- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build][main] Bug 41653: Add firefox_platform_version.txt file in artifacts directory
by boklm (＠boklm) 18 Dec '25

18 Dec '25

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 08980e56 by Nicolas Vigier at 2025-12-18T12:00:43+01:00 Bug 41653: Add firefox_platform_version.txt file in artifacts directory Add a file containing the firefox version to make it easier to archive artifacts by firefox version in nightly builds. - - - - - 1 changed file: - projects/firefox/build Changes: ===================================== projects/firefox/build ===================================== @@ -151,6 +151,8 @@ echo "Starting ./mach build $(date)" ./mach python -m mozbuild.action.test_archive mozharness mozharness.zip mv mozharness.zip $artifactsdir + + echo -n '[% c("var/firefox_platform_version") %]' > "$artifactsdir/firefox_platform_version.txt" [% END %] [% IF c("var/macos") -%] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41668: Build mozharness when building dev artifacts
by boklm (＠boklm) 18 Dec '25

18 Dec '25

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 49da2bdf by Beatriz Rizental at 2025-12-18T11:28:22+01:00 Bug 41668: Build mozharness when building dev artifacts - - - - - 1 changed file: - projects/firefox/build Changes: ===================================== projects/firefox/build ===================================== @@ -148,6 +148,9 @@ echo "Starting ./mach build $(date)" artifactsdir=[% out_dir %]/artifacts/[% c("var/osname") %] mkdir -p $artifactsdir mv obj-*/dist/target.* $artifactsdir + + ./mach python -m mozbuild.action.test_archive mozharness mozharness.zip + mv mozharness.zip $artifactsdir [% END %] [% IF c("var/macos") -%] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] MB 501: Use rapid release Firefox tags when needed.
by ma1 (＠ma1) 18 Dec '25

18 Dec '25

ma1 pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 1a4c299c by hackademix at 2025-12-17T22:33:13+01:00 MB 501: Use rapid release Firefox tags when needed. - - - - - 1 changed file: - tools/signing/publish-github.mullvadbrowser Changes: ===================================== tools/signing/publish-github.mullvadbrowser ===================================== @@ -25,13 +25,13 @@ TARGET="--target $CHANNEL --target mullvadbrowser-linux-x86_64" MB_TAG=$(showconf firefox git_hash $TARGET) MB_BRANCH=${MB_TAG//-build[0-9]*/} BB_BRANCH=${MB_BRANCH//mullvad-/base-} -ESR_VERSION=$(showconf firefox var/firefox_version $TARGET) +FX_VERSION=$(showconf firefox var/firefox_version $TARGET) BASE_VERSION=$(showconf release var/torbrowser_version $TARGET) RELEASE_VERSION="${BASE_VERSION}${mbrtag_suffix}" RELEASE_URL="https://dist.torproject.org/mullvadbrowser/${RELEASE_VERSION}/" if ! curl -f "$RELEASE_URL" >/dev/null 2>&1 ; then echo >&2 "$RELEASE_URL not found! Maybe you need to run:" - echo >&2 "ssh staticiforme.torproject.org 'cd /srv/dist-master.torproject.org/htdocs/mullvadbrowser && static-update-component dist.torproject.org'" + echo >&2 "ssh staticiforme.torproject.org 'static-update-component dist.torproject.org' && $0" exit 2 fi pushd >/dev/null ../../git_clones/firefox @@ -39,8 +39,9 @@ echo "Fetching $MB_BRANCH and tags..." git fetch --tags "$GL_REMOTE_MULLVAD" "$MB_BRANCH" git fetch --tags "$GL_REMOTE_TOR" "$BB_BRANCH" BB_TAG=$(git tag -l "$BB_BRANCH-build*" | tail -n1) -FX_TAG=$(git tag -l "FIREFOX_${ESR_VERSION//\./_}*" | tail -n1) +FX_TAG=$(git tag -l "FIREFOX_*${FX_VERSION//\./_}*" "FIREFOX_NIGHTLY_${FX_VERSION//\.0a[0-9]*/}*" | tail -n1) echo "QA build version: $BASE_VERSION" +echo "Firefox version: $FX_VERSION" echo "MB tag: $MB_TAG" echo "BB tag: $BB_TAG" echo "FX tag: $FX_TAG" @@ -53,7 +54,7 @@ if ! [[ $REPLY =~ ^[Yy]$ ]]; then fi git checkout $MB_TAG -[[ $(git tag -l $RELEASE_VERSION) ]] || git tag -s $RELEASE_VERSION -m"$ESR_VERSION-based $RELEASE_VERSION" +[[ $(git tag -l $RELEASE_VERSION) ]] || git tag -s $RELEASE_VERSION -m"$FX_VERSION-based $RELEASE_VERSION" git tag -n1 $RELEASE_VERSION git push "$GH_REMOTE" "HEAD:refs/heads/$MB_BRANCH" git push "$GH_REMOTE" "$FX_TAG" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-146.0a1-16.0-2] 4 commits: fixup! TB 43817: Add tests for Tor Browser
by brizental (＠brizental) 17 Dec '25

