morgan pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
4c1be3be by Morgan at 2024-11-18T22:17:10+00:00
Update release prep issue templates
- added directions on using the ./tools/browser/sign-tag script
- removed some extraneous checkboxes
- made Run: directives consistent
- fixed some typos
- - - - -
5 changed files:
- .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
- .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md
- .gitlab/issue_templates/Release Prep - Tor Browser Stable.md
Changes:
=====================================
.gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md
=====================================
@@ -41,13 +41,17 @@
- [ ] Tag `mullvad-browser` commit:
- **example**: `mullvad-browser-128.4.0esr-14.5-1-build1`
+ - Run:
+ ```bash
+ ./tools/browser/sign-tag.mullvadbrowser alpha ${BUILD_N}
+ ```
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
Mullvad Browser Alpha (and Nightly) are on the `main` branch
- [ ] Changelog bookkeeping:
- - [ ] Ensure all commits to `mullvad-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue
- - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels
+ - Ensure all commits to `mullvad-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue
+ - Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels
- [ ] Create a release preparation branch from the `main` branch
- [ ] Run release preparation script:
- **NOTE**: You can omit the `--mullvad-browser` argument if this is for a joint Tor and Mullvad Browser release
@@ -71,24 +75,24 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch
- [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch
- [ ] `steps/mullvad-browser/git_hash`: updated with `HEAD` commit of project's `mullvad-browser` branch
- [ ] ***(Optional)*** `projects/browser/config`:
- - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript
+ - [ ] ***(Optional)*** NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript
- [ ] `URL` updated
- **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url
- [ ] `sha256sum` updated
- - [ ] uBlock-origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin
+ - [ ] ***(Optional)*** uBlock-origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin
- [ ] `URL` updated
- **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url
- [ ] `sha256sum` updated
- - [ ] Mullvad Browser extension: https://github.com/mullvad/browser-extension/releases
+ - [ ] ***(Optional)*** Mullvad Browser extension: https://github.com/mullvad/browser-extension/releases
- [ ] `URL` updated
- [ ] `sha256sum` updated
- [ ] `ChangeLog-MB.txt`: ensure correctness
- - [ ] Browser name correct
- - [ ] Release date correct
- - [ ] No Android updates
- - [ ] All issues added under correct platform
- - [ ] ESR updates correct
- - [ ] Component updates correct
+ - Browser name correct
+ - Release date correct
+ - No Android updates
+ - All issues added under correct platform
+ - ESR updates correct
+ - Component updates correct
- [ ] Open MR with above changes, using the template for release preparations
- **NOTE**: target the `main` branch
- [ ] Merge
@@ -99,13 +103,13 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch
- ma1
- morgan
- pierov
- - [ ] Run:
+ - Run:
```bash
make mullvadbrowser-signtag-alpha
```
- - [ ] Push tag to `upstream`
+- [ ] Push tag to `upstream`
- [ ] Build the tag:
- - [ ] Run:
+ - Run:
```bash
make mullvadbrowser-alpha && make mullvadbrowser-incrementals-alpha
```
@@ -113,8 +117,8 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch
- [ ] Local developer machine
- [ ] Submit build request to Mullvad infrastructure:
- **NOTE** this requires a devmole authentication token
- - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit
- - [ ] Run:
+ - **NOTE** this also requires you be connected to Gothenburg Mulvad VPN exit `se-got-wg-101`
+ - Run:
```bash
make mullvadbrowser-kick-devmole-build
```
@@ -148,7 +152,7 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch
- `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases
- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script:
- - [ ] Run:
+ - Run:
```bash
cd tor-browser-build/tools/signing/ && ./do-all-signing.mullvadbrowser
```
@@ -162,7 +166,7 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch
### website
- [ ] On `staticiforme.torproject.org`, remove old release and publish new:
- [ ] `/srv/dist-master.torproject.org/htdocs/mullvadbrowser`
- - [ ] Run:
+ - Run:
```bash
static-update-component dist.torproject.org
```
