tbb-commits

tbb-commits@lists.torproject.org

1 participants
17657 discussions

[tor-browser/tor-browser-38.7.1esr-6.0-1] fixup! Bug 16940: After update, load local change notes.
by gk＠torproject.org 19 Mar '16

19 Mar '16

commit c1b7d7e2f51f89ab19018e99fe62f8654d3cecb8 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Mon Feb 29 14:47:01 2016 -0500 fixup! Bug 16940: After update, load local change notes. When built with --enable-tor-browser-data-outside-app-dir, account for the new Mac OS directory structure (see bug #13252). --- browser/base/content/content.js | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/browser/base/content/content.js b/browser/base/content/content.js index d1afdb9..a56d7ff 100644 --- a/browser/base/content/content.js +++ b/browser/base/content/content.js @@ -597,15 +597,30 @@ let AboutTBUpdateListener = { // Read and return the text from the beginning of the changelog file that is // located at TorBrowser/Docs/ChangeLog.txt. + // On Mac OS, when building with --enable-tor-browser-data-outside-app-dir + // to support Gatekeeper signing, the file is located in + // TorBrowser.app/Contents/Resources/TorBrowser/Docs/. + // // When electrolysis is enabled we will need to adopt an architecture that is // more similar to the one that is used for about:home (see AboutHomeListener // in this file and browser/modules/AboutHome.jsm). getChangeLogText: function() { try { +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + // "XREExeF".parent is the directory that contains firefox, i.e., + // Browser/ or, on Mac OS, TorBrowser.app/Contents/MacOS/. + let f = Services.dirsvc.get("XREExeF", Ci.nsIFile).parent; +#ifdef XP_MACOSX + f = f.parent; + f.append("Resources"); +#endif + f.append("TorBrowser"); +#else // "DefProfRt" is .../TorBrowser/Data/Browser let f = Cc["@mozilla.org/file/directory_service;1"] .getService(Ci.nsIProperties).get("DefProfRt", Ci.nsIFile); f = f.parent.parent; // Remove "Data/Browser" +#endif f.append("Docs"); f.append("ChangeLog.txt");

1 0

[tor-browser/tor-browser-38.7.1esr-6.0-1] fixup! Bug #4234: Use the Firefox Update Process for Tor Browser.
by gk＠torproject.org 19 Mar '16

