|
1
|
1
|
# Magical Tor Browser Release Process Incantations
|
|
2
|
2
|
#
|
|
3
|
|
-# "May this part of our job one day be replaced by a small shell script"
|
|
|
3
|
+# The Tor Browser Release Process is now documented as gitlab issue templates:
|
|
|
4
|
+# - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/main/.gitlab/issue_templates/Release%20Prep%20-%20Tor%20Browser%20Stable.md
|
|
|
5
|
+# - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/main/.gitlab/issue_templates/Release%20Prep%20-%20Tor%20Browser%20Alpha.md
|
|
4
|
6
|
#
|
|
5
|
|
-
|
|
6
|
|
-#####################
|
|
7
|
|
-### Prepare build ###
|
|
8
|
|
-#####################
|
|
9
|
|
-
|
|
10
|
|
-#. Tag any relevant component versions.
|
|
11
|
|
-# In particular: before tagging the tor-browser tag, the final code from
|
|
12
|
|
-# Torbutton needs to get included and in order to avoid unnecessary commit
|
|
13
|
|
-# inflation the commit for bumping the git submodule should be a fixup commit
|
|
14
|
|
-# to the one with "Bug 25013: Add torbutton as a tor-browser submodule" in
|
|
15
|
|
-# its commit message.
|
|
16
|
|
-
|
|
17
|
|
-#. Update changelog and relevant config files in tor-browser-build.
|
|
18
|
|
- cd tor-browser-build
|
|
19
|
|
- vim projects/firefox/config
|
|
20
|
|
- vim ChangeLog.txt
|
|
21
|
|
- vim rbm.conf
|
|
22
|
|
-
|
|
23
|
|
-#. Tag a build tag in tor-browser-build.
|
|
24
|
|
- make signtag-release # or `make signtag-alpha` for an alpha build
|
|
25
|
|
-
|
|
26
|
|
-#. Push tag and version to tor-browser-build.git. In case of doing a stable
|
|
27
|
|
-# release with a maintenance branch use that one instead of `master`.
|
|
28
|
|
- torsocks git push origin master:master
|
|
29
|
|
- torsocks git push origin --tags
|
|
30
|
|
-
|
|
31
|
|
-
|
|
32
|
|
-#####################
|
|
33
|
|
-### Build ###
|
|
34
|
|
-#####################
|
|
35
|
|
-
|
|
36
|
|
-#. Build and generate incremental MAR files.
|
|
37
|
|
- git tag -v tbb-$TORBROWSER_VERSION-buildN
|
|
38
|
|
- git checkout tbb-$TORBROWSER_VERSION-buildN
|
|
39
|
|
- make && make incrementals-release # `make alpha && make incrementals-alpha`
|
|
40
|
|
-
|
|
41
|
|
-#. Compare the SHA256 sums of the bundles and MAR files with an independent
|
|
42
|
|
-# builder.
|
|
43
|
|
- sha256sum tor-browser-build/release/unsigned/$TORBROWSER_BUILDDIR/sha256sums-unsigned-build.txt
|
|
44
|
|
- sha256sum tor-browser-build/release/unsigned/$TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt
|
|
45
|
|
-
|
|
46
|
|
-#. If the sums match (download and) upload the bundles to your build dir on
|
|
47
|
|
-# people.torproject.org. Fix permissions.
|
|
48
|
|
- chmod 755 $TORBROWSER_BUILDDIR
|
|
49
|
|
- chmod 644 $TORBROWSER_BUILDDIR/*
|
|
50
|
|
- chmod 644 $TORBROWSER_BUILDDIR/.htaccess
|
|
51
|
|
- torsocks ssh people.torproject.org "mkdir ~/public_html/builds/${TORBROWSER_BUILDDIR}"
|
|
52
|
|
- torsocks rsync -avP $TORBROWSER_BUILDDIR/ people.torproject.org:public_html/builds/$TORBROWSER_BUILDDIR
|
|
53
|
|
-
|
|
54
|
|
-#. (Optional): Upload your binaries to people using partial rsync over old version
|
|
55
|
|
- torsocks ssh people.torproject.org "mv ~/public_html/builds/${TORBROWSER_VERSION}-build1 ~/public_html/builds/$TORBROWSER_BUILDDIR"
|
|
56
|
|
- torsocks rsync -avP $TORBROWSER_BUILDDIR/ people.torproject.org:public_html/builds/$TORBROWSER_BUILDDIR
|
|
57
|
|
-
|
|
58
|
|
-#. Distribute build to tor-qa@xxxxxxxxxxxxxxxxxxxx
|
|
59
|
|
- # XXX: Currently manual email with link to candidate build, important changes,
|
|
60
|
|
- # and changelog.
