tbb-commits

tbb-commits@lists.torproject.org

1 participants
17364 discussions

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 43245: Use separate entitlements for signing tor
by morgan (＠morgan) 31 Oct '24

31 Oct '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 4a836c67 by Nicolas Vigier at 2024-10-31T18:20:36+00:00 Bug 43245: Use separate entitlements for signing tor Use a separate entitlements file for signing the tor binary, with `com.apple.security.cs.allow-unsigned-executable-memory` enabled. - - - - - 2 changed files: - + tools/signing/macos-entitlements/tor.xml - tools/signing/wrappers/sign-rcodesign-128 Changes: ===================================== tools/signing/macos-entitlements/tor.xml ===================================== @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> + +<plist version="1.0"> + <dict> +  + <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/> + +  + <key>com.apple.security.cs.disable-library-validation</key><true/> + + <key>com.apple.security.cs.allow-jit</key><true/> + </dict> +</plist> ===================================== tools/signing/wrappers/sign-rcodesign-128 ===================================== @@ -82,6 +82,7 @@ $rcodesign sign \ --code-signature-flags Contents/Frameworks/ChannelPrefs.framework:runtime \ --code-signature-flags Contents/MacOS/plugin-container.app:runtime \ --code-signature-flags Contents/MacOS/media-plugin-helper.app:runtime \ + --entitlements-xml-path Contents/MacOS/Tor/tor:/signing/tor-browser-build/tools/signing/macos-entitlements/tor.xml \ --entitlements-xml-path Contents/MacOS/plugin-container.app:/signing/tor-browser-build/tools/signing/macos-entitlements/plugin-container.xml \ --entitlements-xml-path Contents/MacOS/media-plugin-helper.app:/signing/tor-browser-build/tools/signing/macos-entitlements/media-plugin-helper.xml \ --entitlements-xml-path /signing/tor-browser-build/tools/signing/macos-entitlements/firefox.browser.xml \ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 43245: Use separate entitlements for signing tor
by morgan (＠morgan) 31 Oct '24

31 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: c4fb2737 by Nicolas Vigier at 2024-10-31T18:19:37+00:00 Bug 43245: Use separate entitlements for signing tor Use a separate entitlements file for signing the tor binary, with `com.apple.security.cs.allow-unsigned-executable-memory` enabled. - - - - - 2 changed files: - + tools/signing/macos-entitlements/tor.xml - tools/signing/wrappers/sign-rcodesign-128 Changes: ===================================== tools/signing/macos-entitlements/tor.xml ===================================== @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> + +<plist version="1.0"> + <dict> +  + <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/> + +  + <key>com.apple.security.cs.disable-library-validation</key><true/> + + <key>com.apple.security.cs.allow-jit</key><true/> + </dict> +</plist> ===================================== tools/signing/wrappers/sign-rcodesign-128 ===================================== @@ -82,6 +82,7 @@ $rcodesign sign \ --code-signature-flags Contents/Frameworks/ChannelPrefs.framework:runtime \ --code-signature-flags Contents/MacOS/plugin-container.app:runtime \ --code-signature-flags Contents/MacOS/media-plugin-helper.app:runtime \ + --entitlements-xml-path Contents/MacOS/Tor/tor:/signing/tor-browser-build/tools/signing/macos-entitlements/tor.xml \ --entitlements-xml-path Contents/MacOS/plugin-container.app:/signing/tor-browser-build/tools/signing/macos-entitlements/plugin-container.xml \ --entitlements-xml-path Contents/MacOS/media-plugin-helper.app:/signing/tor-browser-build/tools/signing/macos-entitlements/media-plugin-helper.xml \ --entitlements-xml-path /signing/tor-browser-build/tools/signing/macos-entitlements/firefox.browser.xml \ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41243: Use separate entitlements for signing tor
by morgan (＠morgan) 31 Oct '24

31 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 429a5220 by Nicolas Vigier at 2024-10-31T17:35:09+01:00 Bug 41243: Use separate entitlements for signing tor Use a separate entitlements file for signing the tor binary, with `com.apple.security.cs.allow-unsigned-executable-memory` enabled. - - - - - 2 changed files: - + tools/signing/macos-entitlements/tor.xml - tools/signing/wrappers/sign-rcodesign-128 Changes: ===================================== tools/signing/macos-entitlements/tor.xml ===================================== @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> + +<plist version="1.0"> + <dict> +  + <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/> + +  + <key>com.apple.security.cs.disable-library-validation</key><true/> + + <key>com.apple.security.cs.allow-jit</key><true/> + </dict> +</plist> ===================================== tools/signing/wrappers/sign-rcodesign-128 ===================================== @@ -82,6 +82,7 @@ $rcodesign sign \ --code-signature-flags Contents/Frameworks/ChannelPrefs.framework:runtime \ --code-signature-flags Contents/MacOS/plugin-container.app:runtime \ --code-signature-flags Contents/MacOS/media-plugin-helper.app:runtime \ + --entitlements-xml-path Contents/MacOS/Tor/tor:/signing/tor-browser-build/tools/signing/macos-entitlements/tor.xml \ --entitlements-xml-path Contents/MacOS/plugin-container.app:/signing/tor-browser-build/tools/signing/macos-entitlements/plugin-container.xml \ --entitlements-xml-path Contents/MacOS/media-plugin-helper.app:/signing/tor-browser-build/tools/signing/macos-entitlements/media-plugin-helper.xml \ --entitlements-xml-path /signing/tor-browser-build/tools/signing/macos-entitlements/firefox.browser.xml \ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.4.0esr-14.5-1] 2 commits: fixup! Bug 42305: Add script to combine translation files across versions.
by Pier Angelo Vendrame (＠pierov) 31 Oct '24

