December 2023 - tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][base-browser-115.5.0esr-13.5-1] Bug 1865238 - Use One UI Sans KR VF for Korean sans-serif font on Android r=jfkthame
by richard (＠richard) 06 Dec '23

06 Dec '23

richard pushed to branch base-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 02be06d6 by Kagami Sascha Rosylight at 2023-12-06T16:10:56+00:00 Bug 1865238 - Use One UI Sans KR VF for Korean sans-serif font on Android r=jfkthame Per /etc/fonts.xml, there are now only two `<family lang="ko">` nodes there: * OneUISansKRVF series * SECCJK series (but no KR postfix anymore?) This patch uses One UI Sans KR VF as the replacement … [View More]

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] Bug 1865238 - Use One UI Sans KR VF for Korean sans-serif font on Android r=jfkthame
by richard (＠richard) 06 Dec '23

06 Dec '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 30248ab5 by Kagami Sascha Rosylight at 2023-12-06T16:06:58+00:00 Bug 1865238 - Use One UI Sans KR VF for Korean sans-serif font on Android r=jfkthame Per /etc/fonts.xml, there are now only two `<family lang="ko">` nodes there: * OneUISansKRVF series * SECCJK series (but no KR postfix anymore?) This patch uses One UI Sans KR VF as the replacement as … [View More]

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 40990: Remove old macos signing scripts
by richard (＠richard) 06 Dec '23