|
|
61
|
|
- # For stable releases put tails-dev@xxxxxxxx into Cc.
|
|
62
|
|
-
|
|
63
|
|
-
|
|
64
|
|
-#######################
|
|
65
|
|
-### Android signing ###
|
|
66
|
|
-#######################
|
|
67
|
|
-
|
|
68
|
|
-#. The Android signing is done separately from the desktop signing. To
|
|
69
|
|
-# do the Android signing you'll need to boot from a Tails usb stick,
|
|
70
|
|
-# with persistent storage enabled.
|
|
71
|
|
-
|
|
72
|
|
-#. Install the openjdk-11-jdk-headless package
|
|
73
|
|
- apt install openjdk-11-jdk-headless
|
|
74
|
|
-
|
|
75
|
|
-#. Make sure you have the android keys, for example in the
|
|
76
|
|
-# ~/Persistent/android-keys directory. This directory should include
|
|
77
|
|
-# the tba_alpha.p12 and tba_release.p12 files.
|
|
78
|
|
-
|
|
79
|
|
-#. Clone tor-browser-build, and checkout the tag for the release
|
|
80
|
|
- git tag -v tbb-$TORBROWSER_VERSION-buildN
|
|
81
|
|
- git checkout tbb-$TORBROWSER_VERSION-buildN
|
|
82
|
|
-
|
|
83
|
|
-#. Update set-config.tbb-version and set-config.android-signing
|
|
84
|
|
- cd tools/signing
|
|
85
|
|
- vim set-config.tbb-version
|
|
86
|
|
- vim set-config.android-signing
|
|
87
|
|
-
|
|
88
|
|
-#. Run the android-signing script. This script will download the
|
|
89
|
|
-# unsigned apks from the `pkgstage` machine (where `do-all-signing`
|
|
90
|
|
-# is run), signed them, and upload back the signed apks to the
|
|
91
|
|
-# `pkgstage` machine. It should be done before the hash_signed_bundles.sh
|
|
92
|
|
-# step.
|
|
93
|
|
- ./android-signing
|
|
94
|
|
-
|
|
95
|
|
-
|
|
96
|
|
-##########################
|
|
97
|
|
-### Signing and upload ###
|
|
98
|
|
-##########################
|
|
99
|
|
-
|
|
100
|
|
-#. You need a `pkgstage` machine to store the bundles during the signing
|
|
101
|
|
-# process. This machine should be:
|
|
102
|
|
-# - secure (you will ssh to the signing machines and staticiforme
|
|
103
|
|
-# from there)
|
|
104
|
|
-# - with good bandwidth (you will download/upload bundles from there)
|
|
105
|
|
-#
|
|
106
|
|
-# All steps from the `Signing and upload` are run from the `pkgstage`
|
|
107
|
|
-# machine unless mentioned otherwise.
|
|
108
|
|
-#
|
|
109
|
|
-# The signing scripts are located in the tor-browser-build/tools/signing
|
|
110
|
|
-# directory.
|
|
111
|
|
-#
|
|
112
|
|
-# Alternatively, you can run the script `./do-all-signing`, which will
|
|
113
|
|
-# do all the signing steps automatically, until the static-update-component
|
|
114
|
|
-# commands on staticiforme. Also the script does not currently handle
|
|
115
|
|
-# removing the old versions on staticiforme, so you have to do that
|
|
116
|
|
-# manually. The script is also not running `./macos-signer-proxy` which
|
|
117
|
|
-# needs to be started and stopped manually.
|
|
118
|
|
-
|
|
119
|
|
-#. Checkout the tor-browser-build.git commit corresponding to the
|
|
120
|
|
-# tor browser version you need to sign/publish.