31 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 7b61c406 by Henry Wilkes at 2024-10-31T10:32:12+00:00 fixup! Bug 42305: Add script to combine translation files across versions. Bug 43272: Fix git fetch in translation CI script. - - - - - 3f690c6b by Henry Wilkes at 2024-10-31T10:47:28+00:00 fixup! Add CI for Tor Browser Bug 43272: Run translation CI whenever CI script changes. - - - - - 2 changed files: - .gitlab/ci/update-translations.yml - tools/torbrowser/l10n/combine-translation-versions.py Changes: ===================================== .gitlab/ci/update-translations.yml ===================================== @@ -7,6 +7,9 @@ - "**/*.properties" - "**/*.dtd" - "**/*strings.xml" + - "**/update-translations.yml" + - "**/l10n/combine/combine.py" + - "**/l10n/combine-translation-versions.py" - if: $FORCE_UPDATE_TRANSLATIONS == "true" variables: TOR_BROWSER_COMBINED_FILES_JSON: "combined-translation-files.json" ===================================== tools/torbrowser/l10n/combine-translation-versions.py ===================================== @@ -145,7 +145,7 @@ class BrowserBranch: # Minimal fetch of non-HEAD branch to get the file paths. # Individual file blobs will be downloaded as needed. git_run( - ["fetch", "--depth=1", "--filter=blob:none", "origin", self._ref] + ["fetch", "--depth=1", "--filter=blob:none", "origin", self.name] ) self._file_paths = git_lines( ["ls-tree", "-r", "--format=%(path)", self._ref] @@ -178,7 +178,7 @@ def get_stable_branch( # Moreover, we *assume* that the branch with the most recent ESR version # with such a tag will be used in the *next* stable build in # tor-browser-build. - tag_glob = f"{compare_version.prefix}-*esr-*-*-build1" + tag_glob = f"{compare_version.prefix}-*-build1" # To speed up, only fetch the tags without blobs. git_run( @@ -188,10 +188,15 @@ def get_stable_branch( legacy_branches = [] stable_annotation_regex = re.compile(r"\bstable\b") legacy_annotation_regex = re.compile(r"\blegacy\b") + tag_pattern = re.compile( + rf"^{re.escape(compare_version.prefix)}-[^-]+esr-[^-]+-[^-]+-build1$" + ) for build_tag, annotation in ( line.split(" ", 1) for line in git_lines(["tag", "-n1", "--list", tag_glob]) ): + if not tag_pattern.match(build_tag): + continue is_stable = bool(stable_annotation_regex.search(annotation)) is_legacy = bool(legacy_annotation_regex.search(annotation)) if not is_stable and not is_legacy: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/8dbd8d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/8dbd8d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] 2 commits: AppArmor: remove duplicate rule
by asciiwolf (＠asciiwolf) 31 Oct '24

31 Oct '24

asciiwolf pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: 9f55ecec by intrigeri at 2024-10-15T11:17:37+00:00 AppArmor: remove duplicate rule We include the gnome abstraction, which itself includes the X abstraction, so at least in theory including the X abstraction explicitly should be a no-op. It looks like adding this line was done based on an incorrect assumption (that Lubuntu does not include the gnome abstraction), and even if that assumption were correct, adding this line would not fix the problem (because the parser would fail to compile the profile regardless). - https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/merge_… - https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/merge_… If there's ever evidence of a system where this line actually solves a problem, we can reconsider, and I'll be very curious to understand why. - - - - - a82c1a02 by asciiwolf at 2024-10-31T10:16:38+00:00 Merge branch 'remove-duplicate-rule' into 'main' AppArmor: remove duplicate rule See merge request tpo/applications/torbrowser-launcher!18 - - - - - 1 changed file: - apparmor/torbrowser.Browser.firefox Changes: ===================================== apparmor/torbrowser.Browser.firefox ===================================== @@ -12,7 +12,6 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { #include <abstractions/opencl> #include if exists <abstractions/vulkan> #include if exists <abstractions/dbus-session> - #include if exists <abstractions/X> deny capability sys_ptrace, View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/compar… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/compar… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.4.0esr-14.5-1] 7 commits: fixup! Lox integration
by Pier Angelo Vendrame (＠pierov) 31 Oct '24

