tor-browser-build issueshttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues2020-12-04T19:08:21Zhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40147Remove workaround for core/tor#40172 once we pick up 0.4.5.2-alpha2020-12-04T19:08:21ZGeorg KoppenRemove workaround for core/tor#40172 once we pick up 0.4.5.2-alphaSee: !121 for details.See: !121 for details.Tor Browser: 10.5https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40146Do the signing of nightly mar files on tbb-nightlies-master.torproject.org2021-03-01T16:04:03ZboklmDo the signing of nightly mar files on tbb-nightlies-master.torproject.orgI think to do the nightly mar files signing on `tbb-nightlies-master.torproject.org` we need to do the following list of tasks:
- open a ticket to ask tpa to install some dependencies on tbb-nightlies-master.torproject.org. The list of d...I think to do the nightly mar files signing on `tbb-nightlies-master.torproject.org` we need to do the following list of tasks:
- open a ticket to ask tpa to install some dependencies on tbb-nightlies-master.torproject.org. The list of dependencies needed can be found in `tor-browser-build/tools/ansible/roles/tbb-nightly-signing/tasks/main.yml`. In addition we also need tor and torsocks to be installed (to download the mar files from the .onion of the build server).
- [x] tpo/tpa/team#40083
- in `tor-browser-build/tools/signing/nightly/config.yml`, we need to update `rsync_dest` to make it point to a local directory, and `post_rsync_cmd` to run `static-update-component nightlies.tbb.torproject.org`.
- [x] #40148
Then on `tbb-nightlies-master.torproject.org` as the `tbb-nightlies` user (with `sudo -u tbb-nightlies -s`):
- clone `tor-browser-build.git` somewhere in the `tbb-nightlies` home directory
- generate a new mar signing key, using the script `tor-browser-build/tools/signing/nightly/create-nightly-mar-signing-key`. We should then add this new key as a secondary key to `tor-browser.git`, then wait a few days (or weeks) before doing the next steps so that most users have the new key when we do the switch. Alternatively I can upload the current key if we want to keep using it and rotate to a new key later.
- [x] tor-browser#33803
- [x] #40138
- manually run `torsocks tor-browser-build/tools/signing/nightly/sign-nightly` to test the signing. For this test we should change `rsync_dest` in `tor-browser-build/tools/signing/nightly/config.yml` to a temporary directory to avoid conflict with the old signing VM (until it is ready to replace it).
- [x] #40182
- [x] #40185
- when it is ready, add `torsocks tor-browser-build/tools/signing/nightly/sign-nightly` to a cron job, to run it every 30 minutes
- [x] #40192
- remove the file `/etc/ssh/userkeys/tbb-nightlies` to remove access from the old signing VM
After a few days we should also remove the old mar signing key from `tor-browser.git`.
- [x] tor-browser#40274
- [x] #40203
- [x] #40229
- [x] #40231
- [ ] #40243
cc @gk, @sysrqbTor Browser: 10.5Georg KoppenGeorg Koppen2020-12-07https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40145Adapt Makefile to build from a single alpha tag for all platforms again2020-12-13T21:34:10ZGeorg KoppenAdapt Makefile to build from a single alpha tag for all platforms againWe are reducing our chaos caused by a load of different branches in the wake of the ESR and regular Firefox release channel split.
It's therefore time revert the changes in our `Makefile` that introduced a separate mobile alpha build ta...We are reducing our chaos caused by a load of different branches in the wake of the ESR and regular Firefox release channel split.
It's therefore time revert the changes in our `Makefile` that introduced a separate mobile alpha build target.Tor Browser: 10.5https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40138Move nightly signing key to tor-browser2022-04-04T17:53:05ZGeorg KoppenMove nightly signing key to tor-browserWhen fixing tor-browser#33803 we should make sure that the current nightly signing key is moved out of `tor-browser-build` as well (see: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33803#note_2671931).When fixing tor-browser#33803 we should make sure that the current nightly signing key is moved out of `tor-browser-build` as well (see: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33803#note_2671931).Tor Browser: 10.5Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40133Bump Rust to 1.43.0 for ESR 782020-11-08T15:37:32ZGeorg KoppenBump Rust to 1.43.0 for ESR 78While looking at the [minimum required Rust
version](https://searchfox.org/mozilla-esr78/source/python/mozboot/mozboot/base.py#161)
to build ESR 78 (1.41.1) I somehow missed that Mozilla is
[actually](https://bugzilla.mozilla.org/show_bu...While looking at the [minimum required Rust
version](https://searchfox.org/mozilla-esr78/source/python/mozboot/mozboot/base.py#161)
to build ESR 78 (1.41.1) I somehow missed that Mozilla is
[actually](https://bugzilla.mozilla.org/show_bug.cgi?id=1632723)
building ESR 78 with
[1.43.0](https://wiki.mozilla.org/Rust_Update_Policy_for_Firefox). We
should do the same to minimize toolchain differences between official
Firefox and Tor Browser builds.