|
|
121
|
|
- cd tor-browser-build
|
|
122
|
|
- git tag -v tbb-$TORBROWSER_VERSION-buildN
|
|
123
|
|
- git checkout tbb-$TORBROWSER_VERSION-buildN
|
|
124
|
|
-
|
|
125
|
|
-#. Change to the tor-browser-build/tools/signing directory. All following
|
|
126
|
|
-# commands are run from this directory.
|
|
127
|
|
- cd tor-browser-build/tools/signing
|
|
128
|
|
-
|
|
129
|
|
-#. Set hosts information.
|
|
130
|
|
- vim set-config.hosts
|
|
131
|
|
-
|
|
132
|
|
-#. Set tor browser version information. You should set tbb_version,
|
|
133
|
|
-# tbb_version_build, tbb_version_type. This should match the information
|
|
134
|
|
-# in rbm.conf.
|
|
135
|
|
- vim set-config.tbb-version
|
|
136
|
|
-
|
|
137
|
|
-#. Download the tor browser build to the `pkgstage` machine from your
|
|
138
|
|
-# build machine (configured in set-config.hosts).
|
|
139
|
|
- ./sync-builder-unsigned-to-local-signed
|
|
140
|
|
-
|
|
141
|
|
-#. Codesign the macOS dmg files.
|
|
142
|
|
-#
|
|
143
|
|
-# Updload the tor browser dmg files to `macos-signer`
|
|
144
|
|
- ./sync-macos-local-to-macos-signer
|
|
145
|
|
-
|
|
146
|
|
-# Upload updated signing scripts to `macos-signer`. The scripts are
|
|
147
|
|
-# located in the `signing-release` or `signing-alpha` directory on
|
|
148
|
|
-# `macos-signer`.
|
|
149
|
|
- ./sync-scripts-to-macos-signer
|
|
150
|
|
-
|
|
151
|
|
-# Run proxy for `macos-signer`. You may need to kill an old proxy
|
|
152
|
|
-# process on `macos-signer` if it was still running.
|
|
153
|
|
- ./macos-signer-proxy
|
|
154
|
|
-
|
|
155
|
|
-# Enable networking on the `macos-signer`.
|
|
156
|
|
- macos-signer$ networksetup -setsecurewebproxystate Ethernet on
|
|
157
|
|
-
|
|
158
|
|
-# Sign the bundles. On `macos-signer`.
|
|
159
|
|
-# (replace signing-release with signing-alpha for an alpha release)
|
|
160
|
|
- macos-signer$ ~/signing-release/macos-signer-gatekeeper-signing
|
|
161
|
|
-
|
|
162
|
|
-# Notarize the bundles. On `macos-signer`.
|
|
163
|
|
-# (replace signing-release with signing-alpha for an alpha release)
|
|
164
|
|
- macos-signer$ ~/signing-release/macos-signer-notarization
|
|
165
|
|
-
|
|
166
|
|
-# Staple the bundles. On `macos-signer`.
|
|
167
|
|
-# (replace signing-release with signing-alpha for an alpha release)
|
|
168
|
|
- macos-signer$ ~/signing-release/macos-signer-stapler
|
|
169
|
|
-
|
|
170
|
|
-# Disable networking on the `macos-signer`.
|
|
171
|
|
- macos-signer$ networksetup -setsocksfirewallproxystate Ethernet off
|
|
172
|
|
-
|
|
173
|
|
-# Download the stapled bundles to `pkgstage`.
|
|
174
|
|
- ./sync-macos-signer-stapled-to-macos-local-stapled
|
|
175
|
|
-
|
|
176
|
|
-#. Regenerate macOS DMG files from stapled zip files.
|
|
177
|
|
- ./gatekeeper-bundling.sh
|
|
178
|
|
-
|
|
179
|
|
-#. Regenerate macOS MAR files from code signed dmg files.
|
|
180
|
|
- ./dmg2mar
|
|
181
|
|
-
|
|
182
|
|
-#. Sync bundles to `linux-signer`.
|
|
183
|
|
- ./sync-local-to-linux-signer
|
|
184
|
|
-
|
|
185
|
|
-#. Upload updated signing scripts to `linux-signer`. The scripts are
|
|
186
|
|
-# located in the `signing-release` or `signing-alpha` directory on
|
|
187
|
|
-# `linux-signer`.
