[tbb-commits] [Git][tpo/applications/tor-browser-build][main] Update release prep templates
Richard Pospesel (@richard)
git at gitlab.torproject.org
Thu Dec 8 16:51:27 UTC 2022
Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
9486bc9c by Richard Pospesel at 2022-12-08T16:47:31+00:00
Update release prep templates
- - - - -
2 changed files:
- .gitlab/issue_templates/Release Prep - Alpha.md
- .gitlab/issue_templates/Release Prep - Stable.md
Changes:
=====================================
.gitlab/issue_templates/Release Prep - Alpha.md
=====================================
@@ -28,20 +28,6 @@
- `$(TOR_BROWSER_BRANCH_PREV)` : the full name of the previous tor-browser branch (when rebasing)
</details>
-<details>
- <summary>Desktop</summary>
-
-### **torbutton** : https://gitlab.torproject.org/tpo/applications/torbutton.git
-- [ ] Update translations :
- - [ ] `./import-translations.sh`
- - **NOTE** : if there are no new strings imported then we are done here
- - [ ] Commit with message `Translation updates`
- - **NOTE** : only add files which are already being tracked
- - [ ] ***(Optional)*** Backport to maintenance branch if present and necessary
-- [ ] fixup! `tor-browser`'s `Bug 10760 : Integrate TorButton to TorBrowser core` issue to point to updated `torbutton` commit
-
-</details>
-
<details>
<summary>Android</summary>
@@ -83,6 +69,11 @@
<summary>Shared</summary>
### tor-browser: https://gitlab.torproject.org/tpo/applications/tor-browser.git
+- [ ] ***(Optional)*** Update torbutton translations in `toolkit/torbutton`
+ - [ ] `./import-translations.sh`
+ - **NOTE** : if there are no new strings imported then we are done here
+ - [ ] Commit as `fixup!` to the `Add TorStrings module for localization` commit
+ - **NOTE** : only add files which are already being tracked
- [ ] ***(Optional)*** Backport any Android-specific security fixes from Firefox rapid-release
- [ ] ***(Optional, Chemspill)*** Backport security-fixes to both `tor-browser` and `base-browser` branches
- [ ] ***(Optional)*** Rebase to `$(ESR_VERSION)`
@@ -108,7 +99,7 @@
- [ ] `$(DIFF_TOOL) current_patchset.dif rebased_patchset.deff`
- [ ] Open MR for the rebase
- [ ] Sign/Tag `base-browser` commit:
- - **NOTE** : Currently we are using the `Bug 40926: Implemented the New Identity feature` commit as the dividing line between `base-browser` and `tor-browser`
+ - **NOTE** : Currently we are using the `Bug 40926: Implemented the New Identity feature` commit as the final commit of `base-browser` before `tor-browser`
- Tag : `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-build1`
- Message: `Tagging build1 for $(ESR_VERSION)esr-based alpha`
- [ ] Sign/Tag `tor-browser` commit :
@@ -120,7 +111,7 @@
</details>
<details>
- <summary>Build/Signing/Publishing</summary>
+ <summary>Build</summary>
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches
@@ -195,8 +186,11 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
- [ ] Provide links to unsigned builds on `$(BUILD_SERVER)`
- [ ] Call out any new functionality which needs testing
- [ ] Link to any known issues
-- [ ] Email Tails dev mailing list: tails-dev at boum.org
- - [ ] Provide links to unsigned builds on `$(BUILD_SERVER)`
+
+</details>
+
+<details>
+ <summary>Signing/Publishing</summary>
### signing + publishing
- [ ] Ensure builders have matching builds
@@ -218,7 +212,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
- `cd tor-browser-build/tools/signing/`
- `./macos-signer-proxy`
- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
-- [ ] apk signing : *TODO*
+- [ ] apk signing : copy signed `*multi.apk` files to the unsigned build outputs directory
- [ ] run do-all-signing script:
- `cd tor-browser-build/tools/signing/`
- `./do-all-signing.sh`
@@ -236,7 +230,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
- Select `Tor Browser (Alpha)` app
