... |
... |
@@ -3,18 +3,13 @@ |
3
|
3
|
|
4
|
4
|
- `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release
|
5
|
5
|
- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process
|
6
|
|
-- `$(TOR_LAUNCHER_VERSION)` : version of `tor-launcher`, used in tags
|
7
|
|
- - example : `0.2.33`
|
8
|
6
|
- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
|
9
|
7
|
- example : `91.6.0`
|
|
8
|
+- `$(RR_VERSION)` : the Mozilla defined Rapid-Release version; Tor Browser for Android is based off of the `$(ESR_VERSION)`, but Mozilla's Firefox for Android is based off of the `$(RR_VERSION)` so we need to keep track of security vulnerabilities to backport from the monthly Rapid-Release train and our frozen ESR train.
|
|
9
|
+ - example: `103`
|
10
|
10
|
- `$(ESR_TAG)` : the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)`
|
11
|
11
|
- exmaple : `FIREFOX_91_7_0esr_BUILD2`
|
12
|
12
|
- `$(ESR_TAG_PREV)` : the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from)
|
13
|
|
-- `$(RR_VERSION)` : the Mozilla defined 'Rapid Relese' version, used in various places for building geckoview tags, labels, etc
|
14
|
|
- - example : `96.0.3`
|
15
|
|
-- `$(RR_TAG)` : the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)`
|
16
|
|
- - exmaple : `FIREFOX_96_0_3_RELEASE`
|
17
|
|
-- `$(RR_TAG_PREV)` : the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from)
|
18
|
13
|
- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version
|
19
|
14
|
- example : `11`
|
20
|
15
|
- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version
|
... |
... |
@@ -31,46 +26,78 @@ |
31
|
26
|
- `$(TOR_BROWSER_BRANCH)` : the full name of tor-browser branch
|
32
|
27
|
- typically of the form: `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
|
33
|
28
|
- `$(TOR_BROWSER_BRANCH_PREV)` : the full name of the previous tor-browser branch (when rebasing)
|
34
|
|
-- `$(GECKOVIEW_BRANCH)` : the full name of geckoview branch
|
35
|
|
- - typically of the form: `tor-browser-$(RR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
|
36
|
|
-- `$(GECKOVIEW_BRANCH_PREV)` : the full name of the previous geckoview branch (when rebasing)
|
37
|
29
|
</details>
|
38
|
30
|
|
39
|
31
|
<details>
|
40
|
32
|
<summary>Desktop</summary>
|
41
|
33
|
|
42
|
|
-### **torbutton** ***(Optional)***: https://gitlab.torproject.org/tpo/applications/torbutton.git
|
43
|
|
-- [ ] ***(Optional)*** Update translations :
|
44
|
|
- - **NOTE** We only update strings in stable if a backported feature depends on new strings
|
|
34
|
+### **torbutton** : https://gitlab.torproject.org/tpo/applications/torbutton.git
|
|
35
|
+- [ ] Update translations :
|
45
|
36
|
- [ ] `./import-translations.sh`
|
46
|
37
|
- **NOTE** : if there are no new strings imported then we are done here
|
47
|
38
|
- [ ] Commit with message `Translation updates`
|
48
|
39
|
- **NOTE** : only add files which are already being tracked
|
49
|
40
|
- [ ] fixup! `tor-browser`'s `Bug 10760 : Integrate TorButton to TorBrowser core` issue to point to updated `torbutton` commit
|
50
|
41
|
|
51
|
|
-### **tor-launcher** ***(Optional)***: https://gitlab.torproject.org/tpo/applications/tor-launcher.git
|
52
|
|
-- [ ] ***(Optional)*** Update translations:
|
53
|
|
- - **NOTE** We only update strings in stable if a backported feature depends on new strings
|
54
|
|
- - [ ] ./localization/import-translations.sh
|
55
|
|
- - [ ] Commit with message `Translation updates`
|
56
|
|
-- [ ] Update `install.rdf` file with new version
|
57
|
|
-- [ ] Sign/Tag commit :
|
58
|
|
- - Tag : `$(TOR_LAUNCHER_VERSION)`
|
59
|
|
- - Message `Tagging $(TOR_LAUNCHER_VERSION)`
|
60
|
|
-- [ ] Push `main` and tag to origin
|
|
42
|
+</details>
|
|
43
|
+
|
|
44
|
+<details>
|
|
45
|
+ <summary>Android</summary>
|
|
46
|
+
|
