- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Bug 40925: Implemented the Security Level component
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: f6fce359 by Pier Angelo Vendrame at 2024-09-03T19:15:29+00:00 fixup! Bug 40925: Implemented the Security Level component Bug 42617: Use DDG's plain HTML variant on Safest. Between 115 and 128 we lost the engine parameter, so we are not given the search engine's ID anymore. So, switch to comparing the hostname instead. - - - - - 1 changed file: - toolkit/components/search/SearchEngine.sys.mjs Changes: ===================================== toolkit/components/search/SearchEngine.sys.mjs ===================================== @@ -12,6 +12,7 @@ ChromeUtils.defineESModuleGetters(lazy, { NimbusFeatures: "resource://nimbus/ExperimentAPI.sys.mjs", SearchSettings: "resource://gre/modules/SearchSettings.sys.mjs", SearchUtils: "resource://gre/modules/SearchUtils.sys.mjs", + SecurityLevelPrefs: "resource://gre/modules/SecurityLevel.sys.mjs", OpenSearchEngine: "resource://gre/modules/OpenSearchEngine.sys.mjs", }); @@ -439,6 +440,26 @@ export class EngineURL { */ getSubmission(searchTerms, queryCharset, purpose) { var url = ParamSubstitution(this.template, searchTerms, queryCharset); + + if ( + lazy.SecurityLevelPrefs?.securityLevel === "safest" && + this.type === lazy.SearchUtils.URL_TYPE.SEARCH + ) { + let host = this.templateHost; + try { + host = Services.eTLD.getBaseDomainFromHost(host); + } catch (ex) { + lazy.logConsole.warn("Failed to get a FPD", ex, host); + } + if ( + host === "duckduckgo.com" || + host === + "duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion" + ) { + url += "html"; + } + } + // Default to searchbar if the purpose is not provided var requestPurpose = purpose || "searchbar"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f6fce35… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f6fce35… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] fixup! Bug 40925: Implemented the Security Level component
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: cf748728 by Pier Angelo Vendrame at 2024-09-03T19:12:17+00:00 fixup! Bug 40925: Implemented the Security Level component Bug 42617: Use DDG's plain HTML variant on Safest. Between 115 and 128 we lost the engine parameter, so we are not given the search engine's ID anymore. So, switch to comparing the hostname instead. - - - - - 1 changed file: - toolkit/components/search/SearchEngine.sys.mjs Changes: ===================================== toolkit/components/search/SearchEngine.sys.mjs ===================================== @@ -12,6 +12,7 @@ ChromeUtils.defineESModuleGetters(lazy, { NimbusFeatures: "resource://nimbus/ExperimentAPI.sys.mjs", SearchSettings: "resource://gre/modules/SearchSettings.sys.mjs", SearchUtils: "resource://gre/modules/SearchUtils.sys.mjs", + SecurityLevelPrefs: "resource://gre/modules/SecurityLevel.sys.mjs", OpenSearchEngine: "resource://gre/modules/OpenSearchEngine.sys.mjs", }); @@ -439,6 +440,26 @@ export class EngineURL { */ getSubmission(searchTerms, queryCharset, purpose) { var url = ParamSubstitution(this.template, searchTerms, queryCharset); + + if ( + lazy.SecurityLevelPrefs?.securityLevel === "safest" && + this.type === lazy.SearchUtils.URL_TYPE.SEARCH + ) { + let host = this.templateHost; + try { + host = Services.eTLD.getBaseDomainFromHost(host); + } catch (ex) { + lazy.logConsole.warn("Failed to get a FPD", ex, host); + } + if ( + host === "duckduckgo.com" || + host === + "duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion" + ) { + url += "html"; + } + } + // Default to searchbar if the purpose is not provided var requestPurpose = purpose || "searchbar"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/cf74872… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/cf74872… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 52751687 by Morgan at 2024-09-03T18:51:16+00:00 fixup! Firefox preference overrides. added comment about disabling webcompat reporter - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -292,6 +292,8 @@ pref("browser.preferences.moreFromMozilla", false); // Disable the screenshot menu when right-clicking (Bug #40912 and #40007) pref("extensions.screenshots.disabled", true); + +// Disable webcompat reporter pref("extensions.webcompat-reporter.enabled", false); // Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867) View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/527… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/527… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 7af0953f by Morgan at 2024-09-03T18:50:32+00:00 fixup! Firefox preference overrides. added comment about disabling webcompat reporter - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -292,6 +292,8 @@ pref("browser.preferences.moreFromMozilla", false); // Disable the screenshot menu when right-clicking (Bug #40912 and #40007) pref("extensions.screenshots.disabled", true); + +// Disable webcompat reporter pref("extensions.webcompat-reporter.enabled", false); // Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7af0953… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7af0953… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 9f472cf0 by Morgan at 2024-09-03T18:49:42+00:00 fixup! Firefox preference overrides. added comment about disabling webcompat reporter - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -292,6 +292,8 @@ pref("browser.preferences.moreFromMozilla", false); // Disable the screenshot menu when right-clicking (Bug #40912 and #40007) pref("extensions.screenshots.disabled", true); + +// Disable webcompat reporter pref("extensions.webcompat-reporter.enabled", false); // Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9f472cf… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9f472cf… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] 3 commits: fixup! MB 234: Disable OS spoofing in HTTP User-Agent.
