|
|
|
|
|
[[PageOutline]]
|
|
|
|
|
|
= The Tor Browser Hacking Guide =
|
|
|
|
|
|
Welcome to the Official Tor Browser Hacking Guide. This page is meant to give you an overview of how to get started with Tor Browser development.
|
|
|
|
|
|
This page covers building the browser, debugging the browser, how we communicate and use trac to organize our issues and development process, what goes into the browser itself, and also provides links to other development resources and information.
|
|
|
|
|
|
= Ways to Build Tor Browser =
|
|
|
|
|
|
The first thing you probably want to know is how to obtain the very latest (and sometimes greatest) Tor Browser builds, and how to build your own version of the Tor Browser from our source code. Well wait no further.
|
|
|
|
|
|
== Nightly Builds ==
|
|
|
|
|
|
Currently, nightly builds are available [http://f4amtbsowhix7rrf.onion/tor-browser-builds/ on a .onion site] managed by boklm who is part of the Tor Browser team. If you are prompted for a username and password to access [http://f4amtbsowhix7rrf.onion/tor-browser-builds/ the nightly builds], use "tor-guest" as both the username and password.
|
|
|
|
|
|
As with all of our builds, it should be possible to reproduce byte-for-byte identical versions of all of those binaries from source. To learn how to do that, read on.
|
|
|
|
|
|
== Building Official Tor Browser Release Binaries ==
|
|
|
|
|
|
Our build system is based on [https://gitweb.torproject.org/builders/rbm.git/ rbm], which is developed by boklm. rbm is using [https://github.com/opencontainers/runc runc] to provide a clean, controlled, reproducible build environment in a fully automated fashion. We further wrap rbm with our own helper scripts that download and authenticate inputs, and automate building and assembling each component piece of the browser into a final set of output packages for Linux, MacOS, and Windows. This is done with code in the [https://gitweb.torproject.org/builders/tor-browser-build.git/ tor-browser-build repository].
|
|
|
|
|
|
This system enables us to provide secure, verifiable, byte-for-byte reproducible builds to ensure the integrity of our binaries and to protect the build process from compromise. We have written a pair of blog posts that describe in more detail [https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise why this is important], and the [https://blog.torproject.org/blog/deterministic-builds-part-two-technical-details technical details] behind how this previously got achieved when using the [https://gitian.org/ Gitian system], if you are curious. The new build system based on rbm is working similarly and is facing pretty much the same issues.
|
|
|
|
|
|
To build the Tor Browser, you need essentially a Linux system with runc support. Once that is done, check out a copy of the tor-browser-build repo with:
|
|
|
{{{
|
|
|
git clone https://git.torproject.org/builders/tor-browser-build.git
|
|
|
cd tor-browser-build
|
|
|
}}}
|
|
|
|
|
|
After that you might need to install the additional dependencies [https://gitweb.torproject.org/builders/tor-browser-build.git/tree/README mentioned in the README file] and you should be able to run 'make', 'make alpha', 'make nightly', or 'make testbuild' to build the entire bundle for all three platforms. The build scripts will detect any additional packages or configuration you need to perform on your system.
|
|
|
|
|
|
Inside that directory you will also see a [https://gitweb.torproject.org/builders/tor-browser-build.git/tree/README.BUILD_ERRORS README.BUILD_ERRORS file] with further information, should you run into any issues.
|
|
|
|
|
|
== Reproducing an Existing Build ==
|
|
|
The Tor Browser build process is using signed tags for official builds. Stable tags follow the scheme 'tbb-X.X.X-buildN' where 'X' are figures building the version number (like '7.5') and 'buildN' specifies the build number for this particular browser version (e.g. 'build3'). Tags for the alpha releases are similar but contain an 'a' in it like 'tbb-8.0a1-build3'.
|
|
|
|
|
|
Once you know which version you want to reproduce check out the tag containing the latest build number and start doing a 'make' if it is a stable version or 'make alpha' if it is part of the alpha series.
|
|
|
|
|
|
At the end of the build you should end up with a 'sha256sums-unsigned-build.txt' file containing all the SHA-256 sums of the bundles and related packages in alpha/unsigned/your-tor-browser-version (or release/unsigned/your-tor-browser-version, respectively). They should match the official hash sums we have produced.
|
|
|
|
|
|
Be aware that this process is not fully future-proof. In particular, if Debian has updated their development tool chain since the bundles have been built, you may encounter differences between your resulting bundles and the original binaries. This should be rare, however, as we use only the "Long Term Support" or "Oldstable" of Debian in our build VMs. The only reason they should change the tool chain is in the event of serious security issues in the development tools themselves.
|
|
|
|
|
|
== Partial Builds ==
|
|
|
|
|
|
This section is mostly of interest to developers making changes to Tor Browser or its components, and who wish to test their patches.
|
|
|
|
|
|
=== Building Just Firefox ===
|
|
|
|
|
|
If you want to just develop on the browser without messing with rbm (for example, to have incremental rebuilds of just the files you modify), the best way is to build a new browser distribution and copy the result over an existing Tor Browser directory.
|
|
|
|
|
|
Clone the [https://gitweb.torproject.org/tor-browser.git Tor Browser repo].
|
|
|
|
|
|
To build it, from the top directory of the `tor-browser` repo, do:
|
|
|
|
|
|
{{{
|
|
|
# Install a subset of the packages listed in
|
|
|
# https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/gitian/descriptors/linux/gitian-firefox.yml#l8
|
|
|
# Mostly, we don't need `libiw-dev` or `faketime`, but we *do* need `pkg-config`.
|
|
|
|
|
|
sudo torsocks apt-get install \
|
|
|
--no-install-suggests --no-install-recommends \
|
|
|
zip \
|
|
|
unzip \
|
|
|
libglib2.0-dev \
|
|
|
libgconf2-dev \
|
|
|
libgtk2.0-dev \
|
|
|
libdbus-1-dev \
|
|
|
libdbus-glib-1-dev \
|
|
|
yasm \
|
|
|
libasound2-dev \
|
|
|
libcurl4-openssl-dev \
|
|
|
libxt-dev \
|
|
|
mesa-common-dev \
|
|
|
autoconf \
|
|
|
autoconf2.13 \
|
|
|
libtool \
|
|
|
hardening-wrapper \
|
|
|
libgstreamer-plugins-base0.10-dev \
|
|
|
pkg-config \
|
|
|
g++ \
|
|
|
libpulse-dev
|
|
|
|
|
|
# On Ubuntu 17.10 gcc and g++ are version 7
|
|
|
# when used firefox gets a bunch of weird rendering issues so we have to force usage of gcc and g++ version 6
|
|
|
|
|
|
sudo torsocks apt-get install gcc-6 g++-6
|
|
|
|
|
|
# Add following lines to .mozconfig in tor-browser root:
|
|
|
export CC=gcc-6
|
|
|
export CXX=g++-6
|
|
|
|
|
|
# If you are building a nightly build or a release starting with 9.0a1, include the sources of tor-launcher to the browser/extensions repository.
|
|
|
git clone https://git.torproject.org/tor-launcher
|
|
|
mv tor-launcher browser/extensions/
|
|
|
|
|
|
# Generate the configure scripts:
|
|
|
./mach configure --with-tor-browser-version=tbb-nightly --with-distribution-id=org.torproject --enable-update-channel=default --enable-bundled-fonts
|
|
|
|
|
|
# And... compile and package:
|
|
|
./mach build
|
|
|
./mach build stage-package
|
|
|
|
|
|
# Point the INSTDIR at an existing TBB directory:
|
|
|
export INSTDIR="$HOME/tbb/test/tor-browser_en-US"
|
|
|
|
|
|
# Move the compiled firefox on top of the old TBB browser dir:
|
|
|
cp -a obj-*/dist/firefox/* $INSTDIR/Browser/
|
|
|
|
|
|
# If you want a smaller binary to copy into a vm/other machine for tests:
|
|
|
strip --strip-all $INSTDIR/Browser/*
|
|
|
rm -f $INSTDIR/Browser/firefox-bin
|
|
|
|
|
|
}}}
|
|
|
|
|
|
If that completes successfully, then your fresh build of Firefox should exist at `$INSTDIR/Browser/firefox`. Free the lizard.
|
|
|
|
|
|
=== Building Just Tor Launcher Or Torbutton ===
|
|
|
|
|
|
If you are only modifying one of our support addons (such as Tor Launcher or Torbutton) then you only need to create a new XPI and then copy it into an existing bundle.