- Navigate to `Release > Production` and click `Create new release` button
- [ ] Upload the `*.multi.apk` APKs
- - If necessary, update the 'Release Name' (should be automatically populated)
+ - [ ] Update Release Name to Tor Browser version number
- [ ] Update Release Notes
- Next to 'Release notes', click `Copy from a previous release`
- [ ] Edit blog post url to point to most recent blog post
@@ -248,7 +242,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
### website: https://gitlab.torproject.org/tpo/web/tpo.git
- [ ] `databags/versions.ini` : Update the downloads versions
- `torbrowser-stable/version` : sort of a catch-all for latest stable version
- - `torbrowser-stable/win32` : tor version in the expert bundle
+ - `torbrowser-alpha/version` : sort of a catch-all for latest stable version
- `torbrowser-*-stable/version` : platform-specific stable versions
- `torbrowser-*-alpha/version` : platform-specific alpha versions
- `tor-stable`,`tor-alpha` : set by tor devs, do not touch
=====================================
.gitlab/issue_templates/Release Prep - Stable.md
=====================================
@@ -3,18 +3,13 @@
- `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release
- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process
-- `$(TOR_LAUNCHER_VERSION)` : version of `tor-launcher`, used in tags
- - example : `0.2.33`
- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
- example : `91.6.0`
+- `$(RR_VERSION)` : the Mozilla defined Rapid-Release version; Tor Browser for Android is based off of the `$(ESR_VERSION)`, but Mozilla's Firefox for Android is based off of the `$(RR_VERSION)` so we need to keep track of security vulnerabilities to backport from the monthly Rapid-Release train and our frozen ESR train.
+ - example: `103`
- `$(ESR_TAG)` : the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)`
- exmaple : `FIREFOX_91_7_0esr_BUILD2`
- `$(ESR_TAG_PREV)` : the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from)
-- `$(RR_VERSION)` : the Mozilla defined 'Rapid Relese' version, used in various places for building geckoview tags, labels, etc
- - example : `96.0.3`
-- `$(RR_TAG)` : the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)`
- - exmaple : `FIREFOX_96_0_3_RELEASE`
-- `$(RR_TAG_PREV)` : the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from)
- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version
- example : `11`
- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version
@@ -31,46 +26,78 @@
- `$(TOR_BROWSER_BRANCH)` : the full name of tor-browser branch
- typically of the form: `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
- `$(TOR_BROWSER_BRANCH_PREV)` : the full name of the previous tor-browser branch (when rebasing)
-- `$(GECKOVIEW_BRANCH)` : the full name of geckoview branch
- - typically of the form: `tor-browser-$(RR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
-- `$(GECKOVIEW_BRANCH_PREV)` : the full name of the previous geckoview branch (when rebasing)
</details>
<details>
<summary>Desktop</summary>
-### **torbutton** ***(Optional)***: https://gitlab.torproject.org/tpo/applications/torbutton.git
-- [ ] ***(Optional)*** Update translations :
- - **NOTE** We only update strings in stable if a backported feature depends on new strings
+### **torbutton** : https://gitlab.torproject.org/tpo/applications/torbutton.git
+- [ ] Update translations :
- [ ] `./import-translations.sh`
- **NOTE** : if there are no new strings imported then we are done here
- [ ] Commit with message `Translation updates`
- **NOTE** : only add files which are already being tracked
- [ ] fixup! `tor-browser`'s `Bug 10760 : Integrate TorButton to TorBrowser core` issue to point to updated `torbutton` commit
-### **tor-launcher** ***(Optional)***: https://gitlab.torproject.org/tpo/applications/tor-launcher.git
-- [ ] ***(Optional)*** Update translations:
- - **NOTE** We only update strings in stable if a backported feature depends on new strings
- - [ ] ./localization/import-translations.sh
- - [ ] Commit with message `Translation updates`
-- [ ] Update `install.rdf` file with new version
-- [ ] Sign/Tag commit :
- - Tag : `$(TOR_LAUNCHER_VERSION)`
- - Message `Tagging $(TOR_LAUNCHER_VERSION)`
-- [ ] Push `main` and tag to origin
+</details>
+
+<details>
+ <summary>Android</summary>
+
+### ***Security Vulnerabilities Backport*** : https://www.mozilla.org/en-US/security/advisories/
+- **NOTE** : this work may have already occurred in the analogous stable release prep issue
+- [ ] Create tor-browser issue `Backport Android-specific Firefox $(RR_VERSION) to ESR $(ESR_VERSION)-based Tor Browser`
+ - [ ] Link new backport issue to this release prep issue
+- [ ] Go through any `Security Vulnerabilities fixed in Firefox $(RR_VERSION)` (or similar) and create list of CVEs which affect Android that need to be a backported
+ - Potentially Affected Components:
+ - `firefox`
+ - `application-services`
+ - `android-components`
+ - `fenix`
+
+### **application-services** ***(Optional)*** : *TODO: we need to setup a gitlab copy of this repo that we can apply security backports to*
+- [ ] Backport any Android-specific security fixes from Firefox rapid-release
+- [ ] Sign/Tag commit:
+ - Tag : `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
+ - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha`
+- [ ] Push tag to `origin`
+
+### **android-components** ***(Optional)*** : https://gitlab.torproject.org/tpo/applications/android-components.git
+- [ ] Backport any Android-specific security fixes from Firefox rapid-release
+- [ ] Sign/Tag commit:
+ - Tag : `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
+ - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
+- [ ] Push tag to `origin`
+
+### **fenix** ***(Optional)*** : https://gitlab.torproject.org/tpo/applications/fenix.git
+- [ ] Backport any Android-specific security fixes from Firefox rapid-release
+- [ ] Sign/Tag commit:
+ - Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
+ - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
+- [ ] Push tag to `origin`
+
+</details>
+
+<details>
+ <summary>Shared</summary>
### tor-browser: https://gitlab.torproject.org/tpo/applications/tor-browser.git
+- [ ] ***(Optional)*** Backport any Android-specific security fixes from Firefox rapid-release
+- [ ] ***(Optional, Chemspill)*** Backport security-fixes to both `tor-browser` and `base-browser` branches
- [ ] ***(Optional)*** Rebase to `$(ESR_VERSION)`
- - [ ] Find the Firefox hg tag here : https://hg.mozilla.org/releases/mozilla-esr91/tags
+ - [ ] Find the Firefox hg tag here : https://hg.mozilla.org/releases/mozilla-esr102/tags
- [ ] `$(ESR_TAG)` : `<INSERT_TAG_HERE>`
- [ ] Identify the hg patch associated with above hg tag, and find the equivalent `gecko-dev` git commit (search by commit message)
- [ ] `gecko-dev` commit : `<INSERT_COMMIT_HASH_HERE>`
- - [ ] Create new `tor-browser` branch with the discovered `gecko-dev` commit as `HEAD` named `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
- [ ] Sign/Tag commit :
- Tag : `$(ESR_TAG)`
- Message : `Hg tag $(ESR_TAG)`
- - [ ] Push new branch and tag to origin
- - [ ] Rebase `tor-browser` patches
+ - [ ] Create new branches with the discovered `gecko-dev` commit as `HEAD` named:
+ - [ ] `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
+ - [ ] `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
+ - [ ] Push new branches and esr tag to origin
+ - [ ] Rebase `base-browser` patches onto the `gecko-dev` commit
+ - [ ] Rebase `tor-browser` patches onto the `base-browser` branch
- [ ] Compare patch-sets (ensure nothing *weird* happened during rebase):
- [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..$(TOR_BROWSER_BRANCH)`
