tor-browser-build issueshttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues2023-01-05T14:15:59Zhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/31688go build/install should pass -trimpath flag2023-01-05T14:15:59ZJeremyRandgo build/install should pass -trimpath flagGo 1.13 added a `-trimpath` flag to `go build` and `go install`, which removes all filesystem paths from the compiled executable. This fixes some reproducible build issues. To ensure optimal build reproducibility, `tor-browser-build` s...Go 1.13 added a `-trimpath` flag to `go build` and `go install`, which removes all filesystem paths from the compiled executable. This fixes some reproducible build issues. To ensure optimal build reproducibility, `tor-browser-build` should pass `-trimpath` when building Go projects.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/31581KDE Desktop file error2022-10-06T01:19:17ZTracKDE Desktop file errorThe freedesktop spec for .desktop files requires the '\' char be escaped. In your desktop file, the Exec= command contains a continuation char with the rest of the command on the next line. Kwinini flags that as an error, no '='.
To fix...The freedesktop spec for .desktop files requires the '\' char be escaped. In your desktop file, the Exec= command contains a continuation char with the rest of the command on the next line. Kwinini flags that as an error, no '='.
To fix, replace the end of the Exec command with "\\" which escapes the bash continuation char.
Tor v8.5.4
**Trac**:
**Username**: Psnarfhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/31517Simplify macOS related bits in Firefox project2023-01-05T12:45:16ZGeorg KoppenSimplify macOS related bits in Firefox projectlegacy/trac#30323 included already simplifications made in https://bugzilla.mozilla.org/show_bug.cgi?id=1513798 but not all of them due to breakage. We should follow-up on that and bring our compile instructions closer to what Mozilla is...legacy/trac#30323 included already simplifications made in https://bugzilla.mozilla.org/show_bug.cgi?id=1513798 but not all of them due to breakage. We should follow-up on that and bring our compile instructions closer to what Mozilla is deploying.boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/31133Build Tor Browser with PGO enabled on Linux2023-01-05T14:15:04ZGeorg KoppenBuild Tor Browser with PGO enabled on LinuxMozilla is publishing the PGO profiles for Linux at least (Windows is supposed to follow with Firefox 69 and macOS has no PGO) and the build as of Firefox 68 is still reproducible (including LTO): https://glandium.org/blog/?p=3923.
We s...Mozilla is publishing the PGO profiles for Linux at least (Windows is supposed to follow with Firefox 69 and macOS has no PGO) and the build as of Firefox 68 is still reproducible (including LTO): https://glandium.org/blog/?p=3923.
We should try this out for performance improvements.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/30334build_go_lib for executables?2023-01-05T15:06:53ZJeremyRandbuild_go_lib for executables?Is there a reason that build_go_lib (from the go project in tor-browser-build) is only used for libraries and not executables? At first glance, it seems to me that using it (or something very similar) for executables as well would cut d...Is there a reason that build_go_lib (from the go project in tor-browser-build) is only used for libraries and not executables? At first glance, it seems to me that using it (or something very similar) for executables as well would cut down on boilerplate / code duplication. Would a patch be accepted that adapted the meek/obfs4/snowflake projects in tor-browser-build to use build_go_lib (or an executable-focused analogue of it)?https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/30283Build nightlies over the weekend from scratch2023-01-05T14:14:50ZGeorg KoppenBuild nightlies over the weekend from scratchWe should find issues with one of our build dependencies as early as possible. Cached artifacts as we use them now make this harder. boklm had the idea to build everything from scratch over the weekend as there are often not that many ne...We should find issues with one of our build dependencies as early as possible. Cached artifacts as we use them now make this harder. boklm had the idea to build everything from scratch over the weekend as there are often not that many new commits to build anyway during that time. That way we'd get notified much faster about issues like legacy/trac#30280.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/30169Create repos on our infrastructure for TOPL related code2022-08-03T13:51:52ZGeorg KoppenCreate repos on our infrastructure for TOPL related codeWe should, now after merging and deploying Tor Onion Proxy Library code (see legacy/trac#27609 and child tickets), get the code onto into our tpo git infrastructure, I think, and create additional user repositories if needed.
So, having...We should, now after merging and deploying Tor Onion Proxy Library code (see legacy/trac#27609 and child tickets), get the code onto into our tpo git infrastructure, I think, and create additional user repositories if needed.
So, having some tor-onion-proxy-library repo we use (and for which the github one could be the official upstream) and one for tor-android-service where we can tag and sign releases would be a good start. Not sure if there is more we should consider.
Then we can get changes to any of the new projects treated with our normal code review and commit push process.
