[tor-browser-bundle/master] Bug 12903: Integrate obfs4proxy into Tor Browser. - tbb-commits

28 Oct 2014

commit bb6389fbe7aa9539c4dce2aba0659e61ae8a376a
Author: Georg Koppen gk@torproject.org
Date:   Mon Oct 13 11:42:46 2014 +0000
Bug 12903: Integrate obfs4proxy into Tor Browser.
We start shipping obfs4proxy in Tor Browser nightlies and the alpha
    series.
---
 .../Docs/Licenses/PluggableTransports/LICENSE      |   77 +++++++++++++++++---
 Bundle-Data/PTConfigs/bridge_prefs.js              |    4 +
 .../PTConfigs/linux/torrc-defaults-appendix        |    6 +-
 Bundle-Data/PTConfigs/mac/torrc-defaults-appendix  |    5 +-
 .../PTConfigs/windows/torrc-defaults-appendix      |    5 +-
 .../linux/gitian-pluggable-transports.yml          |   54 ++++++++++++++
 .../mac/gitian-pluggable-transports.yml            |   54 ++++++++++++++
 .../windows/gitian-pluggable-transports.yml        |   54 ++++++++++++++
 gitian/fetch-inputs.sh                             |   17 ++++-
 gitian/gpg/obfs4proxy.gpg                          |  Bin 0 -> 34128 bytes
 gitian/mkbundle-linux.sh                           |    3 +-
 gitian/mkbundle-mac.sh                             |    3 +-
 gitian/mkbundle-windows.sh                         |    3 +-
 gitian/verify-tags.sh                              |    5 +-
 gitian/versions.alpha                              |    9 +++
 gitian/versions.nightly                            |    9 +++
 16 files changed, 291 insertions(+), 17 deletions(-)

diff --git a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE
index 749986b..c6efd2c 100644
--- a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE
+++ b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE
@@ -13,15 +13,6 @@ file LICENSE.PYTHON.
===============================================================================
-Go
-
-Some pluggable transports are written in Go and the binary packages include
-parts of the Go runtime library. A copy of the Go license (which itself
-includes the licenses of some of Go's components) is included in the file
-LICENSE.GO.
-
-===============================================================================
-
 OpenSSL
(From http://openssl.org/source/license.html.)
@@ -447,3 +438,71 @@ To the extent possible under law, the authors have dedicated all
 copyright and related and neighboring rights to this software to the
 public domain worldwide. This software is distributed without any
 warranty. See LICENSE.CC0.
+
+===============================================================================
+
+obfs4
+
+Copyright (c) 2014, Yawning Angel <yawning at torproject dot org>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+   this list of conditions and the following disclaimer.
+
+ * Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+===============================================================================
+
+go.net
+
+Copyright 2009 The Go Authors. All rights reserved.
+Use of this source code is governed by a BSD-style
+license that can be found in the LICENSE file.
+
+For details about the Go License, please see LICENSE.GO.
+
+===============================================================================
+
+go.crypto
+
+Copyright 2009 The Go Authors. All rights reserved.
+Use of this source code is governed by a BSD-style
+license that can be found in the LICENSE file.
+
+For details about the Go License, please see LICENSE.GO.
+
+===============================================================================
+
+agl/ed25519
+
+Copyright 2013 The Go Authors. All rights reserved.
+Use of this source code is governed by a BSD-style
+license that can be found in the LICENSE file.
+
+For details about the Go License, please see LICENSE.GO.
+
+===============================================================================
+
+dchest/siphash
+
+To the extent possible under law, the authors have dedicated all
+copyright and related and neighboring rights to this software to the
+public domain worldwide. This software is distributed without any
+warranty. See LICENSE.CC0.
