tor-browser-build issueshttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues2023-08-26T06:05:48Zhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40701Make GeckoView take the branch/tags from Firefox2023-08-26T06:05:48ZPier Angelo VendrameMake GeckoView take the branch/tags from FirefoxA while ago, we made GeckoView use the same branch as Firefox for desktop (tor-browser#41308).
However, we did not change the GeckoView project to use the same branch as Firefox, but we're keeping in sync always (even when we do desktop...A while ago, we made GeckoView use the same branch as Firefox for desktop (tor-browser#41308).
However, we did not change the GeckoView project to use the same branch as Firefox, but we're keeping in sync always (even when we do desktop-only changes or Android-only changes, even though the latter are definitely rarer).
We should modify GV's config to take the same branch as FF automatically.
Last nightly, for example, failed because I forgot to update the nightly has on GV.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40700provide the list of architectures as a json2023-08-28T16:17:12Zmeskiomeskio@torproject.orgprovide the list of architectures as a jsonNow that the downloads.json is splited by architecture (#40254) it will be really useful for the consumers (like gettor) of those files to be able to retrieve the full list of architectures.Now that the downloads.json is splited by architecture (#40254) it will be really useful for the consumers (like gettor) of those files to be able to retrieve the full list of architectures.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40698Update locale in tbb_version.json2023-01-05T15:08:16ZPier Angelo VendrameUpdate locale in tbb_version.json`tbb_version.json` includes `"locale":"en_US"`, but it isn't correct anymore, with multi-lingual builds.
We could either remove that key, or add an array with all the languages we support now. I'm not sure who's consuming that script.`tbb_version.json` includes `"locale":"en_US"`, but it isn't correct anymore, with multi-lingual builds.
We could either remove that key, or add an array with all the languages we support now. I'm not sure who's consuming that script.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40697Delete old tools2023-01-05T15:07:45ZPier Angelo VendrameDelete old toolsWe have `tools/repackage_browser.sh` which we don't use anymore (we've included similar scripts in tor-browser.git) and is wrong (still points to `en_US`).
And could we delete also `tools/clean-old` (modified 5 years ago)?We have `tools/repackage_browser.sh` which we don't use anymore (we've included similar scripts in tor-browser.git) and is wrong (still points to `en_US`).
And could we delete also `tools/clean-old` (modified 5 years ago)?https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40661Revert projects/mingw-w64-clang/mingw-windows_foundation.patch after upstream...2022-12-22T10:52:06ZrichardRevert projects/mingw-w64-clang/mingw-windows_foundation.patch after upstream widl issue is fixedUpstream: https://bugs.winehq.org/show_bug.cgi?id=53431Upstream: https://bugs.winehq.org/show_bug.cgi?id=53431https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40652Drop dependency on libssp2023-05-24T09:04:53ZPier Angelo VendrameDrop dependency on libsspWhen we update Mingw next time we should be able to drop it:
https://www.msys2.org/news/#2022-10-10-libssp-is-no-longer-required
We should also define `_FORTIFY_SOURCE` (or something similar).When we update Mingw next time we should be able to drop it:
https://www.msys2.org/news/#2022-10-10-libssp-is-no-longer-required
We should also define `_FORTIFY_SOURCE` (or something similar).https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40642statically-link dependencies into tor daemon2023-07-18T21:40:35Zrichardstatically-link dependencies into tor daemonWe ship our own versions of libevent, openssl, etc with tor in Tor Browser. This can cause issues when systems do not use these packaged libraries ( like in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41336 ).
We...We ship our own versions of libevent, openssl, etc with tor in Tor Browser. This can cause issues when systems do not use these packaged libraries ( like in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41336 ).
We should statically link our dependencies into the tor daemon. This will ensure we are actually, using the implementation we think we are, and it should reduce the final package/install size as LTO will ensure we are only building and linking in the symbols actually used.
Ricochet-Refresh builds openssl, zlib and libevent this way for tor on Windows (x86,x64), Linux (x86,x64), and macOS (x64):
- openssl: https://github.com/blueprint-freespeech/ricochet-build/tree/main/projects/openssl
- libvent: https://github.com/blueprint-freespeech/ricochet-build/tree/main/projects/libevent
- zlib: https://github.com/blueprint-freespeech/ricochet-build/tree/main/projects/zlib
- tor: https://github.com/blueprint-freespeech/ricochet-build/tree/main/projects/tor
Android is not currently built/supported so anything in there referncing it is left-overs from the original tor-browser-build fork.Marco SimonelliMarco Simonellihttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40601Windows installer should warn when user selects a system folder2022-08-15T21:54:56ZLunarWindows installer should warn when user selects a system folderThe Tor Browser is meant to be run from a user-writable folder. It might or might not work properly when installed in `C:\Programs` for example. The Windows installer should warn users that they are likely to run into problems when they ...The Tor Browser is meant to be run from a user-writable folder. It might or might not work properly when installed in `C:\Programs` for example. The Windows installer should warn users that they are likely to run into problems when they select system folders as where to install the Tor Browser.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40597Remove "Start " in "Start Tor Browser" shortcut2022-10-04T19:25:05ZTracRemove "Start " in "Start Tor Browser" shortcutIn Windows the shourtcut for starting Tor Browser is called "Start Tor Browser".
