tor-browser-bundle-bin: runtime purity improvements

lol

These changes reduce file accesses outside TBB_HOME or the Nix store, as
determined by running under strace -e access,open,stat.

Joachim Fasting 8 years ago f84125c3 c8f2dbae

+30 -2

1 changed file

expand all

unified split

pkgs

applications

networking

browsers

tor-browser-bundle-bin

default.nix

+30 -2

pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix

··· 38 38 # Pluggable transport dependencies 39 39 , python27 40 40 41 + # Wrapper runtime 42 + , coreutils 43 + , glibcLocales 44 + , hicolor_icon_theme 45 + , shared_mime_info 46 + 41 47 # Extra preferences 42 48 , extraPrefs ? "" 43 49 }: ··· 45 51 with stdenv.lib; 46 52 47 53 let 48 - libPath = makeLibraryPath ([ 54 + libPath = makeLibraryPath libPkgs; 55 + 56 + libPkgs = [ 49 57 atk 50 58 cairo 51 59 dbus ··· 62 70 libXt 63 71 pango 64 72 stdenv.cc.cc 73 + stdenv.cc.libc 65 74 zlib 66 75 ] 67 76 ++ optionals pulseaudioSupport [ libpulseaudio ] ··· 70 79 gst-plugins-base 71 80 gmp 72 81 ffmpeg 73 - ]); 82 + ]; 74 83 75 84 gstPluginsPath = concatMapStringsSep ":" (x: 76 85 "${x}/lib/gstreamer-0.10") [ ··· 225 234 GeoIPv6File $TBB_IN_STORE/TorBrowser/Data/Tor/geoip6 226 235 EOF 227 236 237 + WRAPPER_XDG_DATA_DIRS=${concatMapStringsSep ":" (x: "${x}/share") [ 238 + hicolor_icon_theme 239 + shared_mime_info 240 + ]} 241 + 228 242 # Generate wrapper 229 243 mkdir -p $out/bin 230 244 cat > "$out/bin/tor-browser" << EOF 231 245 #! ${stdenv.shell} 232 246 set -o errexit -o nounset 247 + 248 + PATH=${makeBinPath [ coreutils ]} 249 + export LC_ALL=C 250 + export LOCALE_ARCHIVE=${glibcLocales}/lib/locale/locale-archive 233 251 234 252 # Enter local state directory. 235 253 REAL_HOME=\$HOME ··· 291 309 # Setting FONTCONFIG_FILE is required to make fontconfig read the TBB 292 310 # fonts.conf; upstream uses FONTCONFIG_PATH, but FC_DEBUG=1024 293 311 # indicates the system fonts.conf being used instead. 312 + # 313 + # XDG_DATA_DIRS is set to prevent searching system dirs (looking for .desktop & icons) 294 314 exec env -i \ 315 + TZ=":" \ 316 + TZDIR="\''${TZDIR:-}" \ 317 + LOCALE_ARCHIVE="\$LOCALE_ARCHIVE" \ 318 + \ 319 + TMPDIR="\''${TMPDIR:-/tmp}" \ 295 320 HOME="\$HOME" \ 296 321 XAUTHORITY="\$XAUTHORITY" \ 297 322 DISPLAY="\$DISPLAY" \ 298 323 DBUS_SESSION_BUS_ADDRESS="\$DBUS_SESSION_BUS_ADDRESS" \ 324 + \ 325 + XDG_DATA_HOME="\$HOME/.local/share" \ 326 + XDG_DATA_DIRS="$WRAPPER_XDG_DATA_DIRS" \ 299 327 \ 300 328 PULSE_SERVER="\''${PULSE_SERVER:-}" \ 301 329 PULSE_COOKIE="\''${PULSE_COOKIE:-}" \