tor-browser-build issueshttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues2023-04-03T12:47:53Zhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40710Provide the Tor Expert Bundle for Windows as a *.zip archive2023-04-03T12:47:53Zcomputer_freakProvide the Tor Expert Bundle for Windows as a *.zip archiveThe [Expert Bundle](https://www.torproject.org/download/tor/) for Windows prior to Tor Browser 12.0 was a `*.zip` archive.\
Now it's a `*.tar.gz` archive.
Native Windows can unpack `*.zip` archives but doesn't know what to do with `.tar...The [Expert Bundle](https://www.torproject.org/download/tor/) for Windows prior to Tor Browser 12.0 was a `*.zip` archive.\
Now it's a `*.tar.gz` archive.
Native Windows can unpack `*.zip` archives but doesn't know what to do with `.tar.gz`.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40275Add an option to create a tmpfs in the build container, and do part of the bu...2023-01-05T12:56:40ZboklmAdd an option to create a tmpfs in the build container, and do part of the build inside the tmpfsI think we could add an option to create a tmpfs in the build container, with size configurable for each component. And then use this tmpfs for some parts of the build, if this makes the build faster.I think we could add an option to create a tmpfs in the build container, with size configurable for each component. And then use this tmpfs for some parts of the build, if this makes the build faster.boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40570Don't include version information in GeckoView project2022-12-22T10:58:23ZGeorg KoppenDon't include version information in GeckoView projectWe include Tor Browser version information when building the Firefox
part, e.g. in order to get the (incremental) update files right (see:
tor-browser-build#18326) or before accessing the profile has been loaded (see: tor-browser-build#1...We include Tor Browser version information when building the Firefox
part, e.g. in order to get the (incremental) update files right (see:
tor-browser-build#18326) or before accessing the profile has been loaded (see: tor-browser-build#18325).
But that should not be needed when building the GeckoView .aar as the
application parts move to Fenix.
We should investigate and fix that as not needing to rebuild the whole
GeckoView for Android could speed up our mobile releases a lot in case we
need to get new ones out fast due to GeckoView unrelated reasons.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40080Bundle Python binary on Windows2023-01-05T12:35:02ZJeremyRandBundle Python binary on WindowsNamecoin (specifically Electrum-NMC) currently requires Python 3.6+, which is not installed by default on Windows. We punt the issue in https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_requests/39 by making the u...Namecoin (specifically Electrum-NMC) currently requires Python 3.6+, which is not installed by default on Windows. We punt the issue in https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_requests/39 by making the user install Python themselves, but this isn't great UX. We should look into bundling a Python 3.6+ binary with Tor Browser for Windows when building with Namecoin is enabled.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40059Ship tor.exe with an application manifest2022-12-22T11:02:42ZGeorg KoppenShip tor.exe with an application manifestWe should ship `tor.exe` with an application manifest as it launched and run by us. The browser part is essentially using the one Mozilla provides by `firefox.exe.manifest`. See: tpo/core/tor#22450 for more context.We should ship `tor.exe` with an application manifest as it launched and run by us. The browser part is essentially using the one Mozilla provides by `firefox.exe.manifest`. See: tpo/core/tor#22450 for more context.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40024Enable Namecoin on macOS2022-12-22T10:54:29ZJeremyRandEnable Namecoin on macOSCurrently, Namecoin is only enabled on GNU/Linux targets; it would be useful to enable it on macOS targets as well, so that macOS users can test the Namecoin support in Nightly without installing a GNU/Linux VM.
(Originally [requested](...Currently, Namecoin is only enabled on GNU/Linux targets; it would be useful to enable it on macOS targets as well, so that macOS users can test the Namecoin support in Nightly without installing a GNU/Linux VM.
(Originally [requested](https://old.reddit.com/r/Namecoin/comments/hbf9fq/we_need_more_testers_for_the_namecoin_tor_browser/fva504w/) by mjgill89 on Reddit.)https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40023Namecoin support doesn't stay enabled after an auto-update until restarted2022-12-22T15:47:47ZJeremyRandNamecoin support doesn't stay enabled after an auto-update until restartedIt appears that Tor Browser's auto-update functionality interferes with Namecoin support. When Tor Browser offers to install an update and restart, the Tor daemon is restarted, which causes StemNS to lose its control port connection. S...It appears that Tor Browser's auto-update functionality interferes with Namecoin support. When Tor Browser offers to install an update and restart, the Tor daemon is restarted, which causes StemNS to lose its control port connection. Since StemNS is only launched by the Bash launcher, and the Bash launcher doesn't seem to get re-executed when Tor Browser restarts after an update, Namecoin ends up being disabled until Tor Browser is manually restarted (via the Bash launcher).https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40022Enable Namecoin on Windows2023-01-05T12:37:57ZJeremyRandEnable Namecoin on WindowsCurrently, Namecoin is only enabled on GNU/Linux targets; it would be useful to enable it on Windows targets as well, so that Windows users can test the Namecoin support in Nightly without installing a GNU/Linux VM.