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 0fb56325 by Morgan at 2024-09-03T18:31:58+00:00 fixup! MB 234: Disable OS spoofing in HTTP User-Agent. - - - - - f05617a0 by Pier Angelo Vendrame at 2024-09-03T18:32:13+00:00 Bug 42647: Make OS HTTP User-Agent OS spoofing configurable by pref This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - ff3f38f0 by Morgan at 2024-09-03T18:34:37+00:00 fixup! MB 38: Mullvad Browser configuration - - - - - 0 changed files: Changes: View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/45… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/45… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] Bug 42647: Make OS HTTP User-Agent OS spoofing configurable by pref
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: fbb66fd9 by Pier Angelo Vendrame at 2024-09-03T18:29:34+00:00 Bug 42647: Make OS HTTP User-Agent OS spoofing configurable by pref This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - 2 changed files: - netwerk/protocol/http/nsHttpHandler.cpp - toolkit/components/resistfingerprinting/nsRFPService.cpp Changes: ===================================== netwerk/protocol/http/nsHttpHandler.cpp ===================================== @@ -482,6 +482,9 @@ nsresult nsHttpHandler::Init() { // obsService->AddObserver(this, "net:failed-to-process-uri-content", true); } + Preferences::AddWeakObserver( + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns); + MakeNewRequestTokenBucket(); mWifiTickler = new Tickler(); if (NS_FAILED(mWifiTickler->Init())) mWifiTickler = nullptr; @@ -2105,6 +2108,9 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, // Inform nsIOService that network is tearing down. gIOService->SetHttpHandlerAlreadyShutingDown(); + Preferences::RemoveObserver( + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns); + ShutdownConnectionManager(); // need to reset the session start time since cache validation may @@ -2227,6 +2233,11 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, ShutdownConnectionManager(); mConnMgr = nullptr; Unused << InitConnectionMgr(); + } else if (!strcmp(topic, "nsPref:changed") && + !NS_strcmp( + data, + u"privacy.resistFingerprinting.spoofOsInUserAgentHeader")) { + nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent, true); } return NS_OK; ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -904,12 +904,17 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent + const bool spoofOs = + isForHTTPHeader && + Preferences::GetBool( + "privacy.resistFingerprinting.spoofOsInUserAgentHeader", true); + // These magic numbers are the lengths of the UA string literals below. // Assume three-digit Firefox version numbers so we have room to grow. size_t preallocatedLength = 13 + - (isForHTTPHeader ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS) - : mozilla::ArrayLength(SPOOFED_UA_OS)) - + (spoofOs ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS) + : mozilla::ArrayLength(SPOOFED_UA_OS)) - 1 + 5 + 3 + 10 + mozilla::ArrayLength(LEGACY_UA_GECKO_TRAIL) - 1 + 9 + 3 + 2; userAgent.SetCapacity(preallocatedLength); @@ -917,7 +922,7 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, // "Mozilla/5.0 (%s; rv:%d.0) Gecko/%d Firefox/%d.0" userAgent.AssignLiteral("Mozilla/5.0 ("); - if (isForHTTPHeader) { + if (spoofOs) { userAgent.AppendLiteral(SPOOFED_HTTP_UA_OS); } else { userAgent.AppendLiteral(SPOOFED_UA_OS); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fbb66fd… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fbb66fd… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] 2 commits: Bug 42647: Make OS HTTP User-Agent OS spoofing configurable by pref
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 7212e70e by Pier Angelo Vendrame at 2024-09-03T17:37:00+00:00 Bug 42647: Make OS HTTP User-Agent OS spoofing configurable by pref This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - fd5b26f4 by Morgan at 2024-09-03T17:38:32+00:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js set privacy.resistFingerprinting.spoofOsInUserAgentHeader to true for now - - - - - 3 changed files: - browser/app/profile/000-tor-browser.js - netwerk/protocol/http/nsHttpHandler.cpp - toolkit/components/resistfingerprinting/nsRFPService.cpp Changes: ===================================== browser/app/profile/000-tor-browser.js ===================================== @@ -52,6 +52,10 @@ pref("network.http.connection-retry-timeout", 0); // be reduced to the strictly required time). pref("extensions.torbutton.use_nontor_proxy", false); +// tor-browser#42647: Make OS HTTP User-Agent OS spoofing configurable by