boklm pushed to branch mullvad-browser-115.6.0esr-13.0-1 at The Tor Project / Applications / Mullvad Browser
Commits:
65b3f1db by Nicolas Vigier at 2023-12-14T16:46:37+01:00
squash! MB 79: Add Mullvad Browser MAR signing keys
MB 256: Add mullvad-browser nightly mar signing key
- - - - -
2 changed files:
- toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der
- toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der
Changes:
=====================================
toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der
=====================================
Binary files a/toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der and b/toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der differ
=====================================
toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der
=====================================
Binary files a/toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der and b/toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der differ
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/65b…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/65b…
You're receiving this email because of your account on gitlab.torproject.org.
richard pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
338d8950 by Richard Pospesel at 2023-12-14T16:11:19+00:00
Bug 41043: Create script to push build requests to Mullvad build servers
- - - - -
4 changed files:
- Makefile
- projects/release/config
- + projects/release/kick_devmole_build
- rbm.local.conf.example
Changes:
=====================================
Makefile
=====================================
@@ -685,6 +685,10 @@ torbrowser-signtag-release: submodule-update
torbrowser-signtag-alpha: submodule-update
$(rbm) build release --step signtag --target alpha --target torbrowser
+# requires var/devmole_auth_token to be set in rbm.local.conf
+torbrowser-kick-devmole-build: submodule-update
+ $(rbm) build release --step kick_devmole_build --target torbrowser
+
# requires tpo_user variable be set in rbm.local.conf
mullvadbrowser-upload-sha256sums-release: submodule-update
$(rbm) build release --step upload_sha256sums --target release --target mullvadbrowser
@@ -699,6 +703,10 @@ mullvadbrowser-signtag-release: submodule-update
mullvadbrowser-signtag-alpha: submodule-update
$(rbm) build release --step signtag --target alpha --target mullvadbrowser
+# requires var/devmole_auth_token to be set in rbm.local.conf
+mullvadbrowser-kick-devmole-build: submodule-update
+ $(rbm) build release --step kick_devmole_build --target mullvadbrowser
+
fetch: submodule-update
$(rbm) fetch
=====================================
projects/release/config
=====================================
@@ -279,3 +279,8 @@ steps:
name: mar-tools
pkg_type: fetch_martools
compare_mar_signed_unsigned: '[% INCLUDE compare_mar_signed_unsigned %]'
+ kick_devmole_build:
+ build_log: '-'
+ debug: 0
+ input_files: []
+ kick_devmole_build: '[% INCLUDE kick_devmole_build %]'
=====================================
projects/release/kick_devmole_build
=====================================
@@ -0,0 +1,42 @@
+#!/usr/bin/bash
+
+# This script triggers a build of Tor or Mullvad Browser on Mullvad Infrastructure
+# Hashes are saved here: https://cdn.stagemole.eu/hashes/
+# A Mullvad build server auth token (var/devmole_auth_token) is required to build
+# For now you have to be connecting from Sweden (ie via Malmö or Gothenburg exits using MullvadVPN) for your request to succeed
+
+set -e
+
+# get our build tag
+TAG=[% c("var/git_tag_prefix") %]-[% c("var/torbrowser_version") %]-[% c("var/torbrowser_build") %]
+
+# check for tag existence
+if ! git rev-parse ${TAG} > /dev/null 2>&1; then
+ echo "Error: build tag '${TAG}' does not exist"
+ exit 1
+fi
+
+# determine whether alpha or release based on the build tag
+RELEASE=
+if [[ "${TAG}" =~ ^(mb|tbb)-[1-9][0-9]\.[05]a[1-9][0-9]*-build[1-9]$ ]]; then
+ RELEASE="alpha"
+elif [[ "${TAG}" =~ ^(mb|tbb)-[1-9][0-9]\.[05](\.[1-9][0-9]*)?-build[1-9]$ ]]; then
+ RELEASE="release"
+else
+ echo "Error: malformed build tag '${TAG}'"
+ exit 1
+fi
+
+# get auth token for submission to devmole build server
+AUTH_TOKEN=[% c("buildconf/devmole_auth_token") %]
+if [[ "${AUTH_TOKEN}" = "" ]]; then
+ echo "AUTH_TOKEN: ${AUTH_TOKEN}"
+ echo "Error: buildconf/devmole_auth_token missing from rbm.local.conf"
+ exit 1
+fi
+
+# make request
+curl -X POST "https://drone-server.devmole.eu/api/repos/mullvad/browser-build/builds?bran…" -H "Authorization: Bearer ${AUTH_TOKEN}" -H "Accept: application/json"
+
+echo
+echo Hashes will appear here: https://cdn.stagemole.eu/hashes/[% c("var/projectname") %]/[% c("var/torbrowser_version") %]-[% c("var/torbrowser_build") %]
=====================================
rbm.local.conf.example
=====================================
@@ -42,6 +42,11 @@ buildconf:
### signing the tag.
#git_signtag_opt: '-u keyid'
+ ### The buildconf/devmole_auth_token option is used for starting remote builds on
+ ### Mullvad's devmole server using the kick_devmole_build step in the release
+ ### project. Such a token can be acquired from the Mullvad sysadmins.
