- tor-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build][main] Bug 41671: Update apk signing script to check for v3 instead of v1 signatures
by boklm (＠boklm) 16 Dec '25

16 Dec '25

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 5f4ef79a by Nicolas Vigier at 2025-12-16T16:04:39+01:00 Bug 41671: Update apk signing script to check for v3 instead of v1 signatures - - - - - 1 changed file: - tools/signing/linux-signer-sign-android-apks Changes: ===================================== tools/signing/linux-signer-sign-android-apks ===================================== @@ -36,8 +36,8 @@ sign_apk() { verify_apk() { verified=$(apksigner verify --print-certs --verbose "$1") - scheme_v1="Verified using v1 scheme (JAR signing): true" scheme_v2="Verified using v2 scheme (APK Signature Scheme v2): true" + scheme_v3="Verified using v3 scheme (APK Signature Scheme v3): true" if test "$tbb_version_type" = "alpha"; then cert_digest="Signer #1 certificate SHA-256 digest: 15f760b41acbe4783e667102c9f67119be2af62fab07763f9d57f01e5e1074e1" @@ -47,12 +47,10 @@ verify_apk() { pubkey_digest="Signer #1 public key SHA-256 digest: 343ca8a2e5452670bdc335a181a4baed909f868937d68c4653e44ef84de8dfc6" fi if test "$SIGNING_PROJECTNAME" = "torvpn"; then - # No v1 scheme signature on torvpn apk - scheme_v1='' cert_digest="Signer #1 certificate SHA-256 digest: c2f6ffa30e56a7c53a226248ef908612ee539df2f52bede5a55037425b83331d" pubkey_digest="Signer #1 public key SHA-256 digest: fddc5f93ae0bc971e951481b0b5e6b62e47040fe979ff535cf75daade2f13f3d" fi - for digest in "${scheme_v1}" "${scheme_v2}" "${cert_digest}" "${pubkey_digest}"; do + for digest in "${scheme_v2}" "${scheme_v3}" "${cert_digest}" "${pubkey_digest}"; do test -z "$digest" && continue if ! echo "${verified}" | grep -q "${digest}"; then echo "Expected digest not found:" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-16.0a1-build3
by Pier Angelo Vendrame (＠pierov) 16 Dec '25

16 Dec '25

Pier Angelo Vendrame pushed new tag tbb-16.0a1-build3 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 41669: Restore UglifyJS but for Android x86_64.
by Pier Angelo Vendrame (＠pierov) 16 Dec '25

