Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T18:22:02Zhttps://gitlab.torproject.org/legacy/trac/-/issues/34124snowflake funktioniert nicht2020-06-13T18:22:02Zcypherpunkssnowflake funktioniert nichtAnzeige: WebRTC-Fähigkeit nicht erkannt.
Was soll ich tun?Anzeige: WebRTC-Fähigkeit nicht erkannt.
Was soll ich tun?https://gitlab.torproject.org/legacy/trac/-/issues/34123Provide secrets/passwords management for Tor Browser Nightly signing2020-06-13T17:02:05ZMatthew FinkelProvide secrets/passwords management for Tor Browser Nightly signingAs mentioned in #34121, the Tor Browser Nightly signing machine will host an OpenPGP key and an NSSDB private key. Both of these should be password-protected. Instead of hard-coding these passphrases in a file or script on the server, ha...As mentioned in #34121, the Tor Browser Nightly signing machine will host an OpenPGP key and an NSSDB private key. Both of these should be password-protected. Instead of hard-coding these passphrases in a file or script on the server, having a password management system from where the passwords can be retrieved would be very nice.HiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/34122Create two Tor Browser build machines2020-06-13T17:02:04ZMatthew FinkelCreate two Tor Browser build machinesCurrently, Tor Browser developers have access to one external machine for building Tor Browser. We'd like two new build machines that are maintained by TPA. This will allow us to run parallel builds, and confirm reproducibility of the re...Currently, Tor Browser developers have access to one external machine for building Tor Browser. We'd like two new build machines that are maintained by TPA. This will allow us to run parallel builds, and confirm reproducibility of the resulting builds.
The resource requirements for the machines are quite large:
- For storage: 200GB should be an okay starting point
- For memory: we'll need at least 16 GB.
- For CPUs: at least two, but more would be better
The package requirements are documented here:
https://gitweb.torproject.org/builders/tor-browser-build.git/tree/README#n20
```
apt-get install libyaml-libyaml-perl libtemplate-perl \
libio-handle-util-perl libio-all-perl \
libio-captureoutput-perl libjson-perl libpath-tiny-perl \
libstring-shellquote-perl libsort-versions-perl \
libdigest-sha-perl libdata-uuid-perl libdata-dump-perl \
libfile-copy-recursive-perl libfile-slurp-perl git runc \
mercurial
```
Currently, the default Tor Browser build system (tor-browser-build) requires the user have (essentially) full sudo permissions (#23631) due to its underlying use of runc for creating deterministic build environments.HiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/34121Create a Tor Browser Nightly signing machine2020-06-13T17:02:04ZMatthew FinkelCreate a Tor Browser Nightly signing machineRecently, Tor Browser began providing automatic nightly updates (#18867), and those are now hosted on nightlies.tbb.torproject.org (#32800). All of the building and signing machines are currently hosted externally. This ticket is for mov...Recently, Tor Browser began providing automatic nightly updates (#18867), and those are now hosted on nightlies.tbb.torproject.org (#32800). All of the building and signing machines are currently hosted externally. This ticket is for moving the signing operation onto a TPA maintained server.
It will need about 40 GB of disk space, memory requirement should be small (1 or 2 GB, should be more than enough).
As the end result, every day this server will receive files from an external server (pushed or pulled, whichever makes the most sense), sign them, and then copy them to nightlies.tbb.torproject.org for serving.
The server will hold a passphrase-protected OpenPGP private key and a passphrase-protected NSS DB containing a private signing key.
This server should be as network-access-restricted as possible, while still being usable.https://gitlab.torproject.org/legacy/trac/-/issues/34120Pluggable Transport Versus Bridge2020-06-16T01:12:55ZTracPluggable Transport Versus BridgeIn the Tor preferences>Tor, it states that one can select a Bridge. If so done, then the first option is to "Select a built-in bridge". However, it doesn't. It actually selects a pluggable transport.
Pluggable transports use bridges,...In the Tor preferences>Tor, it states that one can select a Bridge. If so done, then the first option is to "Select a built-in bridge". However, it doesn't. It actually selects a pluggable transport.
Pluggable transports use bridges, but they are not bridges.