@@ -200,7 +204,7 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch
- Mullvad support alias: support(a)mullvadvpn.net
- Rui Hildt: rui(a)mullvad.net
```
- support(a)mullvadvpn.net rui(a)mullvad.net
+ support(a)mullvadvpn.net, rui(a)mullvad.net,
```
- **Subject**
```
@@ -228,7 +232,7 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch
- arch package maintainer: bootctl(a)gmail.com
- nixOS package maintainer: dev(a)felschr.com
```
- proletarius101(a)protonmail.com bootctl(a)gmail.com dev(a)felschr.com
+ proletarius101(a)protonmail.com, bootctl(a)gmail.com, dev(a)felschr.com,
```
- **Subject**
```
=====================================
.gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
=====================================
@@ -41,13 +41,17 @@
- [ ] Tag `mullvad-browser` commit:
- **example**: `mullvad-browser-128.3.0esr-14.0-1-build1`
+ - Run:
+ ```bash
+ ./tools/browser/sign-tag.mullvadbrowser stable ${BUILD_N}
+ ```
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
Mullvad Browser Stable is on the `maint-${MULLVAD_BROWSER_MAJOR}.${MULLVAD_BROWSER_MINOR}` branch
- [ ] Changelog bookkeeping:
- - [ ] Ensure all commits to `mullvad-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue
- - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels
+ - Ensure all commits to `mullvad-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue
+ - Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels
- [ ] Create a release preparation branch from the current `maint-XX.Y` branch
- [ ] Run release preparation script:
- **NOTE**: You can omit the `--mullvad-browser` argument if this is for a joint Tor and Mullvad Browser release
@@ -71,24 +75,24 @@ Mullvad Browser Stable is on the `maint-${MULLVAD_BROWSER_MAJOR}.${MULLVAD_BROWS
- [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch
- [ ] `steps/mullvad-browser/git_hash`: updated with `HEAD` commit of project's `mullvad-browser` branch
- [ ] ***(Optional)*** `projects/browser/config`:
- - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript
+ - [ ] ***(Optional)*** NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript
- [ ] `URL` updated
- **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url
- [ ] `sha256sum` updated
- - [ ] uBlock-origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin
+ - [ ] ***(Optional)*** uBlock-origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin
- [ ] `URL` updated
- **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url
- [ ] `sha256sum` updated
- - [ ] Mullvad Browser extension: https://github.com/mullvad/browser-extension/releases
+ - [ ] ***(Optional)*** Mullvad Browser extension: https://github.com/mullvad/browser-extension/releases
- [ ] `URL` updated
- [ ] `sha256sum` updated
- [ ] `ChangeLog-MB.txt`: ensure correctness
- - [ ] Browser name correct
- - [ ] Release date correct
- - [ ] No Android updates
- - [ ] All issues added under correct platform
- - [ ] ESR updates correct
- - [ ] Component updates correct
+ - Browser name correct
+ - Release date correct
+ - No Android updates
+ - All issues added under correct platform
+ - ESR updates correct
+ - Component updates correct
- [ ] Open MR with above changes, using the template for release preparations
- **NOTE**: target the `maint-14.0` branch
- [ ] Merge
@@ -99,22 +103,22 @@ Mullvad Browser Stable is on the `maint-${MULLVAD_BROWSER_MAJOR}.${MULLVAD_BROWS
- ma1
- morgan
- pierov
- - [ ] Run:
+ - Run:
```bash
make mullvadbrowser-signtag-release
```
- - [ ] Push tag to `upstream`
+- [ ] Push tag to `upstream`
- [ ] Build the tag:
- - [ ] Run:
+ - Run:
```bash
make mullvadbrowser-release && make mullvadbrowser-incrementals-release
```
- - [ ] Tor Project build machine
- - [ ] Local developer machine
+ - Tor Project build machine
+ - Local developer machine
- [ ] Submit build request to Mullvad infrastructure:
- **NOTE** this requires a devmole authentication token
- - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit
- - [ ] Run:
+ - **NOTE** this also requires you be connected to Gothenburg Mulvad VPN exit `se-got-wg-101`
+ - Run:
```bash
make mullvadbrowser-kick-devmole-build
```
@@ -148,7 +152,7 @@ Mullvad Browser Stable is on the `maint-${MULLVAD_BROWSER_MAJOR}.${MULLVAD_BROWS
- `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases
- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script:
- - [ ] Run:
+ - Run:
```bash
cd tor-browser-build/tools/signing/ && ./do-all-signing.mullvadbrowser
```
@@ -162,7 +166,7 @@ Mullvad Browser Stable is on the `maint-${MULLVAD_BROWSER_MAJOR}.${MULLVAD_BROWS
