The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-11-04T01:46:42Zhttps://gitlab.torproject.org/tpo/web/newsletter/-/issues/22newsletter.torproject.org: migrate from Jenkins to GitLab CI2021-11-04T01:46:42Zanarcatnewsletter.torproject.org: migrate from Jenkins to GitLab CI* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-...* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-site-from-gitlab-ci)
* [x] [deploy the SSH key and static site in Puppet](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#adding-a-new-static-site-shim-in-puppet)
* [x] run the deploy-static job, make sure the site still works and was deployed properly (`curl -sI https://example.torproject.org/ | grep -i Last-Modified`)
* [x] [archive the repo on gitolite](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/gitlab/#how-to-migrate-a-git-repository-from-legacy-to-gitlab)
* [x] remove the old site on staticiforme
* [x] [fully retire the Jenkins jobs](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/jenkins#removing-a-job)
[gitolite project](https://gitweb.torproject.org/project/web/dev.git/)Retire Jenkinshttps://gitlab.torproject.org/tpo/web/team/-/issues/15establish staging workflow for static sites in GitLab CI2022-01-18T16:04:15Zanarcatestablish staging workflow for static sites in GitLab CIin the rush migration surrounding tpo/tpa/team#40501, we moved the main prod websites, but not the staging sites. figure out how those work in GitLab CI and migrate them.in the rush migration surrounding tpo/tpa/team#40501, we moved the main prod websites, but not the staging sites. figure out how those work in GitLab CI and migrate them.Retire JenkinsJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40497mirror the translations repo to gitlab2021-11-08T19:55:38Zanarcatmirror the translations repo to gitlabas part of the jenkins retirement, we have found that we'll need to mirror the translations repository to gitlab for translations to trigger CI runs.as part of the jenkins retirement, we have found that we'll need to mirror the translations repository to gitlab for translations to trigger CI runs.Retire Jenkinsanarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40469tor-browser-manual.torproject.org: migrate from Jenkins to GitLab CI2021-11-03T20:10:52Zanarcattor-browser-manual.torproject.org: migrate from Jenkins to GitLab CI* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-...* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-site-from-gitlab-ci)
* [x] [deploy the SSH key and static site in Puppet](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#adding-a-new-static-site-shim-in-puppet)
* [x] run the deploy-static job, make sure the site still works and was deployed properly (`curl -sI https://tb-manual.torproject.org/ | grep -i Last-Modified`)
* [x] [archive the repo on gitolite](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/gitlab/#how-to-migrate-a-git-repository-from-legacy-to-gitlab)
* [x] remove the old site on staticiforme
* [x] [fully retire the Jenkins jobs](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/jenkins#removing-a-job)
* [ ] notify users about the migrationRetire Jenkinsanarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40468support.torproject.org: migrate from Jenkins to GitLab CI2021-11-03T20:12:54Zanarcatsupport.torproject.org: migrate from Jenkins to GitLab CI* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-...* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-site-from-gitlab-ci)
* [x] [deploy the SSH key and static site in Puppet](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#adding-a-new-static-site-shim-in-puppet)
* [x] run the deploy-static job, make sure the site still works and was deployed properly (`curl -sI https://support.torproject.org/ | grep -i Last-Modified`)
* [x] [archive the repo on gitolite](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/gitlab/#how-to-migrate-a-git-repository-from-legacy-to-gitlab)
* [x] remove the old site on staticiforme
* [x] [fully retire the Jenkins jobs](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/jenkins#removing-a-job)Retire Jenkinsemmapeelemmapeelhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40467community.torproject.org: migrate from Jenkins to GitLab CI2021-11-03T20:12:28Zanarcatcommunity.torproject.org: migrate from Jenkins to GitLab CI* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-...* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-site-from-gitlab-ci)
