Hi Jim,
On Fri, Dec 16, 2022 at 05:39 PM, Jim Newsome wrote:
> Sorry for (presumably) breaking threading; I came across this online and
> don't see a way to set my in-reply-to-email header properly.
>
> Anyways just thought I'd mention that I recently learned about this
> feature, and was able to use it to get a downloaded [Tor Browser Bundle]
> running with:
>
>
> ```
> guix shell \
> --container \
> --network \
> --emulate-fhs \
> --preserve='^DISPLAY$'
> --share=/run/user/$(id -u)/gdm \
> openssl@1 \
> libevent \
> pciutils \
> dbus-glib \
> bash \
> libgccjit \
> libcxx \
> gtk+ \
> coreutils \
> grep \
> sed \
> file \
> alsa-lib \
> -- \
> ./start-tor-browser.desktop -v
> ```
>
> `--preserve='^DISPLAY$'` and `--share=/run/user/$(id -u)/gdm` are to get
> access to the display. I'm not sure the second parameter is universally
> correct; I reverse-engineered it via roughly `ps aux | grep -- -auth`.
>
> The `-v` parameter to the browser script keeps it from trying to
> background itself, which otherwise causes the container and browser to
> terminate.
>
> It'd ultimately be nice to package the Tor Browser Bundle properly for
> guix, but it's nice to be able to use it this way in the meantime.
Thanks again for this! I slightly modified it for the blog post, which you can see in draft form at <
https://issues.guix.gnu.org/60112>. I used 'gcc:lib' instead of 'libgccjit' as it is smaller, and changed the needed display options to be like the previous ones I had. Yours didn't work for me since it looks like it relies on sharing something from GDM, which I don't use. But do let me know if my version doesn't work for you.
Also gave you credit for this example; if you prefer not to be mentioned by name/link to the mailing list for any reason, just let me know.
Oh, and we do have some (older) patches for building the Tor Browser from source, but I don't know if they currently work: <
https://issues.guix.gnu.org/42380> Your example was great though, something very useful!
John
Thanks, looks good, and the command in your patch also works for me.
I agree that passing and exposing XAUTHORITY seems better. Experimentally, sharing the directory read-only also works (using `--expose` instead of `--share`) also works, but I'm not familiar enough with this mechanism to be confident that'll work for everyone, or whether making it read-only is worth the fuss.
Btw it turns out that `libevent` and `openssl@1` can be dropped; they're already bundled. All together, here's my current "best" version: