June 2014 - tbb-commits - lists.torproject.org

[tor-browser/tor-browser-24.6.0esr-4.x-1] Add a pref, "privacy.thirdparty.isolate", to allow the activation or deactivation of isolating DOM storage and image caching by first party URI.
by mikeperry＠torproject.org 26 Jun '14

26 Jun '14

commit d0062623b1cb82844bd83af308515d86ccc610a3 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Thu Apr 17 16:39:37 2014 -0700 Add a pref, "privacy.thirdparty.isolate", to allow the activation or deactivation of isolating DOM storage and image caching by first party URI. --- browser/app/profile/firefox.js | 8 ++ content/base/src/ThirdPartyUtil.cpp | 34 ++++++++ content/base/src/ThirdPartyUtil.h | 1 + content/base/src/nsContentUtils.cpp | 28 +++---- docshell/base/nsDocShell.cpp | 10 +-- dom/base/nsGlobalWindow.cpp | 28 +++---- dom/base/nsGlobalWindow.h | 2 +- dom/interfaces/storage/nsIDOMStorageManager.idl | 14 ++-- dom/src/storage/DOMStorageCache.cpp | 4 +- dom/src/storage/DOMStorageCache.h | 6 +- dom/src/storage/DOMStorageManager.cpp | 44 +++++----- dom/src/storage/DOMStorageManager.h | 4 +- embedding/browser/webBrowser/nsContextMenuInfo.cpp | 8 +- image/public/imgILoader.idl | 4 +- image/src/imgLoader.cpp | 84 ++++++++------------ image/src/imgLoader.h | 6 +- image/src/imgRequest.cpp | 8 +- image/src/imgRequest.h | 4 +- layout/generic/nsImageFrame.cpp | 22 ++--- netwerk/base/public/mozIThirdPartyUtil.idl | 23 ++++++ widget/cocoa/nsMenuItemIconX.mm | 8 +- 21 files changed, 200 insertions(+), 150 deletions(-) diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js index 56ae000..ae78798 100644 --- a/browser/app/profile/firefox.js +++ b/browser/app/profile/firefox.js @@ -517,6 +517,14 @@ pref("privacy.sanitize.migrateFx3Prefs", false); pref("network.proxy.share_proxy_settings", false); // use the same proxy settings for all protocols +// The privacy.thirdparty.isolate pref determines whether +// an isolated DOM Storage map and image cache are +// maintained for each URL bar domain. +// 0 - No isolation +// 1 - Enable isolation in private windows +// 2 - Enable isolation everywhere +pref("privacy.thirdparty.isolate", 1); + // simple gestures support pref("browser.gesture.swipe.left", "Browser:BackOrBackDuplicate"); pref("browser.gesture.swipe.right", "Browser:ForwardOrForwardDuplicate"); diff --git a/content/base/src/ThirdPartyUtil.cpp b/content/base/src/ThirdPartyUtil.cpp index 55eb316..06b2a14 100644 --- a/content/base/src/ThirdPartyUtil.cpp +++ b/content/base/src/ThirdPartyUtil.cpp @@ -3,6 +3,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "ThirdPartyUtil.h" +#include "mozilla/Preferences.h" #include "nsNetUtil.h" #include "nsIServiceManager.h" #include "nsIHttpChannelInternal.h" @@ -411,6 +412,39 @@ ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI, return NS_OK; } +// Returns true if First Party Isolation is currently active for the given nsIChannel. +// Depends on Preference setting and possibly the state of Private Browsing mode. +bool ThirdPartyUtil::IsFirstPartyIsolationActive(nsIChannel *aChannel, nsIDocument *aDoc) +{ + int32_t isolationState = mozilla::Preferences::GetInt("privacy.thirdparty.isolate"); + if (isolationState == 1) { + if (!aChannel && aDoc) { + // No channel passed directly. Can we get a channel from aDoc? + aChannel = aDoc->GetChannel(); + } + return aChannel && NS_UsePrivateBrowsing(aChannel); + } else { // (isolationState == 0) || (isolationState == 2) + return (isolationState == 2); + } +} + +// Produces a URI that uniquely identifies the first party to which +// image cache and dom storage objects should be isolated. If isolation +// is deactivated, then aOutput will return null. +// Not scriptable due to the use of an nsIDocument parameter. +NS_IMETHODIMP +ThirdPartyUtil::GetFirstPartyIsolationURI(nsIChannel *aChannel, nsIDocument *aDoc, nsIURI **aOutput) +{ + bool isolationActive = IsFirstPartyIsolationActive(aChannel, aDoc); + if (isolationActive) { + return GetFirstPartyURI(aChannel, aDoc, aOutput); + } else { + // We return a null pointer when isolation is off. + *aOutput = nullptr; + return NS_OK; + } +} + // Not scriptable due to the use of an nsIDocument parameter. NS_IMETHODIMP ThirdPartyUtil::GetFirstPartyURI(nsIChannel *aChannel, diff --git a/content/base/src/ThirdPartyUtil.h b/content/base/src/ThirdPartyUtil.h index 8777f44..c90dbad 100644 --- a/content/base/src/ThirdPartyUtil.h +++ b/content/base/src/ThirdPartyUtil.h @@ -27,6 +27,7 @@ public: private: nsresult IsThirdPartyInternal(const nsCString& aFirstDomain, nsIURI* aSecondURI, bool* aResult); + bool IsFirstPartyIsolationActive(nsIChannel* aChannel, nsIDocument* aDoc); bool SchemeIsWhiteListed(nsIURI *aURI); static already_AddRefed<nsIURI> GetURIFromWindow(nsIDOMWindow* aWin); static nsresult GetOriginatingURI(nsIChannel *aChannel, nsIURI **aURI); diff --git a/content/base/src/nsContentUtils.cpp b/content/base/src/nsContentUtils.cpp index db038bf..308cea8 100644 --- a/content/base/src/nsContentUtils.cpp +++ b/content/base/src/nsContentUtils.cpp @@ -2693,22 +2693,22 @@ nsContentUtils::LoadImage(nsIURI* aURI, nsIDocument* aLoadingDocument, // Make the URI immutable so people won't change it under us NS_TryToSetImmutable(aURI); - nsCOMPtr<nsIURI> firstPartyURI; + nsCOMPtr<nsIURI> firstPartyIsolationURI; nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc = do_GetService(THIRDPARTYUTIL_CONTRACTID); - thirdPartySvc->GetFirstPartyURI(nullptr, aLoadingDocument, - getter_AddRefs(firstPartyURI)); - - return imgLoader->LoadImage(aURI, /* uri to load */ - firstPartyURI, /* firstPartyURI */ - aReferrer, /* referrer */ - aLoadingPrincipal, /* loading principal */ - loadGroup, /* loadgroup */ - aObserver, /* imgINotificationObserver */ - aLoadingDocument, /* uniquification key */ - aLoadFlags, /* load flags */ - nullptr, /* cache key */ - channelPolicy, /* CSP info */ + thirdPartySvc->GetFirstPartyIsolationURI(nullptr, aLoadingDocument, + getter_AddRefs(firstPartyIsolationURI)); + + return imgLoader->LoadImage(aURI, /* uri to load */ + firstPartyIsolationURI, /* firstPartyIsolationURI, NULL if isolation is not active */ + aReferrer, /* referrer */ + aLoadingPrincipal, /* loading principal */ + loadGroup, /* loadgroup */ + aObserver, /* imgINotificationObserver */ + aLoadingDocument, /* uniquification key */ + aLoadFlags, /* load flags */ + nullptr, /* cache key */ + channelPolicy, /* CSP info */ aRequest); } diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index 8963ea0..205b197 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -2698,18 +2698,18 @@ nsDocShell::GetSessionStorageForPrincipal(nsIPrincipal* aPrincipal, return NS_ERROR_FAILURE; nsCOMPtr<nsIDocument> doc(do_GetInterface(GetAsSupports(this))); - nsCOMPtr<nsIURI> firstPartyURI; - nsresult rv = thirdPartyUtil->GetFirstPartyURI(nullptr, doc, - getter_AddRefs(firstPartyURI)); + nsCOMPtr<nsIURI> firstPartyIsolationURI; + nsresult rv = thirdPartyUtil->GetFirstPartyIsolationURI(nullptr, doc, + getter_AddRefs(firstPartyIsolationURI)); NS_ENSURE_SUCCESS(rv, rv); if (aCreate) { - return manager->CreateStorageForFirstParty(firstPartyURI, + return manager->CreateStorageForFirstParty(firstPartyIsolationURI, aPrincipal, aDocumentURI, mInPrivateBrowsing, aStorage); } - return manager->GetStorageForFirstParty(firstPartyURI, aPrincipal, + return manager->GetStorageForFirstParty(firstPartyIsolationURI, aPrincipal, mInPrivateBrowsing, aStorage); } diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp index 5a0998a..7c742b0 100644 --- a/dom/base/nsGlobalWindow.cpp +++ b/dom/base/nsGlobalWindow.cpp @@ -2604,8 +2604,8 @@ nsGlobalWindow::PreloadLocalStorage() } nsresult rv; - nsCOMPtr<nsIURI> firstPartyURI; - rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI)); + nsCOMPtr<nsIURI> firstPartyIsolationURI; + rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI)); if (NS_FAILED(rv)) { return; } @@ -2616,7 +2616,7 @@ nsGlobalWindow::PreloadLocalStorage() return; } - storageManager->PrecacheStorageForFirstParty(firstPartyURI, principal); + storageManager->PrecacheStorageForFirstParty(firstPartyIsolationURI, principal); } void @@ -6665,7 +6665,7 @@ nsGlobalWindow::CallerInnerWindow() } nsresult -nsGlobalWindow::GetFirstPartyURI(nsIURI** aFirstPartyURI) +nsGlobalWindow::GetFirstPartyIsolationURI(nsIURI** aFirstPartyIsolationURI) { nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil = do_GetService(THIRDPARTYUTIL_CONTRACTID); @@ -6673,7 +6673,7 @@ nsGlobalWindow::GetFirstPartyURI(nsIURI** aFirstPartyURI) return NS_ERROR_FAILURE; nsCOMPtr<nsIDocument> doc = do_QueryInterface(mDoc); - return thirdPartyUtil->GetFirstPartyURI(NULL, doc, aFirstPartyURI); + return thirdPartyUtil->GetFirstPartyIsolationURI(NULL, doc, aFirstPartyIsolationURI); } @@ -8984,11 +8984,11 @@ nsGlobalWindow::GetSessionStorage(nsIDOMStorage ** aSessionStorage) nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(docShell); - nsCOMPtr<nsIURI> firstPartyURI; - rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI)); + nsCOMPtr<nsIURI> firstPartyIsolationURI; + rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI)); NS_ENSURE_SUCCESS(rv, rv); - rv = storageManager->CreateStorageForFirstParty(firstPartyURI, principal, + rv = storageManager->CreateStorageForFirstParty(firstPartyIsolationURI, principal, documentURI, loadContext && loadContext->UsePrivateBrowsing(), getter_AddRefs(mSessionStorage)); @@ -9056,14 +9056,14 @@ nsGlobalWindow::GetLocalStorage(nsIDOMStorage ** aLocalStorage) mDoc->GetDocumentURI(documentURI); } - nsCOMPtr<nsIURI> firstPartyURI; - rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI)); + nsCOMPtr<nsIURI> firstPartyIsolationURI; + rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI)); NS_ENSURE_SUCCESS(rv, rv); nsIDocShell* docShell = GetDocShell(); nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(docShell); - rv = storageManager->CreateStorageForFirstParty(firstPartyURI, principal, + rv = storageManager->CreateStorageForFirstParty(firstPartyIsolationURI, principal, documentURI, loadContext && loadContext->UsePrivateBrowsing(), getter_AddRefs(mLocalStorage)); @@ -9681,11 +9681,11 @@ nsGlobalWindow::Observe(nsISupports* aSubject, const char* aTopic, nsCOMPtr<nsIDOMStorageManager> storageManager = do_QueryInterface(GetDocShell()); if (storageManager) { nsresult rv; - nsCOMPtr<nsIURI> firstPartyURI; - rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI)); + nsCOMPtr<nsIURI> firstPartyIsolationURI; + rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI)); NS_ENSURE_SUCCESS(rv, rv); - rv = storageManager->CheckStorageForFirstParty(firstPartyURI, + rv = storageManager->CheckStorageForFirstParty(firstPartyIsolationURI, principal, changingStorage, &check); NS_ENSURE_SUCCESS(rv, rv); } diff --git a/dom/base/nsGlobalWindow.h b/dom/base/nsGlobalWindow.h index af012bc..da6b54d 100644 --- a/dom/base/nsGlobalWindow.h +++ b/dom/base/nsGlobalWindow.h @@ -1092,7 +1092,7 @@ protected: nsresult RequestAnimationFrame(const nsIDocument::FrameRequestCallbackHolder& aCallback, int32_t* aHandle); - nsresult GetFirstPartyURI(nsIURI** aFirstPartyURI); + nsresult GetFirstPartyIsolationURI(nsIURI** aFirstPartyIsolationURI); // When adding new member variables, be careful not to create cycles // through JavaScript. If there is any chance that a member variable diff --git a/dom/interfaces/storage/nsIDOMStorageManager.idl b/dom/interfaces/storage/nsIDOMStorageManager.idl index 6d1c5fc..ea7246e 100644 --- a/dom/interfaces/storage/nsIDOMStorageManager.idl +++ b/dom/interfaces/storage/nsIDOMStorageManager.idl @@ -21,13 +21,13 @@ interface nsIDOMStorageManager : nsISupports * This starts async preloading of a storage cache for scope * defined by the principal. * - * @param aFirstPartyURI + * @param aFirstPartyIsolationURI * First party URI to bound storage to. * @param aPrincipal * Principal to bound storage to. */ void precacheStorage(in nsIPrincipal aPrincipal); - void precacheStorageForFirstParty(in nsIURI aFirstPartyURI, + void precacheStorageForFirstParty(in nsIURI aFirstPartyIsolationURI, in nsIPrincipal aPrincipal); /** @@ -35,7 +35,7 @@ interface nsIDOMStorageManager : nsISupports * A new object is always returned and it is ensured there is * a storage for the scope created. * - * @param aFirstPartyURI + * @param aFirstPartyIsolationURI * First party URI to bound storage to. * @param aPrincipal * Principal to bound storage to. @@ -47,7 +47,7 @@ interface nsIDOMStorageManager : nsISupports nsIDOMStorage createStorage(in nsIPrincipal aPrincipal, in DOMString aDocumentURI, [optional] in bool aPrivate); - nsIDOMStorage createStorageForFirstParty(in nsIURI aFirstPartyURI, + nsIDOMStorage createStorageForFirstParty(in nsIURI aFirstPartyIsolationURI, in nsIPrincipal aPrincipal, in DOMString aDocumentURI, [optional] in bool aPrivate); @@ -64,7 +64,7 @@ interface nsIDOMStorageManager : nsISupports */ nsIDOMStorage getStorage(in nsIPrincipal aPrincipal, [optional] in bool aPrivate); - nsIDOMStorage getStorageForFirstParty(in nsIURI aFirstPartyURI, + nsIDOMStorage getStorageForFirstParty(in nsIURI aFirstPartyIsolationURI, in nsIPrincipal aPrincipal, [optional] in bool aPrivate); @@ -83,7 +83,7 @@ interface nsIDOMStorageManager : nsISupports * Returns true if the storage belongs to the given principal and is managed * (i.e. has been created and is cached) by this storage manager. * - * @param aFirstPartyURI + * @param aFirstPartyIsolationURI * First party URI to check the storage against. * @param aPrincipal * Principal to check the storage against. @@ -97,7 +97,7 @@ interface nsIDOMStorageManager : nsISupports */ bool checkStorage(in nsIPrincipal aPrincipal, in nsIDOMStorage aStorage); - bool checkStorageForFirstParty(in nsIURI aFirstPartyURI, + bool checkStorageForFirstParty(in nsIURI aFirstPartyIsolationURI, in nsIPrincipal aPrincipal, in nsIDOMStorage aStorage); diff --git a/dom/src/storage/DOMStorageCache.cpp b/dom/src/storage/DOMStorageCache.cpp index 84ef729..b67a559 100644 --- a/dom/src/storage/DOMStorageCache.cpp +++ b/dom/src/storage/DOMStorageCache.cpp @@ -120,7 +120,7 @@ DOMStorageCache::Release(void) void DOMStorageCache::Init(DOMStorageManager* aManager, bool aPersistent, - nsIURI* aFirstPartyURI, + nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, const nsACString& aQuotaScope) { @@ -130,7 +130,7 @@ DOMStorageCache::Init(DOMStorageManager* aManager, mManager = aManager; mInitialized = true; - mFirstPartyURI = aFirstPartyURI; + mFirstPartyIsolationURI = aFirstPartyIsolationURI; mPrincipal = aPrincipal; mPersistent = aPersistent; mQuotaScope = aQuotaScope.IsEmpty() ? mScope : aQuotaScope; diff --git a/dom/src/storage/DOMStorageCache.h b/dom/src/storage/DOMStorageCache.h index 42836ac..2b892fc 100644 --- a/dom/src/storage/DOMStorageCache.h +++ b/dom/src/storage/DOMStorageCache.h @@ -72,7 +72,7 @@ public: virtual ~DOMStorageCache(); void Init(DOMStorageManager* aManager, bool aPersistent, - nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal, + nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, const nsACString& aQuotaScope); // Copies all data from the other storage. @@ -97,7 +97,7 @@ public: nsTArray<nsString>* GetKeys(const DOMStorage* aStorage); - nsIURI* FirstPartyURI() const { return mFirstPartyURI; } + nsIURI* FirstPartyIsolationURI() const { return mFirstPartyIsolationURI; } // Whether the principal equals principal the cache was created for bool CheckPrincipal(nsIPrincipal* aPrincipal) const; @@ -177,7 +177,7 @@ private: nsCOMPtr<nsITimer> mKeepAliveTimer; // The first party URI associated with this cache. - nsCOMPtr<nsIURI> mFirstPartyURI; + nsCOMPtr<nsIURI> mFirstPartyIsolationURI; // Principal the cache has been initially created for, this is used only // for sessionStorage access checks since sessionStorage objects are strictly diff --git a/dom/src/storage/DOMStorageManager.cpp b/dom/src/storage/DOMStorageManager.cpp index 9cc5042..4dbe66c 100644 --- a/dom/src/storage/DOMStorageManager.cpp +++ b/dom/src/storage/DOMStorageManager.cpp @@ -132,16 +132,16 @@ DOMStorageManager::~DOMStorageManager() namespace { // anon nsresult -AppendFirstPartyToKey(nsIURI* aFirstPartyURI, nsACString& aKey) +AppendFirstPartyToKey(nsIURI* aFirstPartyIsolationURI, nsACString& aKey) { - if (aFirstPartyURI) { + if (aFirstPartyIsolationURI) { nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil = do_GetService(THIRDPARTYUTIL_CONTRACTID); if (!thirdPartyUtil) return NS_ERROR_FAILURE; nsAutoCString firstPartyHost; - nsresult rv = thirdPartyUtil->GetFirstPartyHostForIsolation(aFirstPartyURI, + nsresult rv = thirdPartyUtil->GetFirstPartyHostForIsolation(aFirstPartyIsolationURI, firstPartyHost); NS_ENSURE_SUCCESS(rv, rv); @@ -153,7 +153,7 @@ AppendFirstPartyToKey(nsIURI* aFirstPartyURI, nsACString& aKey) } nsresult -CreateScopeKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal, +CreateScopeKey(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, nsACString& aKey) { nsCOMPtr<nsIURI> uri; @@ -231,11 +231,11 @@ CreateScopeKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal, // Isolate scope keys to the URL bar domain by appending &firstPartyHost // if available. - return AppendFirstPartyToKey(aFirstPartyURI, aKey); + return AppendFirstPartyToKey(aFirstPartyIsolationURI, aKey); } nsresult -CreateQuotaDBKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal, +CreateQuotaDBKey(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, nsACString& aKey) { nsresult rv; @@ -286,7 +286,7 @@ CreateQuotaDBKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal, // Isolate scope keys to the URL bar domain by appending &firstPartyHost // if available. - return AppendFirstPartyToKey(aFirstPartyURI, aKey); + return AppendFirstPartyToKey(aFirstPartyIsolationURI, aKey); } } // anon @@ -304,14 +304,14 @@ DOMStorageManager::GetCache(const nsACString& aScope) const already_AddRefed<DOMStorageCache> DOMStorageManager::PutCache(const nsACString& aScope, - nsIURI* aFirstPartyURI, + nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal) { DOMStorageCacheHashKey* entry = mCaches.PutEntry(aScope); nsRefPtr<DOMStorageCache> cache = entry->cache(); nsAutoCString quotaScope; - CreateQuotaDBKey(aFirstPartyURI, aPrincipal, quotaScope); + CreateQuotaDBKey(aFirstPartyIsolationURI, aPrincipal, quotaScope); // To avoid ever persisting session storage to disk, initialize LocalStorage // like SessionStorage. @@ -320,7 +320,7 @@ DOMStorageManager::PutCache(const nsACString& aScope, case LocalStorage: // Lifetime handled by the manager, don't persist entry->HardRef(); - cache->Init(nullptr, false, aFirstPartyURI, aPrincipal, quotaScope); + cache->Init(nullptr, false, aFirstPartyIsolationURI, aPrincipal, quotaScope); break; default: @@ -342,7 +342,7 @@ DOMStorageManager::DropCache(DOMStorageCache* aCache) nsresult DOMStorageManager::GetStorageInternal(bool aCreate, - nsIURI* aFirstPartyURI, + nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, const nsAString& aDocumentURI, bool aPrivate, @@ -351,7 +351,7 @@ DOMStorageManager::GetStorageInternal(bool aCreate, nsresult rv; nsAutoCString scope; - rv = CreateScopeKey(aFirstPartyURI, aPrincipal, scope); + rv = CreateScopeKey(aFirstPartyIsolationURI, aPrincipal, scope); if (NS_FAILED(rv)) { return NS_ERROR_NOT_AVAILABLE; } @@ -382,7 +382,7 @@ DOMStorageManager::GetStorageInternal(bool aCreate, // There is always a single instance of a cache per scope // in a single instance of a DOM storage manager. - cache = PutCache(scope, aFirstPartyURI, aPrincipal); + cache = PutCache(scope, aFirstPartyIsolationURI, aPrincipal); } else if (mType == SessionStorage) { if (!cache->CheckPrincipal(aPrincipal)) { return NS_ERROR_DOM_SECURITY_ERR; @@ -405,10 +405,10 @@ DOMStorageManager::PrecacheStorage(nsIPrincipal* aPrincipal) } NS_IMETHODIMP -DOMStorageManager::PrecacheStorageForFirstParty(nsIURI* aFirstPartyURI, +DOMStorageManager::PrecacheStorageForFirstParty(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal) { - return GetStorageInternal(true, aFirstPartyURI, aPrincipal, EmptyString(), + return GetStorageInternal(true, aFirstPartyIsolationURI, aPrincipal, EmptyString(), false, nullptr); } @@ -423,13 +423,13 @@ DOMStorageManager::CreateStorage(nsIPrincipal* aPrincipal, } NS_IMETHODIMP -DOMStorageManager::CreateStorageForFirstParty(nsIURI* aFirstPartyURI, +DOMStorageManager::CreateStorageForFirstParty(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, const nsAString& aDocumentURI, bool aPrivate, nsIDOMStorage** aRetval) { - return GetStorageInternal(true, aFirstPartyURI, aPrincipal, aDocumentURI, + return GetStorageInternal(true, aFirstPartyIsolationURI, aPrincipal, aDocumentURI, aPrivate, aRetval); } @@ -443,12 +443,12 @@ DOMStorageManager::GetStorage(nsIPrincipal* aPrincipal, } NS_IMETHODIMP -DOMStorageManager::GetStorageForFirstParty(nsIURI* aFirstPartyURI, +DOMStorageManager::GetStorageForFirstParty(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, bool aPrivate, nsIDOMStorage** aRetval) { - return GetStorageInternal(false, aFirstPartyURI, aPrincipal, + return GetStorageInternal(false, aFirstPartyIsolationURI, aPrincipal, EmptyString(), aPrivate, aRetval); } @@ -476,7 +476,7 @@ DOMStorageManager::CloneStorage(nsIDOMStorage* aStorage) // Since this manager is sessionStorage manager, PutCache hard references // the cache in our hashtable. nsRefPtr<DOMStorageCache> newCache = PutCache(origCache->Scope(), - origCache->FirstPartyURI(), + origCache->FirstPartyIsolationURI(), origCache->Principal()); newCache->CloneFrom(origCache); @@ -492,7 +492,7 @@ DOMStorageManager::CheckStorage(nsIPrincipal* aPrincipal, } NS_IMETHODIMP -DOMStorageManager::CheckStorageForFirstParty(nsIURI* aFirstPartyURI, +DOMStorageManager::CheckStorageForFirstParty(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, nsIDOMStorage* aStorage, bool* aRetval) @@ -509,7 +509,7 @@ DOMStorageManager::CheckStorageForFirstParty(nsIURI* aFirstPartyURI, } nsAutoCString scope; - nsresult rv = CreateScopeKey(aFirstPartyURI, aPrincipal, scope); + nsresult rv = CreateScopeKey(aFirstPartyIsolationURI, aPrincipal, scope); NS_ENSURE_SUCCESS(rv, rv); DOMStorageCache* cache = GetCache(scope); diff --git a/dom/src/storage/DOMStorageManager.h b/dom/src/storage/DOMStorageManager.h index 5e044b5..6ed9a70 100644 --- a/dom/src/storage/DOMStorageManager.h +++ b/dom/src/storage/DOMStorageManager.h @@ -74,12 +74,12 @@ private: // Ensures cache for a scope, when it doesn't exist it is created and initalized, // this also starts preload of persistent data. already_AddRefed<DOMStorageCache> PutCache(const nsACString& aScope, - nsIURI* aFirstPartyURI, + nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal); // Helper for creation of DOM storage objects nsresult GetStorageInternal(bool aCreate, - nsIURI* aFirstPartyURI, + nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, const nsAString& aDocumentURI, bool aPrivate, diff --git a/embedding/browser/webBrowser/nsContextMenuInfo.cpp b/embedding/browser/webBrowser/nsContextMenuInfo.cpp index 8cca3e3..092e619 100644 --- a/embedding/browser/webBrowser/nsContextMenuInfo.cpp +++ b/embedding/browser/webBrowser/nsContextMenuInfo.cpp @@ -306,13 +306,13 @@ nsContextMenuInfo::GetBackgroundImageRequestInternal(nsIDOMNode *aDOMNode, imgRe nsRefPtr<imgLoader> il = imgLoader::GetInstance(); NS_ENSURE_TRUE(il, NS_ERROR_FAILURE); - nsCOMPtr<nsIURI> firstPartyURI; + nsCOMPtr<nsIURI> firstPartyIsolationURI; nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc = do_GetService(THIRDPARTYUTIL_CONTRACTID); - thirdPartySvc->GetFirstPartyURI(nullptr, doc, - getter_AddRefs(firstPartyURI)); + thirdPartySvc->GetFirstPartyIsolationURI(nullptr, doc, + getter_AddRefs(firstPartyIsolationURI)); - return il->LoadImage(bgUri, firstPartyURI, nullptr, principal, nullptr, + return il->LoadImage(bgUri, firstPartyIsolationURI, nullptr, principal, nullptr, nullptr, nullptr, nsIRequest::LOAD_NORMAL, nullptr, channelPolicy, aRequest); } diff --git a/image/public/imgILoader.idl b/image/public/imgILoader.idl index c16a30a..e6e7727 100644 --- a/image/public/imgILoader.idl +++ b/image/public/imgILoader.idl @@ -38,7 +38,7 @@ interface imgILoader : nsISupports /** * Start the load and decode of an image. * @param aURI the URI to load - * @param aFirstPartyURI the urlbar URI that 'initiated' the load -- used for 3rd party blocking + * @param aFirstPartyIsolationURI the urlbar URI that 'initiated' the load -- used for 3rd party blocking * @param aReferrerURI the 'referring' URI * @param aLoadingPrincipal the principal of the loading document * @param aLoadGroup Loadgroup to put the image load into @@ -55,7 +55,7 @@ interface imgILoader : nsISupports * goes away. */ imgIRequest loadImageXPCOM(in nsIURI aURI, - in nsIURI aFirstPartyURI, + in nsIURI aFirstPartyIsolationURI, in nsIURI aReferrerURI, in nsIPrincipal aLoadingPrincipal, in nsILoadGroup aLoadGroup, diff --git a/image/src/imgLoader.cpp b/image/src/imgLoader.cpp index 7e20aba..60a6b6d 100644 --- a/image/src/imgLoader.cpp +++ b/image/src/imgLoader.cpp @@ -427,7 +427,7 @@ static nsresult NewImageChannel(nsIChannel **aResult, // aLoadingPrincipal and false otherwise. bool *aForcePrincipalCheckForCacheEntry, nsIURI *aURI, - nsIURI *aFirstPartyURI, + nsIURI *aFirstPartyIsolationURI, nsIURI *aReferringURI, nsILoadGroup *aLoadGroup, const nsCString& aAcceptHeader, @@ -479,7 +479,7 @@ static nsresult NewImageChannel(nsIChannel **aResult, nsCOMPtr<nsIHttpChannelInternal> httpChannelInternal = do_QueryInterface(newHttpChannel); NS_ENSURE_TRUE(httpChannelInternal, NS_ERROR_UNEXPECTED); - httpChannelInternal->SetDocumentURI(aFirstPartyURI); + httpChannelInternal->SetDocumentURI(aFirstPartyIsolationURI); newHttpChannel->SetReferrer(aReferringURI); } @@ -1107,7 +1107,7 @@ bool imgLoader::SetHasNoProxies(nsIURI *imgURI, imgCacheEntry *entry) return true; } -bool imgLoader::SetHasProxies(nsIURI *firstPartyURI, nsIURI *imgURI) +bool imgLoader::SetHasProxies(nsIURI *firstPartyIsolationURI, nsIURI *imgURI) { VerifyCacheSizes(); @@ -1118,7 +1118,7 @@ bool imgLoader::SetHasProxies(nsIURI *firstPartyURI, nsIURI *imgURI) LOG_STATIC_FUNC_WITH_PARAM(GetImgLog(), "imgLoader::SetHasProxies", "uri", spec.get()); - nsAutoCString key = GetCacheKey(firstPartyURI, imgURI, nullptr); + nsAutoCString key = GetCacheKey(firstPartyIsolationURI, imgURI, nullptr); nsRefPtr<imgCacheEntry> entry; if (cache.Get(key, getter_AddRefs(entry)) && entry && entry->HasNoProxies()) { imgCacheQueue &queue = GetCacheQueue(imgURI); @@ -1173,7 +1173,7 @@ void imgLoader::CheckCacheLimits(imgCacheTable &cache, imgCacheQueue &queue) bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request, nsIURI *aURI, - nsIURI *aFirstPartyURI, + nsIURI *aFirstPartyIsolationURI, nsIURI *aReferrerURI, nsILoadGroup *aLoadGroup, imgINotificationObserver *aObserver, @@ -1223,7 +1223,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request, rv = NewImageChannel(getter_AddRefs(newChannel), &forcePrincipalCheck, aURI, - aFirstPartyURI, + aFirstPartyIsolationURI, aReferrerURI, aLoadGroup, mAcceptHeader, @@ -1293,7 +1293,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request, bool imgLoader::ValidateEntry(imgCacheEntry *aEntry, nsIURI *aURI, - nsIURI *aFirstPartyURI, + nsIURI *aFirstPartyIsolationURI, nsIURI *aReferrerURI, nsILoadGroup *aLoadGroup, imgINotificationObserver *aObserver, @@ -1404,7 +1404,7 @@ bool imgLoader::ValidateEntry(imgCacheEntry *aEntry, if (validateRequest && aCanMakeNewChannel) { LOG_SCOPE(GetImgLog(), "imgLoader::ValidateRequest |cache hit| must validate"); - return ValidateRequestWithNewChannel(request, aURI, aFirstPartyURI, + return ValidateRequestWithNewChannel(request, aURI, aFirstPartyIsolationURI, aReferrerURI, aLoadGroup, aObserver, aCX, aLoadFlags, aProxyRequest, aPolicy, aLoadingPrincipal, aCORSMode); @@ -1475,12 +1475,12 @@ bool imgLoader::RemoveFromCache(imgCacheEntry *entry) nsRefPtr<imgRequest> request(getter_AddRefs(entry->GetRequest())); if (request) { nsCOMPtr<nsIURI> imgURI = request->mURI; - nsCOMPtr<nsIURI> firstPartyURI = request->mFirstPartyURI; + nsCOMPtr<nsIURI> firstPartyIsolationURI = request->mFirstPartyIsolationURI; if (imgURI) { imgCacheTable &cache = GetCache(imgURI); imgCacheQueue &queue = GetCacheQueue(imgURI); - nsAutoCString spec = GetCacheKey(firstPartyURI, imgURI, nullptr); + nsAutoCString spec = GetCacheKey(firstPartyIsolationURI, imgURI, nullptr); LOG_STATIC_FUNC_WITH_PARAM(GetImgLog(), "imgLoader::RemoveFromCache", "entry's uri", spec.get()); @@ -1576,7 +1576,7 @@ NS_IMETHODIMP imgLoader::LoadImageXPCOM(nsIURI *aURI, /* imgIRequest loadImage (in nsIURI aURI, in nsIURI aUrlBarURI, in nsIPrincipal loadingPrincipal, in nsILoadGroup aLoadGroup, in imgIDecoderObserver aObserver, in nsISupports aCX, in nsLoadFlags aLoadFlags, in nsISupports cacheKey, in imgIRequest aRequest); */ nsresult imgLoader::LoadImage(nsIURI *aURI, - nsIURI *aFirstPartyURI, + nsIURI *aFirstPartyIsolationURI, nsIURI *aReferrerURI, nsIPrincipal* aLoadingPrincipal, nsILoadGroup *aLoadGroup, @@ -1595,7 +1595,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI, return NS_ERROR_NULL_POINTER; bool isIsolated = false; - nsAutoCString spec = GetCacheKey(aFirstPartyURI, aURI, &isIsolated); + nsAutoCString spec = GetCacheKey(aFirstPartyIsolationURI, aURI, &isIsolated); LOG_SCOPE_WITH_PARAM(GetImgLog(), "imgLoader::LoadImage", "aURI", spec.get()); @@ -1662,7 +1662,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI, imgCacheTable &cache = GetCache(aURI); if (cache.Get(spec, getter_AddRefs(entry)) && entry) { - if (ValidateEntry(entry, aURI, aFirstPartyURI, aReferrerURI, + if (ValidateEntry(entry, aURI, aFirstPartyIsolationURI, aReferrerURI, aLoadGroup, aObserver, aCX, requestFlags, true, _retval, aPolicy, aLoadingPrincipal, corsmode)) { request = getter_AddRefs(entry->GetRequest()); @@ -1701,7 +1701,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI, rv = NewImageChannel(getter_AddRefs(newChannel), &forcePrincipalCheck, aURI, - aFirstPartyURI, + aFirstPartyIsolationURI, aReferrerURI, aLoadGroup, mAcceptHeader, @@ -1729,7 +1729,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI, childLoadGroup->SetParentLoadGroup(aLoadGroup); newChannel->SetLoadGroup(loadGroup); - request->Init(aURI, aURI, aFirstPartyURI, loadGroup, newChannel, entry, + request->Init(aURI, aURI, aFirstPartyIsolationURI, loadGroup, newChannel, entry, aCX, aLoadingPrincipal, corsmode); // Pass the inner window ID of the loading document, if possible. @@ -1838,7 +1838,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI, return NS_OK; } -nsAutoCString imgLoader::GetCacheKey(nsIURI *firstPartyURI, nsIURI *imgURI, +nsAutoCString imgLoader::GetCacheKey(nsIURI *firstPartyIsolationURI, nsIURI *imgURI, bool *isIsolated) { NS_ASSERTION(imgURI, "imgLoader::GetCacheKey -- NULL imgURI"); @@ -1850,37 +1850,21 @@ nsAutoCString imgLoader::GetCacheKey(nsIURI *firstPartyURI, nsIURI *imgURI, imgURI->GetSpec(spec); nsAutoCString hostKey; - if (firstPartyURI && sThirdPartyUtilSvc) - sThirdPartyUtilSvc->GetFirstPartyHostForIsolation(firstPartyURI, hostKey); + if (firstPartyIsolationURI && sThirdPartyUtilSvc) + sThirdPartyUtilSvc->GetFirstPartyHostForIsolation(firstPartyIsolationURI, hostKey); if (hostKey.Length() > 0) { if (isIsolated) *isIsolated = true; + // Make a new key using host + // FIXME: This might involve a couple more copies than necessary.. + // But man, 18 string types? Who knows which one I need to use to do + // this cheaply.. + return hostKey + nsAutoCString("&") + spec; } else { - hostKey = "--NoFirstParty--"; - nsCOMPtr<nsIConsoleService> consoleSvc = - do_GetService(NS_CONSOLESERVICE_CONTRACTID); - if (consoleSvc) { - nsAutoString msg(NS_LITERAL_STRING( - "imgLoader::GetCacheKey: NULL firstPartyURI for ") - .get()); - if (!spec.IsEmpty()) - msg.AppendASCII(spec.get()); - else - msg.Append(NS_LITERAL_STRING("Unknown URI!").get()); - consoleSvc->LogStringMessage(msg.get()); - } - -#ifdef DEBUG - printf("imgLoader::GetCacheKey: NULL firstPartyURI for %s\n", spec.get()); -#endif + // No hostKey found, so don't isolate image to a first party. + return spec; } - - // Make a new key using host - // FIXME: This might involve a couple more copies than necessary.. - // But man, 18 string types? Who knows which one I need to use to do - // this cheaply.. - return hostKey + nsAutoCString("&") + spec; } /* imgIRequest loadImageWithChannelXPCOM(in nsIChannel channel, in imgINotificationObserver aObserver, in nsISupports cx, out nsIStreamListener); */ @@ -1911,16 +1895,16 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb nsCOMPtr<nsIURI> uri; channel->GetURI(getter_AddRefs(uri)); - nsCOMPtr<nsIURI> firstPartyURI; - sThirdPartyUtilSvc->GetFirstPartyURI(channel, nullptr, - getter_AddRefs(firstPartyURI)); + nsCOMPtr<nsIURI> firstPartyIsolationURI; + sThirdPartyUtilSvc->GetFirstPartyIsolationURI(channel, nullptr, + getter_AddRefs(firstPartyIsolationURI)); nsLoadFlags requestFlags = nsIRequest::LOAD_NORMAL; channel->GetLoadFlags(&requestFlags); nsRefPtr<imgCacheEntry> entry; imgCacheTable &cache = GetCache(uri); - nsAutoCString spec = GetCacheKey(firstPartyURI, uri, nullptr); + nsAutoCString spec = GetCacheKey(firstPartyIsolationURI, uri, nullptr); if (requestFlags & nsIRequest::LOAD_BYPASS_CACHE) { imgCacheQueue &queue = GetCacheQueue(uri); @@ -2001,7 +1985,7 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb channel->GetOriginalURI(getter_AddRefs(originalURI)); // No principal specified here, because we're not passed one. - request->Init(originalURI, uri, firstPartyURI, channel, channel, entry, + request->Init(originalURI, uri, firstPartyIsolationURI, channel, channel, entry, aCX, nullptr, imgIRequest::CORS_NONE); ProxyListener *pl = new ProxyListener(static_cast<nsIStreamListener *>(request.get())); @@ -2013,7 +1997,7 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb NS_RELEASE(pl); bool isIsolated = false; - nsAutoCString key = GetCacheKey(firstPartyURI, originalURI, &isIsolated); + nsAutoCString key = GetCacheKey(firstPartyIsolationURI, originalURI, &isIsolated); if (isIsolated) // Try to add the new request into the cache. PutIntoCache(key, entry); @@ -2301,7 +2285,7 @@ NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest, nsISupport int32_t corsmode = mRequest->GetCORSMode(); nsCOMPtr<nsIPrincipal> loadingPrincipal = mRequest->GetLoadingPrincipal(); - nsCOMPtr<nsIURI> firstPartyURI = mRequest->mFirstPartyURI; + nsCOMPtr<nsIURI> firstPartyIsolationURI = mRequest->mFirstPartyIsolationURI; // Doom the old request's cache entry mRequest->RemoveFromCache(); @@ -2312,7 +2296,7 @@ NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest, nsISupport // We use originalURI here to fulfil the imgIRequest contract on GetURI. nsCOMPtr<nsIURI> originalURI; channel->GetOriginalURI(getter_AddRefs(originalURI)); - mNewRequest->Init(originalURI, uri, firstPartyURI, aRequest, channel, + mNewRequest->Init(originalURI, uri, firstPartyIsolationURI, aRequest, channel, mNewEntry, mContext, loadingPrincipal, corsmode); mDestListener = new ProxyListener(mNewRequest); @@ -2321,7 +2305,7 @@ NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest, nsISupport // the cache before the proxies' ownership changes, because adding a proxy // changes the caching behaviour for imgRequests. bool isIsolated = false; - nsAutoCString key = mImgLoader->GetCacheKey(firstPartyURI, originalURI, + nsAutoCString key = mImgLoader->GetCacheKey(firstPartyIsolationURI, originalURI, &isIsolated); if (isIsolated) mImgLoader->PutIntoCache(key, mNewEntry); diff --git a/image/src/imgLoader.h b/image/src/imgLoader.h index 0ab4a5e..3a31ecd 100644 --- a/image/src/imgLoader.h +++ b/image/src/imgLoader.h @@ -267,7 +267,7 @@ public: nsresult InitCache(); - nsAutoCString GetCacheKey(nsIURI *firstPartyURI, + nsAutoCString GetCacheKey(nsIURI *firstPartyIsolationURI, nsIURI *imgURI, bool *isIsolated); bool RemoveFromCache(imgCacheEntry *entry); @@ -312,12 +312,12 @@ public: // happens, by calling imgRequest::SetCacheEntry() when an entry with no // observers is re-requested. bool SetHasNoProxies(nsIURI *imgURI, imgCacheEntry *entry); - bool SetHasProxies(nsIURI *firstPartyURI, nsIURI *imgURI); + bool SetHasProxies(nsIURI *firstPartyIsolationURI, nsIURI *imgURI); private: // methods bool ValidateEntry(imgCacheEntry *aEntry, nsIURI *aURI, - nsIURI *aFirstPartyURI, nsIURI *aReferrerURI, + nsIURI *aFirstPartyIsolationURI, nsIURI *aReferrerURI, nsILoadGroup *aLoadGroup, imgINotificationObserver *aObserver, nsISupports *aCX, nsLoadFlags aLoadFlags, bool aCanMakeNewChannel, diff --git a/image/src/imgRequest.cpp b/image/src/imgRequest.cpp index 9040679..5758d62 100644 --- a/image/src/imgRequest.cpp +++ b/image/src/imgRequest.cpp @@ -89,7 +89,7 @@ imgRequest::~imgRequest() nsresult imgRequest::Init(nsIURI *aURI, nsIURI *aCurrentURI, - nsIURI *aFirstPartyURI, + nsIURI *aFirstPartyIsolationURI, nsIRequest *aRequest, nsIChannel *aChannel, imgCacheEntry *aCacheEntry, @@ -109,7 +109,7 @@ nsresult imgRequest::Init(nsIURI *aURI, mURI = aURI; mCurrentURI = aCurrentURI; - mFirstPartyURI = aFirstPartyURI; + mFirstPartyIsolationURI = aFirstPartyIsolationURI; mRequest = aRequest; mChannel = aChannel; mTimedChannel = do_QueryInterface(mChannel); @@ -171,7 +171,7 @@ void imgRequest::AddProxy(imgRequestProxy *proxy) // proxies. if (GetStatusTracker().ConsumerCount() == 0) { NS_ABORT_IF_FALSE(mURI, "Trying to SetHasProxies without key uri."); - mLoader->SetHasProxies(mFirstPartyURI, mURI); + mLoader->SetHasProxies(mFirstPartyIsolationURI, mURI); } GetStatusTracker().AddConsumer(proxy); @@ -301,7 +301,7 @@ void imgRequest::RemoveFromCache() else { mLoader->RemoveKeyFromCache(mLoader->GetCache(mURI), mLoader->GetCacheQueue(mURI), - mLoader->GetCacheKey(mFirstPartyURI, mURI, nullptr)); + mLoader->GetCacheKey(mFirstPartyIsolationURI, mURI, nullptr)); } } diff --git a/image/src/imgRequest.h b/image/src/imgRequest.h index 240a33b..f80af17 100644 --- a/image/src/imgRequest.h +++ b/image/src/imgRequest.h @@ -51,7 +51,7 @@ public: nsresult Init(nsIURI *aURI, nsIURI *aCurrentURI, - nsIURI *aFirstPartyURI, + nsIURI *aFirstPartyIsolationURI, nsIRequest *aRequest, nsIChannel *aChannel, imgCacheEntry *aCacheEntry, @@ -195,7 +195,7 @@ private: // The URI of the resource we ended up loading after all redirects, etc. nsCOMPtr<nsIURI> mCurrentURI; // The first party that triggered the load -- for cookie + cache isolation - nsCOMPtr<nsIURI> mFirstPartyURI; + nsCOMPtr<nsIURI> mFirstPartyIsolationURI; // The principal of the document which loaded this image. Used when validating for CORS. nsCOMPtr<nsIPrincipal> mLoadingPrincipal; // The principal of this image. diff --git a/layout/generic/nsImageFrame.cpp b/layout/generic/nsImageFrame.cpp index 8f4bf25..6daa959 100644 --- a/layout/generic/nsImageFrame.cpp +++ b/layout/generic/nsImageFrame.cpp @@ -1810,26 +1810,26 @@ nsImageFrame::LoadIcon(const nsAString& aSpec, // For icon loads, we don't need to merge with the loadgroup flags nsLoadFlags loadFlags = nsIRequest::LOAD_NORMAL; - nsCOMPtr<nsIURI> firstPartyURI; + nsCOMPtr<nsIURI> firstPartyIsolationURI; nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc = do_GetService(THIRDPARTYUTIL_CONTRACTID); // XXX: Should we pass the loadgroup, too? Is document ever likely // to be unset? - thirdPartySvc->GetFirstPartyURI(nullptr, aPresContext->Document(), - getter_AddRefs(firstPartyURI)); + thirdPartySvc->GetFirstPartyIsolationURI(nullptr, aPresContext->Document(), + getter_AddRefs(firstPartyIsolationURI)); - return il->LoadImage(realURI, /* icon URI */ - firstPartyURI, /* initial document URI; this is only - relevant for cookies, so does not - apply to icons. */ - nullptr, /* referrer (not relevant for icons) */ - nullptr, /* principal (not relevant for icons) */ + return il->LoadImage(realURI, /* icon URI */ + firstPartyIsolationURI, /* initial document URI; this is only + relevant for cookies, so does not + apply to icons. */ + nullptr, /* referrer (not relevant for icons) */ + nullptr, /* principal (not relevant for icons) */ loadGroup, gIconLoad, - nullptr, /* Not associated with any particular document */ + nullptr, /* Not associated with any particular document */ loadFlags, nullptr, - nullptr, /* channel policy not needed */ + nullptr, /* channel policy not needed */ aRequest); } diff --git a/netwerk/base/public/mozIThirdPartyUtil.idl b/netwerk/base/public/mozIThirdPartyUtil.idl index 6137274..87fb630 100644 --- a/netwerk/base/public/mozIThirdPartyUtil.idl +++ b/netwerk/base/public/mozIThirdPartyUtil.idl @@ -165,6 +165,29 @@ interface mozIThirdPartyUtil : nsISupports in nsIDocument aDoc); /** + * getFirstPartyIsolationURI + * + * If first-party isolation is active, then + * obtains the top-level url bar URI for either a channel or a document. + * Otherwise returns null. + * Either parameter may be null (but not both). + * + * @param aChannel + * An arbitrary channel for some content element of a first party + * load. Can be null. + * + * @param aDoc + * An arbitrary third party document. Can be null. + * + * @return the first party url bar URI for the load. + * + * @throws if the URI cannot be obtained or the URI lacks a hostname and the + * URI's scheme is not white listed. + */ + [noscript] nsIURI getFirstPartyIsolationURI(in nsIChannel aChannel, + in nsIDocument aDoc); + + /** * getFirstPartyURIFromChannel * * Obtain the top-level url bar URI for a channel. diff --git a/widget/cocoa/nsMenuItemIconX.mm b/widget/cocoa/nsMenuItemIconX.mm index bd1f2f3..397239e 100644 --- a/widget/cocoa/nsMenuItemIconX.mm +++ b/widget/cocoa/nsMenuItemIconX.mm @@ -314,15 +314,15 @@ nsMenuItemIconX::LoadIcon(nsIURI* aIconURI) [mNativeMenuItem setImage:sPlaceholderIconImage]; } - nsCOMPtr<nsIURI> firstPartyURI; + nsCOMPtr<nsIURI> firstPartyIsolationURI; nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc = do_GetService(THIRDPARTYUTIL_CONTRACTID); - thirdPartySvc->GetFirstPartyURI(nullptr, document, - getter_AddRefs(firstPartyURI)); + thirdPartySvc->GetFirstPartyIsolationURI(nullptr, document, + getter_AddRefs(firstPartyIsolationURI)); // Passing in null for channelPolicy here since nsMenuItemIconX::LoadIcon is // not exposed to web content - nsresult rv = loader->LoadImage(aIconURI, firstPartyURI, nullptr, nullptr, loadGroup, this, + nsresult rv = loader->LoadImage(aIconURI, firstPartyIsolationURI, nullptr, nullptr, loadGroup, this, nullptr, nsIRequest::LOAD_NORMAL, nullptr, nullptr, getter_AddRefs(mIconRequest)); if (NS_FAILED(rv)) return rv;