* [x] [deploy the SSH key and static site in Puppet](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#adding-a-new-static-site-shim-in-puppet)
* [x] run the deploy-static job, make sure the site still works and was deployed properly (`curl -sI https://example.torproject.org/ | grep -i Last-Modified`)
* [x] [archive the repo on gitolite](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/gitlab/#how-to-migrate-a-git-repository-from-legacy-to-gitlab)
* [x] remove the old site on staticiforme
* [x] [fully retire the Jenkins jobs](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/jenkins#removing-a-job)
* [ ] notify users about the migrationRetire Jenkinsanarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40462gettor.torproject.org: migrate from Jenkins to GitLab CI2021-11-03T20:11:18Zanarcatgettor.torproject.org: migrate from Jenkins to GitLab CI* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-...* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-site-from-gitlab-ci)
* [x] [deploy the SSH key and static site in Puppet](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#adding-a-new-static-site-shim-in-puppet)
* [x] run the deploy-static job, make sure the site still works and was deployed properly (`curl -sI https://tb-manual.torproject.org/ | grep -i Last-Modified`)
* [x] [archive the repo on gitolite](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/gitlab/#how-to-migrate-a-git-repository-from-legacy-to-gitlab)
* [x] remove the old site on staticiforme
* [x] [fully retire the Jenkins jobs](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/jenkins#removing-a-job)
* [x] notify users about the migrationRetire JenkinsJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40461www.torproject.org: migrate from Jenkins to GitLab CI2021-11-04T13:01:25Zanarcatwww.torproject.org: migrate from Jenkins to GitLab CI* [ ] include ci-templates `lektor.yml` job
* [ ] site builds and works in gitlab pages
* [ ] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-...* [ ] include ci-templates `lektor.yml` job
* [ ] site builds and works in gitlab pages
* [ ] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-site-from-gitlab-ci)
* [ ] [deploy the SSH key and static site in Puppet](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#adding-a-new-static-site-shim-in-puppet)
* [ ] run the deploy-static job, make sure the site still works and
was deployed properly (`curl -sI https://example.torproject.org/ | grep -i Last-Modified`)
* [ ] [archive the repo on gitolite](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/gitlab/#how-to-migrate-a-git-repository-from-legacy-to-gitlab)
* [ ] remove the old site on staticiforme
* [ ] [fully retire the Jenkins jobs](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/jenkins#removing-a-job)
* [ ] copy the .htaccess file to where it needs to go
[gitlab project](https://gitlab.torproject.org/tpo/web/tpo), [gitolite project](https://gitweb.torproject.org/project/web/tpo.git/)Retire Jenkinsemmapeelemmapeelhttps://gitlab.torproject.org/tpo/web/research/-/issues/40005migrate from Jenkins to GitLab Ci2021-10-21T00:06:57Zanarcatmigrate from Jenkins to GitLab CiI will attempt to retire this project from Jenkins/gitolite this week or next, if I don't find the time.
The worst that could happen here is that the site would become unavailable for a few hours, or show outdated or corrupted content. ...I will attempt to retire this project from Jenkins/gitolite this week or next, if I don't find the time.
The worst that could happen here is that the site would become unavailable for a few hours, or show outdated or corrupted content. In the most likely situation, however, there will be zero downtime and no noticeable change.
The main implication is that the repository on gitolite will become irrelevant: pushes there will not trigger changes on the real website. Jenkins jobs might fail. Eventually, the gitolite repository will be archived and the jenkins jobs will be removed, probably next week as well.
If you have any objections or concerns about this migration, do let me know before the jenkins jobs get pulled. In any case, it's possible to rollback to the current state quite easily.
This is part of the %"Retire Jenkins" roadmap, although it's treated as the second guinea pig for the experiment in tpo/tpa/team#40364.Retire Jenkinsanarcatanarcathttps://gitlab.torproject.org/tpo/tpa/status-site/-/issues/14retire from jenkins2021-09-30T19:29:17Zanarcatretire from jenkinsI will attempt to retire this project from Jenkins/gitolite next week, probably Monday, or Tuesday if I don't find the time.