|
47
|
+### ***Security Vulnerabilities Backport*** : https://www.mozilla.org/en-US/security/advisories/
|
|
48
|
+- **NOTE** : this work may have already occurred in the analogous stable release prep issue
|
|
49
|
+- [ ] Create tor-browser issue `Backport Android-specific Firefox $(RR_VERSION) to ESR $(ESR_VERSION)-based Tor Browser`
|
|
50
|
+ - [ ] Link new backport issue to this release prep issue
|
|
51
|
+- [ ] Go through any `Security Vulnerabilities fixed in Firefox $(RR_VERSION)` (or similar) and create list of CVEs which affect Android that need to be a backported
|
|
52
|
+ - Potentially Affected Components:
|
|
53
|
+ - `firefox`
|
|
54
|
+ - `application-services`
|
|
55
|
+ - `android-components`
|
|
56
|
+ - `fenix`
|
|
57
|
+
|
|
58
|
+### **application-services** ***(Optional)*** : *TODO: we need to setup a gitlab copy of this repo that we can apply security backports to*
|
|
59
|
+- [ ] Backport any Android-specific security fixes from Firefox rapid-release
|
|
60
|
+- [ ] Sign/Tag commit:
|
|
61
|
+ - Tag : `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
|
|
62
|
+ - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha`
|
|
63
|
+- [ ] Push tag to `origin`
|
|
64
|
+
|
|
65
|
+### **android-components** ***(Optional)*** : https://gitlab.torproject.org/tpo/applications/android-components.git
|
|
66
|
+- [ ] Backport any Android-specific security fixes from Firefox rapid-release
|
|
67
|
+- [ ] Sign/Tag commit:
|
|
68
|
+ - Tag : `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
|
|
69
|
+ - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
|
|
70
|
+- [ ] Push tag to `origin`
|
|
71
|
+
|
|
72
|
+### **fenix** ***(Optional)*** : https://gitlab.torproject.org/tpo/applications/fenix.git
|
|
73
|
+- [ ] Backport any Android-specific security fixes from Firefox rapid-release
|
|
74
|
+- [ ] Sign/Tag commit:
|
|
75
|
+ - Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
|
|
76
|
+ - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
|
|
77
|
+- [ ] Push tag to `origin`
|
|
78
|
+
|
|
79
|
+</details>
|
|
80
|
+
|
|
81
|
+<details>
|
|
82
|
+ <summary>Shared</summary>
|
61
|
83
|
|
62
|
84
|
### tor-browser: https://gitlab.torproject.org/tpo/applications/tor-browser.git
|
|
85
|
+- [ ] ***(Optional)*** Backport any Android-specific security fixes from Firefox rapid-release
|
|
86
|
+- [ ] ***(Optional, Chemspill)*** Backport security-fixes to both `tor-browser` and `base-browser` branches
|
63
|
87
|
- [ ] ***(Optional)*** Rebase to `$(ESR_VERSION)`
|
64
|
|
- - [ ] Find the Firefox hg tag here : https://hg.mozilla.org/releases/mozilla-esr91/tags
|
|
88
|
+ - [ ] Find the Firefox hg tag here : https://hg.mozilla.org/releases/mozilla-esr102/tags
|
65
|
89
|
- [ ] `$(ESR_TAG)` : `<INSERT_TAG_HERE>`
|
66
|
90
|
- [ ] Identify the hg patch associated with above hg tag, and find the equivalent `gecko-dev` git commit (search by commit message)
|
67
|
91
|
- [ ] `gecko-dev` commit : `<INSERT_COMMIT_HASH_HERE>`
|
68
|
|
- - [ ] Create new `tor-browser` branch with the discovered `gecko-dev` commit as `HEAD` named `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
|
69
|
92
|
- [ ] Sign/Tag commit :
|
70
|
93
|
- Tag : `$(ESR_TAG)`
|
71
|
94
|
- Message : `Hg tag $(ESR_TAG)`
|
72
|
|
- - [ ] Push new branch and tag to origin
|
73
|
|
- - [ ] Rebase `tor-browser` patches
|
|
95
|
+ - [ ] Create new branches with the discovered `gecko-dev` commit as `HEAD` named:
|
|
96
|
+ - [ ] `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
|
|
97
|
+ - [ ] `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
|
|
98
|
+ - [ ] Push new branches and esr tag to origin
|
|
99
|
+ - [ ] Rebase `base-browser` patches onto the `gecko-dev` commit
|
|
100
|
+ - [ ] Rebase `tor-browser` patches onto the `base-browser` branch
