Pier Angelo Vendrame pushed to branch mullvad-browser-115.8.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser
Commits:
11ce0365 by Henry Wilkes at 2024-02-21T18:56:18+01:00
fixup! Base Browser strings
Bug 42423: Add a base-browser Fluent file that is not passed on to
translators.
- - - - -
2 changed files:
- + browser/locales-preview/base-browser-no-translate.ftl
- browser/locales/jar.mn
Changes:
=====================================
browser/locales-preview/base-browser-no-translate.ftl
=====================================
@@ -0,0 +1 @@
+# base-browser strings that should *not* be sent to translators on Weblate.
=====================================
browser/locales/jar.mn
=====================================
@@ -14,6 +14,7 @@
preview/firefoxSuggest.ftl (../components/urlbar/content/firefoxSuggest.ftl)
preview/identityCredentialNotification.ftl (../components/credentialmanager/identityCredentialNotification.ftl)
preview/stripOnShare.ftl (../components/urlbar/content/stripOnShare.ftl)
+ preview/base-browser-no-translate.ftl (../locales-preview/base-browser-no-translate.ftl)
browser (%browser/**/*.ftl)
@AB_CD@.jar:
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/11c…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/11c…
You're receiving this email because of your account on gitlab.torproject.org.
Pier Angelo Vendrame pushed to branch base-browser-115.8.0esr-13.5-1 at The Tor Project / Applications / Tor Browser
Commits:
158a87d9 by Henry Wilkes at 2024-02-21T18:55:55+01:00
fixup! Base Browser strings
Bug 42423: Add a base-browser Fluent file that is not passed on to
translators.
- - - - -
2 changed files:
- + browser/locales-preview/base-browser-no-translate.ftl
- browser/locales/jar.mn
Changes:
=====================================
browser/locales-preview/base-browser-no-translate.ftl
=====================================
@@ -0,0 +1 @@
+# base-browser strings that should *not* be sent to translators on Weblate.
=====================================
browser/locales/jar.mn
=====================================
@@ -14,6 +14,7 @@
preview/firefoxSuggest.ftl (../components/urlbar/content/firefoxSuggest.ftl)
preview/identityCredentialNotification.ftl (../components/credentialmanager/identityCredentialNotification.ftl)
preview/stripOnShare.ftl (../components/urlbar/content/stripOnShare.ftl)
+ preview/base-browser-no-translate.ftl (../locales-preview/base-browser-no-translate.ftl)
browser (%browser/**/*.ftl)
@AB_CD@.jar:
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/158a87d…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/158a87d…
You're receiving this email because of your account on gitlab.torproject.org.
Pier Angelo Vendrame pushed to branch tor-browser-115.8.0esr-13.5-1 at The Tor Project / Applications / Tor Browser
Commits:
4044ac1c by Henry Wilkes at 2024-02-21T16:32:16+00:00
fixup! Base Browser strings
Bug 42423: Add a base-browser Fluent file that is not passed on to
translators.
- - - - -
73edce4c by Henry Wilkes at 2024-02-21T16:32:17+00:00
fixup! Tor Browser strings
Bug 42423: Add a tor-browser Fluent file that is not passed on to
translators.
- - - - -
4b5aa8fa by Henry Wilkes at 2024-02-21T16:32:17+00:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 42423: Move temporary Lox invite strings to new file.
- - - - -
5 changed files:
- browser/components/torpreferences/content/loxInviteDialog.xhtml
- + browser/locales-preview/base-browser-no-translate.ftl
- + browser/locales-preview/tor-browser-no-translate.ftl
- browser/locales/en-US/browser/tor-browser.ftl
- browser/locales/jar.mn
Changes:
=====================================
browser/components/torpreferences/content/loxInviteDialog.xhtml
=====================================
@@ -20,6 +20,10 @@
<dialog id="lox-invite-dialog" buttons="accept">
<linkset>
<html:link rel="localization" href="browser/tor-browser.ftl" />
+ <html:link
+ rel="localization"
+ href="preview/tor-browser-no-translate.ftl"
+ />
</linkset>
<script src="chrome://browser/content/torpreferences/loxInviteDialog.js" />
=====================================
browser/locales-preview/base-browser-no-translate.ftl
=====================================
@@ -0,0 +1 @@
+# base-browser strings that should *not* be sent to translators on Weblate.
=====================================
browser/locales-preview/tor-browser-no-translate.ftl
=====================================
@@ -0,0 +1,16 @@
+# tor-browser strings that should *not* be sent to translators on Weblate.
+
+## Bridge pass invite dialog.
+## Temporary until tor-browser#42385
+
+lox-invite-dialog-title =
+ .title = Bridge pass invites
+lox-invite-dialog-description = You can ask the bridge bot to create a new invite, which you can share with a trusted contact to give them their own bridge pass. Each invite can only be redeemed once, but you will unlock access to more invites over time.
+lox-invite-dialog-request-button = Request new invite
+lox-invite-dialog-connecting = Connecting to bridge pass server…
+lox-invite-dialog-no-server-error = Unable to connect to bridge pass server.
+lox-invite-dialog-generic-invite-error = Failed to create a new invite.
+lox-invite-dialog-invites-label = Created invites:
+lox-invite-dialog-menu-item-copy-invite =
+ .label = Copy invite
+ .accesskey = C
=====================================
browser/locales/en-US/browser/tor-browser.ftl
=====================================
@@ -298,17 +298,3 @@ user-provide-bridge-dialog-result-invite = The following bridges were shared wit
user-provide-bridge-dialog-result-addresses = The following bridges were entered by you.
user-provide-bridge-dialog-next-button =
.label = Next
-
-## Bridge pass invite dialog. Temporary.
-
-lox-invite-dialog-title =
- .title = Bridge pass invites
-lox-invite-dialog-description = You can ask the bridge bot to create a new invite, which you can share with a trusted contact to give them their own bridge pass. Each invite can only be redeemed once, but you will unlock access to more invites over time.
-lox-invite-dialog-request-button = Request new invite
-lox-invite-dialog-connecting = Connecting to bridge pass server…
-lox-invite-dialog-no-server-error = Unable to connect to bridge pass server.
-lox-invite-dialog-generic-invite-error = Failed to create a new invite.
-lox-invite-dialog-invites-label = Created invites:
-lox-invite-dialog-menu-item-copy-invite =
- .label = Copy invite
- .accesskey = C
=====================================
browser/locales/jar.mn
=====================================
@@ -14,6 +14,8 @@
preview/firefoxSuggest.ftl (../components/urlbar/content/firefoxSuggest.ftl)
preview/identityCredentialNotification.ftl (../components/credentialmanager/identityCredentialNotification.ftl)
preview/stripOnShare.ftl (../components/urlbar/content/stripOnShare.ftl)
+ preview/base-browser-no-translate.ftl (../locales-preview/base-browser-no-translate.ftl)
+ preview/tor-browser-no-translate.ftl (../locales-preview/tor-browser-no-translate.ftl)
browser (%browser/**/*.ftl)
@AB_CD@.jar:
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/bdfc4f…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/bdfc4f…
You're receiving this email because of your account on gitlab.torproject.org.
