[tor-commits] [tor-browser-bundle/master] Bug 12903: Integrate obfs4proxy into Tor Browser.
mikeperry at torproject.org
mikeperry at torproject.org
Tue Oct 28 22:52:06 UTC 2014
commit bb6389fbe7aa9539c4dce2aba0659e61ae8a376a
Author: Georg Koppen <gk at torproject.org>
Date: Mon Oct 13 11:42:46 2014 +0000
Bug 12903: Integrate obfs4proxy into Tor Browser.
We start shipping obfs4proxy in Tor Browser nightlies and the alpha
series.
---
.../Docs/Licenses/PluggableTransports/LICENSE | 77 +++++++++++++++++---
Bundle-Data/PTConfigs/bridge_prefs.js | 4 +
.../PTConfigs/linux/torrc-defaults-appendix | 6 +-
Bundle-Data/PTConfigs/mac/torrc-defaults-appendix | 5 +-
.../PTConfigs/windows/torrc-defaults-appendix | 5 +-
.../linux/gitian-pluggable-transports.yml | 54 ++++++++++++++
.../mac/gitian-pluggable-transports.yml | 54 ++++++++++++++
.../windows/gitian-pluggable-transports.yml | 54 ++++++++++++++
gitian/fetch-inputs.sh | 17 ++++-
gitian/gpg/obfs4proxy.gpg | Bin 0 -> 34128 bytes
gitian/mkbundle-linux.sh | 3 +-
gitian/mkbundle-mac.sh | 3 +-
gitian/mkbundle-windows.sh | 3 +-
gitian/verify-tags.sh | 5 +-
gitian/versions.alpha | 9 +++
gitian/versions.nightly | 9 +++
16 files changed, 291 insertions(+), 17 deletions(-)
diff --git a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE
index 749986b..c6efd2c 100644
--- a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE
+++ b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE
@@ -13,15 +13,6 @@ file LICENSE.PYTHON.
===============================================================================
-Go
-
-Some pluggable transports are written in Go and the binary packages include
-parts of the Go runtime library. A copy of the Go license (which itself
-includes the licenses of some of Go's components) is included in the file
-LICENSE.GO.
-
-===============================================================================
-
OpenSSL
(From http://openssl.org/source/license.html.)
@@ -447,3 +438,71 @@ To the extent possible under law, the authors have dedicated all
copyright and related and neighboring rights to this software to the
public domain worldwide. This software is distributed without any
warranty. See LICENSE.CC0.
+
+===============================================================================
+
+obfs4
+
+Copyright (c) 2014, Yawning Angel <yawning at torproject dot org>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+===============================================================================
+
+go.net
+
+Copyright 2009 The Go Authors. All rights reserved.
+Use of this source code is governed by a BSD-style
+license that can be found in the LICENSE file.
+
+For details about the Go License, please see LICENSE.GO.
+
+===============================================================================
+
+go.crypto
+
+Copyright 2009 The Go Authors. All rights reserved.
+Use of this source code is governed by a BSD-style
+license that can be found in the LICENSE file.
+
+For details about the Go License, please see LICENSE.GO.
+
+===============================================================================
+
+agl/ed25519
+
+Copyright 2013 The Go Authors. All rights reserved.
+Use of this source code is governed by a BSD-style
+license that can be found in the LICENSE file.
+
+For details about the Go License, please see LICENSE.GO.
+
+===============================================================================
+
+dchest/siphash
+
+To the extent possible under law, the authors have dedicated all
+copyright and related and neighboring rights to this software to the
+public domain worldwide. This software is distributed without any
+warranty. See LICENSE.CC0.