|
74
|
101
|
- [ ] Compare patch-sets (ensure nothing *weird* happened during rebase):
|
75
|
102
|
- [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..$(TOR_BROWSER_BRANCH)`
|
76
|
103
|
- [ ] diff of diffs:
|
... |
... |
@@ -79,150 +106,65 @@ |
79
|
106
|
- [ ] `git diff $(ESR_TAG)..$(TOR_BROWSER_BRANCH) > rebased_patchset.diff`
|
80
|
107
|
- [ ] `$(DIFF_TOOL) current_patchset.dif rebased_patchset.deff`
|
81
|
108
|
- [ ] Open MR for the rebase
|
82
|
|
-- [ ] ***(Optional)*** Backport any required Alpha patches to Stable
|
83
|
|
- - [ ] cherry-pick patches on top of rebased branch (issues to backport should have `Backport` label and be linked to the associated `Release Prep` issue)
|
84
|
|
- - [ ] Close associated `Backport` issues
|
85
|
|
- - [ ] Open MR for the backport commits
|
|
109
|
+- [ ] Sign/Tag `base-browser` commit:
|
|
110
|
+ - **NOTE** : Currently we are using the `Bug 40926: Implemented the New Identity feature` commit as the final commit of `base-browser` before `tor-browser`
|
|
111
|
+ - Tag : `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-build1`
|
|
112
|
+ - Message: `Tagging build1 for $(ESR_VERSION)esr-based alpha`
|
86
|
113
|
- [ ] Sign/Tag `tor-browser` commit :
|
87
|
114
|
- Tag : `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(FIREFOX_BUILD_N)`
|
88
|
|
- - Message : `Tagging $(FIREFOX_BUILD_N) for $(ESR_VERSION)esr-based (alpha|stable)`
|
89
|
|
-- [ ] Push tag to `origin`
|
|
115
|
+ - Message : `Tagging $(FIREFOX_BUILD_N) for $(ESR_VERSION)esr-based alpha`
|
|
116
|
+- [ ] Push rebased branches and tags to `origin`
|
|
117
|
+- [ ] Update Gitlab Default Branch to new Alpha branch: https://gitlab.torproject.org/tpo/applications/tor-browser/-/settings/repository
|
90
|
118
|
|
91
|
119
|
</details>
|
92
|
120
|
|
93
|
121
|
<details>
|
94
|
|
- <summary>Android</summary>
|
95
|
|
-
|
96
|
|
-### **geckoview**: https://gitlab.torproject.org/tpo/applications/tor-browser.git
|
97
|
|
-- [ ] ***(Optional)*** Rebase to `$(RR_VERSION)`
|
98
|
|
- - [ ] Find the Firefox hg tag here : https://hg.mozilla.org/releases/mozilla-release/tags
|
99
|
|
- - [ ] `$(RR_TAG)` : `<INSERT_TAG_HERE>`
|
100
|
|
- - [ ] Identify the hg patch associated with above hg tag, and find the equivalent `gecko-dev` git commit (search by commit message)
|
101
|
|
- - [ ] `gecko-dev` commit : `<INSERT_COMMIT_HASH_HERE>`
|
102
|
|
- - [ ] Create new `geckoview` branch with the discovered `gecko-dev` commit as `HEAD` named `geckoview-$(RR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
|
103
|
|
- - [ ] Sign/Tag commit :
|
104
|
|
- - Tag : `$(RR_TAG)`
|
105
|
|
- - Message : `Hg tag $(RR_TAG)`
|
106
|
|
- - [ ] Push new branch and tag to origin
|
107
|
|
- - [ ] Rebase `geckoview` patches
|
108
|
|
- - [ ] Compare patch-sets (ensure nothing *weird* happened during rebase):
|
109
|
|
- - [ ] rangediff: `git range-diff $(RR_TAG_PREV)..$(GECKOVIEW_BRANCH_PREV) $(RR_TAG)..$(GECKOVIEW_BRANCH)`
|
110
|
|
- - [ ] diff of diffs:
|
111
|
|
- - Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred `$(DIFF_TOOL)` and look at differences on lines that starts with + or -
|
112
|
|
- - [ ] `git diff $(RR_TAG_PREV)..$(GECKOVIEW_BRANCH_PREV) > current_patchset.diff`
|
113
|
|
- - [ ] `git diff $(RR_TAG)..$(GECKOVIEW_BRANCH) > rebased_patchset.diff`
|
114
|
|
- - [ ] `$(DIFF_TOOL) current_patchset.dif rebased_patchset.deff`
|
115
|
|
- - [ ] Open MR for the rebase
|
116
|
|
-- [ ] ***(Optional)*** Backport any required patches to Stable
|
117
|
|
- - [ ] cherry-pick patches on top of rebased branch (issues to backport should have `Backport` label and be linked to the associated `Release Prep` issue)
|
118
|
|
- - [ ] Close associated `Backport` issues
|
119
|
|
- - [ ] Open MR for the backport commits
