8c8c76a6e33c7cccce7135e47c181fc647fd6e17e6faadfae900a35dd7d4e32deaa7e1a92430ba3509f0bd SHA512 d9510b321ecae0df99cba6e4d6c141aaec6411fb062ca3e7549fe4cd899cb0472d27e049ea3afa2036d785cc39b42df5c7af74acbb8ba5aa083614a7ea6338c7 2 | -------------------------------------------------------------------------------- /www-client/torbrowser-launcher/metadata.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | poncho@spahan.ch 6 | Poncho 7 | 8 | 9 | -------------------------------------------------------------------------------- /www-client/torbrowser-launcher/torbrowser-launcher-0.3.7-r1.ebuild: -------------------------------------------------------------------------------- 1 | # Copyright 1999-2025 Gentoo Authors 2 | # Distributed under the terms of the GNU General Public License v2 3 | 4 | EAPI=8 5 | 6 | DISTUTILS_USE_PEP517=setuptools 7 | PYTHON_COMPAT=( python3_{10..13} ) 8 | 9 | inherit distutils-r1 optfeature xdg 10 | 11 | DESCRIPTION="A program to download, update and run the Tor Browser Bundle" 12 | HOMEPAGE="https://gitlab.torproject.org/tpo/applications/torbrowser-launcher" 13 | SRC_URI="https://gitlab.torproject.org/tpo/applications/${PN}/-/archive/v${PV}/${PN}-v${PV}.tar.bz2" 14 | S="${WORKDIR}/${PN}-v${PV}" 15 | 16 | LICENSE="MIT" 17 | SLOT="0" 18 | KEYWORDS="~amd64" 19 | 20 | FIREFOX_BIN="app-accessibility/at-spi2-core 21 | dev-libs/dbus-glib 22 | >=dev-libs/glib-2.26:2 23 | media-libs/fontconfig 24 | >=media-libs/freetype-2.4.10 25 | sys-apps/dbus 26 | virtual/freedesktop-icon-theme 27 | >=x11-libs/cairo-1.10[X] 28 | x11-libs/gdk-pixbuf 29 | >=x11-libs/gtk+-3.11:3[wayland,X] 30 | x11-libs/libX11 31 | x11-libs/libxcb 32 | x11-libs/libXcomposite 33 | x11-libs/libXcursor 34 | x11-libs/libXdamage 35 | x11-libs/libXext 36 | x11-libs/libXfixes 37 | x11-libs/libXi 38 | x11-libs/libXrender 39 | x11-libs/libXt 40 | >=x11-libs/pango-1.22.0" 41 | 42 | DEPEND="${PYTHON_DEPS} 43 | dev-python/distro[${PYTHON_USEDEP}]" 44 | 45 | RDEPEND="${PYTHON_DEPS} 46 | ${FIREFOX_BIN} 47 | app-crypt/gpgme[python,${PYTHON_USEDEP}] 48 | dev-python/packaging[${PYTHON_USEDEP}] 49 | dev-python/pyqt5[${PYTHON_USEDEP},widgets] 50 | dev-python/pysocks[${PYTHON_USEDEP}] 51 | dev-python/distro[${PYTHON_USEDEP}] 52 | dev-python/packaging[${PYTHON_USEDEP}] 53 | dev-python/requests[${PYTHON_USEDEP}] 54 | !www-client/torbrowser" 55 | 56 | pkg_postinst() { 57 | xdg_pkg_postinst 58 | optfeature "updating over system Tor" net-vpn/tor dev-python/txsocksx 59 | } 60 | -------------------------------------------------------------------------------- /www-client/torbrowser/Manifest: -------------------------------------------------------------------------------- 1 | DIST firefox-128esr-patches-11.tar.xz 18696 BLAKE2B 0f35eaa29f1daf9beb09c7303b3e92676eea84337683b8f7393e8b52e36ec1f37683a050e1e8d7939ebb1bdc190acaac887bebe88812c1b64785e38980f18be3 SHA512 04bf8bbf3c4e7901a6681fec66f179f797615613be838cf35a4b03cd9a347656b1264524ac7355f0c3978a5e740ddc5dc438610e5cae6ffcad73a8988cf0e572 2 | DIST noscript-13.0.6.xpi 992587 BLAKE2B fd06451282b0319c3e7d14fd1c258db94d82bb17ad13bb3a710ea8e3287102a6553369c29f495f926ad58c303523ef846b592d3400aca756dc5008cb3bbf75b7 SHA512 b8f20d75226f8a6d118950284b7fdf3b2f7fff2fb54d284eaec5ca52d71eb5d674b773515c8f65b66089706702b55597f7e54248964a28c631b812211b3e2920 3 | DIST src-firefox-tor-browser-128.11.0esr-14.5-1-build3.tar.xz 611118336 BLAKE2B db5d8b48a11aef1f14b71481b00011fe944bf691b6fcaafee19da9903e7f044c7581dcbea3bfdd80b8fa6aa26c5047f446e2fa3a0b5b4a5de59bdaccb7ca1e87 SHA512 86989cfffb7caf21674562c24c7a171d567c5aecaf5ff6ede62f399bec49ece6e5958aad1d4c671260988dd9cbc58b926ee26cf2385956b1e7c6491c6ca6794d 4 | DIST tor-browser-linux-x86_64-14.5.3.tar.xz 123327492 BLAKE2B ad134b27819a8be53ec7d024b54de04996ef9b0cd7b135cdc28aec4553ea3f6fc7f8aff34961cbe9f8cdbfb00a41476f1ed104452b90e2778ba6109d474d628f SHA512 e223dd1befe023f413abe874dfe8eca4a46252856430da9f9d7728fefa6bcf168c0f83c2a009438fbf58126f1eb4cb80afc5126270ea253e8ef453db8d5f97fe 5 | DIST torbrowser-128.11.0_p14503-ChangeLog.txt 630705 BLAKE2B 2f605ab17c6e39e953985f9c8a4601ce3356457ea68334a8d4ac09e63c5663a70c6874c0fc6f047809669b8c492e8f8883cb110f12dc3998f65d5055ce2b0f26 SHA512 866c144262eeabb422332da9f34e4a06898865f1ad5de999dca8a64fd63294b8ccf51716257c9584bd15f1a5d2739631708fcbeaf719d4b3905e8563d7e66842 6 | -------------------------------------------------------------------------------- /www-client/torbrowser/files/99torbrowser.example: -------------------------------------------------------------------------------- 1 | # /etc/env.d/99torbrowser 2 | # 3 | # Using a system-installed Tor process with Tor Browser: 4 | # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 