06 Dec '23

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 7d25ba41 by Nicolas Vigier at 2023-12-06T16:01:16+00:00 Bug 40990: Remove old macos signing scripts - - - - - 30 changed files: - tools/signing/do-all-signing - − tools/signing/finished-signing-clean-macos-signer - tools/signing/gatekeeper-bundling.sh - − tools/signing/macos-signer-gatekeeper-signing - − tools/signing/macos-signer-gatekeeper-signing.mullvadbrowser - − tools/signing/macos-… [View More]signer-gatekeeper-signing.torbrowser - − tools/signing/macos-signer-notarization - − tools/signing/macos-signer-notarization.mullvadbrowser - − tools/signing/macos-signer-notarization.torbrowser - − tools/signing/macos-signer-proxy - − tools/signing/macos-signer-proxy.mullvadbrowser - − tools/signing/macos-signer-proxy.torbrowser - − tools/signing/macos-signer-stapler - − tools/signing/macos-signer-stapler.mullvadbrowser - − tools/signing/macos-signer-stapler.torbrowser - tools/signing/set-config - tools/signing/set-config.hosts - − tools/signing/set-config.macos-notarization - − tools/signing/sync-macos-local-to-macos-signer - − tools/signing/sync-macos-local-to-macos-signer.mullvadbrowser - − tools/signing/sync-macos-local-to-macos-signer.torbrowser - − tools/signing/sync-macos-local-to-macos-signer.torbrowser.dry-run - − tools/signing/sync-macos-signer-stapled-to-macos-local-stapled - − tools/signing/sync-macos-signer-stapled-to-macos-local-stapled.mullvadbrowser - − tools/signing/sync-macos-signer-stapled-to-macos-local-stapled.torbrowser - − tools/signing/sync-macos-signer-stapled-to-macos-local-stapled.torbrowser.dry-run - − tools/signing/sync-scripts-to-macos-signer - − tools/signing/sync-scripts-to-macos-signer.mullvadbrowser - − tools/signing/sync-scripts-to-macos-signer.torbrowser - − tools/signing/sync-scripts-to-macos-signer.torbrowser.dry-run Changes: ===================================== tools/signing/do-all-signing ===================================== @@ -8,19 +8,9 @@ NON_INTERACTIVE=1 steps_dir="$signed_version_dir.steps" test -d "$steps_dir" || mkdir -p "$steps_dir" -if test -n "$use_rcodesign" -then - test -f "$steps_dir/linux-signer-rcodesign-sign.done" || - read -sp "Enter rcodesign passphrase for key-1: " RCODESIGN_PW - echo -else - test -f "$steps_dir/macos-signer-gatekeeper-signing.done" || - read -sp "Enter macos keychain passphrase: " KEYCHAIN_PW - echo - test -f "$steps_dir/macos-signer-notarization.done" || - read -sp "Enter macos notarization passphrase: " NOTARIZATION_PW - echo -fi +test -f "$steps_dir/linux-signer-rcodesign-sign.done" || + read -sp "Enter rcodesign passphrase for key-1: " RCODESIGN_PW +echo is_project torbrowser && nssdb=torbrowser-nssdb7 is_project mullvadbrowser && nssdb=mullvadbrowser-nssdb-1 test -f "$steps_dir/linux-signer-signmars.done" || @@ -67,52 +57,6 @@ function rcodesign-notary-submit { "$script_dir/rcodesign-notary-submit" } -function macos-signer-directory-not-present { - # To avoid doing two signings at the same time, or to avoid unknowingly - # using parts from a previous signing attempt, we check that the - # directory does not exist yet (see tor-browser-build#40497) - if ssh "$ssh_host_macos_signer" "test -d $tbb_version" - then - echo "The directory $tbb_version already exists on $ssh_host_macos_signer" - return 1 - fi - return 0 -} - -function sync-scripts-to-macos-signer { - "$script_dir/sync-scripts-to-macos-signer" -} - -function macos-signer-enable-network-proxy-settings { - ssh "$ssh_host_macos_signer" 'networksetup -setsecurewebproxystate Ethernet on' -} - -function macos-signer-gatekeeper-signing { - "$script_dir/sync-macos-local-to-macos-signer" - ssh "$ssh_host_macos_signer" 'bash -s' << EOF - export KEYCHAIN_PW=$KEYCHAIN_PW - ~/signing-$SIGNING_PROJECTNAME-$tbb_version_type/macos-signer-gatekeeper-signing.$SIGNING_PROJECTNAME -EOF - unset KEYCHAIN_PW -} - -function macos-signer-notarization { - ssh "$ssh_host_macos_signer" 'bash -s' << EOF - export PW=$NOTARIZATION_PW - ~/signing-$SIGNING_PROJECTNAME-$tbb_version_type/macos-signer-notarization.$SIGNING_PROJECTNAME -EOF - unset NOTARIZATION_PW -} - -function macos-signer-stapler { - ssh "$ssh_host_macos_signer" "~/signing-$SIGNING_PROJECTNAME-$tbb_version_type/macos-signer-stapler.$SIGNING_PROJECTNAME" - "$script_dir/sync-macos-signer-stapled-to-macos-local-stapled" -} - -function macos-signer-disable-network-proxy-settings { - ssh "$ssh_host_macos_signer" 'networksetup -setsecurewebproxystate Ethernet off' -} - function gatekeeper-bundling { "$script_dir/gatekeeper-bundling.sh" } @@ -212,10 +156,6 @@ function upload-update_responses-to-staticiforme { "$script_dir/upload-update_responses-to-staticiforme" } -function finished-signing-clean-macos-signer { - "$script_dir/finished-signing-clean-macos-signer" -} - function finished-signing-clean-linux-signer { "$script_dir/finished-signing-clean-linux-signer" } @@ -233,22 +173,11 @@ export SIGNING_PROJECTNAME do_step wait-for-finished-build do_step sync-builder-unsigned-to-local-signed -if test -n "$use_rcodesign"; -then - do_step sync-scripts-to-linux-signer - do_step sync-before-linux-signer-rcodesign-sign - do_step linux-signer-rcodesign-sign - do_step sync-linux-signer-macos-signed-tar-to-local - do_step rcodesign-notary-submit -else - do_step macos-signer-directory-not-present - do_step sync-scripts-to-macos-signer - do_step macos-signer-enable-network-proxy-settings - do_step macos-signer-gatekeeper-signing - do_step macos-signer-notarization - do_step macos-signer-stapler - do_step macos-signer-disable-network-proxy-settings -fi +do_step sync-scripts-to-linux-signer +do_step sync-before-linux-signer-rcodesign-sign +do_step linux-signer-rcodesign-sign +do_step sync-linux-signer-macos-signed-tar-to-local +do_step rcodesign-notary-submit do_step gatekeeper-bundling do_step dmg2mar do_step sync-scripts-to-linux-signer @@ -272,5 +201,4 @@ do_step sync-local-to-staticiforme do_step sync-scripts-to-staticiforme do_step staticiforme-prepare-cdn-dist-upload do_step upload-update_responses-to-staticiforme -do_step finished-signing-clean-macos-signer do_step finished-signing-clean-linux-signer ===================================== tools/signing/finished-signing-clean-macos-signer deleted ===================================== @@ -1,14 +0,0 @@ -#!/bin/bash - -# Remove current tbb version from macos-signer. You should run this -# when all signing has been done. - -set -e -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" - -var_is_defined ssh_host_macos_signer tbb_version - -ssh "$ssh_host_macos_signer" 'bash -s' << EOF - test -n "$tbb_version" && rm -Rfv ~/"$SIGNING_PROJECTNAME-$tbb_version" -EOF ===================================== tools/signing/gatekeeper-bundling.sh ===================================== @@ -68,11 +68,7 @@ export PATH="$PATH:$tmpdir/libdmg-hfsplus:$tmpdir/hfsplus-tools" cd $tmpdir/dmg -if test -n "$use_rcodesign"; then - tar -xf $macos_stapled_dir/"${proj_name}-${tbb_version}-notarized+stapled.tar.zst" -else - unzip -q $macos_stapled_dir/tb-${tbb_version}_ALL-stapled.zip -fi +tar -xf $macos_stapled_dir/"${proj_name}-${tbb_version}-notarized+stapled.tar.zst" cd .. $script_dir/ddmg.sh $macos_signed_dir/${proj_name}-macos-${tbb_version}.dmg $tmpdir/dmg/ "$Proj_Name" ===================================== tools/signing/macos-signer-gatekeeper-signing deleted ===================================== @@ -1,100 +0,0 @@ -#!/bin/bash -set -e - -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" -source "$script_dir/set-config.generated-config" - -ENTITLEMENTS="$script_dir/$tbb_version_type.entitlements.xml" -app_name=$(Project_Name) - -function check_signature() { - LANG=$1 - UNZIP=$2 - local failed_open=0 - local failed_exec=0 - if [ ${UNZIP} -eq 1 ] - then - test -d test_${LANG} && rm -r test_${LANG} - unzip -d test_${LANG} -q tb-${tbb_version}_$LANG.zip - pushd test_${LANG} - fi - echo "Checking $LANG..." - spctl -vvvv --assess --type open --context context:primary-signature "$app_name.app/" - if [ $? -ne 3 ]; then - echo tb-${tbb_version}_$LANG.zip not signed correctly. Failed open. - failed_open=1 - fi - spctl -vvvv --assess --type exec --context context:primary-signature "$app_name.app/" - if [ $? -ne 0 ]; then - echo tb-${tbb_version}_$LANG.zip not signed correctly. Failed exec. - failed_exec=1 - fi - if [ ${UNZIP} -eq 1 ] - then - popd - rm -r test_${LANG} - fi - if [ ${failed_open} -ne 0 -o ${failed_exec} -ne 0 ] - then - return 1 - fi -} - -cd ~/$SIGNING_PROJECTNAME-${tbb_version} - -if test -n "$KEYCHAIN_PW" -then - KPW="-p $KEYCHAIN_PW" -fi - -security unlock $KPW /Users/torbrowser/Library/Keychains/tbb-signing-alpha.keychain -security unlock $KPW /Users/torbrowser/Library/Keychains/tbb-signing-2021.keychain - -unset KPW KEYCHAIN_PW - -for LANG in ALL -do - if [ -f tb-${tbb_version}_${LANG}.zip ] - then - echo "Deleting tb-${tbb_version}_${LANG}.zip" - rm tb-${tbb_version}_${LANG}.zip - fi - if [ -d "$app_name.app" ] - then - echo "Deleting $app_name.app" - rm -r "$app_name.app" - fi - if [ -d "/Volumes/$app_name" ]; then - echo "DMG already mounted. Please correct." - exit 1 - fi - hdiutil attach $(project-name)-macos-${tbb_version}.dmg - cp -rf "/Volumes/$app_name/$app_name.app" "$app_name.app" - echo "Signing ${app_name}_${LANG}.app" - codesign -vvv --deep -o runtime --entitlements="$ENTITLEMENTS" --timestamp -f -s "Developer ID Application: The Tor Project, Inc (MADPSAYN6T)" "$app_name.app/" - echo "codesign exit code: $?" - set +e - check_signature $LANG 0 - if [ $? -eq 1 ] - then - echo Signature verification failed. - rm -r "$app_name.app" - hdiutil detach "/Volumes/$app_name" - exit 1 - fi - set -e - echo "Zipping up tb-${tbb_version}_${LANG}.zip" - zip -qr tb-${tbb_version}_${LANG}.zip "$app_name.app" - rm -rf "$app_name.app" - hdiutil detach "/Volumes/$app_name" - set +e - check_signature $LANG 1 - if [ $? -eq 1 ] - then - echo "Signature verification failed (${LANG})". - rm -r "$app_name.app" - exit 1 - fi - set -e -done ===================================== tools/signing/macos-signer-gatekeeper-signing.mullvadbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-gatekeeper-signing \ No newline at end of file ===================================== tools/signing/macos-signer-gatekeeper-signing.torbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-gatekeeper-signing \ No newline at end of file ===================================== tools/signing/macos-signer-notarization deleted ===================================== @@ -1,44 +0,0 @@ -#!/bin/bash -set -e - -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" -source "$script_dir/set-config.macos-notarization" - -ALTOOL=~/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework/Versions/A/Support/altool - -cd ~/$SIGNING_PROJECTNAME-${tbb_version} - -if [ -z "${PW}" ]; then - echo "Please enter notarization password:" - stty -echo; read PW; stty echo; export PW -fi - -for LANG in ALL -do - if test -f ${LANG}/tb-${tbb_version}_$LANG.zip.uuid - then - echo "Skipping ${LANG}/tb-${tbb_version}_$LANG.zip" - continue; - fi - if test -d ${LANG}; then - mv ${LANG}/tb-${tbb_version}_$LANG.zip ./ - rm -r ${LANG}/ - fi - mkdir $LANG - cd $LANG - mv ../tb-${tbb_version}_$LANG.zip . - unzip -q tb-${tbb_version}_$LANG.zip - echo "Notarizing $LANG..." - $ALTOOL --notarize-app --verbose -t osx -f tb-${tbb_version}_$LANG.zip --primary-bundle-id org.torproject.torbrowser -u "$macos_notarization_user" -p @env:PW --output-format xml | tee tb-${tbb_version}_$LANG.zip.log 2>&1 - - request_uuid=`grep -A1 RequestUUID tb-${tbb_version}_$LANG.zip.log | grep -o '[0-9a-f]\+[0-9a-f-]\+'` - if [ -z "${request_uuid}" ]; then - echo "Request UUID not present. Notarization failed" - exit 1 - fi - echo ${request_uuid} > tb-${tbb_version}_$LANG.zip.uuid - echo "Notarization done for $LANG." - - cd .. -done ===================================== tools/signing/macos-signer-notarization.mullvadbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-notarization \ No newline at end of file ===================================== tools/signing/macos-signer-notarization.torbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-notarization \ No newline at end of file ===================================== tools/signing/macos-signer-proxy deleted ===================================== @@ -1,6 +0,0 @@ -#!/bin/bash -set -e -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" - -ssh -R :1080 "$ssh_host_macos_signer" 'python ~/proxy.py --port 8443' ===================================== tools/signing/macos-signer-proxy.mullvadbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-proxy \ No newline at end of file ===================================== tools/signing/macos-signer-proxy.torbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-proxy \ No newline at end of file ===================================== tools/signing/macos-signer-stapler deleted ===================================== @@ -1,22 +0,0 @@ -#!/bin/bash -set -e - -read -n 1 -p "Press enter once notarization is complete..." - -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" -source "$script_dir/set-config.generated-config" - -STAPLER=/Users/torbrowser/Xcode.app/Contents//Developer/usr/bin/stapler -app_name=$(Project_Name) - -cd ~/$SIGNING_PROJECTNAME-${tbb_version} - -for LANG in ALL -do - echo "Stapling $LANG..." - cd $LANG - $STAPLER staple "$app_name.app" - zip -qr ../tb-${tbb_version}_$LANG-stapled.zip "$app_name.app" - cd .. -done ===================================== tools/signing/macos-signer-stapler.mullvadbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-stapler \ No newline at end of file ===================================== tools/signing/macos-signer-stapler.torbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-stapler \ No newline at end of file ===================================== tools/signing/set-config ===================================== @@ -38,5 +38,3 @@ rsync_options="-avH ${rsync_progress:-} ${DRY_RUN:-}" tb_builders='boklm dan henry ma1 pierov richard' wrappers_dir=/signing/tor-browser-build/tools/signing/wrappers - -use_rcodesign=1 ===================================== tools/signing/set-config.hosts ===================================== @@ -1,6 +1,5 @@ ssh_host_builder=tbbuild ssh_host_linux_signer=linux-signer-notor -ssh_host_macos_signer=mac-signer-notor ssh_host_staticiforme=staticiforme.torproject.org builder_tor_browser_build_dir=/home/user/tor-browser-build ===================================== tools/signing/set-config.macos-notarization deleted ===================================== @@ -1,5 +0,0 @@ -# The following line should be uncommented and updated: - -#macos_notarization_user='user@email' - -var_is_defined macos_notarization_user ===================================== tools/signing/sync-macos-local-to-macos-signer deleted ===================================== @@ -1,8 +0,0 @@ -#!/bin/bash -set -e -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" - -var_is_defined ssh_host_macos_signer - -rsync $rsync_options "$signed_version_dir"/*.dmg "$ssh_host_macos_signer:$SIGNING_PROJECTNAME-$tbb_version/" ===================================== tools/signing/sync-macos-local-to-macos-signer.mullvadbrowser deleted ===================================== @@ -1 +0,0 @@ -sync-macos-local-to-macos-signer \ No newline at end of file ===================================== tools/signing/sync-macos-local-to-macos-signer.torbrowser deleted ===================================== @@ -1 +0,0 @@ -sync-macos-local-to-macos-signer \ No newline at end of file ===================================== tools/signing/sync-macos-local-to-macos-signer.torbrowser.dry-run deleted ===================================== @@ -1 +0,0 @@ -sync-macos-local-to-macos-signer \ No newline at end of file ===================================== tools/signing/sync-macos-signer-stapled-to-macos-local-stapled deleted ===================================== @@ -1,8 +0,0 @@ -#!/bin/bash -set -e -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" - -var_is_defined ssh_host_macos_signer - -rsync $rsync_options "$ssh_host_macos_signer:$SIGNING_PROJECTNAME-$tbb_version/*-stapled.zip" "$macos_stapled_dir/" ===================================== tools/signing/sync-macos-signer-stapled-to-macos-local-stapled.mullvadbrowser deleted ===================================== @@ -1 +0,0 @@ -sync-macos-signer-stapled-to-macos-local-stapled \ No newline at end of file ===================================== tools/signing/sync-macos-signer-stapled-to-macos-local-stapled.torbrowser deleted ===================================== @@ -1 +0,0 @@ -sync-macos-signer-stapled-to-macos-local-stapled \ No newline at end of file ===================================== tools/signing/sync-macos-signer-stapled-to-macos-local-stapled.torbrowser.dry-run deleted ===================================== @@ -1 +0,0 @@ -sync-macos-signer-stapled-to-macos-local-stapled \ No newline at end of file ===================================== tools/signing/sync-scripts-to-macos-signer deleted ===================================== @@ -1,10 +0,0 @@ -#!/bin/bash -set -e -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" - -var_is_defined ssh_host_macos_signer - -generate_config - -rsync $rsync_options "$script_dir/" "$ssh_host_macos_signer:signing-$SIGNING_PROJECTNAME-$tbb_version_type/" ===================================== tools/signing/sync-scripts-to-macos-signer.mullvadbrowser deleted ===================================== @@ -1 +0,0 @@ -sync-scripts-to-macos-signer \ No newline at end of file ===================================== tools/signing/sync-scripts-to-macos-signer.torbrowser deleted ===================================== @@ -1 +0,0 @@ -sync-scripts-to-macos-signer \ No newline at end of file ===================================== tools/signing/sync-scripts-to-macos-signer.torbrowser.dry-run deleted ===================================== @@ -1 +0,0 @@ -sync-scripts-to-macos-signer \ No newline at end of file View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… You're receiving this email because of your account on gitlab.torproject.org. [View Less]