|
120
|
|
- - [ ] Merge + Push
|
121
|
|
-- [ ] Sign/Tag `geckoview` commit :
|
122
|
|
- - Tag : `geckoview-$(RR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(FIREFOX_BUILD_N)`
|
123
|
|
- - Message : `Tagging $(FIREFOX_BUILD_N) for $(RR_VERSION)-based (alpha|stable)`
|
124
|
|
-- [ ] Push tag to `origin`
|
125
|
|
-
|
126
|
|
-### **tba-translation** ***(Optional)***: https://gitlab.torproject.org/tpo/translation.git
|
127
|
|
-- **NOTE** We only update strings in stable if a backported feature depends on new strings
|
128
|
|
-- [ ] Fetch latest and identify new `HEAD` of `fenix-torbrowserstringsxml` branch
|
129
|
|
- - [ ] `origin/fenix-torbrowserstringsxml` : `<INSERT COMMIT HASH HERE>`
|
130
|
|
-
|
131
|
|
-### **tor-android-service** ***(Optional)***: https://gitlab.torproject.org/tpo/applications/tor-android-service.git
|
132
|
|
-- [ ] Fetch latest and identify new `HEAD` of `main` branch
|
133
|
|
- - [ ] `origin/main` : `<INSERT COMMIT HASH HERE>`
|
134
|
|
-
|
135
|
|
-### **application-services** : *TODO: we need to setup a gitlab copy of this repo that we can apply security backports to*
|
136
|
|
-- [ ] ***(Optional)*** Backport any Android-specific security fixes from Firefox rapid-release
|
137
|
|
-- [ ] Sign/Tag commit:
|
138
|
|
- - Tag : `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
|
139
|
|
- - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based (alpha|stable)`
|
140
|
|
-- [ ] Push tag to `origin`
|
141
|
|
-### **android-components** ***(Optional)***: https://gitlab.torproject.org/tpo/applications/android-components.git
|
142
|
|
-- [ ] ***(Optional)*** Rebase to `$(RR_VERSION)`
|
143
|
|
- - [ ] Identify the `mozilla-mobile` git tag to start from by first updating `fenix` and then checking which `android-components` tag is used in `buildSrc/src/main/java/AndroidComponents.kt`
|
144
|
|
- - Alternatively search for commit message like `Update Android-Components`
|
145
|
|
- - [ ] Create new branch from tag named `android-components-$(RR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1`
|
146
|
|
- - [ ] Push new branch to origin
|
147
|
|
- - [ ] Rebase `android-components` patches
|
148
|
|
- - [ ] Perform rangediff to ensure nothing weird happened resolving conflicts
|
149
|
|
- - [ ] Open MR for the rebase
|
150
|
|
- - [ ] Merge + Push
|
151
|
|
-- [ ] ***(Optional)*** Backport any required patches to Stable
|
152
|
|
- - [ ] cherry-pick patches on top of rebased branch (issues to backport should have `Backport` label and be linked to the associated `Release Prep` issue)
|
153
|
|
- - [ ] Close associated `Backport` issues
|
154
|
|
- - [ ] Open MR for the backport commits
|
155
|
|
- - [ ] Merge + Push
|
156
|
|
- [ ] Sign/Tag commit:
|
157
|
|
- - Tag : `android-components-$(RR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
|
158
|
|
- - Message: `Tagging $(BUILD_N) for $(RR_VERSION)-based (alpha|stable)`
|
159
|
|
- - [ ] Push tag to origin
|
160
|
|
-
|
161
|
|
-### **fenix** ***(Optional)***: https://gitlab.torproject.org/tpo/applications/fenix.git
|
162
|
|
-- [ ] ***(Optional)*** Rebase to `$(RR_VERSION)`
|
163
|
|
- - Upstream git repo : https://github.com/mozilla-mobile/fenix.git
|
164
|
|
- - [ ] Identify the `mozilla-mobile` git tag to start from
|
165
|
|
- - Seem to be in the form `v$(RR_VERSION)` (for example, `v96.3.0`)
|
166
|
|
- - [ ] Create new branch from tag named `tor-browser-$(RR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1`
|
167
|
|
- - **NOTE** : it is weird but we do use `tor-browser` here rather than `fenix`
|
168
|
|
- - [ ] Push new branch to origin
|
169
|
|
- - [ ] Rebase `fenix` patches
|
170
|
|
- - [ ] Perform rangediff to ensure nothing weird happened resolving conflicts
|
171
|
|
- - [ ] Open MR for the rebase
