Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build

Commits:

2 changed files:

Changes:

  • .gitlab/issue_templates/Release Prep - Alpha.md
    ... ... @@ -31,13 +31,13 @@
    31 31
     <details>
    
    32 32
         <summary>Android</summary>
    
    33 33
     
    
    34
    -### ***Security Vulnerabilities Backport*** : https://www.mozilla.org/en-US/security/advisories/
    
    35
    -- **NOTE** : this work may have already occurred in the analogous stable release prep issue
    
    34
    +### **Security Vulnerabilities Backport** : https://www.mozilla.org/en-US/security/advisories/
    
    35
    +- **NOTE** : this work usually first occurs during the Tor Browser Stable release, so for alpha we typically only need to update the various `tor-browser-build` configs to point to the right release tags.
    
    36 36
     - [ ] Create tor-browser issue `Backport Android-specific Firefox $(RR_VERSION) to ESR $(ESR_VERSION)-based Tor Browser`
    
    37 37
       - [ ] Link new backport issue to this release prep issue
    
    38 38
     - [ ] Go through any `Security Vulnerabilities fixed in Firefox $(RR_VERSION)` (or similar) and create list of CVEs which affect Android that need to be a backported
    
    39 39
       - Potentially Affected Components:
    
    40
    -    - `firefox`
    
    40
    +    - `firefox`/`geckoview`
    
    41 41
         - `application-services`
    
    42 42
         - `android-components`
    
    43 43
         - `fenix`
    
    ... ... @@ -88,15 +88,15 @@
    88 88
         - [ ] `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
    
    89 89
         - [ ] `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
    
    90 90
       - [ ] Push new branches and esr tag to origin
    
    91
    -  - [ ] Rebase `base-browser` patches onto the `gecko-dev` commit
    
    92
    -  - [ ] Rebase `tor-browser` patches onto the `base-browser` branch
    
    91
    +  - [ ] Rebase previous `base-browser` patches onto the `gecko-dev` commit
    
    92
    +  - [ ] Rebase previous `tor-browser` patches onto the new `base-browser` branch
    
    93 93
       - [ ] Compare patch-sets (ensure nothing *weird* happened during rebase):
    
    94 94
         - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..$(TOR_BROWSER_BRANCH)`
    
    95 95
         - [ ] diff of diffs:
    
    96 96
             -  Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred `$(DIFF_TOOL)` and look at differences on lines that starts with + or -
    
    97 97
             - [ ] `git diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) > current_patchset.diff`
    
    98 98
             - [ ] `git diff $(ESR_TAG)..$(TOR_BROWSER_BRANCH) > rebased_patchset.diff`
    
    99
    -        - [ ] `$(DIFF_TOOL) current_patchset.dif rebased_patchset.deff`
    
    99
    +        - [ ] `$(DIFF_TOOL) current_patchset.diff rebased_patchset.diff`
    
    100 100
       - [ ] Open MR for the rebase
    
    101 101
     - [ ] Sign/Tag `base-browser` commit:
    
    102 102
       - **NOTE** : Currently we are using the `Bug 40926: Implemented the New Identity feature` commit as the final commit of `base-browser` before `tor-browser`
    
    ... ... @@ -119,73 +119,89 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
    119 119
     - [ ] Update `rbm.conf`
    
    120 120
       - [ ] `var/torbrowser_version` : update to next version
    
    121 121
       - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)`
    
    122
    -  - [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from` : update to previous Desktop version
    
    122
    +  - [ ] ***(Optional, Desktop)*** `var/torbrowser_incremental_from` : update to previous Desktop version
    
    123 123
         - [ ] **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make incrementals-*` step will fail
    
    124
    -- [ ] Update `projects/firefox/config`
    
    125
    -  - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag
    
    126
    -  - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
    
    127
    -- [ ] Update `projects/geckoview/config`
    
    128
    -  - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag
    
    129
    -  - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased
    
    130
    -- [ ] Update `projects/translation-base-browser/config`
    
    131
    -  - [ ] `git_hash` : update with `HEAD` commit of project's `base-browser` branch
    