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40990: Remove old macos signing scripts
by richard (＠richard) 06 Dec '23

06 Dec '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: fa846d22 by Nicolas Vigier at 2023-12-06T15:59:55+00:00 Bug 40990: Remove old macos signing scripts - - - - - 30 changed files: - tools/signing/do-all-signing - − tools/signing/finished-signing-clean-macos-signer - tools/signing/gatekeeper-bundling.sh - − tools/signing/macos-signer-gatekeeper-signing - − tools/signing/macos-signer-gatekeeper-signing.mullvadbrowser - − tools/signing/macos-signer-… [View More]gatekeeper-signing.torbrowser - − tools/signing/macos-signer-notarization - − tools/signing/macos-signer-notarization.mullvadbrowser - − tools/signing/macos-signer-notarization.torbrowser - − tools/signing/macos-signer-proxy - − tools/signing/macos-signer-proxy.mullvadbrowser - − tools/signing/macos-signer-proxy.torbrowser - − tools/signing/macos-signer-stapler - − tools/signing/macos-signer-stapler.mullvadbrowser - − tools/signing/macos-signer-stapler.torbrowser - tools/signing/set-config - tools/signing/set-config.hosts - − tools/signing/set-config.macos-notarization - − tools/signing/sync-macos-local-to-macos-signer - − tools/signing/sync-macos-local-to-macos-signer.mullvadbrowser - − tools/signing/sync-macos-local-to-macos-signer.torbrowser - − tools/signing/sync-macos-local-to-macos-signer.torbrowser.dry-run - − tools/signing/sync-macos-signer-stapled-to-macos-local-stapled - − tools/signing/sync-macos-signer-stapled-to-macos-local-stapled.mullvadbrowser - − tools/signing/sync-macos-signer-stapled-to-macos-local-stapled.torbrowser - − tools/signing/sync-macos-signer-stapled-to-macos-local-stapled.torbrowser.dry-run - − tools/signing/sync-scripts-to-macos-signer - − tools/signing/sync-scripts-to-macos-signer.mullvadbrowser - − tools/signing/sync-scripts-to-macos-signer.torbrowser - − tools/signing/sync-scripts-to-macos-signer.torbrowser.dry-run Changes: ===================================== tools/signing/do-all-signing ===================================== @@ -8,19 +8,9 @@ NON_INTERACTIVE=1 steps_dir="$signed_version_dir.steps" test -d "$steps_dir" || mkdir -p "$steps_dir" -if test -n "$use_rcodesign" -then - test -f "$steps_dir/linux-signer-rcodesign-sign.done" || - read -sp "Enter rcodesign passphrase for key-1: " RCODESIGN_PW - echo -else - test -f "$steps_dir/macos-signer-gatekeeper-signing.done" || - read -sp "Enter macos keychain passphrase: " KEYCHAIN_PW - echo - test -f "$steps_dir/macos-signer-notarization.done" || - read -sp "Enter macos notarization passphrase: " NOTARIZATION_PW - echo -fi +test -f "$steps_dir/linux-signer-rcodesign-sign.done" || + read -sp "Enter rcodesign passphrase for key-1: " RCODESIGN_PW +echo is_project torbrowser && nssdb=torbrowser-nssdb7 is_project mullvadbrowser && nssdb=mullvadbrowser-nssdb-1 test -f "$steps_dir/linux-signer-signmars.done" || @@ -67,52 +57,6 @@ function rcodesign-notary-submit { "$script_dir/rcodesign-notary-submit" } -function macos-signer-directory-not-present { - # To avoid doing two signings at the same time, or to avoid unknowingly - # using parts from a previous signing attempt, we check that the - # directory does not exist yet (see tor-browser-build#40497) - if ssh "$ssh_host_macos_signer" "test -d $tbb_version" - then - echo "The directory $tbb_version already exists on $ssh_host_macos_signer" - return 1 - fi - return 0 -} - -function sync-scripts-to-macos-signer { - "$script_dir/sync-scripts-to-macos-signer" -} - -function macos-signer-enable-network-proxy-settings { - ssh "$ssh_host_macos_signer" 'networksetup -setsecurewebproxystate Ethernet on' -} - -function macos-signer-gatekeeper-signing { - "$script_dir/sync-macos-local-to-macos-signer" - ssh "$ssh_host_macos_signer" 'bash -s' << EOF - export KEYCHAIN_PW=$KEYCHAIN_PW - ~/signing-$SIGNING_PROJECTNAME-$tbb_version_type/macos-signer-gatekeeper-signing.$SIGNING_PROJECTNAME -EOF - unset KEYCHAIN_PW -} - -function macos-signer-notarization { - ssh "$ssh_host_macos_signer" 'bash -s' << EOF - export PW=$NOTARIZATION_PW - ~/signing-$SIGNING_PROJECTNAME-$tbb_version_type/macos-signer-notarization.$SIGNING_PROJECTNAME -EOF - unset NOTARIZATION_PW -} - -function macos-signer-stapler { - ssh "$ssh_host_macos_signer" "~/signing-$SIGNING_PROJECTNAME-$tbb_version_type/macos-signer-stapler.$SIGNING_PROJECTNAME" - "$script_dir/sync-macos-signer-stapled-to-macos-local-stapled" -} - -function macos-signer-disable-network-proxy-settings { - ssh "$ssh_host_macos_signer" 'networksetup -setsecurewebproxystate Ethernet off' -} - function gatekeeper-bundling { "$script_dir/gatekeeper-bundling.sh" } @@ -212,10 +156,6 @@ function upload-update_responses-to-staticiforme { "$script_dir/upload-update_responses-to-staticiforme" } -function finished-signing-clean-macos-signer { - "$script_dir/finished-signing-clean-macos-signer" -} - function finished-signing-clean-linux-signer { "$script_dir/finished-signing-clean-linux-signer" } @@ -233,22 +173,11 @@ export SIGNING_PROJECTNAME do_step wait-for-finished-build do_step sync-builder-unsigned-to-local-signed -if test -n "$use_rcodesign"; -then - do_step sync-scripts-to-linux-signer - do_step sync-before-linux-signer-rcodesign-sign - do_step linux-signer-rcodesign-sign - do_step sync-linux-signer-macos-signed-tar-to-local - do_step rcodesign-notary-submit -else - do_step macos-signer-directory-not-present - do_step sync-scripts-to-macos-signer - do_step macos-signer-enable-network-proxy-settings - do_step macos-signer-gatekeeper-signing - do_step macos-signer-notarization - do_step macos-signer-stapler - do_step macos-signer-disable-network-proxy-settings -fi +do_step sync-scripts-to-linux-signer +do_step sync-before-linux-signer-rcodesign-sign +do_step linux-signer-rcodesign-sign +do_step sync-linux-signer-macos-signed-tar-to-local +do_step rcodesign-notary-submit do_step gatekeeper-bundling do_step dmg2mar do_step sync-scripts-to-linux-signer @@ -272,5 +201,4 @@ do_step sync-local-to-staticiforme do_step sync-scripts-to-staticiforme do_step staticiforme-prepare-cdn-dist-upload do_step upload-update_responses-to-staticiforme -do_step finished-signing-clean-macos-signer do_step finished-signing-clean-linux-signer ===================================== tools/signing/finished-signing-clean-macos-signer deleted ===================================== @@ -1,14 +0,0 @@ -#!/bin/bash - -# Remove current tbb version from macos-signer. You should run this -# when all signing has been done. - -set -e -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" - -var_is_defined ssh_host_macos_signer tbb_version - -ssh "$ssh_host_macos_signer" 'bash -s' << EOF - test -n "$tbb_version" && rm -Rfv ~/"$SIGNING_PROJECTNAME-$tbb_version" -EOF ===================================== tools/signing/gatekeeper-bundling.sh ===================================== @@ -68,11 +68,7 @@ export PATH="$PATH:$tmpdir/libdmg-hfsplus:$tmpdir/hfsplus-tools" cd $tmpdir/dmg -if test -n "$use_rcodesign"; then - tar -xf $macos_stapled_dir/"${proj_name}-${tbb_version}-notarized+stapled.tar.zst" -else - unzip -q $macos_stapled_dir/tb-${tbb_version}_ALL-stapled.zip -fi +tar -xf $macos_stapled_dir/"${proj_name}-${tbb_version}-notarized+stapled.tar.zst" cd .. $script_dir/ddmg.sh $macos_signed_dir/${proj_name}-macos-${tbb_version}.dmg $tmpdir/dmg/ "$Proj_Name" ===================================== tools/signing/macos-signer-gatekeeper-signing deleted ===================================== @@ -1,100 +0,0 @@ -#!/bin/bash -set -e - -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" -source "$script_dir/set-config.generated-config" - -ENTITLEMENTS="$script_dir/$tbb_version_type.entitlements.xml" -app_name=$(Project_Name) - -function check_signature() { - LANG=$1 - UNZIP=$2 - local failed_open=0 - local failed_exec=0 - if [ ${UNZIP} -eq 1 ] - then - test -d test_${LANG} && rm -r test_${LANG} - unzip -d test_${LANG} -q tb-${tbb_version}_$LANG.zip - pushd test_${LANG} - fi - echo "Checking $LANG..." - spctl -vvvv --assess --type open --context context:primary-signature "$app_name.app/" - if [ $? -ne 3 ]; then - echo tb-${tbb_version}_$LANG.zip not signed correctly. Failed open. - failed_open=1 - fi - spctl -vvvv --assess --type exec --context context:primary-signature "$app_name.app/" - if [ $? -ne 0 ]; then - echo tb-${tbb_version}_$LANG.zip not signed correctly. Failed exec. - failed_exec=1 - fi - if [ ${UNZIP} -eq 1 ] - then - popd - rm -r test_${LANG} - fi - if [ ${failed_open} -ne 0 -o ${failed_exec} -ne 0 ] - then - return 1 - fi -} - -cd ~/$SIGNING_PROJECTNAME-${tbb_version} - -if test -n "$KEYCHAIN_PW" -then - KPW="-p $KEYCHAIN_PW" -fi - -security unlock $KPW /Users/torbrowser/Library/Keychains/tbb-signing-alpha.keychain -security unlock $KPW /Users/torbrowser/Library/Keychains/tbb-signing-2021.keychain - -unset KPW KEYCHAIN_PW - -for LANG in ALL -do - if [ -f tb-${tbb_version}_${LANG}.zip ] - then - echo "Deleting tb-${tbb_version}_${LANG}.zip" - rm tb-${tbb_version}_${LANG}.zip - fi - if [ -d "$app_name.app" ] - then - echo "Deleting $app_name.app" - rm -r "$app_name.app" - fi - if [ -d "/Volumes/$app_name" ]; then - echo "DMG already mounted. Please correct." - exit 1 - fi - hdiutil attach $(project-name)-macos-${tbb_version}.dmg - cp -rf "/Volumes/$app_name/$app_name.app" "$app_name.app" - echo "Signing ${app_name}_${LANG}.app" - codesign -vvv --deep -o runtime --entitlements="$ENTITLEMENTS" --timestamp -f -s "Developer ID Application: The Tor Project, Inc (MADPSAYN6T)" "$app_name.app/" - echo "codesign exit code: $?" - set +e - check_signature $LANG 0 - if [ $? -eq 1 ] - then - echo Signature verification failed. - rm -r "$app_name.app" - hdiutil detach "/Volumes/$app_name" - exit 1 - fi - set -e - echo "Zipping up tb-${tbb_version}_${LANG}.zip" - zip -qr tb-${tbb_version}_${LANG}.zip "$app_name.app" - rm -rf "$app_name.app" - hdiutil detach "/Volumes/$app_name" - set +e - check_signature $LANG 1 - if [ $? -eq 1 ] - then - echo "Signature verification failed (${LANG})". - rm -r "$app_name.app" - exit 1 - fi - set -e -done ===================================== tools/signing/macos-signer-gatekeeper-signing.mullvadbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-gatekeeper-signing \ No newline at end of file ===================================== tools/signing/macos-signer-gatekeeper-signing.torbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-gatekeeper-signing \ No newline at end of file ===================================== tools/signing/macos-signer-notarization deleted ===================================== @@ -1,44 +0,0 @@ -#!/bin/bash -set -e - -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" -source "$script_dir/set-config.macos-notarization" - -ALTOOL=~/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework/Versions/A/Support/altool - -cd ~/$SIGNING_PROJECTNAME-${tbb_version} - -if [ -z "${PW}" ]; then - echo "Please enter notarization password:" - stty -echo; read PW; stty echo; export PW -fi - -for LANG in ALL -do - if test -f ${LANG}/tb-${tbb_version}_$LANG.zip.uuid - then - echo "Skipping ${LANG}/tb-${tbb_version}_$LANG.zip" - continue; - fi - if test -d ${LANG}; then - mv ${LANG}/tb-${tbb_version}_$LANG.zip ./ - rm -r ${LANG}/ - fi - mkdir $LANG - cd $LANG - mv ../tb-${tbb_version}_$LANG.zip . - unzip -q tb-${tbb_version}_$LANG.zip - echo "Notarizing $LANG..." - $ALTOOL --notarize-app --verbose -t osx -f tb-${tbb_version}_$LANG.zip --primary-bundle-id org.torproject.torbrowser -u "$macos_notarization_user" -p @env:PW --output-format xml | tee tb-${tbb_version}_$LANG.zip.log 2>&1 - - request_uuid=`grep -A1 RequestUUID tb-${tbb_version}_$LANG.zip.log | grep -o '[0-9a-f]\+[0-9a-f-]\+'` - if [ -z "${request_uuid}" ]; then - echo "Request UUID not present. Notarization failed" - exit 1 - fi - echo ${request_uuid} > tb-${tbb_version}_$LANG.zip.uuid - echo "Notarization done for $LANG." - - cd .. -done ===================================== tools/signing/macos-signer-notarization.mullvadbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-notarization \ No newline at end of file ===================================== tools/signing/macos-signer-notarization.torbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-notarization \ No newline at end of file ===================================== tools/signing/macos-signer-proxy deleted ===================================== @@ -1,6 +0,0 @@ -#!/bin/bash -set -e -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" - -ssh -R :1080 "$ssh_host_macos_signer" 'python ~/proxy.py --port 8443' ===================================== tools/signing/macos-signer-proxy.mullvadbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-proxy \ No newline at end of file ===================================== tools/signing/macos-signer-proxy.torbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-proxy \ No newline at end of file ===================================== tools/signing/macos-signer-stapler deleted ===================================== @@ -1,22 +0,0 @@ -#!/bin/bash -set -e - -read -n 1 -p "Press enter once notarization is complete..." - -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" -source "$script_dir/set-config.generated-config" - -STAPLER=/Users/torbrowser/Xcode.app/Contents//Developer/usr/bin/stapler -app_name=$(Project_Name) - -cd ~/$SIGNING_PROJECTNAME-${tbb_version} - -for LANG in ALL -do - echo "Stapling $LANG..." - cd $LANG - $STAPLER staple "$app_name.app" - zip -qr ../tb-${tbb_version}_$LANG-stapled.zip "$app_name.app" - cd .. -done ===================================== tools/signing/macos-signer-stapler.mullvadbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-stapler \ No newline at end of file ===================================== tools/signing/macos-signer-stapler.torbrowser deleted ===================================== @@ -1 +0,0 @@ -macos-signer-stapler \ No newline at end of file ===================================== tools/signing/set-config ===================================== @@ -38,5 +38,3 @@ rsync_options="-avH ${rsync_progress:-} ${DRY_RUN:-}" tb_builders='boklm dan henry ma1 pierov richard' wrappers_dir=/signing/tor-browser-build/tools/signing/wrappers - -use_rcodesign=1 ===================================== tools/signing/set-config.hosts ===================================== @@ -1,6 +1,5 @@ ssh_host_builder=tbbuild ssh_host_linux_signer=linux-signer-notor -ssh_host_macos_signer=mac-signer-notor ssh_host_staticiforme=staticiforme.torproject.org builder_tor_browser_build_dir=/home/user/tor-browser-build ===================================== tools/signing/set-config.macos-notarization deleted ===================================== @@ -1,5 +0,0 @@ -# The following line should be uncommented and updated: - -#macos_notarization_user='user@email' - -var_is_defined macos_notarization_user ===================================== tools/signing/sync-macos-local-to-macos-signer deleted ===================================== @@ -1,8 +0,0 @@ -#!/bin/bash -set -e -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" - -var_is_defined ssh_host_macos_signer - -rsync $rsync_options "$signed_version_dir"/*.dmg "$ssh_host_macos_signer:$SIGNING_PROJECTNAME-$tbb_version/" ===================================== tools/signing/sync-macos-local-to-macos-signer.mullvadbrowser deleted ===================================== @@ -1 +0,0 @@ -sync-macos-local-to-macos-signer \ No newline at end of file ===================================== tools/signing/sync-macos-local-to-macos-signer.torbrowser deleted ===================================== @@ -1 +0,0 @@ -sync-macos-local-to-macos-signer \ No newline at end of file ===================================== tools/signing/sync-macos-local-to-macos-signer.torbrowser.dry-run deleted ===================================== @@ -1 +0,0 @@ -sync-macos-local-to-macos-signer \ No newline at end of file ===================================== tools/signing/sync-macos-signer-stapled-to-macos-local-stapled deleted ===================================== @@ -1,8 +0,0 @@ -#!/bin/bash -set -e -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" - -var_is_defined ssh_host_macos_signer - -rsync $rsync_options "$ssh_host_macos_signer:$SIGNING_PROJECTNAME-$tbb_version/*-stapled.zip" "$macos_stapled_dir/" ===================================== tools/signing/sync-macos-signer-stapled-to-macos-local-stapled.mullvadbrowser deleted ===================================== @@ -1 +0,0 @@ -sync-macos-signer-stapled-to-macos-local-stapled \ No newline at end of file ===================================== tools/signing/sync-macos-signer-stapled-to-macos-local-stapled.torbrowser deleted ===================================== @@ -1 +0,0 @@ -sync-macos-signer-stapled-to-macos-local-stapled \ No newline at end of file ===================================== tools/signing/sync-macos-signer-stapled-to-macos-local-stapled.torbrowser.dry-run deleted ===================================== @@ -1 +0,0 @@ -sync-macos-signer-stapled-to-macos-local-stapled \ No newline at end of file ===================================== tools/signing/sync-scripts-to-macos-signer deleted ===================================== @@ -1,10 +0,0 @@ -#!/bin/bash -set -e -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source "$script_dir/functions" - -var_is_defined ssh_host_macos_signer - -generate_config - -rsync $rsync_options "$script_dir/" "$ssh_host_macos_signer:signing-$SIGNING_PROJECTNAME-$tbb_version_type/" ===================================== tools/signing/sync-scripts-to-macos-signer.mullvadbrowser deleted ===================================== @@ -1 +0,0 @@ -sync-scripts-to-macos-signer \ No newline at end of file ===================================== tools/signing/sync-scripts-to-macos-signer.torbrowser deleted ===================================== @@ -1 +0,0 @@ -sync-scripts-to-macos-signer \ No newline at end of file ===================================== tools/signing/sync-scripts-to-macos-signer.torbrowser.dry-run deleted ===================================== @@ -1 +0,0 @@ -sync-scripts-to-macos-signer \ No newline at end of file View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… You're receiving this email because of your account on gitlab.torproject.org. [View Less]