|
172
|
|
- - [ ] Merge + Push
|
173
|
|
-- [ ] ***(Optional)*** Backport any required patches to Stable
|
174
|
|
- - [ ] cherry-pick patches on top of rebased branch (issues to backport should have `Backport` label and be linked to the associated `Release Prep` issue)
|
175
|
|
- - [ ] Close associated `Backport` issues
|
176
|
|
- - [ ] Open MR for the backport commits
|
177
|
|
- - [ ] Merge + Push
|
178
|
|
-- [ ] Sign/Tag commit:
|
179
|
|
- - Tag : `tor-browser-$(RR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
|
180
|
|
- - Message: `Tagging $(BUILD_N) for $(RR_VERSION)-based (alpha|stable)`
|
181
|
|
-- [ ] Push tag to origin
|
182
|
|
-
|
183
|
|
-</details>
|
184
|
|
-
|
185
|
|
-<details>
|
186
|
|
- <summary>Build/Signing/Publishing</summary>
|
|
122
|
+ <summary>Build</summary>
|
187
|
123
|
|
188
|
124
|
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
|
189
|
|
-Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in the various `$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-maint` (and possibly more specific) branches
|
|
125
|
+Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches
|
190
|
126
|
|
191
|
127
|
- [ ] Update `rbm.conf`
|
192
|
128
|
- [ ] `var/torbrowser_version` : update to next version
|
193
|
129
|
- [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)`
|
194
|
130
|
- [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from` : update to previous Desktop version
|
195
|
131
|
- [ ] **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make incrementals-*` step will fail
|
196
|
|
-- [ ] ***(Desktop Only)*** Update `projects/firefox/config`
|
|
132
|
+- [ ] Update `projects/firefox/config`
|
197
|
133
|
- [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag
|
198
|
134
|
- [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
|
199
|
|
-- [ ] ***(Android Only)*** Update `projects/geckoview/config`
|
200
|
|
- - [ ] `git_hash` : update the `$(BUILD_N)` section to match `geckoview` tag
|
201
|
|
- - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(RR_VERSION)` if rebased
|
202
|
|
-- [ ] ***(Android Only, Optional)*** Update `projects/tba-translations/config`:
|
|
135
|
+- [ ] Update `projects/geckoview/config`
|
|
136
|
+ - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag
|
|
137
|
+ - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased
|
|
138
|
+- [ ] Update `projects/translation-base-browser/config`
|
|
139
|
+ - [ ] `git_hash` : update with `HEAD` commit of project's `base-browser` branch
|
|
140
|
+- [ ] Update `projects/translation-base-browser-fluent/config`
|
|
141
|
+ - [ ] `git_hash` : update with `HEAD` commit of project's `basebrowser-newidentityftl` branch
|
|
142
|
+- [ ] Update `projects/tba-translations/config`:
|
203
|
143
|
- [ ] `git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
|
204
|
|
-- [ ] ***(Android Only, Optional)*** Update `projects/tor-android-service/config`
|
|
144
|
+- [ ] ***(Optional)*** Update `projects/tor-android-service/config`
|
205
|
145
|
- [ ] `git_hash` : update with `HEAD` commit of project's `main` branch
|
206
|
|
-- [ ] ***(Android Only, Optional)*** Update `projects/application-services/config`:
|
|
146
|
+- [ ] ***(Optional)*** Update `projects/application-services/config`:
|
207
|
147
|
**NOTE** we don't have any of our own patches for this project
|
208
|
|
- - [ ] `git_hash` : update to appropriate git commit associated with $(RR_VERSION)
|
209
|
|
-- [ ] ***(Android Only, Optional)*** Update `projects/android-components/config`
|
210
|
|
- - [ ] `git_hash` : update the `$(BUILD_N)` section to match `android-components` tag
|
211
|
|
- - [ ] ***(Optional)*** `var/android_components_version` : update to latest `$(RR_VERSION)` if rebased
|
212
|
|