This is part of the %"Retire Jenkins" roadmap, although it's treated as the first guinea pig for the experiment...I will attempt to retire this project from Jenkins/gitolite next week, probably Monday, or Tuesday if I don't find the time.
This is part of the %"Retire Jenkins" roadmap, although it's treated as the first guinea pig for the experiment in tpo/tpa/team#40364.
The worst that could happen here is that the site would become unavailable for a few hours, or show outdated or corrupted content. In the most likely situation, however, there will be zero downtime and no noticeable change.
The main implication is that the repository on gitolite will become irrelevant: pushes there will not trigger changes on the real website. Jenkins jobs might fail. Eventually, the gitolite repository will be archived and the jenkins jobs will be removed, probably next week as well.
If you have any objections or concerns about this migration, do let me know before the jenkins jobs get pulled. In any case, it's possible to rollback to the current state quite easily.Retire Jenkinsanarcatanarcat2021-09-27https://gitlab.torproject.org/tpo/tpa/team/-/issues/40241retire Debian package builds from jenkins2021-12-22T02:32:48Zanarcatretire Debian package builds from jenkinsAs part of the Jenkins retirement work (#40218), we want to retire the Debian package builds from Jenkins. Those are:
https://jenkins.torproject.org/view/packages%20-%20debian/
it's basically three jobs, with two also built on ARM, so ...As part of the Jenkins retirement work (#40218), we want to retire the Debian package builds from Jenkins. Those are:
https://jenkins.torproject.org/view/packages%20-%20debian/
it's basically three jobs, with two also built on ARM, so 5 jobs total. we need to figure out whether we just stop building those packages automatically, or migrate them to GitLab CI, and if so, how.
Q&A with @weasel
* the builds run on our infra? yes, ci-runner-01 right now. there's also a runner provided by f-droid and users can register their own runners as well, although projects need to opt in to the "shared runners", iirc
* it is not trivial to build trust in the CI chain: we depend on the main GitLab app and while we can build our own hardened docker images, those get selected by the GitLab app, ultimately, since it is what feeds the .gitlab-ci.yml script into the runner
* the runners are actually a fairly large attack surface themselves, 800,000 SLOC, but 90% is vendored golang code though, so it's actually more like 80k
* i was hoping the runners could check openpgp signatures on the git repo, so that we wouldn't have to trust the main gitlab app stuff, but that is just an idea
* we could have runners specifically for debian packages
* the .gitlab-ci.yml could verify signatures on Git repositories but that's kind of silly, because the script is shipped from the gitlab app, so it doesn't protect against a compromise there
* what _are_ runners? gitlab runner is a golang project, separate from the main gitlab. you install it inside a machine, virtual or not (it can run on windows and mac and linux, i think). it can fire jobs into different "backends" which it calls "executors" (like Docker, kubernetes, shell, etc), we use Docker. it basically pipes a shell script (built from the gitlab-ci.yml) into that thing
* do we build our own docker image? no, not yet. ideally, we would. ideally, we would never use images straight from hub.docker.com and build our own ecosystem of images, built from scratch or from debootstrap
* the docker image is specified in the .gitlab-ci.yml file. but through Docker image policies, it might be possible for specific runners to be restricted to specific, controlled Docker images.
* Debian packages could be built for different suites and (hopefully) different arches with different Docker images (instead of using schroot/sbuild), not sure if Docker can run on different arches, e.g. i386 on amd64 or armhf on arm64. you assume a clean environment, as the Docker image is basically a clean chroot.
* can runners build from multiple git repositories? not directly: you get a shell with your project's git repository checked out, but you can clone other repositories (because you have network access). git submodules might work around possible future restrictions on networking.
Update: a subset of those was added as a [FAQ](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/ci#faq) in the CI docs.