- [ ] diff of diffs:
@@ -79,150 +106,65 @@
- [ ] `git diff $(ESR_TAG)..$(TOR_BROWSER_BRANCH) > rebased_patchset.diff`
- [ ] `$(DIFF_TOOL) current_patchset.dif rebased_patchset.deff`
- [ ] Open MR for the rebase
-- [ ] ***(Optional)*** Backport any required Alpha patches to Stable
- - [ ] cherry-pick patches on top of rebased branch (issues to backport should have `Backport` label and be linked to the associated `Release Prep` issue)
- - [ ] Close associated `Backport` issues
- - [ ] Open MR for the backport commits
+- [ ] Sign/Tag `base-browser` commit:
+ - **NOTE** : Currently we are using the `Bug 40926: Implemented the New Identity feature` commit as the final commit of `base-browser` before `tor-browser`
+ - Tag : `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-build1`
+ - Message: `Tagging build1 for $(ESR_VERSION)esr-based alpha`
- [ ] Sign/Tag `tor-browser` commit :
- Tag : `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(FIREFOX_BUILD_N)`
- - Message : `Tagging $(FIREFOX_BUILD_N) for $(ESR_VERSION)esr-based (alpha|stable)`
-- [ ] Push tag to `origin`
+ - Message : `Tagging $(FIREFOX_BUILD_N) for $(ESR_VERSION)esr-based alpha`
+- [ ] Push rebased branches and tags to `origin`
+- [ ] Update Gitlab Default Branch to new Alpha branch: https://gitlab.torproject.org/tpo/applications/tor-browser/-/settings/repository
</details>
<details>
- <summary>Android</summary>
-
-### **geckoview**: https://gitlab.torproject.org/tpo/applications/tor-browser.git
-- [ ] ***(Optional)*** Rebase to `$(RR_VERSION)`
- - [ ] Find the Firefox hg tag here : https://hg.mozilla.org/releases/mozilla-release/tags
- - [ ] `$(RR_TAG)` : `<INSERT_TAG_HERE>`
- - [ ] Identify the hg patch associated with above hg tag, and find the equivalent `gecko-dev` git commit (search by commit message)
- - [ ] `gecko-dev` commit : `<INSERT_COMMIT_HASH_HERE>`
- - [ ] Create new `geckoview` branch with the discovered `gecko-dev` commit as `HEAD` named `geckoview-$(RR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1`
- - [ ] Sign/Tag commit :
- - Tag : `$(RR_TAG)`
- - Message : `Hg tag $(RR_TAG)`
- - [ ] Push new branch and tag to origin
- - [ ] Rebase `geckoview` patches
- - [ ] Compare patch-sets (ensure nothing *weird* happened during rebase):
- - [ ] rangediff: `git range-diff $(RR_TAG_PREV)..$(GECKOVIEW_BRANCH_PREV) $(RR_TAG)..$(GECKOVIEW_BRANCH)`
- - [ ] diff of diffs:
- - Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred `$(DIFF_TOOL)` and look at differences on lines that starts with + or -
- - [ ] `git diff $(RR_TAG_PREV)..$(GECKOVIEW_BRANCH_PREV) > current_patchset.diff`
- - [ ] `git diff $(RR_TAG)..$(GECKOVIEW_BRANCH) > rebased_patchset.diff`
- - [ ] `$(DIFF_TOOL) current_patchset.dif rebased_patchset.deff`
- - [ ] Open MR for the rebase
-- [ ] ***(Optional)*** Backport any required patches to Stable
- - [ ] cherry-pick patches on top of rebased branch (issues to backport should have `Backport` label and be linked to the associated `Release Prep` issue)
- - [ ] Close associated `Backport` issues
- - [ ] Open MR for the backport commits
- - [ ] Merge + Push
-- [ ] Sign/Tag `geckoview` commit :
- - Tag : `geckoview-$(RR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(FIREFOX_BUILD_N)`
- - Message : `Tagging $(FIREFOX_BUILD_N) for $(RR_VERSION)-based (alpha|stable)`
-- [ ] Push tag to `origin`
-
-### **tba-translation** ***(Optional)***: https://gitlab.torproject.org/tpo/translation.git
-- **NOTE** We only update strings in stable if a backported feature depends on new strings
-- [ ] Fetch latest and identify new `HEAD` of `fenix-torbrowserstringsxml` branch
- - [ ] `origin/fenix-torbrowserstringsxml` : `<INSERT COMMIT HASH HERE>`
-
-### **tor-android-service** ***(Optional)***: https://gitlab.torproject.org/tpo/applications/tor-android-service.git