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] 6 commits: fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
by richard (＠richard) 06 Dec '23

06 Dec '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 9d6ca8ac by Pier Angelo Vendrame at 2023-12-05T11:00:25+01:00 fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain. Collect the browsers also on Android. - - - - - 9e239230 by Pier Angelo Vendrame at 2023-12-05T11:08:42+01:00 fixup! Bug 40597: Implement TorSettings module Moved the creation of Meek credentials to a function on its own that we will reuse also with … [View More]the Android version of MeekTransport. - - - - - 6a649d7f by Pier Angelo Vendrame at 2023-12-05T11:25:06+01:00 fixup! Bug 40933: Add tor-launcher functionality Store the SOCKS settings as a member, so that we can customize them if needed before applying them. Also, cleanup the public interface of TorProcess. E.g., removed TorProcess.connectionWorked, since we do not use this information anymore. Finally, added a TorLauncherUtil.isAndroid. - - - - - 1ad1d839 by Pier Angelo Vendrame at 2023-12-05T13:48:35+01:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser HTML-ize about:torconnect. Changed file extension, updated the HTML tag, removed short-tags on tags that are expected to have a closing tag. Also, removed the preprocessor and moved the onion pattern to this commit, since it is used only here. - - - - - fbd5b4bb by Pier Angelo Vendrame at 2023-12-05T13:48:42+01:00 fixup! Bug 2176: Rebrand Firefox to TorBrowser Move the onion pattern files to the commit of about:torconnect. - - - - - 3649cc3f by Pier Angelo Vendrame at 2023-12-05T18:48:25+01:00 Temporary changes to about:torconnect for Android. We are planning of tempoorarily using about:torconnect on Android, until the native UX is ready. - - - - - 14 changed files: - docshell/base/nsAboutRedirector.cpp - toolkit/components/tor-launcher/TorDomainIsolator.sys.mjs - toolkit/components/tor-launcher/TorLauncherUtil.sys.mjs - toolkit/components/tor-launcher/TorProcess.sys.mjs - toolkit/components/tor-launcher/TorProvider.sys.mjs - toolkit/components/torconnect/content/aboutTorConnect.css - toolkit/components/torconnect/content/aboutTorConnect.xhtml → toolkit/components/torconnect/content/aboutTorConnect.html - toolkit/components/torconnect/content/aboutTorConnect.js - toolkit/themes/shared/onionPattern.svg → toolkit/components/torconnect/content/onion-pattern.svg - toolkit/components/torconnect/jar.mn - toolkit/modules/Moat.sys.mjs - toolkit/themes/shared/minimal-toolkit.jar.inc.mn - − toolkit/themes/shared/onionPattern.css - − toolkit/themes/shared/onionPattern.inc.xhtml Changes: ===================================== docshell/base/nsAboutRedirector.cpp ===================================== @@ -169,7 +169,7 @@ static const RedirEntry kRedirMap[] = { #endif {"telemetry", "chrome://global/content/aboutTelemetry.xhtml", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, - {"torconnect", "chrome://global/content/torconnect/aboutTorConnect.xhtml", + {"torconnect", "chrome://global/content/torconnect/aboutTorConnect.html", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::URI_CAN_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT | ===================================== toolkit/components/tor-launcher/TorDomainIsolator.sys.mjs ===================================== @@ -475,9 +475,19 @@ class TorDomainIsolatorImpl { * @returns {MozBrowser?} The browser the channel is associated to */ #getBrowserForChannel(channel) { + const currentBrowser = + channel.loadInfo.browsingContext?.topChromeWindow?.browser; + if ( + channel.loadInfo.browsingContext && + currentBrowser?.browsingContext === channel.loadInfo.browsingContext + ) { + // Android has only one browser, and does not have the browsers property. + return currentBrowser; + } const browsers = channel.loadInfo.browsingContext?.topChromeWindow?.gBrowser?.browsers; if (!browsers || !channel.loadInfo.browsingContext?.browserId) { + logger.debug("Missing data to associate to a browser", channel.loadInfo); return null; } for (const browser of browsers) { ===================================== toolkit/components/tor-launcher/TorLauncherUtil.sys.mjs ===================================== @@ -325,6 +325,10 @@ class TorFile { } export const TorLauncherUtil = Object.freeze({ + get isAndroid() { + return Services.appinfo.OS === "Android"; + }, + get isMac() { return Services.appinfo.OS === "Darwin"; }, ===================================== toolkit/components/tor-launcher/TorProcess.sys.mjs ===================================== @@ -33,8 +33,6 @@ export class TorProcess { #args = []; #subprocess = null; #status = TorProcessStatus.Unknown; - // Have we ever made a connection on the control port? - #didConnectToTorControlPort = false; onExit = exitCode => {}; @@ -69,10 +67,6 @@ export class TorProcess { } } - get status() { - return this.#status; - } - get isRunning() { return ( this.#status === TorProcessStatus.Starting || @@ -102,7 +96,6 @@ export class TorProcess { } this.#status = TorProcessStatus.Starting; - this.#didConnectToTorControlPort = false; // useful for simulating slow tor daemon launch const kPrefTorDaemonLaunchDelay = "extensions.torlauncher.launch_delay"; @@ -155,13 +148,6 @@ export class TorProcess { this.#status = TorProcessStatus.Exited; } - // The owner of the process can use this function to tell us that they - // successfully connected to the control port. This information will be used - // only to decide which text to show in the confirmation dialog if tor exits. - connectionWorked() { - this.#didConnectToTorControlPort = true; - } - async #dumpStdout() { let string; while ( @@ -201,20 +187,6 @@ export class TorProcess { #processExitedUnexpectedly(exitCode) { this.#subprocess = null; this.#status = TorProcessStatus.Exited; - // FIXME: We can probably drop #didConnectToTorControlPort and use only one - // callback. Then we can let the provider actually distinguish between the - // cases. - if (!this.#didConnectToTorControlPort) { - logger.warn("Tor exited before we could connect to its control port."); - // tor might be misconfigured, because we could never connect to it. - // Two instances of Tor Browser trying to use the same port numbers is - // also a typical scenario for this. - // This might happen very early, before the browser UI is actually - // available. So, we will tell the process owner that the process exited, - // without trying to restart it. - this.onExit(exitCode); - return; - } logger.warn("Tor exited suddenly."); this.onExit(exitCode); } ===================================== toolkit/components/tor-launcher/TorProvider.sys.mjs ===================================== @@ -35,6 +35,15 @@ const logger = new ConsoleAPI({ * @property {string=} host The host to connect for a TCP control port * @property {number=} port The port number to use for a TCP control port */ +/** + * @typedef {object} SocksSettings An object that includes the proxy settings to + * be configured in the browser. + * @property {boolean=} transproxy If true, no proxy is configured + * @property {nsIFile=} ipcFile The nsIFile object with the path to a Unix + * socket to use for an IPC proxy + * @property {string=} host The host to connect for a TCP proxy + * @property {number=} port The port number to use for a TCP proxy + */ /** * @typedef {object} LogEntry An object with a log message * @property {Date} date The date at which we received the message @@ -111,6 +120,13 @@ export class TorProvider { */ #torProcess = null; + /** + * The settings for the SOCKS proxy. + * + * @type {SocksSettings?} + */ + #socksSettings = null; + /** * The logs we received over the control port. * We store a finite number of log entries which can be configured with @@ -165,8 +181,9 @@ export class TorProvider { async init() { logger.debug("Initializing the Tor provider."); - const socksSettings = TorLauncherUtil.getPreferredSocksConfiguration(); - logger.debug("Requested SOCKS configuration", socksSettings); + // These settings might be customized in the following steps. + this.#socksSettings = TorLauncherUtil.getPreferredSocksConfiguration(); + logger.debug("Requested SOCKS configuration", this.#socksSettings); try { await this.#setControlPortConfiguration(); @@ -175,11 +192,11 @@ export class TorProvider { throw e; } - if (socksSettings.transproxy) { + if (this.#socksSettings.transproxy) { logger.info("Transparent proxy required, not starting a Tor daemon."); } else if (this.ownsTorDaemon) { try { - await this.#startDaemon(socksSettings); + await this.#startDaemon(); } catch (e) { logger.error("Failed to start the tor daemon", e); throw e; @@ -197,8 +214,7 @@ export class TorProvider { throw e; } - // We do not customize SOCKS settings, at least for now. - TorLauncherUtil.setProxyConfiguration(socksSettings); + TorLauncherUtil.setProxyConfiguration(this.#socksSettings); logger.info("The Tor provider is ready."); @@ -464,7 +480,7 @@ export class TorProvider { // Process management - async #startDaemon(socksSettings) { + async #startDaemon() { // TorProcess should be instanced once, then always reused and restarted // only through the prompt it exposes when the controlled process dies. if (this.#torProcess) { @@ -476,7 +492,7 @@ export class TorProvider { this.#torProcess = new lazy.TorProcess( this.#controlPortSettings, - socksSettings + this.#socksSettings ); // Use a closure instead of bind because we reassign #cancelConnection. // Also, we now assign an exit handler that cancels the first connection, @@ -619,7 +635,6 @@ export class TorProvider { } this.#openControlPort() .then(controller => { - this.#torProcess?.connectionWorked(); this.#cancelConnection = () => {}; // The cancel function should have already called reject. if (!canceled) { ===================================== toolkit/components/torconnect/content/aboutTorConnect.css ===================================== @@ -10,6 +10,11 @@ --onion-radius: 75px; } +html { + width: 100%; + height: 100%; +} + input[type="checkbox"]:focus, select:focus { outline: none!important; box-shadow: 0 0 0 3px var(--purple-30) !important; @@ -330,3 +335,166 @@ body { background-image: url("chrome://global/content/torconnect/connection-location.svg"); stroke: var(--warning-color); } + +.onion-pattern-container { + flex: auto; /* grow to consume remaining space on the page */ + display: flex; + margin: 0 auto; + width: 100%; + /* two onions tall, 4x the radius */ + height: calc(4 * var(--onion-radius)); + max-height: calc(4 * var(--onion-radius)); + min-height: calc(4 * var(--onion-radius)); + direction: ltr; +} + +.onion-pattern-crop { + height: 100%; + width: 100%; + + -moz-context-properties: fill; + fill: var(--onion-color, currentColor); + /* opacity of the entire div, not context-opacity */ + opacity: var(--onion-opacity, 1); + + background-image: url("chrome://global/content/torconnect/onion-pattern.svg"); + background-repeat: repeat; + background-attachment: local; + background-position: center; + /* svg source is 6 onions wide and 2 onions tall */ + background-size: calc(6 * 2 * var(--onion-radius)) calc(2 * 2 * var(--onion-radius));; +} + +:root { + --android-dark-accents-buttons: #9059FF; + --android-dark-background-secondary: #E1E0E7; + --android-dark-text-primary: #FBFBFE; + --android-light-text-primary: #15141A; +} + +[hidden=true] { + display: none !important; +} + +body.android { + --onion-color: var(--android-dark-text-primary); + width: 100%; + height: 100%; + box-sizing: border-box; + margin: 0; + padding: 0 24px !important; + color: var(--onion-color); + background: linear-gradient(194deg, #692E9D -0.93%, #393270 48.91%); + font: menu; + font-size: 14px; + display: flex; +} + +.android #connectPageContainer { + max-width: none; + display: flex; + flex-direction: column; + flex: 1; +} + +.android #breadcrumbs { + display: none; +} + +.android #text-container { + display: flex; + flex-direction: column; + flex: 1; +} + +.android .title { + background-position: left 0; + background-repeat: no-repeat; + background-size: 40px; + padding-top: 64px; + font-size: 22px; + line-height: 28px; +} + +.android h1 { + font-weight: normal; + font-size: 100%; + margin: 0 0 16px 0; +} + +.android p { + margin: 0; + padding-bottom: 8px; + line-height: 20px; +} + +.android #quickstartContainer { + margin-top: 24px; +} + +.android .button-container { + display: flex; + flex: 1; + flex-direction: column; +} + +.android #locationDropdown { + width: 100%; + max-width: none; + margin: 0; +} + +.android select { + background: transparent; + border: none; + border-bottom: 1px solid var(--android-dark-text-primary); + color: var(--android-dark-text-primary); + display: block; + width: 100%; + margin-top: 10px; + padding: 8px; +} + +.android #buttonPadding { + flex: 1; +} + +.android #connectButtonContainer { + width: 100%; + padding-bottom: 18px; + display: grid; +} + +/* Be sure not to match the togglee */ +.android #connectButtonContainer button { + display: block; + width: 100%; + margin: 4px 0; + padding: 11px 30px; + font-size: 14px; + font-weight: 500; + border: none; + border-radius: 4px; +} + +.android #connectButton, .android #tryBridgeButton, .android #configureButton.primary { + color: var(--android-dark-text-primary); + background-color: var(--android-dark-accents-buttons); +} + +.android #configureButton { + order: 1; +} + +.android #restartButton { + order: 2; +} + +.android #restartButton, .android #cancelButton, .android #configureButton { + color: var(--android-light-text-primary); + background-color: var(--android-dark-background-secondary); +} + +.android .onion-pattern-container { + display: none; +} ===================================== toolkit/components/torconnect/content/aboutTorConnect.xhtml → toolkit/components/torconnect/content/aboutTorConnect.html ===================================== @@ -1,17 +1,12 @@  <!