From 00a0b8a5741eb78391932a26dad0881bc01cef30 Mon Sep 17 00:00:00 2001
From: SLNOS <anonymous@wired>
Date: Sat, 1 Apr 2017 00:00:00 +0000
Subject: [PATCH] firefoxPackages: tor-browser: init at 6.5.2

---
 .../networking/browsers/firefox/common.nix    | 49 +++++++++++----
 .../networking/browsers/firefox/packages.nix  | 62 ++++++++++++++++++-
 pkgs/top-level/all-packages.nix               |  1 +
 3 files changed, 100 insertions(+), 12 deletions(-)

diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix
index 51307272db26..e926822b42aa 100644
--- a/pkgs/applications/networking/browsers/firefox/common.nix
+++ b/pkgs/applications/networking/browsers/firefox/common.nix
@@ -1,5 +1,6 @@
 { pname, version, updateScript ? null
-, src, patches ? [], meta }:
+, src, patches ? [], overrides ? {}, meta
+, isTorBrowserLike ? false }:
 
 { lib, stdenv, pkgconfig, pango, perl, python, zip, libIDL
 , libjpeg, zlib, dbus, dbus_glib, bzip2, xorg
@@ -22,12 +23,13 @@
 
 ## privacy-related options
 
-, privacySupport ? false
+, privacySupport ? isTorBrowserLike
 
 # WARNING: NEVER set any of the options below to `true` by default.
 # Set to `privacySupport` or `false`.
 
 , webrtcSupport ? !privacySupport
+, loopSupport ? !privacySupport || !isTorBrowserLike
 , geolocationSupport ? !privacySupport
 , googleAPISupport ? geolocationSupport
 , crashreporterSupport ? false
@@ -37,21 +39,22 @@
 
 ## other
 
-# If you want the resulting program to call itself "Firefox" instead
-# of "Nightly" or whatever, enable this option.  However, those
-# binaries may not be distributed without permission from the
-# Mozilla Foundation, see
+# If you want the resulting program to call itself
+# "Firefox"/"Torbrowser" instead of "Nightly" or whatever, enable this
+# option. However, in Firefox's case, those binaries may not be
+# distributed without permission from the Mozilla Foundation, see
 # http://www.mozilla.org/foundation/trademarks/.
 , enableOfficialBranding ? false
 }:
 
 assert stdenv.cc ? libc && stdenv.cc.libc != null;
+assert !isTorBrowserLike -> loopSupport; # can't be disabled on firefox :(
 
 let
   flag = tf: x: [(if tf then "--enable-${x}" else "--disable-${x}")];
 in
 
-stdenv.mkDerivation rec {
+stdenv.mkDerivation (rec {
   name = "${pname}-unwrapped-${version}";
 
