[tor-browser-bundle/master] Add stopgap for shipping HTTPS-Everywhere. - tor-commits

2 May 2014

commit 35411af55b92ee4d1c823aaefc5a5062ac940787
Author: Georg Koppen gk@torproject.org
Date:   Fri May 2 09:17:54 2014 +0000
Add stopgap for shipping HTTPS-Everywhere.
Until bug 11630 is fixed we add a better stopgap than shipping
    outdated HTTPS-Everywhere versions: we take the NoScript route and
    download and use the .xpi made by the EFF.
---
 gitian/descriptors/linux/gitian-bundle.yml   |   11 ++++++-----
 gitian/descriptors/mac/gitian-bundle.yml     |   11 ++++++-----
 gitian/descriptors/windows/gitian-bundle.yml |   11 ++++++-----
 gitian/fetch-inputs.sh                       |    6 ++++--
 gitian/versions.beta                         |    4 ++++
 gitian/versions.nightly                      |    4 ++++
 6 files changed, 30 insertions(+), 17 deletions(-)

diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml
index c16589a..006883c 100644
--- a/gitian/descriptors/linux/gitian-bundle.yml
+++ b/gitian/descriptors/linux/gitian-bundle.yml
@@ -41,6 +41,7 @@ files:
 - "linux-skeleton.zip"
 - "linux-langpacks.zip"
 - "noscript@noscript.net.xpi"
+- "https-everywhere@eff.org.xpi"
 - "dzip.sh"
 - "dtar.sh"
 - "bare-version"
@@ -88,13 +89,13 @@ script: |
   ~/build/dzip.sh ../../../tor-browser/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi .
   cd ../../../
   #
-  cd https-everywhere
+  #cd https-everywhere
   # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in
   # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066
-  rm -f .git/refs/heads/master
-  ./makexpi.sh
-  cp pkg/*.xpi ../tor-browser/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi
-  cd ..
+  #rm -f .git/refs/heads/master
+  #./makexpi.sh
+  #cp pkg/*.xpi ../tor-browser/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi
+  #cd ..
   #
   cp *.xpi tor-browser/Data/Browser/profile.default/extensions/
   cd tor-browser/Data/Browser/profile.default/extensions
diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml
index 263ca57..2668c7d 100644
--- a/gitian/descriptors/mac/gitian-bundle.yml
+++ b/gitian/descriptors/mac/gitian-bundle.yml
@@ -41,6 +41,7 @@ files:
 - "dmg-desktop.tar.xz"
 - "mac-langpacks.zip"
 - "noscript@noscript.net.xpi"
+- "https-everywhere@eff.org.xpi"
 - "dzip.sh"
 - "ddmg.sh"
 - "libdmg.patch"
@@ -95,13 +96,13 @@ script: |
   ~/build/dzip.sh ../../../$TORBROWSER_NAME.app/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi .
   cd ../../../
   #
-  cd https-everywhere
+  # cd https-everywhere
   # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in
   # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066
-  rm -f .git/refs/heads/master
-  ./makexpi.sh
-  cp pkg/*.xpi ../$TORBROWSER_NAME.app/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi
-  cd ..
+  # rm -f .git/refs/heads/master
+  # ./makexpi.sh
+  # cp pkg/*.xpi ../$TORBROWSER_NAME.app/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi
+  # cd ..
   #
   cp *.xpi ./$TORBROWSER_NAME.app/Data/Browser/profile.default/extensions/
   cd $TORBROWSER_NAME.app/Data/Browser/profile.default/extensions/
diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml
index 457fa7b..ebde49b 100644
--- a/gitian/descriptors/windows/gitian-bundle.yml
+++ b/gitian/descriptors/windows/gitian-bundle.yml
@@ -37,6 +37,7 @@ files:
 - "windows-skeleton.zip"
 - "win32-langpacks.zip"
 - "noscript@noscript.net.xpi"
+- "https-everywhere@eff.org.xpi"
 - "dzip.sh"
 - "bare-version"
 - "bundle.inputs"
@@ -78,13 +79,13 @@ script: |
   ~/build/dzip.sh ../../../tbb-windows-installer/"Tor Browser"/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi .
   cd ../../../
   #
-  cd https-everywhere
+  #cd https-everywhere
   # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in
   # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066
-  rm -f .git/refs/heads/master
-  ./makexpi.sh
-  cp ./pkg/*.xpi ../tbb-windows-installer/"Tor Browser"/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi
-  cd ..
+  #rm -f .git/refs/heads/master
+  #./makexpi.sh
+  #cp ./pkg/*.xpi ../tbb-windows-installer/"Tor Browser"/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi
+  #cd ..
   #
   cp *.xpi tbb-windows-installer/"Tor Browser"/Data/Browser/profile.default/extensions
   cd tbb-windows-installer/"Tor Browser"/Data/Browser/profile.default/extensions
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index f80348e..b542cf0 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -206,8 +206,9 @@ done
cd ..
-# NoScript and PDF.JS are magikal and special:
+# NoScript and HTTPS-Everywhere are magikal and special:
 wget -U "" -N ${NOSCRIPT_URL}
+wget -U "" -N ${HTTPSE_URL}
# So is mingw:
 if [ ! -f mingw-w64-svn-snapshot.zip ];
@@ -226,7 +227,7 @@ fi
# Verify packages with weak or no signatures via direct sha256 check
 # (OpenSSL is signed with MD5, and OSXSDK is not signed at all)
-for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MINGW MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP
+for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MINGW MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP
 do
    PACKAGE="${i}_PACKAGE"
    HASH="${i}_HASH"
@@ -262,6 +263,7 @@ done
 cd ..
ln -sf "$NOSCRIPT_PACKAGE" noscript@noscript.net.xpi
+ln -sf "$HTTPSE_PACKAGE" https-everywhere@eff.org.xpi
 ln -sf "$OPENSSL_PACKAGE" openssl.tar.gz
 ln -sf "$BINUTILS_PACKAGE" binutils.tar.bz2
 ln -sf "$GCC_PACKAGE" gcc.tar.bz2
diff --git a/gitian/versions.beta b/gitian/versions.beta
index 3460248..b5cfa53 100755
--- a/gitian/versions.beta
+++ b/gitian/versions.beta
@@ -38,11 +38,13 @@ M2CRYPTO_VER=0.21.1
 PY2EXE_VER=0.6.9
 SETUPTOOLS_VER=1.4
 LXML_VER=3.3.5
+HTTPSE_VER=3.5.1
## File names for the source packages
 OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
 GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2
 NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.20-fn+fx+sm.xpi
+HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi
 TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz
 TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz
 OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb
@@ -69,6 +71,7 @@ OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc
 TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645
 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9
 NOSCRIPT_HASH=dae2abeb3c57240168c1fdfbf6c6664fa64859fb430ca1a05c218f81371f5ad1
+HTTPSE_HASH=62ac6560bb224a8f5557722153a72fb245b30b345940c537423bfbb7d8144e29
 MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f
 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c
@@ -89,6 +92,7 @@ OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/$%7BOSXSDK_P
 BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/$%7BBINUTILS_PACKAGE%7D
 GCC_URL=https://ftp.gnu.org/gnu/gcc/gcc-$%7BGCC_VER%7D/$%7BGCC_PACKAGE%7D
 NOSCRIPT_URL=https://addons.cdn.mozilla.net/storage/public-staging/722/$%7BNOSCRIPT_PACKA...
+HTTPSE_URL=https://www.eff.org/files/$%7BHTTPSE_PACKAGE%7D
 PYTHON_URL=http://www.python.org/ftp/python/$%7BPYTHON_VER%7D/$%7BPYTHON_PACKAGE%7D
 PYTHON_MSI_URL=http://www.python.org/ftp/python/$%7BPYTHON_VER%7D/$%7BPYTHON_MSI_PACKAGE%7D
 PYCRYPTO_URL=https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/$%7BPYCRYPTO_PACKAGE%7D
diff --git a/gitian/versions.nightly b/gitian/versions.nightly
index c8a8d7c..355b68a 100755
--- a/gitian/versions.nightly
+++ b/gitian/versions.nightly
@@ -39,11 +39,13 @@ M2CRYPTO_VER=0.21.1
 PY2EXE_VER=0.6.9
 SETUPTOOLS_VER=1.4
 LXML_VER=3.3.5
+HTTPSE_VER=3.5.1
## File names for the source packages
 OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
 GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2
 NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.20-fn+fx+sm.xpi
+HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi
 TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz
 TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz
 OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb
@@ -70,6 +72,7 @@ OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc
 TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645
 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9
 NOSCRIPT_HASH=dae2abeb3c57240168c1fdfbf6c6664fa64859fb430ca1a05c218f81371f5ad1
+HTTPSE_HASH=62ac6560bb224a8f5557722153a72fb245b30b345940c537423bfbb7d8144e29
 MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f
 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c
@@ -90,6 +93,7 @@ OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/$%7BOSXSDK_P
 BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/$%7BBINUTILS_PACKAGE%7D
 GCC_URL=https://ftp.gnu.org/gnu/gcc/gcc-$%7BGCC_VER%7D/$%7BGCC_PACKAGE%7D
 NOSCRIPT_URL=https://addons.cdn.mozilla.net/storage/public-staging/722/$%7BNOSCRIPT_PACKA...
+HTTPSE_URL=https://www.eff.org/files/$%7BHTTPSE_PACKAGE%7D
 PYTHON_URL=http://www.python.org/ftp/python/$%7BPYTHON_VER%7D/$%7BPYTHON_PACKAGE%7D
 PYTHON_MSI_URL=http://www.python.org/ftp/python/$%7BPYTHON_VER%7D/$%7BPYTHON_MSI_PACKAGE%7D
 PYCRYPTO_URL=https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/$%7BPYCRYPTO_PACKAGE%7D

    