|
|
|
|
|
|
For Tor Launcher:
|
|
|
|
|
|
{{{
|
|
|
|
|
|
# Point the INSTDIR at an existing TBB directory:
|
|
|
export INSTDIR="$HOME/tbb/test/tor-browser_en-US"
|
|
|
|
|
|
git clone https://git.torproject.org/tor-launcher.git
|
|
|
cd tor-launcher
|
|
|
# do some work
|
|
|
make package # should give you an xpi under ./pkg. Note the full filename and version in the output
|
|
|
cp pkg/tor-launcher-0.2.7.6.xpi $INSTDIR/Browser/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi
|
|
|
|
|
|
}}}
|
|
|
|
|
|
For Torbutton:
|
|
|
|
|
|
{{{
|
|
|
|
|
|
# Point the INSTDIR at an existing TBB directory:
|
|
|
export INSTDIR="$HOME/tbb/test/tor-browser_en-US"
|
|
|
|
|
|
git clone https://git.torproject.org/torbutton.git
|
|
|
cd torbutton
|
|
|
# do some work
|
|
|
./makexpi.sh # Will create an xpi in pkg, but you need to find the version for the next step
|
|
|
cp pkg/torbutton-1.9.3.1.xpi $INSTDIR/Browser/TorBrowser/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi
|
|
|
|
|
|
}}}
|
|
|
|
|
|
Now, you should be able to start Tor Browser in $INSTDIR normally. To run multiple copies at once, see the next section.
|
|
|
|
|
|
= Building Orfox =
|
|
|
|
|
|
This section is of interest to developers making changes to the closest version of Tor Browser on Android or its components (e.g. Orbot), and who wish to test their patches.
|
|
|
|
|
|
== Orfox ==
|
|
|
|
|
|
If you're familiar with Tor Browser and how it uses two repositories, tor-browser.git and tor-browser-build.git, then Orfox similarly uses two repositories, too.
|
|
|
|
|
|
The first repo is tor-browser.git.
|
|
|
- Currently, all Orfox-specific patches are merged onto the alpha branch (tor-browser-52.7.3esr-8.0-1) in main tor-browser.git repo.
|
|
|
- We are maintaining the stable branch in user repos, right now.
|
|
|
- https://github.com/igortoliveira/tor-browser/tree/Orfox-tor-browser-52.7.2esr-7.5-1
|
|
|
- https://gitweb.torproject.org/user/sysrqb/tor-browser.git/log/?h=tor-browser-52.7.3esr-7.5-1
|
|
|
|
|
|
The second repo is the Orfox repo. This serves the same purpose as tor-browser-build.
|
|
|
|
|
|
=== Compiling Orfox ===
|
|
|
|
|
|
If you simply want to build an Orfox APK, then these are the instructions for you. We assume you are using a Debian Jessie (OldStable) environment.
|
|
|
|
|
|
1) Clone tor-browser.git
|
|
|
- As mentioned above, unfortunately there are different git repositories depending for the current stable branch (Tor Browser 7.5) and the alpha branch (Tor Browser 8.0)
|
|
|
- If you are building the stable branch then you can clone sysrqb's user repo
|
|
|
- If you are building the alpha branch, then you can use the official Tor Browser git repo
|
|
|
|
|
|
Stable:
|
|
|
{{{
|
|
|
$ git clone https://git.torproject.org/user/sysrqb/tor-browser.git
|
|
|
# or
|
|
|
$ torsocks git clone http://dccbbv6cooddgcrq.onion/user/sysrqb/tor-browser.git
|
|
|
}}}
|
|
|
|
|
|
Alpha:
|
|
|
{{{
|
|
|
$ git clone https://git.torproject.org/tor-browser.git
|
|
|
# or
|
|
|
$ torsocks git clone http://dccbbv6cooddgcrq.onion/tor-browser.git
|
|
|
}}}
|
|
|
|
|
|
This will take some time, please be patient.
|
|
|
|
|
|
2a) Checkout the stable branch
|
|
|
{{{
|
|
|
$ cd tor-browser
|
|
|
$ git checkout Orfox-tor-browser-52.7.3esr-7.5-1
|
|
|
}}}
|
|
|
|
|
|
2b) Checkout the alpha branch
|
|
|
{{{
|
|
|
$ cd tor-browser
|
|
|
$ git checkout tor-browser-52.7.3esr-8.0-1
|
|
|
}}}
|
|
|
|
|
|
The full checkout is ~3.2 GB.
|
|
|
|
|
|
3) There are many dependencies for building Firefox (and Tor Browser). Mozilla provide a mechanism for downloading and installing everything needed. This does require root access via sudo.
|
|
|
{{{
|
|
|
$ ./mach bootstrap
|
|
|
}}}
|
|
|
|
|
|
At the first menu, you most likely want option "4. Firefox for Android".
|
|
|
|
|
|
This downloads all the needed Android dependencies, as well. Sadly, the script doesn't verify the binaries downloaded from Google's servers.
|
|
|
|
|
|
4) If you don't have mercurial already installed, it will prompt. Using apt, option 2, is good enough (but you can select installing from pip if you want).
|
|
|
|
|
|
5) Boostrap checks the installed python version, if it is new enough then it will tell you
|
|
|
{{{
|
|
|
Your version of Python (2.7.9) is new enough.
|
|
|
}}}
|
|
|
|
|
|
6) Ready for building! Hopefully you have a message like this (if not, please ask us for help if you can't find why):
|
|
|
{{{
|
|
|
Your system should be ready to build Firefox for Android!
|
|
|
|
|
|
|
|
|
Paste the lines between the chevrons (>>> and <<<) into your mozconfig file:
|
|
|
|
|
|
<<<
|
|
|
# Build Firefox for Android:
|
|
|
ac_add_options --enable-application=mobile/android
|
|
|
ac_add_options --target=arm-linux-androideabi
|
|
|
|
|
|
# With the following Android SDK and NDK:
|
|
|
ac_add_options --with-android-sdk="/home/<user>/.mozbuild/android-sdk-linux"
|
|
|
ac_add_options --with-android-ndk="/home/<user>/.mozbuild/android-ndk-r11b"
|
|
|
>>>
|
|
|
}}}
|
|
|
|
|
|
Don't copy those lines into your mozconfig (except if you really want to and/or you know what you're doing). We already have a mozconfig for Orfox and we'll use that, instead.
|
|
|
|
|
|
7) Build tools. The bootstrap script expects a different version of the Android Build Tools than is actually available with the SDK version. It wants build-tools-23.0.3 but build-tools-23.0.1 is available.
|
|
|
|
|
|
{{{
|
|
|
We are now installing the following Android packages:
|
|
|
tools, platform-tools, build-tools-23.0.3, android-23, extra-google-m2repository, extra-android-m2repository
|
|
|
You may be prompted to agree to the Android license. You may see some of
|
|
|
output as packages are downloaded and installed.
|
|
|
|
|
|
Refresh Sources:
|
|
|
Fetching https://dl-ssl.google.com/android/repository/addons_list-2.xml
|
|
|
Validate XML
|
|
|
Parse XML
|
|
|
Fetched Add-ons List successfully
|
|
|
Refresh Sources
|
|
|
[...]
|
|
|
Error: Ignoring unknown package filter 'build-tools-23.0.3'
|
|
|
}}}
|
|
|
|
|
|
As a short-term workaround, we'll manually install older version and then symlink them.
|
|
|
{{{
|
|
|
$ ${HOME}/.mozbuild/android-sdk-linux/tools/android update sdk --no-ui --all --filter build-tools-23.0.1
|
|
|
$ # Accept the license agreement
|
|
|
|
|
|
Installing Archives:
|
|
|
Preparing to install archives
|
|
|
Downloading Android SDK Build-tools, revision 23.0.1
|
|
|
Installing Android SDK Build-tools, revision 23.0.1
|
|
|
Installed Android SDK Build-tools, revision 23.0.199%)
|
|
|
Done. 1 package installed.
|
|
|
$ ln -s ${HOME}/.mozbuild/android-sdk-linux/build-tools/23.0.{1,3}
|
|
|
}}}
|
|
|
|
|
|
The last line abuses a bash-ism - Brace Expansion.
|
|
|
|
|
|
Excellent! Now we'll set the MOZCONFIG environment variable as the mozconfig we want to build, and we'll set the SDK and NDK paths.
