- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][tor-browser-128.4.0esr-14.5-1] 3 commits: fixup! Bug 14631: Improve profile access error messages.
by morgan (＠morgan) 29 Oct '24

29 Oct '24

morgan pushed to branch tor-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 1f0bfac8 by Henry Wilkes at 2024-10-29T20:11:45+00:00 fixup! Bug 14631: Improve profile access error messages. Bug 42739: Revert patch for "Improve profile access error messages." - - - - - 8cef0b28 by Henry Wilkes at 2024-10-29T20:11:45+00:00 fixup! Add TorStrings module for localization Bug 42739: Drop profile access error strings. - - - - - 50cede2a by Henry Wilkes at 2024-10-29T20:11:45+00:00 Bug 42739: Use the brand name for profile error messages. Some messages in profileSelection.properties use gAppData->name as variable inputs. However, gAppData->name is still "Firefox" for our base-browser builds, rather than the user-facing browser name. We swap these instances with the displayed brand name instead. - - - - - 6 changed files: - toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties - toolkit/profile/nsToolkitProfileService.cpp - toolkit/profile/nsToolkitProfileService.h - − toolkit/torbutton/chrome/locale/en-US/torbutton.properties - toolkit/xre/ProfileReset.cpp - toolkit/xre/nsAppRunner.cpp Changes: ===================================== toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties ===================================== @@ -12,11 +12,6 @@ restartMessageUnlocker=%S is already running, but is not responding. The old %S restartMessageNoUnlockerMac=A copy of %S is already open. Only one copy of %S can be open at a time. restartMessageUnlockerMac=A copy of %S is already open. The running copy of %S will quit in order to open this one. -# LOCALIZATION NOTE (profileProblemTitle, profileReadOnly, profileReadOnlyMac, profileAccessDenied): Messages displayed when the browser profile cannot be accessed or written to. %S is the application name. -profileProblemTitle=%S Profile Problem -profileReadOnly=You cannot run %S from a read-only file system. Please copy %S to another location before trying to use it. -profileReadOnlyMac=You cannot run %S from a read-only file system. Please copy %S to your Desktop or Applications folder before trying to use it. -profileAccessDenied=%S does not have permission to access the profile. Please adjust your file system permissions and try again. # Profile manager # LOCALIZATION NOTE (profileTooltip): First %S is the profile name, second %S is the path to the profile folder. profileTooltip=Profile: ‘%S’ — Path: ‘%S’ ===================================== toolkit/profile/nsToolkitProfileService.cpp ===================================== @@ -1261,10 +1261,9 @@ nsToolkitProfileService::SelectStartupProfile( } bool wasDefault; - ProfileStatus profileStatus; nsresult rv = SelectStartupProfile(&argc, argv.get(), aIsResetting, aRootDir, aLocalDir, - aProfile, aDidCreate, &wasDefault, profileStatus); + aProfile, aDidCreate, &wasDefault); // Since we were called outside of the normal startup path complete any // startup tasks. @@ -1299,8 +1298,7 @@ static void SaltProfileName(nsACString& aName); nsresult nsToolkitProfileService::SelectStartupProfile( int* aArgc, char* aArgv[], bool aIsResetting, nsIFile** aRootDir, nsIFile** aLocalDir, nsIToolkitProfile** aProfile, bool* aDidCreate, - bool* aWasDefaultSelection, ProfileStatus& aProfileStatus) { - aProfileStatus = PROFILE_STATUS_OK; + bool* aWasDefaultSelection) { if (mStartupProfileSelected) { return NS_ERROR_ALREADY_INITIALIZED; } @@ -1393,13 +1391,6 @@ nsresult nsToolkitProfileService::SelectStartupProfile( rv = XRE_GetFileFromPath(arg, getter_AddRefs(lf)); NS_ENSURE_SUCCESS(rv, rv); - aProfileStatus = CheckProfileWriteAccess(lf); - if (PROFILE_STATUS_OK != aProfileStatus) { - NS_ADDREF(*aRootDir = lf); - NS_ADDREF(*aLocalDir = lf); - return NS_ERROR_FAILURE; - } - // Make sure that the profile path exists and it's a directory. bool exists; rv = lf->Exists(&exists); @@ -2259,47 +2250,3 @@ nsresult XRE_GetFileFromPath(const char* aPath, nsIFile** aResult) { # error Platform-specific logic needed here. #endif } - -// Check for write permission to the profile directory by trying to create a -// new file (after ensuring that no file with the same name exists). -ProfileStatus nsToolkitProfileService::CheckProfileWriteAccess( - nsIFile* aProfileDir) { -#if defined(XP_UNIX) - constexpr auto writeTestFileName = u".parentwritetest"_ns; -#else - constexpr auto writeTestFileName = u"parent.writetest"_ns; -#endif - - nsCOMPtr<nsIFile> writeTestFile; - nsresult rv = aProfileDir->Clone(getter_AddRefs(writeTestFile)); - if (NS_SUCCEEDED(rv)) rv = writeTestFile->Append(writeTestFileName); - - if (NS_SUCCEEDED(rv)) { - bool doesExist = false; - rv = writeTestFile->Exists(&doesExist); - if (NS_SUCCEEDED(rv) && doesExist) rv = writeTestFile->Remove(true); - } - - if (NS_SUCCEEDED(rv)) { - rv = writeTestFile->Create(nsIFile::NORMAL_FILE_TYPE, 0666); - (void)writeTestFile->Remove(true); - } - - ProfileStatus status = - NS_SUCCEEDED(rv) ? PROFILE_STATUS_OK : PROFILE_STATUS_OTHER_ERROR; - if (NS_ERROR_FILE_ACCESS_DENIED == rv) - status = PROFILE_STATUS_ACCESS_DENIED; - else if (NS_ERROR_FILE_READ_ONLY == rv) - status = PROFILE_STATUS_READ_ONLY; - - return status; -} - -ProfileStatus nsToolkitProfileService::CheckProfileWriteAccess( - nsIToolkitProfile* aProfile) { - nsCOMPtr<nsIFile> profileDir; - nsresult rv = aProfile->GetRootDir(getter_AddRefs(profileDir)); - if (NS_FAILED(rv)) return PROFILE_STATUS_OTHER_ERROR; - - return CheckProfileWriteAccess(profileDir); -} ===================================== toolkit/profile/nsToolkitProfileService.h ===================================== @@ -17,14 +17,6 @@ #include "nsProfileLock.h" #include "nsINIParser.h" -enum ProfileStatus { - PROFILE_STATUS_OK, - PROFILE_STATUS_ACCESS_DENIED, - PROFILE_STATUS_READ_ONLY, - PROFILE_STATUS_IS_LOCKED, - PROFILE_STATUS_OTHER_ERROR -}; - class nsToolkitProfile final : public nsIToolkitProfile, public mozilla::LinkedListElement<RefPtr<nsToolkitProfile>> { @@ -81,13 +73,10 @@ class nsToolkitProfileService final : public nsIToolkitProfileService { nsresult SelectStartupProfile(int* aArgc, char* aArgv[], bool aIsResetting, nsIFile** aRootDir, nsIFile** aLocalDir, nsIToolkitProfile** aProfile, bool* aDidCreate, - bool* aWasDefaultSelection, - ProfileStatus& aProfileStatus); + bool* aWasDefaultSelection); nsresult CreateResetProfile(nsIToolkitProfile** aNewProfile); nsresult ApplyResetProfile(nsIToolkitProfile* aOldProfile); void CompleteStartup(); - static ProfileStatus CheckProfileWriteAccess(nsIToolkitProfile* aProfile); - static ProfileStatus CheckProfileWriteAccess(nsIFile* aProfileDir); private: friend class nsToolkitProfile; ===================================== toolkit/torbutton/chrome/locale/en-US/torbutton.properties deleted ===================================== @@ -1,11 +0,0 @@ -# Copyright (c) 2022, The Tor Project, Inc. -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -# Profile/startup error messages. -# LOCALIZATION NOTE: %S is the application name. -profileProblemTitle=%S Profile Problem -profileReadOnly=You cannot run %S from a read-only file system. Please copy %S to another location before trying to use it. -profileReadOnlyMac=You cannot run %S from a read-only file system. Please copy %S to your Desktop or Applications folder before trying to use it. -profileAccessDenied=%S does not have permission to access the profile. Please adjust your file system permissions and try again. ===================================== toolkit/xre/ProfileReset.cpp ===================================== @@ -23,8 +23,8 @@ using namespace mozilla; -extern const XREAppData* gAppData; - +static const char kBrandProperties[] = + "chrome://branding/locale/brand.properties"; static const char kProfileProperties[] = "chrome://mozapps/locale/profile/profileSelection.properties"; @@ -49,12 +49,21 @@ nsresult ProfileResetCleanup(nsToolkitProfileService* aService, mozilla::components::StringBundle::Service(); if (!sbs) return NS_ERROR_FAILURE; + nsCOMPtr<nsIStringBundle> brandBundle; + Unused << sbs->CreateBundle(kBrandProperties, getter_AddRefs(brandBundle)); + if (!brandBundle) return NS_ERROR_FAILURE; + nsCOMPtr<nsIStringBundle> sb; Unused << sbs->CreateBundle(kProfileProperties, getter_AddRefs(sb)); if (!sb) return NS_ERROR_FAILURE; - NS_ConvertUTF8toUTF16 appName(gAppData->name); - AutoTArray<nsString, 2> params = {appName, appName}; + nsAutoString appName; + rv = brandBundle->GetStringFromName("brandShortName", appName); + if (NS_FAILED(rv)) return rv; + + AutoTArray<nsString, 2> params; + params.AppendElement(appName); + params.AppendElement(appName); nsAutoString resetBackupDirectoryName; ===================================== toolkit/xre/nsAppRunner.cpp ===================================== @@ -2599,91 +2599,8 @@ nsresult LaunchChild(bool aBlankCommandLine, bool aTryExec) { return NS_ERROR_LAUNCHED_CHILD_PROCESS; } -static nsresult GetOverrideStringBundleForLocale(nsIStringBundleService* aSBS, - const char* aTorbuttonURI, - const char* aLocale, - nsIStringBundle** aResult) { - NS_ENSURE_ARG(aSBS); - NS_ENSURE_ARG(aTorbuttonURI); - NS_ENSURE_ARG(aLocale); - NS_ENSURE_ARG(aResult); - - const char* kFormatStr = - "jar:%s!/chrome/torbutton/locale/%s/torbutton.properties"; - nsPrintfCString strBundleURL(kFormatStr, aTorbuttonURI, aLocale); - nsresult rv = aSBS->CreateBundle(strBundleURL.get(), aResult); - NS_ENSURE_SUCCESS(rv, rv); - - // To ensure that we have a valid string bundle, try to retrieve a string - // that we know exists. - nsAutoString val; - rv = (*aResult)->GetStringFromName("profileProblemTitle", val); - if (!NS_SUCCEEDED(rv)) *aResult = nullptr; // No good. Discard it. - - return rv; -} - -static void GetOverrideStringBundle(nsIStringBundleService* aSBS, - nsIStringBundle** aResult) { - if (!aSBS || !aResult) return; - - *aResult = nullptr; - - // Build Torbutton file URI string by starting from GREDir. - RefPtr<nsXREDirProvider> dirProvider = nsXREDirProvider::GetSingleton(); - if (!dirProvider) return; - - nsCOMPtr<nsIFile> greDir = dirProvider->GetGREDir(); - if (!greDir) return; - - // Create file URI, extract as string, and append omni.ja relative path. - nsCOMPtr<nsIURI> uri; - nsAutoCString uriString; - if (NS_FAILED(NS_NewFileURI(getter_AddRefs(uri), greDir)) || - NS_FAILED(uri->GetSpec(uriString))) { - return; - } - - uriString.Append("omni.ja"); - - nsAutoCString userAgentLocale; - if (!NS_SUCCEEDED( - Preferences::GetCString("intl.locale.requested", userAgentLocale))) { - return; - } - - nsresult rv = GetOverrideStringBundleForLocale( - aSBS, uriString.get(), userAgentLocale.get(), aResult); - if (NS_FAILED(rv)) { - // Try again using base locale, e.g., "en" vs. "en-US". - int16_t offset = userAgentLocale.FindChar('-', 1); - if (offset > 0) { - nsAutoCString shortLocale(Substring(userAgentLocale, 0, offset)); - rv = GetOverrideStringBundleForLocale(aSBS, uriString.get(), - shortLocale.get(), aResult); - } - } -} - -static nsresult GetFormattedString(nsIStringBundle* aOverrideBundle, - nsIStringBundle* aMainBundle, - const char* aName, - const nsTArray<nsString>& aParams, - nsAString& aResult) { - NS_ENSURE_ARG(aName); - - nsresult rv = NS_ERROR_FAILURE; - if (aOverrideBundle) { - rv = aOverrideBundle->FormatStringFromName(aName, aParams, aResult); - } - - // If string was not found in override bundle, use main (browser) bundle. - if (NS_FAILED(rv) && aMainBundle) - rv = aMainBundle->FormatStringFromName(aName, aParams, aResult); - - return rv; -} - +static const char kBrandProperties[] = + "chrome://branding/locale/brand.properties"; static const char kProfileProperties[] = "chrome://mozapps/locale/profile/profileSelection.properties"; @@ -2753,12 +2670,20 @@ static nsresult ProfileMissingDialog(nsINativeAppSupport* aNative) { mozilla::components::StringBundle::Service(); NS_ENSURE_TRUE(sbs, NS_ERROR_FAILURE); + nsCOMPtr<nsIStringBundle> brandBundle; + sbs->CreateBundle(kBrandProperties, getter_AddRefs(brandBundle)); + NS_ENSURE_TRUE_LOG(sbs, NS_ERROR_FAILURE); nsCOMPtr<nsIStringBundle> sb; sbs->CreateBundle(kProfileProperties, getter_AddRefs(sb)); NS_ENSURE_TRUE_LOG(sbs, NS_ERROR_FAILURE); - NS_ConvertUTF8toUTF16 appName(MOZ_APP_DISPLAYNAME); - AutoTArray<nsString, 2> params = {appName, appName}; + nsAutoString appName; + rv = brandBundle->GetStringFromName("brandShortName", appName); + NS_ENSURE_SUCCESS(rv, NS_ERROR_ABORT); + + AutoTArray<nsString, 2> params; + params.AppendElement(appName); + params.AppendElement(appName); // profileMissing nsAutoString missingMessage; @@ -2782,12 +2707,11 @@ static nsresult ProfileMissingDialog(nsINativeAppSupport* aNative) { // If aUnlocker is NULL, it is also OK for the following arguments to be NULL: // aProfileDir, aProfileLocalDir, aResult. -static ReturnAbortOnError ProfileErrorDialog(nsIFile* aProfileDir, - nsIFile* aProfileLocalDir, - ProfileStatus aStatus, - nsIProfileUnlocker* aUnlocker, - nsINativeAppSupport* aNative, - nsIProfileLock** aResult) { +static ReturnAbortOnError ProfileLockedDialog(nsIFile* aProfileDir, + nsIFile* aProfileLocalDir, + nsIProfileUnlocker* aUnlocker, + nsINativeAppSupport* aNative, + nsIProfileLock** aResult) { nsresult rv; if (aProfileDir) { @@ -2821,43 +2745,37 @@ static ReturnAbortOnError ProfileErrorDialog(nsIFile* aProfileDir, mozilla::components::StringBundle::Service(); NS_ENSURE_TRUE(sbs, NS_ERROR_FAILURE); + nsCOMPtr<nsIStringBundle> brandBundle; + sbs->CreateBundle(kBrandProperties, getter_AddRefs(brandBundle)); + NS_ENSURE_TRUE_LOG(sbs, NS_ERROR_FAILURE); nsCOMPtr<nsIStringBundle> sb; sbs->CreateBundle(kProfileProperties, getter_AddRefs(sb)); NS_ENSURE_TRUE_LOG(sbs, NS_ERROR_FAILURE); - nsCOMPtr<nsIStringBundle> overrideSB; - GetOverrideStringBundle(sbs, getter_AddRefs(overrideSB)); + nsAutoString appName; + rv = brandBundle->GetStringFromName("brandShortName", appName); + NS_ENSURE_SUCCESS(rv, NS_ERROR_ABORT); - NS_ConvertUTF8toUTF16 appName(MOZ_APP_DISPLAYNAME); - AutoTArray<nsString, 3> params = {appName, appName, appName}; + AutoTArray<nsString, 3> params; + params.AppendElement(appName); + params.AppendElement(appName); + params.AppendElement(appName); nsAutoString killMessage; #ifndef XP_MACOSX - static const char kRestartUnlocker[] = "restartMessageUnlocker"; - static const char kRestartNoUnlocker[] = "restartMessageNoUnlocker2"; - static const char kReadOnly[] = "profileReadOnly"; + rv = sb->FormatStringFromName( + aUnlocker ? "restartMessageUnlocker" : "restartMessageNoUnlocker2", + params, killMessage); #else - static const char kRestartUnlocker[] = "restartMessageUnlockerMac"; - static const char kRestartNoUnlocker[] = "restartMessageNoUnlockerMac"; - static const char kReadOnly[] = "profileReadOnlyMac"; -#endif - static const char kAccessDenied[] = "profileAccessDenied"; - - const char* errorKey = aUnlocker ? kRestartUnlocker : kRestartNoUnlocker; - if (PROFILE_STATUS_READ_ONLY == aStatus) - errorKey = kReadOnly; - else if (PROFILE_STATUS_ACCESS_DENIED == aStatus) - errorKey = kAccessDenied; - rv = GetFormattedString(overrideSB, sb, errorKey, params, killMessage); + rv = sb->FormatStringFromName( + aUnlocker ? "restartMessageUnlockerMac" : "restartMessageNoUnlockerMac", + params, killMessage); +#endif NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE); - const char* titleKey = ((PROFILE_STATUS_READ_ONLY == aStatus) || - (PROFILE_STATUS_ACCESS_DENIED == aStatus)) - ? "profileProblemTitle" - : "restartTitle"; params.SetLength(1); nsAutoString killTitle; - rv = sb->FormatStringFromName(titleKey, params, killTitle); + rv = sb->FormatStringFromName("restartTitle", params, killTitle); NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE); #ifdef MOZ_BACKGROUNDTASKS @@ -3028,24 +2946,6 @@ static ReturnAbortOnError ShowProfileManager( return LaunchChild(false, true); } -#ifdef XP_MACOSX -static ProfileStatus CheckTorBrowserDataWriteAccess() { - // Check whether we can write to the directory that will contain - // TorBrowser-Data. - RefPtr<nsXREDirProvider> singleton = nsXREDirProvider::GetSingleton(); - if (!singleton) { - return PROFILE_STATUS_OTHER_ERROR; - } - nsCOMPtr<nsIFile> tbDataDir; - nsresult rv = singleton->GetTorBrowserUserDataDir(getter_AddRefs(tbDataDir)); - NS_ENSURE_SUCCESS(rv, PROFILE_STATUS_OTHER_ERROR); - nsCOMPtr<nsIFile> tbDataDirParent; - rv = tbDataDir->GetParent(getter_AddRefs(tbDataDirParent)); - NS_ENSURE_SUCCESS(rv, PROFILE_STATUS_OTHER_ERROR); - return nsToolkitProfileService::CheckProfileWriteAccess(tbDataDirParent); -} -#endif - static bool gDoMigration = false; static bool gDoProfileReset = false; static nsCOMPtr<nsIToolkitProfile> gResetOldProfile; @@ -3053,13 +2953,6 @@ static nsCOMPtr<nsIToolkitProfile> gResetOldProfile; static nsresult LockProfile(nsINativeAppSupport* aNative, nsIFile* aRootDir, nsIFile* aLocalDir, nsIToolkitProfile* aProfile, nsIProfileLock** aResult) { - ProfileStatus status = - (aProfile ? nsToolkitProfileService::CheckProfileWriteAccess(aProfile) - : nsToolkitProfileService::CheckProfileWriteAccess(aRootDir)); - if (PROFILE_STATUS_OK != status) - return ProfileErrorDialog(aRootDir, aLocalDir, status, nullptr, aNative, - aResult); - // If you close Firefox and very quickly reopen it, the old Firefox may // still be closing down. Rather than immediately showing the // "Firefox is running but is not responding" message, we spend a few @@ -3086,8 +2979,7 @@ static nsresult LockProfile(nsINativeAppSupport* aNative, nsIFile* aRootDir, } while (TimeStamp::Now() - start < TimeDuration::FromSeconds(kLockRetrySeconds)); - return ProfileErrorDialog(aRootDir, aLocalDir, PROFILE_STATUS_IS_LOCKED, - unlocker, aNative, aResult); + return ProfileLockedDialog(aRootDir, aLocalDir, unlocker, aNative, aResult); } // Pick a profile. We need to end up with a profile root dir, local dir and @@ -3102,8 +2994,7 @@ static nsresult LockProfile(nsINativeAppSupport* aNative, nsIFile* aRootDir, static nsresult SelectProfile(nsToolkitProfileService* aProfileSvc, nsINativeAppSupport* aNative, nsIFile** aRootDir, nsIFile** aLocalDir, nsIToolkitProfile** aProfile, - bool* aWasDefaultSelection, - nsIProfileLock** aResult) { + bool* aWasDefaultSelection) { StartupTimeline::Record(StartupTimeline::SELECT_PROFILE); nsresult rv; @@ -3141,14 +3032,9 @@ static nsresult SelectProfile(nsToolkitProfileService* aProfileSvc, // Ask the profile manager to select the profile directories to use. bool didCreate = false; - ProfileStatus profileStatus = PROFILE_STATUS_OK; - rv = aProfileSvc->SelectStartupProfile( - &gArgc, gArgv, gDoProfileReset, aRootDir, aLocalDir, aProfile, &didCreate, - aWasDefaultSelection, profileStatus); - if (PROFILE_STATUS_OK != profileStatus) { - return ProfileErrorDialog(*aRootDir, *aLocalDir, profileStatus, nullptr, - aNative, aResult); - } + rv = aProfileSvc->SelectStartupProfile(&gArgc, gArgv, gDoProfileReset, + aRootDir, aLocalDir, aProfile, + &didCreate, aWasDefaultSelection); if (rv == NS_ERROR_SHOW_PROFILE_MANAGER) { return ShowProfileManager(aProfileSvc, aNative); @@ -5062,19 +4948,6 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) { mProfileSvc = NS_GetToolkitProfileService(); if (!mProfileSvc) { -#ifdef XP_MACOSX - // NS_NewToolkitProfileService() returns a generic NS_ERROR_FAILURE error - // if creation of the TorBrowser-Data directory fails due to access denied - // or because of a read-only disk volume. Do an extra check here to detect - // these errors so we can display an informative error message. - ProfileStatus status = CheckTorBrowserDataWriteAccess(); - if ((PROFILE_STATUS_ACCESS_DENIED == status) || - (PROFILE_STATUS_READ_ONLY == status)) { - ProfileErrorDialog(nullptr, nullptr, status, nullptr, mNativeApp, - nullptr); - return 1; - } -#endif // We failed to choose or create profile - notify user and quit ProfileMissingDialog(mNativeApp); return 1; @@ -5084,7 +4957,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) { nsCOMPtr<nsIToolkitProfile> profile; rv = SelectProfile(mProfileSvc, mNativeApp, getter_AddRefs(mProfD), getter_AddRefs(mProfLD), getter_AddRefs(profile), - &wasDefaultSelection, getter_AddRefs(mProfileLock)); + &wasDefaultSelection); if (rv == NS_ERROR_LAUNCHED_CHILD_PROCESS || rv == NS_ERROR_ABORT) { *aExitFlag = true; return 0; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/464b5a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/464b5a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Update release prep merge request template
by morgan (＠morgan) 29 Oct '24

29 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 0178b624 by Nicolas Vigier at 2024-10-29T20:08:40+00:00 Update release prep merge request template Update self-review template to add torbrowser_legacy vars to rbm.conf, and remove firefox-android. - - - - - 1 changed file: - .gitlab/merge_request_templates/relprep.md Changes: ===================================== .gitlab/merge_request_templates/relprep.md ===================================== @@ -10,10 +10,11 @@ - [ ] `var/torbrowser_build`: should be `build1`, unless bumping a previous release preparation - [ ] `var/browser_release_date`: must not be in the future when we start building - [ ] `var/torbrowser_incremental_from` (not needed for Android-only releases) + - [ ] `var/torbrowser_legacy_version` (For Tor Browser 14.0.x stable releases only) + - [ ] `var/torbrowser_legacy_platform_version` (For Tor Browser 14.0.x stable releases only) - [ ] Tag updates: - [ ] [Firefox](https://gitlab.torproject.org/tpo/applications/tor-browser/-/tags) - [ ] Geckoview - should match Firefox - - [ ] [Firefox Android](https://gitlab.torproject.org/tpo/applications/firefox-android/-/t… - Tags might be speculative in the release preparation: i.e., they might not exist yet. - [ ] Addon updates: - [ ] [NoScript](https://addons.mozilla.org/en-US/firefox/addon/noscript/) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.4.0esr-14.5-1] 2 commits: fixup! Bug 40283: Workaround for the file upload bug
by Pier Angelo Vendrame (＠pierov) 29 Oct '24

29 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 1eb1dd23 by Pier Angelo Vendrame at 2024-10-29T19:10:13+01:00 fixup! Bug 40283: Workaround for the file upload bug Lint with android-format. - - - - - 291acbab by Pier Angelo Vendrame at 2024-10-29T19:10:21+01:00 fixup! Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware Lint with android-format. - - - - - 2 changed files: - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java Changes: ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java ===================================== @@ -6301,10 +6301,10 @@ public class GeckoSession { } private static String normalizePath(String input) { - // For an unclear reason, Android media picker delivers file paths - // starting with double slash. Firefox performs path validation on - // all paths, and double slash is deemed invalid. - return input.startsWith("//") ? input.substring(1) : input; + // For an unclear reason, Android media picker delivers file paths + // starting with double slash. Firefox performs path validation on + // all paths, and double slash is deemed invalid. + return input.startsWith("//") ? input.substring(1) : input; } private static String getFile(final @NonNull Context context, final @NonNull Uri uri) { ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java ===================================== @@ -49,9 +49,7 @@ public class WebRequest extends WebMessage { /** The value of the Referer header for this request. */ public final @Nullable String referrer; - /** - * The value of the origin of this request. - */ + /** The value of the origin of this request. */ public final @Nullable String origin; @Retention(RetentionPolicy.SOURCE) @@ -248,10 +246,10 @@ public class WebRequest extends WebMessage { * @param origin A URI String * @return This Builder instance. */ - public @NonNull Builder origin(final @Nullable String origin) { - mOrigin = origin; - return this; - } + public @NonNull Builder origin(final @Nullable String origin) { + mOrigin = origin; + return this; + } /** * @return A {@link WebRequest} constructed with the values from this Builder instance. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/4e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/4e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.4.0esr-14.5-1] 2 commits: fixup! Bug 40283: Workaround for the file upload bug
by Pier Angelo Vendrame (＠pierov) 29 Oct '24

29 Oct '24

Pier Angelo Vendrame pushed to branch base-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 4b20df89 by Pier Angelo Vendrame at 2024-10-29T19:08:47+01:00 fixup! Bug 40283: Workaround for the file upload bug Lint with android-format. - - - - - 8cd93211 by Pier Angelo Vendrame at 2024-10-29T19:08:54+01:00 fixup! Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware Lint with android-format. - - - - - 2 changed files: - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java Changes: ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java ===================================== @@ -6301,10 +6301,10 @@ public class GeckoSession { } private static String normalizePath(String input) { - // For an unclear reason, Android media picker delivers file paths - // starting with double slash. Firefox performs path validation on - // all paths, and double slash is deemed invalid. - return input.startsWith("//") ? input.substring(1) : input; + // For an unclear reason, Android media picker delivers file paths + // starting with double slash. Firefox performs path validation on + // all paths, and double slash is deemed invalid. + return input.startsWith("//") ? input.substring(1) : input; } private static String getFile(final @NonNull Context context, final @NonNull Uri uri) { ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java ===================================== @@ -49,9 +49,7 @@ public class WebRequest extends WebMessage { /** The value of the Referer header for this request. */ public final @Nullable String referrer; - /** - * The value of the origin of this request. - */ + /** The value of the origin of this request. */ public final @Nullable String origin; @Retention(RetentionPolicy.SOURCE) @@ -248,10 +246,10 @@ public class WebRequest extends WebMessage { * @param origin A URI String * @return This Builder instance. */ - public @NonNull Builder origin(final @Nullable String origin) { - mOrigin = origin; - return this; - } + public @NonNull Builder origin(final @Nullable String origin) { + mOrigin = origin; + return this; + } /** * @return A {@link WebRequest} constructed with the values from this Builder instance. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/3975e7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/3975e7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.4.0esr-14.5-1] 6 commits: fixup! Bug 40283: Workaround for the file upload bug
by Pier Angelo Vendrame (＠pierov) 29 Oct '24