diff --git a/Bundle-Data/PTConfigs/bridge_prefs.js b/Bundle-Data/PTConfigs/bridge_prefs.js
index d9c2049..7684fec 100644
--- a/Bundle-Data/PTConfigs/bridge_prefs.js
+++ b/Bundle-Data/PTConfigs/bridge_prefs.js
@@ -30,6 +30,10 @@ pref("extensions.torlauncher.default_bridge.scramblesuit.1", "scramblesuit 188.4
 pref("extensions.torlauncher.default_bridge.scramblesuit.2", "scramblesuit 188.226.213.208:54278 AA5A86C1490296EF4FACA946CC5A182FCD1C5B1E password=MD2VRP7WXAMSG7MKIGMHI4CB4BMSNO7T");
 pref("extensions.torlauncher.default_bridge.scramblesuit.3", "scramblesuit 83.212.101.3:443 A09D536DD1752D542E1FBB3C9CE4449D51298239 password=XTCXLG2JAMJKZW2POLBAOWOQETQSMASH");
+pref("extensions.torlauncher.default_bridge.obfs4.1", "obfs4 178.209.52.110:443 67E72FF33D7D41BF11C569646A0A7B4B188340DF cert=Z+cv8z19Qb8RxWlkagp7SxiDQN++b7D2Tntowhf+j4D15/kLuj3EoSSGvuREGPc3h60Ofw iat-mode=0");
+pref("extensions.torlauncher.default_bridge.obfs4.2", "obfs4 83.212.101.3:41213 A09D536DD1752D542E1FBB3C9CE4449D51298239 cert=lPRQ/MXdD1t5SRZ9MquYQNT9m5DV757jtdXdlePmRCudUU9CFUOX1Tm7/meFSyPOsud7Cw iat-mode=0");
+pref("extensions.torlauncher.default_bridge.obfs4.3", "obfs4 104.131.108.182:56880 EF577C30B9F788B0E1801CF7E433B3B77792B77A cert=0SFhfDQrKjUJP8Qq6wrwSICEPf3Vl/nJRsYxWbg3QRoSqhl2EB78MPS2lQxbXY4EW1wwXA iat-mode=0");
+
 pref("extensions.torlauncher.default_bridge.meek-google.1", "meek 0.0.2.0:1 url=https://meek-reflect.appspot.com/ front=www.google.com");
 pref("extensions.torlauncher.default_bridge.meek-amazon.1", "meek 0.0.2.0:2 url=https://d2zfqthxsdq309.cloudfront.net/ front=a0.awsstatic.com");
 pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek 0.0.2.0:3 url=https://az668014.vo.msecnd.net/ front=ajax.aspnetcdn.com");
diff --git a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
index d019d19..50e03fd 100644
--- a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
+++ b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
@@ -2,7 +2,11 @@
 ClientTransportPlugin fte exec ./TorBrowser/Tor/PluggableTransports/fteproxy.bin --managed
## obfsproxy configuration
-ClientTransportPlugin obfs2,obfs3,scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfsproxy.bin managed
+ClientTransportPlugin scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfsproxy.bin managed
+
+## obfs4proxy configuration
+ClientTransportPlugin obfs2,obfs3,obfs4 exec ./TorBrowser/Tor/PluggableTransports/obfs4proxy
+
 ## flash proxy configuration
 #
 # Change the second number here (9000) to the number of a port that can
diff --git a/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix b/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix
index d6ec189..604098f 100644
--- a/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix
+++ b/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix
@@ -2,7 +2,10 @@
 ClientTransportPlugin fte exec PluggableTransports/fteproxy.bin --managed
## obfsproxy configuration
-ClientTransportPlugin obfs2,obfs3,scramblesuit exec PluggableTransports/obfsproxy.bin managed
+ClientTransportPlugin scramblesuit exec PluggableTransports/obfsproxy.bin managed
+
+## obfs4proxy configuration
+ClientTransportPlugin obfs2,obfs3,obfs4 exec PluggableTransports/obfs4proxy
## flash proxy configuration
 #
diff --git a/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix b/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix
index f1b103d..d92d201 100644
--- a/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix
+++ b/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix
@@ -2,7 +2,10 @@
 ClientTransportPlugin fte exec TorBrowser\Tor\PluggableTransports\fteproxy --managed
## obfsproxy configuration
-ClientTransportPlugin obfs2,obfs3,scramblesuit exec TorBrowser\Tor\PluggableTransports\obfsproxy managed
