[tor-browser-build/master] Add meek and obfs4

1 Feb 2017

commit 9cbe67960c0d80f393a72715dab4fb32afed7094
Author: Nicolas Vigier <boklm@torproject.org>
Date:   Wed Feb 1 23:50:33 2017 +0100

    Add meek and obfs4
---
 keyring/goptlib.gpg         | Bin 0 -> 5876 bytes
 keyring/meek.gpg            | Bin 0 -> 5876 bytes
 keyring/obfs4.gpg           | Bin 0 -> 41312 bytes
 projects/ed25519/config     |  18 ++++++++++
 projects/go/build           |  74 ++++++++++++++++++++++++++++++++++++++++
 projects/go/config          |  80 ++++++++++++++++++++++++++++++++++++++++++++
 projects/goptlib/config     |  18 ++++++++++
 projects/goxcrypto/config   |  24 +++++++++++++
 projects/goxnet/config      |  22 ++++++++++++
 projects/meek/build         |  49 +++++++++++++++++++++++++++
 projects/meek/config        |  15 +++++++++
 projects/obfs4/build        |  34 +++++++++++++++++++
 projects/obfs4/config       |  30 +++++++++++++++++
 projects/siphash/config     |  16 +++++++++
 projects/tor-browser/build  |  17 ++++++++--
 projects/tor-browser/config |   4 +++
 projects/uniuri/config      |  20 +++++++++++
 17 files changed, 419 insertions(+), 2 deletions(-)