### website
- [ ] On `staticiforme.torproject.org`, remove old release and publish new:
- [ ] `/srv/dist-master.torproject.org/htdocs/mullvadbrowser`
- - [ ] Run:
+ - Run:
```bash
static-update-component dist.torproject.org
```
@@ -200,7 +204,7 @@ Mullvad Browser Stable is on the `maint-${MULLVAD_BROWSER_MAJOR}.${MULLVAD_BROWS
- Mullvad support alias: support(a)mullvadvpn.net
- Rui Hildt: rui(a)mullvad.net
```
- support(a)mullvadvpn.net rui(a)mullvad.net
+ support(a)mullvadvpn.net, rui(a)mullvad.net
```
- **Subject**
```
@@ -227,7 +231,7 @@ Mullvad Browser Stable is on the `maint-${MULLVAD_BROWSER_MAJOR}.${MULLVAD_BROWS
- arch package maintainer: bootctl(a)gmail.com
- nixOS package maintainer: dev(a)felschr.com
```
- proletarius101(a)protonmail.com bootctl(a)gmail.com dev(a)felschr.com
+ proletarius101(a)protonmail.com, bootctl(a)gmail.com, dev(a)felschr.com,
```
- **Subject**
```
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
=====================================
@@ -41,13 +41,17 @@
- [ ] Tag `tor-browser` in tor-browser.git
- **example**: `tor-browser-128.4.0esr-14.5-1-build1`
+ - Run:
+ ```bash
+ ./tools/browser/sign-tag.torbrowser alpha ${BUILD_N}
+ ```
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
Tor Browser Alpha (and Nightly) are on the `main` branch
- [ ] Changelog bookkeeping:
- - [ ] Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue
- - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Android, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels
+ - Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue
+ - Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Android, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels
- [ ] Create a release preparation branch from the `main` branch
- [ ] Run release preparation script:
- **NOTE**: You can omit the `--tor-browser` argument if this is for a jointt Tor and Mullvad Browser release
@@ -75,7 +79,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
- [ ] `steps/tor-browser/git_hash`: updated with `HEAD` commit of project's `tor-browser` branch
- [ ] `steps/fenix/git_hash`: updated with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
- [ ] ***(Optional)*** `projects/browser/config`:
- - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript
+ - [ ] ***(Optional)*** NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript
- [ ] `URL` updated
- **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url
- [ ] `sha256sum` updated
@@ -101,18 +105,18 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
- [ ] `input_files/shasum` for `manual`: updated to manual hash
- [ ] Upload the downloaded `manual_${PIPELINEID}.zip` file to `tb-build-02.torproject.org`
- [ ] Deploy to `tb-builder`'s `public_html` directory:
- - [ ] Run:
+ - Run:
```bash
sudo -u tb-builder cp manual_${PIPELINEID}.zip ~tb-builder/public_html/.
```
- `sudo` documentation for TPO machines: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts#changingres…
- [ ] `ChangeLog-TBB.txt`: ensure correctness
- - [ ] Browser name correct
- - [ ] Release date correct
- - [ ] No Android updates on a desktop-only release and vice-versa
- - [ ] All issues added under correct platform
- - [ ] ESR updates correct
- - [ ] Component updates correct
+ - Browser name correct
+ - Release date correct
+ - No Android updates on a desktop-only release and vice-versa
+ - All issues added under correct platform
+ - ESR updates correct
+ - Component updates correct
- [ ] Open MR with above changes, using the template for release preparations
- **NOTE**: target the `main` branch
- [ ] Merge
@@ -123,13 +127,13 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
- ma1
- morgan
- pierov
- - [ ] Run:
+ - Run:
```bash
make torbrowser-signtag-alpha
```
- - [ ] Push tag to `upstream`
+- [ ] Push tag to `upstream`
- [ ] Build the tag:
- - [ ] Run:
+ - Run:
```bash
make torbrowser-alpha && make torbrowser-incrementals-alpha
```
@@ -137,8 +141,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
- [ ] Local developer machine
- [ ] Submit build request to Mullvad infrastructure:
- **NOTE** this requires a devmole authentication token
- - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit
- - [ ] Run:
+ - **NOTE** this also requires you be connected to Gothenburg Mulvad VPN exit `se-got-wg-101`
+ - Run:
```bash
make torbrowser-kick-devmole-build
```
@@ -160,9 +164,14 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
- **⚠️ WARNING**: Do not deploy yet!