1 0

[tor-browser-bundle/master] Bug 10935: Merge meek into master.
by gk＠torproject.org 23 Jun '14

23 Jun '14

commit d97e4bf2c0711bcd9683c1c0f89dd22ffa89b8ad Author: Georg Koppen <gk(a)torproject.org> Date: Mon Jun 23 10:52:46 2014 +0000 Bug 10935: Merge meek into master. This is the result of squashing and merging dcf/meek-rebase-4.0-alpha1-pre-take3. --- .../Docs/Licenses/PluggableTransports/LICENSE | 18 +++ .../Docs/Licenses/PluggableTransports/LICENSE.CC0 | 121 ++++++++++++++++++++ Bundle-Data/PTConfigs/bridge_prefs.js | 2 + .../PTConfigs/linux/torrc-defaults-appendix | 3 + .../mac/TorBrowser.app.meek-http-helper/README | 13 +++ Bundle-Data/PTConfigs/mac/torrc-defaults-appendix | 3 + Bundle-Data/PTConfigs/meek-http-helper-user.js | 24 ++++ .../PTConfigs/windows/torrc-defaults-appendix | 3 + gitian/build-helpers/background-plist.py | 31 +++++ gitian/descriptors/linux/gitian-bundle.yml | 9 ++ .../linux/gitian-pluggable-transports.yml | 37 ++++++ gitian/descriptors/mac/gitian-bundle.yml | 20 ++++ .../mac/gitian-pluggable-transports.yml | 46 ++++++++ gitian/descriptors/windows/gitian-bundle.yml | 10 ++ .../windows/gitian-pluggable-transports.yml | 46 ++++++++ gitian/fetch-inputs.sh | 11 +- gitian/gpg/goptlib.gpg | Bin 0 -> 5876 bytes gitian/gpg/meek.gpg | Bin 0 -> 5876 bytes gitian/mkbundle-linux.sh | 5 +- gitian/mkbundle-mac.sh | 7 +- gitian/mkbundle-windows.sh | 5 +- gitian/patches/cross-cgo.patch | 16 +++ gitian/verify-tags.sh | 4 +- gitian/versions | 6 + gitian/versions.alpha | 6 + gitian/versions.beta | 6 + gitian/versions.nightly | 6 + 27 files changed, 447 insertions(+), 11 deletions(-) diff --git a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE index 8b175c2..162589c 100644 --- a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE +++ b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE @@ -420,3 +420,21 @@ was licensed under the Python license. Same license applies to all files in the argparse package project. For details about the Python License, please see LICENSE.PYTHON. + +=============================================================================== + +goptlib + +To the extent possible under law, the authors have dedicated all +copyright and related and neighboring rights to this software to the +public domain worldwide. This software is distributed without any +warranty. See LICENSE.CC0. + +=============================================================================== + +meek + +To the extent possible under law, the authors have dedicated all +copyright and related and neighboring rights to this software to the +public domain worldwide. This software is distributed without any +warranty. See LICENSE.CC0. diff --git a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE.CC0 b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE.CC0 new file mode 100644 index 0000000..0e259d4 --- /dev/null +++ b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE.CC0 @@ -0,0 +1,121 @@ +Creative Commons Legal Code + +CC0 1.0 Universal + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS + PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM + THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED + HEREUNDER. + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator +and subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for +the purpose of contributing to a commons of creative, cultural and +scientific works ("Commons") that the public can reliably and without fear +of later claims of infringement build upon, modify, incorporate in other +works, reuse and redistribute as freely as possible in any form whatsoever +and for any purposes, including without limitation commercial purposes. +These owners may contribute to the Commons to promote the ideal of a free +culture and the further production of creative, cultural and scientific +works, or to gain reputation or greater distribution for their Work in +part through the use and efforts of others. + +For these and/or other purposes and motivations, and without any +expectation of additional consideration or compensation, the person +associating CC0 with a Work (the "Affirmer"), to the extent that he or she +is an owner of Copyright and Related Rights in the Work, voluntarily +elects to apply CC0 to the Work and publicly distribute the Work under its +terms, with knowledge of his or her Copyright and Related Rights in the +Work and the meaning and intended legal effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be +protected by copyright and related or neighboring rights ("Copyright and +Related Rights"). Copyright and Related Rights include, but are not +limited to, the following: + + i. the right to reproduce, adapt, distribute, perform, display, + communicate, and translate a Work; + ii. moral rights retained by the original author(s) and/or performer(s); +iii. publicity and privacy rights pertaining to a person's image or + likeness depicted in a Work; + iv. rights protecting against unfair competition in regards to a Work, + subject to the limitations in paragraph 4(a), below; + v. rights protecting the extraction, dissemination, use and reuse of data + in a Work; + vi. database rights (such as those arising under Directive 96/9/EC of the + European Parliament and of the Council of 11 March 1996 on the legal + protection of databases, and under any national implementation + thereof, including any amended or successor version of such + directive); and +vii. other similar, equivalent or corresponding rights throughout the + world based on applicable law or treaty, and any national + implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention +of, applicable law, Affirmer hereby overtly, fully, permanently, +irrevocably and unconditionally waives, abandons, and surrenders all of +Affirmer's Copyright and Related Rights and associated claims and causes +of action, whether now known or unknown (including existing as well as +future claims and causes of action), in the Work (i) in all territories +worldwide, (ii) for the maximum duration provided by applicable law or +treaty (including future time extensions), (iii) in any current or future +medium and for any number of copies, and (iv) for any purpose whatsoever, +including without limitation commercial, advertising or promotional +purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each +member of the public at large and to the detriment of Affirmer's heirs and +successors, fully intending that such Waiver shall not be subject to +revocation, rescission, cancellation, termination, or any other legal or +equitable action to disrupt the quiet enjoyment of the Work by the public +as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason +be judged legally invalid or ineffective under applicable law, then the +Waiver shall be preserved to the maximum extent permitted taking into +account Affirmer's express Statement of Purpose. In addition, to the +extent the Waiver is so judged Affirmer hereby grants to each affected +person a royalty-free, non transferable, non sublicensable, non exclusive, +irrevocable and unconditional license to exercise Affirmer's Copyright and +Related Rights in the Work (i) in all territories worldwide, (ii) for the +maximum duration provided by applicable law or treaty (including future +time extensions), (iii) in any current or future medium and for any number +of copies, and (iv) for any purpose whatsoever, including without +limitation commercial, advertising or promotional purposes (the +"License"). The License shall be deemed effective as of the date CC0 was +applied by Affirmer to the Work. Should any part of the License for any +reason be judged legally invalid or ineffective under applicable law, such +partial invalidity or ineffectiveness shall not invalidate the remainder +of the License, and in such case Affirmer hereby affirms that he or she +will not (i) exercise any of his or her remaining Copyright and Related +Rights in the Work or (ii) assert any associated claims and causes of +action with respect to the Work, in either case contrary to Affirmer's +express Statement of Purpose. + +4. Limitations and Disclaimers. + + a. No trademark or patent rights held by Affirmer are waived, abandoned, + surrendered, licensed or otherwise affected by this document. + b. Affirmer offers the Work as-is and makes no representations or + warranties of any kind concerning the Work, express, implied, + statutory or otherwise, including without limitation warranties of + title, merchantability, fitness for a particular purpose, non + infringement, or the absence of latent or other defects, accuracy, or + the present or absence of errors, whether or not discoverable, all to + the greatest extent permissible under applicable law. + c. Affirmer disclaims responsibility for clearing rights of other persons + that may apply to the Work or any use thereof, including without + limitation any person's Copyright and Related Rights in the Work. + Further, Affirmer disclaims responsibility for obtaining any necessary + consents, permissions or other rights required for any use of the + Work. + d. Affirmer understands and acknowledges that Creative Commons is not a + party to this document and has no duty or obligation with respect to + this CC0 or use of the Work. diff --git a/Bundle-Data/PTConfigs/bridge_prefs.js b/Bundle-Data/PTConfigs/bridge_prefs.js index 8d2afed..5a1532e 100644 --- a/Bundle-Data/PTConfigs/bridge_prefs.js +++ b/Bundle-Data/PTConfigs/bridge_prefs.js @@ -25,3 +25,5 @@ pref("extensions.torlauncher.default_bridge.fte.5", "fte 79.125.3.12:8080 272465 pref("extensions.torlauncher.default_bridge.scramblesuit.1", "scramblesuit 188.40.121.112:39707 5DE8D363D8F150C99E1A2D7237368D614838132C password=L5POGQONBPS2HZUR6GXBIDS4CMIYYOTI"); pref("extensions.torlauncher.default_bridge.scramblesuit.2", "scramblesuit 188.226.213.208:54278 AA5A86C1490296EF4FACA946CC5A182FCD1C5B1E password=MD2VRP7WXAMSG7MKIGMHI4CB4BMSNO7T"); pref("extensions.torlauncher.default_bridge.scramblesuit.3", "scramblesuit 83.212.101.3:443 A09D536DD1752D542E1FBB3C9CE4449D51298239 password=XTCXLG2JAMJKZW2POLBAOWOQETQSMASH"); + +pref("extensions.torlauncher.default_bridge.meek.1", "meek 0.0.2.0:1"); diff --git a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix index ec45f9c..24f35ff 100644 --- a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix +++ b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix @@ -9,3 +9,6 @@ ClientTransportPlugin obfs2,obfs3,scramblesuit exec ./TorBrowser/Tor/PluggableTr # receive connections from the Internet (the port for which you # configured port forwarding). ClientTransportPlugin flashproxy exec ./TorBrowser/Tor/PluggableTransports/flashproxy-client --register :0 :9000 + +## meek configuration +ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com diff --git a/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README b/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README new file mode 100644 index 0000000..f158eec --- /dev/null +++ b/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README @@ -0,0 +1,13 @@ +This directory contains a special headless configuration of the Tor +Browser app, intended for use by meek-client-torbrowser and the +meek-http-helper extension. It should not be run directly. + +All files in the Contents directory, other than Info.plist, are simply +symlinked to their counterparts in ../../../../../Contents. Info.plist +contains an additional configuration directive that prevents the +headless browser from opening a useless second dock icon: + <key>LSBackgroundOnly</key><true/> + +For background on this matter, see the ticket: + meek-http-helper opens up a second dock icon + https://trac.torproject.org/projects/tor/ticket/11429 diff --git a/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix b/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix index 19fc8e0..a4c3499 100644 --- a/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix +++ b/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix @@ -10,3 +10,6 @@ ClientTransportPlugin obfs2,obfs3,scramblesuit exec PluggableTransports/obfsprox # receive connections from the Internet (the port for which you # configured port forwarding). ClientTransportPlugin flashproxy exec PluggableTransports/flashproxy-client --register :0 :9000 + +## meek configuration +ClientTransportPlugin meek exec PluggableTransports/meek-client-torbrowser -- PluggableTransports/meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com diff --git a/Bundle-Data/PTConfigs/meek-http-helper-user.js b/Bundle-Data/PTConfigs/meek-http-helper-user.js new file mode 100644 index 0000000..a95a6ec --- /dev/null +++ b/Bundle-Data/PTConfigs/meek-http-helper-user.js @@ -0,0 +1,24 @@ +// http://kb.mozillazine.org/User.js_file + +// The meek-http-helper extension uses dump to write its listening port number +// to stdout. +user_pref("browser.dom.window.dump.enabled", true); + +// 0 is "No proxy". +user_pref("network.proxy.type", 0); + +// Allow unproxied DNS. +// https://trac.torproject.org/projects/tor/ticket/11183#comment:6 +user_pref("network.proxy.socks_remote_dns", false); + +// Enable TLS session tickets (disabled by default in Tor Browser). Otherwise +// there is a missing TLS extension. +// https://trac.torproject.org/projects/tor/ticket/11183#comment:9 +user_pref("security.enable_tls_session_tickets", true); + +// Disable safe mode. In case of a crash, we don't want to prompt for a +// safe-mode browser that has extensions disabled and no proxy. +// https://support.mozilla.org/en-US/questions/951221#answer-410562 +user_pref("toolkit.startup.max_resumed_crashes", -1); + +user_pref("extensions.enabledAddons", "meek-http-helper@bamsoftware.com:1.0"); diff --git a/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix b/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix index e97d3b7..5c35ebb 100644 --- a/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix +++ b/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix @@ -10,3 +10,6 @@ ClientTransportPlugin obfs2,obfs3,scramblesuit exec TorBrowser\Tor\PluggableTran # receive connections from the Internet (the port for which you # configured port forwarding). ClientTransportPlugin flashproxy exec TorBrowser\Tor\PluggableTransports\flashproxy-client --register :0 :9000 + +## meek configuration +ClientTransportPlugin meek exec TorBrowser\Tor\PluggableTransports\terminateprocess-buffer TorBrowser\Tor\PluggableTransports\meek-client-torbrowser --exit-on-stdin-eof -- TorBrowser\Tor\PluggableTransports\meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com diff --git a/gitian/build-helpers/background-plist.py b/gitian/build-helpers/background-plist.py new file mode 100755 index 0000000..328b3e7 --- /dev/null +++ b/gitian/build-helpers/background-plist.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python + +# Changes an OS X bundle property list file (plist file) so that the bundle +# starts up without a dock icon. Specifically, this program unsets the key +# LSUIElement (if present), and sets LSBackgroundOnly=true. +# +# This program is meant to help create a headless copy of an existing bundle. It +# exists specifically to enable the meek-http-helper browser extension to run in +# the background without creating a second Tor Browser icon. +# https://trac.torproject.org/projects/tor/ticket/11429 + +import getopt +import plistlib +import sys + +_, args = getopt.gnu_getopt(sys.argv[1:], "") + +if len(args) != 1: + print >> sys.stderr, "Need a file name argument." + sys.exit(1) + +filename = args[0] +plist = plistlib.readPlist(filename) + +try: + del plist["LSUIElement"] +except KeyError: + pass +plist["LSBackgroundOnly"] = True + +plistlib.writePlist(plist, sys.stdout) diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml index 8543a33..4b0696f 100644 --- a/gitian/descriptors/linux/gitian-bundle.yml +++ b/gitian/descriptors/linux/gitian-bundle.yml @@ -23,6 +23,8 @@ remotes: "dir": "torbutton" - "url": "https://git.torproject.org/https-everywhere.git" "dir": "https-everywhere" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: # TODO: Can we use an env for this file+version?? - "tor-browser-linux32-gbuilt.zip" @@ -37,6 +39,7 @@ files: - "lxml-linux64-utils.zip" - "torrc-defaults-appendix-linux" - "bridge_prefs.js" +- "meek-http-helper-user.js" - "relativelink-src.zip" - "linux-skeleton.zip" - "linux-langpacks.zip" @@ -62,6 +65,7 @@ script: | # mkdir -p $OUTDIR/ mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org + mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/Caches mkdir -p tor-browser/Browser/TorBrowser/Docs/sources/ # Preparing Python for HTTPS-Everywhere. @@ -103,6 +107,10 @@ script: | cd https-everywhere(a)eff.org/ unzip ../https-everywhere(a)eff.org.xpi rm ../https-everywhere(a)eff.org.xpi + cd ~/build + # + cd meek/firefox + ~/build/dzip.sh ../../tor-browser/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions/meek-http-helper(a)bamsoftware.com.xpi . cd ~/build/ # unzip relativelink-src.zip @@ -119,6 +127,7 @@ script: | unzip ~/build/pluggable-transports-linux$GBUILD_BITS-gbuilt.zip cat ~/build/torrc-defaults-appendix-linux >> Data/Tor/torrc-defaults cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js + cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js fi chmod 700 Data/Browser chmod 700 Data/Tor diff --git a/gitian/descriptors/linux/gitian-pluggable-transports.yml b/gitian/descriptors/linux/gitian-pluggable-transports.yml index 826b3b7..aaaa0f8 100644 --- a/gitian/descriptors/linux/gitian-pluggable-transports.yml +++ b/gitian/descriptors/linux/gitian-pluggable-transports.yml @@ -29,6 +29,10 @@ remotes: "dir": "fteproxy" - "url": "https://github.com/habnabit/txsocksx.git" "dir": "txsocksx" +- "url": "https://git.torproject.org/pluggable-transports/goptlib.git" + "dir": "goptlib" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: - "pycrypto.tar.gz" - "argparse.tar.gz" @@ -37,6 +41,7 @@ files: - "twisted.tar.bz2" - "m2crypto.tar.gz" - "parsley.tar.gz" +- "go.tar.gz" - "dzip.sh" - "gmp-linux32-utils.zip" - "gmp-linux64-utils.zip" @@ -64,6 +69,15 @@ script: | unzip -d $INSTDIR openssl-linux$GBUILD_BITS-utils.zip cp $INSTDIR/gmp/lib/*.so* $INSTDIR/Tor + # Building go + # http://golang.org/doc/install/source#environment + export GOPATH="$HOME/go" + tar xvf go.tar.gz + cd go/src + ./make.bash + cd ../.. + export PATH="$PATH:$PWD/go/bin" + # Building pyptlib cd pyptlib find -type f | xargs touch --date="$REFERENCE_DATETIME" @@ -181,6 +195,29 @@ script: | cp -a {COPYING,README.md} $INSTDIR/Docs/fteproxy cd .. + # Building goptlib + cd goptlib + find -type f | xargs touch --date="$REFERENCE_DATETIME" + mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports" + ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/goptlib.git" + go install git.torproject.org/pluggable-transports/goptlib.git + cd .. + + # Building meek + cd meek + find -type f | xargs touch --date="$REFERENCE_DATETIME" + cd meek-client + go build + cp -a meek-client $PTDIR + cd .. + cd meek-client-torbrowser + go build + cp -a meek-client-torbrowser $PTDIR + cd .. + mkdir -p $INSTDIR/Docs/meek + cp -a README doc/*.1 $INSTDIR/Docs/meek + cd .. + # Grabbing the results cd $INSTDIR ~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-gbuilt.zip Tor/ Docs/ diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index d959d82..8528106 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -28,6 +28,8 @@ remotes: "dir": "https-everywhere" - "url": "https://github.com/vasi/libdmg-hfsplus.git" "dir": "libdmg-hfsplus" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: # TODO: Can we use an env for this file+version?? - "tor-browser-mac32-gbuilt.zip" @@ -35,6 +37,8 @@ files: - "pluggable-transports-mac32-gbuilt.zip" - "torrc-defaults-appendix-mac" - "bridge_prefs.js" +- "meek-http-helper-user.js" +- "TorBrowser.app.meek-http-helper.zip" - "mac-skeleton.zip" - "dmg-applications.tar.xz" - "dmg-desktop.tar.xz" @@ -43,6 +47,7 @@ files: - "https-everywhere(a)eff.org.xpi" - "dzip.sh" - "ddmg.sh" +- "background-plist.py" - "libdmg.patch" - "bare-version" - "bundle.inputs" @@ -70,6 +75,7 @@ script: | # mkdir -p $OUTDIR/ mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org + mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/Caches mkdir -p $TORBROWSER_NAME.app/TorBrowser/Docs/sources mkdir -p $TORBROWSER_NAME.app/Contents/MacOS @@ -111,6 +117,10 @@ script: | rm ../https-everywhere(a)eff.org.xpi cd ~/build/ # + cd meek/firefox + ~/build/dzip.sh ../../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions/meek-http-helper(a)bamsoftware.com.xpi . + cd ~/build/ + # unzip tor-mac$GBUILD_BITS-gbuilt.zip if [ $BUILD_PT_BUNDLES ]; then unzip pluggable-transports-mac$GBUILD_BITS-gbuilt.zip @@ -122,6 +132,7 @@ script: | if [ $BUILD_PT_BUNDLES ]; then cat ~/build/torrc-defaults-appendix-mac >> Data/Tor/torrc-defaults cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js + cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js fi # Install a "tor" shim