commit d97e4bf2c0711bcd9683c1c0f89dd22ffa89b8ad Author: Georg Koppen <gk@torproject.org> Date: Mon Jun 23 10:52:46 2014 +0000 Bug 10935: Merge meek into master. This is the result of squashing and merging dcf/meek-rebase-4.0-alpha1-pre-take3. --- .../Docs/Licenses/PluggableTransports/LICENSE | 18 +++ .../Docs/Licenses/PluggableTransports/LICENSE.CC0 | 121 ++++++++++++++++++++ Bundle-Data/PTConfigs/bridge_prefs.js | 2 + .../PTConfigs/linux/torrc-defaults-appendix | 3 + .../mac/TorBrowser.app.meek-http-helper/README | 13 +++ Bundle-Data/PTConfigs/mac/torrc-defaults-appendix | 3 + Bundle-Data/PTConfigs/meek-http-helper-user.js | 24 ++++ .../PTConfigs/windows/torrc-defaults-appendix | 3 + gitian/build-helpers/background-plist.py | 31 +++++ gitian/descriptors/linux/gitian-bundle.yml | 9 ++ .../linux/gitian-pluggable-transports.yml | 37 ++++++ gitian/descriptors/mac/gitian-bundle.yml | 20 ++++ .../mac/gitian-pluggable-transports.yml | 46 ++++++++ gitian/descriptors/windows/gitian-bundle.yml | 10 ++ .../windows/gitian-pluggable-transports.yml | 46 ++++++++ gitian/fetch-inputs.sh | 11 +- gitian/gpg/goptlib.gpg | Bin 0 -> 5876 bytes gitian/gpg/meek.gpg | Bin 0 -> 5876 bytes gitian/mkbundle-linux.sh | 5 +- gitian/mkbundle-mac.sh | 7 +- gitian/mkbundle-windows.sh | 5 +- gitian/patches/cross-cgo.patch | 16 +++ gitian/verify-tags.sh | 4 +- gitian/versions | 6 + gitian/versions.alpha | 6 + gitian/versions.beta | 6 + gitian/versions.nightly | 6 + 27 files changed, 447 insertions(+), 11 deletions(-) diff --git a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE index 8b175c2..162589c 100644 --- a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE +++ b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE @@ -420,3 +420,21 @@ was licensed under the Python license. Same license applies to all files in the argparse package project. For details about the Python License, please see LICENSE.PYTHON. + +=============================================================================== + +goptlib + +To the extent possible under law, the authors have dedicated all +copyright and related and neighboring rights to this software to the +public domain worldwide. This software is distributed without any +warranty. See LICENSE.CC0. + +=============================================================================== + +meek + +To the extent possible under law, the authors have dedicated all +copyright and related and neighboring rights to this software to the +public domain worldwide. This software is distributed without any +warranty. See LICENSE.CC0. diff --git a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE.CC0 b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE.CC0 new file mode 100644 index 0000000..0e259d4 --- /dev/null +++ b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE.CC0 @@ -0,0 +1,121 @@ +Creative Commons Legal Code + +CC0 1.0 Universal + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS + PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM + THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED + HEREUNDER. + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator +and subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for +the purpose of contributing to a commons of creative, cultural and +scientific works ("Commons") that the public can reliably and without fear +of later claims of infringement build upon, modify, incorporate in other +works, reuse and redistribute as freely as possible in any form whatsoever +and for any purposes, including without limitation commercial purposes. +These owners may contribute to the Commons to promote the ideal of a free +culture and the further production of creative, cultural and scientific +works, or to gain reputation or greater distribution for their Work in +part through the use and efforts of others. + +For these and/or other purposes and motivations, and without any +expectation of additional consideration or compensation, the person +associating CC0 with a Work (the "Affirmer"), to the extent that he or she +is an owner of Copyright and Related Rights in the Work, voluntarily +elects to apply CC0 to the Work and publicly distribute the Work under its +terms, with knowledge of his or her Copyright and Related Rights in the +Work and the meaning and intended legal effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be +protected by copyright and related or neighboring rights ("Copyright and +Related Rights"). Copyright and Related Rights include, but are not +limited to, the following: + + i. the right to reproduce, adapt, distribute, perform, display, + communicate, and translate a Work; + ii. moral rights retained by the original author(s) and/or performer(s); +iii. publicity and privacy rights pertaining to a person's image or + likeness depicted in a Work; + iv. rights protecting against unfair competition in regards to a Work, + subject to the limitations in paragraph 4(a), below; + v. rights protecting the extraction, dissemination, use and reuse of data + in a Work; + vi. database rights (such as those arising under Directive 96/9/EC of the + European Parliament and of the Council of 11 March 1996 on the legal + protection of databases, and under any national implementation + thereof, including any amended or successor version of such + directive); and +vii. other similar, equivalent or corresponding rights throughout the + world based on applicable law or treaty, and any national + implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention +of, applicable law, Affirmer hereby overtly, fully, permanently, +irrevocably and unconditionally waives, abandons, and surrenders all of +Affirmer's Copyright and Related Rights and associated claims and causes +of action, whether now known or unknown (including existing as well as +future claims and causes of action), in the Work (i) in all territories +worldwide, (ii) for the maximum duration provided by applicable law or +treaty (including future time extensions), (iii) in any current or future +medium and for any number of copies, and (iv) for any purpose whatsoever, +including without limitation commercial, advertising or promotional +purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each +member of the public at large and to the detriment of Affirmer's heirs and +successors, fully intending that such Waiver shall not be subject to +revocation, rescission, cancellation, termination, or any other legal or +equitable action to disrupt the quiet enjoyment of the Work by the public +as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason +be judged legally invalid or ineffective under applicable law, then the +Waiver shall be preserved to the maximum extent permitted taking into +account Affirmer's express Statement of Purpose. In addition, to the +extent the Waiver is so judged Affirmer hereby grants to each affected +person a royalty-free, non transferable, non sublicensable, non exclusive, +irrevocable and unconditional license to exercise Affirmer's Copyright and +Related Rights in the Work (i) in all territories worldwide, (ii) for the +maximum duration provided by applicable law or treaty (including future +time extensions), (iii) in any current or future medium and for any number +of copies, and (iv) for any purpose whatsoever, including without +limitation commercial, advertising or promotional purposes (the +"License"). The License shall be deemed effective as of the date CC0 was +applied by Affirmer to the Work. Should any part of the License for any +reason be judged legally invalid or ineffective under applicable law, such +partial invalidity or ineffectiveness shall not invalidate the remainder +of the License, and in such case Affirmer hereby affirms that he or she +will not (i) exercise any of his or her remaining Copyright and Related +Rights in the Work or (ii) assert any associated claims and causes of +action with respect to the Work, in either case contrary to Affirmer's +express Statement of Purpose. + +4. Limitations and Disclaimers. + + a. No trademark or patent rights held by Affirmer are waived, abandoned, + surrendered, licensed or otherwise affected by this document. + b. Affirmer offers the Work as-is and makes no representations or + warranties of any kind concerning the Work, express, implied, + statutory or otherwise, including without limitation warranties of + title, merchantability, fitness for a particular purpose, non + infringement, or the absence of latent or other defects, accuracy, or + the present or absence of errors, whether or not discoverable, all to + the greatest extent permissible under applicable law. + c. Affirmer disclaims responsibility for clearing rights of other persons + that may apply to the Work or any use thereof, including without + limitation any person's Copyright and Related Rights in the Work. + Further, Affirmer disclaims responsibility for obtaining any necessary + consents, permissions or other rights required for any use of the + Work. + d. Affirmer understands and acknowledges that Creative Commons is not a + party to this document and has no duty or obligation with respect to + this CC0 or use of the Work. diff --git a/Bundle-Data/PTConfigs/bridge_prefs.js b/Bundle-Data/PTConfigs/bridge_prefs.js index 8d2afed..5a1532e 100644 --- a/Bundle-Data/PTConfigs/bridge_prefs.js +++ b/Bundle-Data/PTConfigs/bridge_prefs.js @@ -25,3 +25,5 @@ pref("extensions.torlauncher.default_bridge.fte.5", "fte 79.125.3.12:8080 272465 pref("extensions.torlauncher.default_bridge.scramblesuit.1", "scramblesuit 188.40.121.112:39707 5DE8D363D8F150C99E1A2D7237368D614838132C password=L5POGQONBPS2HZUR6GXBIDS4CMIYYOTI"); pref("extensions.torlauncher.default_bridge.scramblesuit.2", "scramblesuit 188.226.213.208:54278 AA5A86C1490296EF4FACA946CC5A182FCD1C5B1E password=MD2VRP7WXAMSG7MKIGMHI4CB4BMSNO7T"); pref("extensions.torlauncher.default_bridge.scramblesuit.3", "scramblesuit 83.212.101.3:443 A09D536DD1752D542E1FBB3C9CE4449D51298239 password=XTCXLG2JAMJKZW2POLBAOWOQETQSMASH"); + +pref("extensions.torlauncher.default_bridge.meek.1", "meek 0.0.2.0:1"); diff --git a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix index ec45f9c..24f35ff 100644 --- a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix +++ b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix @@ -9,3 +9,6 @@ ClientTransportPlugin obfs2,obfs3,scramblesuit exec ./TorBrowser/Tor/PluggableTr # receive connections from the Internet (the port for which you # configured port