gnu: make-torbrowser: Remove redundant phase.

Follow up to commit 6ee9cd170b which added torbrowsers-add-store-to-rdd-allowlist.patch and implicitly made 'build-sandbox-whitelist phase unnecessary. Users are encouraged to use Guix Containers if they want to restrict browsers' access to their file systems. * gnu/packages/tor-browsers.scm (make-torbrowser) [arguments] <#:phases> 'build-sandbox-whitelist: Remove it; 'autoconfig: Remove step that adds the forementioned list to browser default preferences. * gnu/packages/patches/torbrowsers-add-store-to-rdd-allowlist.patch: Add explanatory comment and refer to issues this patch addresses. Change-Id: Icc0ea4c2470e8bc82e3a2bf57966b46fd47a7cf8 Signed-off-by: Hilton Chain <hako@ultrarare.space>
2025-10-02 02:15:12 +00:00 · 2025-08-01 14:22:37 -03:00 · 2025-08-01 14:22:37 -03:00 · 17cdf44ba1
commit 17cdf44ba1
parent aad498d927
2 changed files with 17 additions and 28 deletions
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@ -424,30 +424,6 @@ Browser.")
              (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
                (("libavcodec\\.so")
                 (search-input-file inputs "lib/libavcodec.so")))))
-          (add-after 'fix-ffmpeg-runtime-linker 'build-sandbox-whitelist
-            (lambda* (#:key inputs #:allow-other-keys)
-              (define (runpath-of lib)
-                (call-with-input-file lib
-                  (compose elf-dynamic-info-runpath
-                           elf-dynamic-info
-                           parse-elf
-                           get-bytevector-all)))
-              (define (runpaths-of-input label)
-                (let* ((dir (string-append (assoc-ref inputs label) "/lib"))
-                       (libs (find-files dir "\\.so$")))
-                  (append-map runpath-of libs)))
-              ;; Populate the sandbox read-path whitelist as needed by ffmpeg.
-              (let* ((whitelist
-                      (map (cut string-append <> "/")
-                           (delete-duplicates
-                            `(,(string-append (assoc-ref inputs "shared-mime-info")
-                                              "/share/mime")
-                              ,@(append-map runpaths-of-input
-                                            '("mesa" "ffmpeg"))))))
-                     (whitelist-string (string-join whitelist ",")))
-                (with-output-to-file "whitelist.txt"
-                  (lambda ()
-                    (display whitelist-string))))))
          (add-after 'patch-source-shebangs 'patch-cargo-checksums
            (lambda _
              (use-modules (guix build cargo-utils))
@ -754,10 +730,6 @@ Browser.")
                    ;; Default is 5.
                    (format #t "pref(~s, ~a);~%"
                            "extensions.enabledScopes" "13")
-                    (format #t "pref(~s, ~s);~%"
-                            "security.sandbox.content.read_path_whitelist"
-                            (call-with-input-file "whitelist.txt"
-                              get-string-all))
                    ;; Add-ons pannel (see settings.js in Icecat source).
                    (format #t "pref(~s, ~s);~%"
                            "extensions.getAddons.search.browseURL"