Recommend rewording to be more accurate.
**Trac**:
**Username**: TormanToohttps://gitlab.torproject.org/legacy/trac/-/issues/34119Hook gk's tor related gmail account to the google play account to get tor bro...2020-06-16T01:12:55ZGeorg KoppenHook gk's tor related gmail account to the google play account to get tor browser releases outWe should avoid all sorts of bottlenecks and just having one person being able to get mobile releases pushed to Google Play is one of those. Let's hook gk's up resurrected gmail account to solve that issue.We should avoid all sorts of bottlenecks and just having one person being able to get mobile releases pushed to Google Play is one of those. Let's hook gk's up resurrected gmail account to solve that issue.https://gitlab.torproject.org/legacy/trac/-/issues/34118Onion-Location banner isn't shown when using subdomains in the onion address2020-06-16T01:12:54ZAlexander Færøyahf@torproject.orgOnion-Location banner isn't shown when using subdomains in the onion addressMacLemon on Mastodon reports that we have a problem with the Onion-Location banner when a subdomain is added to the Onion hostname.
The purple ".onion available" banner is shown when the server sends: `Onion-Location: http://<pubkey>.on...MacLemon on Mastodon reports that we have a problem with the Onion-Location banner when a subdomain is added to the Onion hostname.
The purple ".onion available" banner is shown when the server sends: `Onion-Location: http://<pubkey>.onion/`, but it is NOT shown when the server sends: `Onion-Location: http://subdomain.<pubkey>.onion/`.
For more information, see the discussion here: https://chaos.social/@MacLemon/104112776746450550https://gitlab.torproject.org/legacy/trac/-/issues/34117Delete vegas-leads list2020-06-13T17:02:03ZRoger DingledineDelete vegas-leads listThe vegas-leads list:
https://lists.torproject.org/cgi-bin/mailman/listinfo/vegas-leads
has served us well for some years now:
https://lists.torproject.org/pipermail/tor-project/2016-March/000196.html
But with the new plans (more struct...The vegas-leads list:
https://lists.torproject.org/cgi-bin/mailman/listinfo/vegas-leads
has served us well for some years now:
https://lists.torproject.org/pipermail/tor-project/2016-March/000196.html
But with the new plans (more structured interactions between teams), we no longer need a separate list for coordination between teams. So it is time to retire (delete) the list.
It has no archives, so it should be easy to remove.
Thanks!Jens KubiezielJens Kubiezielhttps://gitlab.torproject.org/legacy/trac/-/issues/34116Set up OONI's MetaDB on polyanthum2020-06-13T18:30:03ZPhilipp Winterphw@torproject.orgSet up OONI's MetaDB on polyanthumAs part of #32740, we need to sync OONI's test results with BridgeDB's SQLite database; in particular its BlockedBridges table. [Over here](https://trac.torproject.org/projects/tor/ticket/32126#comment:4) and [here](https://github.com/oo...As part of #32740, we need to sync OONI's test results with BridgeDB's SQLite database; in particular its BlockedBridges table. [Over here](https://trac.torproject.org/projects/tor/ticket/32126#comment:4) and [here](https://github.com/ooni/backend/issues/396#issuecomment-620611456), hellais suggested to set up a copy of OONI's MetaDB and have it sync with their canonical database. We can then use our local copy on polyanthum to update BridgeDB's SQLite database.
Instructions for setting up a MetaDB are available at:
https://github.com/ooni/sysadmin/blob/master/docs/metadb-sharing.mdPhilipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/34115review the impact of usrmerge2020-06-13T17:02:03Zanarcatreview the impact of usrmergeDebian buster shipped with a "merged `/usr`", which means that `/bin`, `/lib` and `/sbin` are now symlinks to their counterparts in `/usr`. There are concerns that this behavior is buggy and triggers problems in all sorts of places. In p...Debian buster shipped with a "merged `/usr`", which means that `/bin`, `/lib` and `/sbin` are now symlinks to their counterparts in `/usr`. There are concerns that this behavior is buggy and triggers problems in all sorts of places. In particular, the `dpkg` maintainers are quite unhappy about the change and do not support it as a configuration:
https://wiki.debian.org/Teams/Dpkg/MergedUsr
... which is disturbing, considering the `dpkg` is such a core component of a Debian system.
