Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:11:51Zhttps://gitlab.torproject.org/legacy/trac/-/issues/33656[S58] O1.2: Update infrastructure to automatically rebase tor-browser.git pat...2020-06-16T01:11:51ZPili Guerra[S58] O1.2: Update infrastructure to automatically rebase tor-browser.git patches onto Firefox-beta so they can be used in nightly builds.- Implement tooling, (e.g. quilt, gbp-pq) that similar projects (e.g., Tails) use to automate these kinds of code rebase tasks.
- Work with Mozilla to identify any infrastructure we can set up together to help us to automate our rebase p...- Implement tooling, (e.g. quilt, gbp-pq) that similar projects (e.g., Tails) use to automate these kinds of code rebase tasks.
- Work with Mozilla to identify any infrastructure we can set up together to help us to automate our rebase process.
- Configure alerts to notify the Tor Browser team when automatic rebasing of patches fails.
- Experiment with and adjust cycle length for automatic rebasing procedures (e.g daily versus weekly versus fortnightly) depending on fallout results of this process.
- Manually fix fallout from automatic rebase process.https://gitlab.torproject.org/legacy/trac/-/issues/33657[S58] Objective 2: Migrate Tor Browser for Android onto Fenix and away from F...2020-06-16T01:11:51ZPili Guerra[S58] Objective 2: Migrate Tor Browser for Android onto Fenix and away from FennecThe work under this Objective involves utilizing the infrastructure and groundwork created in Objective 1 to complete the migration of Tor Browser for Android onto Fenix and the regular Firefox release cycle.The work under this Objective involves utilizing the infrastructure and groundwork created in Objective 1 to complete the migration of Tor Browser for Android onto Fenix and the regular Firefox release cycle.https://gitlab.torproject.org/legacy/trac/-/issues/33658[S58] O2.1: Evaluate and address Fennec vs. Fenix UI changes.2020-06-16T01:11:52ZPili Guerra[S58] O2.1: Evaluate and address Fennec vs. Fenix UI changes.- Review changes to Fenix UI and evaluate their impact in the context of Tor Browser for Android and its users using the Tor Personas tool as a guide.
- Iterate on any necessary UI changes.- Review changes to Fenix UI and evaluate their impact in the context of Tor Browser for Android and its users using the Tor Personas tool as a guide.
- Iterate on any necessary UI changes.https://gitlab.torproject.org/legacy/trac/-/issues/33659[S58] O2.2: Update build system for Fenix migration.2020-06-16T01:11:53ZPili Guerra[S58] O2.2: Update build system for Fenix migration.- Integrate Fenix and necessary dependencies into our reproducible builds system.
- Add new toolchains for targeted Fenix release.
- Verify that bundles are still reproducible after toolchain updates.- Integrate Fenix and necessary dependencies into our reproducible builds system.
- Add new toolchains for targeted Fenix release.
- Verify that bundles are still reproducible after toolchain updates.https://gitlab.torproject.org/legacy/trac/-/issues/33660[S58] O2.3: Update existing QA and regression test infrastructure for Fenix.2022-09-01T22:28:48ZPili Guerra[S58] O2.3: Update existing QA and regression test infrastructure for Fenix.- Add support for Fenix into existing Tor Browser regression and integration tests.
- Fix any Fenix-specific test failures.
- Write new integration tests for Tor Browser based on Fenix based on O1.2.- Add support for Fenix into existing Tor Browser regression and integration tests.
- Fix any Fenix-specific test failures.
- Write new integration tests for Tor Browser based on Fenix based on O1.2.https://gitlab.torproject.org/legacy/trac/-/issues/33661[S58] O2.4: Migrate Tor Browser for Android from ESR68 to Fenix.2020-07-19T04:47:39ZPili Guerra[S58] O2.4: Migrate Tor Browser for Android from ESR68 to Fenix.- Audit Fenix code for tracking, fingerprintability, and Tor safety features in relation to various known attacks.
- Audit code changes since last audit for proxy bypass bugs, following our audit procedure.
- Review all Mozilla devel...- Audit Fenix code for tracking, fingerprintability, and Tor safety features in relation to various known attacks.
- Audit code changes since last audit for proxy bypass bugs, following our audit procedure.
- Review all Mozilla developer documentation since the last audit for major changes that could impact our tracking and fingerprinting defenses.
- Review all closed bugs in Mozilla's bug tracker to find changes not mentioned in the developer documentation that still affect our users and their threat model.
- Update the Tor Browser for Android codebase to use Fenix instead of Fennec.
- Implement new UI changes as determined in O2.2.
- Integrate tor into Fenix.
- Integrate necessary webextensions into Fenix.
- Rewrite patches from Fennec into Fenix.
- Implement and test migration logic to allow users to seamlessly upgrade from Tor Browser for Android based on Gecko to Tor Browser for Android based on Fenix.
- Release a new version of Tor Browser for Android based on Fenix.
- Document and report in a retrospective on the success of our migration process from Fennec to Fenixhttps://gitlab.torproject.org/legacy/trac/-/issues/33697Investigate new Search Engine configuration2020-06-16T01:12:00ZAlex CatarineuInvestigate new Search Engine configurationWhile working on #33533 I noticed that the engines configured in `list.json` were being ignored, and had to set the `browser.search.modernConfig = false` for them to work.
I believe this is because of a new Search Engine configuration t...While working on #33533 I noticed that the engines configured in `list.json` were being ignored, and had to set the `browser.search.modernConfig = false` for them to work.