that sets the working directory. See #10030. mv Tor/tor Tor/tor.real @@ -156,6 +167,15 @@ script: | echo "pref(\"general.useragent.locale\", \"en-US\");" >> defaults/preferences/000-tor-browser.js zip -Xm omni.ja defaults/preferences/000-tor-browser.js popd + # Install a headless copy of TorBrowser.app, with a modified Info.plist so + # that it runs without a dock icon. See #11429. + pushd $TORBROWSER_NAME.app/TorBrowser/Tor/PluggableTransports + mkdir -p TorBrowser.app.meek-http-helper/Contents + (cd TorBrowser.app.meek-http-helper/Contents && ln -s ../../../../../Contents/* .) + rm -f TorBrowser.app.meek-http-helper/Contents/Info.plist + ~/build/background-plist.py ../../../Contents/Info.plist > TorBrowser.app.meek-http-helper/Contents/Info.plist + unzip ~/build/TorBrowser.app.meek-http-helper.zip + popd # if [ ${TORBROWSER_VERSION::3} == "3.5" ]; then cp -a ~/build/$TORBROWSER_NAME.app ~/build/${TORBROWSER_NAME}_en-US.app diff --git a/gitian/descriptors/mac/gitian-pluggable-transports.yml b/gitian/descriptors/mac/gitian-pluggable-transports.yml index c206d06..420b94d 100644 --- a/gitian/descriptors/mac/gitian-pluggable-transports.yml +++ b/gitian/descriptors/mac/gitian-pluggable-transports.yml @@ -28,6 +28,10 @@ remotes: "dir": "fteproxy" - "url": "https://github.com/habnabit/txsocksx.git" "dir": "txsocksx" +- "url": "https://git.torproject.org/pluggable-transports/goptlib.git" + "dir": "goptlib" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: - "pycrypto.tar.gz" - "argparse.tar.gz" @@ -36,6 +40,8 @@ files: - "twisted.tar.bz2" - "m2crypto.tar.gz" - "parsley.tar.gz" +- "go.tar.gz" +- "cross-cgo.patch" - "apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb" - "multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz" - "dzip.sh" @@ -73,6 +79,21 @@ script: | export CXXFLAGS="-I/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/include/ -I/usr/lib/gcc/i686-apple-darwin10/4.2.1/include/ -I. -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5 -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/i686-apple-darwin10/4.2.1 -I$INSTDIR/gmp/include -L$INSTDIR/gmp/lib" export LDFLAGS="-L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5" + # Building go + # http://golang.org/doc/install/source#environment + export GOPATH="$HOME/go" + export GOOS=darwin + export GOARCH=386 + tar xvf go.tar.gz + cd go + patch -p1 < ~/build/cross-cgo.patch + cd src + # Disable CC et al. that are set up for cross builds. (The Go compiler is a + # cross-compiler, but it needs to run on *this* host.) + CC= CFLAGS= LDFLAGS= LDSHARED= ./make.bash + cd ../.. + export PATH="$PATH:$PWD/go/bin" + # Building pyptlib cd pyptlib find -type f | xargs touch --date="$REFERENCE_DATETIME" @@ -201,6 +222,31 @@ script: | cp -a {COPYING,README.md} $TBDIR/Docs/fteproxy cd .. + # Building goptlib + cd goptlib + find -type f | xargs touch --date="$REFERENCE_DATETIME" + mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports" + ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/goptlib.git" + CGO_ENABLED=1 CC="$CC $CFLAGS $LDFLAGS" go install git.torproject.org/pluggable-transports/goptlib.git + cd .. + + # Building meek + cd meek + find -type f | xargs touch --date="$REFERENCE_DATETIME" + cd meek-client + # https://code.google.com/p/go/issues/detail?id=4714#c7 + # We need cgo for crypto/x509 support on mac. + CGO_ENABLED=1 CC="$CC $CFLAGS $LDFLAGS" go build + cp -a meek-client $PTDIR + cd .. + cd meek-client-torbrowser + CGO_ENABLED=1 CC="$CC $CFLAGS $LDFLAGS" go build + cp -a meek-client-torbrowser $PTDIR + cd .. + mkdir -p $TBDIR/Docs/meek + cp -a README doc/*.1 $TBDIR/Docs/meek + cd .. + # Grabbing the result cd $INSTDIR ~/build/dzip.sh pluggable-transports-mac$GBUILD_BITS-gbuilt.zip TorBrowserBundle.app diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml index fc4fb35..bf7f531 100644 --- a/gitian/descriptors/windows/gitian-bundle.yml +++ b/gitian/descriptors/windows/gitian-bundle.yml @@ -24,6 +24,8 @@ remotes: "dir": "torbutton" - "url": "https://git.torproject.org/https-everywhere.git" "dir": "https-everywhere" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: # TODO: Can we use an env for this file+version?? - "tor-browser-win32-gbuilt.zip" @@ -31,6 +33,7 @@ files: - "pluggable-transports-win32-gbuilt.zip" - "torrc-defaults-appendix-windows" - "bridge_prefs.js" +- "meek-http-helper-user.js" - "windows-skeleton.zip" - "win32-langpacks.zip" - "noscript(a)noscript.net.xpi" @@ -54,6 +57,7 @@ script: | # mkdir -p $OUTDIR/ mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org + mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/Caches mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Docs/sources # @@ -92,6 +96,11 @@ script: | rm ../https-everywhere(a)eff.org.xpi cd ~/build/ # + cd meek/firefox + ~/build/dzip.sh ../meek-http-helper(a)bamsoftware.com.xpi . + mv ../meek-http-helper(a)bamsoftware.com.xpi ../../tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions/meek-http-helper(a)bamsoftware.com.xpi + cd ~/build/ + # cd tbb-windows-installer/"Tor Browser" unzip ~/build/tor-browser-win32-gbuilt.zip cd Browser/TorBrowser @@ -102,6 +111,7 @@ script: | unzip ~/build/pluggable-transports-win32-gbuilt.zip cat ~/build/torrc-defaults-appendix-windows >> Data/Tor/torrc-defaults cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js + cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js fi cd ../../.. # diff --git a/gitian/descriptors/windows/gitian-pluggable-transports.yml b/gitian/descriptors/windows/gitian-pluggable-transports.yml index 6af344c..d68ace4 100644 --- a/gitian/descriptors/windows/gitian-pluggable-transports.yml +++ b/gitian/descriptors/windows/gitian-pluggable-transports.yml @@ -30,6 +30,10 @@ remotes: "dir": "fteproxy" - "url": "https://github.com/habnabit/txsocksx.git" "dir": "txsocksx" +- "url": "https://git.torproject.org/pluggable-transports/goptlib.git" + "dir": "goptlib" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: - "setuptools.tar.gz" - "pycrypto.tar.gz" @@ -43,6 +47,8 @@ files: - "wine-wrappers" - "python.msi" - "py2exe.exe" +- "go.tar.gz" +- "cross-cgo.patch" - "dzip.sh" - "pyc-timestamp.sh" - "openssl-win32-utils.zip" @@ -127,6 +133,19 @@ script: | cp -a dist/gcc.exe dist/g++.exe dist/dllwrap.exe dist/swig.exe $WINEROOT/windows/ cd .. + # Building go + # http://golang.org/doc/install/source#environment + export GOPATH="$HOME/go" + export GOOS=windows + export GOARCH=386 + tar xvf go.tar.gz + cd go + patch -p1 < ~/build/cross-cgo.patch + cd src + ./make.bash + cd ../.. + export PATH="$PATH:$PWD/go/bin" + # Building setuptools tar xzf setuptools.tar.gz cd setuptools-* @@ -271,6 +290,33 @@ script: | cp -an {COPYING,README.md} $INSTDIR/Docs/fteproxy cd .. + # Building goptlib + cd goptlib + find -type f | xargs touch --date="$REFERENCE_DATETIME" + mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports" + ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/goptlib.git" + CGO_ENABLED=1 CC="i686-w64-mingw32-gcc" go install git.torproject.org/pluggable-transports/goptlib.git + cd .. + + # Building meek + cd meek + find -type f | xargs touch --date="$REFERENCE_DATETIME" + cd meek-client + CGO_ENABLED=1 CC="i686-w64-mingw32-gcc" go build + cp -a meek-client.exe $PTDIR + cd .. + cd meek-client-torbrowser + CGO_ENABLED=1 CC="i686-w64-mingw32-gcc" go build + cp -a meek-client-torbrowser.exe $PTDIR + cd .. + cd terminateprocess-buffer + CGO_ENABLED=1 CC="i686-w64-mingw32-gcc" go build + cp -a terminateprocess-buffer.exe $PTDIR + cd .. + mkdir -p $INSTDIR/Docs/meek + cp -a README doc/*.1.txt $INSTDIR/Docs/meek + cd .. + # http://bugs.winehq.org/show_bug.cgi?id=3591 cp -a $INSTDIR/python/python27.dll $PTDIR/ diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index 1b0b4c1..d318fa5 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -156,9 +156,9 @@ do get "${!PACKAGE}" "${MIRROR_URL}${!PACKAGE}" done -# XXX: Omit ARGPARSE because Google won't allow wget -N and because the -# download seems to 404 about 50% of the time. -for i in ARGPARSE +# XXX: Omit googlecode.com packages because Google won't allow wget -N +# and because the download seems to 404 about 50% of the time. +for i in ARGPARSE GO do PACKAGE="${i}_PACKAGE" URL="${MIRROR_URL_DCF}${!PACKAGE}" @@ -208,7 +208,7 @@ wget -U "" -N ${HTTPSE_URL} # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK is not signed at all) -for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY +for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" @@ -261,6 +261,7 @@ ln -sf "$SETUPTOOLS_PACKAGE" setuptools.tar.gz ln -sf "$GMP_PACKAGE" gmp.tar.bz2 ln -sf "$LXML_PACKAGE" lxml.tar.gz ln -sf "$PARSLEY_PACKAGE" parsley.tar.gz +ln -sf "$GO_PACKAGE" go.tar.gz # Fetch latest gitian-builder itself # XXX - this is broken if a non-standard inputs dir is selected using the command line flag. @@ -291,6 +292,8 @@ libfte https://github.com/kpdyer/libfte.git $LIBFTE_TAG fteproxy https://github.com/kpdyer/fteproxy.git $FTEPROXY_TAG libdmg-hfsplus https://github.com/vasi/libdmg-hfsplus.git $LIBDMG_TAG txsocksx https://github.com/habnabit/txsocksx.git $TXSOCKSX_TAG +goptlib https://git.torproject.org/pluggable-transports/goptlib.git $GOPTLIB_TAG +meek https://git.torproject.org/pluggable-transports/meek.git $MEEK_TAG EOF exit 0 diff --git a/gitian/gpg/goptlib.gpg b/gitian/gpg/goptlib.gpg new file mode 100644 index 0000000..f3b543f Binary files /dev/null and b/gitian/gpg/goptlib.gpg differ diff --git a/gitian/gpg/meek.gpg b/gitian/gpg/meek.gpg new file mode 100644 index 0000000..f3b543f Binary files /dev/null and b/gitian/gpg/meek.gpg differ diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index 0d07364..e3e2af5 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -58,6 +58,7 @@ rm -f $GITIAN_DIR/inputs/tbb-docs.zip $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/tbb-docs.zip ./Docs/ cp PTConfigs/linux/torrc-defaults-appendix $GITIAN_DIR/inputs/torrc-defaults-appendix-linux cp PTConfigs/bridge_prefs.js $GITIAN_DIR/inputs/ +cp PTConfigs/meek-http-helper-user.js $GITIAN_DIR/inputs/ cd linux rm -f $GITIAN_DIR/inputs/linux-skeleton.zip @@ -208,7 +209,7 @@ then echo "****** Starting Pluggable Transports Component of Linux Bundle (4/5 for Linux) ******" echo - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml if [ $? -ne 0 ]; then #mv var/build.log ./pluggable-transports-fail-linux.log.`date +%Y%m%d%H%M%S` @@ -231,7 +232,7 @@ then cd $WRAPPER_DIR && ./record-inputs.sh $VERSIONS_FILE && cd $GITIAN_DIR - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit https-everywhere=$HTTPSE_TAG,tor-launcher=$TORLAUNCHER_TAG,torbutton=$TORBUTTON_TAG $DESCRIPTOR_DIR/linux/gitian-bundle.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit https-everywhere=$HTTPSE_TAG,tor-launcher=$TORLAUNCHER_TAG,torbutton=$TORBUTTON_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/linux/gitian-bundle.yml if [ $? -ne 0 ]; then #mv var/build.log ./bundle-fail-linux.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh index 00073e9..995959a 100755 --- a/gitian/mkbundle-mac.sh +++ b/gitian/mkbundle-mac.sh @@ -52,8 +52,11 @@ cp $WRAPPER_DIR/patches/* $GITIAN_DIR/inputs/ cd $WRAPPER_DIR/../Bundle-Data/ rm -f $GITIAN_DIR/inputs/tbb-docs.zip $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/tbb-docs.zip ./Docs/ +rm -f $GITIAN_DIR/inputs/TorBrowser.app.meek-http-helper.zip +(cd PTConfigs/mac && $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/TorBrowser.app.meek-http-helper.zip TorBrowser.app.meek-http-helper) cp PTConfigs/mac/torrc-defaults-appendix $GITIAN_DIR/inputs/torrc-defaults-appendix-mac cp PTConfigs/bridge_prefs.js $GITIAN_DIR/inputs/ +cp PTConfigs/meek-http-helper-user.js $GITIAN_DIR/inputs/ cp mac-tor.sh $GITIAN_DIR/inputs/ cd mac @@ -184,7 +187,7 @@ then echo "****** Starting Pluggable Transports Component of Mac Bundle (4/5 for Mac) ******" echo - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG $DESCRIPTOR_DIR/mac/gitian-pluggable-transports.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/mac/gitian-pluggable-transports.yml if [ $? -ne 0 ]; then #mv var/build.log ./firefox-fail-mac.log.`date +%Y%m%d%H%M%S` @@ -208,7 +211,7 @@ then cd $WRAPPER_DIR && ./record-inputs.sh $VERSIONS_FILE && cd $GITIAN_DIR - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libdmg-hfsplus=$LIBDMG_TAG,https-everywhere=$HTTPSE_TAG,torbutton=$TORBUTTON_TAG,tor-launcher=$TORLAUNCHER_TAG $DESCRIPTOR_DIR/mac/gitian-bundle.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libdmg-hfsplus=$LIBDMG_TAG,https-everywhere=$HTTPSE_TAG,torbutton=$TORBUTTON_TAG,tor-launcher=$TORLAUNCHER_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/mac/gitian-bundle.yml if [ $? -ne 0 ]; then #mv var/build.log ./bundle-fail-mac.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh index 281f4f8..0af015d 100755 --- a/gitian/mkbundle-windows.sh +++ b/gitian/mkbundle-windows.sh @@ -55,6 +55,7 @@ rm -f $GITIAN_DIR/inputs/tbb-docs.zip $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/tbb-docs.zip ./Docs/ cp PTConfigs/windows/torrc-defaults-appendix $GITIAN_DIR/inputs/torrc-defaults-appendix-windows cp PTConfigs/bridge_prefs.js $GITIAN_DIR/inputs/ +cp PTConfigs/meek-http-helper-user.js $GITIAN_DIR/inputs/ cd windows rm -f $GITIAN_DIR/inputs/windows-skeleton.zip @@ -188,7 +189,7 @@ then echo "****** Starting Pluggable Transports Component of Windows Bundle (4/5 for Windows) ******" echo - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG $DESCRIPTOR_DIR/windows/gitian-pluggable-transports.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/windows/gitian-pluggable-transports.yml if [ $? -ne 0 ]; then #mv var/build.log ./pluggable-transports-fail-win32.log.`date +%Y%m%d%H%M%S` @@ -211,7 +212,7 @@ then cd $WRAPPER_DIR && ./record-inputs.sh $VERSIONS_FILE && cd $GITIAN_DIR - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit https-everywhere=$HTTPSE_TAG,torbutton=$TORBUTTON_TAG,tor-launcher=$TORLAUNCHER_TAG,tbb-windows-installer=$NSIS_TAG $DESCRIPTOR_DIR/windows/gitian-bundle.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit https-everywhere=$HTTPSE_TAG,torbutton=$TORBUTTON_TAG,tor-launcher=$TORLAUNCHER_TAG,tbb-windows-installer=$NSIS_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/windows/gitian-bundle.yml if [ $? -ne 0 ]; then #mv var/build.log ./bundle-fail-win32.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/patches/cross-cgo.patch b/gitian/patches/cross-cgo.patch new file mode 100644 index 0000000..eebe0d0 --- /dev/null +++ b/gitian/patches/cross-cgo.patch @@ -0,0 +1,16 @@ +--- a/src/cmd/go/build.go 2014-02-17 05:38:55.806060278 +0000 ++++ b/src/cmd/go/build.go 2014-02-17 05:39:40.414057143 +0000 +@@ -1928,9 +1928,10 @@ + ) + + func (b *builder) cgo(p *Package, cgoExe, obj string, gccfiles []string, gxxfiles []string) (outGo, outObj []string, err error) { +- if goos != toolGOOS { +- return nil, nil, errors.New("cannot use cgo when compiling for a different operating system") +- } ++ // https://code.google.com/p/go/issues/detail?id=4714#c7 ++ // if goos != toolGOOS { ++ // return nil, nil, errors.New("cannot use cgo when compiling for a different operating system") ++ // } + + cgoCPPFLAGS := stringList(envList("CGO_CPPFLAGS"), p.CgoCPPFLAGS) + cgoCFLAGS := stringList(envList("CGO_CFLAGS"), p.CgoCFLAGS) diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index c66a83b..a664b52 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -100,6 +100,8 @@ https-everywhere https-everywhere.gpg $HTTPSE_TAG pyptlib pyptlib.gpg $PYPTLIB_TAG obfsproxy obfsproxy.gpg $OBFSPROXY_TAG flashproxy flashproxy.gpg $FLASHPROXY_TAG +goptlib goptlib.gpg $GOPTLIB_TAG +meek meek.gpg $MEEK_TAG EOF while read dir commit; do @@ -133,7 +135,7 @@ done # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK is not signed at all) -for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY +for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" diff --git a/gitian/versions b/gitian/versions index 2185194..98fc74d 100755 --- a/gitian/versions +++ b/gitian/versions @@ -22,6 +22,8 @@ LIBFTE_TAG=ee9e9ddf5c86e6940559a313d2bd22cc33b654c9 # tag 0.0.3 FTEPROXY_TAG=5e7a9fd498a948d17b0996275ef1b6f743251317 # tag 0.2.15 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 +GOPTLIB_TAG=0.2 +MEEK_TAG=0.9 GITIAN_TAG=tor-browser-builder-3.x-5 @@ -42,6 +44,7 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 HTTPSE_VER=3.5.1 +GO_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -66,6 +69,7 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz LXML_PACKAGE=lxml-${LXML_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz +GO_PACKAGE=go${GO_VER}.src.tar.gz # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 @@ -85,6 +89,7 @@ M2CRYPTO_HASH=25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 +GO_HASH=9ab83fb8eafe39f4204ef0f8e84e5ff7e8f1d533ddb05f51e6dc81503e8c0ae4 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -109,3 +114,4 @@ PY2EXE_URL=http://softlayer-dal.dl.sourceforge.net/project/py2exe/py2exe/${… SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUP… LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE} PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… +GO_URL=https://go.googlecode.com/files/${GO_PACKAGE} diff --git a/gitian/versions.alpha b/gitian/versions.alpha index e0e1e60..962a1bd 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -22,6 +22,8 @@ LIBFTE_TAG=ee9e9ddf5c86e6940559a313d2bd22cc33b654c9 # tag 0.0.3 FTEPROXY_TAG=5e7a9fd498a948d17b0996275ef1b6f743251317 # tag 0.2.15 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 +GOPTLIB_TAG=0.2 +MEEK_TAG=0.9 GITIAN_TAG=tor-browser-builder-3.x-5 @@ -42,6 +44,7 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 HTTPSE_VER=3.5.1 +GO_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -66,6 +69,7 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz LXML_PACKAGE=lxml-${LXML_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz +GO_PACKAGE=go${GO_VER}.src.tar.gz # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 @@ -85,6 +89,7 @@ M2CRYPTO_HASH=25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 +GO_HASH=9ab83fb8eafe39f4204ef0f8e84e5ff7e8f1d533ddb05f51e6dc81503e8c0ae4 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -109,3 +114,4 @@ PY2EXE_URL=http://softlayer-dal.dl.sourceforge.net/project/py2exe/py2exe/${… SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUP… LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE} PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… +GO_URL=https://go.googlecode.com/files/${GO_PACKAGE} diff --git a/gitian/versions.beta b/gitian/versions.beta index 817a880..c8a2957 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -22,6 +22,8 @@ LIBFTE_TAG=19f6b8ffafca2ec8fffbc418bc0f88518cea22ac # tag 0.0.2 FTEPROXY_TAG=b5d7fba5c505907693fd2b5321f2aa57d4390cfa # tag 0.2.14 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 +GOPTLIB_TAG=0.2 +MEEK_TAG=0.9 GITIAN_TAG=tor-browser-builder-3.x-5 @@ -42,6 +44,7 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 HTTPSE_VER=3.5.1 +GO_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -67,6 +70,7 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz LXML_PACKAGE=lxml-${LXML_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz +GO_PACKAGE=go${GO_VER}.src.tar.gz # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 @@ -87,6 +91,7 @@ M2CRYPTO_HASH=25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 +GO_HASH=9ab83fb8eafe39f4204ef0f8e84e5ff7e8f1d533ddb05f51e6dc81503e8c0ae4 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -111,3 +116,4 @@ PY2EXE_URL=http://softlayer-dal.dl.sourceforge.net/project/py2exe/py2exe/${… SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUP… LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE} PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… +GO_URL=https://go.googlecode.com/files/${GO_PACKAGE} diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 1042e78..a429df7 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -22,6 +22,8 @@ LIBFTE_TAG=master FTEPROXY_TAG=master LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 +GOPTLIB_TAG=master +MEEK_TAG=master GITIAN_TAG=tor-browser-builder-3.x-5 @@ -42,6 +44,7 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 HTTPSE_VER=3.5.1 +GO_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -66,6 +69,7 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz LXML_PACKAGE=lxml-${LXML_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz +GO_PACKAGE=go${GO_VER}.src.tar.gz # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 @@ -85,6 +89,7 @@ M2CRYPTO_HASH=25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 +GO_HASH=9ab83fb8eafe39f4204ef0f8e84e5ff7e8f1d533ddb05f51e6dc81503e8c0ae4 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -109,3 +114,4 @@ PY2EXE_URL=http://softlayer-dal.dl.sourceforge.net/project/py2exe/py2exe/${… SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUP… LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE} PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… +GO_URL=https://go.googlecode.com/files/${GO_PACKAGE}