|
|
188
|
|
- ./sync-scripts-to-linux-signer
|
|
189
|
|
-
|
|
190
|
|
-#. Sign the MAR files. On `linux-signer`.
|
|
191
|
|
-# (replace signing-release with signing-alpha for an alpha release)
|
|
192
|
|
- linux-signer$ ~/signing-release/linux-signer-signmars
|
|
193
|
|
-
|
|
194
|
|
-#. Authenticode signing of exe files. On `linux-signer`.
|
|
195
|
|
- linux-signer$ ~/signing-release/linux-signer-authenticode-signing
|
|
196
|
|
-
|
|
197
|
|
-#. Authenticode timestamping.
|
|
198
|
|
- ./sync-linux-signer-to-local
|
|
199
|
|
- ./authenticode-timestamping.sh
|
|
200
|
|
-
|
|
201
|
|
-#. Create sha256sums-signed-build files
|
|
202
|
|
- ./hash_signed_bundles.sh
|
|
203
|
|
-
|
|
204
|
|
-#. Upload sha256sums-signed-build and updated exe files to `linux-signer`.
|
|
205
|
|
- ./sync-local-to-linux-signer
|
|
206
|
|
-
|
|
207
|
|
-#. Gpg signing.
|
|
208
|
|
- ./linux-signer-gpg-sign
|
|
209
|
|
-
|
|
210
|
|
-#. Fetch signatures on unsigned sha256sums from other builds
|
|
211
|
|
- ./download-unsigned-sha256sums-gpg-signatures-from-people-tpo
|
|
212
|
|
-
|
|
213
|
|
-#. Remove old builds on `staticiforme`
|
|
214
|
|
- # IMPORTANT: Remove the oldest version in a series in case there is more
|
|
215
|
|
- # than 1 available on dist.torproject.org before proceeding
|
|
216
|
|
- # XXX: TORBROWSER_VERSION_OLDEST needs to be set
|
|
217
|
|
- staticiforme$ rm -rf /srv/dist-master.torproject.org/htdocs/torbrowser/$TORBROWSER_VERSION_OLDEST
|
|
218
|
|
- staticiforme$ static-update-component dist.torproject.org
|
|
219
|
|
-
|
|
220
|
|
-#. Upload new build to `staticiforme`
|
|
221
|
|
- ./sync-local-to-staticiforme
|
|
222
|
|
-
|
|
223
|
|
-#. Check diskspace available on cdn.tpo
|
|
224
|
|
-# We currently have enough disk space to host two alpha and stable
|
|
225
|
|
-# releases. However with the size of each Tor Browser release increasing,
|
|
226
|
|
-# it may become necessary to increase disk space. The server hosting
|
|
227
|
|
-# the files for cdn.tpo is savii.tpo and its disk usage can be monitored
|
|
228
|
|
-# by going to https://grafana.torproject.org/d/Z7T7Cfemz/node-exporter-full
|
|
229
|
|
-# and selecting the hosts: web-fsn-02.torproject.org, web-cymru-01.torproject.org,
|
|
230
|
|
-# web-fsn-01.torproject.org, and cdn-backend-sunet-01.torproject.org
|
|
231
|
|
-
|
|
232
|
|
-#. Remove the oldest *.mar files from cdn.tpo to save space
|
|
233
|
|
- staticiforme$ rm -rf /srv/cdn-master.torproject.org/htdocs/aus1/torbrowser/$TORBROWSER_VERSION_OLDEST
|
|
234
|
|
- staticiforme$ static-update-component cdn.torproject.org
|
|
235
|
|
-
|
|
236
|
|
-#. Sync files to dist.tpo and cdn.tpo mirrored web servers
|
|
237
|
|
-# (replace signing-release with signing-alpha for an alpha release)
|
|
238
|
|
-# It is a good idea to run the static-update-component inside screen
|
|
239
|
|
-# or tmux so that the upload continues if your connection to
|
|
240
|
|
-# staticiforme is closed.