29 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 41bcfa1b by Pier Angelo Vendrame at 2024-10-29T19:05:48+01:00 fixup! Bug 40283: Workaround for the file upload bug Lint with android-format. - - - - - c8428799 by Pier Angelo Vendrame at 2024-10-29T19:05:53+01:00 fixup! Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware Lint with android-format. - - - - - cdcb77db by Pier Angelo Vendrame at 2024-10-29T19:05:53+01:00 fixup! Bug 42247: Android helpers for the TorProvider Lint with android-format. - - - - - ad0782df by Pier Angelo Vendrame at 2024-10-29T19:05:54+01:00 fixup! Bug 40597: Implement TorSettings module Fix a couple of references to Moat in the generic DomainFrontedRequests module. - - - - - 6b2120f9 by Pier Angelo Vendrame at 2024-10-29T19:05:54+01:00 fixup! Bug 40597: Implement TorSettings module ch.asyncOpen is not a JS async function, so no need to await it. The async in the name means that the channel will call methods from a listener object that it takes as an argument when it receives data. - - - - - 464b5a9b by Pier Angelo Vendrame at 2024-10-29T19:05:55+01:00 fixup! Bug 42247: Android helpers for the TorProvider Bug 43232: Make the Android Meek transport easier to debug. - - - - - 8 changed files: - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/TorIntegrationAndroid.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/TorSettings.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/androidlegacysettings/Prefs.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/androidlegacysettings/TorLegacyAndroidSettings.java - toolkit/modules/DomainFrontedRequests.sys.mjs - toolkit/modules/Moat.sys.mjs Changes: ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java ===================================== @@ -6319,10 +6319,10 @@ public class GeckoSession { } private static String normalizePath(String input) { - // For an unclear reason, Android media picker delivers file paths - // starting with double slash. Firefox performs path validation on - // all paths, and double slash is deemed invalid. - return input.startsWith("//") ? input.substring(1) : input; + // For an unclear reason, Android media picker delivers file paths + // starting with double slash. Firefox performs path validation on + // all paths, and double slash is deemed invalid. + return input.startsWith("//") ? input.substring(1) : input; } private static String getFile(final @NonNull Context context, final @NonNull Uri uri) { ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/TorIntegrationAndroid.java ===================================== @@ -9,671 +9,720 @@ package org.mozilla.geckoview; import android.content.Context; import android.os.AsyncTask; import android.util.Log; - -import androidx.annotation.AnyThread; import androidx.annotation.NonNull; -import androidx.annotation.Nullable; - import java.io.BufferedReader; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.io.InterruptedIOException; import java.util.ArrayList; +import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; import java.util.Map; -import java.util.Set; - import org.mozilla.gecko.EventDispatcher; import org.mozilla.gecko.GeckoAppShell; import org.mozilla.gecko.util.BundleEventListener; import org.mozilla.gecko.util.EventCallback; import org.mozilla.gecko.util.GeckoBundle; - import org.mozilla.geckoview.androidlegacysettings.TorLegacyAndroidSettings; public class TorIntegrationAndroid implements BundleEventListener { - private static final String TAG = "TorIntegrationAndroid"; - - // Events we listen to - private static final String EVENT_TOR_START = "GeckoView:Tor:StartTor"; - private static final String EVENT_TOR_STOP = "GeckoView:Tor:StopTor"; - private static final String EVENT_MEEK_START = "GeckoView:Tor:StartMeek"; - private static final String EVENT_MEEK_STOP = "GeckoView:Tor:StopMeek"; - private static final String EVENT_CONNECT_STATE_CHANGED = "GeckoView:Tor:ConnectStateChanged"; - private static final String EVENT_CONNECT_ERROR = "GeckoView:Tor:ConnectError"; - private static final String EVENT_BOOTSTRAP_PROGRESS = "GeckoView:Tor:BootstrapProgress"; - private static final String EVENT_BOOTSTRAP_COMPLETE = "GeckoView:Tor:BootstrapComplete"; - private static final String EVENT_TOR_LOGS = "GeckoView:Tor:Logs"; - private static final String EVENT_SETTINGS_READY = "GeckoView:Tor:SettingsReady"; - private static final String EVENT_SETTINGS_CHANGED = "GeckoView:Tor:SettingsChanged"; - private static final String EVENT_SETTINGS_OPEN = "GeckoView:Tor:OpenSettings"; - - // Events we emit - private static final String EVENT_SETTINGS_GET = "GeckoView:Tor:SettingsGet"; - private static final String EVENT_SETTINGS_SET = "GeckoView:Tor:SettingsSet"; - private static final String EVENT_SETTINGS_APPLY = "GeckoView:Tor:SettingsApply"; - private static final String EVENT_SETTINGS_SAVE = "GeckoView:Tor:SettingsSave"; - private static final String EVENT_BOOTSTRAP_BEGIN = "GeckoView:Tor:BootstrapBegin"; - private static final String EVENT_BOOTSTRAP_BEGIN_AUTO = "GeckoView:Tor:BootstrapBeginAuto"; - private static final String EVENT_BOOTSTRAP_CANCEL = "GeckoView:Tor:BootstrapCancel"; - private static final String EVENT_BOOTSTRAP_GET_STATE = "GeckoView:Tor:BootstrapGetState"; - - private static final String CONTROL_PORT_FILE = "/control-ipc"; - private static final String SOCKS_FILE = "/socks-ipc"; - private static final String COOKIE_AUTH_FILE = "/auth-file"; - - private final String mLibraryDir; - private final String mCacheDir; - private final String mIpcDirectory; - private final File mDataDir; - - private TorProcess mTorProcess = null; - /** - * The first time we run a Tor process in this session, we copy some configuration files to be - * sure we always have the latest version, but if we re-launch a tor process we do not need to - * copy them again. - */ - private boolean mCopiedConfigFiles = false; - /** - * Allow multiple proxies to be started, even though it might not actually happen. - * The key should be positive (also 0 is not allowed). - */ - private final HashMap<Integer, MeekTransport> mMeeks = new HashMap<>(); - private int mMeekCounter; - - /** - * mSettings is a Java-side copy of the authoritative settings in the JS code. - * It's useful to maintain as the UI may be fetching these options often and we don't watch each - * fetch to be a passthrough to JS with marshalling/unmarshalling each time. - */ - private TorSettings mSettings = null; - - /* package */ TorIntegrationAndroid(Context context) { - mLibraryDir = context.getApplicationInfo().nativeLibraryDir; - mCacheDir = context.getCacheDir().getAbsolutePath(); - mIpcDirectory = mCacheDir + "/tor-private"; - mDataDir = new File(context.getFilesDir(), "tor"); - registerListener(); + private static final String TAG = "TorIntegrationAndroid"; + + // Events we listen to + private static final String EVENT_TOR_START = "GeckoView:Tor:StartTor"; + private static final String EVENT_TOR_STOP = "GeckoView:Tor:StopTor"; + private static final String EVENT_MEEK_START = "GeckoView:Tor:StartMeek"; + private static final String EVENT_MEEK_STOP = "GeckoView:Tor:StopMeek"; + private static final String EVENT_CONNECT_STATE_CHANGED = "GeckoView:Tor:ConnectStateChanged"; + private static final String EVENT_CONNECT_ERROR = "GeckoView:Tor:ConnectError"; + private static final String EVENT_BOOTSTRAP_PROGRESS = "GeckoView:Tor:BootstrapProgress"; + private static final String EVENT_BOOTSTRAP_COMPLETE = "GeckoView:Tor:BootstrapComplete"; + private static final String EVENT_TOR_LOGS = "GeckoView:Tor:Logs"; + private static final String EVENT_SETTINGS_READY = "GeckoView:Tor:SettingsReady"; + private static final String EVENT_SETTINGS_CHANGED = "GeckoView:Tor:SettingsChanged"; + private static final String EVENT_SETTINGS_OPEN = "GeckoView:Tor:OpenSettings"; + + // Events we emit + private static final String EVENT_SETTINGS_GET = "GeckoView:Tor:SettingsGet"; + private static final String EVENT_SETTINGS_SET = "GeckoView:Tor:SettingsSet"; + private static final String EVENT_SETTINGS_APPLY = "GeckoView:Tor:SettingsApply"; + private static final String EVENT_SETTINGS_SAVE = "GeckoView:Tor:SettingsSave"; + private static final String EVENT_BOOTSTRAP_BEGIN = "GeckoView:Tor:BootstrapBegin"; + private static final String EVENT_BOOTSTRAP_BEGIN_AUTO = "GeckoView:Tor:BootstrapBeginAuto"; + private static final String EVENT_BOOTSTRAP_CANCEL = "GeckoView:Tor:BootstrapCancel"; + private static final String EVENT_BOOTSTRAP_GET_STATE = "GeckoView:Tor:BootstrapGetState"; + + private static final String CONTROL_PORT_FILE = "/control-ipc"; + private static final String SOCKS_FILE = "/socks-ipc"; + private static final String COOKIE_AUTH_FILE = "/auth-file"; + + private final String mLibraryDir; + private final String mCacheDir; + private final String mIpcDirectory; + private final File mDataDir; + + private TorProcess mTorProcess = null; + + /** + * The first time we run a Tor process in this session, we copy some configuration files to be + * sure we always have the latest version, but if we re-launch a tor process we do not need to + * copy them again. + */ + private boolean mCopiedConfigFiles = false; + + /** + * Allow multiple proxies to be started, even though it might not actually happen. The key should + * be positive (also 0 is not allowed). + */ + private final HashMap<Integer, MeekTransport> mMeeks = new HashMap<>(); + + private int mMeekCounter; + + /** + * mSettings is a Java-side copy of the authoritative settings in the JS code. It's useful to + * maintain as the UI may be fetching these options often and we don't watch each fetch to be a + * passthrough to JS with marshalling/unmarshalling each time. + */ + private TorSettings mSettings = null; + + /* package */ TorIntegrationAndroid(Context context) { + mLibraryDir = context.getApplicationInfo().nativeLibraryDir; + mCacheDir = context.getCacheDir().getAbsolutePath(); + mIpcDirectory = mCacheDir + "/tor-private"; + mDataDir = new File(context.getFilesDir(), "tor"); + registerListener(); + } + + /* package */ synchronized void shutdown() { + // FIXME: It seems this never gets called + if (mTorProcess != null) { + mTorProcess.shutdown(); + mTorProcess = null; } - - /* package */ synchronized void shutdown() { - // FIXME: It seems this never gets called - if (mTorProcess != null) { - mTorProcess.shutdown(); - mTorProcess = null; - } + } + + private void registerListener() { + EventDispatcher.getInstance() + .registerUiThreadListener( + this, + EVENT_TOR_START, + EVENT_MEEK_START, + EVENT_MEEK_STOP, + EVENT_SETTINGS_READY, + EVENT_SETTINGS_CHANGED, + EVENT_CONNECT_STATE_CHANGED, + EVENT_CONNECT_ERROR, + EVENT_BOOTSTRAP_PROGRESS, + EVENT_BOOTSTRAP_COMPLETE, + EVENT_TOR_LOGS, + EVENT_SETTINGS_OPEN); + } + + @Override // BundleEventListener + public synchronized void handleMessage( + final String event, final GeckoBundle message, final EventCallback callback) { + if (EVENT_TOR_START.equals(event)) { + startDaemon(message, callback); + } else if (EVENT_TOR_STOP.equals(event)) { + stopDaemon(message, callback); + } else if (EVENT_MEEK_START.equals(event)) { + startMeek(message, callback); + } else if (EVENT_MEEK_STOP.equals(event)) { + stopMeek(message, callback); + } else if (EVENT_SETTINGS_READY.equals(event)) { + try { + new SettingsLoader().execute(message); + } catch (Exception e) { + Log.e(TAG, "SettingsLoader error: " + e.toString()); + } + } else if (EVENT_SETTINGS_CHANGED.equals(event)) { + GeckoBundle newSettings = message.getBundle("settings"); + if (newSettings != null) { + // TODO: Should we notify listeners? + mSettings = new TorSettings(newSettings); + } else { + Log.w(TAG, "Ignoring a settings changed event that did not have the new settings."); + } + } else if (EVENT_CONNECT_STATE_CHANGED.equals(event)) { + String state = message.getString("state"); + for (BootstrapStateChangeListener listener : mBootstrapStateListeners) { + listener.onBootstrapStateChange(state); + } + } else if (EVENT_CONNECT_ERROR.equals(event)) { + String code = message.getString("code"); + String msg = message.getString("message"); + String phase = message.getString("phase"); + String reason = message.getString("reason"); + for (BootstrapStateChangeListener listener : mBootstrapStateListeners) { + listener.onBootstrapError(code, msg, phase, reason); + } + } else if (EVENT_BOOTSTRAP_PROGRESS.equals(event)) { + double progress = message.getDouble("progress"); + boolean hasWarnings = message.getBoolean("hasWarnings"); + for (BootstrapStateChangeListener listener : mBootstrapStateListeners) { + listener.onBootstrapProgress(progress, hasWarnings); + } + } else if (EVENT_BOOTSTRAP_COMPLETE.equals(event)) { + for (BootstrapStateChangeListener listener : mBootstrapStateListeners) { + listener.onBootstrapComplete(); + } + } else if (EVENT_TOR_LOGS.equals(event)) { + String msg = message.getString("message"); + String type = message.getString("logType"); + for (TorLogListener listener : mLogListeners) { + listener.onLog(type, msg); + } + } else if (EVENT_SETTINGS_OPEN.equals(event)) { + for (BootstrapStateChangeListener listener : mBootstrapStateListeners) { + listener.onSettingsRequested(); + } } - - private void registerListener() { - EventDispatcher.getInstance() - .registerUiThreadListener( - this, - EVENT_TOR_START, - EVENT_MEEK_START, - EVENT_MEEK_STOP, - EVENT_SETTINGS_READY, - EVENT_SETTINGS_CHANGED, - EVENT_CONNECT_STATE_CHANGED, - EVENT_CONNECT_ERROR, - EVENT_BOOTSTRAP_PROGRESS, - EVENT_BOOTSTRAP_COMPLETE, - EVENT_TOR_LOGS, - EVENT_SETTINGS_OPEN); + } + + private class SettingsLoader extends AsyncTask<GeckoBundle, Void, TorSettings> { + protected TorSettings doInBackground(GeckoBundle... messages) { + GeckoBundle message = messages[0]; + TorSettings settings; + if (TorLegacyAndroidSettings.unmigrated()) { + settings = TorLegacyAndroidSettings.loadTorSettings(); + } else { + GeckoBundle bundle = message.getBundle("settings"); + settings = new TorSettings(bundle); + } + return settings; } - @Override // BundleEventListener - public synchronized void handleMessage( - final String event, final GeckoBundle message, final EventCallback callback) { - if (EVENT_TOR_START.equals(event)) { - startDaemon(message, callback); - } else if (EVENT_TOR_STOP.equals(event)) { - stopDaemon(message, callback); - } else if (EVENT_MEEK_START.equals(event)) { - startMeek(message, callback); - } else if (EVENT_MEEK_STOP.equals(event)) { - stopMeek(message, callback); - } else if (EVENT_SETTINGS_READY.equals(event)) { - try { - new SettingsLoader().execute(message); - } catch(Exception e) { - Log.e(TAG, "SettingsLoader error: "+ e.toString()); - } - } else if (EVENT_SETTINGS_CHANGED.equals(event)) { - GeckoBundle newSettings = message.getBundle("settings"); - if (newSettings != null) { - // TODO: Should we notify listeners? - mSettings = new TorSettings(newSettings); - } else { - Log.w(TAG, "Ignoring a settings changed event that did not have the new settings."); - } - } else if (EVENT_CONNECT_STATE_CHANGED.equals(event)) { - String state = message.getString("state"); - for (BootstrapStateChangeListener listener: mBootstrapStateListeners) { - listener.onBootstrapStateChange(state); - } - } else if (EVENT_CONNECT_ERROR.equals(event)) { - String code = message.getString("code"); - String msg = message.getString("message"); - String phase = message.getString("phase"); - String reason = message.getString("reason"); - for (BootstrapStateChangeListener listener: mBootstrapStateListeners) { - listener.onBootstrapError(code, msg, phase, reason); - } - } else if (EVENT_BOOTSTRAP_PROGRESS.equals(event)) { - double progress = message.getDouble("progress"); - boolean hasWarnings = message.getBoolean("hasWarnings"); - for (BootstrapStateChangeListener listener: mBootstrapStateListeners) { - listener.onBootstrapProgress(progress, hasWarnings); - } - } else if (EVENT_BOOTSTRAP_COMPLETE.equals(event)) { - for (BootstrapStateChangeListener listener: mBootstrapStateListeners) { - listener.onBootstrapComplete(); - } - } else if (EVENT_TOR_LOGS.equals(event)) { - String msg = message.getString("message"); - String type = message.getString("logType"); - for (TorLogListener listener: mLogListeners) { - listener.onLog(type, msg); - } - } else if (EVENT_SETTINGS_OPEN.equals(event)) { - for (BootstrapStateChangeListener listener: mBootstrapStateListeners) { - listener.onSettingsRequested(); - } - } + @Override + protected void onPostExecute(TorSettings torSettings) { + mSettings = torSettings; + if (TorLegacyAndroidSettings.unmigrated()) { + setSettings(mSettings, true, true); + TorLegacyAndroidSettings.setMigrated(); + } + } + } + + private synchronized void startDaemon(final GeckoBundle message, final EventCallback callback) { + // Let JS generate this to possibly reduce the chance of race conditions. + String handle = message.getString("handle", ""); + if (handle.isEmpty()) { + Log.e(TAG, "Requested to start a tor process without a handle."); + callback.sendError("Expected a handle for the new process."); + return; } + Log.d(TAG, "Starting the a tor process with handle " + handle); - private class SettingsLoader extends AsyncTask<GeckoBundle, Void, TorSettings> { - protected TorSettings doInBackground(GeckoBundle... messages) { - GeckoBundle message = messages[0]; - TorSettings settings; - if (TorLegacyAndroidSettings.unmigrated()) { - settings = TorLegacyAndroidSettings.loadTorSettings(); - } else { - GeckoBundle bundle = message.getBundle("settings"); - settings = new TorSettings(bundle); - } - return settings; - } + TorProcess previousProcess = mTorProcess; + if (previousProcess != null) { + Log.w(TAG, "We still have a running process: " + previousProcess.getHandle()); + } + mTorProcess = new TorProcess(handle); + + GeckoBundle bundle = new GeckoBundle(3); + bundle.putString("controlPortPath", mIpcDirectory + CONTROL_PORT_FILE); + bundle.putString("socksPath", mIpcDirectory + SOCKS_FILE); + bundle.putString("cookieFilePath", mIpcDirectory + COOKIE_AUTH_FILE); + callback.sendSuccess(bundle); + } + + private synchronized void stopDaemon(final GeckoBundle message, final EventCallback callback) { + if (mTorProcess == null) { + if (callback != null) { + callback.sendSuccess(null); + } + return; + } + String handle = message.getString("handle", ""); + if (!mTorProcess.getHandle().equals(handle)) { + GeckoBundle bundle = new GeckoBundle(1); + bundle.putString( + "error", "The requested process has not been found. It might have already been stopped."); + callback.sendError(bundle); + return; + } + mTorProcess.shutdown(); + mTorProcess = null; + callback.sendSuccess(null); + } + + class TorProcess extends Thread { + private static final String EVENT_TOR_STARTED = "GeckoView:Tor:TorStarted"; + private static final String EVENT_TOR_START_FAILED = "GeckoView:Tor:TorStartFailed"; + private static final String EVENT_TOR_EXITED = "GeckoView:Tor:TorExited"; + private final String mHandle; + private Process mProcess = null; + + TorProcess(String handle) { + mHandle = handle; + setName("tor-process-" + handle); + start(); + } - @Override - protected void onPostExecute(TorSettings torSettings) { - mSettings = torSettings; - if (TorLegacyAndroidSettings.unmigrated()) { - setSettings(mSettings, true, true); - TorLegacyAndroidSettings.setMigrated(); - } + @Override + public void run() { + cleanIpcDirectory(); + + final String ipcDir = TorIntegrationAndroid.this.mIpcDirectory; + final ArrayList<String> args = new ArrayList<>(); + args.add(mLibraryDir + "/libTor.so"); + args.add("DisableNetwork"); + args.add("1"); + args.add("+__ControlPort"); + args.add("unix:" + ipcDir + CONTROL_PORT_FILE); + args.add("+__SocksPort"); + args.add("unix:" + ipcDir + SOCKS_FILE + " IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth"); + args.add("CookieAuthentication"); + args.add("1"); + args.add("CookieAuthFile"); + args.add(ipcDir + COOKIE_AUTH_FILE); + args.add("DataDirectory"); + args.add(mDataDir.getAbsolutePath()); + boolean copied = true; + try { + copyAndUseConfigFile("--defaults-torrc", "torrc-defaults", args); + } catch (IOException e) { + Log.w( + TAG, "torrc-default cannot be created, pluggable transports will not be available", e); + copied = false; + } + // tor-browser#42607: For now we do not ship geoip databases, as we + // do not have the circuit display functionality and they allow us + // to save some space in the final APK. + /*try { + copyAndUseConfigFile("GeoIPFile", "geoip", args); + copyAndUseConfigFile("GeoIPv6File", "geoip6", args); + } catch (IOException e) { + Log.w(TAG, "GeoIP files cannot be created, this feature will not be available.", e); + copied = false; + }*/ + mCopiedConfigFiles = copied; + + Log.d(TAG, "Starting tor with the follwing args: " + args.toString()); + final ProcessBuilder builder = new ProcessBuilder(args); + builder.directory(new File(mLibraryDir)); + try { + mProcess = builder.start(); + } catch (IOException e) { + Log.e(TAG, "Cannot start tor " + mHandle, e); + final GeckoBundle data = new GeckoBundle(2); + data.putString("handle", mHandle); + data.putString("error", e.getMessage()); + EventDispatcher.getInstance().dispatch(EVENT_TOR_START_FAILED, data); + return; + } + Log.i(TAG, "Tor process " + mHandle + " started."); + { + final GeckoBundle data = new GeckoBundle(1); + data.putString("handle", mHandle); + EventDispatcher.getInstance().dispatch(EVENT_TOR_STARTED, data); + } + try { + BufferedReader reader = + new BufferedReader(new InputStreamReader(mProcess.getInputStream())); + String line; + while ((line = reader.readLine()) != null) { + Log.i(TAG, "[tor-" + mHandle + "] " + line); } + } catch (IOException e) { + Log.e(TAG, "Failed to read stdout of the tor process " + mHandle, e); + } + Log.d(TAG, "Exiting the stdout loop for process " + mHandle); + final GeckoBundle data = new GeckoBundle(2); + data.putString("handle", mHandle); + try { + data.putInt("status", mProcess.waitFor()); + } catch (InterruptedException e) { + Log.e(TAG, "Failed to wait for the tor process " + mHandle, e); + data.putInt("status", 0xdeadbeef); + } + // FIXME: We usually don't reach this when the application is killed! + // So, we don't do our cleanup. + Log.i(TAG, "Tor process " + mHandle + " has exited."); + EventDispatcher.getInstance().dispatch(EVENT_TOR_EXITED, data); } - private synchronized void startDaemon(final GeckoBundle message, final EventCallback callback) { - // Let JS generate this to possibly reduce the chance of race conditions. - String handle = message.getString("handle", ""); - if (handle.isEmpty()) { - Log.e(TAG, "Requested to start a tor process without a handle."); - callback.sendError("Expected a handle for the new process."); - return; + private void cleanIpcDirectory() { + File directory = new File(TorIntegrationAndroid.this.mIpcDirectory); + if (!directory.isDirectory()) { + if (!directory.mkdirs()) { + Log.e(TAG, "Failed to create the IPC directory."); + return; } - Log.d(TAG, "Starting the a tor process with handle " + handle); - - TorProcess previousProcess = mTorProcess; - if (previousProcess != null) { - Log.w(TAG, "We still have a running process: " + previousProcess.getHandle()); + try { + // First remove the permissions for everybody... + directory.setReadable(false, false); + directory.setWritable(false, false); + directory.setExecutable(false, false); + // ... then add them back, but only for the owner. + directory.setReadable(true, true); + directory.setWritable(true, true); + directory.setExecutable(true, true); + } catch (SecurityException e) { + Log.e(TAG, "Could not set the permissions to the IPC directory.", e); } - mTorProcess = new TorProcess(handle); + return; + } + // We assume we do not have child directories, only files + File[] maybeFiles = directory.listFiles(); + if (maybeFiles != null) { + for (File file : maybeFiles) { + if (!file.delete()) { + Log.d(TAG, "Could not delete " + file); + } + } + } + } - GeckoBundle bundle = new GeckoBundle(3); - bundle.putString("controlPortPath", mIpcDirectory + CONTROL_PORT_FILE); - bundle.putString("socksPath", mIpcDirectory + SOCKS_FILE); - bundle.putString("cookieFilePath", mIpcDirectory + COOKIE_AUTH_FILE); - callback.sendSuccess(bundle); + private void copyAndUseConfigFile(String option, String name, ArrayList<String> args) + throws IOException { + File file = copyConfigFile(name); + args.add(option); + args.add(file.getAbsolutePath()); } - private synchronized void stopDaemon(final GeckoBundle message, final EventCallback callback) { - if (mTorProcess == null) { - if (callback != null) { - callback.sendSuccess(null); - } - return; + private File copyConfigFile(String name) throws IOException { + final File file = new File(mCacheDir, name); + if (mCopiedConfigFiles && file.exists()) { + return file; + } + + final Context context = GeckoAppShell.getApplicationContext(); + final InputStream in = context.getAssets().open("common/" + name); + // Files.copy is API 26+, so use java.io and a loop for now. + FileOutputStream out = null; + try { + out = new FileOutputStream(file); + } catch (IOException e) { + in.close(); + throw e; + } + try { + byte buffer[] = new byte[4096]; + int read; + while ((read = in.read(buffer)) >= 0) { + out.write(buffer, 0, read); } - String handle = message.getString("handle", ""); - if (!mTorProcess.getHandle().equals(handle)) { - GeckoBundle bundle = new GeckoBundle(1); - bundle.putString("error", "The requested process has not been found. It might have already been stopped."); - callback.sendError(bundle); - return; + } finally { + try { + in.close(); + } catch (IOException e) { + Log.w(TAG, "Cannot close the input stream for " + name); } - mTorProcess.shutdown(); - mTorProcess = null; - callback.sendSuccess(null); + try { + out.close(); + } catch (IOException e) { + Log.w(TAG, "Cannot close the output stream for " + name); + } + } + return file; } - class TorProcess extends Thread { - private static final String EVENT_TOR_STARTED = "GeckoView:Tor:TorStarted"; - private static final String EVENT_TOR_START_FAILED = "GeckoView:Tor:TorStartFailed"; - private static final String EVENT_TOR_EXITED = "GeckoView:Tor:TorExited"; - private final String mHandle; - private Process mProcess = null; - - TorProcess(String handle) { - mHandle = handle; - setName("tor-process-" + handle); - start(); + public void shutdown() { + if (mProcess != null && mProcess.isAlive()) { + mProcess.destroy(); + } + if (isAlive()) { + try { + join(); + } catch (InterruptedException e) { + Log.e( + TAG, + "Cannot join the thread for tor process " + mHandle + ", possibly already terminated", + e); } + } + } - @Override - public void run() { - cleanIpcDirectory(); - - final String ipcDir = TorIntegrationAndroid.this.mIpcDirectory; - final ArrayList<String> args = new ArrayList<>(); - args.add(mLibraryDir + "/libTor.so"); - args.add("DisableNetwork"); - args.add("1"); - args.add("+__ControlPort"); - args.add("unix:" + ipcDir + CONTROL_PORT_FILE); - args.add("+__SocksPort"); - args.add("unix:" + ipcDir + SOCKS_FILE + " IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth"); - args.add("CookieAuthentication"); - args.add("1"); - args.add("CookieAuthFile"); - args.add(ipcDir + COOKIE_AUTH_FILE); - args.add("DataDirectory"); - args.add(mDataDir.getAbsolutePath()); - boolean copied = true; - try { - copyAndUseConfigFile("--defaults-torrc", "torrc-defaults", args); - } catch (IOException e) { - Log.w(TAG, "torrc-default cannot be created, pluggable transports will not be available", e); - copied = false; - } - // tor-browser#42607: For now we do not ship geoip databases, as we - // do not have the circuit display functionality and they allow us - // to save some space in the final APK. - /*try { - copyAndUseConfigFile("GeoIPFile", "geoip", args); - copyAndUseConfigFile("GeoIPv6File", "geoip6", args); - } catch (IOException e) { - Log.w(TAG, "GeoIP files cannot be created, this feature will not be available.", e); - copied = false; - }*/ - mCopiedConfigFiles = copied; - - Log.d(TAG, "Starting tor with the follwing args: " + args.toString()); - final ProcessBuilder builder = new ProcessBuilder(args); - builder.directory(new File(mLibraryDir)); - try { - mProcess = builder.start(); - } catch (IOException e) { - Log.e(TAG, "Cannot start tor " + mHandle, e); - final GeckoBundle data = new GeckoBundle(2); - data.putString("handle", mHandle); - data.putString("error", e.getMessage()); - EventDispatcher.getInstance().dispatch(EVENT_TOR_START_FAILED, data); - return; - } - Log.i(TAG, "Tor process " + mHandle + " started."); - { - final GeckoBundle data = new GeckoBundle(1); - data.putString("handle", mHandle); - EventDispatcher.getInstance().dispatch(EVENT_TOR_STARTED, data); - } - try { - BufferedReader reader = new BufferedReader(new InputStreamReader(mProcess.getInputStream())); - String line; - while ((line = reader.readLine()) != null) { - Log.i(TAG, "[tor-" + mHandle + "] " + line); - } - } catch (IOException e) { - Log.e(TAG, "Failed to read stdout of the tor process " + mHandle, e); - } - Log.d(TAG, "Exiting the stdout loop for process " + mHandle); - final GeckoBundle data = new GeckoBundle(2); - data.putString("handle", mHandle); - try { - data.putInt("status", mProcess.waitFor()); - } catch (InterruptedException e) { - Log.e(TAG, "Failed to wait for the tor process " + mHandle, e); - data.putInt("status", 0xdeadbeef); - } - // FIXME: We usually don't reach this when the application is killed! - // So, we don't do our cleanup. - Log.i(TAG, "Tor process " + mHandle + " has exited."); - EventDispatcher.getInstance().dispatch(EVENT_TOR_EXITED, data); - } + public String getHandle() { + return mHandle; + } + } + + private synchronized void startMeek(final GeckoBundle message, final EventCallback callback) { + if (callback == null) { + Log.e(TAG, "Tried to start Meek without a callback."); + return; + } + mMeekCounter++; + mMeeks.put( + new Integer(mMeekCounter), + new MeekTransport(callback, mMeekCounter, message.getStringArray("arguments"))); + } + + private synchronized void stopMeek(final GeckoBundle message, final EventCallback callback) { + final Integer key = message.getInteger("id"); + final MeekTransport meek = mMeeks.remove(key); + if (meek != null) { + meek.shutdown(); + } + if (callback != null) { + callback.sendSuccess(null); + } + } + + private class MeekTransport extends Thread { + private static final String TRANSPORT = "meek_lite"; + private Process mProcess; + private final EventCallback mCallback; + private final int mId; + + MeekTransport(final EventCallback callback, int id, String[] args) { + setName("meek-" + id); + + final String command = mLibraryDir + "/libObfs4proxy.so"; + ArrayList<String> argList = new ArrayList<String>(); + argList.add(command); + if (args != null && args.length > 0) { + // Normally not used, but it helps to debug only by editing JS. + Log.d(TAG, "Requested custom arguments for meek: " + String.join(" ", args)); + argList.addAll(Arrays.asList(args)); + } + final ProcessBuilder builder = new ProcessBuilder(argList); + + File ptStateDir = new File(mDataDir, "pt_state"); + Log.d(TAG, "Using " + ptStateDir.getAbsolutePath() + " as a state directory for meek."); + final Map<String, String> env = builder.environment(); + env.put("TOR_PT_MANAGED_TRANSPORT_VER", "1"); + env.put("TOR_PT_STATE_LOCATION", ptStateDir.getAbsolutePath()); + env.put("TOR_PT_EXIT_ON_STDIN_CLOSE", "1"); + env.put("TOR_PT_CLIENT_TRANSPORTS", TRANSPORT); + + mCallback = callback; + mId = id; + try { + // We expect this process to be short-lived, therefore we do not bother with + // implementing this as a service. + mProcess = builder.start(); + } catch (IOException e) { + Log.e(TAG, "Cannot start the PT", e); + callback.sendError(e.getMessage()); + return; + } + start(); + } - private void cleanIpcDirectory() { - File directory = new File(TorIntegrationAndroid.this.mIpcDirectory); - if (!directory.isDirectory()) { - if (!directory.mkdirs()) { - Log.e(TAG, "Failed to create the IPC directory."); - return; - } - try { - // First remove the permissions for everybody... - directory.setReadable(false, false); - directory.setWritable(false, false); - directory.setExecutable(false, false); - // ... then add them back, but only for the owner. - directory.setReadable(true, true); - directory.setWritable(true, true); - directory.setExecutable(true, true); - } catch (SecurityException e) { - Log.e(TAG, "Could not set the permissions to the IPC directory.", e); - } - return; + /** + * Parse the standard output of the pluggable transport to find the hostname and port it is + * listening on. + * + * <p>See also the specs for the IPC protocol at https://spec.torproject.org/pt-spec/ipc.html. + */ + @Override + public void run() { + final String PROTOCOL_VERSION = "1"; + String hostname = ""; + boolean valid = false; + int port = 0; + String error = "Did not see a CMETHOD"; + try { + InputStreamReader isr = new InputStreamReader(mProcess.getInputStream()); + BufferedReader reader = new BufferedReader(isr); + String line; + while ((line = reader.readLine()) != null) { + line = line.trim(); + Log.d(TAG, "Meek line: " + line); + // Split produces always at least one item + String[] tokens = line.split(" "); + if ("VERSION".equals(tokens[0]) + && (tokens.length != 2 || !PROTOCOL_VERSION.equals(tokens[1]))) { + error = "Bad version: " + line; + break; + } + if ("CMETHOD".equals(tokens[0])) { + if (tokens.length != 4) { + error = "Bad number of tokens in CMETHOD: " + line; + break; } - // We assume we do not have child directories, only files - File[] maybeFiles = directory.listFiles(); - if (maybeFiles != null) { - for (File file : maybeFiles) { - if (!file.delete()) { - Log.d(TAG, "Could not delete " + file); - } - } + if (!tokens[1].equals(TRANSPORT)) { + error = "Unexpected transport: " + tokens[1]; + break; } - } - - private void copyAndUseConfigFile(String option, String name, ArrayList<String> args) throws IOException { - File file = copyConfigFile(name); - args.add(option); - args.add(file.getAbsolutePath()); - } - - private File copyConfigFile(String name) throws IOException { - final File file = new File(mCacheDir, name); - if (mCopiedConfigFiles && file.exists()) { - return file; + if (!"socks5".equals(tokens[2])) { + error = "Unexpected proxy type: " + tokens[2]; + break; } - - final Context context = GeckoAppShell.getApplicationContext(); - final InputStream in = context.getAssets().open("common/" + name); - // Files.copy is API 26+, so use java.io and a loop for now. - FileOutputStream out = null; - try { - out = new FileOutputStream(file); - } catch (IOException e) { - in.close(); - throw e; + String[] addr = tokens[3].split(":"); + if (addr.length != 2) { + error = "Invalid address"; + break; } + hostname = addr[0]; try { - byte buffer[] = new byte[4096]; - int read; - while ((read = in.read(buffer)) >= 0) { - out.write(buffer, 0, read); - } - } finally { - try { - in.close(); - } catch (IOException e) { - Log.w(TAG, "Cannot close the input stream for " + name); - } - try { - out.close(); - } catch (IOException e) { - Log.w(TAG, "Cannot close the output stream for " + name); - } - } - return file; - } - - public void shutdown() { - if (mProcess != null && mProcess.isAlive()) { - mProcess.destroy(); + port = Integer.parseInt(addr[1]); + } catch (NumberFormatException e) { + error = "Invalid port: " + e.getMessage(); + break; } - if (isAlive()) { - try { - join(); - } catch (InterruptedException e) { - Log.e(TAG, "Cannot join the thread for tor process " + mHandle + ", possibly already terminated", e); - } + if (port < 1 || port > 65535) { + error = "Invalid port: out of bounds"; + break; } + valid = true; + break; + } + if (tokens[0].endsWith("-ERROR")) { + error = "Seen an error: " + line; + break; + } } - - public String getHandle() { - return mHandle; - } + } catch (Exception e) { + error = e.getMessage(); + } + if (valid) { + Log.d(TAG, "Setup a meek transport " + mId + ": " + hostname + ":" + port); + final GeckoBundle bundle = new GeckoBundle(3); + bundle.putInt("id", mId); + bundle.putString("address", hostname); + bundle.putInt("port", port); + mCallback.sendSuccess(bundle); + } else { + Log.e(TAG, "Failed to get a usable config from the PT: " + error); + mCallback.sendError(error); + return; + } + dumpStdout(); } - private synchronized void startMeek(final GeckoBundle message, final EventCallback callback) { - if (callback == null) { - Log.e(TAG, "Tried to start Meek without a callback."); - return; - } - mMeekCounter++; - mMeeks.put(new Integer(mMeekCounter), new MeekTransport(callback, mMeekCounter)); + void shutdown() { + if (mProcess != null) { + Log.i(TAG, "Shutting down meek process " + mId); + mProcess.destroy(); + mProcess = null; + } else { + Log.w( + TAG, + "Shutdown request on the meek process " + mId + " that has already been shutdown."); + } + try { + join(); + } catch (InterruptedException e) { + Log.e(TAG, "Could not join the meek thread", e); + } } - private synchronized void stopMeek(final GeckoBundle message, final EventCallback callback) { - final Integer key = message.getInteger("id"); - final MeekTransport meek = mMeeks.remove(key); - if (meek != null) { - meek.shutdown(); - } - if (callback != null) { - callback.sendSuccess(null); + void dumpStdout() { + try { + BufferedReader reader = + new BufferedReader(new InputStreamReader(mProcess.getInputStream())); + String line; + while ((line = reader.readLine()) != null) { + Log.d(TAG, "[meek-" + mId + "] " + line); } + } catch (InterruptedIOException e) { + // This happens normally, do not log it. + } catch (IOException e) { + Log.e(TAG, "Failed to read stdout of the meek process process " + mId, e); + } } + } - private class MeekTransport extends Thread { - private static final String TRANSPORT = "meek_lite"; - private Process mProcess; - private final EventCallback mCallback; - private final int mId; - - MeekTransport(final EventCallback callback, int id) { - setName("meek-" + id); - final ProcessBuilder builder = new ProcessBuilder(mLibraryDir + "/libObfs4proxy.so"); - { - File ptStateDir = new File(mDataDir, "pt_state"); - final Map<String, String> env = builder.environment(); - env.put("TOR_PT_MANAGED_TRANSPORT_VER", "1"); - env.put("TOR_PT_STATE_LOCATION", ptStateDir.getAbsolutePath()); - env.put("TOR_PT_EXIT_ON_STDIN_CLOSE", "1"); - env.put("TOR_PT_CLIENT_TRANSPORTS", TRANSPORT); - } - mCallback = callback; - mId = id; - try { - // We expect this process to be short-lived, therefore we do not bother with - // implementing this as a service. - mProcess = builder.start(); - } catch (IOException e) { - Log.e(TAG, "Cannot start the PT", e); - callback.sendError(e.getMessage()); - return; - } - start(); - } + public interface BootstrapStateChangeListener { + void onBootstrapStateChange(String state); - /** - * Parse the standard output of the pluggable transport to find the hostname and port it is - * listening on. - * <p> - * See also the specs for the IPC protocol at https://spec.torproject.org/pt-spec/ipc.html. - */ - @Override - public void run() { - final String PROTOCOL_VERSION = "1"; - String hostname = ""; - boolean valid = false; - int port = 0; - String error = "Did not see a CMETHOD"; - try { - InputStreamReader isr = new InputStreamReader(mProcess.getInputStream()); - BufferedReader reader = new BufferedReader(isr); - String line; - while ((line = reader.readLine()) != null) { - line = line.trim(); - Log.d(TAG, "Meek line: " + line); - // Split produces always at least one item - String[] tokens = line.split(" "); - if ("VERSION".equals(tokens[0]) && (tokens.length != 2 || !PROTOCOL_VERSION.equals(tokens[1]))) { - error = "Bad version: " + line; - break; - } - if ("CMETHOD".equals(tokens[0])) { - if (tokens.length != 4) { - error = "Bad number of tokens in CMETHOD: " + line; - break; - } - if (!tokens[1].equals(TRANSPORT)) { - error = "Unexpected transport: " + tokens[1]; - break; - } - if (!"socks5".equals(tokens[2])) { - error = "Unexpected proxy type: " + tokens[2]; - break; - } - String[] addr = tokens[3].split(":"); - if (addr.length != 2) { - error = "Invalid address"; - break; - } - hostname = addr[0]; - try { - port = Integer.parseInt(addr[1]); - } catch (NumberFormatException e) { - error = "Invalid port: " + e.getMessage(); - break; - } - if (port < 1 || port > 65535) { - error = "Invalid port: out of bounds"; - break; - } - valid = true; - break; - } - if (tokens[0].endsWith("-ERROR")) { - error = "Seen an error: " + line; - break; - } - } - } catch (Exception e) { - error = e.getMessage(); - } - if (valid) { - Log.d(TAG, "Setup a meek transport " + mId + ": " + hostname + ":" + port); - final GeckoBundle bundle = new GeckoBundle(3); - bundle.putInt("id", mId); - bundle.putString("address", hostname); - bundle.putInt("port", port); - mCallback.sendSuccess(bundle); - } else { - Log.e(TAG, "Failed to get a usable config from the PT: " + error); - mCallback.sendError(error); - } - } + void onBootstrapProgress(double progress, boolean hasWarnings); - void shutdown() { - if (mProcess != null) { - mProcess.destroy(); - mProcess = null; - } - try { - join(); - } catch (InterruptedException e) { - Log.e(TAG, "Could not join the meek thread", e); - } - } - } + void onBootstrapComplete(); - public interface BootstrapStateChangeListener { - void onBootstrapStateChange(String state); - void onBootstrapProgress(double progress, boolean hasWarnings); - void onBootstrapComplete(); - void onBootstrapError(String code, String message, String phase, String reason); - void onSettingsRequested(); - } + void onBootstrapError(String code, String message, String phase, String reason); - public interface TorLogListener { - void onLog(String logType, String message); - } + void onSettingsRequested(); + } - private @NonNull void reloadSettings() { - EventDispatcher.getInstance().queryBundle(EVENT_SETTINGS_GET).then( new GeckoResult.OnValueListener<GeckoBundle, Void>() { - public GeckoResult<Void> onValue(final GeckoBundle bundle) { + public interface TorLogListener { + void onLog(String logType, String message); + } + + private @NonNull void reloadSettings() { + EventDispatcher.getInstance() + .queryBundle(EVENT_SETTINGS_GET) + .then( + new GeckoResult.OnValueListener<GeckoBundle, Void>() { + public GeckoResult<Void> onValue(final GeckoBundle bundle) { mSettings = new TorSettings(bundle); return new GeckoResult<Void>(); - } - }); - } + } + }); + } - public TorSettings getSettings() { - return mSettings; - } + public TorSettings getSettings() { + return mSettings; + } - public void setSettings(final TorSettings settings, boolean save, boolean apply) { - mSettings = settings; + public void setSettings(final TorSettings settings, boolean save, boolean apply) { + mSettings = settings; - emitSetSettings(settings, save, apply).then( + emitSetSettings(settings, save, apply) + .then( new GeckoResult.OnValueListener<Void, Void>() { - public GeckoResult<Void> onValue(Void v) { - return new GeckoResult<Void>(); - } + public GeckoResult<Void> onValue(Void v) { + return new GeckoResult<Void>(); + } }, new GeckoResult.OnExceptionListener<Void>() { - public GeckoResult<Void> onException(final Throwable e) { - Log.e(TAG, "Failed to set settings", e); - reloadSettings(); - return new GeckoResult<Void>(); - } + public GeckoResult<Void> onException(final Throwable e) { + Log.e(TAG, "Failed to set settings", e); + reloadSettings(); + return new GeckoResult<Void>(); + } }); - } - - private @NonNull GeckoResult<Void> emitSetSettings(final TorSettings settings, boolean save, boolean apply) { - GeckoBundle bundle = new GeckoBundle(3); - bundle.putBoolean("save", save); - bundle.putBoolean("apply", apply); - bundle.putBundle("settings", settings.asGeckoBundle()); - return EventDispatcher.getInstance().queryVoid(EVENT_SETTINGS_SET, bundle); - } - - public @NonNull GeckoResult<Void> applySettings() { - return EventDispatcher.getInstance().queryVoid(EVENT_SETTINGS_APPLY); - } - - public @NonNull GeckoResult<Void> saveSettings() { - return EventDispatcher.getInstance().queryVoid(EVENT_SETTINGS_SAVE); - } - - public @NonNull GeckoResult<Void> beginBootstrap() { - return EventDispatcher.getInstance().queryVoid(EVENT_BOOTSTRAP_BEGIN); - } - - public @NonNull GeckoResult<Void> beginAutoBootstrap(final String countryCode) { - final GeckoBundle bundle = new GeckoBundle(1); - bundle.putString("countryCode", countryCode); - return EventDispatcher.getInstance().queryVoid(EVENT_BOOTSTRAP_BEGIN_AUTO, bundle); - } - - public @NonNull GeckoResult<Void> beginAutoBootstrap() { - return beginAutoBootstrap(null); - } - - public @NonNull GeckoResult<Void> cancelBootstrap() { - return EventDispatcher.getInstance().queryVoid(EVENT_BOOTSTRAP_CANCEL); - } - - public void registerBootstrapStateChangeListener(BootstrapStateChangeListener listener) { - mBootstrapStateListeners.add(listener); - } - - public void unregisterBootstrapStateChangeListener(BootstrapStateChangeListener listener) { - mBootstrapStateListeners.remove(listener); - } - - private final HashSet<BootstrapStateChangeListener> mBootstrapStateListeners = new HashSet<>(); - - public void registerLogListener(TorLogListener listener) { - mLogListeners.add(listener); - } - - public void unregisterLogListener(TorLogListener listener) { - mLogListeners.remove(listener); - } - - private final HashSet<TorLogListener> mLogListeners = new HashSet<>(); + } + + private @NonNull GeckoResult<Void> emitSetSettings( + final TorSettings settings, boolean save, boolean apply) { + GeckoBundle bundle = new GeckoBundle(3); + bundle.putBoolean("save", save); + bundle.putBoolean("apply", apply); + bundle.putBundle("settings", settings.asGeckoBundle()); + return EventDispatcher.getInstance().queryVoid(EVENT_SETTINGS_SET, bundle); + } + + public @NonNull GeckoResult<Void> applySettings() { + return EventDispatcher.getInstance().queryVoid(EVENT_SETTINGS_APPLY); + } + + public @NonNull GeckoResult<Void> saveSettings() { + return EventDispatcher.getInstance().queryVoid(EVENT_SETTINGS_SAVE); + } + + public @NonNull GeckoResult<Void> beginBootstrap() { + return EventDispatcher.getInstance().queryVoid(EVENT_BOOTSTRAP_BEGIN); + } + + public @NonNull GeckoResult<Void> beginAutoBootstrap(final String countryCode) { + final GeckoBundle bundle = new GeckoBundle(1); + bundle.putString("countryCode", countryCode); + return EventDispatcher.getInstance().queryVoid(EVENT_BOOTSTRAP_BEGIN_AUTO, bundle); + } + + public @NonNull GeckoResult<Void> beginAutoBootstrap() { + return beginAutoBootstrap(null); + } + + public @NonNull GeckoResult<Void> cancelBootstrap() { + return EventDispatcher.getInstance().queryVoid(EVENT_BOOTSTRAP_CANCEL); + } + + public void registerBootstrapStateChangeListener(BootstrapStateChangeListener listener) { + mBootstrapStateListeners.add(listener); + } + + public void unregisterBootstrapStateChangeListener(BootstrapStateChangeListener listener) { + mBootstrapStateListeners.remove(listener); + } + + private final HashSet<BootstrapStateChangeListener> mBootstrapStateListeners = new HashSet<>(); + + public void registerLogListener(TorLogListener listener) { + mLogListeners.add(listener); + } + + public void unregisterLogListener(TorLogListener listener) { + mLogListeners.remove(listener); + } + + private final HashSet<TorLogListener> mLogListeners = new HashSet<>(); } ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/TorSettings.java ===================================== @@ -1,185 +1,192 @@ package org.mozilla.geckoview; import android.util.Log; - import org.mozilla.gecko.util.GeckoBundle; public class TorSettings { - public enum BridgeSource { - Invalid(-1), - BuiltIn(0), - BridgeDB(1), - UserProvided(2); - - private int source; - - BridgeSource(final int source) { - this.source = source; - } - - public static BridgeSource fromInt(int i) { - switch (i) { - case -1: return Invalid; - case 0: return BuiltIn; - case 1: return BridgeDB; - case 2: return UserProvided; - } - return Invalid; - } - - public int toInt() { - return this.source; - } + public enum BridgeSource { + Invalid(-1), + BuiltIn(0), + BridgeDB(1), + UserProvided(2); + + private int source; + + BridgeSource(final int source) { + this.source = source; } - public enum ProxyType { - Invalid(-1), - Socks4(0), - Socks5(1), - HTTPS(2); - - private int type; - - ProxyType(final int type) { - this.type = type; - } - - public int toInt() { - return type; - } - - public static ProxyType fromInt(int i) { - switch (i) { - case -1: return Invalid; - case 0: return Socks4; - case 1: return Socks5; - case 2: return HTTPS; - } - return Invalid; - } + public static BridgeSource fromInt(int i) { + switch (i) { + case -1: + return Invalid; + case 0: + return BuiltIn; + case 1: + return BridgeDB; + case 2: + return UserProvided; + } + return Invalid; } - public enum BridgeBuiltinType { - /* TorSettings.sys.mjs ~ln43: string: obfs4|meek-azure|snowflake|etc */ - Invalid("invalid"), - Obfs4("obfs4"), - MeekAzure("meek-azure"), - Snowflake("snowflake"); + public int toInt() { + return this.source; + } + } + public enum ProxyType { + Invalid(-1), + Socks4(0), + Socks5(1), + HTTPS(2); - private String type; + private int type; - BridgeBuiltinType(String type) { - this.type = type; - } + ProxyType(final int type) { + this.type = type; + } - public String toString() { - return type; - } + public int toInt() { + return type; + } - public static BridgeBuiltinType fromString(String s) { - switch (s) { - case "obfs4": return Obfs4; - case "meek-azure": return MeekAzure; - case "snowflake": return Snowflake; - } - return Invalid; - } + public static ProxyType fromInt(int i) { + switch (i) { + case -1: + return Invalid; + case 0: + return Socks4; + case 1: + return Socks5; + case 2: + return HTTPS; + } + return Invalid; + } + } + + public enum BridgeBuiltinType { + /* TorSettings.sys.mjs ~ln43: string: obfs4|meek-azure|snowflake|etc */ + Invalid("invalid"), + Obfs4("obfs4"), + MeekAzure("meek-azure"), + Snowflake("snowflake"); + + private String type; + BridgeBuiltinType(String type) { + this.type = type; } - private boolean loaded = false; + public String toString() { + return type; + } - public boolean enabled = true; + public static BridgeBuiltinType fromString(String s) { + switch (s) { + case "obfs4": + return Obfs4; + case "meek-azure": + return MeekAzure; + case "snowflake": + return Snowflake; + } + return Invalid; + } + } - public boolean quickstart = false; + private boolean loaded = false; - // bridges section - public boolean bridgesEnabled = false; - public BridgeSource bridgesSource = BridgeSource.Invalid; - public BridgeBuiltinType bridgesBuiltinType = BridgeBuiltinType.Invalid; - public String[] bridgeBridgeStrings; + public boolean enabled = true; - // proxy section - public boolean proxyEnabled = false; - public ProxyType proxyType = ProxyType.Invalid; - public String proxyAddress = ""; - public int proxyPort = 0; - public String proxyUsername = ""; - public String proxyPassword = ""; + public boolean quickstart = false; - // firewall section - public boolean firewallEnabled = false; - public int[] firewallAllowedPorts; + // bridges section + public boolean bridgesEnabled = false; + public BridgeSource bridgesSource = BridgeSource.Invalid; + public BridgeBuiltinType bridgesBuiltinType = BridgeBuiltinType.Invalid; + public String[] bridgeBridgeStrings; - public TorSettings() { - } + // proxy section + public boolean proxyEnabled = false; + public ProxyType proxyType = ProxyType.Invalid; + public String proxyAddress = ""; + public int proxyPort = 0; + public String proxyUsername = ""; + public String proxyPassword = ""; + + // firewall section + public boolean firewallEnabled = false; + public int[] firewallAllowedPorts; + + public TorSettings() {} + + public TorSettings(GeckoBundle bundle) { + try { + GeckoBundle qs = bundle.getBundle("quickstart"); + GeckoBundle bridges = bundle.getBundle("bridges"); + GeckoBundle proxy = bundle.getBundle("proxy"); + GeckoBundle firewall = bundle.getBundle("firewall"); + + bridgesEnabled = bridges.getBoolean("enabled"); + bridgesSource = BridgeSource.fromInt(bridges.getInt("source")); + bridgesBuiltinType = BridgeBuiltinType.fromString(bridges.getString("builtin_type")); + bridgeBridgeStrings = bridges.getStringArray("bridge_strings"); - public TorSettings(GeckoBundle bundle) { - try { - GeckoBundle qs = bundle.getBundle("quickstart"); - GeckoBundle bridges = bundle.getBundle("bridges"); - GeckoBundle proxy = bundle.getBundle("proxy"); - GeckoBundle firewall = bundle.getBundle("firewall"); - - bridgesEnabled = bridges.getBoolean("enabled"); - bridgesSource = BridgeSource.fromInt(bridges.getInt("source")); - bridgesBuiltinType = BridgeBuiltinType.fromString(bridges.getString("builtin_type")); - bridgeBridgeStrings = bridges.getStringArray("bridge_strings"); - - quickstart = qs.getBoolean("enabled"); - - firewallEnabled = firewall.getBoolean("enabled"); - firewallAllowedPorts = firewall.getIntArray("allowed_ports"); - - proxyEnabled = proxy.getBoolean("enabled"); - proxyAddress = proxy.getString("address"); - proxyUsername = proxy.getString("username"); - proxyPassword = proxy.getString("password"); - proxyPort = proxy.getInt("port"); - proxyType = ProxyType.fromInt(proxy.getInt("type")); - - loaded = true; - } catch (Exception e) { - Log.e("TorSettings", "bundle access error: " + e.toString(), e); - } + quickstart = qs.getBoolean("enabled"); + + firewallEnabled = firewall.getBoolean("enabled"); + firewallAllowedPorts = firewall.getIntArray("allowed_ports"); + + proxyEnabled = proxy.getBoolean("enabled"); + proxyAddress = proxy.getString("address"); + proxyUsername = proxy.getString("username"); + proxyPassword = proxy.getString("password"); + proxyPort = proxy.getInt("port"); + proxyType = ProxyType.fromInt(proxy.getInt("type")); + + loaded = true; + } catch (Exception e) { + Log.e("TorSettings", "bundle access error: " + e.toString(), e); } + } - public GeckoBundle asGeckoBundle() { - GeckoBundle bundle = new GeckoBundle(); + public GeckoBundle asGeckoBundle() { + GeckoBundle bundle = new GeckoBundle(); - GeckoBundle qs = new GeckoBundle(); - GeckoBundle bridges = new GeckoBundle(); - GeckoBundle proxy = new GeckoBundle(); - GeckoBundle firewall = new GeckoBundle(); + GeckoBundle qs = new GeckoBundle(); + GeckoBundle bridges = new GeckoBundle(); + GeckoBundle proxy = new GeckoBundle(); + GeckoBundle firewall = new GeckoBundle(); - bridges.putBoolean("enabled", bridgesEnabled); - bridges.putInt("source", bridgesSource.toInt()); - bridges.putString("builtin_type", bridgesBuiltinType.toString()); - bridges.putStringArray("bridge_strings", bridgeBridgeStrings); + bridges.putBoolean("enabled", bridgesEnabled); + bridges.putInt("source", bridgesSource.toInt()); + bridges.putString("builtin_type", bridgesBuiltinType.toString()); + bridges.putStringArray("bridge_strings", bridgeBridgeStrings); - qs.putBoolean("enabled", quickstart); + qs.putBoolean("enabled", quickstart); - firewall.putBoolean("enabled", firewallEnabled); - firewall.putIntArray("allowed_ports", firewallAllowedPorts); + firewall.putBoolean("enabled", firewallEnabled); + firewall.putIntArray("allowed_ports", firewallAllowedPorts); - proxy.putBoolean("enabled", proxyEnabled); - proxy.putString("address", proxyAddress); - proxy.putString("username", proxyUsername); - proxy.putString("password", proxyPassword); - proxy.putInt("port", proxyPort); - proxy.putInt("type", proxyType.toInt()); + proxy.putBoolean("enabled", proxyEnabled); + proxy.putString("address", proxyAddress); + proxy.putString("username", proxyUsername); + proxy.putString("password", proxyPassword); + proxy.putInt("port", proxyPort); + proxy.putInt("type", proxyType.toInt()); - bundle.putBundle("quickstart", qs); - bundle.putBundle("bridges", bridges); - bundle.putBundle("proxy", proxy); - bundle.putBundle("firewall", firewall); + bundle.putBundle("quickstart", qs); + bundle.putBundle("bridges", bridges); + bundle.putBundle("proxy", proxy); + bundle.putBundle("firewall", firewall); - return bundle; - } + return bundle; + } - public boolean isLoaded() { - return this.loaded; - } + public boolean isLoaded() { + return this.loaded; + } } ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java ===================================== @@ -49,9 +49,7 @@ public class WebRequest extends WebMessage { /** The value of the Referer header for this request. */ public final @Nullable String referrer; - /** - * The value of the origin of this request. - */ + /** The value of the origin of this request. */ public final @Nullable String origin; @Retention(RetentionPolicy.SOURCE) @@ -248,10 +246,10 @@ public class WebRequest extends WebMessage { * @param origin A URI String * @return This Builder instance. */ - public @NonNull Builder origin(final @Nullable String origin) { - mOrigin = origin; - return this; - } + public @NonNull Builder origin(final @Nullable String origin) { + mOrigin = origin; + return this; + } /** * @return A {@link WebRequest} constructed with the values from this Builder instance. ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/androidlegacysettings/Prefs.java ===================================== @@ -2,71 +2,68 @@ package org.mozilla.geckoview.androidlegacysettings; import android.content.Context; import android.content.SharedPreferences; -import org.mozilla.gecko.GeckoAppShell; - import java.util.Locale; +import org.mozilla.gecko.GeckoAppShell; // tor-android-service utils/Prefs.java /* package */ class Prefs { - private final static String PREF_BRIDGES_ENABLED = "pref_bridges_enabled"; - private final static String PREF_BRIDGES_LIST = "pref_bridges_list"; + private static final String PREF_BRIDGES_ENABLED = "pref_bridges_enabled"; + private static final String PREF_BRIDGES_LIST = "pref_bridges_list"; - private static SharedPreferences prefs; + private static SharedPreferences prefs; - // OrbotConstants - private final static String PREF_TOR_SHARED_PREFS = "org.torproject.android_preferences"; + // OrbotConstants + private static final String PREF_TOR_SHARED_PREFS = "org.torproject.android_preferences"; + // tor-android-service utils/TorServiceUtil.java - // tor-android-service utils/TorServiceUtil.java - - private static void setContext() { - if (prefs == null) { - prefs = GeckoAppShell.getApplicationContext().getSharedPreferences(PREF_TOR_SHARED_PREFS, - Context.MODE_MULTI_PROCESS); - } + private static void setContext() { + if (prefs == null) { + prefs = + GeckoAppShell.getApplicationContext() + .getSharedPreferences(PREF_TOR_SHARED_PREFS, Context.MODE_MULTI_PROCESS); } - - public static boolean getBoolean(String key, boolean def) { - setContext(); - return prefs.getBoolean(key, def); - } - - public static void putBoolean(String key, boolean value) { - setContext(); - prefs.edit().putBoolean(key, value).apply(); - } - - public static void putString(String key, String value) { - setContext(); - prefs.edit().putString(key, value).apply(); + } + + public static boolean getBoolean(String key, boolean def) { + setContext(); + return prefs.getBoolean(key, def); + } + + public static void putBoolean(String key, boolean value) { + setContext(); + prefs.edit().putBoolean(key, value).apply(); + } + + public static void putString(String key, String value) { + setContext(); + prefs.edit().putString(key, value).apply(); + } + + public static String getString(String key, String def) { + setContext(); + return prefs.getString(key, def); + } + + public static boolean bridgesEnabled() { + setContext(); + // for Locale.getDefault().getLanguage().equals("fa"), bridges were enabled by default (and + // it was meek). This was a default set in 2019 code, but it is not a good default anymore, + // so we removed the check. + return prefs.getBoolean(PREF_BRIDGES_ENABLED, false); + } + + public static String getBridgesList() { + setContext(); + String list = prefs.getString(PREF_BRIDGES_LIST, ""); + // list might be empty if the default PT was used, so check also if bridges are enabled. + if (list.isEmpty() && prefs.getBoolean(PREF_BRIDGES_ENABLED, false)) { + // Even though the check on the fa locale is not good to enable bridges by default, we + // still check it here, because if the list was empty, it was likely that it was the + // choice for users with this locale. + return (Locale.getDefault().getLanguage().equals("fa")) ? "meek" : "obfs4"; } - - public static String getString(String key, String def) { - setContext(); - return prefs.getString(key, def); - } - - public static boolean bridgesEnabled() { - setContext(); - // for Locale.getDefault().getLanguage().equals("fa"), bridges were enabled by default (and - // it was meek). This was a default set in 2019 code, but it is not a good default anymore, - // so we removed the check. - return prefs.getBoolean(PREF_BRIDGES_ENABLED, false); - } - - public static String getBridgesList() { - setContext(); - String list = prefs.getString(PREF_BRIDGES_LIST, ""); - // list might be empty if the default PT was used, so check also if bridges are enabled. - if (list.isEmpty() && prefs.getBoolean(PREF_BRIDGES_ENABLED, false)) { - // Even though the check on the fa locale is not good to enable bridges by default, we - // still check it here, because if the list was empty, it was likely that it was the - // choice for users with this locale. - return (Locale.getDefault().getLanguage().equals("fa")) ? "meek": "obfs4"; - } - return list; - } - - + return list; + } } ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/androidlegacysettings/TorLegacyAndroidSettings.java ===================================== @@ -4,70 +4,71 @@ import org.mozilla.geckoview.TorSettings; public class TorLegacyAndroidSettings { - private static String PREF_USE_MOZ_PREFS = "tor_use_moz_prefs"; + private static String PREF_USE_MOZ_PREFS = "tor_use_moz_prefs"; - public static boolean unmigrated() { - return !Prefs.getBoolean(PREF_USE_MOZ_PREFS, false); - } + public static boolean unmigrated() { + return !Prefs.getBoolean(PREF_USE_MOZ_PREFS, false); + } - public static void setUnmigrated() { - Prefs.putBoolean(PREF_USE_MOZ_PREFS, false); - } + public static void setUnmigrated() { + Prefs.putBoolean(PREF_USE_MOZ_PREFS, false); + } - public static void setMigrated() { - Prefs.putBoolean(PREF_USE_MOZ_PREFS, true); - } + public static void setMigrated() { + Prefs.putBoolean(PREF_USE_MOZ_PREFS, true); + } - public static TorSettings loadTorSettings() { - TorSettings settings = new TorSettings(); + public static TorSettings loadTorSettings() { + TorSettings settings = new TorSettings(); - // always true, tor is enabled in TB - settings.enabled = true; + // always true, tor is enabled in TB + settings.enabled = true; - // firefox-android disconnected quick start a while ago so it's untracked - settings.quickstart = false; + // firefox-android disconnected quick start a while ago so it's untracked + settings.quickstart = false; - settings.bridgesEnabled = Prefs.bridgesEnabled(); + settings.bridgesEnabled = Prefs.bridgesEnabled(); - // tor-android-service CustomTorInstaller.java -/* - BridgesList is an overloaded field, which can cause some confusion. - The list can be: - 1) a filter like obfs4, meek, or snowflake OR - 2) it can be a custom bridge - For (1), we just pass back all bridges, the filter will occur - elsewhere in the library. - For (2) we return the bridge list as a raw stream. - If length is greater than 9, then we know this is a custom bridge - */ - String userDefinedBridgeList = Prefs.getBridgesList(); - boolean userDefinedBridge = userDefinedBridgeList.length() > 9; - // Terrible hack. Must keep in sync with topl::addBridgesFromResources. - if (!userDefinedBridge) { - settings.bridgesSource = TorSettings.BridgeSource.BuiltIn; - switch (userDefinedBridgeList) { - case "obfs4": - case "snowflake": - settings.bridgesBuiltinType = TorSettings.BridgeBuiltinType.fromString(userDefinedBridgeList); - break; - case "meek": - settings.bridgesBuiltinType = TorSettings.BridgeBuiltinType.MeekAzure; - break; - default: - settings.bridgesSource = TorSettings.BridgeSource.Invalid; - break; - } - } else { - settings.bridgesSource = TorSettings.BridgeSource.UserProvided; // user provided - settings.bridgeBridgeStrings = userDefinedBridgeList.split("\r\n"); - } + // tor-android-service CustomTorInstaller.java + /* + BridgesList is an overloaded field, which can cause some confusion. + The list can be: + 1) a filter like obfs4, meek, or snowflake OR + 2) it can be a custom bridge + For (1), we just pass back all bridges, the filter will occur + elsewhere in the library. + For (2) we return the bridge list as a raw stream. + If length is greater than 9, then we know this is a custom bridge + */ + String userDefinedBridgeList = Prefs.getBridgesList(); + boolean userDefinedBridge = userDefinedBridgeList.length() > 9; + // Terrible hack. Must keep in sync with topl::addBridgesFromResources. + if (!userDefinedBridge) { + settings.bridgesSource = TorSettings.BridgeSource.BuiltIn; + switch (userDefinedBridgeList) { + case "obfs4": + case "snowflake": + settings.bridgesBuiltinType = + TorSettings.BridgeBuiltinType.fromString(userDefinedBridgeList); + break; + case "meek": + settings.bridgesBuiltinType = TorSettings.BridgeBuiltinType.MeekAzure; + break; + default: + settings.bridgesSource = TorSettings.BridgeSource.Invalid; + break; + } + } else { + settings.bridgesSource = TorSettings.BridgeSource.UserProvided; // user provided + settings.bridgeBridgeStrings = userDefinedBridgeList.split("\r\n"); + } - // Tor Browser Android doesn't take proxy and firewall settings - settings.proxyEnabled = false; + // Tor Browser Android doesn't take proxy and firewall settings + settings.proxyEnabled = false; - settings.firewallEnabled = false; - settings.firewallAllowedPorts = new int[0]; + settings.firewallEnabled = false; + settings.firewallAllowedPorts = new int[0]; - return settings; - } + return settings; + } } ===================================== toolkit/modules/DomainFrontedRequests.sys.mjs ===================================== @@ -444,7 +444,7 @@ export class DomainFrontRequestBuilder { async init(reflector, front) { if (this.#inited) { - throw new Error("MoatRPC: Already initialized"); + throw new Error("DomainFrontRequestBuilder: Already initialized"); } const meekTransport = @@ -464,7 +464,7 @@ export class DomainFrontRequestBuilder { buildHttpHandler(uriString) { if (!this.#inited) { - throw new Error("MoatRPC: Not initialized"); + throw new Error("DomainFrontRequestBuilder: Not initialized"); } const { proxyType, proxyAddress, proxyPort, proxyUsername, proxyPassword } = ===================================== toolkit/modules/Moat.sys.mjs ===================================== @@ -119,7 +119,7 @@ export class MoatRPC { ch.requestMethod = "HEAD"; const listener = new InternetTestResponseListener(); - await ch.asyncOpen(listener, ch); + ch.asyncOpen(listener, ch); return listener.status; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/70283a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/70283a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] release: new version, 14.0.1
by morgan (＠morgan) 29 Oct '24