    132
    -- [ ] Update `projects/translation-base-browser-fluent/config`
    
    133
    -  - [ ] `git_hash` : update with `HEAD` commit of project's `basebrowser-newidentityftl` branch
    
    134
    -- [ ] Update `projects/tba-translations/config`:
    
    135
    -  - [ ]  `git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
    
    136
    -- [ ] ***(Optional)*** Update `projects/tor-android-service/config`
    
    137
    -  - [ ] `git_hash` : update with `HEAD` commit of project's `main` branch
    
    138
    -- [ ] ***(Optional)*** Update `projects/application-services/config`:
    
    139
    -  **NOTE** we don't have any of our own patches for this project
    
    140
    -  - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)`
    
    141
    -- [ ] Update `projects/android-components/config`:
    
    142
    -  - [ ] `git_hash` : update the `$(BUILD_N)` section to match alpha `android-components` tag
    
    143
    -- [ ] Update `projects/fenix/config`
    
    144
    -  - [ ] `git_hash` : update the `$(BUILD_N)` section to match `fenix` tag
    
    145
    -  - [ ] ***(Optional)*** `var/fenix_version` : update to latest `$(ESR_VERSION)` if rebased
    
    146
    -- [ ] Update allowed_addons.json by running (from `tor-browser-build` root):
    
    147
    -  - `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
    
    148
    -- [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
    
    149
    -  - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
    
    150
    -    - [ ] `URL`
    
    151
    -    - [ ] `sha256sum`
    
    152
    -- [ ] Check for OpenSSL updates here : https://www.openssl.org/source/
    
    153
    -  - [ ] ***(Optional)*** If new 1.X.Y version available, update `projects/openssl/config`
    
    154
    -    - [ ] `version` : update to next 1.X.Y version
    
    155
    -    - [ ] `input_files/sha256sum` : update to sha256 sum of source tarball
    
    156
    -- [ ] Check for zlib updates here: https://github.com/madler/zlib/releases
    
    157
    -  - [ ] **(Optional)** If new tag available, update `projects/zlib/config`
    
    158
    -    - [ ] `version` : update to next release tag
    
    159
    -- [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags ; Tor Browser Alpha uses latest `-alpha` tagged tor (or latest of stable if newer)
    
    160
    -  - [ ] ***(Optional)*** Update `projects/tor/config`
    
    161
    -    - [ ] `version` : update to next release tag
    
    162
    -- [ ] Check for go updates here : https://golang.org/dl
    
    163
    -  - **NOTE** : Tor Browser Alpha uses the latest Stable go version, while Tor Browser Stable uses the latest of the previous Stable major series version
    
    164
    -  - [ ] ***(Optional)*** Update `projects/go/config`
    
    165
    -    - [ ] `version` : update go version
    
    166
    -    - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page)
    
    167
    -- [ ] ***(Optional)*** Update the manual
    
    168
    -  - [ ] Go to https://gitlab.torproject.org/tpo/web/manual/-/jobs/
    
    169
    -  - [ ] Open the latest build stage
    
    170
    -  - [ ] Download the artifacts (they come in a .zip file).
    
    171
    -  - [ ] Rename it to `manual_$PIPELINEID.zip`
    
    172
    -  - [ ] Upload it to people.tpo
    
    173
    -  - [ ] Update `projects/manual/config`
    
    174
    -    - [ ] Change the version to `$PIPELINEID`
    
    175
    -    - [ ] Update the hash in the input_files section
    
    176
    -    - [ ] Update the URL if you have uploaded to a different people.tpo home
    