5 | # The Tor ControlPort password should be given inside double quotes, inside 6 | # single quotes, i.e. if the ControlPort password is “secret” (without 7 | # curly quotes) then we must set the environment variable *exactly* like 8 | # this: 9 | # 10 | # TOR_CONTROL_PASSWD='"secret"' 11 | # 12 | # Yes, the variable MUST be double-quoted, then single-quoted, exactly as 13 | # shown. This is used by TorButton and Tor Launcher to authenticate to Tor's 14 | # ControlPort, and is necessary for using TB with a system-installed Tor. 15 | 16 | #TOR_SOCKS_HOST=127.0.0.1 17 | #TOR_SOCKS_PORT=9150 18 | #TOR_SOCKS_IPC_PATH=/run/tor/socks 19 | 20 | #TOR_CONTROL_HOST=127.0.0.1 21 | #TOR_CONTROL_PORT=9151 22 | #TOR_CONTROL_PASSWD='"secret"' 23 | #TOR_CONTROL_COOKIE_AUTH_FILE=/run/tor/control.authcookie 24 | #TOR_CONTROL_IPC_PATH=/run/tor/control 25 | -------------------------------------------------------------------------------- /www-client/torbrowser/files/torbrowser.desktop: -------------------------------------------------------------------------------- 1 | [Desktop Entry] 2 | Type=Application 3 | Name=Tor Browser 4 | GenericName=Web Browser 5 | Comment=Tor Browser is +1 for privacy and −1 for mass surveillance 6 | Categories=Network;WebBrowser;Security; 7 | Exec=torbrowser %u 8 | Icon=torbrowser 9 | StartupNotify=true 10 | StartupWMClass=Tor Browser 11 | -------------------------------------------------------------------------------- /www-client/torbrowser/files/torrc.example: -------------------------------------------------------------------------------- 1 | #DataDirectory /var/lib/tor/data 2 | #ClientOnionAuthDir /var/lib/tor/authdir 3 | 4 | #PidFile /run/tor/tor.pid 5 | 6 | #SocksPort 127.0.0.1:9050 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth 7 | #SocksPort unix:/run/tor/socks GroupWritable ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth 8 | 9 | #ControlPort 127.0.0.1:9051 10 | #ControlPort unix:/run/tor/control GroupWritable 11 | 12 | # % tor --hash-password "my_password" 13 | #HashedControlPassword 16:E600ADC1B52C80BB6022A0E999A7734571A451EB6AE50FED489B72E3DF 14 | 15 | #CookieAuthentication 1 16 | #CookieAuthFileGroupReadable 1 17 | #CookieAuthFile /run/tor/control.authcookie 18 | -------------------------------------------------------------------------------- /www-client/torbrowser/metadata.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | poncho@spahan.ch 6 | Poncho 7 | 8 | 9 | Use Clang compiler instead of GCC 10 | Enable unified build - combines source files to speed up build process, but requires more memory 11 | Use the system-wide media-libs/dav1d 12 | and media-libs/libaom library instead of bundled 13 | Use the system-wide media-libs/harfbuzz 14 | and media-gfx/graphite2 instead of bundled 15 | Use the system-wide dev-libs/icu 16 | instead of bundled 17 | Use the system-wide media-libs/libjpeg-turbo 18 | instead of bundled 19 | Use the system-wide dev-libs/libevent 20 | instead of bundled 21 | Use the system-wide media-libs/libvpx 22 | instead of bundled 23 | Use the system-wide media-libs/libpng 24 | instead of bundled (requires APNG patches) 25 | Use the system-wide media-libs/libwebp 26 | instead of bundled 27 | 28 | 29 | -------------------------------------------------------------------------------- /www-client/torbrowser/torbrowser-128.11.0_p14503.ebuild: -------------------------------------------------------------------------------- 1 | # Copyright 1999-2025 Gentoo Authors 2 | # Distributed under the terms of the GNU General Public License v2 3 | 4 | EAPI=8 5 | 6 | FIREFOX_PATCHSET="firefox-128esr-patches-11.tar.xz" 7 | 8 | LLVM_COMPAT=( 17 18 19 ) 9 | 10 | PYTHON_COMPAT=( python3_{10..13} ) 11 | PYTHON_REQ_USE="ncurses,sqlite,ssl" 12 | 13 | # This will also filter rust versions that don't match LLVM_COMPAT in the non-clang path; this is fine. 14 | RUST_NEEDS_LLVM=1 15 | # If not building with clang we need at least rust 1.76 16 | RUST_MIN_VER=1.77.1 17 | 18 | WANT_AUTOCONF="2.1" 19 | 20 | # Convert the ebuild version to the upstream Mozilla version 21 | MOZ_PV="${PV/_p*}esr" 22 | 23 | # see https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/maint-14.5/projects/firefox/config?ref_type=heads#L17 24 | # and https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/maint-14.5/projects/browser/config?ref_type=heads#L114 25 | # and https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tags 26 | TOR_PV="14.5.3" 27 | TOR_TAG="${TOR_PV%.