17 Dec '25

brizental pushed to branch tor-browser-146.0a1-16.0-2 at The Tor Project / Applications / Tor Browser Commits: 5ca6dda1 by Beatriz Rizental at 2025-12-17T10:45:07-03:00 fixup! TB 43817: Add tests for Tor Browser Bug 43243: Rename marionette.toml to manifest.toml just for consistency sake. All other marionette manifest files are named that. - - - - - 27ece0a4 by Beatriz Rizental at 2025-12-17T10:45:19-03:00 fixup! TB 43817: Add tests for Tor Browser Bug 43243: Make it possible to run all tor test just by using tags. Just adding the tag wasn't enough though, had to add it to a list of tests in integration-tests.toml. Might be an upstream bug, but I don't feel like debugging that. Also it's easy enough. - - - - - ea62300f by Beatriz Rizental at 2025-12-17T10:45:26-03:00 fixup! TB 43817: Add tests for Tor Browser Bug 43243: iInclude testing/tor directory into common test archive. - - - - - 3349d936 by Beatriz Rizental at 2025-12-17T10:45:35-03:00 fixup! TB 43817: Add tests for Tor Browser Bug 43243: BUGFIX: Make it possible to run both tor browser tests in sequence. Turns out they need to explicitly close the browser, otherwise marionette doesn't do that for us unless it's the end of the whole suite. We want a restart, because we want to bootstrap before each test. - - - - - 6 changed files: - python/mozbuild/mozbuild/action/test_archive.py - testing/marionette/harness/marionette_harness/tests/integration-tests.toml - testing/moz.build - testing/tor/marionette.toml → testing/tor/manifest.toml - testing/tor/test_circuit_isolation.py - testing/tor/test_network_check.py Changes: ===================================== python/mozbuild/mozbuild/action/test_archive.py ===================================== @@ -229,6 +229,12 @@ ARCHIVE_FILES = { "pattern": "**", "dest": "certs", }, + { + "source": buildconfig.topsrcdir, + "base": "", + "pattern": "testing/tor", + "dest": "tor", + }, ], "cppunittest": [ {"source": STAGE, "base": "", "pattern": "cppunittest/**"}, ===================================== testing/marionette/harness/marionette_harness/tests/integration-tests.toml ===================================== @@ -56,6 +56,10 @@ ["include:../../../../../netwerk/test/marionette/manifest.toml"] +# tor tests + +["include:../../../../../testing/tor/manifest.toml"] + # toolkit tests ["include:../../../../../toolkit/components/antitracking/bouncetrackingprotection/test/marionette/manifest.toml"] ===================================== testing/moz.build ===================================== @@ -18,4 +18,4 @@ PERFTESTS_MANIFESTS += [ "performance/perftest.toml", ] -MARIONETTE_MANIFESTS += ["tor/marionette.toml"] +MARIONETTE_MANIFESTS += ["tor/manifest.toml"] ===================================== testing/tor/marionette.toml → testing/tor/manifest.toml ===================================== @@ -1,4 +1,5 @@ [DEFAULT] +tags = "tor" ["test_circuit_isolation.py"] ===================================== testing/tor/test_circuit_isolation.py ===================================== @@ -8,6 +8,9 @@ TOR_BOOTSTRAP_TIMEOUT = 30000 # 30s class TestCircuitIsolation(MarionetteTestCase): + def tearDown(self): + self.marionette.restart(in_app=False, clean=True) + super(TestCircuitIsolation, self).tearDown() def bootstrap(self): with self.marionette.using_context("chrome"): ===================================== testing/tor/test_network_check.py ===================================== @@ -14,6 +14,10 @@ class TestNetworkCheck(MarionetteTestCase): self.l10n = L10n(self.marionette) + def tearDown(self): + self.marionette.restart(in_app=False, clean=True) + super(TestNetworkCheck, self).tearDown() + def attemptConnection(self, tries=1): if tries > 3: self.assertTrue(False, "Failed to connect to Tor after 3 attempts") View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/b05a0c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/b05a0c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new branch tor-browser-147.0a1-16.0-1
by henry (＠henry) 17 Dec '25

17 Dec '25

henry pushed new branch tor-browser-147.0a1-16.0-1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 3 commits: Bug 41670: Add script to download Tor VPN release
by boklm (＠boklm) 16 Dec '25

16 Dec '25

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 714dcf10 by Nicolas Vigier at 2025-12-16T17:39:16+01:00 Bug 41670: Add script to download Tor VPN release - - - - - 267928a9 by Nicolas Vigier at 2025-12-16T17:39:18+01:00 Bug 41673: Update linux-signer-sign-android-apks to sign per-arch torvpn apks - - - - - 9ee47407 by Nicolas Vigier at 2025-12-16T17:39:20+01:00 Bug 41672: Prepare Tor VPN 1.4.0Beta - - - - - 4 changed files: - .gitlab/issue_templates/Release Prep - Tor VPN.md - rbm.conf - + tools/signing/download-torvpn-release.torvpn - tools/signing/linux-signer-sign-android-apks Changes: ===================================== .gitlab/issue_templates/Release Prep - Tor VPN.md ===================================== @@ -41,12 +41,7 @@ Tor VPN is on the `main` branch - pierov - [ ] Ensure all builders have matching builds - Place the Tor VPN release to be signed in directory `torvpn/alpha/signed/${TOR_VPN_VERSION}`: - - [ ] `mkdir torvpn/alpha/signed/${TOR_VPN_VERSION} && cd torvpn/alpha/signed/${TOR_VPN_VERSION}` - - [ ] `wget https://${URL_PATH}/app-release.aab` (replacing `${URL_PATH}` with the location where the unsigned build has been published) - - [ ] `mv app-release.aab tor-vpn-${TOR_VPN_VERSION}.aab` - - [ ] `wget https://${URL_PATH}/app-release-unsigned.apk` (replacing `${URL_PATH}` with the location where the unsigned build has been published) - - [ ] `mv app-release-unsigned.apk tor-vpn-qa-unsigned-android-multiarch-${TOR_VPN_VERSION}.apk` - - [ ] `sha256sum tor-vpn-* > sha256sums-unsigned-build.txt` + - [ ] `./tools/signing/download-torvpn-release.torvpn ${URL_PATH}` (replacing `${URL_PATH}` with the location where the unsigned build has been published, for example https://tb-build-03.torproject.org/~dan/vpn/1.4.0Beta/) - [ ] Compare checksums from `sha256sums-unsigned-build.txt` with expected checksums - [ ] On `${STAGING_SERVER}`, ensure updated: - [ ] `tor-browser-build` is on the right commit ===================================== rbm.conf ===================================== @@ -339,9 +339,9 @@ targets: torvpn: var: tor-vpn: 1 - torbrowser_version: '1.3.0Beta' + torbrowser_version: '1.4.0Beta' torbrowser_build: 'build1' - browser_release_date: '2025/10/31 07:30:00' + browser_release_date: '2025/12/16 15:00:00' project-name: tor-vpn projectname: torvpn Project_Name: 'Tor VPN' ===================================== tools/signing/download-torvpn-release.torvpn ===================================== @@ -0,0 +1,54 @@ +#!/bin/bash +# +# This script downloads a Tor VPN release from the given URL and will +# rename the files and put them in torvpn/alpha/signed/$version (where +# $version is the torvpn version defined in rbm.conf). +# +# Usage: download-torvpn-release.torvpn <base_url> +# +# base_url: URL directory where the release can be downloaded. For +# example https://tb-build-03.torproject.org/~dan/vpn/1.4.0Beta/. +# +set -e +script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source "$script_dir/functions" + +base_url="$1" + +test -d "$signed_version_dir" && \ + exit_error "Directory already exist: $signed_version_dir" + +test $# -ne 1 && \ + exit_error "Wrong number of arguments" + +tmpdir=$(mktemp -p "$script_dir/../../tmp" -d) +trap "rm -Rf $tmpdir" EXIT +cd $tmpdir +for arch in arm64v8a armeabiv7a universal x86 x86_64 +do + case "$arch" in + arm64v8a) + dest_arch=aarch64 + ;; + armeabiv7a) + dest_arch=armv7 + ;; + universal) + dest_arch=multiarch + ;; + *) + dest_arch="$arch" + ;; + esac + dl_filename="app-$arch-release-unsigned.apk" + wget -O "$dl_filename" "$base_url/$dl_filename" + mv "$dl_filename" "tor-vpn-qa-unsigned-android-${dest_arch}-${tbb_version}.apk" +done + +wget -O app-universal-release.aab "$base_url/app-universal-release.aab" +mv app-universal-release.aab "tor-vpn-${tbb_version}.aab" +sha256sum $(ls -1 *.apk *.aab | sort) > sha256sums-unsigned-build.txt +cat sha256sums-unsigned-build.txt + +mkdir -p "$signed_version_dir" +mv -f *.aab *.apk *.txt "$signed_version_dir" ===================================== tools/signing/linux-signer-sign-android-apks ===================================== @@ -7,7 +7,7 @@ source "$script_dir/functions" topdir="$script_dir/../.." ARCHS="armv7 aarch64 x86_64" -test "$SIGNING_PROJECTNAME" = 'torvpn' && ARCHS='multiarch' +test "$SIGNING_PROJECTNAME" = 'torvpn' && ARCHS="$ARCHS x86 multiarch" projname=$(project-name) # tbb_version_type, tbb_version and SIGNING_PROJECTNAME are used in # wrappers/sign-apk, so we export them View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-15.0] Update rbm for rbm#40090 and rbm#40095
by boklm (＠boklm) 16 Dec '25