1 0

[tor-browser-bundle/master] Port fix-info-plist from shell to Python.
by gk＠torproject.org 20 Jun '14

20 Jun '14

commit eae09200b44e70f45a9bd267912b06bb560f238d Author: David Fifield <david(a)bamsoftware.com> Date: Thu Jun 19 01:32:11 2014 -0700 Port fix-info-plist from shell to Python. https://trac.torproject.org/projects/tor/ticket/12400 --- gitian/build-helpers/fix-info-plist.py | 32 ++++++++++++++++++++++++++++ gitian/build-helpers/fix-info-plist.sh | 33 ----------------------------- gitian/descriptors/mac/gitian-firefox.yml | 4 ++-- 3 files changed, 34 insertions(+), 35 deletions(-) diff --git a/gitian/build-helpers/fix-info-plist.py b/gitian/build-helpers/fix-info-plist.py new file mode 100755 index 0000000..ccb6c68 --- /dev/null +++ b/gitian/build-helpers/fix-info-plist.py @@ -0,0 +1,32 @@ +#!/usr/bin/env python + +# Sets these keys in a property list file: +# CFBundleGetInfoString +# CFBundleShortVersionString +# NSHumanReadableCopyright + +import getopt +import plistlib +import sys + +def usage(): + print >> sys.stderr, "usage: %s TORBROWSER_VERSION < Info.plist > FixedInfo.plist" % sys.argv[0] + sys.exit(2) + +_, args = getopt.gnu_getopt(sys.argv[1:], "") + +if len(args) != 1: + usage() + +TORBROWSER_VERSION = args[0] + +YEAR = "2014" +COPYRIGHT = "Tor Browser %s Copyright %s The Tor Project" % (TORBROWSER_VERSION, YEAR) + +plist = plistlib.readPlist(sys.stdin) + +plist["CFBundleGetInfoString"] = "TorBrowser %s" % TORBROWSER_VERSION +plist["CFBundleShortVersionString"] = TORBROWSER_VERSION +plist["NSHumanReadableCopyright"] = COPYRIGHT + +plistlib.writePlist(plist, sys.stdout) diff --git a/gitian/build-helpers/fix-info-plist.sh b/gitian/build-helpers/fix-info-plist.sh deleted file mode 100755 index 77c6af7..0000000 --- a/gitian/build-helpers/fix-info-plist.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# We cannot use set -e in this script because read returns a non-zero value. -export LC_ALL=C - -usage() -{ - echo "usage: $0 TORBROWSER_VERSION < Info.plist > FixedInfo.plist" 1>&2 - exit 2 -} - -if [ $# -ne 1 ]; then - usage; -fi - -TORBROWSER_VERSION="$1"; shift - -# Replace version numbers. -# Add NSHumanReadableCopyright - -YEAR=2014 -COPYRIGHT="Tor Browser $TORBROWSER_VERSION Copyright $YEAR The Tor Project" -read -r -d "" SED_SCRIPT <<END -\#<key>CFBundleGetInfoString</key>#,\#</string>\$#{ - \#</string>\$#s#>.*<#>TorBrowser $TORBROWSER_VERSION<# -} -\#<key>CFBundleShortVersionString</key>#,\#</string>\$#{ - \#</string>\$#s#>.*<#>$TORBROWSER_VERSION<# - \#</string>\$#a\ <key>NSHumanReadableCopyright</key>\n <string>$COPYRIGHT</string> - -} -END - -sed -e "$SED_SCRIPT" diff --git a/gitian/descriptors/mac/gitian-firefox.yml b/gitian/descriptors/mac/gitian-firefox.yml index 2616216..10077f5 100644 --- a/gitian/descriptors/mac/gitian-firefox.yml +++ b/gitian/descriptors/mac/gitian-firefox.yml @@ -21,7 +21,7 @@ files: - "x86_64-apple-darwin10.tar.xz" - "re-dzip.sh" - "dzip.sh" -- "fix-info-plist.sh" +- "fix-info-plist.py" - "versions" script: | INSTDIR="$HOME/install/" @@ -73,7 +73,7 @@ script: | # Adjust the Info.plist file INFO_PLIST=TorBrowser.app/Contents/Info.plist mv $INFO_PLIST tmp.plist - ~/build/fix-info-plist.sh $TORBROWSER_VERSION < tmp.plist > $INFO_PLIST + ~/build/fix-info-plist.py $TORBROWSER_VERSION < tmp.plist > $INFO_PLIST rm -f tmp.plist ~/build/re-dzip.sh TorBrowser.app/Contents/MacOS/omni.ja ~/build/re-dzip.sh TorBrowser.app/Contents/MacOS/webapprt/omni.ja

1 0

[tor-browser-bundle/master] Update component versions for alpha and nightlies.
by gk＠torproject.org 20 Jun '14

20 Jun '14

commit 7dae61fbd8e3074f5611ed3d892a669f8429f5b7 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Mon Jun 16 14:10:03 2014 -0400 Update component versions for alpha and nightlies. Use NSIS tag (v0.2) instead of hash. Use Firefox 24.6.x code for alpha builds. Use symbolic Tor Launcher tag for alpha builds. --- gitian/versions.alpha | 8 ++++---- gitian/versions.nightly | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/gitian/versions.alpha b/gitian/versions.alpha index ce3520c..562acd2 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -4,14 +4,14 @@ BUILD_PT_BUNDLES=1 VERIFY_TAGS=0 -FIREFOX_VERSION=24.5.0esr +FIREFOX_VERSION=24.6.0esr -TORBROWSER_TAG=tor-browser-24.5.0esr-4.x-1 +TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-4.x-1 TOR_TAG=tor-0.2.4.22 -TORLAUNCHER_TAG=master +TORLAUNCHER_TAG=0.2.6.0 TORBUTTON_TAG=1.6.9.0 HTTPSE_TAG=3.4.5 # XXX: HTTPSE_VER is used instead, pending #11630 -NSIS_TAG=00133b8741eb8ca34fc8153d344c7c54a5e3fae9 +NSIS_TAG=v0.2 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable MINGW_REV=6184 diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 7bcec3e..72b0b47 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -11,7 +11,7 @@ TOR_TAG=master TORLAUNCHER_TAG=master TORBUTTON_TAG=master HTTPSE_TAG=master -NSIS_TAG=00133b8741eb8ca34fc8153d344c7c54a5e3fae9 +NSIS_TAG=v0.2 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable MINGW_REV=6184

1 0

[tor-browser-bundle/master] Bug 12406: Bump mingw-w64/gcc/binutils versions.
by gk＠torproject.org 20 Jun '14

20 Jun '14

commit 24677e9dad9092ba9fdaff751aef37b9ad3953e1 Merge: 792c193 ad43e17 Author: Georg Koppen <gk(a)torproject.org> Date: Fri Jun 20 16:14:58 2014 +0000 Bug 12406: Bump mingw-w64/gcc/binutils versions. Merge remote-tracking branch 'pc/bug12406-02' gitian/descriptors/windows/gitian-bundle.yml | 2 -- gitian/descriptors/windows/gitian-utils.yml | 14 ++++++-------- gitian/fetch-inputs.sh | 26 +++----------------------- gitian/gpg/GCC.gpg | Bin 2635 -> 9931 bytes gitian/mkbundle-windows.sh | 2 +- gitian/record-inputs.sh | 2 +- gitian/verify-tags.sh | 3 ++- gitian/versions | 8 +++----- gitian/versions.alpha | 16 +++++++--------- gitian/versions.nightly | 10 ++++------ 10 files changed, 27 insertions(+), 56 deletions(-)

1 0

[tor-browser-bundle/master] Bug 12406: use MinGW-w64 v3.1.0 for TBB 4.x
by gk＠torproject.org 20 Jun '14

20 Jun '14

commit ad43e17f6fdec22be8c971483d5123c172b76c61 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Thu Jun 19 15:10:12 2014 -0400 Bug 12406: use MinGW-w64 v3.1.0 for TBB 4.x This also requires newer versions of gcc and binutils. We now fetch MinGW-w64 using git instead of svn. --- gitian/descriptors/windows/gitian-bundle.yml | 2 -- gitian/descriptors/windows/gitian-utils.yml | 14 ++++++-------- gitian/fetch-inputs.sh | 26 +++----------------------- gitian/gpg/GCC.gpg | Bin 2635 -> 9931 bytes gitian/mkbundle-windows.sh | 2 +- gitian/record-inputs.sh | 2 +- gitian/verify-tags.sh | 3 ++- gitian/versions | 8 +++----- gitian/versions.alpha | 8 +++----- gitian/versions.nightly | 8 +++----- 10 files changed, 22 insertions(+), 51 deletions(-) diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml index 8f21b3b..fc4fb35 100644 --- a/gitian/descriptors/windows/gitian-bundle.yml +++ b/gitian/descriptors/windows/gitian-bundle.yml @@ -8,8 +8,6 @@ packages: - "git-core" - "unzip" - "zip" -# This package is needed for compiling the StartTorBrowserBundle.exe. -- "mingw-w64" - "nsis" - "faketime" - "python" diff --git a/gitian/descriptors/windows/gitian-utils.yml b/gitian/descriptors/windows/gitian-utils.yml index 530e716..d9bf928 100644 --- a/gitian/descriptors/windows/gitian-utils.yml +++ b/gitian/descriptors/windows/gitian-utils.yml @@ -20,13 +20,13 @@ packages: - "libmpc-dev" reference_datetime: "2000-01-01 00:00:00" remotes: +- "url": "http://git.code.sf.net/p/mingw-w64/mingw-w64" + "dir": "mingw-w64-git" - "url": "https://github.com/libevent/libevent.git" "dir": "libevent" - "url": "https://github.com/madler/zlib.git" "dir": "zlib" files: -# XXX: we need to make this input tarball deterministic :/ -- "mingw-w64-svn-snapshot.zip" - "binutils.tar.bz2" - "gcc.tar.bz2" - "openssl.tar.gz" @@ -61,10 +61,8 @@ script: | # Building mingw-w64 mkdir -p mingw-w64/mingw-w64-headers32 - cd mingw-w64 - unzip ../mingw-w64-svn-snapshot.zip - cd mingw-w64-headers32 - ../mingw-w64-svn/mingw-w64-headers/configure --host=i686-w64-mingw32 --prefix=$INSTDIR/mingw-w64/i686-w64-mingw32 --enable-sdk=all --enable-secure-api --enable-idl + cd mingw-w64/mingw-w64-headers32 + ../../mingw-w64-git/mingw-w64-headers/configure --host=i686-w64-mingw32 --prefix=$INSTDIR/mingw-w64/i686-w64-mingw32 --enable-sdk=all --enable-secure-api --enable-idl make install cd .. cd .. @@ -89,13 +87,13 @@ script: | # cd mingw-w64 mkdir mingw-w64-crt32 && cd mingw-w64-crt32 - ../mingw-w64-svn/mingw-w64-crt/configure --host=i686-w64-mingw32 --prefix=$INSTDIR/mingw-w64/i686-w64-mingw32 + ../../mingw-w64-git/mingw-w64-crt/configure --host=i686-w64-mingw32 --prefix=$INSTDIR/mingw-w64/i686-w64-mingw32 make $MAKEOPTS make install cd .. # mkdir widl32 && cd widl32 - ../mingw-w64-svn/mingw-w64-tools/widl/configure --prefix=$INSTDIR/mingw-w64 --target=i686-w64-mingw32 + ../../mingw-w64-git/mingw-w64-tools/widl/configure --prefix=$INSTDIR/mingw-w64 --target=i686-w64-mingw32 make $MAKEOPTS make install cd .. diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index 34e8727..1b0b4c1 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -92,7 +92,7 @@ update_git() { then (cd "$dir" && git remote set-url origin $url && git fetch --prune origin && git fetch --prune --tags origin) else - if ! git clone "$url"; then + if ! git clone "$url" "$dir"; then echo >&2 "Error: Cloning $url failed" exit 1 fi @@ -110,12 +110,6 @@ update_git() { fi } -checkout_mingw() { - svn co -r $MINGW_REV https://svn.code.sf.net/p/mingw-w64/code/trunk/ mingw-w64-svn || exit 1 - # XXX: Path - ZIPOPTS="-x*/.svn/*" faketime -f "2000-01-01 00:00:00" "$WRAPPER_DIR/build-helpers/dzip.sh" mingw-w64-svn-snapshot.zip mingw-w64-svn -} - ############################################################################## # Get package files from mirror @@ -212,24 +206,9 @@ cd .. wget -U "" -N ${NOSCRIPT_URL} wget -U "" -N ${HTTPSE_URL} -# So is mingw: -if [ ! -f mingw-w64-svn-snapshot.zip ]; -then - checkout_mingw -else - # We do have mingw-w64 already but is it the correct revision? We check the - # hash of the zip archive as it has to be changed as well if a new revision - # should be used. - if ! echo "${MINGW_HASH} ${MINGW_PACKAGE}" | sha256sum -c -; then - # We need to update the local mingw-w64 copy - rm -rf mingw-w64-svn* - checkout_mingw - fi -fi - # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK is not signed at all) -for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MINGW MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY +for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" @@ -304,6 +283,7 @@ https-everywhere https://git.torproject.org/https-everywhere.git $HTTPSE_TA torbutton https://git.torproject.org/torbutton.git $TORBUTTON_TAG tor-launcher https://git.torproject.org/tor-launcher.git $TORLAUNCHER_TAG tor-browser https://git.torproject.org/tor-browser.git $TORBROWSER_TAG +mingw-w64-git http://git.code.sf.net/p/mingw-w64/mingw-w64 $MINGW_TAG pyptlib https://git.torproject.org/pluggable-transports/pyptlib.git $PYPTLIB_TAG obfsproxy https://git.torproject.org/pluggable-transports/obfsproxy.git $OBFSPROXY_TAG flashproxy https://git.torproject.org/flashproxy.git $FLASHPROXY_TAG diff --git a/gitian/gpg/GCC.gpg b/gitian/gpg/GCC.gpg index e62de27..d94d692 100644 Binary files a/gitian/gpg/GCC.gpg and b/gitian/gpg/GCC.gpg differ diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh index 019ddec..281f4f8 100755 --- a/gitian/mkbundle-windows.sh +++ b/gitian/mkbundle-windows.sh @@ -107,7 +107,7 @@ then echo "****** Starting Utilities Component of Windows Bundle (1/5 for Windows) ******" echo - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG $DESCRIPTOR_DIR/windows/gitian-utils.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit mingw-w64-git=$MINGW_TAG,zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG $DESCRIPTOR_DIR/windows/gitian-utils.yml if [ $? -ne 0 ]; then #mv var/build.log ./utils-fail-win.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/record-inputs.sh b/gitian/record-inputs.sh index bbae06f..7ca4416 100755 --- a/gitian/record-inputs.sh +++ b/gitian/record-inputs.sh @@ -26,7 +26,6 @@ rm -f bundle.inputs sha256sum $OSXSDK_PACKAGE >> bundle.inputs sha256sum $OPENSSL_PACKAGE >> bundle.inputs sha256sum $TOOLCHAIN4_PACKAGE >> bundle.inputs -sha256sum mingw-w64-svn-snapshot.zip >> bundle.inputs echo >> bundle.inputs sha256sum noscript(a)noscript.net.xpi >> bundle.inputs echo >> bundle.inputs @@ -53,6 +52,7 @@ echo "`cd torbutton && git log --format=%H -1 $TORBUTTON_TAG` torbutton.git" >> echo "`cd tor-launcher && git log --format=%H -1 $TORLAUNCHER_TAG` tor-launcher.git" >> bundle.inputs echo "`cd https-everywhere && git log --format=%H -1 $HTTPSE_TAG` https-everywhere.git" >> bundle.inputs echo "`cd tbb-windows-installer && git log --format=%H -1 $NSIS_TAG` tbb-windows-installer.git" >> bundle.inputs +echo "`cd mingw-w64-git && git log --format=%H -1 $MINGW_TAG` mingw-w64.git" >> bundle.inputs echo "`cd $INPUTS_DIR && git log --format=%H -1` gitian-builder.git" >> bundle.inputs echo "`cd $WRAPPER_DIR && git log --format=%H -1` tor-browser-bundle.git" >> bundle.inputs diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index 324a27a..c66a83b 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -105,6 +105,7 @@ EOF while read dir commit; do check_git_hash "$dir" "$commit" done << EOF +mingw-w64-git $MINGW_TAG libdmg-hfsplus $LIBDMG_TAG libfte $LIBFTE_TAG fteproxy $FTEPROXY_TAG @@ -132,7 +133,7 @@ done # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK is not signed at all) -for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MINGW MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY +for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" diff --git a/gitian/versions b/gitian/versions index 6c78434..2185194 100755 --- a/gitian/versions +++ b/gitian/versions @@ -14,7 +14,7 @@ HTTPSE_TAG=3.4.5 # XXX: HTTPSE_VER is used instead, pending #11630 NSIS_TAG=v0.2 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable -MINGW_REV=6184 +MINGW_TAG=9418eaa1854320b57f40e29ec5bbc4f5717ecd58 # tag v3.1.0 PYPTLIB_TAG=pyptlib-0.0.6 OBFSPROXY_TAG=obfsproxy-0.2.9 FLASHPROXY_TAG=1.6 @@ -28,8 +28,8 @@ GITIAN_TAG=tor-browser-builder-3.x-5 OPENSSL_VER=1.0.1g GMP_VER=5.1.3 FIREFOX_LANG_VER=$FIREFOX_VERSION -BINUTILS_VER=2.22 -GCC_VER=4.6.3 +BINUTILS_VER=2.24 +GCC_VER=4.8.3 PYTHON_VER=2.7.5 PYCRYPTO_VER=2.6.1 ARGPARSE_VER=1.2.1 @@ -51,7 +51,6 @@ HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb -MINGW_PACKAGE=mingw-w64-svn-snapshot.zip MSVCR100_PACKAGE=msvcr100.dll BINUTILS_PACKAGE=binutils-${BINUTILS_VER}.tar.bz2 GCC_PACKAGE=gcc-${GCC_VER}.tar.bz2 @@ -76,7 +75,6 @@ TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 NOSCRIPT_HASH=5ec75d2f6fbf3ff7950a8eea2c7878d887ed3916aa89f99ec76b322b1e140c08 HTTPSE_HASH=62ac6560bb224a8f5557722153a72fb245b30b345940c537423bfbb7d8144e29 -MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c ARGPARSE_HASH=ddaf4b0a618335a32b6664d4ae038a1de8fbada3b25033f9021510ed2b3941a4 diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 562acd2..e0e1e60 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -14,7 +14,7 @@ HTTPSE_TAG=3.4.5 # XXX: HTTPSE_VER is used instead, pending #11630 NSIS_TAG=v0.2 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable -MINGW_REV=6184 +MINGW_TAG=9418eaa1854320b57f40e29ec5bbc4f5717ecd58 # tag v3.1.0 PYPTLIB_TAG=pyptlib-0.0.6 OBFSPROXY_TAG=obfsproxy-0.2.9 FLASHPROXY_TAG=1.6 @@ -28,8 +28,8 @@ GITIAN_TAG=tor-browser-builder-3.x-5 OPENSSL_VER=1.0.1g GMP_VER=5.1.3 FIREFOX_LANG_VER=$FIREFOX_VERSION -BINUTILS_VER=2.22 -GCC_VER=4.6.3 +BINUTILS_VER=2.24 +GCC_VER=4.8.3 PYTHON_VER=2.7.5 PYCRYPTO_VER=2.6.1 ARGPARSE_VER=1.2.1 @@ -51,7 +51,6 @@ HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb -MINGW_PACKAGE=mingw-w64-svn-snapshot.zip MSVCR100_PACKAGE=msvcr100.dll BINUTILS_PACKAGE=binutils-${BINUTILS_VER}.tar.bz2 GCC_PACKAGE=gcc-${GCC_VER}.tar.bz2 @@ -76,7 +75,6 @@ TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 NOSCRIPT_HASH=5ec75d2f6fbf3ff7950a8eea2c7878d887ed3916aa89f99ec76b322b1e140c08 HTTPSE_HASH=62ac6560bb224a8f5557722153a72fb245b30b345940c537423bfbb7d8144e29 -MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c ARGPARSE_HASH=ddaf4b0a618335a32b6664d4ae038a1de8fbada3b25033f9021510ed2b3941a4 diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 72b0b47..1042e78 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -14,7 +14,7 @@ HTTPSE_TAG=master NSIS_TAG=v0.2 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable -MINGW_REV=6184 +MINGW_TAG=9418eaa1854320b57f40e29ec5bbc4f5717ecd58 # tag v3.1.0 PYPTLIB_TAG=master OBFSPROXY_TAG=master FLASHPROXY_TAG=master @@ -28,8 +28,8 @@ GITIAN_TAG=tor-browser-builder-3.x-5 OPENSSL_VER=1.0.1h GMP_VER=5.1.3 FIREFOX_LANG_VER=$FIREFOX_VERSION -BINUTILS_VER=2.22 -GCC_VER=4.6.3 +BINUTILS_VER=2.24 +GCC_VER=4.8.3 PYTHON_VER=2.7.5 PYCRYPTO_VER=2.6.1 ARGPARSE_VER=1.2.1 @@ -51,7 +51,6 @@ HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb -MINGW_PACKAGE=mingw-w64-svn-snapshot.zip MSVCR100_PACKAGE=msvcr100.dll BINUTILS_PACKAGE=binutils-${BINUTILS_VER}.tar.bz2 GCC_PACKAGE=gcc-${GCC_VER}.tar.bz2 @@ -76,7 +75,6 @@ TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 NOSCRIPT_HASH=aea2ef3a262a70e871df0de937ac8f53cd2c5d1913066200d192bb6e30924275 HTTPSE_HASH=62ac6560bb224a8f5557722153a72fb245b30b345940c537423bfbb7d8144e29 -MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c ARGPARSE_HASH=ddaf4b0a618335a32b6664d4ae038a1de8fbada3b25033f9021510ed2b3941a4