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml"> +<html> <head> <meta http-equiv="Content-Security-Policy" content="default-src chrome:; object-src 'none'" /> - <link - rel="stylesheet" - href="chrome://global/skin/onionPattern.css" - type="text/css" - media="all" - /> + <meta name="viewport" content="width=device-width"> <link rel="stylesheet" href="chrome://global/content/torconnect/aboutTorConnect.css" @@ -21,64 +16,69 @@ </head> <body> <div id="progressBar"> - <div id="progressBackground" /> - <div id="progressSolid" /> + <div id="progressBackground"></div> + <div id="progressSolid"></div> </div> <div id="connectPageContainer" class="container"> <div id="breadcrumbs" class="hidden"> <span id="connect-to-tor" class="breadcrumb-item"> - <span id="connect-to-tor-icon" class="breadcrumb-icon" /> - <span class="breadcrumb-label" /> + <span id="connect-to-tor-icon" class="breadcrumb-icon"></span> + <span class="breadcrumb-label"></span> </span> <span id="connection-assist-separator" class="breadcrumb-separator breadcrumb-icon" - /> + ></span> <span id="connection-assist" class="breadcrumb-item"> - <span id="connection-assist-icon" class="breadcrumb-icon" /> - <span class="breadcrumb-label" /> + <span id="connection-assist-icon" class="breadcrumb-icon"></span> + <span class="breadcrumb-label"></span> </span> <span id="try-bridge-separator" class="breadcrumb-separator breadcrumb-icon" - /> + ></span> <span id="try-bridge" class="breadcrumb-item"> - <span id="try-bridge-icon" class="breadcrumb-icon" /> - <span class="breadcrumb-label" /> + <span id="try-bridge-icon" class="breadcrumb-icon"></span> + <span class="breadcrumb-label"></span> </span> </div> <div id="text-container"> <div class="title"> - <h1 class="title-text" /> + <h1 class="title-text"></h1> </div> <div id="connectLongContent"> - <p id="connectLongContentText" /> + <p id="connectLongContentText"></p> </div> <div id="connectShortDesc"> - <p id="connectShortDescText" /> + <p id="connectShortDescText"></p> </div> <button id="viewLogButton"></button> <div id="quickstartContainer"> <input id="quickstartCheckbox" type="checkbox" /> - <label id="quickstartCheckboxLabel" for="quickstartCheckbox" /> + <label id="quickstartCheckboxLabel" for="quickstartCheckbox"></label> </div> - <div id="connectButtonContainer" class="button-container"> - <button id="restartButton" hidden="true"></button> - <button id="configureButton" hidden="true"></button> - <button id="cancelButton" hidden="true"></button> - <button id="connectButton" class="primary" hidden="true"></button> - <label id="locationDropdownLabel" for="countries" /> + <div class="button-container"> + <label id="locationDropdownLabel" for="countries"></label> <form id="locationDropdown" hidden="true"> <select id="countries"></select> </form> - <button id="tryBridgeButton" class="primary" hidden="true"></button> + <span id="buttonPadding"></span> + <span id="connectButtonContainer"> + <button id="restartButton" hidden="true"></button> + <button id="configureButton" hidden="true"></button> + <button id="cancelButton" hidden="true"></button> + <button id="connectButton" class="primary" hidden="true"></button> + <button id="tryBridgeButton" class="primary" hidden="true"></button> + </span> </div> </div> </div> -#include ../../../themes/shared/onionPattern.inc.xhtml + <div class="onion-pattern-container"> + <div class="onion-pattern-crop"></div> + </div> + <script src="chrome://global/content/torconnect/aboutTorConnect.js"></script> </body> - <script src="chrome://global/content/torconnect/aboutTorConnect.js" /> </html> ===================================== toolkit/components/torconnect/content/aboutTorConnect.js ===================================== @@ -70,8 +70,8 @@ class AboutTorConnect { connect: "button#connectButton", tryBridge: "button#tryBridgeButton", locationDropdownLabel: "#locationDropdownLabel", - locationDropdown: "form#locationDropdown", - locationDropdownSelect: "form#locationDropdown select", + locationDropdown: "#locationDropdown", + locationDropdownSelect: "#locationDropdown select", }, }); @@ -666,6 +666,9 @@ class AboutTorConnect { } initElements(direction) { + const isAndroid = navigator.userAgent.indexOf("Android") !== -1; + document.body.classList.toggle("android", isAndroid); + document.documentElement.setAttribute("dir", direction); this.elements.connectToTorLink.addEventListener("click", event => { ===================================== toolkit/themes/shared/onionPattern.svg → toolkit/components/torconnect/content/onion-pattern.svg ===================================== ===================================== toolkit/components/torconnect/jar.mn ===================================== @@ -3,12 +3,13 @@ toolkit.jar: content/global/torconnect/torConnectTitlebarStatus.js (content/torConnectTitlebarStatus.js) content/global/torconnect/torConnectTitlebarStatus.css (content/torConnectTitlebarStatus.css) content/global/torconnect/aboutTorConnect.css (content/aboutTorConnect.css) -* content/global/torconnect/aboutTorConnect.xhtml (content/aboutTorConnect.xhtml) + content/global/torconnect/aboutTorConnect.html (content/aboutTorConnect.html) content/global/torconnect/aboutTorConnect.js (content/aboutTorConnect.js) content/global/torconnect/arrow-right.svg (content/arrow-right.svg) content/global/torconnect/bridge.svg (content/bridge.svg) content/global/torconnect/connection-failure.svg (content/connection-failure.svg) content/global/torconnect/connection-location.svg (content/connection-location.svg) + content/global/torconnect/onion-pattern.svg (content/onion-pattern.svg) content/global/torconnect/tor-connect.svg (content/tor-connect.svg) content/global/torconnect/tor-not-connected-to-connected-animated.svg (content/tor-not-connected-to-connected-animated.svg) content/global/torconnect/tor-connect-broken.svg (content/tor-connect-broken.svg) ===================================== toolkit/modules/Moat.sys.mjs ===================================== @@ -21,6 +21,56 @@ const TorLauncherPrefs = Object.freeze({ moat_service: "extensions.torlauncher.moat_service", }); +function makeMeekCredentials(proxyType) { + // Construct the per-connection arguments. + let meekClientEscapedArgs = ""; + const meekReflector = Services.prefs.getStringPref( + TorLauncherPrefs.bridgedb_reflector + ); + + // Escape aValue per section 3.5 of the PT specification: + // First the "<Key>=<Value>" formatted arguments MUST be escaped, + // such that all backslash, equal sign, and semicolon characters + // are escaped with a backslash. + const escapeArgValue = aValue => + aValue + ? aValue + .replaceAll("\\", "\\\\") + .replaceAll("=", "\\=") + .replaceAll(";", "\\;") + : ""; + + if (meekReflector) { + meekClientEscapedArgs += "url="; + meekClientEscapedArgs += escapeArgValue(meekReflector); + } + const meekFront = Services.prefs.getStringPref( + TorLauncherPrefs.bridgedb_front + ); + if (meekFront) { + if (meekClientEscapedArgs.length) { + meekClientEscapedArgs += ";"; + } + meekClientEscapedArgs += "front="; + meekClientEscapedArgs += escapeArgValue(meekFront); + } + + // socks5 + if (proxyType === "socks") { + if (meekClientEscapedArgs.length <= 255) { + return [meekClientEscapedArgs, "\x00"]; + } else { + return [ + meekClientEscapedArgs.substring(0, 255), + meekClientEscapedArgs.substring(255), + ]; + } + // socks4 + } else { + return [meekClientEscapedArgs, undefined]; + } +} + // // Launches and controls the PT process lifetime // @@ -70,39 +120,6 @@ class MeekTransport { proxy.pathToBinary = meekPath.path; } - // Construct the per-connection arguments. - let meekClientEscapedArgs = ""; - const meekReflector = Services.prefs.getStringPref( - TorLauncherPrefs.bridgedb_reflector - ); - - // Escape aValue per section 3.5 of the PT specification: - // First the "<Key>=<Value>" formatted arguments MUST be escaped, - // such that all backslash, equal sign, and semicolon characters - // are escaped with a backslash. - const escapeArgValue = aValue => - aValue - ? aValue - .replaceAll("\\", "\\\\") - .replaceAll("=", "\\=") - .replaceAll(";", "\\;") - : ""; - - if (meekReflector) { - meekClientEscapedArgs += "url="; - meekClientEscapedArgs += escapeArgValue(meekReflector); - } - const meekFront = Services.prefs.getStringPref( - TorLauncherPrefs.bridgedb_front - ); - if (meekFront) { - if (meekClientEscapedArgs.length) { - meekClientEscapedArgs += ";"; - } - meekClientEscapedArgs += "front="; - meekClientEscapedArgs += escapeArgValue(meekFront); - } - // Setup env and start meek process const ptStateDir = lazy.TorLauncherUtil.getTorFile("tordatadir", false); ptStateDir.append("pt_state"); // Match what tor uses. @@ -247,22 +264,9 @@ class MeekTransport { this.#meekClientProcess = null; this.uninit(); }); - - // socks5 - if (this.proxyType === "socks") { - if (meekClientEscapedArgs.length <= 255) { - this.proxyUsername = meekClientEscapedArgs; - this.proxyPassword = "\x00"; - } else { - this.proxyUsername = meekClientEscapedArgs.substring(0, 255); - this.proxyPassword = meekClientEscapedArgs.substring(255); - } - // socks4 - } else { - this.proxyUsername = meekClientEscapedArgs; - this.proxyPassword = undefined; - } - + [this.proxyUsername, this.proxyPassword] = makeMeekCredentials( + this.proxyType + ); this.#inited = true; } catch (ex) { if (this.#meekClientProcess) { @@ -403,7 +407,7 @@ export class MoatRPC { throw new Error("MoatRPC: Already initialized"); } - let meekTransport = new MeekTransport(); + const meekTransport = new MeekTransport(); await meekTransport.init(); this.#meekTransport = meekTransport; this.#inited = true; ===================================== toolkit/themes/shared/minimal-toolkit.jar.inc.mn ===================================== @@ -47,7 +47,3 @@ toolkit.jar: skin/classic/global/media/textrecognition.css (../../shared/media/textrecognition.css) skin/classic/global/browser-colors.css (../../shared/browser-colors.css) - -# Tor customization - skin/classic/global/onionPattern.css (../../shared/onionPattern.css) - skin/classic/global/onionPattern.svg (../../shared/onionPattern.svg) ===================================== toolkit/themes/shared/onionPattern.css deleted ===================================== @@ -1,31 +0,0 @@ -/* Onion pattern */ - -.onion-pattern-container { - - flex: auto; /* grow to consume remaining space on the page */ - display: flex; - margin: 0 auto; - width: 100%; - /* two onions tall, 4x the radius */ - height: calc(4 * var(--onion-radius)); - max-height: calc(4 * var(--onion-radius)); - min-height: calc(4 * var(--onion-radius)); - direction: ltr; -} - -.onion-pattern-crop { - height: 100%; - width: 100%; - - -moz-context-properties: fill; - fill: var(--onion-color, currentColor); - /* opacity of the entire div, not context-opacity */ - opacity: var(--onion-opacity, 1); - - background-image: url("chrome://global/skin/onionPattern.svg"); - background-repeat: repeat; - background-attachment: local; - background-position: center; - /* svg source is 6 onions wide and 2 onions tall */ - background-size: calc(6 * 2 * var(--onion-radius)) calc(2 * 2 * var(--onion-radius));; -} ===================================== toolkit/themes/shared/onionPattern.inc.xhtml deleted ===================================== @@ -1,12 +0,0 @@ - - -<div class="onion-pattern-container"> - <div class="onion-pattern-crop"/> -</div> \ No newline at end of file View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/410b9a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/410b9a… You're receiving this email because of your account on gitlab.torproject.org. [View Less]