    124
    +- [ ] ***(Optional)*** Update Desktop-specific build configs
    
    125
    +  - [ ] Update `projects/firefox/config`
    
    126
    +    - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag
    
    127
    +    - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
    
    128
    +  - [ ] Update `projects/translation-base-browser/config`
    
    129
    +    - [ ] `git_hash` : update with `HEAD` commit of project's `base-browser` branch
    
    130
    +  - [ ] Update `projects/translation-base-browser-fluent/config`
    
    131
    +    - [ ] `git_hash` : update with `HEAD` commit of project's `basebrowser-newidentityftl` branch
    
    132
    +- [ ] ***(Optional)*** Update Android-specific build configs
    
    133
    +  - [ ] ***(Optional)*** Update `projects/geckoview/config`
    
    134
    +    - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag
    
    135
    +    - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased
    
    136
    +  - [ ] Update `projects/tba-translations/config`:
    
    137
    +    - [ ]  `git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
    
    138
    +  - [ ] ***(Optional)*** Update `projects/tor-android-service/config`
    
    139
    +    - [ ] `git_hash` : update with `HEAD` commit of project's `main` branch
    
    140
    +  - [ ] ***(Optional)*** Update `projects/application-services/config`:
    
    141
    +    **NOTE** we don't currently have any of our own patches for this project
    
    142
    +    - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)`
    
    143
    +  - [ ] ***(Optional)*** Update `projects/android-components/config`:
    
    144
    +    - [ ] `git_hash` : update the `$(BUILD_N)` section to match alpha `android-components` tag
    
    145
    +  - [ ] ***(Optional)*** Update `projects/fenix/config`
    
    146
    +    - [ ] `git_hash` : update the `$(BUILD_N)` section to match `fenix` tag
    
    147
    +    - [ ] ***(Optional)*** `var/fenix_version` : update to latest `$(ESR_VERSION)` if rebased
    
    148
    +  - [ ] Update allowed_addons.json by running (from `tor-browser-build` root):
    
    149
    +    - `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
    
    150
    +- [ ] Update common build configs
    
    151
    +  - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
    
    152
    +    - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
    
    153
    +      - [ ] `URL`
    
    154
    +      - [ ] `sha256sum`
    
    155
    +  - [ ] Check for OpenSSL updates here : https://www.openssl.org/source/
    
    156
    +    - [ ] ***(Optional)*** If new 1.X.Y version available, update `projects/openssl/config`
    
    157
    +      - [ ] `version` : update to next 1.X.Y version
    
    158
    +      - [ ] `input_files/sha256sum` : update to sha256 sum of source tarball
    
    159
    +  - [ ] Check for zlib updates here: https://github.com/madler/zlib/releases
    
    160
    +    - [ ] **(Optional)** If new tag available, update `projects/zlib/config`
    
    161
    +      - [ ] `version` : update to next release tag
    
    162
    +  - [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags
    
    163
    +    - [ ] ***(Optional)*** Update `projects/tor/config` 
    
    164
    +      - [ ] `version` : update to latest `-alpha` tag or release tag if newer (ping @dgoulet or @ahf if unsure)
    
    165
    +  - [ ] Check for go updates here : https://golang.org/dl
    
    166
    +    - **NOTE** : Tor Browser Alpha uses the latest Stable major series go version
    
    167
    +    - [ ] ***(Optional)*** Update `projects/go/config`
    
    168
    +      - [ ] `version` : update go version
    
    169
    +      - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page)
    
    170
    +  - [ ] ***(Optional)*** Update the manual
    
    171
    +    - [ ] Go to https://gitlab.torproject.org/tpo/web/manual/-/jobs/
    
    172
    +    - [ ] Open the latest build stage
    
    173
    +    - [ ] Download the artifacts (they come in a .zip file).
    