diff --git a/keyring/goptlib.gpg b/keyring/goptlib.gpg
new file mode 100644
index 0000000..f3b543f
Binary files /dev/null and b/keyring/goptlib.gpg differ
diff --git a/keyring/meek.gpg b/keyring/meek.gpg
new file mode 100644
index 0000000..f3b543f
Binary files /dev/null and b/keyring/meek.gpg differ
diff --git a/keyring/obfs4.gpg b/keyring/obfs4.gpg
new file mode 100644
index 0000000..f26a4cd
Binary files /dev/null and b/keyring/obfs4.gpg differ
diff --git a/projects/ed25519/config b/projects/ed25519/config
new file mode 100644
index 0000000..5bab68b
--- /dev/null
+++ b/projects/ed25519/config
@@ -0,0 +1,18 @@
+# vim: filetype=yaml sw=2
+version: '[% c("abbrev") %]'
+git_url: https://github.com/agl/ed25519.git
+git_hash: c4161f4c7483313562781c61b9a20aba73daf9de
+filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+
+build: '[% c("projects/go/var/build_go_lib") %]'
+
+var:
+  go_lib: github.com/agl/ed25519
+  go_lib_install:
+    - github.com/agl/ed25519/extra25519
+
+input_files:
+  - project: docker-image
+  - name: go
+    project: go
diff --git a/projects/go/build b/projects/go/build
new file mode 100644
index 0000000..2efd928
--- /dev/null
+++ b/projects/go/build
@@ -0,0 +1,74 @@
+#!/bin/bash
+set -e
+rootdir=$(pwd)
+distdir=/var/tmp/dist/[% project %]
+mkdir -p /var/tmp/dist
+
+[% IF c("var/linux") %]
+  # Config options for hardening-wrapper
+  export DEB_BUILD_HARDENING=1
+  export DEB_BUILD_HARDENING_STACKPROTECTOR=1
+  export DEB_BUILD_HARDENING_FORTIFY=1
+  export DEB_BUILD_HARDENING_FORMAT=1
+  export DEB_BUILD_HARDENING_PIE=1
+[% END %]
+
+mkdir -p /var/tmp/build
+
+# Building go 1.4.x
+# This is needed to bootstrap the go that we actually use
+# https://golang.org/doc/install/source#go14
+tar -C /var/tmp/build --transform='s,^go\>,go1.4,' -xf $rootdir/[% c('input_files_by_name/go14') %]
+cd /var/tmp/build/go1.4/src
+# Disable cgo to avoid conflicts with newer GCC. cgo is not needed for the bootstrap go.
+# https://github.com/golang/go/issues/13114#issuecomment-186922245
+# Disable CC etc. that are set up for cross builds.
+CGO_ENABLED=0 CC= CFLAGS= LDFLAGS= ./make.bash
+export GOROOT_BOOTSTRAP="/var/tmp/build/go1.4"
+
+cd $rootdir
+[% IF ! c("var/linux") %]
+  [% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %]
+[% END %]
+
+# Building go
+# http://golang.org/doc/install/source#environment
+tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/go') %]
+export GOROOT="$distdir"
+cd /var/tmp/dist/go/src
+[% IF c("var/linux") -%]
+  ./make.bash
+[% ELSIF c("var/osx") -%]
+  # Create a cc-for-target script that closes over CC, CFLAGS, and LDFLAGS.
+  # Go's CC_FOR_TARGET only allows a command name, not a command with arguments.
+  # https://github.com/golang/go/issues/15457
+  CC_FOR_TARGET="$(pwd)/cc-for-target"
+  echo "#!/bin/sh" > "$CC_FOR_TARGET"
+  echo "exec $CC $CFLAGS $LDFLAGS -std=gnu99 \"\$@\"" >> "$CC_FOR_TARGET"
+  chmod +x "$CC_FOR_TARGET"
+  # http://golang.org/doc/install/source#environment
+  export GOOS=darwin
+  export GOARCH=386
+  # Remove a preprocessor directive that causes problems when building with the 10.7 SDK.
+  # https://github.com/golang/go/issues/17732
+  sed -i -e '/^#cgo CFLAGS:/s/-D__MAC_OS_X_VERSION_MAX_ALLOWED=1060//' crypto/x509/root_cgo_darwin.go
+  CGO_ENABLED=1 CC_FOR_TARGET="$CC_FOR_TARGET" CC= CFLAGS= LDFLAGS= ./make.bash
+[% ELSIF c("var/windows") -%]
+  # Create a cc-for-target script that closes over CC, CFLAGS, and LDFLAGS.
+  # Go's CC_FOR_TARGET only allows a command name, not a command with arguments.
+  # https://github.com/golang/go/issues/15457
+  CC_FOR_TARGET="$(pwd)/cc-for-target"
+  echo "#!/bin/sh" > "$CC_FOR_TARGET"
+  echo "exec i686-w64-mingw32-gcc [% c("var/CFLAGS") %] [% c("var/LDFLAGS") %] \"\$@\"" >> "$CC_FOR_TARGET"
+  chmod +x "$CC_FOR_TARGET"
+  # http://golang.org/doc/install/source#environment
+  export GOOS=windows
+  export GOARCH=386
+  CGO_ENABLED=1 CC_FOR_TARGET="$CC_FOR_TARGET" CC= CFLAGS= LDFLAGS= ./make.bash
+[% END -%]
+
+cd /var/tmp/dist
+[% c('tar', {
+        tar_src => [ project ],
+        tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
+    }) %]
diff --git a/projects/go/config b/projects/go/config
new file mode 100644
index 0000000..a5920f5
--- /dev/null
+++ b/projects/go/config
@@ -0,0 +1,80 @@
+# vim: filetype=yaml sw=2
+version: 1.7.4
+filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+
+var:
+  go14_version: 1.4.3
+
+  setup: |
+    mkdir -p /var/tmp/dist
+    tar -C /var/tmp/dist -xf $rootdir/[% c("go_tarfile") %]
+    export GOOS=[% c("var/GOOS") %]
+    export GOARCH=[% c("var/GOARCH") %]
