On Wed, Jan 4, 2023, at 5:47 PM, John Kehayias wrote: > Hi Jim, > > On Fri, Dec 16, 2022 at 05:39 PM, Jim Newsome wrote: > > > Sorry for (presumably) breaking threading; I came across this online and > > don't see a way to set my in-reply-to-email header properly. > > > > Anyways just thought I'd mention that I recently learned about this > > feature, and was able to use it to get a downloaded [Tor Browser Bundle] > > running with: > > > > > > ``` > > guix shell \ > > --container \ > > --network \ > > --emulate-fhs \ > > --preserve='^DISPLAY$' > > --share=/run/user/$(id -u)/gdm \ > > openssl@1 \ > > libevent \ > > pciutils \ > > dbus-glib \ > > bash \ > > libgccjit \ > > libcxx \ > > gtk+ \ > > coreutils \ > > grep \ > > sed \ > > file \ > > alsa-lib \ > > -- \ > > ./start-tor-browser.desktop -v > > ``` > > > > `--preserve='^DISPLAY$'` and `--share=/run/user/$(id -u)/gdm` are to get > > access to the display. I'm not sure the second parameter is universally > > correct; I reverse-engineered it via roughly `ps aux | grep -- -auth`. > > > > The `-v` parameter to the browser script keeps it from trying to > > background itself, which otherwise causes the container and browser to > > terminate. > > > > It'd ultimately be nice to package the Tor Browser Bundle properly for > > guix, but it's nice to be able to use it this way in the meantime. > > Thanks again for this! I slightly modified it for the blog post, which you > can see in draft form at <https://issues.guix.gnu.org/60112>. I used > 'gcc:lib' instead of 'libgccjit' as it is smaller, and changed the needed > display options to be like the previous ones I had. Yours didn't work for me > since it looks like it relies on sharing something from GDM, which I don't > use. But do let me know if my version doesn't work for you. > > Also gave you credit for this example; if you prefer not to be mentioned by > name/link to the mailing list for any reason, just let me know. > > Oh, and we do have some (older) patches for building the Tor Browser from > source, but I don't know if they currently work: > <https://issues.guix.gnu.org/42380> Your example was great though, something > very useful! > > John
Thanks, looks good, and the command in your patch also works for me. I agree that passing and exposing XAUTHORITY seems better. Experimentally, sharing the directory read-only also works (using `--expose` instead of `--share`) also works, but I'm not familiar enough with this mechanism to be confident that'll work for everyone, or whether making it read-only is worth the fuss. Btw it turns out that `libevent` and `openssl@1` can be dropped; they're already bundled. All together, here's my current "best" version: ``` guix shell --container --network --emulate-fhs \ --preserve='^DISPLAY$' --preserve='^XAUTHORITY$' --expose=$XAUTHORITY \ alsa-lib bash coreutils dbus-glib file gcc:lib grep gtk+ \ libcxx pciutils sed \ -- ./start-tor-browser.desktop -v ```