Possible options:
1. deb.torproject.org switches to manual uploads, no GitLab CI integration
2. retire deb.tpo altogether, users go to Debian and Ubuntu for their packages, no GitLab CI integration
3. retire deb.tpo like 2, except option to get .debs from GitLab CI artefacts (but no APT repository)
4. add (web)hook to trigger a mirror sync from the GitLab artifacts to the deb.tpo archive
5. add webhook to trigger build on a separate, non-GitLab CI system
I favor option 3, but I will leave the decision to the deb.tpo maintainer (@weasel) of course, although I would need a very strong reason to go the option 5 way, because it feels it would require a parallel infrastructure just for Debian packages...
One key problem is that Debian packages are built for multiple architectures and Debian derivatives/suites (Ubuntu/Debian releases, mostly), which has been abstracted away above. Right now we have:
* GitLab runners:
* only amd64
* Jenkins builders:
* amd64
* i386 chroots on amd64
* arm64
* armhf/armel were retired
In https://gitlab.torproject.org/tpo/core/tor/-/issues/40347, the network team is looking at options to build their stuff on ARM again, in the GitLab CI world. So that's something to keep in mind, and that Debian package builds could reuse. We could already setup a gitlab-runner on build-arm-10 to have ARM builds on GitLab CI, although that feels a bit messy.
Options for distros:
* Docker image per distro
* ?
Options for arches:
* amd64: native
* i386: special Docker image? drop support?
* arm64: native
* armhf/armel: special hardware? same as i386?Retire Jenkinsweasel (Peter Palfrader)weasel (Peter Palfrader)https://gitlab.torproject.org/tpo/tpa/team/-/issues/40225Remove or disable Tor jenkins builders2021-08-30T17:47:13ZNick MathewsonRemove or disable Tor jenkins buildersNow that Jenkins is deprecated, I'd like to turn off all the Jenkins builders for Tor.
Rationale: These builders consume CPU, and slow down more important Jenkins builders. Let's get them out of the way as soon as possible.Now that Jenkins is deprecated, I'd like to turn off all the Jenkins builders for Tor.
Rationale: These builders consume CPU, and slow down more important Jenkins builders. Let's get them out of the way as soon as possible.Retire Jenkinsanarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40218retire jenkins by December 1st 20212022-01-12T21:34:15Zanarcatretire jenkins by December 1st 2021following #40167 (TPA-RFC-10), it was decided in April 2021 that Jenkins should be retired in 2021. specifically, the host (`rouyi`) will be retired on December 1st, if all goes well.
This ticket is set to track that progress. The due d...following #40167 (TPA-RFC-10), it was decided in April 2021 that Jenkins should be retired in 2021. specifically, the host (`rouyi`) will be retired on December 1st, if all goes well.
This ticket is set to track that progress. The due date is set 3 months before the actual retirement date (September) so that we get a heads up to check the status before the retirement.
In the meantime, teams are expected to start migrating their jobs to GitLab CI progressively. Reminders may be sent in the meantime if people need prodding.
Those are the configured jobs in [jenkins/jobs.git](https://gitweb.torproject.org/project/jenkins/jobs.git/tree):
* [x] `hugo-website.yaml` #40364
* [x] `lektor-website.yaml` - see %"Retire Jenkins" for the per-site tickets, only https://gitlab.torproject.org/tpo/web/dev/-/issues/13 (dev.tpo) remains, but it's not really deployed by jenkins anyways, so not a blocker
* [x] `onionperf-docs.yaml` - obsolete (https://gitlab.torproject.org/tpo/metrics/onionperf/-/issues/40028)
* [x] `stem.yaml` - obsolete
* [x] `tor-extra-libs-windows.yaml` - https://gitlab.torproject.org/tpo/tpa/team/-/issues/40225
* [x] `tor.yaml`
* [x] most tor builds https://gitlab.torproject.org/tpo/tpa/team/-/issues/40225
* [x] doxygen builds https://gitlab.torproject.org/tpo/core/tor/-/issues/40384
* [x] Debian packages https://gitlab.torproject.org/tpo/tpa/team/-/issues/40241
* [x] `torsocks.yaml` - retired after approval from dgoulet
* [x] `website.yaml` - to retire, see tpo/web/team#13
The above list might be expanded to explicitly cover all individual jobs if people have trouble migrating.