29 Oct '24

morgan pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: f089903f by Morgan at 2024-10-29T16:02:23+00:00 release: new version, 14.0.1 - - - - - 30 changed files: - update_3/release/.htaccess - − update_3/release/13.5.5-14.0+13.5.7-linux-i686-ALL.xml - − update_3/release/13.5.5-14.0+13.5.7-linux-x86_64-ALL.xml - − update_3/release/13.5.5-14.0+13.5.7-macos-ALL.xml - − update_3/release/13.5.5-14.0+13.5.7-windows-i686-ALL.xml - − update_3/release/13.5.5-14.0+13.5.7-windows-x86_64-ALL.xml - + update_3/release/13.5.5-14.0.1+13.5.9-linux-i686-ALL.xml - + update_3/release/13.5.5-14.0.1+13.5.9-linux-x86_64-ALL.xml - + update_3/release/13.5.5-14.0.1+13.5.9-macos-ALL.xml - + update_3/release/13.5.5-14.0.1+13.5.9-windows-i686-ALL.xml - + update_3/release/13.5.5-14.0.1+13.5.9-windows-x86_64-ALL.xml - − update_3/release/13.5.6-14.0+13.5.7-linux-i686-ALL.xml - − update_3/release/13.5.6-14.0+13.5.7-linux-x86_64-ALL.xml - − update_3/release/13.5.6-14.0+13.5.7-macos-ALL.xml - − update_3/release/13.5.6-14.0+13.5.7-windows-i686-ALL.xml - − update_3/release/13.5.6-14.0+13.5.7-windows-x86_64-ALL.xml - + update_3/release/13.5.6-14.0.1+13.5.9-linux-i686-ALL.xml - + update_3/release/13.5.6-14.0.1+13.5.9-linux-x86_64-ALL.xml - + update_3/release/13.5.6-14.0.1+13.5.9-macos-ALL.xml - + update_3/release/13.5.6-14.0.1+13.5.9-windows-i686-ALL.xml - + update_3/release/13.5.6-14.0.1+13.5.9-windows-x86_64-ALL.xml - − update_3/release/13.5.7-14.0+13.5.7-linux-i686-ALL.xml - − update_3/release/13.5.7-14.0+13.5.7-linux-x86_64-ALL.xml - − update_3/release/13.5.7-14.0+13.5.7-macos-ALL.xml - − update_3/release/13.5.7-14.0+13.5.7-windows-i686-ALL.xml - − update_3/release/13.5.7-14.0+13.5.7-windows-x86_64-ALL.xml - + update_3/release/13.5.7-14.0.1+13.5.9-linux-i686-ALL.xml - + update_3/release/13.5.7-14.0.1+13.5.9-linux-x86_64-ALL.xml - + update_3/release/13.5.7-14.0.1+13.5.9-macos-ALL.xml - + update_3/release/13.5.7-14.0.1+13.5.9-windows-i686-ALL.xml The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 43140 (TB): Move fonts.conf to tor-browser.git.
by Pier Angelo Vendrame (＠pierov) 29 Oct '24

29 Oct '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 5e8a98b8 by Pier Angelo Vendrame at 2024-10-29T14:58:33+01:00 Bug 43140 (TB): Move fonts.conf to tor-browser.git. The lack of fonts.conf cannot be handled only with Firefox preferences, therefore we decided to move the configuration files to the browser repository. This will partially mitigate the fingerprint differences of users that do not start the browser in the correct way. - - - - - 3 changed files: - − projects/browser/Bundle-Data/linux/Data/fontconfig/fonts.conf - projects/browser/RelativeLink/start-browser - projects/browser/build Changes: ===================================== projects/browser/Bundle-Data/linux/Data/fontconfig/fonts.conf deleted ===================================== @@ -1,183 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE fontconfig SYSTEM "fonts.dtd"> - - -<fontconfig> - - - - <dir prefix="cwd">fonts</dir> - - - <match target="pattern"> - <test qual="any" name="family"> - <string>mono</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>monospace</string> - </edit> - </match> - - - <match target="pattern"> - <test qual="any" name="family"> - <string>sans serif</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>sans-serif</string> - </edit> - </match> - - - <match target="pattern"> - <test qual="any" name="family"> - <string>sans</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>sans-serif</string> - </edit> - </match> - - - <match target="pattern"> - <test qual="any" name="family"> - <string>sans-serif</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Arimo</string> - </edit> - </match> - <match target="pattern"> - <test qual="any" name="family"> - <string>serif</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Tinos</string> - </edit> - </match> - <match target="pattern"> - <test qual="any" name="family"> - <string>monospace</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Cousine</string> - </edit> - </match> - - - <match target="pattern"> - <test qual="any" name="family"> - <string>Arial</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Arimo</string> - </edit> - </match> - <match target="pattern"> - <test qual="any" name="family"> - <string>Times New Roman</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Tinos</string> - </edit> - </match> - <match target="pattern"> - <test qual="any" name="family"> - <string>Courier New</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Cousine</string> - </edit> - </match> - <match target="pattern"> - <test qual="any" name="family"> - <string>Helvetica</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Arimo</string> - </edit> - </match> - <match target="pattern"> - <test qual="any" name="family"> - <string>Times</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Tinos</string> - </edit> - </match> - <match target="pattern"> - <test qual="any" name="family"> - <string>Courier</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Cousine</string> - </edit> - </match> - - - - <cachedir prefix="xdg">fontconfig</cachedir> - - <config> - - <rescan> - <int>30</int> - </rescan> - </config> - -  - <match target="pattern"> - <edit name="antialias" mode="assign"><bool>true</bool></edit> - <edit name="autohint" mode="assign"><bool>false</bool></edit> - <edit name="hinting" mode="assign"><bool>true</bool></edit> - <edit name="hintstyle" mode="assign"><const>hintfull</const></edit> - <edit name="lcdfilter" mode="assign"><const>lcddefault</const></edit> - <edit name="rgba" mode="assign"><const>none</const></edit> - </match> -</fontconfig> ===================================== projects/browser/RelativeLink/start-browser ===================================== @@ -376,19 +376,6 @@ TOR_CONTROL_PASSWD environment variable." setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'} [% END -%] -# Set up custom bundled fonts. See fonts-conf(5). -export FONTCONFIG_PATH="$browser_dir/fontconfig" -export FONTCONFIG_FILE="fonts.conf" -[% # tor-browser#41776: We cannot make the updater remove this file. - # So, let's remove it on this script, since we know that at this point the - # browser will not need it anymore. - # Remove once we do a watershed release. - -%] -[% IF c("var/tor-browser") -%] -# Old fontconfig directory, not needed anymore -rm -Rf "${HOME}/TorBrowser/Data/fontconfig" -[% END -%] - # Avoid overwriting user's dconf values. Fixes #27903. export GSETTINGS_BACKEND=memory ===================================== projects/browser/build ===================================== @@ -221,19 +221,6 @@ tar -C "${TB_STAGE_DIR}" -xf [% c('input_files_by_name/firefox') %]/browser.tar. for tbdir in "${TBDIRS[@]}" do - [% IF c("var/linux") -%] - mv Bundle-Data/linux/Data/fontconfig "$tbdir/" - [% IF c("var/tor-browser") -%] - # tor-browser#41776: We cannot remove the old fontconfig file with the - # updater. So, let's keep it for the mar generation, but remove it from - # new packages. - # Remove once we do a watershed release. - oldfontconfig="$tbdir/TorBrowser/Data/fontconfig" - mkdir -p $oldfontconfig - cp "$tbdir/fontconfig/fonts.conf" "$oldfontconfig/" - [% END -%] - [% END -%] - mkdir -p "$tbdir/$DOCSPATH" cp -a Bundle-Data/Docs/* "$tbdir/$DOCSPATH" [% IF c("var/tor-browser") -%] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.4.0esr-14.5-1] amend! Bug 41043: Hardcode the UI font on Linux
by Pier Angelo Vendrame (＠pierov) 29 Oct '24

29 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 4e14cbf3 by Pier Angelo Vendrame at 2024-10-29T14:56:34+01:00 amend! Bug 41043: Hardcode the UI font on Linux Bug 43140: Tighten up fonts on Linux. We ship a fontconfig configuration to esnure all Linux users have the same defaults and reduce the chances of fingerprinting. We used to add this file in tor-browser-build, but some users might skip it by using the browser executable without the wrapper script. Therefore, we decided to activate the file with the FontConfig API instead of the environment variables. Bug 41043: Hardcode the UI font on Linux The mechanism to choose the UI font does not play well with our fontconfig configuration. As a result, the final criterion to choose the font for the UI was its version. Since we hardcode Arimo as a default sans-serif on preferences, we use it also for the UI. FontConfig will fall back to some other font for scripts Arimo does not cover as expected (we tested with Japanese). Bug 43141: Hardcode system-ui to Arimo. - - - - - 3 changed files: - + browser/fonts/fonts.conf - browser/fonts/moz.build - gfx/thebes/gfxFcPlatformFontList.cpp Changes: ===================================== browser/fonts/fonts.conf ===================================== @@ -0,0 +1,183 @@ +<?xml version="1.0"?> +<!DOCTYPE fontconfig SYSTEM "fonts.dtd"> + + +<fontconfig> + + + + <dir prefix="cwd">fonts</dir> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>mono</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>monospace</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>sans-serif</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>sans-serif</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans-serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>monospace</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>Arial</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Times New Roman</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Courier New</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Helvetica</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Times</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Courier</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + + + + <cachedir prefix="xdg">fontconfig</cachedir> + + <config> + + <rescan> + <int>30</int> + </rescan> + </config> + +  + <match target="pattern"> + <edit name="antialias" mode="assign"><bool>true</bool></edit> + <edit name="autohint" mode="assign"><bool>false</bool></edit> + <edit name="hinting" mode="assign"><bool>true</bool></edit> + <edit name="hintstyle" mode="assign"><const>hintfull</const></edit> + <edit name="lcdfilter" mode="assign"><const>lcddefault</const></edit> + <edit name="rgba" mode="assign"><const>none</const></edit> + </match> +</fontconfig> ===================================== browser/fonts/moz.build ===================================== @@ -7,3 +7,6 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] in ("windows", "gtk"): DIST_SUBDIR = "" FINAL_TARGET_FILES.fonts += ["TwemojiMozilla.ttf"] + +if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk": + FINAL_TARGET_FILES.fonts += ["fonts.conf"] ===================================== gfx/thebes/gfxFcPlatformFontList.cpp ===================================== @@ -1352,12 +1352,39 @@ bool gfxFontconfigFont::ShouldHintMetrics() const { return !GetStyle()->printerFont; } +static nsresult SetFontconfigConfigFile() { + nsCOMPtr<nsIProperties> dirSvc( + do_GetService("@mozilla.org/file/directory_service;1")); + NS_ENSURE_TRUE(dirSvc, NS_ERROR_NOT_AVAILABLE); + nsCOMPtr<nsIFile> appFile, confFile; + nsresult rv = dirSvc->Get(XRE_EXECUTABLE_FILE, NS_GET_IID(nsIFile), + getter_AddRefs(appFile)); + NS_ENSURE_SUCCESS(rv, rv); + rv = appFile->GetParent(getter_AddRefs(confFile)); + NS_ENSURE_SUCCESS(rv, rv); + rv = confFile->AppendNative("fonts"_ns); + NS_ENSURE_SUCCESS(rv, rv); + rv = confFile->AppendNative("fonts.conf"_ns); + NS_ENSURE_SUCCESS(rv, rv); + + nsAutoCString confPath; + rv = confFile->GetNativePath(confPath); + if (setenv("FONTCONFIG_FILE", confPath.BeginReading(), 1) != 0) { + return NS_ERROR_FAILURE; + } + return NS_OK; +} + gfxFcPlatformFontList::gfxFcPlatformFontList() : mLocalNames(64), mGenericMappings(32), mFcSubstituteCache(64), mLastConfig(nullptr), mAlwaysUseFontconfigGenerics(true) { + if (NS_FAILED(SetFontconfigConfigFile())) { + NS_WARNING("Failed to set the fontconfig config file!"); + } + CheckFamilyList(kBaseFonts_Ubuntu_22_04); CheckFamilyList(kLangFonts_Ubuntu_22_04); CheckFamilyList(kBaseFonts_Ubuntu_20_04); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/4e1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/4e1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.4.0esr-14.5-1] amend! Bug 41043: Hardcode the UI font on Linux
by Pier Angelo Vendrame (＠pierov) 29 Oct '24

29 Oct '24

Pier Angelo Vendrame pushed to branch base-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 3975e76c by Pier Angelo Vendrame at 2024-10-29T14:55:53+01:00 amend! Bug 41043: Hardcode the UI font on Linux Bug 43140: Tighten up fonts on Linux. We ship a fontconfig configuration to esnure all Linux users have the same defaults and reduce the chances of fingerprinting. We used to add this file in tor-browser-build, but some users might skip it by using the browser executable without the wrapper script. Therefore, we decided to activate the file with the FontConfig API instead of the environment variables. Bug 41043: Hardcode the UI font on Linux The mechanism to choose the UI font does not play well with our fontconfig configuration. As a result, the final criterion to choose the font for the UI was its version. Since we hardcode Arimo as a default sans-serif on preferences, we use it also for the UI. FontConfig will fall back to some other font for scripts Arimo does not cover as expected (we tested with Japanese). Bug 43141: Hardcode system-ui to Arimo. - - - - - 3 changed files: - + browser/fonts/fonts.conf - browser/fonts/moz.build - gfx/thebes/gfxFcPlatformFontList.cpp Changes: ===================================== browser/fonts/fonts.conf ===================================== @@ -0,0 +1,183 @@ +<?xml version="1.0"?> +<!DOCTYPE fontconfig SYSTEM "fonts.dtd"> + + +<fontconfig> + + + + <dir prefix="cwd">fonts</dir> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>mono</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>monospace</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>sans-serif</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>sans-serif</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans-serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>monospace</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>Arial</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Times New Roman</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Courier New</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Helvetica</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Times</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Courier</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + + + + <cachedir prefix="xdg">fontconfig</cachedir> + + <config> + + <rescan> + <int>30</int> + </rescan> + </config> + +  + <match target="pattern"> + <edit name="antialias" mode="assign"><bool>true</bool></edit> + <edit name="autohint" mode="assign"><bool>false</bool></edit> + <edit name="hinting" mode="assign"><bool>true</bool></edit> + <edit name="hintstyle" mode="assign"><const>hintfull</const></edit> + <edit name="lcdfilter" mode="assign"><const>lcddefault</const></edit> + <edit name="rgba" mode="assign"><const>none</const></edit> + </match> +</fontconfig> ===================================== browser/fonts/moz.build ===================================== @@ -7,3 +7,6 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] in ("windows", "gtk"): DIST_SUBDIR = "" FINAL_TARGET_FILES.fonts += ["TwemojiMozilla.ttf"] + +if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk": + FINAL_TARGET_FILES.fonts += ["fonts.conf"] ===================================== gfx/thebes/gfxFcPlatformFontList.cpp ===================================== @@ -1352,12 +1352,39 @@ bool gfxFontconfigFont::ShouldHintMetrics() const { return !GetStyle()->printerFont; } +static nsresult SetFontconfigConfigFile() { + nsCOMPtr<nsIProperties> dirSvc( + do_GetService("@mozilla.org/file/directory_service;1")); + NS_ENSURE_TRUE(dirSvc, NS_ERROR_NOT_AVAILABLE); + nsCOMPtr<nsIFile> appFile, confFile; + nsresult rv = dirSvc->Get(XRE_EXECUTABLE_FILE, NS_GET_IID(nsIFile), + getter_AddRefs(appFile)); + NS_ENSURE_SUCCESS(rv, rv); + rv = appFile->GetParent(getter_AddRefs(confFile)); + NS_ENSURE_SUCCESS(rv, rv); + rv = confFile->AppendNative("fonts"_ns); + NS_ENSURE_SUCCESS(rv, rv); + rv = confFile->AppendNative("fonts.conf"_ns); + NS_ENSURE_SUCCESS(rv, rv); + + nsAutoCString confPath; + rv = confFile->GetNativePath(confPath); + if (setenv("FONTCONFIG_FILE", confPath.BeginReading(), 1) != 0) { + return NS_ERROR_FAILURE; + } + return NS_OK; +} + gfxFcPlatformFontList::gfxFcPlatformFontList() : mLocalNames(64), mGenericMappings(32), mFcSubstituteCache(64), mLastConfig(nullptr), mAlwaysUseFontconfigGenerics(true) { + if (NS_FAILED(SetFontconfigConfigFile())) { + NS_WARNING("Failed to set the fontconfig config file!"); + } + CheckFamilyList(kBaseFonts_Ubuntu_22_04); CheckFamilyList(kLangFonts_Ubuntu_22_04); CheckFamilyList(kBaseFonts_Ubuntu_20_04); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3975e76… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3975e76… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.4.0esr-14.5-1] 2 commits: amend! Bug 41043: Hardcode the UI font on Linux
by Pier Angelo Vendrame (＠pierov) 29 Oct '24