-- [ ] ***(Android Only, Optional)*** Update `projects/fenix/config`
|
|
148
|
+ - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)`
|
|
149
|
+- [ ] Update `projects/android-components/config`:
|
|
150
|
+ - [ ] `git_hash` : update the `$(BUILD_N)` section to match alpha `android-components` tag
|
|
151
|
+- [ ] Update `projects/fenix/config`
|
213
|
152
|
- [ ] `git_hash` : update the `$(BUILD_N)` section to match `fenix` tag
|
214
|
|
- - [ ] ***(Optional)*** `var/fenix_version` : update to latest `$(RR_VERSION)` if rebased
|
215
|
|
-- [ ] ***(Android Only)*** Update allowed_addons.json by running (from `tor-browser-build` root):
|
216
|
|
- - `./tools/fetch_allowed_addons.py > projects/tor-browser/allowed_addons.json`
|
|
153
|
+ - [ ] ***(Optional)*** `var/fenix_version` : update to latest `$(ESR_VERSION)` if rebased
|
|
154
|
+- [ ] Update allowed_addons.json by running (from `tor-browser-build` root):
|
|
155
|
+ - `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
|
217
|
156
|
- [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
|
218
|
|
- - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/tor-browser/config`
|
|
157
|
+ - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
|
219
|
158
|
- [ ] `URL`
|
220
|
159
|
- [ ] `sha256sum`
|
221
|
|
-- [ ] Check for OpenSSL updates here : https://github.com/openssl/openssl/tags
|
222
|
|
- - [ ] ***(Optional)*** If new 1.X.Y series tag available, update `projects/openssl/config`
|
223
|
|
- - [ ] `version` : update to next 1.X.Y release tag
|
|
160
|
+- [ ] Check for OpenSSL updates here : https://www.openssl.org/source/
|
|
161
|
+ - [ ] ***(Optional)*** If new 1.X.Y version available, update `projects/openssl/config`
|
|
162
|
+ - [ ] `version` : update to next 1.X.Y version
|
224
|
163
|
- [ ] `input_files/sha256sum` : update to sha256 sum of source tarball
|
225
|
|
-- [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags ; Tor Browser Alpha uses `-alpha` tagged tor, while stable uses the stable series
|
|
164
|
+- [ ] Check for zlib updates here: https://github.com/madler/zlib/releases
|
|
165
|
+ - [ ] **(Optional)** If new tag available, update `projects/zlib/config`
|
|
166
|
+ - [ ] `version` : update to next release tag
|
|
167
|
+- [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags ; Tor Browser Alpha uses latest `-alpha` tagged tor (or latest of stable if newer)
|
226
|
168
|
- [ ] ***(Optional)*** Update `projects/tor/config`
|
227
|
169
|
- [ ] `version` : update to next release tag
|
228
|
170
|
- [ ] Check for go updates here : https://golang.org/dl
|
... |
... |
@@ -244,7 +186,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in |
244
|
186
|
- [ ] Ensure ChangeLog.txt is sync'd between alpha and stable branches
|
245
|
187
|
- [ ] Open MR with above changes
|
246
|
188
|
- [ ] Begin build on `$(BUILD_SERVER)` (and fix any issues which come up)
|
247
|
|
-- [ ] Sign/Tag commit : `make signtag-(alpha|release)`
|
|
189
|
+- [ ] Sign/Tag commit : `make signtag-release`
|
248
|
190
|
- [ ] Push tag to origin
|
249
|
191
|
|
250
|
192
|
### notify stakeholders
|
... |
... |
@@ -255,57 +197,32 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in |
255
|
197
|
- [ ] Email Tails dev mailing list: tails-dev@boum.org
|
256
|
198
|
- [ ] Provide links to unsigned builds on `$(BUILD_SERVER)`
|
257
|
199
|
|
258
|
|
-### blog: https://gitlab.torproject.org/tpo/web/blog.git
|
259
|
|
-
|
260
|
|
-- [ ] Duplicate previous Stable or Alpha release blog post as appropriate to new directory under `content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with info on release :
|
261
|
|
- - [ ] Update Tor Browser version numbers
|
262
|
|
- - [ ] Note any ESR rebase
|
263
|
|
- - [ ] Note any Rapid Release rebase
|
264
|
|
- - [ ] Link to any Firefox security updates