31 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 5ebc9fc7 by Henry Wilkes at 2024-10-30T16:13:30+00:00 fixup! Lox integration Bug 42597: Fix `#updatePubkeys`. - - - - - 704133b3 by Henry Wilkes at 2024-10-30T16:13:31+00:00 fixup! Lox integration Bug 42597: Fix generateInvite. We make sure to call handle_issue_invite to convert the response from "issueinvite" into credentials. We also stop stringifying the lox credentials, which are already a string. - - - - - 27ec12e5 by Henry Wilkes at 2024-10-30T16:13:32+00:00 fixup! Lox integration Bug 42597: Made sure we're always using `JSON.parse(request).request` where `request` is generated by lox_wasm. - - - - - 8ca54076 by Henry Wilkes at 2024-10-30T16:24:48+00:00 fixup! Lox integration Bug 42597: Move duplicate logic into `#makeRequest`. Moreover, we pass in the common fetch arguments into buildPostRequest and treat the return value as a string instead of a JSON object. - - - - - d7c52d55 by Henry Wilkes at 2024-10-30T16:26:16+00:00 fixup! Lox integration Bug 42597: Refactor error handling. A lot of the errors can be propagated to the caller. - - - - - f08fc6e4 by Henry Wilkes at 2024-10-30T16:26:17+00:00 fixup! Bug 40597: Implement TorSettings module Bug 42597: Make buildPostRequest accept fetch arguments. This allows the request to buildPostRequest in the Lox module use the same arguments that would be passed to `fetch`. Also, return the text stream, rather than JSON. - - - - - 8dbd8dd6 by Henry Wilkes at 2024-10-30T16:26:18+00:00 fixup! Lox integration Bug 42597: Add note for missing trusted invites. - - - - - 3 changed files: - toolkit/components/lox/Lox.sys.mjs - toolkit/modules/DomainFrontedRequests.sys.mjs - toolkit/modules/Moat.sys.mjs Changes: ===================================== toolkit/components/lox/Lox.sys.mjs ===================================== @@ -37,6 +37,7 @@ XPCOMUtils.defineLazyModuleGetters(lazy, { set_panic_hook: "resource://gre/modules/lox_wasm.jsm", invitation_is_trusted: "resource://gre/modules/lox_wasm.jsm", issue_invite: "resource://gre/modules/lox_wasm.jsm", + handle_issue_invite: "resource://gre/modules/lox_wasm.jsm", prepare_invite: "resource://gre/modules/lox_wasm.jsm", get_invites_remaining: "resource://gre/modules/lox_wasm.jsm", get_trust_level: "resource://gre/modules/lox_wasm.jsm", @@ -91,6 +92,7 @@ const LoxSettingsPrefs = Object.freeze({ export class LoxError extends Error { static BadInvite = "BadInvite"; static LoxServerUnreachable = "LoxServerUnreachable"; + static ErrorResponse = "ErrorResponse"; /** * @param {string} message - The error message. @@ -408,89 +410,47 @@ class LoxImpl { } /** - * Update Lox credential after Lox key rotation - * Do not call directly, use #getPubKeys() instead to start the update only - * once + * Update Lox credential after Lox key rotation. * - * @param {string} prevkeys The public keys we are replacing + * Do not call directly, use #getPubKeys() instead to start the update only + * once. */ - async #updatePubkeys(prevkeys) { - let pubKeys; - try { - pubKeys = await this.#makeRequest("pubkeys", []); - } catch (error) { - lazy.logger.debug("Failed to get pubkeys", error); - // Make the next call try again. - this.#pubKeyPromise = null; - if (!this.#pubKeys) { - throw error; - } - return; - } + async #updatePubkeys() { + let pubKeys = await this.#makeRequest("pubkeys", null); const prevKeys = this.#pubKeys; if (prevKeys !== null) { // check if the lox pubkeys have changed and update the lox - // credentials if so - let lox_cred_req; - try { - lox_cred_req = JSON.parse( - lazy.check_lox_pubkeys_update( - JSON.stringify(pubKeys), - prevkeys, - this.#getCredentials(this.#activeLoxId) - ) - ); - } catch (error) { - lazy.logger.debug("Check lox pubkey update failed", error); - // Make the next call try again. - this.#pubKeyPromise = null; - return; - } - if (lox_cred_req.updated) { + // credentials if so. + // + // The UpdateCredOption rust struct serializes to "req" rather than + // "request". + const { updated, req: request } = JSON.parse( + lazy.check_lox_pubkeys_update( + pubKeys, + prevKeys, + this.#getCredentials(this.#activeLoxId) + ) + ); + if (updated) { + // Try update credentials. + // NOTE: This should be re-callable if any step fails. + // TODO: Verify this. lazy.logger.debug( `Lox pubkey updated, update Lox credential "${this.#activeLoxId}"` ); - let response; - try { - // TODO: If this call doesn't succeed due to a networking error, the Lox - // credential may be in an unusable state (spent but not updated) - // until this request can be completed successfully (and until Lox - // is refactored to send repeat responses: - // https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/74) - response = await this.#makeRequest("updatecred", lox_cred_req.req); - } catch (error) { - lazy.logger.debug("Lox cred update failed.", error); - // Make the next call try again. - this.#pubKeyPromise = null; - return; - } - if (response.hasOwnProperty("error")) { - lazy.logger.error(response.error); - this.#pubKeyPromise = null; - lazy.logger.debug( - `Error response to Lox pubkey update request: "${response.error}", reverting to old pubkeys` - ); - return; - } - let cred; - try { - cred = lazy.handle_update_cred( - lox_cred_req.req, - JSON.stringify(response), - pubKeys - ); - } catch (error) { - lazy.logger.debug("Unable to handle updated Lox cred", error); - // Make the next call try again. - this.#pubKeyPromise = null; - return; - } + // TODO: If this call doesn't succeed due to a networking error, the Lox + // credential may be in an unusable state (spent but not updated) + // until this request can be completed successfully (and until Lox + // is refactored to send repeat responses: + // https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/74) + let response = await this.#makeRequest("updatecred", request); + let cred = lazy.handle_update_cred(request, response, pubKeys); this.#changeCredentials(this.