+    export GOPATH=/var/tmp/dist/gopath
+    export PATH=/var/tmp/dist/go/bin:"$PATH"
+
+  # Template build script for building a go library.
+  # This can be called as projects/go/var/build_go_lib.
+  # You need to define /var/go_lib, and optionaly var/go_lib_install as
+  # a list of install targets.
+  build_go_lib: |
+    #!/bin/bash
+    set -e
+    rootdir=$(pwd)
+    [% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %]
+    distdir=/var/tmp/dist/[% project %]
+    mkdir -p /var/tmp/build
+    tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
+    mkdir -p $(dirname "$GOPATH/src/[% c("var/go_lib") %]")
+    mv /var/tmp/build/[% project %]-[% c('version') %] "$GOPATH/src/[% c("var/go_lib") %]"
+    cd "$GOPATH/src/[% c("var/go_lib") %]"
+    [% IF c("var/go_lib_install") -%]
+      [% FOREACH inst IN c("var/go_lib_install") %]
+        go install [% inst %]
+      [% END %]
+    [% ELSE %]
+      go install [% c("var/go_lib") %]
+    [% END %]
+    cd /var/tmp/dist
+    [% c('tar', {
+            tar_src => [ 'gopath' ],
+            tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
+        }) %]
+
+targets:
+  windows-i686:
+    var:
+      GOOS: windows
+      GOARCH: 386
+  osx-x86_64:
+    var:
+      arch_deps:
+        - libc6-i386
+        - libstdc++6:i386
+      pre_pkginst: dpkg --add-architecture i386
+      compiler: macosx-toolchain-gcc
+      10_7_SDK: 1
+      GOOS: darwin
+      GOARCH: 386
+  linux:
+    var:
+      GOOS: linux
+  linux-x86_64:
+    var:
+      GOARCH: amd64
+  linux-i686:
+    var:
+      GOARCH: 386
+
+input_files:
+  - project: docker-image
+  - name: '[% c("var/compiler") %]'
+    project: '[% c("var/compiler") %]'
+    enable: '[% c("var/windows") || c("var/osx") %]'
+  - URL: 'https://golang.org/dl/go[% c("version") %].src.tar.gz'
+    name: go
+    sha256sum: 4c189111e9ba651a2bb3ee868aa881fab36b2f2da3409e80885ca758a6b614cc
+  - URL: 'https://golang.org/dl/go[% c("var/go14_version") %].src.tar.gz'
+    name: go14
+    sha256sum: 9947fc705b0b841b5938c48b22dc33e9647ec0752bae66e50278df4f23f64959
diff --git a/projects/goptlib/config b/projects/goptlib/config
new file mode 100644
index 0000000..dd520ec
--- /dev/null
+++ b/projects/goptlib/config
@@ -0,0 +1,18 @@
+# vim: filetype=yaml sw=2
+version: 0.5
+git_url: https://git.torproject.org/pluggable-transports/goptlib.git
+git_hash: '[% c("version") %]'
+tag_gpg_id: 1
+gpg_keyring: goptlib.gpg
+filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+
+build: '[% c("projects/go/var/build_go_lib") %]'
+
+var:
+  go_lib: git.torproject.org/pluggable-transports/goptlib.git
+
+input_files:
+  - project: docker-image
+  - name: go
+    project: go
diff --git a/projects/goxcrypto/config b/projects/goxcrypto/config
new file mode 100644
index 0000000..8362f28
--- /dev/null
+++ b/projects/goxcrypto/config
@@ -0,0 +1,24 @@
+# vim: filetype=yaml sw=2
+version: '[% c("abbrev") %]'
+git_url: https://go.googlesource.com/crypto
+git_hash: 4ed45ec682102c643324fae5dff8dab085b6c300
+filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+
+build: '[% c("projects/go/var/build_go_lib") %]'
+
+var:
+  go_lib: golang.org/x/crypto
+  go_lib_install:
+    - golang.org/x/crypto/curve25519
+    - golang.org/x/crypto/hkdf
+    - golang.org/x/crypto/nacl/secretbox
+
+targets:
+  nightly:
+    git_hash: master
+
+input_files:
+  - project: docker-image
+  - name: go
+    project: go
diff --git a/projects/goxnet/config b/projects/goxnet/config
new file mode 100644
index 0000000..507f997
--- /dev/null
+++ b/projects/goxnet/config
@@ -0,0 +1,22 @@
+# vim: filetype=yaml sw=2
+version: '[% c("abbrev") %]'
+git_url: https://go.googlesource.com/net
+git_hash: 7dbad50ab5b31073856416cdcfeb2796d682f844
+filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+
+build: '[% c("projects/go/var/build_go_lib") %]'
+
+var:
+  go_lib: golang.org/x/net
+  go_lib_install:
+    - golang.org/x/net/proxy
+
+targets:
+  nightly:
+    git_hash: master
+
+input_files:
+  - project: docker-image
+  - name: go
+    project: go
diff --git a/projects/meek/build b/projects/meek/build
new file mode 100644
index 0000000..d195e90
--- /dev/null
+++ b/projects/meek/build
@@ -0,0 +1,49 @@
+#!/bin/bash
+set -e
+rootdir=$(pwd)
+[% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %]
+distdir=/var/tmp/dist/[% project %]
+[% IF c("var/osx") %]
+  PTDIR="$distdir/Contents/MacOS/Tor/PluggableTransports"
+  DOCSDIR="$distdir/Contents/Resources/TorBrowser/Docs/meek"
+[% ELSE %]
+  PTDIR="$distdir/TorBrowser/Tor/PluggableTransports"
+  DOCSDIR="$distdir/TorBrowser/Docs/meek"
+[% END %]
+mkdir -p $PTDIR $DOCSDIR