+ #devmole_auth_token: abcdefghijklmnopqrstuvwxyz012345
+
var:
local_conf: 1
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3…
You're receiving this email because of your account on gitlab.torproject.org.
richard pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
00416964 by Nicolas Vigier at 2023-12-14T14:37:24+00:00
Bug 41044: Add version.json file to Mullvad Browser
Add a file to make it easier to detect the version of Mullvad Browser
installed, like the tbb_version.json file we have in Tor Browser.
- - - - -
2 changed files:
- projects/browser/build
- projects/browser/config
Changes:
=====================================
projects/browser/build
=====================================
@@ -302,10 +302,9 @@ do
[% c("touch") %] defaults/preferences/[% c("var/prefs_file") %]
zip -Xm omni.ja defaults/preferences/[% c("var/prefs_file") %]
rm -rf defaults
- [% IF c("var/tor-browser") %]
- # create tbb_version.json file for tor-browser#25020
- echo '{"version":"[% c("var/torbrowser_version") %]","architecture":"[% c("var/mar_osname") %]","channel":"[% c("var/channel") %]","locale":"en-US"}' > ../tbb_version.json
- [% END -%]
+ # create tbb_version.json (torbrowser) or version.json (mullvadbrowser)
+ # file for tor-browser#25020 and tor-browser-build#41044
+ echo '{"version":"[% c("var/torbrowser_version") %]","architecture":"[% c("var/mar_osname") %]","channel":"[% c("var/channel") %]","locale":"en-US"}' > ../[% c("var/version_json") %]
popd
done
=====================================
projects/browser/config
=====================================
@@ -13,6 +13,7 @@ var:
- bzip2
- jq
mar_osname: '[% c("var/osname") %]'
+ version_json: version.json
targets:
linux:
@@ -49,6 +50,7 @@ targets:
torbrowser:
var:
prefs_file: 000-tor-browser.js
+ version_json: tbb_version.json
basebrowser:
var:
prefs_file: 001-base-profile.js
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0…
You're receiving this email because of your account on gitlab.torproject.org.
richard pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
2854ab80 by Pier Angelo Vendrame at 2023-12-14T13:48:08+00:00
Bug 41042: Add options to include updates in the changelog scripts.
Pass the new version of components as arguments to avoid having to
change the changelog output after it has been generated by the script.
- - - - -
ae04fe1d by Pier Angelo Vendrame at 2023-12-14T13:48:08+00:00
Update the GitLab templates.
Update the release preparations for the new changelog script arguments
and also to fix some steps that were not correct anymore.
- - - - -
7 changed files:
- .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
- .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Tor Browser Stable.md
- .gitlab/merge_request_templates/default.md
- + .gitlab/merge_request_templates/relprep.md
- tools/fetch-changelogs.py
Changes:
=====================================
.gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md
=====================================
@@ -62,26 +62,20 @@
- [ ] ***(Optional)*** If new version available, update `mullvad-extension` section of `input_files` in `projects/browser/config`
- [ ] `URL`
- [ ] `sha256sum`
- - [ ] Update `ChangeLog-MB.txt`
- - [ ] Ensure ChangeLog-MB.txt is sync'd between alpha and stable branches
- - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
- - [ ] Run `tools/fetch-changelogs.py $(TOR_BROWSER_VERSION)` or `tools/fetch-changelogs.py '#$(ISSUE_NUMBER)'`
- - Make sure you have `requests` installed (e.g., `apt install python3-requests`)
- - The first time you run this script you will need to generate an access token; the script will guide you
- - [ ] Copy the output of the script to the beginning of `ChangeLog-MB.txt` and update its output
- - [ ] Version
- - [ ] Browser Name
- - [ ] Release Date
- - [ ] Under `All Platforms` include any version updates for:
- - NoScript
- - uBlock-origin
- - Mullvad Browser Extension
- - Firefox
- - [ ] Open MR with above changes
- - [ ] Build the MR after initial review on at least two of:
- - [ ] Tor Project build machine
- - [ ] Mullvad build machine
- - [ ] Local developer machine
+ - [ ] Update `ChangeLog-MB.txt`
+ - [ ] Ensure `ChangeLog-MB.txt` is sync'd between alpha and stable branches
+ - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
+ - [ ] Run `tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs`
+ - Make sure you have `requests` installed (e.g., `apt install python3-requests`)
+ - The first time you run this script you will need to generate an access token; the script will guide you
+ - `$updateArgs` should be these arguments, depending on what you actually updated:
+ - [ ] `--firefox`
+ - [ ] `--no-script`
+ - [ ] `--ublock`
+ - E.g., `tools/fetch-changelogs.py 41029 --date 'December 19 2023' --firefox 115.6.0esr --no-script 11.4.29 --ublock 1.54.0`
+ - `--date $date` is optional, if omitted it will be the date on which you run the command
+ - [ ] Copy the output of the script to the beginning of `ChangeLog-MB.txt` and adjust its output
+ - [ ] Open MR with above changes, using the template for release preparations
- [ ] Ensure builders have matching builds
- [ ] Merge
- [ ] Sign+Tag
@@ -92,32 +86,11 @@
- pierov
- richard
- [ ] Run: `make mullvadbrowser-signtag-alpha`
- - [ ] Push tag to `origin`
-
-</details>
-
-<details>
- <summary>QA</summary>
-
- ### send the build
- - [ ] Email Mullvad QA: support(a)mullvad.net, rui(a)mullvad.net
- <details>
- <summary>email template</summary>
-
- Subject:
- New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (unsigned)
-
- Body:
- unsigned builds: https://tb-build-05.torproject.org/~$(BUILDER)/builds/mullvadbrowser/alpha/…
-
- changelog:
- ...