I suggest removing the "Start " part so its just "Tor Browser".
Other software shortcuts just have the name of the software and does not start with "Start "...In Windows the shourtcut for starting Tor Browser is called "Start Tor Browser".
I suggest removing the "Start " part so its just "Tor Browser".
Other software shortcuts just have the name of the software and does not start with "Start " in front of them.
**Trac**:
**Username**: scootergrisenhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40594Completely bootstrap Rust from source2022-12-22T15:49:10ZPier Angelo VendrameCompletely bootstrap Rust from source@JeremyRand suggested we use [mrustc](https://github.com/thepowersgang/mrustc) to remove the dependency on pre-built Rust binaries.
I believe it's a good idea, but not ready, yet: mrustc can bootstrap rustc 1.54.0, but we are using 1.60...@JeremyRand suggested we use [mrustc](https://github.com/thepowersgang/mrustc) to remove the dependency on pre-built Rust binaries.
I believe it's a good idea, but not ready, yet: mrustc can bootstrap rustc 1.54.0, but we are using 1.60.0 for 102.
We'd need to compile at least 2 or 3 intermediate version to get the version we want to use, so I think we should not pursue this option until upstream supports a version that can compile 1.60 (which we could help doing, if we'd really wanted to close this issue).
However, I think it is an idea worth following.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40579Check for `file` command in Tor Browser start script before using it2022-07-13T23:34:14ZGeorg KoppenCheck for `file` command in Tor Browser start script before using itIn `start-tor-browser` we do
```
SYSARCHITECTURE=$(getconf LONG_BIT)
TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
complain "Wrong architecture? 32-...In `start-tor-browser` we do
```
SYSARCHITECTURE=$(getconf LONG_BIT)
TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
complain "Wrong architecture? 32-bit vs. 64-bit."
exit 1
fi
```
to bail out early in case users have downloaded a bundle for the wrong architecture. Now, it turns out that there are Linux distros out there (NixOS seems to be one of those) that don't find `file` that way. A fix for that would be to check for the existence of `file` and if we can't find it to note that we assume the user knows what they are doing and proceed anyway.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40578Add README to Tor Browser2023-01-05T14:22:24ZtraumschuleAdd README to Tor BrowserI am struck that there is none.
```
tor-browser8.5a1$ find |grep -i readme
./Browser/TorBrowser/Docs/Obfsproxy/README
./Browser/TorBrowser/Docs/fteproxy/README.md
./Browser/TorBrowser/Docs/meek/README
./Browser/TorBrowser/Docs/libfte/RE...I am struck that there is none.
```
tor-browser8.5a1$ find |grep -i readme
./Browser/TorBrowser/Docs/Obfsproxy/README
./Browser/TorBrowser/Docs/fteproxy/README.md
./Browser/TorBrowser/Docs/meek/README
./Browser/TorBrowser/Docs/libfte/README.md
./Browser/TorBrowser/Docs/snowflake/README.md
```https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40570Don't include version information in GeckoView project2022-12-22T10:58:23ZGeorg KoppenDon't include version information in GeckoView projectWe include Tor Browser version information when building the Firefox
part, e.g. in order to get the (incremental) update files right (see:
tor-browser-build#18326) or before accessing the profile has been loaded (see: tor-browser-build#1...We include Tor Browser version information when building the Firefox
part, e.g. in order to get the (incremental) update files right (see:
tor-browser-build#18326) or before accessing the profile has been loaded (see: tor-browser-build#18325).
But that should not be needed when building the GeckoView .aar as the
application parts move to Fenix.
We should investigate and fix that as not needing to rebuild the whole
GeckoView for Android could speed up our mobile releases a lot in case we
need to get new ones out fast due to GeckoView unrelated reasons.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40565Potential Wayland dependency2022-10-08T02:54:47ZMatthew FinkelPotential Wayland dependencyWe received a report that Tor Browser 11.0 now fails to start on a (Gentoo) Linux machine that does not have Wayland installed. Firefox 91.3.0esr does start.
`libxul.so: undefined symbol: gdk_wayland_display_get_wl_compositor`We received a report that Tor Browser 11.0 now fails to start on a (Gentoo) Linux machine that does not have Wayland installed. Firefox 91.3.0esr does start.