   inherit src patches meta;
@@ -60,12 +63,14 @@ stdenv.mkDerivation rec {
     gtk2 perl zip libIDL libjpeg zlib bzip2
     dbus dbus_glib pango freetype fontconfig xorg.libXi
     xorg.libX11 xorg.libXrender xorg.libXft xorg.libXt file
-    nss nspr libnotify xorg.pixman yasm mesa
+    nspr libnotify xorg.pixman yasm mesa
     xorg.libXScrnSaver xorg.scrnsaverproto
     xorg.libXext xorg.xextproto sqlite unzip makeWrapper
     hunspell libevent libstartup_notification libvpx /* cairo */
     icu libpng jemalloc
   ]
+  ++ lib.optionals (!isTorBrowserLike) [ nss ]
+
   ++ lib.optional  alsaSupport alsaLib
   ++ lib.optional  pulseaudioSupport libpulseaudio # only headers are needed
   ++ lib.optionals ffmpegSupport [ gstreamer gst-plugins-base ]
@@ -98,8 +103,6 @@ stdenv.mkDerivation rec {
     "--with-system-jpeg"
     "--with-system-zlib"
     "--with-system-bz2"
-    "--with-system-nspr"
-    "--with-system-nss"
     "--with-system-libevent"
     "--with-system-libvpx"
     "--with-system-png" # needs APNG support
@@ -119,11 +122,33 @@ stdenv.mkDerivation rec {
     "--disable-gconf"
     "--enable-default-toolkit=cairo-gtk${if gtk3Support then "3" else "2"}"
   ]
+
+  # TorBrowser patches these
+  ++ lib.optionals (!isTorBrowserLike) [
+    "--with-system-nss"
+    "--with-system-nspr"
+  ]
+
+  # and wants these
+  ++ lib.optionals isTorBrowserLike [
+    "--with-tor-browser-version=${version}"
+    "--enable-signmar"
+    "--enable-verify-mar"
+
+    # We opt out of TorBrowser's nspr because that patch is useless on
+    # anything but Windows and produces zero fingerprinting
+    # possibilities on other platforms.
+    # Lets save some space instead.
+    "--with-system-nspr"
+  ]
+
   ++ flag alsaSupport "alsa"
   ++ flag pulseaudioSupport "pulseaudio"
   ++ flag ffmpegSupport "ffmpeg"
   ++ lib.optional (!ffmpegSupport) "--disable-gstreamer"
   ++ flag webrtcSupport "webrtc"
+  ++ lib.optionals isTorBrowserLike
+       (flag loopSupport "loop")
   ++ flag geolocationSupport "mozril-geoloc"
   ++ lib.optional googleAPISupport "--with-google-api-keyfile=ga"
   ++ flag crashreporterSupport "crashreporter"
@@ -171,8 +196,10 @@ stdenv.mkDerivation rec {
     browserName = "firefox";
     inherit version updateScript;
     isFirefox3Like = true;
+    inherit isTorBrowserLike;
     gtk = gtk2;
     inherit nspr;
     inherit ffmpegSupport;
   };
-}
+
+} // overrides)
diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix
index ad9cfa2ca5d3..5bc020909f97 100644
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@@ -1,4 +1,4 @@
-{ lib, callPackage, fetchurl }:
+{ lib, callPackage, fetchurl, fetchFromGitHub }:
 
 let common = opts: callPackage (import ./common.nix opts); in
 
@@ -40,4 +40,64 @@ rec {
     };
   } {};
 
+  tor-browser = common rec {
+    pname = "tor-browser";
+    version = "6.5.2";
+    isTorBrowserLike = true;
+
+    # FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb
+    src = fetchFromGitHub {
+      owner = "SLNOS";
+      repo  = "tor-browser";
+      rev   = "tor-browser-45.8.0esr-6.5-2";
+      sha256 = "0vbcp1qlxjlph0dqibylsyvb8iah3lnzdxc56hllpvbn51vrp39j";
+    };
+
+    overrides = {
+      unpackPhase = ''
+        # fetchFromGitHub produces ro sources, root dir gets a name that
+        # is too long for shebangs. fixing
+        cp -a $src .
+        mv *-src tor-browser
+        chmod -R +w tor-browser
+        cd tor-browser
+
+        # set times for xpi archives
+        find . -exec touch -d'2010-01-01 00:00' {} \;
+      '';
+    };
+
+    meta = {
+      description = "A web browser built from TorBrowser source tree";
+      longDescription = ''
+        This is a version of TorBrowser with bundle-related patches
+        reverted.
+
+        I.e. it's a variant of Firefox with less fingerprinting and
+        some isolation features you can't get with any extensions.
+
+        Or, alternatively, a variant of TorBrowser that works like any
+        other UNIX program and doesn't expect you to run it from a
+        bundle.
+
+        It will use your default Firefox profile if you're not careful
+        even! Be careful!
+
+        It will clash with firefox binary if you install both. But its
+        not a problem since you should run browsers in separate
+        users/VMs anyway.
+
+        Create new profile by starting it as
+
+        $ firefox -ProfileManager
+
+        and then configure it to use your tor instance.
+      '';
+      homepage = https://www.torproject.org/projects/torbrowser.html;
+      platforms = lib.platforms.linux;
+    };
+  } {
+    ffmpegSupport = false;
+  };
+
 }
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index be36356d90e8..024d658560d8 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -13787,6 +13787,7 @@ with pkgs;
 
   firefox-unwrapped = firefoxPackages.firefox;
   firefox-esr-unwrapped = firefoxPackages.firefox-esr;
+  tor-browser-unwrapped = firefoxPackages.tor-browser;
 
   firefox = wrapFirefox firefox-unwrapped { };
   firefox-esr = wrapFirefox firefox-esr-unwrapped { };