-
- </details>
-
- - ***(Optional)*** Add additional information:
- - [ ] Note any new functionality which needs testing
- - [ ] Link to any known issues
+ - [ ] Push tag to `upstream`
+ - [ ] Build the tag on at least two of:
+ - [ ] Tor Project build machine
+ - [ ] Mullvad build machine
+ - [ ] Local developer machine
</details>
=====================================
.gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
=====================================
@@ -60,7 +60,20 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
- [ ] ***(Optional)*** If new version available, update `mullvad-extension` section of `input_files` in `projects/browser/config`
- [ ] `URL`
- [ ] `sha256sum`
-- [ ] Open MR with above changes
+- [ ] Update `ChangeLog-MB.txt`
+ - [ ] Ensure `ChangeLog-MB.txt` is sync'd between alpha and stable branches
+ - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
+ - [ ] Run `tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs`
+ - Make sure you have `requests` installed (e.g., `apt install python3-requests`)
+ - The first time you run this script you will need to generate an access token; the script will guide you
+ - `$updateArgs` should be these arguments, depending on what you actually updated:
+ - [ ] `--firefox`
+ - [ ] `--no-script`
+ - [ ] `--ublock`
+ - E.g., `tools/fetch-changelogs.py 41029 --date 'December 19 2023' --firefox 115.6.0esr --no-script 11.4.29 --ublock 1.54.0`
+ - `--date $date` is optional, if omitted it will be the date on which you run the command
+ - [ ] Copy the output of the script to the beginning of `ChangeLog-MB.txt` and adjust its output
+- [ ] Open MR with above changes, using the template for release preparations
- [ ] Merge
- [ ] Sign/Tag commit: `make mullvadbrowser-signtag-release`
- [ ] Push tag to `origin`
@@ -70,32 +83,6 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
</details>
-<details>
- <summary>QA</summary>
-
-### send the build
-
- - [ ] Email Mullvad QA: support(a)mullvad.net, rui(a)mullvad.net
- <details>
- <summary>email template</summary>
-
- Subject:
- New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (unsigned)
-
- Body:
- unsigned builds: https://tb-build-05.torproject.org/~$(BUILDER)/builds/mullvadbrowser/releas…
-
- changelog:
- ...
-
- </details>
-
- - ***(Optional)*** Add additional information:
- - [ ] Note any new functionality which needs testing
- - [ ] Link to any known issues
-
-</details>
-
<details>
<summary>Signing</summary>
@@ -192,4 +179,4 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
</details>
-/label ~"Release Prep"
+/label ~"Release Prep" ~"Sponsor 131"
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
=====================================
@@ -93,30 +93,22 @@
- [ ] Change the `version` to `$PIPELINEID`
- [ ] Update `sha256sum` in the `input_files` section
- [ ] Update `ChangeLog-TBB.txt`
- - [ ] Ensure ChangeLog-TBB.txt is sync'd between alpha and stable branches
+ - [ ] Ensure `ChangeLog-TBB.txt` is sync'd between alpha and stable branches
- [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
- - [ ] Run `tools/fetch-changelogs.py $(TOR_BROWSER_VERSION)` or `tools/fetch-changelogs.py '#$(ISSUE_NUMBER)'`
+ - [ ] Run `tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs`
- Make sure you have `requests` installed (e.g., `apt install python3-requests`)
- The first time you run this script you will need to generate an access token; the script will guide you
- - [ ] Copy the output of the script to the beginning of `ChangeLog-TBB.txt` and update its output
- - [ ] Version
- - [ ] Browser Name
- - [ ] Release Date
- - [ ] Under `All Platforms` include any version updates for:
- - NoScript
- - tor
- - OpenSSL
- - lyrebird
- - Snowflake
- - [ ] Under `Windows + macOS + Linux` include any version updates for:
- - Firefox
- - [ ] Under `Android` include any version updates for:
- - Geckoview
- - [ ] Under `Windows + Android` include any version updates for:
- - zlib
- - [ ] Under `Build System/All Platforms` include any version updates for:
- - Go
- - [ ] Open MR with above changes
+ - `$updateArgs` should be these arguments, depending on what you actually updated:
+ - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case)
+ - [ ] `--tor`
+ - [ ] `--no-script`
+ - [ ] `--openssl`
+ - [ ] `--zlib`
+ - [ ] `--go`
+ - E.g., `tools/fetch-changelogs.py 41028 --date 'December 19 2023' --firefox 115.6.0esr --tor 0.4.8.10 --no-script 11.4.29 --zlib 1.3 --go 1.21.5 --openssl 3.0.12`