    174
    +    - [ ] Rename it to `manual_$PIPELINEID.zip`
    
    175
    +    - [ ] Upload it to people.tpo
    
    176
    +    - [ ] Update `projects/manual/config`
    
    177
    +      - [ ] Change the version to `$PIPELINEID`
    
    178
    +      - [ ] Update the hash in the input_files section
    
    179
    +      - [ ] Update the URL if you have uploaded to a different people.tpo home
    
    177 180
     - [ ] Update `ChangeLog.txt`
    
    178 181
       - [ ] Ensure ChangeLog.txt is sync'd between alpha and stable branches
    
    179 182
     - [ ] Open MR with above changes
    
    180
    -- [ ] Begin build on `$(BUILD_SERVER)` (and fix any issues which come up)
    
    181
    -- [ ] Sign/Tag commit : `make signtag-alpha`
    
    183
    +- [ ] Begin build on `$(BUILD_SERVER)` (fix any issues which come up and update MR)
    
    184
    +- [ ] Sign/Tag commit: `make signtag-alpha`
    
    182 185
     - [ ] Push tag to origin
    
    186
    +</details>
    
    183 187
     
    
    188
    +<details>
    
    189
    +	<summary>Communications</summary>
    
    184 190
     ### notify stakeholders
    
    185 191
     - [ ] Email tor-qa mailing list: tor-qa@lists.torproject.org
    
    186
    -    - [ ] Provide links to unsigned builds on `$(BUILD_SERVER)`
    
    187
    -    - [ ] Call out any new functionality which needs testing
    
    188
    -    - [ ] Link to any known issues
    
    192
    +  - [ ] Provide links to unsigned builds on `$(BUILD_SERVER)`
    
    193
    +  - [ ] Note any new functionality which needs testing
    
    194
    +  - [ ] Link to any known issues
    
    195
    +- [ ] Email downstream consumers:
    
    196
    +  - Recipients:
    
    197
    +    - [ ] Tails dev mailing list: tails-dev@boum.org
    
    198
    +    - [ ] Guardian Project: nathan@guardianproject.info
    
    199
    +    - [ ] torbrowser-launcher: micah@micahflee.com
    
    200
    +  - [ ] Provide links to unsigned builds on `$(BUILD_SERVER)`
    
    201
    +  - [ ] Note any changes which may affect packaging/downstream integration
    
    202
    +- [ ] Email upstream stakeholders:
    
    203
    +  - [ ] ***(Optional, after ESR migration)*** Cloudflare: ask-research@cloudflare.com
    
    204
    +    - **NOTE** :  We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs
    
    189 205
     
    
    190 206
     </details>
    
    191 207
     
    

  • .gitlab/issue_templates/Release Prep - Stable.md
    ... ... @@ -44,13 +44,12 @@
    44 44
     <details>
    
    45 45
         <summary>Android</summary>
    
    46 46
     
    
    47
    -### ***Security Vulnerabilities Backport*** : https://www.mozilla.org/en-US/security/advisories/
    
    48
    -- **NOTE** : this work may have already occurred in the analogous stable release prep issue
    
    47
    +### **Security Vulnerabilities Backport** : https://www.mozilla.org/en-US/security/advisories/
    
    49 48
     - [ ] Create tor-browser issue `Backport Android-specific Firefox $(RR_VERSION) to ESR $(ESR_VERSION)-based Tor Browser`
    
    50 49
       - [ ] Link new backport issue to this release prep issue
    
    51 50
     - [ ] Go through any `Security Vulnerabilities fixed in Firefox $(RR_VERSION)` (or similar) and create list of CVEs which affect Android that need to be a backported
    
    52 51
       - Potentially Affected Components:
    
    53
    -    - `firefox`
    
    52
    +    - `firefox`/`geckoview`
    
    54 53
         - `application-services`
    
    55 54
         - `android-components`
    
    56 55
         - `fenix`
    
    ... ... @@ -59,21 +58,21 @@
    59 58
     - [ ] Backport any Android-specific security fixes from Firefox rapid-release
    
    60 59
     - [ ] Sign/Tag commit:
    
    61 60
       - Tag : `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    62
    -  - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha`
    
