This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch main in repository builders/tor-browser-build.

The following commit(s) were added to refs/heads/main by this push: new af97862 Bug 40631: Stop bundling HTTPS Everywhere on Android (see tor-browser#41160) af97862 is described below

commit af97862c4b857415eade803c6a417474297fc54b Author: Giorgio Maone ma1@torproject.org AuthorDate: Thu Sep 29 21:55:02 2022 +0000

Bug 40631: Stop bundling HTTPS Everywhere on Android (see tor-browser#41160) --- projects/browser/build.android | 16 +++++++------- projects/browser/verify_allowed_addons.py | 3 --- projects/https-everywhere/build | 8 ------- projects/https-everywhere/config | 36 ------------------------------- tools/fetch_allowed_addons.py | 6 ------ 5 files changed, 8 insertions(+), 61 deletions(-)

diff --git a/projects/browser/build.android b/projects/browser/build.android index a8c5a08..08a4046 100644 --- a/projects/browser/build.android +++ b/projects/browser/build.android @@ -10,19 +10,19 @@ test_in_apk=$rootdir/fenix/app-*-androidTest.apk

tar xavf $rootdir/[% c('input_files_by_name/fenix') %]

-# Bundle our extensions. We treat HTTPS-Everywhere and NoScript differently as -# the former should be an internal extension without getting any updates besides -# from Tor Browser releases. NoScript will be copied over to the profile folder -# being a "regular" browser extension. +# Bundle our extensioni(s). +# NoScript will be copied over to the profile folder +# as a "regular" browser extension receiving regular AMO updates. +noscript_path="$ext_dir/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi" + mkdir -p /var/tmp/build/$ext_dir [% dest_dir _ '/' _ c('filename') %] cd /var/tmp/build -unzip -d $ext_dir/https-everywhere $rootdir/[% c('input_files_by_name/https-everywhere') %] -mv $rootdir/[% c('input_files_by_name/noscript') %] $ext_dir/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi +mv $rootdir/[% c('input_files_by_name/noscript') %] "$noscript_path"

[% IF c("var/verify_allowed_addons") %] - # Check that allowed_addons.json contains the right versions of NoScript and HTTPS Everywhere + # Check that allowed_addons.json contains the right versions of our bundled extension(s). # If so, replace the default allowed_addons.json by ours in the apk assets folder. - $rootdir/verify_allowed_addons.py "$rootdir/allowed_addons.json" "$ext_dir/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi" "$rootdir/[% c('input_files_by_name/https-everywhere') %]" + $rootdir/verify_allowed_addons.py "$rootdir/allowed_addons.json" "$noscript_path" [% END %]

mv $rootdir/allowed_addons.json $assets_dir/allowed_addons.json diff --git a/projects/browser/verify_allowed_addons.py b/projects/browser/verify_allowed_addons.py index b0e89a5..c78e998 100755 --- a/projects/browser/verify_allowed_addons.py +++ b/projects/browser/verify_allowed_addons.py @@ -31,7 +31,6 @@ def read_extension_manifest(path): def main(argv): allowed_addons_path = argv[0] noscript_path = argv[1] - https_everywhere_path = argv[2]

addons = None with open(allowed_addons_path, 'r') as file: @@ -42,11 +41,9 @@ def main(argv): noscript_hash = "sha256:" + hashlib.sha256(file.read()).hexdigest()

noscript_version = read_extension_manifest(noscript_path)["version"] - https_everywhere_version = read_extension_manifest(https_everywhere_path)["version"]

verify_extension_hash(addons, '{73a6fe31-595d-460b-a920-fcc0f8843232}', noscript_hash) verify_extension_version(addons, '{73a6fe31-595d-460b-a920-fcc0f8843232}', noscript_version) - verify_extension_version(addons, 'https-everywhere-eff@eff.org', https_everywhere_version)

if __name__ == "__main__": main(sys.argv[1:]) diff --git a/projects/https-everywhere/build b/projects/https-everywhere/build deleted file mode 100644 index 10dd4bf..0000000 --- a/projects/https-everywhere/build +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -[% c("var/set_default_env") -%] -tar xf [% project %]-[% c('version') %].tar.gz -cd [% project %]-[% c('version') %] -./make.sh -# Since 5.0.2 a .xpi for AMO is built, too. We don't need it. -rm pkg/*-amo.xpi -mv pkg/*.xpi [% dest_dir _ '/' _ c('filename') %] diff --git a/projects/https-everywhere/config b/projects/https-everywhere/config deleted file mode 100644 index e980cf3..0000000 --- a/projects/https-everywhere/config +++ /dev/null @@ -1,36 +0,0 @@ -# vim: filetype=yaml sw=2 -version: 2021.7.13 -git_url: https://github.com/EFForg/https-everywhere.git -git_hash: '[% c("version") %]' -git_submodule: 1 -gpg_keyring: https-everywhere.gpg -tag_gpg_id: 1 -filename: "[% project %]-[% c('version') %]-[% c('var/build_id') %].xpi" -container: - use_container: 1 -var: - # HTTPS Everywhere is expected to be the same on all platforms. To avoid - # building the same thing 4 times, using 4 different container images - # (each one with a different suite or architecture), we set the container - # to bullseye/amd64 for all platforms. This allows us to create only one - # container image, and also build the extension only one time as the - # filename does not contain the platform, and var/build_id should be - # the same since there is now nothing platform specific in the build - # inputs. This allows us to save a little time and disk space. - container: - suite: bullseye - arch: amd64 - deps: - - git - - libxslt1.1 - - libxml2-utils - - sqlite3 - - rsync - - zip - - unzip - - python3 - - python3-distutils - pre_pkginst: '' - -input_files: - - project: container-image diff --git a/tools/fetch_allowed_addons.py b/tools/fetch_allowed_addons.py index ff82537..15d3d7f 100755 --- a/tools/fetch_allowed_addons.py +++ b/tools/fetch_allowed_addons.py @@ -24,17 +24,11 @@ def fetch_and_embed_icons(addons): icon_data = fetch(addon['icon_url']) addon['icon_url'] = 'data:image/png;base64,' + str(base64.b64encode(icon_data), 'utf8')

-def patch_https_everywhere(addons): - addon = find_addon(addons, 'https-everywhere@eff.org') - addon['guid'] = 'https-everywhere-eff@eff.org' - addon['url'] = 'https://www.eff.org/https-everywhere' - def main(argv): amo_collection = argv[0] if argv else '83a9cccfe6e24a34bd7b155ff9ee32' url = 'https://services.addons.mozilla.org/api/v4/accounts/account/mozilla/collecti...' + amo_collection + '/addons/' data = json.loads(fetch(url)) fetch_and_embed_icons(data) - patch_https_everywhere(data) data['results'].sort(key=lambda x: x['addon']['guid']) find_addon(data, '{73a6fe31-595d-460b-a920-fcc0f8843232}') # Check that NoScript is present print(json.dumps(data, indent=2, ensure_ascii=False))