|
|
|
{{{
|
|
|
$ export MOZCONFIG=.mozconfig-orfox
|
|
|
$ export NDK_BASE=${HOME}/.mozbuild/android-ndk-r11b/
|
|
|
$ export SDK_BASE=${HOME}/.mozbuild/android-sdk-linux/
|
|
|
}}}
|
|
|
|
|
|
And now three more steps, we configure, build, and package Orfox!
|
|
|
|
|
|
Configure!
|
|
|
{{{
|
|
|
$ ./mach configure
|
|
|
[...]
|
|
|
0:04.75 Creating config.status
|
|
|
0:04.80 Reticulating splines...
|
|
|
0:09.69 Finished reading 799 moz.build files in 1.48s
|
|
|
0:09.69 Processed into 6210 build config descriptors in 0.99s
|
|
|
0:09.69 RecursiveMake backend executed in 2.15s
|
|
|
0:09.69 1775 total backend files; 0 created; 0 updated; 1775 unchanged; 0 deleted; 42 -> 621 Makefile
|
|
|
0:09.69 FasterMake backend executed in 0.12s
|
|
|
0:09.69 6 total backend files; 0 created; 0 updated; 6 unchanged; 0 deleted
|
|
|
0:09.69 Total wall time: 4.90s; CPU time: 4.70s; Efficiency: 96%; Untracked: 0.15s
|
|
|
0:09.73 =============
|
|
|
0:09.73 ADVERTISEMENT
|
|
|
0:09.73
|
|
|
0:09.73 You are building Firefox for Android. After your build completes, you can open
|
|
|
0:09.73 the top source directory in IntelliJ or Android Studio directly and build using
|
|
|
0:09.73 Gradle. See the documentation at
|
|
|
0:09.73
|
|
|
0:09.73 https://developer.mozilla.org/en-US/docs/Simple_Firefox_for_Android_build
|
|
|
0:09.73
|
|
|
0:09.73 PLEASE BE AWARE THAT GRADLE AND INTELLIJ/ANDROID STUDIO SUPPORT IS EXPERIMENTAL.
|
|
|
0:09.73 You should verify any changes using |mach build|.
|
|
|
0:09.73 =============
|
|
|
Configure complete!
|
|
|
Be sure to run |mach build| to pick up any changes
|
|
|
}}}
|
|
|
|
|
|
Build!
|
|
|
{{{
|
|
|
$ ./mach build
|
|
|
[...]
|
|
|
22:23.59 Overall system resources - Wall time: 1343s; CPU: 52%; Read bytes: 92479488; Write bytes: 5720313856; Read time: 47564; Write time: 3477320
|
|
|
22:23.59 Swap in/out (MB): 0/0
|
|
|
22:24.01 ccache (direct) hit rate: 0.0%; (preprocessed) hit rate: 0.0%; miss rate: 100.0%
|
|
|
22:24.03 Notification center failed: Install the python dbus module to get a notification when the build finishes.
|
|
|
22:24.03 We know it took a while, but your build finally finished successfully!
|
|
|
To view resource usage of the build, run |mach resource-usage|.
|
|
|
For more information on what to do now, see https://developer.mozilla.org/docs/Developer_Guide/So_You_Just_Built_Firefox
|
|
|
}}}
|
|
|
|
|
|
Package!
|
|
|
{{{
|
|
|
$ ./mach package
|
|
|
[...]
|
|
|
0:29.63 Verification succesful
|
|
|
0:29.63 Testing is disabled - No Android Robocop for you
|
|
|
0:29.63 Install bouncer is disabled - No trampolines for you
|
|
|
0:29.63 make[3]: Leaving directory '/home/user/tor-browser/obj-tbb-arm-linux-androideabi/mobile/android/installer'
|
|
|
0:29.63 make[2]: Leaving directory '/home/user/tor-browser/obj-tbb-arm-linux-androideabi/mobile/android/installer'
|
|
|
0:29.63 make[1]: Leaving directory '/home/user/tor-browser/obj-tbb-arm-linux-androideabi/mobile/android/installer'
|
|
|
0:29.63 make: Leaving directory '/home/user/tor-browser/obj-tbb-arm-linux-androideabi'
|
|
|
0:29.64 Notification center failed: Install the python dbus module to get a notification when the build finishes.
|
|
|
}}}
|
|
|
|
|
|
The resulting, packaged, APK is under `obj-tbb-arm-linux-androideabi/dist`
|
|
|
{{{
|
|
|
ls -l obj-tbb-arm-linux-androideabi/dist/fennec*.apk
|
|
|
-rw-r--r-- 1 user user 29689027 Mar 26 12:19 obj-tbb-arm-linux-androideabi/dist/fennec-52.7.3.en-US.android-arm-unsigned-unaligned.apk
|
|
|
-rw-r--r-- 1 user user 29801794 Mar 26 12:19 obj-tbb-arm-linux-androideabi/dist/fennec-52.7.3.en-US.android-arm.apk
|
|
|
}}}
|
|
|
|
|
|
You can use the second .apk for testing, the first should be signed with the appropriate signing key and distributed.
|
|
|
|
|
|
[[https://developer.mozilla.org/docs/Developer_Guide/So_You_Just_Built_Firefox|Mozilla]] have nice documentation and you may find it helpful.
|
|
|
|
|
|
=== Orfox Release ===
|
|
|
|
|
|
First, you need to check out a copy of the Orfox browser:
|
|
|
|
|
|
{{{
|
|
|
git clone https://github.com/guardianproject/Orfox.git
|
|
|
cd Orfox
|
|
|
./make-release-build
|
|
|
}}}
|
|
|
|
|
|
That is it, if you want to run it, you can use the Android adb tool or
|
|
|
|
|
|
{{{
|
|
|
./mach run
|
|
|
}}}
|
|
|
|
|
|
It will install and run in your android device.
|
|
|
|
|
|
== Orbot ==
|
|
|
|
|
|
If you want to modify Orbot, this section is for you:
|
|
|
|
|
|
=== Dependencies ===
|
|
|
|
|
|
||= Dependency =||= version =||
|
|
|
|| Android SDK Tools || 25 ||
|
|
|
|| Android Build Tools || 26.0.2 ||
|
|
|
|| Android NDK || r11b ||
|
|
|
|
|
|
|
|
|
=== Fetching and Building ===
|
|
|
|
|
|
First, you need to check out a copy of the orbot repo with:
|
|
|
|
|
|
{{{
|
|
|
git clone https://github.com/n8fr8/orbot.git
|
|
|
cd orbot
|
|
|
git submodule update --init --recursive
|
|
|
}}}
|
|
|
|
|
|
To build it (in debug mode), from the top directory of the orbot repo, do:
|
|
|
|
|
|
{{{
|
|
|
./gradlew assembleDebug
|
|
|
}}}
|
|
|
|
|
|
The command will generate an APK (self signed) that can be used in you device or simulator.
|
|
|
|
|
|
= Running Multiple Tor Browsers =
|
|
|
|
|
|
Now that you have a developer build (or several builds), you probably want to know how to run more than one of them at once. There are two main ways to do this: reusing an existing Tor process, and launching Tor process on a new pair of SOCKS and Control ports.
|
|
|
|
|
|
== Using an Existing Tor Process ==
|
|
|
|
|
|
Let's assume that Tor process is listening on port 9150 for SOCKS, and 9151 for the control port.
|
|
|
|
|
|
{{{
|
|
|
export TOR_SOCKS_PORT=9150
|
|
|
export TOR_CONTROL_PORT=9151
|
|
|
export TOR_CONTROL_COOKIE_AUTH_FILE=~/tbb/tor-browser_en-US/Browser/TorBrowser/Data/Tor/control_auth_cookie
|
|
|
export TOR_SKIP_LAUNCH=1
|
|
|
|
|
|
cd $INSTDIR # from the 'Partial Builds' section above
|
|
|
./start-tor-browser.desktop
|
|
|
}}}
|
|
|
|
|
|
== Launching Tor with an Alternate SOCKS and Control port ==
|
|
|
|
|
|
If you need to test Tor Launcher changes, you probably want to launch the Tor process too. Here's a quick hack to put that on a different port pair (9250 and 9251):
|
|
|
|
|
|
{{{
|
|
|
export TOR_SOCKS_PORT=9250
|
|
|
export TOR_CONTROL_PORT=9251
|
|
|
unset TOR_SKIP_LAUNCH
|
|
|
unset TOR_CONTROL_COOKIE_AUTH_FILE
|
|
|
|
|
|
cd $INSTDIR # From the 'Partial Builds' section above
|
|
|
./start-tor-browser.desktop
|
|
|
}}}
|
|
|
|
|
|
= Tor Browser Team Communication and Organizational Patterns =
|
|
|
|
|
|
The Tor Browser development team is very geographically distributed. We use a few different written forms of communication to discuss development over the Internet: Mailing lists, IRC, and this bug tracker. We also hold weekly IRC meetings.