19 Mar '16

commit 38e31a62d48dd8ea8bee02673b7050338fc1c22a Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Mon Feb 29 16:55:06 2016 -0500 fixup! Bug #4234: Use the Firefox Update Process for Tor Browser. When built with --enable-tor-browser-data-outside-app-dir, account for the new Mac OS directory structure (see bug #13252). Many of the updater changes we made earlier are no longer needed. Also, fix a JS warning inside toolkit/mozapps/update/nsUpdateService.js and improve startup time logging of update status. --- config/createprecomplete.py | 4 ++ toolkit/mozapps/update/nsUpdateService.js | 3 +- toolkit/mozapps/update/updater/updater.cpp | 18 ++++-- toolkit/xre/nsUpdateDriver.cpp | 36 +++++++++++- toolkit/xre/nsXREDirProvider.cpp | 14 +++++ tools/update-packaging/common.sh | 4 ++ tools/update-packaging/make_full_update.sh | 21 +++++-- tools/update-packaging/make_incremental_update.sh | 71 ++++++++++++++--------- 8 files changed, 128 insertions(+), 43 deletions(-) diff --git a/config/createprecomplete.py b/config/createprecomplete.py index 48cba96..be571be 100644 --- a/config/createprecomplete.py +++ b/config/createprecomplete.py @@ -10,6 +10,10 @@ import sys import os +# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms, +# we should remove all lines in this file that contain: +# TorBrowser/Data + def get_build_entries(root_path): """ Iterates through the root_path, creating a list for each file and directory. Excludes any file paths ending with channel-prefs.js. diff --git a/toolkit/mozapps/update/nsUpdateService.js b/toolkit/mozapps/update/nsUpdateService.js index e720ae4..2d443a7 100644 --- a/toolkit/mozapps/update/nsUpdateService.js +++ b/toolkit/mozapps/update/nsUpdateService.js @@ -1025,7 +1025,7 @@ function getUpdatesDirInApplyToDir() { #endif dir.append(UPDATED_DIR); #ifdef XP_MACOSX -#ifdef TOR_BROWSER_UPDATE +#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) dir.append("TorBrowser"); dir.append("UpdateInfo"); #else @@ -4051,6 +4051,7 @@ Downloader.prototype = { createInstance(Ci.nsIFileInputStream); fileStream.init(destination, FileUtils.MODE_RDONLY, FileUtils.PERMS_FILE, 0); + let digest; try { var hash = Cc["@mozilla.org/security/hash;1"]. createInstance(Ci.nsICryptoHash); diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp index 31a5dac..e089a2a 100644 --- a/toolkit/mozapps/update/updater/updater.cpp +++ b/toolkit/mozapps/update/updater/updater.cpp @@ -2281,7 +2281,7 @@ static int CopyInstallDirToDestDir() { // These files should not be copied over to the updated app -#ifdef TOR_BROWSER_UPDATE +#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) #ifdef XP_WIN #define SKIPLIST_COUNT 6 #else @@ -2297,7 +2297,7 @@ CopyInstallDirToDestDir() #endif #endif copy_recursive_skiplist<SKIPLIST_COUNT> skiplist; -#ifdef TOR_BROWSER_UPDATE +#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) #ifdef XP_MACOSX skiplist.append(0, gInstallDirPath, NS_T("Updated.app")); skiplist.append(1, gInstallDirPath, NS_T("TorBrowser/UpdateInfo/updates/0")); @@ -2312,7 +2312,7 @@ CopyInstallDirToDestDir() #endif #endif -#ifdef TOR_BROWSER_UPDATE +#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) #ifdef XP_WIN skiplist.append(SKIPLIST_COUNT - 3, gInstallDirPath, NS_T("TorBrowser/Data/Browser/profile.default/parent.lock")); @@ -2454,7 +2454,7 @@ ProcessReplaceRequest() // On OS X, we we need to remove the staging directory after its Contents // directory has been moved. NS_tchar updatedAppDir[MAXPATHLEN]; -#ifdef TOR_BROWSER_UPDATE +#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) NS_tsnprintf(updatedAppDir, sizeof(updatedAppDir)/sizeof(updatedAppDir[0]), NS_T("%s/Updated.app"), gInstallDirPath); // For Tor Browser on OS X, we also need to copy everything else that is inside Updated.app. @@ -3229,6 +3229,15 @@ int NS_main(int argc, NS_tchar **argv) if (!useService && !noServiceFallback && updateLockFileHandle == INVALID_HANDLE_VALUE) { #ifdef TOR_BROWSER_UPDATE +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + // Because the TorBrowser-Data directory that contains the user's + // profile is a sibling of the Tor Browser installation directory, + // the user probably has permission to apply updates. Therefore, to + // avoid potential security issues such as CVE-2015-0833, do not + // attempt to elevate privileges. Instead, write a "failed" message + // to the update status file (this function will return immediately + // after the CloseHandle(elevatedFileHandle) call below). +#else // Because the user profile is contained within the Tor Browser // installation directory, the user almost certainly has permission to // apply updates. Therefore, to avoid potential security issues such @@ -3236,6 +3245,7 @@ int NS_main(int argc, NS_tchar **argv) // write a "failed" message to the update status file (this function // will return immediately after the CloseHandle(elevatedFileHandle) // call below). +#endif WriteStatusFile(WRITE_ERROR_ACCESS_DENIED); #else SHELLEXECUTEINFO sinfo; diff --git a/toolkit/xre/nsUpdateDriver.cpp b/toolkit/xre/nsUpdateDriver.cpp index 085f439..9f61652 100644 --- a/toolkit/xre/nsUpdateDriver.cpp +++ b/toolkit/xre/nsUpdateDriver.cpp @@ -267,6 +267,33 @@ typedef enum { eAppliedService } UpdateStatus; +#ifdef DEBUG +static const char * +UpdateStatusToString(UpdateStatus aStatus) +{ + const char *rv = "unknown"; + switch (aStatus) { + case eNoUpdateAction: + rv = "NoUpdateAction"; + break; + case ePendingUpdate: + rv = "PendingUpdate"; + break; + case ePendingService: + rv = "PendingService"; + break; + case eAppliedUpdate: + rv = "AppliedUpdate"; + break; + case eAppliedService: + rv = "AppliedService"; + break; + } + + return rv; +} +#endif + /** * Returns a value indicating what needs to be done in order to handle an update. * @@ -345,6 +372,7 @@ IsOlderVersion(nsIFile *versionFile, const char *appVersion) return false; } +#ifndef TOR_BROWSER_DATA_OUTSIDE_APP_DIR #if defined(TOR_BROWSER_UPDATE) && defined(XP_MACOSX) static nsresult GetUpdateDirFromAppDir(nsIFile *aAppDir, nsIFile* *aResult) @@ -369,6 +397,7 @@ GetUpdateDirFromAppDir(nsIFile *aAppDir, nsIFile* *aResult) return NS_OK; } #endif +#endif #if defined(XP_WIN) && defined(MOZ_METRO) static bool @@ -605,7 +634,7 @@ SwitchToUpdatedApp(nsIFile *greDir, nsIFile *updateDir, nsAutoCString applyToDir; nsCOMPtr<nsIFile> updatedDir; #ifdef XP_MACOSX -#ifdef TOR_BROWSER_UPDATE +#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) rv = GetUpdateDirFromAppDir(appDir, getter_AddRefs(updatedDir)); if (NS_FAILED(rv)) { #else @@ -899,7 +928,7 @@ ApplyUpdate(nsIFile *greDir, nsIFile *updateDir, nsIFile *statusFile, applyToDir.Assign(installDirPath); } else { #ifdef XP_MACOSX -#ifdef TOR_BROWSER_UPDATE +#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) rv = GetUpdateDirFromAppDir(appDir, getter_AddRefs(updatedDir)); if (NS_FAILED(rv)) { #else @@ -1160,7 +1189,8 @@ ProcessUpdates(nsIFile *greDir, nsIFile *appDir, nsIFile *updRootDir, nsCOMPtr<nsIFile> statusFile; UpdateStatus status = GetUpdateStatus(updatesDir, statusFile); #ifdef DEBUG - printf("ProcessUpdates status: %d\n", status); + printf("ProcessUpdates status: %s (%d)\n", + UpdateStatusToString(status), status); updatesDir->GetNativePath(path); printf("ProcessUpdates updatesDir: %s\n", path.get()); #endif diff --git a/toolkit/xre/nsXREDirProvider.cpp b/toolkit/xre/nsXREDirProvider.cpp index ab652a4..675039e 100644 --- a/toolkit/xre/nsXREDirProvider.cpp +++ b/toolkit/xre/nsXREDirProvider.cpp @@ -1033,6 +1033,19 @@ nsXREDirProvider::GetUpdateRootDir(nsIFile* *aResult) #ifdef XP_MACOSX #ifdef TOR_BROWSER_UPDATE +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + // For Tor Browser, we cannot store update history, etc. under the user's + // home directory. Instead, we place it under + // Tor Browser.app/../TorBrowser-Data/UpdateInfo/ + nsCOMPtr<nsIFile> appRootDir; + rv = GetAppRootDir(getter_AddRefs(appRootDir)); + NS_ENSURE_SUCCESS(rv, rv); + nsCOMPtr<nsIFile> localDir; + rv = appRootDir->GetParent(getter_AddRefs(localDir)); + NS_ENSURE_SUCCESS(rv, rv); + rv = localDir->AppendRelativeNativePath(NS_LITERAL_CSTRING("TorBrowser-Data" + XPCOM_FILE_PATH_SEPARATOR "UpdateInfo")); +#else // For Tor Browser, we cannot store update history, etc. under the user's home directory. // Instead, we place it under Tor Browser.app/TorBrowser/UpdateInfo/ nsCOMPtr<nsIFile> localDir; @@ -1041,6 +1054,7 @@ nsXREDirProvider::GetUpdateRootDir(nsIFile* *aResult) rv = localDir->AppendNative(NS_LITERAL_CSTRING("TorBrowser")); NS_ENSURE_SUCCESS(rv, rv); rv = localDir->AppendNative(NS_LITERAL_CSTRING("UpdateInfo")); +#endif NS_ENSURE_SUCCESS(rv, rv); #else nsCOMPtr<nsIFile> appRootDirFile; diff --git a/tools/update-packaging/common.sh b/tools/update-packaging/common.sh index 6733679..5af9e27 100755 --- a/tools/update-packaging/common.sh +++ b/tools/update-packaging/common.sh @@ -8,6 +8,10 @@ # Author: Darin Fisher # +# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms, +# we should remove all lines in this file that contain: +# TorBrowser/Data + # ----------------------------------------------------------------------------- QUIET=0 diff --git a/tools/update-packaging/make_full_update.sh b/tools/update-packaging/make_full_update.sh index 3578ae4..f0bd7f6 100755 --- a/tools/update-packaging/make_full_update.sh +++ b/tools/update-packaging/make_full_update.sh @@ -10,12 +10,6 @@ . $(dirname "$0")/common.sh -# TODO: it would be better to pass this as a command line option. -# Make sure we delete the pre 5.1.0 HTTPS Everywhere as well in case it -# exists. The extension ID got changed with the version bump to 5.1.0. -ext_path='TorBrowser/Data/Browser/profile.default/extensions' -directories_to_remove="$ext_path/https-everywhere(a)eff.org $ext_path/https-everywhere-eff(a)eff.org" - # ----------------------------------------------------------------------------- print_usage() { @@ -77,6 +71,18 @@ fi list_files files list_symlinks symlinks symlink_targets +# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms, +# we should remove the following lines: +# Make sure we delete the pre 5.1.0 HTTPS Everywhere as well in case it +# exists. The extension ID got changed with the version bump to 5.1.0. +ext_path='TorBrowser/Data/Browser/profile.default/extensions' +if [ -d "$ext_dir" ]; then + directories_to_remove="$ext_path/https-everywhere(a)eff.org $ext_path/https-everywhere-eff(a)eff.org" +else + directories_to_remove="" +fi +# END TOR_BROWSER_DATA_OUTSIDE_APP_DIR removal + popd # Add the type of update to the beginning of the update manifests. @@ -88,6 +94,8 @@ notice " type complete" echo "type \"complete\"" >> "$updatemanifestv2" echo "type \"complete\"" >> "$updatemanifestv3" +# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms, +# we should remove the following lines: # If removal of any old, existing directories is desired, emit the appropriate # rmrfdir commands. notice "" @@ -100,6 +108,7 @@ for dir_to_remove in $directories_to_remove; do echo "rmrfdir \"$dir_to_remove\"" >> "$updatemanifestv2" echo "rmrfdir \"$dir_to_remove\"" >> "$updatemanifestv3" done +# END TOR_BROWSER_DATA_OUTSIDE_APP_DIR removal notice "" notice "Adding file add instructions to update manifests" diff --git a/tools/update-packaging/make_incremental_update.sh b/tools/update-packaging/make_incremental_update.sh index c803809..15af172 100755 --- a/tools/update-packaging/make_incremental_update.sh +++ b/tools/update-packaging/make_incremental_update.sh @@ -63,6 +63,8 @@ check_for_forced_update() { return 0; fi +# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms, +# we should remove the following lines: # If the file in the skip list ends with /*, do a prefix match. # This allows TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff(a)eff.org/* # to be used to force all HTTPS Everywhere files to be updated. @@ -74,6 +76,7 @@ check_for_forced_update() { return 0; fi fi +# END TOR_BROWSER_DATA_OUTSIDE_APP_DIR removal done ## 'false'... because this is bash. Oh yay! return 1; @@ -84,6 +87,8 @@ if [ $# = 0 ]; then exit 1 fi +# Firefox uses requested_forced_updates='Contents/MacOS/firefox' due to +# 770996 but in Tor Browser we do not need that fix. requested_forced_updates="" directories_to_remove="" @@ -120,40 +125,45 @@ updatemanifestv2="$workdir/updatev2.manifest" updatemanifestv3="$workdir/updatev3.manifest" archivefiles="updatev2.manifest updatev3.manifest" +# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms, +# we should remove the following lines: # If the NoScript or HTTPS Everywhere extensions have changed between # releases, add them to the "force updates" list. ext_path='TorBrowser/Data/Browser/profile.default/extensions' -https_everywhere='https-everywhere-eff(a)eff.org' -noscript='{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi' - -# NoScript is a packed extension, so we simply compare the old and the new -# .xpi files. -noscript_path="$ext_path/$noscript" -diff -a "$olddir/$noscript_path" "$newdir/$noscript_path" > /dev/null -rc=$? -if [ $rc -gt 1 ]; then - notice "Unexpected exit $rc from $noscript_path diff command" - exit 2 -elif [ $rc -eq 1 ]; then - requested_forced_updates="$requested_forced_updates $noscript_path" -fi +if [ -d "$newdir/$ext_path" ]; then + https_everywhere='https-everywhere-eff(a)eff.org' + noscript='{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi' + + # NoScript is a packed extension, so we simply compare the old and the new + # .xpi files. + noscript_path="$ext_path/$noscript" + diff -a "$olddir/$noscript_path" "$newdir/$noscript_path" > /dev/null + rc=$? + if [ $rc -gt 1 ]; then + notice "Unexpected exit $rc from $noscript_path diff command" + exit 2 + elif [ $rc -eq 1 ]; then + requested_forced_updates="$requested_forced_updates $noscript_path" + fi -# HTTPS Everywhere is an unpacked extension, so we need to determine if any of -# the unpacked files have changed. Since that is messy, we simply compare the -# old extension's install.rdf file to the new one. -https_everywhere_install_rdf="$ext_path/$https_everywhere/install.rdf" -diff "$olddir/$https_everywhere_install_rdf" \ - "$newdir/$https_everywhere_install_rdf" > /dev/null -rc=$? -if [ $rc -gt 1 -a -e "$olddir/$https_everywhere_install_rdf" ]; then - notice "Unexpected exit $rc from $https_everywhere_install_rdf diff command" - exit 2 -elif [ $rc -ge 1 ]; then - requested_forced_updates="$requested_forced_updates $ext_path/$https_everywhere/*" - # Make sure we delete the pre 5.1.0 HTTPS Everywhere as well in case it - # exists. The extension ID got changed with the version bump to 5.1.0. - directories_to_remove="$directories_to_remove $ext_path/https-everywhere(a)eff.org $ext_path/$https_everywhere" + # HTTPS Everywhere is an unpacked extension, so we need to determine if any of + # the unpacked files have changed. Since that is messy, we simply compare the + # old extension's install.rdf file to the new one. + https_everywhere_install_rdf="$ext_path/$https_everywhere/install.rdf" + diff "$olddir/$https_everywhere_install_rdf" \ + "$newdir/$https_everywhere_install_rdf" > /dev/null + rc=$? + if [ $rc -gt 1 -a -e "$olddir/$https_everywhere_install_rdf" ]; then + notice "Unexpected exit $rc from $https_everywhere_install_rdf diff command" + exit 2 + elif [ $rc -ge 1 ]; then + requested_forced_updates="$requested_forced_updates $ext_path/$https_everywhere/*" + # Make sure we delete the pre 5.1.0 HTTPS Everywhere as well in case it + # exists. The extension ID got changed with the version bump to 5.1.0. + directories_to_remove="$directories_to_remove $ext_path/https-everywhere(a)eff.org $ext_path/$https_everywhere" + fi fi +# END TOR_BROWSER_DATA_OUTSIDE_APP_DIR removal mkdir -p "$workdir" @@ -196,6 +206,8 @@ notice " type partial" echo "type \"partial\"" >> "$updatemanifestv2" echo "type \"partial\"" >> "$updatemanifestv3" +# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms, +# we should remove the following lines: # If removal of any old, existing directories is desired, emit the appropriate # rmrfdir commands. notice "" @@ -208,6 +220,7 @@ for dir_to_remove in $directories_to_remove; do echo "rmrfdir \"$dir_to_remove\"" >> "$updatemanifestv2" echo "rmrfdir \"$dir_to_remove\"" >> "$updatemanifestv3" done +# END TOR_BROWSER_DATA_OUTSIDE_APP_DIR removal notice "" notice "Adding file patch and add instructions to update manifests"