*}-1-build3" 28 | NOSCRIPT_VERSION="13.0.6" 29 | NOSCRIPT_ID="4495120" 30 | CHANGELOG_TAG="${TOR_PV}-build2" 31 | 32 | inherit autotools check-reqs desktop flag-o-matic linux-info llvm-r1 multiprocessing \ 33 | pax-utils python-any-r1 rust toolchain-funcs xdg 34 | 35 | TOR_SRC_BASE_URI="https://dist.torproject.org/torbrowser/${TOR_PV}" 36 | TOR_SRC_ARCHIVE_URI="https://archive.torproject.org/tor-package-archive/torbrowser/${TOR_PV}" 37 | 38 | PATCH_URIS=( 39 | https://dev.gentoo.org/~juippis/mozilla/patchsets/${FIREFOX_PATCHSET} 40 | ) 41 | 42 | DESCRIPTION="Private browsing without tracking, surveillance, or censorship" 43 | HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/applications/tor-browser/" 44 | SRC_URI=" 45 | ${TOR_SRC_BASE_URI}/src-firefox-tor-browser-${MOZ_PV}-${TOR_TAG}.tar.xz 46 | ${TOR_SRC_ARCHIVE_URI}/src-firefox-tor-browser-${MOZ_PV}-${TOR_TAG}.tar.xz 47 | ${TOR_SRC_BASE_URI}/tor-browser-linux-x86_64-${TOR_PV}.tar.xz 48 | ${TOR_SRC_ARCHIVE_URI}/tor-browser-linux-x86_64-${TOR_PV}.tar.xz 49 | https://addons.mozilla.org/firefox/downloads/file/${NOSCRIPT_ID}/noscript-${NOSCRIPT_VERSION}.xpi 50 | https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/tbb-${CHANGELOG_TAG}/projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt -> ${P}-ChangeLog.txt 51 | ${PATCH_URIS[@]}" 52 | 53 | S="${WORKDIR}/firefox-tor-browser-${MOZ_PV}-${TOR_TAG}" 54 | LICENSE="BSD CC-BY-3.0 MPL-2.0 GPL-2 LGPL-2.1" 55 | SLOT="0" 56 | KEYWORDS="~amd64" 57 | 58 | IUSE="+clang dbus hardened pulseaudio" 59 | IUSE+=" +system-av1 +system-harfbuzz +system-icu +system-jpeg +system-libevent +system-libvpx" 60 | IUSE+=" system-png +system-webp wayland +X" 61 | IUSE+=" +jumbo-build" 62 | 63 | REQUIRED_USE="|| ( X wayland ) 64 | wayland? ( dbus )" 65 | 66 | BDEPEND="${PYTHON_DEPS} 67 | $(llvm_gen_dep ' 68 | llvm-core/clang:${LLVM_SLOT} 69 | llvm-core/llvm:${LLVM_SLOT} 70 | clang? ( 71 | llvm-core/lld:${LLVM_SLOT} 72 | ) 73 | ') 74 | app-alternatives/awk 75 | app-arch/unzip 76 | app-arch/zip 77 | >=dev-util/cbindgen-0.26.0 78 | net-libs/nodejs 79 | virtual/pkgconfig 80 | amd64? ( >=dev-lang/nasm-2.14 ) 81 | x86? ( >=dev-lang/nasm-2.14 )" 82 | 83 | COMMON_DEPEND=" 84 | >=app-accessibility/at-spi2-core-2.46.0:2 85 | dev-libs/expat 86 | dev-libs/glib:2 87 | dev-libs/libffi:= 88 | >=dev-libs/nss-3.101 89 | >=dev-libs/nspr-4.35 90 | media-libs/alsa-lib 91 | media-libs/fontconfig 92 | media-libs/freetype 93 | media-libs/mesa 94 | media-video/ffmpeg 95 | sys-libs/zlib 96 | virtual/freedesktop-icon-theme 97 | x11-libs/cairo 98 | x11-libs/gdk-pixbuf:2 99 | x11-libs/pango 100 | x11-libs/pixman 101 | dbus? ( 102 | sys-apps/dbus 103 | ) 104 | pulseaudio? ( 105 | || ( 106 | media-libs/libpulse 107 | >=media-sound/apulse-0.1.12-r4[sdk] 108 | ) 109 | ) 110 | system-av1? ( 111 | >=media-libs/dav1d-1.0.0:= 112 | >=media-libs/libaom-1.0.0:= 113 | ) 114 | system-harfbuzz? ( 115 | >=media-gfx/graphite2-1.3.13 116 | >=media-libs/harfbuzz-2.8.1:0= 117 | ) 118 | system-icu? ( >=dev-libs/icu-73.1:= ) 119 | system-jpeg? ( >=media-libs/libjpeg-turbo-1.2.1:= ) 120 | system-libevent? ( >=dev-libs/libevent-2.1.12:0=[threads(+)] ) 121 | system-libvpx? ( >=media-libs/libvpx-1.8.2:0=[postproc] ) 122 | system-png? ( >=media-libs/libpng-1.6.35:0=[apng] ) 123 | system-webp? ( >=media-libs/libwebp-1.1.0:0= ) 124 | wayland? ( 125 | >=media-libs/libepoxy-1.5.10-r1 126 | x11-libs/gtk+:3[wayland] 127 | ) 128 | X? ( 129 | virtual/opengl 130 | x11-libs/cairo[X] 131 | x11-libs/gtk+:3[X] 132 | x11-libs/libX11 133 | x11-libs/libXcomposite 134 | x11-libs/libXdamage 135 | x11-libs/libXext 136 | x11-libs/libXfixes 137 | x11-libs/libXrandr 138 | x11-libs/libxcb:= 139 | )" 140 | RDEPEND="${COMMON_DEPEND} 141 | !www-client/torbrowser-launcher" 142 | 143 | DEPEND="${COMMON_DEPEND} 144 | X? ( 145 | x11-base/xorg-proto 146 | x11-libs/libICE 147 | x11-libs/libSM 148 | )" 149 | 150 | llvm_check_deps() { 151 | if ! has_version -b "sys-devel/clang:${LLVM_SLOT}" ; then 152 | einfo "sys-devel/clang:${LLVM_SLOT} is missing! Cannot use LLVM slot ${LLVM_SLOT} ..." >&2 153 | return 1 154 | fi 155 | 156 | if use clang && ! tc-ld-is-mold ; then 157 | if ! has_version -b "sys-devel/lld:${LLVM_SLOT}" ; then 158 | einfo "sys-devel/lld:${LLVM_SLOT} is missing! Cannot use LLVM slot ${LLVM_SLOT} ..." >&2 159 | return 1 160 | fi 161 | fi 162 | 163 | einfo "Using LLVM slot ${LLVM_SLOT} to build" >&2 164 | } 165 | 166 | moz_clear_vendor_checksums() { 167 | debug-print-function ${FUNCNAME} "$@" 168 | 169 | if [[ ${#} -ne 1 ]] ; then 170 | die "${FUNCNAME} requires exact one argument" 171 | fi 172 | 173 | einfo "Clearing cargo checksums for ${1} ..." 