+ - `--date $date` is optional, if omitted it will be the date on which you run the command
+ - [ ] Copy the output of the script to the beginning of `ChangeLog-TBB.txt` and adjust its output
+ - [ ] Open MR with above changes, using the template for release preparations
- [ ] Build the MR after initial review on at least two of:
- [ ] Tor Project build machine
- [ ] Mullvad build machine
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Stable.md
=====================================
@@ -45,10 +45,11 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
- [ ] Update `projects/translation/config`:
- [ ] run `make list_translation_updates-release` to get updated hashes
- - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch
- - [ ] `steps/base-browser-fluent/git_hash` : update with `HEAD` commit of project's `basebrowser-newidentityftl` branch
- - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch
- - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
+ - [ ] Update `projects/translation/config`:
+ - [ ] run `make list_translation_updates-alpha` to get updated hashes
+ - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch
+ - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch
+ - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
- [ ] Update Android-specific build configs
- [ ] Update `projects/geckoview/config`
- [ ] `browser_build` : update to match `tor-browser` tag
@@ -58,10 +59,9 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- [ ] ***(Optional)*** Update `projects/application-services/config`:
**NOTE** we don't currently have any of our own patches for this project
- [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)`
- - [ ] ***(Optional)*** Update `projects/android-components/config`:
- - [ ] `android_components_build` : update to match stable android-components tag
- - [ ] ***(Optional)*** Update `projects/fenix/config`
- - [ ] `fenix_build` : update to match fenix tag
+ - [ ] ***(Optional)*** Update `projects/firefox-android/config`:
+ - [ ] `fenix_version` : update to match alpha `firefox-android` build tag
+ - [ ] `browser_branch` : update to match alpha `firefox-android` build tag
- [ ] Update allowed_addons.json by running (from `tor-browser-build` root):
- `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
- [ ] Update common build configs
@@ -79,43 +79,39 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags
- [ ] ***(Optional)*** Update `projects/tor/config`
- [ ] `version` : update to latest non `-alpha` tag (ping dgoulet or ahf if unsure)
- - [ ] Check for go updates here : https://golang.org/dl
+ - [ ] Check for go updates here : https://go.dev/dl
- **NOTE** : Tor Browser Stable uses the latest of the *previous* Stable major series go version (apart from the transition phase from Tor Browser Alpha to Stable, in which case Tor Browser Stable may use the latest major series go version)
- [ ] ***(Optional)*** Update `projects/go/config`
- [ ] `version` : update go version
- [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page)
- - [ ] Check for manual updates by running (from `tor-browser-build` root): `./tools/fetch-manual.py`
- - [ ] ***(Optional)*** If new version is available:
- - [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to `tb-build-02.torproject.org`
- - [ ] Deploy to `tb-builder`'s `public_html` directory:
- - `sudo -u tb-builder cp manual_$PIPELINEID.zip ~/../tb-builder/public_html/.`
- - [ ] Update `projects/manual/config`:
- - [ ] Change the `version` to `$PIPELINEID`
- - [ ] Update `sha256sum` in the `input_files` section
-- [ ] Update `ChangeLog.txt`
- - [ ] Ensure ChangeLog.txt is sync'd between alpha and stable branches
+ - [ ] Check for manual updates by running (from `tor-browser-build` root): `./tools/fetch-manual.py`
+ - [ ] ***(Optional)*** If new version is available:
+ - [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to `tb-build-02.torproject.org`
+ - [ ] Deploy to `tb-builder`'s `public_html` directory:
+ - `sudo -u tb-builder cp manual_$PIPELINEID.zip ~/../tb-builder/public_html/.`
+ - [ ] Update `projects/manual/config`:
+ - [ ] Change the `version` to `$PIPELINEID`
+ - [ ] Update `sha256sum` in the `input_files` section
+- [ ] Update `ChangeLog-TBB.txt`
+ - [ ] Ensure `ChangeLog-TBB.txt` is sync'd between alpha and stable branches
- [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