I believe this is because of a new Search Engine configuration that has been enabled by default in nightly recently, this is the meta ticket is https://bugzilla.mozilla.org/show_bug.cgi?id=1542235.
We should investigate this and see whether it's enough to flip that pref to get the behaviour we want.https://gitlab.torproject.org/legacy/trac/-/issues/33760Update rbm.conf to match NDK 202020-06-16T01:26:11ZShane IsbellUpdate rbm.conf to match NDK 20the configure_host field no longer matches the correct clang in the lasted NDK. The new NDK requires that we also update the platform version number.the configure_host field no longer matches the correct clang in the lasted NDK. The new NDK requires that we also update the platform version number.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/33791Evaluate Firefox tests2020-06-16T01:12:14ZMatthew FinkelEvaluate Firefox testsEvaluate Firefox tests and Try builds to identify any currently broken functionality.Evaluate Firefox tests and Try builds to identify any currently broken functionality.https://gitlab.torproject.org/legacy/trac/-/issues/33801Upgrade Go Project to use new Android Toolchain2020-06-16T01:26:11ZShane IsbellUpgrade Go Project to use new Android ToolchainGo needs to use new NDK pathGo needs to use new NDK pathhttps://gitlab.torproject.org/legacy/trac/-/issues/33833Upgrade Rust To Use Android NDK 202020-06-16T01:26:12ZShane IsbellUpgrade Rust To Use Android NDK 20Upgrade rust to use latest toolchainUpgrade rust to use latest toolchainGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/33927Add tor-browser-build project for fenix2020-06-16T01:26:13ZGeorg KoppenAdd tor-browser-build project for fenixWe need an own project for FenixWe need an own project for FenixGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/33932Improve steps for creating gradle dependencies lists for projects2020-06-16T01:26:14ZGeorg KoppenImprove steps for creating gradle dependencies lists for projectsThe steps we have for creating lists of gradle dependencies are still not bullet proof. I stumbled across a case where a download got attempted but then a redirect happened which included a different URL and which finally failed. Our cur...The steps we have for creating lists of gradle dependencies are still not bullet proof. I stumbled across a case where a download got attempted but then a redirect happened which included a different URL and which finally failed. Our current instructions don't cope with that case (and probably other corner cases neither).
I've thinking about that and feel we can do better if we mimmick gradle's behavior more:
1) We keep the first step we currently have (extracting all the attempted downloads)
2) We actually try to download all those resources ourselves and compute their sha256 sum.
3) Download failures are easily removable (no sha256 sum is created in that case) and we just remove the successful duplicates.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/33939Decide which components of Fenix to rip out, disable, or use2020-06-15T23:01:23ZGeorg KoppenDecide which components of Fenix to rip out, disable, or useOne thing we are struggling with when trying to write proper patches for building various parts of Fenix is that it's not clear yet which components we want to rip out/disable/use.
E.g. there are a number of things we might want to rip ...One thing we are struggling with when trying to write proper patches for building various parts of Fenix is that it's not clear yet which components we want to rip out/disable/use.
E.g. there are a number of things we might want to rip out of `android-components` (comment:4:ticket:33156) or maybe not, it's not clear. We have already a separate bug (#33594) to figure out what we should do with Glean.
So, in this ticket we should look over the various components involved and decide
a) which to rip (fully) out at build time
b) disable at run time
and document the reasoning (maybe that could be part of our release prep process documentation).
I think by default we should enable everything for usability reasons and disable potentially fingerprinting/tracking features where we don't have patches (yet) and rip out outright dangerous ones if we don't find a better solution. That's a similar method we follow for desktop audits.https://gitlab.torproject.org/legacy/trac/-/issues/33973Create fat .aar for geckoview2020-06-16T01:26:18ZGeorg KoppenCreate fat .aar for geckoviewDownstream consumers like `android-components` and `fenix` use fat .aar files. We need to create them out of ouf per-arch ones. https://bugzilla.mozilla.org/show_bug.cgi?id=1508976 is the bug where this got implemented on Mozilla's side.Downstream consumers like `android-components` and `fenix` use fat .aar files. We need to create them out of ouf per-arch ones. https://bugzilla.mozilla.org/show_bug.cgi?id=1508976 is the bug where this got implemented on Mozilla's side.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/34011Bump clang version to 9.0.12020-06-16T01:26:19ZGeorg KoppenBump clang version to 9.0.1Let's go away from clang 8.0.1Let's go away from clang 8.0.1Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/34012Bump cbindgen version to 0.14.12020-06-16T01:26:20ZGeorg KoppenBump cbindgen version to 0.14.1Update to latest cbindgen used on mozilla-central.Update to latest cbindgen used on mozilla-central.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/34013Bump node version to v10.21.02020-06-16T01:26:20ZGeorg KoppenBump node version to v10.21.0Update our node version to what is used in mozilla-central.Update our node version to what is used in mozilla-central.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/34014Support sqlite3 in our python project2020-06-16T01:26:21ZGeorg KoppenSupport sqlite3 in our python projectPython3 we use needs sqlite3 support now.Python3 we use needs sqlite3 support now.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/34177Audit Fenix code for tracking, fingerprintability, and safety features2020-07-19T04:47:38ZMatthew FinkelAudit Fenix code for tracking, fingerprintability, and safety featuresAudit Fenix code for tracking, fingerprintability, and Tor safety features in relation to various known attacks.
- Audit code changes since last audit for proxy bypass bugs, following our audit procedure.Audit Fenix code for tracking, fingerprintability, and Tor safety features in relation to various known attacks.
- Audit code changes since last audit for proxy bypass bugs, following our audit procedure.