174 | 175 | sed -i \ 176 | -e 's/\("files":{\)[^}]*/\1/' \ 177 | "${S}"/third_party/rust/${1}/.cargo-checksum.json || die 178 | } 179 | 180 | mozconfig_add_options_ac() { 181 | debug-print-function ${FUNCNAME} "$@" 182 | 183 | if [[ ${#} -lt 2 ]] ; then 184 | die "${FUNCNAME} requires at least two arguments" 185 | fi 186 | 187 | local reason=${1} 188 | shift 189 | 190 | local option 191 | for option in ${@} ; do 192 | echo "ac_add_options ${option} # ${reason}" >>${MOZCONFIG} 193 | done 194 | } 195 | 196 | mozconfig_add_options_mk() { 197 | debug-print-function ${FUNCNAME} "$@" 198 | 199 | if [[ ${#} -lt 2 ]] ; then 200 | die "${FUNCNAME} requires at least two arguments" 201 | fi 202 | 203 | local reason=${1} 204 | shift 205 | 206 | local option 207 | for option in ${@} ; do 208 | echo "mk_add_options ${option} # ${reason}" >>${MOZCONFIG} 209 | done 210 | } 211 | 212 | mozconfig_use_enable() { 213 | debug-print-function ${FUNCNAME} "$@" 214 | 215 | if [[ ${#} -lt 1 ]] ; then 216 | die "${FUNCNAME} requires at least one arguments" 217 | fi 218 | 219 | local flag=$(use_enable "${@}") 220 | mozconfig_add_options_ac "$(use ${1} && echo +${1} || echo -${1})" "${flag}" 221 | } 222 | 223 | mozconfig_use_with() { 224 | debug-print-function ${FUNCNAME} "$@" 225 | 226 | if [[ ${#} -lt 1 ]] ; then 227 | die "${FUNCNAME} requires at least one arguments" 228 | fi 229 | 230 | local flag=$(use_with "${@}") 231 | mozconfig_add_options_ac "$(use ${1} && echo +${1} || echo -${1})" "${flag}" 232 | } 233 | 234 | pkg_pretend() { 235 | # Ensure we have enough disk space to compile 236 | CHECKREQS_DISK_BUILD="6600M" 237 | 238 | check-reqs_pkg_pretend 239 | } 240 | 241 | pkg_setup() { 242 | # Ensure we have enough disk space to compile 243 | CHECKREQS_DISK_BUILD="6400M" 244 | 245 | check-reqs_pkg_setup 246 | llvm-r1_pkg_setup 247 | rust_pkg_setup 248 | python-any-r1_pkg_setup 249 | 250 | # These should *always* be cleaned up anyway 251 | unset \ 252 | DBUS_SESSION_BUS_ADDRESS \ 253 | DISPLAY \ 254 | ORBIT_SOCKETDIR \ 255 | SESSION_MANAGER \ 256 | XAUTHORITY \ 257 | XDG_CACHE_HOME \ 258 | XDG_SESSION_COOKIE 259 | 260 | # Build system is using /proc/self/oom_score_adj, bug #604394 261 | addpredict /proc/self/oom_score_adj 262 | 263 | if ! mountpoint -q /dev/shm ; then 264 | # If /dev/shm is not available, configure is known to fail with 265 | # a traceback report referencing /usr/lib/pythonN.N/multiprocessing/synchronize.py 266 | ewarn "/dev/shm is not mounted -- expect build failures!" 267 | fi 268 | 269 | # Ensure we use C locale when building, bug #746215 270 | export LC_ALL=C 271 | 272 | CONFIG_CHECK="~SECCOMP" 273 | WARNING_SECCOMP="CONFIG_SECCOMP not set! This system will be unable to play DRM-protected content." 274 | linux-info_pkg_setup 275 | } 276 | 277 | src_prepare() { 278 | # Workaround for bgo#917599 279 | if has_version ">=dev-libs/icu-74.1" && use system-icu ; then 280 | eapply "${WORKDIR}"/firefox-patches/*-bmo-1862601-system-icu-74.patch 281 | fi 282 | rm -v "${WORKDIR}"/firefox-patches/*-bmo-1862601-system-icu-74.patch || die 283 | 284 | eapply "${WORKDIR}/firefox-patches" 285 | 286 | # https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20497#note_2873088 287 | sed -i \ 288 | -e "s/MOZ_APP_VENDOR=\"Tor Project\"/MOZ_APP_VENDOR=\"TorProject\"/" \ 289 | "${S}"/browser/confvars.sh || die 290 | 291 | # Allow user to apply any additional patches without modifing ebuild 292 | eapply_user 293 | 294 | # Make cargo respect MAKEOPTS 295 | export CARGO_BUILD_JOBS="$(makeopts_jobs)" 296 | 297 | # Make LTO respect MAKEOPTS 298 | sed -i -e "s/multiprocessing.cpu_count()/$(makeopts_jobs)/" \ 299 | "${S}"/build/moz.configure/lto-pgo.configure || die "Failed sedding multiprocessing.cpu_count" 300 | 301 | # Make ICU respect MAKEOPTS 302 | sed -i -e "s/multiprocessing.cpu_count()/$(makeopts_jobs)/" \ 303 | "${S}"/intl/icu_sources_data.py || die "Failed sedding multiprocessing.cpu_count" 304 | 305 | # Respect MAKEOPTS all around (maybe some find+sed is better) 306 | sed -i -e "s/multiprocessing.cpu_count()/$(makeopts_jobs)/" \ 307 | "${S}"/python/mozbuild/mozbuild/base.py || die "Failed sedding multiprocessing.cpu_count" 308 | 309 | sed -i -e "s/multiprocessing.cpu_count()/$(makeopts_jobs)/" \ 310 | "${S}"/third_party/libwebrtc/build/toolchain/get_cpu_count.py || die "Failed sedding multiprocessing.cpu_count" 311 | 312 | sed -i -e "s/multiprocessing.cpu_count()/$(makeopts_jobs)/" \ 313 | "${S}"/third_party/libwebrtc/build/toolchain/get_concurrent_links.py || 314 | die "Failed sedding multiprocessing.cpu_count" 315 | 316 | sed -i -e "s/multiprocessing.cpu_count()/$(makeopts_jobs)/" \ 317 | "${S}"/third_party/python/gyp/pylib/gyp/input.py || die "Failed sedding multiprocessing.cpu_count" 318 | 319 | sed -i -e "s/multiprocessing.cpu_count()/$(makeopts_jobs)/" \ 320 | "${S}"/python/mozbuild/mozbuild/code_analysis/mach_commands.py || die "Failed sedding multiprocessing.cpu_count" 321 | 322 | # sed-in toolchain prefix 323 | sed -i \ 324 | -e "s/objdump/${CHOST}-objdump/" \ 325 | "${S}"/python/mozbuild/mozbuild/configure/check_debug_ranges.py || die "sed failed to set toolchain prefix" 326 | 327 | sed -i \ 328 | -e 's/ccache_stats = None/return None/' \ 329 | "${S}"/python/mozbuild/mozbuild/controller/building.py || die "sed failed to disable ccache stats call" 330 | 331 | einfo "Removing pre-built binaries ..." 