+
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/goptlib') %]
+
+mkdir -p /var/tmp/build
+tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
+cd /var/tmp/build/[% project %]-[% c('version') %]
+
+cd meek-client
+go build -ldflags '-s'
+cp -a meek-client[% IF c("var/windows") %].exe[% END %] $PTDIR
+
+cd ../meek-client-torbrowser
+go build -ldflags '-s'
+cp -a meek-client-torbrowser[% IF c("var/windows") %].exe[% END %] $PTDIR
+
+
+[% IF c("var/windows") %]
+  cd ../terminateprocess-buffer
+  go build -ldflags '-s'
+  cp -a terminateprocess-buffer.exe $PTDIR
+[% END %]
+
+cd ..
+cp -a README doc/* $DOCSDIR
+
+cd firefox
+[% c('zip', {
+     zip_src => [ '.' ],
+     zip_args => '$distdir/meek-http-helper@bamsoftware.com.xpi',
+   }) %]
+
+cd $distdir
+[% c('tar', {
+        tar_src => [ '.' ],
+        tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
+    }) %]
diff --git a/projects/meek/config b/projects/meek/config
new file mode 100644
index 0000000..84ed2bd
--- /dev/null
+++ b/projects/meek/config
@@ -0,0 +1,15 @@
+# vim: filetype=yaml sw=2
+version: 0.25
+git_url: https://git.torproject.org/pluggable-transports/meek.git
+git_hash: '[% c("version") %]'
+tag_gpg_id: 1
+gpg_keyring: meek.gpg
+filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+
+input_files:
+  - project: docker-image
+  - name: go
+    project: go
+  - name: goptlib
+    project: goptlib
diff --git a/projects/obfs4/build b/projects/obfs4/build
new file mode 100644
index 0000000..ff313e9
--- /dev/null
+++ b/projects/obfs4/build
@@ -0,0 +1,34 @@
+#!/bin/bash
+set -e
+rootdir=$(pwd)
+[% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %]
+distdir=/var/tmp/dist/[% project %]
+[% IF c("var/osx") %]
+  PTDIR="$distdir/Contents/MacOS/Tor/PluggableTransports"
+[% ELSE %]
+  PTDIR="$distdir/TorBrowser/Tor/PluggableTransports"
+[% END %]
+mkdir -p $PTDIR
+
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/goptlib') %]
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/ed25519') %]
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/siphash') %]
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/uniuri') %]
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxcrypto') %]
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxnet') %]
+
+mkdir -p /var/tmp/build
+tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
+cd /var/tmp/build/[% project %]-[% c('version') %]
+
+mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports"
+ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/obfs4.git"
+cd obfs4proxy
+go build -ldflags '-s'
+cp -a obfs4proxy[% IF c("var/windows") %].exe[% END %] $PTDIR
+
+cd $distdir
+[% c('tar', {
+        tar_src => [ '.' ],
+        tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
+    }) %]
diff --git a/projects/obfs4/config b/projects/obfs4/config
new file mode 100644
index 0000000..952b054
--- /dev/null
+++ b/projects/obfs4/config
@@ -0,0 +1,30 @@
+# vim: filetype=yaml sw=2
+version: 0.0.5
+git_url: https://git.torproject.org/pluggable-transports/obfs4.git
+git_hash: 'obfs4proxy-[% c("version") %]'
+tag_gpg_id: 1
+gpg_keyring: obfs4.gpg
+filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+
+targets:
+  nightly:
+    git_hash: master
+    tag_gpg_id: 0
+
+input_files:
+  - project: docker-image
+  - name: go
+    project: go
+  - name: goptlib
+    project: goptlib
+  - name: ed25519
+    project: ed25519
+  - name: siphash
+    project: siphash
+  - name: uniuri
+    project: uniuri
+  - name: goxcrypto
+    project: goxcrypto
+  - name: goxnet
+    project: goxnet
diff --git a/projects/siphash/config b/projects/siphash/config
new file mode 100644
index 0000000..0f3f4b5
--- /dev/null
+++ b/projects/siphash/config
@@ -0,0 +1,16 @@
+# vim: filetype=yaml sw=2
+version: '[% c("abbrev") %]'
+git_url: https://github.com/dchest/siphash.git
+git_hash: 42ba037e748c9062a75e0924705c43b893edefcd
+filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+
+build: '[% c("projects/go/var/build_go_lib") %]'
+
+var:
+  go_lib: github.com/dchest/siphash
+
+input_files:
+  - project: docker-image
+  - name: go
+    project: go
diff --git a/projects/tor-browser/build b/projects/tor-browser/build
index a5f9e1d..e25a1d8 100644
--- a/projects/tor-browser/build
+++ b/projects/tor-browser/build
@@ -52,7 +52,9 @@ mv [% c('input_files_by_name/torbutton') %] $TBDIR/$EXTSPATH/torbutton@torprojec
 mv [% c('input_files_by_name/https-everywhere') %] $TBDIR/$EXTSPATH/https-everywhere-eff@eff.org.xpi
 mv [% c('input_files_by_name/noscript') %] $TBDIR/$EXTSPATH/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
 
