14:59:18 <richard> #startmeeting Tor Browser Weekly Meeting 2022-12-05 14:59:18 <MeetBot> Meeting started Mon Dec 5 14:59:18 2022 UTC. The chair is richard. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:59:18 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 14:59:21 <Jeremy_Rand_36C3[m]> Hi! 14:59:23 <richard> pad: https://pad.riseup.net/p/tor-tbb-keep 15:01:56 <richard> So we released 12.0a5 last week, and so far it's been pretty quiet in terms of bug reports 15:02:52 <richard> i'm in the middle of release prep for 12.0 and we should have build tags later today, so should be able to build overnight/tomorrow AM 15:03:24 <msim> \o/ 15:03:33 <dan_b> oo 15:04:07 <PieroV> (I'm already building Firefox at HEAD of tor-browser-102.5esr-12.0-2, but if the translations are also for Firefox I'll have to drop these binaries :() 15:04:24 <richard> once that's ready I'll start prioritizing issues/review the roadmap for 12.5 and s131 work 15:05:56 <richard> in the meantime this week feel free to grab s131 milestone 2 issues 15:06:30 <cschutijser> Hi all, I have a question about Tor Browser, OpenBSD and Pluggable Transports. Should I ask that during a meeting like this one or is it better if I ask in #tor-browser-dev? I don't want to hijack your meeting 15:06:31 <Jeremy_Rand_36C3[m]> Nice, congrats on having 12.0 almost ready! 15:06:55 <richard> here's a gitlab query: https://gitlab.torproject.org/groups/tpo/applications/-/boards?label_name[]=Sponsor%20131&milestone_title=Sponsor%20131%20-%20Phase%202%20-%20Privacy%20Browser 15:08:48 <ma1> Question: what's the workflow for S131 + Tor Browser patches vs Tor Browser only patches vs S131 only patches (if any)? 15:09:12 <richard> ah good question 15:09:38 <richard> so going forward we're going to have a base-browser branch rather than a base-browser tag 15:10:52 <richard> so for MRs which should be merged to base-browser, please target the appropriate base-browser-102.Xesr-12.5-1 branch 15:11:33 <richard> whomever merges should merge such issues into both base-browser and tor-browser branches 15:11:53 <Jeremy_Rand_36C3[m]> richard: just to clarify, are you saying there will not be any tagged releases of Base Browser going forward? 15:12:22 <richard> which will affect the rebase/release process so I'll have to update the checklist again :p 15:13:29 <henry-x> Will the tor-browser branch always be based on top of base-browser? 15:13:38 <richard> sorry, i think we will continue to tag base-browser branches in line with the tor-browser tags 15:14:20 <richard> henry-x: not always 15:15:01 <richard> so on release day they will in line but if base-browser specific fixes come in throughout the month then tehre will be divergence 15:15:09 <Jeremy_Rand_36C3[m]> richard: ok, thanks for clarification. (I know some people who are interested in using Base Browser tagged releases.) 15:15:15 <richard> (but such fixes should also be merged to tor-browser too) 15:15:22 <richard> jeremy: oh? 15:15:48 <richard> tbf that is cool but unexpected 15:15:57 <PieroV> richard: I think that targeting tor-browser would be easier for reviewers and testing 15:16:00 <henry-x> ok, what do we do if the base-browser patch must be applied before any tor-browser-only patch? 15:16:42 <Jeremy_Rand_36C3[m]> richard: yeah the Kicksecure guys are evaluating using it. They haven't committed to using it yet, but if they do, tagged releases would presumably be a prereq. 15:17:36 <richard> hmm neat 15:18:22 <richard> henry-x: what sort of situation would require this? 15:19:00 <richard> so, the current workflow has been basically merge to tor-browser with a note that it needs to be in the base-brwoser section, adn then it's moved on the next rebase 15:19:16 <Jeremy_Rand_36C3[m]> richard: it's not super surprising that Kicksecure is interested; they had their own (now-discontinued) project called SecBrowser that was basically the same concept was Base Browser. 