- - [ ] Run `tools/fetch-changelogs.py $(TOR_BROWSER_VERSION)` or `tools/fetch-changelogs.py '#$(ISSUE_NUMBER)'`
+ - [ ] Run `tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs`
- Make sure you have `requests` installed (e.g., `apt install python3-requests`)
- The first time you run this script you will need to generate an access token; the script will guide you
- - [ ] Copy the output of the script to the beginning of `ChangeLog.txt` and adjust its output
- - **NOTE** : If you used the issue number, you will need to write the Tor Browser version manually
- - [ ] ***(Optional)*** Under `All Platforms` include any version updates for:
- - [ ] Translations
- - [ ] OpenSSL
- - [ ] NoScript
- - [ ] zlib
- - [ ] tor daemon
- - [ ] ***(Optional)*** Under `Windows + macOS + Linux` include updates for:
- - [ ] Firefox
- - [ ] ***(Optional)*** Under `Android`, include updates for:
- - [ ] Geckoview
- - [ ] ***(Optional)*** Under `Build System/All Platforms` include updates for:
- - [ ] Go
-- [ ] Open MR with above changes
+ - `$updateArgs` should be these arguments, depending on what you actually updated:
+ - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case)
+ - [ ] `--tor`
+ - [ ] `--no-script`
+ - [ ] `--openssl`
+ - [ ] `--zlib`
+ - [ ] `--go`
+ - E.g., `tools/fetch-changelogs.py 41028 --date 'December 19 2023' --firefox 115.6.0esr --tor 0.4.8.10 --no-script 11.4.29 --zlib 1.3 --go 1.21.5 --openssl 3.0.12`
+ - `--date $date` is optional, if omitted it will be the date on which you run the command
+ - [ ] Copy the output of the script to the beginning of `ChangeLog-TBB.txt` and adjust its output
+- [ ] Open MR with above changes, using the template for release preparations
- [ ] Merge
- [ ] Sign/Tag commit: `make torbrowser-signtag-release`
-- [ ] Push tag to `origin`
+- [ ] Push tag to `upstream`
- [ ] Begin build on `$(BUILD_SERVER)` (fix any issues in subsequent MRs)
- [ ] **TODO** Submit build-tag to Mullvad build infra
- [ ] Ensure builders have matching builds
=====================================
.gitlab/merge_request_templates/default.md
=====================================
@@ -43,16 +43,16 @@
- **localization** : henry, pierov
- **macos** : clairehurst, dan
- **nightly builds** : boklm
- - **rebases/release-prep** : dan, ma1, pierov, richard
+ - **rebases/release-prep** : boklm, dan, ma1, pierov, richard
- **security** : ma1
- **signing** : boklm, richard
- **updater** : pierov
- **misc/other** : pierov, richard
-#### Change Description
+### Change Description
<!-- Whatever context the reviewer needs to effectively review the patchset; if the patch includes UX updates be sure to include screenshots/video of how any new behaviour -->
#### How Tested
-<!-- Description of steps taken to verify the change -->
\ No newline at end of file
+<!-- Description of steps taken to verify the change -->
=====================================
.gitlab/merge_request_templates/relprep.md
=====================================
@@ -0,0 +1,15 @@
+## Merge Info
+
+### Related Issues
+
+- tor-browser-build#xxxxx
+- tor-browser-build#xxxxx
+
+## Review
+
+### Request Reviewer
+
+- [ ] Request review from a release engineer: boklm, dan, ma1, pierov, richard
+
+### Change Description
+
=====================================
tools/fetch-changelogs.py
=====================================
@@ -1,4 +1,5 @@
#!/usr/bin/env python3
+import argparse
from datetime import datetime
import enum
from pathlib import Path
@@ -23,6 +24,11 @@ project_order = {
}
+class EntryType(enum.IntFlag):
+ UPDATE = 0
+ ISSUE = 1
+
+
class Platform(enum.IntFlag):
WINDOWS = 8
MACOS = 4
@@ -32,40 +38,12 @@ class Platform(enum.IntFlag):
ALL_PLATFORMS = 8 | 4 | 2 | 1
-class Issue:
- def __init__(self, j):
- self.title = j["title"]
- self.project, self.number = (
- j["references"]["full"].rsplit("/", 2)[-1].split("#")
- )
- self.number = int(self.number)
- self.platform = 0
- self.num_platforms = 0
- if "Desktop" in j["labels"]:
- self.platform = Platform.DESKTOP
- self.num_platforms += 3
- else:
- if "Windows" in j["labels"]:
- self.platform |= Platform.WINDOWS
- self.num_platforms += 1
- if "MacOS" in j["labels"]:
- self.platform |= Platform.MACOS
- self.num_platforms += 1
- if "Linux" in j["labels"]:
- self.platform |= Platform.LINUX
- self.num_platforms += 1
- if "Android" in j["labels"]:
- if is_mb and self.num_platforms == 0:
- raise Exception(
- f"Android-only issue on Mullvad Browser: {j['references']['full']}!"