-# TODO: add meek xpi
+tar -C $TBDIR -xf [% c('input_files_by_name/obfs4') %]
+tar -C $TBDIR -xf [% c('input_files_by_name/meek') %]
+mv $TBDIR/meek-http-helper@bamsoftware.com.xpi $TBDIR/$MEEKPROFILEPATH/extensions/
 
 tar -C $TBDIR[% IF c("var/osx") %]/Contents/Resources[% END %] -xf [% c('input_files_by_name/fonts') %]
 
@@ -105,7 +107,18 @@ tar -C $TBDIR[% IF ! c("var/osx") %]/TorBrowser[% END %] -xf [% c('input_files_b
 cp -a Bundle-Data/Docs $TBDIR/$DOCSPATH
 tar -C Bundle-Data/[% bundledata_osname %] -c . | tar -C $TBDIR[% IF ! c("var/osx") %]/TorBrowser[% END %] -x
 
-# TODO: install pluggable transports here
+cat Bundle-Data/PTConfigs/[% bundledata_osname %]/torrc-defaults-appendix >> $TBDIR/$TORCONFIGPATH/torrc-defaults
+cat Bundle-Data/PTConfigs/bridge_prefs.js >> $TBDIR/$EXTOVERRIDESPATH
+cat Bundle-Data/PTConfigs/meek-http-helper-user.js >> $TBDIR/$MEEKPROFILEPATH/user.js
+
+[% IF c("var/osx") %]
+  pushd $TBDIR
+  # Create the meek-template-sha256sum.txt file by generating a list
+  # of hashes (one for each file within the meek-http-helper profile) and
+  # and then generating one final hash from the contents of the list.
+  sha256sum `find $MEEKPROFILEPATH -type f | sort` | sha256sum | sed -e 's/ *-$//' > $MEEKPROFILEPATH/meek-template-sha256sum.txt
+  popd
+[% END %]
 
 [% IF c("var/multi_lingual") %]
   echo 'pref("extensions.torlauncher.prompt_for_locale", false);' >> $TBDIR/$EXTOVERRIDESPATH
diff --git a/projects/tor-browser/config b/projects/tor-browser/config
index 9ec262b..01463d9 100644
--- a/projects/tor-browser/config
+++ b/projects/tor-browser/config
@@ -42,6 +42,10 @@ input_files:
     name: https-everywhere
   - project: fonts
     name: fonts
+  - project: meek
+    name: meek
+  - project: obfs4
+    name: obfs4
   - filename: Bundle-Data
   - URL: https://addons.cdn.mozilla.net/user-media/addons/722/noscript_security_suite...
     name: noscript
diff --git a/projects/uniuri/config b/projects/uniuri/config
new file mode 100644
index 0000000..62fa8ef
--- /dev/null
+++ b/projects/uniuri/config
@@ -0,0 +1,20 @@
+# vim: filetype=yaml sw=2
+version: '[% c("abbrev") %]'
+git_url: https://github.com/dchest/uniuri
+git_hash: 8902c56451e9b58ff940bbe5fec35d5f9c04584a
+filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+
+build: '[% c("projects/go/var/build_go_lib") %]'
+
+var:
+  go_lib: github.com/dchest/uniuri
+
+targets:
+  nightly:
+    git_hash: master
+
+input_files:
+  - project: docker-image
+  - name: go
+    project: go

    

boklm＠torproject.org

tags

participants (1)