1 0

[tor-browser-bundle/master] Bug 13252: Do not store data in the app bundle
by gk＠torproject.org 19 Mar '16

19 Mar '16

commit de8b74299c2235cfe42d04df15b621b8807903e2 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Fri Mar 18 13:05:52 2016 -0400 Bug 13252: Do not store data in the app bundle On Mac OS, set DATA_OUTSIDE_APP_DIR=1 for alpha builds. When this option is enabled, the package layout is altered to be compatible with Apple's Gatekeeper code signing. All user data will be created in a TorBrowser-Data directory which sits next to the app bundle and all code (and only code) is placed under Contents/MacOS. Currently, FTE is not included when DATA_OUTSIDE_APP_DIR=1 because FTE needs to be repackaged to separate the Python scripts from the compiled libraries (see bug 18495). --- Bundle-Data/mac-tor.sh | 4 + gitian/descriptors/mac/gitian-bundle.yml | 100 ++++++++++++++------- .../mac/gitian-pluggable-transports.yml | 57 ++++++++---- gitian/descriptors/mac/gitian-tor.yml | 23 +++-- gitian/mkbundle-mac.sh | 40 +++++++-- gitian/versions.alpha | 3 + 6 files changed, 163 insertions(+), 64 deletions(-) diff --git a/Bundle-Data/mac-tor.sh b/Bundle-Data/mac-tor.sh index 03d6f9d..78b3348 100755 --- a/Bundle-Data/mac-tor.sh +++ b/Bundle-Data/mac-tor.sh @@ -8,4 +8,8 @@ export DYLD_LIBRARY_PATH=.:$DYLD_LIBRARY_PATH # otherwise set to "/" when an application bundle is started from Finder. # https://trac.torproject.org/projects/tor/ticket/10030 cd "$(dirname "$0")" +if [ ! -f tor.real -a -d ../../../MacOS/Tor ]; then + # On newer releases of Tor Browser, tor.real is in Contents/MacOS/Tor/. + cd ../../../MacOS/Tor +fi exec ./tor.real "$@" diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index 0199cca..aa6a09d 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -69,6 +69,22 @@ script: | export TORBROWSER_APP="TorBrowser" export TORBROWSER_NAME="TorBrowserBundle" + if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then + DOCSPATH=Contents/Resources/TorBrowser/Docs + EXTSPATH=Contents/Resources/distribution/extensions + TORBINPATH=Contents/MacOS/Tor + TORCONFIGPATH=Contents/Resources/TorBrowser/Tor + EXTOVERRIDESPATH=Contents/Resources/distribution/preferences//extension-overrides.js + MEEKPROFILEPATH=Contents/Resources/TorBrowser/Tor/PluggableTransports/template-profile.meek-http-helper + else + DOCSPATH=TorBrowser/Docs + EXTSPATH=TorBrowser/Data/Browser/profile.default/extensions + TORBINPATH=TorBrowser/Tor + TORCONFIGPATH=TorBrowser/Data/Tor + EXTOVERRIDESPATH=TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js + MEEKPROFILEPATH=TorBrowser/Data/Browser/profile.meek-http-helper + fi + # Building libfaketime. cd faketime make @@ -83,10 +99,9 @@ script: | MARTOOLS=~/build/mar-tools # mkdir -p $OUTDIR/ - mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff(a)eff.org - mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions - mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/Caches - mkdir -p $TORBROWSER_NAME.app/TorBrowser/Docs/sources + mkdir -p $TORBROWSER_NAME.app/$EXTSPATH/https-everywhere-eff(a)eff.org + mkdir -p $TORBROWSER_NAME.app/$MEEKPROFILEPATH/extensions + mkdir -p $TORBROWSER_NAME.app/$DOCSPATH/sources mkdir -p $TORBROWSER_NAME.app/Contents/MacOS mkdir -p dmg # @@ -97,7 +112,7 @@ script: | mkdir pkg/tmp cd pkg/tmp unzip ../*.xpi - ~/build/dzip.sh ../../../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher(a)torproject.org.xpi . + ~/build/dzip.sh ../../../$TORBROWSER_NAME.app/$EXTSPATH/tor-launcher(a)torproject.org.xpi . cd ../../../ # cd torbutton @@ -107,7 +122,7 @@ script: | mkdir pkg/tmp cd pkg/tmp unzip ../*.xpi - ~/build/dzip.sh ../../../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/torbutton(a)torproject.org.xpi . + ~/build/dzip.sh ../../../$TORBROWSER_NAME.app/$EXTSPATH/torbutton(a)torproject.org.xpi . cd ../../../ # cd https-everywhere @@ -120,11 +135,11 @@ script: | ./makexpi.sh # Since 5.0.2 a .xpi for AMO is built, too. We don't need it. rm ./pkg/*-amo.xpi - cp pkg/*.xpi ../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org.xpi + cp pkg/*.xpi ../$TORBROWSER_NAME.app/$EXTSPATH/https-everywhere(a)eff.org.xpi cd .. # - cp *.xpi ./$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/ - cd $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/ + cp *.xpi ./$TORBROWSER_NAME.app/$EXTSPATH/ + cd $TORBROWSER_NAME.app/$EXTSPATH/ mv noscript(a)noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi cd https-everywhere-eff(a)eff.org unzip ../https-everywhere(a)eff.org.xpi @@ -132,7 +147,7 @@ script: | cd ~/build/ # cd meek/firefox - ~/build/dzip.sh ../../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions/meek-http-helper(a)bamsoftware.com.xpi . + ~/build/dzip.sh ../../$TORBROWSER_NAME.app/$MEEKPROFILEPATH/extensions/meek-http-helper(a)bamsoftware.com.xpi . cd ~/build/ # # Install fonts. @@ -154,23 +169,30 @@ script: | fi cd $TORBROWSER_NAME.app unzip ~/build/mac-skeleton.zip - cd TorBrowser + if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then + mv bookmarks.html ~/build + fi + cd $DOCSPATH/.. unzip ~/build/tbb-docs.zip + cd - if [ $BUILD_PT_BUNDLES ]; then - cat ~/build/torrc-defaults-appendix-mac >> Data/Tor/torrc-defaults - cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js - cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js + cat ~/build/torrc-defaults-appendix-mac >> $TORCONFIGPATH/torrc-defaults + cat ~/build/bridge_prefs.js >> $EXTOVERRIDESPATH + cat ~/build/meek-http-helper-user.js >> $MEEKPROFILEPATH/user.js fi # Install a "tor" shim that sets the working directory. See #10030. - mv Tor/tor Tor/tor.real - cp ~/build/mac-tor.sh Tor/tor - cd .. + mv $TORBINPATH/tor $TORBINPATH/tor.real + if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then + cp ~/build/mac-tor.sh $TORCONFIGPATH/tor + else + cp ~/build/mac-tor.sh $TORBINPATH/tor + fi unzip ~/build/tor-browser-mac$GBUILD_BITS-gbuilt.zip cd .. # # Copy reproducibility info - cp versions $TORBROWSER_NAME.app/TorBrowser/Docs/sources/ - cp bundle.inputs $TORBROWSER_NAME.app/TorBrowser/Docs/sources/ + cp versions $TORBROWSER_NAME.app/$DOCSPATH/sources/ + cp bundle.inputs $TORBROWSER_NAME.app/$DOCSPATH/sources/ # # Set up DMG skeleton cd libdmg-hfsplus @@ -186,20 +208,33 @@ script: | pushd $TORBROWSER_NAME.app/Contents/Resources/browser/ unzip omni.ja defaults/preferences/000-tor-browser.js cp defaults/preferences/000-tor-browser.js ~/build/ + if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then + # Embed our default bookmarks. + mkdir -p defaults/profile/ + cp -p ~/build/bookmarks.html defaults/profile/ + zip -Xm omni.ja defaults/profile/bookmarks.html + fi # Set the locale of the bundle. echo "pref(\"general.useragent.locale\", \"en-US\");" >> defaults/preferences/000-tor-browser.js zip -Xm omni.ja defaults/preferences/000-tor-browser.js rm -rf defaults popd - # Install a headless copy of TorBrowser.app, with a modified Info.plist so - # that it runs without a dock icon. See #11429. - pushd $TORBROWSER_NAME.app/TorBrowser/Tor/PluggableTransports - mkdir -p TorBrowser.app.meek-http-helper/Contents - (cd TorBrowser.app.meek-http-helper/Contents && ln -s ../../../../../Contents/* .) - rm -f TorBrowser.app.meek-http-helper/Contents/Info.plist - ~/build/background-plist.py ../../../Contents/Info.plist > TorBrowser.app.meek-http-helper/Contents/Info.plist - unzip ~/build/TorBrowser.app.meek-http-helper.zip - popd + if [ "z$DATA_OUTSIDE_APP_DIR" != "z1" ]; then + # Install a headless copy of TorBrowser.app, with a modified Info.plist so + # that it runs without a dock icon. See #11429. + # When DATA_OUTSIDE_APP_DIR is set, this approach is not used because it + # is incompatible with Apple's Gatekeeper signing process. Instead, + # firefox has been modified to accept an --invisible command line option + # that causes it to hide the dock icon when running as the meek http + # helper browser (meek-client-torbrowser invokes firefox with --invisible). + pushd $TORBROWSER_NAME.app/TorBrowser/Tor/PluggableTransports + mkdir -p TorBrowser.app.meek-http-helper/Contents + (cd TorBrowser.app.meek-http-helper/Contents && ln -s ../../../../../Contents/* .) + rm -f TorBrowser.app.meek-http-helper/Contents/Info.plist + ~/build/background-plist.py ../../../Contents/Info.plist > TorBrowser.app.meek-http-helper/Contents/Info.plist + unzip ~/build/TorBrowser.app.meek-http-helper.zip + popd + fi unzip mac-langpacks.zip MAC_LOCALES="$BUNDLE_LOCALES $BUNDLE_LOCALES_MAC" @@ -212,7 +247,7 @@ script: | for LANG in $MAC_LOCALES do xpi=$LANG.xpi - cp $xpi ~/build/$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/langpack-$LANG(a)firefox.mozilla.org.xpi + cp $xpi ~/build/$TORBROWSER_NAME.app/$EXTSPATH/langpack-$LANG(a)firefox.mozilla.org.xpi done popd @@ -223,10 +258,7 @@ script: | zip -Xm omni.ja update.locale popd fi - # - # XXX: We need to insert these placeholders because otherwise mkisofs won't - # include these otherwise empty dirs: - touch ~/build/$TORBROWSER_NAME.app/TorBrowser/Data/Browser/Caches/placeholder.txt + # Recreate precomplete file (needs to be accurate for full MAR updates). pushd ~/build/$TORBROWSER_NAME.app/Contents/Resources/ rm -f precomplete @@ -249,7 +281,7 @@ script: | xpi=mac-langpacks/$LANG.xpi DEST=$TORBROWSER_APP cp -a ${TORBROWSER_NAME}_plain.app ~/build/dmg/$DEST.app - cp $xpi ~/build/dmg/$DEST.app/TorBrowser/Data/Browser/profile.default/extensions/langpack-$LANG(a)firefox.mozilla.org.xpi + cp $xpi ~/build/dmg/$DEST.app/$EXTSPATH/langpack-$LANG(a)firefox.mozilla.org.xpi pushd ~/build/dmg/$DEST.app/Contents/Resources/browser/ mkdir -p defaults/preferences diff --git a/gitian/descriptors/mac/gitian-pluggable-transports.yml b/gitian/descriptors/mac/gitian-pluggable-transports.yml index fd62919..5a578ba 100644 --- a/gitian/descriptors/mac/gitian-pluggable-transports.yml +++ b/gitian/descriptors/mac/gitian-pluggable-transports.yml @@ -39,6 +39,7 @@ remotes: - "url": "https://git.torproject.org/pluggable-transports/obfs4.git" "dir": "obfs4" files: +- "versions" - "pycrypto.tar.gz" - "argparse.tar.gz" - "pyyaml.tar.gz" @@ -53,8 +54,20 @@ files: - "openssl-mac64-utils.zip" script: | INSTDIR="$HOME/install" - TBDIR="$INSTDIR/TorBrowserBundle.app/TorBrowser" - PTDIR="$TBDIR/Tor/PluggableTransports" + source versions + TBDIR="$INSTDIR/TorBrowserBundle.app" + if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then + PTDIR="$TBDIR/Contents/MacOS/Tor/PluggableTransports" + DOCSDIR="$TBDIR/Contents/Resources/TorBrowser/Docs" + TORBINDIR="$TBDIR/Contents/MacOS/Tor" + # TODO: Fix packaging of fte so it can be included. See bug 18495. + INCLUDE_FTE=0 + else + PTDIR="$TBDIR/TorBrowser/Tor/PluggableTransports" + DOCSDIR="$TBDIR/TorBrowser/Docs" + TORBINDIR="$TBDIR/TorBrowser/Tor" + INCLUDE_FTE=1 + fi export LIBRARY_PATH="$INSTDIR/lib" export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 export FAKETIME=$REFERENCE_DATETIME @@ -68,10 +81,15 @@ script: | sudo dpkg -i *.deb tar xaf multiarch-darwin*tar.xz export PATH="$PATH:$HOME/build/apple-osx/bin/" - unzip -d $INSTDIR gmp-mac64-utils.zip - unzip -d $INSTDIR openssl-mac64-utils.zip - # FTE only needs libgmp.10.dylib and no libgmpxx anymore. - cp $INSTDIR/gmp/lib/libgmp.10.dylib $TBDIR/Tor/ + if [ "z$INCLUDE_FTE" = "z1" ]; then + unzip -d $INSTDIR gmp-mac64-utils.zip + unzip -d $INSTDIR openssl-mac64-utils.zip + # FTE only needs libgmp.10.dylib and no libgmpxx anymore. + cp $INSTDIR/gmp/lib/libgmp.10.dylib $TORBINDIR/ + FTE_EXTRA_CFLAGS=" -I$INSTDIR/gmp/include -L$INSTDIR/gmp/lib" + else + FTE_EXTRA_CFLAGS="" + fi # export AR=$HOME/build/apple-osx/bin/i686-apple-darwin11-ar @@ -80,8 +98,8 @@ script: | # http://bugs.python.org/issue9437 export LDSHARED="$CC -pthread -shared" # XXX Clean up these flags? - export CFLAGS="-m64 -I/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/include/ -I/usr/lib/gcc/i686-apple-darwin10/4.2.1/include/ -I. -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5 -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/i686-apple-darwin10/4.2.1 -I$INSTDIR/gmp/include -L$INSTDIR/gmp/lib" - export CXXFLAGS="-m64 -I/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/include/ -I/usr/lib/gcc/i686-apple-darwin10/4.2.1/include/ -I. -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5 -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/i686-apple-darwin10/4.2.1 -I$INSTDIR/gmp/include -L$INSTDIR/gmp/lib" + export CFLAGS="-m64 -I/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/include/ -I/usr/lib/gcc/i686-apple-darwin10/4.2.1/include/ -I. -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5 -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/i686-apple-darwin10/4.2.1$FTE_EXTRA_CFLAGS" + export CXXFLAGS="-m64 -I/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/include/ -I/usr/lib/gcc/i686-apple-darwin10/4.2.1/include/ -I. -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5 -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/i686-apple-darwin10/4.2.1$FTE_EXTRA_CFLAGS" export LDFLAGS="-L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5" # Building go @@ -100,6 +118,8 @@ script: | cd ../.. export PATH="$PATH:$PWD/go/bin" + if [ "z$INCLUDE_FTE" = "z1" ]; then + # Building pyptlib cd pyptlib find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" @@ -179,8 +199,8 @@ script: | python setup.py build --build-lib build cp -a build/obfsproxy $PTDIR/ cp -a bin/obfsproxy $PTDIR/obfsproxy.bin - mkdir -p $TBDIR/Docs/Obfsproxy - cp -a {LICENSE,README} $TBDIR/Docs/Obfsproxy + mkdir -p $DOCSDIR/Obfsproxy + cp -a {LICENSE,README} $DOCSDIR/Obfsproxy # XXX: Workaround for bug 11190 sed 's/python2/python/' -i $PTDIR/obfsproxy.bin cd .. @@ -190,9 +210,9 @@ script: | find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" CFLAGS="-L$INSTDIR/Tor -I$INSTDIR/gmp/include $CFLAGS" CXXFLAGS="-L$INSTDIR/Tor -I$INSTDIR/gmp/include $CXXFLAGS" make cp -ra fte $PTDIR/ - mkdir -p $TBDIR/Docs/libfte - cp -a {LICENSE,README.md} $TBDIR/Docs/libfte - cp -an thirdparty/re2/LICENSE $TBDIR/Docs/libfte/LICENSE.re2 + mkdir -p $DOCSDIR/libfte + cp -a {LICENSE,README.md} $DOCSDIR/libfte + cp -an thirdparty/re2/LICENSE $DOCSDIR/libfte/LICENSE.re2 cd .. # Building fteproxy @@ -200,10 +220,13 @@ script: | find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" cp -a bin/fteproxy $PTDIR/fteproxy.bin cp -ra fteproxy $PTDIR/ - mkdir -p $TBDIR/Docs/fteproxy - cp -a {COPYING,README.md} $TBDIR/Docs/fteproxy + mkdir -p $DOCSDIR/fteproxy + cp -a {COPYING,README.md} $DOCSDIR/fteproxy cd .. + fi + # end of 'INCLUDE_FTE' section + # Building goptlib cd goptlib find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" @@ -225,8 +248,8 @@ script: | go build -ldflags '-s' cp -a meek-client-torbrowser $PTDIR cd .. - mkdir -p $TBDIR/Docs/meek - cp -a README doc/*.1 $TBDIR/Docs/meek + mkdir -p $DOCSDIR/meek + cp -a README doc/*.1 $DOCSDIR/meek cd .. # Building go ed25519 diff --git a/gitian/descriptors/mac/gitian-tor.yml b/gitian/descriptors/mac/gitian-tor.yml index a6824c0..bbcf8c3 100644 --- a/gitian/descriptors/mac/gitian-tor.yml +++ b/gitian/descriptors/mac/gitian-tor.yml @@ -22,8 +22,15 @@ files: - "libevent-mac64-utils.zip" script: | INSTDIR="$HOME/install" - TBDIR="$INSTDIR/TorBrowserBundle.app/TorBrowser" source versions + TBDIR="$INSTDIR/TorBrowserBundle.app" + if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then + TORBINDIR="$TBDIR/Contents/MacOS/Tor" + TORCONFIGDIR="$TBDIR/Contents/Resources/TorBrowser/Tor" + else + TORBINDIR="$TBDIR/TorBrowser/Tor" + TORCONFIGDIR="$TBDIR/TorBrowser/Data/Tor" + fi export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 export FAKETIME=$REFERENCE_DATETIME export TZ=UTC @@ -31,8 +38,8 @@ script: | umask 0022 # mkdir -p $INSTDIR/bin/ - mkdir -p $TBDIR/Tor/ - mkdir -p $TBDIR/Data/Tor/ + mkdir -p $TORBINDIR/ + mkdir -p $TORCONFIGDIR/ mkdir -p $OUTDIR/ # sudo dpkg -i *.deb @@ -40,7 +47,7 @@ script: | export PATH="$PATH:$HOME/build/apple-osx/bin/" unzip -d $INSTDIR openssl-mac64-utils.zip unzip -d $INSTDIR libevent-mac64-utils.zip - cp $INSTDIR/libevent/lib/libevent-*.dylib $TBDIR/Tor/ + cp $INSTDIR/libevent/lib/libevent-*.dylib $TORBINDIR/ LIBEVENT_FILE=`basename $INSTDIR/libevent/lib/libevent-*.dylib` # Building tor @@ -57,10 +64,10 @@ script: | make $MAKEOPTS make install cd $INSTDIR - cp bin/tor $TBDIR/Tor/ - cp share/tor/geoip $TBDIR/Data/Tor/ - cp share/tor/geoip6 $TBDIR/Data/Tor/ - cd $TBDIR/Tor/ + cp bin/tor $TORBINDIR/ + cp share/tor/geoip $TORCONFIGDIR/ + cp share/tor/geoip6 $TORCONFIGDIR/ + cd $TORBINDIR/ i686-apple-darwin11-install_name_tool -change $INSTDIR/libevent/lib/$LIBEVENT_FILE @executable_path/$LIBEVENT_FILE tor # Grabbing the result diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh index 39dac5f..682e02f 100755 --- a/gitian/mkbundle-mac.sh +++ b/gitian/mkbundle-mac.sh @@ -55,15 +55,45 @@ rm -f $GITIAN_DIR/inputs/tbb-docs.zip $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/tbb-docs.zip ./Docs/ rm -f $GITIAN_DIR/inputs/TorBrowser.app.meek-http-helper.zip (cd PTConfigs/mac && $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/TorBrowser.app.meek-http-helper.zip TorBrowser.app.meek-http-helper) -cp PTConfigs/mac/torrc-defaults-appendix $GITIAN_DIR/inputs/torrc-defaults-appendix-mac -cp PTConfigs/bridge_prefs.js $GITIAN_DIR/inputs/ +if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then +# FTE is temporarily disabled due to bug 18495. + grep -v 'fteproxy' PTConfigs/mac/torrc-defaults-appendix > $GITIAN_DIR/inputs/torrc-defaults-appendix-mac + grep -v 'default_bridge\.fte' PTConfigs/bridge_prefs.js > $GITIAN_DIR/inputs/bridge_prefs.js +else + cp PTConfigs/mac/torrc-defaults-appendix $GITIAN_DIR/inputs/torrc-defaults-appendix-mac + cp PTConfigs/bridge_prefs.js $GITIAN_DIR/inputs/ +fi cp PTConfigs/meek-http-helper-user.js $GITIAN_DIR/inputs/ cp mac-tor.sh $GITIAN_DIR/inputs/ -cd mac rm -f $GITIAN_DIR/inputs/mac-skeleton.zip -$WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/mac-skeleton.zip . -cd ../mac-desktop.dmg +if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then + # The Bundle-Data is designed for embedded data, so we need to modify + # the structure when we want the data to be outside the app directory. + # We also create an override.ini file to disable the profile migrator. + SKELETON_TMP=$GITIAN_DIR/inputs/mac-skeleton-tmp + SKELETON_TMP_RESOURCES=$SKELETON_TMP/Contents/Resources + rm -rf $SKELETON_TMP + mkdir -p $SKELETON_TMP_RESOURCES/browser + echo "[XRE]" > $SKELETON_TMP_RESOURCES/browser/override.ini + echo "EnableProfileMigrator=0" >> $SKELETON_TMP_RESOURCES/browser/override.ini + mkdir -p $SKELETON_TMP_RESOURCES/distribution/preferences + cp -p mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js $SKELETON_TMP_RESOURCES/distribution/preferences + mkdir -p $SKELETON_TMP_RESOURCES/TorBrowser/Tor + cp -p mac/TorBrowser/Data/Tor/torrc-defaults $SKELETON_TMP_RESOURCES/TorBrowser/Tor/ + # Place a copy of the bookmarks.html file at the top. It will be moved into + # browser/omni.ja by code inside descriptors/mac/gitian-bundle.yml + cp -p mac/TorBrowser/Data/Browser/profile.default/bookmarks.html $SKELETON_TMP + cd $SKELETON_TMP + $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/mac-skeleton.zip . + cd - +else + cd mac + $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/mac-skeleton.zip . + cd - +fi + +cd mac-desktop.dmg rm -f $GITIAN_DIR/inputs/dmg-desktop.tar.xz $WRAPPER_DIR/build-helpers/dtar.sh $GITIAN_DIR/inputs/dmg-desktop.tar.xz . cd ../mac-applications.dmg diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 4c6f016..06584b4 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -5,6 +5,9 @@ BUNDLE_LOCALES_WIN32="ja" BUNDLE_LOCALES_MAC="ja-JP-mac" BUILD_PT_BUNDLES=1 +# DATA_OUTSIDE_APP_DIR is only implemented for Mac OS. +DATA_OUTSIDE_APP_DIR=1 + VERIFY_TAGS=1 FIREFOX_VERSION=38.7.1esr