richard pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
f1811496 by Richard Pospesel at 2024-02-21T11:55:05+00:00
Update Mullvad and Tor Browser Release Prep issue templates
- - - - -
4 changed files:
- .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
- .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Tor Browser Stable.md
Changes:
=====================================
.gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md
=====================================
@@ -27,172 +27,178 @@
</details>
**NOTE** It is assumed that the `tor-browser` alpha rebase and security backport tasks have been completed
+
**NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue
<details>
<summary>Building</summary>
- ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
- Mullvad Browser Alpha (and Nightly) are on the `main` branch
-
- - [ ] Update `rbm.conf`
- - [ ] `var/torbrowser_version` : update to next version
- - [ ] `var/torbrowser_build` : update to `$(MULLVAD_BROWSER_BUILD_N)`
- - [ ] `var/torbrowser_incremental_from` : update to previous Desktop version
- - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update
- - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail
- - [ ] Update build configs
- - [ ] Update `projects/firefox/config`
- - [ ] `browser_build` : update to match `mullvad-browser` tag
- - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
- - [ ] Update `projects/translation/config`:
- - [ ] run `make list_translation_updates-alpha` to get updated hashes
- - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch
- - [ ] `steps/mullvad-browser/git_hash` : update with `HEAD` commit of project's `mullvad-browser` branch
- - [ ] Update common build configs
- - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
- - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
- - [ ] `URL`
- - [ ] `sha256sum`
- - [ ] Check for uBlock-origin updates here : https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
- - [ ] ***(Optional)*** If new version available, update `ublock-origin` section of `input_files` in `projects/browser/config`
- - [ ] `URL`
- - [ ] `sha256sum`
- - [ ] Check for Mullvad Privacy Companion updates here : https://github.com/mullvad/browser-extension/releases
- - [ ] ***(Optional)*** If new version available, update `mullvad-extension` section of `input_files` in `projects/browser/config`
- - [ ] `URL`
- - [ ] `sha256sum`
- - [ ] Update `ChangeLog-MB.txt`
- - [ ] Ensure `ChangeLog-MB.txt` is sync'd between alpha and stable branches
- - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
- - [ ] Run `tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs`
- - Make sure you have `requests` installed (e.g., `apt install python3-requests`)
- - The first time you run this script you will need to generate an access token; the script will guide you
- - `$updateArgs` should be these arguments, depending on what you actually updated:
- - [ ] `--firefox`
- - [ ] `--no-script`
- - [ ] `--ublock`
- - E.g., `tools/fetch-changelogs.py 41029 --date 'December 19 2023' --firefox 115.6.0esr --no-script 11.4.29 --ublock 1.54.0`
- - `--date $date` is optional, if omitted it will be the date on which you run the command
- - [ ] Copy the output of the script to the beginning of `ChangeLog-MB.txt` and adjust its output
- - [ ] Open MR with above changes, using the template for release preparations
- - [ ] Merge
- - [ ] Sign+Tag
- - **NOTE** this must be done by one of:
- - boklm
- - dan
- - ma1
- - pierov
- - richard
- - [ ] Run: `make mullvadbrowser-signtag-alpha`
- - [ ] Push tag to `upstream`
- - [ ] Build the tag on at least one of:
- - Run `make mullvadbrowser-alpha && make mullvadbrowser-incrementals-alpha`
+### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
+Mullvad Browser Alpha (and Nightly) are on the `main` branch
+
+- [ ] Update `rbm.conf`
+ - [ ] `var/torbrowser_version` : update to next version
+ - [ ] `var/torbrowser_build` : update to `$(MULLVAD_BROWSER_BUILD_N)`
+ - [ ] `var/torbrowser_incremental_from` : update to previous Desktop version
+ - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update
+ - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail
+- [ ] Update build configs
+ - [ ] Update `projects/firefox/config`
+ - [ ] `browser_build` : update to match `mullvad-browser` tag
+ - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
+ - [ ] Update `projects/translation/config`:
+ - [ ] run `make list_translation_updates-alpha` to get updated hashes
+ - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch
+ - [ ] `steps/mullvad-browser/git_hash` : update with `HEAD` commit of project's `mullvad-browser` branch
+- [ ] Update common build configs
+ - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
+ - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
+ - [ ] `URL`
+ - [ ] `sha256sum`
+ - [ ] Check for uBlock-origin updates here : https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
+ - [ ] ***(Optional)*** If new version available, update `ublock-origin` section of `input_files` in `projects/browser/config`
+ - [ ] `URL`
+ - [ ] `sha256sum`
+ - [ ] Check for Mullvad Browser Extension updates here : https://github.com/mullvad/browser-extension/releases
+ - [ ] ***(Optional)*** If new version available, update `mullvad-extension` section of `input_files` in `projects/browser/config`
+ - [ ] `URL`
+ - [ ] `sha256sum`
+- [ ] Update `ChangeLog-MB.txt`
+ - [ ] Ensure `ChangeLog-MB.txt` is sync'd between alpha and stable branches
+ - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
+ - [ ] Run `tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs`
+ - Make sure you have `requests` installed (e.g., `apt install python3-requests`)
+ - The first time you run this script you will need to generate an access token; the script will guide you
+ - `$updateArgs` should be these arguments, depending on what you actually updated:
+ - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case)
+ - [ ] `--no-script`
+ - [ ] `--ublock`
+ - E.g., `tools/fetch-changelogs.py 41029 --date 'December 19 2023' --firefox 115.6.0esr --no-script 11.4.29 --ublock 1.54.0`
+ - `--date $date` is optional, if omitted it will be the date on which you run the command
+ - [ ] Copy the output of the script to the beginning of `ChangeLog-MB.txt` and adjust its output
+- [ ] Open MR with above changes, using the template for release preparations
+- [ ] Merge
+- [ ] Sign+Tag
+ - **NOTE** this must be done by one of:
+ - boklm
+ - dan
+ - ma1
+ - pierov
+ - richard
+ - [ ] Run: `make mullvadbrowser-signtag-alpha`
+ - [ ] Push tag to `upstream`
+- [ ] Build the tag:
+ - Run `make mullvadbrowser-alpha && make mullvadbrowser-incrementals-alpha` on:
- [ ] Tor Project build machine
- [ ] Local developer machine
- [ ] Submit build request to Mullvad infrastructure:
- **NOTE** this requires a devmole authentication token
- Run `make mullvadbrowser-kick-devmole-build`
- - [ ] Ensure builders have matching builds
+- [ ] Ensure builders have matching builds
</details>
<details>
<summary>Signing</summary>
- ### signing
- - [ ] Assign this issue to the signer, one of:
- - boklm
- - richard
- - [ ] On `$(STAGING_SERVER)`, ensure updated:
- - [ ] `tor-browser-build/tools/signing/set-config.hosts`
- - `ssh_host_builder` : ssh hostname of machine with unsigned builds
- - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
- - `ssh_host_linux_signer` : ssh hostname of linux signing machine
- - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect`
- - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos
- - [ ] `set-config.update-responses`
- - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git`
- - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
- - `tbb_version` : mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
- - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
- - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases
- - [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
- - [ ] run do-all-signing script:
- - `cd tor-browser-build/tools/signing/`
- - `./do-all-signing.mullvadbrowser`
- - **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
- - [ ] Update `staticiforme.torproject.org`:
- - From `screen` session on `staticiforme.torproject.org`:
- - [ ] Static update components : `static-update-component dist.torproject.org`
- - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser`
- - [ ] Static update components (again) : `static-update-component dist.torproject.org`
+### release signing
+- [ ] Assign this issue to the signer, one of:
+ - boklm
+ - richard
+- [ ] On `$(STAGING_SERVER)`, ensure updated:
+ - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N) && git checkout tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N)`
+ - [ ] `tor-browser-build/tools/signing/set-config.hosts`
+ - `ssh_host_builder` : ssh hostname of machine with unsigned builds
+ - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
+ - `ssh_host_linux_signer` : ssh hostname of linux signing machine
+ - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect`
+ - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos
+ - [ ] `set-config.update-responses`
+ - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git`
+ - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
+ - `tbb_version` : mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
+ - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
+ - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases
+- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
+- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script:
+ - `cd tor-browser-build/tools/signing/`
+ - `./do-all-signing.mullvadbrowser`
+- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
+- [ ] Update `staticiforme.torproject.org`:
+ - From `screen` session on `staticiforme.torproject.org`:
+ - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser`
+ - [ ] Static update components (again) : `static-update-component dist.torproject.org`
</details>
<details>
<summary>Publishing</summary>
- ### mullvad-browser (github): https://github.com/mullvad/mullvad-browser/
- - [ ] Assign this issue to someone with mullvad commit access, one of:
+### mullvad-browser (GitHub): https://github.com/mullvad/mullvad-browser/
+- [ ] Assign this issue to someone with mullvad commit access, one of:
- richard
- - [ ] Push this release's associated `mullvad-browser.git` branch to github
- - [ ] Push this release's associated tags to github:
- - [ ] Firefox ESR tag
- - **example** : `FIREFOX_102_12_0esr_BUILD1,`
- - [ ] `base-browser` tag
- - **example** : `base-browser-102.12.0esr-12.0-1-build1`
- - [ ] `mullvad-browser` tag
- - **example** : `mullvad-browser-102.12.0esr-12.0-1-build1`
- - [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build:
- - **Tag**: `$(MULLVAD_BROWSER_VERSION)`
- - **example** : `12.5a7`
- - **Message**: `$(ESR_VERSION)esr-based $(MULLVAD_BROWSER_VERSION)`
- - **example** : `102.12.0esr-based 12.5a7`
- - [ ] Push tag to github
-
- ### email
- - [ ] Email Mullvad with release information: support(a)mullvad.net, rui(a)mullvad.net
- <details>
- <summary>email template</summary>
-
- Subject:
- New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed)
-
- Body:
- signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION)
-
- update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH)
-
- changelog:
- ...
-
- </details>
+- [ ] Push this release's associated `mullvad-browser.git` branch to github
+- [ ] Push this release's associated tags to github:
+ - [ ] Firefox ESR tag
+ - **example** : `FIREFOX_102_12_0esr_BUILD1`
+ - [ ] `base-browser` tag
+ - **example** : `base-browser-102.12.0esr-12.0-1-build1`
+ - [ ] `mullvad-browser` tag
+ - **example** : `mullvad-browser-102.12.0esr-12.0-1-build1`
+- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build:
+ - **Tag**: `$(MULLVAD_BROWSER_VERSION)`
+ - **example** : `12.5a7`
+ - **Message**: `$(ESR_VERSION)esr-based $(MULLVAD_BROWSER_VERSION)`
+ - **example** : `102.12.0esr-based 12.5a7`
+ - [ ] Push tag to github
+
+### email
+- [ ] **(Once branch+tags pushed to GitHub)** Email Mullvad with release information:
+ - [ ] support alias: support(a)mullvadvpn.net
+ - [ ] Rui: rui(a)mullvad.net
+ - **Subject**
+ ```
+ New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed)
+ ```
+ - **Body**
+ ```
+ Hello,
+
+ Branch+Tags have been pushed to Mullvad's GitHub repo.