15:19:27 <Jeremy_Rand_36C3[m]> s/was/as/ 15:20:49 <henry-x> if we need to touch the same file twice: once for base-browser and then again with some tor-specific parts in tor-browser. And then later we want to fixup the file in base-browser. 15:21:32 <richard> ahh so we have had that before 15:21:38 <PieroV> if I understand correctly, it's the kind of problem we've solved with the "dropme!" 15:21:45 <richard> yeah that^ 15:21:52 <msim> what's "dropme!"? 15:22:03 <PieroV> It's something we invented :P 15:22:10 <richard> basically add a commit which brings back the stuff we want to remove with 'dropme!' as the header 15:22:17 <msim> ah 15:22:20 <msim> nice 15:22:27 <PieroV> We've reverted the tor-browser part of the patch, applied the base-browser part, and then the tor-browser part again 15:22:31 <richard> and the a fixup! that comes after which undoes it but in the right place 15:23:01 <richard> it is inelegant 15:23:09 <PieroV> I think that 2 MRs could be a better solution in the future 15:23:09 <msim> so like a spicy rebase? 15:23:17 <richard> i think in that case you'd probably be better doing two MRs, one for tor-browser and one for base-browser 15:23:23 <PieroV> That 15:23:50 <PieroV> So, probably we'll have to split the rebase in parts in the future 15:23:59 <richard> yes p much 15:24:04 <msim> makes sense 15:24:16 <henry-x> hmm, maybe we can have an automated test for base-browser merge requests that let you know if tor-browser can be based on top of it 15:24:16 <richard> rebase base-browser to ESR, then cherry-pick/rebase the tor-browser patches onto base-browser 15:25:18 <richard> tbh I'm sure we haven't quite converged to the perfect workflow, so we can make improvements as we go 15:26:36 <henry-x> yeah. Hopefully most of our features are modular-enough that their files will only be in base-browser or tor-browser 15:26:48 <richard> yeah ideally 15:27:14 <PieroV> ideally tor-browser should be only connection to tor + onion services on top of base-browser 15:27:52 <richard> ok the only other thing was I wanted to encourage you all to please 'link' issues that get merged with the appropriate Release Prep issue(s) in tor-browser-build 15:28:26 <richard> makes it a lot easier to build out changelogs if the things we've done are all listed in the same place ^^; 15:29:00 <ma1> guilty as charged, I don't think I've ever done it, sorry. I'll do it :) 15:29:23 <dan_b> release prep issues? 15:29:24 <msim> richard: wdym release prep issues? 15:29:31 <richard> eeeeh 15:29:41 <richard> so in tor-browser-build we have issues labeled "Release Prep" 15:29:58 <richard> such as https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40637 15:30:38 <richard> it's basically the meta ticket for each release where all the coordination/checklist happens 15:31:21 <richard> currently we only have one for 12.0 but i'll make one for 12.5a1 later today 15:31:37 <henry-x> Do we just link the one that is currently open? 15:31:53 <richard> so for usual features you'll typically only add the next alpha to the Linked items section 15:32:15 <richard> for MRs that should also be backported, we should add also the next stable as well 15:32:24 <richard> henry-x: yeah exactly 15:32:36 <richard> there aren't usually that many 15:32:57 <richard> the short list of open ones is in the first column on the tor-browser-build board: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/boards 15:33:03 <dan_b> ah cool 15:34:12 <richard> ok I think that's all i wanted to talk about 15:34:20 <richard> does anyone else have something to discuss? 