commit 35411af55b92ee4d1c823aaefc5a5062ac940787 Author: Georg Koppen <gk@torproject.org> Date: Fri May 2 09:17:54 2014 +0000 Add stopgap for shipping HTTPS-Everywhere. Until bug 11630 is fixed we add a better stopgap than shipping outdated HTTPS-Everywhere versions: we take the NoScript route and download and use the .xpi made by the EFF. --- gitian/descriptors/linux/gitian-bundle.yml | 11 ++++++----- gitian/descriptors/mac/gitian-bundle.yml | 11 ++++++----- gitian/descriptors/windows/gitian-bundle.yml | 11 ++++++----- gitian/fetch-inputs.sh | 6 ++++-- gitian/versions.beta | 4 ++++ gitian/versions.nightly | 4 ++++ 6 files changed, 30 insertions(+), 17 deletions(-) diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml index c16589a..006883c 100644 --- a/gitian/descriptors/linux/gitian-bundle.yml +++ b/gitian/descriptors/linux/gitian-bundle.yml @@ -41,6 +41,7 @@ files: - "linux-skeleton.zip" - "linux-langpacks.zip" - "noscript@noscript.net.xpi" +- "https-everywhere@eff.org.xpi" - "dzip.sh" - "dtar.sh" - "bare-version" @@ -88,13 +89,13 @@ script: | ~/build/dzip.sh ../../../tor-browser/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi . cd ../../../ # - cd https-everywhere + #cd https-everywhere # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066 - rm -f .git/refs/heads/master - ./makexpi.sh - cp pkg/*.xpi ../tor-browser/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi - cd .. + #rm -f .git/refs/heads/master + #./makexpi.sh + #cp pkg/*.xpi ../tor-browser/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi + #cd .. # cp *.xpi tor-browser/Data/Browser/profile.default/extensions/ cd tor-browser/Data/Browser/profile.default/extensions diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index 263ca57..2668c7d 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -41,6 +41,7 @@ files: - "dmg-desktop.tar.xz" - "mac-langpacks.zip" - "noscript@noscript.net.xpi" +- "https-everywhere@eff.org.xpi" - "dzip.sh" - "ddmg.sh" - "libdmg.patch" @@ -95,13 +96,13 @@ script: | ~/build/dzip.sh ../../../$TORBROWSER_NAME.app/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi . cd ../../../ # - cd https-everywhere + # cd https-everywhere # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066 - rm -f .git/refs/heads/master - ./makexpi.sh - cp pkg/*.xpi ../$TORBROWSER_NAME.app/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi - cd .. + # rm -f .git/refs/heads/master + # ./makexpi.sh + # cp pkg/*.xpi ../$TORBROWSER_NAME.app/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi + # cd .. # cp *.xpi ./$TORBROWSER_NAME.app/Data/Browser/profile.default/extensions/ cd $TORBROWSER_NAME.app/Data/Browser/profile.default/extensions/ diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml index 457fa7b..ebde49b 100644 --- a/gitian/descriptors/windows/gitian-bundle.yml +++ b/gitian/descriptors/windows/gitian-bundle.yml @@ -37,6 +37,7 @@ files: - "windows-skeleton.zip" - "win32-langpacks.zip" - "noscript@noscript.net.xpi" +- "https-everywhere@eff.org.xpi" - "dzip.sh" - "bare-version" - "bundle.inputs" @@ -78,13 +79,13 @@ script: | ~/build/dzip.sh ../../../tbb-windows-installer/"Tor Browser"/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi . cd ../../../ # - cd https-everywhere + #cd https-everywhere # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066 - rm -f .git/refs/heads/master - ./makexpi.sh - cp ./pkg/*.xpi ../tbb-windows-installer/"Tor Browser"/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi - cd .. + #rm -f .git/refs/heads/master + #./makexpi.sh + #cp ./pkg/*.xpi ../tbb-windows-installer/"Tor Browser"/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi + #cd .. # cp *.xpi tbb-windows-installer/"Tor Browser"/Data/Browser/profile.default/extensions cd tbb-windows-installer/"Tor Browser"/Data/Browser/profile.default/extensions diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index f80348e..b542cf0 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -206,8 +206,9 @@ done cd .. -# NoScript and PDF.JS are magikal and special: +# NoScript and HTTPS-Everywhere are magikal and special: wget -U "" -N ${NOSCRIPT_URL} +wget -U "" -N ${HTTPSE_URL} # So is mingw: if [ ! -f mingw-w64-svn-snapshot.zip ]; @@ -226,7 +227,7 @@ fi # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK is not signed at all) -for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MINGW MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP +for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MINGW MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" @@ -262,6 +263,7 @@ done cd .. ln -sf "$NOSCRIPT_PACKAGE" noscript@noscript.net.xpi +ln -sf "$HTTPSE_PACKAGE" https-everywhere@eff.org.xpi ln -sf "$OPENSSL_PACKAGE" openssl.tar.gz ln -sf "$BINUTILS_PACKAGE" binutils.tar.bz2 ln -sf "$GCC_PACKAGE" gcc.tar.bz2 diff --git a/gitian/versions.beta b/gitian/versions.beta index 3460248..b5cfa53 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -38,11 +38,13 @@ M2CRYPTO_VER=0.21.1 PY2EXE_VER=0.6.9 SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 +HTTPSE_VER=3.5.1 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.20-fn+fx+sm.xpi +HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb @@ -69,6 +71,7 @@ OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 NOSCRIPT_HASH=dae2abeb3c57240168c1fdfbf6c6664fa64859fb430ca1a05c218f81371f5ad1 +HTTPSE_HASH=62ac6560bb224a8f5557722153a72fb245b30b345940c537423bfbb7d8144e29 MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c @@ -89,6 +92,7 @@ OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSXSDK_P BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE} GCC_URL=https://ftp.gnu.org/gnu/gcc/gcc-${GCC_VER}/${GCC_PACKAGE} NOSCRIPT_URL=https://addons.cdn.mozilla.net/storage/public-staging/722/${NOSCRIPT_PACKAGE} +HTTPSE_URL=https://www.eff.org/files/${HTTPSE_PACKAGE} PYTHON_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_PACKAGE} PYTHON_MSI_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_MSI_PACKAGE} PYCRYPTO_URL=https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/${PYCRYPTO_PACKAGE} diff --git a/gitian/versions.nightly b/gitian/versions.nightly index c8a8d7c..355b68a 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -39,11 +39,13 @@ M2CRYPTO_VER=0.21.1 PY2EXE_VER=0.6.9 SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 +HTTPSE_VER=3.5.1 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.20-fn+fx+sm.xpi +HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb @@ -70,6 +72,7 @@ OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 NOSCRIPT_HASH=dae2abeb3c57240168c1fdfbf6c6664fa64859fb430ca1a05c218f81371f5ad1 +HTTPSE_HASH=62ac6560bb224a8f5557722153a72fb245b30b345940c537423bfbb7d8144e29 MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c @@ -90,6 +93,7 @@ OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSXSDK_P BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE} GCC_URL=https://ftp.gnu.org/gnu/gcc/gcc-${GCC_VER}/${GCC_PACKAGE} NOSCRIPT_URL=https://addons.cdn.mozilla.net/storage/public-staging/722/${NOSCRIPT_PACKAGE} +HTTPSE_URL=https://www.eff.org/files/${HTTPSE_PACKAGE} PYTHON_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_PACKAGE} PYTHON_MSI_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_MSI_PACKAGE} PYCRYPTO_URL=https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/${PYCRYPTO_PACKAGE}