16 Dec '25

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 43f7cf99 by Pier Angelo Vendrame at 2025-12-16T09:10:56+01:00 Bug 41669: Restore UglifyJS but for Android x86_64. In 15.0 we use UglifyJS for Android x86. We dropped it in the 16.0 series, as we do not support Android x86, but with this commit we temporarily restore it for x86_64 to fit in the Play Store requirements. With Firefox 148 we might be able to use the same minifier Mozilla uses, since they recently switched to a different one. - - - - - c1a2d204 by Pier Angelo Vendrame at 2025-12-16T10:44:28+01:00 Bug 41513: Prepare Tor Browser 16.0a1 (build3). Build Android again to make sure we do not exceed the Play Store's threshold for APK size with the x86_64 APK. - - - - - 6 changed files: - projects/browser/build.android - projects/browser/config - + projects/uglifyjs/README.md - + projects/uglifyjs/build - + projects/uglifyjs/config - rbm.conf Changes: ===================================== projects/browser/build.android ===================================== @@ -2,6 +2,12 @@ [% c("var/set_default_env") -%] [% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %] +[% IF c("var/android-x86_64") -%] + tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/node') %] + export PATH=/var/tmp/dist/node/bin:$PATH + tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/uglifyjs') %] +[% END -%] + # Bundle our extension(s). # # NoScript will be copied over to the profile folder @@ -58,6 +64,11 @@ function generate_apk { [% IF c("var/tor-browser") -%] cp -a ../moat_countries.json ../tor/pluggable_transports/pt_config.json chrome/toolkit/content/global/ [% END -%] + [% IF c("var/android-x86_64") -%] + find actors chrome modules moz-src \ + -name '*.js' -or -name '*.mjs' \ + -exec /var/tmp/dist/uglifyjs/bin/uglifyjs --in-situ {} \; + [% END -%] [% c('zip', { zip_src => [ '.' ], zip_args => '-0 ../assets/omni.ja', ===================================== projects/browser/config ===================================== @@ -158,3 +158,9 @@ input_files: # tor-browser-build#40920 - filename: sort-baseline.py enable: '[% c("var/android") %]' + - project: node + name: node + enable: '[% c("var/android-x86_64") %]' + - project: uglifyjs + name: uglifyjs + enable: '[% c("var/android-x86_64") %]' ===================================== projects/uglifyjs/README.md ===================================== @@ -0,0 +1 @@ +This project fetches UglifyJS without any other changes. ===================================== projects/uglifyjs/build ===================================== @@ -0,0 +1,4 @@ +#!/bin/bash +tar -xf [% project %]-[% c('version') %].tar.[% c('compress_tar') %] +mv [% project %]-[% c('version') %] [% project %] +tar -caf [% dest_dir %]/[% c("filename") %] [% project %] ===================================== projects/uglifyjs/config ===================================== @@ -0,0 +1,4 @@ +version: 3.19.3 +filename: 'uglifyjs-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' +git_hash: 3ea33afc72462a470466473208a33379b7204765 +git_url: https://github.com/mishoo/UglifyJS.git ===================================== rbm.conf ===================================== @@ -82,7 +82,7 @@ buildconf: var: torbrowser_version: '16.0a1' - torbrowser_build: 'build2' + torbrowser_build: 'build3' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. browser_release_date: '2025/12/11 14:20:12' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41665: Update macos signing wrapper for new executable gpu-helper.app
by ma1 (＠ma1) 16 Dec '25