+ClientTransportPlugin scramblesuit exec TorBrowser\Tor\PluggableTransports\obfsproxy managed
+
+## obfs4proxy configuration
+ClientTransportPlugin obfs2,obfs3,obfs4 exec TorBrowser\Tor\PluggableTransports\obfs4proxy
## flash proxy configuration
 #
diff --git a/gitian/descriptors/linux/gitian-pluggable-transports.yml b/gitian/descriptors/linux/gitian-pluggable-transports.yml
index 7e23ec5..daa1225 100644
--- a/gitian/descriptors/linux/gitian-pluggable-transports.yml
+++ b/gitian/descriptors/linux/gitian-pluggable-transports.yml
@@ -32,6 +32,12 @@ remotes:
   "dir": "goptlib"
 - "url": "https://git.torproject.org/pluggable-transports/meek.git"
   "dir": "meek"
+- "url": "https://github.com/agl/ed25519.git"
+  "dir": "ed25519"
+- "url": "https://github.com/dchest/siphash.git"
+  "dir": "siphash"
+- "url": "https://git.torproject.org/pluggable-transports/obfs4.git"
+  "dir": "obfs4"
 files:
 - "pycrypto.tar.gz"
 - "argparse.tar.gz"
@@ -46,6 +52,8 @@ files:
 - "gmp-linux64-utils.zip"
 - "openssl-linux32-utils.zip"
 - "openssl-linux64-utils.zip"
+- "go.crypto.tar.bz2"
+- "go.net.tar.bz2"
 script: |
   INSTDIR="$HOME/install"
   PTDIR="$INSTDIR/Tor/PluggableTransports"
@@ -217,6 +225,52 @@ script: |
   cp -a README doc/*.1 $INSTDIR/Docs/meek
   cd ..
+  # Building go ed25519
+  cd ed25519
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/github.com/agl/"
+  ln -sf "$PWD" "$GOPATH/src/github.com/agl/ed25519"
+  go install github.com/agl/ed25519/extra25519
+  cd ..
+
+  # Building go siphash
+  cd siphash
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/github.com/dchest/"
+  ln -sf "$PWD" "$GOPATH/src/github.com/dchest/siphash"
+  go install github.com/dchest/siphash
+  cd ..
+
+  # Building go.crypto
+  tar xjf go.crypto.tar.bz2
+  cd go.crypto
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/code.google.com/p/"
+  ln -sf "$PWD" "$GOPATH/src/code.google.com/p/go.crypto"
+  go install code.google.com/p/go.crypto/curve25519
+  go install code.google.com/p/go.crypto/hkdf
+  go install code.google.com/p/go.crypto/nacl/secretbox
+  cd ..
+
+  # Building go.net
+  tar xjf go.net.tar.bz2
+  cd go.net
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/code.google.com/p/"
+  ln -sf "$PWD" "$GOPATH/src/code.google.com/p/go.net"
+  go install code.google.com/p/go.net/proxy
+  cd ..
+
+  # Building obfs4proxy
+  cd obfs4
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports"
+  ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/obfs4.git"
+  cd obfs4proxy
+  go build -ldflags '-s'
+  cp -a obfs4proxy $PTDIR
+  cd ../..
+
   # Grabbing the results
   cd $INSTDIR
   ~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-gbuilt.zip Tor/ Docs/
diff --git a/gitian/descriptors/mac/gitian-pluggable-transports.yml b/gitian/descriptors/mac/gitian-pluggable-transports.yml
index 33df49f..4c25f07 100644
--- a/gitian/descriptors/mac/gitian-pluggable-transports.yml
+++ b/gitian/descriptors/mac/gitian-pluggable-transports.yml
@@ -30,6 +30,12 @@ remotes:
   "dir": "goptlib"
 - "url": "https://git.torproject.org/pluggable-transports/meek.git"
   "dir": "meek"
+- "url": "https://github.com/agl/ed25519.git"
+  "dir": "ed25519"
+- "url": "https://github.com/dchest/siphash.git"
+  "dir": "siphash"
+- "url": "https://git.torproject.org/pluggable-transports/obfs4.git"
+  "dir": "obfs4"
 files:
 - "pycrypto.tar.gz"
 - "argparse.tar.gz"
@@ -44,6 +50,8 @@ files:
 - "dzip.sh"
 - "gmp-mac32-utils.zip"
 - "openssl-mac32-utils.zip"
+- "go.crypto.tar.bz2"
+- "go.net.tar.bz2"
 script: |
   INSTDIR="$HOME/install"
   TBDIR="$INSTDIR/TorBrowserBundle.app/TorBrowser"
@@ -245,6 +253,52 @@ script: |
   cp -a README doc/*.1 $TBDIR/Docs/meek
   cd ..