pref +// TODO: flip to false when we're happy this is not a privacy issue +pref("privacy.resistFingerprinting.spoofOsInUserAgentHeader", true); + // Browser home page: pref("browser.startup.homepage", "about:tor"); ===================================== netwerk/protocol/http/nsHttpHandler.cpp ===================================== @@ -482,6 +482,9 @@ nsresult nsHttpHandler::Init() { // obsService->AddObserver(this, "net:failed-to-process-uri-content", true); } + Preferences::AddWeakObserver( + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns); + MakeNewRequestTokenBucket(); mWifiTickler = new Tickler(); if (NS_FAILED(mWifiTickler->Init())) mWifiTickler = nullptr; @@ -2105,6 +2108,9 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, // Inform nsIOService that network is tearing down. gIOService->SetHttpHandlerAlreadyShutingDown(); + Preferences::RemoveObserver( + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns); + ShutdownConnectionManager(); // need to reset the session start time since cache validation may @@ -2227,6 +2233,11 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, ShutdownConnectionManager(); mConnMgr = nullptr; Unused << InitConnectionMgr(); + } else if (!strcmp(topic, "nsPref:changed") && + !NS_strcmp( + data, + u"privacy.resistFingerprinting.spoofOsInUserAgentHeader")) { + nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent, true); } return NS_OK; ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -904,12 +904,17 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent + const bool spoofOs = + isForHTTPHeader && + Preferences::GetBool( + "privacy.resistFingerprinting.spoofOsInUserAgentHeader", true); + // These magic numbers are the lengths of the UA string literals below. // Assume three-digit Firefox version numbers so we have room to grow. size_t preallocatedLength = 13 + - (isForHTTPHeader ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS) - : mozilla::ArrayLength(SPOOFED_UA_OS)) - + (spoofOs ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS) + : mozilla::ArrayLength(SPOOFED_UA_OS)) - 1 + 5 + 3 + 10 + mozilla::ArrayLength(LEGACY_UA_GECKO_TRAIL) - 1 + 9 + 3 + 2; userAgent.SetCapacity(preallocatedLength); @@ -917,7 +922,7 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, // "Mozilla/5.0 (%s; rv:%d.0) Gecko/%d Firefox/%d.0" userAgent.AssignLiteral("Mozilla/5.0 ("); - if (isForHTTPHeader) { + if (spoofOs) { userAgent.AppendLiteral(SPOOFED_HTTP_UA_OS); } else { userAgent.AppendLiteral(SPOOFED_UA_OS); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/7ec83a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/7ec83a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-bundle-testsuite][main] Update nightly build email list:
by boklm (＠boklm) 03 Sep '24

03 Sep '24

boklm pushed to branch main at The Tor Project / Applications / tor-browser-bundle-testsuite Commits: d52e9273 by Morgan at 2024-08-24T22:00:00+00:00 Update nightly build email list: - removed richard - added bea, clairehurst, jwilde, and morgan - - - - - 1 changed file: - config/tb-build-06.torproject.org Changes: ===================================== config/tb-build-06.torproject.org ===================================== @@ -49,12 +49,15 @@ my %res = ( 'email-subject' => '[build result: [% success ? "ok" : "failed" %]] [% options.name %]', 'email-report' => 1, 'email-to' => [ + 'bea(a)torproject.org', 'boklm(a)torproject.org', + 'clairehurst(a)torproject.org', 'dan(a)torproject.org', 'henry(a)torproject.org', + 'jwilde(a)torproject.org', 'ma1(a)torproject.org', + 'morgan(a)torproject.org', 'pierov(a)torproject.org', - 'richard(a)torproject.org', ], 'email-from' => 'Tor Browser Nightly Builds <tb-builder(a)tb-build-06.torproject.org>', 'test_post' => $run_rsync, View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-bundle-testsuite… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-bundle-testsuite… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.15.0esr-13.5-1] Revert "Add CI for Base Browser"
by Pier Angelo Vendrame (＠pierov) 03 Sep '24

03 Sep '24

