tor-browser-build issueshttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues2024-01-09T14:59:40Zhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41032Add command to compare sha256sums-unsigned-build.txt from local build and dow...2024-01-09T14:59:40ZboklmAdd command to compare sha256sums-unsigned-build.txt from local build and downloaded buildFor #40997, in order to make it easier to check that a local build is
matching the published build, we can add some commands that will:
- download published build from archive.tpo
- compare `sha256sums-unsigned-build.txt` and
`sha256su...For #40997, in order to make it easier to check that a local build is
matching the published build, we can add some commands that will:
- download published build from archive.tpo
- compare `sha256sums-unsigned-build.txt` and
`sha256sums-unsigned-build.incrementals.txt` from local and downloaded
builds
- compare signed and unsigned exe files (#41030)
- compare signed and unsigned mar files (#41031)boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41019Sign dmg files2024-01-09T14:56:01ZboklmSign dmg filesWe are currently signing the content of dmg files, but not the dmg file
itself.We are currently signing the content of dmg files, but not the dmg file
itself.boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41012Create a script to produce a graph representation of dependencies2024-01-09T15:00:54ZPier Angelo VendrameCreate a script to produce a graph representation of dependenciesFrom tpo/community/hackweek#25: we could create a script to produce a visual representation of our dependencies.From tpo/community/hackweek#25: we could create a script to produce a visual representation of our dependencies.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40999Do not enable CookieAuthentication by default2023-11-06T21:21:28ZPier Angelo VendrameDo not enable CookieAuthentication by defaultA use pointed out that [Mullvad suggests disabling](https://mullvad.net/en/help/tor-and-mullvad-vpn/) `CookieAuthentication`.
I think they're right: we will enable `CookieAuthentication` when needed (i.e., the user asked for it via envi...A use pointed out that [Mullvad suggests disabling](https://mullvad.net/en/help/tor-and-mullvad-vpn/) `CookieAuthentication`.
I think they're right: we will enable `CookieAuthentication` when needed (i.e., the user asked for it via environment variables), and in general, from `man tor` (emphasis mine):
> **CookieAuthentication 0|1**
>
> If this option is set to 1, allow connections on the control port when the connecting process knows the contents of a file named "control_auth_cookie", which Tor will create in its data directory. **This authentication method should only be used on systems with good filesystem security.** (Default: 0)https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40997Document how to verify reproducibility of build of a mullvad/tor browser release2023-11-30T11:45:24ZboklmDocument how to verify reproducibility of build of a mullvad/tor browser releaseI think many users don't know that our builds are reproducible, or how
they can rebuild to verify that they get a matching build.
We could generate a `reproducible-build.txt` file in the release
directory containing the following inform...I think many users don't know that our builds are reproducible, or how
they can rebuild to verify that they get a matching build.
We could generate a `reproducible-build.txt` file in the release
directory containing the following informations:
- which git repository to clone
- which commit to checkout
- which command to use to start the build
- which sha256sums to expect after the build finished
- how to remove embedded signatures from exe and mar files we publish
to check that they match the unsigned buildboklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40996Do not version the .nobackup files2023-11-01T18:02:15ZPier Angelo VendrameDo not version the .nobackup filesThe patch to add `.nobackup` files messes up some configurations that were possibile before when some directories were completely ignored by git.
We should revert it and create the various `.nobackup` files with RBM instead (or have the...The patch to add `.nobackup` files messes up some configurations that were possibile before when some directories were completely ignored by git.
We should revert it and create the various `.nobackup` files with RBM instead (or have the people create a `.nobackup` files manually in the root of their clones).boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40994Add support in do-all-signing to sign release for some archs only2023-12-07T13:28:57ZboklmAdd support in do-all-signing to sign release for some archs onlyCurrently when we want to sign a release for some of the platforms only,
we need to comment some steps in `do-all-signing`. We should add some
options to make it easier to disable/enable signing of some of the
platforms.Currently when we want to sign a release for some of the platforms only,
we need to comment some steps in `do-all-signing`. We should add some
options to make it easier to disable/enable signing of some of the
platforms.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40988Make tool to compare signed and unsigned dmg2023-11-16T12:21:47ZboklmMake tool to compare signed and unsigned dmgSince macos code signing is modifying binary files to embed code
signatures, it is not easy to check that the dmg from our reproducible
build and the signed dmg we publish are the same apart from the
signatures.
I think we could make a ...Since macos code signing is modifying binary files to embed code
signatures, it is not easy to check that the dmg from our reproducible
build and the signed dmg we publish are the same apart from the
signatures.