    61
    +  - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable`
    
    63 62
     - [ ] Push tag to `origin`
    
    64 63
     
    
    65 64
     ### **android-components** ***(Optional)*** : https://gitlab.torproject.org/tpo/applications/android-components.git
    
    66 65
     - [ ] Backport any Android-specific security fixes from Firefox rapid-release
    
    67 66
     - [ ] Sign/Tag commit:
    
    68 67
       - Tag : `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    69
    -  - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
    
    68
    +  - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable)`
    
    70 69
     - [ ] Push tag to `origin`
    
    71 70
     
    
    72 71
     ### **fenix** ***(Optional)*** : https://gitlab.torproject.org/tpo/applications/fenix.git
    
    73 72
     - [ ] Backport any Android-specific security fixes from Firefox rapid-release
    
    74 73
     - [ ] Sign/Tag commit:
    
    75 74
       - Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    76
    -  - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
    
    75
    +  - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable)`
    
    77 76
     - [ ] Push tag to `origin`
    
    78 77
     
    
    79 78
     </details>
    
    ... ... @@ -96,25 +95,24 @@
    96 95
         - [ ] `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
    
    97 96
         - [ ] `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
    
    98 97
       - [ ] Push new branches and esr tag to origin
    
    99
    -  - [ ] Rebase `base-browser` patches onto the `gecko-dev` commit
    
    100
    -  - [ ] Rebase `tor-browser` patches onto the `base-browser` branch
    
    98
    +  - [ ] Rebase previous `base-browser` patches onto the `gecko-dev` commit
    
    99
    +  - [ ] Rebase previous `tor-browser` patches onto the new `base-browser` branch
    
    101 100
       - [ ] Compare patch-sets (ensure nothing *weird* happened during rebase):
    
    102 101
         - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..$(TOR_BROWSER_BRANCH)`
    
    103 102
         - [ ] diff of diffs:
    
    104 103
             -  Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred `$(DIFF_TOOL)` and look at differences on lines that starts with + or -
    
    105 104
             - [ ] `git diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) > current_patchset.diff`
    
    106 105
             - [ ] `git diff $(ESR_TAG)..$(TOR_BROWSER_BRANCH) > rebased_patchset.diff`
    
    107
    -        - [ ] `$(DIFF_TOOL) current_patchset.dif rebased_patchset.deff`
    
    106
    +        - [ ] `$(DIFF_TOOL) current_patchset.diff rebased_patchset.diff`
    
    108 107
       - [ ] Open MR for the rebase
    
    109 108
     - [ ] Sign/Tag `base-browser` commit:
    
    110 109
       - **NOTE** : Currently we are using the `Bug 40926: Implemented the New Identity feature` commit as the final commit of `base-browser` before `tor-browser`
    
    111 110
       - Tag : `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-build1`
    
    112
    -  - Message: `Tagging build1 for $(ESR_VERSION)esr-based alpha`
    
    111
    +  - Message: `Tagging build1 for $(ESR_VERSION)esr-based stable`
    
    113 112
     - [ ] Sign/Tag `tor-browser` commit :
    
    114 113
       - Tag : `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(FIREFOX_BUILD_N)`
    
    115
    -  - Message : `Tagging $(FIREFOX_BUILD_N) for $(ESR_VERSION)esr-based alpha`
    
    114
    +  - Message : `Tagging $(FIREFOX_BUILD_N) for $(ESR_VERSION)esr-based stable`
    
    116 115
     - [ ] Push rebased branches and tags to `origin`
    
    117
    -- [ ] Update Gitlab Default Branch to new Alpha branch:  https://gitlab.torproject.org/tpo/applications/tor-browser/-/settings/repository
    
    118 116
     
    
    119 117
     </details>
    
    120 118
     
    
    ... ... @@ -127,75 +125,89 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
    127 125
     - [ ] Update `rbm.conf`
    