16 Dec '25

ma1 pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: d7e795d4 by Nicolas Vigier at 2025-12-15T16:54:16+01:00 Bug 41665: Update macos signing wrapper for new executable gpu-helper.app - - - - - 4 changed files: - tools/signing/linux-signer-rcodesign-sign - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/sudoers.d/sign-rcodesign-146 - + tools/signing/wrappers/sign-rcodesign-146 Changes: ===================================== tools/signing/linux-signer-rcodesign-sign ===================================== @@ -21,6 +21,6 @@ rm -f "$destdir/$output_file" volume=~/"$SIGNING_PROJECTNAME-$tbb_version"/"$(project-name)-macos-${tbb_version}.hfs" echo "Using $volume" -sudo -u signing-macos -- /signing/tor-browser-build/tools/signing/wrappers/sign-rcodesign-128 "$volume" "$display_name" +sudo -u signing-macos -- /signing/tor-browser-build/tools/signing/wrappers/sign-rcodesign-146 "$volume" "$display_name" cp "/home/signing-macos/last-signed-$display_name.tar.zst" "$destdir/$output_file" rm -f "$volume" ===================================== tools/signing/machines-setup/setup-signing-machine ===================================== @@ -93,6 +93,7 @@ sudoers_file sign-apk sudoers_file sign-aab sudoers_file sign-rcodesign sudoers_file sign-rcodesign-128 +sudoers_file sign-rcodesign-146 sudoers_file set-date authorized_keys boklm boklm-tb-release.pub boklm-yk1.pub ===================================== tools/signing/machines-setup/sudoers.d/sign-rcodesign-146 ===================================== @@ -0,0 +1,2 @@ +Defaults>signing-macos env_keep += "SIGNING_PROJECTNAME tbb_version_type RCODESIGN_PW" +%signing ALL = (signing-macos) NOPASSWD: /signing/tor-browser-build/tools/signing/wrappers/sign-rcodesign-146 ===================================== tools/signing/wrappers/sign-rcodesign-146 ===================================== @@ -0,0 +1,98 @@ +#!/bin/bash +set -e + +function exit_error { + for msg in "$@" + do + echo "$msg" >&2 + done + exit 1 +} + +test $# -eq 2 || exit_error "Wrong number of arguments" +dmg_file="$1" +display_name="$2" + +output_file="/home/signing-macos/last-signed-$display_name.tar.zst" +rm -f "$output_file" + +rcodesign=/signing/rcodesign-128/rcodesign +rcodesign_signing_p12_file=/home/signing-macos/keys/key-1.p12 +test -f "$rcodesign_signing_p12_file" || exit_error "$rcodesign_signing_p12_file is missing" + +tmpdir=$(mktemp -d) +trap "rm -Rf $tmpdir" EXIT +cd "$tmpdir" +7z x "$dmg_file" + +# Fix permission on files: +# https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/2… +# FIXME: Maybe we should extract the .mar file instead of the .dmg to +# preserve permissions +chmod ugo+x "$display_name/$display_name.app/Contents/MacOS"/* \ + "$display_name/$display_name.app/Contents/MacOS/updater.app/Contents/MacOS"/* \ + "$display_name/$display_name.app/Contents/MacOS/plugin-container.app/Contents/MacOS"/* \ + "$display_name/$display_name.app/Contents/MacOS/media-plugin-helper.app/Contents/MacOS"/* \ + "$display_name/$display_name.app/Contents/MacOS/gpu-helper.app/Contents/MacOS"/* \ + "$display_name/$display_name.app/Contents/Frameworks/ChannelPrefs.framework/ChannelPrefs" \ + "$display_name/$display_name.app/Contents/MacOS/updater.app/Contents/Frameworks/UpdateSettings.framework/UpdateSettings" +test -d "$display_name/$display_name.app/Contents/MacOS/Tor" && \ + chmod -R ugo+x "$display_name/$display_name.app/Contents/MacOS/Tor" + +pwdir=/run/lock/rcodesign-pw +trap "rm -Rf $pwdir" EXIT +rm -Rf "$pwdir" +mkdir "$pwdir" +chmod 700 "$pwdir" +cat > "$pwdir/rcodesign-pw-2" << EOF +$RCODESIGN_PW +EOF +tr -d '\n' < "$pwdir/rcodesign-pw-2" > "$pwdir/rcodesign-pw" +rm "$pwdir/rcodesign-pw-2" + +# unset RCODESIGN_PW since it conflicts with rcodesign config +unset RCODESIGN_PW +rcodesign_opts=" + --code-signature-flags runtime + --timestamp-url http://timestamp.apple.com:8080/ts01 + --p12-file $rcodesign_signing_p12_file + --p12-password-file $pwdir/rcodesign-pw + " + +flags=() +for dir in Contents/MacOS Contents/MacOS/Tor Contents/MacOS/Tor/PluggableTransports +do + d="$display_name/$display_name.app/$dir" + test -d "$d" || continue + pushd "$d" + for file in * + do + test -f "$file" || continue + flags+=('--code-signature-flags' "$dir/$file:runtime") + done + popd +done +echo "code-signature-flags: ${flags[@]}" + +echo "**** Signing main bundle ($display_name.app) ****" +$rcodesign sign \ + $rcodesign_opts \ + "${flags[@]}" \ + --code-signature-flags Contents/MacOS/updater.app/Contents/Frameworks/UpdateSettings.framework:runtime \ + --code-signature-flags Contents/MacOS/updater.app:runtime \ + --code-signature-flags Contents/Frameworks/ChannelPrefs.framework:runtime \ + --code-signature-flags Contents/MacOS/plugin-container.app:runtime \ + --code-signature-flags Contents/MacOS/media-plugin-helper.app:runtime \ + --code-signature-flags Contents/MacOS/gpu-helper.app:runtime \ + --entitlements-xml-path Contents/MacOS/Tor/tor:/signing/tor-browser-build/tools/signing/macos-entitlements/tor.xml \ + --entitlements-xml-path Contents/MacOS/plugin-container.app:/signing/tor-browser-build/tools/signing/macos-entitlements/plugin-container.xml \ + --entitlements-xml-path Contents/MacOS/media-plugin-helper.app:/signing/tor-browser-build/tools/signing/macos-entitlements/media-plugin-helper.xml \ + --entitlements-xml-path /signing/tor-browser-build/tools/signing/macos-entitlements/firefox.browser.xml \ + -- \ + "$display_name/$display_name.app" + +rm -f "$pwdir/rcodesign-pw" +rmdir "$pwdir" +tar -C "$display_name" -caf "$output_file" "$display_name.app" +cd - +rm -Rf "$tmpdir" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser-update-responses][main] 5 commits: alpha: new version, 16.0a1 (linux-aarch64)
by ma1 (＠ma1) 16 Dec '25