forwarding). ClientTransportPlugin flashproxy exec ./TorBrowser/Tor/PluggableTransports/flashproxy-client --register :0 :9000 + +## meek configuration +ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com diff --git a/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README b/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README new file mode 100644 index 0000000..f158eec --- /dev/null +++ b/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README @@ -0,0 +1,13 @@ +This directory contains a special headless configuration of the Tor +Browser app, intended for use by meek-client-torbrowser and the +meek-http-helper extension. It should not be run directly. + +All files in the Contents directory, other than Info.plist, are simply +symlinked to their counterparts in ../../../../../Contents. Info.plist +contains an additional configuration directive that prevents the +headless browser from opening a useless second dock icon: + <key>LSBackgroundOnly</key><true/> + +For background on this matter, see the ticket: + meek-http-helper opens up a second dock icon + https://trac.torproject.org/projects/tor/ticket/11429 diff --git a/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix b/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix index 19fc8e0..a4c3499 100644 --- a/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix +++ b/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix @@ -10,3 +10,6 @@ ClientTransportPlugin obfs2,obfs3,scramblesuit exec PluggableTransports/obfsprox # receive connections from the Internet (the port for which you # configured port forwarding). ClientTransportPlugin flashproxy exec PluggableTransports/flashproxy-client --register :0 :9000 + +## meek configuration +ClientTransportPlugin meek exec PluggableTransports/meek-client-torbrowser -- PluggableTransports/meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com diff --git a/Bundle-Data/PTConfigs/meek-http-helper-user.js b/Bundle-Data/PTConfigs/meek-http-helper-user.js new file mode 100644 index 0000000..a95a6ec --- /dev/null +++ b/Bundle-Data/PTConfigs/meek-http-helper-user.js @@ -0,0 +1,24 @@ +// http://kb.mozillazine.org/User.js_file + +// The meek-http-helper extension uses dump to write its listening port number +// to stdout. +user_pref("browser.dom.window.dump.enabled", true); + +// 0 is "No proxy". +user_pref("network.proxy.type", 0); + +// Allow unproxied DNS. +// https://trac.torproject.org/projects/tor/ticket/11183#comment:6 +user_pref("network.proxy.socks_remote_dns", false); + +// Enable TLS session tickets (disabled by default in Tor Browser). Otherwise +// there is a missing TLS extension. +// https://trac.torproject.org/projects/tor/ticket/11183#comment:9 +user_pref("security.enable_tls_session_tickets", true); + +// Disable safe mode. In case of a crash, we don't want to prompt for a +// safe-mode browser that has extensions disabled and no proxy. +// https://support.mozilla.org/en-US/questions/951221#answer-410562 +user_pref("toolkit.startup.max_resumed_crashes", -1); + +user_pref("extensions.enabledAddons", "meek-http-helper@bamsoftware.com:1.0"); diff --git a/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix b/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix index e97d3b7..5c35ebb 100644 --- a/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix +++ b/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix @@ -10,3 +10,6 @@ ClientTransportPlugin obfs2,obfs3,scramblesuit exec TorBrowser\Tor\PluggableTran # receive connections from the Internet (the port for which you # configured port forwarding). ClientTransportPlugin flashproxy exec TorBrowser\Tor\PluggableTransports\flashproxy-client --register :0 :9000 + +## meek configuration +ClientTransportPlugin meek exec TorBrowser\Tor\PluggableTransports\terminateprocess-buffer TorBrowser\Tor\PluggableTransports\meek-client-torbrowser --exit-on-stdin-eof -- TorBrowser\Tor\PluggableTransports\meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com diff --git a/gitian/build-helpers/background-plist.py b/gitian/build-helpers/background-plist.py new file mode 100755 index 0000000..328b3e7 --- /dev/null +++ b/gitian/build-helpers/background-plist.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python + +# Changes an OS X bundle property list file (plist file) so that the bundle +# starts up without a dock icon. Specifically, this program unsets the key +# LSUIElement (if present), and sets LSBackgroundOnly=true. +# +# This program is meant to help create a headless copy of an existing bundle. It +# exists specifically to enable the meek-http-helper browser extension to run in +# the background without creating a second Tor Browser icon. +# https://trac.torproject.org/projects/tor/ticket/11429 + +import getopt +import plistlib +import sys + +_, args = getopt.gnu_getopt(sys.argv[1:], "") + +if len(args) != 1: + print >> sys.stderr, "Need a file name argument." + sys.exit(1) + +filename = args[0] +plist = plistlib.readPlist(filename) + +try: + del plist["LSUIElement"] +except KeyError: + pass +plist["LSBackgroundOnly"] = True + +plistlib.writePlist(plist, sys.stdout) diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml index 8543a33..4b0696f 100644 --- a/gitian/descriptors/linux/gitian-bundle.yml +++ b/gitian/descriptors/linux/gitian-bundle.yml @@ -23,6 +23,8 @@ remotes: "dir": "torbutton" - "url": "https://git.torproject.org/https-everywhere.git" "dir": "https-everywhere" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: # TODO: Can we use an env for this file+version?? - "tor-browser-linux32-gbuilt.zip" @@ -37,6 +39,7 @@ files: - "lxml-linux64-utils.zip" - "torrc-defaults-appendix-linux" - "bridge_prefs.js" +- "meek-http-helper-user.js" - "relativelink-src.zip" - "linux-skeleton.zip" - "linux-langpacks.zip" @@ -62,6 +65,7 @@ script: | # mkdir -p $OUTDIR/ mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org + mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/Caches mkdir -p tor-browser/Browser/TorBrowser/Docs/sources/ # Preparing Python for HTTPS-Everywhere. @@ -103,6 +107,10 @@ script: | cd https-everywhere@eff.org/ unzip ../https-everywhere@eff.org.xpi rm ../https-everywhere@eff.org.xpi + cd ~/build + # + cd meek/firefox + ~/build/dzip.sh ../../tor-browser/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions/meek-http-helper@bamsoftware.com.xpi . cd ~/build/ # unzip relativelink-src.zip @@ -119,6 +127,7 @@ script: | unzip ~/build/pluggable-transports-linux$GBUILD_BITS-gbuilt.zip cat ~/build/torrc-defaults-appendix-linux >> Data/Tor/torrc-defaults cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js + cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js fi chmod 700 Data/Browser chmod 700 Data/Tor diff --git a/gitian/descriptors/linux/gitian-pluggable-transports.yml b/gitian/descriptors/linux/gitian-pluggable-transports.yml index 826b3b7..aaaa0f8 100644 --- a/gitian/descriptors/linux/gitian-pluggable-transports.yml +++ b/gitian/descriptors/linux/gitian-pluggable-transports.yml @@ -29,6 +29,10 @@ remotes: "dir": "fteproxy" - "url": "https://github.com/habnabit/txsocksx.git" "dir": "txsocksx" +- "url": "https://git.torproject.org/pluggable-transports/goptlib.git" + "dir": "goptlib" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: - "pycrypto.tar.gz" - "argparse.tar.gz" @@ -37,6 +41,7 @@ files: - "twisted.tar.bz2" - "m2crypto.tar.gz" - "parsley.tar.gz" +- "go.tar.gz" - "dzip.sh" - "gmp-linux32-utils.zip" - "gmp-linux64-utils.zip" @@ -64,6 +69,15 @@ script: | unzip -d $INSTDIR openssl-linux$GBUILD_BITS-utils.zip cp $INSTDIR/gmp/lib/*.so* $INSTDIR/Tor + # Building go + # http://golang.org/doc/install/source#environment + export GOPATH="$HOME/go" + tar xvf go.tar.gz + cd go/src + ./make.bash + cd ../.. + export PATH="$PATH:$PWD/go/bin" + # Building pyptlib cd pyptlib find -type f | xargs touch --date="$REFERENCE_DATETIME" @@ -181,6 +195,29 @@ script: | cp -a {COPYING,README.md} $INSTDIR/Docs/fteproxy cd .. + # Building goptlib + cd goptlib + find -type f | xargs touch --date="$REFERENCE_DATETIME" + mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports" + ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/goptlib.git" + go install git.torproject.org/pluggable-transports/goptlib.git + cd .. + + # Building meek + cd meek + find -type f | xargs touch --date="$REFERENCE_DATETIME" + cd meek-client + go build + cp -a meek-client $PTDIR + cd .. + cd meek-client-torbrowser + go build + cp -a meek-client-torbrowser $PTDIR + cd .. + mkdir -p $INSTDIR/Docs/meek + cp -a README doc/*.1 $INSTDIR/Docs/meek + cd .. + # Grabbing the results cd $INSTDIR ~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-gbuilt.zip Tor/ Docs/ diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index d959d82..8528106 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -28,6 +28,8 @@ remotes: "dir": "https-everywhere" - "url": "https://github.com/vasi/libdmg-hfsplus.git" "dir": "libdmg-hfsplus" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: # TODO: Can we use an env for this file+version?? - "tor-browser-mac32-gbuilt.zip" @@ -35,6 +37,8 @@ files: - "pluggable-transports-mac32-gbuilt.zip" - "torrc-defaults-appendix-mac" - "bridge_prefs.js" +- "meek-http-helper-user.js" +- "TorBrowser.app.meek-http-helper.zip" - "mac-skeleton.zip" - "dmg-applications.tar.xz" - "dmg-desktop.tar.xz" @@ -43,6 +47,7 @@ files: - "https-everywhere@eff.org.xpi" - "dzip.sh" - "ddmg.sh" +- "background-plist.py" - "libdmg.patch" - "bare-version" - "bundle.inputs" @@ -70,6 +75,7 @@ script: | # mkdir -p $OUTDIR/ mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org + mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/Caches mkdir -p $TORBROWSER_NAME.app/TorBrowser/Docs/sources mkdir -p $TORBROWSER_NAME.app/Contents/MacOS @@ -111,6 +117,10 @@ script: | rm ../https-everywhere@eff.org.xpi cd ~/build/ # + cd meek/firefox + ~/build/dzip.sh ../../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions/meek-http-helper@bamsoftware.com.xpi . + cd ~/build/ + # unzip tor-mac$GBUILD_BITS-gbuilt.zip if [ $BUILD_PT_BUNDLES ]; then unzip pluggable-transports-mac$GBUILD_BITS-gbuilt.zip @@ -122,6 +132,7 @@ script: | if [ $BUILD_PT_BUNDLES ]; then cat ~/build/torrc-defaults-appendix-mac >> Data/Tor/torrc-defaults cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js + cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js fi # Install a "tor" shim that sets the working directory. See #10030. mv Tor/tor Tor/tor.real @@ -156,6 +167,15 @@ script: | echo "pref(\"general.useragent.locale\", \"en-US\");" >> defaults/preferences/000-tor-browser.js zip -Xm omni.ja defaults/preferences/000-tor-browser.js popd + # Install a headless copy of TorBrowser.app, with a modified Info.plist so + # that it runs without a dock icon. See #11429. + pushd $TORBROWSER_NAME.app/TorBrowser/Tor/PluggableTransports + mkdir -p TorBrowser.app.meek-http-helper/Contents + (cd TorBrowser.app.meek-http-helper/Contents && ln -s ../../../../../Contents/* .) + rm -f TorBrowser.app.meek-http-helper/Contents/Info.plist + ~/build/background-plist.py ../../../Contents/Info.plist > TorBrowser.app.meek-http-helper/Contents/Info.plist + unzip ~/build/TorBrowser.app.meek-http-helper.zip + popd # if [ ${TORBROWSER_VERSION::3} == "3.5" ]; then cp -a ~/build/$TORBROWSER_NAME.app ~/build/${TORBROWSER_NAME}_en-US.app diff --git a/gitian/descriptors/mac/gitian-pluggable-transports.yml b/gitian/descriptors/mac/gitian-pluggable-transports.yml index c206d06..420b94d 100644 --- a/gitian/descriptors/mac/gitian-pluggable-transports.yml +++ b/gitian/descriptors/mac/gitian-pluggable-transports.yml @@ -28,6 +28,10 @@ remotes: "dir": "fteproxy" - "url": "https://github.com/habnabit/txsocksx.git" "dir": "txsocksx" +- "url": "https://git.torproject.org/pluggable-transports/goptlib.git" + "dir": "goptlib" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: - "pycrypto.tar.gz" - "argparse.tar.gz" @@ -36,6 +40,8 @@ files: - "twisted.tar.bz2" - "m2crypto.tar.gz" - "parsley.tar.gz" +- "go.tar.gz" +- "cross-cgo.patch" - "apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb" - "multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz" - "dzip.sh" @@ -73,6 +79,21 @@ script: | export CXXFLAGS="-I/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/include/ -I/usr/lib/gcc/i686-apple-darwin10/4.2.1/include/ -I. -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5 -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/i686-apple-darwin10/4.2.1 -I$INSTDIR/gmp/include -L$INSTDIR/gmp/lib" export LDFLAGS="-L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5" + # Building go + # http://golang.org/doc/install/source#environment + export GOPATH="$HOME/go" + export GOOS=darwin + export GOARCH=386 + tar xvf go.tar.gz + cd go + patch -p1 < ~/build/cross-cgo.patch + cd src + # Disable CC et al. that are set up for cross builds. (The Go compiler is a + # cross-compiler, but it needs to run on *this* host.) + CC= CFLAGS= LDFLAGS= LDSHARED= ./make.bash + cd ../.. + export PATH="$PATH:$PWD/go/bin" + # Building pyptlib cd pyptlib find -type f | xargs touch --date="$REFERENCE_DATETIME" @@ -201,6 +222,31 @@ script: | cp -a {COPYING,README.md} $TBDIR/Docs/fteproxy cd .. + # Building goptlib + cd goptlib + find -type f | xargs touch --date="$REFERENCE_DATETIME" + mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports" + ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/goptlib.git" + CGO_ENABLED=1 CC="$CC $CFLAGS $LDFLAGS" go install git.torproject.org/pluggable-transports/goptlib.git + cd .. + + # Building meek + cd meek + find -type f | xargs touch --date="$REFERENCE_DATETIME" + cd meek-client + # https://code.google.com/p/go/issues/detail?id=4714#c7 + # We need cgo for crypto/x509 support on mac. + CGO_ENABLED=1 CC="$CC $CFLAGS $LDFLAGS" go build + cp -a meek-client $PTDIR + cd .. + cd meek-client-torbrowser + CGO_ENABLED=1 CC="$CC $CFLAGS $LDFLAGS" go build + cp -a meek-client-torbrowser $PTDIR + cd .. + mkdir -p $TBDIR/Docs/meek + cp -a README doc/*.1 $TBDIR/Docs/meek + cd .. + # Grabbing the result cd $INSTDIR ~/build/dzip.sh pluggable-transports-mac$GBUILD_BITS-gbuilt.zip TorBrowserBundle.app diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml index fc4fb35..bf7f531 100644 --- a/gitian/descriptors/windows/gitian-bundle.yml +++ b/gitian/descriptors/windows/gitian-bundle.yml @@ -24,6 +24,8 @@ remotes: "dir": "torbutton" - "url": "https://git.torproject.org/https-everywhere.git" "dir": "https-everywhere" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: # TODO: Can we use an env for this file+version?? - "tor-browser-win32-gbuilt.zip" @@ -31,6 +33,7 @@ files: - "pluggable-transports-win32-gbuilt.zip" - "torrc-defaults-appendix-windows" - "bridge_prefs.js" +- "meek-http-helper-user.js" - "windows-skeleton.zip" - "win32-langpacks.zip" - "noscript@noscript.net.xpi" @@ -54,6 +57,7 @@ script: | # mkdir -p $OUTDIR/ mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org + mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/Caches mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Docs/sources # @@ -92,6 +96,11 @@ script: | rm ../https-everywhere@eff.org.xpi cd ~/build/ # + cd meek/firefox + ~/build/dzip.sh ../meek-http-helper@bamsoftware.com.xpi . + mv ../meek-http-helper@bamsoftware.com.xpi ../../tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions/meek-http-helper@bamsoftware.com.xpi + cd ~/build/ + # cd tbb-windows-installer/"Tor Browser" unzip ~/build/tor-browser-win32-gbuilt.zip cd Browser/TorBrowser @@ -102,6 +111,7 @@ script: | unzip ~/build/pluggable-transports-win32-gbuilt.zip cat ~/build/torrc-defaults-appendix-windows >> Data/Tor/torrc-defaults cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js + cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js