29 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 7fdefc8e by Pier Angelo Vendrame at 2024-10-25T01:13:30+00:00 amend! Bug 41043: Hardcode the UI font on Linux Bug 43140: Tighten up fonts on Linux. We ship a fontconfig configuration to esnure all Linux users have the same defaults and reduce the chances of fingerprinting. We used to add this file in tor-browser-build, but some users might skip it by using the browser executable without the wrapper script. Therefore, we decided to activate the file with the FontConfig API instead of the environment variables. Bug 41043: Hardcode the UI font on Linux The mechanism to choose the UI font does not play well with our fontconfig configuration. As a result, the final criterion to choose the font for the UI was its version. Since we hardcode Arimo as a default sans-serif on preferences, we use it also for the UI. FontConfig will fall back to some other font for scripts Arimo does not cover as expected (we tested with Japanese). Bug 43141: Hardcode system-ui to Arimo. - - - - - 70283a2f by Pier Angelo Vendrame at 2024-10-28T09:11:14+01:00 fixup! Bug 41668: Tweaks to the Base Browser updater for Tor Browser Bug 41786: Remove the add_if command we added for fontconfig. We do not need it anymore, as we had the watershed update and, in any case, we are movign the fonts.conf in tor-browser.git. - - - - - 6 changed files: - + browser/fonts/fonts.conf - browser/fonts/moz.build - gfx/thebes/gfxFcPlatformFontList.cpp - tools/update-packaging/common.sh - tools/update-packaging/make_full_update.sh - tools/update-packaging/make_incremental_update.sh Changes: ===================================== browser/fonts/fonts.conf ===================================== @@ -0,0 +1,183 @@ +<?xml version="1.0"?> +<!DOCTYPE fontconfig SYSTEM "fonts.dtd"> + + +<fontconfig> + + + + <dir prefix="cwd">fonts</dir> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>mono</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>monospace</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>sans-serif</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>sans-serif</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans-serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>monospace</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>Arial</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Times New Roman</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Courier New</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Helvetica</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Times</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Courier</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + + + + <cachedir prefix="xdg">fontconfig</cachedir> + + <config> + + <rescan> + <int>30</int> + </rescan> + </config> + +  + <match target="pattern"> + <edit name="antialias" mode="assign"><bool>true</bool></edit> + <edit name="autohint" mode="assign"><bool>false</bool></edit> + <edit name="hinting" mode="assign"><bool>true</bool></edit> + <edit name="hintstyle" mode="assign"><const>hintfull</const></edit> + <edit name="lcdfilter" mode="assign"><const>lcddefault</const></edit> + <edit name="rgba" mode="assign"><const>none</const></edit> + </match> +</fontconfig> ===================================== browser/fonts/moz.build ===================================== @@ -7,3 +7,6 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] in ("windows", "gtk"): DIST_SUBDIR = "" FINAL_TARGET_FILES.fonts += ["TwemojiMozilla.ttf"] + +if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk": + FINAL_TARGET_FILES.fonts += ["fonts.conf"] ===================================== gfx/thebes/gfxFcPlatformFontList.cpp ===================================== @@ -1352,12 +1352,39 @@ bool gfxFontconfigFont::ShouldHintMetrics() const { return !GetStyle()->printerFont; } +static nsresult SetFontconfigConfigFile() { + nsCOMPtr<nsIProperties> dirSvc( + do_GetService("@mozilla.org/file/directory_service;1")); + NS_ENSURE_TRUE(dirSvc, NS_ERROR_NOT_AVAILABLE); + nsCOMPtr<nsIFile> appFile, confFile; + nsresult rv = dirSvc->Get(XRE_EXECUTABLE_FILE, NS_GET_IID(nsIFile), + getter_AddRefs(appFile)); + NS_ENSURE_SUCCESS(rv, rv); + rv = appFile->GetParent(getter_AddRefs(confFile)); + NS_ENSURE_SUCCESS(rv, rv); + rv = confFile->AppendNative("fonts"_ns); + NS_ENSURE_SUCCESS(rv, rv); + rv = confFile->AppendNative("fonts.conf"_ns); + NS_ENSURE_SUCCESS(rv, rv); + + nsAutoCString confPath; + rv = confFile->GetNativePath(confPath); + if (NS_WARN_IF(setenv("FONTCONFIG_FILE", confPath.BeginReading(), 1) != 0)) { + return NS_ERROR_FAILURE; + } + return NS_OK; +} + gfxFcPlatformFontList::gfxFcPlatformFontList() : mLocalNames(64), mGenericMappings(32), mFcSubstituteCache(64), mLastConfig(nullptr), mAlwaysUseFontconfigGenerics(true) { + if (NS_FAILED(SetFontconfigConfigFile())) { + NS_WARNING("Failed to set the fontconfig config file!"); + } + CheckFamilyList(kBaseFonts_Ubuntu_22_04); CheckFamilyList(kLangFonts_Ubuntu_22_04); CheckFamilyList(kBaseFonts_Ubuntu_20_04); ===================================== tools/update-packaging/common.sh ===================================== @@ -115,28 +115,6 @@ make_add_if_not_instruction() { echo "add-if-not \"$f\" \"$f\"" >> "$filev3" } -check_for_add_if_update() { - add_if_file_chk="$1" - - # tor-browser#41776: We will remove with the old fontconfig file manually - # outside the update process. So, let the updater add the file if there. - # TODO: Remove once we do a watershed release. - if [ "$add_if_file_chk" = "TorBrowser/Data/fontconfig/fonts.conf" ]; then - ## "true" *giggle* - return 0; - fi - ## 'false'... because this is bash. Oh yay! - return 1; -} - -make_add_if_instruction() { - f="$1" - filev3="$2" - - verbose_notice " add-if \"$f\" \"$f\"" - echo "add-if \"$f\" \"$f\"" >> "$filev3" -} - make_addsymlink_instruction() { link="$1" target="$2" ===================================== tools/update-packaging/make_full_update.sh ===================================== @@ -106,9 +106,6 @@ for ((i=0; $i<$num_files; i=$i+1)); do if check_for_add_if_not_update "$f"; then make_add_if_not_instruction "$f" "$updatemanifestv3" - elif check_for_add_if_update "$f"; then - # TODO: Remove once we do a watershed release - make_add_if_instruction "$f" "$updatemanifestv3" else make_add_instruction "$f" "$updatemanifestv3" fi ===================================== tools/update-packaging/make_incremental_update.sh ===================================== @@ -216,17 +216,6 @@ for ((i=0; $i<$num_oldfiles; i=$i+1)); do continue 1 fi - if check_for_add_if_update "$f"; then - # TODO: Remove once we do a watershed release - # The full workdir may not exist yet, so create it if necessary. - mkdir -p `dirname "$workdir/$f"` - $XZ $XZ_OPT --compress $BCJ_OPTIONS --lzma2 --format=xz --check=crc64 --force --stdout "$newdir/$f" > "$workdir/$f" - copy_perm "$newdir/$f" "$workdir/$f" - make_add_if_instruction "$f" "$updatemanifestv3" - archivefiles="$archivefiles \"$f\"" - continue 1 - fi - if check_for_forced_update "$requested_forced_updates" "$f"; then # The full workdir may not exist yet, so create it if necessary. mkdir -p "$(dirname "$workdir/$f")" @@ -335,9 +324,6 @@ for ((i=0; $i<$num_newfiles; i=$i+1)); do if check_for_add_if_not_update "$f"; then make_add_if_not_instruction "$f" "$updatemanifestv3" - elif check_for_add_if_update "$f"; then - # TODO: Remove once we do a watershed release - make_add_if_instruction "$f" "$updatemanifestv3" else make_add_instruction "$f" "$updatemanifestv3" fi View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/cc1f52… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/cc1f52… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Update Release Prep templates:
by morgan (＠morgan) 29 Oct '24

29 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 2e260b97 by Morgan at 2024-10-29T01:34:46+00:00 Update Release Prep templates: - no 'legacy' rule for website (as legacy bins will only be available on dist.torproject.org) - we make a blog post for legacy channel, but no website update - - - - - 3 changed files: - .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md - .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md - .gitlab/issue_templates/Release Prep - Tor Browser Stable.md Changes: ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md ===================================== @@ -152,10 +152,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch - [ ] `databags/versions.ini`: Update the downloads versions - `torbrowser-stable/version`: catch-all for latest stable version - `torbrowser-alpha/version`: catch-all for latest alpha version - - `torbrowser-legacy/version`: catch-all for latest ESR-115 version - `torbrowser-*-stable/version`: platform-specific stable versions - `torbrowser-*-alpha/version`: platform-specific alpha versions - - `torbrowser-*-legacy/version`: platform-specific legacy versions - [ ] Push to origin as new branch and create MR - [ ] Review - [ ] Merge ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md ===================================== @@ -141,16 +141,12 @@ Tor Browser Legacy is on the `maint-13.5` branch <details> <summary>Website</summary> - ### downloads: https://gitlab.torproject.org/tpo/web/tpo.git - - [ ] `databags/versions.ini`: Update the downloads versions - - `torbrowser-stable/version`: catch-all for latest stable version - - `torbrowser-alpha/version`: catch-all for latest alpha version - - `torbrowser-legacy/version`: catch-all for latest ESR-115 version - - `torbrowser-*-stable/version`: platform-specific stable versions - - `torbrowser-*-alpha/version`: platform-specific alpha versions - - `torbrowser-*-legacy/version`: platform-specific legacy versions - - `tor-stable`,`tor-alpha`: set by tor devs, do not touch - - [ ] Push to origin as new branch and create MR + ### blog: https://gitlab.torproject.org/tpo/web/blog.git + - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory) + - [ ] Note any ESR update + - [ ] Thank any users which have contributed patches + - [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc + - [ ] Push to origin as new branch and open MR - [ ] Review - [ ] Merge - **⚠️ WARNING**: Do not deploy yet! @@ -232,7 +228,7 @@ popd ```bash static-update-component cdn.torproject.org && static-update-component dist.torproject.org ``` -- [ ] Deploy `tor-website` MR +- [ ] Deploy `tor-blog` MR - [ ] On `staticiforme.torproject.org`, remove old release: - **NOTE**: Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Stable.md ===================================== @@ -152,10 +152,8 @@ Tor Browser Stable is on the `maint-${TOR_BROWSER_MAJOR}.${TOR_BROWSER_MINOR}` b - [ ] `databags/versions.ini`: Update the downloads versions - `torbrowser-stable/version`: catch-all for latest stable version - `torbrowser-alpha/version`: catch-all for latest alpha version - - `torbrowser-legacy/version`: catch-all for latest ESR-115 version - `torbrowser-*-stable/version`: platform-specific stable versions - `torbrowser-*-alpha/version`: platform-specific alpha versions - - `torbrowser-*-legacy/version`: platform-specific legacy versions - [ ] Push to origin as new branch and create MR - [ ] Review - [ ] Merge View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser-update-responses][main] release: new version, 13.5.9
by morgan (＠morgan) 28 Oct '24

28 Oct '24

morgan pushed to branch main at The Tor Project / Applications / mullvad-browser-update-responses Commits: 290b8b79 by Morgan at 2024-10-28T21:29:34+00:00 release: new version, 13.5.9 - - - - - 29 changed files: - update_1/release/.htaccess - − update_1/release/13.5.2-13.5.7-linux-x86_64-ALL.xml - − update_1/release/13.5.2-13.5.7-macos-ALL.xml - − update_1/release/13.5.2-13.5.7-windows-x86_64-ALL.xml - − update_1/release/13.5.3-13.5.7-linux-x86_64-ALL.xml - − update_1/release/13.5.3-13.5.7-macos-ALL.xml - − update_1/release/13.5.3-13.5.7-windows-x86_64-ALL.xml - + update_1/release/13.5.3-13.5.9-linux-x86_64-ALL.xml - + update_1/release/13.5.3-13.5.9-macos-ALL.xml - + update_1/release/13.5.3-13.5.9-windows-x86_64-ALL.xml - − update_1/release/13.5.6-13.5.7-linux-x86_64-ALL.xml - − update_1/release/13.5.6-13.5.7-macos-ALL.xml - − update_1/release/13.5.6-13.5.7-windows-x86_64-ALL.xml - + update_1/release/13.5.6-13.5.9-linux-x86_64-ALL.xml - + update_1/release/13.5.6-13.5.9-macos-ALL.xml - + update_1/release/13.5.6-13.5.9-windows-x86_64-ALL.xml - + update_1/release/13.5.7-13.5.9-linux-x86_64-ALL.xml - + update_1/release/13.5.7-13.5.9-macos-ALL.xml - + update_1/release/13.5.7-13.5.9-windows-x86_64-ALL.xml - − update_1/release/13.5.7-linux-x86_64-ALL.xml - − update_1/release/13.5.7-macos-ALL.xml - − update_1/release/13.5.7-windows-x86_64-ALL.xml - + update_1/release/13.5.9-linux-x86_64-ALL.xml - + update_1/release/13.5.9-macos-ALL.xml - + update_1/release/13.5.9-windows-x86_64-ALL.xml - update_1/release/download-linux-x86_64.json - update_1/release/download-macos.json - update_1/release/download-windows-x86_64.json - update_1/release/downloads.json Changes: ===================================== update_1/release/.htaccess ===================================== @@ -1,22 +1,22 @@ RewriteEngine On -RewriteRule ^[^/]+/13.5.7/ no-update.xml [last] -RewriteRule ^Linux_x86_64-gcc3/13.5.2/ALL 13.5.2-13.5.7-linux-x86_64-ALL.xml [last] -RewriteRule ^Linux_x86_64-gcc3/13.5.3/ALL 13.5.3-13.5.7-linux-x86_64-ALL.xml [last] -RewriteRule ^Linux_x86_64-gcc3/13.5.6/ALL 13.5.6-13.5.7-linux-x86_64-ALL.xml [last] -RewriteRule ^Linux_x86_64-gcc3/[^/]+/ALL 13.5.7-linux-x86_64-ALL.xml [last] -RewriteRule ^Linux_x86_64-gcc3/ 13.5.7-linux-x86_64-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/13.5.2/ALL 13.5.2-13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/13.5.3/ALL 13.5.3-13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/13.5.6/ALL 13.5.6-13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/[^/]+/ALL 13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/ 13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/13.5.2/ALL 13.5.2-13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/13.5.3/ALL 13.5.3-13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/13.5.6/ALL 13.5.6-13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/[^/]+/ALL 13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/ 13.5.7-macos-ALL.xml [last] -RewriteRule ^WINNT_x86_64-gcc3-x64/13.5.2/ALL 13.5.2-13.5.7-windows-x86_64-ALL.xml [last] -RewriteRule ^WINNT_x86_64-gcc3-x64/13.5.3/ALL 13.5.3-13.5.7-windows-x86_64-ALL.xml [last] -RewriteRule ^WINNT_x86_64-gcc3-x64/13.5.6/ALL 13.5.6-13.5.7-windows-x86_64-ALL.xml [last] -RewriteRule ^WINNT_x86_64-gcc3-x64/[^/]+/ALL 13.5.7-windows-x86_64-ALL.xml [last] -RewriteRule ^WINNT_x86_64-gcc3-x64/ 13.5.7-windows-x86_64-ALL.xml [last] +RewriteRule ^[^/]+/13.5.9/ no-update.xml [last] +RewriteRule ^Linux_x86_64-gcc3/13.5.3/ALL 13.5.3-13.5.9-linux-x86_64-ALL.xml [last] +RewriteRule ^Linux_x86_64-gcc3/13.5.6/ALL 13.5.6-13.5.9-linux-x86_64-ALL.xml [last] +RewriteRule ^Linux_x86_64-gcc3/13.5.7/ALL 13.5.7-13.5.9-linux-x86_64-ALL.xml [last] +RewriteRule ^Linux_x86_64-gcc3/[^/]+/ALL 13.5.9-linux-x86_64-ALL.xml [last] +RewriteRule ^Linux_x86_64-gcc3/ 13.5.9-linux-x86_64-ALL.xml [last] +RewriteRule ^Darwin_x86_64-gcc3/13.5.3/ALL 13.5.3-13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_x86_64-gcc3/13.5.6/ALL 13.5.6-13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_x86_64-gcc3/13.5.7/ALL 13.5.7-13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_x86_64-gcc3/[^/]+/ALL 13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_x86_64-gcc3/ 13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_aarch64-gcc3/13.5.3/ALL 13.5.3-13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_aarch64-gcc3/13.5.6/ALL 13.5.6-13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_aarch64-gcc3/13.5.7/ALL 13.5.7-13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_aarch64-gcc3/[^/]+/ALL 13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_aarch64-gcc3/ 13.5.9-macos-ALL.xml [last] +RewriteRule ^WINNT_x86_64-gcc3-x64/13.5.3/ALL 13.5.3-13.5.9-windows-x86_64-ALL.xml [last] +RewriteRule ^WINNT_x86_64-gcc3-x64/13.5.6/ALL 13.5.6-13.5.9-windows-x86_64-ALL.xml [last] +RewriteRule ^WINNT_x86_64-gcc3-x64/13.5.7/ALL 13.5.7-13.5.9-windows-x86_64-ALL.xml [last] +RewriteRule ^WINNT_x86_64-gcc3-x64/[^/]+/ALL 13.5.9-windows-x86_64-ALL.xml [last] +RewriteRule ^WINNT_x86_64-gcc3-x64/ 13.5.9-windows-x86_64-ALL.xml [last] ===================================== update_1/release/13.5.2-13.5.7-linux-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7_…" hashFunction="SHA512" hashValue="af369771c47e501087688dbeb8208e43049662b49bae8d1fe2d7df01e3753a85533b2d459443e3b964e907bc001d0702c513381e002046b58ca0ee4446f590d6" size="108568555" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64--13.5.2…" hashFunction="SHA512" hashValue="2663d8ce635ff74ba918dbe25d0c5825d2d4c8165c3787e33cd7d45f77942e4335512925ef811dc9ebad4eb3a11e4f075218677ef4fdc24af3afd6034cf563c7" size="9922496" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.2-13.5.7-macos-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7_ALL.mar" hashFunction="SHA512" hashValue="59b07cbf26390ab433bbf2272d74f51a1f5cc989489a287ac455e076ca9f617570caf83d6b7cddbcab387f54f314df618cbf9b58a5f98dc22bd0373de4e66ff2" size="115983263" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos--13.5.2-13.5.7…" hashFunction="SHA512" hashValue="5e189999e120b9222cf154dc0e7940c3bdabc3e3b106eb0d419072418c37d12a3b0a088b261cbbf5198570441976dfc0ad120d45ab29db163fa6136aebea7f05" size="74687157" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.2-13.5.7-windows-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="46b75500faa2093309dc86f5f67b18fb7915137dce9e427969a9bbc9a8aa9ff38ba4822af004423461b150a9b2b753283dfbe16cd1a6a35e9a72955e35f73f58" size="90221408" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64--13.5…" hashFunction="SHA512" hashValue="2c48a2ef71275ea21c21bbfad86ecfa77917eb111272cce7b471c6a5c00ca059d05a152abfc06901b8fc4e631bba85bab119dfd46eb905794f8edf5c49ebd524" size="9380112" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.3-13.5.7-linux-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7_…" hashFunction="SHA512" hashValue="af369771c47e501087688dbeb8208e43049662b49bae8d1fe2d7df01e3753a85533b2d459443e3b964e907bc001d0702c513381e002046b58ca0ee4446f590d6" size="108568555" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64--13.5.3…" hashFunction="SHA512" hashValue="65313fa43320a1ab740f0cc3bff0f0f74ddd0c8b0fbe1aa03c3d0372385381834ee50a6fd021780bab0bc244dafea3ddaa27ca0592f158740079749c097e7c44" size="8277260" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.3-13.5.7-macos-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7_ALL.mar" hashFunction="SHA512" hashValue="59b07cbf26390ab433bbf2272d74f51a1f5cc989489a287ac455e076ca9f617570caf83d6b7cddbcab387f54f314df618cbf9b58a5f98dc22bd0373de4e66ff2" size="115983263" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos--13.5.3-13.5.7…" hashFunction="SHA512" hashValue="47569d66dc984a3908c48d78b8fe23a25b22ca25ac07c47be406fcef161299588d9726a36816bd219733d2ecd19f4ab578354b60d97e16f4477cfe4d7401cb52" size="73756833" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.3-13.5.7-windows-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="46b75500faa2093309dc86f5f67b18fb7915137dce9e427969a9bbc9a8aa9ff38ba4822af004423461b150a9b2b753283dfbe16cd1a6a35e9a72955e35f73f58" size="90221408" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64--13.5…" hashFunction="SHA512" hashValue="cec2555dd5b654a4f14346240d454546a60870281e20576d12ed591afdf101c0ced81c50e6767f606dad86443cae5aaaabe2da39c3c6c3a10be6cfcd8b42885e" size="7728532" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.3-13.5.9-linux-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9_…" hashFunction="SHA512" hashValue="0509bb4cd1b2d46f36d4a050ef8ad3448efd2abdbd2846c72d0549a71e797dc0d2cfe5b053d3fa2c597b563e269235c783311523f8003f216beae30809a84be0" size="108579271" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64--13.5.3…" hashFunction="SHA512" hashValue="57a75211b726faa79df5452e88ef6fac26dd93565ac9ebe4f837727db93265b403f1b35ff29d994305d4847d2c3b28f85d3a3527114fcede43d7b874e4a8081e" size="9201740" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.3-13.5.9-macos-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9_ALL.mar" hashFunction="SHA512" hashValue="447d4ecfa1672522e2ab715d3efa75dd733608fab2fd62238f976da31c9c7735534b98f0e59485635be5bc982f7f9a863ed9074a1857f1597f88a38875fcbc18" size="115980975" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos--13.5.3-13.5.9…" hashFunction="SHA512" hashValue="7ce187e66e46af2ad0cc6406691d922c034cabd31429671bbe04739b7ecabe4efee3435327418059c42669395af95a837727f7ff94840532ad07d6ab0f29bfc5" size="12323083" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.3-13.5.9-windows-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="c77fb5c8ceca6c3a64dd721627fdb927750cda0d89b35d4fc2ad8dbe93e1dc5979aa17587084345d48a9ff91871bb28078a97adc180e3bc527bf531a36a65b92" size="90216412" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64--13.5…" hashFunction="SHA512" hashValue="48089f449eaff0db27c25d9714021911976e0affe96e8d4ab85dd0bc274b8f927326570fceff56f1dec88359f8bb599d82e144c70acac94242cbfd6b6ddc769f" size="8574548" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.6-13.5.7-linux-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7_…" hashFunction="SHA512" hashValue="af369771c47e501087688dbeb8208e43049662b49bae8d1fe2d7df01e3753a85533b2d459443e3b964e907bc001d0702c513381e002046b58ca0ee4446f590d6" size="108568555" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64--13.5.6…" hashFunction="SHA512" hashValue="c088804e68c6e559ed6f099a70ff0c30c1b0252dd79f923685aa2214a246eb25470c9b71fb9642b3b26395c95cc07c331e8ac38f8f21e793d3bcd4623e0b4b6e" size="6118343" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.6-13.5.7-macos-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7_ALL.mar" hashFunction="SHA512" hashValue="59b07cbf26390ab433bbf2272d74f51a1f5cc989489a287ac455e076ca9f617570caf83d6b7cddbcab387f54f314df618cbf9b58a5f98dc22bd0373de4e66ff2" size="115983263" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos--13.5.6-13.5.7…" hashFunction="SHA512" hashValue="27fc2e72214dff74e33cdf1b48a23e1eef68ff5fbad410d5c950fa405a5b9735f7c51fbf354265456fa4b8ef3608fd6bc0b86c50a4110fe94fded869644172e0" size="73490217" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.6-13.5.7-windows-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="46b75500faa2093309dc86f5f67b18fb7915137dce9e427969a9bbc9a8aa9ff38ba4822af004423461b150a9b2b753283dfbe16cd1a6a35e9a72955e35f73f58" size="90221408" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64--13.5…" hashFunction="SHA512" hashValue="9cf03126215b6ed60631dfdb0fd8efcf89c464d222d391e67ded1c9fbab0e85732beb64f3365e39294ea5ac4668319c266d39f359a464bdf6a7cad80b9bd7ec0" size="5503319" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.6-13.5.9-linux-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9_…" hashFunction="SHA512" hashValue="0509bb4cd1b2d46f36d4a050ef8ad3448efd2abdbd2846c72d0549a71e797dc0d2cfe5b053d3fa2c597b563e269235c783311523f8003f216beae30809a84be0" size="108579271" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64--13.5.6…" hashFunction="SHA512" hashValue="a453255224f041ad901d6c190c122d80a259c18132397eaa0818bf09e064385ef046c442f917d71ce451f43625fd8be52390d99fece3157f7dac2caa4718f68d" size="7875260" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.6-13.5.9-macos-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9_ALL.mar" hashFunction="SHA512" hashValue="447d4ecfa1672522e2ab715d3efa75dd733608fab2fd62238f976da31c9c7735534b98f0e59485635be5bc982f7f9a863ed9074a1857f1597f88a38875fcbc18" size="115980975" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos--13.5.6-13.5.9…" hashFunction="SHA512" hashValue="d216180c8a02cef44fe48206b365e22768789989a378e72b725d480942de15d2175f424c153d181e92773acfa7b8efe69d9c9c2209bf028f660a1e7bdba726db" size="11713215" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.6-13.5.9-windows-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="c77fb5c8ceca6c3a64dd721627fdb927750cda0d89b35d4fc2ad8dbe93e1dc5979aa17587084345d48a9ff91871bb28078a97adc180e3bc527bf531a36a65b92" size="90216412" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64--13.5…" hashFunction="SHA512" hashValue="cc20bd3e5b9c95d83ea88b1b07d32712b0140e044bdf498cfa5e06341d54e79de4ab30f08f944bea264c617965bcd7c287a6a78769f221b5358cb2f7c2ce2188" size="7936520" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.7-13.5.9-linux-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9_…" hashFunction="SHA512" hashValue="0509bb4cd1b2d46f36d4a050ef8ad3448efd2abdbd2846c72d0549a71e797dc0d2cfe5b053d3fa2c597b563e269235c783311523f8003f216beae30809a84be0" size="108579271" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64--13.5.7…" hashFunction="SHA512" hashValue="30c3b27b8b74609f4e9422d0fa4f2aba3a96511914c6081cf240105312591b3becc1ea34159e577b28a9151ac87f2d347a6483d5de23641af0a9fe260c61f6bb" size="5392982" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.7-13.5.9-macos-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9_ALL.mar" hashFunction="SHA512" hashValue="447d4ecfa1672522e2ab715d3efa75dd733608fab2fd62238f976da31c9c7735534b98f0e59485635be5bc982f7f9a863ed9074a1857f1597f88a38875fcbc18" size="115980975" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos--13.5.7-13.5.9…" hashFunction="SHA512" hashValue="8c8d06aeb231e341e50d7bed5895a6e6fae9dc2cb7672e569212903ac213f076bbd787a9384de1b7ad2e602288cd730af1256c97074fc9ed6299d36c2f9b850e" size="9011378" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.7-13.5.9-windows-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="c77fb5c8ceca6c3a64dd721627fdb927750cda0d89b35d4fc2ad8dbe93e1dc5979aa17587084345d48a9ff91871bb28078a97adc180e3bc527bf531a36a65b92" size="90216412" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64--13.5…" hashFunction="SHA512" hashValue="0075162cb309eb7cca6f47e4d73c30741ab0b260f1b7973d6eb5859a8063d9edeb7d0eaa347af27c7ac38faa0a89cc4f12d81a18d381fc0d594d14b20cbd63ae" size="5310170" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.7-linux-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7_…" hashFunction="SHA512" hashValue="af369771c47e501087688dbeb8208e43049662b49bae8d1fe2d7df01e3753a85533b2d459443e3b964e907bc001d0702c513381e002046b58ca0ee4446f590d6" size="108568555" type="complete"></patch></update></updates> ===================================== update_1/release/13.5.7-macos-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7_ALL.mar" hashFunction="SHA512" hashValue="59b07cbf26390ab433bbf2272d74f51a1f5cc989489a287ac455e076ca9f617570caf83d6b7cddbcab387f54f314df618cbf9b58a5f98dc22bd0373de4e66ff2" size="115983263" type="complete"></patch></update></updates> ===================================== update_1/release/13.5.7-windows-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="46b75500faa2093309dc86f5f67b18fb7915137dce9e427969a9bbc9a8aa9ff38ba4822af004423461b150a9b2b753283dfbe16cd1a6a35e9a72955e35f73f58" size="90221408" type="complete"></patch></update></updates> ===================================== update_1/release/13.5.9-linux-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9_…" hashFunction="SHA512" hashValue="0509bb4cd1b2d46f36d4a050ef8ad3448efd2abdbd2846c72d0549a71e797dc0d2cfe5b053d3fa2c597b563e269235c783311523f8003f216beae30809a84be0" size="108579271" type="complete"></patch></update></updates> ===================================== update_1/release/13.5.9-macos-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9_ALL.mar" hashFunction="SHA512" hashValue="447d4ecfa1672522e2ab715d3efa75dd733608fab2fd62238f976da31c9c7735534b98f0e59485635be5bc982f7f9a863ed9074a1857f1597f88a38875fcbc18" size="115980975" type="complete"></patch></update></updates> ===================================== update_1/release/13.5.9-windows-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="c77fb5c8ceca6c3a64dd721627fdb927750cda0d89b35d4fc2ad8dbe93e1dc5979aa17587084345d48a9ff91871bb28078a97adc180e3bc527bf531a36a65b92" size="90216412" type="complete"></patch></update></updates> ===================================== update_1/release/download-linux-x86_64.json ===================================== @@ -1 +1 @@ -{"binary":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7.…","git_tag":"mb-13.5.7-build3","sig":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7.…","version":"13.5.7"} \ No newline at end of file +{"binary":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9.…","git_tag":"mb-13.5.9-build2","sig":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9.…","version":"13.5.9"} \ No newline at end of file ===================================== update_1/release/download-macos.json ===================================== @@ -1 +1 @@ -{"binary":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7.dmg","git_tag":"mb-13.5.7-build3","sig":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7.dmg.asc","version":"13.5.7"} \ No newline at end of file +{"binary":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9.dmg","git_tag":"mb-13.5.9-build2","sig":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9.dmg.asc","version":"13.5.9"} \ No newline at end of file ===================================== update_1/release/download-windows-x86_64.json ===================================== @@ -1 +1 @@ -{"binary":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…","git_tag":"mb-13.5.7-build3","sig":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…","version":"13.5.7"} \ No newline at end of file +{"binary":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…","git_tag":"mb-13.5.9-build2","sig":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…","version":"13.5.9"} \ No newline at end of file ===================================== update_1/release/downloads.json ===================================== @@ -1 +1 @@ -{"downloads":{"linux-x86_64":{"ALL":{"binary":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7.…","sig":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7.…"}},"macos":{"ALL":{"binary":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7.dmg","sig":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7.dmg.asc"}},"win64":{"ALL":{"binary":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…","sig":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…"}}},"tag":"mb-13.5.7-build3","version":"13.5.7"} \ No newline at end of file +{"downloads":{"linux-x86_64":{"ALL":{"binary":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9.…","sig":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9.…"}},"macos":{"ALL":{"binary":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9.dmg","sig":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9.dmg.asc"}},"win64":{"ALL":{"binary":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…","sig":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…"}}},"tag":"mb-13.5.9-build2","version":"13.5.9"} \ No newline at end of file View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser-update-respo… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser-update-respo… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41252: Only build update responses for Mullvad Browser
by morgan (＠morgan) 28 Oct '24