- )
- elif not is_mb:
- self.platform |= Platform.ANDROID
- self.num_platforms += 1
- if not self.platform or (is_mb and self.platform == Platform.DESKTOP):
- self.platform = Platform.ALL_PLATFORMS
- self.num_platforms = 4
- self.is_build = "Build System" in j["labels"]
+class ChangelogEntry:
+ def __init__(self, type_, platform, num_platforms, is_build):
+ self.type = type_
+ self.platform = platform
+ self.num_platforms = num_platforms
+ self.is_build = is_build
def get_platforms(self):
if self.platform == Platform.ALL_PLATFORMS:
@@ -81,15 +59,78 @@ class Issue:
platforms.append("Android")
return " + ".join(platforms)
- def __str__(self):
- return f"Bug {self.number}: {self.title} [{self.project}]"
-
def __lt__(self, other):
+ if self.type != other.type:
+ return self.type < other.type
+ if self.type == EntryType.UPDATE:
+ # Rely on sorting being stable on Python
+ return False
if self.project == other.project:
return self.number < other.number
return project_order[self.project] < project_order[other.project]
+class UpdateEntry(ChangelogEntry):
+ def __init__(self, name, version):
+ if name == "Firefox" and not is_mb:
+ platform = Platform.DESKTOP
+ num_platforms = 3
+ elif name == "GeckoView":
+ platform = Platform.ANDROID
+ num_platforms = 3
+ else:
+ platform = Platform.ALL_PLATFORMS
+ num_platforms = 4
+ super().__init__(
+ EntryType.UPDATE, platform, num_platforms, name == "Go"
+ )
+ self.name = name
+ self.version = version
+
+ def __str__(self):
+ return f"Updated {self.name} to {self.version}"
+
+
+class Issue(ChangelogEntry):
+ def __init__(self, j):
+ self.title = j["title"]
+ self.project, self.number = (
+ j["references"]["full"].rsplit("/", 2)[-1].split("#")
+ )
+ self.number = int(self.number)
+ platform = 0
+ num_platforms = 0
+ if "Desktop" in j["labels"]:
+ platform = Platform.DESKTOP
+ num_platforms += 3
+ else:
+ if "Windows" in j["labels"]:
+ platform |= Platform.WINDOWS
+ num_platforms += 1
+ if "MacOS" in j["labels"]:
+ platform |= Platform.MACOS
+ num_platforms += 1
+ if "Linux" in j["labels"]:
+ platform |= Platform.LINUX
+ num_platforms += 1
+ if "Android" in j["labels"]:
+ if is_mb and num_platforms == 0:
+ raise Exception(
+ f"Android-only issue on Mullvad Browser: {j['references']['full']}!"
+ )
+ elif not is_mb:
+ platform |= Platform.ANDROID
+ num_platforms += 1
+ if not platform or (is_mb and platform == Platform.DESKTOP):
+ platform = Platform.ALL_PLATFORMS
+ num_platforms = 4
+ is_build = "Build System" in j["labels"]
+ super().__init__(EntryType.ISSUE, platform, num_platforms, is_build)
+
+ def __str__(self):
+ return f"Bug {self.number}: {self.title} [{self.project}]"
+
+
def sorted_issues(issues):
issues = [sorted(v) for v in issues.values()]
return sorted(
@@ -99,8 +140,20 @@ def sorted_issues(issues):
)
-if len(sys.argv) < 2:
- print(f"Usage: {sys.argv[0]} version-to-release or #issue-id")
+parser = argparse.ArgumentParser()
+parser.add_argument("issue_version")
+parser.add_argument("--date", help="The date of the release")
+parser.add_argument("--firefox", help="New Firefox version (if we rebased)")
+parser.add_argument("--tor", help="New Tor version (if updated)")
+parser.add_argument("--no-script", help="New NoScript version (if updated)")
+parser.add_argument("--openssl", help="New OpenSSL version (if updated)")
+parser.add_argument("--ublock", help="New uBlock version (if updated)")
+parser.add_argument("--zlib", help="New zlib version (if updated)")
+parser.add_argument("--go", help="New Go version (if updated)")
+args = parser.parse_args()
+
+if not args.issue_version:
+ parser.print_help()
sys.exit(1)
token_file = Path(__file__).parent / ".changelogs_token"
@@ -121,7 +174,7 @@ with token_file.open() as f:
token = f.read().strip()
headers = {"PRIVATE-TOKEN": token}
-version = sys.argv[1]
+version = args.issue_version
r = requests.get(
f"{API_URL}/projects/{PROJECT_ID}/issues?labels=Release Prep",
headers=headers,
@@ -132,7 +185,7 @@ if r.status_code == 401:
issue = None
issues = []
for i in r.json():
- if i["title"].find(sys.argv[1]) != -1:
+ if i["title"].find(version) != -1:
issues.append(i)
if len(issues) == 1:
issue = issues[0]
@@ -172,20 +225,44 @@ iid = issue["iid"]
linked = {}
linked_build = {}
+
+
+def add_entry(entry):
+ target = linked_build if entry.is_build else linked
+ if entry.platform not in target:
+ target[entry.platform] = []
+ target[entry.platform].append(entry)
+
+
+if args.firefox:
+ add_entry(UpdateEntry("Firefox", args.firefox))
