Pier Angelo Vendrame pushed to branch tor-browser-115.2.0esr-13.0-1 at The Tor Project / Applications / Tor Browser
Commits:
-
3fe30891
by clairehurst at 2023-08-31T03:24:27+00:00
-
a3e812a8
by clairehurst at 2023-08-31T03:24:27+00:00
-
ee028c84
by clairehurst at 2023-08-31T03:24:27+00:00
5 changed files:
- + mozconfig-macos-dev
- tools/torbrowser/Makefile
- + tools/torbrowser/browser-self-sign-macos.sh
- tools/torbrowser/deploy.sh
- tools/torbrowser/fetch.sh
Changes:
| 1 | +. $topsrcdir/browser/config/mozconfigs/tor-browser
|
|
| 2 | + |
|
| 3 | +# This mozconfig file is not used in official builds.
|
|
| 4 | +# It is only intended to be used when doing incremental macOS builds
|
|
| 5 | +# during development.
|
|
| 6 | + |
|
| 7 | +ac_add_options --disable-strip
|
|
| 8 | +ac_add_options --disable-install-strip
|
|
| 9 | + |
|
| 10 | +# See bug #13379
|
|
| 11 | +ac_add_options --enable-nss-mar
|
|
| 12 | + |
|
| 13 | +# See bug #41131
|
|
| 14 | +ac_add_options --disable-update-agent
|
|
| 15 | + |
|
| 16 | +ac_add_options --with-relative-data-dir=../TorBrowser-Data/Browser
|
|
| 17 | + |
|
| 18 | +#copied from the diff between mozconfig-linux-x86_64 and mozconfig-linux-x86_64-dev
|
|
| 19 | +export MOZILLA_OFFICIAL=
|
|
| 20 | +export MOZ_APP_REMOTINGNAME="Tor Browser Dev"
|
|
| 21 | + |
|
| 22 | +ac_add_options --with-branding=browser/branding/tb-nightly
|
|
| 23 | +ac_add_options --with-base-browser-version=dev-build
|
|
| 24 | +ac_add_options --disable-base-browser-update |
| 1 | 1 | .DEFAULT_GOAL := all
|
| 2 | 2 | |
| 3 | 3 | # https://stackoverflow.com/questions/18136918/how-to-get-current-relative-directory-of-your-makefile
|
| 4 | -mkfile_path := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
|
|
| 5 | - |
|
| 6 | -DEV_ROOT = $(mkfile_path)/../..
|
|
| 7 | -BINARIES = $(DEV_ROOT)/.binaries
|
|
| 8 | -BUILD_OUTPUT = $(DEV_ROOT)/obj-x86_64-pc-linux-gnu
|
|
| 4 | +mkfile_path := "$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))"
|
|
| 5 | + |
|
| 6 | +DEV_ROOT = "$(mkfile_path)/../.."
|
|
| 7 | +BINARIES = "$(DEV_ROOT)/.binaries"
|
|
| 8 | +ARCHITECTURE = "$(shell uname -m)"
|
|
| 9 | + |
|
| 10 | +# Correct the architecture naming for ARM to match what mozilla has
|
|
| 11 | +ifeq ($(ARCHITECTURE), "arm64")
|
|
| 12 | + ARCHITECTURE = "aarch64"
|
|
| 13 | +endif
|
|
| 14 | + |
|
| 15 | +# Define build output path based on the platform.
|
|
| 16 | +ifeq ("$(shell uname)", "Darwin")
|
|
| 17 | + BUILD_OUTPUT = "$(DEV_ROOT)/obj-$(ARCHITECTURE)-apple-darwin$(shell uname -r)"
|
|
| 18 | +else
|
|
| 19 | + BUILD_OUTPUT = "$(DEV_ROOT)/obj-$(ARCHITECTURE)-pc-linux-gnu"
|
|
| 20 | +endif
|
|
| 21 | + |
|
| 22 | +# Define the run command based on the platform.
