tor-browser-build issueshttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues2024-01-09T15:00:07Zhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41035Replace make list_translation_updates-release with make update_translation_gi...2024-01-09T15:00:07ZboklmReplace make list_translation_updates-release with make update_translation_git_hash-release```
* ma1 wonders why make list_translation_updates-release just tells you about the updated hashes rather than patching projects/translations/config directly
< boklm> ma1: I think because it was more work, but that looks like an impro...```
* ma1 wonders why make list_translation_updates-release just tells you about the updated hashes rather than patching projects/translations/config directly
< boklm> ma1: I think because it was more work, but that looks like an improvement we can do
```https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41032Add command to compare sha256sums-unsigned-build.txt from local build and dow...2024-01-09T14:59:40ZboklmAdd command to compare sha256sums-unsigned-build.txt from local build and downloaded buildFor #40997, in order to make it easier to check that a local build is
matching the published build, we can add some commands that will:
- download published build from archive.tpo
- compare `sha256sums-unsigned-build.txt` and
`sha256su...For #40997, in order to make it easier to check that a local build is
matching the published build, we can add some commands that will:
- download published build from archive.tpo
- compare `sha256sums-unsigned-build.txt` and
`sha256sums-unsigned-build.incrementals.txt` from local and downloaded
builds
- compare signed and unsigned exe files (#41030)
- compare signed and unsigned mar files (#41031)boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41019Sign dmg files2024-01-09T14:56:01ZboklmSign dmg filesWe are currently signing the content of dmg files, but not the dmg file
itself.We are currently signing the content of dmg files, but not the dmg file
itself.boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41013Add a README to each project2024-01-09T15:00:52ZPier Angelo VendrameAdd a README to each projectPart of tpo/community/hackweek#25.
- [x] android-toolchain
- [x] application-services
- [x] binutils
- [x] browser
- [x] cbindgen
- [x] cctools
- [x] clang
- [x] cmake
- [x] common
- [x] conjure
- [x] container-image
- [x] firefox
- [x]...Part of tpo/community/hackweek#25.
- [x] android-toolchain
- [x] application-services
- [x] binutils
- [x] browser
- [x] cbindgen
- [x] cctools
- [x] clang
- [x] cmake
- [x] common
- [x] conjure
- [x] container-image
- [x] firefox
- [x] firefox-android
- [x] firefox-l10n
- [x] fonts
- [x] fxc2
- [x] gcc
- [x] gcc-source
- [x] geckoview
- [x] glean
- [x] go
- [x] go-bootstrap
- [x] gradle
- [x] hfsplus-tools
- [x] libdmg-hfsplus
- [x] libevent
- [x] libtapi
- [x] llvm-project
- [x] llvm-runtimes
- [ ] lox-wasm --> need info from the AC team
- [x] lyrebird
- [x] macosx-toolchain
- [x] manual
- [x] mar-tools --> need info (maybe from boklm)
- [x] mingw-w64
- [x] mingw-w64-clang
- [x] mmdebstrap
- [x] mmdebstrap-image
- [x] nasm
- [x] ninja
- [x] node
- [x] nsis
- [x] openssl
- [x] osslsigncode
- [x] python
- [x] rcodesign
- [ ] release --> need info (from boklm)
- [x] rust
- [x] snowflake
- [x] tor
- [x] tor-android-service
- [x] tor-expert-bundle
- [x] tor-onion-proxy-library
- [x] translation
- [x] wasi-config
- [x] wasi-libc
- [x] wasi-sysroot
- [ ] wasm-bindgen --> need info (from cohosh)
- [x] webtunnel
- [ ] yubihsm-shell --> need info (maybe from boklm)
- [x] zlib
- [x] zstdPier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41012Create a script to produce a graph representation of dependencies2024-01-09T15:00:54ZPier Angelo VendrameCreate a script to produce a graph representation of dependenciesFrom tpo/community/hackweek#25: we could create a script to produce a visual representation of our dependencies.From tpo/community/hackweek#25: we could create a script to produce a visual representation of our dependencies.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41011Remove tor-onion-proxy-library project2023-11-06T23:31:41ZrichardRemove tor-onion-proxy-library projectThis will be deprecated with the remaining ~"Sponsor 96" work.This will be deprecated with the remaining ~"Sponsor 96" work.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41004Auto-build Tor + Mullvad Browsers on tag push2023-11-06T23:11:00ZrichardAuto-build Tor + Mullvad Browsers on tag pushWe chatted briefly last week about Mullvad somehow auto-building our browsers on tag push.
We would like to bring Mullvad into the build release verification process (eg as another builder) to give users further confidence that devs ar...We chatted briefly last week about Mullvad somehow auto-building our browsers on tag push.