+
+ - signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION)
+ - update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH)
+
+ changelog:
+ ...
+ ```
+
</details>
<details>
<summary>Downstream</summary>
- ### notify packagers
-
- - [ ] **(Optional, Once Mullvad Updates their Github Releases Page)** Email downstream consumers:
- - **NOTE**: This is an optional step and only necessary close a major release/transition from alpha to stable, or if there are major packing changes these developers need to be aware of
- <details>
- <summary>email template</summary>
-
- Hello!
-
- Mullvad-Browser $(MULLVAD_BROWSER_VERSION) packages are available, so you should all update your respective downstream packages.
-
- Release builds can be found here:
-
- - https://github.com/mullvad/mullvad-browser/releases/tag/$(MULLVAD_BROWSER_V…
-
- </details>
-
- - flathub package maintainer: proletarius101(a)protonmail.com
- - arch package maintainer: bootctl(a)gmail.com
- - nixOS package maintainer: dev(a)felschr.com
+### notify packagers
+These steps depend on Mullvad having updated their [GitHub Releases](https://github.com/mullvad/mullvad-browser/releases/) page with the latest release
+- [ ] **(Optional)** Email downstream consumers:
+ - **NOTE**: This is an optional step and only necessary close a major release/transition from alpha to stable, or if there are major packing changes these developers need to be aware of
+ - [ ] flathub package maintainer: proletarius101(a)protonmail.com
+ - [ ] arch package maintainer: bootctl(a)gmail.com
+ - [ ] nixOS package maintainer: dev(a)felschr.com
+ - **Subject**
+ ```
+ Mullvad Browser $(MULLVAD_BROWSER_VERSION) released
+ ```
+ - **Body**
+ ```
+ Hello!
+
+ This is a major alpha release which may require changes in your respective downstream packages once it stabilises.
+
+ The latest alpha builds can be found here:
+
+ - https://github.com/mullvad/mullvad-browser/releases?q=prerelease%3Atrue
+ ```
</details>
=====================================
.gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
=====================================
@@ -28,6 +28,8 @@
**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed
+**NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue
+
<details>
<summary>Building</summary>
@@ -38,6 +40,7 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
- [ ] `var/torbrowser_version` : update to next version
- [ ] `var/torbrowser_build` : update to `$(MULLVAD_BROWSER_BUILD_N)`
- [ ] `var/torbrowser_incremental_from` : update to previous Desktop version
+ - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update
- **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail
- [ ] Update build configs
- [ ] Update `projects/firefox/config`
@@ -46,7 +49,7 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
- [ ] Update `projects/translation/config`:
- [ ] run `make list_translation_updates-release` to get updated hashes
- [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch
- - [ ] `steps/base-browser-fluent/git_hash` : update with `HEAD` commit of project's `basebrowser-newidentityftl` branch
+ - [ ] `steps/mullvad-browser/git_hash` : update with `HEAD` commit of project's `mullvad-browser` branch
- [ ] Update common build configs
- [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
- [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
@@ -56,7 +59,7 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
- [ ] ***(Optional)*** If new version available, update `ublock-origin` section of `input_files` in `projects/browser/config`
- [ ] `URL`
- [ ] `sha256sum`
- - [ ] Check for Mullvad Privacy Companion updates here : https://github.com/mullvad/browser-extension/releases
+ - [ ] Check for Mullvad Browser Extension updates here : https://github.com/mullvad/browser-extension/releases
- [ ] ***(Optional)*** If new version available, update `mullvad-extension` section of `input_files` in `projects/browser/config`
- [ ] `URL`
- [ ] `sha256sum`
@@ -67,39 +70,43 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
- Make sure you have `requests` installed (e.g., `apt install python3-requests`)
- The first time you run this script you will need to generate an access token; the script will guide you
- `$updateArgs` should be these arguments, depending on what you actually updated:
- - [ ] `--firefox`
+ - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case)
- [ ] `--no-script`
- [ ] `--ublock`
- E.g., `tools/fetch-changelogs.py 41029 --date 'December 19 2023' --firefox 115.6.0esr --no-script 11.4.29 --ublock 1.54.0`
- `--date $date` is optional, if omitted it will be the date on which you run the command
- [ ] Copy the output of the script to the beginning of `ChangeLog-MB.txt` and adjust its output
- - [ ] Open MR with above changes, using the template for release preparations
- - [ ] Merge
- - [ ] Sign+Tag
- - **NOTE** this must be done by one of:
- - boklm
- - dan
- - ma1
- - pierov
- - richard
- - [ ] Run: `make mullvadbrowser-signtag-release`
- - [ ] Push tag to `upstream`
- - [ ] Build on at least one of:
- - Run `make mullvadbrowser-release && make mullvadbrowser-incrementals-release`
+- [ ] Open MR with above changes, using the template for release preparations
+- [ ] Merge
+- [ ] Sign+Tag
+ - **NOTE** this must be done by one of:
+ - boklm
+ - dan
+ - ma1
+ - pierov
+ - richard
+ - [ ] Run: `make mullvadbrowser-signtag-release`
+ - [ ] Push tag to `upstream`
+- [ ] Build the tag:
+ - Run `make mullvadbrowser-release && make mullvadbrowser-incrementals-release`
- [ ] Tor Project build machine
- [ ] Local developer machine
- [ ] Submit build request to Mullvad infrastructure:
- **NOTE** this requires a devmole authentication token
- Run `make mullvadbrowser-kick-devmole-build`
- - [ ] Ensure builders have matching builds
+- [ ] Ensure builders have matching builds
</details>
<details>
<summary>Signing</summary>
-### signing
+### release signing
+- [ ] Assign this issue to the signer, one of:
+ - boklm
+ - richard
- [ ] On `$(STAGING_SERVER)`, ensure updated:
+ - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N) && git checkout tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N)`
- [ ] `tor-browser-build/tools/signing/set-config.hosts`
- `ssh_host_builder` : ssh hostname of machine with unsigned builds
- **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
@@ -113,13 +120,12 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
- `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
- `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases
- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
-- [ ] run do-all-signing script:
- - `cd tor-browser-build/tools/signing/`
- - `./do-all-signing.mullvadbrowser`
+- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script:
+ - `cd tor-browser-build/tools/signing/`
+ - `./do-all-signing.mullvadbrowser`
- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
- [ ] Update `staticiforme.torproject.org`:
- From `screen` session on `staticiforme.torproject.org`:
- - [ ] Static update components : `static-update-component dist.torproject.org`
- [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser`
- [ ] Static update components (again) : `static-update-component dist.torproject.org`
@@ -128,30 +134,13 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
<details>
<summary>Publishing</summary>
-### email
-
-- [ ] Email Mullvad with release information: support(a)mullvad.net, rui(a)mullvad.net
- <details>
- <summary>email template</summary>
-
- Subject:
- New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed)
-
- Body:
- signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION)
-
- update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH)
-
- changelog:
- ...
-
- </details>
-
-### mullvad-browser (github): https://github.com/mullvad/mullvad-browser/
+### mullvad-browser (GitHub): https://github.com/mullvad/mullvad-browser/
+- [ ] Assign this issue to someone with mullvad commit access, one of:
+ - richard
- [ ] Push this release's associated `mullvad-browser.git` branch to github
- [ ] Push this release's associated tags to github:
- [ ] Firefox ESR tag
- - **example** : `FIREFOX_102_12_0esr_BUILD1,`
+ - **example** : `FIREFOX_102_12_0esr_BUILD1`
- [ ] `base-browser` tag
- **example** : `base-browser-102.12.0esr-12.0-1-build1`
- [ ] `mullvad-browser` tag
@@ -163,32 +152,59 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
- **example** : `102.12.0esr-based 12.0.7`
- [ ] Push tag to github
+### email
+- [ ] **(Once branch+tags pushed to GitHub)** Email Mullvad with release information:
+ - [ ] support alias: support(a)mullvadvpn.net
+ - [ ] Rui: rui(a)mullvad.net
+ - **Subject**
+ ```
+ New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed)
+ ```
+ - **Body**
+ ```
+ Hello,
+
+ Branch+Tags have been pushed to Mullvad's GitHub repo.
+
+ - signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION)
+ - update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH)
+
+ changelog:
+ ...