+ if not is_mb:
+ add_entry(UpdateEntry("GeckoView", args.firefox))
+if args.tor and not is_mb:
+ add_entry(UpdateEntry("Tor", args.tor))
+if args.no_script:
+ add_entry(UpdateEntry("NoScript", args.no_script))
+if not is_mb:
+ if args.openssl:
+ add_entry(UpdateEntry("OpenSSL", args.openssl))
+ if args.zlib:
+ add_entry(UpdateEntry("zlib", args.zlib))
+ if args.go:
+ add_entry(UpdateEntry("Go", args.go))
+elif args.ublock:
+ add_entry(UpdateEntry("uBlock Origin", args.ublock))
+
r = requests.get(
f"{API_URL}/projects/{PROJECT_ID}/issues/{iid}/links", headers=headers
)
for i in r.json():
- i = Issue(i)
- target = linked_build if i.is_build else linked
- if i.platform not in target:
- target[i.platform] = []
- target[i.platform].append(i)
+ add_entry(Issue(i))
+
linked = sorted_issues(linked)
linked_build = sorted_issues(linked_build)
name = "Mullvad" if is_mb else "Tor"
-date = datetime.now().strftime("%B %d %Y")
+date = args.date if args.date else datetime.now().strftime("%B %d %Y")
print(f"{name} Browser {version} - {date}")
for issues in linked:
print(f" * {issues[0].get_platforms()}")
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/…
You're receiving this email because of your account on gitlab.torproject.org.
richard pushed to branch mullvad-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser
Commits:
ac803556 by Pier Angelo Vendrame at 2023-12-13T18:52:20+01:00
MB 38: Mullvad Browser configuration
- - - - -
d47f9791 by Pier Angelo Vendrame at 2023-12-13T18:52:22+01:00
MB 1: Mullvad Browser branding
See also:
mullvad-browser#5: Product name and directory customization
mullvad-browser#12: Create new branding directories and integrate Mullvad icons+branding
mullvad-browser#14: Remove Default Built-in bookmarks
mullvad-browser#35: Add custom PDF icons for Windows builds
mullvad-browser#48: Replace Mozilla copyright and legal trademarks in mullvadbrowser.exe metadata
mullvad-browser#51: Update trademark string
mullvad-browser#104: Update shipped dll metadata copyright/licensing info
mullvad-browser#107: Add alpha and nightly icons
- - - - -
a19a5d74 by Pier Angelo Vendrame at 2023-12-13T18:52:22+01:00
MB 20: Allow packaged-addons in PBM.
We install a few addons from the distribution directory, but they are
not automatically enabled for PBM mode.
This commit modifies the code that installs them to also add the PBM
permission to the known ones.
- - - - -
da9dd1b9 by Pier Angelo Vendrame at 2023-12-13T18:52:23+01:00
MB 63: Customize some about pages for Mullvad Browser
Also:
mullvad-browser#57: Purge unneeded about: pages
- - - - -
f4ee6733 by Pier Angelo Vendrame at 2023-12-13T18:52:23+01:00
MB 37: Customization for the about dialog
- - - - -
1979d0b1 by Henry Wilkes at 2023-12-13T18:52:23+01:00
MB 39: Add home page about:mullvad-browser
- - - - -
895b814b by hackademix at 2023-12-13T18:52:24+01:00
MB 97: Remove UI cues to install new extensions.
- - - - -
fc43b802 by hackademix at 2023-12-13T18:52:24+01:00
MB 47: uBlock Origin customization
- - - - -
2927cde3 by Pier Angelo Vendrame at 2023-12-13T18:52:25+01:00
MB 21: Disable the password manager
This commit disables the about:login page and removes the "Login and
Password" section of about:preferences.
We do not do anything to the real password manager of Firefox, that is
in toolkit: it contains C++ parts that make it difficult to actually
prevent it from being built..
Finally, we modify the the function that opens about:login to report an
error in the console so that we can quickly get a backtrace to the code
that tries to use it.
- - - - -
2f3ec998 by Pier Angelo Vendrame at 2023-12-13T18:52:25+01:00
MB 87: Disable the default browser box on Windows and Linux
Windows and Linux will be distributed only as portable apps at the
beginning, so they should not be settable as default browsers.
We will need to improve the logic once we decide to ship system-wide
installers, too.
- - - - -
128515f1 by Pier Angelo Vendrame at 2023-12-13T18:52:25+01:00
MB 112: Updater customization for Mullvad Browser
MB 71: Set the updater base URL to Mullvad domain
- - - - -
8aafa1f1 by Nicolas Vigier at 2023-12-13T18:52:26+01:00
MB 79: Add Mullvad Browser MAR signing keys
- - - - -
e773d5c2 by Pier Angelo Vendrame at 2023-12-13T18:52:26+01:00
MB 34: Hide unsafe and unwanted preferences UI
about:preferences allow to override some of our defaults, that could
be fingeprintable or have some other unwanted consequences.