We should think about who should have push access to those repos. I think sisbell, sysrqb, and I could be a decent start for that.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/30118var/build_id should be stable accross build machines2023-01-05T12:55:52Zboklmvar/build_id should be stable accross build machinesThe `var/build_id` value, which is included in filenames, is a hash of all the inputs used to create a build.
In theory this hash should be the same on different build machines. However it seems it is not always the case, at least for t...The `var/build_id` value, which is included in filenames, is a hash of all the inputs used to create a build.
In theory this hash should be the same on different build machines. However it seems it is not always the case, at least for the android build, and we should find out why.
This command can be used to see the filename of Tor Browser alpha for android-armv7:
```
./rbm/rbm showconf tor-browser filename --target alpha --target torbrowser-android-armv7
```https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/29766Get us closer to use release build config2023-06-01T16:35:16ZcypherpunksGet us closer to use release build configTo make releases look more like Releases:
https://gitweb.torproject.org/tor-browser.git/tree/build/unix/mozconfig.linux32?h=tor-browser-60.5.1esr-8.5-1
legacy/trac#23656 Use .mozconfig files in tor-browser repo for rbm builds
`+ac_add...To make releases look more like Releases:
https://gitweb.torproject.org/tor-browser.git/tree/build/unix/mozconfig.linux32?h=tor-browser-60.5.1esr-8.5-1
legacy/trac#23656 Use .mozconfig files in tor-browser repo for rbm builds
`+ac_add_options --enable-debug-symbols=""`
`+export BUILDING_RELEASE=1` (https://gitweb.torproject.org/tor-browser.git/tree/browser/config/mozconfigs/linux64/release?h=tor-browser-60.5.1esr-8.5-1)
`-mk_add_options BUILD_OFFICIAL=1`
`-mk_add_options MOZILLA_OFFICIAL=1`
`-ac_add_options --enable-default-toolkit=cairo-windows`
legacy/trac#29081 libwinpthread.dll has no ASLR
`-O2` (`-O3` for js) for mingw
`-no-seh` for win32https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/29694Build Go binaries with `-buildmode=pie"?2023-01-05T14:13:35ZGeorg KoppenBuild Go binaries with `-buildmode=pie"?I was looking a bit how the `obfs4proxy` binary gets build for Android today and it turns out that Briar etc. use `-buildmode=pie`. Currently our Linux binaries have no PIE and no RELRO (but Stack Canaries, NX etc. enabled). Trying with ...I was looking a bit how the `obfs4proxy` binary gets build for Android today and it turns out that Briar etc. use `-buildmode=pie`. Currently our Linux binaries have no PIE and no RELRO (but Stack Canaries, NX etc. enabled). Trying with `-buildmode=pie` results in "PIE enabled" but somewhat surprisingly our stack canaries are gone (but we get partial RELRO).
So, generally, should we start using PIE mode (and `-extldflags=-pie` where needed)? Or are we good with what we have?https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/29615Adjust creation of buildID script2023-02-01T12:10:28ZGeorg KoppenAdjust creation of buildID scriptWe should adjust the creation of our build ID script to make sure we have a larger space using the months available (currently Tor Browser 17 is the last major version that produces valid buildIDs). And we should think about a good way t...We should adjust the creation of our build ID script to make sure we have a larger space using the months available (currently Tor Browser 17 is the last major version that produces valid buildIDs). And we should think about a good way to implement something where we don't need to worry about the buildID creation in the future anymore.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/29324Build zlib with mingw-w64/clang2023-01-05T14:13:45ZGeorg KoppenBuild zlib with mingw-w64/clangRight now we build with mingw-w64/gcc but we should switch to mingw-w64/clang as well for zlib.Right now we build with mingw-w64/gcc but we should switch to mingw-w64/clang as well for zlib.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/29320Use mingw-w64/clang toolchain to build Rust2022-08-17T17:47:33ZGeorg KoppenUse mingw-w64/clang toolchain to build RustWe should ditch mingw-w64/gcc for Rust.We should ditch mingw-w64/gcc for Rust.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/29318Drop mingw-w64/gcc toolchain2024-01-10T13:32:54ZGeorg KoppenDrop mingw-w64/gcc toolchainThis ticket is the parent ticket for all things related to dropping the mingw-w64/gcc toolchain in favor of our new mingw-w64/clang one.This ticket is the parent ticket for all things related to dropping the mingw-w64/gcc toolchain in favor of our new mingw-w64/clang one.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/29041Compile clang closer to how Mozilla does it2023-01-05T14:13:28ZGeorg KoppenCompile clang closer to how Mozilla does itWe compile clang differently to how Mozilla does it: Mozilla has an elaborate setup with three stages (if needed) (see: https://hg.mozilla.org/releases/mozilla-esr60/file/248ca5c585f8/build/build-clang/build-clang.py) while we essentiall...We compile clang differently to how Mozilla does it: Mozilla has an elaborate setup with three stages (if needed) (see: https://hg.mozilla.org/releases/mozilla-esr60/file/248ca5c585f8/build/build-clang/build-clang.py) while we essentially "just" do what is outlined on https://clang.llvm.org/get_started.html.