### blog: https://gitlab.torproject.org/tpo/web/blog.git
- - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory)
- - [ ] Note any ESR update
- - [ ] Thank any users which have contributed patches
+ - [ ] Generate release blog post
+ - Run:
+ ```bash
+ ./tools/signing/create-blog-post.torbrowser
+ ```
+ - **NOTE** this script creates the new blog post from a template (edit `./tools/signing/set-config.blog` to set you local blog directory)
+ - [ ] **(Optional)** Note any ESR update
+ - [ ] **(Optional)** Thank any users which have contributed patches
- [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc
- [ ] Push to origin as new branch and open MR
- [ ] Review
@@ -198,7 +207,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
- `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases
- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script:
- - [ ] Run:
+ - Run:
```bash
cd tor-browser-build/tools/signing/ && ./do-all-signing.torbrowser
```
@@ -244,14 +253,14 @@ popd
### website
- [ ] On `staticiforme.torproject.org`, static update components:
- - [ ] Run:
+ - Run:
```bash
static-update-component cdn.torproject.org && static-update-component dist.torproject.org
```
- [ ] Deploy `tor-website` MR
- [ ] Deploy `tor-blog` MR
- [ ] On `staticiforme.torproject.org`, enable update responses:
- - [ ] Run:
+ - Run:
```bash
sudo -u tb-release ./deploy_update_responses-alpha.sh
```
@@ -259,7 +268,7 @@ popd
- **NOTE**: Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc)
- [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
- [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
- - [ ] Run:
+ - Run:
```bash
static-update-component cdn.torproject.org && static-update-component dist.torproject.org
```
@@ -314,7 +323,7 @@ popd
- torbrowser-launcher: mail(a)asciiwolf.com <!-- Gitlab user asciiwolf -->
- Anti-Censorship: meskio(a)torproject.org <!-- Gitlab user meskio -->
```
- tails-dev(a)boum.org nathan(a)guardianproject.info freebsd(a)sysctl.cz caspar(a)schutijser.com mail(a)asciiwolf.com meskio(a)torproject.org
+ tails-dev(a)boum.org, nathan(a)guardianproject.info, freebsd(a)sysctl.cz, caspar(a)schutijser.com, mail(a)asciiwolf.com, meskio(a)torproject.org,
```
- **Subject**
```
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Legacy.md
=====================================
@@ -40,13 +40,17 @@
- [ ] Tag `tor-browser` in tor-browser.git
- **example**: `tor-browser-115.17.0esr-13.5-1-build1`
+ - Run:
+ ```bash
+ ./tools/browser/sign-tag.torbrowser legacy ${BUILD_N}
+ ```
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
Tor Browser Legacy is on the `maint-13.5` branch
- [ ] Changelog bookkeeping:
- - [ ] Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue
- - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels
+ - Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue
+ - Ensure each issue has a platform (~Windows, ~MacOS, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels
- [ ] Create a release preparation branch from the `maint-13.5` branch
- [ ] Run release preparation script:
- **⚠️ WARNING**: You may need to manually update the `firefox/config` file's `browser_build` field if `tor-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged)
@@ -69,7 +73,7 @@ Tor Browser Legacy is on the `maint-13.5` branch
- [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch
- [ ] `steps/tor-browser/git_hash`: updated with `HEAD` commit of project's `tor-browser` branch
- [ ] ***(Optional)*** `projects/browser/config`:
- - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript
+ - [ ] ***(Optional)*** NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript
- [ ] `URL` updated
- **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url
- [ ] `sha256sum` updated
@@ -94,18 +98,18 @@ Tor Browser Legacy is on the `maint-13.5` branch
- [ ] `input_files/shasum` for `manual`: updated to manual hash
- [ ] Upload the downloaded `manual_${PIPELINEID}.zip` file to `tb-build-02.torproject.org`
- [ ] Deploy to `tb-builder`'s `public_html` directory:
- - [ ] Run:
+ - Run:
```bash
sudo -u tb-builder cp manual_${PIPELINEID}.zip ~tb-builder/public_html/.
```
- `sudo` documentation for TPO machines: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts#changingres…
- [ ] `ChangeLog-TBB.txt`: ensure correctness
- - [ ] Browser name correct
- - [ ] Release date correct
- - [ ] No Android updates
- - [ ] All issues added under correct platform
- - [ ] ESR updates correct
- - [ ] Component updates correct
+ - Browser name correct
+ - Release date correct
+ - No Android updates
+ - All issues added under correct platform
+ - ESR updates correct
+ - Component updates correct
- [ ] Open MR with above changes, using the template for release preparations
- **NOTE**: target the `maint-13.5` branch
- [ ] Merge
@@ -116,13 +120,13 @@ Tor Browser Legacy is on the `maint-13.5` branch
- ma1
- morgan
- pierov
- - [ ] Run:
+ - Run:
```bash
make torbrowser-signtag-release
```
- - [ ] Push tag to `upstream`
+- [ ] Push tag to `upstream`
- [ ] Build the tag:
- - [ ] Run:
+ - Run:
```bash
make torbrowser-release && make torbrowser-incrementals-release
```
@@ -130,8 +134,8 @@ Tor Browser Legacy is on the `maint-13.5` branch
- [ ] Local developer machine
- [ ] Submit build request to Mullvad infrastructure:
- **NOTE** this requires a devmole authentication token
- - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit
- - [ ] Run:
+ - **NOTE** this also requires you be connected to Gothenburg Mulvad VPN exit `se-got-wg-101`
+ - Run:
```bash
make torbrowser-kick-devmole-build
```
@@ -142,9 +146,14 @@ Tor Browser Legacy is on the `maint-13.5` branch
<summary>Website</summary>
### blog: https://gitlab.torproject.org/tpo/web/blog.git
- - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory)
- - [ ] Note any ESR update
- - [ ] Thank any users which have contributed patches
+ - [ ] Generate release blog post
+ - Run:
+ ```bash
+ ./tools/signing/create-blog-post.torbrowser
+ ```
+ - **NOTE** this script creates the new blog post from a template (edit `./tools/signing/set-config.blog` to set you local blog directory)
+ - [ ] **(Optional)** Note any ESR update
+ - [ ] **(Optional)** Thank any users which have contributed patches
- [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc
- [ ] Push to origin as new branch and open MR
- [ ] Review
@@ -178,7 +187,7 @@ Tor Browser Legacy is on the `maint-13.5` branch
- `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases
- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script:
- - [ ] Run:
+ - Run:
```bash
cd tor-browser-build/tools/signing/ && ./do-all-signing.torbrowser
```
@@ -224,7 +233,7 @@ popd
### website
- [ ] On `staticiforme.torproject.org`, static update components:
- - [ ] Run:
+ - Run:
```bash
static-update-component cdn.torproject.org && static-update-component dist.torproject.org
```
@@ -233,7 +242,7 @@ popd
- **NOTE**: Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc)
- [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
- [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
- - [ ] Run:
+ - Run:
```bash
static-update-component cdn.torproject.org && static-update-component dist.torproject.org
```
@@ -247,12 +256,12 @@ popd
- [ ] `var/torbrowser_legacy_platform_version`: update to `${ESR_VERSION}`
- **NOTE** this is ESR version for the legacy branch, not the 14.0 branch
- [ ] Generate update responses:
- - [ ] Run:
+ - Run:
```bash
make torbrowser-update_responses-release
```
- [ ] Commit new update responses to tor-browser-update-responses.git:
- - [ ] Run:
+ - Run:
```bash
updaterespdir=/path/to/tor-browser-update-responses.git
cp torbrowser/release/update-responses/update-responses-release-${TOR_BROWSER_VERSION}.tar "$updaterespdir"
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Stable.md
=====================================
@@ -41,13 +41,17 @@
- [ ] Tag `tor-browser` in tor-browser.git
- **example**: `tor-browser-128.4.0esr-14.0-1-build1`
+ - Run:
+ ```bash
+ ./tools/browser/sign-tag.torbrowser stable ${BUILD_N}
+ ```
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
Tor Browser Stable is on the `maint-${TOR_BROWSER_MAJOR}.${TOR_BROWSER_MINOR}` branch
- [ ] Changelog bookkeeping:
- - [ ] Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue
- - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Android, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels
+ - Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue
+ - Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Android, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels
- [ ] Create a release preparation branch from the current `maint-XX.Y` branch
- [ ] Run release preparation script:
- **NOTE**: You can omit the `--tor-browser` argument if this is for a joint Tor and Mullvad Browser release
@@ -64,9 +68,9 @@ Tor Browser Stable is on the `maint-${TOR_BROWSER_MAJOR}.${TOR_BROWSER_MINOR}` b
- [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from`: updated to previous Desktop version
- **NOTE**: We try to build incrementals for the previous 3 desktop versions
- **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail
-- [ ] `projects/firefox/config`
- - [ ] `browser_build`: updated to match `tor-browser` tag
- - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased
+ - [ ] `projects/firefox/config`
+ - [ ] `browser_build`: updated to match `tor-browser` tag
+ - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased
- [ ] `projects/geckoview/config`
- [ ] `browser_build`: updated to match `tor-browser` tag
- [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased
@@ -75,7 +79,7 @@ Tor Browser Stable is on the `maint-${TOR_BROWSER_MAJOR}.${TOR_BROWSER_MINOR}` b
- [ ] `steps/tor-browser/git_hash`: updated with `HEAD` commit of project's `tor-browser` branch
- [ ] `steps/fenix/git_hash`: updated with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
- [ ] ***(Optional)*** `projects/browser/config`:
- - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript
+ - [ ] ***(Optional)*** NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript
- [ ] `URL` updated
- **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url
- [ ] `sha256sum` updated
@@ -101,18 +105,18 @@ Tor Browser Stable is on the `maint-${TOR_BROWSER_MAJOR}.${TOR_BROWSER_MINOR}` b
- [ ] `input_files/shasum` for `manual`: updated to manual hash
- [ ] Upload the downloaded `manual_${PIPELINEID}.zip` file to `tb-build-02.torproject.org`
- [ ] Deploy to `tb-builder`'s `public_html` directory:
- - [ ] Run:
+ - Run:
```bash
sudo -u tb-builder cp manual_${PIPELINEID}.zip ~tb-builder/public_html/.