16 Dec '25

boklm pushed to branch maint-15.0 at The Tor Project / Applications / tor-browser-build Commits: 0988a1dd by Nicolas Vigier at 2025-12-16T17:29:34+01:00 Update rbm for rbm#40090 and rbm#40095 - - - - - 1 changed file: - rbm Changes: ===================================== rbm ===================================== @@ -1 +1 @@ -Subproject commit 8c5f3899cfe239a779c46182361aa1b2ab4f8957 +Subproject commit 8885e87c2def8fe2f85c76fd8df0226fff99f9a4 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Update rbm for rbm#40095
by boklm (＠boklm) 16 Dec '25

16 Dec '25

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 5f158a2f by Nicolas Vigier at 2025-12-16T17:24:21+01:00 Update rbm for rbm#40095 Closing #41664 - - - - - 1 changed file: - rbm Changes: ===================================== rbm ===================================== @@ -1 +1 @@ -Subproject commit e099ccbd0abd1c693f76705a6cb5446d12f0bae2 +Subproject commit 8885e87c2def8fe2f85c76fd8df0226fff99f9a4 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/rbm][main] Bug 40095: Cached checksums should not be used for input files when refresh_input is enabled
by boklm (＠boklm) 16 Dec '25

16 Dec '25

boklm pushed to branch main at The Tor Project / Applications / RBM Commits: 8885e87c by Nicolas Vigier at 2025-12-16T11:28:54+01:00 Bug 40095: Cached checksums should not be used for input files when refresh_input is enabled - - - - - 1 changed file: - lib/RBM.pm Changes: ===================================== lib/RBM.pm ===================================== @@ -864,6 +864,7 @@ sub input_file_id { my $opts = { norec => { output_dir => '/out', getting_id => 1, }}; return $filename . ':' . sha256_hex($t->('exec', $opts)) if $input_file->{exec}; + shafile('sha256sum', $fname, { remove_cache => 1 }) if $t->('refresh_input'); return input_file_id_hash($fname, $filename); } View it on GitLab: https://gitlab.torproject.org/tpo/applications/rbm/-/commit/8885e87c2def8fe… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/rbm/-/commit/8885e87c2def8fe… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] 6 commits: alpha: new version, 16.0a1 (linux-aarch64)
by ma1 (＠ma1) 16 Dec '25

16 Dec '25

ma1 pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: 11b4b81d by hackademix at 2025-12-16T16:58:56+01:00 alpha: new version, 16.0a1 (linux-aarch64) - - - - - c635eeab by hackademix at 2025-12-16T16:58:56+01:00 alpha: new version, 16.0a1 (linux-x86_64) - - - - - bb76010a by hackademix at 2025-12-16T16:58:57+01:00 alpha: new version, 16.0a1 (macos) - - - - - 3c5d5fb3 by hackademix at 2025-12-16T16:58:57+01:00 alpha: new version, 16.0a1 (windows-i686) - - - - - a090c372 by hackademix at 2025-12-16T16:58:57+01:00 alpha: new version, 16.0a1 (windows-x86_64) - - - - - 47f2f19c by hackademix at 2025-12-16T16:58:58+01:00 alpha: new version, 16.0a1 - - - - - 45 changed files: - update_3/alpha/.htaccess - update_3/alpha/download-android-aarch64.json - update_3/alpha/download-android-armv7.json - update_3/alpha/download-android-x86_64.json - + update_3/alpha/download-linux-aarch64.json - update_3/alpha/download-linux-x86_64.json - update_3/alpha/download-macos.json - update_3/alpha/download-windows-i686.json - update_3/alpha/download-windows-x86_64.json - update_3/alpha/downloads.json - + update_3/alpha/linux-aarch64/.htaccess - + update_3/alpha/linux-aarch64/no-update.xml - + update_3/alpha/linux-aarch64/update-16.0a1-linux-aarch64.xml - update_3/alpha/linux-x86_64/.htaccess - update_3/alpha/linux-x86_64/update-15.0a1-15.0a4-linux-x86_64.xml → update_3/alpha/linux-x86_64/update-15.0a2-16.0a1-linux-x86_64.xml - update_3/alpha/linux-x86_64/update-15.0a2-15.0a4-linux-x86_64.xml → update_3/alpha/linux-x86_64/update-15.0a3-16.0a1-linux-x86_64.xml - update_3/alpha/linux-x86_64/update-15.0a3-15.0a4-linux-x86_64.xml → update_3/alpha/linux-x86_64/update-15.0a4-16.0a1-linux-x86_64.xml - update_3/alpha/linux-x86_64/update-15.0a4-linux-x86_64.xml → update_3/alpha/linux-x86_64/update-16.0a1-linux-x86_64.xml - update_3/alpha/macos/.htaccess - − update_3/alpha/macos/update-15.0a1-15.0a4-macos.xml - − update_3/alpha/macos/update-15.0a2-15.0a4-macos.xml - + update_3/alpha/macos/update-15.0a2-16.0a1-macos.xml - − update_3/alpha/macos/update-15.0a3-15.0a4-macos.xml - + update_3/alpha/macos/update-15.0a3-16.0a1-macos.xml - + update_3/alpha/macos/update-15.0a4-16.0a1-macos.xml - − update_3/alpha/macos/update-15.0a4-macos.xml - + update_3/alpha/macos/update-16.0a1-macos.xml - update_3/alpha/windows-i686/.htaccess - − update_3/alpha/windows-i686/update-15.0a1-15.0a4-windows-i686.xml - − update_3/alpha/windows-i686/update-15.0a2-15.0a4-windows-i686.xml - + update_3/alpha/windows-i686/update-15.0a2-16.0a1-windows-i686.xml - − update_3/alpha/windows-i686/update-15.0a3-15.0a4-windows-i686.xml - + update_3/alpha/windows-i686/update-15.0a3-16.0a1-windows-i686.xml - + update_3/alpha/windows-i686/update-15.0a4-16.0a1-windows-i686.xml - − update_3/alpha/windows-i686/update-15.0a4-windows-i686.xml - + update_3/alpha/windows-i686/update-16.0a1-windows-i686.xml - update_3/alpha/windows-x86_64/.htaccess - − update_3/alpha/windows-x86_64/update-15.0a1-15.0a4-windows-x86_64.xml - − update_3/alpha/windows-x86_64/update-15.0a2-15.0a4-windows-x86_64.xml - + update_3/alpha/windows-x86_64/update-15.0a2-16.0a1-windows-x86_64.xml - − update_3/alpha/windows-x86_64/update-15.0a3-15.0a4-windows-x86_64.xml - + update_3/alpha/windows-x86_64/update-15.0a3-16.0a1-windows-x86_64.xml - + update_3/alpha/windows-x86_64/update-15.0a4-16.0a1-windows-x86_64.xml - − update_3/alpha/windows-x86_64/update-15.0a4-windows-x86_64.xml - + update_3/alpha/windows-x86_64/update-16.0a1-windows-x86_64.xml The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41671: Update apk signing script to check for v3 instead of v1 signatures
by boklm (＠boklm) 16 Dec '25