(Originally [request...Currently, Namecoin is only enabled on GNU/Linux targets; it would be useful to enable it on Windows targets as well, so that Windows users can test the Namecoin support in Nightly without installing a GNU/Linux VM.
(Originally [requested](https://old.reddit.com/r/Namecoin/comments/hbf9fq/we_need_more_testers_for_the_namecoin_tor_browser/fva504w/) by mjgill89 on Reddit.)https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/34356Consider bundling Python binary on GNU/Linux2023-01-05T15:02:07ZJeremyRandConsider bundling Python binary on GNU/LinuxNamecoin (specifically Electrum-NMC) currently requires Python 3.6+, which is not yet universally available. To avoid incompatibility issues on older GNU/Linux distros, it may be worth considering bundling a Python 3.6+ binary with Tor ...Namecoin (specifically Electrum-NMC) currently requires Python 3.6+, which is not yet universally available. To avoid incompatibility issues on older GNU/Linux distros, it may be worth considering bundling a Python 3.6+ binary with Tor Browser when building with Namecoin is enabled.
(This would have also avoided legacy/trac#33749.)https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/34046Sign commits with gpg2023-01-05T15:06:47ZboklmSign commits with gpgAs discussed in ticket:25102#comment:20, we should sign all top commits from branches that are used in nightly builds.As discussed in ticket:25102#comment:20, we should sign all top commits from branches that are used in nightly builds.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40563Start using a maintained version of osslsigncode for our authenticode signing2023-01-05T12:46:01ZGeorg KoppenStart using a maintained version of osslsigncode for our authenticode signing`osslsigncode` on SoureForge seems to be dead for a while now. It's worth switching to a maintained version, e.g. [mtrojnar's](https://github.com/mtrojnar/osslsigncode) one.`osslsigncode` on SoureForge seems to be dead for a while now. It's worth switching to a maintained version, e.g. [mtrojnar's](https://github.com/mtrojnar/osslsigncode) one.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40556Show the Tor Browser version number on f-droid (instead of firefox version)2022-08-02T12:17:24ZboklmShow the Tor Browser version number on f-droid (instead of firefox version)It seems that some users are confused by the version number that is shown on f-droid:
https://blog.torproject.org/comment/285989#comment-285989
It looks like the version number that is shown is the Firefox version on which it is based, ...It seems that some users are confused by the version number that is shown on f-droid:
https://blog.torproject.org/comment/285989#comment-285989
It looks like the version number that is shown is the Firefox version on which it is based, instead of the Tor Browser version.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40555Ship some build with debug logs enabled2023-01-05T14:29:59ZMatthew FinkelShip some build with debug logs enabledThere are safety concerns with enabling highly verbose logging on clients, and there are some additional questions we'll need to answer such as whether we disable safe logging (I suspect we should leave it enabled).
The goal is providin...There are safety concerns with enabling highly verbose logging on clients, and there are some additional questions we'll need to answer such as whether we disable safe logging (I suspect we should leave it enabled).
The goal is providing a build that allows easier debugging of connectivity problems. Maybe we should provide another bundle, as a troubleshooting build, instead of re-purposing nightly or alpha.
I can see this being useful for all platforms, but this is specifically needed on Android because it isn't possible to customize the torrc (see legacy/trac#29031).
In this build imagine setting tor INFO logging, and configuring obfs4proxy with `-enableLogging`. Somehow we'll need to give easy access to `obfs4proxy.log`, as well.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/32523Consider building tor-browser-build containers with Bitcoin Core's Guix-based...2023-01-05T14:20:28ZJeremyRandConsider building tor-browser-build containers with Bitcoin Core's Guix-based systemBitcoin Core recently merged a PR from Carl Dong (from Chaincode Labs) that allows building Bitcoin Core using containers that are constructed via GNU Guix, instead of using an OS ISO or debootstrap. This provides better security agains...Bitcoin Core recently merged a PR from Carl Dong (from Chaincode Labs) that allows building Bitcoin Core using containers that are constructed via GNU Guix, instead of using an OS ISO or debootstrap. This provides better security against supply-chain attacks by reducing the amount of trusted binary code used to bootstrap the build system. Bitcoin Core intends to use Carl's system as a replacement for Gitian.