28 Oct '24

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: d96ed663 by Morgan at 2024-10-28T19:32:32+00:00 Bug 41252: Only build update responses for Mullvad Browser - - - - - 1 changed file: - tools/signing/do-all-signing Changes: ===================================== tools/signing/do-all-signing ===================================== @@ -197,4 +197,6 @@ do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo do_step sync-local-to-staticiforme do_step sync-scripts-to-staticiforme do_step staticiforme-prepare-cdn-dist-upload +is_project mullvadbrowser && \ + do_step upload-update_responses-to-staticiforme do_step finished-signing-clean-linux-signer View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41290: Remove android signing in do-all-signing
by morgan (＠morgan) 28 Oct '24

28 Oct '24

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 9951e817 by Nicolas Vigier at 2024-10-28T18:12:37+01:00 Bug 41290: Remove android signing in do-all-signing - - - - - 1 changed file: - tools/signing/do-all-signing Changes: ===================================== tools/signing/do-all-signing ===================================== @@ -17,11 +17,6 @@ test -f "$steps_dir/linux-signer-signmars.done" || read -sp "Enter $nssdb (mar signing) passphrase: " NSSPASS echo -if is_project torbrowser; then - test -f "$steps_dir/linux-signer-sign-android-apks.done" || - read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS - echo -fi test -f "$steps_dir/linux-signer-authenticode-signing.done" || read -sp "Enter windows authenticode passphrase: " YUBIPASS echo @@ -190,10 +185,6 @@ do_step sync-scripts-to-linux-signer do_step sync-before-linux-signer-signmars do_step linux-signer-signmars do_step sync-after-signmars -is_project torbrowser && \ - do_step linux-signer-sign-android-apks -is_project torbrowser && \ - do_step sync-after-sign-android-apks do_step linux-signer-authenticode-signing do_step sync-after-authenticode-signing do_step authenticode-timestamping View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41252: Do not run upload-update_responses-to-staticiforme
by boklm (＠boklm) 28 Oct '24

28 Oct '24

boklm pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 53f72a36 by Nicolas Vigier at 2024-10-28T17:53:06+01:00 Bug 41252: Do not run upload-update_responses-to-staticiforme When signing a 13.5-legacy release, don't update and upload update_responses. The update_responses containing both the 14.0 and 13.5-legacy releases will be generated from the `maint-14.0` branch. - - - - - 1 changed file: - tools/signing/do-all-signing Changes: ===================================== tools/signing/do-all-signing ===================================== @@ -206,5 +206,4 @@ do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo do_step sync-local-to-staticiforme do_step sync-scripts-to-staticiforme do_step staticiforme-prepare-cdn-dist-upload -do_step upload-update_responses-to-staticiforme do_step finished-signing-clean-linux-signer View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-14.0.1-build2
by Pier Angelo Vendrame (＠pierov) 28 Oct '24

28 Oct '24

Pier Angelo Vendrame pushed new tag tbb-14.0.1-build2 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41277 (fix): Remove 13.5.9 from incrementals.
by Pier Angelo Vendrame (＠pierov) 28 Oct '24

28 Oct '24

Pier Angelo Vendrame pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 7e3a10f5 by Pier Angelo Vendrame at 2024-10-28T16:27:19+01:00 Bug 41277 (fix): Remove 13.5.9 from incrementals. - - - - - 1 changed file: - rbm.conf Changes: ===================================== rbm.conf ===================================== @@ -74,7 +74,7 @@ buildconf: var: torbrowser_version: '14.0.1' - torbrowser_build: 'build1' + torbrowser_build: 'build2' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. browser_release_date: '2024/10/28 09:00:00' @@ -83,7 +83,6 @@ var: build_mar: 1 torbrowser_incremental_from: - '[% IF c("var/tor-browser") %]14.0[% END %]' - - '13.5.9' - '13.5.7' mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41289: Fix --tor-browser in relprep.py.
by Pier Angelo Vendrame (＠pierov) 28 Oct '24

28 Oct '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 2ee87ab2 by Pier Angelo Vendrame at 2024-10-28T12:32:13+01:00 Bug 41289: Fix --tor-browser in relprep.py. --tor-browser enabled also Mullvad Browser, probably because of a copy-paste error. - - - - - 1 changed file: - tools/relprep.py Changes: ===================================== tools/relprep.py ===================================== @@ -92,7 +92,7 @@ class ReleasePreparation: self.repo = Repo(self.base_path) self.tor_browser = bool(kwargs.get("tor_browser", True)) - self.mullvad_browser = bool(kwargs.get("tor_browser", True)) + self.mullvad_browser = bool(kwargs.get("mullvad_browser", True)) if not self.tor_browser and not self.mullvad_browser: raise ValueError("Nothing to do") self.android = kwargs.get("android", self.tor_browser) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41282: Downgrade to Python 3.9.
by Pier Angelo Vendrame (＠pierov) 28 Oct '24

28 Oct '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 9c66c1ac by Pier Angelo Vendrame at 2024-10-28T11:59:55+01:00 Bug 41282: Downgrade to Python 3.9. MozBug 1924022 introduced a dependency on the Python built-in SSL module. This caused an error in our Linux builds, because we run them in a very old version of Debian that still uses OpenSSL 1.1.0, which is not compatible with Python SSL module since Python 3.10. The less intrusive way to resolve this is to downgrade to Python 3.9.x, which is still supported by all our projects. Also, switch to hashes to verify the Python source tarball, as the Python Software Foundation often rotates keys, which reduces the advantages of verifying the signature rather than the hash for us. - - - - - 2 changed files: - − keyring/python.gpg - projects/python/config Changes: ===================================== keyring/python.gpg deleted ===================================== Binary files a/keyring/python.gpg and /dev/null differ ===================================== projects/python/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 3.11.3 +version: 3.9.20 filename: 'python-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -24,9 +24,7 @@ input_files: - project: container-image - name: python URL: 'https://www.python.org/ftp/python/[% c("version") %]/Python-[% c("version") %].tar.xz' - gpg_keyring: python.gpg - sig_ext: asc - file_gpg_id: 1 + sha256sum: 6b281279efd85294d2d6993e173983a57464c0133956fbbb5536ec9646beaf0c - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' enable: '[% c("var/linux") %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-14.0.1-build1
by Pier Angelo Vendrame (＠pierov) 28 Oct '24

28 Oct '24

Pier Angelo Vendrame pushed new tag tbb-14.0.1-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] 3 commits: Bug 41282: Downgrade to Python 3.9.
by Pier Angelo Vendrame (＠pierov) 28 Oct '24

28 Oct '24

Pier Angelo Vendrame pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 6f8d7791 by Pier Angelo Vendrame at 2024-10-28T10:03:33+01:00 Bug 41282: Downgrade to Python 3.9. MozBug 1924022 introduced a dependency on the Python built-in SSL module. This caused an error in our Linux builds, because we run them in a very old version of Debian that still uses OpenSSL 1.1.0, which is not compatible with Python SSL module since Python 3.10. The less intrusive way to resolve this is to downgrade to Python 3.9.x, which is still supported by all our projects. Also, switch to hashes to verify the Python source tarball, as the Python Software Foundation often rotates keys, which reduces the advantages of verifying the signature rather than the hash for us. - - - - - bcb2346e by Pier Angelo Vendrame at 2024-10-28T10:03:35+01:00 Bug 41289: Fix --tor-browser in relprep.py. --tor-browser enabled also Mullvad Browser, probably because of a copy-paste error. - - - - - f076e0b0 by Pier Angelo Vendrame at 2024-10-28T11:56:11+01:00 Bug 41277: Prepare Tor Browser release 14.0.1. - - - - - 10 changed files: - − keyring/python.gpg - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/firefox/config - projects/geckoview/config - projects/manual/config - projects/python/config - projects/tor/config - projects/translation/config - rbm.conf - tools/relprep.py Changes: ===================================== keyring/python.gpg deleted ===================================== Binary files a/keyring/python.gpg and /dev/null differ ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,18 @@ +Tor Browser 14.0.1 - October 29 2024 + * All Platforms + * Updated Tor to 0.4.8.13 + * Bug 43231: Rebase Tor Browser 128-based stable and alpha onto 128.4.0esr [tor-browser] + * Bug 43240: Backport security fixes from Firefox 132 [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 128.4.0esr + * Android + * Updated GeckoView to 128.4.0esr + * Build System + * All Platforms + * Bug 41289: Fix single-browser in relprep.py [tor-browser-build] + * Linux + * Bug 41282: Add SSL to our custom Python for MozBug 1924022 [tor-browser-build] + Tor Browser 14.0 - October 17 2024 * All Platforms * Bug 30543: compat: make spoofed orientation reflect spoofed screen dimensions [1607032 + 1918202] [tor-browser] ===================================== projects/firefox/config ===================================== @@ -14,12 +14,12 @@ container: use_container: 1 var: - firefox_platform_version: '128.3.0' + firefox_platform_version: '128.4.0' firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '14.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 6 + browser_build: 2 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' @@ -107,7 +107,7 @@ targets: gitlab_project: https://gitlab.torproject.org/tpo/applications/mullvad-browser updater_url: 'https://cdn.mullvad.net/browser/update_responses/update_1/' nightly_updates_publish_dir_prefix: mullvadbrowser- - browser_build: 3 + browser_build: 1 linux-x86_64: var: ===================================== projects/geckoview/config ===================================== @@ -16,12 +16,12 @@ container: build_apk: 1 var: - firefox_platform_version: '128.3.0' + firefox_platform_version: '128.4.0' geckoview_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '14.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 6 + browser_build: 2 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 214072 +version: 215922 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -23,6 +23,6 @@ input_files: - project: container-image - URL: 'https://build-sources.tbb.torproject.org/manual_[% c("version") %].zip' name: manual - sha256sum: 744fc65f6dd2cc2b85f4927fbb55ff6e17f06b9c99bd0bae7a311d732438b818 + sha256sum: b5ed703f54d52e9f197320f3698e936d585a3fed23cc4f9fbf59edce2869f885 - filename: packagemanual.py name: package_script ===================================== projects/python/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 3.11.3 +version: 3.9.20 filename: 'python-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -24,9 +24,7 @@ input_files: - project: container-image - name: python URL: 'https://www.python.org/ftp/python/[% c("version") %]/Python-[% c("version") %].tar.xz' - gpg_keyring: python.gpg - sig_ext: asc - file_gpg_id: 1 + sha256sum: 6b281279efd85294d2d6993e173983a57464c0133956fbbb5536ec9646beaf0c - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' enable: '[% c("var/linux") %]' ===================================== projects/tor/config ===================================== @@ -1,6 +1,6 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' -version: 0.4.8.12 +version: 0.4.8.13 git_hash: 'tor-[% c("version") %]' git_url: https://gitlab.torproject.org/tpo/core/tor.git git_submodule: 1 ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: 547400dd678f476ec38efde2cf703d57c1a3e8c7 + git_hash: 3b1be2065b54939ed019d94174f137847bcf3c66 targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: 38d5c3b11cfb96833ae2c7dc3122829b29583d6f + git_hash: ba63bd165f3fd4bdd472815c9761413d4671cfb7 targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: 705bbd235cadf827b6d4e0003d59c290f2feaa44 + git_hash: 60f82208b8a0a95e91fdb4dcefe8d394c17f64ba compress_tar: 'zst' targets: nightly: ===================================== rbm.conf ===================================== @@ -73,22 +73,22 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '14.0' + torbrowser_version: '14.0.1' torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2024/10/16 16:45:00' + browser_release_date: '2024/10/28 09:00:00' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: - - 13.5.7 - - 13.5.6 - - 13.5.5 + - '[% IF c("var/tor-browser") %]14.0[% END %]' + - '13.5.9' + - '13.5.7' mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' - torbrowser_legacy_version: 13.5.7 - torbrowser_legacy_platform_version: 115.16.0 + torbrowser_legacy_version: 13.5.9 + torbrowser_legacy_platform_version: 115.17.0 # By default, we sort the list of installed packages. This allows sharing # containers with identical list of packages, even if they are not listed ===================================== tools/relprep.py ===================================== @@ -92,7 +92,7 @@ class ReleasePreparation: self.repo = Repo(self.base_path) self.tor_browser = bool(kwargs.get("tor_browser", True)) - self.mullvad_browser = bool(kwargs.get("tor_browser", True)) + self.mullvad_browser = bool(kwargs.get("mullvad_browser", True)) if not self.tor_browser and not self.mullvad_browser: raise ValueError("Nothing to do") self.android = kwargs.get("android", self.tor_browser) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.4.0esr-14.0-1-build2
by Pier Angelo Vendrame (＠pierov) 28 Oct '24

28 Oct '24

Pier Angelo Vendrame pushed new tag tor-browser-128.4.0esr-14.0-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Update rbm for rbm#40006
by boklm (＠boklm) 28 Oct '24

28 Oct '24

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: f3bcd325 by Nicolas Vigier at 2024-10-28T09:49:28+01:00 Update rbm for rbm#40006 - - - - - 1 changed file: - rbm Changes: ===================================== rbm ===================================== @@ -1 +1 @@ -Subproject commit 1e0cfb68e958c1b22ac51fd32859781b8da2bc93 +Subproject commit f18daa3f93d1aec674e4ba0dfbd22ac6afd6f8c9 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/rbm][main] Bug 40006: Add option to avoid doing a git checkout when using the exec template function
by boklm (＠boklm) 28 Oct '24

28 Oct '24

boklm pushed to branch main at The Tor Project / Applications / RBM Commits: f18daa3f by Nicolas Vigier at 2024-10-27T17:22:45+01:00 Bug 40006: Add option to avoid doing a git checkout when using the exec template function The `exec_noco` option can be used to disable git or hg checkout when using the exec template function. We start using this option in the `abbrev` and `timestamp` options, which are running git and hg commands which don't need a checkout. - - - - - 3 changed files: - doc/rbm_templates.asc - lib/RBM.pm - lib/RBM/DefaultConfig.pm Changes: ===================================== doc/rbm_templates.asc ===================================== @@ -107,9 +107,11 @@ exec:: considered to be a script, which will be written to a temporary file and executed. The second argument of the exec function is an optional $options hash, used to override values of 'git_url', - 'hg_url', 'fetch', 'git_hash' or 'hg_hash'. If neither 'git_url' - nor 'hg_url' is set, the command is executed from the directory - where the 'rbm.conf' file is located. + 'hg_url', 'fetch', 'git_hash' or 'hg_hash'. Before running the + command a checkout of 'git_hash' or 'hg_hash' is done, unless + 'exec_noco' is set to true. If neither 'git_url' nor 'hg_url' + is set, the command is executed from the directory where the + 'rbm.conf' file is located. path:: A function to return an absolute path. It takes a path as first ===================================== lib/RBM.pm ===================================== @@ -551,15 +551,18 @@ sub execute { CORE::state %cache; my $res_name = ''; my $old_cwd = getcwd; + my $exec_noco = ref $options eq 'HASH' && $options->{exec_noco}; if (project_config($project, 'git_url', $options)) { my $git_hash = project_config($project, 'git_hash', $options) || exit_error "No git_hash specified for project $project"; $res_name = "git-$project-/-$git_hash-/-$cmd"; return $cache{$res_name} if exists $cache{$res_name}; git_clone_fetch_chdir($project, $options); - my ($stdout, $stderr, $success, $exit_code) + if (!$exec_noco) { + my ($stdout, $stderr, $success, $exit_code) = capture_exec('git', 'checkout', $git_hash); - exit_error "Cannot checkout $git_hash:\n$stderr" unless $success; + exit_error "Cannot checkout $git_hash:\n$stderr" unless $success; + } git_submodule_init_sync_update() if project_config($project, 'git_submodule', $options); } elsif (project_config($project, 'hg_url', $options)) { @@ -568,9 +571,11 @@ sub execute { $res_name = "hg-$project-/-$hg_hash-/-$cmd"; return $cache{$res_name} if exists $cache{$res_name}; hg_clone_fetch_chdir($project, $options); - my ($stdout, $stderr, $success, $exit_code) + if (!$exec_noco) { + my ($stdout, $stderr, $success, $exit_code) = capture_exec('hg', 'update', '-C', $hg_hash); - exit_error "Cannot checkout $hg_hash:\n$stderr" unless $success; + exit_error "Cannot checkout $hg_hash:\n$stderr" unless $success; + } } else { chdir($config->{basedir}); } ===================================== lib/RBM/DefaultConfig.pm ===================================== @@ -126,9 +126,9 @@ our %default_config = ( abbrev_length => '12', abbrev => '[% IF c("git_url"); - exec("git log -1 --abbrev=" _ c("abbrev_length") _ " --format=%h " _ c("git_hash")); + exec("git log -1 --abbrev=" _ c("abbrev_length") _ " --format=%h " _ c("git_hash"), { exec_noco => 1 }); ELSE; - exec(c("hg") _ " id -i -r " _ c("hg_hash")); + exec(c("hg") _ " id -i -r " _ c("hg_hash"), { exec_noco => 1 }); END; %]', timestamp => sub { @@ -136,12 +136,14 @@ our %default_config = ( if (RBM::project_config($project, 'git_url', $options)) { my $git_hash = RBM::project_config($project, 'git_hash', $options); return RBM::execute($project, - "git show -s --format=format:%ct ${git_hash}^{commit}", $options); + "git show -s --format=format:%ct ${git_hash}^{commit}", + { %$options, exec_noco => 1 }); } elsif (RBM::project_config($project, 'hg_url', $options)) { my $hg = RBM::project_config($project, 'hg', $options); my $hg_hash = RBM::project_config($project, 'hg_hash', $options); my $changeset = RBM::execute($project, - "$hg export --noninteractive -r $hg_hash", $options); + "$hg export --noninteractive -r $hg_hash", + { %$options, exec_noco => 1 }); foreach my $line (split "\n", $changeset) { return $1 if ($line =~ m/^# Date (\d+) \d+/); } View it on GitLab: https://gitlab.torproject.org/tpo/applications/rbm/-/commit/f18daa3f93d1aec… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/rbm/-/commit/f18daa3f93d1aec… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Update release prep issue templates
by morgan (＠morgan) 25 Oct '24