1 0

[tor-browser-bundle/master] Bug 18455: modify Tor Browser packaging to avoid language prompt.
by gk＠torproject.org 19 Mar '16

19 Mar '16

commit fef35058f76c5605fd631ff86f65adfa9bb78be7 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Fri Mar 18 15:03:55 2016 -0400 Bug 18455: modify Tor Browser packaging to avoid language prompt. When not building a multi-lingual bundle, disable Tor Launcher's language prompt by appending these two preference values to the extension-overrides.js file: intl.locale.matchOS = false extensions.torlauncher.prompt_for_locale = false --- gitian/descriptors/linux/gitian-bundle.yml | 8 +++++++- gitian/descriptors/mac/gitian-bundle.yml | 5 +++++ gitian/descriptors/windows/gitian-bundle.yml | 8 +++++++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml index 28e94b4..28bd006 100644 --- a/gitian/descriptors/linux/gitian-bundle.yml +++ b/gitian/descriptors/linux/gitian-bundle.yml @@ -159,12 +159,18 @@ script: | unzip ~/build/tor-linux$GBUILD_BITS-gbuilt.zip unzip ~/build/linux-skeleton.zip unzip ~/build/tbb-docs.zip + EXTOVERRIDESPATH=Data/Browser/profile.default/preferences/extension-overrides.js if [ $BUILD_PT_BUNDLES ]; then unzip ~/build/pluggable-transports-linux$GBUILD_BITS-gbuilt.zip cat ~/build/torrc-defaults-appendix-linux >> Data/Tor/torrc-defaults - cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js + cat ~/build/bridge_prefs.js >> $EXTOVERRIDESPATH cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js fi + # If not building a multi-lingual package, suppress the language prompt. + if [ "z$MULTI_LINGUAL" != "z1" ]; then + echo 'pref("extensions.torlauncher.prompt_for_locale", false);' >> $EXTOVERRIDESPATH + echo 'pref("intl.locale.matchOS", false);' >> $EXTOVERRIDESPATH + fi chmod 700 Data/Browser chmod 700 Data/Tor cd ../../.. diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index aa6a09d..a7ef7bc 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -180,6 +180,11 @@ script: | cat ~/build/bridge_prefs.js >> $EXTOVERRIDESPATH cat ~/build/meek-http-helper-user.js >> $MEEKPROFILEPATH/user.js fi + # If not building a multi-lingual package, suppress the language prompt. + if [ "z$MULTI_LINGUAL" != "z1" ]; then + echo 'pref("extensions.torlauncher.prompt_for_locale", false);' >> $EXTOVERRIDESPATH + echo 'pref("intl.locale.matchOS", false);' >> $EXTOVERRIDESPATH + fi # Install a "tor" shim that sets the working directory. See #10030. mv $TORBINPATH/tor $TORBINPATH/tor.real if [ "z$DATA_OUTSIDE_APP_DIR" = "z1" ]; then diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml index 51565bf..5a165a7 100644 --- a/gitian/descriptors/windows/gitian-bundle.yml +++ b/gitian/descriptors/windows/gitian-bundle.yml @@ -140,12 +140,18 @@ script: | unzip ~/build/tor-win32-gbuilt.zip unzip ~/build/windows-skeleton.zip unzip ~/build/tbb-docs.zip + EXTOVERRIDESPATH=Data/Browser/profile.default/preferences/extension-overrides.js if [ $BUILD_PT_BUNDLES ]; then unzip ~/build/pluggable-transports-win32-gbuilt.zip cat ~/build/torrc-defaults-appendix-windows >> Data/Tor/torrc-defaults - cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js + cat ~/build/bridge_prefs.js >> $EXTOVERRIDESPATH cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js fi + # If not building a multi-lingual package, suppress the language prompt. + if [ "z$MULTI_LINGUAL" != "z1" ]; then + echo 'pref("extensions.torlauncher.prompt_for_locale", false);' >> $EXTOVERRIDESPATH + echo 'pref("intl.locale.matchOS", false);' >> $EXTOVERRIDESPATH + fi cd ../../.. # # Copy reproducibility info