That wiki page provides a hackish script to "migrate away" from usrmerge but no one, as far as I know, has done that in production. It definitely looks nasty.
We should consider :
* [ ] whether this is a real problem (probably?)
* [x] which machines have usrmerge (20 machines or 27%, detailed below)
* [x] whether new machines should have it (probably not? not having usrmerge is *not* a problem, and having it has risks, so let's not risk it?)
* [ ] whether we need to fix old machines
There are two ways of fixing the installers:
* pass `--no-merged-usr` to deboostrap
* use `mmdebstrap`
The latter has the advantage of being faster, at the cost of being possibly less reliable and compatible.
Next steps:
1. [x] fix cloud installer - fixed in the wiki and tsa-misc
2. [x] fix robot installer - fixed in the wiki and tsa-misc
3. [x] fix ganeti installer - reported as [bug 959745](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959745), mentioned in the wiki, reported [in the puppet module](https://gitlab.com/shared-puppet-modules-group/puppet-ganeti/-/issues/7)anarcatanarcathttps://gitlab.torproject.org/legacy/trac/-/issues/34114Please give gk access to staticiforme and torwww groups2020-06-13T17:02:02ZMatthew FinkelPlease give gk access to staticiforme and torwww groups```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
This is reversing gk's permission removal in #32735.
Please allow gk access to staticiforme and the supplementary
groups, as described in that ticket.
Thanks!
Mon 04 May 2020 03:00:0...```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
This is reversing gk's permission removal in #32735.
Please allow gk access to staticiforme and the supplementary
groups, as described in that ticket.
Thanks!
Mon 04 May 2020 03:00:00 PM GMT
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEo4znE8duGsmMUJcuHp029Ma9dU4FAl6wMDEACgkQHp029Ma9
dU5ilwgAv89nBWt1tIrdgaAWR1wQm9yeZDS6hyLk1ZXjVRn4+GO2RA6+zVHewkwk
Hp5nGF08bN1z27vKVw3wxGKD7U9VVl1pIwqgBhZVAagaN8Vd6OnDVFjjJdkf3nX2
/B8mRsLOh6fPyI4Nrmnl7WKfAkL6H28WD9R3wtObPcJaCZEMcwjiUYxIpOKP+/ll
kumoWR97KiIz92dXKUk3aZt3Qt8VySR5iRmR0Id13Af/LHenY6IV6q+6ks1SVD3E
d8fGnYJv8qnZOy2TSIix0QYkjjv+m1potwLI7Bs06uc9+/dUZ+EIrRoHS1GeUlNO
03KXCVLfdAuZLEN2smiFrnTh6ra0dg==
=D2Le
-----END PGP SIGNATURE-----
```
Ref: #32735anarcatanarcathttps://gitlab.torproject.org/legacy/trac/-/issues/34113chives is not loading backlog2020-06-13T17:02:02ZAntonelaantonela@torproject.orgchives is not loading backlogMy IRC client didn't load the last four days backlog and i wonder if chives is full, is dead or if it is an issue in my client.My IRC client didn't load the last four days backlog and i wonder if chives is full, is dead or if it is an issue in my client.https://gitlab.torproject.org/legacy/trac/-/issues/34112Delete tor-researchers list2020-06-13T17:02:02ZGeorge KadianakisDelete tor-researchers listtor-researchers is a mailing list that was basically never used. It was meant to be a closed list for researchers to facilitate research discussion.
The list was closed, and maintaining its membership was more logistics than we could af...tor-researchers is a mailing list that was basically never used. It was meant to be a closed list for researchers to facilitate research discussion.
The list was closed, and maintaining its membership was more logistics than we could afford for a list that is never used.
Please delete it, and also delete its archives since there is basically no actual threads in there, and the list was secret in the first place.
Thanks!Jens KubiezielJens Kubiezielhttps://gitlab.torproject.org/legacy/trac/-/issues/34111Extend Metrics CollecTor check to OnionPerf files2020-06-13T17:02:01ZKarsten LoesingExtend Metrics CollecTor check to OnionPerf filesWe added a new descriptor type that we should include in the check.
