[Tor-BSD] Porting Tor Browser to the BSDs

George Rosamond george at ceetonetechnology.com
Wed Feb 25 22:24:06 EST 2015

> Libertas <libertas at mykolab.com> writes:
>> Has anyone looked into this? I talked to the maintainer of the OpenBSD
>> Firefox port, but he wasn't very interested and pointed out the
>> difficulty caused by the deterministic build system.
>> I can verify that it doesn't work out of the box, but haven't had time
>> to play with it much more than that. I think that the Tor Browser is an
>> increasingly important tool, and that it's a problem that it isn't
>> available on the BSDs.
>> Thoughts? Suggestions?
> I have been looking into this on and off for a little while.  My focus
> has been an OpenBSD port, but I'm sure a lot of what I've run into is
> true across BSDs.  My thoughts so far:
> tor-browser development seems awfully Linux-centric; no thought is
> given to portability outside of {Linux,OSX,Windows}.  The gitian-based
> build system must be ditched in a BSD context.  Instead the right
> thing to do is a set of ports, the most important of which is the
> tor-browser.  I have started on this by wading through the diffs
> between the tor-browser-31.4.0esr-4.5-1 branch in the tor-browser git
> repo and esr31.4.0, which is thankfully what happens to be in
> OpenBSD-current ports.  There are a lot of diffs, obviously, and the
> end result is going to be a port with a huge honking patches/
> subdir... a maintainability nightmare, at least on the surface.
> There are many diffs that are all about the build system which I will
> ditch; this will probably cause me problems elsewhere.  There is also
> the matter of tor-button, which, for the record, I consider an
> abomination.  I think I understand why the tor-browser ppl insist on
> keeping it around but I am sorely tempted to find another way...
> This last sentiment sort of saturates my thinking on moving forward
> with tor-browser.  There has been a lot of good work done, for
> instance in anti-fingerprinting measures, but then a lot of what's
> going on leaves me with a bad feeling, like this:
>    <https://trac.torproject.org/projects/tor/ticket/9387>
> The amount of heat and steam expended on coming up with a slider that
> says:
>       more usable <--------------> most secure
> truly depresses me.  I do not want to use a browser that has such a
> thing in it.  I don't think this is a good use of time.  I think a
> better use of time would've been doing something about the thousands
> of remaining uses of sprintf, strcat and strcpy... at least there are
> a few hundred uses of strl{cat,cpy}.  My point is: if the idea is that
> tor-browser is not just for tor but is a better, more secure,
> standards-compliant and plugin-averse browser for the masses then
> adding new (ridiculous) features when there are so many papercuts and
> sucking chest-wounds to attend to first rubs me the wrong way.  I
> generally use the term "linux attitude" as a placeholder for this
> approach to development in general, but then I'm typing this on a
> thinkpad running OpenBSD, so...
> Anyway, my status is that I'm still wading through the patches and
> working my way towards a www/tor-browser port that is based on the
> www/firefox-esr port.  I will try to get a git repo up somewhere for
> review and collaboration in the next day or two.  There is still quite
> a ways to go before a working tor-browser and that is only one
> component of the tbb, which presents a whole 'nother kettle of fish
> when it comes to porting...
> More later.  I am on the tor-bsd list, just slow to respond... sorry.

Not sure why this thread died, after someone who's been working on this
for a while replies...

Anyways, I think the main question is what to build and how.

It seems clear that it needs to be completely separated from the current
Linux builds, and start from a more "BSD-ish" basis. Ideally, the result
is something easily portable to the other BSDs, not to mention to other
POSIX-esque systems if there's a need.

Without going into more details, I think that once attila has the git
repo up, we can start playing with it.

There's a lot of questions to deal with as attila notes, working the
patches, dealing with the underlying stuff strcat, strcpy and all, and
then the actual fingerprint of this browser.


More information about the Tor-BSD mailing list