1 0

[Git][tpo/applications/mullvad-browser-update-responses][main] 2 commits: alpha: new version, 13.5a2
by richard (＠richard) 05 Dec '23

05 Dec '23

richard pushed to branch main at The Tor Project / Applications / mullvad-browser-update-responses Commits: a699b121 by Richard Pospesel at 2023-11-28T17:15:24+00:00 alpha: new version, 13.5a2 - - - - - 40a15b9a by Richard Pospesel at 2023-12-05T16:57:15+00:00 release: new version, 13.0.6 - - - - - 30 changed files: - update_1/alpha/.htaccess - − update_1/alpha/13.0a4-13.5a1-linux-x86_64-ALL.xml - − update_1/alpha/13.0a4-13.5a1-macos-ALL.xml - − update_1/alpha/13.0a4-13.5a1-windows-… [View More]

1 0

[Git][tpo/applications/tor-browser-update-responses][main] release: new version, 13.0.6
by richard (＠richard) 05 Dec '23

05 Dec '23

richard pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: 4d2eccc7 by Richard Pospesel at 2023-12-05T16:23:01+00:00 release: new version, 13.0.6 - - - - - 30 changed files: - update_3/release/.htaccess - − update_3/release/13.0-13.0.5-linux-i686-ALL.xml - − update_3/release/13.0-13.0.5-linux-x86_64-ALL.xml - − update_3/release/13.0-13.0.5-macos-ALL.xml - − update_3/release/13.0-13.0.5-windows-i686-ALL.xml - − update_3/release/13.0-13.0.5-… [View More]

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] 2 commits: Bug 41036: Remove go_vendor-lyrebird-nightly makefile target
by boklm (＠boklm) 05 Dec '23