16 Dec '25

ma1 pushed to branch main at The Tor Project / Applications / mullvad-browser-update-responses Commits: a71c1b21 by hackademix at 2025-12-15T22:56:54+01:00 alpha: new version, 16.0a1 (linux-aarch64) - - - - - 008ff1d0 by hackademix at 2025-12-15T22:56:54+01:00 alpha: new version, 16.0a1 (linux-x86_64) - - - - - 66d0cffe by hackademix at 2025-12-15T22:56:55+01:00 alpha: new version, 16.0a1 (macos) - - - - - 61a3fd0b by hackademix at 2025-12-15T22:56:55+01:00 alpha: new version, 16.0a1 (windows-x86_64) - - - - - 7b192ce5 by hackademix at 2025-12-15T22:56:56+01:00 alpha: new version, 16.0a1 - - - - - 36 changed files: - update_1/alpha/.htaccess - + update_1/alpha/download-linux-aarch64.json - update_1/alpha/download-linux-x86_64.json - update_1/alpha/download-macos.json - update_1/alpha/download-windows-x86_64.json - update_1/alpha/downloads.json - + update_1/alpha/linux-aarch64/.htaccess - + update_1/alpha/linux-aarch64/no-update.xml - + update_1/alpha/linux-aarch64/update-16.0a1-linux-aarch64.xml - update_1/alpha/linux-x86_64/.htaccess - − update_1/alpha/linux-x86_64/update-15.0a1-15.0a4-linux-x86_64.xml - − update_1/alpha/linux-x86_64/update-15.0a2-15.0a4-linux-x86_64.xml - + update_1/alpha/linux-x86_64/update-15.0a2-16.0a1-linux-x86_64.xml - − update_1/alpha/linux-x86_64/update-15.0a3-15.0a4-linux-x86_64.xml - + update_1/alpha/linux-x86_64/update-15.0a3-16.0a1-linux-x86_64.xml - + update_1/alpha/linux-x86_64/update-15.0a4-16.0a1-linux-x86_64.xml - − update_1/alpha/linux-x86_64/update-15.0a4-linux-x86_64.xml - + update_1/alpha/linux-x86_64/update-16.0a1-linux-x86_64.xml - update_1/alpha/macos/.htaccess - − update_1/alpha/macos/update-15.0a1-15.0a4-macos.xml - − update_1/alpha/macos/update-15.0a2-15.0a4-macos.xml - + update_1/alpha/macos/update-15.0a2-16.0a1-macos.xml - − update_1/alpha/macos/update-15.0a3-15.0a4-macos.xml - + update_1/alpha/macos/update-15.0a3-16.0a1-macos.xml - + update_1/alpha/macos/update-15.0a4-16.0a1-macos.xml - − update_1/alpha/macos/update-15.0a4-macos.xml - + update_1/alpha/macos/update-16.0a1-macos.xml - update_1/alpha/windows-x86_64/.htaccess - − update_1/alpha/windows-x86_64/update-15.0a1-15.0a4-windows-x86_64.xml - − update_1/alpha/windows-x86_64/update-15.0a2-15.0a4-windows-x86_64.xml - + update_1/alpha/windows-x86_64/update-15.0a2-16.0a1-windows-x86_64.xml - − update_1/alpha/windows-x86_64/update-15.0a3-15.0a4-windows-x86_64.xml - + update_1/alpha/windows-x86_64/update-15.0a3-16.0a1-windows-x86_64.xml - + update_1/alpha/windows-x86_64/update-15.0a4-16.0a1-windows-x86_64.xml - − update_1/alpha/windows-x86_64/update-15.0a4-windows-x86_64.xml - + update_1/alpha/windows-x86_64/update-16.0a1-windows-x86_64.xml The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser-update-respo… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser-update-respo… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-146.0a1-16.0-2] fixup! Tweaks to the build system
by Pier Angelo Vendrame (＠pierov) 15 Dec '25