diff --git a/Bundle-Data/PTConfigs/bridge_prefs.js b/Bundle-Data/PTConfigs/bridge_prefs.js
index d9c2049..7684fec 100644
--- a/Bundle-Data/PTConfigs/bridge_prefs.js
+++ b/Bundle-Data/PTConfigs/bridge_prefs.js
@@ -30,6 +30,10 @@ pref("extensions.torlauncher.default_bridge.scramblesuit.1", "scramblesuit 188.4
pref("extensions.torlauncher.default_bridge.scramblesuit.2", "scramblesuit 188.226.213.208:54278 AA5A86C1490296EF4FACA946CC5A182FCD1C5B1E password=MD2VRP7WXAMSG7MKIGMHI4CB4BMSNO7T");
pref("extensions.torlauncher.default_bridge.scramblesuit.3", "scramblesuit 83.212.101.3:443 A09D536DD1752D542E1FBB3C9CE4449D51298239 password=XTCXLG2JAMJKZW2POLBAOWOQETQSMASH");
+pref("extensions.torlauncher.default_bridge.obfs4.1", "obfs4 178.209.52.110:443 67E72FF33D7D41BF11C569646A0A7B4B188340DF cert=Z+cv8z19Qb8RxWlkagp7SxiDQN++b7D2Tntowhf+j4D15/kLuj3EoSSGvuREGPc3h60Ofw iat-mode=0");
+pref("extensions.torlauncher.default_bridge.obfs4.2", "obfs4 83.212.101.3:41213 A09D536DD1752D542E1FBB3C9CE4449D51298239 cert=lPRQ/MXdD1t5SRZ9MquYQNT9m5DV757jtdXdlePmRCudUU9CFUOX1Tm7/meFSyPOsud7Cw iat-mode=0");
+pref("extensions.torlauncher.default_bridge.obfs4.3", "obfs4 104.131.108.182:56880 EF577C30B9F788B0E1801CF7E433B3B77792B77A cert=0SFhfDQrKjUJP8Qq6wrwSICEPf3Vl/nJRsYxWbg3QRoSqhl2EB78MPS2lQxbXY4EW1wwXA iat-mode=0");
+
pref("extensions.torlauncher.default_bridge.meek-google.1", "meek 0.0.2.0:1 url=https://meek-reflect.appspot.com/ front=www.google.com");
pref("extensions.torlauncher.default_bridge.meek-amazon.1", "meek 0.0.2.0:2 url=https://d2zfqthxsdq309.cloudfront.net/ front=a0.awsstatic.com");
pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek 0.0.2.0:3 url=https://az668014.vo.msecnd.net/ front=ajax.aspnetcdn.com");
diff --git a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
index d019d19..50e03fd 100644
--- a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
+++ b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
@@ -2,7 +2,11 @@
ClientTransportPlugin fte exec ./TorBrowser/Tor/PluggableTransports/fteproxy.bin --managed
## obfsproxy configuration
-ClientTransportPlugin obfs2,obfs3,scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfsproxy.bin managed
+ClientTransportPlugin scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfsproxy.bin managed
+
+## obfs4proxy configuration
+ClientTransportPlugin obfs2,obfs3,obfs4 exec ./TorBrowser/Tor/PluggableTransports/obfs4proxy
+
## flash proxy configuration
#
# Change the second number here (9000) to the number of a port that can
diff --git a/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix b/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix
index d6ec189..604098f 100644
--- a/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix
+++ b/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix
@@ -2,7 +2,10 @@
ClientTransportPlugin fte exec PluggableTransports/fteproxy.bin --managed
## obfsproxy configuration
-ClientTransportPlugin obfs2,obfs3,scramblesuit exec PluggableTransports/obfsproxy.bin managed
+ClientTransportPlugin scramblesuit exec PluggableTransports/obfsproxy.bin managed
+
+## obfs4proxy configuration
+ClientTransportPlugin obfs2,obfs3,obfs4 exec PluggableTransports/obfs4proxy
## flash proxy configuration
#
diff --git a/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix b/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix
index f1b103d..d92d201 100644
--- a/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix
+++ b/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix
@@ -2,7 +2,10 @@
ClientTransportPlugin fte exec TorBrowser\Tor\PluggableTransports\fteproxy --managed