#activeLoxId, cred); } } // If we arrive here we haven't had other errors before, we can actually // store the new public key. - this.#pubKeys = JSON.stringify(pubKeys); + this.#pubKeys = pubKeys; this.#store(); } @@ -498,16 +458,24 @@ class LoxImpl { // FIXME: We are always refetching #pubKeys, #encTable and #constants once // per session, but they may change more frequently. tor-browser#42502 if (this.#pubKeyPromise === null) { - this.#pubKeyPromise = this.#updatePubkeys(); + this.#pubKeyPromise = this.#updatePubkeys().catch(error => { + lazy.logger.debug("Failed to update pubKeys", error); + // Try again with the next call. + this.#pubKeyPromise = null; + if (!this.#pubKeys) { + // Re-throw if we have no pubKeys value for the caller. + throw error; + } + }); } await this.#pubKeyPromise; } async #getEncTable() { if (this.#encTablePromise === null) { - this.#encTablePromise = this.#makeRequest("reachability", []) + this.#encTablePromise = this.#makeRequest("reachability", null) .then(encTable => { - this.#encTable = JSON.stringify(encTable); + this.#encTable = encTable; this.#store(); }) .catch(error => { @@ -526,10 +494,10 @@ class LoxImpl { async #getConstants() { if (this.#constantsPromise === null) { // Try to update first, but if that doesn't work fall back to stored data - this.#constantsPromise = this.#makeRequest("constants", []) + this.#constantsPromise = this.#makeRequest("constants", null) .then(constants => { const prevValue = this.#constants; - this.#constants = JSON.stringify(constants); + this.#constants = constants; this.#store(); if (prevValue !== this.#constants) { Services.obs.notifyObservers(null, LoxTopics.UpdateNextUnlock); @@ -579,7 +547,6 @@ class LoxImpl { */ async #backgroundTasks() { this.#assertInitialized(); - let addedEvent = false; // Only run background tasks for the active lox ID. const loxId = this.#activeLoxId; if (!loxId) { @@ -591,37 +558,39 @@ class LoxImpl { // this should catch key rotations (ideally some days) prior to the next // credential update await this.#getPubKeys(); + let levelup = false; try { - const levelup = await this.#attemptUpgrade(loxId); - if (levelup) { - const level = this.#getLevel(loxId); - const newEvent = { - type: "levelup", - newlevel: level, - }; - this.#events.push(newEvent); - this.#store(); - addedEvent = true; - } - } catch (err) { - lazy.logger.error(err); + levelup = await this.#attemptUpgrade(loxId); + } catch (error) { + lazy.logger.error(error); } + if (levelup) { + const level = this.#getLevel(loxId); + const newEvent = { + type: "levelup", + newlevel: level, + }; + this.#events.push(newEvent); + this.#store(); + } + + let leveldown = false; try { - const leveldown = await this.#blockageMigration(loxId); - if (leveldown) { - let level = this.#getLevel(loxId); - const newEvent = { - type: "blockage", - newlevel: level, - }; - this.#events.push(newEvent); - this.#store(); - addedEvent = true; - } - } catch (err) { - lazy.logger.error(err); + leveldown = await this.#blockageMigration(loxId); + } catch (error) { + lazy.logger.error(error); + } + if (leveldown) { + let level = this.#getLevel(loxId); + const newEvent = { + type: "blockage", + newlevel: level, + }; + this.#events.push(newEvent); + this.#store(); } - if (addedEvent) { + + if (levelup || leveldown) { Services.obs.notifyObservers(null, LoxTopics.UpdateEvents); } } @@ -708,7 +677,7 @@ class LoxImpl { // to issue open invitations for Lox bridges. async requestOpenInvite() { this.#assertInitialized(); - let invite = await this.#makeRequest("invite", []); + let invite = JSON.parse(await this.#makeRequest("invite", null)); lazy.logger.debug(invite); return invite; } @@ -725,23 +694,20 @@ class LoxImpl { // It's fine to get pubkey here without a delay since the user will not have a Lox // credential yet await this.#getPubKeys(); + // NOTE: We currently only handle "open invites". + // "trusted invites" are not yet supported. tor-browser#42974. let request = await lazy.open_invite(JSON.parse(invite).invite); - let response = await this.#makeRequest( - "openreq", - JSON.parse(request).request - ); - lazy.logger.debug("openreq response: ", response); - if (response.hasOwnProperty("error")) { - throw new LoxError( - `Error response to "openreq": ${response.error}`, - LoxError.BadInvite - ); + let response; + try { + response = await this.#makeRequest("openreq", request); + } catch (error) { + if (error instanceof LoxError && error.code === LoxError.ErrorResponse) { + throw new LoxError("Error response to openreq", LoxError.BadInvite); + } else { + throw error; + } } - let cred = lazy.handle_new_lox_credential( - request, - JSON.stringify(response), - this.#pubKeys - ); + let cred = lazy.handle_new_lox_credential(request, response, this.#pubKeys); // Generate an id that is not already in the #credentials map. let loxId; do { @@ -795,31 +761,32 @@ class LoxImpl { throw new LoxError(`Cannot generate invites at level ${level}`); } let request = lazy.issue_invite( - JSON.stringify(this.#getCredentials(loxId)), + this.#getCredentials(loxId), this.#encTable, this.#pubKeys ); - let response = await this.#makeRequest( - "issueinvite", - JSON.parse(request).request - ); - if (response.hasOwnProperty("error")) { - lazy.logger.error(response.error); - throw new LoxError(`Error response to "issueinvite": ${response.error}`); - } else { - const invite = lazy.prepare_invite(response); - this.#invites.push(invite); - // cap length of stored invites - if (this.#invites.len > 50) { - this.#invites.shift(); - } - this.#store(); - this.#changeCredentials(loxId, response); - Services.obs.notifyObservers(null, LoxTopics.NewInvite); - // Return a copy. - // Right now invite is just a string, but that might change in the future. - return structuredClone(invite); + let response = await this.#makeRequest("issueinvite", request); + // TODO: Do we ever expect handle_issue_invite to fail (beyond + // implementation bugs)? + // TODO: What happens if #pubkeys for `issue_invite` differs from the value + // when calling `handle_issue_invite`? Should we cache the value at the + // start of this method? + let cred = lazy.handle_issue_invite(request, response, this.