15 Dec '25

Pier Angelo Vendrame pushed to branch mullvad-browser-146.0a1-16.0-2 at The Tor Project / Applications / Mullvad Browser Commits: d11dcdeb by Pier Angelo Vendrame at 2025-12-15T18:43:58+01:00 fixup! Tweaks to the build system This reverts commit 4e4d1a17c3fd6148d6ecfdeb3831070e068470af. This reverts commit d0aa909310783cf4bdb219d34f5031d5123f8749. - - - - - 2 changed files: - python/mach/mach/sentry.py - python/mach/mach/telemetry.py Changes: ===================================== python/mach/mach/sentry.py ===================================== @@ -8,7 +8,7 @@ import sys from pathlib import Path from threading import Thread -# import sentry_sdk +import sentry_sdk from mozversioncontrol import ( InvalidRepoPath, MissingUpstreamRepo, @@ -35,8 +35,7 @@ class SentryErrorReporter(ErrorReporter): """Reports errors using Sentry.""" def report_exception(self, exception): - pass - # return sentry_sdk.capture_exception(exception) + return sentry_sdk.capture_exception(exception) class NoopErrorReporter(ErrorReporter): @@ -62,10 +61,10 @@ def register_sentry(argv, settings, topsrcdir: Path): ) _is_unmodified_mach_core_thread.start() - # sentry_sdk.init( - # _SENTRY_DSN, before_send=lambda event, _: _process_event(event, topsrcdir) - # ) - # sentry_sdk.add_breadcrumb(message="./mach {}".format(" ".join(argv))) + sentry_sdk.init( + _SENTRY_DSN, before_send=lambda event, _: _process_event(event, topsrcdir) + ) + sentry_sdk.add_breadcrumb(message="./mach {}".format(" ".join(argv))) return SentryErrorReporter() ===================================== python/mach/mach/telemetry.py ===================================== @@ -7,9 +7,11 @@ import importlib.util import os import subprocess import sys +import urllib.parse as urllib_parse from pathlib import Path from textwrap import dedent +import requests from mozbuild.base import BuildEnvironmentNotFoundException, MozbuildObject from mozbuild.telemetry import filter_args from mozfile import json @@ -90,7 +92,10 @@ def is_applicable_telemetry_environment(): def is_telemetry_enabled(settings): - return False + if os.environ.get("DISABLE_TELEMETRY") == "1": + return False + + return settings.mach_telemetry.is_enabled def arcrc_path(): @@ -127,7 +132,40 @@ def resolve_setting_from_arcconfig(topsrcdir: Path, setting): def resolve_is_employee_by_credentials(topsrcdir: Path): - return None + try: + phabricator_uri = resolve_setting_from_arcconfig(topsrcdir, "phabricator.uri") + + if not phabricator_uri: + return None + + with arcrc_path().open() as arcrc_file: + arcrc = json.load(arcrc_file) + + phabricator_token = ( + arcrc.get("hosts", {}) + .get(urllib_parse.urljoin(phabricator_uri, "api/"), {}) + .get("token") + ) + + if not phabricator_token: + return None + + bmo_uri = ( + resolve_setting_from_arcconfig(topsrcdir, "bmo_url") + or "https://bugzilla.mozilla.org" + ) + bmo_api_url = urllib_parse.urljoin(bmo_uri, "rest/whoami") + bmo_result = requests.get( + bmo_api_url, headers={"X-PHABRICATOR-TOKEN": phabricator_token} + ) + + return "mozilla-employee-confidential" in bmo_result.json().get("groups", []) + except ( + FileNotFoundError, + json.JSONDecodeError, + requests.exceptions.RequestException, + ): + return None def resolve_is_employee_by_vcs(topsrcdir: Path): View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/d11… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/d11… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-146.0a1-16.0-2] fixup! Tweaks to the build system
by Pier Angelo Vendrame (＠pierov) 15 Dec '25