+  # Building go ed25519
+  cd ed25519
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/github.com/agl/"
+  ln -sf "$PWD" "$GOPATH/src/github.com/agl/ed25519"
+  go install github.com/agl/ed25519/extra25519
+  cd ..
+
+  # Building go siphash
+  cd siphash
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/github.com/dchest/"
+  ln -sf "$PWD" "$GOPATH/src/github.com/dchest/siphash"
+  go install github.com/dchest/siphash
+  cd ..
+
+  # Building go.crypto
+  tar xjf go.crypto.tar.bz2
+  cd go.crypto
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/code.google.com/p/"
+  ln -sf "$PWD" "$GOPATH/src/code.google.com/p/go.crypto"
+  go install code.google.com/p/go.crypto/curve25519
+  go install code.google.com/p/go.crypto/hkdf
+  go install code.google.com/p/go.crypto/nacl/secretbox
+  cd ..
+
+  # Building go.net
+  tar xjf go.net.tar.bz2
+  cd go.net
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/code.google.com/p/"
+  ln -sf "$PWD" "$GOPATH/src/code.google.com/p/go.net"
+  go install code.google.com/p/go.net/proxy
+  cd ..
+
+  # Building obfs4proxy
+  cd obfs4
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports"
+  ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/obfs4.git"
+  cd obfs4proxy
+  go build -ldflags '-s'
+  cp -a obfs4proxy $PTDIR
+  cd ../..
+
   # Grabbing the result
   cd $INSTDIR
   ~/build/dzip.sh pluggable-transports-mac$GBUILD_BITS-gbuilt.zip TorBrowserBundle.app
diff --git a/gitian/descriptors/windows/gitian-pluggable-transports.yml b/gitian/descriptors/windows/gitian-pluggable-transports.yml
index 6a6301d..bd3189b 100644
--- a/gitian/descriptors/windows/gitian-pluggable-transports.yml
+++ b/gitian/descriptors/windows/gitian-pluggable-transports.yml
@@ -29,6 +29,12 @@ remotes:
   "dir": "goptlib"
 - "url": "https://git.torproject.org/pluggable-transports/meek.git"
   "dir": "meek"
+- "url": "https://github.com/agl/ed25519.git"
+  "dir": "ed25519"
+- "url": "https://github.com/dchest/siphash.git"
+  "dir": "siphash"
+- "url": "https://git.torproject.org/pluggable-transports/obfs4.git"
+  "dir": "obfs4"
 files:
 - "setuptools.tar.gz"
 - "pycrypto.tar.gz"
@@ -49,6 +55,8 @@ files:
 - "openssl-win32-utils.zip"
 - "gmp-win32-utils.zip"
 - "gcclibs-win32-utils.zip"
+- "go.crypto.tar.bz2"
+- "go.net.tar.bz2"
 script: |
   # Set the timestamp on every .pyc file in a zip file, and re-dzip the zip file.
   function py2exe_zip_timestomp {
@@ -323,6 +331,52 @@ script: |
   cp -a README doc/*.1.txt $INSTDIR/Docs/meek
   cd ..
+  # Building go ed25519
+  cd ed25519
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/github.com/agl/"
+  ln -sf "$PWD" "$GOPATH/src/github.com/agl/ed25519"
+  go install github.com/agl/ed25519/extra25519
+  cd ..
+
+  # Building go siphash
+  cd siphash
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/github.com/dchest/"
+  ln -sf "$PWD" "$GOPATH/src/github.com/dchest/siphash"
+  go install github.com/dchest/siphash
+  cd ..
+
+  # Building go.crypto
+  tar xjf go.crypto.tar.bz2
+  cd go.crypto
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/code.google.com/p/"
+  ln -sf "$PWD" "$GOPATH/src/code.google.com/p/go.crypto"
+  go install code.google.com/p/go.crypto/curve25519
+  go install code.google.com/p/go.crypto/hkdf
+  go install code.google.com/p/go.crypto/nacl/secretbox
+  cd ..
+
+  # Building go.net
+  tar xjf go.net.tar.bz2
+  cd go.net
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/code.google.com/p/"
+  ln -sf "$PWD" "$GOPATH/src/code.google.com/p/go.net"
+  go install code.google.com/p/go.net/proxy
+  cd ..