#pubKeys); + + // Store the new credentials as a priority. + this.#changeCredentials(loxId, cred); + + const invite = lazy.prepare_invite(cred); + this.#invites.push(invite); + // cap length of stored invites + if (this.#invites.len > 50) { + this.#invites.shift(); } + this.#store(); + Services.obs.notifyObservers(null, LoxTopics.NewInvite); + // Return a copy. + // Right now invite is just a string, but that might change in the future. + return structuredClone(invite); } /** @@ -845,15 +812,13 @@ class LoxImpl { return false; } let response = await this.#makeRequest("checkblockage", request); - if (response.hasOwnProperty("error")) { - lazy.logger.error(response.error); - throw new LoxError( - `Error response to "checkblockage": ${response.error}` - ); - } + // NOTE: If a later method fails, we should be ok to re-call "checkblockage" + // from the Lox authority. So there shouldn't be any adverse side effects to + // loosing migrationCred. + // TODO: Confirm this is safe to lose. const migrationCred = lazy.handle_check_blockage( this.#getCredentials(loxId), - JSON.stringify(response) + response ); request = lazy.blockage_migration( this.#getCredentials(loxId), @@ -861,26 +826,21 @@ class LoxImpl { this.#pubKeys ); response = await this.#makeRequest("blockagemigration", request); - if (response.hasOwnProperty("error")) { - lazy.logger.error(response.error); - throw new LoxError( - `Error response to "blockagemigration": ${response.error}` - ); - } const cred = lazy.handle_blockage_migration( this.#getCredentials(loxId), - JSON.stringify(response), + response, this.#pubKeys ); this.#changeCredentials(loxId, cred); return true; } - /** Attempts to upgrade the currently saved Lox credential. - * If an upgrade is available, save an event in the event list. + /** + * Attempts to upgrade the currently saved Lox credential. + * If an upgrade is available, save an event in the event list. * - * @param {string} loxId Lox ID - * @returns {boolean} Whether a levelup event occurred. + * @param {string} loxId Lox ID + * @returns {boolean} Whether the credential was successfully migrated. */ async #attemptUpgrade(loxId) { await this.#getEncTable(); @@ -895,16 +855,18 @@ class LoxImpl { this.#encTable, this.#pubKeys ); - const response = await this.#makeRequest("levelup", request); - if (response.hasOwnProperty("error")) { - lazy.logger.error(response.error); - throw new LoxError(`Error response to "levelup": ${response.error}`); + let response; + try { + response = await this.#makeRequest("levelup", request); + } catch (error) { + if (error instanceof LoxError && error.code === LoxError.ErrorResponse) { + // Not an error. + lazy.logger.debug("Not ready for level up", error); + return false; + } + throw error; } - const cred = lazy.handle_level_up( - request, - JSON.stringify(response), - this.#pubKeys - ); + const cred = lazy.handle_level_up(request, response, this.#pubKeys); this.#changeCredentials(loxId, cred); return true; } @@ -922,76 +884,40 @@ class LoxImpl { this.#getPubKeys(); return false; } - let request, response; + let request; try { request = lazy.trust_promotion( this.#getCredentials(loxId), this.#pubKeys ); } catch (err) { + // This function is called routinely during the background tasks without + // previous checks on whether an upgrade is possible, so it is expected to + // fail with a certain frequency. Therefore, do not relay the error to the + // caller and just log the message for debugging. lazy.logger.debug("Not ready to upgrade", err); return false; } - try { - response = await this.#makeRequest( - "trustpromo", - JSON.parse(request).request - ); - } catch (err) { - lazy.logger.error("Failed trust promotion", err); - return false; - } - if (response.hasOwnProperty("error")) { - lazy.logger.error("Error response from trustpromo", response.error); - return false; - } - lazy.logger.debug("Got promotion cred", response, request); - let promoCred; - try { - promoCred = lazy.handle_trust_promotion( - request, - JSON.stringify(response) - ); - lazy.logger.debug("Formatted promotion cred"); - } catch (err) { - lazy.logger.error( - "Unable to handle trustpromo response properly", - response.error - ); - return false; - } - try { - request = lazy.trust_migration( - this.#getCredentials(loxId), - promoCred, - this.#pubKeys - ); - lazy.logger.debug("Formatted migration request"); - } catch (err) { - lazy.logger.error("Failed to generate trust migration request", err); - return false; - } - try { - response = await this.#makeRequest( - "trustmig", - JSON.parse(request).request - ); - } catch (err) { - lazy.logger.error("Failed trust migration", err); - return false; - } - if (response.hasOwnProperty("error")) { - lazy.logger.error("Error response from trustmig", response.error); - return false; - } - lazy.logger.debug("Got new credential"); - let cred; - try { - cred = lazy.handle_trust_migration(request, response); - } catch (err) { - lazy.logger.error("Failed to handle response from trustmig", err); - return false; - } + + let response = await this.#makeRequest("trustpromo", request); + // FIXME: Store response to "trustpromo" in case handle_trust_promotion + // or "trustmig" fails. The Lox authority will not accept a re-request + // to "trustpromo" with the same credentials. + let promoCred = lazy.handle_trust_promotion(request, response); + lazy.logger.debug("Formatted promotion cred: ", promoCred); + + request = lazy.trust_migration( + this.#getCredentials(loxId), + promoCred, + this.#pubKeys + ); + response = await this.#makeRequest("trustmig", request); + lazy.logger.debug("Got new credential: ", response); + + // FIXME: Store response to "trustmig" in case handle_trust_migration + // fails. The Lox authority will not accept a re-request to "trustmig" with + // the same credentials. + let cred = lazy.handle_trust_migration(request, response); this.