332 | 333 | find "${S}"/third_party -type f \( -name '*.so' -o -name '*.o' \) -print -delete || die 334 | 335 | # Clear checksums from cargo crates we've manually patched. 336 | # moz_clear_vendor_checksums xyz 337 | 338 | # Respect choice for "jumbo-build" 339 | # Changing the value for FILES_PER_UNIFIED_FILE may not work, see #905431 340 | if [[ -n ${FILES_PER_UNIFIED_FILE} ]] && use jumbo-build; then 341 | local my_files_per_unified_file=${FILES_PER_UNIFIED_FILE:=16} 342 | elog "" 343 | elog "jumbo-build defaults modified to ${my_files_per_unified_file}." 344 | elog "if you get a build failure, try undefining FILES_PER_UNIFIED_FILE," 345 | elog "if that fails try -jumbo-build before opening a bug report." 346 | elog "" 347 | 348 | sed -i -e "s/\"FILES_PER_UNIFIED_FILE\", 16/\"FILES_PER_UNIFIED_FILE\", "${my_files_per_unified_file}"/" \ 349 | python/mozbuild/mozbuild/frontend/data.py || 350 | die "Failed to adjust FILES_PER_UNIFIED_FILE in python/mozbuild/mozbuild/frontend/data.py" 351 | sed -i -e "s/FILES_PER_UNIFIED_FILE = 6/FILES_PER_UNIFIED_FILE = "${my_files_per_unified_file}"/" \ 352 | js/src/moz.build || 353 | die "Failed to adjust FILES_PER_UNIFIED_FILE in js/src/moz.build" 354 | fi 355 | 356 | # Create build dir 357 | BUILD_DIR="${WORKDIR}/${PN}_build" 358 | mkdir -p "${BUILD_DIR}" || die 359 | 360 | xdg_environment_reset 361 | } 362 | 363 | src_configure() { 364 | # Show flags set at the beginning 365 | einfo "Current BINDGEN_CFLAGS:\t${BINDGEN_CFLAGS:-no value set}" 366 | einfo "Current CFLAGS:\t\t${CFLAGS:-no value set}" 367 | einfo "Current CXXFLAGS:\t\t${CXXFLAGS:-no value set}" 368 | einfo "Current LDFLAGS:\t\t${LDFLAGS:-no value set}" 369 | einfo "Current RUSTFLAGS:\t\t${RUSTFLAGS:-no value set}" 370 | 371 | local have_switched_compiler= 372 | if use clang; then 373 | # Force clang 374 | einfo "Enforcing the use of clang due to USE=clang ..." 375 | 376 | local version_clang=$(clang --version 2>/dev/null | grep -F -- 'clang version' | awk '{ print $3 }') 377 | [[ -n ${version_clang} ]] && version_clang=$(ver_cut 1 "${version_clang}") 378 | [[ -z ${version_clang} ]] && die "Failed to read clang version!" 379 | 380 | if tc-is-gcc; then 381 | have_switched_compiler=yes 382 | fi 383 | 384 | AR=llvm-ar 385 | CC=${CHOST}-clang-${version_clang} 386 | CXX=${CHOST}-clang++-${version_clang} 387 | NM=llvm-nm 388 | RANLIB=llvm-ranlib 389 | elif ! use clang && ! tc-is-gcc ; then 390 | # Force gcc 391 | have_switched_compiler=yes 392 | einfo "Enforcing the use of gcc due to USE=-clang ..." 393 | AR=gcc-ar 394 | CC=${CHOST}-gcc 395 | CXX=${CHOST}-g++ 396 | NM=gcc-nm 397 | RANLIB=gcc-ranlib 398 | fi 399 | 400 | if [[ -n "${have_switched_compiler}" ]] ; then 401 | # Because we switched active compiler we have to ensure 402 | # that no unsupported flags are set 403 | strip-unsupported-flags 404 | fi 405 | 406 | # Ensure we use correct toolchain, 407 | # AS is used in a non-standard way by upstream, #bmo1654031 408 | export HOST_CC="$(tc-getBUILD_CC)" 409 | export HOST_CXX="$(tc-getBUILD_CXX)" 410 | export AS="$(tc-getCC) -c" 411 | 412 | # Configuration tests expect llvm-readelf output, bug 913130 413 | READELF="llvm-readelf" 414 | 415 | tc-export CC CXX LD AR AS NM OBJDUMP RANLIB READELF PKG_CONFIG 416 | 417 | # Pass the correct toolchain paths through cbindgen 418 | if tc-is-cross-compiler ; then 419 | export BINDGEN_CFLAGS="${SYSROOT:+--sysroot=${ESYSROOT}} --target=${CHOST} ${BINDGEN_CFLAGS-}" 420 | fi 421 | 422 | # Set MOZILLA_FIVE_HOME 423 | export MOZILLA_FIVE_HOME="/usr/$(get_libdir)/${PN}" 424 | 425 | # python/mach/mach/mixin/process.py fails to detect SHELL 426 | export SHELL="${EPREFIX}/bin/bash" 427 | 428 | # Set state path 429 | export MOZBUILD_STATE_PATH="${BUILD_DIR}" 430 | 431 | # Set MOZCONFIG 432 | export MOZCONFIG="${S}/.mozconfig" 433 | 434 | # Initialize MOZCONFIG 435 | mozconfig_add_options_ac '' --enable-application=browser 436 | mozconfig_add_options_ac '' --enable-project=browser 437 | 438 | # Set Gentoo defaults 439 | mozconfig_add_options_ac 'Gentoo default' \ 440 | --allow-addon-sideload \ 441 | --disable-cargo-incremental \ 442 | --disable-crashreporter \ 443 | --disable-disk-remnant-avoidance \ 444 | --disable-geckodriver \ 445 | --disable-gpsd \ 446 | --disable-install-strip \ 447 | --disable-legacy-profile-creation \ 448 | --disable-parental-controls \ 449 | --disable-strip \ 450 | --disable-tests \ 451 | --disable-updater \ 452 | --disable-valgrind \ 453 | --disable-wmf \ 454 | --enable-negotiateauth \ 455 | --enable-new-pass-manager \ 456 | --enable-official-branding \ 457 | --enable-release \ 458 | --enable-system-pixman \ 459 | --enable-system-policies \ 460 | --host="${CBUILD:-${CHOST}}" \ 461 | --libdir="${EPREFIX}/usr/$(get_libdir)" \ 462 | --prefix="${EPREFIX}/usr" \ 463 | --target="${CHOST}" \ 464 | --without-ccache \ 465 | --without-wasm-sandboxed-libraries \ 466 | --with-intl-api \ 467 | --with-libclang-path="$(llvm-config --libdir)" \ 468 | --enable-system-ffi \ 469 | --with-system-nspr \ 470 | --with-system-nss \ 471 | --with-system-zlib \ 472 | --with-toolchain-prefix="${CHOST}-" \ 473 | --with-unsigned-addon-scopes=app,system \ 474 | --x-includes="${ESYSROOT}/usr/include" \ 475 | --x-libraries="${ESYSROOT}/usr/$(get_libdir)" 476 | 477 | einfo "Building without Mozilla API key ..." 478 | 479 | mozconfig_use_with system-av1 480 | mozconfig_use_with system-harfbuzz 481 | mozconfig_use_with system-harfbuzz system-graphite2 482 | mozconfig_use_with system-icu 483 | mozconfig_use_with system-jpeg 484 | mozconfig_use_with system-libevent 485 | mozconfig_use_with system-libvpx 486 | mozconfig_use_with system-png 487 | mozconfig_use_with system-webp 488 | 489 | mozconfig_use_enable dbus 490 | mozconfig_add_options_ac '' --disable-libproxy 491 | 492 | mozconfig_add_options_ac '' --disable-eme 493 | 494 | if use hardened ; then 495 | mozconfig_add_options_ac "+hardened" --enable-hardening 496 | append-ldflags "-Wl,-z,relro -Wl,-z,now" 497 | 498 | # Increase the FORTIFY_SOURCE value, #910071. 499 | sed -i -e '/-D_FORTIFY_SOURCE=/s:2:3:' "${S}"/build/moz.configure/toolchain.configure || die 500 | fi 501 | 502 | local myaudiobackends="" 503 | use pulseaudio && myaudiobackends+="pulseaudio," 504 | ! use pulseaudio && myaudiobackends+="alsa," 505 | 506 | mozconfig_add_options_ac '--enable-audio-backends' --enable-audio-backends="${myaudiobackends::-1}" 507 | 508 | mozconfig_add_options_ac '' --disable-necko-wifi 509 | 510 | ! use jumbo-build && mozconfig_add_options_ac '--disable-unified-build' --disable-unified-build 511 | 512 | if use X && use wayland ; then 513 | mozconfig_add_options_ac '+x11+wayland' --enable-default-toolkit=cairo-gtk3-x11-wayland 514 | elif ! use X && use wayland ; then 515 | mozconfig_add_options_ac '+wayland' --enable-default-toolkit=cairo-gtk3-wayland-only 516 | else 517 | mozconfig_add_options_ac '+x11' --enable-default-toolkit=cairo-gtk3-x11-only 518 | fi 519 | 520 | # LTO is handled via configure. 521 | # -Werror=lto-type-mismatch -Werror=odr are going to fail with GCC, 522 | # bmo#1516758, bgo#942288 523 | filter-lto 524 | filter-flags -Werror=lto-type-mismatch -Werror=odr 525 | 526 | # see https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40745 527 | export MOZ_APP_BASENAME="TorBrowser" 528 | 529 | # see https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/maint-14.5/projects/firefox/build#L112 530 | mozconfig_add_options_ac 'torbrowser' \ 531 | --with-base-browser-version=${TOR_PV} \ 532 | --enable-update-channel=release \ 533 | --with-branding=browser/branding/tb-release \ 534 | --without-wasm-sandboxed-libraries 535 | 536 | # see https://gitlab.torproject.org/tpo/applications/tor-browser/-/blob/tor-browser-128.9.0esr-14.5-1/browser/config/mozconfigs/tor-browser 537 | mozconfig_add_options_mk 'torbrowser' "MOZ_APP_DISPLAYNAME=\"Tor Browser\"" 538 | mozconfig_add_options_ac 'torbrowser' \ 539 | --without-relative-data-dir \ 540 | --with-user-appdir=.torproject \ 541 | --with-distribution-id=org.torproject 542 | 543 | # see https://gitlab.torproject.org/tpo/applications/tor-browser/-/blob/tor-browser-128.9.0esr-14.5-1/browser/config/mozconfigs/base-browser 544 | export MOZILLA_OFFICIAL=1 545 | mozconfig_add_options_ac 'torbrowser' \ 546 | --enable-official-branding \ 547 | --enable-optimize \ 548 | --enable-rust-simd \ 549 | --disable-unverified-updates \ 550 | --disable-base-browser-update \ 551 | --enable-bundled-fonts \ 552 | --disable-tests \ 553 | --disable-debug \ 554 | --disable-crashreporter \ 555 | --disable-webrtc \ 556 | --disable-parental-controls \ 557 | --enable-proxy-bypass-protection \ 558 | --disable-system-policies \ 559 | --disable-backgroundtasks \ 560 | MOZ_TELEMETRY_REPORTING= \ 561 | --disable-legacy-profile-creation \ 562 | --enable-geckodriver 563 | 564 | # Avoid auto-magic on linker 565 | if use clang ; then 566 | # lld is upstream's default 567 | if tc-ld-is-mold ; then 568 | mozconfig_add_options_ac "using ld=mold due to system selection" --enable-linker=mold 569 | else 570 | mozconfig_add_options_ac "forcing ld=lld due to USE=clang" --enable-linker=lld 571 | fi 572 | else 573 | if tc-ld-is-mold ; then 574 | mozconfig_add_options_ac "using ld=mold due to system selection" --enable-linker=mold 575 | else 576 | mozconfig_add_options_ac "linker is set to bfd due to USE=-clang" --enable-linker=bfd 577 | fi 578 | fi 579 | 580 | mozconfig_add_options_ac 'Gentoo default' --disable-debug-symbols 581 | mozconfig_add_options_ac 'Gentoo defaults' --disable-real-time-tracing 582 | 583 | if is-flag '-O0' ; then 584 | mozconfig_add_options_ac "from CFLAGS" --enable-optimize=-O0 585 | elif is-flag '-O4' ; then 586 | mozconfig_add_options_ac "from CFLAGS" --enable-optimize=-O4 587 | elif is-flag '-O3' ; then 588 | mozconfig_add_options_ac "from CFLAGS" --enable-optimize=-O3 589 | elif is-flag '-O1' ; then 590 | mozconfig_add_options_ac "from CFLAGS" --enable-optimize=-O1 591 | elif is-flag '-Os' ; then 592 | mozconfig_add_options_ac "from CFLAGS" --enable-optimize=-Os 593 | else 594 | mozconfig_add_options_ac "Gentoo default" --enable-optimize=-O2 595 | fi 596 | 597 | # Debug flag was handled via configure 598 | filter-flags '-g*' 599 | 600 | # Optimization flag was handled via configure 601 | filter-flags '-O*' 602 | 603 | # elf-hack 604 | # Filter "-z,pack-relative-relocs" and let the build system handle it instead. 605 | filter-flags "-z,pack-relative-relocs" 606 | 607 | if tc-ld-is-mold ; then 608 | # relr-elf-hack is currently broken with mold, bgo#916259 609 | mozconfig_add_options_ac 'disable elf-hack with mold linker' --disable-elf-hack 610 | else 611 | mozconfig_add_options_ac 'relr elf-hack' --enable-elf-hack=relr 612 | fi 613 | 614 | # System-av1 fix 615 | use system-av1 && append-ldflags "-Wl,--undefined-version" 616 | 617 | # Make revdep-rebuild.sh happy; Also required for musl 618 | append-ldflags -Wl,-rpath="${MOZILLA_FIVE_HOME}",--enable-new-dtags 619 | 620 | # Pass $MAKEOPTS to build system 621 | export MOZ_MAKE_FLAGS="${MAKEOPTS}" 622 | 623 | # Use system's Python environment 624 | export PIP_NETWORK_INSTALL_RESTRICTED_VIRTUALENVS=mach 625 | 626 | export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE="none" 627 | 628 | # Disable notification when build system has finished 629 | export MOZ_NOSPAM=1 630 | 631 | # Portage sets XARGS environment variable to "xargs -r" by default which 632 | # breaks build system's check_prog() function which doesn't support arguments 633 | mozconfig_add_options_ac 'Gentoo default' "XARGS=${EPREFIX}/usr/bin/xargs" 634 | 635 | # Set build dir 636 | mozconfig_add_options_mk 'Gentoo default' "MOZ_OBJDIR=${BUILD_DIR}" 637 | 638 | # Show flags we will use 639 | einfo "Build BINDGEN_CFLAGS:\t${BINDGEN_CFLAGS:-no value set}" 640 | einfo "Build CFLAGS:\t\t${CFLAGS:-no value set}" 641 | einfo "Build CXXFLAGS:\t\t${CXXFLAGS:-no value set}" 642 | einfo "Build LDFLAGS:\t\t${LDFLAGS:-no value set}" 643 | einfo "Build RUSTFLAGS:\t\t${RUSTFLAGS:-no value set}" 644 | 645 | # Handle EXTRA_CONF and show summary 646 | local ac opt hash reason 647 | 648 | # Apply EXTRA_ECONF entries to $MOZCONFIG 649 | if [[ -n ${EXTRA_ECONF} ]] ; then 650 | IFS=\! read -a ac <<<${EXTRA_ECONF// --/\!} 651 | for opt in "${ac[@]}"; do 652 | mozconfig_add_options_ac "EXTRA_ECONF" --${opt#--} 653 | done 654 | fi 655 | 656 | echo 657 | echo "==========================================================" 658 | echo "Building ${PF} with the following configuration" 659 | grep ^ac_add_options "${MOZCONFIG}" | while read ac opt hash reason; do 660 | [[ -z ${hash} || ${hash} == \# ]] \ 661 | || die "error reading mozconfig: ${ac} ${opt} ${hash} ${reason}" 662 | printf " %-30s %s\n" "${opt}" "${reason:-mozilla.org default}" 663 | done 664 | echo "==========================================================" 665 | echo 666 | 667 | ./mach configure || die 668 | } 669 | 670 | src_compile() { 671 | ./mach build --verbose || die 672 | 673 | # FIXME: add locale support 674 | # see https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/maint-13.5/projects/firefox/build?ref_type=heads#L173 675 | ./mach build stage-package || die 676 | } 677 | 678 | src_install() { 679 | # xpcshell is getting called during install 680 | pax-mark m \ 681 | "${BUILD_DIR}"/dist/bin/xpcshell \ 682 | "${BUILD_DIR}"/dist/bin/${PN} \ 683 | "${BUILD_DIR}"/dist/bin/plugin-container 684 | 685 | DESTDIR="${D}" ./mach install || die 686 | 687 | # Upstream cannot