|
265
|
|
- - [ ] Note any updates to :
|
266
|
|
- - [ ] tor
|
267
|
|
- - [ ] OpenSSL
|
268
|
|
- - [ ] go
|
269
|
|
- - [ ] NoScript
|
270
|
|
- - [ ] Convert ChangeLog.txt to markdown format used here by : `tor-browser-build/tools/changelog-format-blog-post`
|
271
|
|
-- [ ] Push to origin as new branch, open 'Draft :' MR
|
272
|
|
-- [ ] Remove `Draft:` from MR once signed-packages are uploaded
|
273
|
|
-- [ ] Merge
|
274
|
|
-- [ ] Publish after CI passes
|
|
200
|
+</details>
|
275
|
201
|
|
276
|
|
-### website: https://gitlab.torproject.org/tpo/web/tpo.git
|
277
|
|
-- [ ] `databags/versions.ini` : Update the downloads versions
|
278
|
|
- - `torbrowser-stable/version` : sort of a catch-all for latest stable version
|
279
|
|
- - `torbrowser-stable/win32` : tor version in the expert bundle
|
280
|
|
- - `torbrowser-*-stable/version` : platform-specific stable versions
|
281
|
|
- - `torbrowser-*-alpha/version` : platform-specific alpha versions
|
282
|
|
- - `tor-stable`,`tor-alpha` : set by tor devs, do not touch
|
283
|
|
-- [ ] Push to origin as new branch, open 'Draft :' MR
|
284
|
|
-- [ ] Remove `Draft:` from MR once signed-packages are uploaded
|
285
|
|
-- [ ] Merge
|
286
|
|
-- [ ] Publish after CI passes
|
|
202
|
+<details>
|
|
203
|
+ <summary>Signing/Publishing</summary>
|
287
|
204
|
|
288
|
205
|
### signing + publishing
|
289
|
206
|
- [ ] Ensure builders have matching builds
|
290
|
207
|
- [ ] On `$(STAGING_SERVER)`, ensure updated:
|
291
|
208
|
- [ ] `tor-browser-build/tools/signing/set-config`
|
292
|
|
- - [ ] `NSS_DB_DIR` : location of the `nssdb7` directory
|
|
209
|
+ - `NSS_DB_DIR` : location of the `nssdb7` directory
|
293
|
210
|
- [ ] `tor-browser-build/tools/signing/set-config.hosts`
|
294
|
|
- - [ ] `ssh_host_builder` : ssh hostname of machine with unsigned builds
|
|
211
|
+ - `ssh_host_builder` : ssh hostname of machine with unsigned builds
|
295
|
212
|
- **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
|
296
|
|
- - [ ] `ssh_host_linux_signer` : ssh hostname of linux signing machine
|
297
|
|
- - [ ] `ssh_host_macos_signer` : ssh hostname of macOS signing machine
|
|
213
|
+ - `ssh_host_linux_signer` : ssh hostname of linux signing machine
|
|
214
|
+ - `ssh_host_macos_signer` : ssh hostname of macOS signing machine
|
298
|
215
|
- [ ] `tor-browser-build/tools/signing/set-config.macos-notarization`
|
299
|
|
- - [ ] `macos_notarization_user` : the email login for a tor notariser Apple Developer account
|
|
216
|
+ - `macos_notarization_user` : the email login for a tor notariser Apple Developer account
|
300
|
217
|
- [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
|
301
|
|
- - [ ] `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
|
302
|
|
- - [ ] `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
|
303
|
|
- - [ ] `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases
|
|
218
|
+ - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
|
|
219
|
+ - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
|
|
220
|
+ - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases
|
304
|
221
|
- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run the macOS proxy script:
|
305
|
222
|
- `cd tor-browser-build/tools/signing/`
|
306
|
223
|
- `./macos-signer-proxy`
|
307
|
224
|
- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
|
308
|
|
-- [ ] ***(Android Only)*** APK Signing: *TODO*
|
|
225
|
+- [ ] apk signing : copy signed `*multi.apk` files to the unsigned build outputs directory
|
309
|
226
|
- [ ] run do-all-signing script:
|
310
|
227
|
- `cd tor-browser-build/tools/signing/`
|
311
|
228
|
- `./do-all-signing.sh`
|
... |
... |
@@ -317,23 +234,51 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in |
317
|
234
|