    128 126
       - [ ] `var/torbrowser_version` : update to next version
    
    129 127
       - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)`
    
    130
    -  - [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from` : update to previous Desktop version
    
    128
    +  - [ ] ***(Optional, Desktop)*** `var/torbrowser_incremental_from` : update to previous Desktop version
    
    131 129
         - [ ] **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make incrementals-*` step will fail
    
    132
    -- [ ] Update `projects/firefox/config`
    
    133
    -  - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag
    
    134
    -  - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
    
    135
    -- [ ] Update `projects/geckoview/config`
    
    136
    -  - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag
    
    137
    -  - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased
    
    138
    -- [ ] Update `projects/translation-base-browser/config`
    
    139
    -  - [ ] `git_hash` : update with `HEAD` commit of project's `base-browser` branch
    
    140
    -- [ ] Update `projects/translation-base-browser-fluent/config`
    
    141
    -  - [ ] `git_hash` : update with `HEAD` commit of project's `basebrowser-newidentityftl` branch
    
    142
    -- [ ] Update `projects/tba-translations/config`:
    
    143
    -  - [ ]  `git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
    
    144
    -- [ ] ***(Optional)*** Update `projects/tor-android-service/config`
    
    145
    -  - [ ] `git_hash` : update with `HEAD` commit of project's `main` branch
    
    146
    -- [ ] ***(Optional)*** Update `projects/application-services/config`:
    
    147
    -  **NOTE** we don't have any of our own patches for this project
    
    148
    -  - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)`
    
    149
    -- [ ] Update `projects/android-components/config`:
    
    150
    -  - [ ] `git_hash` : update the `$(BUILD_N)` section to match alpha `android-components` tag
    
    151
    -- [ ] Update `projects/fenix/config`
    
    152
    -  - [ ] `git_hash` : update the `$(BUILD_N)` section to match `fenix` tag
    
    153
    -  - [ ] ***(Optional)*** `var/fenix_version` : update to latest `$(ESR_VERSION)` if rebased
    
    154
    -- [ ] Update allowed_addons.json by running (from `tor-browser-build` root):
    
    155
    -  - `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
    
    156
    -- [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
    
    157
    -  - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
    
    158
    -    - [ ] `URL`
    
    159
    -    - [ ] `sha256sum`
    
    160
    -- [ ] Check for OpenSSL updates here : https://www.openssl.org/source/
    
    161
    -  - [ ] ***(Optional)*** If new 1.X.Y version available, update `projects/openssl/config`
    
    162
    -    - [ ] `version` : update to next 1.X.Y version
    
    163
    -    - [ ] `input_files/sha256sum` : update to sha256 sum of source tarball
    
    164
    -- [ ] Check for zlib updates here: https://github.com/madler/zlib/releases
    
    165
    -  - [ ] **(Optional)** If new tag available, update `projects/zlib/config`
    
    166
    -    - [ ] `version` : update to next release tag
    
    167
    -- [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags ; Tor Browser Alpha uses latest `-alpha` tagged tor (or latest of stable if newer)
    
    168
    -  - [ ] ***(Optional)*** Update `projects/tor/config`
    
    169
    -    - [ ] `version` : update to next release tag
    
    170
    -- [ ] Check for go updates here : https://golang.org/dl
    
    171
    -  - **NOTE** : Tor Browser Alpha uses the latest Stable go version, while Tor Browser Stable uses the latest of the previous Stable major series version
    
    172
    -  - [ ] ***(Optional)*** Update `projects/go/config`
    
    173
    -    - [ ] `version` : update go version
    
    174
    -    - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page)
    
    175
    -- [ ] ***(Optional)*** Update the manual
    
    176
    -  - [ ] Go to https://gitlab.torproject.org/tpo/web/manual/-/jobs/
    
    177
    -  - [ ] Open the latest build stage
    
    178
    -  - [ ] Download the artifacts (they come in a .zip file).
    