1 0

[tor-launcher/master] Bug 13252 - Do not store data in the app bundle
by gk＠torproject.org 19 Mar '16

19 Mar '16

commit 64d3139e72587372223d0795ca715991d7423adb Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Mon Mar 14 11:15:43 2016 -0400 Bug 13252 - Do not store data in the app bundle Add support for a "side-by-side" directory structure where the writable data is stored in the TorBrowser-Data/ directory next to the application directory. --- src/chrome/locale/en/torlauncher.properties | 6 +- src/components/tl-process.js | 232 +++++++++++++++++++++------- src/defaults/preferences/prefs.js | 9 +- 3 files changed, 184 insertions(+), 63 deletions(-) diff --git a/src/chrome/locale/en/torlauncher.properties b/src/chrome/locale/en/torlauncher.properties index 02be756..0ef4437 100644 --- a/src/chrome/locale/en/torlauncher.properties +++ b/src/chrome/locale/en/torlauncher.properties @@ -1,4 +1,4 @@ -### Copyright (c) 2014, The Tor Project, Inc. +### Copyright (c) 2016, The Tor Project, Inc. ### See LICENSE for licensing information. torlauncher.error_title=Tor Launcher @@ -13,8 +13,8 @@ torlauncher.tor_bootstrap_failed_details=%1$S failed (%2$S). torlauncher.unable_to_start_tor=Unable to start Tor.\n\n%S torlauncher.tor_missing=The Tor executable is missing. -torlauncher.torrc_missing=The torrc file is missing. -torlauncher.datadir_missing=The Tor data directory does not exist. +torlauncher.torrc_missing=The torrc file is missing and could not be created. +torlauncher.datadir_missing=The Tor data directory does not exist and could not be created. torlauncher.password_hash_missing=Failed to get hashed password. torlauncher.failed_to_get_settings=Unable to retrieve Tor settings.\n\n%S diff --git a/src/components/tl-process.js b/src/components/tl-process.js index bb327dc..ccbee12 100644 --- a/src/components/tl-process.js +++ b/src/components/tl-process.js @@ -1,4 +1,4 @@ -// Copyright (c) 2015, The Tor Project, Inc. +// Copyright (c) 2016, The Tor Project, Inc. // See LICENSE for licensing information. // // vim: set sw=2 sts=2 ts=8 et syntax=javascript: @@ -16,6 +16,8 @@ XPCOMUtils.defineLazyModuleGetter(this, "TorLauncherUtil", "resource://torlauncher/modules/tl-util.jsm"); XPCOMUtils.defineLazyModuleGetter(this, "TorLauncherLogger", "resource://torlauncher/modules/tl-logger.jsm"); +XPCOMUtils.defineLazyModuleGetter(this, "FileUtils", + "resource://gre/modules/FileUtils.jsm"); function TorProcessService() { @@ -287,7 +289,11 @@ TorProcessService.prototype = mProtocolSvc: null, mTorProcess: null, // nsIProcess mTorProcessStartTime: null, // JS Date.now() - mTorFileBaseDir: null, // nsIFile (cached) + // mIsUserDataOutsideOfAppDir is true when TorBrowser-Data is used. + // (cached; access via this._isUserDataOutsideOfAppDir) + mIsUserDataOutsideOfAppDir: undefined, + mAppDir: null, // nsIFile (cached; access via this._appDir) + mDataDir: null, // nsIFile (cached; access via this._dataDir) mControlConnTimer: null, mControlConnDelayMS: 0, mQuitSoon: false, // Quit was requested by the user; do so soon. @@ -305,10 +311,13 @@ TorProcessService.prototype = // Ideally, we would cd to the Firefox application directory before // starting tor (but we don't know how to do that). Instead, we // rely on the TBB launcher to start Firefox from the right place. - var exeFile = this._getTorFile("tor"); - var torrcFile = this._getTorFile("torrc"); - var torrcDefaultsFile = this._getTorFile("torrc-defaults"); - var dataDir = this._getTorFile("tordatadir"); + + // Get the Tor data directory first so it is created before we try to + // construct paths to files that will be inside it. + var dataDir = this._getTorFile("tordatadir", true); + var exeFile = this._getTorFile("tor", false); + var torrcFile = this._getTorFile("torrc", true); + var torrcDefaultsFile = this._getTorFile("torrc-defaults", false); var hashedPassword = this.mProtocolSvc.TorGetPassword(true); var detailsKey; @@ -331,11 +340,13 @@ TorProcessService.prototype = return; } - var geoipFile = dataDir.clone(); - geoipFile.append("geoip"); - var geoip6File = dataDir.clone(); - geoip6File.append("geoip6"); + // The geoip and geoip6 files are in the same directory as torrc-defaults. + var geoipFile = torrcDefaultsFile.clone(); + geoipFile.leafName = "geoip"; + + var geoip6File = torrcDefaultsFile.clone(); + geoip6File.leafName = "geoip6"; var args = []; if (torrcDefaultsFile) @@ -663,25 +674,65 @@ TorProcessService.prototype = }, // Returns an nsIFile. - // If file doesn't exist, null is returned. - _getTorFile: function(aTorFileType) + // If aCreate is true and the file doesn't exist, it is created. + _getTorFile: function(aTorFileType, aCreate) { if (!aTorFileType) return null; - var isRelativePath = true; - var prefName = "extensions.torlauncher." + aTorFileType + "_path"; - var path = TorLauncherUtil.getCharPref(prefName); + let isRelativePath = true; + let isUserData = (aTorFileType != "tor") && + (aTorFileType != "torrc-defaults"); + let prefName = "extensions.torlauncher." + aTorFileType + "_path"; + let path = TorLauncherUtil.getCharPref(prefName); if (path) { - var re = (TorLauncherUtil.isWindows) ? /^[A-Za-z]:\\/ : /^\//; + let re = (TorLauncherUtil.isWindows) ? /^[A-Za-z]:\\/ : /^\//; isRelativePath = !re.test(path); } else { // Get default path. - if (TorLauncherUtil.isWindows) + if (this._isUserDataOutsideOfAppDir) { + // This block is used for the TorBrowser-Data/ case. + if (TorLauncherUtil.isWindows) + { + if ("tor" == aTorFileType) + path = "TorBrowser\\Tor\\tor.exe"; + else if ("torrc-defaults" == aTorFileType) + path = "TorBrowser\\Tor\\torrc-defaults"; + else if ("torrc" == aTorFileType) + path = "Tor\\torrc"; + else if ("tordatadir" == aTorFileType) + path = "Tor"; + } + else if (TorLauncherUtil.isMac) + { + if ("tor" == aTorFileType) + path = "Contents/Resources/TorBrowser/Tor/tor"; + else if ("torrc-defaults" == aTorFileType) + path = "Contents/Resources/TorBrowser/Tor/torrc-defaults"; + else if ("torrc" == aTorFileType) + path = "Tor/torrc"; + else if ("tordatadir" == aTorFileType) + path = "Tor"; + } + else // Linux and others. + { + if ("tor" == aTorFileType) + path = "TorBrowser/Tor/tor"; + else if ("torrc-defaults" == aTorFileType) + path = "TorBrowser/Tor/torrc-defaults"; + else if ("torrc" == aTorFileType) + path = "Tor/torrc"; + else if ("tordatadir" == aTorFileType) + path = "Tor"; + } + } + else if (TorLauncherUtil.isWindows) + { + // This block is used for the non-TorBrowser-Data/ case. if ("tor" == aTorFileType) path = "Tor\\tor.exe"; else if ("torrc-defaults" == aTorFileType) @@ -693,6 +744,7 @@ TorProcessService.prototype = } else // Linux, Mac OS and others. { + // This block is also used for the non-TorBrowser-Data/ case. if ("tor" == aTorFileType) path = "Tor/tor"; else if ("torrc-defaults" == aTorFileType) @@ -700,7 +752,7 @@ TorProcessService.prototype = else if ("torrc" == aTorFileType) path = "Data/Tor/torrc"; else if ("tordatadir" == aTorFileType) - path = "Data/Tor/"; + path = "Data/Tor"; } } @@ -709,51 +761,20 @@ TorProcessService.prototype = try { - var f; + let f; if (isRelativePath) { - // Turn into an absolute path. - if (!this.mTorFileBaseDir) + // Turn 'path' into an absolute path. + if (this._isUserDataOutsideOfAppDir) { - var topDir; - var appInfo = Cc["@mozilla.org/xre/app-info;1"] - .getService(Ci.nsIXULAppInfo); - if (appInfo.ID == this.kThunderbirdID || appInfo.ID == this.kInstantbirdID) - { - topDir = Cc["@mozilla.org/file/directory_service;1"] - .getService(Ci.nsIProperties).get("CurProcD", Ci.nsIFile); - topDir.append("extensions"); - topDir.append(this.kTorLauncherExtPath); - } - else - { - // For Firefox, paths are relative to the top of the TBB install. - var tbbBrowserDepth = 0; // Windows and Linux - if (TorLauncherUtil.isAppVersionAtLeast("21.0")) - { - // In FF21+, CurProcD is the "browser" directory that is next to - // the firefox binary, e.g., <TorFileBaseDir>/Browser/browser - ++tbbBrowserDepth; - } - if (TorLauncherUtil.isMac) - tbbBrowserDepth += 2; - - topDir = Cc["@mozilla.org/file/directory_service;1"] - .getService(Ci.nsIProperties).get("CurProcD", Ci.nsIFile); - while (tbbBrowserDepth > 0) - { - var didRemove = (topDir.leafName != "."); - topDir = topDir.parent; - if (didRemove) - tbbBrowserDepth--; - } - } - - topDir.append("TorBrowser"); - this.mTorFileBaseDir = topDir; + let baseDir = isUserData ? this._dataDir : this._appDir; + f = baseDir.clone(); + } + else + { + f = this._appDir.clone(); + f.append("TorBrowser"); } - - f = this.mTorFileBaseDir.clone(); f.appendRelativePath(path); } else @@ -762,6 +783,22 @@ TorProcessService.prototype = f.initWithPath(path); } + if (!f.exists() && aCreate) + { + try + { + if ("tordatadir" == aTorFileType) + f.create(f.DIRECTORY_TYPE, FileUtils.PERMS_DIRECTORY); + else + f.create(f.NORMAL_FILE_TYPE, FileUtils.PERMS_FILE); + } + catch (e) + { + TorLauncherLogger.safelog(4, "unable to create " + f.path + ": ", e); + return null; + } + } + if (f.exists()) { try { f.normalize(); } catch(e) {} @@ -780,6 +817,83 @@ TorProcessService.prototype = return null; // File not found or error (logged above). }, // _getTorFile() + get _isUserDataOutsideOfAppDir() + { + if (this.mIsUserDataOutsideOfAppDir == undefined) + { + // Determine if we are using a "side-by-side" data model by checking + // for the existence of the TorBrowser-Data/ directory. + try + { + let f = this._appDir.parent; + f.append("TorBrowser-Data"); + this.mIsUserDataOutsideOfAppDir = f.exists() && f.isDirectory(); + } + catch (e) + { + this.mIsUserDataOutsideOfAppDir = false; + } + } + + return this.mIsUserDataOutsideOfAppDir; + }, // get _isUserDataOutsideOfAppDir + + // Returns an nsIFile that points to the application directory. + // May throw. + get _appDir() + { + if (!this.mAppDir) + { + let topDir = Cc["@mozilla.org/file/directory_service;1"] + .getService(Ci.nsIProperties).get("CurProcD", Ci.nsIFile); + let appInfo = Cc["@mozilla.org/xre/app-info;1"] + .getService(Ci.nsIXULAppInfo); + if ((appInfo.ID == this.kThunderbirdID) || + (appInfo.ID == this.kInstantbirdID)) + { + // For TorBirdy and Tor Messenger the Tor Launcher extension + // directory is returned. + topDir.append("extensions"); + topDir.append(this.kTorLauncherExtPath); + } + else // Tor Browser + { + // On Linux and Windows, we want to return the Browser/ directory. + // Because topDir ("CurProcD") points to Browser/browser on those + // platforms, we need to go up one level. + // On Mac OS, we want to return the TorBrowser.app/ directory. + // Because topDir points to Contents/Resources/browser on Mac OS, + // we need to go up 3 levels. + let tbbBrowserDepth = (TorLauncherUtil.isMac) ? 3 : 1; + while (tbbBrowserDepth > 0) + { + let didRemove = (topDir.leafName != "."); + topDir = topDir.parent; + if (didRemove) + tbbBrowserDepth--; + } + } + + this.mAppDir = topDir; + } + + return this.mAppDir; + }, // get _appDir + + // Returns an nsIFile that points to the TorBrowser-Data/ directory. + // May throw. + get _dataDir() + { + if (!this.mDataDir) + { + let f = this._appDir.parent.clone(); + f.append("TorBrowser-Data"); + this.mDataDir = f; + } + + return this.mDataDir; + }, // get _dataDir + _getpid: function() { // Use nsIXULRuntime.processID if it is available. diff --git a/src/defaults/preferences/prefs.js b/src/defaults/preferences/prefs.js index 3057f6a..2c0a95e 100644 --- a/src/defaults/preferences/prefs.js +++ b/src/defaults/preferences/prefs.js @@ -12,8 +12,15 @@ pref("extensions.torlauncher.control_port", 9151); pref("extensions.torlauncher.start_tor", true); pref("extensions.torlauncher.prompt_at_startup", true); -// All path prefs. are relative to the firefox executable's directory +// The tor_path is relative to the application directory. On Linux and +// Windows this is the Browser/ directory that contains the firefox +// executables, and on Mac OS it is the TorBrowser.app directory. pref("extensions.torlauncher.tor_path", ""); + +// The torrc_path and tordatadir_path are relative to the data directory, +// which is TorBrowser-Data/ if it exists as a sibling of the application +// directory. If TorBrowser-Data/ does not exist, these paths are relative +// to the TorBrowser/ directory within the application directory. pref("extensions.torlauncher.torrc_path", ""); pref("extensions.torlauncher.tordatadir_path", "");