+ ```
+
</details>
<details>
<summary>Downstream</summary>
### notify packagers
-
-- [ ] **(Once Mullvad Updates their Github Releases Page)** Email downstream consumers:
- <details>
- <summary>email template</summary>
-
- ...
-
- ...
-
- </details>
-
+These steps depend on Mullvad having updated their [GitHub Releases](https://github.com/mullvad/mullvad-browser/releases/) page with the latest release
+- [ ] Email downstream consumers:
- [ ] flathub package maintainer: proletarius101(a)protonmail.com
- [ ] arch package maintainer: bootctl(a)gmail.com
- [ ] nixOS package maintainer: dev(a)felschr.com
+ - **Subject**
+ ```
+ Mullvad Browser $(MULLVAD_BROWSER_VERSION) released
+ ```
+ - **Body**
+ ```
+ Hello!
-### merge requests
+ Mullvad-Browser packages are available, so you should update your respective downstream packages.
+
+ The latest release builds can be found here:
-- [ ] homebrew: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/mullvad-browser…
- - **NOTE**: should just need to update the version to latest
+ - https://github.com/mullvad/mullvad-browser/releases?q=prerelease%3Afalse
+ ```
+
+### merge requests
+- [ ] homebrew: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/m/mullvad-brows…
+ - **NOTE**: should just need to update `version` and `sha256` to latest
</details>
-/label ~"Release Prep" ~"Sponsor 131"
+/label ~"Release Prep"
+/label ~"Sponsor 131"
+
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
=====================================
@@ -32,197 +32,176 @@
<details>
<summary>Building</summary>
- ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
- Tor Browser Alpha (and Nightly) are on the `main` branch
-
- - [ ] Update `rbm.conf`
- - [ ] `var/torbrowser_version` : update to next version
- - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)`
- - [ ] ***(Desktop Only)***`var/torbrowser_incremental_from` : update to previous Desktop version
- - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update
- - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail
- - [ ] Update Desktop-specific build configs
- - [ ] Update `projects/firefox/config`
- - [ ] `browser_build` : update to match `tor-browser` tag
- - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
- - [ ] Update `projects/translation/config`:
- - [ ] run `make list_translation_updates-alpha` to get updated hashes
- - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch
- - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch
- - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
- - [ ] Update Android-specific build configs
- - [ ] Update `projects/geckoview/config`
- - [ ] `browser_build` : update to match `tor-browser` tag
- - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased
- - [ ] ***(Optional)*** Update `projects/tor-android-service/config`
- - [ ] `git_hash` : update with `HEAD` commit of project's `main` branch
- - [ ] ***(Optional)*** Update `projects/application-services/config`:
- **NOTE** we don't currently have any of our own patches for this project
- - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)`
- - [ ] ***(Optional)*** Update `projects/firefox-android/config`:
- - [ ] `fenix_version` : update to match alpha `firefox-android` build tag
- - [ ] `browser_branch` : update to match alpha `firefox-android` build tag
- - [ ] Update allowed_addons.json by running (from `tor-browser-build` root):
- - `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
- - [ ] Update common build configs
- - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
- - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
- - [ ] `URL`
- - [ ] `sha256sum`
- - [ ] Check for OpenSSL updates here : https://www.openssl.org/source/
- - [ ] ***(Optional)*** If new 3.0.X version available, update `projects/openssl/config`
- - [ ] `version` : update to next 3.0.X version
- - [ ] `input_files/sha256sum` : update to sha256 sum of source tarball
- - [ ] Check for zlib updates here: https://github.com/madler/zlib/releases
- - [ ] **(Optional)** If new tag available, update `projects/zlib/config`
- - [ ] `version` : update to next release tag
- - [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags
- - [ ] ***(Optional)*** Update `projects/tor/config`
- - [ ] `version` : update to latest `-alpha` tag or release tag if newer (ping dgoulet or ahf if unsure)
- - [ ] Check for go updates here : https://golang.org/dl
- - **NOTE** : Tor Browser Alpha uses the latest Stable major series go version
- - [ ] ***(Optional)*** Update `projects/go/config`
- - [ ] `version` : update go version
- - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page)
- - [ ] Check for manual updates by running (from `tor-browser-build` root): `./tools/fetch-manual.py`
- - [ ] ***(Optional)*** If new version is available:
- - [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to `tb-build-02.torproject.org`
- - [ ] Deploy to `tb-builder`'s `public_html` directory:
- - `sudo -u tb-builder cp manual_$PIPELINEID.zip ~/../tb-builder/public_html/.`
- - [ ] Update `projects/manual/config`:
- - [ ] Change the `version` to `$PIPELINEID`
- - [ ] Update `sha256sum` in the `input_files` section
- - [ ] Update `ChangeLog-TBB.txt`
- - [ ] Ensure `ChangeLog-TBB.txt` is sync'd between alpha and stable branches
- - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
- - [ ] Run `tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs`
- - Make sure you have `requests` installed (e.g., `apt install python3-requests`)
- - The first time you run this script you will need to generate an access token; the script will guide you
- - `$updateArgs` should be these arguments, depending on what you actually updated:
- - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case)
- - [ ] `--tor`
- - [ ] `--no-script`
- - [ ] `--openssl`
- - [ ] `--zlib`
- - [ ] `--go`
- - E.g., `tools/fetch-changelogs.py 41028 --date 'December 19 2023' --firefox 115.6.0esr --tor 0.4.8.10 --no-script 11.4.29 --zlib 1.3 --go 1.21.5 --openssl 3.0.12`
- - `--date $date` is optional, if omitted it will be the date on which you run the command
- - [ ] Copy the output of the script to the beginning of `ChangeLog-TBB.txt` and adjust its output
- - [ ] Open MR with above changes, using the template for release preparations
- - [ ] Merge
- - [ ] Sign+Tag
- - **NOTE** this must be done by one of:
- - boklm
- - dan
- - ma1
- - pierov
- - richard
- - [ ] Run: `make torbrowser-signtag-alpha`
- - [ ] Push tag to `upstream`
- - [ ] Build on at least one of:
- - Run `make torbrowser-alpha && make torbrowser-incrementals-alpha`
+### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
+Tor Browser Alpha (and Nightly) are on the `main` branch
+
+- [ ] Update `rbm.conf`
+ - [ ] `var/torbrowser_version` : update to next version
+ - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)`
+ - [ ] ***(Desktop Only)***`var/torbrowser_incremental_from` : update to previous Desktop version
+ - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update
+ - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail
+- [ ] Update Desktop-specific build configs
+ - [ ] Update `projects/firefox/config`
+ - [ ] `browser_build` : update to match `tor-browser` tag
+ - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
+- [ ] Update Android-specific build configs
+ - [ ] Update `projects/geckoview/config`
+ - [ ] `browser_build` : update to match `tor-browser` tag
+ - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased
+ - [ ] ***(Optional)*** Update `projects/tor-android-service/config`
+ - [ ] `git_hash` : update with `HEAD` commit of project's `main` branch
+ - [ ] ***(Optional)*** Update `projects/application-services/config`:
+ **NOTE** we don't currently have any of our own patches for this project
+ - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)`
+ - [ ] ***(Optional)*** Update `projects/firefox-android/config`:
+ - [ ] `fenix_version` : update to match alpha `firefox-android` build tag
+ - [ ] `browser_branch` : update to match alpha `firefox-android` build tag
+ - [ ] Update allowed_addons.json by running (from `tor-browser-build` root):
+ - `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
+- [ ] Update `projects/translation/config`:
+ - [ ] run `make list_translation_updates-alpha` to get updated hashes
+ - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch
+ - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch
+ - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
+- [ ] Update common build configs
+ - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
+ - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
+ - [ ] `URL`
+ - [ ] `sha256sum`
+ - [ ] Check for OpenSSL updates here : https://www.openssl.org/source/
+ - [ ] ***(Optional)*** If new 3.0.X version available, update `projects/openssl/config`
+ - [ ] `version` : update to next 3.0.X version
+ - [ ] `input_files/sha256sum` : update to sha256 sum of source tarball
+ - [ ] Check for zlib updates here: https://github.com/madler/zlib/releases
+ - [ ] **(Optional)** If new tag available, update `projects/zlib/config`
+ - [ ] `version` : update to next release tag
+ - [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags
+ - [ ] ***(Optional)*** Update `projects/tor/config`
+ - [ ] `version` : update to latest `-alpha` tag or release tag if newer (ping dgoulet or ahf if unsure)
+ - [ ] Check for go updates here : https://go.dev/dl
+ - **NOTE** : In general, Tor Browser Alpha uses the latest Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities.