    179
    -  - [ ] Rename it to `manual_$PIPELINEID.zip`
    
    180
    -  - [ ] Upload it to people.tpo
    
    181
    -  - [ ] Update `projects/manual/config`
    
    182
    -    - [ ] Change the version to `$PIPELINEID`
    
    183
    -    - [ ] Update the hash in the input_files section
    
    184
    -    - [ ] Update the URL if you have uploaded to a different people.tpo home
    
    130
    +- [ ] ***(Optional)*** Update Desktop-specific build configs
    
    131
    +  - [ ] Update `projects/firefox/config`
    
    132
    +    - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag
    
    133
    +    - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
    
    134
    +  - [ ] Update `projects/translation-base-browser/config`
    
    135
    +    - [ ] `git_hash` : update with `HEAD` commit of project's `base-browser` branch
    
    136
    +  - [ ] Update `projects/translation-base-browser-fluent/config`
    
    137
    +    - [ ] `git_hash` : update with `HEAD` commit of project's `basebrowser-newidentityftl` branch
    
    138
    +- [ ] ***(Optional)*** Update Android-specific build configs
    
    139
    +  - [ ] ***(Optional)*** Update `projects/geckoview/config`
    
    140
    +    - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag
    
    141
    +    - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased
    
    142
    +  - [ ] Update `projects/tba-translations/config`:
    
    143
    +    - [ ]  `git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
    
    144
    +  - [ ] ***(Optional)*** Update `projects/tor-android-service/config`
    
    145
    +    - [ ] `git_hash` : update with `HEAD` commit of project's `main` branch
    
    146
    +  - [ ] ***(Optional)*** Update `projects/application-services/config`:
    
    147
    +    **NOTE** we don't currently have any of our own patches for this project
    
    148
    +    - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)`
    
    149
    +  - [ ] ***(Optional)*** Update `projects/android-components/config`:
    
    150
    +    - [ ] `git_hash` : update the `$(BUILD_N)` section to match `android-components` tag
    
    151
    +  - [ ] ***(Optional)*** Update `projects/fenix/config`
    
    152
    +    - [ ] `git_hash` : update the `$(BUILD_N)` section to match `fenix` tag
    
    153
    +    - [ ] ***(Optional)*** `var/fenix_version` : update to latest `$(ESR_VERSION)` if rebased
    
    154
    +  - [ ] Update allowed_addons.json by running (from `tor-browser-build` root):
    
    155
    +    - `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
    
    156
    +- [ ] Update common build configs
    
    157
    +  - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
    
    158
    +    - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
    
    159
    +      - [ ] `URL`
    
    160
    +      - [ ] `sha256sum`
    
    161
    +  - [ ] Check for OpenSSL updates here : https://www.openssl.org/source/
    
    162
    +    - [ ] ***(Optional)*** If new 1.X.Y version available, update `projects/openssl/config`
    
    163
    +      - [ ] `version` : update to next 1.X.Y version
    
    164
    +      - [ ] `input_files/sha256sum` : update to sha256 sum of source tarball
    
    165
    +  - [ ] Check for zlib updates here: https://github.com/madler/zlib/releases
    
    166
    +    - [ ] **(Optional)** If new tag available, update `projects/zlib/config`
    
    167
    +      - [ ] `version` : update to next release tag
    
    168
    +  - [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags
    
    169
    +    - [ ] ***(Optional)*** Update `projects/tor/config` 
    
    170
    +      - [ ] `version` : update to latest non `-alpha` tag (ping @dgoulet or @ahf if unsure)
    
    171
    +  - [ ] Check for go updates here : https://golang.org/dl
    
    172
    +    - **NOTE** : Tor Browser Stable uses the latest of the *previous* Stable major series go version (apart from the transition phase from Tor Browser Alpha to Stable, in which case Tor Browser Stable may use the latest major series go version)
    
    173
    +    - [ ] ***(Optional)*** Update `projects/go/config`
    
    174
    +      - [ ] `version` : update go version
    
    175
    +      - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page)
    
    176
    +  - [ ] ***(Optional)*** Update the manual
    
    177
    +    - [ ] Go to https://gitlab.torproject.org/tpo/web/manual/-/jobs/
    
    178
    +    - [ ] Open the latest build stage
    
    179
    +    - [ ] Download the artifacts (they come in a .zip file).
    
