Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T17:02:28Zhttps://gitlab.torproject.org/legacy/trac/-/issues/34437migrate help.tpo into a gitlab wiki2020-06-13T17:02:28Zanarcatmigrate help.tpo into a gitlab wikiwe are currently using ikiwiki to host our documentation. that has served us well so far: it's available as a static site in the static mirror system and allows all sysadmins to have a static, offsite copy of the documentation when every...we are currently using ikiwiki to host our documentation. that has served us well so far: it's available as a static site in the static mirror system and allows all sysadmins to have a static, offsite copy of the documentation when everything is down.
but ikiwiki is showing its age. it's an old program written in Perl, difficult to theme and not very welcoming to new users. for example, it's impossible for a user unfamiliar with git to contribute to the documentation. it also has its own unique Markdown dialect that is not used anywhere else. and while Markdown itself is not standardized and has lots of such dialects, there is /some/ convergence around CommonMark and GFM (GitHub's markdown) as de-facto standards at least, which ikiwiki still has to catchup with. it also has powerful macros which are nice to make complex websites, but do not render in the offline documentation, making us dependent on the rendered copy (as opposed to setting up client-side tools to peruse the documentation).
gitlab wikis, in contrast, have a web interface to edit pages. it doesn't have the macros ikiwiki has, but that's nothing a few commandline hacks can't fix... or at least we should consider it. they don't have macros or any more powerful features that ikiwiki has, but maybe that's exactly what we want.
this is not blocking the trac to gitlab migration, but it would be nice to jump onboard with everyone, since we will be migrating the Trac wiki onto gitlab as well...anarcatanarcathttps://gitlab.torproject.org/legacy/trac/-/issues/34436document the static mirror network and onionbalance system better2020-06-13T17:02:28Zanarcatdocument the static mirror network and onionbalance system betterwe have some documentation on the static mirroring system here:
https://help.torproject.org/tsa/howto/static-component/
it's mostly procedural and minimal: add a component, remove a component and that's it. it doesn't explain at all ho...we have some documentation on the static mirroring system here:
https://help.torproject.org/tsa/howto/static-component/
it's mostly procedural and minimal: add a component, remove a component and that's it. it doesn't explain at all how the system works, how to create or remove a new node in the network, how onion services interact with it, and how it actually works in puppet.
all this should be better documented. for example, I should be able to resolve #34396 without asking weasel. :)anarcatanarcathttps://gitlab.torproject.org/legacy/trac/-/issues/34432Integrate fenix toolchain into tor-browser-build's master2020-06-16T01:26:35ZGeorg KoppenIntegrate fenix toolchain into tor-browser-build's masterWe decided to not create a new branch to take care of the Fenix toolchain while continuing to build nightly builds with the ESR 68 toolchains (and later ESR 78 toolchains for desktop builds). Rather, we'll follow boklm's idea of namespac...We decided to not create a new branch to take care of the Fenix toolchain while continuing to build nightly builds with the ESR 68 toolchains (and later ESR 78 toolchains for desktop builds). Rather, we'll follow boklm's idea of namespacing the projects to fenix-$project if there are Fenix specific needs and keep everything on `master`. This should avoid diverging branches and a tricky merge at the end.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/34426document ud-ldap and its architecture better2020-06-13T17:02:27Zanarcatdocument ud-ldap and its architecture betterour LDAP documentation is minimal. go through the thing and document how the different components play with each other and common tasks (like creating a user and so on).our LDAP documentation is minimal. go through the thing and document how the different components play with each other and common tasks (like creating a user and so on).anarcatanarcathttps://gitlab.torproject.org/legacy/trac/-/issues/34425document gitlab in our service docs2020-06-13T17:02:27Zanarcatdocument gitlab in our service docsin particular for backups (so linked to/from https://help.torproject.org/tsa/howto/backup/) but also our general policies and procedures.in particular for backups (so linked to/from https://help.torproject.org/tsa/howto/backup/) but also our general policies and procedures.anarcatanarcathttps://gitlab.torproject.org/legacy/trac/-/issues/34424backport fabric to debian buster2020-06-13T17:02:27Zanarcatbackport fabric to debian busterWe rely on newer features of Fabric in our configuration that are not present in Debian buster. upload a backport to the official Debian backports.We rely on newer features of Fabric in our configuration that are not present in Debian buster. upload a backport to the official Debian backports.anarcatanarcathttps://gitlab.torproject.org/legacy/trac/-/issues/34423Implement GetTor for mobile users2020-06-21T18:06:15ZCecylia BocovichImplement GetTor for mobile usersWhat happens if Tor Browser downloads through traditional app stores are blocked in certain regions?
