ecd0e1a2c7
This patch restructures the expression and wrapper to minimize Nix store references captured by the user's state directory. The previous version would write lots of references to the Nix store into the user's state directory, resulting in synchronization issues between the Store and the local state directory. At best, this would cause TBB to stop working when the version used to instantiate the local state was garbage collected; at worst, a user would continue to use the old version even after an upgrade. To solve the issue, hard-code as much as possible at the Store side and minimize the amount of stuff being copied into the local state dir. Currently, only a few files generated at firefox startup and fontconfig cache files end up capturing store paths; these files are simply removed upon every startup. Otherwise, no capture should occur and the user should always be using the TBB associated with the tor-browser wrapper script. To check for stale Store paths, do `grep -Ero '/nix/store/[^/]+' ~/.local/share/tor-browser` This command should *never* return any other store path than the one associated with the current tor-browser wrapper script, even after an update (assuming you've run tor-browser at least once after updating). Deviations from this general rule are considered bugs from now on. Note that no attempt has been made to support pluggable transports; they are still broken with this patch (to be fixed in a follow-up patch). User visible changes: - Wrapper retains only environment variables required for TBB to work - pulseaudioSupport can be toggled independently of mediaSupport (the latter weakly implies the former). - Store local state under $TBB_HOME. Defaults to $XDG_DATA_HOME/tor-browser - Stop obnoxious first-run stuff (NoScript redirect, in particular) - Set desktop item GenericName to Web Browser Some minor enhancements: - Disable Hydra builds - Specify system -> source mapping to make it easier to extend supported platforms. |
||
---|---|---|
.. | ||
aespipe | ||
afl | ||
aide | ||
apg | ||
bmrsa | ||
bruteforce-luks | ||
ccid | ||
ccrypt | ||
chaps | ||
chkrootkit | ||
chntpw | ||
cipherscan | ||
clamav | ||
cowpatty | ||
crackxls | ||
crunch | ||
dirmngr | ||
duo-unix | ||
ecryptfs | ||
eid-mw | ||
eid-viewer | ||
encryptr | ||
enpass | ||
fail2ban | ||
fcrackzip | ||
fpm2 | ||
fprint_demo | ||
fprintd | ||
fprot | ||
fwknop | ||
gencfsm | ||
gnupg | ||
gorilla-bin | ||
gpgstats | ||
haka | ||
hash-slinger | ||
hashcat | ||
haveged | ||
hologram | ||
jd-gui | ||
john | ||
kbfs | ||
keybase | ||
keybase-gui | ||
knockknock | ||
kpcli | ||
lastpass-cli | ||
logkeys | ||
mbox | ||
meo | ||
metasploit | ||
mfcuk | ||
mfoc | ||
minisign | ||
mkpasswd | ||
mkrand | ||
mktemp | ||
modsecurity | ||
monkeysphere | ||
mpw | ||
munge | ||
nasty | ||
nitrokey-app | ||
nmap | ||
nsjail | ||
oath-toolkit | ||
omapd | ||
opencryptoki | ||
opensc | ||
ossec | ||
p0f | ||
pamtester | ||
paperkey | ||
pass | ||
pcsc-cyberjack | ||
pcsclite | ||
pcsctools | ||
pgpdump | ||
phrasendrescher | ||
pinentry | ||
pinentry-mac | ||
pius | ||
polkit-gnome | ||
prey | ||
pwgen | ||
qdigidoc | ||
qesteidutil | ||
radamsa | ||
rarcrack | ||
rhash | ||
rng-tools | ||
sbsigntool | ||
scrypt | ||
seccure | ||
secp256k1 | ||
sha1collisiondetection | ||
shc | ||
signing-party | ||
simple-tpm-pk11 | ||
softhsm | ||
sops | ||
srm | ||
ssdeep | ||
sshuttle | ||
sslscan | ||
ssss | ||
steghide | ||
stoken | ||
stricat | ||
su-exec | ||
sudo | ||
sudolikeaboss | ||
super | ||
tboot | ||
tcpcrypt | ||
thc-hydra | ||
tmin | ||
tor | ||
tpm-luks | ||
tpm-quote-tools | ||
tpm-tools | ||
trousers | ||
vault | ||
vidalia | ||
volatility | ||
vulnix | ||
wipe | ||
yara |