It would be interesting to investigate whether tor-browser-build could transition to constructing its containers via Bitcoin Core's new system instead of using debootstrap.
A talk that Carl gave at Breaking Bitcoin about the new system is here:
https://www.youtube.com/watch?v=I2iShmUTEl8
A transcript of Carl's talk (transcribed by Bryan Bishop) is here:
https://diyhpl.us/wiki/transcripts/breaking-bitcoin/2019/bitcoin-build-system/
Here's the PR that Carl submitted to Bitcoin Core:
https://github.com/bitcoin/bitcoin/pull/15277
And here's the documentation in Bitcoin Core's master branch:
https://github.com/bitcoin/bitcoin/tree/master/contrib/guix
GNU/Linux targets are already working and are merged; macOS and Windows are working as well but I think Carl hasn't gotten those merged to Bitcoin Core yet. I have no idea what the situation is with Android/Linux.
Bitcoin Core isn't yet using Carl's system to build their official binaries, so it might be wise for Tor to let Bitcoin Core torture-test the code a bit in production first, but it does look like a very nice system, and it would be great to see it used for Tor Browser in the future.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40548Investigate using Snaps2023-08-21T18:08:20ZMatthew FinkelInvestigate using SnapsShould we distribute Tor Browser as a snap?
https://snapcraft.io/Should we distribute Tor Browser as a snap?
https://snapcraft.io/https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/31133Build Tor Browser with PGO enabled on Linux2023-01-05T14:15:04ZGeorg KoppenBuild Tor Browser with PGO enabled on LinuxMozilla is publishing the PGO profiles for Linux at least (Windows is supposed to follow with Firefox 69 and macOS has no PGO) and the build as of Firefox 68 is still reproducible (including LTO): https://glandium.org/blog/?p=3923.
We s...Mozilla is publishing the PGO profiles for Linux at least (Windows is supposed to follow with Firefox 69 and macOS has no PGO) and the build as of Firefox 68 is still reproducible (including LTO): https://glandium.org/blog/?p=3923.
We should try this out for performance improvements.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/29318Drop mingw-w64/gcc toolchain2024-01-10T13:32:54ZGeorg KoppenDrop mingw-w64/gcc toolchainThis ticket is the parent ticket for all things related to dropping the mingw-w64/gcc toolchain in favor of our new mingw-w64/clang one.This ticket is the parent ticket for all things related to dropping the mingw-w64/gcc toolchain in favor of our new mingw-w64/clang one.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40579Check for `file` command in Tor Browser start script before using it2022-07-13T23:34:14ZGeorg KoppenCheck for `file` command in Tor Browser start script before using itIn `start-tor-browser` we do
```
SYSARCHITECTURE=$(getconf LONG_BIT)
TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
complain "Wrong architecture? 32-...In `start-tor-browser` we do
```
SYSARCHITECTURE=$(getconf LONG_BIT)
TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
complain "Wrong architecture? 32-bit vs. 64-bit."
exit 1
fi
```
to bail out early in case users have downloaded a bundle for the wrong architecture. Now, it turns out that there are Linux distros out there (NixOS seems to be one of those) that don't find `file` that way. A fix for that would be to check for the existence of `file` and if we can't find it to note that we assume the user knows what they are doing and proceed anyway.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/28782Use Path::Tiny instead of File::Slurp in tools/clean-old and tools/dmg2mar2023-01-05T14:12:59ZboklmUse Path::Tiny instead of File::Slurp in tools/clean-old and tools/dmg2marSimilarly to legacy/trac#24361 and legacy/trac#28771, we should replace uses of File::Slurp by Path::Tiny in tools/clean-old and tools/dmg2mar.Similarly to legacy/trac#24361 and legacy/trac#28771, we should replace uses of File::Slurp by Path::Tiny in tools/clean-old and tools/dmg2mar.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40578Add README to Tor Browser2023-01-05T14:22:24ZtraumschuleAdd README to Tor BrowserI am struck that there is none.
```
tor-browser8.5a1$ find |grep -i readme
./Browser/TorBrowser/Docs/Obfsproxy/README
./Browser/TorBrowser/Docs/fteproxy/README.md
./Browser/TorBrowser/Docs/meek/README
./Browser/TorBrowser/Docs/libfte/RE...I am struck that there is none.
```
tor-browser8.5a1$ find |grep -i readme
./Browser/TorBrowser/Docs/Obfsproxy/README
./Browser/TorBrowser/Docs/fteproxy/README.md
./Browser/TorBrowser/Docs/meek/README
./Browser/TorBrowser/Docs/libfte/README.md
./Browser/TorBrowser/Docs/snowflake/README.md
```