|
|
| 23 | +ifeq ("$(shell uname)", "Darwin")
|
|
| 24 | + RUN_CMD := cd "$(BINARIES)/Tor Browser.app/Contents/MacOS/" && ./firefox
|
|
| 25 | +else
|
|
| 26 | + RUN_CMD := "$(BINARIES)/dev/Browser/start-tor-browser" -v $(ARGS)
|
|
| 27 | +endif
|
|
| 9 | 28 | |
| 10 | 29 | config:
|
| 11 | 30 | ./config.sh $(DEV_ROOT)
|
| ... | ... | @@ -34,7 +53,7 @@ fat-aar: |
| 34 | 53 | all: build deploy
|
| 35 | 54 | |
| 36 | 55 | run:
|
| 37 | - $(BINARIES)/dev/Browser/start-tor-browser -v $(ARGS)
|
|
| 56 | + $(RUN_CMD)
|
|
| 38 | 57 | |
| 39 | 58 | jslint:
|
| 40 | 59 | ./jslint.sh $(DEV_ROOT) $(JS)
|
| 1 | +#!/bin/bash
|
|
| 2 | + |
|
| 3 | +CERTNAME=my-codesign-cert-tor
|
|
| 4 | +BROWSERPATH=.
|
|
| 5 | + |
|
| 6 | +if [ $# -ge 1 ]
|
|
| 7 | +then
|
|
| 8 | + BROWSERPATH=$1
|
|
| 9 | +fi
|
|
| 10 | + |
|
| 11 | + |
|
| 12 | +security find-certificate -c $CERTNAME > /dev/null
|
|
| 13 | + |
|
| 14 | +if [ $? -ne 0 ]
|
|
| 15 | +then
|
|
| 16 | + echo ""
|
|
| 17 | + echo "ERROR: Self Signing Certificate not found, please create:"
|
|
| 18 | + echo " 1. In the Keychain Access app on your Mac, choose Keychain Access > Certificate Assistant > Create a Certificate."
|
|
| 19 | + echo " 2. Enter the name '$CERTNAME' for the certificate"
|
|
| 20 | + echo " 3. Choose an identity type: Self Signed Root"
|
|
| 21 | + echo " 4. Certificate Type > Code Signing"
|
|
| 22 | + echo " 5. Check 'Let me override defaults' & click Continue."
|
|
| 23 | + echo " 6. Enter a unique Serial Number. (123 is fine)"
|
|
| 24 | + echo " 7. Enter a big Validity Period (days), like 3560 & click Continue."
|
|
| 25 | + echo " 8. Fill in your personal information & click Continue."
|
|
| 26 | + echo " 9. Accept defaults for the rest of the dialog boxes. (Continue several times)"
|
|
| 27 | + echo " 10. Certificate Created! Click Done."
|
|
| 28 | + echo ""
|
|
| 29 | + echo "For additional help see:"
|
|
| 30 | + echo " https://support.apple.com/en-ca/guide/keychain-access/kyca8916/mac"
|
|
| 31 | + echo " https://stackoverflow.com/questions/58356844/what-are-the-ways-or-technologies-to-sign-an-executable-application-file-in-mac"
|
|
| 32 | +
|
|
| 33 | + echo ""
|
|
| 34 | + read -n 1 -r -s -p $'Press enter to launch "Keychain Access"...\n'
|
|
| 35 | + open /System/Applications/Utilities/Keychain\ Access.app
|
|
| 36 | + |
|
| 37 | + exit -1
|
|
| 38 | +fi
|
|
| 39 | + |
|
| 40 | +echo "Found $CERTNAME, looking for browser to sign..."
|
|
| 41 | + |
|
| 42 | +if [ ! -f "$BROWSERPATH/XUL" ]
|
|
| 43 | +then
|
|
| 44 | + TESTPATH="$BROWSERPATH/Contents/MacOS"
|
|
| 45 | + if [ -f "$TESTPATH/XUL" ]
|
|
| 46 | + then
|
|
| 47 | + BROWSERPATH=$TESTPATH
|
|
| 48 | + else
|
|
| 49 | + echo "Error: browser files not detected in $BROWSERPATH!"
|
|
| 50 | + echo " This script needs to be run in the 'Contents/MacOS' directory of a SomeBrowser.app directory"
|
|
| 51 | + exit -1
|
|
| 52 | + fi
|
|
| 53 | +fi
|
|
| 54 | + |
|
| 55 | +echo "Mozilla based browser found, signing..."