Update: as of 2021-08-30, only Debian packages and websites are left to migrate out of Jenkins. The plan for those is to deploy static components from GitLab CI (#40364) with a ~~"web hook" to trigger the~~ deployment on the static mirror system. The timeline is generally like this:
1. [x] setup a webhook system
2. [x] test deployment of status.torproject.org
3. [x] ~~launch blog.torproject.org~~ migrate research.torproject.org (tpo/web/research#40005)
4. [x] migrate the rest of the websites (we are here, see %"Retire Jenkins" for all the tickets
Details of the deployment mechanism in #40364.
The following task list was set in #40167, to be executed once all (or some?) the above jobs are migrated or retired:
* [x] windows build boxes retirement:
* [x] winklerianum ("not configured")
* [x] weissii
* [x] woronowii
* [x] NAT box retirement (`nat-fsn-01.torproject.org`, when all `Windows buildbox` are retired)
* [x] Linux build boxes retirement (`build-$ARCH-$NN.torproject.org`, `build box` purpose in LDAP)
* [x] build-x86-05 (moly)
* [x] build-x86-06 (moly)
* [x] build-x86-11 (gnt-fsn)
* [x] build-x86-13 (gnt-chi)
* [x] ci-runner-arm64-02.torproject.org (NOT the entire machine, but a `buildbox` role was added to the CI runner, and should be cleaned up)
* [x] Jenkins box retirement (`rouyi.torproject.org`)
* [x] Puppet code cleanup (retire buildbox and Jenkins code)
* [x] git code cleanup (archive Jenkins repositories)
This ticket used to track all the work for the jenkins retirement, but there is now a milestone (%"Retire Jenkins") to collect all those tickets, because it has grown to cover a lot of things. Therefore this ticket is just the retirement of Jenkins itself (and its associated servers listed right above), not the migration of sites themselves, which is covered by the milestone.Retire Jenkinsanarcatanarcat2022-01-19https://gitlab.torproject.org/tpo/tpa/team/-/issues/40166jenkins service documentation2021-08-30T17:49:10Zanarcatjenkins service documentationdocument how jenkins is built and what it does, especially with the objective of retiring it.document how jenkins is built and what it does, especially with the objective of retiring it.Retire Jenkinsanarcatanarcathttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40013Lost translations on the last release2021-07-16T10:14:43Zmeskiomeskio@torproject.orgLost translations on the last release`bridgedb.test.test_https_server.HowtoResourceTests.test_HowtoResource_render_GET_lang_ru` is [failing in the main branch](https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/jobs/20874). It did start failing after we [updated t...`bridgedb.test.test_https_server.HowtoResourceTests.test_HowtoResource_render_GET_lang_ru` is [failing in the main branch](https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/jobs/20874). It did start failing after we [updated the translated strings](https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/commit/ff2cb23bacc6630122b4b753999347285c285613). It looks like the [rusian translation got deleted](https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/commit/ff2cb23bacc6630122b4b753999347285c285613#d22d6f103948abadb3babee394cc2fcde50b7cbe).Sponsor 30 - Objective 2.4meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/16Document rdsys's architecture and design2020-11-22T02:55:55ZPhilipp Winterphw@torproject.orgDocument rdsys's architecture and designLet's document rdsys's architecture and design. The documentation has the following purposes:
* Help prospective developers familiarise themselves with rdsys.
* Explain to bridge operators, users, and researchers how bridges are managed....Let's document rdsys's architecture and design. The documentation has the following purposes:
* Help prospective developers familiarise themselves with rdsys.
* Explain to bridge operators, users, and researchers how bridges are managed.
The documentation should go into README.md, a more extensive document in the doc/ directory, and a blog post. Here's a bit of documentation to get us started:
---
## Introduction
* BridgeDB needs an overhaul.