15:34:27 <PieroV> richard: I think you missed a question from cschutijser at the beginning of the meeting 15:34:34 <richard> whoops 15:34:47 <PieroV> cschutijser | Hi all, I have a question about Tor Browser, OpenBSD and Pluggable Transports. Should I ask that during a meeting like this one or is it better if I ask in #tor-browser-dev? I don't want to hijack your meeting 15:34:57 <richard> oh hi cschutijser 15:35:00 <PieroV> (not sure they're still online) 15:35:01 <cschutijser> Hi! 15:35:04 <cschutijser> Yep, I'm still here 15:35:10 <richard> feel free to ask! 15:35:16 <cschutijser> Okay! 15:35:25 <cschutijser> Quickly introducing myself for those who don't know me: I maintain Tor Browser on OpenBSD. Right now Tor Browser on OpenBSD does not have any support for Pluggable Transports. Prompted by some discussion on a mailing list I looked into it. For now I came up with something like to enable it: https://marc.info/?l=openbsd-ports&m=166937708328808&w=2 15:35:34 <richard> and if we go over happy to chat in #tor-browser-dev 15:35:37 <cschutijser> I don't expect you to fully understand it as it's a diff of an OpenBSD port, but I hope you get the gist of it. I concat tools/torbrowser/bridges.js to browser/app/profile/000-tor-browser.js and I tweak the shipped torrc-defaults file to include a ClientTransportPlugin entry for obfs4proxy. I tested it and it works. Would that be OK to ship or are there some common pitfalls in this area? 15:35:45 <cschutijser> As you can see, with the "cat ${WRKSRC}/tools/torbrowser/bridges.js >>${WRKSRC}/browser/app/profile/000-tor-browser.js" stuff, I'm basically re-doing some stuff that you as upstream take care of in a couple of scripts. That's another topic which I hope to look at some point, to basically re-use your scripts instead of doing stuff like this by hand (because we're obviously going to miss things in 15:35:51 <cschutijser> OpenBSD). But that's not a small project and not something I can look at right now 15:36:50 <PieroV> cschutijser: that file isn't always up to date 15:37:13 <PieroV> You might prefer the lines that are in tor-browser-build/projects/browser/_something_, let me find the files 15:37:23 <PieroV> (there are many of them, one for each pt) 15:38:01 <cschutijser> Ah, it would be great if they're separate for each PT indeed. On OpenBSD we currently only have obfs4proxy so that's the only ones I need to append to 000-tor-browser.js 15:38:45 <PieroV> Oh, sorry, they're in projects/common, not projects/browser 15:38:56 <PieroV> bridges_list.$PT.txt 15:39:25 <PieroV> And you should tweak torrc also for snowflake 15:39:26 <cschutijser> Okay. Thanks, that's good to know. Now there's one tiny problem and that is that I don't have an easy way to access tor-browser-build.git from the port build process 15:39:26 <richard> yes common/bridges_list.obfs4.txt (and meek-azure.txt) 15:39:37 <PieroV> And also bridges_list.snowflake.txt 15:39:40 <richard> can you download files? 15:39:56 <cschutijser> Yes, I can. If they are stable in the sense that they always have the same checksum 15:39:57 <richard> during port build? 15:40:04 <msim> ah, the expert bundle thing would come in handy here by the sounds of it 15:40:05 <cschutijser> Not during the build, only before 15:40:20 <richard> in that case checkout https://dist.torproject.org/torbrowser/12.0a5/ 15:40:32 <richard> there are a bunch of tor-expert-bundle*.tar.gz files (with sigs) 15:40:55 <richard> that contain built bins for all our platforms used in tor-browser-build as well as bridge strings in text files 15:41:09 <richard> and they coincide with each tor-browser release 15:41:18 <richard> currently alpha but we'll be shipping with stable too for 12.0 15:41:23 <cschutijser> Ah, thanks! I never looked at those files before. That's exactly what I need for this purpose. Thank you 15:41:33 <msim> :D 15:41:44 <richard> they're relatively new :3 15:42:17 <cschutijser> So If I use the bridges_list.obfs4.txt file and I add torrc-defaults like I did in the URL shown above and it works, you don't see a problem with me shipping that? 15:42:27 <cschutijser> Not