|
|
|
|
|
|
== Communication Mechanisms and Meetings ==
|
|
|
|
|
|
The mailinglist for Tor Browser development discussion is [https://lists.torproject.org/pipermail/tbb-dev/ tbb-dev]. You can also subscribe to the list of Tor Browser code commits via [https://lists.torproject.org/pipermail/tbb-commits/ tbb-commits]. All updates to Tor Browser specific bugs are sent to [https://lists.torproject.org/pipermail/tbb-bugs/ tbb-bugs]. Release tags and test builds are posted to [https://lists.torproject.org/pipermail/tor-qa/ tor-qa] for community review and testing.
|
|
|
|
|
|
Our primary mode of day-to-day communication is the #tor-dev IRC channel on irc.oftc.net (port 6697 is ssl). We hold weekly meetings on this IRC channel at 19:00 UTC on Mondays. For details on our meeting format, please see the [https://lists.torproject.org/pipermail/tbb-dev/2014-February/000000.html original meeting announcement post] (note however that the time has changed since that posting).
|
|
|
|
|
|
== How we use Trac ==
|
|
|
|
|
|
For historical reasons, Tor Browser tickets are spread across several Trac components: "Tor bundles/installation", "TorBrowserButton", "Firefox Patch Issues", and "Tor Launcher". We are considering consolidating many of these components and switching to keywords instead, but that hasn't happened yet.
|
|
|
|
|
|
=== Trac Keywords ===
|
|
|
|
|
|
What follows is a partial list of trac keywords we use to categorize issues, independent of the component they actually arise in.
|
|
|
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-crash tbb-crash]::
|
|
|
Tickets that represent reported crash or hang issues
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-usability tbb-usability]::
|
|
|
Tickets that represent usability issues. Has many subcategories as suffixes of tbb-usability.
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-usability-stoppoint tbb-usability-stoppoint]::
|
|
|
Tickets that represent usability issues that cause users to be unable to use TBB (this is a subset of the previous query)
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-helpdesk-frequent tbb-helpdesk-frequent]::
|
|
|
Tickets that represent frequently encountered support issues or blog/twitter commentary
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-linkability tbb-linkability]::
|
|
|
Tickets that represent a violation of our identifier unlinkability [https://www.torproject.org/projects/torbrowser/design/#privacy Privacy Requirement].
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting tbb-fingerprinting]::
|
|
|
Tickets that represent a violation of our fingerprinting unlinkability [https://www.torproject.org/projects/torbrowser/design/#privacy Privacy Requirement]. There are many subcategories of this tag as suffixes.
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-disk-leak tbb-disk-leak]::
|
|
|
Tickets that represent a violation of our Disk Avoidance [https://www.torproject.org/projects/torbrowser/design/#security Security Requirement].
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-newnym tbb-newnym]::
|
|
|
Tickets for problems with "New Identity"
|
|
|
[https://trac.torproject.org/projects/tor/query?keywords=~tbb-testcase tbb-testcase]::
|
|
|
Tickets for which we would like to have an automated testcase to prevent regressions.
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-security tbb-security]::
|
|
|
Tickets for hardening TBB against exploitation.
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-needs tbb-needs]::
|
|
|
Tickets in other Tor components that TBB needs solved.
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-mobile tbb-mobile]::
|
|
|
Tickets for work on Tor Browser for mobile in particular
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-spec tbb-spec]::
|
|
|
Tickets for work on Tor Browser's design documentation
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-security-slider tbb-security-slider]::
|
|
|
Tickets for work on Tor Browser's security slider
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-update tbb-update]::
|
|
|
Tickets for work on Tor Browser's update related code.
|
|
|
[https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-parity tbb-parity]::
|
|
|
Tickets for work on feature parity between Tor Browser on different platforms.
|
|
|
[https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=closed&status=merge_ready&status=needs_information&status=needs_review&status=needs_revision&status=new&status=reopened&keywords=%24tbb-backport&order=priority tbb-backport]::
|
|
|
Tickets that we could consider for backporting from the current alpha to the current stable series. The keyword gets cleared with every new major stable release and the cycle start from the beginning.
|
|
|
|
|
|
In addition to this list, if you would like someone to review a patch, you should set the state of that ticket to "needs review" and tag it that that person's name, followed by the year, the month, and the letter 'R'. For example: [https://trac.torproject.org/projects/tor/query?keywords=~MikePerry201311R MikePerry201311R].
|
|
|
|
|
|
= Design and Core Components =
|
|
|
|
|
|
Ok, so you've got the lay of the land now, and want to really dive in. Here's how everything is organized.
|
|
|
|
|
|
== Design Document ==
|
|
|
|
|
|
At a high level, Tor Browser development is driven by the design document: [https://www.torproject.org/projects/torbrowser/design/ The Design and Implementation of the Tor Browser]. This document specifies the [https://www.torproject.org/projects/torbrowser/design/#DesignRequirements Design Requirements and Philosophy] that guides our development decisions and our modifications to Firefox, provides an [https://www.torproject.org/projects/torbrowser/design/#adversary adversary model], and provides a [https://www.torproject.org/projects/torbrowser/design/#Implementation high level description] of the actual changes we have made to Firefox.
|
|
|
|
|
|
== Component Source Repositories ==
|
|
|
|
|
|
The Tor Browser is actually built from several components. Here are the main ones specific to the browser itself.
|
|
|
|
|
|
=== Firefox Branch Repo ===
|
|
|
|
|
|
We maintain a branch of the latest Firefox "[https://www.mozilla.org/en-US/firefox/organizations/ Extended Support Release]" (ESR) series, to which we have applied multiple patches to satisfy our design requirements and build security needs.
|
|
|
|
|
|
These branches live in the [https://gitweb.torproject.org/tor-browser.git tor-browser git repo]. The branches are named for the Firefox version they are based off of, along with an integer signifying a rebase number. To learn which branch a particular build uses, inspect its version file. The version file lists a tag for the specific commit used. This tag is derived from the branch name and an additional specific build number.
|
|
|
|
|
|
=== Torbutton ===
|
|
|
|
|
|
[https://gitweb.torproject.org/torbutton.git/ Torbutton] is an addon with a long and storied history. It originated as ProxyButton (a simple Firefox addon to toggle proxy settings), which was rethemed by Scott Squires and configured specifically for Tor's proxy settings. After that initial work, Mike Perry began development to address the numerous security issues that arose when browser state from non-Tor activity leaked into Tor browsing mode, and vice-versa. This toggle mode was [https://blog.torproject.org/blog/toggle-or-not-toggle-end-torbutton deprecated in favor of a standalone browser] several years back.
|
|
|
|
|
|
As a result, Torbutton contains a lot of cruft code specific to the toggle behavior that has not yet been removed, but is otherwise inactive. However, it still provides a few privacy features by way of observers and other extension-level changes to Firefox to improve privacy and Tor security.
|
|
|
|
|
|
=== Tor Launcher ===
|
|
|
|
|
|
[https://gitweb.torproject.org/tor-launcher.git Tor Launcher] is a Firefox addon that acts as a Tor Controller. It handles launching and configuring Tor for use with the browser. It also is compatible with Thunderbird, InstantBird, and XULRunner, and is used by the [https://tails.boum.org/ Tails project] as well.
|
|
|
|
|
|
=== HTTPS-Everywhere ===
|
|
|
|
|
|
[https://gitweb.torproject.org/https-everywhere.git HTTPS-Everywhere] contains tens of thousands of URL rewrite rules to enforce HTTPS for sites that support both HTTP and HTTPS URL schemes.
|
|
|
|
|
|
=== NoScript ===
|
|
|
|
|
|
We don't modify NoScript directly, however we do have a number of preferences changes to it and other addons in the [https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js tor-browser-bundle preferences file] in the bundle layout directories.
|
|
|
|
|
|
If you're interested in bisecting or otherwise tracking down a particular NoScript change, bug, or issue, avian2 maintains a complete [https://github.com/avian2/noscript git repository for NoScript], with one commit per NoScript release (including alphas, betas, and rc releases).