15 Dec '25

Pier Angelo Vendrame pushed to branch base-browser-146.0a1-16.0-2 at The Tor Project / Applications / Tor Browser Commits: 9fc3f0b0 by Pier Angelo Vendrame at 2025-12-15T18:43:34+01:00 fixup! Tweaks to the build system This reverts commit 4e4d1a17c3fd6148d6ecfdeb3831070e068470af. This reverts commit d0aa909310783cf4bdb219d34f5031d5123f8749. - - - - - 2 changed files: - python/mach/mach/sentry.py - python/mach/mach/telemetry.py Changes: ===================================== python/mach/mach/sentry.py ===================================== @@ -8,7 +8,7 @@ import sys from pathlib import Path from threading import Thread -# import sentry_sdk +import sentry_sdk from mozversioncontrol import ( InvalidRepoPath, MissingUpstreamRepo, @@ -35,8 +35,7 @@ class SentryErrorReporter(ErrorReporter): """Reports errors using Sentry.""" def report_exception(self, exception): - pass - # return sentry_sdk.capture_exception(exception) + return sentry_sdk.capture_exception(exception) class NoopErrorReporter(ErrorReporter): @@ -62,10 +61,10 @@ def register_sentry(argv, settings, topsrcdir: Path): ) _is_unmodified_mach_core_thread.start() - # sentry_sdk.init( - # _SENTRY_DSN, before_send=lambda event, _: _process_event(event, topsrcdir) - # ) - # sentry_sdk.add_breadcrumb(message="./mach {}".format(" ".join(argv))) + sentry_sdk.init( + _SENTRY_DSN, before_send=lambda event, _: _process_event(event, topsrcdir) + ) + sentry_sdk.add_breadcrumb(message="./mach {}".format(" ".join(argv))) return SentryErrorReporter() ===================================== python/mach/mach/telemetry.py ===================================== @@ -7,9 +7,11 @@ import importlib.util import os import subprocess import sys +import urllib.parse as urllib_parse from pathlib import Path from textwrap import dedent +import requests from mozbuild.base import BuildEnvironmentNotFoundException, MozbuildObject from mozbuild.telemetry import filter_args from mozfile import json @@ -90,7 +92,10 @@ def is_applicable_telemetry_environment(): def is_telemetry_enabled(settings): - return False + if os.environ.get("DISABLE_TELEMETRY") == "1": + return False + + return settings.mach_telemetry.is_enabled def arcrc_path(): @@ -127,7 +132,40 @@ def resolve_setting_from_arcconfig(topsrcdir: Path, setting): def resolve_is_employee_by_credentials(topsrcdir: Path): - return None + try: + phabricator_uri = resolve_setting_from_arcconfig(topsrcdir, "phabricator.uri") + + if not phabricator_uri: + return None + + with arcrc_path().open() as arcrc_file: + arcrc = json.load(arcrc_file) + + phabricator_token = ( + arcrc.get("hosts", {}) + .get(urllib_parse.urljoin(phabricator_uri, "api/"), {}) + .get("token") + ) + + if not phabricator_token: + return None + + bmo_uri = ( + resolve_setting_from_arcconfig(topsrcdir, "bmo_url") + or "https://bugzilla.mozilla.org" + ) + bmo_api_url = urllib_parse.urljoin(bmo_uri, "rest/whoami") + bmo_result = requests.get( + bmo_api_url, headers={"X-PHABRICATOR-TOKEN": phabricator_token} + ) + + return "mozilla-employee-confidential" in bmo_result.json().get("groups", []) + except ( + FileNotFoundError, + json.JSONDecodeError, + requests.exceptions.RequestException, + ): + return None def resolve_is_employee_by_vcs(topsrcdir: Path): View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9fc3f0b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9fc3f0b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-146.0a1-16.0-2] fixup! Tweaks to the build system
by Pier Angelo Vendrame (＠pierov) 15 Dec '25