1 0

[tor-browser-bundle/master] Use the correct keyring for our current NSIS tag.
by gk＠torproject.org 19 Jun '14

19 Jun '14

commit 792c1933d0075cc2486a8d4ee8ca6ee443545f5a Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Thu Jun 19 15:28:21 2014 -0400 Use the correct keyring for our current NSIS tag. --- gitian/gpg/tbb-windows-installer.gpg | Bin 15689 -> 1213 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/gitian/gpg/tbb-windows-installer.gpg b/gitian/gpg/tbb-windows-installer.gpg index fab3a99..e753e57 100644 Binary files a/gitian/gpg/tbb-windows-installer.gpg and b/gitian/gpg/tbb-windows-installer.gpg differ

1 0

[tor-browser-bundle/master] Updating the README file.
by gk＠torproject.org 19 Jun '14

19 Jun '14

commit 881987bd6816d47da71e8a2065aedd36eafa87dd Author: Georg Koppen <gk(a)torproject.org> Date: Thu Jun 19 07:48:28 2014 +0000 Updating the README file. --- gitian/README.build | 46 +++++++++++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 17 deletions(-) diff --git a/gitian/README.build b/gitian/README.build index 47a8f57..24a67a8 100644 --- a/gitian/README.build +++ b/gitian/README.build @@ -45,26 +45,37 @@ Detailed Explanation of Scripts: This directory is a wrapper around our modified version of Gitian, and has several helper scripts to make things easier. - 0. Makefile: The main Makefile. It has six main commands: + 0. Makefile: The main Makefile. It has the following commands: - prep: Check OS prerequisites and download source dependency inputs - build: Build localized bundles for Linux, Windows, and Mac - - clean: Remove prior partial build stages (see 'Partial Rebuilds' below) + - clean: Remove prior partial build stages (see 'Partial Rebuilds' below + for the usage of clean-* commands) - vmclean: Remove VM base images - distclean: Remove source dependency inputs, and run clean and vmclean - all: The default. It calls clean, prep, and then build. - sign: Signs your build output and uploads it to people.torproject.org - match: Checks your build output against public signed hashes To build beta/alpha/nightly bundles, alternate targets are provided: + - nightly: The equivalent to the 'all' rule for nightly packages + - alpha: The equivalent to the 'all' rule for alpha packages - beta: The equivalent to the 'all' rule for beta packages - - build-beta: The equivalent to the 'build' rule for beta packages + - prep-nightly: The equivalent to the 'prep' rule for nightly packages + - prep-alpha: The equivalent to the 'prep' rule for alpha packages - prep-beta: The equivalent to the 'prep' rule for beta packages - - sign-beta: Signs your build output and uploads it to people.torproject.org - - match-beta: Checks your build output against public signed hashes - + - build-nightly: The equivalent to the 'build' rule for nightly packages + - build-alpha: The equivalent to the 'build' rule for alpha packages + - build-beta: The equivalent to the 'build' rule for beta packages + - sign-nightly: The equivalent to the 'sign' rule for nightly packages + - sign-alpha: The equivalent to the 'sign' rule for alpha packages + - sign-beta: The equivalent to the 'sign' rule for beta packages + - match-nightly: The equivalent to the 'match' rule for nightly packages + - match-alpha: The equivalent to the 'match' rule for alpha packages + - match-beta: The equivalent to the 'match' rule for beta packages + 1. check-prerequisites.sh: This script checks if your system is capable of running Gitian, and if it is not, it tells you what you need to do. It is called by 'make prep'. - + 2. fetch-inputs.sh: This script fetches all of our source dependencies from the Internet and downloads them into ../../gitian-builder/inputs. After you run this script, you should be able to complete the rest of your @@ -76,17 +87,18 @@ Detailed Explanation of Scripts: 4. verify-tags.sh: This script verifies the signatures on git tags from the versions file. It is only run if VERIFY_TAGS is set in the versions file. - + 5. descriptors: In the descriptors directory, you will find the Gitian - descriptors for Linux, Windows, and Mac. There are three descriptors for - each platform: One to build Tor and its dependencies, one to build Firefox - and its dependencies, and one to bundle everything together. Each - descriptor is run from a fresh VM. - + descriptors for Linux, Windows, and Mac. There are five descriptors for + each platform: One to build the utilities needed by other descriptors, + one to build Tor, one to build Tor Browser, one to build the Pluggable + Transports and one to bundle everything together. Each descriptor is run + from a fresh VM. + 6. mkbundle-linux.sh: This script is a wrapper around Gitian's gbuild to call the appropriate descriptors to build 32 and 64 bit Linux bundle. It also will create build VM images for you if you haven't done that before. - + 7. mkbundle-windows.sh: This script is a wrapper around Gitian's gbuild to call the appropriate descriptors to build a Windows bundle. It also will create build VM images for you if you haven't done that before. @@ -98,7 +110,7 @@ Detailed Explanation of Scripts: 9. record-inputs.sh: This script records all of the hashes and bundle inputs for inclusion in the 'Docs/sources' subdirectory of the bundles themselves. - + 10. hash-bundles.sh: This script generates a 'sha256sums.txt' file in sorted, reproducible order. @@ -130,7 +142,7 @@ Partial Rebuilds: cleaned, and then re-package everything again as well. Note that if any of the source inputs, or the Ubuntu buildchain tools, or - the build tools' dependencies upgrade, your Tor and Firefox inputs will + the build tools' dependencies upgrade, your Tor and Tor Browser inputs will no longer match those produced by someone else's build from a fresh build that downloaded those newer input, dependency, and toolchain packages. @@ -187,7 +199,7 @@ Known Issues and Quirks: Diagnosing Problems: During a running build, you can tail logs in real time in - ../../gitian-builder/var/*.log + ../../gitian-builder/var/*.log Upon failure, logs of any failed component builds are relocated to ../../gitian-builder/*fail*.log. This is to prevent subsequent builds

1 0

[tor-browser-bundle/maint-3.6] Updating the README file.
by gk＠torproject.org 19 Jun '14

19 Jun '14

commit 1ae0bd991291cfd675b8940e856bf54426347823 Author: Georg Koppen <gk(a)torproject.org> Date: Thu Jun 19 07:46:52 2014 +0000 Updating the README file. --- gitian/README.build | 46 +++++++++++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 17 deletions(-) diff --git a/gitian/README.build b/gitian/README.build index 47a8f57..24a67a8 100644 --- a/gitian/README.build +++ b/gitian/README.build @@ -45,26 +45,37 @@ Detailed Explanation of Scripts: This directory is a wrapper around our modified version of Gitian, and has several helper scripts to make things easier. - 0. Makefile: The main Makefile. It has six main commands: + 0. Makefile: The main Makefile. It has the following commands: - prep: Check OS prerequisites and download source dependency inputs - build: Build localized bundles for Linux, Windows, and Mac - - clean: Remove prior partial build stages (see 'Partial Rebuilds' below) + - clean: Remove prior partial build stages (see 'Partial Rebuilds' below + for the usage of clean-* commands) - vmclean: Remove VM base images - distclean: Remove source dependency inputs, and run clean and vmclean - all: The default. It calls clean, prep, and then build. - sign: Signs your build output and uploads it to people.torproject.org - match: Checks your build output against public signed hashes To build beta/alpha/nightly bundles, alternate targets are provided: + - nightly: The equivalent to the 'all' rule for nightly packages + - alpha: The equivalent to the 'all' rule for alpha packages - beta: The equivalent to the 'all' rule for beta packages - - build-beta: The equivalent to the 'build' rule for beta packages + - prep-nightly: The equivalent to the 'prep' rule for nightly packages + - prep-alpha: The equivalent to the 'prep' rule for alpha packages - prep-beta: The equivalent to the 'prep' rule for beta packages - - sign-beta: Signs your build output and uploads it to people.torproject.org - - match-beta: Checks your build output against public signed hashes - + - build-nightly: The equivalent to the 'build' rule for nightly packages + - build-alpha: The equivalent to the 'build' rule for alpha packages + - build-beta: The equivalent to the 'build' rule for beta packages + - sign-nightly: The equivalent to the 'sign' rule for nightly packages + - sign-alpha: The equivalent to the 'sign' rule for alpha packages + - sign-beta: The equivalent to the 'sign' rule for beta packages + - match-nightly: The equivalent to the 'match' rule for nightly packages + - match-alpha: The equivalent to the 'match' rule for alpha packages + - match-beta: The equivalent to the 'match' rule for beta packages + 1. check-prerequisites.sh: This script checks if your system is capable of running Gitian, and if it is not, it tells you what you need to do. It is called by 'make prep'. - + 2. fetch-inputs.sh: This script fetches all of our source dependencies from the Internet and downloads them into ../../gitian-builder/inputs. After you run this script, you should be able to complete the rest of your @@ -76,17 +87,18 @@ Detailed Explanation of Scripts: 4. verify-tags.sh: This script verifies the signatures on git tags from the versions file. It is only run if VERIFY_TAGS is set in the versions file. - + 5. descriptors: In the descriptors directory, you will find the Gitian - descriptors for Linux, Windows, and Mac. There are three descriptors for - each platform: One to build Tor and its dependencies, one to build Firefox - and its dependencies, and one to bundle everything together. Each - descriptor is run from a fresh VM. - + descriptors for Linux, Windows, and Mac. There are five descriptors for + each platform: One to build the utilities needed by other descriptors, + one to build Tor, one to build Tor Browser, one to build the Pluggable + Transports and one to bundle everything together. Each descriptor is run + from a fresh VM. + 6. mkbundle-linux.sh: This script is a wrapper around Gitian's gbuild to call the appropriate descriptors to build 32 and 64 bit Linux bundle. It also will create build VM images for you if you haven't done that before. - + 7. mkbundle-windows.sh: This script is a wrapper around Gitian's gbuild to call the appropriate descriptors to build a Windows bundle. It also will create build VM images for you if you haven't done that before. @@ -98,7 +110,7 @@ Detailed Explanation of Scripts: 9. record-inputs.sh: This script records all of the hashes and bundle inputs for inclusion in the 'Docs/sources' subdirectory of the bundles themselves. - + 10. hash-bundles.sh: This script generates a 'sha256sums.txt' file in sorted, reproducible order. @@ -130,7 +142,7 @@ Partial Rebuilds: cleaned, and then re-package everything again as well. Note that if any of the source inputs, or the Ubuntu buildchain tools, or - the build tools' dependencies upgrade, your Tor and Firefox inputs will + the build tools' dependencies upgrade, your Tor and Tor Browser inputs will no longer match those produced by someone else's build from a fresh build that downloaded those newer input, dependency, and toolchain packages. @@ -187,7 +199,7 @@ Known Issues and Quirks: Diagnosing Problems: During a running build, you can tail logs in real time in - ../../gitian-builder/var/*.log + ../../gitian-builder/var/*.log Upon failure, logs of any failed component builds are relocated to ../../gitian-builder/*fail*.log. This is to prevent subsequent builds

1 0

[tor-browser-bundle/maint-3.6] Bug 12249: Don't create PT debug files anymore.
by gk＠torproject.org 19 Jun '14

19 Jun '14

commit f8080ed91c5a0f586a935e6fec116459583e7974 Author: Georg Koppen <gk(a)torproject.org> Date: Thu Jun 19 07:14:09 2014 +0000 Bug 12249: Don't create PT debug files anymore. --- gitian/descriptors/linux/gitian-pluggable-transports.yml | 3 --- gitian/mkbundle-linux.sh | 1 - 2 files changed, 4 deletions(-) diff --git a/gitian/descriptors/linux/gitian-pluggable-transports.yml b/gitian/descriptors/linux/gitian-pluggable-transports.yml index b2d57c0..826b3b7 100644 --- a/gitian/descriptors/linux/gitian-pluggable-transports.yml +++ b/gitian/descriptors/linux/gitian-pluggable-transports.yml @@ -46,7 +46,6 @@ script: | INSTDIR="$HOME/install" PTDIR="$INSTDIR/Tor/PluggableTransports" mkdir -p $PTDIR - mkdir -p $INSTDIR/Debug/ export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 export FAKETIME=$REFERENCE_DATETIME export TZ=UTC @@ -185,6 +184,4 @@ script: | # Grabbing the results cd $INSTDIR ~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-gbuilt.zip Tor/ Docs/ - ~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-debug.zip Debug/ cp pluggable-transports-linux$GBUILD_BITS-gbuilt.zip $OUTDIR/ - cp pluggable-transports-linux$GBUILD_BITS-debug.zip $OUTDIR/ diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index 330e475..0d07364 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -216,7 +216,6 @@ then fi cp -a build/out/pluggable-transports-linux*-gbuilt.zip inputs/ - cp -a build/out/pluggable-transports-linux*-debug.zip inputs/ #cp -a result/pluggable-transports-linux-res.yml inputs/ else echo

1 0