|
|
|
|
|
|
=== Pluggable Transports ===
|
|
|
|
|
|
Tor Browser includes several [https://www.torproject.org/docs/pluggable-transports.html.en pluggable transports], which are a network traffic transformation layer to help avoid censorship and filtering mechanisms. If you are interested in getting your own pluggable transport added to the bundle, the FTE transport work is a good example to follow.
|
|
|
|
|
|
The [https://trac.torproject.org/projects/tor/ticket/10362 original ticket for FTE] is a good starting point. It resulted in a [https://gitweb.torproject.org/builders/tor-browser-bundle.git/diff?id=8f8a4cd59bfe07e5b8c12e3990627544d9caeab4&id2=a1bab4013e149eb698a2fe6fb456d96bcf4d520e clean branch] that merged easily.
|
|
|
|
|
|
Pluggable Transport Bridges are specified in [https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/Bundle-Data/PTConfigs/bridge_prefs.js the bridge_prefs.js] configuration file in the Bundle Skeleton directory.
|
|
|
|
|
|
= Debugging the Tor Browser =
|
|
|
|
|
|
There are a few different ways to debug the Tor Browser, depending on the component involved. We'll focus on the extensions and the browser itself here.
|
|
|
|
|
|
== Enabling debug logs in extensions ==
|
|
|
|
|
|
To enable extension debug logging, set these preferences in your `about:config`:
|
|
|
|
|
|
|| SETTING NAME || VALUE ||
|
|
|
|| extensions.torbutton.loglevel || 2 ||
|
|
|
|| extensions.torbutton.logmethod || 0 ||
|
|
|
|| extensions.https_everywhere.LogLevel || 2 ||
|
|
|
|| extensions.https_everywhere.log_to_stdout || true ||
|
|
|
|| extensions.torlauncher.loglevel || 2 ||
|
|
|
|| extensions.torlauncher.logmethod || 0 ||
|
|
|
|
|
|
Lower levels are more verbose, but if you go much below 2, you will likely be overwhelmed and/or the browser will be extremely slow.
|
|
|
|
|
|
If you want to save your logs to a file, you need to use the --log argument to start-tor-browser.desktop. It takes an optional filename. Without a filename, it writes tor-browser.log in the current directory:
|
|
|
|
|
|
{{{
|
|
|
$ ./start-tor-browser.desktop --log
|
|
|
$ tail -f tor-browser.log
|
|
|
}}}
|
|
|
|
|
|
== Offline Logging/Tracing ==
|
|
|
|
|
|
Sometimes you need to resort to printf style debugging (for instance, on platforms which do not have debug symbols) or you are diagnosing a race condition that's highly sensitive to timing. In such cases, check out [https://github.com/pospeselr/tbblogger TbbLogger] ( https://github.com/pospeselr/tbblogger ).
|
|
|
|
|
|
Apply the TbbLogger.patch to your firefox sources and you will be able to include the TbbLogger.h header throughout the firefox code base. This header defines two macros for your enjoyment: **TBB_LOG**(format-string, ...) and **TBB_TRACE**().
|
|
|
|
|
|
The **TBB_LOG** macro allow tracing using fmtlib ( http://fmtlib.net/latest/syntax.html ) formatting with some extra debug info: timestamp, parent/child content process, thread id, and log location. The **TBB_TRACE** macro does not include any message. This information, plus your format-string and args, are serialized to disk on a background thread as a binary blob. Logs are converted to plain-text via an offline 'aggregate' tool which will convert the binary blob to formatted messages sorted by timestamp. The timestamps ensure that messages are written in the order they actually happened, even between the parent and child content processes.
|
|
|
|
|
|
=== Example Usage ===
|
|
|
|
|
|
==== Source ====
|
|
|
|
|
|
{{{
|
|
|
...
|
|
|
#include "TbbLogger.h"
|
|
|
...
|
|
|
void function_name()
|
|
|
{
|
|
|
...
|
|
|
TBB_TRACE();
|
|
|
int some_int = 100;
|
|
|
double some_double = 34.0;
|
|
|
TBB_LOG("This is some logging %i %f", some_int, some_double);
|
|
|
...
|
|
|
}
|
|
|
}}}
|
|
|
|
|
|
==== Aggregate ====
|
|
|
|
|
|
{{{
|
|
|
$ ./aggregate /tmp/firefox/*.bin
|
|
|
[0.000323][Parent][29958] function_name in Test.cpp:18
|
|
|
[0.000324][Parent][29958] function_name in Test.cpp:22 This is some logging 100 34.000000
|
|
|
}}}
|
|
|
|
|
|
== Using the Javascript Debugger ==
|
|
|
|
|
|
XXX: Write or link to some documentation on using Venkman/JSD for extension debugging. There are two options for this: Venkman and the in-browser debugger. For TBB pre-5.0, Venkman was the way (https://addons.mozilla.org/en-us/firefox/addon/javascript-debugger/). However, it is no longer supported. Instead, the built-in debugger must be used:
|
|
|
https://developer.mozilla.org/en-US/docs/Debugging_JavaScript#JavaScript_Debugger
|
|
|
|
|
|
== Debugging on Windows ==
|
|
|
|
|
|
Firstly, ignore the 'Using gdb' section immediately after this one, that's only for Linux. Then go to [https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking/DebuggingOnWindows DebuggingOnWindows]
|
|
|
|
|
|
== Using gdb ==
|
|
|
|
|
|
=== Using Debug Symbols ===
|
|
|
|
|
|
If you're going to use GDB to debug an issue, the first thing you want is debug symbols. Tor Browser builds detached debug symbols for tor and firefox.
|
|
|
|
|
|
In the bundle release download directory there should be a `tor-browser-linux64-debug.zip` file. Unfortunately, the directory structure of the debug zip doesn't exactly match what you need in order for gdb to find the symbols automatically. For the tor-browser-linux symbols, unzip the file in the bundle root directory, and then relocate it to the .debug subdirectory of Browser, like so:
|
|
|
|
|
|
{{{
|
|
|
$ cd tor-browser_en-US
|
|
|
$ wget https://dist.torproject.org/torbrowser/8.5a11/tor-browser-linux64-debug.tar.xz
|
|
|
$ tar xavf tor-browser-linux64-debug.tar.xz
|
|
|
$ mv Debug/Browser Browser/.debug
|
|
|
$ gdb ./Browser/firefox.real
|
|
|
}}}
|
|
|
|
|
|
At this point, gdb should find all of the Firefox symbols automatically upon every invocation, and you can either attach to an existing process ID or launch firefox directly, as described in the following sections below.
|
|
|
|
|
|
=== Attaching an already running TBB ===
|
|
|
|
|
|
You can attach a gdb instance to an already running TBB firefox process. To do this, find the pid of your running TBB firefox.real, then tell gdb to attach the running process (note that on some systems you may need to run gdb as root for this to work):
|
|
|
|
|
|
{{{
|
|
|
$ for p in `pgrep firefox.real` ; do ps -v $p ; done
|
|
|
[...find the pid for your TBB firefox...]
|
|
|
$ gdb ./Browser/firefox.real
|
|
|
(gdb) attach <pid>
|
|
|
}}}
|
|
|
|
|
|
=== Starting firefox from inside gdb ===
|
|
|
|
|
|
Assuming you run an alpha build, starting firefox inside gdb:
|
|
|
|
|
|
{{{
|
|
|
$ gdb ./Browser/firefox.real
|
|
|
(gdb) set env LD_LIBRARY_PATH=Browser/TorBrowser/Tor
|
|
|
(gdb) set env SELFRANDO_skip_shuffle=
|
|
|
(gdb) run -profile Browser/TorBrowser/Data/Browser/profile.default
|
|
|
}}}
|
|
|
|
|
|
=== Generating and debugging core files ===
|
|
|
|
|
|
If you have a condition that crashes Tor Browser in an unreliable way, one helpful step is to generate a core file for crashes that do happen. To do this, before launching Tor Browser, run:
|
|
|
{{{
|
|
|
$ ulimit -c unlimited
|
|
|
}}}
|
|
|
|
|
|
Then, when Tor Browser crashes, a core file should show up in Browser/core. To debug this core, run:
|
|
|
|
|
|
{{{
|
|
|
$ gdb ./Browser/firefox ./Browser/core
|
|
|
}}}
|
|
|
|
|
|
You can then use the usual gdb commands (backtrace, print, up, down, etc) to inspect the stack, variables, and program state at the time of the crash.