## obfsproxy configuration
-ClientTransportPlugin obfs2,obfs3,scramblesuit exec TorBrowser\Tor\PluggableTransports\obfsproxy managed
+ClientTransportPlugin scramblesuit exec TorBrowser\Tor\PluggableTransports\obfsproxy managed
+
+## obfs4proxy configuration
+ClientTransportPlugin obfs2,obfs3,obfs4 exec TorBrowser\Tor\PluggableTransports\obfs4proxy
## flash proxy configuration
#
diff --git a/gitian/descriptors/linux/gitian-pluggable-transports.yml b/gitian/descriptors/linux/gitian-pluggable-transports.yml
index 7e23ec5..daa1225 100644
--- a/gitian/descriptors/linux/gitian-pluggable-transports.yml
+++ b/gitian/descriptors/linux/gitian-pluggable-transports.yml
@@ -32,6 +32,12 @@ remotes:
"dir": "goptlib"
- "url": "https://git.torproject.org/pluggable-transports/meek.git"
"dir": "meek"
+- "url": "https://github.com/agl/ed25519.git"
+ "dir": "ed25519"
+- "url": "https://github.com/dchest/siphash.git"
+ "dir": "siphash"
+- "url": "https://git.torproject.org/pluggable-transports/obfs4.git"
+ "dir": "obfs4"
files:
- "pycrypto.tar.gz"
- "argparse.tar.gz"
@@ -46,6 +52,8 @@ files:
- "gmp-linux64-utils.zip"
- "openssl-linux32-utils.zip"
- "openssl-linux64-utils.zip"
+- "go.crypto.tar.bz2"
+- "go.net.tar.bz2"
script: |
INSTDIR="$HOME/install"
PTDIR="$INSTDIR/Tor/PluggableTransports"
@@ -217,6 +225,52 @@ script: |
cp -a README doc/*.1 $INSTDIR/Docs/meek
cd ..
+ # Building go ed25519
+ cd ed25519
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/github.com/agl/"
+ ln -sf "$PWD" "$GOPATH/src/github.com/agl/ed25519"
+ go install github.com/agl/ed25519/extra25519
+ cd ..
+
+ # Building go siphash
+ cd siphash
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/github.com/dchest/"
+ ln -sf "$PWD" "$GOPATH/src/github.com/dchest/siphash"
+ go install github.com/dchest/siphash
+ cd ..
+
+ # Building go.crypto
+ tar xjf go.crypto.tar.bz2
+ cd go.crypto
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/code.google.com/p/"
+ ln -sf "$PWD" "$GOPATH/src/code.google.com/p/go.crypto"
+ go install code.google.com/p/go.crypto/curve25519
+ go install code.google.com/p/go.crypto/hkdf
+ go install code.google.com/p/go.crypto/nacl/secretbox
+ cd ..
+
+ # Building go.net
+ tar xjf go.net.tar.bz2
+ cd go.net
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/code.google.com/p/"
+ ln -sf "$PWD" "$GOPATH/src/code.google.com/p/go.net"
+ go install code.google.com/p/go.net/proxy
+ cd ..
+
+ # Building obfs4proxy
+ cd obfs4
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports"
+ ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/obfs4.git"
+ cd obfs4proxy
+ go build -ldflags '-s'
+ cp -a obfs4proxy $PTDIR
+ cd ../..
+
# Grabbing the results
cd $INSTDIR
~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-gbuilt.zip Tor/ Docs/
diff --git a/gitian/descriptors/mac/gitian-pluggable-transports.yml b/gitian/descriptors/mac/gitian-pluggable-transports.yml
index 33df49f..4c25f07 100644
--- a/gitian/descriptors/mac/gitian-pluggable-transports.yml
+++ b/gitian/descriptors/mac/gitian-pluggable-transports.yml
@@ -30,6 +30,12 @@ remotes:
"dir": "goptlib"
- "url": "https://git.torproject.org/pluggable-transports/meek.git"
"dir": "meek"
+- "url": "https://github.com/agl/ed25519.git"
+ "dir": "ed25519"
+- "url": "https://github.com/dchest/siphash.git"
+ "dir": "siphash"
+- "url": "https://git.torproject.org/pluggable-transports/obfs4.git"
+ "dir": "obfs4"
files:
- "pycrypto.tar.gz"
- "argparse.tar.gz"
@@ -44,6 +50,8 @@ files:
- "dzip.sh"
- "gmp-mac32-utils.zip"
- "openssl-mac32-utils.zip"
+- "go.crypto.tar.bz2"
+- "go.net.tar.bz2"
script: |
INSTDIR="$HOME/install"
TBDIR="$INSTDIR/TorBrowserBundle.app/TorBrowser"
@@ -245,6 +253,52 @@ script: |
cp -a README doc/*.1 $TBDIR/Docs/meek
cd ..