any obvious problems, let's say 15:42:40 <PieroV> cschutijser: actually there are a few files for pts 15:42:43 <cschutijser> s/add torrc-defaults/modify torrc-defaults/ 15:43:04 <PieroV> I expect that you're closer to Linux, so please have a look also at projects/browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix 15:43:58 <richard> obs4_proxy also supports meek-azure too btw 15:44:20 <cschutijser> richard: okay. So I was probably holding it wrong. I'll double-check that, thanks 15:44:41 <cschutijser> PieroV: I'll have a look at that, thanks. I don't have the files at hand right now but I'll make a note 15:45:07 <richard> you may run into some unexpected behaviour w/ connection assist too if you don't have snowflake configured 15:45:45 <richard> and you'll probably want a patch for about:preferences#connection to remove the Snowflake bridge config 15:45:49 <cschutijser> Okay. We already have snowflake-proxy in ports on OpenBSD, I'll see how much work it is to get the client as well. Probably shouldn't be too hard 15:46:06 <richard> probably easier than carrying tor-browser patches ;) 15:46:14 <PieroV> It's another go project 15:46:15 <cschutijser> Right, that's a good idea if I don't ship with Snowflake support 15:46:25 <PieroV> I'd expect it not to be more difficult than obfs4 15:46:34 <richard> yeah 15:46:47 <cschutijser> Okay, makes sense 15:47:14 <cschutijser> Is it OK if I work on a diff for the OpenBSD port in which I take your feedback into account and then I show the diff to you again? Perhaps just in #tor-browser-dev 15:47:33 <richard> oh, and long term you'll want to use archive.torproject.org ( https://archive.torproject.org/tor-package-archive/torbrowser/12.0a4/ for instance ) since links on dist.tpo are fairly ephemeral 15:48:13 <PieroV> I think that taking blobs directly from GitLab could work, too 15:48:23 <PieroV> cschutijser: sure! Feel free to ask anytime 15:48:28 <cschutijser> richard: I already do that also, archive.torproject.org is a fallback. https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/tor-browser/browser/Makefile?rev=1.97&content-type=text/x-cvsweb-markup 15:48:45 <richard> true true 15:48:47 <cschutijser> But thanks for the feedback :) 15:48:53 <cschutijser> PieroV: great! 15:49:18 <richard> but yeah feel free to ping us for any code reviews 15:49:35 <richard> and also let us know if there's anything we could change on our end to make things easier for you 15:49:45 <cschutijser> That's appreciated, thank you. For now I think I have some homework to do and then I can get back to you with a new diff 15:49:59 <richard> ok perfect 15:50:12 <cschutijser> Yes, I will 15:50:18 <richard> anything else 15:50:31 <cschutijser> Not from my side 15:50:32 <PieroV> Not from me; just a remainder that I'll be afk Thu and Fri 15:50:37 * Jeremy_Rand_36C3[m] has a quick question 15:50:42 <richard> go go go 15:51:42 <Jeremy_Rand_36C3[m]> As you're probably aware, Robert Min is doing an Outreachy project for us involving proxy leak detection via ptrace. There's nothing actionable yet for you guys, but at some point we should talk about maybe using that code in automated tests of Tor Browser or something. 15:51:49 <Jeremy_Rand_36C3[m]> Just wanted to have it on your radar. 15:52:01 <richard> love it 15:52:15 <Jeremy_Rand_36C3[m]> And see if you have any workflow related thoughts on the topic, e.g. how it might best be integrated into your test systems 15:52:36 <richard> i think we will have opinions on that in the coming weeks :p 15:52:41 <Jeremy_Rand_36C3[m]> Great! 15:53:06 <Jeremy_Rand_36C3[m]> That is all from me 15:53:27 <msim> nothing from me :) 15:53:28 <richard> ok, then i'm gonna call it here 15:53:35 <msim> o/ 15:53:39 <richard> have a good week everyone! 15:53:44 <Jeremy_Rand_36C3[m]> Thanks! 15:53:45 <PieroV> thanks everyone! 15:53:48 <richard> #endmeeting