- [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
|
318
|
235
|
- [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
|
319
|
236
|
- [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
|
320
|
|
- - [ ] Enable update responses :
|
321
|
|
- - [ ] alpha: `./deploy_update_responses-alpha.sh`
|
322
|
|
- - [ ] release: `./deploy_update_responses-release.sh`
|
323
|
|
-- [ ] ***(Android Only)*** : Publish APKs to Google Play:
|
324
|
|
- - [ ] Log into https://play.google.com/apps/publish
|
325
|
|
- - [ ] Select `Tor Browser` app
|
326
|
|
- - [ ] Navigate to `Release > Production` and click `Create new release` button
|
|
237
|
+ - [ ] Enable update responses : `./deploy_update_responses-alpha.sh`
|
|
238
|
+- [ ] Publish APKs to Google Play:
|
|
239
|
+ - Log into https://play.google.com/apps/publish
|
|
240
|
+ - Select `Tor Browser (Alpha)` app
|
|
241
|
+ - Navigate to `Release > Production` and click `Create new release` button
|
327
|
242
|
- [ ] Upload the `*.multi.apk` APKs
|
328
|
|
- - [ ] If necessary, update the 'Release Name' (should be automatically populated)
|
|
243
|
+ - [ ] Update Release Name to Tor Browser version number
|
329
|
244
|
- [ ] Update Release Notes
|
330
|
|
- - [ ] Next to 'Release notes', click `Copy from a previous release`
|
|
245
|
+ - Next to 'Release notes', click `Copy from a previous release`
|
331
|
246
|
- [ ] Edit blog post url to point to most recent blog post
|
332
|
|
- - [ ] Save, review, and configure rollout percentage
|
|
247
|
+ - Save, review, and configure rollout percentage
|
333
|
248
|
- [ ] 25% rollout when publishing a scheduled update
|
334
|
249
|
- [ ] 100% rollout when publishing a security-driven release
|
335
|
250
|
- [ ] Update rollout percentage to 100% after confirmed no major issues
|
336
|
251
|
|
|
252
|
+### website: https://gitlab.torproject.org/tpo/web/tpo.git
|
|
253
|
+- [ ] `databags/versions.ini` : Update the downloads versions
|
|
254
|
+ - `torbrowser-stable/version` : sort of a catch-all for latest stable version
|
|
255
|
+ - `torbrowser-alpha/version` : sort of a catch-all for latest stable version
|
|
256
|
+ - `torbrowser-*-stable/version` : platform-specific stable versions
|
|
257
|
+ - `torbrowser-*-alpha/version` : platform-specific alpha versions
|
|
258
|
+ - `tor-stable`,`tor-alpha` : set by tor devs, do not touch
|
|
259
|
+- [ ] Push to origin as new branch, open 'Draft :' MR
|
|
260
|
+- [ ] Remove `Draft:` from MR once signed-packages are uploaded
|
|
261
|
+- [ ] Merge
|
|
262
|
+- [ ] Publish after CI passes and builds are published
|
|
263
|
+
|
|
264
|
+### blog: https://gitlab.torproject.org/tpo/web/blog.git
|
|
265
|
+
|
|
266
|
+- [ ] Duplicate previous Stable or Alpha release blog post as appropriate to new directory under `content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with info on release :
|
|
267
|
+ - [ ] Update Tor Browser version numbers
|
|
268
|
+ - [ ] Note any ESR rebase
|
|
269
|
+ - [ ] Link to any Firefox security updates from ESR upgrade
|
|
270
|
+ - [ ] Link to any Android-specific security backports
|
|
271
|
+ - [ ] Note any updates to :
|
|
272
|
+ - tor
|
|
273
|
+ - OpenSSL
|
|
274
|
+ - NoScript
|
|
275
|
+ - [ ] Convert ChangeLog.txt to markdown format used here by :
|
|
276
|
+ - `tor-browser-build/tools/changelog-format-blog-post`
|
|
277
|
+- [ ] Push to origin as new branch, open `Draft:` MR
|
|
278
|
+- [ ] Remove `Draft:` from MR once signed-packages are uploaded
|
|
279
|
+- [ ] Merge
|
|
280
|
+- [ ] Publish after CI passes and website has been updated
|
|
281
|
+
|
337
|
282
|
### tor-announce mailing list
|
338
|
283
|
- [ ] Send an email to tor-announce@lists.torproject.org, using the same content as the blog post and subject "Tor Browser $version is released".
|
339
|
284
|
|