|
|
241
|
|
- $ ./sync-scripts-to-staticiforme
|
|
242
|
|
- staticiforme$ ~/signing-release/staticiforme-prepare-cdn-dist-upload
|
|
243
|
|
- staticiforme$ static-update-component cdn.torproject.org && \
|
|
244
|
|
- static-update-component dist.torproject.org
|
|
245
|
|
-
|
|
246
|
|
-#. Make sure we really built from the proper Mozilla build tag by consulting
|
|
247
|
|
- # the respective ESR release branch (for a good overview for ESR78 see
|
|
248
|
|
- # https://hg.mozilla.org/releases/mozilla-esr78/graph/). For the platforms following
|
|
249
|
|
- # rapid release (only Android, currently), consult the beta repo
|
|
250
|
|
- # (https://hg.mozilla.org/releases/mozilla-beta/graph/) or the release repo
|
|
251
|
|
- # (https://hg.mozilla.org/releases/mozilla-release/graph/)
|
|
252
|
|
-
|
|
253
|
|
-#. Update website's torbrowser versions file in the website git
|
|
254
|
|
- cd tpo
|
|
255
|
|
- torsocks git pull origin
|
|
256
|
|
- # Update `win32` in the `torbrowser-stable` section as well if we
|
|
257
|
|
- # include a new stable tor version (called the Windows Expert Bundle
|
|
258
|
|
- # on the website). See: #14152.
|
|
259
|
|
- vim databags/versions.ini
|
|
260
|
|
- git commit databags/versions.ini -m "Add new Tor Browser version"
|
|
261
|
|
- torsocks git push origin master:master
|
|
262
|
|
- cd ..
|
|
263
|
|
- # Check build success/failure:
|
|
264
|
|
- # https://jenkins.torproject.org/job/lektor-website-tpo-translation/
|
|
265
|
|
- # https://jenkins.torproject.org/job/lektor-website-tpo-translation-install/
|
|
266
|
|
-
|
|
267
|
|
-#. Add new locales to the download page
|
|
268
|
|
- # If this release is introducing new locales, add them to the
|
|
269
|
|
- # databags/download-alternatives.ini file (for a stable release) or
|
|
270
|
|
- # the databags/download-alternatives-alpha.ini file (for an alpha
|
|
271
|
|
- # release).
|
|
272
|
|
- cd tpo
|
|
273
|
|
- torsocks git pull origin
|
|
274
|
|
- vim databags/download-alternatives.ini # or databags/download-alternatives-alpha.ini
|
|
275
|
|
- git commit databags/download-alternatives.ini -m "Add new Tor Browser locales"
|
|
276
|
|
- torsocks git push origin master:master
|
|
277
|
|
- cd ..
|
|
278
|
|
-
|
|
279
|
|
-#. Create blog post from changelog
|
|
280
|
|
-# Edit set-config.blog to set you local blog directory.
|
|
281
|
|
-# Don't forget to link to Mozilla's security advisories if this is a security
|
|
282
|
|
-# update.
|
|
283
|
|
- ./create-blog-post
|
|
284
|
|
-
|
|
285
|
|
-#. Check whether the .exe files got properly signed and timestamped
|
|
286
|
|
- # Point OSSLSIGNCODE to your osslsigncode binary
|
|
287
|
|
- pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
|
|
288
|
|
- OSSLSIGNCODE=/path/to/osslsigncode
|
|
289
|
|
- ../../../tools/authenticode_check.sh
|
|
290
|
|
- popd
|
|
291
|
|
-
|
|
292
|
|
-#. Check whether the MAR files got properly signed
|
|
293
|
|
- # Point NSSDB to your nssdb containing the mar signing certificate
|
|
294
|
|
- # Point SIGNMAR to your signmar binary
|
|
295
|
|
- # Point LD_LIBRARY_PATH to your mar-tools directory
|
|
296
|
|
- pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
|
|
297
|
|
- NSSDB=/path/to/nssdb
|
|
298
|
|
- SIGNMAR=/path/to/mar-tools/signmar
|
|
299
|
|
- LD_LIBRARY_PATH=/path/to/mar-tools/
|
|
300
|
|
- ../../../tools/marsigning_check.sh
|
|
301
|
|
- popd
|
|
302
|
|
-
|
|
303
|
|
-#. Generate and upload update_responses to staticiforme
|
|
304
|
|
- ./upload-update_responses-to-staticiforme
|
|
305
|
|
-
|
|
306
|
|
-#. Enable update. On `staticiforme`.