+
+  # Building obfs4proxy
+  cd obfs4
+  find -type f | xargs touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports"
+  ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/obfs4.git"
+  cd obfs4proxy
+  go build -ldflags '-s'
+  cp -a obfs4proxy.exe $PTDIR
+  cd ../..
+
   # http://bugs.winehq.org/show_bug.cgi?id=3591
   cp -a $INSTDIR/python/python27.dll $PTDIR/
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index ef4dbf7..049824a 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -6,6 +6,7 @@
 MIRROR_URL=https://people.torproject.org/~mikeperry/mirrors/sources/
 MIRROR_URL_DCF=https://people.torproject.org/~dcf/mirrors/sources/
 MIRROR_URL_ASN=https://people.torproject.org/~asn/mirrors/sources/
+MIRROR_URL_YAWNING=https://people.torproject.org/~yawning/mirrors/sources/
 set -e
 set -u
 umask 0022
@@ -179,6 +180,15 @@ do
   get "${!PACKAGE}" "${!URL}"
 done
+# XXX/Yawning.  As far as I can tell, this gitian thing doesn't support
+# fetching from hg repositories.
+for i in GOCRYPTO GONET
+do
+  PACKAGE="${i}_PACKAGE"
+  URL="${MIRROR_URL_YAWNING}${!PACKAGE}"
+  get "${!PACKAGE}" "${MIRROR_URL_YAWNING}${!PACKAGE}"
+done
+
 # Verify packages with weak or no signatures via multipath downloads
 # (OpenSSL is signed with MD5, and OSXSDK is not signed at all)
 # XXX: Google won't allow wget -N.. We need to re-download the whole
@@ -208,7 +218,7 @@ wget -U "" -N ${HTTPSE_URL}
# Verify packages with weak or no signatures via direct sha256 check
 # (OpenSSL is signed with MD5, and OSXSDK is not signed at all)
-for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO GCC
+for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO GCC GOCRYPTO GONET
 do
    PACKAGE="${i}_PACKAGE"
    HASH="${i}_HASH"
@@ -262,6 +272,8 @@ ln -sf "$GMP_PACKAGE" gmp.tar.bz2
 ln -sf "$LXML_PACKAGE" lxml.tar.gz
 ln -sf "$PARSLEY_PACKAGE" parsley.tar.gz
 ln -sf "$GO_PACKAGE" go.tar.gz
+ln -sf "$GONET_PACKAGE" go.net.tar.bz2
+ln -sf "$GOCRYPTO_PACKAGE" go.crypto.tar.bz2
# Fetch latest gitian-builder itself
 # XXX - this is broken if a non-standard inputs dir is selected using the command line flag.
@@ -295,6 +307,9 @@ txsocksx              https://github.com/habnabit/txsocksx.git $TXSOCKSX_TAG
 goptlib               https://git.torproject.org/pluggable-transports/goptlib.git $GOPTLIB_TAG
 meek                  https://git.torproject.org/pluggable-transports/meek.git $MEEK_TAG
 faketime              https://github.com/wolfcw/libfaketime $FAKETIME_TAG
+ed25519               https://github.com/agl/ed25519.git $GOED25519_TAG
+siphash               https://github.com/dchest/siphash.git $GOSIPHASH_TAG
+obfs4                 https://git.torproject.org/pluggable-transports/obfs4.git $OBFS4_TAG
 EOF
exit 0
diff --git a/gitian/gpg/obfs4proxy.gpg b/gitian/gpg/obfs4proxy.gpg
new file mode 100644
index 0000000..b9c490a
Binary files /dev/null and b/gitian/gpg/obfs4proxy.gpg differ
diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh
index 8321ffe..45f4f9b 100755
--- a/gitian/mkbundle-linux.sh
+++ b/gitian/mkbundle-linux.sh
@@ -94,6 +94,7 @@ then
   PYPTLIB_TAG=refs/tags/$PYPTLIB_TAG
   OBFSPROXY_TAG=refs/tags/$OBFSPROXY_TAG
   FLASHPROXY_TAG=refs/tags/$FLASHPROXY_TAG
+  OBFS4_TAG=refs/tags/$OBFS4_TAG
 fi
cd $GITIAN_DIR
@@ -221,7 +222,7 @@ then
   echo "****** Starting Pluggable Transports Component of Linux Bundle (4/5 for Linux) ******"
   echo
-  ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml
+  ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG,ed25519=$GOED25519_TAG,siphash=$GOSIPHASH_TAG,obfs4=$OBFS4_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml
   if [ $? -ne 0 ];
   then
     #mv var/build.log ./pluggable-transports-fail-linux.log.`date +%Y%m%d%H%M%S`
diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh
index 9c5d99b..807319b 100755
--- a/gitian/mkbundle-mac.sh
+++ b/gitian/mkbundle-mac.sh
@@ -99,6 +99,7 @@ then
   PYPTLIB_TAG=refs/tags/$PYPTLIB_TAG
   OBFSPROXY_TAG=refs/tags/$OBFSPROXY_TAG
   FLASHPROXY_TAG=refs/tags/$FLASHPROXY_TAG
+  OBFS4_TAG=refs/tags/$OBFS4_TAG
 fi
cd $GITIAN_DIR
@@ -187,7 +188,7 @@ then
   echo "****** Starting Pluggable Transports Component of Mac Bundle (4/5 for Mac) ******"
   echo
-  ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/mac/gitian-pluggable-transports.yml
+  ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG,ed25519=$GOED25519_TAG,siphash=$GOSIPHASH_TAG,obfs4=$OBFS4_TAG $DESCRIPTOR_DIR/mac/gitian-pluggable-transports.yml
   if [ $? -ne 0 ];
   then
     #mv var/build.log ./firefox-fail-mac.log.`date +%Y%m%d%H%M%S`
diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh
index 7600e07..38d1eff 100755
--- a/gitian/mkbundle-windows.sh
+++ b/gitian/mkbundle-windows.sh
@@ -92,6 +92,7 @@ then
   PYPTLIB_TAG=refs/tags/$PYPTLIB_TAG
   OBFSPROXY_TAG=refs/tags/$OBFSPROXY_TAG
   FLASHPROXY_TAG=refs/tags/$FLASHPROXY_TAG
+  OBFS4_TAG=refs/tags/$OBFS4_TAG
 fi
cd $GITIAN_DIR
@@ -190,7 +191,7 @@ then
   echo "****** Starting Pluggable Transports Component of Windows Bundle (4/5 for Windows) ******"
   echo
-  ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/windows/gitian-pluggable-transports.yml
+  ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG,ed25519=$GOED25519_TAG,siphash=$GOSIPHASH_TAG,obfs4=$OBFS4_TAG $DESCRIPTOR_DIR/windows/gitian-pluggable-transports.yml
   if [ $? -ne 0 ];
   then
     #mv var/build.log ./pluggable-transports-fail-win32.log.`date +%Y%m%d%H%M%S`
diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh
index b7a89f1..09454bb 100755
--- a/gitian/verify-tags.sh
+++ b/gitian/verify-tags.sh
@@ -101,6 +101,7 @@ obfsproxy             obfsproxy.gpg             $OBFSPROXY_TAG
 flashproxy            flashproxy.gpg            $FLASHPROXY_TAG
 goptlib               goptlib.gpg               $GOPTLIB_TAG
 meek                  meek.gpg                  $MEEK_TAG
+obfs4                 obfs4proxy.gpg            $OBFS4_TAG
 EOF
 #https-everywhere      https-everywhere.gpg      $HTTPSE_TAG
@@ -113,6 +114,8 @@ libfte                  $LIBFTE_TAG
 fteproxy                $FTEPROXY_TAG
 txsocksx                $TXSOCKSX_TAG
 faketime                $FAKETIME_TAG
+ed25519                 $GOED25519_TAG
+siphash                 $GOSIPHASH_TAG
 EOF
# Verify signatures on signed packages
@@ -136,7 +139,7 @@ done
# Verify packages with weak or no signatures via direct sha256 check
 # (OpenSSL is signed with MD5, and OSXSDK is not signed at all)
-for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO GCC
+for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO GCC GOCRYPTO GONET
 do
    PACKAGE="${i}_PACKAGE"
    HASH="${i}_HASH"
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index e17b071..0912b5d 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -27,6 +27,9 @@ TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0
 GOPTLIB_TAG=0.2
 MEEK_TAG=0.11
 FAKETIME_TAG=70aa6b394d9341522dffe8a5a5cf5929e82cc6b9 # unsigned v0.9.6
