[Tor-BSD] Porting Tor Browser to the BSDs

[attila]

Libertas <libertas at mykolab.com> writes:
>
>Has anyone looked into this? I talked to the maintainer of the OpenBSD
>Firefox port, but he wasn't very interested and pointed out the
>difficulty caused by the deterministic build system.
>
>I can verify that it doesn't work out of the box, but haven't had time
>to play with it much more than that. I think that the Tor Browser is an
>increasingly important tool, and that it's a problem that it isn't
>available on the BSDs.
>
>Thoughts? Suggestions?

I have been looking into this on and off for a little while.  My focus
has been an OpenBSD port, but I'm sure a lot of what I've run into is
true across BSDs.  My thoughts so far:

tor-browser development seems awfully Linux-centric; no thought is
given to portability outside of {Linux,OSX,Windows}.  The gitian-based
build system must be ditched in a BSD context.  Instead the right
thing to do is a set of ports, the most important of which is the
tor-browser.  I have started on this by wading through the diffs
between the tor-browser-31.4.0esr-4.5-1 branch in the tor-browser git
repo and esr31.4.0, which is thankfully what happens to be in
OpenBSD-current ports.  There are a lot of diffs, obviously, and the
end result is going to be a port with a huge honking patches/
subdir... a maintainability nightmare, at least on the surface.

There are many diffs that are all about the build system which I will
ditch; this will probably cause me problems elsewhere.  There is also
the matter of tor-button, which, for the record, I consider an
abomination.  I think I understand why the tor-browser ppl insist on
keeping it around but I am sorely tempted to find another way...

This last sentiment sort of saturates my thinking on moving forward
with tor-browser.  There has been a lot of good work done, for
instance in anti-fingerprinting measures, but then a lot of what's
going on leaves me with a bad feeling, like this:
   <https://trac.torproject.org/projects/tor/ticket/9387>

The amount of heat and steam expended on coming up with a slider that
says:

      more usable <--------------> most secure

truly depresses me.  I do not want to use a browser that has such a
thing in it.  I don't think this is a good use of time.  I think a
better use of time would've been doing something about the thousands
of remaining uses of sprintf, strcat and strcpy... at least there are
a few hundred uses of strl{cat,cpy}.  My point is: if the idea is that
tor-browser is not just for tor but is a better, more secure,
standards-compliant and plugin-averse browser for the masses then
adding new (ridiculous) features when there are so many papercuts and
sucking chest-wounds to attend to first rubs me the wrong way.  I
generally use the term "linux attitude" as a placeholder for this
approach to development in general, but then I'm typing this on a
thinkpad running OpenBSD, so...

Anyway, my status is that I'm still wading through the patches and
working my way towards a www/tor-browser port that is based on the
www/firefox-esr port.  I will try to get a git repo up somewhere for
review and collaboration in the next day or two.  There is still quite
a ways to go before a working tor-browser and that is only one
component of the tbb, which presents a whole 'nother kettle of fish
when it comes to porting...

More later.  I am on the tor-bsd list, just slow to respond... sorry.

Pax, -A