fi cd ../../.. # diff --git a/gitian/descriptors/windows/gitian-pluggable-transports.yml b/gitian/descriptors/windows/gitian-pluggable-transports.yml index 6af344c..d68ace4 100644 --- a/gitian/descriptors/windows/gitian-pluggable-transports.yml +++ b/gitian/descriptors/windows/gitian-pluggable-transports.yml @@ -30,6 +30,10 @@ remotes: "dir": "fteproxy" - "url": "https://github.com/habnabit/txsocksx.git" "dir": "txsocksx" +- "url": "https://git.torproject.org/pluggable-transports/goptlib.git" + "dir": "goptlib" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: - "setuptools.tar.gz" - "pycrypto.tar.gz" @@ -43,6 +47,8 @@ files: - "wine-wrappers" - "python.msi" - "py2exe.exe" +- "go.tar.gz" +- "cross-cgo.patch" - "dzip.sh" - "pyc-timestamp.sh" - "openssl-win32-utils.zip" @@ -127,6 +133,19 @@ script: | cp -a dist/gcc.exe dist/g++.exe dist/dllwrap.exe dist/swig.exe $WINEROOT/windows/ cd .. + # Building go + # http://golang.org/doc/install/source#environment + export GOPATH="$HOME/go" + export GOOS=windows + export GOARCH=386 + tar xvf go.tar.gz + cd go + patch -p1 < ~/build/cross-cgo.patch + cd src + ./make.bash + cd ../.. + export PATH="$PATH:$PWD/go/bin" + # Building setuptools tar xzf setuptools.tar.gz cd setuptools-* @@ -271,6 +290,33 @@ script: | cp -an {COPYING,README.md} $INSTDIR/Docs/fteproxy cd .. + # Building goptlib + cd goptlib + find -type f | xargs touch --date="$REFERENCE_DATETIME" + mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports" + ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/goptlib.git" + CGO_ENABLED=1 CC="i686-w64-mingw32-gcc" go install git.torproject.org/pluggable-transports/goptlib.git + cd .. + + # Building meek + cd meek + find -type f | xargs touch --date="$REFERENCE_DATETIME" + cd meek-client + CGO_ENABLED=1 CC="i686-w64-mingw32-gcc" go build + cp -a meek-client.exe $PTDIR + cd .. + cd meek-client-torbrowser + CGO_ENABLED=1 CC="i686-w64-mingw32-gcc" go build + cp -a meek-client-torbrowser.exe $PTDIR + cd .. + cd terminateprocess-buffer + CGO_ENABLED=1 CC="i686-w64-mingw32-gcc" go build + cp -a terminateprocess-buffer.exe $PTDIR + cd .. + mkdir -p $INSTDIR/Docs/meek + cp -a README doc/*.1.txt $INSTDIR/Docs/meek + cd .. + # http://bugs.winehq.org/show_bug.cgi?id=3591 cp -a $INSTDIR/python/python27.dll $PTDIR/ diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index 1b0b4c1..d318fa5 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -156,9 +156,9 @@ do get "${!PACKAGE}" "${MIRROR_URL}${!PACKAGE}" done -# XXX: Omit ARGPARSE because Google won't allow wget -N and because the -# download seems to 404 about 50% of the time. -for i in ARGPARSE +# XXX: Omit googlecode.com packages because Google won't allow wget -N +# and because the download seems to 404 about 50% of the time. +for i in ARGPARSE GO do PACKAGE="${i}_PACKAGE" URL="${MIRROR_URL_DCF}${!PACKAGE}" @@ -208,7 +208,7 @@ wget -U "" -N ${HTTPSE_URL} # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK is not signed at all) -for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY +for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" @@ -261,6 +261,7 @@ ln -sf "$SETUPTOOLS_PACKAGE" setuptools.tar.gz ln -sf "$GMP_PACKAGE" gmp.tar.bz2 ln -sf "$LXML_PACKAGE" lxml.tar.gz ln -sf "$PARSLEY_PACKAGE" parsley.tar.gz +ln -sf "$GO_PACKAGE" go.tar.gz # Fetch latest gitian-builder itself # XXX - this is broken if a non-standard inputs dir is selected using the command line flag. @@ -291,6 +292,8 @@ libfte https://github.com/kpdyer/libfte.git $LIBFTE_TAG fteproxy https://github.com/kpdyer/fteproxy.git $FTEPROXY_TAG libdmg-hfsplus https://github.com/vasi/libdmg-hfsplus.git $LIBDMG_TAG txsocksx https://github.com/habnabit/txsocksx.git $TXSOCKSX_TAG +goptlib https://git.torproject.org/pluggable-transports/goptlib.git $GOPTLIB_TAG +meek https://git.torproject.org/pluggable-transports/meek.git $MEEK_TAG EOF exit 0 diff --git a/gitian/gpg/goptlib.gpg b/gitian/gpg/goptlib.gpg new file mode 100644 index 0000000..f3b543f Binary files /dev/null and b/gitian/gpg/goptlib.gpg differ diff --git a/gitian/gpg/meek.gpg b/gitian/gpg/meek.gpg new file mode 100644 index 0000000..f3b543f Binary files /dev/null and b/gitian/gpg/meek.gpg differ diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index 0d07364..e3e2af5 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -58,6 +58,7 @@ rm -f $GITIAN_DIR/inputs/tbb-docs.zip $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/tbb-docs.zip ./Docs/ cp PTConfigs/linux/torrc-defaults-appendix $GITIAN_DIR/inputs/torrc-defaults-appendix-linux cp PTConfigs/bridge_prefs.js $GITIAN_DIR/inputs/ +cp PTConfigs/meek-http-helper-user.js $GITIAN_DIR/inputs/ cd linux rm -f $GITIAN_DIR/inputs/linux-skeleton.zip @@ -208,7 +209,7 @@ then echo "****** Starting Pluggable Transports Component of Linux Bundle (4/5 for Linux) ******" echo - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml if [ $? -ne 0 ]; then #mv var/build.log ./pluggable-transports-fail-linux.log.`date +%Y%m%d%H%M%S` @@ -231,7 +232,7 @@ then cd $WRAPPER_DIR && ./record-inputs.sh $VERSIONS_FILE && cd $GITIAN_DIR - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit https-everywhere=$HTTPSE_TAG,tor-launcher=$TORLAUNCHER_TAG,torbutton=$TORBUTTON_TAG $DESCRIPTOR_DIR/linux/gitian-bundle.