+GOED25519_TAG=c4161f4c7483313562781c61b9a20aba73daf9de
+GOSIPHASH_TAG=42ba037e748c9062a75e0924705c43b893edefcd
+OBFS4_TAG=obfs4proxy-0.0.3
GITIAN_TAG=tor-browser-builder-3.x-7
@@ -74,6 +77,8 @@ SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz
 LXML_PACKAGE=lxml-${LXML_VER}.tar.gz
 PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz
 GO_PACKAGE=go${GO_VER}.src.tar.gz
+GOCRYPTO_PACKAGE=go.crypto-5478be1963aa.tar.bz2
+GONET_PACKAGE=go.net-9c0f9daaa74b.tar.bz2
# Hashes for packages with weak sigs or no sigs
 OPENSSL_HASH=3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7
@@ -94,6 +99,8 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c
 SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39
 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23
 GO_HASH=1bb6fde89cfe8b9756a875af55d994cce0994861227b5dc0f268c143d91cd5ff
+GOCRYPTO_HASH=a8e301714f5724999321f0397b867a5670a5e5c4f808ba157bdd93ee0d028827
+GONET_HASH=1812fec55256e1a6fe546111cc658520b80972f38826c94ec11ef24315d32353
## Non-git package URLs
 OPENSSL_URL=https://www.openssl.org/source/$%7BOPENSSL_PACKAGE%7D
@@ -119,3 +126,5 @@ SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/$%7BSETUPTOOLS
 LXML_URL=https://pypi.python.org/packages/source/l/lxml/$%7BLXML_PACKAGE%7D
 PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/$%7BPARSLEY_PACKAGE%7D
 GO_URL=http://golang.org/dl/$%7BGO_PACKAGE%7D
+GOCRYPTO_URL=https://people.torproject.org/~yawning/mirrors/sources/$%7BGOCRYPTO_PACKAGE%...
+GONET_URL=https://people.torproject.org/~yawning/mirrors/sources/$%7BGONET_PACKAGE%7D
diff --git a/gitian/versions.nightly b/gitian/versions.nightly
index 5541ded..3867629 100755
--- a/gitian/versions.nightly
+++ b/gitian/versions.nightly
@@ -28,6 +28,9 @@ TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0
 GOPTLIB_TAG=master
 MEEK_TAG=master
 FAKETIME_TAG=70aa6b394d9341522dffe8a5a5cf5929e82cc6b9 # unsigned v0.9.6
+GOED25519_TAG=c4161f4c7483313562781c61b9a20aba73daf9de
+GOSIPHASH_TAG=42ba037e748c9062a75e0924705c43b893edefcd
+OBFS4_TAG=master
GITIAN_TAG=tor-browser-builder-3.x-7
@@ -75,6 +78,8 @@ SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz
 LXML_PACKAGE=lxml-${LXML_VER}.tar.gz
 PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz
 GO_PACKAGE=go${GO_VER}.src.tar.gz
+GOCRYPTO_PACKAGE=go.crypto-5478be1963aa.tar.bz2
+GONET_PACKAGE=go.net-9c0f9daaa74b.tar.bz2
# Hashes for packages with weak sigs or no sigs
 OPENSSL_HASH=3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7
@@ -95,6 +100,8 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c
 SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39
 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23
 GO_HASH=1bb6fde89cfe8b9756a875af55d994cce0994861227b5dc0f268c143d91cd5ff
+GOCRYPTO_HASH=a8e301714f5724999321f0397b867a5670a5e5c4f808ba157bdd93ee0d028827
+GONET_HASH=1812fec55256e1a6fe546111cc658520b80972f38826c94ec11ef24315d32353
## Non-git package URLs
 OPENSSL_URL=https://www.openssl.org/source/$%7BOPENSSL_PACKAGE%7D
@@ -120,3 +127,5 @@ SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/$%7BSETUPTOOLS
 LXML_URL=https://pypi.python.org/packages/source/l/lxml/$%7BLXML_PACKAGE%7D
 PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/$%7BPARSLEY_PACKAGE%7D
 GO_URL=http://golang.org/dl/$%7BGO_PACKAGE%7D
+GOCRYPTO_URL=https://people.torproject.org/~yawning/mirrors/sources/$%7BGOCRYPTO_PACKAGE%...
+GONET_URL=https://people.torproject.org/~yawning/mirrors/sources/$%7BGONET_PACKAGE%7D

    