|
|
| 56 | +echo ' Will be asked for password to certificate for all the things that need to be signed. Click "Always Allow" to automate'
|
|
| 57 | + |
|
| 58 | +cd "$BROWSERPATH"
|
|
| 59 | + |
|
| 60 | +codesign -s $CERTNAME *.dylib
|
|
| 61 | +codesign -s $CERTNAME plugin-container.app
|
|
| 62 | + |
|
| 63 | +if [ -d Tor ]
|
|
| 64 | +then
|
|
| 65 | + codesign -s $CERTNAME Tor/PluggableTransports/*
|
|
| 66 | + codesign -s $CERTNAME Tor/libevent-2.1.7.dylib
|
|
| 67 | + if [ -f Tor/tor.real ]
|
|
| 68 | + then
|
|
| 69 | + codesign -s $CERTNAME Tor/tor.real
|
|
| 70 | + fi
|
|
| 71 | + if [ -f Tor/tor ]
|
|
| 72 | + then
|
|
| 73 | + codesign -s $CERTNAME Tor/tor
|
|
| 74 | + fi
|
|
| 75 | +fi
|
|
| 76 | + |
|
| 77 | +codesign -s $CERTNAME XUL
|
|
| 78 | + |
|
| 79 | +if [ -d updater.app ]
|
|
| 80 | +then
|
|
| 81 | + codesign -s $CERTNAME updater.app
|
|
| 82 | +fi
|
|
| 83 | + |
|
| 84 | +# mullvadbrowser
|
|
| 85 | +if [ -f mullvadbrowser ]
|
|
| 86 | +then
|
|
| 87 | + codesign -s $CERTNAME mullvadbrowser
|
|
| 88 | +fi
|
|
| 89 | + |
|
| 90 | +# BB or TB
|
|
| 91 | +if [ -f firefox ]
|
|
| 92 | +then
|
|
| 93 | + codesign -s $CERTNAME firefox
|
|
| 94 | +fi
|
|
| 95 | + |
|
| 96 | +echo ""
|
|
| 97 | +echo "Browser signing step done!"
|
|
| 98 | +echo ""
|
|
| 99 | + |
|
| 100 | +echo "App still needs one more override to be easily opened with double click in Finder"
|
|
| 101 | +echo "Alternatively you can right click it, select 'Open' and then select 'Open' from the override popup"
|
|
| 102 | +echo "Or to enable it to be double clicked to open perform the following"
|
|
| 103 | +echo ""
|
|
| 104 | +echo "Double click the app and select either 'Ok' or 'Cancel' from the warning popup depending on which you get (Do Not 'Move to Trash')"
|
|
| 105 | +echo 'Go to Preferences -> Security & Privacy and click on padlock to allow changes. '
|
|
| 106 | +echo ' Then in "Allow appications downloaded from" select either:'
|
|
| 107 | +echo ' - App Store and identified developers'
|
|
| 108 | +echo ' - Anywhere'
|
|
| 109 | +echo ' Below that may be a notice about your specific app saying it was blocked because it was not from an identified developer. Click "Open Anyways" and "Open"'
|
|
| 110 | + |
| 1 | 1 | #!/bin/bash
|
| 2 | 2 | set -e
|
| 3 | -BINARIES=$1
|
|
| 4 | -BUILD_OUTPUT=$2
|
|
| 5 | 3 | |
| 6 | -SCRIPT_DIR=$(realpath "$(dirname "$0")")
|
|
| 4 | +BINARIES="$1"
|
|
| 5 | +BUILD_OUTPUT="$2"
|
|
| 6 | +SCRIPT_DIR="$(realpath "$(dirname "$0")")"
|
|
| 7 | + |
|
| 8 | +RESDIR="$BUILD_OUTPUT/dist/firefox"
|
|
| 9 | +if [ "$(uname)" = "Darwin" ]; then
|