#changeCredentials(loxId, cred); return true; } @@ -1079,38 +1005,47 @@ class LoxImpl { }; } - async #makeRequest(procedure, args) { + /** + * Fetch from the Lox authority. + * + * @param {string} procedure - The request endpoint. + * @param {string} body - The arguments to send in the body, if any. + * + * @returns {string} - The response body. + */ + async #fetch(procedure, body) { // TODO: Customize to for Lox - const serviceUrl = "https://lox.torproject.org"; - const url = `${serviceUrl}/${procedure}`; + const url = `https://lox.torproject.org/${procedure}`; + const method = "POST"; + const contentType = "application/vnd.api+json"; if (lazy.TorConnect.state === lazy.TorConnectState.Bootstrapped) { let request; try { request = await fetch(url, { - method: "POST", - headers: { - "Content-Type": "application/vnd.api+json", - }, - body: JSON.stringify(args), + method, + headers: { "Content-Type": contentType }, + body, }); } catch (error) { - lazy.logger.debug("fetch fail", url, args, error); + lazy.logger.debug("fetch fail", url, body, error); throw new LoxError( `fetch "${procedure}" from Lox authority failed: ${error?.message}`, LoxError.LoxServerUnreachable ); } if (!request.ok) { - lazy.logger.debug("fetch response", url, args, request); + lazy.logger.debug("fetch response", url, body, request); // Do not treat as a LoxServerUnreachable type. throw new LoxError( `Lox authority responded to "${procedure}" with ${request.status}: ${request.statusText}` ); } - return request.json(); + return request.text(); } + // TODO: Only make domain fronted requests with user permission. + // tor-browser#42606. if (this.#domainFrontedRequests === null) { this.#domainFrontedRequests = new Promise((resolve, reject) => { // TODO: Customize to the values for Lox @@ -1129,9 +1064,9 @@ class LoxImpl { } const builder = await this.#domainFrontedRequests; try { - return await builder.buildPostRequest(url, args); + return await builder.buildRequest(url, { method, contentType, body }); } catch (error) { - lazy.logger.debug("Domain front request fail", url, args, error); + lazy.logger.debug("Domain front request fail", url, body, error); if (error instanceof lazy.DomainFrontRequestNetworkError) { throw new LoxError( `Domain front fetch "${procedure}" from Lox authority failed: ${error?.message}`, @@ -1149,6 +1084,37 @@ class LoxImpl { ); } } + + /** + * Make a request to the lox authority, check for an error response, and + * convert it to a string. + * + * @param {string} procedure - The request endpoint. + * @param {?string} request - The request data, as a JSON string containing a + * "request" field. Or `null` to send no data. + * + * @returns {string} - The stringified JSON response. + */ + async #makeRequest(procedure, request) { + // Verify that the response is valid json, by parsing. + const jsonResponse = JSON.parse( + await this.#fetch( + procedure, + request ? JSON.stringify(JSON.parse(request).request) : "" + ) + ); + lazy.logger.debug(`${procedure} response:`, jsonResponse); + if (Object.hasOwn(jsonResponse, "error")) { + // TODO: Figure out if any of the "error" responses should be treated as + // an error. I.e. which of the procedures have soft failures and hard + // failures. + throw LoxError( + `Error response to ${procedure}: ${jsonResponse.error}`, + LoxError.ErrorResponse + ); + } + return JSON.stringify(jsonResponse); + } } export const Lox = new LoxImpl(); ===================================== toolkit/modules/DomainFrontedRequests.sys.mjs ===================================== @@ -523,34 +523,31 @@ export class DomainFrontRequestBuilder { } /** - * Make a POST request with a JSON body and a JSON response. + * Make a request. * - * @param {string} url The URL to load - * @param {object} args The arguments to send to the procedure. It will be - * serialized to JSON by this function and then set as POST body - * @returns {Promise<object>} A promise with the parsed response + * @param {string} url The URL to request. + * @param {object} args The arguments to send to the procedure. + * @param {string} args.method The request method. + * @param {string} args.body The request body. + * @param {string} args.contentType The "Content-Type" header to set. + * @returns {string} The response body. */ - async buildPostRequest(url, args) { + async buildRequest(url, args) { const ch = this.buildHttpHandler(url); - const argsJson = JSON.stringify(args); const inStream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance( Ci.nsIStringInputStream ); - inStream.setData(argsJson, argsJson.length); + inStream.setData(args.body, args.body.length); const upChannel = ch.QueryInterface(Ci.nsIUploadChannel); - const contentType = "application/vnd.api+json"; - upChannel.setUploadStream(inStream, contentType, argsJson.length); - ch.requestMethod = "POST"; + upChannel.setUploadStream(inStream, args.contentType, args.body.length); + ch.requestMethod = args.method; // Make request const listener = new ResponseListener(); await ch.asyncOpen(listener, ch); // wait for response - const responseJSON = await listener.response(); - - // parse that JSON - return JSON.parse(responseJSON); + return listener.response(); } } ===================================== toolkit/modules/Moat.sys.mjs ===================================== @@ -108,7 +108,13 @@ export class MoatRPC { const procedureURIString = `${Services.prefs.getStringPref( TorLauncherPrefs.moat_service )}/${procedure}`; - return this.#requestBuilder.buildPostRequest(procedureURIString, args); + return JSON.parse( + await this.#requestBuilder.buildRequest(procedureURIString, { + method: "POST", + contentType: "application/vnd.api+json", + body: JSON.stringify(args), + }) + ); } async testInternetConnection() { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/5e9deb… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/5e9deb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41286: Update the deploy update scripts to optinally take an override hash
by morgan (＠morgan) 30 Oct '24