- - - - -
712b5242 by Pier Angelo Vendrame at 2023-12-13T18:52:26+01:00
MB 160: Disable the cookie exceptions button
Besides disabling the "Delete on close checkbox", disable also the
"Manage Exceptions" button when always using PBM.
- - - - -
908ad1ac by hackademix at 2023-12-13T18:52:27+01:00
MB 163: prevent uBlock Origin from being uninstalled/disabled
- - - - -
b89c5f55 by Richard Pospesel at 2023-12-13T18:52:27+01:00
MB 188: Customize Gitlab Issue and Merge templates
- - - - -
8cb00edd by rui hildt at 2023-12-13T18:52:27+01:00
MB 213: Customize the search engines list
- - - - -
86608d0d by hackademix at 2023-12-13T18:52:28+01:00
MB 214: Enable cross-tab identity leak protection in "quiet" mode
- - - - -
30 changed files:
- + .gitlab/issue_templates/Rebase Browser - Alpha.md
- + .gitlab/issue_templates/Rebase Browser - Stable.md
- .gitlab/merge_request_templates/default.md
- browser/app/Makefile.in
- browser/app/macbuild/Contents/Info.plist.in
- browser/app/module.ver
- browser/app/firefox.exe.manifest → browser/app/mullvadbrowser.exe.manifest
- + browser/app/profile/000-mullvad-browser.js
- browser/app/profile/001-base-profile.js
- browser/base/content/aboutDialog.xhtml
- browser/base/content/appmenu-viewcache.inc.xhtml
- browser/base/content/browser-menubar.inc
- browser/base/content/browser-places.js
- browser/base/content/browser.js
- browser/base/content/default-bookmarks.html
- browser/base/content/nsContextMenu.js
- browser/base/content/overrides/app-license.html
- browser/base/content/pageinfo/pageInfo.xhtml
- browser/base/content/utilityOverlay.js
- browser/branding/branding-common.mozbuild
- + browser/branding/mb-alpha/VisualElements_150.png
- + browser/branding/mb-alpha/VisualElements_70.png
- + browser/branding/mb-alpha/configure.sh
- + browser/branding/mb-alpha/content/about-logo.png
- + browser/branding/mb-alpha/content/about-logo.svg
- + browser/branding/mb-alpha/content/about-logo(a)2x.png
- + browser/branding/mb-alpha/content/about-wordmark.svg
- + browser/branding/mb-alpha/content/about.png
- + browser/branding/mb-alpha/content/aboutDialog.css
- + browser/branding/mb-alpha/content/firefox-wordmark.svg
The diff was not included because it is too large.
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/ae…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/ae…
You're receiving this email because of your account on gitlab.torproject.org.
Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.0-1 at The Tor Project / Applications / Tor Browser
Commits:
d8b47d80 by Pier Angelo Vendrame at 2023-12-13T17:34:16+01:00
fixup! Bug 23247: Communicating security expectations for .onion
Bug 42334: Adapt our self-signed patch to Bug 1611381
Bug 1611381 introduced a few changes to catch more self-signed
certificates. As a result, we risk of accepting some cases different
than unknown issuer for .onion certificates, such as bad signature or
invalid use for a certificate.
It makes sense to still display an error for such cases, and to keep
accepting only unknown issuers.
- - - - -
1 changed file:
- security/certverifier/CertVerifier.cpp
Changes:
=====================================
security/certverifier/CertVerifier.cpp
=====================================
@@ -865,12 +865,15 @@ Result CertVerifier::VerifySSLServerCert(
// find other certificates with the same subject but different keys, and
// the certificate is self-signed.
if (StringEndsWith(hostname, ".onion"_ns)) {
- // Self signed cert over onion is deemed secure, the hidden service
- // provides authentication. We defer returning this error and keep
- // processing to determine if there are other legitimate certificate
- // errors (such as expired, wrong domain) that we would like to surface
- // to the user
- errOnionWithSelfSignedCert = true;
+ // Self signed cert over onion is deemed secure in some cases, as the
+ // onion service provides encryption.
+ // Firefox treats some errors as self-signed certificates and it allows
+ // to override them. For Onion services, we prefer being stricter, and
+ // we return the original errors.
+ // Moreover, we need also to determine if there are other legitimate
+ // certificate errors (such as expired, wrong domain) that we would like
+ // to surface to the user.
+ errOnionWithSelfSignedCert = rv == Result::ERROR_UNKNOWN_ISSUER;
} else {
return Result::ERROR_SELF_SIGNED_CERT;
}
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d8b47d8…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d8b47d8…
You're receiving this email because of your account on gitlab.torproject.org.