+ - [ ] ***(Optional)*** Update `projects/go/config`
+ - [ ] `version` : update go version
+ - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page)
+ - [ ] Check for manual updates by running (from `tor-browser-build` root): `./tools/fetch-manual.py`
+ - [ ] ***(Optional)*** If new version is available:
+ - [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to `tb-build-02.torproject.org`
+ - [ ] Deploy to `tb-builder`'s `public_html` directory:
+ - `sudo -u tb-builder cp manual_$PIPELINEID.zip ~tb-builder/public_html/.`
+ - [ ] Update `projects/manual/config`:
+ - [ ] Change the `version` to `$PIPELINEID`
+ - [ ] Update `sha256sum` in the `input_files` section
+- [ ] Update `ChangeLog-TBB.txt`
+ - [ ] Ensure `ChangeLog-TBB.txt` is sync'd between alpha and stable branches
+ - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
+ - [ ] Run `tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs`
+ - Make sure you have `requests` installed (e.g., `apt install python3-requests`)
+ - The first time you run this script you will need to generate an access token; the script will guide you
+ - `$updateArgs` should be these arguments, depending on what you actually updated:
+ - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case)
+ - [ ] `--tor`
+ - [ ] `--no-script`
+ - [ ] `--openssl`
+ - [ ] `--zlib`
+ - [ ] `--go`
+ - E.g., `tools/fetch-changelogs.py 41028 --date 'December 19 2023' --firefox 115.6.0esr --tor 0.4.8.10 --no-script 11.4.29 --zlib 1.3 --go 1.21.5 --openssl 3.0.12`
+ - `--date $date` is optional, if omitted it will be the date on which you run the command
+ - [ ] Copy the output of the script to the beginning of `ChangeLog-TBB.txt` and adjust its output
+- [ ] Open MR with above changes, using the template for release preparations
+- [ ] Merge
+- [ ] Sign+Tag
+ - **NOTE** this must be done by one of:
+ - boklm
+ - dan
+ - ma1
+ - pierov
+ - richard
+ - [ ] Run: `make torbrowser-signtag-alpha`
+ - [ ] Push tag to `upstream`
+- [ ] Build the tag:
+ - Run `make torbrowser-alpha && make torbrowser-incrementals-alpha`
- [ ] Tor Project build machine
- [ ] Local developer machine
- [ ] Submit build request to Mullvad infrastructure:
- **NOTE** this requires a devmole authentication token
- Run `make torbrowser-kick-devmole-build`
- - [ ] Ensure builders have matching builds
+- [ ] Ensure builders have matching builds
</details>
<details>
<summary>Communications</summary>
- ### notify stakeholders
-
- - [ ] Email tor-qa mailing list: tor-qa(a)lists.torproject.org
- <details>
- <summary>email template</summary>
-
- Subject:
- Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux)
-
- Body:
- Hello All,
-
- Unsigned Tor Browser $(TOR_BROWSER_VERSION) alpha candidate builds are now available for testing:
-
- - https://tb-build-05.torproject.org/~$(BUILDER)/builds/alpha/unsigned/$(TOR_…
-
- The full changelog can be found here:
-
- - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/$(TB…
-
- </details>
-
- - ***(Optional)*** Additional information:
- - [ ] Note any new functionality which needs testing
- - [ ] Link to any known issues
- - [ ] ***(Optional, only around build/packaging changes)*** Email packagers:
- - Recipients:
- - Tails dev mailing list: tails-dev(a)boum.org
- - Guardian Project: nathan(a)guardianproject.info
- - torbrowser-launcher: micah(a)micahflee.com
- - FreeBSD port: freebsd(a)sysctl.cz <!-- Gitlab user maxfx -->
- - OpenBSD port: caspar(a)schutijser.com <!-- Gitlab user cschutijser -->
- - [ ] Note any changes which may affect packaging/downstream integration
- - [ ] Email external partners:
- - ***(Optional, after ESR migration)*** Cloudflare: ask-research(a)cloudflare.com
- - **NOTE** : We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs
- - ***(Optional, after ESR migration)*** Startpage: admin(a)startpage.com
- - **NOTE** : Startpage also needs the updated user-agent string for better experience on their onion service sites.
+### notify stakeholders
+- [ ] **(Once builds confirmed matching)** Email tor-qa mailing list with release information
+ - [ ] tor-qa: tor-qa(a)lists.torproject.org
+ - **Subject**
+ ```
+ Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux)
+ ```
+ - **Body**
+ ```
+ Hello,
+
+ Unsigned Tor Browser $(TOR_BROWSER_VERSION) alpha candidate builds are now available for testing:
+
+ - https://tb-build-02.torproject.org/~$(BUILDER)/builds/alpha/unsigned/$(TOR_…
+
+ The full changelog can be found here:
+
+ - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/$(TB…
+ ```
+- [ ] ***(Optional, only around build/packaging changes)*** Email packagers:
+ - [ ] Tails dev mailing list: tails-dev(a)boum.org
+ - [ ] Guardian Project: nathan(a)guardianproject.info
+ - [ ] FreeBSD port: freebsd(a)sysctl.cz <!-- Gitlab user maxfx -->
+ - [ ] OpenBSD port: caspar(a)schutijser.com <!-- Gitlab user cschutijser -->
+ - [ ] Note any changes which may affect packaging/downstream integration
+- [ ] ***(Optional, after ESR migration)*** Email external partners:
+ - [ ] Cloudflare: ask-research(a)cloudflare.com
+ - **NOTE** : We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs
+ - [ ] Startpage: admin(a)startpage.com
+ - **NOTE** : Startpage also needs the updated user-agent string for better experience on their onion service sites.
</details>
<details>
<summary>Signing</summary>
- ### signing
- - **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long
- - [ ] Assign this issue to the signer, one of:
- - boklm
- - richard
- - [ ] On `$(STAGING_SERVER)`, ensure updated:
- - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)`
- - [ ] `tor-browser-build/tools/signing/set-config.hosts`
- - `ssh_host_builder` : ssh hostname of machine with unsigned builds
- - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
- - `ssh_host_linux_signer` : ssh hostname of linux signing machine
- - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect`
- - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos
- - [ ] `set-config.update-responses`
- - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git`
- - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
- - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
- - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
- - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases
- - [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
- - [ ] run do-all-signing script:
- - `cd tor-browser-build/tools/signing/`
- - `./do-all-signing.torbrowser`
- - **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
- - [ ] Update `staticiforme.torproject.org`:
- - From `screen` session on `staticiforme.torproject.org`:
- - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
- - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-alpha.sh`
- - [ ] Remove old release data from following places:
- - **NOTE** : Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc)
- - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
- - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
- - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
- - [ ] Publish APKs to Google Play:
- - Log into https://play.google.com/apps/publish
- - Select `Tor Browser (Alpha)` app
- - Navigate to `Release > Production` and click `Create new release` button:
- - Upload the `tor-browser-android-*.apk` APKs
- - Update Release Name to Tor Browser version number
- - Update Release Notes
- - Next to 'Release notes', click `Copy from a previous release`
- - Edit blog post url to point to most recent blog post
- - Save, review, and configure rollout percentage
- - [ ] 25% rollout when publishing a scheduled update
- - [ ] 100% rollout when publishing a security-driven release
- - [ ] Update rollout percentage to 100% after confirmed no major issues
+### release signing
+- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long
+- [ ] Assign this issue to the signer, one of:
+ - boklm
+ - richard
+- [ ] On `$(STAGING_SERVER)`, ensure updated:
+ - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)`
+ - [ ] `tor-browser-build/tools/signing/set-config.hosts`
+ - `ssh_host_builder` : ssh hostname of machine with unsigned builds
+ - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
+ - `ssh_host_linux_signer` : ssh hostname of linux signing machine
+ - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect`
+ - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos
+ - [ ] `set-config.update-responses`
+ - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git`
+ - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
+ - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
+ - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
+ - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases
+- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
+- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script:
+ - `cd tor-browser-build/tools/signing/`
+ - `./do-all-signing.torbrowser`
+- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
+- [ ] Update `staticiforme.torproject.org`:
+ - From `screen` session on `staticiforme.torproject.org`:
+ - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
+ - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-alpha.sh`
+ - [ ] Remove old release data from following places:
+ - **NOTE** : Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc)
+ - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
+ - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
+ - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
</details>
@@ -262,55 +241,58 @@ popd
<details>
<summary>Publishing</summary>
- ### website: https://gitlab.torproject.org/tpo/web/tpo.git
- - [ ] `databags/versions.ini` : Update the downloads versions
- - `torbrowser-stable/version` : sort of a catch-all for latest stable version
- - `torbrowser-alpha/version` : sort of a catch-all for latest stable version
- - `torbrowser-*-stable/version` : platform-specific stable versions
- - `torbrowser-*-alpha/version` : platform-specific alpha versions
- - `tor-stable`,`tor-alpha` : set by tor devs, do not touch
- - [ ] Push to origin as new branch, open 'Draft :' MR
- - [ ] Remove `Draft:` from MR once signed-packages are uploaded
- - [ ] Merge
- - [ ] Publish after CI passes and builds are published
-
- ### blog: https://gitlab.torproject.org/tpo/web/blog.git
- - [ ] Duplicate previous Stable or Alpha release blog post as appropriate to new directory under `content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with info on release :
- - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory)
- - [ ] Update Tor Browser version numbers
- - [ ] Note any ESR rebase
- - [ ] Link to any Firefox security updates from ESR upgrade
- - [ ] Link to any Android-specific security backports
- - [ ] Note any updates to :
- - tor
- - OpenSSL
- - NoScript
- - [ ] Convert ChangeLog-TBB.txt to markdown format used here by :
- - `tor-browser-build/tools/changelog-format-blog-post`
- - [ ] Push to origin as new branch, open `Draft:` MR
- - [ ] Remove `Draft:` from MR once signed-packages are uploaded
- - [ ] Merge
- - [ ] Publish after CI passes and website has been updated
-
- ### tor-announce mailing list
- - [ ] Email tor-announce mailing list: tor-announce(a)lists.torproject.org
- <details>
- <summary>email template</summary>
-
- Subject:
- New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux)
-
- Body:
- Hi everyone,
-
- Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post:
-
- - $(BLOG_POST_URL)
-
- </details>
-
- - **(Optional)** Additional information:
- - [ ] Link to any known issues
+### Google Play: https://play.google.com/apps/publish
+- [ ] Publish APKs to Google Play:
+ - Select `Tor Browser (Alpha)` app
+ - Navigate to `Release > Production` and click `Create new release` button:
+ - Upload the `tor-browser-android-*.apk` APKs
+ - Update Release Name to Tor Browser version number
+ - Update Release Notes
+ - Next to 'Release notes', click `Copy from a previous release`
+ - Edit blog post url to point to most recent blog post
+ - Save, review, and configure rollout percentage
+ - [ ] 25% rollout when publishing a scheduled update
+ - [ ] 100% rollout when publishing a security-driven release
+ - [ ] Update rollout percentage to 100% after confirmed no major issues
+
+### website: https://gitlab.torproject.org/tpo/web/tpo.git
+- [ ] `databags/versions.ini` : Update the downloads versions
+ - `torbrowser-stable/version` : sort of a catch-all for latest stable version
+ - `torbrowser-alpha/version` : sort of a catch-all for latest stable version
+ - `torbrowser-*-stable/version` : platform-specific stable versions
+ - `torbrowser-*-alpha/version` : platform-specific alpha versions
+ - `tor-stable`,`tor-alpha` : set by tor devs, do not touch
+- [ ] Push to origin as new branch, open 'Draft :' MR
+- [ ] Remove `Draft:` from MR once signed-packages are accessible on https://dist.torproject.org
+- [ ] Merge
+- [ ] Publish after CI passes and builds are published
+
+### blog: https://gitlab.torproject.org/tpo/web/blog.git
+- [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory)
+ - [ ] Note any ESR update
+ - [ ] Note any updates to dependencies (OpenSSL, zlib, NoScript, tor, etc)
+ - [ ] Thank any users which have contributed patches
+ - [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc
+- [ ] Push to origin as new branch, open `Draft:` MR
+- [ ] Merge once signed-packages are accessible on https://dist.torproject.org
+- [ ] Publish after CI passes and website has been updated
+
+### tor-announce mailing list
+- [ ] Email tor-announce mailing list: tor-announce(a)lists.torproject.org
+ - **Subject**
+ ```
+ New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux)
+ ```
+ - **Body**
+ ```
+ Hi everyone,
+
+ Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post:
+ - $(BLOG_POST_URL)
+
+ Changelog:
+ # paste changleog as quote here
+ ```
</details>
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Stable.md
=====================================
@@ -27,29 +27,24 @@
</details>
**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed
+**NOTE** This can/is often done in conjunction with the equivalent Mullvad Browser release prep issue
<details>
<summary>Building</summary>
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
-Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches
+Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches.
- [ ] Update `rbm.conf`
- [ ] `var/torbrowser_version` : update to next version
- [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)`
- [ ] ***(Desktop Only)***`var/torbrowser_incremental_from` : update to previous Desktop version
+ - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update
- **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail
- [ ] Update Desktop-specific build configs
- [ ] Update `projects/firefox/config`
- [ ] `browser_build` : update to match `tor-browser` tag
- [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
- - [ ] Update `projects/translation/config`:
- - [ ] run `make list_translation_updates-release` to get updated hashes
- - [ ] Update `projects/translation/config`:
- - [ ] run `make list_translation_updates-alpha` to get updated hashes
- - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch
- - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch
- - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
- [ ] Update Android-specific build configs
- [ ] Update `projects/geckoview/config`
- [ ] `browser_build` : update to match `tor-browser` tag
@@ -60,27 +55,32 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
**NOTE** we don't currently have any of our own patches for this project
- [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)`
- [ ] ***(Optional)*** Update `projects/firefox-android/config`:
- - [ ] `fenix_version` : update to match alpha `firefox-android` build tag
- - [ ] `browser_branch` : update to match alpha `firefox-android` build tag
+ - [ ] `fenix_version` : update to match alpha `firefox-android` build tag
+ - [ ] `browser_branch` : update to match alpha `firefox-android` build tag
- [ ] Update allowed_addons.json by running (from `tor-browser-build` root):
- `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
+- [ ] Update `projects/translation/config`:
+ - [ ] run `make list_translation_updates-release` to get updated hashes
+ - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch
+ - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch
+ - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
- [ ] Update common build configs
- [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
- [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
- [ ] `URL`
- [ ] `sha256sum`
- [ ] Check for OpenSSL updates here : https://www.openssl.org/source/
- - [ ] ***(Optional)*** If new 1.X.Y version available, update `projects/openssl/config`
- - [ ] `version` : update to next 1.X.Y version
+ - [ ] ***(Optional)*** If new 3.0.X version available, update `projects/openssl/config`
+ - [ ] `version` : update to next 3.0.X version
- [ ] `input_files/sha256sum` : update to sha256 sum of source tarball
- [ ] Check for zlib updates here: https://github.com/madler/zlib/releases
- [ ] **(Optional)** If new tag available, update `projects/zlib/config`
- [ ] `version` : update to next release tag
- [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags
- - [ ] ***(Optional)*** Update `projects/tor/config`
+ - [ ] ***(Optional)*** Update `projects/tor/config`
- [ ] `version` : update to latest non `-alpha` tag (ping dgoulet or ahf if unsure)
- [ ] Check for go updates here : https://go.dev/dl
- - **NOTE** : Tor Browser Stable uses the latest of the *previous* Stable major series go version (apart from the transition phase from Tor Browser Alpha to Stable, in which case Tor Browser Stable may use the latest major series go version)
+ - **NOTE** : In general, Tor Browser Stable uses the latest of the *previous* Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities.