```
- `sudo` documentation for TPO machines: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts#changingres…
- [ ] `ChangeLog-TBB.txt`: ensure correctness
- - [ ] Browser name correct
- - [ ] Release date correct
- - [ ] No Android updates on a desktop-only release and vice-versa
- - [ ] All issues added under correct platform
- - [ ] ESR updates correct
- - [ ] Component updates correct
+ - Browser name correct
+ - Release date correct
+ - No Android updates on a desktop-only release and vice-versa
+ - All issues added under correct platform
+ - ESR updates correct
+ - Component updates correct
- [ ] Open MR with above changes, using the template for release preparations
- **NOTE**: target the `maint-14.0` branch
- [ ] Merge
@@ -123,22 +127,22 @@ Tor Browser Stable is on the `maint-${TOR_BROWSER_MAJOR}.${TOR_BROWSER_MINOR}` b
- ma1
- morgan
- pierov
- - [ ] Run:
+ - Run:
```bash
make torbrowser-signtag-release
```
- - [ ] Push tag to `upstream`
+- [ ] Push tag to `upstream`
- [ ] Build the tag:
- - [ ] Run:
+ - Run:
```bash
make torbrowser-release && make torbrowser-incrementals-release
```
- - [ ] Tor Project build machine
- - [ ] Local developer machine
+ - Tor Project build machine
+ - Local developer machine
- [ ] Submit build request to Mullvad infrastructure:
- **NOTE** this requires a devmole authentication token
- - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit
- - [ ] Run:
+ - **NOTE** this also requires you be connected to Gothenburg Mulvad VPN exit `se-got-wg-101`
+ - Run:
```bash
make torbrowser-kick-devmole-build
```
@@ -160,9 +164,14 @@ Tor Browser Stable is on the `maint-${TOR_BROWSER_MAJOR}.${TOR_BROWSER_MINOR}` b
- **⚠️ WARNING**: Do not deploy yet!
### blog: https://gitlab.torproject.org/tpo/web/blog.git
- - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory)
- - [ ] Note any ESR update
- - [ ] Thank any users which have contributed patches
+ - [ ] Generate release blog post
+ - Run:
+ ```bash
+ ./tools/signing/create-blog-post.torbrowser
+ ```
+ - **NOTE** this script creates the new blog post from a template (edit `./tools/signing/set-config.blog` to set you local blog directory)
+ - [ ] **(Optional)** Note any ESR update
+ - [ ] **(Optional)** Thank any users which have contributed patches
- [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc
- [ ] Push to origin as new branch and open MR
- [ ] Review
@@ -201,7 +210,7 @@ Tor Browser Stable is on the `maint-${TOR_BROWSER_MAJOR}.${TOR_BROWSER_MINOR}` b
- `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases
- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script:
- - [ ] Run:
+ - Run:
```bash
cd tor-browser-build/tools/signing/ && ./do-all-signing.torbrowser
```
@@ -247,14 +256,14 @@ popd
### website
- [ ] On `staticiforme.torproject.org`, static update components:
- - [ ] Run:
+ - Run:
```bash
static-update-component cdn.torproject.org && static-update-component dist.torproject.org
```
- [ ] Deploy `tor-website` MR
- [ ] Deploy `tor-blog` MR
- [ ] On `staticiforme.torproject.org`, enable update responses:
- - [ ] Run:
+ - Run:
```bash
sudo -u tb-release ./deploy_update_responses-release.sh
```
@@ -262,7 +271,7 @@ popd
- **NOTE**: Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc)
- [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
- [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
- - [ ] Run:
+ - Run:
```bash
static-update-component cdn.torproject.org && static-update-component dist.torproject.org
```
@@ -317,7 +326,7 @@ popd
- torbrowser-launcher: mail(a)asciiwolf.com <!-- Gitlab user asciiwolf -->
- Anti-Censorship: meskio(a)torproject.org <!-- Gitlab user meskio -->
```
- tails-dev(a)boum.org nathan(a)guardianproject.info freebsd(a)sysctl.cz caspar(a)schutijser.com mail(a)asciiwolf.com meskio(a)torproject.org
+ tails-dev(a)boum.org, nathan(a)guardianproject.info, freebsd(a)sysctl.cz, caspar(a)schutijser.com, mail(a)asciiwolf.com, meskio(a)torproject.org,
```
- **Subject**
```
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4…
You're receiving this email because of your account on gitlab.torproject.org.
morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build
Commits:
a5003c49 by Morgan at 2024-11-18T21:54:33+00:00
Bug 41300: Add bea, clairehurst, and jwilde to tb_builders
- - - - -
1 changed file:
- tools/signing/set-config
Changes:
=====================================
tools/signing/set-config
=====================================
@@ -42,5 +42,5 @@ faketime_path=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
test -z "${NON_INTERACTIVE:-}" || rsync_progress="--progress"
rsync_options="-avH ${rsync_progress:-} ${DRY_RUN:-}"
-tb_builders='boklm dan henry ma1 pierov richard'
+tb_builders='bea boklm clairehurst dan henry jwilde ma1 morgan pierov'
wrappers_dir=/signing/tor-browser-build/tools/signing/wrappers
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a…
You're receiving this email because of your account on gitlab.torproject.org.
morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build
Commits:
08319a10 by Morgan at 2024-11-18T21:53:04+00:00
Bug 41300: Add bea, clairehurst, and jwilde to tb_builders
- - - - -
1 changed file:
- tools/signing/set-config
Changes:
=====================================
tools/signing/set-config
=====================================
@@ -42,5 +42,5 @@ faketime_path=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
test -z "${NON_INTERACTIVE:-}" || rsync_progress="--progress"
rsync_options="-avH ${rsync_progress:-} ${DRY_RUN:-}"
-tb_builders='boklm dan henry ma1 morgan pierov'
+tb_builders='bea boklm clairehurst dan henry jwilde ma1 morgan pierov'
wrappers_dir=/signing/tor-browser-build/tools/signing/wrappers
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0…
You're receiving this email because of your account on gitlab.torproject.org.
morgan pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
1de8a0a5 by Morgan at 2024-11-18T21:27:37+00:00
Bug 41300: Add bea, clairehurst, and jwilde to tb_builders
- - - - -
1 changed file:
- tools/signing/set-config
Changes:
=====================================
tools/signing/set-config
=====================================
@@ -42,5 +42,5 @@ faketime_path=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
test -z "${NON_INTERACTIVE:-}" || rsync_progress="--progress"
rsync_options="-avH ${rsync_progress:-} ${DRY_RUN:-}"
-tb_builders='boklm dan henry ma1 morgan pierov'
+tb_builders='bea boklm clairehurst dan henry jwilde ma1 morgan pierov'
wrappers_dir=/signing/tor-browser-build/tools/signing/wrappers
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1…
You're receiving this email because of your account on gitlab.torproject.org.
morgan pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
4cc42848 by Morgan at 2024-11-18T21:20:39+00:00
Bug 41304: Add a browser commit tag+signing script
- - - - -
6 changed files:
- + tools/browser/.gitignore
- + tools/browser/README.md
- + tools/browser/sign-tag
- + tools/browser/sign-tag.basebrowser
- + tools/browser/sign-tag.mullvadbrowser
- + tools/browser/sign-tag.torbrowser
Changes:
=====================================
tools/browser/.gitignore
=====================================
@@ -0,0 +1,3 @@
+basebrowser
+torbrowser
+mullvadbrowser
=====================================
tools/browser/README.md
=====================================
@@ -0,0 +1,65 @@
+# Tools
+
+### sign-tag
+
+This script gpg signs a git tag associated with a particular browser commit in the user's tor-browser.git or mullvad-browser.git repo.
+
+#### Prerequisites
+
+- The user must create the following soft-links:
+ - `/tools/browser/basebrowser` -> `/path/to/local/tor-browser.git`
+ - `/tools/browser/mullvadbrowser` -> `/path/to/local/mullvad-browser.git`
+ - `/tools/browser/torbrowser` -> `/path/to/local/tor-browser.git`
+- The user must first checkout the relevant branch of the commit we are tagging
+ - This is needed to extract the ESR version, branch-number, and browser name
+
+#### Usage
+
+```
+usage: ./tools/browser/sign-tag.<browser> <channel> <build-number> [commit]
+
+browser one of basebrowser, torbrowser, or mullvadbrowser
+channel the release channel of the commit to sign (e.g. alpha, stable,
+ or legacy)
+build-number the build number portion of a browser build tag (e.g. build2)
+commit optional git commit, HEAD is used if argument not present
+```
+
+#### Examples
+Invoke the relevant soft-link'd version of this script to sign a particular browser. The trailing commit argument is optional and if not present, the browser branch's `HEAD` will be tagged+signed.
+
+ - ##### `base-browser-128.4.0esr-14.5-1-build1`
+ After checking out `base-browser-128.4.0esr-14.5-1` branch in linked tor-browser.git
+ ```bash
+ ./sign-tag.basebrowser alpha build1 24e628c1fd3f0593e23334acf55dc81909c30099
+ ```
+ **output**:
+ ```
+ Tag commit 24e628c1fd3f in base-browser-128.4.0esr-14.5-1
+ tag: base-browser-128.4.0esr-14.5-1-build1
+ message: Tagging build1 for 128.4.0esr-based alpha
+ ```
+
+ - ##### `tor-browser-115.17.0esr-13.5-1-build2`
+ After checking out `tor-browser-115.17.0esr-13.5-1` branch in linked tor-browser.git
+ ```bash
+ ./sign-tag.torbrowser legacy build2 8e9e58fe400291f20be5712d057ad0b5fc4d70c1
+ ```
+ **output**:
+ ```
+ Tag commit 8e9e58fe4002 in tor-browser-115.17.0esr-13.5-1
+ tag: tor-browser-115.17.0esr-13.5-1-build2
+ message: Tagging build2 for 115.17.0esr-based legacy
+ ```
+
+ - ##### `mullvad-browser-128.4.0esr-14.0-1-build2`
+ After checking out `mullvad-browser-128.4.0esr-14.0-1` branch in linked mullvad-browser.git
+ ```bash
+ ./sign-tag.mullvadbrowser stable build2 385aa0559a90a258ed6613527ff3e117dfa5ae5b
+ ```
+ **output**:
+ ```
+ Tag commit 385aa0559a90 in mullvad-browser-128.4.0esr-14.0-1
+ tag: mullvad-browser-128.4.0esr-14.0-1-build2
+ message: Tagging build2 for 128.4.0esr-based stable
+ ```
\ No newline at end of file
=====================================
tools/browser/sign-tag
=====================================
@@ -0,0 +1,115 @@
+#!/usr/bin/env bash
+
+# See README.md for usage instructions.