16 Dec '25

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 5f4ef79a by Nicolas Vigier at 2025-12-16T16:04:39+01:00 Bug 41671: Update apk signing script to check for v3 instead of v1 signatures - - - - - 1 changed file: - tools/signing/linux-signer-sign-android-apks Changes: ===================================== tools/signing/linux-signer-sign-android-apks ===================================== @@ -36,8 +36,8 @@ sign_apk() { verify_apk() { verified=$(apksigner verify --print-certs --verbose "$1") - scheme_v1="Verified using v1 scheme (JAR signing): true" scheme_v2="Verified using v2 scheme (APK Signature Scheme v2): true" + scheme_v3="Verified using v3 scheme (APK Signature Scheme v3): true" if test "$tbb_version_type" = "alpha"; then cert_digest="Signer #1 certificate SHA-256 digest: 15f760b41acbe4783e667102c9f67119be2af62fab07763f9d57f01e5e1074e1" @@ -47,12 +47,10 @@ verify_apk() { pubkey_digest="Signer #1 public key SHA-256 digest: 343ca8a2e5452670bdc335a181a4baed909f868937d68c4653e44ef84de8dfc6" fi if test "$SIGNING_PROJECTNAME" = "torvpn"; then - # No v1 scheme signature on torvpn apk - scheme_v1='' cert_digest="Signer #1 certificate SHA-256 digest: c2f6ffa30e56a7c53a226248ef908612ee539df2f52bede5a55037425b83331d" pubkey_digest="Signer #1 public key SHA-256 digest: fddc5f93ae0bc971e951481b0b5e6b62e47040fe979ff535cf75daade2f13f3d" fi - for digest in "${scheme_v1}" "${scheme_v2}" "${cert_digest}" "${pubkey_digest}"; do + for digest in "${scheme_v2}" "${scheme_v3}" "${cert_digest}" "${pubkey_digest}"; do test -z "$digest" && continue if ! echo "${verified}" | grep -q "${digest}"; then echo "Expected digest not found:" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-16.0a1-build3
by Pier Angelo Vendrame (＠pierov) 16 Dec '25

16 Dec '25

Pier Angelo Vendrame pushed new tag tbb-16.0a1-build3 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 41669: Restore UglifyJS but for Android x86_64.
by Pier Angelo Vendrame (＠pierov) 16 Dec '25

16 Dec '25

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 43f7cf99 by Pier Angelo Vendrame at 2025-12-16T09:10:56+01:00 Bug 41669: Restore UglifyJS but for Android x86_64. In 15.0 we use UglifyJS for Android x86. We dropped it in the 16.0 series, as we do not support Android x86, but with this commit we temporarily restore it for x86_64 to fit in the Play Store requirements. With Firefox 148 we might be able to use the same minifier Mozilla uses, since they recently switched to a different one. - - - - - c1a2d204 by Pier Angelo Vendrame at 2025-12-16T10:44:28+01:00 Bug 41513: Prepare Tor Browser 16.0a1 (build3). Build Android again to make sure we do not exceed the Play Store's threshold for APK size with the x86_64 APK. - - - - - 6 changed files: - projects/browser/build.android - projects/browser/config - + projects/uglifyjs/README.md - + projects/uglifyjs/build - + projects/uglifyjs/config - rbm.conf Changes: ===================================== projects/browser/build.android ===================================== @@ -2,6 +2,12 @@ [% c("var/set_default_env") -%] [% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %] +[% IF c("var/android-x86_64") -%] + tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/node') %] + export PATH=/var/tmp/dist/node/bin:$PATH + tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/uglifyjs') %] +[% END -%] + # Bundle our extension(s). # # NoScript will be copied over to the profile folder @@ -58,6 +64,11 @@ function generate_apk { [% IF c("var/tor-browser") -%] cp -a ../moat_countries.json ../tor/pluggable_transports/pt_config.json chrome/toolkit/content/global/ [% END -%] + [% IF c("var/android-x86_64") -%] + find actors chrome modules moz-src \ + -name '*.js' -or -name '*.mjs' \ + -exec /var/tmp/dist/uglifyjs/bin/uglifyjs --in-situ {} \; + [% END -%] [% c('zip', { zip_src => [ '.' ], zip_args => '-0 ../assets/omni.ja', ===================================== projects/browser/config ===================================== @@ -158,3 +158,9 @@ input_files: # tor-browser-build#40920 - filename: sort-baseline.py enable: '[% c("var/android") %]' + - project: node + name: node + enable: '[% c("var/android-x86_64") %]' + - project: uglifyjs + name: uglifyjs + enable: '[% c("var/android-x86_64") %]' ===================================== projects/uglifyjs/README.md ===================================== @@ -0,0 +1 @@ +This project fetches UglifyJS without any other changes. ===================================== projects/uglifyjs/build ===================================== @@ -0,0 +1,4 @@ +#!/bin/bash +tar -xf [% project %]-[% c('version') %].tar.[% c('compress_tar') %] +mv [% project %]-[% c('version') %] [% project %] +tar -caf [% dest_dir %]/[% c("filename") %] [% project %] ===================================== projects/uglifyjs/config ===================================== @@ -0,0 +1,4 @@ +version: 3.19.3 +filename: 'uglifyjs-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' +git_hash: 3ea33afc72462a470466473208a33379b7204765 +git_url: https://github.com/mishoo/UglifyJS.git ===================================== rbm.conf ===================================== @@ -82,7 +82,7 @@ buildconf: var: torbrowser_version: '16.0a1' - torbrowser_build: 'build2' + torbrowser_build: 'build3' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. browser_release_date: '2025/12/11 14:20:12' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41665: Update macos signing wrapper for new executable gpu-helper.app
by ma1 (＠ma1) 16 Dec '25