Pier Angelo Vendrame pushed to branch mullvad-browser-115.15.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 78df92f5 by Beatriz Rizental at 2024-09-03T16:03:17+02:00 Revert "Add CI for Base Browser" This reverts commit 8a16305a6f2ee34e9e7fe7c0ce3f7edf407ebcc6. - - - - - 3 changed files: - − .gitlab-ci.yml - − .gitlab/ci/lint.yml - − .gitlab/ci/scripts/run_linters.py Changes: ===================================== .gitlab-ci.yml deleted ===================================== @@ -1,5 +0,0 @@ -stages: - - lint - -include: - - local: '.gitlab/ci/lint.yml' ===================================== .gitlab/ci/lint.yml deleted ===================================== @@ -1,319 +0,0 @@ -variables: - # This needs to be kept in sync with the max Python version accepted by ./mach - PYTHON_VERSION: "3.11.7" - -.base: - stage: lint - interruptible: true - variables: - PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip" - cache: - paths: - - node_modules - - .cache/pip - -eslint: - extends: .base - image: cimg/python:$PYTHON_VERSION-node - script: - - .gitlab/ci/scripts/run_linters.py eslint - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - # Files that are likely audited. - - '**/*.js' - - '**/*.jsm' - - '**/*.json' - - '**/*.jsx' - - '**/*.mjs' - - '**/*.sjs' - - '**/*.html' - - '**/*.xhtml' - - '**/*.xml' - - 'tools/lint/eslint.yml' - # Run when eslint policies change. - - '**/.eslintignore' - - '**/*eslintrc*' - # The plugin implementing custom checks. - - 'tools/lint/eslint/eslint-plugin-mozilla/**' - - 'tools/lint/eslint/eslint-plugin-spidermonkey-js/**' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -stylelint: - extends: .base - image: cimg/python:$PYTHON_VERSION-node - script: - - .gitlab/ci/scripts/run_linters.py stylelint - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - # Files that are likely audited. - - '**/*.css' - - 'tools/lint/styleint.yml' - # Run when stylelint policies change. - - '**/.stylelintignore' - - '**/*stylelintrc*' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -py-black: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py black - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - # The list of extensions should match tools/lint/black.yml - - '**/*.py' - - '**/moz.build' - - '**/*.configure' - - '**/*.mozbuild' - - 'pyproject.toml' - - 'tools/lint/black.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -py-ruff: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py ruff - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.py' - - '**/*.configure' - - '**/.ruff.toml' - - 'pyproject.toml' - - 'tools/lint/ruff.yml' - - 'tools/lint/python/ruff.py' - - 'tools/lint/python/ruff_requirements.txt' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -yaml: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py yaml - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.yml' - - '**/*.yaml' - - '**/.ymllint' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -shellcheck: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py shellcheck - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.sh' - - 'tools/lint/shellcheck.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -clang-format: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py clang-format - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.cpp' - - '**/*.c' - - '**/*.cc' - - '**/*.h' - - '**/*.m' - - '**/*.mm' - - 'tools/lint/clang-format.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -rustfmt: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py rustfmt - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.rs' - - 'tools/lint/rustfmt.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -fluent-lint: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py fluent-lint - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.ftl' - - 'tools/lint/fluent-lint.yml' - - 'tools/lint/fluent-lint/exclusions.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -localization: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py l10n - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/locales/en-US/**' - - '**/l10n.toml' - - 'third_party/python/compare-locales/**' - - 'third_party/python/fluent/**' - - 'tools/lint/l10n.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -mingw-capitalization: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py mingw-capitalization - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.cpp' - - '**/*.cc' - - '**/*.c' - - '**/*.h' - - 'tools/lint/mingw-capitalization.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -mscom-init: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py mscom-init - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.cpp' - - '**/*.cc' - - '**/*.c' - - '**/*.h' - - 'tools/lint/mscom-init.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -file-whitespace: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py file-whitespace - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.c' - - '**/*.cc' - - '**/*.cpp' - - '**/*.css' - - '**/*.dtd' - - '**/*.idl' - - '**/*.ftl' - - '**/*.h' - - '**/*.html' - - '**/*.md' - - '**/*.properties' - - '**/*.py' - - '**/*.rs' - - '**/*.rst' - - '**/*.webidl' - - '**/*.xhtml' - - 'tools/lint/file-whitespace.