+ # Building go ed25519
+ cd ed25519
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/github.com/agl/"
+ ln -sf "$PWD" "$GOPATH/src/github.com/agl/ed25519"
+ go install github.com/agl/ed25519/extra25519
+ cd ..
+
+ # Building go siphash
+ cd siphash
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/github.com/dchest/"
+ ln -sf "$PWD" "$GOPATH/src/github.com/dchest/siphash"
+ go install github.com/dchest/siphash
+ cd ..
+
+ # Building go.crypto
+ tar xjf go.crypto.tar.bz2
+ cd go.crypto
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/code.google.com/p/"
+ ln -sf "$PWD" "$GOPATH/src/code.google.com/p/go.crypto"
+ go install code.google.com/p/go.crypto/curve25519
+ go install code.google.com/p/go.crypto/hkdf
+ go install code.google.com/p/go.crypto/nacl/secretbox
+ cd ..
+
+ # Building go.net
+ tar xjf go.net.tar.bz2
+ cd go.net
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/code.google.com/p/"
+ ln -sf "$PWD" "$GOPATH/src/code.google.com/p/go.net"
+ go install code.google.com/p/go.net/proxy
+ cd ..
+
+ # Building obfs4proxy
+ cd obfs4
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports"
+ ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/obfs4.git"
+ cd obfs4proxy
+ go build -ldflags '-s'
+ cp -a obfs4proxy $PTDIR
+ cd ../..
+
# Grabbing the result
cd $INSTDIR
~/build/dzip.sh pluggable-transports-mac$GBUILD_BITS-gbuilt.zip TorBrowserBundle.app
diff --git a/gitian/descriptors/windows/gitian-pluggable-transports.yml b/gitian/descriptors/windows/gitian-pluggable-transports.yml
index 6a6301d..bd3189b 100644
--- a/gitian/descriptors/windows/gitian-pluggable-transports.yml
+++ b/gitian/descriptors/windows/gitian-pluggable-transports.yml
@@ -29,6 +29,12 @@ remotes:
"dir": "goptlib"
- "url": "https://git.torproject.org/pluggable-transports/meek.git"
"dir": "meek"
+- "url": "https://github.com/agl/ed25519.git"
+ "dir": "ed25519"
+- "url": "https://github.com/dchest/siphash.git"
+ "dir": "siphash"
+- "url": "https://git.torproject.org/pluggable-transports/obfs4.git"
+ "dir": "obfs4"
files:
- "setuptools.tar.gz"
- "pycrypto.tar.gz"
@@ -49,6 +55,8 @@ files:
- "openssl-win32-utils.zip"
- "gmp-win32-utils.zip"
- "gcclibs-win32-utils.zip"
+- "go.crypto.tar.bz2"
+- "go.net.tar.bz2"
script: |
# Set the timestamp on every .pyc file in a zip file, and re-dzip the zip file.
function py2exe_zip_timestomp {
@@ -323,6 +331,52 @@ script: |
cp -a README doc/*.1.txt $INSTDIR/Docs/meek
cd ..
+ # Building go ed25519
+ cd ed25519
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/github.com/agl/"
+ ln -sf "$PWD" "$GOPATH/src/github.com/agl/ed25519"
+ go install github.com/agl/ed25519/extra25519
+ cd ..
+
+ # Building go siphash
+ cd siphash
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/github.com/dchest/"
+ ln -sf "$PWD" "$GOPATH/src/github.com/dchest/siphash"
+ go install github.com/dchest/siphash
+ cd ..
+
+ # Building go.crypto
+ tar xjf go.crypto.tar.bz2
+ cd go.crypto
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/code.google.com/p/"
+ ln -sf "$PWD" "$GOPATH/src/code.google.com/p/go.crypto"
+ go install code.google.com/p/go.crypto/curve25519
+ go install code.google.com/p/go.crypto/hkdf
+ go install code.google.com/p/go.crypto/nacl/secretbox
+ cd ..
