On Wed, Jan 4, 2023, at 5:47 PM, John Kehayias wrote:
> Hi Jim,
>
> On Fri, Dec 16, 2022 at 05:39 PM, Jim Newsome wrote:
>
> > Sorry for (presumably) breaking threading; I came across this online and
> > don't see a way to set my in-reply-to-email header properly.
> >
> > Anyways just thought I'd mention that I recently learned about this
> > feature, and was able to use it to get a downloaded [Tor Browser Bundle]
> > running with:
> >
> >
> > ```
> > guix shell \
> >--container \
> >--network \
> >--emulate-fhs \
> >--preserve='^DISPLAY$'
> >--share=/run/user/$(id -u)/gdm \
> >openssl@1 \
> >libevent \
> >pciutils \
> >dbus-glib \
> >bash \
> >libgccjit \
> >libcxx \
> >gtk+ \
> >coreutils \
> >grep \
> >sed \
> >file \
> >alsa-lib \
> >-- \
> >./start-tor-browser.desktop -v
> > ```
> >
> > `--preserve='^DISPLAY$'` and `--share=/run/user/$(id -u)/gdm` are to get
> > access to the display. I'm not sure the second parameter is universally
> > correct; I reverse-engineered it via roughly `ps aux | grep -- -auth`.
> >
> > The `-v` parameter to the browser script keeps it from trying to
> > background itself, which otherwise causes the container and browser to
> > terminate.
> >
> > It'd ultimately be nice to package the Tor Browser Bundle properly for
> > guix, but it's nice to be able to use it this way in the meantime.
>
> Thanks again for this! I slightly modified it for the blog post, which you
> can see in draft form at <https://issues.guix.gnu.org/60112>. I used
> 'gcc:lib' instead of 'libgccjit' as it is smaller, and changed the needed
> display options to be like the previous ones I had. Yours didn't work for me
> since it looks like it relies on sharing something from GDM, which I don't
> use. But do let me know if my version doesn't work for you.
>
> Also gave you credit for this example; if you prefer not to be mentioned by
> name/link to the mailing list for any reason, just let me know.
>
> Oh, and we do have some (older) patches for building the Tor Browser from
> source, but I don't know if they currently work:
> <https://issues.guix.gnu.org/42380> Your example was great though, something
> very useful!
>
> John
Thanks, looks good, and the command in your patch also works for me.
I agree that passing and exposing XAUTHORITY seems better. Experimentally,
sharing the directory read-only also works (using `--expose` instead of
`--share`) also works, but I'm not familiar enough with this mechanism to be
confident that'll work for everyone, or whether making it read-only is worth
the fuss.
Btw it turns out that `libevent` and `openssl@1` can be dropped; they're
already bundled. All together, here's my current "best" version:
```
guix shell --container --network --emulate-fhs \
--preserve='^DISPLAY$' --preserve='^XAUTHORITY$' --expose=$XAUTHORITY \
alsa-lib bash coreutils dbus-glib file gcc:lib grep gtk+ \
libcxx pciutils sed \
-- ./start-tor-browser.desktop -v
```
