The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-03-18T23:29:44Zhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41549BTCPayServer is Down2024-03-18T23:29:44ZSusanBTCPayServer is DownI am unable to connect to the btcpay.torproject.org. It says the site cannot be reached. I believe this means that donors cannot use it to donate either.I am unable to connect to the btcpay.torproject.org. It says the site cannot be reached. I believe this means that donors cannot use it to donate either.anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41546GitLab CI object storage cache is broken2024-03-06T20:34:17ZJérôme Charaouilavamind@torproject.orgGitLab CI object storage cache is brokenAll our GitLab CI jobs seem to be failing to upload caches to the MinIO object storage bucket:
```
Uploading cache.zip to https://minio.torproject.org:9000/gitlab-ci-runner-cache/project/2302/default-non_protected
FATAL: received: 403 ...All our GitLab CI jobs seem to be failing to upload caches to the MinIO object storage bucket:
```
Uploading cache.zip to https://minio.torproject.org:9000/gitlab-ci-runner-cache/project/2302/default-non_protected
FATAL: received: 403 Forbidden
Failed to create cache
```
This is probably related to the recent rotation of credentials.anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/renovate-cron/-/issues/10Renovate continuously opens and closes merge requests2024-03-07T23:11:41ZSilvio RhattoRenovate continuously opens and closes merge requests# Description
Renovate bot is currently flooding the merge request queue in many projects:
1. It opens a merge request to update a Git submodule, even if the submodule is currently up-to-date.
2. After a while, it closes the merge requ...# Description
Renovate bot is currently flooding the merge request queue in many projects:
1. It opens a merge request to update a Git submodule, even if the submodule is currently up-to-date.
2. After a while, it closes the merge request.
It's like if Renovate first opens the merge request, and just in the next run checks whether if it should have to create the MR in the first place.
# Examples
Merge requests:
* https://gitlab.torproject.org/rhatto/wikipelago/-/merge_requests?scope=all&state=closed&author_username=renovate-bot&search=autoclosed
* https://gitlab.torproject.org/tpo/operations/opsec-templates/-/merge_requests?scope=all&state=closed&author_username=renovate-bot&search=autoclosed
* https://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/merge_requests?scope=all&state=closed&author_username=renovate-bot&search=autoclosed
Queues:
* https://gitlab.torproject.org/rhatto/wikipelago/-/merge_requests/14
* https://gitlab.torproject.org/tpo/operations/opsec-templates/-/merge_requests/33
* https://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/merge_requests/112
# Configuration
Renovate configuration common to all projects having this issue:
```
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
],
"git-submodules": {
"enabled": true
}
}
```
# Additional information
* I don't know if this might influence this issue, but sometimes I manually update submodules in projects, without waiting for Renovate to do it's job. Don't know if that somehow conflicts with the bot mechanisms.micahmicah@torproject.orgmicahmicah@torproject.orghttps://gitlab.torproject.org/tpo/team/-/issues/263Wrapping up sponsor 962024-03-19T17:50:14ZGabagaba@torproject.orgWrapping up sponsor 96- [ ] Final review of deliverables
- [ ] Review indicators
- [ ] Write report for last quarter. Due end of April.
- [ ] Schedule retrospective
- [ ] Write final report. Due on July 29th- [ ] Final review of deliverables
- [ ] Review indicators
- [ ] Write report for last quarter. Due end of April.
- [ ] Schedule retrospective
- [ ] Write final report. Due on July 29thGabagaba@torproject.orgGabagaba@torproject.org2024-07-15https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41097authenticode-timestamping.sh fails to run again because tmp-timestamp already...2024-03-26T20:08:31Zboklmauthenticode-timestamping.sh fails to run again because tmp-timestamp already existsIf running `authenticode-timestamping.sh` fails for some reason, running
it again will fail because directory `tmp-timestamp` already exists.
We should use a directory created with `mktemp` to avoid this.If running `authenticode-timestamping.sh` fails for some reason, running
it again will fail because directory `tmp-timestamp` already exists.
We should use a directory created with `mktemp` to avoid this.boklmboklmhttps://gitlab.torproject.org/tpo/web/donate/-/issues/18120 Stripe / PayPal transactions missing from CiviCRM, 30 January - 5 Februar...2024-03-26T19:26:25Zmattlav120 Stripe / PayPal transactions missing from CiviCRM, 30 January - 5 February 2024Between 30 January and 5 February, I was able to identify (by comparing transaction records) 120 transactions totaling $2,085 that remained un-recorded in CiviCRM. The money came to Tor, but the records of the transactions did not.
