Unverified Commit 735e0567 authored by Eric Park's avatar Eric Park
Browse files

tor-browser: optionally enable IPC for Tor service (#414877) 

The default behavior on other OSes and distributions is to use
port 9150 to host the Tor service so that other applications may
use it. While using IPC may have benefits it breaks the existing
default behavior and causes the package Nixpkgs ships to have
an opinionated default that cannot be easily disabled.

This commit gates the config lines behind `useIPCTorService`
so that users who are unaffected by this and wish to use it can
toggle it on.

Fixes #414877
parent b7f30c48

pkgs/by-name/to/tor-browser/package.nix

+8 −4
Original line number Diff line number Diff line
@@ -60,6 +60,8 @@ 
  # Whether to use graphene-hardened-malloc

  useHardenedMalloc ? null,



  # Whether to use IPC for communicating with Tor

  useIPCTorService ? false,

  # Whether to disable multiprocess support

  disableContentSandbox ? false,
@@ -261,11 +263,13 @@ lib.warnIf (useHardenedMalloc != null) 
        lockPref("extensions.torlauncher.torrc-defaults_path", "$TBB_IN_STORE/TorBrowser/Data/Tor/torrc-defaults");

        lockPref("extensions.torlauncher.tor_path", "$TBB_IN_STORE/TorBrowser/Tor/tor");



        // Insist on using IPC for communicating with Tor

        // Optionally use IPC for communicating with Tor

        //

        // Defaults to creating \$XDG_RUNTIME_DIR/Tor/{socks,control}.socket

        // Sockets are created at \$XDG_RUNTIME_DIR/Tor/{socks,control}.socket

        ${lib.optionalString useIPCTorService ''

          lockPref("extensions.torlauncher.control_port_use_ipc", true);

          lockPref("extensions.torlauncher.socks_port_use_ipc", true);

        ''}



        // Optionally disable multiprocess support.  We always set this to ensure that

        // toggling the pref takes effect.