- Code base is complicated and convoluted; difficult to make big changes.
- Antiquated and rigid architecture.
* Been reimplementing the service in Golang.
### Goals
* Zero-latency architecture
* abstract, lightweight, resilient, and extensible design
## Code abstractions
How is the code organised?
* "Clean architecture"
- Code centers around domain logic.
* Rdsys distributes resources to users.
- Resource can be a bridge, proxy, Snowflake, or even Tor Browser links.
## System architecture
What components are there and how do they talk to each other?
<!-- insert architecture diagram -->
### Registration mechanism
* Rdsys supports resources that are not coupled to a tor process. These
resources (e.g. Snowflakes, HTTPT proxies, etc.) can register themselves.
### Microservices
* Backend plus several distributor processes.
* Distributors use an HTTP streaming API to learn about resource updates.
### Distributors
* Will build Salmon for rdsys.
### Feedback loop with OONI
* Hand out bridges to OONI for testing; incorporate results into rdsys. Salmon
actually relies on these results.
### Bridge testing with bridgestrap
* Upon learning about new resources, rdsys tests them via bridgestrap.Sponsor 30 - Objective 2.4Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/community/outreach/-/issues/31877Promote workshops on how to set up a bridge at relay operator meetups2021-12-16T17:13:49ZPhilipp Winterphw@torproject.orgPromote workshops on how to set up a bridge at relay operator meetupsWe should point folks to our [bridge setup guides](https://community.torproject.org/relay/setup/bridge/) during relay operator meetups.We should point folks to our [bridge setup guides](https://community.torproject.org/relay/setup/bridge/) during relay operator meetups.Sponsor 30 - Objective 2.4GusGushttps://gitlab.torproject.org/tpo/core/tor/-/issues/40484hs: Memory leak in case of config failure2021-10-14T19:18:46ZDavid Gouletdgoulet@torproject.orghs: Memory leak in case of config failureVery minor thing and thus why I think it is OK not to backport.
If the `config_service()` function fails, we fail to free the previously partitioned config line.
I found this by removing v2 support from tor and attempting to load a ver...Very minor thing and thus why I think it is OK not to backport.
If the `config_service()` function fails, we fail to free the previously partitioned config line.
I found this by removing v2 support from tor and attempting to load a version 2 lead to this problem. It can also be triggered if `HiddenServiceVersion` is anything else than 2 or 3 at the moment.Tor: 0.4.7.x-freezeDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40439TPA-RFC-13: establish OKRs for Q1-Q2 20222022-10-12T20:53:32ZanarcatTPA-RFC-13: establish OKRs for Q1-Q2 2022i'm working on setting OKRs for the first half of 2022.
current blocker is https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-13-okrs-for-roadmapi'm working on setting OKRs for the first half of 2022.
current blocker is https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-13-okrs-for-roadmapestablish the 2022 roadmapanarcatanarcat2021-10-14https://gitlab.torproject.org/tpo/core/tor/-/issues/40478Coverity warning in XON/XOFF handling2021-10-05T19:28:42ZNick MathewsonCoverity warning in XON/XOFF handling```
397 /* Adjust the token bucket of this edge connection with the drain rate in
398 * the XON. Rate is in bytes from kilobit (kpbs). */
>>> CID 1492322: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potenti...```
397 /* Adjust the token bucket of this edge connection with the drain rate in
398 * the XON. Rate is in bytes from kilobit (kpbs). */
>>> CID 1492322: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "xon_cell_get_kbps_ewma(xon) * 1000U" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
399 uint64_t rate = xon_cell_get_kbps_ewma(xon) * 1000;
400 if (rate == 0 || INT32_MAX < rate) {
401 /* No rate. */
402 rate = INT32_MAX;
403 }
404 token_bucket_rw_adjust(&conn->bucket, (uint32_t) rate, (uint32_t) rate);
```
cc @dgoulet @mikeperryTor: 0.4.7.x-freezeDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.org