+
+ # Building go.net
+ tar xjf go.net.tar.bz2
+ cd go.net
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/code.google.com/p/"
+ ln -sf "$PWD" "$GOPATH/src/code.google.com/p/go.net"
+ go install code.google.com/p/go.net/proxy
+ cd ..
+
+ # Building obfs4proxy
+ cd obfs4
+ find -type f | xargs touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports"
+ ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/obfs4.git"
+ cd obfs4proxy
+ go build -ldflags '-s'
+ cp -a obfs4proxy.exe $PTDIR
+ cd ../..
+
# http://bugs.winehq.org/show_bug.cgi?id=3591
cp -a $INSTDIR/python/python27.dll $PTDIR/
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index ef4dbf7..049824a 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -6,6 +6,7 @@
MIRROR_URL=https://people.torproject.org/~mikeperry/mirrors/sources/
MIRROR_URL_DCF=https://people.torproject.org/~dcf/mirrors/sources/
MIRROR_URL_ASN=https://people.torproject.org/~asn/mirrors/sources/
+MIRROR_URL_YAWNING=https://people.torproject.org/~yawning/mirrors/sources/
set -e
set -u
umask 0022
@@ -179,6 +180,15 @@ do
get "${!PACKAGE}" "${!URL}"
done
+# XXX/Yawning. As far as I can tell, this gitian thing doesn't support
+# fetching from hg repositories.
+for i in GOCRYPTO GONET
+do
+ PACKAGE="${i}_PACKAGE"
+ URL="${MIRROR_URL_YAWNING}${!PACKAGE}"
+ get "${!PACKAGE}" "${MIRROR_URL_YAWNING}${!PACKAGE}"
+done
+
# Verify packages with weak or no signatures via multipath downloads
# (OpenSSL is signed with MD5, and OSXSDK is not signed at all)
# XXX: Google won't allow wget -N.. We need to re-download the whole
@@ -208,7 +218,7 @@ wget -U "" -N ${HTTPSE_URL}
# Verify packages with weak or no signatures via direct sha256 check
# (OpenSSL is signed with MD5, and OSXSDK is not signed at all)
-for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO GCC
+for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO GCC GOCRYPTO GONET
do
PACKAGE="${i}_PACKAGE"
HASH="${i}_HASH"
@@ -262,6 +272,8 @@ ln -sf "$GMP_PACKAGE" gmp.tar.bz2
ln -sf "$LXML_PACKAGE" lxml.tar.gz
ln -sf "$PARSLEY_PACKAGE" parsley.tar.gz
ln -sf "$GO_PACKAGE" go.tar.gz
+ln -sf "$GONET_PACKAGE" go.net.tar.bz2
+ln -sf "$GOCRYPTO_PACKAGE" go.crypto.tar.bz2
# Fetch latest gitian-builder itself
# XXX - this is broken if a non-standard inputs dir is selected using the command line flag.
@@ -295,6 +307,9 @@ txsocksx https://github.com/habnabit/txsocksx.git $TXSOCKSX_TAG
goptlib https://git.torproject.org/pluggable-transports/goptlib.git $GOPTLIB_TAG
meek https://git.torproject.org/pluggable-transports/meek.git $MEEK_TAG
faketime https://github.com/wolfcw/libfaketime $FAKETIME_TAG
+ed25519 https://github.com/agl/ed25519.git $GOED25519_TAG
+siphash https://github.com/dchest/siphash.git $GOSIPHASH_TAG
+obfs4 https://git.torproject.org/pluggable-transports/obfs4.git $OBFS4_TAG
EOF
exit 0
diff --git a/gitian/gpg/obfs4proxy.gpg b/gitian/gpg/obfs4proxy.gpg
new file mode 100644
index 0000000..b9c490a
Binary files /dev/null and b/gitian/gpg/obfs4proxy.gpg differ
diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh
index 8321ffe..45f4f9b 100755
--- a/gitian/mkbundle-linux.sh
+++ b/gitian/mkbundle-linux.sh
@@ -94,6 +94,7 @@ then
PYPTLIB_TAG=refs/tags/$PYPTLIB_TAG
OBFSPROXY_TAG=refs/tags/$OBFSPROXY_TAG
FLASHPROXY_TAG=refs/tags/$FLASHPROXY_TAG
+ OBFS4_TAG=refs/tags/$OBFS4_TAG
fi
cd $GITIAN_DIR