|
|
307
|
|
-# (for alpha release, use deploy_update_responses-alpha.sh instead)
|
|
308
|
|
- staticiforme$ ~/deploy_update_responses-release.sh
|
|
309
|
|
-
|
|
310
|
|
-#. Clean linux-signer and macos-signer
|
|
311
|
|
- ./finished-signing-clean-linux-signer
|
|
312
|
|
- ./finished-signing-clean-macos-signer
|
|
313
|
|
-
|
|
314
|
|
-# Upload APKs to Google Play
|
|
315
|
|
- Log into https://play.google.com/apps/publish
|
|
316
|
|
- Select correct app (Tor Browser or Tor Browser Alpha)
|
|
317
|
|
- Under left-side navigation bar, select "Production" under "Release"
|
|
318
|
|
- Select "Create new release" button at upper right-side
|
|
319
|
|
- Under "App bundles and APKs" section, "Upload" each signed APK
|
|
320
|
|
- After uploading APKs:
|
|
321
|
|
- - The "Release Name" should be automatically filled with the Firefox version
|
|
322
|
|
- - Next to "Release notes" click "Copy from a previous release"
|
|
323
|
|
- - Select the previous release and adjust the blog post url for this release
|
|
324
|
|
- - Save, review, and configure rollout percentage at the bottom
|
|
325
|
|
- - Use 25% rollout when publishing a scheduled update (without a security driver)
|
|
326
|
|
- - Use 100% rollout when publishing an unscheduled update or security-driven release
|
|
327
|
|
- Roll out.
|
|
328
|
|
-
|
|
329
|
|
- Note, you may receive three warning messages about:
|
|
330
|
|
- 1) app is larger than it is necessary (android app bundle),
|
|
331
|
|
- 2) missing deobfuscation file for better crash analysis
|
|
332
|
|
- 3) missing debug symbol file
|
|
333
|
|
-
|
|
334
|
|
- These warnings are expected and should be accepted.
|
|
335
|
|
-
|
|
336
|
|
- See below for updating the rollout percentage.
|
|
337
|
|
-
|
|
338
|
|
-# Release on F-Droid
|
|
339
|
|
- Publication on F-Droid via the Guardian Project's repository should be
|
|
340
|
|
- automatic. Hans is responsible for maintaining this automation.
|
|
341
|
|
-
|
|
342
|
|
-# Update rollout percentage
|
|
343
|
|
- After 24 hours, check the Release Daskboard:
|
|
344
|
|
- - "Release"->"Production" and select the "Release Dashboard" tab
|
|
345
|
|
- If the Release Dashboard does not show any concerning trends (significant
|
|
346
|
|
- increase in crashes or ANRs (Application Not Responding)), then continue on
|
|
347
|
|
- to the next paragraph and increase rollout from 25% to 100%. Otherwise
|
|
348
|
|
- consider halting rollout as described in the `RollingBackUpdate` process.
|
|
349
|
|
-
|
|
350
|
|
- Select the "Releases" tab on the "Production" page. The current released
|
|
351
|
|
- version should indicate 25% rollout: "Available to 25% of users on Google Play"
|
|
352
|
|
- On the right-side of the "View release details" button of the release there
|
|
353
|
|
- should be a button labeled "Manage rollout" with a down-arrow. Clicking on
|
|
354
|
|
- that button should show two options:
|
|
355
|
|
- - Update rollout
|
|
356
|
|
- - Halt rollout
|
|
357
|
|
-
|
|
358
|
|
- Select "Update rollout" and increase to 100% and click "Update". The change
|
|
359
|
|
- should be immediately implemented and the "Manage rollout" button disappears.
|
|
360
|
|
-
|
|
361
|
|
-#. Write an email to tor-announce in case this release is concerned with getting
|
|
362
|
|
-# a stable version out. Using the contents of the blog entry should do it. |
|
|
7
|
+# See also the open release prep issues:
|
|
|
8
|
+# https://gitlab.torproject.org/groups/tpo/applications/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep&first_page_size=20 |