25 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 309821b4 by Morgan at 2024-10-25T00:31:34+00:00 Update release prep issue templates - - - - - 5 changed files: - .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md - .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md - .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md - + .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md - .gitlab/issue_templates/Release Prep - Tor Browser Stable.md Changes: ===================================== .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md ===================================== @@ -1,83 +1,96 @@ +# Release Prep Mullvad Browser Alpha + +- **NOTE** It is assumed the `mullvad-browser` alpha rebase and security backport tasks have been completed +- **NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue + <details> <summary>Explanation of variables</summary> -- `$(BUILD_SERVER)` : the server the main builder is using to build a mullvad-browser release -- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER) - - **example** : `pierov` -- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building mullvad-browser tags, labels, etc - - **example** : `91.6.0` -- `$(MULLVAD_BROWSER_MAJOR)` : the Mullvad Browser major version - - **example** : `11` -- `$(MULLVAD_BROWSER_MINOR)` : the Mullvad Browser minor version - - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` -- `$(MULLVAD_BROWSER_VERSION)` : the Mullvad Browser version in the format - - **example** : `12.5a3`, `12.0.3` -- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(MULLVAD_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build. - - **example** : `build1` -- `$(MULLVAD_BROWSER_BUILD_N)` : the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits - - **example** : `build2` - - **NOTE** : A project's `$(BUILD_N)` and `$(MULLVAD_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For **example** : - - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(MULLVAD_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(MULLVAD_BROWSER_VERSION)` will increase) - - if we have build failures unrelated to `mullvad-browser`, the `$(MULLVAD_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same. -- `$(MULLVAD_BROWSER_VERSION)` : the published Mullvad Browser version - - **example** : `11.5a6`, `11.0.7` -- `$(MB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Mullvad Browser version - - **example** : `mb-12.0.7-build1` +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${MULLVAD_BROWSER_MAJOR}`: the Mullvad Browser major version + - **example**: `11` +- `${MULLVAD_BROWSER_MINOR}`: the Mullvad Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${MULLVAD_BROWSER_VERSION}`: the Mullvad Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${MULLVAD_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${MULLVAD_BROWSER_BUILD_N}`: the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${MULLVAD_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For **example** : + - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${MULLVAD_BROWSER_BUILD_N}` value may stay at `build1` (but the `${MULLVAD_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `mullvad-browser`, the `${MULLVAD_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${MULLVAD_BROWSER_VERSION}`: the published Mullvad Browser version + - **example**: `11.5a6`, `11.0.7` +- `${MB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Mullvad Browser version + - **example**: `mb-12.0.7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` + </details> -**NOTE** It is assumed that the `tor-browser` alpha rebase and security backport tasks have been completed +<details> + <summary>Build Configuration</summary> -**NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue +### mullvad-browser: https://gitlab.torproject.org/tpo/applications/mullvad-browser.git -<details> - <summary>Building</summary> +- [ ] Tag `mullvad-browser` commit: + - **example**: `mullvad-browser-128.4.0esr-14.5-1-build1` ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git Mullvad Browser Alpha (and Nightly) are on the `main` branch -- [ ] Update `rbm.conf` - - [ ] `var/torbrowser_version` : update to next version - - [ ] `var/torbrowser_build` : update to `$(MULLVAD_BROWSER_BUILD_N)` - - [ ] `var/browser_release_date` : update to build date. For the build to be reproducible, the date should be in the past when building. - - [ ] `var/torbrowser_incremental_from` : update to previous Desktop version - - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update - - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail -- [ ] Update build configs - - [ ] Update `projects/firefox/config` - - [ ] `browser_build` : update to match `mullvad-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased - - [ ] Update `projects/translation/config`: - - [ ] run `make list_translation_updates-alpha` to get updated hashes - - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch - - [ ] `steps/mullvad-browser/git_hash` : update with `HEAD` commit of project's `mullvad-browser` branch -- [ ] Update common build configs - - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript - - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for uBlock-origin updates here : https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ - - [ ] ***(Optional)*** If new version available, update `ublock-origin` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for Mullvad Browser Extension updates here : https://github.com/mullvad/browser-extension/releases - - [ ] ***(Optional)*** If new version available, update `mullvad-extension` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` -- [ ] Update `ChangeLog-MB.txt` - - [ ] Ensure `ChangeLog-MB.txt` is sync'd between alpha and stable branches - - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones - - [ ] Run `./tools/fetch_changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs` - - Make sure you have `requests` installed (e.g., `apt install python3-requests`) - - The first time you run this script you will need to generate an access token; the script will guide you - - `$updateArgs` should be these arguments, depending on what you actually updated: - - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case) - - [ ] `--no-script` - - [ ] `--ublock` - - E.g., `./tools/fetch_changelogs.py 41029 --date 'December 19 2023' --firefox 115.6.0esr --no-script 11.4.29 --ublock 1.54.0` - - `--date $date` is optional, if omitted it will be the date on which you run the command - - [ ] Copy the output of the script to the beginning of `ChangeLog-MB.txt` and adjust its output +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `mullvad-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the `main` branch +- [ ] Run release preparation script: + - **NOTE**: You can omit the `--mullvad-browser` argument if this is for a joint Tor and Mullvad Browser release + - **⚠️ WARNING**: You may need to manually update the `firefox/config` file's `browser_build` field if `mullvad-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) + ```bash + ./tools/relprep.py --mullvad-browser --date ${RELEASE_DATE} ${MULLVAD_BROWSER_VERSION} + ``` +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${MULLVAD_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox` tag, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrowser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail + - [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `mullvad-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/mullvad-browser/git_hash`: updated with `HEAD` commit of project's `mullvad-browser` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] uBlock-origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] Mullvad Browser extension: https://github.com/mullvad/browser-extension/releases + - [ ] `URL` updated + - [ ] `sha256sum` updated + - [ ] `ChangeLog-MB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct - [ ] Open MR with above changes, using the template for release preparations + - **NOTE**: target the `main` branch - [ ] Merge - [ ] Sign+Tag - **NOTE** this must be done by one of: @@ -86,16 +99,25 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch - ma1 - morgan - pierov - - [ ] Run: `make mullvadbrowser-signtag-alpha` + - [ ] Run: + ```bash + make mullvadbrowser-signtag-alpha + ``` - [ ] Push tag to `upstream` - [ ] Build the tag: - - Run `make mullvadbrowser-alpha && make mullvadbrowser-incrementals-alpha` on: + - [ ] Run: + ```bash + make mullvadbrowser-alpha && make mullvadbrowser-incrementals-alpha + ``` - [ ] Tor Project build machine - [ ] Local developer machine - [ ] Submit build request to Mullvad infrastructure: - **NOTE** this requires a devmole authentication token - - Run `make mullvadbrowser-kick-devmole-build` -- [ ] Ensure builders have matching builds + - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit + - [ ] Run: + ```bash + make mullvadbrowser-kick-devmole-build + ``` </details> @@ -105,64 +127,84 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch ### release signing - [ ] Assign this issue to the signer, one of: - boklm + - ma1 - morgan -- [ ] On `$(STAGING_SERVER)`, ensure updated: - - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N) && git checkout tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N)` + - pierov +- [ ] Ensure all builders have matching builds +- [ ] On `${STAGING_SERVER}`, ensure updated: + - **NOTE** Having a local git branch with `main` as the upstream branch with these values saved means you only need to periodically `git pull --rebase` and update the `set-config.tbb-version` file + - [ ] `tor-browser-build` is on the right commit: `git tag -v mb-${MULLVAD_BROWSER_VERSION}-${MULLVAD_BROWSER_BUILD_N} && git checkout mb-${MULLVAD_BROWSER_VERSION}-${MULLVAD_BROWSER_BUILD_N}` - [ ] `tor-browser-build/tools/signing/set-config.hosts` - - `ssh_host_builder` : ssh hostname of machine with unsigned builds - - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory) - - `ssh_host_linux_signer` : ssh hostname of linux signing machine + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` - - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos - [ ] `set-config.update-responses` - - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git` + - `update_responses_repository_dir`: directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git` - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` - - `tbb_version` : mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) - - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) - - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script: - - `cd tor-browser-build/tools/signing/` - - `./do-all-signing.mullvadbrowser` -- **NOTE**: at this point the signed binaries should have been copied to `staticiforme` -- [ ] Update `staticiforme.torproject.org`: - - From `screen` session on `staticiforme.torproject.org`: - - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser` - - [ ] Static update components (again) : `static-update-component dist.torproject.org` + - `tbb_version`: mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ```bash + cd tor-browser-build/tools/signing/ && ./do-all-signing.mullvadbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed </details> <details> <summary>Publishing</summary> +### website +- [ ] On `staticiforme.torproject.org`, remove old release and publish new: + - [ ] `/srv/dist-master.torproject.org/htdocs/mullvadbrowser` + - [ ] Run: + ```bash + static-update-component dist.torproject.org + ``` + ### mullvad-browser (GitHub): https://github.com/mullvad/mullvad-browser/ - [ ] Assign this issue to someone with mullvad commit access, one of: - boklm - ma1 - morgan - pierov +- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build: + - **Tag**: `${MULLVAD_BROWSER_VERSION}` + - **example**: `12.5a7` + - **Message**: `${ESR_VERSION}esr-based ${MULLVAD_BROWSER_VERSION}` + - **example**: `102.12.0esr-based 12.5a7` - [ ] Push this release's associated `mullvad-browser.git` branch to github - [ ] Push this release's associated tags to github: - [ ] Firefox ESR tag - - **example** : `FIREFOX_102_12_0esr_BUILD1` + - **example**: `FIREFOX_102_12_0esr_BUILD1` - [ ] `base-browser` tag - - **example** : `base-browser-102.12.0esr-12.0-1-build1` - - [ ] `mullvad-browser` tag - - **example** : `mullvad-browser-102.12.0esr-12.0-1-build1` -- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build: - - **Tag**: `$(MULLVAD_BROWSER_VERSION)` - - **example** : `12.5a7` - - **Message**: `$(ESR_VERSION)esr-based $(MULLVAD_BROWSER_VERSION)` - - **example** : `102.12.0esr-based 12.5a7` - - [ ] Push tag to github - -### email -- [ ] **(Once branch+tags pushed to GitHub)** Email Mullvad with release information: - - [ ] support alias: support(a)mullvadvpn.net - - [ ] Rui: rui(a)mullvad.net + - **example**: `base-browser-102.12.0esr-12.0-1-build1` + - [ ] `mullvad-browser` build tag + - **example**: `mullvad-browser-102.12.0esr-12.0-1-build1` + - [ ] `mullvad-browser` release tag + - **example**: `12.0.11` + +</details> + +<details> + <summary>Communications</summary> + +### Mullvad +- [ ] Email Mullvad with release information: + - **Recipients** + - Mullvad support alias: support(a)mullvadvpn.net + - Rui Hildt: rui(a)mullvad.net + ``` + support(a)mullvadvpn.net rui(a)mullvad.net + ``` - **Subject** ``` - New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed) + New build: Mullvad Browser ${MULLVAD_BROWSER_VERION} (signed) ``` - **Body** ``` @@ -170,28 +212,27 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch Branch+Tags have been pushed to Mullvad's GitHub repo. - - signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION) - - update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH) + - signed builds: https://dist.torproject.org/mullvadbrowser/${MULLVAD_BROWSER_VERSION} + - update_response hashes: ${MULLVAD_UPDATE_RESPONSES_HASH} changelog: + # paste changelog as quote here ... ``` -</details> - -<details> - <summary>Downstream</summary> - -### notify packagers -These steps depend on Mullvad having updated their [GitHub Releases](https://github.com/mullvad/mullvad-browser/releases/) page with the latest release -- [ ] **(Optional)** Email downstream consumers: +### packagers +- [ ] **(Optional, Once Packages are pushed to GitHub)** - **NOTE**: This is an optional step and only necessary close a major release/transition from alpha to stable, or if there are major packing changes these developers need to be aware of - - [ ] flathub package maintainer: proletarius101(a)protonmail.com - - [ ] arch package maintainer: bootctl(a)gmail.com - - [ ] nixOS package maintainer: dev(a)felschr.com + - **Recipients** + - flathub package maintainer: proletarius101(a)protonmail.com + - arch package maintainer: bootctl(a)gmail.com + - nixOS package maintainer: dev(a)felschr.com + ``` + proletarius101(a)protonmail.com bootctl(a)gmail.com dev(a)felschr.com + ``` - **Subject** ``` - Mullvad Browser $(MULLVAD_BROWSER_VERSION) released + Mullvad Browser ${MULLVAD_BROWSER_VERSION} released ``` - **Body** ``` @@ -208,4 +249,3 @@ These steps depend on Mullvad having updated their [GitHub Releases](https://git /label ~"Release Prep" /label ~"Sponsor 131" - ===================================== .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md ===================================== @@ -1,83 +1,96 @@ +# Release Prep Mullvad Browser Stable + +- **NOTE** It is assumed the `mullvad-browser` release rebase and security backport tasks have been completed +- **NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue + <details> <summary>Explanation of variables</summary> -- `$(BUILD_SERVER)` : the server the main builder is using to build a mullvad-browser release -- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER) - - **example** : `pierov` -- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building mullvad-browser tags, labels, etc - - **example** : `91.6.0` -- `$(MULLVAD_BROWSER_MAJOR)` : the Mullvad Browser major version - - **example** : `11` -- `$(MULLVAD_BROWSER_MINOR)` : the Mullvad Browser minor version - - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` -- `$(MULLVAD_BROWSER_VERSION)` : the Mullvad Browser version in the format - - **example** : `12.5a3`, `12.0.3` -- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(MULLVAD_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build. - - **example** : `build1` -- `$(MULLVAD_BROWSER_BUILD_N)` : the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits - - **example** : `build2` - - **NOTE** : A project's `$(BUILD_N)` and `$(MULLVAD_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For **example** : - - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(MULLVAD_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(MULLVAD_BROWSER_VERSION)` will increase) - - if we have build failures unrelated to `mullvad-browser`, the `$(MULLVAD_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same. -- `$(MULLVAD_BROWSER_VERSION)` : the published Mullvad Browser version - - **example** : `11.5a6`, `11.0.7` -- `$(MB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Mullvad Browser version - - **example** : `mb-12.0.7-build1` +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${MULLVAD_BROWSER_MAJOR}`: the Mullvad Browser major version + - **example**: `11` +- `${MULLVAD_BROWSER_MINOR}`: the Mullvad Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${MULLVAD_BROWSER_VERSION}`: the Mullvad Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${MULLVAD_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${MULLVAD_BROWSER_BUILD_N}`: the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${MULLVAD_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For **example** : + - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${MULLVAD_BROWSER_BUILD_N}` value may stay at `build1` (but the `${MULLVAD_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `mullvad-browser`, the `${MULLVAD_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${MULLVAD_BROWSER_VERSION}`: the published Mullvad Browser version + - **example**: `11.5a6`, `11.0.7` +- `${MB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Mullvad Browser version + - **example**: `mb-12.0.7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` + </details> -**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed +<details> + <summary>Build Configuration</summary> -**NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue +### mullvad-browser: https://gitlab.torproject.org/tpo/applications/mullvad-browser.git -<details> - <summary>Building</summary> +- [ ] Tag `mullvad-browser` commit: + - **example**: `mullvad-browser-128.3.0esr-14.0-1-build1` ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git -Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MULLVAD_BROWSER_MINOR)` (and possibly more specific) branches - -- [ ] Update `rbm.conf` - - [ ] `var/torbrowser_version` : update to next version - - [ ] `var/torbrowser_build` : update to `$(MULLVAD_BROWSER_BUILD_N)` - - [ ] `var/browser_release_date` : update to build date. For the build to be reproducible, the date should be in the past when building. - - [ ] `var/torbrowser_incremental_from` : update to previous Desktop version - - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update - - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail -- [ ] Update build configs - - [ ] Update `projects/firefox/config` - - [ ] `browser_build` : update to match `mullvad-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased - - [ ] Update `projects/translation/config`: - - [ ] run `make list_translation_updates-release` to get updated hashes - - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch - - [ ] `steps/mullvad-browser/git_hash` : update with `HEAD` commit of project's `mullvad-browser` branch -- [ ] Update common build configs - - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript - - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for uBlock-origin updates here : https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ - - [ ] ***(Optional)*** If new version available, update `ublock-origin` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for Mullvad Browser Extension updates here : https://github.com/mullvad/browser-extension/releases - - [ ] ***(Optional)*** If new version available, update `mullvad-extension` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` -- [ ] Update `ChangeLog-MB.txt` - - [ ] Ensure `ChangeLog-MB.txt` is sync'd between alpha and stable branches - - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones - - [ ] Run `./tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs` - - Make sure you have `requests` installed (e.g., `apt install python3-requests`) - - The first time you run this script you will need to generate an access token; the script will guide you - - `$updateArgs` should be these arguments, depending on what you actually updated: - - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case) - - [ ] `--no-script` - - [ ] `--ublock` - - E.g., `./tools/fetch-changelogs.py 41029 --date 'December 19 2023' --firefox 115.6.0esr --no-script 11.4.29 --ublock 1.54.0` - - `--date $date` is optional, if omitted it will be the date on which you run the command - - [ ] Copy the output of the script to the beginning of `ChangeLog-MB.txt` and adjust its output +Mullvad Browser Stable is on the `maint-${MULLVAD_BROWSER_MAJOR}.${MULLVAD_BROWSER_MINOR}` branch + +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `mullvad-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the current `maint-XX.Y` branch +- [ ] Run release preparation script: + - **NOTE**: You can omit the `--mullvad-browser` argument if this is for a joint Tor and Mullvad Browser release + - **⚠️ WARNING**: You may need to manually update the `firefox/config` file's `browser_build` field if `mullvad-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) + ```bash + ./tools/relprep.py --mullvad-browser --date ${RELEASE_DATE} ${MULLVAD_BROWSER_VERSION} + ``` +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${MULLVAD_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox` tag, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrowser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail + - [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `mullvad-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/mullvad-browser/git_hash`: updated with `HEAD` commit of project's `mullvad-browser` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] uBlock-origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] Mullvad Browser extension: https://github.com/mullvad/browser-extension/releases + - [ ] `URL` updated + - [ ] `sha256sum` updated + - [ ] `ChangeLog-MB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct - [ ] Open MR with above changes, using the template for release preparations + - **NOTE**: target the `maint-14.0` branch - [ ] Merge - [ ] Sign+Tag - **NOTE** this must be done by one of: @@ -86,16 +99,25 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU - ma1 - morgan - pierov - - [ ] Run: `make mullvadbrowser-signtag-release` + - [ ] Run: + ```bash + make mullvadbrowser-signtag-release + ``` - [ ] Push tag to `upstream` - [ ] Build the tag: - - Run `make mullvadbrowser-release && make mullvadbrowser-incrementals-release` + - [ ] Run: + ```bash + make mullvadbrowser-release && make mullvadbrowser-incrementals-release + ``` - [ ] Tor Project build machine - [ ] Local developer machine - [ ] Submit build request to Mullvad infrastructure: - **NOTE** this requires a devmole authentication token - - Run `make mullvadbrowser-kick-devmole-build` -- [ ] Ensure builders have matching builds + - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit + - [ ] Run: + ```bash + make mullvadbrowser-kick-devmole-build + ``` </details> @@ -105,64 +127,84 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU ### release signing - [ ] Assign this issue to the signer, one of: - boklm + - ma1 - morgan -- [ ] On `$(STAGING_SERVER)`, ensure updated: - - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N) && git checkout tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N)` - - [ ] `tor-browser-build/tools/signing/set-config.hosts` - - `ssh_host_builder` : ssh hostname of machine with unsigned builds - - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory) - - `ssh_host_linux_signer` : ssh hostname of linux signing machine + - pierov +- [ ] Ensure all builders have matching builds +- [ ] On `${STAGING_SERVER}`, ensure updated: + - **NOTE** Having a local git branch with `maint-14.0` as the upstream branch with these values saved means you only need to periodically `git pull --rebase` and update the `set-config.tbb-version` file + - [ ] `tor-browser-build` is on the right commit: `git tag -v mb-${MULLVAD_BROWSER_VERSION}-${MULLVAD_BROWSER_BUILD_N} && git checkout mb-${MULLVAD_BROWSER_VERSION}-${MULLVAD_BROWSER_BUILD_N}` + - [ ] `tor-browser-build/tools/signing/set-config.hosts` + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` - - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos - [ ] `set-config.update-responses` - - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git` + - `update_responses_repository_dir`: directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git` - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` - - `tbb_version` : mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) - - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) - - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script: - - `cd tor-browser-build/tools/signing/` - - `./do-all-signing.mullvadbrowser` -- **NOTE**: at this point the signed binaries should have been copied to `staticiforme` -- [ ] Update `staticiforme.torproject.org`: - - From `screen` session on `staticiforme.torproject.org`: - - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser` - - [ ] Static update components (again) : `static-update-component dist.torproject.org` + - `tbb_version`: mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ```bash + cd tor-browser-build/tools/signing/ && ./do-all-signing.mullvadbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed </details> <details> <summary>Publishing</summary> +### website +- [ ] On `staticiforme.torproject.org`, remove old release and publish new: + - [ ] `/srv/dist-master.torproject.org/htdocs/mullvadbrowser` + - [ ] Run: + ```bash + static-update-component dist.torproject.org + ``` + ### mullvad-browser (GitHub): https://github.com/mullvad/mullvad-browser/ - [ ] Assign this issue to someone with mullvad commit access, one of: - boklm - ma1 - morgan - pierov +- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build: + - **Tag**: `${MULLVAD_BROWSER_VERSION}` + - **example**: `12.5a7` + - **Message**: `${ESR_VERSION}esr-based ${MULLVAD_BROWSER_VERSION}` + - **example**: `102.12.0esr-based 12.5a7` - [ ] Push this release's associated `mullvad-browser.git` branch to github - [ ] Push this release's associated tags to github: - [ ] Firefox ESR tag - - **example** : `FIREFOX_102_12_0esr_BUILD1` + - **example**: `FIREFOX_102_12_0esr_BUILD1` - [ ] `base-browser` tag - - **example** : `base-browser-102.12.0esr-12.0-1-build1` - - [ ] `mullvad-browser` tag - - **example** : `mullvad-browser-102.12.0esr-12.0-1-build1` -- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build: - - **Tag**: `$(MULLVAD_BROWSER_VERSION)` - - **example** : `12.0.7` - - **Message**: `$(ESR_VERSION)esr-based $(MULLVAD_BROWSER_VERSION)` - - **example** : `102.12.0esr-based 12.0.7` - - [ ] Push tag to github - -### email -- [ ] **(Once branch+tags pushed to GitHub)** Email Mullvad with release information: - - [ ] support alias: support(a)mullvadvpn.net - - [ ] Rui: rui(a)mullvad.net + - **example**: `base-browser-102.12.0esr-12.0-1-build1` + - [ ] `mullvad-browser` build tag + - **example**: `mullvad-browser-102.12.0esr-12.0-1-build1` + - [ ] `mullvad-browser` release tag + - **example**: `12.0.11` + +</details> + +<details> + <summary>Communications</summary> + +### Mullvad +- [ ] Email Mullvad with release information: + - **Recipients** + - Mullvad support alias: support(a)mullvadvpn.net + - Rui Hildt: rui(a)mullvad.net + ``` + support(a)mullvadvpn.net rui(a)mullvad.net + ``` - **Subject** ``` - New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed) + New build: Mullvad Browser ${MULLVAD_BROWSER_VERION} (signed) ``` - **Body** ``` @@ -170,27 +212,26 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU Branch+Tags have been pushed to Mullvad's GitHub repo. - - signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION) - - update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH) + - signed builds: https://dist.torproject.org/mullvadbrowser/${MULLVAD_BROWSER_VERSION} + - update_response hashes: ${MULLVAD_UPDATE_RESPONSES_HASH} changelog: + # paste changelog as quote here ... ``` -</details> - -<details> - <summary>Downstream</summary> - -### notify packagers -These steps depend on Mullvad having updated their [GitHub Releases](https://github.com/mullvad/mullvad-browser/releases/) page with the latest release -- [ ] Email downstream consumers: - - [ ] flathub package maintainer: proletarius101(a)protonmail.com - - [ ] arch package maintainer: bootctl(a)gmail.com - - [ ] nixOS package maintainer: dev(a)felschr.com +### packagers +- [ ] **(Once Packages are pushed to GitHub)** + - **Recipients** + - flathub package maintainer: proletarius101(a)protonmail.com + - arch package maintainer: bootctl(a)gmail.com + - nixOS package maintainer: dev(a)felschr.com + ``` + proletarius101(a)protonmail.com bootctl(a)gmail.com dev(a)felschr.com + ``` - **Subject** ``` - Mullvad Browser $(MULLVAD_BROWSER_VERSION) released + Mullvad Browser ${MULLVAD_BROWSER_VERSION} released ``` - **Body** ``` @@ -204,11 +245,12 @@ These steps depend on Mullvad having updated their [GitHub Releases](https://git ``` ### merge requests -- [ ] homebrew: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/m/mullvad-brows… - - **NOTE**: should just need to update `version` and `sha256` to latest +- [ ] **(Once Packages are pushed to GitHub)** + - [ ] homebrew: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/m/mullvad-brows… + - **NOTE**: a bot seems to pick this up without needing our intervention these days + - **NOTE**: should just need to update `version` and `sha256` to latest </details> /label ~"Release Prep" -/label ~"Sponsor 131" - +/label ~"Sponsor 131" ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md ===================================== @@ -1,112 +1,120 @@ +# Release Prep Tor Browser Alpha + +- **NOTE** It is assumed the `tor-browser` alpha rebase and security backport tasks have been completed +- **NOTE** This can/is often done in conjunction with the equivalent Mullvad Browser release prep issue + <details> <summary>Explanation of variables</summary> -- `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release -- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER) - - **example** : `pierov` -- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc - - **example** : `91.6.0` -- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version - - **example** : `11` -- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version - - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` -- `$(TOR_BROWSER_VERSION)` : the Tor Browser version in the format - - **example** : `12.5a3`, `12.0.3` -- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(TOR_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build. - - **example** : `build1` -- `$(TOR_BROWSER_BUILD_N)` : the tor-browser build revision for a given Tor Browser release; used in tagging git commits - - **example** : `build2` - - **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example : - - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase) - - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same. -- `$(TOR_BROWSER_VERSION)` : the published Tor Browser version - - **example** : `11.5a6`, `11.0.7` -- `$(TBB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Tor Browser version - - **example** : `tbb-12.5a7-build1` -</details> +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${TOR_BROWSER_MAJOR}`: the Tor Browser major version + - **example**: `11` +- `${TOR_BROWSER_MINOR}`: the Tor Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${TOR_BROWSER_VERSION}`: the Tor Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${TOR_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${TOR_BROWSER_BUILD_N}`: the tor-browser build revision for a given Tor Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${TOR_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For example : + - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${TOR_BROWSER_BUILD_N}` value may stay at `build1` (but the `${TOR_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `tor-browser`, the `${TOR_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${TOR_BROWSER_VERSION}`: the published Tor Browser version + - **example**: `11.5a6`, `11.0.7` +- `${TBB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Tor Browser version + - **example**: `tbb-12.5a7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` -**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed -**NOTE** This can/is often done in conjunction with the equivalent Mullvad Browser release prep issue +</details> <details> - <summary>Building</summary> + <summary>Build Configuration</summary> + +### tor-browser: https://gitlab.torproject.org/tpo/applications/tor-browser.git + +- [ ] Tag `tor-browser` in tor-browser.git + - **example**: `tor-browser-128.4.0esr-14.5-1-build1` ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git Tor Browser Alpha (and Nightly) are on the `main` branch -- [ ] Update `rbm.conf` - - [ ] `var/torbrowser_version` : update to next version - - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)` - - [ ] `var/browser_release_date` : update to build date. For the build to be reproducible, the date should be in the past when building. - - [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from` : update to previous Desktop version - - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update - - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail -- [ ] Update Desktop-specific build configs - - [ ] Update `projects/firefox/config` - - [ ] `browser_build` : update to match `tor-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased -- [ ] Update Android-specific build configs - - [ ] Update `projects/geckoview/config` - - [ ] `browser_build` : update to match `tor-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased - - [ ] ***(Optional)*** Update `projects/application-services/config`: - **NOTE** we don't currently have any of our own patches for this project - - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)` -- [ ] Update `projects/translation/config`: - - [ ] run `make list_translation_updates-alpha` to get updated hashes - - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch - - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch - - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch -- [ ] Update common build configs - - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript - - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for OpenSSL updates here : https://www.openssl.org/source/ - - [ ] ***(Optional)*** If new 3.0.X version available, update `projects/openssl/config` - - [ ] `version` : update to next 3.0.X version - - [ ] `input_files/sha256sum` : update to sha256 sum of source tarball - - [ ] Check for zlib updates here: https://github.com/madler/zlib/releases - - [ ] **(Optional)** If new tag available, update `projects/zlib/config` - - [ ] `version` : update to next release tag - - [ ] Check for Zstandard updates here: https://github.com/facebook/zstd/releases - - [ ] **(Optional)** If new tag available, update `projects/zstd/config` - - [ ] `version` : update to next release tag - - [ ] `git_hash`: update to the commit corresponding to the tag (we don't check signatures for Zstandard) - - [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags - - [ ] ***(Optional)*** Update `projects/tor/config` - - [ ] `version` : update to latest `-alpha` tag or release tag if newer (ping dgoulet or ahf if unsure) - - [ ] Check for go updates here : https://go.dev/dl - - **NOTE** : In general, Tor Browser Alpha uses the latest Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities. - - [ ] ***(Optional)*** Update `projects/go/config` - - [ ] `version` : update go version - - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page) - - [ ] Check for manual updates by running (from `tor-browser-build` root): `./tools/update_manual.py` - - [ ] ***(Optional)*** If new version is available: - - [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to `tb-build-02.torproject.org` - - The script will tell if it's necessary to - - [ ] Deploy to `tb-builder`'s `public_html` directory: - - `sudo -u tb-builder cp manual_$PIPELINEID.zip ~tb-builder/public_html/.