Right now GetTor only distributes for windows, osx, and linux. If we upload .apks to our link download providers, is this a usable way ...What happens if Tor Browser downloads through traditional app stores are blocked in certain regions?
Right now GetTor only distributes for windows, osx, and linux. If we upload .apks to our link download providers, is this a usable way to install Tor Browser on Android?https://gitlab.torproject.org/legacy/trac/-/issues/34420enable Gitlab backups2020-06-13T17:02:26ZHiroenable Gitlab backupsI am configuring gitlab backups via cron and the puppet module.
Here is a MR:
https://share.riseup.net/#P2Yu4rpQubidQ0V5r7QM1Q
This does the following:
Configure gitlab backups via the puppet module.
Will create a backup file every ni...I am configuring gitlab backups via cron and the puppet module.
Here is a MR:
https://share.riseup.net/#P2Yu4rpQubidQ0V5r7QM1Q
This does the following:
Configure gitlab backups via the puppet module.
Will create a backup file every night at 2 am on /srv/backups
It will use Gitlab backup command which is a wrapper of the rake task within gitlab rails.
More information on: https://docs.gitlab.com/ee/raketasks/backup_restore.html#back-up-gitlab
It also set a cron job to backup gitlab secrets every night at 2 am and place it on /srv/backups.HiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/34414Double-check remaining mobile patches on mozilla-central for Fenix transition2020-06-16T01:13:21ZGeorg KoppenDouble-check remaining mobile patches on mozilla-central for Fenix transitionFennec is gone and with it a large number of patches we had to apply for Tor Browser for Android. There are a couple of mobile patches/parts left as of `acat/33533+5` and we should check whether they are still needed.Fennec is gone and with it a large number of patches we had to apply for Tor Browser for Android. There are a couple of mobile patches/parts left as of `acat/33533+5` and we should check whether they are still needed.https://gitlab.torproject.org/legacy/trac/-/issues/34398Harden our code signing on macOS for ESR 782020-06-16T01:26:34ZGeorg KoppenHarden our code signing on macOS for ESR 78While #32506 might be not doable during our transition to ESR 78 we might be able to pick up some improvements nevertheless, see:
https://hg.mozilla.org/releases/mozilla-beta/rev/497690887467ccf0709d71fdb1b20d0647388df9While #32506 might be not doable during our transition to ESR 78 we might be able to pick up some improvements nevertheless, see:
https://hg.mozilla.org/releases/mozilla-beta/rev/497690887467ccf0709d71fdb1b20d0647388df9https://gitlab.torproject.org/legacy/trac/-/issues/34388Update lucetc and wasi-sdk projects to latest ESR 78 code2020-06-16T01:26:32ZGeorg KoppenUpdate lucetc and wasi-sdk projects to latest ESR 78 codeIn order to properly enable WASM sandboxing we should update our `lucetc` and `wasi-sdk` projects to what Mozilla ships in ESR 78.In order to properly enable WASM sandboxing we should update our `lucetc` and `wasi-sdk` projects to what Mozilla ships in ESR 78.https://gitlab.torproject.org/legacy/trac/-/issues/34378Port external helper app prompting before opening to Fenix2020-06-15T23:01:25ZGeorg KoppenPort external helper app prompting before opening to FenixIn #26529 we ported the desktop capability to prompt before opening external apps to mobile. We need to redo that proxy-bypass-protection part for Fenix.In #26529 we ported the desktop capability to prompt before opening external apps to mobile. We need to redo that proxy-bypass-protection part for Fenix.https://gitlab.torproject.org/legacy/trac/-/issues/34377Port padlock states for .onion services to Fenix2020-06-16T01:13:16ZGeorg KoppenPort padlock states for .onion services to Fenix#26690 ported the padlock states for onions to mobile. We need to redo that for Fenix.#26690 ported the padlock states for onions to mobile. We need to redo that for Fenix.https://gitlab.torproject.org/legacy/trac/-/issues/34374put trac readonly on june 12th 20202020-06-13T17:02:22Zanarcatput trac readonly on june 12th 2020as agreed in the last all-hands meeting, trac will be readonly on june 12th 2020 for the final migration, and will remain so for 6 months, until it is permanently archived and transformed into a redirect to gitlab (#34373).as agreed in the last all-hands meeting, trac will be readonly on june 12th 2020 for the final migration, and will remain so for 6 months, until it is permanently archived and transformed into a redirect to gitlab (#34373).HiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/34373redirect trac.torproject.org to gitlab.torproject.org on dec 12th 20202020-06-13T17:02:22Zanarcatredirect trac.torproject.org to gitlab.torproject.org on dec 12th 2020Once trac is shutdown, redirections from trac.torproject.org needs to be perform to gitlab.torproject.org.