- [ ] ***(Optional)*** Update `projects/go/config`
- [ ] `version` : update go version
- [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page)
@@ -88,7 +88,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- [ ] ***(Optional)*** If new version is available:
- [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to `tb-build-02.torproject.org`
- [ ] Deploy to `tb-builder`'s `public_html` directory:
- - `sudo -u tb-builder cp manual_$PIPELINEID.zip ~/../tb-builder/public_html/.`
+ - `sudo -u tb-builder cp manual_$PIPELINEID.zip ~tb-builder/public_html/.`
- [ ] Update `projects/manual/config`:
- [ ] Change the `version` to `$PIPELINEID`
- [ ] Update `sha256sum` in the `input_files` section
@@ -108,25 +108,25 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- E.g., `tools/fetch-changelogs.py 41028 --date 'December 19 2023' --firefox 115.6.0esr --tor 0.4.8.10 --no-script 11.4.29 --zlib 1.3 --go 1.21.5 --openssl 3.0.12`
- `--date $date` is optional, if omitted it will be the date on which you run the command
- [ ] Copy the output of the script to the beginning of `ChangeLog-TBB.txt` and adjust its output
- - [ ] Open MR with above changes, using the template for release preparations
- - [ ] Merge
- - [ ] Sign+Tag
- - **NOTE** this must be done by one of:
- - boklm
- - dan
- - ma1
- - pierov
- - richard
- - [ ] Run: `make torbrowser-signtag-release`
- - [ ] Push tag to `upstream`
- - [ ] Build on at least one of:
- - Run `make torbrowser-release && make torbrowser-incrementals-release`
+- [ ] Open MR with above changes, using the template for release preparations
+- [ ] Merge
+- [ ] Sign+Tag
+ - **NOTE** this must be done by one of:
+ - boklm
+ - dan
+ - ma1
+ - pierov
+ - richard
+ - [ ] Run: `make torbrowser-signtag-release`
+ - [ ] Push tag to `upstream`
+- [ ] Build the tag:
+ - Run `make torbrowser-release && make torbrowser-incrementals-release`
- [ ] Tor Project build machine
- [ ] Local developer machine
- [ ] Submit build request to Mullvad infrastructure:
- **NOTE** this requires a devmole authentication token
- Run `make torbrowser-kick-devmole-build`
- - [ ] Ensure builders have matching builds
+- [ ] Ensure builders have matching builds
</details>
@@ -134,49 +134,44 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
<summary>Communications</summary>
### notify stakeholders
+- [ ] **(Once builds confirmed matching)** Email tor-qa mailing list with release information
+ - [ ] tor-qa: tor-qa(a)lists.torproject.org
+ - **Subject**
+ ```
+ Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux)
+ ```
+ - **Body**
+ ```
+ Hello,
- <details>
- <summary>email template</summary>
-
- Subject:
- Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux)
-
- Body:
- Hello All,
-
- Unsigned Tor Browser $(TOR_BROWSER_VERSION) release candidate builds are now available for testing:
-
- - https://tb-build-05.torproject.org/~$(BUILDER)/builds/release/unsigned/$(TO…
-
- The full changelog can be found here:
+ Unsigned Tor Browser $(TOR_BROWSER_VERSION) release candidate builds are now available for testing:
- - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/$(T…
+ - https://tb-build-02.torproject.org/~$(BUILDER)/builds/release/unsigned/$(TO…
- </details>
+ The full changelog can be found here:
-- [ ] Email tor-qa mailing list: tor-qa(a)lists.torproject.org
- - ***(Optional)*** Additional information:
- - [ ] Note any new functionality which needs testing
- - [ ] Link to any known issues
+ - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/$(TB…
+ ```
- [ ] Email packagers:
- - Recipients:
- - Tails dev mailing list: tails-dev(a)boum.org
- - Guardian Project: nathan(a)guardianproject.info
- - torbrowser-launcher: micah(a)micahflee.com
- - FreeBSD port: freebsd(a)sysctl.cz <!-- Gitlab user maxfx -->
- - OpenBSD port: caspar(a)schutijser.com <!-- Gitlab user cschutijser -->
- - [ ] ***(Optional)*** Note any changes which may affect packaging/downstream integration
+ - [ ] Tails dev mailing list: tails-dev(a)boum.org
+ - [ ] Guardian Project: nathan(a)guardianproject.info
+ - [ ] FreeBSD port: freebsd(a)sysctl.cz <!-- Gitlab user maxfx -->
+ - [ ] OpenBSD port: caspar(a)schutijser.com <!-- Gitlab user cschutijser -->
+ - [ ] Note any changes which may affect packaging/downstream integration
</details>
<details>
<summary>Signing</summary>
-### signing
+### release signing
- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long
+- [ ] Assign this issue to the signer, one of:
+ - boklm
+ - richard
- [ ] On `$(STAGING_SERVER)`, ensure updated:
- [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)`
- - [ ] `tor-browser-build/tools/signing/set-config.hosts`
+ - [ ] `tor-browser-build/tools/signing/set-config.hosts`
- `ssh_host_builder` : ssh hostname of machine with unsigned builds
- **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
- `ssh_host_linux_signer` : ssh hostname of linux signing machine
@@ -189,9 +184,9 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
- `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases
- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
-- [ ] run do-all-signing script:
- - `cd tor-browser-build/tools/signing/`
- - `./do-all-signing.torbrowser`
+- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script:
+ - `cd tor-browser-build/tools/signing/`
+ - `./do-all-signing.torbrowser`
- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
- [ ] Update `staticiforme.torproject.org`:
- From `screen` session on `staticiforme.torproject.org`:
@@ -201,20 +196,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- **NOTE** : Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc)
- [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
- [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
-- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
-- [ ] Publish APKs to Google Play:
- - Log into https://play.google.com/apps/publish
- - Select `Tor Browser` app
- - Navigate to `Release > Production` and click `Create new release` button:
- - Upload the `tor-browser-android-*.apk` APKs
- - Update Release Name to Tor Browser version number
- - Update Release Notes
- - Next to 'Release notes', click `Copy from a previous release`
- - Edit blog post url to point to most recent blog post
- - Save, review, and configure rollout percentage
- - [ ] 25% rollout when publishing a scheduled update
- - [ ] 100% rollout when publishing a security-driven release
- - [ ] Update rollout percentage to 100% after confirmed no major issues
+ - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
</details>
@@ -223,33 +205,51 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
<details>
<summary>Check whether the .exe files got properly signed and timestamped</summary>
- ```
- # Point OSSLSIGNCODE to your osslsigncode binary
- pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
- OSSLSIGNCODE=/path/to/osslsigncode
- ../../../tools/authenticode_check.sh
- popd
- ```
+
+```bash
+# Point OSSLSIGNCODE to your osslsigncode binary
+pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
+OSSLSIGNCODE=/path/to/osslsigncode
+../../../tools/authenticode_check.sh
+popd
+```
+
</details>
<details>
<summary>Check whether the MAR files got properly signed</summary>
- ```
- # Point NSSDB to your nssdb containing the mar signing certificate
- # Point SIGNMAR to your signmar binary
- # Point LD_LIBRARY_PATH to your mar-tools directory
- pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
- NSSDB=/path/to/nssdb
- SIGNMAR=/path/to/mar-tools/signmar
- LD_LIBRARY_PATH=/path/to/mar-tools/
- ../../../tools/marsigning_check.sh
- popd
- ```
+
+```bash
+# Point NSSDB to your nssdb containing the mar signing certificate
+# Point SIGNMAR to your signmar binary
+# Point LD_LIBRARY_PATH to your mar-tools directory
+pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
+NSSDB=/path/to/nssdb
+SIGNMAR=/path/to/mar-tools/signmar
+LD_LIBRARY_PATH=/path/to/mar-tools/
+../../../tools/marsigning_check.sh
+popd
+```
+
</details>
</details>
<details>
<summary>Publishing</summary>
+### Google Play: https://play.google.com/apps/publish
+- [ ] Publish APKs to Google Play:
+ - Select `Tor Browser` app
+ - Navigate to `Release > Production` and click `Create new release` button:
+ - Upload the `tor-browser-android-*.apk` APKs
+ - Update Release Name to Tor Browser version number
+ - Update Release Notes
+ - Next to 'Release notes', click `Copy from a previous release`
+ - Edit blog post url to point to most recent blog post
+ - Save, review, and configure rollout percentage
+ - [ ] 25% rollout when publishing a scheduled update
+ - [ ] 100% rollout when publishing a security-driven release
+ - [ ] Update rollout percentage to 100% after confirmed no major issues
+
### website: https://gitlab.torproject.org/tpo/web/tpo.git
- [ ] `databags/versions.ini` : Update the downloads versions
- `torbrowser-stable/version` : sort of a catch-all for latest stable version
@@ -258,49 +258,37 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- `torbrowser-*-alpha/version` : platform-specific alpha versions
- `tor-stable`,`tor-alpha` : set by tor devs, do not touch
- [ ] Push to origin as new branch, open 'Draft :' MR
-- [ ] Remove `Draft:` from MR once signed-packages are uploaded
+- [ ] Remove `Draft:` from MR once signed-packages are accessible on https://dist.torproject.org
- [ ] Merge
- [ ] Publish after CI passes and builds are published
### blog: https://gitlab.torproject.org/tpo/web/blog.git
-
-- [ ] Duplicate previous Stable or Alpha release blog post as appropriate to new directory under `content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with info on release :
- - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory)
- - [ ] Update Tor Browser version numbers
- - [ ] Note any ESR rebase
- - [ ] Link to any Firefox security updates from ESR upgrade
- - [ ] Link to any Android-specific security backports
- - [ ] Note any updates to :
- - tor
- - OpenSSL
- - NoScript
- - [ ] Convert ChangeLog.txt to markdown format used here by :
- - `tor-browser-build/tools/changelog-format-blog-post`
+- [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory)
+ - [ ] Note any ESR update
+ - [ ] Note any updates to dependencies (OpenSSL, zlib, NoScript, tor, etc)
+ - [ ] Thank any users which have contributed patches
- [ ] Push to origin as new branch, open `Draft:` MR
-- [ ] Remove `Draft:` from MR once signed-packages are uploaded
-- [ ] Merge
+- [ ] Merge once signed-packages are accessible on https://dist.torproject.org
- [ ] Publish after CI passes and website has been updated
### tor-announce mailing list
- <details>
- <summary>email template</summary>
-
- Subject:
- New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux)
-
- Body:
- Hi everyone,
-
- Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post:
-
- - $(BLOG_POST_URL)
+- [ ] Email tor-announce mailing list: tor-announce(a)lists.torproject.org
+ - **Subject**
+ ```
+ New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux)
+ ```
+ - **Body**
+ ```
+ Hi everyone,
- </details>
+ Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post:
+ - $(BLOG_POST_URL)
-- [ ] Email tor-announce mailing list: tor-announce(a)lists.torproject.org
- - **(Optional)** Additional information:
- - [ ] Link to any known issues
+ Changelog:
+ # paste changleog as quote here
+ ```
</details>
/label ~"Release Prep"
+
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f…
You're receiving this email because of your account on gitlab.torproject.org.