`libxul.so: undefined symbol: gdk_wayland_display_get_wl_compositor`boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40563Start using a maintained version of osslsigncode for our authenticode signing2023-01-05T12:46:01ZGeorg KoppenStart using a maintained version of osslsigncode for our authenticode signing`osslsigncode` on SoureForge seems to be dead for a while now. It's worth switching to a maintained version, e.g. [mtrojnar's](https://github.com/mtrojnar/osslsigncode) one.`osslsigncode` on SoureForge seems to be dead for a while now. It's worth switching to a maintained version, e.g. [mtrojnar's](https://github.com/mtrojnar/osslsigncode) one.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40559Add Tor Browser-specific licenses in about:license2023-01-05T13:54:25ZMatthew FinkelAdd Tor Browser-specific licenses in about:licenseThis idea came out of legacy/trac#33771 and legacy/trac#33772. GeKo mentioned that we don't need to ship a specific license for NSS because it is covered by `about:license`, and we could use `about:license` for the additional licenses we...This idea came out of legacy/trac#33771 and legacy/trac#33772. GeKo mentioned that we don't need to ship a specific license for NSS because it is covered by `about:license`, and we could use `about:license` for the additional licenses we must ship, as well. Currently those Tor Browser-specific licenses are controlled by tor-browser-build and they are included as text files at build-time. Extending `about:license` is a good idea.
The main disadvantage I see is downstream projects who take a tor browser package and re-use all of the tor parts but they don't use the browser. We could achieve this by continuing with adding licenses in text files and then patching them into tor-browser's `toolkit/content/license.html` at build time. I'm not very excited about the additional complexity this would require, though.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40556Show the Tor Browser version number on f-droid (instead of firefox version)2022-08-02T12:17:24ZboklmShow the Tor Browser version number on f-droid (instead of firefox version)It seems that some users are confused by the version number that is shown on f-droid:
https://blog.torproject.org/comment/285989#comment-285989
It looks like the version number that is shown is the Firefox version on which it is based, ...It seems that some users are confused by the version number that is shown on f-droid:
https://blog.torproject.org/comment/285989#comment-285989
It looks like the version number that is shown is the Firefox version on which it is based, instead of the Tor Browser version.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40555Ship some build with debug logs enabled2023-01-05T14:29:59ZMatthew FinkelShip some build with debug logs enabledThere are safety concerns with enabling highly verbose logging on clients, and there are some additional questions we'll need to answer such as whether we disable safe logging (I suspect we should leave it enabled).
The goal is providin...There are safety concerns with enabling highly verbose logging on clients, and there are some additional questions we'll need to answer such as whether we disable safe logging (I suspect we should leave it enabled).
The goal is providing a build that allows easier debugging of connectivity problems. Maybe we should provide another bundle, as a troubleshooting build, instead of re-purposing nightly or alpha.
I can see this being useful for all platforms, but this is specifically needed on Android because it isn't possible to customize the torrc (see legacy/trac#29031).
In this build imagine setting tor INFO logging, and configuring obfs4proxy with `-enableLogging`. Somehow we'll need to give easy access to `obfs4proxy.log`, as well.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40554Move closer to the way Mozilla is signing macOS bundles2022-08-02T12:15:59ZGeorg KoppenMove closer to the way Mozilla is signing macOS bundlesMozilla is using a [bash script](https://searchfox.org/mozilla-esr68/source/security/mac/hardenedruntime/codesign.bash) `codesign.bash` for signing macOS bundles. We should go over it and include the finer-grained signing (different enti...Mozilla is using a [bash script](https://searchfox.org/mozilla-esr68/source/security/mac/hardenedruntime/codesign.bash) `codesign.bash` for signing macOS bundles. We should go over it and include the finer-grained signing (different entitlement files being used and sometimes entitlements are not even ready) into our setup.
(see: https://bugzilla.mozilla.org/show_bug.cgi?id=1593071 for important changes to that bash script)https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40553Move to different entitlements files for parent and child processes2024-03-21T07:58:03ZGeorg KoppenMove to different entitlements files for parent and child processesMozilla started to provide/use different entitlements files for parent and child processes to be able to provide a finer-grained ruleset for the hardening depending on process type:
https://bugzilla.mozilla.org/show_bug.cgi?id=1593071
h...Mozilla started to provide/use different entitlements files for parent and child processes to be able to provide a finer-grained ruleset for the hardening depending on process type:
https://bugzilla.mozilla.org/show_bug.cgi?id=1593071
https://bugzilla.mozilla.org/show_bug.cgi?id=1593072
We should do the same for Tor Browser.