30 Oct '24

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 7dfebb7a by Nicolas Vigier at 2024-10-30T18:36:12+00:00 Bug 41286: Update the deploy update scripts to optinally take an override hash - - - - - 1 changed file: - tools/signing/upload-update_responses-to-staticiforme Changes: ===================================== tools/signing/upload-update_responses-to-staticiforme ===================================== @@ -58,12 +58,20 @@ cat << EOF > "$deploy_script" #!/bin/bash set -e -echo "Deploying version $tbb_version" -echo "update_responses_commit: $update_responses_commit" +if test "\$#" -gt 1; then + echo >&2 "Wrong number of arguments" + exit 2 +fi + +commit=$update_responses_commit +test "\$#" -eq 1 && commit="\$1" + +test "\$#" -eq 0 && echo "Deploying version $tbb_version" +echo "update_responses_commit: \$commit" cd "$update_dir" git fetch -changed_files="\$(git diff --name-only HEAD $update_responses_commit)" +changed_files="\$(git diff --name-only HEAD \$commit)" if echo "\$changed_files" | grep -qv "$tbb_version_type" then echo >&2 "Error: checking out new update_response_commit will changes" @@ -75,7 +83,7 @@ then echo >&2 "See tor-browser-build#41168 for more details." exit 1 fi -git checkout "$update_responses_commit" +git checkout "\$commit" static-update-component aus1.torproject.org EOF View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41286: Update the deploy update scripts to optinally take an override hash
by morgan (＠morgan) 30 Oct '24