@@ -221,7 +222,7 @@ then
echo "****** Starting Pluggable Transports Component of Linux Bundle (4/5 for Linux) ******"
echo
- ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml
+ ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG,ed25519=$GOED25519_TAG,siphash=$GOSIPHASH_TAG,obfs4=$OBFS4_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml
if [ $? -ne 0 ];
then
#mv var/build.log ./pluggable-transports-fail-linux.log.`date +%Y%m%d%H%M%S`
diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh
index 9c5d99b..807319b 100755
--- a/gitian/mkbundle-mac.sh
+++ b/gitian/mkbundle-mac.sh
@@ -99,6 +99,7 @@ then
PYPTLIB_TAG=refs/tags/$PYPTLIB_TAG
OBFSPROXY_TAG=refs/tags/$OBFSPROXY_TAG
FLASHPROXY_TAG=refs/tags/$FLASHPROXY_TAG
+ OBFS4_TAG=refs/tags/$OBFS4_TAG
fi
cd $GITIAN_DIR
@@ -187,7 +188,7 @@ then
echo "****** Starting Pluggable Transports Component of Mac Bundle (4/5 for Mac) ******"
echo
- ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/mac/gitian-pluggable-transports.yml
+ ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG,ed25519=$GOED25519_TAG,siphash=$GOSIPHASH_TAG,obfs4=$OBFS4_TAG $DESCRIPTOR_DIR/mac/gitian-pluggable-transports.yml
if [ $? -ne 0 ];
then
#mv var/build.log ./firefox-fail-mac.log.`date +%Y%m%d%H%M%S`
diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh
index 7600e07..38d1eff 100755
--- a/gitian/mkbundle-windows.sh
+++ b/gitian/mkbundle-windows.sh
@@ -92,6 +92,7 @@ then
PYPTLIB_TAG=refs/tags/$PYPTLIB_TAG
OBFSPROXY_TAG=refs/tags/$OBFSPROXY_TAG
FLASHPROXY_TAG=refs/tags/$FLASHPROXY_TAG
+ OBFS4_TAG=refs/tags/$OBFS4_TAG
fi
cd $GITIAN_DIR
@@ -190,7 +191,7 @@ then
echo "****** Starting Pluggable Transports Component of Windows Bundle (4/5 for Windows) ******"
echo
- ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/windows/gitian-pluggable-transports.yml
+ ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG,ed25519=$GOED25519_TAG,siphash=$GOSIPHASH_TAG,obfs4=$OBFS4_TAG $DESCRIPTOR_DIR/windows/gitian-pluggable-transports.yml
if [ $? -ne 0 ];
then
#mv var/build.log ./pluggable-transports-fail-win32.log.`date +%Y%m%d%H%M%S`
diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh
index b7a89f1..09454bb 100755
--- a/gitian/verify-tags.sh
+++ b/gitian/verify-tags.sh
@@ -101,6 +101,7 @@ obfsproxy obfsproxy.gpg $OBFSPROXY_TAG
flashproxy flashproxy.gpg $FLASHPROXY_TAG
goptlib goptlib.gpg $GOPTLIB_TAG
meek meek.gpg $MEEK_TAG
+obfs4 obfs4proxy.gpg $OBFS4_TAG
EOF
#https-everywhere https-everywhere.gpg $HTTPSE_TAG
@@ -113,6 +114,8 @@ libfte $LIBFTE_TAG
fteproxy $FTEPROXY_TAG
txsocksx $TXSOCKSX_TAG
faketime $FAKETIME_TAG
+ed25519 $GOED25519_TAG
+siphash $GOSIPHASH_TAG
EOF
# Verify signatures on signed packages
@@ -136,7 +139,7 @@ done
# Verify packages with weak or no signatures via direct sha256 check
# (OpenSSL is signed with MD5, and OSXSDK is not signed at all)
-for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO GCC
+for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO GCC GOCRYPTO GONET
do
PACKAGE="${i}_PACKAGE"
HASH="${i}_HASH"
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index e17b071..0912b5d 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -27,6 +27,9 @@ TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0
GOPTLIB_TAG=0.2
MEEK_TAG=0.11
FAKETIME_TAG=70aa6b394d9341522dffe8a5a5cf5929e82cc6b9 # unsigned v0.9.6
+GOED25519_TAG=c4161f4c7483313562781c61b9a20aba73daf9de