16 Dec '25

ma1 pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: d7e795d4 by Nicolas Vigier at 2025-12-15T16:54:16+01:00 Bug 41665: Update macos signing wrapper for new executable gpu-helper.app - - - - - 4 changed files: - tools/signing/linux-signer-rcodesign-sign - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/sudoers.d/sign-rcodesign-146 - + tools/signing/wrappers/sign-rcodesign-146 Changes: ===================================== tools/signing/linux-signer-rcodesign-sign ===================================== @@ -21,6 +21,6 @@ rm -f "$destdir/$output_file" volume=~/"$SIGNING_PROJECTNAME-$tbb_version"/"$(project-name)-macos-${tbb_version}.hfs" echo "Using $volume" -sudo -u signing-macos -- /signing/tor-browser-build/tools/signing/wrappers/sign-rcodesign-128 "$volume" "$display_name" +sudo -u signing-macos -- /signing/tor-browser-build/tools/signing/wrappers/sign-rcodesign-146 "$volume" "$display_name" cp "/home/signing-macos/last-signed-$display_name.tar.zst" "$destdir/$output_file" rm -f "$volume" ===================================== tools/signing/machines-setup/setup-signing-machine ===================================== @@ -93,6 +93,7 @@ sudoers_file sign-apk sudoers_file sign-aab sudoers_file sign-rcodesign sudoers_file sign-rcodesign-128 +sudoers_file sign-rcodesign-146 sudoers_file set-date authorized_keys boklm boklm-tb-release.pub boklm-yk1.pub ===================================== tools/signing/machines-setup/sudoers.d/sign-rcodesign-146 ===================================== @@ -0,0 +1,2 @@ +Defaults>signing-macos env_keep += "SIGNING_PROJECTNAME tbb_version_type RCODESIGN_PW" +%signing ALL = (signing-macos) NOPASSWD: /signing/tor-browser-build/tools/signing/wrappers/sign-rcodesign-146 ===================================== tools/signing/wrappers/sign-rcodesign-146 ===================================== @@ -0,0 +1,98 @@ +#!/bin/bash +set -e + +function exit_error { + for msg in "$@" + do + echo "$msg" >&2 + done + exit 1 +} + +test $# -eq 2 || exit_error "Wrong number of arguments" +dmg_file="$1" +display_name="$2" + +output_file="/home/signing-macos/last-signed-$display_name.tar.zst" +rm -f "$output_file" + +rcodesign=/signing/rcodesign-128/rcodesign +rcodesign_signing_p12_file=/home/signing-macos/keys/key-1.p12 +test -f "$rcodesign_signing_p12_file" || exit_error "$rcodesign_signing_p12_file is missing" + +tmpdir=$(mktemp -d) +trap "rm -Rf $tmpdir" EXIT +cd "$tmpdir" +7z x "$dmg_file" + +# Fix permission on files: +# https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/2… +# FIXME: Maybe we should extract the .mar file instead of the .dmg to +# preserve permissions +chmod ugo+x "$display_name/$display_name.app/Contents/MacOS"/* \ + "$display_name/$display_name.app/Contents/MacOS/updater.app/Contents/MacOS"/* \ + "$display_name/$display_name.app/Contents/MacOS/plugin-container.app/Contents/MacOS"/* \ + "$display_name/$display_name.app/Contents/MacOS/media-plugin-helper.app/Contents/MacOS"/* \ + "$display_name/$display_name.app/Contents/MacOS/gpu-helper.app/Contents/MacOS"/* \ + "$display_name/$display_name.app/Contents/Frameworks/ChannelPrefs.framework/ChannelPrefs" \ + "$display_name/$display_name.app/Contents/MacOS/updater.app/Contents/Frameworks/UpdateSettings.framework/UpdateSettings" +test -d "$display_name/$display_name.app/Contents/MacOS/Tor" && \ + chmod -R ugo+x "$display_name/$display_name.app/Contents/MacOS/Tor" + +pwdir=/run/lock/rcodesign-pw +trap "rm -Rf $pwdir" EXIT +rm -Rf "$pwdir" +mkdir "$pwdir" +chmod 700 "$pwdir" +cat > "$pwdir/rcodesign-pw-2" << EOF +$RCODESIGN_PW +EOF +tr -d '\n' < "$pwdir/rcodesign-pw-2" > "$pwdir/rcodesign-pw" +rm "$pwdir/rcodesign-pw-2" + +# unset RCODESIGN_PW since it conflicts with rcodesign config +unset RCODESIGN_PW +rcodesign_opts=" + --code-signature-flags runtime + --timestamp-url http://timestamp.apple.com:8080/ts01 + --p12-file $rcodesign_signing_p12_file + --p12-password-file $pwdir/rcodesign-pw + " + +flags=() +for dir in Contents/MacOS Contents/MacOS/Tor Contents/MacOS/Tor/PluggableTransports +do + d="$display_name/$display_name.app/$dir" + test -d "$d" || continue + pushd "$d" + for file in * + do + test -f "$file" || continue + flags+=('--code-signature-flags' "$dir/$file:runtime") + done + popd +done +echo "code-signature-flags: ${flags[@]}" + +echo "**** Signing main bundle ($display_name.app) ****" +$rcodesign sign \ + $rcodesign_opts \ + "${flags[@]}" \ + --code-signature-flags Contents/MacOS/updater.app/Contents/Frameworks/UpdateSettings.framework:runtime \ + --code-signature-flags Contents/MacOS/updater.app:runtime \ + --code-signature-flags Contents/Frameworks/ChannelPrefs.framework:runtime \ + --code-signature-flags Contents/MacOS/plugin-container.app:runtime \ + --code-signature-flags Contents/MacOS/media-plugin-helper.app:runtime \ + --code-signature-flags Contents/MacOS/gpu-helper.app:runtime \ + --entitlements-xml-path Contents/MacOS/Tor/tor:/signing/tor-browser-build/tools/signing/macos-entitlements/tor.xml \ + --entitlements-xml-path Contents/MacOS/plugin-container.app:/signing/tor-browser-build/tools/signing/macos-entitlements/plugin-container.xml \ + --entitlements-xml-path Contents/MacOS/media-plugin-helper.app:/signing/tor-browser-build/tools/signing/macos-entitlements/media-plugin-helper.xml \ + --entitlements-xml-path /signing/tor-browser-build/tools/signing/macos-entitlements/firefox.browser.xml \ + -- \ + "$display_name/$display_name.app" + +rm -f "$pwdir/rcodesign-pw" +rmdir "$pwdir" +tar -C "$display_name" -caf "$output_file" "$display_name.app" +cd - +rm -Rf "$tmpdir" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser-update-responses][main] 5 commits: alpha: new version, 16.0a1 (linux-aarch64)
by ma1 (＠ma1) 16 Dec '25