-- [ ] Fetch latest and identify new `HEAD` of `main` branch
- - [ ] `origin/main` : `<INSERT COMMIT HASH HERE>`
-
-### **application-services** : *TODO: we need to setup a gitlab copy of this repo that we can apply security backports to*
-- [ ] ***(Optional)*** Backport any Android-specific security fixes from Firefox rapid-release
-- [ ] Sign/Tag commit:
- - Tag : `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based (alpha|stable)`
-- [ ] Push tag to `origin`
-### **android-components** ***(Optional)***: https://gitlab.torproject.org/tpo/applications/android-components.git
-- [ ] ***(Optional)*** Rebase to `$(RR_VERSION)`
- - [ ] Identify the `mozilla-mobile` git tag to start from by first updating `fenix` and then checking which `android-components` tag is used in `buildSrc/src/main/java/AndroidComponents.kt`
- - Alternatively search for commit message like `Update Android-Components`
- - [ ] Create new branch from tag named `android-components-$(RR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1`
- - [ ] Push new branch to origin
- - [ ] Rebase `android-components` patches
- - [ ] Perform rangediff to ensure nothing weird happened resolving conflicts
- - [ ] Open MR for the rebase
- - [ ] Merge + Push
-- [ ] ***(Optional)*** Backport any required patches to Stable
- - [ ] cherry-pick patches on top of rebased branch (issues to backport should have `Backport` label and be linked to the associated `Release Prep` issue)
- - [ ] Close associated `Backport` issues
- - [ ] Open MR for the backport commits
- - [ ] Merge + Push
- [ ] Sign/Tag commit:
- - Tag : `android-components-$(RR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- - Message: `Tagging $(BUILD_N) for $(RR_VERSION)-based (alpha|stable)`
- - [ ] Push tag to origin
-
-### **fenix** ***(Optional)***: https://gitlab.torproject.org/tpo/applications/fenix.git
-- [ ] ***(Optional)*** Rebase to `$(RR_VERSION)`
- - Upstream git repo : https://github.com/mozilla-mobile/fenix.git
- - [ ] Identify the `mozilla-mobile` git tag to start from
- - Seem to be in the form `v$(RR_VERSION)` (for example, `v96.3.0`)
- - [ ] Create new branch from tag named `tor-browser-$(RR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1`
- - **NOTE** : it is weird but we do use `tor-browser` here rather than `fenix`
- - [ ] Push new branch to origin
- - [ ] Rebase `fenix` patches
- - [ ] Perform rangediff to ensure nothing weird happened resolving conflicts
- - [ ] Open MR for the rebase
- - [ ] Merge + Push
-- [ ] ***(Optional)*** Backport any required patches to Stable
- - [ ] cherry-pick patches on top of rebased branch (issues to backport should have `Backport` label and be linked to the associated `Release Prep` issue)
- - [ ] Close associated `Backport` issues
- - [ ] Open MR for the backport commits
- - [ ] Merge + Push
-- [ ] Sign/Tag commit:
- - Tag : `tor-browser-$(RR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- - Message: `Tagging $(BUILD_N) for $(RR_VERSION)-based (alpha|stable)`
-- [ ] Push tag to origin
-
-</details>
-
-<details>
- <summary>Build/Signing/Publishing</summary>
+ <summary>Build</summary>
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
-Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in the various `$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-maint` (and possibly more specific) branches
+Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches
- [ ] Update `rbm.conf`
- [ ] `var/torbrowser_version` : update to next version
- [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)`
- [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from` : update to previous Desktop version
- [ ] **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make incrementals-*` step will fail
-- [ ] ***(Desktop Only)*** Update `projects/firefox/config`
+- [ ] Update `projects/firefox/config`
- [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag
- [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
-- [ ] ***(Android Only)*** Update `projects/geckoview/config`
- - [ ] `git_hash` : update the `$(BUILD_N)` section to match `geckoview` tag
- - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(RR_VERSION)` if rebased
-- [ ] ***(Android Only, Optional)*** Update `projects/tba-translations/config`:
+- [ ] Update `projects/geckoview/config`
+ - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag
+ - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased
+- [ ] Update `projects/translation-base-browser/config`
+ - [ ] `git_hash` : update with `HEAD` commit of project's `base-browser` branch
+- [ ] Update `projects/translation-base-browser-fluent/config`
+ - [ ] `git_hash` : update with `HEAD` commit of project's `basebrowser-newidentityftl` branch
+- [ ] Update `projects/tba-translations/config`:
- [ ] `git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
-- [ ] ***(Android Only, Optional)*** Update `projects/tor-android-service/config`
+- [ ] ***(Optional)*** Update `projects/tor-android-service/config`
- [ ] `git_hash` : update with `HEAD` commit of project's `main` branch
-- [ ] ***(Android Only, Optional)*** Update `projects/application-services/config`:
+- [ ] ***(Optional)*** Update `projects/application-services/config`:
**NOTE** we don't have any of our own patches for this project
- - [ ] `git_hash` : update to appropriate git commit associated with $(RR_VERSION)
-- [ ] ***(Android Only, Optional)*** Update `projects/android-components/config`
- - [ ] `git_hash` : update the `$(BUILD_N)` section to match `android-components` tag
- - [ ] ***(Optional)*** `var/android_components_version` : update to latest `$(RR_VERSION)` if rebased
-- [ ] ***(Android Only, Optional)*** Update `projects/fenix/config`
+ - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)`
+- [ ] Update `projects/android-components/config`:
+ - [ ] `git_hash` : update the `$(BUILD_N)` section to match alpha `android-components` tag
+- [ ] Update `projects/fenix/config`
- [ ] `git_hash` : update the `$(BUILD_N)` section to match `fenix` tag
- - [ ] ***(Optional)*** `var/fenix_version` : update to latest `$(RR_VERSION)` if rebased
-- [ ] ***(Android Only)*** Update allowed_addons.json by running (from `tor-browser-build` root):
- - `./tools/fetch_allowed_addons.py > projects/tor-browser/allowed_addons.json`
+ - [ ] ***(Optional)*** `var/fenix_version` : update to latest `$(ESR_VERSION)` if rebased
+- [ ] Update allowed_addons.json by running (from `tor-browser-build` root):
+ - `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
- [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
- - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/tor-browser/config`
+ - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
- [ ] `URL`
- [ ] `sha256sum`
-- [ ] Check for OpenSSL updates here : https://github.com/openssl/openssl/tags
- - [ ] ***(Optional)*** If new 1.X.Y series tag available, update `projects/openssl/config`
- - [ ] `version` : update to next 1.X.Y release tag
+- [ ] Check for OpenSSL updates here : https://www.openssl.org/source/
+ - [ ] ***(Optional)*** If new 1.X.Y version available, update `projects/openssl/config`
+ - [ ] `version` : update to next 1.X.Y version
- [ ] `input_files/sha256sum` : update to sha256 sum of source tarball
-- [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags ; Tor Browser Alpha uses `-alpha` tagged tor, while stable uses the stable series
+- [ ] Check for zlib updates here: https://github.com/madler/zlib/releases
+ - [ ] **(Optional)** If new tag available, update `projects/zlib/config`
+ - [ ] `version` : update to next release tag
+- [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags ; Tor Browser Alpha uses latest `-alpha` tagged tor (or latest of stable if newer)