Thanks to a cypherpunk for the reminder.Tor Browser: 10.5Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40128Do script for packaging and updating allowed_addons.json for Fenix2020-12-04T14:48:15ZAlex CatarineuDo script for packaging and updating allowed_addons.json for FenixFor fenix#40062 we shipped a default `allowed_addons.json` containing a list of allowed addons fetched from mozilla. We should create a script for keeping this list up-to-date and replace the default one from Fenix. We could also check t...For fenix#40062 we shipped a default `allowed_addons.json` containing a list of allowed addons fetched from mozilla. We should create a script for keeping this list up-to-date and replace the default one from Fenix. We could also check that the https-everywhere and noscript versions in this file are consistent with the ones we ship.Tor Browser: 10.5https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40112libstdc++.so.6 not stripped2021-01-20T18:56:24Zyanmaanilibstdc++.so.6 not strippedIn `tor-browser-build/projects/tor/build`, `libstdc++.so.6` is copied from GCC to the output:
```
# We need to copy the libstdc++.so.6 for Tor Browser on older Linux distros.
# Copying it into /Browser, which feels more natural, and ...In `tor-browser-build/projects/tor/build`, `libstdc++.so.6` is copied from GCC to the output:
```
# We need to copy the libstdc++.so.6 for Tor Browser on older Linux distros.
# Copying it into /Browser, which feels more natural, and amending
# LD_LIBRARY_PATH breaks updates from a Tor Browser with the old
# LD_LIBRARY_PATH value to the Tor Browser with the newer one. Thus, we copy
# the libstdc++ into the directory with the libs tor depends on, too. See bug
# 13359 for further details.
mkdir -p "$distdir/Tor/libstdc++"
cp /var/tmp/dist/gcc/[% c("var/libdir") %]/libstdc++.so.6 "$distdir/Tor/libstdc++/"
[% IF c("var/asan") -%]
cp /var/tmp/dist/gcc/[% c("var/libdir") %]/libasan.so.5 "$distdir/Tor/"
cp /var/tmp/dist/gcc/[% c("var/libdir") %]/libubsan.so.1 "$distdir/Tor/"
[% END -%]
chmod 700 "$distdir"/Tor/*.so*
chmod 700 "$distdir"/Tor/libstdc++/*.so*
```
This file is unstripped and contains debug info. Stripping it takes it from 17 MB to 2 MB, without any impact on functionality as far as I can tell. After compression, the entire tarball is 3MB smaller.
This should be a one-line change, provided `strip` is deterministic. I haven't looked into it.Tor Browser: 10.5https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4010310.5a1-build1 firefox-linux-i686 busted due to missing pulse2020-09-19T21:32:49ZMatthew Finkel10.5a1-build1 firefox-linux-i686 busted due to missing pulse```
0:24.70 checking for libpulse... no
0:24.70 ERROR: Package libpulse was not found in the pkg-config search path.
0:24.70 ERROR: Perhaps you should add the directory containing `libpulse.pc'
0:24.70 ERROR: to the PKG_CONFIG_PATH e...```
0:24.70 checking for libpulse... no
0:24.70 ERROR: Package libpulse was not found in the pkg-config search path.