16 Dec '25

ma1 pushed to branch main at The Tor Project / Applications / mullvad-browser-update-responses Commits: a71c1b21 by hackademix at 2025-12-15T22:56:54+01:00 alpha: new version, 16.0a1 (linux-aarch64) - - - - - 008ff1d0 by hackademix at 2025-12-15T22:56:54+01:00 alpha: new version, 16.0a1 (linux-x86_64) - - - - - 66d0cffe by hackademix at 2025-12-15T22:56:55+01:00 alpha: new version, 16.0a1 (macos) - - - - - 61a3fd0b by hackademix at 2025-12-15T22:56:55+01:00 alpha: new version, 16.0a1 (windows-x86_64) - - - - - 7b192ce5 by hackademix at 2025-12-15T22:56:56+01:00 alpha: new version, 16.0a1 - - - - - 36 changed files: - update_1/alpha/.htaccess - + update_1/alpha/download-linux-aarch64.json - update_1/alpha/download-linux-x86_64.json - update_1/alpha/download-macos.json - update_1/alpha/download-windows-x86_64.json - update_1/alpha/downloads.json - + update_1/alpha/linux-aarch64/.htaccess - + update_1/alpha/linux-aarch64/no-update.xml - + update_1/alpha/linux-aarch64/update-16.0a1-linux-aarch64.xml - update_1/alpha/linux-x86_64/.htaccess - − update_1/alpha/linux-x86_64/update-15.0a1-15.0a4-linux-x86_64.xml - − update_1/alpha/linux-x86_64/update-15.0a2-15.0a4-linux-x86_64.xml - + update_1/alpha/linux-x86_64/update-15.0a2-16.0a1-linux-x86_64.xml - − update_1/alpha/linux-x86_64/update-15.0a3-15.0a4-linux-x86_64.xml - + update_1/alpha/linux-x86_64/update-15.0a3-16.0a1-linux-x86_64.xml - + update_1/alpha/linux-x86_64/update-15.0a4-16.0a1-linux-x86_64.xml - − update_1/alpha/linux-x86_64/update-15.0a4-linux-x86_64.xml - + update_1/alpha/linux-x86_64/update-16.0a1-linux-x86_64.xml - update_1/alpha/macos/.htaccess - − update_1/alpha/macos/update-15.0a1-15.0a4-macos.xml - − update_1/alpha/macos/update-15.0a2-15.0a4-macos.xml - + update_1/alpha/macos/update-15.0a2-16.0a1-macos.xml - − update_1/alpha/macos/update-15.0a3-15.0a4-macos.xml - + update_1/alpha/macos/update-15.0a3-16.0a1-macos.xml - + update_1/alpha/macos/update-15.0a4-16.0a1-macos.xml - − update_1/alpha/macos/update-15.0a4-macos.xml - + update_1/alpha/macos/update-16.0a1-macos.xml - update_1/alpha/windows-x86_64/.htaccess - − update_1/alpha/windows-x86_64/update-15.0a1-15.0a4-windows-x86_64.xml - − update_1/alpha/windows-x86_64/update-15.0a2-15.0a4-windows-x86_64.xml - + update_1/alpha/windows-x86_64/update-15.0a2-16.0a1-windows-x86_64.xml - − update_1/alpha/windows-x86_64/update-15.0a3-15.0a4-windows-x86_64.xml - + update_1/alpha/windows-x86_64/update-15.0a3-16.0a1-windows-x86_64.xml - + update_1/alpha/windows-x86_64/update-15.0a4-16.0a1-windows-x86_64.xml - − update_1/alpha/windows-x86_64/update-15.0a4-windows-x86_64.xml - + update_1/alpha/windows-x86_64/update-16.0a1-windows-x86_64.xml The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser-update-respo… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser-update-respo… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-146.0a1-16.0-2] fixup! Tweaks to the build system
by Pier Angelo Vendrame (＠pierov) 15 Dec '25

15 Dec '25

Pier Angelo Vendrame pushed to branch mullvad-browser-146.0a1-16.0-2 at The Tor Project / Applications / Mullvad Browser Commits: d11dcdeb by Pier Angelo Vendrame at 2025-12-15T18:43:58+01:00 fixup! Tweaks to the build system This reverts commit 4e4d1a17c3fd6148d6ecfdeb3831070e068470af. This reverts commit d0aa909310783cf4bdb219d34f5031d5123f8749. - - - - - 2 changed files: - python/mach/mach/sentry.py - python/mach/mach/telemetry.py Changes: ===================================== python/mach/mach/sentry.py ===================================== @@ -8,7 +8,7 @@ import sys from pathlib import Path from threading import Thread -# import sentry_sdk +import sentry_sdk from mozversioncontrol import ( InvalidRepoPath, MissingUpstreamRepo, @@ -35,8 +35,7 @@ class SentryErrorReporter(ErrorReporter): """Reports errors using Sentry.""" def report_exception(self, exception): - pass - # return sentry_sdk.capture_exception(exception) + return sentry_sdk.capture_exception(exception) class NoopErrorReporter(ErrorReporter): @@ -62,10 +61,10 @@ def register_sentry(argv, settings, topsrcdir: Path): ) _is_unmodified_mach_core_thread.start() - # sentry_sdk.init( - # _SENTRY_DSN, before_send=lambda event, _: _process_event(event, topsrcdir) - # ) - # sentry_sdk.add_breadcrumb(message="./mach {}".format(" ".join(argv))) + sentry_sdk.init( + _SENTRY_DSN, before_send=lambda event, _: _process_event(event, topsrcdir) + ) + sentry_sdk.add_breadcrumb(message="./mach {}".format(" ".join(argv))) return SentryErrorReporter() ===================================== python/mach/mach/telemetry.py ===================================== @@ -7,9 +7,11 @@ import importlib.util import os import subprocess import sys +import urllib.parse as urllib_parse from pathlib import Path from textwrap import dedent +import requests from mozbuild.base import BuildEnvironmentNotFoundException, MozbuildObject from mozbuild.telemetry import filter_args from mozfile import json @@ -90,7 +92,10 @@ def is_applicable_telemetry_environment(): def is_telemetry_enabled(settings): - return False + if os.environ.get("DISABLE_TELEMETRY") == "1": + return False + + return settings.mach_telemetry.is_enabled def arcrc_path(): @@ -127,7 +132,40 @@ def resolve_setting_from_arcconfig(topsrcdir: Path, setting): def resolve_is_employee_by_credentials(topsrcdir: Path): - return None + try: + phabricator_uri = resolve_setting_from_arcconfig(topsrcdir, "phabricator.uri") + + if not phabricator_uri: + return None + + with arcrc_path().open() as arcrc_file: + arcrc = json.load(arcrc_file) + + phabricator_token = ( + arcrc.get("hosts", {}) + .get(urllib_parse.urljoin(phabricator_uri, "api/"), {}) + .get("token") + ) + + if not phabricator_token: + return None + + bmo_uri = ( + resolve_setting_from_arcconfig(topsrcdir, "bmo_url") + or "https://bugzilla.mozilla.org" + ) + bmo_api_url = urllib_parse.urljoin(bmo_uri, "rest/whoami") + bmo_result = requests.get( + bmo_api_url, headers={"X-PHABRICATOR-TOKEN": phabricator_token} + ) + + return "mozilla-employee-confidential" in bmo_result.json().get("groups", []) + except ( + FileNotFoundError, + json.JSONDecodeError, + requests.exceptions.RequestException, + ): + return None def resolve_is_employee_by_vcs(topsrcdir: Path): View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/d11… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/d11… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-146.0a1-16.0-2] fixup! Tweaks to the build system
by Pier Angelo Vendrame (＠pierov) 15 Dec '25