30 Oct '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 5c1ddf37 by Nicolas Vigier at 2024-10-30T18:35:18+00:00 Bug 41286: Update the deploy update scripts to optinally take an override hash - - - - - 1 changed file: - tools/signing/upload-update_responses-to-staticiforme Changes: ===================================== tools/signing/upload-update_responses-to-staticiforme ===================================== @@ -55,12 +55,20 @@ cat << EOF > "$deploy_script" #!/bin/bash set -e -echo "Deploying version $tbb_version" -echo "update_responses_commit: $update_responses_commit" +if test "\$#" -gt 1; then + echo >&2 "Wrong number of arguments" + exit 2 +fi + +commit=$update_responses_commit +test "\$#" -eq 1 && commit="\$1" + +test "\$#" -eq 0 && echo "Deploying version $tbb_version" +echo "update_responses_commit: \$commit" cd "$update_dir" git fetch -changed_files="\$(git diff --name-only HEAD $update_responses_commit)" +changed_files="\$(git diff --name-only HEAD \$commit)" if echo "\$changed_files" | grep -qv "$tbb_version_type" then echo >&2 "Error: checking out new update_response_commit will changes" @@ -72,7 +80,7 @@ then echo >&2 "See tor-browser-build#41168 for more details." exit 1 fi -git checkout "$update_responses_commit" +git checkout "\$commit" static-update-component aus1.torproject.org EOF View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41286: Update the deploy update scripts to optinally take an override hash
by morgan (＠morgan) 30 Oct '24

30 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 1c24b4a9 by Nicolas Vigier at 2024-10-30T17:48:34+01:00 Bug 41286: Update the deploy update scripts to optinally take an override hash - - - - - 2 changed files: - .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md - tools/signing/upload-update_responses-to-staticiforme Changes: ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md ===================================== @@ -268,37 +268,9 @@ popd git show -s --format=%H ``` - On `staticiforme.torproject.org`, deploy new update responses: - - **NOTE**: for now this is a bit janky, we should somehow update the workflow to be a bit less hacky - - [ ] Edit an existing `deploy_update_responses-release.sh` script in your `HOME` directory with the newly pushed commit hash - - **example**: (hash: `d938943`) - ```bash - #!/bin/bash - set -e - - echo "Deploying version 14.0" - echo "update_responses_commit: d938943" - - cd "/srv/aus1-master.torproject.org/htdocs/torbrowser" - git fetch - changed_files="$(git diff --name-only HEAD d938943)" - if echo "$changed_files" | grep -qv "release" - then - echo >&2 "Error: checking out new update_response_commit will changes" - echo >&2 "some files outside of the release directory:" - echo "$changed_files" | grep -v "release" >&2 - echo >&2 "--" - echo >&2 "If this is really what you want to do, edit this script to" - echo >&2 "remove the line 'exit 1' and run it again." - echo >&2 "See tor-browser-build#41168 for more details." - exit 1 - fi - git checkout "d938943" - - static-update-component aus1.torproject.org - ``` - - [ ] Enable update responses: + - [ ] Enable update responses, passing the commit hash as argument (replace $commit): ```bash - sudo -u tb-release ./deploy_update_responses-release.sh + sudo -u tb-release ./deploy_update_responses-release.sh $commit ``` </details> ===================================== tools/signing/upload-update_responses-to-staticiforme ===================================== @@ -55,12 +55,20 @@ cat << EOF > "$deploy_script" #!/bin/bash set -e -echo "Deploying version $tbb_version" -echo "update_responses_commit: $update_responses_commit" +if test "\$#" -gt 1; then + echo >&2 "Wrong number of arguments" + exit 2 +fi + +commit=$update_responses_commit +test "\$#" -eq 1 && commit="\$1" + +test "\$#" -eq 0 && echo "Deploying version $tbb_version" +echo "update_responses_commit: \$commit" cd "$update_dir" git fetch -changed_files="\$(git diff --name-only HEAD $update_responses_commit)" +changed_files="\$(git diff --name-only HEAD \$commit)" if echo "\$changed_files" | grep -qv "$tbb_version_type" then echo >&2 "Error: checking out new update_response_commit will changes" @@ -72,7 +80,7 @@ then echo >&2 "See tor-browser-build#41168 for more details." exit 1 fi -git checkout "$update_responses_commit" +git checkout "\$commit" static-update-component aus1.torproject.org EOF View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.4.0esr-14.5-1] fixup! Adding issue and merge request templates
by Pier Angelo Vendrame (＠pierov) 30 Oct '24

30 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 60885fba by Henry Wilkes at 2024-10-30T19:33:54+01:00 fixup! Adding issue and merge request templates Bug 43262: Update QA desktop checklist to include testing saved keys and their preferences. - - - - - 1 changed file: - .gitlab/issue_templates/QA - Desktop.md Changes: ===================================== .gitlab/issue_templates/QA - Desktop.md ===================================== @@ -135,6 +135,10 @@ Manual QA test check-list for major desktop releases. Please copy/paste form int - [ ] Onion-Location pill - [ ] Client authentication - You can create an ephemeral client-auth onion-service using [onion share](https://onionshare.org) + - [ ] Remember key option saves the key between sessions. + - [ ] Saved keys are viewable in preferences (privacy). + - [ ] Can remove individual keys. + - [ ] Can remove all keys at once. - [ ] Onion service errors - [ ] invalid onion: http://invalid.onion - [ ] onion offline: http://wfdn32ds656ycma5gvrh7duvdvxbg2ygzr3no3ijsya25qm6nnko4iqd.onion/ View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/608… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/608… You're receiving this email because of your account on gitlab.torproject.org.

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

tbb-commits