0:24.70 ERROR: Perhaps you should add the directory containing `libpulse.pc'
0:24.70 ERROR: to the PKG_CONFIG_PATH environment variable
0:24.70 ERROR: No package 'libpulse' found
0:24.76 *** Fix above errors and then restart with\
0:24.76 "./mach build"
0:24.76 client.mk:111: recipe for target 'configure' failed
0:24.76 make: *** [configure] Error 1
```Tor Browser: 10.5https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40081Build with --enable-rust-simd2020-12-01T17:28:58ZGeorg KoppenBuild with --enable-rust-simdA cypherpunk pointed out that Mozilla ships their builds with
`--enable-rust-simd` and indeed if one downloads the source and builds
it then this option is not set but ["It is the default for CI and for
the builds we
ship."](https://bugz...A cypherpunk pointed out that Mozilla ships their builds with
`--enable-rust-simd` and indeed if one downloads the source and builds
it then this option is not set but ["It is the default for CI and for
the builds we
ship."](https://bugzilla.mozilla.org/show_bug.cgi?id=1578677#c4)
We should set it to, then.Tor Browser: 10.5https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40064Bump libevent to 2.1.122020-11-08T19:33:28ZGeorg KoppenBump libevent to 2.1.12Libevent 2.1.12 got a released a couple of weeks ago. We should start
using that one instead of 2.1.11.
- [x] #26238Libevent 2.1.12 got a released a couple of weeks ago. We should start
using that one instead of 2.1.11.
- [x] #26238Tor Browser: 10.5Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40041Remove Centos 6 support for Tor Browser 10.52020-09-18T20:37:38ZGeorg KoppenRemove Centos 6 support for Tor Browser 10.5There are CentOS 6 bits in our tor-browser-build parts that we should
remove (there is at least the one in `start-firefox`) for 10.5.There are CentOS 6 bits in our tor-browser-build parts that we should
remove (there is at least the one in `start-firefox`) for 10.5.Tor Browser: 10.5Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/34360Bump binutils version to 2.35.12021-12-21T08:54:46ZGeorg KoppenBump binutils version to 2.35.1We are using a rather old binutils version. Let's bump it to the latest, 2.35.1We are using a rather old binutils version. Let's bump it to the latest, 2.35.1Tor Browser: 10.5Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/34108Write script to keep track of toolchain changes2021-06-22T14:26:54ZGeorg KoppenWrite script to keep track of toolchain changesWe have a lot of different requirements for our toolchain (see: legacy/trac#33557) due to a number of different projects involved in building Fenix. We should write a script that we run periodically to keep track of necessary toolchain c...We have a lot of different requirements for our toolchain (see: legacy/trac#33557) due to a number of different projects involved in building Fenix. We should write a script that we run periodically to keep track of necessary toolchain changes ahead of time.Tor Browser: 10.5boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/26238Move from Debian Wheezy to Debian Jessie for our Linux builds2020-10-03T07:49:50ZGeorg KoppenMove from Debian Wheezy to Debian Jessie for our Linux buildsDebian Wheezy is about to get unsupported and we should move to Debian Jessie for our Linux builds. This has the additional advantage that we don't have different Debian versions anymore to build bundles for all of our supported platform...Debian Wheezy is about to get unsupported and we should move to Debian Jessie for our Linux builds. This has the additional advantage that we don't have different Debian versions anymore to build bundles for all of our supported platforms: We are then using Debian Jessie everywhere.
The only worrying situation is the CentOS one. We should think about whether we still can and want to support CentOS 6 (which we need to do anyway while switching to Firefox ESR 60 which requires GTK3) and what the CentOS 7 situation is if we start building using Jessie.
- [x] #40041
- [x] tor-browser#40089Tor Browser: 10.5Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/23631Improve sudo need2021-03-01T16:46:05ZTom Rittertom@ritter.vgImprove sudo needRight now the Tor Browser build takes a long time, and sudo is needed periodically throughout it. This means you have to either run it as root, babysit it, or set your user account up with passwordless sudo. All of those kinda stink.
It...Right now the Tor Browser build takes a long time, and sudo is needed periodically throughout it. This means you have to either run it as root, babysit it, or set your user account up with passwordless sudo. All of those kinda stink.
It's be cool if we could improve that a bit. Ideas:
- Write a setuid program that execs the necessary commands but provides input and directory filtering (directory path either compiled in or read from a root-owned file I guess)
- Same idea but instead of setuid, it's set up to be run with passwordless sudo
- Somehow request sudo access in the beginning and retain it through the whole script (without running everything as root)Tor Browser: 10.5boklmboklm