|
| 10 | + RESDIR="$RESDIR/Tor Browser.app/Contents/Resources"
|
|
| 11 | +fi
|
|
| 7 | 12 | |
| 8 | 13 | # Add built-in bridges
|
| 9 | -mkdir -p $BUILD_OUTPUT/_omni/defaults/preferences
|
|
| 10 | -cat $BUILD_OUTPUT/dist/bin/browser/defaults/preferences/000-tor-browser.js $SCRIPT_DIR/bridges.js >> $BUILD_OUTPUT/_omni/defaults/preferences/000-tor-browser.js
|
|
| 11 | -cd $BUILD_OUTPUT/_omni && zip -Xmr $BUILD_OUTPUT/dist/firefox/browser/omni.ja defaults/preferences/000-tor-browser.js
|
|
| 12 | -rm -rf $BUILD_OUTPUT/_omni
|
|
| 14 | +mkdir -p "$BUILD_OUTPUT/_omni/defaults/preferences"
|
|
| 15 | +cat "$BUILD_OUTPUT/dist/bin/browser/defaults/preferences/000-tor-browser.js" "$SCRIPT_DIR/bridges.js" >> "$BUILD_OUTPUT/_omni/defaults/preferences/000-tor-browser.js"
|
|
| 16 | +cd "$BUILD_OUTPUT/_omni"
|
|
| 17 | +zip -Xmr "$RESDIR/browser/omni.ja" "defaults/preferences/000-tor-browser.js"
|
|
| 18 | +rm -rf "$BUILD_OUTPUT/_omni"
|
|
| 13 | 19 | |
| 14 | 20 | # Repackage the manual
|
| 15 | 21 | # rm -rf $BUILD_OUTPUT/_omni
|
| 16 | 22 | # mkdir $BUILD_OUTPUT/_omni
|
| 17 | 23 | # unzip $BINARIES/dev/Browser/browser/omni.ja -d $BUILD_OUTPUT/_omni
|
| 18 | -# cd $BUILD_OUTPUT/_omni && zip -Xmr $BUILD_OUTPUT/dist/firefox/browser/omni.ja chrome/browser/content/browser/manual
|
|
| 24 | +# cd $BUILD_OUTPUT/_omni && zip -Xmr $RESDIR/browser/omni.ja chrome/browser/content/browser/manual
|
|
| 19 | 25 | # rm -rf $BUILD_OUTPUT/_omni
|
| 20 | 26 | |
| 21 | -# backup the startup script
|
|
| 22 | -mv $BINARIES/dev/Browser/firefox $BINARIES/dev/Browser/firefox.bak
|
|
| 27 | +if [ "$(uname)" = "Darwin" ]; then
|
|
| 28 | + |
|
| 29 | + # copy binaries
|
|
| 30 | + cp -r "$BUILD_OUTPUT/dist/firefox/Tor Browser.app/Contents/"* "$BINARIES/Tor Browser.app/Contents/"
|
|
| 31 | + rm -rf "$BINARIES/TorBrowser-Data/Browser/Caches/*.default/startupCache"
|
|
| 32 | + |
|
| 33 | + # Self sign the Binaries
|
|
| 34 | + cd "$BINARIES/Tor Browser.app/Contents/MacOS"
|
|
| 35 | + "$SCRIPT_DIR/browser-self-sign-macos.sh"
|
|
| 36 | + |
|
| 37 | + else
|
|
| 38 | + |
|
| 39 | + # backup the startup script
|
|
| 40 | + mv "$BINARIES/dev/Browser/firefox" "$BINARIES/dev/Browser/firefox.bak"
|
|
| 41 | +
|
|
| 42 | + # copy binaries
|
|
| 43 | + cp -r "$RESDIR/"* "$BINARIES/dev/Browser"
|
|
| 44 | + rm -rf "$BINARIES/dev/Browser/TorBrowser/Data/Browser/profile.default/startupCache"
|
|
| 23 | 45 | |
| 24 | -# copy binaries
|
|
| 25 | -cp -r $BUILD_OUTPUT/dist/firefox/* $BINARIES/dev/Browser
|
|
| 26 | -rm -rf $BINARIES/dev/Browser/TorBrowser/Data/Browser/profile.default/startupCache
|
|