|
|
|
|
|
|
=== Debugging ASan/selfrando builds ===
|
|
|
|
|
|
If you need to debug a hardened build that includes [https://github.com/google/sanitizers/wiki/AddressSanitizer ASan] and [https://github.com/immunant/selfrando selfrando] you have two options.
|
|
|
|
|
|
==== Temporarily disable selfrando ====
|
|
|
|
|
|
If you set the environmental variable `SELFRANDO_skip_shuffle`, selfrando will be disabled and gdb will work as usual. E.g.:
|
|
|
|
|
|
{{{
|
|
|
#!sh
|
|
|
$ gdb -ex "set env LD_LIBRARY_PATH=$PWD/Browser/TorBrowser/Tor" -ex "set env SELFRANDO_skip_shuffle=" \
|
|
|
-ex 'set env ASAN_OPTIONS="detect_leaks=0,abort_on_error=1"' -ex "set env NSS_DISABLE_HW_AES=1" \
|
|
|
--args Browser/firefox -profile Browser/TorBrowser/Data/Browser/profile.default/
|
|
|
}}}
|
|
|
|
|
|
==== Convert ASan's stack trace message ====
|
|
|
|
|
|
This method can be used only to debug a crash. Start Tor Browser with `Browser/start-tor-browser -v`. After the browser crashes, you will see one or more stack traces that look like this:
|
|
|
{{{
|
|
|
==3896==ERROR: AddressSanitizer: heap-use-after-free on address 0x6040003b85e0 at pc 0x7f5dff50f35d bp 0x7ffe516e3a90 sp 0x7ffe516e3a88
|
|
|
READ of size 4 at 0x6040003b85e0 thread T0
|
|
|
SRAT init
|
|
|
#0 0x7f5dff50f35c (/path/to/directory/tor-browser/Browser/libxul.so+0x4af0a9a)
|
|
|
#1 0x7f5dfe153916 (/path/to/directory/tor-browser/Browser/libxul.so+0x4af0d32)
|
|
|
#2 0x7f5e001ae7f6 (/path/to/directory/tor-browser/Browser/libxul.so+0x392d7e8)
|
|
|
[...]
|
|
|
#43 0x418d98 (/path/to/directory/tor-browser/Browser/firefox+0x4089dc)
|
|
|
#44 0x7f5e0b0d8f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
|
|
|
#45 0x41e9dc (/path/to/directory/tor-browser/Browser/firefox+0x408e34)
|
|
|
}}}
|
|
|
|
|
|
To get a meaningful stack trace you need to install a symbolizer (you can install `clang` and use `llvm-symbolizer`). Then, copy the relevant text from ASan's output, pipe it trough [attachment:convert-asan-to-symbolizer.py convert-asan-to-symbolizer.py] and then into the symbolizer. E.g.:
|
|
|
|
|
|
{{{
|
|
|
#!sh
|
|
|
$ xsel -b | ./convert-asan-to-symbolizer.py | llvm-symbolizer-3.4
|
|
|
}}}
|
|
|
|
|
|
The script assumes that debug information is available in `Browser/.debug` (see [#UsingDebugSymbols Using Debug Symbols]).
|
|
|
|
|
|
|
|
|
== Using dtrace ==
|
|
|
|
|
|
Dtrace is a very powerful tracing and debugging system that requires kernel support, however all the '''grown-up''' Operating Systems support it (not supported by Linux).
|
|
|
Like many of the powerful creations of Unix, dtrace immediately gave rise to an orgy of one-liners. That is, one-line dtrace programs that perform a useful task! Like '''awk''', there are many such dtrace one-liners that people have documented and are still useful today, often with little or no modification. In fact, you can utilize both '''dtrace''' and '''awk''' in the same command pipeline to create something even more expressive!
|
|
|
|
|
|
The IllumOS (the new OpenSolaris) kernel has support for '''Linux zones''' which can run native x86 32bit and 64bit binaries in an isolated environment. They have done such
|
|
|
a good job at this Linux binary system call emulation that it can run all the normal stuff including systemd and other monstrosities such as htop. ;-p
|
|
|
My Debian 8 image indeed acts like a normal Debian 8 system... although it is definitely not running the Linux kernel.
|
|
|
|
|
|
The host's global zone can be used to dtrace native Linux and Solaris zones. Tor Browser Bundle runs fine using the Linux zones.
|
|
|
|
|
|
[https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/SmartOS_Sandboxing Isolating tor applications with SmartOS]
|
|
|
|
|
|
onion -> noVNC http -> vnc4server -> tbb
|
|
|
|
|
|
'''more dtrace examples'''
|
|
|
[https://wiki.smartos.org/display/DOC/DTrace]
|
|
|
|
|
|
|
|
|
=== dtrace examples for Tor Browser Bundle ===
|
|
|
|
|
|
Many of these examples collect dtrace probe information until the operator hits control-c.
|
|
|
I found many dtrace exmamples. Here's some that might be useful:
|
|
|
|
|
|
Which files does firefox open?
|
|
|
{{{
|
|
|
dtrace -n 'lx-syscall::open*:entry /execname == "firefox"/ { printf("%s %s", execname, copyinstr(arg0)); }
|
|
|
'
|
|
|
dtrace: description 'lx-syscall::open*:entry ' matched 6 probes
|
|
|
CPU ID FUNCTION:NAME
|
|
|
0 3874 open:entry firefox /dev/urandom
|
|
|
0 3874 open:entry firefox /home/human/tor-browser_en-US/Browser/TorBrowser/Tor/libcanberra.so.0
|
|
|
0 3874 open:entry firefox /etc/ld.so.cache
|
|
|
0 3874 open:entry firefox /lib/x86_64-linux-gnu/libcanberra.so.0
|
|
|
0 3874 open:entry firefox /usr/lib/x86_64-linux-gnu/libcanberra.so.0
|
|
|
0 3874 open:entry firefox /lib/libcanberra.so.0
|
|
|
0 3874 open:entry firefox /usr/lib/libcanberra.so.0
|
|
|
0 3874 open:entry firefox /home/human/tor-browser_en-US/Browser/TorBrowser/Tor/libcanberra.so.0
|
|
|
0 3874 open:entry firefox /etc/ld.so.cache
|
|
|
0 3874 open:entry firefox /lib/x86_64-linux-gnu/libcanberra.so.0
|
|
|
0 3874 open:entry firefox /usr/lib/x86_64-linux-gnu/libcanberra.so.0
|
|
|
0 3874 open:entry firefox /lib/libcanberra.so.0
|
|
|
0 3874 open:entry firefox /usr/lib/libcanberra.so.0
|
|
|
0 3874 open:entry firefox /dev/urandom
|
|
|
0 3874 open:entry firefox /dev/urandom
|
|
|
^C
|
|
|
}}}
|
|
|
|
|
|
syscall frequency count
|
|
|
{{{
|
|
|
dtrace -n 'lx-syscall:::entry /pid == 44622/ { @num[probefunc] = count(); }'
|
|
|
dtrace: description 'lx-syscall:::entry ' matched 676 probes
|
|
|
^C
|
|
|
|
|
|
read 725
|
|
|
write 725
|
|
|
writev 1400
|
|
|
futex 3548
|
|
|
poll 5686
|
|
|
recvmsg 6911
|
|
|
clock_gettime 17440
|
|
|
}}}
|
|
|
|
|
|
function and module top 10 frequency count
|
|
|
lx_proc_func_count.d
|
|
|
{{{
|
|
|
#!/usr/sbin/dtrace -s
|
|
|
pid$target:::entry {
|
|
|
@a[probemod,probefunc] = count();
|
|
|
}
|
|
|
END { trunc(@a,10); }
|
|
|
}}}
|
|
|
|
|
|
{{{
|
|
|
./lx_proc_func_count.d -p 44622
|
|
|
dtrace: script './lx_proc_func_count.d' matched 30865 probes
|
|
|
^C
|
|
|
CPU ID FUNCTION:NAME
|
|
|
0 2 :END
|
|
|
|
|
|
firefox realloc 31609
|
|
|
libmozalloc.so moz_xmalloc 33383
|
|
|
libmozalloc.so moz_free 36504
|
|
|
firefox malloc 50687
|
|
|
firefox free 54604
|
|
|
libpthread.so.0 pthread_self 58444
|
|
|
libpthread.so.0 pthread_getspecific 69741
|
|
|
libpthread.so.0 pthread_mutex_unlock 204393
|
|
|
libpthread.so.0 pthread_mutex_lock 204394
|
|
|
libpthread.so.0 __pthread_mutex_unlock_usercnt
|
|
|
}}}
|
|
|
|
|
|
'''lxsockopt.d'''
|
|
|
{{{
|
|
|
#!/usr/sbin/dtrace -s
|
|
|
|
|
|
#pragma D option quiet
|
|
|
|
|
|
/**
|
|
|
PROTO values can be found here:
|
|
|
https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers
|
|
|
SOCKOPT values can be found here:
|
|
|
https://github.com/joyent/illumos-joyent/blob/master/usr/src/lib/brand/lx/lx_brand/common/socket.c
|
|
|
*/
|
|
|
BEGIN
|
|
|
{
|
|
|
printf("%6s %20s %5s %s\n", "PID", "NAME", "PROTO", "SOCKOPT");
|
|
|
}
|
|
|
|
|
|
lx-syscall::setsockopt:entry
|
|
|
{
|
|
|
printf("%6d %20s %5d %d\n", pid, execname, arg1, arg2);
|
|
|
}
|
|
|
}}}
|
|
|
{{{
|
|
|
./lxsockopt.d
|
|
|
PID NAME PROTO SOCKOPT