While we're touching this file, let's sort paths alphabetically and let's also resolve the pyflakes3 warning spotted by anarcat.
I'm going to attach a Git-formatted pa...We added a new descriptor type that we should include in the check.
While we're touching this file, let's sort paths alphabetically and let's also resolve the pyflakes3 warning spotted by anarcat.
I'm going to attach a Git-formatted patch in a second.https://gitlab.torproject.org/legacy/trac/-/issues/34110Investigate `./mach android gradle-dependencies` for our use cases2020-06-16T01:26:24ZGeorg KoppenInvestigate `./mach android gradle-dependencies` for our use casesMozilla has a neat way of automating the gradle dependencies it needs during build time and making them available: https://firefox-source-docs.mozilla.org/build/buildsystem/toolchains.html#firefox-for-android-with-gradle
We should think...Mozilla has a neat way of automating the gradle dependencies it needs during build time and making them available: https://firefox-source-docs.mozilla.org/build/buildsystem/toolchains.html#firefox-for-android-with-gradle
We should think about how we could use that either just for Fenix or in general for our mobile related projects.https://gitlab.torproject.org/legacy/trac/-/issues/34109Download and parse OnionPerf analysis .json files instead of .tpf files2020-06-13T18:09:38ZKarsten LoesingDownload and parse OnionPerf analysis .json files instead of .tpf filesWith #34070 and #34072 being merged and deployed we can now change metrics-web to download and parse OnionPerf analysis .json files instead of .tpf files.With #34070 and #34072 being merged and deployed we can now change metrics-web to download and parse OnionPerf analysis .json files instead of .tpf files.Karsten LoesingKarsten Loesinghttps://gitlab.torproject.org/legacy/trac/-/issues/34108Write script to keep track of toolchain changes2020-06-16T01:26:23ZGeorg KoppenWrite script to keep track of toolchain changesWe have a lot of different requirements for our toolchain (see: #33557) due to a number of different projects involved in building Fenix. We should write a script that we run periodically to keep track of necessary toolchain changes ahea...We have a lot of different requirements for our toolchain (see: #33557) due to a number of different projects involved in building Fenix. We should write a script that we run periodically to keep track of necessary toolchain changes ahead of time.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/34107unauthorized access, phishing, spoofying, identity theft of my gmail account,...2020-06-13T10:46:47ZTracunauthorized access, phishing, spoofying, identity theft of my gmail account, disable stmp and pop3,safariweb,webkits,,iphones,ipads and hp 4600 mac pro,are the cause of leakeage and exloitation on shared wireless network, yes i'm using wireless network but that doesn't mean open ssl remodification or SSL and TLS remodification give...safariweb,webkits,,iphones,ipads and hp 4600 mac pro,are the cause of leakeage and exloitation on shared wireless network, yes i'm using wireless network but that doesn't mean open ssl remodification or SSL and TLS remodification gives the right to take ownership or remove my rights as device owner and would just safely and secure browse the internet.
**Trac**:
**Username**: precious113https://gitlab.torproject.org/legacy/trac/-/issues/34106Default rounding on start up with 9.5a12 on Windows 10 is off by one (width ...2020-06-16T01:12:54ZGeorg KoppenDefault rounding on start up with 9.5a12 on Windows 10 is off by one (width and height)Same system as in #34105. It shows an off by one both for width and height (x99 x x99) when the initially rounded dimensions are used.Same system as in #34105. It shows an off by one both for width and height (x99 x x99) when the initially rounded dimensions are used.https://gitlab.torproject.org/legacy/trac/-/issues/34105Letterboxing when maximizing 9.5a12 on Windows 10 results in a width off by one2020-06-16T01:12:54ZGeorg KoppenLetterboxing when maximizing 9.5a12 on Windows 10 results in a width off by oneTesting 9.5a12 on a vanilla Windows 10 system shows me 1199px x 600px when maximizing the window.Testing 9.5a12 on a vanilla Windows 10 system shows me 1199px x 600px when maximizing the window.