| 46 | + # shuffle firefox bin around and restore script to match a real deployment
|
|
| 47 | + mv "$BINARIES/dev/Browser/firefox" "$BINARIES/dev/Browser/firefox.real"
|
|
| 48 | + mv "$BINARIES/dev/Browser/firefox.bak" "$BINARIES/dev/Browser/firefox"
|
|
| 27 | 49 | |
| 28 | -# shuffle firefox bin around and restore script to match a real deployment
|
|
| 29 | -mv $BINARIES/dev/Browser/firefox $BINARIES/dev/Browser/firefox.real
|
|
| 30 | -mv $BINARIES/dev/Browser/firefox.bak $BINARIES/dev/Browser/firefox |
|
| 50 | +fi |
| 1 | 1 | #!/bin/sh
|
| 2 | 2 | set -e
|
| 3 | 3 | |
| 4 | -BINARIES_DIR=$1
|
|
| 4 | +BINARIES_DIR="$1"
|
|
| 5 | 5 | |
| 6 | 6 | # download the current downloads.json
|
| 7 | 7 | wget https://aus1.torproject.org/torbrowser/update_3/alpha/downloads.json
|
| 8 | -# get url for latest alpha linux en_US package
|
|
| 8 | +# get url for latest alpha linux package
|
|
| 9 | 9 | TOR_BROWSER_VERSION=$(grep -Eo "\"version\":\"[0-9.a]+\"" downloads.json | grep -Eo "[0-9.a]+")
|
| 10 | -TOR_BROWSER_PACKAGE="tor-browser-linux64-${TOR_BROWSER_VERSION}_ALL.tar.xz"
|
|
| 10 | +if [ "$(uname)" = "Darwin" ]; then
|
|
| 11 | + TOR_BROWSER_PACKAGE="tor-browser-macos-${TOR_BROWSER_VERSION}.dmg"
|
|
| 12 | + else
|
|
| 13 | + TOR_BROWSER_PACKAGE="tor-browser-linux-x86_64-${TOR_BROWSER_VERSION}.tar.xz"
|
|
| 14 | +fi
|
|
| 11 | 15 | TOR_BROWSER_PACKAGE_URL="https://dist.torproject.org/torbrowser/${TOR_BROWSER_VERSION}/${TOR_BROWSER_PACKAGE}"
|
| 12 | 16 | |
| 13 | 17 | # remove download manifest
|
| 14 | 18 | rm downloads.json
|
| 15 | 19 | |
| 16 | 20 | # clear out previous tor-browser and previous package
|
| 17 | -rm -rf "${BINARIES_DIR}/dev"
|
|
| 21 | +rm -rf "${BINARIES_DIR}"
|
|
| 18 | 22 | rm -f "${TOR_BROWSER_PACKAGE}"
|
| 19 | 23 | |
| 20 | 24 | # download
|
| 21 | -rm -f "${TOR_BROWSER_PACKAGE}"
|
|
| 22 | 25 | wget "${TOR_BROWSER_PACKAGE_URL}"
|
| 23 | 26 | mkdir -p "${BINARIES_DIR}"
|
| 24 | 27 | |
| 25 | 28 | # and extract
|
| 26 | -tar -xf ${TOR_BROWSER_PACKAGE} -C "${BINARIES_DIR}"
|
|
| 27 | -mv "${BINARIES_DIR}/tor-browser" "${BINARIES_DIR}/dev"
|
|
| 29 | +if [ "$(uname)" = "Darwin" ]
|
|
| 30 | + then
|
|
| 31 | + hdiutil attach "${TOR_BROWSER_PACKAGE}"
|
|
| 32 | + cp -R "/Volumes/Tor Browser/Tor Browser.app" "${BINARIES_DIR}"
|
|
| 33 | + hdiutil detach "/Volumes/Tor Browser"
|
|
| 34 | + else
|
|
| 35 | + tar -xf "${TOR_BROWSER_PACKAGE}" -C "${BINARIES_DIR}"
|
|
| 36 | + mv "${BINARIES_DIR}/tor-browser" "${BINARIES_DIR}/dev"
|
|
| 37 | +fi
|
|
| 28 | 38 | |
| 29 | -# cleanup
|
|
| 39 | +# Final cleanup
|
|
| 30 | 40 | rm -f "${TOR_BROWSER_PACKAGE}" |