ship symlink but we can (bmo#658850) 688 | rm "${ED}${MOZILLA_FIVE_HOME}/${PN}-bin" || die 689 | dosym ${PN} ${MOZILLA_FIVE_HOME}/${PN}-bin 690 | 691 | # Don't install llvm-symbolizer from sys-devel/llvm package 692 | if [[ -f "${ED}${MOZILLA_FIVE_HOME}/llvm-symbolizer" ]] ; then 693 | rm -v "${ED}${MOZILLA_FIVE_HOME}/llvm-symbolizer" || die 694 | fi 695 | 696 | # Install system-wide preferences 697 | local PREFS_DIR="${MOZILLA_FIVE_HOME}/browser/defaults/preferences" 698 | insinto "${PREFS_DIR}" 699 | 700 | local GENTOO_PREFS="${ED}${PREFS_DIR}/gentoo-prefs.js" 701 | 702 | # Set dictionary path to use system hunspell 703 | cat >>"${GENTOO_PREFS}" <<-EOF || die "failed to set spellchecker.dictionary_path pref" 704 | pref("spellchecker.dictionary_path", "${EPREFIX}/usr/share/myspell"); 705 | EOF 706 | 707 | # Force the graphite pref if USE=system-harfbuzz is enabled, since the pref cannot disable it 708 | if use system-harfbuzz ; then 709 | cat >>"${GENTOO_PREFS}" <<-EOF || die "failed to set gfx.font_rendering.graphite.enabled pref" 710 | sticky_pref("gfx.font_rendering.graphite.enabled", true); 711 | EOF 712 | fi 713 | 714 | # Install icons 715 | local icon_srcdir="${S}/browser/branding/tb-release" 716 | 717 | local icon size 718 | for icon in "${icon_srcdir}"/default*.png ; do 719 | size=${icon%.png} 720 | size=${size##*/default} 721 | 722 | if [[ ${size} -eq 48 ]] ; then 723 | newicon "${icon}" ${PN}.png 724 | fi 725 | 726 | newicon -s ${size} "${icon}" ${PN}.png 727 | done 728 | 729 | # Install menu 730 | # see https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/maint-14.5/projects/browser/RelativeLink/start-browser.desktop 731 | domenu "${FILESDIR}"/torbrowser.desktop 732 | 733 | # Install wrapper 734 | # see: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/main/projects/browser/RelativeLink/start-browser 735 | # see: https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/usr/libexec/anon-ws-disable-stacked-tor/torbrowser.sh 736 | rm "${ED}"/usr/bin/torbrowser || die # symlink to /usr/lib64/torbrowser/torbrowser 737 | 738 | newbin - torbrowser <<-EOF 739 | #!/bin/bash 740 | 741 | unset SESSION_MANAGER 742 | export GSETTINGS_BACKEND=memory 743 | export __GL_SHADER_DISK_CACHE=0 744 | 745 | export TOR_SKIP_LAUNCH=1 746 | export TOR_SKIP_CONTROLPORTTEST=1 747 | 748 | if @DEFAULT_WAYLAND@ && [[ -z \${MOZ_DISABLE_WAYLAND} ]]; then 749 | if [[ -n "\${WAYLAND_DISPLAY}" ]]; then 750 | export MOZ_ENABLE_WAYLAND=1 751 | fi 752 | fi 753 | 754 | exec /usr/$(get_libdir)/torbrowser/torbrowser "\${@}" 755 | EOF 756 | 757 | # Update wrapper 758 | local use_wayland="false" 759 | if use wayland ; then 760 | use_wayland="true" 761 | fi 762 | sed -i -e "s:@DEFAULT_WAYLAND@:${use_wayland}:" "${ED}/usr/bin/${PN}" || die 763 | 764 | # torbrowser and torbrowser-bin are identical 765 | rm "${ED}"${MOZILLA_FIVE_HOME}/torbrowser-bin || die 766 | dosym torbrowser ${MOZILLA_FIVE_HOME}/torbrowser-bin 767 | 768 | # https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/maint-14.5/projects/browser/build#L71 769 | insinto ${MOZILLA_FIVE_HOME}/browser/extensions 770 | newins "${DISTDIR}/noscript-${NOSCRIPT_VERSION}.xpi" {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi 771 | 772 | # https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/main/projects/fonts 773 | insinto /usr/$(get_libdir)/torbrowser/ 774 | doins -r "${WORKDIR}/tor-browser/Browser/fonts" 775 | 776 | # see https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/main/projects/browser/Bundle-Data/Docs/ChangeLog.txt 777 | newdoc "${DISTDIR}/${P}-ChangeLog.txt" ChangeLog.txt 778 | 779 | # see: https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/usr/libexec/anon-ws-disable-stacked-tor/torbrowser.sh 780 | dodoc "${FILESDIR}/99torbrowser.example" 781 | dodoc "${FILESDIR}/torrc.example" 782 | } 783 | 784 | pkg_postinst() { 785 | xdg_pkg_postinst 786 | 787 | if [[ -z "${REPLACING_VERSIONS}" ]] ; then 788 | ewarn "This Tor Browser build is _NOT_ recommended by Tor upstream but uses" 789 | ewarn "the exact same sources. Use this only if you know what you are doing!" 790 | elog "Torbrowser uses port 9150 to connect to Tor. You can change the port" 791 | elog "in /etc/env.d/99torbrowser to match your setup." 792 | elog "An example file is available at /usr/share/doc/${P}/99torbrowser.example.bz2" 793 | elog "" 794 | elog "To get the advanced functionality (network information," 795 | elog "new identity), Torbrowser needs to access a control port." 796 | elog "Set the Variables in /etc/env.d/99torbrowser accordingly." 797 | fi 798 | } 799 | --------------------------------------------------------------------------------