In t...Between 30 January and 5 February, I was able to identify (by comparing transaction records) 120 transactions totaling $2,085 that remained un-recorded in CiviCRM. The money came to Tor, but the records of the transactions did not.
In time I was able to find all the transactions and import dummy versions of them to CiviCRM, so our books will balance. But we still should figure out what happened, and whether we should take steps to prevent it.
I kept pretty detailed records of how I proceeded, along with all the data dumped from Stripe and PayPal, in a [NextCloud folder](https://nc.torproject.net/index.php/f/535242) - but I don't imagine this will be very easy to interpret if you're not me. So the way forward is probably for me to do a little show and tell with TPA, in order to enable you to figure out what went haywire for the week in question.anarcatanarcathttps://gitlab.torproject.org/tpo/team/-/issues/262Monthly reports for sponsors2024-03-14T14:57:26ZGabagaba@torproject.orgMonthly reports for sponsors- [x] Sponsor 152 - OTF Turkmenistan - monthly report due 3/7
- [x] Gather all info
- [x] Write report
- [x] Send to Bekeela
- [x] Sponsor 145 - OTF OSAGM Part 2 - monthly report due 3/7
- [x] Gather all info
- [x] Write repor...- [x] Sponsor 152 - OTF Turkmenistan - monthly report due 3/7
- [x] Gather all info
- [x] Write report
- [x] Send to Bekeela
- [x] Sponsor 145 - OTF OSAGM Part 2 - monthly report due 3/7
- [x] Gather all info
- [x] Write report
- [x] Send to Bekeela
- [x] Sponsor 119 - ZOMG - monthly update due 3/7
- [x] Sponsor 150 - ONF - activity 1.3 and 1.4 Report due 3/15
- [x] Gather all info
- [x] Write report
- [x] Send to Bekeela
cc @bekeelaGabagaba@torproject.orgGabagaba@torproject.orghttps://gitlab.torproject.org/tpo/web/blog/-/issues/40069Give Tails Release Managers the Developer status2024-02-27T14:06:05ZanonymGive Tails Release Managers the Developer statusAccording to the [documentation](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/blog#how-to-write-a-new-blog-post-in-gitlab) the `Developer` status is required to create a new branch as part of making a new blog post (which I...According to the [documentation](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/blog#how-to-write-a-new-blog-post-in-gitlab) the `Developer` status is required to create a new branch as part of making a new blog post (which I guess explains why I don't see the "New branch" button). So, in order for for Tails Release Managers to be able to publish blog posts, we need that status.
The current Tails Release Managers that have accounts on your Gitlab and need this status are:
* [anonym](https://gitlab.torproject.org/anonym)
* [boyska](https://gitlab.torproject.org/boyska)
* [intrigeri](https://gitlab.torproject.org/intrigeri)Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/web/donate-neo/-/issues/19Stripe webhook delivery issues for https://backend-services.donate-review.tor...2024-02-27T15:38:56ZanarcatStripe webhook delivery issues for https://backend-services.donate-review.torproject.netI (as a Stripe user) received a notification from Stripe that it's having trouble with one of the web hook endpoints:
> We've had some trouble sending requests in test mode to a webhook endpoint associated with your Tor Project Donation...I (as a Stripe user) received a notification from Stripe that it's having trouble with one of the web hook endpoints:
> We've had some trouble sending requests in test mode to a webhook endpoint associated with your Tor Project Donations account. Stripe sends webhook events (https://stripe.com/docs/webhooks) to your server to notify you of activity in your Stripe account, such as a completed payout or a newly-created invoice.
>
> The URL of the failing webhook endpoint is: https://backend-services.donate-review.torproject.net/stripe/webhook/
>
> You (or someone on your team) configured your Stripe account to send events to that URL. You can change your account's webhook endpoints from the Dashboard (https://dashboard.stripe.com/b/REDACTED?destination=%2Fwebhooks).
>
> In most cases, a failing webhook does not affect your payments or payouts. However:
>
> - If you use subscriptions we rely on your webhook endpoint (https://stripe.com/docs/billing/subscriptions/webhooks#understand) to notify you of new invoices. These invoices may be delayed for up to three days if your endpoint is unable to successfully receive them.
>
> - If you use Checkout and rely on the checkout.session.completed event as part of your purchase fulfilment process (https://stripe.com/docs/payments/checkout/fulfillment#webhooks), you should review your completed payments to ensure you have fulfilled all recent purchases.