15 Dec '25

Pier Angelo Vendrame pushed to branch base-browser-146.0a1-16.0-2 at The Tor Project / Applications / Tor Browser Commits: 9fc3f0b0 by Pier Angelo Vendrame at 2025-12-15T18:43:34+01:00 fixup! Tweaks to the build system This reverts commit 4e4d1a17c3fd6148d6ecfdeb3831070e068470af. This reverts commit d0aa909310783cf4bdb219d34f5031d5123f8749. - - - - - 2 changed files: - python/mach/mach/sentry.py - python/mach/mach/telemetry.py Changes: ===================================== python/mach/mach/sentry.py ===================================== @@ -8,7 +8,7 @@ import sys from pathlib import Path from threading import Thread -# import sentry_sdk +import sentry_sdk from mozversioncontrol import ( InvalidRepoPath, MissingUpstreamRepo, @@ -35,8 +35,7 @@ class SentryErrorReporter(ErrorReporter): """Reports errors using Sentry.""" def report_exception(self, exception): - pass - # return sentry_sdk.capture_exception(exception) + return sentry_sdk.capture_exception(exception) class NoopErrorReporter(ErrorReporter): @@ -62,10 +61,10 @@ def register_sentry(argv, settings, topsrcdir: Path): ) _is_unmodified_mach_core_thread.start() - # sentry_sdk.init( - # _SENTRY_DSN, before_send=lambda event, _: _process_event(event, topsrcdir) - # ) - # sentry_sdk.add_breadcrumb(message="./mach {}".format(" ".join(argv))) + sentry_sdk.init( + _SENTRY_DSN, before_send=lambda event, _: _process_event(event, topsrcdir) + ) + sentry_sdk.add_breadcrumb(message="./mach {}".format(" ".join(argv))) return SentryErrorReporter() ===================================== python/mach/mach/telemetry.py ===================================== @@ -7,9 +7,11 @@ import importlib.util import os import subprocess import sys +import urllib.parse as urllib_parse from pathlib import Path from textwrap import dedent +import requests from mozbuild.base import BuildEnvironmentNotFoundException, MozbuildObject from mozbuild.telemetry import filter_args from mozfile import json @@ -90,7 +92,10 @@ def is_applicable_telemetry_environment(): def is_telemetry_enabled(settings): - return False + if os.environ.get("DISABLE_TELEMETRY") == "1": + return False + + return settings.mach_telemetry.is_enabled def arcrc_path(): @@ -127,7 +132,40 @@ def resolve_setting_from_arcconfig(topsrcdir: Path, setting): def resolve_is_employee_by_credentials(topsrcdir: Path): - return None + try: + phabricator_uri = resolve_setting_from_arcconfig(topsrcdir, "phabricator.uri") + + if not phabricator_uri: + return None + + with arcrc_path().open() as arcrc_file: + arcrc = json.load(arcrc_file) + + phabricator_token = ( + arcrc.get("hosts", {}) + .get(urllib_parse.urljoin(phabricator_uri, "api/"), {}) + .get("token") + ) + + if not phabricator_token: + return None + + bmo_uri = ( + resolve_setting_from_arcconfig(topsrcdir, "bmo_url") + or "https://bugzilla.mozilla.org" + ) + bmo_api_url = urllib_parse.urljoin(bmo_uri, "rest/whoami") + bmo_result = requests.get( + bmo_api_url, headers={"X-PHABRICATOR-TOKEN": phabricator_token} + ) + + return "mozilla-employee-confidential" in bmo_result.json().get("groups", []) + except ( + FileNotFoundError, + json.JSONDecodeError, + requests.exceptions.RequestException, + ): + return None def resolve_is_employee_by_vcs(topsrcdir: Path): View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9fc3f0b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9fc3f0b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-146.0a1-16.0-2] fixup! Tweaks to the build system
by Pier Angelo Vendrame (＠pierov) 15 Dec '25