15 Dec '25

Pier Angelo Vendrame pushed to branch tor-browser-146.0a1-16.0-2 at The Tor Project / Applications / Tor Browser Commits: b05a0c00 by Pier Angelo Vendrame at 2025-12-15T17:54:47+01:00 fixup! Tweaks to the build system This reverts commit 4e4d1a17c3fd6148d6ecfdeb3831070e068470af. This reverts commit d0aa909310783cf4bdb219d34f5031d5123f8749. - - - - - 2 changed files: - python/mach/mach/sentry.py - python/mach/mach/telemetry.py Changes: ===================================== python/mach/mach/sentry.py ===================================== @@ -8,7 +8,7 @@ import sys from pathlib import Path from threading import Thread -# import sentry_sdk +import sentry_sdk from mozversioncontrol import ( InvalidRepoPath, MissingUpstreamRepo, @@ -35,8 +35,7 @@ class SentryErrorReporter(ErrorReporter): """Reports errors using Sentry.""" def report_exception(self, exception): - pass - # return sentry_sdk.capture_exception(exception) + return sentry_sdk.capture_exception(exception) class NoopErrorReporter(ErrorReporter): @@ -62,10 +61,10 @@ def register_sentry(argv, settings, topsrcdir: Path): ) _is_unmodified_mach_core_thread.start() - # sentry_sdk.init( - # _SENTRY_DSN, before_send=lambda event, _: _process_event(event, topsrcdir) - # ) - # sentry_sdk.add_breadcrumb(message="./mach {}".format(" ".join(argv))) + sentry_sdk.init( + _SENTRY_DSN, before_send=lambda event, _: _process_event(event, topsrcdir) + ) + sentry_sdk.add_breadcrumb(message="./mach {}".format(" ".join(argv))) return SentryErrorReporter() ===================================== python/mach/mach/telemetry.py ===================================== @@ -7,9 +7,11 @@ import importlib.util import os import subprocess import sys +import urllib.parse as urllib_parse from pathlib import Path from textwrap import dedent +import requests from mozbuild.base import BuildEnvironmentNotFoundException, MozbuildObject from mozbuild.telemetry import filter_args from mozfile import json @@ -90,7 +92,10 @@ def is_applicable_telemetry_environment(): def is_telemetry_enabled(settings): - return False + if os.environ.get("DISABLE_TELEMETRY") == "1": + return False + + return settings.mach_telemetry.is_enabled def arcrc_path(): @@ -127,7 +132,40 @@ def resolve_setting_from_arcconfig(topsrcdir: Path, setting): def resolve_is_employee_by_credentials(topsrcdir: Path): - return None + try: + phabricator_uri = resolve_setting_from_arcconfig(topsrcdir, "phabricator.uri") + + if not phabricator_uri: + return None + + with arcrc_path().open() as arcrc_file: + arcrc = json.load(arcrc_file) + + phabricator_token = ( + arcrc.get("hosts", {}) + .get(urllib_parse.urljoin(phabricator_uri, "api/"), {}) + .get("token") + ) + + if not phabricator_token: + return None + + bmo_uri = ( + resolve_setting_from_arcconfig(topsrcdir, "bmo_url") + or "https://bugzilla.mozilla.org" + ) + bmo_api_url = urllib_parse.urljoin(bmo_uri, "rest/whoami") + bmo_result = requests.get( + bmo_api_url, headers={"X-PHABRICATOR-TOKEN": phabricator_token} + ) + + return "mozilla-employee-confidential" in bmo_result.json().get("groups", []) + except ( + FileNotFoundError, + json.JSONDecodeError, + requests.exceptions.RequestException, + ): + return None def resolve_is_employee_by_vcs(topsrcdir: Path): View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/b05a0c0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/b05a0c0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag mb-16.0a1-build2
by Pier Angelo Vendrame (＠pierov) 15 Dec '25

15 Dec '25

Pier Angelo Vendrame pushed new tag mb-16.0a1-build2 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/mb-… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-16.0a1-build2
by Pier Angelo Vendrame (＠pierov) 15 Dec '25

15 Dec '25

Pier Angelo Vendrame pushed new tag tbb-16.0a1-build2 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0