    180
    +    - [ ] Rename it to `manual_$PIPELINEID.zip`
    
    181
    +    - [ ] Upload it to people.tpo
    
    182
    +    - [ ] Update `projects/manual/config`
    
    183
    +      - [ ] Change the version to `$PIPELINEID`
    
    184
    +      - [ ] Update the hash in the input_files section
    
    185
    +      - [ ] Update the URL if you have uploaded to a different people.tpo home
    
    185 186
     - [ ] Update `ChangeLog.txt`
    
    186 187
       - [ ] Ensure ChangeLog.txt is sync'd between alpha and stable branches
    
    187 188
     - [ ] Open MR with above changes
    
    188
    -- [ ] Begin build on `$(BUILD_SERVER)` (and fix any issues which come up)
    
    189
    -- [ ] Sign/Tag commit : `make signtag-release`
    
    189
    +- [ ] Begin build on `$(BUILD_SERVER)` (and fix any issues which come up and update MR)
    
    190
    +- [ ] Sign/Tag commit: `make signtag-release`
    
    190 191
     - [ ] Push tag to origin
    
    192
    +</details>
    
    191 193
     
    
    194
    +<details>
    
    195
    +	<summary>Communications</summary>
    
    192 196
     ### notify stakeholders
    
    193 197
     - [ ] Email tor-qa mailing list: tor-qa@lists.torproject.org
    
    194
    -    - [ ] Provide links to unsigned builds on `$(BUILD_SERVER)`
    
    195
    -    - [ ] Call out any new functionality which needs testing
    
    196
    -    - [ ] Link to any known issues
    
    197
    -- [ ] Email Tails dev mailing list: tails-dev@boum.org
    
    198
    -    - [ ] Provide links to unsigned builds on `$(BUILD_SERVER)`
    
    198
    +  - [ ] Provide links to unsigned builds on `$(BUILD_SERVER)`
    
    199
    +  - [ ] Note any new functionality which needs testing
    
    200
    +  - [ ] Link to any known issues
    
    201
    +- [ ] Email downstream consumers:
    
    202
    +  - Recipients:
    
    203
    +    - [ ] Tails dev mailing list: tails-dev@boum.org
    
    204
    +    - [ ] Guardian Project: nathan@guardianproject.info
    
    205
    +    - [ ] torbrowser-launcher: micah@micahflee.com
    
    206
    +  - [ ] Provide links to unsigned builds on `$(BUILD_SERVER)`
    
    207
    +  - [ ] Note any changes which may affect packaging/downstream integration
    
    208
    +- [ ] Email upstream stakeholders:
    
    209
    +  - [ ] ***(Optional, after ESR migration)*** Cloudflare: ask-research@cloudflare.com
    
    210
    +    - **NOTE** :  We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs
    
    199 211
     
    
    200 212
     </details>
    
    201 213
     
    
    ... ... @@ -237,7 +249,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
    237 249
       - [ ] Enable update responses : `./deploy_update_responses-alpha.sh`
    
    238 250
     - [ ] Publish APKs to Google Play:
    
    239 251
       - Log into https://play.google.com/apps/publish
    
    240
    -  - Select `Tor Browser (Alpha)` app
    
    252
    +  - Select `Tor Browser` app
    
    241 253
       - Navigate to `Release > Production` and click `Create new release` button
    
    242 254
       - [ ] Upload the `*.multi.apk` APKs
    
    243 255
       - [ ] Update Release Name to Tor Browser version number