Pier Angelo Vendrame pushed to branch firefox-android-115.2.1-13.5-1 at The Tor Project / Applications / firefox-android
Commits:
5cdf04d8 by Dan Ballard at 2024-02-14T15:01:27-08:00
fixup! Disable features and functionality
bug 42407: lock task affinity of HomeActivity to block potential on app phishing
- - - - -
1 changed file:
- fenix/app/src/main/AndroidManifest.xml
Changes:
=====================================
fenix/app/src/main/AndroidManifest.xml
=====================================
@@ -96,6 +96,7 @@
android:exported="true"
android:configChanges="keyboard|keyboardHidden|mcc|mnc|orientation|screenSize|layoutDirection|smallestScreenSize|screenLayout"
android:launchMode="singleTask"
+ android:taskAffinity=""
android:resizeableActivity="true"
android:supportsPictureInPicture="true"
android:windowSoftInputMode="adjustResize">
View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/commit/5cd…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/commit/5cd…
You're receiving this email because of your account on gitlab.torproject.org.
Pier Angelo Vendrame pushed to branch mullvad-browser-115.8.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser
Commits:
daa6f9fe by Pier Angelo Vendrame at 2024-02-20T20:35:23+01:00
fixup! MB 1: Mullvad Browser branding
Bug 42398: Include Alpha and Nightly in MOZ_APP_DISPLAYNAME.
- - - - -
2 changed files:
- browser/branding/mb-alpha/configure.sh
- browser/branding/mb-nightly/configure.sh
Changes:
=====================================
browser/branding/mb-alpha/configure.sh
=====================================
@@ -2,4 +2,4 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-MOZ_APP_DISPLAYNAME="Mullvad Browser"
+MOZ_APP_DISPLAYNAME="Mullvad Browser Alpha"
=====================================
browser/branding/mb-nightly/configure.sh
=====================================
@@ -2,4 +2,4 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-MOZ_APP_DISPLAYNAME="Mullvad Browser"
+MOZ_APP_DISPLAYNAME="Mullvad Browser Nightly"
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/daa…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/daa…
You're receiving this email because of your account on gitlab.torproject.org.
richard pushed to branch mullvad-browser-115.8.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser
Commits:
bbc14876 by Pier Angelo Vendrame at 2024-02-13T15:46:46+01:00
MB 38: Mullvad Browser configuration
- - - - -
6b55ddd7 by Pier Angelo Vendrame at 2024-02-13T15:46:48+01:00
MB 1: Mullvad Browser branding
See also:
mullvad-browser#5: Product name and directory customization
mullvad-browser#12: Create new branding directories and integrate Mullvad icons+branding
mullvad-browser#14: Remove Default Built-in bookmarks
mullvad-browser#35: Add custom PDF icons for Windows builds
mullvad-browser#48: Replace Mozilla copyright and legal trademarks in mullvadbrowser.exe metadata
mullvad-browser#51: Update trademark string
mullvad-browser#104: Update shipped dll metadata copyright/licensing info
mullvad-browser#107: Add alpha and nightly icons
- - - - -
a6dfd571 by Pier Angelo Vendrame at 2024-02-13T15:46:49+01:00
MB 20: Allow packaged-addons in PBM.
We install a few addons from the distribution directory, but they are
not automatically enabled for PBM mode.
This commit modifies the code that installs them to also add the PBM
permission to the known ones.
- - - - -
d2096615 by Pier Angelo Vendrame at 2024-02-13T15:46:49+01:00
MB 63: Customize some about pages for Mullvad Browser
Also:
mullvad-browser#57: Purge unneeded about: pages
- - - - -
9c5554d3 by Pier Angelo Vendrame at 2024-02-13T15:46:49+01:00
MB 37: Customization for the about dialog
- - - - -
9e29111f by Henry Wilkes at 2024-02-13T15:46:50+01:00
MB 39: Add home page about:mullvad-browser
- - - - -
183082a9 by hackademix at 2024-02-13T15:46:50+01:00
MB 97: Remove UI cues to install new extensions.
- - - - -
40d1c644 by hackademix at 2024-02-13T15:46:50+01:00
MB 47: uBlock Origin customization
- - - - -
3fdae332 by Pier Angelo Vendrame at 2024-02-13T15:46:51+01:00
MB 21: Disable the password manager
This commit disables the about:login page and removes the "Login and
Password" section of about:preferences.
We do not do anything to the real password manager of Firefox, that is
in toolkit: it contains C++ parts that make it difficult to actually
prevent it from being built..
Finally, we modify the the function that opens about:login to report an
error in the console so that we can quickly get a backtrace to the code
that tries to use it.
- - - - -
13e371aa by Pier Angelo Vendrame at 2024-02-13T15:46:51+01:00
MB 87: Disable the default browser box on Windows and Linux
Windows and Linux will be distributed only as portable apps at the
beginning, so they should not be settable as default browsers.
We will need to improve the logic once we decide to ship system-wide
installers, too.
- - - - -
7418154f by Pier Angelo Vendrame at 2024-02-13T15:46:51+01:00
MB 112: Updater customization for Mullvad Browser
MB 71: Set the updater base URL to Mullvad domain
- - - - -
fb662c89 by Pier Angelo Vendrame at 2024-02-13T15:46:52+01:00
fixup! MB 112: Updater customization for Mullvad Browser
MB 200: Enable system installs for Mullvad Browser
Customize the post update executable name, to avoid any confusion with
Mozilla's helper.exe, since we intend using a much simpler post update
binary.
- - - - -
8346f9be by Nicolas Vigier at 2024-02-13T15:46:52+01:00
MB 79: Add Mullvad Browser MAR signing keys
MB 256: Add mullvad-browser nightly mar signing key
- - - - -
146b9349 by Pier Angelo Vendrame at 2024-02-13T15:46:52+01:00
MB 34: Hide unsafe and unwanted preferences UI
about:preferences allow to override some of our defaults, that could
be fingeprintable or have some other unwanted consequences.
- - - - -
afb9a182 by Pier Angelo Vendrame at 2024-02-13T15:46:52+01:00
MB 160: Disable the cookie exceptions button
Besides disabling the "Delete on close checkbox", disable also the
"Manage Exceptions" button when always using PBM.
- - - - -
134937fa by hackademix at 2024-02-13T15:46:53+01:00
MB 163: prevent uBlock Origin from being uninstalled/disabled
- - - - -
11cb17c9 by Richard Pospesel at 2024-02-13T15:46:53+01:00
MB 188: Customize Gitlab Issue and Merge templates
- - - - -
e7cc72c0 by rui hildt at 2024-02-13T15:46:53+01:00
MB 213: Customize the search engines list
- - - - -
939faf11 by hackademix at 2024-02-13T15:46:54+01:00
MB 214: Enable cross-tab identity leak protection in "quiet" mode
- - - - -
30 changed files:
- + .gitlab/issue_templates/Rebase Browser - Alpha.md
- + .gitlab/issue_templates/Rebase Browser - Stable.md
- .gitlab/merge_request_templates/default.md
- browser/app/Makefile.in
- browser/app/macbuild/Contents/Info.plist.in
- browser/app/module.ver
- browser/app/firefox.exe.manifest → browser/app/mullvadbrowser.exe.manifest
- + browser/app/profile/000-mullvad-browser.js
- browser/app/profile/001-base-profile.js
- browser/base/content/aboutDialog.xhtml
- browser/base/content/appmenu-viewcache.inc.xhtml
- browser/base/content/browser-menubar.inc
- browser/base/content/browser-places.js
- browser/base/content/browser.js
- browser/base/content/default-bookmarks.html
- browser/base/content/nsContextMenu.js
- browser/base/content/overrides/app-license.html
- browser/base/content/pageinfo/pageInfo.xhtml
- browser/base/content/utilityOverlay.js
- browser/branding/branding-common.mozbuild
- + browser/branding/mb-alpha/VisualElements_150.png
- + browser/branding/mb-alpha/VisualElements_70.png
- + browser/branding/mb-alpha/configure.sh
- + browser/branding/mb-alpha/content/about-logo.png
- + browser/branding/mb-alpha/content/about-logo.svg
- + browser/branding/mb-alpha/content/about-logo(a)2x.png
- + browser/branding/mb-alpha/content/about-wordmark.svg
- + browser/branding/mb-alpha/content/about.png
- + browser/branding/mb-alpha/content/aboutDialog.css
- + browser/branding/mb-alpha/content/firefox-wordmark.svg
The diff was not included because it is too large.
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/2f…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/2f…
You're receiving this email because of your account on gitlab.torproject.org.