1 0

[torbutton/master] Bug 13252: Do not store data in the app bundle
by gk＠torproject.org 19 Mar '16

19 Mar '16

commit ccf71174bcd6037560436280b93a7dfed84a7d3f Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Fri Mar 4 14:21:10 2016 -0500 Bug 13252: Do not store data in the app bundle Add profileMigrationFailed string that is used by Tor Browser. --- src/chrome/locale/en/torbutton.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/src/chrome/locale/en/torbutton.properties b/src/chrome/locale/en/torbutton.properties index 76c0c0d..67c630b 100644 --- a/src/chrome/locale/en/torbutton.properties +++ b/src/chrome/locale/en/torbutton.properties @@ -76,3 +76,4 @@ profileProblemTitle=%S Profile Problem profileReadOnly=You cannot run %S from a read-only file system. Please copy %S to another location before trying to use it. profileReadOnlyMac=You cannot run %S from a read-only file system. Please copy %S to your Desktop or Applications folder before trying to use it. profileAccessDenied=%S does not have permission to access the profile. Please adjust your file system permissions and try again. +profileMigrationFailed=Migration of your existing %S profile failed.\nNew settings will be used.

1 0

[tor-browser-bundle/master] Bumping nightly versions
by gk＠torproject.org 17 Mar '16

17 Mar '16

commit a5b4e622577749e596a536bda8c83d3eee751d90 Author: Georg Koppen <gk(a)torproject.org> Date: Thu Mar 17 12:41:46 2016 +0000 Bumping nightly versions --- gitian/versions.nightly | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/gitian/versions.nightly b/gitian/versions.nightly index b8af54d..1ce29a0 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -14,7 +14,7 @@ MULTI_LINGUAL=1 VERIFY_TAGS=0 -FIREFOX_VERSION=38.6.1esr +FIREFOX_VERSION=38.7.1esr TORBROWSER_UPDATE_CHANNEL=default @@ -45,7 +45,7 @@ NOTOFONTS_TAG=720e34851382ee3c1ef024d8dffb68ffbfb234c2 GITIAN_TAG=tor-browser-builder-3.x-9 -OPENSSL_VER=1.0.1q +OPENSSL_VER=1.0.1s GMP_VER=5.1.3 FIREFOX_LANG_VER=$FIREFOX_VERSION FIREFOX_LANG_BUILD=build1 @@ -65,7 +65,7 @@ GO_VER=1.4.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 -NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.3-fx+fn+sm.xpi +NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.4-fx+fn+sm.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz OSXSDK_PACKAGE=MacOSX10.7.sdk.tar.gz @@ -91,13 +91,13 @@ NOTOSCFONT_PACKAGE=NotoSansSC-Regular.otf NOTOTCFONT_PACKAGE=NotoSansTC-Regular.otf # Hashes for packages with weak sigs or no sigs -OPENSSL_HASH=b3658b84e9ea606a5ded3c972a5517cd785282e7ea86b20c78aa4b773a047fb7 +OPENSSL_HASH=e7e81d82f3cd538ab0cdba494006d44aab9dd96b7f6233ce9971fb7c7916d511 GMP_HASH=752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 OSXSDK_HASH=da77bb0003fcca5ea8c4e8cb2da8828ded750c54afdcac29ec6f3b46ad5e3adf OSXSDK_OLD_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 -NOSCRIPT_HASH=097298d5004c1f384f3af508cb1915921145f0f962e78c977a62f405bd7eb2d9 +NOSCRIPT_HASH=94d036ff45116023bde97e6dee6c79daf2d28804764bfa8937f5d4d3463173f5 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c ARGPARSE_HASH=ddaf4b0a618335a32b6664d4ae038a1de8fbada3b25033f9021510ed2b3941a4

