Attachment 323460 Details for Bug 434652 – Answer to some questions about building a custom Tor Browser from a Tor Browser developer

Answer to some questions about building a custom Tor Browser from a Tor Browser developer

tor-browser-developer-answer.txt (text/plain), 6.08 KB, created by Alessandro Di Federico on 2012-09-10 21:51:54 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Alessandro Di Federico

Created: 2012-09-10 21:51:54 UTC

Size: 6.08 KB

patch

obsolete

>From: 	Jacob Appelbaum <jacob@appelbaum.net>
>To: 	Alessandro Di Federico <ale@clearmind.me>
>Subject: 	Re: TBB Gentoo ebuild
>Date: 	Mon, 20 Aug 2012 06:26:22 +0000
>Message-id: 	<5031D88E.9060401@appelbaum.net>
>
>
>Alessandro Di Federico:
>> Hi, I'm trying to put up an ebuild for the Tor Browser for
>> Gentoo. As you may know an ebuild is a script which automates the build
>> of a certain application. We already have something in Portage [2] (the
>> official ebuild repository) but it's in an experimental state and we
>> want to make sure that it's something useful and not harmful.
>> 
>
>Is it possible to just ship the sources we ship and build it as is?
>
>> So I'd like to know your opinion about the idea as whole (is it a good
>> idea at all to build by yourself the Tor Browser instead of using the official
>> one?) and what could be the main problems arising in such an operation.
>> So:
>> 
>>      1. Can you name a list of tools to fingerprint a browser so we can
>>         compare our ebuild with the official Tor Browser?
>
>Mike Perry and Erinn Clarke - I can attest, they're not tools! :)
>
>>      2. Which version should we use? We were planning to offer both the
>>         current official release (even if Tor Browser for Linux is currently in
>>         beta) and something more recent, even if AFAIK this would be for
>>         testing purpose only and could weaken anonymity and
>>         untrackability.
>
>The most recent release is best.
>
>>      3. We plan to use the system version of the Tor client, in my
>>         understanding it should not be a problem to use a Tor client
>>         with a version different from the one officially released, but I
>>         could be wrong. We also plan to exclude vidalia (and the
>>         "0015-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch" patch).
>
>That should probably be at least 0.2.3.x Tor - anything less is sorta
>crazy - specifically for the Separate Streams feature.
>
>>      4. We have a different ebuild for the Firefox profile directory (so
>>         if it's not installed the HTTPS Everywhere plugin won't be
>>         installed), is this a good idea or would it be better to
>>         integrate them?
>
>So - the thing that people run, if you want to call it a Tor Browser
>Bundle, it makes little to no sense to deviate unless you have a team of
>people working to keep it safe, tested, etc.
>
>>      5. Gentoo build system offers USE flags, which are options that
>>         allow to customize the way the package is built. These are the
>>         USE flag available for the standard Firefox ebuild in Gentoo,
>>         which is the base for our build of the Tor Browser:
>>              1. alsa: Adds support for media-libs/alsa-lib (Advanced
>>                 Linux Sound Architecture)
>>              2. bindist: Disable official Firefox branding (icons, name)
>>                 which are not binary-redistributable according to
>>                 upstream.
>>              3. custom-cflags: Build with user-specified CFLAGS
>>                 (unsupported)
>>              4. custom-optimization: Fine-tune custom compiler
>>                 optimizations, setting this is not recommended.
>>              5. dbus: Enable dbus support for anything that needs it
>>                 (gpsd, gnomemeeting, etc)
>>              6. debug: Enable extra debug codepaths, like asserts and
>>                 extra output. If you want to get meaningful backtraces
>>                 see http://www.gentoo.org/proj/en/qa/backtraces.xml
>>              7. ipc: Use inter-process communication between tabs and
>>                 plugins. Allows for greater stability in case of plugin
>>                 crashes
>>              8. libnotify: Enable desktop notification support
>>              9. minimal:  Prevent sdk and headers from being installed
>>             10. pgo: Add support for profile-guided optimization using
>>                 gcc-4.5, for faster binaries. This option will double
>>                 the compile time.
>>             11. startup-notification: Enable application startup event
>>                 feedback mechanism
>>             12. system-sqlite: Use the system-wide dev-db/sqlite
>>                 installation with secure-delete enabled
>>             13. webm: Use system media-libs/libvpx for HTML5 WebM video
>>                 support.
>>             14. wifi: Enable wireless network functions
>>         
>>         Looking at the Tor Browser build script this the combination of USE
>>         flags to make as similar as possible to the official release
>>         (minus means the USE flag is disabled): -pgo -debug -bindist
>>         -custom-optimization -crashreporter webm ipc system-sqlite
>>         -wifi. I'm planning to remove the possibility to configure these
>>         use flags.
>>         Do you agree? For further details you can take a look at the
>>         ebuild [1], which should be understandable. Take a look also at
>>         the current ebuild for Tor Browser [2].
>
>Whoa - that sounds like madness.
>
>>         
>> Is there something else we should pay attention to in the build process
>> or in general?
>> 
>
>Using the released sources and building it all as is seems safest.
>You're effectively trying to build a new TBB - a noble cause, no
>question about it. If you removed Vidalia and depend on a specific Tor,
>add say, SELinux or AppAmmor - it would be probably a lot nicer from a
>UX perspective and more secure from a kernel hardening perspective.
>
>Changing everything else seems like a path of madness and probably,
>misery in anonymity bugs everywhere land.
>
>All the best,
>Jacob
>
>> Thanks in advance,
>> Alessandro Di Federico
>> 
>> P.S. I've posted this e-mail also on tor-dev without good results, sorry
>> for contacting you personally. I collect your e-mail addresses with this
>> command `git log --pretty=format:"%an %ae" | sort | uniq -c | sort -n -r
>> | sed 's/.*\s//'| head -n7`.
>> 
>> [1] http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/www-client/firefox/firefox-10.0.6.ebuild?view=markup
>>     http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/eclass/mozconfig-3.eclass?view=markup
>> [2] http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/www-client/torbrowser/torbrowser-13.0-r1.ebuild?view=markup
>

Actions: View

Attachments on bug 434652: 323460 | 323562 | 323596