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit https-everywhere=$HTTPSE_TAG,tor-launcher=$TORLAUNCHER_TAG,torbutton=$TORBUTTON_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/linux/gitian-bundle.yml if [ $? -ne 0 ]; then #mv var/build.log ./bundle-fail-linux.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh index 00073e9..995959a 100755 --- a/gitian/mkbundle-mac.sh +++ b/gitian/mkbundle-mac.sh @@ -52,8 +52,11 @@ cp $WRAPPER_DIR/patches/* $GITIAN_DIR/inputs/ cd $WRAPPER_DIR/../Bundle-Data/ rm -f $GITIAN_DIR/inputs/tbb-docs.zip $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/tbb-docs.zip ./Docs/ +rm -f $GITIAN_DIR/inputs/TorBrowser.app.meek-http-helper.zip +(cd PTConfigs/mac && $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/TorBrowser.app.meek-http-helper.zip TorBrowser.app.meek-http-helper) cp PTConfigs/mac/torrc-defaults-appendix $GITIAN_DIR/inputs/torrc-defaults-appendix-mac cp PTConfigs/bridge_prefs.js $GITIAN_DIR/inputs/ +cp PTConfigs/meek-http-helper-user.js $GITIAN_DIR/inputs/ cp mac-tor.sh $GITIAN_DIR/inputs/ cd mac @@ -184,7 +187,7 @@ then echo "****** Starting Pluggable Transports Component of Mac Bundle (4/5 for Mac) ******" echo - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG $DESCRIPTOR_DIR/mac/gitian-pluggable-transports.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/mac/gitian-pluggable-transports.yml if [ $? -ne 0 ]; then #mv var/build.log ./firefox-fail-mac.log.`date +%Y%m%d%H%M%S` @@ -208,7 +211,7 @@ then cd $WRAPPER_DIR && ./record-inputs.sh $VERSIONS_FILE && cd $GITIAN_DIR - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libdmg-hfsplus=$LIBDMG_TAG,https-everywhere=$HTTPSE_TAG,torbutton=$TORBUTTON_TAG,tor-launcher=$TORLAUNCHER_TAG $DESCRIPTOR_DIR/mac/gitian-bundle.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libdmg-hfsplus=$LIBDMG_TAG,https-everywhere=$HTTPSE_TAG,torbutton=$TORBUTTON_TAG,tor-launcher=$TORLAUNCHER_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/mac/gitian-bundle.yml if [ $? -ne 0 ]; then #mv var/build.log ./bundle-fail-mac.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh index 281f4f8..0af015d 100755 --- a/gitian/mkbundle-windows.sh +++ b/gitian/mkbundle-windows.sh @@ -55,6 +55,7 @@ rm -f $GITIAN_DIR/inputs/tbb-docs.zip $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/tbb-docs.zip ./Docs/ cp PTConfigs/windows/torrc-defaults-appendix $GITIAN_DIR/inputs/torrc-defaults-appendix-windows cp PTConfigs/bridge_prefs.js $GITIAN_DIR/inputs/ +cp PTConfigs/meek-http-helper-user.js $GITIAN_DIR/inputs/ cd windows rm -f $GITIAN_DIR/inputs/windows-skeleton.zip @@ -188,7 +189,7 @@ then echo "****** Starting Pluggable Transports Component of Windows Bundle (4/5 for Windows) ******" echo - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG $DESCRIPTOR_DIR/windows/gitian-pluggable-transports.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/windows/gitian-pluggable-transports.yml if [ $? -ne 0 ]; then #mv var/build.log ./pluggable-transports-fail-win32.log.`date +%Y%m%d%H%M%S` @@ -211,7 +212,7 @@ then cd $WRAPPER_DIR && ./record-inputs.sh $VERSIONS_FILE && cd $GITIAN_DIR - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit https-everywhere=$HTTPSE_TAG,torbutton=$TORBUTTON_TAG,tor-launcher=$TORLAUNCHER_TAG,tbb-windows-installer=$NSIS_TAG $DESCRIPTOR_DIR/windows/gitian-bundle.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit https-everywhere=$HTTPSE_TAG,torbutton=$TORBUTTON_TAG,tor-launcher=$TORLAUNCHER_TAG,tbb-windows-installer=$NSIS_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/windows/gitian-bundle.yml if [ $? -ne 0 ]; then #mv var/build.log ./bundle-fail-win32.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/patches/cross-cgo.patch b/gitian/patches/cross-cgo.patch new file mode 100644 index 0000000..eebe0d0 --- /dev/null +++ b/gitian/patches/cross-cgo.patch @@ -0,0 +1,16 @@ +--- a/src/cmd/go/build.go 2014-02-17 05:38:55.806060278 +0000 ++++ b/src/cmd/go/build.go 2014-02-17 05:39:40.414057143 +0000 +@@ -1928,9 +1928,10 @@ + ) + + func (b *builder) cgo(p *Package, cgoExe, obj string, gccfiles []string, gxxfiles []string) (outGo, outObj []string, err error) { +- if goos != toolGOOS { +- return nil, nil, errors.New("cannot use cgo when compiling for a different operating system") +- } ++ // https://code.google.com/p/go/issues/detail?id=4714#c7 ++ // if goos != toolGOOS { ++ // return nil, nil, errors.New("cannot use cgo when compiling for a different operating system") ++ // } + + cgoCPPFLAGS := stringList(envList("CGO_CPPFLAGS"), p.CgoCPPFLAGS) + cgoCFLAGS := stringList(envList("CGO_CFLAGS"), p.CgoCFLAGS) diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index c66a83b..a664b52 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -100,6 +100,8 @@ https-everywhere https-everywhere.gpg $HTTPSE_TAG pyptlib pyptlib.gpg $PYPTLIB_TAG obfsproxy obfsproxy.gpg $OBFSPROXY_TAG flashproxy flashproxy.gpg $FLASHPROXY_TAG +goptlib goptlib.gpg $GOPTLIB_TAG +meek meek.gpg $MEEK_TAG EOF while read dir commit; do @@ -133,7 +135,7 @@ done # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK is not signed at all) -for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY +for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" diff --git a/gitian/versions b/gitian/versions index 2185194..98fc74d 100755 --- a/gitian/versions +++ b/gitian/versions @@ -22,6 +22,8 @@ LIBFTE_TAG=ee9e9ddf5c86e6940559a313d2bd22cc33b654c9 # tag 0.0.3 FTEPROXY_TAG=5e7a9fd498a948d17b0996275ef1b6f743251317 # tag 0.2.15 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 +GOPTLIB_TAG=0.2 +MEEK_TAG=0.9 GITIAN_TAG=tor-browser-builder-3.x-5 @@ -42,6 +44,7 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 HTTPSE_VER=3.5.1 +GO_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -66,6 +69,7 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz LXML_PACKAGE=lxml-${LXML_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz +GO_PACKAGE=go${GO_VER}.src.tar.gz # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 @@ -85,6 +89,7 @@ M2CRYPTO_HASH=25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 +GO_HASH=9ab83fb8eafe39f4204ef0f8e84e5ff7e8f1d533ddb05f51e6dc81503e8c0ae4 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -109,3 +114,4 @@ PY2EXE_URL=http://softlayer-dal.dl.sourceforge.net/project/py2exe/py2exe/${PY2EX SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUPTOOLS_PACKAGE} LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE} PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PACKAGE} +GO_URL=https://go.googlecode.com/files/${GO_PACKAGE} diff --git a/gitian/versions.alpha b/gitian/versions.alpha index e0e1e60..962a1bd 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -22,6 +22,8 @@ LIBFTE_TAG=ee9e9ddf5c86e6940559a313d2bd22cc33b654c9 # tag 0.0.3 FTEPROXY_TAG=5e7a9fd498a948d17b0996275ef1b6f743251317 # tag 0.2.15 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 +GOPTLIB_TAG=0.2 +MEEK_TAG=0.9 GITIAN_TAG=tor-browser-builder-3.x-5 @@ -42,6 +44,7 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 HTTPSE_VER=3.5.1 +GO_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -66,6 +69,7 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz LXML_PACKAGE=lxml-${LXML_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz +GO_PACKAGE=go${GO_VER}.src.tar.gz # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 @@ -85,6 +89,7 @@ M2CRYPTO_HASH=25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 +GO_HASH=9ab83fb8eafe39f4204ef0f8e84e5ff7e8f1d533ddb05f51e6dc81503e8c0ae4 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -109,3 +114,4 @@ PY2EXE_URL=http://softlayer-dal.dl.sourceforge.net/project/py2exe/py2exe/${PY2EX SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUPTOOLS_PACKAGE} LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE} PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PACKAGE} +GO_URL=https://go.googlecode.com/files/${GO_PACKAGE} diff --git a/gitian/versions.beta b/gitian/versions.beta index 817a880..c8a2957 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -22,6 +22,8 @@ LIBFTE_TAG=19f6b8ffafca2ec8fffbc418bc0f88518cea22ac # tag 0.0.2 FTEPROXY_TAG=b5d7fba5c505907693fd2b5321f2aa57d4390cfa # tag 0.2.14 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 +GOPTLIB_TAG=0.2 +MEEK_TAG=0.9 GITIAN_TAG=tor-browser-builder-3.x-5 @@ -42,6 +44,7 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 HTTPSE_VER=3.5.1 +GO_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -67,6 +70,7 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz LXML_PACKAGE=lxml-${LXML_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz +GO_PACKAGE=go${GO_VER}.src.tar.gz # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 @@ -87,6 +91,7 @@ M2CRYPTO_HASH=25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 +GO_HASH=9ab83fb8eafe39f4204ef0f8e84e5ff7e8f1d533ddb05f51e6dc81503e8c0ae4 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -111,3 +116,4 @@ PY2EXE_URL=http://softlayer-dal.dl.sourceforge.net/project/py2exe/py2exe/${PY2EX SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUPTOOLS_PACKAGE} LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE} PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PACKAGE} +GO_URL=https://go.googlecode.com/files/${GO_PACKAGE} diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 1042e78..a429df7 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -22,6 +22,8 @@ LIBFTE_TAG=master FTEPROXY_TAG=master LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 +GOPTLIB_TAG=master +MEEK_TAG=master GITIAN_TAG=tor-browser-builder-3.x-5 @@ -42,6 +44,7 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 HTTPSE_VER=3.5.1 +GO_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -66,6 +69,7 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz LXML_PACKAGE=lxml-${LXML_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz +GO_PACKAGE=go${GO_VER}.src.tar.gz # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 @@ -85,6 +89,7 @@ M2CRYPTO_HASH=25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 +GO_HASH=9ab83fb8eafe39f4204ef0f8e84e5ff7e8f1d533ddb05f51e6dc81503e8c0ae4 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -109,3 +114,4 @@ PY2EXE_URL=http://softlayer-dal.dl.sourceforge.net/project/py2exe/py2exe/${PY2EX SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUPTOOLS_PACKAGE} LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE} PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PACKAGE} +GO_URL=https://go.googlecode.com/files/${GO_PACKAGE}