We should change that and get our toolchain closer to what Mozilla provides.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/28830Clean up tor-browser-build build scripts/config files2023-01-05T14:13:21ZGeorg KoppenClean up tor-browser-build build scripts/config filesWe should go over the projects we have in `tor-browser-build` and clean up build scripts and config files if needed.
Areas we could/should cover:
1) We sometimes have several platform related blocks in one build script which could be c...We should go over the projects we have in `tor-browser-build` and clean up build scripts and config files if needed.
Areas we could/should cover:
1) We sometimes have several platform related blocks in one build script which could be confusing. Can we merge those (or some of them) while still keeping the overall flow of the script logic?
2) Duplicating platform-specific and !platform-specific commands, e.g. `cd $distdir` in
```
[% IF c("var/osx") %]
LIBEVENT_FILE=`basename $libeventdir/lib/libevent-*.dylib`
cd $distdir
cp bin/tor $TORBINDIR/
cd $TORBINDIR/
x86_64-apple-darwin11-install_name_tool -change $libeventdir/lib/$LIBEVENT_FILE @executable_path/$LIBEVENT_FILE tor
[% END %]
cd $distdir
```
3)...Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/28811Enabling Clang's CFG for mingw-clang Windows builds2023-01-05T14:13:04ZTom Rittertom@ritter.vgEnabling Clang's CFG for mingw-clang Windows buildsWhen we're using mingw-clang, we can enable guard:cf pretty easily: https://bugzilla.mozilla.org/show_bug.cgi?id=1485016
This enforce Control Flow checks in system libraries on Windows. It is not as strong as, nor a replacement for, ena...When we're using mingw-clang, we can enable guard:cf pretty easily: https://bugzilla.mozilla.org/show_bug.cgi?id=1485016
This enforce Control Flow checks in system libraries on Windows. It is not as strong as, nor a replacement for, enabling clang's CFI checks.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/28782Use Path::Tiny instead of File::Slurp in tools/clean-old and tools/dmg2mar2023-01-05T14:12:59ZboklmUse Path::Tiny instead of File::Slurp in tools/clean-old and tools/dmg2marSimilarly to legacy/trac#24361 and legacy/trac#28771, we should replace uses of File::Slurp by Path::Tiny in tools/clean-old and tools/dmg2mar.Similarly to legacy/trac#24361 and legacy/trac#28771, we should replace uses of File::Slurp by Path::Tiny in tools/clean-old and tools/dmg2mar.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/28595Remove the need to update var/gradle_dependencies_version2022-08-03T12:38:51ZboklmRemove the need to update var/gradle_dependencies_versionCurrently we need to update `var/gradle_dependencies_version` each time `gradle-dependencies-list.txt` is updated.
If you change `gradle-dependencies-list.txt` without updating `var/gradle_dependencies_version`, then you can easily end ...Currently we need to update `var/gradle_dependencies_version` each time `gradle-dependencies-list.txt` is updated.
If you change `gradle-dependencies-list.txt` without updating `var/gradle_dependencies_version`, then you can easily end up with the wrong list of gradle dependencies being used in a build.
To avoid this we should see if we can make the gradle dependencies be fetched again automatically when `gradle-dependencies-list.txt` has been updated, without the need to update `var/gradle_dependencies_version`.boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/28326Tor Browser for PPC64LE2023-01-05T18:13:32ZTracTor Browser for PPC64LEI'm here to request a Tor Browser for Debian to get compiled for ppc64le architecture.
Power architecture is the only open hardware, so i think it's important for a project like Tor to support this architecture, avoiding potential backdo...I'm here to request a Tor Browser for Debian to get compiled for ppc64le architecture.
Power architecture is the only open hardware, so i think it's important for a project like Tor to support this architecture, avoiding potential backdoor on closed system.
The follow link could probably be usefull for build it correctly
https://www.talospace.com/2018/09/more-power-in-firefox-62.html
https://www.talospace.com/2018/10/patches-needed-for-firefox-63.html
If you need a ppc64le machine it will provided a cloud access for free, ask to https://twitter.com/RaptorCompSys for building and testing Tor Browser
No secure comunications is really secure on closed system, so to support an open architecture should be a priority for a project who looking for a digital freedom
**Trac**:
**Username**: power9boklmboklm