- [ ] ***(Optional)*** Update `projects/tor/config`
- [ ] `version` : update to next release tag
- [ ] Check for go updates here : https://golang.org/dl
@@ -244,7 +186,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
- [ ] Ensure ChangeLog.txt is sync'd between alpha and stable branches
- [ ] Open MR with above changes
- [ ] Begin build on `$(BUILD_SERVER)` (and fix any issues which come up)
-- [ ] Sign/Tag commit : `make signtag-(alpha|release)`
+- [ ] Sign/Tag commit : `make signtag-release`
- [ ] Push tag to origin
### notify stakeholders
@@ -255,57 +197,32 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
- [ ] Email Tails dev mailing list: tails-dev at boum.org
- [ ] Provide links to unsigned builds on `$(BUILD_SERVER)`
-### blog: https://gitlab.torproject.org/tpo/web/blog.git
-
-- [ ] Duplicate previous Stable or Alpha release blog post as appropriate to new directory under `content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with info on release :
- - [ ] Update Tor Browser version numbers
- - [ ] Note any ESR rebase
- - [ ] Note any Rapid Release rebase
- - [ ] Link to any Firefox security updates
- - [ ] Note any updates to :
- - [ ] tor
- - [ ] OpenSSL
- - [ ] go
- - [ ] NoScript
- - [ ] Convert ChangeLog.txt to markdown format used here by : `tor-browser-build/tools/changelog-format-blog-post`
-- [ ] Push to origin as new branch, open 'Draft :' MR
-- [ ] Remove `Draft:` from MR once signed-packages are uploaded
-- [ ] Merge
-- [ ] Publish after CI passes
+</details>
-### website: https://gitlab.torproject.org/tpo/web/tpo.git
-- [ ] `databags/versions.ini` : Update the downloads versions
- - `torbrowser-stable/version` : sort of a catch-all for latest stable version
- - `torbrowser-stable/win32` : tor version in the expert bundle
- - `torbrowser-*-stable/version` : platform-specific stable versions
- - `torbrowser-*-alpha/version` : platform-specific alpha versions
- - `tor-stable`,`tor-alpha` : set by tor devs, do not touch
-- [ ] Push to origin as new branch, open 'Draft :' MR
-- [ ] Remove `Draft:` from MR once signed-packages are uploaded
-- [ ] Merge
-- [ ] Publish after CI passes
+<details>
+ <summary>Signing/Publishing</summary>
### signing + publishing
- [ ] Ensure builders have matching builds
- [ ] On `$(STAGING_SERVER)`, ensure updated:
- [ ] `tor-browser-build/tools/signing/set-config`
- - [ ] `NSS_DB_DIR` : location of the `nssdb7` directory
+ - `NSS_DB_DIR` : location of the `nssdb7` directory
- [ ] `tor-browser-build/tools/signing/set-config.hosts`
- - [ ] `ssh_host_builder` : ssh hostname of machine with unsigned builds
+ - `ssh_host_builder` : ssh hostname of machine with unsigned builds
- **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
- - [ ] `ssh_host_linux_signer` : ssh hostname of linux signing machine
- - [ ] `ssh_host_macos_signer` : ssh hostname of macOS signing machine
+ - `ssh_host_linux_signer` : ssh hostname of linux signing machine
+ - `ssh_host_macos_signer` : ssh hostname of macOS signing machine
- [ ] `tor-browser-build/tools/signing/set-config.macos-notarization`
- - [ ] `macos_notarization_user` : the email login for a tor notariser Apple Developer account
+ - `macos_notarization_user` : the email login for a tor notariser Apple Developer account
- [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
- - [ ] `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
- - [ ] `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
- - [ ] `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases
+ - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
+ - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
+ - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases
- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run the macOS proxy script:
- `cd tor-browser-build/tools/signing/`
- `./macos-signer-proxy`
- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
-- [ ] ***(Android Only)*** APK Signing: *TODO*
+- [ ] apk signing : copy signed `*multi.apk` files to the unsigned build outputs directory
- [ ] run do-all-signing script:
- `cd tor-browser-build/tools/signing/`
- `./do-all-signing.sh`
@@ -317,23 +234,51 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in
- [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
- [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
- [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
- - [ ] Enable update responses :
- - [ ] alpha: `./deploy_update_responses-alpha.sh`
- - [ ] release: `./deploy_update_responses-release.sh`
-- [ ] ***(Android Only)*** : Publish APKs to Google Play:
- - [ ] Log into https://play.google.com/apps/publish
- - [ ] Select `Tor Browser` app
- - [ ] Navigate to `Release > Production` and click `Create new release` button
+ - [ ] Enable update responses : `./deploy_update_responses-alpha.sh`
+- [ ] Publish APKs to Google Play:
+ - Log into https://play.google.com/apps/publish
+ - Select `Tor Browser (Alpha)` app
+ - Navigate to `Release > Production` and click `Create new release` button
- [ ] Upload the `*.multi.apk` APKs
- - [ ] If necessary, update the 'Release Name' (should be automatically populated)
+ - [ ] Update Release Name to Tor Browser version number
- [ ] Update Release Notes
- - [ ] Next to 'Release notes', click `Copy from a previous release`
+ - Next to 'Release notes', click `Copy from a previous release`
- [ ] Edit blog post url to point to most recent blog post
- - [ ] Save, review, and configure rollout percentage
+ - Save, review, and configure rollout percentage
- [ ] 25% rollout when publishing a scheduled update
- [ ] 100% rollout when publishing a security-driven release
- [ ] Update rollout percentage to 100% after confirmed no major issues
+### website: https://gitlab.torproject.org/tpo/web/tpo.git
+- [ ] `databags/versions.ini` : Update the downloads versions
+ - `torbrowser-stable/version` : sort of a catch-all for latest stable version
+ - `torbrowser-alpha/version` : sort of a catch-all for latest stable version
+ - `torbrowser-*-stable/version` : platform-specific stable versions
+ - `torbrowser-*-alpha/version` : platform-specific alpha versions
+ - `tor-stable`,`tor-alpha` : set by tor devs, do not touch
+- [ ] Push to origin as new branch, open 'Draft :' MR
+- [ ] Remove `Draft:` from MR once signed-packages are uploaded
+- [ ] Merge
+- [ ] Publish after CI passes and builds are published
+
+### blog: https://gitlab.torproject.org/tpo/web/blog.git
+
+- [ ] Duplicate previous Stable or Alpha release blog post as appropriate to new directory under `content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with info on release :
+ - [ ] Update Tor Browser version numbers
+ - [ ] Note any ESR rebase
+ - [ ] Link to any Firefox security updates from ESR upgrade
+ - [ ] Link to any Android-specific security backports
+ - [ ] Note any updates to :
+ - tor
+ - OpenSSL
+ - NoScript
+ - [ ] Convert ChangeLog.txt to markdown format used here by :
+ - `tor-browser-build/tools/changelog-format-blog-post`
+- [ ] Push to origin as new branch, open `Draft:` MR
+- [ ] Remove `Draft:` from MR once signed-packages are uploaded
+- [ ] Merge
+- [ ] Publish after CI passes and website has been updated
+
### tor-announce mailing list
- [ ] Send an email to tor-announce at lists.torproject.org, using the same content as the blog post and subject "Tor Browser $version is released".
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9486bc9c53018edf5ed99c67c8b0d54783c67d19
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9486bc9c53018edf5ed99c67c8b0d54783c67d19
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20221208/80e0a469/attachment-0001.htm>
More information about the tbb-commits
mailing list