|
|
|
44622 firefox 6 1
|
|
|
15388 tor 1 2
|
|
|
44622 firefox 6 4
|
|
|
44622 firefox 6 5
|
|
|
44622 firefox 6 6
|
|
|
44622 firefox 6 4
|
|
|
44622 firefox 6 5
|
|
|
44622 firefox 6 6
|
|
|
44622 firefox 1 9
|
|
|
44622 firefox 6 4
|
|
|
44622 firefox 6 5
|
|
|
44622 firefox 6 6
|
|
|
44622 firefox 1 9
|
|
|
}}}
|
|
|
|
|
|
track malloc allocations
|
|
|
{{{
|
|
|
dtrace -n 'pid8880::malloc:entry { printf ("Firefox is asking for %d bytes", arg0); }'
|
|
|
|
|
|
0 74421 malloc:entry Firefox is asking for 24 bytes
|
|
|
0 74421 malloc:entry Firefox is asking for 48 bytes
|
|
|
0 74421 malloc:entry Firefox is asking for 16 bytes
|
|
|
0 74421 malloc:entry Firefox is asking for 32 bytes
|
|
|
0 74421 malloc:entry Firefox is asking for 16 bytes
|
|
|
0 74421 malloc:entry Firefox is asking for 8176 bytes
|
|
|
}}}
|
|
|
|
|
|
in real-time, find all the code modules which utilize '''malloc''':
|
|
|
{{{
|
|
|
dtrace -l -n 'pid$1::malloc:entry' 1774
|
|
|
|
|
|
ID PROVIDER MODULE FUNCTION NAME
|
|
|
74421 pid1774 firefox malloc entry
|
|
|
74578 pid1774 LMfd`ld.so.1 malloc entry
|
|
|
75306 pid1774 LMfd`libmapmalloc.so.1 malloc entry
|
|
|
76053 pid1774 LMfd`libc.so.1 malloc entry
|
|
|
84541 pid1774 libc.so.6 malloc entry
|
|
|
85794 pid1774 ld-linux-x86-64.so.2 malloc entry
|
|
|
}}}
|
|
|
|
|
|
|
|
|
== Bisecting ==
|
|
|
|
|
|
If you found a bug and want to start bisecting to find the exact commit which introduced the problem you have three major cases to consider.
|
|
|
|
|
|
=== The easy case ===
|
|
|
|
|
|
You found your bug is part of either Torbutton, Tor Launcher or HTTPS-Everywhere. In this case you check out the respective repository and do the usual bisecting there. To test the various revisions you can take a clean Tor Browser and load the .xpi's into it. Theoretically, this would work in the NoScript case as well but unfortunately there is no public version control system available and thus if you found a bug in NoScript you need to identify the version it showed first up manually and file a ticket.
|
|
|
|
|
|
=== The medium difficult case ===
|
|
|
|
|
|
Okay, you ruled out a bug in one of the extensions we ship and determined it got introduced by one of our Tor Browser patches or changes to the bundling/build process (testing whether the bug occurs in a corresponding vanilla Firefox is helpful here). The first thing you are doing now is finding out which Tor Browser version is the one that introduced the bug. Using the [https://archive.torproject.org/tor-package-archive/torbrowser/ Tor Browser archive] is a good starting point. If you found the culprit and the bug did not get introduced while switching to a new Firefox ESR (the next section deals with the switching case) chances are high that you don't need to bisect at all. Comparing the changelogs between the last version without the bug and the first version with the bug should be enough in this case. But if the changelogs don't ring a bell and you suspect this is a bug introduced by the build process/bundling looking at the changes introduced in the tor-browser-bundle repository between the two Tor Browser releases should reveal the bad commit. If the changelogs don't help and you suspect an issue with one or more of our Tor Browser patches you need to clone the tor-browser repository and do a normal bisect following the Partial Builds strategy outlined above between the last tor-browser patch of the good Tor Browser and the last tor-browser patch that got into the bad Tor Browser.
|
|
|
|
|
|
=== The tricky case ===
|
|
|
|
|
|
The patchset effectively did not change and you are only switching to a new ESR. There could be three reasons for the bad Tor Browser then. The first one: rebasing one or more patches went wrong. The second one: some change in the new ESR is causing the trouble. The third one: a combination of the first two. The strategy to deal with this group of cases is to rule out the first one (and thus the third one as well) and then narrow down the possible patches that could be affected by changes in the new ESR. These patches in turn are applied during bisecting the commits in the mozilla-central repository that made it into the bad Tor Browser.
|
|
|
|
|
|
=== Testing in TaskCluster ===
|
|
|
|
|
|
If you suspect there is an issue with Tor's toolchain, you can use Tor's toolchain in taskcluster relatively easily, like so: https://hg.mozilla.org/try/rev/bbee5fef95a86824e37a01162cc3ee0a56b1ed3a
|
|
|
|
|
|
== QA and Testing ==
|
|
|
|
|
|
Some automated tests are run on nightly builds, and new releases. The main page for the results is http://test-reports.tbb.torproject.org/reports/.
|
|
|
|
|
|
If you want to run the test suite yourself, read the [https://people.torproject.org/~boklm/tbbtests-doc/install.html installation instructions], and the [https://people.torproject.org/~boklm/tbbtests-doc/usage.html usage instructions]. You can also learn [https://people.torproject.org/~boklm/tbbtests-doc/new-test.html how to add a new test].
|
|
|
|
|
|
The different categories of tests we are running are described below.
|
|
|
|
|
|
=== Tor Browser Test Suite ===
|
|
|
|
|
|
This test suite contains a series of tests to check a Tor Browser Bundle. It is used to check different things:
|
|
|
|
|
|
- the binaries included in the bundle are correctly linked and compiled
|
|
|
- the tor daemon is working, with bridges, some pluggable transports and with an http proxy
|
|
|
- some mozill and selenium tests
|
|
|
|
|
|
The list of tests is defined in [https://gitweb.torproject.org/user/boklm/tor-browser-bundle-testsuite.git/tree/TBBTestSuite/TestSuite/BrowserBundleTests.pm TBBTestSuite/TestSuite/BrowserBundleTests.pm]. [https://people.torproject.org/~boklm/tbbtests-doc/new-test.html Documentation for adding new tests is available].
|
|
|
|
|
|
This test suite is automatically run in the following cases:
|
|
|
|
|
|
- when a new nightly build is available on https://people.torproject.org/~linus/builds/. An email of the results is sent to a list of people defined in config/linus-nightly. You can ask me if you want to be added to this list.
|
|
|
|
|
|
- when a new release is tagged on git and available on https://people.torproject.org/~user/builds/$version/. The result of the tests is emailed to tor-qa@lists.torproject.org.
|
|
|
|
|
|
- when a Tor Browser developer created a tbb-qa.yml file to request a build to be test. The result of the tests is emailed to the developer requesting the tests. See the section below for details about requesting tests on custum builds.
|
|
|
|
|
|
=== VirusTotal uploads ===
|
|
|
|
|
|
The Windows version of the Tor Browser .exe file is uploaded to virustotal.com to check it with different antivirus. All executable files included in the archive are also uploaded.
|
|
|
|
|
|
The uploads are automatically done in the following cases:
|
|
|
|
|
|
- when a new nightly build is available on https://people.torproject.org/~linus/builds/. The results are available on http://test-reports.tbb.torproject.org/reports/index-browserbundle_virustotal.html. No emails are sent at the moment (you can ask me if you are interested to receive them).