05 Dec '23

boklm pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: f3939e09 by Nicolas Vigier at 2023-12-05T16:44:03+01:00 Bug 41036: Remove go_vendor-lyrebird-nightly makefile target Since after #40948 we don't check lyrebird-vendor sha256sum in nightly, we don't need to use the `go_vendor-lyrebird-nightly` makefile target anymore. - - - - - 38fc8374 by Nicolas Vigier at 2023-12-05T16:46:01+01:00 Bug 41036: Rename go_vendor-$project-alpha make … [View More]targets to go_vendor-$project Since we don't have a `-nightly` target anymore, we don't need to keep `-alpha` in the other targets. - - - - - 2 changed files: - Makefile - doc/how-to-update-go-dependencies.txt Changes: ===================================== Makefile ===================================== @@ -631,21 +631,18 @@ cargo_vendor-application-services: submodule-update cargo_vendor-cbindgen: submodule-update $(rbm) build cbindgen --step cargo_vendor --target alpha --target torbrowser-linux-x86_64 -go_vendor-snowflake-alpha: submodule-update +go_vendor-snowflake: submodule-update $(rbm) build snowflake --step go_vendor --target alpha --target torbrowser-linux-x86_64 -go_vendor-conjure-alpha: submodule-update +go_vendor-conjure: submodule-update $(rbm) build conjure --step go_vendor --target alpha --target torbrowser-linux-x86_64 -go_vendor-webtunnel-alpha: submodule-update +go_vendor-webtunnel: submodule-update $(rbm) build webtunnel --step go_vendor --target alpha --target torbrowser-linux-x86_64 -go_vendor-lyrebird-alpha: submodule-update +go_vendor-lyrebird: submodule-update $(rbm) build lyrebird --step go_vendor --target alpha --target torbrowser-linux-x86_64 -go_vendor-lyrebird-nightly: submodule-update - $(rbm) build lyrebird --step go_vendor --target nightly --target torbrowser-linux-x86_64 - ############# # rcodesign # ===================================== doc/how-to-update-go-dependencies.txt ===================================== @@ -2,8 +2,7 @@ When the dependencies of a go project ($project in the following lines) are changing: - the go.mod and go.sum files in $project.git are updated -- in tor-browser-build, run `make go_vendor-$project-alpha` or - `make go_vendor-$project-nightly` +- in tor-browser-build, run `make go_vendor-$project` - find the new file created in directory `out/$project/go_vendor` and compute its sha256sum - in `projects/$project/config`, update `norec/sha256sum` for `go_vendor` View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org. [View Less]

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 41036: Remove go_vendor-lyrebird-nightly makefile target
by boklm (＠boklm) 05 Dec '23

05 Dec '23

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 8e7cef63 by Nicolas Vigier at 2023-12-05T16:16:45+01:00 Bug 41036: Remove go_vendor-lyrebird-nightly makefile target Since after #40948 we don't check lyrebird-vendor sha256sum in nightly, we don't need to use the `go_vendor-lyrebird-nightly` makefile target anymore. - - - - - db02c9d4 by Nicolas Vigier at 2023-12-05T16:32:00+01:00 Bug 41036: Rename go_vendor-$project-alpha make … [View More]targets to go_vendor-$project Since we don't have a `-nightly` target anymore, we don't need to keep `-alpha` in the other targets. - - - - - 2 changed files: - Makefile - doc/how-to-update-go-dependencies.txt Changes: ===================================== Makefile ===================================== @@ -637,21 +637,18 @@ cargo_vendor-wasm-bindgen: submodule-update cargo_vendor-lox: submodule-update $(rbm) build lox-wasm --step cargo_vendor --target alpha --target torbrowser-linux-x86_64 -go_vendor-snowflake-alpha: submodule-update +go_vendor-snowflake: submodule-update $(rbm) build snowflake --step go_vendor --target alpha --target torbrowser-linux-x86_64 -go_vendor-conjure-alpha: submodule-update +go_vendor-conjure: submodule-update $(rbm) build conjure --step go_vendor --target alpha --target torbrowser-linux-x86_64 -go_vendor-webtunnel-alpha: submodule-update +go_vendor-webtunnel: submodule-update $(rbm) build webtunnel --step go_vendor --target alpha --target torbrowser-linux-x86_64 -go_vendor-lyrebird-alpha: submodule-update +go_vendor-lyrebird: submodule-update $(rbm) build lyrebird --step go_vendor --target alpha --target torbrowser-linux-x86_64 -go_vendor-lyrebird-nightly: submodule-update - $(rbm) build lyrebird --step go_vendor --target nightly --target torbrowser-linux-x86_64 - ############# # rcodesign # ===================================== doc/how-to-update-go-dependencies.txt ===================================== @@ -2,8 +2,7 @@ When the dependencies of a go project ($project in the following lines) are changing: - the go.mod and go.sum files in $project.git are updated -- in tor-browser-build, run `make go_vendor-$project-alpha` or - `make go_vendor-$project-nightly` +- in tor-browser-build, run `make go_vendor-$project` - find the new file created in directory `out/$project/go_vendor` and compute its sha256sum - in `projects/$project/config`, update `norec/sha256sum` for `go_vendor` View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org. [View Less]

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] 2 commits: Bug 40884: add upload-sha256sums make target and release script
by Pier Angelo Vendrame (＠pierov) 05 Dec '23

05 Dec '23

Pier Angelo Vendrame pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 744d13bf by Dan Ballard at 2023-12-05T08:46:28+01:00 Bug 40884: add upload-sha256sums make target and release script - - - - - bfc545e4 by Pier Angelo Vendrame at 2023-12-05T08:46:45+01:00 Bug 41026: Use a relative target_dir in upload_sha256sums ~/ is expanded by the shell issuing the command, so it results in the local home directory, not the remote one. However, since we are … [View More]using a path that is relative to the home, we can simply use a relative one. - - - - - 4 changed files: - Makefile - projects/release/config - + projects/release/upload_sha256sums - rbm.local.conf.example Changes: ===================================== Makefile ===================================== @@ -668,12 +668,28 @@ cargo_vendor-rcodesign: submodule-update submodule-update: git submodule update --init +# requires tpo_user variable be set in rbm.local.conf +torbrowser-upload-sha256sums-release: submodule-update + $(rbm) build release --step upload_sha256sums --target release --target torbrowser + +# requires tpo_user variable be set in rbm.local.conf +torbrowser-upload-sha256sums-alpha: submodule-update + $(rbm) build release --step upload_sha256sums --target alpha --target torbrowser + torbrowser-signtag-release: submodule-update $(rbm) build release --step signtag --target release --target torbrowser torbrowser-signtag-alpha: submodule-update $(rbm) build release --step signtag --target alpha --target torbrowser +# requires tpo_user variable be set in rbm.local.conf +mullvadbrowser-upload-sha256sums-release: submodule-update + $(rbm) build release --step upload_sha256sums --target release --target mullvadbrowser + +# requires tpo_user variable be set in rbm.local.conf +mullvadbrowser-upload-sha256sums-alpha: submodule-update + $(rbm) build release --step upload_sha256sums --target alpha --target mullvadbrowser + mullvadbrowser-signtag-release: submodule-update $(rbm) build release --step signtag --target release --target mullvadbrowser ===================================== projects/release/config ===================================== @@ -258,6 +258,11 @@ steps: debug: 0 input_files: [] dmg2mar: '[% INCLUDE dmg2mar %]' + upload_sha256sums: + build_log: '-' + debug: 0 + input_files: [] + upload_sha256sums: '[% INCLUDE upload_sha256sums %]' compare_windows_signed_unsigned_exe: build_log: '-' debug: 0 ===================================== projects/release/upload_sha256sums ===================================== @@ -0,0 +1,34 @@ +#!/bin/sh +# Tool to sign sha256sums of builds and upload them to where signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo expects them to be + +version=[% c("version") %]-[% c("var/torbrowser_build") %] +signed=[% c("var/signed_status") %] +channel=[% c("var/build_target") %] +browser=[% c("var/browser_type") %] + +src_dir=[% shell_quote(path(dest_dir)) %]/$signed/$version + +target_dir=public_html/builds/$browser/$channel/$version/ + +echo "browser:$browser channel:$channel signed:$signed version:$version" + +if [ ! -d $src_dir ]; then + echo "ERROR: $src_dir does not exist!" + exit +fi + +cd $src_dir +for i in sha256sums*.txt; do + if [ ! -f $i.asc ] ; then + gpg -abs [% c("var/sign_build_gpg_opts") %] $i; + fi +done + +if [ -z '[% c("var/tpo_user") %]' ]; then + print "tpo_user variable unset, required to upload to people.torproject.org. Please set in rbm.local.conf" + exit +fi + +ssh [% c("var/tpo_user") %](a)people.torproject.org "mkdir -p $target_dir" +rsync sha256sums*.* [% c("var/tpo_user") %]@people.torproject.org:$target_dir +echo "Synced sha256sums to https://people.torproject.org/~[% c("var/tpo_user") %]/builds/$browser/$channel/$version/" ===================================== rbm.local.conf.example ===================================== @@ -55,6 +55,11 @@ var: ### and sha256sums-unsigned-build.incrementals.txt files. #sign_build_gpg_opts: '--local-user XXXXXXXX' + ### The var/tpo_user option is used on the release upload_sha256sums step + ### and is the user on people.torproject.org that ssh/rsync will try to + ### upload the files to + #tpo_user: username + ### The clean configuration is used by the cleaning script to find the ### branches and build targets you are using, to compute the list of ### files that should be kept. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org. [View Less]

1 0