The .nobackup files prevent from creating symlinks between clones,
which is useful for several use cases (multiple clones, directories
in different drives, etc...).

A .nobackup in the root will not interfere with symlinks anymore, and
we think it is acceptable, as a repo will probably be in sync with
GitLab or something similar.
git update-index --assume-unchanged can help if someone wants to
remove the .nobackup.

Since 1e151f80 those parameters are no
longer used.

NoisyCoil authored 4 months ago and boklm committed 4 months ago

Also, add a 'browser-all-target' target to make this possible.

Co-authored-by: Nicolas Vigier <boklm@torproject.org>

- added directions on using the ./tools/browser/sign-tag script
- removed some extraneous checkboxes
- made Run: directives consistent
- fixed some typos

boklm authored 5 months ago and morgan committed 5 months ago

Use a separate entitlements file for signing the tor binary, with
`com.apple.security.cs.allow-unsigned-executable-memory` enabled.

Use the `exec_noco` option added in rbm#40006.

boklm authored 5 months ago and morgan committed 5 months ago

Add missing step when manually deploying update responses for
legacy-only release.

boklm authored 5 months ago and morgan committed 5 months ago

Update self-review template to add torbrowser_legacy vars to rbm.conf,
and remove firefox-android.

The lack of fonts.conf cannot be handled only with Firefox preferences,
therefore we decided to move the configuration files to the browser
repository. This will partially mitigate the fingerprint differences of
users that do not start the browser in the correct way.

- no 'legacy' rule for website (as legacy bins will only be available on dist.torproject.org)
- we make a blog post for legacy channel, but no website update

--tor-browser enabled also Mullvad Browser, probably because of a
copy-paste error.

MozBug 1924022 introduced a dependency on the Python built-in SSL
module.
This caused an error in our Linux builds, because we run them in a very
old version of Debian that still uses OpenSSL 1.1.0, which is not
compatible with Python SSL module since Python 3.10.
The less intrusive way to resolve this is to downgrade to Python 3.9.x,
which is still supported by all our projects.

Also, switch to hashes to verify the Python source tarball, as the
Python Software Foundation often rotates keys, which reduces the
advantages of verifying the signature rather than the hash for us.

Also, bump the browser version from 14.0 to 14.5.

If we detect the tag we would use for build does not match the HEAD of
the branch we are using, bump it preemptively.
Normally, we would add that tag when ready to build, so this change
can help us in case we forget to.
If the script is overzealous, we can change the build number before
committing.

This commits implements --include-from to get linked issues from many
issues (potentially all the alpha release preps).
It also implements --exclude-from to avoid including issues that were
already linked to other rel preps (potentially the previous stables).

Also, make sure to look only for currently open issues, otherwise all
the various alpha relpreps would be matched when specifying the version
number.