` - - [ ] Add `projects/manual/config` to the stage area if the script updated it. -- [ ] Update `ChangeLog-TBB.txt` - - [ ] Ensure `ChangeLog-TBB.txt` is sync'd between alpha and stable branches - - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones - - [ ] Run `./tools/fetch_changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs` - - Make sure you have `requests` installed (e.g., `apt install python3-requests`) - - The first time you run this script you will need to generate an access token; the script will guide you - - `$updateArgs` should be these arguments, depending on what you actually updated: - - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case) - - [ ] `--tor` - - [ ] `--no-script` - - [ ] `--openssl` - - [ ] `--zlib` - - [ ] `--zstd` - - [ ] `--go` - - E.g., `./tools/fetch_changelogs.py 41028 --date 'December 19 2023' --firefox 115.6.0esr --tor 0.4.8.10 --no-script 11.4.29 --zlib 1.3 --go 1.21.5 --openssl 3.0.12` - - `--date $date` is optional, if omitted it will be the date on which you run the command - - [ ] Copy the output of the script to the beginning of `ChangeLog-TBB.txt` and adjust its output +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Android, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the `main` branch +- [ ] Run release preparation script: + - **NOTE**: You can omit the `--tor-browser` argument if this is for a jointt Tor and Mullvad Browser release + - **⚠️ WARNING**: You may need to manually update the `firefox/config` and `geckoview/config` files' `browser_build` field if `tor-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) + ```bash + ./tools/relprep.py --tor-browser --date ${RELEASE_DATE} ${TOR_BROWSER_VERSION} + ``` +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${TOR_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox` or `geckoview` tags, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrwoser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail + - [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] `projects/geckoview/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/tor-browser/git_hash`: updated with `HEAD` commit of project's `tor-browser` branch + - [ ] `steps/fenix/git_hash`: updated with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] ***(Optional)*** `projects/openssl/config`: https://www.openssl.org/source/ + - **NOTE**: Only if new LTS version (3.0.X currrently) available + - [ ] `version`: updated to next LTS version + - [ ] `input_files/sha256sum`: updated to sha256 sum of source tarball + - [ ] **(Optional)** `projects/zlib/config`: https://github.com/madler/zlib/releases + - **NOTE**: Only if new tag available + - [ ] `version`: updated to next release tag + - [ ] **(Optional)** `projects/zstd/config`: https://github.com/facebook/zstd/releases + - **NOTE**: Only if new tag available; Android-only for now + - [ ] `version`: updated to next release tag + - [ ] `git_hash`: updated to the commit corresponding to the tag (we don't check signatures for Zstandard) + - [ ] **(Optional)** `projects/tor/config` https://gitlab.torproject.org/tpo/core/tor/-/tags + - [ ] `version`: updated to latest `-alpha` tag or release tag if newer (ping **dgoulet** or **ahf** if unsure) + - [ ] **(Optional)** `projects/go/config` https://go.dev/dl + - **NOTE**: In general, Tor Browser Alpha uses the latest Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities. + - [ ] `version`: updated go version + - [ ] `input_files/sha256sum` for `go`: update sha256sum of archive (sha256 sums are displayed on the go download page) + - [ ] **(Optional)** `projects/manual/config` + - [ ] `version`: updated to latest pipeline id + - [ ] `input_files/shasum` for `manual`: updated to manual hash + - [ ] Upload the downloaded `manual_${PIPELINEID}.zip` file to `tb-build-02.torproject.org` + - [ ] Deploy to `tb-builder`'s `public_html` directory: + - [ ] Run: + ```bash + sudo -u tb-builder cp manual_${PIPELINEID}.zip ~tb-builder/public_html/. + ``` + - `sudo` documentation for TPO machines: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts#changingres… + - [ ] `ChangeLog-TBB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates on a desktop-only release and vice-versa + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct - [ ] Open MR with above changes, using the template for release preparations + - **NOTE**: target the `main` branch - [ ] Merge - [ ] Sign+Tag - **NOTE** this must be done by one of: @@ -115,55 +123,53 @@ Tor Browser Alpha (and Nightly) are on the `main` branch - ma1 - morgan - pierov - - [ ] Run: `make torbrowser-signtag-alpha` + - [ ] Run: + ```bash + make torbrowser-signtag-alpha + ``` - [ ] Push tag to `upstream` - [ ] Build the tag: - - Run `make torbrowser-alpha && make torbrowser-incrementals-alpha` + - [ ] Run: + ```bash + make torbrowser-alpha && make torbrowser-incrementals-alpha + ``` - [ ] Tor Project build machine - [ ] Local developer machine - [ ] Submit build request to Mullvad infrastructure: - **NOTE** this requires a devmole authentication token - - Run `make torbrowser-kick-devmole-build` -- [ ] Ensure builders have matching builds + - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit + - [ ] Run: + ```bash + make torbrowser-kick-devmole-build + ``` </details> <details> - <summary>Communications</summary> - -### notify stakeholders -- [ ] **(Once builds confirmed matching)** Email tor-qa mailing list with release information - - [ ] tor-qa: tor-qa(a)lists.torproject.org - - **Subject** - ``` - Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux) - ``` - - **Body** - ``` - Hello, - - Unsigned Tor Browser $(TOR_BROWSER_VERSION) alpha candidate builds are now available for testing: - - - https://tb-build-02.torproject.org/~$(BUILDER)/builds/torbrowser/alpha/unsi… - - The full changelog can be found here: - - - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/$(TB… - ``` -- [ ] ***(Optional, only around build/packaging changes)*** Email packagers: - - [ ] Tails dev mailing list: tails-dev(a)boum.org - - [ ] Guardian Project: nathan(a)guardianproject.info - - [ ] FreeBSD port: freebsd(a)sysctl.cz  - - [ ] OpenBSD port: caspar(a)schutijser.com  - - [ ] Anti-Censorship: meskio(a)torproject.org - - [ ] Note any changes which may affect packaging/downstream integration -- [ ] ***(Optional, only after internal API-breaking changes)*** Email downstream project maintainers: - - [ ] selenium-tor: matzfan(a)tempr.email  -- [ ] ***(Optional, after ESR migration)*** Email external partners: - - [ ] Cloudflare: ask-research(a)cloudflare.com - - **NOTE** : We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs - - [ ] Startpage: admin(a)startpage.com - - **NOTE** : Startpage also needs the updated user-agent string for better experience on their onion service sites. + <summary>Website</summary> + + ### downloads: https://gitlab.torproject.org/tpo/web/tpo.git + - [ ] `databags/versions.ini`: Update the downloads versions + - `torbrowser-stable/version`: catch-all for latest stable version + - `torbrowser-alpha/version`: catch-all for latest alpha version + - `torbrowser-legacy/version`: catch-all for latest ESR-115 version + - `torbrowser-*-stable/version`: platform-specific stable versions + - `torbrowser-*-alpha/version`: platform-specific alpha versions + - `torbrowser-*-legacy/version`: platform-specific legacy versions + - [ ] Push to origin as new branch and create MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! + + ### blog: https://gitlab.torproject.org/tpo/web/blog.git + - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory) + - [ ] Note any ESR update + - [ ] Thank any users which have contributed patches + - [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc + - [ ] Push to origin as new branch and open MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! </details> @@ -171,38 +177,34 @@ Tor Browser Alpha (and Nightly) are on the `main` branch <summary>Signing</summary> ### release signing -- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long - [ ] Assign this issue to the signer, one of: - boklm + - ma1 - morgan -- [ ] On `$(STAGING_SERVER)`, ensure updated: - - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)` + - pierov +- [ ] Ensure all builders have matching builds +- [ ] On `${STAGING_SERVER}`, ensure updated: + - **NOTE** Having a local git branch with `main` as the upstream branch with these values saved means you only need to periodically `git pull --rebase` and update the `set-config.tbb-version` file + - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N} && git checkout tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N}` - [ ] `tor-browser-build/tools/signing/set-config.hosts` - - `ssh_host_builder` : ssh hostname of machine with unsigned builds - - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory) - - `ssh_host_linux_signer` : ssh hostname of linux signing machine + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` - - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos - [ ] `set-config.update-responses` - - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git` + - `update_responses_repository_dir`: directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git` - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` - - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) - - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) - - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script: - - `cd tor-browser-build/tools/signing/` - - `./do-all-signing.torbrowser` -- **NOTE**: at this point the signed binaries should have been copied to `staticiforme` -- [ ] Update `staticiforme.torproject.org`: - - From `screen` session on `staticiforme.torproject.org`: - - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` - - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-alpha.sh` - - [ ] Remove old release data from following places: - - **NOTE** : Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) - - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` - - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` - - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` + - `tbb_version`: tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ```bash + cd tor-browser-build/tools/signing/ && ./do-all-signing.torbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed </details> @@ -242,6 +244,28 @@ popd <details> <summary>Publishing</summary> +### website +- [ ] On `staticiforme.torproject.org`, static update components: + - [ ] Run: + ```bash + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` +- [ ] Deploy `tor-website` MR +- [ ] Deploy `tor-blog` MR +- [ ] On `staticiforme.torproject.org`, enable update responses: + - [ ] Run: + ```bash + sudo -u tb-release ./deploy_update_responses-alpha.sh + ``` +- [ ] On `staticiforme.torproject.org`, remove old release: + - **NOTE**: Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) + - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` + - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` + - [ ] Run: + ```bash + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` + ### Google Play: https://play.google.com/apps/publish - [ ] Publish APKs to Google Play: - Select `Tor Browser (Alpha)` app @@ -256,46 +280,70 @@ popd - [ ] 100% rollout when publishing a security-driven release - [ ] Update rollout percentage to 100% after confirmed no major issues -### website: https://gitlab.torproject.org/tpo/web/tpo.git -- [ ] `databags/versions.ini` : Update the downloads versions - - `torbrowser-stable/version` : sort of a catch-all for latest stable version - - `torbrowser-alpha/version` : sort of a catch-all for latest stable version - - `torbrowser-*-stable/version` : platform-specific stable versions - - `torbrowser-*-alpha/version` : platform-specific alpha versions - - `tor-stable`,`tor-alpha` : set by tor devs, do not touch -- [ ] Push to origin as new branch, open 'Draft :' MR -- [ ] Remove `Draft:` from MR once signed-packages are accessible on https://dist.torproject.org -- [ ] Merge -- [ ] Publish after CI passes and builds are published - -### blog: https://gitlab.torproject.org/tpo/web/blog.git -- [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory) - - [ ] Note any ESR update - - [ ] Note any updates to dependencies (OpenSSL, zlib, NoScript, tor, etc) - - [ ] Thank any users which have contributed patches - - [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc -- [ ] Push to origin as new branch, open `Draft:` MR -- [ ] Merge once signed-packages are accessible on https://dist.torproject.org -- [ ] Publish after CI passes and website has been updated +</details> + +<details> + <summary>Communications</summary> ### tor-announce mailing list -- [ ] Email tor-announce mailing list: tor-announce(a)lists.torproject.org +- [ ] Email tor-announce mailing list + - **Recipients** + ``` + tor-announce(a)lists.torproject.org + ``` - **Subject** ``` - New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux) + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Android, Windows, macOS, Linux) ``` - **Body** ``` Hi everyone, - Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post: - - $(BLOG_POST_URL) + Tor Browser ${TOR_BROWSER_VERSION} has now been published for all platforms. For details please see our blog post: + - ${BLOG_POST_URL} Changelog: - # paste changleog as quote here + # paste changelog as quote here ``` +### packagers +- [ ] ***(Optional, only around build/packaging changes)*** Email packagers: + - **Recipients** + - Tails dev mailing list: tails-dev(a)boum.org + - Guardian Project: nathan(a)guardianproject.info + - FreeBSD port: freebsd(a)sysctl.cz  + - OpenBSD port: caspar(a)schutijser.com  + - torbrowser-launcher: mail(a)asciiwolf.com  + - Anti-Censorship: meskio(a)torproject.org  + ``` + tails-dev(a)boum.org nathan(a)guardianproject.info freebsd(a)sysctl.cz caspar(a)schutijser.com mail(a)asciiwolf.com meskio(a)torproject.org + ``` + - **Subject** + ``` + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Android, Windows, macOS, Linux) + ``` + - [ ] Note any changes which may affect packaging/downstream integration + +### downstream projects +- [ ] ***(Optional, only after internal API-breaking changes)*** Email downstream project maintainers: + - **Recipients** + - selenium-tor: matzfan(a)tempr.email  + ``` + matzfan(a)tempr.email + ``` + - **Subject** + ``` + Breaking Changes in Tor Browser ${TOR_BROWSER_VERSION} + ``` + - [ ] Note any internal API changes which may affect browser automation + +### upstream services +- [ ] ***(Optional, after ESR migration)*** Email external partners: + - [ ] Cloudflare: ask-research(a)cloudflare.com + - **NOTE**: We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs + - [ ] Startpage: admin(a)startpage.com + - **NOTE**: Startpage also needs the updated user-agent string for better experience on their onion service sites. + </details> /label ~"Release Prep" - ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md ===================================== @@ -0,0 +1,320 @@ +# Release Prep Tor Browser Legacy + +- **NOTE** It is assumed the `tor-browser` release rebase and security backport tasks have been completed + +<details> + <summary>Explanation of variables</summary> + +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${TOR_BROWSER_MAJOR}`: the Tor Browser major version + - **example**: `11` +- `${TOR_BROWSER_MINOR}`: the Tor Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${TOR_BROWSER_VERSION}`: the Tor Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${TOR_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${TOR_BROWSER_BUILD_N}`: the tor-browser build revision for a given Tor Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${TOR_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For example : + - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${TOR_BROWSER_BUILD_N}` value may stay at `build1` (but the `${TOR_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `tor-browser`, the `${TOR_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${TOR_BROWSER_VERSION}`: the published Tor Browser version + - **example**: `11.5a6`, `11.0.7` +- `${TBB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Tor Browser version + - **example**: `tbb-12.5a7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` + +</details> + +<details> + <summary>Build Configuration</summary> + +### tor-browser: https://gitlab.torproject.org/tpo/applications/tor-browser.git + +- [ ] Tag `tor-browser` in tor-browser.git + - **example**: `tor-browser-115.17.0esr-13.5-1-build1` + +### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git +Tor Browser Legacy is on the `maint-13.5` branch + +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the `maint-13.5` branch +- [ ] Run release preparation script: + - **⚠️ WARNING**: You may need to manually update the `firefox/config` file's `browser_build` field if `tor-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) + ```bash + ./tools/relprep.py --tor-browser --date ${RELEASE_DATE} ${TOR_BROWSER_VERSION} + ``` +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${TOR_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox`, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrwoser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail + - [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/tor-browser/git_hash`: updated with `HEAD` commit of project's `tor-browser` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] ***(Optional)*** `projects/openssl/config`: https://www.openssl.org/source/ + - **NOTE**: Only if new LTS version (3.0.X currrently) available + - [ ] `version`: updated to next LTS version + - [ ] `input_files/sha256sum`: updated to sha256 sum of source tarball + - [ ] **(Optional)** `projects/zlib/config`: https://github.com/madler/zlib/releases + - **NOTE**: Only if new tag available + - [ ] `version`: updated to next release tag + - [ ] **(Optional)** `projects/zstd/config`: https://github.com/facebook/zstd/releases + - **NOTE**: Only if new tag available + - [ ] `version`: updated to next release tag + - [ ] `git_hash`: updated to the commit corresponding to the tag (we don't check signatures for Zstandard) + - [ ] **(Optional)** `projects/tor/config` https://gitlab.torproject.org/tpo/core/tor/-/tags + - [ ] `version`: updated to latest non `-alpha` tag or release tag if newer (ping **dgoulet** or **ahf** if unsure) + - [ ] **(Optional)** `projects/go/config` https://go.dev/dl + - [ ] `go_1_22`: updated to latest 1.22 version + - [ ] `input_files/sha256sum` for `go`: update sha256sum of archive (sha256 sums are displayed on the go download page) + - [ ] **(Optional)** `projects/manual/config` + - [ ] `version`: updated to latest pipeline id + - [ ] `input_files/shasum` for `manual`: updated to manual hash + - [ ] Upload the downloaded `manual_${PIPELINEID}.zip` file to `tb-build-02.torproject.org` + - [ ] Deploy to `tb-builder`'s `public_html` directory: + - [ ] Run: + ```bash + sudo -u tb-builder cp manual_${PIPELINEID}.zip ~tb-builder/public_html/. + ``` + - `sudo` documentation for TPO machines: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts#changingres… + - [ ] `ChangeLog-TBB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct +- [ ] Open MR with above changes, using the template for release preparations + - **NOTE**: target the `maint-13.5` branch +- [ ] Merge +- [ ] Sign+Tag + - **NOTE** this must be done by one of: + - boklm + - dan + - ma1 + - morgan + - pierov + - [ ] Run: + ```bash + make torbrowser-signtag-release + ``` + - [ ] Push tag to `upstream` +- [ ] Build the tag: + - [ ] Run: + ```bash + make torbrowser-release && make torbrowser-incrementals-release + ``` + - [ ] Tor Project build machine + - [ ] Local developer machine + - [ ] Submit build request to Mullvad infrastructure: + - **NOTE** this requires a devmole authentication token + - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit + - [ ] Run: + ```bash + make torbrowser-kick-devmole-build + ``` + +</details> + +<details> + <summary>Website</summary> + + ### downloads: https://gitlab.torproject.org/tpo/web/tpo.git + - [ ] `databags/versions.ini`: Update the downloads versions + - `torbrowser-stable/version`: catch-all for latest stable version + - `torbrowser-alpha/version`: catch-all for latest alpha version + - `torbrowser-legacy/version`: catch-all for latest ESR-115 version + - `torbrowser-*-stable/version`: platform-specific stable versions + - `torbrowser-*-alpha/version`: platform-specific alpha versions + - `torbrowser-*-legacy/version`: platform-specific legacy versions + - `tor-stable`,`tor-alpha`: set by tor devs, do not touch + - [ ] Push to origin as new branch and create MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! + +</details> + +<details> + <summary>Signing</summary> + +### release signing +- [ ] Assign this issue to the signer, one of: + - boklm + - ma1 + - morgan + - pierov +- [ ] Ensure all builders have matching builds +- [ ] On `${STAGING_SERVER}`, ensure updated: + - **NOTE** Having a local git branch with `maint-13.5` as the upstream branch with these values saved means you only need to periodically `git pull --rebase` and update the `set-config.tbb-version` file + - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N} && git checkout tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N}` + - [ ] `tor-browser-build/tools/signing/set-config.hosts` + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds + - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos + - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` + - `tbb_version`: tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ```bash + cd tor-browser-build/tools/signing/ && ./do-all-signing.torbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed + +</details> + +<details> + <summary>Signature verification</summary> + + <details> + <summary>Check whether the .exe files got properly signed and timestamped</summary> + +```bash +# Point OSSLSIGNCODE to your osslsigncode binary +pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION +OSSLSIGNCODE=/path/to/osslsigncode +../../../tools/authenticode_check.sh +popd +``` + + </details> + <details> + <summary>Check whether the MAR files got properly signed</summary> + +```bash +# Point NSSDB to your nssdb containing the mar signing certificate +# Point SIGNMAR to your signmar binary +# Point LD_LIBRARY_PATH to your mar-tools directory +pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION +NSSDB=/path/to/nssdb +SIGNMAR=/path/to/mar-tools/signmar +LD_LIBRARY_PATH=/path/to/mar-tools/ +../../../tools/marsigning_check.sh +popd +``` + + </details> +</details> + +<details> + <summary>Publishing</summary> + +### website +- [ ] On `staticiforme.torproject.org`, static update components: + - [ ] Run: + ```bash + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` +- [ ] Deploy `tor-website` MR +- [ ] On `staticiforme.torproject.org`, remove old release: + - **NOTE**: Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) + - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` + - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` + - [ ] Run: + ```bash + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` +- [ ] **(Optional)** Generate and deploy new update responses + - **NOTE**: This is only required if there will be no corresponding 14.0 release (i.e. this is an emergency legacy-only 13.5 release). Normally, legacy update responses are generated and deployed as part of the 14.0 release. + - **⚠️ WARNING**: This is a little bit off the beaten track, ping boklm or morgan if you have any doubts + - From the `maint-14.0` branch: + - [ ] Update `rbm.conf` + - [ ] `var/torbrowser_legacy_version`: update to `${TOR_BROWSER_VERSION}` + - **NOTE** this is the browser version for the legacy branch, not the 14.0 branch + - [ ] `var/torbrowser_legacy_platform_version`: update to `${ESR_VERSION}` + - **NOTE** this is ESR version for the legacy branch, not the 14.0 branch + - [ ] Generate update responses: + - [ ] Run: + ```bash + make torbrowser-update_responses-release + ``` + - On `staticiforme.torproject.org`, deploy new update responses: + - **NOTE**: for now this is a bit janky, we should somehow update the workflow to be a bit less hacky + - [ ] Edit an existing `deploy_update_responses-release.sh` script in your `HOME` directory with the newly pushed commit hash + - **example**: (hash: `d938943`) + ```bash + #!/bin/bash + set -e + + echo "Deploying version 14.0" + echo "update_responses_commit: d938943" + + cd "/srv/aus1-master.torproject.org/htdocs/torbrowser" + git fetch + changed_files="$(git diff --name-only HEAD d938943)" + if echo "$changed_files" | grep -qv "release" + then + echo >&2 "Error: checking out new update_response_commit will changes" + echo >&2 "some files outside of the release directory:" + echo "$changed_files" | grep -v "release" >&2 + echo >&2 "--" + echo >&2 "If this is really what you want to do, edit this script to" + echo >&2 "remove the line 'exit 1' and run it again." + echo >&2 "See tor-browser-build#41168 for more details." + exit 1 + fi + git checkout "d938943" + + static-update-component aus1.torproject.org + ``` + - [ ] Enable update responses: + ```bash + sudo -u tb-release ./deploy_update_responses-release.sh + ``` + +</details> + +<details> + <summary>Communications</summary> + +### tor-announce mailing list +- [ ] Email tor-announce mailing list + - **Recipients** + ``` + tor-announce(a)lists.torproject.org + ``` + - **Subject** + ``` + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Windows, macOS) + ``` + - **Body** + ``` + Hi everyone, + + Tor Browser ${TOR_BROWSER_VERSION} has now been published for legacy Windows and macOS platforms. For details please see our blog post: + - ${BLOG_POST_URL} + + Changelog: + # paste changelog as quote here + ``` + +</details> + +/label ~"Release Prep" ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Stable.md ===================================== @@ -1,117 +1,120 @@ +# Release Prep Tor Browser Stable + +- **NOTE** It is assumed the `tor-browser` release rebase and security backport tasks have been completed +- **NOTE** This can/is often done in conjunction with the equivalent Mullvad Browser release prep issue + <details> <summary>Explanation of variables</summary> -- `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release -- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER) - - **example** : `pierov` -- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc - - **example** : `91.6.0` -- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version - - **example** : `11` -- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version - - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` -- `$(TOR_BROWSER_VERSION)` : the Tor Browser version in the format - - **example** : `12.5a3`, `12.0.3` -- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(TOR_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build. - - **example** : `build1` -- `$(TOR_BROWSER_BUILD_N)` : the tor-browser build revision for a given Tor Browser release; used in tagging git commits - - **example** : `build2` - - **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example : - - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase) - - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same. -- `$(TOR_BROWSER_VERSION)` : the published Tor Browser version - - **example** : `11.5a6`, `11.0.7` -- `$(TBB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Tor Browser version - - **example** : `tbb-12.0.7-build1` -</details> +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${TOR_BROWSER_MAJOR}`: the Tor Browser major version + - **example**: `11` +- `${TOR_BROWSER_MINOR}`: the Tor Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${TOR_BROWSER_VERSION}`: the Tor Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${TOR_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${TOR_BROWSER_BUILD_N}`: the tor-browser build revision for a given Tor Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${TOR_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For example : + - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${TOR_BROWSER_BUILD_N}` value may stay at `build1` (but the `${TOR_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `tor-browser`, the `${TOR_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${TOR_BROWSER_VERSION}`: the published Tor Browser version + - **example**: `11.5a6`, `11.0.7` +- `${TBB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Tor Browser version + - **example**: `tbb-12.5a7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` -**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed -**NOTE** This can/is often done in conjunction with the equivalent Mullvad Browser release prep issue +</details> <details> - <summary>Building</summary> + <summary>Build Configuration</summary> + +### tor-browser: https://gitlab.torproject.org/tpo/applications/tor-browser.git + +- [ ] Tag `tor-browser` in tor-browser.git + - **example**: `tor-browser-128.4.0esr-14.0-1-build1` ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git -Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches. - -- [ ] Update `rbm.conf` - - [ ] `var/torbrowser_version` : update to next version - - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)` - - [ ] `var/browser_release_date` : update to build date. For the build to be reproducible, the date should be in the past when building. - - [ ] `var/torbrowser_legacy_version` : update to next version in the legacy-13.5 branch - - [ ] `var/torbrowser_legacy_platform_version` : update to firefox platform version in the legacy-13.5 branch - - [ ] ***(Desktop Only)***`var/torbrowser_incremental_from` : update to previous Desktop version - - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update - - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail -- [ ] Update Desktop-specific build configs - - [ ] Update `projects/firefox/config` - - [ ] `browser_build` : update to match `tor-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased -- [ ] Update Android-specific build configs - - [ ] Update `projects/geckoview/config` - - [ ] `browser_build` : update to match `tor-browser` tag - - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased - - [ ] ***(Optional)*** Update `projects/tor-android-service/config` - - [ ] `git_hash` : update with `HEAD` commit of project's `main` branch - - [ ] ***(Optional)*** Update `projects/application-services/config`: - **NOTE** we don't currently have any of our own patches for this project - - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)` - - [ ] ***(Optional)*** Update `projects/firefox-android/config`: - - [ ] `fenix_version` : update to match stable `firefox-android` build tag - - [ ] `browser_branch` : update to match stable `firefox-android` build tag - - [ ] `browser_build` : update to match stable `firefox-android` build tag - variant: Beta -- [ ] Update `projects/translation/config`: - - [ ] run `make list_translation_updates-release` to get updated hashes - - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch - - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch - - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch -- [ ] Update common build configs - - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript - - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for OpenSSL updates here : https://www.openssl.org/source/ - - [ ] ***(Optional)*** If new 3.0.X version available, update `projects/openssl/config` - - [ ] `version` : update to next 3.0.X version - - [ ] `input_files/sha256sum` : update to sha256 sum of source tarball - - [ ] Check for zlib updates here: https://github.com/madler/zlib/releases - - [ ] **(Optional)** If new tag available, update `projects/zlib/config` - - [ ] `version` : update to next release tag - - [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags - - [ ] ***(Optional)*** Update `projects/tor/config` - - [ ] `version` : update to latest non `-alpha` tag (ping dgoulet or ahf if unsure) - - [ ] Check for go updates here : https://go.dev/dl - - **NOTE** : In general, Tor Browser Stable uses the latest of the *previous* Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities. - - [ ] ***(Optional)*** Update `projects/go/config` - - [ ] `version` : update go version - - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page) - - [ ] Check for manual updates by running (from `tor-browser-build` root): `./tools/fetch-manual.py` - - [ ] ***(Optional)*** If new version is available: - - [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to `tb-build-02.torproject.org` - - [ ] Deploy to `tb-builder`'s `public_html` directory: - - `sudo -u tb-builder cp manual_$PIPELINEID.zip ~tb-builder/public_html/.` - - [ ] Update `projects/manual/config`: - - [ ] Change the `version` to `$PIPELINEID` - - [ ] Update `sha256sum` in the `input_files` section -- [ ] Update `ChangeLog-TBB.txt` - - [ ] Ensure `ChangeLog-TBB.txt` is sync'd between alpha and stable branches - - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones - - [ ] Run `./tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs` - - Make sure you have `requests` installed (e.g., `apt install python3-requests`) - - The first time you run this script you will need to generate an access token; the script will guide you - - `$updateArgs` should be these arguments, depending on what you actually updated: - - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case) - - [ ] `--tor` - - [ ] `--no-script` - - [ ] `--openssl` - - [ ] `--zlib` - - [ ] `--go` - - E.g., `./tools/fetch-changelogs.py 41028 --date 'December 19 2023' --firefox 115.6.0esr --tor 0.4.8.10 --no-script 11.4.29 --zlib 1.3 --go 1.21.5 --openssl 3.0.12` - - `--date $date` is optional, if omitted it will be the date on which you run the command - - [ ] Copy the output of the script to the beginning of `ChangeLog-TBB.txt` and adjust its output +Tor Browser Stable is on the `maint-${TOR_BROWSER_MAJOR}.${TOR_BROWSER_MINOR}` branch + +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Android, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the current `maint-XX.Y` branch +- [ ] Run release preparation script: + - **NOTE**: You can omit the `--tor-browser` argument if this is for a joint Tor and Mullvad Browser release + - **⚠️ WARNING**: You may need to manually update the `firefox/config` and `geckoview/config` files' `browser_build` field if `tor-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) + ```bash + ./tools/relprep.py --tor-browser --date ${RELEASE_DATE} ${TOR_BROWSER_VERSION} + ``` +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${TOR_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox` or `geckoview` tags, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrwoser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail +- [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] `projects/geckoview/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/tor-browser/git_hash`: updated with `HEAD` commit of project's `tor-browser` branch + - [ ] `steps/fenix/git_hash`: updated with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] ***(Optional)*** `projects/openssl/config`: https://www.openssl.org/source/ + - **NOTE**: Only if new LTS version (3.0.X currrently) available + - [ ] `version`: updated to next LTS version + - [ ] `input_files/sha256sum`: updated to sha256 sum of source tarball + - [ ] **(Optional)** `projects/zlib/config`: https://github.com/madler/zlib/releases + - **NOTE**: Only if new tag available + - [ ] `version`: updated to next release tag + - [ ] **(Optional)** `projects/zstd/config`: https://github.com/facebook/zstd/releases + - **NOTE**: Only if new tag available; Android-only for now + - [ ] `version`: updated to next release tag + - [ ] `git_hash`: updated to the commit corresponding to the tag (we don't check signatures for Zstandard) + - [ ] **(Optional)** `projects/tor/config` https://gitlab.torproject.org/tpo/core/tor/-/tags + - [ ] `version`: updated to latest non `-alpha` tag or release tag if newer (ping **dgoulet** or **ahf** if unsure) + - [ ] **(Optional)** `projects/go/config` https://go.dev/dl + - **NOTE**: In general, Tor Browser Alpha uses the latest Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities. + - [ ] `version`: updated go version + - [ ] `input_files/sha256sum` for `go`: update sha256sum of archive (sha256 sums are displayed on the go download page) + - [ ] **(Optional)** `projects/manual/config` + - [ ] `version`: updated to latest pipeline id + - [ ] `input_files/shasum` for `manual`: updated to manual hash + - [ ] Upload the downloaded `manual_${PIPELINEID}.zip` file to `tb-build-02.torproject.org` + - [ ] Deploy to `tb-builder`'s `public_html` directory: + - [ ] Run: + ```bash + sudo -u tb-builder cp manual_${PIPELINEID}.zip ~tb-builder/public_html/. + ``` + - `sudo` documentation for TPO machines: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts#changingres… + - [ ] `ChangeLog-TBB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates on a desktop-only release and vice-versa + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct - [ ] Open MR with above changes, using the template for release preparations + - **NOTE**: target the `maint-14.0` branch - [ ] Merge - [ ] Sign+Tag - **NOTE** this must be done by one of: @@ -120,47 +123,53 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE - ma1 - morgan - pierov - - [ ] Run: `make torbrowser-signtag-release` + - [ ] Run: + ```bash + make torbrowser-signtag-release + ``` - [ ] Push tag to `upstream` - [ ] Build the tag: - - Run `make torbrowser-release && make torbrowser-incrementals-release` + - [ ] Run: + ```bash + make torbrowser-release && make torbrowser-incrementals-release + ``` - [ ] Tor Project build machine - [ ] Local developer machine - [ ] Submit build request to Mullvad infrastructure: - **NOTE** this requires a devmole authentication token - - Run `make torbrowser-kick-devmole-build` -- [ ] Ensure builders have matching builds + - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit + - [ ] Run: + ```bash + make torbrowser-kick-devmole-build + ``` </details> <details> - <summary>Communications</summary> - -### notify stakeholders -- [ ] **(Once builds confirmed matching)** Email tor-qa mailing list with release information - - [ ] tor-qa: tor-qa(a)lists.torproject.org - - **Subject** - ``` - Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux) - ``` - - **Body** - ``` - Hello, - - Unsigned Tor Browser $(TOR_BROWSER_VERSION) release candidate builds are now available for testing: - - - https://tb-build-02.torproject.org/~$(BUILDER)/builds/torbrowser/release/un… - - The full changelog can be found here: - - - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/$(TB… - ``` -- [ ] Email packagers: - - [ ] Tails dev mailing list: tails-dev(a)boum.org - - [ ] Guardian Project: nathan(a)guardianproject.info - - [ ] FreeBSD port: freebsd(a)sysctl.cz  - - [ ] OpenBSD port: caspar(a)schutijser.com  - - [ ] Note any changes which may affect packaging/downstream integration + <summary>Website</summary> + + ### downloads: https://gitlab.torproject.org/tpo/web/tpo.git + - [ ] `databags/versions.ini`: Update the downloads versions + - `torbrowser-stable/version`: catch-all for latest stable version + - `torbrowser-alpha/version`: catch-all for latest alpha version + - `torbrowser-legacy/version`: catch-all for latest ESR-115 version + - `torbrowser-*-stable/version`: platform-specific stable versions + - `torbrowser-*-alpha/version`: platform-specific alpha versions + - `torbrowser-*-legacy/version`: platform-specific legacy versions + - [ ] Push to origin as new branch and create MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! + + ### blog: https://gitlab.torproject.org/tpo/web/blog.git + - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory) + - [ ] Note any ESR update + - [ ] Thank any users which have contributed patches + - [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc + - [ ] Push to origin as new branch and open MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! </details> @@ -168,38 +177,37 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE <summary>Signing</summary> ### release signing -- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long - [ ] Assign this issue to the signer, one of: - boklm + - ma1 - morgan -- [ ] On `$(STAGING_SERVER)`, ensure updated: - - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)` + - pierov +- [ ] Ensure all builders have matching builds +- [ ] Verify the associated legacy `maint-13.5` release has been signed and deployed + - **⚠️ WARNING**: Do not continue if the legacy channel has not been fully signed and published yet; it is needed for update-response generation! + - **NOTE** Stable releases without a corresponding legacy release may ignore this +- [ ] On `${STAGING_SERVER}`, ensure updated: + - **NOTE** Having a local git branch with `maint-14.0` as the upstream branch with these values saved means you only need to periodically `git pull --rebase` and update the `set-config.tbb-version` file + - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N} && git checkout tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N}` - [ ] `tor-browser-build/tools/signing/set-config.hosts` - - `ssh_host_builder` : ssh hostname of machine with unsigned builds - - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory) - - `ssh_host_linux_signer` : ssh hostname of linux signing machine + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` - - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos - [ ] `set-config.update-responses` - - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git` + - `update_responses_repository_dir`: directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git` - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` - - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) - - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) - - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script: - - `cd tor-browser-build/tools/signing/` - - `./do-all-signing.torbrowser` -- **NOTE**: at this point the signed binaries should have been copied to `staticiforme` -- [ ] Update `staticiforme.torproject.org`: - - From `screen` session on `staticiforme.torproject.org`: - - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` - - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-release.sh` - - [ ] Remove old release data from following places: - - **NOTE** : Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) - - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` - - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` - - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` + - `tbb_version`: tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ```bash + cd tor-browser-build/tools/signing/ && ./do-all-signing.torbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed </details> @@ -239,6 +247,28 @@ popd <details> <summary>Publishing</summary> +### website +- [ ] On `staticiforme.torproject.org`, static update components: + - [ ] Run: + ```bash + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` +- [ ] Deploy `tor-website` MR +- [ ] Deploy `tor-blog` MR +- [ ] On `staticiforme.torproject.org`, enable update responses: + - [ ] Run: + ```bash + sudo -u tb-release ./deploy_update_responses-release.sh + ``` +- [ ] On `staticiforme.torproject.org`, remove old release: + - **NOTE**: Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) + - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` + - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` + - [ ] Run: + ```bash + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` + ### Google Play: https://play.google.com/apps/publish - [ ] Publish APKs to Google Play: - Select `Tor Browser` app @@ -253,45 +283,59 @@ popd - [ ] 100% rollout when publishing a security-driven release - [ ] Update rollout percentage to 100% after confirmed no major issues -### website: https://gitlab.torproject.org/tpo/web/tpo.git -- [ ] `databags/versions.ini` : Update the downloads versions - - `torbrowser-stable/version` : sort of a catch-all for latest stable version - - `torbrowser-alpha/version` : sort of a catch-all for latest stable version - - `torbrowser-*-stable/version` : platform-specific stable versions - - `torbrowser-*-alpha/version` : platform-specific alpha versions - - `tor-stable`,`tor-alpha` : set by tor devs, do not touch -- [ ] Push to origin as new branch, open 'Draft :' MR -- [ ] Remove `Draft:` from MR once signed-packages are accessible on https://dist.torproject.org -- [ ] Merge -- [ ] Publish after CI passes and builds are published +</details> -### blog: https://gitlab.torproject.org/tpo/web/blog.git -- [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory) - - [ ] Note any ESR update - - [ ] Note any updates to dependencies (OpenSSL, zlib, NoScript, tor, etc) - - [ ] Thank any users which have contributed patches -- [ ] Push to origin as new branch, open `Draft:` MR -- [ ] Merge once signed-packages are accessible on https://dist.torproject.org -- [ ] Publish after CI passes and website has been updated +<details> + <summary>Communications</summary> ### tor-announce mailing list -- [ ] Email tor-announce mailing list: tor-announce(a)lists.torproject.org +- [ ] Email tor-announce mailing list + - **Recipients** + ``` + tor-announce(a)lists.torproject.org + ``` - **Subject** ``` - New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux) + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Android, Windows, macOS, Linux) ``` - **Body** ``` Hi everyone, - Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post: - - $(BLOG_POST_URL) + Tor Browser ${TOR_BROWSER_VERSION} has now been published for all platforms. For details please see our blog post: + - ${BLOG_POST_URL} Changelog: - # paste changleog as quote here + # paste changelog as quote here + ``` + +### packagers +- [ ] Email packagers: + - **Recipients** + - Tails dev mailing list: tails-dev(a)boum.org + - Guardian Project: nathan(a)guardianproject.info + - FreeBSD port: freebsd(a)sysctl.cz  + - OpenBSD port: caspar(a)schutijser.com  + - torbrowser-launcher: mail(a)asciiwolf.com  + - Anti-Censorship: meskio(a)torproject.org  ``` + tails-dev(a)boum.org nathan(a)guardianproject.info freebsd(a)sysctl.cz caspar(a)schutijser.com mail(a)asciiwolf.com meskio(a)torproject.org + ``` + - **Subject** + ``` + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Android, Windows, macOS, Linux) + ``` + - **Body** + ``` + Hi everyone, + + Tor Browser ${TOR_BROWSER_VERSION} has now been published for all platforms. For details please see our blog post: + - ${BLOG_POST_URL} + Changelog: + # paste changelog as quote here + ``` + - [ ] Note any changes which may affect packaging/downstream integration </details> /label ~"Release Prep" - View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3… You're receiving this email because of your account on gitlab.torproject.org.

1 0