We would like to bring Mullvad into the build release verification process (eg as another builder) to give users further confidence that devs are not collaborating to sneak malicious code into the build.
/cc @ruihildtjbjorkangjbjorkanghttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41003CI/CD Gitlab Actions2023-11-06T23:47:55ZrichardCI/CD Gitlab ActionsSome useful items that came out of our automation session:
- [ ] Building on Push (tor-browser, mullvad-browser, firefox-android)
- pull relevant artifacts from last succeeding nightly (toolchains, libs, etc)
- [ ] Linting check in MR...Some useful items that came out of our automation session:
- [ ] Building on Push (tor-browser, mullvad-browser, firefox-android)
- pull relevant artifacts from last succeeding nightly (toolchains, libs, etc)
- [ ] Linting check in MR
- [ ] Auto Rebase MR on upstream tag updates
- [ ] Integration Tests (tor-browser, mullvad-browser, firefox-anroid)
- [ ] TZP Fingerprinting Testinghttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41002Enable GeckoDriver on all desktop platforms2023-11-01T19:36:16ZrichardEnable GeckoDriver on all desktop platformsWe will need this for future tests on desktopWe will need this for future tests on desktophttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41001Create Release Prep MR generating script2023-11-06T23:10:47ZrichardCreate Release Prep MR generating scriptOur release process is a giant checklist living in a gitlab template which, while nice and organized and cool, could be partially automated. The things we've enumerated include:
- [ ] translation hash updates
- [ ] dependency checking a...Our release process is a giant checklist living in a gitlab template which, while nice and organized and cool, could be partially automated. The things we've enumerated include:
- [ ] translation hash updates
- [ ] dependency checking and config updating for:
- [ ] noscript
- [ ] ublock
- [ ] mullvad extension
- [ ] openssl
- [ ] zlib
- [ ] tor
- [ ] go
- [ ] manual
- [ ] tor-browser
- [ ] geckoview
- [ ] *improved* changelog generation (eg include esr/geckoview updates, etc)
- [ ] qa + release emails
- [ ] website MR
- [ ] blog MRrichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41000Automation2023-11-01T20:14:46ZrichardAutomation*The* Automation ~Meta Ticket tracking our myriad automation efforts
High level summary:
- Release Prep Automation
- basically convert as much of the checklist to an automatic'ish walk-through script
- Enable GeckoDriver everywhere...*The* Automation ~Meta Ticket tracking our myriad automation efforts
High level summary:
- Release Prep Automation
- basically convert as much of the checklist to an automatic'ish walk-through script
- Enable GeckoDriver everywhere
- CI/Automation
- Builds
- Linting
- Auto-rebasing
- Tests
- tor-browser/mullvad-browser specific tests
- TZP-based fingerprinting
- Fix+Run Mozilla Tests
- Builing Signing Improvements
- per build signing
- Mullvad Buildinghttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40999Do not enable CookieAuthentication by default2023-11-06T21:21:28ZPier Angelo VendrameDo not enable CookieAuthentication by defaultA use pointed out that [Mullvad suggests disabling](https://mullvad.net/en/help/tor-and-mullvad-vpn/) `CookieAuthentication`.
I think they're right: we will enable `CookieAuthentication` when needed (i.e., the user asked for it via envi...A use pointed out that [Mullvad suggests disabling](https://mullvad.net/en/help/tor-and-mullvad-vpn/) `CookieAuthentication`.
I think they're right: we will enable `CookieAuthentication` when needed (i.e., the user asked for it via environment variables), and in general, from `man tor` (emphasis mine):
> **CookieAuthentication 0|1**
>
> If this option is set to 1, allow connections on the control port when the connecting process knows the contents of a file named "control_auth_cookie", which Tor will create in its data directory. **This authentication method should only be used on systems with good filesystem security.** (Default: 0)https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40997Document how to verify reproducibility of build of a mullvad/tor browser release2023-11-30T11:45:24ZboklmDocument how to verify reproducibility of build of a mullvad/tor browser releaseI think many users don't know that our builds are reproducible, or how
they can rebuild to verify that they get a matching build.
We could generate a `reproducible-build.txt` file in the release
directory containing the following inform...I think many users don't know that our builds are reproducible, or how
they can rebuild to verify that they get a matching build.
We could generate a `reproducible-build.txt` file in the release
directory containing the following informations:
- which git repository to clone
- which commit to checkout
- which command to use to start the build
- which sha256sums to expect after the build finished
- how to remove embedded signatures from exe and mar files we publish
to check that they match the unsigned buildboklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40996Do not version the .nobackup files2023-11-01T18:02:15ZPier Angelo VendrameDo not version the .nobackup filesThe patch to add `.nobackup` files messes up some configurations that were possibile before when some directories were completely ignored by git.