|
|
|
|
|
|
- when a new release is tagged on git and available on https://people.torproject.org/~user/builds/$version/. The results are sent to tor-qa@lists.torproject.org.
|
|
|
|
|
|
|
|
|
=== Browser Unit Tests ===
|
|
|
|
|
|
The Browser Unit Tests are the tests which are included in the Mozilla sources tree (xpcshell and mochitests). The Tor Browser patches can add new tests to be run. Before running those tests, we need to build the sources tree.
|
|
|
|
|
|
We are able to run those tests on a series of commits, and display the differences in the results between each commits and its ancestor.
|
|
|
|
|
|
It is not currently run automatically. In the future, it should be possible to specify a commit or branch to be tested, by editing the tbb-qa.yml file. Until then, you can ask me to edit the config file to test a specific branch or commit.
|
|
|
|
|
|
=== Rebasing Tests ===
|
|
|
|
|
|
A prototype for a rebasing tests has been made. The goal is to try to automatically rebase all Tor Browser patches on the master branch of gecko-dev.
|
|
|
|
|
|
It is not yet run automatically.
|
|
|
|
|
|
== Requesting testing of a custom build using the tbb-qa.yml file ==
|
|
|
|
|
|
To request a custom build to be tested, you need an account on people.torproject.org and be listed in the [https://gitweb.torproject.org/user/boklm/tor-browser-bundle-testsuite.git/tree/config/testrequests config/testrequests] file (ask me if you want to be added).
|
|
|
|
|
|
Upload your build to perdulce in directory ~public_html/builds/x.y.z-featureA
|
|
|
|
|
|
Create a file public_html/builds/tbb-qa.yml with permission 744 and a list of build directory names using the YAML syntax:
|
|
|
{{{
|
|
|
---
|
|
|
- x.y.z-featureA
|
|
|
}}}
|
|
|
|
|
|
You should receive an email on your @torproject.org email address when the tests finished running. Make sure to include a proper sha256sums.txt file and its signature in the respective build directory.
|
|
|
|
|
|
The tbb-qa.yml file can also be used to request other types of tests. Instead of adding a string which is a directory name in your builds directory, you can add a hash table containing the options for your test requests and a 'type' key containing the type of tests you want to run.
|
|
|
|
|
|
For instance the following tbb-qa.yml file can be used to request a test of type 'browserunit' (Tor Browser unit tests) on a specific commit:
|
|
|
{{{
|
|
|
---
|
|
|
- type: browserunit
|
|
|
commit: e1a8bafb44367592b
|
|
|
}}}
|
|
|
|
|
|
The following types of tests are available:
|
|
|
|
|
|
=== Tor Browser Unit Tests (xpcshell and mochitest) ===
|
|
|
|
|
|
type name: browserunit
|
|
|
|
|
|
Options:
|
|
|
|
|
|
- commit: the commit that you want to build and run tests on. This can be a commit hash, tag or branch.
|
|
|
- esr_branch: using this option means that you want all commits from the Mozilla ESR branch to the selected commit to be tested. Example: esr31.
|
|
|
- git_url: the URL of the git repository containing the selected commit. If unspecified, https://git.torproject.org/tor-browser.git is used by default.
|
|
|
|
|
|
=== Android ===
|
|
|
|
|
|
There are two supported way for testing (and developing) Tor Browser on Android.
|
|
|
- Command line
|
|
|
Mozilla provide support for building and running the test suits on an emulator or a device via `mach`. This is the easiest and most straight forward method right now.
|
|
|
|
|
|
- Android Studio
|
|
|
Android Studio provides a nice IDE for developing Android Apps. You can follow the initial build instructions for Android on this page, and then go to Mozilla's [[https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/Build_Instructions/Simple_Firefox_for_Android_build#Developing_Firefox_for_Android_in_Android_Studio|Android Studio instructions]] section: `Developing Firefox for Android in Android Studio`. Following those instructions should get you up and running.
|
|
|
|
|
|
A note on Android emulators. Mozilla Fennec required the ARM processor support [[https://developer.android.com/ndk/guides/cpu-arm-neon|NEON]]. Unfortunately, it seems like Android kernels compiled for older APIs don't support this (?). It's annoying. As an example, compare the CPU Features:
|
|
|
|
|
|
a stock `armeabi-v7a` API 18 emulator does not support that extension:
|
|
|
{{{
|
|
|
root@generic:/ # uname -a
|
|
|
/system/bin/sh: uname: not found
|
|
|
126|root@generic:/ # cat /proc/sys/kernel/osrelease
|
|
|
3.10.0+
|
|
|
root@generic:/ # cat /proc/sys/kernel/ostype
|
|
|
Linux
|
|
|
root@generic:/ # cat /proc/sys/kernel/version
|
|
|
#8 SMP PREEMPT Mon May 23 14:53:39 PDT 2016
|
|
|
root@generic:/ # cat /proc/sys/kernel/hostname
|
|
|
localhost
|
|
|
root@generic:/ # cat /proc/cpuinfo
|
|
|
processor : 0
|
|
|
model name : ARMv7 Processor rev 1 (v7l)
|
|
|
BogoMIPS : 125.00
|
|
|
Features : swp half thumb fastmult vfp edsp vfpv3 tls vfpv4 idiva idivt vfpd32 evtstrm
|
|
|
CPU implementer : 0x41
|
|
|
CPU architecture: 7
|
|
|
CPU variant : 0x2
|
|
|
CPU part : 0xc0f
|
|
|
CPU revision : 1
|
|
|
|
|
|
Hardware : Dummy Virtual Machine
|
|
|
Revision : 0000
|
|
|
Serial : 0000000000000000
|
|
|
}}}
|
|
|
|
|
|
a stock `armeabi-v7a` API 24 emulator does support that extension:
|
|
|
|
|
|
{{{
|
|
|
generic:/ $ uname -a
|
|
|
Linux localhost 3.10.0+ #1 SMP PREEMPT Wed May 18 00:25:13 UTC 2016 armv7l
|
|
|
generic:/ $ cat /proc/cpuinfo
|
|
|
processor : 0
|
|
|
model name : ARMv7 Processor rev 1 (v7l)
|
|
|
BogoMIPS : 125.00
|
|
|
Features : swp half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 evtstrm
|
|
|
CPU implementer : 0x41
|
|
|
CPU architecture: 7
|
|
|
CPU variant : 0x2
|
|
|
CPU part : 0xc0f
|
|
|
CPU revision : 1
|
|
|
|
|
|
Hardware : Dummy Virtual Machine
|
|
|
Revision : 0000
|
|
|
Serial : 0000000000000000
|
|
|
}}}
|
|
|
|
|
|
= FPCentral =
|
|
|
|
|
|
FPCentral is a tool which was created by [https://plaperdr.github.io/ Pierre Laperdrix] as a Google Summer of Code project. We use this tool to detect changes in the fingerprint of new Tor Browser releases.
|
|
|
|
|
|
An instance of FPCentral is available at the following URL: https://fpcentral.tbb.torproject.org/
|
|
|
|
|
|
The git repository containing the sources is at: https://gitweb.torproject.org/fpcentral.git/
|
|
|
|
|
|
The tests for the different fingerprint attributes are defined in the [https://gitweb.torproject.org/fpcentral.git/tree/fingerprint/attributes fingerprint/attributes directory]. If you want to add a new test, you will need to create a javascript file containing a function returning an attribute value, and a json file describing this attribute. See the [https://gitweb.torproject.org/fpcentral.git/tree/fingerprint/attributes/README.md README.md file] for more details.
|
|
|
|
|
|
When you run the [https://fpcentral.tbb.torproject.org/fp fingerprint tests] using Tor Browser, it should tell you if all attributes have an acceptable value. The list of acceptable values for each attribute is defined in [https://gitweb.torproject.org/fpcentral.git/tree/fingerprint/acceptable/torbrowser70.json the fingerprint/acceptable/torbrowser70.json file]. When adding a new attribute definition, you should also define an acceptable value in this file.
|
|
|
|
|
|
= Adding New Default Bridges =
|
|
|
|
|
|
The [https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam anti-censorship team] takes care of adding, maintaining, and monitoring default bridges. There's a [https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/DefaultBridges wiki page] that details the process of adding default bridges to Tor Browser.
|
|
|
|
|
|
= Other Resources = |