1 0

[tor-browser-bundle/hardened-builds] Release preparations for 6.0a4-hardened
by gk＠torproject.org 17 Mar '16

17 Mar '16

commit 8faaef67a16356295d967879c071e7f196c6c91c Author: Georg Koppen <gk(a)torproject.org> Date: Thu Mar 17 08:43:39 2016 +0000 Release preparations for 6.0a4-hardened Changelog update, versions bump and config.yml update --- Bundle-Data/Docs/ChangeLog.txt | 7 +++++++ gitian/versions.alpha | 4 ++-- tools/update-responses/config.yml | 11 ++++++----- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 2278042..f348f23 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,3 +1,10 @@ +Tor Browser 6.0a4-hardened -- March 17 2016 + * All Platforms + * Update Firefox to 38.7.1esr + * Update Torbutton to 1.9.5.2 + * Bug 18557: Exempt Graphite from the Security Slider + * Bug 18536: Make Mosaddegh and MaBishomarim available on port 80 and 443 + Tor Browser 6.0a3-hardened -- March 8 * All Platforms * Update Firefox to 38.7.0esr diff --git a/gitian/versions.alpha b/gitian/versions.alpha index b46c736..71058ca 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -11,14 +11,14 @@ MULTI_LINGUAL=1 VERIFY_TAGS=1 -FIREFOX_VERSION=38.7.0esr +FIREFOX_VERSION=38.7.1esr TORBROWSER_UPDATE_CHANNEL=hardened TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-6.0-1-build1 TOR_TAG=tor-0.2.8.1-alpha TORLAUNCHER_TAG=0.2.8.3 -TORBUTTON_TAG=1.9.5.1 +TORBUTTON_TAG=1.9.5.2 HTTPSE_TAG=5.1.4 NSIS_TAG=v0.3.1 ZLIB_TAG=v1.2.8 diff --git a/tools/update-responses/config.yml b/tools/update-responses/config.yml index 2c9e0a8..ceaaf10 100644 --- a/tools/update-responses/config.yml +++ b/tools/update-responses/config.yml @@ -9,7 +9,7 @@ build_targets: osx32: Darwin_x86-gcc3 osx64: Darwin_x86_64-gcc3 channels: - hardened: 6.0a3-hardened + hardened: 6.0a4-hardened release: 5.0 versions: 5.0: @@ -23,12 +23,13 @@ versions: osx32: minSupportedOSVersion: 10.8 detailsURL: https://blog.torproject.org/blog/end-life-plan-tor-browser-32-bit-macs#upda… - 6.0a3-hardened: - platformVersion: 38.7.0 - detailsURL: https://blog.torproject.org/blog/tor-browser-60a3-hardened-released - download_url: https://www.torproject.org/dist/torbrowser/6.0a3-hardened + 6.0a4-hardened: + platformVersion: 38.7.1 + detailsURL: https://blog.torproject.org/blog/tor-browser-60a4-hardened-released + download_url: https://www.torproject.org/dist/torbrowser/6.0a4-hardened incremental_from: - 6.0a2-hardened + - 6.0a3-hardened migrate_archs: osx32: osx64 osx32:

1 0

[tor-browser-bundle/master] Release preparations for 6.0a4
by gk＠torproject.org 16 Mar '16

16 Mar '16

commit 1d354578562692b31ec99a17f0022740495a5229 Author: Georg Koppen <gk(a)torproject.org> Date: Wed Mar 16 08:42:30 2016 +0000 Release preparations for 6.0a4 Version bumps, update Changelog and config.yml --- Bundle-Data/Docs/ChangeLog.txt | 7 +++++++ gitian/versions.alpha | 4 ++-- tools/update-responses/config.yml | 11 ++++++----- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 4406c3d..3b3cfd8 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,3 +1,10 @@ +Tor Browser 6.0a4 -- March 17 2016 + * All Platforms + * Update Firefox to 38.7.1esr + * Update Torbutton to 1.9.5.2 + * Bug 18557: Exempt Graphite from the Security Slider + * Bug 18536: Make Mosaddegh and MaBishomarim available on port 80 and 443 + Tor Browser 6.0a3-hardened -- March 8 * All Platforms * Update Firefox to 38.7.0esr diff --git a/gitian/versions.alpha b/gitian/versions.alpha index f94ad7a..4c6f016 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -7,14 +7,14 @@ BUILD_PT_BUNDLES=1 VERIFY_TAGS=1 -FIREFOX_VERSION=38.7.0esr +FIREFOX_VERSION=38.7.1esr TORBROWSER_UPDATE_CHANNEL=alpha TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-6.0-1-build1 TOR_TAG=tor-0.2.8.1-alpha TORLAUNCHER_TAG=0.2.9 -TORBUTTON_TAG=1.9.5.1 +TORBUTTON_TAG=1.9.5.2 HTTPSE_TAG=5.1.4 NSIS_TAG=v0.3.1 ZLIB_TAG=v1.2.8 diff --git a/tools/update-responses/config.yml b/tools/update-responses/config.yml index a28f18a..69e9a2c 100644 --- a/tools/update-responses/config.yml +++ b/tools/update-responses/config.yml @@ -9,7 +9,7 @@ build_targets: osx32: Darwin_x86-gcc3 osx64: Darwin_x86_64-gcc3 channels: - alpha: 6.0a3 + alpha: 6.0a4 release: 5.5 versions: 5.5: @@ -23,12 +23,13 @@ versions: osx32: minSupportedOSVersion: 10.8 detailsURL: https://blog.torproject.org/blog/end-life-plan-tor-browser-32-bit-macs#upda… - 6.0a3: - platformVersion: 38.7.0 - detailsURL: https://blog.torproject.org/blog/tor-browser-60a3-released - download_url: https://www.torproject.org/dist/torbrowser/6.0a3 + 6.0a4: + platformVersion: 38.7.1 + detailsURL: https://blog.torproject.org/blog/tor-browser-60a4-released + download_url: https://www.torproject.org/dist/torbrowser/6.0a4 incremental_from: - 6.0a2 + - 6.0a3 migrate_archs: osx32: osx64 osx32:

1 0

[tor-browser-bundle/master] Fold in hardened and stable changelogs
by gk＠torproject.org 16 Mar '16

16 Mar '16

commit b46771b83650736053e566d7c68dfe30a9333f08 Author: Georg Koppen <gk(a)torproject.org> Date: Wed Mar 16 08:39:41 2016 +0000 Fold in hardened and stable changelogs --- Bundle-Data/Docs/ChangeLog.txt | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index fcee2bb..4406c3d 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,3 +1,23 @@ +Tor Browser 6.0a3-hardened -- March 8 + * All Platforms + * Update Firefox to 38.7.0esr + * Update Tor to 0.2.8.1-alpha + * Update OpenSSL to 1.0.1s + * Update NoScript to 2.9.0.4 + * Update HTTPS Everywhere to 5.1.4 + * Update Torbutton to 1.9.5.1 + * Bug 16990: Don't mishandle multiline commands + * Bug 18144: about:tor update arrow position is wrong + * Bug 16725: Allow resizing with non-default homepage + * Bug 16917: Allow users to more easily set a non-tor SSH proxy + * Translation updates + * Bug 18030: Isolate favicon requests on Page Info dialog + * Bug 18297: Use separate Noto JP,KR,SC,TC fonts + * Bug 18170: Make sure the homepage is shown after an update as well + * Bug 16728: Add test cases for favicon isolation + * Windows + * Bug 18292: Disable staged updates on Windows + Tor Browser 6.0a3 -- March 8 * All Platforms * Update Firefox to 38.7.0esr @@ -18,6 +38,23 @@ Tor Browser 6.0a3 -- March 8 * Windows * Bug 18292: Disable staged updates on Windows +Tor Browser 5.5.3 -- March 8 2016 + * All Platforms + * Update Firefox to 38.7.0esr + * Update OpenSSL to 1.0.1s + * Update NoScript to 2.9.0.4 + * Update HTTPS Everywhere to 5.1.4 + * Update Torbutton to 1.9.4.4 + * Bug 16990: Don't mishandle multiline commands + * Bug 18144: about:tor update arrow position is wrong + * Bug 16725: Allow resizing with non-default homepage + * Translation updates + * Bug 18030: Isolate favicon requests on Page Info dialog + * Bug 18297: Use separate Noto JP,KR,SC,TC fonts + * Bug 18170: Make sure the homepage is shown after an update as well + * Windows + * Bug 18292: Disable staged updates on Windows + Tor Browser 6.0a2-hardened -- February 15 2016 * All Platforms * Update Firefox to 38.6.1esr

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

tbb-commits