I think we could make a tool to compare a signed and unsigned dmg.
It seems there is a `codesign --remove-signature` command that can be
used on macos to remove signatures. I don't know if the same can be done
on linux.
Maybe `rcodesign compute-code-hashes` can also help for that.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40955Translate the Windows installer2024-01-12T09:26:02ZPier Angelo VendrameTranslate the Windows installerWe have a few strings in the NSIS installer that we don't translate.
NSIS itself doesn't have a nice way to create translations: we'd need to load strings at build time from a standard language and include them in the script.
See [Crea...We have a few strings in the NSIS installer that we don't translate.
NSIS itself doesn't have a nice way to create translations: we'd need to load strings at build time from a standard language and include them in the script.
See [Creating language files and integrating with MUI](https://nsis.sourceforge.io/Creating_language_files_and_integrating_with_MUI) and [`LangString`](https://nsis.sourceforge.io/Reference/LangString).https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40819Sign macOS tor executables in tor expert bundle2023-08-22T20:10:21ZsebSign macOS tor executables in tor expert bundleI'm trying to use the tor executable and pluggable transports from the tor expert bundle while porting briar-desktop to macOS. I've seen https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40397 and thanks for creat...I'm trying to use the tor executable and pluggable transports from the tor expert bundle while porting briar-desktop to macOS. I've seen https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40397 and thanks for creating the tor expert bundle in the first place!
It looks like the `tor` executable shipped with the expert bundle is not signed. As a result, I cannot run it as a subprocess from within the JVM. I've started debugging this and it looks like it doesn't have anything to do with the way we use `ProcessBuilder` to launch the executable on the JVM (everything works fine when I use the `tor.real` executable shipped with the TorBrowser DMG package). Taking the JVM side of things out of the picture, when I try to run `./tor` from the expert bundle on the shell, I do get this:
```
zsh: killed ./tor
```
It might also show a popup notifying me about the fact that the developer of the executable cannot be verified with the options in the dialog to either move it to trash or cancel the operation.
The executable shipped in the TorBrowser DMG packages works fine however. I wasn't sure it's actually the executable itself that is signed or if the OS keeps track of the DMG it has been extracted from (which is signed itself). So I extracted the file on a Linux machine and transferred it to a macOS machine that had never seen that file or TorBrowser before. I was still able to run `tor.real` successfully there.
This makes me wonder: would it be desirable from your point of view and technically possible to sign the executables shipped with the expert bundle the same way the ones from the TorBrowser distribution are?boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40815Include platform details in some artifact filenames2024-01-10T08:30:59ZPier Angelo VendrameInclude platform details in some artifact filenamesSome artifacts are tied to a certain platform (e.g., Mingw, Rust, etc).
Sometimes knowing it at a glance could be useful (e.g., when reusing these artifacts outside tor-browser-build, e.g., to create a container for local incremental bu...Some artifacts are tied to a certain platform (e.g., Mingw, Rust, etc).
Sometimes knowing it at a glance could be useful (e.g., when reusing these artifacts outside tor-browser-build, e.g., to create a container for local incremental builds).
We could do that when updating the toolchains for the next ESR.
List of artifacts to fix:
- [x] ~~`mingw-w64-clang`~~ -> switched to single package for both 32-bit and 64-bit
- [x] Rust
- [ ] Binutilshttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40785Add some step in the signing process to check that we have two matching builds2023-11-01T19:18:10ZboklmAdd some step in the signing process to check that we have two matching buildsChecking that we have two matching builds currently needs to be done manually before starting the signing process.
We can add add some step in the signing process to check that `sha256sums-unsigned-build.txt` has been signed by two people.Checking that we have two matching builds currently needs to be done manually before starting the signing process.
We can add add some step in the signing process to check that `sha256sums-unsigned-build.txt` has been signed by two people.boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40700provide the list of architectures as a json2023-08-28T16:17:12Zmeskiomeskio@torproject.orgprovide the list of architectures as a jsonNow that the downloads.json is splited by architecture (#40254) it will be really useful for the consumers (like gettor) of those files to be able to retrieve the full list of architectures.Now that the downloads.json is splited by architecture (#40254) it will be really useful for the consumers (like gettor) of those files to be able to retrieve the full list of architectures.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40684In nightly builds, only do git fetch for projects which use a branch2023-01-05T12:56:36ZboklmIn nightly builds, only do git fetch for projects which use a branchIn nightly, we currently set `fetch: 1` globally, which mean do a `git fetch` for all projects, including those which don't use a branch (and for which a `git fetch` is useless).
