Add step to remove Android test artifacts (added in
#41342) that we don't need to publish on dist.tpo.

Cecylia Bocovich authored 3 months ago and morgan committed 3 months ago

A small update to the CDN url to point to the right default bridge.

meskio authored 3 months ago and morgan committed 3 months ago

Azure might stop supporting Domain Fronting from Januar 15, let's add a
second meek bridge so there is an alternative to it when it gets
blocked.

* Related: tpo/anti-censorship/team#155

boklm authored 3 months ago and morgan committed 3 months ago

When abi 4.0 file not available, loading the apparmor profile is failing.
But the profile is only useful on Ubuntu 24.04 (and later), where the
abi 4.0 file is present.

We're doing something similar to:
https://github.com/CollaboraOnline/online/commit/5f7b37c7412c3e1d81d9c50a0ff8388087839f60

Cecylia Bocovich authored 3 months ago and morgan committed 3 months ago

This removes STUN servers that are unreliable or no longer support NAT
behaviour discovery, and adds a few new servers.

Recent versions of 7z fail to extract our dmg files since the
`Applications` symlink points outside the archive:
https://sourceforge.net/p/sevenzip/discussion/45797/thread/9f5b067368/?page=1&limit=50#2c78

We exclude the `Applications` symlink to avoid the issue. We don't need
it since it is not included in the mar file.

- fix legacy torbrowser mar generation

The .nobackup files prevent from creating symlinks between clones,
which is useful for several use cases (multiple clones, directories
in different drives, etc...).

A .nobackup in the root will not interfere with symlinks anymore, and
we think it is acceptable, as a repo will probably be in sync with
GitLab or something similar.
git update-index --assume-unchanged can help if someone wants to
remove the .nobackup.

- Revert this patch once Mullvad Browser 14.0 reaches stable

boklm authored 4 months ago and morgan committed 4 months ago

Use a separate entitlements file for signing the tor binary, with
`com.apple.security.cs.allow-unsigned-executable-memory` enabled.

--tor-browser enabled also Mullvad Browser, probably because of a
copy-paste error.

MozBug 1924022 introduced a dependency on the Python built-in SSL
module.
This caused an error in our Linux builds, because we run them in a very
old version of Debian that still uses OpenSSL 1.1.0, which is not
compatible with Python SSL module since Python 3.10.
The less intrusive way to resolve this is to downgrade to Python 3.9.x,
which is still supported by all our projects.

Also, switch to hashes to verify the Python source tarball, as the
Python Software Foundation often rotates keys, which reduces the
advantages of verifying the signature rather than the hash for us.

Co-authored-by: Pier Angelo Vendrame <pierov@torproject.org>

If we detect the tag we would use for build does not match the HEAD of
the branch we are using, bump it preemptively.
Normally, we would add that tag when ready to build, so this change
can help us in case we forget to.
If the script is overzealous, we can change the build number before
committing.

This commits implements --include-from to get linked issues from many
issues (potentially all the alpha release preps).
It also implements --exclude-from to avoid including issues that were
already linked to other rel preps (potentially the previous stables).

Also, make sure to look only for currently open issues, otherwise all
the various alpha relpreps would be matched when specifying the version
number.