>
> We've attempted to send event notifications to this endpoint 336 times since the first failure on February 22, 2024 at 6:46:03 PM UTC. If this endpoint is important to your application, please try and fix the issue. If you do not need this webhook endpoint, you can remove it from your Stripe webhook settings (https://dashboard.stripe.com/b/REDACTED?destination=%2Fwebhooks). We will stop sending event notifications to this webhook endpoint by March 2, 2024 at 6:46:03 PM UTC.
>
> Here is the summary of errors we received while attempting to send webhook events:
>
> - 336 requests had a TLS error, indicating that Stripe was unable to establish a secure connection with your server. You can generate a detailed analysis about your host's TLS configuration (https://ssllabs.com/ssltest/analyze.html?d=backend-services.donate-review.torproject.net:443&hideResults=on) to identify common errors.
>
> You need to return any status code between HTTP 200 to 299 for Stripe to consider the webhook event successfully delivered.
>
> For more details on these errors and to review your account's recent activity, you can find the full set of events (https://dashboard.stripe.com/b/REDACTED?destination=%2Ftest%2Fevents) and request logs (https://dashboard.stripe.com/b/REDACTED?destination=%2Ftest%2Flogs) on the Dashboard.
>
> For more in-depth information on how to use webhooks, we recommend reviewing our documentation (https://stripe.com/docs/webhooks).
>
> Yours,
>
> The Stripe team
@lavamind @stephen any idea what this is about?
I wonder if this is something that has been happening all along and I'm just noticing now that I have a dev account, or if it's a regression related to our token rotation (tpo/tpa/team#41530)?stephenstephenhttps://gitlab.torproject.org/tpo/applications/rbm/-/issues/40073We should remove ./ when using 7-zip for zip files2024-02-27T09:27:27ZPier Angelo VendrameWe should remove ./ when using 7-zip for zip filesMaybe the zip utility trims them down, but 7-zip keeps them.
As a result, files are called `./something` instead of just `something`.Maybe the zip utility trims them down, but 7-zip keeps them.
As a result, files are called `./something` instead of just `something`.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/core/arti/-/issues/1298Do not include escape codes when logging to file2024-02-23T15:47:13Zgabi-250Do not include escape codes when logging to fileWe shouldn't be printing terminal escape codes when logging to file.
The log files currently look like this:
```
�[2m2024-02-22T18:09:58Z�[0m �[32m INFO�[0m �[2marti�[0m�[2m:�[0m Starting Arti 1.1.13 in SOCKS proxy mode on localhost po...We shouldn't be printing terminal escape codes when logging to file.
The log files currently look like this:
```
�[2m2024-02-22T18:09:58Z�[0m �[32m INFO�[0m �[2marti�[0m�[2m:�[0m Starting Arti 1.1.13 in SOCKS proxy mode on localhost port 9150 ...
�[2m2024-02-22T18:09:58Z�[0m �[34mDEBUG�[0m �[2marti::process�[0m�[2m:�[0m Increased process file limit to 16384
```
I routinely `sed -i "s,\x1B\[[0-9;]*[a-zA-Z],,g"` logs from bug reports, shadow etc. in order to make them readable.gabi-250gabi-250https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42425Improve accessibility of the bridge emoji cells2024-03-04T15:14:34ZhenryImprove accessibility of the bridge emoji cellsWhen testing https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42413 with screen readers I noticed:
+ NVDA does not like to read the table cell accessible name, but will instead read the content of the cell only.
+ Orc...When testing https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42413 with screen readers I noticed:
+ NVDA does not like to read the table cell accessible name, but will instead read the content of the cell only.