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -test-manifest: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py test-manifest-alpha test-manifest-disable test-manifest-skip-if - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.ini' - - 'python/mozlint/**' - - 'tools/lint/**' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -trojan-source: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py trojan-source - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.c' - - '**/*.cc' - - '**/*.cpp' - - '**/*.h' - - '**/*.py' - - '**/*.rs' - - 'tools/lint/trojan-source.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' ===================================== .gitlab/ci/scripts/run_linters.py deleted ===================================== @@ -1,110 +0,0 @@ -#!/usr/bin/env python3 - -import argparse -import os -import re -import shlex -import subprocess -import sys - - -def git(command): - result = subprocess.run( - ["git"] + shlex.split(command), check=True, capture_output=True, text=True - ) - return result.stdout.strip() - - -def get_firefox_tag_from_branch_name(branch_name): - """Extracts the Firefox tag associated with a branch name. - - The "firefox tag" is the tag that marks - the end of the Mozilla commits and the start of the Tor Project commits. - - Know issue: If ever there is more than one tag per Firefox ESR version, - this function may return the incorrect reference number. - - Args: - branch_name: The branch name to extract the tag from. - Expected format is tor-browser-91.2.0esr-11.0-1, - where 91.2.0esr is the Firefox version. - - Returns: - The reference specifier of the matching Firefox tag. - An exception wil be raised if anything goes wrong. - """ - - # Extracts the version number from a branch name. - firefox_version = "" - match = re.search(r"(?<=browser-)([^-]+)", branch_name) - if match: - # TODO: Validate that what we got is actually a valid semver string? - firefox_version = match.group(1) - else: - raise ValueError(f"Failed to extract version from branch name '{branch_name}'.") - - tag = f"FIREFOX_{firefox_version.replace('.', '_')}_" - remote_tags = git("ls-remote --tags") - - # Each line looks like: - # 9edd658bfd03a6b4743ecb75fd4a9ad968603715 refs/tags/FIREFOX_91_9_0esr_BUILD1 - pattern = rf"(.*){re.escape(tag)}(.*)$" - match = re.search(pattern, remote_tags, flags=re.MULTILINE) - if match: - return match.group(0).split()[0] - else: - raise ValueError( - f"Failed to find reference specifier for Firefox tag in branch '{branch_name}'." - ) - - -def get_list_of_changed_files(): - """Gets a list of files changed in the working directory. - - This function is meant to be run inside the Gitlab CI environment. - - When running in a default branch, get the list of changed files since the last Firefox tag. - When running for a new MR commit, get a list of changed files in the current MR. - - Returns: - A list of filenames of changed files (excluding deleted files). - An exception wil be raised if anything goes wrong. - """ - - base_reference = "" - - if os.getenv("CI_PIPELINE_SOURCE") == "merge_request_event": - # For merge requests, the base_reference is the common ancestor between the MR and the target branch. - base_reference = os.getenv("CI_MERGE_REQUEST_DIFF_BASE_SHA") - else: - # When not in merge requests, the base reference is the Firefox tag - base_reference = get_firefox_tag_from_branch_name(os.getenv("CI_COMMIT_BRANCH")) - - if not base_reference: - raise RuntimeError("No base reference found. There might be more errors above.") - - # Fetch the tag reference - git(f"fetch origin {base_reference} --depth=1 --filter=blob:none") - # Return the list of changed files - return git(f"diff --diff-filter=d --name-only {base_reference} HEAD").split("\n") - - -if __name__ == "__main__": - parser = argparse.ArgumentParser( - description="Run ./mach linters in CI. Warning: if you run this in your local environment it might mess up your git history." - ) - parser.add_argument( - "linters", metavar="L", type=str, nargs="+", help="A list of linters to run." - ) - args = parser.parse_args() - - command = [ - "./mach", - "lint", - "-v", - *(s for l in args.linters for s in ("-l", l)), - *get_list_of_changed_files(), - ] - result = subprocess.run(command, text=True) - - sys.exit(result.returncode) View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/78d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/78d… You're receiving this email because of your account on gitlab.torproject.org.

1 0