We should revert it and create the various `.nobackup` files with RBM instead (or have the...The patch to add `.nobackup` files messes up some configurations that were possibile before when some directories were completely ignored by git.
We should revert it and create the various `.nobackup` files with RBM instead (or have the people create a `.nobackup` files manually in the root of their clones).boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40994Add support in do-all-signing to sign release for some archs only2023-12-07T13:28:57ZboklmAdd support in do-all-signing to sign release for some archs onlyCurrently when we want to sign a release for some of the platforms only,
we need to comment some steps in `do-all-signing`. We should add some
options to make it easier to disable/enable signing of some of the
platforms.Currently when we want to sign a release for some of the platforms only,
we need to comment some steps in `do-all-signing`. We should add some
options to make it easier to disable/enable signing of some of the
platforms.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40992Updated torbrowser_version number is not enough to change firefox-android ver...2024-03-05T16:18:43ZboklmUpdated torbrowser_version number is not enough to change firefox-android versionCode numberWhen a new Tor Browser version doesn't include any new firefox-android
commit, its versionCode number will not change, although
`MOZ_BUILD_DATE` is changing.
The reason is that the function `generateFennecVersionCode` in
`fenix/buildSrc...When a new Tor Browser version doesn't include any new firefox-android
commit, its versionCode number will not change, although
`MOZ_BUILD_DATE` is changing.
The reason is that the function `generateFennecVersionCode` in
`fenix/buildSrc/src/main/java/Config.kt` is taking the date from
`MOZ_BUILD_DATE` and using the number of hours from December 28, 2014,
to generate a versionCode. However, `MOZ_BUILD_DATE` is based on the
commit date, on which we add the Tor Browser version as seconds, so
when a new version doesn't change the `firefox-android`,
`MOZ_BUILD_DATE` will only be change by a few seconds, which is not
enough to make `generateFennecVersionCode` update the versionCode.
To fix this we can add an empty firefox-android commit as a quick
workaround for this release, before finding a better way to handle
changing `MOZ_BUILD_DATE` for new releases.boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40988Make tool to compare signed and unsigned dmg2023-11-16T12:21:47ZboklmMake tool to compare signed and unsigned dmgSince macos code signing is modifying binary files to embed code
signatures, it is not easy to check that the dmg from our reproducible
build and the signed dmg we publish are the same apart from the
signatures.
I think we could make a ...Since macos code signing is modifying binary files to embed code
signatures, it is not easy to check that the dmg from our reproducible
build and the signed dmg we publish are the same apart from the
signatures.
I think we could make a tool to compare a signed and unsigned dmg.
It seems there is a `codesign --remove-signature` command that can be
used on macos to remove signatures. I don't know if the same can be done
on linux.
Maybe `rcodesign compute-code-hashes` can also help for that.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40973dl.google.com is blocking Tor2023-10-11T21:24:37Zboklmdl.google.com is blocking TorWhen trying to download files from dl.google.com (for example
https://dl.google.com/android/repository/build-tools_r33.0.1-linux.zip)
using Tor, the answer is a 404 error. The same URL works without Tor.
In `projects/android-toolchain/c...When trying to download files from dl.google.com (for example
https://dl.google.com/android/repository/build-tools_r33.0.1-linux.zip)
using Tor, the answer is a 404 error. The same URL works without Tor.
In `projects/android-toolchain/config` we are downloading a few files
from dl.google.com, so this makes it difficult to build Tor Browser
using Tor.
Maybe we should mirror those files.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40964Create new Tor Browser gpg subkey2023-10-16T21:20:23ZboklmCreate new Tor Browser gpg subkeyAfter being extended by 5 months in #40957, the current Tor Browser gpg subkey will be expiring in some months. We should generate a new subkey and switch to it while the old one is still valid for a few months.After being extended by 5 months in #40957, the current Tor Browser gpg subkey will be expiring in some months. We should generate a new subkey and switch to it while the old one is still valid for a few months.boklmboklm2023-11-13https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40955Translate the Windows installer2024-01-12T09:26:02ZPier Angelo VendrameTranslate the Windows installerWe have a few strings in the NSIS installer that we don't translate.
NSIS itself doesn't have a nice way to create translations: we'd need to load strings at build time from a standard language and include them in the script.
See [Crea...We have a few strings in the NSIS installer that we don't translate.
NSIS itself doesn't have a nice way to create translations: we'd need to load strings at build time from a standard language and include them in the script.
See [Creating language files and integrating with MUI](https://nsis.sourceforge.io/Creating_language_files_and_integrating_with_MUI) and [`LangString`](https://nsis.sourceforge.io/Reference/LangString).