Since there is only a small number of projects where we u...In nightly, we currently set `fetch: 1` globally, which mean do a `git fetch` for all projects, including those which don't use a branch (and for which a `git fetch` is useless).
Since there is only a small number of projects where we use a branch, I think we could set `fetch: 1` for those projects only.Sponsor 131 - Phase 4 - Browser Release Managementboklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40647Generate downloads.json files for nightly builds2023-11-01T18:02:51ZboklmGenerate downloads.json files for nightly buildsWe currently don't generate `downloads.json` files in https://nightlies.tbb.torproject.org/nightly-updates/updates/ (`create_downloads_json` is not set in `tools/signing/nightly/update-responses-base-config.yml`).
For easier testing of ...We currently don't generate `downloads.json` files in https://nightlies.tbb.torproject.org/nightly-updates/updates/ (`create_downloads_json` is not set in `tools/signing/nightly/update-responses-base-config.yml`).
For easier testing of changes to this file (for example for multi-locales builds, #40254 and #40110), we should generate them.Sponsor 131 - Phase 3 - Major ESR 102 Migrationboklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40618Add support for android-only and desktop-only releases in do-all-signing2023-11-01T19:17:53ZboklmAdd support for android-only and desktop-only releases in do-all-signingIn `tools/signing/set-config.tbb-version` we should add some option to say if a release is desktop-only, or android-only, and make `do-all-signing` only run the steps relevant for desktop or android in those cases.In `tools/signing/set-config.tbb-version` we should add some option to say if a release is desktop-only, or android-only, and make `do-all-signing` only run the steps relevant for desktop or android in those cases.Sponsor 131 - Phase 4 - Browser Release Managementboklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40601Windows installer should warn when user selects a system folder2022-08-15T21:54:56ZLunarWindows installer should warn when user selects a system folderThe Tor Browser is meant to be run from a user-writable folder. It might or might not work properly when installed in `C:\Programs` for example. The Windows installer should warn users that they are likely to run into problems when they ...The Tor Browser is meant to be run from a user-writable folder. It might or might not work properly when installed in `C:\Programs` for example. The Windows installer should warn users that they are likely to run into problems when they select system folders as where to install the Tor Browser.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40578Add README to Tor Browser2023-01-05T14:22:24ZtraumschuleAdd README to Tor BrowserI am struck that there is none.
```
tor-browser8.5a1$ find |grep -i readme
./Browser/TorBrowser/Docs/Obfsproxy/README
./Browser/TorBrowser/Docs/fteproxy/README.md
./Browser/TorBrowser/Docs/meek/README
./Browser/TorBrowser/Docs/libfte/RE...I am struck that there is none.
```
tor-browser8.5a1$ find |grep -i readme
./Browser/TorBrowser/Docs/Obfsproxy/README
./Browser/TorBrowser/Docs/fteproxy/README.md
./Browser/TorBrowser/Docs/meek/README
./Browser/TorBrowser/Docs/libfte/README.md
./Browser/TorBrowser/Docs/snowflake/README.md
```https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40564Sign Tor Browser Windows binaries (not just the setup executable)2023-06-30T09:00:48ZGeorg KoppenSign Tor Browser Windows binaries (not just the setup executable)Mozilla is doing the signing of Firefox binaries for a while now, beyond providing signatures for the setup executable. https://blogs.msdn.com/b/ieinternals/archive/2011/03/22/authenticode-code-signing-for-developers-for-file-downloads-b...Mozilla is doing the signing of Firefox binaries for a while now, beyond providing signatures for the setup executable. https://blogs.msdn.com/b/ieinternals/archive/2011/03/22/authenticode-code-signing-for-developers-for-file-downloads-building-smartscreen-application-reputation.aspx has some things to say about that.Sponsor 131 - Phase 4 - Browser Release Managementhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40563Start using a maintained version of osslsigncode for our authenticode signing2023-01-05T12:46:01ZGeorg KoppenStart using a maintained version of osslsigncode for our authenticode signing`osslsigncode` on SoureForge seems to be dead for a while now. It's worth switching to a maintained version, e.g. [mtrojnar's](https://github.com/mtrojnar/osslsigncode) one.`osslsigncode` on SoureForge seems to be dead for a while now. It's worth switching to a maintained version, e.g. [mtrojnar's](https://github.com/mtrojnar/osslsigncode) one.