+GOSIPHASH_TAG=42ba037e748c9062a75e0924705c43b893edefcd
+OBFS4_TAG=obfs4proxy-0.0.3
GITIAN_TAG=tor-browser-builder-3.x-7
@@ -74,6 +77,8 @@ SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz
LXML_PACKAGE=lxml-${LXML_VER}.tar.gz
PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz
GO_PACKAGE=go${GO_VER}.src.tar.gz
+GOCRYPTO_PACKAGE=go.crypto-5478be1963aa.tar.bz2
+GONET_PACKAGE=go.net-9c0f9daaa74b.tar.bz2
# Hashes for packages with weak sigs or no sigs
OPENSSL_HASH=3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7
@@ -94,6 +99,8 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c
SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39
PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23
GO_HASH=1bb6fde89cfe8b9756a875af55d994cce0994861227b5dc0f268c143d91cd5ff
+GOCRYPTO_HASH=a8e301714f5724999321f0397b867a5670a5e5c4f808ba157bdd93ee0d028827
+GONET_HASH=1812fec55256e1a6fe546111cc658520b80972f38826c94ec11ef24315d32353
## Non-git package URLs
OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE}
@@ -119,3 +126,5 @@ SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUPTOOLS
LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE}
PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PACKAGE}
GO_URL=http://golang.org/dl/${GO_PACKAGE}
+GOCRYPTO_URL=https://people.torproject.org/~yawning/mirrors/sources/${GOCRYPTO_PACKAGE}
+GONET_URL=https://people.torproject.org/~yawning/mirrors/sources/${GONET_PACKAGE}
diff --git a/gitian/versions.nightly b/gitian/versions.nightly
index 5541ded..3867629 100755
--- a/gitian/versions.nightly
+++ b/gitian/versions.nightly
@@ -28,6 +28,9 @@ TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0
GOPTLIB_TAG=master
MEEK_TAG=master
FAKETIME_TAG=70aa6b394d9341522dffe8a5a5cf5929e82cc6b9 # unsigned v0.9.6
+GOED25519_TAG=c4161f4c7483313562781c61b9a20aba73daf9de
+GOSIPHASH_TAG=42ba037e748c9062a75e0924705c43b893edefcd
+OBFS4_TAG=master
GITIAN_TAG=tor-browser-builder-3.x-7
@@ -75,6 +78,8 @@ SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz
LXML_PACKAGE=lxml-${LXML_VER}.tar.gz
PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz
GO_PACKAGE=go${GO_VER}.src.tar.gz
+GOCRYPTO_PACKAGE=go.crypto-5478be1963aa.tar.bz2
+GONET_PACKAGE=go.net-9c0f9daaa74b.tar.bz2
# Hashes for packages with weak sigs or no sigs
OPENSSL_HASH=3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7
@@ -95,6 +100,8 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c
SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39
PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23
GO_HASH=1bb6fde89cfe8b9756a875af55d994cce0994861227b5dc0f268c143d91cd5ff
+GOCRYPTO_HASH=a8e301714f5724999321f0397b867a5670a5e5c4f808ba157bdd93ee0d028827
+GONET_HASH=1812fec55256e1a6fe546111cc658520b80972f38826c94ec11ef24315d32353
## Non-git package URLs
OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE}
@@ -120,3 +127,5 @@ SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUPTOOLS
LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE}
PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PACKAGE}
GO_URL=http://golang.org/dl/${GO_PACKAGE}
+GOCRYPTO_URL=https://people.torproject.org/~yawning/mirrors/sources/${GOCRYPTO_PACKAGE}
+GONET_URL=https://people.torproject.org/~yawning/mirrors/sources/${GONET_PACKAGE}
More information about the tor-commits
mailing list