15 Dec '25

Pier Angelo Vendrame pushed to branch tor-browser-146.0a1-16.0-2 at The Tor Project / Applications / Tor Browser Commits: b05a0c00 by Pier Angelo Vendrame at 2025-12-15T17:54:47+01:00 fixup! Tweaks to the build system This reverts commit 4e4d1a17c3fd6148d6ecfdeb3831070e068470af. This reverts commit d0aa909310783cf4bdb219d34f5031d5123f8749. - - - - - 2 changed files: - python/mach/mach/sentry.py - python/mach/mach/telemetry.py Changes: ===================================== python/mach/mach/sentry.py ===================================== @@ -8,7 +8,7 @@ import sys from pathlib import Path from threading import Thread -# import sentry_sdk +import sentry_sdk from mozversioncontrol import ( InvalidRepoPath, MissingUpstreamRepo, @@ -35,8 +35,7 @@ class SentryErrorReporter(ErrorReporter): """Reports errors using Sentry.""" def report_exception(self, exception): - pass - # return sentry_sdk.capture_exception(exception) + return sentry_sdk.capture_exception(exception) class NoopErrorReporter(ErrorReporter): @@ -62,10 +61,10 @@ def register_sentry(argv, settings, topsrcdir: Path): ) _is_unmodified_mach_core_thread.start() - # sentry_sdk.init( - # _SENTRY_DSN, before_send=lambda event, _: _process_event(event, topsrcdir) - # ) - # sentry_sdk.add_breadcrumb(message="./mach {}".format(" ".join(argv))) + sentry_sdk.init( + _SENTRY_DSN, before_send=lambda event, _: _process_event(event, topsrcdir) + ) + sentry_sdk.add_breadcrumb(message="./mach {}".format(" ".join(argv))) return SentryErrorReporter() ===================================== python/mach/mach/telemetry.py ===================================== @@ -7,9 +7,11 @@ import importlib.util import os import subprocess import sys +import urllib.parse as urllib_parse from pathlib import Path from textwrap import dedent +import requests from mozbuild.base import BuildEnvironmentNotFoundException, MozbuildObject from mozbuild.telemetry import filter_args from mozfile import json @@ -90,7 +92,10 @@ def is_applicable_telemetry_environment(): def is_telemetry_enabled(settings): - return False + if os.environ.get("DISABLE_TELEMETRY") == "1": + return False + + return settings.mach_telemetry.is_enabled def arcrc_path(): @@ -127,7 +132,40 @@ def resolve_setting_from_arcconfig(topsrcdir: Path, setting): def resolve_is_employee_by_credentials(topsrcdir: Path): - return None + try: + phabricator_uri = resolve_setting_from_arcconfig(topsrcdir, "phabricator.uri") + + if not phabricator_uri: + return None + + with arcrc_path().open() as arcrc_file: + arcrc = json.load(arcrc_file) + + phabricator_token = ( + arcrc.get("hosts", {}) + .get(urllib_parse.urljoin(phabricator_uri, "api/"), {}) + .get("token") + ) + + if not phabricator_token: + return None + + bmo_uri = ( + resolve_setting_from_arcconfig(topsrcdir, "bmo_url") + or "https://bugzilla.mozilla.org" + ) + bmo_api_url = urllib_parse.urljoin(bmo_uri, "rest/whoami") + bmo_result = requests.get( + bmo_api_url, headers={"X-PHABRICATOR-TOKEN": phabricator_token} + ) + + return "mozilla-employee-confidential" in bmo_result.json().get("groups", []) + except ( + FileNotFoundError, + json.JSONDecodeError, + requests.exceptions.RequestException, + ): + return None def resolve_is_employee_by_vcs(topsrcdir: Path): View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/b05a0c0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/b05a0c0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag mb-16.0a1-build2
by Pier Angelo Vendrame (＠pierov) 15 Dec '25

15 Dec '25

Pier Angelo Vendrame pushed new tag mb-16.0a1-build2 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/mb-… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-16.0a1-build2
by Pier Angelo Vendrame (＠pierov) 15 Dec '25

15 Dec '25

Pier Angelo Vendrame pushed new tag tbb-16.0a1-build2 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 41666: Normalize the path to tor-expert-bundle.aar.
by Pier Angelo Vendrame (＠pierov) 15 Dec '25

15 Dec '25

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 6e2f7f6b by Pier Angelo Vendrame at 2025-12-15T09:13:55+01:00 Bug 41666: Normalize the path to tor-expert-bundle.aar. This path is included in the builds (in buildconfig.html), and the current one is random, so it makes build non-reproducible. - - - - - b87dbe8e by Pier Angelo Vendrame at 2025-12-15T14:58:07+01:00 Bug 41513: Prepare Tor Browser 16.0a1 (build2). Bump to build2 as build1 had Android reproducibility problems. - - - - - 4 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/geckoview/build_common - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -29,6 +29,8 @@ Mullvad Browser 16.0a1 - December 11 2025 * Bug 41644: Self-hosted browser extensions support in relprep.py [tor-browser-build] * Bug 41647: Add a XZ_DEFAULTS to set_default_env [tor-browser-build] * Bug 41662: Add python-zstandard to desktop containers [tor-browser-build] + * macOS + * Bug 41665: Update macos signing wrapper for new executable gpu-helper.app [tor-browser-build] * Linux * Bug 41627: Firefox build system needs a more recent version of OpenSSL on Linux [tor-browser-build] * Bug 41632: Ship Linux aarch64 builds in Alpha Release Channel [tor-browser-build] ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -44,6 +44,8 @@ Tor Browser 16.0a1 - December 11 2025 * Windows + Linux + Android * Bug 41580: Update Go major to 1.25.x [tor-browser-build] * Updated Go to 1.25.5 + * macOS + * Bug 41665: Update macos signing wrapper for new executable gpu-helper.app [tor-browser-build] * Linux * Bug 41601: Upstream droppped Linux i686 support [tor-browser-build] * Bug 41627: Firefox build system needs a more recent version of OpenSSL on Linux [tor-browser-build] @@ -60,6 +62,7 @@ Tor Browser 16.0a1 - December 11 2025 * Bug 41621: Remove support using older android build tools when signing 14.5 releases in tools/signing/wrappers/sign-apk [tor-browser-build] * Bug 41628: android_ndk_version and revision can be grouped together [tor-browser-build] * Bug 41636: Update the scripts to manage Gradle dependencies [tor-browser-build] + * Bug 41666: Normalize the path to tor-expert-bundle.aar [tor-browser-build] Tor Browser 15.0a4 - October 16 2025 * All Platforms ===================================== projects/geckoview/build_common ===================================== @@ -14,7 +14,9 @@ export PATH="/var/tmp/dist/node/bin:$PATH" export LC_ALL=C.UTF-8 export LANG=C.UTF-8 -export TOR_EXPERT_BUNDLE_AAR=$rootdir/[% c('input_files_by_name/tor-expert-bundle-aar') %]/tor-expert-bundle.aar +# Normalize this path, as it will end up in buildconfig.html. +export TOR_EXPERT_BUNDLE_AAR=/var/tmp/dist/tor-expert-bundle.aar +mv $rootdir/[% c('input_files_by_name/tor-expert-bundle-aar') %]/tor-expert-bundle.aar $TOR_EXPERT_BUNDLE_AAR tar -C /var/tmp/dist -xf [% c('input_files_by_name/application-services') %] export APPLICATION_SERVICES=/var/tmp/dist/application-services/maven ===================================== rbm.conf ===================================== @@ -82,7 +82,7 @@ buildconf: var: torbrowser_version: '16.0a1' - torbrowser_build: 'build1' + torbrowser_build: 'build2' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. browser_release_date: '2025/12/11 14:20:12' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-146.0a1-16.0-2-build2
by Pier Angelo Vendrame (＠pierov) 11 Dec '25

11 Dec '25

Pier Angelo Vendrame pushed new tag mullvad-browser-146.0a1-16.0-2-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-146.0a1-16.0-2-build1
by Pier Angelo Vendrame (＠pierov) 11 Dec '25

11 Dec '25

Pier Angelo Vendrame pushed new tag mullvad-browser-146.0a1-16.0-2-build1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-146.0a1-16.0-2-build2
by Pier Angelo Vendrame (＠pierov) 11 Dec '25

11 Dec '25

Pier Angelo Vendrame pushed new tag tor-browser-146.0a1-16.0-2-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag mb-16.0a1-build1
by Pier Angelo Vendrame (＠pierov) 11 Dec '25

11 Dec '25

Pier Angelo Vendrame pushed new tag mb-16.0a1-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/mb-… You're receiving this email because of your account on gitlab.torproject.org.

1 0