This happens 6 months after trac is put readonly (which is on june 12th) so december 12th 2020.Once trac is shutdown, redirections from trac.torproject.org needs to be perform to gitlab.torproject.org.
This happens 6 months after trac is put readonly (which is on june 12th) so december 12th 2020.Jens KubiezielJens Kubiezielhttps://gitlab.torproject.org/legacy/trac/-/issues/34371make db.torproject.org a real debian archive2020-06-13T17:02:21Zanarcatmake db.torproject.org a real debian archiveI often have trouble uploading packages following our procedure here:
https://help.torproject.org/tsa/howto/build_and_upload_debs/#Uploading_admin_packages
For example, just now I have stumbled upon this:
```
Failed to upload userdir-...I often have trouble uploading packages following our procedure here:
https://help.torproject.org/tsa/howto/build_and_upload_debs/#Uploading_admin_packages
For example, just now I have stumbled upon this:
```
Failed to upload userdir-ldap-cgi_0.3.43~x.tpo.8.dsc to anarcat@alberti.torproject.org:/srv/db.torproject.org/ftp-archive/archive/pool/tpo-all/userdir-ldap-cgi_0.3.43~x.tpo.8.dsc: scp: /srv/db.torproject.org/ftp-archive/archive/pool/tpo-all/userdir-ldap-cgi_0.3.43~x.tpo.8.dsc: Permission denied
```
That was because there was already a `.8.dsc` file from a previous ("UNRELEASED") upload. (I feel it was a mistake to upload such a package in the first place, but that's besides the point: this is only one of many ways this procedure can fail on upload.)
The archive also manually handles OpenPGP certifications and rotations, which is sub-optimal, to say the least, from a security perspective.
Instead, we should use well-known software like reprepro or else to manage the repository, with a proper "incoming" queue.https://gitlab.torproject.org/legacy/trac/-/issues/34360Bump binutils version to 2.342020-06-16T01:26:31ZGeorg KoppenBump binutils version to 2.34We are using a rather old binutils version. Let's bump it to the latest, 2.34.We are using a rather old binutils version. Let's bump it to the latest, 2.34.https://gitlab.torproject.org/legacy/trac/-/issues/34359Adapt abicheck.cc to deal with newer GCC version2020-06-16T01:26:30ZGeorg KoppenAdapt abicheck.cc to deal with newer GCC versionWe need to adapt our `abicheck.cc` to work as it is supposed to with GCC 9.We need to adapt our `abicheck.cc` to work as it is supposed to with GCC 9.https://gitlab.torproject.org/legacy/trac/-/issues/34358Implement a browser-compatible NAT behaviour discovery STUN library2020-06-13T18:22:18ZCecylia BocovichImplement a browser-compatible NAT behaviour discovery STUN librarySo far we've been lucky that the npm modules we've been using are available through Firefox and Chrome APIs. That's not the case for [stun](https://www.npmjs.com/package/stun), which we need for #34129.
~~It looks like there are some op...So far we've been lucky that the npm modules we've been using are available through Firefox and Chrome APIs. That's not the case for [stun](https://www.npmjs.com/package/stun), which we need for #34129.
~~It looks like there are some options for packing node modules for use in web applications: https://www.npmjs.com/package/webpack~~
~~But we might need to modify our build scripts.~~
Now it seems like we'd have to implement our own STUN library from scratch using the UDP socket APIs.
It's questionable how worth it this is at the moment.https://gitlab.torproject.org/legacy/trac/-/issues/34357Reject relays running 0.4.12020-06-13T15:53:43ZNick MathewsonReject relays running 0.4.1Now that 0.4.1 has reached end-of-life, it's time for directory authorities to stop accepting relays running it.
See #32672 for the last time we did this.
Looking at the graphs, I don't see a significant change in the drop-off rate for...Now that 0.4.1 has reached end-of-life, it's time for directory authorities to stop accepting relays running it.
See #32672 for the last time we did this.
Looking at the graphs, I don't see a significant change in the drop-off rate for deprecated versions in between when we announced that they were deprecated, and when we finally removed them. Maybe this time we should just send out an announcment, wait a month, then reject the relays?Tor: unspecified