+
+# terminate on error
+set -e
+
+# Check if at least two arguments are provided
+if [ "$#" -lt 2 ]; then
+ echo "Usage: $0 channel build-number [commit]"
+ exit 1
+fi
+
+script_name=$(basename "${BASH_ARGV0:-$0}")
+script_dir=$(dirname "${BASH_ARGV0:-$0}")
+browser=$(echo "$script_name" | perl -pe 's/^[^\.]+\.//')
+
+case "${browser}" in
+ basebrowser | torbrowser | mullvadbrowser)
+ # go down to browser directory
+ pushd ${script_dir}/${browser} > /dev/null
+ # and exit on script termination
+ trap "popd > /dev/null" EXIT
+ ;;
+ *)
+ echo -n "unrecognized browser: '${browser}'"
+ exit 1
+ ;;
+esac
+
+#
+# Branch name validation and extract components from branch name needed for tag
+# and message
+#
+
+branch_name=$(git rev-parse --abbrev-ref HEAD)
+if [[ $branch_name =~ ^([a-z]+-browser)-([1-9][0-9]+\.[0-9]+\.[0-9]+esr)-([1-9][0-9]*\.[05])-([1-9]).*$ ]]; then
+ project="${BASH_REMATCH[1]}"
+ esr="${BASH_REMATCH[2]}"
+ version="${BASH_REMATCH[3]}"
+ branch_number="${BASH_REMATCH[4]}"
+else
+ echo "This script must be run from an official browser branch. For example 'base-browser-128.4.0esr-14.0-1'"
+ exit 1
+fi
+
+#
+# Verify the detected browser matches the name of the current branch
+#
+case "${browser}" in
+ basebrowser)
+ valid_project="base-browser"
+ ;;
+ torbrowser)
+ valid_project="tor-browser"
+ ;;
+ mullvadbrowser)
+ valid_project="mullvad-browser"
+ ;;
+esac
+
+if ! [[ "${project}" == "${valid_project}" ]]; then
+ echo "Invalid branch \"${branch_name}\". Must be a \"${valid_project}\" branch"
+ exit 1
+fi
+
+#
+# Assign arguments to variables
+#
+channel=$1
+build_number=$2
+commit=$(git rev-parse --short ${3:-HEAD})
+
+#
+# Validate arguments
+#
+
+# channel validation
+if [[ "${project}" == "mullvad-browser" ]]; then
+ valid_channels=("alpha" "stable")
+else
+ valid_channels=("alpha" "stable" "legacy")
+fi
+channel_valid=false
+for value in "${valid_channels[@]}"; do
+ if [[ "${channel}" == "${value}" ]]; then
+ channel_valid=true
+ break
+ fi
+done
+
+if ! $channel_valid; then
+ echo "Invalid channel name \"${channel}\". Must be one of: ${valid_channels[*]}"
+ exit 1
+fi
+
+# build number validation
+if ! [[ "${build_number}" =~ ^build[1-9][0-9]*$ ]]; then
+ echo "Invalid build number \"${build_number}\". Must be in the format \"build[1-9][0-9]*\""
+ exit 1
+fi
+
+#
+# Sign and tag the specified git commit
+#
+
+tag="${project}-${esr}-${version}-${branch_number}-${build_number}"
+message="Tagging ${build_number} for ${esr}-based ${channel}"
+
+
+echo "Tag commit ${commit} in ${branch_name}"
+echo " tag: ${tag}"
+echo " message: ${message}"
+
+git tag -s "${tag}" "${commit}" -m "${message}"
=====================================
tools/browser/sign-tag.basebrowser
=====================================
@@ -0,0 +1 @@
+sign-tag
\ No newline at end of file
=====================================
tools/browser/sign-tag.mullvadbrowser
=====================================
@@ -0,0 +1 @@
+sign-tag
\ No newline at end of file
=====================================
tools/browser/sign-tag.torbrowser
=====================================
@@ -0,0 +1 @@
+sign-tag
\ No newline at end of file
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4…
You're receiving this email because of your account on gitlab.torproject.org.