+ Orca will not read the `aria-describedby` in a table.henryhenryhttps://gitlab.torproject.org/tpo/network-health/team/-/issues/349New round of contacting operators for DNS issues and badexiting problematic r...2024-03-25T10:08:02ZGeorg KoppenNew round of contacting operators for DNS issues and badexiting problematic relays (2024-02-19)This week we got:
```
Relay 032E18F26B35047A20EB1F0E480D0DFD3D8AB6E2 failed DNS check 5/5 times
Relay 052848D49E213DE9F85C8721E138DAABA2DE08C8 failed DNS check 5/5 times
Relay 322AB34E14CD3B08946B5BC109A74A82EDB5298F failed DNS check 2/2...This week we got:
```
Relay 032E18F26B35047A20EB1F0E480D0DFD3D8AB6E2 failed DNS check 5/5 times
Relay 052848D49E213DE9F85C8721E138DAABA2DE08C8 failed DNS check 5/5 times
Relay 322AB34E14CD3B08946B5BC109A74A82EDB5298F failed DNS check 2/2 times
Relay A924AB95F7D77E323A0B9F4CA082F0E13839667B failed DNS check 5/5 times
Relay AFCD245212A6737BE69C312140DB52186D930099 failed DNS check 5/5 times
Relay EB437DB78BBF273458FBD50D152E93A3A2D91B0B failed DNS check 5/5 times
```
Upon re-testing it turns out that `322AB34E14CD3B08946B5BC109A74A82EDB5298F` and `EB437DB78BBF273458FBD50D152E93A3A2D91B0B` are fine now. `052848D49E213DE9F85C8721E138DAABA2DE08C8` and `A924AB95F7D77E323A0B9F4CA082F0E13839667B` have still resolution issues. `032E18F26B35047A20EB1F0E480D0DFD3D8AB6E2` got dealt with in https://gitlab.torproject.org/tpo/network-health/team/-/issues/347Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/150Gitlab Default sender name is too generic2024-02-26T21:02:21ZkwadronautGitlab Default sender name is too genericmails show up as `gitlab` in my mailclient - one of the many gitlabs around. These are generic ones, like `From: GitLab <git@gitlab.torproject.org>)subject: Your resource access tokens will expire in 7 days or less`
`This so question mig...mails show up as `gitlab` in my mailclient - one of the many gitlabs around. These are generic ones, like `From: GitLab <git@gitlab.torproject.org>)subject: Your resource access tokens will expire in 7 days or less`
`This so question might be useful: https://stackoverflow.com/questions/24834339/how-to-change-sender-name-from-gitlab-emails`
Can you change that?Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41539Create an operations email list2024-03-28T01:14:48Zal smithCreate an operations email listThe operations team needs an email list to coordinate its work. (This will help with our grants@torproject.org email issues, as we'll be able to reduce the number of people using that alias once the operations list is established.)
**Re...The operations team needs an email list to coordinate its work. (This will help with our grants@torproject.org email issues, as we'll be able to reduce the number of people using that alias once the operations list is established.)
**Requirements**
1. Does **not** require a moderation queue
2. Allows people who are not subscribed to the list to send email to the list **without friction**
3. Is not archived (for anyone, including members of the list)
4. Is not displayed on lists.torproject.org
Is that something a list can do?
If so, we request `tor-operations@` to be created. :smile:
Note: It's possible that an operations list exits already, per this ticket from 8 years ago, but I don't think so based on my quick test. Just adding for due diligence since I noticed it: https://gitlab.torproject.org/tpo/tpa/team/-/issues/15992Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2024-03-31https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41088Remove use of projects/browser/run_scripts2024-03-26T20:31:48ZboklmRemove use of projects/browser/run_scriptsIn `projects/browser/build` we are creating a script (in
`"$scripts_dir/create-$PKG_DIR"`), and use `run_scripts` to run it.
This was added in dfa0cc46fc and was useful to generate bundles for the
different locales in parallel. However ...In `projects/browser/build` we are creating a script (in
`"$scripts_dir/create-$PKG_DIR"`), and use `run_scripts` to run it.
This was added in dfa0cc46fc and was useful to generate bundles for the
different locales in parallel. However since we now have one bundle for
all locales, it's not useful anymore, and we can simplify the build
script by not doing that.boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42421Remove bridge option should be hidden for Lox bridges2024-03-04T15:14:03ZhenryRemove bridge option should be hidden for Lox bridgesCurrently we allow individual Lox bridges to be removed through the "Bridge options" menu.Currently we allow individual Lox bridges to be removed through the "Bridge options" menu.henryhenryhttps://gitlab.torproject.org/tpo/web/tpo/-/issues/419New translations for website: be, el, tk2024-02-21T13:49:15ZemmapeelNew translations for website: be, el, tkNew translations: Belarusian, Turkmen, Greek.New translations: Belarusian, Turkmen, Greek.emmapeelemmapeelhttps://gitlab.torproject.org/tpo/web/tpo/-/issues/417remove kez from the people page2024-02-20T20:38:22Zanarcatremove kez from the people pageas part of kez's offboarding (tpo/tpa/team#41529), we need to remove them from the people page.as part of kez's offboarding (tpo/tpa/team#41529), we need to remove them from the people page.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41536Draft specs and estimates for new backup storage server2024-03-13T21:04:06ZanarcatDraft specs and estimates for new backup storage server(next) cluster scalingJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org